From a80d629859e44a4861b8d4eb8708c855b6e01089 Mon Sep 17 00:00:00 2001 From: wiidev Date: Mon, 7 Sep 2020 21:27:42 +0100 Subject: [PATCH 1/4] Add proxy support, fix timeouts & update wolfSSL --- source/libwolfssl/certs_test.h | 2187 +++++++++-------- source/libwolfssl/error-ssl.h | 2 + source/libwolfssl/internal.h | 206 +- source/libwolfssl/libwolfssl.a | Bin 416724 -> 423844 bytes source/libwolfssl/openssl/asn1.h | 2 +- source/libwolfssl/openssl/bio.h | 10 +- source/libwolfssl/openssl/dsa.h | 2 + source/libwolfssl/openssl/ec.h | 25 + source/libwolfssl/openssl/evp.h | 3 +- source/libwolfssl/openssl/hmac.h | 2 + source/libwolfssl/openssl/ssl.h | 38 +- source/libwolfssl/openssl/stack.h | 2 + source/libwolfssl/openssl/x509v3.h | 6 +- source/libwolfssl/sniffer.h | 37 + source/libwolfssl/sniffer_error.h | 1 + source/libwolfssl/ssl.h | 202 +- source/libwolfssl/test.h | 103 +- source/libwolfssl/version.h | 4 +- source/libwolfssl/wolfcrypt/aes.h | 7 + source/libwolfssl/wolfcrypt/asn.h | 85 +- source/libwolfssl/wolfcrypt/asn_public.h | 5 + source/libwolfssl/wolfcrypt/chacha.h | 24 +- .../libwolfssl/wolfcrypt/chacha20_poly1305.h | 11 +- source/libwolfssl/wolfcrypt/cryptocb.h | 2 +- source/libwolfssl/wolfcrypt/curve25519.h | 4 + source/libwolfssl/wolfcrypt/dh.h | 32 +- source/libwolfssl/wolfcrypt/ecc.h | 95 +- source/libwolfssl/wolfcrypt/error-crypt.h | 11 +- source/libwolfssl/wolfcrypt/fe_448.h | 2 +- source/libwolfssl/wolfcrypt/fe_operations.h | 2 +- source/libwolfssl/wolfcrypt/hmac.h | 4 +- source/libwolfssl/wolfcrypt/integer.h | 4 + source/libwolfssl/wolfcrypt/memory.h | 6 +- source/libwolfssl/wolfcrypt/misc.h | 6 +- source/libwolfssl/wolfcrypt/pkcs11.h | 2 +- source/libwolfssl/wolfcrypt/pkcs7.h | 5 +- source/libwolfssl/wolfcrypt/poly1305.h | 5 +- .../port/Renesas/renesas-tsip-crypt.h | 149 +- .../libwolfssl/wolfcrypt/port/atmel/atmel.h | 21 +- .../wolfcrypt/port/cypress/psoc6_crypto.h | 74 + .../libwolfssl/wolfcrypt/port/nxp/ksdk_port.h | 4 +- source/libwolfssl/wolfcrypt/port/st/stm32.h | 52 +- source/libwolfssl/wolfcrypt/random.h | 2 +- source/libwolfssl/wolfcrypt/rsa.h | 11 +- source/libwolfssl/wolfcrypt/settings.h | 104 +- source/libwolfssl/wolfcrypt/sha.h | 2 + source/libwolfssl/wolfcrypt/sha256.h | 6 +- source/libwolfssl/wolfcrypt/sha3.h | 3 +- source/libwolfssl/wolfcrypt/sha512.h | 4 + source/libwolfssl/wolfcrypt/sp.h | 17 +- source/libwolfssl/wolfcrypt/sp_int.h | 28 +- source/libwolfssl/wolfcrypt/tfm.h | 39 +- source/libwolfssl/wolfcrypt/types.h | 9 +- source/libwolfssl/wolfcrypt/wc_encrypt.h | 25 +- source/libwolfssl/wolfcrypt/wc_pkcs11.h | 2 +- source/libwolfssl/wolfcrypt/wc_port.h | 16 +- source/libwolfssl/wolfcrypt/wolfmath.h | 5 + source/libwolfssl/wolfio.h | 5 +- source/menu/menu.cpp | 11 + source/menu/menu.hpp | 7 + source/menu/menu_config.cpp | 2 +- source/menu/menu_config7.cpp | 32 +- source/network/base64.h | 171 ++ source/network/https.c | 884 ++++--- source/network/https.h | 55 +- source/network/picohttpparser.c | 6 +- source/network/proxysettings.cpp | 73 + source/network/proxysettings.h | 18 + 68 files changed, 3049 insertions(+), 1932 deletions(-) create mode 100644 source/libwolfssl/wolfcrypt/port/cypress/psoc6_crypto.h create mode 100644 source/network/base64.h create mode 100644 source/network/proxysettings.cpp create mode 100644 source/network/proxysettings.h diff --git a/source/libwolfssl/certs_test.h b/source/libwolfssl/certs_test.h index 6562e9f6..d201a40f 100644 --- a/source/libwolfssl/certs_test.h +++ b/source/libwolfssl/certs_test.h @@ -98,103 +98,112 @@ static const int sizeof_client_keypub_der_1024 = sizeof(client_keypub_der_1024); /* ./certs/1024/client-cert.der, 1024-bit */ static const unsigned char client_cert_der_1024[] = { - 0x30, 0x82, 0x03, 0xC5, 0x30, 0x82, 0x03, 0x2E, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xBB, 0xD3, 0x10, 0x03, - 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, - 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, - 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, - 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, - 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, - 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, - 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, - 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, - 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, - 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, - 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, - 0x31, 0x35, 0x32, 0x33, 0x30, 0x39, 0x5A, 0x17, 0x0D, 0x32, - 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x30, - 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, - 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, - 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, - 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, - 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, - 0x53, 0x4C, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30, - 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, - 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, - 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, - 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, - 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, - 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, - 0x81, 0x00, 0xBC, 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, 0xA2, - 0xA9, 0xEF, 0x18, 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, 0xC8, - 0xEC, 0xB3, 0x6D, 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, 0x37, - 0xEC, 0xD1, 0x61, 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, 0xDF, - 0x94, 0xCA, 0xC1, 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, 0xE8, - 0x4D, 0xC4, 0x61, 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, 0x77, - 0x25, 0xBB, 0x8D, 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, 0x38, - 0xCC, 0x39, 0xA2, 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, 0xAA, - 0xDA, 0x4D, 0x02, 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, 0xDC, - 0x77, 0xC9, 0x28, 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, 0xBA, - 0x4C, 0xE8, 0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A, - 0xAE, 0xF6, 0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C, - 0x67, 0xC8, 0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x07, 0x30, - 0x82, 0x01, 0x03, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, - 0x04, 0x16, 0x04, 0x14, 0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD, - 0xCF, 0x34, 0x29, 0xD5, 0x67, 0x75, 0x71, 0x85, 0xC7, 0x75, - 0x10, 0x69, 0x59, 0xEC, 0x30, 0x81, 0xD3, 0x06, 0x03, 0x55, - 0x1D, 0x23, 0x04, 0x81, 0xCB, 0x30, 0x81, 0xC8, 0x80, 0x14, - 0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 0x29, 0xD5, - 0x67, 0x75, 0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 0x59, 0xEC, - 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, - 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, - 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, - 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x31, 0x30, 0x32, - 0x34, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, - 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, - 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, - 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, - 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, - 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0xBB, 0xD3, 0x10, 0x03, 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0C, - 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, - 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, - 0x00, 0x84, 0x99, 0xD9, 0xE5, 0x37, 0xC4, 0x44, 0x7D, 0xCE, - 0x29, 0xB8, 0xB6, 0x80, 0x0E, 0xEA, 0xA3, 0xE2, 0xFA, 0xA2, - 0x2F, 0x5C, 0xD2, 0x4A, 0x85, 0x67, 0xB9, 0x8B, 0xFA, 0x9F, - 0x7D, 0xDA, 0x6D, 0x85, 0x2A, 0xC2, 0x20, 0xF3, 0x18, 0xC8, - 0xD4, 0x6B, 0x26, 0xB2, 0x7A, 0x68, 0xE7, 0x82, 0x52, 0x87, - 0xE7, 0x0C, 0x5B, 0x08, 0x47, 0x7A, 0x55, 0xA5, 0x0D, 0xFA, - 0x72, 0xCE, 0x6B, 0xA1, 0xB2, 0xAE, 0x5A, 0xA1, 0x63, 0xFF, - 0x68, 0xDB, 0xE5, 0x49, 0xEF, 0xF1, 0x0E, 0x98, 0x96, 0x09, - 0xB5, 0x04, 0x5F, 0xD4, 0x0A, 0x9B, 0x8A, 0xAF, 0xD2, 0x31, - 0x1F, 0x95, 0xE5, 0x0F, 0xA8, 0xCD, 0xBB, 0xA1, 0x2D, 0x64, - 0xB0, 0xB7, 0xEE, 0x47, 0xA7, 0x58, 0xD9, 0xC7, 0xDB, 0xB0, - 0x92, 0xBB, 0xAA, 0xCF, 0xB8, 0x8A, 0x04, 0x5B, 0x0F, 0x9F, - 0x3E, 0xE0, 0xD2, 0x42, 0x52, 0xBD, 0x5D, 0xA7, 0x48 + 0x30, 0x82, 0x04, 0x18, 0x30, 0x82, 0x03, 0x81, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x77, 0x1A, 0x0F, 0xB4, 0xD6, + 0x66, 0x91, 0xF9, 0xEB, 0xD6, 0x69, 0xE9, 0x5E, 0x55, 0x74, + 0xF3, 0x4B, 0xD7, 0x74, 0x8A, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, + 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, + 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, + 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30, 0x17, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, + 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, + 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, + 0x39, 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, + 0x32, 0x33, 0x30, 0x33, 0x31, 0x36, 0x31, 0x33, 0x32, 0x33, + 0x34, 0x31, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, + 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, + 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, + 0x53, 0x53, 0x4C, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, + 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, + 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, + 0x2D, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, + 0x81, 0x81, 0x00, 0xBC, 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, + 0xA2, 0xA9, 0xEF, 0x18, 0xA5, 0xDA, 0x55, 0x99, 0x21, 0xF9, + 0xC8, 0xEC, 0xB3, 0x6D, 0x48, 0xE5, 0x35, 0x35, 0x75, 0x77, + 0x37, 0xEC, 0xD1, 0x61, 0x90, 0x5F, 0x3E, 0xD9, 0xE4, 0xD5, + 0xDF, 0x94, 0xCA, 0xC1, 0xA9, 0xD7, 0x19, 0xDA, 0x86, 0xC9, + 0xE8, 0x4D, 0xC4, 0x61, 0x36, 0x82, 0xFE, 0xAB, 0xAD, 0x7E, + 0x77, 0x25, 0xBB, 0x8D, 0x11, 0xA5, 0xBC, 0x62, 0x3A, 0xA8, + 0x38, 0xCC, 0x39, 0xA2, 0x04, 0x66, 0xB4, 0xF7, 0xF7, 0xF3, + 0xAA, 0xDA, 0x4D, 0x02, 0x0E, 0xBB, 0x5E, 0x8D, 0x69, 0x48, + 0xDC, 0x77, 0xC9, 0x28, 0x0E, 0x22, 0xE9, 0x6B, 0xA4, 0x26, + 0xBA, 0x4C, 0xE8, 0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, + 0x8A, 0xAE, 0xF6, 0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, + 0x3C, 0x67, 0xC8, 0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, + 0xA9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4F, + 0x30, 0x82, 0x01, 0x4B, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x0E, 0x04, 0x16, 0x04, 0x14, 0x81, 0x69, 0x0F, 0xF8, 0xDF, + 0xDD, 0xCF, 0x34, 0x29, 0xD5, 0x67, 0x75, 0x71, 0x85, 0xC7, + 0x75, 0x10, 0x69, 0x59, 0xEC, 0x30, 0x81, 0xDE, 0x06, 0x03, + 0x55, 0x1D, 0x23, 0x04, 0x81, 0xD6, 0x30, 0x81, 0xD3, 0x80, + 0x14, 0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 0x29, + 0xD5, 0x67, 0x75, 0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 0x59, + 0xEC, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, + 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, + 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, + 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x31, 0x30, + 0x32, 0x34, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, + 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, + 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, + 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, + 0x77, 0x1A, 0x0F, 0xB4, 0xD6, 0x66, 0x91, 0xF9, 0xEB, 0xD6, + 0x69, 0xE9, 0x5E, 0x55, 0x74, 0xF3, 0x4B, 0xD7, 0x74, 0x8A, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, + 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, + 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, + 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x03, 0x81, 0x81, 0x00, 0xA8, 0x13, 0x2C, 0xFC, 0x43, 0xE9, + 0xDB, 0x59, 0xC7, 0x7E, 0x32, 0x8B, 0x32, 0xBA, 0xA3, 0x5C, + 0x2F, 0x60, 0xAB, 0xA1, 0xEF, 0x9A, 0x64, 0x36, 0x4E, 0xCE, + 0x05, 0x6D, 0xBC, 0x63, 0xB0, 0x8F, 0x91, 0xF7, 0x76, 0xBB, + 0x92, 0xB4, 0xB6, 0x78, 0xDB, 0x2E, 0x7F, 0x7F, 0x9C, 0xE7, + 0x58, 0x4B, 0x73, 0x89, 0x0F, 0xD1, 0x13, 0x61, 0xA4, 0x2A, + 0x2F, 0x6E, 0xC7, 0xB1, 0x19, 0xBB, 0x14, 0x00, 0xD7, 0x0E, + 0xDD, 0x7E, 0x2F, 0x66, 0xE7, 0x5F, 0xF9, 0x0F, 0x39, 0x90, + 0xF6, 0x6B, 0xD3, 0x84, 0x1E, 0xD0, 0x09, 0x23, 0x22, 0x27, + 0xF5, 0xC9, 0x96, 0xED, 0x45, 0xD7, 0x78, 0x3C, 0xEB, 0xA7, + 0xD5, 0x8A, 0xF5, 0xF4, 0xDD, 0x99, 0x27, 0xD2, 0x4C, 0x86, + 0x6E, 0x63, 0x7D, 0xA8, 0x93, 0x62, 0x71, 0xC1, 0xCB, 0x93, + 0xF4, 0x81, 0x3E, 0x95, 0xB3, 0xA8, 0xE5, 0xA6, 0x23, 0x51, + 0x4A, 0xB5 }; static const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024); @@ -407,29 +416,70 @@ static const int sizeof_ca_key_der_1024 = sizeof(ca_key_der_1024); /* ./certs/1024/ca-cert.der, 1024-bit */ static const unsigned char ca_cert_der_1024[] = { - 0x30, 0x82, 0x03, 0xB5, 0x30, 0x82, 0x03, 0x1E, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xDA, 0xFB, 0x6A, 0x0D, - 0xFE, 0xCF, 0x9B, 0x47, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, - 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, - 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, - 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, - 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, - 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, - 0x0F, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, - 0x67, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, - 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, - 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, - 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35, 0x32, 0x33, 0x31, - 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, - 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0x99, + 0x30, 0x82, 0x04, 0x09, 0x30, 0x82, 0x03, 0x72, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x31, 0x42, 0xB4, 0x2B, 0x87, + 0xEF, 0x4B, 0x66, 0x93, 0xAF, 0x44, 0xDE, 0x45, 0x80, 0xD8, + 0x8E, 0x7E, 0xE3, 0xB5, 0x07, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, + 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, + 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, + 0x68, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, + 0x0C, 0x0F, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, + 0x6E, 0x67, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, + 0x32, 0x30, 0x30, 0x36, 0x31, 0x39, 0x31, 0x33, 0x32, 0x33, + 0x34, 0x31, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x33, 0x31, + 0x36, 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x30, 0x81, + 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, + 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, + 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, + 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, + 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, + 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, + 0x81, 0x81, 0x00, 0xCD, 0xAC, 0xDD, 0x47, 0xEC, 0xBE, 0xB7, + 0x24, 0xC3, 0x63, 0x1B, 0x54, 0x98, 0x79, 0xE1, 0xC7, 0x31, + 0x16, 0x59, 0xD6, 0x9D, 0x77, 0x9D, 0x8D, 0xE2, 0x8B, 0xED, + 0x04, 0x17, 0xB2, 0xC6, 0xEB, 0xE4, 0x9B, 0x91, 0xBE, 0x31, + 0x50, 0x62, 0x97, 0x58, 0xB5, 0x7F, 0x29, 0xDE, 0xB3, 0x71, + 0x24, 0x0B, 0xBF, 0x97, 0x09, 0x7F, 0x26, 0xDC, 0x2D, 0xEC, + 0xA8, 0x2E, 0xB2, 0x64, 0x2B, 0x7A, 0x2B, 0x35, 0x19, 0x2D, + 0xA2, 0x80, 0xCB, 0x99, 0xFD, 0x94, 0x71, 0x1B, 0x23, 0x8D, + 0x54, 0xDB, 0x2E, 0x62, 0x8D, 0x81, 0x08, 0x2D, 0xF4, 0x24, + 0x72, 0x27, 0x6C, 0xF9, 0xC9, 0x8E, 0xDB, 0x4C, 0x75, 0xBA, + 0x9B, 0x01, 0xF8, 0x3F, 0x18, 0xF4, 0xE6, 0x7F, 0xFB, 0x57, + 0x94, 0x92, 0xCC, 0x88, 0xC4, 0xB4, 0x00, 0xC2, 0xAA, 0xD4, + 0xE5, 0x88, 0x18, 0xB3, 0x11, 0x2F, 0x73, 0xC0, 0xD6, 0x29, + 0x09, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4A, + 0x30, 0x82, 0x01, 0x46, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x0E, 0x04, 0x16, 0x04, 0x14, 0xD3, 0x22, 0x8F, 0x28, 0x2C, + 0xE0, 0x05, 0xEE, 0xD3, 0xED, 0xC3, 0x71, 0x3D, 0xC9, 0xB2, + 0x36, 0x3A, 0x1D, 0xBF, 0xA8, 0x30, 0x81, 0xD9, 0x06, 0x03, + 0x55, 0x1D, 0x23, 0x04, 0x81, 0xD1, 0x30, 0x81, 0xCE, 0x80, + 0x14, 0xD3, 0x22, 0x8F, 0x28, 0x2C, 0xE0, 0x05, 0xEE, 0xD3, + 0xED, 0xC3, 0x71, 0x3D, 0xC9, 0xB2, 0x36, 0x3A, 0x1D, 0xBF, + 0xA8, 0xA1, 0x81, 0x9F, 0xA4, 0x81, 0x9C, 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, @@ -445,64 +495,31 @@ static const unsigned char ca_cert_der_1024[] = 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, - 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, - 0x81, 0x00, 0xCD, 0xAC, 0xDD, 0x47, 0xEC, 0xBE, 0xB7, 0x24, - 0xC3, 0x63, 0x1B, 0x54, 0x98, 0x79, 0xE1, 0xC7, 0x31, 0x16, - 0x59, 0xD6, 0x9D, 0x77, 0x9D, 0x8D, 0xE2, 0x8B, 0xED, 0x04, - 0x17, 0xB2, 0xC6, 0xEB, 0xE4, 0x9B, 0x91, 0xBE, 0x31, 0x50, - 0x62, 0x97, 0x58, 0xB5, 0x7F, 0x29, 0xDE, 0xB3, 0x71, 0x24, - 0x0B, 0xBF, 0x97, 0x09, 0x7F, 0x26, 0xDC, 0x2D, 0xEC, 0xA8, - 0x2E, 0xB2, 0x64, 0x2B, 0x7A, 0x2B, 0x35, 0x19, 0x2D, 0xA2, - 0x80, 0xCB, 0x99, 0xFD, 0x94, 0x71, 0x1B, 0x23, 0x8D, 0x54, - 0xDB, 0x2E, 0x62, 0x8D, 0x81, 0x08, 0x2D, 0xF4, 0x24, 0x72, - 0x27, 0x6C, 0xF9, 0xC9, 0x8E, 0xDB, 0x4C, 0x75, 0xBA, 0x9B, - 0x01, 0xF8, 0x3F, 0x18, 0xF4, 0xE6, 0x7F, 0xFB, 0x57, 0x94, - 0x92, 0xCC, 0x88, 0xC4, 0xB4, 0x00, 0xC2, 0xAA, 0xD4, 0xE5, - 0x88, 0x18, 0xB3, 0x11, 0x2F, 0x73, 0xC0, 0xD6, 0x29, 0x09, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x01, 0x30, - 0x81, 0xFE, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, - 0x16, 0x04, 0x14, 0xD3, 0x22, 0x8F, 0x28, 0x2C, 0xE0, 0x05, - 0xEE, 0xD3, 0xED, 0xC3, 0x71, 0x3D, 0xC9, 0xB2, 0x36, 0x3A, - 0x1D, 0xBF, 0xA8, 0x30, 0x81, 0xCE, 0x06, 0x03, 0x55, 0x1D, - 0x23, 0x04, 0x81, 0xC6, 0x30, 0x81, 0xC3, 0x80, 0x14, 0xD3, - 0x22, 0x8F, 0x28, 0x2C, 0xE0, 0x05, 0xEE, 0xD3, 0xED, 0xC3, - 0x71, 0x3D, 0xC9, 0xB2, 0x36, 0x3A, 0x1D, 0xBF, 0xA8, 0xA1, - 0x81, 0x9F, 0xA4, 0x81, 0x9C, 0x30, 0x81, 0x99, 0x31, 0x0B, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, - 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, - 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, - 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, - 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, - 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x18, 0x30, 0x16, - 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x43, 0x6F, 0x6E, - 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x5F, 0x31, 0x30, - 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, - 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, - 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, - 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x82, 0x09, 0x00, 0xDA, 0xFB, 0x6A, 0x0D, 0xFE, 0xCF, - 0x9B, 0x47, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, - 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, - 0x00, 0x03, 0x81, 0x81, 0x00, 0x1D, 0x48, 0xF6, 0x40, 0x41, - 0x04, 0x06, 0xF2, 0xE4, 0x72, 0x2F, 0xEA, 0xFF, 0xC1, 0x67, - 0x6B, 0x15, 0xBB, 0x0A, 0x28, 0x23, 0x28, 0x07, 0xC6, 0xD7, - 0x13, 0x2C, 0xBE, 0x00, 0x00, 0xAC, 0x1D, 0xF7, 0xF4, 0x92, - 0xD3, 0x2B, 0xAF, 0x23, 0xEB, 0x9F, 0x1A, 0xE2, 0x11, 0x3C, - 0x2D, 0x97, 0xF2, 0x0F, 0xAC, 0xAE, 0x97, 0x86, 0x0A, 0xFB, - 0xA8, 0x4F, 0x74, 0x1B, 0xDE, 0x19, 0x51, 0xDB, 0xCD, 0xE2, - 0x11, 0x38, 0xC1, 0xA4, 0x9D, 0x56, 0xAB, 0x47, 0x5C, 0xDE, - 0xBA, 0xEB, 0x27, 0xDF, 0x6D, 0xC8, 0x7E, 0x3A, 0xBD, 0x2E, - 0x9B, 0x2A, 0xAD, 0x22, 0x3B, 0x95, 0xA9, 0xF2, 0x28, 0x03, - 0xBC, 0xE5, 0xEC, 0xCC, 0xF2, 0x08, 0xD4, 0xC8, 0x2F, 0xDB, - 0xEA, 0xFB, 0x2E, 0x52, 0x16, 0x8C, 0x42, 0x02, 0xA4, 0x59, - 0x6D, 0x4C, 0x33, 0xB4, 0x9A, 0xD2, 0x73, 0x4A, 0x1E, 0x9F, - 0xD9, 0xC8, 0x83 + 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x31, 0x42, 0xB4, 0x2B, 0x87, + 0xEF, 0x4B, 0x66, 0x93, 0xAF, 0x44, 0xDE, 0x45, 0x80, 0xD8, + 0x8E, 0x7E, 0xE3, 0xB5, 0x07, 0x30, 0x0C, 0x06, 0x03, 0x55, + 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, + 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, + 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, + 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, + 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, + 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x32, + 0xED, 0x94, 0x35, 0x3D, 0x4A, 0x76, 0xD7, 0x6E, 0xA9, 0x75, + 0xE9, 0xF5, 0x7A, 0x7F, 0x64, 0x31, 0x50, 0x6A, 0x28, 0xD5, + 0x92, 0x21, 0xD5, 0x88, 0xD2, 0x51, 0x82, 0xC5, 0xBB, 0x1A, + 0xF9, 0x26, 0xFA, 0xD8, 0x4B, 0x83, 0xB6, 0x09, 0xD4, 0x62, + 0x19, 0xE0, 0x55, 0x84, 0x97, 0x55, 0xBA, 0x5D, 0x21, 0x48, + 0x27, 0x10, 0xF0, 0xF3, 0x5C, 0x33, 0xB8, 0x38, 0x9B, 0xFB, + 0x57, 0x4C, 0xD8, 0x1C, 0x5B, 0xAB, 0xD3, 0x1C, 0x21, 0xEE, + 0x3E, 0x2E, 0xB8, 0xC6, 0x3A, 0x92, 0x5C, 0x38, 0x3C, 0x25, + 0x40, 0x2F, 0x05, 0xC6, 0xC9, 0x85, 0xFF, 0x27, 0xF3, 0xEE, + 0xFA, 0x10, 0x58, 0xDB, 0x5C, 0xA6, 0x8E, 0xE0, 0xD9, 0x70, + 0x93, 0xCD, 0xBE, 0x7E, 0x68, 0x33, 0x08, 0xC2, 0x28, 0xD6, + 0x5C, 0xB3, 0x15, 0x19, 0xAF, 0x0C, 0xF7, 0xBA, 0xF0, 0xBC, + 0xA1, 0xCF, 0x30, 0x4E, 0x38, 0xE6, 0x4D }; static const int sizeof_ca_cert_der_1024 = sizeof(ca_cert_der_1024); @@ -576,7 +593,7 @@ static const int sizeof_server_key_der_1024 = sizeof(server_key_der_1024); /* ./certs/1024/server-cert.der, 1024-bit */ static const unsigned char server_cert_der_1024[] = { - 0x30, 0x82, 0x03, 0xA9, 0x30, 0x82, 0x03, 0x12, 0xA0, 0x03, + 0x30, 0x82, 0x03, 0xF2, 0x30, 0x82, 0x03, 0x5B, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, @@ -595,9 +612,9 @@ static const unsigned char server_cert_der_1024[] = 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, - 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35, 0x32, - 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x31, 0x30, 0x31, - 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x30, + 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, 0x39, 0x31, 0x33, 0x32, + 0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x33, + 0x31, 0x36, 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x30, 0x81, 0x95, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, @@ -629,48 +646,55 @@ static const unsigned char server_cert_der_1024[] = 0xAD, 0xFD, 0x5C, 0x86, 0x73, 0xAA, 0x6B, 0x47, 0xD8, 0x8B, 0x2E, 0x58, 0x4B, 0x69, 0x12, 0x82, 0x26, 0x55, 0xE6, 0x14, 0xBF, 0x55, 0x70, 0x88, 0xFE, 0xF9, 0x75, 0xE1, 0x02, 0x03, - 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x01, 0x30, 0x81, 0xFE, - 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, - 0x14, 0xD9, 0x3C, 0x35, 0xEA, 0x74, 0x0E, 0x23, 0xBE, 0x9C, - 0xFC, 0xFA, 0x29, 0x90, 0x09, 0xC1, 0xE7, 0x84, 0x16, 0x9F, - 0x7C, 0x30, 0x81, 0xCE, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, - 0x81, 0xC6, 0x30, 0x81, 0xC3, 0x80, 0x14, 0xD3, 0x22, 0x8F, - 0x28, 0x2C, 0xE0, 0x05, 0xEE, 0xD3, 0xED, 0xC3, 0x71, 0x3D, - 0xC9, 0xB2, 0x36, 0x3A, 0x1D, 0xBF, 0xA8, 0xA1, 0x81, 0x9F, - 0xA4, 0x81, 0x9C, 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, - 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, - 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, - 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, - 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, - 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, - 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x43, 0x6F, 0x6E, 0x73, 0x75, - 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x5F, 0x31, 0x30, 0x32, 0x34, - 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, - 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, - 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, - 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, - 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, - 0x09, 0x00, 0xDA, 0xFB, 0x6A, 0x0D, 0xFE, 0xCF, 0x9B, 0x47, - 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, - 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, - 0x81, 0x81, 0x00, 0x0B, 0xC3, 0xAF, 0x43, 0x85, 0x64, 0x61, - 0xE7, 0xAB, 0x5A, 0x2A, 0x1B, 0xB2, 0x29, 0xD5, 0x66, 0x68, - 0x44, 0x1A, 0x6D, 0x66, 0xFC, 0x3D, 0xB1, 0x88, 0xEC, 0xA5, - 0x41, 0x18, 0x67, 0x62, 0x34, 0xA4, 0x5E, 0xC9, 0x69, 0xCD, - 0x40, 0xC8, 0x56, 0x7E, 0xBF, 0xEB, 0xBC, 0x61, 0x1F, 0x33, - 0x34, 0x58, 0xBE, 0x57, 0xFD, 0xE6, 0x98, 0xDD, 0x51, 0x27, - 0x7C, 0xB7, 0x2C, 0xBC, 0xC9, 0x39, 0xE5, 0xE5, 0x95, 0x82, - 0xE1, 0x3F, 0xD9, 0xB9, 0x97, 0x30, 0x4E, 0x33, 0x2C, 0xEF, - 0xF8, 0xDB, 0xB4, 0xEE, 0x35, 0x75, 0x9E, 0x7A, 0x3F, 0x22, - 0x8F, 0xA5, 0x71, 0xD4, 0x01, 0x64, 0x6C, 0xF2, 0x85, 0xF7, - 0x72, 0x99, 0x2C, 0x80, 0x0F, 0xA4, 0x31, 0x1D, 0xD4, 0x0B, - 0x1E, 0xA5, 0x0F, 0xE7, 0x53, 0x0A, 0xDE, 0x15, 0x0D, 0xB2, - 0xD0, 0x6B, 0xF4, 0xD6, 0x2F, 0xE2, 0x0B, 0xA3, 0x8A, 0x5A, - 0x6E + 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4A, 0x30, 0x82, 0x01, + 0x46, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x04, 0x14, 0xD9, 0x3C, 0x35, 0xEA, 0x74, 0x0E, 0x23, 0xBE, + 0x9C, 0xFC, 0xFA, 0x29, 0x90, 0x09, 0xC1, 0xE7, 0x84, 0x16, + 0x9F, 0x7C, 0x30, 0x81, 0xD9, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x81, 0xD1, 0x30, 0x81, 0xCE, 0x80, 0x14, 0xD3, 0x22, + 0x8F, 0x28, 0x2C, 0xE0, 0x05, 0xEE, 0xD3, 0xED, 0xC3, 0x71, + 0x3D, 0xC9, 0xB2, 0x36, 0x3A, 0x1D, 0xBF, 0xA8, 0xA1, 0x81, + 0x9F, 0xA4, 0x81, 0x9C, 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, + 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x43, 0x6F, 0x6E, 0x73, + 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x5F, 0x31, 0x30, 0x32, + 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x82, 0x14, 0x31, 0x42, 0xB4, 0x2B, 0x87, 0xEF, 0x4B, 0x66, + 0x93, 0xAF, 0x44, 0xDE, 0x45, 0x80, 0xD8, 0x8E, 0x7E, 0xE3, + 0xB5, 0x07, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, + 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, + 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, + 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x56, 0x14, 0x19, 0x1A, + 0x4F, 0x09, 0x91, 0xCD, 0xF5, 0xA7, 0xC5, 0x69, 0xE4, 0xEA, + 0x1A, 0xFD, 0x56, 0xC3, 0x55, 0xFE, 0xC8, 0xCC, 0xED, 0x56, + 0xA8, 0x5F, 0x86, 0xFB, 0xAB, 0x9F, 0x76, 0x8A, 0xDB, 0xB3, + 0xCC, 0x68, 0xCE, 0x99, 0xFB, 0xA4, 0x5E, 0x70, 0xA8, 0x3C, + 0xA8, 0xB6, 0x85, 0x7C, 0xCB, 0x31, 0xFE, 0x4B, 0x01, 0x0C, + 0xAC, 0xF0, 0x19, 0x04, 0x98, 0xD0, 0xE7, 0xA5, 0xA2, 0x51, + 0xE2, 0x52, 0xA3, 0xF7, 0x42, 0xD4, 0xE2, 0x2D, 0xF2, 0x72, + 0xB5, 0xE7, 0x95, 0xD0, 0xB4, 0xE3, 0xD3, 0xC1, 0x34, 0xA4, + 0x2F, 0x7C, 0x3C, 0xEF, 0xF0, 0x45, 0x14, 0x32, 0x2F, 0xC8, + 0xBF, 0x9F, 0xDA, 0x97, 0x6A, 0xDA, 0xCB, 0x3F, 0xEF, 0x1F, + 0xCA, 0xDC, 0x7A, 0x13, 0x1B, 0x5A, 0x45, 0x41, 0xF8, 0xF0, + 0x34, 0x49, 0x9D, 0x58, 0x23, 0x85, 0x3D, 0x99, 0xAB, 0x34, + 0xDE, 0x51, 0x32, 0x76 }; static const int sizeof_server_cert_der_1024 = sizeof(server_cert_der_1024); @@ -843,10 +867,84 @@ static const int sizeof_client_keypub_der_2048 = sizeof(client_keypub_der_2048); /* ./certs/client-cert.der, 2048-bit */ static const unsigned char client_cert_der_2048[] = { - 0x30, 0x82, 0x04, 0xCA, 0x30, 0x82, 0x03, 0xB2, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xAA, 0xC4, 0xBF, 0x4C, - 0x50, 0xBD, 0x55, 0x77, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, + 0x30, 0x82, 0x05, 0x1D, 0x30, 0x82, 0x04, 0x05, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x45, 0x45, 0x81, 0x82, 0xE6, + 0x3A, 0xBD, 0xA2, 0xE3, 0x06, 0x0E, 0xBA, 0x2C, 0x45, 0x74, + 0x4B, 0xBE, 0xC0, 0x39, 0x11, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, + 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, + 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, + 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, + 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, + 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, + 0x39, 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, + 0x32, 0x33, 0x30, 0x33, 0x31, 0x36, 0x31, 0x33, 0x32, 0x33, + 0x34, 0x31, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, + 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, + 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, + 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, + 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, + 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, + 0x2D, 0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, + 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, + 0x2B, 0xFE, 0x39, 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, + 0x2B, 0x2A, 0x7C, 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, + 0x47, 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0, 0xBA, + 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81, 0x48, 0xFD, + 0x2D, 0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, + 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, + 0xEF, 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, + 0xBF, 0x65, 0xCC, 0x7F, 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, + 0x89, 0x5B, 0xE4, 0x34, 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, + 0x67, 0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, + 0xA6, 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, + 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, + 0xF1, 0xA3, 0x4A, 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, + 0x7E, 0xBF, 0x4E, 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, + 0x81, 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67, 0xB4, + 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40, 0x99, 0x36, + 0x83, 0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, + 0x24, 0x73, 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, + 0x6C, 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, + 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, + 0x0C, 0x85, 0xB3, 0xD9, 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, + 0xFA, 0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, + 0x71, 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, + 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, + 0x15, 0xF7, 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, + 0xA1, 0xBA, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, + 0x01, 0x4F, 0x30, 0x82, 0x01, 0x4B, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, + 0x66, 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, + 0x91, 0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0, 0x30, 0x81, 0xDE, + 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xD6, 0x30, 0x81, + 0xD3, 0x80, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, + 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, + 0x85, 0x65, 0xC0, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, @@ -863,110 +961,44 @@ static const unsigned char client_cert_der_2048[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, - 0x31, 0x35, 0x32, 0x33, 0x30, 0x39, 0x5A, 0x17, 0x0D, 0x32, - 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x30, - 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, - 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, - 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, - 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, - 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, - 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, - 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, - 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, - 0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, - 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, - 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, - 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, - 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, - 0xFE, 0x39, 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, - 0x2A, 0x7C, 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, - 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, - 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, - 0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, - 0x4A, 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, - 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, - 0x65, 0xCC, 0x7F, 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, - 0x5B, 0xE4, 0x34, 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, - 0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, - 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, - 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, - 0xA3, 0x4A, 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, - 0xBF, 0x4E, 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, - 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, - 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, - 0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, - 0x73, 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, - 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, - 0x3B, 0xA3, 0x3B, 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, - 0x85, 0xB3, 0xD9, 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, - 0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, - 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, - 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, - 0xF7, 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, - 0xBA, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, - 0x07, 0x30, 0x82, 0x01, 0x03, 0x30, 0x1D, 0x06, 0x03, 0x55, - 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, - 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, - 0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0, 0x30, 0x81, 0xD3, 0x06, - 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xCB, 0x30, 0x81, 0xC8, - 0x80, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, - 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, - 0x65, 0xC0, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, - 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, - 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, - 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, - 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, - 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, - 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, - 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, - 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34, 0x38, - 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, - 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, - 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, - 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, - 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, - 0x09, 0x00, 0xAA, 0xC4, 0xBF, 0x4C, 0x50, 0xBD, 0x55, 0x77, - 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, - 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x80, 0x52, 0x54, 0x61, 0x2A, 0x77, - 0x80, 0x53, 0x44, 0xA9, 0x80, 0x6D, 0x45, 0xFF, 0x0D, 0x25, - 0x7D, 0x1A, 0x8F, 0x23, 0x93, 0x53, 0x74, 0x35, 0x12, 0x6F, - 0xF0, 0x2E, 0x20, 0xEA, 0xED, 0x80, 0x63, 0x69, 0x88, 0xE6, - 0x0C, 0xA1, 0x49, 0x30, 0xE0, 0x82, 0xDB, 0x68, 0x0F, 0x7E, - 0x84, 0xAC, 0xFF, 0xFF, 0x7B, 0x42, 0xFA, 0x7E, 0x2F, 0xB2, - 0x52, 0x9F, 0xD2, 0x79, 0x5E, 0x35, 0x12, 0x27, 0x36, 0xBC, - 0xDF, 0x96, 0x58, 0x44, 0x96, 0x55, 0xC8, 0x4A, 0x94, 0x02, - 0x5F, 0x4A, 0x9D, 0xDC, 0xD3, 0x3A, 0xF7, 0x6D, 0xAC, 0x8B, - 0x79, 0x6E, 0xFC, 0xBE, 0x8F, 0x23, 0x58, 0x6A, 0x8A, 0xF5, - 0x38, 0x0A, 0x42, 0xF6, 0x98, 0x74, 0x88, 0x53, 0x2E, 0x02, - 0xAF, 0xE1, 0x0E, 0xBE, 0x6F, 0xCC, 0x74, 0x33, 0x7C, 0xEC, - 0xB4, 0xCB, 0xA7, 0x49, 0x6D, 0x82, 0x42, 0x4F, 0xEB, 0x73, - 0x29, 0xC3, 0x32, 0x00, 0x2B, 0x15, 0xF8, 0x88, 0x7A, 0x8F, - 0x6D, 0x20, 0x1B, 0xAE, 0x65, 0x5F, 0xC5, 0xD0, 0x8A, 0xD1, - 0xE2, 0x64, 0x6D, 0xA3, 0xA8, 0xFE, 0x64, 0xE1, 0xA9, 0x5B, - 0xE6, 0xD0, 0x23, 0xD6, 0x02, 0x72, 0x5A, 0xEC, 0x03, 0x8E, - 0x87, 0x67, 0x19, 0x8D, 0xE4, 0xA8, 0x99, 0x15, 0xC1, 0x3D, - 0x91, 0x48, 0x99, 0x8D, 0xFE, 0xAE, 0x1C, 0xBF, 0xF6, 0x28, - 0x1B, 0x45, 0xBE, 0xAD, 0xEF, 0x72, 0x83, 0x9A, 0xF6, 0xC7, - 0x3B, 0x51, 0xA3, 0x6E, 0x7A, 0x73, 0xBD, 0x83, 0xAA, 0x97, - 0xFD, 0x63, 0xB4, 0xF4, 0x6B, 0x1C, 0x14, 0x81, 0x9A, 0xEF, - 0x14, 0x24, 0xD3, 0xE1, 0x8B, 0xF4, 0x04, 0x04, 0x84, 0x54, - 0x0F, 0x61, 0xA2, 0xA8, 0xF2, 0x50, 0x37, 0x0C, 0x17, 0x0C, - 0xBC, 0xE0, 0xC2, 0x84, 0x85, 0xF4, 0x0B, 0xAE, 0x00, 0xCA, - 0x9F, 0x27, 0xE2, 0x44, 0x4F, 0x15, 0x0B, 0x8B, 0x1D, 0xB4 - + 0x82, 0x14, 0x45, 0x45, 0x81, 0x82, 0xE6, 0x3A, 0xBD, 0xA2, + 0xE3, 0x06, 0x0E, 0xBA, 0x2C, 0x45, 0x74, 0x4B, 0xBE, 0xC0, + 0x39, 0x11, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, + 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, + 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, + 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xC1, 0x06, 0x39, + 0xC8, 0xCE, 0xF5, 0x81, 0x49, 0x55, 0xE1, 0x3A, 0x55, 0xAA, + 0x91, 0x5D, 0x64, 0xF1, 0x4B, 0xDC, 0x33, 0x1E, 0x31, 0x15, + 0xE7, 0x10, 0x71, 0x16, 0x0D, 0xB5, 0x00, 0xDC, 0xBB, 0x22, + 0x0D, 0x81, 0xD9, 0x12, 0x5C, 0x0C, 0xDD, 0x61, 0xE1, 0xAF, + 0xB5, 0xE2, 0xF7, 0x7D, 0x8B, 0xE6, 0x61, 0xFD, 0xCA, 0x45, + 0x3A, 0x61, 0xE7, 0x18, 0x56, 0x2C, 0x26, 0xF2, 0xDF, 0x14, + 0xF1, 0xE0, 0x3D, 0x7F, 0x62, 0x12, 0x5F, 0xD8, 0x04, 0x44, + 0x06, 0x0C, 0x72, 0xB1, 0x8A, 0x50, 0x72, 0x67, 0x77, 0x74, + 0x01, 0xFF, 0x79, 0x64, 0x11, 0x6E, 0xB3, 0x84, 0x51, 0x19, + 0x22, 0xB6, 0x43, 0x10, 0x06, 0x0D, 0x39, 0x46, 0x5A, 0xC6, + 0x57, 0x0A, 0x43, 0xA1, 0x94, 0x02, 0x28, 0x0A, 0x12, 0x38, + 0x85, 0x04, 0x0E, 0x78, 0x52, 0x48, 0x28, 0x7E, 0x6C, 0xD9, + 0xF0, 0x4B, 0x04, 0x55, 0x7C, 0x39, 0x01, 0xC1, 0xB4, 0x5F, + 0x50, 0x06, 0xCF, 0xDA, 0x6F, 0x20, 0xB8, 0x94, 0xF7, 0x51, + 0x1A, 0x23, 0xCB, 0x30, 0xE3, 0x21, 0xB4, 0xA3, 0x73, 0xAD, + 0x48, 0xFB, 0x96, 0x69, 0xEF, 0x2E, 0x50, 0xB6, 0x67, 0xBC, + 0x64, 0xEE, 0x27, 0x76, 0x43, 0x7A, 0x34, 0x59, 0x8E, 0xB4, + 0x57, 0x53, 0x7D, 0x95, 0x7E, 0x50, 0x7E, 0x64, 0x4C, 0x29, + 0x68, 0xFE, 0x81, 0x4F, 0x73, 0x21, 0x24, 0xB5, 0xA9, 0xA2, + 0x49, 0x5F, 0x54, 0x7F, 0x0D, 0xC2, 0x96, 0xC7, 0xF5, 0x36, + 0x81, 0x8E, 0xC0, 0x00, 0xAF, 0xB4, 0x10, 0x6B, 0x0E, 0xBC, + 0x1A, 0x3A, 0xF1, 0xA6, 0xDD, 0xFD, 0x8E, 0x63, 0x21, 0x33, + 0xD4, 0x32, 0x31, 0x1F, 0xBE, 0xA3, 0x7C, 0x52, 0x85, 0x26, + 0xC8, 0x6E, 0x50, 0x6C, 0xAC, 0x3D, 0x2E, 0xC0, 0xF9, 0x50, + 0xED, 0xC8, 0x4D, 0xCD, 0x13, 0x50, 0xCE, 0x5E, 0xDE, 0x15, + 0x89, 0xD1, 0xFB }; static const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048); @@ -1348,10 +1380,82 @@ static const int sizeof_ca_key_der_2048 = sizeof(ca_key_der_2048); /* ./certs/ca-cert.der, 2048-bit */ static const unsigned char ca_cert_der_2048[] = { - 0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x86, 0xFF, 0xF5, 0x8E, - 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, + 0x30, 0x82, 0x04, 0xFF, 0x30, 0x82, 0x03, 0xE7, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x5E, 0xBA, 0xA4, 0xF4, 0xB1, + 0xF7, 0x48, 0x25, 0xE3, 0x5F, 0x9B, 0xDA, 0xA1, 0x13, 0xED, + 0xD5, 0x2B, 0x03, 0x67, 0x15, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, + 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, + 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, + 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, + 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, + 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, + 0x39, 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, + 0x32, 0x33, 0x30, 0x33, 0x31, 0x36, 0x31, 0x33, 0x32, 0x33, + 0x34, 0x31, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, + 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, + 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, + 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, + 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, + 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, + 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBF, 0x0C, 0xCA, + 0x2D, 0x14, 0xB2, 0x1E, 0x84, 0x42, 0x5B, 0xCD, 0x38, 0x1F, + 0x4A, 0xF2, 0x4D, 0x75, 0x10, 0xF1, 0xB6, 0x35, 0x9F, 0xDF, + 0xCA, 0x7D, 0x03, 0x98, 0xD3, 0xAC, 0xDE, 0x03, 0x66, 0xEE, + 0x2A, 0xF1, 0xD8, 0xB0, 0x7D, 0x6E, 0x07, 0x54, 0x0B, 0x10, + 0x98, 0x21, 0x4D, 0x80, 0xCB, 0x12, 0x20, 0xE7, 0xCC, 0x4F, + 0xDE, 0x45, 0x7D, 0xC9, 0x72, 0x77, 0x32, 0xEA, 0xCA, 0x90, + 0xBB, 0x69, 0x52, 0x10, 0x03, 0x2F, 0xA8, 0xF3, 0x95, 0xC5, + 0xF1, 0x8B, 0x62, 0x56, 0x1B, 0xEF, 0x67, 0x6F, 0xA4, 0x10, + 0x41, 0x95, 0xAD, 0x0A, 0x9B, 0xE3, 0xA5, 0xC0, 0xB0, 0xD2, + 0x70, 0x76, 0x50, 0x30, 0x5B, 0xA8, 0xE8, 0x08, 0x2C, 0x7C, + 0xED, 0xA7, 0xA2, 0x7A, 0x8D, 0x38, 0x29, 0x1C, 0xAC, 0xC7, + 0xED, 0xF2, 0x7C, 0x95, 0xB0, 0x95, 0x82, 0x7D, 0x49, 0x5C, + 0x38, 0xCD, 0x77, 0x25, 0xEF, 0xBD, 0x80, 0x75, 0x53, 0x94, + 0x3C, 0x3D, 0xCA, 0x63, 0x5B, 0x9F, 0x15, 0xB5, 0xD3, 0x1D, + 0x13, 0x2F, 0x19, 0xD1, 0x3C, 0xDB, 0x76, 0x3A, 0xCC, 0xB8, + 0x7D, 0xC9, 0xE5, 0xC2, 0xD7, 0xDA, 0x40, 0x6F, 0xD8, 0x21, + 0xDC, 0x73, 0x1B, 0x42, 0x2D, 0x53, 0x9C, 0xFE, 0x1A, 0xFC, + 0x7D, 0xAB, 0x7A, 0x36, 0x3F, 0x98, 0xDE, 0x84, 0x7C, 0x05, + 0x67, 0xCE, 0x6A, 0x14, 0x38, 0x87, 0xA9, 0xF1, 0x8C, 0xB5, + 0x68, 0xCB, 0x68, 0x7F, 0x71, 0x20, 0x2B, 0xF5, 0xA0, 0x63, + 0xF5, 0x56, 0x2F, 0xA3, 0x26, 0xD2, 0xB7, 0x6F, 0xB1, 0x5A, + 0x17, 0xD7, 0x38, 0x99, 0x08, 0xFE, 0x93, 0x58, 0x6F, 0xFE, + 0xC3, 0x13, 0x49, 0x08, 0x16, 0x0B, 0xA7, 0x4D, 0x67, 0x00, + 0x52, 0x31, 0x67, 0x23, 0x4E, 0x98, 0xED, 0x51, 0x45, 0x1D, + 0xB9, 0x04, 0xD9, 0x0B, 0xEC, 0xD8, 0x28, 0xB3, 0x4B, 0xBD, + 0xED, 0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, + 0x01, 0x45, 0x30, 0x82, 0x01, 0x41, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67, + 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, + 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xD4, + 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xCC, 0x30, 0x81, + 0xC9, 0x80, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, + 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, + 0xE5, 0xE8, 0xD5, 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, @@ -1367,107 +1471,44 @@ static const unsigned char ca_cert_der_2048[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, - 0x31, 0x35, 0x32, 0x33, 0x30, 0x39, 0x5A, 0x17, 0x0D, 0x32, - 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x30, - 0x39, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, - 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, - 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, - 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, - 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, - 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, - 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, - 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, - 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, - 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, - 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, - 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xBF, 0x0C, 0xCA, 0x2D, - 0x14, 0xB2, 0x1E, 0x84, 0x42, 0x5B, 0xCD, 0x38, 0x1F, 0x4A, - 0xF2, 0x4D, 0x75, 0x10, 0xF1, 0xB6, 0x35, 0x9F, 0xDF, 0xCA, - 0x7D, 0x03, 0x98, 0xD3, 0xAC, 0xDE, 0x03, 0x66, 0xEE, 0x2A, - 0xF1, 0xD8, 0xB0, 0x7D, 0x6E, 0x07, 0x54, 0x0B, 0x10, 0x98, - 0x21, 0x4D, 0x80, 0xCB, 0x12, 0x20, 0xE7, 0xCC, 0x4F, 0xDE, - 0x45, 0x7D, 0xC9, 0x72, 0x77, 0x32, 0xEA, 0xCA, 0x90, 0xBB, - 0x69, 0x52, 0x10, 0x03, 0x2F, 0xA8, 0xF3, 0x95, 0xC5, 0xF1, - 0x8B, 0x62, 0x56, 0x1B, 0xEF, 0x67, 0x6F, 0xA4, 0x10, 0x41, - 0x95, 0xAD, 0x0A, 0x9B, 0xE3, 0xA5, 0xC0, 0xB0, 0xD2, 0x70, - 0x76, 0x50, 0x30, 0x5B, 0xA8, 0xE8, 0x08, 0x2C, 0x7C, 0xED, - 0xA7, 0xA2, 0x7A, 0x8D, 0x38, 0x29, 0x1C, 0xAC, 0xC7, 0xED, - 0xF2, 0x7C, 0x95, 0xB0, 0x95, 0x82, 0x7D, 0x49, 0x5C, 0x38, - 0xCD, 0x77, 0x25, 0xEF, 0xBD, 0x80, 0x75, 0x53, 0x94, 0x3C, - 0x3D, 0xCA, 0x63, 0x5B, 0x9F, 0x15, 0xB5, 0xD3, 0x1D, 0x13, - 0x2F, 0x19, 0xD1, 0x3C, 0xDB, 0x76, 0x3A, 0xCC, 0xB8, 0x7D, - 0xC9, 0xE5, 0xC2, 0xD7, 0xDA, 0x40, 0x6F, 0xD8, 0x21, 0xDC, - 0x73, 0x1B, 0x42, 0x2D, 0x53, 0x9C, 0xFE, 0x1A, 0xFC, 0x7D, - 0xAB, 0x7A, 0x36, 0x3F, 0x98, 0xDE, 0x84, 0x7C, 0x05, 0x67, - 0xCE, 0x6A, 0x14, 0x38, 0x87, 0xA9, 0xF1, 0x8C, 0xB5, 0x68, - 0xCB, 0x68, 0x7F, 0x71, 0x20, 0x2B, 0xF5, 0xA0, 0x63, 0xF5, - 0x56, 0x2F, 0xA3, 0x26, 0xD2, 0xB7, 0x6F, 0xB1, 0x5A, 0x17, - 0xD7, 0x38, 0x99, 0x08, 0xFE, 0x93, 0x58, 0x6F, 0xFE, 0xC3, - 0x13, 0x49, 0x08, 0x16, 0x0B, 0xA7, 0x4D, 0x67, 0x00, 0x52, - 0x31, 0x67, 0x23, 0x4E, 0x98, 0xED, 0x51, 0x45, 0x1D, 0xB9, - 0x04, 0xD9, 0x0B, 0xEC, 0xD8, 0x28, 0xB3, 0x4B, 0xBD, 0xED, - 0x36, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC, - 0x30, 0x81, 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, - 0x04, 0x16, 0x04, 0x14, 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, - 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, - 0x30, 0xE5, 0xE8, 0xD5, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, - 0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, - 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, - 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, - 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, - 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, - 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, - 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, - 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, - 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, - 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, - 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, - 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0x86, 0xFF, 0xF5, 0x8E, 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0C, - 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, - 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x01, 0x00, 0x9E, 0x28, 0x88, 0x72, 0x00, 0xCA, 0xE6, 0xE7, - 0x97, 0xCA, 0xC1, 0xF1, 0x1F, 0x9E, 0x12, 0xB2, 0xB8, 0xC7, - 0x51, 0xEA, 0x28, 0xE1, 0x36, 0xB5, 0x2D, 0xE6, 0x2F, 0x08, - 0x23, 0xCB, 0xA9, 0x4A, 0x87, 0x25, 0xC6, 0x5D, 0x89, 0x45, - 0xEA, 0xF5, 0x00, 0x98, 0xAC, 0x76, 0xFB, 0x1B, 0xAF, 0xF0, - 0xCE, 0x64, 0x9E, 0xDA, 0x08, 0xBF, 0xB6, 0xEB, 0xB4, 0xB5, - 0x0C, 0xA0, 0xE7, 0xF6, 0x47, 0x59, 0x1C, 0x61, 0xCF, 0x2E, - 0x0E, 0x58, 0xA4, 0x82, 0xAC, 0x0F, 0x3F, 0xEC, 0xC4, 0xAE, - 0x80, 0xF7, 0xB0, 0x8A, 0x1E, 0x85, 0x41, 0xE8, 0xFF, 0xFE, - 0xFE, 0x4F, 0x1A, 0x24, 0xD5, 0x49, 0xFA, 0xFB, 0xFE, 0x5E, - 0xE5, 0xD3, 0x91, 0x0E, 0x4F, 0x4E, 0x0C, 0x21, 0x51, 0x71, - 0x83, 0x04, 0x6B, 0x62, 0x7B, 0x4F, 0x59, 0x76, 0x48, 0x81, - 0x1E, 0xB4, 0xF7, 0x04, 0x47, 0x8A, 0x91, 0x57, 0xA3, 0x11, - 0xA9, 0xF2, 0x20, 0xB4, 0x78, 0x33, 0x62, 0x3D, 0xB0, 0x5E, - 0x0D, 0xF9, 0x86, 0x38, 0x82, 0xDA, 0xA1, 0x98, 0x8D, 0x19, - 0x06, 0x87, 0x21, 0x39, 0xB7, 0x02, 0xF7, 0xDA, 0x7D, 0x58, - 0xBA, 0x52, 0x15, 0xD8, 0x3B, 0xC9, 0x7B, 0x58, 0x34, 0xA0, - 0xC7, 0xE2, 0x7C, 0xA9, 0x83, 0x13, 0xE1, 0xB6, 0xEC, 0x01, - 0xBF, 0x52, 0x33, 0x0B, 0xC4, 0xFE, 0x43, 0xD3, 0xC6, 0xA4, - 0x8E, 0x2F, 0x87, 0x7F, 0x7A, 0x44, 0xEA, 0xCA, 0x53, 0x6C, - 0x85, 0xED, 0x65, 0x76, 0x73, 0x31, 0x03, 0x4E, 0xEA, 0xBD, - 0x35, 0x54, 0x13, 0xF3, 0x64, 0x87, 0x6B, 0xDF, 0x34, 0xDD, - 0x34, 0xA1, 0x88, 0x3B, 0xDB, 0x4D, 0xAF, 0x1B, 0x64, 0x90, - 0x92, 0x71, 0x30, 0x8E, 0xC8, 0xCC, 0xE5, 0x60, 0x24, 0xAF, - 0x31, 0x16, 0x39, 0x33, 0x91, 0x50, 0xF9, 0xAB, 0x68, 0x42, - 0x74, 0x7A, 0x35, 0xD9, 0xDD, 0xC8, 0xC4, 0x52 + 0x82, 0x14, 0x5E, 0xBA, 0xA4, 0xF4, 0xB1, 0xF7, 0x48, 0x25, + 0xE3, 0x5F, 0x9B, 0xDA, 0xA1, 0x13, 0xED, 0xD5, 0x2B, 0x03, + 0x67, 0x15, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, + 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, + 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, + 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xB9, 0xED, 0x94, + 0x3E, 0x00, 0x73, 0x2D, 0xA5, 0xD1, 0x04, 0xB3, 0xFB, 0xDC, + 0xF0, 0xB7, 0x0D, 0x3D, 0xAD, 0x96, 0x74, 0x4C, 0x92, 0x67, + 0xAD, 0x6D, 0x7C, 0xE2, 0x99, 0x6A, 0x33, 0xCA, 0xB2, 0x0F, + 0x04, 0x5A, 0xA5, 0x67, 0xF8, 0xE3, 0x0B, 0x3D, 0xF5, 0xD0, + 0x5B, 0x1E, 0x20, 0x52, 0x12, 0x92, 0x28, 0xEA, 0x31, 0xA3, + 0x51, 0x9E, 0x8B, 0xD2, 0x39, 0xE4, 0x25, 0xEA, 0x61, 0x61, + 0x41, 0x16, 0x2D, 0x54, 0x50, 0xD3, 0xFB, 0xD0, 0x34, 0x00, + 0x10, 0xF1, 0x7B, 0xBC, 0xF0, 0x08, 0xA7, 0xF5, 0x27, 0x5E, + 0x7E, 0x40, 0x9D, 0x99, 0xB0, 0xD3, 0x31, 0x11, 0xC3, 0x9D, + 0xA9, 0x51, 0xA0, 0x17, 0xCF, 0x83, 0x2C, 0x55, 0x84, 0xE0, + 0xD5, 0x92, 0xA0, 0x05, 0x3A, 0x9F, 0xB8, 0x75, 0xF8, 0x1B, + 0xE5, 0xF7, 0xA4, 0x6C, 0xE9, 0xAA, 0x25, 0x8B, 0x19, 0x93, + 0x46, 0x1F, 0x3F, 0x33, 0xAF, 0x47, 0x29, 0xCF, 0x7B, 0x8B, + 0x59, 0x27, 0xEB, 0xD7, 0x4F, 0xCB, 0x33, 0x19, 0xFA, 0x5F, + 0xEE, 0xD8, 0x13, 0xE9, 0x0C, 0x07, 0xAD, 0x3B, 0xC0, 0x7F, + 0x10, 0xD7, 0xE4, 0xED, 0xE8, 0xDB, 0x16, 0xE1, 0x1F, 0xA4, + 0x7F, 0x16, 0x3C, 0xBD, 0xD7, 0x11, 0xF2, 0xD4, 0x3A, 0xA9, + 0x9B, 0x95, 0xE1, 0x39, 0x51, 0x99, 0xEB, 0x5B, 0x65, 0x46, + 0xEF, 0x63, 0x84, 0x73, 0x95, 0x23, 0xB8, 0xBF, 0xB5, 0xF6, + 0x4D, 0x12, 0x71, 0xF7, 0xFF, 0x33, 0xAA, 0x4A, 0x8C, 0x65, + 0x73, 0x73, 0x89, 0x69, 0xDF, 0xA6, 0xDC, 0xA4, 0x91, 0xFF, + 0xAE, 0xC7, 0x28, 0x93, 0xB5, 0x1A, 0xDE, 0xA9, 0x8F, 0x2B, + 0x30, 0x85, 0x83, 0x8B, 0x99, 0x82, 0xCA, 0xB3, 0x7C, 0x11, + 0x10, 0x88, 0x9D, 0x8E, 0x6C, 0x2C, 0xF3, 0x05, 0x6F, 0xCB, + 0x80, 0x85, 0x16, 0xB7, 0xED, 0xE4, 0x68, 0xFB, 0xB6, 0xB6, + 0x31, 0x8A, 0x7D }; static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048); @@ -1822,7 +1863,7 @@ static const int sizeof_server_key_der_2048 = sizeof(server_key_der_2048); /* ./certs/server-cert.der, 2048-bit */ static const unsigned char server_cert_der_2048[] = { - 0x30, 0x82, 0x04, 0x9E, 0x30, 0x82, 0x03, 0x86, 0xA0, 0x03, + 0x30, 0x82, 0x04, 0xE8, 0x30, 0x82, 0x03, 0xD0, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, @@ -1840,10 +1881,10 @@ static const unsigned char server_cert_der_2048[] = 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, - 0x31, 0x33, 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, - 0x0D, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, - 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, + 0x31, 0x39, 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x17, + 0x0D, 0x32, 0x33, 0x30, 0x33, 0x31, 0x36, 0x31, 0x33, 0x32, + 0x33, 0x34, 0x31, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, @@ -1887,60 +1928,68 @@ static const unsigned char server_cert_der_2048[] = 0x69, 0x42, 0x42, 0x09, 0xE9, 0xD8, 0x08, 0xBC, 0x33, 0x20, 0xB3, 0x58, 0x22, 0xA7, 0xAA, 0xEB, 0xC4, 0xE1, 0xE6, 0x61, 0x83, 0xC5, 0xD2, 0x96, 0xDF, 0xD9, 0xD0, 0x4F, 0xAD, 0xD7, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC, 0x30, 0x81, - 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, - 0x04, 0x14, 0xB3, 0x11, 0x32, 0xC9, 0x92, 0x98, 0x84, 0xE2, - 0xC9, 0xF8, 0xD0, 0x3B, 0x6E, 0x03, 0x42, 0xCA, 0x1F, 0x0E, - 0x8E, 0x3C, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, 0x1D, 0x23, - 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, 0x27, 0x8E, - 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, - 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0xA1, 0x81, - 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, - 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, - 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, - 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, - 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, - 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, - 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, - 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, - 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, - 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0x86, 0xFF, - 0xF5, 0x8E, 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0C, 0x06, 0x03, - 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, - 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0xB4, 0x54, 0x60, 0xAD, 0xA0, 0x03, 0x32, 0xDE, 0x02, 0x7F, - 0x21, 0x4A, 0x81, 0xC6, 0xED, 0xCD, 0xCD, 0xD8, 0x12, 0x8A, - 0xC0, 0xBA, 0x82, 0x5B, 0x75, 0xAD, 0x54, 0xE3, 0x7C, 0x80, - 0x6A, 0xAC, 0x2E, 0x6C, 0x20, 0x4E, 0xBE, 0x4D, 0x82, 0xA7, - 0x47, 0x13, 0x5C, 0xF4, 0xC6, 0x6A, 0x2B, 0x10, 0x99, 0x58, - 0xDE, 0xAB, 0x6B, 0x7C, 0x22, 0x05, 0xC1, 0x83, 0x9D, 0xCB, - 0xFF, 0x3C, 0xE4, 0x2D, 0x57, 0x6A, 0xA6, 0x96, 0xDF, 0xD3, - 0xC1, 0x68, 0xE3, 0xD2, 0xC6, 0x83, 0x4B, 0x97, 0xE2, 0xC6, - 0x32, 0x0E, 0xBE, 0xC4, 0x03, 0xB9, 0x07, 0x8A, 0x5B, 0xB8, - 0x84, 0xBA, 0xC5, 0x39, 0x3F, 0x1C, 0x58, 0xA7, 0x55, 0xD7, - 0xF0, 0x9B, 0xE8, 0xD2, 0x45, 0xB9, 0xE3, 0x83, 0x2E, 0xEE, - 0xB6, 0x71, 0x56, 0xB9, 0x3A, 0xEE, 0x3F, 0x27, 0xD8, 0x77, - 0xE8, 0xFB, 0x44, 0x48, 0x65, 0x27, 0x47, 0x4C, 0xFB, 0xFE, - 0x72, 0xC3, 0xAC, 0x05, 0x7B, 0x1D, 0xCB, 0xEB, 0x5E, 0x65, - 0x9A, 0xAB, 0x02, 0xE4, 0x88, 0x5B, 0x3B, 0x8B, 0x0B, 0xC7, - 0xCC, 0xA9, 0xA6, 0x8B, 0xE1, 0x87, 0xB0, 0x19, 0x1A, 0x0C, - 0x28, 0x58, 0x6F, 0x99, 0x52, 0x7E, 0xED, 0xB0, 0x3A, 0x68, - 0x3B, 0x8C, 0x0A, 0x08, 0x74, 0x72, 0xAB, 0xB9, 0x09, 0xC5, - 0xED, 0x04, 0x7E, 0x6F, 0x0B, 0x1C, 0x09, 0x21, 0xD0, 0xCD, - 0x7F, 0xF9, 0xC4, 0x5E, 0x27, 0x20, 0xE4, 0x85, 0x73, 0x52, - 0x05, 0xD2, 0xBA, 0xF8, 0xD5, 0x8F, 0x41, 0xCC, 0x23, 0x2E, - 0x12, 0x6D, 0xBC, 0x31, 0x98, 0xE7, 0x63, 0xA3, 0x8E, 0x26, - 0xCD, 0xE8, 0x2B, 0x88, 0xEE, 0xE2, 0xFE, 0x3A, 0x74, 0x52, - 0x34, 0x0E, 0xFD, 0x12, 0xE5, 0x5E, 0x69, 0x50, 0x20, 0x31, - 0x34, 0xE4, 0x31, 0xF1, 0xE7, 0xE4, 0x5B, 0x03, 0x13, 0xDA, - 0xAC, 0x41, 0x6C, 0xE7, 0xCF, 0x2B + 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x45, 0x30, + 0x82, 0x01, 0x41, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, + 0x04, 0x16, 0x04, 0x14, 0xB3, 0x11, 0x32, 0xC9, 0x92, 0x98, + 0x84, 0xE2, 0xC9, 0xF8, 0xD0, 0x3B, 0x6E, 0x03, 0x42, 0xCA, + 0x1F, 0x0E, 0x8E, 0x3C, 0x30, 0x81, 0xD4, 0x06, 0x03, 0x55, + 0x1D, 0x23, 0x04, 0x81, 0xCC, 0x30, 0x81, 0xC9, 0x80, 0x14, + 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, + 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, + 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, + 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, + 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, + 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x5E, + 0xBA, 0xA4, 0xF4, 0xB1, 0xF7, 0x48, 0x25, 0xE3, 0x5F, 0x9B, + 0xDA, 0xA1, 0x13, 0xED, 0xD5, 0x2B, 0x03, 0x67, 0x15, 0x30, + 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, + 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, + 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, + 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, + 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, + 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0x35, 0x91, 0xE6, 0x72, 0xCC, 0x0B, + 0xF1, 0x47, 0x8F, 0x3D, 0xE3, 0x5D, 0x52, 0x2F, 0x83, 0xB8, + 0xB1, 0x3B, 0x6D, 0xD6, 0xAC, 0x13, 0x79, 0x74, 0x14, 0xFF, + 0x07, 0x8D, 0xEE, 0x74, 0x77, 0x64, 0xFF, 0xB8, 0x83, 0x1D, + 0x81, 0x80, 0x84, 0xBB, 0x38, 0xFA, 0x8F, 0xF3, 0x75, 0x29, + 0x23, 0xCE, 0xE5, 0x09, 0xA8, 0x13, 0x85, 0x14, 0xB6, 0x6A, + 0x35, 0x30, 0x2C, 0x1C, 0xC4, 0x0F, 0x23, 0x67, 0xEA, 0xED, + 0xCB, 0x91, 0xC4, 0x05, 0xE3, 0xEC, 0x6B, 0xBE, 0x11, 0xBF, + 0xD9, 0x9A, 0xAB, 0x93, 0x17, 0x9F, 0xE4, 0x9A, 0x59, 0xD4, + 0xE7, 0xCC, 0xCE, 0xDC, 0x83, 0x10, 0xF5, 0xCD, 0xDE, 0xD7, + 0x35, 0x75, 0x4B, 0xAA, 0x7A, 0x7A, 0xBA, 0x02, 0xA0, 0xB0, + 0xB5, 0xC1, 0x8A, 0x6B, 0xB1, 0x72, 0xCF, 0x64, 0x59, 0x4E, + 0xD3, 0xA4, 0xA1, 0x6C, 0x64, 0x4B, 0x14, 0xCF, 0xA3, 0xD6, + 0x37, 0x0A, 0xE6, 0xF9, 0x5B, 0x21, 0xBE, 0xDE, 0x0C, 0xC1, + 0xCF, 0x43, 0xE1, 0x18, 0x0B, 0x19, 0x13, 0x6B, 0x8E, 0x3D, + 0xDF, 0x0F, 0xA7, 0x43, 0xFB, 0x35, 0x67, 0x4A, 0x50, 0xE8, + 0x09, 0x46, 0x34, 0xBD, 0xF4, 0xAB, 0x1A, 0x8F, 0xBD, 0x4D, + 0x1C, 0x6B, 0x20, 0xBE, 0x1C, 0x8C, 0xCA, 0x66, 0x98, 0xBA, + 0x03, 0x67, 0xF2, 0x1C, 0x3C, 0x1E, 0x01, 0xF0, 0x4D, 0xC6, + 0x85, 0x82, 0x6F, 0xA9, 0x49, 0xF7, 0x1B, 0x7D, 0x6B, 0xDB, + 0x76, 0x84, 0x73, 0xBB, 0x16, 0xC5, 0x6E, 0x74, 0xAB, 0x7B, + 0xFB, 0x1C, 0xE9, 0x91, 0xBB, 0x29, 0x73, 0x1C, 0xDE, 0x27, + 0xB4, 0x67, 0x3B, 0x10, 0x51, 0xF4, 0x17, 0xEB, 0xB8, 0x38, + 0xA0, 0x9A, 0xEB, 0x37, 0x5B, 0x76, 0x8F, 0x39, 0x12, 0x39, + 0x35, 0xD1, 0xCA, 0xFE, 0xC0, 0x26, 0xFB, 0x73, 0x50, 0x1E, + 0x2D, 0xB9, 0xD2, 0xBA, 0xE5, 0x4C, 0x35, 0xBD, 0xED, 0x7B + }; static const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048); @@ -2543,10 +2592,10 @@ static const int sizeof_client_keypub_der_3072 = sizeof(client_keypub_der_3072); /* ./certs/3072/client-cert.der, 3072-bit */ static const unsigned char client_cert_der_3072[] = { - 0x30, 0x82, 0x05, 0xF8, 0x30, 0x82, 0x04, 0x60, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x14, 0x2F, 0x06, 0x07, 0xA8, 0xB6, - 0xF4, 0xEE, 0x10, 0x91, 0x43, 0xDE, 0xE1, 0x46, 0x99, 0xC4, - 0x90, 0x79, 0xE6, 0xF1, 0xD1, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x30, 0x82, 0x06, 0x1D, 0x30, 0x82, 0x04, 0x85, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x53, 0x82, 0x30, 0x49, 0xE8, + 0xBE, 0x64, 0x59, 0x2E, 0x35, 0x41, 0xAC, 0x31, 0x0D, 0x4D, + 0x25, 0x21, 0x54, 0x90, 0xA4, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, @@ -2564,10 +2613,10 @@ static const unsigned char client_cert_der_3072[] = 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x31, 0x32, - 0x32, 0x30, 0x35, 0x35, 0x31, 0x34, 0x38, 0x5A, 0x17, 0x0D, - 0x32, 0x32, 0x31, 0x30, 0x31, 0x38, 0x30, 0x35, 0x35, 0x31, - 0x34, 0x38, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, + 0x39, 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, + 0x32, 0x33, 0x30, 0x33, 0x31, 0x36, 0x31, 0x33, 0x32, 0x33, + 0x34, 0x31, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, @@ -2625,8 +2674,8 @@ static const unsigned char client_cert_der_3072[] = 0x08, 0x49, 0xDE, 0xEA, 0x13, 0x58, 0x72, 0xA0, 0xAA, 0x3A, 0xF9, 0x36, 0x03, 0x45, 0x57, 0x5E, 0x87, 0xD2, 0x73, 0x65, 0xC4, 0x8C, 0xA3, 0xEE, 0xC9, 0xD6, 0x73, 0x7C, 0x96, 0x41, - 0x93, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x2A, - 0x30, 0x82, 0x01, 0x26, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x93, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4F, + 0x30, 0x82, 0x01, 0x4B, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x3D, 0xD1, 0x84, 0xC2, 0xAF, 0xB0, 0x20, 0x49, 0xBC, 0x74, 0x87, 0x41, 0x38, 0xAB, 0xBA, 0xD2, 0xD4, 0x0C, 0xA3, 0xA8, 0x30, 0x81, 0xDE, 0x06, 0x03, @@ -2650,53 +2699,56 @@ static const unsigned char client_cert_der_3072[] = 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, - 0x2F, 0x06, 0x07, 0xA8, 0xB6, 0xF4, 0xEE, 0x10, 0x91, 0x43, - 0xDE, 0xE1, 0x46, 0x99, 0xC4, 0x90, 0x79, 0xE6, 0xF1, 0xD1, + 0x53, 0x82, 0x30, 0x49, 0xE8, 0xBE, 0x64, 0x59, 0x2E, 0x35, + 0x41, 0xAC, 0x31, 0x0D, 0x4D, 0x25, 0x21, 0x54, 0x90, 0xA4, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, - 0x03, 0x01, 0x01, 0xFF, 0x30, 0x16, 0x06, 0x03, 0x55, 0x1D, - 0x11, 0x04, 0x0F, 0x30, 0x0D, 0x82, 0x0B, 0x65, 0x78, 0x61, - 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x0D, - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, - 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x81, 0x00, 0x04, 0xF5, - 0xE0, 0xE5, 0x75, 0x6B, 0xCF, 0xEE, 0x19, 0xEF, 0x3C, 0xB5, - 0xB6, 0x78, 0xCE, 0xB2, 0xC3, 0xF2, 0x3E, 0x0D, 0x3F, 0xB7, - 0x6D, 0x59, 0x7D, 0xB6, 0x7E, 0x6A, 0x91, 0x0F, 0x85, 0xAC, - 0xCA, 0x56, 0x30, 0x3C, 0x3F, 0x5D, 0x30, 0x10, 0x7C, 0x5E, - 0x7F, 0x98, 0xB2, 0x9D, 0x95, 0x04, 0xE1, 0xEE, 0xC0, 0x9E, - 0x1B, 0x01, 0x39, 0xCB, 0x02, 0x05, 0xB9, 0x9B, 0x02, 0x88, - 0xEB, 0xD0, 0xAD, 0x06, 0xD5, 0x39, 0x2D, 0x24, 0xE6, 0xDC, - 0x4E, 0xCE, 0x8C, 0x36, 0x7D, 0xB6, 0x8E, 0x1D, 0xE8, 0xB7, - 0xEF, 0xFF, 0xB4, 0x17, 0xC1, 0xA5, 0xD8, 0xFA, 0x34, 0xDD, - 0x99, 0x3D, 0x30, 0x4B, 0x45, 0xA2, 0x14, 0x6A, 0x88, 0x93, - 0xCA, 0x25, 0xE2, 0x5C, 0xD5, 0xBA, 0xE8, 0x9D, 0xEF, 0xD7, - 0x68, 0x76, 0x05, 0x92, 0x48, 0x19, 0x92, 0x11, 0x79, 0xC2, - 0xFE, 0x11, 0x49, 0x4D, 0xD6, 0xD1, 0x8F, 0x32, 0x1C, 0x5F, - 0x3B, 0x41, 0x2C, 0x08, 0xB2, 0x72, 0x65, 0x1C, 0xE5, 0x86, - 0x02, 0x94, 0xB3, 0x9D, 0x30, 0xDA, 0x59, 0x42, 0xA1, 0xB0, - 0x1E, 0x00, 0x92, 0x93, 0x6E, 0x0D, 0x27, 0xCF, 0xDF, 0xD8, - 0xCF, 0x2B, 0xCD, 0xCB, 0x8C, 0xFF, 0xB5, 0x6F, 0x83, 0x92, - 0x27, 0x00, 0x58, 0x59, 0xA2, 0x0B, 0x91, 0xB0, 0x39, 0xCA, - 0xA8, 0x78, 0xFD, 0x83, 0x56, 0x4F, 0xA1, 0x6E, 0xC3, 0xE0, - 0x2B, 0xAE, 0xEF, 0x3C, 0x09, 0x04, 0xF0, 0x9B, 0x5B, 0x00, - 0xD3, 0xED, 0xB6, 0x06, 0xF6, 0x9C, 0xDA, 0xAF, 0x61, 0x68, - 0x8F, 0xE3, 0x2A, 0xC3, 0x85, 0x20, 0x66, 0x2C, 0xAC, 0xDD, - 0x65, 0x37, 0x36, 0xC2, 0x2F, 0xBA, 0xB8, 0x90, 0x66, 0x6E, - 0x9E, 0x58, 0xA2, 0x4B, 0xD6, 0xA7, 0x30, 0xC8, 0xC9, 0x6C, - 0xBD, 0x13, 0x40, 0xA0, 0xCA, 0x59, 0x7C, 0xC5, 0x86, 0x9C, - 0x55, 0xC5, 0x68, 0xC7, 0x0C, 0x7F, 0x94, 0x73, 0xA5, 0x4B, - 0xEB, 0xF1, 0x27, 0x96, 0xB5, 0xF9, 0x69, 0x6B, 0x2B, 0xB6, - 0x62, 0xD7, 0x3A, 0x0D, 0x40, 0x65, 0xF0, 0x0D, 0xDE, 0x91, - 0x77, 0xD4, 0xF6, 0xBB, 0x13, 0x7B, 0x4A, 0x55, 0x8F, 0x7E, - 0x49, 0x65, 0x89, 0x37, 0x46, 0x05, 0x2F, 0x90, 0x14, 0x73, - 0x0D, 0x2D, 0x1E, 0xA4, 0xD4, 0xBB, 0x4E, 0x6D, 0x29, 0xDA, - 0x79, 0x6E, 0x73, 0x08, 0xDE, 0x5F, 0x27, 0xDC, 0x23, 0x14, - 0xDB, 0x7B, 0xE7, 0x02, 0x13, 0x2E, 0xC7, 0x94, 0x19, 0xF3, - 0x7D, 0x2E, 0xC4, 0x8A, 0x69, 0xBA, 0xF5, 0xBA, 0x62, 0xC2, - 0x88, 0xB5, 0xCB, 0xC7, 0x92, 0xA2, 0x8A, 0xE3, 0x69, 0x10, - 0x6E, 0xC5, 0xB8, 0xB2, 0x10, 0x7E, 0xB6, 0x0C, 0x71, 0x2A, - 0xC3, 0xE9, 0x71, 0x0C, 0xA2, 0x8B, 0x9A, 0x1D, 0x2C, 0x4E, - 0x21, 0x68, 0x53, 0x51, 0x6D, 0x0C, 0xD2, 0xB4, 0x4B, 0x50, - 0x4B, 0x0A + 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, + 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, + 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, + 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x81, 0x00, 0x9E, 0xC9, 0x99, 0xB8, 0x8C, + 0xC1, 0xA2, 0xDB, 0xCB, 0x78, 0x73, 0x5A, 0x8A, 0x8D, 0x3B, + 0xF3, 0x0A, 0x2A, 0x2F, 0xEF, 0x30, 0x09, 0x18, 0x49, 0xE1, + 0xF7, 0x9F, 0x8A, 0xA2, 0x33, 0xCE, 0x7C, 0xEC, 0x88, 0xA3, + 0x3D, 0x81, 0x50, 0x76, 0x4B, 0x2C, 0x20, 0x82, 0xBC, 0x99, + 0x30, 0x82, 0x7F, 0x0E, 0x33, 0x9C, 0xC8, 0x02, 0x9B, 0x3C, + 0xDE, 0x3E, 0x65, 0x78, 0x2D, 0x6E, 0x27, 0x39, 0x4F, 0xC4, + 0x18, 0xD3, 0x96, 0x23, 0xA3, 0x2D, 0x91, 0x57, 0x90, 0x52, + 0xBD, 0x7D, 0x12, 0x3D, 0xBF, 0x7D, 0xB1, 0x35, 0x2E, 0xA6, + 0xBE, 0x26, 0x95, 0x3C, 0x04, 0x5C, 0x20, 0x6C, 0xD8, 0xE5, + 0x36, 0xB2, 0xE1, 0x7B, 0x0F, 0xA1, 0x2C, 0x1F, 0x28, 0x3C, + 0x19, 0xCB, 0xC4, 0x69, 0xBB, 0x59, 0xB4, 0x99, 0x13, 0xF2, + 0xE5, 0xF5, 0x6C, 0x23, 0xD3, 0x69, 0x3B, 0x01, 0xB7, 0x5A, + 0xA1, 0xBE, 0xF6, 0x70, 0x00, 0x6C, 0x9C, 0x2E, 0x2F, 0x22, + 0xEA, 0x4C, 0x7C, 0x72, 0xE3, 0x99, 0x21, 0xA9, 0xDD, 0xBA, + 0x8D, 0x16, 0x5C, 0x88, 0xF7, 0xC0, 0x99, 0xC2, 0x8E, 0x83, + 0x10, 0x3D, 0xEA, 0xC8, 0x11, 0x77, 0x6A, 0xE5, 0x78, 0x47, + 0x92, 0x33, 0xEC, 0xAA, 0x35, 0x8C, 0x13, 0xF0, 0x4C, 0x9D, + 0xDD, 0x35, 0x56, 0x42, 0x35, 0x36, 0xCE, 0xD8, 0x46, 0xD8, + 0xD7, 0xD4, 0x84, 0xA1, 0x17, 0xBC, 0x57, 0x09, 0xCB, 0xDA, + 0x56, 0xD2, 0x76, 0xAC, 0x6A, 0xC0, 0xB3, 0x71, 0xA3, 0x1C, + 0xD3, 0x2C, 0xEA, 0xF6, 0x4C, 0x9A, 0x4D, 0xDD, 0x3A, 0xCE, + 0x10, 0x33, 0xF0, 0x82, 0x34, 0x70, 0x71, 0x5D, 0x6F, 0x77, + 0x8F, 0xEC, 0xA2, 0x77, 0x7D, 0x1C, 0x9E, 0x7F, 0x55, 0x6B, + 0xE5, 0xD3, 0x29, 0x49, 0x3D, 0x77, 0xFD, 0x5F, 0xBB, 0xCA, + 0x7A, 0xB9, 0x80, 0xB5, 0x81, 0x69, 0xA3, 0x38, 0xA3, 0xC6, + 0x96, 0xD2, 0x21, 0x1D, 0x85, 0x08, 0x47, 0x59, 0xA9, 0xD4, + 0x92, 0x8E, 0x94, 0x3F, 0x5A, 0xA1, 0x36, 0xD7, 0x92, 0xB7, + 0x2F, 0xCE, 0xF0, 0xA8, 0x40, 0x50, 0xAE, 0x3F, 0xD0, 0x20, + 0x39, 0x86, 0xA6, 0xA1, 0x7C, 0x4F, 0x23, 0x5C, 0x9C, 0x5F, + 0xDA, 0x93, 0x75, 0xD6, 0x93, 0xB1, 0x5F, 0x30, 0x25, 0x76, + 0x6C, 0x77, 0x8F, 0xF8, 0x8E, 0x15, 0xAE, 0x66, 0x5B, 0x7D, + 0xEE, 0xD3, 0x49, 0xAE, 0xC6, 0x1C, 0xB0, 0x90, 0x96, 0x5D, + 0x36, 0x9E, 0x12, 0x4C, 0x98, 0x4A, 0xF1, 0xD1, 0x6B, 0xA4, + 0x7F, 0x76, 0xCB, 0x51, 0xF9, 0xF2, 0x52, 0x07, 0xE4, 0x60, + 0x6F, 0x67, 0x6F, 0xE3, 0xA3, 0x84, 0xC0, 0x43, 0x0D, 0xFD, + 0xF6, 0x25, 0x9E, 0x3C, 0xD3, 0x41, 0xE9, 0x44, 0xC5, 0xF7, + 0xB9, 0x11, 0x3B, 0x0F, 0xDC, 0x9C, 0xE3, 0xDD, 0xF2, 0xAC, + 0x06, 0xB3, 0x20, 0x14, 0x2D, 0x6C, 0xDB, 0x8E, 0x78 }; static const int sizeof_client_cert_der_3072 = sizeof(client_cert_der_3072); @@ -3010,10 +3062,10 @@ static const int sizeof_client_keypub_der_4096 = sizeof(client_keypub_der_4096); /* ./certs/4096/client-cert.der, 4096-bit */ static const unsigned char client_cert_der_4096[] = { - 0x30, 0x82, 0x06, 0xE0, 0x30, 0x82, 0x04, 0xC8, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x14, 0x2F, 0x0F, 0xAB, 0x23, 0xBC, - 0xA3, 0x14, 0x07, 0x91, 0x06, 0x55, 0x35, 0x01, 0x63, 0x7F, - 0x42, 0xBD, 0xFB, 0xF2, 0x43, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x30, 0x82, 0x07, 0x1D, 0x30, 0x82, 0x05, 0x05, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x36, 0x8A, 0xA6, 0x8A, 0x3D, + 0x0A, 0x72, 0xFF, 0xDD, 0xE4, 0x4F, 0x56, 0xBD, 0x89, 0x24, + 0x23, 0x3C, 0x0B, 0xB6, 0x40, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, @@ -3031,10 +3083,10 @@ static const unsigned char client_cert_der_4096[] = 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x39, 0x30, 0x37, 0x30, - 0x39, 0x30, 0x33, 0x30, 0x36, 0x30, 0x32, 0x5A, 0x17, 0x0D, - 0x32, 0x32, 0x30, 0x34, 0x30, 0x34, 0x30, 0x33, 0x30, 0x36, - 0x30, 0x32, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, + 0x39, 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, + 0x32, 0x33, 0x30, 0x33, 0x31, 0x36, 0x31, 0x33, 0x32, 0x33, + 0x34, 0x31, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, @@ -3105,8 +3157,8 @@ static const unsigned char client_cert_der_4096[] = 0x17, 0xB6, 0x03, 0xA9, 0x08, 0xDD, 0x9C, 0xF4, 0x14, 0xC9, 0xC9, 0x59, 0x39, 0x72, 0xD4, 0x7E, 0x02, 0x37, 0x31, 0xCD, 0x0E, 0xA7, 0x3D, 0xF8, 0xF2, 0xCF, 0x6B, 0x15, 0xAB, 0x02, - 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x12, 0x30, 0x82, - 0x01, 0x0E, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, + 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4F, 0x30, 0x82, + 0x01, 0x4B, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xFA, 0x54, 0x89, 0x67, 0xE5, 0x5F, 0xB7, 0x31, 0x40, 0xEA, 0xFD, 0xE7, 0xF6, 0xA3, 0xC6, 0x5A, 0x56, 0x16, 0xA5, 0x6E, 0x30, 0x81, 0xDE, 0x06, 0x03, 0x55, 0x1D, @@ -3129,64 +3181,70 @@ static const unsigned char client_cert_der_4096[] = 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, - 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x2F, 0x0F, - 0xAB, 0x23, 0xBC, 0xA3, 0x14, 0x07, 0x91, 0x06, 0x55, 0x35, - 0x01, 0x63, 0x7F, 0x42, 0xBD, 0xFB, 0xF2, 0x43, 0x30, 0x0C, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x36, 0x8A, + 0xA6, 0x8A, 0x3D, 0x0A, 0x72, 0xFF, 0xDD, 0xE4, 0x4F, 0x56, + 0xBD, 0x89, 0x24, 0x23, 0x3C, 0x0B, 0xB6, 0x40, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, - 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x02, - 0x01, 0x00, 0x57, 0x0D, 0x97, 0x98, 0x78, 0xBF, 0x2A, 0x31, - 0x9A, 0x39, 0x41, 0x38, 0x33, 0x46, 0xD5, 0x50, 0x47, 0xE8, - 0x19, 0x62, 0xA8, 0x36, 0x1E, 0xB7, 0xFD, 0xD1, 0xBC, 0x50, - 0x5C, 0x3A, 0xEB, 0x96, 0x1A, 0x9B, 0x43, 0xB0, 0x67, 0x5D, - 0xF4, 0x51, 0x77, 0x87, 0x33, 0x0B, 0x90, 0x6F, 0xE8, 0xD3, - 0x82, 0x4D, 0x1A, 0xAA, 0x93, 0x5F, 0x7D, 0x78, 0xB1, 0xE0, - 0x7B, 0xEE, 0x88, 0x01, 0xE7, 0xB3, 0xFA, 0x7E, 0x0B, 0x76, - 0x9C, 0x9E, 0x81, 0x36, 0xE4, 0xA3, 0xC1, 0x41, 0x62, 0xA4, - 0x0A, 0x7E, 0x24, 0xD0, 0xAB, 0x9F, 0xBA, 0xD8, 0x1E, 0x38, - 0xAD, 0xF1, 0x12, 0x52, 0x0D, 0xF2, 0x96, 0x8A, 0x0B, 0x25, - 0xA2, 0x49, 0x3F, 0x88, 0x5B, 0xEA, 0x23, 0x87, 0x26, 0x22, - 0x7A, 0xB9, 0x60, 0x6B, 0xD6, 0x7A, 0x88, 0x37, 0xAC, 0x64, - 0x9B, 0x18, 0x51, 0x07, 0xEA, 0xDF, 0x00, 0x96, 0x70, 0x95, - 0x88, 0x9D, 0x8F, 0xAF, 0xBE, 0x3C, 0x4E, 0xC7, 0x5E, 0x55, - 0x15, 0x3D, 0x1F, 0xE4, 0x2D, 0xDC, 0xC9, 0xA3, 0xAE, 0xAF, - 0xFA, 0x44, 0xA8, 0xE2, 0xF4, 0xDF, 0x8E, 0xCD, 0xF9, 0x10, - 0x7F, 0x8B, 0x86, 0xCC, 0x6D, 0x45, 0x91, 0x91, 0x4F, 0xE3, - 0xD0, 0xA7, 0xD2, 0xD9, 0x8E, 0x09, 0xC6, 0xF8, 0xEB, 0xE7, - 0xBD, 0x17, 0x19, 0xD6, 0xE7, 0x1A, 0xB8, 0xCA, 0x4D, 0xEC, - 0x34, 0x07, 0x7D, 0x2D, 0xE8, 0x23, 0x9D, 0x82, 0xE9, 0xF7, - 0x47, 0x03, 0xAB, 0x5F, 0x7C, 0xF5, 0x41, 0x6F, 0x70, 0x11, - 0xCB, 0x24, 0xD8, 0x23, 0xC2, 0x65, 0x31, 0xB7, 0x0B, 0x8F, - 0x0A, 0x26, 0x5B, 0x0F, 0xF6, 0x9B, 0x11, 0x7F, 0x9A, 0x8D, - 0x94, 0x6D, 0x5A, 0x9C, 0x5E, 0x73, 0x35, 0x15, 0x7B, 0xE3, - 0x09, 0xE8, 0x08, 0xD0, 0x3F, 0xB4, 0xE5, 0x29, 0x2C, 0xF6, - 0x3E, 0x71, 0x6E, 0xF4, 0x1B, 0x20, 0x55, 0x34, 0x40, 0x2F, - 0xB0, 0x9B, 0xDD, 0xF1, 0xDC, 0xBF, 0x17, 0x1D, 0xA7, 0x2D, - 0x85, 0x01, 0xD6, 0xD2, 0xB2, 0x56, 0x56, 0x98, 0x33, 0x85, - 0xED, 0xF6, 0xA3, 0xF6, 0x3E, 0x7B, 0xF4, 0x03, 0xA4, 0x58, - 0x8E, 0xC5, 0x5B, 0xAB, 0x66, 0xE8, 0x0F, 0x34, 0x17, 0x2D, - 0x33, 0x36, 0x71, 0x0C, 0xB8, 0xD9, 0x78, 0xE7, 0x06, 0xFC, - 0xDA, 0x4F, 0xA1, 0xFA, 0xDB, 0x74, 0xCE, 0xEA, 0x85, 0x27, - 0xF9, 0x75, 0xA9, 0xAD, 0x50, 0x86, 0x6E, 0xEA, 0x01, 0x01, - 0x19, 0x0D, 0x28, 0x4A, 0xED, 0x06, 0xBE, 0x65, 0x70, 0xB2, - 0x06, 0x46, 0x2E, 0x16, 0x57, 0xDF, 0x55, 0xC7, 0x8E, 0xCD, - 0x5B, 0xAD, 0x66, 0x28, 0xB8, 0x74, 0x87, 0xBF, 0xC4, 0xC7, - 0x08, 0x3F, 0x37, 0xA3, 0x23, 0x84, 0x9F, 0x4E, 0xE8, 0x48, - 0x6C, 0x8D, 0x54, 0x9F, 0xFB, 0xE0, 0xFB, 0x53, 0xA3, 0x41, - 0xE1, 0x68, 0x8A, 0x94, 0xC9, 0xF5, 0xEE, 0x3E, 0x15, 0x46, - 0xD2, 0x62, 0x33, 0x86, 0x86, 0x06, 0x34, 0xB4, 0xE4, 0x2F, - 0xDA, 0x28, 0x2E, 0x2F, 0xC0, 0xBD, 0x75, 0xE8, 0x2C, 0x3F, - 0xE2, 0xA5, 0x43, 0x7D, 0x02, 0xEB, 0x25, 0xB9, 0xEF, 0x87, - 0x8A, 0xD7, 0x57, 0x61, 0x16, 0xE8, 0x9E, 0x83, 0x65, 0xF9, - 0x10, 0xF4, 0x5E, 0x5F, 0x1C, 0x7A, 0x25, 0xD6, 0x47, 0xBD, - 0x29, 0xC5, 0x4F, 0x8B, 0xB9, 0x6A, 0x48, 0x7A, 0x9B, 0x1E, - 0x6D, 0x77, 0x8E, 0x72, 0x6C, 0x0C, 0x07, 0xFE, 0x4C, 0xC5, - 0xCF, 0x55, 0x0E, 0xCB, 0x4B, 0xAD, 0x16, 0xE1, 0xE2, 0x54, - 0xB8, 0x9D, 0x34, 0x03, 0xD1, 0x8D, 0xB7, 0x37, 0x9B, 0xE3, - 0x5A, 0x32, 0x60, 0x03, 0x7F, 0x61, 0x0F, 0x50, 0x0B, 0x72, - 0x54, 0x8B, 0x0D, 0xC7, 0x97, 0x7E, 0xBB, 0x9B, 0xB2, 0xF7, - 0x73, 0x47, 0x71, 0x7B, 0x78, 0x65, 0x36, 0xDF, 0x57, 0x72, - 0x9E, 0x42, 0x9C, 0x8A + 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, + 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, + 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, + 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, + 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, + 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, + 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, + 0x02, 0x01, 0x00, 0x64, 0xD8, 0x59, 0x19, 0xC0, 0xB5, 0x79, + 0x9E, 0x58, 0x63, 0xAE, 0x8B, 0x28, 0x64, 0x81, 0xD9, 0xD2, + 0xCD, 0xE8, 0x26, 0x1F, 0x04, 0x09, 0x7B, 0x52, 0x0A, 0x7A, + 0x16, 0x70, 0xEE, 0x37, 0x8A, 0x6D, 0x7C, 0x74, 0x67, 0x51, + 0x2F, 0xCF, 0x97, 0xA1, 0xD6, 0x54, 0xA2, 0xA3, 0x93, 0xDD, + 0x2B, 0x63, 0x5E, 0x9F, 0x13, 0x56, 0x7F, 0x8C, 0xE5, 0x9B, + 0x49, 0x19, 0x78, 0xDB, 0x3D, 0x75, 0xFE, 0xB7, 0xB8, 0x57, + 0x92, 0x58, 0xFF, 0x84, 0x8B, 0xD1, 0x2F, 0xF4, 0xB0, 0x22, + 0xD2, 0xF9, 0xBB, 0x00, 0xDD, 0x3B, 0xD2, 0x7A, 0xB9, 0xD9, + 0x50, 0xE5, 0x90, 0x70, 0x2D, 0x77, 0xF2, 0x74, 0xC2, 0x40, + 0x2F, 0x39, 0x25, 0x5D, 0x8E, 0xDE, 0x11, 0xE1, 0xCF, 0xA7, + 0x8F, 0x8E, 0xBD, 0x2A, 0xAA, 0x2E, 0xA1, 0x14, 0x3D, 0x06, + 0x70, 0xC7, 0xC9, 0x58, 0x86, 0x9E, 0x4C, 0x86, 0x65, 0x9E, + 0x69, 0x62, 0x3E, 0x30, 0x22, 0xEB, 0xD5, 0x00, 0xD1, 0x1E, + 0x8C, 0xBA, 0xF2, 0x7B, 0xA3, 0x39, 0x77, 0xFE, 0x90, 0x42, + 0xB7, 0xA4, 0x98, 0x28, 0xD7, 0x82, 0x4A, 0x54, 0x1B, 0x27, + 0xC9, 0xCF, 0x09, 0xB5, 0x60, 0xB6, 0x09, 0x37, 0x40, 0xE9, + 0xA5, 0xCD, 0x3E, 0x80, 0x84, 0xC4, 0xC4, 0xB6, 0x63, 0x06, + 0xEA, 0x5C, 0x63, 0xF2, 0x2B, 0xEE, 0x00, 0x31, 0x52, 0xD8, + 0x6C, 0xCD, 0x6A, 0xD2, 0x57, 0xA0, 0x6B, 0xD5, 0xA7, 0x6E, + 0x4C, 0xCE, 0x3B, 0xFF, 0x44, 0x7D, 0x99, 0xA5, 0xE3, 0xFB, + 0x23, 0x91, 0x99, 0x8C, 0x19, 0xCE, 0x1F, 0xC1, 0xA1, 0x89, + 0xE3, 0xBC, 0xE8, 0x74, 0x2C, 0x3D, 0x80, 0xBC, 0x0C, 0x6C, + 0x6A, 0x39, 0xA6, 0x50, 0x4C, 0xD1, 0x25, 0x1E, 0xA6, 0x96, + 0xF4, 0x54, 0xFD, 0x2A, 0xCE, 0x3C, 0x59, 0xAA, 0x1C, 0x05, + 0xDF, 0xDF, 0x10, 0x9A, 0x2B, 0x52, 0x9C, 0xF1, 0xA8, 0x19, + 0xAC, 0x56, 0x03, 0x56, 0x1F, 0xC9, 0xA5, 0xE4, 0xAA, 0xBC, + 0xE2, 0x90, 0xC1, 0xC9, 0xAD, 0xF5, 0x94, 0x1B, 0x72, 0xA7, + 0xC9, 0x9E, 0x90, 0x26, 0x2E, 0x70, 0x48, 0x41, 0xB5, 0x2F, + 0x6C, 0x35, 0xCA, 0x30, 0xE3, 0xCA, 0x71, 0x5B, 0x97, 0x96, + 0x15, 0x6F, 0xB5, 0x4D, 0x43, 0xD1, 0x5A, 0x02, 0xD0, 0x21, + 0x48, 0xEE, 0x2B, 0xC7, 0x8D, 0xE1, 0x60, 0x92, 0x86, 0x8C, + 0x5E, 0x8D, 0x9C, 0xA1, 0x6A, 0x99, 0xC0, 0xD0, 0x3D, 0x3A, + 0x8C, 0x7E, 0xC3, 0x87, 0xB2, 0x81, 0x8B, 0xE9, 0xBD, 0xB0, + 0xD3, 0xF3, 0x6F, 0xF2, 0x89, 0x40, 0xB9, 0xD1, 0x5C, 0xD0, + 0x1C, 0x9D, 0xBF, 0x80, 0xFC, 0x75, 0x0A, 0x66, 0xC6, 0x5A, + 0xD1, 0x41, 0x15, 0x31, 0x07, 0x55, 0xF8, 0x00, 0x96, 0x77, + 0xB4, 0xA7, 0xDC, 0xD7, 0x62, 0x15, 0xED, 0x75, 0x7A, 0x3E, + 0xCD, 0xB9, 0xE0, 0x56, 0x7D, 0x38, 0x4C, 0x2E, 0xEC, 0xEF, + 0x00, 0x70, 0x93, 0x12, 0x0D, 0x25, 0x5A, 0xE7, 0xF8, 0x02, + 0x37, 0xE8, 0xDD, 0xBB, 0x7E, 0x61, 0x9F, 0xB2, 0xA8, 0x70, + 0xDA, 0x7F, 0x94, 0x7B, 0x29, 0xE0, 0xA4, 0x58, 0x01, 0x8D, + 0x43, 0xF1, 0x25, 0x16, 0x59, 0xFE, 0xD5, 0x21, 0x42, 0xEE, + 0xAB, 0xA8, 0x03, 0x3E, 0xEE, 0x1F, 0x74, 0x1C, 0x43, 0x2D, + 0x37, 0x0F, 0x05, 0x14, 0x29, 0x0D, 0xAC, 0xE8, 0xC7, 0x72, + 0x0E, 0x10, 0xB5, 0x9E, 0xF8, 0x80, 0x41, 0xD0, 0xA2, 0xAA, + 0x6C, 0x94, 0x26, 0x49, 0x91, 0xC7, 0x2C, 0x30, 0x04, 0x2A, + 0x91, 0xF0, 0xE6, 0x7F, 0x76, 0x71, 0x80, 0x09, 0x07, 0x00, + 0x98, 0xB7, 0xF1, 0x1F, 0x3C, 0x0C, 0xDB, 0x98, 0x0A, 0x22, + 0xCC, 0xAF, 0x6F, 0xE5, 0xC7, 0x0D, 0x26, 0xA1, 0x65, 0xB3, + 0x5D, 0x37, 0x04, 0xDE, 0xF4, 0x61, 0x91, 0x06, 0x06, 0xA4, + 0x9A, 0x65, 0x51, 0x8B, 0x3E }; static const int sizeof_client_cert_der_4096 = sizeof(client_cert_der_4096); @@ -3291,85 +3349,93 @@ static const int sizeof_ecc_clikeypub_der_256 = sizeof(ecc_clikeypub_der_256); /* ./certs/client-ecc-cert.der, ECC */ static const unsigned char cliecc_cert_der_256[] = { - 0x30, 0x82, 0x03, 0x08, 0x30, 0x82, 0x02, 0xAF, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x93, 0xBF, 0x6A, 0xDE, - 0x9B, 0x41, 0x9D, 0xAD, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, - 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8D, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, - 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, - 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, - 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, - 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, - 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, - 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, - 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, - 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x30, 0x82, 0x03, 0x5F, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, + 0x68, 0x6C, 0xA4, 0x79, 0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, + 0x03, 0xBE, 0x32, 0xAA, 0x2C, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8D, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, + 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, + 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, + 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, + 0x73, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, + 0x39, 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, + 0x32, 0x33, 0x30, 0x33, 0x31, 0x36, 0x31, 0x33, 0x32, 0x33, + 0x34, 0x31, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, + 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, + 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, + 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, + 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, + 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, + 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, + 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4, 0x0F, 0x44, 0x50, + 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D, 0xF5, 0x70, + 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C, + 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, + 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, + 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, + 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, 0xB4, 0xA3, 0x82, + 0x01, 0x3E, 0x30, 0x82, 0x01, 0x3A, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B, + 0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, + 0x89, 0x41, 0x88, 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xCD, + 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xC5, 0x30, 0x81, + 0xC2, 0x80, 0x14, 0xEB, 0xD4, 0x4B, 0x59, 0x6B, 0x95, 0x61, + 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41, 0x88, 0x44, + 0x5C, 0xAB, 0xF2, 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30, + 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, + 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, + 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, + 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, + 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, + 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, - 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, - 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, - 0x30, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, - 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, - 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, - 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, - 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, - 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, - 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, - 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, - 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, - 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, - 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, - 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, - 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, - 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, - 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, - 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4, 0x0F, 0x44, 0x50, 0x9A, - 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D, 0xF5, 0x70, 0x7B, - 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C, 0xA2, - 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, - 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, - 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, - 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, 0xB4, 0xA3, 0x81, 0xF5, - 0x30, 0x81, 0xF2, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, - 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B, 0x59, 0x6B, 0x95, - 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41, 0x88, - 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xC2, 0x06, 0x03, 0x55, - 0x1D, 0x23, 0x04, 0x81, 0xBA, 0x30, 0x81, 0xB7, 0x80, 0x14, - 0xEB, 0xD4, 0x4B, 0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, - 0xB6, 0x04, 0x4D, 0x89, 0x41, 0x88, 0x44, 0x5C, 0xAB, 0xF2, - 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30, 0x81, 0x8D, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, - 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, - 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, - 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, - 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, - 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, - 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, - 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, - 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x82, 0x09, 0x00, 0x93, 0xBF, 0x6A, 0xDE, 0x9B, 0x41, 0x9D, - 0xAD, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, - 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, - 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, - 0x30, 0x44, 0x02, 0x20, 0x61, 0xBC, 0x9D, 0x4D, 0x88, 0x64, - 0x86, 0xB8, 0x71, 0xAA, 0x35, 0x59, 0x68, 0xB8, 0xEE, 0x2C, - 0xF3, 0x23, 0xB5, 0x1A, 0xB9, 0xBA, 0x41, 0x50, 0xA8, 0xC6, - 0xC3, 0x58, 0xEB, 0x58, 0xBD, 0x60, 0x02, 0x20, 0x61, 0xAA, - 0xEB, 0xB5, 0x73, 0x0D, 0x01, 0xDB, 0x69, 0x8F, 0x52, 0xF5, - 0x72, 0x6D, 0x37, 0x42, 0xB5, 0xFD, 0x94, 0xB6, 0x6E, 0xB1, - 0xC4, 0x25, 0x2E, 0x96, 0x96, 0xF3, 0x39, 0xB2, 0x5D, 0xEA - + 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, + 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, + 0x68, 0x6C, 0xA4, 0x79, 0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, + 0x03, 0xBE, 0x32, 0xAA, 0x2C, 0x30, 0x0C, 0x06, 0x03, 0x55, + 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, + 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, + 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, + 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, + 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, + 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, + 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, + 0xE4, 0xA0, 0x23, 0x26, 0x2B, 0x0B, 0x42, 0x0F, 0x97, 0x37, + 0x6D, 0xCB, 0x14, 0x23, 0xC3, 0xC3, 0xE6, 0x44, 0xCF, 0x5F, + 0x4C, 0x26, 0xA3, 0x72, 0x64, 0x7A, 0x9C, 0xCB, 0x64, 0xAB, + 0xA6, 0xBE, 0x02, 0x21, 0x00, 0xAA, 0xC5, 0xA3, 0x50, 0xF6, + 0xF1, 0xA5, 0xDB, 0x05, 0xE0, 0x75, 0xD2, 0xF7, 0xBA, 0x49, + 0x5F, 0x8F, 0x7D, 0x1C, 0x44, 0xB1, 0x6E, 0xDF, 0xC8, 0xDA, + 0x10, 0x48, 0x2D, 0x53, 0x08, 0xA8, 0xB4 }; static const int sizeof_cliecc_cert_der_256 = sizeof(cliecc_cert_der_256); @@ -3411,94 +3477,103 @@ static const int sizeof_ecc_key_pub_der_256 = sizeof(ecc_key_pub_der_256); /* ./certs/server-ecc-comp.der, ECC */ static const unsigned char serv_ecc_comp_der_256[] = { - 0x30, 0x82, 0x03, 0x23, 0x30, 0x82, 0x02, 0xCA, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0x80, 0x78, 0xC9, 0xB7, - 0x06, 0x5A, 0xC5, 0x83, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, - 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0xA0, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, - 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x45, - 0x6C, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, - 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, - 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x53, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x20, 0x45, 0x43, 0x43, 0x2D, 0x63, 0x6F, 0x6D, 0x70, - 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, - 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, - 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, - 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, - 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, - 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, - 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x31, - 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, - 0x5A, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, - 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, - 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, - 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, - 0x04, 0x0A, 0x0C, 0x0F, 0x45, 0x6C, 0x6C, 0x69, 0x70, 0x74, - 0x69, 0x63, 0x20, 0x2D, 0x20, 0x63, 0x6F, 0x6D, 0x70, 0x31, - 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, - 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x45, 0x43, 0x43, - 0x2D, 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, - 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, - 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, - 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, - 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x39, 0x30, 0x13, 0x06, 0x07, - 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, - 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x22, 0x00, - 0x02, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, - 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, - 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, - 0x16, 0xE8, 0x61, 0xA3, 0x82, 0x01, 0x09, 0x30, 0x82, 0x01, - 0x05, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, - 0x04, 0x14, 0x8C, 0x38, 0x3A, 0x6B, 0xB8, 0x24, 0xB7, 0xDF, - 0x6E, 0xF4, 0x59, 0xAC, 0x56, 0x4E, 0xAA, 0xE2, 0x58, 0xA6, - 0x5A, 0x18, 0x30, 0x81, 0xD5, 0x06, 0x03, 0x55, 0x1D, 0x23, - 0x04, 0x81, 0xCD, 0x30, 0x81, 0xCA, 0x80, 0x14, 0x8C, 0x38, - 0x3A, 0x6B, 0xB8, 0x24, 0xB7, 0xDF, 0x6E, 0xF4, 0x59, 0xAC, - 0x56, 0x4E, 0xAA, 0xE2, 0x58, 0xA6, 0x5A, 0x18, 0xA1, 0x81, - 0xA6, 0xA4, 0x81, 0xA3, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, - 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, - 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, - 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, - 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x45, 0x6C, 0x6C, - 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, 0x63, 0x6F, - 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, - 0x0B, 0x0C, 0x0F, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, - 0x45, 0x43, 0x43, 0x2D, 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, - 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, - 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, - 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0x80, 0x78, 0xC9, 0xB7, 0x06, 0x5A, 0xC5, 0x83, 0x30, 0x0C, - 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xFF, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, - 0x3D, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, - 0x20, 0x31, 0x44, 0xD0, 0x4E, 0xD7, 0xC4, 0xB4, 0x96, 0xA3, - 0xE6, 0x25, 0xFD, 0xFA, 0xD6, 0x28, 0xA8, 0x67, 0x51, 0x72, - 0x90, 0x95, 0x31, 0xF9, 0xCD, 0x10, 0xBF, 0x11, 0xE4, 0xEC, - 0xB7, 0x42, 0x5B, 0x02, 0x20, 0x45, 0xDB, 0x45, 0x0A, 0x24, - 0x58, 0x8E, 0x2E, 0xE6, 0xEA, 0x0C, 0x6C, 0xBC, 0x72, 0x4F, - 0x0A, 0x1B, 0xF3, 0x2D, 0x97, 0xE9, 0xC2, 0x19, 0xF9, 0x97, - 0x3A, 0x60, 0xDD, 0x08, 0xD3, 0x52, 0x3E + 0x30, 0x82, 0x03, 0x77, 0x30, 0x82, 0x03, 0x1D, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x2C, 0x04, 0x53, 0x2F, 0xC3, + 0x1B, 0x46, 0x1C, 0xFC, 0xB7, 0x48, 0x3C, 0x25, 0xED, 0xD8, + 0xDE, 0x07, 0x8F, 0xE0, 0xAA, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0xA0, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, + 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, + 0x45, 0x6C, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, + 0x20, 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0F, 0x53, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x20, 0x45, 0x43, 0x43, 0x2D, 0x63, 0x6F, 0x6D, + 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, 0x39, + 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, 0x32, + 0x33, 0x30, 0x33, 0x31, 0x36, 0x31, 0x33, 0x32, 0x33, 0x34, + 0x31, 0x5A, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, + 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, + 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x45, 0x6C, 0x6C, 0x69, 0x70, + 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, 0x63, 0x6F, 0x6D, 0x70, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, + 0x0F, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x45, 0x43, + 0x43, 0x2D, 0x63, 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, + 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, + 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x39, 0x30, 0x13, 0x06, + 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, + 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x22, + 0x00, 0x02, 0xBB, 0x33, 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, + 0x4A, 0xA5, 0x04, 0xC3, 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, + 0x2D, 0xCE, 0x94, 0xEA, 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, + 0x2C, 0x16, 0xE8, 0x61, 0xA3, 0x82, 0x01, 0x51, 0x30, 0x82, + 0x01, 0x4D, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, + 0x16, 0x04, 0x14, 0x8C, 0x38, 0x3A, 0x6B, 0xB8, 0x24, 0xB7, + 0xDF, 0x6E, 0xF4, 0x59, 0xAC, 0x56, 0x4E, 0xAA, 0xE2, 0x58, + 0xA6, 0x5A, 0x18, 0x30, 0x81, 0xE0, 0x06, 0x03, 0x55, 0x1D, + 0x23, 0x04, 0x81, 0xD8, 0x30, 0x81, 0xD5, 0x80, 0x14, 0x8C, + 0x38, 0x3A, 0x6B, 0xB8, 0x24, 0xB7, 0xDF, 0x6E, 0xF4, 0x59, + 0xAC, 0x56, 0x4E, 0xAA, 0xE2, 0x58, 0xA6, 0x5A, 0x18, 0xA1, + 0x81, 0xA6, 0xA4, 0x81, 0xA3, 0x30, 0x81, 0xA0, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, + 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, + 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0F, 0x45, 0x6C, + 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x20, 0x2D, 0x20, 0x63, + 0x6F, 0x6D, 0x70, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x0B, 0x0C, 0x0F, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x20, 0x45, 0x43, 0x43, 0x2D, 0x63, 0x6F, 0x6D, 0x70, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, + 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, + 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, + 0x2C, 0x04, 0x53, 0x2F, 0xC3, 0x1B, 0x46, 0x1C, 0xFC, 0xB7, + 0x48, 0x3C, 0x25, 0xED, 0xD8, 0xDE, 0x07, 0x8F, 0xE0, 0xAA, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, + 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, + 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, + 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, + 0x30, 0x45, 0x02, 0x21, 0x00, 0xF4, 0xCC, 0x35, 0x1B, 0x98, + 0x49, 0xE9, 0xB2, 0xA5, 0x86, 0xDF, 0x32, 0xBB, 0xB4, 0x12, + 0x64, 0xAC, 0xA1, 0xDD, 0xCF, 0x09, 0x87, 0x48, 0x6A, 0x1D, + 0xA0, 0x44, 0x25, 0x12, 0x2A, 0xB6, 0x62, 0x02, 0x20, 0x2D, + 0x89, 0xDE, 0xEC, 0x20, 0x13, 0xAD, 0x22, 0x8E, 0xD1, 0xFF, + 0xF2, 0x96, 0x1D, 0xFB, 0xF5, 0xCD, 0xFD, 0x70, 0xEE, 0xAD, + 0x9B, 0x0E, 0x46, 0x1D, 0x60, 0x48, 0x23, 0xED, 0x1E, 0xCF, + 0x8C }; static const int sizeof_serv_ecc_comp_der_256 = sizeof(serv_ecc_comp_der_256); /* ./certs/server-ecc-rsa.der, ECC */ static const unsigned char serv_ecc_rsa_der_256[] = { - 0x30, 0x82, 0x03, 0xE0, 0x30, 0x82, 0x02, 0xC8, 0xA0, 0x03, + 0x30, 0x82, 0x04, 0x2A, 0x30, 0x82, 0x03, 0x12, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, @@ -3516,10 +3591,10 @@ static const unsigned char serv_ecc_rsa_der_256[] = 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, - 0x31, 0x33, 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, - 0x0D, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, - 0x33, 0x31, 0x30, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, + 0x31, 0x39, 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x17, + 0x0D, 0x32, 0x33, 0x30, 0x33, 0x31, 0x36, 0x31, 0x33, 0x32, + 0x33, 0x34, 0x31, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, @@ -3544,152 +3619,142 @@ static const unsigned char serv_ecc_rsa_der_256[] = 0x16, 0xE8, 0x61, 0x02, 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, - 0x0B, 0x80, 0x34, 0x89, 0xD8, 0xA3, 0x81, 0xFC, 0x30, 0x81, - 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, - 0x04, 0x14, 0x5D, 0x5D, 0x26, 0xEF, 0xAC, 0x7E, 0x36, 0xF9, - 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23, 0xEF, 0xB2, - 0x89, 0x30, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, 0x1D, 0x23, - 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, 0x27, 0x8E, - 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, 0x33, 0x63, - 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, 0xA1, 0x81, - 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, - 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, - 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, - 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, - 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, - 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, - 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, - 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, - 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, - 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0x86, 0xFF, - 0xF5, 0x8E, 0x10, 0xDE, 0xB8, 0xFB, 0x30, 0x0C, 0x06, 0x03, - 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, - 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0x0C, 0xBB, 0x67, 0xBD, 0xFC, 0xCD, 0x53, 0x6C, 0xFB, 0x4E, - 0x58, 0xC8, 0xEA, 0x52, 0x92, 0xEB, 0xE4, 0xC8, 0xBC, 0x57, - 0x0F, 0x08, 0x20, 0xC8, 0x83, 0xB0, 0xD5, 0xEA, 0x57, 0x27, - 0xBD, 0x68, 0x91, 0xFB, 0x99, 0x84, 0x8D, 0x15, 0x9E, 0x4F, - 0x8F, 0xC4, 0xCB, 0x34, 0x61, 0xC0, 0x59, 0x12, 0x9B, 0xC8, - 0x82, 0x17, 0x38, 0x4F, 0x9E, 0x53, 0x08, 0xA3, 0x69, 0x2E, - 0x2F, 0xC0, 0xB4, 0x2F, 0xA2, 0x4E, 0x10, 0x64, 0xB0, 0x07, - 0xA1, 0x51, 0x08, 0x1D, 0x91, 0x53, 0xA2, 0x79, 0x55, 0x20, - 0x41, 0x65, 0x35, 0x3E, 0x0B, 0x38, 0x01, 0x57, 0x02, 0x8C, - 0x25, 0xE7, 0xAB, 0x4F, 0x8B, 0x59, 0xF0, 0xED, 0x8E, 0x4A, - 0x15, 0x0B, 0x32, 0xFB, 0x7A, 0x8B, 0x02, 0xEA, 0x9D, 0xE1, - 0xAB, 0xC4, 0x07, 0xCC, 0xDA, 0x0F, 0xA3, 0x16, 0xDB, 0x8E, - 0x5B, 0xBC, 0x96, 0xAB, 0x10, 0xB8, 0xDE, 0x09, 0x8B, 0xF7, - 0xCB, 0xA7, 0x78, 0x66, 0x17, 0xE3, 0x25, 0x6E, 0x57, 0x9D, - 0x13, 0x61, 0x7B, 0x55, 0x1A, 0xDF, 0x8F, 0x39, 0x15, 0x4E, - 0x42, 0x22, 0x00, 0x85, 0xC4, 0x51, 0x0B, 0x6B, 0xA6, 0x67, - 0xC0, 0xFB, 0xEA, 0x22, 0x77, 0x7D, 0x48, 0x76, 0xAB, 0x39, - 0x20, 0x09, 0xD5, 0x52, 0x89, 0x3E, 0x6B, 0x30, 0x7B, 0x50, - 0x18, 0xE8, 0x62, 0x05, 0xBE, 0xBB, 0x7F, 0x16, 0x77, 0x9C, - 0xBB, 0x5A, 0x22, 0x96, 0x99, 0xB0, 0x96, 0x83, 0xB7, 0x43, - 0x31, 0x97, 0xCF, 0xFD, 0x85, 0x52, 0xD8, 0x52, 0xC8, 0x67, - 0x5C, 0xF8, 0x22, 0x72, 0x35, 0x93, 0x92, 0x6C, 0xEC, 0x3C, - 0x6A, 0xC6, 0x81, 0x20, 0xA5, 0xCD, 0x50, 0xF9, 0x21, 0x7A, - 0xA6, 0x7A, 0x1E, 0xE7, 0x59, 0x22, 0x5D, 0x8A, 0x93, 0x51, - 0x8E, 0xFB, 0x29, 0x56, 0xFB, 0xBE, 0x9B, 0x87, 0x48, 0x5F, - 0xA5, 0x72, 0xE7, 0x4E, 0xFE, 0x5E + 0x0B, 0x80, 0x34, 0x89, 0xD8, 0xA3, 0x82, 0x01, 0x45, 0x30, + 0x82, 0x01, 0x41, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, + 0x04, 0x16, 0x04, 0x14, 0x5D, 0x5D, 0x26, 0xEF, 0xAC, 0x7E, + 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23, + 0xEF, 0xB2, 0x89, 0x30, 0x30, 0x81, 0xD4, 0x06, 0x03, 0x55, + 0x1D, 0x23, 0x04, 0x81, 0xCC, 0x30, 0x81, 0xC9, 0x80, 0x14, + 0x27, 0x8E, 0x67, 0x11, 0x74, 0xC3, 0x26, 0x1D, 0x3F, 0xED, + 0x33, 0x63, 0xB3, 0xA4, 0xD8, 0x1D, 0x30, 0xE5, 0xE8, 0xD5, + 0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, + 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, + 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, + 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, + 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x5E, + 0xBA, 0xA4, 0xF4, 0xB1, 0xF7, 0x48, 0x25, 0xE3, 0x5F, 0x9B, + 0xDA, 0xA1, 0x13, 0xED, 0xD5, 0x2B, 0x03, 0x67, 0x15, 0x30, + 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, + 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, + 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, + 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, + 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, + 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0x69, 0x31, 0x1F, 0x55, 0xAB, 0xA3, + 0x11, 0x91, 0x89, 0xF5, 0xEE, 0x88, 0x8F, 0xC1, 0x53, 0x8B, + 0xF6, 0xEB, 0xFF, 0x14, 0x3B, 0x7A, 0x25, 0x37, 0xF0, 0x19, + 0x20, 0x35, 0x37, 0xF5, 0x27, 0x1E, 0xE9, 0xC1, 0xDB, 0x34, + 0xAC, 0x27, 0x0B, 0xEE, 0x29, 0x9F, 0x7E, 0x8B, 0x89, 0x7D, + 0xC8, 0x1F, 0xB4, 0xEC, 0x75, 0x92, 0xF1, 0x82, 0x4E, 0x22, + 0x02, 0x14, 0x7C, 0x7E, 0xE4, 0x65, 0x09, 0x34, 0x23, 0x0D, + 0x9A, 0x73, 0xBF, 0x86, 0x98, 0x0F, 0xEE, 0x16, 0x57, 0x21, + 0x65, 0x7E, 0x94, 0x96, 0x40, 0x85, 0xBF, 0x3F, 0x9E, 0x11, + 0xA8, 0x8F, 0x7E, 0x9B, 0x4B, 0x82, 0x29, 0xFE, 0xBB, 0x47, + 0xA8, 0x43, 0x9E, 0xDA, 0xFA, 0x4C, 0x40, 0xCF, 0xCA, 0xA6, + 0x98, 0x00, 0x07, 0xBB, 0xC3, 0x86, 0xA8, 0x3F, 0x15, 0xAE, + 0xF5, 0xF9, 0x69, 0x7E, 0x9E, 0x44, 0x2F, 0xC5, 0xA3, 0x33, + 0x1D, 0xDC, 0x04, 0x04, 0xDC, 0x6E, 0x25, 0xC6, 0x7F, 0x15, + 0x7A, 0xF0, 0x99, 0x93, 0x47, 0xF6, 0x8F, 0x41, 0x95, 0xC7, + 0x16, 0x78, 0xF4, 0x5E, 0x48, 0xA3, 0xFE, 0x38, 0x7A, 0x43, + 0xE1, 0x19, 0x40, 0x7E, 0x25, 0x09, 0x23, 0x67, 0xFE, 0x51, + 0x9C, 0xD5, 0xDE, 0xEF, 0xC3, 0x02, 0x23, 0x4F, 0x63, 0xBA, + 0xEC, 0xB8, 0x56, 0x17, 0x04, 0x07, 0x29, 0x09, 0x3E, 0xA8, + 0xF8, 0xD6, 0x76, 0x2B, 0xF7, 0x79, 0x56, 0x3D, 0x39, 0x0A, + 0xDF, 0x6F, 0xC5, 0x5A, 0x2F, 0x81, 0x1F, 0x63, 0x15, 0x36, + 0x51, 0x07, 0xE2, 0x8B, 0xCB, 0x6C, 0xCF, 0x6E, 0x92, 0xA7, + 0xCA, 0x3B, 0xF6, 0xC5, 0x66, 0x34, 0x84, 0x5A, 0x47, 0x20, + 0xE3, 0x63, 0x04, 0x5F, 0x38, 0x35, 0xA4, 0xD3, 0x3D, 0x3A, + 0xE1, 0x85, 0x85, 0x62, 0x85, 0x5B, 0x69, 0xAD, 0xAA, 0xE9, + 0x40, 0x28, 0xD7, 0xF9, 0x7C, 0x53, 0x48, 0xC0, 0x1B, 0xCC + }; static const int sizeof_serv_ecc_rsa_der_256 = sizeof(serv_ecc_rsa_der_256); /* ./certs/server-ecc.der, ECC */ static const unsigned char serv_ecc_der_256[] = { - 0x30, 0x82, 0x03, 0x50, 0x30, 0x82, 0x02, 0xF5, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x02, 0x10, 0x00, 0x30, 0x0A, 0x06, - 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, - 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, - 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, - 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, - 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, - 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, - 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, - 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, - 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, + 0x30, 0x82, 0x02, 0xA0, 0x30, 0x82, 0x02, 0x47, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x01, 0x03, 0x30, 0x0A, 0x06, 0x08, + 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, + 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, + 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, + 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, + 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, + 0x0C, 0x0B, 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D, + 0x65, 0x6E, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, + 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, + 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, + 0x31, 0x39, 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x17, + 0x0D, 0x32, 0x33, 0x30, 0x33, 0x31, 0x36, 0x31, 0x33, 0x32, + 0x33, 0x34, 0x31, 0x5A, 0x30, 0x81, 0x8F, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, + 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, + 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, + 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, + 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, 0x30, + 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, 0x43, + 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, + 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, - 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, - 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x37, 0x31, - 0x30, 0x32, 0x30, 0x31, 0x38, 0x31, 0x39, 0x30, 0x36, 0x5A, - 0x17, 0x0D, 0x32, 0x37, 0x31, 0x30, 0x31, 0x38, 0x31, 0x38, - 0x31, 0x39, 0x30, 0x36, 0x5A, 0x30, 0x81, 0x8F, 0x31, 0x0B, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, - 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, - 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, - 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, - 0x07, 0x45, 0x6C, 0x69, 0x70, 0x74, 0x69, 0x63, 0x31, 0x0C, - 0x30, 0x0A, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x03, 0x45, - 0x43, 0x43, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, - 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, - 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, - 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, - 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, - 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, - 0xAC, 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, - 0x3C, 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, - 0x2B, 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, - 0x02, 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, - 0x97, 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, - 0x02, 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, - 0x89, 0xD8, 0xA3, 0x82, 0x01, 0x35, 0x30, 0x82, 0x01, 0x31, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x02, 0x30, - 0x00, 0x30, 0x11, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, - 0xF8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x06, 0x40, - 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, - 0x14, 0x5D, 0x5D, 0x26, 0xEF, 0xAC, 0x7E, 0x36, 0xF9, 0x9B, - 0x76, 0x15, 0x2B, 0x4A, 0x25, 0x02, 0x23, 0xEF, 0xB2, 0x89, - 0x30, 0x30, 0x81, 0xCC, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, - 0x81, 0xC4, 0x30, 0x81, 0xC1, 0x80, 0x14, 0x56, 0x8E, 0x9A, - 0xC3, 0xF0, 0x42, 0xDE, 0x18, 0xB9, 0x45, 0x55, 0x6E, 0xF9, - 0x93, 0xCF, 0xEA, 0xC3, 0xF3, 0xA5, 0x21, 0xA1, 0x81, 0x9D, - 0xA4, 0x81, 0x9A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, - 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, - 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, - 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, - 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, - 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, - 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, - 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, - 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, - 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, - 0x97, 0xB4, 0xBD, 0x16, 0x78, 0xF8, 0x47, 0xF2, 0x30, 0x0E, - 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, - 0x03, 0x02, 0x03, 0xA8, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1D, - 0x25, 0x04, 0x0C, 0x30, 0x0A, 0x06, 0x08, 0x2B, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x0A, 0x06, 0x08, 0x2A, - 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, - 0x30, 0x46, 0x02, 0x21, 0x00, 0xBE, 0xB8, 0x58, 0xF0, 0xE4, - 0x15, 0x01, 0x1F, 0xDF, 0x70, 0x54, 0x73, 0x4A, 0x6C, 0x40, - 0x1F, 0x77, 0xA8, 0xB4, 0xEB, 0x52, 0x1E, 0xBF, 0xF5, 0x0D, - 0xB1, 0x33, 0xCA, 0x6A, 0xC4, 0x76, 0xB9, 0x02, 0x21, 0x00, - 0x97, 0x08, 0xDE, 0x2C, 0x28, 0xC1, 0x45, 0x71, 0xB6, 0x2C, - 0x54, 0x87, 0x98, 0x63, 0x76, 0xA8, 0x21, 0x34, 0x90, 0xA8, - 0xF7, 0x9E, 0x3F, 0xFC, 0x02, 0xB0, 0xE7, 0xD3, 0x09, 0x31, - 0x27, 0xE4 + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x33, 0xAC, + 0x4C, 0x27, 0x50, 0x4A, 0xC6, 0x4A, 0xA5, 0x04, 0xC3, 0x3C, + 0xDE, 0x9F, 0x36, 0xDB, 0x72, 0x2D, 0xCE, 0x94, 0xEA, 0x2B, + 0xFA, 0xCB, 0x20, 0x09, 0x39, 0x2C, 0x16, 0xE8, 0x61, 0x02, + 0xE9, 0xAF, 0x4D, 0xD3, 0x02, 0x93, 0x9A, 0x31, 0x5B, 0x97, + 0x92, 0x21, 0x7F, 0xF0, 0xCF, 0x18, 0xDA, 0x91, 0x11, 0x02, + 0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89, + 0xD8, 0xA3, 0x81, 0x89, 0x30, 0x81, 0x86, 0x30, 0x1D, 0x06, + 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x5D, 0x5D, + 0x26, 0xEF, 0xAC, 0x7E, 0x36, 0xF9, 0x9B, 0x76, 0x15, 0x2B, + 0x4A, 0x25, 0x02, 0x23, 0xEF, 0xB2, 0x89, 0x30, 0x30, 0x1F, + 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, + 0x14, 0x56, 0x8E, 0x9A, 0xC3, 0xF0, 0x42, 0xDE, 0x18, 0xB9, + 0x45, 0x55, 0x6E, 0xF9, 0x93, 0xCF, 0xEA, 0xC3, 0xF3, 0xA5, + 0x21, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, + 0xFF, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x03, + 0xA8, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x0C, + 0x30, 0x0A, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x03, 0x01, 0x30, 0x11, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, + 0x86, 0xF8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x06, + 0x40, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, + 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, + 0x7C, 0xFB, 0xBB, 0x4B, 0xC0, 0xF6, 0x21, 0x84, 0x04, 0x87, + 0xF8, 0x90, 0x4D, 0xC1, 0xF6, 0xC2, 0x67, 0x95, 0xC4, 0xF3, + 0xE8, 0x8E, 0x5E, 0x43, 0xDF, 0xC2, 0x74, 0xDC, 0xFD, 0x86, + 0x6F, 0x7D, 0x02, 0x20, 0x1B, 0x4C, 0x97, 0xF0, 0x93, 0x4C, + 0x61, 0x26, 0xEA, 0xA7, 0xD9, 0x93, 0x22, 0x4E, 0x21, 0x46, + 0x14, 0x9E, 0x24, 0xBF, 0xF5, 0xD5, 0xAB, 0x3B, 0xAE, 0x69, + 0x40, 0xCF, 0x6F, 0xE0, 0xD3, 0x82 }; static const int sizeof_serv_ecc_der_256 = sizeof(serv_ecc_der_256); @@ -3715,72 +3780,73 @@ static const int sizeof_ca_ecc_key_der_256 = sizeof(ca_ecc_key_der_256); /* ./certs/ca-ecc-cert.der, ECC */ static const unsigned char ca_ecc_cert_der_256[] = { - 0x30, 0x82, 0x02, 0x8B, 0x30, 0x82, 0x02, 0x30, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xFD, 0x0E, 0x29, 0x21, - 0x66, 0xCB, 0x48, 0xA3, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, - 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x97, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, - 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, - 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, - 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, - 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, - 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, - 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, - 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, - 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, - 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, - 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, - 0x30, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, - 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, - 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, - 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, - 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, - 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, - 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, - 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, 0x65, - 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, 0x30, - 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, - 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, - 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, - 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, - 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, - 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, - 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, - 0x42, 0x00, 0x04, 0x02, 0xD3, 0xD9, 0x6E, 0xD6, 0x01, 0x8E, - 0x45, 0xC8, 0xB9, 0x90, 0x31, 0xE5, 0xC0, 0x4C, 0xE3, 0x9E, - 0xAD, 0x29, 0x38, 0x98, 0xBA, 0x10, 0xD6, 0xE9, 0x09, 0x2A, - 0x80, 0xA9, 0x2E, 0x17, 0x2A, 0xB9, 0x8A, 0xBF, 0x33, 0x83, - 0x46, 0xE3, 0x95, 0x0B, 0xE4, 0x77, 0x40, 0xB5, 0x3B, 0x43, - 0x45, 0x33, 0x0F, 0x61, 0x53, 0x7C, 0x37, 0x44, 0xC1, 0xCB, - 0xFC, 0x80, 0xCA, 0xE8, 0x43, 0xEA, 0xA7, 0xA3, 0x63, 0x30, - 0x61, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, - 0x04, 0x14, 0x56, 0x8E, 0x9A, 0xC3, 0xF0, 0x42, 0xDE, 0x18, - 0xB9, 0x45, 0x55, 0x6E, 0xF9, 0x93, 0xCF, 0xEA, 0xC3, 0xF3, - 0xA5, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, - 0x18, 0x30, 0x16, 0x80, 0x14, 0x56, 0x8E, 0x9A, 0xC3, 0xF0, - 0x42, 0xDE, 0x18, 0xB9, 0x45, 0x55, 0x6E, 0xF9, 0x93, 0xCF, - 0xEA, 0xC3, 0xF3, 0xA5, 0x21, 0x30, 0x0F, 0x06, 0x03, 0x55, - 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, - 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A, - 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, - 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xF0, 0x7B, - 0xCC, 0x24, 0x73, 0x19, 0x3F, 0x61, 0x68, 0xED, 0xC8, 0x0A, - 0x54, 0x4A, 0xB8, 0xAC, 0x79, 0xEF, 0x10, 0x32, 0x91, 0x52, - 0x2C, 0x3E, 0xBF, 0x50, 0xAA, 0x5F, 0x18, 0xC1, 0x97, 0xF5, - 0x02, 0x21, 0x00, 0xD9, 0x4B, 0x63, 0x67, 0x6F, 0x9B, 0x29, - 0xA9, 0xD7, 0x6B, 0x63, 0x9B, 0x98, 0x9F, 0x32, 0x82, 0x36, - 0xDA, 0xF0, 0xA9, 0xF7, 0x51, 0xB4, 0x97, 0xAA, 0xFA, 0xFA, - 0xDD, 0xEF, 0xEF, 0x4A, 0xAE + 0x30, 0x82, 0x02, 0x94, 0x30, 0x82, 0x02, 0x3B, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x7E, 0xBD, 0xD9, 0xC1, 0xA5, + 0xB2, 0x60, 0xA4, 0xBA, 0xF4, 0x86, 0xCF, 0x13, 0xAC, 0x77, + 0x84, 0xBE, 0xAC, 0x07, 0xE7, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x97, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, + 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, + 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, + 0x0B, 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, + 0x6E, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, + 0x39, 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, + 0x32, 0x33, 0x30, 0x33, 0x31, 0x36, 0x31, 0x33, 0x32, 0x33, + 0x34, 0x31, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, + 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, + 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, + 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, + 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, + 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, + 0x03, 0x42, 0x00, 0x04, 0x02, 0xD3, 0xD9, 0x6E, 0xD6, 0x01, + 0x8E, 0x45, 0xC8, 0xB9, 0x90, 0x31, 0xE5, 0xC0, 0x4C, 0xE3, + 0x9E, 0xAD, 0x29, 0x38, 0x98, 0xBA, 0x10, 0xD6, 0xE9, 0x09, + 0x2A, 0x80, 0xA9, 0x2E, 0x17, 0x2A, 0xB9, 0x8A, 0xBF, 0x33, + 0x83, 0x46, 0xE3, 0x95, 0x0B, 0xE4, 0x77, 0x40, 0xB5, 0x3B, + 0x43, 0x45, 0x33, 0x0F, 0x61, 0x53, 0x7C, 0x37, 0x44, 0xC1, + 0xCB, 0xFC, 0x80, 0xCA, 0xE8, 0x43, 0xEA, 0xA7, 0xA3, 0x63, + 0x30, 0x61, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, + 0x16, 0x04, 0x14, 0x56, 0x8E, 0x9A, 0xC3, 0xF0, 0x42, 0xDE, + 0x18, 0xB9, 0x45, 0x55, 0x6E, 0xF9, 0x93, 0xCF, 0xEA, 0xC3, + 0xF3, 0xA5, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, + 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x56, 0x8E, 0x9A, 0xC3, + 0xF0, 0x42, 0xDE, 0x18, 0xB9, 0x45, 0x55, 0x6E, 0xF9, 0x93, + 0xCF, 0xEA, 0xC3, 0xF3, 0xA5, 0x21, 0x30, 0x0F, 0x06, 0x03, + 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, + 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, + 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, + 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, + 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x06, 0xC3, + 0x0A, 0x69, 0x01, 0x57, 0x31, 0x17, 0x09, 0x3F, 0x21, 0x95, + 0x4F, 0x3F, 0xC5, 0x20, 0xE3, 0x21, 0x86, 0x75, 0x47, 0x5E, + 0x87, 0xF7, 0x48, 0x8A, 0x1E, 0x01, 0xFA, 0xD2, 0x67, 0xC8, + 0x02, 0x20, 0x7D, 0xC8, 0xE9, 0x2D, 0x5B, 0x74, 0x28, 0x87, + 0x71, 0xDB, 0xA3, 0x0E, 0x19, 0x84, 0xCC, 0xB3, 0xA6, 0x83, + 0x35, 0x75, 0xF8, 0x05, 0xDD, 0xFC, 0x5E, 0x51, 0x2B, 0x18, + 0x98, 0xC4, 0xAC, 0x95 }; static const int sizeof_ca_ecc_cert_der_256 = sizeof(ca_ecc_cert_der_256); @@ -3810,78 +3876,79 @@ static const int sizeof_ca_ecc_key_der_384 = sizeof(ca_ecc_key_der_384); /* ./certs/ca-ecc384-cert.der, ECC */ static const unsigned char ca_ecc_cert_der_384[] = { - 0x30, 0x82, 0x02, 0xC7, 0x30, 0x82, 0x02, 0x4D, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xFC, 0x39, 0x04, 0xA4, - 0x0E, 0xA5, 0x6C, 0x87, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, - 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x30, 0x81, 0x97, 0x31, - 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, - 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, - 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, - 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, - 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, - 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, - 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, - 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, - 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, - 0x31, 0x35, 0x32, 0x33, 0x31, 0x30, 0x5A, 0x17, 0x0D, 0x32, - 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, 0x32, 0x33, 0x31, - 0x30, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, - 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, - 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, - 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, - 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, 0x30, - 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, - 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, - 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, 0x65, - 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, 0x30, - 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, - 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, - 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, - 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, - 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x76, 0x30, 0x10, - 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, - 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, - 0xEE, 0x82, 0xD4, 0x39, 0x9A, 0xB1, 0x27, 0x82, 0xF4, 0xD7, - 0xEA, 0xC6, 0xBC, 0x03, 0x1D, 0x4D, 0x83, 0x61, 0xF4, 0x03, - 0xAE, 0x7E, 0xBD, 0xD8, 0x5A, 0xA5, 0xB9, 0xF0, 0x8E, 0xA2, - 0xA5, 0xDA, 0xCE, 0x87, 0x3B, 0x5A, 0xAB, 0x44, 0x16, 0x9C, - 0xF5, 0x9F, 0x62, 0xDD, 0xF6, 0x20, 0xCD, 0x9C, 0x76, 0x3C, - 0x40, 0xB1, 0x3F, 0x97, 0x17, 0xDF, 0x59, 0xF6, 0xCD, 0xDE, - 0xCD, 0x46, 0x35, 0xC0, 0xED, 0x5E, 0x2E, 0x48, 0xB6, 0x66, - 0x91, 0x71, 0x74, 0xB7, 0x0C, 0x3F, 0xB9, 0x9A, 0xB7, 0x83, - 0xBD, 0x93, 0x3F, 0x5F, 0x50, 0x2D, 0x70, 0x3F, 0xDE, 0x35, - 0x25, 0xE1, 0x90, 0x3B, 0x86, 0xE0, 0xA3, 0x63, 0x30, 0x61, - 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, - 0x14, 0xAB, 0xE0, 0xC3, 0x26, 0x4C, 0x18, 0xD4, 0x72, 0xBB, - 0xD2, 0x84, 0x8C, 0x9C, 0x0A, 0x05, 0x92, 0x80, 0x12, 0x53, - 0x52, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, - 0x30, 0x16, 0x80, 0x14, 0xAB, 0xE0, 0xC3, 0x26, 0x4C, 0x18, - 0xD4, 0x72, 0xBB, 0xD2, 0x84, 0x8C, 0x9C, 0x0A, 0x05, 0x92, - 0x80, 0x12, 0x53, 0x52, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, - 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, - 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, - 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A, 0x06, - 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x03, - 0x68, 0x00, 0x30, 0x65, 0x02, 0x30, 0x0D, 0x0A, 0x62, 0xFB, - 0xE6, 0x3A, 0xFE, 0x71, 0xD8, 0x2B, 0x44, 0xE5, 0x97, 0x34, - 0x04, 0xA9, 0x8C, 0x0A, 0x99, 0x88, 0xA0, 0xBD, 0x1F, 0xB0, - 0xDF, 0x94, 0x59, 0x27, 0xBB, 0x2B, 0xC6, 0x2A, 0xBE, 0xA4, - 0x69, 0x1B, 0xCF, 0x97, 0x78, 0x2A, 0x28, 0x96, 0xEE, 0xBA, - 0xD4, 0x87, 0x45, 0xFD, 0x02, 0x31, 0x00, 0xC0, 0x73, 0x19, - 0x66, 0x76, 0x5E, 0x9F, 0xA3, 0x65, 0x85, 0x41, 0xEF, 0xB7, - 0x7B, 0x3D, 0x63, 0x6D, 0x98, 0x71, 0x99, 0x6F, 0x9C, 0xDB, - 0xA8, 0x5E, 0x53, 0x6E, 0xA0, 0x68, 0x11, 0x65, 0xBC, 0x78, - 0x74, 0x28, 0x69, 0xC7, 0x64, 0x9D, 0x88, 0xF2, 0xD8, 0xC2, - 0x3D, 0x29, 0x03, 0x83, 0x23 + 0x30, 0x82, 0x02, 0xD3, 0x30, 0x82, 0x02, 0x58, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x20, 0xDA, 0x85, 0x3F, 0x78, + 0xC9, 0x83, 0x3B, 0xAE, 0xAA, 0x5A, 0x67, 0x49, 0x27, 0x78, + 0xBA, 0x90, 0xDE, 0x66, 0x6E, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x30, 0x81, 0x97, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, + 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0C, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, + 0x6C, 0x65, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, + 0x0B, 0x44, 0x65, 0x76, 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, + 0x6E, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, + 0x39, 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, + 0x32, 0x33, 0x30, 0x33, 0x31, 0x36, 0x31, 0x33, 0x32, 0x33, + 0x34, 0x31, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, + 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6C, 0x65, 0x31, 0x10, + 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, + 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x44, 0x65, 0x76, + 0x65, 0x6C, 0x6F, 0x70, 0x6D, 0x65, 0x6E, 0x74, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, + 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x76, 0x30, + 0x10, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, + 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, + 0x04, 0xEE, 0x82, 0xD4, 0x39, 0x9A, 0xB1, 0x27, 0x82, 0xF4, + 0xD7, 0xEA, 0xC6, 0xBC, 0x03, 0x1D, 0x4D, 0x83, 0x61, 0xF4, + 0x03, 0xAE, 0x7E, 0xBD, 0xD8, 0x5A, 0xA5, 0xB9, 0xF0, 0x8E, + 0xA2, 0xA5, 0xDA, 0xCE, 0x87, 0x3B, 0x5A, 0xAB, 0x44, 0x16, + 0x9C, 0xF5, 0x9F, 0x62, 0xDD, 0xF6, 0x20, 0xCD, 0x9C, 0x76, + 0x3C, 0x40, 0xB1, 0x3F, 0x97, 0x17, 0xDF, 0x59, 0xF6, 0xCD, + 0xDE, 0xCD, 0x46, 0x35, 0xC0, 0xED, 0x5E, 0x2E, 0x48, 0xB6, + 0x66, 0x91, 0x71, 0x74, 0xB7, 0x0C, 0x3F, 0xB9, 0x9A, 0xB7, + 0x83, 0xBD, 0x93, 0x3F, 0x5F, 0x50, 0x2D, 0x70, 0x3F, 0xDE, + 0x35, 0x25, 0xE1, 0x90, 0x3B, 0x86, 0xE0, 0xA3, 0x63, 0x30, + 0x61, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + 0x04, 0x14, 0xAB, 0xE0, 0xC3, 0x26, 0x4C, 0x18, 0xD4, 0x72, + 0xBB, 0xD2, 0x84, 0x8C, 0x9C, 0x0A, 0x05, 0x92, 0x80, 0x12, + 0x53, 0x52, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, + 0x18, 0x30, 0x16, 0x80, 0x14, 0xAB, 0xE0, 0xC3, 0x26, 0x4C, + 0x18, 0xD4, 0x72, 0xBB, 0xD2, 0x84, 0x8C, 0x9C, 0x0A, 0x05, + 0x92, 0x80, 0x12, 0x53, 0x52, 0x30, 0x0F, 0x06, 0x03, 0x55, + 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, + 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A, + 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, + 0x03, 0x69, 0x00, 0x30, 0x66, 0x02, 0x31, 0x00, 0xD2, 0x4E, + 0x24, 0xAF, 0x70, 0x3E, 0x93, 0x0B, 0x2E, 0xD5, 0x7C, 0x71, + 0xF3, 0x61, 0x3E, 0x8E, 0x71, 0x6D, 0x2E, 0x60, 0xDE, 0xFB, + 0xEF, 0x3F, 0xBE, 0x02, 0xB6, 0x14, 0x45, 0x9B, 0x0A, 0x12, + 0xAF, 0xAF, 0x41, 0xD6, 0xBB, 0x79, 0xAB, 0xD1, 0x4E, 0x8D, + 0x9D, 0xDC, 0x98, 0x25, 0x4E, 0xAA, 0x02, 0x31, 0x00, 0xCF, + 0x2F, 0xB7, 0x32, 0x70, 0xE7, 0x85, 0x69, 0x17, 0xDF, 0x53, + 0x75, 0x2B, 0x36, 0x74, 0xD6, 0x1B, 0xA2, 0x62, 0xF9, 0x80, + 0x19, 0xC1, 0x3A, 0xEA, 0x9A, 0x05, 0x80, 0xB6, 0xC5, 0xF8, + 0xA2, 0xA2, 0xFF, 0xF6, 0x3D, 0xAA, 0x34, 0xD6, 0xE1, 0x1F, + 0xE3, 0x93, 0x66, 0xE7, 0x91, 0x4D, 0xFA }; static const int sizeof_ca_ecc_cert_der_384 = sizeof(ca_ecc_cert_der_384); diff --git a/source/libwolfssl/error-ssl.h b/source/libwolfssl/error-ssl.h index a691c093..86d4e7cd 100644 --- a/source/libwolfssl/error-ssl.h +++ b/source/libwolfssl/error-ssl.h @@ -167,6 +167,8 @@ enum wolfSSL_ErrorCodes { CLIENT_CERT_CB_ERROR = -436, /* Client cert callback error */ SSL_SHUTDOWN_ALREADY_DONE_E = -437, /* Shutdown called redundantly */ TLS13_SECRET_CB_E = -438, /* TLS1.3 secret Cb fcn failure */ + DTLS_SIZE_ERROR = -439, /* Trying to send too much data */ + NO_CERT_ERROR = -440, /* TLS1.3 - no cert set error */ /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */ diff --git a/source/libwolfssl/internal.h b/source/libwolfssl/internal.h index 58bb5482..035f3d43 100644 --- a/source/libwolfssl/internal.h +++ b/source/libwolfssl/internal.h @@ -72,6 +72,9 @@ #ifndef NO_SHA256 #include #endif +#if defined(WOLFSSL_SHA384) + #include +#endif #ifdef HAVE_OCSP #include #endif @@ -183,8 +186,10 @@ /* do nothing */ #else #ifndef SINGLE_THREADED - #define WOLFSSL_PTHREADS - #include + #ifndef WOLFSSL_USER_MUTEX + #define WOLFSSL_PTHREADS + #include + #endif #endif #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) #include /* for close of BIO */ @@ -858,11 +863,13 @@ #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \ defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \ + defined(BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) || \ defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \ defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \ defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \ defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \ + defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \ defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) || \ @@ -906,7 +913,7 @@ #define BUILD_DES3 #endif -#if defined(NO_AES) || defined(NO_AES_DECRYPT) +#if defined(NO_AES) || !defined(HAVE_AES_DECRYPT) #define AES_BLOCK_SIZE 16 #undef BUILD_AES #else @@ -1165,7 +1172,8 @@ enum { #ifndef MAX_PSK_ID_LEN /* max psk identity/hint supported */ #if defined(WOLFSSL_TLS13) - #define MAX_PSK_ID_LEN 256 + /* OpenSSL has a 1472 byte sessiont ticket */ + #define MAX_PSK_ID_LEN 1536 #else #define MAX_PSK_ID_LEN 128 #endif @@ -1207,19 +1215,6 @@ enum Misc { TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */ TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */ -#ifdef WOLFSSL_TLS13_DRAFT -#ifdef WOLFSSL_TLS13_DRAFT_18 - TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */ -#elif defined(WOLFSSL_TLS13_DRAFT_22) - TLS_DRAFT_MINOR = 0x16, /* Minor version number of TLS draft */ -#elif defined(WOLFSSL_TLS13_DRAFT_23) - TLS_DRAFT_MINOR = 0x17, /* Minor version number of TLS draft */ -#elif defined(WOLFSSL_TLS13_DRAFT_26) - TLS_DRAFT_MINOR = 0x1a, /* Minor version number of TLS draft */ -#else - TLS_DRAFT_MINOR = 0x1c, /* Minor version number of TLS draft */ -#endif -#endif OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */ INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */ NO_COMPRESSION = 0, @@ -1355,10 +1350,21 @@ enum Misc { (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE, #else - MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, + #if defined(HAVE_NULL_CIPHER) && defined(WOLFSSL_TLS13) + #if defined(WOLFSSL_SHA384) && WC_MAX_SYM_KEY_SIZE < 48 + MAX_SYM_KEY_SIZE = WC_SHA384_DIGEST_SIZE, + #elif !defined(NO_SHA256) && WC_MAX_SYM_KEY_SIZE < 32 + MAX_SYM_KEY_SIZE = WC_SHA256_DIGEST_SIZE, + #else + MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, + #endif + #else + MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE, + #endif #endif -#ifdef HAVE_SELFTEST +#if defined(HAVE_SELFTEST) && \ + (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)) #ifndef WOLFSSL_AES_KEY_SIZE_ENUM #define WOLFSSL_AES_KEY_SIZE_ENUM AES_IV_SIZE = 16, @@ -1502,7 +1508,7 @@ enum Misc { /* number of items in the signature algo list */ #ifndef WOLFSSL_MAX_SIGALGO - #define WOLFSSL_MAX_SIGALGO 32 + #define WOLFSSL_MAX_SIGALGO 36 #endif @@ -1590,6 +1596,7 @@ enum states { SERVER_HELLO_COMPLETE, SERVER_ENCRYPTED_EXTENSIONS_COMPLETE, SERVER_CERT_COMPLETE, + SERVER_CERT_VERIFY_COMPLETE, SERVER_KEYEXCHANGE_COMPLETE, SERVER_HELLODONE_COMPLETE, SERVER_CHANGECIPHERSPEC_COMPLETE, @@ -1657,6 +1664,10 @@ WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side); /* for sniffer */ WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, word32 totalSz, int sniff); +#ifdef WOLFSSL_TLS13 +WOLFSSL_LOCAL int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, + word32 size, word32 totalSz, int sniff); +#endif WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx); /* TLS v1.3 needs these */ WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID, @@ -1688,16 +1699,15 @@ WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl); WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size); WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str); #ifndef NO_CERTS -WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain); -#ifdef OPENSSL_EXTRA -WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, char* ipasc); -#endif +WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN); +WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, const char* ipasc); #endif WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl); -WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz); +WOLFSSL_LOCAL int HashRaw(WOLFSSL* ssl, const byte* output, int sz); WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz); WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz); + #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl); #endif @@ -1840,11 +1850,10 @@ WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list); #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #define MAX_DESCRIPTION_SZ 255 #endif -/* wolfSSL Cipher type just points back to SSL */ struct WOLFSSL_CIPHER { byte cipherSuite0; byte cipherSuite; - WOLFSSL* ssl; + const WOLFSSL* ssl; #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) char description[MAX_DESCRIPTION_SZ]; unsigned long offset; @@ -2015,8 +2024,7 @@ WOLFSSL_LOCAL int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff, #ifndef NO_CERTS -#if !defined NOCERTS &&\ - (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) typedef struct ProcPeerCertArgs { buffer* certs; #ifdef WOLFSSL_TLS13 @@ -2132,8 +2140,10 @@ typedef struct Keys { byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */ #endif #ifdef WOLFSSL_RENESAS_TSIP_TLS - byte tsip_client_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE]; - byte tsip_server_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE]; + + tsip_hmac_sha_key_index_t tsip_client_write_MAC_secret; + tsip_hmac_sha_key_index_t tsip_server_write_MAC_secret; + #endif } Keys; @@ -2151,13 +2161,14 @@ typedef enum { TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */ TLSX_EC_POINT_FORMATS = 0x000b, #if !defined(WOLFSSL_NO_SIGALG) - TLSX_SIGNATURE_ALGORITHMS = 0x000d, + TLSX_SIGNATURE_ALGORITHMS = 0x000d, /* HELLO_EXT_SIG_ALGO */ #endif TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */ TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */ #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */ #endif + TLSX_EXTENDED_MASTER_SECRET = 0x0017, /* HELLO_EXT_EXTMS */ TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */ TLSX_SESSION_TICKET = 0x0023, #ifdef WOLFSSL_TLS13 @@ -2175,12 +2186,8 @@ typedef enum { #ifdef WOLFSSL_POST_HANDSHAKE_AUTH TLSX_POST_HANDSHAKE_AUTH = 0x0031, #endif - #if defined(WOLFSSL_TLS13_DRAFT_18) || defined(WOLFSSL_TLS13_DRAFT_22) - TLSX_KEY_SHARE = 0x0028, - #else TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032, TLSX_KEY_SHARE = 0x0033, - #endif #endif TLSX_RENEGOTIATION_INFO = 0xff01 } TLSX_Type; @@ -2522,7 +2529,6 @@ WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* ssl); #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) -#ifndef WOLFSSL_TLS13_DRAFT_18 /* Ticket nonce - for deriving PSK. * Length allowed to be: 1..255. Only support 4 bytes. */ @@ -2530,7 +2536,6 @@ typedef struct TicketNonce { byte len; byte data[MAX_TICKET_NONCE_SZ]; } TicketNonce; -#endif /* The PreSharedKey extension information - entry in a linked list. */ typedef struct PreSharedKey { @@ -2586,6 +2591,13 @@ enum DeriveKeyType { update_traffic_key }; +WOLFSSL_LOCAL int DeriveEarlySecret(WOLFSSL* ssl); +WOLFSSL_LOCAL int DeriveHandshakeSecret(WOLFSSL* ssl); +WOLFSSL_LOCAL int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store); +WOLFSSL_LOCAL int DeriveMasterSecret(WOLFSSL* ssl); +WOLFSSL_LOCAL int DeriveResumptionPSK(WOLFSSL* ssl, byte* nonce, byte nonceLen, byte* secret); +WOLFSSL_LOCAL int DeriveResumptionSecret(WOLFSSL* ssl, byte* key); + /* The key update request values for KeyUpdate message. */ enum KeyUpdateRequest { update_not_requested, @@ -2602,6 +2614,14 @@ enum SetCBIO { }; #endif +#ifdef WOLFSSL_STATIC_EPHEMERAL +typedef struct { + int keyAlgo; + DerBuffer* key; +} StaticKeyExchangeInfo_t; +#endif + + /* wolfSSL context type */ struct WOLFSSL_CTX { WOLFSSL_METHOD* method; @@ -2710,9 +2730,7 @@ struct WOLFSSL_CTX { #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) short minEccKeySz; /* minimum ECC key size */ #endif -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) unsigned long mask; /* store SSL_OP_ flags */ -#endif #ifdef OPENSSL_EXTRA byte sessionCtx[ID_LEN]; /* app session context ID */ word32 disabledCurves; /* curves disabled by user */ @@ -2755,6 +2773,7 @@ struct WOLFSSL_CTX { wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */ wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ #endif + void* psk_ctx; char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN]; #endif /* HAVE_SESSION_TICKET || !NO_PSK */ #ifdef WOLFSSL_TLS13 @@ -2771,7 +2790,7 @@ struct WOLFSSL_CTX { pem_password_cb* passwd_cb; void* passwd_userdata; #endif -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */ WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */ byte readAhead; @@ -2876,16 +2895,19 @@ struct WOLFSSL_CTX { #endif /* NO_RSA */ #endif /* HAVE_PK_CALLBACKS */ #ifdef HAVE_WOLF_EVENT - WOLF_EVENT_QUEUE event_queue; + WOLF_EVENT_QUEUE event_queue; #endif /* HAVE_WOLF_EVENT */ #ifdef HAVE_EXT_CACHE - WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, unsigned char*, int, int*); - int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*); - void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*); + WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, unsigned char*, int, int*); + int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*); + void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*); #endif #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) - Srp* srp; /* TLS Secure Remote Password Protocol*/ - byte* srp_password; + Srp* srp; /* TLS Secure Remote Password Protocol*/ + byte* srp_password; +#endif +#ifdef WOLFSSL_STATIC_EPHEMERAL + StaticKeyExchangeInfo_t staticKE; #endif }; @@ -2950,7 +2972,6 @@ enum KeyExchangeAlgorithm { ecc_static_diffie_hellman_kea /* for verify suite only */ }; - /* Supported Authentication Schemes */ enum SignatureAlgorithm { anonymous_sa_algo = 0, @@ -3009,6 +3030,13 @@ enum CipherType { aead }; #define CIPHER_NONCE #endif +#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION) +enum CipherSrc { + KEYS_NOT_SET = 0, + KEYS, /* keys from ssl->keys are loaded */ + SCR /* keys from ssl->secure_renegotiation->tmp_keys are loaded */ +}; +#endif /* cipher for now */ typedef struct Ciphers { @@ -3048,6 +3076,10 @@ typedef struct Ciphers { #endif byte state; byte setup; /* have we set it up flag for detection */ +#if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION) + enum CipherSrc src; /* DTLS uses this to determine which keys + * are currently loaded */ +#endif } Ciphers; @@ -3149,6 +3181,8 @@ struct WOLFSSL_SESSION { #ifdef OPENSSL_EXTRA byte sessionCtxSz; /* sessionCtx length */ byte sessionCtx[ID_LEN]; /* app specific context id */ + wolfSSL_Mutex refMutex; /* ref count mutex */ + int refCount; /* reference count */ #endif #ifdef WOLFSSL_TLS13 word16 namedGroup; @@ -3157,9 +3191,7 @@ struct WOLFSSL_SESSION { #ifdef WOLFSSL_TLS13 word32 ticketSeen; /* Time ticket seen (ms) */ word32 ticketAdd; /* Added by client */ - #ifndef WOLFSSL_TLS13_DRAFT_18 TicketNonce ticketNonce; /* Nonce used to derive PSK */ - #endif #endif #ifdef WOLFSSL_EARLY_DATA word32 maxEarlyDataSz; @@ -3171,7 +3203,7 @@ struct WOLFSSL_SESSION { byte staticTicket[SESSION_TICKET_LEN]; byte isDynamic; #endif -#ifdef HAVE_EXT_CACHE +#if defined(HAVE_EXT_CACHE) || defined(OPENSSL_EXTRA) byte isAlloced; #endif #ifdef HAVE_EX_DATA @@ -3185,7 +3217,7 @@ WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte); WOLFSSL_LOCAL int SetSession(WOLFSSL*, WOLFSSL_SESSION*); -typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int); +typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int, int); #ifndef NO_CLIENT_CACHE WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); @@ -3346,8 +3378,9 @@ typedef struct Options { wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */ wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */ #endif + void* psk_ctx; #endif /* NO_PSK */ -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) unsigned long mask; /* store SSL_OP_ flags */ #endif @@ -3587,15 +3620,15 @@ struct WOLFSSL_X509_NAME { char staticName[ASN_NAME_MAX]; #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ !defined(NO_ASN) - DecodedName fullName; - WOLFSSL_X509_NAME_ENTRY cnEntry; - WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */ + int entrySz; /* number of entries */ + WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */ WOLFSSL_X509* x509; /* x509 that struct belongs to */ #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) byte raw[ASN_NAME_MAX]; int rawLen; #endif + void* heap; }; #ifndef EXTERNAL_SERIAL_SIZE @@ -3741,6 +3774,7 @@ typedef struct DtlsMsg { byte* msg; DtlsFrag* fragList; word32 fragSz; /* Length of fragments received */ + word16 epoch; /* Epoch that this message belongs to */ word32 seq; /* Handshake sequence number */ word32 sz; /* Length of whole message */ byte type; @@ -3810,6 +3844,20 @@ typedef struct HS_Hashes { } HS_Hashes; +#ifndef WOLFSSL_NO_TLS12 +/* Persistable BuildMessage arguments */ +typedef struct BuildMsgArgs { + word32 digestSz; + word32 sz; + word32 pad; + word32 idx; + word32 headerSz; + word16 size; + word32 ivSz; /* TLSv1.1 IV */ + byte* iv; +} BuildMsgArgs; +#endif + #ifdef WOLFSSL_ASYNC_CRYPT #define MAX_ASYNC_ARGS 18 typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs); @@ -3818,6 +3866,7 @@ typedef struct HS_Hashes { WC_ASYNC_DEV* dev; FreeArgsCb freeArgs; /* function pointer to cleanup args */ word32 args[MAX_ASYNC_ARGS]; /* holder for current args */ + BuildMsgArgs buildArgs; /* holder for current BuildMessage args */ }; #endif @@ -3971,11 +4020,9 @@ struct WOLFSSL { #endif word16 pssAlgo; #ifdef WOLFSSL_TLS13 - #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22) word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */ byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to * offer */ - #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */ #endif #ifdef HAVE_NTRU word16 peerNtruKeyLen; @@ -4202,6 +4249,9 @@ struct WOLFSSL { WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */ WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */ #endif +#ifdef WOLFSSL_STATIC_EPHEMERAL + StaticKeyExchangeInfo_t staticKE; +#endif }; @@ -4221,10 +4271,8 @@ WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ int type, WOLFSSL* ssl, int userChain, WOLFSSL_CRL* crl, int verify); - #ifdef OPENSSL_EXTRA - WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName, + WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameLen); - #endif #endif @@ -4333,12 +4381,8 @@ WOLFSSL_LOCAL int SendTicket(WOLFSSL*); WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32); WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int); #ifdef WOLFSSL_TLS13 -#ifdef WOLFSSL_TLS13_DRAFT_18 -WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*); -#else WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte); #endif -#endif WOLFSSL_LOCAL int SendCertificate(WOLFSSL*); WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*); #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ @@ -4464,7 +4508,7 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*); #ifndef WOLFSSL_AEAD_ONLY WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, - word32 sz, int padSz, int content, int verify); + word32 sz, int padSz, int content, int verify, int epochOrder); #endif #endif @@ -4486,24 +4530,30 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*); WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*); WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*); - WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, const byte*, byte, + WOLFSSL_LOCAL void DtlsTxMsgListClean(WOLFSSL* ssl); + WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, word16, const byte*, byte, word32, word32, void*); - WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32); - WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, const byte*, word32, + WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32, word32); + WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, word32, const byte*, word32, byte, word32, word32, void*); WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*); - WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32); + WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32, enum HandShakeType); WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*); WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32); + WOLFSSL_LOCAL int VerifyForTxDtlsMsgDelete(WOLFSSL* ssl, DtlsMsg* head); WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*); WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int); #endif /* WOLFSSL_DTLS */ -#ifndef NO_TLS +#if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS) + WOLFSSL_LOCAL int DtlsSCRKeysSet(WOLFSSL* ssl); + WOLFSSL_LOCAL int IsDtlsMsgSCRKeys(WOLFSSL* ssl); + WOLFSSL_LOCAL int DtlsUseSCRKeys(WOLFSSL* ssl); + WOLFSSL_LOCAL int DtlsCheckOrder(WOLFSSL* ssl, int order); +#endif - -#endif /* NO_TLS */ + WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out); #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void); @@ -4511,8 +4561,8 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); WOLFSSL_LOCAL word32 LowResTimer(void); #ifndef NO_CERTS - WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int); - WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap); + WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int, void*); + WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name); WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap); WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*); WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*); @@ -4598,9 +4648,13 @@ WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh); WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl); WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl); + +#ifndef WOLFSSL_NO_TLS12 +WOLFSSL_LOCAL void FreeBuildMsgArgs(WOLFSSL* ssl, BuildMsgArgs* args); +#endif WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, int inSz, int type, int hashOutput, - int sizeOnly, int asyncOkay); + int sizeOnly, int asyncOkay, int epochOrder); #ifdef WOLFSSL_TLS13 int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, diff --git a/source/libwolfssl/libwolfssl.a b/source/libwolfssl/libwolfssl.a index 4a444fdbc4a7547375b54cc2fd4985c5202d6e4a..b2353b2f229ad7b2532912532bf9dcae26e7077c 100644 GIT binary patch delta 132751 zcmdSC4_H*k**83Mb{7^{5Dh8_$|9(!sHmumpe~9ABPuFJ{F8tYBQ_+VN>Y-po;8w` zq^89z&9MnFJgLn?TAR>df_*{^O=(IRpVYLpuWe~UTbq)Uwj`mgZP5LG_c=4niBI46 z{k}fEo?hR%uHAFr_srb?X3qROGjn=7l1}|Gsd18?o4Y7`QFiuXuQ%IEm;K-Co$t$D zPK zkIxCP|Ko41mvQ@VeG%h2{r%s5WoHR{ysazG}}+NBicj9*#GcP z|DP6kjXeE-+~Q9vpbM8fW|pvj#ZUiN2(`)7|1qoIYGjUo%1{4iG5QDj=>HTe{z2i8 zt^Xr#bapkef9Usm3v=3kzo^og^A}bB!k_-H6b{+?zts9FrvGc*|Nr;=cj-a)-~0Wy z8T|JY(Cyks@P76`{A)ksxk<|{uiRa`n;qP{w{oQg-g#GT&0Vzx7II)Og>1o35D2xv z_W5JhM@3%0w|2ws+xLbJB~EsHW>0zhV~Kxtv_GHH%de~6ySsA#9s9~}*p7;NIHu19$8*8lG@uw%?rj9#7hK zV1Mo2Evq-N;yXXHdGEo}{kQKuz>0PstP0&Ut9{yhc^!HX&+whcP=m7dtm?Fd!grD zx0~Fy?A>!QJ+xN5I^&Hg*~AFSG2+1|KHbGd2MoU_1x}>b1v+Ne1%9%yF7T(kI*dd4yvG>J#c=G)Y22UJAKp@Ml9e7> zmi%boaB>~tht?+jME~06y7@PR!-r<_rr8g&aKRHS+t2yO~>m>31ftJm7ls zfWM%VrR4Q97AoDC6x;hz-Mj}G_n%|#rNPj>8>cu9-~W}+;~O_EJbdzENkC7&$NyBg zLO*%YAGr5d3Ho?~q~?QA@9^VaX-_RVrt!+q>CI_I+qYd# zeoOlgH*Y6O*4AWR)n2sqIfou#Yy##8=!$4!Y@&o)7)z6I4`Y)g+|O9NgfA;NGTsJf zFg8}ii7a6(S;8k6i;-|AV^aW+Bf*iE81u@2!BE3?gI9&TJ3h}ZKTnA-*fE1= zJ$jpl|B!bl{*9s4e7fc?3DxYJ9x;}9G=_!{H@Y#@wR48+0-W%LkpI(DwXuz%_+8US zGroQKuHx~Lq8Jz-JkBQ?DW&|o?YAE|&aFtfzD1$syCyh%+1a7g+ALn#UR=A;$pfM0 zy4=+_Gxz+N;qbQ3pC0zLuqArokLr-6b$T;z%JVWtzR#<`5BegHXCg;eBR@X`OjS)JhGgzBL%Dt#gU`DbOCqj4;3Mdoq2FM zyPJv}igIsmemJZ@*h6%8UNhs5T}9ZFR5b7XJWmYu-@7oWCCkBB0c6gr$NePp1otra zy6{MLDC@K3{5PRvpWVWL8tMl;HslX{VZvWOn0FKr&#`PgA7N5*UHC6Q4qXZ?OxjN& z{&V3@{nE#EFfC|>e!MA^eJB~pix0gs?fhJbnRh?py~y1Dle`m8A8UMvIghVk?k}%k z9?+bjlEZnE3-eCWbH;*t{jbRZiR;3DdMmJ>9KR%Rp^PO$cMzd7M8It9Hy!Pf#IVRsGkA@ zQ;p$Y&N~SMPO=h&n+bDwvo`%Z9}#0FJDiu~Dd0?kTu0+zQUMp*DSD zS}XW)l3^JhJ^@*|2yMiD3+@e}0X>iZ(uiN;m>9|nCQfb(JdjSFWhj7bUHD3iugkoj z0NfO+32x!fgt~+4`1(-%ku|ga^nqEw+{Y4whf$~8|LZ!^ZC&`!S3s`=iwrA+K76@7 zcqG!nPlOuk=kX2gXY1E-*8nSsYkPEF#CT2H-k$ov2|o6Oh7t+`Utlb%2jD;`{>h1< zcRtrU9~kqF(&6f0ifS-?|l_)_4YF}Dc60eB8@r@(Il z?t_j(EA0Sdu|Zq>2LNZ|7aXfG7h_t8G0emgQ4mlp$U~zMz7Cia^osD#_L7Ib{NL&3 zL_fTilgYAHkAyi?>(Ui@8iFK@ERnT+Br4-nL3g`V9Cy5`)!kkK z0%Ox9JPi5L%9wn{l0-lZw4N+sB#?4_bbykmo6-kOxXjg*-z_a4ZzI z_`_|n)rwJUeW?G72lXCgJ$#}~vdTXPPH^__(T94>nIj5XpVpd#|DkAyR=8N*akGk z5lLQ9`;4}ke5w}PX|zxy9NUQ|IW-DTJ6*uC9+|=OLlp-n8uLD*jnT$bgaVJua6uWK zV6@Ca%5ejs^PrT0*Z0gudUCwc{~2w3;{5C-=1U9lH-C|6s6)p;J+Zwa^kMvH%YEbl zZK7*_&f+DDLus`$wI$8%EvI6fdhk$?O%J%Wr_UW>C4tW*qcg|q1I_7m$B(e$z$@s? zy}hvRP!c+NH*TprTELDS<*f1OZq`(Ak~6e|TER(2Chjb+CA|T@(J3USHxzC$D7o=P)b%_Lo1S=_3c470afkcOE1+0^hpV5O3ZG=5h#piBB+1mcXfw?N4!YK z@@@@Z)hp2rtW2(>F5e-?Dzj}09HQ<)_=29^H&l}AXByfG&DU>rBl9X4&q_w0dY(zsPnb=z2UZ5qZUhd0r+u`ML!Y7!4C@Ly!wlS1yrYO$8rX++;M*)y zcYUXh`aUw9P#`C7C*-t*w`{x7ov)v4L)SL!J#-^j*A|m*{&PIT`&l>!Mh5o0O8uKmat=Aq>g%F?N`J#<{MClM zlVJ6De~Etd*B1RAw4P6e6Un)7yy?{7Zq}fG4(;0XH%teDFS;Wizoi%bh-|(GzGI=B zug_TmU6FB(QU+xf+FYjZ`*|Jl@V#SYTHwhaCLsNO%l<2Up%Y(EUDlZ!O`7>>ApxAWbp)pH`90isP52G=?|7zaXLo^$U5>8x>Sscp$@>Ai~iN2^mSITKsQo9 z`l|$V9kc(g`|le$MQ$GrYyO#)RogFI*029jou2z)Lg1DDlEdNeCs1GS@VhTvQ*=fu zbG_&XzVl(imzRh2us-7r)6e?5AJ^%tQO=;%y6|7WYx#M^SMUf+f!6%Nay&#cyRykE zhh~=e%sk5LDWQIE?sjxHe+eU2lsvnCCgX=z!24t=lz;~~JmW@w^Q>s}sW4nCcZdF~Mt6l8zp*ekf8OU9RTS~KGxTbyqNo=Y!|B|N@YUH5 zhOZPn;cS`x0G{<u(qN0>52X zr@!-YU2Y~G$@hJiP5NU+s9VD4)8ApyREoE~J?1LqxBm7Pc;rt%rGaV#Jt^p^ZF@Un zIcVPvbw8WFyC#?F_I^^3x_sfrc@M!?rCaLI4~?IPo(L2Vpz~cs&oB*L&5DV7oGsy; zyeW)ti^4NZ(mTT$G%P`!qh=iIxrz@JJvWbU57j-F%DX}*o?FOWq4Uq_+!HEpTSpZ9 z*M=^&ZR07S{BK^LwBGE^KE)D`Roe!P(Ufv?fWf!Gf zg_N5`nsr#f>BE7(>o>_8y|8Mg<`&6JQkX04Pt0;GrC3D?N#63%r#d+sPm0k5m8Xj zl^7a)W0Dr<4Y|+HojN8Fd^}cp9ch<_0HAaF4da3Dt}4%@=fj~|y<27=Jj zfiX{FWyt;Jl&MLS^OEmJ=zrFzXig{aK&a@=RQ)WdVi@7fXN;7W+B&xYFSUi=0=(H4 zUJHB(c$THD6QkJ4#Gp&yj{)yPnU&#RL;oIbW+`U)frGo}?rDGb&4LIWOl9}j*`=n1 zoV{vr;Dj5dif*&3gt6-+40p*vhO1wtjX-XVPA}!Cv=PO~M3FY4!jh{)Cl=9#EENHf zej8k+ghh@hrfw7usgN52q%b$KLn=f?QI1xkn-rgDcwH(HeGvl%X?=`G366nasZdO( zV(KYXj686!WE2~(;>SXOOdAU&Bpg?$1`2VbhQa>0R%JmPJRz-#Lt<%79P(NYnZ|h4 z=wnQlnt>bB&Dd<=#WDRT8WJ96Y>t5A-E4GbE zV+RzUambn+!E;=e8ibB3W^7TkHBe>aAWSMTu930DG65`;3XSV!Y>A`~V|qov*Cn9e zAz@gyRKk~4`AA4q*_z;21J8tNkZ@WJZO4}?myT~yi6;)B6EET?!dt5(d_on> zM0jG94n^fiH3@mYM#N95W9)i@>G?~7mGYTRg6qrx&?m*K#FH}A1i>U^haAhJmK`-9 zxkL@4lMzP_uanPU8JZA08A@!Ba1CS2C&MdJ*yJ8XPj$jWq37;M z3H{}#WqJ!57>s(UCE>7u;5aYtDHcraiIy#3SfUjQ*oS+A1z$%n1W?-XUAPNA)TlVz z7M&UtN2Y);04}m%omvt{m4#3%;=qp>Q48W|7BKR{(P_cda5%t#;v`n0we?sqwH!|H zB09AiPQQR5*jZ=6lVFJRtOY0I?!3r0nh8=Ekjqv8H6E@+0Yd?oPryTf%Pg203|FIo z`vBudf>Yg?hkr;*&7g_+dBvgPz8SpC8uzD`Vcb7mOD!|!;v-T6NHq`|>PvSu!SkKw zbo{i+Q2sAw5W(4Dj`Ww5U^;$$()`8Ndc{u;^mBcSY3kiIKbI!oXrV{%^?Zy)9{(_*;9R&DGo$e|zl)*8Sp7E`YG7<)&A<2kS6_U-H3i{GL$f2itgBDB;83rbYSwjk#$6Zh7kcD>V2&eCq4w zONMpfKmH<=^3nBUziJM%F`TCP3Q+G4)qb=jZTmH8*OSL>Y3H<`|7bZMH*kgMG#IC$ z@VfBt!Shf1(vBc?Ca6XFo}Ys{aF>~18E=r}OvKt6I`yaP(~_=<6?^!*?RENStij*6 zd;a{D8N4+#)IEu>Gv1iYQzGzICaz?qaW2U$ zNNzIR={&Wd7TIidz8HTVAf7u`D3Wyn@3n=$0UXb%oO9+s0Y2POmChg6Xku4(5Ij|= zJVagUIe^+v%$<7f1?)t6Tw^m-l{q#aT~-l)Y=vs?sfm=;?KrP$3&ug#D80*~Q+vU# zLj@umjO!|(oM4&&BV~dFJPHyX4<%&$@$i>yr^nZ+nd$K-6n%m%?Sx@PpIC$TN+wQB zP)rlOs^y{TR0>N(X2_0W;w9A{C&6MFCke{Qj$+cFqEAYclezFzQ1XZU$sW~ZPR>$o zb}~F6+uCI0yv(K)Tl^HiYUNUpeKc22R|+ha9nq97C71>UR3)3&F2F{31~1k@JiN2vuTLk^97 zD1J&UVC0iIkxV6+hMZau_Lypx< z+t_62mzEjIeq^e)ylr$MIbu0+9t;IRz9GeEo`vLHMmODBj6u3(n6t>n%-MYGC*I|D zl+ET3BukRn#&nFV;nB`fQb*i6KIE3@60|}SJ0_R%t(u)Qp`-CeenW&L`KYbZau$T9 z)Mn{%eWvO;=6@!OVbQaXB45(3T%fk$mEBqjwFQk_%Q0u6`>>?oY96%(Db@@#^B}$h zbFC#*LnE&)<$BRxJUzRP=CA_yr`MSiY?#Y9o@TxKop&_cgt;7g56tH281n(iK7v58 zejoz@E&As!`wu0rstf!kug>3$`W3C*?E5u_nLG~!B_mFN1o?va?M9=PrkO96X<>nQ zk80t!Vu8WGX>M~e1@VxM+ZD(+t>_H59RY*6m_ILgF&xy7UWQWPX0vI<{FIzdG-qd? z3fJfE*0M=^!*>&(y=bTZyBsHye?1^Wn8J`QArU6F_jSo zYsB;uW;t->{I;lA zD>mMS2e!;en=R5ZQVZ8|>xMC;1*{I$J(+5}vXaNI|I{@>b*8~k-fFWLstD^6Nt>_1 zpGEvC&@NE?(8%Y~qXtkvKzXd=sGiCvnGJ~)%+1vt#KGdmQ$NX#FF-9&iL}Qo>3qXA z;Wu4_-*F8dKw~-tTDD04C3YQidBLzw5Way~h!ci$A5SxO?&Hysb8B`VsGU3C*nP;E z5PSRH+pz$O;kKvdp3rmgi3tSWUc<_<+^lwA&4Ka-OUmnv#C?2&N0Anl8~yh=CmBE5 z$NThMm`Dm^7#?j*Bnr3+@F@$X^2;EY+B~y7=36k8ExyZwU0%S=794Sc%{_R} z?X|l@Gj<%+B6{d`s^EVvVXIiNhI;s-{N7WkX;E4XYyD zz2M1=>NR|7L^NRjsyVodqqR=slNO4tU)K(Mz`b;osg@-v(d zJ$kE_z$-g`QNuR?GqMiw*}S-;>;O0TZg^m{aKhWNjL>YZ%mo^q%Yv;1Y;>fRy)$~Z zEoa%Zi>g>SoJL74-^h!NmRkNr9&cpd#nWAI3+uApR67bS-#QA-H`NY=-~#phUFbCw zn>~z}yLmjXF;ed4=5Uo2S+A;{)kZauP&(OfOeaV78J%}?v7#*3XZ8YK{0zS@!g@EI z>oW>w^F(d2539#!Ysn)W7Y^|sMT`xKL2I4$=9twOXX^Qq$v%3$C6)kX79l4^cOVO| zK8_pl_wzj7Z4}?nQzy657>wFzibV@`@N%;Wu^KQ4J!UlA&-cLngZJ|>oEI4*5Aerh z6HR_kqMkl?HDLHl9EnEv=lFHJ#JKo5erIg|m)ByrY`);S+GdnC@Fl#>IM%>ZlN!zD zA1$`-_>T21)m(RYrPAnb;PZG+$8ZC`jq@g>;vo!=?lA%nfx5Qi^h5krO=FjhnumF! zw^F=3K~qNF&WF}`a_Dk2(eTUoWhGDP=zf_0%uLhLh(T8i1sYwA{PR4=C_au6RW;%} zt$JCz5%pjV@GODv1>S5NJI*I*3$r^~kMkcnb(ky%1(9W{evGVD4|(JLt8l;MeAW`ip#89-RG5Hcb_WDZqydCyt{{06&D4; zl2KHKsw<cP{6@V=kz~F;GY{jpM1i$oZ!#RhkQ8)7?XoK6W*oz+5-<#{cXZExR(jI z+34zWtT6s|msV)3Sk14~Jm-!0$9Q^FF^XZ3!8#+jnorSUnN_3UKD0^08W?7revHqE zI*%yO57GRmofD&=9$j$>RK<)14@S$q#3(1uXJkB%^)r($8O4vI9%?me>2}d*rrRl_ z8-b!u$u-RNE;&mU2Girwh z8{P=K*oL11o=-C`@E%^rULAh)X`ZZKw8iK}4Cm~l{541@#QpoY7vuh-|K!y+TfBax z?z7=-z|Y(8PT-w3ya)Jc8$JlU8H1q4f|JH$PxCb0rviCA)bk?nD1_JGem|101 z)2Jxd%N$^miSREWULDrtz%}f+r7(L0YbY+MG#o28!siigAiNs)R)lw}aGj?hf?dNA z;LR!mr`PJoY&eDnS95GQO%GPv@I>IdY&c#?+w+3c64HDqa+m+)mHcJbk7gprWY?8G z1U!O(3>$-NVKt3OauB`|;Z9q44(O*IZRM$Bdu>!dsI^9RE1#&_tm73R7u%xcLz_Aq zUWD*08(soD#fFyw_t@|%yxbo_iNqjvq|ipM0iCii)_+nTu`>)HpbQ1;1>^_vjlYgN ziZuT>FtA(IfOxhd&YOUHZ30?=$3wu&NS}iA7yRcw?zV-W#{B1yiO-%%&j~*(+=xXo zA9q9Jhy5o%Zn7ol0>d1m<{AFSj`HVtyq4xOyGU5_k3}ogMamQt(Ow$c)0AgN;G2A@ zrhUA&<7_*BlWRlw7!5Cg^4DcX_Y3?B(L?J4pQ0sOS1%fkBRt8t>qWj=`{U}4&KLRP z9KDd5Z(^FU`YexGTcSUJ!6?=u)5u${MTXd0%zi>M*5la1vCM%U6pjahQMezAe`Fft z%vpYiHu#p2@h!eX8@$U1ev7}+QT{c)ifbS3?Kt&y{*uF3_aD5HzhJce2l}JOjb7Z6 zZZ{d>sgp`Th(m`s5_SfY@bSKPw3eW*)%ae~ zg49tW15M*QF>zIno<201iOr5Z}ALS z0d^Z_-{L>i-n`Or?1$*w@X1E&k5J+N=eLcXAMwxf9;2|Azr!bXWc-+Ki{MWffuHlQ z@Y@YcW zJNirJp?MrVd_#i%{W-N5-%D&o#d5#drBejeo-^ z89*=X`L{Z<-s3TxukP@@&;Q1?w*TzN8RSp8`7<58!@P_qVyigRsxr#_#=Fh9*>VBmy716NqwCM;LY@V9_R+uaJ9(^8^B4YG z{)|y}ng2WIkN%af)V}g^N8w-jOFSwE#fGg5e=o~$e~jMdzjZWy%zauYxWjFnzrs(& z%zB{cfxpCZ2ioh7JFoK62!7t^c4~WEXwtO{MuSURh}Q<4E^W4KNAC z`uphacU&H$t<(5TM&USZ1+Oyd$7x&ien==r&xbld0Zi{U;65zydi45E0k0JJ!mXd|75ML{V}1q<+>q|V{cren;y1y< zIZcH0;ukG&h4@@iDTw}DsM@V9{1*zjMXW6lFM!Uw=93xq-% z^q{v0qc|qvc#92B0}dq^JrMAqHV=544POqNJS@Y}*X2-B8l>qvLFlqY*blthhGX9c zt$`n90Ok038;&x-FWB%_;FM)j;C}$WXv1Fz-UnQGRHt_v{1OOGVZku)0Tsa!1$;<_ zJEj0f9Ld136!?e@$7ob@+VF$GJvRI}@Pttu=M}(xG|Mr{@HOBWz(p3AO8~NMINtPW z`8FKN(@UJu_#Xl#o7g@h{OtdOXQmJf-!2z(F4qRTSW z^=S(m#o@R(a?E8B|MS;`Kk`XjceP+doPi?AM1rq@72(z6h{#;u{$v8z4=~DZM38Wd z>s?F|;~8QZB0Z|aap!^8T6lyxX+u0Lg(I%RJe(h>6<=o&X&_XBP+|#;Kn-x+8Dw{c zz_($7jvmNff!CnAJq^58;16J))(gBz;9mlc^lV7rUj=MlLViI3$JNj|FGtnf(3C&MFAC0Z90qH-ST#Y6-W@O+Vg z^3S|1jUyN0{cbG?eIk4nW8M-tf!H=Hvy+ANO;(dS35Id1h3XD z3*7rK6NW6nV+JZ7!Fz#Ip%d?R+{XZ$mz5>%C$GW3fjJ{LXnw)(9B}ergTUVeegSy1 zz~2$+G0-w0_wNNk;#hJsw;D824@99=nMVqWJda8MUIRQ}F^ozDP9E4LaCpdkCt4`* zeBdyGw^{~9q0U~AL*?(Hh;TDjC3?W%l)&!*-iF6el=7$mmNuRNUMj*-vG~YhVNn#y zh>xD48WG-rAu*Jclde%sz!PmaJeZq8@)l01s$l8abM>%e*XwqaVbQNw}DcER1fxCLA@b`TRqoS@%bO^O^`R zUxWXzYw!WaP|%qc6c%0mWOxj@-@Gh^Vy0e$qh2BVaft|Me5_00*Ru<(W!RL>&M zV-8;v|DkJe@}7AKekXApAZ3B5S7KTrznmhtEem2g7%PWMM{(qFInv6tP%)@_D@qV9 z3T?~>lo*#2`&^MO<_f_I_fX?Q{6siS`7$cx5}!f#lX8*(moT%`S`0k}z$uXo-wZg# zhNCKFUK@S@aE1*(0yxu#e*tio4d3(xkZc=)3Iz(ysK9Rl_Sx{)0Fw))LO%xVx8ZLa z8D8!49UWdRm%DD;drx6i$6%WFs-xrmX<82VTCbZKoyjqJhKD>}gNUKsiIeBy2$L;U zyXm|SCQdd{FQw<_l-G?O$gzHRb@iQlj5RZ~3_ACu<5M%VPe;U_L5mWHZU|+>8Dn6M zcAE~8`)85__(Q;W{%9=a#&c;!MUQlfqDP^$j?&lI=qRM4^c!t-v~r{LTW$1Dp_GpX zJZcMg%$DG38y#6N8vjKb{XcB<9>&&3!vI`Sf3U?N!%Vv|2AnWT*ID!=Tfp?u02V#V zMqg~BFSXHa)<@r9qu*$Yzr#jHA(P&XeuU^$%HithXKew`+YCsNiLlYf z+2~}Yu$U?sDL96VlyrT8Er6_)0V{2EvQpAF+vsGaq~Btr-)f^Du+i_f(I2wt=Ab=> z+#(r0WlQk1jsB{Q{+f;cp^g4$MfXs)Mp)kUP~jE)J(R7IJ{PszXaMD_3|MYUK=~@^ z8*FsSS4qFwM*ozJeus^IpN;;2q$B@Fx1FOLcuvXyz&49Lui5B7v@!aLjs7be{ar<; zC3jNMSSTzFjvWVB2Z0J;>;zlD0$YN`HhPe;t9N9o-JpO8!TCmgdy zf?K3Qjfm{EFAWz&R4TiO=X|D%!Mt^#MA{@|jr4BP8CV}}l|Po$r?i`dJd+6~p;B5)k0>gn zN%)y?A>fq)M$n`+0?q||gMb$SMrCEjp8@zrz~F20LB(al#79TXWg^7r76B8ZTLnyv zJ|$pcbc(USv7;so`_o{h zWIENYteKjlO7GNNjMa<8Q%@;jQ;`L-icR+_!L%~?ArU{LN)^(KV>bFlOo7P_ff;x_ zWENzMD8bW;Rf1`CO4u}5`LGZ$t(CDaNVwmYc95|z3i@;?Cl#6wugGlGr}r^-TtEV-IGX= znPH>b1ZS2gZ)FB-aJ?-)1WS)*p0>efY;k%aU%F)`EFOg+U=%*4;8`iE>70e~aZD&W z3-P7Wvye?v@T>+K48f%`evhD&{j)CGA|VT8;@NPobk}US^n^$}`-F1oY%rCAXTyu5 zX)oE}5d~+#02wC>2I%q;%Br#jz@<`HR-+P-b;=e8f=3xiYhX-PuX-%Apv2=s>8t@v zhzNKN1dAsQtEmdrGdibsG=R0G7$Ne9o}SzquY8jPlVU;?ITWWI>)=p`Mz# zm5lwHjMGeUtn$a^p0y=FcHAQ)4JvpZtoy8>&r7huS&Tg?>99=J2lI;6(=iW9$U0_T zwJna`qy*19WrLy6sIc=k7;co7WhW|EXXj&nN+^+iNjd2~)2Iit=fo|5?xhFVzHnHDH93VVvMeg1!gv z6v#IN2$>}U4g-dZOgh0U1s(IaOV^ zpAvL}rNzYOO)C!M>MZYvRwPpiJc?34emrCCLRh{RFTo^Stx9-49<4Kyeo_dAmHAHz z!2~}$DvaenuVm%-(2x!JPuDV3pHcu#m48z(UDl-@zh$q%&F}=RYF+ky+~GMBhSDO)MH8m%g`z7uRex{= zER%i16}_r&xT0Udeq;kx;imomVpYZZ8&yr`Z&kwlP*e`f{eudoX<#|tD=1NE3#t^) z0w{fxP_zKbZISQ@RRQ-)!oV~Ycg$cnQD;M)GIHp>1XV_Le};1 ziobq+jY@nyDigDjXu;|pR3PR|72qPTYLJR5Rd1&VY2_H92o}F41QfNZ5p)p@ldWRW zh=SK`D@H!lFKRO|>u2Fen-D%~bb-gwi7RZ^fVhEFy3B?ewQ!ricQSsMSx@aiFoPtV^*x3Xp<+;UzpDmkGTm2@k?n+g?uQ-uw#SHd=(RmN=UQ}oTqd-*hN z&VhWX-R3G=K$|VWB}L!jRrD>THahZK_Kvpn+ThDd>Cyz1wlsS*tox9KSdU7LjtML zHVBrAZbQ~c&uu%e;*=pfWH~5nR!_lpWQR<<9bS<{ z`~N$@NT%Hh_e#rlwlMalFkmMPlkhI^mru=20~T!Be{%_AZ-@jpS1VyR*Q=q~&5cUH z%@=KP1{J*=#;g~7%4<}da`2Iz*z#6oKsg-3by?~(#!O;Q0 zDHa^l4A?8+vw$-M+y^*Qz?T7MS+M66;A{b31PqgiXDrguD@>gbPY;lM5l{)(Z^5~^ zvqAyGN32M|Er5$Hcxe;h5jVtNXx%CC$t5L%g5CqTUcl!8HwgFw;9~?s{?c9`jUoUMSd)Oy z06rn$e!$HFMmTG+;G%fIu!sZ~`2n{In0UedcO)m67LCahiN<6A&avpU7R*s;!L;rRd+yBmwC2kp_|SSU2k`=*>%ia1 z1dMb}uYeKPiA*v}0j=k93J1|zE~n6cA|m7DA(IiU;c_KdFfGq=`2;)&c$Wp!GAvh( zfD!J3BBTVZra~XqglXkegy4f!Q&@23w*u0jK!iw4%cCNiEIKWXia2Az>0lBe6iP1w z4B;ezRzpQ53K#++A<(2l(a0(bp5_KDc+#rlNbogF!E`WjK+zl3;Rx!C-1q@-dEs)~VvgIiJ2&RQhQNl=C#1vIw(P@EFlr9+2>ZGVH z5pV&pP-t#7Y5~EB792%qTXATyQFN(*py7ro}`ty#j`1v{jGd&{*FSFW^ML83Kk^Jc22$8}dLn#ixOd zNARTeKb{K~o!0(%s4Gs9mJg%!XITNX<|o!K;1huBEST2%#I{;+0hBYJ7Nn&$J#j*z z)eLZ<73caO;Cc(b0Sd(RTQIG783PZH+;XZ!$9M$-rena&3;@G1(463k652et!I-c~ ztJHR9Vt;q^@c^o2@Mp2sw!z)ItZjq1W82^i^Lc16+8*OmqrWi%E-7YIY#p4U?YU%B zZN|>RTl0-Zy0;}7XE)>f7xhLz-C7Oz7Tku6>@C{#h`Y0)cZIQQi zXeQ zr%aHr>2BmEz*&H?A8uq5;B3IyYd5mm7%10rymYol!F?LDHca!&N6MKma5BAa-a}Zp zg}sMHc7?WZJbeg)W6~)eXZ{vjn~pyIW=Cy>_8ix9aBRqcd2Gm$(KESHu(dsfJ|;ou zu+Tm&+Ovg^N@NtAW0%EoB8f%t|Dnkx&mM}jPHG0850Mw~y$m0n3J$n8Z7nuc4dA4Z zCrkV|M#X)oXiJ^%J(izKC;Ixq|LXFk35TK_Pp@R*v$P8a`&-5w2LnWI)Zf2cLQ3OX zANlkF2>s>F@W@{`&3=-NfkBMo85eHR60m#juXFU5@rjp_%O&&)4yaj3cTxqf;F$hC zb_79e;Of!@?3x)p$~f=~KMtA30m9!ac$QSc=OhO8_x_d;y2^aM3iBvn4@vVs5k7;x zImbG(_h=h6S0-528z=T^vzN62#HD3npNIGFoM>`%bfbqA5ziyLWP#jA#{eW)TS3Ie zZ?gk}?QEI1qP*rCCAVs+e3wyktM+)*bx4JWN$aBnNpz~T%?r;IU3fRA5#Nzf(y0;U>ZwDB(8wkpzzM7wb^ z-!HA5eL>WksL!5hJj~(&V|(t%6Mz!{W9#I|alnaysd~KMh_BI7r|kvFE23@(oFSsF z2b?LQ78s>9T6saxJV>w;8%?R6JjtD=hN#p~IbEj1CFm0efCsRV(r;E;=UBD*g&k;! z9j-4J{WaQG_*kR<(^@(Irg7=h+V93?!0T1`(N%@#K69n9`vYylvP|HOCY5m~=sv0s z)agcbR29hQ+=qB5eRT0=#H}(usCOh-=j-iyz!7C+muZti;RlM0mkw${>`}p{JYLCzc z#Z#72cH#)HD&xXE+QjQhkb6zOimQJ(G_&Zk{$QrRpxJo$9&K-4k0|3^V$bneoPpnr zwEo;#quVJp?0jzlgA8?MxhOI*3q}R;!^IQLBVF$5 z*ne0%$#KM*JE+Z0>!$##KIFnpvO?w{YnP4Eptd5d3kr}7!x$_CJI(~P zh2{x{GHYo!m#iAK8dald4J!NTq@wFYO{aCMET_?sCifv>TP32y_PtwA5qU(Wm!X!XTZ%e-i2&Q5M?}QR?My{W2he8K`4du z*r{fAHCtu8*{qm>(I?a*T$HrXJYdM<2FFtKfFXLWaJXJ}HNMv3?l!U>z+td93T zpvlAaa?KB=xpMHS`5g1K*5>Svo(HrchcQ&(7@v&uP0?LE9N5EhO85NqaFC#W?E!tRgtf+zWpWhsn`7ve5e zq@t~S2in70Gwf||iBbGxEg1(>RsC3-HogHR=Un(y==^oI+oJ5ZaMmsFi-je=Gp z?irw+GKRs}*muN{Y%G3HONn+mtx(?d=oHrk5+mn#+JfZ~enCS6WnS?JD;02=jaDV#L~%!(6cI2^{SI6IPaD0zgY$Zg zk>A02k<7>(#5_S{rcpAe&EAiQbO4rlRoGj6I&xsWl}(gO$Su<MzWYF=c$En_Lg zMxK87`t}~#-~2Xm=4I? zX)7^w-lfTyk~bPPzenbD8qL3lv4h6>--CZtqH+26+5#=A*vR?=tVKTy_jHmMg|6ct zXiQ+V{sCDM?J)-bpe@#-3yq9FB1LqaQT9h|*4*e*LYFd?#p|Pyv$W^Phl#LmE1cKh zL{Go13)}NYZGslVjQ&4DZcL`(9)dnGrAE$>Hdl+OH!6pq<{6`DNZYJ=+{VC=wp{ZR z8JQm-ny1z%{Q${uTv^})Z6jIpfwo{mtXJsb5qA{p*c>C_LnMtwk`IwIw#5j32+kLb zwhv+5h|%|iL6pGRlchNZe5lkBcTRzg3YGdHYVJJ2RrVisUi7umM7>Z1r`v(ADd!dei{B7)fN$1$y7T|!_v z3VA&!{UZK;l+8-u!va4jqDuvjpeUAsCN@;^$AR|%KO^FQ1!XJ%`8+`ozJZ~CBO-_$ zocz^m7+yes7B#5cqsspm@LJ&YBK@y`Uj{BMevb+f@DdUJA#gH4;(rBBOG{+}R2}BT zDEC+iG#EZ61=-gm@Fc`FFUup^3}i+d!i9wz`uXF$h#n#eM3 z2f|3c%u{VOdgD$oY!m{k&o+I#?c+o{JlmhNTM;lq7`9(O&Uh*k~OMw^|rX&Dw z72zj=lR}~lXjtK;)5j-RnTYTmECa6qo+$7i0IvhyCGekF?fd=$8JQn*^+w*kKdT$CxteVB!7u;CBF|I?s=Lli>C3B0@T%`e9%Y}E_b|- z_YEyz&?gvNxhBCc@!BDPaA`5JU@^H=WTE4a_##UN!fUMbPE_YUlp*OsCkm;#kGa+g z*Qv{tdkhhJM1t9P&sPduDBy%OdD*Bum2*(K!R`?*ku0mzxn85!6{0#6a!jb=Uc+Ez50S76Y30%=APp!Z^1&-<2&6P+X z%7kkQs_`Ijp@0kZz*Z;X=ZpBLYH#$zBcc$yHXyEfSsrukL2eZxeg@*NhVcJ#2*y1k zK5ddkrQ|w_?IhKpjR*n98QW0>2Jr&NX^kV=-(srw?ylT_$G-Ag_SYIOUePwBRkGV_ z$`2f@x<&1OU670Yub|$3XJz?? zwDd-Dx`d&SoYioTsI*ZiEmF}aoC7!dt%N98DYcG*Wm5&CD0l*znim~HIzzzpMpAku z8bwTcE4s@@heESNd_2sf{A1#ULXgj5yh=a}5=$4+0i#l(n101HW(f6`VCq5o*%Gc$ zb3h&_Bt06Ni4nhu6Wgr#(+fsjS`Z6i(tJo6Q8Y=i!W5l#ltI$g|PTx zl{I6bsFXFfXEd$O#zE^vA^~j>l$z2@{w0zQ!9D?Bmw>UDgkhPS^`bp~(pw296rThb zAo(O*Qc5ITM%^e^Crv;dv{W#qk99~!6B<=vnE=;G{E|iGO}s8q}Ql2k=&@_q`=kEm=q`{%g5yNDr+VWO0UEIDJ9BXQ>t;S zg%B{MSuvV|!nj7#&niWybgM^q3S2D zt*2HhYo^vJMpNO54ML%GkBXmOs8+0{Bl~2flwM^TW~`5PMCr16O^4eyN+zx9K6KF}kD*$~0Ia+kt5|7fuVR zM`;?AmR3!JfXzbiv@RRH*9H%$Z}UwXA-U#5h?dK#l$Z{|(&Fg}HaNuwXV~CuRW_y< zsTy*6oee&vvUK_d8?0Yak!C=N9AUwX9914>6srU?P$*^Dn9*Q^Th(_EXFz}~lrz9z zdNC8m$f`UON)sQ`{>&!j(#*3qxJOx;38vC3nYJv;?6=VeZ19i`hO1@OJQLoP*)%gB z@~JAMYi6NJFcTI_VKYl@@Gcu%X@je6aIFo7hh+Jf38hEjK?%eDSr9Ijm<1P&!ca(N z$E=_YhPOuP@RoGxEO9fI8(r0I?w6kGAjxMa9U1tkuRe3+V%a#}xj52}% z31`^^WM$dt@Zx;IKMTS}VaSr@L(e*<3P{!|rFE7~@EkCeiRYB5)u?m8s8k4;b4CfC zb6(}~94IZba?T}HAIwcOWm(VPT$DyxDCXv?1apgQ32IaYGPg(7@pF5X0dxCoX$MrH zo7XS%8o)wm~dvRZ1*^l~RdCP)I)0i(sX6?;m1SFY7w60e%# zB`Iom%aR&A|GR|NOM*(fB{u7qbSc40kgrnk5-21E`=F5IgEd2=UG`iEt`Pil{mPhJ zcx$&s*I6#Kkae>Ke5ZghuQ^J;s^~GNIhE>41fDv;pmUq0q7$ zFzq1YY(V|LRz}*T+`Ft+m5F8bSU)Ke(_+q17#4^^#FqCd`icxiUs0tB>e3@adobYWRR zk1bNainKCO<=INFa`j5&ag|8B5+zv{*p=|g3Q31TQzVRnEDQL`ZWUi&30KGxyK=xL zU|2oJs~}h=Ue%&D`mA~y(@`QXS3L_DmeREf!ekj*)n$VrYm`2O>03DoQRr3yg(%6l z3atw>ZFIlf)`lGem>Sw61Q%`wECd%;D9;tvE6)`+tGr(gS+a>=9YFreLa`c}$^x|p z`6TIUDsA*rsz9x2Q_8KmpyFTeRq?OyRKl*u6C|tW>jwp$p1&gG>|QmUA)J*`HrYau`mp>BW@ zX(Il*7PU2g9Xuf|Ti2=TjAFQ2#xF*;%C@68Wz-m*75A%wNAa*4^RJIrZd{*fqx;lE z(|RZ^8<_P_PWFh_2UUk;xq1r<)JCD)mQp2b3p_DOuVd^k8K)8Tzii95py0?-z2$<9>45Ue7G#I4 zK(^StRSIQp5==|sEjfWvnrVZJ)EQ8vyCi?uUwTqmR{FHEtn@r%cT1)aEc0w@i4wN; zMwNE!%_{9ySSfqVTWtm)`e<3X@f4bTT?n}GYl_j0&nreZUQmp-A)911ybbP^WBzTm z%GKNIm4~(+v%x3SqO)zM)wv(~wr;$s5lU>kXcIQ5Tvt}DN_83DLwuIX0Vd$fT5NO} z@L6PoNk>}{5M`wd@3sO&$F&{VQ6yw-_nQUTdj7VTsS0O%g<`tBNm;zTOO@*FBdS2{ z$Wm7B03TUCcC@N&+Huwv|6Qfr&S<=Ykecosr!?JZW3=-Y(2X}HIgaTlHnd!hUO4lh zfLj1V6w&ELGDk5s;Wog?JQId5>8yBy>E$t<18>4mi{5q;Oz()bDhsCf!y5P!o!$j& zJr=Cfi(p!xNC9{W%p55eOz(dkMHWo&dL76xibL;t9YRrh$18Vn#ZsJBD^4r~JA|UK zy?`%SblU6UbXzdJ&UMmYotVT-ay^f_d?*!AU*a!$Gm|nw16biT#g(X5TqSvnx!pg}NfQ6Ox+BE_SQsOB- zz!wEv0~bRPlRg9(3KC4OS?Qe#!CojIdCY>-5FXhj;AX&=0PBcEuT|YbJ9>rc&aooV z>r*!rAx7zl?1rTT(`!?=U_@_B-4IUnOh58A#e(TgDZTa}`kZ>e;AO%CfLkn>-j3=~ z=PiU*OGFDL=q+e;kwvFBpj0j>F}>}KZna=~(;3}k!St3h#%aOyhBGG1g6ZvMOqqa> z0R~^l`%_R>>q!7B+CTGLxfkIb1OfMhff)-3K9^;w>JPf$U zf=dxj-&&^lrBGDv(4rTSV~Q;Ljeful7ECW3$8=lp_SkA5U`B~|RMArKrAFi??I!C} zZ#(N~%hut1lpn#7wB&IjLRloYv=>N)j`giCzcT^)++Z_~YG1&37CVjH_vmc=4HO zxyW{5_WT93$X5UAX()$D2lGD@N9V=_8V$mH2{;%MVMMOIS~`68e%7?ToOc&GbEiZ4MK$r(u+MA4>qyi~U<(<3zib zQldYNWcYkCeNpZc$?psI`hJ0pQz8s06ql#MXA$PLg?UK=mOnNdm!~>jU!BgpM^<4S z>VqYIe=`fp1+BSj8Q(h7yO@@mz5;>t(bC`^_y8Lqj+ZkpZPN(sxgjCYj4yBRH6k(` z+l}vCbi_Wg)@j5)g)iF#r#b43{@3v#w4Mi7u#8XRTbNkNYwp7^7us51*X9(qbtcQl zPO}UVPZRO11-YMy7x_0^JhzDF`LFyU?^f~Fuy_$M{_jN0Q4yIJ@n|1Of<0cY7pG4^ zxzMpcrx-OEjsl%N@7;x5eT6x#y>V9_rjl{+K}MRV1Su!Gn1*n-2)|u_dr|_zNn;96 zM7SH_9udA?gp;Bao`Udrgqt52!~U5$BAgUV@gag25xj_CE^Va^HWXprNpmNgnF!yP zJ&rHtrJ0L~t)j+^%hMb$=qQ)S)BNK{mT7XfWr$Y^WigjD_GIeFiXr!WtmIgv9{Ft z`f&)?Ywh@W^9;w>C0*g8}!F!_%Qh4U%zBN7}#QAK5(=i9a}dF zNl~M8hQq6)>}DZ!G_}qu@avg7av+hnoPx{|{qt10O|o?vKyx z%qE+#fdv)}5Mdz!5(p3=;^qa|NQ6Klt^yiukRU-rZ>kYvjk?KfUesW@_XbHhpaBEL z7A@C*T4{-GfV8D8TH2dlsW;jvu}#}lX@9iRmP*L}zt5R-b|$O+{r~&%Co@>eaFrH4_qArg^KamKORat54T5 z4aXIJRoSYyZ5G7Qn}-YO{7-@{;vP3{ff^lMc_FCElQ03m#xgFB4w#W-16P{a;&vOe zf5tDvgT+d=#n%|y!A7!Ll%M@6TT6JzQ6@9TR8q*Vd8a$>iTu$Gr2Bt>PJuMuc++p~ zjk}SS%rD0UdqO`lzt1;`zzxXrv`I#z+9%tTCRL>OkWG~3Lrvya@gnW0jHf&?^|o-E zO1Khn;_f$5t|~UJDA1^uN(5pu2dMIxxJ;Qh23apF&(tP6lwsC8pQus>WyaAJDCfn1 zViSeZ70o+}drAktt58xhI<5Ktl2%y}Wr6MbJCg-C`-{sFxu{0525)ABp2Q%WBI}Cb zMlEa2&{9~{0&QA>i?llQVrng}SH25f>?&Cp8chISTJ$X7kvxJ2jOO$}=)I-2bt$WA z1E*mt^L|zvdSiYqUACNh^U>UEPzjgdYYf9VLwsE&0c(!+0dMDsE6$7Fsmm_52ko45Y6Wy?7Ug>T1}EsB=4 z8Hj?$2u^`VGDRBuc#$@Bvb}E}85x#o)3UUMjK^GLI?8mxn+aXM{n;L6QP zDUs0GrK9`sk&zOaMpk}QKRhy$^)D3X2?LdSQIH#r&sKWj9M0BOJL3M&Zd_66W<@t^)%5SdlhXoPs^<78g9TP;Qym{Au`)b! z|M(Yf5)MUVk5$sAWquq^%@&r0d}hd*M$qkVkxKi6tb)u3Zj+=D^^1|%GPtD9X+ zN4nBN@1xTU=hfCtTUA@PqL|wken9Pr>dnKPo1Y;gyCoPV4zFG1d?6b)I(~qgK(Wpc zdCw#7X0s!R-Y*hP@R65B?9m0?t^h}`VjNonF^ngVus3};9d`L4;(8zjr_C{ z3qON#*t^;G&39%zg+<^~$w8V4=e-yiHbTFxy}Nzfh|&I$m*ydy z2&^yyhqU3;?_=Tc6lTre|K>ZPx}mIGECi;1M@gywPG9hguPEwFBLf>U?dpYP-@#P4 zQAu0WPA49Jtg{IhJ3f#<*OCS3?ki!beo*DG~?9JRpim{J|!AJ zx3V>$QyLlJ&#&JxDAEm?A*KPxS!8gD3Z$|?R~*Of@t;N9u{$O`w%#h9j_wG=^dbc( zU`%CkY_unQPQ}?V>9G}iArhBVNYec1?3(u&^$N->k|R-0VXEG5Pxx%ZYIjU}Ov7qB z(shz0u{v6DquOkb|D1X&c)Bcz46zj#e(@kSs0r&+eSTE#ChTnur13OU#_rE)K#xg} zsb3jHx*?Us+=wxa%XuV3<3C%mLONhikF9ujecP{V>+4>mL9!EwEB^hl3a(U|@dh?p zU>+M`9!bL+VN%JwHo~kn!mKvJtTw5NuW6=|)>NRR!|Z0l>}J92X2b0IVRrLjb_3vw zLKQ|QyC4KJ$rhO6fEXtfnBz_|$EQEUrr6_rb75niL34XpKywAFvhbNb;XQ+1VLaYh$v4&{M zqq0cP>!H>2K*QZ{dUB0WZP7vm9>bo9p7#NE7!E})0qdX`t&~MCA|4hD@yBH4xI-Lw zVMjVCk6ecqN8Z23ToOcR!JHyTM-jKXVWyHoU+);_Fwntp8F83qzWni~T5jpEl>t{n zTSeybMF)ubNNM;mDx#6mT2&z*yiE8wwZzgE&eFq5N$5$=(h#kdSnthRijn)_XL(1P zCUy60sI9vR{F@H`T?7B#0sp`o;#+vD66XBdCHVLFzvAD;1;oG5|uWaXpyM;it(_QjEYr;UI4qxJ)iM0V3C1k&aba-mv`Qeu{2>`zv3NqrUO zjQsS!sH4ok)i8%JiYPE$!|)8mKTJ+DIbX%NY8Fz;KO?wCY&Xe@ZH+ddD;V0;+N^DG zeXuSvT<0qAkbsR{SAmS0O!fN>XhF!D{n8XYg|H|8QBcWl6v(fC^_#UuB|7U*U$3QM zjIZ**4QjMF@{i>lF?0`JVOUWm)gqoY*3{_u+<<;1#&2rJz*kY((%gN{@}Dy2VE&M8OSlpHkEhJpB;tJ{KSz#W$r+QN>z7Qey*>!7&4*bv zV$}Bf`KNJaACo<`E+gRIGmmd!^+JWK`4m@$7l5ax)rR(?qr+;1z6akrP)cA|7qFR%-HwJ73QCtaFREY(H8bzC1yK*O(JfuU-ZhKet=!7!);JF`ZctiEvaoi*AU z>K#ROVP%eB@qSVeZcDc+LI(~6uyXTL3o$q=14W6{~n5T7~qWJAHZJ^Xr7G;H`ZjbVlLYwk#-c6yO7VX9(?GnJH_p3Rghqkg;6@ALG5G>gW_%6xV_O%a z&GB-|%SQ|-8@17p0EHt?{87=vZ$6~BfT>bqlJo&9i0;tWG3HX78OH0kb=vI-$HZ=T2fMmX zo3S9AcLu_dV-w9?jwmz>lR^&{NB;La=JZl2XNARD>Vo`m111X3{FVlDg;RN;Z-67@P>XA_N8N%2{y zaZfft-oJPaczKuCp%mPF3Th1}D&GPiWzg?DZhSgTY~U zLjkbJTCYvpbd*F-Rg#yJypU2vRioFniL5UELII9VpbDm;GIg+)2%()8H0P7OP3UJC z>sYTXUEYlipCEN++CRfP33rr1MJ z?be~u;OH7hTKUupp(A>!uv|K z$%$|N$uuT!{*L)dwPp9e`3AZZy_Tbqi+3kNu{iR7J|q+{C*DZij_kTQphQAIx0fuT zM3tQWz`|AVczXFW+VYjK6Q$aVM$e*yP~_7iU6c)c@8n_~O>H|*`+-6e(oS$O9K$Kz zG-TRJ=^TYoG94-7D9{3DlzAH|Y?x`F(Sxz}Z6uT1vAXC~0R~|tnQRyN8MTyUL?_#b zI2tA7p5|r5(K~FvEv~;o1#iBA!S+5({efshI>t-vkTqoBA5DJ;5 zlS#xHW{`$b)W5$~Ro$4GT;S~-;ua|YE7S>VM6;3;WMVN9X-8QPl_i|mm95%b<3e$y z=a;5t@_8mlm4_SQ+G+(iIONi>2P$9;HfWG?rC-pv1Dm3o7`I6j2E5XuvFGMHRs8kdg*orGr<%=JawJ zR`JX*yYlIo=%S|jV9pp-pF@#eIE?jUu17<^9J*nVBi*LTL{5-g^6tah!0gUqK%wqD zl22*qr(9K&!>0XpSrv_Nq3+wJ-9PWttzt&qNn+q4ICT9eU~__X`Z}ppI#jgvWJ`ti zd|cui=`bgb;>a65miBMhZ0^cto+|D6S>O4K7+F)$cmSQ)>>tou5FRLwocI$vTczFZ z^t3jCF`oDJ8%|FAlGg6IDHFPqj6eFpVHg}y!ck$nZn~T#M@08??>5rsBsr>4idbKr zwn(jIu6ixcnTD7yR#T5HZDoM9*K2d>NDKeD#nT5SrU-bD+yGG{FRA2?sK)g1gzvkM zC%}qOe2xcTmB@ZnJOhXeo3Pr4D*UV1o*C*5tn&xXxH)6im@atUd$;d@--#=TTRjFj z@xhLI)-0is@1Y`gd7FB}tY57EO}qNlHPTBg`%v+6?y7H=LdYAi;6MtW}X*pty4)P8ZKi#Pze1ur}WbP;+yT zN=H4A6p5S^7ZfmX=06|eDp;sNo8{12SOpySc%i3vv0gkU>qDYKk|q6o_;PBPbvL16r;iOZY4ei;_-IPBua@lfG<*G|9gae{ zlOi`#V5#tKMWAGEDGIewg?KiDxdAG}UJ9twR;WcNSt5i1vHj}8+f+f(s2EX?AH^@5 z)u=^MMpJStV`T&$#et3dCnXa=9RBF%xPY>?q-iyLzm8mytVqrurcm33pZ&uPk>nHGfDd4DyV|7T`DWsu6vCl5ba!@ z;DBedXdR}G0^#^7vxEYe|0phO!5qp$oZzGCM$H{6QDM2DT7wq8Y}PL6p!(vux>3cF z8xU}OKdWj+XLaeU4bLSm$uYOps4E~~sSx0bYoi&brL#-T+VshrY}8PHQ-CC#i20t@ zmXHg}>dDS&&U8c#vYMwgcoOrlj;FPI6B7iz+A*d-qb+kJ9B28@ph&_1tHyJ3qE|F6 zQAV|i>8y*Vm5DT&2OLkV-uJAwVsc_o*91tgjDWw$BE}Z5f0$#1T6@w&{w*wEgHTN z;Vgt*B7G6U>9+I&gnhPjkm^Xbg&#l|T$c4YFgA96MZ4X24srbF0h(y{c{8LaBK&$x zxH~3%HYWV@XqW@)ucKkJ{@+Ez9GIZ~DH>sBxWN!vz3GaRdM?bKJ-Bf9#xcvzhr(*q9*XDLh3vcJng$XAD3N+;kCUY~5e2peuu!9hfv zM+AA$0&g{RjS0O7SBo%Z=0Ab(FK}2nfC!m>5#dgRi$wlU5Wb3Vz8R(?3f^pl3q=@u z?5#!n(Fm9+FNq-_GOR-wT~DbM;T?ea&qP44jtPh05TOQf0s*}pVXCi0l>Z*Q&jATl z)`zZ*pMgJ7;SkO}gpr}!EZ{_Mosy5_HW5w-%ztKnCwl9YUPPpc^fd@yL0BL_ez2xe zdEp?NZo)BtqWseoqV@#>&KM1K9;P(sO3LV{*Gvv194lT zVczTFcB1{cAw&+C7{);>)5{P(C&Dk`XdZ<RHaH7H~n??X6@-jFT|WFw9LObX-k zG5a1Db1+2Fs!eNYeb z7n%7D*Vl09+=U_%!|x&tTvX9-T|YIelUnbBjOoO!WGNlgDQZR7Z&sL)fH1LG)RzDy zE$T&BbnAowVE#iRr2h#x?6-C|Kv|#~VX$4wG@(IJ)`bziA{y9--JKeQ`$YH~urVbF z%ktd_gJaR~+XxfFLPrvyl(!WjoI>Rx|AfCFq5=`gW`&7y2!n017bH%`!J0x@00Yl# zgv$|b7WuOQ(~tb=fs=`=%%H=Cuv6K-ZQH_a^nXkB!#f_T*;4Z`9N|4wvv9|wJGU-e z!v3~bn=x+N)@_yBw^Tj6wPMSTn(bd=i`uj)lWtZX-?oLyJ+O28_J!43ch)RioW;u8 zwCUc(i)Grj$98^sJI}#xY}2N)Cj4_gxc#9mPqJfe+Bfta5ACS=>UnMUvTfvskDTpo zd${@u{)9ijoi@*Xe&MRvyp8NKL)PCDdD5agFvNX$Ade#Q^9QyKLr1R zAeP<1v^jgLQzx-sFfDH0mhH7mYz+}5;0p0rxFQsfEfsqsX_Hv>0qx6@x)X+!lYr26x-w3m9NT!#T1`r<)=|miqeShurMNzmQtbO&)eWZ8;sFP9@D1-oJ&Px zbPZp&gafvC5F`D`xFAaDS&SUv|5I?%psIHAjy3DidmgL+w*2$U2grr2P=4Gvm$CPJyBWt(kzT7@Wy z{>1&3ToaFCq!er%g9fCsjLEkOk3j=bmz)(iS}OC`+TzhbG*5?B|CnPoxCi5_JYG-R z7t(d(n0{N~%a-ijE*tE#!2yd~ZXhR>)Lm+Wt896|3BeV7RM&2?%MAsT>~cc{QZ(*C zTl}yUpX9aTld^1Zku6WTEgl?_btbh^ys3Zurow0f*dmcg0w<)rldf7yHx>;`#T<)< zWuCDmws^=snrFAw@K}gg)<4$hwk2G!B@9{Y!lXA^U|h15f1HhCI&>=u7-yq+T#c7AFwJNUuroj8DC{lIldV)Vp+D`LTLO6Tl{$$5BkRs zT9snP7NvLsSS=}-0E#7Y6a1D|PXIzv+b5J@ZZ8_1P+|FvnNVvvG@8(65ku}_=S%xP z0ocg_hP<{H$cnC5-E1PbBF*ze$UX|^V+t+uPejAA-%mutQMkhfAGh)w6TfYZU=zP* zjbIZ$wc@=Pz~#v11;xdpG4GwWJea0O^X$fyT;@4s%X7q*r;`(G_CN1ATcz*W3VdJ{ zm;`YIMWvHys1?KRq&c=ch1SqKsZ3Gskoj9I#}$)au$4VT^4B4B{3by&rF)f0zp-Wd zy_IJ&Q7Iape4j18!}2|J1LYTaZuqm6CmG_CN}UXS;=~aB>|luJ$` zrb6CQ(WZina!NOK!0K|-P^a{yH!TqDWri}X)aqu_s;quIt=Sge9xb3uLr;<2avHcI z4b-$jD?UZB;#2Z%@r9N%law&^AXER8l>JtBN`Yp|u9X66o|Snv$D z4bHT|K$KiQar$Re*b;!X^aVwJf1~hOixV^YZSlhv>`Sr1**18i4X&}lZD?OM;5%VU zxL|`XS@297HRM`EmYo^2L^ku74Mv?(lrzs+U33=8uHu{q{j;(yb2}?!&4Ok@X3`AL z>bCs;Bw2oTUw3fyeth3ON!H=)c47<5M>kwcOMk-M%sW?(QF`5DH3M;tucFck=4Iv zS6OVI-E4!~ZSXN`*)_Yxj8=0Ewlg430rKLbJp_tH>b~H`(eDMnU}0d$AaYO>qF1p#Y)zo5icpwyP9%W7bu+Y-k@P$_%LLQpBSePOjV zP%Ui3`wD^R!lP8Dsej5sU>z-d!IINLuu;lv;Z;ini@X+B76mQp7gbp!9xkhkmR$t# z$$IFc)hKL0mU4$;QMa`}v#8IS-7Z4Ia^EH^*#`S^Y6A0S`0mt;$92_ z2{+0HDMTQ< z&C*Uw50;*_w&Rup3CYrI#Rj9XXnej6F15imHaKi?F8dfpRB8XS&s$@EHmH=7j+>IL z_?xON4&Bsl#V-SuGXFB{~wEBH6T9HO6*NgV$c%19A!G%`$%dN2Fmy5=vymQ+v&gFvDl8d?L zEDq)N+u|=6?kz4<6Cdqh6+G>EeK5R=rWd>|*e zMZSomFhsUl~O01}eo72Q_9QJF)oXR>Rf85>m?FC(=r7Ec0l-C8-z|jvDg;*w z+pGo(&)ML93%*si!D))JOO(A8bxIp^D>$@O#-sjwWq)0rWyyOr66B>dtB+dUZ*{i~ z24&JDuO6_tvUei?X#<)+BRnt;LD8t%|Z&G_dxP#jSO^r7P=F zY_Q*&ysRs?s9#rUgKHpvxlOVTY?NJY9oQwUUa`jpXIhmOgF{joi_2^<8jxG~#pf*Z zT-;~bjAAJo>VL&(Ojc9^Y9vA>UdvFFq*;Ya0=D@7u&igvKFfNR^jMSC5{N+V7nMMi z@>Sn$UAFoEZD6S!I@kNHsrULXS`Dn&vf0VfN1 zD`1F;$Jf*N?-K#+%PF98JSue*0nQikCjkcp`~$$Kj2Fi46}=@TSk(ZR2pDxJK>^JI>}rg*fkK8rw&$g~G=t$@D=I3(cT0uGz71Jo+b0$v8VMZjAC?-mV! zgUV46k96gjfS(6^T);m9Y;=mi6$DP0u!au^lr90^1-M(lglLawAPaDxh$jy93z#@G zAmC2{51O#P6!4IMs{mgzVMBizfy*KRn}Z4v;UY)}XWVAI^9H~k0nY;L6)-4PlLg!k zI7Ptk0`{43++@IM0^R@^_44|Wt_C1~l1*GI0)-+I^gt~VFur6|OH4Q(m8(GkZw9VHS^FHjSl)l*$F*(o)<7Z z2RMw|^Ll}a$4sCv7B$fTeXXd0A}UN@Dr%J`OkXL|YkG>OFBCQ8<1o0Ofd~!{gCO06 z>7zqEO~A;b7n(4AY^d*s{HeeVVFUyl>7zpZk{M4Q5JFTu4}Co76cy2jgU*d+Jbi%d z+;77C<74EbI%k5)xGWP+^#T?Rr=|dIG2>?&mk~H?2IhtUi^Az;V7(|zUogj4n|bJS zyZB}SR{<6c(`R<{%AOjgPwe6c1l)=boj@tYF90DfQ73&>=K?|oPe7%vQjsYPxXpy= z(>d2U6Q5I3-WD};Z-4ZiRcm>*5 z63fj1ebts&BjAmIPna-$%_f~L2Y^806*K-8AUY=7gm3KuERa~^0xUSR#se7T3ArK= zIYtmbAEb>Lrg+GozD9E+BhSE!|ADy{33b+lhsB|3~c6Xcc^r4yik_ppCW=V>G zQI1|tQ$6%?SrYyTrVq=Kss&sDc&4b7J}65%W+u?bWJ#id_2sOmM|;(=evrH(H=sxg znwMUYZ%;P8BI9}a4#%9h+lk4yvCbFNS&oB)EbE8xeSF7u)Yi(5`?OT`DhngZao@1% z7I}*gN#{(r$cNFWHq6~3kF5fm60^_@kuzhj?~$o-kE7RPtW;0z zS*ae&+2S~x16=lARKf@!$6x2(i;fd}wm7=>taNnauV?Q??d*$Z*h9b4W+qkm4fPo0 zulfx~*U6*5(pG6zovo^Quv7R}^E9l~JLz07oDaDC@2r<`ek zTNk*)2{$R^W~G*pBNffzO_<6hck!OdsgZv@Pt2K{XCvkdsb?GJS$mq zzxEL2ztRucCX_=SEr_pRX&<1vQda$e_BBY-dr?~n#oKsMyJc)#=bkNk$?^aRPrty9 zUep@r#Jy@d4pve&zU<2PABx-OH}q&45Vy_QqC2Hxu54DqMy6Z!2U4i>h_?-Jlc*yD)#QERi+eQ4 z4p#dXRJMKYP$;?Qk5$6pg9gu|3q>6UyfW0 zH7}vl#0r?Vfx3b%j|bkSbboVX*q(ke@Owx!=c`c8{6{jvN&)vRtz_ZuVK?0N)B!Jo z^8r5+Hq;;~APzjc!!M~g?B2hbo&AG$x7y26hP2{>9^{@a&LgWYUer(d&**1k;@(1B zS4>14Xya9InBdvt>exSM7@R0V&ZJ$^8GmTJ#vQm-^p^3)3N2B`g?@s1_q$S6Z z-^IQ<={2PQF0pWQA6+k#{8^Jf>=699!#|9xDWas&i-&^e;XUV%O7^CVckB1$V-?+l z@Bd!n-8dP3L&#@#I=KOmKC_$1nHXFxG?9-toIRF~#W*^r6(boHy2-eR%1D#C$?FZ+ zn!*qMA5y%#^7!H4d1Nc#^Ev`#prDc6ggig1epqpxIjp2`#L4Xo3>ndmM%26kUY9Fx zVB~ZIPDVpTRMg{x=2jRl8z0x=ymqQ!9)UXE5N< zb{sTDn3&&0`QTU#&cb+SZJRlA%;K;bfG?US_B5#Z3q3BOORP#^G;|w2`7AT-C5j&wp&4;t1e~JoF~b*p(H?35;|F z;Q53^W$f|??Bhq%(_H>Rl*_Km_>H$N<4!N&z$5DnB|t3QwMyGuH*cLcClCoyVYo3# zBSTxaio3^D&Nuf--2}sy#8~4ZM#xyNiV<+9|o$b(2o(n<2T%k z0TAouoPuM4@I^h__~18QX)z9M~msjdj3mN)gKyl{eE6zOyKx)rSIFCW2a69EAs}R@+ ze@rmE^okLkmi$Y5q^Sk7THwjyvY8ecB982up=~|@BzA4l?y1YT#k)sUJoBI9K6Jb& zAO7+;6!q{HZ6k7i|RdimuNXaN2ws318+@f!Pz0#L~cAd_x(O0|Z^ z|Na`8B;VcJ<5rLZjZkw@aAUK+qO(CsD~|kpEgDbf2I91mIscI2Y5Wj#s2_h)8>;)B zH*gShvJT8s;b*OW2;@pR-H6RDY;>9ZeZjyuwo(i~@eeffD-3Z@koC=-@1G-44_0QA5yA zKj|oMxB@nOtC9&7^1KkyZ-<7ELzPNYnvTB2b(tJfz$0@xF!6OsqlT{AwN2@HxmZ}XlIP^{wHKpvY^cD*=yPywT``ZO`AOhc0ozwSb#1P zOlSwk^fJ424U4H><{s9Ts%KeXSetfZn40vDC^|Ye^)ZZlKm!Ld5wEhEVeJ;x!%hxs zSvOwZl%Zk*?@(|H3=K}_AcAhp8C`hhGyOWoua<^XJ%4#1py0BWLdu4Y+uM+;mgRMf zbP3vzH|@Zj<3&COokv=A-ZUjH_t%P+2Sg}OZifynH4lh)<5-@H>XD#lMAX$ zmtZiDFqH+TmC8j2+5cR}864OFICS%YOG<7J44Myr<@m#j7SiG|4>#7IMW~# z3%jtH%q!r##Pd#i!us7u&-#C?^YY6Jq&RCxoSH(7lJb$_QRAd^5-}js891U8!cmh> z$_d4sY%1hWKFn@coUqKE1O3VuoG;`naj&N+@lrdf<03P^w1(?W`(M5FDSvtG+h<`3 z_#z;nKDD?!jrpcB=sgWCnLjsb=!Iv876W%4J~ww0bAvY(+yWV z)Z1VAh!`E%dqx?4EJIbm=;&A*s+m?>fADLV#a%C)|3bh}jLmP?nyL^`pbAc?f)k0o zq@lS3(eU{Yq*ph*_O;h5{{JzWxB{oOae4PfKFvE7`INX5BN)tI4YiD4%L3JbBPn`m zq87ZSBsZ*7tGVMuTRa!VbMRW%K9X5CuPL&<~#qT z7>!qkf+WgfBXWHJ>`9L5AlY;7f${83f#)N*1?PGXID(1nNCj~O3)w=GeZ%>A9gz^i z*?3|M8P1f8n==J`RYujK=$fK`4J@FV_qbiDu1PG~%}j;O`XL*xSajh6b(tucAnlcT^HJ_;mpi+u`;4aH0> zj{N8#DcphO%;C@%!GC5Vl?UNtBmpo=5EmBUbxP9V48`%S8v5j+h-H^oPHCTLA|eM}lEUiOMxW zYE77?VI{cs>u|Q33_sE-O+SEt=?^hl&E)>zOoyHr3+;{3{uq4c9R;V+t44G&r5N^? zV>aH}p-y67()3(|+>~N(Nu#;aWm=@u^)cYgS~88`OgX$gdhjeHNs-EN^Kx3*FNq>G zYBjX9K(|u9sA=Rp=1*zF%||k_sAJ`0PwqUV;K}ig^kDlWLT%CTi#TQeuBoW}G~7fB z4xutEsw0CKEZUe~*H@`SETrp&`H<-_O?}Op!&GxAv7T7ImuwTLfL*$QY?ZAtrJ!A@ zW>?KcPJONQ<%R)SwQYLVPLWrHAe~&&MG*>ei*0UI;oXfA!N?X zR5sGc-l{4!EG1rlTdii7(e)v# zNzlJ}YY9=`bdf~pAx5V?{w81HW*=Uuk#FasZ_QMSq8$+1E04b!N5&jexRGxV^I>%| zSYe_*Ysv5>>;o5pAZ|i|po(erdUP%YqnMAY(kTaDh#99p#!W=SJ**>9UpBexAU6<= zj_zGEl?9K?qxKy~*`-8%?lfBVXjF}?B5+Xa!K%e`cokbX2JBB|_m0sQ;qlxUea50x z$E8i{)Dq)4*!j~AAExsfXu|f-NPXahBN_Y6SjJpyMHp7~S_|tNqt9`id~BZ^(&=Dn zZru+9qvzAW_SihyJkd*XQq?bVC#a|NlD#jX>%g=h&d>@UA#H(TvKqIZW(f4)DmCJR zz3zKuhJG)t_o0%W2Do)Lb_FnKL~8sUBM(65sv1<>no+chrqM^y$1hdKMIOm!fh7Hg z*(x%o?>(cD27nzA4`$ElXk6cv5m$cztOlZ$ER>|*Vq702vbVyfV&^%Z_KiSV7B(o| zLLt+z3Cin%b*KQcT*TCY5hnK1E}5qxLrIyx%Ym7xT8Zb=uns4hUeYV`0=(a5Eovt` zlmK=bE1@RbzH`-@53_=bvQg2ihzOHsUF?cf;GV>Co`KR&M`#1Not2G+*iW#QvHBXd zlJ(-T!<(}TLc+?t;FK~OcPw-m;f zLlwIEd0>4u25a0BsGnuwarzCn9fiq!i!=3*QbvShBOwb_o#k!|O^NUkH*k8SR;=Kt zFT92DC1SM6;E@6B*PdmARgK??4b$31LPa(QmP_5HLHX7lv>L-!)^SupODD`I z^~=H(W&^&$j*ZvnIt!t!SJ;K|`aH+TWtKcaKjL`p6ziU#w?m zz4|+j<2fuaNuM+4_{*l>@-IHJ= z`cC5I!C2MtO((lNS%1~>>OJ&KWoK^CH#lDTkOH$#E=$%os|!xNK0|*9cSgVusKaAy z4!o9=OJ-mIe7v3ogWE%j0qJgpUiGk^Df(QshYjIz(vd&3{O?`ueO-`}v#&6ZBn^Cr2U%vs}p zGW-p9J#M-2g@5X94FAD>vT2$gb}WF#jTC~%;P*&H!wj9jybDKEzV8vfsHSxsb|e!v zydPvu*KbhYVnx&SXK1b8I~|=d{$%nD-J@=xw*cU1E{3E`yqn>7%~3(&H9lx`4+U2a zU_RP|zX<+jC~0^98t$O+A}+MQZ=vjr{H5O!tlcB;v4?&7lr)(@<{9+UuCEt!JGy%U zgEV*4-FLFxr~fzJRkEsC`hyGZf`Zd1=E5k(_ub9@p_~BQ^aCr@O%3^K#iooE^?>i% zm#Y7pdKaro)r-|ltSc27wu$1|V5**n7+;z`fBYtz^5a5<-WN}+n_e7I?>bqQrvF%- z1e8EyVO}}kk3CP*(7X<|Y>qzHpuGsXAQV&dh6W`Q-Gn;@moGbTSxGbXYP{DQpyI?T zph@hi#f+EkjcJye0ID&2#SA!%r7Wxfrtv&Ku@*kjkHUc}`OsAmixZeSKarv ze&oJ?Ponz)WSWLdGms&*;XY+<>zj(F^^bU~kf0>*S&J7sFDlB5^~!wzfRYJ@q_mt- zkNRIyo8b(ZuWec)2>$`EIf&=qP#iRu!}36>Tfs)=>OSKmZ{3QV*K*?VTIX5CLH75N z42OdGJtmTo_v=;^yhhtc&R zl*Y5ap&fB-Wndw3a3B~})Tdy^j3d|2g${k>CBMwXA8KgN=WHYy&tm`T0W2c$;!9e2 z!O!UJpJIhgewz7}w-{84xE!(Crj<73$Efc0_dq{HJrjr;OEA|1#%4AlL+^6B59IA~ zv;WS}|BvcsXXfcEC%8YRd@?@LyV7{L8F;q5jkHXE7f*Ywkuxl4;CkHH-8$}k8U0N0Ym`g+IS1+0CszQl+s z2jpQYhun%GrNE3eB~(Av8>-{`@ae<@GDX-1PA)io-A7w7v=bX@{)q1v0BI-15#pqH zNE5R!M>gqC_(T4d!P<-*gKZjYQYRx(Wq~D_A?d7Y3Ep!Lu-!}aX$eWBDVPZKuucT0 z6#37nr7#rZq^$W!c;wn{Hn;@qup*Yel!gn;BCc}H;X6hV%ql*;%4(OwreQ(!>3ML& zgwy0*C&28N;9lE51%*H!ZYa8`94l#%^I4 zVq^cFt=|NFJ$W`810Ti)_cHxve8y3@OivxZ3EGlefU(I`F~N4Wg`4%e)fATL*QXl0?|~+z z9iFLVV`edi-t3Te(8~m2ngXAveM0N_{)o`J6lk4aXkFI7(mJzFwOVLg)}DAWTclx~ zetk*7eVV$T zRpnr6Rl!`01QxgVg=?Jm)F@LVUH)&9ior3qI zL#!`Xe{KOjV)?QAQ0wp9NA@`JQ47WrTnOTY&+}wjo*?a2q`ii;Z||AyKKY+{`XyDp z#6rvU*RhG8wL%|p#O1RrjB!5NkcaAJ6N^PVevD5FU6BDcXS4Q|dNNIq-NpgDPHR^c z)`P4D4cuT!$^3R$oE4Z4pHfPwE?YfWR1eibd)M^h3h%hE>Q$Q2Rrq^lZZr?#Z9B?y z3wX#;0xne4-Mem~|Bs5Jbp*$?i+;EQ6Z8>G>I+f+I=a|(z$(@P0e!|Dc2)r$Uv79##oQ;Hun!dy~00)qD`ej3_hZlAfJzxY)$pFrqG61Pe7ldwQJ{D ze?Xr-u3bBdd9pk7gd%=(4(UZlH$nK%b!I} zy#mx+p(hEo`aM)TuyW<#gMzwg!QdW*>s**PwFgKG&hb5Z%2S}YL9P*`dsHx;fH@tx zDw)eCqNgLYn#sqTpq}lRMi9ee1yLONpUvn`9Z;T2K>SG(24}(Pt3^;SEpSjR#nTD5 z`?`_ax3CrIh%2-ZURL*E_>iJ>9LDZKGbnw^7i>k?cxoOn?jwwoLodwYa~^I7`Bd^B zmsss8?2XWnyh^{>xCGp*VsWGFw74|!P{PDGY8SRiB|J=qh5keWK>yeHH9^F<4B*;c zL?Wfz>L0NSU{ojBqGwatx(s$#p*}UGp!?cYs)IUHapdoV&?gruHkBbX;fA_UPrU1T zcvFUU7j0y~$kbq?5NuUW)t5NF_V4WMt@=&l@Qwe0 zyYTjKrGmZAr*34f)%s5+BwYQB>ZDjQf00|-*|HTs=n5C4U6r>@Sx+A^%<@Xz7a!R73SG+_$eXUbJ`zy6%eM7jol-5wid6C-f#s{=A z$G1j3Bj=zK0jvrFV09KMqc`t`gsj;`)qsVhn$0e))o10ZcqgXa({WJ?(7^YVGur0B zY4toAK-9C*G=l2!y3JX^y2Rprb*{DV@U6T#;gnUbCLXBnVZHAA4J2#t*`IH**E z?N^8$Vhkz=7p~xibO31^S$?se7Rc*?=0d1o`hcmu*MjIzPP&dyeokQ;fk-(zGQHNf zS<>MF)>5qBIFr6Cz}pp~oz#x6bLfpC)XP*k_CX2eHuavTAgP*n>l2`1jkG~KTqDr# zM_C0!<2@MSFh^IDfi`t;Y#74Kf`k_!NYX;Grs5OKqJ|mD07%UC4?)FSf`LtI^%Wcc zpsxs=8cwOp@CUKQ+K-npgPSs-CA<7apl)^1YZ$99;QGDbfi2o9YT$)4rb^>W#KDCL zIHQX=^sRyV@mN&`2ZH>oIH`J#%5kVS-ctvI^LGU>?q72wybAoDRB*`IhPw9y_7xRYW$`d@-CFd^59__q_?wC2;Zp$|iW@W>G2vuKu$ zo!(50I1!=?BMN4r0gMQd3e1{H(fnjgSTgav0r@JS4!LAH0*%h|n2q=IHKQ2*ixj=t z~((`daXFJ^9?LpT=SnTnjXMX5ge#O-qM^bT#<~g^(3}oy}srC ze+(R+0R=6^9N{@^pm+cMD6PCmD11F}`tNOIJFr`oZQ2eUD>DdS-7Q|O$nCmPH?JsY zs_x$_jTU@e_9o-GY=o^3yfPwJu?Iue@-DoQ4bWS5Qa7yq z2Pq!tnpO~>*%9YR9m(3!l%#GY^m-2hqJjV+0wn;A${^U7Z(2gYE489W(ml%hFg$k@ z1(e(I#HVxTS!Yn6ySyEn*A7foj{)aP3u$7uPdN&m@=&p@c!{(JPxME>-57BDcjQVx z3*Dio8Wm<0*IS@+RbH~Ir0jan+ApI!OC<%yo*dbvsH29CS^XDu_c%wlNT|duB+0k1t$%S$EtZcs zm<(urB5R6x`jGV!>n_u0B%xv*4e?(U>)fK>IPMm@w1y)A%Jo8arA(iHW3|X5^X4O| zS;Xz%H{Cgz-MLwxiLcITHq%6Ki0$7DM3ULL&EPfaphq?H-G|9W8!NmI-0fyn_W?=g zCDwi)gzjeDl$gZ^?$eiIMeW_9r{2^eTEKub)xTdFci$2{E?_vF0^!W==B0eBWKnVOtaX8V%e?IFOU&-9%Kxa40qDLp&SPqo? zSg0J-#SgO%3Z}7hlvu`uv%KSO9kl(MWQNVOtN{o7O|%&uAt!JSdr#OKEW8Z z7y0@et8fd>3vt#hLWK`FSI48+263~G!~zvSz6r<8ia}qNw6m=H^^9rzqxT2VE~Ezn_fIVfT%Veqd4fos&u9Q(G7+wgf!PlfKv#r0?$C0_ecGnd+iTs~ri zr7{nixR|-KP-E}D?N}}*=`4G@o@*op1QKrX1fogc7ysp>Iv3qsbt@PktQ=U7R3p*_ z|A{S0Eh0{`h2n&~>8L;dQC#P!e0iLwNoPf*S3D_WET7Rkk_4ZXb|99{{?e>@>3TUG zC)^4i&?h+%SNedy0VBro2e7l;!!AFd&zD-QRk5@O^@Wqi$?m#aGzK=0^Rvnav8h_k zI`Fvlm`DkVCrXU#HsLtx1+KU&M3*FB0*mgv{KD7|Vi3 zk((UNQf)t0l#N}$TZZ3-*A2)upJzy2wy=sQ-t5*u^yX-oGs*!s8&0B2&}ldh zVjzYUP|k}6Ux^mrK=jr`LAc|G$UlUnY?1$eFhW!L<06c-_;b*x77>nNga&4lr*gq~ zL(woEx@!Aq*A71x{QtS{f{Y58_X5EX~ZHiJ(qBp8rJnxT1_Foe(;ppA^YLhxDIB z!zOQan3?fM5$O>a|2~?51J3bCKLK#RNWT`7F6UID0Vgcl^C!aFP@n}d)gu4HG3g=GRfZ!Z(w~h^; zZU!#pA`u7*;=nTVXCfGPQ%txZCcGYQRD6gVHW7-8(W$t~nEa3PFv(vu0G6eY(ntgt z!eAS&J>yy&cLd=+goOy=z6qHBM0u;*@z}WYB3afy5EK3@g}MHj6~u#aGfD30W`prD zN)5#KhA<|)}%%3PfAL#>#5kpEmlx&ucuutR<3EAGb&Q98M0A_!E^sIl2uqH*Aif2q2n&(9(s^P0Gt0Xc zA$>pU?-k_(;Qt~hhHTJP471$^t!@_?z7SKv4mb_XLR?s+KM|82)9qYnj2w$9;_5>e z2DfY%44g34uJ3aBQzZh!b1@aZ6BGUzuc5#p<*Gnn7_XloV|Ak$raQLGpE)=sOo|E5 zi3uBvaSR14)6a*iS0XU==L>}F<29lap#%4M0eD3ErwCKO79tswgm5OpLg~h&B1}lhbXd~+AQC=xG|=Ff zyAaV~%kU_|#}F31V9axX`OjqG7|h{Dg+bw#Lg;{O;2SaN--!u#E6Uaq(0Wdc|6_=H z{u2$nrzqP%p;~5AI0h8k(`jijDjYN1x-(!Bsxh$<^9OfMG(RutULOs!zb(Kd*o>`@ z#+qT6H}hxqCHHGF;UC6?A-4xf8+V&nyFbMEj;?}xEqPaQTh@%%pQOw3hS@+8WInkIviz} zW5O;vYtoyF@2Fg7k4=K04?G{Xy_%Vq=y{pWkp zfEWPAg5tfPNUHMK0{Fw($l7c5C$pC+1r-%{Zr}Fs&WfV#TPwEjH1Ew@%;U|NN0nP2 z+P3qFYI&vJO|19{z08r5&0cvzKeYG0^mNw$q@EG?rR`tB&1@(2r*wSbZ(h-c8{Q@- zSvShz3Osh8PVZt{>h&r%Zkclu`(?d;+I9C%+{(A%);n0)lX@xpPeY%?UN!WOGgm*n zv!JSG{njsSe^gmjxqaKe6+QeY51OI1LEyfVuF|X8{t!DD*1zbX8}x2@Y)4haZI3=! zu=Bx3SzLpj;aIZx6MTxiL|2b5K#H3s`mA;7l7F zw80fh)E6_|?dB6@9VwVUNVo)30SUKSPAbX2TblIUsg+u8Gqq;STSNivyanqn4Cx|X z&%$smVIU;)>tDvOEL4N0`U`ZEFuf5zKxON-9gez>TJ^Y3SoOFE zta_4Cq9QYtBvdLL2PYNU;Eh&ANfj3BXcJE&odglwB9Nd>yHx@n>#-Uhi^f*V_#*4d zm9Y@zTIsuaY>VZocI;IP9_Pl|QWPGS3EyiHMnzKF#{to`GCqWRJ0;u=dn(~R>ms3X z5H~cR|2zgN-5>*?Ub5X&ZrwEE*{vvd%RI+zc~I#+B7Qt5mR^v@CtDW_&<$6cWu7XG z#u9EbMZjl`<2#k;H7MhO-TfldgaAfQ34`Ja3HM-1A>fH%uS9xciRIsUVl~DrnFn0? zf`mJ)yF4a#L;s}*;)xe5xlSCw>{%8Vvb@$#yka%x&B7QZ@_6&DN+)MVl}nin>bHwL zlR>?-ACvbh%0oOJ^iMu!H9Wb?YG87|bvMW4!T*=A_kpXry8p+|``-8a%>}QDdQ}vX zi=u)MUKI7BsF%b-#f=h^6(uGXHY!RgY8UTC$zh|0NxrF(qFJ-X8Z|d)A<|-vmD}9r zHfyfYV#}JJjTIFY!teQdzt7>k%7kEyw0EZdB5MUa}J)?grFfQ zXu4OP+b|s&3rkEdu<_vTzl#q((>sAxX8vL_@Qf_>ZjPyt$Dzf*T+4Z8F?BNInB&rn zF|9I#m~I;n6cwe68I<8Opy)Tb%o!z&-NkWehAo2`$Ur2X(S@y%IMd8LX`z{AHe7GR z&9d|}FR{@hGH7Q@(OqNRk|#DAGXOFE$HvGlkz;FRDPtRD31WNjK+P43MJdGr6LBhh z-*|YON1pi*mnAcfE3{!)dNgeV>VK5zwlSTPn$Aj;O3Z>#(GF&n%6>enMp|wb+LN&2 ztPUGK18-KYXuO~AWKaDsz69>0A|fag#Mjvp^kYKAdAz7gu}i&I2!b4Mu?$audBtr# zA&;?rJZ%E_Q2Hau@R1F*ckltu-5#5G{Z9NwjL7!R#Iz z4+G7by=eAz|kp!A}l&4Ci5xZ8$% zZ5Rrri}62^;bQ<7niwtHL}IGkc|0+|*dv0cz{Z2pi#C*q>KnzVK5=$q;t82?Vvn>$ zV(1cP>O$y%+zNfJTPB#BA(fb$B}+dyN0xqWrL@-ET3cFJLRfb$G8W3sMHLgK_GcdO zE+Xcsl4%}FFU&X(nT_I78xGrWy|m)I7F+lkS>pM{Hhcp43zH_H#G-2@Av4j4l1ikY zq~r3on>-V9eLk!v&jMDdDA>ClX&bmjlaW^3rjx^rJ@lz%~o%xnS7B1)O! zk^@o70=%)M%oKD_JY+OdX27WpatugCi4C3sc>p{iFsf`cyg>G>D=Y9^EL!`O5cDKZ z0QsX6gtSCC9xRNLiY`1SmGdDpG3iKelKhJi-ppk#&XZJfO9p~XoVNp@7OHnXjv;DDUNuoY5 zFy!MK8&9yTj>_-NN1ny$&8G+ABOZW%zl*hv}eT@A;V8|3{Gx02IwwrnslKPZpDzWtGVhGposl`?)2k{3~;0 z=~os>6RoV3N~}a;(J)tbOC?sNN};PtY&dAcr~+YjIG!Bca4qu*8qK8L#S)3axR= z4A!8nh&orgULHP_YJ@JZQV zuY;h|TvNLkh4dO{{>l6>wRPF`{ z5=!4t%Ghh1=Y~of4=mTs!*7g};WuK(;nBo5R^Wq{V5*bP{Wmtt8Bvi(maGVt`vvDO zLS~}$MJE}%UWE6^v^Tlr`-7XH#7g3!^52vr6W{b3e7xkdnwx$P40F@(roY?5|7{B& zWUPm0cJnl8>YHhHL}}~s%#R6$xZ~Zt)E166WFa%Nd0^Vjg%XCj-V{Png0lj@Z4(5A zMl*mCzvDbxMahu&)>}&&!5Wf(%6B5-9N& zPh674Mn}(*e8%1u;b?$Dp%Tcvz{BxTmi<*=uQiC7{clGGWABKFJjVVea0x!B3LIwa zU4h%>E%nwIIbFLIRuNtCRwyCxZOHiVJnd~zT8yf<(fB{ggbc*J`L;SaqTSXi@9Veq z$Vo)$30cZg^cvB^OQ}tuo~h-R_R5~M)5F+5xDq>O3VxJ-=WLl^C(JAQ@lIIcq)1RC zt7d17jpw*cXtyl!&NGbtlc&Ai%h-DY!_uN^Zimc^V*I~-P$vFnseGOK%>l+f;EBru za!yc&jQe=_9f|T@a7U%I+#NP6-q9rQ3wOYBNjz=njtjCr?ktcE?anebdQSJ9EjAvM zOx)$}f|bQo{jMNm*KwicNwR&ELkUsEA5I zyBlTVyH83*?}p|6hx6QnjJFD$!`QzChMfNh+>CFA0-s0zg`A-Ga^fj?7nJyp2+x%b za2HA=O24Z|mU0)AILi4eQe^=u0ydm4tDvHYR{@p3qLi^ei^Ql`(LE}9;;E34rCKB;wOoGg81SPH6ak%B6b zR>*k(nQh>iJ>ZpAe4s+ge4t@8ZHPT^Mkao+ShmauQOb|Fpa;8UkEqI*-Ewy#zL9dC z-OG8Oj=?*?t9X|te9^`~Bys2hWABUcKMY1;(lDyyk6dUq>i8tbdwlZT&OHeKuLvKI z&xd<+8T$zj-`gnD)*$>a53ebeuXAcbFNu)|@ArPnF-%qSGhTvvVBG!85e?xFfffVE zK9|g3AF649XRr?z8s(|6@tl+4-v&Pw%>!i;O?zg1*}ob9IvaXu2o?ow1YL3k>s`7$#?Kj?V)}TiEnB z^6>CHgrf}+|L!m_%uBeY0@!Qe&^h2lj**U`FpdzI_7GDlPf!Dl(wK>BfipO+1BQZT zI4P9HaRYFG<3`{d3-2uf&b9EKATSi9wA9d9KIexLAy&YN7DN+UDhEk9dV*8GR2wM@~hQ_Rh<9^^;3-8YX zuCwrW27sZ|OuT+$EAa_(|Xk9RCQo5A|;{AtAfO@n3+E zi5dP8@Q{TSlz>)(QMfV-e{PQbz#fhZfa5sEizX$JLyu3*%st)q-ri=+Yy}*!TVpxzq&71fvaG2vh z;1&y$mp0bzm^|cBtssv0$(h>W=J+D6sTPi)@Bpfgm?C;WAQQsm4ee;+xB}NMj@xl1 z0pJ<$g@Vx>Hv=bf3HIf6+QKuDv7TY!SY)7=TA18LbzVwx71djK_<3M1lh#7$16FuK z0lIF4hZ8|mLk`Eiz=al`tpb;EoCsXcF~TBFatwhH7c883#vJoZrO6wUoF1tF^H2a+ zo`vVP10z3#hs@O&u2w68Mne}Dl;Q^Nx5CNGGLj1-56eg{h`cK!D=Z%Jq>SWp$cZwN zrzHoD{NvH$3wsuExfCkUBjZI zErL9`qPZYiV-w8Sk^3M;|c`iDZE+aE@Y1{4} zs@E!$ioX_SUfO7JBUX&pW6RaH-WSwoBLv&Bwnu-erfb-Rs_PXscG7t)8OJs{tR&NG zZYgxZxP)Mw^X2NmR#oTQ3Odv;#((wXyNvXV#Y@eT?~c^8HNBzIiFK{Uz?5Qva!ri&V}S{{N_VDV1#}{-b{ER4R<7kFiR&heUad z-jCJWl+w1`0qjmWwUDf0ZtfLgIoa5N-QSEQc#WT6>0M#lrBBrRmGMzncJB(%Hicc- z*suIE^|l#NSViARYufK!fT&|5b+j*%8QuSx`UB|GG>AN~rd<63`S!PEe4+kX!BK?0GWa-7GkP$#65CI@{IFqY4y{`MbwZnaSY4xHy+8Jnz?K0;_vV^A zl0;*x*}%Onrb3zAyVr%;3LH5H9J6!9<+D$}r9EpPxw z%j|vHYysH2ac}TmYirHwYDT-y=2y+xFnWgA@@CYdsZR(BncM02(9Ucw+MbKIjy7GT3W{EysQ>;UfB6j6c-5-k(;+BcY`0dHc>|7m z$-K@JzQEM*5Vq!vWA1PVM$_QS*QQ}pO%847e3dG(OHT$!aw|QkIhJ);!xvdtqq&96s>I5uR4kWC@#x4jTy#fc6@MF)h zb2MN)u}*p03O8=mwE2@bi~ns_`{Fv*9Q@oktZB=pK9QbQ|9xysat&=U>2RS`XR*EL zhnlu}@hP)*ZVz>S=%E_Ip#;ZQoL1hU?fIKeD;G$U<|E1lYKwHx!G@7vWEw@f789yU zj>+G=z`JyFa`f`5n^A9Xz#cm4GPi!7|)8*<|sG=r+A#UH$6JIon;hke`_}%otbTP_F((*qTpWaK98#vKeEXf z7^iKSQoetIGcT(ceQ>+Ex0W-n)41<%>H;I|*5(MUB(i?^MMvkdLNkVa-SxBQfS7)=hdTuEqWfZinovfv~vCjdP?61SR=Yt8i#i-iVe; zYX(or9r#szhtkdKG4Os_(wt48Q%HY!bt%e+aK^~QehO& z*M3BLvMuM= zQ6G!kiM9X~-yHy*XbI5MK$qBP6yIHIbR}u==JHY@ryRl9E`Wkbd=5{28jlEhhBsM@ zH<#skt>B1p2(ANLC8y_N<_k^OB~Gul9u%<7&#aS(B21RiI)qXYHK3{0a3v#7fF`Tu zbN-)zMi^GrS?OPg|3GK5mT)bVB!&n63l9P?_h_Qa)x=s={DhttV4lef`X zpi>Rs0xdqF7{NuHErj3>&^#O0W1!C& zg@TdevQRB52XrxL-om4922Hgk=nBy7pv!rByx5wWbSM=%bQnHd63EJYrB&2lFuw=M zj$12wqTUC6+z6+l=LL=aR4rcd7|~b43e>8(;^X#VwON2`eDUzFm;WA#^(%NE}T+H0dBKFJTd z%qsBsFF_v%U2M@4P{3prw2#yHIvh&QKmfPUgsZ_o2?YHOc>7Tes64?g&@rHSd1w{D zf+WzqcTGSGSde4mhk^@oLGv1!a0WDLWmJLxFeh7Z+-O~>#ivs~d~BPDrIFY$Yt+sY zuLWHXn(Hy~ZqN;fd}yi{Y+UF~DL8=Lr+rsxH@Xn3q#C`rq*E2;TSbU|61lrT^M)FY zx0=2@(7ei`Ujtoc_|lQgi(sB(^bo$rB!cE`k(LjnQ!+ur3h5O_7|E1AqZyY_4Ptqh zoOBO{n<`sS3{PRM8?H6}z+#bc3bjq-WsPSBcEaIe#nS%pbDFZ&D{7BrXEf zbN=&;Wr1I`OInjKJ1dNUK8s;8E-OnwyEzR5uPir;7iqIXD=*o?4TKMZ=GL10Gsafs z+Gv=2RimV*xIvR5yhBV`0veeMvrO5D_eU|Hc|oV_1f6P2UyHY5tAn)yJ=9tS@k|8W0-ARj4@T%fH|RtjzX~)d$g9_LJ!X3@&^{jjO$>wNb|;#! zXAkHC&~=>Q5a?de+;X1hL0_`bKLuof8!Bq`5`mey|k7xKF#5W=!!zy5C znudTg2;e53mH_%3=&;2wjg&KgR4ly0MSEC7783kLpz(*1)4Yk%D_-koWjGBM&7pt> z9^b^Ht%*z9a~axN&%`wag`bJxLnD_?DUcAa*$vf=)_%5KG6bZg-f zU*^{Bw4!foDVFq&S={%(aP2JLx^35X`?9~bf34T*l~Akv)T_0lso*|CzlbEc3NIqh zhD+tDy@;Rif3(15IX`%@bG@Dz6zM2T9h>6FgPB8Iz!?XpEDZY=TgKq6GA)6y_OEM#g(N zo&rPO`!)BVTmbzQz5hcu_*Lra=B__3hKUA2(6dOO@Tt+5#i@> z8xpwRrUVql`vvpoamlovcaVRi&LjQ_tXg<#p>(R93bRvJq2JV2X~wB1rPu$|Ug<11 z4Kjoh(_j^mF^yGEaXGYxZ8~8pKdoUKO>o|p0KGsYn4TzG`*a8u{L@P$|Makp|BP(; z(;@RH&v^QPTs{y3ON7LdftXSpLBpA1Dy7?h3=#|P9`a`t8PBwpY-X|a(0a@9k$>ze={E&#UVD+R{EJ;vTkN}OaG*qP(my5&bn6ZtFJ4iOBOaLvpQQLC+3(|Xq@zqc1pSm}9FN{{Qs7H6t=A>f zdSMkYet4UZe=|?uMaE)q@Sc&SOo)?OC#2fKOKmtPGfQZc86@=CcwkXcnAsk|gYwS~ z$dxv;AxJC*nSDYgo_$u<*=(4%jVnDHgN&$}IZX1;iLqgy#EB?OJ5QSkOFS#a|HKx{ zr5`d_BFref_2)Lp!Dp_`D)SPh>nW}75?=Z9iltlWJTy$<-7~LO`nu0Y9$j3C(0pk6 zDktW{q(2uJr5DvPze|>2K9mp^N`kds;`|E=LJSQD*(@^*Ca{e@A{C9zi zxmzifKdn*Sq<3c@?>U9%4B9skg-s7$yvdJ@-MNOdI?G(I?_@I z7YUYnq!LSWL}I)QKxSeNv$WO51DV39a9Kd|(;7fAeO*?7ZNEai#LG%-2?nJS{ustS z=RAI7CM@B{)Kt{5|7K|kf2ma3-z2NU-)_UOsHl!mX1O$VW{1om6D1ItWnPjAmM6;a z<;YA3TH&{0SVCAOD^BufA#DaPOqS0qq}l#h7D^@rWx*1{L@Qx-F^I0rlI?>Q6OM+L z!I6y%UD+U~nk$bpHX_2&JANQAEFtE~E6*bT%Oavr&RbRvNTIY6QDn9%Xv1f0_!3i` zT+ZrZ8NM2p5NXj2B=#~TlK83o0hC5e3j-B4jM9vTqXc3&3ZMkv<(XyQ!k<@?@OtA` z{IiW%+D5s1m!o4{M4NXj*a%yGWLtWF|$ukI` zT6ik1%*Amuu$$vJV9?|qH5FCBJQhxE1dg$AD775~7>Oyh57=wrE6acrIj#hT0OGll z5~p%ZX;GhM_*r0B&cyw|eha5T0hYxvDG{)6HY|nLO}Ci|vYSBU@`x7TJdQhn^Eo~P zTz~>8xZZ%jLXLL;7jaw;T+H#efJ->uXY}VPv2DgpTA>nxASakeQ&c;1R&bmOT+1=y zolwf;sRKT1VOIbcR-$kh(y4J4rfOEXqT?V(MaIN44oa$(9M=Ftmg(L`-`vz@9&rKq zB*%lmJr;J8P{ffS`o^aAbDW4Th$_cWNQ>bZnQF+~hul^)2A~1EXOFJ-p6q&-T*>z;-6Fu4BEs<7r{$B=^StY z4<7<9weVyp84;@G1Q;TkIIaY4h6LxziI z=5YfDt#JB0=Bl@Fh`x=vj`N6O;C7DdfX{G@Fc&f>q11Qj<%@|sfHN#Stppf<6pk-O zEV7Yf$c{W`;h9h%a>&B5P$DV`^-l?6p=lHpF)=cW%IEkjFc(Un#G)##@Hk`;g_08g z6;NoL%fj<}fDuXI^i6D>kK>ELITogGVbl|dC&`QYA6Lc+KQKydMnLOv%@$5pflqRb z(vCwW#6#b_go`VE?-DMq^sUQ{G{mzY2^h4AbAVGh&IQf`CiiCgxaBV95fJLGwQvfA zx?4C#n7fPPdf;;$HvkWCd;vYj#c>}nw`f{BaH$o(5DJV(8d7K>!b9UbEP_67jql|c zn$e3m zxh3cHSZ>Luha%kk|91p#lMMV+OS<2XBDw0NDdMyN%NaIAe* z`YNwQp{8_OzRHK7fUCr~aGN&U@r@J4*$=e&T08O$8>yw*Y`qLJr=2i;m5;cM%2I8f z-H|v(UA#Em^dp`ejzfm#OauRu*mx*X-tCMr;&y6#m2+*)JGI-Csc;+{*_#VZgLDM< zvEhMm2V8mMzN!5>627EI6Y{p^<4OfF|$nD5D9-e(|_!+ac7wpKNoI? zMB)TWSM@BW`k!Ym98(^RbWmx@f@j-`@6;yglkSbJ zJW!4EY!AVg`BX|}@DIkG3T;m0?d;1Hu)&Ih#tRj28F<|IO$Gefrn2b3V=Q|AW?1}T zj2wrR*6=4r)V)T&|3ACyO&=qD_jsoufEI0q9fsx^(n~g{B)8;Rj`WhWPMrT+r!r{NsxGu&u71t{R zhljf;XOw>2?hjru{&t@>b1fd$Py>#;aVRdbj7FA9Rlz#SM#)?^GE#N@%P-_IM`HG4 z!{vLHFm**Qb1Z~21^GT^t{xet;#Dm(R^1O9XBao%j~8PVd((n<#a0&VP*(*jzVL(( z;MCZW2R&Q*Rl1ERyW{s(R{d@lv>d62VX31ys4mFpkm|{FLFzP;x*o^&j)ad!AC2XE<*1fPfQeDLpoyXa4sZ=}E=oTJ91Lz!S zYCg?k;GJ%yRKiySHA_|vJT;uLJV0l=4X46X2phgH@aV9Yyko1DzWf5N8=oN4B{3a5 zjLb@M(N#Ub`e>TY%a@L>#xvCsxTaKCtpWMbBa=emR7ffqIztD^2<@2)_xeuOuzT{} zO0oowx_Zx7=*YKq;r@?&i+aGEr(~)_Ou2yUPN7RRxlCb8}YOQ4_wH8dKU8xC%e)VxB)D9kn zi;da4U?!;El5)_P^`I7;3=35yM`YlXdk1t@t0%FT&Fj$?2d?vMUahX$tiNuy%iuZV zmIt+zc&Lj5(7}#ocRdy1auTn-E}Zz+*VghNoXFI3E8cOpo&J`#NeQ`kZ+XX+6+Y$O z6aK4vUwt(jsz0i*@Kf%G5%y?xmHWZ^R~5CsT5%!%F@)cYcsJs136H4fs#m%X9oWVO z!4nPM8^Cibc;mq11@Gxw?TajH1)I=6oEA%Q$BsCC!JL2y| z{5{pH+{VPPHa*?F8$o*zw6A(MN>Rb^DnH}?(o@3Oc93iF0X+_xkA&I8#va&aqiT1^FkHt(_|@I8q5-QY__ zybpYPz_SnWeymE!08bX;0*K22-@}N16!DKi#v#PzA}$Yc`3H>5YHb<}kYBCMf&uQT z)^0iYT;sS9Rs(Ia`=1Ao;12QS3iB>OcYOGmk0<3>S-n!t3jTR!B`wma($`dywSrI1seJga&YM;wDD_xE(@dx9?*7Lsm7&Bp z&CJ86Fz@N#qfHIfyjMx<52z>5dK!Uik(jg%mSFu3<|sTKhb1%L!Y1mT&H_4KIJ?7{ zw?9FN!vujwCm*glX}AI}j6f%fw3*u!amYEVx@Hp%&n4jTghKE9%v_EUdgmq2i`h!^ zica+JFZ*8zwO`DCB3n7Oyo$MD%E0c=8uM{*Y-Q#$79gRU7sT)0oE+l^&(mngShetv z2T*_quw1Er#b4P}oZGo!%R72!=+x5k74M9E8q!{?-15%EVX7Kh>HryoD>_Gv&-QAQ zuY*-cCS)XY8G$X&_!d!B`JWm2n8%Ihaf#P|3b~Ls=McM}h=NraAjwF^jzXCoF(u>#U+(E;fc9(qfn8gbw;?;T#K`8VOe2=*Ka= zBNe-O64IT@gCrOzFUMqNWBL~9d=~fVukF+371;TZuHEbi+`_WlLtSQjBn#V{*Ri1! zp`1V1!_ZWQ8rpjHX@5|#-ma-uGuPX-*P@iY#)Vq#ATH(mwQmx&U!&!9#@UCpWya!% zwIqZUJq%ynJfrSmlfU(0lcNnBPDS~|IQJbS{A*jFPJ2*s{Byj~@rbrqdCTa31S9b& zBj-`=K1bi$wvI=&?UcE<9Eqg(N$dPo zm`zmEg23S|8%F++X>>fUeS2!JS$A|^`Z1OoR&cC0m8b9!e0aNP>dz$wZ%IkD3UH+EfDziV*E>)aFq1$N%LvN;GX$(5S6OY=elc;<2e_Y)_-M zA>CAla>SiFNhpJ(yKB(c*xq+BWQ5tYpv(EJKY>A`j|PmKC$v|T-a}8C%^>kfZNX&S zd}Zl35yRm zRr|q{A&*9qzR&YP284oc(3v{88<_Nxi1J zxSd$)zWF=j%rW@o_ZnGGqa|b-g->hWxuO@V{{G{Cmqq)#m~Q5DSmbo}z@g*X(`cEy zt(F-K&ct-GJG1TNaWoaBw{74VWCnSj?`v~0Z&T_OR))v6RNR81OV8s*9K$lU#Jshe z%xB&}53@SHE~_Rj#<>0a=!RI+_kArB-rwhmde?BD&|@n(}(>x`C zJ)fURdD3j;G1*V)LuT*lysV}?g~#7jIP!b}M$1m-!(iw`Zwr%24h1 zG6m(&rjzVZ$C&LOhoz%;Z~q?3@p83M{3C5yatz%kkZ~%KM3^;s550}LoEyG}sm)Jg ze)3Q=na*!?{YZ<=jw3cm@}LM9&^ zkEZ&0e#%2S%Rcpat`XO2jw-=cEq+_i-uLh@M73{8SaLKQ&y)`{Z{XBm%k}H<7UH=R z`Ju;2!eCPxo?)Bc#oMQEV@NrqUdrwqtgR}@eZl`L?9cK#UJD@|&W^{>GFYDSZBs_6 zG1RK4kcR9F&K zB$+SJ`9%RLvY%Qu!W=Ml#=%atA2*a%@Vmh4v+*V!U8Uj;-|&wShGF*$s$4}@?q^*{ zgEtIRO`i|Jn83*6@aO$iSyAWH4ykk2RGf^4C98aVpz|};$bVjo-7!A9^V7cF zO>cWpyqN5l2J_LPov>Ukwcfz7!GKxYW@rD&O(;&ZpLzox6+=hzQKf@kWJ^6D1}(f6 zt^MKVPU|TYI}x-~3rFj|NE)Plo=8m_;|FhapB9lu^wcaG9-d-ov2Q(D`OryidU7*W ztJTy_o}xyPSuirZJb=v6AW(*IsG%M+x`9+90QN|80-D`C*k}}k{08pBe}0a-1)jF+ zH;kY{pJEQkZ$^Vgv-`|zlfDwg_mE{neRShG_g{W1Mx!6T5ot3hoZ>f({P8*C>`7Gc z9ihF{s6XuvSF>ny=G@bSTDaDz-mcDX%Xk?*WKAkQB)4+T zN-Q?@(&^jskm#$h!1NpDQP+C5$%Xg%&R&aO4S;{pd6m&QLz{1OJ))?qD){-%$rdD$6jZ=hQU12Yvgrl8#b3&kxCZ| z>652WJGR=6p-uvOgT?145`3d4qt}>qXFIVv5(;#oR2L1;t0*eU_^P&=Hrt`!gjO`A zQsZd9!%HV^&slQ93WqNR7IstR9#QhddF5!1Q9V4~#jmKgs0&8c&$U_8qC{2N;>MvW ze~voDk?6Cv`$I7f+_I5!JpN+v=jHS?U}_wRoSp||gFX(g zfqWi+C3Gi#eyX-|4cyWiZS)N|!7B$eS6C^*=WLb5V~r*kfLmi~B^bEIN;5vxx{UtU zwAgL!2&Nw$oUFlKuK}z0i{>=kpvd=Tl>Q}fBL4UZ-O5|Q=!a|q=YJnK%SOLvly#%I z4je4rAAjv6M3_HRE`E-=<^}&ay<`lXGloV@SU=8xvyt@+td^ysnLi%<$Qb(ZF?7=y z`Ugf6#2BX^agu`vevbYz9AAEwc1Db$uNXsOJmYfI`hZ#9>JH;JOuFb zA61Njw6JHChX2MC^dB7YZT2@64bPJV7-z{>(R{66G@2v&g}MxWAyl;@!6tk^rM&op zP<1uvVh9Lw0r$g4d`!I67!gQ?L67hq)r0*bep_0{W~35onw9Xo$<> zG}_|)a?ocvjVenDAOl|F2z1P33@1*;<8K46`Li;NxEEf8egyDyv?DMvyb=~us6ces zYQ&g2iFg)|1u?b+KLcF{nz!wUUt=gP2F;sd1e&6+88okwh<;%6XH{Xur-;7@1qUq! z>5OC%Z#EZKybK`ZN*hDxpmutpaTga*2v6{440%PIz8%$1CKVY#Y9`u@IOf!aDqK+p zer`c>23wUy_x8ylv(dQF`>da3GS?|sAN3>_!@JN3dAvCsxX{@)`VhjG`noXIZX^?D zS-m$B*4tPi<0BV=4%*^TWgFWmKFUl`QMM~>yYcv&TK??(yLR4LfwMaA*jBOi`fX)9 zOSV<)xNgVY_wLvwjtp)4+nd@C?T3Q4J@FfDpE7#zXWOi^+EXeSwm_be$zU?!&&(R+ z{==+Q?pMsZ(a@rhj()vpWCFvK$s8*lICBXcC;1haGev|Kqc;mjd!-hwO+++ffeFVB zmrU&NqJfEU2=WP>XX7bhqb|mdlTslElorZ4-LhaICxp)9f}8=VoiksS%vmH4yK+FOb z+b}FN8r~$aJAgjTWsXlo{;N4Lp-Yx#LN6OVB6K2z3Z7_Y!ziT)p9JMbal6E{z&M-B zpIizTG=X7>H5LxB$sHIWMZ_DjE+_w9*5zapqLujCSst3sLPnMG6Py{oX;&WBVV@g8O3tLffa9HdiXa<3$@L0kwoQbeuwi6&iwM5}=YNi8 zc`!DF1cBBlMz>j6vcJwkt2PG;SZ7v&>{_#GZ9L63jEqI&qV>NbZ9L?NE*cO1ojl)A ze7hv#d*mP!4^0J=H^zpcgvh{KVGD1xh4$w z$`W&I7$v)#^Cy3E9xDgdm|rT8s@tIgxQ%j?63#ii*J}t=JZh5+`#-(;DQK z9ciIfsog@q%wQoJpvZV(tyE}Xi!J_)s#D)>kBZmakqmWM2m}_W?1>??Wj? zJ4nx!C$goZ1VT_cN-&D+aH=vdO*#Y#v!|bzJd2>vJ)CC|3O0&i=}}yc@qd(n&{2#k z7{%QZFLv2*iBxp4tqm=PRYV=r%HQ2wiHt(cQBQ%Bk|`VYEvh5iXA94TtB78(28}M63tiJK8|IoJ$)5uY3Hdoe zd9Zp8lrzJr{5jBWlnJI5)2y|K6X9!-cs0*#ZMzJ=+AXW#YFo*!h86GS{8#r#rLRU| zzQx0@DMyGjB1q}`A-npcSB zLFfZqP+phpyBkq@F@|r9ksHWtOqGMxMl?pTRm#RZ8-Iz7AEgw7+r~<{M0sO9@y|gn z_-#aq#cnklVY<--9asZ#@JDyX8Fy7E?vNj>g?K?ibJZgJK?Gs?q`<&Q*!-M;a+|mn zFIT)4rq2ip)TMCxgrFcjVfuQY)Nzbfq_kU@z8WYOI6jUm@-~-f(z{d;2b~MpRlj2^mKmw=lhGjDTR`p${}J zSd1{eVsvG33`@9z7N$3eu4azwfV(YBtMOcyEF7ZOiII#)fSGo9Bcb%#kQx|adIKny zT+-XWNG`~al0|Ys^wy7FSr9+H@rx?5@Tx4}77Nphy{I!5rk8k8y)4B{KyUEqTPY=` zw|DfK!o)$~43684{`a+~l`bsg(#uNmTH9rGT*Q~r0i*XKz99}A^xhaBi6?XVZ5%Ls zSa+ptF_&oF^??>mH9RhGF#OnTN3h&DL6IHS+AJs(=`)5tz#6F`z@6sOtWdj=`=MqX zBeBHiTVhP8bWB%$KEK~Q<6&1}TgQjmL?^tc&-{-THhd2{Jk#LAT)Ka?^9J&xh7SNO zODGD5j646WCEz=3{lB$^+C_?M>-o2~Mp0fh-2K{lBk#Z3_my881OJ7Crpw6v2wtIu zZE+uKxk||LLSz2$YuE^WA4c)REH$ea4%Ty!$@_S16oCH(%n0o9zwZ8*zj?dV*`2`P|0`s%Fpj14By$(UWECN@r{~7ly@MeGq%9r2Z z?v6=VkV`jmXz_nkqIxS=;^F_l z65;3J3m_CRmH6V1LJ2rkx)5h6j5xBKO^F?&N`y=;EOVRnd6*SKp?Mi?&k2*)&iW`cd&eSn2kTW0|WQ|!a#Nh+;NJBe+-k+@;YX;48Sj?gxn)( z(FysLRj+nfX9!?P8&;|Hn}t83Tt+*+iCiO5_?ZXhef&l3X=Ml^tn)^Wu^gnuxePFH z0A<0-KE!2_o(K;&zNW54Yp85|PrX{C2^7g3(Us_JSlgfs9uDLnhIasgP) z?sSxpPbeI0&Ks4VYAMNe{=dOHmMSttP5<-prbFwok%p&FJM(w_ia9oh!G6rqYMl8L zs~w3wD_8@6d6Rw6@_#)xl6Q2qGe2}{y(jx6htG)q3}5K#NwST#noD+p^*Uk=yr5hX zKC5I+vIczaE|Qha4%<0=-t4e6D##8y4mbmrf5q&umKt*{*~2aVVseQe?%DOLkY%Op zV=PZtDZ6vH)+Rh?7ao2ct;8A;+{hpxg@5)dF5EOn_MYJ~E-wr6{5E;!=t43`+5I7C zjrL2z@<}-Az5w=AzN*mWK`G$!CA&g4Wr|0KC$qGlWm*bd?xOn1-gEhaROs>vAulnz z^Kugj9MwoFR89h6rf#Ef5DqwDDlGLct5QEb#pUO4`Nc-lpcXrRlnp71%sQS+b!=-6 zpKhj<(5MfCC|18+z5qYP2E+Ba*6H~45u@jGti8pU{e?Dj^1pvU%SF(JTUKB-4m_sO z9>36Da{OCqOZ`&&sp9zf?zX-mElQd7ua%iz=D;$Tj&O*b#AplO^nWFj4rVI%ur_nT zzcgyqSnJqrhGh(EmsDy_M&gJzlH9+4wR#Q4Aoz$mdLWFMefhNMp1XkD)`=BeuK)2o z{q-5{8>+8h?r33cN@!`dY|3^RP1g&`P~$qybIvgdeB6_&eaOr@mHc#b12H9NRJK>}_Ix*ws%rEnIua9S+A` znCnh#9kdz4cx}o)reG*HHmLe>n@6^ zy}}9(B(S9FIci4rT0HB_TkkoY&HPo#*Lgzw{ekSKl$`x@)b%U&I*ZMfxmfZ<=AyB- zDi+J2-dS83dg#4M|6UB27&;**Yh}Q}HYY22mO~_5vk|vpZkYbrNi0~(8};W|7m*o5VCq1ZbrQLlZl4l8&+dU>V` z^?A{sRuyrTrwU7qz7|%!;n$qGS-sJ$pojH@YW=W?a;BhXVJCQ%YxVOz^@!gekK@5= z%_R@*@VJF{IE%^ZQdsfpNzuXA^L*t!4Bom*laU{(Cx@JBE;g&55O_)nR6CuyJ6sNS zAl{ja5;pF4Vj!tyPMq+RNOAW@us~ps;@{z-Wm6*;!mpv;n1dC(jz+aFKsmCf!>osALT6x|Ljt;sRQ@lSc)1V_Y3fLb zO-2pRRDq0o$iO{zB;$XPkqQ}9@X$DT8RwFa+Sk-;gdj9DFZw){B9#Q*9f8vAVS#O~ z0Nrr=5QnA7BYmXs-3Y@3XIy#@Q>ff= z`hD}91)3M-H*cX!2`nL9GXOG+Cu)Ej*h^wj8uhlks7##0flH{e=mG)>mm&!SHH`Gv-J z*)vZl?0Cxen3Fuwv8c5v@RXz5NS&ysOl?fr>tNYWIqI<_=^0o=!A#L>lubm@hKG!X ziTWJn4WoUco;Lf>SCU20kOQ?x*>QMKw}iK`6B|a(KV(`etRxw(X#K{iZ*aSIgsWK- z-F&O#)o!CQTA!2N;6JT)!^U%kjVT%<+#7+HhR*;yfxiY@mztwmCo4D3MC++}G%(VD z2@Z{OWQ~sEhc8zmT&HmobB{7}P3qy1dRSsh_TkHgXm)uRJIhR^4v*9sNt5*1jz9j; z$eX0Ea=f+KsGFo;wP?5xEvy~s>oJ34Rkz((Nw-z=R>%i=G;6f7!2wtiYbfCkT{i_) zHB@h$n4)LoQLJg5V?zOZqvv6%&|o<#J&?WUiy_2cBg)U?-9&E~`QQ%ZkZ&Y;Fa`J$ zGpR2wQYoqQ=KbpM7ehv|N1qn@qVKEeKRJ&MMd!acA=^oD!Pjv(*XwWX=6XT)Cnv|G zIX;GN;CBj=F?uJl^!udpD`9h}W9%8JfY4%??Ic>R57!^znzW*eZYN)QjmoL|iDkj= z{1^7GW6py2!?X4$Ge_|KO_iII18KqcH(<=qr6r8znX5*I=yo3H7^(B$#?;2Yj5oGS z(|@asZ<{||k5k5*x43Mq3PClyjrJCh;Jtmqyy}H&f7_)P%&o|od!~Nf zRe!w6x*bQ>toSW%=ikNc9Cx;=_r3)?{E@Fjj4Y+ej{h`^q(!z?-0yzK)8!e>Gxe=X z?V(sb{t9=dcVhI53)Ng?s361j#7u_80U%pCj8nD7?&`3(q=TEJtoUte4}X_6P@1Y_a}tnX=FrS4DGe56G*BZj2aUrl$M7ZUo)Z6em1pd^ z;K>@c`RWuf`|zh|y`Og3nm)6qK`X}qH&Tdn0a{%j*z<9_h)1q1ZD$hoI~|Tc{n5yp zuYXI4HrnUwk2&;1MqUyI2mSfB(jtJ@}%t%dz@^OwV~6jsZzpI^NQYvQCkiIU$->D}3!MOHrJv#h|#5Q8X=y5y#YRuufVl*R!+#_Ra*83uSS_Nc3~IV^zeU zLYh70q$DI-yIL)>R$=H@(|c4X;4CrO;Yq`$^W_p7r2-J7BJ=KLV+iBxuE9`bCt(m z-sbB(a=_nh@sF!F%F^|CZH;!d`yQh{9ZgDe8!hR2+C(kOVj1s)$VSCDH3P@}V%3Lk zOkboYVqS|yFy{IdtqW%a;U3;+oLGeWp6=q;RO5_E=NtXFM(LuyYmC-K`gCeMdZXcA zj8@fSlrGj&A_uGtS(8z|7&;~5-MZK4T1+#cT)NJoG!f-SbOzEi8-Wb{520GTURIC} zuGOjw*BVa$5Of{rZcd-U*MfY|XE^;&OF7dZVH=t0mvi&osoDG78Vr@KW z#h|%B$3oC$pjAtt1M?!K95i2J;#hBVEY(+swj#*kG#?WLD z^JjT>JHIuC{tjw517SIqW47}c=t|JsRh_=FMYe+G&iT$aM$?-hs? z-s|{jD3tZ%OD3+uhffq-9kPULTgJrSHiiz3p;3$0kIOqUhK47l^`m4@LsX)YxF*I%j*3YtN z#F#3MxW}u zIxxQaCZqRY;Qz~L0uw}xX#)}cUyXMOk{8InNQ9zXW7-Jq229`P@Ut{>tu_fs7mlHe z$Iy3=p)FwuKk=23^48GeKhj6-&+{^HBa(DgtUa1DIFUf(~=K64?A%3Ps|kyPE9W%;Pa( zSbYL?6Q{cv3*>+<;q>1?Q@o(RzE{7oB} zWbkdRWSe$Wtl3#!y5pWrG z%Wzt+GrHs^2_7Dt#~DD&77Ia~u!LCd;)GDK+=bTYh!sc9E?IgNO8B`THA5Ca&65RC zA!niBDU$_I!y+vP1N9iDw`BHS;Fo|Q*uJX;Z(JzIf5l~ntN<*xuSC>o5aW!M0;mWxN zq)%AndMPIq`TsR_H8F7)QGDDkAEisXZI{Xxs0%Exh2^s-6lhrqQ8cI&8zl`%NrNd? zY*2|3vvG-5#o8ERn=A*S9EfQmCLB2Qz+q!JkcLBJh^YxN#59I99EjbS5;t@L9ltFYgHdM3$sv5HG5sWFga~&MLU7hh%7j`qZ6-9JQin!V>JZid z5h8TYp)Wi1T~(k6W9TjJxCjai3f|OIoT7co0qTSg@HthAuWx2L71NPScP3sD`nKfU z;9Md2htugdu%Qe?UuBNsKGnT=+`&sGn`BeGX0k~(IFYCr;#}i)!f0LW7OqvthiO#u z2n`Q8m+6Hk@Z~L)(V1jwg)^#F7~;PtJkQj5bQhweCzV9B#)yz{{{qZ-lPl2KOj!#f1G+{=R@FigC?J+A_p5N_XlH`kDVGHR z+LzykJ5pezPdWT2Ocen=OkD}r2)*(j_T?}VcAv5@fuli9;)yzfM(5QM(KQvc>Vc*& zq^cevA)BSE4ymcD$5rF%8BLn0-qC~AHRxDU4QgOsv0Tl4V?N_HYtWgTg^!_qQ6`r3 zCN%7iPYjY~3oXf{aI)#=cLbqUk+}cMF(=CyLJv6*4%L|>dFD_+Fj+TE7b%1 zbxHIuKBF7bWfIpdYrb3EwjR!pqjC>-5Km~`_<(-v#7FQxEIdhv$7#R5m~*5^|M~^h zvVKFguiw{!)(};C!;~giHK0*3bpwPJD>gjF&L0cW7}P1+_&SfF2Y8bh!~*Uu2=p+f zse+9VNY1J^!gOCrLkIW~!MLeQEz~rxYa}Jsh!vZQbxbrTl%H~Acuh^27HBrfjkZjx zq%G4bP|KVO)B-JK!8wP9zUI2;T8;Te@Q^Xz3WfqRj9V8~h!-)C2POaMCC5Z`Vcd6I zp{-Oaw2iB&+mbq}+aTO+=5G(EE8A}=J`dr(XP)z@dq;3;Uj5q9n>CB+m{2V{R`hUw z$GQ%{jwd>}I`bV2p~VHA=q!t8HDk1M&GLKmuM-XZz!G&qgIU4D#{4K4R*{#uE>xD~ z`2u__^b0YE4)CxO97xS|)hl<7&}2;*tsDDzNV zSjDS50}KVcx=Wb0{1Znujyxu4zQ(T zd6t1MGhP86@^H#jQsrSTH~=1Tm_{wG3V=Sw^i|+-#u?xV#%sW^3<(s4BJ{J@6K(@I z$@mfQw8b@1;9Ky&$MhHvFb(0VV&FSW-v*xL3h30_WBLy89OGT!dB%Id3yhxuFIrsJ z4}72Lq~wytQE&b&^MfA+D_j8*(+_kKsBsi{l`+aqhVcgQn#D~K;C06Bz$l}-O}oI* z+Qa+6n-(_*fgdBfOa;xC@vvnJI!Eqq|Mh(OlXr6ysUb_E-6PtWAy(QsdX8nGT_gHk zPxRbU{EaY1KfYFrX{X57$2fz(Qx;SB--ouSE`|Pm3yhcXmvu@}h~Kwk3n;vQDBt2E z=;%!I9y)8rBe(pZ_;9lzvV45-b!aOhu%z|{?$L^>*=Gb zg+^{60=sMwc(zvy^(50xSFoAbGoRkO=CjeK-E_niUSvGKB1KHf_Y{N@k+4}U?u AHUIzs delta 125801 zcmd444}4U`xi>y@cC*$=XvItXP)PonP=wAnK`HZ&*M&Zk82*U`+SS$F7nM^;PqyE>0|%z_0CA;t<8RWuZ2QeOS1n_A++A0DcU>X7>t@2& z;ag~?6o$$Vria!%6l-MP=yHZ0KX_HwuSUeig#M76(iJ=IQ^%y*J8E{!ou9p6%jatD z*!G3(>~h@jHaRDCc_()B(C;Q?#e9x^v3AQ{+pDWW6H=cEy^;D>=s&%a<7#f+T6OE~ zw`}>`t#w@k-Ve0UjZ;#M9qo>m(A^o&hnl9W2+f-^BlP-|q^|Q*&S*y8w;kTD`04NQ zF(r50d;QJZ%WnPR&3Cclt=p@wGmQw1nAznntf{+p>lbg{Zp;ojXN8io61x^;y)n|r z+Z=VI>zySDyerke)M*^7aE%GQUvzC(@$&Odmvsqe)W78%=g3{?GdgGS8QRFsuI5!~ zu2uP~1I?TVgZn23g55I%!C%Y|1V7FX>`b~k5Zo~#P|O$)?wSzD^)l{jW!`h0lh=d-U&>v+ zi@E1c4~IAY@K?KhZETTV^=1G~A)s&KE%{zt^+T8ZdVHZ|UOz4!A3e?rpJyl0WEK(M z>hOhY=Cp=B`O+e->dnxc`|{Gay$Rx_he(+309&eC_)g$X-)`0iJoJ_O7V1H2G%U+x z+s&vjdu9A1r2QqwNnYVfRpb zEj++_AH4+l3B~|7%z51W4bFU=rG`p__wmfoiQs(R`S8xM+#gEbxrKim3hZ3R-wT}p zoEFO3_0=)w`JBDTb&O@__lLuz(dzJDejDoBHGkX=O7R~HAJxxX2*8edEA_(GP>MbQ z*?syuQ;y7TU~JBp!S{XU_8;Jf(B)Y3JIuLnDZ1NI<^ioNR8XHkF+2YN%O)v$1G>#t zmb^Or@w>rW$s0T=)KZ_XpSmLTA+!7gtjAZ$0{K1Rz2rZlHS5d`d#m+-{R286OV)pL z!R*q4zg}+#9VM9l-euN9Mm_TAD_;-jpGW;aA09@&6j-_gVPZ$&L6%alhthYC@yV>K z!-H?lIbc>rCQRaFO72$HslW6Q6~z!eGSCV-^LrRy9S$E3b?zRU)`uJ%+?r*0xCct- zBJ~J<*WtG_bar<>|JWGV;20aq-;+GCH+cVK@+_kOwK{z9u&>Ab?ErizRJ&&#|Bq1b zp4I%$P~zSdGd>w@Mxs3|xgL$0q7P{cBho+*KtzUBK_9-`Rlhgd;c8?n66&?k*5hN$ zIP^$5_e8l0NA6$ET_;&#LMJz}r$vqCo4ZmQ_w$jB8axc^zQ*M)J{gf ze&>OcbAdAND9wyuw;(*70v;3*?Owp4j`0odtjc@%(jYTo0eU-70rb_q}%AY8ZI8>6fCeF{;I7vsrGIQK18_yXv4tnlU3VC)Zg*^L}LY@<< zU{602t%nqNGKn>X;3ZO>p2wL>` z3L2P0*`a$ep3=aad?s`vG>z{!25!PQ9KYWv&EivC@z8l=Jne_OZ4r@bwQ9CBgV$qn7N0_wHs*g$KA3qncKDz>$StgxK&RjCMha>V*fK&2t*e-$oj3fY;AKSH*8&=D#33 zPXYgmaCrZ3%~@PoZU&aX^hb;Rg{`c>_f+_z4|uRWv(#75!l-br-`H20>t$@`(*Jxq ze-rSV-wfkyxOFJD`2lR&iQr{CO z2a%X$26xg>6F#B8IZ&FL>Sr2;1I^bj=9Tq~XQg1C(HagH9t<~x&is3t{tZ}gjCo*b z5W_=Y*GpZdAhI|ZoDhJ(01B)G?)5)!^6dp*Y48?=`xjZJKIPSbUi5k-pHLt>zXIj7 zh1YG|;4aV)bdu63J2yb7h2cy3W2OGW=ffWTu>t?sUC#}a<}V0e%KLgatbglxDG~zk zMCh@Og`}JR7|-wqVK@v7ZhM91ESW)lygAvmCchYl95307ztoVw3!;LjN@-eTI%Nlq zui<2JFr05Xwtg#S0k^yv(5FIw$c9|ZIxhTNFMgeD-jVCa{fpA?%+ek_71F;mX7#`P zCO}zy?^yK|eB!kvuz%4q_u{EJk1~cV-1jbvMuWi=9Vqw zj!^%1#*caV>HOSq7{hn3KKWHsON_U{P~y|mKaYzC%j*}5cc-!DT+AHrTmZ3qSmL8E zppCs94(Eq43!z#(z*2U#9;bHdD*WEXWdBi?NHAo1^nzCdJ9FXj3N()gN-dtF!-Lf1 z$idG%Jzj4Gxb2N3h{={txXhV*hC9iLk+l1MZ8<*g_>evgj@$HMQt$;hI`y?AnxN^f zm#%0C!?n3yOy1u4FzFjh-~mj2OvnEYywq@X=S!G8eEKWPjl)IIjX$sjU1Iv7Y`p^A z1GeXK=H5BI)RzlaVp4Ds4Z8%=hY9)2xp=QWO}midR-&Mn1H2jBBQ zy>nGwVCR-=p3Vg?TI^YBji|EzIq0h`Y2h}+hR~bOWaj!npbqcBFT(_sI(&oZ;D>TE z!r_?@gfA67?rfcTKl;~O^8=0Bs9CasP(kNy38hcxu7WO;N`32BIhTYwJCl9-qow}f zS>I6McB6ttgQ?K~kvcyL0%LLr1@xiYR;fyYury za&nqPvh;V%nJ3&i+!N~W>f)YI%i;WSeJEoLTzee9OYz%7W#acp*V)5Qa=tgz^!+#a z^Ig^5^Bw$wuGSxJ;@Tg0*U)p%MDd+nhhF@OEAm3kCf9AYNu*`Vi!f?*%QQb|1);LzSM&PN z{^Lt|Pw3R~RLYP4ER_6mD%|M9e}AYP|0_d*ms3aA3mI|hW^}n3YouQOhQb%V9cA1XR(di47zOsndh8ka4$~!~HUrFVCp|kiu5OTkoiaO22 z|7@dvAD=*jX;f*b`qf3eG1T_zYJM_w?$xf55T?l)_hw8&oL!wKuIHNbT*&#e8R_nR zWJ(e(Rf=g)Y zT*p{SCUBYlIpDRn^g7_Zz_ToEofuqG$od|EWAvEV37^XJZ(|yM8tEx!`d!<%&feBF z`#%d^g8Qjri{V1uhvVbM@R7C>`SDb#H%%w41uih=d=f+4nA$%$=JO2l@cd})1b zzbZJ+rbJw`66(oRf;=cdTH`sR^2Vb8X-s^Ff)kR}Ts;BuEic0UgrKr40o5U`Oh9Jo z-h^It)sir%E&xWrdvdXC#D2zR3NMa0jHV&s*Z1($RG)^VnWYt_6QG zymhsNYh;5$5P~NnbSNsXUXxMxD+K?z62?{%O#N>htdxCv99(B65dDnGJZ?x`qmM^* z$jj;RCzSycGSrpq1n|f!+zE}0tr7*NK#6MwJh2GglC5`Qr7B<|tdSS~6YEuB6I&I1 z(y5U5^u09SG_O+o5$m8X!SRFmO}1bfNVF^g!vxK5!6Q8QZLr|02=2Au(JlBDa%ePh zI4wGjBy{yk@@W)t6j`uNLx`iwLTLD)VS<=w=y2>8Fe<@u#DZzWaGVgZ4+E}Sz-Iwx zS}+Y4G$4?iaVXeXXTjs0fDc>ngeJfz*>xrpjU3KFD}hFhs3ZZ`0?rX|FW@o(!?Gv{ zpaN)=h&pA#lTORE@JU0sa0lDQnRef?$oSM>0MI^rPXj(D%6WQ6Dqwa zU0YBUs(5D_&j~f)e^sah|Gl&h9(wPck#1|Hdv3PzvvNMxnY+j*uB%tqbQSmSi_`C$ zume}qS-#5fy23roZ(S8LpEYS_*=0X@cS-OluCgDW94LFkyD%T#&A-5g^aFi zT0cy}1Uk`IiN3g%Wfr4Wd~Gbzn)H1-TK_FB59o5jT-F{OT_46ebSiW1-oo6wu?VUM zFMcpP|817IZyXkRZ(#0yxy*yPayzE=opj0n{EN&@i>gqvtZ<{yOGKl%cu=!t_H`K(a&;P2B$`@YHCbmeP#=npaGw731=%@zCA;Xl6@ zs{MH7$nQoj)39Iw>b}tNj~Auge0kpYZy-FU+?k*jTXk`Ew^>gauTsgG;My7*`pe3+DOYff+x6qFfF9vG_i0z<(38`6d#Lu+ z@kY~>s2F3KmnZQaqrl6vd7063w{vv&9xs31!P^ag24<_t=psEvB|v`42xjn9UT(C~ zkJ~s(KWB{7^pk81(@%quGKHt6`4Lt8){KhRV}Qh$i}@gL#CX$aRDi9p8ntLmtQdb5 zAQ}fN64`oyAGf8y3j7Rkv2@FS0sL(D(JA~fP482I-m?iym|{87gUMfv6M69Q1Q6gw z{G_2%hRKoHn2t(1y15+7M}g`E}!m!xG{i?B=DX%Ti>6iGa1t--EJGzKWsVIz4K zep(Da{UjUJvv_0)mR4NHc6ZF;_fL?c#awf==w5pbk8z5H*|{OyEA0-f;cvJvqu}o8 z1}#Fl^Qq+S-O-rodvPQ(gv-s(W`LcY0TT#TyM_nu`~%WRkT`+_>|%oo

1&APK|%S3m28Li?%Knm6o-E_B> z1~ZJfKA}A=cTK>+IY4}ctt>;|J3vcYnY6ut;x~E0RF<|MVEs|z$a7TYbz7@F;g0U! zt^8G|@yvGa8Rtjg^r1S-G9iW#T$tc9>K}BB9la{{owwgQ{pK6L5{obeV5u@vZsAKY z094$9&+D;I8r6(%GuA6cjuC9pzQp-BZhPccpsdxeoy&A(t=*X#6-j2BtN7{Jnu z#v6I+nyW$fBS)hZCgurJ>H#cf}#W%u4u^Z9k_O17-H>tC$zhD2wMGYXw}^&raDpL;Gj&o`(aMq~2&Y&8yovrG+-`N)#v^KFQ_(m2G z8@Be-~;B3y7)%Ah%o+m2ajAuSkZjmf`vJTw-!-5qr0S*@8D_Ao54B- z`x2562Llv>DBjUN1n^P0*Am)%HzXHzAHAC!d~1uX(RA1v)}U%YT9Rsf8Y)CKEDd?(bVNI@DvIux%8Js4 zL!D2K4LwooHeSCM^VcHsrr{0n?c8m;({+MjX)n|lO4l3(Mt=bAEPy*xV;rF417h|L z5Q}K&9c$dNgD3K8qaGw`53D%U(~_<^tBgLPpvkh|n!b%bX?VZHr$$D}?rXoq_q!s) zsJQ`Y(LAvMDJ7#jXE%S{HL_7$or!yuEMO!z@B^LpMEyN@+EcTKHF}Qd)2=fgUa={n`cu zt$N@hylXcD?=bpX_;_vZg6`oK{<>2~$CPa-x>R-E=t>pLq9K#ExX~vX?M!YvaHB2C z{Rp%^8i65mn&5Y%jnZZb`ndP2cIk%Zw76ql47iV~RUG$8Rj~VvQqFzO1`n(77UNY5 zH!)c%yv0BXc~KElp%(UHppaa$#O4h>qIFEWTEDcf>e8+Q>7ke&8+=w-LxDst#>QqS zZ^afUnXx6xL$T#j4(yMuln7vGC*2r(N_iy?aZIiP$DL4x#r3Pav<*Tk8aJS>NaElv zxjyRgsJyhwJV`FTd;H3!9%v_5ay`|?$;bFJa}S}xK|V$2ICxfrkpz2!`1J|69>2(H z(mTx9($~uG!npx+1nFHDVNdG$c0)>y01#BPS68t{wKX!3g z<>78vZ~}A#={5L0g!I!Y9rs$n(4h!y0C=kn9|YcH!-r6KiNZPE7p}44wDwhD!x13E zcK&4G1yJN}|AC8Ti}gsIaqK?4IA~gM;9`MIK!&i|iFC5?I%G_-rDuYE6!cZFumRr4 z1Y8Wb9B>ujmHuPH=WP5r;BO*1;HlC9kZaJ0*tPxx!?s%DWni>5BAyM+12#bgNH4PC zMZj}xcnRxfyLg}f*oD(J{x+n$ZFq-pFg9vjI6ZUhUhN_OfeRfrhQr8E zV)STa^-RGX+^EB;~o4UQv@}J?Z`o9_j zT|7@4Tx(<<=3mwRu){cd81tt0@9fU_9)FDUD$16MF|HrEjWeB?eT?WvY;YTy-TZd# zY>ctLn{U#7{~cqno4;zj@I0^Le>5_V@yYyUqZmKe{HwU6tfh^w;*LBT{JV0aY`Kk& z=JW2|g5NLc))MBsHyMXXYHs(bV^D0|<0jj&@L{YZ`pvz*xJq3ee&@?ZQxAWWKV($D z$iw`h?&=@$y@~vL-RE9|8NAc*oa9;MSRYRGy`#0&>sqbv1$+sGrzvPp&pG6tPzeKD)YV`h+zr#m&x1Zu0UHn_d@Z0=JzQbsH z2h*Ib#*ue;uKpYr$WPA?(DJOg1$Q@Ai#f}otv_fT9%>;GBU)M6-glXYF5~s^swDjh zT&5p@qp)^>{2p`1L}cAST*}+i#AQ4JnYAQvl(`eJF=sv20`$vABYu}yN-ScPugqwfbT{*y5ro`8Y=_F7?lS%BQb>ocT7q z7QG~QUO2pdx@(EpX6~8!Fmw8kvHf?wj4fw-FbS<>iR6jkJ+!xt`QU|&-G$7%bNcm3 z@KOe1gvY2k&nHaj1=xoTM&>3Zs{Q7BOi_t)R~ynhji&Sb4t|p{e4hWFe`=h$!2gY} zHJXO`GOaznyKk63$74!-J+%Agr$t7~CCmwb(CrO#pJr5Yt-U)@)7H7LI9BD>wnfo6 z-DgzCX`3`hmT|(Z&F7Vm#Aq|;Ho>F#@N&#UGp~**WUbD}9S5{0_%bYIl$gsOkqszW zn0+2KDq^%b{G8DgqfOGB9-|{ho1r;@v9P{^BZ4sJ&X)O5rjrv$E zeRh=7Dvr?_%YP}Zf)-n>r4t`+0A(9}v06T_F|y;d)F>|~%>+)4KP-fp!n%*fXwVnb8`p(qxR$ z*6GJlKnZ5un6I-SF3gfpHWPRQ)+8};W`hEU12bxXR|)*%i9yZKA*kG9wR+5jZXv*a>`N1)c#I0$IGk z;YxNEUz{~D^RKe(Vo?I$2;7bI7=eEtlVn=+h!E}ugV%;*FDcIg9xXB$z;l301-}iv zz{U?{Ir>F}zXv#ZP!k4ZAGwh;z^*D0JF!0T;zBJd^~?ghRdxWiIVn+?3x zhA#%*X2VwlZwD?6(DY3pkjte2C_}3{5gdD{IjoA{ShJ(TbNT=fHuHSDh7ue_-U2ymPm7_}0hrchrF^@b6rK{}5|d zNuUjhVt#T(`hQ%G>rrpwD%gXj%0!0WVsVS`a%+hsYWVUDE-WyNsY1H&pDPVZout?Oy=luq2>zVf{q1+G$x3 zJr>vWKzV_{RfU5J{u#J=SODO(NY7);n+$%Rz|j({kEKBLN*j*ySu|XdUIakw7>vFF zcoXmf%Ytb1$@Js4^xe3-NwRuH0bc=r5_q-1_rtrSP`1F^0h=GIg+_NNoXTg>B;5Q6 z2DFJOM3WZ$UL=c7?>6HY(JYJH){nyBq09!LLIL+Y;N)S6BXnk-0bVjnH&1Z6mt(;x z8wBBE_gdhnBVJ=!;J#7ZIcl>!;=Ubtn<)@X=xFtT&5uwhbOruR@b`h{7xJFPY7DV9 z>Vohi5a2e}D)85@5b*95_#d&!D+ja_g8w2W)5Ib?7UKp^jXG$h$6N)RJWwHUcqp3` z(2E2i8-y|#bI7tVW*IixQ6oGh(yzxhx0Arz1^zi~Zwr8bNZ_^D6Nj%>CU8{jqF(R| zgJRG|e3ig!MS2i;AIg^tn^?DFJ}N-$Zis;keWy@>=w>mmVaHbq3OFeQd<(qhC(-;L z(@~!*bADJk2bbA1Lezp9rHd2Ltr=}JaC?|C7r-qEIbx*cxe%Eande! zDsXrV`)18H6uSu3n*>~VC>Gt$e*_APmD<=!q?sQ};n3j;p9JUtF=gzU%15)e1WL=-;l3Vg{GIL2%1Bl1^b zvtB9Uzo_%LyRJyzbp?(XW0fxzc$l%9&Vfk;mbg~NHp2qBkva~ccQafX!BNMXd*DI8 zWntW}7^_6GY_xG0OU#cGXAxm-9A+rYNne47seE#SAkb1Oqp!p#04C!kP9C8;mN*6* zmTbdmut~Auh@{MG!#@u=!-n5Y_Gj7%djMzI@O^-@Z8)`w92-uFnqs@N*GCZW~;Z-qYKPiuC+Ui z7arjgySGf&a(L*6$8Aw^vH=%7#2%Du#D7MEE=UOEY@aatj)^U*^vw^cAkxYiH*L@M!&~K z|B{XVh>iXz(WzmPMz7cserC(?zK#AT8~wbEPF9*VYTYoF-ijkDC4Ic&k0T=`U7uk~ zAS-1;o{dgcO8P1r{aPD+la0RFM!(BOC$C634_b7ctdIMuE#cd?3{TtWZ`kN>E4oKh zbPwuO7T}?3wd$C8#@Ogot&%QyEzv}K@rmGl)h`t>&Y1{?i08~t`0eUFWP zzoeu7JvNIyHj6z!v}HIZGl2gU8~tZC`ujHepKSE=Hu@z+j~@?M7na3OvL#eAwm#PE zSuDOD%PA6WV{Dy-2N>HX-~@!;nNh45aCX5N;h^YcbOdl~rz=-!FP<_`><03hzJ`*N6c>*RmNHggq2h|D~ z{wF~zL;?w_XY2-{-G~;Y^@vVoF`b{dUhpLT1bN8-Ogs`%9cBT5M?#ru!86ipgBz3= zN1jCaw@Rh~1=FU^+XQ`7rOG_&6;aq+YzBQz6h`nHf}REV*Md&)`+^Q{j`~p02|h3A zI$V2|CK3oPRaRbwuK78k#8oF5tC8?I#=a=vq!Q(!q*}(lAn9$Y9gN1%E!)s&jDoTq zj7C{{t;jIC3X=*6H)6sd;dUF`V}mhmitr36cnrpUNgtDKgP~}Iekh`Z&c;BfRALOQ zluC>lWbAgK#Mne-&DbKwZj|&U#_p6b@>}71LgmY{>vLX|CZ zosFl5v3sSUe#Qb4KC5Ct3JQ}7rTCTGY0Ipv0@^Z5UN`MeIifOP`HTgH(22>a5Z&;Lpfb zR%W33B6N7=E0PD^m4PUuR~C#*_ayMk(_vHms<0`rvPoo~Qp?yw5XDXDCRWS7gWBUYs;#6dQSRgcQmrT=O<*mkuA3DbBQuZ{op9du? z^onF_vSn+r!6zB}n&dyH=$W=+GLw~aGK*|*NrYc#nJ8F#Ftg4E2O~@@vsF1E69!79 zr=x%fTxNsMsNgz%Sk=}H@Jpp9 z#}k5ob|ONAY?HIma^ys3b{5uXB~z6xbG;2lb?lTphi&k2#&${iX&XGq*a1n0VOCkN ze@>F>Rdb+(w0KUAWCBlxDtJzf4TeIpusJO@7+#cy&FNRwm+fTiNufk`2YRXu5pz-S zzlwypC8{OQh4r$I=QgO8Jhxrd>)gY5G=|LEXQRV<+34mDs6lfcl#^{jpLbMgH@{RR z%!ie-(arBsL&*Gd3eL$=17(h14Xin}YNXF;#(f5%Tn-ABqkhgAQ;ymG*a9$pOE4|y zP?MnraGf0N7P?jDh44y*-lx2^a8N0Tz zgcmDkxnMRYyadac{LO&J3p&B`1V0SPl{0gKmkIiQz$*kl!J7sB8Ni>z6u~TjklRH9 zZcgOhB{C3vzo5Sd_(4G@_z{cFQ7yTTT67bBTF|F}{;Z%Ad`!@n1OAbqFGv5+{e?)_ zhJ-gn0>Qr%^j(1AAySkRd`Zx8S0+yrbb=EE9gCoOqXeDcse%q;@@5D+!Q?F$T*W^E zk|z=fZei>hxSl?F2SsLBkoS~;sjzPgm;?!n8N8B57Q3+CI2Q2t1-uCG4*`<_B!@gf zFv-!SD@f2!tOQfgD;8`D`k8=9&})EE0J%D^pRw->Mf1rMM2E%spqT{_JW0@DSpHN& zCs-J)lc4+uEhZ{B|Em_038N=O3OK>ov$C+$xKkwHf=t!I3yK-*lJrfYU|3nOSrkn0 zZK|w-+fo0dDHT@Gpr-EyL#lwqUOY=p2wfah-EZ+8xEU7HHqFKN;}>#F7)nR@p{VTM zi_fa=w-|B43T~+XB^4^ek|vd53A&5yuS?q1$hHK^$?<+E3YSrGX(@JD2t}6$)GTi) z43jgyrOj%_x3m?oE;ID1SnWrZ$V)(fiHdZ7Sif2D`=ML}KCF}|gfnGiEKF8%3bRy5 zE`)M&sX;G&!~iDP8BAXmD}j;ihmiDJ}MNt8U-Aau-^v5D^Ex|JT2!3SJyIj zhkSs*)o{xW$%F!4knj;3+-DPn`s)!qMTv|(Ct)__l(nKq$Vd5XrB`KM z`IHzK_JfYVVh%zC!}?oA=HetZlPN}CIo&VzG4^B0Q?8bQieXqJFRD8NpG5rsiOevp zs^A(FAlt+>MU4Ga@LUtb9d`*sXpMx?4y4d)PBV5~(uWv(Nx-Y%xtAr3yx+E9ovlt* z?pp0vo>*O>s$g}44Tc4BA!IcQlddj70XK>QN{%Z2HK0qLH7C>@;@VR35cwaUYmX>v zu7z7(6@uu5x$I7*b*kXfK}BDS_91!J=BUEfRx4xHHrePsHoAUBC0q|r$bNZ!rH$TV zqoW;2Yt}gxeODFY;cxpAM48$ z|N4N9r`ZO#tJ%?dSTEbw23jJNg>9%)88)E)PKYYlfDDpnBMO#^Zba2cPizb-p7KQ1 z4$4bZFSr5KA@kk)|>;9Lk~WdcqFTrS`iz{q3rR|3Y@gsadASd~Dkk$|r$s2y;PfcpT~3YZkC6Z`?d z_?m*8fP;dEl&BZ<2Eh25JdJ?yHDU4!z8XD{Ca)O?zGgxZU}$T?D3tBD;FUdqTLnA- zxXpr#sepD1z9t*+Aq!qr)Lng@_72xGfgiSL@yGFd(t>HbsRR5}4(*q6R9P@>g>p1o z@Mwa2EO-pk9VnOhX}gm%QNYl{Szy7mt;ty-U^szJhMLt&+nJn)tpwW2vHLX=hP1tRsHfluNslOt=rQkV%_y zqkD;t=0!V+qJ_m%p(ULbr3|z~h<3G`FcfeLL9{c--DuILX9GSYU=-#)ZNapgHwFq) z-Ym$B5k_XU0j?BuC={a$LA2W^rpHR4jXp6#A=<wH87fbmH19m^SCcfsvSKV-B4tGvPkO z3>0F*NcUt27zKHRP}+w>afNsmdjSiX*iXYe$Zyhz0Mjx!A+(Ps9)2R2_Rz%p1q=(~ zp&-#|?@YXKHSL>;@3-j7&R`}e6e@z81mq`v+CQDpV8N?O0So?{&f$)k$D(iUoD9S( z5C|QSBj6suRTf+sDy^IN$a?J&t@4z4tgRWYNbwmx>$S<;V;yVT>Y-z8Q(aq0aGiOs z&Gj9U}j zuK}D57>Bxs7aPOdv>cqP*4(?dFkkS%h22wD}{Cr$4WG@rX`3nt|gSBldwCXTrSH+Huw-86~lu6HA}o8I5PR;<>3fk8u(&Feso$ z+UxHRmFmx5Z=T(Nc8v1Qd;$+=dY*YV4zq>kAs2c`hV}S+u0Q|lBz<_O)O_>6v2Yt{ zmg`6NoAaLIsoWS=uyfL~q~OKUr-Ns$!j`e{p#I+Zq|hZgS`@Aorq*=V-=bZojYE5< zVaxoWSDT+q{NHb!yj7bS(`!+*48#ABV~kO7uhXp_A)1B6A&Y@K&9muA<(HrF$bgSC zjjG$w21|{m+i;Mh*66rRd(7DQ1$gW#q!d25E3BQtuh=nd&K1r9 zAI8EHwesunH9vyC5+m1HQ%X3{N0_ldLLH09Nd* zk0=0ZP0@9rl!^480Y7e})M&X0SG@0~tVVlMr{O(D%;+>I<`%HyG$NLOouvq^0*)F) z{}iw*h{>9S+Z2xrH6rCi7vna#;EAq8oRM&?DW7J$P_RQKxKnI!wmR@jgVR+avl|7+ zOSsX--)iHB%mnj+48{vz)Do8?i2|iYm2=#JsUq001)EOKvS9KrFB33)Nk=g#Z}f5b zbO!ekGd6li*cm*XVKR;fnJ0eT=kPdzX~44Y(5!R69rSDlS9~8hYv?s6uGpiHSQ=`( zX>ybY#J5AV7(b|hG4w`aHe2gWBBW|EwgIq5kU07cSOGdJU-5EhA%w*&3Xh7u8Hud zIeO3m&SL)D=&#eB#F4*-yR|L+KaDeYYk#;o6UJ5JOP?w_U$qS9p44Hk>#3v5vs}d6 zVscWQ9s39cDUgRiJy~yz;v@)7J;^V-wrg`>(U^FzzAC-(AWi@PLhnASM z-)fv@@x2!8q(K}{{J%$wYBWl}grW2}gp`@jy@)z$R6c-Mchr3BzZP}$k$YTYjjv_# z5n9w~8lk7UOa+GMkyGXv%nHoMUbu#gru)#S$&pW(qjF5Sar!C<#Io89W zG*5kZX;8a`&#a}_z~B`yiS!skvwYaif# z(H7Ard6H<0 z2cOEw4*oPh(0mpF>)%Rgl5)z(*{40!{m{eOthnwO2ehZ+yW2XnU-Db~X>t~8ea7DO*}rb2fd;mles5n2KK&ZrkMw%H-`VuC7dNr z1Rp&j4Cji&ee$s{n6i0|ny0nT>u)_IX;7*^GC9QAW10w}>=Zh;O!G`rhiyZpG!>&G zxIXAn*vgU?vwD_0nI53#r$>yrbG?jb#V}4i6GMTIc*!0=&L%@oR!=eyq$knPv)5Sv zjFudCDKcq1(%tZk)-uCz9*i0}7KPSRW+P@XMErn*)`7nSS0cWM?#|KLBd#L4Q z8rZ_8y4&B>e(liS^mI4AqrDKt*BHgW)!x>g!V&V{Av&z-F8-Z1%|(5J`;3-zxYDUG zj-1n`=?zekK0fP*f<8wpHa`X87u~@;VM%BSyCxy|nglb2czXp;jrb+nDFN4u-yG1+ z3Ai5-FIkOW#;!kVX*|Pd`y-AYR~V=Mi2l*=$e-}P!^r#-4l8S?jIuvr4&gNF|D;V` zoGHXewNV^}A@d`DiB>9T@;3vtDx)8Q=|Pm2v3rr!W~BTXFN$&W8vZ|P^EAhhQTJyQ z3cdcUEs83_2v})22ecKM^N>+8pe@6*?2YCDsGMOOr=N;PKG5cmZWfYj#cwuNR@#l? z543qpqNGnsL|P)!q)*BfO$?ysilIr(!lXLMIPw9GWfvJ|KY(LujKmM&7}tKI;6q%Z zx_XSN4>2-$!8l+HeTb?}GEzPQN3`E4{s_~W6a>F2QA8cw@1+OdJ;67=W1Zfn#m49c zqvj)R+5(go-6>dGF0Uy%V!kQXRk#cj6Ff98&g7!3{lGw!7LW z8-ynj^EwAH7Q_GUUIOvL2YJyvQ>`eK{>^t?^Y)pZRa(YG5cdJS&OMKia*vC zYB4QF{l^d!bKE%mF~r6U8vP%mJtsZ#iI%6umKp`0Kw@mbsQLt{vF%3lC)#W+_N3AC z33PE91D|NuYjNd9(O)9;PM0mh&(@0ggEj#S&oZd7QgX z#FGc0m*2>`pgo*E8#y)F_fD5_so2R;1F%Wp*v-7o+1-BuPZiL`QB;PT>DDLF{Nau( z@R8^NkRi|G@NsCp=oRvm8czcr1YTfWYVsMtj{q+b_&hXDC-549=K+VibyhD3%c%8& zp19%(oQjz`};AD`*-$(WOflK}& z;6aqnJyr${Rh7^PyhY$*x`JsKa-llWT@ulgxv)?}6^(?I@?4&VDj0?KrHONXTE3YL z|3v<&n5+Tg%|iY)n6T;1Amj+bc*f|_@)3a>5QHir&@a+&!tvQQq)P?vz;RiUeMqFk zmz&0l26lM>&qmQhK{pAiX|h@==T?qLDdn$I~OAfK#~KQH3X+Rf7Mp;NJ0dkZn{4_+#LQkzOnCcd@H11L@MGXMrCAUMJE&MD3*jKW^dl zL6#Ak3y(Pa8N1F4{HRFBB)OEzGus5}-#LhdwjmIt z0v8dUgUC=|WuT`9l%YUPv}zhjt&iogD9k4}^ngD@@UOfg{W^iuLBVLa{s!F2q$(K( z|7g@t)Ges)eh5eu0`4+O9FFtGdZ%MmTI5a2^hV_`-chw>UKLZ%aLwIRZK*5q}M60rf&QM975%9_ap-^I_s+vS7DtSicsJtVg zbdKO3d0Ht-&%76JbJ5vVs54nNSJ|w&3K`@pU#{v`1za_VkR^nUE<-qzaJ`a4mlU!c zjNY#b9u3b)nWG_pg50S?uN9GQADg8FjrFO_V@p-$v9MlRJhoOTl+2XH$%!g&a*@iL z+-#%kovJRAdsY1<_bFE=pHs^^nCC@a(?j<%nAXF^P1)@o03iD~^Zxb40=8b5w5{UxsOxq}O1Cl5i9HzwB}o z;A&~j1ZXE0!BUQ^s!2Jk+&-~Hd23>|db`fV{YuV6#DF4E*u=w1(TP2>Tf+W{aJ6g{ zlbTiCPl8uu9Z%|%8Bl13DuC|EO9N8jUfJ4HVWsp+YC!dr)JFBXpH#@7tqbi^k0>R) zP(l{$1(WQS-U0Q>o-}w%29~s142eQcT7zm&X)Q{LG{}kYAH^6f`1LfnR9cYkRvFTh zR28J>s0``FEb@rjbXY8{Os`f2qz7$u6fEC+F&XmZHloP|rqY%glgn|t+ju7tCx>J& zoZPC~;beGUwwa7X)fqBS6EYBHK;Cu2sEkq@y~+loCgw_>CZ%JBa+J<8P_Q&AqumB~ z*xjI;wZH$ULoFSvd_trB|k*sv|JkUIY%< z;CdSjSIcUh2Jgyhns!1}$F!3czZs9F!QzO}GdB2~4IZ??!wSxH+F*D{wvS9G9f5;3 zxLGNY*^YQ58%QQJlJz$ojV=PiT@e`Gk}jPN56L>74vQo7b{qYOEiVj^a%Q+C4EtyJ zRNc=&OO`@sz=8;j0wS=jfEh<^ba+v=i5VzN!ZT5rY#%dIRQs5j1Epm=nrSO|CWJ;Z zpT%@pw2v$ZS}WlqRd7~?s^csuEvquCPKAi9L&`&0XpFK==vinKkqoC)hFMGnxmo2Z zO3$iN7R;(qd1nPwqnll;>U%aC=0>6PY#1gtd(QEganNjkY>rnIHV2vI{A5m06-Kv} zq@r`+l?_5@_JHD_>r|0^ZjzcN%ui7~^RpGtd_T(HBn0K49muer11qHxbPh`P=^R)o zmB@iYaq#7LYwsqOI5)OQLnOKIx8g$UR0|D zE!wZDY!M2+NffZCPZ_fa-r6kaurX5iK2(7&h5C|}H9jaIrv^SWC^=sF>TQBhaE=rT zD`gA!^{RoD&Pqk(_bd6hVw3W5atPf(&KYuxRU^tRQ-LBE78i@ca^ZGaSS|{dQ;FPx zh)|Z7p{&n?7Yjw+JS<4$xllSjd3WJ!K3s&52W<&or390QUlOl*|7gE7#7Gzw7AAbKWw89sRp|w zMe!^Fzs$SjHRb6g?<4+8S1-Aw5|(16R??S38CeBO6I2x}g&SqPE-g@1u(UT=l&x0z<63q^B`oVxyS$g7;Z(|ke+^g`JfJ*xHQJ4A?N?{1y1yEQ$sxYTqv%CY z6m7z6f2^p(mN2Lq%kmu6pqBfUa?2|f|ME`7zoJAHwxUV}oE1SE9aVX~@WhG}C||m0 z#W{89wqjV(S0<~y@+;wLxwn30IhN{#pp`XfM-oP1)M)9m63WTvgRDHEHu$eRBV>~O z#Rclxvls=)Yms6oAqSyV*;wKeLRa~fWvgJZ9JE%!)e(MFs~kI4btq$2*Q!g4)eVUM z^0Iw(n{wmoBkFQ~^>MWfv>IB=0cJInlQW`{L^WZd13a?6OMGg@rleF&KuW42GcKK# z)G6&s>Xl_BE$ZA`$syHkN}y1rfV1kFv}8#3X zwg!dCzPkpVknvy*th`gW{aRQlg`)#T(YpW{WkglV|NK9u7`4RD8C*aq5~tQ z{nr;Oq1RWc>bSnz2G`o)pqe#Z-x#S&c72--?lDgWGWuM9QpsO8Mj5tl63UmBtt(O| zN7tcXS!e5xtHRd(%$E5V$}8(&Wwx-gtWqgj29L_NvL02ID|psp8Q$_P>|Z}a30hyQ z1g%Fs$uPVg?p-A_pHr@0kM<$s2hKq$I8klr*^t55JtFUh0`;z!4W%ec#{Ugf%5@vg zs8+pk6i$XvJHSHq#$+2E76eeBNuP>Cf1<5yyd5yn@!8m>7C$x~Q4M)xpNcp7##2gY zxkp)C?o+M0yiPT!@^)oqIRr`TZ}6&Wx*=Qf->_LJcf%eV{Gh2QS_3{e*acz6vctHL z=4jF@vFbk_cL-`=CYl++bkmi$3OES3Q^2r~Zc!2s-Du^f1zZbwK*02yX~A?aRTJ{* zzNseU(>+tI)8f(ThN&h5;btjwxUGb^Ho#c|?g#9*V7edbC=)R8R0|jdJDM#x9=vqh ziWH590gmGqoX`juWe}Zib2>B8HwdA7oK6TPnC@>nJ1m&)WjZ04=wl$9_Vy7x7S=>n zT5vLc<&l^1ZGaD1bh>RBby~piT$GSQw=2neBqyZ;eZ!S35VQbSu?5pDN_qT+Zcn;e z1^pag6i%7xwxny&g6WoIw2)6EBhX`?_4@(@gS4rBIP zFx@rOV@_BI-64z_vS7M97z;+qKz9aXVFkf-SCH;RnD8OM_!3Na1Le^cx)Ugmw&eBz zhAiS)LU5}E`w6y`*3CP6aYF0DM%*IvTTFBZ&r@f?bo0)GG!nG(EMP0MdDG4_Xwg>} zqp?9j;-Q;&@ue0_H}2vC0`36ZZo$`i0ryo~2;HrVM}d@?_E97V>*=OlLY76RL#%X1 zgLvrXUBZ3~rWtJ?^#^BOD2uCTMOO%`Ipi8!b`L5^XfEphb>#;J`@+_7xHji)i4&@db!OIhdKEA>E4C3&F}>}j}pXAzvV2MHg)fdVqV(u7rbp%5^d~m zt}>3zblhOPu*8vUJUPper|-lWsvhh+#7o6}PncWqIJTt+wm-ngu9W(nc=<~Y`mmLb zUEr7A)!!bUgmkiz(vy+y7U|f7e(6P#PWDoI3epordLq)lDbmUIlq4{C!Qd4PIJR?X zw^2LWF(&rnXgU)^`{|9uEJuscGTZUJo2=KC7vN2M>-Oztp29u6!rG_I%dCCMyd>9) z-Hv#D3{J?ngOB1Y&TsPrzIyCUOu0G`d~3e71=D&idV6q%%`7!7mlV9?TOE%1I`{ zXk|yl8-%lhJIt5Hm%#fQ;CY|rc@NJvUn6{gX9h1AOXfPVbi5nB0Y{O98kYX-Wd2dK zr5*5-c)^fK-@}gPSD*>(Kofw6No_%I$LrCO^{X$VHS0ISkG&t!zTRXTZ$Mv;cLb9u z#E*>tQb?uDaD|{^GXn~|f}TynB@OQj4x<_P%nib%jO~5DXuJhR;@ysvGEu3R?on0#16nhrB$Hcci*ZEtgW*GVbF31zdZTilWAw^{ct5hT*NiWgFT+*z z>NpY@+$;7JTWzi6Glbz?midm+`oXaGGZM4S7f+Gnu#s44b!pJ_gP;kmyrzRM=Q|-4 zydwW$QqWG*{Rc0#NoKiQ+OpUi(*g`fNOZMahdD;7OkI048Dn1H6(fG28WJ zmRxL%D0eyCe2>_buJj+gSiW}{LZ6@*aIqxv?l6^?jv(bwv!!Y@8=Nt#ON(~<_gusQ z$cq(5XSX)Sb+HylhK2>)3Ao>c=Uwap-1`|~(XKD{A?*+Xe^@!h2(_7Rd>>k}ST!pmYUr8%QTEl0R2$@+(YeF3Aq&Rf!U7VY;;!v50Lr#iA zi1hOVCgA`Zq@f^qY$ly)I!muM4_?eC__W@T=?}g+KR`o){}|p3mS-HxaZI1zmUkYZ z3EgSendh!(WZX?*Nrp0WU^vE_^UoWT7C6?$K822B^-$x!1&-Ov$>__YURgd)ZJALI zkv`JF_OJpBIabtjzGSCo?9Ma(w7@ZcY#x#+=GevU!HEa&Ovjih;U4oH~f7UW-M}~n(~cJ64FtNaEPh7O(ObP4MrRE1L_72j~Tk!F)z6+7G5eQ&83DS>I@UF z4$ZINP5BJobGorR-;tDm@ZtbU69+c5Gt?1+|E08xCxiquu!_>~5@E9?AH3N18L7Ry zQ7h)qdkm-kqFxI49>uVQVO>@1#p;Mh?ev2eONrl%s+ZG!pTQr6dBa7oQTqkQXve{e zZnGX{4-c5R#ra+q;AL5#ok}LR^(8?y^c6F8wRw@QO2x zAtMeBdzD}DQfBg1qW|E9VKvV2N|Txi>M0wwoa*4e*5ZZ3rgopZ&?;LEYTq`{U1(6P zhEv(*Xo_JXn`G%qc?7%*x0} zf+DJ(_rtyvTU0&%S-k!|=aV6)qq`{2u|jkGDRXuBPlt@=0!OV*FJ?rTtfnye{EMtK zuQI#=7X_`DskT^CHP$2!^EFUZL_`eczKE_dj6+phSxN8+I^+|R1DHl8nG@!hwg+}D zULDxSS#k4=%ukIR9Xl%$*0*DRy9d*wtt^(;{MOO?v2h^)#$BN& zO&?<}x_{TU#|UO}_}+MHVxBn(#sx_5_G@M%MCVW*7_ygSS!ZkixOT$>iFv`>i~lcO z-vgIrb@qSmKfuEu73)z+QBY7p2`R}Q1oc7DP^nN+sW36IQKKZoV)@|npsdi`8;0v> zk&(IPn(MX2`$`)sZLYb^ccaCcYgY8;Hr9OivgS6I$n*PN=RW5-x9t7hpAX#E`FEY` z-?`48=f1BydwKYO79-B5jTnK3|6ni-g@upKdV$&b+bAP^ln|@N^s+4^QA#UoNwHXQ z`w!X~VkF?jBWy#J@FeyFxX?+N@9N`Gb?|r)3WrP~>bCa6tC1J=* z3eu}piZZ1mq6{DHJ?q;T4mVb?gffUYzYijxQJhU1rM;6`0WJ5}=4B57_676Cd*`lW ziF4;+vx)RAc>j#@L0rbH1L1JtL8}CxkSqzN|ExYgFC3=+&^{S;fZL_vlpXelST9=zGF7dJYXTMIiF!2ogJ>EB!#2B&hrsZm*mrJ&X6*uR(UDLlBAj z8X4Kol{O+0L$atL^S5NQ1(--K1>eCM4~r~#Lh&+VgxKJYD}%m|U{JE~8s~B7N*~Hn zU1fr5%s!`sSO8vQNQbVZ`}V_M;OHfS{Lqy|!SUH6rAfFH4pV4Blqc~jIgE^sz2$*#c zzqm|h9!Q`TxT0{cD?DiI%bp0|@?DmQJS+bs3ntN-!Hw9Iq#_B@|Xdt)^h)JahOZlDT#FmHu@DOcuun#ZuzmCH<5Vbt~ z>2EMs(jkZikDCZ067o`U%uWR0pkogvmm}m28ycO14j@kiXZg?>8vpKVVv&0&T%*LU zMul29U>?~I(KeAZLk~zbI6LfG%140VMC3aJJNf0lUI+YX6P^7x6btG%I1BEK8&>b}fEM0{vh zq`W>J%Yt5rZ560L9xkw+w#<)D@I8KO{M?UU7KjgqyK#2ug&IsXj_D)Pvg|OB7E>AO zB$0|x_5klgd-LPl`JlMp#FGlG&&-b&b9*7qV?Ub6v*`Ze-*}n0{}&I4`#1Puac|&f z7g~P`HVcz8U}iX*3>?4`1FJkbqjQ;DAn?I#T85MfnY0O$%OQ4PZmBRa6Zdp1SuV{w zAeJr{G11c!=EAJ!#r=FJAe3xDZe`2EA2te^?O>-vcstFTpUjG3ilt;$JKuIX!7I_U zB51<~-Ag7K8iI02NgrXUn*K9!UY8$opXISCSdxtnN`6pU|%>u4X}G)V$eYf!JWna!V`KX4<1ZnIMq#W1vi9bdHAChuyt_q!B1e$^>T7& zwB{tKDN~JfxO1SC;J^!0lvx5txC4W}|G0mJ^-bgW@kLgYkr4PQ#190^!+*`;1*@$) zS0A1QX+x52XEF zuzRc$*##Km5tlxDr6GBs=g#Hfk-v_0Mjtzh(bviCa%<*fcm3M6Cz5=@7ti?-ipjgS zDrP(3(%2D5xF80}^`gf(7&|3jjNG zR?!UK(n+TS@Bu9JQzm|Dz%KSF;Y$vN+h*;=kFwMu&Xe2n1FV=jE<6<8!v{fI6gjd^ zo_d!x&M4!)yR6y4P9HW6V7fW*!`XCDEigK~hi$5jUQ1~gjvifQL;X}HrbSwKVDEKp z+o3a&a_79FbXYl^CZX>&>`34=zWBZYBkG#YhnmGk%W147e`rXsKphj&V!3>6yHY~T z{dZgAM(4`;0tPa)4~`OXs_Lw%{A+hxADX?t;fVwGSRQ@A9LZbmfk5s$e&inO4$FLZ z@A1p`TDz?|XSX`u#5_i0*g3_(c&LPcF_a)=25mm&jNAYEjWcik*Soy)K5I_)PjA3D zOr}8~#w}L$n1VJDKAaMlql`7e`#7_BID{Z+*0>w0L3xiC1D8X$N(45u#ywCh8elVW?d&y_1JaDh;zCSbL&;(r zx1A+L4EWHHhh{!ZTp2p=>LujSM#ksL>*GCD)-2=LbDOLQh5KkSfm*w%f-}Qi4T%Bl zBR6!l&Milzt6VbOiFDcVicJ=eHm>qZU$*YJBb-FD3FMhU@;qg*Gvrf&zp}+(7cql$ ziGJV=uEsZkXQe#aIb}bM8pwJN5z*{qXU*d$c-!OFB=bMM!@C~0?mRxd-fBzaKl_25FfkJL z=p}=~O5Cd=QQ+rv{5*8I8DpS^XY8`_>8TEUhjL(-HC?>;dX87`!ota5yaideP$^vr z&W&CYHVPzsSl)|}hu{0@GCB~S!G};2sp%C?ScVUNbMDvgM;Asfal%>9FWAO@r*c#> z5A3!kB(GF8Wi&3}H+q~ZF|EHSOBru2RyEH3T1D()^k6_Dzqs3)HOB8$W*&J@Mo}5h zdD=>uS2wH(^qb8x&&8A3Ci850C+x@go~Nyu*OdY6bFvW!ZsExN2KT2LSvY0v-fEAz zi}(Uo3ob)kiU_2w5+}>(hg6Ojix7qC`Dh)uq8N&aS`xEGGUpN!dbgT+*VERlxK4?- znDMKBHmCCOd#q&Bwz+Q)o>;Imc!ju^@X#KpG{BGTflqDYJ#_2h1AA~37lq1Sv$D;o zTwaa)l&C6+GF{$5X;i(WGyqELdEqnG4da$Zgsx-`vZ6Y8?K6bz0&joDx-}{lkKv^9 zqhA9t(M7!HYu3yS5Jt2TdxGpD2YFKLh6i1=8x){Mi{dtjVyn}i>WqXM-6h*Ap@QV- z9=@jq7K(^t2sY#8XIiZ5=EQ&waj6c`I0mLBE*GCM#ZH!$10wpl{~2ri*tNs?1hI(L z;@@lCY{qo*ff-Q~XpqF5 zY3CKs0)eNOx8OcDR&k*2=p;6opA%)J4kqT6cMO2oDxTVE%^w?kcvu-IiS6Wdt=9Ch z&>O|ZrOUiP{1`-g{dHoVr3}qp2kaz8~vd7Yk(c*HI#rvQ8I_xGM-F)4eW5yrh)kx2X zKR2u@P{&^!mRCgnhj)M7S~7#y9O6orchpZ%>?Fy&ROF$b=d3Al^g6Y;np#&>jN_Yc zjVcbRFfHRzum^u;xL{@1$U-0 z9Er~y6{#-(b0WBa=|?3y5fyGW=R_(9gy#HV>BYm+ceh^r`3<)@b*qP!ZH}Y`U^Yb3 zPW>lgqR5I70VY7~ORXipxM8wW_XM7yYyl6a9m32rx-Eb8JS63y_@mAy$Q-~^H)MJ$ zu*zkm$*QXzd05n+xEvK&WV-G&diS12hDX-N<7(csNYfX1Ax{hJd(Ra;qtoB#NQXzUnHjBC*W#V%55e4~AZbo^R zQ=c9pPQxGK*a-PYZIIPzQo|Jmai@_!(w*{PR0tV^s2gzXCh7oHqstL&)ay{8_9I^{7Qq??egKssn( zI71}aeb7yhqk@=pr@0b&%*|+f3PG7W|nCZk;1fCnmGL=y8{2l;~l&+W*l0Vu8Bb1w?T880H^ z95T+x^mp)9Mmy3?GTjB3E(-PI!Sd^8PSW%s9mO_n+?c(Qt>^xit??-c=Tp03%Z7*8 z;~UqbVEx9eTOQlAzGm}=s`U@lZF-2WKqdaqc5Afv7FFf`Et@uFqfuS9kN>6J^2Tr6 z{P3f7wOcmVX6NyZFI!XMAKLKcP3vp7-nV{JJ>UJZ_07zUHJdhU(E)>I-?YA-JzBTr z;f)W~>fD=s2qV;T$jZA7L_P5E19j~2%{BM0T2-=s33{Z!L-%jqvT@TBo3?CLq&&K* z&Y_q}k#Hfqd3}BB+_dpADA>5U_A7kWE7pujqT1H`T-9y?C8$#Mz+>xg=DT097Pa2@ z-u3*~uULop##gOLt?x{pJR%b4=%!pyIO{QELh3_XYY+uVks(u&dNlah+pD4)L`f%O)`yQx!lzQIsXtfBgL{dHe@i(oxM(c*@cOKvT zEo-I0dtS5Bf*G)cI7fr5zy+7OU<{B*oq87x(^2npv2IK<3J=UPMZp7@H6)B(Pvmtu zBh?9Hgi(jV2A`*1ku!>P2S$ktZqu*G(R(K<3KE6{o-4 z03sIrSfrrB1-rPn0{Z1H>z8=yKAOmfKYSms?Z9@Eey7Lo)ZE)HqHPfE^acLyODX|) zP{UC`s0fNm)}o8@xnM|0NrLvY8B)|yZLa(-{eoZ=RHNQljE2-x)vHm_#rmD8=t>t{ z?}GQ>br0D=^kMxTC+$$x%i__!u6%GgOV)>1i>R1p8TBGrFvewoF*%y!m;(J)Sq!*T z4PxqCNMV4=ZfGh|M9?gvVg=DVND(3~xatpzd|`j$g%^d$1A(KgF&gz=uMjl?CLD8&D9v+ zb!x~ZK%^14+g0bB7B$7*R4N$Z(fK1%UHOo%QY*a@6sa$4$gw{*qRCYWqK;JRaOFcn zk^Bp;d`Ly*kAzfIXY|^TQsqc=tW-9#N=s;DFyJa^aTOeKHAcsg#(l0jmv#QA1f4%B zM-w!vSQ9j=(v@HDhTvD*bh)QY&oLEU&XM6KG6_Uo}ex?D?Tbe*dXn2gjvs_KCM(Pvx* z=uB0@aw{VC>%f^(!F4dG2wdiZLoOINRji)t&g*&Mx&aMe56NXH|4$zkQ$gphhyK)@ zeSL}M`1&fW=H(E&9{N)vy&jy+Rrye#lGgQ*VkG~ZD<4EC6$I%EW~zZVT^D%4rJBvW zMS3WDL691j-g5oMy0=ybiSRb*paI@?&5XB0$A9pGI4oYA@#lrO3M2<(Sj0Inijl0G z#+U*ZT&zR0je#yzgn}`hSiCDdz?rUKs9=eLFKGtGQvbKfg0UV=#Mlg1C5T-SH@05u zb?hEZ&{%M(2ptP9BQUsB(i(ftm48vf#Q!)K$K#*^6`qme1TK`sjf2=Da5=U=D!&Wc z3k8ES75pg)l2aiQl3-5}7L3Tq^B*AWIbHN=h_^b=QpyBZeE;!u<7r0$5>XEpav47uPVF1SMv zxrx|RtEKnEALym`Bpf=ZeA=3jxdx|Qtx-=L%Me<|38@;L_0_)|6Ny_lBnl}DbShXW(tfe0>dUE z@KG1s>w*V0oaQ1ZnC7A=4T#hvlm_Z5r0CLquZc?|E+zNrS=y@8A*}*gKfOyET{_gH zj4u76o-gREZ@u#WQwVpHbf8Al^g)d?BSBBc z8NeeZEgF9r?Rv+W(V=Ipi~${wDKkr}CNo#>f;0U%pqC6}R%>Zdut4QxGJ$`Qs&iIP z)0ur3{|~ByOL}ge!E}Qe2|6&)j2hj+jBYK)8Bl?mYG;7s%@XHKs6*{`XBOjJR^^vR za0b~-P^}uzY}VdwW{VEyF%ujpuQwACQuZ+u9dD9Ivp}elL{^3tbyksXn^oe1%Lo?! z4@)T+mx>ybRj+-1);_)D%0kC#F39S2!Iw0ABZyFI!yB_)`QTnH#cqV;)Pm*4AUKF5 zE^3`+C+g3CX9LlrlFMwL<{;bef=l#vJ-dyuI#vISR%`ZoZM?I}96J#F&#Kl&F$>&J zm5pcZVeD}QLj{V^S;t(kiKObyXl=QNy?poeP?Y(fp)oLu;Shalr*ja^U|ajKvv}%bS|@66z*!8OiU}`8Q{2 z3Ef<-^JjxgRev_>MBrLiolZSX&pr!S`TyB{x*#`MH_r9xxjeVT1y{OY5Umy+x&2x- zwqQ;H$mh}Hm4cfn&U{C;czsTcM7a$8jgyMby`XyNKzhIvZ__v^2JBJ16Se{B1$Ss4 zPzYue{=xx85cppRQ79cRL?spOb`jGY(i&2?rN< zYt9y*(TmK*y;>5BFEaMDY_OzQOKVA`wvQzkLCRK^?9&UDC0&~PC8u35)Q!D{GyZOa z7?lccgSeEZqll9cxLG5;4H8mfzpc{+qXQKRuQ*-1k+XODo|UqrBLN0DaB=8Y1G93GKf?ynU_Iyi&Ul8 zbO+16t2>}yeUtE8xwsM}Ol=Y+JRLAP5OsUEx9lJX@Hv@J5;`wol2D(7zW{u}f$iCV`z2fh_@acr z0XR4y6CWV~LWBx3Al3vYKMIF~MxunL0QO2492-dzZUdYw;oksGb>Qf+fYT+s3NY{r z{3tj4PJS@D1&JbA33gxWZh|I4Ad{n|u06r$+ zA;29D9KQo_rvoQM0q&A8MV>Lboy3R)z^7#g9wvqgg?ba0A9g}8h#~7Gn4~~PB;WzS z=N;G_M49ctRsrBF35NjtB@8^&UWEU%bC76r3h0SKqt}7sfz$LlFg?&`7CA6IrDsCy z)G z5lwCe>~r$zIW~G;jT)zcnj7S->-^w?Q+x&u#71zap);D|;&s!var zMem{UPl;S4BoXvT8U2h-`SdthG&&J5L`V;05loMf#rPx)qGKRRkqTaK$D#Fg?8$n=0W>z^F%U=^?Gy zY6qqVv|^7qFg=_VD~Xub4!GaRr-!oQ(xHE9yf7JwN~d5Eh>5F{a1G$o4onYSsSuAv z7Xjms+S0>T!cYm$0-PiB(NTPnga-gioJ$~u_@hofo}*gD;-y&VA*y&(B&75JRe~*H zbevG)!1Ul$f+Un4no{8*>3OMy{Z5@_?G$P8xz*;)eEcu03S)We=8w{%w$;PL`TFTr znz_8(39*QK_lpRzxV#(<@xk{~_7s!X@q!*}TJ-Jk%_CZ#LwH2<9v|O>Ec2cMS9ryH zKt#e}C%oeGy%-4{3>o+n;T1<#gZ9{VBuC&cxwUrd_~=JKdTg(VvUsqW2i}cDS)7e1 zi{qkh$@AUhgjqEIP{#+}wSH{$^3GpcX}F#Lr8ONl`#o{Xde2H3)7y}~yuKK&g2I~M zRjb5M(C+1x?^*BRgWG2Fjl%Z(fz1wr zU-%d=pl@JFysg2UFs3H-5~|8-4s3QDFZ$S8WaS;j+jHX8HYM-I1@=+#rsGMxt6n+u zpFl(L2p9!tYnZmYo+2tWL@lc4NuT1SrqdADF<$hkwcI$yTRydZ55|wzU$8zkCfB~P zz&?#PwQBY*u#e$hhx-}atM@Lz%i8l<6%YL0dYI~8{5|v^TLFPKBfpX-_XAxSukN>A zfzlKHXe}@<@sdAU3r8A9_O7=}=J`qbb`Nj+qqSq2aY#hBImwdCzTqkG9W?&U7qn|h z3cKbThYl>Tn|9p`;)*`AmKYX)`ZK7~;@|$vDnS>QKeLXbi(`MXmKB-@LubrGp?>q# zP_y}b%PU56%TA-I<%h|O+V-Xy?YlBeo`2C= z5N9RtO{4c4KY6G%wK3^<+ePq(E>8as-XEsdKHGhjtPS`5p_6tG-W_iuN|8QIX`c9J z>kKdZtF@<;-r%M;9-*J)Q;m3YZzrpfZ)}$YKAv5#OoEz|?g|evUw)WHg-}0m@C&c+ zMEDBg5}e)nGE3Nr_N|G3^zxpSRss+F)ynnwPBPo~Qh1Pe{?)>_d9y6h+ySHqlg5X%C=FU~Iw1&vZ^qY0sx47{Cw{uZ8k8TQ-tH*1k`_PM`X%L}{EVyb#~ z{DqJ0w|uAU?qPZFAg^OsUMDQF31)Pjw_LVL`1wCs9^UtN>#w)}Uyc8z6Y5YQB~cKm z=)Chp{Fv85XfJd#EmrXxvGWh@Clfq#?v)zzxF>O?{=sFe(C1OjugKx6vpFw58RP z3K2}RU{({{9AeVt0|}6)HWt_gTQgY*5kvo__fP}-QwN% z6Rayc84)lRz#+eEr0&J{$b(DYtKVB_Bo#i354RVv0P>RQeR>ncscQ5W)a5_C2 zD?8m zc0q|0w)G%O4qfyzlvUqumYX5)$B(aEdl^GsHTTjE>;?lqatDXyNT=9M|un~!krKNZsIx$c^-iv!e;eWCc zLPm%nINwWbk-G-R&yHe@dJQU}PVcAZc|0tJ_V z#Z^HSsUqmkv#dXVTlh-w_g8}TYq#0+*G5Ip7g3oIFz3w;2$&XNQOm=>e7Eqs;1qBB zQ&bcGi6{e)6ZnglFw%V?m_(?90qc z%z)@Fk}eo9Ako~$^_jMR`?tPb|Hv|yia`g_yygWbi46tIysL|&=QqT@_4?d@FeA9T zlW+FeMP>4a2+B|Gz=qnUieIekVE0> z#`Wxo?*xk?WI@jl>wSIUFuhkE=$hdTw7uq~Nv2_`;|`rrCgEn_$O(LKuC(kOd;a!K zFVt_ZdO<`^Ssp%nLNJ2p1kijXa7I)C zB?1EP{M1W`18q}=6M%(k*h2#e3)Wtq5ND4!*$JKzXHN|}3*7)5{2=V4e&;E68S1CN zen#-bG7&*;dAR4HJU=rItYcB|%_kgZ&dPQzu$Kw=B!cE(#Xxi30ce#7MSYfsO}VcR zM7|Bv8XhMGeFV?{wLS*JH3u)*^Iyl=)9}Xh5NNs~5q>mXP@p2qU>1e}T;v7uSZAN* z74i0Lqno$H+Y@dGPQLOt>%j=4;-WFD@9Qp`G8pU@-qh77Gc-x^(Hu zZ(~a+A_7@1MJhKa7$XpMH?Fq|$T)T)TKBBoF!ybk6IDkC&07BVF_Rv`=umcEH=%xe+bbBZ zSKDSD@U!5&p9zPY-|lD7S`@Sfhdq>zMGk&04C#!(3(LIQCoFya%_1Se|5Jd(ef~!* z8u1vv$UhPOLYT)%hP9nhA(jmw0^vZ!Ua|0XmW2FT5scQAFQmG=2Ok!Q8merV(Ziof zw8t9T_^XL_ijs8jTm7XZZ4l}Ob4d})AQvFQYW(y8|Fhv1FnI|KVU;!%057-?b~wxr z9?cJh14tjn9o~Gf4Xe0wA~@Iv=A~iPf^dVaD;GMWJMwz&rc2b8sorx{`b)^zzAvv}+V?DoUV^fehdR8LdMMv&`jnE$727iou~nyV3G z+$MG(9fli_2*Pp@-=LjnobA7Wq7#>>1mcAk8{*Dmsr z*r1m|OcUd1`A1_puxpBNY(&8$nIW-IKu-libf5++t7M)u#!gwB)OyOuY5my9g5~y7 zF`Tbh9t5_3=G~g44Ie)<#=ducWKM0u z8jk`CrM`jnp6VIACr0MlgN#-PVtyqn00(1u(OArBeqKG+o<1gtI+R0h4CYV-s`=4q zei%jL%4qKhp_k;PGwy3=H`1!t|04hMSbOo9cET!#7#8(%h*k08arS!%3YDB>KWl#f zzxc5vdr@oxbmb|0(X#nq5)KN#zmBKgU~f0SZ}9dT>~BxaBD;D7pY(z+H{y;Fs6!irSF20}R((-tv!5-Ze` zgXj2#@%Egt-}{xbxH8*!O=dSfGJ|$$W;4&3U{9Y=1$5T6=&b!P>%^BU_?8I}eE~l> z!JdWN&nMU^vkJ_MtCtxi!QGfXPntGXoEDUiHPg^`e}^&H`mvRcAe={#hTpo<&Xbev zY35ts;YG<1eSlXd+rA_U6o^KBAUg5oOsnV-G6h8I_RwLfg?rG%`$-GHDuI<+E`U6Ahww_{Mz}MNziFGzck6d4M(a4DfVq6Jb8#5`|DYUPERYbumZUc@>ionn*9IW9?Nu^&{Z`WXGp95jt!w5?SVb>fpIr3y))IWwX z`i>CfK~_OFfJjz3z}+39I9oy!GgM%+p(eQ(A&Y+pk(VzzBZY0NMWPm}$k>%;7sDBhD16aKZd_y!yqsqFX_pDOa&MYFK;IIA5OFZV`u0x6 za=TL4RV7q?aaW3U7x@l6u}Yi0GTt-Uo_)I?CL2fYM>%vj>P|Rna%xl+F~h>0jyHJo zkK&LGpEv;;gf$GeLlzeu--Ny60(*d$OtGg&9fsiz@cJqC3^Sa_+b7#z9NmX2_~9w` zA@hxSyg1EnLC%{i=y*SwUrw{{GmmBRigbG)vcH?hFQwb>o3Fpc&rY?cP5XBhg0c!! z$}|4g8`@7ag+oN93Q97uv12Kk(Nm)Fq^4-SUM8HcdMgsf$v(+L*{AzFrZ~KNnqXk*Ufw_#~o_PQh8O$St%mYI6VxdZ**}Hv} zB2aBVrca#ch%?gTciv>5#t$CcJKO$}v62U7L((f63yiAOne(?Fn2)R@v+XbA=FPR2 z8!LEaF05yTDA<#0=OgD#u03<~ir}t(SarDPg_FjL7lw?L$L(9}9~omH3s6y%UnvgX z&eD1~dO<5qgnDnQPnnI`GM6k-m?+NFrIq4OnP<$z?@FepJ zC-cgm`0`urNw+#H&cg`CM?nS+8Vhf}En^5fWzE=>O>Zdp!23!gwg_#@#0r+T-)c_` zIu)?vyJpvJh$U@g*M9hI9Kw_wm`6K3>vr7ZXm#<%0_zTVsuIWLvuZ4b#Y4Sh3q{ef!#T1PV_t*41>h zDvvSN$WDeWuCML~LGh$YjGkhl9W1nIkxlh6ndXRPvaIb-f< z={NZc1@`P%^Lsd@PIzIb$$wpdabiAC7(kh4SEhN~nrB~+J|^>|`Svmz=T-CVFU+s6 zCzz<<(8%x`BVj!>^)2{IpfSfE-qX4B+` zdCR{03gR(7rh+SI}5GgmAEl&lp?@Z2X)~S;?b_Z6e^L z!jo5X=_oCPWe$$dgt|dw6y-TYvJ)ti%NR42%q#Q>%MdGVKj62;p}aU=QraNj8RD6X z>`6v4FJ5G)Ozj~DsEWl;ZCFWCHK0o%!@vsi9N)7Dp10C>$|%S1AEl~0Bk#&#-n|Ih zl}c_G!KGvAc{O6zhz5Ha2oiZ&5tjSs5V`#V{j|`SVw8l!MseOU=HV?xSnFJZ$k#j5 z436~|U>y=<`$br1*o^wsoazv1jyD*@1{jO?c~}JR80@4;%RMW+aEhj+L7JYsFg10M zrbvzcgM*g<(*}M}*tf7#taXSPoV%ui#vC_;g@=YRW*r=Q%YRUOq$HJBE`}=EiQ~r> zW14|~zP!Y~)i}>{ZnM*FUjgMOVWHv0N)8rdcG8Ltb85nYSWHq&F&toJP*6Jgj$N6? z3Nj?rBYVWTfO!;qgE_*GPMRIO{Wi?!SRveIzk*v`F(!y^-d$|34Kh0Mrj66fld=A6 zXQN;sW}s;q)&Z^m0UFZVH?Z8mMi^lli${N15#Mr>W%)L;Xc(B-;M2Mba59XoL>gPp z|IgSQ^%&K8snJ*he8O^g=TdupX5@>^=06dxZMb_` zw(pP3Y#E}{prP-rF8;xMY_o>^C$BW)Cx@#zbhrvQz(XtSlua45vZYS|KvJ}am1wc{h92#B8fg#+CF%VhCLRQK20Sysqn&MbXpA3l?)8=L8cC4sR4xQ!$ zE9@JruAw75VWmBFRM$`l%gThn6Q9AHc5dSSmG(rGmhsA!uy{W|veHh;TL}@+r(wLi zmKiIExQ5Kq9Q@YzBtqjdSe@CBUtAh&LqPbhtKAN|@j$oZ8_%t>Crw6@k3^QjM0Q$_@%622F_0B z)8M{3_^)(ez++n)c!KC?{DcpH5UXntk0q4Z;A%5E+>8{RX-J5Vq4T+Tu zm*n#Bd)RUg!gJaE(83cWO~J&;%WY7&bw z_R9QQWwv)**I;VkdFKZanhC@n{m^AU?=8ay9y8uxnSJZLessETI5AWm`5vd^E6v0` zb%e2QP{$6}p?SP^wS7a%!7F93l}FsR60z!&SA1mE>B){s|HJPH^ok87$B+e5O`;?R zhpyOM&w!&lbmhqEOlu8owqbK^2z+l(nsJ2|G#B&XYaP}8ot}+|Of}dC9){HZ3->l& zzs9~jwi`bXv@>Jwr~Kz@?1?ySy12%^+5Bb{PhD%@G71mW9$1UtO%|{V%fs6r;#F(y zcdkqDJdNjk^5%!h?^uN|MxEycGv|S7kY$%zS=^bDbV(r z7iS*Wu55cN_z^AD==b2EGqjDtTGkKg6Sa&tCUf&{`-VKM zqOH5yKeqfdCp>-1T8EI@J!JK$SSBoghjFZ7T~293-16rdJWJmfXF>;K&-1do?P4&HW;Jw2FCzk!lEwx>TG zacrb*{0>A5TRaeL)HN)DRF*+1PnKc`579xcDNf}M4%HH;_yQQtMV~nF%E#6kA`(j` ztoVn@u%Uw*hf2iBkdVla7n3BAcNlxWsO^7P^L_EGnDQC$4;LPp5n@=L*N7uTiusL$ z0qNALz?nR=VC7KX0Et(eS**vI1x^aYnZ=6;uiac>r)Q8{Agex-6D`j$ru-PM^gE}^ zw+~+67c16na`bW4ZKFlZlaq7UiZytr^U6lND1GX14E;5)xM6SlL<=WmEE ze!cJn>%nYLdLYGGMEIT$ehfXYXYb(y}kav!LFB6V4dZdzIWrqx9jhxNq5gfhvN5;lYbYw!huY# z>ufp2dnz8ZeNjfM`k8uSC%KiYXqrTtj6HDP)9Vk}SC zfS+J`NKDSzdl;($d7_5Z62!X{td8;@3|F;&Y+r=9ilFvy(X;^@rJo<*EcM0-s;Q2& zImwbRY_2)kgZ}>}Pl4?tczjrJnoX zaxTKTnQ(5G(LsMUEnS{tm(U^nnpM03KO*2aq+-}|DaxH^4V>SME|9G7kPb%tLN8!{ z!_rbApGR=yzIvHG{|%G@ZxT)?*EM7;^EMPa<&;nDAa@Wu%?ObLB`0uTz3n5{<9J|p zK`a);G0We4Ja?m=7A$vYy?PopS);rZxkr5G@!0b4rAu2glW0|w1YvH4aC4B?2l#2^ z;fKzlCvd;mm;!r#QH)ReJ(`w0X=Gj$tvN4x0ufot24v1Bv-yegH1dPGi zSUL}Y26#q4mXP88hK%A;D9?vF@8L5){kZSKooN0x?&olS40p1z0PbgyUX6P%EP1Y;>wbD)W;6F>dQD)ZRUG$8*@ySc;y|fjnn+hm$Bm+ zz*j-+DP!p^5^*WSKw@U_tQwrjmdc`BL~r*LAqM`Ek*qMfP~@V2vsRWLmG>g#HSy*e z`?fJ>Wmc-bn|=I3jXhT?rd!Ui^R zCChs%@^ZQFVLRmpDlV7VE-~3Pyyang=9vAm2-U;|BJ88Q=V5yR^qjaE+sP7T#GW}R2d|f;$|kiWaca_LJ2GFvKfEpa z1~aBi)Qv(td|II65%hV4pQGDZKKKaey2R7BV9o1E;>BB#^z+&+D6Hc9wm{PR_~|Vm z?+krY4lTStC1h0*`!a;n(l~s#l@RMa7G}sm`8#T{T|g0DijcB;c-G)OzB_6M6d=W^{1m z;<(r)35%kaEQ~HJAtC%$d|c#Lz3*Yv#BaC;^?M38-W3PR76&EX@+%yfLnA`zhdz$- zuxP2MW*Db&-A;YHcvm>GRO)lG7(^zCk>npQs$l5Q+c6MS>Y(f*L`o@l6EaQi=o*@p3f4uO!Bp-e8U7S5gA1jau&AX3w11=CpT9FY%bn^U@bI zT1Tz+^EbEIk1jEfAivgxrg3k;v;g$B`t-%u;O7WewJd)Trfef!EYoP4(SxQ<&X+L$ z1Mk7LqgbMgy@J;jz_sm_)!$)kC6p1X(jOo;4(i7?%kuw0+ZOyqftD!TFX3;$D-C=M z%Wvj&%8h8i9r!!qq~nb1K}!WPVt99&k;YRRZ13nPNQ)~`{5Nu2TXv@e*UC&9rnrnv zku+#Qdh4+CQ^V4DEZn(d`&Wjg@viwb@Q}Aj>N&tVX&Loae~&23cQ9$b5KM zdfTw{SBIrvf?`{c*C+A4=`P1OFuUCuNdGL77R;LOMbZK={}f3(<(J{Ji9^XTEtlfR zTFyEhT8aGF3Vag+N0{;G4$j#lnmEX>ku9Z%tg9drYRPKxFj}mT<-LDhNZuc z_HD?kmF<5#th|@8B$$b*J}vSwqa`0*vV#G}#y2Bb>>!8+#m?oFM_-5X9^}-?@@d1$ zZ^i4q7zk#&EME{Q7Y0KwfIFAOcc`*r37iIl9+`^??bv-A}qtZ_^@c>9CQO~ zjTttiVlW@4UqXH9YhvJIr}|K}TeJ^~$$8pkROpuozlDf1eMk?;^ss3s=54%pk4}|S zj_JiSRk=WzCF_&=#N|jJ2GYr@M23>U7f7E*{j*db`uD^mSW^o!5*!2`Ohfc*mMO*z z%7+=52c6xFKjqv!FgWLOI`pg@mfnc^9q`Uc5`V3$ob1oD!<9j45aV1D;WrR3^DJ^M zNd*6i=)>J0xKyTpD632F?D@s8bl~s*D z%GiQR6nSKN4$@RERTQg-nbUp+&KJv3E^Q_jUT6_IjFmPMTO+FBUt&;<%h*69!%1tu z>!h_rob+>%`U0T1`_AP^EcRNzi#P6vmG{BL?+1Zb8N`*Gvemv(x#sxgC=-`M zP&_!SID%0k35ee?tbFsZ^kc))@C)}IL;uDZNf8$6&Lul|fw9VZ=%_-L57TkHwtCSl z{)1udKSPWr=-rZ|Bp&15xtujj!YE1!|1UGJ%5pB5)>bWyEB!sTFpzKv>0@B1UZydO<@_f*{LwH3SUr9TDlvtp!V>S3Vda;uO^<*hdw}vJ$0H^p zzABtkbb-_1h}pyHqfGFxbUXs{FZSTU*M#Z~TQ*hU zYeXBjpvJeKu{#s=hk<c+*((=wT_Q_*8Y>Hu%_;g4G(R4 zlxMfv5Atud+8O3edB@*twZCUtHJcvhEzj8**2d~B$2*?0Uo(Seb+j;wB$XoPZwd?* zfwNq2sSB>c+CbH>!L%-66VtVd(Poxl`d0ZZn5q?g7}GRhVILO6K1~+b=r{uVoJyoL zyG#d)voUO^tNMF19Oc0}MdnB4x;}>kB2@jTZXNYBY5@JulntU?jiYlg=d1iaEg_0f zr9Ov1>w;Ob4w^>3=RogDt8Y7ansmpWqdGpT=d7v&{ymr*a-)F(m*?+*Z3zz{R-ep| zg(2P|^JBAgcIMI|u#GY}%=Up(QtLnrhU}~22>Ekdy6&NrMNL5hCIEXF+7r5Xe zJOQK{*I+79Fo;;7;7%9pB8X!8M2P6ua4_z&PQ-g$aFPqoaKSzoT<(G^v1XM-#Mf)F zCv<8x(fQ6oStk+16{*00qe&F9U^FD55Yb0Il;Mo7)`5fRgC8o0@aT}zB{sE(br9jv z=xm9?+3mvLqa`}J5BiUEJgC1Ka2+I}BF|nI&;(uAj4!xJq}O%m_>I?HfLB)e(Dw=n z)3-b#Fr>0dyn>0rT=tMLep%CCdX zDGnyLyD9-`q|yb=*%YXT9*3c8N`bC3rC1y9lv+*D6xf84?i5Hu+0B#zT_>0ZQ7BKB zmZM|vrlEsvvNMXy*QDTbJ%goz8>OZ+bo^CSr(TbOv}RWw5D}?=QNYglOZVu4bP%K} zrDtG$D3PZ7wAj|9eUgiK$*4t95EJ zWB(>Qo0_ZZPp!~IOs&$~PleqmA279DOKa*eS6fIzNSFAZijEbf(`*+ENksCqTrjv- zL{CF!5f~gt;3F=$Q%iALuPgr&Mv&rodb8$!dXE-q1~^v3DFdA;Bg)vL5oMg!6IkX# zOvBP~Wi9~>hUm&f+g2&XOth5~UXW#i(tWaE1}IgX&A6aDn+YU}vza-1M9f@?V@~P} zJK~vZ08?jxvmgn@SXMh@&q@3@f*IwkvI_{mV}C3g)X{R7uI$TtIL*q^Q*chZZhW&B z-)@)nZ!XoH-CT!Xe^h>x980MiG%es3lsEu8AlJDV*TH;HXLfKJ9|hSRtJk(7K!l&ZPCSdFM6J^NV$z z`L(+3{5DPKe6&?KDc*a#^8fQ87G>cJax|q2inJ~l4Cs76xKRe{&t>d&DJ?&kQ7ZFa z){-dn>b8ZzuM99)Snn#>uXR%h@hU_MJ$enl5CkdlF09pU7oxL&mqaXr-S`z;q78ge zjh4isJ%V9p{4F}HxnFdKu{TuX3$A?FgqnmvLxlSxbfA1jQMK-DG1`7t;#pFq>nwpP zl@BPcLjMP3rQ&AY@ltf~rp%{6-%4joA?gm9zYKNuD;N}o6kMqt&NATq50&4+*ndiR zd7|u>_+MVGS3b+ZL8Gd)Pa|D^nz7?5A9m0w;gSTsA}Rr)J7oUtby^*_hqS@o-lOyH zNW%D6I=kbNF1XXHMRaGn3odrSAV}@??*u_g1*IMroU7GTiniaA#FauqQUyV_!e;FI zvS0-`Q2YKBXskL|(WQx70S;7r^_6I=&I4Au+OCA5DIKporfq0tx3-~G1%%VFKenn= zQ@yHI>wDE%SN=tvUsj~^%c@-YO^78fnJGJ>=Z-RTyjte3&d`2hb#S|OtE-=s(`5@P z_iEj*M#pM9wgw!Zkcid*(RKyjoYU0)ck22o1{fwQI_19v!lF9`C%byCAu4iSsUWrntX5m$7v+|L$V+uU0sBH_I(C z!!8y?;BY`(cc0dc@3{lN|IvJp>mJPg6Ce!%-{;E5(R(Dnp0OWFJoh}OC4JBHO48u} zp4VLkII|Ti7O3DJ94L#oZ7WI``1YB>VP<#>4-;kMsT8Tyl#@LGYk13MARWT%T;HtCTQJ!Ss%ZeuA^lcNecw5 zyH~bFesEniW51BptqWZM z!>f7Kp6giF$poX+U#%|5$AY_rq?K z?(YZpYAD`cf&M>{9o&y0B-ZT^=lu`58q~QO?9*=e{=-@|_n&pu0mlmGml8BHU-B~c z-?FbSRWtUn0|(icATDJrUjot#vQo8QH?D>X)UbJ=fU)1nIuA7KIsO53+$ZxNtkM4e z!EPm)o?VeYpchsOntOb!xzwnrv!{weD+9$E&nd9`9uA&l1t&XY`180$i$P+_nt;4WDiB|6)id z;jm$e9MS||)b)d4KGHbQ?t;N-1{p#Mk#8YnR~L6<83N!tZCA=HON`s5&Ef06K0dvx1fAnGldziXdv zySqxOcsJ?`71Q{8x=8E$X>_a%?dc1QeJ&C0$wK+CZ^fUf*L%We zj%xhR3}{I|0|tVVW#bl`vHz7YXkzqzhRjL;$R~J)2QdCbKE%utWIjNaC}9xBys}Om zV5pVqZ)*aa?7)rbfKwefK+gv-WKg95GU4uLQVT0?LUxbYGRVDwMc%}QmZ(}2qyxUm9oxr8eLBQ20t0Y+ND z)qs%}a1CIj1q^~2(gLmnT+5^qqN>vV&z-sV zGW?T42Sh;`6%_;l6?G8AL9tM=rNX3^3KLsv-Ex(Rw+3cVYO!ToOx8<$X<* z;=4=8Zf?XqvQQIXMR<+l8GdCM(omHB<2d(YvFyuZ(HJ|CFxbIx;~^E}V_bMM^y zoO1#kj{rAWxTyoU*}@NA1a7f#Gtwx=I2ljA*mC@Jal8TeG{>lvo#mLKZ~83kXODwG z|kQw9a_+G?!~3f{Ff zTbKfOZM_zzAYE}R4+ZGj9aegLE-?N`4h81gD=kbhxAtuu!zgD9g(=WgP2(6AsveG^j9O)3id9v&a|{L44vtR(ALkezQHL#@2(M@^3sWSiRs!sY z))W@1aX}OUs&PS6;RSl-PnJ<+r*^@@6ve40S$NucV6GemW9n5_It5nhtrm9Y0>cQB zL-CP%AIC!&L;6LFnBhX3bBkxx0ax;LR2l(AsPN1(U~@Z0fSWjmj964oWhrbewvXeZSi=IE(h*+9CTv6d z6H#3Uf)}8$unD~u6GdoEIL|Q(#BnPr@G7ptO26YG@Ky^`Kvi6;g|`QQPg3?-#q^Vf(q|co2bQ2V>Mg{OLn{FObbOLrvNHz~C`ZUI9y$|tEtv%{Q zhsU#Y!BWq{ynT1=OziCG!ESO|)inW}&NKWQHMukSx2h2l!Fl$5c+cd{-q+M*P3bp= z{-`F;@8jD9)a1L(ooD*7;SjH`>FJ@Z z5-vLUE>_Og-B4`kZ|c;A%27`>Q>;ot*V8xWi3x00juK6~&0_n$(e($JJ5Ymip3lr( zowk35?dNgKQOjp)LF_=_sed2clo4QiXN78vzR%PmT{-UAjO?VpV@2qI;rTmOR4KomCfcEQS)>+4q(D z5FN+VS@pFV9f=j2TW#9i3QmNwX5Z3S!63gaN~7o8{Kw7Zn4w#R)x!5Ja< zV=u--*gya-^v|M|)^E)2ER5Gyss6ruu>Ap6wV%CbE$!inRr0G;?>%do3VibLZkv<# z?Olc@o8N|g#ecz)8g@Tr?HK0{?e^VEE7e&mX=!dfv5S?8dT`cL6SgR6EC?_=w#M7v zI0L)k??D(H_T2GzB$Z=Des0cwOriiW4X?at3MD2u%Nsxd?U%E z-!yE)V1LEr_uXf1-~vG?gzcPhK+68cMtpB#<#d2bePg2=@|chhIkYcEVXDvWDY%&x ze&3I7vh0-7RPY{i;wdNdzl&|-vHyPYql(89gtty(n~tY`ZdS(kM{(yEOer|0w0jRK zG4;#eb?weTXTK30eGMy2eMf0;7=72}xsNTN&3v%Cyo$B`4#>iWUDlp^v_`*vI(WW9 zp!SB0TSx1st#mz~&JNZuTjnzNHdq^AaBDwy!fgqBptRyVA#7TqH2dz)&u+yIWUW6# zF#BsP2KjBsZ^s^O9gVjtL8Lp8?!qpK<_?J%f$qoB*|vu6cU=uH<9G}ldbM{kE2Zvu zXobz$dJprL`1b^<33}kVT{Kkdi{5qRZ)69_rL;d@{Y}`}Y7OhdP{!71%DeRa{2JDe zZO}Zztq?f0Y>>7#8a-n+9rv8aY`W1iru9!MPs9Bxwjpr@p0ORyzsmM_;C4U$J%m%Q zUbQ{*zpQ(fIRmdVSKu>j1hy6%fsL~cyDZR#gTI1MH}xCpT-fTPWY1#dT|OzM1@2+u zU^D7hifJ4SAj8P0`f0G12=9-Sz@x93Rw`sAF=AiH>?Cb&JZJH|&6;6&(D#jTdy=*^ z;qe98tv|(v99Pp8g*FGo^`gWJN!kkkIkN-Y>3{!o7j*(`*?y$p1LYibrr;@MfHVm{ zsSHpLxAyWr{T6Kil7n9e=*5+2H#>Uo{%P1T+IL4%dBq*>B^3?MWuz#!MT^PDraAs| zD_uF*kO8!F<2mOtR3GDi`EyskgDGoYJiuHpE@z3@D%0u32}tM=F=EJAz4#I~*Sb_r z?Ht~|Xg?n*Pg6GudwzN6ucm18?bBLl&s3U#eZR-4L(gFE^#^CwVK%`;{`&S#b(%Iy z!8-T!>Duo2INxTLSF!n>25TNibilxLZDYD;&pdlsVKt`j&G<=;ZJ^4!vHj3I`+Drq zVn_c=!?#*?kQsNUYKt_LRd4oo{vlOMp?z;JxV5sMJa4No`etgmlPb!tzjs0QLS}t0 zVtLtlotd+=X8S~QZ9c7Z7JDIF-}$>aT6RoiKi0#RufclQeS0gCRPCzR2Rf4$X}8*z z=Q8W##1DWGj#Ffsx%iIAim)^{$1%o<#Tqt856i0J*kueOYlb^4t6gOAZ`3mJm{GPw zOQjn_^P|F7w=L1~XXNn&Xf;V_NwD2Lr@x4om?XLK&rGWEzy=u=tdT3aKu zRIAXu;CGF!b)D4thzHBlZr(l-Z1`OtdA9dPs`b2f=J;C>DxhffiC6p9=5n~XJ{j&AHt8-SkkD3Gn~S$btz~!r^!0= z!wdWa`CE~|^CO}`H-oOT_-QrS1mYj!^a{{JVfNg+OsETEyA1jaXpfcen2d1)63buAe&Wag?Fyse~z#1AG)$CUfz$Eia&`2u7KlFF!X{>=M0aVrSXpocpCX5Ah}(R(->AMphbmZ zYzh94kY66g9|Bz~>B!0WSuwF43B08!>U`n=Xs4w>^I37T6G1vj}opt;sjC7{U-d_Y9q0=hYjhK8;ap!x8P!gV4c z%{Y&0l#_<5Sj(AFjoc1vHAmEYIH>3n=p&r|6gS^Nqo!E9n;v^%&8pc}^qbZCkY*S` zScgOLvJhkC-)Sb}pXKUkjQQkaAi1s44}m77cvD3`1)AK=`)o9Pkvv4jxjZ~nvL#yQn!~DOQ~%h1 zgARhOw&)4ytMEG>YH~UUeJvvw3EZm_t^z|ajJ^?%U&$dVFR&A|3p6)q0$ONZ8fZQX zOy~gZ4daJ`^GZPTR;7I*=4}Tp6!<4*g?T|Fa0TKp%B_#(@inD5anNjJ2M9j*J|y@ericxk8_JvO0>Ka zEuWK)v=&RQlXNgYmRu+5$)WP)JRgHJ7ox=&a{dxD^)}u!oUef13i<@+$7KQopFU(Q z{(sEa0%}@rnDY{7H|TV$Ks?wMkU&90xdq$N>f5azAD@pr^J6I(zZy$L2azA-`Q<#D z*B5^a>dy-x(Zws+ff=L?{nf(@)bpjHA|HKm2?Vk>&W~wmX)W~a=lsW!XMUXK|M+e^ zCocnR<@{)c!U52{CF1E}QsH?doVOSz;%oUC&@r4|0J;yfkJHxzn;)x!iQh#CaXAtM zzX7@mG;flLzXE+Mj7H@}@T$n4m05_qppz9LVlY+ccC)^LZL(pjdgab$jiUiQV12#Xr z!ncus1POVTg$e%$bU$eB(!@y6gP;Reexe)L{E%C5O@J}0ssSwiojbQ>Z)WQ^eRs=7 zEaB_?`x{c+NjdmRIUA3@gI|meY6v32VBJHLr;3e+bep~KZap@s^Ed$W4JAh z2Qt?Qp3}IE5V%ibN1pY<*qjj@$oLj#a-2tZ(v1nn&6oV9>k`mp9lU}>qzENwHV_pj zmdK!y#5UY55iL%m1WW+}4V86n>iHsZdr_JT=U+sa5hl{Zz;iLv-pxn1{J{r#=jf z3h6WTkumINQ;&oR?UHRXwMWKTOob9+NzByqVff22K`hx8hEb7ldot!}p+qt)5K7QX zx}S;=DO#N-hFtP?*-MiHvSTKJw0f`pc{iJqTwQO0XegUdu1#59K#It_|$=7Od{(c1*>m+{@x(1(P~=_yjV=`fhe zQvYMqo28Z0dvM3d1*M`g5l@$zCdYlMR|bBkLePH-evFQ>vKM4ow<^oJ;T17|xZ6>` zh(dCsVlhp+&qyn0BuTAjq=%)~gyA|_*$gz3s9?rm7!N!ujG5^aJg|Rep$vtZ2|*%E zX66xDc;;EzW;6R`wE9d;GNNf_UXuK?Twyp%;xrg@l6#BRc|9ZM|Fokrt|kp`6w&0f z+vVglJIpI{+%m9y4w|Ej3!PIXL#XGVV|I)50T~572a5LabpKpv`WsHng-d@cFsv8N zF}F)vFc(S)52eFfFL3^OPBIU53kM z2Be@&C^W_c%Mf2>elmMxlxt?6oSrjbalhcXh#N+Zvr1%?Yu5d!-<<#9g{)nC{wEB# zi}2Shw6U;eKJv`aR#ZJdNnUE_pBM}JWb=DvtY$Xa{zG1IHY)zBz*Rf|jqJ~^m4dQi zrMQe{Uy#9|ISyHIPKu1#&Dko0N^_c}mGrXxQ(jpPyk%Z&P*)C&`GlwEg7yo`a?_>I z+(PNb+Li@YW)MKZ6{8v03mBDRTkJii_657I}qS2(SE)nEw~{%Ze8{8T*0@ zU9>|AT|}Nx;WK;|1*FhL!&2y?OEPRO5B?PsQC^*tpVulQ-}3xja$!K;nXtmpS`5F% z6QmN0>1xK6Sezo2SX?SATf9|Pwip!)>ldF5xoUp@b((3iVtgt@q&0Raoz- zl8Sno82g%6>}d%r3y+FBB8ngp3gx#6Ps9HFL0Mo~a~M7=3*bDrvBHHeX?-F3foP^e zl+EKx6ruuQOyTjcvQTIy=UI-XdBHD;pzH_Bd*rmbycYp!f@ehDWEMFX3-R=#7{-1s zF#1HZza7PwU2uoP8Fnf{_ySy>T0A?9;hr#FVnnPTUHR-BgUUU)+Acx%FN6H_8N zzZb@c`$2Di7=|%OH~Sweh6Q3GDux9==7o!&;lEVU@mS$m{zHZE>pa~9jQPX-0YmsN zVf^og@#EIs{KW&Kia+7$g#Us1%?vMy&v^#$N-t9qxe_ZYnc@_^0E~aa36zL_ zU}AWXf?!OX1nlHE4H(Tt=~->S$TRT?V0hXLFUlGO;kGj7Zv{pnVwztI40oHD3TJUl zh2cIk{VZ@E$3wtq21?I{GOUneQo;+J6ntNWzY>nG#d`n>TQxJPkWt3*cYw<|-m$NB z`{d5ewOW3vg#znK%|AUZg%1wPJkJMd|a2Y~xIhQ$um z!jn9}yy8i)%)u+3bPSkR=7N$ApT$qFlxR~!Qpiv5lN=~S1iedgoa7jaInHu?0(j8E z32D~QCjJEQM&?=RiPgY09A5%%xA5d3aG!;z)&V1r$|gez#7kPixb%J~s*q=(vZ!*7 zp+FQDO7DcCAiyjPAyG#yJPis(!#YZzdm1=}W0Z}~<@h{siG}H1P;@27DQN%bZJdB5 z(JdT9>uCIuPx!t}l;dYEGudNwK{9(vCclf!R!#$BX2+Td24dv;rFv+C% zF|lnNBi$d{WfAn^B^HHz5j?C;`ls1s{H=I6>tAK+XL$>oY+TUcl1mc2)>2(IZIihrWl|gTfObj9Mys{Oo zz$H8#O2^k&*qaO7#4#+U=ZsXAURlKVShyJS;-Mg=7gKygJg=BuQ^fO%i&5D`UNOC% zn8+)pR}&MtmGoL-BFc~;dL=Qjn&T8;c+X6SLK9KBiA#VxIIaOc&e%<6MjeP=o!d5hq-raKcAttV z%4_sCXftgaalT3e=HjVji5WxtM2WG@ug&41v5WR?`pIN%(V_)Q z7n)J5Q~fO{X5Ikce>x(iV_M;>YXTHk>(`!8dOKSJh@VWTEEo*!F2zeI>)hVai-9i0 zl{$85Z$u)n^-vlfFh6OW+ojFYy4BvmK||lIt&2Q`h`vpTV|&uLX}6X-`xc9&h%_9= zqk5i2R){$f>J}5g`LraxvB)^MTbr9xgpjW-@0qbvIKQ1|p;#4D5yItYEJSfge!fV( zfr=STZ(z6j``)%E87n?jBXRH-QxWjyz`0i+(YaTMno@9FWm;gf+O@k0M>Xz7XFO;I zQ7WElR!K6<$kPV33+cT9(+JjN8f+dtJ=%3>h4Dy}mRiuQcIB^SjKURtua`a-z`okP zS0ieL2*lR)1rDlRbk1>O8UjT#Sk~Sm^*D~YbnJgnn|3v-Al?AJ!__DVK&GF?>_b^I zAK1+A9(5AE?@1Pez%v!c4E~u;gzOAHsKx8?_a@ivrQanoy{I!=dL&nJvBe(b4U@mN2zoklAwfVuHhAT=^?Pqhwxv zp3(3Ke7wjw_=q;yzjJrC@9yNfiY;o9Z|66zz+Rka7P{ZHaag4-Sd@m;-F5YU-U%&3 zt#GVLwNqQvr$^*LDgqNBHG!nk@wcJCp(x}{T9*xtY-DsJVvdpC%gZWM7Ui5m+oi}n z)BG8J6-Q#MezE4c4UuDo`f;3B7PSs4WjRlx19XQvf~OFyy!i>^yFb>Z`_Z!GRquh( zyk%ZGf@(Aiu0q=Az1~MgDG;%&e(|B_C?N4Ma@`81gNKn@Np3Nn6>KnltW5Xip+hV1 zlj2Fl2<)_a1L~t+42Z0SVK9;mLx1if8QkFG6cw#N*rdjSKwn(m(&U>pJGy_&2pE=TTIKZjJ7F zq97C+_5bTB8B2{Z+Hq`rb4i z->YS&LKY4(&O+xJt=~Y#U3T-f?ZNSa1D)shB0Nd$EjVZE{OVD}>HBRB8_zik125Zl z1>Uzk)Y`}{wH{Jf;DGI6q&?DDk7Lq*qo}Qo3J$loJ&N>OkROA*+i;9xZ{u>?{=J*n z2zZ>}y$L+GgEs{{Zt&g-zPoTd-%YrBH0{MPS9>=pNhotK_|w3b?w^3rVHDbd0$HAy zZJlqoX}t;#=sLPzE5d2(pYBKC9>gBB-4f_VmFH}?qq-!hi7J>I2WX~|8pyvB`FA0I zM`IDhH?nl(XCXfqvEO;50(ct0vkN>AH8#MkMpg(}9`Jd=S3)X+=V9+Rf{2xA=aYiIc-^w;?F{_P__Wn_53)DSH*>4uouXBK@wt#W+{{Rw%H7?1PdY zvUKp>kNgJkWg$Noe7nG7tZ3IJ$J!nS`3T5IQN-BXuBE~7=5}p54F74ncALK#7c77B zf3zwrjpCFs-*x0PQ7>j~zJs`YKp{^6gEh!vDcst3si4mH?jkd$pB4iY1d&&bJr^^) z%zGHC5^(>5vemm!sc8Yf>ZUXE{0B;LcB7hxqZpkyHkl4ob>rmS5QTL6*M&a$h5xC) z*Le=o;QZv!6LdcSfmn)D_E-^%#P|9a8(1`O6jmmfD-s|)3&PXGglFMGeu4{6$51`e zHe=L5hu^*Y8|Ap~okex6igKwy!AY<lgWeK=Z@elrcPz{_a&1FVVeDu^aeVQt4YQkZCe(?@l*#zWA}@7r(oZ2^7$-*w~4aL?FF z&66&>?A|>yl$6XpxKDt)(s3)I<6i1|T%O&aQ$*qXP09#A+K?g7);tu1O?{v0%aSY&RyuQ!9Cd1 zp)Yt|JkQJBxCAm*zgahHKf90m%*GDAyWyi>*Wod%vT@;`yZs%n8|$9Xrr8Q+7U52spq}8_q)_8>ACCr&lTT=#(uR+JT{kZG3K}zO3H3oVxwD~UpV<=YLLdFj zY?-^PmI3{a;psq}{Yyqwhc+Jv+CAK%EzQjT`Z>?1Ou=OV^I6D8KJusi!8Ccn+nRZ!?BEwB)7b{(T-=mPLo0`|7{#!Re!+T2X{_r&}`=!4!NsEgvJxk293(^Nped z+MJ4TK9oCYjwtS7Y4@eG)E7+;hxfU|mrgXC|Fx+a=fx%BQn2&n0qso%tFl_2)XX(p zN1ue11IF1WwSD-i4r<>eDyY$tEu-gOA(ewwWq-{uHtX4DV01 zrTD7*skSJ702hKiv;YmGB?ULN14h?R5f_Dek6O9kyyUyX97}x|$OA^}QEi-}^Hx1j{vIo`tSIGIF2Q<|421S>$asg3oGhqxV^qK53-< z9P7pcM*GjT6_E>kK8Qa&+GPy>T$>#KJ##S}<|ic6RlCh_9Mje%{72&q7PGg&y!TNa zD=_b+^Ng*>v{mspd+Kp}(nyQSMmORd^z}y9G3^Hl1E%}Ub4XcMKtU)nsbBdEEj7Lu z2a>D&=H0n2^!{q2`4?IyR6X$vZ3TJcU)PR#1cf@)=d@&UpZk~EEXuy9aF@`;iPNor zsjWb68_)gXM?9Biz5(ORFST_GOl7D>Z#OOjTp9duYC_*)yFX+x7=?*Ghy5AP3qt~+OL&?{m+}Np7y*pZ=!NcbX<&qBc|-?=d~LqD96n;K?g(I19xJ%-|6SIdllPo ztWo%)wsgu{mLW48Q$1&q~Kq z9p|1IEOJu@i+K#+G|8qmc>zp5Nw%V>x876*u9>W56D95ayKcN!O zZ?FRFcbGTOM(aX<{McyvPwiW)2XhWs7bM(<^-;x#U^?ARK96rGfs=R5-yr`VCI0y@ zQsM?s z;7RSH_yJSZk8w#bRsF+bM&EyFcTXGee}beY^fJh;Xi|%gH{v19!I`+j|FdFL|4REI zY9IO)I?0WOVJQ(fNr80lQ?6~6R z!e|$*dt4Vf_41)&{1kW?&%qDim(t?U=(1`&{lm?&`SYSH0>7j}zEbAM!{rda)FL~u z6xIg}J2W5G`)ZpLymS*n;_-JHS@S3o*;_b3tw0#GLyUTEiHFswB9HC6WQYo#gSZ zm(ZIMgP?Kg6TK>NUFg--=5>M=bE22+Mfqj7U@SDhf>yc1IQokA5oWQL)7npOe*dWt znR8hiZnRgx@_nTkxtE(VpTtG~0Q0;!!fe5l%+}EKRGp_zp&qa7{2No?(TBW;FIVBY z#zTH|Bg$VFdgT|m0(fzQ?|$AxH~FD6#^5Vj!scCH_h&wC_WPvb1NtR%bar2MW*(sD zC^&$89+skZvs}!Lg&2GR@+Y1|;A;2TY|Dz#G%ezZILA(~LOeNPd;(;74yXBG*4enr?T|h1HAx` zalUS%YJ9biqn-XM-iZ0VmK<4?`JjT+)xWMVa({2mDy_fQQj7a`e}o@Y)Tk!&$(wnv zbbDVOIeEhxJkt2t(Q^M!aJXsL$kA;4AP#=WT(rEfc)vPS+&$7}4F6u69O=va0iz`%3s$eYmVaQzUnc8$n{sF zU52QWqOEN3XWqVUbqJS>E|hXmTTvU5Gris4-~!L+2}7e=bkQSGp}f;y%5@JN~2u;$Qy>A^!Y@Z^~~Hhx9=pDah~jnDz| zZsRyvdz$*GarSjB*`G_j6B7XMHD7L}ijmD4eDAsrH)8cIB*E%d-bWVEFyNQfDs(Nh z^;gHJ`K&H=;$zh8%CEp=;_eRbvOu=}uEXo{1tG^Xh&i*zc;>7YKRbykLZx`pJNn|f(B~fS3!nE`)A_{FoaPchUR~c>pjoaE5v+ z{CM~`6j9F_>YLiaM2#nrRP*D;J6V^J8;#RttKY@eJYTB-)mXg$Wro4D7#Kq<477^9>Qx08@YUo}QYA8xlhj6R~y?0*Zo zju^RbficCXcnif!4BuOri0X{vZ)uqmj#$;&=ycoC)yB17*`^xyzreTWjg-GYg3~Ca zuR^2tFSw=f8O~fN0eu`ns@-J_{RNg_Ylgqzf$^_oooEQUrSkh%t}XC0uJFWfdW^aydHIy=R5c}+AnI*D0@ds zHA65cH7qOIWoF?_bXqvdwBj9awy8QaC#qTi~v8Ylx(xEPiDULZ3Rq=zQ!mR0=xC^H<>wvxB8#sUT0d9b;%47`VoCd|}R|{qJeX zn+&AV$BsHNN|eLED*l|D{sl1kOVG~%ldb%mV&x=o7XBu1{#Stu!|2}{zW1#{~Yfj%fQoRt@5*XUCHmapT07|4!b8&$L5Fm+1~?A zDhv8k&`F@rPBcfN{hy%E1E%l_E|1AG6;va5XcgyI(aZ^F!BcLQ$8)$iyd6z}0G}m5 zy&9pg?Ihc(K)rcPpb6CPV$>sFEGbjb@smj4Am>N-pK=U6-p%C&&0_dxIbKDc^&z?f zjK2v_06nhdRd~SqZ~?%x3|w5!ascA+W}x0_%1X9?7H z;-p!!fFEtAVY0D4)*?C$Z8~iPDSWA@)`>+1TS1pv7HUv<`f<>F<);P(r(XcwWaaDd zaOyVDDg1~_eF_qqr2yJdEwvYP9xt#4lM`80$>|$GSApKf>H9EQm4xL#ia5+9G+8ds ze-e`y6i|{ljZSEO{M=$4v*&C|;cHLz*FpD#KFt2hFfO6?j zK;afgBqCJChv|Hn=Vyc0{8%22C`9;O7ERx^oS_^EK?vX$MT~2bi0@%Gje!Kg-v~MY zns?HOHbknR?})Q^BZ8ojCYmGyO=NwnCX9F)`2(omKEf4vYaD}|PRwBw@vkfM>15ix zJ}At`u>;e|l2%w;X~}co#S@*E!MJ?KRaPjjIAPL(CM>8#|FdxyIxvii(&_Te1>8GU zp$QyK@IH0Q5^GpF&~R(_H|&D;{o(%URFcJO9ggInHtqALcBF^SVp;2g2FOIV0uI=1_2io z*((*IIKX8*9dUqT%@GBeVsB^){VNbWN2Pp!RF5R0&Y(LBCb&)rjYgXZPei9l{^-0g zToQ)E44_?NmUEdg{TQSiPe4<`7_Xx0@1KZN>4`%QdAwjafIl?bMjVM3wAYMwqxl^t`^b5hQvZYgIHEFR+@ zl-{MdQBzT}-}S64?0P{Kb`8kF6xzL(SL}ik!kUErvTVXLvTOpHRaBf1)~pGih4Fuh z@h^I8qC*x)ER!xu+$OD0#H1>`m3Y6bED_BlDoZ>q&yq|$D?OA5V?@(TzH>|tPC>j& z3QF?I9-agxM1iChSwT{pT#r5_M)vS2O=0Ona&7t)co&*@2WKA4^!hP~EsHOJrdGC4U+uav`S zdW#&>(~pE`K7O$GmVxI(F2Vfd_^S5gNt{sog8?J7na@; zmVQB|&tPFVO;#|YIxM|imYp%C5bU4P7sfOq3(qW+y?16nT0awo#Wi9khSnIy?2NBH53rpXI<`DD$EC~7@ch{`*(xquAEH1BUrC}JB-Oc&aYNY{bM`ZK@L82`e zoDJiFLfd%-3t`z9hO5VLO&EsEv2--Sb}|1iJQZL;D;@QUawi!R`I z6jvfIiH#j%mX{_ErpkkyI>CeHxS!+2eg`7w1W_%oc#Gl2fJpC?c!@{0{SsIv?gN&b zk#d%TM_f6VR>`tUPf83HQ@%O=JaCJ+vUyI($tS-=7RZNkLeczVl0SbyDzPlgm}NbZ zXBl{e`~s(xUqJW&!pcHeIhR|!+$}rN@=|$}@^X0PHo?;>M@P{mxt+&~Fe|-KNXYlX zWYJ9Cph$=P-ixw5ic>@eZXR>PFsv7XXgz`Gq{Z!F7!_~g%B>8Ovl0e~vMX!Da0jrM z|5x_Qj8*AUC><6krrTA=Wyf4~LGqV`RZy}OuRypGB~VUOTmt3BFg)$$JpPg)nX$S` zP86%d3as3dk(pR08lh4)VvgcpjEO|;TZ1z941{DjTYXV^y z6+gf$UYjP<*OrB0cty-^Yf-U~v(6zaD}&7YxSTSyy%@S>gQ#D0y0Q_uSIqhtIa{rF z$@S&yvn2m|jE*02q3dC#nBCS_$~{QdZx7>##bf;NoXHO**?M$@9~-Bx$D4?6uTx_D zZlpm5E&X6#{B7g72Kb1D>0v+XwJ<&CSKJn+hx|$&$8d}S$C4a+wlB_opy&GZP~1$1 z!xYFOOwaRe9$XTLpog@!YAeHB7}IKDdX{SAO3-su8y7^+P;LF3=R6+dG7Hl?5Ia|n zo|D?WRysW*wQsjDJs!0OEsRH@c&c=Q6I9@Wg{K_DFKk|zo-V4@RysXNRJn5W6jAN6 z(&-7J+RHIyh=rA@+ki<~7)cKewL*@;t5p$3mvE~f0#*h+Db#`-p8-B?VR~Yy4RPFo zS0PRd)00D;3#C^c`c^A_)&*cLhaMK{FoKkz2Zj123)4fw2x@=I!21#N91j!M0{g6V zdQup1)WY%9mc37Am+(mLh9w-yZ1?3N-bGr6c< z3)AzrsPi}nkSd^uZ_!){dhiwv+Dxwk_Hf)z3!{wIkoE&5Xs(I+E~<_j{)tzgrSw@V zqSp5rSw){CcI`J$3(yvN@;!Xl{<~v3y*540j@amOO%KHEnPtBT0T#6C zVB7vfHkU21+4x4&XW;#4imvBG4vQ_FJIi%_m7@I4Xp7MMYuaXndMW0(5H))SSwySC z@;tBN5a|zD7QP*gvk=>i7_dEd`%QS^UKjY8xopGS{U3pnX|%mJ%CSAE_M3>$^Q!Id z&8HAj{K_H(4}9|ziZC;_I`p3_TMSpEem&mWZjIF6#76jqQF^Hohx#v2{ihIHfZ%Q8 zpGA5?THq;bX-D%pEUFx3v4^%`rr1;IE$%{mU^Tte5A_?zWA$Wzfa2t683U5eB3#_s z6&wqq5U@QI@H0pL3gvS12lkt>HTl%mS1x};dhWSZxs=mPt_s!VV?Y!_e?+1?5LwGW zN8vlgb4q#IciOaJz8Nidn0Zh~S-u;*@JT7$)&9zDDuq$iwSS~ug#^nfhePRmim;Xf z!AID|e>)=1y`;!J8E!~wFklKSgjJ{@w06R zY}I)5qsvom2Am~9mfZ}VKd3YVtHs^Q5XB)DA7sNDUyB$mfNI&1pkH8xg@eYjIDJY+ z!1DnFQX`u}zd2wDWyhX6WiQ|P8ndm39mR)j9>W)>r_Lt!LSNHoh&Lr2zS+RpYYwfj zm-}B{>neT$5wJaA-Oxmm!&uEIN^~zbSg#{i?{iA6h@9lX4~oonOYnU9Vdm0ca5GH@5#Wc=zNwpW8lpaUcL}fWmQzgn0RNr zK6ymXfUC68OhF3wN%?85)V2H1w^5|GCMj&3FwWgLtQNOc%Hu5`5+tEHt z)aCv{YIFFN+8v^-wzt}StSlnTnoPgWCclO?!N|=d4n|kOn5|d~R)OyrBX^?SZ5#QC zF+5S)!Mf1(Pe2Ny--g~G4^pZBRRh*HSTzj&jQSwPOoua=w#dcHU zG!_%+X3?#$V|mWASeo*g?Y6y9HskuK`pIb&%$M=hAvTXnQEZX_<-fX$58BAE0V6$G z->ftnEy?<-1w*tp4Fg0CJci{;R@Cn=cxdymrw6?*h`#`W+RVJq-`by|ry}CRouX&Q z+iuC92Th`|O6PTaueBMsrs!qL$HuV~eP-f69wa&FQk4`i2g9pjSF~|HMR%8BT8*Mv z!hidFSi68Bjge>7Ff`jNwJX$to^#wYfSIEU@m#bj#MI!kd{eu_p|;%}G;NJ~jp}Lo zWNfWpH%)(citYZ!6b!eQd$Zw~1~}$^IA#|)=DXANPiNSEg;5Wk3sKz7 z+zr2bvCe-4i(WR{jGd{v523rmsd^3qhTU%c9G2#U+}R-_B_p$@@M44MBj2xA&y!8U9sjDFS;F-Sn+wrUrd9~y zGPdzb709TA3_6*k_x~Xy1v1F!CLP?a~Vx@^>a(JeScf#^8L-YYL4!k6Vc|+|E+7^ zayJZU1hR|2D%n^KHjy`J|#i*LYk_I_uG8$?wD3WJR6X|pHIkr!J zW|Y&nW7w#p?+AwxoU8Acs+TlEq(2f>O*5~Vm?TDjS$xn@Vq~T3kK43X<4ihk;w~7& z>H73UJ!`oeJuQPxtk0;(#noRa-lZoQX&L&=DBW4mL+gG1onn+{=u>T&p|)k{8)v(G zmr9?juUhNc6U7w7=2GPB>HN~rr44K03Y_+VftY7p$k4M=aB7dY{X_QjV+uQx`2@35 z%qmvSb$Achjv6iV^vncb=58A+K47cGPe(~j zizH8=Pp35>Vn+}@c`UGr9bFe1*kpPrfVjP_nfkXAUgiD_1{zrh&9{xIYLC&Msn1$a z=Q*YJz_+t$!Xe*M_G2s5SG_Nco&~l8UjrX+wWc*}50I6mXXWmNN0F;hF0NAN&4pzL zL&tIsj&3YIc)1t7ZYw7FZDz#>Lr0AxSvZL6ou`d6S$dJ}{WXSTzP{2Q!m&uBCsFFom$=E*I(6bU7Hy z{gH(-0i+k23!2QS^n?H5c}_&XwwNcld1PT7yvHN{=8(Q;^ z`P%3E9Nmov19!8no*-g%0|@$sa2U}`c}ChieXalBxE6njr5cHew-;L#DIeZHPohOp!} zOcxvuZ5v+|Zh$JG)-ntQZ}G0LFChPFk}Om~zQ?NRv&D$kEi{s{aX}0r+WYH1GLcL* z%{=(^1*1G$PxOD?Yw-`4KO?9`Ci3YG_SscwS*s1AFsm-CAtHl zR(-E1Rd+G_j57u#?n;ht>8L=4(`GC zFY%pQ&=d0E!f-j=aOCJmmo~q~?0Yhpt>V+bbl<0o>NaF}vwfegtIPaB>2zH5YV(Ui zmwczopY!kWc)eYr7SDH>+Wwy1_%uiVlVb1e%+*trShJI0x=cqWiZ%up=s%2icwe^B zdUf@&9JQ=5M;+?)EyS%1uJs*@^y^l>{f2c59~mh469&qUF;K9Yss5t};OMuX=Xo`- zmw8TMeH2zmT6u5&7tbp-a`W_Cl_sM#PfwlZ$ahbOdp<`kMU4t-Tua>K39P3%)_FEh zpKiDP@j+u~ss4%WjRT#19^I?B_Y|`^jX6xE3)h}V^)U!`4(BavP*yaoDB<=V~@1$qP)?HXN$dUC>G^yX|S-?k{MXjkMZ{wOSJQ)MqN6v#?|CTaH5X#<`l6lkNf{{G(pgxf-(|DCJN`yF@Pv2!Z`&RsgSTCa;_JGSg}e{a*y+RnVI^dBgz3n3!~x%6pbB@>cXAp%>3 zc3-C#uR;{~zy!8xLXt>C{z^*Ji>VBrgDF+U$kn(jZZXnJ^+igLQB|tv%!W|qB5~le zRm6-xsa%g3dNU0L5qaMV){GJ}0nfttHy%^jDmiZF-^9MnxKOHRE+^PwB_rYrLF3`a zVU-{l9Z~DHtMuaH56(>>Hi)GFDf-x}jlnf~VxsL%E4p333UPAufwp#LIM!m|yN&d< z`ckX|s9viVC~Zc^T7Aw05eKUdp~6Zde%O{^e7sgqu-Pvfm%tti8z|0+J~8Kw?d$Z^ z8LPFcV(vC$XU#S8igf^%&8fZ@6Zj99&JjsB*;$%fX0#Jx~c#kZgl3a&PT zKF#ytR;>*5Sx$cfiAkWha{6n~0nh^$twiBzY8B{QPN#xy0o~5&96Tk3RtuF{o`BgZ z5?w$k;q(TK%K>UfPU9ijBq*dXIuy{w8S};xm~95=k}w*5M5zGH z1=_rzt3j)lK-)E-Ye4g0eA~A{Zw1X2vTZkl<@yT$E+m;Br}^K89|6{f)2-v^L*wXQ zj-yYFqu&@uzkem|w+&sHVEg7u+D=Y0KbAuF#Bub@adhrDx@a7|?h1M{vv0g2f!Wa$ ztPiiSb{zfSI9dixn;CZLA#^SH|CrJ7K2~?VK32?1erFv05kg`MkydVn#oE#1t&gP! z?TI`AJzTk9<*Sp%<&X1&y70<;ze=6Q{BVIcjH7QKMzL#~4hY zW6WD0OF`W|Mw>vNJ4TxdQTV*|;rwOeXqq9-kJCo=Gkv>7q9rW>yAa@ihAuQ*p~uJN z9~q-fpd;qd`tb5ydt1;TlkBAsY$B(0v$I-LK(c^l31g3rK zk|>L@_ej7 zuq^!3SOJUv>p1$~SJDpqIC@;Kcg!4@pE8b~XVGYXO94kQLW3x+480B4ivM-YAUv{+ zI#MOif4~wjR{qDxr+%@O=fj%?F=6!YK+{O7;Q0ff&tUwESb{jcg41y3l<@3r}2v$^{XTJt+Vlu8}%v1oSXEg4ckrn#Lhq5q{l1K zx8nA>_B-2m+`4Fi@y@sP>BiapYNSzHrMtB2YwzB%W#6Alk~>dU>F+6#-@2!E`#rVS zZMx6+{%2U3`Rpxv`@YiE@sZbWxvQpl+m;=*o!f5Jm)iZbrbw(NV0YrRw9d`k0W7AP zIvKmq+R^u;IL}ELi_iYZ%Tm|EByE-@JRr*|XarFgg)1Ov$edx!c!eA;RO!VHn!xAf ziUVa>28q$?yhWVHRxK;Ap^N2-^nRIcM^_UO?pT#D7Q1ivqJ9y)Z-*yDEWRB=MJ&GE zC#|%@VqrZwM}*MR&9^Xs78wWw)GBF!x>XvWLZ(@k>{kzB4H>z85coM@l1%tlVfehX zhE^P8ax3ZjB?A97R4lC5nlU~EPf#kPosbG?J-EV(xI5h?L!ouFn^1^OZWRjY&|1Xe z=x3xSBJyN&MBF0FM%*dOI^bQ=_Kt01b@|Ou1QD_9b+?oibqi>Qt(cNL`m{^4|F*Zsk|HIWWaMf7GRkA<~ZivUy+pt$FcWKNKX>klS z6K}ql--hvj6P7+I(__h_oIlpTBrM~uunY`8QE}}4u=K-W>Hi&;{%%-$Sj7{_O5UF) zVEBnR{t11IT@7Q*@fU|qB-$pf5KrE@m2qf}H3DxBOGoEgE7DKnF+0ajm*jVr;9?=t zw<6#}U{w4qj^oQvzv#*FCuHz``~^!pG!B~xC9dTKCbr6h=q4VMN>A*P%1!K-N=zJ< z>62n)`lM1}0PLR>kQTUL!8N=xSFT)H;Hsn51f&jbFPr2jpmiHJ@bm$CZjU3lp+P5 z5aE$2?J}w{<+wC51>UXZa#Aj#e$n%%ZDs6Eo-qxTiAiZXv^K{p)SfyehFotG7- zjYyu^0U3We8~pchIkN|3JntOHFUMXW#?TC7+_)8zch`phj_-)ZH)auU=$WZ%L5Myg*?^LN)Hrj z=KT3F(!KeRBZh8%gY0zqG$q3z>T~(<&>qod%iJ=0co{7C5f{4bw7l3X>zA`+L6%G} zC=5$)3rjy5mVO~D9Tkh&)?et68HJ@XqY#}=457lVFrKrLXSoCCGjm0kLkV$9zIzS2QfsS9s;^_6oG0;9qe}29dAmm1o0w(hhu!R(-zKl0iWSG z3-~O@gTTEU4*~aCI7bEU=eQI&a=;?;%Z=e3`bK}XMbc{zrIq7mU|t`+?odXobb8fc zqd(}a2k;Gfgy|KBjs6I?;Cs7;>D7iUXkmJ*VdMIlZ!}OJ@%!m%vYi+~(34|37i2!f zr9w!jS045r3)8b!`-p|jr<8dXrU!)dBbWH;(HZSyLYN+#X)zXF#(;A)^N+m{*LaLrgnwrPG5U-N7+<=@BQ%p$9;E4aZ%;trn&SKl(|IDSgnw zE8M6o!pVu@@MAe9@0)+F*ygRGF!ZRKQ9kA@w2wA=Z&s$;ysi81#ak@zaiiyeVt$ts zeP^0cN8c-RjG+0wbL>QpIDKV1s!F$x #define SSL_CTRL_CHAIN 88 -#define GEN_IPADD 7 #define ERR_LIB_SSL 20 #define SSL_R_SHORT_READ 10 #define ERR_R_PEM_LIB 9 @@ -959,6 +960,7 @@ enum { #define SSL_num_renegotiations wolfSSL_num_renegotiations #define SSL_renegotiate wolfSSL_Rehandshake #define SSL_get_secure_renegotiation_support wolfSSL_SSL_get_secure_renegotiation_support +#define SSL_renegotiate_pending wolfSSL_SSL_renegotiate_pending #define SSL_set_tlsext_debug_arg wolfSSL_set_tlsext_debug_arg #define SSL_set_tlsext_status_type wolfSSL_set_tlsext_status_type #define SSL_set_tlsext_status_exts wolfSSL_set_tlsext_status_exts @@ -1227,7 +1229,7 @@ enum { #define X509_OBJECT_free wolfSSL_X509_OBJECT_free #define X509_OBJECT_get_type(x) 0 -#define OpenSSL_version(x) wolfSSL_lib_version() +#define OpenSSL_version(x) wolfSSL_OpenSSL_version() #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libwolfssl/openssl/stack.h b/source/libwolfssl/openssl/stack.h index 13e2c5d4..a27c46d4 100644 --- a/source/libwolfssl/openssl/stack.h +++ b/source/libwolfssl/openssl/stack.h @@ -28,6 +28,8 @@ extern "C" { #endif +#include + typedef void (*wolfSSL_sk_freefunc)(void *); WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc); diff --git a/source/libwolfssl/openssl/x509v3.h b/source/libwolfssl/openssl/x509v3.h index 0de6b142..4625624b 100644 --- a/source/libwolfssl/openssl/x509v3.h +++ b/source/libwolfssl/openssl/x509v3.h @@ -40,6 +40,7 @@ /* Forward reference */ typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); +typedef int (*X509V3_EXT_I2D) (void *, unsigned char **); typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) ( struct WOLFSSL_v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist); @@ -53,6 +54,7 @@ struct WOLFSSL_v3_ext_method { int ext_flags; void *usr_data; X509V3_EXT_D2I d2i; + X509V3_EXT_I2D i2d; X509V3_EXT_I2V i2v; X509V3_EXT_I2S i2s; X509V3_EXT_I2R i2r; @@ -61,7 +63,7 @@ struct WOLFSSL_v3_ext_method { struct WOLFSSL_X509_EXTENSION { WOLFSSL_ASN1_OBJECT *obj; WOLFSSL_ASN1_BOOLEAN crit; - WOLFSSL_ASN1_STRING value; + ASN1_OCTET_STRING value; /* DER format of extension */ WOLFSSL_v3_ext_method ext_method; WOLFSSL_STACK* ext_sk; /* For extension specific data */ }; @@ -86,7 +88,9 @@ typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS; typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION; typedef WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION) WOLFSSL_AUTHORITY_INFO_ACCESS; +WOLFSSL_API WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void); WOLFSSL_API void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc); +WOLFSSL_API WOLFSSL_AUTHORITY_KEYID* wolfSSL_AUTHORITY_KEYID_new(void); WOLFSSL_API void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id); WOLFSSL_API const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get( WOLFSSL_X509_EXTENSION* ex); diff --git a/source/libwolfssl/sniffer.h b/source/libwolfssl/sniffer.h index abf76497..aa78fc26 100644 --- a/source/libwolfssl/sniffer.h +++ b/source/libwolfssl/sniffer.h @@ -49,12 +49,49 @@ SSL_SNIFFER_API int ssl_SetPrivateKey(const char* address, int port, const char* keyFile, int typeK, const char* password, char* error); +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetPrivateKeyBuffer(const char* address, int port, + const char* keyBuf, int keySz, + int typeK, const char* password, + char* error); + + WOLFSSL_API SSL_SNIFFER_API int ssl_SetNamedPrivateKey(const char* name, const char* address, int port, const char* keyFile, int typeK, const char* password, char* error); +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetNamedPrivateKeyBuffer(const char* name, + const char* address, int port, + const char* keyBuf, int keySz, + int typeK, const char* password, + char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetEphemeralKey(const char* address, int port, + const char* keyFile, int typeKey, + const char* password, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetEphemeralKeyBuffer(const char* address, int port, + const char* keyBuf, int keySz, int typeKey, + const char* password, char* error); + + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetNamedEphemeralKey(const char* name, + const char* address, int port, + const char* keyFile, int typeKey, + const char* password, char* error); + +WOLFSSL_API +SSL_SNIFFER_API int ssl_SetNamedEphemeralKeyBuffer(const char* name, + const char* address, int port, + const char* keyBuf, int keySz, int typeKey, + const char* password, char* error); + WOLFSSL_API SSL_SNIFFER_API int ssl_DecodePacket(const unsigned char* packet, int length, unsigned char** data, char* error); diff --git a/source/libwolfssl/sniffer_error.h b/source/libwolfssl/sniffer_error.h index d4e83692..882aaeae 100644 --- a/source/libwolfssl/sniffer_error.h +++ b/source/libwolfssl/sniffer_error.h @@ -130,6 +130,7 @@ #define NO_DATA_DEST_STR 91 #define STORE_DATA_FAIL_STR 92 #define CHAIN_INPUT_STR 93 +#define GOT_ENC_EXT_STR 94 /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */ diff --git a/source/libwolfssl/ssl.h b/source/libwolfssl/ssl.h index f5513e33..e9122af7 100644 --- a/source/libwolfssl/ssl.h +++ b/source/libwolfssl/ssl.h @@ -274,7 +274,8 @@ struct WOLFSSL_ASN1_OBJECT { int ca; WOLFSSL_ASN1_INTEGER *pathlen; #endif - unsigned char dynamic; /* if 1 then obj was dynamically created, 0 otherwise */ + unsigned char dynamic; /* Use WOLFSSL_ASN1_DYNAMIC and WOLFSSL_ASN1_DYNAMIC_DATA + * to determine what needs to be freed. */ #if defined(WOLFSSL_APACHE_HTTPD) WOLFSSL_GENERAL_NAME* gn; @@ -506,7 +507,7 @@ struct WOLFSSL_X509_STORE { int cache; /* stunnel dereference */ WOLFSSL_CERT_MANAGER* cm; WOLFSSL_X509_LOOKUP lookup; -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) int isDynamic; WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */ #endif @@ -516,15 +517,15 @@ struct WOLFSSL_X509_STORE { #ifdef HAVE_EX_DATA WOLFSSL_CRYPTO_EX_DATA ex_data; #endif -#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) - WOLFSSL_X509_CRL *crl; +#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && defined(HAVE_CRL) + WOLFSSL_X509_CRL *crl; /* points to cm->crl */ #endif }; -#ifdef OPENSSL_EXTRA +#define WOLFSSL_NO_WILDCARDS 0x4 +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #define WOLFSSL_USE_CHECK_TIME 0x2 #define WOLFSSL_NO_CHECK_TIME 0x200000 -#define WOLFSSL_NO_WILDCARDS 0x4 #define WOLFSSL_HOST_NAME_MAX 256 #define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */ struct WOLFSSL_X509_VERIFY_PARAM { @@ -534,7 +535,7 @@ struct WOLFSSL_X509_VERIFY_PARAM { unsigned int hostFlags; char ipasc[WOLFSSL_MAX_IPSTR]; }; -#endif +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ typedef struct WOLFSSL_ALERT { int code; @@ -709,11 +710,11 @@ WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void); -WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void); +WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void); WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); #ifdef WOLFSSL_TLS13 WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method(void); - WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void); + WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void); WOLFSSL_ABI WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void); #endif @@ -861,7 +862,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_connect(WOLFSSL*); WOLFSSL_ABI WOLFSSL_API int wolfSSL_write(WOLFSSL*, const void*, int); WOLFSSL_ABI WOLFSSL_API int wolfSSL_read(WOLFSSL*, void*, int); WOLFSSL_API int wolfSSL_peek(WOLFSSL*, void*, int); -WOLFSSL_API int wolfSSL_accept(WOLFSSL*); +WOLFSSL_ABI WOLFSSL_API int wolfSSL_accept(WOLFSSL*); WOLFSSL_API int wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req); WOLFSSL_API int wolfSSL_mutual_auth(WOLFSSL* ssl, int req); #ifdef WOLFSSL_TLS13 @@ -891,10 +892,12 @@ WOLFSSL_API int wolfSSL_accept_TLSv13(WOLFSSL*); WOLFSSL_API int wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx, unsigned int sz); WOLFSSL_API int wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz); -WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL*, const void*, int, int*); -WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL*, void*, int, int*); -#endif -#endif +WOLFSSL_API int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, + int sz, int* outSz); +WOLFSSL_API int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, + int* outSz); +#endif /* WOLFSSL_EARLY_DATA */ +#endif /* WOLFSSL_TLS13 */ WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*); WOLFSSL_ABI WOLFSSL_API void wolfSSL_free(WOLFSSL*); WOLFSSL_ABI WOLFSSL_API int wolfSSL_shutdown(WOLFSSL*); @@ -918,9 +921,11 @@ WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int); WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO**, size_t, WOLFSSL_BIO**, size_t); -WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM, +WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, + unsigned char *EM, const unsigned char *mHash, - const WOLFSSL_EVP_MD *Hash, int saltLen); + const WOLFSSL_EVP_MD *hashAlg, + int saltLen); WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, const unsigned char *EM, int saltLen); @@ -1082,6 +1087,7 @@ typedef int WOLFSSL_LHASH; WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap); WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk); WOLFSSL_API void wolfSSL_sk_free_node(WOLFSSL_STACK* in); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk); WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in); WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx); WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data); @@ -1102,12 +1108,13 @@ typedef WOLF_STACK_OF(WOLFSSL_GENERAL_NAME) WOLFSSL_GENERAL_NAMES; WOLFSSL_API int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509); WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk); -WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_dup(WOLFSSL_STACK* sk); WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk); WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void); WOLFSSL_API void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* gn); -WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_push(WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)* sk, - WOLFSSL_GENERAL_NAME* gn); +WOLFSSL_API WOLFSSL_GENERAL_NAMES* wolfSSL_GENERAL_NAMES_dup( + WOLFSSL_GENERAL_NAMES* gns); +WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_push(WOLFSSL_GENERAL_NAMES* sk, + WOLFSSL_GENERAL_NAME* gn); WOLFSSL_API WOLFSSL_GENERAL_NAME* wolfSSL_sk_GENERAL_NAME_value( WOLFSSL_STACK* sk, int i); WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk); @@ -1129,6 +1136,7 @@ WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_pop_free( void (*f) (WOLFSSL_X509_EXTENSION*)); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* wolfSSL_sk_X509_EXTENSION_new_null(void); WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void); +WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj); WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj); WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_asn1_obj(void); WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk, @@ -1153,11 +1161,13 @@ WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL*, const unsigned char*, WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*); WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*); WOLFSSL_API int wolfSSL_session_reused(WOLFSSL*); +WOLFSSL_API int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session); WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session); +WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new(void); WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session); WOLFSSL_API int wolfSSL_is_init_finished(WOLFSSL*); -WOLFSSL_API const char* wolfSSL_get_version(WOLFSSL*); +WOLFSSL_API const char* wolfSSL_get_version(const WOLFSSL*); WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl); WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL*); WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER*, char*, int); @@ -1312,6 +1322,8 @@ WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st, WOLFSSL_X509_STORE_CTX_verify_cb verify_cb); WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n, unsigned char** out); +WOLFSSL_API WOLFSSL_X509_NAME *wolfSSL_d2i_X509_NAME(WOLFSSL_X509_NAME **name, + unsigned char **in, long length); #ifndef NO_RSA WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset); #endif @@ -1325,8 +1337,10 @@ WOLFSSL_API char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME*, char*, int); #endif WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name( WOLFSSL_X509*); +WOLFSSL_API unsigned long wolfSSL_X509_issuer_name_hash(const WOLFSSL_X509* x509); WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name( WOLFSSL_X509*); +WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int); WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int); WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*); @@ -1365,6 +1379,7 @@ WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_NID( WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY*); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void); +WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* asn1); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type); WOLFSSL_API int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn, const unsigned char **in, long len); @@ -1421,11 +1436,12 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** out); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key, const unsigned char** in, long inSz); +WOLFSSL_API int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** key, unsigned char** in, long inSz); -WOLFSSL_API int wolfSSL_i2d_PrivateKey(WOLFSSL_EVP_PKEY* key, +WOLFSSL_API int wolfSSL_i2d_PrivateKey(const WOLFSSL_EVP_PKEY* key, unsigned char** der); WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*); #ifdef OPENSSL_EXTRA @@ -1571,6 +1587,7 @@ WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s, long op); WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s); WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s); WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s); +WOLFSSL_API int wolfSSL_SSL_renegotiate_pending(WOLFSSL *s); WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh); WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type); @@ -1597,8 +1614,6 @@ enum { WOLFSSL_CRL_CHECK = 2, }; -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ - defined(HAVE_WEBSERVER) /* Separated out from other enums because of size */ enum { SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001, @@ -1645,6 +1660,8 @@ enum { | SSL_OP_TLS_ROLLBACK_BUG), }; +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) /* for compatibility these must be macros */ #define SSL_OP_NO_SSLv2 WOLFSSL_OP_NO_SSLv2 #define SSL_OP_NO_SSLv3 WOLFSSL_OP_NO_SSLv3 @@ -1950,6 +1967,11 @@ enum { /* ssl Constants */ WOLFSSL_API void wolfSSL_set_psk_server_tls13_callback(WOLFSSL*, wc_psk_server_tls13_callback); #endif + WOLFSSL_API void* wolfSSL_get_psk_callback_ctx(WOLFSSL*); + WOLFSSL_API int wolfSSL_set_psk_callback_ctx(WOLFSSL*, void*); + + WOLFSSL_API void* wolfSSL_CTX_get_psk_callback_ctx(WOLFSSL_CTX*); + WOLFSSL_API int wolfSSL_CTX_set_psk_callback_ctx(WOLFSSL_CTX*, void*); #define PSK_TYPES_DEFINED #endif /* NO_PSK */ @@ -1992,10 +2014,9 @@ WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long); WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long); -#ifndef NO_CERTS +#if !defined(NO_FILESYSTEM) && !defined(NO_CHECK_PRIVATE_KEY) WOLFSSL_API int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX*); -#endif /* !NO_CERTS */ - +#endif WOLFSSL_API void wolfSSL_ERR_free_strings(void); WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long); WOLFSSL_API int wolfSSL_clear(WOLFSSL* ssl); @@ -2045,7 +2066,8 @@ WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_ WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_STACK* sk); WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i); -#if defined(HAVE_EX_DATA) || defined(FORTRESS) +#if (defined(HAVE_EX_DATA) || defined(FORTRESS)) && \ + (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx); WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, @@ -2087,6 +2109,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void); /* which library version do we have */ WOLFSSL_API const char* wolfSSL_lib_version(void); +WOLFSSL_API const char* wolfSSL_OpenSSL_version(void); /* which library version do we have in hex */ WOLFSSL_API word32 wolfSSL_lib_version_hex(void); @@ -2134,6 +2157,7 @@ WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*); WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*); WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*); +WOLFSSL_API int wolfSSL_X509_add_altname_ex(WOLFSSL_X509*, const char*, word32, int); WOLFSSL_API int wolfSSL_X509_add_altname(WOLFSSL_X509*, const char*, int); WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, @@ -2424,6 +2448,7 @@ WOLFSSL_API void wolfSSL_SetVerifyDecryptCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetVerifyDecryptCtx(WOLFSSL* ssl); WOLFSSL_API const unsigned char* wolfSSL_GetMacSecret(WOLFSSL*, int); +WOLFSSL_API const unsigned char* wolfSSL_GetDtlsMacSecret(WOLFSSL*, int, int); WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*); WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*); WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*); @@ -2527,7 +2552,7 @@ struct DhKey; typedef int (*CallbackDhAgree)(WOLFSSL* ssl, struct DhKey* key, const unsigned char* priv, unsigned int privSz, const unsigned char* otherPubKeyDer, unsigned int otherPubKeySz, - unsigned char* out, unsigned int* outlen, + unsigned char* out, word32* outlen, void* ctx); WOLFSSL_API void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX*, CallbackDhAgree); WOLFSSL_API void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx); @@ -2625,7 +2650,7 @@ WOLFSSL_API void* wolfSSL_GetX448SharedSecretCtx(WOLFSSL* ssl); #ifndef NO_RSA typedef int (*CallbackRsaSign)(WOLFSSL* ssl, const unsigned char* in, unsigned int inSz, - unsigned char* out, unsigned int* outSz, + unsigned char* out, word32* outSz, const unsigned char* keyDer, unsigned int keySz, void* ctx); WOLFSSL_API void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX*, CallbackRsaSign); @@ -2670,7 +2695,7 @@ WOLFSSL_API void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl); /* RSA Public Encrypt cb */ typedef int (*CallbackRsaEnc)(WOLFSSL* ssl, const unsigned char* in, unsigned int inSz, - unsigned char* out, unsigned int* outSz, + unsigned char* out, word32* outSz, const unsigned char* keyDer, unsigned int keySz, void* ctx); WOLFSSL_API void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX*, CallbackRsaEnc); @@ -3031,6 +3056,7 @@ enum { WOLFSSL_ECC_BRAINPOOLP512R1 = 28, WOLFSSL_ECC_X25519 = 29, WOLFSSL_ECC_X448 = 30, + WOLFSSL_ECC_MAX = 30, WOLFSSL_FFDHE_2048 = 256, WOLFSSL_FFDHE_3072 = 257, @@ -3208,7 +3234,6 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, #include struct WOLFSSL_X509_NAME_ENTRY { WOLFSSL_ASN1_OBJECT object; /* static object just for keeping grp, type */ - WOLFSSL_ASN1_STRING data; WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */ int nid; /* i.e. ASN_COMMON_NAME */ int set; @@ -3219,11 +3244,8 @@ WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_OBJ(WOLFSSL_X509_NAME *name, const WOLFSSL_ASN1_OBJECT *obj, int idx); -#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) - enum { WOLFSSL_SYS_ACCEPT = 0, WOLFSSL_SYS_BIND, @@ -3293,12 +3315,23 @@ WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x, WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509*); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME*); +WOLFSSL_API int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME*, WOLFSSL_X509_NAME*); WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl); +#endif /* !NO_CERTS */ +#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, int* idx); +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) +#ifndef NO_CERTS WOLFSSL_API int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert); WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos); WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc); +WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit, + void *data); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid( WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid, char* value); @@ -3335,7 +3368,7 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void); WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object(WOLFSSL_X509_EXTENSION* ext); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext); -#endif /* NO_CERTS */ +#endif /* !NO_CERTS */ WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r); @@ -3343,8 +3376,6 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses, unsigned char* out, int outSz); WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses); -WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, - WOLFSSL_X509_STORE* str); WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); #if !defined(NO_FILESYSTEM) WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp, @@ -3353,20 +3384,27 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s #endif WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509); -WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); +#endif /* OPENSSL_EXTRA || OPENSSL_ALL */ +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, + WOLFSSL_X509_STORE* str); +WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx); +WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl, + unsigned char *out, size_t outlen); +WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl, + unsigned char* out, size_t outSz); +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio); WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b); -WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl, - unsigned char *out, size_t outlen); WOLFSSL_API int wolfSSL_get_server_tmp_key(const WOLFSSL*, WOLFSSL_EVP_PKEY**); WOLFSSL_API int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX*, int); WOLFSSL_API int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX*, int); -WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl, - unsigned char* out, size_t outSz); WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp, @@ -3385,9 +3423,12 @@ WOLFSSL_API int wolfSSL_PEM_get_EVP_CIPHER_INFO(char* header, WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len, pem_password_cb* callback, void* ctx); +#endif /* OPENSSL_EXTRA || OPENSSL_ALL */ /*lighttp compatibility */ +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ + defined(OPENSSL_EXTRA_X509_SMALL) struct WOLFSSL_ASN1_BIT_STRING { int length; int type; @@ -3395,6 +3436,11 @@ struct WOLFSSL_ASN1_BIT_STRING { long flags; }; +WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc); +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)|| \ + defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) \ || defined(OPENSSL_ALL) \ @@ -3402,7 +3448,8 @@ struct WOLFSSL_ASN1_BIT_STRING { || defined(WOLFSSL_MYSQL_COMPATIBLE) \ || defined(HAVE_STUNNEL) \ || defined(WOLFSSL_NGINX) \ - || defined(WOLFSSL_HAPROXY) + || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne); WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void); WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name); @@ -3414,7 +3461,6 @@ WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth); WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl); WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg); WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne); -WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc); WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md); @@ -3468,12 +3514,8 @@ WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, #endif -#if defined(OPENSSL_ALL) \ - || defined(HAVE_STUNNEL) \ - || defined(WOLFSSL_NGINX) \ - || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) \ - || defined(HAVE_LIGHTY) +#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \ + || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) #include @@ -3485,6 +3527,8 @@ WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const ch WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void); +WOLFSSL_API int wolfSSL_CRYPTO_memcmp(const void *a, const void *b, size_t size); + WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn); WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1024_prime(WOLFSSL_BIGNUM* bn); WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn); @@ -3550,7 +3594,9 @@ WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJE WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int, unsigned long); +#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */ +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void); WOLFSSL_API void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING*); WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr( @@ -3559,6 +3605,10 @@ WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_get_bit( const WOLFSSL_ASN1_BIT_STRING*, int); WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_set_bit( WOLFSSL_ASN1_BIT_STRING*, int, int); +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ + +#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \ + || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*); @@ -3571,17 +3621,22 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, in WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)*); WOLFSSL_API void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)*, int); +#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */ +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int); WOLFSSL_API int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*); +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ + +#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \ + || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*, CRYPTO_free_func*); WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*); - WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*, unsigned int*); @@ -3624,10 +3679,13 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* WOLFSSL_API WOLFSSL_X509_OBJECT* wolfSSL_sk_X509_OBJECT_delete(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i); WOLFSSL_API void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *a); - -WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*)); #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */ +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +#include +WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*)); +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ + #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names); WOLFSSL_API int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names); @@ -3688,14 +3746,17 @@ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url); #endif +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx); +WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx, + void *data); +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ + #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl); WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c); -WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx); -WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx, - void *data); WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data, const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len); @@ -3715,8 +3776,6 @@ WOLFSSL_API int wolfSSL_SSL_in_connect_init(WOLFSSL*); #ifndef NO_SESSION_CACHE WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *s); #endif -WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, - size_t chklen, unsigned int flags, char **peername); WOLFSSL_API int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp, const WOLFSSL_ASN1_INTEGER *a); @@ -3745,13 +3804,13 @@ WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value( WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx); -#endif /* HAVE_OCSP */ +#endif /* HAVE_OCSP || OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert); #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || - OPENSSL_EXTRA || HAVE_LIGHTY*/ + OPENSSL_EXTRA || HAVE_LIGHTY */ WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, const unsigned char **data, unsigned int *len); @@ -3782,8 +3841,14 @@ WOLFSSL_API void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s, WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data, unsigned *len); +#ifndef NO_ASN +WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, + size_t chklen, unsigned int flags, char **peername); +WOLFSSL_API int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc, + unsigned int flags); +#endif -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context( const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length); @@ -3808,6 +3873,7 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_PUBKEY_get(WOLFSSL_X509_PUBKEY* key); WOLFSSL_API int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key); WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a); +WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp); WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir); @@ -3815,8 +3881,6 @@ WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509 WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p); WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_find( WOLF_STACK_OF(WOLFSSL_CIPHER)* sk, const WOLFSSL_CIPHER* toFind); -WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER)* wolfSSL_sk_SSL_CIPHER_dup( - WOLF_STACK_OF(WOLFSSL_CIPHER)* in); WOLFSSL_API void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk); WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st); WOLFSSL_API int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk); @@ -3843,10 +3907,9 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey( WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length); -WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509); -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef HAVE_PK_CALLBACKS WOLFSSL_API int wolfSSL_IsPrivatePkSet(WOLFSSL* ssl); @@ -3858,6 +3921,15 @@ WOLFSSL_API int wolfSSL_CTX_AllowEncryptThenMac(WOLFSSL_CTX *, int); WOLFSSL_API int wolfSSL_AllowEncryptThenMac(WOLFSSL *s, int); #endif +/* This feature is used to set a fixed ephemeral key and is for testing only */ +/* Currently allows ECDHE and DHE only */ +#ifdef WOLFSSL_STATIC_EPHEMERAL +WOLFSSL_API int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, + const char* key, unsigned int keySz, int format); +WOLFSSL_API int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo, + const char* key, unsigned int keySz, int format); +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libwolfssl/test.h b/source/libwolfssl/test.h index f90654e0..b9040673 100644 --- a/source/libwolfssl/test.h +++ b/source/libwolfssl/test.h @@ -55,6 +55,7 @@ #endif #define SOCKET_T SOCKET #define SNPRINTF _snprintf + #define XSLEEP_MS(t) Sleep(t) #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) #include #include "rl_net.h" @@ -69,9 +70,9 @@ return(ret) ; } #if defined(HAVE_KEIL_RTX) - #define sleep(t) os_dly_wait(t/1000+1); + #define XSLEEP_MS(t) os_dly_wait(t) #elif defined(WOLFSSL_CMSIS_RTOS) || defined(WOLFSSL_CMSIS_RTOSv2) - #define sleep(t) osDelay(t/1000+1); + #define XSLEEP_MS(t) osDelay(t) #endif #elif defined(WOLFSSL_TIRTOS) #include @@ -88,6 +89,7 @@ char **h_addr_list; /* list of addresses from name server */ }; #define SOCKET_T int + #define XSLEEP_MS(t) Task_sleep(t/1000) #elif defined(WOLFSSL_VXWORKS) #include #include @@ -148,8 +150,19 @@ #include /* ignore SIGPIPE */ #endif #define SNPRINTF snprintf + + #define XSELECT_WAIT(x,y) do { \ + struct timeval tv = {(x),(y)}; \ + select(0, NULL, NULL, NULL, &tv); \ + } while (0) + #define XSLEEP_US(u) XSELECT_WAIT(0,u) + #define XSLEEP_MS(m) XSELECT_WAIT(0,(m)*1000) #endif /* USE_WINDOWS_API */ +#ifndef XSLEEP_MS + #define XSLEEP_MS(t) sleep(t/1000) +#endif + #ifdef WOLFSSL_ASYNC_CRYPT #include #endif @@ -409,6 +422,7 @@ typedef struct callback_functions { ssl_callback ssl_ready; ssl_callback on_result; WOLFSSL_CTX* ctx; + unsigned char isSharedCtx:1; } callback_functions; typedef struct func_args { @@ -1302,7 +1316,7 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint, (void)key_max_len; /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ - strncpy(identity, kIdentityStr, id_max_len); + XSTRNCPY(identity, kIdentityStr, id_max_len); if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using @@ -1336,7 +1350,7 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit (void)key_max_len; /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ - if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0) + if (XSTRNCMP(identity, kIdentityStr, XSTRLEN(kIdentityStr)) != 0) return 0; if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { @@ -1370,13 +1384,14 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl, { int i; int b = 0x01; + const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl); (void)ssl; (void)hint; (void)key_max_len; /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ - strncpy(identity, kIdentityStr, id_max_len); + XSTRNCPY(identity, kIdentityStr, id_max_len); for (i = 0; i < 32; i++, b += 0x22) { if (b >= 0x100) @@ -1384,7 +1399,7 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl, key[i] = b; } - *ciphersuite = "TLS13-AES128-GCM-SHA256"; + *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256"; return 32; /* length of key in octets or 0 for error */ } @@ -1396,12 +1411,13 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl, { int i; int b = 0x01; + const char* userCipher = (const char*)wolfSSL_get_psk_callback_ctx(ssl); (void)ssl; (void)key_max_len; /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ - if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0) + if (XSTRNCMP(identity, kIdentityStr, XSTRLEN(kIdentityStr)) != 0) return 0; for (i = 0; i < 32; i++, b += 0x22) { @@ -1410,12 +1426,12 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl, key[i] = b; } - *ciphersuite = "TLS13-AES128-GCM-SHA256"; + *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256"; return 32; /* length of key in octets or 0 for error */ } -#endif /* NO_PSK */ +#endif /* !NO_PSK */ #if defined(WOLFSSL_USER_CURRTIME) @@ -1675,7 +1691,13 @@ static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response) #endif /* !NO_FILESYSTEM || (NO_FILESYSTEM && FORCE_BUFFER_TEST) */ #endif /* !NO_CERTS */ -static int myVerifyFail = 0; +enum { + VERIFY_OVERRIDE_ERROR, + VERIFY_FORCE_FAIL, + VERIFY_USE_PREVERFIY, + VERIFY_OVERRIDE_DATE_ERR, +}; +static THREAD_LS_T int myVerifyAction = VERIFY_OVERRIDE_ERROR; /* The verify callback is called for every certificate only when * --enable-opensslextra is defined because it sets WOLFSSL_ALWAYS_VERIFY_CB and @@ -1727,7 +1749,7 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); #if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) -/* avoid printing duplicate certs */ + /* avoid printing duplicate certs */ if (store->depth == 1) { /* retrieve x509 certs and display them on stdout */ sk = wolfSSL_X509_STORE_GetCerts(store); @@ -1762,37 +1784,24 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) printf("\tSubject's domain name at %d is %s\n", store->error_depth, store->domain); /* Testing forced fail case by return zero */ - if (myVerifyFail) { + if (myVerifyAction == VERIFY_FORCE_FAIL) { return 0; /* test failure case */ } + if (myVerifyAction == VERIFY_OVERRIDE_DATE_ERR && + (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E)) { + printf("Overriding cert date error as example for bad clock testing\n"); + return 1; + } + /* If error indicate we are overriding it for testing purposes */ - if (store->error != 0) { + if (store->error != 0 && myVerifyAction == VERIFY_OVERRIDE_ERROR) { printf("\tAllowing failed certificate check, testing only " "(shouldn't do this in production)\n"); } /* A non-zero return code indicates failure override */ - return 1; -} - - -static WC_INLINE int myDateCb(int preverify, WOLFSSL_X509_STORE_CTX* store) -{ - char buffer[WOLFSSL_MAX_ERROR_SZ]; - (void)preverify; - - printf("In verification callback, error = %d, %s\n", store->error, - wolfSSL_ERR_error_string(store->error, buffer)); - printf("Subject's domain name is %s\n", store->domain); - - if (store->error == ASN_BEFORE_DATE_E || store->error == ASN_AFTER_DATE_E) { - printf("Overriding cert date error as example for bad clock testing\n"); - return 1; - } - printf("Cert error is not date error, not overriding\n"); - - return 0; + return (myVerifyAction == VERIFY_OVERRIDE_ERROR) ? 1 : preverify; } @@ -1952,7 +1961,7 @@ static WC_INLINE int StackSizeCheck(func_args* args, thread_func tf) int ret, i, used; void* status; unsigned char* myStack = NULL; - int stackSize = 1024*152; + int stackSize = 1024*176; pthread_attr_t myAttr; pthread_t threadId; @@ -2664,6 +2673,13 @@ static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, ret = BAD_FUNC_ARG; } +#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + if (ret == 0) { + ret = wc_ecc_set_rng(privKey, wolfSSL_GetRNG(ssl)); + } +#endif + /* generate shared secret and return it */ if (ret == 0) { ret = wc_ecc_shared_secret(privKey, pubKey, out, outlen); @@ -2873,7 +2889,7 @@ static WC_INLINE int myEd448Sign(WOLFSSL* ssl, const byte* in, word32 inSz, if (ret == 0) { ret = wc_Ed448PrivateKeyDecode(keyBuf, &idx, &myKey, keySz); if (ret == 0) - ret = wc_ed448_sign_msg(in, inSz, out, outSz, &myKey); + ret = wc_ed448_sign_msg(in, inSz, out, outSz, &myKey, NULL, 0); wc_ed448_free(&myKey); } @@ -2905,7 +2921,8 @@ static WC_INLINE int myEd448Verify(WOLFSSL* ssl, const byte* sig, word32 sigSz, if (ret == 0) { ret = wc_ed448_import_public(key, keySz, &myKey); if (ret == 0) { - ret = wc_ed448_verify_msg(sig, sigSz, msg, msgSz, result, &myKey); + ret = wc_ed448_verify_msg(sig, sigSz, msg, msgSz, result, &myKey, + NULL, 0); } wc_ed448_free(&myKey); } @@ -3605,15 +3622,16 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num) int enc, byte* ticket, int inLen, int* outLen, void* userCtx) { - (void)ssl; - (void)userCtx; - int ret; word16 sLen = XHTONS(inLen); byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2]; int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2; byte* tmp = aad; + (void)ssl; + (void)userCtx; + + /* encrypt */ if (enc) { XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ); @@ -3634,8 +3652,9 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num) mac); if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; *outLen = inLen; /* no padding in this mode */ - } else { - /* decrypt */ + } + /* decrypt */ + else { /* see if we know this key */ if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){ @@ -3662,7 +3681,7 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num) return WOLFSSL_TICKET_RET_OK; } -#endif /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */ +#endif /* HAVE_SESSION_TICKET && HAVE_CHACHA && HAVE_POLY1305 */ static WC_INLINE word16 GetRandomPort(void) { diff --git a/source/libwolfssl/version.h b/source/libwolfssl/version.h index 332cadfa..fe258fcc 100644 --- a/source/libwolfssl/version.h +++ b/source/libwolfssl/version.h @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "4.4.0" -#define LIBWOLFSSL_VERSION_HEX 0x04004000 +#define LIBWOLFSSL_VERSION_STRING "4.5.0" +#define LIBWOLFSSL_VERSION_HEX 0x04005000 #ifdef __cplusplus } diff --git a/source/libwolfssl/wolfcrypt/aes.h b/source/libwolfssl/wolfcrypt/aes.h index 7540ba4e..e0e85a16 100644 --- a/source/libwolfssl/wolfcrypt/aes.h +++ b/source/libwolfssl/wolfcrypt/aes.h @@ -22,8 +22,15 @@ /*! \file wolfssl/wolfcrypt/aes.h */ +/* +DESCRIPTION +This library provides the interfaces to the Advanced Encryption Standard (AES) +for encrypting and decrypting data. AES is the standard known for a symmetric +block cipher mechanism that uses n-bit binary string parameter key with 128-bits, +192-bits, and 256-bits of key sizes. +*/ #ifndef WOLF_CRYPT_AES_H #define WOLF_CRYPT_AES_H diff --git a/source/libwolfssl/wolfcrypt/asn.h b/source/libwolfssl/wolfcrypt/asn.h index d1b0bdc6..516113ef 100644 --- a/source/libwolfssl/wolfcrypt/asn.h +++ b/source/libwolfssl/wolfcrypt/asn.h @@ -23,6 +23,14 @@ \file wolfssl/wolfcrypt/asn.h */ +/* + +DESCRIPTION +This library provides the interface to Abstract Syntax Notation One (ASN.1) objects. +ASN.1 is a standard interface description language for defining data structures +that can be serialized and deserialized in a cross-platform way. + +*/ #ifndef WOLF_CRYPT_ASN_H #define WOLF_CRYPT_ASN_H @@ -233,6 +241,7 @@ enum NID_jurisdictionStateOrProvinceName = 0xd, NID_businessCategory = ASN_BUS_CAT, NID_domainComponent = ASN_DOMAIN_COMPONENT, + NID_userId = 458, NID_emailAddress = 0x30, /* emailAddress */ NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */ NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */ @@ -341,7 +350,8 @@ enum Misc_ASN { #endif /* Max total extensions, id + len + others */ #endif -#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7) +#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \ + defined(HAVE_PKCS7) || defined(OPENSSL_EXTRA_X509_SMALL) MAX_OID_SZ = 32, /* Max DER length of OID*/ MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/ #endif @@ -356,7 +366,7 @@ enum Misc_ASN { MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, #endif MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/ - MAX_NAME_ENTRIES = 5, /* extra entries added to x509 name struct */ + MAX_NAME_ENTRIES = 13, /* entries added to x509 name struct */ OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */ MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */ @@ -371,6 +381,8 @@ enum Misc_ASN { TRAILING_ZERO = 1, /* Used for size of zero pad */ ASN_TAG_SZ = 1, /* single byte ASN.1 tag */ MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */ + MAX_X509_VERSION = 3, /* Max X509 version allowed */ + MIN_X509_VERSION = 0, /* Min X509 version allowed */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7) @@ -609,64 +621,6 @@ struct Base_entry { byte type; /* Name base type (DNS or RFC822) */ }; -#define DOMAIN_COMPONENT_MAX 10 -#define DN_NAMES_MAX 9 - -struct DecodedName { - char* fullName; - int fullNameLen; - int entryCount; - int cnIdx; - int cnLen; - int cnNid; - int snIdx; - int snLen; - int snNid; - int cIdx; - int cLen; - int cNid; - int lIdx; - int lLen; - int lNid; - int stIdx; - int stLen; - int stNid; - int oIdx; - int oLen; - int oNid; - int ouIdx; - int ouLen; -#ifdef WOLFSSL_CERT_EXT - int bcIdx; - int bcLen; - int jcIdx; - int jcLen; - int jsIdx; - int jsLen; -#endif - int ouNid; - int emailIdx; - int emailLen; - int emailNid; - int uidIdx; - int uidLen; - int uidNid; - int serialIdx; - int serialLen; - int serialNid; - int dcIdx[DOMAIN_COMPONENT_MAX]; - int dcLen[DOMAIN_COMPONENT_MAX]; - int dcNum; - int dcMode; -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - /* hold the location / order with which each of the DN tags was found - * - * example of ASN_DOMAIN_COMPONENT at index 0 if first found and so on. - */ - int loc[DOMAIN_COMPONENT_MAX + DN_NAMES_MAX]; - int locSz; -#endif -}; enum SignatureState { SIG_STATE_BEGIN, @@ -784,7 +738,6 @@ struct CertSignCtx { #endif typedef struct DecodedCert DecodedCert; -typedef struct DecodedName DecodedName; typedef struct Signer Signer; #ifdef WOLFSSL_TRUST_PEER_CERT typedef struct TrustedPeerCert TrustedPeerCert; @@ -911,8 +864,9 @@ struct DecodedCert { int subjectEmailLen; #endif /* WOLFSSL_CERT_GEN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - DecodedName issuerName; - DecodedName subjectName; + /* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */ + void* issuerName; + void* subjectName; #endif /* OPENSSL_EXTRA */ #ifdef WOLFSSL_SEP int deviceTypeSz; @@ -1052,6 +1006,7 @@ struct TrustedPeerCert { #endif WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash); +WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx); WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz); @@ -1118,12 +1073,14 @@ WOLFSSL_LOCAL int GetAsnTimeString(void* currTime, byte* buf, word32 len); WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format, wolfssl_tm* certTime, int* idx); WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b); -WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); +WOLFSSL_LOCAL int wc_ValidateDate(const byte* date, byte format, int dateType); WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn); /* ASN.1 helper functions */ #ifdef WOLFSSL_CERT_GEN WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name); +WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx); +WOLFSSL_LOCAL byte GetCertNameId(int idx); #endif WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx); diff --git a/source/libwolfssl/wolfcrypt/asn_public.h b/source/libwolfssl/wolfcrypt/asn_public.h index ba5da63a..d4336a24 100644 --- a/source/libwolfssl/wolfcrypt/asn_public.h +++ b/source/libwolfssl/wolfcrypt/asn_public.h @@ -23,6 +23,11 @@ \file wolfssl/wolfcrypt/asn_public.h */ +/* +DESCRIPTION +This library defines the interface APIs for X509 certificates. + +*/ #ifndef WOLF_CRYPT_ASN_PUBLIC_H #define WOLF_CRYPT_ASN_PUBLIC_H diff --git a/source/libwolfssl/wolfcrypt/chacha.h b/source/libwolfssl/wolfcrypt/chacha.h index ddc0dcfc..2582678f 100644 --- a/source/libwolfssl/wolfcrypt/chacha.h +++ b/source/libwolfssl/wolfcrypt/chacha.h @@ -18,7 +18,12 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* +DESCRIPTION +This library contains implementation for the ChaCha20 stream cipher. + +*/ /*! \file wolfssl/wolfcrypt/chacha.h */ @@ -35,9 +40,21 @@ extern "C" { #endif +/* +Initialization vector starts at 13 with zero being the index origin of a matrix. +Block counter is located at index 12. + 0 1 2 3 + 4 5 6 7 + 8 9 10 11 + 12 13 14 15 +*/ +#define CHACHA_MATRIX_CNT_IV 12 + /* Size of the IV */ #define CHACHA_IV_WORDS 3 -#define CHACHA_IV_BYTES (CHACHA_IV_WORDS * sizeof(word32)) + +/* Size of IV in bytes*/ +#define CHACHA_IV_BYTES 12 /* Size of ChaCha chunks */ #define CHACHA_CHUNK_WORDS 16 @@ -57,10 +74,13 @@ enum { typedef struct ChaCha { word32 X[CHACHA_CHUNK_WORDS]; /* state of cipher */ - word32 left; /* number of bytes leftover */ #ifdef HAVE_INTEL_AVX1 /* vpshufd reads 16 bytes but we only use bottom 4. */ byte extra[12]; +#endif + word32 left; /* number of bytes leftover */ +#ifdef USE_INTEL_CHACHA_SPEEDUP + word32 over[CHACHA_CHUNK_WORDS]; #endif } ChaCha; diff --git a/source/libwolfssl/wolfcrypt/chacha20_poly1305.h b/source/libwolfssl/wolfcrypt/chacha20_poly1305.h index f176b9e6..d698300d 100644 --- a/source/libwolfssl/wolfcrypt/chacha20_poly1305.h +++ b/source/libwolfssl/wolfcrypt/chacha20_poly1305.h @@ -18,12 +18,14 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* +DESCRIPTION +This library contains implementation for the ChaCha20 stream cipher and +the Poly1305 authenticator, both as as combined-mode, +or Authenticated Encryption with Additional Data (AEAD) algorithm. -/* This implementation of the ChaCha20-Poly1305 AEAD is based on "ChaCha20 - * and Poly1305 for IETF protocols" (draft-irtf-cfrg-chacha20-poly1305-10): - * https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 - */ +*/ /*! \file wolfssl/wolfcrypt/chacha20_poly1305.h @@ -45,6 +47,7 @@ #define CHACHA20_POLY1305_AEAD_KEYSIZE 32 #define CHACHA20_POLY1305_AEAD_IV_SIZE 12 #define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16 +#define CHACHA20_POLY1305_MAX 4294967295U enum { CHACHA20_POLY_1305_ENC_TYPE = 8, /* cipher unique type */ diff --git a/source/libwolfssl/wolfcrypt/cryptocb.h b/source/libwolfssl/wolfcrypt/cryptocb.h index 5a1f3b79..04f4160a 100644 --- a/source/libwolfssl/wolfcrypt/cryptocb.h +++ b/source/libwolfssl/wolfcrypt/cryptocb.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or + * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/source/libwolfssl/wolfcrypt/curve25519.h b/source/libwolfssl/wolfcrypt/curve25519.h index 91fb4184..a1fd374a 100644 --- a/source/libwolfssl/wolfcrypt/curve25519.h +++ b/source/libwolfssl/wolfcrypt/curve25519.h @@ -86,6 +86,10 @@ enum { EC25519_BIG_ENDIAN=1 }; +WOLFSSL_API +int wc_curve25519_make_pub(int public_size, byte* pub, int private_size, + const byte* priv); + WOLFSSL_API int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key); diff --git a/source/libwolfssl/wolfcrypt/dh.h b/source/libwolfssl/wolfcrypt/dh.h index e6cc852d..38300c75 100644 --- a/source/libwolfssl/wolfcrypt/dh.h +++ b/source/libwolfssl/wolfcrypt/dh.h @@ -45,11 +45,19 @@ #ifdef WOLFSSL_ASYNC_CRYPT #include #endif + +/* Optional support extended DH public / private keys */ +#if !defined(WOLFSSL_DH_EXTRA) && (defined(WOLFSSL_QT) || \ + defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) || \ + defined(WOLFSSL_STATIC_EPHEMERAL)) + #define WOLFSSL_DH_EXTRA +#endif + typedef struct DhParams { - #ifdef HAVE_FFDHE_Q +#ifdef HAVE_FFDHE_Q const byte* q; word32 q_len; - #endif /* HAVE_FFDHE_Q */ +#endif /* HAVE_FFDHE_Q */ const byte* p; word32 p_len; const byte* g; @@ -58,8 +66,8 @@ typedef struct DhParams { /* Diffie-Hellman Key */ struct DhKey { - mp_int p, g, q; /* group parameters */ -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) + mp_int p, g, q; /* group parameters */ +#ifdef WOLFSSL_DH_EXTRA mp_int pub; mp_int priv; #endif @@ -101,15 +109,20 @@ WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, word32 pubSz); WOLFSSL_API int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, - word32); + word32); /* wc_DhKeyDecode is in asn.c */ + WOLFSSL_API int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz); WOLFSSL_API int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz, const byte* q, word32 qSz); -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) -WOLFSSL_LOCAL int wc_DhSetFullKeys(DhKey* key,const byte* priv_key,word32 privSz, - const byte* pub_key, word32 pubSz); -#endif + +#ifdef WOLFSSL_DH_EXTRA +WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz, + const byte* pub, word32 pubSz); +WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz, + byte* pub, word32* pPubSz); +#endif /* WOLFSSL_DH_EXTRA */ + WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz, const byte* q, word32 qSz, int trusted, WC_RNG* rng); @@ -136,4 +149,3 @@ WOLFSSL_API int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz, #endif /* NO_DH */ #endif /* WOLF_CRYPT_DH_H */ - diff --git a/source/libwolfssl/wolfcrypt/ecc.h b/source/libwolfssl/wolfcrypt/ecc.h index 0a2cc953..b35105b0 100644 --- a/source/libwolfssl/wolfcrypt/ecc.h +++ b/source/libwolfssl/wolfcrypt/ecc.h @@ -50,7 +50,7 @@ #endif #endif -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) #include #endif /* WOLFSSL_ATECC508A */ @@ -58,6 +58,11 @@ #include #endif +#ifdef WOLFSSL_HAVE_SP_ECC + #include +#endif + + #ifdef __cplusplus extern "C" { #endif @@ -127,7 +132,7 @@ enum { ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ), /* max crypto hardware size */ -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */ ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2), #elif defined(PLUTON_CRYPTO_ECC) @@ -278,14 +283,15 @@ typedef struct ecc_set_type { * mp_ints for the components of the point. With ALT_ECC_SIZE, the components * of the point are pointers that are set to each of a three item array of * alt_fp_ints. While an mp_int will have 4096 bits of digit inside the - * structure, the alt_fp_int will only have 528 bits. A size value was added - * in the ALT case, as well, and is set by mp_init() and alt_fp_init(). The - * functions fp_zero() and fp_copy() use the size parameter. An int needs to - * be initialized before using it instead of just fp_zeroing it, the init will - * call zero. FP_MAX_BITS_ECC defaults to 528, but can be set to change the - * number of bits used in the alternate FP_INT. + * structure, the alt_fp_int will only have 512 bits for ECC 256-bit and + * 1056-bits for ECC 521-bit. A size value was added in the ALT case, as well, + * and is set by mp_init() and alt_fp_init(). The functions fp_zero() and + * fp_copy() use the size parameter. An int needs to be initialized before + * using it instead of just fp_zeroing it, the init will call zero. The + * FP_MAX_BITS_ECC defaults to calculating based on MAX_ECC_BITS, but + * can be set to change the number of bits used in the alternate FP_INT. * - * Do not enable ALT_ECC_SIZE and disable fast math in the configuration. + * The ALT_ECC_SIZE option only applies to stack based fast math USE_FAST_MATH. */ #ifndef USE_FAST_MATH @@ -294,19 +300,18 @@ typedef struct ecc_set_type { /* determine max bits required for ECC math */ #ifndef FP_MAX_BITS_ECC - /* check alignment */ - #if ((MAX_ECC_BITS * 2) % DIGIT_BIT) == 0 - /* max bits is double */ - #define FP_MAX_BITS_ECC (MAX_ECC_BITS * 2) - #else - /* max bits is doubled, plus one digit of fudge */ - #define FP_MAX_BITS_ECC ((MAX_ECC_BITS * 2) + DIGIT_BIT) - #endif -#else - /* verify alignment */ - #if FP_MAX_BITS_ECC % CHAR_BIT - #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT - #endif + /* max bits rounded up by 8 then doubled */ + /* (ROUND8(MAX_ECC_BITS) * 2) */ + #define FP_MAX_BITS_ECC (2 * \ + ((MAX_ECC_BITS + DIGIT_BIT - 1) / DIGIT_BIT) * DIGIT_BIT) + + /* Note: For ECC verify only FP_MAX_BITS_ECC can be reduced to: + ROUND8(MAX_ECC_BITS) + ROUND8(DIGIT_BIT) */ +#endif + +/* verify alignment */ +#if FP_MAX_BITS_ECC % CHAR_BIT + #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT #endif /* determine buffer size */ @@ -353,6 +358,19 @@ enum { #endif }; +/* ECC non-blocking */ +#ifdef WC_ECC_NONBLOCK + typedef struct ecc_nb_ctx { + #if defined(WOLFSSL_HAVE_SP_ECC) && defined(WOLFSSL_SP_NONBLOCK) + sp_ecc_ctx_t sp_ctx; + #else + /* build configuration not supported */ + #error ECC non-blocking only supports SP (--enable-sp=nonblock) + #endif + } ecc_nb_ctx_t; +#endif /* WC_ECC_NONBLOCK */ + + /* An ECC Key */ struct ecc_key { int type; /* Public or Private */ @@ -369,7 +387,7 @@ struct ecc_key { void* heap; /* heap hint */ ecc_point pubkey; /* public key */ mp_int k; /* private key */ -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) int slot; /* Key Slot Number (-1 unknown) */ byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE]; #endif @@ -413,6 +431,12 @@ struct ecc_key { #ifdef WOLFSSL_DSP remote_handle64 handle; #endif +#ifdef ECC_TIMING_RESISTANT + WC_RNG* rng; +#endif +#ifdef WC_ECC_NONBLOCK + ecc_nb_ctx_t* nb_ctx; +#endif }; @@ -427,7 +451,7 @@ extern const size_t ecc_sets_count; WOLFSSL_API const char* wc_ecc_get_name(int curve_id); -#ifndef WOLFSSL_ATECC508A +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) #ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL #define ECC_API WOLFSSL_API @@ -455,6 +479,8 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id); WOLFSSL_API int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut); WOLFSSL_API +int wc_ecc_make_pub_ex(ecc_key* key, ecc_point* pubOut, WC_RNG* rng); +WOLFSSL_API int wc_ecc_check_key(ecc_key* key); WOLFSSL_API int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime); @@ -472,7 +498,8 @@ WOLFSSL_API int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point, byte* out, word32 *outlen); -#if defined(WOLFSSL_ATECC508A) || defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ + defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) #define wc_ecc_shared_secret_ssh wc_ecc_shared_secret #else #define wc_ecc_shared_secret_ssh wc_ecc_shared_secret_ex /* For backwards compat */ @@ -521,6 +548,12 @@ WOLFSSL_API int wc_ecc_set_flags(ecc_key* key, word32 flags); WOLFSSL_API void wc_ecc_fp_free(void); +WOLFSSL_LOCAL +void wc_ecc_fp_init(void); +#ifdef ECC_TIMING_RESISTANT +WOLFSSL_API +int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng); +#endif WOLFSSL_API int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id); @@ -568,14 +601,20 @@ WOLFSSL_API int wc_ecc_cmp_point(ecc_point* a, ecc_point *b); WOLFSSL_API int wc_ecc_point_is_at_infinity(ecc_point *p); +WOLFSSL_API +int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx); -#ifndef WOLFSSL_ATECC508A +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) WOLFSSL_API int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, mp_int* modulus, int map); WOLFSSL_LOCAL int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, mp_int* modulus, int map, void* heap); +WOLFSSL_LOCAL +int wc_ecc_mulmod_ex2(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, + mp_int* modulus, mp_int* order, WC_RNG* rng, int map, + void* heap); #endif /* !WOLFSSL_ATECC508A */ @@ -754,6 +793,10 @@ int sp_dsp_ecc_verify_256(remote_handle64 handle, const byte* hash, word32 hashL mp_int* pY, mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap); #endif +#ifdef WC_ECC_NONBLOCK + WOLFSSL_API int wc_ecc_set_nonblock(ecc_key *key, ecc_nb_ctx_t* ctx); +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libwolfssl/wolfcrypt/error-crypt.h b/source/libwolfssl/wolfcrypt/error-crypt.h index ab6fc97f..5b226bd1 100644 --- a/source/libwolfssl/wolfcrypt/error-crypt.h +++ b/source/libwolfssl/wolfcrypt/error-crypt.h @@ -22,6 +22,11 @@ /*! \file wolfssl/wolfcrypt/error-crypt.h */ +/* +DESCRIPTION +This library defines error codes and contians routines for setting and examining +the error status. +*/ #ifndef WOLF_CRYPT_ERROR_H #define WOLF_CRYPT_ERROR_H @@ -227,10 +232,10 @@ enum { CRYPTOCB_UNAVAILABLE= -271, /* Crypto callback unavailable */ PKCS7_SIGNEEDS_CHECK= -272, /* signature needs verified by caller */ PSS_SALTLEN_RECOVER_E=-273, /* PSS slat length not recoverable */ + CHACHA_POLY_OVERFLOW =-274, /* ChaCha20Poly1305 limit overflow */ + ASN_SELF_SIGNED_E = -275, /* ASN self-signed certificate error */ - ASN_SELF_SIGNED_E = -274, /* ASN self-signed certificate error */ - - WC_LAST_E = -274, /* Update this to indicate last error */ + WC_LAST_E = -275, /* Update this to indicate last error */ MIN_CODE_E = -300 /* errors -101 - -299 */ /* add new companion error id strings for any new error codes diff --git a/source/libwolfssl/wolfcrypt/fe_448.h b/source/libwolfssl/wolfcrypt/fe_448.h index 19f6c907..d93229be 100644 --- a/source/libwolfssl/wolfcrypt/fe_448.h +++ b/source/libwolfssl/wolfcrypt/fe_448.h @@ -40,7 +40,7 @@ #endif /* default to be faster but take more memory */ -#if !defined(CURVE448_SMALL) || !defined(ED448_SMALL) +#if !defined(CURVE448_SMALL) && !defined(ED448_SMALL) #if defined(CURVED448_128BIT) typedef int64_t fe448; diff --git a/source/libwolfssl/wolfcrypt/fe_operations.h b/source/libwolfssl/wolfcrypt/fe_operations.h index 243b3b90..e83e35d3 100644 --- a/source/libwolfssl/wolfcrypt/fe_operations.h +++ b/source/libwolfssl/wolfcrypt/fe_operations.h @@ -79,7 +79,7 @@ Bounds on each t[i] vary depending on context. #if !defined(FREESCALE_LTC_ECC) WOLFSSL_LOCAL void fe_init(void); -WOLFSSL_LOCAL int curve25519(byte * q, byte * n, byte * p); +WOLFSSL_LOCAL int curve25519(byte * q, const byte * n, const byte * p); #endif /* default to be faster but take more memory */ diff --git a/source/libwolfssl/wolfcrypt/hmac.h b/source/libwolfssl/wolfcrypt/hmac.h index 5f66ee68..09095d40 100644 --- a/source/libwolfssl/wolfcrypt/hmac.h +++ b/source/libwolfssl/wolfcrypt/hmac.h @@ -131,11 +131,11 @@ typedef union { #ifdef WOLFSSL_SHA3 wc_Sha3 sha3; #endif -} Hash; +} wc_Hmac_Hash; /* Hmac digest */ struct Hmac { - Hash hash; + wc_Hmac_Hash hash; word32 ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/ word32 opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; word32 innerHash[WC_MAX_DIGEST_SIZE / sizeof(word32)]; diff --git a/source/libwolfssl/wolfcrypt/integer.h b/source/libwolfssl/wolfcrypt/integer.h index 2bb80b44..fb2c0ea3 100644 --- a/source/libwolfssl/wolfcrypt/integer.h +++ b/source/libwolfssl/wolfcrypt/integer.h @@ -318,6 +318,7 @@ MP_API int mp_is_bit_set (mp_int * a, mp_digit b); MP_API int mp_mod (mp_int * a, mp_int * b, mp_int * c); MP_API int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d); MP_API int mp_div_2(mp_int * a, mp_int * b); +MP_API int mp_div_2_mod_ct (mp_int* a, mp_int* b, mp_int* c); MP_API int mp_add (mp_int * a, mp_int * b, mp_int * c); int s_mp_add (mp_int * a, mp_int * b, mp_int * c); int s_mp_sub (mp_int * a, mp_int * b, mp_int * c); @@ -332,6 +333,7 @@ MP_API int mp_exptmod_base_2 (mp_int * X, mp_int * P, mp_int * Y); MP_API int mp_montgomery_setup (mp_int * n, mp_digit * rho); int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho); MP_API int mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho); +#define mp_montgomery_reduce_ex(x, n, rho, ct) mp_montgomery_reduce (x, n, rho) MP_API void mp_dr_setup(mp_int *a, mp_digit *d); MP_API int mp_dr_reduce (mp_int * x, mp_int * n, mp_digit k); MP_API int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d); @@ -355,6 +357,8 @@ MP_API int mp_sqr (mp_int * a, mp_int * b); MP_API int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d); MP_API int mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d); MP_API int mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d); +MP_API int mp_submod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d); +MP_API int mp_addmod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d); MP_API int mp_mul_d (mp_int * a, mp_digit b, mp_int * c); MP_API int mp_2expt (mp_int * a, int b); MP_API int mp_set_bit (mp_int * a, int b); diff --git a/source/libwolfssl/wolfcrypt/memory.h b/source/libwolfssl/wolfcrypt/memory.h index 8ffeb9d2..07fb0bec 100644 --- a/source/libwolfssl/wolfcrypt/memory.h +++ b/source/libwolfssl/wolfcrypt/memory.h @@ -110,7 +110,11 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*, #elif defined (OPENSSL_EXTRA) /* extra storage in structs for multiple attributes and order */ #ifndef LARGEST_MEM_BUCKET - #define LARGEST_MEM_BUCKET 25600 + #ifdef WOLFSSL_TLS13 + #define LARGEST_MEM_BUCKET 30400 + #else + #define LARGEST_MEM_BUCKET 25600 + #endif #endif #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3360,4480,\ LARGEST_MEM_BUCKET diff --git a/source/libwolfssl/wolfcrypt/misc.h b/source/libwolfssl/wolfcrypt/misc.h index 6bca8e99..1521d5c2 100644 --- a/source/libwolfssl/wolfcrypt/misc.h +++ b/source/libwolfssl/wolfcrypt/misc.h @@ -18,9 +18,13 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* +DESCRIPTION +This module implements the arithmetic-shift right, left, byte swapping, XOR, +masking and clearing memory logic. - +*/ #ifndef WOLF_CRYPT_MISC_H #define WOLF_CRYPT_MISC_H diff --git a/source/libwolfssl/wolfcrypt/pkcs11.h b/source/libwolfssl/wolfcrypt/pkcs11.h index 93e1af18..bf1cb1ec 100644 --- a/source/libwolfssl/wolfcrypt/pkcs11.h +++ b/source/libwolfssl/wolfcrypt/pkcs11.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or + * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/source/libwolfssl/wolfcrypt/pkcs7.h b/source/libwolfssl/wolfcrypt/pkcs7.h index a9846b84..d1b3f4f6 100644 --- a/source/libwolfssl/wolfcrypt/pkcs7.h +++ b/source/libwolfssl/wolfcrypt/pkcs7.h @@ -154,8 +154,9 @@ enum Pkcs7_Misc { MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ + MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ, #if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION >= 2)) || defined(HAVE_SELFTEST) - /* In the event of fips cert 3389 or CAVP selftest build, these enums are + (HAVE_FIPS_VERSION >= 2)) || (defined(HAVE_SELFTEST) && \ + (!defined(HAVE_SELFTEST_VERSION) || HAVE_SELFTEST_VERSION < 2)) + /* In the event of fips cert 3389 or CAVP selftest v1 build, these enums are * not in aes.h for use with pkcs7 so enumerate it here outside the fips * boundary */ GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */ diff --git a/source/libwolfssl/wolfcrypt/poly1305.h b/source/libwolfssl/wolfcrypt/poly1305.h index 304a0900..7a37b040 100644 --- a/source/libwolfssl/wolfcrypt/poly1305.h +++ b/source/libwolfssl/wolfcrypt/poly1305.h @@ -119,9 +119,12 @@ WOLFSSL_API int wc_Poly1305_EncodeSizes(Poly1305* ctx, word32 aadSz, word32 data WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz, byte* input, word32 sz, byte* tag, word32 tagSz); -void poly1305_block(Poly1305* ctx, const unsigned char *m); +#if defined(__aarch64__ ) && defined(WOLFSSL_ARMASM) void poly1305_blocks(Poly1305* ctx, const unsigned char *m, size_t bytes); +void poly1305_block(Poly1305* ctx, const unsigned char *m); +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libwolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/source/libwolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h index cdb84c13..9ac47c82 100644 --- a/source/libwolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h +++ b/source/libwolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h @@ -35,6 +35,13 @@ extern "C" { #endif +#define TSIP_SESSIONKEY_NONCE_SIZE 8 + +typedef enum { + WOLFSSL_TSIP_NOERROR = 0, + WOLFSSL_TSIP_ILLEGAL_CIPHERSUITE = 0xffffffff, +}wolfssl_tsip_error_number; + typedef enum { tsip_Key_SESSION = 1, tsip_Key_AES128 = 2, @@ -52,6 +59,34 @@ enum { l_TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d, }; +#if defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=109) + +typedef struct +{ + uint8_t *encrypted_provisioning_key; + uint8_t *iv; + uint8_t *encrypted_user_tls_key; + uint32_t encrypted_user_tls_key_type; + tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex; +} tsip_key_data; + +void tsip_inform_user_keys_ex( + byte* provisioning_key, /* key got from DLM server */ + byte* iv, /* iv used for public key */ + byte* encrypted_public_key,/*RSA2048 or ECDSAp256 public key*/ + word32 public_key_type); /* 0: RSA-2048 2:ECDSA P-256 */ + +int tsip_generateMasterSecretEx( + byte cipherSuiteFirst, + byte cipherSuite, + const byte* pr, /* pre-master */ + const byte* cr, /* client random */ + const byte* sr, /* server random */ + byte* ms); + + +#elif defined(WOLFSSL_RENESAS_TSIP_TLS) && (WOLFSSL_RENESAS_TSIP_VER >=106) + typedef struct { uint8_t *encrypted_session_key; @@ -60,45 +95,81 @@ typedef struct tsip_tls_ca_certification_public_key_index_t user_rsa2048_tls_pubindex; } tsip_key_data; -struct WOLFSSL; - -int tsip_Open( ); -void tsip_Close( ); -int tsip_hw_lock(); -void tsip_hw_unlock( void ); -int tsip_usable(const struct WOLFSSL *ssl); -void tsip_inform_sflash_signedcacert(const byte *ps_flash, - const byte *psigned_ca_cert, word32 len); -void tsip_inform_cert_sign(const byte *sign); -/* set / get key */ void tsip_inform_user_keys(byte *encrypted_session_key, byte *iv, byte *encrypted_user_tls_key); - -byte tsip_rootCAverified( ); -byte tsip_checkCA(word32 cmIdx); -int tsip_tls_RootCertVerify(const byte *cert , word32 cert_len, - word32 key_n_start, word32 key_n_len, - word32 key_e_start, word32 key_e_len, - word32 cm_row); -int tsip_tls_CertVerify(const byte *cert, word32 certSz, - const byte *signature, word32 sigSz, - word32 key_n_start, word32 key_n_len, - word32 key_e_start, word32 key_e_len, - byte *tsip_encRsaKeyIdx); -void tsip_inform_key_position(const word32 key_n_start, const word32 key_n_len, - const word32 key_e_start, const word32 key_e_len); -int tsip_generatePremasterSecret(byte *premaster, word32 preSz); -int tsip_generateEncryptPreMasterSecret(struct WOLFSSL *ssl, byte *out, - word32 *outSz); int tsip_generateMasterSecret(const byte *pre, const byte *cr,const byte *sr, byte *ms); -int tsip_generateSeesionKey(struct WOLFSSL *ssl); -int tsip_Sha256Hmac(const struct WOLFSSL *ssl, const byte *myInner, - word32 innerSz, const byte *in, word32 sz, byte *digest, - word32 verify); -int tsip_Sha1Hmac(const struct WOLFSSL *ssl, const byte *myInner, - word32 innerSz, const byte *in, word32 sz, byte *digest, - word32 verify); +#endif + +struct WOLFSSL; + +int tsip_Open(); + +void tsip_Close(); + +int tsip_hw_lock(); + +void tsip_hw_unlock( void ); + +int tsip_usable(const struct WOLFSSL *ssl); + +void tsip_inform_sflash_signedcacert( + const byte* ps_flash, + const byte* psigned_ca_cert, + word32 len); +void tsip_inform_cert_sign(const byte *sign); + +byte tsip_rootCAverified(); + +byte tsip_checkCA(word32 cmIdx); + +int tsip_tls_RootCertVerify( + const byte* cert, word32 cert_len, + word32 key_n_start, word32 key_n_len, + word32 key_e_start, word32 key_e_len, + word32 cm_row); + +int tsip_tls_CertVerify( + const byte* cert, word32 certSz, + const byte* signature, word32 sigSz, + word32 key_n_start, word32 key_n_len, + word32 key_e_start, word32 key_e_len, + byte* tsip_encRsaKeyIdx); + +void tsip_inform_key_position( + const word32 key_n_start, + const word32 key_n_len, + const word32 key_e_start, + const word32 key_e_len); + +int tsip_generatePremasterSecret( + byte* premaster, + word32 preSz); + +int tsip_generateEncryptPreMasterSecret( + struct WOLFSSL* ssl, + byte* out, + word32* outSz); + +int tsip_generateSeesionKey(struct WOLFSSL *ssl); + +int tsip_Sha256Hmac( + const struct WOLFSSL *ssl, + const byte* myInner, + word32 innerSz, + const byte* in, + word32 sz, + byte* digest, + word32 verify); + +int tsip_Sha1Hmac( + const struct WOLFSSL *ssl, + const byte* myInner, + word32 innerSz, + const byte* in, + word32 sz, + byte* digest, + word32 verify); #if (!defined(NO_SHA) || !defined(NO_SHA256)) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) @@ -128,10 +199,10 @@ typedef wolfssl_TSIP_Hash wc_Sha; #endif /* NO_SHA */ #if defined(WOLFSSL_RENESAS_TSIP_TLS_AES_CRYPT) -typedef struct { - tsip_aes_key_index_t tsip_keyIdx; - word32 keySize; -} TSIP_AES_CTX; + typedef struct { + tsip_aes_key_index_t tsip_keyIdx; + word32 keySize; + } TSIP_AES_CTX; struct Aes; int wc_tsip_AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, diff --git a/source/libwolfssl/wolfcrypt/port/atmel/atmel.h b/source/libwolfssl/wolfcrypt/port/atmel/atmel.h index 6f3e3d50..273e1db8 100644 --- a/source/libwolfssl/wolfcrypt/port/atmel/atmel.h +++ b/source/libwolfssl/wolfcrypt/port/atmel/atmel.h @@ -27,14 +27,15 @@ #include #include -#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC_PKCB) +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ + defined(WOLFSSL_ATECC_PKCB) #undef SHA_BLOCK_SIZE #define SHA_BLOCK_SIZE SHA_BLOCK_SIZE_REMAP #include #undef SHA_BLOCK_SIZE #endif -/* ATECC508A only supports ECC P-256 */ +/* ATECC508A/608A only supports ECC P-256 */ #define ATECC_KEY_SIZE (32) #define ATECC_PUBKEY_SIZE (ATECC_KEY_SIZE*2) /* X and Y */ #define ATECC_SIG_SIZE (ATECC_KEY_SIZE*2) /* R and S */ @@ -53,11 +54,19 @@ #endif /* Symmetric encryption key */ #ifndef ATECC_SLOT_I2C_ENC -#define ATECC_SLOT_I2C_ENC (0x04) + #ifdef WOLFSSL_ATECC_TNGTLS + #define ATECC_SLOT_I2C_ENC (0x06) + #else + #define ATECC_SLOT_I2C_ENC (0x04) + #endif #endif /* Parent encryption key */ #ifndef ATECC_SLOT_ENC_PARENT -#define ATECC_SLOT_ENC_PARENT (0x7) + #ifdef WOLFSSL_ATECC_TNGTLS + #define ATECC_SLOT_ENC_PARENT (0x6) + #else + #define ATECC_SLOT_ENC_PARENT (0x7) + #endif #endif /* ATECC_KEY_SIZE required for ecc.h */ @@ -78,7 +87,7 @@ int atmel_get_random_number(uint32_t count, uint8_t* rand_out); #endif long atmel_get_curr_time_and_date(long* tm); -#ifdef WOLFSSL_ATECC508A +#if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) enum atmelSlotType { ATMEL_SLOT_ANY, @@ -100,6 +109,8 @@ int atmel_ecc_translate_err(int status); int atmel_get_rev_info(word32* revision); void atmel_show_rev_info(void); +WOLFSSL_API int wolfCrypt_ATECC_SetConfig(ATCAIfaceCfg* cfg); + /* The macro ATECC_GET_ENC_KEY can be set to override the default encryption key with your own at build-time */ #ifndef ATECC_GET_ENC_KEY diff --git a/source/libwolfssl/wolfcrypt/port/cypress/psoc6_crypto.h b/source/libwolfssl/wolfcrypt/port/cypress/psoc6_crypto.h new file mode 100644 index 00000000..0c7be377 --- /dev/null +++ b/source/libwolfssl/wolfcrypt/port/cypress/psoc6_crypto.h @@ -0,0 +1,74 @@ +/* psoc6_crypto.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _PSOC6_CRYPTO_PORT_H_ +#define _PSOC6_CRYPTO_PORT_H_ + +#include +#ifdef USE_FAST_MATH + #include +#elif defined WOLFSSL_SP_MATH + #include +#else + #include +#endif +#include "cy_crypto_core_sha.h" +#include "cy_device_headers.h" +#include "psoc6_02_config.h" +#include "cy_crypto_common.h" +#include "cy_crypto_core.h" + +#ifdef WOLFSSL_SHA512 +typedef struct wc_Sha512 { + cy_stc_crypto_sha_state_t hash_state; + cy_en_crypto_sha_mode_t sha_mode; + cy_stc_crypto_v2_sha512_buffers_t sha_buffers; +} wc_Sha512; + +#define WC_SHA512_TYPE_DEFINED +#include +#endif + +#ifndef NO_SHA256 + +typedef struct wc_Sha256 { + cy_stc_crypto_sha_state_t hash_state; + cy_en_crypto_sha_mode_t sha_mode; + cy_stc_crypto_v2_sha256_buffers_t sha_buffers; +} wc_Sha256; + +#include +#include +#endif /* !def NO_SHA256 */ + + +#ifdef HAVE_ECC +#include +int psoc6_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, + word32 hashlen, int* verif_res, ecc_key* key); +#endif /* HAVE_ECC */ + +#define PSOC6_CRYPTO_BASE ((CRYPTO_Type*) CRYPTO_BASE) + +/* Crypto HW engine initialization */ +int psoc6_crypto_port_init(void); + +#endif /* _PSOC6_CRYPTO_PORT_H_ */ diff --git a/source/libwolfssl/wolfcrypt/port/nxp/ksdk_port.h b/source/libwolfssl/wolfcrypt/port/nxp/ksdk_port.h index 3612bda8..20dc8148 100644 --- a/source/libwolfssl/wolfcrypt/port/nxp/ksdk_port.h +++ b/source/libwolfssl/wolfcrypt/port/nxp/ksdk_port.h @@ -65,8 +65,8 @@ int ksdk_port_init(void); int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m); #ifdef HAVE_CURVE25519 - int wc_curve25519(ECPoint *q, byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type); - const ECPoint *wc_curve25519_GetBasePoint(void); + int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type); + const ECPoint *nxp_ltc_curve25519_GetBasePoint(void); status_t LTC_PKHA_Curve25519ToWeierstrass(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); status_t LTC_PKHA_WeierstrassToCurve25519(const ltc_pkha_ecc_point_t *ltcPointIn, ltc_pkha_ecc_point_t *ltcPointOut); status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint); diff --git a/source/libwolfssl/wolfcrypt/port/st/stm32.h b/source/libwolfssl/wolfcrypt/port/st/stm32.h index 655fe75a..f45d3e8b 100644 --- a/source/libwolfssl/wolfcrypt/port/st/stm32.h +++ b/source/libwolfssl/wolfcrypt/port/st/stm32.h @@ -28,11 +28,6 @@ #include #include -#if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC) - #include - #include -#endif - #ifdef STM32_HASH #define WOLFSSL_NO_HASH_RAW @@ -54,6 +49,9 @@ #if !defined(HASH_DATATYPE_8B) && defined(HASH_DataType_8b) #define HASH_DATATYPE_8B HASH_DataType_8b #endif +#ifndef HASH_STR_NBW + #define HASH_STR_NBW HASH_STR_NBLW +#endif #ifndef STM32_HASH_TIMEOUT #define STM32_HASH_TIMEOUT 0xFFFF @@ -93,19 +91,30 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #ifndef NO_AES #if !defined(STM32_CRYPTO_AES_GCM) && (defined(WOLFSSL_STM32F4) || \ - defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4)) + defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L4) || \ + defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7)) /* Hardware supports AES GCM acceleration */ #define STM32_CRYPTO_AES_GCM #endif - #ifdef WOLFSSL_STM32L4 + #if defined(WOLFSSL_STM32WB) #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */ + #define CRYP AES1 + #define STM32_HAL_V2 + #endif + #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) + #ifdef WOLFSSL_STM32L4 + #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */ + #endif #define CRYP AES + #ifndef CRYP_AES_GCM + #define CRYP_AES_GCM CRYP_AES_GCM_GMAC + #endif #endif /* Detect newer CubeMX crypto HAL (HAL_CRYP_Encrypt / HAL_CRYP_Decrypt) */ - #if !defined(STM32_HAL_V2) && \ - defined(WOLFSSL_STM32F7) && defined(CRYP_AES_GCM) + #if !defined(STM32_HAL_V2) && defined(CRYP_AES_GCM) && \ + (defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7)) #define STM32_HAL_V2 #endif @@ -122,7 +131,7 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, struct Aes; #ifdef WOLFSSL_STM32_CUBEMX int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_HandleTypeDef* hcryp); - #else /* STD_PERI_LIB */ + #else /* Standard Peripheral Library */ int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_InitTypeDef* cryptInit, CRYP_KeyInitTypeDef* keyInit); #endif /* WOLFSSL_STM32_CUBEMX */ @@ -131,12 +140,25 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #endif /* STM32_CRYPTO */ #if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC) -int stm32_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, - word32 hashlen, int* res, ecc_key* key); - -int stm32_ecc_sign_hash_ex(const byte* hash, word32 hashlen, WC_RNG* rng, - ecc_key* key, mp_int *r, mp_int *s); +#ifdef WOLFSSL_SP_MATH + struct sp_int; + #define MATH_INT_T struct sp_int +#elif defined(USE_FAST_MATH) + struct fp_int; + #define MATH_INT_T struct fp_int +#else + struct mp_int; + #define MATH_INT_T struct mp_int #endif +struct ecc_key; +struct WC_RNG; + +int stm32_ecc_verify_hash_ex(MATH_INT_T *r, MATH_INT_T *s, const byte* hash, + word32 hashlen, int* res, struct ecc_key* key); + +int stm32_ecc_sign_hash_ex(const byte* hash, word32 hashlen, struct WC_RNG* rng, + struct ecc_key* key, MATH_INT_T *r, MATH_INT_T *s); +#endif /* WOLFSSL_STM32_PKA && HAVE_ECC */ #endif /* _WOLFPORT_STM32_H_ */ diff --git a/source/libwolfssl/wolfcrypt/random.h b/source/libwolfssl/wolfcrypt/random.h index 12cbee6b..fb1380b3 100644 --- a/source/libwolfssl/wolfcrypt/random.h +++ b/source/libwolfssl/wolfcrypt/random.h @@ -219,7 +219,7 @@ WOLFSSL_API int wc_FreeRng(WC_RNG*); #define wc_InitRng_ex(rng, h, d) NOT_COMPILED_IN #define wc_InitRngNonce(rng, n, s) NOT_COMPILED_IN #define wc_InitRngNonce_ex(rng, n, s, h, d) NOT_COMPILED_IN -#define wc_RNG_GenerateBlock(rng, b, s) NOT_COMPILED_IN +#define wc_RNG_GenerateBlock(rng, b, s) ({(void)rng; (void)b; (void)s; NOT_COMPILED_IN;}) #define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN #define wc_FreeRng(rng) (void)NOT_COMPILED_IN #endif diff --git a/source/libwolfssl/wolfcrypt/rsa.h b/source/libwolfssl/wolfcrypt/rsa.h index 4a91e158..ea5dafb8 100644 --- a/source/libwolfssl/wolfcrypt/rsa.h +++ b/source/libwolfssl/wolfcrypt/rsa.h @@ -23,7 +23,13 @@ \file wolfssl/wolfcrypt/rsa.h */ +/* +DESCRIPTION +This library provides the interface to the RSA. +RSA keys can be used to encrypt, decrypt, sign and verify data. + +*/ #ifndef WOLF_CRYPT_RSA_H #define WOLF_CRYPT_RSA_H @@ -280,8 +286,9 @@ WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, word32); WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, word32 eSz, RsaKey* key); -WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen); - +#ifdef WOLFSSL_KEY_GEN + WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen); +#endif #ifdef WC_RSA_BLINDING WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng); diff --git a/source/libwolfssl/wolfcrypt/settings.h b/source/libwolfssl/wolfcrypt/settings.h index 3502f016..c7ef0ad1 100644 --- a/source/libwolfssl/wolfcrypt/settings.h +++ b/source/libwolfssl/wolfcrypt/settings.h @@ -62,6 +62,9 @@ /* Uncomment next line if using Microchip TCP/IP stack, version 6 or later */ /* #define MICROCHIP_TCPIP */ +/* Uncomment next line if using above Microchip TCP/IP defines with BSD API */ +/* #define MICROCHIP_TCPIP_BSD_API */ + /* Uncomment next line if using PIC32MZ Crypto Engine */ /* #define WOLFSSL_MICROCHIP_PIC32MZ */ @@ -209,10 +212,16 @@ /* Uncomment next line if using RENESAS RX64N */ /* #define WOLFSSL_RENESAS_RX65N */ +/* Uncomment next line if using Solaris OS*/ +/* #define WOLFSSL_SOLARIS */ + #include #ifdef WOLFSSL_USER_SETTINGS #include "user_settings.h" +#elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H) + /* STM Configuration File (generated by CubeMX) */ + #include "wolfSSL.wolfSSL_conf.h" #endif @@ -292,7 +301,7 @@ #endif #endif -#if defined(WOLFSSL_RENESAS_RA6M3G) +#if defined(WOLFSSL_RENESAS_RA6M3G) || defined(WOLFSSL_RENESAS_RA6M3) /* settings in user_settings.h */ #endif @@ -337,7 +346,9 @@ /* #define WOLFSSL_MICROCHIP_PIC32MZ */ #define SIZEOF_LONG_LONG 8 #define SINGLE_THREADED - #define WOLFSSL_USER_IO + #ifndef MICROCHIP_TCPIP_BSD_API + #define WOLFSSL_USER_IO + #endif #define NO_WRITEV #define NO_DEV_RANDOM #define NO_FILESYSTEM @@ -375,6 +386,16 @@ #endif #endif +#ifdef WOLFSSL_ATECC508A + /* backwards compatibility */ +#ifndef WOLFSSL_ATECC_NO_ECDH_ENC + #define WOLFSSL_ATECC_ECDH_ENC +#endif + #ifdef WOLFSSL_ATECC508A_DEBUG + #define WOLFSSL_ATECC_DEBUG + #endif +#endif + #ifdef MBED #define WOLFSSL_USER_IO #define NO_FILESYSTEM @@ -601,7 +622,6 @@ #ifdef WOLFSSL_NRF5x #define SIZEOF_LONG 4 #define SIZEOF_LONG_LONG 8 - #define NO_ASN_TIME #define NO_DEV_RANDOM #define NO_FILESYSTEM #define NO_MAIN_DRIVER @@ -609,7 +629,6 @@ #define SINGLE_THREADED #define USE_FAST_MATH #define TFM_TIMING_RESISTANT - #define USE_WOLFSSL_MEMORY #define WOLFSSL_NRF51 #define WOLFSSL_USER_IO #define NO_SESSION_CACHE @@ -703,7 +722,7 @@ extern void uITRON4_free(void *p) ; https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */ #if !defined(USE_FAST_MATH) || defined(HAVE_ED25519) || defined(HAVE_ED448) #if defined(WOLFSSL_ESPIDF) - /*In IDF, realloc(p, n) is equivalent to + /*In IDF, realloc(p, n) is equivalent to heap_caps_realloc(p, s, MALLOC_CAP_8BIT) */ #define XREALLOC(p, n, h, t) realloc((p), (n)) #else @@ -900,6 +919,19 @@ extern void uITRON4_free(void *p) ; #define TFM_TIMING_RESISTANT #endif +/* To support storing some of the large constant tables in flash memory rather than SRAM. + Useful for processors that have limited SRAM, such as the AVR family of microtrollers. */ +#ifdef WOLFSSL_USE_FLASHMEM + /* This is supported on the avr-gcc compiler, for more information see: + https://gcc.gnu.org/onlinedocs/gcc/Named-Address-Spaces.html */ + #define FLASH_QUALIFIER __flash + + /* Copy data out of flash memory and into SRAM */ + #define XMEMCPY_P(pdest, psrc, size) memcpy_P((pdest), (psrc), (size)) +#else + #define FLASH_QUALIFIER +#endif + #ifdef FREESCALE_MQX_5_0 /* use normal Freescale MQX port, but with minor changes for 5.0 */ #define FREESCALE_MQX @@ -1187,7 +1219,8 @@ extern void uITRON4_free(void *p) ; #if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \ defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \ - defined(WOLFSSL_STM32L4) + defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ + defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7) #define SIZEOF_LONG_LONG 8 #ifndef CHAR_BIT @@ -1208,7 +1241,8 @@ extern void uITRON4_free(void *p) ; #undef STM32_CRYPTO #define STM32_CRYPTO - #ifdef WOLFSSL_STM32L4 + #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ + defined(WOLFSSL_STM32WB) #define NO_AES_192 /* hardware does not support 192-bit */ #endif #endif @@ -1221,8 +1255,12 @@ extern void uITRON4_free(void *p) ; #endif #define NO_OLD_RNGNAME #ifdef WOLFSSL_STM32_CUBEMX - #if defined(WOLFSSL_STM32F2) + #if defined(WOLFSSL_STM32F1) + #include "stm32f1xx_hal.h" + #elif defined(WOLFSSL_STM32F2) #include "stm32f2xx_hal.h" + #elif defined(WOLFSSL_STM32L5) + #include "stm32l5xx_hal.h" #elif defined(WOLFSSL_STM32L4) #include "stm32l4xx_hal.h" #elif defined(WOLFSSL_STM32F4) @@ -1231,6 +1269,10 @@ extern void uITRON4_free(void *p) ; #include "stm32f7xx_hal.h" #elif defined(WOLFSSL_STM32F1) #include "stm32f1xx_hal.h" + #elif defined(WOLFSSL_STM32H7) + #include "stm32h7xx_hal.h" + #elif defined(WOLFSSL_STM32WB) + #include "stm32wbxx_hal.h" #endif #if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4) #include "stm32l4xx_ll_rng.h" @@ -1256,7 +1298,15 @@ extern void uITRON4_free(void *p) ; #ifdef STM32_HASH #include "stm32f4xx_hash.h" #endif - #elif defined(WOLFSSL_STM32L4) + #elif defined(WOLFSSL_STM32L5) + #include "stm32l5xx.h" + #ifdef STM32_CRYPTO + #include "stm32l5xx_cryp.h" + #endif + #ifdef STM32_HASH + #include "stm32l5xx_hash.h" + #endif + #elif defined(WOLFSSL_STM32L4) #include "stm32l4xx.h" #ifdef STM32_CRYPTO #include "stm32l4xx_cryp.h" @@ -1266,11 +1316,14 @@ extern void uITRON4_free(void *p) ; #endif #elif defined(WOLFSSL_STM32F7) #include "stm32f7xx.h" + #elif defined(WOLFSSL_STM32H7) + #include "stm32h7xx.h" #elif defined(WOLFSSL_STM32F1) #include "stm32f1xx.h" #endif #endif /* WOLFSSL_STM32_CUBEMX */ -#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || WOLFSSL_STM32F7 */ +#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || + WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || WOLFSSL_STM32H7 */ #ifdef WOLFSSL_DEOS #include #include @@ -1400,6 +1453,22 @@ extern void uITRON4_free(void *p) ; #endif #endif /* MICRIUM */ +#if defined(sun) || defined(__sun) +# if defined(__SVR4) || defined(__svr4__) + /* Solaris */ + #ifndef WOLFSSL_SOLARIS + #define WOLFSSL_SOLARIS + #endif +# else + /* SunOS */ +# endif +#endif + +#ifdef WOLFSSL_SOLARIS + /* Avoid naming clash with fp_zero from math.h > ieefp.h */ + #define WOLFSSL_DH_CONST +#endif + #ifdef WOLFSSL_MCF5441X #define BIG_ENDIAN_ORDER #ifndef SIZEOF_LONG @@ -2196,6 +2265,21 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_NO_CONSTCHARCONST #endif +/* FIPS v1 does not support TLS v1.3 (requires RSA PSS and HKDF) */ +#if defined(HAVE_FIPS) && !defined(HAVE_FIPS_VERSION) + #undef WC_RSA_PSS + #undef WOLFSSL_TLS13 +#endif + +/* For FIPSv2 make sure the ECDSA encoding allows extra bytes + * but make sure users consider enabling it */ +#if !defined(NO_STRICT_ECDSA_LEN) && defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + /* ECDSA length checks off by default for CAVP testing + * consider enabling strict checks in production */ + #define NO_STRICT_ECDSA_LEN +#endif + #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libwolfssl/wolfcrypt/sha.h b/source/libwolfssl/wolfcrypt/sha.h index 8e7138c6..428599c1 100644 --- a/source/libwolfssl/wolfcrypt/sha.h +++ b/source/libwolfssl/wolfcrypt/sha.h @@ -101,6 +101,8 @@ enum { #elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" +#elif defined(WOLFSSL_PSOC6_CRYPTO) + #include "wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h" #else /* Sha digest */ diff --git a/source/libwolfssl/wolfcrypt/sha256.h b/source/libwolfssl/wolfcrypt/sha256.h index 1d03bf47..e6964d30 100644 --- a/source/libwolfssl/wolfcrypt/sha256.h +++ b/source/libwolfssl/wolfcrypt/sha256.h @@ -126,6 +126,8 @@ enum { #elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" +#elif defined(WOLFSSL_PSOC6_CRYPTO) + #include "wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h" #else /* wc_Sha256 digest */ @@ -142,6 +144,7 @@ struct wc_Sha256 { word32 loLen; /* length in bytes */ word32 hiLen; /* length in bytes */ void* heap; +#endif #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ #endif @@ -150,7 +153,7 @@ struct wc_Sha256 { #endif /* WOLFSSL_ASYNC_CRYPT */ #ifdef WOLFSSL_SMALL_STACK_CACHE word32* W; -#endif +#endif /* !FREESCALE_LTC_SHA && !STM32_HASH_SHA2 */ #ifdef WOLFSSL_DEVCRYPTO_HASH WC_CRYPTODEV ctx; byte* msg; @@ -168,7 +171,6 @@ struct wc_Sha256 { int devId; void* devCtx; /* generic crypto callback context */ #endif -#endif #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) word32 flags; /* enum wc_HashFlags in hash.h */ #endif diff --git a/source/libwolfssl/wolfcrypt/sha3.h b/source/libwolfssl/wolfcrypt/sha3.h index 8ff7952b..f3287381 100644 --- a/source/libwolfssl/wolfcrypt/sha3.h +++ b/source/libwolfssl/wolfcrypt/sha3.h @@ -58,7 +58,8 @@ enum { WC_SHA3_512_DIGEST_SIZE = 64, WC_SHA3_512_COUNT = 9, -#ifndef HAVE_SELFTEST +#if !defined(HAVE_SELFTEST) || \ + defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION >= 2) /* These values are used for HMAC, not SHA-3 directly. * They come from from FIPS PUB 202. */ WC_SHA3_224_BLOCK_SIZE = 144, diff --git a/source/libwolfssl/wolfcrypt/sha512.h b/source/libwolfssl/wolfcrypt/sha512.h index 475b8f45..e0244508 100644 --- a/source/libwolfssl/wolfcrypt/sha512.h +++ b/source/libwolfssl/wolfcrypt/sha512.h @@ -31,6 +31,7 @@ #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) + #if defined(HAVE_FIPS) && \ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) #include @@ -111,6 +112,8 @@ enum { #ifdef WOLFSSL_IMX6_CAAM #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h" +#elif defined (WOLFSSL_PSOC6_CRYPTO) + #include "wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h" #else /* wc_Sha512 digest */ struct wc_Sha512 { @@ -153,6 +156,7 @@ WOLFSSL_LOCAL void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, #ifdef WOLFSSL_SHA512 + WOLFSSL_API int wc_InitSha512(wc_Sha512*); WOLFSSL_API int wc_InitSha512_ex(wc_Sha512*, void*, int); WOLFSSL_API int wc_Sha512Update(wc_Sha512*, const byte*, word32); diff --git a/source/libwolfssl/wolfcrypt/sp.h b/source/libwolfssl/wolfcrypt/sp.h index 69e5bcc3..83d5c915 100644 --- a/source/libwolfssl/wolfcrypt/sp.h +++ b/source/libwolfssl/wolfcrypt/sp.h @@ -37,7 +37,9 @@ #if defined(_MSC_VER) #define SP_NOINLINE __declspec(noinline) -#elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) || defined(__KEIL__) +#elif defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + #define SP_NOINLINE _Pragma("inline = never") +#elif defined(__GNUC__) || defined(__KEIL__) #define SP_NOINLINE __attribute__((noinline)) #else #define SP_NOINLINE @@ -141,7 +143,18 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ); int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym); -#endif /*ifdef WOLFSSL_HAVE_SP_ECC */ +#ifdef WOLFSSL_SP_NONBLOCK +int sp_ecc_sign_256_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv, + mp_int* rm, mp_int* sm, mp_int* km, void* heap); +int sp_ecc_verify_256_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, mp_int* pX, mp_int* pY, + mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap); +int sp_ecc_sign_384_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, WC_RNG* rng, mp_int* priv, + mp_int* rm, mp_int* sm, mp_int* km, void* heap); +int sp_ecc_verify_384_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, mp_int* pX, mp_int* pY, + mp_int* pZ, mp_int* r, mp_int* sm, int* res, void* heap); +#endif /* WOLFSSL_SP_NONBLOCK */ + +#endif /* WOLFSSL_HAVE_SP_ECC */ #ifdef __cplusplus diff --git a/source/libwolfssl/wolfcrypt/sp_int.h b/source/libwolfssl/wolfcrypt/sp_int.h index a728d9f0..aad52a8c 100644 --- a/source/libwolfssl/wolfcrypt/sp_int.h +++ b/source/libwolfssl/wolfcrypt/sp_int.h @@ -19,7 +19,11 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* +DESCRIPTION +This library provides single precision (SP) integer math functions. +*/ #ifndef WOLF_CRYPT_SP_INT_H #define WOLF_CRYPT_SP_INT_H @@ -60,6 +64,7 @@ typedef int32 sp_digit; typedef uint32 sp_int_digit; typedef uint64 sp_int_word; + typedef int64 sp_int_sword; #undef SP_WORD_SIZE #define SP_WORD_SIZE 32 #elif !defined(WOLFSSL_SP_ASM) @@ -67,6 +72,7 @@ typedef int32_t sp_digit; typedef uint32_t sp_int_digit; typedef uint64_t sp_int_word; + typedef int64_t sp_int_sword; #elif SP_WORD_SIZE == 64 typedef int64_t sp_digit; typedef uint64_t sp_int_digit; @@ -78,6 +84,7 @@ typedef long int128_t __attribute__ ((mode(TI))); #endif typedef uint128_t sp_int_word; + typedef int128_t sp_int_sword; #else #error Word size not defined #endif @@ -86,6 +93,7 @@ typedef uint32_t sp_digit; typedef uint32_t sp_int_digit; typedef uint64_t sp_int_word; + typedef int64_t sp_int_sword; #elif SP_WORD_SIZE == 64 typedef uint64_t sp_digit; typedef uint64_t sp_int_digit; @@ -97,6 +105,7 @@ typedef long int128_t __attribute__ ((mode(TI))); #endif typedef uint128_t sp_int_word; + typedef int128_t sp_int_sword; #else #error Word size not defined #endif @@ -104,6 +113,17 @@ #define SP_MASK (sp_digit)(-1) + +#if defined(WOLFSSL_HAVE_SP_ECC) && defined(WOLFSSL_SP_NONBLOCK) +typedef struct sp_ecc_ctx { + #ifdef WOLFSSL_SP_384 + byte data[48*80]; /* stack data */ + #else + byte data[32*80]; /* stack data */ + #endif +} sp_ecc_ctx_t; +#endif + #ifdef WOLFSSL_SP_MATH #include @@ -169,9 +189,10 @@ typedef sp_int_digit mp_digit; MP_API int sp_init(sp_int* a); MP_API int sp_init_multi(sp_int* a, sp_int* b, sp_int* c, sp_int* d, sp_int* e, sp_int* f); +MP_API void sp_free(sp_int* a); MP_API void sp_clear(sp_int* a); MP_API int sp_unsigned_bin_size(sp_int* a); -MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, int inSz); +MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz); MP_API int sp_read_radix(sp_int* a, const char* in, int radix); MP_API int sp_cmp(sp_int* a, sp_int* b); MP_API int sp_count_bits(sp_int* a); @@ -211,7 +232,6 @@ MP_API void sp_rshb(sp_int* a, int n, sp_int* r); MP_API int sp_mul_d(sp_int* a, sp_int_digit n, sp_int* r); -#define MP_OKAY 0 #define MP_NO 0 #define MP_YES 1 @@ -221,15 +241,17 @@ MP_API int sp_mul_d(sp_int* a, sp_int_digit n, sp_int* r); #define MP_EQ 0 #define MP_LT -1 +#define MP_OKAY 0 #define MP_MEM -2 #define MP_VAL -3 +#define FP_WOULDBLOCK -4 #define DIGIT_BIT SP_WORD_SIZE #define MP_MASK SP_MASK #define CheckFastMathSettings() 1 -#define mp_free(a) +#define mp_free sp_free #define mp_isodd sp_isodd #define mp_iseven sp_iseven diff --git a/source/libwolfssl/wolfcrypt/tfm.h b/source/libwolfssl/wolfcrypt/tfm.h index f7b390a4..10af218a 100644 --- a/source/libwolfssl/wolfcrypt/tfm.h +++ b/source/libwolfssl/wolfcrypt/tfm.h @@ -432,7 +432,7 @@ MP_API void fp_free(fp_int* a); /* set to a small digit */ void fp_set(fp_int *a, fp_digit b); -void fp_set_int(fp_int *a, unsigned long b); +int fp_set_int(fp_int *a, unsigned long b); /* check if a bit is set */ int fp_is_bit_set(fp_int *a, fp_digit b); @@ -459,7 +459,7 @@ void fp_rshd(fp_int *a, int x); void fp_rshb(fp_int *a, int x); /* left shift x digits */ -void fp_lshd(fp_int *a, int x); +int fp_lshd(fp_int *a, int x); /* signed comparison */ int fp_cmp(fp_int *a, fp_int *b); @@ -470,19 +470,22 @@ int fp_cmp_mag(fp_int *a, fp_int *b); /* power of 2 operations */ void fp_div_2d(fp_int *a, int b, fp_int *c, fp_int *d); void fp_mod_2d(fp_int *a, int b, fp_int *c); -void fp_mul_2d(fp_int *a, int b, fp_int *c); +int fp_mul_2d(fp_int *a, int b, fp_int *c); void fp_2expt (fp_int *a, int b); -void fp_mul_2(fp_int *a, fp_int *c); +int fp_mul_2(fp_int *a, fp_int *c); void fp_div_2(fp_int *a, fp_int *c); +/* c = a / 2 (mod b) - constant time (a < b and positive) */ +int fp_div_2_mod_ct(fp_int *a, fp_int *b, fp_int *c); + /* Counts the number of lsbs which are zero before the first zero bit */ int fp_cnt_lsb(fp_int *a); /* c = a + b */ -void fp_add(fp_int *a, fp_int *b, fp_int *c); +int fp_add(fp_int *a, fp_int *b, fp_int *c); /* c = a - b */ -void fp_sub(fp_int *a, fp_int *b, fp_int *c); +int fp_sub(fp_int *a, fp_int *b, fp_int *c); /* c = a * b */ int fp_mul(fp_int *a, fp_int *b, fp_int *c); @@ -500,13 +503,13 @@ int fp_mod(fp_int *a, fp_int *b, fp_int *c); int fp_cmp_d(fp_int *a, fp_digit b); /* c = a + b */ -void fp_add_d(fp_int *a, fp_digit b, fp_int *c); +int fp_add_d(fp_int *a, fp_digit b, fp_int *c); /* c = a - b */ int fp_sub_d(fp_int *a, fp_digit b, fp_int *c); /* c = a * b */ -void fp_mul_d(fp_int *a, fp_digit b, fp_int *c); +int fp_mul_d(fp_int *a, fp_digit b, fp_int *c); /* a/b => cb + d == a */ /*int fp_div_d(fp_int *a, fp_digit b, fp_int *c, fp_digit *d);*/ @@ -530,6 +533,12 @@ int fp_submod(fp_int *a, fp_int *b, fp_int *c, fp_int *d); /* d = a + b (mod c) */ int fp_addmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d); +/* d = a - b (mod c) - constant time (a < c and b < c) */ +int fp_submod_ct(fp_int *a, fp_int *b, fp_int *c, fp_int *d); + +/* d = a + b (mod c) - constant time (a < c and b < c) */ +int fp_addmod_ct(fp_int *a, fp_int *b, fp_int *c, fp_int *d); + /* c = a * a (mod b) */ int fp_sqrmod(fp_int *a, fp_int *b, fp_int *c); @@ -549,10 +558,11 @@ int fp_montgomery_setup(fp_int *a, fp_digit *mp); /* computes a = B**n mod b without division or multiplication useful for * normalizing numbers in a Montgomery system. */ -void fp_montgomery_calc_normalization(fp_int *a, fp_int *b); +int fp_montgomery_calc_normalization(fp_int *a, fp_int *b); /* computes x/R == x (mod N) via Montgomery Reduction */ int fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp); +int fp_montgomery_reduce_ex(fp_int *a, fp_int *m, fp_digit mp, int ct); /* d = a**b (mod c) */ int fp_exptmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d); @@ -637,7 +647,7 @@ int fp_count_bits(fp_int *a); int fp_leading_bit(fp_int *a); int fp_unsigned_bin_size(fp_int *a); -void fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c); +int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c); int fp_to_unsigned_bin(fp_int *a, unsigned char *b); int fp_to_unsigned_bin_len(fp_int *a, unsigned char *b, int c); int fp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b); @@ -652,7 +662,7 @@ int fp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b); /* VARIOUS LOW LEVEL STUFFS */ -void s_fp_add(fp_int *a, fp_int *b, fp_int *c); +int s_fp_add(fp_int *a, fp_int *b, fp_int *c); void s_fp_sub(fp_int *a, fp_int *b, fp_int *c); void fp_reverse(unsigned char *s, int len); @@ -728,6 +738,7 @@ int fp_sqr_comba64(fp_int *a, fp_int *b); #define mp_tohex(M, S) mp_toradix((M), (S), MP_RADIX_HEX) MP_API int mp_init (mp_int * a); +MP_API int mp_init_copy(fp_int * a, fp_int * b); MP_API void mp_clear (mp_int * a); MP_API void mp_free (mp_int * a); MP_API void mp_forcezero (mp_int * a); @@ -743,6 +754,8 @@ MP_API int mp_mul_d (mp_int * a, mp_digit b, mp_int * c); MP_API int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d); MP_API int mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d); MP_API int mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d); +MP_API int mp_submod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d); +MP_API int mp_addmod_ct (mp_int* a, mp_int* b, mp_int* c, mp_int* d); MP_API int mp_mod(mp_int *a, mp_int *b, mp_int *c); MP_API int mp_invmod(mp_int *a, mp_int *b, mp_int *c); MP_API int mp_invmod_mont_ct(mp_int *a, mp_int *b, mp_int *c, fp_digit mp); @@ -791,9 +804,11 @@ MP_API int mp_radix_size (mp_int * a, int radix, int *size); #ifdef HAVE_ECC MP_API int mp_sqr(fp_int *a, fp_int *b); MP_API int mp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp); + MP_API int mp_montgomery_reduce_ex(fp_int *a, fp_int *m, fp_digit mp, + int ct); MP_API int mp_montgomery_setup(fp_int *a, fp_digit *rho); MP_API int mp_div_2(fp_int * a, fp_int * b); - MP_API int mp_init_copy(fp_int * a, fp_int * b); + MP_API int mp_div_2_mod_ct(mp_int *a, mp_int *b, mp_int *c); #endif #if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DSA) || \ diff --git a/source/libwolfssl/wolfcrypt/types.h b/source/libwolfssl/wolfcrypt/types.h index 7d45cccb..70d45aa0 100644 --- a/source/libwolfssl/wolfcrypt/types.h +++ b/source/libwolfssl/wolfcrypt/types.h @@ -22,7 +22,12 @@ /*! \file wolfssl/wolfcrypt/types.h */ +/* +DESCRIPTION +This library defines the primitive data types and abstraction macros to +decouple library dependencies with standard string, memory and so on. +*/ #ifndef WOLF_CRYPT_TYPES_H #define WOLF_CRYPT_TYPES_H @@ -342,9 +347,9 @@ #else /* just use plain C stdlib stuff if desired */ #include - #define XMALLOC(s, h, t) malloc((s)) + #define XMALLOC(s, h, t) malloc((size_t)(s)) #define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));} - #define XREALLOC(p, n, h, t) realloc((p), (n)) + #define XREALLOC(p, n, h, t) realloc((p), (size_t)(n)) #endif #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \ && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \ diff --git a/source/libwolfssl/wolfcrypt/wc_encrypt.h b/source/libwolfssl/wolfcrypt/wc_encrypt.h index 2c8cdda1..5f1524f7 100644 --- a/source/libwolfssl/wolfcrypt/wc_encrypt.h +++ b/source/libwolfssl/wolfcrypt/wc_encrypt.h @@ -28,24 +28,33 @@ #define WOLF_CRYPT_ENCRYPT_H #include -#include -#include -#include -#include +#ifndef NO_AES + #include +#endif +#ifdef HAVE_CHACHA + #include +#endif +#ifndef NO_DES3 + #include +#endif +#ifndef NO_RC4 + #include +#endif #ifdef __cplusplus extern "C" { #endif -/* determine max cipher key size */ +/* determine max cipher key size - cannot use enum values here, must be define, + * since WC_MAX_SYM_KEY_SIZE is used in if macro logic. */ #ifndef NO_AES #define WC_MAX_SYM_KEY_SIZE (AES_MAX_KEY_SIZE/8) #elif defined(HAVE_CHACHA) - #define WC_MAX_SYM_KEY_SIZE CHACHA_MAX_KEY_SZ + #define WC_MAX_SYM_KEY_SIZE 32 /* CHACHA_MAX_KEY_SZ */ #elif !defined(NO_DES3) - #define WC_MAX_SYM_KEY_SIZE DES3_KEY_SIZE + #define WC_MAX_SYM_KEY_SIZE 24 /* DES3_KEY_SIZE */ #elif !defined(NO_RC4) - #define WC_MAX_SYM_KEY_SIZE RC4_KEY_SIZE + #define WC_MAX_SYM_KEY_SIZE 16 /* RC4_KEY_SIZE */ #else #define WC_MAX_SYM_KEY_SIZE 32 #endif diff --git a/source/libwolfssl/wolfcrypt/wc_pkcs11.h b/source/libwolfssl/wolfcrypt/wc_pkcs11.h index fc147d9f..7c4066f3 100644 --- a/source/libwolfssl/wolfcrypt/wc_pkcs11.h +++ b/source/libwolfssl/wolfcrypt/wc_pkcs11.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or + * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/source/libwolfssl/wolfcrypt/wc_port.h b/source/libwolfssl/wolfcrypt/wc_port.h index 66bdb80d..979b37dd 100644 --- a/source/libwolfssl/wolfcrypt/wc_port.h +++ b/source/libwolfssl/wolfcrypt/wc_port.h @@ -156,8 +156,10 @@ #else #ifndef SINGLE_THREADED - #define WOLFSSL_PTHREADS - #include + #ifndef WOLFSSL_USER_MUTEX + #define WOLFSSL_PTHREADS + #include + #endif #endif #if (defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)) && \ !defined(NO_FILESYSTEM) @@ -238,6 +240,8 @@ typedef struct k_mutex wolfSSL_Mutex; #elif defined(WOLFSSL_TELIT_M2MB) typedef M2MB_OS_MTX_HANDLE wolfSSL_Mutex; + #elif defined(WOLFSSL_USER_MUTEX) + /* typedef User_Mutex wolfSSL_Mutex; */ #else #error Need a mutex type in multithreaded mode #endif /* USE_WINDOWS_API */ @@ -245,7 +249,7 @@ /* Enable crypt HW mutex for Freescale MMCAU, PIC32MZ or STM32 */ #if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) || \ - defined(STM32_CRYPTO) + defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG) #ifndef WOLFSSL_CRYPT_HW_MUTEX #define WOLFSSL_CRYPT_HW_MUTEX 1 #endif @@ -451,6 +455,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define MAX_PATH 256 #endif + WOLFSSL_LOCAL int wc_FileLoad(const char* fname, unsigned char** buf, + size_t* bufLen, void* heap); + #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_NUCLEUS) && \ !defined(WOLFSSL_NUCLEUS_1_2) typedef struct ReadDirCtx { @@ -553,6 +560,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #elif defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP) #include + extern time_t pic32_time(time_t* timer); #define XTIME(t1) pic32_time((t1)) #define XGMTIME(c, t) gmtime((c)) @@ -683,7 +691,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #endif #if !defined(XVALIDATE_DATE) && !defined(HAVE_VALIDATE_DATE) #define USE_WOLF_VALIDDATE - #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t)) + #define XVALIDATE_DATE(d, f, t) wc_ValidateDate((d), (f), (t)) #endif /* wolf struct tm and time_t */ diff --git a/source/libwolfssl/wolfcrypt/wolfmath.h b/source/libwolfssl/wolfcrypt/wolfmath.h index 43b73c44..3d9830a1 100644 --- a/source/libwolfssl/wolfcrypt/wolfmath.h +++ b/source/libwolfssl/wolfcrypt/wolfmath.h @@ -19,6 +19,11 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* +DESCRIPTION +This library provides big integer math functions. + +*/ #ifndef __WOLFMATH_H__ #define __WOLFMATH_H__ diff --git a/source/libwolfssl/wolfio.h b/source/libwolfssl/wolfio.h index a8c42f29..587e56dc 100644 --- a/source/libwolfssl/wolfio.h +++ b/source/libwolfssl/wolfio.h @@ -126,6 +126,8 @@ #include #elif defined(WOLFSSL_ZEPHYR) #include + #elif defined(MICROCHIP_PIC32) + #include #elif defined(HAVE_NETX) #include "nx_api.h" #include "errno.h" @@ -147,7 +149,6 @@ && !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED) \ && !defined(WOLFSSL_GNRC) && !defined(WOLFSSL_RIOT_OS) #include - //#include //#include //#include //#include @@ -159,7 +160,7 @@ #endif #endif - #if defined(WOLFSSL_RENESAS_RA6M3G) /* Uses FREERTOS_TCP */ + #if defined(WOLFSSL_RENESAS_RA6M3G) || defined(WOLFSSL_RENESAS_RA6M3) /* Uses FREERTOS_TCP */ #include #endif diff --git a/source/menu/menu.cpp b/source/menu/menu.cpp index 5dcc6753..66a537df 100644 --- a/source/menu/menu.cpp +++ b/source/menu/menu.cpp @@ -25,6 +25,7 @@ #include "music/SoundHandler.hpp" #include "network/gcard.h" #include "unzip/U8Archive.h" +#include "network/proxysettings.h" // Sounds extern const u8 click_wav[]; @@ -172,6 +173,16 @@ bool CMenu::init(bool usb_mounted) /* Init Network if wanted for gamercard if it isn't already inited */ if(has_enabled_providers()) _initAsyncNetwork(); + /* Set the proxy settings */ + proxyUseSystem = m_cfg.getBool("PROXY", "proxy_use_system", true); + memset(proxyAddress, 0, sizeof(proxyAddress)); + strncpy(proxyAddress, m_cfg.getString("PROXY", "proxy_address", "").c_str(), sizeof(proxyAddress) - 1); + proxyPort = m_cfg.getInt("PROXY", "proxy_port", 0); + memset(proxyUsername, 0, sizeof(proxyUsername)); + strncpy(proxyUsername, m_cfg.getString("PROXY", "proxy_username", "").c_str(), sizeof(proxyUsername) - 1); + memset(proxyPassword, 0, sizeof(proxyPassword)); + strncpy(proxyPassword, m_cfg.getString("PROXY", "proxy_password", "").c_str(), sizeof(proxyPassword) - 1); + getProxyInfo(); /* Set SD only to off if any usb device is attached and format is FAT, NTFS, WBFS, or LINUX */ m_cfg.getBool("GENERAL", "sd_only", true);// will only set it true if this doesn't already exist diff --git a/source/menu/menu.hpp b/source/menu/menu.hpp index f6870a82..1985140b 100644 --- a/source/menu/menu.hpp +++ b/source/menu/menu.hpp @@ -1196,6 +1196,13 @@ public: void _hideWaitMessage(); void GC_Messenger(int message, int info, char *cinfo); + /* proxy settings */ + bool proxyUseSystem; + char proxyAddress[256]; + u16 proxyPort; + char proxyUsername[34]; + char proxyPassword[34]; + /* general thread updating stuff */ u64 m_thrdTotal; void update_pThread(u64 amount, bool add = true); diff --git a/source/menu/menu_config.cpp b/source/menu/menu_config.cpp index 78a08acd..8dc59f45 100644 --- a/source/menu/menu_config.cpp +++ b/source/menu/menu_config.cpp @@ -3,7 +3,7 @@ #include "channel/nand.hpp" #include "loader/nk.h" -const int CMenu::_nbCfgPages = 13; +const int CMenu::_nbCfgPages = 14; void CMenu::_hideConfigCommon(bool instant) { diff --git a/source/menu/menu_config7.cpp b/source/menu/menu_config7.cpp index be79c5f7..11dc0435 100644 --- a/source/menu/menu_config7.cpp +++ b/source/menu/menu_config7.cpp @@ -50,15 +50,18 @@ void CMenu::_showConfig7(int curPage) m_btnMgr.show(m_config7Lbl1); m_btnMgr.show(m_config7Btn1); - m_btnMgr.show(m_config7Lbl2); - m_btnMgr.show(m_config7Btn2); - m_btnMgr.show(m_config7Lbl3); - m_btnMgr.show(m_config7Btn3); - m_btnMgr.show(m_config7Lbl4); + if(curPage != 14) + { + m_btnMgr.show(m_config7Lbl2); + m_btnMgr.show(m_config7Btn2); + m_btnMgr.show(m_config7Lbl3); + m_btnMgr.show(m_config7Btn3); + m_btnMgr.show(m_config7Lbl4); + } if(curPage == 7 || curPage == 11 || curPage == 12 || curPage == 13) m_btnMgr.show(m_config7Btn4); - else + else if(curPage != 14) { m_btnMgr.show(m_config7Lbl4Val); m_btnMgr.show(m_config7Btn4M); @@ -131,7 +134,7 @@ void CMenu::_showConfig7(int curPage) m_btnMgr.setText(m_config7Lbl4, _t("cfg727", L"Use Plugin Database Titles")); m_btnMgr.setText(m_config7Btn4, m_cfg.getBool(PLUGIN_DOMAIN, "database_titles", true) ? _t("yes", L"Yes") : _t("no", L"No")); } - else // page 13 + else if(curPage == 13) { m_btnMgr.setText(m_config7Lbl1, _t("cfgg49", L"480p Pixel Patch")); m_btnMgr.setText(m_config7Btn1, m_cfg.getBool(WII_DOMAIN, "fix480p", false) ? _t("on", L"On") : _t("off", L"Off")); @@ -142,6 +145,11 @@ void CMenu::_showConfig7(int curPage) m_btnMgr.setText(m_config7Lbl4, _t("cfg724", L"Lock coverflow layouts")); m_btnMgr.setText(m_config7Btn4, m_cfg.getBool("general", "cf_locked") ? _t("yes", L"Yes") : _t("no", L"No")); } + else // page 14 + { + m_btnMgr.setText(m_config7Lbl1, _t("cfg729", L"Use system proxy settings")); + m_btnMgr.setText(m_config7Btn1, m_cfg.getBool("PROXY", "proxy_use_system") ? _t("on", L"On") : _t("off", L"Off")); + } } int CMenu::_config7(int curPage) @@ -348,6 +356,16 @@ int CMenu::_config7(int curPage) CFLocked = val; } } + if(curPage == 14) + { + if(m_btnMgr.selected(m_config7Btn1)) + { + bool val = !m_cfg.getBool("PROXY", "proxy_use_system"); + m_cfg.setBool("PROXY", "proxy_use_system", val); + mainMenu.proxyUseSystem = val; + m_btnMgr.setText(m_config7Btn1, val ? _t("on", L"On") : _t("off", L"Off")); + } + } } } if(rand_music != m_cfg.getBool("GENERAL", "randomize_music")) diff --git a/source/network/base64.h b/source/network/base64.h new file mode 100644 index 00000000..d57484fa --- /dev/null +++ b/source/network/base64.h @@ -0,0 +1,171 @@ +/* + + https://github.com/superwills/NibbleAndAHalf + base64.h -- Fast base64 encoding and decoding. + version 1.0.0, April 17, 2013 143a + + Copyright (C) 2013 William Sherif + + This software is provided 'as-is', without any express or implied + warranty. In no event will the authors be held liable for any damages + arising from the use of this software. + + Permission is granted to anyone to use this software for any purpose, + including commercial applications, and to alter it and redistribute it + freely, subject to the following restrictions: + + 1. The origin of this software must not be misrepresented; you must not + claim that you wrote the original software. If you use this software + in a product, an acknowledgment in the product documentation would be + appreciated but is not required. + 2. Altered source versions must be plainly marked as such, and must not be + misrepresented as being the original software. + 3. This notice may not be removed or altered from any source distribution. + + William Sherif + will.sherif@gmail.com + + YWxsIHlvdXIgYmFzZSBhcmUgYmVsb25nIHRvIHVz + +*/ +#ifndef BASE64_H +#define BASE64_H + +#include +#include + +static const char* b64="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +// maps A=>0,B=>1.. +static const unsigned char unb64[]={ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //10 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //20 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //30 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //40 + 0, 0, 0, 62, 0, 0, 0, 63, 52, 53, //50 + 54, 55, 56, 57, 58, 59, 60, 61, 0, 0, //60 + 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, //70 + 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, //80 + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, //90 + 25, 0, 0, 0, 0, 0, 0, 26, 27, 28, //100 + 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, //110 + 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, //120 + 49, 50, 51, 0, 0, 0, 0, 0, 0, 0, //130 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //140 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //150 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //160 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //170 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //180 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //190 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //200 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //210 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //220 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //230 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //240 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //250 + 0, 0, 0, 0, 0, 0, +}; // This array has 256 elements + +// Converts binary data of length=len to base64 characters. +// Length of the resultant string is stored in flen +// (you must pass pointer flen). +char* base64( const void* binaryData, int len, int *flen ) +{ + const unsigned char* bin = (const unsigned char*) binaryData; + char* res; + + int rc = 0; // result counter + int byteNo; // I need this after the loop + + int modulusLen = len % 3; + int pad = ((modulusLen&1)<<1) + ((modulusLen&2)>>1); // 2 gives 1 and 1 gives 2, but 0 gives 0. + + *flen = 4*(len + pad)/3; + res = (char*) malloc( *flen + 1 ); // and one for the null + if( !res ) + return 0; + + for( byteNo = 0; byteNo <= len-3; byteNo+=3 ) + { + unsigned char BYTE0=bin[byteNo]; + unsigned char BYTE1=bin[byteNo+1]; + unsigned char BYTE2=bin[byteNo+2]; + res[rc++] = b64[ BYTE0 >> 2 ]; + res[rc++] = b64[ ((0x3&BYTE0)<<4) + (BYTE1 >> 4) ]; + res[rc++] = b64[ ((0x0f&BYTE1)<<2) + (BYTE2>>6) ]; + res[rc++] = b64[ 0x3f&BYTE2 ]; + } + + if( pad==2 ) + { + res[rc++] = b64[ bin[byteNo] >> 2 ]; + res[rc++] = b64[ (0x3&bin[byteNo])<<4 ]; + res[rc++] = '='; + res[rc++] = '='; + } + else if( pad==1 ) + { + res[rc++] = b64[ bin[byteNo] >> 2 ]; + res[rc++] = b64[ ((0x3&bin[byteNo])<<4) + (bin[byteNo+1] >> 4) ]; + res[rc++] = b64[ (0x0f&bin[byteNo+1])<<2 ]; + res[rc++] = '='; + } + + res[rc]=0; // NULL TERMINATOR!;) + return res; +} + +unsigned char* unbase64( const char* ascii, int len, int *flen ) +{ + const unsigned char *safeAsciiPtr = (const unsigned char*)ascii; + unsigned char *bin; + int cb=0; + int charNo; + int pad = 0; + + if ((len <= 0) || (len % 4 != 0)) { // 2 accesses below would be OOB. + // catch empty string or incorrect padding size, return NULL as result. + *flen=0; + return 0; + } + if( safeAsciiPtr[ len-1 ]=='=' ) ++pad; + if( safeAsciiPtr[ len-2 ]=='=' ) ++pad; + + *flen = 3*len/4 - pad; + bin = (unsigned char*)malloc( *flen ); + if( !bin ) + return 0; + + for( charNo=0; charNo <= len - 4 - pad; charNo+=4 ) + { + int A=unb64[safeAsciiPtr[charNo]]; + int B=unb64[safeAsciiPtr[charNo+1]]; + int C=unb64[safeAsciiPtr[charNo+2]]; + int D=unb64[safeAsciiPtr[charNo+3]]; + + bin[cb++] = (A<<2) | (B>>4); + bin[cb++] = (B<<4) | (C>>2); + bin[cb++] = (C<<6) | (D); + } + + if( pad==1 ) + { + int A=unb64[safeAsciiPtr[charNo]]; + int B=unb64[safeAsciiPtr[charNo+1]]; + int C=unb64[safeAsciiPtr[charNo+2]]; + + bin[cb++] = (A<<2) | (B>>4); + bin[cb++] = (B<<4) | (C>>2); + } + else if( pad==2 ) + { + int A=unb64[safeAsciiPtr[charNo]]; + int B=unb64[safeAsciiPtr[charNo+1]]; + + bin[cb++] = (A<<2) | (B>>4); + } + + return bin; +} + +#endif diff --git a/source/network/https.c b/source/network/https.c index df53b7c4..cc361474 100644 --- a/source/network/https.c +++ b/source/network/https.c @@ -1,362 +1,481 @@ -// Code by blackb0x @ GBAtemp.net -// This allows the Wii to download from servers that use SNI. - -#include -#include -#include +/* + Code by blackb0x @ GBAtemp.net + This allows the Wii to download from servers that use SNI. +*/ #include #include -#include -#include "https.h" +#include "base64.h" #include "gecko/gecko.hpp" -#include "picohttpparser.h" +#include "https.h" #include "memory/mem2.hpp" +#include "proxysettings.h" u8 loop; WOLFSSL_SESSION *session; -int https_write(HTTP_INFO *httpinfo, char *buffer, int len) +int https_write(HTTP_INFO *httpinfo, char *buffer, int len, bool proxy) { - int ret, slen = 0; - while (1) - { - if (httpinfo->use_https) - ret = wolfSSL_write(httpinfo->ssl, &buffer[slen], len - slen); - else - ret = net_write(httpinfo->sock, &buffer[slen], len - slen); - - if (ret == 0) - continue; - else if (ret <= 0) - return ret; // Timeout would return -1 - - slen += ret; - if (slen >= len) - break; - } - return slen; + int ret, pos = 0; + int rlen = (len > BLOCK_SIZE) ? BLOCK_SIZE : len; + u64 time = gettime(); + while (ticks_to_millisecs(diff_ticks(time, gettime())) < READ_WRITE_TIMEOUT) + { + if (httpinfo->use_https && !proxy) + ret = wolfSSL_write(httpinfo->ssl, &buffer[pos], rlen); + else + ret = net_write(httpinfo->sock, &buffer[pos], rlen); + if (ret > 0) + { + pos += ret; + rlen = (len - pos > BLOCK_SIZE) ? BLOCK_SIZE : len - pos; + if (pos >= len) + return pos; + time = gettime(); + } + usleep(10000); + } +#ifdef DEBUG_NETWORK + gprintf("The connection timed out (write)\n"); +#endif + return -ETIMEDOUT; } -int https_read(HTTP_INFO *httpinfo, char *buffer, int len) +int https_read(HTTP_INFO *httpinfo, char *buffer, int len, bool proxy) { - struct pollsd fds[1]; - fds[0].socket = httpinfo->sock; - fds[0].events = POLLIN; + int ret = -ETIMEDOUT; + u64 time = gettime(); + if (len > BLOCK_SIZE) + len = BLOCK_SIZE; + while (ticks_to_millisecs(diff_ticks(time, gettime())) < READ_WRITE_TIMEOUT) + { + if (httpinfo->use_https && !proxy) + ret = wolfSSL_read(httpinfo->ssl, buffer, len); + else + ret = net_read(httpinfo->sock, buffer, len); + if (ret >= 0) + return ret; + usleep(10000); + } +#ifdef DEBUG_NETWORK + gprintf("The connection timed out (read)\n"); +#endif + return -ETIMEDOUT; +} - net_fcntl(httpinfo->sock, F_SETFL, 4); - switch (net_poll(fds, 1, READ_WRITE_TIMEOUT)) - { - case -1: -#ifdef DEBUG_NETWORK - gprintf("net_poll error\n"); -#endif - return -1; - case 0: -#ifdef DEBUG_NETWORK - gprintf("The connection timed out\n"); -#endif - return -ETIMEDOUT; - default: - net_fcntl(httpinfo->sock, F_SETFL, 0); - if (len > 8192) - len = 8192; // 16KB is the max on a Wii, but 8KB is safe - if (httpinfo->use_https) - return wolfSSL_read(httpinfo->ssl, buffer, len); - return net_read(httpinfo->sock, buffer, len); - } +int send_callback(__attribute__((unused)) WOLFSSL *ssl, char *buf, int sz, void *ctx) +{ + int sent = net_write(*(int *)ctx, buf, sz); + if (sent < 0) + { + if (sent == -EAGAIN) + return WOLFSSL_CBIO_ERR_WANT_WRITE; + else if (sent == -ECONNRESET) + return WOLFSSL_CBIO_ERR_CONN_RST; + else if (sent == -EINTR) + return WOLFSSL_CBIO_ERR_ISR; + else if (sent == -EPIPE) + return WOLFSSL_CBIO_ERR_CONN_CLOSE; + else + return WOLFSSL_CBIO_ERR_GENERAL; + } + return sent; +} + +int recv_callback(__attribute__((unused)) WOLFSSL *ssl, char *buf, int sz, void *ctx) +{ + int recvd = net_read(*(int *)ctx, buf, sz); + if (recvd < 0) + { + if (recvd == -EAGAIN) + return WOLFSSL_CBIO_ERR_WANT_READ; + else if (recvd == -ECONNRESET) + return WOLFSSL_CBIO_ERR_CONN_RST; + else if (recvd == -EINTR) + return WOLFSSL_CBIO_ERR_ISR; + else if (recvd == -ECONNABORTED) + return WOLFSSL_CBIO_ERR_CONN_CLOSE; + else + return WOLFSSL_CBIO_ERR_GENERAL; + } + else if (recvd == 0) + return WOLFSSL_CBIO_ERR_CONN_CLOSE; + return recvd; } void https_close(HTTP_INFO *httpinfo) { - if (httpinfo->use_https) - { - if (wolfSSL_shutdown(httpinfo->ssl) == SSL_SHUTDOWN_NOT_DONE) - wolfSSL_shutdown(httpinfo->ssl); - wolfSSL_free(httpinfo->ssl); - wolfSSL_CTX_free(httpinfo->ctx); - } - net_close(httpinfo->sock); + if (httpinfo->use_https) + { + wolfSSL_shutdown(httpinfo->ssl); + wolfSSL_free(httpinfo->ssl); + wolfSSL_CTX_free(httpinfo->ctx); + } + net_close(httpinfo->sock); #ifdef DEBUG_NETWORK - gprintf("Closed socket and cleaned up\n"); + gprintf("Closed socket and cleaned up\n"); #endif } -u8 get_header_value(struct phr_header *headers, size_t num_headers, char *dst, char *header) +bool get_header_value(struct phr_header *headers, size_t num_headers, char *dst, char *header) { - for (size_t i = 0; i != num_headers; ++i) - { - if (strncasecmp(header, headers[i].name, headers[i].name_len) == 0) - { - strlcpy(dst, headers[i].value, headers[i].value_len + 1); - return 1; - } - } - return 0; + for (size_t i = 0; i != num_headers; ++i) + { + if (strncasecmp(header, headers[i].name, headers[i].name_len) == 0) + { + strlcpy(dst, headers[i].value, headers[i].value_len + 1); + return true; + } + } + return false; } -u8 is_chunked(struct phr_header *headers, size_t num_headers) +u64 get_header_value_int(struct phr_header *headers, size_t num_headers, char *header) { - char encoding[10] = {}; - if (!get_header_value(headers, num_headers, encoding, "transfer-encoding")) - return 0; - return (strcasecmp(encoding, "chunked") == 0) ? 1 : 0; + char header_value[30]; + if (!get_header_value(headers, num_headers, header_value, header)) + return 0; + return strtoull(header_value, NULL, 0); } -u8 read_chunked(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos) +bool is_chunked(struct phr_header *headers, size_t num_headers) { - struct phr_chunked_decoder decoder = {}; - size_t capacity = 4096, rsize; - ssize_t rret, pret; - decoder.consume_trailer = 1; -#ifdef DEBUG_NETWORK - gprintf("Data is chunked\n"); -#endif - do - { - if (start_pos == capacity) - { -#ifdef DEBUG_NETWORK - gprintf("Increased buffer size\n"); -#endif - capacity *= 2; - buffer->data = MEM2_realloc(buffer->data, capacity); - } - while ((rret = https_read(httpinfo, &buffer->data[start_pos], capacity - start_pos)) == -1 && errno == EINTR) - ; - if (rret <= 0) - { -#ifdef DEBUG_NETWORK - gprintf("IO error\n"); -#endif - return 0; - } - rsize = rret; - pret = phr_decode_chunked(&decoder, &buffer->data[start_pos], &rsize); - if (pret == -1) - { -#ifdef DEBUG_NETWORK - gprintf("Parse error\n"); -#endif - return 0; - } - start_pos += rsize; - } while (pret == -2); - buffer->size = start_pos; - buffer->data = MEM2_realloc(buffer->data, buffer->size); - return 1; + char encoding[9]; + if (!get_header_value(headers, num_headers, encoding, "transfer-encoding")) + return false; + return (strcasecmp(encoding, "chunked") == 0) ? true : false; } -u8 read_all(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos) +bool read_chunked(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos) { - size_t capacity = 4096; - ssize_t ret; + struct phr_chunked_decoder decoder = {0}; + size_t rsize, capacity = 4096; + ssize_t pret; + int ret; + decoder.consume_trailer = true; #ifdef DEBUG_NETWORK - gprintf("Data is not chunked\n"); + gprintf("Data is chunked\n"); #endif - while (1) - { - if (start_pos == capacity) - { + do + { + if (start_pos == capacity) + { #ifdef DEBUG_NETWORK - gprintf("Increased buffer size\n"); + gprintf("Increased buffer size\n"); #endif - capacity *= 2; - buffer->data = MEM2_realloc(buffer->data, capacity); - } - while ((ret = https_read(httpinfo, &buffer->data[start_pos], capacity - start_pos)) == -1 && errno == EINTR) - ; - if (ret == 0) - break; - if (ret < 0) - return 0; + capacity *= 2; + buffer->data = MEM2_realloc(buffer->data, capacity); + } + if ((ret = https_read(httpinfo, &buffer->data[start_pos], capacity - start_pos, false)) < 1) + return false; + rsize = ret; + pret = phr_decode_chunked(&decoder, &buffer->data[start_pos], &rsize); + if (pret == -1) + { +#ifdef DEBUG_NETWORK + gprintf("Parse error\n"); +#endif + return false; + } + start_pos += rsize; + } while (pret == -2); + buffer->size = start_pos; + buffer->data = MEM2_realloc(buffer->data, buffer->size); + return true; +} - start_pos += ret; - }; - buffer->size = start_pos; - buffer->data = MEM2_realloc(buffer->data, buffer->size); - return 1; +bool read_all(HTTP_INFO *httpinfo, struct download *buffer, size_t start_pos) +{ + size_t capacity = 4096; + int ret; +#ifdef DEBUG_NETWORK + gprintf("Data is not chunked\n"); +#endif + while (true) + { + if (start_pos == capacity) + { +#ifdef DEBUG_NETWORK + gprintf("Increased buffer size\n"); +#endif + capacity *= 2; + buffer->data = MEM2_realloc(buffer->data, capacity); + } + if ((ret = https_read(httpinfo, &buffer->data[start_pos], capacity - start_pos, false)) == 0) + break; + if (ret < 0) + return false; + start_pos += ret; + }; + buffer->size = start_pos; + buffer->data = MEM2_realloc(buffer->data, buffer->size); + return (buffer->content_length > 0 && buffer->content_length == start_pos) ? true : false; +} + +bool get_response(HTTP_INFO *httpinfo, HTTP_RESPONSE *resp, bool proxy) +{ + int rret, minor_version; + size_t msg_len, prevbuflen; + const char *msg; + + while (true) + { + if ((rret = https_read(httpinfo, &resp->data[resp->buflen], 1, proxy)) < 1) + return false; + prevbuflen = resp->buflen; + resp->buflen += rret; + // Parse the response + resp->num_headers = sizeof(resp->headers) / sizeof(resp->headers[0]); + if ((resp->pret = phr_parse_response(resp->data, resp->buflen, &minor_version, &resp->status, &msg, &msg_len, resp->headers, &resp->num_headers, prevbuflen)) > 0) + return true; // Successfully parsed the response + else if (resp->pret == -1) + { +#ifdef DEBUG_NETWORK + gprintf("pret error %i\n", resp->pret); +#endif + return false; + } + if (resp->buflen == sizeof(resp->data)) + { +#ifdef DEBUG_NETWORK + gprintf("buflen error %lu\n", (unsigned long)resp->buflen); +#endif + return false; + } + } + return false; +} + +bool check_ip(char *str) +{ + int partA, partB, partC, partD; + char extra; + // We avoid using regex because it increases the file size + return (sscanf(str, "%d.%d.%d.%d%c", &partA, &partB, &partC, &partD, &extra) == 4) ? true : false; +} + +bool connect_proxy(HTTP_INFO *httpinfo, char *host, char *username, char *password) +{ + HTTP_RESPONSE response = {0}; + char request[500]; + char credentials[65]; + char *auth; + int len; + if (username && password) + { + if(!snprintf(credentials, sizeof(credentials), "%s:%s", username, password)) + return false; + if(!(auth = base64(credentials, strlen(credentials), &len))) + return false; + len = snprintf(request, sizeof(request), "CONNECT %s:%i HTTP/1.1\r\nProxy-Authorization: Basic %s\r\nUser-Agent: curl/7.55.1\r\n\r\n", host, httpinfo->use_https ? 443 : 80, auth); + free(auth); + } + else + len = snprintf(request, sizeof(request), "CONNECT %s:%i HTTP/1.1\r\nUser-Agent: curl/7.55.1\r\n\r\n", host, httpinfo->use_https ? 443 : 80); + if (len > 0 && https_write(httpinfo, request, len, true) != len) + return false; + if (get_response(httpinfo, &response, true)) + { + if (response.status == 200) + return true; + } + return false; } int connect(char *host, u16 port) { - struct sockaddr_in sin; - s32 sock, ret; - u64 t; - - u32 ipaddress = getipbynamecached(host); - if (ipaddress == 0) - return -1; - - sock = net_socket(AF_INET, SOCK_STREAM, IPPROTO_IP); - if (sock < 0) - return sock; - - memset(&sin, 0, sizeof(struct sockaddr_in)); - sin.sin_family = AF_INET; - sin.sin_port = htons(port); - sin.sin_addr.s_addr = ipaddress; + struct sockaddr_in sin; + s32 sock, ret; + u32 ipaddress; + u64 time; #ifdef DEBUG_NETWORK - gprintf("Connecting to %s (%s)\n", host, inet_ntoa(sin.sin_addr)); + gprintf("Connecting to %s", host); #endif - net_fcntl(sock, F_SETFL, 4); - t = gettime(); - while (1) - { - if (ticks_to_millisecs(diff_ticks(t, gettime())) > TCP_CONNECT_TIMEOUT) - { + if ((ipaddress = check_ip(host) ? inet_addr(host) : getipbynamecached(host)) == 0) + return -EFAULT; + sin.sin_family = AF_INET; + sin.sin_port = htons(port); + sin.sin_addr.s_addr = ipaddress; #ifdef DEBUG_NETWORK - gprintf("The connection timed out\n"); + if (!check_ip(host)) + gprintf(" (%s)", inet_ntoa(sin.sin_addr)); #endif - net_close(sock); - return -ETIMEDOUT; - } - ret = net_connect(sock, (struct sockaddr *)&sin, sizeof(sin)); - if (ret < 0) - { - if (ret == -EISCONN) - break; - if (ret == -EINPROGRESS || ret == -EALREADY) - { - usleep(20 * 1000); - continue; - } - net_close(sock); - return ret; - } - break; - } - net_fcntl(sock, F_SETFL, 0); - return sock; + if ((sock = net_socket(AF_INET, SOCK_STREAM, IPPROTO_IP)) < 0) + return sock; + net_fcntl(sock, F_SETFL, 4); + time = gettime(); + while (ticks_to_millisecs(diff_ticks(time, gettime())) < CONNECT_TIMEOUT) + { + if ((ret = net_connect(sock, (struct sockaddr *)&sin, sizeof(sin))) < 0) + { + if (ret == -EISCONN) + return sock; + if (ret == -EINPROGRESS || ret == -EALREADY) + { + usleep(10000); + continue; + } + net_close(sock); + return ret; + } + } + net_close(sock); + return -ETIMEDOUT; } void downloadfile(const char *url, struct download *buffer) { - HTTP_INFO httpinfo; - memset(&httpinfo, 0, sizeof(HTTP_INFO)); - // Always reset the size due to the image downloader looping - buffer->size = 0; + HTTP_INFO httpinfo = {0}; + // Always reset the size due to the image downloader looping + buffer->size = 0; + // Check if we're using HTTPS and set the path + char *path; + if (strncmp(url, "https://", 8) == 0) + { + httpinfo.use_https = 1; + path = strchr(url + 8, '/'); + } + else if (strncmp(url, "http://", 7) == 0) + { + httpinfo.use_https = 0; + path = strchr(url + 7, '/'); + } + else + return; + if (path == NULL) + return; + // Get the host + int domainlength = path - url - 7 - httpinfo.use_https; + char host[domainlength + 1]; + strlcpy(host, url + 7 + httpinfo.use_https, domainlength + 1); + // Start connecting + if (getProxyAddress() && getProxyPort() > 0) + httpinfo.sock = connect(getProxyAddress(), getProxyPort()); + else + httpinfo.sock = connect(host, httpinfo.use_https ? 443 : 80); - // Check if we're using HTTPS and set the path - char *path; - if (strncmp(url, "https://", 8) == 0) - { - httpinfo.use_https = 1; - path = strchr(url + 8, '/'); - } - else if (strncmp(url, "http://", 7) == 0) - { - httpinfo.use_https = 0; - path = strchr(url + 7, '/'); - } - else - return; // Prevents uninitialized warning - - if (path == NULL) - return; - - // Get the host - int domainlength = path - url - 7 - httpinfo.use_https; - char host[domainlength + 1]; - strlcpy(host, url + 7 + httpinfo.use_https, domainlength + 1); - - // Start connecting - if ((httpinfo.sock = connect(host, httpinfo.use_https ? 443 : 80)) < 0) - { + if (httpinfo.sock < 0) + { #ifdef DEBUG_NETWORK - gprintf("Failed to connect to %s\n", host); + if (httpinfo.sock == -ETIMEDOUT) + gprintf("\nFailed to connect (timed out)\n"); + else + gprintf("\nFailed to connect (%i)\n", httpinfo.sock); #endif - return; - } + return; + } #ifdef DEBUG_NETWORK - else - gprintf("Connected\n"); + gprintf("\nConnected\n"); #endif - - if (httpinfo.use_https) - { - // Create a new SSL context - // wolfSSLv23_client_method() works, but resume would require further changes - if ((httpinfo.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) - { + // Connect to a web proxy without credentials + if (getProxyAddress() && getProxyPort() > 0) + { + if (!connect_proxy(&httpinfo, host, getProxyUsername(), getProxyPassword())) + { #ifdef DEBUG_NETWORK - gprintf("Failed to create WOLFSSL_CTX\n"); + gprintf("Failed to connect to proxy (%s:%i)\n", getProxyAddress(), getProxyPort()); #endif - https_close(&httpinfo); - return; - } - // Don't verify certificates - wolfSSL_CTX_set_verify(httpinfo.ctx, WOLFSSL_VERIFY_NONE, 0); - // Enable SNI - if (wolfSSL_CTX_UseSNI(httpinfo.ctx, 0, host, strlen(host)) != WOLFSSL_SUCCESS) - { + https_close(&httpinfo); + return; + } + session = NULL; // Resume doesn't work with a proxy #ifdef DEBUG_NETWORK - gprintf("Failed to set SNI\n"); + gprintf("Proxy is ready to receive\n"); #endif - https_close(&httpinfo); - return; - } - // Create a new wolfSSL session - if ((httpinfo.ssl = wolfSSL_new(httpinfo.ctx)) == NULL) - { + } + // Setup for HTTPS if it's necessary + if (httpinfo.use_https) + { + // Create a new SSL context + // wolfSSLv23_client_method() works but resume would require further changes + if ((httpinfo.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) + { #ifdef DEBUG_NETWORK - gprintf("SSL session creation failed\n"); + gprintf("Failed to create WOLFSSL_CTX\n"); #endif - https_close(&httpinfo); - return; - } - // Set the file descriptor - if (wolfSSL_set_fd(httpinfo.ssl, httpinfo.sock) != SSL_SUCCESS) - { + https_close(&httpinfo); + return; + } + // Don't verify certificates + wolfSSL_CTX_set_verify(httpinfo.ctx, WOLFSSL_VERIFY_NONE, 0); + // Enable SNI + if (wolfSSL_CTX_UseSNI(httpinfo.ctx, 0, host, strlen(host)) != WOLFSSL_SUCCESS) + { #ifdef DEBUG_NETWORK - gprintf("Failed to set SSL file descriptor\n"); + gprintf("Failed to set SNI\n"); #endif - https_close(&httpinfo); - return; - } - // Attempt to resume the session - if (session != NULL && wolfSSL_set_session(httpinfo.ssl, session) != SSL_SUCCESS) - { + https_close(&httpinfo); + return; + } + // Custom I/O is essential due to how libogc handles errors + wolfSSL_SetIOSend(httpinfo.ctx, send_callback); + wolfSSL_SetIORecv(httpinfo.ctx, recv_callback); + // Create a new wolfSSL session + if ((httpinfo.ssl = wolfSSL_new(httpinfo.ctx)) == NULL) + { #ifdef DEBUG_NETWORK - gprintf("Failed to set session (session timed out?)\n"); + gprintf("SSL session creation failed\n"); #endif - session = NULL; - } - // Initiate a handshake - if (wolfSSL_connect(httpinfo.ssl) != SSL_SUCCESS) - { + https_close(&httpinfo); + return; + } + // Set the file descriptor + if (wolfSSL_set_fd(httpinfo.ssl, httpinfo.sock) != SSL_SUCCESS) + { #ifdef DEBUG_NETWORK - gprintf("SSL handshake failed\n"); + gprintf("Failed to set SSL file descriptor\n"); #endif - https_close(&httpinfo); - return; - } - // Check if we resumed successfully - if (session != NULL && !wolfSSL_session_reused(httpinfo.ssl)) - { + https_close(&httpinfo); + return; + } + // Attempt to resume the session + if (session != NULL && wolfSSL_set_session(httpinfo.ssl, session) != SSL_SUCCESS) + { #ifdef DEBUG_NETWORK - gprintf("Failed to resume session\n"); + gprintf("Failed to set session (session timed out?)\n"); #endif - session = NULL; - } - // Cipher info + session = NULL; + } + // Initiate a handshake + u64 time = gettime(); + while (true) + { + if (ticks_to_millisecs(diff_ticks(time, gettime())) > CONNECT_TIMEOUT) + { #ifdef DEBUG_NETWORK - /*char ciphers[4096]; + gprintf("SSL handshake failed\n"); +#endif + https_close(&httpinfo); + return; + } + if (wolfSSL_connect(httpinfo.ssl) == SSL_SUCCESS) + break; + usleep(10000); + } + // Check if we resumed successfully + if (session != NULL && !wolfSSL_session_reused(httpinfo.ssl)) + { +#ifdef DEBUG_NETWORK + gprintf("Failed to resume session\n"); +#endif + session = NULL; + } + // Cipher info +#ifdef DEBUG_NETWORK + /*char ciphers[4096]; wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers)); gprintf("All supported ciphers: %s\n", ciphers);*/ - WOLFSSL_CIPHER *cipher = wolfSSL_get_current_cipher(httpinfo.ssl); - gprintf("Using: %s - %s\n", wolfSSL_get_version(httpinfo.ssl), wolfSSL_CIPHER_get_name(cipher)); + WOLFSSL_CIPHER *cipher = wolfSSL_get_current_cipher(httpinfo.ssl); + gprintf("Using: %s - %s\n", wolfSSL_get_version(httpinfo.ssl), wolfSSL_CIPHER_get_name(cipher)); #endif - } - - // Send our request - char request[2200]; - char isgecko[36] = "Cookie: challenge=BitMitigate.com\r\n"; - int ret, len; - if (strcmp(host, "www.geckocodes.org") != 0) - memset(isgecko, 0, sizeof(isgecko)); // Not geckocodes, so don't set a cookie - - len = snprintf(request, 2200, + } + // Send our request + char request[2300]; + char isgecko[36] = "Cookie: challenge=BitMitigate.com\r\n"; + int ret, len; + if (strncmp(host, "www.geckocodes.org", 18) != 0) + memset(isgecko, 0, sizeof(isgecko)); // Not geckocodes, so don't set a cookie + len = snprintf(request, sizeof(request), "GET %s HTTP/1.1\r\n" "Host: %s\r\n" "User-Agent: WiiFlow-Lite\r\n" @@ -365,132 +484,95 @@ void downloadfile(const char *url, struct download *buffer) "Pragma: no-cache\r\n" "Cache-Control: no-cache\r\n\r\n", path, host, isgecko); - if ((ret = https_write(&httpinfo, request, len)) != len) - { + if ((ret = https_write(&httpinfo, request, len, false)) != len) + { #ifdef DEBUG_NETWORK - gprintf("https_write error: %i\n", ret); + gprintf("https_write error: %i\n", ret); #endif - https_close(&httpinfo); - return; - } - - // Check if we want a response - if (buffer->skip_response) - { + https_close(&httpinfo); + return; + } + // Check if we want a response + if (buffer->skip_response) + { #ifdef DEBUG_NETWORK - gprintf("Sent request to %s and skipping response\n", host); + gprintf("Sent request to %s and skipping response\n", host); #endif - https_close(&httpinfo); - return; - } - - // Get the response - char response[4096]; - struct phr_header headers[100]; - int pret, minor_version, status, dl_valid; - size_t buflen = 0, prevbuflen = 0, num_headers, msg_len; - ssize_t rret; - const char *msg; - - while (1) - { - // Read the response - while ((rret = https_read(&httpinfo, &response[buflen], 1)) == -1 && errno == EINTR) - ; - if (rret <= 0) - { + https_close(&httpinfo); + return; + } + // Get the response + HTTP_RESPONSE response = {0}; + if (!get_response(&httpinfo, &response, false)) + { + https_close(&httpinfo); + return; + } + // The website wants to redirect us + if (response.status == 301 || response.status == 302) + { + https_close(&httpinfo); + if (loop == REDIRECT_LIMIT) + { #ifdef DEBUG_NETWORK - gprintf("rret error %i\n", rret); + gprintf("Reached redirect limit\n"); #endif - https_close(&httpinfo); - return; - } - prevbuflen = buflen; - buflen += rret; - // Parse the response - num_headers = sizeof(headers) / sizeof(headers[0]); - pret = phr_parse_response(response, buflen, &minor_version, &status, &msg, &msg_len, headers, &num_headers, prevbuflen); - if (pret > 0) - break; // Successfully parsed the response - else if (pret == -1) - { + return; + } + loop++; + char location[2049]; + if (!get_header_value(response.headers, response.num_headers, location, "location")) + return; #ifdef DEBUG_NETWORK - gprintf("pret error %i\n", pret); + gprintf("Redirect #%i - %s\n", loop, location); #endif - https_close(&httpinfo); - return; - } - // Response is incomplete so continue the loop - if (buflen == sizeof(response)) - { + downloadfile(location, buffer); + return; + } + // It's not 301 or 302, so reset the loop + loop = 0; + // We got what we wanted + if (response.status == 200) + { + buffer->data = MEM2_alloc(4096); + memcpy(buffer->data, &response.data[response.pret], response.buflen - response.pret); + // Determine how to read the data + bool dl_valid; + if (is_chunked(response.headers, response.num_headers)) + dl_valid = read_chunked(&httpinfo, buffer, response.buflen - response.pret); + else + { + buffer->content_length = get_header_value_int(response.headers, response.num_headers, "content-length"); + dl_valid = read_all(&httpinfo, buffer, response.buflen - response.pret); + } + // Check if the download is incomplete + if (!dl_valid || buffer->size < 1) + { + buffer->size = 0; + MEM2_free(buffer->data); #ifdef DEBUG_NETWORK - gprintf("buflen error %i\n", buflen); + gprintf("Removed incomplete download\n"); #endif - https_close(&httpinfo); - return; - } - } - - // The website wants to redirect us - if (status == 301 || status == 302) - { - https_close(&httpinfo); - if (loop == REDIRECT_LIMIT) - { + https_close(&httpinfo); + return; + } + // Save the session + if (httpinfo.use_https) + session = wolfSSL_get_session(httpinfo.ssl); + // Finished + https_close(&httpinfo); #ifdef DEBUG_NETWORK - gprintf("Reached redirect limit\n"); + gprintf("Download size: %llu\n", (long long)buffer->size); + gprintf("------------- HEADERS -------------\n"); + for (size_t i = 0; i != response.num_headers; ++i) + gprintf("%.*s: %.*s\n", (int)response.headers[i].name_len, response.headers[i].name, (int)response.headers[i].value_len, response.headers[i].value); + gprintf("------------ COMPLETED ------------\n"); #endif - return; - } - loop++; - char location[2100] = {}; - if (!get_header_value(headers, num_headers, location, "location")) - return; + return; + } + // Close on all other status codes #ifdef DEBUG_NETWORK - gprintf("Redirect #%i - %s\n", loop, location); + gprintf("Status code: %i - %s\n", response.status, url); #endif - downloadfile(location, buffer); - return; - } - // It's not 301 or 302, so reset the loop - loop = 0; - // We got what we wanted - if (status == 200) - { - buffer->data = MEM2_alloc(4096); - memcpy(buffer->data, &response[pret], buflen - pret); - // Determine how to read the data - if (is_chunked(headers, num_headers)) - dl_valid = read_chunked(&httpinfo, buffer, buflen - pret); - else - dl_valid = read_all(&httpinfo, buffer, buflen - pret); - // Check if the download is incomplete - if (!dl_valid || buffer->size <= 0) - { - buffer->size = 0; - MEM2_free(buffer->data); -#ifdef DEBUG_NETWORK - gprintf("Removed incomplete download\n"); -#endif - https_close(&httpinfo); - return; - } - // Save the session - if (httpinfo.use_https) - session = wolfSSL_get_session(httpinfo.ssl); - // Finished - https_close(&httpinfo); -#ifdef DEBUG_NETWORK - gprintf("Download size: %llu\n", buffer->size); - gprintf("Headers:\n"); - for (size_t i = 0; i != num_headers; ++i) - gprintf("%.*s: %.*s\n", (int)headers[i].name_len, headers[i].name, (int)headers[i].value_len, headers[i].value); -#endif - return; - } - // Close on all other status codes -#ifdef DEBUG_NETWORK - gprintf("Status code: %i - %s\n", status, url); -#endif - https_close(&httpinfo); + https_close(&httpinfo); } diff --git a/source/network/https.h b/source/network/https.h index ba76b68e..7b602ce1 100644 --- a/source/network/https.h +++ b/source/network/https.h @@ -1,11 +1,14 @@ -// Code by blackb0x @ GBAtemp.net -// This allows the Wii to download from servers that use SNI. - +/* + Code by blackb0x @ GBAtemp.net + This allows the Wii to download from servers that use SNI. +*/ #ifndef _HTTPS_H_ #define _HTTPS_H_ #include + #include "dns.h" +#include "picohttpparser.h" #ifdef __cplusplus extern "C" @@ -14,26 +17,38 @@ extern "C" // #define DEBUG_NETWORK #define REDIRECT_LIMIT 3 -#define TCP_CONNECT_TIMEOUT 5000 -#define READ_WRITE_TIMEOUT 5000 +#define CONNECT_TIMEOUT 10000 +#define READ_WRITE_TIMEOUT 20000 +#define BLOCK_SIZE 8192 - struct download - { - u8 skip_response; // Used by WiinnerTag - u64 size; - char *data; - }; + struct download + { + bool skip_response; // Used by WiinnerTag + u64 content_length; + u64 size; + char *data; + }; - typedef struct - { - u8 use_https; - s32 sock; - WOLFSSL *ssl; - WOLFSSL_CTX *ctx; - } HTTP_INFO; + typedef struct + { + int status; + int pret; + size_t num_headers; + size_t buflen; + struct phr_header headers[100]; + char data[4096]; + } HTTP_RESPONSE; - void downloadfile(const char *url, struct download *buffer); - int wolfSSL_CTX_UseSNI(WOLFSSL_CTX *ctx, unsigned char type, const void *data, unsigned short size); + typedef struct + { + u8 use_https; + s32 sock; + WOLFSSL *ssl; + WOLFSSL_CTX *ctx; + } HTTP_INFO; + + void downloadfile(const char *url, struct download *buffer); + int wolfSSL_CTX_UseSNI(WOLFSSL_CTX *ctx, unsigned char type, const void *data, unsigned short size); #ifdef __cplusplus } diff --git a/source/network/picohttpparser.c b/source/network/picohttpparser.c index 74ccc3ef..8f0576ee 100644 --- a/source/network/picohttpparser.c +++ b/source/network/picohttpparser.c @@ -355,10 +355,12 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha ADVANCE_TOKEN(*method, *method_len); do { ++buf; + CHECK_EOF(); } while (*buf == ' '); ADVANCE_TOKEN(*path, *path_len); do { ++buf; + CHECK_EOF(); } while (*buf == ' '); if (*method_len == 0 || *path_len == 0) { *ret = -1; @@ -422,6 +424,7 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min } do { ++buf; + CHECK_EOF(); } while (*buf == ' '); /* parse status code, we want at least [:digit:][:digit:][:digit:] to try to parse */ if (buf_end - buf < 4) { @@ -437,7 +440,8 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min if (*msg_len == 0) { /* ok */ } else if (**msg == ' ') { - /* remove preceding space */ + /* Remove preceding space. Successful return from `get_token_to_eol` guarantees that we would hit something other than SP + * before running past the end of the given buffer. */ do { ++*msg; --*msg_len; diff --git a/source/network/proxysettings.cpp b/source/network/proxysettings.cpp new file mode 100644 index 00000000..865df83e --- /dev/null +++ b/source/network/proxysettings.cpp @@ -0,0 +1,73 @@ + +#include +#include +#include + +#include "proxysettings.h" +#include "menu/menu.hpp" + +#define ALIGN32(x) (((x) + 31) & ~31) + +bool proxy_enabled; +char proxy_address[256]; +u16 proxy_port; +char proxy_username[33]; +char proxy_password[33]; + +void getProxyInfo() +{ + char *buffer; + int fd = ISFS_Open("/shared2/sys/net/02/config.dat", ISFS_OPEN_READ); + if (fd >= 0) + { + fstats stats ATTRIBUTE_ALIGN(32) = {}; + if(ISFS_GetFileStats(fd, &stats) >= 0) + { + if (stats.file_length > 0) + { + buffer = (char*)MEM2_alloc(ALIGN32(stats.file_length)); + if (buffer) + { + if(ISFS_Read(fd, buffer, stats.file_length) == 7004) + { + proxy_enabled = buffer[44]; + strncpy(proxy_address, buffer + 48, sizeof(proxy_address) - 1); + proxy_port = ((buffer[304] & 0xFF) << 8) | (buffer[305] & 0xFF); + strncpy(proxy_username, buffer + 306, sizeof(proxy_username) - 1); + strncpy(proxy_password, buffer + 338, sizeof(proxy_password) - 1); + } + } + MEM2_free(buffer); + } + } + ISFS_Close(fd); + } +} + +char* getProxyAddress() +{ + if (mainMenu.proxyUseSystem) + return proxy_enabled ? proxy_address : NULL; + return (strlen(mainMenu.proxyAddress) > 6) ? mainMenu.proxyAddress : NULL; +} + +u16 getProxyPort() +{ + if (mainMenu.proxyUseSystem) + return proxy_enabled ? proxy_port : 0; + return mainMenu.proxyPort; +} + +char* getProxyUsername() +{ + if (mainMenu.proxyUseSystem) + return proxy_enabled ? proxy_username : NULL; + return (strlen(mainMenu.proxyUsername) > 0) ? mainMenu.proxyUsername : NULL; +} + +char* getProxyPassword() +{ + if (mainMenu.proxyUseSystem) + return proxy_enabled ? proxy_password : NULL; + return (strlen(mainMenu.proxyPassword) > 0) ? mainMenu.proxyPassword : NULL; +} diff --git a/source/network/proxysettings.h b/source/network/proxysettings.h new file mode 100644 index 00000000..892d7d64 --- /dev/null +++ b/source/network/proxysettings.h @@ -0,0 +1,18 @@ + +#ifndef _PROXYSETTINGS_ +#define _PROXYSETTINGS_ + +#ifdef __cplusplus +extern "C" +{ +#endif + void getProxyInfo(); + char *getProxyAddress(); + u16 getProxyPort(); + char *getProxyUsername(); + char *getProxyPassword(); +#ifdef __cplusplus +} +#endif + +#endif /* _PROXYSETTINGS_ */ From 541836a6431c02254010e20b8d0e9c2813f7c724 Mon Sep 17 00:00:00 2001 From: wiidev Date: Mon, 7 Sep 2020 22:08:52 +0100 Subject: [PATCH 2/4] Adjusted the proxy char array sizes --- source/menu/menu.hpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/menu/menu.hpp b/source/menu/menu.hpp index 1985140b..d212f326 100644 --- a/source/menu/menu.hpp +++ b/source/menu/menu.hpp @@ -1200,8 +1200,8 @@ public: bool proxyUseSystem; char proxyAddress[256]; u16 proxyPort; - char proxyUsername[34]; - char proxyPassword[34]; + char proxyUsername[33]; + char proxyPassword[33]; /* general thread updating stuff */ u64 m_thrdTotal; From 242b72add6db0ab7c36dbc5f599e0666674739fe Mon Sep 17 00:00:00 2001 From: wiidev Date: Mon, 7 Sep 2020 22:11:42 +0100 Subject: [PATCH 3/4] Proxy credentials are supported --- source/network/https.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/network/https.c b/source/network/https.c index cc361474..b56d841c 100644 --- a/source/network/https.c +++ b/source/network/https.c @@ -367,7 +367,7 @@ void downloadfile(const char *url, struct download *buffer) #ifdef DEBUG_NETWORK gprintf("\nConnected\n"); #endif - // Connect to a web proxy without credentials + // Connect to a web proxy if (getProxyAddress() && getProxyPort() > 0) { if (!connect_proxy(&httpinfo, host, getProxyUsername(), getProxyPassword())) From 8abd33fb2849ddb395f09ccf4f0db6be8a78b35d Mon Sep 17 00:00:00 2001 From: wiidev Date: Mon, 7 Sep 2020 22:14:43 +0100 Subject: [PATCH 4/4] Adjusted credentials char array size --- source/network/https.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source/network/https.c b/source/network/https.c index b56d841c..8ed09177 100644 --- a/source/network/https.c +++ b/source/network/https.c @@ -258,14 +258,14 @@ bool connect_proxy(HTTP_INFO *httpinfo, char *host, char *username, char *passwo { HTTP_RESPONSE response = {0}; char request[500]; - char credentials[65]; + char credentials[66]; char *auth; int len; if (username && password) { - if(!snprintf(credentials, sizeof(credentials), "%s:%s", username, password)) + if (!snprintf(credentials, sizeof(credentials), "%s:%s", username, password)) return false; - if(!(auth = base64(credentials, strlen(credentials), &len))) + if (!(auth = base64(credentials, strlen(credentials), &len))) return false; len = snprintf(request, sizeof(request), "CONNECT %s:%i HTTP/1.1\r\nProxy-Authorization: Basic %s\r\nUser-Agent: curl/7.55.1\r\n\r\n", host, httpinfo->use_https ? 443 : 80, auth); free(auth);