From 35d8262b25da824b6c4db9f272393491bc95399a Mon Sep 17 00:00:00 2001
From: dongheng <Dong Heng>
Date: Thu, 19 Sep 2019 10:39:31 +0800
Subject: [PATCH 1/3] feat(mbedtls): bring mbedtls and openssl based on mbedtls
 from esp-idf

Commit ID: 97959e77.

Using submodule instead of source code.

It is brought from esp-idf, and some origin dependent code or configuration of hardware have not been removed.
But it maybe not affect using at the ESP8266 platform.
---
 .gitmodules                                   |    4 +
 components/mbedtls/CMakeLists.txt             |   41 +
 components/mbedtls/Kconfig                    |  599 ++
 components/mbedtls/Makefile.projbuild         |    8 +
 components/mbedtls/component.mk               |   12 +
 components/mbedtls/mbedtls                    |    1 +
 components/mbedtls/port/esp32/aes.c           |  768 ++
 components/mbedtls/port/esp32/sha.c           |  314 +
 components/mbedtls/port/esp_bignum.c          |  683 ++
 components/mbedtls/port/esp_hardware.c        |   26 +
 .../esp_hardware.c => mbedtls/port/esp_mem.c} |   44 +-
 components/mbedtls/port/esp_sha.c             |   79 +
 .../sha1.c => mbedtls/port/esp_sha1.c}        |  261 +-
 .../sha256.c => mbedtls/port/esp_sha256.c}    |  302 +-
 .../sha512.c => mbedtls/port/esp_sha512.c}    |  333 +-
 components/mbedtls/port/esp_timing.c          |  102 +
 components/mbedtls/port/include/aes_alt.h     |   69 +
 components/mbedtls/port/include/esp32/aes.h   |  359 +
 components/mbedtls/port/include/esp32/sha.h   |  211 +
 components/mbedtls/port/include/esp_mem.h     |   20 +
 .../mbedtls/port/include/mbedtls/bignum.h     |   78 +
 .../port/include/mbedtls/esp_config.h}        | 1486 +--
 .../port}/include/mbedtls/esp_debug.h         |    8 +-
 .../port}/include/sha1_alt.h                  |   37 +-
 components/mbedtls/port/include/sha256_alt.h  |   57 +
 components/mbedtls/port/include/sha512_alt.h  |   57 +
 .../esp8266 => mbedtls/port}/mbedtls_debug.c  |   42 +-
 components/mbedtls/port/net_sockets.c         |  451 +
 components/mbedtls/test/CMakeLists.txt        |    9 +
 components/mbedtls/test/component.mk          |    5 +
 components/mbedtls/test/test_aes_perf.c       |   71 +
 .../mbedtls/test/test_apb_dport_access.c      |   56 +
 .../mbedtls/test/test_apb_dport_access.h      |   18 +
 components/mbedtls/test/test_ecp.c            |   77 +
 components/mbedtls/test/test_mbedtls.c        |   45 +
 components/mbedtls/test/test_mbedtls_mpi.c    |  211 +
 components/mbedtls/test/test_mbedtls_sha.c    |  301 +
 components/mbedtls/test/test_rsa.c            |  240 +
 components/openssl/CMakeLists.txt             |   11 +
 components/openssl/Kconfig                    |   72 +
 .../port => }/openssl/OpenSSL-APIs.rst        |    0
 components/openssl/component.mk               |    9 +
 .../port => }/openssl/include/internal/ssl3.h |    0
 .../openssl/include/internal/ssl_cert.h       |    0
 .../openssl/include/internal/ssl_code.h       |    0
 .../openssl/include/internal/ssl_dbg.h        |    1 -
 .../openssl/include/internal/ssl_lib.h        |    0
 .../openssl/include/internal/ssl_methods.h    |   15 +-
 .../openssl/include/internal/ssl_pkey.h       |    0
 .../openssl/include/internal/ssl_stack.h      |    0
 .../openssl/include/internal/ssl_types.h      |   35 +-
 .../openssl/include/internal/ssl_x509.h       |   80 +-
 .../port => }/openssl/include/internal/tls1.h |    0
 .../openssl/include/internal/x509_vfy.h       |    0
 .../port => }/openssl/include/openssl/ssl.h   |  107 +-
 components/openssl/include/platform/ssl_opt.h |   20 +
 .../openssl/include/platform/ssl_pm.h         |    6 +
 .../openssl/include/platform/ssl_port.h       |   32 +-
 .../source => openssl}/library/ssl_cert.c     |    0
 .../source => openssl}/library/ssl_lib.c      |   84 +-
 .../source => openssl}/library/ssl_methods.c  |    3 +-
 .../source => openssl}/library/ssl_pkey.c     |    0
 .../source => openssl}/library/ssl_stack.c    |    0
 .../source => openssl}/library/ssl_x509.c     |  161 +-
 .../source => openssl}/platform/ssl_pm.c      |  106 +-
 components/openssl/platform/ssl_port.c        |   29 +
 components/ssl/CMakeLists.txt                 |   38 -
 components/ssl/Kconfig                        |  617 --
 components/ssl/Makefile.projbuild             |   10 -
 components/ssl/component.mk                   |   24 -
 .../ssl/mbedtls/mbedtls/include/mbedtls/aes.h |  417 -
 .../mbedtls/mbedtls/include/mbedtls/aesni.h   |  112 -
 .../mbedtls/mbedtls/include/mbedtls/arc4.h    |  149 -
 .../mbedtls/mbedtls/include/mbedtls/asn1.h    |  358 -
 .../mbedtls/include/mbedtls/asn1write.h       |  240 -
 .../mbedtls/mbedtls/include/mbedtls/base64.h  |   89 -
 .../mbedtls/mbedtls/include/mbedtls/bignum.h  |  766 --
 .../mbedtls/include/mbedtls/blowfish.h        |  205 -
 .../mbedtls/mbedtls/include/mbedtls/bn_mul.h  |  886 --
 .../mbedtls/include/mbedtls/camellia.h        |  237 -
 .../ssl/mbedtls/mbedtls/include/mbedtls/ccm.h |  176 -
 .../mbedtls/mbedtls/include/mbedtls/certs.h   |  100 -
 .../mbedtls/include/mbedtls/check_config.h    |  674 --
 .../mbedtls/mbedtls/include/mbedtls/cipher.h  |  752 --
 .../mbedtls/include/mbedtls/cipher_internal.h |  110 -
 .../mbedtls/mbedtls/include/mbedtls/cmac.h    |  208 -
 .../mbedtls/include/mbedtls/compat-1.3.h      | 2525 -----
 .../mbedtls/include/mbedtls/ctr_drbg.h        |  322 -
 .../mbedtls/mbedtls/include/mbedtls/debug.h   |  229 -
 .../ssl/mbedtls/mbedtls/include/mbedtls/des.h |  357 -
 .../ssl/mbedtls/mbedtls/include/mbedtls/dhm.h | 1061 ---
 .../mbedtls/mbedtls/include/mbedtls/ecdh.h    |  277 -
 .../mbedtls/mbedtls/include/mbedtls/ecdsa.h   |  334 -
 .../mbedtls/mbedtls/include/mbedtls/ecjpake.h |  255 -
 .../ssl/mbedtls/mbedtls/include/mbedtls/ecp.h |  686 --
 .../mbedtls/include/mbedtls/ecp_internal.h    |  293 -
 .../mbedtls/mbedtls/include/mbedtls/entropy.h |  289 -
 .../mbedtls/include/mbedtls/entropy_poll.h    |  110 -
 .../mbedtls/mbedtls/include/mbedtls/error.h   |  117 -
 .../ssl/mbedtls/mbedtls/include/mbedtls/gcm.h |  263 -
 .../mbedtls/mbedtls/include/mbedtls/havege.h  |   75 -
 .../mbedtls/include/mbedtls/hmac_drbg.h       |  300 -
 .../ssl/mbedtls/mbedtls/include/mbedtls/md.h  |  453 -
 .../ssl/mbedtls/mbedtls/include/mbedtls/md2.h |  309 -
 .../ssl/mbedtls/mbedtls/include/mbedtls/md4.h |  314 -
 .../ssl/mbedtls/mbedtls/include/mbedtls/md5.h |  314 -
 .../mbedtls/include/mbedtls/md_internal.h     |  115 -
 .../include/mbedtls/memory_buffer_alloc.h     |  151 -
 .../ssl/mbedtls/mbedtls/include/mbedtls/net.h |   32 -
 .../mbedtls/include/mbedtls/net_sockets.h     |  226 -
 .../ssl/mbedtls/mbedtls/include/mbedtls/oid.h |  589 --
 .../mbedtls/mbedtls/include/mbedtls/padlock.h |  108 -
 .../ssl/mbedtls/mbedtls/include/mbedtls/pem.h |  130 -
 .../ssl/mbedtls/mbedtls/include/mbedtls/pk.h  |  618 --
 .../mbedtls/include/mbedtls/pk_internal.h     |  115 -
 .../mbedtls/mbedtls/include/mbedtls/pkcs11.h  |  174 -
 .../mbedtls/mbedtls/include/mbedtls/pkcs12.h  |  120 -
 .../mbedtls/mbedtls/include/mbedtls/pkcs5.h   |   95 -
 .../mbedtls/include/mbedtls/platform.h        |  348 -
 .../mbedtls/include/mbedtls/platform_time.h   |   82 -
 .../mbedtls/include/mbedtls/ripemd160.h       |  239 -
 .../ssl/mbedtls/mbedtls/include/mbedtls/rsa.h | 1138 ---
 .../mbedtls/include/mbedtls/rsa_internal.h    |  216 -
 .../mbedtls/mbedtls/include/mbedtls/sha1.h    |  322 -
 .../mbedtls/mbedtls/include/mbedtls/sha256.h  |  278 -
 .../mbedtls/mbedtls/include/mbedtls/sha512.h  |  280 -
 .../ssl/mbedtls/mbedtls/include/mbedtls/ssl.h | 2646 ------
 .../mbedtls/include/mbedtls/ssl_cache.h       |  144 -
 .../include/mbedtls/ssl_ciphersuites.h        |  486 -
 .../mbedtls/include/mbedtls/ssl_cookie.h      |  109 -
 .../mbedtls/include/mbedtls/ssl_internal.h    |  695 --
 .../mbedtls/include/mbedtls/ssl_ticket.h      |  136 -
 .../mbedtls/include/mbedtls/threading.h       |  107 -
 .../mbedtls/mbedtls/include/mbedtls/timing.h  |  161 -
 .../mbedtls/mbedtls/include/mbedtls/version.h |  112 -
 .../mbedtls/mbedtls/include/mbedtls/x509.h    |  333 -
 .../mbedtls/include/mbedtls/x509_crl.h        |  174 -
 .../mbedtls/include/mbedtls/x509_crt.h        |  663 --
 .../mbedtls/include/mbedtls/x509_csr.h        |  299 -
 .../mbedtls/mbedtls/include/mbedtls/xtea.h    |  141 -
 components/ssl/mbedtls/mbedtls/library/aes.c  | 1530 ---
 .../ssl/mbedtls/mbedtls/library/aesni.c       |  464 -
 components/ssl/mbedtls/mbedtls/library/arc4.c |  205 -
 .../ssl/mbedtls/mbedtls/library/asn1parse.c   |  393 -
 .../ssl/mbedtls/mbedtls/library/asn1write.c   |  390 -
 .../ssl/mbedtls/mbedtls/library/base64.c      |  293 -
 .../ssl/mbedtls/mbedtls/library/bignum.c      | 2457 -----
 .../ssl/mbedtls/mbedtls/library/blowfish.c    |  656 --
 .../ssl/mbedtls/mbedtls/library/camellia.c    | 1072 ---
 components/ssl/mbedtls/mbedtls/library/ccm.c  |  467 -
 .../ssl/mbedtls/mbedtls/library/certs.c       |  403 -
 .../ssl/mbedtls/mbedtls/library/cipher.c      |  917 --
 .../ssl/mbedtls/mbedtls/library/cipher_wrap.c | 1451 ---
 components/ssl/mbedtls/mbedtls/library/cmac.c | 1080 ---
 .../ssl/mbedtls/mbedtls/library/ctr_drbg.c    |  654 --
 .../ssl/mbedtls/mbedtls/library/debug.c       |  368 -
 components/ssl/mbedtls/mbedtls/library/des.c  | 1061 ---
 components/ssl/mbedtls/mbedtls/library/dhm.c  |  663 --
 components/ssl/mbedtls/mbedtls/library/ecdh.c |  268 -
 .../ssl/mbedtls/mbedtls/library/ecdsa.c       |  458 -
 .../ssl/mbedtls/mbedtls/library/ecjpake.c     | 1106 ---
 components/ssl/mbedtls/mbedtls/library/ecp.c  | 2195 -----
 .../ssl/mbedtls/mbedtls/library/ecp_curves.c  | 1329 ---
 .../ssl/mbedtls/mbedtls/library/entropy.c     |  725 --
 .../mbedtls/mbedtls/library/entropy_poll.c    |  268 -
 .../ssl/mbedtls/mbedtls/library/error.c       |  822 --
 components/ssl/mbedtls/mbedtls/library/gcm.c  |  958 --
 .../ssl/mbedtls/mbedtls/library/havege.c      |  245 -
 .../ssl/mbedtls/mbedtls/library/hmac_drbg.c   |  534 --
 components/ssl/mbedtls/mbedtls/library/md.c   |  478 -
 components/ssl/mbedtls/mbedtls/library/md2.c  |  367 -
 components/ssl/mbedtls/mbedtls/library/md4.c  |  472 -
 components/ssl/mbedtls/mbedtls/library/md5.c  |  485 -
 .../ssl/mbedtls/mbedtls/library/md_wrap.c     |  586 --
 .../mbedtls/library/memory_buffer_alloc.c     |  752 --
 .../ssl/mbedtls/mbedtls/library/net_sockets.c |  591 --
 components/ssl/mbedtls/mbedtls/library/oid.c  |  755 --
 .../ssl/mbedtls/mbedtls/library/padlock.c     |  170 -
 components/ssl/mbedtls/mbedtls/library/pem.c  |  492 -
 components/ssl/mbedtls/mbedtls/library/pk.c   |  382 -
 .../ssl/mbedtls/mbedtls/library/pk_wrap.c     |  521 --
 .../ssl/mbedtls/mbedtls/library/pkcs11.c      |  240 -
 .../ssl/mbedtls/mbedtls/library/pkcs12.c      |  365 -
 .../ssl/mbedtls/mbedtls/library/pkcs5.c       |  404 -
 .../ssl/mbedtls/mbedtls/library/pkparse.c     | 1452 ---
 .../ssl/mbedtls/mbedtls/library/pkwrite.c     |  515 -
 .../ssl/mbedtls/mbedtls/library/platform.c    |  336 -
 .../ssl/mbedtls/mbedtls/library/ripemd160.c   |  556 --
 components/ssl/mbedtls/mbedtls/library/rsa.c  | 2382 -----
 .../mbedtls/mbedtls/library/rsa_internal.c    |  487 -
 .../ssl/mbedtls/mbedtls/library/ssl_cache.c   |  327 -
 .../mbedtls/library/ssl_ciphersuites.c        | 1875 ----
 .../ssl/mbedtls/mbedtls/library/ssl_cli.c     | 3462 -------
 .../ssl/mbedtls/mbedtls/library/ssl_cookie.c  |  260 -
 .../ssl/mbedtls/mbedtls/library/ssl_srv.c     | 4096 --------
 .../ssl/mbedtls/mbedtls/library/ssl_ticket.c  |  489 -
 .../ssl/mbedtls/mbedtls/library/ssl_tls.c     | 8309 -----------------
 .../ssl/mbedtls/mbedtls/library/threading.c   |  137 -
 .../ssl/mbedtls/mbedtls/library/timing.c      |  536 --
 .../ssl/mbedtls/mbedtls/library/version.c     |   50 -
 .../mbedtls/library/version_features.c        |  719 --
 components/ssl/mbedtls/mbedtls/library/x509.c | 1104 ---
 .../ssl/mbedtls/mbedtls/library/x509_create.c |  340 -
 .../ssl/mbedtls/mbedtls/library/x509_crl.c    |  776 --
 .../ssl/mbedtls/mbedtls/library/x509_crt.c    | 2432 -----
 .../ssl/mbedtls/mbedtls/library/x509_csr.c    |  423 -
 .../mbedtls/mbedtls/library/x509write_crt.c   |  485 -
 .../mbedtls/mbedtls/library/x509write_csr.c   |  266 -
 components/ssl/mbedtls/mbedtls/library/xtea.c |  281 -
 .../mbedtls/port/esp8266/include/aes_alt.h    |  116 -
 .../mbedtls/port/esp8266/include/arc4_alt.h   |   46 -
 .../port/esp8266/include/mbedtls/esp_config.h | 2995 ------
 .../mbedtls/port/esp8266/include/md5_alt.h    |   51 -
 .../mbedtls/port/esp8266/include/sha256_alt.h |   66 -
 .../mbedtls/port/esp8266/include/sha512_alt.h |   66 -
 components/ssl/mbedtls/port/esp8266/net.c     |  519 -
 .../port/openssl/include/platform/ssl_opt.h   |   89 -
 .../openssl/source/platform/ssl_pm_extend.c   |  365 -
 components/ssl/wolfssl/README                 |    8 -
 .../ssl/wolfssl/include/user_settings.h       |   66 -
 components/ssl/wolfssl/lib/libwolfssl.a       |  Bin 1843000 -> 0 bytes
 components/ssl/wolfssl/lib/libwolfssl_debug.a |  Bin 2127680 -> 0 bytes
 .../ssl/wolfssl/source/cmake_compiling.c      |    1 -
 .../wolfssl/wolfssl/wolfssl/openssl/asn1.h    |   51 -
 .../ssl/wolfssl/wolfssl/wolfssl/openssl/bn.h  |  181 -
 .../wolfssl/wolfssl/wolfssl/openssl/crypto.h  |   72 -
 .../ssl/wolfssl/wolfssl/wolfssl/openssl/dsa.h |   79 -
 .../ssl/wolfssl/wolfssl/wolfssl/openssl/ec.h  |  225 -
 .../ssl/wolfssl/wolfssl/wolfssl/openssl/evp.h |  612 --
 .../wolfssl/wolfssl/wolfssl/openssl/hmac.h    |   85 -
 .../ssl/wolfssl/wolfssl/wolfssl/openssl/md5.h |   68 -
 .../wolfssl/wolfssl/openssl/opensslv.h        |   33 -
 .../wolfssl/wolfssl/wolfssl/openssl/ripemd.h  |   50 -
 .../ssl/wolfssl/wolfssl/wolfssl/openssl/rsa.h |  113 -
 .../ssl/wolfssl/wolfssl/wolfssl/openssl/sha.h |  188 -
 .../ssl/wolfssl/wolfssl/wolfssl/openssl/ssl.h |  971 --
 components/ssl/wolfssl/wolfssl/wolfssl/ssl.h  | 3065 ------
 .../ssl/wolfssl/wolfssl/wolfssl/version.h     |   32 -
 .../wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h   |  359 -
 .../wolfssl/wolfssl/wolfssl/wolfcrypt/arc4.h  |   60 -
 .../wolfssl/wolfssl/wolfcrypt/asn_public.h    |  508 -
 .../wolfssl/wolfssl/wolfssl/wolfcrypt/des3.h  |  139 -
 .../wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h   |  686 --
 .../wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h  |  165 -
 .../wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h  |  181 -
 .../wolfssl/wolfssl/wolfcrypt/integer.h       |  398 -
 .../wolfssl/wolfssl/wolfcrypt/logging.h       |  179 -
 .../wolfssl/wolfssl/wolfssl/wolfcrypt/md5.h   |  114 -
 .../wolfssl/wolfssl/wolfcrypt/mpi_class.h     | 1011 --
 .../wolfssl/wolfcrypt/mpi_superclass.h        |   88 -
 .../wolfssl/wolfssl/wolfcrypt/pwdbased.h      |   63 -
 .../wolfssl/wolfssl/wolfcrypt/random.h        |  218 -
 .../wolfssl/wolfssl/wolfcrypt/settings.h      | 1857 ----
 .../wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h   |  143 -
 .../wolfssl/wolfssl/wolfcrypt/sha256.h        |  209 -
 .../wolfssl/wolfssl/wolfssl/wolfcrypt/types.h |  758 --
 .../wolfssl/wolfssl/wolfcrypt/visibility.h    |   71 -
 .../wolfssl/wolfssl/wolfcrypt/wc_port.h       |  572 --
 .../wolfssl/wolfssl/wolfcrypt/wolfmath.h      |   70 -
 .../ssl/wolfssl/wolfssl/wolfssl/wolfio.h      |  514 -
 260 files changed, 6450 insertions(+), 109602 deletions(-)
 create mode 100644 components/mbedtls/CMakeLists.txt
 create mode 100644 components/mbedtls/Kconfig
 create mode 100644 components/mbedtls/Makefile.projbuild
 create mode 100644 components/mbedtls/component.mk
 create mode 160000 components/mbedtls/mbedtls
 create mode 100644 components/mbedtls/port/esp32/aes.c
 create mode 100644 components/mbedtls/port/esp32/sha.c
 create mode 100644 components/mbedtls/port/esp_bignum.c
 create mode 100644 components/mbedtls/port/esp_hardware.c
 rename components/{ssl/mbedtls/port/esp8266/esp_hardware.c => mbedtls/port/esp_mem.c} (50%)
 create mode 100644 components/mbedtls/port/esp_sha.c
 rename components/{ssl/mbedtls/mbedtls/library/sha1.c => mbedtls/port/esp_sha1.c} (69%)
 rename components/{ssl/mbedtls/mbedtls/library/sha256.c => mbedtls/port/esp_sha256.c} (64%)
 rename components/{ssl/mbedtls/mbedtls/library/sha512.c => mbedtls/port/esp_sha512.c} (63%)
 create mode 100644 components/mbedtls/port/esp_timing.c
 create mode 100644 components/mbedtls/port/include/aes_alt.h
 create mode 100644 components/mbedtls/port/include/esp32/aes.h
 create mode 100644 components/mbedtls/port/include/esp32/sha.h
 create mode 100644 components/mbedtls/port/include/esp_mem.h
 create mode 100644 components/mbedtls/port/include/mbedtls/bignum.h
 rename components/{ssl/mbedtls/mbedtls/include/mbedtls/config.h => mbedtls/port/include/mbedtls/esp_config.h} (57%)
 rename components/{ssl/mbedtls/port/esp8266 => mbedtls/port}/include/mbedtls/esp_debug.h (93%)
 rename components/{ssl/mbedtls/port/esp8266 => mbedtls/port}/include/sha1_alt.h (60%)
 create mode 100644 components/mbedtls/port/include/sha256_alt.h
 create mode 100644 components/mbedtls/port/include/sha512_alt.h
 rename components/{ssl/mbedtls/port/esp8266 => mbedtls/port}/mbedtls_debug.c (64%)
 create mode 100644 components/mbedtls/port/net_sockets.c
 create mode 100644 components/mbedtls/test/CMakeLists.txt
 create mode 100644 components/mbedtls/test/component.mk
 create mode 100644 components/mbedtls/test/test_aes_perf.c
 create mode 100644 components/mbedtls/test/test_apb_dport_access.c
 create mode 100644 components/mbedtls/test/test_apb_dport_access.h
 create mode 100644 components/mbedtls/test/test_ecp.c
 create mode 100644 components/mbedtls/test/test_mbedtls.c
 create mode 100644 components/mbedtls/test/test_mbedtls_mpi.c
 create mode 100644 components/mbedtls/test/test_mbedtls_sha.c
 create mode 100644 components/mbedtls/test/test_rsa.c
 create mode 100644 components/openssl/CMakeLists.txt
 create mode 100644 components/openssl/Kconfig
 rename components/{ssl/mbedtls/port => }/openssl/OpenSSL-APIs.rst (100%)
 create mode 100644 components/openssl/component.mk
 rename components/{ssl/mbedtls/port => }/openssl/include/internal/ssl3.h (100%)
 rename components/{ssl/mbedtls/port => }/openssl/include/internal/ssl_cert.h (100%)
 rename components/{ssl/mbedtls/port => }/openssl/include/internal/ssl_code.h (100%)
 rename components/{ssl/mbedtls/port => }/openssl/include/internal/ssl_dbg.h (99%)
 rename components/{ssl/mbedtls/port => }/openssl/include/internal/ssl_lib.h (100%)
 rename components/{ssl/mbedtls/port => }/openssl/include/internal/ssl_methods.h (85%)
 rename components/{ssl/mbedtls/port => }/openssl/include/internal/ssl_pkey.h (100%)
 rename components/{ssl/mbedtls/port => }/openssl/include/internal/ssl_stack.h (100%)
 rename components/{ssl/mbedtls/port => }/openssl/include/internal/ssl_types.h (88%)
 rename components/{ssl/mbedtls/port => }/openssl/include/internal/ssl_x509.h (62%)
 rename components/{ssl/mbedtls/port => }/openssl/include/internal/tls1.h (100%)
 rename components/{ssl/mbedtls/port => }/openssl/include/internal/x509_vfy.h (100%)
 rename components/{ssl/mbedtls/port => }/openssl/include/openssl/ssl.h (94%)
 create mode 100644 components/openssl/include/platform/ssl_opt.h
 rename components/{ssl/mbedtls/port => }/openssl/include/platform/ssl_pm.h (92%)
 rename components/{ssl/mbedtls/port => }/openssl/include/platform/ssl_port.h (60%)
 rename components/{ssl/mbedtls/port/openssl/source => openssl}/library/ssl_cert.c (100%)
 rename components/{ssl/mbedtls/port/openssl/source => openssl}/library/ssl_lib.c (93%)
 rename components/{ssl/mbedtls/port/openssl/source => openssl}/library/ssl_methods.c (96%)
 rename components/{ssl/mbedtls/port/openssl/source => openssl}/library/ssl_pkey.c (100%)
 rename components/{ssl/mbedtls/port/openssl/source => openssl}/library/ssl_stack.c (100%)
 rename components/{ssl/mbedtls/port/openssl/source => openssl}/library/ssl_x509.c (67%)
 rename components/{ssl/mbedtls/port/openssl/source => openssl}/platform/ssl_pm.c (86%)
 create mode 100644 components/openssl/platform/ssl_port.c
 delete mode 100644 components/ssl/CMakeLists.txt
 delete mode 100644 components/ssl/Kconfig
 delete mode 100644 components/ssl/Makefile.projbuild
 delete mode 100644 components/ssl/component.mk
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/aes.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/aesni.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/arc4.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/asn1.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/asn1write.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/base64.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/bignum.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/blowfish.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/bn_mul.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/camellia.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/ccm.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/certs.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/check_config.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/cipher.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/cipher_internal.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/cmac.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/compat-1.3.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/debug.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/des.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/dhm.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/ecdh.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/ecdsa.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/ecjpake.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/ecp.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/ecp_internal.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/entropy.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/entropy_poll.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/error.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/gcm.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/havege.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/md.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/md2.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/md4.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/md5.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/md_internal.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/net.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/net_sockets.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/oid.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/padlock.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/pem.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/pk.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/pk_internal.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/pkcs11.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/pkcs12.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/pkcs5.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/platform.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/platform_time.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/ripemd160.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/rsa.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/rsa_internal.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/sha1.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/sha256.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/sha512.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/ssl.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_cache.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_ciphersuites.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_internal.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/threading.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/timing.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/version.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/x509.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/x509_crl.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/x509_crt.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/x509_csr.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/include/mbedtls/xtea.h
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/aes.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/aesni.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/arc4.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/asn1parse.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/asn1write.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/base64.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/bignum.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/blowfish.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/camellia.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/ccm.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/certs.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/cipher.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/cipher_wrap.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/cmac.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/ctr_drbg.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/debug.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/des.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/dhm.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/ecdh.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/ecdsa.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/ecjpake.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/ecp.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/ecp_curves.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/entropy.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/entropy_poll.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/error.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/gcm.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/havege.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/hmac_drbg.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/md.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/md2.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/md4.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/md5.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/md_wrap.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/memory_buffer_alloc.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/net_sockets.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/oid.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/padlock.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/pem.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/pk.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/pk_wrap.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/pkcs11.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/pkcs12.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/pkcs5.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/pkparse.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/pkwrite.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/platform.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/ripemd160.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/rsa.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/rsa_internal.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/ssl_cache.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/ssl_ciphersuites.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/ssl_cli.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/ssl_cookie.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/ssl_srv.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/ssl_ticket.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/ssl_tls.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/threading.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/timing.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/version.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/version_features.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/x509.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/x509_create.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/x509_crl.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/x509_crt.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/x509_csr.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/x509write_crt.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/x509write_csr.c
 delete mode 100644 components/ssl/mbedtls/mbedtls/library/xtea.c
 delete mode 100644 components/ssl/mbedtls/port/esp8266/include/aes_alt.h
 delete mode 100644 components/ssl/mbedtls/port/esp8266/include/arc4_alt.h
 delete mode 100644 components/ssl/mbedtls/port/esp8266/include/mbedtls/esp_config.h
 delete mode 100644 components/ssl/mbedtls/port/esp8266/include/md5_alt.h
 delete mode 100644 components/ssl/mbedtls/port/esp8266/include/sha256_alt.h
 delete mode 100644 components/ssl/mbedtls/port/esp8266/include/sha512_alt.h
 delete mode 100644 components/ssl/mbedtls/port/esp8266/net.c
 delete mode 100644 components/ssl/mbedtls/port/openssl/include/platform/ssl_opt.h
 delete mode 100644 components/ssl/mbedtls/port/openssl/source/platform/ssl_pm_extend.c
 delete mode 100644 components/ssl/wolfssl/README
 delete mode 100644 components/ssl/wolfssl/include/user_settings.h
 delete mode 100644 components/ssl/wolfssl/lib/libwolfssl.a
 delete mode 100644 components/ssl/wolfssl/lib/libwolfssl_debug.a
 delete mode 100644 components/ssl/wolfssl/source/cmake_compiling.c
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/openssl/asn1.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/openssl/bn.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/openssl/crypto.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/openssl/dsa.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/openssl/ec.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/openssl/evp.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/openssl/hmac.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/openssl/md5.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/openssl/opensslv.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/openssl/ripemd.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/openssl/rsa.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/openssl/sha.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/openssl/ssl.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/ssl.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/version.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/arc4.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/asn_public.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/des3.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/integer.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/md5.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_class.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_superclass.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/pwdbased.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/visibility.h
 delete mode 100755 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfmath.h
 delete mode 100644 components/ssl/wolfssl/wolfssl/wolfssl/wolfio.h

diff --git a/.gitmodules b/.gitmodules
index f345c7f4..bc3b015d 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,7 @@
 [submodule "components/json/cJSON"]
 	path = components/json/cJSON
 	url = ../../DaveGamble/cJSON.git
+
+[submodule "components/mbedtls/mbedtls"]
+	path = components/mbedtls/mbedtls
+	url = ../../espressif/mbedtls.git
diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt
new file mode 100644
index 00000000..a2d08230
--- /dev/null
+++ b/components/mbedtls/CMakeLists.txt
@@ -0,0 +1,41 @@
+idf_component_register(INCLUDE_DIRS "port/include" "mbedtls/include"
+                    REQUIRES lwip)
+
+# Only build mbedtls libraries
+set(ENABLE_TESTING CACHE BOOL OFF)
+set(ENABLE_PROGRAMS CACHE BOOL OFF)
+
+# Needed to for include_next includes to work from within mbedtls
+include_directories("${COMPONENT_DIR}/port/include")
+
+# Import mbedtls library targets
+add_subdirectory(mbedtls)
+
+# Use port specific implementation of net_socket.c instead of one from mbedtls
+get_target_property(src_tls mbedtls SOURCES)
+list(REMOVE_ITEM src_tls net_sockets.c)
+set_property(TARGET mbedtls PROPERTY SOURCES ${src_tls})
+
+set(mbedtls_targets mbedtls mbedcrypto mbedx509)
+
+# Add port files to mbedtls targets
+target_sources(mbedtls PRIVATE  "${COMPONENT_DIR}/port/mbedtls_debug.c"
+                                "${COMPONENT_DIR}/port/net_sockets.c")
+
+target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_bignum.c"
+                                "${COMPONENT_DIR}/port/esp_hardware.c"
+                                "${COMPONENT_DIR}/port/esp_mem.c"
+                                "${COMPONENT_DIR}/port/esp_sha.c"
+                                "${COMPONENT_DIR}/port/esp_sha1.c"
+                                "${COMPONENT_DIR}/port/esp_sha256.c"
+                                "${COMPONENT_DIR}/port/esp_sha512.c"
+                                "${COMPONENT_DIR}/port/esp_timing.c"
+                                "${COMPONENT_DIR}/port/esp32/aes.c"
+                                "${COMPONENT_DIR}/port/esp32/sha.c")
+
+foreach(target ${mbedtls_targets})
+    target_compile_definitions(${target} PUBLIC -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h")
+endforeach()
+
+# Link mbedtls libraries to component library
+target_link_libraries(${COMPONENT_LIB} INTERFACE ${mbedtls_targets})
diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
new file mode 100644
index 00000000..a9e7983b
--- /dev/null
+++ b/components/mbedtls/Kconfig
@@ -0,0 +1,599 @@
+menu "mbedTLS"
+
+    choice MBEDTLS_MEM_ALLOC_MODE
+        prompt "Memory allocation strategy"
+        default MBEDTLS_INTERNAL_MEM_ALLOC
+        help
+            Allocation strategy for mbedTLS, essentially provides ability to
+            allocate all required dynamic allocations from,
+
+            - Internal DRAM memory only
+            - External SPIRAM memory only
+            - Either internal or external memory based on default malloc()
+              behavior in ESP-IDF
+            - Custom allocation mode, by overwriting calloc()/free() using
+              mbedtls_platform_set_calloc_free() function
+
+            Recommended mode here is always internal, since that is most preferred
+            from security perspective. But if application requirement does not
+            allow sufficient free internal memory then alternate mode can be
+            selected.
+
+        config MBEDTLS_INTERNAL_MEM_ALLOC
+            bool "Internal memory"
+
+        config MBEDTLS_EXTERNAL_MEM_ALLOC
+            bool "External SPIRAM"
+            depends on ESP32_SPIRAM_SUPPORT
+
+        config MBEDTLS_DEFAULT_MEM_ALLOC
+            bool "Default alloc mode"
+
+        config MBEDTLS_CUSTOM_MEM_ALLOC
+            bool "Custom alloc mode"
+
+    endchoice #MBEDTLS_MEM_ALLOC_MODE
+
+    config MBEDTLS_SSL_MAX_CONTENT_LEN
+        int "TLS maximum message content length"
+        default 16384
+        range 512 16384
+        depends on !MBEDTLS_ASYMMETRIC_CONTENT_LEN
+        help
+            Maximum TLS message length (in bytes) supported by mbedTLS.
+
+            16384 is the default and this value is required to comply
+            fully with TLS standards.
+
+            However you can set a lower value in order to save RAM. This
+            is safe if the other end of the connection supports Maximum
+            Fragment Length Negotiation Extension (max_fragment_length,
+            see RFC6066) or you know for certain that it will never send a
+            message longer than a certain number of bytes.
+
+            If the value is set too low, symptoms are a failed TLS
+            handshake or a return value of MBEDTLS_ERR_SSL_INVALID_RECORD
+            (-0x7200).
+
+    config MBEDTLS_ASYMMETRIC_CONTENT_LEN
+        bool "Asymmetric in/out fragment length"
+        default y
+        help
+            If enabled, this option allows customizing TLS in/out fragment length
+            in asymmetric way. Please note that enabling this with default values
+            saves 12KB of dynamic memory per TLS connection.
+
+    config MBEDTLS_SSL_IN_CONTENT_LEN
+        int "TLS maximum incoming fragment length"
+        default 16384
+        range 512 16384
+        depends on MBEDTLS_ASYMMETRIC_CONTENT_LEN
+        help
+            This defines maximum incoming fragment length, overriding default
+            maximum content length (MBEDTLS_SSL_MAX_CONTENT_LEN).
+
+    config MBEDTLS_SSL_OUT_CONTENT_LEN
+        int "TLS maximum outgoing fragment length"
+        default 4096
+        range 512 16384
+        depends on MBEDTLS_ASYMMETRIC_CONTENT_LEN
+        help
+            This defines maximum outgoing fragment length, overriding default
+            maximum content length (MBEDTLS_SSL_MAX_CONTENT_LEN).
+
+    config MBEDTLS_DEBUG
+        bool "Enable mbedTLS debugging"
+        default n
+        help
+            Enable mbedTLS debugging functions at compile time.
+
+            If this option is enabled, you can include
+            "mbedtls/esp_debug.h" and call mbedtls_esp_enable_debug_log()
+            at runtime in order to enable mbedTLS debug output via the ESP
+            log mechanism.
+
+    choice MBEDTLS_DEBUG_LEVEL
+        bool "Set mbedTLS debugging level"
+        depends on MBEDTLS_DEBUG
+        default MBEDTLS_DEBUG_LEVEL_VERBOSE
+        help
+            Set mbedTLS debugging level
+
+        config MBEDTLS_DEBUG_LEVEL_WARN
+            bool "Warning"
+        config MBEDTLS_DEBUG_LEVEL_INFO
+            bool "Info"
+        config MBEDTLS_DEBUG_LEVEL_DEBUG
+            bool "Debug"
+        config MBEDTLS_DEBUG_LEVEL_VERBOSE
+            bool "Verbose"
+    endchoice
+
+    config MBEDTLS_DEBUG_LEVEL
+        int
+        default 1 if MBEDTLS_DEBUG_LEVEL_WARN
+        default 2 if MBEDTLS_DEBUG_LEVEL_INFO
+        default 3 if MBEDTLS_DEBUG_LEVEL_DEBUG
+        default 4 if MBEDTLS_DEBUG_LEVEL_VERBOSE
+
+    config MBEDTLS_HARDWARE_AES
+        bool "Enable hardware AES acceleration"
+        default y
+        help
+            Enable hardware accelerated AES encryption & decryption.
+
+            Note that if the ESP32 CPU is running at 240MHz, hardware AES does not
+            offer any speed boost over software AES.
+
+    config MBEDTLS_HARDWARE_MPI
+        bool "Enable hardware MPI (bignum) acceleration"
+        default n
+        help
+            Enable hardware accelerated multiple precision integer operations.
+
+            Hardware accelerated multiplication, modulo multiplication,
+            and modular exponentiation for up to 4096 bit results.
+
+            These operations are used by RSA.
+
+    config MBEDTLS_MPI_USE_INTERRUPT
+        bool "Use interrupt for MPI operations"
+        depends on MBEDTLS_HARDWARE_MPI
+        default n
+        help
+            Use an interrupt to coordinate MPI operations.
+
+            This allows other code to run on the CPU while an MPI operation is pending.
+            Otherwise the CPU busy-waits.
+
+    config MBEDTLS_HARDWARE_SHA
+        bool "Enable hardware SHA acceleration"
+        default n
+        help
+            Enable hardware accelerated SHA1, SHA256, SHA384 & SHA512 in mbedTLS.
+
+            Due to a hardware limitation, hardware acceleration is only
+            guaranteed if SHA digests are calculated one at a time. If more
+            than one SHA digest is calculated at the same time, one will
+            be calculated fully in hardware and the rest will be calculated
+            (at least partially calculated) in software. This happens automatically.
+
+            SHA hardware acceleration is faster than software in some situations but
+            slower in others. You should benchmark to find the best setting for you.
+
+    config MBEDTLS_HAVE_TIME
+        bool "Enable mbedtls time"
+        depends on !ESP32_TIME_SYSCALL_USE_NONE
+        default y
+        help
+            System has time.h and time().
+            The time does not need to be correct, only time differences are used.
+
+    config MBEDTLS_HAVE_TIME_DATE
+        bool "Enable mbedtls certificate expiry check"
+        depends on MBEDTLS_HAVE_TIME
+        default n
+        help
+            System has time.h and time(), gmtime() and the clock is correct.
+            The time needs to be correct (not necesarily very accurate, but at least
+            the date should be correct). This is used to verify the validity period of
+            X.509 certificates.
+
+            It is suggested that you should get the real time by "SNTP".
+
+    choice MBEDTLS_TLS_MODE
+        bool "TLS Protocol Role"
+        default MBEDTLS_TLS_SERVER_AND_CLIENT
+        help
+            mbedTLS can be compiled with protocol support for the TLS
+            server, TLS client, or both server and client.
+
+            Reducing the number of TLS roles supported saves code size.
+
+        config MBEDTLS_TLS_SERVER_AND_CLIENT
+            bool "Server & Client"
+            select MBEDTLS_TLS_SERVER
+            select MBEDTLS_TLS_CLIENT
+        config MBEDTLS_TLS_SERVER_ONLY
+            bool "Server"
+            select MBEDTLS_TLS_SERVER
+        config MBEDTLS_TLS_CLIENT_ONLY
+            bool "Client"
+            select MBEDTLS_TLS_CLIENT
+        config MBEDTLS_TLS_DISABLED
+            bool "None"
+
+    endchoice
+
+    config MBEDTLS_TLS_SERVER
+        bool
+        select MBEDTLS_TLS_ENABLED
+    config MBEDTLS_TLS_CLIENT
+        bool
+        select MBEDTLS_TLS_ENABLED
+    config MBEDTLS_TLS_ENABLED
+        bool
+
+    menu "TLS Key Exchange Methods"
+        depends on MBEDTLS_TLS_ENABLED
+
+        config MBEDTLS_PSK_MODES
+            bool "Enable pre-shared-key ciphersuites"
+            default n
+            help
+                Enable to show configuration for different types of pre-shared-key TLS authentatication methods.
+
+                Leaving this options disabled will save code size if they are not used.
+
+        config MBEDTLS_KEY_EXCHANGE_PSK
+            bool "Enable PSK based ciphersuite modes"
+            depends on MBEDTLS_PSK_MODES
+            default n
+            help
+                Enable to support symmetric key PSK (pre-shared-key) TLS key exchange modes.
+
+        config MBEDTLS_KEY_EXCHANGE_DHE_PSK
+            bool "Enable DHE-PSK based ciphersuite modes"
+            depends on MBEDTLS_PSK_MODES
+            default y
+            help
+                Enable to support Diffie-Hellman PSK (pre-shared-key) TLS authentication modes.
+
+        config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
+            bool "Enable ECDHE-PSK based ciphersuite modes"
+            depends on MBEDTLS_PSK_MODES && MBEDTLS_ECDH_C
+            default y
+            help
+                Enable to support Elliptic-Curve-Diffie-Hellman PSK (pre-shared-key) TLS authentication modes.
+
+        config MBEDTLS_KEY_EXCHANGE_RSA_PSK
+            bool "Enable RSA-PSK based ciphersuite modes"
+            depends on MBEDTLS_PSK_MODES
+            default y
+            help
+                Enable to support RSA PSK (pre-shared-key) TLS authentication modes.
+
+        config MBEDTLS_KEY_EXCHANGE_RSA
+            bool "Enable RSA-only based ciphersuite modes"
+            default y
+            help
+                Enable to support ciphersuites with prefix TLS-RSA-WITH-
+
+        config MBEDTLS_KEY_EXCHANGE_DHE_RSA
+            bool "Enable DHE-RSA based ciphersuite modes"
+            default y
+            help
+                Enable to support ciphersuites with prefix TLS-DHE-RSA-WITH-
+
+        config MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE
+            bool "Support Elliptic Curve based ciphersuites"
+            depends on MBEDTLS_ECP_C
+            default y
+            help
+                Enable to show Elliptic Curve based ciphersuite mode options.
+
+                Disabling all Elliptic Curve ciphersuites saves code size and
+                can give slightly faster TLS handshakes, provided the server supports
+                RSA-only ciphersuite modes.
+
+        config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
+            bool "Enable ECDHE-RSA based ciphersuite modes"
+            depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C
+            default y
+            help
+                Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
+
+        config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+            bool "Enable ECDHE-ECDSA based ciphersuite modes"
+            depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
+            default y
+            help
+                Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
+
+        config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
+            bool "Enable ECDH-ECDSA based ciphersuite modes"
+            depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
+            default y
+            help
+                Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
+
+        config MBEDTLS_KEY_EXCHANGE_ECDH_RSA
+            bool "Enable ECDH-RSA based ciphersuite modes"
+            depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C
+            default y
+            help
+                Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
+
+    endmenu # TLS key exchange modes
+
+    config MBEDTLS_SSL_RENEGOTIATION
+        bool "Support TLS renegotiation"
+        depends on MBEDTLS_TLS_ENABLED
+        default y
+        help
+            The two main uses of renegotiation are (1) refresh keys on long-lived
+            connections and (2) client authentication after the initial handshake.
+            If you don't need renegotiation, disabling it will save code size and
+            reduce the possibility of abuse/vulnerability.
+
+    config MBEDTLS_SSL_PROTO_SSL3
+        bool "Legacy SSL 3.0 support"
+        depends on MBEDTLS_TLS_ENABLED
+        default n
+        help
+            Support the legacy SSL 3.0 protocol. Most servers will speak a newer
+            TLS protocol these days.
+
+    config MBEDTLS_SSL_PROTO_TLS1
+        bool "Support TLS 1.0 protocol"
+        depends on MBEDTLS_TLS_ENABLED
+        default y
+
+    config MBEDTLS_SSL_PROTO_TLS1_1
+        bool "Support TLS 1.1 protocol"
+        depends on MBEDTLS_TLS_ENABLED
+        default y
+
+    config MBEDTLS_SSL_PROTO_TLS1_2
+        bool "Support TLS 1.2 protocol"
+        depends on MBEDTLS_TLS_ENABLED
+        default y
+
+    config MBEDTLS_SSL_PROTO_DTLS
+        bool "Support DTLS protocol (all versions)"
+        default n
+        depends on MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2
+        help
+            Requires TLS 1.1 to be enabled for DTLS 1.0
+            Requires TLS 1.2 to be enabled for DTLS 1.2
+
+    config MBEDTLS_SSL_ALPN
+        bool "Support ALPN (Application Layer Protocol Negotiation)"
+        depends on MBEDTLS_TLS_ENABLED
+        default y
+        help
+            Disabling this option will save some code size if it is not needed.
+
+    config MBEDTLS_CLIENT_SSL_SESSION_TICKETS
+        bool "TLS: Client Support for RFC 5077 SSL session tickets"
+        default y
+        depends on MBEDTLS_TLS_ENABLED
+        help
+            Client support for RFC 5077 session tickets. See mbedTLS documentation for more details.
+            Disabling this option will save some code size.
+
+    config MBEDTLS_SERVER_SSL_SESSION_TICKETS
+        bool "TLS: Server Support for RFC 5077 SSL session tickets"
+        default y
+        depends on MBEDTLS_TLS_ENABLED
+        help
+            Server support for RFC 5077 session tickets. See mbedTLS documentation for more details.
+            Disabling this option will save some code size.
+
+    menu "Symmetric Ciphers"
+
+        config MBEDTLS_AES_C
+            bool "AES block cipher"
+            default y
+
+        config MBEDTLS_CAMELLIA_C
+            bool "Camellia block cipher"
+            default n
+
+        config MBEDTLS_DES_C
+            bool "DES block cipher (legacy, insecure)"
+            default n
+            help
+                Enables the DES block cipher to support 3DES-based TLS ciphersuites.
+
+                3DES is vulnerable to the Sweet32 attack and should only be enabled
+                if absolutely necessary.
+
+        choice MBEDTLS_RC4_MODE
+            prompt "RC4 Stream Cipher (legacy, insecure)"
+            default MBEDTLS_RC4_DISABLED
+            help
+                    ARCFOUR (RC4) stream cipher can be disabled entirely, enabled but not
+                    added to default ciphersuites, or enabled completely.
+
+                    Please consider the security implications before enabling RC4.
+
+                config MBEDTLS_RC4_DISABLED
+                    bool "Disabled"
+                config MBEDTLS_RC4_ENABLED_NO_DEFAULT
+                    bool "Enabled, not in default ciphersuites"
+                config MBEDTLS_RC4_ENABLED
+                    bool "Enabled"
+        endchoice
+
+        config MBEDTLS_BLOWFISH_C
+            bool "Blowfish block cipher (read help)"
+            default n
+            help
+                    Enables the Blowfish block cipher (not used for TLS sessions.)
+
+                    The Blowfish cipher is not used for mbedTLS TLS sessions but can be
+                    used for other purposes. Read up on the limitations of Blowfish (including
+                    Sweet32) before enabling.
+
+        config MBEDTLS_XTEA_C
+            bool "XTEA block cipher"
+            default n
+            help
+                    Enables the XTEA block cipher.
+
+
+        config MBEDTLS_CCM_C
+            bool "CCM (Counter with CBC-MAC) block cipher modes"
+            default y
+            depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
+            help
+                    Enable Counter with CBC-MAC (CCM) modes for AES and/or Camellia ciphers.
+
+                    Disabling this option saves some code size.
+
+        config MBEDTLS_GCM_C
+            bool "GCM (Galois/Counter) block cipher modes"
+            default y
+            depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
+            help
+                    Enable Galois/Counter Mode for AES and/or Camellia ciphers.
+
+                    This option is generally faster than CCM.
+
+    endmenu # Symmetric Ciphers
+
+    config MBEDTLS_RIPEMD160_C
+        bool "Enable RIPEMD-160 hash algorithm"
+        default n
+        help
+            Enable the RIPEMD-160 hash algorithm.
+
+    menu "Certificates"
+
+        config MBEDTLS_PEM_PARSE_C
+            bool "Read & Parse PEM formatted certificates"
+            default y
+            help
+                Enable decoding/parsing of PEM formatted certificates.
+
+                If your certificates are all in the simpler DER format, disabling
+                this option will save some code size.
+
+        config MBEDTLS_PEM_WRITE_C
+            bool "Write PEM formatted certificates"
+            default y
+            help
+                Enable writing of PEM formatted certificates.
+
+                If writing certificate data only in DER format, disabling this
+                option will save some code size.
+
+        config MBEDTLS_X509_CRL_PARSE_C
+            bool "X.509 CRL parsing"
+            default y
+            help
+                Support for parsing X.509 Certifificate Revocation Lists.
+
+        config MBEDTLS_X509_CSR_PARSE_C
+            bool "X.509 CSR parsing"
+            default y
+            help
+                Support for parsing X.509 Certifificate Signing Requests
+
+    endmenu # Certificates
+
+    menuconfig MBEDTLS_ECP_C
+        bool  "Elliptic Curve Ciphers"
+        default y
+
+    config MBEDTLS_ECDH_C
+        bool "Elliptic Curve Diffie-Hellman (ECDH)"
+        depends on MBEDTLS_ECP_C
+        default y
+        help
+            Enable ECDH. Needed to use ECDHE-xxx TLS ciphersuites.
+
+    config MBEDTLS_ECDSA_C
+        bool "Elliptic Curve DSA"
+        depends on MBEDTLS_ECDH_C
+        default y
+        help
+            Enable ECDSA. Needed to use ECDSA-xxx TLS ciphersuites.
+
+    config MBEDTLS_ECP_DP_SECP192R1_ENABLED
+        bool "Enable SECP192R1 curve"
+        depends on MBEDTLS_ECP_C
+        default y
+        help
+            Enable support for SECP192R1 Elliptic Curve.
+
+    config MBEDTLS_ECP_DP_SECP224R1_ENABLED
+        bool "Enable SECP224R1 curve"
+        depends on MBEDTLS_ECP_C
+        default y
+        help
+            Enable support for SECP224R1 Elliptic Curve.
+
+    config MBEDTLS_ECP_DP_SECP256R1_ENABLED
+        bool "Enable SECP256R1 curve"
+        depends on MBEDTLS_ECP_C
+        default y
+        help
+            Enable support for SECP256R1 Elliptic Curve.
+
+    config MBEDTLS_ECP_DP_SECP384R1_ENABLED
+        bool "Enable SECP384R1 curve"
+        depends on MBEDTLS_ECP_C
+        default y
+        help
+            Enable support for SECP384R1 Elliptic Curve.
+
+    config MBEDTLS_ECP_DP_SECP521R1_ENABLED
+        bool "Enable SECP521R1 curve"
+        depends on MBEDTLS_ECP_C
+        default y
+        help
+            Enable support for SECP521R1 Elliptic Curve.
+
+    config MBEDTLS_ECP_DP_SECP192K1_ENABLED
+        bool "Enable SECP192K1 curve"
+        depends on MBEDTLS_ECP_C
+        default y
+        help
+            Enable support for SECP192K1 Elliptic Curve.
+
+    config MBEDTLS_ECP_DP_SECP224K1_ENABLED
+        bool "Enable SECP224K1 curve"
+        depends on MBEDTLS_ECP_C
+        default y
+        help
+            Enable support for SECP224K1 Elliptic Curve.
+
+    config MBEDTLS_ECP_DP_SECP256K1_ENABLED
+        bool "Enable SECP256K1 curve"
+        depends on MBEDTLS_ECP_C
+        default y
+        help
+            Enable support for SECP256K1 Elliptic Curve.
+
+    config MBEDTLS_ECP_DP_BP256R1_ENABLED
+        bool "Enable BP256R1 curve"
+        depends on MBEDTLS_ECP_C
+        default y
+        help
+            support for DP Elliptic Curve.
+
+    config MBEDTLS_ECP_DP_BP384R1_ENABLED
+        bool "Enable BP384R1 curve"
+        depends on MBEDTLS_ECP_C
+        default y
+        help
+            support for DP Elliptic Curve.
+
+    config MBEDTLS_ECP_DP_BP512R1_ENABLED
+        bool "Enable BP512R1 curve"
+        depends on MBEDTLS_ECP_C
+        default y
+        help
+            support for DP Elliptic Curve.
+
+    config MBEDTLS_ECP_DP_CURVE25519_ENABLED
+        bool "Enable CURVE25519 curve"
+        depends on MBEDTLS_ECP_C
+        default y
+        help
+            Enable support for CURVE25519 Elliptic Curve.
+
+    config MBEDTLS_ECP_NIST_OPTIM
+        bool "NIST 'modulo p' optimisations"
+        depends on MBEDTLS_ECP_C
+        default y
+        help
+            NIST 'modulo p' optimisations increase Elliptic Curve operation performance.
+
+            Disabling this option saves some code size.
+
+            # end of Elliptic Curve options
+
+endmenu  # mbedTLS
diff --git a/components/mbedtls/Makefile.projbuild b/components/mbedtls/Makefile.projbuild
new file mode 100644
index 00000000..9bfba169
--- /dev/null
+++ b/components/mbedtls/Makefile.projbuild
@@ -0,0 +1,8 @@
+# Anyone compiling mbedTLS code needs the name of the
+# alternative config file
+CPPFLAGS += -DMBEDTLS_CONFIG_FILE='"mbedtls/esp_config.h"'
+
+# Catch usage of deprecated mbedTLS functions when building tests
+ifneq ("$(filter mbedtls,$(TEST_COMPONENTS_LIST))","")
+CPPFLAGS += -DMBEDTLS_DEPRECATED_WARNING
+endif
diff --git a/components/mbedtls/component.mk b/components/mbedtls/component.mk
new file mode 100644
index 00000000..09ce80c9
--- /dev/null
+++ b/components/mbedtls/component.mk
@@ -0,0 +1,12 @@
+#
+# Component Makefile
+#
+
+COMPONENT_ADD_INCLUDEDIRS := port/include mbedtls/include
+
+COMPONENT_SRCDIRS := mbedtls/library port port/esp32
+
+COMPONENT_OBJEXCLUDE := mbedtls/library/net_sockets.o
+
+COMPONENT_SUBMODULES += mbedtls
+
diff --git a/components/mbedtls/mbedtls b/components/mbedtls/mbedtls
new file mode 160000
index 00000000..97959e77
--- /dev/null
+++ b/components/mbedtls/mbedtls
@@ -0,0 +1 @@
+Subproject commit 97959e77912524bd8db7cbb2e00fc9f6189f7a82
diff --git a/components/mbedtls/port/esp32/aes.c b/components/mbedtls/port/esp32/aes.c
new file mode 100644
index 00000000..db8f1bf5
--- /dev/null
+++ b/components/mbedtls/port/esp32/aes.c
@@ -0,0 +1,768 @@
+/**
+ * \brief AES block cipher, ESP32 hardware accelerated version
+ * Based on mbedTLS FIPS-197 compliant version.
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Additions Copyright (C) 2016-2017, Espressif Systems (Shanghai) PTE Ltd
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+/*
+ *  The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
+ *
+ *  http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
+ *  http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
+ */
+#include <string.h>
+#include "mbedtls/aes.h"
+#include "mbedtls/platform_util.h"
+#include "esp32/aes.h"
+#include "soc/hwcrypto_periph.h"
+#include <sys/lock.h>
+
+#include <freertos/FreeRTOS.h>
+
+#include "soc/cpu.h"
+#include <stdio.h>
+#include "driver/periph_ctrl.h"
+
+
+/* AES uses a spinlock mux not a lock as the underlying block operation
+   only takes 208 cycles (to write key & compute block), +600 cycles
+   for DPORT protection but +3400 cycles again if you use a full sized lock.
+
+   For CBC, CFB, etc. this may mean that interrupts are disabled for a longer
+   period of time for bigger lengths. However at the moment this has to happen
+   anyway due to DPORT protection...
+*/
+static portMUX_TYPE aes_spinlock = portMUX_INITIALIZER_UNLOCKED;
+
+static inline bool valid_key_length(const esp_aes_context *ctx)
+{
+    return ctx->key_bytes == 128/8 || ctx->key_bytes == 192/8 || ctx->key_bytes == 256/8;
+}
+
+void esp_aes_acquire_hardware( void )
+{
+    portENTER_CRITICAL(&aes_spinlock);
+
+    /* Enable AES hardware */
+    periph_module_enable(PERIPH_AES_MODULE);
+}
+
+void esp_aes_release_hardware( void )
+{
+    /* Disable AES hardware */
+    periph_module_disable(PERIPH_AES_MODULE);
+
+    portEXIT_CRITICAL(&aes_spinlock);
+}
+
+void esp_aes_init( esp_aes_context *ctx )
+{
+    bzero( ctx, sizeof( esp_aes_context ) );
+}
+
+void esp_aes_free( esp_aes_context *ctx )
+{
+    if ( ctx == NULL ) {
+        return;
+    }
+
+    bzero( ctx, sizeof( esp_aes_context ) );
+}
+
+
+
+/*
+ * AES key schedule (same for encryption or decryption, as hardware handles schedule)
+ *
+ */
+int esp_aes_setkey( esp_aes_context *ctx, const unsigned char *key,
+                    unsigned int keybits )
+{
+    if (keybits != 128 && keybits != 192 && keybits != 256) {
+        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+    }
+    ctx->key_bytes = keybits / 8;
+    memcpy(ctx->key, key, ctx->key_bytes);
+    ctx->key_in_hardware = 0;
+    return 0;
+}
+
+/*
+ * Helper function to copy key from esp_aes_context buffer
+ * to hardware key registers.
+ *
+ * Call only while holding esp_aes_acquire_hardware().
+ */
+static void esp_aes_setkey_hardware(esp_aes_context *ctx, int mode)
+{
+    const uint32_t MODE_DECRYPT_BIT = 4;
+    unsigned mode_reg_base = (mode == ESP_AES_ENCRYPT) ? 0 : MODE_DECRYPT_BIT;
+
+    ctx->key_in_hardware = 0;
+
+    for (int i = 0; i < ctx->key_bytes/4; ++i) {
+        DPORT_REG_WRITE(AES_KEY_BASE + i * 4, *(((uint32_t *)ctx->key) + i));
+        ctx->key_in_hardware += 4;
+    }
+
+    DPORT_REG_WRITE(AES_MODE_REG, mode_reg_base + ((ctx->key_bytes / 8) - 2));
+
+    /* Fault injection check: all words of key data should have been written to hardware */
+    if (ctx->key_in_hardware < 16
+        || ctx->key_in_hardware != ctx->key_bytes) {
+        abort();
+    }
+}
+
+/* Run a single 16 byte block of AES, using the hardware engine.
+ *
+ * Call only while holding esp_aes_acquire_hardware().
+ */
+static int esp_aes_block(esp_aes_context *ctx, const void *input, void *output)
+{
+    const uint32_t *input_words = (const uint32_t *)input;
+    uint32_t i0, i1, i2, i3;
+    uint32_t *output_words = (uint32_t *)output;
+
+    /* If no key is written to hardware yet, either the user hasn't called
+       mbedtls_aes_setkey_enc/mbedtls_aes_setkey_dec - meaning we also don't
+       know which mode to use - or a fault skipped the
+       key write to hardware. Treat this as a fatal error and zero the output block.
+    */
+    if (ctx->key_in_hardware != ctx->key_bytes) {
+        bzero(output, 16);
+        return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
+    }
+
+    /* Storing i0,i1,i2,i3 in registers not an array
+       helps a lot with optimisations at -Os level */
+    i0 = input_words[0];
+    DPORT_REG_WRITE(AES_TEXT_BASE, i0);
+
+    i1 = input_words[1];
+    DPORT_REG_WRITE(AES_TEXT_BASE + 4, i1);
+
+    i2 = input_words[2];
+    DPORT_REG_WRITE(AES_TEXT_BASE + 8, i2);
+
+    i3 = input_words[3];
+    DPORT_REG_WRITE(AES_TEXT_BASE + 12, i3);
+
+    DPORT_REG_WRITE(AES_START_REG, 1);
+
+    while (DPORT_REG_READ(AES_IDLE_REG) != 1) { }
+
+    esp_dport_access_read_buffer(output_words, AES_TEXT_BASE, 4);
+
+    /* Physical security check: Verify the AES accelerator actually ran, and wasn't
+       skipped due to external fault injection while starting the peripheral.
+
+       Note that i0,i1,i2,i3 are copied from input buffer in case input==output.
+
+       Bypassing this check requires at least one additional fault.
+    */
+    if(i0 == output_words[0] && i1 == output_words[1] && i2 == output_words[2] && i3 == output_words[3]) {
+        // calling zeroing functions to narrow the
+        // window for a double-fault of the abort step, here
+        memset(output, 0, 16);
+        mbedtls_platform_zeroize(output, 16);
+        abort();
+    }
+
+    return 0;
+}
+
+/*
+ * AES-ECB block encryption
+ */
+int esp_internal_aes_encrypt( esp_aes_context *ctx,
+                      const unsigned char input[16],
+                      unsigned char output[16] )
+{
+    int r;
+
+    if (!valid_key_length(ctx)) {
+        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+    }
+
+    esp_aes_acquire_hardware();
+    ctx->key_in_hardware = 0;
+    esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
+    r = esp_aes_block(ctx, input, output);
+    esp_aes_release_hardware();
+    return r;
+}
+
+void esp_aes_encrypt( esp_aes_context *ctx,
+        const unsigned char input[16],
+        unsigned char output[16] )
+{
+    esp_internal_aes_encrypt(ctx, input, output);
+}
+
+/*
+ * AES-ECB block decryption
+ */
+
+int esp_internal_aes_decrypt( esp_aes_context *ctx,
+                      const unsigned char input[16],
+                      unsigned char output[16] )
+{
+    int r;
+
+    if (!valid_key_length(ctx)) {
+        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+    }
+
+    esp_aes_acquire_hardware();
+    ctx->key_in_hardware = 0;
+    esp_aes_setkey_hardware(ctx, ESP_AES_DECRYPT);
+    r = esp_aes_block(ctx, input, output);
+    esp_aes_release_hardware();
+    return r;
+}
+
+void esp_aes_decrypt( esp_aes_context *ctx,
+                      const unsigned char input[16],
+                      unsigned char output[16] )
+{
+    esp_internal_aes_decrypt(ctx, input, output);
+}
+
+/*
+ * AES-ECB block encryption/decryption
+ */
+int esp_aes_crypt_ecb( esp_aes_context *ctx,
+                       int mode,
+                       const unsigned char input[16],
+                       unsigned char output[16] )
+{
+    int r;
+
+    if (!valid_key_length(ctx)) {
+        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+    }
+
+    esp_aes_acquire_hardware();
+    ctx->key_in_hardware = 0;
+    esp_aes_setkey_hardware(ctx, mode);
+    r = esp_aes_block(ctx, input, output);
+    esp_aes_release_hardware();
+
+    return r;
+}
+
+
+/*
+ * AES-CBC buffer encryption/decryption
+ */
+int esp_aes_crypt_cbc( esp_aes_context *ctx,
+                       int mode,
+                       size_t length,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output )
+{
+    int i;
+    uint32_t *output_words = (uint32_t *)output;
+    const uint32_t *input_words = (const uint32_t *)input;
+    uint32_t *iv_words = (uint32_t *)iv;
+    unsigned char temp[16];
+
+    if ( length % 16 ) {
+        return ( ERR_ESP_AES_INVALID_INPUT_LENGTH );
+    }
+
+    if (!valid_key_length(ctx)) {
+        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+    }
+
+    esp_aes_acquire_hardware();
+    ctx->key_in_hardware = 0;
+
+    esp_aes_setkey_hardware(ctx, mode);
+
+    if ( mode == ESP_AES_DECRYPT ) {
+        while ( length > 0 ) {
+            memcpy(temp, input_words, 16);
+            esp_aes_block(ctx, input_words, output_words);
+
+            for ( i = 0; i < 4; i++ ) {
+                output_words[i] = output_words[i] ^ iv_words[i];
+            }
+
+            memcpy( iv_words, temp, 16 );
+
+            input_words += 4;
+            output_words += 4;
+            length -= 16;
+        }
+    } else { // ESP_AES_ENCRYPT
+        while ( length > 0 ) {
+
+            for ( i = 0; i < 4; i++ ) {
+                output_words[i] = input_words[i] ^ iv_words[i];
+            }
+
+            esp_aes_block(ctx, output_words, output_words);
+            memcpy( iv_words, output_words, 16 );
+
+            input_words  += 4;
+            output_words += 4;
+            length -= 16;
+        }
+    }
+
+    esp_aes_release_hardware();
+
+    return 0;
+}
+
+/*
+ * AES-CFB128 buffer encryption/decryption
+ */
+int esp_aes_crypt_cfb128( esp_aes_context *ctx,
+                          int mode,
+                          size_t length,
+                          size_t *iv_off,
+                          unsigned char iv[16],
+                          const unsigned char *input,
+                          unsigned char *output )
+{
+    int c;
+    size_t n = *iv_off;
+
+    if (!valid_key_length(ctx)) {
+        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+    }
+
+    esp_aes_acquire_hardware();
+    ctx->key_in_hardware = 0;
+
+    esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
+
+    if ( mode == ESP_AES_DECRYPT ) {
+        while ( length-- ) {
+            if ( n == 0 ) {
+                esp_aes_block(ctx, iv, iv);
+            }
+
+            c = *input++;
+            *output++ = (unsigned char)( c ^ iv[n] );
+            iv[n] = (unsigned char) c;
+
+            n = ( n + 1 ) & 0x0F;
+        }
+    } else {
+        while ( length-- ) {
+            if ( n == 0 ) {
+                esp_aes_block(ctx, iv, iv);
+            }
+
+            iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
+
+            n = ( n + 1 ) & 0x0F;
+        }
+    }
+
+    *iv_off = n;
+
+    esp_aes_release_hardware();
+
+    return 0;
+}
+
+/*
+ * AES-CFB8 buffer encryption/decryption
+ */
+int esp_aes_crypt_cfb8( esp_aes_context *ctx,
+                        int mode,
+                        size_t length,
+                        unsigned char iv[16],
+                        const unsigned char *input,
+                        unsigned char *output )
+{
+    unsigned char c;
+    unsigned char ov[17];
+
+    if (!valid_key_length(ctx)) {
+        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+    }
+
+    esp_aes_acquire_hardware();
+    ctx->key_in_hardware = 0;
+
+    esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
+
+    while ( length-- ) {
+        memcpy( ov, iv, 16 );
+        esp_aes_block(ctx, iv, iv);
+
+        if ( mode == ESP_AES_DECRYPT ) {
+            ov[16] = *input;
+        }
+
+        c = *output++ = (unsigned char)( iv[0] ^ *input++ );
+
+        if ( mode == ESP_AES_ENCRYPT ) {
+            ov[16] = c;
+        }
+
+        memcpy( iv, ov + 1, 16 );
+    }
+
+    esp_aes_release_hardware();
+
+    return 0;
+}
+
+/*
+ * AES-CTR buffer encryption/decryption
+ */
+int esp_aes_crypt_ctr( esp_aes_context *ctx,
+                       size_t length,
+                       size_t *nc_off,
+                       unsigned char nonce_counter[16],
+                       unsigned char stream_block[16],
+                       const unsigned char *input,
+                       unsigned char *output )
+{
+    int c, i;
+    size_t n = *nc_off;
+
+    if (!valid_key_length(ctx)) {
+        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+    }
+
+    esp_aes_acquire_hardware();
+    ctx->key_in_hardware = 0;
+
+    esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
+
+    while ( length-- ) {
+        if ( n == 0 ) {
+            esp_aes_block(ctx, nonce_counter, stream_block);
+
+            for ( i = 16; i > 0; i-- )
+                if ( ++nonce_counter[i - 1] != 0 ) {
+                    break;
+                }
+        }
+        c = *input++;
+        *output++ = (unsigned char)( c ^ stream_block[n] );
+
+        n = ( n + 1 ) & 0x0F;
+    }
+
+    *nc_off = n;
+
+    esp_aes_release_hardware();
+
+    return 0;
+}
+
+/*
+ * AES-OFB (Output Feedback Mode) buffer encryption/decryption
+ */
+int esp_aes_crypt_ofb( esp_aes_context *ctx,
+                           size_t length,
+                           size_t *iv_off,
+                           unsigned char iv[16],
+                           const unsigned char *input,
+                           unsigned char *output )
+{
+    int ret = 0;
+    size_t n;
+
+    if ( ctx == NULL || iv_off == NULL || iv == NULL ||
+        input == NULL || output == NULL ) {
+            return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
+    }
+
+    n = *iv_off;
+
+    if( n > 15 ) {
+        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
+    }
+
+    if (!valid_key_length(ctx)) {
+        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
+    }
+
+    esp_aes_acquire_hardware();
+
+    esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
+
+    while( length-- ) {
+        if( n == 0 ) {
+            esp_aes_block(ctx, iv, iv);
+        }
+        *output++ =  *input++ ^ iv[n];
+
+        n = ( n + 1 ) & 0x0F;
+    }
+
+    *iv_off = n;
+
+    esp_aes_release_hardware();
+
+    return( ret );
+}
+
+/* Below XTS implementation is copied aes.c of mbedtls library. 
+ * When MBEDTLS_AES_ALT is defined mbedtls expects alternate
+ * definition of XTS functions to be available. Even if this 
+ * could have been avoided, it is done for consistency reason.
+ */
+
+void esp_aes_xts_init( esp_aes_xts_context *ctx )
+{
+    esp_aes_init( &ctx->crypt );
+    esp_aes_init( &ctx->tweak );
+}
+
+void esp_aes_xts_free( esp_aes_xts_context *ctx )
+{
+    esp_aes_free( &ctx->crypt );
+    esp_aes_free( &ctx->tweak );
+}
+
+static int esp_aes_xts_decode_keys( const unsigned char *key,
+                                        unsigned int keybits,
+                                        const unsigned char **key1,
+                                        unsigned int *key1bits,
+                                        const unsigned char **key2,
+                                        unsigned int *key2bits )
+{
+    const unsigned int half_keybits = keybits / 2;
+    const unsigned int half_keybytes = half_keybits / 8;
+
+    switch( keybits )
+    {
+        case 256: break;
+        case 512: break;
+        default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
+    }
+
+    *key1bits = half_keybits;
+    *key2bits = half_keybits;
+    *key1 = &key[0];
+    *key2 = &key[half_keybytes];
+
+    return 0;
+}
+
+int esp_aes_xts_setkey_enc( esp_aes_xts_context *ctx,
+                                const unsigned char *key,
+                                unsigned int keybits)
+{
+    int ret;
+    const unsigned char *key1, *key2;
+    unsigned int key1bits, key2bits;
+
+    ret = esp_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
+                                       &key2, &key2bits );
+    if( ret != 0 )
+        return( ret );
+
+    /* Set the tweak key. Always set tweak key for the encryption mode. */
+    ret = esp_aes_setkey( &ctx->tweak, key2, key2bits );
+    if( ret != 0 )
+        return( ret );
+
+    /* Set crypt key for encryption. */
+    return esp_aes_setkey( &ctx->crypt, key1, key1bits );
+}
+
+int esp_aes_xts_setkey_dec( esp_aes_xts_context *ctx,
+                                const unsigned char *key,
+                                unsigned int keybits)
+{
+    int ret;
+    const unsigned char *key1, *key2;
+    unsigned int key1bits, key2bits;
+
+    ret = esp_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
+                                       &key2, &key2bits );
+    if( ret != 0 )
+        return( ret );
+
+    /* Set the tweak key. Always set tweak key for encryption. */
+    ret = esp_aes_setkey( &ctx->tweak, key2, key2bits );
+    if( ret != 0 )
+        return( ret );
+
+    /* Set crypt key for decryption. */
+    return esp_aes_setkey( &ctx->crypt, key1, key1bits );
+}
+
+/* Endianess with 64 bits values */
+#ifndef GET_UINT64_LE
+#define GET_UINT64_LE(n,b,i)                            \
+{                                                       \
+    (n) = ( (uint64_t) (b)[(i) + 7] << 56 )             \
+        | ( (uint64_t) (b)[(i) + 6] << 48 )             \
+        | ( (uint64_t) (b)[(i) + 5] << 40 )             \
+        | ( (uint64_t) (b)[(i) + 4] << 32 )             \
+        | ( (uint64_t) (b)[(i) + 3] << 24 )             \
+        | ( (uint64_t) (b)[(i) + 2] << 16 )             \
+        | ( (uint64_t) (b)[(i) + 1] <<  8 )             \
+        | ( (uint64_t) (b)[(i)    ]       );            \
+}
+#endif
+
+#ifndef PUT_UINT64_LE
+#define PUT_UINT64_LE(n,b,i)                            \
+{                                                       \
+    (b)[(i) + 7] = (unsigned char) ( (n) >> 56 );       \
+    (b)[(i) + 6] = (unsigned char) ( (n) >> 48 );       \
+    (b)[(i) + 5] = (unsigned char) ( (n) >> 40 );       \
+    (b)[(i) + 4] = (unsigned char) ( (n) >> 32 );       \
+    (b)[(i) + 3] = (unsigned char) ( (n) >> 24 );       \
+    (b)[(i) + 2] = (unsigned char) ( (n) >> 16 );       \
+    (b)[(i) + 1] = (unsigned char) ( (n) >>  8 );       \
+    (b)[(i)    ] = (unsigned char) ( (n)       );       \
+}
+#endif
+
+typedef unsigned char esp_be128[16];
+
+/*
+ * GF(2^128) multiplication function
+ *
+ * This function multiplies a field element by x in the polynomial field
+ * representation. It uses 64-bit word operations to gain speed but compensates
+ * for machine endianess and hence works correctly on both big and little
+ * endian machines.
+ */
+static void esp_gf128mul_x_ble( unsigned char r[16],
+                                    const unsigned char x[16] )
+{
+    uint64_t a, b, ra, rb;
+
+    GET_UINT64_LE( a, x, 0 );
+    GET_UINT64_LE( b, x, 8 );
+
+    ra = ( a << 1 )  ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) );
+    rb = ( a >> 63 ) | ( b << 1 );
+
+    PUT_UINT64_LE( ra, r, 0 );
+    PUT_UINT64_LE( rb, r, 8 );
+}
+
+/*
+ * AES-XTS buffer encryption/decryption
+ */
+int esp_aes_crypt_xts( esp_aes_xts_context *ctx,
+                           int mode,
+                           size_t length,
+                           const unsigned char data_unit[16],
+                           const unsigned char *input,
+                           unsigned char *output )
+{
+    int ret;
+    size_t blocks = length / 16;
+    size_t leftover = length % 16;
+    unsigned char tweak[16];
+    unsigned char prev_tweak[16];
+    unsigned char tmp[16];
+
+    /* Sectors must be at least 16 bytes. */
+    if( length < 16 )
+        return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
+
+    /* NIST SP 80-38E disallows data units larger than 2**20 blocks. */
+    if( length > ( 1 << 20 ) * 16 )
+        return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
+
+    /* Compute the tweak. */
+    ret = esp_aes_crypt_ecb( &ctx->tweak, MBEDTLS_AES_ENCRYPT,
+                                 data_unit, tweak );
+    if( ret != 0 )
+        return( ret );
+
+    while( blocks-- )
+    {
+        size_t i;
+
+        if( leftover && ( mode == MBEDTLS_AES_DECRYPT ) && blocks == 0 )
+        {
+            /* We are on the last block in a decrypt operation that has
+             * leftover bytes, so we need to use the next tweak for this block,
+             * and this tweak for the lefover bytes. Save the current tweak for
+             * the leftovers and then update the current tweak for use on this,
+             * the last full block. */
+            memcpy( prev_tweak, tweak, sizeof( tweak ) );
+            esp_gf128mul_x_ble( tweak, tweak );
+        }
+
+        for( i = 0; i < 16; i++ )
+            tmp[i] = input[i] ^ tweak[i];
+
+        ret = esp_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp );
+        if( ret != 0 )
+            return( ret );
+
+        for( i = 0; i < 16; i++ )
+            output[i] = tmp[i] ^ tweak[i];
+
+        /* Update the tweak for the next block. */
+        esp_gf128mul_x_ble( tweak, tweak );
+
+        output += 16;
+        input += 16;
+    }
+
+    if( leftover )
+    {
+        /* If we are on the leftover bytes in a decrypt operation, we need to
+         * use the previous tweak for these bytes (as saved in prev_tweak). */
+        unsigned char *t = mode == MBEDTLS_AES_DECRYPT ? prev_tweak : tweak;
+
+        /* We are now on the final part of the data unit, which doesn't divide
+         * evenly by 16. It's time for ciphertext stealing. */
+        size_t i;
+        unsigned char *prev_output = output - 16;
+
+        /* Copy ciphertext bytes from the previous block to our output for each
+         * byte of cyphertext we won't steal. At the same time, copy the
+         * remainder of the input for this final round (since the loop bounds
+         * are the same). */
+        for( i = 0; i < leftover; i++ )
+        {
+            output[i] = prev_output[i];
+            tmp[i] = input[i] ^ t[i];
+        }
+
+        /* Copy ciphertext bytes from the previous block for input in this
+         * round. */
+        for( ; i < 16; i++ )
+            tmp[i] = prev_output[i] ^ t[i];
+
+        ret = esp_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp );
+        if( ret != 0 )
+            return ret;
+
+        /* Write the result back to the previous block, overriding the previous
+         * output we copied. */
+        for( i = 0; i < 16; i++ )
+            prev_output[i] = tmp[i] ^ t[i];
+    }
+
+    return( 0 );
+}
diff --git a/components/mbedtls/port/esp32/sha.c b/components/mbedtls/port/esp32/sha.c
new file mode 100644
index 00000000..35c52eee
--- /dev/null
+++ b/components/mbedtls/port/esp32/sha.c
@@ -0,0 +1,314 @@
+/*
+ *  ESP32 hardware accelerated SHA1/256/512 implementation
+ *  based on mbedTLS FIPS-197 compliant version.
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+/*
+ *  The SHA-1 standard was published by NIST in 1993.
+ *
+ *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <machine/endian.h>
+#include <assert.h>
+
+#include "freertos/FreeRTOS.h"
+#include "freertos/semphr.h"
+
+#include "esp32/sha.h"
+#include "esp32/rom/ets_sys.h"
+#include "soc/hwcrypto_periph.h"
+#include "driver/periph_ctrl.h"
+
+inline static uint32_t SHA_LOAD_REG(esp_sha_type sha_type) {
+    return SHA_1_LOAD_REG + sha_type * 0x10;
+}
+
+inline static uint32_t SHA_BUSY_REG(esp_sha_type sha_type) {
+    return SHA_1_BUSY_REG + sha_type * 0x10;
+}
+
+inline static uint32_t SHA_START_REG(esp_sha_type sha_type) {
+    return SHA_1_START_REG + sha_type * 0x10;
+}
+
+inline static uint32_t SHA_CONTINUE_REG(esp_sha_type sha_type) {
+    return SHA_1_CONTINUE_REG + sha_type * 0x10;
+}
+
+/* Single spinlock for SHA engine memory block
+*/
+static portMUX_TYPE memory_block_lock = portMUX_INITIALIZER_UNLOCKED;
+
+
+/* Binary semaphore managing the state of each concurrent SHA engine.
+
+   Available = noone is using this SHA engine
+   Taken = a SHA session is running on this SHA engine
+
+   Indexes:
+   0 = SHA1
+   1 = SHA2_256
+   2 = SHA2_384 or SHA2_512
+*/
+static SemaphoreHandle_t engine_states[3];
+
+static uint8_t engines_in_use;
+
+/* Spinlock for engines_in_use counter
+*/
+static portMUX_TYPE engines_in_use_lock = portMUX_INITIALIZER_UNLOCKED;
+
+/* Index into the engine_states array */
+inline static size_t sha_engine_index(esp_sha_type type) {
+    switch(type) {
+    case SHA1:
+        return 0;
+    case SHA2_256:
+        return 1;
+    default:
+        return 2;
+    }
+}
+
+/* Return digest length (in bytes) for a given SHA type */
+inline static size_t sha_length(esp_sha_type type) {
+    switch(type) {
+    case SHA1:
+        return 20;
+    case SHA2_256:
+        return 32;
+    case SHA2_384:
+        return 48;
+    case SHA2_512:
+        return 64;
+    default:
+        return 0;
+    }
+}
+
+/* Return block size (in bytes) for a given SHA type */
+inline static size_t block_length(esp_sha_type type) {
+    switch(type) {
+    case SHA1:
+    case SHA2_256:
+        return 64;
+    case SHA2_384:
+    case SHA2_512:
+        return 128;
+    default:
+        return 0;
+    }
+}
+
+void esp_sha_lock_memory_block(void)
+{
+    portENTER_CRITICAL(&memory_block_lock);
+}
+
+void esp_sha_unlock_memory_block(void)
+{
+    portEXIT_CRITICAL(&memory_block_lock);
+}
+
+static SemaphoreHandle_t sha_get_engine_state(esp_sha_type sha_type)
+{
+    unsigned idx = sha_engine_index(sha_type);
+    volatile SemaphoreHandle_t *engine = &engine_states[idx];
+    SemaphoreHandle_t result = *engine;
+    uint32_t set_engine = 0;
+
+    if (result == NULL) {
+        // Create a new semaphore for 'in use' flag
+        SemaphoreHandle_t new_engine = xSemaphoreCreateBinary();
+        assert(new_engine != NULL);
+        xSemaphoreGive(new_engine); // start available
+
+        // try to atomically set the previously NULL *engine to new_engine
+        set_engine = (uint32_t)new_engine;
+        uxPortCompareSet((volatile uint32_t *)engine, 0, &set_engine);
+
+        if (set_engine != 0) { // we lost a race setting *engine
+            vSemaphoreDelete(new_engine);
+        }
+        result = *engine;
+    }
+    return result;
+}
+
+static bool esp_sha_lock_engine_common(esp_sha_type sha_type, TickType_t ticks_to_wait);
+
+bool esp_sha_try_lock_engine(esp_sha_type sha_type)
+{
+    return esp_sha_lock_engine_common(sha_type, 0);
+}
+
+void esp_sha_lock_engine(esp_sha_type sha_type)
+{
+    esp_sha_lock_engine_common(sha_type, portMAX_DELAY);
+}
+
+static bool esp_sha_lock_engine_common(esp_sha_type sha_type, TickType_t ticks_to_wait)
+{
+    SemaphoreHandle_t engine_state = sha_get_engine_state(sha_type);
+    BaseType_t result = xSemaphoreTake(engine_state, ticks_to_wait);
+
+    if (result == pdFALSE) {
+        // failed to take semaphore
+        return false;
+    }
+
+    portENTER_CRITICAL(&engines_in_use_lock);
+
+    if (engines_in_use == 0) {
+        /* Just locked first engine,
+           so enable SHA hardware */
+        periph_module_enable(PERIPH_SHA_MODULE);
+    }
+
+    engines_in_use++;
+    assert(engines_in_use <= 3);
+
+    portEXIT_CRITICAL(&engines_in_use_lock);
+
+    return true;
+}
+
+
+void esp_sha_unlock_engine(esp_sha_type sha_type)
+{
+    SemaphoreHandle_t *engine_state = sha_get_engine_state(sha_type);
+
+    portENTER_CRITICAL(&engines_in_use_lock);
+
+    engines_in_use--;
+
+    if (engines_in_use == 0) {
+        /* About to release last engine, so
+           disable SHA hardware */
+        periph_module_disable(PERIPH_SHA_MODULE);
+    }
+
+    portEXIT_CRITICAL(&engines_in_use_lock);
+
+    xSemaphoreGive(engine_state);
+}
+
+void esp_sha_wait_idle(void)
+{
+    while(1) {
+        if(DPORT_REG_READ(SHA_1_BUSY_REG) == 0
+           && DPORT_REG_READ(SHA_256_BUSY_REG) == 0
+           && DPORT_REG_READ(SHA_384_BUSY_REG) == 0
+           && DPORT_REG_READ(SHA_512_BUSY_REG) == 0) {
+            break;
+        }
+    }
+}
+
+void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state)
+{
+    uint32_t *digest_state_words = NULL;
+    uint32_t *reg_addr_buf = NULL;
+    uint32_t word_len = sha_length(sha_type)/4;
+#ifndef NDEBUG
+    {
+        SemaphoreHandle_t *engine_state = sha_get_engine_state(sha_type);
+        assert(uxSemaphoreGetCount(engine_state) == 0 &&
+               "SHA engine should be locked" );
+    }
+#endif
+
+    // preemptively do this before entering the critical section, then re-check once in it
+    esp_sha_wait_idle();
+
+    esp_sha_lock_memory_block();
+
+    esp_sha_wait_idle();
+
+    DPORT_REG_WRITE(SHA_LOAD_REG(sha_type), 1);
+    while(DPORT_REG_READ(SHA_BUSY_REG(sha_type)) == 1) { }
+    digest_state_words = (uint32_t *)digest_state;
+    reg_addr_buf = (uint32_t *)(SHA_TEXT_BASE);
+    if(sha_type == SHA2_384 || sha_type == SHA2_512) {
+        /* for these ciphers using 64-bit states, swap each pair of words */
+        DPORT_INTERRUPT_DISABLE(); // Disable interrupt only on current CPU.
+        for(int i = 0; i < word_len; i += 2) {
+            digest_state_words[i+1] = DPORT_SEQUENCE_REG_READ((uint32_t)&reg_addr_buf[i]);
+            digest_state_words[i]   = DPORT_SEQUENCE_REG_READ((uint32_t)&reg_addr_buf[i+1]);
+        }
+        DPORT_INTERRUPT_RESTORE(); // restore the previous interrupt level
+    } else {
+        esp_dport_access_read_buffer(digest_state_words, (uint32_t)&reg_addr_buf[0], word_len);
+    }
+    esp_sha_unlock_memory_block();
+
+    /* Fault injection check: verify SHA engine actually ran,
+       state is not all zeroes.
+    */
+    for (int i = 0; i < word_len; i++) {
+        if (digest_state_words[i] != 0) {
+            return;
+        }
+    }
+    abort(); // SHA peripheral returned all zero state, probably due to fault injection
+}
+
+void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block)
+{
+    uint32_t *reg_addr_buf = NULL;
+    uint32_t *data_words = NULL;
+#ifndef NDEBUG
+    {
+        SemaphoreHandle_t *engine_state = sha_get_engine_state(sha_type);
+        assert(uxSemaphoreGetCount(engine_state) == 0 &&
+               "SHA engine should be locked" );
+    }
+#endif
+
+    // preemptively do this before entering the critical section, then re-check once in it
+    esp_sha_wait_idle();
+
+    esp_sha_lock_memory_block();
+
+    esp_sha_wait_idle();
+
+    /* Fill the data block */
+    reg_addr_buf = (uint32_t *)(SHA_TEXT_BASE);
+    data_words = (uint32_t *)data_block;
+    for (int i = 0; i < block_length(sha_type) / 4; i++) {
+        reg_addr_buf[i] = __builtin_bswap32(data_words[i]);
+    }
+    asm volatile ("memw");
+
+    if(is_first_block) {
+        DPORT_REG_WRITE(SHA_START_REG(sha_type), 1);
+    } else {
+        DPORT_REG_WRITE(SHA_CONTINUE_REG(sha_type), 1);
+    }
+
+    esp_sha_unlock_memory_block();
+
+    /* Note: deliberately not waiting for this operation to complete,
+       as a performance tweak - delay waiting until the next time we need the SHA
+       unit, instead.
+    */
+}
diff --git a/components/mbedtls/port/esp_bignum.c b/components/mbedtls/port/esp_bignum.c
new file mode 100644
index 00000000..09bb774b
--- /dev/null
+++ b/components/mbedtls/port/esp_bignum.c
@@ -0,0 +1,683 @@
+/**
+ * \brief  Multi-precision integer library, ESP32 hardware accelerated parts
+ *
+ *  based on mbedTLS implementation
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include <malloc.h>
+#include <limits.h>
+#include <assert.h>
+#include <stdlib.h>
+#include <sys/param.h>
+#include "esp32/rom/bigint.h"
+#include "soc/hwcrypto_periph.h"
+#include "esp_system.h"
+#include "esp_log.h"
+#include "esp_intr_alloc.h"
+#include "esp_attr.h"
+
+#include <mbedtls/bignum.h>
+
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "freertos/semphr.h"
+#include "driver/periph_ctrl.h"
+
+/* Some implementation notes:
+ *
+ * - Naming convention x_words, y_words, z_words for number of words (limbs) used in a particular
+ *   bignum. This number may be less than the size of the bignum
+ *
+ * - Naming convention hw_words for the hardware length of the operation. This number is always
+ *   rounded up to a 512 bit multiple, and may be larger than any of the numbers involved in the
+ *   calculation.
+ *
+ * - Timing behaviour of these functions will depend on the length of the inputs. This is fundamentally
+ *   the same constraint as the software mbedTLS implementations, and relies on the same
+ *   countermeasures (exponent blinding, etc) which are used in mbedTLS.
+ */
+
+static const __attribute__((unused)) char *TAG = "bignum";
+
+#define ciL    (sizeof(mbedtls_mpi_uint))         /* chars in limb  */
+#define biL    (ciL << 3)                         /* bits  in limb  */
+
+#if defined(CONFIG_MBEDTLS_MPI_USE_INTERRUPT)
+static SemaphoreHandle_t op_complete_sem;
+
+static IRAM_ATTR void rsa_complete_isr(void *arg)
+{
+    BaseType_t higher_woken;
+    DPORT_REG_WRITE(RSA_INTERRUPT_REG, 1);
+    xSemaphoreGiveFromISR(op_complete_sem, &higher_woken);
+    if (higher_woken) {
+        portYIELD_FROM_ISR();
+    }
+}
+
+static void rsa_isr_initialise(void)
+{
+    if (op_complete_sem == NULL) {
+        op_complete_sem = xSemaphoreCreateBinary();
+        esp_intr_alloc(ETS_RSA_INTR_SOURCE, 0, rsa_complete_isr, NULL, NULL);
+    }
+}
+
+#endif /* CONFIG_MBEDTLS_MPI_USE_INTERRUPT */
+
+static _lock_t mpi_lock;
+
+void esp_mpi_acquire_hardware( void )
+{
+    /* newlib locks lazy initialize on ESP-IDF */
+    _lock_acquire(&mpi_lock);
+
+    /* Enable RSA hardware */
+    periph_module_enable(PERIPH_RSA_MODULE);
+    DPORT_REG_CLR_BIT(DPORT_RSA_PD_CTRL_REG, DPORT_RSA_PD);
+
+    while(DPORT_REG_READ(RSA_CLEAN_REG) != 1);
+    // Note: from enabling RSA clock to here takes about 1.3us
+
+#ifdef CONFIG_MBEDTLS_MPI_USE_INTERRUPT
+    rsa_isr_initialise();
+#endif
+}
+
+void esp_mpi_release_hardware( void )
+{
+    DPORT_REG_SET_BIT(DPORT_RSA_PD_CTRL_REG, DPORT_RSA_PD);
+
+    /* Disable RSA hardware */
+    periph_module_disable(PERIPH_RSA_MODULE);
+
+    _lock_release(&mpi_lock);
+}
+
+/* Convert bit count to word count
+ */
+static inline size_t bits_to_words(size_t bits)
+{
+    return (bits + 31) / 32;
+}
+
+/* Round up number of words to nearest
+   512 bit (16 word) block count.
+*/
+static inline size_t hardware_words(size_t words)
+{
+    return (words + 0xF) & ~0xF;
+}
+
+/* Number of words used to hold 'mpi'.
+
+   Equivalent of bits_to_words(mbedtls_mpi_bitlen(mpi)), but uses less cycles if the
+   exact bit count is not needed.
+
+   Note that mpi->n (size of memory buffer) may be higher than this
+   number, if the high bits are mostly zeroes.
+*/
+static inline size_t word_length(const mbedtls_mpi *mpi)
+{
+    for(size_t i = mpi->n; i > 0; i--) {
+        if( mpi->p[i - 1] != 0 ) {
+            return i;
+        }
+    }
+    return 0;
+}
+
+/* Copy mbedTLS MPI bignum 'mpi' to hardware memory block at 'mem_base'.
+
+   If hw_words is higher than the number of words in the bignum then
+   these additional words will be zeroed in the memory buffer.
+
+*/
+static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t hw_words)
+{
+    uint32_t *pbase = (uint32_t *)mem_base;
+    uint32_t copy_words = hw_words < mpi->n ? hw_words : mpi->n;
+
+    /* Copy MPI data to memory block registers */
+    for (int i = 0; i < copy_words; i++) {
+        pbase[i] = mpi->p[i];
+    }
+
+    /* Zero any remaining memory block data */
+    for (int i = copy_words; i < hw_words; i++) {
+        pbase[i] = 0;
+    }
+
+    /* Note: not executing memw here, can do it before we start a bignum operation */
+}
+
+/* Read mbedTLS MPI bignum back from hardware memory block.
+
+   Reads num_words words from block.
+
+   Bignum 'x' should already be grown to at least num_words by caller (can be done while
+   calculation is in progress, to save some cycles)
+*/
+static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, int num_words)
+{
+    assert(x->n >= num_words);
+
+    /* Copy data from memory block registers */
+    esp_dport_access_read_buffer(x->p, mem_base, num_words);
+
+    /* Zero any remaining limbs in the bignum, if the buffer is bigger
+       than num_words */
+    for(size_t i = num_words; i < x->n; i++) {
+        x->p[i] = 0;
+    }
+}
+
+
+/**
+ *
+ * There is a need for the value of integer N' such that B^-1(B-1)-N^-1N'=1,
+ * where B^-1(B-1) mod N=1. Actually, only the least significant part of
+ * N' is needed, hence the definition N0'=N' mod b. We reproduce below the
+ * simple algorithm from an article by Dusse and Kaliski to efficiently
+ * find N0' from N0 and b
+ */
+static mbedtls_mpi_uint modular_inverse(const mbedtls_mpi *M)
+{
+    int i;
+    uint64_t t = 1;
+    uint64_t two_2_i_minus_1 = 2;   /* 2^(i-1) */
+    uint64_t two_2_i = 4;           /* 2^i */
+    uint64_t N = M->p[0];
+
+    for (i = 2; i <= 32; i++) {
+        if ((mbedtls_mpi_uint) N * t % two_2_i >= two_2_i_minus_1) {
+            t += two_2_i_minus_1;
+        }
+
+        two_2_i_minus_1 <<= 1;
+        two_2_i <<= 1;
+    }
+
+    return (mbedtls_mpi_uint)(UINT32_MAX - t + 1);
+}
+
+/* Calculate Rinv = RR^2 mod M, where:
+ *
+ *  R = b^n where b = 2^32, n=num_words,
+ *  R = 2^N (where N=num_bits)
+ *  RR = R^2 = 2^(2*N) (where N=num_bits=num_words*32)
+ *
+ * This calculation is computationally expensive (mbedtls_mpi_mod_mpi)
+ * so caller should cache the result where possible.
+ *
+ * DO NOT call this function while holding esp_mpi_acquire_hardware().
+ *
+ */
+static int calculate_rinv(mbedtls_mpi *Rinv, const mbedtls_mpi *M, int num_words)
+{
+    int ret;
+    size_t num_bits = num_words * 32;
+    mbedtls_mpi RR;
+    mbedtls_mpi_init(&RR);
+    MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&RR, num_bits * 2, 1));
+    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(Rinv, &RR, M));
+
+ cleanup:
+    mbedtls_mpi_free(&RR);
+    return ret;
+}
+
+
+/* Begin an RSA operation. op_reg specifies which 'START' register
+   to write to.
+*/
+static inline void start_op(uint32_t op_reg)
+{
+    /* Clear interrupt status */
+    DPORT_REG_WRITE(RSA_INTERRUPT_REG, 1);
+
+    /* Note: above REG_WRITE includes a memw, so we know any writes
+       to the memory blocks are also complete. */
+
+    DPORT_REG_WRITE(op_reg, 1);
+}
+
+/* Wait for an RSA operation to complete.
+*/
+static inline void wait_op_complete(uint32_t op_reg)
+{
+#ifdef CONFIG_MBEDTLS_MPI_USE_INTERRUPT
+    if (!xSemaphoreTake(op_complete_sem, 2000 / portTICK_PERIOD_MS)) {
+        ESP_LOGE(TAG, "Timed out waiting for RSA operation (op_reg 0x%x int_reg 0x%x)",
+                 op_reg, DPORT_REG_READ(RSA_INTERRUPT_REG));
+        abort(); /* indicates a fundamental problem with driver */
+    }
+#else
+    while(DPORT_REG_READ(RSA_INTERRUPT_REG) != 1)
+       { }
+
+    /* clear the interrupt */
+    DPORT_REG_WRITE(RSA_INTERRUPT_REG, 1);
+#endif
+
+}
+
+/* Sub-stages of modulo multiplication/exponentiation operations */
+inline static int modular_multiply_finish(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t hw_words, size_t z_words);
+
+/* Z = (X * Y) mod M
+
+   Not an mbedTLS function
+*/
+int esp_mpi_mul_mpi_mod(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M)
+{
+    int ret;
+    size_t x_bits = mbedtls_mpi_bitlen(X);
+    size_t y_bits = mbedtls_mpi_bitlen(Y);
+    size_t m_bits = mbedtls_mpi_bitlen(M);
+    size_t z_bits = MIN(m_bits, x_bits + y_bits);
+    size_t x_words = bits_to_words(x_bits);
+    size_t y_words = bits_to_words(y_bits);
+    size_t m_words = bits_to_words(m_bits);
+    size_t z_words = bits_to_words(z_bits);
+    size_t hw_words = hardware_words(MAX(x_words, MAX(y_words, m_words))); /* longest operand */
+    mbedtls_mpi Rinv;
+    mbedtls_mpi_uint Mprime;
+
+    /* Calculate and load the first stage montgomery multiplication */
+    mbedtls_mpi_init(&Rinv);
+    MBEDTLS_MPI_CHK(calculate_rinv(&Rinv, M, hw_words));
+    Mprime = modular_inverse(M);
+
+    esp_mpi_acquire_hardware();
+
+    /* Load M, X, Rinv, Mprime (Mprime is mod 2^32) */
+    mpi_to_mem_block(RSA_MEM_M_BLOCK_BASE, M, hw_words);
+    mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, hw_words);
+    mpi_to_mem_block(RSA_MEM_RB_BLOCK_BASE, &Rinv, hw_words);
+    DPORT_REG_WRITE(RSA_M_DASH_REG, (uint32_t)Mprime);
+
+    /* "mode" register loaded with number of 512-bit blocks, minus 1 */
+    DPORT_REG_WRITE(RSA_MULT_MODE_REG, (hw_words / 16) - 1);
+
+    /* Execute first stage montgomery multiplication */
+    start_op(RSA_MULT_START_REG);
+
+    wait_op_complete(RSA_MULT_START_REG);
+
+    /* execute second stage */
+    ret = modular_multiply_finish(Z, X, Y, hw_words, z_words);
+
+    esp_mpi_release_hardware();
+
+ cleanup:
+    mbedtls_mpi_free(&Rinv);
+    return ret;
+}
+
+#if defined(MBEDTLS_MPI_EXP_MOD_ALT)
+
+/*
+ * Sliding-window exponentiation: Z = X^Y mod M  (HAC 14.85)
+ *
+ * _Rinv is optional pre-calculated version of Rinv (via calculate_rinv()).
+ *
+ * (See RSA Accelerator section in Technical Reference for more about Mprime, Rinv)
+ *
+ */
+int mbedtls_mpi_exp_mod( mbedtls_mpi* Z, const mbedtls_mpi* X, const mbedtls_mpi* Y, const mbedtls_mpi* M, mbedtls_mpi* _Rinv )
+{
+    int ret = 0;
+    size_t x_words = word_length(X);
+    size_t y_words = word_length(Y);
+    size_t m_words = word_length(M);
+
+    /* "all numbers must be the same length", so choose longest number
+       as cardinal length of operation...
+    */
+    size_t hw_words = hardware_words(MAX(m_words, MAX(x_words, y_words)));
+
+    mbedtls_mpi Rinv_new; /* used if _Rinv == NULL */
+    mbedtls_mpi *Rinv;    /* points to _Rinv (if not NULL) othwerwise &RR_new */
+    mbedtls_mpi_uint Mprime;
+
+    if (mbedtls_mpi_cmp_int(M, 0) <= 0 || (M->p[0] & 1) == 0) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
+
+    if (mbedtls_mpi_cmp_int(Y, 0) < 0) {
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
+
+    if (mbedtls_mpi_cmp_int(Y, 0) == 0) {
+        return mbedtls_mpi_lset(Z, 1);
+    }
+
+    if (hw_words * 32 > 4096) {
+        return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+    }
+
+    /* Determine RR pointer, either _RR for cached value
+       or local RR_new */
+    if (_Rinv == NULL) {
+        mbedtls_mpi_init(&Rinv_new);
+        Rinv = &Rinv_new;
+    } else {
+        Rinv = _Rinv;
+    }
+    if (Rinv->p == NULL) {
+        MBEDTLS_MPI_CHK(calculate_rinv(Rinv, M, hw_words));
+    }
+
+    Mprime = modular_inverse(M);
+
+    esp_mpi_acquire_hardware();
+
+    /* "mode" register loaded with number of 512-bit blocks, minus 1 */
+    DPORT_REG_WRITE(RSA_MODEXP_MODE_REG, (hw_words / 16) - 1);
+
+    /* Load M, X, Rinv, M-prime (M-prime is mod 2^32) */
+    mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, hw_words);
+    mpi_to_mem_block(RSA_MEM_Y_BLOCK_BASE, Y, hw_words);
+    mpi_to_mem_block(RSA_MEM_M_BLOCK_BASE, M, hw_words);
+    mpi_to_mem_block(RSA_MEM_RB_BLOCK_BASE, Rinv, hw_words);
+    DPORT_REG_WRITE(RSA_M_DASH_REG, Mprime);
+
+    start_op(RSA_START_MODEXP_REG);
+
+    /* X ^ Y may actually be shorter than M, but unlikely when used for crypto */
+    if ((ret = mbedtls_mpi_grow(Z, m_words)) != 0) {
+        esp_mpi_release_hardware();
+        goto cleanup;
+    }
+
+    wait_op_complete(RSA_START_MODEXP_REG);
+
+    mem_block_to_mpi(Z, RSA_MEM_Z_BLOCK_BASE, m_words);
+    esp_mpi_release_hardware();
+
+    // Compensate for negative X
+    if (X->s == -1 && (Y->p[0] & 1) != 0) {
+        Z->s = -1;
+        MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(Z, M, Z));
+    } else {
+        Z->s = 1;
+    }
+
+ cleanup:
+    if (_Rinv == NULL) {
+        mbedtls_mpi_free(&Rinv_new);
+    }
+
+    return ret;
+}
+
+#endif /* MBEDTLS_MPI_EXP_MOD_ALT */
+
+/* Second & final step of a modular multiply - load second multiplication
+ * factor Y, run the operation (modular inverse), read back the result
+ * into Z.
+ *
+ * Called from both mbedtls_mpi_exp_mod and mbedtls_mpi_mod_mpi.
+ *
+ * @param Z result value
+ * @param X first multiplication factor (used to set sign of result).
+ * @param Y second multiplication factor.
+ * @param hw_words Size of the hardware operation, in words
+ * @param z_words Size of the expected result, in words (may be less than hw_words).
+ *        Z will be grown to at least this length.
+ *
+ *  Caller must have already called esp_mpi_acquire_hardware().
+ */
+static int modular_multiply_finish(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t hw_words, size_t z_words)
+{
+    int ret = 0;
+
+    /* Load Y to X input memory block, rerun */
+    mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, Y, hw_words);
+
+    start_op(RSA_MULT_START_REG);
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, z_words) );
+
+    wait_op_complete(RSA_MULT_START_REG);
+
+    mem_block_to_mpi(Z, RSA_MEM_Z_BLOCK_BASE, z_words);
+
+    Z->s = X->s * Y->s;
+
+ cleanup:
+    return ret;
+}
+
+#if defined(MBEDTLS_MPI_MUL_MPI_ALT) /* MBEDTLS_MPI_MUL_MPI_ALT */
+
+static int mpi_mult_mpi_failover_mod_mult(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t z_words);
+static int mpi_mult_mpi_overlong(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t Y_bits, size_t z_words);
+
+/* Z = X * Y */
+int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y )
+{
+    int ret = 0;
+    size_t x_bits = mbedtls_mpi_bitlen(X);
+    size_t y_bits = mbedtls_mpi_bitlen(Y);
+    size_t x_words = bits_to_words(x_bits);
+    size_t y_words = bits_to_words(y_bits);
+    size_t z_words = bits_to_words(x_bits + y_bits);
+    size_t hw_words = hardware_words(MAX(x_words, y_words)); // length of one operand in hardware
+
+    /* Short-circuit eval if either argument is 0 or 1.
+
+       This is needed as the mpi modular division
+       argument will sometimes call in here when one
+       argument is too large for the hardware unit, but the other
+       argument is zero or one.
+    */
+    if (x_bits == 0 || y_bits == 0) {
+        mbedtls_mpi_lset(Z, 0);
+        return 0;
+    }
+    if (x_bits == 1) {
+        ret = mbedtls_mpi_copy(Z, Y);
+        Z->s *= X->s;
+        return ret;
+    }
+    if (y_bits == 1) {
+        ret = mbedtls_mpi_copy(Z, X);
+        Z->s *= Y->s;
+        return ret;
+    }
+
+    /* If either factor is over 2048 bits, we can't use the standard hardware multiplier
+       (it assumes result is double longest factor, and result is max 4096 bits.)
+
+       However, we can fail over to mod_mult for up to 4096 bits of result (modulo
+       multiplication doesn't have the same restriction, so result is simply the
+       number of bits in X plus number of bits in in Y.)
+    */
+    if (hw_words * 32 > 2048) {
+        if (z_words * 32 <= 4096) {
+            /* Note: it's possible to use mpi_mult_mpi_overlong
+               for this case as well, but it's very slightly
+               slower and requires a memory allocation.
+            */
+            return mpi_mult_mpi_failover_mod_mult(Z, X, Y, z_words);
+        } else {
+            /* Still too long for the hardware unit... */
+            if(y_words > x_words) {
+                return mpi_mult_mpi_overlong(Z, X, Y, y_words, z_words);
+            } else {
+                return mpi_mult_mpi_overlong(Z, Y, X, x_words, z_words);
+            }
+        }
+    }
+
+    /* Otherwise, we can use the (faster) multiply hardware unit */
+
+    esp_mpi_acquire_hardware();
+
+    /* Copy X (right-extended) & Y (left-extended) to memory block */
+    mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, hw_words);
+    mpi_to_mem_block(RSA_MEM_Z_BLOCK_BASE + hw_words * 4, Y, hw_words);
+    /* NB: as Y is left-extended, we don't zero the bottom words_mult words of Y block.
+       This is OK for now because zeroing is done by hardware when we do esp_mpi_acquire_hardware().
+    */
+
+    DPORT_REG_WRITE(RSA_M_DASH_REG, 0);
+
+    /* "mode" register loaded with number of 512-bit blocks in result,
+       plus 7 (for range 9-12). (this is ((N~ / 32) - 1) + 8))
+    */
+    DPORT_REG_WRITE(RSA_MULT_MODE_REG, ((hw_words * 2) / 16) + 7);
+
+    start_op(RSA_MULT_START_REG);
+
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, z_words) );
+
+    wait_op_complete(RSA_MULT_START_REG);
+
+    /* Read back the result */
+    mem_block_to_mpi(Z, RSA_MEM_Z_BLOCK_BASE, z_words);
+
+    Z->s = X->s * Y->s;
+
+ cleanup:
+    esp_mpi_release_hardware();
+
+    return ret;
+}
+
+/* Special-case of mbedtls_mpi_mult_mpi(), where we use hardware montgomery mod
+   multiplication to calculate an mbedtls_mpi_mult_mpi result where either
+   A or B are >2048 bits so can't use the standard multiplication method.
+
+   Result (z_words, based on A bits + B bits) must still be less than 4096 bits.
+
+   This case is simpler than the general case modulo multiply of
+   esp_mpi_mul_mpi_mod() because we can control the other arguments:
+
+   * Modulus is chosen with M=(2^num_bits - 1) (ie M=R-1), so output
+   isn't actually modulo anything.
+   * Mprime and Rinv are therefore predictable as follows:
+   Mprime = 1
+   Rinv = 1
+
+   (See RSA Accelerator section in Technical Reference for more about Mprime, Rinv)
+*/
+static int mpi_mult_mpi_failover_mod_mult(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t z_words)
+{
+    int ret = 0;
+    size_t hw_words = hardware_words(z_words);
+
+    /* Load coefficients to hardware */
+    esp_mpi_acquire_hardware();
+
+    /* M = 2^num_words - 1, so block is entirely FF */
+    for(int i = 0; i < hw_words; i++) {
+        DPORT_REG_WRITE(RSA_MEM_M_BLOCK_BASE + i * 4, UINT32_MAX);
+    }
+    /* Mprime = 1 */
+    DPORT_REG_WRITE(RSA_M_DASH_REG, 1);
+
+    /* "mode" register loaded with number of 512-bit blocks, minus 1 */
+    DPORT_REG_WRITE(RSA_MULT_MODE_REG, (hw_words / 16) - 1);
+
+    /* Load X */
+    mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, hw_words);
+
+    /* Rinv = 1 */
+    DPORT_REG_WRITE(RSA_MEM_RB_BLOCK_BASE, 1);
+    for(int i = 1; i < hw_words; i++) {
+        DPORT_REG_WRITE(RSA_MEM_RB_BLOCK_BASE + i * 4, 0);
+    }
+
+    start_op(RSA_MULT_START_REG);
+
+    wait_op_complete(RSA_MULT_START_REG);
+
+    /* finish the modular multiplication */
+    ret = modular_multiply_finish(Z, X, Y, hw_words, z_words);
+
+    esp_mpi_release_hardware();
+
+    return ret;
+}
+
+/* Deal with the case when X & Y are too long for the hardware unit, by splitting one operand
+   into two halves.
+
+   Y must be the longer operand
+
+   Slice Y into Yp, Ypp such that:
+   Yp = lower 'b' bits of Y
+   Ypp = upper 'b' bits of Y (right shifted)
+
+   Such that
+   Z = X * Y
+   Z = X * (Yp + Ypp<<b)
+   Z = (X * Yp) + (X * Ypp<<b)
+
+   Note that this function may recurse multiple times, if both X & Y
+   are too long for the hardware multiplication unit.
+*/
+static int mpi_mult_mpi_overlong(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t y_words, size_t z_words)
+{
+    int ret = 0;
+    mbedtls_mpi Ztemp;
+    /* Rather than slicing in two on bits we slice on limbs (32 bit words) */
+    const size_t words_slice = y_words / 2;
+    /* Yp holds lower bits of Y (declared to reuse Y's array contents to save on copying) */
+    const mbedtls_mpi Yp = {
+        .p = Y->p,
+        .n = words_slice,
+        .s = Y->s
+    };
+    /* Ypp holds upper bits of Y, right shifted (also reuses Y's array contents) */
+    const mbedtls_mpi Ypp = {
+        .p = Y->p + words_slice,
+        .n = y_words - words_slice,
+        .s = Y->s
+    };
+    mbedtls_mpi_init(&Ztemp);
+
+    /* Grow Z to result size early, avoid interim allocations */
+    mbedtls_mpi_grow(Z, z_words);
+
+    /* Get result Ztemp = Yp * X (need temporary variable Ztemp) */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi(&Ztemp, X, &Yp) );
+
+    /* Z = Ypp * Y */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi(Z, X, &Ypp) );
+
+    /* Z = Z << b */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l(Z, words_slice * 32) );
+
+    /* Z += Ztemp */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi(Z, Z, &Ztemp) );
+
+ cleanup:
+    mbedtls_mpi_free(&Ztemp);
+
+    return ret;
+}
+
+#endif /* MBEDTLS_MPI_MUL_MPI_ALT */
+
diff --git a/components/mbedtls/port/esp_hardware.c b/components/mbedtls/port/esp_hardware.c
new file mode 100644
index 00000000..a919ca34
--- /dev/null
+++ b/components/mbedtls/port/esp_hardware.c
@@ -0,0 +1,26 @@
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <sys/types.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <esp_system.h>
+
+#include "mbedtls/entropy_poll.h"
+
+#ifndef MBEDTLS_ENTROPY_HARDWARE_ALT
+#error "MBEDTLS_ENTROPY_HARDWARE_ALT should always be set in ESP-IDF"
+#endif
+
+int mbedtls_hardware_poll( void *data,
+                           unsigned char *output, size_t len, size_t *olen )
+{
+    esp_fill_random(output, len);
+    *olen = len;
+    return 0;
+}
+
+
diff --git a/components/ssl/mbedtls/port/esp8266/esp_hardware.c b/components/mbedtls/port/esp_mem.c
similarity index 50%
rename from components/ssl/mbedtls/port/esp8266/esp_hardware.c
rename to components/mbedtls/port/esp_mem.c
index d4d87117..c7b8e706 100644
--- a/components/ssl/mbedtls/port/esp8266/esp_hardware.c
+++ b/components/mbedtls/port/esp_mem.c
@@ -3,7 +3,7 @@
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
-
+//
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
@@ -12,29 +12,27 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include <esp_attr.h>
+#include <esp_heap_caps.h>
+#include <sdkconfig.h>
+#include "esp_mem.h"
 
-#include <sys/types.h>
-#include "esp_libc.h"
+#ifndef CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC
 
-#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-/**
- * \brief           Entropy poll callback for a hardware source
- *
- * \warning         This is not provided by mbed TLS!
- *                  See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h.
- *
- * \note            This must accept NULL as its first argument.
- */
-int mbedtls_hardware_poll( void *data,
-                           unsigned char *output, size_t len, size_t *olen )
+IRAM_ATTR void *esp_mbedtls_mem_calloc(size_t n, size_t size)
 {
-    os_get_random(output, len);
-    *olen = len;
-    return 0;
-}
+#ifdef CONFIG_MBEDTLS_INTERNAL_MEM_ALLOC
+    return heap_caps_calloc(n, size, MALLOC_CAP_INTERNAL|MALLOC_CAP_8BIT);
+#elif CONFIG_MBEDTLS_EXTERNAL_MEM_ALLOC
+    return heap_caps_calloc(n, size, MALLOC_CAP_SPIRAM|MALLOC_CAP_8BIT);
+#else
+    return calloc(n, size);
 #endif
+}
+
+IRAM_ATTR void esp_mbedtls_mem_free(void *ptr)
+{
+    return heap_caps_free(ptr);
+}
+
+#endif /* !CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC */
diff --git a/components/mbedtls/port/esp_sha.c b/components/mbedtls/port/esp_sha.c
new file mode 100644
index 00000000..2c40f2c5
--- /dev/null
+++ b/components/mbedtls/port/esp_sha.c
@@ -0,0 +1,79 @@
+// Copyright 2018-2019 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <string.h>
+#include <stdio.h>
+#include <assert.h>
+
+#include "esp32/sha.h"
+#include <mbedtls/sha1.h>
+#include <mbedtls/sha256.h>
+#include <mbedtls/sha512.h>
+
+void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output)
+{
+    int ret;
+    assert(input != NULL && output != NULL);
+
+    if (sha_type == SHA1) {
+
+        mbedtls_sha1_context *ctx1 = (mbedtls_sha1_context *)malloc(sizeof(mbedtls_sha1_context));
+        assert(ctx1 != NULL);
+        mbedtls_sha1_starts_ret(ctx1);
+        ret = mbedtls_sha1_update_ret(ctx1, input, ilen);
+        assert(ret == 0);
+        ret = mbedtls_sha1_finish_ret(ctx1, output);
+        assert(ret == 0);
+        mbedtls_sha1_free(ctx1);
+        free(ctx1);
+
+    } else if (sha_type == SHA2_256) {
+
+        mbedtls_sha256_context *ctx256 = (mbedtls_sha256_context *)malloc(sizeof(mbedtls_sha256_context));
+        assert(ctx256 != NULL);
+        mbedtls_sha256_starts_ret(ctx256, 0);
+        ret = mbedtls_sha256_update_ret(ctx256, input, ilen);
+        assert(ret == 0);
+        ret = mbedtls_sha256_finish_ret(ctx256, output);
+        assert(ret == 0);
+        mbedtls_sha256_free(ctx256);
+        free(ctx256);
+
+    } else if (sha_type == SHA2_384) {
+
+        mbedtls_sha512_context *ctx384 = (mbedtls_sha512_context *)malloc(sizeof(mbedtls_sha512_context));
+        assert(ctx384 != NULL);
+        mbedtls_sha512_starts_ret(ctx384, 1);
+        ret = mbedtls_sha512_update_ret(ctx384, input, ilen);
+        assert(ret == 0);
+        ret = mbedtls_sha512_finish_ret(ctx384, output);
+        assert(ret == 0);
+        mbedtls_sha512_free(ctx384);
+        free(ctx384);
+
+    } else if (sha_type == SHA2_512) {
+
+        mbedtls_sha512_context *ctx512 = (mbedtls_sha512_context *)malloc(sizeof(mbedtls_sha512_context));
+        assert(ctx512 != NULL);
+        mbedtls_sha512_starts_ret(ctx512, 0);
+        ret = mbedtls_sha512_update_ret(ctx512, input, ilen);
+        assert(ret == 0);
+        ret = mbedtls_sha512_finish_ret(ctx512, output);
+        assert(ret == 0);
+        mbedtls_sha512_free(ctx512);
+        free(ctx512);
+
+    }
+
+}
diff --git a/components/ssl/mbedtls/mbedtls/library/sha1.c b/components/mbedtls/port/esp_sha1.c
similarity index 69%
rename from components/ssl/mbedtls/mbedtls/library/sha1.c
rename to components/mbedtls/port/esp_sha1.c
index 1f29a0fb..ba5231b9 100644
--- a/components/ssl/mbedtls/mbedtls/library/sha1.c
+++ b/components/mbedtls/port/esp_sha1.c
@@ -1,7 +1,10 @@
 /*
- *  FIPS-180-1 compliant SHA-1 implementation
+ *  SHA-1 implementation with hardware ESP32 support added.
+ *  Uses mbedTLS software implementation for failover when concurrent
+ *  SHA operations are in use.
  *
  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -16,7 +19,6 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  *
- *  This file is part of mbed TLS (https://tls.mbed.org)
  */
 /*
  *  The SHA-1 standard was published by NIST in 1993.
@@ -30,7 +32,7 @@
 #include MBEDTLS_CONFIG_FILE
 #endif
 
-#if defined(MBEDTLS_SHA1_C)
+#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT)
 
 #include "mbedtls/sha1.h"
 
@@ -45,7 +47,7 @@
 #endif /* MBEDTLS_PLATFORM_C */
 #endif /* MBEDTLS_SELF_TEST */
 
-#if !defined(MBEDTLS_SHA1_ALT)
+#include "esp32/sha.h"
 
 /* Implementation that should never be optimized out by the compiler */
 static void mbedtls_zeroize( void *v, size_t n ) {
@@ -85,6 +87,9 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
     if( ctx == NULL )
         return;
 
+    if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) {
+        esp_sha_unlock_engine(SHA1);
+    }
     mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
 }
 
@@ -92,8 +97,17 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
                          const mbedtls_sha1_context *src )
 {
     *dst = *src;
+
+    if (src->mode == ESP_MBEDTLS_SHA1_HARDWARE) {
+        /* Copy hardware digest state out to cloned state,
+           which will be a software digest.
+        */
+        esp_sha_read_digest_state(SHA1, dst->state);
+        dst->mode = ESP_MBEDTLS_SHA1_SOFTWARE;
+    }
 }
 
+
 /*
  * SHA-1 context setup
  */
@@ -108,7 +122,12 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
     ctx->state[3] = 0x10325476;
     ctx->state[4] = 0xC3D2E1F0;
 
-    return( 0 );
+    if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) {
+        esp_sha_unlock_engine(SHA1);
+    }
+    ctx->mode = ESP_MBEDTLS_SHA1_UNUSED;
+
+    return 0;
 }
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -118,9 +137,40 @@ void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
 }
 #endif
 
-#if !defined(MBEDTLS_SHA1_PROCESS_ALT)
-int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
-                                   const unsigned char data[64] )
+static void mbedtls_sha1_software_process( mbedtls_sha1_context *ctx, const unsigned char data[64] );
+
+int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] )
+{
+    bool first_block = false;
+    if (ctx->mode == ESP_MBEDTLS_SHA1_UNUSED) {
+        /* try to use hardware for this digest */
+        if (esp_sha_try_lock_engine(SHA1)) {
+            ctx->mode = ESP_MBEDTLS_SHA1_HARDWARE;
+            first_block = true;
+        } else {
+            ctx->mode = ESP_MBEDTLS_SHA1_SOFTWARE;
+        }
+    }
+
+    if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) {
+        esp_sha_block(SHA1, data, first_block);
+    } else {
+        mbedtls_sha1_software_process(ctx, data);
+    }
+
+    return 0;
+}
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
+                           const unsigned char data[64] )
+{
+    mbedtls_internal_sha1_process( ctx, data );
+}
+#endif
+
+
+static void mbedtls_sha1_software_process( mbedtls_sha1_context *ctx, const unsigned char data[64] )
 {
     uint32_t temp, W[16], A, B, C, D, E;
 
@@ -274,32 +324,19 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
     ctx->state[2] += C;
     ctx->state[3] += D;
     ctx->state[4] += E;
-
-    return( 0 );
 }
 
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
-                           const unsigned char data[64] )
-{
-    mbedtls_internal_sha1_process( ctx, data );
-}
-#endif
-#endif /* !MBEDTLS_SHA1_PROCESS_ALT */
-
 /*
  * SHA-1 process buffer
  */
-int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
-                             const unsigned char *input,
-                             size_t ilen )
+int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen )
 {
     int ret;
     size_t fill;
     uint32_t left;
 
     if( ilen == 0 )
-        return( 0 );
+        return 0;
 
     left = ctx->total[0] & 0x3F;
     fill = 64 - left;
@@ -314,8 +351,9 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
     {
         memcpy( (void *) (ctx->buffer + left), input, fill );
 
-        if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
+        if ( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 ) {
+            return ret;
+        }
 
         input += fill;
         ilen  -= fill;
@@ -324,8 +362,9 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
 
     while( ilen >= 64 )
     {
-        if( ( ret = mbedtls_internal_sha1_process( ctx, input ) ) != 0 )
-            return( ret );
+        if ( ( ret = mbedtls_internal_sha1_process( ctx, input ) ) != 0 ) {
+            return ret;
+        }
 
         input += 64;
         ilen  -= 64;
@@ -334,7 +373,7 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
     if( ilen > 0 )
         memcpy( (void *) (ctx->buffer + left), input, ilen );
 
-    return( 0 );
+    return 0;
 }
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -355,10 +394,9 @@ static const unsigned char sha1_padding[64] =
 };
 
 /*
- * SHA-1 final digest
+* SHA-1 final digest
  */
-int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
-                             unsigned char output[20] )
+int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] )
 {
     int ret;
     uint32_t last, padn;
@@ -375,10 +413,17 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
     last = ctx->total[0] & 0x3F;
     padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
 
-    if( ( ret = mbedtls_sha1_update_ret( ctx, sha1_padding, padn ) ) != 0 )
-        return( ret );
-    if( ( ret = mbedtls_sha1_update_ret( ctx, msglen, 8 ) ) != 0 )
-        return( ret );
+    if ( ( ret = mbedtls_sha1_update_ret( ctx, sha1_padding, padn ) ) != 0 ) {
+        goto out;
+    }
+    if ( ( ret = mbedtls_sha1_update_ret( ctx, msglen, 8 ) ) != 0 ) {
+        goto out;
+    }
+
+    /* if state is in hardware, read it out */
+    if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) {
+        esp_sha_read_digest_state(SHA1, ctx->state);
+    }
 
     PUT_UINT32_BE( ctx->state[0], output,  0 );
     PUT_UINT32_BE( ctx->state[1], output,  4 );
@@ -386,7 +431,13 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
     PUT_UINT32_BE( ctx->state[3], output, 12 );
     PUT_UINT32_BE( ctx->state[4], output, 16 );
 
-    return( 0 );
+out:
+    if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) {
+        esp_sha_unlock_engine(SHA1);
+        ctx->mode = ESP_MBEDTLS_SHA1_SOFTWARE;
+    }
+
+    return ret;
 }
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -397,140 +448,4 @@ void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
 }
 #endif
 
-#endif /* !MBEDTLS_SHA1_ALT */
-
-/*
- * output = SHA-1( input buffer )
- */
-int mbedtls_sha1_ret( const unsigned char *input,
-                      size_t ilen,
-                      unsigned char output[20] )
-{
-    int ret;
-    mbedtls_sha1_context ctx;
-
-    mbedtls_sha1_init( &ctx );
-
-    if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_sha1_update_ret( &ctx, input, ilen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_sha1_finish_ret( &ctx, output ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_sha1_free( &ctx );
-
-    return( ret );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1( const unsigned char *input,
-                   size_t ilen,
-                   unsigned char output[20] )
-{
-    mbedtls_sha1_ret( input, ilen, output );
-}
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * FIPS-180-1 test vectors
- */
-static const unsigned char sha1_test_buf[3][57] =
-{
-    { "abc" },
-    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
-    { "" }
-};
-
-static const size_t sha1_test_buflen[3] =
-{
-    3, 56, 1000
-};
-
-static const unsigned char sha1_test_sum[3][20] =
-{
-    { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
-      0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
-    { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
-      0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
-    { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
-      0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_sha1_self_test( int verbose )
-{
-    int i, j, buflen, ret = 0;
-    unsigned char buf[1024];
-    unsigned char sha1sum[20];
-    mbedtls_sha1_context ctx;
-
-    mbedtls_sha1_init( &ctx );
-
-    /*
-     * SHA-1
-     */
-    for( i = 0; i < 3; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  SHA-1 test #%d: ", i + 1 );
-
-        if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )
-            goto fail;
-
-        if( i == 2 )
-        {
-            memset( buf, 'a', buflen = 1000 );
-
-            for( j = 0; j < 1000; j++ )
-            {
-                ret = mbedtls_sha1_update_ret( &ctx, buf, buflen );
-                if( ret != 0 )
-                    goto fail;
-            }
-        }
-        else
-        {
-            ret = mbedtls_sha1_update_ret( &ctx, sha1_test_buf[i],
-                                           sha1_test_buflen[i] );
-            if( ret != 0 )
-                goto fail;
-        }
-
-        if( ( ret = mbedtls_sha1_finish_ret( &ctx, sha1sum ) ) != 0 )
-            goto fail;
-
-        if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
-        {
-            ret = 1;
-            goto fail;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    goto exit;
-
-fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
-
-exit:
-    mbedtls_sha1_free( &ctx );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_SHA1_C */
+#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */
diff --git a/components/ssl/mbedtls/mbedtls/library/sha256.c b/components/mbedtls/port/esp_sha256.c
similarity index 64%
rename from components/ssl/mbedtls/mbedtls/library/sha256.c
rename to components/mbedtls/port/esp_sha256.c
index f39bcbab..7a1e2a14 100644
--- a/components/ssl/mbedtls/mbedtls/library/sha256.c
+++ b/components/mbedtls/port/esp_sha256.c
@@ -1,7 +1,10 @@
 /*
- *  FIPS-180-2 compliant SHA-256 implementation
+ *  SHA-256 implementation with hardware ESP32 support added.
+ *  Uses mbedTLS software implementation for failover when concurrent
+ *  SHA operations are in use.
  *
  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -16,8 +19,8 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  *
- *  This file is part of mbed TLS (https://tls.mbed.org)
  */
+
 /*
  *  The SHA-256 Secure Hash Standard was published by NIST in 2002.
  *
@@ -30,7 +33,7 @@
 #include MBEDTLS_CONFIG_FILE
 #endif
 
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_SHA256_ALT)
 
 #include "mbedtls/sha256.h"
 
@@ -41,14 +44,11 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#include <stdlib.h>
 #define mbedtls_printf printf
-#define mbedtls_calloc    calloc
-#define mbedtls_free       free
 #endif /* MBEDTLS_PLATFORM_C */
 #endif /* MBEDTLS_SELF_TEST */
 
-#if !defined(MBEDTLS_SHA256_ALT)
+#include "esp32/sha.h"
 
 /* Implementation that should never be optimized out by the compiler */
 static void mbedtls_zeroize( void *v, size_t n ) {
@@ -88,6 +88,9 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
     if( ctx == NULL )
         return;
 
+    if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) {
+        esp_sha_unlock_engine(SHA2_256);
+    }
     mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
 }
 
@@ -95,6 +98,14 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
                            const mbedtls_sha256_context *src )
 {
     *dst = *src;
+
+    if (src->mode == ESP_MBEDTLS_SHA256_HARDWARE) {
+        /* Copy hardware digest state out to cloned state,
+           which will become a software digest.
+        */
+        esp_sha_read_digest_state(SHA2_256, dst->state);
+        dst->mode = ESP_MBEDTLS_SHA256_SOFTWARE;
+    }
 }
 
 /*
@@ -131,8 +142,11 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
     }
 
     ctx->is224 = is224;
-
-    return( 0 );
+    if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) {
+        esp_sha_unlock_engine(SHA2_256);
+    }
+    ctx->mode = ESP_MBEDTLS_SHA256_UNUSED;
+    return 0;
 }
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -143,7 +157,6 @@ void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
 }
 #endif
 
-#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
 static const uint32_t K[] =
 {
     0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
@@ -189,8 +202,40 @@ static const uint32_t K[] =
     d += temp1; h = temp1 + temp2;              \
 }
 
-int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
-                                const unsigned char data[64] )
+static void mbedtls_sha256_software_process( mbedtls_sha256_context *ctx, const unsigned char data[64] );
+
+int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] )
+{
+    bool first_block = false;
+
+    if (ctx->mode == ESP_MBEDTLS_SHA256_UNUSED) {
+        /* try to use hardware for this digest */
+        if (!ctx->is224 && esp_sha_try_lock_engine(SHA2_256)) {
+            ctx->mode = ESP_MBEDTLS_SHA256_HARDWARE;
+            first_block = true;
+        } else {
+            ctx->mode = ESP_MBEDTLS_SHA256_SOFTWARE;
+        }
+    }
+
+    if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) {
+        esp_sha_block(SHA2_256, data, first_block);
+    } else {
+        mbedtls_sha256_software_process(ctx, data);
+    }
+
+    return 0;
+}
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
+                             const unsigned char data[64] )
+{
+    mbedtls_internal_sha256_process( ctx, data );
+}
+#endif
+
+static void mbedtls_sha256_software_process( mbedtls_sha256_context *ctx, const unsigned char data[64] )
 {
     uint32_t temp1, temp2, W[64];
     uint32_t A[8];
@@ -243,32 +288,20 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
 
     for( i = 0; i < 8; i++ )
         ctx->state[i] += A[i];
-
-    return( 0 );
 }
 
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
-                             const unsigned char data[64] )
-{
-    mbedtls_internal_sha256_process( ctx, data );
-}
-#endif
-#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
-
 /*
  * SHA-256 process buffer
  */
-int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
-                               const unsigned char *input,
-                               size_t ilen )
+int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input,
+                    size_t ilen )
 {
     int ret;
     size_t fill;
     uint32_t left;
 
     if( ilen == 0 )
-        return( 0 );
+        return 0;
 
     left = ctx->total[0] & 0x3F;
     fill = 64 - left;
@@ -283,8 +316,9 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
     {
         memcpy( (void *) (ctx->buffer + left), input, fill );
 
-        if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
+        if ( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) {
+            return ret;
+        }
 
         input += fill;
         ilen  -= fill;
@@ -293,8 +327,9 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
 
     while( ilen >= 64 )
     {
-        if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 )
-            return( ret );
+        if ( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 ) {
+            return ret;
+        }
 
         input += 64;
         ilen  -= 64;
@@ -303,7 +338,7 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
     if( ilen > 0 )
         memcpy( (void *) (ctx->buffer + left), input, ilen );
 
-    return( 0 );
+    return 0;
 }
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -326,8 +361,7 @@ static const unsigned char sha256_padding[64] =
 /*
  * SHA-256 final digest
  */
-int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
-                               unsigned char output[32] )
+int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] )
 {
     int ret;
     uint32_t last, padn;
@@ -344,11 +378,18 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
     last = ctx->total[0] & 0x3F;
     padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
 
-    if( ( ret = mbedtls_sha256_update_ret( ctx, sha256_padding, padn ) ) != 0 )
-        return( ret );
+    if ( ( ret = mbedtls_sha256_update_ret( ctx, sha256_padding, padn ) ) != 0 ) {
+        goto out;
+    }
 
-    if( ( ret = mbedtls_sha256_update_ret( ctx, msglen, 8 ) ) != 0 )
-        return( ret );
+    if ( ( ret = mbedtls_sha256_update_ret( ctx, msglen, 8 ) ) != 0 ) {
+        goto out;
+    }
+
+    /* if state is in hardware, read it out */
+    if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) {
+        esp_sha_read_digest_state(SHA2_256, ctx->state);
+    }
 
     PUT_UINT32_BE( ctx->state[0], output,  0 );
     PUT_UINT32_BE( ctx->state[1], output,  4 );
@@ -361,7 +402,13 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
     if( ctx->is224 == 0 )
         PUT_UINT32_BE( ctx->state[7], output, 28 );
 
-    return( 0 );
+out:
+    if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) {
+        esp_sha_unlock_engine(SHA2_256);
+        ctx->mode = ESP_MBEDTLS_SHA256_SOFTWARE;
+    }
+
+    return ret;
 }
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -372,179 +419,4 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
 }
 #endif
 
-#endif /* !MBEDTLS_SHA256_ALT */
-
-/*
- * output = SHA-256( input buffer )
- */
-int mbedtls_sha256_ret( const unsigned char *input,
-                        size_t ilen,
-                        unsigned char output[32],
-                        int is224 )
-{
-    int ret;
-    mbedtls_sha256_context ctx;
-
-    mbedtls_sha256_init( &ctx );
-
-    if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_sha256_free( &ctx );
-
-    return( ret );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256( const unsigned char *input,
-                     size_t ilen,
-                     unsigned char output[32],
-                     int is224 )
-{
-    mbedtls_sha256_ret( input, ilen, output, is224 );
-}
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * FIPS-180-2 test vectors
- */
-static const unsigned char sha256_test_buf[3][57] =
-{
-    { "abc" },
-    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
-    { "" }
-};
-
-static const size_t sha256_test_buflen[3] =
-{
-    3, 56, 1000
-};
-
-static const unsigned char sha256_test_sum[6][32] =
-{
-    /*
-     * SHA-224 test vectors
-     */
-    { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
-      0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
-      0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
-      0xE3, 0x6C, 0x9D, 0xA7 },
-    { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
-      0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
-      0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
-      0x52, 0x52, 0x25, 0x25 },
-    { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
-      0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
-      0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
-      0x4E, 0xE7, 0xAD, 0x67 },
-
-    /*
-     * SHA-256 test vectors
-     */
-    { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
-      0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
-      0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
-      0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
-    { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
-      0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
-      0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
-      0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
-    { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
-      0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
-      0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
-      0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_sha256_self_test( int verbose )
-{
-    int i, j, k, buflen, ret = 0;
-    unsigned char *buf;
-    unsigned char sha256sum[32];
-    mbedtls_sha256_context ctx;
-
-    buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
-    if( NULL == buf )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "Buffer allocation failed\n" );
-
-        return( 1 );
-    }
-
-    mbedtls_sha256_init( &ctx );
-
-    for( i = 0; i < 6; i++ )
-    {
-        j = i % 3;
-        k = i < 3;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  SHA-%d test #%d: ", 256 - k * 32, j + 1 );
-
-        if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 )
-            goto fail;
-
-        if( j == 2 )
-        {
-            memset( buf, 'a', buflen = 1000 );
-
-            for( j = 0; j < 1000; j++ )
-            {
-                ret = mbedtls_sha256_update_ret( &ctx, buf, buflen );
-                if( ret != 0 )
-                    goto fail;
-            }
-
-        }
-        else
-        {
-            ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j],
-                                             sha256_test_buflen[j] );
-            if( ret != 0 )
-                 goto fail;
-        }
-
-        if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 )
-            goto fail;
-
-
-        if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
-        {
-            ret = 1;
-            goto fail;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    goto exit;
-
-fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
-
-exit:
-    mbedtls_sha256_free( &ctx );
-    mbedtls_free( buf );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_SHA256_C */
+#endif /* MBEDTLS_SHA256_C && MBEDTLS_SHA256_ALT */
diff --git a/components/ssl/mbedtls/mbedtls/library/sha512.c b/components/mbedtls/port/esp_sha512.c
similarity index 63%
rename from components/ssl/mbedtls/mbedtls/library/sha512.c
rename to components/mbedtls/port/esp_sha512.c
index 97cee07c..58cd7909 100644
--- a/components/ssl/mbedtls/mbedtls/library/sha512.c
+++ b/components/mbedtls/port/esp_sha512.c
@@ -1,7 +1,10 @@
 /*
- *  FIPS-180-2 compliant SHA-384/512 implementation
+ *  SHA-512 implementation with hardware ESP32 support added.
+ *  Uses mbedTLS software implementation for failover when concurrent
+ *  SHA operations are in use.
  *
  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -16,8 +19,8 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  *
- *  This file is part of mbed TLS (https://tls.mbed.org)
  */
+
 /*
  *  The SHA-512 Secure Hash Standard was published by NIST in 2002.
  *
@@ -30,7 +33,7 @@
 #include MBEDTLS_CONFIG_FILE
 #endif
 
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA512_ALT)
 
 #include "mbedtls/sha512.h"
 
@@ -47,14 +50,16 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#include <stdlib.h>
 #define mbedtls_printf printf
-#define mbedtls_calloc    calloc
-#define mbedtls_free       free
 #endif /* MBEDTLS_PLATFORM_C */
 #endif /* MBEDTLS_SELF_TEST */
 
-#if !defined(MBEDTLS_SHA512_ALT)
+#include "esp32/sha.h"
+
+inline static esp_sha_type sha_type(const mbedtls_sha512_context *ctx)
+{
+    return ctx->is384 ? SHA2_384 : SHA2_512;
+}
 
 /* Implementation that should never be optimized out by the compiler */
 static void mbedtls_zeroize( void *v, size_t n ) {
@@ -102,6 +107,9 @@ void mbedtls_sha512_free( mbedtls_sha512_context *ctx )
     if( ctx == NULL )
         return;
 
+    if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) {
+        esp_sha_unlock_engine(sha_type(ctx));
+    }
     mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
 }
 
@@ -109,8 +117,21 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
                            const mbedtls_sha512_context *src )
 {
     *dst = *src;
+
+    if (src->mode == ESP_MBEDTLS_SHA512_HARDWARE) {
+        /* Copy hardware digest state out to cloned state,
+           which will be a software digest.
+
+           Always read 512 bits of state, even for SHA-384
+           (SHA-384 state is identical to SHA-512, only
+           digest is truncated.)
+        */
+        esp_sha_read_digest_state(SHA2_512, dst->state);
+        dst->mode = ESP_MBEDTLS_SHA512_SOFTWARE;
+    }
 }
 
+
 /*
  * SHA-512 context setup
  */
@@ -145,8 +166,12 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
     }
 
     ctx->is384 = is384;
+    if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) {
+        esp_sha_unlock_engine(sha_type(ctx));
+    }
+    ctx->mode = ESP_MBEDTLS_SHA512_UNUSED;
 
-    return( 0 );
+    return 0;
 }
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -157,8 +182,6 @@ void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
 }
 #endif
 
-#if !defined(MBEDTLS_SHA512_PROCESS_ALT)
-
 /*
  * Round constants
  */
@@ -206,8 +229,41 @@ static const uint64_t K[80] =
     UL64(0x5FCB6FAB3AD6FAEC),  UL64(0x6C44198C4A475817)
 };
 
-int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
-                                     const unsigned char data[128] )
+static void mbedtls_sha512_software_process( mbedtls_sha512_context *ctx, const unsigned char data[128] );
+
+int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] )
+{
+    bool first_block = false;
+
+    if (ctx->mode == ESP_MBEDTLS_SHA512_UNUSED) {
+        /* try to use hardware for this digest */
+        if (esp_sha_try_lock_engine(sha_type(ctx))) {
+            ctx->mode = ESP_MBEDTLS_SHA512_HARDWARE;
+            first_block = true;
+        } else {
+            ctx->mode = ESP_MBEDTLS_SHA512_SOFTWARE;
+        }
+    }
+
+    if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) {
+        esp_sha_block(sha_type(ctx), data, first_block);
+    } else {
+        mbedtls_sha512_software_process(ctx, data);
+    }
+
+    return 0;
+}
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+void mbedtls_sha512_process( mbedtls_sha512_context *ctx,
+                             const unsigned char data[128] )
+{
+    mbedtls_internal_sha512_process( ctx, data );
+}
+#endif
+
+
+static void mbedtls_sha512_software_process( mbedtls_sha512_context *ctx, const unsigned char data[128] )
 {
     int i;
     uint64_t temp1, temp2, W[80];
@@ -274,32 +330,20 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
     ctx->state[5] += F;
     ctx->state[6] += G;
     ctx->state[7] += H;
-
-    return( 0 );
 }
 
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512_process( mbedtls_sha512_context *ctx,
-                             const unsigned char data[128] )
-{
-    mbedtls_internal_sha512_process( ctx, data );
-}
-#endif
-#endif /* !MBEDTLS_SHA512_PROCESS_ALT */
-
 /*
  * SHA-512 process buffer
  */
-int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
-                               const unsigned char *input,
-                               size_t ilen )
+int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input,
+                    size_t ilen )
 {
     int ret;
     size_t fill;
     unsigned int left;
 
     if( ilen == 0 )
-        return( 0 );
+        return 0;
 
     left = (unsigned int) (ctx->total[0] & 0x7F);
     fill = 128 - left;
@@ -312,9 +356,9 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
     if( left && ilen >= fill )
     {
         memcpy( (void *) (ctx->buffer + left), input, fill );
-
-        if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
+        if ( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 ) {
+            return ret;
+        }
 
         input += fill;
         ilen  -= fill;
@@ -323,8 +367,9 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
 
     while( ilen >= 128 )
     {
-        if( ( ret = mbedtls_internal_sha512_process( ctx, input ) ) != 0 )
-            return( ret );
+        if ( ( ret = mbedtls_internal_sha512_process( ctx, input ) ) != 0 ) {
+            return ret;
+        }
 
         input += 128;
         ilen  -= 128;
@@ -333,7 +378,7 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
     if( ilen > 0 )
         memcpy( (void *) (ctx->buffer + left), input, ilen );
 
-    return( 0 );
+    return 0;
 }
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -345,6 +390,7 @@ void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
 }
 #endif
 
+
 static const unsigned char sha512_padding[128] =
 {
  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -360,8 +406,7 @@ static const unsigned char sha512_padding[128] =
 /*
  * SHA-512 final digest
  */
-int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
-                               unsigned char output[64] )
+int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] )
 {
     int ret;
     size_t last, padn;
@@ -378,11 +423,18 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
     last = (size_t)( ctx->total[0] & 0x7F );
     padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
 
-    if( ( ret = mbedtls_sha512_update_ret( ctx, sha512_padding, padn ) ) != 0 )
-            return( ret );
+    if ( ( ret = mbedtls_sha512_update_ret( ctx, sha512_padding, padn ) ) != 0 ) {
+        goto out;
+    }
 
-    if( ( ret = mbedtls_sha512_update_ret( ctx, msglen, 16 ) ) != 0 )
-            return( ret );
+    if ( ( ret = mbedtls_sha512_update_ret( ctx, msglen, 16 ) ) != 0 ) {
+        goto out;
+    }
+
+    /* if state is in hardware, read it out */
+    if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) {
+        esp_sha_read_digest_state(sha_type(ctx), ctx->state);
+    }
 
     PUT_UINT64_BE( ctx->state[0], output,  0 );
     PUT_UINT64_BE( ctx->state[1], output,  8 );
@@ -397,7 +449,13 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
         PUT_UINT64_BE( ctx->state[7], output, 56 );
     }
 
-    return( 0 );
+out:
+    if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) {
+        esp_sha_unlock_engine(sha_type(ctx));
+        ctx->mode = ESP_MBEDTLS_SHA512_SOFTWARE;
+    }
+
+    return ret;
 }
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -408,197 +466,4 @@ void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
 }
 #endif
 
-#endif /* !MBEDTLS_SHA512_ALT */
-
-/*
- * output = SHA-512( input buffer )
- */
-int mbedtls_sha512_ret( const unsigned char *input,
-                    size_t ilen,
-                    unsigned char output[64],
-                    int is384 )
-{
-    int ret;
-    mbedtls_sha512_context ctx;
-
-    mbedtls_sha512_init( &ctx );
-
-    if( ( ret = mbedtls_sha512_starts_ret( &ctx, is384 ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_sha512_update_ret( &ctx, input, ilen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_sha512_finish_ret( &ctx, output ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_sha512_free( &ctx );
-
-    return( ret );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512( const unsigned char *input,
-                     size_t ilen,
-                     unsigned char output[64],
-                     int is384 )
-{
-    mbedtls_sha512_ret( input, ilen, output, is384 );
-}
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/*
- * FIPS-180-2 test vectors
- */
-static const unsigned char sha512_test_buf[3][113] =
-{
-    { "abc" },
-    { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
-      "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" },
-    { "" }
-};
-
-static const size_t sha512_test_buflen[3] =
-{
-    3, 112, 1000
-};
-
-static const unsigned char sha512_test_sum[6][64] =
-{
-    /*
-     * SHA-384 test vectors
-     */
-    { 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
-      0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
-      0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
-      0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
-      0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
-      0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 },
-    { 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8,
-      0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47,
-      0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2,
-      0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12,
-      0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9,
-      0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 },
-    { 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB,
-      0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C,
-      0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
-      0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
-      0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
-      0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 },
-
-    /*
-     * SHA-512 test vectors
-     */
-    { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
-      0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
-      0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
-      0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A,
-      0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8,
-      0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
-      0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E,
-      0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F },
-    { 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA,
-      0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F,
-      0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1,
-      0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18,
-      0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4,
-      0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A,
-      0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54,
-      0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 },
-    { 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64,
-      0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63,
-      0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28,
-      0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB,
-      0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A,
-      0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B,
-      0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
-      0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_sha512_self_test( int verbose )
-{
-    int i, j, k, buflen, ret = 0;
-    unsigned char *buf;
-    unsigned char sha512sum[64];
-    mbedtls_sha512_context ctx;
-
-    buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
-    if( NULL == buf )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "Buffer allocation failed\n" );
-
-        return( 1 );
-    }
-
-    mbedtls_sha512_init( &ctx );
-
-    for( i = 0; i < 6; i++ )
-    {
-        j = i % 3;
-        k = i < 3;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  SHA-%d test #%d: ", 512 - k * 128, j + 1 );
-
-        if( ( ret = mbedtls_sha512_starts_ret( &ctx, k ) ) != 0 )
-            goto fail;
-
-        if( j == 2 )
-        {
-            memset( buf, 'a', buflen = 1000 );
-
-            for( j = 0; j < 1000; j++ )
-            {
-                ret = mbedtls_sha512_update_ret( &ctx, buf, buflen );
-                if( ret != 0 )
-                    goto fail;
-            }
-        }
-        else
-        {
-            ret = mbedtls_sha512_update_ret( &ctx, sha512_test_buf[j],
-                                             sha512_test_buflen[j] );
-            if( ret != 0 )
-                goto fail;
-        }
-
-        if( ( ret = mbedtls_sha512_finish_ret( &ctx, sha512sum ) ) != 0 )
-            goto fail;
-
-        if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 )
-        {
-            ret = 1;
-            goto fail;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    goto exit;
-
-fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
-
-exit:
-    mbedtls_sha512_free( &ctx );
-    mbedtls_free( buf );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_SHA512_C && MBEDTLS_SHA512_ALT */
diff --git a/components/mbedtls/port/esp_timing.c b/components/mbedtls/port/esp_timing.c
new file mode 100644
index 00000000..93a34f5f
--- /dev/null
+++ b/components/mbedtls/port/esp_timing.c
@@ -0,0 +1,102 @@
+/*
+ *  Portable interface to the CPU cycle counter
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * mbedtls_timing_get_timer()m mbedtls_timing_set_delay() and
+ * mbedtls_timing_set_delay only abstracted from mbedtls/library/timing.c
+ * as that does not build on ESP-IDF but these 2 functions are needed for
+ * DTLS (in particular mbedtls_ssl_set_timer_cb() must be called for DTLS
+ * which requires these 2 delay functions).
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if !defined(MBEDTLS_ESP_TIMING_C)
+
+#include <sys/time.h>
+#include "mbedtls/timing.h"
+
+struct _hr_time
+{
+    struct timeval start;
+};
+
+unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset )
+{
+    struct _hr_time *t = (struct _hr_time *) val;
+
+    if( reset )
+    {
+        gettimeofday( &t->start, NULL );
+        return( 0 );
+    }
+    else
+    {
+        unsigned long delta;
+        struct timeval now;
+        gettimeofday( &now, NULL );
+        delta = ( now.tv_sec  - t->start.tv_sec  ) * 1000ul
+              + ( now.tv_usec - t->start.tv_usec ) / 1000;
+        return( delta );
+    }
+}
+
+/*
+ * Set delays to watch
+ */
+void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms )
+{
+    mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data;
+
+    ctx->int_ms = int_ms;
+    ctx->fin_ms = fin_ms;
+
+    if( fin_ms != 0 )
+        (void) mbedtls_timing_get_timer( &ctx->timer, 1 );
+}
+
+/*
+ * Get number of delays expired
+ */
+int mbedtls_timing_get_delay( void *data )
+{
+    mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data;
+    unsigned long elapsed_ms;
+
+    if( ctx->fin_ms == 0 )
+        return( -1 );
+
+    elapsed_ms = mbedtls_timing_get_timer( &ctx->timer, 0 );
+
+    if( elapsed_ms >= ctx->fin_ms )
+        return( 2 );
+
+    if( elapsed_ms >= ctx->int_ms )
+        return( 1 );
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_ESP_TIMING_C */
diff --git a/components/mbedtls/port/include/aes_alt.h b/components/mbedtls/port/include/aes_alt.h
new file mode 100644
index 00000000..993d0689
--- /dev/null
+++ b/components/mbedtls/port/include/aes_alt.h
@@ -0,0 +1,69 @@
+/**
+ * \file aes_alt.h
+ *
+ * \brief AES block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+#ifndef AES_ALT_H
+#define AES_ALT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MBEDTLS_AES_ALT)
+#include "esp32/aes.h"
+
+typedef esp_aes_context mbedtls_aes_context;
+
+#define mbedtls_aes_init            esp_aes_init
+#define mbedtls_aes_free            esp_aes_free
+#define mbedtls_aes_setkey_enc      esp_aes_setkey
+#define mbedtls_aes_setkey_dec      esp_aes_setkey
+#define mbedtls_aes_crypt_ecb       esp_aes_crypt_ecb
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#define mbedtls_aes_crypt_cbc       esp_aes_crypt_cbc
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+#define mbedtls_aes_crypt_cfb128    esp_aes_crypt_cfb128
+#define mbedtls_aes_crypt_cfb8      esp_aes_crypt_cfb8
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+#define mbedtls_aes_crypt_ctr       esp_aes_crypt_ctr
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+#define mbedtls_aes_crypt_ofb       esp_aes_crypt_ofb
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+typedef esp_aes_xts_context mbedtls_aes_xts_context;
+#define mbedtls_aes_xts_init            esp_aes_xts_init
+#define mbedtls_aes_xts_free            esp_aes_xts_free
+#define mbedtls_aes_xts_setkey_enc      esp_aes_xts_setkey_enc
+#define mbedtls_aes_xts_setkey_dec      esp_aes_xts_setkey_dec
+#define mbedtls_aes_crypt_xts       esp_aes_crypt_xts
+#endif
+#define mbedtls_internal_aes_encrypt         esp_internal_aes_encrypt
+#define mbedtls_internal_aes_decrypt         esp_internal_aes_decrypt
+#endif /* MBEDTLS_AES_ALT */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/components/mbedtls/port/include/esp32/aes.h b/components/mbedtls/port/include/esp32/aes.h
new file mode 100644
index 00000000..10719301
--- /dev/null
+++ b/components/mbedtls/port/include/esp32/aes.h
@@ -0,0 +1,359 @@
+/**
+ * \brief AES block cipher, ESP32 hardware accelerated version
+ * Based on mbedTLS FIPS-197 compliant version.
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+#ifndef ESP_AES_H
+#define ESP_AES_H
+
+#include "esp_types.h"
+#include "esp32/rom/aes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* padlock.c and aesni.c rely on these values! */
+#define ESP_AES_ENCRYPT     1
+#define ESP_AES_DECRYPT     0
+
+#define ERR_ESP_AES_INVALID_KEY_LENGTH                -0x0020  /**< Invalid key length. */
+#define ERR_ESP_AES_INVALID_INPUT_LENGTH              -0x0022  /**< Invalid data input length. */
+
+/**
+ * \brief          AES context structure
+ *
+ */
+typedef struct {
+    uint8_t key_bytes;
+    volatile uint8_t key_in_hardware; /* This variable is used for fault injection checks, so marked volatile to avoid optimisation */
+    uint8_t key[32];
+} esp_aes_context;
+
+/**
+ * \brief The AES XTS context-type definition.
+ */
+typedef struct
+{
+    esp_aes_context crypt; /*!< The AES context to use for AES block
+                                        encryption or decryption. */
+    esp_aes_context tweak; /*!< The AES context used for tweak
+                                        computation. */
+} esp_aes_xts_context;
+
+
+/**
+ * \brief Lock access to AES hardware unit
+ *
+ * AES hardware unit can only be used by one
+ * consumer at a time.
+ *
+ * esp_aes_xxx API calls automatically manage locking & unlocking of
+ * hardware, this function is only needed if you want to call
+ * ets_aes_xxx functions directly.
+ */
+void esp_aes_acquire_hardware( void );
+
+/**
+ * \brief Unlock access to AES hardware unit
+ *
+ * esp_aes_xxx API calls automatically manage locking & unlocking of
+ * hardware, this function is only needed if you want to call
+ * ets_aes_xxx functions directly.
+ */
+void esp_aes_release_hardware( void );
+
+/**
+ * \brief          Initialize AES context
+ *
+ * \param ctx      AES context to be initialized
+ */
+void esp_aes_init( esp_aes_context *ctx );
+
+/**
+ * \brief          Clear AES context
+ *
+ * \param ctx      AES context to be cleared
+ */
+void esp_aes_free( esp_aes_context *ctx );
+
+/**
+ * \brief          This function initializes the specified AES XTS context.
+ *
+ *                 It must be the first API called before using
+ *                 the context.
+ *
+ * \param ctx      The AES XTS context to initialize.
+ */
+void esp_aes_xts_init( esp_aes_xts_context *ctx );
+
+/**
+ * \brief          This function releases and clears the specified AES XTS context.
+ *
+ * \param ctx      The AES XTS context to clear.
+ */
+void esp_aes_xts_free( esp_aes_xts_context *ctx );
+
+/**
+ * \brief          AES set key schedule (encryption or decryption)
+ *
+ * \param ctx      AES context to be initialized
+ * \param key      encryption key
+ * \param keybits  must be 128, 192 or 256
+ *
+ * \return         0 if successful, or ERR_AES_INVALID_KEY_LENGTH
+ */
+int esp_aes_setkey( esp_aes_context *ctx, const unsigned char *key, unsigned int keybits );
+
+/**
+ * \brief          AES-ECB block encryption/decryption
+ *
+ * \param ctx      AES context
+ * \param mode     AES_ENCRYPT or AES_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 if successful
+ */
+int esp_aes_crypt_ecb( esp_aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16] );
+
+/**
+ * \brief          AES-CBC buffer encryption/decryption
+ *                 Length should be a multiple of the block
+ *                 size (16 bytes)
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      AES context
+ * \param mode     AES_ENCRYPT or AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful, or ERR_AES_INVALID_INPUT_LENGTH
+ */
+int esp_aes_crypt_cbc( esp_aes_context *ctx,
+                       int mode,
+                       size_t length,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+
+
+/**
+ * \brief          AES-CFB128 buffer encryption/decryption.
+ *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * esp_aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      AES context
+ * \param mode     AES_ENCRYPT or AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv_off   offset in IV (updated after use)
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful
+ */
+int esp_aes_crypt_cfb128( esp_aes_context *ctx,
+                          int mode,
+                          size_t length,
+                          size_t *iv_off,
+                          unsigned char iv[16],
+                          const unsigned char *input,
+                          unsigned char *output );
+
+/**
+ * \brief          AES-CFB8 buffer encryption/decryption.
+ *
+ * Note: Due to the nature of CFB you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * esp_aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
+ *
+ * \note           Upon exit, the content of the IV is updated so that you can
+ *                 call the function same function again on the following
+ *                 block(s) of data and get the same result as if it was
+ *                 encrypted in one call. This allows a "streaming" usage.
+ *                 If on the other hand you need to retain the contents of the
+ *                 IV, you should either save it manually or use the cipher
+ *                 module instead.
+ *
+ * \param ctx      AES context
+ * \param mode     AES_ENCRYPT or AES_DECRYPT
+ * \param length   length of the input data
+ * \param iv       initialization vector (updated after use)
+ * \param input    buffer holding the input data
+ * \param output   buffer holding the output data
+ *
+ * \return         0 if successful
+ */
+int esp_aes_crypt_cfb8( esp_aes_context *ctx,
+                        int mode,
+                        size_t length,
+                        unsigned char iv[16],
+                        const unsigned char *input,
+                        unsigned char *output );
+
+/**
+ * \brief               AES-CTR buffer encryption/decryption
+ *
+ * Warning: You have to keep the maximum use of your counter in mind!
+ *
+ * Note: Due to the nature of CTR you should use the same key schedule for
+ * both encryption and decryption. So a context initialized with
+ * esp_aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
+ *
+ * \param ctx           AES context
+ * \param length        The length of the data
+ * \param nc_off        The offset in the current stream_block (for resuming
+ *                      within current cipher stream). The offset pointer to
+ *                      should be 0 at the start of a stream.
+ * \param nonce_counter The 128-bit nonce and counter.
+ * \param stream_block  The saved stream-block for resuming. Is overwritten
+ *                      by the function.
+ * \param input         The input data stream
+ * \param output        The output data stream
+ *
+ * \return         0 if successful
+ */
+int esp_aes_crypt_ctr( esp_aes_context *ctx,
+                       size_t length,
+                       size_t *nc_off,
+                       unsigned char nonce_counter[16],
+                       unsigned char stream_block[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+
+/**
+ * \brief          This function prepares an XTS context for encryption and
+ *                 sets the encryption key.
+ *
+ * \param ctx      The AES XTS context to which the key should be bound.
+ * \param key      The encryption key. This is comprised of the XTS key1
+ *                 concatenated with the XTS key2.
+ * \param keybits  The size of \p key passed in bits. Valid options are:
+ *                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
+ *                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
+ *
+ * \return         \c 0 on success.
+ * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+ */
+int esp_aes_xts_setkey_enc( esp_aes_xts_context *ctx,
+                                const unsigned char *key,
+                                unsigned int keybits );
+
+/**
+ * \brief       This function performs an AES-OFB (Output Feedback Mode)
+ *              encryption or decryption operation.
+ *
+ * \param ctx      The AES context to use for encryption or decryption.
+ *                 It must be initialized and bound to a key.
+ * \param length   The length of the input data.
+ * \param iv_off   The offset in IV (updated after use).
+ *                 It must point to a valid \c size_t.
+ * \param iv       The initialization vector (updated after use).
+ *                 It must be a readable and writeable buffer of \c 16 Bytes.
+ * \param input    The buffer holding the input data.
+ *                 It must be readable and of size \p length Bytes.
+ * \param output   The buffer holding the output data.
+ *                 It must be writeable and of size \p length Bytes.
+ *
+ * \return         \c 0 on success.
+ */
+int esp_aes_crypt_ofb( esp_aes_context *ctx,
+                       size_t length,
+                       size_t *iv_off,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output );
+
+/**
+ * \brief          This function prepares an XTS context for decryption and
+ *                 sets the decryption key.
+ *
+ * \param ctx      The AES XTS context to which the key should be bound.
+ * \param key      The decryption key. This is comprised of the XTS key1
+ *                 concatenated with the XTS key2.
+ * \param keybits  The size of \p key passed in bits. Valid options are:
+ *                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
+ *                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
+ *
+ * \return         \c 0 on success.
+ * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
+ */
+int esp_aes_xts_setkey_dec( esp_aes_xts_context *ctx,
+                                const unsigned char *key,
+                                unsigned int keybits );
+
+
+/**
+ * \brief           Internal AES block encryption function
+ *                  (Only exposed to allow overriding it,
+ *                  see AES_ENCRYPT_ALT)
+ *
+ * \param ctx       AES context
+ * \param input     Plaintext block
+ * \param output    Output (ciphertext) block
+ */
+int esp_internal_aes_encrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] );
+
+/** Deprecated, see esp_aes_internal_encrypt */
+void esp_aes_encrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) __attribute__((deprecated));
+
+/**
+ * \brief           Internal AES block decryption function
+ *                  (Only exposed to allow overriding it,
+ *                  see AES_DECRYPT_ALT)
+ *
+ * \param ctx       AES context
+ * \param input     Ciphertext block
+ * \param output    Output (plaintext) block
+ */
+int esp_internal_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] );
+
+/** Deprecated, see esp_aes_internal_decrypt */
+void esp_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) __attribute__((deprecated));
+
+/** AES-XTS buffer encryption/decryption */
+int esp_aes_crypt_xts( esp_aes_xts_context *ctx, int mode, size_t length, const unsigned char data_unit[16], const unsigned char *input, unsigned char *output );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* aes.h */
diff --git a/components/mbedtls/port/include/esp32/sha.h b/components/mbedtls/port/include/esp32/sha.h
new file mode 100644
index 00000000..2009d198
--- /dev/null
+++ b/components/mbedtls/port/include/esp32/sha.h
@@ -0,0 +1,211 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#ifndef _ESP_SHA_H_
+#define _ESP_SHA_H_
+
+#include "esp32/rom/sha.h"
+#include "esp_types.h"
+
+/** @brief Low-level support functions for the hardware SHA engine
+ *
+ * @note If you're looking for a SHA API to use, try mbedtls component
+ * mbedtls/shaXX.h. That API supports hardware acceleration.
+ *
+ * The API in this header provides some building blocks for implementing a
+ * full SHA API such as the one in mbedtls, and also a basic SHA function esp_sha().
+ *
+ * Some technical details about the hardware SHA engine:
+ *
+ * - SHA accelerator engine calculates one digest at a time, per SHA
+ *   algorithm type. It initialises and maintains the digest state
+ *   internally. It is possible to read out an in-progress SHA digest
+ *   state, but it is not possible to restore a SHA digest state
+ *   into the engine.
+ *
+ * - The memory block SHA_TEXT_BASE is shared between all SHA digest
+ *   engines, so all engines must be idle before this memory block is
+ *   modified.
+ *
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Defined in esp32/rom/sha.h */
+typedef enum SHA_TYPE esp_sha_type;
+
+/** @brief Calculate SHA1 or SHA2 sum of some data, using hardware SHA engine
+ *
+ * @note For more versatile SHA calculations, where data doesn't need
+ * to be passed all at once, try the mbedTLS mbedtls/shaX.h APIs. The
+ * hardware-accelerated mbedTLS implementation is also faster when
+ * hashing large amounts of data.
+ *
+ * @note It is not necessary to lock any SHA hardware before calling
+ * this function, thread safety is managed internally.
+ *
+ * @note If a TLS connection is open then this function may block
+ * indefinitely waiting for a SHA engine to become available. Use the
+ * mbedTLS SHA API to avoid this problem.
+ *
+ * @param sha_type SHA algorithm to use.
+ *
+ * @param input Input data buffer.
+ *
+ * @param ilen Length of input data in bytes.
+ *
+ * @param output Buffer for output SHA digest. Output is 20 bytes for
+ * sha_type SHA1, 32 bytes for sha_type SHA2_256, 48 bytes for
+ * sha_type SHA2_384, 64 bytes for sha_type SHA2_512.
+ */
+void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output);
+
+/* @brief Begin to execute a single SHA block operation
+ *
+ * @note This is a piece of a SHA algorithm, rather than an entire SHA
+ * algorithm.
+ *
+ * @note Call esp_sha_try_lock_engine() before calling this
+ * function. Do not call esp_sha_lock_memory_block() beforehand, this
+ * is done inside the function.
+ *
+ * @param sha_type SHA algorithm to use.
+ *
+ * @param data_block Pointer to block of data. Block size is
+ * determined by algorithm (SHA1/SHA2_256 = 64 bytes,
+ * SHA2_384/SHA2_512 = 128 bytes)
+ *
+ * @param is_first_block If this parameter is true, the SHA state will
+ * be initialised (with the initial state of the given SHA algorithm)
+ * before the block is calculated. If false, the existing state of the
+ * SHA engine will be used.
+ *
+ * @return As a performance optimisation, this function returns before
+ * the SHA block operation is complete. Both this function and
+ * esp_sha_read_state() will automatically wait for any previous
+ * operation to complete before they begin. If using the SHA registers
+ * directly in another way, call esp_sha_wait_idle() after calling this
+ * function but before accessing the SHA registers.
+ */
+void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block);
+
+/** @brief Read out the current state of the SHA digest loaded in the engine.
+ *
+ * @note This is a piece of a SHA algorithm, rather than an entire SHA algorithm.
+ *
+ * @note Call esp_sha_try_lock_engine() before calling this
+ * function. Do not call esp_sha_lock_memory_block() beforehand, this
+ * is done inside the function.
+ *
+ * If the SHA suffix padding block has been executed already, the
+ * value that is read is the SHA digest (in big endian
+ * format). Otherwise, the value that is read is an interim SHA state.
+ *
+ * @note If sha_type is SHA2_384, only 48 bytes of state will be read.
+ * This is enough for the final SHA2_384 digest, but if you want the
+ * interim SHA-384 state (to continue digesting) then pass SHA2_512 instead.
+ *
+ * @param sha_type SHA algorithm in use.
+ *
+ * @param state Pointer to a memory buffer to hold the SHA state. Size
+ * is 20 bytes (SHA1), 32 bytes (SHA2_256), 48 bytes (SHA2_384) or 64 bytes (SHA2_512).
+ *
+ */
+void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state);
+
+/**
+ * @brief Obtain exclusive access to a particular SHA engine
+ *
+ * @param sha_type Type of SHA engine to use.
+ *
+ * Blocks until engine is available. Note: Can block indefinitely
+ * while a TLS connection is open, suggest using
+ * esp_sha_try_lock_engine() and failing over to software SHA.
+ */
+void esp_sha_lock_engine(esp_sha_type sha_type);
+
+/**
+ * @brief Try and obtain exclusive access to a particular SHA engine
+ *
+ * @param sha_type Type of SHA engine to use.
+ *
+ * @return Returns true if the SHA engine is locked for exclusive
+ * use. Call esp_sha_unlock_sha_engine() when done.  Returns false if
+ * the SHA engine is already in use, caller should use software SHA
+ * algorithm for this digest.
+ */
+bool esp_sha_try_lock_engine(esp_sha_type sha_type);
+
+/**
+ * @brief Unlock an engine previously locked with esp_sha_lock_engine() or esp_sha_try_lock_engine()
+ *
+ * @param sha_type Type of engine to release.
+ */
+void esp_sha_unlock_engine(esp_sha_type sha_type);
+
+/**
+ * @brief Acquire exclusive access to the SHA shared memory block at SHA_TEXT_BASE
+ *
+ * This memory block is shared across all the SHA algorithm types.
+ *
+ * Caller should have already locked a SHA engine before calling this function.
+ *
+ * Note that it is possible to obtain exclusive access to the memory block even
+ * while it is in use by the SHA engine. Caller should use esp_sha_wait_idle()
+ * to ensure the SHA engine is not reading from the memory block in hardware.
+ *
+ * @note This function enters a critical section. Do not block while holding this lock.
+ *
+ * @note You do not need to lock the memory block before calling esp_sha_block() or esp_sha_read_digest_state(), these functions handle memory block locking internally.
+ *
+ * Call esp_sha_unlock_memory_block() when done.
+ */
+void esp_sha_lock_memory_block(void);
+
+/**
+ * @brief Release exclusive access to the SHA register memory block at SHA_TEXT_BASE
+ *
+ * Caller should have already locked a SHA engine before calling this function.
+ *
+ * This function releases the critical section entered by esp_sha_lock_memory_block().
+ *
+ * Call following esp_sha_lock_memory_block().
+ */
+void esp_sha_unlock_memory_block(void);
+
+/** @brief Wait for the SHA engine to finish any current operation
+ *
+ * @note This function does not ensure exclusive access to any SHA
+ * engine. Caller should use esp_sha_try_lock_engine() and
+ * esp_sha_lock_memory_block() as required.
+ *
+ * @note Functions declared in this header file wait for SHA engine
+ * completion automatically, so you don't need to use this API for
+ * these. However if accessing SHA registers directly, you will need
+ * to call this before accessing SHA registers if using the
+ * esp_sha_block() function.
+ *
+ * @note This function busy-waits, so wastes CPU resources.
+ * Best to delay calling until you are about to need it.
+ *
+ */
+void esp_sha_wait_idle(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/components/mbedtls/port/include/esp_mem.h b/components/mbedtls/port/include/esp_mem.h
new file mode 100644
index 00000000..da740830
--- /dev/null
+++ b/components/mbedtls/port/include/esp_mem.h
@@ -0,0 +1,20 @@
+// Copyright 2018 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#pragma once
+
+#include <stdlib.h>
+
+void *esp_mbedtls_mem_calloc(size_t n, size_t size);
+void esp_mbedtls_mem_free(void *ptr);
diff --git a/components/mbedtls/port/include/mbedtls/bignum.h b/components/mbedtls/port/include/mbedtls/bignum.h
new file mode 100644
index 00000000..23cd5634
--- /dev/null
+++ b/components/mbedtls/port/include/mbedtls/bignum.h
@@ -0,0 +1,78 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#ifndef __ESP_MBEDTLS_BIGNUM_H__
+#define __ESP_MBEDTLS_BIGNUM_H__
+
+#include_next "mbedtls/bignum.h"
+
+/**
+ * This is a wrapper for the main mbedtls/bignum.h. This wrapper
+ * provides a few additional ESP32-only functions.
+ *
+ * This is because we don't set MBEDTLS_BIGNUM_ALT in the same way we
+ * do for AES, SHA, etc. Because we still use most of the bignum.h
+ * implementation and just replace a few hardware accelerated
+ * functions (see MBEDTLS_MPI_EXP_MOD_ALT & MBEDTLS_MPI_MUL_MPI_ALT in
+ * esp_config.h).
+ *
+ * @note Unlike the other hardware accelerator support functions in esp32/hwcrypto, there is no
+ * generic "hwcrypto/bignum.h" header for using these functions without mbedTLS. The reason for this
+ * is that all of the function implementations depend strongly upon the mbedTLS MPI implementation.
+ */
+
+/**
+ * @brief Lock access to RSA Accelerator (MPI/bignum operations)
+ *
+ * RSA Accelerator hardware unit can only be used by one
+ * consumer at a time.
+ *
+ * @note This function is non-recursive (do not call it twice from the
+ * same task.)
+ *
+ * @note You do not need to call this if you are using the mbedTLS bignum.h
+ * API or esp_mpi_xxx functions. This function is only needed if you
+ * want to call ROM RSA functions or access the registers directly.
+ *
+ */
+void esp_mpi_acquire_hardware(void);
+
+/**
+ * @brief Unlock access to RSA Accelerator (MPI/bignum operations)
+ *
+ * Has to be called once for each call to esp_mpi_acquire_hardware().
+ *
+ * @note You do not need to call this if you are using the mbedTLS bignum.h
+ * API or esp_mpi_xxx functions. This function is only needed if you
+ * want to call ROM RSA functions or access the registers directly.
+ */
+void esp_mpi_release_hardware(void);
+
+/* @brief MPI modular mupltiplication function
+ *
+ * Calculates Z = (X * Y) mod M using MPI hardware acceleration.
+ *
+ * This is not part of the standard mbedTLS bignum API.
+ *
+ * @note All of X, Y & Z should be less than 4096 bit long or an error is returned.
+ *
+ * @param Z Result bignum, should be pre-initialised with mbedtls_mpi_init().
+ * @param X First multiplication argument.
+ * @param Y Second multiplication argument.
+ * @param M Modulus value for result.
+ *
+ * @return 0 on success, mbedTLS MPI error codes on failure.
+ */
+int esp_mpi_mul_mpi_mod(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M);
+
+#endif
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
similarity index 57%
rename from components/ssl/mbedtls/mbedtls/include/mbedtls/config.h
rename to components/mbedtls/port/include/mbedtls/esp_config.h
index 9796129d..bdb9bf61 100644
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/config.h
+++ b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -1,13 +1,11 @@
 /**
- * \file config.h
  *
- * \brief Configuration options (set of defines)
+ * \brief Default mbedTLS configuration options for esp-idf
  *
  *  This set of compile-time options may be used to enable
  *  or disable features selectively, and reduce the global
  *  memory footprint.
- */
-/*
+ *
  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
  *  SPDX-License-Identifier: Apache-2.0
  *
@@ -26,12 +24,11 @@
  *  This file is part of mbed TLS (https://tls.mbed.org)
  */
 
-#ifndef MBEDTLS_CONFIG_H
-#define MBEDTLS_CONFIG_H
+#ifndef ESP_CONFIG_H
+#define ESP_CONFIG_H
 
-#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
-#define _CRT_SECURE_NO_DEPRECATE 1
-#endif
+#include "sdkconfig.h"
+#include "mbedtls/config.h"
 
 /**
  * \name SECTION: System support
@@ -40,59 +37,6 @@
  * \{
  */
 
-/**
- * \def MBEDTLS_HAVE_ASM
- *
- * The compiler has support for asm().
- *
- * Requires support for asm() in compiler.
- *
- * Used in:
- *      library/timing.c
- *      library/padlock.c
- *      include/mbedtls/bn_mul.h
- *
- * Comment to disable the use of assembly code.
- */
-#define MBEDTLS_HAVE_ASM
-
-/**
- * \def MBEDTLS_NO_UDBL_DIVISION
- *
- * The platform lacks support for double-width integer division (64-bit
- * division on a 32-bit platform, 128-bit division on a 64-bit platform).
- *
- * Used in:
- *      include/mbedtls/bignum.h
- *      library/bignum.c
- *
- * The bignum code uses double-width division to speed up some operations.
- * Double-width division is often implemented in software that needs to
- * be linked with the program. The presence of a double-width integer
- * type is usually detected automatically through preprocessor macros,
- * but the automatic detection cannot know whether the code needs to
- * and can be linked with an implementation of division for that type.
- * By default division is assumed to be usable if the type is present.
- * Uncomment this option to prevent the use of double-width division.
- *
- * Note that division for the native integer type is always required.
- * Furthermore, a 64-bit type is always required even on a 32-bit
- * platform, but it need not support multiplication or division. In some
- * cases it is also desirable to disable some double-width operations. For
- * example, if double-width division is implemented in software, disabling
- * it can reduce code size in some embedded targets.
- */
-//#define MBEDTLS_NO_UDBL_DIVISION
-
-/**
- * \def MBEDTLS_HAVE_SSE2
- *
- * CPU supports SSE2 instruction set.
- *
- * Uncomment if the CPU supports SSE2 (IA-32 specific).
- */
-//#define MBEDTLS_HAVE_SSE2
-
 /**
  * \def MBEDTLS_HAVE_TIME
  *
@@ -100,13 +44,13 @@
  * The time does not need to be correct, only time differences are used,
  * by contrast with MBEDTLS_HAVE_TIME_DATE
  *
- * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
- * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
- * MBEDTLS_PLATFORM_STD_TIME.
- *
  * Comment if your system does not support time functions
  */
+#ifdef CONFIG_MBEDTLS_HAVE_TIME
 #define MBEDTLS_HAVE_TIME
+#else
+#undef MBEDTLS_HAVE_TIME
+#endif
 
 /**
  * \def MBEDTLS_HAVE_TIME_DATE
@@ -118,7 +62,11 @@
  *
  * Comment if your system does not have a correct clock.
  */
+#ifdef CONFIG_MBEDTLS_HAVE_TIME_DATE
 #define MBEDTLS_HAVE_TIME_DATE
+#else
+#undef MBEDTLS_HAVE_TIME_DATE
+#endif
 
 /**
  * \def MBEDTLS_PLATFORM_MEMORY
@@ -142,84 +90,14 @@
  *
  * Enable this layer to allow use of alternative memory allocators.
  */
-//#define MBEDTLS_PLATFORM_MEMORY
+#define MBEDTLS_PLATFORM_MEMORY
 
-/**
- * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
- *
- * Do not assign standard functions in the platform layer (e.g. calloc() to
- * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
- *
- * This makes sure there are no linking errors on platforms that do not support
- * these functions. You will HAVE to provide alternatives, either at runtime
- * via the platform_set_xxx() functions or at compile time by setting
- * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
- * MBEDTLS_PLATFORM_XXX_MACRO.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Uncomment to prevent default assignment of standard functions in the
- * platform layer.
- */
-//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-
-/**
- * \def MBEDTLS_PLATFORM_EXIT_ALT
- *
- * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
- * function in the platform abstraction layer.
- *
- * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
- * provide a function "mbedtls_platform_set_printf()" that allows you to set an
- * alternative printf function pointer.
- *
- * All these define require MBEDTLS_PLATFORM_C to be defined!
- *
- * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
- * it will be enabled automatically by check_config.h
- *
- * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
- * MBEDTLS_PLATFORM_XXX_MACRO!
- *
- * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
- *
- * Uncomment a macro to enable alternate implementation of specific base
- * platform function
- */
-//#define MBEDTLS_PLATFORM_EXIT_ALT
-//#define MBEDTLS_PLATFORM_TIME_ALT
-//#define MBEDTLS_PLATFORM_FPRINTF_ALT
-//#define MBEDTLS_PLATFORM_PRINTF_ALT
-//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
-//#define MBEDTLS_PLATFORM_NV_SEED_ALT
-//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
-
-/**
- * \def MBEDTLS_DEPRECATED_WARNING
- *
- * Mark deprecated functions so that they generate a warning if used.
- * Functions deprecated in one version will usually be removed in the next
- * version. You can enable this to help you prepare the transition to a new
- * major version by making sure your code is not using these functions.
- *
- * This only works with GCC and Clang. With other compilers, you may want to
- * use MBEDTLS_DEPRECATED_REMOVED
- *
- * Uncomment to get warnings on using deprecated functions.
- */
-//#define MBEDTLS_DEPRECATED_WARNING
-
-/**
- * \def MBEDTLS_DEPRECATED_REMOVED
- *
- * Remove deprecated functions so that they generate an error if used.
- * Functions deprecated in one version will usually be removed in the next
- * version. You can enable this to help you prepare the transition to a new
- * major version by making sure your code is not using these functions.
- *
- * Uncomment to get errors on using deprecated functions.
- */
-//#define MBEDTLS_DEPRECATED_REMOVED
+/** Override calloc(), free() except for case where memory allocation scheme is not set to custom */
+#ifndef CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC
+#include "esp_mem.h"
+#define MBEDTLS_PLATFORM_STD_CALLOC		esp_mbedtls_mem_calloc
+#define MBEDTLS_PLATFORM_STD_FREE		esp_mbedtls_mem_free
+#endif
 
 /* \} name SECTION: System support */
 
@@ -231,198 +109,39 @@
  * \{
  */
 
-/**
- * \def MBEDTLS_TIMING_ALT
- *
- * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
- * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
- *
- * Only works if you have MBEDTLS_TIMING_C enabled.
- *
- * You will need to provide a header "timing_alt.h" and an implementation at
- * compile time.
- */
-//#define MBEDTLS_TIMING_ALT
+/* The following units have ESP32 hardware support,
+   uncommenting each _ALT macro will use the
+   hardware-accelerated implementation. */
+#ifdef CONFIG_MBEDTLS_HARDWARE_AES
+#define MBEDTLS_AES_ALT
+#else
+#undef MBEDTLS_AES_ALT
+#endif
 
-/**
- * \def MBEDTLS_AES_ALT
- *
- * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
- * alternate core implementation of a symmetric crypto, an arithmetic or hash
- * module (e.g. platform specific assembly optimized implementations). Keep
- * in mind that the function prototypes should remain the same.
- *
- * This replaces the whole module. If you only want to replace one of the
- * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
- *
- * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
- * provide the "struct mbedtls_aes_context" definition and omit the base
- * function declarations and implementations. "aes_alt.h" will be included from
- * "aes.h" to include the new function definitions.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * module.
- *
- * \warning   MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their
- *            use constitutes a security risk. If possible, we recommend
- *            avoiding dependencies on them, and considering stronger message
- *            digests and ciphers instead.
- *
- */
-//#define MBEDTLS_AES_ALT
-//#define MBEDTLS_ARC4_ALT
-//#define MBEDTLS_BLOWFISH_ALT
-//#define MBEDTLS_CAMELLIA_ALT
-//#define MBEDTLS_CCM_ALT
-//#define MBEDTLS_CMAC_ALT
-//#define MBEDTLS_DES_ALT
-//#define MBEDTLS_DHM_ALT
-//#define MBEDTLS_ECJPAKE_ALT
-//#define MBEDTLS_GCM_ALT
-//#define MBEDTLS_MD2_ALT
-//#define MBEDTLS_MD4_ALT
-//#define MBEDTLS_MD5_ALT
-//#define MBEDTLS_RIPEMD160_ALT
-//#define MBEDTLS_RSA_ALT
-//#define MBEDTLS_SHA1_ALT
-//#define MBEDTLS_SHA256_ALT
-//#define MBEDTLS_SHA512_ALT
-//#define MBEDTLS_XTEA_ALT
-/*
- * When replacing the elliptic curve module, pleace consider, that it is
- * implemented with two .c files:
- *      - ecp.c
- *      - ecp_curves.c
- * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
- * macros as described above. The only difference is that you have to make sure
- * that you provide functionality for both .c files.
- */
-//#define MBEDTLS_ECP_ALT
+/* MBEDTLS_SHAxx_ALT to enable hardware SHA support
+   with software fallback.
+*/
+#ifdef CONFIG_MBEDTLS_HARDWARE_SHA
+#define MBEDTLS_SHA1_ALT
+#define MBEDTLS_SHA256_ALT
+#define MBEDTLS_SHA512_ALT
+#else
+#undef MBEDTLS_SHA1_ALT
+#undef MBEDTLS_SHA256_ALT
+#undef MBEDTLS_SHA512_ALT
+#endif
 
-/**
- * \def MBEDTLS_MD2_PROCESS_ALT
- *
- * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
- * alternate core implementation of symmetric crypto or hash function. Keep in
- * mind that function prototypes should remain the same.
- *
- * This replaces only one function. The header file from mbed TLS is still
- * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
- *
- * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
- * no longer provide the mbedtls_sha1_process() function, but it will still provide
- * the other function (using your mbedtls_sha1_process() function) and the definition
- * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
- * with this definition.
- *
- * \note Because of a signature change, the core AES encryption and decryption routines are
- *       currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
- *       respectively. When setting up alternative implementations, these functions should
- *       be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
- *       must stay untouched.
- *
- * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
- *       MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
- *       tables.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * function.
- *
- * \warning   MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
- *            constitutes a security risk. If possible, we recommend avoiding
- *            dependencies on them, and considering stronger message digests
- *            and ciphers instead.
- *
- */
-//#define MBEDTLS_MD2_PROCESS_ALT
-//#define MBEDTLS_MD4_PROCESS_ALT
-//#define MBEDTLS_MD5_PROCESS_ALT
-//#define MBEDTLS_RIPEMD160_PROCESS_ALT
-//#define MBEDTLS_SHA1_PROCESS_ALT
-//#define MBEDTLS_SHA256_PROCESS_ALT
-//#define MBEDTLS_SHA512_PROCESS_ALT
-//#define MBEDTLS_DES_SETKEY_ALT
-//#define MBEDTLS_DES_CRYPT_ECB_ALT
-//#define MBEDTLS_DES3_CRYPT_ECB_ALT
-//#define MBEDTLS_AES_SETKEY_ENC_ALT
-//#define MBEDTLS_AES_SETKEY_DEC_ALT
-//#define MBEDTLS_AES_ENCRYPT_ALT
-//#define MBEDTLS_AES_DECRYPT_ALT
-//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
-//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
-//#define MBEDTLS_ECDSA_VERIFY_ALT
-//#define MBEDTLS_ECDSA_SIGN_ALT
-//#define MBEDTLS_ECDSA_GENKEY_ALT
-
-/**
- * \def MBEDTLS_ECP_INTERNAL_ALT
- *
- * Expose a part of the internal interface of the Elliptic Curve Point module.
- *
- * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
- * alternative core implementation of elliptic curve arithmetic. Keep in mind
- * that function prototypes should remain the same.
- *
- * This partially replaces one function. The header file from mbed TLS is still
- * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
- * is still present and it is used for group structures not supported by the
- * alternative.
- *
- * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
- * and implementing the following functions:
- *      unsigned char mbedtls_internal_ecp_grp_capable(
- *          const mbedtls_ecp_group *grp )
- *      int  mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
- *      void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp )
- * The mbedtls_internal_ecp_grp_capable function should return 1 if the
- * replacement functions implement arithmetic for the given group and 0
- * otherwise.
- * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are
- * called before and after each point operation and provide an opportunity to
- * implement optimized set up and tear down instructions.
- *
- * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and
- * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac
- * function, but will use your mbedtls_internal_ecp_double_jac if the group is
- * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when
- * receives it as an argument). If the group is not supported then the original
- * implementation is used. The other functions and the definition of
- * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your
- * implementation of mbedtls_internal_ecp_double_jac and
- * mbedtls_internal_ecp_grp_capable must be compatible with this definition.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * function.
- */
-/* Required for all the functions in this section */
-//#define MBEDTLS_ECP_INTERNAL_ALT
-/* Support for Weierstrass curves with Jacobi representation */
-//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
-//#define MBEDTLS_ECP_ADD_MIXED_ALT
-//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
-//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
-//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
-/* Support for curves with Montgomery arithmetic */
-//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
-//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
-//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
-
-/**
- * \def MBEDTLS_TEST_NULL_ENTROPY
- *
- * Enables testing and use of mbed TLS without any configured entropy sources.
- * This permits use of the library on platforms before an entropy source has
- * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
- * MBEDTLS_ENTROPY_NV_SEED switches).
- *
- * WARNING! This switch MUST be disabled in production builds, and is suitable
- * only for development.
- * Enabling the switch negates any security provided by the library.
- *
- * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- */
-//#define MBEDTLS_TEST_NULL_ENTROPY
+/* The following MPI (bignum) functions have ESP32 hardware support,
+   Uncommenting these macros will use the hardware-accelerated
+   implementations.
+*/
+#ifdef CONFIG_MBEDTLS_HARDWARE_MPI
+#define MBEDTLS_MPI_EXP_MOD_ALT
+#define MBEDTLS_MPI_MUL_MPI_ALT
+#else
+#undef MBEDTLS_MPI_EXP_MOD_ALT
+#undef MBEDTLS_MPI_MUL_MPI_ALT
+#endif
 
 /**
  * \def MBEDTLS_ENTROPY_HARDWARE_ALT
@@ -435,7 +154,7 @@
  *
  * Uncomment to use your own hardware entropy collector.
  */
-//#define MBEDTLS_ENTROPY_HARDWARE_ALT
+#define MBEDTLS_ENTROPY_HARDWARE_ALT
 
 /**
  * \def MBEDTLS_AES_ROM_TABLES
@@ -444,16 +163,7 @@
  *
  * Uncomment this macro to store the AES tables in ROM.
  */
-//#define MBEDTLS_AES_ROM_TABLES
-
-/**
- * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
- *
- * Use less ROM for the Camellia implementation (saves about 768 bytes).
- *
- * Uncomment this macro to use less memory for Camellia.
- */
-//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
+#define MBEDTLS_AES_ROM_TABLES
 
 /**
  * \def MBEDTLS_CIPHER_MODE_CBC
@@ -477,37 +187,18 @@
 #define MBEDTLS_CIPHER_MODE_CTR
 
 /**
- * \def MBEDTLS_CIPHER_NULL_CIPHER
+ * \def MBEDTLS_CIPHER_MODE_OFB
  *
- * Enable NULL cipher.
- * Warning: Only do so when you know what you are doing. This allows for
- * encryption or channels without any security!
- *
- * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
- * the following ciphersuites:
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
- *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
- *      MBEDTLS_TLS_RSA_WITH_NULL_SHA256
- *      MBEDTLS_TLS_RSA_WITH_NULL_SHA
- *      MBEDTLS_TLS_RSA_WITH_NULL_MD5
- *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
- *      MBEDTLS_TLS_PSK_WITH_NULL_SHA384
- *      MBEDTLS_TLS_PSK_WITH_NULL_SHA256
- *      MBEDTLS_TLS_PSK_WITH_NULL_SHA
- *
- * Uncomment this macro to enable the NULL cipher and ciphersuites
+ * Enable Output Feedback mode (OFB) for symmetric ciphers.
  */
-//#define MBEDTLS_CIPHER_NULL_CIPHER
+#define MBEDTLS_CIPHER_MODE_OFB
+
+/**
+ * \def MBEDTLS_CIPHER_MODE_XTS
+ *
+ * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
+ */
+#define MBEDTLS_CIPHER_MODE_XTS
 
 /**
  * \def MBEDTLS_CIPHER_PADDING_PKCS7
@@ -526,27 +217,24 @@
 #define MBEDTLS_CIPHER_PADDING_ZEROS
 
 /**
- * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
+ * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES & MBEDTLS_ARC4_C
+ * 
+ * MBEDTLS_ARC4_C
+ * Enable the ARCFOUR stream cipher.
  *
- * Enable weak ciphersuites in SSL / TLS.
- * Warning: Only do so when you know what you are doing. This allows for
- * channels with virtually no security at all!
+ * This module enables/disables the following ciphersuites
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
  *
- * This enables the following ciphersuites:
- *      MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
- *      MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
- *
- * Uncomment this macro to enable weak ciphersuites
- *
- * \warning   DES is considered a weak cipher and its use constitutes a
- *            security risk. We recommend considering stronger ciphers instead.
- */
-//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
-
-/**
- * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
- *
- * Remove RC4 ciphersuites by default in SSL / TLS.
+ * MBEDTLS_REMOVE_ARC4_CIPHERSUITES
  * This flag removes the ciphersuites based on RC4 from the default list as
  * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
  * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
@@ -554,7 +242,16 @@
  *
  * Uncomment this macro to remove RC4 ciphersuites by default.
  */
+#ifdef CONFIG_MBEDTLS_RC4_ENABLED
+#define MBEDTLS_ARC4_C
+#undef MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+#elif defined CONFIG_MBEDTLS_RC4_ENABLED_NO_DEFAULT
+#define MBEDTLS_ARC4_C
 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+#else
+#undef MBEDTLS_ARC4_C
+#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
+#endif
 
 /**
  * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
@@ -564,18 +261,70 @@
  *
  * Comment macros to disable the curve and functions for it
  */
+#ifdef CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED
 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#else
+#undef MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#endif
+#ifdef CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED
 #define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#else
+#undef MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#endif
+#ifdef CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED
 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#else
+#undef MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#endif
+#ifdef CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED
 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#else
+#undef MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#endif
+#ifdef CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED
 #define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#else
+#undef MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#endif
+#ifdef CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED
 #define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#else
+#undef MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#endif
+#ifdef CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED
 #define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#else
+#undef MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#endif
+#ifdef CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED
 #define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#else
+#undef MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#endif
+#ifdef CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED
 #define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#else
+#undef MBEDTLS_ECP_DP_BP256R1_ENABLED
+#endif
+#ifdef CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED
 #define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#else
+#undef MBEDTLS_ECP_DP_BP384R1_ENABLED
+#endif
+#ifdef CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED
 #define MBEDTLS_ECP_DP_BP512R1_ENABLED
+#else
+#undef MBEDTLS_ECP_DP_BP512R1_ENABLED
+#endif
+#ifdef CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED
 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#else
+#undef MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#endif
+
+#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
+#undef MBEDTLS_ECP_DP_CURVE448_ENABLED
+#endif
 
 /**
  * \def MBEDTLS_ECP_NIST_OPTIM
@@ -586,7 +335,11 @@
  *
  * Comment this macro to disable NIST curves optimisation.
  */
+#ifdef CONFIG_MBEDTLS_ECP_NIST_OPTIM
 #define MBEDTLS_ECP_NIST_OPTIM
+#else
+#undef MBEDTLS_ECP_NIST_OPTIM
+#endif
 
 /**
  * \def MBEDTLS_ECDSA_DETERMINISTIC
@@ -622,7 +375,11 @@
  *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
  */
+#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_PSK
 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#else
+#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#endif
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
@@ -645,15 +402,12 @@
  *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
  *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
- *
- * \warning    Using DHE constitutes a security risk as it
- *             is not possible to validate custom DH parameters.
- *             If possible, it is recommended users should consider
- *             preferring other methods of key exchange.
- *             See dhm.h for more details.
- *
  */
+#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK
 #define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#else
+#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+#endif
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@@ -673,7 +427,11 @@
  *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
  */
+#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#else
+#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#endif
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
@@ -698,7 +456,11 @@
  *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
  */
+#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK
 #define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+#else
+#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+#endif
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
@@ -726,7 +488,11 @@
  *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
  *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
  */
+#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_RSA
 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#else
+#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#endif
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
@@ -751,15 +517,12 @@
  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
  *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
  *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- *
- * \warning    Using DHE constitutes a security risk as it
- *             is not possible to validate custom DH parameters.
- *             If possible, it is recommended users should consider
- *             preferring other methods of key exchange.
- *             See dhm.h for more details.
- *
  */
+#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA
 #define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+#else
+#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+#endif
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@@ -784,7 +547,11 @@
  *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
  */
+#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#else
+#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#endif
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@@ -808,7 +575,11 @@
  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  */
+#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#else
+#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#endif
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
@@ -832,7 +603,11 @@
  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
  */
+#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
 #define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#else
+#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#endif
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
@@ -856,26 +631,11 @@
  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
  */
+#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA
 #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
- *
- * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
- *
- * \warning This is currently experimental. EC J-PAKE support is based on the
- * Thread v1.0.0 specification; incompatible changes to the specification
- * might still happen. For this reason, this is disabled by default.
- *
- * Requires: MBEDTLS_ECJPAKE_C
- *           MBEDTLS_SHA256_C
- *           MBEDTLS_ECP_DP_SECP256R1_ENABLED
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
- */
-//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+#else
+#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#endif
 
 /**
  * \def MBEDTLS_PK_PARSE_EC_EXTENDED
@@ -922,19 +682,6 @@
  */
 #define MBEDTLS_FS_IO
 
-/**
- * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- * Do not add default entropy sources. These are the platform specific,
- * mbedtls_timing_hardclock and HAVEGE based poll functions.
- *
- * This is useful to have more control over the added entropy sources in an
- * application.
- *
- * Uncomment this macro to prevent loading of default entropy functions.
- */
-//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-
 /**
  * \def MBEDTLS_NO_PLATFORM_ENTROPY
  *
@@ -944,76 +691,7 @@
  *
  * Uncomment this macro to disable the built-in platform entropy functions.
  */
-//#define MBEDTLS_NO_PLATFORM_ENTROPY
-
-/**
- * \def MBEDTLS_ENTROPY_FORCE_SHA256
- *
- * Force the entropy accumulator to use a SHA-256 accumulator instead of the
- * default SHA-512 based one (if both are available).
- *
- * Requires: MBEDTLS_SHA256_C
- *
- * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
- * if you have performance concerns.
- *
- * This option is only useful if both MBEDTLS_SHA256_C and
- * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
- */
-//#define MBEDTLS_ENTROPY_FORCE_SHA256
-
-/**
- * \def MBEDTLS_ENTROPY_NV_SEED
- *
- * Enable the non-volatile (NV) seed file-based entropy source.
- * (Also enables the NV seed read/write functions in the platform layer)
- *
- * This is crucial (if not required) on systems that do not have a
- * cryptographic entropy source (in hardware or kernel) available.
- *
- * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
- *
- * \note The read/write functions that are used by the entropy source are
- *       determined in the platform layer, and can be modified at runtime and/or
- *       compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
- *
- * \note If you use the default implementation functions that read a seedfile
- *       with regular fopen(), please make sure you make a seedfile with the
- *       proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
- *       least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
- *       and written to or you will get an entropy source error! The default
- *       implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
- *       bytes from the file.
- *
- * \note The entropy collector will write to the seed file before entropy is
- *       given to an external source, to update it.
- */
-//#define MBEDTLS_ENTROPY_NV_SEED
-
-/**
- * \def MBEDTLS_MEMORY_DEBUG
- *
- * Enable debugging of buffer allocator memory issues. Automatically prints
- * (to stderr) all (fatal) messages on memory allocation issues. Enables
- * function for 'debug output' of allocated memory.
- *
- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Uncomment this macro to let the buffer allocator print out error messages.
- */
-//#define MBEDTLS_MEMORY_DEBUG
-
-/**
- * \def MBEDTLS_MEMORY_BACKTRACE
- *
- * Include backtrace information with each allocated block.
- *
- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *           GLIBC-compatible backtrace() an backtrace_symbols() support
- *
- * Uncomment this macro to include backtrace information
- */
-//#define MBEDTLS_MEMORY_BACKTRACE
+#define MBEDTLS_NO_PLATFORM_ENTROPY
 
 /**
  * \def MBEDTLS_PK_RSA_ALT_SUPPORT
@@ -1046,17 +724,6 @@
  */
 #define MBEDTLS_PKCS1_V21
 
-/**
- * \def MBEDTLS_RSA_NO_CRT
- *
- * Do not use the Chinese Remainder Theorem
- * for the RSA private operation.
- *
- * Uncomment this macro to disable the use of CRT in RSA.
- *
- */
-//#define MBEDTLS_RSA_NO_CRT
-
 /**
  * \def MBEDTLS_SELF_TEST
  *
@@ -1064,22 +731,6 @@
  */
 #define MBEDTLS_SELF_TEST
 
-/**
- * \def MBEDTLS_SHA256_SMALLER
- *
- * Enable an implementation of SHA-256 that has lower ROM footprint but also
- * lower performance.
- *
- * The default implementation is meant to be a reasonnable compromise between
- * performance and size. This version optimizes more aggressively for size at
- * the expense of performance. Eg on Cortex-M4 it reduces the size of
- * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
- * 30%.
- *
- * Uncomment to enable the smaller implementation of SHA256.
- */
-//#define MBEDTLS_SHA256_SMALLER
-
 /**
  * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
  *
@@ -1094,22 +745,6 @@
  */
 #define MBEDTLS_SSL_ALL_ALERT_MESSAGES
 
-/**
- * \def MBEDTLS_SSL_DEBUG_ALL
- *
- * Enable the debug messages in SSL module for all issues.
- * Debug messages have been disabled in some places to prevent timing
- * attacks due to (unbalanced) debugging function calls.
- *
- * If you need all error reporting you should enable this during debugging,
- * but remove this for production servers that should log as well.
- *
- * Uncomment this macro to report all debug messages on errors introducing
- * a timing side-channel.
- *
- */
-//#define MBEDTLS_SSL_DEBUG_ALL
-
 /** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
  *
  * Enable support for Encrypt-then-MAC, RFC 7366.
@@ -1126,7 +761,11 @@
  *
  * Comment this macro to disable support for Encrypt-then-MAC
  */
+#ifdef CONFIG_MBEDTLS_TLS_ENABLED
 #define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+#else
+#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
+#endif
 
 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
  *
@@ -1144,7 +783,11 @@
  *
  * Comment this macro to disable support for Extended Master Secret.
  */
+#ifdef CONFIG_MBEDTLS_TLS_ENABLED
 #define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#else
+#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+#endif
 
 /**
  * \def MBEDTLS_SSL_FALLBACK_SCSV
@@ -1164,14 +807,36 @@
 #define MBEDTLS_SSL_FALLBACK_SCSV
 
 /**
- * \def MBEDTLS_SSL_HW_RECORD_ACCEL
+ * \def MBEDTLS_SSL_PROTO_TLS1
  *
- * Enable hooking functions in SSL module for hardware acceleration of
- * individual records.
+ * Enable support for TLS 1.0.
  *
- * Uncomment this macro to enable hooking functions.
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for TLS 1.0
  */
-//#define MBEDTLS_SSL_HW_RECORD_ACCEL
+#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1
+#define MBEDTLS_SSL_PROTO_TLS1
+#else
+#undef MBEDTLS_SSL_PROTO_TLS1
+#endif
+
+/**
+ * \def MBEDTLS_SSL_PROTO_SSL3
+ *
+ * Enable support for SSL 3.0.
+ *
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
+ *
+ * Comment this macro to disable support for SSL 3.0
+ */
+#ifdef CONFIG_MBEDTLS_SSL_PROTO_SSL3
+#define MBEDTLS_SSL_PROTO_SSL3
+#else
+#undef MBEDTLS_SSL_PROTO_SSL3
+#endif
 
 /**
  * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
@@ -1183,7 +848,11 @@
  *
  * Comment this macro to disable 1/n-1 record splitting.
  */
+#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING
+#else
+#undef MBEDTLS_SSL_CBC_RECORD_SPLITTING
+#endif
 
 /**
  * \def MBEDTLS_SSL_RENEGOTIATION
@@ -1197,35 +866,12 @@
  * misuse/misunderstand.
  *
  * Comment this to disable support for renegotiation.
- *
- * \note   Even if this option is disabled, both client and server are aware
- *         of the Renegotiation Indication Extension (RFC 5746) used to
- *         prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
- *         (See \c mbedtls_ssl_conf_legacy_renegotiation for the
- *          configuration of this extension).
- *
  */
+#ifdef CONFIG_MBEDTLS_SSL_RENEGOTIATION
 #define MBEDTLS_SSL_RENEGOTIATION
-
-/**
- * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
- *
- * Enable support for receiving and parsing SSLv2 Client Hello messages for the
- * SSL Server module (MBEDTLS_SSL_SRV_C).
- *
- * Uncomment this macro to enable support for SSLv2 Client Hello messages.
- */
-//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
-
-/**
- * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
- *
- * Pick the ciphersuite according to the client's preferences rather than ours
- * in the SSL Server module (MBEDTLS_SSL_SRV_C).
- *
- * Uncomment this macro to respect client's ciphersuite order
- */
-//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+#else
+#undef MBEDTLS_SSL_RENEGOTIATION
+#endif
 
 /**
  * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
@@ -1236,30 +882,6 @@
  */
 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 
-/**
- * \def MBEDTLS_SSL_PROTO_SSL3
- *
- * Enable support for SSL 3.0.
- *
- * Requires: MBEDTLS_MD5_C
- *           MBEDTLS_SHA1_C
- *
- * Comment this macro to disable support for SSL 3.0
- */
-//#define MBEDTLS_SSL_PROTO_SSL3
-
-/**
- * \def MBEDTLS_SSL_PROTO_TLS1
- *
- * Enable support for TLS 1.0.
- *
- * Requires: MBEDTLS_MD5_C
- *           MBEDTLS_SHA1_C
- *
- * Comment this macro to disable support for TLS 1.0
- */
-#define MBEDTLS_SSL_PROTO_TLS1
-
 /**
  * \def MBEDTLS_SSL_PROTO_TLS1_1
  *
@@ -1270,7 +892,9 @@
  *
  * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
  */
+#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_1
 #define MBEDTLS_SSL_PROTO_TLS1_1
+#endif
 
 /**
  * \def MBEDTLS_SSL_PROTO_TLS1_2
@@ -1282,7 +906,11 @@
  *
  * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
  */
+#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_2
 #define MBEDTLS_SSL_PROTO_TLS1_2
+#else
+#undef MBEDTLS_SSL_PROTO_TLS1_2
+#endif
 
 /**
  * \def MBEDTLS_SSL_PROTO_DTLS
@@ -1297,7 +925,11 @@
  *
  * Comment this macro to disable support for DTLS
  */
+#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
 #define MBEDTLS_SSL_PROTO_DTLS
+#else
+#undef MBEDTLS_SSL_PROTO_DTLS
+#endif
 
 /**
  * \def MBEDTLS_SSL_ALPN
@@ -1306,7 +938,11 @@
  *
  * Comment this macro to disable support for ALPN.
  */
+#ifdef CONFIG_MBEDTLS_SSL_ALPN
 #define MBEDTLS_SSL_ALPN
+#else
+#undef MBEDTLS_SSL_ALPN
+#endif
 
 /**
  * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
@@ -1321,7 +957,11 @@
  *
  * Comment this to disable anti-replay in DTLS.
  */
+#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#else
+#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#endif
 
 /**
  * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
@@ -1339,7 +979,11 @@
  *
  * Comment this to disable support for HelloVerifyRequest.
  */
+#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#else
+#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#endif
 
 /**
  * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
@@ -1355,7 +999,11 @@
  *
  * Comment this to disable support for clients reusing the source port.
  */
+#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
 #define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+#else
+#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+#endif
 
 /**
  * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
@@ -1366,7 +1014,11 @@
  *
  * Requires: MBEDTLS_SSL_PROTO_DTLS
  */
+#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
 #define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+#else
+#undef MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+#endif
 
 /**
  * \def MBEDTLS_SSL_SESSION_TICKETS
@@ -1380,7 +1032,11 @@
  *
  * Comment this macro to disable support for SSL session tickets
  */
+#ifdef CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS
 #define MBEDTLS_SSL_SESSION_TICKETS
+#else
+#undef MBEDTLS_SSL_SESSION_TICKETS
+#endif
 
 /**
  * \def MBEDTLS_SSL_EXPORT_KEYS
@@ -1412,52 +1068,6 @@
  */
 #define MBEDTLS_SSL_TRUNCATED_HMAC
 
-/**
- * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
- *
- * Fallback to old (pre-2.7), non-conforming implementation of the truncated
- * HMAC extension which also truncates the HMAC key. Note that this option is
- * only meant for a transitory upgrade period and is likely to be removed in
- * a future version of the library.
- *
- * \warning The old implementation is non-compliant and has a security weakness
- *          (2^80 brute force attack on the HMAC key used for a single,
- *          uninterrupted connection). This should only be enabled temporarily
- *          when (1) the use of truncated HMAC is essential in order to save
- *          bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
- *          the fixed implementation yet (pre-2.7).
- *
- * \deprecated This option is deprecated and will likely be removed in a
- *             future version of Mbed TLS.
- *
- * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
- *
- * Requires: MBEDTLS_SSL_TRUNCATED_HMAC
- */
-//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
-
-/**
- * \def MBEDTLS_THREADING_ALT
- *
- * Provide your own alternate threading implementation.
- *
- * Requires: MBEDTLS_THREADING_C
- *
- * Uncomment this to allow your own alternate threading implementation.
- */
-//#define MBEDTLS_THREADING_ALT
-
-/**
- * \def MBEDTLS_THREADING_PTHREAD
- *
- * Enable the pthread wrapper layer for the threading layer.
- *
- * Requires: MBEDTLS_THREADING_C
- *
- * Uncomment this to enable pthread mutexes.
- */
-//#define MBEDTLS_THREADING_PTHREAD
-
 /**
  * \def MBEDTLS_VERSION_FEATURES
  *
@@ -1471,28 +1081,6 @@
  */
 #define MBEDTLS_VERSION_FEATURES
 
-/**
- * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
- *
- * If set, the X509 parser will not break-off when parsing an X509 certificate
- * and encountering an extension in a v1 or v2 certificate.
- *
- * Uncomment to prevent an error.
- */
-//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
-
-/**
- * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
- *
- * If set, the X509 parser will not break-off when parsing an X509 certificate
- * and encountering an unknown critical extension.
- *
- * \warning Depending on your PKI use, enabling this can be a security risk!
- *
- * Uncomment to prevent an error.
- */
-//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-
 /**
  * \def MBEDTLS_X509_CHECK_KEY_USAGE
  *
@@ -1530,30 +1118,7 @@
  */
 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT
 
-/**
- * \def MBEDTLS_ZLIB_SUPPORT
- *
- * If set, the SSL/TLS module uses ZLIB to support compression and
- * decompression of packet data.
- *
- * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
- * CRIME attack. Before enabling this option, you should examine with care if
- * CRIME or similar exploits may be a applicable to your use case.
- *
- * \note Currently compression can't be used with DTLS.
- *
- * \deprecated This feature is deprecated and will be removed
- *             in the next major revision of the library.
- *
- * Used in: library/ssl_tls.c
- *          library/ssl_cli.c
- *          library/ssl_srv.c
- *
- * This feature requires zlib library and headers to be present.
- *
- * Uncomment to enable use of ZLIB
- */
-//#define MBEDTLS_ZLIB_SUPPORT
+
 /* \} name SECTION: mbed TLS feature support */
 
 /**
@@ -1650,35 +1215,11 @@
  *
  * PEM_PARSE uses AES for decrypting encrypted keys.
  */
+#ifdef CONFIG_MBEDTLS_AES_C
 #define MBEDTLS_AES_C
-
-/**
- * \def MBEDTLS_ARC4_C
- *
- * Enable the ARCFOUR stream cipher.
- *
- * Module:  library/arc4.c
- * Caller:  library/ssl_tls.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
- *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
- *
- * \warning   ARC4 is considered a weak cipher and its use constitutes a
- *            security risk. If possible, we recommend avoidng dependencies on
- *            it, and considering stronger ciphers instead.
- *
- */
-#define MBEDTLS_ARC4_C
+#else
+#undef MBEDTLS_AES_C
+#endif
 
 /**
  * \def MBEDTLS_ASN1_PARSE_C
@@ -1704,7 +1245,7 @@
  *          library/pkwrite.c
  *          library/x509_create.c
  *          library/x509write_crt.c
- *          library/x509write_csr.c
+ *          library/mbedtls_x509write_csr.c
  */
 #define MBEDTLS_ASN1_WRITE_C
 
@@ -1730,7 +1271,6 @@
  *          library/ecp.c
  *          library/ecdsa.c
  *          library/rsa.c
- *          library/rsa_internal.c
  *          library/ssl_tls.c
  *
  * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
@@ -1744,7 +1284,11 @@
  *
  * Module:  library/blowfish.c
  */
+#ifdef CONFIG_MBEDTLS_BLOWFISH_C
 #define MBEDTLS_BLOWFISH_C
+#else
+#undef MBEDTLS_BLOWFISH_C
+#endif
 
 /**
  * \def MBEDTLS_CAMELLIA_C
@@ -1799,7 +1343,11 @@
  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
  */
+#ifdef CONFIG_MBEDTLS_CAMELLIA_C
 #define MBEDTLS_CAMELLIA_C
+#else
+#undef MBEDTLS_CAMELLIA_C
+#endif
 
 /**
  * \def MBEDTLS_CCM_C
@@ -1813,7 +1361,11 @@
  * This module enables the AES-CCM ciphersuites, if other requisites are
  * enabled as well.
  */
+#ifdef CONFIG_MBEDTLS_CCM_C
 #define MBEDTLS_CCM_C
+#else
+#undef MBEDTLS_CCM_C
+#endif
 
 /**
  * \def MBEDTLS_CERTS_C
@@ -1827,6 +1379,30 @@
  */
 #define MBEDTLS_CERTS_C
 
+/**
+ * \def MBEDTLS_CHACHA20_C
+ *
+ * Disable the ChaCha20 stream cipher.
+ *
+ * Module:  library/chacha20.c
+ */
+#ifdef MBEDTLS_CHACHA20_C
+#undef MBEDTLS_CHACHA20_C
+#endif
+
+/**
+ * \def MBEDTLS_CHACHAPOLY_C
+ *
+ * Disable the ChaCha20-Poly1305 AEAD algorithm.
+ *
+ * Module:  library/chachapoly.c
+ *
+ * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
+ */
+#ifdef MBEDTLS_CHACHAPOLY_C
+#undef MBEDTLS_CHACHAPOLY_C
+#endif
+
 /**
  * \def MBEDTLS_CIPHER_C
  *
@@ -1839,19 +1415,6 @@
  */
 #define MBEDTLS_CIPHER_C
 
-/**
- * \def MBEDTLS_CMAC_C
- *
- * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
- * ciphers.
- *
- * Module:  library/cmac.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
- *
- */
-//#define MBEDTLS_CMAC_C
-
 /**
  * \def MBEDTLS_CTR_DRBG_C
  *
@@ -1878,7 +1441,11 @@
  *
  * This module provides debugging functions.
  */
+#if CONFIG_MBEDTLS_DEBUG
 #define MBEDTLS_DEBUG_C
+#else
+#undef MBEDTLS_DEBUG_C
+#endif
 
 /**
  * \def MBEDTLS_DES_C
@@ -1903,11 +1470,12 @@
  *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
  *
  * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
- *
- * \warning   DES is considered a weak cipher and its use constitutes a
- *            security risk. We recommend considering stronger ciphers instead.
  */
+#ifdef CONFIG_MBEDTLS_DES_C
 #define MBEDTLS_DES_C
+#else
+#undef MBEDTLS_DES_C
+#endif
 
 /**
  * \def MBEDTLS_DHM_C
@@ -1920,13 +1488,6 @@
  *
  * This module is used by the following key exchanges:
  *      DHE-RSA, DHE-PSK
- *
- * \warning    Using DHE constitutes a security risk as it
- *             is not possible to validate custom DH parameters.
- *             If possible, it is recommended users should consider
- *             preferring other methods of key exchange.
- *             See dhm.h for more details.
- *
  */
 #define MBEDTLS_DHM_C
 
@@ -1944,7 +1505,11 @@
  *
  * Requires: MBEDTLS_ECP_C
  */
+#ifdef CONFIG_MBEDTLS_ECDH_C
 #define MBEDTLS_ECDH_C
+#else
+#undef MBEDTLS_ECDH_C
+#endif
 
 /**
  * \def MBEDTLS_ECDSA_C
@@ -1959,7 +1524,11 @@
  *
  * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
  */
+#ifdef CONFIG_MBEDTLS_ECDSA_C
 #define MBEDTLS_ECDSA_C
+#else
+#undef MBEDTLS_ECDSA_C
+#endif
 
 /**
  * \def MBEDTLS_ECJPAKE_C
@@ -1992,7 +1561,11 @@
  *
  * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
  */
+#ifdef CONFIG_MBEDTLS_ECP_C
 #define MBEDTLS_ECP_C
+#else
+#undef MBEDTLS_ECP_C
+#endif
 
 /**
  * \def MBEDTLS_ENTROPY_C
@@ -2032,30 +1605,28 @@
  * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
  * requisites are enabled as well.
  */
+#ifdef CONFIG_MBEDTLS_GCM_C
 #define MBEDTLS_GCM_C
+#else
+#undef MBEDTLS_GCM_C
+#endif
 
 /**
- * \def MBEDTLS_HAVEGE_C
+ * \def MBEDTLS_HKDF_C
  *
- * Enable the HAVEGE random generator.
+ * Disable the HKDF algorithm (RFC 5869).
  *
- * Warning: the HAVEGE random generator is not suitable for virtualized
- *          environments
- *
- * Warning: the HAVEGE random generator is dependent on timing and specific
- *          processor traits. It is therefore not advised to use HAVEGE as
- *          your applications primary random generator or primary entropy pool
- *          input. As a secondary input to your entropy pool, it IS able add
- *          the (limited) extra entropy it provides.
- *
- * Module:  library/havege.c
+ * Module:  library/hkdf.c
  * Caller:
  *
- * Requires: MBEDTLS_TIMING_C
+ * Requires: MBEDTLS_MD_C
  *
- * Uncomment to enable the HAVEGE random generator.
+ * This module adds support for the Hashed Message Authentication Code
+ * (HMAC)-based key derivation function (HKDF).
  */
-//#define MBEDTLS_HAVEGE_C
+#ifdef MBEDTLS_HKDF_C
+#undef MBEDTLS_HKDF_C
+#endif
 
 /**
  * \def MBEDTLS_HMAC_DRBG_C
@@ -2076,103 +1647,40 @@
  *
  * Enable the generic message digest layer.
  *
- * Module:  library/md.c
+ * Module:  library/mbedtls_md.c
  * Caller:
  *
  * Uncomment to enable generic message digest wrappers.
  */
 #define MBEDTLS_MD_C
 
-/**
- * \def MBEDTLS_MD2_C
- *
- * Enable the MD2 hash algorithm.
- *
- * Module:  library/md2.c
- * Caller:
- *
- * Uncomment to enable support for (rare) MD2-signed X.509 certs.
- *
- * \warning   MD2 is considered a weak message digest and its use constitutes a
- *            security risk. If possible, we recommend avoiding dependencies on
- *            it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_MD2_C
-
-/**
- * \def MBEDTLS_MD4_C
- *
- * Enable the MD4 hash algorithm.
- *
- * Module:  library/md4.c
- * Caller:
- *
- * Uncomment to enable support for (rare) MD4-signed X.509 certs.
- *
- * \warning   MD4 is considered a weak message digest and its use constitutes a
- *            security risk. If possible, we recommend avoiding dependencies on
- *            it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_MD4_C
-
 /**
  * \def MBEDTLS_MD5_C
  *
  * Enable the MD5 hash algorithm.
  *
- * Module:  library/md5.c
- * Caller:  library/md.c
+ * Module:  library/mbedtls_md5.c
+ * Caller:  library/mbedtls_md.c
  *          library/pem.c
  *          library/ssl_tls.c
  *
- * This module is required for SSL/TLS up to version 1.1, and for TLS 1.2
- * depending on the handshake parameters. Further, it is used for checking
- * MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded
- * encrypted keys.
- *
- * \warning   MD5 is considered a weak message digest and its use constitutes a
- *            security risk. If possible, we recommend avoiding dependencies on
- *            it, and considering stronger message digests instead.
- *
+ * This module is required for SSL/TLS and X.509.
+ * PEM_PARSE uses MD5 for decrypting encrypted keys.
  */
 #define MBEDTLS_MD5_C
 
-/**
- * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Enable the buffer allocator implementation that makes use of a (stack)
- * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
- * calls)
- *
- * Module:  library/memory_buffer_alloc.c
- *
- * Requires: MBEDTLS_PLATFORM_C
- *           MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
- *
- * Enable this module to enable the buffer memory allocator.
- */
-//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
-
 /**
  * \def MBEDTLS_NET_C
  *
- * Enable the TCP and UDP over IPv6/IPv4 networking routines.
+ * Enable the TCP/IP networking routines.
  *
- * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
- * and Windows. For other platforms, you'll want to disable it, and write your
- * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
+ * Module:  library/net.c
  *
- * \note See also our Knowledge Base article about porting to a new
- * environment:
- * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
- *
- * Module:  library/net_sockets.c
- *
- * This module provides networking routines.
+ * This module provides TCP/IP networking routines.
  */
-#define MBEDTLS_NET_C
+#ifdef MBEDTLS_NET_C
+#undef MBEDTLS_NET_C
+#endif
 
 /**
  * \def MBEDTLS_OID_C
@@ -2187,11 +1695,11 @@
  *          library/rsa.c
  *          library/x509.c
  *          library/x509_create.c
- *          library/x509_crl.c
- *          library/x509_crt.c
- *          library/x509_csr.c
+ *          library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
  *          library/x509write_crt.c
- *          library/x509write_csr.c
+ *          library/mbedtls_x509write_csr.c
  *
  * This modules translates between OIDs and internal values.
  */
@@ -2219,15 +1727,19 @@
  * Module:  library/pem.c
  * Caller:  library/dhm.c
  *          library/pkparse.c
- *          library/x509_crl.c
- *          library/x509_crt.c
- *          library/x509_csr.c
+ *          library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
  *
  * Requires: MBEDTLS_BASE64_C
  *
  * This modules adds support for decoding / parsing PEM files.
  */
+#ifdef CONFIG_MBEDTLS_PEM_PARSE_C
 #define MBEDTLS_PEM_PARSE_C
+#else
+#undef MBEDTLS_PEM_PARSE_C
+#endif
 
 /**
  * \def MBEDTLS_PEM_WRITE_C
@@ -2237,13 +1749,17 @@
  * Module:  library/pem.c
  * Caller:  library/pkwrite.c
  *          library/x509write_crt.c
- *          library/x509write_csr.c
+ *          library/mbedtls_x509write_csr.c
  *
  * Requires: MBEDTLS_BASE64_C
  *
  * This modules adds support for encoding / writing PEM files.
  */
+#ifdef CONFIG_MBEDTLS_PEM_WRITE_C
 #define MBEDTLS_PEM_WRITE_C
+#else
+#undef MBEDTLS_PEM_WRITE_C
+#endif
 
 /**
  * \def MBEDTLS_PK_C
@@ -2267,8 +1783,8 @@
  * Enable the generic public (asymetric) key parser.
  *
  * Module:  library/pkparse.c
- * Caller:  library/x509_crt.c
- *          library/x509_csr.c
+ * Caller:  library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
  *
  * Requires: MBEDTLS_PK_C
  *
@@ -2303,21 +1819,6 @@
  */
 #define MBEDTLS_PKCS5_C
 
-/**
- * \def MBEDTLS_PKCS11_C
- *
- * Enable wrapper for PKCS#11 smartcard support.
- *
- * Module:  library/pkcs11.c
- * Caller:  library/pk.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * This module enables SSL/TLS PKCS #11 smartcard support.
- * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
- */
-//#define MBEDTLS_PKCS11_C
-
 /**
  * \def MBEDTLS_PKCS12_C
  *
@@ -2354,16 +1855,32 @@
  */
 #define MBEDTLS_PLATFORM_C
 
+/**
+ * \def MBEDTLS_POLY1305_C
+ *
+ * Disable the Poly1305 MAC algorithm.
+ *
+ * Module:  library/poly1305.c
+ * Caller:  library/chachapoly.c
+ */
+#ifdef MBEDTLS_POLY1305_C
+#undef MBEDTLS_POLY1305_C
+#endif
+
 /**
  * \def MBEDTLS_RIPEMD160_C
  *
  * Enable the RIPEMD-160 hash algorithm.
  *
- * Module:  library/ripemd160.c
- * Caller:  library/md.c
+ * Module:  library/mbedtls_ripemd160.c
+ * Caller:  library/mbedtls_md.c
  *
  */
+#ifdef CONFIG_MBEDTLS_RIPEMD160_C
 #define MBEDTLS_RIPEMD160_C
+#else
+#undef MBEDTLS_RIPEMD160_C
+#endif
 
 /**
  * \def MBEDTLS_RSA_C
@@ -2371,7 +1888,6 @@
  * Enable the RSA public-key cryptosystem.
  *
  * Module:  library/rsa.c
- *          library/rsa_internal.c
  * Caller:  library/ssl_cli.c
  *          library/ssl_srv.c
  *          library/ssl_tls.c
@@ -2389,20 +1905,14 @@
  *
  * Enable the SHA1 cryptographic hash algorithm.
  *
- * Module:  library/sha1.c
- * Caller:  library/md.c
+ * Module:  library/mbedtls_sha1.c
+ * Caller:  library/mbedtls_md.c
  *          library/ssl_cli.c
  *          library/ssl_srv.c
  *          library/ssl_tls.c
  *          library/x509write_crt.c
  *
- * This module is required for SSL/TLS up to version 1.1, for TLS 1.2
- * depending on the handshake parameters, and for SHA1-signed certificates.
- *
- * \warning   SHA-1 is considered a weak message digest and its use constitutes
- *            a security risk. If possible, we recommend avoiding dependencies
- *            on it, and considering stronger message digests instead.
- *
+ * This module is required for SSL/TLS and SHA1-signed certificates.
  */
 #define MBEDTLS_SHA1_C
 
@@ -2411,9 +1921,9 @@
  *
  * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
  *
- * Module:  library/sha256.c
+ * Module:  library/mbedtls_sha256.c
  * Caller:  library/entropy.c
- *          library/md.c
+ *          library/mbedtls_md.c
  *          library/ssl_cli.c
  *          library/ssl_srv.c
  *          library/ssl_tls.c
@@ -2428,9 +1938,9 @@
  *
  * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
  *
- * Module:  library/sha512.c
+ * Module:  library/mbedtls_sha512.c
  * Caller:  library/entropy.c
- *          library/md.c
+ *          library/mbedtls_md.c
  *          library/ssl_cli.c
  *          library/ssl_srv.c
  *
@@ -2470,7 +1980,11 @@
  *
  * Requires: MBEDTLS_CIPHER_C
  */
+#ifdef CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS
 #define MBEDTLS_SSL_TICKET_C
+#else
+#undef MBEDTLS_SSL_TICKET_C
+#endif
 
 /**
  * \def MBEDTLS_SSL_CLI_C
@@ -2484,7 +1998,11 @@
  *
  * This module is required for SSL/TLS client support.
  */
+#ifdef CONFIG_MBEDTLS_TLS_CLIENT
 #define MBEDTLS_SSL_CLI_C
+#else
+#undef MBEDTLS_SSL_CLI_C
+#endif
 
 /**
  * \def MBEDTLS_SSL_SRV_C
@@ -2498,7 +2016,11 @@
  *
  * This module is required for SSL/TLS server support.
  */
+#ifdef CONFIG_MBEDTLS_TLS_SERVER
 #define MBEDTLS_SSL_SRV_C
+#else
+#undef MBEDTLS_SSL_SRV_C
+#endif
 
 /**
  * \def MBEDTLS_SSL_TLS_C
@@ -2514,29 +2036,11 @@
  *
  * This module is required for SSL/TLS.
  */
+#ifdef CONFIG_MBEDTLS_TLS_ENABLED
 #define MBEDTLS_SSL_TLS_C
-
-/**
- * \def MBEDTLS_THREADING_C
- *
- * Enable the threading abstraction layer.
- * By default mbed TLS assumes it is used in a non-threaded environment or that
- * contexts are not shared between threads. If you do intend to use contexts
- * between threads, you will need to enable this layer to prevent race
- * conditions. See also our Knowledge Base article about threading:
- * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
- *
- * Module:  library/threading.c
- *
- * This allows different threading implementations (self-implemented or
- * provided).
- *
- * You will have to enable either MBEDTLS_THREADING_ALT or
- * MBEDTLS_THREADING_PTHREAD.
- *
- * Enable this layer to allow use of mutexes within mbed TLS
- */
-//#define MBEDTLS_THREADING_C
+#else
+#undef MBEDTLS_SSL_TLS_C
+#endif
 
 /**
  * \def MBEDTLS_TIMING_C
@@ -2559,7 +2063,9 @@
  *
  * This module is used by the HAVEGE random number generator.
  */
-#define MBEDTLS_TIMING_C
+#ifdef MBEDTLS_TIMING_C
+#undef MBEDTLS_TIMING_C
+#endif
 
 /**
  * \def MBEDTLS_VERSION_C
@@ -2578,9 +2084,9 @@
  * Enable X.509 core for using certificates.
  *
  * Module:  library/x509.c
- * Caller:  library/x509_crl.c
- *          library/x509_crt.c
- *          library/x509_csr.c
+ * Caller:  library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
  *
  * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
  *           MBEDTLS_PK_PARSE_C
@@ -2594,7 +2100,7 @@
  *
  * Enable X.509 certificate parsing.
  *
- * Module:  library/x509_crt.c
+ * Module:  library/mbedtls_x509_crt.c
  * Caller:  library/ssl_cli.c
  *          library/ssl_srv.c
  *          library/ssl_tls.c
@@ -2610,28 +2116,36 @@
  *
  * Enable X.509 CRL parsing.
  *
- * Module:  library/x509_crl.c
- * Caller:  library/x509_crt.c
+ * Module:  library/mbedtls_x509_crl.c
+ * Caller:  library/mbedtls_x509_crt.c
  *
  * Requires: MBEDTLS_X509_USE_C
  *
  * This module is required for X.509 CRL parsing.
  */
+#ifdef CONFIG_MBEDTLS_X509_CRL_PARSE_C
 #define MBEDTLS_X509_CRL_PARSE_C
+#else
+#undef MBEDTLS_X509_CRL_PARSE_C
+#endif
 
 /**
  * \def MBEDTLS_X509_CSR_PARSE_C
  *
  * Enable X.509 Certificate Signing Request (CSR) parsing.
  *
- * Module:  library/x509_csr.c
+ * Module:  library/mbedtls_x509_csr.c
  * Caller:  library/x509_crt_write.c
  *
  * Requires: MBEDTLS_X509_USE_C
  *
  * This module is used for reading X.509 certificate request.
  */
+#ifdef CONFIG_MBEDTLS_X509_CSR_PARSE_C
 #define MBEDTLS_X509_CSR_PARSE_C
+#else
+#undef MBEDTLS_X509_CSR_PARSE_C
+#endif
 
 /**
  * \def MBEDTLS_X509_CREATE_C
@@ -2680,7 +2194,11 @@
  * Module:  library/xtea.c
  * Caller:
  */
+#ifdef CONFIG_MBEDTLS_XTEA_C
 #define MBEDTLS_XTEA_C
+#else
+#undef MBEDTLS_XTEA_C
+#endif
 
 /* \} name SECTION: mbed TLS modules */
 
@@ -2699,92 +2217,23 @@
  * \{
  */
 
-/* MPI / BIGNUM options */
-//#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum windows size used. */
-//#define MBEDTLS_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */
-
-/* CTR_DRBG options */
-//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
-//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL        10000 /**< Interval before reseed is performed by default */
-//#define MBEDTLS_CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
-//#define MBEDTLS_CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
-//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT           384 /**< Maximum size of (re)seed buffer */
-
-/* HMAC_DRBG options */
-//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000 /**< Interval before reseed is performed by default */
-//#define MBEDTLS_HMAC_DRBG_MAX_INPUT           256 /**< Maximum number of additional input bytes */
-//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST        1024 /**< Maximum number of requested bytes per call */
-//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT      384 /**< Maximum size of (re)seed buffer */
-
-/* ECP options */
-//#define MBEDTLS_ECP_MAX_BITS             521 /**< Maximum bit size of groups */
-//#define MBEDTLS_ECP_WINDOW_SIZE            6 /**< Maximum window size used */
-//#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
-
-/* Entropy options */
-//#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
-//#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
-//#define MBEDTLS_ENTROPY_MIN_HARDWARE               32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
-
-/* Memory buffer allocator options */
-//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE      4 /**< Align on multiples of this value */
-
-/* Platform options */
-//#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
-//#define MBEDTLS_PLATFORM_STD_CALLOC        calloc /**< Default allocator to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_FREE            free /**< Default free to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT            exit /**< Default exit to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_TIME            time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
-/* Note: your snprintf must correclty zero-terminate the buffer! */
-//#define MBEDTLS_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS       0 /**< Default exit value to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE       1 /**< Default exit value to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE  "seedfile" /**< Seed file to read/write with default implementation */
-
-/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
-/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
-//#define MBEDTLS_PLATFORM_CALLOC_MACRO        calloc /**< Default allocator macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_FREE_MACRO            free /**< Default free macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_EXIT_MACRO            exit /**< Default exit macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_TIME_MACRO            time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO       time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
-/* Note: your snprintf must correclty zero-terminate the buffer! */
-//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-
-/* SSL Cache options */
-//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
-//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
-
 /* SSL options */
+#ifndef CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN
 
-/** \def MBEDTLS_SSL_MAX_CONTENT_LEN
- *
- * Maximum fragment length in bytes.
- *
- * Determines the size of both the incoming and outgoing TLS I/O buffers.
- *
- * Uncommenting MBEDTLS_SSL_IN_CONTENT_LEN and/or MBEDTLS_SSL_OUT_CONTENT_LEN
- * will override this length by setting maximum incoming and/or outgoing
- * fragment length, respectively.
- */
-//#define MBEDTLS_SSL_MAX_CONTENT_LEN             16384
- /** \def MBEDTLS_SSL_IN_CONTENT_LEN
+#define MBEDTLS_SSL_MAX_CONTENT_LEN             CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
+
+#else
+
+/** \def MBEDTLS_SSL_IN_CONTENT_LEN
  *
  * Maximum incoming fragment length in bytes.
  *
  * Uncomment to set the size of the inward TLS buffer independently of the
  * outward buffer.
  */
-// #define MBEDTLS_SSL_IN_CONTENT_LEN              16384
- /** \def MBEDTLS_SSL_OUT_CONTENT_LEN
+#define MBEDTLS_SSL_IN_CONTENT_LEN              CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN
+
+/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
  *
  * Maximum outgoing fragment length in bytes.
  *
@@ -2805,43 +2254,9 @@
  * guaranteed if the other end of the connection also supports the TLS
  * max_fragment_len extension. Otherwise the connection may fail.
  */
-// #define MBEDTLS_SSL_OUT_CONTENT_LEN             16384
+#define MBEDTLS_SSL_OUT_CONTENT_LEN             CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN
 
-//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
-//#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
-//#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
-
-/**
- * Complete list of ciphersuites to use, in order of preference.
- *
- * \warning No dependency checking is done on that field! This option can only
- * be used to restrict the set of available ciphersuites. It is your
- * responsibility to make sure the needed modules are active.
- *
- * Use this to save a few hundred bytes of ROM (default ordering of all
- * available ciphersuites) and a few to a few hundred bytes of RAM.
- *
- * The value below is only an example, not the default.
- */
-//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-
-/* X509 options */
-//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
-//#define MBEDTLS_X509_MAX_FILE_PATH_LEN     512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
-
-/**
- * Allow SHA-1 in the default TLS configuration for certificate signing.
- * Without this build-time option, SHA-1 support must be activated explicitly
- * through mbedtls_ssl_conf_cert_profile. Turning on this option is not
- * recommended because of it is possible to generate SHA-1 collisions, however
- * this may be safe for legacy infrastructure where additional controls apply.
- *
- * \warning   SHA-1 is considered a weak message digest and its use constitutes
- *            a security risk. If possible, we recommend avoiding dependencies
- *            on it, and considering stronger message digests instead.
- *
- */
-// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+#endif /* !CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN */
 
 /**
  * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
@@ -2850,23 +2265,14 @@
  * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
  * default. At the time of writing, there is no practical attack on the use
  * of SHA-1 in handshake signatures, hence this option is turned on by default
- * to preserve compatibility with existing peers, but the general
- * warning applies nonetheless:
- *
- * \warning   SHA-1 is considered a weak message digest and its use constitutes
- *            a security risk. If possible, we recommend avoiding dependencies
- *            on it, and considering stronger message digests instead.
- *
+ * for compatibility with existing peers.
  */
 #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
 
-/* \} name SECTION: Customisation configuration options */
+/* \} name SECTION: Module configuration options */
 
-/* Target and application specific configurations */
-//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h"
-
-#if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE)
-#include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE
+#if defined(TARGET_LIKE_MBED)
+#include "mbedtls/target_config.h"
 #endif
 
 /*
@@ -2882,6 +2288,6 @@
 #include MBEDTLS_USER_CONFIG_FILE
 #endif
 
-#include "check_config.h"
+#include "mbedtls/check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */
diff --git a/components/ssl/mbedtls/port/esp8266/include/mbedtls/esp_debug.h b/components/mbedtls/port/include/mbedtls/esp_debug.h
similarity index 93%
rename from components/ssl/mbedtls/port/esp8266/include/mbedtls/esp_debug.h
rename to components/mbedtls/port/include/mbedtls/esp_debug.h
index dd5c8a51..ecd4688f 100644
--- a/components/ssl/mbedtls/port/esp8266/include/mbedtls/esp_debug.h
+++ b/components/mbedtls/port/include/mbedtls/esp_debug.h
@@ -1,4 +1,4 @@
-// Copyright 2018 Espressif Systems (Shanghai) PTE LTD
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -14,12 +14,13 @@
 #ifndef _ESP_DEBUG_H_
 #define _ESP_DEBUG_H_
 
+#include "mbedtls/ssl.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif
 
 #include "sdkconfig.h"
-
 #ifdef CONFIG_MBEDTLS_DEBUG
 
 /** @brief Enable mbedTLS debug logging via the esp_log mechanism.
@@ -48,10 +49,11 @@ void mbedtls_esp_enable_debug_log(mbedtls_ssl_config *conf, int threshold);
  */
 void mbedtls_esp_disable_debug_log(mbedtls_ssl_config *conf);
 
+
 #endif
 
 #ifdef __cplusplus
 }
 #endif
 
-#endif /* __ESP_DEBUG_H__ */
\ No newline at end of file
+#endif /* __ESP_DEBUG_H__ */
diff --git a/components/ssl/mbedtls/port/esp8266/include/sha1_alt.h b/components/mbedtls/port/include/sha1_alt.h
similarity index 60%
rename from components/ssl/mbedtls/port/esp8266/include/sha1_alt.h
rename to components/mbedtls/port/include/sha1_alt.h
index c7f0f9d1..54b77408 100644
--- a/components/ssl/mbedtls/port/esp8266/include/sha1_alt.h
+++ b/components/mbedtls/port/include/sha1_alt.h
@@ -1,5 +1,5 @@
 /*
- *  SHA-1 implementation with extra ESP8266 support added.
+ *  SHA-1 implementation with hardware ESP32 support added.
  *  Uses mbedTLS software implementation for failover when concurrent
  *  SHA operations are in use.
  *
@@ -29,28 +29,29 @@ extern "C" {
 
 #if defined(MBEDTLS_SHA1_ALT)
 
-#include "esp_sha.h"
+typedef enum {
+    ESP_MBEDTLS_SHA1_UNUSED, /* first block hasn't been processed yet */
+    ESP_MBEDTLS_SHA1_HARDWARE, /* using hardware SHA engine */
+    ESP_MBEDTLS_SHA1_SOFTWARE, /* using software SHA */
+} esp_mbedtls_sha1_mode;
 
-typedef esp_sha1_t mbedtls_sha1_context;
+/**
+ * \brief          SHA-1 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[5];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+    esp_mbedtls_sha1_mode mode;
+}
+mbedtls_sha1_context;
 
-#define mbedtls_sha1_init(_ctx)                     { }
-
-#define mbedtls_sha1_free(_ctx)                     { }
-
-#define mbedtls_sha1_clone(_d, _s)                  { *(_d) = *(_s); }
-
-#define mbedtls_sha1_starts_ret(_ctx)               esp_sha1_init(_ctx)
-
-#define mbedtls_sha1_update_ret(_ctx, _s, _l)       esp_sha1_update(_ctx, _s, _l)
-
-#define mbedtls_sha1_finish_ret(_ctx, _d)           esp_sha1_finish(_ctx, _d)
-
-#define mbedtls_internal_sha1_process(_ctx, _s)     esp_sha1_update(_ctx, _s, 64)
-
-#endif /* MBEDTLS_SHA1_ALT */
+#endif
 
 #ifdef __cplusplus
 }
 #endif
 
 #endif
+
diff --git a/components/mbedtls/port/include/sha256_alt.h b/components/mbedtls/port/include/sha256_alt.h
new file mode 100644
index 00000000..436f5324
--- /dev/null
+++ b/components/mbedtls/port/include/sha256_alt.h
@@ -0,0 +1,57 @@
+/*
+ *  SHA-256 implementation with hardware ESP32 support added.
+ *  Uses mbedTLS software implementation for failover when concurrent
+ *  SHA operations are in use.
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+#ifndef _SHA256_ALT_H_
+#define _SHA256_ALT_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MBEDTLS_SHA256_ALT)
+
+typedef enum {
+    ESP_MBEDTLS_SHA256_UNUSED, /* first block hasn't been processed yet */
+    ESP_MBEDTLS_SHA256_HARDWARE, /* using hardware SHA engine */
+    ESP_MBEDTLS_SHA256_SOFTWARE, /* using software SHA */
+} esp_mbedtls_sha256_mode;
+
+/**
+ * \brief          SHA-256 context structure
+ */
+typedef struct
+{
+    uint32_t total[2];          /*!< number of bytes processed  */
+    uint32_t state[8];          /*!< intermediate digest state  */
+    unsigned char buffer[64];   /*!< data block being processed */
+    int is224;                  /*!< 0 => SHA-256, else SHA-224 */
+    esp_mbedtls_sha256_mode mode;
+}
+mbedtls_sha256_context;
+
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/components/mbedtls/port/include/sha512_alt.h b/components/mbedtls/port/include/sha512_alt.h
new file mode 100644
index 00000000..36b8fc9d
--- /dev/null
+++ b/components/mbedtls/port/include/sha512_alt.h
@@ -0,0 +1,57 @@
+/*
+ *  SHA-512 implementation with hardware ESP32 support added.
+ *  Uses mbedTLS software implementation for failover when concurrent
+ *  SHA operations are in use.
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+#ifndef _SHA512_ALT_H_
+#define _SHA512_ALT_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MBEDTLS_SHA512_ALT)
+
+typedef enum {
+    ESP_MBEDTLS_SHA512_UNUSED, /* first block hasn't been processed yet */
+    ESP_MBEDTLS_SHA512_HARDWARE, /* using hardware SHA engine */
+    ESP_MBEDTLS_SHA512_SOFTWARE, /* using software SHA */
+} esp_mbedtls_sha512_mode;
+
+/**
+ * \brief          SHA-512 context structure
+ */
+typedef struct
+{
+    uint64_t total[2];          /*!< number of bytes processed  */
+    uint64_t state[8];          /*!< intermediate digest state  */
+    unsigned char buffer[128];  /*!< data block being processed */
+    int is384;                  /*!< 0 => SHA-512, else SHA-384 */
+    esp_mbedtls_sha512_mode mode;
+}
+mbedtls_sha512_context;
+
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/components/ssl/mbedtls/port/esp8266/mbedtls_debug.c b/components/mbedtls/port/mbedtls_debug.c
similarity index 64%
rename from components/ssl/mbedtls/port/esp8266/mbedtls_debug.c
rename to components/mbedtls/port/mbedtls_debug.c
index 962993d5..f7b55414 100644
--- a/components/ssl/mbedtls/port/esp8266/mbedtls_debug.c
+++ b/components/mbedtls/port/mbedtls_debug.c
@@ -1,4 +1,4 @@
-// Copyright 2018 Espressif Systems (Shanghai) PTE LTD
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -14,12 +14,14 @@
 
 #include <strings.h>
 
+#include "esp_log.h"
 #include "mbedtls/platform.h"
 #include "mbedtls/debug.h"
 #include "mbedtls/ssl.h"
 #include "mbedtls/esp_debug.h"
 
-#ifdef MBEDTLS_DEBUG_C
+#ifdef CONFIG_MBEDTLS_DEBUG
+static const char *TAG = "mbedtls";
 
 static void mbedtls_esp_debug(void *ctx, int level,
                               const char *file, int line,
@@ -27,8 +29,24 @@ static void mbedtls_esp_debug(void *ctx, int level,
 
 void mbedtls_esp_enable_debug_log(mbedtls_ssl_config *conf, int threshold)
 {
+    esp_log_level_t level = ESP_LOG_NONE;
     mbedtls_debug_set_threshold(threshold);
     mbedtls_ssl_conf_dbg(conf, mbedtls_esp_debug, NULL);
+    switch(threshold) {
+    case 1:
+        level = ESP_LOG_WARN;
+        break;
+    case 2:
+        level = ESP_LOG_INFO;
+        break;
+    case 3:
+        level = ESP_LOG_DEBUG;
+        break;
+    case 4:
+        level = ESP_LOG_VERBOSE;
+        break;
+    }
+    esp_log_level_set(TAG, level);
 }
 
 void mbedtls_esp_disable_debug_log(mbedtls_ssl_config *conf)
@@ -36,6 +54,7 @@ void mbedtls_esp_disable_debug_log(mbedtls_ssl_config *conf)
     mbedtls_ssl_conf_dbg(conf, NULL, NULL);
 }
 
+
 /* Default mbedtls debug function that translates mbedTLS debug output
    to ESP_LOGx debug output.
 */
@@ -54,7 +73,22 @@ static void mbedtls_esp_debug(void *ctx, int level,
     if(file_sep)
         file = file_sep+1;
 
-    printf("mbedtls: %s:%d %s", file, line, str);
+    switch(level) {
+    case 1:
+        ESP_LOGW(TAG, "%s:%d %s", file, line, str);
+        break;
+    case 2:
+        ESP_LOGI(TAG, "%s:%d %s", file, line, str);
+        break;
+    case 3:
+        ESP_LOGD(TAG, "%s:%d %s", file, line, str);
+        break;
+    case 4:
+        ESP_LOGV(TAG, "%s:%d %s", file, line, str);
+        break;
+    default:
+        ESP_LOGE(TAG, "Unexpected log level %d: %s", level, str);
+        break;
+    }
 }
-
 #endif
\ No newline at end of file
diff --git a/components/mbedtls/port/net_sockets.c b/components/mbedtls/port/net_sockets.c
new file mode 100644
index 00000000..e6451007
--- /dev/null
+++ b/components/mbedtls/port/net_sockets.c
@@ -0,0 +1,451 @@
+/*
+ *  TCP/IP or UDP/IP networking functions
+ *  modified for LWIP support on ESP32
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Additions Copyright (C) 2015 Angus Gratton
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if !defined(MBEDTLS_NET_C)
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_calloc    calloc
+#define mbedtls_free      free
+#define mbedtls_time      time
+#define mbedtls_time_t    time_t
+#endif
+
+#include "mbedtls/net_sockets.h"
+
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <netdb.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <time.h>
+#include <stdint.h>
+
+/*
+ * Prepare for using the sockets interface
+ */
+static int net_prepare( void )
+{
+    return ( 0 );
+}
+
+/*
+ * Initialize a context
+ */
+void mbedtls_net_init( mbedtls_net_context *ctx )
+{
+    ctx->fd = -1;
+}
+
+/*
+ * Initiate a TCP connection with host:port and the given protocol
+ */
+int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto )
+{
+    int ret;
+    struct addrinfo hints, *addr_list, *cur;
+
+    if ( ( ret = net_prepare() ) != 0 ) {
+        return ( ret );
+    }
+
+    /* Do name resolution with both IPv6 and IPv4 */
+    memset( &hints, 0, sizeof( hints ) );
+    hints.ai_family = AF_UNSPEC;
+    hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
+    hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
+
+    if ( getaddrinfo( host, port, &hints, &addr_list ) != 0 ) {
+        return ( MBEDTLS_ERR_NET_UNKNOWN_HOST );
+    }
+
+    /* Try the sockaddrs until a connection succeeds */
+    ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
+    for ( cur = addr_list; cur != NULL; cur = cur->ai_next ) {
+        int fd = socket( cur->ai_family, cur->ai_socktype, cur->ai_protocol );
+
+        if ( fd < 0 ) {
+            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
+            continue;
+        }
+
+        if ( connect( fd, cur->ai_addr, cur->ai_addrlen ) == 0 ) {
+            ctx->fd = fd; // connected!
+            ret = 0;
+            break;
+        }
+
+        close( fd );
+        ret = MBEDTLS_ERR_NET_CONNECT_FAILED;
+    }
+
+    freeaddrinfo( addr_list );
+
+    return ( ret );
+}
+
+/*
+ * Create a listening socket on bind_ip:port
+ */
+int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto )
+{
+    int ret;
+    struct addrinfo hints, *addr_list, *cur;
+    struct sockaddr_in *serv_addr = NULL;
+#if SO_REUSE
+    int n = 1;
+#endif
+
+    if ( ( ret = net_prepare() ) != 0 ) {
+        return ( ret );
+    }
+
+    /* Bind to IPv6 and/or IPv4, but only in the desired protocol */
+    memset( &hints, 0, sizeof( hints ) );
+    hints.ai_family = AF_UNSPEC;
+    hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
+    hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
+
+    if ( getaddrinfo( bind_ip, port, &hints, &addr_list ) != 0 ) {
+        return ( MBEDTLS_ERR_NET_UNKNOWN_HOST );
+    }
+
+    /* Try the sockaddrs until a binding succeeds */
+    ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
+    for ( cur = addr_list; cur != NULL; cur = cur->ai_next ) {
+        int fd = socket( cur->ai_family, cur->ai_socktype, cur->ai_protocol );
+        if ( fd < 0 ) {
+            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
+            continue;
+        }
+
+        /*SO_REUSEADDR option dafault is disable in source code(lwip)*/
+#if SO_REUSE
+        if ( setsockopt( fd, SOL_SOCKET, SO_REUSEADDR,
+                         (const char *) &n, sizeof( n ) ) != 0 ) {
+            close( fd );
+            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
+            continue;
+        }
+#endif
+        /*bind interface dafault don't process the addr is 0xffffffff for TCP Protocol*/
+        serv_addr = (struct sockaddr_in *)cur->ai_addr;
+        serv_addr->sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
+        if ( bind( fd, (struct sockaddr *)serv_addr, cur->ai_addrlen ) != 0 ) {
+            close( fd );
+            ret = MBEDTLS_ERR_NET_BIND_FAILED;
+            continue;
+        }
+
+        /* Listen only makes sense for TCP */
+        if ( proto == MBEDTLS_NET_PROTO_TCP ) {
+            if ( listen( fd, MBEDTLS_NET_LISTEN_BACKLOG ) != 0 ) {
+                close( fd );
+                ret = MBEDTLS_ERR_NET_LISTEN_FAILED;
+                continue;
+            }
+        }
+
+        /* I we ever get there, it's a success */
+        ctx->fd = fd;
+        ret = 0;
+        break;
+    }
+
+    freeaddrinfo( addr_list );
+
+    return ( ret );
+
+}
+
+/*
+ * Check if the requested operation would be blocking on a non-blocking socket
+ * and thus 'failed' with a negative return value.
+ *
+ * Note: on a blocking socket this function always returns 0!
+ */
+static int net_would_block( const mbedtls_net_context *ctx )
+{
+    int error = errno;
+
+    /*
+     * Never return 'WOULD BLOCK' on a non-blocking socket
+     */
+    if ( ( fcntl( ctx->fd, F_GETFL, 0) & O_NONBLOCK ) != O_NONBLOCK ) {
+        errno = error;
+        return ( 0 );
+    }
+
+    switch ( errno = error ) {
+#if defined EAGAIN
+    case EAGAIN:
+#endif
+#if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN
+    case EWOULDBLOCK:
+#endif
+        return ( 1 );
+    }
+    return ( 0 );
+}
+
+/*
+ * Accept a connection from a remote client
+ */
+int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
+                        mbedtls_net_context *client_ctx,
+                        void *client_ip, size_t buf_size, size_t *ip_len )
+{
+    int ret;
+    int type;
+
+    struct sockaddr_in client_addr;
+
+    socklen_t n = (socklen_t) sizeof( client_addr );
+    socklen_t type_len = (socklen_t) sizeof( type );
+
+    /* Is this a TCP or UDP socket? */
+    if ( getsockopt( bind_ctx->fd, SOL_SOCKET, SO_TYPE,
+                     (void *) &type, (socklen_t *) &type_len ) != 0 ||
+            ( type != SOCK_STREAM && type != SOCK_DGRAM ) ) {
+        return ( MBEDTLS_ERR_NET_ACCEPT_FAILED );
+    }
+
+    if ( type == SOCK_STREAM ) {
+        /* TCP: actual accept() */
+        ret = client_ctx->fd = (int) accept( bind_ctx->fd,
+                                             (struct sockaddr *) &client_addr, &n );
+    } else {
+        /* UDP: wait for a message, but keep it in the queue */
+        char buf[1] = { 0 };
+
+        ret = recvfrom( bind_ctx->fd, buf, sizeof( buf ), MSG_PEEK,
+                        (struct sockaddr *) &client_addr, &n );
+
+    }
+
+    if ( ret < 0 ) {
+        if ( net_would_block( bind_ctx ) != 0 ) {
+            return ( MBEDTLS_ERR_SSL_WANT_READ );
+        }
+
+        return ( MBEDTLS_ERR_NET_ACCEPT_FAILED );
+    }
+
+    /* UDP: hijack the listening socket to communicate with the client,
+     * then bind a new socket to accept new connections */
+    if ( type != SOCK_STREAM ) {
+        struct sockaddr_in local_addr;
+        int one = 1;
+
+        if ( connect( bind_ctx->fd, (struct sockaddr *) &client_addr, n ) != 0 ) {
+            return ( MBEDTLS_ERR_NET_ACCEPT_FAILED );
+        }
+
+        client_ctx->fd = bind_ctx->fd;
+        bind_ctx->fd   = -1; /* In case we exit early */
+
+        n = sizeof( struct sockaddr_in );
+        if ( getsockname( client_ctx->fd,
+                          (struct sockaddr *) &local_addr, &n ) != 0 ||
+                ( bind_ctx->fd = (int) socket( AF_INET,
+                                               SOCK_DGRAM, IPPROTO_UDP ) ) < 0 ||
+                setsockopt( bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR,
+                            (const char *) &one, sizeof( one ) ) != 0 ) {
+            return ( MBEDTLS_ERR_NET_SOCKET_FAILED );
+        }
+
+        if ( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 ) {
+            return ( MBEDTLS_ERR_NET_BIND_FAILED );
+        }
+    }
+
+    if ( client_ip != NULL ) {
+        struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr;
+        *ip_len = sizeof( addr4->sin_addr.s_addr );
+
+        if ( buf_size < *ip_len ) {
+            return ( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL );
+        }
+
+        memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len );
+    }
+
+    return ( 0 );
+}
+
+/*
+ * Set the socket blocking or non-blocking
+ */
+int mbedtls_net_set_block( mbedtls_net_context *ctx )
+{
+    return ( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) & ~O_NONBLOCK ) );
+}
+
+int mbedtls_net_set_nonblock( mbedtls_net_context *ctx )
+{
+    return ( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) | O_NONBLOCK ) );
+}
+
+/*
+ * Portable usleep helper
+ */
+void mbedtls_net_usleep( unsigned long usec )
+{
+    struct timeval tv;
+    tv.tv_sec  = usec / 1000000;
+    tv.tv_usec = usec % 1000000;
+    select( 0, NULL, NULL, NULL, &tv );
+}
+
+/*
+ * Read at most 'len' characters
+ */
+int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
+{
+    int ret;
+    int fd = ((mbedtls_net_context *) ctx)->fd;
+
+    if ( fd < 0 ) {
+        return ( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+    }
+
+    ret = (int) read( fd, buf, len );
+
+    if ( ret < 0 ) {
+        if ( net_would_block( ctx ) != 0 ) {
+            return ( MBEDTLS_ERR_SSL_WANT_READ );
+        }
+
+        if ( errno == EPIPE || errno == ECONNRESET ) {
+            return ( MBEDTLS_ERR_NET_CONN_RESET );
+        }
+
+        if ( errno == EINTR ) {
+            return ( MBEDTLS_ERR_SSL_WANT_READ );
+        }
+
+        return ( MBEDTLS_ERR_NET_RECV_FAILED );
+    }
+
+    return ( ret );
+}
+
+/*
+ * Read at most 'len' characters, blocking for at most 'timeout' ms
+ */
+int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
+                              uint32_t timeout )
+{
+    int ret;
+    struct timeval tv;
+    fd_set read_fds;
+    int fd = ((mbedtls_net_context *) ctx)->fd;
+
+    if ( fd < 0 ) {
+        return ( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+    }
+
+    FD_ZERO( &read_fds );
+    FD_SET( fd, &read_fds );
+
+    tv.tv_sec  = timeout / 1000;
+    tv.tv_usec = ( timeout % 1000 ) * 1000;
+
+    ret = select( fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv );
+
+    /* Zero fds ready means we timed out */
+    if ( ret == 0 ) {
+        return ( MBEDTLS_ERR_SSL_TIMEOUT );
+    }
+
+    if ( ret < 0 ) {
+        if ( errno == EINTR ) {
+            return ( MBEDTLS_ERR_SSL_WANT_READ );
+        }
+
+        return ( MBEDTLS_ERR_NET_RECV_FAILED );
+    }
+
+    /* This call will not block */
+    return ( mbedtls_net_recv( ctx, buf, len ) );
+}
+
+/*
+ * Write at most 'len' characters
+ */
+int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
+{
+    int ret;
+    int fd = ((mbedtls_net_context *) ctx)->fd;
+
+    if ( fd < 0 ) {
+        return ( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+    }
+
+    ret = (int) write( fd, buf, len );
+
+    if ( ret < 0 ) {
+        if ( net_would_block( ctx ) != 0 ) {
+            return ( MBEDTLS_ERR_SSL_WANT_WRITE );
+        }
+
+        if ( errno == EPIPE || errno == ECONNRESET ) {
+            return ( MBEDTLS_ERR_NET_CONN_RESET );
+        }
+
+        if ( errno == EINTR ) {
+            return ( MBEDTLS_ERR_SSL_WANT_WRITE );
+        }
+
+        return ( MBEDTLS_ERR_NET_SEND_FAILED );
+    }
+
+    return ( ret );
+}
+
+/*
+ * Gracefully close the connection
+ */
+void mbedtls_net_free( mbedtls_net_context *ctx )
+{
+    if ( ctx->fd == -1 ) {
+        return;
+    }
+
+    shutdown( ctx->fd, 2 );
+    close( ctx->fd );
+
+    ctx->fd = -1;
+}
+
+#endif /* MBEDTLS_NET_C */
diff --git a/components/mbedtls/test/CMakeLists.txt b/components/mbedtls/test/CMakeLists.txt
new file mode 100644
index 00000000..ea3ab041
--- /dev/null
+++ b/components/mbedtls/test/CMakeLists.txt
@@ -0,0 +1,9 @@
+idf_component_register(SRC_DIRS "."
+                    INCLUDE_DIRS "."
+                    REQUIRES unity test_utils mbedtls)
+
+idf_component_get_property(mbedtls mbedtls COMPONENT_LIB)
+target_compile_definitions(${mbedtls} INTERFACE "-DMBEDTLS_DEPRECATED_WARNING")
+target_compile_definitions(mbedtls PUBLIC "-DMBEDTLS_DEPRECATED_WARNING")
+target_compile_definitions(mbedcrypto PUBLIC "-DMBEDTLS_DEPRECATED_WARNING")
+target_compile_definitions(mbedx509 PUBLIC "-DMBEDTLS_DEPRECATED_WARNING")
diff --git a/components/mbedtls/test/component.mk b/components/mbedtls/test/component.mk
new file mode 100644
index 00000000..5dd172bd
--- /dev/null
+++ b/components/mbedtls/test/component.mk
@@ -0,0 +1,5 @@
+#
+#Component Makefile
+#
+
+COMPONENT_ADD_LDFLAGS = -Wl,--whole-archive -l$(COMPONENT_NAME) -Wl,--no-whole-archive
diff --git a/components/mbedtls/test/test_aes_perf.c b/components/mbedtls/test/test_aes_perf.c
new file mode 100644
index 00000000..1447e4b2
--- /dev/null
+++ b/components/mbedtls/test/test_aes_perf.c
@@ -0,0 +1,71 @@
+/* mbedTLS AES performance test
+*/
+#include <string.h>
+#include <stdio.h>
+#include <stdbool.h>
+#include <esp_system.h>
+#include "mbedtls/aes.h"
+#include "unity.h"
+#include "sdkconfig.h"
+#include "esp_timer.h"
+#include "esp_heap_caps.h"
+#include "test_utils.h"
+
+TEST_CASE("mbedtls AES performance", "[aes]")
+{
+    const unsigned CALLS = 256;
+    const unsigned CALL_SZ = 32*1024;
+    mbedtls_aes_context ctx;
+    int64_t start, end;
+    uint8_t iv[16];
+    uint8_t key[16];
+
+    memset(iv, 0xEE, 16);
+    memset(key, 0x44, 16);
+
+    // allocate internal memory
+    uint8_t *buf = heap_caps_malloc(CALL_SZ, MALLOC_CAP_8BIT|MALLOC_CAP_INTERNAL);
+    TEST_ASSERT_NOT_NULL(buf);
+    mbedtls_aes_init(&ctx);
+    mbedtls_aes_setkey_enc(&ctx, key, 128);
+
+    start = esp_timer_get_time();
+    for (int c = 0; c < CALLS; c++) {
+        memset(buf, 0xAA, CALL_SZ);
+        mbedtls_aes_crypt_cbc(&ctx, MBEDTLS_AES_ENCRYPT, CALL_SZ, iv, buf, buf);
+    }
+    end = esp_timer_get_time();
+
+    /* Sanity check: make sure the last ciphertext block matches
+       what we expect to see.
+
+       Last block produced via this Python:
+       import os, binascii
+       from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+       from cryptography.hazmat.backends import default_backend
+       key = b'\x44' * 16
+       iv = b'\xee' * 16
+       cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
+       encryptor = cipher.encryptor()
+       ct = encryptor.update(b'\xaa' * 256 * 32 * 1024) + encryptor.finalize()
+       print(binascii.hexlify(ct[-16:]))
+    */
+    const uint8_t expected_last_block[] = {
+        0x50, 0x81, 0xe0, 0xe1, 0x15, 0x2f, 0x14, 0xe9,
+        0x97, 0xa0, 0xc6, 0xe6, 0x36, 0xf3, 0x5c, 0x25,
+    };
+    TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_last_block, buf + CALL_SZ - 16, 16);
+
+    free(buf);
+
+    float usecs = end - start;
+    // bytes/usec = MB/sec
+    float mb_sec = (CALL_SZ * CALLS) / usecs;
+    printf("Encryption rate %.3fMB/sec\n", mb_sec);
+#ifdef CONFIG_MBEDTLS_HARDWARE_AES
+    // Don't put a hard limit on software AES performance (software is approx 2.3MB/sec on Release config)
+    TEST_PERFORMANCE_GREATER_THAN(AES_CBC_THROUGHPUT_MBSEC, "%.3fMB/sec", mb_sec);
+#endif
+}
+
+
diff --git a/components/mbedtls/test/test_apb_dport_access.c b/components/mbedtls/test/test_apb_dport_access.c
new file mode 100644
index 00000000..07203ac1
--- /dev/null
+++ b/components/mbedtls/test/test_apb_dport_access.c
@@ -0,0 +1,56 @@
+/* Implementation of utility functions to verify
+   unit tests aren't performing SMP-unsafe DPORT reads.
+*/
+
+#include "unity.h"
+#include "sdkconfig.h"
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "soc/uart_periph.h"
+#include "test_apb_dport_access.h"
+#include "test_utils.h"
+
+#ifndef CONFIG_FREERTOS_UNICORE
+
+static void apb_access_loop_task(void *ignore);
+
+static volatile bool apb_access_corrupt;
+static TaskHandle_t apb_task_handle;
+
+void start_apb_access_loop(void)
+{
+    apb_access_corrupt = false;
+    xTaskCreatePinnedToCore(apb_access_loop_task, "accessAPB", 2048, NULL,
+                            UNITY_FREERTOS_PRIORITY - 1,
+                            &apb_task_handle, !UNITY_FREERTOS_CPU);
+}
+
+void verify_apb_access_loop(void)
+{
+    vTaskDelete(apb_task_handle);
+    apb_task_handle = NULL;
+    TEST_ASSERT_FALSE(apb_access_corrupt);
+    printf("Verified no APB corruption from operations\n");
+}
+
+static void apb_access_loop_task(void *ignore)
+{
+    uint32_t initial = REG_READ(UART_DATE_REG(0));
+    while(1) {
+        if (REG_READ(UART_DATE_REG(0)) != initial) {
+            apb_access_corrupt = true;
+        }
+    }
+}
+
+#else /*CONFIG_FREERTOS_UNICORE */
+
+void start_apb_access_loop(void)
+{
+}
+
+void verify_apb_access_loop(void)
+{
+}
+
+#endif
diff --git a/components/mbedtls/test/test_apb_dport_access.h b/components/mbedtls/test/test_apb_dport_access.h
new file mode 100644
index 00000000..8f30e046
--- /dev/null
+++ b/components/mbedtls/test/test_apb_dport_access.h
@@ -0,0 +1,18 @@
+/* Utility functions to test that APB access is still safe
+   while the other CPU performs some set of DPORT accesses
+
+   (see ECO 3.10 and the standalone esp32 test_dport.c for more).
+*/
+
+/* start_apb_access_loop() starts a task reading from APB in a loop on the non-Unity-test CPU.
+
+   Call this before doing something which involes DPORT reads.
+
+   Does nothing in unicore mode.
+*/
+void start_apb_access_loop(void);
+
+/* verify_apb_access_loop() kills the task started by start_apb_access_loop()
+   and verifies that none of the APB reads were corrupted by unsafe DPORT reads.
+*/
+void verify_apb_access_loop(void);
diff --git a/components/mbedtls/test/test_ecp.c b/components/mbedtls/test/test_ecp.c
new file mode 100644
index 00000000..0c8f571d
--- /dev/null
+++ b/components/mbedtls/test/test_ecp.c
@@ -0,0 +1,77 @@
+/* mbedTLS Elliptic Curve functionality tests
+
+   Focus on testing functionality where we use ESP32 hardware
+   accelerated crypto features.
+
+*/
+#include <string.h>
+#include <stdio.h>
+#include <stdbool.h>
+#include <esp_system.h>
+
+#include <mbedtls/entropy.h>
+#include <mbedtls/ctr_drbg.h>
+#include <mbedtls/ecdh.h>
+#include <mbedtls/ecdsa.h>
+#include <mbedtls/error.h>
+
+#include "unity.h"
+
+/* Note: negative value here so that assert message prints a grep-able
+   error hex value (mbedTLS uses -N for error codes) */
+#define TEST_ASSERT_MBEDTLS_OK(X) TEST_ASSERT_EQUAL_HEX32(0, -(X))
+
+TEST_CASE("mbedtls ECDH Generate Key", "[mbedtls]")
+{
+    mbedtls_ecdh_context ctx;
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+
+    mbedtls_ecdh_init(&ctx);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+
+    mbedtls_entropy_init(&entropy);
+    TEST_ASSERT_MBEDTLS_OK( mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0) );
+
+    TEST_ASSERT_MBEDTLS_OK( mbedtls_ecp_group_load(&ctx.grp, MBEDTLS_ECP_DP_CURVE25519) );
+
+    TEST_ASSERT_MBEDTLS_OK( mbedtls_ecdh_gen_public(&ctx.grp, &ctx.d, &ctx.Q,
+                                                    mbedtls_ctr_drbg_random, &ctr_drbg ) );
+
+    mbedtls_ecdh_free(&ctx);
+    mbedtls_ctr_drbg_free(&ctr_drbg);
+    mbedtls_entropy_free(&entropy);
+}
+
+TEST_CASE("mbedtls ECP self-tests", "[mbedtls]")
+{
+    TEST_ASSERT_EQUAL(0, mbedtls_ecp_self_test(1));
+}
+
+TEST_CASE("mbedtls ECP mul w/ koblitz", "[mbedtls]")
+{
+    /* Test case code via https://github.com/espressif/esp-idf/issues/1556 */
+    mbedtls_entropy_context ctxEntropy;
+    mbedtls_ctr_drbg_context ctxRandom;
+    mbedtls_ecdsa_context ctxECDSA;
+    const char* pers = "myecdsa";
+
+    mbedtls_entropy_init(&ctxEntropy);
+    mbedtls_ctr_drbg_init(&ctxRandom);
+    TEST_ASSERT_MBEDTLS_OK( mbedtls_ctr_drbg_seed(&ctxRandom, mbedtls_entropy_func, &ctxEntropy,
+                                                  (const unsigned char*) pers, strlen(pers)) );
+
+    mbedtls_ecdsa_init(&ctxECDSA);
+
+    TEST_ASSERT_MBEDTLS_OK( mbedtls_ecdsa_genkey(&ctxECDSA, MBEDTLS_ECP_DP_SECP256K1,
+                                                 mbedtls_ctr_drbg_random, &ctxRandom) );
+
+
+    TEST_ASSERT_MBEDTLS_OK(mbedtls_ecp_mul(&ctxECDSA.grp, &ctxECDSA.Q, &ctxECDSA.d, &ctxECDSA.grp.G,
+                                           mbedtls_ctr_drbg_random, &ctxRandom) );
+
+    mbedtls_ecdsa_free(&ctxECDSA);
+    mbedtls_ctr_drbg_free(&ctxRandom);
+    mbedtls_entropy_free(&ctxEntropy);
+}
+
diff --git a/components/mbedtls/test/test_mbedtls.c b/components/mbedtls/test/test_mbedtls.c
new file mode 100644
index 00000000..9dc1b664
--- /dev/null
+++ b/components/mbedtls/test/test_mbedtls.c
@@ -0,0 +1,45 @@
+/* mbedTLS self-tests as unit tests
+
+   Focus on testing functionality where we use ESP32 hardware
+   accelerated crypto features.
+
+   See also test_hwcrypto.c in esp32 component, which tests hardware crypto without mbedTLS.
+*/
+#include <string.h>
+#include <stdio.h>
+#include <stdbool.h>
+#include <esp_system.h>
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/sha512.h"
+#include "mbedtls/aes.h"
+#include "mbedtls/bignum.h"
+#include "mbedtls/rsa.h"
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "freertos/semphr.h"
+#include "unity.h"
+#include "sdkconfig.h"
+#include "test_apb_dport_access.h"
+
+TEST_CASE("mbedtls AES self-tests", "[aes]")
+{
+    start_apb_access_loop();
+    TEST_ASSERT_FALSE_MESSAGE(mbedtls_aes_self_test(1), "AES self-tests should pass.");
+    verify_apb_access_loop();
+}
+
+TEST_CASE("mbedtls MPI self-tests", "[bignum]")
+{
+    start_apb_access_loop();
+    TEST_ASSERT_FALSE_MESSAGE(mbedtls_mpi_self_test(1), "MPI self-tests should pass.");
+    verify_apb_access_loop();
+}
+
+TEST_CASE("mbedtls RSA self-tests", "[bignum]")
+{
+    start_apb_access_loop();
+    TEST_ASSERT_FALSE_MESSAGE(mbedtls_rsa_self_test(1), "RSA self-tests should pass.");
+    verify_apb_access_loop();
+}
+
diff --git a/components/mbedtls/test/test_mbedtls_mpi.c b/components/mbedtls/test/test_mbedtls_mpi.c
new file mode 100644
index 00000000..084fe348
--- /dev/null
+++ b/components/mbedtls/test/test_mbedtls_mpi.c
@@ -0,0 +1,211 @@
+/* mbedTLS bignum (MPI) self-tests as unit tests
+*/
+#include <string.h>
+#include <stdio.h>
+#include <stdbool.h>
+#include <esp_system.h>
+#include "mbedtls/bignum.h"
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "freertos/semphr.h"
+#include "unity.h"
+#include "sdkconfig.h"
+
+#define MBEDTLS_OK 0
+
+/* Debugging function to print an MPI number to stdout. Happens to
+   print output that can be copy-pasted directly into a Python shell.
+*/
+void mbedtls_mpi_printf(const char *name, const mbedtls_mpi *X)
+{
+    static char buf[1024];
+    size_t n;
+    memset(buf, 0, sizeof(buf));
+    mbedtls_mpi_write_string(X, 16, buf, sizeof(buf)-1, &n);
+    if(n) {
+        printf("%s = 0x%s\n", name, buf);
+    } else {
+        printf("%s = TOOLONG\n", name);
+    }
+}
+
+/* Assert E = A * B */
+static void test_bignum_mult(const char *a_str, const char *b_str, const char *e_str, size_t mod_bits)
+{
+    mbedtls_mpi A, B, X, E, M;
+    char x_buf[1024] = { 0 };
+    size_t x_buf_len = 0;
+
+    mbedtls_mpi_init(&A);
+    mbedtls_mpi_init(&B);
+    mbedtls_mpi_init(&X);
+    mbedtls_mpi_init(&E);
+
+    TEST_ASSERT_FALSE(mbedtls_mpi_read_string(&A, 16, a_str));
+    TEST_ASSERT_FALSE(mbedtls_mpi_read_string(&B, 16, b_str));
+
+    /* E = A * B */
+    TEST_ASSERT_FALSE(mbedtls_mpi_read_string(&E, 16, e_str));
+    TEST_ASSERT_FALSE(mbedtls_mpi_mul_mpi(&X, &A, &B));
+
+    mbedtls_mpi_write_string(&X, 16, x_buf, sizeof(x_buf)-1, &x_buf_len);
+    TEST_ASSERT_EQUAL_STRING_MESSAGE(e_str, x_buf, "mbedtls_mpi_mul_mpi result wrong");
+
+    /* if mod_bits arg is set, also do a esp_mpi_mul_mod() call */
+    if (mod_bits > 0) {
+        mbedtls_mpi_init(&M);
+        for(int i = 0; i < mod_bits; i++) {
+            mbedtls_mpi_set_bit(&M, i, 1);
+        }
+
+        TEST_ASSERT_FALSE(esp_mpi_mul_mpi_mod(&X, &A, &B, &M));
+
+        mbedtls_mpi_write_string(&X, 16, x_buf, sizeof(x_buf)-1, &x_buf_len);
+        TEST_ASSERT_EQUAL_STRING_MESSAGE(e_str, x_buf, "esp_mpi_mul_mpi_mod result wrong");
+
+        mbedtls_mpi_free(&M);
+    }
+
+
+    mbedtls_mpi_free(&A);
+    mbedtls_mpi_free(&B);
+    mbedtls_mpi_free(&X);
+    mbedtls_mpi_free(&E);
+}
+
+TEST_CASE("test MPI multiplication", "[bignum]")
+{
+    /* Run some trivial numbers tests w/ various high modulo bit counts,
+     should make no difference to the result
+    */
+    for(int i = 512; i <= 4096; i+= 512) {
+        test_bignum_mult("10", "100", "1000",
+                         i);
+    }
+
+    test_bignum_mult("60006FA8D3E3BD746BE39B860FFAADB4F108E15CF2ED8F685FB0E86CC4CB107A488720B41C3F1E18550F00619CD3CA8442296ECB54D2F52ECEE5346D310195700000000",
+                     "BF474CA7",
+                     "047BB102CAF58A48D3D97E4231BC0B753051D8232B9B939A2A4E310F88E65FEFD7762FC2DE0E2BAD6AA51A391DFFABD120653A312E4998F42E2C03AA404EE63B67275BC100000000",
+                     1024);
+
+    test_bignum_mult("49493AC229831EC01EEB01EAF3BBEBC44768EADF9ABC30C87D1791F5E04245756ED4965361EC0599626884DF079B6B5738985CE76BD66FAA67E3AAAD60775D5C9D44C09FDF9E27C033696C007BE1C540D718CA148BA01FFA4A358541E9E9F02F72BE37AFAB037DAEA5E3669A770400D2F4A5DBBD83A83919D05E3DD64787BC80000000",
+                     "B878CC29",
+                     "34CF37013066D5BDA2C86CF1FE7BDA66604E0D55DAFF9864B6E727BFF5871012B0AB73D28D4E100BA1E4607AA2A247C912FDBC435C6BF7C5F8E00278AE1381B1E5F6E3D52D2CBE819F0D65CB37370666D156E7A7B1FD4698D8C9D3165FC8A83F9293C839521993619CCF8180E521300C4306206C9121D629754F1FCC7839BF6DFAF33080000000",
+                     3072);
+
+    test_bignum_mult("24BF6185468786FDD303083D25E64EFC66CA472BC44D253102F8B4A9D3BFA75091386C0077937FE33FA3252D28855837AE1B484A8A9A45F7EE8C0C634F9E8CDDF79C5CE07EE72C7F123142198164234CABB724CF78B8173B9F880FC86322407AF1FEDFDDE2BEB674CA15F3E81A1521E071513A1E85B5DFA031F21ECAE9A34D",
+                     "010001",
+                     "24BF8644A80CCD855A00DB402E2374E2B5C6ADF60B78E97E2829B7A288697B103888FD38E393F776BF8664D04DB280BD0652F665D2E4D0923483FAEF5C01DC7C847A547CDBC7AB663EB0544AC37DA4B0CF03D0869D878FF3B6C3AF5072EAA39D3279D1DCC29C9933808ABDFE0DFD3BF59331AB6FBFD46556119250BD086E36A34D",
+        1536);
+
+    test_bignum_mult("-5D88B669C417EDD02213723546A906B7E9DA7683780E9B54856A2147467ADA316F8819D69486FC8056FE1E8EA7DEC5D5EF12340B95C4FC966F4B348D35893620",
+                     "9AE7FBC99546432DF71896FC239EADAEF38D18D2B2F0E2DD275AA977E2BF4411F5A3B2A5D33605AEBBCCBA7FEB9F2D2FA74206CEC169D74BF5A8C50D6F48EA08",
+                     "-38990016EB21810E3B5E6AEE339AEE72BB7CD629C4C9270A3D832701A2949BC82B2BE5A7F900C0C9937464699862821976095187D646884E8FBF01DE8C3442F3BC97B670AF573EFB74A9BBEBE4432EE74B0A83BBCDF59485D332B1FF49EB461A3A8B12C38FD72C7772D75EC6EBA5633199540C47678BD2F4ADEEA40830C2F100",
+        2048);
+
+
+    /* 1 << 2050 * 0X1234 */
+    test_bignum_mult("400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+                     "1234",
+                     "48D000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+                     3072);
+
+    /* multiply a 1178 bit number by a 2050 bit number */
+    test_bignum_mult("AAAAAAAAAA75124938ABBECD0EEEEE333333333333333333333FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAAAAAAABBBBBBBBBBBBBBBBBBBB000000000000000000000000000000000004988A5293848932948872398400000000000FFFFFFFFFFF0000000000000EDFABC0204048975876873487387478327482374871327482347328742837483247283748234723874238",
+                     "390587293875124938ABBECD0EEEEE3333333333333333333333333333333399999888000AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBB00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000EDFABC0204048975876873487387478327482374871327482347328742837483247283748234723874238478327400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003012111111111111111100000000000000000000000111111111111111111111111",
+                     "02603AF70D0421C1AD82CE623F28F70B128118D06D00C27D433EC25BA86E6105C3890A0B1973B8BE068CA68E159A21078785DDB37F94216FBF4AEC939958AF4B8CEA2A48895CECA87562FC846EAAE0C866AF9D41EEABFB1D579F5828E9666A15E2AF946F16A189B5C645872FDCA247D309AB0BCAFB0D112881186FCFFEDC87061B4AE4A375E9BBCF579A7BC87A8EAC8C6F66E107986FC603F920F5E1A0FD8C619D88D90066FFFC8F4DB77437EBD7E3BD7E398C4C01F93426E347E039DCA7B0A73C0C90A9C4271BB761ADFF88971D190CE5DA98EFC5D7390D33BC034908AF81D784A4D7F32D0902E0C5DABC706635D5A28FC0E3A364EDEB21E8E117041D0E4B51CA6F9684F434057E7FCF2AF6BD050334B1D11E043B0967154E57354B681161D3C618974D5A7E0385755B80B931AE9B59DD4402BAEC206F04B8440741B3C4CA6D9F7DAF0AE6B3BF1B24B76C2F12B9E9A7C50D32E2093608FC9A30CBD852329E64A9AE0BC3F513899EBFA28629C1DF38081FB8C6630408F70D7B9A37701ABA4176C8B7DCB8CC78BD7783B861A7FC50862E75191DB8",
+                     4096);
+}
+
+static bool test_bignum_modexp(const char *z_str, const char *x_str, const char *y_str, const char *m_str, int ret_error)
+{
+    mbedtls_mpi Z, X, Y, M;
+    char z_buf[400] = { 0 };
+    size_t z_buf_len = 0;
+    bool fail = false;
+
+    printf("%s = (%s ^ %s) mod %s  ret=%d ... ", z_str, x_str, y_str, m_str, ret_error);
+
+    mbedtls_mpi_init(&Z);
+    mbedtls_mpi_init(&X);
+    mbedtls_mpi_init(&Y);
+    mbedtls_mpi_init(&M);
+
+    TEST_ASSERT_FALSE(mbedtls_mpi_read_string(&X, 16, x_str));
+    TEST_ASSERT_FALSE(mbedtls_mpi_read_string(&Y, 16, y_str));
+    TEST_ASSERT_FALSE(mbedtls_mpi_read_string(&M, 16, m_str));
+
+    //mbedtls_mpi_printf("X", &X);
+    //mbedtls_mpi_printf("X", &Y);
+    //mbedtls_mpi_printf("M", &M);
+
+    /* Z = (X ^ Y) mod M */
+    if (ret_error != mbedtls_mpi_exp_mod(&Z, &X, &Y, &M, NULL)) {
+        fail = true;
+    }
+    
+    if (ret_error == MBEDTLS_OK) {
+        mbedtls_mpi_write_string(&Z, 16, z_buf, sizeof(z_buf)-1, &z_buf_len);
+        if (memcmp(z_str, z_buf, strlen(z_str)) != 0) {
+            printf("\n Expected '%s' Was '%s' \n", z_str, z_buf);
+            fail = true;
+        }
+    }
+
+    mbedtls_mpi_free(&Z);
+    mbedtls_mpi_free(&X);
+    mbedtls_mpi_free(&Y);
+    mbedtls_mpi_free(&M);
+
+    if (fail == true) {
+        printf(" FAIL\n");
+    } else {
+        printf(" PASS\n");
+    }
+    return fail;
+}
+
+TEST_CASE("test MPI modexp", "[bignum]")
+{
+    bool test_error = false;
+    printf("Z = (X ^ Y) mod M \n");
+    // test_bignum_modexp(Z, X, Y, M, ret_error);
+    test_error |= test_bignum_modexp("01000000", "1000", "2", "FFFFFFFF", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("014B5A90", "1234", "2", "FFFFFFF", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("01234321", "1111", "2", "FFFFFFFF", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("02", "5", "1", "3", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("22", "55", "1", "33", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("0222", "555", "1", "333", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("2222", "5555", "1", "3333", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("11", "5555", "1", "33", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("55", "1111", "1", "77", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("88", "1111", "2", "BB", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("01000000", "2", "128", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("0ABCDEF12345", "ABCDEF12345", "1", "FFFFFFFFFFFF", MBEDTLS_OK);
+    test_error |= test_bignum_modexp("0ABCDE", "ABCDE", "1", "FFFFF", MBEDTLS_OK);
+
+    test_error |= test_bignum_modexp("04",  "2",  "2",  "9",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("04",  "2", "-2",  "9",  MBEDTLS_ERR_MPI_BAD_INPUT_DATA);
+    test_error |= test_bignum_modexp("04",  "2",  "2", "-9",  MBEDTLS_ERR_MPI_BAD_INPUT_DATA);
+    test_error |= test_bignum_modexp("04",  "2", "-2", "-9",  MBEDTLS_ERR_MPI_BAD_INPUT_DATA);
+
+    test_error |= test_bignum_modexp("01",  "2",  "0",  "9",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("04",  "2",  "0",  "0",  MBEDTLS_ERR_MPI_BAD_INPUT_DATA);
+    test_error |= test_bignum_modexp("04",  "2",  "2",  "0",  MBEDTLS_ERR_MPI_BAD_INPUT_DATA);
+    test_error |= test_bignum_modexp("00",  "0",  "2",  "9",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("01",  "0",  "0",  "9",  MBEDTLS_OK);
+
+    test_error |= test_bignum_modexp("04", "-2",  "2",  "9",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("01", "-2",  "0",  "9",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("07", "-2",  "7",  "9",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("07", "-2",  "1",  "9",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("02",  "2",  "1",  "9",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("01",  "2",  "0",  "9",  MBEDTLS_OK);
+
+    test_error |= test_bignum_modexp("05",  "5",  "7",  "7",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("02", "-5",  "7",  "7",  MBEDTLS_OK);
+    test_error |= test_bignum_modexp("01", "-5",  "7",  "3",  MBEDTLS_OK);
+
+    TEST_ASSERT_FALSE_MESSAGE(test_error, "mbedtls_mpi_exp_mod incorrect for some tests\n");
+}
+
diff --git a/components/mbedtls/test/test_mbedtls_sha.c b/components/mbedtls/test/test_mbedtls_sha.c
new file mode 100644
index 00000000..7b94e52c
--- /dev/null
+++ b/components/mbedtls/test/test_mbedtls_sha.c
@@ -0,0 +1,301 @@
+/* mbedTLS SHA unit tests
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <stdbool.h>
+#include <esp_system.h>
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/sha512.h"
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "freertos/semphr.h"
+#include "unity.h"
+#include "sdkconfig.h"
+#include "test_apb_dport_access.h"
+
+TEST_CASE("mbedtls SHA self-tests", "[mbedtls]")
+{
+    start_apb_access_loop();
+    TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha1_self_test(1), "SHA1 self-tests should pass.");
+    TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha256_self_test(1), "SHA256 self-tests should pass.");
+    TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha512_self_test(1), "SHA512 self-tests should pass.");
+    TEST_ASSERT_FALSE_MESSAGE(mbedtls_sha512_self_test(1), "SHA512 self-tests should pass.");
+    verify_apb_access_loop();
+}
+
+static const unsigned char *one_hundred_as = (unsigned char *)
+    "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
+
+static const unsigned char *one_hundred_bs =  (unsigned char *)
+    "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb";
+
+static const uint8_t sha256_thousand_as[32] = {
+    0x41, 0xed, 0xec, 0xe4, 0x2d, 0x63, 0xe8, 0xd9, 0xbf, 0x51, 0x5a, 0x9b, 0xa6, 0x93, 0x2e, 0x1c,
+    0x20, 0xcb, 0xc9, 0xf5, 0xa5, 0xd1, 0x34, 0x64, 0x5a, 0xdb, 0x5d, 0xb1, 0xb9, 0x73, 0x7e, 0xa3 };
+
+static const uint8_t sha256_thousand_bs[32] = {
+    0xf6, 0xf1, 0x18, 0xe1, 0x20, 0xe5, 0x2b, 0xe0, 0xbd, 0x0c, 0xfd, 0xf2, 0x79, 0x4c, 0xd1, 0x2c, 0x07, 0x68, 0x6c, 0xc8, 0x71, 0x23, 0x5a, 0xc2, 0xf1, 0x14, 0x59, 0x37, 0x8e, 0x6d, 0x23, 0x5b
+};
+
+static const uint8_t sha512_thousand_bs[64] = {
+    0xa6, 0x68, 0x68, 0xa3, 0x73, 0x53, 0x2a, 0x5c, 0xc3, 0x3f, 0xbf, 0x43, 0x4e, 0xba, 0x10, 0x86, 0xb3, 0x87, 0x09, 0xe9, 0x14, 0x3f, 0xbf, 0x37, 0x67, 0x8d, 0x43, 0xd9, 0x9b, 0x95, 0x08, 0xd5, 0x80, 0x2d, 0xbe, 0x9d, 0xe9, 0x1a, 0x54, 0xab, 0x9e, 0xbc, 0x8a, 0x08, 0xa0, 0x1a, 0x89, 0xd8, 0x72, 0x68, 0xdf, 0x52, 0x69, 0x7f, 0x1c, 0x70, 0xda, 0xe8, 0x3f, 0xe5, 0xae, 0x5a, 0xfc, 0x9d
+};
+
+static const uint8_t sha384_thousand_bs[48] = {
+    0x6d, 0xe5, 0xf5, 0x88, 0x57, 0x60, 0x83, 0xff, 0x7c, 0x94, 0x61, 0x5f, 0x8d, 0x96, 0xf2, 0x76, 0xd5, 0x3f, 0x77, 0x0c, 0x8e, 0xc1, 0xbf, 0xb6, 0x04, 0x27, 0xa4, 0xba, 0xea, 0x6c, 0x68, 0x44, 0xbd, 0xb0, 0x9c, 0xef, 0x6a, 0x09, 0x28, 0xe8, 0x1f, 0xfc, 0x95, 0x03, 0x69, 0x99, 0xab, 0x1a
+};
+
+static const uint8_t sha1_thousand_as[20] = {
+    0x29, 0x1e, 0x9a, 0x6c, 0x66, 0x99, 0x49, 0x49, 0xb5, 0x7b, 0xa5,
+    0xe6, 0x50, 0x36, 0x1e, 0x98, 0xfc, 0x36, 0xb1, 0xba };
+
+TEST_CASE("mbedtls SHA interleaving", "[mbedtls]")
+{
+    mbedtls_sha1_context sha1_ctx;
+    mbedtls_sha256_context sha256_ctx;
+    mbedtls_sha512_context sha512_ctx;
+    unsigned char sha1[20], sha256[32], sha512[64];
+
+    mbedtls_sha1_init(&sha1_ctx);
+    mbedtls_sha256_init(&sha256_ctx);
+    mbedtls_sha512_init(&sha512_ctx);
+
+    TEST_ASSERT_EQUAL(0, mbedtls_sha1_starts_ret(&sha1_ctx));
+    TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false));
+    TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts_ret(&sha512_ctx, false));
+
+    for (int i = 0; i < 10; i++) {
+        TEST_ASSERT_EQUAL(0, mbedtls_sha1_update_ret(&sha1_ctx, one_hundred_as, 100));
+        TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, one_hundred_as, 100));
+        TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&sha512_ctx, one_hundred_bs, 100));
+    }
+
+    TEST_ASSERT_EQUAL(0, mbedtls_sha1_finish_ret(&sha1_ctx, sha1));
+    TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256));
+    TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&sha512_ctx, sha512));
+
+    TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_thousand_bs, sha512, 64, "SHA512 calculation");
+    TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_as, sha256, 32, "SHA256 calculation");
+    TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha1_thousand_as, sha1, 20, "SHA1 calculation");
+}
+
+static xSemaphoreHandle done_sem;
+static void tskRunSHA1Test(void *pvParameters)
+{
+    mbedtls_sha1_context sha1_ctx;
+    unsigned char sha1[20];
+
+    for (int i = 0; i < 1000; i++) {
+        mbedtls_sha1_init(&sha1_ctx);
+        TEST_ASSERT_EQUAL(0, mbedtls_sha1_starts_ret(&sha1_ctx));
+        for (int j = 0; j < 10; j++) {
+            TEST_ASSERT_EQUAL(0, mbedtls_sha1_update_ret(&sha1_ctx, (unsigned char *)one_hundred_as, 100));
+        }
+        TEST_ASSERT_EQUAL(0, mbedtls_sha1_finish_ret(&sha1_ctx, sha1));
+        TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha1_thousand_as, sha1, 20, "SHA1 calculation");
+    }
+    xSemaphoreGive(done_sem);
+    vTaskDelete(NULL);
+}
+
+static void tskRunSHA256Test(void *pvParameters)
+{
+    mbedtls_sha256_context sha256_ctx;
+    unsigned char sha256[32];
+
+    for (int i = 0; i < 1000; i++) {
+        mbedtls_sha256_init(&sha256_ctx);
+        TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false));
+        for (int j = 0; j < 10; j++) {
+            TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, (unsigned char *)one_hundred_bs, 100));
+        }
+        TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256));
+
+        TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_bs, sha256, 32, "SHA256 calculation");
+    }
+    xSemaphoreGive(done_sem);
+    vTaskDelete(NULL);
+}
+
+#define SHA_TASK_STACK_SIZE (10*1024)
+
+TEST_CASE("mbedtls SHA multithreading", "[mbedtls]")
+{
+    done_sem = xSemaphoreCreateCounting(4, 0);
+    xTaskCreate(tskRunSHA1Test, "SHA1Task1", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
+    xTaskCreate(tskRunSHA1Test, "SHA1Task2", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
+    xTaskCreate(tskRunSHA256Test, "SHA256Task1", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
+    xTaskCreate(tskRunSHA256Test, "SHA256Task2", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
+
+    for(int i = 0; i < 4; i++) {
+        if(!xSemaphoreTake(done_sem, 10000/portTICK_PERIOD_MS)) {
+            TEST_FAIL_MESSAGE("done_sem not released by test task");
+        }
+    }
+    vSemaphoreDelete(done_sem);
+}
+
+void tskRunSHASelftests(void *param)
+{
+    for (int i = 0; i < 5; i++) {
+        if(mbedtls_sha1_self_test(1)) {
+            printf("SHA1 self-tests failed.\n");
+            while(1) {}
+        }
+
+        if(mbedtls_sha256_self_test(1)) {
+            printf("SHA256 self-tests failed.\n");
+            while(1) {}
+        }
+
+        if(mbedtls_sha512_self_test(1)) {
+            printf("SHA512 self-tests failed.\n");
+            while(1) {}
+        }
+
+        if(mbedtls_sha512_self_test(1)) {
+            printf("SHA512 self-tests failed.\n");
+            while(1) {}
+        }
+    }
+    xSemaphoreGive(done_sem);
+    vTaskDelete(NULL);
+}
+
+TEST_CASE("mbedtls SHA self-tests multithreaded", "[mbedtls]")
+{
+    done_sem = xSemaphoreCreateCounting(2, 0);
+    xTaskCreate(tskRunSHASelftests, "SHASelftests1", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
+    xTaskCreate(tskRunSHASelftests, "SHASelftests2", SHA_TASK_STACK_SIZE, NULL, 3, NULL);
+
+    const int TIMEOUT_MS = 20000;
+
+    for(int i = 0; i < 2; i++) {
+        if(!xSemaphoreTake(done_sem, TIMEOUT_MS/portTICK_PERIOD_MS)) {
+            TEST_FAIL_MESSAGE("done_sem not released by test task");
+        }
+    }
+    vSemaphoreDelete(done_sem);
+}
+
+TEST_CASE("mbedtls SHA512 clone", "[mbedtls]")
+{
+    mbedtls_sha512_context ctx;
+    mbedtls_sha512_context clone;
+    unsigned char sha512[64];
+
+    mbedtls_sha512_init(&ctx);
+    TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts_ret(&ctx, false));
+    for (int i = 0; i < 5; i++) {
+        TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&ctx, one_hundred_bs, 100));
+    }
+
+    mbedtls_sha512_clone(&clone, &ctx);
+    for (int i = 0; i < 5; i++) {
+        TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&ctx, one_hundred_bs, 100));
+        TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&clone, one_hundred_bs, 100));
+    }
+    TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&ctx, sha512));
+
+    TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_thousand_bs, sha512, 64, "SHA512 original calculation");
+
+    TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&clone, sha512));
+    TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_thousand_bs, sha512, 64, "SHA512 cloned calculation");
+}
+
+TEST_CASE("mbedtls SHA384 clone", "[mbedtls]")
+{
+    mbedtls_sha512_context ctx;
+    mbedtls_sha512_context clone;
+    unsigned char sha384[48];
+
+    mbedtls_sha512_init(&ctx);
+    TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts_ret(&ctx, true));
+    for (int i = 0; i < 5; i++) {
+        TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&ctx, one_hundred_bs, 100));
+    }
+
+    mbedtls_sha512_clone(&clone, &ctx);
+    for (int i = 0; i < 5; i++) {
+        TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&ctx, one_hundred_bs, 100));
+        TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&clone, one_hundred_bs, 100));
+    }
+    TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&ctx, sha384));
+
+    TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha384_thousand_bs, sha384, 48, "SHA512 original calculation");
+
+    TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&clone, sha384));
+    TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha384_thousand_bs, sha384, 48, "SHA512 cloned calculation");
+}
+
+
+TEST_CASE("mbedtls SHA256 clone", "[mbedtls]")
+{
+    mbedtls_sha256_context ctx;
+    mbedtls_sha256_context clone;
+    unsigned char sha256[64];
+
+    mbedtls_sha256_init(&ctx);
+    TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&ctx, false));
+    for (int i = 0; i < 5; i++) {
+        TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&ctx, one_hundred_as, 100));
+    }
+
+    mbedtls_sha256_clone(&clone, &ctx);
+    for (int i = 0; i < 5; i++) {
+        TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&ctx, one_hundred_as, 100));
+        TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&clone, one_hundred_as, 100));
+    }
+    TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&ctx, sha256));
+
+    TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_as, sha256, 32, "SHA256 original calculation");
+
+    TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&clone, sha256));
+    TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_as, sha256, 32, "SHA256 cloned calculation");
+}
+
+typedef struct {
+    mbedtls_sha256_context ctx;
+    uint8_t result[32];
+    int ret;
+    bool done;
+} finalise_sha_param_t;
+
+static void tskFinaliseSha(void *v_param)
+{
+    finalise_sha_param_t *param = (finalise_sha_param_t *)v_param;
+
+    for (int i = 0; i < 5; i++) {
+        TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&param->ctx, one_hundred_as, 100));
+    }
+
+    param->ret = mbedtls_sha256_finish_ret(&param->ctx, param->result);
+    param->done = true;
+    vTaskDelete(NULL);
+}
+
+TEST_CASE("mbedtls SHA session passed between tasks" , "[mbedtls]")
+{
+    finalise_sha_param_t param = { 0 };
+
+    mbedtls_sha256_init(&param.ctx);
+    TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&param.ctx, false));
+    for (int i = 0; i < 5; i++) {
+        TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&param.ctx, one_hundred_as, 100));
+    }
+
+    // pass the SHA context off to a different task
+    //
+    // note: at the moment this doesn't crash even if a mutex semaphore is used as the
+    // engine lock, but it can crash...
+    xTaskCreate(tskFinaliseSha, "SHAFinalise", SHA_TASK_STACK_SIZE, &param, 3, NULL);
+
+    while (!param.done) {
+        vTaskDelay(1);
+    }
+
+    TEST_ASSERT_EQUAL(0, param.ret);
+    TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_as, param.result, 32, "SHA256 result from other task");
+}
diff --git a/components/mbedtls/test/test_rsa.c b/components/mbedtls/test/test_rsa.c
new file mode 100644
index 00000000..df6d8f23
--- /dev/null
+++ b/components/mbedtls/test/test_rsa.c
@@ -0,0 +1,240 @@
+/* mbedTLS RSA functionality tests
+
+   Focus on testing functionality where we use ESP32 hardware
+   accelerated crypto features.
+
+*/
+#include <string.h>
+#include <stdio.h>
+#include <stdbool.h>
+#include <esp_system.h>
+#include "mbedtls/rsa.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/x509_crt.h"
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "freertos/semphr.h"
+#include "unity.h"
+#include "sdkconfig.h"
+
+/* Taken from openssl s_client -connect api.gigafive.com:443 -showcerts
+ */
+static const char *rsa4096_cert = "-----BEGIN CERTIFICATE-----\n"\
+    "MIIExzCCA6+gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBkjELMAkGA1UEBhMCVVMx\n"\
+    "CzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTElMCMGA1UECgwcR2ln\n"\
+    "YWZpdmUgVGVjaG5vbG9neSBQYXJ0bmVyczEZMBcGA1UEAwwQR2lnYWZpdmUgUm9v\n"\
+    "dCBDQTEeMBwGCSqGSIb3DQEJARYPY2FAZ2lnYWZpdmUuY29tMB4XDTE2MDgyNzE2\n"\
+    "NDYyM1oXDTI2MDgyNTE2NDYyM1owgZcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJD\n"\
+    "QTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExKTAnBgNVBAoMIEdpZ2FmaXZlIFRlY2hu\n"\
+    "b2xvZ3kgUGFydG5lcnMgTExDMRkwFwYDVQQDDBBhcGkuZ2lnYWZpdmUuY29tMR8w\n"\
+    "HQYJKoZIhvcNAQkBFhBjcmxAZ2lnYWZpdmUuY29tMIICIjANBgkqhkiG9w0BAQEF\n"\
+    "AAOCAg8AMIICCgKCAgEAof82VrEpXMpsI/ddW6RLeTeSYtxiXZZkRbDKN6otYgEk\n"\
+    "vA8yRbzei2cO2A/8+Erhe9beYLAMXWF+bjoUAFwnuIcbmufgHprOYzX/7CYXCsrH\n"\
+    "LrJfVF6kvjCXy2W3xSvgh8ZgHNWnBGzl13tq19Fz8x0AhK5GQ9608oJCbnQjpVSI\n"\
+    "lZDl3JVOifCeXf2c7nMhVOC/reTeto0Gbchs8Ox50WyojmfYbVjOQcA7f8p1eI+D\n"\
+    "XUJK01cUGVu6/KarVArGHh5LsiyXOadbyeyOXPmjyrgarG3IIBeQSNECfJZPc/OW\n"\
+    "lFszjU4YLDckI4x+tReiuFQbQPN5sDplcEldmZZm/8XD36ddvAaDds+SYlPXxDK7\n"\
+    "7L8RBVUG2Ylc9YZf7RE6IMDmdQmsCZDX0VxySYEmzv5lnAx4mzzaXcgS+kHMOLyK\n"\
+    "n9UxmpzwQoqqC9tMZqwRaeKW1njR1dSwQLqirBPfGCWKkpkpm7C3HEfeeLrasral\n"\
+    "aPf6LAwN3A4ZKHa5Jmne7W+1eYS1aTXOAOLIPcXRAh1B80H+SusIdM9d6vk2YTIg\n"\
+    "khwGQV3sgM6nIO5+T/8z141UEjWbtP7pb/u0+G9Cg7TwvRoO2UukxdvOwNto1G2e\n"\
+    "J3rKB/JSYsYWnPHvvh9XR+55PZ4iCf9Rqw/IP82uyGipR9gxlHqN8WhMTj9tNEkC\n"\
+    "AwEAAaMhMB8wHQYDVR0OBBYEFISCemcSriz1HFhRXluw9H+Bv9lEMA0GCSqGSIb3\n"\
+    "DQEBCwUAA4IBAQCMetK0xe6Y/uZpb1ARh+hHYcHI3xI+IG4opWJeoB1gDh/xpNAW\n"\
+    "j6t5MGbLoqNMBXbqL26hnKVspyvCxw7ebI5ZJgjtbrD1t+0D8yrgIZzr7AWGA9Hj\n"\
+    "WIHqDHGDxwkmfjVVPmuO3l5RtJmL6KV6kVL2bOvVI6gECpFLddmOTtg+iXDfSw3x\n"\
+    "0+ueMYKr8QLF+TCxfzQTHvTHvOJtcZHecc1n7PYbRmI2p7tV6RoBpV69oM6NAVUV\n"\
+    "i2QoSxm0pYzDzavOaxwhEPHT34Tpg6fwXy1QokFD9OtxRFtdpTjL3bMWpatZE+ba\n"\
+    "cjvvf0utMW5fNjTTxu1nnpuxZM3ifTCqZJ+9\n"\
+    "-----END CERTIFICATE-----\n";
+
+/* Root cert from openssl s_client -connect google.com:443 -showcerts
+ */
+static const char *rsa2048_cert = "-----BEGIN CERTIFICATE-----\n"\
+    "MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT\n"\
+    "MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0\n"\
+    "aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw\n"\
+    "WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE\n"\
+    "AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n"\
+    "CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m\n"\
+    "OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu\n"\
+    "T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c\n"\
+    "JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR\n"\
+    "Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz\n"\
+    "PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm\n"\
+    "aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM\n"\
+    "TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g\n"\
+    "LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO\n"\
+    "BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv\n"\
+    "dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB\n"\
+    "AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL\n"\
+    "NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W\n"\
+    "b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S\n"\
+    "-----END CERTIFICATE-----\n";
+
+/* Some random input bytes to public key encrypt */
+static const uint8_t pki_input[4096/8] = {
+    0, 1, 4, 6, 7, 9, 33, 103, 49, 11, 56, 211, 67, 92 };
+
+/* Result of an RSA4096 operation using cert's public key
+   (raw PKI, no padding/etc) */
+static const uint8_t pki_rsa4096_output[] = {
+    0x91, 0x87, 0xcd, 0x04, 0x80, 0x7c, 0x8b, 0x0b,
+    0x0c, 0xc0, 0x38, 0x37, 0x7a, 0xe3, 0x2c, 0x94,
+    0xea, 0xc4, 0xcb, 0x83, 0x2c, 0x77, 0x71, 0x14,
+    0x11, 0x85, 0x16, 0x61, 0xd3, 0x64, 0x2a, 0x0f,
+    0xf9, 0x6b, 0x45, 0x04, 0x66, 0x5d, 0x15, 0xf1,
+    0xcf, 0x69, 0x77, 0x90, 0xb9, 0x41, 0x68, 0xa9,
+    0xa6, 0xfd, 0x94, 0xdc, 0x6a, 0xce, 0xc7, 0xb6,
+    0x41, 0xd9, 0x44, 0x3c, 0x02, 0xb6, 0xc7, 0x26,
+    0xce, 0xec, 0x66, 0x21, 0xa8, 0xe8, 0xf4, 0xa9,
+    0x33, 0x4a, 0x6c, 0x28, 0x0f, 0x50, 0x30, 0x32,
+    0x28, 0x00, 0xbb, 0x2c, 0xc3, 0x44, 0x72, 0x31,
+    0x93, 0xd4, 0xde, 0x29, 0x6b, 0xfa, 0x31, 0xfd,
+    0x3a, 0x05, 0xc6, 0xb1, 0x28, 0x43, 0x57, 0x20,
+    0xf7, 0xf8, 0x13, 0x0c, 0x4a, 0x80, 0x00, 0xab,
+    0x1f, 0xe8, 0x88, 0xad, 0x56, 0xf2, 0xda, 0x5a,
+    0x50, 0xe9, 0x02, 0x09, 0x21, 0x2a, 0xfc, 0x82,
+    0x68, 0x34, 0xf9, 0x04, 0xa3, 0x25, 0xe1, 0x0f,
+    0xa8, 0x77, 0x29, 0x94, 0xb6, 0x9d, 0x5a, 0x08,
+    0x33, 0x8d, 0x27, 0x6a, 0xc0, 0x3b, 0xad, 0x91,
+    0x8a, 0x83, 0xa9, 0x2e, 0x48, 0xcd, 0x67, 0xa3,
+    0x3a, 0x35, 0x41, 0x85, 0xfa, 0x3f, 0x61, 0x1f,
+    0x80, 0xeb, 0xcd, 0x5a, 0xc5, 0x14, 0x7b, 0xab,
+    0x9c, 0x45, 0x11, 0xd2, 0x25, 0x9a, 0x16, 0xeb,
+    0x9c, 0xfa, 0xbe, 0x73, 0x18, 0xbd, 0x25, 0x8e,
+    0x99, 0x6d, 0xb3, 0xbc, 0xac, 0x2d, 0xa2, 0x53,
+    0xe8, 0x7c, 0x38, 0x1b, 0x7a, 0x75, 0xff, 0x76,
+    0x4f, 0x48, 0x5b, 0x39, 0x20, 0x5a, 0x7b, 0x82,
+    0xd3, 0x33, 0x33, 0x2a, 0xab, 0x6a, 0x7a, 0x42,
+    0x1d, 0x1f, 0xd1, 0x61, 0x58, 0xd7, 0x38, 0x52,
+    0xdf, 0xb0, 0x61, 0x98, 0x63, 0xb7, 0xa1, 0x4e,
+    0xdb, 0x9b, 0xcb, 0xb7, 0x85, 0xc4, 0x3e, 0x03,
+    0xe5, 0x59, 0x50, 0x28, 0x5a, 0x4d, 0x7f, 0x53,
+    0x2e, 0x99, 0x1d, 0x6d, 0x85, 0x27, 0x78, 0x34,
+    0x5e, 0xae, 0xc9, 0x1b, 0x37, 0x96, 0xde, 0x40,
+    0x87, 0x35, 0x3c, 0x1f, 0xe0, 0x8f, 0xfb, 0x3a,
+    0x58, 0x0e, 0x60, 0xe9, 0x06, 0xbd, 0x83, 0x03,
+    0x92, 0xde, 0x5e, 0x69, 0x28, 0xb1, 0x00, 0xeb,
+    0x44, 0xca, 0x3c, 0x49, 0x03, 0x10, 0xa8, 0x84,
+    0xa6, 0xbb, 0xd5, 0xda, 0x98, 0x8c, 0x6f, 0xa3,
+    0x0f, 0x39, 0xf3, 0xa7, 0x7d, 0xd5, 0x3b, 0xe2,
+    0x85, 0x12, 0xda, 0xa4, 0x4d, 0x80, 0x97, 0xcb,
+    0x11, 0xe0, 0x89, 0x90, 0xff, 0x5b, 0x72, 0x19,
+    0x59, 0xd1, 0x39, 0x23, 0x9f, 0xb0, 0x00, 0xe2,
+    0x45, 0x72, 0xc6, 0x9a, 0xbc, 0xe1, 0xd1, 0x51,
+    0x6b, 0x35, 0xd2, 0x49, 0xbf, 0xb6, 0xfe, 0xab,
+    0x09, 0xf7, 0x9d, 0xa4, 0x6e, 0x69, 0xb6, 0xf9,
+    0xde, 0xe3, 0x57, 0x0c, 0x1a, 0x96, 0xf1, 0xcc,
+    0x1c, 0x92, 0xdb, 0x44, 0xf4, 0x45, 0xfa, 0x8f,
+    0x87, 0xcf, 0xf4, 0xd2, 0xa1, 0xf8, 0x69, 0x18,
+    0xcf, 0xdc, 0xa0, 0x1f, 0xb0, 0x26, 0xad, 0x81,
+    0xab, 0xdf, 0x78, 0x18, 0xa2, 0x74, 0xba, 0x2f,
+    0xec, 0x70, 0xa2, 0x1f, 0x56, 0xee, 0xff, 0xc9,
+    0xfe, 0xb1, 0xe1, 0x9b, 0xea, 0x0e, 0x33, 0x14,
+    0x5f, 0x6e, 0xca, 0xee, 0x02, 0x56, 0x5a, 0x67,
+    0x42, 0x9a, 0xbf, 0x55, 0xc0, 0x0f, 0x8e, 0x01,
+    0x67, 0x63, 0x6e, 0xd1, 0x57, 0xf7, 0xf1, 0xc6,
+    0x92, 0x9e, 0xb5, 0x45, 0xe1, 0x50, 0x58, 0x94,
+    0x20, 0x90, 0x6a, 0x29, 0x2d, 0x4b, 0xd1, 0xb5,
+    0x68, 0x63, 0xb5, 0xe6, 0xd8, 0x6e, 0x84, 0x80,
+    0xad, 0xe6, 0x03, 0x1e, 0x51, 0xc2, 0xa8, 0x6d,
+    0x84, 0xec, 0x2d, 0x7c, 0x61, 0x02, 0xd1, 0xda,
+    0xf5, 0x94, 0xfa, 0x2d, 0xa6, 0xed, 0x89, 0x6a,
+    0x6a, 0xda, 0x07, 0x5d, 0x83, 0xfc, 0x43, 0x76,
+    0x7c, 0xca, 0x8c, 0x00, 0xfc, 0xb9, 0x2c, 0x23,
+};
+
+static const uint8_t pki_rsa2048_output[] = {
+    0x47, 0x0b, 0xe5, 0x8a, 0xcd, 0x2f, 0x78, 0x07,
+    0x69, 0x69, 0x70, 0xff, 0x81, 0xdf, 0x96, 0xf0,
+    0xed, 0x82, 0x3a, 0x3d, 0x46, 0xab, 0xe9, 0xc3,
+    0xb5, 0xd9, 0xca, 0xa2, 0x05, 0xa9, 0xf6, 0x6e,
+    0xad, 0x6c, 0xe0, 0xd1, 0xa2, 0xb4, 0xf2, 0x78,
+    0x4a, 0x93, 0xfc, 0x45, 0xe1, 0x9b, 0xdd, 0x62,
+    0xf9, 0x66, 0x2a, 0x14, 0x38, 0x12, 0xb6, 0x50,
+    0x0b, 0xe3, 0x53, 0x9c, 0x12, 0x56, 0xf1, 0xb7,
+    0x83, 0xd5, 0xf3, 0x24, 0x81, 0xcc, 0x5a, 0xeb,
+    0xec, 0xac, 0x68, 0xa8, 0x0c, 0xd7, 0x84, 0x7a,
+    0xbb, 0x77, 0x7b, 0xd5, 0x5b, 0xcf, 0x7b, 0x25,
+    0xd0, 0x75, 0x80, 0x21, 0x12, 0x97, 0x6b, 0xe1,
+    0xb6, 0x51, 0x12, 0x52, 0x6e, 0x01, 0x92, 0xb7,
+    0xcc, 0x70, 0x4b, 0x46, 0x11, 0x98, 0x5a, 0x84,
+    0x1c, 0x90, 0x45, 0x0f, 0x15, 0x77, 0xdb, 0x79,
+    0xe8, 0xff, 0x1f, 0xaa, 0x58, 0x95, 0xce, 0x3c,
+    0x65, 0x0c, 0x66, 0x29, 0xe1, 0x9c, 0x41, 0xbb,
+    0xde, 0x65, 0xb8, 0x29, 0x36, 0x94, 0xbd, 0x87,
+    0x93, 0x39, 0xc5, 0xeb, 0x49, 0x21, 0xc1, 0xeb,
+    0x48, 0xbd, 0x19, 0x13, 0x4d, 0x40, 0x90, 0x88,
+    0xc6, 0x12, 0xd9, 0xf7, 0xdd, 0xc8, 0x4f, 0x89,
+    0xc0, 0x91, 0xf8, 0xeb, 0xcf, 0xe3, 0x12, 0x17,
+    0x88, 0x9c, 0x88, 0xf4, 0xf5, 0xae, 0xf4, 0x15,
+    0xfe, 0x17, 0xf6, 0xa4, 0x74, 0x49, 0x02, 0x05,
+    0x11, 0x3b, 0x92, 0x25, 0x39, 0x2c, 0x4b, 0x08,
+    0x19, 0x76, 0x13, 0x8d, 0xf9, 0xda, 0xae, 0xdf,
+    0x30, 0xda, 0xcc, 0xbb, 0x3f, 0xb9, 0xb0, 0xd6,
+    0x5c, 0x78, 0x4b, 0x2b, 0x35, 0x51, 0x17, 0x48,
+    0xf5, 0xd4, 0x39, 0x7e, 0x05, 0x83, 0x68, 0x86,
+    0x44, 0x5f, 0x56, 0x1d, 0x2c, 0x53, 0xd3, 0x64,
+    0x3a, 0xb2, 0x0c, 0x4a, 0x85, 0xd6, 0x5b, 0x7e,
+    0xf9, 0xe9, 0x50, 0x29, 0x5d, 0x4f, 0xcc, 0xc9,
+};
+
+_Static_assert(sizeof(pki_rsa2048_output) == 2048/8, "rsa2048 output is wrong size");
+_Static_assert(sizeof(pki_rsa4096_output) == 4096/8, "rsa4096 output is wrong size");
+
+static void test_cert(const char *cert, const uint8_t *expected_output, size_t output_len);
+
+TEST_CASE("mbedtls RSA4096 cert", "[mbedtls]")
+{
+
+    test_cert(rsa4096_cert, pki_rsa4096_output, 4096/8);
+}
+
+TEST_CASE("mbedtls RSA2048 cert", "[mbedtls]")
+{
+    test_cert(rsa2048_cert, pki_rsa2048_output, 2048/8);
+}
+
+static void test_cert(const char *cert, const uint8_t *expected_output, size_t output_len)
+{
+    mbedtls_x509_crt crt;
+    mbedtls_rsa_context *rsa;
+    char buf[output_len];
+
+    bzero(buf, output_len);
+
+    mbedtls_x509_crt_init(&crt);
+
+    TEST_ASSERT_EQUAL_HEX16_MESSAGE(0,
+                                    -mbedtls_x509_crt_parse(&crt,
+                                                            (const uint8_t *)cert,
+                                                            strlen(cert)+1),
+                                    "parse cert");
+
+    rsa = mbedtls_pk_rsa(crt.pk);
+    TEST_ASSERT_NOT_NULL(rsa);
+
+    TEST_ASSERT_EQUAL_HEX16_MESSAGE(0,
+                                    -mbedtls_rsa_check_pubkey(rsa),
+                                    "check cert pubkey");
+
+    mbedtls_x509_crt_info(buf, sizeof(buf), "", &crt);
+    puts(buf);
+
+    TEST_ASSERT_EQUAL_HEX16_MESSAGE(0,
+                                    -mbedtls_rsa_public(rsa, pki_input, (uint8_t *)buf),
+                                    "RSA PK operation");
+
+    /*
+    // Dump buffer for debugging
+    for(int i = 0; i < output_len; i++) {
+        printf("0x%02x, ", buf[i]);
+    }
+    printf("\n");
+    */
+
+    TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_output, buf, output_len);
+
+    mbedtls_x509_crt_free(&crt);
+}
diff --git a/components/openssl/CMakeLists.txt b/components/openssl/CMakeLists.txt
new file mode 100644
index 00000000..bba4006f
--- /dev/null
+++ b/components/openssl/CMakeLists.txt
@@ -0,0 +1,11 @@
+idf_component_register(SRCS "library/ssl_cert.c"
+                            "library/ssl_lib.c"
+                            "library/ssl_methods.c"
+                            "library/ssl_pkey.c"
+                            "library/ssl_stack.c"
+                            "library/ssl_x509.c"
+                            "platform/ssl_pm.c"
+                            "platform/ssl_port.c"
+                    REQUIRES mbedtls
+                    INCLUDE_DIRS include
+                    PRIV_INCLUDE_DIRS include/internal include/platform include/openssl)
diff --git a/components/openssl/Kconfig b/components/openssl/Kconfig
new file mode 100644
index 00000000..0df49080
--- /dev/null
+++ b/components/openssl/Kconfig
@@ -0,0 +1,72 @@
+menu "OpenSSL"
+
+    config OPENSSL_DEBUG
+        bool "Enable OpenSSL debugging"
+        default n
+        help
+            Enable OpenSSL debugging function.
+
+            If the option is enabled, "SSL_DEBUG" works.
+
+    config OPENSSL_DEBUG_LEVEL
+        int "OpenSSL debugging level"
+        default 0
+        range 0 255
+        depends on OPENSSL_DEBUG
+        help
+            OpenSSL debugging level.
+
+            Only function whose debugging level is higher than "OPENSSL_DEBUG_LEVEL" works.
+
+            For example:
+            If OPENSSL_DEBUG_LEVEL = 2, you use function "SSL_DEBUG(1, "malloc failed")". Because 1 < 2, it will not
+            print.
+
+    config OPENSSL_LOWLEVEL_DEBUG
+        bool "Enable OpenSSL low-level module debugging"
+        default n
+        depends on OPENSSL_DEBUG
+        select MBEDTLS_DEBUG
+        help
+            If the option is enabled, low-level module debugging function of OpenSSL is enabled, e.g. mbedtls internal
+            debugging function.
+
+    choice OPENSSL_ASSERT
+        prompt "Select OpenSSL assert function"
+        default CONFIG_OPENSSL_ASSERT_EXIT
+        help
+            OpenSSL function needs "assert" function to check if input parameters are valid.
+
+            If you want to use assert debugging function, "OPENSSL_DEBUG" should be enabled.
+
+        config OPENSSL_ASSERT_DO_NOTHING
+            bool "Do nothing"
+            help
+                Do nothing and "SSL_ASSERT" does not work.
+
+        config OPENSSL_ASSERT_EXIT
+            bool "Check and exit"
+            help
+                Enable assert exiting, it will check and return error code.
+
+        config OPENSSL_ASSERT_DEBUG
+            bool "Show debugging message"
+            depends on OPENSSL_DEBUG
+            help
+                Enable assert debugging, it will check and show debugging message.
+
+        config OPENSSL_ASSERT_DEBUG_EXIT
+            bool "Show debugging message and exit"
+            depends on OPENSSL_DEBUG
+            help
+                Enable assert debugging and exiting, it will check, show debugging message and return error code.
+
+        config OPENSSL_ASSERT_DEBUG_BLOCK
+            bool "Show debugging message and block"
+            depends on OPENSSL_DEBUG
+            help
+                Enable assert debugging and blocking, it will check, show debugging message and block by "while (1);".
+
+    endchoice
+
+endmenu
diff --git a/components/ssl/mbedtls/port/openssl/OpenSSL-APIs.rst b/components/openssl/OpenSSL-APIs.rst
similarity index 100%
rename from components/ssl/mbedtls/port/openssl/OpenSSL-APIs.rst
rename to components/openssl/OpenSSL-APIs.rst
diff --git a/components/openssl/component.mk b/components/openssl/component.mk
new file mode 100644
index 00000000..be40549d
--- /dev/null
+++ b/components/openssl/component.mk
@@ -0,0 +1,9 @@
+#
+# Component Makefile
+#
+
+COMPONENT_ADD_INCLUDEDIRS := include
+COMPONENT_PRIV_INCLUDEDIRS := include/internal include/platform include/openssl
+
+COMPONENT_SRCDIRS := library platform
+
diff --git a/components/ssl/mbedtls/port/openssl/include/internal/ssl3.h b/components/openssl/include/internal/ssl3.h
similarity index 100%
rename from components/ssl/mbedtls/port/openssl/include/internal/ssl3.h
rename to components/openssl/include/internal/ssl3.h
diff --git a/components/ssl/mbedtls/port/openssl/include/internal/ssl_cert.h b/components/openssl/include/internal/ssl_cert.h
similarity index 100%
rename from components/ssl/mbedtls/port/openssl/include/internal/ssl_cert.h
rename to components/openssl/include/internal/ssl_cert.h
diff --git a/components/ssl/mbedtls/port/openssl/include/internal/ssl_code.h b/components/openssl/include/internal/ssl_code.h
similarity index 100%
rename from components/ssl/mbedtls/port/openssl/include/internal/ssl_code.h
rename to components/openssl/include/internal/ssl_code.h
diff --git a/components/ssl/mbedtls/port/openssl/include/internal/ssl_dbg.h b/components/openssl/include/internal/ssl_dbg.h
similarity index 99%
rename from components/ssl/mbedtls/port/openssl/include/internal/ssl_dbg.h
rename to components/openssl/include/internal/ssl_dbg.h
index e3e1b144..12ba25f9 100644
--- a/components/ssl/mbedtls/port/openssl/include/internal/ssl_dbg.h
+++ b/components/openssl/include/internal/ssl_dbg.h
@@ -17,7 +17,6 @@
 
 #include "platform/ssl_opt.h"
 #include "platform/ssl_port.h"
-#include "sdkconfig.h"
 
 #ifdef __cplusplus
  extern "C" {
diff --git a/components/ssl/mbedtls/port/openssl/include/internal/ssl_lib.h b/components/openssl/include/internal/ssl_lib.h
similarity index 100%
rename from components/ssl/mbedtls/port/openssl/include/internal/ssl_lib.h
rename to components/openssl/include/internal/ssl_lib.h
diff --git a/components/ssl/mbedtls/port/openssl/include/internal/ssl_methods.h b/components/openssl/include/internal/ssl_methods.h
similarity index 85%
rename from components/ssl/mbedtls/port/openssl/include/internal/ssl_methods.h
rename to components/openssl/include/internal/ssl_methods.h
index 3ba6a63a..17cf9bb6 100644
--- a/components/ssl/mbedtls/port/openssl/include/internal/ssl_methods.h
+++ b/components/openssl/include/internal/ssl_methods.h
@@ -28,10 +28,11 @@
                     new, free, \
                     handshake, shutdown, clear, \
                     read, send, pending, \
-                    set_fd, get_fd, \
+                    set_fd, set_hostname, get_fd,	\
+                    set_bufflen, \
                     get_verify_result, \
                     get_state) \
-        static const SSL_METHOD_FUNC func_name = { \
+        static const SSL_METHOD_FUNC func_name LOCAL_ATRR = { \
                 new, \
                 free, \
                 handshake, \
@@ -41,14 +42,16 @@
                 send, \
                 pending, \
                 set_fd, \
+		set_hostname, \
                 get_fd, \
+                set_bufflen, \
                 get_verify_result, \
                 get_state \
         };
 
 #define IMPLEMENT_TLS_METHOD(ver, mode, fun, func_name) \
     const SSL_METHOD* func_name(void) { \
-        static const SSL_METHOD func_name##_data = { \
+        static const SSL_METHOD func_name##_data LOCAL_ATRR = { \
                 ver, \
                 mode, \
                 &(fun), \
@@ -58,7 +61,7 @@
 
 #define IMPLEMENT_SSL_METHOD(ver, mode, fun, func_name) \
     const SSL_METHOD* func_name(void) { \
-        static const SSL_METHOD func_name##_data = { \
+        static const SSL_METHOD func_name##_data LOCAL_ATRR = { \
                 ver, \
                 mode, \
                 &(fun), \
@@ -72,7 +75,7 @@
                 load, \
                 show_info) \
     const X509_METHOD* func_name(void) { \
-        static const X509_METHOD func_name##_data = { \
+        static const X509_METHOD func_name##_data LOCAL_ATRR = { \
                 new, \
                 free, \
                 load, \
@@ -86,7 +89,7 @@
                 free, \
                 load) \
     const PKEY_METHOD* func_name(void) { \
-        static const PKEY_METHOD func_name##_data = { \
+        static const PKEY_METHOD func_name##_data LOCAL_ATRR = { \
                 new, \
                 free, \
                 load \
diff --git a/components/ssl/mbedtls/port/openssl/include/internal/ssl_pkey.h b/components/openssl/include/internal/ssl_pkey.h
similarity index 100%
rename from components/ssl/mbedtls/port/openssl/include/internal/ssl_pkey.h
rename to components/openssl/include/internal/ssl_pkey.h
diff --git a/components/ssl/mbedtls/port/openssl/include/internal/ssl_stack.h b/components/openssl/include/internal/ssl_stack.h
similarity index 100%
rename from components/ssl/mbedtls/port/openssl/include/internal/ssl_stack.h
rename to components/openssl/include/internal/ssl_stack.h
diff --git a/components/ssl/mbedtls/port/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h
similarity index 88%
rename from components/ssl/mbedtls/port/openssl/include/internal/ssl_types.h
rename to components/openssl/include/internal/ssl_types.h
index 633b1f18..21ba69f4 100644
--- a/components/ssl/mbedtls/port/openssl/include/internal/ssl_types.h
+++ b/components/openssl/include/internal/ssl_types.h
@@ -29,7 +29,6 @@ typedef void X509_STORE;
 typedef void RSA;
 
 typedef void STACK;
-typedef void BIO;
 
 #define ossl_inline inline
 
@@ -81,6 +80,12 @@ typedef struct x509_method_st X509_METHOD;
 struct pkey_method_st;
 typedef struct pkey_method_st PKEY_METHOD;
 
+struct ssl_alpn_st;
+typedef struct ssl_alpn_st SSL_ALPN;
+
+struct bio_st;
+typedef struct bio_st BIO;
+
 struct stack_st {
 
     char **data;
@@ -103,6 +108,8 @@ struct x509_st {
     void *x509_pm;
 
     const X509_METHOD *method;
+
+    int ref_counter;
 };
 
 struct cert_st {
@@ -144,6 +151,21 @@ struct X509_VERIFY_PARAM_st {
 
 };
 
+struct bio_st {
+    const unsigned char * data;
+    int dlen;
+};
+
+typedef enum { ALPN_INIT, ALPN_ENABLE, ALPN_DISABLE, ALPN_ERROR } ALPN_STATUS;
+struct ssl_alpn_st {
+     ALPN_STATUS alpn_status;
+     /* This is dynamically allocated */
+     char *alpn_string;
+     /* This only points to the members in the string */
+#define ALPN_LIST_MAX 10
+     const char *alpn_list[ALPN_LIST_MAX];
+};
+
 struct ssl_ctx_st
 {
     int version;
@@ -152,9 +174,7 @@ struct ssl_ctx_st
 
     unsigned long options;
 
-    #if 0
-        struct alpn_protocols alpn_protocol;
-    #endif
+    SSL_ALPN ssl_alpn;
 
     const SSL_METHOD *method;
 
@@ -170,6 +190,8 @@ struct ssl_ctx_st
 
     int read_ahead;
 
+    int read_buffer_len;
+
     X509_VERIFY_PARAM param;
 };
 
@@ -246,8 +268,12 @@ struct ssl_method_func_st {
 
     void (*ssl_set_fd)(SSL *ssl, int fd, int mode);
 
+    void (*ssl_set_hostname)(SSL *ssl, const char *hostname);
+
     int (*ssl_get_fd)(const SSL *ssl, int mode);
 
+    void (*ssl_set_bufflen)(SSL *ssl, int len);
+
     long (*ssl_get_verify_result)(const SSL *ssl);
 
     OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl);
@@ -273,6 +299,7 @@ struct pkey_method_st {
     int (*pkey_load)(EVP_PKEY *pkey, const unsigned char *buf, int len);
 };
 
+
 typedef int (*next_proto_cb)(SSL *ssl, unsigned char **out,
                              unsigned char *outlen, const unsigned char *in,
                              unsigned int inlen, void *arg);
diff --git a/components/ssl/mbedtls/port/openssl/include/internal/ssl_x509.h b/components/openssl/include/internal/ssl_x509.h
similarity index 62%
rename from components/ssl/mbedtls/port/openssl/include/internal/ssl_x509.h
rename to components/openssl/include/internal/ssl_x509.h
index 334455ca..e5843972 100644
--- a/components/ssl/mbedtls/port/openssl/include/internal/ssl_x509.h
+++ b/components/openssl/include/internal/ssl_x509.h
@@ -87,19 +87,6 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
  */
 int SSL_add_client_CA(SSL *ssl, X509 *x);
 
-
-/**
- * @brief add CA client certification into the CTX
- *
- * @param ctx - SSL context point
- * @param buffer - a point pointed to the certification context memory point
- *
- * @return result
- *     0 : failed
- *     1 : OK
- */
-int SSL_CTX_load_verify_buffer(SSL_CTX *ctx, const unsigned char* buffer, long len);
-
 /**
  * @brief load certification into the SSL
  *
@@ -114,6 +101,73 @@ int SSL_CTX_load_verify_buffer(SSL_CTX *ctx, const unsigned char* buffer, long l
  */
 int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d);
 
+
+/**
+ * @brief set SSL context client CA certification
+ *
+ * @param store - pointer to X509_STORE
+ * @param x     -  pointer to X509 certification point
+ *
+ * @return result
+ *     0 : failed
+ *     1 : OK
+ */
+int X509_STORE_add_cert(X509_STORE *store, X509 *x);
+
+/**
+ * @brief load data in BIO
+ *
+ * Normally BIO_write should append data but that doesn't happen here, and
+ * 'data' cannot be freed after the function is called, it should remain valid 
+ * until BIO object is in use.
+ *
+ * @param b    - pointer to BIO 
+ * @param data - pointer to data
+ * @param dlen - data bytes
+ *
+ * @return result
+ *      0 : failed
+ *      1 : OK
+ */
+int BIO_write(BIO *b, const void *data, int dlen);
+
+/**
+ * @brief load a character certification context into system context.
+ *
+ * If '*cert' is pointed to the certification, then load certification 
+ * into it, or create a new X509 certification object.
+ *
+ * @param bp     - pointer to  BIO
+ * @param buffer - pointer to the certification context memory
+ * @param cb     - pointer to a callback which queries pass phrase used
+                   for encrypted PEM structure
+ * @param u      - pointer to arbitary data passed by application to callback
+ *
+ * @return X509 certification object point
+ */
+X509 * PEM_read_bio_X509(BIO *bp, X509 **x, void *cb, void *u);
+
+/**
+ * @brief create a BIO object
+ * 
+ * @param method - pointer to BIO_METHOD
+ *
+ * @return pointer to BIO object
+ */
+BIO *BIO_new(void * method);
+
+/**
+ * @brief get the memory BIO method function
+ */
+void *BIO_s_mem(void);
+
+/**
+ * @brief free a BIO  object
+ *
+ * @param x - pointer to BIO object 
+ */
+void BIO_free(BIO *b);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/components/ssl/mbedtls/port/openssl/include/internal/tls1.h b/components/openssl/include/internal/tls1.h
similarity index 100%
rename from components/ssl/mbedtls/port/openssl/include/internal/tls1.h
rename to components/openssl/include/internal/tls1.h
diff --git a/components/ssl/mbedtls/port/openssl/include/internal/x509_vfy.h b/components/openssl/include/internal/x509_vfy.h
similarity index 100%
rename from components/ssl/mbedtls/port/openssl/include/internal/x509_vfy.h
rename to components/openssl/include/internal/x509_vfy.h
diff --git a/components/ssl/mbedtls/port/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h
similarity index 94%
rename from components/ssl/mbedtls/port/openssl/include/openssl/ssl.h
rename to components/openssl/include/openssl/ssl.h
index b04eaa66..88d7bca6 100644
--- a/components/ssl/mbedtls/port/openssl/include/openssl/ssl.h
+++ b/components/openssl/include/openssl/ssl.h
@@ -22,30 +22,18 @@
 #include "internal/ssl_x509.h"
 #include "internal/ssl_pkey.h"
 
-/*encapsulation the structure based on the espressif platform*/
-struct  _MD_CTX
-{
-    unsigned char cksum[16];    /* checksum of the data block */
-    unsigned char state[48];    /* intermediate digest state */
-    unsigned char buffer[16];   /* data block being processed */
-    int left;                   /* amount of data in buffer */
-};
-
-typedef struct _MD_CTX          EVP_MD_CTX;
-typedef unsigned char           EVP_MD;
-
-/*encapsulation the function based on the espressif platform*/
-
-#define strerror(a)                             ERR_strerror(a)
-
-/*encapsulation the protocol based on the espressif platform*/
-#define SSL_FILETYPE_PEM                        10
-#define EVP_MAX_MD_SIZE                         6
-
 /*
 {
 */
 
+#define SSL_CB_ALERT 0x4000
+
+#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT		(1 << 0)
+#define X509_CHECK_FLAG_NO_WILDCARDS			(1 << 1)
+#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS		(1 << 2)
+#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS		(1 << 3)
+#define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS		(1 << 4)
+
 /**
  * @brief create a SSL context
  *
@@ -165,6 +153,18 @@ int SSL_shutdown(SSL *ssl);
  */
 int SSL_set_fd(SSL *ssl, int fd);
 
+/**
+ * @brief Set the hostname for SNI
+ *
+ * @param ssl - the SSL context point
+ * @param hostname  - pointer to the hostname
+ *
+ * @return result
+ *     1 : OK
+ *     0 : failed
+ */
+int SSL_set_tlsext_host_name(SSL* ssl, const char *hostname);
+
 /**
  * @brief These functions load the private key into the SSL_CTX or SSL object
  *
@@ -635,6 +635,26 @@ void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int v
  */
 OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
 
+/**
+ * @brief set the SSL context read buffer length
+ *
+ * @param ctx - SSL context point
+ * @param len - read buffer length
+ *
+ * @return none
+ */
+void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
+
+/**
+ * @brief set the SSL read buffer length
+ *
+ * @param ssl - SSL point
+ * @param len - read buffer length
+ *
+ * @return none
+ */
+void SSL_set_default_read_buffer_len(SSL *ssl, size_t len);
+
 /**
  * @brief set the SSL security level
  *
@@ -1511,6 +1531,53 @@ long SSL_get_timeout(const SSL *ssl);
  */
 int SSL_get_verify_mode(const SSL *ssl);
 
+/**
+ * @brief get SSL verify parameters
+ *
+ * @param ssl - SSL point
+ *
+ * @return verify parameters
+ */
+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
+
+/**
+ * @brief set expected hostname the peer cert CN should have
+ *
+ * @param param - verify parameters from SSL_get0_param()
+ *
+ * @param name - the expected hostname
+ *
+ * @param namelen - the length of the hostname, or 0 if NUL terminated
+ *
+ * @return verify parameters
+ */
+int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen);
+
+/**
+ * @brief set parameters for X509 host verify action
+ *
+ * @param param -verify parameters from SSL_get0_param()
+ *
+ * @param flags - bitfield of X509_CHECK_FLAG_... parameters to set
+ *
+ * @return 1 for success, 0 for failure
+ */
+int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
+                    unsigned long flags);
+
+/**
+ * @brief clear parameters for X509 host verify action
+ *
+ * @param param -verify parameters from SSL_get0_param()
+ *
+ * @param flags - bitfield of X509_CHECK_FLAG_... parameters to clear
+ *
+ * @return 1 for success, 0 for failure
+ */
+int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param,
+                      unsigned long flags);
+
 /**
  * @brief get SSL write only IO handle
  *
diff --git a/components/openssl/include/platform/ssl_opt.h b/components/openssl/include/platform/ssl_opt.h
new file mode 100644
index 00000000..a9c55e8c
--- /dev/null
+++ b/components/openssl/include/platform/ssl_opt.h
@@ -0,0 +1,20 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef _SSL_OPT_H_
+#define _SSL_OPT_H_
+
+#include "sdkconfig.h"
+
+#endif
diff --git a/components/ssl/mbedtls/port/openssl/include/platform/ssl_pm.h b/components/openssl/include/platform/ssl_pm.h
similarity index 92%
rename from components/ssl/mbedtls/port/openssl/include/platform/ssl_pm.h
rename to components/openssl/include/platform/ssl_pm.h
index e05e05cd..f028a0ce 100644
--- a/components/ssl/mbedtls/port/openssl/include/platform/ssl_pm.h
+++ b/components/openssl/include/platform/ssl_pm.h
@@ -23,6 +23,8 @@
 #include "ssl_types.h"
 #include "ssl_port.h"
 
+#define LOCAL_ATRR
+
 int ssl_pm_new(SSL *ssl);
 void ssl_pm_free(SSL *ssl);
 
@@ -37,8 +39,12 @@ int ssl_pm_pending(const SSL *ssl);
 void ssl_pm_set_fd(SSL *ssl, int fd, int mode);
 int ssl_pm_get_fd(const SSL *ssl, int mode);
 
+void ssl_pm_set_hostname(SSL *ssl, const char *hostname);
+
 OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl);
 
+void ssl_pm_set_bufflen(SSL *ssl, int len);
+
 int x509_pm_show_info(X509 *x);
 int x509_pm_new(X509 *x, X509 *m_x);
 void x509_pm_free(X509 *x);
diff --git a/components/ssl/mbedtls/port/openssl/include/platform/ssl_port.h b/components/openssl/include/platform/ssl_port.h
similarity index 60%
rename from components/ssl/mbedtls/port/openssl/include/platform/ssl_port.h
rename to components/openssl/include/platform/ssl_port.h
index 49ae231b..492ea405 100644
--- a/components/ssl/mbedtls/port/openssl/include/platform/ssl_port.h
+++ b/components/openssl/include/platform/ssl_port.h
@@ -15,27 +15,31 @@
 #ifndef _SSL_PORT_H_
 #define _SSL_PORT_H_
 
-#include <string.h>
-#include <stdio.h>
-
-#include "esp_system.h"
-#include "esp_heap_caps.h"
-
 #ifdef __cplusplus
  extern "C" {
 #endif
 
-#define ssl_mem_zalloc(s) heap_caps_zalloc(s, MALLOC_CAP_32BIT)
-#define ssl_mem_malloc(s) heap_caps_malloc(s, MALLOC_CAP_32BIT)
-#define ssl_mem_free(p)   heap_caps_free(p)
+#include "esp_types.h"
+#include "esp_log.h"
+#include "string.h"
+#include "malloc.h"
 
-#define ssl_memcpy memcpy
-#define ssl_strlen strlen
+void *ssl_mem_zalloc(size_t size);
 
-#define ssl_speed_up_enter() esp_set_cpu_freq(ESP_CPU_FREQ_160M)
-#define ssl_speed_up_exit()  esp_set_cpu_freq(ESP_CPU_FREQ_80M)
+#define ssl_mem_malloc malloc
+#define ssl_mem_free   free
 
-#define SSL_DEBUG_LOG printf
+#define ssl_memcpy     memcpy
+#define ssl_strlen     strlen
 
+#define ssl_speed_up_enter()
+#define ssl_speed_up_exit()
+
+#define SSL_DEBUG_FL
+#define SSL_DEBUG_LOG(fmt, ...) ESP_LOGI("openssl", fmt, ##__VA_ARGS__)
+
+#ifdef __cplusplus
+ }
 #endif
 
+#endif
diff --git a/components/ssl/mbedtls/port/openssl/source/library/ssl_cert.c b/components/openssl/library/ssl_cert.c
similarity index 100%
rename from components/ssl/mbedtls/port/openssl/source/library/ssl_cert.c
rename to components/openssl/library/ssl_cert.c
diff --git a/components/ssl/mbedtls/port/openssl/source/library/ssl_lib.c b/components/openssl/library/ssl_lib.c
similarity index 93%
rename from components/ssl/mbedtls/port/openssl/source/library/ssl_lib.c
rename to components/openssl/library/ssl_lib.c
index ce189a8d..6fc863aa 100644
--- a/components/ssl/mbedtls/port/openssl/source/library/ssl_lib.c
+++ b/components/openssl/library/ssl_lib.c
@@ -224,6 +224,10 @@ void SSL_CTX_free(SSL_CTX* ctx)
 
     X509_free(ctx->client_CA);
 
+    if (ctx->ssl_alpn.alpn_string) {
+	 ssl_mem_free((void *)ctx->ssl_alpn.alpn_string);
+    }
+
     ssl_mem_free(ctx);
 }
 
@@ -463,7 +467,7 @@ int SSL_write(SSL *ssl, const void *buffer, int len)
         else
             bytes = send_bytes;
 
-        ret = SSL_METHOD_CALL(send, ssl, buffer, bytes);
+        ret = SSL_METHOD_CALL(send, ssl, pbuf, bytes);
         if (ret > 0) {
             pbuf += ret;
             send_bytes -= ret;
@@ -730,6 +734,19 @@ int SSL_set_wfd(SSL *ssl, int fd)
     return 1;
 }
 
+/**
+ * @brief SET TLS Hostname
+ */
+int SSL_set_tlsext_host_name(SSL* ssl, const char *hostname)
+{
+     SSL_ASSERT1(ssl);
+     SSL_ASSERT1(hostname);
+
+     SSL_METHOD_CALL(set_hostname, ssl, hostname);
+
+     return 1;
+}
+
 /**
  * @brief get SSL version
  */
@@ -1089,9 +1106,9 @@ const char *SSL_rstate_string_long(SSL *ssl)
 /**
  * @brief get SSL statement string
  */
-char *SSL_state_string(const SSL *ssl)
+const char *SSL_state_string(const SSL *ssl)
 {
-    char *str = "UNKWN ";
+    const char *str = "UNKWN ";
 
     SSL_ASSERT2(ssl);
 
@@ -1197,9 +1214,9 @@ char *SSL_state_string(const SSL *ssl)
 /**
  * @brief get SSL statement long string
  */
-char *SSL_state_string_long(const SSL *ssl)
+const char *SSL_state_string_long(const SSL *ssl)
 {
-    char *str = "UNKWN ";
+    const char *str = "UNKWN ";
 
     SSL_ASSERT2(ssl);
 
@@ -1308,6 +1325,27 @@ char *SSL_state_string_long(const SSL *ssl)
     return str;
 }
 
+/**
+ * @brief set the SSL context read buffer length
+ */
+void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
+{
+    SSL_ASSERT3(ctx);
+
+    ctx->read_buffer_len = len;
+}
+
+/**
+ * @brief set the SSL read buffer length
+ */
+void SSL_set_default_read_buffer_len(SSL *ssl, size_t len)
+{
+    SSL_ASSERT3(ssl);
+    SSL_ASSERT3(len);
+
+    SSL_METHOD_CALL(set_bufflen, ssl, len);
+}
+
 /**
  * @brief set the SSL information callback function
  */
@@ -1533,3 +1571,39 @@ void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_C
     ssl->verify_mode = mode;
     ssl->verify_callback = verify_callback;
 }
+
+/**
+ * @brief set the ALPN protocols in the preferred order. SSL APIs require the
+ * protocols in a <length><value><length2><value2> format. mbedtls doesn't need
+ * that though. We sanitize that here itself. So convert from:
+ * "\x02h2\x06spdy/1" to { {"h2"}, {"spdy/1}, {NULL}}
+ */
+int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned protos_len)
+{
+     ctx->ssl_alpn.alpn_string = ssl_mem_zalloc(protos_len + 1);
+     if (! ctx->ssl_alpn.alpn_string) {
+	  return 1;
+     }
+     ctx->ssl_alpn.alpn_status = ALPN_ENABLE;
+     memcpy(ctx->ssl_alpn.alpn_string, protos, protos_len);
+
+     char *ptr = ctx->ssl_alpn.alpn_string;
+     int i;
+     /* Only running to 1 less than the actual size */
+     for (i = 0; i < ALPN_LIST_MAX - 1; i++) {
+	  char len = *ptr;
+	  *ptr = '\0'; // Overwrite the length to act as previous element's string terminator
+	  ptr++;
+	  protos_len--;
+	  ctx->ssl_alpn.alpn_list[i] = ptr;
+	  ptr += len;
+	  protos_len -= len;
+	  if (! protos_len) {
+	       i++;
+	       break;
+	  }
+     }
+     ctx->ssl_alpn.alpn_list[i] = NULL;
+     return 0;
+}
+
diff --git a/components/ssl/mbedtls/port/openssl/source/library/ssl_methods.c b/components/openssl/library/ssl_methods.c
similarity index 96%
rename from components/ssl/mbedtls/port/openssl/source/library/ssl_methods.c
rename to components/openssl/library/ssl_methods.c
index 9abeac57..5c5f7f9d 100644
--- a/components/ssl/mbedtls/port/openssl/source/library/ssl_methods.c
+++ b/components/openssl/library/ssl_methods.c
@@ -22,7 +22,8 @@ IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func,
         ssl_pm_new, ssl_pm_free,
         ssl_pm_handshake, ssl_pm_shutdown, ssl_pm_clear,
         ssl_pm_read, ssl_pm_send, ssl_pm_pending,
-        ssl_pm_set_fd, ssl_pm_get_fd,
+        ssl_pm_set_fd, ssl_pm_set_hostname, ssl_pm_get_fd,
+        ssl_pm_set_bufflen,
         ssl_pm_get_verify_result,
         ssl_pm_get_state);
 
diff --git a/components/ssl/mbedtls/port/openssl/source/library/ssl_pkey.c b/components/openssl/library/ssl_pkey.c
similarity index 100%
rename from components/ssl/mbedtls/port/openssl/source/library/ssl_pkey.c
rename to components/openssl/library/ssl_pkey.c
diff --git a/components/ssl/mbedtls/port/openssl/source/library/ssl_stack.c b/components/openssl/library/ssl_stack.c
similarity index 100%
rename from components/ssl/mbedtls/port/openssl/source/library/ssl_stack.c
rename to components/openssl/library/ssl_stack.c
diff --git a/components/ssl/mbedtls/port/openssl/source/library/ssl_x509.c b/components/openssl/library/ssl_x509.c
similarity index 67%
rename from components/ssl/mbedtls/port/openssl/source/library/ssl_x509.c
rename to components/openssl/library/ssl_x509.c
index b6cc8983..91c2a64e 100644
--- a/components/ssl/mbedtls/port/openssl/source/library/ssl_x509.c
+++ b/components/openssl/library/ssl_x509.c
@@ -16,6 +16,7 @@
 #include "ssl_methods.h"
 #include "ssl_dbg.h"
 #include "ssl_port.h"
+#include "ssl.h"
 
 /**
  * @brief show X509 certification information
@@ -39,6 +40,8 @@ X509* __X509_new(X509 *ix)
         goto no_mem;
     }
 
+    x->ref_counter = 1;
+
     if (ix)
         x->method = ix->method;
     else
@@ -73,6 +76,10 @@ void X509_free(X509 *x)
 {
     SSL_ASSERT3(x);
 
+    if (--x->ref_counter > 0) {
+        return;
+    }
+
     X509_METHOD_CALL(free, x);
 
     ssl_mem_free(x);
@@ -117,6 +124,37 @@ failed1:
     return NULL;
 }
 
+/**
+ * @brief return SSL X509 verify parameters
+ */
+
+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+{
+    return &ssl->param;
+}
+
+/**
+ * @brief set X509 host verification flags
+ */
+
+int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
+                    unsigned long flags)
+{
+    /* flags not supported yet */
+    return 0;
+}
+
+/**
+ * @brief clear X509 host verification flags
+ */
+
+int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param,
+                      unsigned long flags)
+{
+    /* flags not supported yet */
+    return 0;
+}
+
 /**
  * @brief set SSL context client CA certification
  */
@@ -153,24 +191,6 @@ int SSL_add_client_CA(SSL *ssl, X509 *x)
     return 1;
 }
 
-/**
- * @brief add CA client certification into the CTX
- */
-int SSL_CTX_load_verify_buffer(SSL_CTX *ctx, const unsigned char* buffer, long len)
-{
-    SSL_ASSERT1(ctx);
-    SSL_ASSERT1(buffer);
-
-    X509* cacrt = d2i_X509(NULL, buffer, len);
-
-    if (cacrt) {
-        SSL_CTX_add_client_CA(ctx, cacrt);
-        return 1;
-    } else {
-        return 0;
-    }
-}
-
 /**
  * @brief set the SSL context certification
  */
@@ -301,3 +321,108 @@ X509 *SSL_get_peer_certificate(const SSL *ssl)
     return ssl->session->peer;
 }
 
+/**
+ * @brief set SSL context client CA certification
+ */
+int X509_STORE_add_cert(X509_STORE *store, X509 *x) {
+
+    x->ref_counter++;
+
+    SSL_CTX *ctx = (SSL_CTX *)store;
+    SSL_ASSERT1(ctx);
+    SSL_ASSERT1(x);
+
+    if (ctx->client_CA == x) {
+        return 1;
+    }
+
+    if (ctx->client_CA!=NULL) {
+        X509_free(ctx->client_CA);
+    }
+
+    ctx->client_CA = x;
+    return 1;
+}
+
+/**
+ * @brief create a BIO object
+ */
+BIO *BIO_new(void  *method) {
+    BIO *b = (BIO *)malloc(sizeof(BIO));
+    return b;
+}
+
+/**
+ * @brief load data into BIO.
+ *
+ * Normally BIO_write should append data but doesn't happen here, and
+ * 'data' cannot be freed after the function is called, it should remain valid 
+ * until BIO object is in use.
+ */
+int BIO_write(BIO *b, const void * data, int dlen) {
+    b->data = data;
+    b->dlen = dlen;
+    return 1;
+}
+
+/**
+ * @brief load a character certification context into system context.
+ * 
+ * If '*cert' is pointed to the certification, then load certification
+ * into it, or create a new X509 certification object.
+ */
+X509 * PEM_read_bio_X509(BIO *bp, X509 **cert, void *cb, void *u) {
+    int m = 0;
+    int ret;
+    X509 *x;
+
+    SSL_ASSERT2(bp->data);
+    SSL_ASSERT2(bp->dlen);
+
+    if (cert && *cert) {
+        x = *cert;
+    } else {
+        x = X509_new();
+        if (!x) {
+            SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL");
+            goto failed;
+        }
+        m = 1;
+    }
+
+    ret = X509_METHOD_CALL(load, x, bp->data, bp->dlen);
+    if (ret) {
+        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret);
+        goto failed;
+    }
+
+    return x;
+
+failed:
+    if (m) {
+        X509_free(x);
+    }
+
+    return NULL;
+}
+
+/**
+ * @brief get the memory BIO method function
+ */
+void *BIO_s_mem(void) {
+    return NULL;
+}
+
+/**
+ * @brief get the SSL context object X509 certification storage
+ */
+X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) {
+    return (X509_STORE *)ctx;
+}
+
+/**
+ * @brief free a BIO object
+ */
+void BIO_free(BIO *b) {
+    free(b);
+}
diff --git a/components/ssl/mbedtls/port/openssl/source/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c
similarity index 86%
rename from components/ssl/mbedtls/port/openssl/source/platform/ssl_pm.c
rename to components/openssl/platform/ssl_pm.c
index 96f2e91d..1448faa4 100644
--- a/components/ssl/mbedtls/port/openssl/source/platform/ssl_pm.c
+++ b/components/openssl/platform/ssl_pm.c
@@ -18,17 +18,14 @@
 
 /* mbedtls include */
 #include "mbedtls/platform.h"
-#include "mbedtls/net.h"
+#include "mbedtls/net_sockets.h"
 #include "mbedtls/debug.h"
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/error.h"
 #include "mbedtls/certs.h"
-#include "mbedtls/esp_debug.h"
 
-#define X509_INFO_STRING_LENGTH 3072
-#define OPENSSL_READ_BUFFER_LENGTH_MIN 2048
-#define OPENSSL_READ_BUFFER_LENGTH_MAX 8192
+#define X509_INFO_STRING_LENGTH 8192
 
 struct ssl_pm
 {
@@ -60,9 +57,36 @@ struct pkey_pm
     mbedtls_pk_context *ex_pkey;
 };
 
+unsigned int max_content_len;
+
 /*********************************************************************************************/
 /************************************ SSL arch interface *************************************/
 
+#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG
+
+/* mbedtls debug level */
+#define MBEDTLS_DEBUG_LEVEL 4
+
+/**
+ * @brief mbedtls debug function
+ */
+static void ssl_platform_debug(void *ctx, int level,
+                     const char *file, int line,
+                     const char *str)
+{
+    /* Shorten 'file' from the whole file path to just the filename
+
+       This is a bit wasteful because the macros are compiled in with
+       the full _FILE_ path in each case.
+    */
+    char *file_sep = rindex(file, '/');
+    if(file_sep)
+        file = file_sep + 1;
+
+    SSL_DEBUG(SSL_DEBUG_ON, "%s:%d %s", file, line, str);
+}
+#endif
+
 /**
  * @brief create SSL low-level object
  */
@@ -85,6 +109,8 @@ int ssl_pm_new(SSL *ssl)
         goto no_mem;
     }
 
+    max_content_len = ssl->ctx->read_buffer_len;
+
     mbedtls_net_init(&ssl_pm->fd);
     mbedtls_net_init(&ssl_pm->cl_fd);
 
@@ -127,10 +153,20 @@ int ssl_pm_new(SSL *ssl)
         mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0);
     }
 
+    if (ssl->ctx->ssl_alpn.alpn_status == ALPN_ENABLE) {
+#ifdef MBEDTLS_SSL_ALPN
+        mbedtls_ssl_conf_alpn_protocols( &ssl_pm->conf, ssl->ctx->ssl_alpn.alpn_list );
+#else
+        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "CONFIG_MBEDTLS_SSL_ALPN must be enabled to use ALPN", -1);
+#endif // MBEDTLS_SSL_ALPN
+    }
     mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg);
 
-#ifdef CONFIG_MBEDTLS_DEBUG
-    mbedtls_esp_enable_debug_log(&ssl_pm->conf, CONFIG_MBEDTLS_DEBUG_LEVEL);
+#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG
+    mbedtls_debug_set_threshold(MBEDTLS_DEBUG_LEVEL);
+    mbedtls_ssl_conf_dbg(&ssl_pm->conf, ssl_platform_debug, NULL);
+#else
+    mbedtls_ssl_conf_dbg(&ssl_pm->conf, NULL, NULL);
 #endif
 
     ret = mbedtls_ssl_setup(&ssl_pm->ssl, &ssl_pm->conf);
@@ -184,11 +220,11 @@ static int ssl_pm_reload_crt(SSL *ssl)
     struct pkey_pm *pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
     struct x509_pm *crt_pm = (struct x509_pm *)ssl->cert->x509->x509_pm;
 
-    if (ssl->verify_mode == SSL_VERIFY_PEER)
-        mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
-    else if (ssl->verify_mode == SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
+    if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
         mode = MBEDTLS_SSL_VERIFY_REQUIRED;
-    else if (ssl->verify_mode == SSL_VERIFY_CLIENT_ONCE)
+    else if (ssl->verify_mode & SSL_VERIFY_PEER)
+        mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
+    else if (ssl->verify_mode & SSL_VERIFY_CLIENT_ONCE)
         mode = MBEDTLS_SSL_VERIFY_UNSET;
     else
         mode = MBEDTLS_SSL_VERIFY_NONE;
@@ -335,6 +371,13 @@ void ssl_pm_set_fd(SSL *ssl, int fd, int mode)
     ssl_pm->fd.fd = fd;
 }
 
+void ssl_pm_set_hostname(SSL *ssl, const char *hostname)
+{
+    struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
+
+    mbedtls_ssl_set_hostname(&ssl_pm->ssl, hostname);
+}
+
 int ssl_pm_get_fd(const SSL *ssl, int mode)
 {
     struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
@@ -608,6 +651,13 @@ no_mem:
     return -1;
 }
 
+
+
+void ssl_pm_set_bufflen(SSL *ssl, int len)
+{
+    max_content_len = len;
+}
+
 long ssl_pm_get_verify_result(const SSL *ssl)
 {
     uint32_t ret;
@@ -616,11 +666,39 @@ long ssl_pm_get_verify_result(const SSL *ssl)
 
     ret = mbedtls_ssl_get_verify_result(&ssl_pm->ssl);
     if (ret) {
-        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_get_verify_result() return -0x%x", -ret);
+        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_get_verify_result() return 0x%x", ret);
         verify_result = X509_V_ERR_UNSPECIFIED;
-    } else {
+    } else
         verify_result = X509_V_OK;
-    }
 
     return verify_result;
 }
+
+/**
+ * @brief set expected hostname on peer cert CN
+ */
+int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen)
+{
+    SSL *ssl = (SSL *)((char *)param - offsetof(SSL, param));
+    struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm;
+    char *name_cstr = NULL;
+
+    if (namelen) {
+        name_cstr = malloc(namelen + 1);
+        if (!name_cstr) {
+            return 0;
+        }
+        memcpy(name_cstr, name, namelen);
+        name_cstr[namelen] = '\0';
+        name = name_cstr;
+    }
+
+    mbedtls_ssl_set_hostname(&ssl_pm->ssl, name);
+
+    if (namelen) {
+        free(name_cstr);
+    }
+
+    return 1;
+}
diff --git a/components/openssl/platform/ssl_port.c b/components/openssl/platform/ssl_port.c
new file mode 100644
index 00000000..8c7a3133
--- /dev/null
+++ b/components/openssl/platform/ssl_port.c
@@ -0,0 +1,29 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "ssl_port.h"
+
+/*********************************************************************************************/
+/********************************* SSL general interface *************************************/
+
+void *ssl_mem_zalloc(size_t size)
+{
+    void *p = malloc(size);
+
+    if (p)
+        memset(p, 0, size);
+
+    return p;
+}
+
diff --git a/components/ssl/CMakeLists.txt b/components/ssl/CMakeLists.txt
deleted file mode 100644
index 9591725e..00000000
--- a/components/ssl/CMakeLists.txt
+++ /dev/null
@@ -1,38 +0,0 @@
-
-if(CONFIG_SSL_USING_WOLFSSL)
-set(COMPONENT_ADD_INCLUDEDIRS wolfssl/include wolfssl/wolfssl wolfssl/wolfssl/wolfssl)
-set(COMPONENT_SRCDIRS "wolfssl/source")
-else()
-if(CONFIG_SSL_USING_MBEDTLS)
-set(COMPONENT_ADD_INCLUDEDIRS
-    mbedtls/port/openssl/include
-    mbedtls/mbedtls/include
-    mbedtls/port/esp8266/include)
-
-set(COMPONENT_PRIV_INCLUDEDIRS
-    mbedtls/port/openssl/include/internal
-    mbedtls/port/openssl/include/openssl
-    mbedtls/port/openssl/include/platform)
-
-set(COMPONENT_SRCDIRS
-    mbedtls/port/openssl/source/library
-    mbedtls/port/openssl/source/platform
-    mbedtls/mbedtls/library
-    mbedtls/port/esp8266)
-endif()
-endif()
-
-set(COMPONENT_REQUIRES "lwip" "esp8266" "util")
-
-register_component()
-
-if(CONFIG_SSL_USING_WOLFSSL)
-target_compile_options(${COMPONENT_LIB} PUBLIC -DWOLFSSL_USER_SETTINGS)
-
-target_link_libraries(${COMPONENT_LIB} "-L ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/lib")
-target_link_libraries(${COMPONENT_LIB} wolfssl)
-else()
-if(CONFIG_SSL_USING_MBEDTLS)
-target_compile_options(${COMPONENT_LIB} PUBLIC -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h")
-endif()
-endif()
diff --git a/components/ssl/Kconfig b/components/ssl/Kconfig
deleted file mode 100644
index 0b5b8318..00000000
--- a/components/ssl/Kconfig
+++ /dev/null
@@ -1,617 +0,0 @@
-menu "SSL"
-
-choice SSL_LIBRARY_CHOOSE
-    prompt "Choose SSL/TLS library"
-    default SSL_USING_MBEDTLS
-    help
-        Choose the SSL/TLS library which you want to use.
-
-        Currently we support mbedTLS and axTLS.
-
-config SSL_USING_MBEDTLS
-    bool "mbedTLS"
-config SSL_USING_WOLFSSL
-    bool "wolfSSL (License info in wolfssl subdirectory README)"
-endchoice
-
-menu "wolfSSL"
-    depends on SSL_USING_WOLFSSL
-
-config WOLFSSL_DEBUG
-   bool "Enable wolfSSL debugging"
-   default n
-   help
-       Enable wolfSSL debugging functions at compile time.
-
-endmenu  # wolfSSL
-
-menu "mbedTLS"
-    depends on SSL_USING_MBEDTLS
-
-config MBEDTLS_SSL_OUT_CONTENT_LEN
-    int "TLS maximum OUTPUT message content length"
-    default 4096
-    range 512 16384
-    help
-        Maximum TLS output message length (in bytes) supported by mbedTLS.
-        
-        You can set a lower value than 16384 bytes in order to save RAM. 
-        This is safe if the other end of the connection supports Maximum
-        Fragment Length Negotiation Extension (max_fragment_length,
-        see RFC6066) or you know for certain that it will never send a
-        message longer than a certain number of bytes.
-
-        If the value is set too low, symptoms are a failed TLS
-        handshake or a return value of MBEDTLS_ERR_SSL_INVALID_RECORD
-        (-0x7200).
-
-config MBEDTLS_SSL_IN_CONTENT_LEN
-    int "TLS maximum INPUT message content length"
-    default 4096
-    range 512 16384
-    help
-        Maximum TLS input message length (in bytes) supported by mbedTLS.
-        
-        16384 is the default and this value is required to comply
-        fully with TLS standards.
-        
-        However you can set a lower value in order to save RAM. This
-        is safe if the other end of the connection supports Maximum
-        Fragment Length Negotiation Extension (max_fragment_length,
-        see RFC6066) or you know for certain that it will never send a
-        message longer than a certain number of bytes.
-
-        If the value is set too low, symptoms are a failed TLS
-        handshake or a return value of MBEDTLS_ERR_SSL_INVALID_RECORD
-        (-0x7200).
-
-choice MBEDTLS_RSA_BITLEN_MIN
-    prompt "RSA minimum bit length"
-    default MBEDTLS_RSA_BITLEN_2048
-    help
-        mbedTLS's minimum bit length is 2048, but some customers's key RSA bits is 1024.
-
-        With the option users can configurate the value to make mbedTLS support 1024 bits RSA key.
-
-config MBEDTLS_RSA_BITLEN_1024
-    bool "1024(not safe)"
-config MBEDTLS_RSA_BITLEN_2048
-    bool "2048"
-endchoice
-
-config MBEDTLS_RSA_BITLEN_MIN
-    int
-    default 1024 if MBEDTLS_RSA_BITLEN_1024
-    default 2048 if MBEDTLS_RSA_BITLEN_2048
-
-config MBEDTLS_DEBUG
-   bool "Enable mbedTLS debugging"
-   default n
-   help
-       Enable mbedTLS debugging functions at compile time.
-
-       If this option is enabled, you must call mbedtls_esp_enable_debug_log
-	   at runtime in order to enable mbedTLS debug output.
-
-config MBEDTLS_DEBUG_LEVEL
-   int "Mbedtls debugging level"
-   default 4
-   range 0 4
-   depends on MBEDTLS_DEBUG
-   help
-       Mbedtls debugging level.
-
-config MBEDTLS_HAVE_TIME
-   bool "Enable mbedtls time"
-   default y
-   help
-       System has time.h and time().
-       The time does not need to be correct, only time differences are used,
-
-config MBEDTLS_HAVE_TIME_DATE
-   bool "Enable mbedtls time data"
-   depends on MBEDTLS_HAVE_TIME
-   default n
-   help
-       System has time.h and time(), gmtime() and the clock is correct.
-       The time needs to be correct (not necesarily very accurate, but at least
-       the date should be correct). This is used to verify the validity period of
-       X.509 certificates.
-
-       It is suggested that you should get the real time by "SNTP".
-
-choice MBEDTLS_TLS_MODE
-    bool "TLS Protocol Role"
-    default MBEDTLS_TLS_SERVER_AND_CLIENT
-    help
-        mbedTLS can be compiled with protocol support for the TLS
-        server, TLS client, or both server and client.
-
-        Reducing the number of TLS roles supported saves code size.
-
-config MBEDTLS_TLS_SERVER_AND_CLIENT
-    bool "Server & Client"
-    select MBEDTLS_TLS_SERVER
-    select MBEDTLS_TLS_CLIENT
-config MBEDTLS_TLS_SERVER_ONLY
-    bool "Server"
-    select MBEDTLS_TLS_SERVER
-config MBEDTLS_TLS_CLIENT_ONLY
-    bool "Client"
-    select MBEDTLS_TLS_CLIENT
-config MBEDTLS_TLS_DISABLED
-    bool "None"
-
-endchoice
-
-config MBEDTLS_TLS_SERVER
-    bool
-    select MBEDTLS_TLS_ENABLED
-config MBEDTLS_TLS_CLIENT
-    bool
-    select MBEDTLS_TLS_ENABLED
-config MBEDTLS_TLS_ENABLED
-    bool
-
-menu "TLS Key Exchange Methods"
-   depends on MBEDTLS_TLS_ENABLED
-
-config MBEDTLS_PSK_MODES
-   bool "Enable pre-shared-key ciphersuites"
-   default n
-   help
-       Enable to show configuration for different types of pre-shared-key TLS authentatication methods.
-
-       Leaving this options disabled will save code size if they are not used.
-
-config MBEDTLS_KEY_EXCHANGE_PSK
-   bool "Enable PSK based ciphersuite modes"
-   depends on MBEDTLS_PSK_MODES
-   default n
-   help
-       Enable to support symmetric key PSK (pre-shared-key) TLS key exchange modes.
-
-config MBEDTLS_KEY_EXCHANGE_DHE_PSK
-   bool "Enable DHE-PSK based ciphersuite modes"
-   depends on MBEDTLS_PSK_MODES
-   default n
-   help
-       Enable to support Diffie-Hellman PSK (pre-shared-key) TLS authentication modes.
-
-config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
-   bool "Enable ECDHE-PSK based ciphersuite modes"
-   depends on MBEDTLS_PSK_MODES
-   default n
-   help
-       Enable to support Elliptic-Curve-Diffie-Hellman PSK (pre-shared-key) TLS authentication modes.
-
-config MBEDTLS_KEY_EXCHANGE_RSA_PSK
-   bool "Enable RSA-PSK based ciphersuite modes"
-   depends on MBEDTLS_PSK_MODES
-   default y
-   help
-       Enable to support RSA PSK (pre-shared-key) TLS authentication modes.
-
-config MBEDTLS_KEY_EXCHANGE_RSA
-   bool "Enable RSA-only based ciphersuite modes"
-   default y
-   help
-       Enable to support ciphersuites with prefix TLS-RSA-WITH-
-
-config MBEDTLS_KEY_EXCHANGE_DHE_RSA
-   bool "Enable DHE-RSA based ciphersuite modes"
-   default n
-   help
-       Enable to support ciphersuites with prefix TLS-DHE-RSA-WITH-
-
-config MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE
-   bool "Support Elliptic Curve based ciphersuites"
-   depends on MBEDTLS_ECP_C
-   default n
-   help
-       Enable to show Elliptic Curve based ciphersuite mode options.
-
-       Disabling all Elliptic Curve ciphersuites saves code size and
-       can give slightly faster TLS handshakes, provided the server supports
-       RSA-only ciphersuite modes.
-
-config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
-   bool "Enable ECDHE-RSA based ciphersuite modes"
-   depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C
-   default n
-   help
-       Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
-
-config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-   bool "Enable ECDHE-ECDSA based ciphersuite modes"
-   depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
-   default n
-   help
-       Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
-
-config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
-   bool "Enable ECDH-ECDSA based ciphersuite modes"
-   depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C && MBEDTLS_ECDSA_C
-   default n
-   help
-       Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
-
-config MBEDTLS_KEY_EXCHANGE_ECDH_RSA
-   bool "Enable ECDH-RSA based ciphersuite modes"
-   depends on MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE && MBEDTLS_ECDH_C
-   default n
-   help
-       Enable to support ciphersuites with prefix TLS-ECDHE-RSA-WITH-
-
-endmenu # TLS key exchange modes
-
-config MBEDTLS_SSL_RENEGOTIATION
-   bool "Support TLS renegotiation"
-   depends on MBEDTLS_TLS_ENABLED
-   default n
-   help
-       The two main uses of renegotiation are (1) refresh keys on long-lived
-       connections and (2) client authentication after the initial handshake.
-       If you don't need renegotiation, disabling it will save code size and
-       reduce the possibility of abuse/vulnerability.
-
-config MBEDTLS_SSL_PROTO_SSL3
-   bool "Legacy SSL 3.0 support"
-   depends on MBEDTLS_TLS_ENABLED
-   default n
-   help
-       Support the legacy SSL 3.0 protocol. Most servers will speak a newer
-       TLS protocol these days.
-
-config MBEDTLS_SSL_PROTO_TLS1
-   bool "Support TLS 1.0 protocol"
-   depends on MBEDTLS_TLS_ENABLED
-   default y
-
-config MBEDTLS_SSL_PROTO_TLS1_1
-   bool "Support TLS 1.1 protocol"
-   depends on MBEDTLS_TLS_ENABLED
-   default y
-
-config MBEDTLS_SSL_PROTO_TLS1_2
-   bool "Support TLS 1.2 protocol"
-   depends on MBEDTLS_TLS_ENABLED
-   default y
-
-config MBEDTLS_SSL_PROTO_DTLS
-   bool "Support DTLS protocol (all versions)"
-   default n
-   depends on MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2
-   help
-       Requires TLS 1.1 to be enabled for DTLS 1.0
-       Requires TLS 1.2 to be enabled for DTLS 1.2
-
-config MBEDTLS_SSL_ALPN
-   bool "Support ALPN (Application Layer Protocol Negotiation)"
-   depends on MBEDTLS_TLS_ENABLED
-   default n
-   help
-       Disabling this option will save some code size if it is not needed.
-
-config MBEDTLS_CIPHER_MODE_CTR
-    bool "Support CTR mode"
-    depends on MBEDTLS_TLS_ENABLED
-    default n
-    help
-        Enable Counter Block Cipher mode (CTR) for symmetric ciphers. Required for AES CTR
-
-config MBEDTLS_SSL_SESSION_TICKETS
-   bool "TLS: Support RFC 5077 SSL session tickets"
-   default n
-   depends on MBEDTLS_TLS_ENABLED
-   help
-       Support RFC 5077 session tickets. See mbedTLS documentation for more details.
-
-       Disabling this option will save some code size.
-
-menu "Symmetric Ciphers"
-
-config MBEDTLS_AES_C
-   bool "AES block cipher"
-   default y
-
-config MBEDTLS_CAMELLIA_C
-   bool "Camellia block cipher"
-   default n
-
-config MBEDTLS_DES_C
-   bool "DES block cipher (legacy, insecure)"
-   default n
-   help
-       Enables the DES block cipher to support 3DES-based TLS ciphersuites.
-
-       3DES is vulnerable to the Sweet32 attack and should only be enabled
-       if absolutely necessary.
-
-choice MBEDTLS_RC4_MODE
-    prompt "RC4 Stream Cipher (legacy, insecure)"
-    default MBEDTLS_RC4_DISABLED
-    help
-        ARCFOUR (RC4) stream cipher can be disabled entirely, enabled but not
-        added to default ciphersuites, or enabled completely.
-
-        Please consider the security implications before enabling RC4.
-
-config MBEDTLS_RC4_DISABLED
-    bool "Disabled"
-config MBEDTLS_RC4_ENABLED_NO_DEFAULT
-    bool "Enabled, not in default ciphersuites"
-config MBEDTLS_RC4_ENABLED
-    bool "Enabled"
-endchoice
-
-config MBEDTLS_BLOWFISH_C
-    bool "Blowfish block cipher (read help)"
-    default n
-    help
-        Enables the Blowfish block cipher (not used for TLS sessions.)
-
-        The Blowfish cipher is not used for mbedTLS TLS sessions but can be
-        used for other purposes. Read up on the limitations of Blowfish (including
-        Sweet32) before enabling.
-
-config MBEDTLS_XTEA_C
-    bool "XTEA block cipher"
-    default y
-    help
-        Enables the XTEA block cipher.
-
-
-config MBEDTLS_CCM_C
-    bool "CCM (Counter with CBC-MAC) block cipher modes"
-    default n
-    depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
-    help
-        Enable Counter with CBC-MAC (CCM) modes for AES and/or Camellia ciphers.
-
-        Disabling this option saves some code size.
-
-config MBEDTLS_GCM_C
-    bool "GCM (Galois/Counter) block cipher modes"
-    default n
-    depends on MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C
-    help
-        Enable Galois/Counter Mode for AES and/or Camellia ciphers.
-
-        This option is generally faster than CCM.
-
-endmenu # Symmetric Ciphers
-
-config MBEDTLS_RIPEMD160_C
-    bool "Enable RIPEMD-160 hash algorithm"
-    default n
-    help
-        Enable the RIPEMD-160 hash algorithm.
-
-menu "Certificates"
-
-config MBEDTLS_PEM_PARSE_C
-    bool "Read & Parse PEM formatted certificates"
-    default y
-    help
-        Enable decoding/parsing of PEM formatted certificates.
-
-        If your certificates are all in the simpler DER format, disabling
-        this option will save some code size.
-
-config MBEDTLS_PEM_WRITE_C
-    bool "Write PEM formatted certificates"
-    default y
-    help
-        Enable writing of PEM formatted certificates.
-
-        If writing certificate data only in DER format, disabling this
-        option will save some code size.
-
-config MBEDTLS_X509_CRL_PARSE_C
-    bool "X.509 CRL parsing"
-    default y
-    help
-        Support for parsing X.509 Certifificate Revocation Lists.
-
-config MBEDTLS_X509_CSR_PARSE_C
-    bool "X.509 CSR parsing"
-    default y
-    help
-        Support for parsing X.509 Certifificate Signing Requests
-
-endmenu # Certificates
-
-menuconfig MBEDTLS_ECP_C
-    bool  "Elliptic Curve Ciphers"
-    default n
-
-config MBEDTLS_ECDH_C
-    bool "Elliptic Curve Diffie-Hellman (ECDH)"
-    depends on MBEDTLS_ECP_C
-    default y
-    help
-        Enable ECDH. Needed to use ECDHE-xxx TLS ciphersuites.
-
-config MBEDTLS_DHM_C
-    bool "Diffie-Hellman-Merkle(DHM)"
-    default y
-    help
-        Enable the Diffie-Hellman-Merkle module.
-
-config MBEDTLS_ECDSA_C
-    bool "Elliptic Curve DSA"
-    depends on MBEDTLS_ECDH_C
-    default y
-    help
-        Enable ECDSA. Needed to use ECDSA-xxx TLS ciphersuites.
-
-config MBEDTLS_ECP_DP_SECP192R1_ENABLED
-    bool "Enable SECP192R1 curve"
-    depends on MBEDTLS_ECP_C
-    default y
-    help
-        Enable support for SECP192R1 Elliptic Curve.
-
-config MBEDTLS_ECP_DP_SECP224R1_ENABLED
-    bool "Enable SECP224R1 curve"
-    depends on MBEDTLS_ECP_C
-    default y
-    help
-        Enable support for SECP224R1 Elliptic Curve.
-
-config MBEDTLS_ECP_DP_SECP256R1_ENABLED
-    bool "Enable SECP256R1 curve"
-    depends on MBEDTLS_ECP_C
-    default y
-    help
-        Enable support for SECP256R1 Elliptic Curve.
-
-config MBEDTLS_ECP_DP_SECP384R1_ENABLED
-    bool "Enable SECP384R1 curve"
-    depends on MBEDTLS_ECP_C
-    default y
-    help
-        Enable support for SECP384R1 Elliptic Curve.
-
-config MBEDTLS_ECP_DP_SECP521R1_ENABLED
-    bool "Enable SECP521R1 curve"
-    depends on MBEDTLS_ECP_C
-    default y
-    help
-        Enable support for SECP521R1 Elliptic Curve.
-
-config MBEDTLS_ECP_DP_SECP192K1_ENABLED
-    bool "Enable SECP192K1 curve"
-    depends on MBEDTLS_ECP_C
-    default y
-    help
-        Enable support for SECP192K1 Elliptic Curve.
-
-config MBEDTLS_ECP_DP_SECP224K1_ENABLED
-    bool "Enable SECP224K1 curve"
-    depends on MBEDTLS_ECP_C
-    default y
-    help
-        Enable support for SECP224K1 Elliptic Curve.
-
-config MBEDTLS_ECP_DP_SECP256K1_ENABLED
-    bool "Enable SECP256K1 curve"
-    depends on MBEDTLS_ECP_C
-    default y
-    help
-        Enable support for SECP256K1 Elliptic Curve.
-
-config MBEDTLS_ECP_DP_BP256R1_ENABLED
-    bool "Enable BP256R1 curve"
-    depends on MBEDTLS_ECP_C
-    default y
-    help
-        support for DP Elliptic Curve.
-
-config MBEDTLS_ECP_DP_BP384R1_ENABLED
-    bool "Enable BP384R1 curve"
-    depends on MBEDTLS_ECP_C
-    default y
-    help
-        support for DP Elliptic Curve.
-
-config MBEDTLS_ECP_DP_BP512R1_ENABLED
-    bool "Enable BP512R1 curve"
-    depends on MBEDTLS_ECP_C
-    default y
-    help
-        support for DP Elliptic Curve.
-
-config MBEDTLS_ECP_DP_CURVE25519_ENABLED
-    bool "Enable CURVE25519 curve"
-    depends on MBEDTLS_ECP_C
-    default y
-    help
-        Enable support for CURVE25519 Elliptic Curve.
-
-config MBEDTLS_ECP_NIST_OPTIM
-    bool "NIST 'modulo p' optimisations"
-    depends on MBEDTLS_ECP_C
-    default y
-    help
-        NIST 'modulo p' optimisations increase Elliptic Curve operation performance.
-
-        Disabling this option saves some code size.
-
-# end of Elliptic Curve options
-
-menu "OpenSSL"
-
-config OPENSSL_DEBUG
-    bool "Enable OpenSSL debugging"
-    default n
-    help
-       Enable OpenSSL debugging function.
-
-       If the option is enabled, "SSL_DEBUG" works.
-
-config OPENSSL_DEBUG_LEVEL
-   int "OpenSSL debugging level"
-   default 0
-   range 0 255
-   depends on OPENSSL_DEBUG
-   help
-       OpenSSL debugging level.
-
-       Only function whose debugging level is higher than "OPENSSL_DEBUG_LEVEL" works.
-
-       For example:
-           If OPENSSL_DEBUG_LEVEL = 2, you use function "SSL_DEBUG(1, "malloc failed")". Because 1 < 2, it will not print.
-
-config OPENSSL_LOWLEVEL_DEBUG
-    bool "Enable OpenSSL low-level module debugging"
-    default n
-    depends on OPENSSL_DEBUG
-    select MBEDTLS_DEBUG
-    help
-       If the option is enabled, low-level module debugging function of OpenSSL is enabled, e.g. mbedtls internal debugging function.
-
-choice OPENSSL_ASSERT
-    prompt "Select OpenSSL assert function"
-    default CONFIG_OPENSSL_ASSERT_EXIT
-    help
-        OpenSSL function needs "assert" function to check if input parameters are valid.
-
-        If you want to use assert debugging function, "OPENSSL_DEBUG" should be enabled.
-
-config OPENSSL_ASSERT_DO_NOTHING
-    bool "Do nothing"
-    help
-        Do nothing and "SSL_ASSERT" does not work.
-
-config OPENSSL_ASSERT_EXIT
-    bool "Check and exit"
-    help
-        Enable assert exiting, it will check and return error code.
-
-config OPENSSL_ASSERT_DEBUG
-    bool "Show debugging message"
-    depends on OPENSSL_DEBUG
-    help
-        Enable assert debugging, it will check and show debugging message.
-
-config OPENSSL_ASSERT_DEBUG_EXIT
-    bool "Show debugging message and exit"
-    depends on OPENSSL_DEBUG
-    help
-        Enable assert debugging and exiting, it will check, show debugging message and return error code.
-
-config OPENSSL_ASSERT_DEBUG_BLOCK
-    bool "Show debugging message and block"
-    depends on OPENSSL_DEBUG
-    help
-        Enable assert debugging and blocking, it will check, show debugging message and block by "while (1);".
-
-endchoice
-
-endmenu
-
-endmenu  # mbedTLS
-
-endmenu
diff --git a/components/ssl/Makefile.projbuild b/components/ssl/Makefile.projbuild
deleted file mode 100644
index c6f1ff2b..00000000
--- a/components/ssl/Makefile.projbuild
+++ /dev/null
@@ -1,10 +0,0 @@
-# Anyone compiling mbedTLS code needs the name of the
-# alternative config file
-
-#ifdef CONFIG_SSL_USING_MBEDTLS
-CPPFLAGS += -DMBEDTLS_CONFIG_FILE='"mbedtls/esp_config.h"'
-#endif
-
-#ifdef CONFIG_SSL_USING_WOLFSSL
-CPPFLAGS += -DWOLFSSL_USER_SETTINGS
-#endif
diff --git a/components/ssl/component.mk b/components/ssl/component.mk
deleted file mode 100644
index 6449234e..00000000
--- a/components/ssl/component.mk
+++ /dev/null
@@ -1,24 +0,0 @@
-#
-# Component Makefile
-#
-
-ifdef CONFIG_SSL_USING_WOLFSSL
-COMPONENT_ADD_INCLUDEDIRS := wolfssl/include wolfssl/wolfssl wolfssl/wolfssl/wolfssl
-
-ifdef CONFIG_WOLFSSL_DEBUG
-WOLFSSLLIB = wolfssl_debug
-COMPONENT_ADD_LDFLAGS     := -L $(COMPONENT_PATH)/wolfssl/lib -lwolfssl_debug
-else
-WOLFSSLLIB = wolfssl
-COMPONENT_ADD_LDFLAGS     := -L $(COMPONENT_PATH)/wolfssl/lib -lwolfssl
-endif
-
-# re-link program if wolfssl library change
-COMPONENT_ADD_LINKER_DEPS := $(patsubst %,$(COMPONENT_PATH)/wolfssl/lib/lib%.a,$(WOLFSSLLIB))
-else
-ifdef CONFIG_SSL_USING_MBEDTLS
-COMPONENT_PRIV_INCLUDEDIRS := mbedtls/port/openssl/include/internal mbedtls/port/openssl/include/openssl mbedtls/port/openssl/include/platform
-COMPONENT_ADD_INCLUDEDIRS += mbedtls/mbedtls/include mbedtls/port/esp8266/include mbedtls/port/openssl/include
-COMPONENT_SRCDIRS += mbedtls/mbedtls/library mbedtls/port/esp8266 mbedtls/port/openssl/source/library mbedtls/port/openssl/source/platform
-endif
-endif
\ No newline at end of file
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/aes.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/aes.h
deleted file mode 100644
index 46016dcb..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/aes.h
+++ /dev/null
@@ -1,417 +0,0 @@
-/**
- * \file aes.h
- *
- * \brief   The Advanced Encryption Standard (AES) specifies a FIPS-approved
- *          cryptographic algorithm that can be used to protect electronic
- *          data.
- *
- *          The AES algorithm is a symmetric block cipher that can
- *          encrypt and decrypt information. For more information, see
- *          <em>FIPS Publication 197: Advanced Encryption Standard</em> and
- *          <em>ISO/IEC 18033-2:2006: Information technology -- Security
- *          techniques -- Encryption algorithms -- Part 2: Asymmetric
- *          ciphers</em>.
- */
-/*  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_AES_H
-#define MBEDTLS_AES_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-/* padlock.c and aesni.c rely on these values! */
-#define MBEDTLS_AES_ENCRYPT     1 /**< AES encryption. */
-#define MBEDTLS_AES_DECRYPT     0 /**< AES decryption. */
-
-/* Error codes in range 0x0020-0x0022 */
-#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH                -0x0020  /**< Invalid key length. */
-#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH              -0x0022  /**< Invalid data input length. */
-
-/* Error codes in range 0x0023-0x0025 */
-#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE               -0x0023  /**< Feature not available. For example, an unsupported AES key size. */
-#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED                   -0x0025  /**< AES hardware accelerator failed. */
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-#if !defined(MBEDTLS_AES_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief The AES context-type definition.
- */
-typedef struct
-{
-    int nr;                     /*!< The number of rounds. */
-    uint32_t *rk;               /*!< AES round keys. */
-    uint32_t buf[68];           /*!< Unaligned data buffer. This buffer can
-                                     hold 32 extra Bytes, which can be used for
-                                     one of the following purposes:
-                                     <ul><li>Alignment if VIA padlock is
-                                             used.</li>
-                                     <li>Simplifying key expansion in the 256-bit
-                                         case by generating an extra round key.
-                                         </li></ul> */
-}
-mbedtls_aes_context;
-
-/**
- * \brief          This function initializes the specified AES context.
- *
- *                 It must be the first API called before using
- *                 the context.
- *
- * \param ctx      The AES context to initialize.
- */
-void mbedtls_aes_init( mbedtls_aes_context *ctx );
-
-/**
- * \brief          This function releases and clears the specified AES context.
- *
- * \param ctx      The AES context to clear.
- */
-void mbedtls_aes_free( mbedtls_aes_context *ctx );
-
-/**
- * \brief          This function sets the encryption key.
- *
- * \param ctx      The AES context to which the key should be bound.
- * \param key      The encryption key.
- * \param keybits  The size of data passed in bits. Valid options are:
- *                 <ul><li>128 bits</li>
- *                 <li>192 bits</li>
- *                 <li>256 bits</li></ul>
- *
- * \return         \c 0 on success or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
- *                 on failure.
- */
-int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keybits );
-
-/**
- * \brief          This function sets the decryption key.
- *
- * \param ctx      The AES context to which the key should be bound.
- * \param key      The decryption key.
- * \param keybits  The size of data passed. Valid options are:
- *                 <ul><li>128 bits</li>
- *                 <li>192 bits</li>
- *                 <li>256 bits</li></ul>
- *
- * \return         \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keybits );
-
-/**
- * \brief          This function performs an AES single-block encryption or
- *                 decryption operation.
- *
- *                 It performs the operation defined in the \p mode parameter
- *                 (encrypt or decrypt), on the input data buffer defined in
- *                 the \p input parameter.
- *
- *                 mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or
- *                 mbedtls_aes_setkey_dec() must be called before the first
- *                 call to this API with the same context.
- *
- * \param ctx      The AES context to use for encryption or decryption.
- * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
- *                 #MBEDTLS_AES_DECRYPT.
- * \param input    The 16-Byte buffer holding the input data.
- * \param output   The 16-Byte buffer holding the output data.
-
- * \return         \c 0 on success.
- */
-int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
-                    int mode,
-                    const unsigned char input[16],
-                    unsigned char output[16] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief  This function performs an AES-CBC encryption or decryption operation
- *         on full blocks.
- *
- *         It performs the operation defined in the \p mode
- *         parameter (encrypt/decrypt), on the input data buffer defined in
- *         the \p input parameter.
- *
- *         It can be called as many times as needed, until all the input
- *         data is processed. mbedtls_aes_init(), and either
- *         mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
- *         before the first call to this API with the same context.
- *
- * \note   This function operates on aligned blocks, that is, the input size
- *         must be a multiple of the AES block size of 16 Bytes.
- *
- * \note   Upon exit, the content of the IV is updated so that you can
- *         call the same function again on the next
- *         block(s) of data and get the same result as if it was
- *         encrypted in one call. This allows a "streaming" usage.
- *         If you need to retain the contents of the IV, you should
- *         either save it manually or use the cipher module instead.
- *
- *
- * \param ctx      The AES context to use for encryption or decryption.
- * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
- *                 #MBEDTLS_AES_DECRYPT.
- * \param length   The length of the input data in Bytes. This must be a
- *                 multiple of the block size (16 Bytes).
- * \param iv       Initialization vector (updated after use).
- * \param input    The buffer holding the input data.
- * \param output   The buffer holding the output data.
- *
- * \return         \c 0 on success, or #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
- *                 on failure.
- */
-int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[16],
-                    const unsigned char *input,
-                    unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/**
- * \brief This function performs an AES-CFB128 encryption or decryption
- *        operation.
- *
- *        It performs the operation defined in the \p mode
- *        parameter (encrypt or decrypt), on the input data buffer
- *        defined in the \p input parameter.
- *
- *        For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
- *        regardless of whether you are performing an encryption or decryption
- *        operation, that is, regardless of the \p mode parameter. This is
- *        because CFB mode uses the same key schedule for encryption and
- *        decryption.
- *
- * \note  Upon exit, the content of the IV is updated so that you can
- *        call the same function again on the next
- *        block(s) of data and get the same result as if it was
- *        encrypted in one call. This allows a "streaming" usage.
- *        If you need to retain the contents of the
- *        IV, you must either save it manually or use the cipher
- *        module instead.
- *
- *
- * \param ctx      The AES context to use for encryption or decryption.
- * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
- *                 #MBEDTLS_AES_DECRYPT.
- * \param length   The length of the input data.
- * \param iv_off   The offset in IV (updated after use).
- * \param iv       The initialization vector (updated after use).
- * \param input    The buffer holding the input data.
- * \param output   The buffer holding the output data.
- *
- * \return         \c 0 on success.
- */
-int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
-                       int mode,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-
-/**
- * \brief This function performs an AES-CFB8 encryption or decryption
- *        operation.
- *
- *        It performs the operation defined in the \p mode
- *        parameter (encrypt/decrypt), on the input data buffer defined
- *        in the \p input parameter.
- *
- *        Due to the nature of CFB, you must use the same key schedule for
- *        both encryption and decryption operations. Therefore, you must
- *        use the context initialized with mbedtls_aes_setkey_enc() for
- *        both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
- *
- * \note  Upon exit, the content of the IV is updated so that you can
- *        call the same function again on the next
- *        block(s) of data and get the same result as if it was
- *        encrypted in one call. This allows a "streaming" usage.
- *        If you need to retain the contents of the
- *        IV, you should either save it manually or use the cipher
- *        module instead.
- *
- *
- * \param ctx      The AES context to use for encryption or decryption.
- * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
- *                 #MBEDTLS_AES_DECRYPT
- * \param length   The length of the input data.
- * \param iv       The initialization vector (updated after use).
- * \param input    The buffer holding the input data.
- * \param output   The buffer holding the output data.
- *
- * \return         \c 0 on success.
- */
-int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[16],
-                    const unsigned char *input,
-                    unsigned char *output );
-#endif /*MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/**
- * \brief      This function performs an AES-CTR encryption or decryption
- *             operation.
- *
- *             This function performs the operation defined in the \p mode
- *             parameter (encrypt/decrypt), on the input data buffer
- *             defined in the \p input parameter.
- *
- *             Due to the nature of CTR, you must use the same key schedule
- *             for both encryption and decryption operations. Therefore, you
- *             must use the context initialized with mbedtls_aes_setkey_enc()
- *             for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
- *
- * \warning    You must keep the maximum use of your counter in mind.
- *
- * \param ctx              The AES context to use for encryption or decryption.
- * \param length           The length of the input data.
- * \param nc_off           The offset in the current \p stream_block, for
- *                         resuming within the current cipher stream. The
- *                         offset pointer should be 0 at the start of a stream.
- * \param nonce_counter    The 128-bit nonce and counter.
- * \param stream_block     The saved stream block for resuming. This is
- *                         overwritten by the function.
- * \param input            The buffer holding the input data.
- * \param output           The buffer holding the output data.
- *
- * \return     \c 0 on success.
- */
-int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[16],
-                       unsigned char stream_block[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-/**
- * \brief           Internal AES block encryption function. This is only
- *                  exposed to allow overriding it using
- *                  \c MBEDTLS_AES_ENCRYPT_ALT.
- *
- * \param ctx       The AES context to use for encryption.
- * \param input     The plaintext block.
- * \param output    The output (ciphertext) block.
- *
- * \return          \c 0 on success.
- */
-int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
-                                  const unsigned char input[16],
-                                  unsigned char output[16] );
-
-/**
- * \brief           Internal AES block decryption function. This is only
- *                  exposed to allow overriding it using see
- *                  \c MBEDTLS_AES_DECRYPT_ALT.
- *
- * \param ctx       The AES context to use for decryption.
- * \param input     The ciphertext block.
- * \param output    The output (plaintext) block.
- *
- * \return          \c 0 on success.
- */
-int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
-                                  const unsigned char input[16],
-                                  unsigned char output[16] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief           Deprecated internal AES block encryption function
- *                  without return value.
- *
- * \deprecated      Superseded by mbedtls_aes_encrypt_ext() in 2.5.0.
- *
- * \param ctx       The AES context to use for encryption.
- * \param input     Plaintext block.
- * \param output    Output (ciphertext) block.
- */
-MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
-                                             const unsigned char input[16],
-                                             unsigned char output[16] );
-
-/**
- * \brief           Deprecated internal AES block decryption function
- *                  without return value.
- *
- * \deprecated      Superseded by mbedtls_aes_decrypt_ext() in 2.5.0.
- *
- * \param ctx       The AES context to use for decryption.
- * \param input     Ciphertext block.
- * \param output    Output (plaintext) block.
- */
-MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
-                                             const unsigned char input[16],
-                                             unsigned char output[16] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_AES_ALT */
-#include "aes_alt.h"
-#endif /* MBEDTLS_AES_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Checkup routine.
- *
- * \return         \c 0 on success, or \c 1 on failure.
- */
-int mbedtls_aes_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* aes.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/aesni.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/aesni.h
deleted file mode 100644
index 746baa0e..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/aesni.h
+++ /dev/null
@@ -1,112 +0,0 @@
-/**
- * \file aesni.h
- *
- * \brief AES-NI for hardware AES acceleration on some Intel processors
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_AESNI_H
-#define MBEDTLS_AESNI_H
-
-#include "aes.h"
-
-#define MBEDTLS_AESNI_AES      0x02000000u
-#define MBEDTLS_AESNI_CLMUL    0x00000002u
-
-#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) &&  \
-    ( defined(__amd64__) || defined(__x86_64__) )   &&  \
-    ! defined(MBEDTLS_HAVE_X86_64)
-#define MBEDTLS_HAVE_X86_64
-#endif
-
-#if defined(MBEDTLS_HAVE_X86_64)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          AES-NI features detection routine
- *
- * \param what     The feature to detect
- *                 (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL)
- *
- * \return         1 if CPU has support for the feature, 0 otherwise
- */
-int mbedtls_aesni_has_support( unsigned int what );
-
-/**
- * \brief          AES-NI AES-ECB block en(de)cryption
- *
- * \param ctx      AES context
- * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
- * \param input    16-byte input block
- * \param output   16-byte output block
- *
- * \return         0 on success (cannot fail)
- */
-int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
-                     int mode,
-                     const unsigned char input[16],
-                     unsigned char output[16] );
-
-/**
- * \brief          GCM multiplication: c = a * b in GF(2^128)
- *
- * \param c        Result
- * \param a        First operand
- * \param b        Second operand
- *
- * \note           Both operands and result are bit strings interpreted as
- *                 elements of GF(2^128) as per the GCM spec.
- */
-void mbedtls_aesni_gcm_mult( unsigned char c[16],
-                     const unsigned char a[16],
-                     const unsigned char b[16] );
-
-/**
- * \brief           Compute decryption round keys from encryption round keys
- *
- * \param invkey    Round keys for the equivalent inverse cipher
- * \param fwdkey    Original round keys (for encryption)
- * \param nr        Number of rounds (that is, number of round keys minus one)
- */
-void mbedtls_aesni_inverse_key( unsigned char *invkey,
-                        const unsigned char *fwdkey, int nr );
-
-/**
- * \brief           Perform key expansion (for encryption)
- *
- * \param rk        Destination buffer where the round keys are written
- * \param key       Encryption key
- * \param bits      Key size in bits (must be 128, 192 or 256)
- *
- * \return          0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
- */
-int mbedtls_aesni_setkey_enc( unsigned char *rk,
-                      const unsigned char *key,
-                      size_t bits );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_HAVE_X86_64 */
-
-#endif /* MBEDTLS_AESNI_H */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/arc4.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/arc4.h
deleted file mode 100644
index f9d93f82..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/arc4.h
+++ /dev/null
@@ -1,149 +0,0 @@
-/**
- * \file arc4.h
- *
- * \brief The ARCFOUR stream cipher
- *
- * \warning   ARC4 is considered a weak cipher and its use constitutes a
- *            security risk. We recommend considering stronger ciphers instead.
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- *
- */
-#ifndef MBEDTLS_ARC4_H
-#define MBEDTLS_ARC4_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-#define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED                  -0x0019  /**< ARC4 hardware accelerator failed. */
-
-#if !defined(MBEDTLS_ARC4_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief     ARC4 context structure
- *
- * \warning   ARC4 is considered a weak cipher and its use constitutes a
- *            security risk. We recommend considering stronger ciphers instead.
- *
- */
-typedef struct
-{
-    int x;                      /*!< permutation index */
-    int y;                      /*!< permutation index */
-    unsigned char m[256];       /*!< permutation table */
-}
-mbedtls_arc4_context;
-
-/**
- * \brief          Initialize ARC4 context
- *
- * \param ctx      ARC4 context to be initialized
- *
- * \warning        ARC4 is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- *
- */
-void mbedtls_arc4_init( mbedtls_arc4_context *ctx );
-
-/**
- * \brief          Clear ARC4 context
- *
- * \param ctx      ARC4 context to be cleared
- *
- * \warning        ARC4 is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- *
- */
-void mbedtls_arc4_free( mbedtls_arc4_context *ctx );
-
-/**
- * \brief          ARC4 key schedule
- *
- * \param ctx      ARC4 context to be setup
- * \param key      the secret key
- * \param keylen   length of the key, in bytes
- *
- * \warning        ARC4 is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- *
- */
-void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
-                 unsigned int keylen );
-
-/**
- * \brief          ARC4 cipher function
- *
- * \param ctx      ARC4 context
- * \param length   length of the input data
- * \param input    buffer holding the input data
- * \param output   buffer for the output data
- *
- * \return         0 if successful
- *
- * \warning        ARC4 is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- *
- */
-int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
-                unsigned char *output );
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_ARC4_ALT */
-#include "arc4_alt.h"
-#endif /* MBEDTLS_ARC4_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- *
- * \warning        ARC4 is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- *
- */
-int mbedtls_arc4_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* arc4.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/asn1.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/asn1.h
deleted file mode 100644
index 96c1c9a8..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/asn1.h
+++ /dev/null
@@ -1,358 +0,0 @@
-/**
- * \file asn1.h
- *
- * \brief Generic ASN.1 parsing
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_ASN1_H
-#define MBEDTLS_ASN1_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-#if defined(MBEDTLS_BIGNUM_C)
-#include "bignum.h"
-#endif
-
-/**
- * \addtogroup asn1_module
- * \{
- */
-
-/**
- * \name ASN1 Error codes
- * These error codes are OR'ed to X509 error codes for
- * higher error granularity.
- * ASN1 is a standard to specify data structures.
- * \{
- */
-#define MBEDTLS_ERR_ASN1_OUT_OF_DATA                      -0x0060  /**< Out of data when parsing an ASN1 data structure. */
-#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG                   -0x0062  /**< ASN1 tag was of an unexpected value. */
-#define MBEDTLS_ERR_ASN1_INVALID_LENGTH                   -0x0064  /**< Error when trying to determine the length or invalid length. */
-#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH                  -0x0066  /**< Actual length differs from expected length. */
-#define MBEDTLS_ERR_ASN1_INVALID_DATA                     -0x0068  /**< Data is invalid. (not used) */
-#define MBEDTLS_ERR_ASN1_ALLOC_FAILED                     -0x006A  /**< Memory allocation failed */
-#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL                    -0x006C  /**< Buffer too small when writing ASN.1 data structure. */
-
-/* \} name */
-
-/**
- * \name DER constants
- * These constants comply with the DER encoded ASN.1 type tags.
- * DER encoding uses hexadecimal representation.
- * An example DER sequence is:\n
- * - 0x02 -- tag indicating INTEGER
- * - 0x01 -- length in octets
- * - 0x05 -- value
- * Such sequences are typically read into \c ::mbedtls_x509_buf.
- * \{
- */
-#define MBEDTLS_ASN1_BOOLEAN                 0x01
-#define MBEDTLS_ASN1_INTEGER                 0x02
-#define MBEDTLS_ASN1_BIT_STRING              0x03
-#define MBEDTLS_ASN1_OCTET_STRING            0x04
-#define MBEDTLS_ASN1_NULL                    0x05
-#define MBEDTLS_ASN1_OID                     0x06
-#define MBEDTLS_ASN1_UTF8_STRING             0x0C
-#define MBEDTLS_ASN1_SEQUENCE                0x10
-#define MBEDTLS_ASN1_SET                     0x11
-#define MBEDTLS_ASN1_PRINTABLE_STRING        0x13
-#define MBEDTLS_ASN1_T61_STRING              0x14
-#define MBEDTLS_ASN1_IA5_STRING              0x16
-#define MBEDTLS_ASN1_UTC_TIME                0x17
-#define MBEDTLS_ASN1_GENERALIZED_TIME        0x18
-#define MBEDTLS_ASN1_UNIVERSAL_STRING        0x1C
-#define MBEDTLS_ASN1_BMP_STRING              0x1E
-#define MBEDTLS_ASN1_PRIMITIVE               0x00
-#define MBEDTLS_ASN1_CONSTRUCTED             0x20
-#define MBEDTLS_ASN1_CONTEXT_SPECIFIC        0x80
-
-/*
- * Bit masks for each of the components of an ASN.1 tag as specified in
- * ITU X.690 (08/2015), section 8.1 "General rules for encoding",
- * paragraph 8.1.2.2:
- *
- * Bit  8     7   6   5          1
- *     +-------+-----+------------+
- *     | Class | P/C | Tag number |
- *     +-------+-----+------------+
- */
-#define MBEDTLS_ASN1_TAG_CLASS_MASK          0xC0
-#define MBEDTLS_ASN1_TAG_PC_MASK             0x20
-#define MBEDTLS_ASN1_TAG_VALUE_MASK          0x1F
-
-/* \} name */
-/* \} addtogroup asn1_module */
-
-/** Returns the size of the binary string, without the trailing \\0 */
-#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
-
-/**
- * Compares an mbedtls_asn1_buf structure to a reference OID.
- *
- * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
- * 'unsigned char *oid' here!
- */
-#define MBEDTLS_OID_CMP(oid_str, oid_buf)                                   \
-        ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) ||                \
-          memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name Functions to parse ASN.1 data structures
- * \{
- */
-
-/**
- * Type-length-value structure that allows for ASN1 using DER.
- */
-typedef struct mbedtls_asn1_buf
-{
-    int tag;                /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
-    size_t len;             /**< ASN1 length, in octets. */
-    unsigned char *p;       /**< ASN1 data, e.g. in ASCII. */
-}
-mbedtls_asn1_buf;
-
-/**
- * Container for ASN1 bit strings.
- */
-typedef struct mbedtls_asn1_bitstring
-{
-    size_t len;                 /**< ASN1 length, in octets. */
-    unsigned char unused_bits;  /**< Number of unused bits at the end of the string */
-    unsigned char *p;           /**< Raw ASN1 data for the bit string */
-}
-mbedtls_asn1_bitstring;
-
-/**
- * Container for a sequence of ASN.1 items
- */
-typedef struct mbedtls_asn1_sequence
-{
-    mbedtls_asn1_buf buf;                   /**< Buffer containing the given ASN.1 item. */
-    struct mbedtls_asn1_sequence *next;    /**< The next entry in the sequence. */
-}
-mbedtls_asn1_sequence;
-
-/**
- * Container for a sequence or list of 'named' ASN.1 data items
- */
-typedef struct mbedtls_asn1_named_data
-{
-    mbedtls_asn1_buf oid;                   /**< The object identifier. */
-    mbedtls_asn1_buf val;                   /**< The named value. */
-    struct mbedtls_asn1_named_data *next;  /**< The next entry in the sequence. */
-    unsigned char next_merged;      /**< Merge next item into the current one? */
-}
-mbedtls_asn1_named_data;
-
-/**
- * \brief       Get the length of an ASN.1 element.
- *              Updates the pointer to immediately behind the length.
- *
- * \param p     The position in the ASN.1 data
- * \param end   End of data
- * \param len   The variable that will receive the value
- *
- * \return      0 if successful, MBEDTLS_ERR_ASN1_OUT_OF_DATA on reaching
- *              end of data, MBEDTLS_ERR_ASN1_INVALID_LENGTH if length is
- *              unparseable.
- */
-int mbedtls_asn1_get_len( unsigned char **p,
-                  const unsigned char *end,
-                  size_t *len );
-
-/**
- * \brief       Get the tag and length of the tag. Check for the requested tag.
- *              Updates the pointer to immediately behind the tag and length.
- *
- * \param p     The position in the ASN.1 data
- * \param end   End of data
- * \param len   The variable that will receive the length
- * \param tag   The expected tag
- *
- * \return      0 if successful, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if tag did
- *              not match requested tag, or another specific ASN.1 error code.
- */
-int mbedtls_asn1_get_tag( unsigned char **p,
-                  const unsigned char *end,
-                  size_t *len, int tag );
-
-/**
- * \brief       Retrieve a boolean ASN.1 tag and its value.
- *              Updates the pointer to immediately behind the full tag.
- *
- * \param p     The position in the ASN.1 data
- * \param end   End of data
- * \param val   The variable that will receive the value
- *
- * \return      0 if successful or a specific ASN.1 error code.
- */
-int mbedtls_asn1_get_bool( unsigned char **p,
-                   const unsigned char *end,
-                   int *val );
-
-/**
- * \brief       Retrieve an integer ASN.1 tag and its value.
- *              Updates the pointer to immediately behind the full tag.
- *
- * \param p     The position in the ASN.1 data
- * \param end   End of data
- * \param val   The variable that will receive the value
- *
- * \return      0 if successful or a specific ASN.1 error code.
- */
-int mbedtls_asn1_get_int( unsigned char **p,
-                  const unsigned char *end,
-                  int *val );
-
-/**
- * \brief       Retrieve a bitstring ASN.1 tag and its value.
- *              Updates the pointer to immediately behind the full tag.
- *
- * \param p     The position in the ASN.1 data
- * \param end   End of data
- * \param bs    The variable that will receive the value
- *
- * \return      0 if successful or a specific ASN.1 error code.
- */
-int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
-                        mbedtls_asn1_bitstring *bs);
-
-/**
- * \brief       Retrieve a bitstring ASN.1 tag without unused bits and its
- *              value.
- *              Updates the pointer to the beginning of the bit/octet string.
- *
- * \param p     The position in the ASN.1 data
- * \param end   End of data
- * \param len   Length of the actual bit/octect string in bytes
- *
- * \return      0 if successful or a specific ASN.1 error code.
- */
-int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
-                             size_t *len );
-
-/**
- * \brief       Parses and splits an ASN.1 "SEQUENCE OF <tag>"
- *              Updated the pointer to immediately behind the full sequence tag.
- *
- * \param p     The position in the ASN.1 data
- * \param end   End of data
- * \param cur   First variable in the chain to fill
- * \param tag   Type of sequence
- *
- * \return      0 if successful or a specific ASN.1 error code.
- */
-int mbedtls_asn1_get_sequence_of( unsigned char **p,
-                          const unsigned char *end,
-                          mbedtls_asn1_sequence *cur,
-                          int tag);
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief       Retrieve a MPI value from an integer ASN.1 tag.
- *              Updates the pointer to immediately behind the full tag.
- *
- * \param p     The position in the ASN.1 data
- * \param end   End of data
- * \param X     The MPI that will receive the value
- *
- * \return      0 if successful or a specific ASN.1 or MPI error code.
- */
-int mbedtls_asn1_get_mpi( unsigned char **p,
-                  const unsigned char *end,
-                  mbedtls_mpi *X );
-#endif /* MBEDTLS_BIGNUM_C */
-
-/**
- * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence.
- *              Updates the pointer to immediately behind the full
- *              AlgorithmIdentifier.
- *
- * \param p     The position in the ASN.1 data
- * \param end   End of data
- * \param alg   The buffer to receive the OID
- * \param params The buffer to receive the params (if any)
- *
- * \return      0 if successful or a specific ASN.1 or MPI error code.
- */
-int mbedtls_asn1_get_alg( unsigned char **p,
-                  const unsigned char *end,
-                  mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
-
-/**
- * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
- *              params.
- *              Updates the pointer to immediately behind the full
- *              AlgorithmIdentifier.
- *
- * \param p     The position in the ASN.1 data
- * \param end   End of data
- * \param alg   The buffer to receive the OID
- *
- * \return      0 if successful or a specific ASN.1 or MPI error code.
- */
-int mbedtls_asn1_get_alg_null( unsigned char **p,
-                       const unsigned char *end,
-                       mbedtls_asn1_buf *alg );
-
-/**
- * \brief       Find a specific named_data entry in a sequence or list based on
- *              the OID.
- *
- * \param list  The list to seek through
- * \param oid   The OID to look for
- * \param len   Size of the OID
- *
- * \return      NULL if not found, or a pointer to the existing entry.
- */
-mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
-                                       const char *oid, size_t len );
-
-/**
- * \brief       Free a mbedtls_asn1_named_data entry
- *
- * \param entry The named data entry to free
- */
-void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
-
-/**
- * \brief       Free all entries in a mbedtls_asn1_named_data list
- *              Head will be set to NULL
- *
- * \param head  Pointer to the head of the list of named data entries to free
- */
-void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* asn1.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/asn1write.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/asn1write.h
deleted file mode 100644
index f76fc807..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/asn1write.h
+++ /dev/null
@@ -1,240 +0,0 @@
-/**
- * \file asn1write.h
- *
- * \brief ASN.1 buffer writing functionality
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_ASN1_WRITE_H
-#define MBEDTLS_ASN1_WRITE_H
-
-#include "asn1.h"
-
-#define MBEDTLS_ASN1_CHK_ADD(g, f) do { if( ( ret = f ) < 0 ) return( ret ); else   \
-                                g += ret; } while( 0 )
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief           Write a length field in ASN.1 format
- *                  Note: function works backwards in data buffer
- *
- * \param p         reference to current position pointer
- * \param start     start of the buffer (for bounds-checking)
- * \param len       the length to write
- *
- * \return          the length written or a negative error code
- */
-int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
-
-/**
- * \brief           Write a ASN.1 tag in ASN.1 format
- *                  Note: function works backwards in data buffer
- *
- * \param p         reference to current position pointer
- * \param start     start of the buffer (for bounds-checking)
- * \param tag       the tag to write
- *
- * \return          the length written or a negative error code
- */
-int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start,
-                    unsigned char tag );
-
-/**
- * \brief           Write raw buffer data
- *                  Note: function works backwards in data buffer
- *
- * \param p         reference to current position pointer
- * \param start     start of the buffer (for bounds-checking)
- * \param buf       data buffer to write
- * \param size      length of the data buffer
- *
- * \return          the length written or a negative error code
- */
-int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
-                           const unsigned char *buf, size_t size );
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief           Write a big number (MBEDTLS_ASN1_INTEGER) in ASN.1 format
- *                  Note: function works backwards in data buffer
- *
- * \param p         reference to current position pointer
- * \param start     start of the buffer (for bounds-checking)
- * \param X         the MPI to write
- *
- * \return          the length written or a negative error code
- */
-int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X );
-#endif /* MBEDTLS_BIGNUM_C */
-
-/**
- * \brief           Write a NULL tag (MBEDTLS_ASN1_NULL) with zero data in ASN.1 format
- *                  Note: function works backwards in data buffer
- *
- * \param p         reference to current position pointer
- * \param start     start of the buffer (for bounds-checking)
- *
- * \return          the length written or a negative error code
- */
-int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start );
-
-/**
- * \brief           Write an OID tag (MBEDTLS_ASN1_OID) and data in ASN.1 format
- *                  Note: function works backwards in data buffer
- *
- * \param p         reference to current position pointer
- * \param start     start of the buffer (for bounds-checking)
- * \param oid       the OID to write
- * \param oid_len   length of the OID
- *
- * \return          the length written or a negative error code
- */
-int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
-                    const char *oid, size_t oid_len );
-
-/**
- * \brief           Write an AlgorithmIdentifier sequence in ASN.1 format
- *                  Note: function works backwards in data buffer
- *
- * \param p         reference to current position pointer
- * \param start     start of the buffer (for bounds-checking)
- * \param oid       the OID of the algorithm
- * \param oid_len   length of the OID
- * \param par_len   length of parameters, which must be already written.
- *                  If 0, NULL parameters are added
- *
- * \return          the length written or a negative error code
- */
-int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
-                                     const char *oid, size_t oid_len,
-                                     size_t par_len );
-
-/**
- * \brief           Write a boolean tag (MBEDTLS_ASN1_BOOLEAN) and value in ASN.1 format
- *                  Note: function works backwards in data buffer
- *
- * \param p         reference to current position pointer
- * \param start     start of the buffer (for bounds-checking)
- * \param boolean   0 or 1
- *
- * \return          the length written or a negative error code
- */
-int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean );
-
-/**
- * \brief           Write an int tag (MBEDTLS_ASN1_INTEGER) and value in ASN.1 format
- *                  Note: function works backwards in data buffer
- *
- * \param p         reference to current position pointer
- * \param start     start of the buffer (for bounds-checking)
- * \param val       the integer value
- *
- * \return          the length written or a negative error code
- */
-int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val );
-
-/**
- * \brief           Write a printable string tag (MBEDTLS_ASN1_PRINTABLE_STRING) and
- *                  value in ASN.1 format
- *                  Note: function works backwards in data buffer
- *
- * \param p         reference to current position pointer
- * \param start     start of the buffer (for bounds-checking)
- * \param text      the text to write
- * \param text_len  length of the text
- *
- * \return          the length written or a negative error code
- */
-int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start,
-                                 const char *text, size_t text_len );
-
-/**
- * \brief           Write an IA5 string tag (MBEDTLS_ASN1_IA5_STRING) and
- *                  value in ASN.1 format
- *                  Note: function works backwards in data buffer
- *
- * \param p         reference to current position pointer
- * \param start     start of the buffer (for bounds-checking)
- * \param text      the text to write
- * \param text_len  length of the text
- *
- * \return          the length written or a negative error code
- */
-int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
-                           const char *text, size_t text_len );
-
-/**
- * \brief           Write a bitstring tag (MBEDTLS_ASN1_BIT_STRING) and
- *                  value in ASN.1 format
- *                  Note: function works backwards in data buffer
- *
- * \param p         reference to current position pointer
- * \param start     start of the buffer (for bounds-checking)
- * \param buf       the bitstring
- * \param bits      the total number of bits in the bitstring
- *
- * \return          the length written or a negative error code
- */
-int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
-                          const unsigned char *buf, size_t bits );
-
-/**
- * \brief           Write an octet string tag (MBEDTLS_ASN1_OCTET_STRING) and
- *                  value in ASN.1 format
- *                  Note: function works backwards in data buffer
- *
- * \param p         reference to current position pointer
- * \param start     start of the buffer (for bounds-checking)
- * \param buf       data buffer to write
- * \param size      length of the data buffer
- *
- * \return          the length written or a negative error code
- */
-int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
-                             const unsigned char *buf, size_t size );
-
-/**
- * \brief           Create or find a specific named_data entry for writing in a
- *                  sequence or list based on the OID. If not already in there,
- *                  a new entry is added to the head of the list.
- *                  Warning: Destructive behaviour for the val data!
- *
- * \param list      Pointer to the location of the head of the list to seek
- *                  through (will be updated in case of a new entry)
- * \param oid       The OID to look for
- * \param oid_len   Size of the OID
- * \param val       Data to store (can be NULL if you want to fill it by hand)
- * \param val_len   Minimum length of the data buffer needed
- *
- * \return      NULL if if there was a memory allocation error, or a pointer
- *              to the new / existing entry.
- */
-mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list,
-                                        const char *oid, size_t oid_len,
-                                        const unsigned char *val,
-                                        size_t val_len );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_ASN1_WRITE_H */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/base64.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/base64.h
deleted file mode 100644
index 7a64f521..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/base64.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/**
- * \file base64.h
- *
- * \brief RFC 1521 base64 encoding/decoding
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_BASE64_H
-#define MBEDTLS_BASE64_H
-
-#include <stddef.h>
-
-#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL               -0x002A  /**< Output buffer too small. */
-#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER              -0x002C  /**< Invalid character in input. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Encode a buffer into base64 format
- *
- * \param dst      destination buffer
- * \param dlen     size of the destination buffer
- * \param olen     number of bytes written
- * \param src      source buffer
- * \param slen     amount of data to be encoded
- *
- * \return         0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL.
- *                 *olen is always updated to reflect the amount
- *                 of data that has (or would have) been written.
- *                 If that length cannot be represented, then no data is
- *                 written to the buffer and *olen is set to the maximum
- *                 length representable as a size_t.
- *
- * \note           Call this function with dlen = 0 to obtain the
- *                 required buffer size in *olen
- */
-int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
-                   const unsigned char *src, size_t slen );
-
-/**
- * \brief          Decode a base64-formatted buffer
- *
- * \param dst      destination buffer (can be NULL for checking size)
- * \param dlen     size of the destination buffer
- * \param olen     number of bytes written
- * \param src      source buffer
- * \param slen     amount of data to be decoded
- *
- * \return         0 if successful, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, or
- *                 MBEDTLS_ERR_BASE64_INVALID_CHARACTER if the input data is
- *                 not correct. *olen is always updated to reflect the amount
- *                 of data that has (or would have) been written.
- *
- * \note           Call this function with *dst = NULL or dlen = 0 to obtain
- *                 the required buffer size in *olen
- */
-int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
-                   const unsigned char *src, size_t slen );
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mbedtls_base64_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* base64.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/bignum.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/bignum.h
deleted file mode 100644
index 3bf02a7e..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/bignum.h
+++ /dev/null
@@ -1,766 +0,0 @@
-/**
- * \file bignum.h
- *
- * \brief Multi-precision integer library
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_BIGNUM_H
-#define MBEDTLS_BIGNUM_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#endif
-
-#define MBEDTLS_ERR_MPI_FILE_IO_ERROR                     -0x0002  /**< An error occurred while reading from or writing to a file. */
-#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA                    -0x0004  /**< Bad input parameters to function. */
-#define MBEDTLS_ERR_MPI_INVALID_CHARACTER                 -0x0006  /**< There is an invalid character in the digit string. */
-#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL                  -0x0008  /**< The buffer is too small to write to. */
-#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE                    -0x000A  /**< The input arguments are negative or result in illegal output. */
-#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO                  -0x000C  /**< The input argument for division is zero, which is not allowed. */
-#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE                    -0x000E  /**< The input arguments are not acceptable. */
-#define MBEDTLS_ERR_MPI_ALLOC_FAILED                      -0x0010  /**< Memory allocation failed. */
-
-#define MBEDTLS_MPI_CHK(f) do { if( ( ret = f ) != 0 ) goto cleanup; } while( 0 )
-
-/*
- * Maximum size MPIs are allowed to grow to in number of limbs.
- */
-#define MBEDTLS_MPI_MAX_LIMBS                             10000
-
-#if !defined(MBEDTLS_MPI_WINDOW_SIZE)
-/*
- * Maximum window size used for modular exponentiation. Default: 6
- * Minimum value: 1. Maximum value: 6.
- *
- * Result is an array of ( 2 << MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
- * for the sliding window calculation. (So 64 by default)
- *
- * Reduction in size, reduces speed.
- */
-#define MBEDTLS_MPI_WINDOW_SIZE                           6        /**< Maximum windows size used. */
-#endif /* !MBEDTLS_MPI_WINDOW_SIZE */
-
-#if !defined(MBEDTLS_MPI_MAX_SIZE)
-/*
- * Maximum size of MPIs allowed in bits and bytes for user-MPIs.
- * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )
- *
- * Note: Calculations can temporarily result in larger MPIs. So the number
- * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher.
- */
-#define MBEDTLS_MPI_MAX_SIZE                              1024     /**< Maximum number of bytes for usable MPIs. */
-#endif /* !MBEDTLS_MPI_MAX_SIZE */
-
-#define MBEDTLS_MPI_MAX_BITS                              ( 8 * MBEDTLS_MPI_MAX_SIZE )    /**< Maximum number of bits for usable MPIs. */
-
-/*
- * When reading from files with mbedtls_mpi_read_file() and writing to files with
- * mbedtls_mpi_write_file() the buffer should have space
- * for a (short) label, the MPI (in the provided radix), the newline
- * characters and the '\0'.
- *
- * By default we assume at least a 10 char label, a minimum radix of 10
- * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
- * Autosized at compile time for at least a 10 char label, a minimum radix
- * of 10 (decimal) for a number of MBEDTLS_MPI_MAX_BITS size.
- *
- * This used to be statically sized to 1250 for a maximum of 4096 bit
- * numbers (1234 decimal chars).
- *
- * Calculate using the formula:
- *  MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) +
- *                                LabelSize + 6
- */
-#define MBEDTLS_MPI_MAX_BITS_SCALE100          ( 100 * MBEDTLS_MPI_MAX_BITS )
-#define MBEDTLS_LN_2_DIV_LN_10_SCALE100                 332
-#define MBEDTLS_MPI_RW_BUFFER_SIZE             ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
-
-/*
- * Define the base integer type, architecture-wise.
- *
- * 32 or 64-bit integer types can be forced regardless of the underlying
- * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64
- * respectively and undefining MBEDTLS_HAVE_ASM.
- *
- * Double-width integers (e.g. 128-bit in 64-bit architectures) can be
- * disabled by defining MBEDTLS_NO_UDBL_DIVISION.
- */
-#if !defined(MBEDTLS_HAVE_INT32)
-    #if defined(_MSC_VER) && defined(_M_AMD64)
-        /* Always choose 64-bit when using MSC */
-        #if !defined(MBEDTLS_HAVE_INT64)
-            #define MBEDTLS_HAVE_INT64
-        #endif /* !MBEDTLS_HAVE_INT64 */
-        typedef  int64_t mbedtls_mpi_sint;
-        typedef uint64_t mbedtls_mpi_uint;
-    #elif defined(__GNUC__) && (                         \
-        defined(__amd64__) || defined(__x86_64__)     || \
-        defined(__ppc64__) || defined(__powerpc64__)  || \
-        defined(__ia64__)  || defined(__alpha__)      || \
-        ( defined(__sparc__) && defined(__arch64__) ) || \
-        defined(__s390x__) || defined(__mips64) )
-        #if !defined(MBEDTLS_HAVE_INT64)
-            #define MBEDTLS_HAVE_INT64
-        #endif /* MBEDTLS_HAVE_INT64 */
-        typedef  int64_t mbedtls_mpi_sint;
-        typedef uint64_t mbedtls_mpi_uint;
-        #if !defined(MBEDTLS_NO_UDBL_DIVISION)
-            /* mbedtls_t_udbl defined as 128-bit unsigned int */
-            typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
-            #define MBEDTLS_HAVE_UDBL
-        #endif /* !MBEDTLS_NO_UDBL_DIVISION */
-    #elif defined(__ARMCC_VERSION) && defined(__aarch64__)
-        /*
-         * __ARMCC_VERSION is defined for both armcc and armclang and
-         * __aarch64__ is only defined by armclang when compiling 64-bit code
-         */
-        #if !defined(MBEDTLS_HAVE_INT64)
-            #define MBEDTLS_HAVE_INT64
-        #endif /* !MBEDTLS_HAVE_INT64 */
-        typedef  int64_t mbedtls_mpi_sint;
-        typedef uint64_t mbedtls_mpi_uint;
-        #if !defined(MBEDTLS_NO_UDBL_DIVISION)
-            /* mbedtls_t_udbl defined as 128-bit unsigned int */
-            typedef __uint128_t mbedtls_t_udbl;
-            #define MBEDTLS_HAVE_UDBL
-        #endif /* !MBEDTLS_NO_UDBL_DIVISION */
-    #elif defined(MBEDTLS_HAVE_INT64)
-        /* Force 64-bit integers with unknown compiler */
-        typedef  int64_t mbedtls_mpi_sint;
-        typedef uint64_t mbedtls_mpi_uint;
-    #endif
-#endif /* !MBEDTLS_HAVE_INT32 */
-
-#if !defined(MBEDTLS_HAVE_INT64)
-    /* Default to 32-bit compilation */
-    #if !defined(MBEDTLS_HAVE_INT32)
-        #define MBEDTLS_HAVE_INT32
-    #endif /* !MBEDTLS_HAVE_INT32 */
-    typedef  int32_t mbedtls_mpi_sint;
-    typedef uint32_t mbedtls_mpi_uint;
-    #if !defined(MBEDTLS_NO_UDBL_DIVISION)
-        typedef uint64_t mbedtls_t_udbl;
-        #define MBEDTLS_HAVE_UDBL
-    #endif /* !MBEDTLS_NO_UDBL_DIVISION */
-#endif /* !MBEDTLS_HAVE_INT64 */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          MPI structure
- */
-typedef struct
-{
-    int s;              /*!<  integer sign      */
-    size_t n;           /*!<  total # of limbs  */
-    mbedtls_mpi_uint *p;          /*!<  pointer to limbs  */
-}
-mbedtls_mpi;
-
-/**
- * \brief           Initialize one MPI (make internal references valid)
- *                  This just makes it ready to be set or freed,
- *                  but does not define a value for the MPI.
- *
- * \param X         One MPI to initialize.
- */
-void mbedtls_mpi_init( mbedtls_mpi *X );
-
-/**
- * \brief          Unallocate one MPI
- *
- * \param X        One MPI to unallocate.
- */
-void mbedtls_mpi_free( mbedtls_mpi *X );
-
-/**
- * \brief          Enlarge to the specified number of limbs
- *
- * \param X        MPI to grow
- * \param nblimbs  The target number of limbs
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
-
-/**
- * \brief          Resize down, keeping at least the specified number of limbs
- *
- * \param X        MPI to shrink
- * \param nblimbs  The minimum number of limbs to keep
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
-
-/**
- * \brief          Copy the contents of Y into X
- *
- * \param X        Destination MPI
- * \param Y        Source MPI
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );
-
-/**
- * \brief          Swap the contents of X and Y
- *
- * \param X        First MPI value
- * \param Y        Second MPI value
- */
-void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
-
-/**
- * \brief          Safe conditional assignement X = Y if assign is 1
- *
- * \param X        MPI to conditionally assign to
- * \param Y        Value to be assigned
- * \param assign   1: perform the assignment, 0: keep X's original value
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *
- * \note           This function is equivalent to
- *                      if( assign ) mbedtls_mpi_copy( X, Y );
- *                 except that it avoids leaking any information about whether
- *                 the assignment was done or not (the above code may leak
- *                 information through branch prediction and/or memory access
- *                 patterns analysis).
- */
-int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign );
-
-/**
- * \brief          Safe conditional swap X <-> Y if swap is 1
- *
- * \param X        First mbedtls_mpi value
- * \param Y        Second mbedtls_mpi value
- * \param assign   1: perform the swap, 0: keep X and Y's original values
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *
- * \note           This function is equivalent to
- *                      if( assign ) mbedtls_mpi_swap( X, Y );
- *                 except that it avoids leaking any information about whether
- *                 the assignment was done or not (the above code may leak
- *                 information through branch prediction and/or memory access
- *                 patterns analysis).
- */
-int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign );
-
-/**
- * \brief          Set value from integer
- *
- * \param X        MPI to set
- * \param z        Value to use
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );
-
-/**
- * \brief          Get a specific bit from X
- *
- * \param X        MPI to use
- * \param pos      Zero-based index of the bit in X
- *
- * \return         Either a 0 or a 1
- */
-int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );
-
-/**
- * \brief          Set a bit of X to a specific value of 0 or 1
- *
- * \note           Will grow X if necessary to set a bit to 1 in a not yet
- *                 existing limb. Will not grow if bit should be set to 0
- *
- * \param X        MPI to use
- * \param pos      Zero-based index of the bit in X
- * \param val      The value to set the bit to (0 or 1)
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1
- */
-int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );
-
-/**
- * \brief          Return the number of zero-bits before the least significant
- *                 '1' bit
- *
- * Note: Thus also the zero-based index of the least significant '1' bit
- *
- * \param X        MPI to use
- */
-size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );
-
-/**
- * \brief          Return the number of bits up to and including the most
- *                 significant '1' bit'
- *
- * Note: Thus also the one-based index of the most significant '1' bit
- *
- * \param X        MPI to use
- */
-size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X );
-
-/**
- * \brief          Return the total size in bytes
- *
- * \param X        MPI to use
- */
-size_t mbedtls_mpi_size( const mbedtls_mpi *X );
-
-/**
- * \brief          Import from an ASCII string
- *
- * \param X        Destination MPI
- * \param radix    Input numeric base
- * \param s        Null-terminated string buffer
- *
- * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
- */
-int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );
-
-/**
- * \brief          Export into an ASCII string
- *
- * \param X        Source MPI
- * \param radix    Output numeric base
- * \param buf      Buffer to write the string to
- * \param buflen   Length of buf
- * \param olen     Length of the string written, including final NUL byte
- *
- * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code.
- *                 *olen is always updated to reflect the amount
- *                 of data that has (or would have) been written.
- *
- * \note           Call this function with buflen = 0 to obtain the
- *                 minimum required buffer size in *olen.
- */
-int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
-                              char *buf, size_t buflen, size_t *olen );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief          Read MPI from a line in an opened file
- *
- * \param X        Destination MPI
- * \param radix    Input numeric base
- * \param fin      Input file handle
- *
- * \return         0 if successful, MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if
- *                 the file read buffer is too small or a
- *                 MBEDTLS_ERR_MPI_XXX error code
- *
- * \note           On success, this function advances the file stream
- *                 to the end of the current line or to EOF.
- *
- *                 The function returns 0 on an empty line.
- *
- *                 Leading whitespaces are ignored, as is a
- *                 '0x' prefix for radix 16.
- *
- */
-int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );
-
-/**
- * \brief          Write X into an opened file, or stdout if fout is NULL
- *
- * \param p        Prefix, can be NULL
- * \param X        Source MPI
- * \param radix    Output numeric base
- * \param fout     Output file handle (can be NULL)
- *
- * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
- *
- * \note           Set fout == NULL to print X on the console.
- */
-int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout );
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief          Import X from unsigned binary data, big endian
- *
- * \param X        Destination MPI
- * \param buf      Input buffer
- * \param buflen   Input buffer size
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen );
-
-/**
- * \brief          Export X into unsigned binary data, big endian.
- *                 Always fills the whole buffer, which will start with zeros
- *                 if the number is smaller.
- *
- * \param X        Source MPI
- * \param buf      Output buffer
- * \param buflen   Output buffer size
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough
- */
-int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen );
-
-/**
- * \brief          Left-shift: X <<= count
- *
- * \param X        MPI to shift
- * \param count    Amount to shift
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );
-
-/**
- * \brief          Right-shift: X >>= count
- *
- * \param X        MPI to shift
- * \param count    Amount to shift
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );
-
-/**
- * \brief          Compare unsigned values
- *
- * \param X        Left-hand MPI
- * \param Y        Right-hand MPI
- *
- * \return         1 if |X| is greater than |Y|,
- *                -1 if |X| is lesser  than |Y| or
- *                 0 if |X| is equal to |Y|
- */
-int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
-
-/**
- * \brief          Compare signed values
- *
- * \param X        Left-hand MPI
- * \param Y        Right-hand MPI
- *
- * \return         1 if X is greater than Y,
- *                -1 if X is lesser  than Y or
- *                 0 if X is equal to Y
- */
-int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
-
-/**
- * \brief          Compare signed values
- *
- * \param X        Left-hand MPI
- * \param z        The integer value to compare to
- *
- * \return         1 if X is greater than z,
- *                -1 if X is lesser  than z or
- *                 0 if X is equal to z
- */
-int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );
-
-/**
- * \brief          Unsigned addition: X = |A| + |B|
- *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param B        Right-hand MPI
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
-
-/**
- * \brief          Unsigned subtraction: X = |A| - |B|
- *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param B        Right-hand MPI
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B is greater than A
- */
-int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
-
-/**
- * \brief          Signed addition: X = A + B
- *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param B        Right-hand MPI
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
-
-/**
- * \brief          Signed subtraction: X = A - B
- *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param B        Right-hand MPI
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
-
-/**
- * \brief          Signed addition: X = A + b
- *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param b        The integer value to add
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
-
-/**
- * \brief          Signed subtraction: X = A - b
- *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param b        The integer value to subtract
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
-
-/**
- * \brief          Baseline multiplication: X = A * B
- *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param B        Right-hand MPI
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
-
-/**
- * \brief          Baseline multiplication: X = A * b
- *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param b        The unsigned integer value to multiply with
- *
- * \note           b is unsigned
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b );
-
-/**
- * \brief          Division by mbedtls_mpi: A = Q * B + R
- *
- * \param Q        Destination MPI for the quotient
- * \param R        Destination MPI for the rest value
- * \param A        Left-hand MPI
- * \param B        Right-hand MPI
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0
- *
- * \note           Either Q or R can be NULL.
- */
-int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
-
-/**
- * \brief          Division by int: A = Q * b + R
- *
- * \param Q        Destination MPI for the quotient
- * \param R        Destination MPI for the rest value
- * \param A        Left-hand MPI
- * \param b        Integer to divide by
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0
- *
- * \note           Either Q or R can be NULL.
- */
-int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b );
-
-/**
- * \brief          Modulo: R = A mod B
- *
- * \param R        Destination MPI for the rest value
- * \param A        Left-hand MPI
- * \param B        Right-hand MPI
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0,
- *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B < 0
- */
-int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
-
-/**
- * \brief          Modulo: r = A mod b
- *
- * \param r        Destination mbedtls_mpi_uint
- * \param A        Left-hand MPI
- * \param b        Integer to divide by
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0,
- *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if b < 0
- */
-int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b );
-
-/**
- * \brief          Sliding-window exponentiation: X = A^E mod N
- *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param E        Exponent MPI
- * \param N        Modular MPI
- * \param _RR      Speed-up MPI used for recalculations
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is negative or even or
- *                 if E is negative
- *
- * \note           _RR is used to avoid re-computing R*R mod N across
- *                 multiple calls, which speeds up things a bit. It can
- *                 be set to NULL if the extra performance is unneeded.
- */
-int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR );
-
-/**
- * \brief          Fill an MPI X with size bytes of random
- *
- * \param X        Destination MPI
- * \param size     Size in bytes
- * \param f_rng    RNG function
- * \param p_rng    RNG parameter
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- *
- * \note           The bytes obtained from the PRNG are interpreted
- *                 as a big-endian representation of an MPI; this can
- *                 be relevant in applications like deterministic ECDSA.
- */
-int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
-
-/**
- * \brief          Greatest common divisor: G = gcd(A, B)
- *
- * \param G        Destination MPI
- * \param A        Left-hand MPI
- * \param B        Right-hand MPI
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B );
-
-/**
- * \brief          Modular inverse: X = A^-1 mod N
- *
- * \param X        Destination MPI
- * \param A        Left-hand MPI
- * \param N        Right-hand MPI
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is <= 1,
-                   MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N.
- */
-int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N );
-
-/**
- * \brief          Miller-Rabin primality test
- *
- * \param X        MPI to check
- * \param f_rng    RNG function
- * \param p_rng    RNG parameter
- *
- * \return         0 if successful (probably prime),
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if X is not prime
- */
-int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
-                  int (*f_rng)(void *, unsigned char *, size_t),
-                  void *p_rng );
-
-/**
- * \brief          Prime number generation
- *
- * \param X        Destination MPI
- * \param nbits    Required size of X in bits
- *                 ( 3 <= nbits <= MBEDTLS_MPI_MAX_BITS )
- * \param dh_flag  If 1, then (X-1)/2 will be prime too
- * \param f_rng    RNG function
- * \param p_rng    RNG parameter
- *
- * \return         0 if successful (probably prime),
- *                 MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
- */
-int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
-                   int (*f_rng)(void *, unsigned char *, size_t),
-                   void *p_rng );
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mbedtls_mpi_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* bignum.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/blowfish.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/blowfish.h
deleted file mode 100644
index c0ef5a04..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/blowfish.h
+++ /dev/null
@@ -1,205 +0,0 @@
-/**
- * \file blowfish.h
- *
- * \brief Blowfish block cipher
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_BLOWFISH_H
-#define MBEDTLS_BLOWFISH_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#define MBEDTLS_BLOWFISH_ENCRYPT     1
-#define MBEDTLS_BLOWFISH_DECRYPT     0
-#define MBEDTLS_BLOWFISH_MAX_KEY_BITS     448
-#define MBEDTLS_BLOWFISH_MIN_KEY_BITS     32
-#define MBEDTLS_BLOWFISH_ROUNDS      16         /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
-#define MBEDTLS_BLOWFISH_BLOCKSIZE   8          /* Blowfish uses 64 bit blocks */
-
-#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH                -0x0016  /**< Invalid key length. */
-#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED                   -0x0017  /**< Blowfish hardware accelerator failed. */
-#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH              -0x0018  /**< Invalid data input length. */
-
-#if !defined(MBEDTLS_BLOWFISH_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Blowfish context structure
- */
-typedef struct
-{
-    uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2];    /*!<  Blowfish round keys    */
-    uint32_t S[4][256];                 /*!<  key dependent S-boxes  */
-}
-mbedtls_blowfish_context;
-
-/**
- * \brief          Initialize Blowfish context
- *
- * \param ctx      Blowfish context to be initialized
- */
-void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx );
-
-/**
- * \brief          Clear Blowfish context
- *
- * \param ctx      Blowfish context to be cleared
- */
-void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx );
-
-/**
- * \brief          Blowfish key schedule
- *
- * \param ctx      Blowfish context to be initialized
- * \param key      encryption key
- * \param keybits  must be between 32 and 448 bits
- *
- * \return         0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
- */
-int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
-                     unsigned int keybits );
-
-/**
- * \brief          Blowfish-ECB block encryption/decryption
- *
- * \param ctx      Blowfish context
- * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
- * \param input    8-byte input block
- * \param output   8-byte output block
- *
- * \return         0 if successful
- */
-int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
-                        int mode,
-                        const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                        unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief          Blowfish-CBC buffer encryption/decryption
- *                 Length should be a multiple of the block
- *                 size (8 bytes)
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      Blowfish context
- * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
- * \param length   length of the input data
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
- *
- * \return         0 if successful, or
- *                 MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
- */
-int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
-                        int mode,
-                        size_t length,
-                        unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                        const unsigned char *input,
-                        unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/**
- * \brief          Blowfish CFB buffer encryption/decryption.
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      Blowfish context
- * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
- * \param length   length of the input data
- * \param iv_off   offset in IV (updated after use)
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
- *
- * \return         0 if successful
- */
-int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
-                          int mode,
-                          size_t length,
-                          size_t *iv_off,
-                          unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                          const unsigned char *input,
-                          unsigned char *output );
-#endif /*MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/**
- * \brief               Blowfish-CTR buffer encryption/decryption
- *
- * Warning: You have to keep the maximum use of your counter in mind!
- *
- * \param ctx           Blowfish context
- * \param length        The length of the data
- * \param nc_off        The offset in the current stream_block (for resuming
- *                      within current cipher stream). The offset pointer to
- *                      should be 0 at the start of a stream.
- * \param nonce_counter The 64-bit nonce and counter.
- * \param stream_block  The saved stream-block for resuming. Is overwritten
- *                      by the function.
- * \param input         The input data stream
- * \param output        The output data stream
- *
- * \return         0 if successful
- */
-int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
-                        size_t length,
-                        size_t *nc_off,
-                        unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                        unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                        const unsigned char *input,
-                        unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_BLOWFISH_ALT */
-#include "blowfish_alt.h"
-#endif /* MBEDTLS_BLOWFISH_ALT */
-
-#endif /* blowfish.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/bn_mul.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/bn_mul.h
deleted file mode 100644
index 354c1cc1..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/bn_mul.h
+++ /dev/null
@@ -1,886 +0,0 @@
-/**
- * \file bn_mul.h
- *
- * \brief Multi-precision integer library
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *      Multiply source vector [s] with b, add result
- *       to destination vector [d] and set carry c.
- *
- *      Currently supports:
- *
- *         . IA-32 (386+)         . AMD64 / EM64T
- *         . IA-32 (SSE2)         . Motorola 68000
- *         . PowerPC, 32-bit      . MicroBlaze
- *         . PowerPC, 64-bit      . TriCore
- *         . SPARC v8             . ARM v3+
- *         . Alpha                . MIPS32
- *         . C, longlong          . C, generic
- */
-#ifndef MBEDTLS_BN_MUL_H
-#define MBEDTLS_BN_MUL_H
-
-#include "bignum.h"
-
-#if defined(MBEDTLS_HAVE_ASM)
-
-#ifndef asm
-#define asm __asm
-#endif
-
-/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
-#if defined(__GNUC__) && \
-    ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
-#if defined(__i386__)
-
-#define MULADDC_INIT                        \
-    asm(                                    \
-        "movl   %%ebx, %0           \n\t"   \
-        "movl   %5, %%esi           \n\t"   \
-        "movl   %6, %%edi           \n\t"   \
-        "movl   %7, %%ecx           \n\t"   \
-        "movl   %8, %%ebx           \n\t"
-
-#define MULADDC_CORE                        \
-        "lodsl                      \n\t"   \
-        "mull   %%ebx               \n\t"   \
-        "addl   %%ecx,   %%eax      \n\t"   \
-        "adcl   $0,      %%edx      \n\t"   \
-        "addl   (%%edi), %%eax      \n\t"   \
-        "adcl   $0,      %%edx      \n\t"   \
-        "movl   %%edx,   %%ecx      \n\t"   \
-        "stosl                      \n\t"
-
-#if defined(MBEDTLS_HAVE_SSE2)
-
-#define MULADDC_HUIT                            \
-        "movd     %%ecx,     %%mm1      \n\t"   \
-        "movd     %%ebx,     %%mm0      \n\t"   \
-        "movd     (%%edi),   %%mm3      \n\t"   \
-        "paddq    %%mm3,     %%mm1      \n\t"   \
-        "movd     (%%esi),   %%mm2      \n\t"   \
-        "pmuludq  %%mm0,     %%mm2      \n\t"   \
-        "movd     4(%%esi),  %%mm4      \n\t"   \
-        "pmuludq  %%mm0,     %%mm4      \n\t"   \
-        "movd     8(%%esi),  %%mm6      \n\t"   \
-        "pmuludq  %%mm0,     %%mm6      \n\t"   \
-        "movd     12(%%esi), %%mm7      \n\t"   \
-        "pmuludq  %%mm0,     %%mm7      \n\t"   \
-        "paddq    %%mm2,     %%mm1      \n\t"   \
-        "movd     4(%%edi),  %%mm3      \n\t"   \
-        "paddq    %%mm4,     %%mm3      \n\t"   \
-        "movd     8(%%edi),  %%mm5      \n\t"   \
-        "paddq    %%mm6,     %%mm5      \n\t"   \
-        "movd     12(%%edi), %%mm4      \n\t"   \
-        "paddq    %%mm4,     %%mm7      \n\t"   \
-        "movd     %%mm1,     (%%edi)    \n\t"   \
-        "movd     16(%%esi), %%mm2      \n\t"   \
-        "pmuludq  %%mm0,     %%mm2      \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "movd     20(%%esi), %%mm4      \n\t"   \
-        "pmuludq  %%mm0,     %%mm4      \n\t"   \
-        "paddq    %%mm3,     %%mm1      \n\t"   \
-        "movd     24(%%esi), %%mm6      \n\t"   \
-        "pmuludq  %%mm0,     %%mm6      \n\t"   \
-        "movd     %%mm1,     4(%%edi)   \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "movd     28(%%esi), %%mm3      \n\t"   \
-        "pmuludq  %%mm0,     %%mm3      \n\t"   \
-        "paddq    %%mm5,     %%mm1      \n\t"   \
-        "movd     16(%%edi), %%mm5      \n\t"   \
-        "paddq    %%mm5,     %%mm2      \n\t"   \
-        "movd     %%mm1,     8(%%edi)   \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "paddq    %%mm7,     %%mm1      \n\t"   \
-        "movd     20(%%edi), %%mm5      \n\t"   \
-        "paddq    %%mm5,     %%mm4      \n\t"   \
-        "movd     %%mm1,     12(%%edi)  \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "paddq    %%mm2,     %%mm1      \n\t"   \
-        "movd     24(%%edi), %%mm5      \n\t"   \
-        "paddq    %%mm5,     %%mm6      \n\t"   \
-        "movd     %%mm1,     16(%%edi)  \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "paddq    %%mm4,     %%mm1      \n\t"   \
-        "movd     28(%%edi), %%mm5      \n\t"   \
-        "paddq    %%mm5,     %%mm3      \n\t"   \
-        "movd     %%mm1,     20(%%edi)  \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "paddq    %%mm6,     %%mm1      \n\t"   \
-        "movd     %%mm1,     24(%%edi)  \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "paddq    %%mm3,     %%mm1      \n\t"   \
-        "movd     %%mm1,     28(%%edi)  \n\t"   \
-        "addl     $32,       %%edi      \n\t"   \
-        "addl     $32,       %%esi      \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "movd     %%mm1,     %%ecx      \n\t"
-
-#define MULADDC_STOP                    \
-        "emms                   \n\t"   \
-        "movl   %4, %%ebx       \n\t"   \
-        "movl   %%ecx, %1       \n\t"   \
-        "movl   %%edi, %2       \n\t"   \
-        "movl   %%esi, %3       \n\t"   \
-        : "=m" (t), "=m" (c), "=m" (d), "=m" (s)        \
-        : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b)   \
-        : "eax", "ecx", "edx", "esi", "edi"             \
-    );
-
-#else
-
-#define MULADDC_STOP                    \
-        "movl   %4, %%ebx       \n\t"   \
-        "movl   %%ecx, %1       \n\t"   \
-        "movl   %%edi, %2       \n\t"   \
-        "movl   %%esi, %3       \n\t"   \
-        : "=m" (t), "=m" (c), "=m" (d), "=m" (s)        \
-        : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b)   \
-        : "eax", "ecx", "edx", "esi", "edi"             \
-    );
-#endif /* SSE2 */
-#endif /* i386 */
-
-#if defined(__amd64__) || defined (__x86_64__)
-
-#define MULADDC_INIT                        \
-    asm(                                    \
-        "xorq   %%r8, %%r8          \n\t"
-
-#define MULADDC_CORE                        \
-        "movq   (%%rsi), %%rax      \n\t"   \
-        "mulq   %%rbx               \n\t"   \
-        "addq   $8,      %%rsi      \n\t"   \
-        "addq   %%rcx,   %%rax      \n\t"   \
-        "movq   %%r8,    %%rcx      \n\t"   \
-        "adcq   $0,      %%rdx      \n\t"   \
-        "nop                        \n\t"   \
-        "addq   %%rax,   (%%rdi)    \n\t"   \
-        "adcq   %%rdx,   %%rcx      \n\t"   \
-        "addq   $8,      %%rdi      \n\t"
-
-#define MULADDC_STOP                        \
-        : "+c" (c), "+D" (d), "+S" (s)      \
-        : "b" (b)                           \
-        : "rax", "rdx", "r8"                \
-    );
-
-#endif /* AMD64 */
-
-#if defined(__mc68020__) || defined(__mcpu32__)
-
-#define MULADDC_INIT                    \
-    asm(                                \
-        "movl   %3, %%a2        \n\t"   \
-        "movl   %4, %%a3        \n\t"   \
-        "movl   %5, %%d3        \n\t"   \
-        "movl   %6, %%d2        \n\t"   \
-        "moveq  #0, %%d0        \n\t"
-
-#define MULADDC_CORE                    \
-        "movel  %%a2@+, %%d1    \n\t"   \
-        "mulul  %%d2, %%d4:%%d1 \n\t"   \
-        "addl   %%d3, %%d1      \n\t"   \
-        "addxl  %%d0, %%d4      \n\t"   \
-        "moveq  #0,   %%d3      \n\t"   \
-        "addl   %%d1, %%a3@+    \n\t"   \
-        "addxl  %%d4, %%d3      \n\t"
-
-#define MULADDC_STOP                    \
-        "movl   %%d3, %0        \n\t"   \
-        "movl   %%a3, %1        \n\t"   \
-        "movl   %%a2, %2        \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "d0", "d1", "d2", "d3", "d4", "a2", "a3"  \
-    );
-
-#define MULADDC_HUIT                        \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
-        "addxl  %%d3,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d4       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
-        "addxl  %%d4,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d3       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
-        "addxl  %%d3,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d4       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
-        "addxl  %%d4,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d3       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
-        "addxl  %%d3,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d4       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
-        "addxl  %%d4,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d3       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
-        "addxl  %%d3,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d4       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
-        "addxl  %%d4,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d3       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "addxl  %%d0,    %%d3       \n\t"
-
-#endif /* MC68000 */
-
-#if defined(__powerpc64__) || defined(__ppc64__)
-
-#if defined(__MACH__) && defined(__APPLE__)
-
-#define MULADDC_INIT                        \
-    asm(                                    \
-        "ld     r3, %3              \n\t"   \
-        "ld     r4, %4              \n\t"   \
-        "ld     r5, %5              \n\t"   \
-        "ld     r6, %6              \n\t"   \
-        "addi   r3, r3, -8          \n\t"   \
-        "addi   r4, r4, -8          \n\t"   \
-        "addic  r5, r5,  0          \n\t"
-
-#define MULADDC_CORE                        \
-        "ldu    r7, 8(r3)           \n\t"   \
-        "mulld  r8, r7, r6          \n\t"   \
-        "mulhdu r9, r7, r6          \n\t"   \
-        "adde   r8, r8, r5          \n\t"   \
-        "ld     r7, 8(r4)           \n\t"   \
-        "addze  r5, r9              \n\t"   \
-        "addc   r8, r8, r7          \n\t"   \
-        "stdu   r8, 8(r4)           \n\t"
-
-#define MULADDC_STOP                        \
-        "addze  r5, r5              \n\t"   \
-        "addi   r4, r4, 8           \n\t"   \
-        "addi   r3, r3, 8           \n\t"   \
-        "std    r5, %0              \n\t"   \
-        "std    r4, %1              \n\t"   \
-        "std    r3, %2              \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
-    );
-
-
-#else /* __MACH__ && __APPLE__ */
-
-#define MULADDC_INIT                        \
-    asm(                                    \
-        "ld     %%r3, %3            \n\t"   \
-        "ld     %%r4, %4            \n\t"   \
-        "ld     %%r5, %5            \n\t"   \
-        "ld     %%r6, %6            \n\t"   \
-        "addi   %%r3, %%r3, -8      \n\t"   \
-        "addi   %%r4, %%r4, -8      \n\t"   \
-        "addic  %%r5, %%r5,  0      \n\t"
-
-#define MULADDC_CORE                        \
-        "ldu    %%r7, 8(%%r3)       \n\t"   \
-        "mulld  %%r8, %%r7, %%r6    \n\t"   \
-        "mulhdu %%r9, %%r7, %%r6    \n\t"   \
-        "adde   %%r8, %%r8, %%r5    \n\t"   \
-        "ld     %%r7, 8(%%r4)       \n\t"   \
-        "addze  %%r5, %%r9          \n\t"   \
-        "addc   %%r8, %%r8, %%r7    \n\t"   \
-        "stdu   %%r8, 8(%%r4)       \n\t"
-
-#define MULADDC_STOP                        \
-        "addze  %%r5, %%r5          \n\t"   \
-        "addi   %%r4, %%r4, 8       \n\t"   \
-        "addi   %%r3, %%r3, 8       \n\t"   \
-        "std    %%r5, %0            \n\t"   \
-        "std    %%r4, %1            \n\t"   \
-        "std    %%r3, %2            \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
-    );
-
-#endif /* __MACH__ && __APPLE__ */
-
-#elif defined(__powerpc__) || defined(__ppc__) /* end PPC64/begin PPC32  */
-
-#if defined(__MACH__) && defined(__APPLE__)
-
-#define MULADDC_INIT                    \
-    asm(                                \
-        "lwz    r3, %3          \n\t"   \
-        "lwz    r4, %4          \n\t"   \
-        "lwz    r5, %5          \n\t"   \
-        "lwz    r6, %6          \n\t"   \
-        "addi   r3, r3, -4      \n\t"   \
-        "addi   r4, r4, -4      \n\t"   \
-        "addic  r5, r5,  0      \n\t"
-
-#define MULADDC_CORE                    \
-        "lwzu   r7, 4(r3)       \n\t"   \
-        "mullw  r8, r7, r6      \n\t"   \
-        "mulhwu r9, r7, r6      \n\t"   \
-        "adde   r8, r8, r5      \n\t"   \
-        "lwz    r7, 4(r4)       \n\t"   \
-        "addze  r5, r9          \n\t"   \
-        "addc   r8, r8, r7      \n\t"   \
-        "stwu   r8, 4(r4)       \n\t"
-
-#define MULADDC_STOP                    \
-        "addze  r5, r5          \n\t"   \
-        "addi   r4, r4, 4       \n\t"   \
-        "addi   r3, r3, 4       \n\t"   \
-        "stw    r5, %0          \n\t"   \
-        "stw    r4, %1          \n\t"   \
-        "stw    r3, %2          \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
-    );
-
-#else /* __MACH__ && __APPLE__ */
-
-#define MULADDC_INIT                        \
-    asm(                                    \
-        "lwz    %%r3, %3            \n\t"   \
-        "lwz    %%r4, %4            \n\t"   \
-        "lwz    %%r5, %5            \n\t"   \
-        "lwz    %%r6, %6            \n\t"   \
-        "addi   %%r3, %%r3, -4      \n\t"   \
-        "addi   %%r4, %%r4, -4      \n\t"   \
-        "addic  %%r5, %%r5,  0      \n\t"
-
-#define MULADDC_CORE                        \
-        "lwzu   %%r7, 4(%%r3)       \n\t"   \
-        "mullw  %%r8, %%r7, %%r6    \n\t"   \
-        "mulhwu %%r9, %%r7, %%r6    \n\t"   \
-        "adde   %%r8, %%r8, %%r5    \n\t"   \
-        "lwz    %%r7, 4(%%r4)       \n\t"   \
-        "addze  %%r5, %%r9          \n\t"   \
-        "addc   %%r8, %%r8, %%r7    \n\t"   \
-        "stwu   %%r8, 4(%%r4)       \n\t"
-
-#define MULADDC_STOP                        \
-        "addze  %%r5, %%r5          \n\t"   \
-        "addi   %%r4, %%r4, 4       \n\t"   \
-        "addi   %%r3, %%r3, 4       \n\t"   \
-        "stw    %%r5, %0            \n\t"   \
-        "stw    %%r4, %1            \n\t"   \
-        "stw    %%r3, %2            \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
-    );
-
-#endif /* __MACH__ && __APPLE__ */
-
-#endif /* PPC32 */
-
-/*
- * The Sparc(64) assembly is reported to be broken.
- * Disable it for now, until we're able to fix it.
- */
-#if 0 && defined(__sparc__)
-#if defined(__sparc64__)
-
-#define MULADDC_INIT                                    \
-    asm(                                                \
-                "ldx     %3, %%o0               \n\t"   \
-                "ldx     %4, %%o1               \n\t"   \
-                "ld      %5, %%o2               \n\t"   \
-                "ld      %6, %%o3               \n\t"
-
-#define MULADDC_CORE                                    \
-                "ld      [%%o0], %%o4           \n\t"   \
-                "inc     4, %%o0                \n\t"   \
-                "ld      [%%o1], %%o5           \n\t"   \
-                "umul    %%o3, %%o4, %%o4       \n\t"   \
-                "addcc   %%o4, %%o2, %%o4       \n\t"   \
-                "rd      %%y, %%g1              \n\t"   \
-                "addx    %%g1, 0, %%g1          \n\t"   \
-                "addcc   %%o4, %%o5, %%o4       \n\t"   \
-                "st      %%o4, [%%o1]           \n\t"   \
-                "addx    %%g1, 0, %%o2          \n\t"   \
-                "inc     4, %%o1                \n\t"
-
-        #define MULADDC_STOP                            \
-                "st      %%o2, %0               \n\t"   \
-                "stx     %%o1, %1               \n\t"   \
-                "stx     %%o0, %2               \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)          \
-        : "m" (s), "m" (d), "m" (c), "m" (b)    \
-        : "g1", "o0", "o1", "o2", "o3", "o4",   \
-          "o5"                                  \
-        );
-
-#else /* __sparc64__ */
-
-#define MULADDC_INIT                                    \
-    asm(                                                \
-                "ld      %3, %%o0               \n\t"   \
-                "ld      %4, %%o1               \n\t"   \
-                "ld      %5, %%o2               \n\t"   \
-                "ld      %6, %%o3               \n\t"
-
-#define MULADDC_CORE                                    \
-                "ld      [%%o0], %%o4           \n\t"   \
-                "inc     4, %%o0                \n\t"   \
-                "ld      [%%o1], %%o5           \n\t"   \
-                "umul    %%o3, %%o4, %%o4       \n\t"   \
-                "addcc   %%o4, %%o2, %%o4       \n\t"   \
-                "rd      %%y, %%g1              \n\t"   \
-                "addx    %%g1, 0, %%g1          \n\t"   \
-                "addcc   %%o4, %%o5, %%o4       \n\t"   \
-                "st      %%o4, [%%o1]           \n\t"   \
-                "addx    %%g1, 0, %%o2          \n\t"   \
-                "inc     4, %%o1                \n\t"
-
-#define MULADDC_STOP                                    \
-                "st      %%o2, %0               \n\t"   \
-                "st      %%o1, %1               \n\t"   \
-                "st      %%o0, %2               \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)          \
-        : "m" (s), "m" (d), "m" (c), "m" (b)    \
-        : "g1", "o0", "o1", "o2", "o3", "o4",   \
-          "o5"                                  \
-        );
-
-#endif /* __sparc64__ */
-#endif /* __sparc__ */
-
-#if defined(__microblaze__) || defined(microblaze)
-
-#define MULADDC_INIT                    \
-    asm(                                \
-        "lwi   r3,   %3         \n\t"   \
-        "lwi   r4,   %4         \n\t"   \
-        "lwi   r5,   %5         \n\t"   \
-        "lwi   r6,   %6         \n\t"   \
-        "andi  r7,   r6, 0xffff \n\t"   \
-        "bsrli r6,   r6, 16     \n\t"
-
-#define MULADDC_CORE                    \
-        "lhui  r8,   r3,   0    \n\t"   \
-        "addi  r3,   r3,   2    \n\t"   \
-        "lhui  r9,   r3,   0    \n\t"   \
-        "addi  r3,   r3,   2    \n\t"   \
-        "mul   r10,  r9,  r6    \n\t"   \
-        "mul   r11,  r8,  r7    \n\t"   \
-        "mul   r12,  r9,  r7    \n\t"   \
-        "mul   r13,  r8,  r6    \n\t"   \
-        "bsrli  r8, r10,  16    \n\t"   \
-        "bsrli  r9, r11,  16    \n\t"   \
-        "add   r13, r13,  r8    \n\t"   \
-        "add   r13, r13,  r9    \n\t"   \
-        "bslli r10, r10,  16    \n\t"   \
-        "bslli r11, r11,  16    \n\t"   \
-        "add   r12, r12, r10    \n\t"   \
-        "addc  r13, r13,  r0    \n\t"   \
-        "add   r12, r12, r11    \n\t"   \
-        "addc  r13, r13,  r0    \n\t"   \
-        "lwi   r10,  r4,   0    \n\t"   \
-        "add   r12, r12, r10    \n\t"   \
-        "addc  r13, r13,  r0    \n\t"   \
-        "add   r12, r12,  r5    \n\t"   \
-        "addc   r5, r13,  r0    \n\t"   \
-        "swi   r12,  r4,   0    \n\t"   \
-        "addi   r4,  r4,   4    \n\t"
-
-#define MULADDC_STOP                    \
-        "swi   r5,   %0         \n\t"   \
-        "swi   r4,   %1         \n\t"   \
-        "swi   r3,   %2         \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "r3", "r4"  "r5", "r6", "r7", "r8",       \
-          "r9", "r10", "r11", "r12", "r13"          \
-    );
-
-#endif /* MicroBlaze */
-
-#if defined(__tricore__)
-
-#define MULADDC_INIT                            \
-    asm(                                        \
-        "ld.a   %%a2, %3                \n\t"   \
-        "ld.a   %%a3, %4                \n\t"   \
-        "ld.w   %%d4, %5                \n\t"   \
-        "ld.w   %%d1, %6                \n\t"   \
-        "xor    %%d5, %%d5              \n\t"
-
-#define MULADDC_CORE                            \
-        "ld.w   %%d0,   [%%a2+]         \n\t"   \
-        "madd.u %%e2, %%e4, %%d0, %%d1  \n\t"   \
-        "ld.w   %%d0,   [%%a3]          \n\t"   \
-        "addx   %%d2,    %%d2,  %%d0    \n\t"   \
-        "addc   %%d3,    %%d3,    0     \n\t"   \
-        "mov    %%d4,    %%d3           \n\t"   \
-        "st.w  [%%a3+],  %%d2           \n\t"
-
-#define MULADDC_STOP                            \
-        "st.w   %0, %%d4                \n\t"   \
-        "st.a   %1, %%a3                \n\t"   \
-        "st.a   %2, %%a2                \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)          \
-        : "m" (s), "m" (d), "m" (c), "m" (b)    \
-        : "d0", "d1", "e2", "d4", "a2", "a3"    \
-    );
-
-#endif /* TriCore */
-
-/*
- * gcc -O0 by default uses r7 for the frame pointer, so it complains about our
- * use of r7 below, unless -fomit-frame-pointer is passed. Unfortunately,
- * passing that option is not easy when building with yotta.
- *
- * On the other hand, -fomit-frame-pointer is implied by any -Ox options with
- * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by
- * clang and armcc5 under the same conditions).
- *
- * So, only use the optimized assembly below for optimized build, which avoids
- * the build error and is pretty reasonable anyway.
- */
-#if defined(__GNUC__) && !defined(__OPTIMIZE__)
-#define MULADDC_CANNOT_USE_R7
-#endif
-
-#if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7)
-
-#if defined(__thumb__) && !defined(__thumb2__)
-
-#define MULADDC_INIT                                    \
-    asm(                                                \
-            "ldr    r0, %3                      \n\t"   \
-            "ldr    r1, %4                      \n\t"   \
-            "ldr    r2, %5                      \n\t"   \
-            "ldr    r3, %6                      \n\t"   \
-            "lsr    r7, r3, #16                 \n\t"   \
-            "mov    r9, r7                      \n\t"   \
-            "lsl    r7, r3, #16                 \n\t"   \
-            "lsr    r7, r7, #16                 \n\t"   \
-            "mov    r8, r7                      \n\t"
-
-#define MULADDC_CORE                                    \
-            "ldmia  r0!, {r6}                   \n\t"   \
-            "lsr    r7, r6, #16                 \n\t"   \
-            "lsl    r6, r6, #16                 \n\t"   \
-            "lsr    r6, r6, #16                 \n\t"   \
-            "mov    r4, r8                      \n\t"   \
-            "mul    r4, r6                      \n\t"   \
-            "mov    r3, r9                      \n\t"   \
-            "mul    r6, r3                      \n\t"   \
-            "mov    r5, r9                      \n\t"   \
-            "mul    r5, r7                      \n\t"   \
-            "mov    r3, r8                      \n\t"   \
-            "mul    r7, r3                      \n\t"   \
-            "lsr    r3, r6, #16                 \n\t"   \
-            "add    r5, r5, r3                  \n\t"   \
-            "lsr    r3, r7, #16                 \n\t"   \
-            "add    r5, r5, r3                  \n\t"   \
-            "add    r4, r4, r2                  \n\t"   \
-            "mov    r2, #0                      \n\t"   \
-            "adc    r5, r2                      \n\t"   \
-            "lsl    r3, r6, #16                 \n\t"   \
-            "add    r4, r4, r3                  \n\t"   \
-            "adc    r5, r2                      \n\t"   \
-            "lsl    r3, r7, #16                 \n\t"   \
-            "add    r4, r4, r3                  \n\t"   \
-            "adc    r5, r2                      \n\t"   \
-            "ldr    r3, [r1]                    \n\t"   \
-            "add    r4, r4, r3                  \n\t"   \
-            "adc    r2, r5                      \n\t"   \
-            "stmia  r1!, {r4}                   \n\t"
-
-#define MULADDC_STOP                                    \
-            "str    r2, %0                      \n\t"   \
-            "str    r1, %1                      \n\t"   \
-            "str    r0, %2                      \n\t"   \
-         : "=m" (c),  "=m" (d), "=m" (s)        \
-         : "m" (s), "m" (d), "m" (c), "m" (b)   \
-         : "r0", "r1", "r2", "r3", "r4", "r5",  \
-           "r6", "r7", "r8", "r9", "cc"         \
-         );
-
-#else
-
-#define MULADDC_INIT                                    \
-    asm(                                                \
-            "ldr    r0, %3                      \n\t"   \
-            "ldr    r1, %4                      \n\t"   \
-            "ldr    r2, %5                      \n\t"   \
-            "ldr    r3, %6                      \n\t"
-
-#define MULADDC_CORE                                    \
-            "ldr    r4, [r0], #4                \n\t"   \
-            "mov    r5, #0                      \n\t"   \
-            "ldr    r6, [r1]                    \n\t"   \
-            "umlal  r2, r5, r3, r4              \n\t"   \
-            "adds   r7, r6, r2                  \n\t"   \
-            "adc    r2, r5, #0                  \n\t"   \
-            "str    r7, [r1], #4                \n\t"
-
-#define MULADDC_STOP                                    \
-            "str    r2, %0                      \n\t"   \
-            "str    r1, %1                      \n\t"   \
-            "str    r0, %2                      \n\t"   \
-         : "=m" (c),  "=m" (d), "=m" (s)        \
-         : "m" (s), "m" (d), "m" (c), "m" (b)   \
-         : "r0", "r1", "r2", "r3", "r4", "r5",  \
-           "r6", "r7", "cc"                     \
-         );
-
-#endif /* Thumb */
-
-#endif /* ARMv3 */
-
-#if defined(__alpha__)
-
-#define MULADDC_INIT                    \
-    asm(                                \
-        "ldq    $1, %3          \n\t"   \
-        "ldq    $2, %4          \n\t"   \
-        "ldq    $3, %5          \n\t"   \
-        "ldq    $4, %6          \n\t"
-
-#define MULADDC_CORE                    \
-        "ldq    $6,  0($1)      \n\t"   \
-        "addq   $1,  8, $1      \n\t"   \
-        "mulq   $6, $4, $7      \n\t"   \
-        "umulh  $6, $4, $6      \n\t"   \
-        "addq   $7, $3, $7      \n\t"   \
-        "cmpult $7, $3, $3      \n\t"   \
-        "ldq    $5,  0($2)      \n\t"   \
-        "addq   $7, $5, $7      \n\t"   \
-        "cmpult $7, $5, $5      \n\t"   \
-        "stq    $7,  0($2)      \n\t"   \
-        "addq   $2,  8, $2      \n\t"   \
-        "addq   $6, $3, $3      \n\t"   \
-        "addq   $5, $3, $3      \n\t"
-
-#define MULADDC_STOP                                    \
-        "stq    $3, %0          \n\t"   \
-        "stq    $2, %1          \n\t"   \
-        "stq    $1, %2          \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "$1", "$2", "$3", "$4", "$5", "$6", "$7"  \
-    );
-#endif /* Alpha */
-
-#if defined(__mips__) && !defined(__mips64)
-
-#define MULADDC_INIT                    \
-    asm(                                \
-        "lw     $10, %3         \n\t"   \
-        "lw     $11, %4         \n\t"   \
-        "lw     $12, %5         \n\t"   \
-        "lw     $13, %6         \n\t"
-
-#define MULADDC_CORE                    \
-        "lw     $14, 0($10)     \n\t"   \
-        "multu  $13, $14        \n\t"   \
-        "addi   $10, $10, 4     \n\t"   \
-        "mflo   $14             \n\t"   \
-        "mfhi   $9              \n\t"   \
-        "addu   $14, $12, $14   \n\t"   \
-        "lw     $15, 0($11)     \n\t"   \
-        "sltu   $12, $14, $12   \n\t"   \
-        "addu   $15, $14, $15   \n\t"   \
-        "sltu   $14, $15, $14   \n\t"   \
-        "addu   $12, $12, $9    \n\t"   \
-        "sw     $15, 0($11)     \n\t"   \
-        "addu   $12, $12, $14   \n\t"   \
-        "addi   $11, $11, 4     \n\t"
-
-#define MULADDC_STOP                    \
-        "sw     $12, %0         \n\t"   \
-        "sw     $11, %1         \n\t"   \
-        "sw     $10, %2         \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)                      \
-        : "m" (s), "m" (d), "m" (c), "m" (b)                \
-        : "$9", "$10", "$11", "$12", "$13", "$14", "$15"    \
-    );
-
-#endif /* MIPS */
-#endif /* GNUC */
-
-#if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
-
-#define MULADDC_INIT                            \
-    __asm   mov     esi, s                      \
-    __asm   mov     edi, d                      \
-    __asm   mov     ecx, c                      \
-    __asm   mov     ebx, b
-
-#define MULADDC_CORE                            \
-    __asm   lodsd                               \
-    __asm   mul     ebx                         \
-    __asm   add     eax, ecx                    \
-    __asm   adc     edx, 0                      \
-    __asm   add     eax, [edi]                  \
-    __asm   adc     edx, 0                      \
-    __asm   mov     ecx, edx                    \
-    __asm   stosd
-
-#if defined(MBEDTLS_HAVE_SSE2)
-
-#define EMIT __asm _emit
-
-#define MULADDC_HUIT                            \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0xC9             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0xC3             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x1F             \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x16             \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xD0             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x66  EMIT 0x04  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xE0             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x76  EMIT 0x08  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xF0             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x7E  EMIT 0x0C  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xF8             \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCA             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x5F  EMIT 0x04  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xDC             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x08  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xEE             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x67  EMIT 0x0C  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xFC             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x0F             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x56  EMIT 0x10  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xD0             \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x66  EMIT 0x14  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xE0             \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x76  EMIT 0x18  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xF0             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x04  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x5E  EMIT 0x1C  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xD8             \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCD             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x10  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xD5             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x08  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCF             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x14  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xE5             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x0C  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCA             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x18  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xF5             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x10  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCC             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x1C  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xDD             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x14  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCE             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x18  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x1C  \
-    EMIT 0x83  EMIT 0xC7  EMIT 0x20             \
-    EMIT 0x83  EMIT 0xC6  EMIT 0x20             \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0xC9
-
-#define MULADDC_STOP                            \
-    EMIT 0x0F  EMIT 0x77                        \
-    __asm   mov     c, ecx                      \
-    __asm   mov     d, edi                      \
-    __asm   mov     s, esi                      \
-
-#else
-
-#define MULADDC_STOP                            \
-    __asm   mov     c, ecx                      \
-    __asm   mov     d, edi                      \
-    __asm   mov     s, esi                      \
-
-#endif /* SSE2 */
-#endif /* MSVC */
-
-#endif /* MBEDTLS_HAVE_ASM */
-
-#if !defined(MULADDC_CORE)
-#if defined(MBEDTLS_HAVE_UDBL)
-
-#define MULADDC_INIT                    \
-{                                       \
-    mbedtls_t_udbl r;                           \
-    mbedtls_mpi_uint r0, r1;
-
-#define MULADDC_CORE                    \
-    r   = *(s++) * (mbedtls_t_udbl) b;          \
-    r0  = (mbedtls_mpi_uint) r;                   \
-    r1  = (mbedtls_mpi_uint)( r >> biL );         \
-    r0 += c;  r1 += (r0 <  c);          \
-    r0 += *d; r1 += (r0 < *d);          \
-    c = r1; *(d++) = r0;
-
-#define MULADDC_STOP                    \
-}
-
-#else
-#define MULADDC_INIT                    \
-{                                       \
-    mbedtls_mpi_uint s0, s1, b0, b1;              \
-    mbedtls_mpi_uint r0, r1, rx, ry;              \
-    b0 = ( b << biH ) >> biH;           \
-    b1 = ( b >> biH );
-
-#define MULADDC_CORE                    \
-    s0 = ( *s << biH ) >> biH;          \
-    s1 = ( *s >> biH ); s++;            \
-    rx = s0 * b1; r0 = s0 * b0;         \
-    ry = s1 * b0; r1 = s1 * b1;         \
-    r1 += ( rx >> biH );                \
-    r1 += ( ry >> biH );                \
-    rx <<= biH; ry <<= biH;             \
-    r0 += rx; r1 += (r0 < rx);          \
-    r0 += ry; r1 += (r0 < ry);          \
-    r0 +=  c; r1 += (r0 <  c);          \
-    r0 += *d; r1 += (r0 < *d);          \
-    c = r1; *(d++) = r0;
-
-#define MULADDC_STOP                    \
-}
-
-#endif /* C (generic)  */
-#endif /* C (longlong) */
-
-#endif /* bn_mul.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/camellia.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/camellia.h
deleted file mode 100644
index cf07629d..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/camellia.h
+++ /dev/null
@@ -1,237 +0,0 @@
-/**
- * \file camellia.h
- *
- * \brief Camellia block cipher
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_CAMELLIA_H
-#define MBEDTLS_CAMELLIA_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#define MBEDTLS_CAMELLIA_ENCRYPT     1
-#define MBEDTLS_CAMELLIA_DECRYPT     0
-
-#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH           -0x0024  /**< Invalid key length. */
-#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH         -0x0026  /**< Invalid data input length. */
-#define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED              -0x0027  /**< Camellia hardware accelerator failed. */
-
-#if !defined(MBEDTLS_CAMELLIA_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          CAMELLIA context structure
- */
-typedef struct
-{
-    int nr;                     /*!<  number of rounds  */
-    uint32_t rk[68];            /*!<  CAMELLIA round keys    */
-}
-mbedtls_camellia_context;
-
-/**
- * \brief          Initialize CAMELLIA context
- *
- * \param ctx      CAMELLIA context to be initialized
- */
-void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
-
-/**
- * \brief          Clear CAMELLIA context
- *
- * \param ctx      CAMELLIA context to be cleared
- */
-void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
-
-/**
- * \brief          CAMELLIA key schedule (encryption)
- *
- * \param ctx      CAMELLIA context to be initialized
- * \param key      encryption key
- * \param keybits  must be 128, 192 or 256
- *
- * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
- */
-int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
-                         unsigned int keybits );
-
-/**
- * \brief          CAMELLIA key schedule (decryption)
- *
- * \param ctx      CAMELLIA context to be initialized
- * \param key      decryption key
- * \param keybits  must be 128, 192 or 256
- *
- * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
- */
-int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
-                         unsigned int keybits );
-
-/**
- * \brief          CAMELLIA-ECB block encryption/decryption
- *
- * \param ctx      CAMELLIA context
- * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
- * \param input    16-byte input block
- * \param output   16-byte output block
- *
- * \return         0 if successful
- */
-int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
-                    int mode,
-                    const unsigned char input[16],
-                    unsigned char output[16] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief          CAMELLIA-CBC buffer encryption/decryption
- *                 Length should be a multiple of the block
- *                 size (16 bytes)
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      CAMELLIA context
- * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
- * \param length   length of the input data
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
- *
- * \return         0 if successful, or
- *                 MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
- */
-int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[16],
-                    const unsigned char *input,
-                    unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/**
- * \brief          CAMELLIA-CFB128 buffer encryption/decryption
- *
- * Note: Due to the nature of CFB you should use the same key schedule for
- * both encryption and decryption. So a context initialized with
- * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT.
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      CAMELLIA context
- * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
- * \param length   length of the input data
- * \param iv_off   offset in IV (updated after use)
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
- *
- * \return         0 if successful, or
- *                 MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
- */
-int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
-                       int mode,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/**
- * \brief               CAMELLIA-CTR buffer encryption/decryption
- *
- * Warning: You have to keep the maximum use of your counter in mind!
- *
- * Note: Due to the nature of CTR you should use the same key schedule for
- * both encryption and decryption. So a context initialized with
- * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT.
- *
- * \param ctx           CAMELLIA context
- * \param length        The length of the data
- * \param nc_off        The offset in the current stream_block (for resuming
- *                      within current cipher stream). The offset pointer to
- *                      should be 0 at the start of a stream.
- * \param nonce_counter The 128-bit nonce and counter.
- * \param stream_block  The saved stream-block for resuming. Is overwritten
- *                      by the function.
- * \param input         The input data stream
- * \param output        The output data stream
- *
- * \return         0 if successful
- */
-int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[16],
-                       unsigned char stream_block[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_CAMELLIA_ALT */
-#include "camellia_alt.h"
-#endif /* MBEDTLS_CAMELLIA_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mbedtls_camellia_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* camellia.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/ccm.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/ccm.h
deleted file mode 100644
index 630b7fdf..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/ccm.h
+++ /dev/null
@@ -1,176 +0,0 @@
-/**
- * \file ccm.h
- *
- * \brief CCM combines Counter mode encryption with CBC-MAC authentication
- *        for 128-bit block ciphers.
- *
- * Input to CCM includes the following elements:
- * <ul><li>Payload - data that is both authenticated and encrypted.</li>
- * <li>Associated data (Adata) - data that is authenticated but not
- * encrypted, For example, a header.</li>
- * <li>Nonce - A unique value that is assigned to the payload and the
- * associated data.</li></ul>
- *
- */
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_CCM_H
-#define MBEDTLS_CCM_H
-
-#include "cipher.h"
-
-#define MBEDTLS_ERR_CCM_BAD_INPUT       -0x000D /**< Bad input parameters to the function. */
-#define MBEDTLS_ERR_CCM_AUTH_FAILED     -0x000F /**< Authenticated decryption failed. */
-#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */
-
-#if !defined(MBEDTLS_CCM_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief    The CCM context-type definition. The CCM context is passed
- *           to the APIs called.
- */
-typedef struct {
-    mbedtls_cipher_context_t cipher_ctx;    /*!< The cipher context used. */
-}
-mbedtls_ccm_context;
-
-/**
- * \brief           This function initializes the specified CCM context,
- *                  to make references valid, and prepare the context
- *                  for mbedtls_ccm_setkey() or mbedtls_ccm_free().
- *
- * \param ctx       The CCM context to initialize.
- */
-void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
-
-/**
- * \brief           This function initializes the CCM context set in the
- *                  \p ctx parameter and sets the encryption key.
- *
- * \param ctx       The CCM context to initialize.
- * \param cipher    The 128-bit block cipher to use.
- * \param key       The encryption key.
- * \param keybits   The key size in bits. This must be acceptable by the cipher.
- *
- * \return          \c 0 on success, or a cipher-specific error code.
- */
-int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
-                        mbedtls_cipher_id_t cipher,
-                        const unsigned char *key,
-                        unsigned int keybits );
-
-/**
- * \brief   This function releases and clears the specified CCM context
- *          and underlying cipher sub-context.
- *
- * \param ctx       The CCM context to clear.
- */
-void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
-
-/**
- * \brief           This function encrypts a buffer using CCM.
- *
- * \param ctx       The CCM context to use for encryption.
- * \param length    The length of the input data in Bytes.
- * \param iv        Initialization vector (nonce).
- * \param iv_len    The length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13.
- * \param add       The additional data field.
- * \param add_len   The length of additional data in Bytes.
- *                  Must be less than 2^16 - 2^8.
- * \param input     The buffer holding the input data.
- * \param output    The buffer holding the output data.
- *                  Must be at least \p length Bytes wide.
- * \param tag       The buffer holding the tag.
- * \param tag_len   The length of the tag to generate in Bytes:
- *                  4, 6, 8, 10, 12, 14 or 16.
- *
- * \note            The tag is written to a separate buffer. To concatenate
- *                  the \p tag with the \p output, as done in <em>RFC-3610:
- *                  Counter with CBC-MAC (CCM)</em>, use
- *                  \p tag = \p output + \p length, and make sure that the
- *                  output buffer is at least \p length + \p tag_len wide.
- *
- * \return          \c 0 on success.
- */
-int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *add, size_t add_len,
-                         const unsigned char *input, unsigned char *output,
-                         unsigned char *tag, size_t tag_len );
-
-/**
- * \brief           This function performs a CCM authenticated decryption of a
- *                  buffer.
- *
- * \param ctx       The CCM context to use for decryption.
- * \param length    The length of the input data in Bytes.
- * \param iv        Initialization vector.
- * \param iv_len    The length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13.
- * \param add       The additional data field.
- * \param add_len   The length of additional data in Bytes.
- *                  Must be less than 2^16 - 2^8.
- * \param input     The buffer holding the input data.
- * \param output    The buffer holding the output data.
- *                  Must be at least \p length Bytes wide.
- * \param tag       The buffer holding the tag.
- * \param tag_len   The length of the tag in Bytes.
- *                  4, 6, 8, 10, 12, 14 or 16.
- *
- * \return          0 if successful and authenticated, or
- *                  #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
- */
-int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
-                      const unsigned char *iv, size_t iv_len,
-                      const unsigned char *add, size_t add_len,
-                      const unsigned char *input, unsigned char *output,
-                      const unsigned char *tag, size_t tag_len );
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_CCM_ALT */
-#include "ccm_alt.h"
-#endif /* MBEDTLS_CCM_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
-/**
- * \brief          The CCM checkup routine.
- *
- * \return         \c 0 on success, or \c 1 on failure.
- */
-int mbedtls_ccm_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CCM_H */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/certs.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/certs.h
deleted file mode 100644
index 8dab7b5c..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/certs.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/**
- * \file certs.h
- *
- * \brief Sample certificates and DHM parameters for testing
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_CERTS_H
-#define MBEDTLS_CERTS_H
-
-#include <stddef.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-/* Concatenation of all CA certificates in PEM format if available */
-extern const char   mbedtls_test_cas_pem[];
-extern const size_t mbedtls_test_cas_pem_len;
-#endif
-
-/* List of all CA certificates, terminated by NULL */
-extern const char * mbedtls_test_cas[];
-extern const size_t mbedtls_test_cas_len[];
-
-/*
- * Convenience for users who just want a certificate:
- * RSA by default, or ECDSA if RSA is not available
- */
-extern const char * mbedtls_test_ca_crt;
-extern const size_t mbedtls_test_ca_crt_len;
-extern const char * mbedtls_test_ca_key;
-extern const size_t mbedtls_test_ca_key_len;
-extern const char * mbedtls_test_ca_pwd;
-extern const size_t mbedtls_test_ca_pwd_len;
-extern const char * mbedtls_test_srv_crt;
-extern const size_t mbedtls_test_srv_crt_len;
-extern const char * mbedtls_test_srv_key;
-extern const size_t mbedtls_test_srv_key_len;
-extern const char * mbedtls_test_cli_crt;
-extern const size_t mbedtls_test_cli_crt_len;
-extern const char * mbedtls_test_cli_key;
-extern const size_t mbedtls_test_cli_key_len;
-
-#if defined(MBEDTLS_ECDSA_C)
-extern const char   mbedtls_test_ca_crt_ec[];
-extern const size_t mbedtls_test_ca_crt_ec_len;
-extern const char   mbedtls_test_ca_key_ec[];
-extern const size_t mbedtls_test_ca_key_ec_len;
-extern const char   mbedtls_test_ca_pwd_ec[];
-extern const size_t mbedtls_test_ca_pwd_ec_len;
-extern const char   mbedtls_test_srv_crt_ec[];
-extern const size_t mbedtls_test_srv_crt_ec_len;
-extern const char   mbedtls_test_srv_key_ec[];
-extern const size_t mbedtls_test_srv_key_ec_len;
-extern const char   mbedtls_test_cli_crt_ec[];
-extern const size_t mbedtls_test_cli_crt_ec_len;
-extern const char   mbedtls_test_cli_key_ec[];
-extern const size_t mbedtls_test_cli_key_ec_len;
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-extern const char   mbedtls_test_ca_crt_rsa[];
-extern const size_t mbedtls_test_ca_crt_rsa_len;
-extern const char   mbedtls_test_ca_key_rsa[];
-extern const size_t mbedtls_test_ca_key_rsa_len;
-extern const char   mbedtls_test_ca_pwd_rsa[];
-extern const size_t mbedtls_test_ca_pwd_rsa_len;
-extern const char   mbedtls_test_srv_crt_rsa[];
-extern const size_t mbedtls_test_srv_crt_rsa_len;
-extern const char   mbedtls_test_srv_key_rsa[];
-extern const size_t mbedtls_test_srv_key_rsa_len;
-extern const char   mbedtls_test_cli_crt_rsa[];
-extern const size_t mbedtls_test_cli_crt_rsa_len;
-extern const char   mbedtls_test_cli_key_rsa[];
-extern const size_t mbedtls_test_cli_key_rsa_len;
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* certs.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/check_config.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/check_config.h
deleted file mode 100644
index be803329..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/check_config.h
+++ /dev/null
@@ -1,674 +0,0 @@
-/**
- * \file check_config.h
- *
- * \brief Consistency checks for configuration options
- */
-/*
- *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- * It is recommended to include this file from your config.h
- * in order to catch dependency issues early.
- */
-
-#ifndef MBEDTLS_CHECK_CONFIG_H
-#define MBEDTLS_CHECK_CONFIG_H
-
-/*
- * We assume CHAR_BIT is 8 in many places. In practice, this is true on our
- * target platforms, so not an issue, but let's just be extra sure.
- */
-#include <limits.h>
-#if CHAR_BIT != 8
-#error "mbed TLS requires a platform with 8-bit chars"
-#endif
-
-#if defined(_WIN32)
-#if !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_C is required on Windows"
-#endif
-
-/* Fix the config here. Not convenient to put an #ifdef _WIN32 in config.h as
- * it would confuse config.pl. */
-#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
-    !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
-#define MBEDTLS_PLATFORM_SNPRINTF_ALT
-#endif
-#endif /* _WIN32 */
-
-#if defined(TARGET_LIKE_MBED) && \
-    ( defined(MBEDTLS_NET_C) || defined(MBEDTLS_TIMING_C) )
-#error "The NET and TIMING modules are not available for mbed OS - please use the network and timing functions provided by mbed OS"
-#endif
-
-#if defined(MBEDTLS_DEPRECATED_WARNING) && \
-    !defined(__GNUC__) && !defined(__clang__)
-#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
-#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
-#endif
-
-#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
-#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
-#error "MBEDTLS_DHM_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) && !defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_CMAC_C) && \
-    !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C)
-#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
-#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECDSA_C) &&            \
-    ( !defined(MBEDTLS_ECP_C) ||           \
-      !defined(MBEDTLS_ASN1_PARSE_C) ||    \
-      !defined(MBEDTLS_ASN1_WRITE_C) )
-#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECJPAKE_C) &&           \
-    ( !defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C) )
-#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
-#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || (   \
-    !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)   &&                  \
-    !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)   &&                  \
-    !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)   &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) ) )
-#error "MBEDTLS_ECP_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) &&      \
-                                    !defined(MBEDTLS_SHA256_C))
-#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
-#endif
-#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) &&         \
-    defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
-#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
-#endif
-#if defined(MBEDTLS_ENTROPY_C) &&                                            \
-    ( !defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256) ) \
-    && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
-#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
-#endif
-#if defined(MBEDTLS_ENTROPY_C) && \
-    defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_SHA256_C)
-#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
-    ( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) )
-#error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites"
-#endif
-#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
-     ( defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
-    defined(MBEDTLS_HAVEGE_C) )
-#error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too"
-#endif
-
-#if defined(MBEDTLS_GCM_C) && (                                        \
-        !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) )
-#error "MBEDTLS_GCM_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_ADD_MIXED_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_DOUBLE_JAC_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_JAC_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_MXZ_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_HAVEGE_C) && !defined(MBEDTLS_TIMING_C)
-#error "MBEDTLS_HAVEGE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C)
-#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) &&                     \
-    !defined(MBEDTLS_ECDH_C)
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) &&                   \
-    ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) ||           \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) ||          \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) ||          \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) &&                   \
-    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
-      !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) &&                       \
-    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
-      !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) &&                    \
-    ( !defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) ||      \
-      !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
-#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) &&                          \
-    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
-#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C)
-#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_C) && \
-    ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) )
-#error "MBEDTLS_PK_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C)
-#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PKCS11_C) && !defined(MBEDTLS_PK_C)
-#error "MBEDTLS_PKCS11_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\
-        defined(MBEDTLS_PLATFORM_EXIT_ALT) )
-#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_ALT) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) ||\
-        !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) ||\
-        !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) ||\
-        !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
-        defined(MBEDTLS_PLATFORM_TIME_ALT) )
-#error "MBEDTLS_PLATFORM_TIME_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
-        defined(MBEDTLS_PLATFORM_TIME_ALT) )
-#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\
-        defined(MBEDTLS_PLATFORM_FPRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
-    defined(MBEDTLS_PLATFORM_STD_FREE)
-#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
-    defined(MBEDTLS_PLATFORM_STD_CALLOC)
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO)
-#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\
-        defined(MBEDTLS_PLATFORM_PRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\
-        defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\
-    !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
-#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
-#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
-#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY)
-#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\
-    !defined(MBEDTLS_PLATFORM_EXIT_ALT)
-#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_TIME) &&\
-    ( !defined(MBEDTLS_PLATFORM_TIME_ALT) ||\
-        !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_STD_TIME defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\
-    !defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\
-    !defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\
-    !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C) )
-#error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) &&\
-    !defined(MBEDTLS_ENTROPY_NV_SEED)
-#error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) &&\
-    !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-#error "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) &&\
-    !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-#error "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) ||\
-      defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
-#error "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) ||\
-      defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
-#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) ||         \
-    !defined(MBEDTLS_OID_C) )
-#error "MBEDTLS_RSA_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) &&         \
-    !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
-#endif
-
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) &&                        \
-    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
-#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) && ( !defined(MBEDTLS_MD5_C) ||     \
-    !defined(MBEDTLS_SHA1_C) )
-#error "MBEDTLS_SSL_PROTO_SSL3 defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) ||     \
-    !defined(MBEDTLS_SHA1_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1 defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1) && ( !defined(MBEDTLS_MD5_C) ||     \
-    !defined(MBEDTLS_SHA1_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) &&     \
-    !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)     && \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_1)  && \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C)
-#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C) && ( !defined(MBEDTLS_CIPHER_C) ||     \
-    !defined(MBEDTLS_MD_C) )
-#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C)
-#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_SSL3) && \
-    !defined(MBEDTLS_SSL_PROTO_TLS1) && !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_2))
-#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1))
-#error "Illegal protocol selection"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_TLS1) && \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_SSL_PROTO_TLS1_1))
-#error "Illegal protocol selection"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2) && (!defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_1)))
-#error "Illegal protocol selection"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
-#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
-    !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE  defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) &&                              \
-    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY  defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) &&                              \
-    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT  defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) &&   \
-    !defined(MBEDTLS_SSL_PROTO_TLS1)   &&      \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&      \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
-#endif
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
-    !defined(MBEDTLS_SSL_PROTO_TLS1)   &&          \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&          \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
-#endif
-
-#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
-#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \
-    !defined(MBEDTLS_SSL_PROTO_SSL3) && !defined(MBEDTLS_SSL_PROTO_TLS1)
-#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
-        !defined(MBEDTLS_X509_CRT_PARSE_C)
-#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_THREADING_PTHREAD)
-#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
-#endif
-#define MBEDTLS_THREADING_IMPL
-#endif
-
-#if defined(MBEDTLS_THREADING_ALT)
-#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
-#endif
-#define MBEDTLS_THREADING_IMPL
-#endif
-
-#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_C defined, single threading implementation required"
-#endif
-#undef MBEDTLS_THREADING_IMPL
-
-#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
-#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
-    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) ||      \
-    !defined(MBEDTLS_PK_PARSE_C) )
-#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
-    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) ||       \
-    !defined(MBEDTLS_PK_WRITE_C) )
-#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
-#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
-#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64)
-#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously"
-#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */
-
-#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \
-    defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
-#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */
-
-/*
- * Avoid warning from -pedantic. This is a convenient place for this
- * workaround since this is included by every single file before the
- * #if defined(MBEDTLS_xxx_C) that results in emtpy translation units.
- */
-typedef int mbedtls_iso_c_forbids_empty_translation_units;
-
-#endif /* MBEDTLS_CHECK_CONFIG_H */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/cipher.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/cipher.h
deleted file mode 100644
index d1f4efef..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/cipher.h
+++ /dev/null
@@ -1,752 +0,0 @@
-/**
- * \file cipher.h
- *
- * \brief The generic cipher wrapper.
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- */
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_CIPHER_H
-#define MBEDTLS_CIPHER_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
-#define MBEDTLS_CIPHER_MODE_AEAD
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_CIPHER_MODE_WITH_PADDING
-#endif
-
-#if defined(MBEDTLS_ARC4_C)
-#define MBEDTLS_CIPHER_MODE_STREAM
-#endif
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE  -0x6080  /**< The selected feature is not available. */
-#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA       -0x6100  /**< Bad input parameters. */
-#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED         -0x6180  /**< Failed to allocate memory. */
-#define MBEDTLS_ERR_CIPHER_INVALID_PADDING      -0x6200  /**< Input data contains invalid padding and is rejected. */
-#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED  -0x6280  /**< Decryption of block requires a full block. */
-#define MBEDTLS_ERR_CIPHER_AUTH_FAILED          -0x6300  /**< Authentication failed (for AEAD modes). */
-#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT      -0x6380  /**< The context is invalid. For example, because it was freed. */
-#define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED      -0x6400  /**< Cipher hardware accelerator failed. */
-
-#define MBEDTLS_CIPHER_VARIABLE_IV_LEN     0x01    /**< Cipher accepts IVs of variable length. */
-#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN    0x02    /**< Cipher accepts keys of variable length. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief     An enumeration of supported ciphers.
- *
- * \warning   ARC4 and DES are considered weak ciphers and their use
- *            constitutes a security risk. We recommend considering stronger
- *            ciphers instead.
- */
-typedef enum {
-    MBEDTLS_CIPHER_ID_NONE = 0,
-    MBEDTLS_CIPHER_ID_NULL,
-    MBEDTLS_CIPHER_ID_AES,
-    MBEDTLS_CIPHER_ID_DES,
-    MBEDTLS_CIPHER_ID_3DES,
-    MBEDTLS_CIPHER_ID_CAMELLIA,
-    MBEDTLS_CIPHER_ID_BLOWFISH,
-    MBEDTLS_CIPHER_ID_ARC4,
-} mbedtls_cipher_id_t;
-
-/**
- * \brief     An enumeration of supported (cipher, mode) pairs.
- *
- * \warning   ARC4 and DES are considered weak ciphers and their use
- *            constitutes a security risk. We recommend considering stronger
- *            ciphers instead.
- */
-typedef enum {
-    MBEDTLS_CIPHER_NONE = 0,
-    MBEDTLS_CIPHER_NULL,
-    MBEDTLS_CIPHER_AES_128_ECB,
-    MBEDTLS_CIPHER_AES_192_ECB,
-    MBEDTLS_CIPHER_AES_256_ECB,
-    MBEDTLS_CIPHER_AES_128_CBC,
-    MBEDTLS_CIPHER_AES_192_CBC,
-    MBEDTLS_CIPHER_AES_256_CBC,
-    MBEDTLS_CIPHER_AES_128_CFB128,
-    MBEDTLS_CIPHER_AES_192_CFB128,
-    MBEDTLS_CIPHER_AES_256_CFB128,
-    MBEDTLS_CIPHER_AES_128_CTR,
-    MBEDTLS_CIPHER_AES_192_CTR,
-    MBEDTLS_CIPHER_AES_256_CTR,
-    MBEDTLS_CIPHER_AES_128_GCM,
-    MBEDTLS_CIPHER_AES_192_GCM,
-    MBEDTLS_CIPHER_AES_256_GCM,
-    MBEDTLS_CIPHER_CAMELLIA_128_ECB,
-    MBEDTLS_CIPHER_CAMELLIA_192_ECB,
-    MBEDTLS_CIPHER_CAMELLIA_256_ECB,
-    MBEDTLS_CIPHER_CAMELLIA_128_CBC,
-    MBEDTLS_CIPHER_CAMELLIA_192_CBC,
-    MBEDTLS_CIPHER_CAMELLIA_256_CBC,
-    MBEDTLS_CIPHER_CAMELLIA_128_CFB128,
-    MBEDTLS_CIPHER_CAMELLIA_192_CFB128,
-    MBEDTLS_CIPHER_CAMELLIA_256_CFB128,
-    MBEDTLS_CIPHER_CAMELLIA_128_CTR,
-    MBEDTLS_CIPHER_CAMELLIA_192_CTR,
-    MBEDTLS_CIPHER_CAMELLIA_256_CTR,
-    MBEDTLS_CIPHER_CAMELLIA_128_GCM,
-    MBEDTLS_CIPHER_CAMELLIA_192_GCM,
-    MBEDTLS_CIPHER_CAMELLIA_256_GCM,
-    MBEDTLS_CIPHER_DES_ECB,
-    MBEDTLS_CIPHER_DES_CBC,
-    MBEDTLS_CIPHER_DES_EDE_ECB,
-    MBEDTLS_CIPHER_DES_EDE_CBC,
-    MBEDTLS_CIPHER_DES_EDE3_ECB,
-    MBEDTLS_CIPHER_DES_EDE3_CBC,
-    MBEDTLS_CIPHER_BLOWFISH_ECB,
-    MBEDTLS_CIPHER_BLOWFISH_CBC,
-    MBEDTLS_CIPHER_BLOWFISH_CFB64,
-    MBEDTLS_CIPHER_BLOWFISH_CTR,
-    MBEDTLS_CIPHER_ARC4_128,
-    MBEDTLS_CIPHER_AES_128_CCM,
-    MBEDTLS_CIPHER_AES_192_CCM,
-    MBEDTLS_CIPHER_AES_256_CCM,
-    MBEDTLS_CIPHER_CAMELLIA_128_CCM,
-    MBEDTLS_CIPHER_CAMELLIA_192_CCM,
-    MBEDTLS_CIPHER_CAMELLIA_256_CCM,
-} mbedtls_cipher_type_t;
-
-/** Supported cipher modes. */
-typedef enum {
-    MBEDTLS_MODE_NONE = 0,
-    MBEDTLS_MODE_ECB,
-    MBEDTLS_MODE_CBC,
-    MBEDTLS_MODE_CFB,
-    MBEDTLS_MODE_OFB, /* Unused! */
-    MBEDTLS_MODE_CTR,
-    MBEDTLS_MODE_GCM,
-    MBEDTLS_MODE_STREAM,
-    MBEDTLS_MODE_CCM,
-} mbedtls_cipher_mode_t;
-
-/** Supported cipher padding types. */
-typedef enum {
-    MBEDTLS_PADDING_PKCS7 = 0,     /**< PKCS7 padding (default).        */
-    MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding.         */
-    MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding.             */
-    MBEDTLS_PADDING_ZEROS,         /**< zero padding (not reversible). */
-    MBEDTLS_PADDING_NONE,          /**< never pad (full blocks only).   */
-} mbedtls_cipher_padding_t;
-
-/** Type of operation. */
-typedef enum {
-    MBEDTLS_OPERATION_NONE = -1,
-    MBEDTLS_DECRYPT = 0,
-    MBEDTLS_ENCRYPT,
-} mbedtls_operation_t;
-
-enum {
-    /** Undefined key length. */
-    MBEDTLS_KEY_LENGTH_NONE = 0,
-    /** Key length, in bits (including parity), for DES keys. */
-    MBEDTLS_KEY_LENGTH_DES  = 64,
-    /** Key length in bits, including parity, for DES in two-key EDE. */
-    MBEDTLS_KEY_LENGTH_DES_EDE = 128,
-    /** Key length in bits, including parity, for DES in three-key EDE. */
-    MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
-};
-
-/** Maximum length of any IV, in Bytes. */
-#define MBEDTLS_MAX_IV_LENGTH      16
-/** Maximum block size of any cipher, in Bytes. */
-#define MBEDTLS_MAX_BLOCK_LENGTH   16
-
-/**
- * Base cipher information (opaque struct).
- */
-typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
-
-/**
- * CMAC context (opaque struct).
- */
-typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
-
-/**
- * Cipher information. Allows calling cipher functions
- * in a generic way.
- */
-typedef struct {
-    /** Full cipher identifier. For example,
-     * MBEDTLS_CIPHER_AES_256_CBC.
-     */
-    mbedtls_cipher_type_t type;
-
-    /** The cipher mode. For example, MBEDTLS_MODE_CBC. */
-    mbedtls_cipher_mode_t mode;
-
-    /** The cipher key length, in bits. This is the
-     * default length for variable sized ciphers.
-     * Includes parity bits for ciphers like DES.
-     */
-    unsigned int key_bitlen;
-
-    /** Name of the cipher. */
-    const char * name;
-
-    /** IV or nonce size, in Bytes.
-     * For ciphers that accept variable IV sizes,
-     * this is the recommended size.
-     */
-    unsigned int iv_size;
-
-    /** Flags to set. For example, if the cipher supports variable IV sizes or variable key sizes. */
-    int flags;
-
-    /** The block size, in Bytes. */
-    unsigned int block_size;
-
-    /** Struct for base cipher information and functions. */
-    const mbedtls_cipher_base_t *base;
-
-} mbedtls_cipher_info_t;
-
-/**
- * Generic cipher context.
- */
-typedef struct {
-    /** Information about the associated cipher. */
-    const mbedtls_cipher_info_t *cipher_info;
-
-    /** Key length to use. */
-    int key_bitlen;
-
-    /** Operation that the key of the context has been
-     * initialized for.
-     */
-    mbedtls_operation_t operation;
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-    /** Padding functions to use, if relevant for
-     * the specific cipher mode.
-     */
-    void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
-    int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
-#endif
-
-    /** Buffer for input that has not been processed yet. */
-    unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
-
-    /** Number of Bytes that have not been processed yet. */
-    size_t unprocessed_len;
-
-    /** Current IV or NONCE_COUNTER for CTR-mode. */
-    unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
-
-    /** IV size in Bytes, for ciphers with variable-length IVs. */
-    size_t iv_size;
-
-    /** The cipher-specific context. */
-    void *cipher_ctx;
-
-#if defined(MBEDTLS_CMAC_C)
-    /** CMAC-specific context. */
-    mbedtls_cmac_context_t *cmac_ctx;
-#endif
-} mbedtls_cipher_context_t;
-
-/**
- * \brief This function retrieves the list of ciphers supported by the generic
- * cipher module.
- *
- * \return      A statically-allocated array of ciphers. The last entry
- *              is zero.
- */
-const int *mbedtls_cipher_list( void );
-
-/**
- * \brief               This function retrieves the cipher-information
- *                      structure associated with the given cipher name.
- *
- * \param cipher_name   Name of the cipher to search for.
- *
- * \return              The cipher information structure associated with the
- *                      given \p cipher_name, or NULL if not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
-
-/**
- * \brief               This function retrieves the cipher-information
- *                      structure associated with the given cipher type.
- *
- * \param cipher_type   Type of the cipher to search for.
- *
- * \return              The cipher information structure associated with the
- *                      given \p cipher_type, or NULL if not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
-
-/**
- * \brief               This function retrieves the cipher-information
- *                      structure associated with the given cipher ID,
- *                      key size and mode.
- *
- * \param cipher_id     The ID of the cipher to search for. For example,
- *                      #MBEDTLS_CIPHER_ID_AES.
- * \param key_bitlen    The length of the key in bits.
- * \param mode          The cipher mode. For example, #MBEDTLS_MODE_CBC.
- *
- * \return              The cipher information structure associated with the
- *                      given \p cipher_id, or NULL if not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
-                                              int key_bitlen,
-                                              const mbedtls_cipher_mode_t mode );
-
-/**
- * \brief               This function initializes a \p cipher_context as NONE.
- */
-void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
-
-/**
- * \brief               This function frees and clears the cipher-specific
- *                      context of \p ctx. Freeing \p ctx itself remains the
- *                      responsibility of the caller.
- */
-void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
-
-
-/**
- * \brief               This function initializes and fills the cipher-context
- *                      structure with the appropriate values. It also clears
- *                      the structure.
- *
- * \param ctx           The context to initialize. May not be NULL.
- * \param cipher_info   The cipher to use.
- *
- * \return              \c 0 on success,
- *                      #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure,
- *                      #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
- *                      cipher-specific context failed.
- *
- * \internal Currently, the function also clears the structure.
- * In future versions, the caller will be required to call
- * mbedtls_cipher_init() on the structure first.
- */
-int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info );
-
-/**
- * \brief        This function returns the block size of the given cipher.
- *
- * \param ctx    The context of the cipher. Must be initialized.
- *
- * \return       The size of the blocks of the cipher, or zero if \p ctx
- *               has not been initialized.
- */
-static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx )
-{
-    if( NULL == ctx || NULL == ctx->cipher_info )
-        return 0;
-
-    return ctx->cipher_info->block_size;
-}
-
-/**
- * \brief        This function returns the mode of operation for
- *               the cipher. For example, MBEDTLS_MODE_CBC.
- *
- * \param ctx    The context of the cipher. Must be initialized.
- *
- * \return       The mode of operation, or #MBEDTLS_MODE_NONE if
- *               \p ctx has not been initialized.
- */
-static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx )
-{
-    if( NULL == ctx || NULL == ctx->cipher_info )
-        return MBEDTLS_MODE_NONE;
-
-    return ctx->cipher_info->mode;
-}
-
-/**
- * \brief       This function returns the size of the IV or nonce
- *              of the cipher, in Bytes.
- *
- * \param ctx   The context of the cipher. Must be initialized.
- *
- * \return      <ul><li>If no IV has been set: the recommended IV size.
- *              0 for ciphers not using IV or nonce.</li>
- *              <li>If IV has already been set: the actual size.</li></ul>
- */
-static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx )
-{
-    if( NULL == ctx || NULL == ctx->cipher_info )
-        return 0;
-
-    if( ctx->iv_size != 0 )
-        return (int) ctx->iv_size;
-
-    return (int) ctx->cipher_info->iv_size;
-}
-
-/**
- * \brief               This function returns the type of the given cipher.
- *
- * \param ctx           The context of the cipher. Must be initialized.
- *
- * \return              The type of the cipher, or #MBEDTLS_CIPHER_NONE if
- *                      \p ctx has not been initialized.
- */
-static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx )
-{
-    if( NULL == ctx || NULL == ctx->cipher_info )
-        return MBEDTLS_CIPHER_NONE;
-
-    return ctx->cipher_info->type;
-}
-
-/**
- * \brief               This function returns the name of the given cipher
- *                      as a string.
- *
- * \param ctx           The context of the cipher. Must be initialized.
- *
- * \return              The name of the cipher, or NULL if \p ctx has not
- *                      been not initialized.
- */
-static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx )
-{
-    if( NULL == ctx || NULL == ctx->cipher_info )
-        return 0;
-
-    return ctx->cipher_info->name;
-}
-
-/**
- * \brief               This function returns the key length of the cipher.
- *
- * \param ctx           The context of the cipher. Must be initialized.
- *
- * \return              The key length of the cipher in bits, or
- *                      #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
- *                      initialized.
- */
-static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx )
-{
-    if( NULL == ctx || NULL == ctx->cipher_info )
-        return MBEDTLS_KEY_LENGTH_NONE;
-
-    return (int) ctx->cipher_info->key_bitlen;
-}
-
-/**
- * \brief          This function returns the operation of the given cipher.
- *
- * \param ctx      The context of the cipher. Must be initialized.
- *
- * \return         The type of operation: #MBEDTLS_ENCRYPT or
- *                 #MBEDTLS_DECRYPT, or #MBEDTLS_OPERATION_NONE if \p ctx
- *                 has not been initialized.
- */
-static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx )
-{
-    if( NULL == ctx || NULL == ctx->cipher_info )
-        return MBEDTLS_OPERATION_NONE;
-
-    return ctx->operation;
-}
-
-/**
- * \brief               This function sets the key to use with the given context.
- *
- * \param ctx           The generic cipher context. May not be NULL. Must have
- *                      been initialized using mbedtls_cipher_info_from_type()
- *                      or mbedtls_cipher_info_from_string().
- * \param key           The key to use.
- * \param key_bitlen    The key length to use, in bits.
- * \param operation     The operation that the key will be used for:
- *                      #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
- *
- * \returns             \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
- *                      parameter verification fails, or a cipher-specific
- *                      error code.
- */
-int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
-                   int key_bitlen, const mbedtls_operation_t operation );
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-/**
- * \brief               This function sets the padding mode, for cipher modes
- *                      that use padding.
- *
- *                      The default passing mode is PKCS7 padding.
- *
- * \param ctx           The generic cipher context.
- * \param mode          The padding mode.
- *
- * \returns             \c 0 on success, #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
- *                      if the selected padding mode is not supported, or
- *                      #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
- *                      does not support padding.
- */
-int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode );
-#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
-
-/**
- * \brief           This function sets the initialization vector (IV)
- *                  or nonce.
- *
- * \param ctx       The generic cipher context.
- * \param iv        The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
- * \param iv_len    The IV length for ciphers with variable-size IV.
- *                  This parameter is discarded by ciphers with fixed-size IV.
- *
- * \returns         \c 0 on success, or #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
- *
- * \note            Some ciphers do not use IVs nor nonce. For these
- *                  ciphers, this function has no effect.
- */
-int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
-                   const unsigned char *iv, size_t iv_len );
-
-/**
- * \brief         This function resets the cipher state.
- *
- * \param ctx     The generic cipher context.
- *
- * \returns       \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
- *                if parameter verification fails.
- */
-int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
-
-#if defined(MBEDTLS_GCM_C)
-/**
- * \brief               This function adds additional data for AEAD ciphers.
- *                      Only supported with GCM. Must be called
- *                      exactly once, after mbedtls_cipher_reset().
- *
- * \param ctx           The generic cipher context.
- * \param ad            The additional data to use.
- * \param ad_len        the Length of \p ad.
- *
- * \return              \c 0 on success, or a specific error code on failure.
- */
-int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
-                      const unsigned char *ad, size_t ad_len );
-#endif /* MBEDTLS_GCM_C */
-
-/**
- * \brief               The generic cipher update function. It encrypts or
- *                      decrypts using the given cipher context. Writes as
- *                      many block-sized blocks of data as possible to output.
- *                      Any data that cannot be written immediately is either
- *                      added to the next block, or flushed when
- *                      mbedtls_cipher_finish() is called.
- *                      Exception: For MBEDTLS_MODE_ECB, expects a single block
- *                      in size. For example, 16 Bytes for AES.
- *
- * \param ctx           The generic cipher context.
- * \param input         The buffer holding the input data.
- * \param ilen          The length of the input data.
- * \param output        The buffer for the output data. Must be able to hold at
- *                      least \p ilen + block_size. Must not be the same buffer
- *                      as input.
- * \param olen          The length of the output data, to be updated with the
- *                      actual number of Bytes written.
- *
- * \returns             \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
- *                      parameter verification fails,
- *                      #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
- *                      unsupported mode for a cipher, or a cipher-specific
- *                      error code.
- *
- * \note                If the underlying cipher is GCM, all calls to this
- *                      function, except the last one before
- *                      mbedtls_cipher_finish(). Must have \p ilen as a
- *                      multiple of the block_size.
- */
-int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
-                   size_t ilen, unsigned char *output, size_t *olen );
-
-/**
- * \brief               The generic cipher finalization function. If data still
- *                      needs to be flushed from an incomplete block, the data
- *                      contained in it is padded to the size of
- *                      the last block, and written to the \p output buffer.
- *
- * \param ctx           The generic cipher context.
- * \param output        The buffer to write data to. Needs block_size available.
- * \param olen          The length of the data written to the \p output buffer.
- *
- * \returns             \c 0 on success, #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
- *                      parameter verification fails,
- *                      #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
- *                      expected a full block but was not provided one,
- *                      #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
- *                      while decrypting, or a cipher-specific error code
- *                      on failure for any other reason.
- */
-int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
-                   unsigned char *output, size_t *olen );
-
-#if defined(MBEDTLS_GCM_C)
-/**
- * \brief               This function writes a tag for AEAD ciphers.
- *                      Only supported with GCM.
- *                      Must be called after mbedtls_cipher_finish().
- *
- * \param ctx           The generic cipher context.
- * \param tag           The buffer to write the tag to.
- * \param tag_len       The length of the tag to write.
- *
- * \return              \c 0 on success, or a specific error code on failure.
- */
-int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
-                      unsigned char *tag, size_t tag_len );
-
-/**
- * \brief               This function checks the tag for AEAD ciphers.
- *                      Only supported with GCM.
- *                      Must be called after mbedtls_cipher_finish().
- *
- * \param ctx           The generic cipher context.
- * \param tag           The buffer holding the tag.
- * \param tag_len       The length of the tag to check.
- *
- * \return              \c 0 on success, or a specific error code on failure.
- */
-int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
-                      const unsigned char *tag, size_t tag_len );
-#endif /* MBEDTLS_GCM_C */
-
-/**
- * \brief               The generic all-in-one encryption/decryption function,
- *                      for all ciphers except AEAD constructs.
- *
- * \param ctx           The generic cipher context.
- * \param iv            The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
- * \param iv_len        The IV length for ciphers with variable-size IV.
- *                      This parameter is discarded by ciphers with fixed-size
- *                      IV.
- * \param input         The buffer holding the input data.
- * \param ilen          The length of the input data.
- * \param output        The buffer for the output data. Must be able to hold at
- *                      least \p ilen + block_size. Must not be the same buffer
- *                      as input.
- * \param olen          The length of the output data, to be updated with the
- *                      actual number of Bytes written.
- *
- * \note                Some ciphers do not use IVs nor nonce. For these
- *                      ciphers, use \p iv = NULL and \p iv_len = 0.
- *
- * \returns             \c 0 on success, or
- *                      #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
- *                      #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
- *                      expected a full block but was not provided one, or
- *                      #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
- *                      while decrypting, or a cipher-specific error code on
- *                      failure for any other reason.
- */
-int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
-                  const unsigned char *iv, size_t iv_len,
-                  const unsigned char *input, size_t ilen,
-                  unsigned char *output, size_t *olen );
-
-#if defined(MBEDTLS_CIPHER_MODE_AEAD)
-/**
- * \brief               The generic autenticated encryption (AEAD) function.
- *
- * \param ctx           The generic cipher context.
- * \param iv            The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
- * \param iv_len        The IV length for ciphers with variable-size IV.
- *                      This parameter is discarded by ciphers with fixed-size IV.
- * \param ad            The additional data to authenticate.
- * \param ad_len        The length of \p ad.
- * \param input         The buffer holding the input data.
- * \param ilen          The length of the input data.
- * \param output        The buffer for the output data.
- *                      Must be able to hold at least \p ilen.
- * \param olen          The length of the output data, to be updated with the
- *                      actual number of Bytes written.
- * \param tag           The buffer for the authentication tag.
- * \param tag_len       The desired length of the authentication tag.
- *
- * \returns             \c 0 on success, or
- *                      #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
- *                      a cipher-specific error code.
- */
-int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen,
-                         unsigned char *tag, size_t tag_len );
-
-/**
- * \brief               The generic autenticated decryption (AEAD) function.
- *
- * \param ctx           The generic cipher context.
- * \param iv            The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
- * \param iv_len        The IV length for ciphers with variable-size IV.
- *                      This parameter is discarded by ciphers with fixed-size IV.
- * \param ad            The additional data to be authenticated.
- * \param ad_len        The length of \p ad.
- * \param input         The buffer holding the input data.
- * \param ilen          The length of the input data.
- * \param output        The buffer for the output data.
- *                      Must be able to hold at least \p ilen.
- * \param olen          The length of the output data, to be updated with the
- *                      actual number of Bytes written.
- * \param tag           The buffer holding the authentication tag.
- * \param tag_len       The length of the authentication tag.
- *
- * \returns             \c 0 on success, or
- *                      #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
- *                      #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic,
- *                      or a cipher-specific error code on failure for any other reason.
- *
- * \note                If the data is not authentic, then the output buffer
- *                      is zeroed out to prevent the unauthentic plaintext being
- *                      used, making this interface safer.
- */
-int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen,
-                         const unsigned char *tag, size_t tag_len );
-#endif /* MBEDTLS_CIPHER_MODE_AEAD */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CIPHER_H */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/cipher_internal.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/cipher_internal.h
deleted file mode 100644
index 969ff9cc..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/cipher_internal.h
+++ /dev/null
@@ -1,110 +0,0 @@
-/**
- * \file cipher_internal.h
- *
- * \brief Cipher wrappers.
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_CIPHER_WRAP_H
-#define MBEDTLS_CIPHER_WRAP_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "cipher.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Base cipher information. The non-mode specific functions and values.
- */
-struct mbedtls_cipher_base_t
-{
-    /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
-    mbedtls_cipher_id_t cipher;
-
-    /** Encrypt using ECB */
-    int (*ecb_func)( void *ctx, mbedtls_operation_t mode,
-                     const unsigned char *input, unsigned char *output );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    /** Encrypt using CBC */
-    int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length,
-                     unsigned char *iv, const unsigned char *input,
-                     unsigned char *output );
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    /** Encrypt using CFB (Full length) */
-    int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off,
-                     unsigned char *iv, const unsigned char *input,
-                     unsigned char *output );
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    /** Encrypt using CTR */
-    int (*ctr_func)( void *ctx, size_t length, size_t *nc_off,
-                     unsigned char *nonce_counter, unsigned char *stream_block,
-                     const unsigned char *input, unsigned char *output );
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    /** Encrypt using STREAM */
-    int (*stream_func)( void *ctx, size_t length,
-                        const unsigned char *input, unsigned char *output );
-#endif
-
-    /** Set key for encryption purposes */
-    int (*setkey_enc_func)( void *ctx, const unsigned char *key,
-                            unsigned int key_bitlen );
-
-    /** Set key for decryption purposes */
-    int (*setkey_dec_func)( void *ctx, const unsigned char *key,
-                            unsigned int key_bitlen);
-
-    /** Allocate a new context */
-    void * (*ctx_alloc_func)( void );
-
-    /** Free the given context */
-    void (*ctx_free_func)( void *ctx );
-
-};
-
-typedef struct
-{
-    mbedtls_cipher_type_t type;
-    const mbedtls_cipher_info_t *info;
-} mbedtls_cipher_definition_t;
-
-extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];
-
-extern int mbedtls_cipher_supported[];
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CIPHER_WRAP_H */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/cmac.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/cmac.h
deleted file mode 100644
index 628c9dab..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/cmac.h
+++ /dev/null
@@ -1,208 +0,0 @@
-/**
- * \file cmac.h
- *
- * \brief The Cipher-based Message Authentication Code (CMAC) Mode for
- *        Authentication.
- */
-/*
- *  Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_CMAC_H
-#define MBEDTLS_CMAC_H
-
-#include "mbedtls/cipher.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED -0x007A  /**< CMAC hardware accelerator failed. */
-
-#define MBEDTLS_AES_BLOCK_SIZE          16
-#define MBEDTLS_DES3_BLOCK_SIZE         8
-
-#if defined(MBEDTLS_AES_C)
-#define MBEDTLS_CIPHER_BLKSIZE_MAX      16  /* The longest block used by CMAC is that of AES. */
-#else
-#define MBEDTLS_CIPHER_BLKSIZE_MAX      8   /* The longest block used by CMAC is that of 3DES. */
-#endif
-
-#if !defined(MBEDTLS_CMAC_ALT)
-
-/**
- * The CMAC context structure.
- */
-struct mbedtls_cmac_context_t
-{
-    /** The internal state of the CMAC algorithm.  */
-    unsigned char       state[MBEDTLS_CIPHER_BLKSIZE_MAX];
-
-    /** Unprocessed data - either data that was not block aligned and is still
-     *  pending processing, or the final block. */
-    unsigned char       unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX];
-
-    /** The length of data pending processing. */
-    size_t              unprocessed_len;
-};
-
-/**
- * \brief               This function sets the CMAC key, and prepares to authenticate
- *                      the input data.
- *                      Must be called with an initialized cipher context.
- *
- * \param ctx           The cipher context used for the CMAC operation, initialized
- *                      as one of the following types:<ul>
- *                      <li>MBEDTLS_CIPHER_AES_128_ECB</li>
- *                      <li>MBEDTLS_CIPHER_AES_192_ECB</li>
- *                      <li>MBEDTLS_CIPHER_AES_256_ECB</li>
- *                      <li>MBEDTLS_CIPHER_DES_EDE3_ECB</li></ul>
- * \param key           The CMAC key.
- * \param keybits       The length of the CMAC key in bits.
- *                      Must be supported by the cipher.
- *
- * \return              \c 0 on success, or a cipher-specific error code.
- */
-int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
-                                const unsigned char *key, size_t keybits );
-
-/**
- * \brief               This function feeds an input buffer into an ongoing CMAC
- *                      computation.
- *
- *                      It is called between mbedtls_cipher_cmac_starts() or
- *                      mbedtls_cipher_cmac_reset(), and mbedtls_cipher_cmac_finish().
- *                      Can be called repeatedly.
- *
- * \param ctx           The cipher context used for the CMAC operation.
- * \param input         The buffer holding the input data.
- * \param ilen          The length of the input data.
- *
- * \returns             \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA
- *                      if parameter verification fails.
- */
-int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
-                                const unsigned char *input, size_t ilen );
-
-/**
- * \brief               This function finishes the CMAC operation, and writes
- *                      the result to the output buffer.
- *
- *                      It is called after mbedtls_cipher_cmac_update().
- *                      It can be followed by mbedtls_cipher_cmac_reset() and
- *                      mbedtls_cipher_cmac_update(), or mbedtls_cipher_free().
- *
- * \param ctx           The cipher context used for the CMAC operation.
- * \param output        The output buffer for the CMAC checksum result.
- *
- * \returns             \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA
- *                      if parameter verification fails.
- */
-int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
-                                unsigned char *output );
-
-/**
- * \brief               This function prepares the authentication of another
- *                      message with the same key as the previous CMAC
- *                      operation.
- *
- *                      It is called after mbedtls_cipher_cmac_finish()
- *                      and before mbedtls_cipher_cmac_update().
- *
- * \param ctx           The cipher context used for the CMAC operation.
- *
- * \returns             \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA
- *                      if parameter verification fails.
- */
-int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
-
-/**
- * \brief               This function calculates the full generic CMAC
- *                      on the input buffer with the provided key.
- *
- *                      The function allocates the context, performs the
- *                      calculation, and frees the context.
- *
- *                      The CMAC result is calculated as
- *                      output = generic CMAC(cmac key, input buffer).
- *
- *
- * \param cipher_info   The cipher information.
- * \param key           The CMAC key.
- * \param keylen        The length of the CMAC key in bits.
- * \param input         The buffer holding the input data.
- * \param ilen          The length of the input data.
- * \param output        The buffer for the generic CMAC result.
- *
- * \returns             \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA
- *                      if parameter verification fails.
- */
-int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
-                         const unsigned char *key, size_t keylen,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output );
-
-#if defined(MBEDTLS_AES_C)
-/**
- * \brief           This function implements the AES-CMAC-PRF-128 pseudorandom
- *                  function, as defined in
- *                  <em>RFC-4615: The Advanced Encryption Standard-Cipher-based
- *                  Message Authentication Code-Pseudo-Random Function-128
- *                  (AES-CMAC-PRF-128) Algorithm for the Internet Key
- *                  Exchange Protocol (IKE).</em>
- *
- * \param key       The key to use.
- * \param key_len   The key length in Bytes.
- * \param input     The buffer holding the input data.
- * \param in_len    The length of the input data in Bytes.
- * \param output    The buffer holding the generated 16 Bytes of
- *                  pseudorandom output.
- *
- * \return          \c 0 on success.
- */
-int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
-                              const unsigned char *input, size_t in_len,
-                              unsigned char output[16] );
-#endif /* MBEDTLS_AES_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* !MBEDTLS_CMAC_ALT */
-#include "cmac_alt.h"
-#endif /* !MBEDTLS_CMAC_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
-/**
- * \brief          The CMAC checkup routine.
- *
- * \return         \c 0 on success, or \c 1 on failure.
- */
-int mbedtls_cmac_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CMAC_H */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/compat-1.3.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/compat-1.3.h
deleted file mode 100644
index 213b6914..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/compat-1.3.h
+++ /dev/null
@@ -1,2525 +0,0 @@
-/**
- * \file compat-1.3.h
- *
- * \brief Compatibility definitions for using mbed TLS with client code written
- *  for the PolarSSL naming conventions.
- *
- * \deprecated Use the new names directly instead
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "Including compat-1.3.h is deprecated"
-#endif
-
-#ifndef MBEDTLS_COMPAT13_H
-#define MBEDTLS_COMPAT13_H
-
-/*
- * config.h options
- */
-#if defined MBEDTLS_AESNI_C
-#define POLARSSL_AESNI_C MBEDTLS_AESNI_C
-#endif
-#if defined MBEDTLS_AES_ALT
-#define POLARSSL_AES_ALT MBEDTLS_AES_ALT
-#endif
-#if defined MBEDTLS_AES_C
-#define POLARSSL_AES_C MBEDTLS_AES_C
-#endif
-#if defined MBEDTLS_AES_ROM_TABLES
-#define POLARSSL_AES_ROM_TABLES MBEDTLS_AES_ROM_TABLES
-#endif
-#if defined MBEDTLS_ARC4_ALT
-#define POLARSSL_ARC4_ALT MBEDTLS_ARC4_ALT
-#endif
-#if defined MBEDTLS_ARC4_C
-#define POLARSSL_ARC4_C MBEDTLS_ARC4_C
-#endif
-#if defined MBEDTLS_ASN1_PARSE_C
-#define POLARSSL_ASN1_PARSE_C MBEDTLS_ASN1_PARSE_C
-#endif
-#if defined MBEDTLS_ASN1_WRITE_C
-#define POLARSSL_ASN1_WRITE_C MBEDTLS_ASN1_WRITE_C
-#endif
-#if defined MBEDTLS_BASE64_C
-#define POLARSSL_BASE64_C MBEDTLS_BASE64_C
-#endif
-#if defined MBEDTLS_BIGNUM_C
-#define POLARSSL_BIGNUM_C MBEDTLS_BIGNUM_C
-#endif
-#if defined MBEDTLS_BLOWFISH_ALT
-#define POLARSSL_BLOWFISH_ALT MBEDTLS_BLOWFISH_ALT
-#endif
-#if defined MBEDTLS_BLOWFISH_C
-#define POLARSSL_BLOWFISH_C MBEDTLS_BLOWFISH_C
-#endif
-#if defined MBEDTLS_CAMELLIA_ALT
-#define POLARSSL_CAMELLIA_ALT MBEDTLS_CAMELLIA_ALT
-#endif
-#if defined MBEDTLS_CAMELLIA_C
-#define POLARSSL_CAMELLIA_C MBEDTLS_CAMELLIA_C
-#endif
-#if defined MBEDTLS_CAMELLIA_SMALL_MEMORY
-#define POLARSSL_CAMELLIA_SMALL_MEMORY MBEDTLS_CAMELLIA_SMALL_MEMORY
-#endif
-#if defined MBEDTLS_CCM_C
-#define POLARSSL_CCM_C MBEDTLS_CCM_C
-#endif
-#if defined MBEDTLS_CERTS_C
-#define POLARSSL_CERTS_C MBEDTLS_CERTS_C
-#endif
-#if defined MBEDTLS_CIPHER_C
-#define POLARSSL_CIPHER_C MBEDTLS_CIPHER_C
-#endif
-#if defined MBEDTLS_CIPHER_MODE_CBC
-#define POLARSSL_CIPHER_MODE_CBC MBEDTLS_CIPHER_MODE_CBC
-#endif
-#if defined MBEDTLS_CIPHER_MODE_CFB
-#define POLARSSL_CIPHER_MODE_CFB MBEDTLS_CIPHER_MODE_CFB
-#endif
-#if defined MBEDTLS_CIPHER_MODE_CTR
-#define POLARSSL_CIPHER_MODE_CTR MBEDTLS_CIPHER_MODE_CTR
-#endif
-#if defined MBEDTLS_CIPHER_NULL_CIPHER
-#define POLARSSL_CIPHER_NULL_CIPHER MBEDTLS_CIPHER_NULL_CIPHER
-#endif
-#if defined MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
-#define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
-#endif
-#if defined MBEDTLS_CIPHER_PADDING_PKCS7
-#define POLARSSL_CIPHER_PADDING_PKCS7 MBEDTLS_CIPHER_PADDING_PKCS7
-#endif
-#if defined MBEDTLS_CIPHER_PADDING_ZEROS
-#define POLARSSL_CIPHER_PADDING_ZEROS MBEDTLS_CIPHER_PADDING_ZEROS
-#endif
-#if defined MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
-#define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
-#endif
-#if defined MBEDTLS_CTR_DRBG_C
-#define POLARSSL_CTR_DRBG_C MBEDTLS_CTR_DRBG_C
-#endif
-#if defined MBEDTLS_DEBUG_C
-#define POLARSSL_DEBUG_C MBEDTLS_DEBUG_C
-#endif
-#if defined MBEDTLS_DEPRECATED_REMOVED
-#define POLARSSL_DEPRECATED_REMOVED MBEDTLS_DEPRECATED_REMOVED
-#endif
-#if defined MBEDTLS_DEPRECATED_WARNING
-#define POLARSSL_DEPRECATED_WARNING MBEDTLS_DEPRECATED_WARNING
-#endif
-#if defined MBEDTLS_DES_ALT
-#define POLARSSL_DES_ALT MBEDTLS_DES_ALT
-#endif
-#if defined MBEDTLS_DES_C
-#define POLARSSL_DES_C MBEDTLS_DES_C
-#endif
-#if defined MBEDTLS_DHM_C
-#define POLARSSL_DHM_C MBEDTLS_DHM_C
-#endif
-#if defined MBEDTLS_ECDH_C
-#define POLARSSL_ECDH_C MBEDTLS_ECDH_C
-#endif
-#if defined MBEDTLS_ECDSA_C
-#define POLARSSL_ECDSA_C MBEDTLS_ECDSA_C
-#endif
-#if defined MBEDTLS_ECDSA_DETERMINISTIC
-#define POLARSSL_ECDSA_DETERMINISTIC MBEDTLS_ECDSA_DETERMINISTIC
-#endif
-#if defined MBEDTLS_ECP_C
-#define POLARSSL_ECP_C MBEDTLS_ECP_C
-#endif
-#if defined MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define POLARSSL_ECP_DP_BP256R1_ENABLED MBEDTLS_ECP_DP_BP256R1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define POLARSSL_ECP_DP_BP384R1_ENABLED MBEDTLS_ECP_DP_BP384R1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_BP512R1_ENABLED
-#define POLARSSL_ECP_DP_BP512R1_ENABLED MBEDTLS_ECP_DP_BP512R1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define POLARSSL_ECP_DP_M255_ENABLED MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#define POLARSSL_ECP_DP_SECP192K1_ENABLED MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define POLARSSL_ECP_DP_SECP192R1_ENABLED MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#define POLARSSL_ECP_DP_SECP224K1_ENABLED MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define POLARSSL_ECP_DP_SECP224R1_ENABLED MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#define POLARSSL_ECP_DP_SECP256K1_ENABLED MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define POLARSSL_ECP_DP_SECP256R1_ENABLED MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define POLARSSL_ECP_DP_SECP384R1_ENABLED MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define POLARSSL_ECP_DP_SECP521R1_ENABLED MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_FIXED_POINT_OPTIM
-#define POLARSSL_ECP_FIXED_POINT_OPTIM MBEDTLS_ECP_FIXED_POINT_OPTIM
-#endif
-#if defined MBEDTLS_ECP_MAX_BITS
-#define POLARSSL_ECP_MAX_BITS MBEDTLS_ECP_MAX_BITS
-#endif
-#if defined MBEDTLS_ECP_NIST_OPTIM
-#define POLARSSL_ECP_NIST_OPTIM MBEDTLS_ECP_NIST_OPTIM
-#endif
-#if defined MBEDTLS_ECP_WINDOW_SIZE
-#define POLARSSL_ECP_WINDOW_SIZE MBEDTLS_ECP_WINDOW_SIZE
-#endif
-#if defined MBEDTLS_ENABLE_WEAK_CIPHERSUITES
-#define POLARSSL_ENABLE_WEAK_CIPHERSUITES MBEDTLS_ENABLE_WEAK_CIPHERSUITES
-#endif
-#if defined MBEDTLS_ENTROPY_C
-#define POLARSSL_ENTROPY_C MBEDTLS_ENTROPY_C
-#endif
-#if defined MBEDTLS_ENTROPY_FORCE_SHA256
-#define POLARSSL_ENTROPY_FORCE_SHA256 MBEDTLS_ENTROPY_FORCE_SHA256
-#endif
-#if defined MBEDTLS_ERROR_C
-#define POLARSSL_ERROR_C MBEDTLS_ERROR_C
-#endif
-#if defined MBEDTLS_ERROR_STRERROR_DUMMY
-#define POLARSSL_ERROR_STRERROR_DUMMY MBEDTLS_ERROR_STRERROR_DUMMY
-#endif
-#if defined MBEDTLS_FS_IO
-#define POLARSSL_FS_IO MBEDTLS_FS_IO
-#endif
-#if defined MBEDTLS_GCM_C
-#define POLARSSL_GCM_C MBEDTLS_GCM_C
-#endif
-#if defined MBEDTLS_GENPRIME
-#define POLARSSL_GENPRIME MBEDTLS_GENPRIME
-#endif
-#if defined MBEDTLS_HAVEGE_C
-#define POLARSSL_HAVEGE_C MBEDTLS_HAVEGE_C
-#endif
-#if defined MBEDTLS_HAVE_ASM
-#define POLARSSL_HAVE_ASM MBEDTLS_HAVE_ASM
-#endif
-#if defined MBEDTLS_HAVE_SSE2
-#define POLARSSL_HAVE_SSE2 MBEDTLS_HAVE_SSE2
-#endif
-#if defined MBEDTLS_HAVE_TIME
-#define POLARSSL_HAVE_TIME MBEDTLS_HAVE_TIME
-#endif
-#if defined MBEDTLS_HMAC_DRBG_C
-#define POLARSSL_HMAC_DRBG_C MBEDTLS_HMAC_DRBG_C
-#endif
-#if defined MBEDTLS_HMAC_DRBG_MAX_INPUT
-#define POLARSSL_HMAC_DRBG_MAX_INPUT MBEDTLS_HMAC_DRBG_MAX_INPUT
-#endif
-#if defined MBEDTLS_HMAC_DRBG_MAX_REQUEST
-#define POLARSSL_HMAC_DRBG_MAX_REQUEST MBEDTLS_HMAC_DRBG_MAX_REQUEST
-#endif
-#if defined MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT
-#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT
-#endif
-#if defined MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
-#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
-#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-#define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-#define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-#define POLARSSL_KEY_EXCHANGE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-#endif
-#if defined MBEDTLS_MD2_ALT
-#define POLARSSL_MD2_ALT MBEDTLS_MD2_ALT
-#endif
-#if defined MBEDTLS_MD2_C
-#define POLARSSL_MD2_C MBEDTLS_MD2_C
-#endif
-#if defined MBEDTLS_MD2_PROCESS_ALT
-#define POLARSSL_MD2_PROCESS_ALT MBEDTLS_MD2_PROCESS_ALT
-#endif
-#if defined MBEDTLS_MD4_ALT
-#define POLARSSL_MD4_ALT MBEDTLS_MD4_ALT
-#endif
-#if defined MBEDTLS_MD4_C
-#define POLARSSL_MD4_C MBEDTLS_MD4_C
-#endif
-#if defined MBEDTLS_MD4_PROCESS_ALT
-#define POLARSSL_MD4_PROCESS_ALT MBEDTLS_MD4_PROCESS_ALT
-#endif
-#if defined MBEDTLS_MD5_ALT
-#define POLARSSL_MD5_ALT MBEDTLS_MD5_ALT
-#endif
-#if defined MBEDTLS_MD5_C
-#define POLARSSL_MD5_C MBEDTLS_MD5_C
-#endif
-#if defined MBEDTLS_MD5_PROCESS_ALT
-#define POLARSSL_MD5_PROCESS_ALT MBEDTLS_MD5_PROCESS_ALT
-#endif
-#if defined MBEDTLS_MD_C
-#define POLARSSL_MD_C MBEDTLS_MD_C
-#endif
-#if defined MBEDTLS_MEMORY_ALIGN_MULTIPLE
-#define POLARSSL_MEMORY_ALIGN_MULTIPLE MBEDTLS_MEMORY_ALIGN_MULTIPLE
-#endif
-#if defined MBEDTLS_MEMORY_BACKTRACE
-#define POLARSSL_MEMORY_BACKTRACE MBEDTLS_MEMORY_BACKTRACE
-#endif
-#if defined MBEDTLS_MEMORY_BUFFER_ALLOC_C
-#define POLARSSL_MEMORY_BUFFER_ALLOC_C MBEDTLS_MEMORY_BUFFER_ALLOC_C
-#endif
-#if defined MBEDTLS_MEMORY_DEBUG
-#define POLARSSL_MEMORY_DEBUG MBEDTLS_MEMORY_DEBUG
-#endif
-#if defined MBEDTLS_MPI_MAX_SIZE
-#define POLARSSL_MPI_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
-#endif
-#if defined MBEDTLS_MPI_WINDOW_SIZE
-#define POLARSSL_MPI_WINDOW_SIZE MBEDTLS_MPI_WINDOW_SIZE
-#endif
-#if defined MBEDTLS_NET_C
-#define POLARSSL_NET_C MBEDTLS_NET_C
-#endif
-#if defined MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-#endif
-#if defined MBEDTLS_NO_PLATFORM_ENTROPY
-#define POLARSSL_NO_PLATFORM_ENTROPY MBEDTLS_NO_PLATFORM_ENTROPY
-#endif
-#if defined MBEDTLS_OID_C
-#define POLARSSL_OID_C MBEDTLS_OID_C
-#endif
-#if defined MBEDTLS_PADLOCK_C
-#define POLARSSL_PADLOCK_C MBEDTLS_PADLOCK_C
-#endif
-#if defined MBEDTLS_PEM_PARSE_C
-#define POLARSSL_PEM_PARSE_C MBEDTLS_PEM_PARSE_C
-#endif
-#if defined MBEDTLS_PEM_WRITE_C
-#define POLARSSL_PEM_WRITE_C MBEDTLS_PEM_WRITE_C
-#endif
-#if defined MBEDTLS_PKCS11_C
-#define POLARSSL_PKCS11_C MBEDTLS_PKCS11_C
-#endif
-#if defined MBEDTLS_PKCS12_C
-#define POLARSSL_PKCS12_C MBEDTLS_PKCS12_C
-#endif
-#if defined MBEDTLS_PKCS1_V15
-#define POLARSSL_PKCS1_V15 MBEDTLS_PKCS1_V15
-#endif
-#if defined MBEDTLS_PKCS1_V21
-#define POLARSSL_PKCS1_V21 MBEDTLS_PKCS1_V21
-#endif
-#if defined MBEDTLS_PKCS5_C
-#define POLARSSL_PKCS5_C MBEDTLS_PKCS5_C
-#endif
-#if defined MBEDTLS_PK_C
-#define POLARSSL_PK_C MBEDTLS_PK_C
-#endif
-#if defined MBEDTLS_PK_PARSE_C
-#define POLARSSL_PK_PARSE_C MBEDTLS_PK_PARSE_C
-#endif
-#if defined MBEDTLS_PK_PARSE_EC_EXTENDED
-#define POLARSSL_PK_PARSE_EC_EXTENDED MBEDTLS_PK_PARSE_EC_EXTENDED
-#endif
-#if defined MBEDTLS_PK_RSA_ALT_SUPPORT
-#define POLARSSL_PK_RSA_ALT_SUPPORT MBEDTLS_PK_RSA_ALT_SUPPORT
-#endif
-#if defined MBEDTLS_PK_WRITE_C
-#define POLARSSL_PK_WRITE_C MBEDTLS_PK_WRITE_C
-#endif
-#if defined MBEDTLS_PLATFORM_C
-#define POLARSSL_PLATFORM_C MBEDTLS_PLATFORM_C
-#endif
-#if defined MBEDTLS_PLATFORM_EXIT_ALT
-#define POLARSSL_PLATFORM_EXIT_ALT MBEDTLS_PLATFORM_EXIT_ALT
-#endif
-#if defined MBEDTLS_PLATFORM_EXIT_MACRO
-#define POLARSSL_PLATFORM_EXIT_MACRO MBEDTLS_PLATFORM_EXIT_MACRO
-#endif
-#if defined MBEDTLS_PLATFORM_FPRINTF_ALT
-#define POLARSSL_PLATFORM_FPRINTF_ALT MBEDTLS_PLATFORM_FPRINTF_ALT
-#endif
-#if defined MBEDTLS_PLATFORM_FPRINTF_MACRO
-#define POLARSSL_PLATFORM_FPRINTF_MACRO MBEDTLS_PLATFORM_FPRINTF_MACRO
-#endif
-#if defined MBEDTLS_PLATFORM_FREE_MACRO
-#define POLARSSL_PLATFORM_FREE_MACRO MBEDTLS_PLATFORM_FREE_MACRO
-#endif
-#if defined MBEDTLS_PLATFORM_MEMORY
-#define POLARSSL_PLATFORM_MEMORY MBEDTLS_PLATFORM_MEMORY
-#endif
-#if defined MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-#endif
-#if defined MBEDTLS_PLATFORM_PRINTF_ALT
-#define POLARSSL_PLATFORM_PRINTF_ALT MBEDTLS_PLATFORM_PRINTF_ALT
-#endif
-#if defined MBEDTLS_PLATFORM_PRINTF_MACRO
-#define POLARSSL_PLATFORM_PRINTF_MACRO MBEDTLS_PLATFORM_PRINTF_MACRO
-#endif
-#if defined MBEDTLS_PLATFORM_SNPRINTF_ALT
-#define POLARSSL_PLATFORM_SNPRINTF_ALT MBEDTLS_PLATFORM_SNPRINTF_ALT
-#endif
-#if defined MBEDTLS_PLATFORM_SNPRINTF_MACRO
-#define POLARSSL_PLATFORM_SNPRINTF_MACRO MBEDTLS_PLATFORM_SNPRINTF_MACRO
-#endif
-#if defined MBEDTLS_PLATFORM_STD_EXIT
-#define POLARSSL_PLATFORM_STD_EXIT MBEDTLS_PLATFORM_STD_EXIT
-#endif
-#if defined MBEDTLS_PLATFORM_STD_FPRINTF
-#define POLARSSL_PLATFORM_STD_FPRINTF MBEDTLS_PLATFORM_STD_FPRINTF
-#endif
-#if defined MBEDTLS_PLATFORM_STD_FREE
-#define POLARSSL_PLATFORM_STD_FREE MBEDTLS_PLATFORM_STD_FREE
-#endif
-#if defined MBEDTLS_PLATFORM_STD_MEM_HDR
-#define POLARSSL_PLATFORM_STD_MEM_HDR MBEDTLS_PLATFORM_STD_MEM_HDR
-#endif
-#if defined MBEDTLS_PLATFORM_STD_PRINTF
-#define POLARSSL_PLATFORM_STD_PRINTF MBEDTLS_PLATFORM_STD_PRINTF
-#endif
-#if defined MBEDTLS_PLATFORM_STD_SNPRINTF
-#define POLARSSL_PLATFORM_STD_SNPRINTF MBEDTLS_PLATFORM_STD_SNPRINTF
-#endif
-#if defined MBEDTLS_PSK_MAX_LEN
-#define POLARSSL_PSK_MAX_LEN MBEDTLS_PSK_MAX_LEN
-#endif
-#if defined MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-#define POLARSSL_REMOVE_ARC4_CIPHERSUITES MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-#endif
-#if defined MBEDTLS_RIPEMD160_ALT
-#define POLARSSL_RIPEMD160_ALT MBEDTLS_RIPEMD160_ALT
-#endif
-#if defined MBEDTLS_RIPEMD160_C
-#define POLARSSL_RIPEMD160_C MBEDTLS_RIPEMD160_C
-#endif
-#if defined MBEDTLS_RIPEMD160_PROCESS_ALT
-#define POLARSSL_RIPEMD160_PROCESS_ALT MBEDTLS_RIPEMD160_PROCESS_ALT
-#endif
-#if defined MBEDTLS_RSA_C
-#define POLARSSL_RSA_C MBEDTLS_RSA_C
-#endif
-#if defined MBEDTLS_RSA_NO_CRT
-#define POLARSSL_RSA_NO_CRT MBEDTLS_RSA_NO_CRT
-#endif
-#if defined MBEDTLS_SELF_TEST
-#define POLARSSL_SELF_TEST MBEDTLS_SELF_TEST
-#endif
-#if defined MBEDTLS_SHA1_ALT
-#define POLARSSL_SHA1_ALT MBEDTLS_SHA1_ALT
-#endif
-#if defined MBEDTLS_SHA1_C
-#define POLARSSL_SHA1_C MBEDTLS_SHA1_C
-#endif
-#if defined MBEDTLS_SHA1_PROCESS_ALT
-#define POLARSSL_SHA1_PROCESS_ALT MBEDTLS_SHA1_PROCESS_ALT
-#endif
-#if defined MBEDTLS_SHA256_ALT
-#define POLARSSL_SHA256_ALT MBEDTLS_SHA256_ALT
-#endif
-#if defined MBEDTLS_SHA256_C
-#define POLARSSL_SHA256_C MBEDTLS_SHA256_C
-#endif
-#if defined MBEDTLS_SHA256_PROCESS_ALT
-#define POLARSSL_SHA256_PROCESS_ALT MBEDTLS_SHA256_PROCESS_ALT
-#endif
-#if defined MBEDTLS_SHA512_ALT
-#define POLARSSL_SHA512_ALT MBEDTLS_SHA512_ALT
-#endif
-#if defined MBEDTLS_SHA512_C
-#define POLARSSL_SHA512_C MBEDTLS_SHA512_C
-#endif
-#if defined MBEDTLS_SHA512_PROCESS_ALT
-#define POLARSSL_SHA512_PROCESS_ALT MBEDTLS_SHA512_PROCESS_ALT
-#endif
-#if defined MBEDTLS_SSL_ALL_ALERT_MESSAGES
-#define POLARSSL_SSL_ALL_ALERT_MESSAGES MBEDTLS_SSL_ALL_ALERT_MESSAGES
-#endif
-#if defined MBEDTLS_SSL_ALPN
-#define POLARSSL_SSL_ALPN MBEDTLS_SSL_ALPN
-#endif
-#if defined MBEDTLS_SSL_CACHE_C
-#define POLARSSL_SSL_CACHE_C MBEDTLS_SSL_CACHE_C
-#endif
-#if defined MBEDTLS_SSL_CBC_RECORD_SPLITTING
-#define POLARSSL_SSL_CBC_RECORD_SPLITTING MBEDTLS_SSL_CBC_RECORD_SPLITTING
-#endif
-#if defined MBEDTLS_SSL_CLI_C
-#define POLARSSL_SSL_CLI_C MBEDTLS_SSL_CLI_C
-#endif
-#if defined MBEDTLS_SSL_COOKIE_C
-#define POLARSSL_SSL_COOKIE_C MBEDTLS_SSL_COOKIE_C
-#endif
-#if defined MBEDTLS_SSL_COOKIE_TIMEOUT
-#define POLARSSL_SSL_COOKIE_TIMEOUT MBEDTLS_SSL_COOKIE_TIMEOUT
-#endif
-#if defined MBEDTLS_SSL_DEBUG_ALL
-#define POLARSSL_SSL_DEBUG_ALL MBEDTLS_SSL_DEBUG_ALL
-#endif
-#if defined MBEDTLS_SSL_DTLS_ANTI_REPLAY
-#define POLARSSL_SSL_DTLS_ANTI_REPLAY MBEDTLS_SSL_DTLS_ANTI_REPLAY
-#endif
-#if defined MBEDTLS_SSL_DTLS_BADMAC_LIMIT
-#define POLARSSL_SSL_DTLS_BADMAC_LIMIT MBEDTLS_SSL_DTLS_BADMAC_LIMIT
-#endif
-#if defined MBEDTLS_SSL_DTLS_HELLO_VERIFY
-#define POLARSSL_SSL_DTLS_HELLO_VERIFY MBEDTLS_SSL_DTLS_HELLO_VERIFY
-#endif
-#if defined MBEDTLS_SSL_ENCRYPT_THEN_MAC
-#define POLARSSL_SSL_ENCRYPT_THEN_MAC MBEDTLS_SSL_ENCRYPT_THEN_MAC
-#endif
-#if defined MBEDTLS_SSL_EXTENDED_MASTER_SECRET
-#define POLARSSL_SSL_EXTENDED_MASTER_SECRET MBEDTLS_SSL_EXTENDED_MASTER_SECRET
-#endif
-#if defined MBEDTLS_SSL_FALLBACK_SCSV
-#define POLARSSL_SSL_FALLBACK_SCSV MBEDTLS_SSL_FALLBACK_SCSV
-#endif
-#if defined MBEDTLS_SSL_HW_RECORD_ACCEL
-#define POLARSSL_SSL_HW_RECORD_ACCEL MBEDTLS_SSL_HW_RECORD_ACCEL
-#endif
-#if defined MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-#define POLARSSL_SSL_MAX_FRAGMENT_LENGTH MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-#endif
-#if defined MBEDTLS_SSL_PROTO_DTLS
-#define POLARSSL_SSL_PROTO_DTLS MBEDTLS_SSL_PROTO_DTLS
-#endif
-#if defined MBEDTLS_SSL_PROTO_SSL3
-#define POLARSSL_SSL_PROTO_SSL3 MBEDTLS_SSL_PROTO_SSL3
-#endif
-#if defined MBEDTLS_SSL_PROTO_TLS1
-#define POLARSSL_SSL_PROTO_TLS1 MBEDTLS_SSL_PROTO_TLS1
-#endif
-#if defined MBEDTLS_SSL_PROTO_TLS1_1
-#define POLARSSL_SSL_PROTO_TLS1_1 MBEDTLS_SSL_PROTO_TLS1_1
-#endif
-#if defined MBEDTLS_SSL_PROTO_TLS1_2
-#define POLARSSL_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_2
-#endif
-#if defined MBEDTLS_SSL_RENEGOTIATION
-#define POLARSSL_SSL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION
-#endif
-#if defined MBEDTLS_SSL_SERVER_NAME_INDICATION
-#define POLARSSL_SSL_SERVER_NAME_INDICATION MBEDTLS_SSL_SERVER_NAME_INDICATION
-#endif
-#if defined MBEDTLS_SSL_SESSION_TICKETS
-#define POLARSSL_SSL_SESSION_TICKETS MBEDTLS_SSL_SESSION_TICKETS
-#endif
-#if defined MBEDTLS_SSL_SRV_C
-#define POLARSSL_SSL_SRV_C MBEDTLS_SSL_SRV_C
-#endif
-#if defined MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
-#define POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
-#endif
-#if defined MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
-#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
-#endif
-#if defined MBEDTLS_SSL_TLS_C
-#define POLARSSL_SSL_TLS_C MBEDTLS_SSL_TLS_C
-#endif
-#if defined MBEDTLS_SSL_TRUNCATED_HMAC
-#define POLARSSL_SSL_TRUNCATED_HMAC MBEDTLS_SSL_TRUNCATED_HMAC
-#endif
-#if defined MBEDTLS_THREADING_ALT
-#define POLARSSL_THREADING_ALT MBEDTLS_THREADING_ALT
-#endif
-#if defined MBEDTLS_THREADING_C
-#define POLARSSL_THREADING_C MBEDTLS_THREADING_C
-#endif
-#if defined MBEDTLS_THREADING_PTHREAD
-#define POLARSSL_THREADING_PTHREAD MBEDTLS_THREADING_PTHREAD
-#endif
-#if defined MBEDTLS_TIMING_ALT
-#define POLARSSL_TIMING_ALT MBEDTLS_TIMING_ALT
-#endif
-#if defined MBEDTLS_TIMING_C
-#define POLARSSL_TIMING_C MBEDTLS_TIMING_C
-#endif
-#if defined MBEDTLS_VERSION_C
-#define POLARSSL_VERSION_C MBEDTLS_VERSION_C
-#endif
-#if defined MBEDTLS_VERSION_FEATURES
-#define POLARSSL_VERSION_FEATURES MBEDTLS_VERSION_FEATURES
-#endif
-#if defined MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
-#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
-#endif
-#if defined MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-#endif
-#if defined MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
-#define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
-#endif
-#if defined MBEDTLS_X509_CHECK_KEY_USAGE
-#define POLARSSL_X509_CHECK_KEY_USAGE MBEDTLS_X509_CHECK_KEY_USAGE
-#endif
-#if defined MBEDTLS_X509_CREATE_C
-#define POLARSSL_X509_CREATE_C MBEDTLS_X509_CREATE_C
-#endif
-#if defined MBEDTLS_X509_CRL_PARSE_C
-#define POLARSSL_X509_CRL_PARSE_C MBEDTLS_X509_CRL_PARSE_C
-#endif
-#if defined MBEDTLS_X509_CRT_PARSE_C
-#define POLARSSL_X509_CRT_PARSE_C MBEDTLS_X509_CRT_PARSE_C
-#endif
-#if defined MBEDTLS_X509_CRT_WRITE_C
-#define POLARSSL_X509_CRT_WRITE_C MBEDTLS_X509_CRT_WRITE_C
-#endif
-#if defined MBEDTLS_X509_CSR_PARSE_C
-#define POLARSSL_X509_CSR_PARSE_C MBEDTLS_X509_CSR_PARSE_C
-#endif
-#if defined MBEDTLS_X509_CSR_WRITE_C
-#define POLARSSL_X509_CSR_WRITE_C MBEDTLS_X509_CSR_WRITE_C
-#endif
-#if defined MBEDTLS_X509_MAX_INTERMEDIATE_CA
-#define POLARSSL_X509_MAX_INTERMEDIATE_CA MBEDTLS_X509_MAX_INTERMEDIATE_CA
-#endif
-#if defined MBEDTLS_X509_RSASSA_PSS_SUPPORT
-#define POLARSSL_X509_RSASSA_PSS_SUPPORT MBEDTLS_X509_RSASSA_PSS_SUPPORT
-#endif
-#if defined MBEDTLS_X509_USE_C
-#define POLARSSL_X509_USE_C MBEDTLS_X509_USE_C
-#endif
-#if defined MBEDTLS_XTEA_ALT
-#define POLARSSL_XTEA_ALT MBEDTLS_XTEA_ALT
-#endif
-#if defined MBEDTLS_XTEA_C
-#define POLARSSL_XTEA_C MBEDTLS_XTEA_C
-#endif
-#if defined MBEDTLS_ZLIB_SUPPORT
-#define POLARSSL_ZLIB_SUPPORT MBEDTLS_ZLIB_SUPPORT
-#endif
-
-/*
- * Misc names (macros, types, functions, enum constants...)
- */
-#define AES_DECRYPT MBEDTLS_AES_DECRYPT
-#define AES_ENCRYPT MBEDTLS_AES_ENCRYPT
-#define ASN1_BIT_STRING MBEDTLS_ASN1_BIT_STRING
-#define ASN1_BMP_STRING MBEDTLS_ASN1_BMP_STRING
-#define ASN1_BOOLEAN MBEDTLS_ASN1_BOOLEAN
-#define ASN1_CHK_ADD MBEDTLS_ASN1_CHK_ADD
-#define ASN1_CONSTRUCTED MBEDTLS_ASN1_CONSTRUCTED
-#define ASN1_CONTEXT_SPECIFIC MBEDTLS_ASN1_CONTEXT_SPECIFIC
-#define ASN1_GENERALIZED_TIME MBEDTLS_ASN1_GENERALIZED_TIME
-#define ASN1_IA5_STRING MBEDTLS_ASN1_IA5_STRING
-#define ASN1_INTEGER MBEDTLS_ASN1_INTEGER
-#define ASN1_NULL MBEDTLS_ASN1_NULL
-#define ASN1_OCTET_STRING MBEDTLS_ASN1_OCTET_STRING
-#define ASN1_OID MBEDTLS_ASN1_OID
-#define ASN1_PRIMITIVE MBEDTLS_ASN1_PRIMITIVE
-#define ASN1_PRINTABLE_STRING MBEDTLS_ASN1_PRINTABLE_STRING
-#define ASN1_SEQUENCE MBEDTLS_ASN1_SEQUENCE
-#define ASN1_SET MBEDTLS_ASN1_SET
-#define ASN1_T61_STRING MBEDTLS_ASN1_T61_STRING
-#define ASN1_UNIVERSAL_STRING MBEDTLS_ASN1_UNIVERSAL_STRING
-#define ASN1_UTC_TIME MBEDTLS_ASN1_UTC_TIME
-#define ASN1_UTF8_STRING MBEDTLS_ASN1_UTF8_STRING
-#define BADCERT_CN_MISMATCH MBEDTLS_X509_BADCERT_CN_MISMATCH
-#define BADCERT_EXPIRED MBEDTLS_X509_BADCERT_EXPIRED
-#define BADCERT_FUTURE MBEDTLS_X509_BADCERT_FUTURE
-#define BADCERT_MISSING MBEDTLS_X509_BADCERT_MISSING
-#define BADCERT_NOT_TRUSTED MBEDTLS_X509_BADCERT_NOT_TRUSTED
-#define BADCERT_OTHER MBEDTLS_X509_BADCERT_OTHER
-#define BADCERT_REVOKED MBEDTLS_X509_BADCERT_REVOKED
-#define BADCERT_SKIP_VERIFY MBEDTLS_X509_BADCERT_SKIP_VERIFY
-#define BADCRL_EXPIRED MBEDTLS_X509_BADCRL_EXPIRED
-#define BADCRL_FUTURE MBEDTLS_X509_BADCRL_FUTURE
-#define BADCRL_NOT_TRUSTED MBEDTLS_X509_BADCRL_NOT_TRUSTED
-#define BLOWFISH_BLOCKSIZE MBEDTLS_BLOWFISH_BLOCKSIZE
-#define BLOWFISH_DECRYPT MBEDTLS_BLOWFISH_DECRYPT
-#define BLOWFISH_ENCRYPT MBEDTLS_BLOWFISH_ENCRYPT
-#define BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS
-#define BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS
-#define BLOWFISH_ROUNDS MBEDTLS_BLOWFISH_ROUNDS
-#define CAMELLIA_DECRYPT MBEDTLS_CAMELLIA_DECRYPT
-#define CAMELLIA_ENCRYPT MBEDTLS_CAMELLIA_ENCRYPT
-#define COLLECT_SIZE MBEDTLS_HAVEGE_COLLECT_SIZE
-#define CTR_DRBG_BLOCKSIZE MBEDTLS_CTR_DRBG_BLOCKSIZE
-#define CTR_DRBG_ENTROPY_LEN MBEDTLS_CTR_DRBG_ENTROPY_LEN
-#define CTR_DRBG_KEYBITS MBEDTLS_CTR_DRBG_KEYBITS
-#define CTR_DRBG_KEYSIZE MBEDTLS_CTR_DRBG_KEYSIZE
-#define CTR_DRBG_MAX_INPUT MBEDTLS_CTR_DRBG_MAX_INPUT
-#define CTR_DRBG_MAX_REQUEST MBEDTLS_CTR_DRBG_MAX_REQUEST
-#define CTR_DRBG_MAX_SEED_INPUT MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
-#define CTR_DRBG_PR_OFF MBEDTLS_CTR_DRBG_PR_OFF
-#define CTR_DRBG_PR_ON MBEDTLS_CTR_DRBG_PR_ON
-#define CTR_DRBG_RESEED_INTERVAL MBEDTLS_CTR_DRBG_RESEED_INTERVAL
-#define CTR_DRBG_SEEDLEN MBEDTLS_CTR_DRBG_SEEDLEN
-#define DEPRECATED MBEDTLS_DEPRECATED
-#define DES_DECRYPT MBEDTLS_DES_DECRYPT
-#define DES_ENCRYPT MBEDTLS_DES_ENCRYPT
-#define DES_KEY_SIZE MBEDTLS_DES_KEY_SIZE
-#define ENTROPY_BLOCK_SIZE MBEDTLS_ENTROPY_BLOCK_SIZE
-#define ENTROPY_MAX_GATHER MBEDTLS_ENTROPY_MAX_GATHER
-#define ENTROPY_MAX_SEED_SIZE MBEDTLS_ENTROPY_MAX_SEED_SIZE
-#define ENTROPY_MAX_SOURCES MBEDTLS_ENTROPY_MAX_SOURCES
-#define ENTROPY_MIN_HARDCLOCK MBEDTLS_ENTROPY_MIN_HARDCLOCK
-#define ENTROPY_MIN_HAVEGE MBEDTLS_ENTROPY_MIN_HAVEGE
-#define ENTROPY_MIN_PLATFORM MBEDTLS_ENTROPY_MIN_PLATFORM
-#define ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_SOURCE_MANUAL
-#define EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER
-#define EXT_BASIC_CONSTRAINTS MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
-#define EXT_CERTIFICATE_POLICIES MBEDTLS_X509_EXT_CERTIFICATE_POLICIES
-#define EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS
-#define EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
-#define EXT_FRESHEST_CRL MBEDTLS_X509_EXT_FRESHEST_CRL
-#define EXT_INIHIBIT_ANYPOLICY MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY
-#define EXT_ISSUER_ALT_NAME MBEDTLS_X509_EXT_ISSUER_ALT_NAME
-#define EXT_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE
-#define EXT_NAME_CONSTRAINTS MBEDTLS_X509_EXT_NAME_CONSTRAINTS
-#define EXT_NS_CERT_TYPE MBEDTLS_X509_EXT_NS_CERT_TYPE
-#define EXT_POLICY_CONSTRAINTS MBEDTLS_X509_EXT_POLICY_CONSTRAINTS
-#define EXT_POLICY_MAPPINGS MBEDTLS_X509_EXT_POLICY_MAPPINGS
-#define EXT_SUBJECT_ALT_NAME MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
-#define EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS
-#define EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER
-#define GCM_DECRYPT MBEDTLS_GCM_DECRYPT
-#define GCM_ENCRYPT MBEDTLS_GCM_ENCRYPT
-#define KU_CRL_SIGN MBEDTLS_X509_KU_CRL_SIGN
-#define KU_DATA_ENCIPHERMENT MBEDTLS_X509_KU_DATA_ENCIPHERMENT
-#define KU_DIGITAL_SIGNATURE MBEDTLS_X509_KU_DIGITAL_SIGNATURE
-#define KU_KEY_AGREEMENT MBEDTLS_X509_KU_KEY_AGREEMENT
-#define KU_KEY_CERT_SIGN MBEDTLS_X509_KU_KEY_CERT_SIGN
-#define KU_KEY_ENCIPHERMENT MBEDTLS_X509_KU_KEY_ENCIPHERMENT
-#define KU_NON_REPUDIATION MBEDTLS_X509_KU_NON_REPUDIATION
-#define LN_2_DIV_LN_10_SCALE100 MBEDTLS_LN_2_DIV_LN_10_SCALE100
-#define MEMORY_VERIFY_ALLOC MBEDTLS_MEMORY_VERIFY_ALLOC
-#define MEMORY_VERIFY_ALWAYS MBEDTLS_MEMORY_VERIFY_ALWAYS
-#define MEMORY_VERIFY_FREE MBEDTLS_MEMORY_VERIFY_FREE
-#define MEMORY_VERIFY_NONE MBEDTLS_MEMORY_VERIFY_NONE
-#define MPI_CHK MBEDTLS_MPI_CHK
-#define NET_PROTO_TCP MBEDTLS_NET_PROTO_TCP
-#define NET_PROTO_UDP MBEDTLS_NET_PROTO_UDP
-#define NS_CERT_TYPE_EMAIL MBEDTLS_X509_NS_CERT_TYPE_EMAIL
-#define NS_CERT_TYPE_EMAIL_CA MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA
-#define NS_CERT_TYPE_OBJECT_SIGNING MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING
-#define NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA
-#define NS_CERT_TYPE_RESERVED MBEDTLS_X509_NS_CERT_TYPE_RESERVED
-#define NS_CERT_TYPE_SSL_CA MBEDTLS_X509_NS_CERT_TYPE_SSL_CA
-#define NS_CERT_TYPE_SSL_CLIENT MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT
-#define NS_CERT_TYPE_SSL_SERVER MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
-#define OID_ANSI_X9_62 MBEDTLS_OID_ANSI_X9_62
-#define OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE
-#define OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD
-#define OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62_SIG
-#define OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2
-#define OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE
-#define OID_AT MBEDTLS_OID_AT
-#define OID_AT_CN MBEDTLS_OID_AT_CN
-#define OID_AT_COUNTRY MBEDTLS_OID_AT_COUNTRY
-#define OID_AT_DN_QUALIFIER MBEDTLS_OID_AT_DN_QUALIFIER
-#define OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT_GENERATION_QUALIFIER
-#define OID_AT_GIVEN_NAME MBEDTLS_OID_AT_GIVEN_NAME
-#define OID_AT_INITIALS MBEDTLS_OID_AT_INITIALS
-#define OID_AT_LOCALITY MBEDTLS_OID_AT_LOCALITY
-#define OID_AT_ORGANIZATION MBEDTLS_OID_AT_ORGANIZATION
-#define OID_AT_ORG_UNIT MBEDTLS_OID_AT_ORG_UNIT
-#define OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT_POSTAL_ADDRESS
-#define OID_AT_POSTAL_CODE MBEDTLS_OID_AT_POSTAL_CODE
-#define OID_AT_PSEUDONYM MBEDTLS_OID_AT_PSEUDONYM
-#define OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT_SERIAL_NUMBER
-#define OID_AT_STATE MBEDTLS_OID_AT_STATE
-#define OID_AT_SUR_NAME MBEDTLS_OID_AT_SUR_NAME
-#define OID_AT_TITLE MBEDTLS_OID_AT_TITLE
-#define OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT_UNIQUE_IDENTIFIER
-#define OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER
-#define OID_BASIC_CONSTRAINTS MBEDTLS_OID_BASIC_CONSTRAINTS
-#define OID_CERTICOM MBEDTLS_OID_CERTICOM
-#define OID_CERTIFICATE_POLICIES MBEDTLS_OID_CERTIFICATE_POLICIES
-#define OID_CLIENT_AUTH MBEDTLS_OID_CLIENT_AUTH
-#define OID_CMP MBEDTLS_OID_CMP
-#define OID_CODE_SIGNING MBEDTLS_OID_CODE_SIGNING
-#define OID_COUNTRY_US MBEDTLS_OID_COUNTRY_US
-#define OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_CRL_DISTRIBUTION_POINTS
-#define OID_CRL_NUMBER MBEDTLS_OID_CRL_NUMBER
-#define OID_DES_CBC MBEDTLS_OID_DES_CBC
-#define OID_DES_EDE3_CBC MBEDTLS_OID_DES_EDE3_CBC
-#define OID_DIGEST_ALG_MD2 MBEDTLS_OID_DIGEST_ALG_MD2
-#define OID_DIGEST_ALG_MD4 MBEDTLS_OID_DIGEST_ALG_MD4
-#define OID_DIGEST_ALG_MD5 MBEDTLS_OID_DIGEST_ALG_MD5
-#define OID_DIGEST_ALG_SHA1 MBEDTLS_OID_DIGEST_ALG_SHA1
-#define OID_DIGEST_ALG_SHA224 MBEDTLS_OID_DIGEST_ALG_SHA224
-#define OID_DIGEST_ALG_SHA256 MBEDTLS_OID_DIGEST_ALG_SHA256
-#define OID_DIGEST_ALG_SHA384 MBEDTLS_OID_DIGEST_ALG_SHA384
-#define OID_DIGEST_ALG_SHA512 MBEDTLS_OID_DIGEST_ALG_SHA512
-#define OID_DOMAIN_COMPONENT MBEDTLS_OID_DOMAIN_COMPONENT
-#define OID_ECDSA_SHA1 MBEDTLS_OID_ECDSA_SHA1
-#define OID_ECDSA_SHA224 MBEDTLS_OID_ECDSA_SHA224
-#define OID_ECDSA_SHA256 MBEDTLS_OID_ECDSA_SHA256
-#define OID_ECDSA_SHA384 MBEDTLS_OID_ECDSA_SHA384
-#define OID_ECDSA_SHA512 MBEDTLS_OID_ECDSA_SHA512
-#define OID_EC_ALG_ECDH MBEDTLS_OID_EC_ALG_ECDH
-#define OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_EC_ALG_UNRESTRICTED
-#define OID_EC_BRAINPOOL_V1 MBEDTLS_OID_EC_BRAINPOOL_V1
-#define OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_GRP_BP256R1
-#define OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_GRP_BP384R1
-#define OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_GRP_BP512R1
-#define OID_EC_GRP_SECP192K1 MBEDTLS_OID_EC_GRP_SECP192K1
-#define OID_EC_GRP_SECP192R1 MBEDTLS_OID_EC_GRP_SECP192R1
-#define OID_EC_GRP_SECP224K1 MBEDTLS_OID_EC_GRP_SECP224K1
-#define OID_EC_GRP_SECP224R1 MBEDTLS_OID_EC_GRP_SECP224R1
-#define OID_EC_GRP_SECP256K1 MBEDTLS_OID_EC_GRP_SECP256K1
-#define OID_EC_GRP_SECP256R1 MBEDTLS_OID_EC_GRP_SECP256R1
-#define OID_EC_GRP_SECP384R1 MBEDTLS_OID_EC_GRP_SECP384R1
-#define OID_EC_GRP_SECP521R1 MBEDTLS_OID_EC_GRP_SECP521R1
-#define OID_EMAIL_PROTECTION MBEDTLS_OID_EMAIL_PROTECTION
-#define OID_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE
-#define OID_FRESHEST_CRL MBEDTLS_OID_FRESHEST_CRL
-#define OID_GOV MBEDTLS_OID_GOV
-#define OID_HMAC_SHA1 MBEDTLS_OID_HMAC_SHA1
-#define OID_ID_CE MBEDTLS_OID_ID_CE
-#define OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_INIHIBIT_ANYPOLICY
-#define OID_ISO_CCITT_DS MBEDTLS_OID_ISO_CCITT_DS
-#define OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ISO_IDENTIFIED_ORG
-#define OID_ISO_ITU_COUNTRY MBEDTLS_OID_ISO_ITU_COUNTRY
-#define OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_US_ORG
-#define OID_ISO_MEMBER_BODIES MBEDTLS_OID_ISO_MEMBER_BODIES
-#define OID_ISSUER_ALT_NAME MBEDTLS_OID_ISSUER_ALT_NAME
-#define OID_KEY_USAGE MBEDTLS_OID_KEY_USAGE
-#define OID_KP MBEDTLS_OID_KP
-#define OID_MGF1 MBEDTLS_OID_MGF1
-#define OID_NAME_CONSTRAINTS MBEDTLS_OID_NAME_CONSTRAINTS
-#define OID_NETSCAPE MBEDTLS_OID_NETSCAPE
-#define OID_NS_BASE_URL MBEDTLS_OID_NS_BASE_URL
-#define OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CA_POLICY_URL
-#define OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CA_REVOCATION_URL
-#define OID_NS_CERT MBEDTLS_OID_NS_CERT
-#define OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_CERT_SEQUENCE
-#define OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT_TYPE
-#define OID_NS_COMMENT MBEDTLS_OID_NS_COMMENT
-#define OID_NS_DATA_TYPE MBEDTLS_OID_NS_DATA_TYPE
-#define OID_NS_RENEWAL_URL MBEDTLS_OID_NS_RENEWAL_URL
-#define OID_NS_REVOCATION_URL MBEDTLS_OID_NS_REVOCATION_URL
-#define OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_SSL_SERVER_NAME
-#define OID_OCSP_SIGNING MBEDTLS_OID_OCSP_SIGNING
-#define OID_OIW_SECSIG MBEDTLS_OID_OIW_SECSIG
-#define OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG_ALG
-#define OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_SHA1
-#define OID_ORGANIZATION MBEDTLS_OID_ORGANIZATION
-#define OID_ORG_ANSI_X9_62 MBEDTLS_OID_ORG_ANSI_X9_62
-#define OID_ORG_CERTICOM MBEDTLS_OID_ORG_CERTICOM
-#define OID_ORG_DOD MBEDTLS_OID_ORG_DOD
-#define OID_ORG_GOV MBEDTLS_OID_ORG_GOV
-#define OID_ORG_NETSCAPE MBEDTLS_OID_ORG_NETSCAPE
-#define OID_ORG_OIW MBEDTLS_OID_ORG_OIW
-#define OID_ORG_RSA_DATA_SECURITY MBEDTLS_OID_ORG_RSA_DATA_SECURITY
-#define OID_ORG_TELETRUST MBEDTLS_OID_ORG_TELETRUST
-#define OID_PKCS MBEDTLS_OID_PKCS
-#define OID_PKCS1 MBEDTLS_OID_PKCS1
-#define OID_PKCS12 MBEDTLS_OID_PKCS12
-#define OID_PKCS12_PBE MBEDTLS_OID_PKCS12_PBE
-#define OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC
-#define OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC
-#define OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC
-#define OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC
-#define OID_PKCS12_PBE_SHA1_RC4_128 MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128
-#define OID_PKCS12_PBE_SHA1_RC4_40 MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40
-#define OID_PKCS1_MD2 MBEDTLS_OID_PKCS1_MD2
-#define OID_PKCS1_MD4 MBEDTLS_OID_PKCS1_MD4
-#define OID_PKCS1_MD5 MBEDTLS_OID_PKCS1_MD5
-#define OID_PKCS1_RSA MBEDTLS_OID_PKCS1_RSA
-#define OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1_SHA1
-#define OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1_SHA224
-#define OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1_SHA256
-#define OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1_SHA384
-#define OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1_SHA512
-#define OID_PKCS5 MBEDTLS_OID_PKCS5
-#define OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5_PBES2
-#define OID_PKCS5_PBE_MD2_DES_CBC MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC
-#define OID_PKCS5_PBE_MD2_RC2_CBC MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC
-#define OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC
-#define OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC
-#define OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC
-#define OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC
-#define OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5_PBKDF2
-#define OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5_PBMAC1
-#define OID_PKCS9 MBEDTLS_OID_PKCS9
-#define OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9_CSR_EXT_REQ
-#define OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9_EMAIL
-#define OID_PKIX MBEDTLS_OID_PKIX
-#define OID_POLICY_CONSTRAINTS MBEDTLS_OID_POLICY_CONSTRAINTS
-#define OID_POLICY_MAPPINGS MBEDTLS_OID_POLICY_MAPPINGS
-#define OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD
-#define OID_RSASSA_PSS MBEDTLS_OID_RSASSA_PSS
-#define OID_RSA_COMPANY MBEDTLS_OID_RSA_COMPANY
-#define OID_RSA_SHA_OBS MBEDTLS_OID_RSA_SHA_OBS
-#define OID_SERVER_AUTH MBEDTLS_OID_SERVER_AUTH
-#define OID_SIZE MBEDTLS_OID_SIZE
-#define OID_SUBJECT_ALT_NAME MBEDTLS_OID_SUBJECT_ALT_NAME
-#define OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS
-#define OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER
-#define OID_TELETRUST MBEDTLS_OID_TELETRUST
-#define OID_TIME_STAMPING MBEDTLS_OID_TIME_STAMPING
-#define PADLOCK_ACE MBEDTLS_PADLOCK_ACE
-#define PADLOCK_ALIGN16 MBEDTLS_PADLOCK_ALIGN16
-#define PADLOCK_PHE MBEDTLS_PADLOCK_PHE
-#define PADLOCK_PMM MBEDTLS_PADLOCK_PMM
-#define PADLOCK_RNG MBEDTLS_PADLOCK_RNG
-#define PKCS12_DERIVE_IV MBEDTLS_PKCS12_DERIVE_IV
-#define PKCS12_DERIVE_KEY MBEDTLS_PKCS12_DERIVE_KEY
-#define PKCS12_DERIVE_MAC_KEY MBEDTLS_PKCS12_DERIVE_MAC_KEY
-#define PKCS12_PBE_DECRYPT MBEDTLS_PKCS12_PBE_DECRYPT
-#define PKCS12_PBE_ENCRYPT MBEDTLS_PKCS12_PBE_ENCRYPT
-#define PKCS5_DECRYPT MBEDTLS_PKCS5_DECRYPT
-#define PKCS5_ENCRYPT MBEDTLS_PKCS5_ENCRYPT
-#define POLARSSL_AESNI_AES MBEDTLS_AESNI_AES
-#define POLARSSL_AESNI_CLMUL MBEDTLS_AESNI_CLMUL
-#define POLARSSL_AESNI_H MBEDTLS_AESNI_H
-#define POLARSSL_AES_H MBEDTLS_AES_H
-#define POLARSSL_ARC4_H MBEDTLS_ARC4_H
-#define POLARSSL_ASN1_H MBEDTLS_ASN1_H
-#define POLARSSL_ASN1_WRITE_H MBEDTLS_ASN1_WRITE_H
-#define POLARSSL_BASE64_H MBEDTLS_BASE64_H
-#define POLARSSL_BIGNUM_H MBEDTLS_BIGNUM_H
-#define POLARSSL_BLOWFISH_H MBEDTLS_BLOWFISH_H
-#define POLARSSL_BN_MUL_H MBEDTLS_BN_MUL_H
-#define POLARSSL_CAMELLIA_H MBEDTLS_CAMELLIA_H
-#define POLARSSL_CCM_H MBEDTLS_CCM_H
-#define POLARSSL_CERTS_H MBEDTLS_CERTS_H
-#define POLARSSL_CHECK_CONFIG_H MBEDTLS_CHECK_CONFIG_H
-#define POLARSSL_CIPHERSUITE_NODTLS MBEDTLS_CIPHERSUITE_NODTLS
-#define POLARSSL_CIPHERSUITE_SHORT_TAG MBEDTLS_CIPHERSUITE_SHORT_TAG
-#define POLARSSL_CIPHERSUITE_WEAK MBEDTLS_CIPHERSUITE_WEAK
-#define POLARSSL_CIPHER_AES_128_CBC MBEDTLS_CIPHER_AES_128_CBC
-#define POLARSSL_CIPHER_AES_128_CCM MBEDTLS_CIPHER_AES_128_CCM
-#define POLARSSL_CIPHER_AES_128_CFB128 MBEDTLS_CIPHER_AES_128_CFB128
-#define POLARSSL_CIPHER_AES_128_CTR MBEDTLS_CIPHER_AES_128_CTR
-#define POLARSSL_CIPHER_AES_128_ECB MBEDTLS_CIPHER_AES_128_ECB
-#define POLARSSL_CIPHER_AES_128_GCM MBEDTLS_CIPHER_AES_128_GCM
-#define POLARSSL_CIPHER_AES_192_CBC MBEDTLS_CIPHER_AES_192_CBC
-#define POLARSSL_CIPHER_AES_192_CCM MBEDTLS_CIPHER_AES_192_CCM
-#define POLARSSL_CIPHER_AES_192_CFB128 MBEDTLS_CIPHER_AES_192_CFB128
-#define POLARSSL_CIPHER_AES_192_CTR MBEDTLS_CIPHER_AES_192_CTR
-#define POLARSSL_CIPHER_AES_192_ECB MBEDTLS_CIPHER_AES_192_ECB
-#define POLARSSL_CIPHER_AES_192_GCM MBEDTLS_CIPHER_AES_192_GCM
-#define POLARSSL_CIPHER_AES_256_CBC MBEDTLS_CIPHER_AES_256_CBC
-#define POLARSSL_CIPHER_AES_256_CCM MBEDTLS_CIPHER_AES_256_CCM
-#define POLARSSL_CIPHER_AES_256_CFB128 MBEDTLS_CIPHER_AES_256_CFB128
-#define POLARSSL_CIPHER_AES_256_CTR MBEDTLS_CIPHER_AES_256_CTR
-#define POLARSSL_CIPHER_AES_256_ECB MBEDTLS_CIPHER_AES_256_ECB
-#define POLARSSL_CIPHER_AES_256_GCM MBEDTLS_CIPHER_AES_256_GCM
-#define POLARSSL_CIPHER_ARC4_128 MBEDTLS_CIPHER_ARC4_128
-#define POLARSSL_CIPHER_BLOWFISH_CBC MBEDTLS_CIPHER_BLOWFISH_CBC
-#define POLARSSL_CIPHER_BLOWFISH_CFB64 MBEDTLS_CIPHER_BLOWFISH_CFB64
-#define POLARSSL_CIPHER_BLOWFISH_CTR MBEDTLS_CIPHER_BLOWFISH_CTR
-#define POLARSSL_CIPHER_BLOWFISH_ECB MBEDTLS_CIPHER_BLOWFISH_ECB
-#define POLARSSL_CIPHER_CAMELLIA_128_CBC MBEDTLS_CIPHER_CAMELLIA_128_CBC
-#define POLARSSL_CIPHER_CAMELLIA_128_CCM MBEDTLS_CIPHER_CAMELLIA_128_CCM
-#define POLARSSL_CIPHER_CAMELLIA_128_CFB128 MBEDTLS_CIPHER_CAMELLIA_128_CFB128
-#define POLARSSL_CIPHER_CAMELLIA_128_CTR MBEDTLS_CIPHER_CAMELLIA_128_CTR
-#define POLARSSL_CIPHER_CAMELLIA_128_ECB MBEDTLS_CIPHER_CAMELLIA_128_ECB
-#define POLARSSL_CIPHER_CAMELLIA_128_GCM MBEDTLS_CIPHER_CAMELLIA_128_GCM
-#define POLARSSL_CIPHER_CAMELLIA_192_CBC MBEDTLS_CIPHER_CAMELLIA_192_CBC
-#define POLARSSL_CIPHER_CAMELLIA_192_CCM MBEDTLS_CIPHER_CAMELLIA_192_CCM
-#define POLARSSL_CIPHER_CAMELLIA_192_CFB128 MBEDTLS_CIPHER_CAMELLIA_192_CFB128
-#define POLARSSL_CIPHER_CAMELLIA_192_CTR MBEDTLS_CIPHER_CAMELLIA_192_CTR
-#define POLARSSL_CIPHER_CAMELLIA_192_ECB MBEDTLS_CIPHER_CAMELLIA_192_ECB
-#define POLARSSL_CIPHER_CAMELLIA_192_GCM MBEDTLS_CIPHER_CAMELLIA_192_GCM
-#define POLARSSL_CIPHER_CAMELLIA_256_CBC MBEDTLS_CIPHER_CAMELLIA_256_CBC
-#define POLARSSL_CIPHER_CAMELLIA_256_CCM MBEDTLS_CIPHER_CAMELLIA_256_CCM
-#define POLARSSL_CIPHER_CAMELLIA_256_CFB128 MBEDTLS_CIPHER_CAMELLIA_256_CFB128
-#define POLARSSL_CIPHER_CAMELLIA_256_CTR MBEDTLS_CIPHER_CAMELLIA_256_CTR
-#define POLARSSL_CIPHER_CAMELLIA_256_ECB MBEDTLS_CIPHER_CAMELLIA_256_ECB
-#define POLARSSL_CIPHER_CAMELLIA_256_GCM MBEDTLS_CIPHER_CAMELLIA_256_GCM
-#define POLARSSL_CIPHER_DES_CBC MBEDTLS_CIPHER_DES_CBC
-#define POLARSSL_CIPHER_DES_ECB MBEDTLS_CIPHER_DES_ECB
-#define POLARSSL_CIPHER_DES_EDE3_CBC MBEDTLS_CIPHER_DES_EDE3_CBC
-#define POLARSSL_CIPHER_DES_EDE3_ECB MBEDTLS_CIPHER_DES_EDE3_ECB
-#define POLARSSL_CIPHER_DES_EDE_CBC MBEDTLS_CIPHER_DES_EDE_CBC
-#define POLARSSL_CIPHER_DES_EDE_ECB MBEDTLS_CIPHER_DES_EDE_ECB
-#define POLARSSL_CIPHER_H MBEDTLS_CIPHER_H
-#define POLARSSL_CIPHER_ID_3DES MBEDTLS_CIPHER_ID_3DES
-#define POLARSSL_CIPHER_ID_AES MBEDTLS_CIPHER_ID_AES
-#define POLARSSL_CIPHER_ID_ARC4 MBEDTLS_CIPHER_ID_ARC4
-#define POLARSSL_CIPHER_ID_BLOWFISH MBEDTLS_CIPHER_ID_BLOWFISH
-#define POLARSSL_CIPHER_ID_CAMELLIA MBEDTLS_CIPHER_ID_CAMELLIA
-#define POLARSSL_CIPHER_ID_DES MBEDTLS_CIPHER_ID_DES
-#define POLARSSL_CIPHER_ID_NONE MBEDTLS_CIPHER_ID_NONE
-#define POLARSSL_CIPHER_ID_NULL MBEDTLS_CIPHER_ID_NULL
-#define POLARSSL_CIPHER_MODE_AEAD MBEDTLS_CIPHER_MODE_AEAD
-#define POLARSSL_CIPHER_MODE_STREAM MBEDTLS_CIPHER_MODE_STREAM
-#define POLARSSL_CIPHER_MODE_WITH_PADDING MBEDTLS_CIPHER_MODE_WITH_PADDING
-#define POLARSSL_CIPHER_NONE MBEDTLS_CIPHER_NONE
-#define POLARSSL_CIPHER_NULL MBEDTLS_CIPHER_NULL
-#define POLARSSL_CIPHER_VARIABLE_IV_LEN MBEDTLS_CIPHER_VARIABLE_IV_LEN
-#define POLARSSL_CIPHER_VARIABLE_KEY_LEN MBEDTLS_CIPHER_VARIABLE_KEY_LEN
-#define POLARSSL_CIPHER_WRAP_H MBEDTLS_CIPHER_WRAP_H
-#define POLARSSL_CONFIG_H MBEDTLS_CONFIG_H
-#define POLARSSL_CTR_DRBG_H MBEDTLS_CTR_DRBG_H
-#define POLARSSL_DEBUG_H MBEDTLS_DEBUG_H
-#define POLARSSL_DECRYPT MBEDTLS_DECRYPT
-#define POLARSSL_DES_H MBEDTLS_DES_H
-#define POLARSSL_DHM_H MBEDTLS_DHM_H
-#define POLARSSL_DHM_RFC3526_MODP_2048_G MBEDTLS_DHM_RFC3526_MODP_2048_G
-#define POLARSSL_DHM_RFC3526_MODP_2048_P MBEDTLS_DHM_RFC3526_MODP_2048_P
-#define POLARSSL_DHM_RFC3526_MODP_3072_G MBEDTLS_DHM_RFC3526_MODP_3072_G
-#define POLARSSL_DHM_RFC3526_MODP_3072_P MBEDTLS_DHM_RFC3526_MODP_3072_P
-#define POLARSSL_DHM_RFC5114_MODP_2048_G MBEDTLS_DHM_RFC5114_MODP_2048_G
-#define POLARSSL_DHM_RFC5114_MODP_2048_P MBEDTLS_DHM_RFC5114_MODP_2048_P
-#define POLARSSL_ECDH_H MBEDTLS_ECDH_H
-#define POLARSSL_ECDH_OURS MBEDTLS_ECDH_OURS
-#define POLARSSL_ECDH_THEIRS MBEDTLS_ECDH_THEIRS
-#define POLARSSL_ECDSA_H MBEDTLS_ECDSA_H
-#define POLARSSL_ECP_DP_BP256R1 MBEDTLS_ECP_DP_BP256R1
-#define POLARSSL_ECP_DP_BP384R1 MBEDTLS_ECP_DP_BP384R1
-#define POLARSSL_ECP_DP_BP512R1 MBEDTLS_ECP_DP_BP512R1
-#define POLARSSL_ECP_DP_M255 MBEDTLS_ECP_DP_CURVE25519
-#define POLARSSL_ECP_DP_MAX MBEDTLS_ECP_DP_MAX
-#define POLARSSL_ECP_DP_NONE MBEDTLS_ECP_DP_NONE
-#define POLARSSL_ECP_DP_SECP192K1 MBEDTLS_ECP_DP_SECP192K1
-#define POLARSSL_ECP_DP_SECP192R1 MBEDTLS_ECP_DP_SECP192R1
-#define POLARSSL_ECP_DP_SECP224K1 MBEDTLS_ECP_DP_SECP224K1
-#define POLARSSL_ECP_DP_SECP224R1 MBEDTLS_ECP_DP_SECP224R1
-#define POLARSSL_ECP_DP_SECP256K1 MBEDTLS_ECP_DP_SECP256K1
-#define POLARSSL_ECP_DP_SECP256R1 MBEDTLS_ECP_DP_SECP256R1
-#define POLARSSL_ECP_DP_SECP384R1 MBEDTLS_ECP_DP_SECP384R1
-#define POLARSSL_ECP_DP_SECP521R1 MBEDTLS_ECP_DP_SECP521R1
-#define POLARSSL_ECP_H MBEDTLS_ECP_H
-#define POLARSSL_ECP_MAX_BYTES MBEDTLS_ECP_MAX_BYTES
-#define POLARSSL_ECP_MAX_PT_LEN MBEDTLS_ECP_MAX_PT_LEN
-#define POLARSSL_ECP_PF_COMPRESSED MBEDTLS_ECP_PF_COMPRESSED
-#define POLARSSL_ECP_PF_UNCOMPRESSED MBEDTLS_ECP_PF_UNCOMPRESSED
-#define POLARSSL_ECP_TLS_NAMED_CURVE MBEDTLS_ECP_TLS_NAMED_CURVE
-#define POLARSSL_ENCRYPT MBEDTLS_ENCRYPT
-#define POLARSSL_ENTROPY_H MBEDTLS_ENTROPY_H
-#define POLARSSL_ENTROPY_POLL_H MBEDTLS_ENTROPY_POLL_H
-#define POLARSSL_ENTROPY_SHA256_ACCUMULATOR MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
-#define POLARSSL_ENTROPY_SHA512_ACCUMULATOR MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
-#define POLARSSL_ERROR_H MBEDTLS_ERROR_H
-#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
-#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
-#define POLARSSL_ERR_ASN1_BUF_TOO_SMALL MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
-#define POLARSSL_ERR_ASN1_INVALID_DATA MBEDTLS_ERR_ASN1_INVALID_DATA
-#define POLARSSL_ERR_ASN1_INVALID_LENGTH MBEDTLS_ERR_ASN1_INVALID_LENGTH
-#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-#define POLARSSL_ERR_ASN1_MALLOC_FAILED MBEDTLS_ERR_ASN1_ALLOC_FAILED
-#define POLARSSL_ERR_ASN1_OUT_OF_DATA MBEDTLS_ERR_ASN1_OUT_OF_DATA
-#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL
-#define POLARSSL_ERR_BASE64_INVALID_CHARACTER MBEDTLS_ERR_BASE64_INVALID_CHARACTER
-#define POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
-#define POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
-#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
-#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
-#define POLARSSL_ERR_CCM_AUTH_FAILED MBEDTLS_ERR_CCM_AUTH_FAILED
-#define POLARSSL_ERR_CCM_BAD_INPUT MBEDTLS_ERR_CCM_BAD_INPUT
-#define POLARSSL_ERR_CIPHER_ALLOC_FAILED MBEDTLS_ERR_CIPHER_ALLOC_FAILED
-#define POLARSSL_ERR_CIPHER_AUTH_FAILED MBEDTLS_ERR_CIPHER_AUTH_FAILED
-#define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
-#define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-#define POLARSSL_ERR_CIPHER_INVALID_PADDING MBEDTLS_ERR_CIPHER_INVALID_PADDING
-#define POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
-#define POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR
-#define POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG
-#define POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
-#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
-#define POLARSSL_ERR_DHM_BAD_INPUT_DATA MBEDTLS_ERR_DHM_BAD_INPUT_DATA
-#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED MBEDTLS_ERR_DHM_CALC_SECRET_FAILED
-#define POLARSSL_ERR_DHM_FILE_IO_ERROR MBEDTLS_ERR_DHM_FILE_IO_ERROR
-#define POLARSSL_ERR_DHM_INVALID_FORMAT MBEDTLS_ERR_DHM_INVALID_FORMAT
-#define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED
-#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED
-#define POLARSSL_ERR_DHM_MALLOC_FAILED MBEDTLS_ERR_DHM_ALLOC_FAILED
-#define POLARSSL_ERR_DHM_READ_PARAMS_FAILED MBEDTLS_ERR_DHM_READ_PARAMS_FAILED
-#define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED
-#define POLARSSL_ERR_ECP_BAD_INPUT_DATA MBEDTLS_ERR_ECP_BAD_INPUT_DATA
-#define POLARSSL_ERR_ECP_BUFFER_TOO_SMALL MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
-#define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_ECP_INVALID_KEY MBEDTLS_ERR_ECP_INVALID_KEY
-#define POLARSSL_ERR_ECP_MALLOC_FAILED MBEDTLS_ERR_ECP_ALLOC_FAILED
-#define POLARSSL_ERR_ECP_RANDOM_FAILED MBEDTLS_ERR_ECP_RANDOM_FAILED
-#define POLARSSL_ERR_ECP_SIG_LEN_MISMATCH MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH
-#define POLARSSL_ERR_ECP_VERIFY_FAILED MBEDTLS_ERR_ECP_VERIFY_FAILED
-#define POLARSSL_ERR_ENTROPY_FILE_IO_ERROR MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR
-#define POLARSSL_ERR_ENTROPY_MAX_SOURCES MBEDTLS_ERR_ENTROPY_MAX_SOURCES
-#define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED
-#define POLARSSL_ERR_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
-#define POLARSSL_ERR_GCM_AUTH_FAILED MBEDTLS_ERR_GCM_AUTH_FAILED
-#define POLARSSL_ERR_GCM_BAD_INPUT MBEDTLS_ERR_GCM_BAD_INPUT
-#define POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
-#define POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
-#define POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
-#define POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
-#define POLARSSL_ERR_MD_ALLOC_FAILED MBEDTLS_ERR_MD_ALLOC_FAILED
-#define POLARSSL_ERR_MD_BAD_INPUT_DATA MBEDTLS_ERR_MD_BAD_INPUT_DATA
-#define POLARSSL_ERR_MD_FEATURE_UNAVAILABLE MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_MD_FILE_IO_ERROR MBEDTLS_ERR_MD_FILE_IO_ERROR
-#define POLARSSL_ERR_MPI_BAD_INPUT_DATA MBEDTLS_ERR_MPI_BAD_INPUT_DATA
-#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
-#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
-#define POLARSSL_ERR_MPI_FILE_IO_ERROR MBEDTLS_ERR_MPI_FILE_IO_ERROR
-#define POLARSSL_ERR_MPI_INVALID_CHARACTER MBEDTLS_ERR_MPI_INVALID_CHARACTER
-#define POLARSSL_ERR_MPI_MALLOC_FAILED MBEDTLS_ERR_MPI_ALLOC_FAILED
-#define POLARSSL_ERR_MPI_NEGATIVE_VALUE MBEDTLS_ERR_MPI_NEGATIVE_VALUE
-#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
-#define POLARSSL_ERR_NET_ACCEPT_FAILED MBEDTLS_ERR_NET_ACCEPT_FAILED
-#define POLARSSL_ERR_NET_BIND_FAILED MBEDTLS_ERR_NET_BIND_FAILED
-#define POLARSSL_ERR_NET_CONNECT_FAILED MBEDTLS_ERR_NET_CONNECT_FAILED
-#define POLARSSL_ERR_NET_CONN_RESET MBEDTLS_ERR_NET_CONN_RESET
-#define POLARSSL_ERR_NET_LISTEN_FAILED MBEDTLS_ERR_NET_LISTEN_FAILED
-#define POLARSSL_ERR_NET_RECV_FAILED MBEDTLS_ERR_NET_RECV_FAILED
-#define POLARSSL_ERR_NET_SEND_FAILED MBEDTLS_ERR_NET_SEND_FAILED
-#define POLARSSL_ERR_NET_SOCKET_FAILED MBEDTLS_ERR_NET_SOCKET_FAILED
-#define POLARSSL_ERR_NET_TIMEOUT MBEDTLS_ERR_SSL_TIMEOUT
-#define POLARSSL_ERR_NET_UNKNOWN_HOST MBEDTLS_ERR_NET_UNKNOWN_HOST
-#define POLARSSL_ERR_NET_WANT_READ MBEDTLS_ERR_SSL_WANT_READ
-#define POLARSSL_ERR_NET_WANT_WRITE MBEDTLS_ERR_SSL_WANT_WRITE
-#define POLARSSL_ERR_OID_BUF_TOO_SMALL MBEDTLS_ERR_OID_BUF_TOO_SMALL
-#define POLARSSL_ERR_OID_NOT_FOUND MBEDTLS_ERR_OID_NOT_FOUND
-#define POLARSSL_ERR_PADLOCK_DATA_MISALIGNED MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED
-#define POLARSSL_ERR_PEM_BAD_INPUT_DATA MBEDTLS_ERR_PEM_BAD_INPUT_DATA
-#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_PEM_INVALID_DATA MBEDTLS_ERR_PEM_INVALID_DATA
-#define POLARSSL_ERR_PEM_INVALID_ENC_IV MBEDTLS_ERR_PEM_INVALID_ENC_IV
-#define POLARSSL_ERR_PEM_MALLOC_FAILED MBEDTLS_ERR_PEM_ALLOC_FAILED
-#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
-#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH MBEDTLS_ERR_PEM_PASSWORD_MISMATCH
-#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED MBEDTLS_ERR_PEM_PASSWORD_REQUIRED
-#define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG
-#define POLARSSL_ERR_PKCS12_BAD_INPUT_DATA MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA
-#define POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH
-#define POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT
-#define POLARSSL_ERR_PKCS5_BAD_INPUT_DATA MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA
-#define POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_PKCS5_INVALID_FORMAT MBEDTLS_ERR_PKCS5_INVALID_FORMAT
-#define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH
-#define POLARSSL_ERR_PK_BAD_INPUT_DATA MBEDTLS_ERR_PK_BAD_INPUT_DATA
-#define POLARSSL_ERR_PK_FEATURE_UNAVAILABLE MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_PK_FILE_IO_ERROR MBEDTLS_ERR_PK_FILE_IO_ERROR
-#define POLARSSL_ERR_PK_INVALID_ALG MBEDTLS_ERR_PK_INVALID_ALG
-#define POLARSSL_ERR_PK_INVALID_PUBKEY MBEDTLS_ERR_PK_INVALID_PUBKEY
-#define POLARSSL_ERR_PK_KEY_INVALID_FORMAT MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-#define POLARSSL_ERR_PK_KEY_INVALID_VERSION MBEDTLS_ERR_PK_KEY_INVALID_VERSION
-#define POLARSSL_ERR_PK_MALLOC_FAILED MBEDTLS_ERR_PK_ALLOC_FAILED
-#define POLARSSL_ERR_PK_PASSWORD_MISMATCH MBEDTLS_ERR_PK_PASSWORD_MISMATCH
-#define POLARSSL_ERR_PK_PASSWORD_REQUIRED MBEDTLS_ERR_PK_PASSWORD_REQUIRED
-#define POLARSSL_ERR_PK_SIG_LEN_MISMATCH MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
-#define POLARSSL_ERR_PK_TYPE_MISMATCH MBEDTLS_ERR_PK_TYPE_MISMATCH
-#define POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE
-#define POLARSSL_ERR_PK_UNKNOWN_PK_ALG MBEDTLS_ERR_PK_UNKNOWN_PK_ALG
-#define POLARSSL_ERR_RSA_BAD_INPUT_DATA MBEDTLS_ERR_RSA_BAD_INPUT_DATA
-#define POLARSSL_ERR_RSA_INVALID_PADDING MBEDTLS_ERR_RSA_INVALID_PADDING
-#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
-#define POLARSSL_ERR_RSA_KEY_GEN_FAILED MBEDTLS_ERR_RSA_KEY_GEN_FAILED
-#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
-#define POLARSSL_ERR_RSA_PRIVATE_FAILED MBEDTLS_ERR_RSA_PRIVATE_FAILED
-#define POLARSSL_ERR_RSA_PUBLIC_FAILED MBEDTLS_ERR_RSA_PUBLIC_FAILED
-#define POLARSSL_ERR_RSA_RNG_FAILED MBEDTLS_ERR_RSA_RNG_FAILED
-#define POLARSSL_ERR_RSA_VERIFY_FAILED MBEDTLS_ERR_RSA_VERIFY_FAILED
-#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE
-#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST
-#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY
-#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC
-#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO
-#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE
-#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS
-#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP
-#define POLARSSL_ERR_SSL_BAD_HS_FINISHED MBEDTLS_ERR_SSL_BAD_HS_FINISHED
-#define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET
-#define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION
-#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO
-#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE
-#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE
-#define POLARSSL_ERR_SSL_BAD_INPUT_DATA MBEDTLS_ERR_SSL_BAD_INPUT_DATA
-#define POLARSSL_ERR_SSL_BUFFER_TOO_SMALL MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL
-#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED
-#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED
-#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE
-#define POLARSSL_ERR_SSL_COMPRESSION_FAILED MBEDTLS_ERR_SSL_COMPRESSION_FAILED
-#define POLARSSL_ERR_SSL_CONN_EOF MBEDTLS_ERR_SSL_CONN_EOF
-#define POLARSSL_ERR_SSL_COUNTER_WRAPPING MBEDTLS_ERR_SSL_COUNTER_WRAPPING
-#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE
-#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
-#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
-#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH
-#define POLARSSL_ERR_SSL_INTERNAL_ERROR MBEDTLS_ERR_SSL_INTERNAL_ERROR
-#define POLARSSL_ERR_SSL_INVALID_MAC MBEDTLS_ERR_SSL_INVALID_MAC
-#define POLARSSL_ERR_SSL_INVALID_RECORD MBEDTLS_ERR_SSL_INVALID_RECORD
-#define POLARSSL_ERR_SSL_MALLOC_FAILED MBEDTLS_ERR_SSL_ALLOC_FAILED
-#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN
-#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE
-#define POLARSSL_ERR_SSL_NO_RNG MBEDTLS_ERR_SSL_NO_RNG
-#define POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE
-#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY
-#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED
-#define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH
-#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED
-#define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED
-#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE
-#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER MBEDTLS_ERR_SSL_UNKNOWN_CIPHER
-#define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY
-#define POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO
-#define POLARSSL_ERR_THREADING_BAD_INPUT_DATA MBEDTLS_ERR_THREADING_BAD_INPUT_DATA
-#define POLARSSL_ERR_THREADING_FEATURE_UNAVAILABLE MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_THREADING_MUTEX_ERROR MBEDTLS_ERR_THREADING_MUTEX_ERROR
-#define POLARSSL_ERR_X509_BAD_INPUT_DATA MBEDTLS_ERR_X509_BAD_INPUT_DATA
-#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT
-#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
-#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_X509_FILE_IO_ERROR MBEDTLS_ERR_X509_FILE_IO_ERROR
-#define POLARSSL_ERR_X509_INVALID_ALG MBEDTLS_ERR_X509_INVALID_ALG
-#define POLARSSL_ERR_X509_INVALID_DATE MBEDTLS_ERR_X509_INVALID_DATE
-#define POLARSSL_ERR_X509_INVALID_EXTENSIONS MBEDTLS_ERR_X509_INVALID_EXTENSIONS
-#define POLARSSL_ERR_X509_INVALID_FORMAT MBEDTLS_ERR_X509_INVALID_FORMAT
-#define POLARSSL_ERR_X509_INVALID_NAME MBEDTLS_ERR_X509_INVALID_NAME
-#define POLARSSL_ERR_X509_INVALID_SERIAL MBEDTLS_ERR_X509_INVALID_SERIAL
-#define POLARSSL_ERR_X509_INVALID_SIGNATURE MBEDTLS_ERR_X509_INVALID_SIGNATURE
-#define POLARSSL_ERR_X509_INVALID_VERSION MBEDTLS_ERR_X509_INVALID_VERSION
-#define POLARSSL_ERR_X509_MALLOC_FAILED MBEDTLS_ERR_X509_ALLOC_FAILED
-#define POLARSSL_ERR_X509_SIG_MISMATCH MBEDTLS_ERR_X509_SIG_MISMATCH
-#define POLARSSL_ERR_X509_UNKNOWN_OID MBEDTLS_ERR_X509_UNKNOWN_OID
-#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
-#define POLARSSL_ERR_X509_UNKNOWN_VERSION MBEDTLS_ERR_X509_UNKNOWN_VERSION
-#define POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH
-#define POLARSSL_GCM_H MBEDTLS_GCM_H
-#define POLARSSL_HAVEGE_H MBEDTLS_HAVEGE_H
-#define POLARSSL_HAVE_INT32 MBEDTLS_HAVE_INT32
-#define POLARSSL_HAVE_INT64 MBEDTLS_HAVE_INT64
-#define POLARSSL_HAVE_UDBL MBEDTLS_HAVE_UDBL
-#define POLARSSL_HAVE_X86 MBEDTLS_HAVE_X86
-#define POLARSSL_HAVE_X86_64 MBEDTLS_HAVE_X86_64
-#define POLARSSL_HMAC_DRBG_H MBEDTLS_HMAC_DRBG_H
-#define POLARSSL_HMAC_DRBG_PR_OFF MBEDTLS_HMAC_DRBG_PR_OFF
-#define POLARSSL_HMAC_DRBG_PR_ON MBEDTLS_HMAC_DRBG_PR_ON
-#define POLARSSL_KEY_EXCHANGE_DHE_PSK MBEDTLS_KEY_EXCHANGE_DHE_PSK
-#define POLARSSL_KEY_EXCHANGE_DHE_RSA MBEDTLS_KEY_EXCHANGE_DHE_RSA
-#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
-#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
-#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
-#define POLARSSL_KEY_EXCHANGE_ECDH_RSA MBEDTLS_KEY_EXCHANGE_ECDH_RSA
-#define POLARSSL_KEY_EXCHANGE_NONE MBEDTLS_KEY_EXCHANGE_NONE
-#define POLARSSL_KEY_EXCHANGE_PSK MBEDTLS_KEY_EXCHANGE_PSK
-#define POLARSSL_KEY_EXCHANGE_RSA MBEDTLS_KEY_EXCHANGE_RSA
-#define POLARSSL_KEY_EXCHANGE_RSA_PSK MBEDTLS_KEY_EXCHANGE_RSA_PSK
-#define POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
-#define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
-#define POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
-#define POLARSSL_KEY_LENGTH_DES MBEDTLS_KEY_LENGTH_DES
-#define POLARSSL_KEY_LENGTH_DES_EDE MBEDTLS_KEY_LENGTH_DES_EDE
-#define POLARSSL_KEY_LENGTH_DES_EDE3 MBEDTLS_KEY_LENGTH_DES_EDE3
-#define POLARSSL_KEY_LENGTH_NONE MBEDTLS_KEY_LENGTH_NONE
-#define POLARSSL_MAX_BLOCK_LENGTH MBEDTLS_MAX_BLOCK_LENGTH
-#define POLARSSL_MAX_IV_LENGTH MBEDTLS_MAX_IV_LENGTH
-#define POLARSSL_MD2_H MBEDTLS_MD2_H
-#define POLARSSL_MD4_H MBEDTLS_MD4_H
-#define POLARSSL_MD5_H MBEDTLS_MD5_H
-#define POLARSSL_MD_H MBEDTLS_MD_H
-#define POLARSSL_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE
-#define POLARSSL_MD_MD2 MBEDTLS_MD_MD2
-#define POLARSSL_MD_MD4 MBEDTLS_MD_MD4
-#define POLARSSL_MD_MD5 MBEDTLS_MD_MD5
-#define POLARSSL_MD_NONE MBEDTLS_MD_NONE
-#define POLARSSL_MD_RIPEMD160 MBEDTLS_MD_RIPEMD160
-#define POLARSSL_MD_SHA1 MBEDTLS_MD_SHA1
-#define POLARSSL_MD_SHA224 MBEDTLS_MD_SHA224
-#define POLARSSL_MD_SHA256 MBEDTLS_MD_SHA256
-#define POLARSSL_MD_SHA384 MBEDTLS_MD_SHA384
-#define POLARSSL_MD_SHA512 MBEDTLS_MD_SHA512
-#define POLARSSL_MD_WRAP_H MBEDTLS_MD_WRAP_H
-#define POLARSSL_MEMORY_BUFFER_ALLOC_H MBEDTLS_MEMORY_BUFFER_ALLOC_H
-#define POLARSSL_MODE_CBC MBEDTLS_MODE_CBC
-#define POLARSSL_MODE_CCM MBEDTLS_MODE_CCM
-#define POLARSSL_MODE_CFB MBEDTLS_MODE_CFB
-#define POLARSSL_MODE_CTR MBEDTLS_MODE_CTR
-#define POLARSSL_MODE_ECB MBEDTLS_MODE_ECB
-#define POLARSSL_MODE_GCM MBEDTLS_MODE_GCM
-#define POLARSSL_MODE_NONE MBEDTLS_MODE_NONE
-#define POLARSSL_MODE_OFB MBEDTLS_MODE_OFB
-#define POLARSSL_MODE_STREAM MBEDTLS_MODE_STREAM
-#define POLARSSL_MPI_MAX_BITS MBEDTLS_MPI_MAX_BITS
-#define POLARSSL_MPI_MAX_BITS_SCALE100 MBEDTLS_MPI_MAX_BITS_SCALE100
-#define POLARSSL_MPI_MAX_LIMBS MBEDTLS_MPI_MAX_LIMBS
-#define POLARSSL_MPI_RW_BUFFER_SIZE MBEDTLS_MPI_RW_BUFFER_SIZE
-#define POLARSSL_NET_H MBEDTLS_NET_SOCKETS_H
-#define POLARSSL_NET_LISTEN_BACKLOG MBEDTLS_NET_LISTEN_BACKLOG
-#define POLARSSL_OID_H MBEDTLS_OID_H
-#define POLARSSL_OPERATION_NONE MBEDTLS_OPERATION_NONE
-#define POLARSSL_PADDING_NONE MBEDTLS_PADDING_NONE
-#define POLARSSL_PADDING_ONE_AND_ZEROS MBEDTLS_PADDING_ONE_AND_ZEROS
-#define POLARSSL_PADDING_PKCS7 MBEDTLS_PADDING_PKCS7
-#define POLARSSL_PADDING_ZEROS MBEDTLS_PADDING_ZEROS
-#define POLARSSL_PADDING_ZEROS_AND_LEN MBEDTLS_PADDING_ZEROS_AND_LEN
-#define POLARSSL_PADLOCK_H MBEDTLS_PADLOCK_H
-#define POLARSSL_PEM_H MBEDTLS_PEM_H
-#define POLARSSL_PKCS11_H MBEDTLS_PKCS11_H
-#define POLARSSL_PKCS12_H MBEDTLS_PKCS12_H
-#define POLARSSL_PKCS5_H MBEDTLS_PKCS5_H
-#define POLARSSL_PK_DEBUG_ECP MBEDTLS_PK_DEBUG_ECP
-#define POLARSSL_PK_DEBUG_MAX_ITEMS MBEDTLS_PK_DEBUG_MAX_ITEMS
-#define POLARSSL_PK_DEBUG_MPI MBEDTLS_PK_DEBUG_MPI
-#define POLARSSL_PK_DEBUG_NONE MBEDTLS_PK_DEBUG_NONE
-#define POLARSSL_PK_ECDSA MBEDTLS_PK_ECDSA
-#define POLARSSL_PK_ECKEY MBEDTLS_PK_ECKEY
-#define POLARSSL_PK_ECKEY_DH MBEDTLS_PK_ECKEY_DH
-#define POLARSSL_PK_H MBEDTLS_PK_H
-#define POLARSSL_PK_NONE MBEDTLS_PK_NONE
-#define POLARSSL_PK_RSA MBEDTLS_PK_RSA
-#define POLARSSL_PK_RSASSA_PSS MBEDTLS_PK_RSASSA_PSS
-#define POLARSSL_PK_RSA_ALT MBEDTLS_PK_RSA_ALT
-#define POLARSSL_PK_WRAP_H MBEDTLS_PK_WRAP_H
-#define POLARSSL_PLATFORM_H MBEDTLS_PLATFORM_H
-#define POLARSSL_PREMASTER_SIZE MBEDTLS_PREMASTER_SIZE
-#define POLARSSL_RIPEMD160_H MBEDTLS_RIPEMD160_H
-#define POLARSSL_RSA_H MBEDTLS_RSA_H
-#define POLARSSL_SHA1_H MBEDTLS_SHA1_H
-#define POLARSSL_SHA256_H MBEDTLS_SHA256_H
-#define POLARSSL_SHA512_H MBEDTLS_SHA512_H
-#define POLARSSL_SSL_CACHE_H MBEDTLS_SSL_CACHE_H
-#define POLARSSL_SSL_CIPHERSUITES_H MBEDTLS_SSL_CIPHERSUITES_H
-#define POLARSSL_SSL_COOKIE_H MBEDTLS_SSL_COOKIE_H
-#define POLARSSL_SSL_H MBEDTLS_SSL_H
-#define POLARSSL_THREADING_H MBEDTLS_THREADING_H
-#define POLARSSL_THREADING_IMPL MBEDTLS_THREADING_IMPL
-#define POLARSSL_TIMING_H MBEDTLS_TIMING_H
-#define POLARSSL_VERSION_H MBEDTLS_VERSION_H
-#define POLARSSL_VERSION_MAJOR MBEDTLS_VERSION_MAJOR
-#define POLARSSL_VERSION_MINOR MBEDTLS_VERSION_MINOR
-#define POLARSSL_VERSION_NUMBER MBEDTLS_VERSION_NUMBER
-#define POLARSSL_VERSION_PATCH MBEDTLS_VERSION_PATCH
-#define POLARSSL_VERSION_STRING MBEDTLS_VERSION_STRING
-#define POLARSSL_VERSION_STRING_FULL MBEDTLS_VERSION_STRING_FULL
-#define POLARSSL_X509_CRL_H MBEDTLS_X509_CRL_H
-#define POLARSSL_X509_CRT_H MBEDTLS_X509_CRT_H
-#define POLARSSL_X509_CSR_H MBEDTLS_X509_CSR_H
-#define POLARSSL_X509_H MBEDTLS_X509_H
-#define POLARSSL_XTEA_H MBEDTLS_XTEA_H
-#define RSA_CRYPT MBEDTLS_RSA_CRYPT
-#define RSA_PKCS_V15 MBEDTLS_RSA_PKCS_V15
-#define RSA_PKCS_V21 MBEDTLS_RSA_PKCS_V21
-#define RSA_PRIVATE MBEDTLS_RSA_PRIVATE
-#define RSA_PUBLIC MBEDTLS_RSA_PUBLIC
-#define RSA_SALT_LEN_ANY MBEDTLS_RSA_SALT_LEN_ANY
-#define RSA_SIGN MBEDTLS_RSA_SIGN
-#define SSL_ALERT_LEVEL_FATAL MBEDTLS_SSL_ALERT_LEVEL_FATAL
-#define SSL_ALERT_LEVEL_WARNING MBEDTLS_SSL_ALERT_LEVEL_WARNING
-#define SSL_ALERT_MSG_ACCESS_DENIED MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED
-#define SSL_ALERT_MSG_BAD_CERT MBEDTLS_SSL_ALERT_MSG_BAD_CERT
-#define SSL_ALERT_MSG_BAD_RECORD_MAC MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC
-#define SSL_ALERT_MSG_CERT_EXPIRED MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED
-#define SSL_ALERT_MSG_CERT_REVOKED MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED
-#define SSL_ALERT_MSG_CERT_UNKNOWN MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN
-#define SSL_ALERT_MSG_CLOSE_NOTIFY MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY
-#define SSL_ALERT_MSG_DECODE_ERROR MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR
-#define SSL_ALERT_MSG_DECOMPRESSION_FAILURE MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE
-#define SSL_ALERT_MSG_DECRYPTION_FAILED MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED
-#define SSL_ALERT_MSG_DECRYPT_ERROR MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR
-#define SSL_ALERT_MSG_EXPORT_RESTRICTION MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION
-#define SSL_ALERT_MSG_HANDSHAKE_FAILURE MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE
-#define SSL_ALERT_MSG_ILLEGAL_PARAMETER MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER
-#define SSL_ALERT_MSG_INAPROPRIATE_FALLBACK MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK
-#define SSL_ALERT_MSG_INSUFFICIENT_SECURITY MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY
-#define SSL_ALERT_MSG_INTERNAL_ERROR MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR
-#define SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL
-#define SSL_ALERT_MSG_NO_CERT MBEDTLS_SSL_ALERT_MSG_NO_CERT
-#define SSL_ALERT_MSG_NO_RENEGOTIATION MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION
-#define SSL_ALERT_MSG_PROTOCOL_VERSION MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION
-#define SSL_ALERT_MSG_RECORD_OVERFLOW MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW
-#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE
-#define SSL_ALERT_MSG_UNKNOWN_CA MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA
-#define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY
-#define SSL_ALERT_MSG_UNRECOGNIZED_NAME MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME
-#define SSL_ALERT_MSG_UNSUPPORTED_CERT MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
-#define SSL_ALERT_MSG_UNSUPPORTED_EXT MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT
-#define SSL_ALERT_MSG_USER_CANCELED MBEDTLS_SSL_ALERT_MSG_USER_CANCELED
-#define SSL_ANTI_REPLAY_DISABLED MBEDTLS_SSL_ANTI_REPLAY_DISABLED
-#define SSL_ANTI_REPLAY_ENABLED MBEDTLS_SSL_ANTI_REPLAY_ENABLED
-#define SSL_ARC4_DISABLED MBEDTLS_SSL_ARC4_DISABLED
-#define SSL_ARC4_ENABLED MBEDTLS_SSL_ARC4_ENABLED
-#define SSL_BUFFER_LEN ( ( ( MBEDTLS_SSL_IN_BUFFER_LEN ) < ( MBEDTLS_SSL_OUT_BUFFER_LEN ) ) \
-                         ? ( MBEDTLS_SSL_IN_BUFFER_LEN ) : ( MBEDTLS_SSL_OUT_BUFFER_LEN ) )
-#define SSL_CACHE_DEFAULT_MAX_ENTRIES MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES
-#define SSL_CACHE_DEFAULT_TIMEOUT MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT
-#define SSL_CBC_RECORD_SPLITTING_DISABLED MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
-#define SSL_CBC_RECORD_SPLITTING_ENABLED MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
-#define SSL_CERTIFICATE_REQUEST MBEDTLS_SSL_CERTIFICATE_REQUEST
-#define SSL_CERTIFICATE_VERIFY MBEDTLS_SSL_CERTIFICATE_VERIFY
-#define SSL_CERT_TYPE_ECDSA_SIGN MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN
-#define SSL_CERT_TYPE_RSA_SIGN MBEDTLS_SSL_CERT_TYPE_RSA_SIGN
-#define SSL_CHANNEL_INBOUND MBEDTLS_SSL_CHANNEL_INBOUND
-#define SSL_CHANNEL_OUTBOUND MBEDTLS_SSL_CHANNEL_OUTBOUND
-#define SSL_CIPHERSUITES MBEDTLS_SSL_CIPHERSUITES
-#define SSL_CLIENT_CERTIFICATE MBEDTLS_SSL_CLIENT_CERTIFICATE
-#define SSL_CLIENT_CHANGE_CIPHER_SPEC MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC
-#define SSL_CLIENT_FINISHED MBEDTLS_SSL_CLIENT_FINISHED
-#define SSL_CLIENT_HELLO MBEDTLS_SSL_CLIENT_HELLO
-#define SSL_CLIENT_KEY_EXCHANGE MBEDTLS_SSL_CLIENT_KEY_EXCHANGE
-#define SSL_COMPRESSION_ADD MBEDTLS_SSL_COMPRESSION_ADD
-#define SSL_COMPRESS_DEFLATE MBEDTLS_SSL_COMPRESS_DEFLATE
-#define SSL_COMPRESS_NULL MBEDTLS_SSL_COMPRESS_NULL
-#define SSL_DEBUG_BUF MBEDTLS_SSL_DEBUG_BUF
-#define SSL_DEBUG_CRT MBEDTLS_SSL_DEBUG_CRT
-#define SSL_DEBUG_ECP MBEDTLS_SSL_DEBUG_ECP
-#define SSL_DEBUG_MPI MBEDTLS_SSL_DEBUG_MPI
-#define SSL_DEBUG_MSG MBEDTLS_SSL_DEBUG_MSG
-#define SSL_DEBUG_RET MBEDTLS_SSL_DEBUG_RET
-#define SSL_DEFAULT_TICKET_LIFETIME MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME
-#define SSL_DTLS_TIMEOUT_DFL_MAX MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX
-#define SSL_DTLS_TIMEOUT_DFL_MIN MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN
-#define SSL_EMPTY_RENEGOTIATION_INFO MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO
-#define SSL_ETM_DISABLED MBEDTLS_SSL_ETM_DISABLED
-#define SSL_ETM_ENABLED MBEDTLS_SSL_ETM_ENABLED
-#define SSL_EXTENDED_MS_DISABLED MBEDTLS_SSL_EXTENDED_MS_DISABLED
-#define SSL_EXTENDED_MS_ENABLED MBEDTLS_SSL_EXTENDED_MS_ENABLED
-#define SSL_FALLBACK_SCSV MBEDTLS_SSL_FALLBACK_SCSV
-#define SSL_FLUSH_BUFFERS MBEDTLS_SSL_FLUSH_BUFFERS
-#define SSL_HANDSHAKE_OVER MBEDTLS_SSL_HANDSHAKE_OVER
-#define SSL_HANDSHAKE_WRAPUP MBEDTLS_SSL_HANDSHAKE_WRAPUP
-#define SSL_HASH_MD5 MBEDTLS_SSL_HASH_MD5
-#define SSL_HASH_NONE MBEDTLS_SSL_HASH_NONE
-#define SSL_HASH_SHA1 MBEDTLS_SSL_HASH_SHA1
-#define SSL_HASH_SHA224 MBEDTLS_SSL_HASH_SHA224
-#define SSL_HASH_SHA256 MBEDTLS_SSL_HASH_SHA256
-#define SSL_HASH_SHA384 MBEDTLS_SSL_HASH_SHA384
-#define SSL_HASH_SHA512 MBEDTLS_SSL_HASH_SHA512
-#define SSL_HELLO_REQUEST MBEDTLS_SSL_HELLO_REQUEST
-#define SSL_HS_CERTIFICATE MBEDTLS_SSL_HS_CERTIFICATE
-#define SSL_HS_CERTIFICATE_REQUEST MBEDTLS_SSL_HS_CERTIFICATE_REQUEST
-#define SSL_HS_CERTIFICATE_VERIFY MBEDTLS_SSL_HS_CERTIFICATE_VERIFY
-#define SSL_HS_CLIENT_HELLO MBEDTLS_SSL_HS_CLIENT_HELLO
-#define SSL_HS_CLIENT_KEY_EXCHANGE MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE
-#define SSL_HS_FINISHED MBEDTLS_SSL_HS_FINISHED
-#define SSL_HS_HELLO_REQUEST MBEDTLS_SSL_HS_HELLO_REQUEST
-#define SSL_HS_HELLO_VERIFY_REQUEST MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST
-#define SSL_HS_NEW_SESSION_TICKET MBEDTLS_SSL_HS_NEW_SESSION_TICKET
-#define SSL_HS_SERVER_HELLO MBEDTLS_SSL_HS_SERVER_HELLO
-#define SSL_HS_SERVER_HELLO_DONE MBEDTLS_SSL_HS_SERVER_HELLO_DONE
-#define SSL_HS_SERVER_KEY_EXCHANGE MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE
-#define SSL_INITIAL_HANDSHAKE MBEDTLS_SSL_INITIAL_HANDSHAKE
-#define SSL_IS_CLIENT MBEDTLS_SSL_IS_CLIENT
-#define SSL_IS_FALLBACK MBEDTLS_SSL_IS_FALLBACK
-#define SSL_IS_NOT_FALLBACK MBEDTLS_SSL_IS_NOT_FALLBACK
-#define SSL_IS_SERVER MBEDTLS_SSL_IS_SERVER
-#define SSL_LEGACY_ALLOW_RENEGOTIATION MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
-#define SSL_LEGACY_BREAK_HANDSHAKE MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
-#define SSL_LEGACY_NO_RENEGOTIATION MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
-#define SSL_LEGACY_RENEGOTIATION MBEDTLS_SSL_LEGACY_RENEGOTIATION
-#define SSL_MAC_ADD MBEDTLS_SSL_MAC_ADD
-#define SSL_MAJOR_VERSION_3 MBEDTLS_SSL_MAJOR_VERSION_3
-#define SSL_MAX_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
-#define SSL_MAX_FRAG_LEN_1024 MBEDTLS_SSL_MAX_FRAG_LEN_1024
-#define SSL_MAX_FRAG_LEN_2048 MBEDTLS_SSL_MAX_FRAG_LEN_2048
-#define SSL_MAX_FRAG_LEN_4096 MBEDTLS_SSL_MAX_FRAG_LEN_4096
-#define SSL_MAX_FRAG_LEN_512 MBEDTLS_SSL_MAX_FRAG_LEN_512
-#define SSL_MAX_FRAG_LEN_INVALID MBEDTLS_SSL_MAX_FRAG_LEN_INVALID
-#define SSL_MAX_FRAG_LEN_NONE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
-#define SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAX_MAJOR_VERSION
-#define SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MAX_MINOR_VERSION
-#define SSL_MINOR_VERSION_0 MBEDTLS_SSL_MINOR_VERSION_0
-#define SSL_MINOR_VERSION_1 MBEDTLS_SSL_MINOR_VERSION_1
-#define SSL_MINOR_VERSION_2 MBEDTLS_SSL_MINOR_VERSION_2
-#define SSL_MINOR_VERSION_3 MBEDTLS_SSL_MINOR_VERSION_3
-#define SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MIN_MAJOR_VERSION
-#define SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MIN_MINOR_VERSION
-#define SSL_MSG_ALERT MBEDTLS_SSL_MSG_ALERT
-#define SSL_MSG_APPLICATION_DATA MBEDTLS_SSL_MSG_APPLICATION_DATA
-#define SSL_MSG_CHANGE_CIPHER_SPEC MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC
-#define SSL_MSG_HANDSHAKE MBEDTLS_SSL_MSG_HANDSHAKE
-#define SSL_PADDING_ADD MBEDTLS_SSL_PADDING_ADD
-#define SSL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION
-#define SSL_RENEGOTIATION_DISABLED MBEDTLS_SSL_RENEGOTIATION_DISABLED
-#define SSL_RENEGOTIATION_DONE MBEDTLS_SSL_RENEGOTIATION_DONE
-#define SSL_RENEGOTIATION_ENABLED MBEDTLS_SSL_RENEGOTIATION_ENABLED
-#define SSL_RENEGOTIATION_NOT_ENFORCED MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED
-#define SSL_RENEGOTIATION_PENDING MBEDTLS_SSL_RENEGOTIATION_PENDING
-#define SSL_RENEGO_MAX_RECORDS_DEFAULT MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT
-#define SSL_RETRANS_FINISHED MBEDTLS_SSL_RETRANS_FINISHED
-#define SSL_RETRANS_PREPARING MBEDTLS_SSL_RETRANS_PREPARING
-#define SSL_RETRANS_SENDING MBEDTLS_SSL_RETRANS_SENDING
-#define SSL_RETRANS_WAITING MBEDTLS_SSL_RETRANS_WAITING
-#define SSL_SECURE_RENEGOTIATION MBEDTLS_SSL_SECURE_RENEGOTIATION
-#define SSL_SERVER_CERTIFICATE MBEDTLS_SSL_SERVER_CERTIFICATE
-#define SSL_SERVER_CHANGE_CIPHER_SPEC MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC
-#define SSL_SERVER_FINISHED MBEDTLS_SSL_SERVER_FINISHED
-#define SSL_SERVER_HELLO MBEDTLS_SSL_SERVER_HELLO
-#define SSL_SERVER_HELLO_DONE MBEDTLS_SSL_SERVER_HELLO_DONE
-#define SSL_SERVER_HELLO_VERIFY_REQUEST_SENT MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT
-#define SSL_SERVER_KEY_EXCHANGE MBEDTLS_SSL_SERVER_KEY_EXCHANGE
-#define SSL_SERVER_NEW_SESSION_TICKET MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET
-#define SSL_SESSION_TICKETS_DISABLED MBEDTLS_SSL_SESSION_TICKETS_DISABLED
-#define SSL_SESSION_TICKETS_ENABLED MBEDTLS_SSL_SESSION_TICKETS_ENABLED
-#define SSL_SIG_ANON MBEDTLS_SSL_SIG_ANON
-#define SSL_SIG_ECDSA MBEDTLS_SSL_SIG_ECDSA
-#define SSL_SIG_RSA MBEDTLS_SSL_SIG_RSA
-#define SSL_TRANSPORT_DATAGRAM MBEDTLS_SSL_TRANSPORT_DATAGRAM
-#define SSL_TRANSPORT_STREAM MBEDTLS_SSL_TRANSPORT_STREAM
-#define SSL_TRUNCATED_HMAC_LEN MBEDTLS_SSL_TRUNCATED_HMAC_LEN
-#define SSL_TRUNC_HMAC_DISABLED MBEDTLS_SSL_TRUNC_HMAC_DISABLED
-#define SSL_TRUNC_HMAC_ENABLED MBEDTLS_SSL_TRUNC_HMAC_ENABLED
-#define SSL_VERIFY_DATA_MAX_LEN MBEDTLS_SSL_VERIFY_DATA_MAX_LEN
-#define SSL_VERIFY_NONE MBEDTLS_SSL_VERIFY_NONE
-#define SSL_VERIFY_OPTIONAL MBEDTLS_SSL_VERIFY_OPTIONAL
-#define SSL_VERIFY_REQUIRED MBEDTLS_SSL_VERIFY_REQUIRED
-#define TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
-#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
-#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
-#define TLS_DHE_PSK_WITH_AES_128_CCM MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM
-#define TLS_DHE_PSK_WITH_AES_128_CCM_8 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8
-#define TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
-#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
-#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
-#define TLS_DHE_PSK_WITH_AES_256_CCM MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM
-#define TLS_DHE_PSK_WITH_AES_256_CCM_8 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8
-#define TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
-#define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_DHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
-#define TLS_DHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
-#define TLS_DHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
-#define TLS_DHE_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
-#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
-#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
-#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
-#define TLS_DHE_RSA_WITH_AES_128_CCM MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM
-#define TLS_DHE_RSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8
-#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
-#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
-#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
-#define TLS_DHE_RSA_WITH_AES_256_CCM MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM
-#define TLS_DHE_RSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8
-#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
-#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
-#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
-#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
-#define TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_DHE_RSA_WITH_DES_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
-#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
-#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
-#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
-#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
-#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
-#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
-#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
-#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_ECDHE_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
-#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
-#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
-#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
-#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
-#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
-#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
-#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_ECDHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
-#define TLS_ECDHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
-#define TLS_ECDHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
-#define TLS_ECDHE_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
-#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
-#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
-#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_ECDHE_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
-#define TLS_ECDHE_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
-#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
-#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
-#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
-#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
-#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
-#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
-#define TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
-#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_ECDH_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
-#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
-#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
-#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
-#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
-#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
-#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
-#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
-#define TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
-#define TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_ECDH_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
-#define TLS_ECDH_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
-#define TLS_EXT_ALPN MBEDTLS_TLS_EXT_ALPN
-#define TLS_EXT_ENCRYPT_THEN_MAC MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC
-#define TLS_EXT_EXTENDED_MASTER_SECRET MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET
-#define TLS_EXT_MAX_FRAGMENT_LENGTH MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH
-#define TLS_EXT_RENEGOTIATION_INFO MBEDTLS_TLS_EXT_RENEGOTIATION_INFO
-#define TLS_EXT_SERVERNAME MBEDTLS_TLS_EXT_SERVERNAME
-#define TLS_EXT_SERVERNAME_HOSTNAME MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME
-#define TLS_EXT_SESSION_TICKET MBEDTLS_TLS_EXT_SESSION_TICKET
-#define TLS_EXT_SIG_ALG MBEDTLS_TLS_EXT_SIG_ALG
-#define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES
-#define TLS_EXT_SUPPORTED_POINT_FORMATS MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS
-#define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT
-#define TLS_EXT_TRUNCATED_HMAC MBEDTLS_TLS_EXT_TRUNCATED_HMAC
-#define TLS_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
-#define TLS_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
-#define TLS_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
-#define TLS_PSK_WITH_AES_128_CCM MBEDTLS_TLS_PSK_WITH_AES_128_CCM
-#define TLS_PSK_WITH_AES_128_CCM_8 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
-#define TLS_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
-#define TLS_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
-#define TLS_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
-#define TLS_PSK_WITH_AES_256_CCM MBEDTLS_TLS_PSK_WITH_AES_256_CCM
-#define TLS_PSK_WITH_AES_256_CCM_8 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8
-#define TLS_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
-#define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_PSK_WITH_NULL_SHA MBEDTLS_TLS_PSK_WITH_NULL_SHA
-#define TLS_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_PSK_WITH_NULL_SHA256
-#define TLS_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_PSK_WITH_NULL_SHA384
-#define TLS_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
-#define TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
-#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
-#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
-#define TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
-#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
-#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
-#define TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
-#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_RSA_PSK_WITH_NULL_SHA MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
-#define TLS_RSA_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
-#define TLS_RSA_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
-#define TLS_RSA_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
-#define TLS_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
-#define TLS_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
-#define TLS_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
-#define TLS_RSA_WITH_AES_128_CCM MBEDTLS_TLS_RSA_WITH_AES_128_CCM
-#define TLS_RSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8
-#define TLS_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
-#define TLS_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
-#define TLS_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
-#define TLS_RSA_WITH_AES_256_CCM MBEDTLS_TLS_RSA_WITH_AES_256_CCM
-#define TLS_RSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8
-#define TLS_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
-#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
-#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
-#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
-#define TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_RSA_WITH_DES_CBC_SHA MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
-#define TLS_RSA_WITH_NULL_MD5 MBEDTLS_TLS_RSA_WITH_NULL_MD5
-#define TLS_RSA_WITH_NULL_SHA MBEDTLS_TLS_RSA_WITH_NULL_SHA
-#define TLS_RSA_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_WITH_NULL_SHA256
-#define TLS_RSA_WITH_RC4_128_MD5 MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
-#define TLS_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
-#define X509_CRT_VERSION_1 MBEDTLS_X509_CRT_VERSION_1
-#define X509_CRT_VERSION_2 MBEDTLS_X509_CRT_VERSION_2
-#define X509_CRT_VERSION_3 MBEDTLS_X509_CRT_VERSION_3
-#define X509_FORMAT_DER MBEDTLS_X509_FORMAT_DER
-#define X509_FORMAT_PEM MBEDTLS_X509_FORMAT_PEM
-#define X509_MAX_DN_NAME_SIZE MBEDTLS_X509_MAX_DN_NAME_SIZE
-#define X509_RFC5280_MAX_SERIAL_LEN MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN
-#define X509_RFC5280_UTC_TIME_LEN MBEDTLS_X509_RFC5280_UTC_TIME_LEN
-#define XTEA_DECRYPT MBEDTLS_XTEA_DECRYPT
-#define XTEA_ENCRYPT MBEDTLS_XTEA_ENCRYPT
-#define _asn1_bitstring mbedtls_asn1_bitstring
-#define _asn1_buf mbedtls_asn1_buf
-#define _asn1_named_data mbedtls_asn1_named_data
-#define _asn1_sequence mbedtls_asn1_sequence
-#define _ssl_cache_context mbedtls_ssl_cache_context
-#define _ssl_cache_entry mbedtls_ssl_cache_entry
-#define _ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t
-#define _ssl_context mbedtls_ssl_context
-#define _ssl_flight_item mbedtls_ssl_flight_item
-#define _ssl_handshake_params mbedtls_ssl_handshake_params
-#define _ssl_key_cert mbedtls_ssl_key_cert
-#define _ssl_premaster_secret mbedtls_ssl_premaster_secret
-#define _ssl_session mbedtls_ssl_session
-#define _ssl_transform mbedtls_ssl_transform
-#define _x509_crl mbedtls_x509_crl
-#define _x509_crl_entry mbedtls_x509_crl_entry
-#define _x509_crt mbedtls_x509_crt
-#define _x509_csr mbedtls_x509_csr
-#define _x509_time mbedtls_x509_time
-#define _x509write_cert mbedtls_x509write_cert
-#define _x509write_csr mbedtls_x509write_csr
-#define aes_context mbedtls_aes_context
-#define aes_crypt_cbc mbedtls_aes_crypt_cbc
-#define aes_crypt_cfb128 mbedtls_aes_crypt_cfb128
-#define aes_crypt_cfb8 mbedtls_aes_crypt_cfb8
-#define aes_crypt_ctr mbedtls_aes_crypt_ctr
-#define aes_crypt_ecb mbedtls_aes_crypt_ecb
-#define aes_free mbedtls_aes_free
-#define aes_init mbedtls_aes_init
-#define aes_self_test mbedtls_aes_self_test
-#define aes_setkey_dec mbedtls_aes_setkey_dec
-#define aes_setkey_enc mbedtls_aes_setkey_enc
-#define aesni_crypt_ecb mbedtls_aesni_crypt_ecb
-#define aesni_gcm_mult mbedtls_aesni_gcm_mult
-#define aesni_inverse_key mbedtls_aesni_inverse_key
-#define aesni_setkey_enc mbedtls_aesni_setkey_enc
-#define aesni_supports mbedtls_aesni_has_support
-#define alarmed mbedtls_timing_alarmed
-#define arc4_context mbedtls_arc4_context
-#define arc4_crypt mbedtls_arc4_crypt
-#define arc4_free mbedtls_arc4_free
-#define arc4_init mbedtls_arc4_init
-#define arc4_self_test mbedtls_arc4_self_test
-#define arc4_setup mbedtls_arc4_setup
-#define asn1_bitstring mbedtls_asn1_bitstring
-#define asn1_buf mbedtls_asn1_buf
-#define asn1_find_named_data mbedtls_asn1_find_named_data
-#define asn1_free_named_data mbedtls_asn1_free_named_data
-#define asn1_free_named_data_list mbedtls_asn1_free_named_data_list
-#define asn1_get_alg mbedtls_asn1_get_alg
-#define asn1_get_alg_null mbedtls_asn1_get_alg_null
-#define asn1_get_bitstring mbedtls_asn1_get_bitstring
-#define asn1_get_bitstring_null mbedtls_asn1_get_bitstring_null
-#define asn1_get_bool mbedtls_asn1_get_bool
-#define asn1_get_int mbedtls_asn1_get_int
-#define asn1_get_len mbedtls_asn1_get_len
-#define asn1_get_mpi mbedtls_asn1_get_mpi
-#define asn1_get_sequence_of mbedtls_asn1_get_sequence_of
-#define asn1_get_tag mbedtls_asn1_get_tag
-#define asn1_named_data mbedtls_asn1_named_data
-#define asn1_sequence mbedtls_asn1_sequence
-#define asn1_store_named_data mbedtls_asn1_store_named_data
-#define asn1_write_algorithm_identifier mbedtls_asn1_write_algorithm_identifier
-#define asn1_write_bitstring mbedtls_asn1_write_bitstring
-#define asn1_write_bool mbedtls_asn1_write_bool
-#define asn1_write_ia5_string mbedtls_asn1_write_ia5_string
-#define asn1_write_int mbedtls_asn1_write_int
-#define asn1_write_len mbedtls_asn1_write_len
-#define asn1_write_mpi mbedtls_asn1_write_mpi
-#define asn1_write_null mbedtls_asn1_write_null
-#define asn1_write_octet_string mbedtls_asn1_write_octet_string
-#define asn1_write_oid mbedtls_asn1_write_oid
-#define asn1_write_printable_string mbedtls_asn1_write_printable_string
-#define asn1_write_raw_buffer mbedtls_asn1_write_raw_buffer
-#define asn1_write_tag mbedtls_asn1_write_tag
-#define base64_decode mbedtls_base64_decode
-#define base64_encode mbedtls_base64_encode
-#define base64_self_test mbedtls_base64_self_test
-#define blowfish_context mbedtls_blowfish_context
-#define blowfish_crypt_cbc mbedtls_blowfish_crypt_cbc
-#define blowfish_crypt_cfb64 mbedtls_blowfish_crypt_cfb64
-#define blowfish_crypt_ctr mbedtls_blowfish_crypt_ctr
-#define blowfish_crypt_ecb mbedtls_blowfish_crypt_ecb
-#define blowfish_free mbedtls_blowfish_free
-#define blowfish_init mbedtls_blowfish_init
-#define blowfish_setkey mbedtls_blowfish_setkey
-#define camellia_context mbedtls_camellia_context
-#define camellia_crypt_cbc mbedtls_camellia_crypt_cbc
-#define camellia_crypt_cfb128 mbedtls_camellia_crypt_cfb128
-#define camellia_crypt_ctr mbedtls_camellia_crypt_ctr
-#define camellia_crypt_ecb mbedtls_camellia_crypt_ecb
-#define camellia_free mbedtls_camellia_free
-#define camellia_init mbedtls_camellia_init
-#define camellia_self_test mbedtls_camellia_self_test
-#define camellia_setkey_dec mbedtls_camellia_setkey_dec
-#define camellia_setkey_enc mbedtls_camellia_setkey_enc
-#define ccm_auth_decrypt mbedtls_ccm_auth_decrypt
-#define ccm_context mbedtls_ccm_context
-#define ccm_encrypt_and_tag mbedtls_ccm_encrypt_and_tag
-#define ccm_free mbedtls_ccm_free
-#define ccm_init mbedtls_ccm_init
-#define ccm_self_test mbedtls_ccm_self_test
-#define cipher_auth_decrypt mbedtls_cipher_auth_decrypt
-#define cipher_auth_encrypt mbedtls_cipher_auth_encrypt
-#define cipher_base_t mbedtls_cipher_base_t
-#define cipher_check_tag mbedtls_cipher_check_tag
-#define cipher_context_t mbedtls_cipher_context_t
-#define cipher_crypt mbedtls_cipher_crypt
-#define cipher_definition_t mbedtls_cipher_definition_t
-#define cipher_definitions mbedtls_cipher_definitions
-#define cipher_finish mbedtls_cipher_finish
-#define cipher_free mbedtls_cipher_free
-#define cipher_get_block_size mbedtls_cipher_get_block_size
-#define cipher_get_cipher_mode mbedtls_cipher_get_cipher_mode
-#define cipher_get_iv_size mbedtls_cipher_get_iv_size
-#define cipher_get_key_size mbedtls_cipher_get_key_bitlen
-#define cipher_get_name mbedtls_cipher_get_name
-#define cipher_get_operation mbedtls_cipher_get_operation
-#define cipher_get_type mbedtls_cipher_get_type
-#define cipher_id_t mbedtls_cipher_id_t
-#define cipher_info_from_string mbedtls_cipher_info_from_string
-#define cipher_info_from_type mbedtls_cipher_info_from_type
-#define cipher_info_from_values mbedtls_cipher_info_from_values
-#define cipher_info_t mbedtls_cipher_info_t
-#define cipher_init mbedtls_cipher_init
-#define cipher_init_ctx mbedtls_cipher_setup
-#define cipher_list mbedtls_cipher_list
-#define cipher_mode_t mbedtls_cipher_mode_t
-#define cipher_padding_t mbedtls_cipher_padding_t
-#define cipher_reset mbedtls_cipher_reset
-#define cipher_set_iv mbedtls_cipher_set_iv
-#define cipher_set_padding_mode mbedtls_cipher_set_padding_mode
-#define cipher_setkey mbedtls_cipher_setkey
-#define cipher_type_t mbedtls_cipher_type_t
-#define cipher_update mbedtls_cipher_update
-#define cipher_update_ad mbedtls_cipher_update_ad
-#define cipher_write_tag mbedtls_cipher_write_tag
-#define ctr_drbg_context mbedtls_ctr_drbg_context
-#define ctr_drbg_free mbedtls_ctr_drbg_free
-#define ctr_drbg_init mbedtls_ctr_drbg_init
-#define ctr_drbg_random mbedtls_ctr_drbg_random
-#define ctr_drbg_random_with_add mbedtls_ctr_drbg_random_with_add
-#define ctr_drbg_reseed mbedtls_ctr_drbg_reseed
-#define ctr_drbg_self_test mbedtls_ctr_drbg_self_test
-#define ctr_drbg_set_entropy_len mbedtls_ctr_drbg_set_entropy_len
-#define ctr_drbg_set_prediction_resistance mbedtls_ctr_drbg_set_prediction_resistance
-#define ctr_drbg_set_reseed_interval mbedtls_ctr_drbg_set_reseed_interval
-#define ctr_drbg_update mbedtls_ctr_drbg_update
-#define ctr_drbg_update_seed_file mbedtls_ctr_drbg_update_seed_file
-#define ctr_drbg_write_seed_file mbedtls_ctr_drbg_write_seed_file
-#define debug_print_buf mbedtls_debug_print_buf
-#define debug_print_crt mbedtls_debug_print_crt
-#define debug_print_ecp mbedtls_debug_print_ecp
-#define debug_print_mpi mbedtls_debug_print_mpi
-#define debug_print_msg mbedtls_debug_print_msg
-#define debug_print_ret mbedtls_debug_print_ret
-#define debug_set_threshold mbedtls_debug_set_threshold
-#define des3_context mbedtls_des3_context
-#define des3_crypt_cbc mbedtls_des3_crypt_cbc
-#define des3_crypt_ecb mbedtls_des3_crypt_ecb
-#define des3_free mbedtls_des3_free
-#define des3_init mbedtls_des3_init
-#define des3_set2key_dec mbedtls_des3_set2key_dec
-#define des3_set2key_enc mbedtls_des3_set2key_enc
-#define des3_set3key_dec mbedtls_des3_set3key_dec
-#define des3_set3key_enc mbedtls_des3_set3key_enc
-#define des_context mbedtls_des_context
-#define des_crypt_cbc mbedtls_des_crypt_cbc
-#define des_crypt_ecb mbedtls_des_crypt_ecb
-#define des_free mbedtls_des_free
-#define des_init mbedtls_des_init
-#define des_key_check_key_parity mbedtls_des_key_check_key_parity
-#define des_key_check_weak mbedtls_des_key_check_weak
-#define des_key_set_parity mbedtls_des_key_set_parity
-#define des_self_test mbedtls_des_self_test
-#define des_setkey_dec mbedtls_des_setkey_dec
-#define des_setkey_enc mbedtls_des_setkey_enc
-#define dhm_calc_secret mbedtls_dhm_calc_secret
-#define dhm_context mbedtls_dhm_context
-#define dhm_free mbedtls_dhm_free
-#define dhm_init mbedtls_dhm_init
-#define dhm_make_params mbedtls_dhm_make_params
-#define dhm_make_public mbedtls_dhm_make_public
-#define dhm_parse_dhm mbedtls_dhm_parse_dhm
-#define dhm_parse_dhmfile mbedtls_dhm_parse_dhmfile
-#define dhm_read_params mbedtls_dhm_read_params
-#define dhm_read_public mbedtls_dhm_read_public
-#define dhm_self_test mbedtls_dhm_self_test
-#define ecdh_calc_secret mbedtls_ecdh_calc_secret
-#define ecdh_compute_shared mbedtls_ecdh_compute_shared
-#define ecdh_context mbedtls_ecdh_context
-#define ecdh_free mbedtls_ecdh_free
-#define ecdh_gen_public mbedtls_ecdh_gen_public
-#define ecdh_get_params mbedtls_ecdh_get_params
-#define ecdh_init mbedtls_ecdh_init
-#define ecdh_make_params mbedtls_ecdh_make_params
-#define ecdh_make_public mbedtls_ecdh_make_public
-#define ecdh_read_params mbedtls_ecdh_read_params
-#define ecdh_read_public mbedtls_ecdh_read_public
-#define ecdh_side mbedtls_ecdh_side
-#define ecdsa_context mbedtls_ecdsa_context
-#define ecdsa_free mbedtls_ecdsa_free
-#define ecdsa_from_keypair mbedtls_ecdsa_from_keypair
-#define ecdsa_genkey mbedtls_ecdsa_genkey
-#define ecdsa_info mbedtls_ecdsa_info
-#define ecdsa_init mbedtls_ecdsa_init
-#define ecdsa_read_signature mbedtls_ecdsa_read_signature
-#define ecdsa_sign mbedtls_ecdsa_sign
-#define ecdsa_sign_det mbedtls_ecdsa_sign_det
-#define ecdsa_verify mbedtls_ecdsa_verify
-#define ecdsa_write_signature mbedtls_ecdsa_write_signature
-#define ecdsa_write_signature_det mbedtls_ecdsa_write_signature_det
-#define eckey_info mbedtls_eckey_info
-#define eckeydh_info mbedtls_eckeydh_info
-#define ecp_check_privkey mbedtls_ecp_check_privkey
-#define ecp_check_pub_priv mbedtls_ecp_check_pub_priv
-#define ecp_check_pubkey mbedtls_ecp_check_pubkey
-#define ecp_copy mbedtls_ecp_copy
-#define ecp_curve_info mbedtls_ecp_curve_info
-#define ecp_curve_info_from_grp_id mbedtls_ecp_curve_info_from_grp_id
-#define ecp_curve_info_from_name mbedtls_ecp_curve_info_from_name
-#define ecp_curve_info_from_tls_id mbedtls_ecp_curve_info_from_tls_id
-#define ecp_curve_list mbedtls_ecp_curve_list
-#define ecp_gen_key mbedtls_ecp_gen_key
-#define ecp_gen_keypair mbedtls_ecp_gen_keypair
-#define ecp_group mbedtls_ecp_group
-#define ecp_group_copy mbedtls_ecp_group_copy
-#define ecp_group_free mbedtls_ecp_group_free
-#define ecp_group_id mbedtls_ecp_group_id
-#define ecp_group_init mbedtls_ecp_group_init
-#define ecp_grp_id_list mbedtls_ecp_grp_id_list
-#define ecp_is_zero mbedtls_ecp_is_zero
-#define ecp_keypair mbedtls_ecp_keypair
-#define ecp_keypair_free mbedtls_ecp_keypair_free
-#define ecp_keypair_init mbedtls_ecp_keypair_init
-#define ecp_mul mbedtls_ecp_mul
-#define ecp_point mbedtls_ecp_point
-#define ecp_point_free mbedtls_ecp_point_free
-#define ecp_point_init mbedtls_ecp_point_init
-#define ecp_point_read_binary mbedtls_ecp_point_read_binary
-#define ecp_point_read_string mbedtls_ecp_point_read_string
-#define ecp_point_write_binary mbedtls_ecp_point_write_binary
-#define ecp_self_test mbedtls_ecp_self_test
-#define ecp_set_zero mbedtls_ecp_set_zero
-#define ecp_tls_read_group mbedtls_ecp_tls_read_group
-#define ecp_tls_read_point mbedtls_ecp_tls_read_point
-#define ecp_tls_write_group mbedtls_ecp_tls_write_group
-#define ecp_tls_write_point mbedtls_ecp_tls_write_point
-#define ecp_use_known_dp mbedtls_ecp_group_load
-#define entropy_add_source mbedtls_entropy_add_source
-#define entropy_context mbedtls_entropy_context
-#define entropy_free mbedtls_entropy_free
-#define entropy_func mbedtls_entropy_func
-#define entropy_gather mbedtls_entropy_gather
-#define entropy_init mbedtls_entropy_init
-#define entropy_self_test mbedtls_entropy_self_test
-#define entropy_update_manual mbedtls_entropy_update_manual
-#define entropy_update_seed_file mbedtls_entropy_update_seed_file
-#define entropy_write_seed_file mbedtls_entropy_write_seed_file
-#define error_strerror mbedtls_strerror
-#define f_source_ptr mbedtls_entropy_f_source_ptr
-#define gcm_auth_decrypt mbedtls_gcm_auth_decrypt
-#define gcm_context mbedtls_gcm_context
-#define gcm_crypt_and_tag mbedtls_gcm_crypt_and_tag
-#define gcm_finish mbedtls_gcm_finish
-#define gcm_free mbedtls_gcm_free
-#define gcm_init mbedtls_gcm_init
-#define gcm_self_test mbedtls_gcm_self_test
-#define gcm_starts mbedtls_gcm_starts
-#define gcm_update mbedtls_gcm_update
-#define get_timer mbedtls_timing_get_timer
-#define hardclock mbedtls_timing_hardclock
-#define hardclock_poll mbedtls_hardclock_poll
-#define havege_free mbedtls_havege_free
-#define havege_init mbedtls_havege_init
-#define havege_poll mbedtls_havege_poll
-#define havege_random mbedtls_havege_random
-#define havege_state mbedtls_havege_state
-#define hmac_drbg_context mbedtls_hmac_drbg_context
-#define hmac_drbg_free mbedtls_hmac_drbg_free
-#define hmac_drbg_init mbedtls_hmac_drbg_init
-#define hmac_drbg_random mbedtls_hmac_drbg_random
-#define hmac_drbg_random_with_add mbedtls_hmac_drbg_random_with_add
-#define hmac_drbg_reseed mbedtls_hmac_drbg_reseed
-#define hmac_drbg_self_test mbedtls_hmac_drbg_self_test
-#define hmac_drbg_set_entropy_len mbedtls_hmac_drbg_set_entropy_len
-#define hmac_drbg_set_prediction_resistance mbedtls_hmac_drbg_set_prediction_resistance
-#define hmac_drbg_set_reseed_interval mbedtls_hmac_drbg_set_reseed_interval
-#define hmac_drbg_update mbedtls_hmac_drbg_update
-#define hmac_drbg_update_seed_file mbedtls_hmac_drbg_update_seed_file
-#define hmac_drbg_write_seed_file mbedtls_hmac_drbg_write_seed_file
-#define hr_time mbedtls_timing_hr_time
-#define key_exchange_type_t mbedtls_key_exchange_type_t
-#define md mbedtls_md
-#define md2 mbedtls_md2
-#define md2_context mbedtls_md2_context
-#define md2_finish mbedtls_md2_finish
-#define md2_free mbedtls_md2_free
-#define md2_info mbedtls_md2_info
-#define md2_init mbedtls_md2_init
-#define md2_process mbedtls_md2_process
-#define md2_self_test mbedtls_md2_self_test
-#define md2_starts mbedtls_md2_starts
-#define md2_update mbedtls_md2_update
-#define md4 mbedtls_md4
-#define md4_context mbedtls_md4_context
-#define md4_finish mbedtls_md4_finish
-#define md4_free mbedtls_md4_free
-#define md4_info mbedtls_md4_info
-#define md4_init mbedtls_md4_init
-#define md4_process mbedtls_md4_process
-#define md4_self_test mbedtls_md4_self_test
-#define md4_starts mbedtls_md4_starts
-#define md4_update mbedtls_md4_update
-#define md5 mbedtls_md5
-#define md5_context mbedtls_md5_context
-#define md5_finish mbedtls_md5_finish
-#define md5_free mbedtls_md5_free
-#define md5_info mbedtls_md5_info
-#define md5_init mbedtls_md5_init
-#define md5_process mbedtls_md5_process
-#define md5_self_test mbedtls_md5_self_test
-#define md5_starts mbedtls_md5_starts
-#define md5_update mbedtls_md5_update
-#define md_context_t mbedtls_md_context_t
-#define md_file mbedtls_md_file
-#define md_finish mbedtls_md_finish
-#define md_free mbedtls_md_free
-#define md_get_name mbedtls_md_get_name
-#define md_get_size mbedtls_md_get_size
-#define md_get_type mbedtls_md_get_type
-#define md_hmac mbedtls_md_hmac
-#define md_hmac_finish mbedtls_md_hmac_finish
-#define md_hmac_reset mbedtls_md_hmac_reset
-#define md_hmac_starts mbedtls_md_hmac_starts
-#define md_hmac_update mbedtls_md_hmac_update
-#define md_info_from_string mbedtls_md_info_from_string
-#define md_info_from_type mbedtls_md_info_from_type
-#define md_info_t mbedtls_md_info_t
-#define md_init mbedtls_md_init
-#define md_init_ctx mbedtls_md_init_ctx
-#define md_list mbedtls_md_list
-#define md_process mbedtls_md_process
-#define md_starts mbedtls_md_starts
-#define md_type_t mbedtls_md_type_t
-#define md_update mbedtls_md_update
-#define memory_buffer_alloc_cur_get mbedtls_memory_buffer_alloc_cur_get
-#define memory_buffer_alloc_free mbedtls_memory_buffer_alloc_free
-#define memory_buffer_alloc_init mbedtls_memory_buffer_alloc_init
-#define memory_buffer_alloc_max_get mbedtls_memory_buffer_alloc_max_get
-#define memory_buffer_alloc_max_reset mbedtls_memory_buffer_alloc_max_reset
-#define memory_buffer_alloc_self_test mbedtls_memory_buffer_alloc_self_test
-#define memory_buffer_alloc_status mbedtls_memory_buffer_alloc_status
-#define memory_buffer_alloc_verify mbedtls_memory_buffer_alloc_verify
-#define memory_buffer_set_verify mbedtls_memory_buffer_set_verify
-#define mpi mbedtls_mpi
-#define mpi_add_abs mbedtls_mpi_add_abs
-#define mpi_add_int mbedtls_mpi_add_int
-#define mpi_add_mpi mbedtls_mpi_add_mpi
-#define mpi_cmp_abs mbedtls_mpi_cmp_abs
-#define mpi_cmp_int mbedtls_mpi_cmp_int
-#define mpi_cmp_mpi mbedtls_mpi_cmp_mpi
-#define mpi_copy mbedtls_mpi_copy
-#define mpi_div_int mbedtls_mpi_div_int
-#define mpi_div_mpi mbedtls_mpi_div_mpi
-#define mpi_exp_mod mbedtls_mpi_exp_mod
-#define mpi_fill_random mbedtls_mpi_fill_random
-#define mpi_free mbedtls_mpi_free
-#define mpi_gcd mbedtls_mpi_gcd
-#define mpi_gen_prime mbedtls_mpi_gen_prime
-#define mpi_get_bit mbedtls_mpi_get_bit
-#define mpi_grow mbedtls_mpi_grow
-#define mpi_init mbedtls_mpi_init
-#define mpi_inv_mod mbedtls_mpi_inv_mod
-#define mpi_is_prime mbedtls_mpi_is_prime
-#define mpi_lsb mbedtls_mpi_lsb
-#define mpi_lset mbedtls_mpi_lset
-#define mpi_mod_int mbedtls_mpi_mod_int
-#define mpi_mod_mpi mbedtls_mpi_mod_mpi
-#define mpi_msb mbedtls_mpi_bitlen
-#define mpi_mul_int mbedtls_mpi_mul_int
-#define mpi_mul_mpi mbedtls_mpi_mul_mpi
-#define mpi_read_binary mbedtls_mpi_read_binary
-#define mpi_read_file mbedtls_mpi_read_file
-#define mpi_read_string mbedtls_mpi_read_string
-#define mpi_safe_cond_assign mbedtls_mpi_safe_cond_assign
-#define mpi_safe_cond_swap mbedtls_mpi_safe_cond_swap
-#define mpi_self_test mbedtls_mpi_self_test
-#define mpi_set_bit mbedtls_mpi_set_bit
-#define mpi_shift_l mbedtls_mpi_shift_l
-#define mpi_shift_r mbedtls_mpi_shift_r
-#define mpi_shrink mbedtls_mpi_shrink
-#define mpi_size mbedtls_mpi_size
-#define mpi_sub_abs mbedtls_mpi_sub_abs
-#define mpi_sub_int mbedtls_mpi_sub_int
-#define mpi_sub_mpi mbedtls_mpi_sub_mpi
-#define mpi_swap mbedtls_mpi_swap
-#define mpi_write_binary mbedtls_mpi_write_binary
-#define mpi_write_file mbedtls_mpi_write_file
-#define mpi_write_string mbedtls_mpi_write_string
-#define net_accept mbedtls_net_accept
-#define net_bind mbedtls_net_bind
-#define net_close mbedtls_net_free
-#define net_connect mbedtls_net_connect
-#define net_recv mbedtls_net_recv
-#define net_recv_timeout mbedtls_net_recv_timeout
-#define net_send mbedtls_net_send
-#define net_set_block mbedtls_net_set_block
-#define net_set_nonblock mbedtls_net_set_nonblock
-#define net_usleep mbedtls_net_usleep
-#define oid_descriptor_t mbedtls_oid_descriptor_t
-#define oid_get_attr_short_name mbedtls_oid_get_attr_short_name
-#define oid_get_cipher_alg mbedtls_oid_get_cipher_alg
-#define oid_get_ec_grp mbedtls_oid_get_ec_grp
-#define oid_get_extended_key_usage mbedtls_oid_get_extended_key_usage
-#define oid_get_md_alg mbedtls_oid_get_md_alg
-#define oid_get_numeric_string mbedtls_oid_get_numeric_string
-#define oid_get_oid_by_ec_grp mbedtls_oid_get_oid_by_ec_grp
-#define oid_get_oid_by_md mbedtls_oid_get_oid_by_md
-#define oid_get_oid_by_pk_alg mbedtls_oid_get_oid_by_pk_alg
-#define oid_get_oid_by_sig_alg mbedtls_oid_get_oid_by_sig_alg
-#define oid_get_pk_alg mbedtls_oid_get_pk_alg
-#define oid_get_pkcs12_pbe_alg mbedtls_oid_get_pkcs12_pbe_alg
-#define oid_get_sig_alg mbedtls_oid_get_sig_alg
-#define oid_get_sig_alg_desc mbedtls_oid_get_sig_alg_desc
-#define oid_get_x509_ext_type mbedtls_oid_get_x509_ext_type
-#define operation_t mbedtls_operation_t
-#define padlock_supports mbedtls_padlock_has_support
-#define padlock_xcryptcbc mbedtls_padlock_xcryptcbc
-#define padlock_xcryptecb mbedtls_padlock_xcryptecb
-#define pem_context mbedtls_pem_context
-#define pem_free mbedtls_pem_free
-#define pem_init mbedtls_pem_init
-#define pem_read_buffer mbedtls_pem_read_buffer
-#define pem_write_buffer mbedtls_pem_write_buffer
-#define pk_can_do mbedtls_pk_can_do
-#define pk_check_pair mbedtls_pk_check_pair
-#define pk_context mbedtls_pk_context
-#define pk_debug mbedtls_pk_debug
-#define pk_debug_item mbedtls_pk_debug_item
-#define pk_debug_type mbedtls_pk_debug_type
-#define pk_decrypt mbedtls_pk_decrypt
-#define pk_ec mbedtls_pk_ec
-#define pk_encrypt mbedtls_pk_encrypt
-#define pk_free mbedtls_pk_free
-#define pk_get_len mbedtls_pk_get_len
-#define pk_get_name mbedtls_pk_get_name
-#define pk_get_size mbedtls_pk_get_bitlen
-#define pk_get_type mbedtls_pk_get_type
-#define pk_info_from_type mbedtls_pk_info_from_type
-#define pk_info_t mbedtls_pk_info_t
-#define pk_init mbedtls_pk_init
-#define pk_init_ctx mbedtls_pk_setup
-#define pk_init_ctx_rsa_alt mbedtls_pk_setup_rsa_alt
-#define pk_load_file mbedtls_pk_load_file
-#define pk_parse_key mbedtls_pk_parse_key
-#define pk_parse_keyfile mbedtls_pk_parse_keyfile
-#define pk_parse_public_key mbedtls_pk_parse_public_key
-#define pk_parse_public_keyfile mbedtls_pk_parse_public_keyfile
-#define pk_parse_subpubkey mbedtls_pk_parse_subpubkey
-#define pk_rsa mbedtls_pk_rsa
-#define pk_rsa_alt_decrypt_func mbedtls_pk_rsa_alt_decrypt_func
-#define pk_rsa_alt_key_len_func mbedtls_pk_rsa_alt_key_len_func
-#define pk_rsa_alt_sign_func mbedtls_pk_rsa_alt_sign_func
-#define pk_rsassa_pss_options mbedtls_pk_rsassa_pss_options
-#define pk_sign mbedtls_pk_sign
-#define pk_type_t mbedtls_pk_type_t
-#define pk_verify mbedtls_pk_verify
-#define pk_verify_ext mbedtls_pk_verify_ext
-#define pk_write_key_der mbedtls_pk_write_key_der
-#define pk_write_key_pem mbedtls_pk_write_key_pem
-#define pk_write_pubkey mbedtls_pk_write_pubkey
-#define pk_write_pubkey_der mbedtls_pk_write_pubkey_der
-#define pk_write_pubkey_pem mbedtls_pk_write_pubkey_pem
-#define pkcs11_context mbedtls_pkcs11_context
-#define pkcs11_decrypt mbedtls_pkcs11_decrypt
-#define pkcs11_priv_key_free mbedtls_pkcs11_priv_key_free
-#define pkcs11_priv_key_init mbedtls_pkcs11_priv_key_bind
-#define pkcs11_sign mbedtls_pkcs11_sign
-#define pkcs11_x509_cert_init mbedtls_pkcs11_x509_cert_bind
-#define pkcs12_derivation mbedtls_pkcs12_derivation
-#define pkcs12_pbe mbedtls_pkcs12_pbe
-#define pkcs12_pbe_sha1_rc4_128 mbedtls_pkcs12_pbe_sha1_rc4_128
-#define pkcs5_pbes2 mbedtls_pkcs5_pbes2
-#define pkcs5_pbkdf2_hmac mbedtls_pkcs5_pbkdf2_hmac
-#define pkcs5_self_test mbedtls_pkcs5_self_test
-#define platform_entropy_poll mbedtls_platform_entropy_poll
-#define platform_set_exit mbedtls_platform_set_exit
-#define platform_set_fprintf mbedtls_platform_set_fprintf
-#define platform_set_printf mbedtls_platform_set_printf
-#define platform_set_snprintf mbedtls_platform_set_snprintf
-#define polarssl_exit mbedtls_exit
-#define polarssl_fprintf mbedtls_fprintf
-#define polarssl_free mbedtls_free
-#define polarssl_mutex_free mbedtls_mutex_free
-#define polarssl_mutex_init mbedtls_mutex_init
-#define polarssl_mutex_lock mbedtls_mutex_lock
-#define polarssl_mutex_unlock mbedtls_mutex_unlock
-#define polarssl_printf mbedtls_printf
-#define polarssl_snprintf mbedtls_snprintf
-#define polarssl_strerror mbedtls_strerror
-#define ripemd160 mbedtls_ripemd160
-#define ripemd160_context mbedtls_ripemd160_context
-#define ripemd160_finish mbedtls_ripemd160_finish
-#define ripemd160_free mbedtls_ripemd160_free
-#define ripemd160_info mbedtls_ripemd160_info
-#define ripemd160_init mbedtls_ripemd160_init
-#define ripemd160_process mbedtls_ripemd160_process
-#define ripemd160_self_test mbedtls_ripemd160_self_test
-#define ripemd160_starts mbedtls_ripemd160_starts
-#define ripemd160_update mbedtls_ripemd160_update
-#define rsa_alt_context mbedtls_rsa_alt_context
-#define rsa_alt_info mbedtls_rsa_alt_info
-#define rsa_check_privkey mbedtls_rsa_check_privkey
-#define rsa_check_pub_priv mbedtls_rsa_check_pub_priv
-#define rsa_check_pubkey mbedtls_rsa_check_pubkey
-#define rsa_context mbedtls_rsa_context
-#define rsa_copy mbedtls_rsa_copy
-#define rsa_free mbedtls_rsa_free
-#define rsa_gen_key mbedtls_rsa_gen_key
-#define rsa_info mbedtls_rsa_info
-#define rsa_init mbedtls_rsa_init
-#define rsa_pkcs1_decrypt mbedtls_rsa_pkcs1_decrypt
-#define rsa_pkcs1_encrypt mbedtls_rsa_pkcs1_encrypt
-#define rsa_pkcs1_sign mbedtls_rsa_pkcs1_sign
-#define rsa_pkcs1_verify mbedtls_rsa_pkcs1_verify
-#define rsa_private mbedtls_rsa_private
-#define rsa_public mbedtls_rsa_public
-#define rsa_rsaes_oaep_decrypt mbedtls_rsa_rsaes_oaep_decrypt
-#define rsa_rsaes_oaep_encrypt mbedtls_rsa_rsaes_oaep_encrypt
-#define rsa_rsaes_pkcs1_v15_decrypt mbedtls_rsa_rsaes_pkcs1_v15_decrypt
-#define rsa_rsaes_pkcs1_v15_encrypt mbedtls_rsa_rsaes_pkcs1_v15_encrypt
-#define rsa_rsassa_pkcs1_v15_sign mbedtls_rsa_rsassa_pkcs1_v15_sign
-#define rsa_rsassa_pkcs1_v15_verify mbedtls_rsa_rsassa_pkcs1_v15_verify
-#define rsa_rsassa_pss_sign mbedtls_rsa_rsassa_pss_sign
-#define rsa_rsassa_pss_verify mbedtls_rsa_rsassa_pss_verify
-#define rsa_rsassa_pss_verify_ext mbedtls_rsa_rsassa_pss_verify_ext
-#define rsa_self_test mbedtls_rsa_self_test
-#define rsa_set_padding mbedtls_rsa_set_padding
-#define safer_memcmp mbedtls_ssl_safer_memcmp
-#define set_alarm mbedtls_set_alarm
-#define sha1 mbedtls_sha1
-#define sha1_context mbedtls_sha1_context
-#define sha1_finish mbedtls_sha1_finish
-#define sha1_free mbedtls_sha1_free
-#define sha1_info mbedtls_sha1_info
-#define sha1_init mbedtls_sha1_init
-#define sha1_process mbedtls_sha1_process
-#define sha1_self_test mbedtls_sha1_self_test
-#define sha1_starts mbedtls_sha1_starts
-#define sha1_update mbedtls_sha1_update
-#define sha224_info mbedtls_sha224_info
-#define sha256 mbedtls_sha256
-#define sha256_context mbedtls_sha256_context
-#define sha256_finish mbedtls_sha256_finish
-#define sha256_free mbedtls_sha256_free
-#define sha256_info mbedtls_sha256_info
-#define sha256_init mbedtls_sha256_init
-#define sha256_process mbedtls_sha256_process
-#define sha256_self_test mbedtls_sha256_self_test
-#define sha256_starts mbedtls_sha256_starts
-#define sha256_update mbedtls_sha256_update
-#define sha384_info mbedtls_sha384_info
-#define sha512 mbedtls_sha512
-#define sha512_context mbedtls_sha512_context
-#define sha512_finish mbedtls_sha512_finish
-#define sha512_free mbedtls_sha512_free
-#define sha512_info mbedtls_sha512_info
-#define sha512_init mbedtls_sha512_init
-#define sha512_process mbedtls_sha512_process
-#define sha512_self_test mbedtls_sha512_self_test
-#define sha512_starts mbedtls_sha512_starts
-#define sha512_update mbedtls_sha512_update
-#define source_state mbedtls_entropy_source_state
-#define ssl_cache_context mbedtls_ssl_cache_context
-#define ssl_cache_entry mbedtls_ssl_cache_entry
-#define ssl_cache_free mbedtls_ssl_cache_free
-#define ssl_cache_get mbedtls_ssl_cache_get
-#define ssl_cache_init mbedtls_ssl_cache_init
-#define ssl_cache_set mbedtls_ssl_cache_set
-#define ssl_cache_set_max_entries mbedtls_ssl_cache_set_max_entries
-#define ssl_cache_set_timeout mbedtls_ssl_cache_set_timeout
-#define ssl_check_cert_usage mbedtls_ssl_check_cert_usage
-#define ssl_ciphersuite_from_id mbedtls_ssl_ciphersuite_from_id
-#define ssl_ciphersuite_from_string mbedtls_ssl_ciphersuite_from_string
-#define ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t
-#define ssl_ciphersuite_uses_ec mbedtls_ssl_ciphersuite_uses_ec
-#define ssl_ciphersuite_uses_psk mbedtls_ssl_ciphersuite_uses_psk
-#define ssl_close_notify mbedtls_ssl_close_notify
-#define ssl_context mbedtls_ssl_context
-#define ssl_cookie_check mbedtls_ssl_cookie_check
-#define ssl_cookie_check_t mbedtls_ssl_cookie_check_t
-#define ssl_cookie_ctx mbedtls_ssl_cookie_ctx
-#define ssl_cookie_free mbedtls_ssl_cookie_free
-#define ssl_cookie_init mbedtls_ssl_cookie_init
-#define ssl_cookie_set_timeout mbedtls_ssl_cookie_set_timeout
-#define ssl_cookie_setup mbedtls_ssl_cookie_setup
-#define ssl_cookie_write mbedtls_ssl_cookie_write
-#define ssl_cookie_write_t mbedtls_ssl_cookie_write_t
-#define ssl_derive_keys mbedtls_ssl_derive_keys
-#define ssl_dtls_replay_check mbedtls_ssl_dtls_replay_check
-#define ssl_dtls_replay_update mbedtls_ssl_dtls_replay_update
-#define ssl_fetch_input mbedtls_ssl_fetch_input
-#define ssl_flight_item mbedtls_ssl_flight_item
-#define ssl_flush_output mbedtls_ssl_flush_output
-#define ssl_free mbedtls_ssl_free
-#define ssl_get_alpn_protocol mbedtls_ssl_get_alpn_protocol
-#define ssl_get_bytes_avail mbedtls_ssl_get_bytes_avail
-#define ssl_get_ciphersuite mbedtls_ssl_get_ciphersuite
-#define ssl_get_ciphersuite_id mbedtls_ssl_get_ciphersuite_id
-#define ssl_get_ciphersuite_name mbedtls_ssl_get_ciphersuite_name
-#define ssl_get_ciphersuite_sig_pk_alg mbedtls_ssl_get_ciphersuite_sig_pk_alg
-#define ssl_get_peer_cert mbedtls_ssl_get_peer_cert
-#define ssl_get_record_expansion mbedtls_ssl_get_record_expansion
-#define ssl_get_session mbedtls_ssl_get_session
-#define ssl_get_verify_result mbedtls_ssl_get_verify_result
-#define ssl_get_version mbedtls_ssl_get_version
-#define ssl_handshake mbedtls_ssl_handshake
-#define ssl_handshake_client_step mbedtls_ssl_handshake_client_step
-#define ssl_handshake_free mbedtls_ssl_handshake_free
-#define ssl_handshake_params mbedtls_ssl_handshake_params
-#define ssl_handshake_server_step mbedtls_ssl_handshake_server_step
-#define ssl_handshake_step mbedtls_ssl_handshake_step
-#define ssl_handshake_wrapup mbedtls_ssl_handshake_wrapup
-#define ssl_hdr_len mbedtls_ssl_hdr_len
-#define ssl_hs_hdr_len mbedtls_ssl_hs_hdr_len
-#define ssl_hw_record_activate mbedtls_ssl_hw_record_activate
-#define ssl_hw_record_finish mbedtls_ssl_hw_record_finish
-#define ssl_hw_record_init mbedtls_ssl_hw_record_init
-#define ssl_hw_record_read mbedtls_ssl_hw_record_read
-#define ssl_hw_record_reset mbedtls_ssl_hw_record_reset
-#define ssl_hw_record_write mbedtls_ssl_hw_record_write
-#define ssl_init mbedtls_ssl_init
-#define ssl_key_cert mbedtls_ssl_key_cert
-#define ssl_legacy_renegotiation mbedtls_ssl_conf_legacy_renegotiation
-#define ssl_list_ciphersuites mbedtls_ssl_list_ciphersuites
-#define ssl_md_alg_from_hash mbedtls_ssl_md_alg_from_hash
-#define ssl_optimize_checksum mbedtls_ssl_optimize_checksum
-#define ssl_own_cert mbedtls_ssl_own_cert
-#define ssl_own_key mbedtls_ssl_own_key
-#define ssl_parse_certificate mbedtls_ssl_parse_certificate
-#define ssl_parse_change_cipher_spec mbedtls_ssl_parse_change_cipher_spec
-#define ssl_parse_finished mbedtls_ssl_parse_finished
-#define ssl_pk_alg_from_sig mbedtls_ssl_pk_alg_from_sig
-#define ssl_pkcs11_decrypt mbedtls_ssl_pkcs11_decrypt
-#define ssl_pkcs11_key_len mbedtls_ssl_pkcs11_key_len
-#define ssl_pkcs11_sign mbedtls_ssl_pkcs11_sign
-#define ssl_psk_derive_premaster mbedtls_ssl_psk_derive_premaster
-#define ssl_read mbedtls_ssl_read
-#define ssl_read_record mbedtls_ssl_read_record
-#define ssl_read_version mbedtls_ssl_read_version
-#define ssl_recv_flight_completed mbedtls_ssl_recv_flight_completed
-#define ssl_renegotiate mbedtls_ssl_renegotiate
-#define ssl_resend mbedtls_ssl_resend
-#define ssl_reset_checksum mbedtls_ssl_reset_checksum
-#define ssl_send_alert_message mbedtls_ssl_send_alert_message
-#define ssl_send_fatal_handshake_failure mbedtls_ssl_send_fatal_handshake_failure
-#define ssl_send_flight_completed mbedtls_ssl_send_flight_completed
-#define ssl_session mbedtls_ssl_session
-#define ssl_session_free mbedtls_ssl_session_free
-#define ssl_session_init mbedtls_ssl_session_init
-#define ssl_session_reset mbedtls_ssl_session_reset
-#define ssl_set_alpn_protocols mbedtls_ssl_conf_alpn_protocols
-#define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
-#define ssl_set_authmode mbedtls_ssl_conf_authmode
-#define ssl_set_bio mbedtls_ssl_set_bio
-#define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
-#define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
-#define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites
-#define ssl_set_ciphersuites_for_version mbedtls_ssl_conf_ciphersuites_for_version
-#define ssl_set_client_transport_id mbedtls_ssl_set_client_transport_id
-#define ssl_set_curves mbedtls_ssl_conf_curves
-#define ssl_set_dbg mbedtls_ssl_conf_dbg
-#define ssl_set_dh_param mbedtls_ssl_conf_dh_param
-#define ssl_set_dh_param_ctx mbedtls_ssl_conf_dh_param_ctx
-#define ssl_set_dtls_anti_replay mbedtls_ssl_conf_dtls_anti_replay
-#define ssl_set_dtls_badmac_limit mbedtls_ssl_conf_dtls_badmac_limit
-#define ssl_set_dtls_cookies mbedtls_ssl_conf_dtls_cookies
-#define ssl_set_encrypt_then_mac mbedtls_ssl_conf_encrypt_then_mac
-#define ssl_set_endpoint mbedtls_ssl_conf_endpoint
-#define ssl_set_extended_master_secret mbedtls_ssl_conf_extended_master_secret
-#define ssl_set_fallback mbedtls_ssl_conf_fallback
-#define ssl_set_handshake_timeout mbedtls_ssl_conf_handshake_timeout
-#define ssl_set_hostname mbedtls_ssl_set_hostname
-#define ssl_set_max_frag_len mbedtls_ssl_conf_max_frag_len
-#define ssl_set_max_version mbedtls_ssl_conf_max_version
-#define ssl_set_min_version mbedtls_ssl_conf_min_version
-#define ssl_set_own_cert mbedtls_ssl_conf_own_cert
-#define ssl_set_psk mbedtls_ssl_conf_psk
-#define ssl_set_psk_cb mbedtls_ssl_conf_psk_cb
-#define ssl_set_renegotiation mbedtls_ssl_conf_renegotiation
-#define ssl_set_renegotiation_enforced mbedtls_ssl_conf_renegotiation_enforced
-#define ssl_set_renegotiation_period mbedtls_ssl_conf_renegotiation_period
-#define ssl_set_rng mbedtls_ssl_conf_rng
-#define ssl_set_session mbedtls_ssl_set_session
-#define ssl_set_session_cache mbedtls_ssl_conf_session_cache
-#define ssl_set_session_tickets mbedtls_ssl_conf_session_tickets
-#define ssl_set_sni mbedtls_ssl_conf_sni
-#define ssl_set_transport mbedtls_ssl_conf_transport
-#define ssl_set_truncated_hmac mbedtls_ssl_conf_truncated_hmac
-#define ssl_set_verify mbedtls_ssl_conf_verify
-#define ssl_sig_from_pk mbedtls_ssl_sig_from_pk
-#define ssl_states mbedtls_ssl_states
-#define ssl_transform mbedtls_ssl_transform
-#define ssl_transform_free mbedtls_ssl_transform_free
-#define ssl_write mbedtls_ssl_write
-#define ssl_write_certificate mbedtls_ssl_write_certificate
-#define ssl_write_change_cipher_spec mbedtls_ssl_write_change_cipher_spec
-#define ssl_write_finished mbedtls_ssl_write_finished
-#define ssl_write_record mbedtls_ssl_write_record
-#define ssl_write_version mbedtls_ssl_write_version
-#define supported_ciphers mbedtls_cipher_supported
-#define t_sint mbedtls_mpi_sint
-#define t_udbl mbedtls_t_udbl
-#define t_uint mbedtls_mpi_uint
-#define test_ca_crt mbedtls_test_ca_crt
-#define test_ca_crt_ec mbedtls_test_ca_crt_ec
-#define test_ca_crt_rsa mbedtls_test_ca_crt_rsa
-#define test_ca_key mbedtls_test_ca_key
-#define test_ca_key_ec mbedtls_test_ca_key_ec
-#define test_ca_key_rsa mbedtls_test_ca_key_rsa
-#define test_ca_list mbedtls_test_cas_pem
-#define test_ca_pwd mbedtls_test_ca_pwd
-#define test_ca_pwd_ec mbedtls_test_ca_pwd_ec
-#define test_ca_pwd_rsa mbedtls_test_ca_pwd_rsa
-#define test_cli_crt mbedtls_test_cli_crt
-#define test_cli_crt_ec mbedtls_test_cli_crt_ec
-#define test_cli_crt_rsa mbedtls_test_cli_crt_rsa
-#define test_cli_key mbedtls_test_cli_key
-#define test_cli_key_ec mbedtls_test_cli_key_ec
-#define test_cli_key_rsa mbedtls_test_cli_key_rsa
-#define test_srv_crt mbedtls_test_srv_crt
-#define test_srv_crt_ec mbedtls_test_srv_crt_ec
-#define test_srv_crt_rsa mbedtls_test_srv_crt_rsa
-#define test_srv_key mbedtls_test_srv_key
-#define test_srv_key_ec mbedtls_test_srv_key_ec
-#define test_srv_key_rsa mbedtls_test_srv_key_rsa
-#define threading_mutex_t mbedtls_threading_mutex_t
-#define threading_set_alt mbedtls_threading_set_alt
-#define timing_self_test mbedtls_timing_self_test
-#define version_check_feature mbedtls_version_check_feature
-#define version_get_number mbedtls_version_get_number
-#define version_get_string mbedtls_version_get_string
-#define version_get_string_full mbedtls_version_get_string_full
-#define x509_bitstring mbedtls_x509_bitstring
-#define x509_buf mbedtls_x509_buf
-#define x509_crl mbedtls_x509_crl
-#define x509_crl_entry mbedtls_x509_crl_entry
-#define x509_crl_free mbedtls_x509_crl_free
-#define x509_crl_info mbedtls_x509_crl_info
-#define x509_crl_init mbedtls_x509_crl_init
-#define x509_crl_parse mbedtls_x509_crl_parse
-#define x509_crl_parse_der mbedtls_x509_crl_parse_der
-#define x509_crl_parse_file mbedtls_x509_crl_parse_file
-#define x509_crt mbedtls_x509_crt
-#define x509_crt_check_extended_key_usage mbedtls_x509_crt_check_extended_key_usage
-#define x509_crt_check_key_usage mbedtls_x509_crt_check_key_usage
-#define x509_crt_free mbedtls_x509_crt_free
-#define x509_crt_info mbedtls_x509_crt_info
-#define x509_crt_init mbedtls_x509_crt_init
-#define x509_crt_parse mbedtls_x509_crt_parse
-#define x509_crt_parse_der mbedtls_x509_crt_parse_der
-#define x509_crt_parse_file mbedtls_x509_crt_parse_file
-#define x509_crt_parse_path mbedtls_x509_crt_parse_path
-#define x509_crt_revoked mbedtls_x509_crt_is_revoked
-#define x509_crt_verify mbedtls_x509_crt_verify
-#define x509_csr mbedtls_x509_csr
-#define x509_csr_free mbedtls_x509_csr_free
-#define x509_csr_info mbedtls_x509_csr_info
-#define x509_csr_init mbedtls_x509_csr_init
-#define x509_csr_parse mbedtls_x509_csr_parse
-#define x509_csr_parse_der mbedtls_x509_csr_parse_der
-#define x509_csr_parse_file mbedtls_x509_csr_parse_file
-#define x509_dn_gets mbedtls_x509_dn_gets
-#define x509_get_alg mbedtls_x509_get_alg
-#define x509_get_alg_null mbedtls_x509_get_alg_null
-#define x509_get_ext mbedtls_x509_get_ext
-#define x509_get_name mbedtls_x509_get_name
-#define x509_get_rsassa_pss_params mbedtls_x509_get_rsassa_pss_params
-#define x509_get_serial mbedtls_x509_get_serial
-#define x509_get_sig mbedtls_x509_get_sig
-#define x509_get_sig_alg mbedtls_x509_get_sig_alg
-#define x509_get_time mbedtls_x509_get_time
-#define x509_key_size_helper mbedtls_x509_key_size_helper
-#define x509_name mbedtls_x509_name
-#define x509_self_test mbedtls_x509_self_test
-#define x509_sequence mbedtls_x509_sequence
-#define x509_serial_gets mbedtls_x509_serial_gets
-#define x509_set_extension mbedtls_x509_set_extension
-#define x509_sig_alg_gets mbedtls_x509_sig_alg_gets
-#define x509_string_to_names mbedtls_x509_string_to_names
-#define x509_time mbedtls_x509_time
-#define x509_time_expired mbedtls_x509_time_is_past
-#define x509_time_future mbedtls_x509_time_is_future
-#define x509_write_extensions mbedtls_x509_write_extensions
-#define x509_write_names mbedtls_x509_write_names
-#define x509_write_sig mbedtls_x509_write_sig
-#define x509write_cert mbedtls_x509write_cert
-#define x509write_crt_der mbedtls_x509write_crt_der
-#define x509write_crt_free mbedtls_x509write_crt_free
-#define x509write_crt_init mbedtls_x509write_crt_init
-#define x509write_crt_pem mbedtls_x509write_crt_pem
-#define x509write_crt_set_authority_key_identifier mbedtls_x509write_crt_set_authority_key_identifier
-#define x509write_crt_set_basic_constraints mbedtls_x509write_crt_set_basic_constraints
-#define x509write_crt_set_extension mbedtls_x509write_crt_set_extension
-#define x509write_crt_set_issuer_key mbedtls_x509write_crt_set_issuer_key
-#define x509write_crt_set_issuer_name mbedtls_x509write_crt_set_issuer_name
-#define x509write_crt_set_key_usage mbedtls_x509write_crt_set_key_usage
-#define x509write_crt_set_md_alg mbedtls_x509write_crt_set_md_alg
-#define x509write_crt_set_ns_cert_type mbedtls_x509write_crt_set_ns_cert_type
-#define x509write_crt_set_serial mbedtls_x509write_crt_set_serial
-#define x509write_crt_set_subject_key mbedtls_x509write_crt_set_subject_key
-#define x509write_crt_set_subject_key_identifier mbedtls_x509write_crt_set_subject_key_identifier
-#define x509write_crt_set_subject_name mbedtls_x509write_crt_set_subject_name
-#define x509write_crt_set_validity mbedtls_x509write_crt_set_validity
-#define x509write_crt_set_version mbedtls_x509write_crt_set_version
-#define x509write_csr mbedtls_x509write_csr
-#define x509write_csr_der mbedtls_x509write_csr_der
-#define x509write_csr_free mbedtls_x509write_csr_free
-#define x509write_csr_init mbedtls_x509write_csr_init
-#define x509write_csr_pem mbedtls_x509write_csr_pem
-#define x509write_csr_set_extension mbedtls_x509write_csr_set_extension
-#define x509write_csr_set_key mbedtls_x509write_csr_set_key
-#define x509write_csr_set_key_usage mbedtls_x509write_csr_set_key_usage
-#define x509write_csr_set_md_alg mbedtls_x509write_csr_set_md_alg
-#define x509write_csr_set_ns_cert_type mbedtls_x509write_csr_set_ns_cert_type
-#define x509write_csr_set_subject_name mbedtls_x509write_csr_set_subject_name
-#define xtea_context mbedtls_xtea_context
-#define xtea_crypt_cbc mbedtls_xtea_crypt_cbc
-#define xtea_crypt_ecb mbedtls_xtea_crypt_ecb
-#define xtea_free mbedtls_xtea_free
-#define xtea_init mbedtls_xtea_init
-#define xtea_self_test mbedtls_xtea_self_test
-#define xtea_setup mbedtls_xtea_setup
-
-#endif /* compat-1.3.h */
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h
deleted file mode 100644
index 121575a5..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/ctr_drbg.h
+++ /dev/null
@@ -1,322 +0,0 @@
-/**
- * \file ctr_drbg.h
- *
- * \brief    CTR_DRBG is based on AES-256, as defined in <em>NIST SP 800-90A:
- *           Recommendation for Random Number Generation Using Deterministic
- *           Random Bit Generators</em>.
- *
- */
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_CTR_DRBG_H
-#define MBEDTLS_CTR_DRBG_H
-
-#include "aes.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED        -0x0034  /**< The entropy source failed. */
-#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG              -0x0036  /**< The requested random buffer length is too big. */
-#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG                -0x0038  /**< The input (entropy + additional data) is too large. */
-#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR                -0x003A  /**< Read or write error in file. */
-
-#define MBEDTLS_CTR_DRBG_BLOCKSIZE          16 /**< The block size used by the cipher. */
-#define MBEDTLS_CTR_DRBG_KEYSIZE            32 /**< The key size used by the cipher. */
-#define MBEDTLS_CTR_DRBG_KEYBITS            ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */
-#define MBEDTLS_CTR_DRBG_SEEDLEN            ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them using the compiler command
- * line.
- * \{
- */
-
-#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
-#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
-#define MBEDTLS_CTR_DRBG_ENTROPY_LEN        48
-/**< The amount of entropy used per seed by default:
- * <ul><li>48 with SHA-512.</li>
- * <li>32 with SHA-256.</li></ul>
- */
-#else
-#define MBEDTLS_CTR_DRBG_ENTROPY_LEN        32
-/**< Amount of entropy used per seed by default:
- * <ul><li>48 with SHA-512.</li>
- * <li>32 with SHA-256.</li></ul>
- */
-#endif
-#endif
-
-#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
-#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL    10000
-/**< The interval before reseed is performed by default. */
-#endif
-
-#if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
-#define MBEDTLS_CTR_DRBG_MAX_INPUT          256
-/**< The maximum number of additional input Bytes. */
-#endif
-
-#if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
-#define MBEDTLS_CTR_DRBG_MAX_REQUEST        1024
-/**< The maximum number of requested Bytes per call. */
-#endif
-
-#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
-#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT     384
-/**< The maximum size of seed or reseed buffer. */
-#endif
-
-/* \} name SECTION: Module settings */
-
-#define MBEDTLS_CTR_DRBG_PR_OFF             0
-/**< Prediction resistance is disabled. */
-#define MBEDTLS_CTR_DRBG_PR_ON              1
-/**< Prediction resistance is enabled. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          The CTR_DRBG context structure.
- */
-typedef struct
-{
-    unsigned char counter[16];  /*!< The counter (V). */
-    int reseed_counter;         /*!< The reseed counter. */
-    int prediction_resistance;  /*!< This determines whether prediction
-                                     resistance is enabled, that is
-                                     whether to systematically reseed before
-                                     each random generation. */
-    size_t entropy_len;         /*!< The amount of entropy grabbed on each
-                                     seed or reseed operation. */
-    int reseed_interval;        /*!< The reseed interval. */
-
-    mbedtls_aes_context aes_ctx;        /*!< The AES context. */
-
-    /*
-     * Callbacks (Entropy)
-     */
-    int (*f_entropy)(void *, unsigned char *, size_t);
-                                /*!< The entropy callback function. */
-
-    void *p_entropy;            /*!< The context for the entropy function. */
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_threading_mutex_t mutex;
-#endif
-}
-mbedtls_ctr_drbg_context;
-
-/**
- * \brief               This function initializes the CTR_DRBG context,
- *                      and prepares it for mbedtls_ctr_drbg_seed()
- *                      or mbedtls_ctr_drbg_free().
- *
- * \param ctx           The CTR_DRBG context to initialize.
- */
-void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
-
-/**
- * \brief               This function seeds and sets up the CTR_DRBG
- *                      entropy source for future reseeds.
- *
- * \note Personalization data can be provided in addition to the more generic
- *       entropy source, to make this instantiation as unique as possible.
- *
- * \param ctx           The CTR_DRBG context to seed.
- * \param f_entropy     The entropy callback, taking as arguments the
- *                      \p p_entropy context, the buffer to fill, and the
-                        length of the buffer.
- * \param p_entropy     The entropy context.
- * \param custom        Personalization data, that is device-specific
-                        identifiers. Can be NULL.
- * \param len           The length of the personalization data.
- *
- * \return              \c 0 on success, or
- *                      #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
- */
-int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
-                   int (*f_entropy)(void *, unsigned char *, size_t),
-                   void *p_entropy,
-                   const unsigned char *custom,
-                   size_t len );
-
-/**
- * \brief               This function clears CTR_CRBG context data.
- *
- * \param ctx           The CTR_DRBG context to clear.
- */
-void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
-
-/**
- * \brief               This function turns prediction resistance on or off.
- *                      The default value is off.
- *
- * \note                If enabled, entropy is gathered at the beginning of
- *                      every call to mbedtls_ctr_drbg_random_with_add().
- *                      Only use this if your entropy source has sufficient
- *                      throughput.
- *
- * \param ctx           The CTR_DRBG context.
- * \param resistance    #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF.
- */
-void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
-                                         int resistance );
-
-/**
- * \brief               This function sets the amount of entropy grabbed on each
- *                      seed or reseed. The default value is
- *                      #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
- *
- * \param ctx           The CTR_DRBG context.
- * \param len           The amount of entropy to grab.
- */
-void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
-                               size_t len );
-
-/**
- * \brief               This function sets the reseed interval.
- *                      The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL.
- *
- * \param ctx           The CTR_DRBG context.
- * \param interval      The reseed interval.
- */
-void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
-                                   int interval );
-
-/**
- * \brief               This function reseeds the CTR_DRBG context, that is
- *                      extracts data from the entropy source.
- *
- * \param ctx           The CTR_DRBG context.
- * \param additional    Additional data to add to the state. Can be NULL.
- * \param len           The length of the additional data.
- *
- * \return   \c 0 on success, or
- *           #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
- */
-int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
-                     const unsigned char *additional, size_t len );
-
-/**
- * \brief               This function updates the state of the CTR_DRBG context.
- *
- * \param ctx           The CTR_DRBG context.
- * \param additional    The data to update the state with.
- * \param add_len       Length of \p additional data.
- *
- * \note     If \p add_len is greater than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT,
- *           only the first #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
- *           The remaining Bytes are silently discarded.
- */
-void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
-                      const unsigned char *additional, size_t add_len );
-
-/**
- * \brief   This function updates a CTR_DRBG instance with additional
- *          data and uses it to generate random data.
- *
- * \note    The function automatically reseeds if the reseed counter is exceeded.
- *
- * \param p_rng         The CTR_DRBG context. This must be a pointer to a
- *                      #mbedtls_ctr_drbg_context structure.
- * \param output        The buffer to fill.
- * \param output_len    The length of the buffer.
- * \param additional    Additional data to update. Can be NULL.
- * \param add_len       The length of the additional data.
- *
- * \return    \c 0 on success, or
- *            #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
- *            #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
- */
-int mbedtls_ctr_drbg_random_with_add( void *p_rng,
-                              unsigned char *output, size_t output_len,
-                              const unsigned char *additional, size_t add_len );
-
-/**
- * \brief   This function uses CTR_DRBG to generate random data.
- *
- * \note    The function automatically reseeds if the reseed counter is exceeded.
- *
- * \param p_rng         The CTR_DRBG context. This must be a pointer to a
- *                      #mbedtls_ctr_drbg_context structure.
- * \param output        The buffer to fill.
- * \param output_len    The length of the buffer.
- *
- * \return              \c 0 on success, or
- *                      #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
- *                      #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
- */
-int mbedtls_ctr_drbg_random( void *p_rng,
-                     unsigned char *output, size_t output_len );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief               This function writes a seed file.
- *
- * \param ctx           The CTR_DRBG context.
- * \param path          The name of the file.
- *
- * \return              \c 0 on success,
- *                      #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or
- *                      #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
- *                      failure.
- */
-int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
-
-/**
- * \brief               This function reads and updates a seed file. The seed
- *                      is added to this instance.
- *
- * \param ctx           The CTR_DRBG context.
- * \param path          The name of the file.
- *
- * \return              \c 0 on success,
- *                      #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error,
- *                      #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
- *                      #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG on failure.
- */
-int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief               The CTR_DRBG checkup routine.
- *
- * \return              \c 0 on success, or \c 1 on failure.
- */
-int mbedtls_ctr_drbg_self_test( int verbose );
-
-/* Internal functions (do not call directly) */
-int mbedtls_ctr_drbg_seed_entropy_len( mbedtls_ctr_drbg_context *,
-                               int (*)(void *, unsigned char *, size_t), void *,
-                               const unsigned char *, size_t, size_t );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ctr_drbg.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/debug.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/debug.h
deleted file mode 100644
index ef8db67f..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/debug.h
+++ /dev/null
@@ -1,229 +0,0 @@
-/**
- * \file debug.h
- *
- * \brief Functions for controlling and providing debug output from the library.
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_DEBUG_H
-#define MBEDTLS_DEBUG_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "ssl.h"
-
-#if defined(MBEDTLS_ECP_C)
-#include "ecp.h"
-#endif
-
-#if defined(MBEDTLS_DEBUG_C)
-
-#define MBEDTLS_DEBUG_STRIP_PARENS( ... )   __VA_ARGS__
-
-#define MBEDTLS_SSL_DEBUG_MSG( level, args )                    \
-    mbedtls_debug_print_msg( ssl, level, __FILE__, __LINE__,    \
-                             MBEDTLS_DEBUG_STRIP_PARENS args )
-
-#define MBEDTLS_SSL_DEBUG_RET( level, text, ret )                \
-    mbedtls_debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret )
-
-#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len )           \
-    mbedtls_debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len )
-
-#if defined(MBEDTLS_BIGNUM_C)
-#define MBEDTLS_SSL_DEBUG_MPI( level, text, X )                  \
-    mbedtls_debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X )
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-#define MBEDTLS_SSL_DEBUG_ECP( level, text, X )                  \
-    mbedtls_debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X )
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )                \
-    mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt )
-#endif
-
-#else /* MBEDTLS_DEBUG_C */
-
-#define MBEDTLS_SSL_DEBUG_MSG( level, args )            do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_RET( level, text, ret )       do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len )  do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_MPI( level, text, X )         do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_ECP( level, text, X )         do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )       do { } while( 0 )
-
-#endif /* MBEDTLS_DEBUG_C */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief   Set the threshold error level to handle globally all debug output.
- *          Debug messages that have a level over the threshold value are
- *          discarded.
- *          (Default value: 0 = No debug )
- *
- * \param threshold     theshold level of messages to filter on. Messages at a
- *                      higher level will be discarded.
- *                          - Debug levels
- *                              - 0 No debug
- *                              - 1 Error
- *                              - 2 State change
- *                              - 3 Informational
- *                              - 4 Verbose
- */
-void mbedtls_debug_set_threshold( int threshold );
-
-/**
- * \brief    Print a message to the debug output. This function is always used
- *          through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl
- *          context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the message has occurred in
- * \param line      line number the message has occurred at
- * \param format    format specifier, in printf format
- * \param ...       variables used by the format specifier
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
-                              const char *file, int line,
-                              const char *format, ... );
-
-/**
- * \brief   Print the return value of a function to the debug output. This
- *          function is always used through the MBEDTLS_SSL_DEBUG_RET() macro,
- *          which supplies the ssl context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param text      the name of the function that returned the error
- * \param ret       the return code value
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, int ret );
-
-/**
- * \brief   Output a buffer of size len bytes to the debug output. This function
- *          is always used through the MBEDTLS_SSL_DEBUG_BUF() macro,
- *          which supplies the ssl context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param text      a name or label for the buffer being dumped. Normally the
- *                  variable or buffer name
- * \param buf       the buffer to be outputted
- * \param len       length of the buffer
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line, const char *text,
-                      const unsigned char *buf, size_t len );
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief   Print a MPI variable to the debug output. This function is always
- *          used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the
- *          ssl context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param text      a name or label for the MPI being output. Normally the
- *                  variable name
- * \param X         the MPI variable
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_mpi *X );
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * \brief   Print an ECP point to the debug output. This function is always
- *          used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
- *          ssl context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param text      a name or label for the ECP point being output. Normally the
- *                  variable name
- * \param X         the ECP point
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_ecp_point *X );
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief   Print a X.509 certificate structure to the debug output. This
- *          function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,
- *          which supplies the ssl context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param text      a name or label for the certificate being output
- * \param crt       X.509 certificate structure
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_x509_crt *crt );
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* debug.h */
-
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/des.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/des.h
deleted file mode 100644
index 5a1a6365..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/des.h
+++ /dev/null
@@ -1,357 +0,0 @@
-/**
- * \file des.h
- *
- * \brief DES block cipher
- *
- * \warning   DES is considered a weak cipher and its use constitutes a
- *            security risk. We recommend considering stronger ciphers
- *            instead.
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- *
- */
-#ifndef MBEDTLS_DES_H
-#define MBEDTLS_DES_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#define MBEDTLS_DES_ENCRYPT     1
-#define MBEDTLS_DES_DECRYPT     0
-
-#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH              -0x0032  /**< The data input has an invalid length. */
-#define MBEDTLS_ERR_DES_HW_ACCEL_FAILED                   -0x0033  /**< DES hardware accelerator failed. */
-
-#define MBEDTLS_DES_KEY_SIZE    8
-
-#if !defined(MBEDTLS_DES_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          DES context structure
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-typedef struct
-{
-    uint32_t sk[32];            /*!<  DES subkeys       */
-}
-mbedtls_des_context;
-
-/**
- * \brief          Triple-DES context structure
- */
-typedef struct
-{
-    uint32_t sk[96];            /*!<  3DES subkeys      */
-}
-mbedtls_des3_context;
-
-/**
- * \brief          Initialize DES context
- *
- * \param ctx      DES context to be initialized
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-void mbedtls_des_init( mbedtls_des_context *ctx );
-
-/**
- * \brief          Clear DES context
- *
- * \param ctx      DES context to be cleared
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-void mbedtls_des_free( mbedtls_des_context *ctx );
-
-/**
- * \brief          Initialize Triple-DES context
- *
- * \param ctx      DES3 context to be initialized
- */
-void mbedtls_des3_init( mbedtls_des3_context *ctx );
-
-/**
- * \brief          Clear Triple-DES context
- *
- * \param ctx      DES3 context to be cleared
- */
-void mbedtls_des3_free( mbedtls_des3_context *ctx );
-
-/**
- * \brief          Set key parity on the given key to odd.
- *
- *                 DES keys are 56 bits long, but each byte is padded with
- *                 a parity bit to allow verification.
- *
- * \param key      8-byte secret key
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-
-/**
- * \brief          Check that key parity on the given key is odd.
- *
- *                 DES keys are 56 bits long, but each byte is padded with
- *                 a parity bit to allow verification.
- *
- * \param key      8-byte secret key
- *
- * \return         0 is parity was ok, 1 if parity was not correct.
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-
-/**
- * \brief          Check that key is not a weak or semi-weak DES key
- *
- * \param key      8-byte secret key
- *
- * \return         0 if no weak key was found, 1 if a weak key was identified.
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-
-/**
- * \brief          DES key schedule (56-bit, encryption)
- *
- * \param ctx      DES context to be initialized
- * \param key      8-byte secret key
- *
- * \return         0
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-
-/**
- * \brief          DES key schedule (56-bit, decryption)
- *
- * \param ctx      DES context to be initialized
- * \param key      8-byte secret key
- *
- * \return         0
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-
-/**
- * \brief          Triple-DES key schedule (112-bit, encryption)
- *
- * \param ctx      3DES context to be initialized
- * \param key      16-byte secret key
- *
- * \return         0
- */
-int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
-
-/**
- * \brief          Triple-DES key schedule (112-bit, decryption)
- *
- * \param ctx      3DES context to be initialized
- * \param key      16-byte secret key
- *
- * \return         0
- */
-int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
-
-/**
- * \brief          Triple-DES key schedule (168-bit, encryption)
- *
- * \param ctx      3DES context to be initialized
- * \param key      24-byte secret key
- *
- * \return         0
- */
-int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
-
-/**
- * \brief          Triple-DES key schedule (168-bit, decryption)
- *
- * \param ctx      3DES context to be initialized
- * \param key      24-byte secret key
- *
- * \return         0
- */
-int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
-
-/**
- * \brief          DES-ECB block encryption/decryption
- *
- * \param ctx      DES context
- * \param input    64-bit input block
- * \param output   64-bit output block
- *
- * \return         0 if successful
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
-                    const unsigned char input[8],
-                    unsigned char output[8] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief          DES-CBC buffer encryption/decryption
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      DES context
- * \param mode     MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
- * \param length   length of the input data
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[8],
-                    const unsigned char *input,
-                    unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-/**
- * \brief          3DES-ECB block encryption/decryption
- *
- * \param ctx      3DES context
- * \param input    64-bit input block
- * \param output   64-bit output block
- *
- * \return         0 if successful
- */
-int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
-                     const unsigned char input[8],
-                     unsigned char output[8] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief          3DES-CBC buffer encryption/decryption
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      3DES context
- * \param mode     MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
- * \param length   length of the input data
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
- *
- * \return         0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
- */
-int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
-                     int mode,
-                     size_t length,
-                     unsigned char iv[8],
-                     const unsigned char *input,
-                     unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-/**
- * \brief          Internal function for key expansion.
- *                 (Only exposed to allow overriding it,
- *                 see MBEDTLS_DES_SETKEY_ALT)
- *
- * \param SK       Round keys
- * \param key      Base key
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-void mbedtls_des_setkey( uint32_t SK[32],
-                         const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_DES_ALT */
-#include "des_alt.h"
-#endif /* MBEDTLS_DES_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mbedtls_des_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* des.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/dhm.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/dhm.h
deleted file mode 100644
index 00fafd8d..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/dhm.h
+++ /dev/null
@@ -1,1061 +0,0 @@
-/**
- * \file dhm.h
- *
- * \brief Diffie-Hellman-Merkle key exchange.
- *
- * <em>RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for
- * Internet Key Exchange (IKE)</em> defines a number of standardized
- * Diffie-Hellman groups for IKE.
- *
- * <em>RFC-5114: Additional Diffie-Hellman Groups for Use with IETF
- * Standards</em> defines a number of standardized Diffie-Hellman
- * groups that can be used.
- *
- * \warning  The security of the DHM key exchange relies on the proper choice
- *           of prime modulus - optimally, it should be a safe prime. The usage
- *           of non-safe primes both decreases the difficulty of the underlying
- *           discrete logarithm problem and can lead to small subgroup attacks
- *           leaking private exponent bits when invalid public keys are used
- *           and not detected. This is especially relevant if the same DHM
- *           parameters are reused for multiple key exchanges as in static DHM,
- *           while the criticality of small-subgroup attacks is lower for
- *           ephemeral DHM.
- *
- * \warning  For performance reasons, the code does neither perform primality
- *           nor safe primality tests, nor the expensive checks for invalid
- *           subgroups. Moreover, even if these were performed, non-standardized
- *           primes cannot be trusted because of the possibility of backdoors
- *           that can't be effectively checked for.
- *
- * \warning  Diffie-Hellman-Merkle is therefore a security risk when not using
- *           standardized primes generated using a trustworthy ("nothing up
- *           my sleeve") method, such as the RFC 3526 / 7919 primes. In the TLS
- *           protocol, DH parameters need to be negotiated, so using the default
- *           primes systematically is not always an option. If possible, use
- *           Elliptic Curve Diffie-Hellman (ECDH), which has better performance,
- *           and for which the TLS protocol mandates the use of standard
- *           parameters.
- *
- */
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_DHM_H
-#define MBEDTLS_DHM_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-#include "bignum.h"
-#if !defined(MBEDTLS_DHM_ALT)
-
-/*
- * DHM Error codes
- */
-#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA                    -0x3080  /**< Bad input parameters. */
-#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED                -0x3100  /**< Reading of the DHM parameters failed. */
-#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED                -0x3180  /**< Making of the DHM parameters failed. */
-#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED                -0x3200  /**< Reading of the public values failed. */
-#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED                -0x3280  /**< Making of the public value failed. */
-#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED                -0x3300  /**< Calculation of the DHM secret failed. */
-#define MBEDTLS_ERR_DHM_INVALID_FORMAT                    -0x3380  /**< The ASN.1 data is not formatted correctly. */
-#define MBEDTLS_ERR_DHM_ALLOC_FAILED                      -0x3400  /**< Allocation of memory failed. */
-#define MBEDTLS_ERR_DHM_FILE_IO_ERROR                     -0x3480  /**< Read or write of file failed. */
-#define MBEDTLS_ERR_DHM_HW_ACCEL_FAILED                   -0x3500  /**< DHM hardware accelerator failed. */
-#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED                  -0x3580  /**< Setting the modulus and generator failed. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          The DHM context structure.
- */
-typedef struct
-{
-    size_t len;         /*!<  The size of \p P in Bytes. */
-    mbedtls_mpi P;      /*!<  The prime modulus. */
-    mbedtls_mpi G;      /*!<  The generator. */
-    mbedtls_mpi X;      /*!<  Our secret value. */
-    mbedtls_mpi GX;     /*!<  Our public key = \c G^X mod \c P. */
-    mbedtls_mpi GY;     /*!<  The public key of the peer = \c G^Y mod \c P. */
-    mbedtls_mpi K;      /*!<  The shared secret = \c G^(XY) mod \c P. */
-    mbedtls_mpi RP;     /*!<  The cached value = \c R^2 mod \c P. */
-    mbedtls_mpi Vi;     /*!<  The blinding value. */
-    mbedtls_mpi Vf;     /*!<  The unblinding value. */
-    mbedtls_mpi pX;     /*!<  The previous \c X. */
-}
-mbedtls_dhm_context;
-
-/**
- * \brief          This function initializes the DHM context.
- *
- * \param ctx      The DHM context to initialize.
- */
-void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
-
-/**
- * \brief          This function parses the ServerKeyExchange parameters.
- *
- * \param ctx      The DHM context.
- * \param p        On input, *p must be the start of the input buffer.
- *                 On output, *p is updated to point to the end of the data
- *                 that has been read. On success, this is the first byte
- *                 past the end of the ServerKeyExchange parameters.
- *                 On error, this is the point at which an error has been
- *                 detected, which is usually not useful except to debug
- *                 failures.
- * \param end      The end of the input buffer.
- *
- * \return         \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
- *                 on failure.
- */
-int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
-                     unsigned char **p,
-                     const unsigned char *end );
-
-/**
- * \brief          This function sets up and writes the ServerKeyExchange
- *                 parameters.
- *
- * \param ctx      The DHM context.
- * \param x_size   The private value size in Bytes.
- * \param olen     The number of characters written.
- * \param output   The destination buffer.
- * \param f_rng    The RNG function.
- * \param p_rng    The RNG parameter.
- *
- * \note           The destination buffer must be large enough to hold
- *                 the reduced binary presentation of the modulus, the generator
- *                 and the public key, each wrapped with a 2-byte length field.
- *                 It is the responsibility of the caller to ensure that enough
- *                 space is available. Refer to \c mbedtls_mpi_size to computing
- *                 the byte-size of an MPI.
- *
- * \note           This function assumes that \c ctx->P and \c ctx->G
- *                 have already been properly set. For that, use
- *                 mbedtls_dhm_set_group() below in conjunction with
- *                 mbedtls_mpi_read_binary() and mbedtls_mpi_read_string().
- *
- * \return         \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
- *                 on failure.
- */
-int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
-                     unsigned char *output, size_t *olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
-
-/**
- * \brief          Set prime modulus and generator
- *
- * \param ctx      The DHM context.
- * \param P        The MPI holding DHM prime modulus.
- * \param G        The MPI holding DHM generator.
- *
- * \note           This function can be used to set P, G
- *                 in preparation for \c mbedtls_dhm_make_params.
- *
- * \return         \c 0 if successful, or an \c MBEDTLS_ERR_DHM_XXX error code
- *                 on failure.
- */
-int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
-                           const mbedtls_mpi *P,
-                           const mbedtls_mpi *G );
-
-/**
- * \brief          This function imports the public value G^Y of the peer.
- *
- * \param ctx      The DHM context.
- * \param input    The input buffer.
- * \param ilen     The size of the input buffer.
- *
- * \return         \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
- *                 on failure.
- */
-int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
-                     const unsigned char *input, size_t ilen );
-
-/**
- * \brief          This function creates its own private value \c X and
- *                 exports \c G^X.
- *
- * \param ctx      The DHM context.
- * \param x_size   The private value size in Bytes.
- * \param output   The destination buffer.
- * \param olen     The length of the destination buffer. Must be at least
-                   equal to ctx->len (the size of \c P).
- * \param f_rng    The RNG function.
- * \param p_rng    The RNG parameter.
- *
- * \note           The destination buffer will always be fully written
- *                 so as to contain a big-endian presentation of G^X mod P.
- *                 If it is larger than ctx->len, it will accordingly be
- *                 padded with zero-bytes in the beginning.
- *
- * \return         \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
- *                 on failure.
- */
-int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
-                     unsigned char *output, size_t olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
-
-/**
- * \brief               This function derives and exports the shared secret
- *                      \c (G^Y)^X mod \c P.
- *
- * \param ctx           The DHM context.
- * \param output        The destination buffer.
- * \param output_size   The size of the destination buffer. Must be at least
- *                      the size of ctx->len.
- * \param olen          On exit, holds the actual number of Bytes written.
- * \param f_rng         The RNG function, for blinding purposes.
- * \param p_rng         The RNG parameter.
- *
- * \return         \c 0 on success, or an \c MBEDTLS_ERR_DHM_XXX error code
- *                 on failure.
- *
- * \note           If non-NULL, \p f_rng is used to blind the input as
- *                 a countermeasure against timing attacks. Blinding is used
- *                 only if our secret value \p X is re-used and omitted
- *                 otherwise. Therefore, we recommend always passing a
- *                 non-NULL \p f_rng argument.
- */
-int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
-                     unsigned char *output, size_t output_size, size_t *olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
-
-/**
- * \brief          This function frees and clears the components of a DHM key.
- *
- * \param ctx      The DHM context to free and clear.
- */
-void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-/** \ingroup x509_module */
-/**
- * \brief             This function parses DHM parameters in PEM or DER format.
- *
- * \param dhm         The DHM context to initialize.
- * \param dhmin       The input buffer.
- * \param dhminlen    The size of the buffer, including the terminating null
- *                    Byte for PEM data.
- *
- * \return            \c 0 on success, or a specific DHM or PEM error code
- *                    on failure.
- */
-int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
-                   size_t dhminlen );
-
-#if defined(MBEDTLS_FS_IO)
-/** \ingroup x509_module */
-/**
- * \brief          This function loads and parses DHM parameters from a file.
- *
- * \param dhm      The DHM context to load the parameters to.
- * \param path     The filename to read the DHM parameters from.
- *
- * \return         \c 0 on success, or a specific DHM or PEM error code
- *                 on failure.
- */
-int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
-#endif /* MBEDTLS_FS_IO */
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#else /* MBEDTLS_DHM_ALT */
-#include "dhm_alt.h"
-#endif /* MBEDTLS_DHM_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          The DMH checkup routine.
- *
- * \return         \c 0 on success, or \c 1 on failure.
- */
-int mbedtls_dhm_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-/**
- * RFC 3526, RFC 5114 and RFC 7919 standardize a number of
- * Diffie-Hellman groups, some of which are included here
- * for use within the SSL/TLS module and the user's convenience
- * when configuring the Diffie-Hellman parameters by hand
- * through \c mbedtls_ssl_conf_dh_param.
- *
- * The following lists the source of the above groups in the standards:
- * - RFC 5114 section 2.2:  2048-bit MODP Group with 224-bit Prime Order Subgroup
- * - RFC 3526 section 3:    2048-bit MODP Group
- * - RFC 3526 section 4:    3072-bit MODP Group
- * - RFC 3526 section 5:    4096-bit MODP Group
- * - RFC 7919 section A.1:  ffdhe2048
- * - RFC 7919 section A.2:  ffdhe3072
- * - RFC 7919 section A.3:  ffdhe4096
- * - RFC 7919 section A.4:  ffdhe6144
- * - RFC 7919 section A.5:  ffdhe8192
- *
- * The constants with suffix "_p" denote the chosen prime moduli, while
- * the constants with suffix "_g" denote the chosen generator
- * of the associated prime field.
- *
- * The constants further suffixed with "_bin" are provided in binary format,
- * while all other constants represent null-terminated strings holding the
- * hexadecimal presentation of the respective numbers.
- *
- * The primes from RFC 3526 and RFC 7919 have been generating by the following
- * trust-worthy procedure:
- * - Fix N in { 2048, 3072, 4096, 6144, 8192 } and consider the N-bit number
- *   the first and last 64 bits are all 1, and the remaining N - 128 bits of
- *   which are 0x7ff...ff.
- * - Add the smallest multiple of the first N - 129 bits of the binary expansion
- *   of pi (for RFC 5236) or e (for RFC 7919) to this intermediate bit-string
- *   such that the resulting integer is a safe-prime.
- * - The result is the respective RFC 3526 / 7919 prime, and the corresponding
- *   generator is always chosen to be 2 (which is a square for these prime,
- *   hence the corresponding subgroup has order (p-1)/2 and avoids leaking a
- *   bit in the private exponent).
- *
- */
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_constant_t;
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL )       \
-    ( (mbedtls_deprecated_constant_t) ( VAL ) )
-#else
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
-#endif /* ! MBEDTLS_DEPRECATED_WARNING */
-
-/**
- * \warning The origin of the primes in RFC 5114 is not documented and
- *          their use therefore constitutes a security risk!
- *
- * \deprecated The hex-encoded primes from RFC 5114 are deprecated and are
- *             likely to be removed in a future version of the library without
- *             replacement.
- */
-
-/**
- * The hexadecimal presentation of the prime underlying the
- * 2048-bit MODP Group with 224-bit Prime Order Subgroup, as defined
- * in <em>RFC-5114: Additional Diffie-Hellman Groups for Use with
- * IETF Standards</em>.
- */
-#define MBEDTLS_DHM_RFC5114_MODP_2048_P                         \
-    MBEDTLS_DEPRECATED_STRING_CONSTANT(                         \
-        "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"      \
-        "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"      \
-        "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"      \
-        "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"      \
-        "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"      \
-        "B3BF8A317091883681286130BC8985DB1602E714415D9330"      \
-        "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"      \
-        "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"      \
-        "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"      \
-        "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"      \
-        "CF9DE5384E71B81C0AC4DFFE0C10E64F" )
-
-/**
- * The hexadecimal presentation of the chosen generator of the 2048-bit MODP
- * Group with 224-bit Prime Order Subgroup, as defined in <em>RFC-5114:
- * Additional Diffie-Hellman Groups for Use with IETF Standards</em>.
- */
-#define MBEDTLS_DHM_RFC5114_MODP_2048_G                         \
-    MBEDTLS_DEPRECATED_STRING_CONSTANT(                         \
-        "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"      \
-        "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"      \
-        "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"      \
-        "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"      \
-        "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"      \
-        "F180EB34118E98D119529A45D6F834566E3025E316A330EF"      \
-        "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"      \
-        "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"      \
-        "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"      \
-        "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"      \
-        "81BC087F2A7065B384B890D3191F2BFA" )
-
-/**
- * The hexadecimal presentation of the prime underlying the 2048-bit MODP
- * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- *
- * \deprecated The hex-encoded primes from RFC 3625 are deprecated and
- *             superseded by the corresponding macros providing them as
- *             binary constants. Their hex-encoded constants are likely
- *             to be removed in a future version of the library.
- *
- */
-#define MBEDTLS_DHM_RFC3526_MODP_2048_P                         \
-    MBEDTLS_DEPRECATED_STRING_CONSTANT(                         \
-        "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"      \
-        "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"      \
-        "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"      \
-        "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"      \
-        "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"      \
-        "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"      \
-        "83655D23DCA3AD961C62F356208552BB9ED529077096966D"      \
-        "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"      \
-        "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"      \
-        "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"      \
-        "15728E5A8AACAA68FFFFFFFFFFFFFFFF" )
-
-/**
- * The hexadecimal presentation of the chosen generator of the 2048-bit MODP
- * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- */
-#define MBEDTLS_DHM_RFC3526_MODP_2048_G                         \
-    MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
-
-/**
- * The hexadecimal presentation of the prime underlying the 3072-bit MODP
- * Group, as defined in <em>RFC-3072: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- */
-#define MBEDTLS_DHM_RFC3526_MODP_3072_P                         \
-    MBEDTLS_DEPRECATED_STRING_CONSTANT(                         \
-        "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"      \
-        "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"      \
-        "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"      \
-        "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"      \
-        "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"      \
-        "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"      \
-        "83655D23DCA3AD961C62F356208552BB9ED529077096966D"      \
-        "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"      \
-        "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"      \
-        "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"      \
-        "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"      \
-        "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"      \
-        "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"      \
-        "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"      \
-        "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"      \
-        "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF" )
-
-/**
- * The hexadecimal presentation of the chosen generator of the 3072-bit MODP
- * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- */
-#define MBEDTLS_DHM_RFC3526_MODP_3072_G                      \
-    MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
-
-/**
- * The hexadecimal presentation of the prime underlying the 4096-bit MODP
- * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- */
-#define MBEDTLS_DHM_RFC3526_MODP_4096_P                      \
-    MBEDTLS_DEPRECATED_STRING_CONSTANT(                      \
-        "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"   \
-        "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"   \
-        "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"   \
-        "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"   \
-        "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"   \
-        "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"   \
-        "83655D23DCA3AD961C62F356208552BB9ED529077096966D"   \
-        "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"   \
-        "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"   \
-        "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"   \
-        "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"   \
-        "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"   \
-        "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"   \
-        "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"   \
-        "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"   \
-        "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"   \
-        "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"   \
-        "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"   \
-        "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"   \
-        "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"   \
-        "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199"   \
-        "FFFFFFFFFFFFFFFF" )
-
-/**
- * The hexadecimal presentation of the chosen generator of the 4096-bit MODP
- * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- */
-#define MBEDTLS_DHM_RFC3526_MODP_4096_G                      \
-    MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
-
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/*
- * Trustworthy DHM parameters in binary form
- */
-
-#define MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN {        \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
-     0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
-     0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
-     0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
-     0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
-     0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
-     0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
-     0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
-     0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
-     0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
-     0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
-     0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
-     0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
-     0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
-     0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
-     0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
-     0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
-     0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
-     0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
-     0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
-     0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
-     0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
-     0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
-     0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
-     0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
-     0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
-     0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
-     0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
-     0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
-     0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN {       \
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-    0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
-    0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
-    0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
-    0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
-    0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
-    0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
-    0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
-    0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
-    0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
-    0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
-    0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
-    0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
-    0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
-    0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
-    0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
-    0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
-    0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
-    0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
-    0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
-    0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
-    0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
-    0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
-    0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
-    0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
-    0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
-    0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
-    0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
-    0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
-    0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
-    0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \
-    0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \
-    0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \
-    0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \
-    0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \
-    0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \
-    0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \
-    0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \
-    0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \
-    0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \
-    0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \
-    0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \
-    0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \
-    0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \
-    0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \
-    0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \
-    0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, \
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC3526_MODP_4096_P_BIN  {       \
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,  \
-    0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,  \
-    0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,  \
-    0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,  \
-    0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,  \
-    0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,  \
-    0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,  \
-    0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,  \
-    0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,  \
-    0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,  \
-    0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,  \
-    0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,  \
-    0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,  \
-    0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,  \
-    0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,  \
-    0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,  \
-    0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,  \
-    0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,  \
-    0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,  \
-    0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,  \
-    0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,  \
-    0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,  \
-    0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,  \
-    0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,  \
-    0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,  \
-    0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,  \
-    0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,  \
-    0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,  \
-    0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,  \
-    0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,  \
-    0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,  \
-    0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,  \
-    0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,  \
-    0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,  \
-    0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,  \
-    0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,  \
-    0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,  \
-    0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,  \
-    0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,  \
-    0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,  \
-    0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,  \
-    0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,  \
-    0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,  \
-    0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,  \
-    0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,  \
-    0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,  \
-    0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,  \
-    0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,  \
-    0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,  \
-    0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,  \
-    0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,  \
-    0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,  \
-    0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,  \
-    0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,  \
-    0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,  \
-    0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,  \
-    0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,  \
-    0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,  \
-    0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,  \
-    0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,  \
-    0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,  \
-    0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,  \
-    0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,  \
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC3526_MODP_4096_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN {        \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
-     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
-     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
-     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
-     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
-     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
-     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
-     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
-     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
-     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
-     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
-     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
-     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
-     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
-     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
-     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
-     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
-     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
-     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
-     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
-     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
-     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
-     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
-     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
-     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
-     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
-     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
-     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
-     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
-     0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN { \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
-     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
-     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
-     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
-     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
-     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
-     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
-     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
-     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
-     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
-     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
-     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
-     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
-     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
-     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
-     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
-     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
-     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
-     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
-     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
-     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
-     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
-     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
-     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
-     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
-     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
-     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
-     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
-     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
-     0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
-     0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
-     0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
-     0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
-     0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
-     0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
-     0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
-     0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
-     0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
-     0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
-     0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
-     0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
-     0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
-     0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
-     0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
-     0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
-     0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN {        \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
-     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
-     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
-     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
-     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
-     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
-     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
-     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
-     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
-     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
-     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
-     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
-     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
-     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
-     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
-     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
-     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
-     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
-     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
-     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
-     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
-     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
-     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
-     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
-     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
-     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
-     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
-     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
-     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
-     0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
-     0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
-     0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
-     0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
-     0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
-     0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
-     0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
-     0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
-     0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
-     0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
-     0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
-     0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
-     0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
-     0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
-     0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
-     0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
-     0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
-     0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
-     0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
-     0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
-     0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
-     0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
-     0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
-     0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
-     0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
-     0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
-     0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
-     0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
-     0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
-     0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
-     0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
-     0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
-     0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN {        \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
-     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
-     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
-     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
-     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
-     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
-     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
-     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
-     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
-     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
-     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
-     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
-     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
-     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
-     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
-     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
-     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
-     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
-     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
-     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
-     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
-     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
-     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
-     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
-     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
-     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
-     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
-     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
-     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
-     0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
-     0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
-     0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
-     0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
-     0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
-     0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
-     0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
-     0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
-     0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
-     0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
-     0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
-     0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
-     0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
-     0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
-     0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
-     0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
-     0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
-     0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
-     0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
-     0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
-     0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
-     0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
-     0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
-     0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
-     0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
-     0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
-     0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
-     0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
-     0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
-     0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
-     0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
-     0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
-     0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
-     0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
-     0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
-     0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
-     0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
-     0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
-     0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
-     0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
-     0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
-     0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
-     0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
-     0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
-     0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
-     0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
-     0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
-     0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
-     0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
-     0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
-     0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
-     0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
-     0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
-     0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
-     0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
-     0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
-     0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
-     0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
-     0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
-     0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
-     0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
-     0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
-     0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
-     0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
-     0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN {        \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
-     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
-     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
-     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
-     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
-     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
-     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
-     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
-     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
-     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
-     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
-     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
-     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
-     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
-     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
-     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
-     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
-     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
-     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
-     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
-     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
-     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
-     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
-     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
-     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
-     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
-     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
-     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
-     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
-     0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
-     0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
-     0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
-     0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
-     0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
-     0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
-     0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
-     0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
-     0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
-     0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
-     0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
-     0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
-     0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
-     0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
-     0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
-     0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
-     0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
-     0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
-     0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
-     0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
-     0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
-     0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
-     0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
-     0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
-     0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
-     0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
-     0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
-     0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
-     0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
-     0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
-     0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
-     0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
-     0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
-     0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
-     0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
-     0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
-     0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
-     0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
-     0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
-     0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
-     0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
-     0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
-     0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
-     0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
-     0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
-     0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
-     0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
-     0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
-     0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
-     0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
-     0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
-     0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
-     0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
-     0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
-     0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
-     0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
-     0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
-     0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
-     0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
-     0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
-     0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
-     0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
-     0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
-     0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
-     0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA, \
-     0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, \
-     0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, \
-     0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43, \
-     0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, \
-     0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, \
-     0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29, \
-     0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, \
-     0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, \
-     0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, \
-     0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, \
-     0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, \
-     0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, \
-     0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, \
-     0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, \
-     0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, \
-     0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, \
-     0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, \
-     0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B, \
-     0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, \
-     0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, \
-     0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31, \
-     0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, \
-     0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, \
-     0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, \
-     0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, \
-     0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, \
-     0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, \
-     0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, \
-     0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, \
-     0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, \
-     0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, \
-     0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN { 0x02 }
-
-#endif /* dhm.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/ecdh.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/ecdh.h
deleted file mode 100644
index 99cfde00..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/ecdh.h
+++ /dev/null
@@ -1,277 +0,0 @@
-/**
- * \file ecdh.h
- *
- * \brief The Elliptic Curve Diffie-Hellman (ECDH) protocol APIs.
- *
- * ECDH is an anonymous key agreement protocol allowing two parties to
- * establish a shared secret over an insecure channel. Each party must have an
- * elliptic-curve public–private key pair.
- *
- * For more information, see <em>NIST SP 800-56A Rev. 2: Recommendation for
- * Pair-Wise Key Establishment Schemes Using Discrete Logarithm
- * Cryptography</em>.
- */
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_ECDH_H
-#define MBEDTLS_ECDH_H
-
-#include "ecp.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Defines the source of the imported EC key:
- * <ul><li>Our key.</li>
- * <li>The key of the peer.</li></ul>
- */
-typedef enum
-{
-    MBEDTLS_ECDH_OURS,
-    MBEDTLS_ECDH_THEIRS,
-} mbedtls_ecdh_side;
-
-/**
- * \brief           The ECDH context structure.
- */
-typedef struct
-{
-    mbedtls_ecp_group grp;   /*!< The elliptic curve used. */
-    mbedtls_mpi d;           /*!< The private key. */
-    mbedtls_ecp_point Q;     /*!< The public key. */
-    mbedtls_ecp_point Qp;    /*!< The value of the public key of the peer. */
-    mbedtls_mpi z;           /*!< The shared secret. */
-    int point_format;        /*!< The format of point export in TLS messages. */
-    mbedtls_ecp_point Vi;    /*!< The blinding value. */
-    mbedtls_ecp_point Vf;    /*!< The unblinding value. */
-    mbedtls_mpi _d;          /*!< The previous \p d. */
-}
-mbedtls_ecdh_context;
-
-/**
- * \brief           This function generates an ECDH keypair on an elliptic
- *                  curve.
- *
- *                  This function performs the first of two core computations
- *                  implemented during the ECDH key exchange. The second core
- *                  computation is performed by mbedtls_ecdh_compute_shared().
- *
- * \param grp       The ECP group.
- * \param d         The destination MPI (private key).
- * \param Q         The destination point (public key).
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG parameter.
- *
- * \return          \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX or
- *                  \c MBEDTLS_MPI_XXX error code on failure.
- *
- * \see             ecp.h
- */
-int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
-
-/**
- * \brief           This function computes the shared secret.
- *
- *                  This function performs the second of two core computations
- *                  implemented during the ECDH key exchange. The first core
- *                  computation is performed by mbedtls_ecdh_gen_public().
- *
- * \param grp       The ECP group.
- * \param z         The destination MPI (shared secret).
- * \param Q         The public key from another party.
- * \param d         Our secret exponent (private key).
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG parameter.
- *
- * \return          \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX or
- *                  \c MBEDTLS_MPI_XXX error code on failure.
- *
- * \see             ecp.h
- *
- * \note            If \p f_rng is not NULL, it is used to implement
- *                  countermeasures against potential elaborate timing
- *                  attacks. For more information, see mbedtls_ecp_mul().
- */
-int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
-                         const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng );
-
-/**
- * \brief           This function initializes an ECDH context.
- *
- * \param ctx       The ECDH context to initialize.
- */
-void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
-
-/**
- * \brief           This function frees a context.
- *
- * \param ctx       The context to free.
- */
-void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
-
-/**
- * \brief           This function generates a public key and a TLS
- *                  ServerKeyExchange payload.
- *
- *                  This is the first function used by a TLS server for ECDHE
- *                  ciphersuites.
- *
- * \param ctx       The ECDH context.
- * \param olen      The number of characters written.
- * \param buf       The destination buffer.
- * \param blen      The length of the destination buffer.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG parameter.
- *
- * \note            This function assumes that the ECP group (grp) of the
- *                  \p ctx context has already been properly set,
- *                  for example, using mbedtls_ecp_group_load().
- *
- * \return          \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
- *                  on failure.
- *
- * \see             ecp.h
- */
-int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
-                      unsigned char *buf, size_t blen,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng );
-
-/**
- * \brief           This function parses and processes a TLS ServerKeyExhange
- *                  payload.
- *
- *                  This is the first function used by a TLS client for ECDHE
- *                  ciphersuites.
- *
- * \param ctx       The ECDH context.
- * \param buf       The pointer to the start of the input buffer.
- * \param end       The address for one Byte past the end of the buffer.
- *
- * \return          \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
- *                  on failure.
- *
- * \see             ecp.h
- */
-int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
-                      const unsigned char **buf, const unsigned char *end );
-
-/**
- * \brief           This function sets up an ECDH context from an EC key.
- *
- *                  It is used by clients and servers in place of the
- *                  ServerKeyEchange for static ECDH, and imports ECDH
- *                  parameters from the EC key information of a certificate.
- *
- * \param ctx       The ECDH context to set up.
- * \param key       The EC key to use.
- * \param side      Defines the source of the key:
- *                  <ul><li>1: Our key.</li>
-                    <li>0: The key of the peer.</li></ul>
- *
- * \return          \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
- *                  on failure.
- *
- * \see             ecp.h
- */
-int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
-                     mbedtls_ecdh_side side );
-
-/**
- * \brief           This function generates a public key and a TLS
- *                  ClientKeyExchange payload.
- *
- *                  This is the second function used by a TLS client for ECDH(E)
- *                  ciphersuites.
- *
- * \param ctx       The ECDH context.
- * \param olen      The number of Bytes written.
- * \param buf       The destination buffer.
- * \param blen      The size of the destination buffer.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG parameter.
- *
- * \return          \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
- *                  on failure.
- *
- * \see             ecp.h
- */
-int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
-                      unsigned char *buf, size_t blen,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng );
-
-/**
- * \brief       This function parses and processes a TLS ClientKeyExchange
- *              payload.
- *
- *              This is the second function used by a TLS server for ECDH(E)
- *              ciphersuites.
- *
- * \param ctx   The ECDH context.
- * \param buf   The start of the input buffer.
- * \param blen  The length of the input buffer.
- *
- * \return      \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
- *              on failure.
- *
- * \see         ecp.h
- */
-int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
-                      const unsigned char *buf, size_t blen );
-
-/**
- * \brief           This function derives and exports the shared secret.
- *
- *                  This is the last function used by both TLS client
- *                  and servers.
- *
- * \param ctx       The ECDH context.
- * \param olen      The number of Bytes written.
- * \param buf       The destination buffer.
- * \param blen      The length of the destination buffer.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG parameter.
- *
- * \return          \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX error code
- *                  on failure.
- *
- * \see             ecp.h
- *
- * \note            If \p f_rng is not NULL, it is used to implement
- *                  countermeasures against potential elaborate timing
- *                  attacks. For more information, see mbedtls_ecp_mul().
- */
-int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
-                      unsigned char *buf, size_t blen,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ecdh.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/ecdsa.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/ecdsa.h
deleted file mode 100644
index aa23d67f..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/ecdsa.h
+++ /dev/null
@@ -1,334 +0,0 @@
-/**
- * \file ecdsa.h
- *
- * \brief The Elliptic Curve Digital Signature Algorithm (ECDSA).
- *
- * ECDSA is defined in <em>Standards for Efficient Cryptography Group (SECG):
- * SEC1 Elliptic Curve Cryptography</em>.
- * The use of ECDSA for TLS is defined in <em>RFC-4492: Elliptic Curve
- * Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
- *
- */
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_ECDSA_H
-#define MBEDTLS_ECDSA_H
-
-#include "ecp.h"
-#include "md.h"
-
-/*
- * RFC-4492 page 20:
- *
- *     Ecdsa-Sig-Value ::= SEQUENCE {
- *         r       INTEGER,
- *         s       INTEGER
- *     }
- *
- * Size is at most
- *    1 (tag) + 1 (len) + 1 (initial 0) + ECP_MAX_BYTES for each of r and s,
- *    twice that + 1 (tag) + 2 (len) for the sequence
- * (assuming ECP_MAX_BYTES is less than 126 for r and s,
- * and less than 124 (total len <= 255) for the sequence)
- */
-#if MBEDTLS_ECP_MAX_BYTES > 124
-#error "MBEDTLS_ECP_MAX_BYTES bigger than expected, please fix MBEDTLS_ECDSA_MAX_LEN"
-#endif
-/** The maximal size of an ECDSA signature in Bytes. */
-#define MBEDTLS_ECDSA_MAX_LEN  ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) )
-
-/**
- * \brief           The ECDSA context structure.
- */
-typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief           This function computes the ECDSA signature of a
- *                  previously-hashed message.
- *
- * \note            The deterministic version is usually preferred.
- *
- * \param grp       The ECP group.
- * \param r         The first output integer.
- * \param s         The second output integer.
- * \param d         The private signing key.
- * \param buf       The message hash.
- * \param blen      The length of \p buf.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG parameter.
- *
- * \note            If the bitlength of the message hash is larger than the
- *                  bitlength of the group order, then the hash is truncated
- *                  as defined in <em>Standards for Efficient Cryptography Group
- *                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- *                  4.1.3, step 5.
- *
- * \return          \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX
- *                  or \c MBEDTLS_MPI_XXX error code on failure.
- *
- * \see             ecp.h
- */
-int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
-                const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-/**
- * \brief           This function computes the ECDSA signature of a
- *                  previously-hashed message, deterministic version.
- *                  For more information, see <em>RFC-6979: Deterministic
- *                  Usage of the Digital Signature Algorithm (DSA) and Elliptic
- *                  Curve Digital Signature Algorithm (ECDSA)</em>.
- *
- * \param grp       The ECP group.
- * \param r         The first output integer.
- * \param s         The second output integer.
- * \param d         The private signing key.
- * \param buf       The message hash.
- * \param blen      The length of \p buf.
- * \param md_alg    The MD algorithm used to hash the message.
- *
- * \note            If the bitlength of the message hash is larger than the
- *                  bitlength of the group order, then the hash is truncated as
- *                  defined in <em>Standards for Efficient Cryptography Group
- *                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- *                  4.1.3, step 5.
- *
- * \return          \c 0 on success,
- *                  or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
- *                  error code on failure.
- *
- * \see             ecp.h
- */
-int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
-                    const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
-                    mbedtls_md_type_t md_alg );
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
-/**
- * \brief           This function verifies the ECDSA signature of a
- *                  previously-hashed message.
- *
- * \param grp       The ECP group.
- * \param buf       The message hash.
- * \param blen      The length of \p buf.
- * \param Q         The public key to use for verification.
- * \param r         The first integer of the signature.
- * \param s         The second integer of the signature.
- *
- * \note            If the bitlength of the message hash is larger than the
- *                  bitlength of the group order, then the hash is truncated as
- *                  defined in <em>Standards for Efficient Cryptography Group
- *                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- *                  4.1.4, step 3.
- *
- * \return          \c 0 on success,
- *                  #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
- *                  or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
- *                  error code on failure for any other reason.
- *
- * \see             ecp.h
- */
-int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
-                  const unsigned char *buf, size_t blen,
-                  const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s);
-
-/**
- * \brief           This function computes the ECDSA signature and writes it
- *                  to a buffer, serialized as defined in <em>RFC-4492:
- *                  Elliptic Curve Cryptography (ECC) Cipher Suites for
- *                  Transport Layer Security (TLS)</em>.
- *
- * \warning         It is not thread-safe to use the same context in
- *                  multiple threads.
- *
- * \note            The deterministic version is used if
- *                  #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more
- *                  information, see <em>RFC-6979: Deterministic Usage
- *                  of the Digital Signature Algorithm (DSA) and Elliptic
- *                  Curve Digital Signature Algorithm (ECDSA)</em>.
- *
- * \param ctx       The ECDSA context.
- * \param md_alg    The message digest that was used to hash the message.
- * \param hash      The message hash.
- * \param hlen      The length of the hash.
- * \param sig       The buffer that holds the signature.
- * \param slen      The length of the signature written.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG parameter.
- *
- * \note            The \p sig buffer must be at least twice as large as the
- *                  size of the curve used, plus 9. For example, 73 Bytes if
- *                  a 256-bit curve is used. A buffer length of
- *                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
- *
- * \note            If the bitlength of the message hash is larger than the
- *                  bitlength of the group order, then the hash is truncated as
- *                  defined in <em>Standards for Efficient Cryptography Group
- *                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- *                  4.1.3, step 5.
- *
- * \return          \c 0 on success,
- *                  or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
- *                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- *
- * \see             ecp.h
- */
-int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
-                           const unsigned char *hash, size_t hlen,
-                           unsigned char *sig, size_t *slen,
-                           int (*f_rng)(void *, unsigned char *, size_t),
-                           void *p_rng );
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief   This function computes an ECDSA signature and writes it to a buffer,
- *          serialized as defined in <em>RFC-4492: Elliptic Curve Cryptography
- *          (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
- *
- *          The deterministic version is defined in <em>RFC-6979:
- *          Deterministic Usage of the Digital Signature Algorithm (DSA) and
- *          Elliptic Curve Digital Signature Algorithm (ECDSA)</em>.
- *
- * \warning         It is not thread-safe to use the same context in
- *                  multiple threads.
-
- *
- * \deprecated      Superseded by mbedtls_ecdsa_write_signature() in 2.0.0
- *
- * \param ctx       The ECDSA context.
- * \param hash      The Message hash.
- * \param hlen      The length of the hash.
- * \param sig       The buffer that holds the signature.
- * \param slen      The length of the signature written.
- * \param md_alg    The MD algorithm used to hash the message.
- *
- * \note            The \p sig buffer must be at least twice as large as the
- *                  size of the curve used, plus 9. For example, 73 Bytes if a
- *                  256-bit curve is used. A buffer length of
- *                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
- *
- * \note            If the bitlength of the message hash is larger than the
- *                  bitlength of the group order, then the hash is truncated as
- *                  defined in <em>Standards for Efficient Cryptography Group
- *                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- *                  4.1.3, step 5.
- *
- * \return          \c 0 on success,
- *                  or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
- *                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- *
- * \see             ecp.h
- */
-int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
-                               const unsigned char *hash, size_t hlen,
-                               unsigned char *sig, size_t *slen,
-                               mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED;
-#undef MBEDTLS_DEPRECATED
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
-/**
- * \brief           This function reads and verifies an ECDSA signature.
- *
- * \param ctx       The ECDSA context.
- * \param hash      The message hash.
- * \param hlen      The size of the hash.
- * \param sig       The signature to read and verify.
- * \param slen      The size of \p sig.
- *
- * \note            If the bitlength of the message hash is larger than the
- *                  bitlength of the group order, then the hash is truncated as
- *                  defined in <em>Standards for Efficient Cryptography Group
- *                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- *                  4.1.4, step 3.
- *
- * \return          \c 0 on success,
- *                  #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
- *                  #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is
- *                  valid but its actual length is less than \p siglen,
- *                  or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
- *                  error code on failure for any other reason.
- *
- * \see             ecp.h
- */
-int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
-                          const unsigned char *hash, size_t hlen,
-                          const unsigned char *sig, size_t slen );
-
-/**
- * \brief          This function generates an ECDSA keypair on the given curve.
- *
- * \param ctx      The ECDSA context to store the keypair in.
- * \param gid      The elliptic curve to use. One of the various
- *                 \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
- * \param f_rng    The RNG function.
- * \param p_rng    The RNG parameter.
- *
- * \return         \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on
- *                 failure.
- *
- * \see            ecp.h
- */
-int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
-                  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief           This function sets an ECDSA context from an EC key pair.
- *
- * \param ctx       The ECDSA context to set.
- * \param key       The EC key to use.
- *
- * \return          \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on
- *                  failure.
- *
- * \see             ecp.h
- */
-int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key );
-
-/**
- * \brief           This function initializes an ECDSA context.
- *
- * \param ctx       The ECDSA context to initialize.
- */
-void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
-
-/**
- * \brief           This function frees an ECDSA context.
- *
- * \param ctx       The ECDSA context to free.
- */
-void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ecdsa.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/ecjpake.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/ecjpake.h
deleted file mode 100644
index d86e8207..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/ecjpake.h
+++ /dev/null
@@ -1,255 +0,0 @@
-/**
- * \file ecjpake.h
- *
- * \brief Elliptic curve J-PAKE
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_ECJPAKE_H
-#define MBEDTLS_ECJPAKE_H
-
-/*
- * J-PAKE is a password-authenticated key exchange that allows deriving a
- * strong shared secret from a (potentially low entropy) pre-shared
- * passphrase, with forward secrecy and mutual authentication.
- * https://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling
- *
- * This file implements the Elliptic Curve variant of J-PAKE,
- * as defined in Chapter 7.4 of the Thread v1.0 Specification,
- * available to members of the Thread Group http://threadgroup.org/
- *
- * As the J-PAKE algorithm is inherently symmetric, so is our API.
- * Each party needs to send its first round message, in any order, to the
- * other party, then each sends its second round message, in any order.
- * The payloads are serialized in a way suitable for use in TLS, but could
- * also be use outside TLS.
- */
-
-#include "ecp.h"
-#include "md.h"
-
-#if !defined(MBEDTLS_ECJPAKE_ALT)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Roles in the EC J-PAKE exchange
- */
-typedef enum {
-    MBEDTLS_ECJPAKE_CLIENT = 0,         /**< Client                         */
-    MBEDTLS_ECJPAKE_SERVER,             /**< Server                         */
-} mbedtls_ecjpake_role;
-
-/**
- * EC J-PAKE context structure.
- *
- * J-PAKE is a symmetric protocol, except for the identifiers used in
- * Zero-Knowledge Proofs, and the serialization of the second message
- * (KeyExchange) as defined by the Thread spec.
- *
- * In order to benefit from this symmetry, we choose a different naming
- * convetion from the Thread v1.0 spec. Correspondance is indicated in the
- * description as a pair C: client name, S: server name
- */
-typedef struct
-{
-    const mbedtls_md_info_t *md_info;   /**< Hash to use                    */
-    mbedtls_ecp_group grp;              /**< Elliptic curve                 */
-    mbedtls_ecjpake_role role;          /**< Are we client or server?       */
-    int point_format;                   /**< Format for point export        */
-
-    mbedtls_ecp_point Xm1;              /**< My public key 1   C: X1, S: X3 */
-    mbedtls_ecp_point Xm2;              /**< My public key 2   C: X2, S: X4 */
-    mbedtls_ecp_point Xp1;              /**< Peer public key 1 C: X3, S: X1 */
-    mbedtls_ecp_point Xp2;              /**< Peer public key 2 C: X4, S: X2 */
-    mbedtls_ecp_point Xp;               /**< Peer public key   C: Xs, S: Xc */
-
-    mbedtls_mpi xm1;                    /**< My private key 1  C: x1, S: x3 */
-    mbedtls_mpi xm2;                    /**< My private key 2  C: x2, S: x4 */
-
-    mbedtls_mpi s;                      /**< Pre-shared secret (passphrase) */
-} mbedtls_ecjpake_context;
-
-/**
- * \brief           Initialize a context
- *                  (just makes it ready for setup() or free()).
- *
- * \param ctx       context to initialize
- */
-void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
-
-/**
- * \brief           Set up a context for use
- *
- * \note            Currently the only values for hash/curve allowed by the
- *                  standard are MBEDTLS_MD_SHA256/MBEDTLS_ECP_DP_SECP256R1.
- *
- * \param ctx       context to set up
- * \param role      Our role: client or server
- * \param hash      hash function to use (MBEDTLS_MD_XXX)
- * \param curve     elliptic curve identifier (MBEDTLS_ECP_DP_XXX)
- * \param secret    pre-shared secret (passphrase)
- * \param len       length of the shared secret
- *
- * \return          0 if successfull,
- *                  a negative error code otherwise
- */
-int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
-                           mbedtls_ecjpake_role role,
-                           mbedtls_md_type_t hash,
-                           mbedtls_ecp_group_id curve,
-                           const unsigned char *secret,
-                           size_t len );
-
-/**
- * \brief           Check if a context is ready for use
- *
- * \param ctx       Context to check
- *
- * \return          0 if the context is ready for use,
- *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise
- */
-int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx );
-
-/**
- * \brief           Generate and write the first round message
- *                  (TLS: contents of the Client/ServerHello extension,
- *                  excluding extension type and length bytes)
- *
- * \param ctx       Context to use
- * \param buf       Buffer to write the contents to
- * \param len       Buffer size
- * \param olen      Will be updated with the number of bytes written
- * \param f_rng     RNG function
- * \param p_rng     RNG parameter
- *
- * \return          0 if successfull,
- *                  a negative error code otherwise
- */
-int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng );
-
-/**
- * \brief           Read and process the first round message
- *                  (TLS: contents of the Client/ServerHello extension,
- *                  excluding extension type and length bytes)
- *
- * \param ctx       Context to use
- * \param buf       Pointer to extension contents
- * \param len       Extension length
- *
- * \return          0 if successfull,
- *                  a negative error code otherwise
- */
-int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
-                                    const unsigned char *buf,
-                                    size_t len );
-
-/**
- * \brief           Generate and write the second round message
- *                  (TLS: contents of the Client/ServerKeyExchange)
- *
- * \param ctx       Context to use
- * \param buf       Buffer to write the contents to
- * \param len       Buffer size
- * \param olen      Will be updated with the number of bytes written
- * \param f_rng     RNG function
- * \param p_rng     RNG parameter
- *
- * \return          0 if successfull,
- *                  a negative error code otherwise
- */
-int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng );
-
-/**
- * \brief           Read and process the second round message
- *                  (TLS: contents of the Client/ServerKeyExchange)
- *
- * \param ctx       Context to use
- * \param buf       Pointer to the message
- * \param len       Message length
- *
- * \return          0 if successfull,
- *                  a negative error code otherwise
- */
-int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
-                                    const unsigned char *buf,
-                                    size_t len );
-
-/**
- * \brief           Derive the shared secret
- *                  (TLS: Pre-Master Secret)
- *
- * \param ctx       Context to use
- * \param buf       Buffer to write the contents to
- * \param len       Buffer size
- * \param olen      Will be updated with the number of bytes written
- * \param f_rng     RNG function
- * \param p_rng     RNG parameter
- *
- * \return          0 if successfull,
- *                  a negative error code otherwise
- */
-int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng );
-
-/**
- * \brief           Free a context's content
- *
- * \param ctx       context to free
- */
-void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_ECJPAKE_ALT */
-#include "ecjpake_alt.h"
-#endif /* MBEDTLS_ECJPAKE_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if a test failed
- */
-int mbedtls_ecjpake_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* ecjpake.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/ecp.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/ecp.h
deleted file mode 100644
index b00ba4da..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/ecp.h
+++ /dev/null
@@ -1,686 +0,0 @@
-/**
- * \file ecp.h
- *
- * \brief Elliptic curves over GF(p)
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_ECP_H
-#define MBEDTLS_ECP_H
-
-#include "bignum.h"
-
-/*
- * ECP error codes
- */
-#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA                    -0x4F80  /**< Bad input parameters to function. */
-#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL                  -0x4F00  /**< The buffer is too small to write to. */
-#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE               -0x4E80  /**< Requested curve not available. */
-#define MBEDTLS_ERR_ECP_VERIFY_FAILED                     -0x4E00  /**< The signature is not valid. */
-#define MBEDTLS_ERR_ECP_ALLOC_FAILED                      -0x4D80  /**< Memory allocation failed. */
-#define MBEDTLS_ERR_ECP_RANDOM_FAILED                     -0x4D00  /**< Generation of random value, such as (ephemeral) key, failed. */
-#define MBEDTLS_ERR_ECP_INVALID_KEY                       -0x4C80  /**< Invalid private or public key. */
-#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH                  -0x4C00  /**< Signature is valid but shorter than the user-supplied length. */
-#define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED                   -0x4B80  /**< ECP hardware accelerator failed. */
-
-#if !defined(MBEDTLS_ECP_ALT)
-/*
- * default mbed TLS elliptic curve arithmetic implementation
- *
- * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
- * alternative implementation for the whole module and it will replace this
- * one.)
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Domain parameters (curve, subgroup and generator) identifiers.
- *
- * Only curves over prime fields are supported.
- *
- * \warning This library does not support validation of arbitrary domain
- * parameters. Therefore, only well-known domain parameters from trusted
- * sources should be used. See mbedtls_ecp_group_load().
- */
-typedef enum
-{
-    MBEDTLS_ECP_DP_NONE = 0,
-    MBEDTLS_ECP_DP_SECP192R1,      /*!< 192-bits NIST curve  */
-    MBEDTLS_ECP_DP_SECP224R1,      /*!< 224-bits NIST curve  */
-    MBEDTLS_ECP_DP_SECP256R1,      /*!< 256-bits NIST curve  */
-    MBEDTLS_ECP_DP_SECP384R1,      /*!< 384-bits NIST curve  */
-    MBEDTLS_ECP_DP_SECP521R1,      /*!< 521-bits NIST curve  */
-    MBEDTLS_ECP_DP_BP256R1,        /*!< 256-bits Brainpool curve */
-    MBEDTLS_ECP_DP_BP384R1,        /*!< 384-bits Brainpool curve */
-    MBEDTLS_ECP_DP_BP512R1,        /*!< 512-bits Brainpool curve */
-    MBEDTLS_ECP_DP_CURVE25519,           /*!< Curve25519               */
-    MBEDTLS_ECP_DP_SECP192K1,      /*!< 192-bits "Koblitz" curve */
-    MBEDTLS_ECP_DP_SECP224K1,      /*!< 224-bits "Koblitz" curve */
-    MBEDTLS_ECP_DP_SECP256K1,      /*!< 256-bits "Koblitz" curve */
-} mbedtls_ecp_group_id;
-
-/**
- * Number of supported curves (plus one for NONE).
- *
- * (Montgomery curves excluded for now.)
- */
-#define MBEDTLS_ECP_DP_MAX     12
-
-/**
- * Curve information for use by other modules
- */
-typedef struct
-{
-    mbedtls_ecp_group_id grp_id;    /*!< Internal identifier        */
-    uint16_t tls_id;                /*!< TLS NamedCurve identifier  */
-    uint16_t bit_size;              /*!< Curve size in bits         */
-    const char *name;               /*!< Human-friendly name        */
-} mbedtls_ecp_curve_info;
-
-/**
- * \brief           ECP point structure (jacobian coordinates)
- *
- * \note            All functions expect and return points satisfying
- *                  the following condition: Z == 0 or Z == 1. (Other
- *                  values of Z are used by internal functions only.)
- *                  The point is zero, or "at infinity", if Z == 0.
- *                  Otherwise, X and Y are its standard (affine) coordinates.
- */
-typedef struct
-{
-    mbedtls_mpi X;          /*!<  the point's X coordinate  */
-    mbedtls_mpi Y;          /*!<  the point's Y coordinate  */
-    mbedtls_mpi Z;          /*!<  the point's Z coordinate  */
-}
-mbedtls_ecp_point;
-
-/**
- * \brief           ECP group structure
- *
- * We consider two types of curves equations:
- * 1. Short Weierstrass y^2 = x^3 + A x + B     mod P   (SEC1 + RFC 4492)
- * 2. Montgomery,       y^2 = x^3 + A x^2 + x   mod P   (Curve25519 + draft)
- * In both cases, a generator G for a prime-order subgroup is fixed. In the
- * short weierstrass, this subgroup is actually the whole curve, and its
- * cardinal is denoted by N.
- *
- * In the case of Short Weierstrass curves, our code requires that N is an odd
- * prime. (Use odd in mbedtls_ecp_mul() and prime in mbedtls_ecdsa_sign() for blinding.)
- *
- * In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is
- * the quantity actually used in the formulas. Also, nbits is not the size of N
- * but the required size for private keys.
- *
- * If modp is NULL, reduction modulo P is done using a generic algorithm.
- * Otherwise, it must point to a function that takes an mbedtls_mpi in the range
- * 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more
- * than pbits, so that the integer may be efficiently brought in the 0..P-1
- * range by a few additions or substractions. It must return 0 on success and
- * non-zero on failure.
- */
-typedef struct
-{
-    mbedtls_ecp_group_id id;    /*!<  internal group identifier                     */
-    mbedtls_mpi P;              /*!<  prime modulus of the base field               */
-    mbedtls_mpi A;              /*!<  1. A in the equation, or 2. (A + 2) / 4       */
-    mbedtls_mpi B;              /*!<  1. B in the equation, or 2. unused            */
-    mbedtls_ecp_point G;        /*!<  generator of the (sub)group used              */
-    mbedtls_mpi N;              /*!<  1. the order of G, or 2. unused               */
-    size_t pbits;       /*!<  number of bits in P                           */
-    size_t nbits;       /*!<  number of bits in 1. P, or 2. private keys    */
-    unsigned int h;     /*!<  internal: 1 if the constants are static       */
-    int (*modp)(mbedtls_mpi *); /*!<  function for fast reduction mod P             */
-    int (*t_pre)(mbedtls_ecp_point *, void *);  /*!< unused                         */
-    int (*t_post)(mbedtls_ecp_point *, void *); /*!< unused                         */
-    void *t_data;                       /*!< unused                         */
-    mbedtls_ecp_point *T;       /*!<  pre-computed points for ecp_mul_comb()        */
-    size_t T_size;      /*!<  number for pre-computed points                */
-}
-mbedtls_ecp_group;
-
-/**
- * \brief           ECP key pair structure
- *
- * A generic key pair that could be used for ECDSA, fixed ECDH, etc.
- *
- * \note Members purposefully in the same order as struc mbedtls_ecdsa_context.
- */
-typedef struct
-{
-    mbedtls_ecp_group grp;      /*!<  Elliptic curve and base point     */
-    mbedtls_mpi d;              /*!<  our secret value                  */
-    mbedtls_ecp_point Q;        /*!<  our public value                  */
-}
-mbedtls_ecp_keypair;
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_ECP_MAX_BITS)
-/**
- * Maximum size of the groups (that is, of N and P)
- */
-#define MBEDTLS_ECP_MAX_BITS     521   /**< Maximum bit size of groups */
-#endif
-
-#define MBEDTLS_ECP_MAX_BYTES    ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
-#define MBEDTLS_ECP_MAX_PT_LEN   ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
-
-#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
-/*
- * Maximum "window" size used for point multiplication.
- * Default: 6.
- * Minimum value: 2. Maximum value: 7.
- *
- * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
- * points used for point multiplication. This value is directly tied to EC
- * peak memory usage, so decreasing it by one should roughly cut memory usage
- * by two (if large curves are in use).
- *
- * Reduction in size may reduce speed, but larger curves are impacted first.
- * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
- *      w-size:     6       5       4       3       2
- *      521       145     141     135     120      97
- *      384       214     209     198     177     146
- *      256       320     320     303     262     226
-
- *      224       475     475     453     398     342
- *      192       640     640     633     587     476
- */
-#define MBEDTLS_ECP_WINDOW_SIZE    6   /**< Maximum window size used */
-#endif /* MBEDTLS_ECP_WINDOW_SIZE */
-
-#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
-/*
- * Trade memory for speed on fixed-point multiplication.
- *
- * This speeds up repeated multiplication of the generator (that is, the
- * multiplication in ECDSA signatures, and half of the multiplications in
- * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
- *
- * The cost is increasing EC peak memory usage by a factor roughly 2.
- *
- * Change this value to 0 to reduce peak memory usage.
- */
-#define MBEDTLS_ECP_FIXED_POINT_OPTIM  1   /**< Enable fixed-point speed-up */
-#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
-
-/* \} name SECTION: Module settings */
-
-/*
- * Point formats, from RFC 4492's enum ECPointFormat
- */
-#define MBEDTLS_ECP_PF_UNCOMPRESSED    0   /**< Uncompressed point format */
-#define MBEDTLS_ECP_PF_COMPRESSED      1   /**< Compressed point format */
-
-/*
- * Some other constants from RFC 4492
- */
-#define MBEDTLS_ECP_TLS_NAMED_CURVE    3   /**< ECCurveType's named_curve */
-
-/**
- * \brief           Get the list of supported curves in order of preferrence
- *                  (full information)
- *
- * \return          A statically allocated array, the last entry is 0.
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
-
-/**
- * \brief           Get the list of supported curves in order of preferrence
- *                  (grp_id only)
- *
- * \return          A statically allocated array,
- *                  terminated with MBEDTLS_ECP_DP_NONE.
- */
-const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
-
-/**
- * \brief           Get curve information from an internal group identifier
- *
- * \param grp_id    A MBEDTLS_ECP_DP_XXX value
- *
- * \return          The associated curve information or NULL
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
-
-/**
- * \brief           Get curve information from a TLS NamedCurve value
- *
- * \param tls_id    A MBEDTLS_ECP_DP_XXX value
- *
- * \return          The associated curve information or NULL
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );
-
-/**
- * \brief           Get curve information from a human-readable name
- *
- * \param name      The name
- *
- * \return          The associated curve information or NULL
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );
-
-/**
- * \brief           Initialize a point (as zero)
- */
-void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
-
-/**
- * \brief           Initialize a group (to something meaningless)
- */
-void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
-
-/**
- * \brief           Initialize a key pair (as an invalid one)
- */
-void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );
-
-/**
- * \brief           Free the components of a point
- */
-void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
-
-/**
- * \brief           Free the components of an ECP group
- */
-void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
-
-/**
- * \brief           Free the components of a key pair
- */
-void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
-
-/**
- * \brief           Copy the contents of point Q into P
- *
- * \param P         Destination point
- * \param Q         Source point
- *
- * \return          0 if successful,
- *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
-
-/**
- * \brief           Copy the contents of a group object
- *
- * \param dst       Destination group
- * \param src       Source group
- *
- * \return          0 if successful,
- *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src );
-
-/**
- * \brief           Set a point to zero
- *
- * \param pt        Destination point
- *
- * \return          0 if successful,
- *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
-
-/**
- * \brief           Tell if a point is zero
- *
- * \param pt        Point to test
- *
- * \return          1 if point is zero, 0 otherwise
- */
-int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
-
-/**
- * \brief           Compare two points
- *
- * \note            This assumes the points are normalized. Otherwise,
- *                  they may compare as "not equal" even if they are.
- *
- * \param P         First point to compare
- * \param Q         Second point to compare
- *
- * \return          0 if the points are equal,
- *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise
- */
-int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
-                           const mbedtls_ecp_point *Q );
-
-/**
- * \brief           Import a non-zero point from two ASCII strings
- *
- * \param P         Destination point
- * \param radix     Input numeric base
- * \param x         First affine coordinate as a null-terminated string
- * \param y         Second affine coordinate as a null-terminated string
- *
- * \return          0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
- */
-int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
-                           const char *x, const char *y );
-
-/**
- * \brief           Export a point into unsigned binary data
- *
- * \param grp       Group to which the point should belong
- * \param P         Point to export
- * \param format    Point format, should be a MBEDTLS_ECP_PF_XXX macro
- * \param olen      Length of the actual output
- * \param buf       Output buffer
- * \param buflen    Length of the output buffer
- *
- * \return          0 if successful,
- *                  or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
- *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
- */
-int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
-                            int format, size_t *olen,
-                            unsigned char *buf, size_t buflen );
-
-/**
- * \brief           Import a point from unsigned binary data
- *
- * \param grp       Group to which the point should belong
- * \param P         Point to import
- * \param buf       Input buffer
- * \param ilen      Actual length of input
- *
- * \return          0 if successful,
- *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid,
- *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed,
- *                  MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
- *                  is not implemented.
- *
- * \note            This function does NOT check that the point actually
- *                  belongs to the given group, see mbedtls_ecp_check_pubkey() for
- *                  that.
- */
-int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
-                           const unsigned char *buf, size_t ilen );
-
-/**
- * \brief           Import a point from a TLS ECPoint record
- *
- * \param grp       ECP group used
- * \param pt        Destination point
- * \param buf       $(Start of input buffer)
- * \param len       Buffer length
- *
- * \note            buf is updated to point right after the ECPoint on exit
- *
- * \return          0 if successful,
- *                  MBEDTLS_ERR_MPI_XXX if initialization failed
- *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
- */
-int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
-                        const unsigned char **buf, size_t len );
-
-/**
- * \brief           Export a point as a TLS ECPoint record
- *
- * \param grp       ECP group used
- * \param pt        Point to export
- * \param format    Export format
- * \param olen      length of data written
- * \param buf       Buffer to write to
- * \param blen      Buffer length
- *
- * \return          0 if successful,
- *                  or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
- *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
- */
-int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
-                         int format, size_t *olen,
-                         unsigned char *buf, size_t blen );
-
-/**
- * \brief           Set a group using well-known domain parameters
- *
- * \param grp       Destination group
- * \param id        Index in the list of well-known domain parameters
- *
- * \return          0 if successful,
- *                  MBEDTLS_ERR_MPI_XXX if initialization failed
- *                  MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups
- *
- * \note            Index should be a value of RFC 4492's enum NamedCurve,
- *                  usually in the form of a MBEDTLS_ECP_DP_XXX macro.
- */
-int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
-
-/**
- * \brief           Set a group from a TLS ECParameters record
- *
- * \param grp       Destination group
- * \param buf       &(Start of input buffer)
- * \param len       Buffer length
- *
- * \note            buf is updated to point right after ECParameters on exit
- *
- * \return          0 if successful,
- *                  MBEDTLS_ERR_MPI_XXX if initialization failed
- *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
- */
-int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len );
-
-/**
- * \brief           Write the TLS ECParameters record for a group
- *
- * \param grp       ECP group used
- * \param olen      Number of bytes actually written
- * \param buf       Buffer to write to
- * \param blen      Buffer length
- *
- * \return          0 if successful,
- *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
- */
-int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
-                         unsigned char *buf, size_t blen );
-
-/**
- * \brief           Multiplication by an integer: R = m * P
- *                  (Not thread-safe to use same group in multiple threads)
- *
- * \note            In order to prevent timing attacks, this function
- *                  executes the exact same sequence of (base field)
- *                  operations for any valid m. It avoids any if-branch or
- *                  array index depending on the value of m.
- *
- * \note            If f_rng is not NULL, it is used to randomize intermediate
- *                  results in order to prevent potential timing attacks
- *                  targeting these results. It is recommended to always
- *                  provide a non-NULL f_rng (the overhead is negligible).
- *
- * \param grp       ECP group
- * \param R         Destination point
- * \param m         Integer by which to multiply
- * \param P         Point to multiply
- * \param f_rng     RNG function (see notes)
- * \param p_rng     RNG parameter
- *
- * \return          0 if successful,
- *                  MBEDTLS_ERR_ECP_INVALID_KEY if m is not a valid privkey
- *                  or P is not a valid pubkey,
- *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief           Multiplication and addition of two points by integers:
- *                  R = m * P + n * Q
- *                  (Not thread-safe to use same group in multiple threads)
- *
- * \note            In contrast to mbedtls_ecp_mul(), this function does not guarantee
- *                  a constant execution flow and timing.
- *
- * \param grp       ECP group
- * \param R         Destination point
- * \param m         Integer by which to multiply P
- * \param P         Point to multiply by m
- * \param n         Integer by which to multiply Q
- * \param Q         Point to be multiplied by n
- *
- * \return          0 if successful,
- *                  MBEDTLS_ERR_ECP_INVALID_KEY if m or n is not a valid privkey
- *                  or P or Q is not a valid pubkey,
- *                  MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- */
-int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
-
-/**
- * \brief           Check that a point is a valid public key on this curve
- *
- * \param grp       Curve/group the point should belong to
- * \param pt        Point to check
- *
- * \return          0 if point is a valid public key,
- *                  MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
- *
- * \note            This function only checks the point is non-zero, has valid
- *                  coordinates and lies on the curve, but not that it is
- *                  indeed a multiple of G. This is additional check is more
- *                  expensive, isn't required by standards, and shouldn't be
- *                  necessary if the group used has a small cofactor. In
- *                  particular, it is useless for the NIST groups which all
- *                  have a cofactor of 1.
- *
- * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
- *                  in order to ease use with other structures such as
- *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
- */
-int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt );
-
-/**
- * \brief           Check that an mbedtls_mpi is a valid private key for this curve
- *
- * \param grp       Group used
- * \param d         Integer to check
- *
- * \return          0 if point is a valid private key,
- *                  MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
- *
- * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
- *                  in order to ease use with other structures such as
- *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
- */
-int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );
-
-/**
- * \brief           Generate a keypair with configurable base point
- *
- * \param grp       ECP group
- * \param G         Chosen base point
- * \param d         Destination MPI (secret part)
- * \param Q         Destination point (public part)
- * \param f_rng     RNG function
- * \param p_rng     RNG parameter
- *
- * \return          0 if successful,
- *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
- *
- * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
- *                  in order to ease use with other structures such as
- *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
- */
-int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
-                     const mbedtls_ecp_point *G,
-                     mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
-
-/**
- * \brief           Generate a keypair
- *
- * \param grp       ECP group
- * \param d         Destination MPI (secret part)
- * \param Q         Destination point (public part)
- * \param f_rng     RNG function
- * \param p_rng     RNG parameter
- *
- * \return          0 if successful,
- *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
- *
- * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
- *                  in order to ease use with other structures such as
- *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
- */
-int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
-
-/**
- * \brief           Generate a keypair
- *
- * \param grp_id    ECP group identifier
- * \param key       Destination keypair
- * \param f_rng     RNG function
- * \param p_rng     RNG parameter
- *
- * \return          0 if successful,
- *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
- */
-int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief           Check a public-private key pair
- *
- * \param pub       Keypair structure holding a public key
- * \param prv       Keypair structure holding a private (plus public) key
- *
- * \return          0 if successful (keys are valid and match), or
- *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or
- *                  a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX code.
- */
-int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if a test failed
- */
-int mbedtls_ecp_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_ECP_ALT */
-#include "ecp_alt.h"
-#endif /* MBEDTLS_ECP_ALT */
-
-#endif /* ecp.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/ecp_internal.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/ecp_internal.h
deleted file mode 100644
index 8a6d517e..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/ecp_internal.h
+++ /dev/null
@@ -1,293 +0,0 @@
-/**
- * \file ecp_internal.h
- *
- * \brief Function declarations for alternative implementation of elliptic curve
- * point arithmetic.
- */
-/*
- *  Copyright (C) 2016, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- * References:
- *
- * [1] BERNSTEIN, Daniel J. Curve25519: new Diffie-Hellman speed records.
- *     <http://cr.yp.to/ecdh/curve25519-20060209.pdf>
- *
- * [2] CORON, Jean-S'ebastien. Resistance against differential power analysis
- *     for elliptic curve cryptosystems. In : Cryptographic Hardware and
- *     Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302.
- *     <http://link.springer.com/chapter/10.1007/3-540-48059-5_25>
- *
- * [3] HEDABOU, Mustapha, PINEL, Pierre, et B'EN'ETEAU, Lucien. A comb method to
- *     render ECC resistant against Side Channel Attacks. IACR Cryptology
- *     ePrint Archive, 2004, vol. 2004, p. 342.
- *     <http://eprint.iacr.org/2004/342.pdf>
- *
- * [4] Certicom Research. SEC 2: Recommended Elliptic Curve Domain Parameters.
- *     <http://www.secg.org/sec2-v2.pdf>
- *
- * [5] HANKERSON, Darrel, MENEZES, Alfred J., VANSTONE, Scott. Guide to Elliptic
- *     Curve Cryptography.
- *
- * [6] Digital Signature Standard (DSS), FIPS 186-4.
- *     <http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf>
- *
- * [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer 
- *     Security (TLS), RFC 4492.
- *     <https://tools.ietf.org/search/rfc4492>
- *
- * [8] <http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html>
- *
- * [9] COHEN, Henri. A Course in Computational Algebraic Number Theory.
- *     Springer Science & Business Media, 1 Aug 2000
- */
-
-#ifndef MBEDTLS_ECP_INTERNAL_H
-#define MBEDTLS_ECP_INTERNAL_H
-
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-
-/**
- * \brief           Indicate if the Elliptic Curve Point module extension can
- *                  handle the group.
- *
- * \param grp       The pointer to the elliptic curve group that will be the
- *                  basis of the cryptographic computations.
- *
- * \return          Non-zero if successful.
- */
-unsigned char mbedtls_internal_ecp_grp_capable( const mbedtls_ecp_group *grp );
-
-/**
- * \brief           Initialise the Elliptic Curve Point module extension.
- *
- *                  If mbedtls_internal_ecp_grp_capable returns true for a
- *                  group, this function has to be able to initialise the
- *                  module for it.
- *
- *                  This module can be a driver to a crypto hardware
- *                  accelerator, for which this could be an initialise function.
- *
- * \param grp       The pointer to the group the module needs to be
- *                  initialised for.
- *
- * \return          0 if successful.
- */
-int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp );
-
-/**
- * \brief           Frees and deallocates the Elliptic Curve Point module
- *                  extension.
- *
- * \param grp       The pointer to the group the module was initialised for.
- */
-void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp );
-
-#if defined(ECP_SHORTWEIERSTRASS)
-
-#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
-/**
- * \brief           Randomize jacobian coordinates:
- *                  (X, Y, Z) -> (l^2 X, l^3 Y, l Z) for random l.
- *
- * \param grp       Pointer to the group representing the curve.
- *
- * \param pt        The point on the curve to be randomised, given with Jacobian
- *                  coordinates.
- *
- * \param f_rng     A function pointer to the random number generator.
- *
- * \param p_rng     A pointer to the random number generator state.
- *
- * \return          0 if successful.
- */
-int mbedtls_internal_ecp_randomize_jac( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *pt, int (*f_rng)(void *, unsigned char *, size_t),
-        void *p_rng );
-#endif
-
-#if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
-/**
- * \brief           Addition: R = P + Q, mixed affine-Jacobian coordinates.
- *
- *                  The coordinates of Q must be normalized (= affine),
- *                  but those of P don't need to. R is not normalized.
- *
- *                  This function is used only as a subrutine of
- *                  ecp_mul_comb().
- *
- *                  Special cases: (1) P or Q is zero, (2) R is zero,
- *                      (3) P == Q.
- *                  None of these cases can happen as intermediate step in
- *                  ecp_mul_comb():
- *                      - at each step, P, Q and R are multiples of the base
- *                      point, the factor being less than its order, so none of
- *                      them is zero;
- *                      - Q is an odd multiple of the base point, P an even
- *                      multiple, due to the choice of precomputed points in the
- *                      modified comb method.
- *                  So branches for these cases do not leak secret information.
- *
- *                  We accept Q->Z being unset (saving memory in tables) as
- *                  meaning 1.
- *
- *                  Cost in field operations if done by [5] 3.22:
- *                      1A := 8M + 3S
- *
- * \param grp       Pointer to the group representing the curve.
- *
- * \param R         Pointer to a point structure to hold the result.
- *
- * \param P         Pointer to the first summand, given with Jacobian
- *                  coordinates
- *
- * \param Q         Pointer to the second summand, given with affine
- *                  coordinates.
- *
- * \return          0 if successful.
- */
-int mbedtls_internal_ecp_add_mixed( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *R, const mbedtls_ecp_point *P,
-        const mbedtls_ecp_point *Q );
-#endif
-
-/**
- * \brief           Point doubling R = 2 P, Jacobian coordinates.
- *
- *                  Cost:   1D := 3M + 4S    (A ==  0)
- *                          4M + 4S          (A == -3)
- *                          3M + 6S + 1a     otherwise
- *                  when the implementation is based on the "dbl-1998-cmo-2"
- *                  doubling formulas in [8] and standard optimizations are
- *                  applied when curve parameter A is one of { 0, -3 }.
- *
- * \param grp       Pointer to the group representing the curve.
- *
- * \param R         Pointer to a point structure to hold the result.
- *
- * \param P         Pointer to the point that has to be doubled, given with
- *                  Jacobian coordinates.
- *
- * \return          0 if successful.
- */
-#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
-int mbedtls_internal_ecp_double_jac( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *R, const mbedtls_ecp_point *P );
-#endif
-
-/**
- * \brief           Normalize jacobian coordinates of an array of (pointers to)
- *                  points.
- *
- *                  Using Montgomery's trick to perform only one inversion mod P
- *                  the cost is:
- *                      1N(t) := 1I + (6t - 3)M + 1S
- *                  (See for example Algorithm 10.3.4. in [9])
- *
- *                  This function is used only as a subrutine of
- *                  ecp_mul_comb().
- *
- *                  Warning: fails (returning an error) if one of the points is
- *                  zero!
- *                  This should never happen, see choice of w in ecp_mul_comb().
- *
- * \param grp       Pointer to the group representing the curve.
- *
- * \param T         Array of pointers to the points to normalise.
- *
- * \param t_len     Number of elements in the array.
- *
- * \return          0 if successful,
- *                      an error if one of the points is zero.
- */
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
-int mbedtls_internal_ecp_normalize_jac_many( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *T[], size_t t_len );
-#endif
-
-/**
- * \brief           Normalize jacobian coordinates so that Z == 0 || Z == 1.
- *
- *                  Cost in field operations if done by [5] 3.2.1:
- *                      1N := 1I + 3M + 1S
- *
- * \param grp       Pointer to the group representing the curve.
- *
- * \param pt        pointer to the point to be normalised. This is an
- *                  input/output parameter.
- *
- * \return          0 if successful.
- */
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
-int mbedtls_internal_ecp_normalize_jac( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *pt );
-#endif
-
-#endif /* ECP_SHORTWEIERSTRASS */
-
-#if defined(ECP_MONTGOMERY)
-
-#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
-int mbedtls_internal_ecp_double_add_mxz( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *R, mbedtls_ecp_point *S, const mbedtls_ecp_point *P,
-        const mbedtls_ecp_point *Q, const mbedtls_mpi *d );
-#endif
-
-/**
- * \brief           Randomize projective x/z coordinates:
- *                      (X, Z) -> (l X, l Z) for random l
- *
- * \param grp       pointer to the group representing the curve
- *
- * \param P         the point on the curve to be randomised given with
- *                  projective coordinates. This is an input/output parameter.
- *
- * \param f_rng     a function pointer to the random number generator
- *
- * \param p_rng     a pointer to the random number generator state
- *
- * \return          0 if successful
- */
-#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
-int mbedtls_internal_ecp_randomize_mxz( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t),
-        void *p_rng );
-#endif
-
-/**
- * \brief           Normalize Montgomery x/z coordinates: X = X/Z, Z = 1.
- *
- * \param grp       pointer to the group representing the curve
- *
- * \param P         pointer to the point to be normalised. This is an
- *                  input/output parameter.
- *
- * \return          0 if successful
- */
-#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
-int mbedtls_internal_ecp_normalize_mxz( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *P );
-#endif
-
-#endif /* ECP_MONTGOMERY */
-
-#endif /* MBEDTLS_ECP_INTERNAL_ALT */
-
-#endif /* ecp_internal.h */
-
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/entropy.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/entropy.h
deleted file mode 100644
index fcb4d025..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/entropy.h
+++ /dev/null
@@ -1,289 +0,0 @@
-/**
- * \file entropy.h
- *
- * \brief Entropy accumulator implementation
- */
-/*
- *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_ENTROPY_H
-#define MBEDTLS_ENTROPY_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
-#include "sha512.h"
-#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
-#else
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
-#include "sha256.h"
-#endif
-#endif
-
-#if defined(MBEDTLS_THREADING_C)
-#include "threading.h"
-#endif
-
-#if defined(MBEDTLS_HAVEGE_C)
-#include "havege.h"
-#endif
-
-#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED                 -0x003C  /**< Critical entropy source failure. */
-#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES                   -0x003E  /**< No more sources can be added. */
-#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED            -0x0040  /**< No sources have been added to poll. */
-#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE              -0x003D  /**< No strong sources have been added to poll. */
-#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR                 -0x003F  /**< Read/write error in file. */
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_ENTROPY_MAX_SOURCES)
-#define MBEDTLS_ENTROPY_MAX_SOURCES     20      /**< Maximum number of sources supported */
-#endif
-
-#if !defined(MBEDTLS_ENTROPY_MAX_GATHER)
-#define MBEDTLS_ENTROPY_MAX_GATHER      128     /**< Maximum amount requested from entropy sources */
-#endif
-
-/* \} name SECTION: Module settings */
-
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-#define MBEDTLS_ENTROPY_BLOCK_SIZE      64      /**< Block size of entropy accumulator (SHA-512) */
-#else
-#define MBEDTLS_ENTROPY_BLOCK_SIZE      32      /**< Block size of entropy accumulator (SHA-256) */
-#endif
-
-#define MBEDTLS_ENTROPY_MAX_SEED_SIZE   1024    /**< Maximum size of seed we read from seed file */
-#define MBEDTLS_ENTROPY_SOURCE_MANUAL   MBEDTLS_ENTROPY_MAX_SOURCES
-
-#define MBEDTLS_ENTROPY_SOURCE_STRONG   1       /**< Entropy source is strong   */
-#define MBEDTLS_ENTROPY_SOURCE_WEAK     0       /**< Entropy source is weak     */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief           Entropy poll callback pointer
- *
- * \param data      Callback-specific data pointer
- * \param output    Data to fill
- * \param len       Maximum size to provide
- * \param olen      The actual amount of bytes put into the buffer (Can be 0)
- *
- * \return          0 if no critical failures occurred,
- *                  MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
- */
-typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len,
-                            size_t *olen);
-
-/**
- * \brief           Entropy source state
- */
-typedef struct
-{
-    mbedtls_entropy_f_source_ptr    f_source;   /**< The entropy source callback */
-    void *          p_source;   /**< The callback data pointer */
-    size_t          size;       /**< Amount received in bytes */
-    size_t          threshold;  /**< Minimum bytes required before release */
-    int             strong;     /**< Is the source strong? */
-}
-mbedtls_entropy_source_state;
-
-/**
- * \brief           Entropy context structure
- */
-typedef struct
-{
-    int accumulator_started;
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-    mbedtls_sha512_context  accumulator;
-#else
-    mbedtls_sha256_context  accumulator;
-#endif
-    int             source_count;
-    mbedtls_entropy_source_state    source[MBEDTLS_ENTROPY_MAX_SOURCES];
-#if defined(MBEDTLS_HAVEGE_C)
-    mbedtls_havege_state    havege_data;
-#endif
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_threading_mutex_t mutex;    /*!< mutex                  */
-#endif
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-    int initial_entropy_run;
-#endif
-}
-mbedtls_entropy_context;
-
-/**
- * \brief           Initialize the context
- *
- * \param ctx       Entropy context to initialize
- */
-void mbedtls_entropy_init( mbedtls_entropy_context *ctx );
-
-/**
- * \brief           Free the data in the context
- *
- * \param ctx       Entropy context to free
- */
-void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
-
-/**
- * \brief           Adds an entropy source to poll
- *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param ctx       Entropy context
- * \param f_source  Entropy function
- * \param p_source  Function data
- * \param threshold Minimum required from source before entropy is released
- *                  ( with mbedtls_entropy_func() ) (in bytes)
- * \param strong    MBEDTLS_ENTROPY_SOURCE_STRONG or
- *                  MBEDTSL_ENTROPY_SOURCE_WEAK.
- *                  At least one strong source needs to be added.
- *                  Weaker sources (such as the cycle counter) can be used as
- *                  a complement.
- *
- * \return          0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
- */
-int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
-                        mbedtls_entropy_f_source_ptr f_source, void *p_source,
-                        size_t threshold, int strong );
-
-/**
- * \brief           Trigger an extra gather poll for the accumulator
- *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param ctx       Entropy context
- *
- * \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_gather( mbedtls_entropy_context *ctx );
-
-/**
- * \brief           Retrieve entropy from the accumulator
- *                  (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE)
- *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param data      Entropy context
- * \param output    Buffer to fill
- * \param len       Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE
- *
- * \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_func( void *data, unsigned char *output, size_t len );
-
-/**
- * \brief           Add data to the accumulator manually
- *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param ctx       Entropy context
- * \param data      Data to add
- * \param len       Length of data
- *
- * \return          0 if successful
- */
-int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
-                           const unsigned char *data, size_t len );
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-/**
- * \brief           Trigger an update of the seed file in NV by using the
- *                  current entropy pool.
- *
- * \param ctx       Entropy context
- *
- * \return          0 if successful
- */
-int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx );
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief               Write a seed file
- *
- * \param ctx           Entropy context
- * \param path          Name of the file
- *
- * \return              0 if successful,
- *                      MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or
- *                      MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path );
-
-/**
- * \brief               Read and update a seed file. Seed is added to this
- *                      instance. No more than MBEDTLS_ENTROPY_MAX_SEED_SIZE bytes are
- *                      read from the seed file. The rest is ignored.
- *
- * \param ctx           Entropy context
- * \param path          Name of the file
- *
- * \return              0 if successful,
- *                      MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error,
- *                      MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief          Checkup routine
- *
- *                 This module self-test also calls the entropy self-test,
- *                 mbedtls_entropy_source_self_test();
- *
- * \return         0 if successful, or 1 if a test failed
- */
-int mbedtls_entropy_self_test( int verbose );
-
-#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-/**
- * \brief          Checkup routine
- *
- *                 Verifies the integrity of the hardware entropy source
- *                 provided by the function 'mbedtls_hardware_poll()'.
- *
- *                 Note this is the only hardware entropy source that is known
- *                 at link time, and other entropy sources configured
- *                 dynamically at runtime by the function
- *                 mbedtls_entropy_add_source() will not be tested.
- *
- * \return         0 if successful, or 1 if a test failed
- */
-int mbedtls_entropy_source_self_test( int verbose );
-#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* entropy.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/entropy_poll.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/entropy_poll.h
deleted file mode 100644
index 94dd657e..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/entropy_poll.h
+++ /dev/null
@@ -1,110 +0,0 @@
-/**
- * \file entropy_poll.h
- *
- * \brief Platform-specific and custom entropy polling functions
- */
-/*
- *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_ENTROPY_POLL_H
-#define MBEDTLS_ENTROPY_POLL_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Default thresholds for built-in sources, in bytes
- */
-#define MBEDTLS_ENTROPY_MIN_PLATFORM     32     /**< Minimum for platform source    */
-#define MBEDTLS_ENTROPY_MIN_HAVEGE       32     /**< Minimum for HAVEGE             */
-#define MBEDTLS_ENTROPY_MIN_HARDCLOCK     4     /**< Minimum for mbedtls_timing_hardclock()        */
-#if !defined(MBEDTLS_ENTROPY_MIN_HARDWARE)
-#define MBEDTLS_ENTROPY_MIN_HARDWARE     32     /**< Minimum for the hardware source */
-#endif
-
-/**
- * \brief           Entropy poll callback that provides 0 entropy.
- */
-#if defined(MBEDTLS_TEST_NULL_ENTROPY)
-    int mbedtls_null_entropy_poll( void *data,
-                                unsigned char *output, size_t len, size_t *olen );
-#endif
-
-#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
-/**
- * \brief           Platform-specific entropy poll callback
- */
-int mbedtls_platform_entropy_poll( void *data,
-                           unsigned char *output, size_t len, size_t *olen );
-#endif
-
-#if defined(MBEDTLS_HAVEGE_C)
-/**
- * \brief           HAVEGE based entropy poll callback
- *
- * Requires an HAVEGE state as its data pointer.
- */
-int mbedtls_havege_poll( void *data,
-                 unsigned char *output, size_t len, size_t *olen );
-#endif
-
-#if defined(MBEDTLS_TIMING_C)
-/**
- * \brief           mbedtls_timing_hardclock-based entropy poll callback
- */
-int mbedtls_hardclock_poll( void *data,
-                    unsigned char *output, size_t len, size_t *olen );
-#endif
-
-#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-/**
- * \brief           Entropy poll callback for a hardware source
- *
- * \warning         This is not provided by mbed TLS!
- *                  See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h.
- *
- * \note            This must accept NULL as its first argument.
- */
-int mbedtls_hardware_poll( void *data,
-                           unsigned char *output, size_t len, size_t *olen );
-#endif
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-/**
- * \brief           Entropy poll callback for a non-volatile seed file
- *
- * \note            This must accept NULL as its first argument.
- */
-int mbedtls_nv_seed_poll( void *data,
-                          unsigned char *output, size_t len, size_t *olen );
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* entropy_poll.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/error.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/error.h
deleted file mode 100644
index 8b4d3a87..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/error.h
+++ /dev/null
@@ -1,117 +0,0 @@
-/**
- * \file error.h
- *
- * \brief Error to string translation
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_ERROR_H
-#define MBEDTLS_ERROR_H
-
-#include <stddef.h>
-
-/**
- * Error code layout.
- *
- * Currently we try to keep all error codes within the negative space of 16
- * bits signed integers to support all platforms (-0x0001 - -0x7FFF). In
- * addition we'd like to give two layers of information on the error if
- * possible.
- *
- * For that purpose the error codes are segmented in the following manner:
- *
- * 16 bit error code bit-segmentation
- *
- * 1 bit  - Unused (sign bit)
- * 3 bits - High level module ID
- * 5 bits - Module-dependent error code
- * 7 bits - Low level module errors
- *
- * For historical reasons, low-level error codes are divided in even and odd,
- * even codes were assigned first, and -1 is reserved for other errors.
- *
- * Low-level module errors (0x0002-0x007E, 0x0003-0x007F)
- *
- * Module   Nr  Codes assigned
- * MPI       7  0x0002-0x0010
- * GCM       3  0x0012-0x0014   0x0013-0x0013
- * BLOWFISH  3  0x0016-0x0018   0x0017-0x0017
- * THREADING 3  0x001A-0x001E
- * AES       4  0x0020-0x0022   0x0023-0x0025
- * CAMELLIA  3  0x0024-0x0026   0x0027-0x0027
- * XTEA      2  0x0028-0x0028   0x0029-0x0029
- * BASE64    2  0x002A-0x002C
- * OID       1  0x002E-0x002E   0x000B-0x000B
- * PADLOCK   1  0x0030-0x0030
- * DES       2  0x0032-0x0032   0x0033-0x0033
- * CTR_DBRG  4  0x0034-0x003A
- * ENTROPY   3  0x003C-0x0040   0x003D-0x003F
- * NET      11  0x0042-0x0052   0x0043-0x0045
- * ASN1      7  0x0060-0x006C
- * CMAC      1  0x007A-0x007A
- * PBKDF2    1  0x007C-0x007C
- * HMAC_DRBG 4                  0x0003-0x0009
- * CCM       3                  0x000D-0x0011
- * ARC4      1                  0x0019-0x0019
- * MD2       1                  0x002B-0x002B
- * MD4       1                  0x002D-0x002D
- * MD5       1                  0x002F-0x002F
- * RIPEMD160 1                  0x0031-0x0031
- * SHA1      1                  0x0035-0x0035
- * SHA256    1                  0x0037-0x0037
- * SHA512    1                  0x0039-0x0039
- *
- * High-level module nr (3 bits - 0x0...-0x7...)
- * Name      ID  Nr of Errors
- * PEM       1   9
- * PKCS#12   1   4 (Started from top)
- * X509      2   20
- * PKCS5     2   4 (Started from top)
- * DHM       3   11
- * PK        3   15 (Started from top)
- * RSA       4   11
- * ECP       4   9 (Started from top)
- * MD        5   5
- * CIPHER    6   8
- * SSL       6   17 (Started from top)
- * SSL       7   31
- *
- * Module dependent error code (5 bits 0x.00.-0x.F8.)
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Translate a mbed TLS error code into a string representation,
- *        Result is truncated if necessary and always includes a terminating
- *        null byte.
- *
- * \param errnum    error code
- * \param buffer    buffer to place representation in
- * \param buflen    length of the buffer
- */
-void mbedtls_strerror( int errnum, char *buffer, size_t buflen );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* error.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/gcm.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/gcm.h
deleted file mode 100644
index 1e5a507a..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/gcm.h
+++ /dev/null
@@ -1,263 +0,0 @@
-/**
- * \file gcm.h
- *
- * \brief Galois/Counter Mode (GCM) for 128-bit block ciphers, as defined
- *        in <em>D. McGrew, J. Viega, The Galois/Counter Mode of Operation
- *        (GCM), Natl. Inst. Stand. Technol.</em>
- *
- * For more information on GCM, see <em>NIST SP 800-38D: Recommendation for
- * Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em>.
- *
- */
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_GCM_H
-#define MBEDTLS_GCM_H
-
-#include "cipher.h"
-
-#include <stdint.h>
-
-#define MBEDTLS_GCM_ENCRYPT     1
-#define MBEDTLS_GCM_DECRYPT     0
-
-#define MBEDTLS_ERR_GCM_AUTH_FAILED                       -0x0012  /**< Authenticated decryption failed. */
-#define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED                   -0x0013  /**< GCM hardware accelerator failed. */
-#define MBEDTLS_ERR_GCM_BAD_INPUT                         -0x0014  /**< Bad input parameters to function. */
-
-#if !defined(MBEDTLS_GCM_ALT)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          The GCM context structure.
- */
-typedef struct {
-    mbedtls_cipher_context_t cipher_ctx;  /*!< The cipher context used. */
-    uint64_t HL[16];                      /*!< Precalculated HTable low. */
-    uint64_t HH[16];                      /*!< Precalculated HTable high. */
-    uint64_t len;                         /*!< The total length of the encrypted data. */
-    uint64_t add_len;                     /*!< The total length of the additional data. */
-    unsigned char base_ectr[16];          /*!< The first ECTR for tag. */
-    unsigned char y[16];                  /*!< The Y working value. */
-    unsigned char buf[16];                /*!< The buf working value. */
-    int mode;                             /*!< The operation to perform:
-                                               #MBEDTLS_GCM_ENCRYPT or
-                                               #MBEDTLS_GCM_DECRYPT. */
-}
-mbedtls_gcm_context;
-
-/**
- * \brief           This function initializes the specified GCM context,
- *                  to make references valid, and prepares the context
- *                  for mbedtls_gcm_setkey() or mbedtls_gcm_free().
- *
- *                  The function does not bind the GCM context to a particular
- *                  cipher, nor set the key. For this purpose, use
- *                  mbedtls_gcm_setkey().
- *
- * \param ctx       The GCM context to initialize.
- */
-void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
-
-/**
- * \brief           This function associates a GCM context with a
- *                  cipher algorithm and a key.
- *
- * \param ctx       The GCM context to initialize.
- * \param cipher    The 128-bit block cipher to use.
- * \param key       The encryption key.
- * \param keybits   The key size in bits. Valid options are:
- *                  <ul><li>128 bits</li>
- *                  <li>192 bits</li>
- *                  <li>256 bits</li></ul>
- *
- * \return          \c 0 on success, or a cipher specific error code.
- */
-int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
-                        mbedtls_cipher_id_t cipher,
-                        const unsigned char *key,
-                        unsigned int keybits );
-
-/**
- * \brief           This function performs GCM encryption or decryption of a buffer.
- *
- * \note For encryption, the output buffer can be the same as the input buffer.
- *       For decryption, the output buffer cannot be the same as input buffer.
- *       If the buffers overlap, the output buffer must trail at least 8 Bytes
- *       behind the input buffer.
- *
- * \param ctx       The GCM context to use for encryption or decryption.
- * \param mode      The operation to perform: #MBEDTLS_GCM_ENCRYPT or
- *                  #MBEDTLS_GCM_DECRYPT.
- * \param length    The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish().
- * \param iv        The initialization vector.
- * \param iv_len    The length of the IV.
- * \param add       The buffer holding the additional data.
- * \param add_len   The length of the additional data.
- * \param input     The buffer holding the input data.
- * \param output    The buffer for holding the output data.
- * \param tag_len   The length of the tag to generate.
- * \param tag       The buffer for holding the tag.
- *
- * \return         \c 0 on success.
- */
-int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
-                       int mode,
-                       size_t length,
-                       const unsigned char *iv,
-                       size_t iv_len,
-                       const unsigned char *add,
-                       size_t add_len,
-                       const unsigned char *input,
-                       unsigned char *output,
-                       size_t tag_len,
-                       unsigned char *tag );
-
-/**
- * \brief           This function performs a GCM authenticated decryption of a
- *                  buffer.
- *
- * \note For decryption, the output buffer cannot be the same as input buffer.
- *       If the buffers overlap, the output buffer must trail at least 8 Bytes
- *       behind the input buffer.
- *
- * \param ctx       The GCM context.
- * \param length    The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish().
- * \param iv        The initialization vector.
- * \param iv_len    The length of the IV.
- * \param add       The buffer holding the additional data.
- * \param add_len   The length of the additional data.
- * \param tag       The buffer holding the tag.
- * \param tag_len   The length of the tag.
- * \param input     The buffer holding the input data.
- * \param output    The buffer for holding the output data.
- *
- * \return         0 if successful and authenticated, or
- *                 #MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match.
- */
-int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
-                      size_t length,
-                      const unsigned char *iv,
-                      size_t iv_len,
-                      const unsigned char *add,
-                      size_t add_len,
-                      const unsigned char *tag,
-                      size_t tag_len,
-                      const unsigned char *input,
-                      unsigned char *output );
-
-/**
- * \brief           This function starts a GCM encryption or decryption
- *                  operation.
- *
- * \param ctx       The GCM context.
- * \param mode      The operation to perform: #MBEDTLS_GCM_ENCRYPT or
- *                  #MBEDTLS_GCM_DECRYPT.
- * \param iv        The initialization vector.
- * \param iv_len    The length of the IV.
- * \param add       The buffer holding the additional data, or NULL if \p add_len is 0.
- * \param add_len   The length of the additional data. If 0, \p  add is NULL.
- *
- * \return         \c 0 on success.
- */
-int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
-                int mode,
-                const unsigned char *iv,
-                size_t iv_len,
-                const unsigned char *add,
-                size_t add_len );
-
-/**
- * \brief           This function feeds an input buffer into an ongoing GCM
- *                  encryption or decryption operation.
- *
- *    `             The function expects input to be a multiple of 16
- *                  Bytes. Only the last call before calling
- *                  mbedtls_gcm_finish() can be less than 16 Bytes.
- *
- * \note For decryption, the output buffer cannot be the same as input buffer.
- *       If the buffers overlap, the output buffer must trail at least 8 Bytes
- *       behind the input buffer.
- *
- * \param ctx       The GCM context.
- * \param length    The length of the input data. This must be a multiple of 16 except in the last call before mbedtls_gcm_finish().
- * \param input     The buffer holding the input data.
- * \param output    The buffer for holding the output data.
- *
- * \return         \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
- */
-int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
-                size_t length,
-                const unsigned char *input,
-                unsigned char *output );
-
-/**
- * \brief           This function finishes the GCM operation and generates
- *                  the authentication tag.
- *
- *                  It wraps up the GCM stream, and generates the
- *                  tag. The tag can have a maximum length of 16 Bytes.
- *
- * \param ctx       The GCM context.
- * \param tag       The buffer for holding the tag.
- * \param tag_len   The length of the tag to generate. Must be at least four.
- *
- * \return          \c 0 on success, or #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
- */
-int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
-                unsigned char *tag,
-                size_t tag_len );
-
-/**
- * \brief           This function clears a GCM context and the underlying
- *                  cipher sub-context.
- *
- * \param ctx       The GCM context to clear.
- */
-void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* !MBEDTLS_GCM_ALT */
-#include "gcm_alt.h"
-#endif /* !MBEDTLS_GCM_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          The GCM checkup routine.
- *
- * \return         \c 0 on success, or \c 1 on failure.
- */
-int mbedtls_gcm_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-
-#endif /* gcm.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/havege.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/havege.h
deleted file mode 100644
index d4cb3ed3..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/havege.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/**
- * \file havege.h
- *
- * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_HAVEGE_H
-#define MBEDTLS_HAVEGE_H
-
-#include <stddef.h>
-
-#define MBEDTLS_HAVEGE_COLLECT_SIZE 1024
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          HAVEGE state structure
- */
-typedef struct
-{
-    int PT1, PT2, offset[2];
-    int pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
-    int WALK[8192];
-}
-mbedtls_havege_state;
-
-/**
- * \brief          HAVEGE initialization
- *
- * \param hs       HAVEGE state to be initialized
- */
-void mbedtls_havege_init( mbedtls_havege_state *hs );
-
-/**
- * \brief          Clear HAVEGE state
- *
- * \param hs       HAVEGE state to be cleared
- */
-void mbedtls_havege_free( mbedtls_havege_state *hs );
-
-/**
- * \brief          HAVEGE rand function
- *
- * \param p_rng    A HAVEGE state
- * \param output   Buffer to fill
- * \param len      Length of buffer
- *
- * \return         0
- */
-int mbedtls_havege_random( void *p_rng, unsigned char *output, size_t len );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* havege.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h
deleted file mode 100644
index e0821cf7..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/hmac_drbg.h
+++ /dev/null
@@ -1,300 +0,0 @@
-/**
- * \file hmac_drbg.h
- *
- * \brief HMAC_DRBG (NIST SP 800-90A)
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_HMAC_DRBG_H
-#define MBEDTLS_HMAC_DRBG_H
-
-#include "md.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/*
- * Error codes
- */
-#define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG              -0x0003  /**< Too many random requested in single call. */
-#define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG                -0x0005  /**< Input too large (Entropy + additional). */
-#define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR                -0x0007  /**< Read/write error in file. */
-#define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED        -0x0009  /**< The entropy source failed. */
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
-#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000   /**< Interval before reseed is performed by default */
-#endif
-
-#if !defined(MBEDTLS_HMAC_DRBG_MAX_INPUT)
-#define MBEDTLS_HMAC_DRBG_MAX_INPUT         256     /**< Maximum number of additional input bytes */
-#endif
-
-#if !defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST)
-#define MBEDTLS_HMAC_DRBG_MAX_REQUEST       1024    /**< Maximum number of requested bytes per call */
-#endif
-
-#if !defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT)
-#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT    384     /**< Maximum size of (re)seed buffer */
-#endif
-
-/* \} name SECTION: Module settings */
-
-#define MBEDTLS_HMAC_DRBG_PR_OFF   0   /**< No prediction resistance       */
-#define MBEDTLS_HMAC_DRBG_PR_ON    1   /**< Prediction resistance enabled  */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * HMAC_DRBG context.
- */
-typedef struct
-{
-    /* Working state: the key K is not stored explicitely,
-     * but is implied by the HMAC context */
-    mbedtls_md_context_t md_ctx;                    /*!< HMAC context (inc. K)  */
-    unsigned char V[MBEDTLS_MD_MAX_SIZE];  /*!< V in the spec          */
-    int reseed_counter;                     /*!< reseed counter         */
-
-    /* Administrative state */
-    size_t entropy_len;         /*!< entropy bytes grabbed on each (re)seed */
-    int prediction_resistance;  /*!< enable prediction resistance (Automatic
-                                     reseed before every random generation) */
-    int reseed_interval;        /*!< reseed interval   */
-
-    /* Callbacks */
-    int (*f_entropy)(void *, unsigned char *, size_t); /*!< entropy function */
-    void *p_entropy;            /*!< context for the entropy function        */
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_threading_mutex_t mutex;
-#endif
-} mbedtls_hmac_drbg_context;
-
-/**
- * \brief               HMAC_DRBG context initialization
- *                      Makes the context ready for mbedtls_hmac_drbg_seed(),
- *                      mbedtls_hmac_drbg_seed_buf() or
- *                      mbedtls_hmac_drbg_free().
- *
- * \param ctx           HMAC_DRBG context to be initialized
- */
-void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
-
-/**
- * \brief               HMAC_DRBG initial seeding
- *                      Seed and setup entropy source for future reseeds.
- *
- * \param ctx           HMAC_DRBG context to be seeded
- * \param md_info       MD algorithm to use for HMAC_DRBG
- * \param f_entropy     Entropy callback (p_entropy, buffer to fill, buffer
- *                      length)
- * \param p_entropy     Entropy context
- * \param custom        Personalization data (Device specific identifiers)
- *                      (Can be NULL)
- * \param len           Length of personalization data
- *
- * \note                The "security strength" as defined by NIST is set to:
- *                      128 bits if md_alg is SHA-1,
- *                      192 bits if md_alg is SHA-224,
- *                      256 bits if md_alg is SHA-256 or higher.
- *                      Note that SHA-256 is just as efficient as SHA-224.
- *
- * \return              0 if successful, or
- *                      MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
- *                      MBEDTLS_ERR_MD_ALLOC_FAILED, or
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED.
- */
-int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
-                    const mbedtls_md_info_t * md_info,
-                    int (*f_entropy)(void *, unsigned char *, size_t),
-                    void *p_entropy,
-                    const unsigned char *custom,
-                    size_t len );
-
-/**
- * \brief               Initilisation of simpified HMAC_DRBG (never reseeds).
- *                      (For use with deterministic ECDSA.)
- *
- * \param ctx           HMAC_DRBG context to be initialised
- * \param md_info       MD algorithm to use for HMAC_DRBG
- * \param data          Concatenation of entropy string and additional data
- * \param data_len      Length of data in bytes
- *
- * \return              0 if successful, or
- *                      MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
- *                      MBEDTLS_ERR_MD_ALLOC_FAILED.
- */
-int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
-                        const mbedtls_md_info_t * md_info,
-                        const unsigned char *data, size_t data_len );
-
-/**
- * \brief               Enable / disable prediction resistance (Default: Off)
- *
- * Note: If enabled, entropy is used for ctx->entropy_len before each call!
- *       Only use this if you have ample supply of good entropy!
- *
- * \param ctx           HMAC_DRBG context
- * \param resistance    MBEDTLS_HMAC_DRBG_PR_ON or MBEDTLS_HMAC_DRBG_PR_OFF
- */
-void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
-                                          int resistance );
-
-/**
- * \brief               Set the amount of entropy grabbed on each reseed
- *                      (Default: given by the security strength, which
- *                      depends on the hash used, see \c mbedtls_hmac_drbg_init() )
- *
- * \param ctx           HMAC_DRBG context
- * \param len           Amount of entropy to grab, in bytes
- */
-void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
-                                size_t len );
-
-/**
- * \brief               Set the reseed interval
- *                      (Default: MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
- *
- * \param ctx           HMAC_DRBG context
- * \param interval      Reseed interval
- */
-void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
-                                    int interval );
-
-/**
- * \brief               HMAC_DRBG update state
- *
- * \param ctx           HMAC_DRBG context
- * \param additional    Additional data to update state with, or NULL
- * \param add_len       Length of additional data, or 0
- *
- * \note                Additional data is optional, pass NULL and 0 as second
- *                      third argument if no additional data is being used.
- */
-void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
-                       const unsigned char *additional, size_t add_len );
-
-/**
- * \brief               HMAC_DRBG reseeding (extracts data from entropy source)
- *
- * \param ctx           HMAC_DRBG context
- * \param additional    Additional data to add to state (Can be NULL)
- * \param len           Length of additional data
- *
- * \return              0 if successful, or
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
-                      const unsigned char *additional, size_t len );
-
-/**
- * \brief               HMAC_DRBG generate random with additional update input
- *
- * Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
- *
- * \param p_rng         HMAC_DRBG context
- * \param output        Buffer to fill
- * \param output_len    Length of the buffer
- * \param additional    Additional data to update with (can be NULL)
- * \param add_len       Length of additional data (can be 0)
- *
- * \return              0 if successful, or
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
- *                      MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG, or
- *                      MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG.
- */
-int mbedtls_hmac_drbg_random_with_add( void *p_rng,
-                               unsigned char *output, size_t output_len,
-                               const unsigned char *additional,
-                               size_t add_len );
-
-/**
- * \brief               HMAC_DRBG generate random
- *
- * Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
- *
- * \param p_rng         HMAC_DRBG context
- * \param output        Buffer to fill
- * \param out_len       Length of the buffer
- *
- * \return              0 if successful, or
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
- *                      MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
- */
-int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
-
-/**
- * \brief               Free an HMAC_DRBG context
- *
- * \param ctx           HMAC_DRBG context to free.
- */
-void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief               Write a seed file
- *
- * \param ctx           HMAC_DRBG context
- * \param path          Name of the file
- *
- * \return              0 if successful, 1 on file error, or
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
-
-/**
- * \brief               Read and update a seed file. Seed is added to this
- *                      instance
- *
- * \param ctx           HMAC_DRBG context
- * \param path          Name of the file
- *
- * \return              0 if successful, 1 on file error,
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED or
- *                      MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
- */
-int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief               Checkup routine
- *
- * \return              0 if successful, or 1 if the test failed
- */
-int mbedtls_hmac_drbg_self_test( int verbose );
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* hmac_drbg.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/md.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/md.h
deleted file mode 100644
index 06538c38..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/md.h
+++ /dev/null
@@ -1,453 +0,0 @@
- /**
- * \file md.h
- *
- * \brief The generic message-digest wrapper.
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- */
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_MD_H
-#define MBEDTLS_MD_H
-
-#include <stddef.h>
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE                -0x5080  /**< The selected feature is not available. */
-#define MBEDTLS_ERR_MD_BAD_INPUT_DATA                     -0x5100  /**< Bad input parameters to function. */
-#define MBEDTLS_ERR_MD_ALLOC_FAILED                       -0x5180  /**< Failed to allocate memory. */
-#define MBEDTLS_ERR_MD_FILE_IO_ERROR                      -0x5200  /**< Opening or reading of file failed. */
-#define MBEDTLS_ERR_MD_HW_ACCEL_FAILED                    -0x5280  /**< MD hardware accelerator failed. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief     Enumeration of supported message digests
- *
- * \warning   MD2, MD4, MD5 and SHA-1 are considered weak message digests and
- *            their use constitutes a security risk. We recommend considering
- *            stronger message digests instead.
- *
- */
-typedef enum {
-    MBEDTLS_MD_NONE=0,
-    MBEDTLS_MD_MD2,
-    MBEDTLS_MD_MD4,
-    MBEDTLS_MD_MD5,
-    MBEDTLS_MD_SHA1,
-    MBEDTLS_MD_SHA224,
-    MBEDTLS_MD_SHA256,
-    MBEDTLS_MD_SHA384,
-    MBEDTLS_MD_SHA512,
-    MBEDTLS_MD_RIPEMD160,
-} mbedtls_md_type_t;
-
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_MD_MAX_SIZE         64  /* longest known is SHA512 */
-#else
-#define MBEDTLS_MD_MAX_SIZE         32  /* longest known is SHA256 or less */
-#endif
-
-/**
- * Opaque struct defined in md_internal.h.
- */
-typedef struct mbedtls_md_info_t mbedtls_md_info_t;
-
-/**
- * The generic message-digest context.
- */
-typedef struct {
-    /** Information about the associated message digest. */
-    const mbedtls_md_info_t *md_info;
-
-    /** The digest-specific context. */
-    void *md_ctx;
-
-    /** The HMAC part of the context. */
-    void *hmac_ctx;
-} mbedtls_md_context_t;
-
-/**
- * \brief           This function returns the list of digests supported by the
- *                  generic digest module.
- *
- * \return          A statically allocated array of digests. Each element
- *                  in the returned list is an integer belonging to the
- *                  message-digest enumeration #mbedtls_md_type_t.
- *                  The last entry is 0.
- */
-const int *mbedtls_md_list( void );
-
-/**
- * \brief           This function returns the message-digest information
- *                  associated with the given digest name.
- *
- * \param md_name   The name of the digest to search for.
- *
- * \return          The message-digest information associated with \p md_name,
- *                  or NULL if not found.
- */
-const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
-
-/**
- * \brief           This function returns the message-digest information
- *                  associated with the given digest type.
- *
- * \param md_type   The type of digest to search for.
- *
- * \return          The message-digest information associated with \p md_type,
- *                  or NULL if not found.
- */
-const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
-
-/**
- * \brief           This function initializes a message-digest context without
- *                  binding it to a particular message-digest algorithm.
- *
- *                  This function should always be called first. It prepares the
- *                  context for mbedtls_md_setup() for binding it to a
- *                  message-digest algorithm.
- */
-void mbedtls_md_init( mbedtls_md_context_t *ctx );
-
-/**
- * \brief           This function clears the internal structure of \p ctx and
- *                  frees any embedded internal structure, but does not free
- *                  \p ctx itself.
- *
- *                  If you have called mbedtls_md_setup() on \p ctx, you must
- *                  call mbedtls_md_free() when you are no longer using the
- *                  context.
- *                  Calling this function if you have previously
- *                  called mbedtls_md_init() and nothing else is optional.
- *                  You must not call this function if you have not called
- *                  mbedtls_md_init().
- */
-void mbedtls_md_free( mbedtls_md_context_t *ctx );
-
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief           This function selects the message digest algorithm to use,
- *                  and allocates internal structures.
- *
- *                  It should be called after mbedtls_md_init() or mbedtls_md_free().
- *                  Makes it necessary to call mbedtls_md_free() later.
- *
- * \deprecated      Superseded by mbedtls_md_setup() in 2.0.0
- *
- * \param ctx       The context to set up.
- * \param md_info   The information structure of the message-digest algorithm
- *                  to use.
- *
- * \returns         \c 0 on success,
- *                  #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
- *                  #MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
- */
-int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
-#undef MBEDTLS_DEPRECATED
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief           This function selects the message digest algorithm to use,
- *                  and allocates internal structures.
- *
- *                  It should be called after mbedtls_md_init() or
- *                  mbedtls_md_free(). Makes it necessary to call
- *                  mbedtls_md_free() later.
- *
- * \param ctx       The context to set up.
- * \param md_info   The information structure of the message-digest algorithm
- *                  to use.
- * \param hmac      <ul><li>0: HMAC is not used. Saves some memory.</li>
- *                  <li>non-zero: HMAC is used with this context.</li></ul>
- *
- * \returns         \c 0 on success,
- *                  #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure, or
- *                  #MBEDTLS_ERR_MD_ALLOC_FAILED on memory allocation failure.
- */
-int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
-
-/**
- * \brief           This function clones the state of an message-digest
- *                  context.
- *
- * \note            You must call mbedtls_md_setup() on \c dst before calling
- *                  this function.
- *
- * \note            The two contexts must have the same type,
- *                  for example, both are SHA-256.
- *
- * \warning         This function clones the message-digest state, not the
- *                  HMAC state.
- *
- * \param dst       The destination context.
- * \param src       The context to be cloned.
- *
- * \return          \c 0 on success,
- *                  #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure.
- */
-int mbedtls_md_clone( mbedtls_md_context_t *dst,
-                      const mbedtls_md_context_t *src );
-
-/**
- * \brief           This function extracts the message-digest size from the
- *                  message-digest information structure.
- *
- * \param md_info   The information structure of the message-digest algorithm
- *                  to use.
- *
- * \return          The size of the message-digest output in Bytes.
- */
-unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
-
-/**
- * \brief           This function extracts the message-digest type from the
- *                  message-digest information structure.
- *
- * \param md_info   The information structure of the message-digest algorithm
- *                  to use.
- *
- * \return          The type of the message digest.
- */
-mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
-
-/**
- * \brief           This function extracts the message-digest name from the
- *                  message-digest information structure.
- *
- * \param md_info   The information structure of the message-digest algorithm
- *                  to use.
- *
- * \return          The name of the message digest.
- */
-const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
-
-/**
- * \brief           This function starts a message-digest computation.
- *
- *                  You must call this function after setting up the context
- *                  with mbedtls_md_setup(), and before passing data with
- *                  mbedtls_md_update().
- *
- * \param ctx       The generic message-digest context.
- *
- * \returns         \c 0 on success, #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- *                  parameter verification fails.
- */
-int mbedtls_md_starts( mbedtls_md_context_t *ctx );
-
-/**
- * \brief           This function feeds an input buffer into an ongoing
- *                  message-digest computation.
- *
- *                  You must call mbedtls_md_starts() before calling this
- *                  function. You may call this function multiple times.
- *                  Afterwards, call mbedtls_md_finish().
- *
- * \param ctx       The generic message-digest context.
- * \param input     The buffer holding the input data.
- * \param ilen      The length of the input data.
- *
- * \returns         \c 0 on success, #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- *                  parameter verification fails.
- */
-int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
-
-/**
- * \brief           This function finishes the digest operation,
- *                  and writes the result to the output buffer.
- *
- *                  Call this function after a call to mbedtls_md_starts(),
- *                  followed by any number of calls to mbedtls_md_update().
- *                  Afterwards, you may either clear the context with
- *                  mbedtls_md_free(), or call mbedtls_md_starts() to reuse
- *                  the context for another digest operation with the same
- *                  algorithm.
- *
- * \param ctx       The generic message-digest context.
- * \param output    The buffer for the generic message-digest checksum result.
- *
- * \returns         \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- *                  parameter verification fails.
- */
-int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
-
-/**
- * \brief          This function calculates the message-digest of a buffer,
- *                 with respect to a configurable message-digest algorithm
- *                 in a single call.
- *
- *                 The result is calculated as
- *                 Output = message_digest(input buffer).
- *
- * \param md_info  The information structure of the message-digest algorithm
- *                 to use.
- * \param input    The buffer holding the data.
- * \param ilen     The length of the input data.
- * \param output   The generic message-digest checksum result.
- *
- * \returns        \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- *                 parameter verification fails.
- */
-int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
-        unsigned char *output );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief          This function calculates the message-digest checksum
- *                 result of the contents of the provided file.
- *
- *                 The result is calculated as
- *                 Output = message_digest(file contents).
- *
- * \param md_info  The information structure of the message-digest algorithm
- *                 to use.
- * \param path     The input file name.
- * \param output   The generic message-digest checksum result.
- *
- * \return         \c 0 on success,
- *                 #MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed, or
- *                 #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
- */
-int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
-                     unsigned char *output );
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief           This function sets the HMAC key and prepares to
- *                  authenticate a new message.
- *
- *                  Call this function after mbedtls_md_setup(), to use
- *                  the MD context for an HMAC calculation, then call
- *                  mbedtls_md_hmac_update() to provide the input data, and
- *                  mbedtls_md_hmac_finish() to get the HMAC value.
- *
- * \param ctx       The message digest context containing an embedded HMAC
- *                  context.
- * \param key       The HMAC secret key.
- * \param keylen    The length of the HMAC key in Bytes.
- *
- * \returns         \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- *                  parameter verification fails.
- */
-int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
-                    size_t keylen );
-
-/**
- * \brief           This function feeds an input buffer into an ongoing HMAC
- *                  computation.
- *
- *                  Call mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
- *                  before calling this function.
- *                  You may call this function multiple times to pass the
- *                  input piecewise.
- *                  Afterwards, call mbedtls_md_hmac_finish().
- *
- * \param ctx       The message digest context containing an embedded HMAC
- *                  context.
- * \param input     The buffer holding the input data.
- * \param ilen      The length of the input data.
- *
- * \returns         \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- *                  parameter verification fails.
- */
-int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
-                    size_t ilen );
-
-/**
- * \brief           This function finishes the HMAC operation, and writes
- *                  the result to the output buffer.
- *
- *                  Call this function after mbedtls_md_hmac_starts() and
- *                  mbedtls_md_hmac_update() to get the HMAC value. Afterwards
- *                  you may either call mbedtls_md_free() to clear the context,
- *                  or call mbedtls_md_hmac_reset() to reuse the context with
- *                  the same HMAC key.
- *
- * \param ctx       The message digest context containing an embedded HMAC
- *                  context.
- * \param output    The generic HMAC checksum result.
- *
- * \returns         \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- *                  parameter verification fails.
- */
-int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
-
-/**
- * \brief           This function prepares to authenticate a new message with
- *                  the same key as the previous HMAC operation.
- *
- *                  You may call this function after mbedtls_md_hmac_finish().
- *                  Afterwards call mbedtls_md_hmac_update() to pass the new
- *                  input.
- *
- * \param ctx       The message digest context containing an embedded HMAC
- *                  context.
- *
- * \returns         \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- *                  parameter verification fails.
- */
-int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
-
-/**
- * \brief          This function calculates the full generic HMAC
- *                 on the input buffer with the provided key.
- *
- *                 The function allocates the context, performs the
- *                 calculation, and frees the context.
- *
- *                 The HMAC result is calculated as
- *                 output = generic HMAC(hmac key, input buffer).
- *
- * \param md_info  The information structure of the message-digest algorithm
- *                 to use.
- * \param key      The HMAC secret key.
- * \param keylen   The length of the HMAC secret key in Bytes.
- * \param input    The buffer holding the input data.
- * \param ilen     The length of the input data.
- * \param output   The generic HMAC result.
- *
- * \returns        \c 0 on success, or #MBEDTLS_ERR_MD_BAD_INPUT_DATA if
- *                 parameter verification fails.
- */
-int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
-                const unsigned char *input, size_t ilen,
-                unsigned char *output );
-
-/* Internal use */
-int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_MD_H */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/md2.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/md2.h
deleted file mode 100644
index 0fd8b5af..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/md2.h
+++ /dev/null
@@ -1,309 +0,0 @@
-/**
- * \file md2.h
- *
- * \brief MD2 message digest algorithm (hash function)
- *
- * \warning MD2 is considered a weak message digest and its use constitutes a
- *          security risk. We recommend considering stronger message digests
- *          instead.
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- *
- */
-#ifndef MBEDTLS_MD2_H
-#define MBEDTLS_MD2_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-#define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED                   -0x002B  /**< MD2 hardware accelerator failed */
-
-#if !defined(MBEDTLS_MD2_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          MD2 context structure
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-typedef struct
-{
-    unsigned char cksum[16];    /*!< checksum of the data block */
-    unsigned char state[48];    /*!< intermediate digest state  */
-    unsigned char buffer[16];   /*!< data block being processed */
-    size_t left;                /*!< amount of data in buffer   */
-}
-mbedtls_md2_context;
-
-/**
- * \brief          Initialize MD2 context
- *
- * \param ctx      MD2 context to be initialized
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md2_init( mbedtls_md2_context *ctx );
-
-/**
- * \brief          Clear MD2 context
- *
- * \param ctx      MD2 context to be cleared
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md2_free( mbedtls_md2_context *ctx );
-
-/**
- * \brief          Clone (the state of) an MD2 context
- *
- * \param dst      The destination context
- * \param src      The context to be cloned
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md2_clone( mbedtls_md2_context *dst,
-                        const mbedtls_md2_context *src );
-
-/**
- * \brief          MD2 context setup
- *
- * \param ctx      context to be initialized
- *
- * \return         0 if successful
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx );
-
-/**
- * \brief          MD2 process buffer
- *
- * \param ctx      MD2 context
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- *
- * \return         0 if successful
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
-                            const unsigned char *input,
-                            size_t ilen );
-
-/**
- * \brief          MD2 final digest
- *
- * \param ctx      MD2 context
- * \param output   MD2 checksum result
- *
- * \return         0 if successful
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
-                            unsigned char output[16] );
-
-/**
- * \brief          MD2 process data block (internal use only)
- *
- * \param ctx      MD2 context
- *
- * \return         0 if successful
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_internal_md2_process( mbedtls_md2_context *ctx );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          MD2 context setup
- *
- * \deprecated     Superseded by mbedtls_md2_starts_ret() in 2.7.0
- *
- * \param ctx      context to be initialized
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md2_starts( mbedtls_md2_context *ctx );
-
-/**
- * \brief          MD2 process buffer
- *
- * \deprecated     Superseded by mbedtls_md2_update_ret() in 2.7.0
- *
- * \param ctx      MD2 context
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md2_update( mbedtls_md2_context *ctx,
-                                            const unsigned char *input,
-                                            size_t ilen );
-
-/**
- * \brief          MD2 final digest
- *
- * \deprecated     Superseded by mbedtls_md2_finish_ret() in 2.7.0
- *
- * \param ctx      MD2 context
- * \param output   MD2 checksum result
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md2_finish( mbedtls_md2_context *ctx,
-                                            unsigned char output[16] );
-
-/**
- * \brief          MD2 process data block (internal use only)
- *
- * \deprecated     Superseded by mbedtls_internal_md2_process() in 2.7.0
- *
- * \param ctx      MD2 context
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_MD2_ALT */
-#include "md2_alt.h"
-#endif /* MBEDTLS_MD2_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Output = MD2( input buffer )
- *
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- * \param output   MD2 checksum result
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md2_ret( const unsigned char *input,
-                     size_t ilen,
-                     unsigned char output[16] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          Output = MD2( input buffer )
- *
- * \deprecated     Superseded by mbedtls_md2_ret() in 2.7.0
- *
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- * \param output   MD2 checksum result
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input,
-                                     size_t ilen,
-                                     unsigned char output[16] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md2_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_md2.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/md4.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/md4.h
deleted file mode 100644
index 23fa95e4..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/md4.h
+++ /dev/null
@@ -1,314 +0,0 @@
-/**
- * \file md4.h
- *
- * \brief MD4 message digest algorithm (hash function)
- *
- * \warning MD4 is considered a weak message digest and its use constitutes a
- *          security risk. We recommend considering stronger message digests
- *          instead.
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- *
- */
-#ifndef MBEDTLS_MD4_H
-#define MBEDTLS_MD4_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED                   -0x002D  /**< MD4 hardware accelerator failed */
-
-#if !defined(MBEDTLS_MD4_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          MD4 context structure
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-typedef struct
-{
-    uint32_t total[2];          /*!< number of bytes processed  */
-    uint32_t state[4];          /*!< intermediate digest state  */
-    unsigned char buffer[64];   /*!< data block being processed */
-}
-mbedtls_md4_context;
-
-/**
- * \brief          Initialize MD4 context
- *
- * \param ctx      MD4 context to be initialized
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md4_init( mbedtls_md4_context *ctx );
-
-/**
- * \brief          Clear MD4 context
- *
- * \param ctx      MD4 context to be cleared
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md4_free( mbedtls_md4_context *ctx );
-
-/**
- * \brief          Clone (the state of) an MD4 context
- *
- * \param dst      The destination context
- * \param src      The context to be cloned
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md4_clone( mbedtls_md4_context *dst,
-                        const mbedtls_md4_context *src );
-
-/**
- * \brief          MD4 context setup
- *
- * \param ctx      context to be initialized
- *
- * \return         0 if successful
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- */
-int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx );
-
-/**
- * \brief          MD4 process buffer
- *
- * \param ctx      MD4 context
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- *
- * \return         0 if successful
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
-                            const unsigned char *input,
-                            size_t ilen );
-
-/**
- * \brief          MD4 final digest
- *
- * \param ctx      MD4 context
- * \param output   MD4 checksum result
- *
- * \return         0 if successful
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
-                            unsigned char output[16] );
-
-/**
- * \brief          MD4 process data block (internal use only)
- *
- * \param ctx      MD4 context
- * \param data     buffer holding one block of data
- *
- * \return         0 if successful
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
-                                  const unsigned char data[64] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          MD4 context setup
- *
- * \deprecated     Superseded by mbedtls_md4_starts_ret() in 2.7.0
- *
- * \param ctx      context to be initialized
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md4_starts( mbedtls_md4_context *ctx );
-
-/**
- * \brief          MD4 process buffer
- *
- * \deprecated     Superseded by mbedtls_md4_update_ret() in 2.7.0
- *
- * \param ctx      MD4 context
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md4_update( mbedtls_md4_context *ctx,
-                                            const unsigned char *input,
-                                            size_t ilen );
-
-/**
- * \brief          MD4 final digest
- *
- * \deprecated     Superseded by mbedtls_md4_finish_ret() in 2.7.0
- *
- * \param ctx      MD4 context
- * \param output   MD4 checksum result
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md4_finish( mbedtls_md4_context *ctx,
-                                            unsigned char output[16] );
-
-/**
- * \brief          MD4 process data block (internal use only)
- *
- * \deprecated     Superseded by mbedtls_internal_md4_process() in 2.7.0
- *
- * \param ctx      MD4 context
- * \param data     buffer holding one block of data
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx,
-                                             const unsigned char data[64] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_MD4_ALT */
-#include "md4_alt.h"
-#endif /* MBEDTLS_MD4_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Output = MD4( input buffer )
- *
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- * \param output   MD4 checksum result
- *
- * \return         0 if successful
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md4_ret( const unsigned char *input,
-                     size_t ilen,
-                     unsigned char output[16] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          Output = MD4( input buffer )
- *
- * \deprecated     Superseded by mbedtls_md4_ret() in 2.7.0
- *
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- * \param output   MD4 checksum result
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input,
-                                     size_t ilen,
-                                     unsigned char output[16] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md4_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_md4.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/md5.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/md5.h
deleted file mode 100644
index 06ea4c5d..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/md5.h
+++ /dev/null
@@ -1,314 +0,0 @@
-/**
- * \file md5.h
- *
- * \brief MD5 message digest algorithm (hash function)
- *
- * \warning   MD5 is considered a weak message digest and its use constitutes a
- *            security risk. We recommend considering stronger message
- *            digests instead.
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_MD5_H
-#define MBEDTLS_MD5_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#define MBEDTLS_ERR_MD5_HW_ACCEL_FAILED                   -0x002F  /**< MD5 hardware accelerator failed */
-
-#if !defined(MBEDTLS_MD5_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          MD5 context structure
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-typedef struct
-{
-    uint32_t total[2];          /*!< number of bytes processed  */
-    uint32_t state[4];          /*!< intermediate digest state  */
-    unsigned char buffer[64];   /*!< data block being processed */
-}
-mbedtls_md5_context;
-
-/**
- * \brief          Initialize MD5 context
- *
- * \param ctx      MD5 context to be initialized
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md5_init( mbedtls_md5_context *ctx );
-
-/**
- * \brief          Clear MD5 context
- *
- * \param ctx      MD5 context to be cleared
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md5_free( mbedtls_md5_context *ctx );
-
-/**
- * \brief          Clone (the state of) an MD5 context
- *
- * \param dst      The destination context
- * \param src      The context to be cloned
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md5_clone( mbedtls_md5_context *dst,
-                        const mbedtls_md5_context *src );
-
-/**
- * \brief          MD5 context setup
- *
- * \param ctx      context to be initialized
- *
- * \return         0 if successful
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx );
-
-/**
- * \brief          MD5 process buffer
- *
- * \param ctx      MD5 context
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- *
- * \return         0 if successful
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
-                            const unsigned char *input,
-                            size_t ilen );
-
-/**
- * \brief          MD5 final digest
- *
- * \param ctx      MD5 context
- * \param output   MD5 checksum result
- *
- * \return         0 if successful
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
-                            unsigned char output[16] );
-
-/**
- * \brief          MD5 process data block (internal use only)
- *
- * \param ctx      MD5 context
- * \param data     buffer holding one block of data
- *
- * \return         0 if successful
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
-                                  const unsigned char data[64] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          MD5 context setup
- *
- * \deprecated     Superseded by mbedtls_md5_starts_ret() in 2.7.0
- *
- * \param ctx      context to be initialized
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md5_starts( mbedtls_md5_context *ctx );
-
-/**
- * \brief          MD5 process buffer
- *
- * \deprecated     Superseded by mbedtls_md5_update_ret() in 2.7.0
- *
- * \param ctx      MD5 context
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md5_update( mbedtls_md5_context *ctx,
-                                            const unsigned char *input,
-                                            size_t ilen );
-
-/**
- * \brief          MD5 final digest
- *
- * \deprecated     Superseded by mbedtls_md5_finish_ret() in 2.7.0
- *
- * \param ctx      MD5 context
- * \param output   MD5 checksum result
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md5_finish( mbedtls_md5_context *ctx,
-                                            unsigned char output[16] );
-
-/**
- * \brief          MD5 process data block (internal use only)
- *
- * \deprecated     Superseded by mbedtls_internal_md5_process() in 2.7.0
- *
- * \param ctx      MD5 context
- * \param data     buffer holding one block of data
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx,
-                                             const unsigned char data[64] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_MD5_ALT */
-#include "md5_alt.h"
-#endif /* MBEDTLS_MD5_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Output = MD5( input buffer )
- *
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- * \param output   MD5 checksum result
- *
- * \return         0 if successful
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md5_ret( const unsigned char *input,
-                     size_t ilen,
-                     unsigned char output[16] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          Output = MD5( input buffer )
- *
- * \deprecated     Superseded by mbedtls_md5_ret() in 2.7.0
- *
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- * \param output   MD5 checksum result
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input,
-                                     size_t ilen,
-                                     unsigned char output[16] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md5_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_md5.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/md_internal.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/md_internal.h
deleted file mode 100644
index 04de4829..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/md_internal.h
+++ /dev/null
@@ -1,115 +0,0 @@
-/**
- * \file md_internal.h
- *
- * \brief Message digest wrappers.
- *
- * \warning This in an internal header. Do not include directly.
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_MD_WRAP_H
-#define MBEDTLS_MD_WRAP_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "md.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Message digest information.
- * Allows message digest functions to be called in a generic way.
- */
-struct mbedtls_md_info_t
-{
-    /** Digest identifier */
-    mbedtls_md_type_t type;
-
-    /** Name of the message digest */
-    const char * name;
-
-    /** Output length of the digest function in bytes */
-    int size;
-
-    /** Block length of the digest function in bytes */
-    int block_size;
-
-    /** Digest initialisation function */
-    int (*starts_func)( void *ctx );
-
-    /** Digest update function */
-    int (*update_func)( void *ctx, const unsigned char *input, size_t ilen );
-
-    /** Digest finalisation function */
-    int (*finish_func)( void *ctx, unsigned char *output );
-
-    /** Generic digest function */
-    int (*digest_func)( const unsigned char *input, size_t ilen,
-                        unsigned char *output );
-
-    /** Allocate a new context */
-    void * (*ctx_alloc_func)( void );
-
-    /** Free the given context */
-    void (*ctx_free_func)( void *ctx );
-
-    /** Clone state from a context */
-    void (*clone_func)( void *dst, const void *src );
-
-    /** Internal use only */
-    int (*process_func)( void *ctx, const unsigned char *input );
-};
-
-#if defined(MBEDTLS_MD2_C)
-extern const mbedtls_md_info_t mbedtls_md2_info;
-#endif
-#if defined(MBEDTLS_MD4_C)
-extern const mbedtls_md_info_t mbedtls_md4_info;
-#endif
-#if defined(MBEDTLS_MD5_C)
-extern const mbedtls_md_info_t mbedtls_md5_info;
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-extern const mbedtls_md_info_t mbedtls_ripemd160_info;
-#endif
-#if defined(MBEDTLS_SHA1_C)
-extern const mbedtls_md_info_t mbedtls_sha1_info;
-#endif
-#if defined(MBEDTLS_SHA256_C)
-extern const mbedtls_md_info_t mbedtls_sha224_info;
-extern const mbedtls_md_info_t mbedtls_sha256_info;
-#endif
-#if defined(MBEDTLS_SHA512_C)
-extern const mbedtls_md_info_t mbedtls_sha384_info;
-extern const mbedtls_md_info_t mbedtls_sha512_info;
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_MD_WRAP_H */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h
deleted file mode 100644
index 705f9a63..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h
+++ /dev/null
@@ -1,151 +0,0 @@
-/**
- * \file memory_buffer_alloc.h
- *
- * \brief Buffer-based memory allocator
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
-#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
-#define MBEDTLS_MEMORY_ALIGN_MULTIPLE       4 /**< Align on multiples of this value */
-#endif
-
-/* \} name SECTION: Module settings */
-
-#define MBEDTLS_MEMORY_VERIFY_NONE         0
-#define MBEDTLS_MEMORY_VERIFY_ALLOC        (1 << 0)
-#define MBEDTLS_MEMORY_VERIFY_FREE         (1 << 1)
-#define MBEDTLS_MEMORY_VERIFY_ALWAYS       (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief   Initialize use of stack-based memory allocator.
- *          The stack-based allocator does memory management inside the
- *          presented buffer and does not call calloc() and free().
- *          It sets the global mbedtls_calloc() and mbedtls_free() pointers
- *          to its own functions.
- *          (Provided mbedtls_calloc() and mbedtls_free() are thread-safe if
- *           MBEDTLS_THREADING_C is defined)
- *
- * \note    This code is not optimized and provides a straight-forward
- *          implementation of a stack-based memory allocator.
- *
- * \param buf   buffer to use as heap
- * \param len   size of the buffer
- */
-void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len );
-
-/**
- * \brief   Free the mutex for thread-safety and clear remaining memory
- */
-void mbedtls_memory_buffer_alloc_free( void );
-
-/**
- * \brief   Determine when the allocator should automatically verify the state
- *          of the entire chain of headers / meta-data.
- *          (Default: MBEDTLS_MEMORY_VERIFY_NONE)
- *
- * \param verify    One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC,
- *                  MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS
- */
-void mbedtls_memory_buffer_set_verify( int verify );
-
-#if defined(MBEDTLS_MEMORY_DEBUG)
-/**
- * \brief   Print out the status of the allocated memory (primarily for use
- *          after a program should have de-allocated all memory)
- *          Prints out a list of 'still allocated' blocks and their stack
- *          trace if MBEDTLS_MEMORY_BACKTRACE is defined.
- */
-void mbedtls_memory_buffer_alloc_status( void );
-
-/**
- * \brief   Get the peak heap usage so far
- *
- * \param max_used      Peak number of bytes in use or committed. This
- *                      includes bytes in allocated blocks too small to split
- *                      into smaller blocks but larger than the requested size.
- * \param max_blocks    Peak number of blocks in use, including free and used
- */
-void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
-
-/**
- * \brief   Reset peak statistics
- */
-void mbedtls_memory_buffer_alloc_max_reset( void );
-
-/**
- * \brief   Get the current heap usage
- *
- * \param cur_used      Current number of bytes in use or committed. This
- *                      includes bytes in allocated blocks too small to split
- *                      into smaller blocks but larger than the requested size.
- * \param cur_blocks    Current number of blocks in use, including free and used
- */
-void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
-#endif /* MBEDTLS_MEMORY_DEBUG */
-
-/**
- * \brief   Verifies that all headers in the memory buffer are correct
- *          and contain sane values. Helps debug buffer-overflow errors.
- *
- *          Prints out first failure if MBEDTLS_MEMORY_DEBUG is defined.
- *          Prints out full header information if MBEDTLS_MEMORY_DEBUG
- *          is defined. (Includes stack trace information for each block if
- *          MBEDTLS_MEMORY_BACKTRACE is defined as well).
- *
- * \return             0 if verified, 1 otherwise
- */
-int mbedtls_memory_buffer_alloc_verify( void );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if a test failed
- */
-int mbedtls_memory_buffer_alloc_self_test( int verbose );
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* memory_buffer_alloc.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/net.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/net.h
deleted file mode 100644
index 28ae8217..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/net.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/**
- * \file net.h
- *
- * \brief Deprecated header file that includes mbedtls/net_sockets.h
- *
- * \deprecated Superseded by mbedtls/net_sockets.h
- */
-/*
- *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#include "mbedtls/net_sockets.h"
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "Deprecated header file: Superseded by mbedtls/net_sockets.h"
-#endif /* MBEDTLS_DEPRECATED_WARNING */
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/net_sockets.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/net_sockets.h
deleted file mode 100644
index 54e612cc..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/net_sockets.h
+++ /dev/null
@@ -1,226 +0,0 @@
-/**
- * \file net_sockets.h
- *
- * \brief Network communication functions
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_NET_SOCKETS_H
-#define MBEDTLS_NET_SOCKETS_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "ssl.h"
-
-#include <stddef.h>
-#include <stdint.h>
-
-#define MBEDTLS_ERR_NET_SOCKET_FAILED                     -0x0042  /**< Failed to open a socket. */
-#define MBEDTLS_ERR_NET_CONNECT_FAILED                    -0x0044  /**< The connection to the given server / port failed. */
-#define MBEDTLS_ERR_NET_BIND_FAILED                       -0x0046  /**< Binding of the socket failed. */
-#define MBEDTLS_ERR_NET_LISTEN_FAILED                     -0x0048  /**< Could not listen on the socket. */
-#define MBEDTLS_ERR_NET_ACCEPT_FAILED                     -0x004A  /**< Could not accept the incoming connection. */
-#define MBEDTLS_ERR_NET_RECV_FAILED                       -0x004C  /**< Reading information from the socket failed. */
-#define MBEDTLS_ERR_NET_SEND_FAILED                       -0x004E  /**< Sending information through the socket failed. */
-#define MBEDTLS_ERR_NET_CONN_RESET                        -0x0050  /**< Connection was reset by peer. */
-#define MBEDTLS_ERR_NET_UNKNOWN_HOST                      -0x0052  /**< Failed to get an IP address for the given hostname. */
-#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL                  -0x0043  /**< Buffer is too small to hold the data. */
-#define MBEDTLS_ERR_NET_INVALID_CONTEXT                   -0x0045  /**< The context is invalid, eg because it was free()ed. */
-
-#define MBEDTLS_NET_LISTEN_BACKLOG         10 /**< The backlog that listen() should use. */
-
-#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */
-#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Wrapper type for sockets.
- *
- * Currently backed by just a file descriptor, but might be more in the future
- * (eg two file descriptors for combined IPv4 + IPv6 support, or additional
- * structures for hand-made UDP demultiplexing).
- */
-typedef struct
-{
-    int fd;             /**< The underlying file descriptor                 */
-}
-mbedtls_net_context;
-
-/**
- * \brief          Initialize a context
- *                 Just makes the context ready to be used or freed safely.
- *
- * \param ctx      Context to initialize
- */
-void mbedtls_net_init( mbedtls_net_context *ctx );
-
-/**
- * \brief          Initiate a connection with host:port in the given protocol
- *
- * \param ctx      Socket to use
- * \param host     Host to connect to
- * \param port     Port to connect to
- * \param proto    Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
- *
- * \return         0 if successful, or one of:
- *                      MBEDTLS_ERR_NET_SOCKET_FAILED,
- *                      MBEDTLS_ERR_NET_UNKNOWN_HOST,
- *                      MBEDTLS_ERR_NET_CONNECT_FAILED
- *
- * \note           Sets the socket in connected mode even with UDP.
- */
-int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto );
-
-/**
- * \brief          Create a receiving socket on bind_ip:port in the chosen
- *                 protocol. If bind_ip == NULL, all interfaces are bound.
- *
- * \param ctx      Socket to use
- * \param bind_ip  IP to bind to, can be NULL
- * \param port     Port number to use
- * \param proto    Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
- *
- * \return         0 if successful, or one of:
- *                      MBEDTLS_ERR_NET_SOCKET_FAILED,
- *                      MBEDTLS_ERR_NET_BIND_FAILED,
- *                      MBEDTLS_ERR_NET_LISTEN_FAILED
- *
- * \note           Regardless of the protocol, opens the sockets and binds it.
- *                 In addition, make the socket listening if protocol is TCP.
- */
-int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto );
-
-/**
- * \brief           Accept a connection from a remote client
- *
- * \param bind_ctx  Relevant socket
- * \param client_ctx Will contain the connected client socket
- * \param client_ip Will contain the client IP address
- * \param buf_size  Size of the client_ip buffer
- * \param ip_len    Will receive the size of the client IP written
- *
- * \return          0 if successful, or
- *                  MBEDTLS_ERR_NET_ACCEPT_FAILED, or
- *                  MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
- *                  MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
- *                  non-blocking and accept() would block.
- */
-int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
-                        mbedtls_net_context *client_ctx,
-                        void *client_ip, size_t buf_size, size_t *ip_len );
-
-/**
- * \brief          Set the socket blocking
- *
- * \param ctx      Socket to set
- *
- * \return         0 if successful, or a non-zero error code
- */
-int mbedtls_net_set_block( mbedtls_net_context *ctx );
-
-/**
- * \brief          Set the socket non-blocking
- *
- * \param ctx      Socket to set
- *
- * \return         0 if successful, or a non-zero error code
- */
-int mbedtls_net_set_nonblock( mbedtls_net_context *ctx );
-
-/**
- * \brief          Portable usleep helper
- *
- * \param usec     Amount of microseconds to sleep
- *
- * \note           Real amount of time slept will not be less than
- *                 select()'s timeout granularity (typically, 10ms).
- */
-void mbedtls_net_usleep( unsigned long usec );
-
-/**
- * \brief          Read at most 'len' characters. If no error occurs,
- *                 the actual amount read is returned.
- *
- * \param ctx      Socket
- * \param buf      The buffer to write to
- * \param len      Maximum length of the buffer
- *
- * \return         the number of bytes received,
- *                 or a non-zero error code; with a non-blocking socket,
- *                 MBEDTLS_ERR_SSL_WANT_READ indicates read() would block.
- */
-int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
-
-/**
- * \brief          Write at most 'len' characters. If no error occurs,
- *                 the actual amount read is returned.
- *
- * \param ctx      Socket
- * \param buf      The buffer to read from
- * \param len      The length of the buffer
- *
- * \return         the number of bytes sent,
- *                 or a non-zero error code; with a non-blocking socket,
- *                 MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block.
- */
-int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
-
-/**
- * \brief          Read at most 'len' characters, blocking for at most
- *                 'timeout' seconds. If no error occurs, the actual amount
- *                 read is returned.
- *
- * \param ctx      Socket
- * \param buf      The buffer to write to
- * \param len      Maximum length of the buffer
- * \param timeout  Maximum number of milliseconds to wait for data
- *                 0 means no timeout (wait forever)
- *
- * \return         the number of bytes received,
- *                 or a non-zero error code:
- *                 MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
- *                 MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
- *
- * \note           This function will block (until data becomes available or
- *                 timeout is reached) even if the socket is set to
- *                 non-blocking. Handling timeouts with non-blocking reads
- *                 requires a different strategy.
- */
-int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
-                      uint32_t timeout );
-
-/**
- * \brief          Gracefully shutdown the connection and free associated data
- *
- * \param ctx      The context to free
- */
-void mbedtls_net_free( mbedtls_net_context *ctx );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* net_sockets.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/oid.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/oid.h
deleted file mode 100644
index 408645ec..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/oid.h
+++ /dev/null
@@ -1,589 +0,0 @@
-/**
- * \file oid.h
- *
- * \brief Object Identifier (OID) database
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_OID_H
-#define MBEDTLS_OID_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "asn1.h"
-#include "pk.h"
-
-#include <stddef.h>
-
-#if defined(MBEDTLS_CIPHER_C)
-#include "cipher.h"
-#endif
-
-#if defined(MBEDTLS_MD_C)
-#include "md.h"
-#endif
-
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
-#include "x509.h"
-#endif
-
-#define MBEDTLS_ERR_OID_NOT_FOUND                         -0x002E  /**< OID is not found. */
-#define MBEDTLS_ERR_OID_BUF_TOO_SMALL                     -0x000B  /**< output buffer is too small */
-
-/*
- * Top level OID tuples
- */
-#define MBEDTLS_OID_ISO_MEMBER_BODIES           "\x2a"          /* {iso(1) member-body(2)} */
-#define MBEDTLS_OID_ISO_IDENTIFIED_ORG          "\x2b"          /* {iso(1) identified-organization(3)} */
-#define MBEDTLS_OID_ISO_CCITT_DS                "\x55"          /* {joint-iso-ccitt(2) ds(5)} */
-#define MBEDTLS_OID_ISO_ITU_COUNTRY             "\x60"          /* {joint-iso-itu-t(2) country(16)} */
-
-/*
- * ISO Member bodies OID parts
- */
-#define MBEDTLS_OID_COUNTRY_US                  "\x86\x48"      /* {us(840)} */
-#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY       "\x86\xf7\x0d"  /* {rsadsi(113549)} */
-#define MBEDTLS_OID_RSA_COMPANY                 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
-                                        MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
-#define MBEDTLS_OID_ORG_ANSI_X9_62              "\xce\x3d" /* ansi-X9-62(10045) */
-#define MBEDTLS_OID_ANSI_X9_62                  MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
-                                        MBEDTLS_OID_ORG_ANSI_X9_62
-
-/*
- * ISO Identified organization OID parts
- */
-#define MBEDTLS_OID_ORG_DOD                     "\x06"          /* {dod(6)} */
-#define MBEDTLS_OID_ORG_OIW                     "\x0e"
-#define MBEDTLS_OID_OIW_SECSIG                  MBEDTLS_OID_ORG_OIW "\x03"
-#define MBEDTLS_OID_OIW_SECSIG_ALG              MBEDTLS_OID_OIW_SECSIG "\x02"
-#define MBEDTLS_OID_OIW_SECSIG_SHA1             MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
-#define MBEDTLS_OID_ORG_CERTICOM                "\x81\x04"  /* certicom(132) */
-#define MBEDTLS_OID_CERTICOM                    MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
-#define MBEDTLS_OID_ORG_TELETRUST               "\x24" /* teletrust(36) */
-#define MBEDTLS_OID_TELETRUST                   MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
-
-/*
- * ISO ITU OID parts
- */
-#define MBEDTLS_OID_ORGANIZATION                "\x01"          /* {organization(1)} */
-#define MBEDTLS_OID_ISO_ITU_US_ORG              MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
-
-#define MBEDTLS_OID_ORG_GOV                     "\x65"          /* {gov(101)} */
-#define MBEDTLS_OID_GOV                         MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
-
-#define MBEDTLS_OID_ORG_NETSCAPE                "\x86\xF8\x42"  /* {netscape(113730)} */
-#define MBEDTLS_OID_NETSCAPE                    MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
-
-/* ISO arc for standard certificate and CRL extensions */
-#define MBEDTLS_OID_ID_CE                       MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29} */
-
-/**
- * Private Internet Extensions
- * { iso(1) identified-organization(3) dod(6) internet(1)
- *                      security(5) mechanisms(5) pkix(7) }
- */
-#define MBEDTLS_OID_PKIX                        MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01\x05\x05\x07"
-
-/*
- * Arc for standard naming attributes
- */
-#define MBEDTLS_OID_AT                          MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
-#define MBEDTLS_OID_AT_CN                       MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
-#define MBEDTLS_OID_AT_SUR_NAME                 MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
-#define MBEDTLS_OID_AT_SERIAL_NUMBER            MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
-#define MBEDTLS_OID_AT_COUNTRY                  MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
-#define MBEDTLS_OID_AT_LOCALITY                 MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
-#define MBEDTLS_OID_AT_STATE                    MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
-#define MBEDTLS_OID_AT_ORGANIZATION             MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
-#define MBEDTLS_OID_AT_ORG_UNIT                 MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
-#define MBEDTLS_OID_AT_TITLE                    MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
-#define MBEDTLS_OID_AT_POSTAL_ADDRESS           MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
-#define MBEDTLS_OID_AT_POSTAL_CODE              MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
-#define MBEDTLS_OID_AT_GIVEN_NAME               MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
-#define MBEDTLS_OID_AT_INITIALS                 MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
-#define MBEDTLS_OID_AT_GENERATION_QUALIFIER     MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
-#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER        MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
-#define MBEDTLS_OID_AT_DN_QUALIFIER             MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
-#define MBEDTLS_OID_AT_PSEUDONYM                MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
-
-#define MBEDTLS_OID_DOMAIN_COMPONENT            "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
-
-/*
- * OIDs for standard certificate extensions
- */
-#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER    MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 } */
-#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER      MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 } */
-#define MBEDTLS_OID_KEY_USAGE                   MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 } */
-#define MBEDTLS_OID_CERTIFICATE_POLICIES        MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 } */
-#define MBEDTLS_OID_POLICY_MAPPINGS             MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 } */
-#define MBEDTLS_OID_SUBJECT_ALT_NAME            MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 } */
-#define MBEDTLS_OID_ISSUER_ALT_NAME             MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 } */
-#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS     MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 } */
-#define MBEDTLS_OID_BASIC_CONSTRAINTS           MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 } */
-#define MBEDTLS_OID_NAME_CONSTRAINTS            MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 } */
-#define MBEDTLS_OID_POLICY_CONSTRAINTS          MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 } */
-#define MBEDTLS_OID_EXTENDED_KEY_USAGE          MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
-#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS     MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-ce 31 } */
-#define MBEDTLS_OID_INIHIBIT_ANYPOLICY          MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 } */
-#define MBEDTLS_OID_FRESHEST_CRL                MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 } */
-
-/*
- * Netscape certificate extensions
- */
-#define MBEDTLS_OID_NS_CERT                 MBEDTLS_OID_NETSCAPE "\x01"
-#define MBEDTLS_OID_NS_CERT_TYPE            MBEDTLS_OID_NS_CERT  "\x01"
-#define MBEDTLS_OID_NS_BASE_URL             MBEDTLS_OID_NS_CERT  "\x02"
-#define MBEDTLS_OID_NS_REVOCATION_URL       MBEDTLS_OID_NS_CERT  "\x03"
-#define MBEDTLS_OID_NS_CA_REVOCATION_URL    MBEDTLS_OID_NS_CERT  "\x04"
-#define MBEDTLS_OID_NS_RENEWAL_URL          MBEDTLS_OID_NS_CERT  "\x07"
-#define MBEDTLS_OID_NS_CA_POLICY_URL        MBEDTLS_OID_NS_CERT  "\x08"
-#define MBEDTLS_OID_NS_SSL_SERVER_NAME      MBEDTLS_OID_NS_CERT  "\x0C"
-#define MBEDTLS_OID_NS_COMMENT              MBEDTLS_OID_NS_CERT  "\x0D"
-#define MBEDTLS_OID_NS_DATA_TYPE            MBEDTLS_OID_NETSCAPE "\x02"
-#define MBEDTLS_OID_NS_CERT_SEQUENCE        MBEDTLS_OID_NS_DATA_TYPE "\x05"
-
-/*
- * OIDs for CRL extensions
- */
-#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD    MBEDTLS_OID_ID_CE "\x10"
-#define MBEDTLS_OID_CRL_NUMBER                  MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
-
-/*
- * X.509 v3 Extended key usage OIDs
- */
-#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE      MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
-
-#define MBEDTLS_OID_KP                          MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
-#define MBEDTLS_OID_SERVER_AUTH                 MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
-#define MBEDTLS_OID_CLIENT_AUTH                 MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
-#define MBEDTLS_OID_CODE_SIGNING                MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
-#define MBEDTLS_OID_EMAIL_PROTECTION            MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
-#define MBEDTLS_OID_TIME_STAMPING               MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
-#define MBEDTLS_OID_OCSP_SIGNING                MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
-
-/*
- * PKCS definition OIDs
- */
-
-#define MBEDTLS_OID_PKCS                MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
-#define MBEDTLS_OID_PKCS1               MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
-#define MBEDTLS_OID_PKCS5               MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
-#define MBEDTLS_OID_PKCS9               MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
-#define MBEDTLS_OID_PKCS12              MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
-
-/*
- * PKCS#1 OIDs
- */
-#define MBEDTLS_OID_PKCS1_RSA           MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
-#define MBEDTLS_OID_PKCS1_MD2           MBEDTLS_OID_PKCS1 "\x02" /**< md2WithRSAEncryption ::= { pkcs-1 2 } */
-#define MBEDTLS_OID_PKCS1_MD4           MBEDTLS_OID_PKCS1 "\x03" /**< md4WithRSAEncryption ::= { pkcs-1 3 } */
-#define MBEDTLS_OID_PKCS1_MD5           MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
-#define MBEDTLS_OID_PKCS1_SHA1          MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
-#define MBEDTLS_OID_PKCS1_SHA224        MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
-#define MBEDTLS_OID_PKCS1_SHA256        MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
-#define MBEDTLS_OID_PKCS1_SHA384        MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
-#define MBEDTLS_OID_PKCS1_SHA512        MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
-
-#define MBEDTLS_OID_RSA_SHA_OBS         "\x2B\x0E\x03\x02\x1D"
-
-#define MBEDTLS_OID_PKCS9_EMAIL         MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
-
-/* RFC 4055 */
-#define MBEDTLS_OID_RSASSA_PSS          MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
-#define MBEDTLS_OID_MGF1                MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
-
-/*
- * Digest algorithms
- */
-#define MBEDTLS_OID_DIGEST_ALG_MD2              MBEDTLS_OID_RSA_COMPANY "\x02\x02" /**< id-mbedtls_md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
-#define MBEDTLS_OID_DIGEST_ALG_MD4              MBEDTLS_OID_RSA_COMPANY "\x02\x04" /**< id-mbedtls_md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
-#define MBEDTLS_OID_DIGEST_ALG_MD5              MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA1             MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA224           MBEDTLS_OID_GOV "\x03\x04\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA256           MBEDTLS_OID_GOV "\x03\x04\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
-
-#define MBEDTLS_OID_DIGEST_ALG_SHA384           MBEDTLS_OID_GOV "\x03\x04\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
-
-#define MBEDTLS_OID_DIGEST_ALG_SHA512           MBEDTLS_OID_GOV "\x03\x04\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
-
-#define MBEDTLS_OID_HMAC_SHA1                   MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
-
-#define MBEDTLS_OID_HMAC_SHA224                 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
-
-#define MBEDTLS_OID_HMAC_SHA256                 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
-
-#define MBEDTLS_OID_HMAC_SHA384                 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
-
-#define MBEDTLS_OID_HMAC_SHA512                 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
-
-/*
- * Encryption algorithms
- */
-#define MBEDTLS_OID_DES_CBC                     MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
-#define MBEDTLS_OID_DES_EDE3_CBC                MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
-
-/*
- * PKCS#5 OIDs
- */
-#define MBEDTLS_OID_PKCS5_PBKDF2                MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
-#define MBEDTLS_OID_PKCS5_PBES2                 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
-#define MBEDTLS_OID_PKCS5_PBMAC1                MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
-
-/*
- * PKCS#5 PBES1 algorithms
- */
-#define MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC       MBEDTLS_OID_PKCS5 "\x01" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */
-#define MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC       MBEDTLS_OID_PKCS5 "\x04" /**< pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} */
-#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC       MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
-#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC       MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
-#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC      MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
-#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC      MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
-
-/*
- * PKCS#8 OIDs
- */
-#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ           MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
-
-/*
- * PKCS#12 PBE OIDs
- */
-#define MBEDTLS_OID_PKCS12_PBE                      MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
-
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128         MBEDTLS_OID_PKCS12_PBE "\x01" /**< pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40          MBEDTLS_OID_PKCS12_PBE "\x02" /**< pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC    MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC    MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC     MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC      MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
-
-/*
- * EC key algorithms from RFC 5480
- */
-
-/* id-ecPublicKey OBJECT IDENTIFIER ::= {
- *       iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
-#define MBEDTLS_OID_EC_ALG_UNRESTRICTED         MBEDTLS_OID_ANSI_X9_62 "\x02\01"
-
-/*   id-ecDH OBJECT IDENTIFIER ::= {
- *     iso(1) identified-organization(3) certicom(132)
- *     schemes(1) ecdh(12) } */
-#define MBEDTLS_OID_EC_ALG_ECDH                 MBEDTLS_OID_CERTICOM "\x01\x0c"
-
-/*
- * ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2
- */
-
-/* secp192r1 OBJECT IDENTIFIER ::= {
- *   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
-#define MBEDTLS_OID_EC_GRP_SECP192R1        MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
-
-/* secp224r1 OBJECT IDENTIFIER ::= {
- *   iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
-#define MBEDTLS_OID_EC_GRP_SECP224R1        MBEDTLS_OID_CERTICOM "\x00\x21"
-
-/* secp256r1 OBJECT IDENTIFIER ::= {
- *   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */
-#define MBEDTLS_OID_EC_GRP_SECP256R1        MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
-
-/* secp384r1 OBJECT IDENTIFIER ::= {
- *   iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
-#define MBEDTLS_OID_EC_GRP_SECP384R1        MBEDTLS_OID_CERTICOM "\x00\x22"
-
-/* secp521r1 OBJECT IDENTIFIER ::= {
- *   iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
-#define MBEDTLS_OID_EC_GRP_SECP521R1        MBEDTLS_OID_CERTICOM "\x00\x23"
-
-/* secp192k1 OBJECT IDENTIFIER ::= {
- *   iso(1) identified-organization(3) certicom(132) curve(0) 31 } */
-#define MBEDTLS_OID_EC_GRP_SECP192K1        MBEDTLS_OID_CERTICOM "\x00\x1f"
-
-/* secp224k1 OBJECT IDENTIFIER ::= {
- *   iso(1) identified-organization(3) certicom(132) curve(0) 32 } */
-#define MBEDTLS_OID_EC_GRP_SECP224K1        MBEDTLS_OID_CERTICOM "\x00\x20"
-
-/* secp256k1 OBJECT IDENTIFIER ::= {
- *   iso(1) identified-organization(3) certicom(132) curve(0) 10 } */
-#define MBEDTLS_OID_EC_GRP_SECP256K1        MBEDTLS_OID_CERTICOM "\x00\x0a"
-
-/* RFC 5639 4.1
- * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
- * identified-organization(3) teletrust(36) algorithm(3) signature-
- * algorithm(3) ecSign(2) 8}
- * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
- * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
-#define MBEDTLS_OID_EC_BRAINPOOL_V1         MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
-
-/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
-#define MBEDTLS_OID_EC_GRP_BP256R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
-
-/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
-#define MBEDTLS_OID_EC_GRP_BP384R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
-
-/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
-#define MBEDTLS_OID_EC_GRP_BP512R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
-
-/*
- * SEC1 C.1
- *
- * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
- * id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)}
- */
-#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE   MBEDTLS_OID_ANSI_X9_62 "\x01"
-#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD  MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
-
-/*
- * ECDSA signature identifiers, from RFC 5480
- */
-#define MBEDTLS_OID_ANSI_X9_62_SIG          MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
-#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2     MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
-
-/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
- *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
-#define MBEDTLS_OID_ECDSA_SHA1              MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
-
-/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
- *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- *   ecdsa-with-SHA2(3) 1 } */
-#define MBEDTLS_OID_ECDSA_SHA224            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
-
-/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
- *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- *   ecdsa-with-SHA2(3) 2 } */
-#define MBEDTLS_OID_ECDSA_SHA256            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
-
-/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
- *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- *   ecdsa-with-SHA2(3) 3 } */
-#define MBEDTLS_OID_ECDSA_SHA384            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
-
-/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
- *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- *   ecdsa-with-SHA2(3) 4 } */
-#define MBEDTLS_OID_ECDSA_SHA512            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Base OID descriptor structure
- */
-typedef struct {
-    const char *asn1;               /*!< OID ASN.1 representation       */
-    size_t asn1_len;                /*!< length of asn1                 */
-    const char *name;               /*!< official name (e.g. from RFC)  */
-    const char *description;        /*!< human friendly description     */
-} mbedtls_oid_descriptor_t;
-
-/**
- * \brief           Translate an ASN.1 OID into its numeric representation
- *                  (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549")
- *
- * \param buf       buffer to put representation in
- * \param size      size of the buffer
- * \param oid       OID to translate
- *
- * \return          Length of the string written (excluding final NULL) or
- *                  MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
- */
-int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid );
-
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
-/**
- * \brief          Translate an X.509 extension OID into local values
- *
- * \param oid      OID to use
- * \param ext_type place to store the extension type
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
-#endif
-
-/**
- * \brief          Translate an X.509 attribute type OID into the short name
- *                 (e.g. the OID for an X520 Common Name into "CN")
- *
- * \param oid      OID to use
- * \param short_name    place to store the string pointer
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name );
-
-/**
- * \brief          Translate PublicKeyAlgorithm OID into pk_type
- *
- * \param oid      OID to use
- * \param pk_alg   place to store public key algorithm
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg );
-
-/**
- * \brief          Translate pk_type into PublicKeyAlgorithm OID
- *
- * \param pk_alg   Public key type to look for
- * \param oid      place to store ASN.1 OID string pointer
- * \param olen     length of the OID
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
-                           const char **oid, size_t *olen );
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * \brief          Translate NamedCurve OID into an EC group identifier
- *
- * \param oid      OID to use
- * \param grp_id   place to store group id
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id );
-
-/**
- * \brief          Translate EC group identifier into NamedCurve OID
- *
- * \param grp_id   EC group identifier
- * \param oid      place to store ASN.1 OID string pointer
- * \param olen     length of the OID
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
-                           const char **oid, size_t *olen );
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_MD_C)
-/**
- * \brief          Translate SignatureAlgorithm OID into md_type and pk_type
- *
- * \param oid      OID to use
- * \param md_alg   place to store message digest algorithm
- * \param pk_alg   place to store public key algorithm
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid,
-                     mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg );
-
-/**
- * \brief          Translate SignatureAlgorithm OID into description
- *
- * \param oid      OID to use
- * \param desc     place to store string pointer
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc );
-
-/**
- * \brief          Translate md_type and pk_type into SignatureAlgorithm OID
- *
- * \param md_alg   message digest algorithm
- * \param pk_alg   public key algorithm
- * \param oid      place to store ASN.1 OID string pointer
- * \param olen     length of the OID
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
-                            const char **oid, size_t *olen );
-
-/**
- * \brief          Translate hash algorithm OID into md_type
- *
- * \param oid      OID to use
- * \param md_alg   place to store message digest algorithm
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
-
-/**
- * \brief          Translate hmac algorithm OID into md_type
- *
- * \param oid      OID to use
- * \param md_hmac  place to store message hmac algorithm
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac );
-#endif /* MBEDTLS_MD_C */
-
-/**
- * \brief          Translate Extended Key Usage OID into description
- *
- * \param oid      OID to use
- * \param desc     place to store string pointer
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
-
-/**
- * \brief          Translate md_type into hash algorithm OID
- *
- * \param md_alg   message digest algorithm
- * \param oid      place to store ASN.1 OID string pointer
- * \param olen     length of the OID
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen );
-
-#if defined(MBEDTLS_CIPHER_C)
-/**
- * \brief          Translate encryption algorithm OID into cipher_type
- *
- * \param oid           OID to use
- * \param cipher_alg    place to store cipher algorithm
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg );
-#endif /* MBEDTLS_CIPHER_C */
-
-#if defined(MBEDTLS_PKCS12_C)
-/**
- * \brief          Translate PKCS#12 PBE algorithm OID into md_type and
- *                 cipher_type
- *
- * \param oid           OID to use
- * \param md_alg        place to store message digest algorithm
- * \param cipher_alg    place to store cipher algorithm
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
-                            mbedtls_cipher_type_t *cipher_alg );
-#endif /* MBEDTLS_PKCS12_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* oid.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/padlock.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/padlock.h
deleted file mode 100644
index 677936eb..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/padlock.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/**
- * \file padlock.h
- *
- * \brief VIA PadLock ACE for HW encryption/decryption supported by some
- *        processors
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_PADLOCK_H
-#define MBEDTLS_PADLOCK_H
-
-#include "aes.h"
-
-#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED               -0x0030  /**< Input data should be aligned. */
-
-#if defined(__has_feature)
-#if __has_feature(address_sanitizer)
-#define MBEDTLS_HAVE_ASAN
-#endif
-#endif
-
-/* Some versions of ASan result in errors about not enough registers */
-#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \
-    !defined(MBEDTLS_HAVE_ASAN)
-
-#ifndef MBEDTLS_HAVE_X86
-#define MBEDTLS_HAVE_X86
-#endif
-
-#include <stdint.h>
-
-#define MBEDTLS_PADLOCK_RNG 0x000C
-#define MBEDTLS_PADLOCK_ACE 0x00C0
-#define MBEDTLS_PADLOCK_PHE 0x0C00
-#define MBEDTLS_PADLOCK_PMM 0x3000
-
-#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) x & ~15))
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          PadLock detection routine
- *
- * \param feature  The feature to detect
- *
- * \return         1 if CPU has support for the feature, 0 otherwise
- */
-int mbedtls_padlock_has_support( int feature );
-
-/**
- * \brief          PadLock AES-ECB block en(de)cryption
- *
- * \param ctx      AES context
- * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
- * \param input    16-byte input block
- * \param output   16-byte output block
- *
- * \return         0 if success, 1 if operation failed
- */
-int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
-                       int mode,
-                       const unsigned char input[16],
-                       unsigned char output[16] );
-
-/**
- * \brief          PadLock AES-CBC buffer en(de)cryption
- *
- * \param ctx      AES context
- * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
- * \param length   length of the input data
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
- *
- * \return         0 if success, 1 if operation failed
- */
-int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
-                       int mode,
-                       size_t length,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* HAVE_X86  */
-
-#endif /* padlock.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/pem.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/pem.h
deleted file mode 100644
index 2cf4c0a7..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/pem.h
+++ /dev/null
@@ -1,130 +0,0 @@
-/**
- * \file pem.h
- *
- * \brief Privacy Enhanced Mail (PEM) decoding
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_PEM_H
-#define MBEDTLS_PEM_H
-
-#include <stddef.h>
-
-/**
- * \name PEM Error codes
- * These error codes are returned in case of errors reading the
- * PEM data.
- * \{
- */
-#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT          -0x1080  /**< No PEM header or footer found. */
-#define MBEDTLS_ERR_PEM_INVALID_DATA                      -0x1100  /**< PEM string is not as expected. */
-#define MBEDTLS_ERR_PEM_ALLOC_FAILED                      -0x1180  /**< Failed to allocate memory. */
-#define MBEDTLS_ERR_PEM_INVALID_ENC_IV                    -0x1200  /**< RSA IV is not in hex-format. */
-#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG                   -0x1280  /**< Unsupported key encryption algorithm. */
-#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED                 -0x1300  /**< Private key password can't be empty. */
-#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH                 -0x1380  /**< Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE               -0x1400  /**< Unavailable feature, e.g. hashing/encryption combination. */
-#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA                    -0x1480  /**< Bad input parameters to function. */
-/* \} name */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-/**
- * \brief       PEM context structure
- */
-typedef struct
-{
-    unsigned char *buf;     /*!< buffer for decoded data             */
-    size_t buflen;          /*!< length of the buffer                */
-    unsigned char *info;    /*!< buffer for extra header information */
-}
-mbedtls_pem_context;
-
-/**
- * \brief       PEM context setup
- *
- * \param ctx   context to be initialized
- */
-void mbedtls_pem_init( mbedtls_pem_context *ctx );
-
-/**
- * \brief       Read a buffer for PEM information and store the resulting
- *              data into the specified context buffers.
- *
- * \param ctx       context to use
- * \param header    header string to seek and expect
- * \param footer    footer string to seek and expect
- * \param data      source data to look in (must be nul-terminated)
- * \param pwd       password for decryption (can be NULL)
- * \param pwdlen    length of password
- * \param use_len   destination for total length used (set after header is
- *                  correctly read, so unless you get
- *                  MBEDTLS_ERR_PEM_BAD_INPUT_DATA or
- *                  MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
- *                  the length to skip)
- *
- * \note            Attempts to check password correctness by verifying if
- *                  the decrypted text starts with an ASN.1 sequence of
- *                  appropriate length
- *
- * \return          0 on success, or a specific PEM error code
- */
-int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
-                     const unsigned char *data,
-                     const unsigned char *pwd,
-                     size_t pwdlen, size_t *use_len );
-
-/**
- * \brief       PEM context memory freeing
- *
- * \param ctx   context to be freed
- */
-void mbedtls_pem_free( mbedtls_pem_context *ctx );
-#endif /* MBEDTLS_PEM_PARSE_C */
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-/**
- * \brief           Write a buffer of PEM information from a DER encoded
- *                  buffer.
- *
- * \param header    header string to write
- * \param footer    footer string to write
- * \param der_data  DER data to write
- * \param der_len   length of the DER data
- * \param buf       buffer to write to
- * \param buf_len   length of output buffer
- * \param olen      total length written / required (if buf_len is not enough)
- *
- * \return          0 on success, or a specific PEM or BASE64 error code. On
- *                  MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL olen is the required
- *                  size.
- */
-int mbedtls_pem_write_buffer( const char *header, const char *footer,
-                      const unsigned char *der_data, size_t der_len,
-                      unsigned char *buf, size_t buf_len, size_t *olen );
-#endif /* MBEDTLS_PEM_WRITE_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* pem.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/pk.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/pk.h
deleted file mode 100644
index 1059bdaa..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/pk.h
+++ /dev/null
@@ -1,618 +0,0 @@
-/**
- * \file pk.h
- *
- * \brief Public Key abstraction layer
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_PK_H
-#define MBEDTLS_PK_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "md.h"
-
-#if defined(MBEDTLS_RSA_C)
-#include "rsa.h"
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-#include "ecp.h"
-#endif
-
-#if defined(MBEDTLS_ECDSA_C)
-#include "ecdsa.h"
-#endif
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-#define MBEDTLS_ERR_PK_ALLOC_FAILED        -0x3F80  /**< Memory allocation failed. */
-#define MBEDTLS_ERR_PK_TYPE_MISMATCH       -0x3F00  /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
-#define MBEDTLS_ERR_PK_BAD_INPUT_DATA      -0x3E80  /**< Bad input parameters to function. */
-#define MBEDTLS_ERR_PK_FILE_IO_ERROR       -0x3E00  /**< Read/write of file failed. */
-#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80  /**< Unsupported key version */
-#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT  -0x3D00  /**< Invalid key tag or value. */
-#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG      -0x3C80  /**< Key algorithm is unsupported (only RSA and EC are supported). */
-#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED   -0x3C00  /**< Private key password can't be empty. */
-#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH   -0x3B80  /**< Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PK_INVALID_PUBKEY      -0x3B00  /**< The pubkey tag or value is invalid (only RSA and EC are supported). */
-#define MBEDTLS_ERR_PK_INVALID_ALG         -0x3A80  /**< The algorithm tag or value is invalid. */
-#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00  /**< Elliptic curve is unsupported (only NIST curves are supported). */
-#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980  /**< Unavailable feature, e.g. RSA disabled for RSA key. */
-#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH    -0x3900  /**< The signature is valid but its length is less than expected. */
-#define MBEDTLS_ERR_PK_HW_ACCEL_FAILED     -0x3880  /**< PK hardware accelerator failed. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Public key types
- */
-typedef enum {
-    MBEDTLS_PK_NONE=0,
-    MBEDTLS_PK_RSA,
-    MBEDTLS_PK_ECKEY,
-    MBEDTLS_PK_ECKEY_DH,
-    MBEDTLS_PK_ECDSA,
-    MBEDTLS_PK_RSA_ALT,
-    MBEDTLS_PK_RSASSA_PSS,
-} mbedtls_pk_type_t;
-
-/**
- * \brief           Options for RSASSA-PSS signature verification.
- *                  See \c mbedtls_rsa_rsassa_pss_verify_ext()
- */
-typedef struct
-{
-    mbedtls_md_type_t mgf1_hash_id;
-    int expected_salt_len;
-
-} mbedtls_pk_rsassa_pss_options;
-
-/**
- * \brief           Types for interfacing with the debug module
- */
-typedef enum
-{
-    MBEDTLS_PK_DEBUG_NONE = 0,
-    MBEDTLS_PK_DEBUG_MPI,
-    MBEDTLS_PK_DEBUG_ECP,
-} mbedtls_pk_debug_type;
-
-/**
- * \brief           Item to send to the debug module
- */
-typedef struct
-{
-    mbedtls_pk_debug_type type;
-    const char *name;
-    void *value;
-} mbedtls_pk_debug_item;
-
-/** Maximum number of item send for debugging, plus 1 */
-#define MBEDTLS_PK_DEBUG_MAX_ITEMS 3
-
-/**
- * \brief           Public key information and operations
- */
-typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
-
-/**
- * \brief           Public key container
- */
-typedef struct
-{
-    const mbedtls_pk_info_t *   pk_info; /**< Public key informations        */
-    void *                      pk_ctx;  /**< Underlying public key context  */
-} mbedtls_pk_context;
-
-#if defined(MBEDTLS_RSA_C)
-/**
- * Quick access to an RSA context inside a PK context.
- *
- * \warning You must make sure the PK context actually holds an RSA context
- * before using this function!
- */
-static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
-{
-    return( (mbedtls_rsa_context *) (pk).pk_ctx );
-}
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * Quick access to an EC context inside a PK context.
- *
- * \warning You must make sure the PK context actually holds an EC context
- * before using this function!
- */
-static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
-{
-    return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
-}
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/**
- * \brief           Types for RSA-alt abstraction
- */
-typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen,
-                    const unsigned char *input, unsigned char *output,
-                    size_t output_max_len );
-typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-                    int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
-                    const unsigned char *hash, unsigned char *sig );
-typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
-#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-
-/**
- * \brief           Return information associated with the given PK type
- *
- * \param pk_type   PK type to search for.
- *
- * \return          The PK info associated with the type or NULL if not found.
- */
-const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
-
-/**
- * \brief           Initialize a mbedtls_pk_context (as NONE)
- */
-void mbedtls_pk_init( mbedtls_pk_context *ctx );
-
-/**
- * \brief           Free a mbedtls_pk_context
- */
-void mbedtls_pk_free( mbedtls_pk_context *ctx );
-
-/**
- * \brief           Initialize a PK context with the information given
- *                  and allocates the type-specific PK subcontext.
- *
- * \param ctx       Context to initialize. Must be empty (type NONE).
- * \param info      Information to use
- *
- * \return          0 on success,
- *                  MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
- *                  MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
- *
- * \note            For contexts holding an RSA-alt key, use
- *                  \c mbedtls_pk_setup_rsa_alt() instead.
- */
-int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/**
- * \brief           Initialize an RSA-alt context
- *
- * \param ctx       Context to initialize. Must be empty (type NONE).
- * \param key       RSA key pointer
- * \param decrypt_func  Decryption function
- * \param sign_func     Signing function
- * \param key_len_func  Function returning key length in bytes
- *
- * \return          0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
- *                  context wasn't already initialized as RSA_ALT.
- *
- * \note            This function replaces \c mbedtls_pk_setup() for RSA-alt.
- */
-int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
-                         mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
-                         mbedtls_pk_rsa_alt_sign_func sign_func,
-                         mbedtls_pk_rsa_alt_key_len_func key_len_func );
-#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-
-/**
- * \brief           Get the size in bits of the underlying key
- *
- * \param ctx       Context to use
- *
- * \return          Key size in bits, or 0 on error
- */
-size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
-
-/**
- * \brief           Get the length in bytes of the underlying key
- * \param ctx       Context to use
- *
- * \return          Key length in bytes, or 0 on error
- */
-static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
-{
-    return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 );
-}
-
-/**
- * \brief           Tell if a context can do the operation given by type
- *
- * \param ctx       Context to test
- * \param type      Target type
- *
- * \return          0 if context can't do the operations,
- *                  1 otherwise.
- */
-int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
-
-/**
- * \brief           Verify signature (including padding if relevant).
- *
- * \param ctx       PK context to use
- * \param md_alg    Hash algorithm used (see notes)
- * \param hash      Hash of the message to sign
- * \param hash_len  Hash length or 0 (see notes)
- * \param sig       Signature to verify
- * \param sig_len   Signature length
- *
- * \return          0 on success (signature is valid),
- *                  MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
- *                  valid but its actual length is less than sig_len,
- *                  or a specific error code.
- *
- * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
- *                  Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
- *                  to verify RSASSA_PSS signatures.
- *
- * \note            If hash_len is 0, then the length associated with md_alg
- *                  is used instead, or an error returned if it is invalid.
- *
- * \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
- */
-int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-               const unsigned char *hash, size_t hash_len,
-               const unsigned char *sig, size_t sig_len );
-
-/**
- * \brief           Verify signature, with options.
- *                  (Includes verification of the padding depending on type.)
- *
- * \param type      Signature type (inc. possible padding type) to verify
- * \param options   Pointer to type-specific options, or NULL
- * \param ctx       PK context to use
- * \param md_alg    Hash algorithm used (see notes)
- * \param hash      Hash of the message to sign
- * \param hash_len  Hash length or 0 (see notes)
- * \param sig       Signature to verify
- * \param sig_len   Signature length
- *
- * \return          0 on success (signature is valid),
- *                  MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
- *                  used for this type of signatures,
- *                  MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
- *                  valid but its actual length is less than sig_len,
- *                  or a specific error code.
- *
- * \note            If hash_len is 0, then the length associated with md_alg
- *                  is used instead, or an error returned if it is invalid.
- *
- * \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
- *
- * \note            If type is MBEDTLS_PK_RSASSA_PSS, then options must point
- *                  to a mbedtls_pk_rsassa_pss_options structure,
- *                  otherwise it must be NULL.
- */
-int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
-                   mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   const unsigned char *sig, size_t sig_len );
-
-/**
- * \brief           Make signature, including padding if relevant.
- *
- * \param ctx       PK context to use - must hold a private key
- * \param md_alg    Hash algorithm used (see notes)
- * \param hash      Hash of the message to sign
- * \param hash_len  Hash length or 0 (see notes)
- * \param sig       Place to write the signature
- * \param sig_len   Number of bytes written
- * \param f_rng     RNG function
- * \param p_rng     RNG parameter
- *
- * \return          0 on success, or a specific error code.
- *
- * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
- *                  There is no interface in the PK module to make RSASSA-PSS
- *                  signatures yet.
- *
- * \note            If hash_len is 0, then the length associated with md_alg
- *                  is used instead, or an error returned if it is invalid.
- *
- * \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
- *                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
- */
-int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-             const unsigned char *hash, size_t hash_len,
-             unsigned char *sig, size_t *sig_len,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief           Decrypt message (including padding if relevant).
- *
- * \param ctx       PK context to use - must hold a private key
- * \param input     Input to decrypt
- * \param ilen      Input size
- * \param output    Decrypted output
- * \param olen      Decrypted message length
- * \param osize     Size of the output buffer
- * \param f_rng     RNG function
- * \param p_rng     RNG parameter
- *
- * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
- *
- * \return          0 on success, or a specific error code.
- */
-int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
-                const unsigned char *input, size_t ilen,
-                unsigned char *output, size_t *olen, size_t osize,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief           Encrypt message (including padding if relevant).
- *
- * \param ctx       PK context to use
- * \param input     Message to encrypt
- * \param ilen      Message size
- * \param output    Encrypted output
- * \param olen      Encrypted output length
- * \param osize     Size of the output buffer
- * \param f_rng     RNG function
- * \param p_rng     RNG parameter
- *
- * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
- *
- * \return          0 on success, or a specific error code.
- */
-int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
-                const unsigned char *input, size_t ilen,
-                unsigned char *output, size_t *olen, size_t osize,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief           Check if a public-private pair of keys matches.
- *
- * \param pub       Context holding a public key.
- * \param prv       Context holding a private (and public) key.
- *
- * \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
- */
-int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv );
-
-/**
- * \brief           Export debug information
- *
- * \param ctx       Context to use
- * \param items     Place to write debug items
- *
- * \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
- */
-int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
-
-/**
- * \brief           Access the type name
- *
- * \param ctx       Context to use
- *
- * \return          Type name on success, or "invalid PK"
- */
-const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
-
-/**
- * \brief           Get the key type
- *
- * \param ctx       Context to use
- *
- * \return          Type on success, or MBEDTLS_PK_NONE
- */
-mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
-
-#if defined(MBEDTLS_PK_PARSE_C)
-/** \ingroup pk_module */
-/**
- * \brief           Parse a private key in PEM or DER format
- *
- * \param ctx       key to be initialized
- * \param key       input buffer
- * \param keylen    size of the buffer
- *                  (including the terminating null byte for PEM data)
- * \param pwd       password for decryption (optional)
- * \param pwdlen    size of the password
- *
- * \note            On entry, ctx must be empty, either freshly initialised
- *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- *                  specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note            The key is also checked for correctness.
- *
- * \return          0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
-                  const unsigned char *key, size_t keylen,
-                  const unsigned char *pwd, size_t pwdlen );
-
-/** \ingroup pk_module */
-/**
- * \brief           Parse a public key in PEM or DER format
- *
- * \param ctx       key to be initialized
- * \param key       input buffer
- * \param keylen    size of the buffer
- *                  (including the terminating null byte for PEM data)
- *
- * \note            On entry, ctx must be empty, either freshly initialised
- *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- *                  specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note            The key is also checked for correctness.
- *
- * \return          0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
-                         const unsigned char *key, size_t keylen );
-
-#if defined(MBEDTLS_FS_IO)
-/** \ingroup pk_module */
-/**
- * \brief           Load and parse a private key
- *
- * \param ctx       key to be initialized
- * \param path      filename to read the private key from
- * \param password  password to decrypt the file (can be NULL)
- *
- * \note            On entry, ctx must be empty, either freshly initialised
- *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- *                  specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note            The key is also checked for correctness.
- *
- * \return          0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
-                      const char *path, const char *password );
-
-/** \ingroup pk_module */
-/**
- * \brief           Load and parse a public key
- *
- * \param ctx       key to be initialized
- * \param path      filename to read the public key from
- *
- * \note            On entry, ctx must be empty, either freshly initialised
- *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If
- *                  you need a specific key type, check the result with
- *                  mbedtls_pk_can_do().
- *
- * \note            The key is also checked for correctness.
- *
- * \return          0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
-#endif /* MBEDTLS_PK_PARSE_C */
-
-#if defined(MBEDTLS_PK_WRITE_C)
-/**
- * \brief           Write a private key to a PKCS#1 or SEC1 DER structure
- *                  Note: data is written at the end of the buffer! Use the
- *                        return value to determine where you should start
- *                        using the buffer
- *
- * \param ctx       private to write away
- * \param buf       buffer to write to
- * \param size      size of the buffer
- *
- * \return          length of data written if successful, or a specific
- *                  error code
- */
-int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-
-/**
- * \brief           Write a public key to a SubjectPublicKeyInfo DER structure
- *                  Note: data is written at the end of the buffer! Use the
- *                        return value to determine where you should start
- *                        using the buffer
- *
- * \param ctx       public key to write away
- * \param buf       buffer to write to
- * \param size      size of the buffer
- *
- * \return          length of data written if successful, or a specific
- *                  error code
- */
-int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-/**
- * \brief           Write a public key to a PEM string
- *
- * \param ctx       public key to write away
- * \param buf       buffer to write to
- * \param size      size of the buffer
- *
- * \return          0 if successful, or a specific error code
- */
-int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-
-/**
- * \brief           Write a private key to a PKCS#1 or SEC1 PEM string
- *
- * \param ctx       private to write away
- * \param buf       buffer to write to
- * \param size      size of the buffer
- *
- * \return          0 if successful, or a specific error code
- */
-int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-#endif /* MBEDTLS_PEM_WRITE_C */
-#endif /* MBEDTLS_PK_WRITE_C */
-
-/*
- * WARNING: Low-level functions. You probably do not want to use these unless
- *          you are certain you do ;)
- */
-
-#if defined(MBEDTLS_PK_PARSE_C)
-/**
- * \brief           Parse a SubjectPublicKeyInfo DER structure
- *
- * \param p         the position in the ASN.1 data
- * \param end       end of the buffer
- * \param pk        the key to fill
- *
- * \return          0 if successful, or a specific PK error code
- */
-int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
-                        mbedtls_pk_context *pk );
-#endif /* MBEDTLS_PK_PARSE_C */
-
-#if defined(MBEDTLS_PK_WRITE_C)
-/**
- * \brief           Write a subjectPublicKey to ASN.1 data
- *                  Note: function works backwards in data buffer
- *
- * \param p         reference to current position pointer
- * \param start     start of the buffer (for bounds-checking)
- * \param key       public key to write away
- *
- * \return          the length written or a negative error code
- */
-int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
-                     const mbedtls_pk_context *key );
-#endif /* MBEDTLS_PK_WRITE_C */
-
-/*
- * Internal module functions. You probably do not want to use these unless you
- * know you do.
- */
-#if defined(MBEDTLS_FS_IO)
-int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_PK_H */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/pk_internal.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/pk_internal.h
deleted file mode 100644
index 3dae0fc5..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/pk_internal.h
+++ /dev/null
@@ -1,115 +0,0 @@
-/**
- * \file pk_internal.h
- *
- * \brief Public Key abstraction layer: wrapper functions
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_PK_WRAP_H
-#define MBEDTLS_PK_WRAP_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "pk.h"
-
-struct mbedtls_pk_info_t
-{
-    /** Public key type */
-    mbedtls_pk_type_t type;
-
-    /** Type name */
-    const char *name;
-
-    /** Get key size in bits */
-    size_t (*get_bitlen)( const void * );
-
-    /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */
-    int (*can_do)( mbedtls_pk_type_t type );
-
-    /** Verify signature */
-    int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg,
-                        const unsigned char *hash, size_t hash_len,
-                        const unsigned char *sig, size_t sig_len );
-
-    /** Make signature */
-    int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg,
-                      const unsigned char *hash, size_t hash_len,
-                      unsigned char *sig, size_t *sig_len,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng );
-
-    /** Decrypt message */
-    int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen, size_t osize,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng );
-
-    /** Encrypt message */
-    int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen, size_t osize,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng );
-
-    /** Check public-private key pair */
-    int (*check_pair_func)( const void *pub, const void *prv );
-
-    /** Allocate a new context */
-    void * (*ctx_alloc_func)( void );
-
-    /** Free the given context */
-    void (*ctx_free_func)( void *ctx );
-
-    /** Interface with the debug module */
-    void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );
-
-};
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/* Container for RSA-alt */
-typedef struct
-{
-    void *key;
-    mbedtls_pk_rsa_alt_decrypt_func decrypt_func;
-    mbedtls_pk_rsa_alt_sign_func sign_func;
-    mbedtls_pk_rsa_alt_key_len_func key_len_func;
-} mbedtls_rsa_alt_context;
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-extern const mbedtls_pk_info_t mbedtls_rsa_info;
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-extern const mbedtls_pk_info_t mbedtls_eckey_info;
-extern const mbedtls_pk_info_t mbedtls_eckeydh_info;
-#endif
-
-#if defined(MBEDTLS_ECDSA_C)
-extern const mbedtls_pk_info_t mbedtls_ecdsa_info;
-#endif
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
-#endif
-
-#endif /* MBEDTLS_PK_WRAP_H */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/pkcs11.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/pkcs11.h
deleted file mode 100644
index bf65c55a..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/pkcs11.h
+++ /dev/null
@@ -1,174 +0,0 @@
-/**
- * \file pkcs11.h
- *
- * \brief Wrapper for PKCS#11 library libpkcs11-helper
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_PKCS11_H
-#define MBEDTLS_PKCS11_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PKCS11_C)
-
-#include "x509_crt.h"
-
-#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Context for PKCS #11 private keys.
- */
-typedef struct {
-        pkcs11h_certificate_t pkcs11h_cert;
-        int len;
-} mbedtls_pkcs11_context;
-
-/**
- * Initialize a mbedtls_pkcs11_context.
- * (Just making memory references valid.)
- */
-void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx );
-
-/**
- * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
- *
- * \param cert          X.509 certificate to fill
- * \param pkcs11h_cert  PKCS #11 helper certificate
- *
- * \return              0 on success.
- */
-int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert );
-
-/**
- * Set up a mbedtls_pkcs11_context storing the given certificate. Note that the
- * mbedtls_pkcs11_context will take over control of the certificate, freeing it when
- * done.
- *
- * \param priv_key      Private key structure to fill.
- * \param pkcs11_cert   PKCS #11 helper certificate
- *
- * \return              0 on success
- */
-int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key,
-        pkcs11h_certificate_t pkcs11_cert );
-
-/**
- * Free the contents of the given private key context. Note that the structure
- * itself is not freed.
- *
- * \param priv_key      Private key structure to cleanup
- */
-void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key );
-
-/**
- * \brief          Do an RSA private key decrypt, then remove the message
- *                 padding
- *
- * \param ctx      PKCS #11 context
- * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
- * \param input    buffer holding the encrypted data
- * \param output   buffer that will hold the plaintext
- * \param olen     will contain the plaintext length
- * \param output_max_len    maximum length of the output buffer
- *
- * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note           The output buffer must be as large as the size
- *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
- *                 an error is thrown.
- */
-int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
-                       int mode, size_t *olen,
-                       const unsigned char *input,
-                       unsigned char *output,
-                       size_t output_max_len );
-
-/**
- * \brief          Do a private RSA to sign a message digest
- *
- * \param ctx      PKCS #11 context
- * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
- * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
- * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
- * \param hash     buffer holding the message digest
- * \param sig      buffer that will hold the ciphertext
- *
- * \return         0 if the signing operation was successful,
- *                 or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note           The "sig" buffer must be as large as the size
- *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
- */
-int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
-                    int mode,
-                    mbedtls_md_type_t md_alg,
-                    unsigned int hashlen,
-                    const unsigned char *hash,
-                    unsigned char *sig );
-
-/**
- * SSL/TLS wrappers for PKCS#11 functions
- */
-static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen,
-                        const unsigned char *input, unsigned char *output,
-                        size_t output_max_len )
-{
-    return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output,
-                           output_max_len );
-}
-
-static inline int mbedtls_ssl_pkcs11_sign( void *ctx,
-                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-                     int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
-                     const unsigned char *hash, unsigned char *sig )
-{
-    ((void) f_rng);
-    ((void) p_rng);
-    return mbedtls_pkcs11_sign( (mbedtls_pkcs11_context *) ctx, mode, md_alg,
-                        hashlen, hash, sig );
-}
-
-static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx )
-{
-    return ( (mbedtls_pkcs11_context *) ctx )->len;
-}
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_PKCS11_C */
-
-#endif /* MBEDTLS_PKCS11_H */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/pkcs12.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/pkcs12.h
deleted file mode 100644
index a621ef5b..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/pkcs12.h
+++ /dev/null
@@ -1,120 +0,0 @@
-/**
- * \file pkcs12.h
- *
- * \brief PKCS#12 Personal Information Exchange Syntax
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_PKCS12_H
-#define MBEDTLS_PKCS12_H
-
-#include "md.h"
-#include "cipher.h"
-#include "asn1.h"
-
-#include <stddef.h>
-
-#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA                 -0x1F80  /**< Bad input parameters to function. */
-#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE            -0x1F00  /**< Feature not available, e.g. unsupported encryption scheme. */
-#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT             -0x1E80  /**< PBE ASN.1 data not as expected. */
-#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH              -0x1E00  /**< Given private key password does not allow for correct decryption. */
-
-#define MBEDTLS_PKCS12_DERIVE_KEY       1   /**< encryption/decryption key */
-#define MBEDTLS_PKCS12_DERIVE_IV        2   /**< initialization vector     */
-#define MBEDTLS_PKCS12_DERIVE_MAC_KEY   3   /**< integrity / MAC key       */
-
-#define MBEDTLS_PKCS12_PBE_DECRYPT      0
-#define MBEDTLS_PKCS12_PBE_ENCRYPT      1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief            PKCS12 Password Based function (encryption / decryption)
- *                   for pbeWithSHAAnd128BitRC4
- *
- * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
- * \param mode       either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
- * \param pwd        the password used (may be NULL if no password is used)
- * \param pwdlen     length of the password (may be 0)
- * \param input      the input data
- * \param len        data length
- * \param output     the output buffer
- *
- * \return           0 if successful, or a MBEDTLS_ERR_XXX code
- */
-int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
-                             const unsigned char *pwd,  size_t pwdlen,
-                             const unsigned char *input, size_t len,
-                             unsigned char *output );
-
-/**
- * \brief            PKCS12 Password Based function (encryption / decryption)
- *                   for cipher-based and mbedtls_md-based PBE's
- *
- * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
- * \param mode       either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
- * \param cipher_type the cipher used
- * \param md_type     the mbedtls_md used
- * \param pwd        the password used (may be NULL if no password is used)
- * \param pwdlen     length of the password (may be 0)
- * \param input      the input data
- * \param len        data length
- * \param output     the output buffer
- *
- * \return           0 if successful, or a MBEDTLS_ERR_XXX code
- */
-int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
-                mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
-                const unsigned char *pwd,  size_t pwdlen,
-                const unsigned char *input, size_t len,
-                unsigned char *output );
-
-/**
- * \brief            The PKCS#12 derivation function uses a password and a salt
- *                   to produce pseudo-random bits for a particular "purpose".
- *
- *                   Depending on the given id, this function can produce an
- *                   encryption/decryption key, an nitialization vector or an
- *                   integrity key.
- *
- * \param data       buffer to store the derived data in
- * \param datalen    length to fill
- * \param pwd        password to use (may be NULL if no password is used)
- * \param pwdlen     length of the password (may be 0)
- * \param salt       salt buffer to use
- * \param saltlen    length of the salt
- * \param mbedtls_md         mbedtls_md type to use during the derivation
- * \param id         id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY,
- *                   MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY)
- * \param iterations number of iterations
- *
- * \return          0 if successful, or a MD, BIGNUM type error.
- */
-int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
-                       const unsigned char *pwd, size_t pwdlen,
-                       const unsigned char *salt, size_t saltlen,
-                       mbedtls_md_type_t mbedtls_md, int id, int iterations );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* pkcs12.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/pkcs5.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/pkcs5.h
deleted file mode 100644
index 9a3c9fdd..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/pkcs5.h
+++ /dev/null
@@ -1,95 +0,0 @@
-/**
- * \file pkcs5.h
- *
- * \brief PKCS#5 functions
- *
- * \author Mathias Olsson <mathias@kompetensum.com>
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_PKCS5_H
-#define MBEDTLS_PKCS5_H
-
-#include "asn1.h"
-#include "md.h"
-
-#include <stddef.h>
-#include <stdint.h>
-
-#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA                  -0x2f80  /**< Bad input parameters to function. */
-#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT                  -0x2f00  /**< Unexpected ASN.1 data. */
-#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE             -0x2e80  /**< Requested encryption or digest alg not available. */
-#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH               -0x2e00  /**< Given private key password does not allow for correct decryption. */
-
-#define MBEDTLS_PKCS5_DECRYPT      0
-#define MBEDTLS_PKCS5_ENCRYPT      1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          PKCS#5 PBES2 function
- *
- * \param pbe_params the ASN.1 algorithm parameters
- * \param mode       either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT
- * \param pwd        password to use when generating key
- * \param pwdlen     length of password
- * \param data       data to process
- * \param datalen    length of data
- * \param output     output buffer
- *
- * \returns        0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
- */
-int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
-                 const unsigned char *pwd,  size_t pwdlen,
-                 const unsigned char *data, size_t datalen,
-                 unsigned char *output );
-
-/**
- * \brief          PKCS#5 PBKDF2 using HMAC
- *
- * \param ctx      Generic HMAC context
- * \param password Password to use when generating key
- * \param plen     Length of password
- * \param salt     Salt to use when generating key
- * \param slen     Length of salt
- * \param iteration_count       Iteration count
- * \param key_length            Length of generated key in bytes
- * \param output   Generated key. Must be at least as big as key_length
- *
- * \returns        0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
- */
-int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
-                       size_t plen, const unsigned char *salt, size_t slen,
-                       unsigned int iteration_count,
-                       uint32_t key_length, unsigned char *output );
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mbedtls_pkcs5_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* pkcs5.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/platform.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/platform.h
deleted file mode 100644
index ed107758..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/platform.h
+++ /dev/null
@@ -1,348 +0,0 @@
-/**
- * \file platform.h
- *
- * \brief The Mbed TLS platform abstraction layer.
- */
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_PLATFORM_H
-#define MBEDTLS_PLATFORM_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
-#if defined(_WIN32)
-#define MBEDTLS_PLATFORM_STD_SNPRINTF   mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use.  */
-#else
-#define MBEDTLS_PLATFORM_STD_SNPRINTF   snprintf /**< The default \c snprintf function to use.  */
-#endif
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
-#define MBEDTLS_PLATFORM_STD_PRINTF   printf /**< The default \c printf function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
-#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< The default \c fprintf function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
-#define MBEDTLS_PLATFORM_STD_CALLOC   calloc /**< The default \c calloc function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_FREE)
-#define MBEDTLS_PLATFORM_STD_FREE       free /**< The default \c free function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
-#define MBEDTLS_PLATFORM_STD_EXIT      exit /**< The default \c exit function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_TIME)
-#define MBEDTLS_PLATFORM_STD_TIME       time    /**< The default \c time function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
-#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS  EXIT_SUCCESS /**< The default exit value to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
-#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE  EXIT_FAILURE /**< The default exit value to use. */
-#endif
-#if defined(MBEDTLS_FS_IO)
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_READ   mbedtls_platform_std_nv_seed_read
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE  mbedtls_platform_std_nv_seed_write
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE   "seedfile"
-#endif
-#endif /* MBEDTLS_FS_IO */
-#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
-#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
-#include MBEDTLS_PLATFORM_STD_MEM_HDR
-#endif
-#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
-
-
-/* \} name SECTION: Module settings */
-
-/*
- * The function pointers for calloc and free
- */
-#if defined(MBEDTLS_PLATFORM_MEMORY)
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
-    defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
-#define mbedtls_free       MBEDTLS_PLATFORM_FREE_MACRO
-#define mbedtls_calloc     MBEDTLS_PLATFORM_CALLOC_MACRO
-#else
-/* For size_t */
-#include <stddef.h>
-extern void * (*mbedtls_calloc)( size_t n, size_t size );
-extern void (*mbedtls_free)( void *ptr );
-
-/**
- * \brief   This function allows configuring custom memory-management functions.
- *
- * \param calloc_func   The \c calloc function implementation.
- * \param free_func     The \c free function implementation.
- *
- * \return              \c 0.
- */
-int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
-                              void (*free_func)( void * ) );
-#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
-#else /* !MBEDTLS_PLATFORM_MEMORY */
-#define mbedtls_free       free
-#define mbedtls_calloc     calloc
-#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */
-
-/*
- * The function pointers for fprintf
- */
-#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
-/* We need FILE * */
-#include <stdio.h>
-extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
-
-/**
- * \brief   This function allows configuring a custom \p fprintf function pointer.
- *
- * \param fprintf_func   The \c fprintf function implementation.
- *
- * \return               \c 0.
- */
-int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
-                                               ... ) );
-#else
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
-#define mbedtls_fprintf    MBEDTLS_PLATFORM_FPRINTF_MACRO
-#else
-#define mbedtls_fprintf    fprintf
-#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
-
-/*
- * The function pointers for printf
- */
-#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-extern int (*mbedtls_printf)( const char *format, ... );
-
-/**
- * \brief    This function allows configuring a custom \c printf function
- *           pointer.
- *
- * \param printf_func   The \c printf function implementation.
- *
- * \return              \c 0 on success.
- */
-int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
-#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
-#define mbedtls_printf     MBEDTLS_PLATFORM_PRINTF_MACRO
-#else
-#define mbedtls_printf     printf
-#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
-
-/*
- * The function pointers for snprintf
- *
- * The snprintf implementation should conform to C99:
- * - it *must* always correctly zero-terminate the buffer
- *   (except when n == 0, then it must leave the buffer untouched)
- * - however it is acceptable to return -1 instead of the required length when
- *   the destination buffer is too short.
- */
-#if defined(_WIN32)
-/* For Windows (inc. MSYS2), we provide our own fixed implementation */
-int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
-
-/**
- * \brief   This function allows configuring a custom \c snprintf function
- *          pointer.
- *
- * \param snprintf_func   The \c snprintf function implementation.
- *
- * \return    \c 0 on success.
- */
-int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
-                                                 const char * format, ... ) );
-#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
-#define mbedtls_snprintf   MBEDTLS_PLATFORM_SNPRINTF_MACRO
-#else
-#define mbedtls_snprintf   snprintf
-#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
-
-/*
- * The function pointers for exit
- */
-#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
-extern void (*mbedtls_exit)( int status );
-
-/**
- * \brief   This function allows configuring a custom \c exit function
- *          pointer.
- *
- * \param exit_func   The \c exit function implementation.
- *
- * \return  \c 0 on success.
- */
-int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
-#else
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
-#define mbedtls_exit   MBEDTLS_PLATFORM_EXIT_MACRO
-#else
-#define mbedtls_exit   exit
-#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
-#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
-
-/*
- * The default exit values
- */
-#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
-#define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
-#else
-#define MBEDTLS_EXIT_SUCCESS 0
-#endif
-#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
-#define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE
-#else
-#define MBEDTLS_EXIT_FAILURE 1
-#endif
-
-/*
- * The function pointers for reading from and writing a seed file to
- * Non-Volatile storage (NV) in a platform-independent way
- *
- * Only enabled when the NV seed entropy source is enabled
- */
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
-/* Internal standard platform definitions */
-int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len );
-int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len );
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len );
-extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len );
-
-/**
- * \brief   This function allows configuring custom seed file writing and
- *          reading functions.
- *
- * \param   nv_seed_read_func   The seed reading function implementation.
- * \param   nv_seed_write_func  The seed writing function implementation.
- *
- * \return  \c 0 on success.
- */
-int mbedtls_platform_set_nv_seed(
-            int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
-            int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len )
-            );
-#else
-#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
-    defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
-#define mbedtls_nv_seed_read    MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
-#define mbedtls_nv_seed_write   MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
-#else
-#define mbedtls_nv_seed_read    mbedtls_platform_std_nv_seed_read
-#define mbedtls_nv_seed_write   mbedtls_platform_std_nv_seed_write
-#endif
-#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-
-#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
-
-/**
- * \brief   The platform context structure.
- *
- * \note    This structure may be used to assist platform-specific
- *          setup or teardown operations.
- */
-typedef struct {
-    char dummy; /**< Placeholder member, as empty structs are not portable. */
-}
-mbedtls_platform_context;
-
-#else
-#include "platform_alt.h"
-#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
-
-/**
- * \brief   This function performs any platform initialization operations.
- *
- * \param   ctx     The Mbed TLS context.
- *
- * \return  \c 0 on success.
- *
- * \note    This function is intended to allow platform-specific initialization,
- *          and should be called before any other library functions. Its
- *          implementation is platform-specific, and unless
- *          platform-specific code is provided, it does nothing.
- *
- *          Its use and whether it is necessary to call it is dependent on the
- *          platform.
- */
-int mbedtls_platform_setup( mbedtls_platform_context *ctx );
-/**
- * \brief   This function performs any platform teardown operations.
- *
- * \param   ctx     The Mbed TLS context.
- *
- * \note    This function should be called after every other Mbed TLS module
- *          has been correctly freed using the appropriate free function.
- *          Its implementation is platform-specific, and unless
- *          platform-specific code is provided, it does nothing.
- *
- *          Its use and whether it is necessary to call it is dependent on the
- *          platform.
- */
-void mbedtls_platform_teardown( mbedtls_platform_context *ctx );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* platform.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/platform_time.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/platform_time.h
deleted file mode 100644
index 2ed36f56..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/platform_time.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/**
- * \file platform_time.h
- *
- * \brief mbed TLS Platform time abstraction
- */
-/*
- *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_PLATFORM_TIME_H
-#define MBEDTLS_PLATFORM_TIME_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
-/*
- * The time_t datatype
- */
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
-typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
-#else
-/* For time_t */
-#include <time.h>
-typedef time_t mbedtls_time_t;
-#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
-
-/*
- * The function pointers for time
- */
-#if defined(MBEDTLS_PLATFORM_TIME_ALT)
-extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
-
-/**
- * \brief   Set your own time function pointer
- *
- * \param   time_func   the time function implementation
- *
- * \return              0
- */
-int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
-#else
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
-#define mbedtls_time    MBEDTLS_PLATFORM_TIME_MACRO
-#else
-#define mbedtls_time   time
-#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
-#endif /* MBEDTLS_PLATFORM_TIME_ALT */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* platform_time.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/ripemd160.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/ripemd160.h
deleted file mode 100644
index 3a8b50a6..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/ripemd160.h
+++ /dev/null
@@ -1,239 +0,0 @@
-/**
- * \file ripemd160.h
- *
- * \brief RIPE MD-160 message digest
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_RIPEMD160_H
-#define MBEDTLS_RIPEMD160_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED             -0x0031  /**< RIPEMD160 hardware accelerator failed */
-
-#if !defined(MBEDTLS_RIPEMD160_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          RIPEMD-160 context structure
- */
-typedef struct
-{
-    uint32_t total[2];          /*!< number of bytes processed  */
-    uint32_t state[5];          /*!< intermediate digest state  */
-    unsigned char buffer[64];   /*!< data block being processed */
-}
-mbedtls_ripemd160_context;
-
-/**
- * \brief          Initialize RIPEMD-160 context
- *
- * \param ctx      RIPEMD-160 context to be initialized
- */
-void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx );
-
-/**
- * \brief          Clear RIPEMD-160 context
- *
- * \param ctx      RIPEMD-160 context to be cleared
- */
-void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx );
-
-/**
- * \brief          Clone (the state of) an RIPEMD-160 context
- *
- * \param dst      The destination context
- * \param src      The context to be cloned
- */
-void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
-                        const mbedtls_ripemd160_context *src );
-
-/**
- * \brief          RIPEMD-160 context setup
- *
- * \param ctx      context to be initialized
- *
- * \return         0 if successful
- */
-int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx );
-
-/**
- * \brief          RIPEMD-160 process buffer
- *
- * \param ctx      RIPEMD-160 context
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- *
- * \return         0 if successful
- */
-int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx,
-                                  const unsigned char *input,
-                                  size_t ilen );
-
-/**
- * \brief          RIPEMD-160 final digest
- *
- * \param ctx      RIPEMD-160 context
- * \param output   RIPEMD-160 checksum result
- *
- * \return         0 if successful
- */
-int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx,
-                                  unsigned char output[20] );
-
-/**
- * \brief          RIPEMD-160 process data block (internal use only)
- *
- * \param ctx      RIPEMD-160 context
- * \param data     buffer holding one block of data
- *
- * \return         0 if successful
- */
-int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
-                                        const unsigned char data[64] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          RIPEMD-160 context setup
- *
- * \deprecated     Superseded by mbedtls_ripemd160_starts_ret() in 2.7.0
- *
- * \param ctx      context to be initialized
- */
-MBEDTLS_DEPRECATED void mbedtls_ripemd160_starts(
-                                            mbedtls_ripemd160_context *ctx );
-
-/**
- * \brief          RIPEMD-160 process buffer
- *
- * \deprecated     Superseded by mbedtls_ripemd160_update_ret() in 2.7.0
- *
- * \param ctx      RIPEMD-160 context
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- */
-MBEDTLS_DEPRECATED void mbedtls_ripemd160_update(
-                                                mbedtls_ripemd160_context *ctx,
-                                                const unsigned char *input,
-                                                size_t ilen );
-
-/**
- * \brief          RIPEMD-160 final digest
- *
- * \deprecated     Superseded by mbedtls_ripemd160_finish_ret() in 2.7.0
- *
- * \param ctx      RIPEMD-160 context
- * \param output   RIPEMD-160 checksum result
- */
-MBEDTLS_DEPRECATED void mbedtls_ripemd160_finish(
-                                                mbedtls_ripemd160_context *ctx,
-                                                unsigned char output[20] );
-
-/**
- * \brief          RIPEMD-160 process data block (internal use only)
- *
- * \deprecated     Superseded by mbedtls_internal_ripemd160_process() in 2.7.0
- *
- * \param ctx      RIPEMD-160 context
- * \param data     buffer holding one block of data
- */
-MBEDTLS_DEPRECATED void mbedtls_ripemd160_process(
-                                            mbedtls_ripemd160_context *ctx,
-                                            const unsigned char data[64] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_RIPEMD160_ALT */
-#include "ripemd160_alt.h"
-#endif /* MBEDTLS_RIPEMD160_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Output = RIPEMD-160( input buffer )
- *
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- * \param output   RIPEMD-160 checksum result
- *
- * \return         0 if successful
- */
-int mbedtls_ripemd160_ret( const unsigned char *input,
-                           size_t ilen,
-                           unsigned char output[20] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          Output = RIPEMD-160( input buffer )
- *
- * \deprecated     Superseded by mbedtls_ripemd160_ret() in 2.7.0
- *
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- * \param output   RIPEMD-160 checksum result
- */
-MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input,
-                                           size_t ilen,
-                                           unsigned char output[20] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mbedtls_ripemd160_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_ripemd160.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/rsa.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/rsa.h
deleted file mode 100644
index 5548f3c1..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/rsa.h
+++ /dev/null
@@ -1,1138 +0,0 @@
-/**
- * \file rsa.h
- *
- * \brief The RSA public-key cryptosystem.
- *
- * For more information, see <em>Public-Key Cryptography Standards (PKCS)
- * #1 v1.5: RSA Encryption</em> and <em>Public-Key Cryptography Standards
- * (PKCS) #1 v2.1: RSA Cryptography Specifications</em>.
- *
- */
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_RSA_H
-#define MBEDTLS_RSA_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "bignum.h"
-#include "md.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "threading.h"
-#endif
-
-/*
- * RSA Error codes
- */
-#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA                    -0x4080  /**< Bad input parameters to function. */
-#define MBEDTLS_ERR_RSA_INVALID_PADDING                   -0x4100  /**< Input data contains invalid padding and is rejected. */
-#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED                    -0x4180  /**< Something failed during generation of a key. */
-#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED                  -0x4200  /**< Key failed to pass the validity check of the library. */
-#define MBEDTLS_ERR_RSA_PUBLIC_FAILED                     -0x4280  /**< The public key operation failed. */
-#define MBEDTLS_ERR_RSA_PRIVATE_FAILED                    -0x4300  /**< The private key operation failed. */
-#define MBEDTLS_ERR_RSA_VERIFY_FAILED                     -0x4380  /**< The PKCS#1 verification failed. */
-#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE                  -0x4400  /**< The output buffer for decryption is not large enough. */
-#define MBEDTLS_ERR_RSA_RNG_FAILED                        -0x4480  /**< The random generator failed to generate non-zeros. */
-#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION             -0x4500  /**< The implementation does not offer the requested operation, for example, because of security violations or lack of functionality. */
-#define MBEDTLS_ERR_RSA_HW_ACCEL_FAILED                   -0x4580  /**< RSA hardware accelerator failed. */
-
-/*
- * RSA constants
- */
-#define MBEDTLS_RSA_PUBLIC      0 /**< Request private key operation. */
-#define MBEDTLS_RSA_PRIVATE     1 /**< Request public key operation. */
-
-#define MBEDTLS_RSA_PKCS_V15    0 /**< Use PKCS-1 v1.5 encoding. */
-#define MBEDTLS_RSA_PKCS_V21    1 /**< Use PKCS-1 v2.1 encoding. */
-
-#define MBEDTLS_RSA_SIGN        1 /**< Identifier for RSA signature operations. */
-#define MBEDTLS_RSA_CRYPT       2 /**< Identifier for RSA encryption and decryption operations. */
-
-#define MBEDTLS_RSA_SALT_LEN_ANY    -1
-
-/*
- * The above constants may be used even if the RSA module is compile out,
- * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
- */
-
-#if !defined(MBEDTLS_RSA_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief   The RSA context structure.
- *
- * \note    Direct manipulation of the members of this structure
- *          is deprecated. All manipulation should instead be done through
- *          the public interface functions.
- */
-typedef struct
-{
-    int ver;                    /*!<  Always 0.*/
-    size_t len;                 /*!<  The size of \p N in Bytes. */
-
-    mbedtls_mpi N;                      /*!<  The public modulus. */
-    mbedtls_mpi E;                      /*!<  The public exponent. */
-
-    mbedtls_mpi D;                      /*!<  The private exponent. */
-    mbedtls_mpi P;                      /*!<  The first prime factor. */
-    mbedtls_mpi Q;                      /*!<  The second prime factor. */
-
-    mbedtls_mpi DP;                     /*!<  \p D % (P - 1)       */
-    mbedtls_mpi DQ;                     /*!<  \p D % (Q - 1)       */
-    mbedtls_mpi QP;                     /*!<  1 / (Q % P)       */
-
-    mbedtls_mpi RN;                     /*!<  cached R^2 mod \p N  */
-
-    mbedtls_mpi RP;                     /*!<  cached R^2 mod \p P  */
-    mbedtls_mpi RQ;                     /*!<  cached R^2 mod \p Q  */
-
-    mbedtls_mpi Vi;                     /*!<  The cached blinding value. */
-    mbedtls_mpi Vf;                     /*!<  The cached un-blinding value. */
-
-    int padding;                /*!< Selects padding mode:
-                                     #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
-                                     #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
-    int hash_id;                /*!< Hash identifier of mbedtls_md_type_t type,
-                                     as specified in md.h for use in the MGF
-                                     mask generating function used in the
-                                     EME-OAEP and EMSA-PSS encodings. */
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_threading_mutex_t mutex;    /*!<  Thread-safety mutex. */
-#endif
-}
-mbedtls_rsa_context;
-
-/**
- * \brief          This function initializes an RSA context.
- *
- * \note           Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
- *                 encryption scheme and the RSASSA-PSS signature scheme.
- *
- * \param ctx      The RSA context to initialize.
- * \param padding  Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or
- *                 #MBEDTLS_RSA_PKCS_V21.
- * \param hash_id  The hash identifier of #mbedtls_md_type_t type, if
- *                 \p padding is #MBEDTLS_RSA_PKCS_V21.
- *
- * \note           The \p hash_id parameter is ignored when using
- *                 #MBEDTLS_RSA_PKCS_V15 padding.
- *
- * \note           The choice of padding mode is strictly enforced for private key
- *                 operations, since there might be security concerns in
- *                 mixing padding modes. For public key operations it is
- *                 a default value, which can be overriden by calling specific
- *                 \c rsa_rsaes_xxx or \c rsa_rsassa_xxx functions.
- *
- * \note           The hash selected in \p hash_id is always used for OEAP
- *                 encryption. For PSS signatures, it is always used for
- *                 making signatures, but can be overriden for verifying them.
- *                 If set to #MBEDTLS_MD_NONE, it is always overriden.
- */
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
-                       int padding,
-                       int hash_id);
-
-/**
- * \brief          This function imports a set of core parameters into an
- *                 RSA context.
- *
- * \param ctx      The initialized RSA context to store the parameters in.
- * \param N        The RSA modulus, or NULL.
- * \param P        The first prime factor of \p N, or NULL.
- * \param Q        The second prime factor of \p N, or NULL.
- * \param D        The private exponent, or NULL.
- * \param E        The public exponent, or NULL.
- *
- * \note           This function can be called multiple times for successive
- *                 imports, if the parameters are not simultaneously present.
- *
- *                 Any sequence of calls to this function should be followed
- *                 by a call to mbedtls_rsa_complete(), which checks and
- *                 completes the provided information to a ready-for-use
- *                 public or private RSA key.
- *
- * \note           See mbedtls_rsa_complete() for more information on which
- *                 parameters are necessary to set up a private or public
- *                 RSA key.
- *
- * \note           The imported parameters are copied and need not be preserved
- *                 for the lifetime of the RSA context being set up.
- *
- * \return         \c 0 on success, or a non-zero error code on failure.
- */
-int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
-                        const mbedtls_mpi *N,
-                        const mbedtls_mpi *P, const mbedtls_mpi *Q,
-                        const mbedtls_mpi *D, const mbedtls_mpi *E );
-
-/**
- * \brief          This function imports core RSA parameters, in raw big-endian
- *                 binary format, into an RSA context.
- *
- * \param ctx      The initialized RSA context to store the parameters in.
- * \param N        The RSA modulus, or NULL.
- * \param N_len    The Byte length of \p N, ignored if \p N == NULL.
- * \param P        The first prime factor of \p N, or NULL.
- * \param P_len    The Byte length of \p P, ignored if \p P == NULL.
- * \param Q        The second prime factor of \p N, or NULL.
- * \param Q_len    The Byte length of \p Q, ignored if \p Q == NULL.
- * \param D        The private exponent, or NULL.
- * \param D_len    The Byte length of \p D, ignored if \p D == NULL.
- * \param E        The public exponent, or NULL.
- * \param E_len    The Byte length of \p E, ignored if \p E == NULL.
- *
- * \note           This function can be called multiple times for successive
- *                 imports, if the parameters are not simultaneously present.
- *
- *                 Any sequence of calls to this function should be followed
- *                 by a call to mbedtls_rsa_complete(), which checks and
- *                 completes the provided information to a ready-for-use
- *                 public or private RSA key.
- *
- * \note           See mbedtls_rsa_complete() for more information on which
- *                 parameters are necessary to set up a private or public
- *                 RSA key.
- *
- * \note           The imported parameters are copied and need not be preserved
- *                 for the lifetime of the RSA context being set up.
- *
- * \return         \c 0 on success, or a non-zero error code on failure.
- */
-int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
-                            unsigned char const *N, size_t N_len,
-                            unsigned char const *P, size_t P_len,
-                            unsigned char const *Q, size_t Q_len,
-                            unsigned char const *D, size_t D_len,
-                            unsigned char const *E, size_t E_len );
-
-/**
- * \brief          This function completes an RSA context from
- *                 a set of imported core parameters.
- *
- *                 To setup an RSA public key, precisely \p N and \p E
- *                 must have been imported.
- *
- *                 To setup an RSA private key, sufficient information must
- *                 be present for the other parameters to be derivable.
- *
- *                 The default implementation supports the following:
- *                 <ul><li>Derive \p P, \p Q from \p N, \p D, \p E.</li>
- *                 <li>Derive \p N, \p D from \p P, \p Q, \p E.</li></ul>
- *                 Alternative implementations need not support these.
- *
- *                 If this function runs successfully, it guarantees that
- *                 the RSA context can be used for RSA operations without
- *                 the risk of failure or crash.
- *
- * \param ctx      The initialized RSA context holding imported parameters.
- *
- * \return         \c 0 on success, or #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the
- *                 attempted derivations failed.
- *
- * \warning        This function need not perform consistency checks
- *                 for the imported parameters. In particular, parameters that
- *                 are not needed by the implementation might be silently
- *                 discarded and left unchecked. To check the consistency
- *                 of the key material, see mbedtls_rsa_check_privkey().
- *
- */
-int mbedtls_rsa_complete( mbedtls_rsa_context *ctx );
-
-/**
- * \brief          This function exports the core parameters of an RSA key.
- *
- *                 If this function runs successfully, the non-NULL buffers
- *                 pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
- *                 written, with additional unused space filled leading by
- *                 zero Bytes.
- *
- *                 Possible reasons for returning
- *                 #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:<ul>
- *                 <li>An alternative RSA implementation is in use, which
- *                 stores the key externally, and either cannot or should
- *                 not export it into RAM.</li>
- *                 <li>A SW or HW implementation might not support a certain
- *                 deduction. For example, \p P, \p Q from \p N, \p D,
- *                 and \p E if the former are not part of the
- *                 implementation.</li></ul>
- *
- *                 If the function fails due to an unsupported operation,
- *                 the RSA context stays intact and remains usable.
- *
- * \param ctx      The initialized RSA context.
- * \param N        The MPI to hold the RSA modulus, or NULL.
- * \param P        The MPI to hold the first prime factor of \p N, or NULL.
- * \param Q        The MPI to hold the second prime factor of \p N, or NULL.
- * \param D        The MPI to hold the private exponent, or NULL.
- * \param E        The MPI to hold the public exponent, or NULL.
- *
- * \return         \c 0 on success,
- *                 #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the
- *                 requested parameters cannot be done due to missing
- *                 functionality or because of security policies,
- *                 or a non-zero return code on any other failure.
- *
- */
-int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
-                        mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
-                        mbedtls_mpi *D, mbedtls_mpi *E );
-
-/**
- * \brief          This function exports core parameters of an RSA key
- *                 in raw big-endian binary format.
- *
- *                 If this function runs successfully, the non-NULL buffers
- *                 pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
- *                 written, with additional unused space filled leading by
- *                 zero Bytes.
- *
- *                 Possible reasons for returning
- *                 #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:<ul>
- *                 <li>An alternative RSA implementation is in use, which
- *                 stores the key externally, and either cannot or should
- *                 not export it into RAM.</li>
- *                 <li>A SW or HW implementation might not support a certain
- *                 deduction. For example, \p P, \p Q from \p N, \p D,
- *                 and \p E if the former are not part of the
- *                 implementation.</li></ul>
- *                 If the function fails due to an unsupported operation,
- *                 the RSA context stays intact and remains usable.
- *
- * \param ctx      The initialized RSA context.
- * \param N        The Byte array to store the RSA modulus, or NULL.
- * \param N_len    The size of the buffer for the modulus.
- * \param P        The Byte array to hold the first prime factor of \p N, or
- *                 NULL.
- * \param P_len    The size of the buffer for the first prime factor.
- * \param Q        The Byte array to hold the second prime factor of \p N, or
-                   NULL.
- * \param Q_len    The size of the buffer for the second prime factor.
- * \param D        The Byte array to hold the private exponent, or NULL.
- * \param D_len    The size of the buffer for the private exponent.
- * \param E        The Byte array to hold the public exponent, or NULL.
- * \param E_len    The size of the buffer for the public exponent.
- *
- * \note           The length fields are ignored if the corresponding
- *                 buffer pointers are NULL.
- *
- * \return         \c 0 on success,
- *                 #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION if exporting the
- *                 requested parameters cannot be done due to missing
- *                 functionality or because of security policies,
- *                 or a non-zero return code on any other failure.
- */
-int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
-                            unsigned char *N, size_t N_len,
-                            unsigned char *P, size_t P_len,
-                            unsigned char *Q, size_t Q_len,
-                            unsigned char *D, size_t D_len,
-                            unsigned char *E, size_t E_len );
-
-/**
- * \brief          This function exports CRT parameters of a private RSA key.
- *
- * \param ctx      The initialized RSA context.
- * \param DP       The MPI to hold D modulo P-1, or NULL.
- * \param DQ       The MPI to hold D modulo Q-1, or NULL.
- * \param QP       The MPI to hold modular inverse of Q modulo P, or NULL.
- *
- * \return         \c 0 on success, non-zero error code otherwise.
- *
- * \note           Alternative RSA implementations not using CRT-parameters
- *                 internally can implement this function based on
- *                 mbedtls_rsa_deduce_opt().
- *
- */
-int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
-                            mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP );
-
-/**
- * \brief          This function sets padding for an already initialized RSA
- *                 context. See mbedtls_rsa_init() for details.
- *
- * \param ctx      The RSA context to be set.
- * \param padding  Selects padding mode: #MBEDTLS_RSA_PKCS_V15 or
- *                 #MBEDTLS_RSA_PKCS_V21.
- * \param hash_id  The #MBEDTLS_RSA_PKCS_V21 hash identifier.
- */
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
-                              int hash_id);
-
-/**
- * \brief          This function retrieves the length of RSA modulus in Bytes.
- *
- * \param ctx      The initialized RSA context.
- *
- * \return         The length of the RSA modulus in Bytes.
- *
- */
-size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx );
-
-/**
- * \brief          This function generates an RSA keypair.
- *
- * \param ctx      The RSA context used to hold the key.
- * \param f_rng    The RNG function.
- * \param p_rng    The RNG parameter.
- * \param nbits    The size of the public key in bits.
- * \param exponent The public exponent. For example, 65537.
- *
- * \note           mbedtls_rsa_init() must be called before this function,
- *                 to set up the RSA context.
- *
- * \return         \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
-                   on failure.
- */
-int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         unsigned int nbits, int exponent );
-
-/**
- * \brief          This function checks if a context contains at least an RSA
- *                 public key.
- *
- *                 If the function runs successfully, it is guaranteed that
- *                 enough information is present to perform an RSA public key
- *                 operation using mbedtls_rsa_public().
- *
- * \param ctx      The RSA context to check.
- *
- * \return         \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- *                 on failure.
- *
- */
-int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
-
-/**
- * \brief      This function checks if a context contains an RSA private key
- *             and perform basic consistency checks.
- *
- * \param ctx  The RSA context to check.
- *
- * \return     \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code on
- *             failure.
- *
- * \note       The consistency checks performed by this function not only
- *             ensure that mbedtls_rsa_private() can be called successfully
- *             on the given context, but that the various parameters are
- *             mutually consistent with high probability, in the sense that
- *             mbedtls_rsa_public() and mbedtls_rsa_private() are inverses.
- *
- * \warning    This function should catch accidental misconfigurations
- *             like swapping of parameters, but it cannot establish full
- *             trust in neither the quality nor the consistency of the key
- *             material that was used to setup the given RSA context:
- *             <ul><li>Consistency: Imported parameters that are irrelevant
- *             for the implementation might be silently dropped. If dropped,
- *             the current function does not have access to them,
- *             and therefore cannot check them. See mbedtls_rsa_complete().
- *             If you want to check the consistency of the entire
- *             content of an PKCS1-encoded RSA private key, for example, you
- *             should use mbedtls_rsa_validate_params() before setting
- *             up the RSA context.
- *             Additionally, if the implementation performs empirical checks,
- *             these checks substantiate but do not guarantee consistency.</li>
- *             <li>Quality: This function is not expected to perform
- *             extended quality assessments like checking that the prime
- *             factors are safe. Additionally, it is the responsibility of the
- *             user to ensure the trustworthiness of the source of his RSA
- *             parameters, which goes beyond what is effectively checkable
- *             by the library.</li></ul>
- */
-int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
-
-/**
- * \brief          This function checks a public-private RSA key pair.
- *
- *                 It checks each of the contexts, and makes sure they match.
- *
- * \param pub      The RSA context holding the public key.
- * \param prv      The RSA context holding the private key.
- *
- * \return         \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- *                 on failure.
- */
-int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
-                                const mbedtls_rsa_context *prv );
-
-/**
- * \brief          This function performs an RSA public key operation.
- *
- * \param ctx      The RSA context.
- * \param input    The input buffer.
- * \param output   The output buffer.
- *
- * \return         \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- *                 on failure.
- *
- * \note           This function does not handle message padding.
- *
- * \note           Make sure to set \p input[0] = 0 or ensure that
- *                 input is smaller than \p N.
- *
- * \note           The input and output buffers must be large
- *                 enough. For example, 128 Bytes if RSA-1024 is used.
- */
-int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
-                const unsigned char *input,
-                unsigned char *output );
-
-/**
- * \brief          This function performs an RSA private key operation.
- *
- * \param ctx      The RSA context.
- * \param f_rng    The RNG function. Needed for blinding.
- * \param p_rng    The RNG parameter.
- * \param input    The input buffer.
- * \param output   The output buffer.
- *
- * \return         \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- *                 on failure.
- *
- * \note           The input and output buffers must be large
- *                 enough. For example, 128 Bytes if RSA-1024 is used.
- *
- * \note           Blinding is used if and only if a PRNG is provided.
- *
- * \note           If blinding is used, both the base of exponentation
- *                 and the exponent are blinded, providing protection
- *                 against some side-channel attacks.
- *
- * \warning        It is deprecated and a security risk to not provide
- *                 a PRNG here and thereby prevent the use of blinding.
- *                 Future versions of the library may enforce the presence
- *                 of a PRNG.
- *
- */
-int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
-                 int (*f_rng)(void *, unsigned char *, size_t),
-                 void *p_rng,
-                 const unsigned char *input,
-                 unsigned char *output );
-
-/**
- * \brief          This function adds the message padding, then performs an RSA
- *                 operation.
- *
- *                 It is the generic wrapper for performing a PKCS#1 encryption
- *                 operation using the \p mode from the context.
- *
- *
- * \param ctx      The RSA context.
- * \param f_rng    The RNG function. Needed for padding, PKCS#1 v2.1
- *                 encoding, and #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG parameter.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param ilen     The length of the plaintext.
- * \param input    The buffer holding the data to encrypt.
- * \param output   The buffer used to hold the ciphertext.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- *                 return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- *
- * \return         \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- *                 on failure.
- *
- * \note           The input and output buffers must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- */
-int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng,
-                       int mode, size_t ilen,
-                       const unsigned char *input,
-                       unsigned char *output );
-
-/**
- * \brief          This function performs a PKCS#1 v1.5 encryption operation
- *                 (RSAES-PKCS1-v1_5-ENCRYPT).
- *
- * \param ctx      The RSA context.
- * \param f_rng    The RNG function. Needed for padding and
- *                 #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG parameter.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param ilen     The length of the plaintext.
- * \param input    The buffer holding the data to encrypt.
- * \param output   The buffer used to hold the ciphertext.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- *                 return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- *
- * \return         \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- *                 on failure.
- *
- * \note           The output buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng,
-                                 int mode, size_t ilen,
-                                 const unsigned char *input,
-                                 unsigned char *output );
-
-/**
- * \brief            This function performs a PKCS#1 v2.1 OAEP encryption
- *                   operation (RSAES-OAEP-ENCRYPT).
- *
- * \param ctx        The RSA context.
- * \param f_rng      The RNG function. Needed for padding and PKCS#1 v2.1
- *                   encoding and #MBEDTLS_RSA_PRIVATE.
- * \param p_rng      The RNG parameter.
- * \param mode       #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param label      The buffer holding the custom label to use.
- * \param label_len  The length of the label.
- * \param ilen       The length of the plaintext.
- * \param input      The buffer holding the data to encrypt.
- * \param output     The buffer used to hold the ciphertext.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- *                 return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- *
- * \return         \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- *                 on failure.
- *
- * \note           The output buffer must be as large as the size
- *                 of ctx->N. For example, 128 Bytes if RSA-1024 is used.
- */
-int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng,
-                            int mode,
-                            const unsigned char *label, size_t label_len,
-                            size_t ilen,
-                            const unsigned char *input,
-                            unsigned char *output );
-
-/**
- * \brief          This function performs an RSA operation, then removes the
- *                 message padding.
- *
- *                 It is the generic wrapper for performing a PKCS#1 decryption
- *                 operation using the \p mode from the context.
- *
- * \param ctx      The RSA context.
- * \param f_rng    The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG parameter.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param olen     The length of the plaintext.
- * \param input    The buffer holding the encrypted data.
- * \param output   The buffer used to hold the plaintext.
- * \param output_max_len    The maximum length of the output buffer.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- *                 return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- *
- * \return         \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- *                 on failure.
- *
- * \note           The output buffer length \c output_max_len should be
- *                 as large as the size \p ctx->len of \p ctx->N (for example,
- *                 128 Bytes if RSA-1024 is used) to be able to hold an
- *                 arbitrary decrypted message. If it is not large enough to
- *                 hold the decryption of the particular ciphertext provided,
- *                 the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \note           The input buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- */
-int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng,
-                       int mode, size_t *olen,
-                       const unsigned char *input,
-                       unsigned char *output,
-                       size_t output_max_len );
-
-/**
- * \brief          This function performs a PKCS#1 v1.5 decryption
- *                 operation (RSAES-PKCS1-v1_5-DECRYPT).
- *
- * \param ctx      The RSA context.
- * \param f_rng    The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG parameter.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param olen     The length of the plaintext.
- * \param input    The buffer holding the encrypted data.
- * \param output   The buffer to hold the plaintext.
- * \param output_max_len    The maximum length of the output buffer.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- *                 return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- *
- * \return         \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- *                 on failure.
- *
- * \note           The output buffer length \c output_max_len should be
- *                 as large as the size \p ctx->len of \p ctx->N, for example,
- *                 128 Bytes if RSA-1024 is used, to be able to hold an
- *                 arbitrary decrypted message. If it is not large enough to
- *                 hold the decryption of the particular ciphertext provided,
- *                 the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \note           The input buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng,
-                                 int mode, size_t *olen,
-                                 const unsigned char *input,
-                                 unsigned char *output,
-                                 size_t output_max_len );
-
-/**
- * \brief          This function performs a PKCS#1 v2.1 OAEP decryption
- *                 operation (RSAES-OAEP-DECRYPT).
- *
- * \param ctx        The RSA context.
- * \param f_rng      The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng      The RNG parameter.
- * \param mode       #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param label      The buffer holding the custom label to use.
- * \param label_len  The length of the label.
- * \param olen       The length of the plaintext.
- * \param input      The buffer holding the encrypted data.
- * \param output     The buffer to hold the plaintext.
- * \param output_max_len    The maximum length of the output buffer.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- *                 return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- *
- * \return         \c 0 on success, or an \c MBEDTLS_ERR_RSA_XXX error code
- *                 on failure.
- *
- * \note           The output buffer length \c output_max_len should be
- *                 as large as the size \p ctx->len of \p ctx->N, for
- *                 example, 128 Bytes if RSA-1024 is used, to be able to
- *                 hold an arbitrary decrypted message. If it is not
- *                 large enough to hold the decryption of the particular
- *                 ciphertext provided, the function returns
- *                 #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \note           The input buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- */
-int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng,
-                            int mode,
-                            const unsigned char *label, size_t label_len,
-                            size_t *olen,
-                            const unsigned char *input,
-                            unsigned char *output,
-                            size_t output_max_len );
-
-/**
- * \brief          This function performs a private RSA operation to sign
- *                 a message digest using PKCS#1.
- *
- *                 It is the generic wrapper for performing a PKCS#1
- *                 signature using the \p mode from the context.
- *
- * \param ctx      The RSA context.
- * \param f_rng    The RNG function. Needed for PKCS#1 v2.1 encoding and for
- *                 #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG parameter.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param md_alg   The message-digest algorithm used to hash the original data.
- *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest.
- * \param sig      The buffer to hold the ciphertext.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- *                 return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- *
- * \return         \c 0 if the signing operation was successful,
- *                 or an \c MBEDTLS_ERR_RSA_XXX error code on failure.
- *
- * \note           The \p sig buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \note           For PKCS#1 v2.1 encoding, see comments on
- *                 mbedtls_rsa_rsassa_pss_sign() for details on
- *                 \p md_alg and \p hash_id.
- */
-int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
-                    int (*f_rng)(void *, unsigned char *, size_t),
-                    void *p_rng,
-                    int mode,
-                    mbedtls_md_type_t md_alg,
-                    unsigned int hashlen,
-                    const unsigned char *hash,
-                    unsigned char *sig );
-
-/**
- * \brief          This function performs a PKCS#1 v1.5 signature
- *                 operation (RSASSA-PKCS1-v1_5-SIGN).
- *
- * \param ctx      The RSA context.
- * \param f_rng    The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG parameter.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param md_alg   The message-digest algorithm used to hash the original data.
- *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest.
- * \param sig      The buffer to hold the ciphertext.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- *                 return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- *
- * \return         \c 0 if the signing operation was successful,
- *                 or an \c MBEDTLS_ERR_RSA_XXX error code
- *                 on failure.
- *
- * \note           The \p sig buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng,
-                               int mode,
-                               mbedtls_md_type_t md_alg,
-                               unsigned int hashlen,
-                               const unsigned char *hash,
-                               unsigned char *sig );
-
-/**
- * \brief          This function performs a PKCS#1 v2.1 PSS signature
- *                 operation (RSASSA-PSS-SIGN).
- *
- * \param ctx      The RSA context.
- * \param f_rng    The RNG function. Needed for PKCS#1 v2.1 encoding and for
- *                 #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG parameter.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param md_alg   The message-digest algorithm used to hash the original data.
- *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest.
- * \param sig      The buffer to hold the ciphertext.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- *                 return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- *
- * \return         \c 0 if the signing operation was successful,
- *                 or an \c MBEDTLS_ERR_RSA_XXX error code
- *                 on failure.
- *
- * \note           The \p sig buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \note           The \p hash_id in the RSA context is the one used for the
- *                 encoding. \p md_alg in the function call is the type of hash
- *                 that is encoded. According to <em>RFC-3447: Public-Key
- *                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- *                 Specifications</em> it is advised to keep both hashes the
- *                 same.
- */
-int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         int mode,
-                         mbedtls_md_type_t md_alg,
-                         unsigned int hashlen,
-                         const unsigned char *hash,
-                         unsigned char *sig );
-
-/**
- * \brief          This function performs a public RSA operation and checks
- *                 the message digest.
- *
- *                 This is the generic wrapper for performing a PKCS#1
- *                 verification using the mode from the context.
- *
- * \param ctx      The RSA public key context.
- * \param f_rng    The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG parameter.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param md_alg   The message-digest algorithm used to hash the original data.
- *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest.
- * \param sig      The buffer holding the ciphertext.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- *                 return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- *
- * \return         \c 0 if the verify operation was successful,
- *                 or an \c MBEDTLS_ERR_RSA_XXX error code
- *                 on failure.
- *
- * \note           The \p sig buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \note           For PKCS#1 v2.1 encoding, see comments on
- *                 mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
- *                 \p hash_id.
- */
-int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng,
-                      int mode,
-                      mbedtls_md_type_t md_alg,
-                      unsigned int hashlen,
-                      const unsigned char *hash,
-                      const unsigned char *sig );
-
-/**
- * \brief          This function performs a PKCS#1 v1.5 verification
- *                 operation (RSASSA-PKCS1-v1_5-VERIFY).
- *
- * \param ctx      The RSA public key context.
- * \param f_rng    The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG parameter.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param md_alg   The message-digest algorithm used to hash the original data.
- *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest.
- * \param sig      The buffer holding the ciphertext.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- *                 return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- *
- * \return         \c 0 if the verify operation was successful,
- *                 or an \c MBEDTLS_ERR_RSA_XXX error code
- *                 on failure.
- *
- * \note           The \p sig buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng,
-                                 int mode,
-                                 mbedtls_md_type_t md_alg,
-                                 unsigned int hashlen,
-                                 const unsigned char *hash,
-                                 const unsigned char *sig );
-
-/**
- * \brief          This function performs a PKCS#1 v2.1 PSS verification
- *                 operation (RSASSA-PSS-VERIFY).
- *
- *                 The hash function for the MGF mask generating function
- *                 is that specified in the RSA context.
- *
- * \param ctx      The RSA public key context.
- * \param f_rng    The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG parameter.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param md_alg   The message-digest algorithm used to hash the original data.
- *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest.
- * \param sig      The buffer holding the ciphertext.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- *                 return #MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
- *
- * \return         \c 0 if the verify operation was successful,
- *                 or an \c MBEDTLS_ERR_RSA_XXX error code
- *                 on failure.
- *
- * \note           The \p sig buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \note           The \p hash_id in the RSA context is the one used for the
- *                 verification. \p md_alg in the function call is the type of
- *                 hash that is verified. According to <em>RFC-3447: Public-Key
- *                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- *                 Specifications</em> it is advised to keep both hashes the
- *                 same. If \p hash_id in the RSA context is unset,
- *                 the \p md_alg from the function call is used.
- */
-int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
-                           int (*f_rng)(void *, unsigned char *, size_t),
-                           void *p_rng,
-                           int mode,
-                           mbedtls_md_type_t md_alg,
-                           unsigned int hashlen,
-                           const unsigned char *hash,
-                           const unsigned char *sig );
-
-/**
- * \brief          This function performs a PKCS#1 v2.1 PSS verification
- *                 operation (RSASSA-PSS-VERIFY).
- *
- *                 The hash function for the MGF mask generating function
- *                 is that specified in \p mgf1_hash_id.
- *
- * \param ctx      The RSA public key context.
- * \param f_rng    The RNG function. Only needed for #MBEDTLS_RSA_PRIVATE.
- * \param p_rng    The RNG parameter.
- * \param mode     #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param md_alg   The message-digest algorithm used to hash the original data.
- *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest. Only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest.
- * \param mgf1_hash_id The message digest used for mask generation.
- * \param expected_salt_len The length of the salt used in padding. Use
- *                 #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
- * \param sig      The buffer holding the ciphertext.
- *
- * \return         \c 0 if the verify operation was successful,
- *                 or an \c MBEDTLS_ERR_RSA_XXX error code
- *                 on failure.
- *
- * \note           The \p sig buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \note           The \p hash_id in the RSA context is ignored.
- */
-int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng,
-                               int mode,
-                               mbedtls_md_type_t md_alg,
-                               unsigned int hashlen,
-                               const unsigned char *hash,
-                               mbedtls_md_type_t mgf1_hash_id,
-                               int expected_salt_len,
-                               const unsigned char *sig );
-
-/**
- * \brief          This function copies the components of an RSA context.
- *
- * \param dst      The destination context.
- * \param src      The source context.
- *
- * \return         \c 0 on success,
- *                 #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
- */
-int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );
-
-/**
- * \brief          This function frees the components of an RSA key.
- *
- * \param ctx      The RSA Context to free.
- */
-void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_RSA_ALT */
-#include "rsa_alt.h"
-#endif /* MBEDTLS_RSA_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          The RSA checkup routine.
- *
- * \return         \c 0 on success, or \c 1 on failure.
- */
-int mbedtls_rsa_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* rsa.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/rsa_internal.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/rsa_internal.h
deleted file mode 100644
index bcb3c940..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/rsa_internal.h
+++ /dev/null
@@ -1,216 +0,0 @@
-/**
- * \file rsa_internal.h
- *
- * \brief Context-independent RSA helper functions
- */
-/*
- *  Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- *
- *
- *  This file declares some RSA-related helper functions useful when
- *  implementing the RSA interface. They are public and provided in a
- *  separate compilation unit in order to make it easy for designers of
- *  alternative RSA implementations to use them in their code, as it is
- *  conceived that the functionality they provide will be necessary
- *  for most complete implementations.
- *
- *  End-users of Mbed TLS not intending to re-implement the RSA functionality
- *  are not expected to get into the need of making use of these functions directly,
- *  but instead should be able to use the functions declared in rsa.h.
- *
- *  There are two classes of helper functions:
- *  (1) Parameter-generating helpers. These are:
- *      - mbedtls_rsa_deduce_primes
- *      - mbedtls_rsa_deduce_private_exponent
- *      - mbedtls_rsa_deduce_crt
- *       Each of these functions takes a set of core RSA parameters
- *       and generates some other, or CRT related parameters.
- *  (2) Parameter-checking helpers. These are:
- *      - mbedtls_rsa_validate_params
- *      - mbedtls_rsa_validate_crt
- *      They take a set of core or CRT related RSA parameters
- *      and check their validity.
- *
- */
-
-#ifndef MBEDTLS_RSA_INTERNAL_H
-#define MBEDTLS_RSA_INTERNAL_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "bignum.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-/**
- * \brief          Compute RSA prime moduli P, Q from public modulus N=PQ
- *                 and a pair of private and public key.
- *
- * \note           This is a 'static' helper function not operating on
- *                 an RSA context. Alternative implementations need not
- *                 overwrite it.
- *
- * \param N        RSA modulus N = PQ, with P, Q to be found
- * \param E        RSA public exponent
- * \param D        RSA private exponent
- * \param P        Pointer to MPI holding first prime factor of N on success
- * \param Q        Pointer to MPI holding second prime factor of N on success
- *
- * \return
- *                 - 0 if successful. In this case, P and Q constitute a
- *                   factorization of N.
- *                 - A non-zero error code otherwise.
- *
- * \note           It is neither checked that P, Q are prime nor that
- *                 D, E are modular inverses wrt. P-1 and Q-1. For that,
- *                 use the helper function \c mbedtls_rsa_validate_params.
- *
- */
-int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *E,
-                               mbedtls_mpi const *D,
-                               mbedtls_mpi *P, mbedtls_mpi *Q );
-
-/**
- * \brief          Compute RSA private exponent from
- *                 prime moduli and public key.
- *
- * \note           This is a 'static' helper function not operating on
- *                 an RSA context. Alternative implementations need not
- *                 overwrite it.
- *
- * \param P        First prime factor of RSA modulus
- * \param Q        Second prime factor of RSA modulus
- * \param E        RSA public exponent
- * \param D        Pointer to MPI holding the private exponent on success.
- *
- * \return
- *                 - 0 if successful. In this case, D is set to a simultaneous
- *                   modular inverse of E modulo both P-1 and Q-1.
- *                 - A non-zero error code otherwise.
- *
- * \note           This function does not check whether P and Q are primes.
- *
- */
-int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P,
-                                         mbedtls_mpi const *Q,
-                                         mbedtls_mpi const *E,
-                                         mbedtls_mpi *D );
-
-
-/**
- * \brief          Generate RSA-CRT parameters
- *
- * \note           This is a 'static' helper function not operating on
- *                 an RSA context. Alternative implementations need not
- *                 overwrite it.
- *
- * \param P        First prime factor of N
- * \param Q        Second prime factor of N
- * \param D        RSA private exponent
- * \param DP       Output variable for D modulo P-1
- * \param DQ       Output variable for D modulo Q-1
- * \param QP       Output variable for the modular inverse of Q modulo P.
- *
- * \return         0 on success, non-zero error code otherwise.
- *
- * \note           This function does not check whether P, Q are
- *                 prime and whether D is a valid private exponent.
- *
- */
-int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
-                            const mbedtls_mpi *D, mbedtls_mpi *DP,
-                            mbedtls_mpi *DQ, mbedtls_mpi *QP );
-
-
-/**
- * \brief          Check validity of core RSA parameters
- *
- * \note           This is a 'static' helper function not operating on
- *                 an RSA context. Alternative implementations need not
- *                 overwrite it.
- *
- * \param N        RSA modulus N = PQ
- * \param P        First prime factor of N
- * \param Q        Second prime factor of N
- * \param D        RSA private exponent
- * \param E        RSA public exponent
- * \param f_rng    PRNG to be used for primality check, or NULL
- * \param p_rng    PRNG context for f_rng, or NULL
- *
- * \return
- *                 - 0 if the following conditions are satisfied
- *                   if all relevant parameters are provided:
- *                    - P prime if f_rng != NULL (%)
- *                    - Q prime if f_rng != NULL (%)
- *                    - 1 < N = P * Q
- *                    - 1 < D, E < N
- *                    - D and E are modular inverses modulo P-1 and Q-1
- *                   (%) This is only done if MBEDTLS_GENPRIME is defined.
- *                 - A non-zero error code otherwise.
- *
- * \note           The function can be used with a restricted set of arguments
- *                 to perform specific checks only. E.g., calling it with
- *                 (-,P,-,-,-) and a PRNG amounts to a primality check for P.
- */
-int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P,
-                                 const mbedtls_mpi *Q, const mbedtls_mpi *D,
-                                 const mbedtls_mpi *E,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng );
-
-/**
- * \brief          Check validity of RSA CRT parameters
- *
- * \note           This is a 'static' helper function not operating on
- *                 an RSA context. Alternative implementations need not
- *                 overwrite it.
- *
- * \param P        First prime factor of RSA modulus
- * \param Q        Second prime factor of RSA modulus
- * \param D        RSA private exponent
- * \param DP       MPI to check for D modulo P-1
- * \param DQ       MPI to check for D modulo P-1
- * \param QP       MPI to check for the modular inverse of Q modulo P.
- *
- * \return
- *                 - 0 if the following conditions are satisfied:
- *                    - D = DP mod P-1 if P, D, DP != NULL
- *                    - Q = DQ mod P-1 if P, D, DQ != NULL
- *                    - QP = Q^-1 mod P if P, Q, QP != NULL
- *                 - \c MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed,
- *                   potentially including \c MBEDTLS_ERR_MPI_XXX if some
- *                   MPI calculations failed.
- *                 - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient
- *                   data was provided to check DP, DQ or QP.
- *
- * \note           The function can be used with a restricted set of arguments
- *                 to perform specific checks only. E.g., calling it with the
- *                 parameters (P, -, D, DP, -, -) will check DP = D mod P-1.
- */
-int mbedtls_rsa_validate_crt( const mbedtls_mpi *P,  const mbedtls_mpi *Q,
-                              const mbedtls_mpi *D,  const mbedtls_mpi *DP,
-                              const mbedtls_mpi *DQ, const mbedtls_mpi *QP );
-
-#endif /* rsa_internal.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/sha1.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/sha1.h
deleted file mode 100644
index 05540cde..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/sha1.h
+++ /dev/null
@@ -1,322 +0,0 @@
-/**
- * \file sha1.h
- *
- * \brief The SHA-1 cryptographic hash function.
- *
- * \warning   SHA-1 is considered a weak message digest and its use constitutes
- *            a security risk. We recommend considering stronger message
- *            digests instead.
- */
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_SHA1_H
-#define MBEDTLS_SHA1_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED                  -0x0035  /**< SHA-1 hardware accelerator failed */
-
-#if !defined(MBEDTLS_SHA1_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          The SHA-1 context structure.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-typedef struct
-{
-    uint32_t total[2];          /*!< The number of Bytes processed.  */
-    uint32_t state[5];          /*!< The intermediate digest state.  */
-    unsigned char buffer[64];   /*!< The data block being processed. */
-}
-mbedtls_sha1_context;
-
-/**
- * \brief          This function initializes a SHA-1 context.
- *
- * \param ctx      The SHA-1 context to initialize.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
-
-/**
- * \brief          This function clears a SHA-1 context.
- *
- * \param ctx      The SHA-1 context to clear.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
-
-/**
- * \brief          This function clones the state of a SHA-1 context.
- *
- * \param dst      The destination context.
- * \param src      The context to clone.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
-                         const mbedtls_sha1_context *src );
-
-/**
- * \brief          This function starts a SHA-1 checksum calculation.
- *
- * \param ctx      The context to initialize.
- *
- * \return         \c 0 if successful
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
-
-/**
- * \brief          This function feeds an input buffer into an ongoing SHA-1
- *                 checksum calculation.
- *
- * \param ctx      The SHA-1 context.
- * \param input    The buffer holding the input data.
- * \param ilen     The length of the input data.
- *
- * \return         \c 0 if successful
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
-                             const unsigned char *input,
-                             size_t ilen );
-
-/**
- * \brief          This function finishes the SHA-1 operation, and writes
- *                 the result to the output buffer.
- *
- * \param ctx      The SHA-1 context.
- * \param output   The SHA-1 checksum result.
- *
- * \return         \c 0 if successful
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
-                             unsigned char output[20] );
-
-/**
- * \brief          SHA-1 process data block (internal use only)
- *
- * \param ctx      SHA-1 context
- * \param data     The data block being processed.
- *
- * \return         \c 0 if successful
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
-                                   const unsigned char data[64] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          SHA-1 context setup
- *
- * \deprecated     Superseded by mbedtls_sha1_starts_ret() in 2.7.0
- *
- * \param ctx      The SHA-1 context to be initialized.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
-
-/**
- * \brief          SHA-1 process buffer
- *
- * \deprecated     Superseded by mbedtls_sha1_update_ret() in 2.7.0
- *
- * \param ctx      The SHA-1 context.
- * \param input    The buffer holding the input data.
- * \param ilen     The length of the input data.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
-                                             const unsigned char *input,
-                                             size_t ilen );
-
-/**
- * \brief          SHA-1 final digest
- *
- * \deprecated     Superseded by mbedtls_sha1_finish_ret() in 2.7.0
- *
- * \param ctx      The SHA-1 context.
- * \param output   The SHA-1 checksum result.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
-                                             unsigned char output[20] );
-
-/**
- * \brief          SHA-1 process data block (internal use only)
- *
- * \deprecated     Superseded by mbedtls_internal_sha1_process() in 2.7.0
- *
- * \param ctx      The SHA-1 context.
- * \param data     The data block being processed.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
-                                              const unsigned char data[64] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_SHA1_ALT */
-#include "sha1_alt.h"
-#endif /* MBEDTLS_SHA1_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          This function calculates the SHA-1 checksum of a buffer.
- *
- *                 The function allocates the context, performs the
- *                 calculation, and frees the context.
- *
- *                 The SHA-1 result is calculated as
- *                 output = SHA-1(input buffer).
- *
- * \param input    The buffer holding the input data.
- * \param ilen     The length of the input data.
- * \param output   The SHA-1 checksum result.
- *
- * \return         \c 0 if successful
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_sha1_ret( const unsigned char *input,
-                      size_t ilen,
-                      unsigned char output[20] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          Output = SHA-1( input buffer )
- *
- * \deprecated     Superseded by mbedtls_sha1_ret() in 2.7.0
- *
- * \param input    The buffer holding the input data.
- * \param ilen     The length of the input data.
- * \param output   The SHA-1 checksum result.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
-                                      size_t ilen,
-                                      unsigned char output[20] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief          The SHA-1 checkup routine.
- *
- * \return         \c 0 on success, or \c 1 on failure.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_sha1_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_sha1.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/sha256.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/sha256.h
deleted file mode 100644
index ffb16c27..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/sha256.h
+++ /dev/null
@@ -1,278 +0,0 @@
-/**
- * \file sha256.h
- *
- * \brief The SHA-224 and SHA-256 cryptographic hash function.
- */
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_SHA256_H
-#define MBEDTLS_SHA256_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED                -0x0037  /**< SHA-256 hardware accelerator failed */
-
-#if !defined(MBEDTLS_SHA256_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          The SHA-256 context structure.
- *
- *                 The structure is used both for SHA-256 and for SHA-224
- *                 checksum calculations. The choice between these two is
- *                 made in the call to mbedtls_sha256_starts_ret().
- */
-typedef struct
-{
-    uint32_t total[2];          /*!< The number of Bytes processed.  */
-    uint32_t state[8];          /*!< The intermediate digest state.  */
-    unsigned char buffer[64];   /*!< The data block being processed. */
-    int is224;                  /*!< Determines which function to use.
-                                     <ul><li>0: Use SHA-256.</li>
-                                     <li>1: Use SHA-224.</li></ul> */
-}
-mbedtls_sha256_context;
-
-/**
- * \brief          This function initializes a SHA-256 context.
- *
- * \param ctx      The SHA-256 context to initialize.
- */
-void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
-
-/**
- * \brief          This function clears a SHA-256 context.
- *
- * \param ctx      The SHA-256 context to clear.
- */
-void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
-
-/**
- * \brief          This function clones the state of a SHA-256 context.
- *
- * \param dst      The destination context.
- * \param src      The context to clone.
- */
-void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
-                           const mbedtls_sha256_context *src );
-
-/**
- * \brief          This function starts a SHA-224 or SHA-256 checksum
- *                 calculation.
- *
- * \param ctx      The context to initialize.
- * \param is224    Determines which function to use.
- *                 <ul><li>0: Use SHA-256.</li>
- *                 <li>1: Use SHA-224.</li></ul>
- *
- * \return         \c 0 on success.
- */
-int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 );
-
-/**
- * \brief          This function feeds an input buffer into an ongoing
- *                 SHA-256 checksum calculation.
- *
- * \param ctx      SHA-256 context
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- *
- * \return         \c 0 on success.
- */
-int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
-                               const unsigned char *input,
-                               size_t ilen );
-
-/**
- * \brief          This function finishes the SHA-256 operation, and writes
- *                 the result to the output buffer.
- *
- * \param ctx      The SHA-256 context.
- * \param output   The SHA-224 or SHA-256 checksum result.
- *
- * \return         \c 0 on success.
- */
-int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
-                               unsigned char output[32] );
-
-/**
- * \brief          This function processes a single data block within
- *                 the ongoing SHA-256 computation. This function is for
- *                 internal use only.
- *
- * \param ctx      The SHA-256 context.
- * \param data     The buffer holding one block of data.
- *
- * \return         \c 0 on success.
- */
-int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
-                                     const unsigned char data[64] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          This function starts a SHA-256 checksum calculation.
- *
- * \deprecated     Superseded by mbedtls_sha256_starts_ret() in 2.7.0.
- *
- * \param ctx      The SHA-256 context to initialize.
- * \param is224    Determines which function to use.
- *                 <ul><li>0: Use SHA-256.</li>
- *                 <li>1: Use SHA-224.</li></ul>
- */
-MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
-                                               int is224 );
-
-/**
- * \brief          This function feeds an input buffer into an ongoing
- *                 SHA-256 checksum calculation.
- *
- * \deprecated     Superseded by mbedtls_sha256_update_ret() in 2.7.0.
- *
- * \param ctx      The SHA-256 context to initialize.
- * \param input    The buffer holding the data.
- * \param ilen     The length of the input data.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
-                                               const unsigned char *input,
-                                               size_t ilen );
-
-/**
- * \brief          This function finishes the SHA-256 operation, and writes
- *                 the result to the output buffer.
- *
- * \deprecated     Superseded by mbedtls_sha256_finish_ret() in 2.7.0.
- *
- * \param ctx      The SHA-256 context.
- * \param output   The SHA-224or SHA-256 checksum result.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
-                                               unsigned char output[32] );
-
-/**
- * \brief          This function processes a single data block within
- *                 the ongoing SHA-256 computation. This function is for
- *                 internal use only.
- *
- * \deprecated     Superseded by mbedtls_internal_sha256_process() in 2.7.0.
- *
- * \param ctx      The SHA-256 context.
- * \param data     The buffer holding one block of data.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
-                                                const unsigned char data[64] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_SHA256_ALT */
-#include "sha256_alt.h"
-#endif /* MBEDTLS_SHA256_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          This function calculates the SHA-224 or SHA-256
- *                 checksum of a buffer.
- *
- *                 The function allocates the context, performs the
- *                 calculation, and frees the context.
- *
- *                 The SHA-256 result is calculated as
- *                 output = SHA-256(input buffer).
- *
- * \param input    The buffer holding the input data.
- * \param ilen     The length of the input data.
- * \param output   The SHA-224 or SHA-256 checksum result.
- * \param is224    Determines which function to use.
- *                 <ul><li>0: Use SHA-256.</li>
- *                 <li>1: Use SHA-224.</li></ul>
- */
-int mbedtls_sha256_ret( const unsigned char *input,
-                        size_t ilen,
-                        unsigned char output[32],
-                        int is224 );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-
-/**
- * \brief          This function calculates the SHA-224 or SHA-256 checksum
- *                 of a buffer.
- *
- *                 The function allocates the context, performs the
- *                 calculation, and frees the context.
- *
- *                 The SHA-256 result is calculated as
- *                 output = SHA-256(input buffer).
- *
- * \deprecated     Superseded by mbedtls_sha256_ret() in 2.7.0.
- *
- * \param input    The buffer holding the data.
- * \param ilen     The length of the input data.
- * \param output   The SHA-224 or SHA-256 checksum result.
- * \param is224    Determines which function to use.
- *                 <ul><li>0: Use SHA-256.</li>
- *                 <li>1: Use SHA-224.</li></ul>
- */
-MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
-                                        size_t ilen,
-                                        unsigned char output[32],
-                                        int is224 );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief          The SHA-224 and SHA-256 checkup routine.
- *
- * \return         \c 0 on success, or \c 1 on failure.
- */
-int mbedtls_sha256_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_sha256.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/sha512.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/sha512.h
deleted file mode 100644
index 8404a2d5..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/sha512.h
+++ /dev/null
@@ -1,280 +0,0 @@
-/**
- * \file sha512.h
- *
- * \brief The SHA-384 and SHA-512 cryptographic hash function.
- */
-/*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_SHA512_H
-#define MBEDTLS_SHA512_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED                -0x0039  /**< SHA-512 hardware accelerator failed */
-
-#if !defined(MBEDTLS_SHA512_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          The SHA-512 context structure.
- *
- *                 The structure is used both for SHA-384 and for SHA-512
- *                 checksum calculations. The choice between these two is
- *                 made in the call to mbedtls_sha512_starts_ret().
- */
-typedef struct
-{
-    uint64_t total[2];          /*!< The number of Bytes processed. */
-    uint64_t state[8];          /*!< The intermediate digest state. */
-    unsigned char buffer[128];  /*!< The data block being processed. */
-    int is384;                  /*!< Determines which function to use.
-                                 *   <ul><li>0: Use SHA-512.</li>
-                                 *   <li>1: Use SHA-384.</li></ul> */
-}
-mbedtls_sha512_context;
-
-/**
- * \brief          This function initializes a SHA-512 context.
- *
- * \param ctx      The SHA-512 context to initialize.
- */
-void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
-
-/**
- * \brief          This function clears a SHA-512 context.
- *
- * \param ctx      The SHA-512 context to clear.
- */
-void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
-
-/**
- * \brief          This function clones the state of a SHA-512 context.
- *
- * \param dst      The destination context.
- * \param src      The context to clone.
- */
-void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
-                           const mbedtls_sha512_context *src );
-
-/**
- * \brief          This function starts a SHA-384 or SHA-512 checksum
- *                 calculation.
- *
- * \param ctx      The SHA-512 context to initialize.
- * \param is384    Determines which function to use.
- *                 <ul><li>0: Use SHA-512.</li>
- *                 <li>1: Use SHA-384.</li></ul>
- *
- * \return         \c 0 on success.
- */
-int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 );
-
-/**
- * \brief          This function feeds an input buffer into an ongoing
- *                 SHA-512 checksum calculation.
- *
- * \param ctx      The SHA-512 context.
- * \param input    The buffer holding the input data.
- * \param ilen     The length of the input data.
- *
- * \return         \c 0 on success.
- */
-int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
-                    const unsigned char *input,
-                    size_t ilen );
-
-/**
- * \brief          This function finishes the SHA-512 operation, and writes
- *                 the result to the output buffer. This function is for
- *                 internal use only.
- *
- * \param ctx      The SHA-512 context.
- * \param output   The SHA-384 or SHA-512 checksum result.
- *
- * \return         \c 0 on success.
- */
-int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
-                               unsigned char output[64] );
-
-/**
- * \brief          This function processes a single data block within
- *                 the ongoing SHA-512 computation.
- *
- * \param ctx      The SHA-512 context.
- * \param data     The buffer holding one block of data.
- *
- * \return         \c 0 on success.
- */
-int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
-                                     const unsigned char data[128] );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          This function starts a SHA-384 or SHA-512 checksum
- *                 calculation.
- *
- * \deprecated     Superseded by mbedtls_sha512_starts_ret() in 2.7.0
- *
- * \param ctx      The SHA-512 context to initialize.
- * \param is384    Determines which function to use.
- *                 <ul><li>0: Use SHA-512.</li>
- *                 <li>1: Use SHA-384.</li></ul>
- */
-MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
-                                               int is384 );
-
-/**
- * \brief          This function feeds an input buffer into an ongoing
- *                 SHA-512 checksum calculation.
- *
- * \deprecated     Superseded by mbedtls_sha512_update_ret() in 2.7.0
- *
- * \param ctx      The SHA-512 context.
- * \param input    The buffer holding the data.
- * \param ilen     The length of the input data.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
-                                               const unsigned char *input,
-                                               size_t ilen );
-
-/**
- * \brief          This function finishes the SHA-512 operation, and writes
- *                 the result to the output buffer.
- *
- * \deprecated     Superseded by mbedtls_sha512_finish_ret() in 2.7.0
- *
- * \param ctx      The SHA-512 context.
- * \param output   The SHA-384 or SHA-512 checksum result.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
-                                               unsigned char output[64] );
-
-/**
- * \brief          This function processes a single data block within
- *                 the ongoing SHA-512 computation. This function is for
- *                 internal use only.
- *
- * \deprecated     Superseded by mbedtls_internal_sha512_process() in 2.7.0
- *
- * \param ctx      The SHA-512 context.
- * \param data     The buffer holding one block of data.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha512_process(
-                                            mbedtls_sha512_context *ctx,
-                                            const unsigned char data[128] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_SHA512_ALT */
-#include "sha512_alt.h"
-#endif /* MBEDTLS_SHA512_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          This function calculates the SHA-512 or SHA-384
- *                 checksum of a buffer.
- *
- *                 The function allocates the context, performs the
- *                 calculation, and frees the context.
- *
- *                 The SHA-512 result is calculated as
- *                 output = SHA-512(input buffer).
- *
- * \param input    The buffer holding the input data.
- * \param ilen     The length of the input data.
- * \param output   The SHA-384 or SHA-512 checksum result.
- * \param is384    Determines which function to use.
- *                 <ul><li>0: Use SHA-512.</li>
- *                 <li>1: Use SHA-384.</li></ul>
- *
- * \return         \c 0 on success.
- */
-int mbedtls_sha512_ret( const unsigned char *input,
-                        size_t ilen,
-                        unsigned char output[64],
-                        int is384 );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          This function calculates the SHA-512 or SHA-384
- *                 checksum of a buffer.
- *
- *                 The function allocates the context, performs the
- *                 calculation, and frees the context.
- *
- *                 The SHA-512 result is calculated as
- *                 output = SHA-512(input buffer).
- *
- * \deprecated     Superseded by mbedtls_sha512_ret() in 2.7.0
- *
- * \param input    The buffer holding the data.
- * \param ilen     The length of the input data.
- * \param output   The SHA-384 or SHA-512 checksum result.
- * \param is384    Determines which function to use.
- *                 <ul><li>0: Use SHA-512.</li>
- *                 <li>1: Use SHA-384.</li></ul>
- */
-MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
-                                        size_t ilen,
-                                        unsigned char output[64],
-                                        int is384 );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
- /**
- * \brief          The SHA-384 or SHA-512 checkup routine.
- *
- * \return         \c 0 on success, or \c 1 on failure.
- */
-int mbedtls_sha512_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_sha512.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl.h
deleted file mode 100644
index a360e14b..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl.h
+++ /dev/null
@@ -1,2646 +0,0 @@
-/**
- * \file ssl.h
- *
- * \brief SSL/TLS functions.
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_SSL_H
-#define MBEDTLS_SSL_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "bignum.h"
-#include "ecp.h"
-
-#include "ssl_ciphersuites.h"
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#include "x509_crt.h"
-#include "x509_crl.h"
-#endif
-
-#if defined(MBEDTLS_DHM_C)
-#include "dhm.h"
-#endif
-
-#if defined(MBEDTLS_ECDH_C)
-#include "ecdh.h"
-#endif
-
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
-#endif
-
-#if defined(MBEDTLS_DEPRECATED_REMOVED)
-#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
-#endif
-
-#include "zlib.h"
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
-#endif
-
-/*
- * SSL Error codes
- */
-#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE               -0x7080  /**< The requested feature is not available. */
-#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA                    -0x7100  /**< Bad input parameters to function. */
-#define MBEDTLS_ERR_SSL_INVALID_MAC                       -0x7180  /**< Verification of the message MAC failed. */
-#define MBEDTLS_ERR_SSL_INVALID_RECORD                    -0x7200  /**< An invalid SSL record was received. */
-#define MBEDTLS_ERR_SSL_CONN_EOF                          -0x7280  /**< The connection indicated an EOF. */
-#define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER                    -0x7300  /**< An unknown cipher was received. */
-#define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN                  -0x7380  /**< The server has no ciphersuites in common with the client. */
-#define MBEDTLS_ERR_SSL_NO_RNG                            -0x7400  /**< No RNG was provided to the SSL module. */
-#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE             -0x7480  /**< No client certification received from the client, but required by the authentication mode. */
-#define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE             -0x7500  /**< Our own certificate(s) is/are too large to send in an SSL message. */
-#define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED              -0x7580  /**< The own certificate is not set, but needed by the server. */
-#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED              -0x7600  /**< The own private key or pre-shared key is not set, but needed. */
-#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED                 -0x7680  /**< No CA Chain is set, but required to operate. */
-#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE                -0x7700  /**< An unexpected message was received from our peer. */
-#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE               -0x7780  /**< A fatal alert message was received from our peer. */
-#define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED                -0x7800  /**< Verification of our peer failed. */
-#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY                 -0x7880  /**< The peer notified us that the connection is going to be closed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO               -0x7900  /**< Processing of the ClientHello handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO               -0x7980  /**< Processing of the ServerHello handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE                -0x7A00  /**< Processing of the Certificate handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST        -0x7A80  /**< Processing of the CertificateRequest handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE        -0x7B00  /**< Processing of the ServerKeyExchange handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE          -0x7B80  /**< Processing of the ServerHelloDone handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE        -0x7C00  /**< Processing of the ClientKeyExchange handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP     -0x7C80  /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. */
-#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS     -0x7D00  /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */
-#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY         -0x7D80  /**< Processing of the CertificateVerify handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC         -0x7E00  /**< Processing of the ChangeCipherSpec handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_FINISHED                   -0x7E80  /**< Processing of the Finished handshake message failed. */
-#define MBEDTLS_ERR_SSL_ALLOC_FAILED                      -0x7F00  /**< Memory allocation failed */
-#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED                   -0x7F80  /**< Hardware acceleration function returned with error */
-#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH              -0x6F80  /**< Hardware acceleration function skipped / left alone data */
-#define MBEDTLS_ERR_SSL_COMPRESSION_FAILED                -0x6F00  /**< Processing of the compression / decompression failed */
-#define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION           -0x6E80  /**< Handshake protocol not within min/max boundaries */
-#define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET         -0x6E00  /**< Processing of the NewSessionTicket handshake message failed. */
-#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED            -0x6D80  /**< Session ticket has expired. */
-#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH                  -0x6D00  /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
-#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY                  -0x6C80  /**< Unknown identity received (eg, PSK identity) */
-#define MBEDTLS_ERR_SSL_INTERNAL_ERROR                    -0x6C00  /**< Internal error (eg, unexpected failure in lower-level module) */
-#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING                  -0x6B80  /**< A counter would wrap (eg, too many messages exchanged). */
-#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO       -0x6B00  /**< Unexpected message at ServerHello in renegotiation. */
-#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED             -0x6A80  /**< DTLS client must retry for hello verification */
-#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL                  -0x6A00  /**< A buffer is too small to receive or write a message */
-#define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE             -0x6980  /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */
-#define MBEDTLS_ERR_SSL_WANT_READ                         -0x6900  /**< Connection requires a read call. */
-#define MBEDTLS_ERR_SSL_WANT_WRITE                        -0x6880  /**< Connection requires a write call. */
-#define MBEDTLS_ERR_SSL_TIMEOUT                           -0x6800  /**< The operation timed out. */
-#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT                  -0x6780  /**< The client initiated a reconnect from the same port. */
-#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD                 -0x6700  /**< Record header looks valid but is not expected. */
-#define MBEDTLS_ERR_SSL_NON_FATAL                         -0x6680  /**< The alert message received indicates a non-fatal error. */
-#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH               -0x6600  /**< Couldn't set the hash for verifying CertificateVerify */
-
-/*
- * Various constants
- */
-#define MBEDTLS_SSL_MAJOR_VERSION_3             3
-#define MBEDTLS_SSL_MINOR_VERSION_0             0   /*!< SSL v3.0 */
-#define MBEDTLS_SSL_MINOR_VERSION_1             1   /*!< TLS v1.0 */
-#define MBEDTLS_SSL_MINOR_VERSION_2             2   /*!< TLS v1.1 */
-#define MBEDTLS_SSL_MINOR_VERSION_3             3   /*!< TLS v1.2 */
-
-#define MBEDTLS_SSL_TRANSPORT_STREAM            0   /*!< TLS      */
-#define MBEDTLS_SSL_TRANSPORT_DATAGRAM          1   /*!< DTLS     */
-
-#define MBEDTLS_SSL_MAX_HOST_NAME_LEN           255 /*!< Maximum host name defined in RFC 1035 */
-
-/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
- * NONE must be zero so that memset()ing structure to zero works */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE           0   /*!< don't use this extension   */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_512            1   /*!< MaxFragmentLength 2^9      */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_1024           2   /*!< MaxFragmentLength 2^10     */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_2048           3   /*!< MaxFragmentLength 2^11     */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_4096           4   /*!< MaxFragmentLength 2^12     */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID        5   /*!< first invalid value        */
-
-#define MBEDTLS_SSL_IS_CLIENT                   0
-#define MBEDTLS_SSL_IS_SERVER                   1
-
-#define MBEDTLS_SSL_IS_NOT_FALLBACK             0
-#define MBEDTLS_SSL_IS_FALLBACK                 1
-
-#define MBEDTLS_SSL_EXTENDED_MS_DISABLED        0
-#define MBEDTLS_SSL_EXTENDED_MS_ENABLED         1
-
-#define MBEDTLS_SSL_ETM_DISABLED                0
-#define MBEDTLS_SSL_ETM_ENABLED                 1
-
-#define MBEDTLS_SSL_COMPRESS_NULL               0
-#define MBEDTLS_SSL_COMPRESS_DEFLATE            1
-
-#define MBEDTLS_SSL_VERIFY_NONE                 0
-#define MBEDTLS_SSL_VERIFY_OPTIONAL             1
-#define MBEDTLS_SSL_VERIFY_REQUIRED             2
-#define MBEDTLS_SSL_VERIFY_UNSET                3 /* Used only for sni_authmode */
-
-#define MBEDTLS_SSL_LEGACY_RENEGOTIATION        0
-#define MBEDTLS_SSL_SECURE_RENEGOTIATION        1
-
-#define MBEDTLS_SSL_RENEGOTIATION_DISABLED      0
-#define MBEDTLS_SSL_RENEGOTIATION_ENABLED       1
-
-#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED        0
-#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED         1
-
-#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED  -1
-#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT  16
-
-#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION     0
-#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION  1
-#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE      2
-
-#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED         0
-#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED          1
-#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN          10  /* 80 bits, rfc 6066 section 7 */
-
-#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED     0
-#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED      1
-
-#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED    0
-#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED     1
-
-#define MBEDTLS_SSL_ARC4_ENABLED                0
-#define MBEDTLS_SSL_ARC4_DISABLED               1
-
-#define MBEDTLS_SSL_PRESET_DEFAULT              0
-#define MBEDTLS_SSL_PRESET_SUITEB               2
-
-#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED       1
-#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED      0
-
-/*
- * Default range for DTLS retransmission timer value, in milliseconds.
- * RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
- */
-#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN    1000
-#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX   60000
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
-#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
-#endif
-
-/*
- * Maximum fragment length in bytes,
- * determines the size of each of the two internal I/O buffers.
- *
- * Note: the RFC defines the default size of SSL / TLS messages. If you
- * change the value here, other clients / servers may not be able to
- * communicate with you anymore. Only change this value if you control
- * both sides of the connection and have it reduced at both sides, or
- * if you're using the Max Fragment Length extension and you know all your
- * peers are using it too!
- */
-#if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
-#define MBEDTLS_SSL_MAX_CONTENT_LEN         16384   /**< Size of the input / output buffer */
-#endif
-
-#if !defined(MBEDTLS_SSL_IN_CONTENT_LEN)
-#define MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
-#endif
-
- #if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
-#define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
-#endif
-
-/* \} name SECTION: Module settings */
-
-/*
- * Length of the verify data for secure renegotiation
- */
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
-#else
-#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
-#endif
-
-/*
- * Signaling ciphersuite values (SCSV)
- */
-#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO    0xFF   /**< renegotiation info ext */
-#define MBEDTLS_SSL_FALLBACK_SCSV_VALUE         0x5600 /**< RFC 7507 section 2 */
-
-/*
- * Supported Signature and Hash algorithms (For TLS 1.2)
- * RFC 5246 section 7.4.1.4.1
- */
-#define MBEDTLS_SSL_HASH_NONE                0
-#define MBEDTLS_SSL_HASH_MD5                 1
-#define MBEDTLS_SSL_HASH_SHA1                2
-#define MBEDTLS_SSL_HASH_SHA224              3
-#define MBEDTLS_SSL_HASH_SHA256              4
-#define MBEDTLS_SSL_HASH_SHA384              5
-#define MBEDTLS_SSL_HASH_SHA512              6
-
-#define MBEDTLS_SSL_SIG_ANON                 0
-#define MBEDTLS_SSL_SIG_RSA                  1
-#define MBEDTLS_SSL_SIG_ECDSA                3
-
-/*
- * Client Certificate Types
- * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
- */
-#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN       1
-#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN    64
-
-/*
- * Message, alert and handshake types
- */
-#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC     20
-#define MBEDTLS_SSL_MSG_ALERT                  21
-#define MBEDTLS_SSL_MSG_HANDSHAKE              22
-#define MBEDTLS_SSL_MSG_APPLICATION_DATA       23
-
-#define MBEDTLS_SSL_ALERT_LEVEL_WARNING         1
-#define MBEDTLS_SSL_ALERT_LEVEL_FATAL           2
-
-#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY           0  /* 0x00 */
-#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE    10  /* 0x0A */
-#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC        20  /* 0x14 */
-#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED     21  /* 0x15 */
-#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW       22  /* 0x16 */
-#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30  /* 0x1E */
-#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE     40  /* 0x28 */
-#define MBEDTLS_SSL_ALERT_MSG_NO_CERT               41  /* 0x29 */
-#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT              42  /* 0x2A */
-#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT      43  /* 0x2B */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED          44  /* 0x2C */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED          45  /* 0x2D */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN          46  /* 0x2E */
-#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER     47  /* 0x2F */
-#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA            48  /* 0x30 */
-#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED         49  /* 0x31 */
-#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR          50  /* 0x32 */
-#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR         51  /* 0x33 */
-#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION    60  /* 0x3C */
-#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION      70  /* 0x46 */
-#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71  /* 0x47 */
-#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR        80  /* 0x50 */
-#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86  /* 0x56 */
-#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED         90  /* 0x5A */
-#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION     100  /* 0x64 */
-#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT      110  /* 0x6E */
-#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME    112  /* 0x70 */
-#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115  /* 0x73 */
-#define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
-
-#define MBEDTLS_SSL_HS_HELLO_REQUEST            0
-#define MBEDTLS_SSL_HS_CLIENT_HELLO             1
-#define MBEDTLS_SSL_HS_SERVER_HELLO             2
-#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST     3
-#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET       4
-#define MBEDTLS_SSL_HS_CERTIFICATE             11
-#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE     12
-#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST     13
-#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE       14
-#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY      15
-#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE     16
-#define MBEDTLS_SSL_HS_FINISHED                20
-
-/*
- * TLS extensions
- */
-#define MBEDTLS_TLS_EXT_SERVERNAME                   0
-#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME          0
-
-#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH          1
-
-#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC               4
-
-#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES   10
-#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS     11
-
-#define MBEDTLS_TLS_EXT_SIG_ALG                     13
-
-#define MBEDTLS_TLS_EXT_ALPN                        16
-
-#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC            22 /* 0x16 */
-#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET  0x0017 /* 23 */
-
-#define MBEDTLS_TLS_EXT_SESSION_TICKET              35
-
-#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP               256 /* experimental */
-
-#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO      0xFF01
-
-/*
- * Size defines
- */
-#if !defined(MBEDTLS_PSK_MAX_LEN)
-#define MBEDTLS_PSK_MAX_LEN            32 /* 256 bits */
-#endif
-
-/* Dummy type used only for its size */
-union mbedtls_ssl_premaster_secret
-{
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    unsigned char _pms_rsa[48];                         /* RFC 5246 8.1.1 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-    unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE];      /* RFC 5246 8.1.2 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)    || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)  || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-    unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES];    /* RFC 4492 5.10 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-    unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN];       /* RFC 4279 2 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-    unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
-                                 + MBEDTLS_PSK_MAX_LEN];       /* RFC 4279 3 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-    unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN];      /* RFC 4279 4 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-    unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
-                                   + MBEDTLS_PSK_MAX_LEN];     /* RFC 5489 2 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    unsigned char _pms_ecjpake[32];     /* Thread spec: SHA-256 output */
-#endif
-};
-
-#define MBEDTLS_PREMASTER_SIZE     sizeof( union mbedtls_ssl_premaster_secret )
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * SSL state machine
- */
-typedef enum
-{
-    MBEDTLS_SSL_HELLO_REQUEST,
-    MBEDTLS_SSL_CLIENT_HELLO,
-    MBEDTLS_SSL_SERVER_HELLO,
-    MBEDTLS_SSL_SERVER_CERTIFICATE,
-    MBEDTLS_SSL_SERVER_KEY_EXCHANGE,
-    MBEDTLS_SSL_CERTIFICATE_REQUEST,
-    MBEDTLS_SSL_SERVER_HELLO_DONE,
-    MBEDTLS_SSL_CLIENT_CERTIFICATE,
-    MBEDTLS_SSL_CLIENT_KEY_EXCHANGE,
-    MBEDTLS_SSL_CERTIFICATE_VERIFY,
-    MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC,
-    MBEDTLS_SSL_CLIENT_FINISHED,
-    MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC,
-    MBEDTLS_SSL_SERVER_FINISHED,
-    MBEDTLS_SSL_FLUSH_BUFFERS,
-    MBEDTLS_SSL_HANDSHAKE_WRAPUP,
-    MBEDTLS_SSL_HANDSHAKE_OVER,
-    MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
-    MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
-}
-mbedtls_ssl_states;
-
-/**
- * \brief          Callback type: send data on the network.
- *
- * \note           That callback may be either blocking or non-blocking.
- *
- * \param ctx      Context for the send callback (typically a file descriptor)
- * \param buf      Buffer holding the data to send
- * \param len      Length of the data to send
- *
- * \return         The callback must return the number of bytes sent if any,
- *                 or a non-zero error code.
- *                 If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE
- *                 must be returned when the operation would block.
- *
- * \note           The callback is allowed to send fewer bytes than requested.
- *                 It must always return the number of bytes actually sent.
- */
-typedef int mbedtls_ssl_send_t( void *ctx,
-                                const unsigned char *buf,
-                                size_t len );
-
-/**
- * \brief          Callback type: receive data from the network.
- *
- * \note           That callback may be either blocking or non-blocking.
- *
- * \param ctx      Context for the receive callback (typically a file
- *                 descriptor)
- * \param buf      Buffer to write the received data to
- * \param len      Length of the receive buffer
- *
- * \return         The callback must return the number of bytes received,
- *                 or a non-zero error code.
- *                 If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ
- *                 must be returned when the operation would block.
- *
- * \note           The callback may receive fewer bytes than the length of the
- *                 buffer. It must always return the number of bytes actually
- *                 received and written to the buffer.
- */
-typedef int mbedtls_ssl_recv_t( void *ctx,
-                                unsigned char *buf,
-                                size_t len );
-
-/**
- * \brief          Callback type: receive data from the network, with timeout
- *
- * \note           That callback must block until data is received, or the
- *                 timeout delay expires, or the operation is interrupted by a
- *                 signal.
- *
- * \param ctx      Context for the receive callback (typically a file descriptor)
- * \param buf      Buffer to write the received data to
- * \param len      Length of the receive buffer
- * \param timeout  Maximum nomber of millisecondes to wait for data
- *                 0 means no timeout (potentially waiting forever)
- *
- * \return         The callback must return the number of bytes received,
- *                 or a non-zero error code:
- *                 \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
- *                 \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
- *
- * \note           The callback may receive fewer bytes than the length of the
- *                 buffer. It must always return the number of bytes actually
- *                 received and written to the buffer.
- */
-typedef int mbedtls_ssl_recv_timeout_t( void *ctx,
-                                        unsigned char *buf,
-                                        size_t len,
-                                        uint32_t timeout );
-/**
- * \brief          Callback type: set a pair of timers/delays to watch
- *
- * \param ctx      Context pointer
- * \param int_ms   Intermediate delay in milliseconds
- * \param fin_ms   Final delay in milliseconds
- *                 0 cancels the current timer.
- *
- * \note           This callback must at least store the necessary information
- *                 for the associated \c mbedtls_ssl_get_timer_t callback to
- *                 return correct information.
- *
- * \note           If using a event-driven style of programming, an event must
- *                 be generated when the final delay is passed. The event must
- *                 cause a call to \c mbedtls_ssl_handshake() with the proper
- *                 SSL context to be scheduled. Care must be taken to ensure
- *                 that at most one such call happens at a time.
- *
- * \note           Only one timer at a time must be running. Calling this
- *                 function while a timer is running must cancel it. Cancelled
- *                 timers must not generate any event.
- */
-typedef void mbedtls_ssl_set_timer_t( void * ctx,
-                                      uint32_t int_ms,
-                                      uint32_t fin_ms );
-
-/**
- * \brief          Callback type: get status of timers/delays
- *
- * \param ctx      Context pointer
- *
- * \return         This callback must return:
- *                 -1 if cancelled (fin_ms == 0),
- *                  0 if none of the delays have passed,
- *                  1 if only the intermediate delay has passed,
- *                  2 if the final delay has passed.
- */
-typedef int mbedtls_ssl_get_timer_t( void * ctx );
-
-
-/* Defined below */
-typedef struct mbedtls_ssl_session mbedtls_ssl_session;
-typedef struct mbedtls_ssl_context mbedtls_ssl_context;
-typedef struct mbedtls_ssl_config  mbedtls_ssl_config;
-
-/* Defined in ssl_internal.h */
-typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
-typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
-typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t;
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
-#endif
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
-#endif
-
-/*
- * This structure is used for storing current session data.
- */
-struct mbedtls_ssl_session
-{
-#if defined(MBEDTLS_HAVE_TIME)
-    mbedtls_time_t start;       /*!< starting time      */
-#endif
-    int ciphersuite;            /*!< chosen ciphersuite */
-    int compression;            /*!< chosen compression */
-    size_t id_len;              /*!< session id length  */
-    unsigned char id[32];       /*!< session identifier */
-    unsigned char master[48];   /*!< the master secret  */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    mbedtls_x509_crt *peer_cert;        /*!< peer X.509 cert chain */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-    uint32_t verify_result;          /*!<  verification result     */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
-    unsigned char *ticket;      /*!< RFC 5077 session ticket */
-    size_t ticket_len;          /*!< session ticket length   */
-    uint32_t ticket_lifetime;   /*!< ticket lifetime hint    */
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    unsigned char mfl_code;     /*!< MaxFragmentLength negotiated by peer */
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-    int trunc_hmac;             /*!< flag for truncated hmac activation   */
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-    int encrypt_then_mac;       /*!< flag for EtM activation                */
-#endif
-};
-
-/**
- * SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
- */
-struct mbedtls_ssl_config
-{
-    /* Group items by size (largest first) to minimize padding overhead */
-
-    /*
-     * Pointers
-     */
-
-    const int *ciphersuite_list[4]; /*!< allowed ciphersuites per version   */
-
-    /** Callback for printing debug output                                  */
-    void (*f_dbg)(void *, int, const char *, int, const char *);
-    void *p_dbg;                    /*!< context for the debug function     */
-
-    /** Callback for getting (pseudo-)random numbers                        */
-    int  (*f_rng)(void *, unsigned char *, size_t);
-    void *p_rng;                    /*!< context for the RNG function       */
-
-    /** Callback to retrieve a session from the cache                       */
-    int (*f_get_cache)(void *, mbedtls_ssl_session *);
-    /** Callback to store a session into the cache                          */
-    int (*f_set_cache)(void *, const mbedtls_ssl_session *);
-    void *p_cache;                  /*!< context for cache callbacks        */
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    /** Callback for setting cert according to SNI extension                */
-    int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
-    void *p_sni;                    /*!< context for SNI callback           */
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    /** Callback to customize X.509 certificate chain verification          */
-    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
-    void *p_vrfy;                   /*!< context for X.509 verify calllback */
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-    /** Callback to retrieve PSK key from identity                          */
-    int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
-    void *p_psk;                    /*!< context for PSK callback           */
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-    /** Callback to create & write a cookie for ClientHello veirifcation    */
-    int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
-                           const unsigned char *, size_t );
-    /** Callback to verify validity of a ClientHello cookie                 */
-    int (*f_cookie_check)( void *, const unsigned char *, size_t,
-                           const unsigned char *, size_t );
-    void *p_cookie;                 /*!< context for the cookie callbacks   */
-#endif
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
-    /** Callback to create & write a session ticket                         */
-    int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
-            unsigned char *, const unsigned char *, size_t *, uint32_t * );
-    /** Callback to parse a session ticket into a session structure         */
-    int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
-    void *p_ticket;                 /*!< context for the ticket callbacks   */
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-    /** Callback to export key block and master secret                      */
-    int (*f_export_keys)( void *, const unsigned char *,
-            const unsigned char *, size_t, size_t, size_t );
-    void *p_export_keys;            /*!< context for key export callback    */
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
-    mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s)        */
-    mbedtls_x509_crt *ca_chain;     /*!< trusted CAs                        */
-    mbedtls_x509_crl *ca_crl;       /*!< trusted CAs CRLs                   */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-    const int *sig_hashes;          /*!< allowed signature hashes           */
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-    const mbedtls_ecp_group_id *curve_list; /*!< allowed curves             */
-#endif
-
-#if defined(MBEDTLS_DHM_C)
-    mbedtls_mpi dhm_P;              /*!< prime modulus for DHM              */
-    mbedtls_mpi dhm_G;              /*!< generator for DHM                  */
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-    unsigned char *psk;             /*!< pre-shared key                     */
-    size_t         psk_len;         /*!< length of the pre-shared key       */
-    unsigned char *psk_identity;    /*!< identity for PSK negotiation       */
-    size_t         psk_identity_len;/*!< length of identity                 */
-#endif
-
-#if defined(MBEDTLS_SSL_ALPN)
-    const char **alpn_list;         /*!< ordered list of protocols          */
-#endif
-
-    /*
-     * Numerical settings (int then char)
-     */
-
-    uint32_t read_timeout;          /*!< timeout for mbedtls_ssl_read (ms)  */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    uint32_t hs_timeout_min;        /*!< initial value of the handshake
-                                         retransmission timeout (ms)        */
-    uint32_t hs_timeout_max;        /*!< maximum value of the handshake
-                                         retransmission timeout (ms)        */
-#endif
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    int renego_max_records;         /*!< grace period for renegotiation     */
-    unsigned char renego_period[8]; /*!< value of the record counters
-                                         that triggers renegotiation        */
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
-    unsigned int badmac_limit;      /*!< limit of records with a bad MAC    */
-#endif
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
-    unsigned int dhm_min_bitlen;    /*!< min. bit length of the DHM prime   */
-#endif
-
-    unsigned char max_major_ver;    /*!< max. major version used            */
-    unsigned char max_minor_ver;    /*!< max. minor version used            */
-    unsigned char min_major_ver;    /*!< min. major version used            */
-    unsigned char min_minor_ver;    /*!< min. minor version used            */
-
-    /*
-     * Flags (bitfields)
-     */
-
-    unsigned int endpoint : 1;      /*!< 0: client, 1: server               */
-    unsigned int transport : 1;     /*!< stream (TLS) or datagram (DTLS)    */
-    unsigned int authmode : 2;      /*!< MBEDTLS_SSL_VERIFY_XXX             */
-    /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE          */
-    unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX   */
-#if defined(MBEDTLS_ARC4_C)
-    unsigned int arc4_disabled : 1; /*!< blacklist RC4 ciphersuites?        */
-#endif
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    unsigned int mfl_code : 3;      /*!< desired fragment length            */
-#endif
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-    unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac?    */
-#endif
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-    unsigned int extended_ms : 1;   /*!< negotiate extended master secret?  */
-#endif
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-    unsigned int anti_replay : 1;   /*!< detect and prevent replay?         */
-#endif
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-    unsigned int cbc_record_splitting : 1;  /*!< do cbc record splitting    */
-#endif
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    unsigned int disable_renegotiation : 1; /*!< disable renegotiation?     */
-#endif
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-    unsigned int trunc_hmac : 1;    /*!< negotiate truncated hmac?          */
-#endif
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    unsigned int session_tickets : 1;   /*!< use session tickets?           */
-#endif
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
-    unsigned int fallback : 1;      /*!< is this a fallback?                */
-#endif
-#if defined(MBEDTLS_SSL_SRV_C)
-    unsigned int cert_req_ca_list : 1;  /*!< enable sending CA list in
-                                          Certificate Request messages?     */
-#endif
-};
-
-
-struct mbedtls_ssl_context
-{
-    const mbedtls_ssl_config *conf; /*!< configuration information          */
-
-    /*
-     * Miscellaneous
-     */
-    int state;                  /*!< SSL handshake: current state     */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    int renego_status;          /*!< Initial, in progress, pending?   */
-    int renego_records_seen;    /*!< Records since renego request, or with DTLS,
-                                  number of retransmissions of request if
-                                  renego_max_records is < 0           */
-#endif
-
-    int major_ver;              /*!< equal to  MBEDTLS_SSL_MAJOR_VERSION_3    */
-    int minor_ver;              /*!< either 0 (SSL3) or 1 (TLS1.0)    */
-
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
-    unsigned badmac_seen;       /*!< records with a bad MAC received    */
-#endif
-
-    mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
-    mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
-    mbedtls_ssl_recv_timeout_t *f_recv_timeout;
-                                /*!< Callback for network receive with timeout */
-
-    void *p_bio;                /*!< context for I/O operations   */
-
-    /*
-     * Session layer
-     */
-    mbedtls_ssl_session *session_in;            /*!<  current session data (in)   */
-    mbedtls_ssl_session *session_out;           /*!<  current session data (out)  */
-    mbedtls_ssl_session *session;               /*!<  negotiated session data     */
-    mbedtls_ssl_session *session_negotiate;     /*!<  session data in negotiation */
-
-    mbedtls_ssl_handshake_params *handshake;    /*!<  params required only during
-                                              the handshake process        */
-
-    /*
-     * Record layer transformations
-     */
-    mbedtls_ssl_transform *transform_in;        /*!<  current transform params (in)   */
-    mbedtls_ssl_transform *transform_out;       /*!<  current transform params (in)   */
-    mbedtls_ssl_transform *transform;           /*!<  negotiated transform params     */
-    mbedtls_ssl_transform *transform_negotiate; /*!<  transform params in negotiation */
-
-    /*
-     * Timers
-     */
-    void *p_timer;              /*!< context for the timer callbacks */
-
-    mbedtls_ssl_set_timer_t *f_set_timer;       /*!< set timer callback */
-    mbedtls_ssl_get_timer_t *f_get_timer;       /*!< get timer callback */
-
-    /*
-     * Record layer (incoming data)
-     */
-    unsigned char *in_buf;      /*!< input buffer                     */
-    unsigned char *in_ctr;      /*!< 64-bit incoming message counter
-                                     TLS: maintained by us
-                                     DTLS: read from peer             */
-    unsigned char *in_hdr;      /*!< start of record header           */
-    unsigned char *in_len;      /*!< two-bytes message length field   */
-    unsigned char *in_iv;       /*!< ivlen-byte IV                    */
-    unsigned char *in_msg;      /*!< message contents (in_iv+ivlen)   */
-    unsigned char *in_offt;     /*!< read offset in application data  */
-
-    int in_msgtype;             /*!< record header: message type      */
-    size_t in_msglen;           /*!< record header: message length    */
-    size_t in_left;             /*!< amount of data read so far       */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    uint16_t in_epoch;          /*!< DTLS epoch for incoming records  */
-    size_t next_record_offset;  /*!< offset of the next record in datagram
-                                     (equal to in_left if none)       */
-#endif
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-    uint64_t in_window_top;     /*!< last validated record seq_num    */
-    uint64_t in_window;         /*!< bitmask for replay detection     */
-#endif
-
-    size_t in_hslen;            /*!< current handshake message length,
-                                     including the handshake header   */
-    int nb_zero;                /*!< # of 0-length encrypted messages */
-
-    int keep_current_message;   /*!< drop or reuse current message
-                                     on next call to record layer? */
-
-    /*
-     * Record layer (outgoing data)
-     */
-    unsigned char *out_buf;     /*!< output buffer                    */
-    unsigned char *out_ctr;     /*!< 64-bit outgoing message counter  */
-    unsigned char *out_hdr;     /*!< start of record header           */
-    unsigned char *out_len;     /*!< two-bytes message length field   */
-    unsigned char *out_iv;      /*!< ivlen-byte IV                    */
-    unsigned char *out_msg;     /*!< message contents (out_iv+ivlen)  */
-
-    int out_msgtype;            /*!< record header: message type      */
-    size_t out_msglen;          /*!< record header: message length    */
-    size_t out_left;            /*!< amount of data not yet written   */
-
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    unsigned char *compress_buf;        /*!<  zlib data buffer        */
-#endif
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-    signed char split_done;     /*!< current record already splitted? */
-#endif
-
-    /*
-     * PKI layer
-     */
-    int client_auth;                    /*!<  flag for client auth.   */
-
-    /*
-     * User settings
-     */
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    char *hostname;             /*!< expected peer CN for verification
-                                     (and SNI if available)                 */
-#endif
-
-#if defined(MBEDTLS_SSL_ALPN)
-    const char *alpn_chosen;    /*!<  negotiated protocol                   */
-#endif
-
-    /*
-     * Information for DTLS hello verify
-     */
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-    unsigned char  *cli_id;         /*!<  transport-level ID of the client  */
-    size_t          cli_id_len;     /*!<  length of cli_id                  */
-#endif
-
-    /*
-     * Secure renegotiation
-     */
-    /* needed to know when to send extension on server */
-    int secure_renegotiation;           /*!<  does peer support legacy or
-                                              secure renegotiation           */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    size_t verify_data_len;             /*!<  length of verify data stored   */
-    char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
-    char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
-#endif
-};
-
-#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
-
-#define MBEDTLS_SSL_CHANNEL_OUTBOUND    0
-#define MBEDTLS_SSL_CHANNEL_INBOUND     1
-
-extern int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl,
-                const unsigned char *key_enc, const unsigned char *key_dec,
-                size_t keylen,
-                const unsigned char *iv_enc,  const unsigned char *iv_dec,
-                size_t ivlen,
-                const unsigned char *mac_enc, const unsigned char *mac_dec,
-                size_t maclen);
-extern int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction);
-extern int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl);
-extern int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl);
-extern int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl);
-extern int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl);
-#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
-
-/**
- * \brief Returns the list of ciphersuites supported by the SSL/TLS module.
- *
- * \return              a statically allocated array of ciphersuites, the last
- *                      entry is 0.
- */
-const int *mbedtls_ssl_list_ciphersuites( void );
-
-/**
- * \brief               Return the name of the ciphersuite associated with the
- *                      given ID
- *
- * \param ciphersuite_id SSL ciphersuite ID
- *
- * \return              a string containing the ciphersuite name
- */
-const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
-
-/**
- * \brief               Return the ID of the ciphersuite associated with the
- *                      given name
- *
- * \param ciphersuite_name SSL ciphersuite name
- *
- * \return              the ID with the ciphersuite or 0 if not found
- */
-int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
-
-/**
- * \brief          Initialize an SSL context
- *                 Just makes the context ready for mbedtls_ssl_setup() or
- *                 mbedtls_ssl_free()
- *
- * \param ssl      SSL context
- */
-void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Set up an SSL context for use
- *
- * \note           No copy of the configuration context is made, it can be
- *                 shared by many mbedtls_ssl_context structures.
- *
- * \warning        The conf structure will be accessed during the session.
- *                 It must not be modified or freed as long as the session
- *                 is active.
- *
- * \warning        This function must be called exactly once per context.
- *                 Calling mbedtls_ssl_setup again is not supported, even
- *                 if no session is active.
- *
- * \param ssl      SSL context
- * \param conf     SSL configuration to use
- *
- * \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if
- *                 memory allocation failed
- */
-int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
-                       const mbedtls_ssl_config *conf );
-
-/**
- * \brief          Reset an already initialized SSL context for re-use
- *                 while retaining application-set variables, function
- *                 pointers and data.
- *
- * \param ssl      SSL context
- * \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED,
-                   MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or
- *                 MBEDTLS_ERR_SSL_COMPRESSION_FAILED
- */
-int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Set the current endpoint type
- *
- * \param conf     SSL configuration
- * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
- */
-void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
-
-/**
- * \brief           Set the transport type (TLS or DTLS).
- *                  Default: TLS
- *
- * \note            For DTLS, you must either provide a recv callback that
- *                  doesn't block, or one that handles timeouts, see
- *                  \c mbedtls_ssl_set_bio(). You also need to provide timer
- *                  callbacks with \c mbedtls_ssl_set_timer_cb().
- *
- * \param conf      SSL configuration
- * \param transport transport type:
- *                  MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
- *                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
- */
-void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
-
-/**
- * \brief          Set the certificate verification mode
- *                 Default: NONE on server, REQUIRED on client
- *
- * \param conf     SSL configuration
- * \param authmode can be:
- *
- *  MBEDTLS_SSL_VERIFY_NONE:      peer certificate is not checked
- *                        (default on server)
- *                        (insecure on client)
- *
- *  MBEDTLS_SSL_VERIFY_OPTIONAL:  peer certificate is checked, however the
- *                        handshake continues even if verification failed;
- *                        mbedtls_ssl_get_verify_result() can be called after the
- *                        handshake is complete.
- *
- *  MBEDTLS_SSL_VERIFY_REQUIRED:  peer *must* present a valid certificate,
- *                        handshake is aborted if verification failed.
- *                        (default on client)
- *
- * \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode.
- * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at
- * the right time(s), which may not be obvious, while REQUIRED always perform
- * the verification as soon as possible. For example, REQUIRED was protecting
- * against the "triple handshake" attack even before it was found.
- */
-void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief          Set the verification callback (Optional).
- *
- *                 If set, the verify callback is called for each
- *                 certificate in the chain. For implementation
- *                 information, please see \c mbedtls_x509_crt_verify()
- *
- * \param conf     SSL configuration
- * \param f_vrfy   verification function
- * \param p_vrfy   verification parameter
- */
-void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-/**
- * \brief          Set the random number generator callback
- *
- * \param conf     SSL configuration
- * \param f_rng    RNG function
- * \param p_rng    RNG parameter
- */
-void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
-                  int (*f_rng)(void *, unsigned char *, size_t),
-                  void *p_rng );
-
-/**
- * \brief          Set the debug callback
- *
- *                 The callback has the following argument:
- *                 void *           opaque context for the callback
- *                 int              debug level
- *                 const char *     file name
- *                 int              line number
- *                 const char *     message
- *
- * \param conf     SSL configuration
- * \param f_dbg    debug function
- * \param p_dbg    debug parameter
- */
-void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
-                  void (*f_dbg)(void *, int, const char *, int, const char *),
-                  void  *p_dbg );
-
-/**
- * \brief          Set the underlying BIO callbacks for write, read and
- *                 read-with-timeout.
- *
- * \param ssl      SSL context
- * \param p_bio    parameter (context) shared by BIO callbacks
- * \param f_send   write callback
- * \param f_recv   read callback
- * \param f_recv_timeout blocking read callback with timeout.
- *
- * \note           One of f_recv or f_recv_timeout can be NULL, in which case
- *                 the other is used. If both are non-NULL, f_recv_timeout is
- *                 used and f_recv is ignored (as if it were NULL).
- *
- * \note           The two most common use cases are:
- *                 - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
- *                 - blocking I/O, f_recv == NULL, f_recv_timout != NULL
- *
- * \note           For DTLS, you need to provide either a non-NULL
- *                 f_recv_timeout callback, or a f_recv that doesn't block.
- *
- * \note           See the documentations of \c mbedtls_ssl_sent_t,
- *                 \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for
- *                 the conventions those callbacks must follow.
- *
- * \note           On some platforms, net_sockets.c provides
- *                 \c mbedtls_net_send(), \c mbedtls_net_recv() and
- *                 \c mbedtls_net_recv_timeout() that are suitable to be used
- *                 here.
- */
-void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
-                          void *p_bio,
-                          mbedtls_ssl_send_t *f_send,
-                          mbedtls_ssl_recv_t *f_recv,
-                          mbedtls_ssl_recv_timeout_t *f_recv_timeout );
-
-/**
- * \brief          Set the timeout period for mbedtls_ssl_read()
- *                 (Default: no timeout.)
- *
- * \param conf     SSL configuration context
- * \param timeout  Timeout value in milliseconds.
- *                 Use 0 for no timeout (default).
- *
- * \note           With blocking I/O, this will only work if a non-NULL
- *                 \c f_recv_timeout was set with \c mbedtls_ssl_set_bio().
- *                 With non-blocking I/O, this will only work if timer
- *                 callbacks were set with \c mbedtls_ssl_set_timer_cb().
- *
- * \note           With non-blocking I/O, you may also skip this function
- *                 altogether and handle timeouts at the application layer.
- */
-void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
-
-/**
- * \brief          Set the timer callbacks (Mandatory for DTLS.)
- *
- * \param ssl      SSL context
- * \param p_timer  parameter (context) shared by timer callbacks
- * \param f_set_timer   set timer callback
- * \param f_get_timer   get timer callback. Must return:
- *
- * \note           See the documentation of \c mbedtls_ssl_set_timer_t and
- *                 \c mbedtls_ssl_get_timer_t for the conventions this pair of
- *                 callbacks must follow.
- *
- * \note           On some platforms, timing.c provides
- *                 \c mbedtls_timing_set_delay() and
- *                 \c mbedtls_timing_get_delay() that are suitable for using
- *                 here, except if using an event-driven style.
- *
- * \note           See also the "DTLS tutorial" article in our knowledge base.
- *                 https://tls.mbed.org/kb/how-to/dtls-tutorial
- */
-void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
-                               void *p_timer,
-                               mbedtls_ssl_set_timer_t *f_set_timer,
-                               mbedtls_ssl_get_timer_t *f_get_timer );
-
-/**
- * \brief           Callback type: generate and write session ticket
- *
- * \note            This describes what a callback implementation should do.
- *                  This callback should generate an encrypted and
- *                  authenticated ticket for the session and write it to the
- *                  output buffer. Here, ticket means the opaque ticket part
- *                  of the NewSessionTicket structure of RFC 5077.
- *
- * \param p_ticket  Context for the callback
- * \param session   SSL session to be written in the ticket
- * \param start     Start of the output buffer
- * \param end       End of the output buffer
- * \param tlen      On exit, holds the length written
- * \param lifetime  On exit, holds the lifetime of the ticket in seconds
- *
- * \return          0 if successful, or
- *                  a specific MBEDTLS_ERR_XXX code.
- */
-typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
-                                        const mbedtls_ssl_session *session,
-                                        unsigned char *start,
-                                        const unsigned char *end,
-                                        size_t *tlen,
-                                        uint32_t *lifetime );
-
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-/**
- * \brief           Callback type: Export key block and master secret
- *
- * \note            This is required for certain uses of TLS, e.g. EAP-TLS
- *                  (RFC 5216) and Thread. The key pointers are ephemeral and
- *                  therefore must not be stored. The master secret and keys
- *                  should not be used directly except as an input to a key
- *                  derivation function.
- *
- * \param p_expkey  Context for the callback
- * \param ms        Pointer to master secret (fixed length: 48 bytes)
- * \param kb        Pointer to key block, see RFC 5246 section 6.3
- *                  (variable length: 2 * maclen + 2 * keylen + 2 * ivlen).
- * \param maclen    MAC length
- * \param keylen    Key length
- * \param ivlen     IV length
- *
- * \return          0 if successful, or
- *                  a specific MBEDTLS_ERR_XXX code.
- */
-typedef int mbedtls_ssl_export_keys_t( void *p_expkey,
-                                const unsigned char *ms,
-                                const unsigned char *kb,
-                                size_t maclen,
-                                size_t keylen,
-                                size_t ivlen );
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
-
-/**
- * \brief           Callback type: parse and load session ticket
- *
- * \note            This describes what a callback implementation should do.
- *                  This callback should parse a session ticket as generated
- *                  by the corresponding mbedtls_ssl_ticket_write_t function,
- *                  and, if the ticket is authentic and valid, load the
- *                  session.
- *
- * \note            The implementation is allowed to modify the first len
- *                  bytes of the input buffer, eg to use it as a temporary
- *                  area for the decrypted ticket contents.
- *
- * \param p_ticket  Context for the callback
- * \param session   SSL session to be loaded
- * \param buf       Start of the buffer containing the ticket
- * \param len       Length of the ticket.
- *
- * \return          0 if successful, or
- *                  MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or
- *                  MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or
- *                  any other non-zero code for other failures.
- */
-typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
-                                        mbedtls_ssl_session *session,
-                                        unsigned char *buf,
-                                        size_t len );
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
-/**
- * \brief           Configure SSL session ticket callbacks (server only).
- *                  (Default: none.)
- *
- * \note            On server, session tickets are enabled by providing
- *                  non-NULL callbacks.
- *
- * \note            On client, use \c mbedtls_ssl_conf_session_tickets().
- *
- * \param conf      SSL configuration context
- * \param f_ticket_write    Callback for writing a ticket
- * \param f_ticket_parse    Callback for parsing a ticket
- * \param p_ticket          Context shared by the two callbacks
- */
-void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
-        mbedtls_ssl_ticket_write_t *f_ticket_write,
-        mbedtls_ssl_ticket_parse_t *f_ticket_parse,
-        void *p_ticket );
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-/**
- * \brief           Configure key export callback.
- *                  (Default: none.)
- *
- * \note            See \c mbedtls_ssl_export_keys_t.
- *
- * \param conf      SSL configuration context
- * \param f_export_keys     Callback for exporting keys
- * \param p_export_keys     Context for the callback
- */
-void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
-        mbedtls_ssl_export_keys_t *f_export_keys,
-        void *p_export_keys );
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
-
-/**
- * \brief          Callback type: generate a cookie
- *
- * \param ctx      Context for the callback
- * \param p        Buffer to write to,
- *                 must be updated to point right after the cookie
- * \param end      Pointer to one past the end of the output buffer
- * \param info     Client ID info that was passed to
- *                 \c mbedtls_ssl_set_client_transport_id()
- * \param ilen     Length of info in bytes
- *
- * \return         The callback must return 0 on success,
- *                 or a negative error code.
- */
-typedef int mbedtls_ssl_cookie_write_t( void *ctx,
-                                unsigned char **p, unsigned char *end,
-                                const unsigned char *info, size_t ilen );
-
-/**
- * \brief          Callback type: verify a cookie
- *
- * \param ctx      Context for the callback
- * \param cookie   Cookie to verify
- * \param clen     Length of cookie
- * \param info     Client ID info that was passed to
- *                 \c mbedtls_ssl_set_client_transport_id()
- * \param ilen     Length of info in bytes
- *
- * \return         The callback must return 0 if cookie is valid,
- *                 or a negative error code.
- */
-typedef int mbedtls_ssl_cookie_check_t( void *ctx,
-                                const unsigned char *cookie, size_t clen,
-                                const unsigned char *info, size_t ilen );
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-/**
- * \brief           Register callbacks for DTLS cookies
- *                  (Server only. DTLS only.)
- *
- *                  Default: dummy callbacks that fail, in order to force you to
- *                  register working callbacks (and initialize their context).
- *
- *                  To disable HelloVerifyRequest, register NULL callbacks.
- *
- * \warning         Disabling hello verification allows your server to be used
- *                  for amplification in DoS attacks against other hosts.
- *                  Only disable if you known this can't happen in your
- *                  particular environment.
- *
- * \note            See comments on \c mbedtls_ssl_handshake() about handling
- *                  the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected
- *                  on the first handshake attempt when this is enabled.
- *
- * \note            This is also necessary to handle client reconnection from
- *                  the same port as described in RFC 6347 section 4.2.8 (only
- *                  the variant with cookies is supported currently). See
- *                  comments on \c mbedtls_ssl_read() for details.
- *
- * \param conf              SSL configuration
- * \param f_cookie_write    Cookie write callback
- * \param f_cookie_check    Cookie check callback
- * \param p_cookie          Context for both callbacks
- */
-void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
-                           mbedtls_ssl_cookie_write_t *f_cookie_write,
-                           mbedtls_ssl_cookie_check_t *f_cookie_check,
-                           void *p_cookie );
-
-/**
- * \brief          Set client's transport-level identification info.
- *                 (Server only. DTLS only.)
- *
- *                 This is usually the IP address (and port), but could be
- *                 anything identify the client depending on the underlying
- *                 network stack. Used for HelloVerifyRequest with DTLS.
- *                 This is *not* used to route the actual packets.
- *
- * \param ssl      SSL context
- * \param info     Transport-level info identifying the client (eg IP + port)
- * \param ilen     Length of info in bytes
- *
- * \note           An internal copy is made, so the info buffer can be reused.
- *
- * \return         0 on success,
- *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
- *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.
- */
-int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
-                                 const unsigned char *info,
-                                 size_t ilen );
-
-#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-/**
- * \brief          Enable or disable anti-replay protection for DTLS.
- *                 (DTLS only, no effect on TLS.)
- *                 Default: enabled.
- *
- * \param conf     SSL configuration
- * \param mode     MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED.
- *
- * \warning        Disabling this is a security risk unless the application
- *                 protocol handles duplicated packets in a safe way. You
- *                 should not disable this without careful consideration.
- *                 However, if your application already detects duplicated
- *                 packets and needs information about them to adjust its
- *                 transmission strategy, then you'll want to disable this.
- */
-void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
-#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
-/**
- * \brief          Set a limit on the number of records with a bad MAC
- *                 before terminating the connection.
- *                 (DTLS only, no effect on TLS.)
- *                 Default: 0 (disabled).
- *
- * \param conf     SSL configuration
- * \param limit    Limit, or 0 to disable.
- *
- * \note           If the limit is N, then the connection is terminated when
- *                 the Nth non-authentic record is seen.
- *
- * \note           Records with an invalid header are not counted, only the
- *                 ones going through the authentication-decryption phase.
- *
- * \note           This is a security trade-off related to the fact that it's
- *                 often relatively easy for an active attacker ot inject UDP
- *                 datagrams. On one hand, setting a low limit here makes it
- *                 easier for such an attacker to forcibly terminated a
- *                 connection. On the other hand, a high limit or no limit
- *                 might make us waste resources checking authentication on
- *                 many bogus packets.
- */
-void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
-#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-/**
- * \brief          Set retransmit timeout values for the DTLS handshake.
- *                 (DTLS only, no effect on TLS.)
- *
- * \param conf     SSL configuration
- * \param min      Initial timeout value in milliseconds.
- *                 Default: 1000 (1 second).
- * \param max      Maximum timeout value in milliseconds.
- *                 Default: 60000 (60 seconds).
- *
- * \note           Default values are from RFC 6347 section 4.2.4.1.
- *
- * \note           The 'min' value should typically be slightly above the
- *                 expected round-trip time to your peer, plus whatever time
- *                 it takes for the peer to process the message. For example,
- *                 if your RTT is about 600ms and you peer needs up to 1s to
- *                 do the cryptographic operations in the handshake, then you
- *                 should set 'min' slightly above 1600. Lower values of 'min'
- *                 might cause spurious resends which waste network resources,
- *                 while larger value of 'min' will increase overall latency
- *                 on unreliable network links.
- *
- * \note           The more unreliable your network connection is, the larger
- *                 your max / min ratio needs to be in order to achieve
- *                 reliable handshakes.
- *
- * \note           Messages are retransmitted up to log2(ceil(max/min)) times.
- *                 For example, if min = 1s and max = 5s, the retransmit plan
- *                 goes: send ... 1s -> resend ... 2s -> resend ... 4s ->
- *                 resend ... 5s -> give up and return a timeout error.
- */
-void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-#if defined(MBEDTLS_SSL_SRV_C)
-/**
- * \brief          Set the session cache callbacks (server-side only)
- *                 If not set, no session resuming is done (except if session
- *                 tickets are enabled too).
- *
- *                 The session cache has the responsibility to check for stale
- *                 entries based on timeout. See RFC 5246 for recommendations.
- *
- *                 Warning: session.peer_cert is cleared by the SSL/TLS layer on
- *                 connection shutdown, so do not cache the pointer! Either set
- *                 it to NULL or make a full copy of the certificate.
- *
- *                 The get callback is called once during the initial handshake
- *                 to enable session resuming. The get function has the
- *                 following parameters: (void *parameter, mbedtls_ssl_session *session)
- *                 If a valid entry is found, it should fill the master of
- *                 the session object with the cached values and return 0,
- *                 return 1 otherwise. Optionally peer_cert can be set as well
- *                 if it is properly present in cache entry.
- *
- *                 The set callback is called once during the initial handshake
- *                 to enable session resuming after the entire handshake has
- *                 been finished. The set function has the following parameters:
- *                 (void *parameter, const mbedtls_ssl_session *session). The function
- *                 should create a cache entry for future retrieval based on
- *                 the data in the session structure and should keep in mind
- *                 that the mbedtls_ssl_session object presented (and all its referenced
- *                 data) is cleared by the SSL/TLS layer when the connection is
- *                 terminated. It is recommended to add metadata to determine if
- *                 an entry is still valid in the future. Return 0 if
- *                 successfully cached, return 1 otherwise.
- *
- * \param conf           SSL configuration
- * \param p_cache        parmater (context) for both callbacks
- * \param f_get_cache    session get callback
- * \param f_set_cache    session set callback
- */
-void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
-        void *p_cache,
-        int (*f_get_cache)(void *, mbedtls_ssl_session *),
-        int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
-#endif /* MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_CLI_C)
-/**
- * \brief          Request resumption of session (client-side only)
- *                 Session data is copied from presented session structure.
- *
- * \param ssl      SSL context
- * \param session  session context
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
- *                 arguments are otherwise invalid
- *
- * \sa             mbedtls_ssl_get_session()
- */
-int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
-#endif /* MBEDTLS_SSL_CLI_C */
-
-/**
- * \brief               Set the list of allowed ciphersuites and the preference
- *                      order. First in the list has the highest preference.
- *                      (Overrides all version-specific lists)
- *
- *                      The ciphersuites array is not copied, and must remain
- *                      valid for the lifetime of the ssl_config.
- *
- *                      Note: The server uses its own preferences
- *                      over the preference of the client unless
- *                      MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
- *
- * \param conf          SSL configuration
- * \param ciphersuites  0-terminated list of allowed ciphersuites
- */
-void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
-                                   const int *ciphersuites );
-
-/**
- * \brief               Set the list of allowed ciphersuites and the
- *                      preference order for a specific version of the protocol.
- *                      (Only useful on the server side)
- *
- *                      The ciphersuites array is not copied, and must remain
- *                      valid for the lifetime of the ssl_config.
- *
- * \param conf          SSL configuration
- * \param ciphersuites  0-terminated list of allowed ciphersuites
- * \param major         Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3
- *                      supported)
- * \param minor         Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
- *                      MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
- *                      MBEDTLS_SSL_MINOR_VERSION_3 supported)
- *
- * \note                With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
- *                      and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
- */
-void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
-                                       const int *ciphersuites,
-                                       int major, int minor );
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief          Set the X.509 security profile used for verification
- *
- * \note           The restrictions are enforced for all certificates in the
- *                 chain. However, signatures in the handshake are not covered
- *                 by this setting but by \b mbedtls_ssl_conf_sig_hashes().
- *
- * \param conf     SSL configuration
- * \param profile  Profile to use
- */
-void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
-                                    const mbedtls_x509_crt_profile *profile );
-
-/**
- * \brief          Set the data required to verify peer certificate
- *
- * \param conf     SSL configuration
- * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
- * \param ca_crl   trusted CA CRLs
- */
-void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
-                               mbedtls_x509_crt *ca_chain,
-                               mbedtls_x509_crl *ca_crl );
-
-/**
- * \brief          Set own certificate chain and private key
- *
- * \note           own_cert should contain in order from the bottom up your
- *                 certificate chain. The top certificate (self-signed)
- *                 can be omitted.
- *
- * \note           On server, this function can be called multiple times to
- *                 provision more than one cert/key pair (eg one ECDSA, one
- *                 RSA with SHA-256, one RSA with SHA-1). An adequate
- *                 certificate will be selected according to the client's
- *                 advertised capabilities. In case mutliple certificates are
- *                 adequate, preference is given to the one set by the first
- *                 call to this function, then second, etc.
- *
- * \note           On client, only the first call has any effect. That is,
- *                 only one client certificate can be provisioned. The
- *                 server's preferences in its CertficateRequest message will
- *                 be ignored and our only cert will be sent regardless of
- *                 whether it matches those preferences - the server can then
- *                 decide what it wants to do with it.
- *
- * \param conf     SSL configuration
- * \param own_cert own public certificate chain
- * \param pk_key   own private key
- *
- * \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
- */
-int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
-                              mbedtls_x509_crt *own_cert,
-                              mbedtls_pk_context *pk_key );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-/**
- * \brief          Set the Pre Shared Key (PSK) and the expected identity name
- *
- * \note           This is mainly useful for clients. Servers will usually
- *                 want to use \c mbedtls_ssl_conf_psk_cb() instead.
- *
- * \note           Currently clients can only register one pre-shared key.
- *                 In other words, the servers' identity hint is ignored.
- *                 Support for setting multiple PSKs on clients and selecting
- *                 one based on the identity hint is not a planned feature but
- *                 feedback is welcomed.
- *
- * \param conf     SSL configuration
- * \param psk      pointer to the pre-shared key
- * \param psk_len  pre-shared key length
- * \param psk_identity      pointer to the pre-shared key identity
- * \param psk_identity_len  identity key length
- *
- * \return         0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
- */
-int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
-                const unsigned char *psk, size_t psk_len,
-                const unsigned char *psk_identity, size_t psk_identity_len );
-
-
-/**
- * \brief          Set the Pre Shared Key (PSK) for the current handshake
- *
- * \note           This should only be called inside the PSK callback,
- *                 ie the function passed to \c mbedtls_ssl_conf_psk_cb().
- *
- * \param ssl      SSL context
- * \param psk      pointer to the pre-shared key
- * \param psk_len  pre-shared key length
- *
- * \return         0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
- */
-int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
-                            const unsigned char *psk, size_t psk_len );
-
-/**
- * \brief          Set the PSK callback (server-side only).
- *
- *                 If set, the PSK callback is called for each
- *                 handshake where a PSK ciphersuite was negotiated.
- *                 The caller provides the identity received and wants to
- *                 receive the actual PSK data and length.
- *
- *                 The callback has the following parameters: (void *parameter,
- *                 mbedtls_ssl_context *ssl, const unsigned char *psk_identity,
- *                 size_t identity_len)
- *                 If a valid PSK identity is found, the callback should use
- *                 \c mbedtls_ssl_set_hs_psk() on the ssl context to set the
- *                 correct PSK and return 0.
- *                 Any other return value will result in a denied PSK identity.
- *
- * \note           If you set a PSK callback using this function, then you
- *                 don't need to set a PSK key and identity using
- *                 \c mbedtls_ssl_conf_psk().
- *
- * \param conf     SSL configuration
- * \param f_psk    PSK identity function
- * \param p_psk    PSK identity parameter
- */
-void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
-                     int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
-                                  size_t),
-                     void *p_psk );
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-
-/**
- * \brief          Set the Diffie-Hellman public P and G values,
- *                 read as hexadecimal strings (server-side only)
- *                 (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG])
- *
- * \param conf     SSL configuration
- * \param dhm_P    Diffie-Hellman-Merkle modulus
- * \param dhm_G    Diffie-Hellman-Merkle generator
- *
- * \deprecated     Superseded by \c mbedtls_ssl_conf_dh_param_bin.
- *
- * \return         0 if successful
- */
-MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf,
-                                                  const char *dhm_P,
-                                                  const char *dhm_G );
-
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief          Set the Diffie-Hellman public P and G values
- *                 from big-endian binary presentations.
- *                 (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN)
- *
- * \param conf     SSL configuration
- * \param dhm_P    Diffie-Hellman-Merkle modulus in big-endian binary form
- * \param P_len    Length of DHM modulus
- * \param dhm_G    Diffie-Hellman-Merkle generator in big-endian binary form
- * \param G_len    Length of DHM generator
- *
- * \return         0 if successful
- */
-int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
-                                   const unsigned char *dhm_P, size_t P_len,
-                                   const unsigned char *dhm_G,  size_t G_len );
-
-/**
- * \brief          Set the Diffie-Hellman public P and G values,
- *                 read from existing context (server-side only)
- *
- * \param conf     SSL configuration
- * \param dhm_ctx  Diffie-Hellman-Merkle context
- *
- * \return         0 if successful
- */
-int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
-#endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
-/**
- * \brief          Set the minimum length for Diffie-Hellman parameters.
- *                 (Client-side only.)
- *                 (Default: 1024 bits.)
- *
- * \param conf     SSL configuration
- * \param bitlen   Minimum bit length of the DHM prime
- */
-void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
-                                      unsigned int bitlen );
-#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * \brief          Set the allowed curves in order of preference.
- *                 (Default: all defined curves.)
- *
- *                 On server: this only affects selection of the ECDHE curve;
- *                 the curves used for ECDH and ECDSA are determined by the
- *                 list of available certificates instead.
- *
- *                 On client: this affects the list of curves offered for any
- *                 use. The server can override our preference order.
- *
- *                 Both sides: limits the set of curves accepted for use in
- *                 ECDHE and in the peer's end-entity certificate.
- *
- * \note           This has no influence on which curves are allowed inside the
- *                 certificate chains, see \c mbedtls_ssl_conf_cert_profile()
- *                 for that. For the end-entity certificate however, the key
- *                 will be accepted only if it is allowed both by this list
- *                 and by the cert profile.
- *
- * \note           This list should be ordered by decreasing preference
- *                 (preferred curve first).
- *
- * \param conf     SSL configuration
- * \param curves   Ordered list of allowed curves,
- *                 terminated by MBEDTLS_ECP_DP_NONE.
- */
-void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
-                              const mbedtls_ecp_group_id *curves );
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-/**
- * \brief          Set the allowed hashes for signatures during the handshake.
- *                 (Default: all available hashes except MD5.)
- *
- * \note           This only affects which hashes are offered and can be used
- *                 for signatures during the handshake. Hashes for message
- *                 authentication and the TLS PRF are controlled by the
- *                 ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes
- *                 used for certificate signature are controlled by the
- *                 verification profile, see \c mbedtls_ssl_conf_cert_profile().
- *
- * \note           This list should be ordered by decreasing preference
- *                 (preferred hash first).
- *
- * \param conf     SSL configuration
- * \param hashes   Ordered list of allowed signature hashes,
- *                 terminated by \c MBEDTLS_MD_NONE.
- */
-void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
-                                  const int *hashes );
-#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief          Set or reset the hostname to check against the received 
- *                 server certificate. It sets the ServerName TLS extension, 
- *                 too, if that extension is enabled. (client-side only)
- *
- * \param ssl      SSL context
- * \param hostname the server hostname, may be NULL to clear hostname
- 
- * \note           Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
- *
- * \return         0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on 
- *                 allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on 
- *                 too long input hostname.
- *
- *                 Hostname set to the one provided on success (cleared
- *                 when NULL). On allocation failure hostname is cleared. 
- *                 On too long input failure, old hostname is unchanged.
- */
-int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-/**
- * \brief          Set own certificate and key for the current handshake
- *
- * \note           Same as \c mbedtls_ssl_conf_own_cert() but for use within
- *                 the SNI callback.
- *
- * \param ssl      SSL context
- * \param own_cert own public certificate chain
- * \param pk_key   own private key
- *
- * \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
- */
-int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
-                                 mbedtls_x509_crt *own_cert,
-                                 mbedtls_pk_context *pk_key );
-
-/**
- * \brief          Set the data required to verify peer certificate for the
- *                 current handshake
- *
- * \note           Same as \c mbedtls_ssl_conf_ca_chain() but for use within
- *                 the SNI callback.
- *
- * \param ssl      SSL context
- * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
- * \param ca_crl   trusted CA CRLs
- */
-void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
-                                  mbedtls_x509_crt *ca_chain,
-                                  mbedtls_x509_crl *ca_crl );
-
-/**
- * \brief          Set authmode for the current handshake.
- *
- * \note           Same as \c mbedtls_ssl_conf_authmode() but for use within
- *                 the SNI callback.
- *
- * \param ssl      SSL context
- * \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or
- *                 MBEDTLS_SSL_VERIFY_REQUIRED
- */
-void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
-                                  int authmode );
-
-/**
- * \brief          Set server side ServerName TLS extension callback
- *                 (optional, server-side only).
- *
- *                 If set, the ServerName callback is called whenever the
- *                 server receives a ServerName TLS extension from the client
- *                 during a handshake. The ServerName callback has the
- *                 following parameters: (void *parameter, mbedtls_ssl_context *ssl,
- *                 const unsigned char *hostname, size_t len). If a suitable
- *                 certificate is found, the callback must set the
- *                 certificate(s) and key(s) to use with \c
- *                 mbedtls_ssl_set_hs_own_cert() (can be called repeatedly),
- *                 and may optionally adjust the CA and associated CRL with \c
- *                 mbedtls_ssl_set_hs_ca_chain() as well as the client
- *                 authentication mode with \c mbedtls_ssl_set_hs_authmode(),
- *                 then must return 0. If no matching name is found, the
- *                 callback must either set a default cert, or
- *                 return non-zero to abort the handshake at this point.
- *
- * \param conf     SSL configuration
- * \param f_sni    verification function
- * \param p_sni    verification parameter
- */
-void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
-                  int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
-                               size_t),
-                  void *p_sni );
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-/**
- * \brief          Set the EC J-PAKE password for current handshake.
- *
- * \note           An internal copy is made, and destroyed as soon as the
- *                 handshake is completed, or when the SSL context is reset or
- *                 freed.
- *
- * \note           The SSL context needs to be already set up. The right place
- *                 to call this function is between \c mbedtls_ssl_setup() or
- *                 \c mbedtls_ssl_reset() and \c mbedtls_ssl_handshake().
- *
- * \param ssl      SSL context
- * \param pw       EC J-PAKE password (pre-shared secret)
- * \param pw_len   length of pw in bytes
- *
- * \return         0 on success, or a negative error code.
- */
-int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
-                                         const unsigned char *pw,
-                                         size_t pw_len );
-#endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_SSL_ALPN)
-/**
- * \brief          Set the supported Application Layer Protocols.
- *
- * \param conf     SSL configuration
- * \param protos   Pointer to a NULL-terminated list of supported protocols,
- *                 in decreasing preference order. The pointer to the list is
- *                 recorded by the library for later reference as required, so
- *                 the lifetime of the table must be atleast as long as the
- *                 lifetime of the SSL configuration structure.
- *
- * \return         0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
- */
-int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
-
-/**
- * \brief          Get the name of the negotiated Application Layer Protocol.
- *                 This function should be called after the handshake is
- *                 completed.
- *
- * \param ssl      SSL context
- *
- * \return         Protcol name, or NULL if no protocol was negotiated.
- */
-const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_SSL_ALPN */
-
-/**
- * \brief          Set the maximum supported version sent from the client side
- *                 and/or accepted at the server side
- *                 (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION)
- *
- * \note           This ignores ciphersuites from higher versions.
- *
- * \note           With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
- *                 MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
- *
- * \param conf     SSL configuration
- * \param major    Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
- * \param minor    Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
- *                 MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
- *                 MBEDTLS_SSL_MINOR_VERSION_3 supported)
- */
-void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
-
-/**
- * \brief          Set the minimum accepted SSL/TLS protocol version
- *                 (Default: TLS 1.0)
- *
- * \note           Input outside of the SSL_MAX_XXXXX_VERSION and
- *                 SSL_MIN_XXXXX_VERSION range is ignored.
- *
- * \note           MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided.
- *
- * \note           With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
- *                 MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
- *
- * \param conf     SSL configuration
- * \param major    Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
- * \param minor    Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
- *                 MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
- *                 MBEDTLS_SSL_MINOR_VERSION_3 supported)
- */
-void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
-
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
-/**
- * \brief          Set the fallback flag (client-side only).
- *                 (Default: MBEDTLS_SSL_IS_NOT_FALLBACK).
- *
- * \note           Set to MBEDTLS_SSL_IS_FALLBACK when preparing a fallback
- *                 connection, that is a connection with max_version set to a
- *                 lower value than the value you're willing to use. Such
- *                 fallback connections are not recommended but are sometimes
- *                 necessary to interoperate with buggy (version-intolerant)
- *                 servers.
- *
- * \warning        You should NOT set this to MBEDTLS_SSL_IS_FALLBACK for
- *                 non-fallback connections! This would appear to work for a
- *                 while, then cause failures when the server is upgraded to
- *                 support a newer TLS version.
- *
- * \param conf     SSL configuration
- * \param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK
- */
-void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback );
-#endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-/**
- * \brief           Enable or disable Encrypt-then-MAC
- *                  (Default: MBEDTLS_SSL_ETM_ENABLED)
- *
- * \note            This should always be enabled, it is a security
- *                  improvement, and should not cause any interoperability
- *                  issue (used only if the peer supports it too).
- *
- * \param conf      SSL configuration
- * \param etm       MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
- */
-void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-/**
- * \brief           Enable or disable Extended Master Secret negotiation.
- *                  (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)
- *
- * \note            This should always be enabled, it is a security fix to the
- *                  protocol, and should not cause any interoperability issue
- *                  (used only if the peer supports it too).
- *
- * \param conf      SSL configuration
- * \param ems       MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
- */
-void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
-#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
-
-#if defined(MBEDTLS_ARC4_C)
-/**
- * \brief          Disable or enable support for RC4
- *                 (Default: MBEDTLS_SSL_ARC4_DISABLED)
- *
- * \warning        Use of RC4 in DTLS/TLS has been prohibited by RFC 7465
- *                 for security reasons. Use at your own risk.
- *
- * \note           This function is deprecated and will likely be removed in
- *                 a future version of the library.
- *                 RC4 is disabled by default at compile time and needs to be
- *                 actively enabled for use with legacy systems.
- *
- * \param conf     SSL configuration
- * \param arc4     MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
- */
-void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 );
-#endif /* MBEDTLS_ARC4_C */
-
-#if defined(MBEDTLS_SSL_SRV_C)
-/**
- * \brief          Whether to send a list of acceptable CAs in
- *                 CertificateRequest messages.
- *                 (Default: do send)
- *
- * \param conf     SSL configuration
- * \param cert_req_ca_list   MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or
- *                          MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED
- */
-void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
-                                          char cert_req_ca_list );
-#endif /* MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-/**
- * \brief          Set the maximum fragment length to emit and/or negotiate
- *                 (Default: the smaller of MBEDTLS_SSL_IN_CONTENT_LEN and
- *                 MBEDTLS_SSL_OUT_CONTENT_LEN, usually 2^14 bytes)
- *                 (Server: set maximum fragment length to emit,
- *                 usually negotiated by the client during handshake
- *                 (Client: set maximum fragment length to emit *and*
- *                 negotiate with the server during handshake)
- *
- * \param conf     SSL configuration
- * \param mfl_code Code for maximum fragment length (allowed values:
- *                 MBEDTLS_SSL_MAX_FRAG_LEN_512,  MBEDTLS_SSL_MAX_FRAG_LEN_1024,
- *                 MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096)
- *
- * \return         0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
- */
-int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-/**
- * \brief          Activate negotiation of truncated HMAC
- *                 (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
- *
- * \param conf     SSL configuration
- * \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or
- *                                    MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
- */
-void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-/**
- * \brief          Enable / Disable 1/n-1 record splitting
- *                 (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED)
- *
- * \note           Only affects SSLv3 and TLS 1.0, not higher versions.
- *                 Does not affect non-CBC ciphersuites in any version.
- *
- * \param conf     SSL configuration
- * \param split    MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or
- *                 MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
- */
-void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split );
-#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
-/**
- * \brief          Enable / Disable session tickets (client only).
- *                 (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.)
- *
- * \note           On server, use \c mbedtls_ssl_conf_session_tickets_cb().
- *
- * \param conf     SSL configuration
- * \param use_tickets   Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
- *                                         MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
- */
-void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-/**
- * \brief          Enable / Disable renegotiation support for connection when
- *                 initiated by peer
- *                 (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
- *
- * \warning        It is recommended to always disable renegotation unless you
- *                 know you need it and you know what you're doing. In the
- *                 past, there have been several issues associated with
- *                 renegotiation or a poor understanding of its properties.
- *
- * \note           Server-side, enabling renegotiation also makes the server
- *                 susceptible to a resource DoS by a malicious client.
- *
- * \param conf    SSL configuration
- * \param renegotiation     Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
- *                                             MBEDTLS_SSL_RENEGOTIATION_DISABLED)
- */
-void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-/**
- * \brief          Prevent or allow legacy renegotiation.
- *                 (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
- *
- *                 MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to
- *                 be established even if the peer does not support
- *                 secure renegotiation, but does not allow renegotiation
- *                 to take place if not secure.
- *                 (Interoperable and secure option)
- *
- *                 MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
- *                 with non-upgraded peers. Allowing legacy renegotiation
- *                 makes the connection vulnerable to specific man in the
- *                 middle attacks. (See RFC 5746)
- *                 (Most interoperable and least secure option)
- *
- *                 MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
- *                 if peer does not support secure renegotiation. Results
- *                 in interoperability issues with non-upgraded peers
- *                 that do not support renegotiation altogether.
- *                 (Most secure option, interoperability issues)
- *
- * \param conf     SSL configuration
- * \param allow_legacy  Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
- *                                        SSL_ALLOW_LEGACY_RENEGOTIATION or
- *                                        MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
- */
-void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-/**
- * \brief          Enforce renegotiation requests.
- *                 (Default: enforced, max_records = 16)
- *
- *                 When we request a renegotiation, the peer can comply or
- *                 ignore the request. This function allows us to decide
- *                 whether to enforce our renegotiation requests by closing
- *                 the connection if the peer doesn't comply.
- *
- *                 However, records could already be in transit from the peer
- *                 when the request is emitted. In order to increase
- *                 reliability, we can accept a number of records before the
- *                 expected handshake records.
- *
- *                 The optimal value is highly dependent on the specific usage
- *                 scenario.
- *
- * \note           With DTLS and server-initiated renegotiation, the
- *                 HelloRequest is retransmited every time mbedtls_ssl_read() times
- *                 out or receives Application Data, until:
- *                 - max_records records have beens seen, if it is >= 0, or
- *                 - the number of retransmits that would happen during an
- *                 actual handshake has been reached.
- *                 Please remember the request might be lost a few times
- *                 if you consider setting max_records to a really low value.
- *
- * \warning        On client, the grace period can only happen during
- *                 mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate()
- *                 which always behave as if max_record was 0. The reason is,
- *                 if we receive application data from the server, we need a
- *                 place to write it, which only happens during mbedtls_ssl_read().
- *
- * \param conf     SSL configuration
- * \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
- *                 enforce renegotiation, or a non-negative value to enforce
- *                 it but allow for a grace period of max_records records.
- */
-void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
-
-/**
- * \brief          Set record counter threshold for periodic renegotiation.
- *                 (Default: 2^48 - 1)
- *
- *                 Renegotiation is automatically triggered when a record
- *                 counter (outgoing or ingoing) crosses the defined
- *                 threshold. The default value is meant to prevent the
- *                 connection from being closed when the counter is about to
- *                 reached its maximal value (it is not allowed to wrap).
- *
- *                 Lower values can be used to enforce policies such as "keys
- *                 must be refreshed every N packets with cipher X".
- *
- *                 The renegotiation period can be disabled by setting
- *                 conf->disable_renegotiation to
- *                 MBEDTLS_SSL_RENEGOTIATION_DISABLED.
- *
- * \note           When the configured transport is
- *                 MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation
- *                 period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM,
- *                 the maximum renegotiation period is 2^64 - 1.
- *
- * \param conf     SSL configuration
- * \param period   The threshold value: a big-endian 64-bit number.
- */
-void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
-                                   const unsigned char period[8] );
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-/**
- * \brief          Return the number of data bytes available to read
- *
- * \param ssl      SSL context
- *
- * \return         how many bytes are available in the read buffer
- */
-size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Return the result of the certificate verification
- *
- * \param ssl      SSL context
- *
- * \return         0 if successful,
- *                 -1 if result is not available (eg because the handshake was
- *                 aborted too early), or
- *                 a combination of BADCERT_xxx and BADCRL_xxx flags, see
- *                 x509.h
- */
-uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Return the name of the current ciphersuite
- *
- * \param ssl      SSL context
- *
- * \return         a string containing the ciphersuite name
- */
-const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Return the current SSL version (SSLv3/TLSv1/etc)
- *
- * \param ssl      SSL context
- *
- * \return         a string containing the SSL version
- */
-const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Return the (maximum) number of bytes added by the record
- *                 layer: header + encryption/MAC overhead (inc. padding)
- *
- * \param ssl      SSL context
- *
- * \return         Current maximum record expansion in bytes, or
- *                 MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if compression is
- *                 enabled, which makes expansion much less predictable
- */
-int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-/**
- * \brief          Return the maximum fragment length (payload, in bytes).
- *                 This is the value negotiated with peer if any,
- *                 or the locally configured value.
- *
- * \note           With DTLS, \c mbedtls_ssl_write() will return an error if
- *                 called with a larger length value.
- *                 With TLS, \c mbedtls_ssl_write() will fragment the input if
- *                 necessary and return the number of bytes written; it is up
- *                 to the caller to call \c mbedtls_ssl_write() again in
- *                 order to send the remaining bytes if any.
- *
- * \param ssl      SSL context
- *
- * \return         Current maximum fragment length.
- */
-size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief          Return the peer certificate from the current connection
- *
- *                 Note: Can be NULL in case no certificate was sent during
- *                 the handshake. Different calls for the same connection can
- *                 return the same or different pointers for the same
- *                 certificate and even a different certificate altogether.
- *                 The peer cert CAN change in a single connection if
- *                 renegotiation is performed.
- *
- * \param ssl      SSL context
- *
- * \return         the current peer certificate
- */
-const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_CLI_C)
-/**
- * \brief          Save session in order to resume it later (client-side only)
- *                 Session data is copied to presented session structure.
- *
- * \warning        Currently, peer certificate is lost in the operation.
- *
- * \param ssl      SSL context
- * \param session  session context
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
- *                 arguments are otherwise invalid
- *
- * \sa             mbedtls_ssl_set_session()
- */
-int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session );
-#endif /* MBEDTLS_SSL_CLI_C */
-
-/**
- * \brief          Perform the SSL handshake
- *
- * \param ssl      SSL context
- *
- * \return         0 if successful, or
- *                 MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
- *                 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED (see below), or
- *                 a specific SSL error code.
- *
- * \note           If this function returns something other than 0 or
- *                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
- *                 becomes unusable, and you should either free it or call
- *                 \c mbedtls_ssl_session_reset() on it before re-using it for
- *                 a new connection; the current connection must be closed.
- *
- * \note           If DTLS is in use, then you may choose to handle
- *                 MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
- *                 purposes, as it is an expected return value rather than an
- *                 actual error, but you still need to reset/free the context.
- */
-int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Perform a single step of the SSL handshake
- *
- * \note           The state of the context (ssl->state) will be at
- *                 the next state after execution of this function. Do not
- *                 call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
- *
- * \note           If this function returns something other than 0 or
- *                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
- *                 becomes unusable, and you should either free it or call
- *                 \c mbedtls_ssl_session_reset() on it before re-using it for
- *                 a new connection; the current connection must be closed.
- *
- * \param ssl      SSL context
- *
- * \return         0 if successful, or
- *                 MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
- *                 a specific SSL error code.
- */
-int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-/**
- * \brief          Initiate an SSL renegotiation on the running connection.
- *                 Client: perform the renegotiation right now.
- *                 Server: request renegotiation, which will be performed
- *                 during the next call to mbedtls_ssl_read() if honored by
- *                 client.
- *
- * \param ssl      SSL context
- *
- * \return         0 if successful, or any mbedtls_ssl_handshake() return
- *                 value.
- *
- * \note           If this function returns something other than 0 or
- *                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
- *                 becomes unusable, and you should either free it or call
- *                 \c mbedtls_ssl_session_reset() on it before re-using it for
- *                 a new connection; the current connection must be closed.
- */
-int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-/**
- * \brief          Read at most 'len' application data bytes
- *
- * \param ssl      SSL context
- * \param buf      buffer that will hold the data
- * \param len      maximum number of bytes to read
- *
- * \return         the number of bytes read, or
- *                 0 for EOF, or
- *                 MBEDTLS_ERR_SSL_WANT_READ or MBEDTLS_ERR_SSL_WANT_WRITE, or
- *                 MBEDTLS_ERR_SSL_CLIENT_RECONNECT (see below), or
- *                 another negative error code.
- *
- * \note           If this function returns something other than a positive
- *                 value or MBEDTLS_ERR_SSL_WANT_READ/WRITE or
- *                 MBEDTLS_ERR_SSL_CLIENT_RECONNECT, then the ssl context
- *                 becomes unusable, and you should either free it or call
- *                 \c mbedtls_ssl_session_reset() on it before re-using it for
- *                 a new connection; the current connection must be closed.
- *
- * \note           When this function return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
- *                 (which can only happen server-side), it means that a client
- *                 is initiating a new connection using the same source port.
- *                 You can either treat that as a connection close and wait
- *                 for the client to resend a ClientHello, or directly
- *                 continue with \c mbedtls_ssl_handshake() with the same
- *                 context (as it has beeen reset internally). Either way, you
- *                 should make sure this is seen by the application as a new
- *                 connection: application state, if any, should be reset, and
- *                 most importantly the identity of the client must be checked
- *                 again. WARNING: not validating the identity of the client
- *                 again, or not transmitting the new identity to the
- *                 application layer, would allow authentication bypass!
- */
-int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
-
-/**
- * \brief          Try to write exactly 'len' application data bytes
- *
- * \warning        This function will do partial writes in some cases. If the
- *                 return value is non-negative but less than length, the
- *                 function must be called again with updated arguments:
- *                 buf + ret, len - ret (if ret is the return value) until
- *                 it returns a value equal to the last 'len' argument.
- *
- * \param ssl      SSL context
- * \param buf      buffer holding the data
- * \param len      how many bytes must be written
- *
- * \return         the number of bytes actually written (may be less than len),
- *                 or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ,
- *                 or another negative error code.
- *
- * \note           If this function returns something other than a positive
- *                 value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, the ssl context
- *                 becomes unusable, and you should either free it or call
- *                 \c mbedtls_ssl_session_reset() on it before re-using it for
- *                 a new connection; the current connection must be closed.
- *
- * \note           When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
- *                 it must be called later with the *same* arguments,
- *                 until it returns a positive value.
- *
- * \note           If the requested length is greater than the maximum
- *                 fragment length (either the built-in limit or the one set
- *                 or negotiated with the peer), then:
- *                 - with TLS, less bytes than requested are written.
- *                 - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
- *                 \c mbedtls_ssl_get_max_frag_len() may be used to query the
- *                 active maximum fragment length.
- */
-int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
-
-/**
- * \brief           Send an alert message
- *
- * \param ssl       SSL context
- * \param level     The alert level of the message
- *                  (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL)
- * \param message   The alert message (SSL_ALERT_MSG_*)
- *
- * \return          0 if successful, or a specific SSL error code.
- *
- * \note           If this function returns something other than 0 or
- *                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
- *                 becomes unusable, and you should either free it or call
- *                 \c mbedtls_ssl_session_reset() on it before re-using it for
- *                 a new connection; the current connection must be closed.
- */
-int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
-                            unsigned char level,
-                            unsigned char message );
-/**
- * \brief          Notify the peer that the connection is being closed
- *
- * \param ssl      SSL context
- *
- * \return          0 if successful, or a specific SSL error code.
- *
- * \note           If this function returns something other than 0 or
- *                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, then the ssl context
- *                 becomes unusable, and you should either free it or call
- *                 \c mbedtls_ssl_session_reset() on it before re-using it for
- *                 a new connection; the current connection must be closed.
- */
-int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Free referenced items in an SSL context and clear memory
- *
- * \param ssl      SSL context
- */
-void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Initialize an SSL configuration context
- *                 Just makes the context ready for
- *                 mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().
- *
- * \note           You need to call mbedtls_ssl_config_defaults() unless you
- *                 manually set all of the relevent fields yourself.
- *
- * \param conf     SSL configuration context
- */
-void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
-
-/**
- * \brief          Load reasonnable default SSL configuration values.
- *                 (You need to call mbedtls_ssl_config_init() first.)
- *
- * \param conf     SSL configuration context
- * \param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
- * \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or
- *                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
- * \param preset   a MBEDTLS_SSL_PRESET_XXX value
- *
- * \note           See \c mbedtls_ssl_conf_transport() for notes on DTLS.
- *
- * \return         0 if successful, or
- *                 MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.
- */
-int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
-                                 int endpoint, int transport, int preset );
-
-/**
- * \brief          Free an SSL configuration context
- *
- * \param conf     SSL configuration context
- */
-void mbedtls_ssl_config_free( mbedtls_ssl_config *conf );
-
-/**
- * \brief          Initialize SSL session structure
- *
- * \param session  SSL session
- */
-void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
-
-/**
- * \brief          Free referenced items in an SSL session including the
- *                 peer certificate and clear memory
- *
- * \param session  SSL session
- */
-void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ssl.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_cache.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_cache.h
deleted file mode 100644
index ec081e6d..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_cache.h
+++ /dev/null
@@ -1,144 +0,0 @@
-/**
- * \file ssl_cache.h
- *
- * \brief SSL session cache implementation
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_SSL_CACHE_H
-#define MBEDTLS_SSL_CACHE_H
-
-#include "ssl.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "threading.h"
-#endif
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT)
-#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400   /*!< 1 day  */
-#endif
-
-#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES)
-#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50   /*!< Maximum entries in cache */
-#endif
-
-/* \} name SECTION: Module settings */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context;
-typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry;
-
-/**
- * \brief   This structure is used for storing cache entries
- */
-struct mbedtls_ssl_cache_entry
-{
-#if defined(MBEDTLS_HAVE_TIME)
-    mbedtls_time_t timestamp;           /*!< entry timestamp    */
-#endif
-    mbedtls_ssl_session session;        /*!< entry session      */
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    mbedtls_x509_buf peer_cert;         /*!< entry peer_cert    */
-#endif
-    mbedtls_ssl_cache_entry *next;      /*!< chain pointer      */
-};
-
-/**
- * \brief Cache context
- */
-struct mbedtls_ssl_cache_context
-{
-    mbedtls_ssl_cache_entry *chain;     /*!< start of the chain     */
-    int timeout;                /*!< cache entry timeout    */
-    int max_entries;            /*!< maximum entries        */
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_threading_mutex_t mutex;    /*!< mutex                  */
-#endif
-};
-
-/**
- * \brief          Initialize an SSL cache context
- *
- * \param cache    SSL cache context
- */
-void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache );
-
-/**
- * \brief          Cache get callback implementation
- *                 (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param data     SSL cache context
- * \param session  session to retrieve entry for
- */
-int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session );
-
-/**
- * \brief          Cache set callback implementation
- *                 (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param data     SSL cache context
- * \param session  session to store entry for
- */
-int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session );
-
-#if defined(MBEDTLS_HAVE_TIME)
-/**
- * \brief          Set the cache timeout
- *                 (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day))
- *
- *                 A timeout of 0 indicates no timeout.
- *
- * \param cache    SSL cache context
- * \param timeout  cache entry timeout in seconds
- */
-void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout );
-#endif /* MBEDTLS_HAVE_TIME */
-
-/**
- * \brief          Set the maximum number of cache entries
- *                 (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50))
- *
- * \param cache    SSL cache context
- * \param max      cache entry maximum
- */
-void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max );
-
-/**
- * \brief          Free referenced items in a cache context and clear memory
- *
- * \param cache    SSL cache context
- */
-void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ssl_cache.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_ciphersuites.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_ciphersuites.h
deleted file mode 100644
index 545468a5..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_ciphersuites.h
+++ /dev/null
@@ -1,486 +0,0 @@
-/**
- * \file ssl_ciphersuites.h
- *
- * \brief SSL Ciphersuites for mbed TLS
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_SSL_CIPHERSUITES_H
-#define MBEDTLS_SSL_CIPHERSUITES_H
-
-#include "pk.h"
-#include "cipher.h"
-#include "md.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Supported ciphersuites (Official IANA names)
- */
-#define MBEDTLS_TLS_RSA_WITH_NULL_MD5                    0x01   /**< Weak! */
-#define MBEDTLS_TLS_RSA_WITH_NULL_SHA                    0x02   /**< Weak! */
-
-#define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5                 0x04
-#define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA                 0x05
-#define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA                 0x09   /**< Weak! Not in TLS 1.2 */
-
-#define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA            0x0A
-
-#define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA             0x15   /**< Weak! Not in TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA        0x16
-
-#define MBEDTLS_TLS_PSK_WITH_NULL_SHA                    0x2C   /**< Weak! */
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA                0x2D   /**< Weak! */
-#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA                0x2E   /**< Weak! */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA             0x2F
-
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA         0x33
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA             0x35
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA         0x39
-
-#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256                 0x3B   /**< Weak! */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256          0x3C   /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256          0x3D   /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA        0x41
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA    0x45
-
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256      0x67   /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256      0x6B   /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        0x84
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    0x88
-
-#define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA                 0x8A
-#define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA            0x8B
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA             0x8C
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA             0x8D
-
-#define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA             0x8E
-#define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA        0x8F
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA         0x90
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA         0x91
-
-#define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA             0x92
-#define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA        0x93
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA         0x94
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA         0x95
-
-#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256          0x9C   /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384          0x9D   /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      0x9E   /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      0x9F   /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256          0xA8   /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384          0xA9   /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256      0xAA   /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384      0xAB   /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256      0xAC   /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384      0xAD   /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256          0xAE
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384          0xAF
-#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256                 0xB0   /**< Weak! */
-#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384                 0xB1   /**< Weak! */
-
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256      0xB2
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384      0xB3
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256             0xB4   /**< Weak! */
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384             0xB5   /**< Weak! */
-
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256      0xB6
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384      0xB7
-#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256             0xB8   /**< Weak! */
-#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384             0xB9   /**< Weak! */
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     0xBA   /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE   /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256     0xC0   /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4   /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA             0xC001 /**< Weak! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA          0xC002 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA     0xC003 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA      0xC004 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA      0xC005 /**< Not in SSL3! */
-
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA            0xC006 /**< Weak! */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA         0xC007 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA    0xC008 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA     0xC009 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA     0xC00A /**< Not in SSL3! */
-
-#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA               0xC00B /**< Weak! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA            0xC00C /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA       0xC00D /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA        0xC00E /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA        0xC00F /**< Not in SSL3! */
-
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA              0xC010 /**< Weak! */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA           0xC011 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA      0xC012 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA       0xC013 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA       0xC014 /**< Not in SSL3! */
-
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  0xC023 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  0xC024 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256   0xC025 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384   0xC026 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256    0xC027 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384    0xC028 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256     0xC029 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384     0xC02A /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  0xC02B /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  0xC02C /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256   0xC02D /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384   0xC02E /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    0xC02F /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    0xC030 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256     0xC031 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384     0xC032 /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA           0xC033 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA      0xC034 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA       0xC035 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA       0xC036 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0xC037 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384    0xC038 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA              0xC039 /**< Weak! No SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256           0xC03A /**< Weak! No SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384           0xC03B /**< Weak! No SSL3! */
-
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  0xC074 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  0xC075 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0xC076 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0xC077 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    0xC078 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    0xC079 /**< Not in SSL3! */
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256         0xC07A /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384         0xC07B /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256     0xC07C /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384     0xC07D /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  0xC088 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  0xC089 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256   0xC08A /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384   0xC08B /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256    0xC08C /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384    0xC08D /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256       0xC08E /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384       0xC08F /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC090 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC091 /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC092 /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC093 /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256       0xC094
-#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384       0xC095
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC096
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC097
-#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC098
-#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC099
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */
-
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM                0xC09C  /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM                0xC09D  /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM            0xC09E  /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM            0xC09F  /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8              0xC0A0  /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8              0xC0A1  /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8          0xC0A2  /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8          0xC0A3  /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM                0xC0A4  /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM                0xC0A5  /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM            0xC0A6  /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM            0xC0A7  /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8              0xC0A8  /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8              0xC0A9  /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8          0xC0AA  /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8          0xC0AB  /**< TLS 1.2 */
-/* The last two are named with PSK_DHE in the RFC, which looks like a typo */
-
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM        0xC0AC  /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM        0xC0AD  /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8      0xC0AE  /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8      0xC0AF  /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8          0xC0FF  /**< experimental */
-
-/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
- * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
- */
-typedef enum {
-    MBEDTLS_KEY_EXCHANGE_NONE = 0,
-    MBEDTLS_KEY_EXCHANGE_RSA,
-    MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-    MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-    MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-    MBEDTLS_KEY_EXCHANGE_PSK,
-    MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-    MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-    MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-    MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-    MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-    MBEDTLS_KEY_EXCHANGE_ECJPAKE,
-} mbedtls_key_exchange_type_t;
-
-/* Key exchanges using a certificate */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)           || \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)   || \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)      || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
-#endif
-
-/* Key exchanges allowing client certificate requests */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)           ||       \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       ||       \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)      ||       \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     ||       \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)    ||       \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) 
-#define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED
-#endif
-
-/* Key exchanges involving server signature in ServerKeyExchange */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED
-#endif
-
-/* Key exchanges using ECDH */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)      || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED
-#endif
-
-/* Key exchanges that don't involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)           || \
-    defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)           || \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED
-#endif
-
-/* Key exchanges that involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)   || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED
-#endif
-
-/* Key exchanges using a PSK */
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)           || \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
-#endif
-
-/* Key exchanges using DHE */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED
-#endif
-
-/* Key exchanges using ECDHE */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)   || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED
-#endif
-
-typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
-
-#define MBEDTLS_CIPHERSUITE_WEAK       0x01    /**< Weak ciphersuite flag  */
-#define MBEDTLS_CIPHERSUITE_SHORT_TAG  0x02    /**< Short authentication tag,
-                                                     eg for CCM_8 */
-#define MBEDTLS_CIPHERSUITE_NODTLS     0x04    /**< Can't be used with DTLS */
-
-/**
- * \brief   This structure is used for storing ciphersuite information
- */
-struct mbedtls_ssl_ciphersuite_t
-{
-    int id;
-    const char * name;
-
-    mbedtls_cipher_type_t cipher;
-    mbedtls_md_type_t mac;
-    mbedtls_key_exchange_type_t key_exchange;
-
-    int min_major_ver;
-    int min_minor_ver;
-    int max_major_ver;
-    int max_minor_ver;
-
-    unsigned char flags;
-};
-
-const int *mbedtls_ssl_list_ciphersuites( void );
-
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id );
-
-#if defined(MBEDTLS_PK_C)
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info );
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info );
-#endif
-
-int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info );
-int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED)
-static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED)
-static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */
-
-static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED) */
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED) */
-
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ssl_ciphersuites.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h
deleted file mode 100644
index 80b65bbb..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_cookie.h
+++ /dev/null
@@ -1,109 +0,0 @@
-/**
- * \file ssl_cookie.h
- *
- * \brief DTLS cookie callbacks implementation
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_SSL_COOKIE_H
-#define MBEDTLS_SSL_COOKIE_H
-
-#include "ssl.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "threading.h"
-#endif
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-#ifndef MBEDTLS_SSL_COOKIE_TIMEOUT
-#define MBEDTLS_SSL_COOKIE_TIMEOUT     60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
-#endif
-
-/* \} name SECTION: Module settings */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Context for the default cookie functions.
- */
-typedef struct
-{
-    mbedtls_md_context_t    hmac_ctx;   /*!< context for the HMAC portion   */
-#if !defined(MBEDTLS_HAVE_TIME)
-    unsigned long   serial;     /*!< serial number for expiration   */
-#endif
-    unsigned long   timeout;    /*!< timeout delay, in seconds if HAVE_TIME,
-                                     or in number of tickets issued */
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_threading_mutex_t mutex;
-#endif
-} mbedtls_ssl_cookie_ctx;
-
-/**
- * \brief          Initialize cookie context
- */
-void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx );
-
-/**
- * \brief          Setup cookie context (generate keys)
- */
-int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng );
-
-/**
- * \brief          Set expiration delay for cookies
- *                 (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
- *
- * \param ctx      Cookie contex
- * \param delay    Delay, in seconds if HAVE_TIME, or in number of cookies
- *                 issued in the meantime.
- *                 0 to disable expiration (NOT recommended)
- */
-void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay );
-
-/**
- * \brief          Free cookie context
- */
-void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx );
-
-/**
- * \brief          Generate cookie, see \c mbedtls_ssl_cookie_write_t
- */
-mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write;
-
-/**
- * \brief          Verify cookie, see \c mbedtls_ssl_cookie_write_t
- */
-mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ssl_cookie.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_internal.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_internal.h
deleted file mode 100644
index 3fdf9142..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_internal.h
+++ /dev/null
@@ -1,695 +0,0 @@
-/**
- * \file ssl_internal.h
- *
- * \brief Internal functions shared by the SSL modules
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_SSL_INTERNAL_H
-#define MBEDTLS_SSL_INTERNAL_H
-
-#include "ssl.h"
-#include "cipher.h"
-
-#if defined(MBEDTLS_MD5_C)
-#include "md5.h"
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
-#include "sha1.h"
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-#include "sha256.h"
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-#include "sha512.h"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#include "ecjpake.h"
-#endif
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-/* Determine minimum supported version */
-#define MBEDTLS_SSL_MIN_MAJOR_VERSION           MBEDTLS_SSL_MAJOR_VERSION_3
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_0
-#else
-#if defined(MBEDTLS_SSL_PROTO_TLS1)
-#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_1
-#else
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
-#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_2
-#else
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_3
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
-#endif /* MBEDTLS_SSL_PROTO_TLS1   */
-#endif /* MBEDTLS_SSL_PROTO_SSL3   */
-
-#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
-#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
-
-/* Determine maximum supported version */
-#define MBEDTLS_SSL_MAX_MAJOR_VERSION           MBEDTLS_SSL_MAJOR_VERSION_3
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_3
-#else
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
-#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_2
-#else
-#if defined(MBEDTLS_SSL_PROTO_TLS1)
-#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_1
-#else
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_0
-#endif /* MBEDTLS_SSL_PROTO_SSL3   */
-#endif /* MBEDTLS_SSL_PROTO_TLS1   */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#define MBEDTLS_SSL_INITIAL_HANDSHAKE           0
-#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS   1   /* In progress */
-#define MBEDTLS_SSL_RENEGOTIATION_DONE          2   /* Done or aborted */
-#define MBEDTLS_SSL_RENEGOTIATION_PENDING       3   /* Requested (server only) */
-
-/*
- * DTLS retransmission states, see RFC 6347 4.2.4
- *
- * The SENDING state is merged in PREPARING for initial sends,
- * but is distinct for resends.
- *
- * Note: initial state is wrong for server, but is not used anyway.
- */
-#define MBEDTLS_SSL_RETRANS_PREPARING       0
-#define MBEDTLS_SSL_RETRANS_SENDING         1
-#define MBEDTLS_SSL_RETRANS_WAITING         2
-#define MBEDTLS_SSL_RETRANS_FINISHED        3
-
-/*
- * Allow extra bytes for record, authentication and encryption overhead:
- * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
- * and allow for a maximum of 1024 of compression expansion if
- * enabled.
- */
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-#define MBEDTLS_SSL_COMPRESSION_ADD          1024
-#else
-#define MBEDTLS_SSL_COMPRESSION_ADD             0
-#endif
-
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC)
-/* Ciphersuites using HMAC */
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_SSL_MAC_ADD                 48  /* SHA-384 used for HMAC */
-#elif defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_SSL_MAC_ADD                 32  /* SHA-256 used for HMAC */
-#else
-#define MBEDTLS_SSL_MAC_ADD                 20  /* SHA-1   used for HMAC */
-#endif
-#else
-/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
-#define MBEDTLS_SSL_MAC_ADD                 16
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_SSL_PADDING_ADD            256
-#else
-#define MBEDTLS_SSL_PADDING_ADD              0
-#endif
-
-#define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD +    \
-                                       MBEDTLS_MAX_IV_LENGTH +          \
-                                       MBEDTLS_SSL_MAC_ADD +            \
-                                       MBEDTLS_SSL_PADDING_ADD          \
-                                       )
- #define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
-                                     ( MBEDTLS_SSL_IN_CONTENT_LEN ) )
- #define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
-                                      ( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
- /* Maximum length we can advertise as our max content length for
-   RFC 6066 max_fragment_length extension negotiation purposes
-   (the lesser of both sizes, if they are unequal.)
- */
-#define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN (                            \
-        (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN)   \
-        ? ( MBEDTLS_SSL_OUT_CONTENT_LEN )                            \
-        : ( MBEDTLS_SSL_IN_CONTENT_LEN )                             \
-        )
-
-/*
- * Check that we obey the standard's message size bounds
- */
-
-#if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384
-#error "Bad configuration - record content too large."
-#endif
-
- #if MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
-#error "Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
-#endif
-
- #if MBEDTLS_SSL_OUT_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
-#error "Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
-#endif
-
- #if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
-#error "Bad configuration - incoming protected record payload too large."
-#endif
-
-#if MBEDTLS_SSL_OUT_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
-#error "Bad configuration - outgoing protected record payload too large."
-#endif
-
-/* Calculate buffer sizes */
-
-/* Note: Even though the TLS record header is only 5 bytes
-   long, we're internally using 8 bytes to store the
-   implicit sequence number. */
-#define MBEDTLS_SSL_HEADER_LEN 13
-
-#define MBEDTLS_SSL_IN_BUFFER_LEN  \
-    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
- #define MBEDTLS_SSL_OUT_BUFFER_LEN  \
-    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
- #ifdef MBEDTLS_ZLIB_SUPPORT
-/* Compression buffer holds both IN and OUT buffers, so should be size of the larger */
-#define MBEDTLS_SSL_COMPRESS_BUFFER_LEN (                               \
-        ( MBEDTLS_SSL_IN_BUFFER_LEN > MBEDTLS_SSL_OUT_BUFFER_LEN )      \
-        ? MBEDTLS_SSL_IN_BUFFER_LEN                                     \
-        : MBEDTLS_SSL_OUT_BUFFER_LEN                                    \
-        )
-#endif
-
-/*
- * TLS extension flags (for extensions with outgoing ServerHello content
- * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
- * of state of the renegotiation flag, so no indicator is required)
- */
-#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
-#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK                 (1 << 1)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-/*
- * Abstraction for a grid of allowed signature-hash-algorithm pairs.
- */
-struct mbedtls_ssl_sig_hash_set_t
-{
-    /* At the moment, we only need to remember a single suitable
-     * hash algorithm per signature algorithm. As long as that's
-     * the case - and we don't need a general lookup function -
-     * we can implement the sig-hash-set as a map from signatures
-     * to hash algorithms. */
-    mbedtls_md_type_t rsa;
-    mbedtls_md_type_t ecdsa;
-};
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
-          MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
-
-/*
- * This structure contains the parameters only needed during handshake.
- */
-struct mbedtls_ssl_handshake_params
-{
-    /*
-     * Handshake specific crypto variables
-     */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-    mbedtls_ssl_sig_hash_set_t hash_algs;             /*!<  Set of suitable sig-hash pairs */
-#endif
-#if defined(MBEDTLS_DHM_C)
-    mbedtls_dhm_context dhm_ctx;                /*!<  DHM key exchange        */
-#endif
-#if defined(MBEDTLS_ECDH_C)
-    mbedtls_ecdh_context ecdh_ctx;              /*!<  ECDH key exchange       */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    mbedtls_ecjpake_context ecjpake_ctx;        /*!< EC J-PAKE key exchange */
-#if defined(MBEDTLS_SSL_CLI_C)
-    unsigned char *ecjpake_cache;               /*!< Cache for ClientHello ext */
-    size_t ecjpake_cache_len;                   /*!< Length of cached data */
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    const mbedtls_ecp_curve_info **curves;      /*!<  Supported elliptic curves */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-    unsigned char *psk;                 /*!<  PSK from the callback         */
-    size_t psk_len;                     /*!<  Length of PSK from callback   */
-#endif
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    mbedtls_ssl_key_cert *key_cert;     /*!< chosen key/cert pair (server)  */
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    int sni_authmode;                   /*!< authmode from SNI callback     */
-    mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI         */
-    mbedtls_x509_crt *sni_ca_chain;     /*!< trusted CAs from SNI callback  */
-    mbedtls_x509_crl *sni_ca_crl;       /*!< trusted CAs CRLs from SNI      */
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    unsigned int out_msg_seq;           /*!<  Outgoing handshake sequence number */
-    unsigned int in_msg_seq;            /*!<  Incoming handshake sequence number */
-
-    unsigned char *verify_cookie;       /*!<  Cli: HelloVerifyRequest cookie
-                                              Srv: unused                    */
-    unsigned char verify_cookie_len;    /*!<  Cli: cookie length
-                                              Srv: flag for sending a cookie */
-
-    unsigned char *hs_msg;              /*!<  Reassembled handshake message  */
-
-    uint32_t retransmit_timeout;        /*!<  Current value of timeout       */
-    unsigned char retransmit_state;     /*!<  Retransmission state           */
-    mbedtls_ssl_flight_item *flight;            /*!<  Current outgoing flight        */
-    mbedtls_ssl_flight_item *cur_msg;           /*!<  Current message in flight      */
-    unsigned int in_flight_start_seq;   /*!<  Minimum message sequence in the
-                                              flight being received          */
-    mbedtls_ssl_transform *alt_transform_out;   /*!<  Alternative transform for
-                                              resending messages             */
-    unsigned char alt_out_ctr[8];       /*!<  Alternative record epoch/counter
-                                              for resending messages         */
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-    /*
-     * Checksum contexts
-     */
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-       mbedtls_md5_context fin_md5;
-      mbedtls_sha1_context fin_sha1;
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-    mbedtls_sha256_context fin_sha256;
-#endif
-#if defined(MBEDTLS_SHA512_C)
-    mbedtls_sha512_context fin_sha512;
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-    void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
-    void (*calc_verify)(mbedtls_ssl_context *, unsigned char *);
-    void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
-    int  (*tls_prf)(const unsigned char *, size_t, const char *,
-                    const unsigned char *, size_t,
-                    unsigned char *, size_t);
-
-    size_t pmslen;                      /*!<  premaster length        */
-
-    unsigned char randbytes[64];        /*!<  random bytes            */
-    unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
-                                        /*!<  premaster secret        */
-
-    int resume;                         /*!<  session resume indicator*/
-    int max_major_ver;                  /*!< max. major version client*/
-    int max_minor_ver;                  /*!< max. minor version client*/
-    int cli_exts;                       /*!< client extension presence*/
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    int new_session_ticket;             /*!< use NewSessionTicket?    */
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-    int extended_ms;                    /*!< use Extended Master Secret? */
-#endif
-};
-
-/*
- * This structure contains a full set of runtime transform parameters
- * either in negotiation or active.
- */
-struct mbedtls_ssl_transform
-{
-    /*
-     * Session specific crypto layer
-     */
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-                                        /*!<  Chosen cipersuite_info  */
-    unsigned int keylen;                /*!<  symmetric key length (bytes)  */
-    size_t minlen;                      /*!<  min. ciphertext length  */
-    size_t ivlen;                       /*!<  IV length               */
-    size_t fixed_ivlen;                 /*!<  Fixed part of IV (AEAD) */
-    size_t maclen;                      /*!<  MAC length              */
-
-    unsigned char iv_enc[16];           /*!<  IV (encryption)         */
-    unsigned char iv_dec[16];           /*!<  IV (decryption)         */
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-    /* Needed only for SSL v3.0 secret */
-    unsigned char mac_enc[20];          /*!<  SSL v3.0 secret (enc)   */
-    unsigned char mac_dec[20];          /*!<  SSL v3.0 secret (dec)   */
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-
-    mbedtls_md_context_t md_ctx_enc;            /*!<  MAC (encryption)        */
-    mbedtls_md_context_t md_ctx_dec;            /*!<  MAC (decryption)        */
-
-    mbedtls_cipher_context_t cipher_ctx_enc;    /*!<  encryption context      */
-    mbedtls_cipher_context_t cipher_ctx_dec;    /*!<  decryption context      */
-
-    /*
-     * Session specific compression layer
-     */
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    z_stream ctx_deflate;               /*!<  compression context     */
-    z_stream ctx_inflate;               /*!<  decompression context   */
-#endif
-};
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/*
- * List of certificate + private key pairs
- */
-struct mbedtls_ssl_key_cert
-{
-    mbedtls_x509_crt *cert;                 /*!< cert                       */
-    mbedtls_pk_context *key;                /*!< private key                */
-    mbedtls_ssl_key_cert *next;             /*!< next key/cert pair         */
-};
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-/*
- * List of handshake messages kept around for resending
- */
-struct mbedtls_ssl_flight_item
-{
-    unsigned char *p;       /*!< message, including handshake headers   */
-    size_t len;             /*!< length of p                            */
-    unsigned char type;     /*!< type of the message: handshake or CCS  */
-    mbedtls_ssl_flight_item *next;  /*!< next handshake message(s)              */
-};
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-
-/* Find an entry in a signature-hash set matching a given hash algorithm. */
-mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
-                                                 mbedtls_pk_type_t sig_alg );
-/* Add a signature-hash-pair to a signature-hash set */
-void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
-                                   mbedtls_pk_type_t sig_alg,
-                                   mbedtls_md_type_t md_alg );
-/* Allow exactly one hash algorithm for each signature. */
-void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
-                                          mbedtls_md_type_t md_alg );
-
-/* Setup an empty signature-hash set */
-static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set )
-{
-    mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE );
-}
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
-          MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
-
-/**
- * \brief           Free referenced items in an SSL transform context and clear
- *                  memory
- *
- * \param transform SSL transform context
- */
-void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
-
-/**
- * \brief           Free referenced items in an SSL handshake context and clear
- *                  memory
- *
- * \param handshake SSL handshake context
- */
-void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake );
-
-int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
-
-int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
-
-void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
-
-int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
-
-/**
- * \brief       Update record layer
- *
- *              This function roughly separates the implementation
- *              of the logic of (D)TLS from the implementation
- *              of the secure transport.
- *
- * \param  ssl  SSL context to use
- *
- * \return      0 or non-zero error code.
- *
- * \note        A clarification on what is called 'record layer' here
- *              is in order, as many sensible definitions are possible:
- *
- *              The record layer takes as input an untrusted underlying
- *              transport (stream or datagram) and transforms it into
- *              a serially multiplexed, secure transport, which
- *              conceptually provides the following:
- *
- *              (1) Three datagram based, content-agnostic transports
- *                  for handshake, alert and CCS messages.
- *              (2) One stream- or datagram-based transport
- *                  for application data.
- *              (3) Functionality for changing the underlying transform
- *                  securing the contents.
- *
- *              The interface to this functionality is given as follows:
- *
- *              a Updating
- *                [Currently implemented by mbedtls_ssl_read_record]
- *
- *                Check if and on which of the four 'ports' data is pending:
- *                Nothing, a controlling datagram of type (1), or application
- *                data (2). In any case data is present, internal buffers
- *                provide access to the data for the user to process it.
- *                Consumption of type (1) datagrams is done automatically
- *                on the next update, invalidating that the internal buffers
- *                for previous datagrams, while consumption of application
- *                data (2) is user-controlled.
- *
- *              b Reading of application data
- *                [Currently manual adaption of ssl->in_offt pointer]
- *
- *                As mentioned in the last paragraph, consumption of data
- *                is different from the automatic consumption of control
- *                datagrams (1) because application data is treated as a stream.
- *
- *              c Tracking availability of application data
- *                [Currently manually through decreasing ssl->in_msglen]
- *
- *                For efficiency and to retain datagram semantics for
- *                application data in case of DTLS, the record layer
- *                provides functionality for checking how much application
- *                data is still available in the internal buffer.
- *
- *              d Changing the transformation securing the communication.
- *
- *              Given an opaque implementation of the record layer in the
- *              above sense, it should be possible to implement the logic
- *              of (D)TLS on top of it without the need to know anything
- *              about the record layer's internals. This is done e.g.
- *              in all the handshake handling functions, and in the
- *              application data reading function mbedtls_ssl_read.
- *
- * \note        The above tries to give a conceptual picture of the
- *              record layer, but the current implementation deviates
- *              from it in some places. For example, our implementation of
- *              the update functionality through mbedtls_ssl_read_record
- *              discards datagrams depending on the current state, which
- *              wouldn't fall under the record layer's responsibility
- *              following the above definition.
- *
- */
-int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
-
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
-
-int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
-
-int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
-
-int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
-
-void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
-                            const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
-#endif
-
-#if defined(MBEDTLS_PK_C)
-unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
-unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type );
-mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
-#endif
-
-mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
-unsigned char mbedtls_ssl_hash_from_md_alg( int md );
-int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
-
-#if defined(MBEDTLS_ECP_C)
-int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
-                                mbedtls_md_type_t md );
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
-{
-    mbedtls_ssl_key_cert *key_cert;
-
-    if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
-        key_cert = ssl->handshake->key_cert;
-    else
-        key_cert = ssl->conf->key_cert;
-
-    return( key_cert == NULL ? NULL : key_cert->key );
-}
-
-static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
-{
-    mbedtls_ssl_key_cert *key_cert;
-
-    if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
-        key_cert = ssl->handshake->key_cert;
-    else
-        key_cert = ssl->conf->key_cert;
-
-    return( key_cert == NULL ? NULL : key_cert->cert );
-}
-
-/*
- * Check usage of a certificate wrt extensions:
- * keyUsage, extendedKeyUsage (later), and nSCertType (later).
- *
- * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
- * check a cert we received from them)!
- *
- * Return 0 if everything is OK, -1 if not.
- */
-int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
-                          const mbedtls_ssl_ciphersuite_t *ciphersuite,
-                          int cert_endpoint,
-                          uint32_t *flags );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-void mbedtls_ssl_write_version( int major, int minor, int transport,
-                        unsigned char ver[2] );
-void mbedtls_ssl_read_version( int *major, int *minor, int transport,
-                       const unsigned char ver[2] );
-
-static inline size_t mbedtls_ssl_hdr_len( const mbedtls_ssl_context *ssl )
-{
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        return( 13 );
-#else
-    ((void) ssl);
-#endif
-    return( 5 );
-}
-
-static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
-{
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        return( 12 );
-#else
-    ((void) ssl);
-#endif
-    return( 4 );
-}
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
-#endif
-
-/* Visible for testing purposes only */
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
-#endif
-
-/* constant-time buffer comparison */
-static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
-{
-    size_t i;
-    volatile const unsigned char *A = (volatile const unsigned char *) a;
-    volatile const unsigned char *B = (volatile const unsigned char *) b;
-    volatile unsigned char diff = 0;
-
-    for( i = 0; i < n; i++ )
-        diff |= A[i] ^ B[i];
-
-    return( diff );
-}
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
-                                        unsigned char *output,
-                                        unsigned char *data, size_t data_len );
-#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
-          MBEDTLS_SSL_PROTO_TLS1_1 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
-int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
-                                        unsigned char *output,
-                                        unsigned char *data, size_t data_len,
-                                        mbedtls_md_type_t md_alg );
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
-          MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ssl_internal.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h
deleted file mode 100644
index 93ad46ac..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/ssl_ticket.h
+++ /dev/null
@@ -1,136 +0,0 @@
-/**
- * \file ssl_ticket.h
- *
- * \brief TLS server ticket callbacks implementation
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_SSL_TICKET_H
-#define MBEDTLS_SSL_TICKET_H
-
-/*
- * This implementation of the session ticket callbacks includes key
- * management, rotating the keys periodically in order to preserve forward
- * secrecy, when MBEDTLS_HAVE_TIME is defined.
- */
-
-#include "ssl.h"
-#include "cipher.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "threading.h"
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief   Information for session ticket protection
- */
-typedef struct
-{
-    unsigned char name[4];          /*!< random key identifier              */
-    uint32_t generation_time;       /*!< key generation timestamp (seconds) */
-    mbedtls_cipher_context_t ctx;   /*!< context for auth enc/decryption    */
-}
-mbedtls_ssl_ticket_key;
-
-/**
- * \brief   Context for session ticket handling functions
- */
-typedef struct
-{
-    mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys             */
-    unsigned char active;           /*!< index of the currently active key  */
-
-    uint32_t ticket_lifetime;       /*!< lifetime of tickets in seconds     */
-
-    /** Callback for getting (pseudo-)random numbers                        */
-    int  (*f_rng)(void *, unsigned char *, size_t);
-    void *p_rng;                    /*!< context for the RNG function       */
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_threading_mutex_t mutex;
-#endif
-}
-mbedtls_ssl_ticket_context;
-
-/**
- * \brief           Initialize a ticket context.
- *                  (Just make it ready for mbedtls_ssl_ticket_setup()
- *                  or mbedtls_ssl_ticket_free().)
- *
- * \param ctx       Context to be initialized
- */
-void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
-
-/**
- * \brief           Prepare context to be actually used
- *
- * \param ctx       Context to be set up
- * \param f_rng     RNG callback function
- * \param p_rng     RNG callback context
- * \param cipher    AEAD cipher to use for ticket protection.
- *                  Recommended value: MBEDTLS_CIPHER_AES_256_GCM.
- * \param lifetime  Tickets lifetime in seconds
- *                  Recommended value: 86400 (one day).
- *
- * \note            It is highly recommended to select a cipher that is at
- *                  least as strong as the the strongest ciphersuite
- *                  supported. Usually that means a 256-bit key.
- *
- * \note            The lifetime of the keys is twice the lifetime of tickets.
- *                  It is recommended to pick a reasonnable lifetime so as not
- *                  to negate the benefits of forward secrecy.
- *
- * \return          0 if successful,
- *                  or a specific MBEDTLS_ERR_XXX error code
- */
-int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
-    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-    mbedtls_cipher_type_t cipher,
-    uint32_t lifetime );
-
-/**
- * \brief           Implementation of the ticket write callback
- *
- * \note            See \c mbedlts_ssl_ticket_write_t for description
- */
-mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;
-
-/**
- * \brief           Implementation of the ticket parse callback
- *
- * \note            See \c mbedlts_ssl_ticket_parse_t for description
- */
-mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;
-
-/**
- * \brief           Free a context's content and zeroize it.
- *
- * \param ctx       Context to be cleaned up
- */
-void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ssl_ticket.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/threading.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/threading.h
deleted file mode 100644
index 58e6db2f..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/threading.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/**
- * \file threading.h
- *
- * \brief Threading abstraction layer
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_THREADING_H
-#define MBEDTLS_THREADING_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stdlib.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE         -0x001A  /**< The selected feature is not available. */
-#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA              -0x001C  /**< Bad input parameters to function. */
-#define MBEDTLS_ERR_THREADING_MUTEX_ERROR                 -0x001E  /**< Locking / unlocking / free failed with error code. */
-
-#if defined(MBEDTLS_THREADING_PTHREAD)
-#include <pthread.h>
-typedef struct
-{
-    pthread_mutex_t mutex;
-    char is_valid;
-} mbedtls_threading_mutex_t;
-#endif
-
-#if defined(MBEDTLS_THREADING_ALT)
-/* You should define the mbedtls_threading_mutex_t type in your header */
-#include "threading_alt.h"
-
-/**
- * \brief           Set your alternate threading implementation function
- *                  pointers and initialize global mutexes. If used, this
- *                  function must be called once in the main thread before any
- *                  other mbed TLS function is called, and
- *                  mbedtls_threading_free_alt() must be called once in the main
- *                  thread after all other mbed TLS functions.
- *
- * \note            mutex_init() and mutex_free() don't return a status code.
- *                  If mutex_init() fails, it should leave its argument (the
- *                  mutex) in a state such that mutex_lock() will fail when
- *                  called with this argument.
- *
- * \param mutex_init    the init function implementation
- * \param mutex_free    the free function implementation
- * \param mutex_lock    the lock function implementation
- * \param mutex_unlock  the unlock function implementation
- */
-void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
-                       void (*mutex_free)( mbedtls_threading_mutex_t * ),
-                       int (*mutex_lock)( mbedtls_threading_mutex_t * ),
-                       int (*mutex_unlock)( mbedtls_threading_mutex_t * ) );
-
-/**
- * \brief               Free global mutexes.
- */
-void mbedtls_threading_free_alt( void );
-#endif /* MBEDTLS_THREADING_ALT */
-
-#if defined(MBEDTLS_THREADING_C)
-/*
- * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock
- *
- * All these functions are expected to work or the result will be undefined.
- */
-extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex );
-extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex );
-extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex );
-extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
-
-/*
- * Global mutexes
- */
-extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
-extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
-#endif /* MBEDTLS_THREADING_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* threading.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/timing.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/timing.h
deleted file mode 100644
index 2c497bf4..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/timing.h
+++ /dev/null
@@ -1,161 +0,0 @@
-/**
- * \file timing.h
- *
- * \brief Portable interface to timeouts and to the CPU cycle counter
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_TIMING_H
-#define MBEDTLS_TIMING_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if !defined(MBEDTLS_TIMING_ALT)
-// Regular implementation
-//
-
-#include <stdint.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          timer structure
- */
-struct mbedtls_timing_hr_time
-{
-    unsigned char opaque[32];
-};
-
-/**
- * \brief          Context for mbedtls_timing_set/get_delay()
- */
-typedef struct
-{
-    struct mbedtls_timing_hr_time   timer;
-    uint32_t                        int_ms;
-    uint32_t                        fin_ms;
-} mbedtls_timing_delay_context;
-
-extern volatile int mbedtls_timing_alarmed;
-
-/**
- * \brief          Return the CPU cycle counter value
- *
- * \warning        This is only a best effort! Do not rely on this!
- *                 In particular, it is known to be unreliable on virtual
- *                 machines.
- *
- * \note           This value starts at an unspecified origin and
- *                 may wrap around.
- */
-unsigned long mbedtls_timing_hardclock( void );
-
-/**
- * \brief          Return the elapsed time in milliseconds
- *
- * \param val      points to a timer structure
- * \param reset    If 0, query the elapsed time. Otherwise (re)start the timer.
- *
- * \return         Elapsed time since the previous reset in ms. When
- *                 restarting, this is always 0.
- *
- * \note           To initialize a timer, call this function with reset=1.
- *
- *                 Determining the elapsed time and resetting the timer is not
- *                 atomic on all platforms, so after the sequence
- *                 `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 =
- *                 get_timer(0) }` the value time1+time2 is only approximately
- *                 the delay since the first reset.
- */
-unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset );
-
-/**
- * \brief          Setup an alarm clock
- *
- * \param seconds  delay before the "mbedtls_timing_alarmed" flag is set
- *                 (must be >=0)
- *
- * \warning        Only one alarm at a time  is supported. In a threaded
- *                 context, this means one for the whole process, not one per
- *                 thread.
- */
-void mbedtls_set_alarm( int seconds );
-
-/**
- * \brief          Set a pair of delays to watch
- *                 (See \c mbedtls_timing_get_delay().)
- *
- * \param data     Pointer to timing data.
- *                 Must point to a valid \c mbedtls_timing_delay_context struct.
- * \param int_ms   First (intermediate) delay in milliseconds.
- *                 The effect if int_ms > fin_ms is unspecified.
- * \param fin_ms   Second (final) delay in milliseconds.
- *                 Pass 0 to cancel the current delay.
- *
- * \note           To set a single delay, either use \c mbedtls_timing_set_timer
- *                 directly or use this function with int_ms == fin_ms.
- */
-void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
-
-/**
- * \brief          Get the status of delays
- *                 (Memory helper: number of delays passed.)
- *
- * \param data     Pointer to timing data
- *                 Must point to a valid \c mbedtls_timing_delay_context struct.
- *
- * \return         -1 if cancelled (fin_ms = 0),
- *                  0 if none of the delays are passed,
- *                  1 if only the intermediate delay is passed,
- *                  2 if the final delay is passed.
- */
-int mbedtls_timing_get_delay( void *data );
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_TIMING_ALT */
-#include "timing_alt.h"
-#endif /* MBEDTLS_TIMING_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if a test failed
- */
-int mbedtls_timing_self_test( int verbose );
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* timing.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/version.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/version.h
deleted file mode 100644
index c3ee649f..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/version.h
+++ /dev/null
@@ -1,112 +0,0 @@
-/**
- * \file version.h
- *
- * \brief Run-time version information
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- * This set of compile-time defines and run-time variables can be used to
- * determine the version number of the mbed TLS library used.
- */
-#ifndef MBEDTLS_VERSION_H
-#define MBEDTLS_VERSION_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-/**
- * The version number x.y.z is split into three parts.
- * Major, Minor, Patchlevel
- */
-#define MBEDTLS_VERSION_MAJOR  2
-#define MBEDTLS_VERSION_MINOR  8
-#define MBEDTLS_VERSION_PATCH  0
-
-/**
- * The single version number has the following structure:
- *    MMNNPP00
- *    Major version | Minor version | Patch version
- */
-#define MBEDTLS_VERSION_NUMBER         0x02080000
-#define MBEDTLS_VERSION_STRING         "2.8.0"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.8.0"
-
-#if defined(MBEDTLS_VERSION_C)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Get the version number.
- *
- * \return          The constructed version number in the format
- *                  MMNNPP00 (Major, Minor, Patch).
- */
-unsigned int mbedtls_version_get_number( void );
-
-/**
- * Get the version string ("x.y.z").
- *
- * \param string    The string that will receive the value.
- *                  (Should be at least 9 bytes in size)
- */
-void mbedtls_version_get_string( char *string );
-
-/**
- * Get the full version string ("mbed TLS x.y.z").
- *
- * \param string    The string that will receive the value. The mbed TLS version
- *                  string will use 18 bytes AT MOST including a terminating
- *                  null byte.
- *                  (So the buffer should be at least 18 bytes to receive this
- *                  version string).
- */
-void mbedtls_version_get_string_full( char *string );
-
-/**
- * \brief           Check if support for a feature was compiled into this
- *                  mbed TLS binary. This allows you to see at runtime if the
- *                  library was for instance compiled with or without
- *                  Multi-threading support.
- *
- * \note            only checks against defines in the sections "System
- *                  support", "mbed TLS modules" and "mbed TLS feature
- *                  support" in config.h
- *
- * \param feature   The string for the define to check (e.g. "MBEDTLS_AES_C")
- *
- * \return          0 if the feature is present,
- *                  -1 if the feature is not present and
- *                  -2 if support for feature checking as a whole was not
- *                  compiled in.
- */
-int mbedtls_version_check_feature( const char *feature );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_VERSION_C */
-
-#endif /* version.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/x509.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/x509.h
deleted file mode 100644
index d6db9c6e..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/x509.h
+++ /dev/null
@@ -1,333 +0,0 @@
-/**
- * \file x509.h
- *
- * \brief X.509 generic defines and structures
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_X509_H
-#define MBEDTLS_X509_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "asn1.h"
-#include "pk.h"
-
-#if defined(MBEDTLS_RSA_C)
-#include "rsa.h"
-#endif
-
-/**
- * \addtogroup x509_module
- * \{
- */
-
-#if !defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA)
-/**
- * Maximum number of intermediate CAs in a verification chain.
- * That is, maximum length of the chain, excluding the end-entity certificate
- * and the trusted root certificate.
- *
- * Set this to a low value to prevent an adversary from making you waste
- * resources verifying an overlong certificate chain.
- */
-#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8
-#endif
-
-/**
- * \name X509 Error codes
- * \{
- */
-#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE              -0x2080  /**< Unavailable feature, e.g. RSA hashing/encryption combination. */
-#define MBEDTLS_ERR_X509_UNKNOWN_OID                      -0x2100  /**< Requested OID is unknown. */
-#define MBEDTLS_ERR_X509_INVALID_FORMAT                   -0x2180  /**< The CRT/CRL/CSR format is invalid, e.g. different type expected. */
-#define MBEDTLS_ERR_X509_INVALID_VERSION                  -0x2200  /**< The CRT/CRL/CSR version element is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_SERIAL                   -0x2280  /**< The serial tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_ALG                      -0x2300  /**< The algorithm tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_NAME                     -0x2380  /**< The name tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_DATE                     -0x2400  /**< The date tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_SIGNATURE                -0x2480  /**< The signature tag or value invalid. */
-#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS               -0x2500  /**< The extension tag or value is invalid. */
-#define MBEDTLS_ERR_X509_UNKNOWN_VERSION                  -0x2580  /**< CRT/CRL/CSR has an unsupported version number. */
-#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG                  -0x2600  /**< Signature algorithm (oid) is unsupported. */
-#define MBEDTLS_ERR_X509_SIG_MISMATCH                     -0x2680  /**< Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */
-#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED               -0x2700  /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
-#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT              -0x2780  /**< Format not recognized as DER or PEM. */
-#define MBEDTLS_ERR_X509_BAD_INPUT_DATA                   -0x2800  /**< Input invalid. */
-#define MBEDTLS_ERR_X509_ALLOC_FAILED                     -0x2880  /**< Allocation of memory failed. */
-#define MBEDTLS_ERR_X509_FILE_IO_ERROR                    -0x2900  /**< Read/write of file failed. */
-#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL                 -0x2980  /**< Destination buffer is too small. */
-#define MBEDTLS_ERR_X509_FATAL_ERROR                      -0x3000  /**< A fatal error occured, eg the chain is too long or the vrfy callback failed. */
-/* \} name */
-
-/**
- * \name X509 Verify codes
- * \{
- */
-/* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */
-#define MBEDTLS_X509_BADCERT_EXPIRED             0x01  /**< The certificate validity has expired. */
-#define MBEDTLS_X509_BADCERT_REVOKED             0x02  /**< The certificate has been revoked (is on a CRL). */
-#define MBEDTLS_X509_BADCERT_CN_MISMATCH         0x04  /**< The certificate Common Name (CN) does not match with the expected CN. */
-#define MBEDTLS_X509_BADCERT_NOT_TRUSTED         0x08  /**< The certificate is not correctly signed by the trusted CA. */
-#define MBEDTLS_X509_BADCRL_NOT_TRUSTED          0x10  /**< The CRL is not correctly signed by the trusted CA. */
-#define MBEDTLS_X509_BADCRL_EXPIRED              0x20  /**< The CRL is expired. */
-#define MBEDTLS_X509_BADCERT_MISSING             0x40  /**< Certificate was missing. */
-#define MBEDTLS_X509_BADCERT_SKIP_VERIFY         0x80  /**< Certificate verification was skipped. */
-#define MBEDTLS_X509_BADCERT_OTHER             0x0100  /**< Other reason (can be used by verify callback) */
-#define MBEDTLS_X509_BADCERT_FUTURE            0x0200  /**< The certificate validity starts in the future. */
-#define MBEDTLS_X509_BADCRL_FUTURE             0x0400  /**< The CRL is from the future */
-#define MBEDTLS_X509_BADCERT_KEY_USAGE         0x0800  /**< Usage does not match the keyUsage extension. */
-#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE     0x1000  /**< Usage does not match the extendedKeyUsage extension. */
-#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE      0x2000  /**< Usage does not match the nsCertType extension. */
-#define MBEDTLS_X509_BADCERT_BAD_MD            0x4000  /**< The certificate is signed with an unacceptable hash. */
-#define MBEDTLS_X509_BADCERT_BAD_PK            0x8000  /**< The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
-#define MBEDTLS_X509_BADCERT_BAD_KEY         0x010000  /**< The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */
-#define MBEDTLS_X509_BADCRL_BAD_MD           0x020000  /**< The CRL is signed with an unacceptable hash. */
-#define MBEDTLS_X509_BADCRL_BAD_PK           0x040000  /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
-#define MBEDTLS_X509_BADCRL_BAD_KEY          0x080000  /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
-
-/* \} name */
-/* \} addtogroup x509_module */
-
-/*
- * X.509 v3 Key Usage Extension flags
- * Reminder: update x509_info_key_usage() when adding new flags.
- */
-#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE            (0x80)  /* bit 0 */
-#define MBEDTLS_X509_KU_NON_REPUDIATION              (0x40)  /* bit 1 */
-#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT             (0x20)  /* bit 2 */
-#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT            (0x10)  /* bit 3 */
-#define MBEDTLS_X509_KU_KEY_AGREEMENT                (0x08)  /* bit 4 */
-#define MBEDTLS_X509_KU_KEY_CERT_SIGN                (0x04)  /* bit 5 */
-#define MBEDTLS_X509_KU_CRL_SIGN                     (0x02)  /* bit 6 */
-#define MBEDTLS_X509_KU_ENCIPHER_ONLY                (0x01)  /* bit 7 */
-#define MBEDTLS_X509_KU_DECIPHER_ONLY              (0x8000)  /* bit 8 */
-
-/*
- * Netscape certificate types
- * (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html)
- */
-
-#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT         (0x80)  /* bit 0 */
-#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER         (0x40)  /* bit 1 */
-#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL              (0x20)  /* bit 2 */
-#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING     (0x10)  /* bit 3 */
-#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED           (0x08)  /* bit 4 */
-#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA             (0x04)  /* bit 5 */
-#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA           (0x02)  /* bit 6 */
-#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA  (0x01)  /* bit 7 */
-
-/*
- * X.509 extension types
- *
- * Comments refer to the status for using certificates. Status can be
- * different for writing certificates or reading CRLs or CSRs.
- */
-#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER    (1 << 0)
-#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER      (1 << 1)
-#define MBEDTLS_X509_EXT_KEY_USAGE                   (1 << 2)
-#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES        (1 << 3)
-#define MBEDTLS_X509_EXT_POLICY_MAPPINGS             (1 << 4)
-#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME            (1 << 5)    /* Supported (DNS) */
-#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME             (1 << 6)
-#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS     (1 << 7)
-#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS           (1 << 8)    /* Supported */
-#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS            (1 << 9)
-#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS          (1 << 10)
-#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE          (1 << 11)
-#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS     (1 << 12)
-#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY          (1 << 13)
-#define MBEDTLS_X509_EXT_FRESHEST_CRL                (1 << 14)
-
-#define MBEDTLS_X509_EXT_NS_CERT_TYPE                (1 << 16)
-
-/*
- * Storage format identifiers
- * Recognized formats: PEM and DER
- */
-#define MBEDTLS_X509_FORMAT_DER                 1
-#define MBEDTLS_X509_FORMAT_PEM                 2
-
-#define MBEDTLS_X509_MAX_DN_NAME_SIZE         256 /**< Maximum value size of a DN entry */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \addtogroup x509_module
- * \{ */
-
-/**
- * \name Structures for parsing X.509 certificates, CRLs and CSRs
- * \{
- */
-
-/**
- * Type-length-value structure that allows for ASN1 using DER.
- */
-typedef mbedtls_asn1_buf mbedtls_x509_buf;
-
-/**
- * Container for ASN1 bit strings.
- */
-typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring;
-
-/**
- * Container for ASN1 named information objects.
- * It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.).
- */
-typedef mbedtls_asn1_named_data mbedtls_x509_name;
-
-/**
- * Container for a sequence of ASN.1 items
- */
-typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
-
-/** Container for date and time (precision in seconds). */
-typedef struct mbedtls_x509_time
-{
-    int year, mon, day;         /**< Date. */
-    int hour, min, sec;         /**< Time. */
-}
-mbedtls_x509_time;
-
-/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
-/** \} addtogroup x509_module */
-
-/**
- * \brief          Store the certificate DN in printable form into buf;
- *                 no more than size characters will be written.
- *
- * \param buf      Buffer to write to
- * \param size     Maximum size of buffer
- * \param dn       The X509 name to represent
- *
- * \return         The length of the string written (not including the
- *                 terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn );
-
-/**
- * \brief          Store the certificate serial in printable form into buf;
- *                 no more than size characters will be written.
- *
- * \param buf      Buffer to write to
- * \param size     Maximum size of buffer
- * \param serial   The X509 serial to represent
- *
- * \return         The length of the string written (not including the
- *                 terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial );
-
-/**
- * \brief          Check a given mbedtls_x509_time against the system time
- *                 and tell if it's in the past.
- *
- * \note           Intended usage is "if( is_past( valid_to ) ) ERROR".
- *                 Hence the return value of 1 if on internal errors.
- *
- * \param to       mbedtls_x509_time to check
- *
- * \return         1 if the given time is in the past or an error occured,
- *                 0 otherwise.
- */
-int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
-
-/**
- * \brief          Check a given mbedtls_x509_time against the system time
- *                 and tell if it's in the future.
- *
- * \note           Intended usage is "if( is_future( valid_from ) ) ERROR".
- *                 Hence the return value of 1 if on internal errors.
- *
- * \param from     mbedtls_x509_time to check
- *
- * \return         1 if the given time is in the future or an error occured,
- *                 0 otherwise.
- */
-int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mbedtls_x509_self_test( int verbose );
-
-/*
- * Internal module functions. You probably do not want to use these unless you
- * know you do.
- */
-int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
-                   mbedtls_x509_name *cur );
-int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
-                       mbedtls_x509_buf *alg );
-int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
-                  mbedtls_x509_buf *alg, mbedtls_x509_buf *params );
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
-                                mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
-                                int *salt_len );
-#endif
-int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig );
-int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
-                      mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
-                      void **sig_opts );
-int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
-                   mbedtls_x509_time *t );
-int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
-                     mbedtls_x509_buf *serial );
-int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
-                  mbedtls_x509_buf *ext, int tag );
-int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
-                       mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
-                       const void *sig_opts );
-int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name );
-int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name );
-int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
-                        int critical, const unsigned char *val,
-                        size_t val_len );
-int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
-                           mbedtls_asn1_named_data *first );
-int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
-                      mbedtls_asn1_named_data *first );
-int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
-                    const char *oid, size_t oid_len,
-                    unsigned char *sig, size_t size );
-
-#define MBEDTLS_X509_SAFE_SNPRINTF                          \
-    do {                                                    \
-        if( ret < 0 || (size_t) ret >= n )                  \
-            return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );    \
-                                                            \
-        n -= (size_t) ret;                                  \
-        p += (size_t) ret;                                  \
-    } while( 0 )
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* x509.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/x509_crl.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/x509_crl.h
deleted file mode 100644
index 08a4283a..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/x509_crl.h
+++ /dev/null
@@ -1,174 +0,0 @@
-/**
- * \file x509_crl.h
- *
- * \brief X.509 certificate revocation list parsing
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_X509_CRL_H
-#define MBEDTLS_X509_CRL_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "x509.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \addtogroup x509_module
- * \{ */
-
-/**
- * \name Structures and functions for parsing CRLs
- * \{
- */
-
-/**
- * Certificate revocation list entry.
- * Contains the CA-specific serial numbers and revocation dates.
- */
-typedef struct mbedtls_x509_crl_entry
-{
-    mbedtls_x509_buf raw;
-
-    mbedtls_x509_buf serial;
-
-    mbedtls_x509_time revocation_date;
-
-    mbedtls_x509_buf entry_ext;
-
-    struct mbedtls_x509_crl_entry *next;
-}
-mbedtls_x509_crl_entry;
-
-/**
- * Certificate revocation list structure.
- * Every CRL may have multiple entries.
- */
-typedef struct mbedtls_x509_crl
-{
-    mbedtls_x509_buf raw;           /**< The raw certificate data (DER). */
-    mbedtls_x509_buf tbs;           /**< The raw certificate body (DER). The part that is To Be Signed. */
-
-    int version;            /**< CRL version (1=v1, 2=v2) */
-    mbedtls_x509_buf sig_oid;       /**< CRL signature type identifier */
-
-    mbedtls_x509_buf issuer_raw;    /**< The raw issuer data (DER). */
-
-    mbedtls_x509_name issuer;       /**< The parsed issuer data (named information object). */
-
-    mbedtls_x509_time this_update;
-    mbedtls_x509_time next_update;
-
-    mbedtls_x509_crl_entry entry;   /**< The CRL entries containing the certificate revocation times for this CA. */
-
-    mbedtls_x509_buf crl_ext;
-
-    mbedtls_x509_buf sig_oid2;
-    mbedtls_x509_buf sig;
-    mbedtls_md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
-    mbedtls_pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
-    void *sig_opts;             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
-
-    struct mbedtls_x509_crl *next;
-}
-mbedtls_x509_crl;
-
-/**
- * \brief          Parse a DER-encoded CRL and append it to the chained list
- *
- * \param chain    points to the start of the chain
- * \param buf      buffer holding the CRL data in DER format
- * \param buflen   size of the buffer
- *                 (including the terminating null byte for PEM data)
- *
- * \return         0 if successful, or a specific X509 or PEM error code
- */
-int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
-                        const unsigned char *buf, size_t buflen );
-/**
- * \brief          Parse one or more CRLs and append them to the chained list
- *
- * \note           Mutliple CRLs are accepted only if using PEM format
- *
- * \param chain    points to the start of the chain
- * \param buf      buffer holding the CRL data in PEM or DER format
- * \param buflen   size of the buffer
- *                 (including the terminating null byte for PEM data)
- *
- * \return         0 if successful, or a specific X509 or PEM error code
- */
-int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief          Load one or more CRLs and append them to the chained list
- *
- * \note           Mutliple CRLs are accepted only if using PEM format
- *
- * \param chain    points to the start of the chain
- * \param path     filename to read the CRLs from (in PEM or DER encoding)
- *
- * \return         0 if successful, or a specific X509 or PEM error code
- */
-int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief          Returns an informational string about the CRL.
- *
- * \param buf      Buffer to write to
- * \param size     Maximum size of buffer
- * \param prefix   A line prefix
- * \param crl      The X509 CRL to represent
- *
- * \return         The length of the string written (not including the
- *                 terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
-                   const mbedtls_x509_crl *crl );
-
-/**
- * \brief          Initialize a CRL (chain)
- *
- * \param crl      CRL chain to initialize
- */
-void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
-
-/**
- * \brief          Unallocate all CRL data
- *
- * \param crl      CRL chain to free
- */
-void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
-
-/* \} name */
-/* \} addtogroup x509_module */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_x509_crl.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/x509_crt.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/x509_crt.h
deleted file mode 100644
index 2dbb7ec9..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/x509_crt.h
+++ /dev/null
@@ -1,663 +0,0 @@
-/**
- * \file x509_crt.h
- *
- * \brief X.509 certificate parsing and writing
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_X509_CRT_H
-#define MBEDTLS_X509_CRT_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "x509.h"
-#include "x509_crl.h"
-
-/**
- * \addtogroup x509_module
- * \{
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name Structures and functions for parsing and writing X.509 certificates
- * \{
- */
-
-/**
- * Container for an X.509 certificate. The certificate may be chained.
- */
-typedef struct mbedtls_x509_crt
-{
-    mbedtls_x509_buf raw;               /**< The raw certificate data (DER). */
-    mbedtls_x509_buf tbs;               /**< The raw certificate body (DER). The part that is To Be Signed. */
-
-    int version;                /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
-    mbedtls_x509_buf serial;            /**< Unique id for certificate issued by a specific CA. */
-    mbedtls_x509_buf sig_oid;           /**< Signature algorithm, e.g. sha1RSA */
-
-    mbedtls_x509_buf issuer_raw;        /**< The raw issuer data (DER). Used for quick comparison. */
-    mbedtls_x509_buf subject_raw;       /**< The raw subject data (DER). Used for quick comparison. */
-
-    mbedtls_x509_name issuer;           /**< The parsed issuer data (named information object). */
-    mbedtls_x509_name subject;          /**< The parsed subject data (named information object). */
-
-    mbedtls_x509_time valid_from;       /**< Start time of certificate validity. */
-    mbedtls_x509_time valid_to;         /**< End time of certificate validity. */
-
-    mbedtls_pk_context pk;              /**< Container for the public key context. */
-
-    mbedtls_x509_buf issuer_id;         /**< Optional X.509 v2/v3 issuer unique identifier. */
-    mbedtls_x509_buf subject_id;        /**< Optional X.509 v2/v3 subject unique identifier. */
-    mbedtls_x509_buf v3_ext;            /**< Optional X.509 v3 extensions.  */
-    mbedtls_x509_sequence subject_alt_names;    /**< Optional list of Subject Alternative Names (Only dNSName supported). */
-
-    int ext_types;              /**< Bit string containing detected and parsed extensions */
-    int ca_istrue;              /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
-    int max_pathlen;            /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
-
-    unsigned int key_usage;     /**< Optional key usage extension value: See the values in x509.h */
-
-    mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
-
-    unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
-
-    mbedtls_x509_buf sig;               /**< Signature: hash of the tbs part signed with the private key. */
-    mbedtls_md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
-    mbedtls_pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
-    void *sig_opts;             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
-
-    struct mbedtls_x509_crt *next;     /**< Next certificate in the CA-chain. */
-}
-mbedtls_x509_crt;
-
-/**
- * Build flag from an algorithm/curve identifier (pk, md, ecp)
- * Since 0 is always XXX_NONE, ignore it.
- */
-#define MBEDTLS_X509_ID_FLAG( id )   ( 1 << ( id - 1 ) )
-
-/**
- * Security profile for certificate verification.
- *
- * All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
- */
-typedef struct
-{
-    uint32_t allowed_mds;       /**< MDs for signatures         */
-    uint32_t allowed_pks;       /**< PK algs for signatures     */
-    uint32_t allowed_curves;    /**< Elliptic curves for ECDSA  */
-    uint32_t rsa_min_bitlen;    /**< Minimum size for RSA keys  */
-}
-mbedtls_x509_crt_profile;
-
-#define MBEDTLS_X509_CRT_VERSION_1              0
-#define MBEDTLS_X509_CRT_VERSION_2              1
-#define MBEDTLS_X509_CRT_VERSION_3              2
-
-#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
-#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN   15
-
-#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
-#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
-#endif
-
-/**
- * Container for writing a certificate (CRT)
- */
-typedef struct mbedtls_x509write_cert
-{
-    int version;
-    mbedtls_mpi serial;
-    mbedtls_pk_context *subject_key;
-    mbedtls_pk_context *issuer_key;
-    mbedtls_asn1_named_data *subject;
-    mbedtls_asn1_named_data *issuer;
-    mbedtls_md_type_t md_alg;
-    char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
-    char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
-    mbedtls_asn1_named_data *extensions;
-}
-mbedtls_x509write_cert;
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * Default security profile. Should provide a good balance between security
- * and compatibility with current deployments.
- */
-extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
-
-/**
- * Expected next default profile. Recommended for new deployments.
- * Currently targets a 128-bit security level, except for RSA-2048.
- */
-extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
-
-/**
- * NSA Suite B profile.
- */
-extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
-
-/**
- * \brief          Parse a single DER formatted certificate and add it
- *                 to the chained list.
- *
- * \param chain    points to the start of the chain
- * \param buf      buffer holding the certificate DER data
- * \param buflen   size of the buffer
- *
- * \return         0 if successful, or a specific X509 or PEM error code
- */
-int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
-                        size_t buflen );
-
-/**
- * \brief          Parse one or more certificates and add them
- *                 to the chained list. Parses permissively. If some
- *                 certificates can be parsed, the result is the number
- *                 of failed certificates it encountered. If none complete
- *                 correctly, the first error is returned.
- *
- * \param chain    points to the start of the chain
- * \param buf      buffer holding the certificate data in PEM or DER format
- * \param buflen   size of the buffer
- *                 (including the terminating null byte for PEM data)
- *
- * \return         0 if all certificates parsed successfully, a positive number
- *                 if partly successful or a specific X509 or PEM error code
- */
-int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief          Load one or more certificates and add them
- *                 to the chained list. Parses permissively. If some
- *                 certificates can be parsed, the result is the number
- *                 of failed certificates it encountered. If none complete
- *                 correctly, the first error is returned.
- *
- * \param chain    points to the start of the chain
- * \param path     filename to read the certificates from
- *
- * \return         0 if all certificates parsed successfully, a positive number
- *                 if partly successful or a specific X509 or PEM error code
- */
-int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
-
-/**
- * \brief          Load one or more certificate files from a path and add them
- *                 to the chained list. Parses permissively. If some
- *                 certificates can be parsed, the result is the number
- *                 of failed certificates it encountered. If none complete
- *                 correctly, the first error is returned.
- *
- * \param chain    points to the start of the chain
- * \param path     directory / folder to read the certificate files from
- *
- * \return         0 if all certificates parsed successfully, a positive number
- *                 if partly successful or a specific X509 or PEM error code
- */
-int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief          Returns an informational string about the
- *                 certificate.
- *
- * \param buf      Buffer to write to
- * \param size     Maximum size of buffer
- * \param prefix   A line prefix
- * \param crt      The X509 certificate to represent
- *
- * \return         The length of the string written (not including the
- *                 terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
-                   const mbedtls_x509_crt *crt );
-
-/**
- * \brief          Returns an informational string about the
- *                 verification status of a certificate.
- *
- * \param buf      Buffer to write to
- * \param size     Maximum size of buffer
- * \param prefix   A line prefix
- * \param flags    Verification flags created by mbedtls_x509_crt_verify()
- *
- * \return         The length of the string written (not including the
- *                 terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
-                          uint32_t flags );
-
-/**
- * \brief          Verify the certificate signature
- *
- *                 The verify callback is a user-supplied callback that
- *                 can clear / modify / add flags for a certificate. If set,
- *                 the verification callback is called for each
- *                 certificate in the chain (from the trust-ca down to the
- *                 presented crt). The parameters for the callback are:
- *                 (void *parameter, mbedtls_x509_crt *crt, int certificate_depth,
- *                 int *flags). With the flags representing current flags for
- *                 that specific certificate and the certificate depth from
- *                 the bottom (Peer cert depth = 0).
- *
- *                 All flags left after returning from the callback
- *                 are also returned to the application. The function should
- *                 return 0 for anything (including invalid certificates)
- *                 other than fatal error, as a non-zero return code
- *                 immediately aborts the verification process. For fatal
- *                 errors, a specific error code should be used (different
- *                 from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not
- *                 be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR
- *                 can be used if no better code is available.
- *
- * \note           In case verification failed, the results can be displayed
- *                 using \c mbedtls_x509_crt_verify_info()
- *
- * \note           Same as \c mbedtls_x509_crt_verify_with_profile() with the
- *                 default security profile.
- *
- * \note           It is your responsibility to provide up-to-date CRLs for
- *                 all trusted CAs. If no CRL is provided for the CA that was
- *                 used to sign the certificate, CRL verification is skipped
- *                 silently, that is *without* setting any flag.
- *
- * \param crt      a certificate (chain) to be verified
- * \param trust_ca the list of trusted CAs
- * \param ca_crl   the list of CRLs for trusted CAs (see note above)
- * \param cn       expected Common Name (can be set to
- *                 NULL if the CN must not be verified)
- * \param flags    result of the verification
- * \param f_vrfy   verification function
- * \param p_vrfy   verification parameter
- *
- * \return         0 (and flags set to 0) if the chain was verified and valid,
- *                 MBEDTLS_ERR_X509_CERT_VERIFY_FAILED if the chain was verified
- *                 but found to be invalid, in which case *flags will have one
- *                 or more MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX
- *                 flags set, or another error (and flags set to 0xffffffff)
- *                 in case of a fatal error encountered during the
- *                 verification process.
- */
-int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt *trust_ca,
-                     mbedtls_x509_crl *ca_crl,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy );
-
-/**
- * \brief          Verify the certificate signature according to profile
- *
- * \note           Same as \c mbedtls_x509_crt_verify(), but with explicit
- *                 security profile.
- *
- * \note           The restrictions on keys (RSA minimum size, allowed curves
- *                 for ECDSA) apply to all certificates: trusted root,
- *                 intermediate CAs if any, and end entity certificate.
- *
- * \param crt      a certificate (chain) to be verified
- * \param trust_ca the list of trusted CAs
- * \param ca_crl   the list of CRLs for trusted CAs
- * \param profile  security profile for verification
- * \param cn       expected Common Name (can be set to
- *                 NULL if the CN must not be verified)
- * \param flags    result of the verification
- * \param f_vrfy   verification function
- * \param p_vrfy   verification parameter
- *
- * \return         0 if successful or MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
- *                 in which case *flags will have one or more
- *                 MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags
- *                 set,
- *                 or another error in case of a fatal error encountered
- *                 during the verification process.
- */
-int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt *trust_ca,
-                     mbedtls_x509_crl *ca_crl,
-                     const mbedtls_x509_crt_profile *profile,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy );
-
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
-/**
- * \brief          Check usage of certificate against keyUsage extension.
- *
- * \param crt      Leaf certificate used.
- * \param usage    Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT
- *                 before using the certificate to perform an RSA key
- *                 exchange).
- *
- * \note           Except for decipherOnly and encipherOnly, a bit set in the
- *                 usage argument means this bit MUST be set in the
- *                 certificate. For decipherOnly and encipherOnly, it means
- *                 that bit MAY be set.
- *
- * \return         0 is these uses of the certificate are allowed,
- *                 MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension
- *                 is present but does not match the usage argument.
- *
- * \note           You should only call this function on leaf certificates, on
- *                 (intermediate) CAs the keyUsage extension is automatically
- *                 checked by \c mbedtls_x509_crt_verify().
- */
-int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
-                                      unsigned int usage );
-#endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */
-
-#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
-/**
- * \brief           Check usage of certificate against extendedKeyUsage.
- *
- * \param crt       Leaf certificate used.
- * \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or
- *                  MBEDTLS_OID_CLIENT_AUTH).
- * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).
- *
- * \return          0 if this use of the certificate is allowed,
- *                  MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
- *
- * \note            Usually only makes sense on leaf certificates.
- */
-int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
-                                               const char *usage_oid,
-                                               size_t usage_len );
-#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
-
-#if defined(MBEDTLS_X509_CRL_PARSE_C)
-/**
- * \brief          Verify the certificate revocation status
- *
- * \param crt      a certificate to be verified
- * \param crl      the CRL to verify against
- *
- * \return         1 if the certificate is revoked, 0 otherwise
- *
- */
-int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
-#endif /* MBEDTLS_X509_CRL_PARSE_C */
-
-/**
- * \brief          Initialize a certificate (chain)
- *
- * \param crt      Certificate chain to initialize
- */
-void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
-
-/**
- * \brief          Unallocate all certificate data
- *
- * \param crt      Certificate chain to free
- */
-void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-/* \} name */
-/* \} addtogroup x509_module */
-
-#if defined(MBEDTLS_X509_CRT_WRITE_C)
-/**
- * \brief           Initialize a CRT writing context
- *
- * \param ctx       CRT context to initialize
- */
-void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
-
-/**
- * \brief           Set the verion for a Certificate
- *                  Default: MBEDTLS_X509_CRT_VERSION_3
- *
- * \param ctx       CRT context to use
- * \param version   version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or
- *                                  MBEDTLS_X509_CRT_VERSION_3)
- */
-void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
-
-/**
- * \brief           Set the serial number for a Certificate.
- *
- * \param ctx       CRT context to use
- * \param serial    serial number to set
- *
- * \return          0 if successful
- */
-int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
-
-/**
- * \brief           Set the validity period for a Certificate
- *                  Timestamps should be in string format for UTC timezone
- *                  i.e. "YYYYMMDDhhmmss"
- *                  e.g. "20131231235959" for December 31st 2013
- *                       at 23:59:59
- *
- * \param ctx       CRT context to use
- * \param not_before    not_before timestamp
- * \param not_after     not_after timestamp
- *
- * \return          0 if timestamp was parsed successfully, or
- *                  a specific error code
- */
-int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
-                                const char *not_after );
-
-/**
- * \brief           Set the issuer name for a Certificate
- *                  Issuer names should contain a comma-separated list
- *                  of OID types and values:
- *                  e.g. "C=UK,O=ARM,CN=mbed TLS CA"
- *
- * \param ctx           CRT context to use
- * \param issuer_name   issuer name to set
- *
- * \return          0 if issuer name was parsed successfully, or
- *                  a specific error code
- */
-int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
-                                   const char *issuer_name );
-
-/**
- * \brief           Set the subject name for a Certificate
- *                  Subject names should contain a comma-separated list
- *                  of OID types and values:
- *                  e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
- *
- * \param ctx           CRT context to use
- * \param subject_name  subject name to set
- *
- * \return          0 if subject name was parsed successfully, or
- *                  a specific error code
- */
-int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
-                                    const char *subject_name );
-
-/**
- * \brief           Set the subject public key for the certificate
- *
- * \param ctx       CRT context to use
- * \param key       public key to include
- */
-void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
-
-/**
- * \brief           Set the issuer key used for signing the certificate
- *
- * \param ctx       CRT context to use
- * \param key       private key to sign with
- */
-void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
-
-/**
- * \brief           Set the MD algorithm to use for the signature
- *                  (e.g. MBEDTLS_MD_SHA1)
- *
- * \param ctx       CRT context to use
- * \param md_alg    MD algorithm to use
- */
-void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
-
-/**
- * \brief           Generic function to add to or replace an extension in the
- *                  CRT
- *
- * \param ctx       CRT context to use
- * \param oid       OID of the extension
- * \param oid_len   length of the OID
- * \param critical  if the extension is critical (per the RFC's definition)
- * \param val       value of the extension OCTET STRING
- * \param val_len   length of the value data
- *
- * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
-                                 const char *oid, size_t oid_len,
-                                 int critical,
-                                 const unsigned char *val, size_t val_len );
-
-/**
- * \brief           Set the basicConstraints extension for a CRT
- *
- * \param ctx       CRT context to use
- * \param is_ca     is this a CA certificate
- * \param max_pathlen   maximum length of certificate chains below this
- *                      certificate (only for CA certificates, -1 is
- *                      inlimited)
- *
- * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
-                                         int is_ca, int max_pathlen );
-
-#if defined(MBEDTLS_SHA1_C)
-/**
- * \brief           Set the subjectKeyIdentifier extension for a CRT
- *                  Requires that mbedtls_x509write_crt_set_subject_key() has been
- *                  called before
- *
- * \param ctx       CRT context to use
- *
- * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
-
-/**
- * \brief           Set the authorityKeyIdentifier extension for a CRT
- *                  Requires that mbedtls_x509write_crt_set_issuer_key() has been
- *                  called before
- *
- * \param ctx       CRT context to use
- *
- * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
-#endif /* MBEDTLS_SHA1_C */
-
-/**
- * \brief           Set the Key Usage Extension flags
- *                  (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
- *
- * \param ctx       CRT context to use
- * \param key_usage key usage flags to set
- *
- * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
-                                         unsigned int key_usage );
-
-/**
- * \brief           Set the Netscape Cert Type flags
- *                  (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
- *
- * \param ctx           CRT context to use
- * \param ns_cert_type  Netscape Cert Type flags to set
- *
- * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
-                                    unsigned char ns_cert_type );
-
-/**
- * \brief           Free the contents of a CRT write context
- *
- * \param ctx       CRT context to free
- */
-void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
-
-/**
- * \brief           Write a built up certificate to a X509 DER structure
- *                  Note: data is written at the end of the buffer! Use the
- *                        return value to determine where you should start
- *                        using the buffer
- *
- * \param ctx       certificate to write away
- * \param buf       buffer to write to
- * \param size      size of the buffer
- * \param f_rng     RNG function (for signature, see note)
- * \param p_rng     RNG parameter
- *
- * \return          length of data written if successful, or a specific
- *                  error code
- *
- * \note            f_rng may be NULL if RSA is used for signature and the
- *                  signature is made offline (otherwise f_rng is desirable
- *                  for countermeasures against timing attacks).
- *                  ECDSA signatures always require a non-NULL f_rng.
- */
-int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng );
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-/**
- * \brief           Write a built up certificate to a X509 PEM string
- *
- * \param ctx       certificate to write away
- * \param buf       buffer to write to
- * \param size      size of the buffer
- * \param f_rng     RNG function (for signature, see note)
- * \param p_rng     RNG parameter
- *
- * \return          0 if successful, or a specific error code
- *
- * \note            f_rng may be NULL if RSA is used for signature and the
- *                  signature is made offline (otherwise f_rng is desirable
- *                  for countermeasures against timing attacks).
- *                  ECDSA signatures always require a non-NULL f_rng.
- */
-int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng );
-#endif /* MBEDTLS_PEM_WRITE_C */
-#endif /* MBEDTLS_X509_CRT_WRITE_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_x509_crt.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/x509_csr.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/x509_csr.h
deleted file mode 100644
index 0c6ccad7..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/x509_csr.h
+++ /dev/null
@@ -1,299 +0,0 @@
-/**
- * \file x509_csr.h
- *
- * \brief X.509 certificate signing request parsing and writing
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_X509_CSR_H
-#define MBEDTLS_X509_CSR_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "x509.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \addtogroup x509_module
- * \{ */
-
-/**
- * \name Structures and functions for X.509 Certificate Signing Requests (CSR)
- * \{
- */
-
-/**
- * Certificate Signing Request (CSR) structure.
- */
-typedef struct mbedtls_x509_csr
-{
-    mbedtls_x509_buf raw;           /**< The raw CSR data (DER). */
-    mbedtls_x509_buf cri;           /**< The raw CertificateRequestInfo body (DER). */
-
-    int version;            /**< CSR version (1=v1). */
-
-    mbedtls_x509_buf  subject_raw;  /**< The raw subject data (DER). */
-    mbedtls_x509_name subject;      /**< The parsed subject data (named information object). */
-
-    mbedtls_pk_context pk;          /**< Container for the public key context. */
-
-    mbedtls_x509_buf sig_oid;
-    mbedtls_x509_buf sig;
-    mbedtls_md_type_t sig_md;       /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
-    mbedtls_pk_type_t sig_pk;       /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
-    void *sig_opts;         /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
-}
-mbedtls_x509_csr;
-
-/**
- * Container for writing a CSR
- */
-typedef struct mbedtls_x509write_csr
-{
-    mbedtls_pk_context *key;
-    mbedtls_asn1_named_data *subject;
-    mbedtls_md_type_t md_alg;
-    mbedtls_asn1_named_data *extensions;
-}
-mbedtls_x509write_csr;
-
-#if defined(MBEDTLS_X509_CSR_PARSE_C)
-/**
- * \brief          Load a Certificate Signing Request (CSR) in DER format
- *
- * \note           CSR attributes (if any) are currently silently ignored.
- *
- * \param csr      CSR context to fill
- * \param buf      buffer holding the CRL data
- * \param buflen   size of the buffer
- *
- * \return         0 if successful, or a specific X509 error code
- */
-int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
-                        const unsigned char *buf, size_t buflen );
-
-/**
- * \brief          Load a Certificate Signing Request (CSR), DER or PEM format
- *
- * \note           See notes for \c mbedtls_x509_csr_parse_der()
- *
- * \param csr      CSR context to fill
- * \param buf      buffer holding the CRL data
- * \param buflen   size of the buffer
- *                 (including the terminating null byte for PEM data)
- *
- * \return         0 if successful, or a specific X509 or PEM error code
- */
-int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief          Load a Certificate Signing Request (CSR)
- *
- * \note           See notes for \c mbedtls_x509_csr_parse()
- *
- * \param csr      CSR context to fill
- * \param path     filename to read the CSR from
- *
- * \return         0 if successful, or a specific X509 or PEM error code
- */
-int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief          Returns an informational string about the
- *                 CSR.
- *
- * \param buf      Buffer to write to
- * \param size     Maximum size of buffer
- * \param prefix   A line prefix
- * \param csr      The X509 CSR to represent
- *
- * \return         The length of the string written (not including the
- *                 terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
-                   const mbedtls_x509_csr *csr );
-
-/**
- * \brief          Initialize a CSR
- *
- * \param csr      CSR to initialize
- */
-void mbedtls_x509_csr_init( mbedtls_x509_csr *csr );
-
-/**
- * \brief          Unallocate all CSR data
- *
- * \param csr      CSR to free
- */
-void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
-#endif /* MBEDTLS_X509_CSR_PARSE_C */
-
-/* \} name */
-/* \} addtogroup x509_module */
-
-#if defined(MBEDTLS_X509_CSR_WRITE_C)
-/**
- * \brief           Initialize a CSR context
- *
- * \param ctx       CSR context to initialize
- */
-void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx );
-
-/**
- * \brief           Set the subject name for a CSR
- *                  Subject names should contain a comma-separated list
- *                  of OID types and values:
- *                  e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
- *
- * \param ctx           CSR context to use
- * \param subject_name  subject name to set
- *
- * \return          0 if subject name was parsed successfully, or
- *                  a specific error code
- */
-int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
-                                    const char *subject_name );
-
-/**
- * \brief           Set the key for a CSR (public key will be included,
- *                  private key used to sign the CSR when writing it)
- *
- * \param ctx       CSR context to use
- * \param key       Asymetric key to include
- */
-void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
-
-/**
- * \brief           Set the MD algorithm to use for the signature
- *                  (e.g. MBEDTLS_MD_SHA1)
- *
- * \param ctx       CSR context to use
- * \param md_alg    MD algorithm to use
- */
-void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg );
-
-/**
- * \brief           Set the Key Usage Extension flags
- *                  (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
- *
- * \param ctx       CSR context to use
- * \param key_usage key usage flags to set
- *
- * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage );
-
-/**
- * \brief           Set the Netscape Cert Type flags
- *                  (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
- *
- * \param ctx           CSR context to use
- * \param ns_cert_type  Netscape Cert Type flags to set
- *
- * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
-                                    unsigned char ns_cert_type );
-
-/**
- * \brief           Generic function to add to or replace an extension in the
- *                  CSR
- *
- * \param ctx       CSR context to use
- * \param oid       OID of the extension
- * \param oid_len   length of the OID
- * \param val       value of the extension OCTET STRING
- * \param val_len   length of the value data
- *
- * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
-                                 const char *oid, size_t oid_len,
-                                 const unsigned char *val, size_t val_len );
-
-/**
- * \brief           Free the contents of a CSR context
- *
- * \param ctx       CSR context to free
- */
-void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx );
-
-/**
- * \brief           Write a CSR (Certificate Signing Request) to a
- *                  DER structure
- *                  Note: data is written at the end of the buffer! Use the
- *                        return value to determine where you should start
- *                        using the buffer
- *
- * \param ctx       CSR to write away
- * \param buf       buffer to write to
- * \param size      size of the buffer
- * \param f_rng     RNG function (for signature, see note)
- * \param p_rng     RNG parameter
- *
- * \return          length of data written if successful, or a specific
- *                  error code
- *
- * \note            f_rng may be NULL if RSA is used for signature and the
- *                  signature is made offline (otherwise f_rng is desirable
- *                  for countermeasures against timing attacks).
- *                  ECDSA signatures always require a non-NULL f_rng.
- */
-int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng );
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-/**
- * \brief           Write a CSR (Certificate Signing Request) to a
- *                  PEM string
- *
- * \param ctx       CSR to write away
- * \param buf       buffer to write to
- * \param size      size of the buffer
- * \param f_rng     RNG function (for signature, see note)
- * \param p_rng     RNG parameter
- *
- * \return          0 if successful, or a specific error code
- *
- * \note            f_rng may be NULL if RSA is used for signature and the
- *                  signature is made offline (otherwise f_rng is desirable
- *                  for countermeasures against timing attacks).
- *                  ECDSA signatures always require a non-NULL f_rng.
- */
-int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng );
-#endif /* MBEDTLS_PEM_WRITE_C */
-#endif /* MBEDTLS_X509_CSR_WRITE_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_x509_csr.h */
diff --git a/components/ssl/mbedtls/mbedtls/include/mbedtls/xtea.h b/components/ssl/mbedtls/mbedtls/include/mbedtls/xtea.h
deleted file mode 100644
index 34ccee3c..00000000
--- a/components/ssl/mbedtls/mbedtls/include/mbedtls/xtea.h
+++ /dev/null
@@ -1,141 +0,0 @@
-/**
- * \file xtea.h
- *
- * \brief XTEA block cipher (32-bit)
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-#ifndef MBEDTLS_XTEA_H
-#define MBEDTLS_XTEA_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#define MBEDTLS_XTEA_ENCRYPT     1
-#define MBEDTLS_XTEA_DECRYPT     0
-
-#define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH             -0x0028  /**< The data input has an invalid length. */
-#define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED                  -0x0029  /**< XTEA hardware accelerator failed. */
-
-#if !defined(MBEDTLS_XTEA_ALT)
-// Regular implementation
-//
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          XTEA context structure
- */
-typedef struct
-{
-    uint32_t k[4];       /*!< key */
-}
-mbedtls_xtea_context;
-
-/**
- * \brief          Initialize XTEA context
- *
- * \param ctx      XTEA context to be initialized
- */
-void mbedtls_xtea_init( mbedtls_xtea_context *ctx );
-
-/**
- * \brief          Clear XTEA context
- *
- * \param ctx      XTEA context to be cleared
- */
-void mbedtls_xtea_free( mbedtls_xtea_context *ctx );
-
-/**
- * \brief          XTEA key schedule
- *
- * \param ctx      XTEA context to be initialized
- * \param key      the secret key
- */
-void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] );
-
-/**
- * \brief          XTEA cipher function
- *
- * \param ctx      XTEA context
- * \param mode     MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT
- * \param input    8-byte input block
- * \param output   8-byte output block
- *
- * \return         0 if successful
- */
-int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx,
-                    int mode,
-                    const unsigned char input[8],
-                    unsigned char output[8] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief          XTEA CBC cipher function
- *
- * \param ctx      XTEA context
- * \param mode     MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT
- * \param length   the length of input, multiple of 8
- * \param iv       initialization vector for CBC mode
- * \param input    input block
- * \param output   output block
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0
- */
-int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[8],
-                    const unsigned char *input,
-                    unsigned char *output);
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#ifdef __cplusplus
-}
-#endif
-
-#else  /* MBEDTLS_XTEA_ALT */
-#include "xtea_alt.h"
-#endif /* MBEDTLS_XTEA_ALT */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mbedtls_xtea_self_test( int verbose );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* xtea.h */
diff --git a/components/ssl/mbedtls/mbedtls/library/aes.c b/components/ssl/mbedtls/mbedtls/library/aes.c
deleted file mode 100644
index 3d2eac82..00000000
--- a/components/ssl/mbedtls/mbedtls/library/aes.c
+++ /dev/null
@@ -1,1530 +0,0 @@
-/*
- *  FIPS-197 compliant AES implementation
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
- *
- *  http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
- *  http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_AES_C)
-
-#include <string.h>
-
-#include "mbedtls/aes.h"
-#if defined(MBEDTLS_PADLOCK_C)
-#include "mbedtls/padlock.h"
-#endif
-#if defined(MBEDTLS_AESNI_C)
-#include "mbedtls/aesni.h"
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#if !defined(MBEDTLS_AES_ALT)
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
-/*
- * 32-bit integer manipulation macros (little endian)
- */
-#ifndef GET_UINT32_LE
-#define GET_UINT32_LE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ]       )             \
-        | ( (uint32_t) (b)[(i) + 1] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 2] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 3] << 24 );            \
-}
-#endif
-
-#ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i)                                    \
-{                                                               \
-    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
-    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
-    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
-    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
-}
-#endif
-
-#if defined(MBEDTLS_PADLOCK_C) &&                      \
-    ( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
-static int aes_padlock_ace = -1;
-#endif
-
-#if defined(MBEDTLS_AES_ROM_TABLES)
-/*
- * Forward S-box
- */
-static const unsigned char FSb[256] =
-{
-    0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
-    0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
-    0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
-    0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
-    0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
-    0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
-    0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
-    0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
-    0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
-    0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
-    0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
-    0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
-    0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
-    0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
-    0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
-    0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
-    0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
-    0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
-    0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
-    0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
-    0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
-    0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
-    0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
-    0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
-    0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
-    0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
-    0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
-    0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
-    0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
-    0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
-    0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
-    0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
-};
-
-/*
- * Forward tables
- */
-#define FT \
-\
-    V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \
-    V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \
-    V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \
-    V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \
-    V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \
-    V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \
-    V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \
-    V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \
-    V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \
-    V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \
-    V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \
-    V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \
-    V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \
-    V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \
-    V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \
-    V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \
-    V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \
-    V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \
-    V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \
-    V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \
-    V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \
-    V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \
-    V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \
-    V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \
-    V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \
-    V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \
-    V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \
-    V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \
-    V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \
-    V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \
-    V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \
-    V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \
-    V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \
-    V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \
-    V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \
-    V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \
-    V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \
-    V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \
-    V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \
-    V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \
-    V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \
-    V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \
-    V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \
-    V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \
-    V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \
-    V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \
-    V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \
-    V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \
-    V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \
-    V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \
-    V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \
-    V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \
-    V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \
-    V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \
-    V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \
-    V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \
-    V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \
-    V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \
-    V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \
-    V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \
-    V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \
-    V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \
-    V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \
-    V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C)
-
-#define V(a,b,c,d) 0x##a##b##c##d
-static const uint32_t FT0[256] = { FT };
-#undef V
-
-#define V(a,b,c,d) 0x##b##c##d##a
-static const uint32_t FT1[256] = { FT };
-#undef V
-
-#define V(a,b,c,d) 0x##c##d##a##b
-static const uint32_t FT2[256] = { FT };
-#undef V
-
-#define V(a,b,c,d) 0x##d##a##b##c
-static const uint32_t FT3[256] = { FT };
-#undef V
-
-#undef FT
-
-/*
- * Reverse S-box
- */
-static const unsigned char RSb[256] =
-{
-    0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
-    0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
-    0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
-    0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
-    0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
-    0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
-    0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
-    0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
-    0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
-    0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
-    0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
-    0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
-    0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
-    0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
-    0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
-    0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
-    0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
-    0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
-    0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
-    0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
-    0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
-    0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
-    0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
-    0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
-    0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
-    0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
-    0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
-    0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
-    0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
-    0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
-    0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
-    0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
-};
-
-/*
- * Reverse tables
- */
-#define RT \
-\
-    V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \
-    V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \
-    V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \
-    V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \
-    V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \
-    V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \
-    V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \
-    V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \
-    V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \
-    V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \
-    V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \
-    V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \
-    V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \
-    V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \
-    V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \
-    V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \
-    V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \
-    V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \
-    V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \
-    V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \
-    V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \
-    V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \
-    V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \
-    V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \
-    V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \
-    V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \
-    V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \
-    V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \
-    V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \
-    V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \
-    V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \
-    V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \
-    V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \
-    V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \
-    V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \
-    V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \
-    V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \
-    V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \
-    V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \
-    V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \
-    V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \
-    V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \
-    V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \
-    V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \
-    V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \
-    V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \
-    V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \
-    V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \
-    V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \
-    V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \
-    V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \
-    V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \
-    V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \
-    V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \
-    V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \
-    V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \
-    V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \
-    V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \
-    V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \
-    V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \
-    V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \
-    V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \
-    V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
-    V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
-
-#define V(a,b,c,d) 0x##a##b##c##d
-static const uint32_t RT0[256] = { RT };
-#undef V
-
-#define V(a,b,c,d) 0x##b##c##d##a
-static const uint32_t RT1[256] = { RT };
-#undef V
-
-#define V(a,b,c,d) 0x##c##d##a##b
-static const uint32_t RT2[256] = { RT };
-#undef V
-
-#define V(a,b,c,d) 0x##d##a##b##c
-static const uint32_t RT3[256] = { RT };
-#undef V
-
-#undef RT
-
-/*
- * Round constants
- */
-static const uint32_t RCON[10] =
-{
-    0x00000001, 0x00000002, 0x00000004, 0x00000008,
-    0x00000010, 0x00000020, 0x00000040, 0x00000080,
-    0x0000001B, 0x00000036
-};
-
-#else /* MBEDTLS_AES_ROM_TABLES */
-
-/*
- * Forward S-box & tables
- */
-static unsigned char FSb[256];
-static uint32_t FT0[256];
-static uint32_t FT1[256];
-static uint32_t FT2[256];
-static uint32_t FT3[256];
-
-/*
- * Reverse S-box & tables
- */
-static unsigned char RSb[256];
-static uint32_t RT0[256];
-static uint32_t RT1[256];
-static uint32_t RT2[256];
-static uint32_t RT3[256];
-
-/*
- * Round constants
- */
-static uint32_t RCON[10];
-
-/*
- * Tables generation code
- */
-#define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 )
-#define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) )
-#define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 )
-
-static int aes_init_done = 0;
-
-static void aes_gen_tables( void )
-{
-    int i, x, y, z;
-    int pow[256];
-    int log[256];
-
-    /*
-     * compute pow and log tables over GF(2^8)
-     */
-    for( i = 0, x = 1; i < 256; i++ )
-    {
-        pow[i] = x;
-        log[x] = i;
-        x = ( x ^ XTIME( x ) ) & 0xFF;
-    }
-
-    /*
-     * calculate the round constants
-     */
-    for( i = 0, x = 1; i < 10; i++ )
-    {
-        RCON[i] = (uint32_t) x;
-        x = XTIME( x ) & 0xFF;
-    }
-
-    /*
-     * generate the forward and reverse S-boxes
-     */
-    FSb[0x00] = 0x63;
-    RSb[0x63] = 0x00;
-
-    for( i = 1; i < 256; i++ )
-    {
-        x = pow[255 - log[i]];
-
-        y  = x; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
-        x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
-        x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
-        x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
-        x ^= y ^ 0x63;
-
-        FSb[i] = (unsigned char) x;
-        RSb[x] = (unsigned char) i;
-    }
-
-    /*
-     * generate the forward and reverse tables
-     */
-    for( i = 0; i < 256; i++ )
-    {
-        x = FSb[i];
-        y = XTIME( x ) & 0xFF;
-        z =  ( y ^ x ) & 0xFF;
-
-        FT0[i] = ( (uint32_t) y       ) ^
-                 ( (uint32_t) x <<  8 ) ^
-                 ( (uint32_t) x << 16 ) ^
-                 ( (uint32_t) z << 24 );
-
-        FT1[i] = ROTL8( FT0[i] );
-        FT2[i] = ROTL8( FT1[i] );
-        FT3[i] = ROTL8( FT2[i] );
-
-        x = RSb[i];
-
-        RT0[i] = ( (uint32_t) MUL( 0x0E, x )       ) ^
-                 ( (uint32_t) MUL( 0x09, x ) <<  8 ) ^
-                 ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^
-                 ( (uint32_t) MUL( 0x0B, x ) << 24 );
-
-        RT1[i] = ROTL8( RT0[i] );
-        RT2[i] = ROTL8( RT1[i] );
-        RT3[i] = ROTL8( RT2[i] );
-    }
-}
-
-#endif /* MBEDTLS_AES_ROM_TABLES */
-
-void mbedtls_aes_init( mbedtls_aes_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_aes_context ) );
-}
-
-void mbedtls_aes_free( mbedtls_aes_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_aes_context ) );
-}
-
-/*
- * AES key schedule (encryption)
- */
-#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
-int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keybits )
-{
-    unsigned int i;
-    uint32_t *RK;
-
-#if !defined(MBEDTLS_AES_ROM_TABLES)
-    if( aes_init_done == 0 )
-    {
-        aes_gen_tables();
-        aes_init_done = 1;
-
-    }
-#endif
-
-    switch( keybits )
-    {
-        case 128: ctx->nr = 10; break;
-        case 192: ctx->nr = 12; break;
-        case 256: ctx->nr = 14; break;
-        default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
-    }
-
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
-    if( aes_padlock_ace == -1 )
-        aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
-
-    if( aes_padlock_ace )
-        ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf );
-    else
-#endif
-    ctx->rk = RK = ctx->buf;
-
-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
-    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
-        return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) );
-#endif
-
-    for( i = 0; i < ( keybits >> 5 ); i++ )
-    {
-        GET_UINT32_LE( RK[i], key, i << 2 );
-    }
-
-    switch( ctx->nr )
-    {
-        case 10:
-
-            for( i = 0; i < 10; i++, RK += 4 )
-            {
-                RK[4]  = RK[0] ^ RCON[i] ^
-                ( (uint32_t) FSb[ ( RK[3] >>  8 ) & 0xFF ]       ) ^
-                ( (uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] <<  8 ) ^
-                ( (uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
-                ( (uint32_t) FSb[ ( RK[3]       ) & 0xFF ] << 24 );
-
-                RK[5]  = RK[1] ^ RK[4];
-                RK[6]  = RK[2] ^ RK[5];
-                RK[7]  = RK[3] ^ RK[6];
-            }
-            break;
-
-        case 12:
-
-            for( i = 0; i < 8; i++, RK += 6 )
-            {
-                RK[6]  = RK[0] ^ RCON[i] ^
-                ( (uint32_t) FSb[ ( RK[5] >>  8 ) & 0xFF ]       ) ^
-                ( (uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] <<  8 ) ^
-                ( (uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
-                ( (uint32_t) FSb[ ( RK[5]       ) & 0xFF ] << 24 );
-
-                RK[7]  = RK[1] ^ RK[6];
-                RK[8]  = RK[2] ^ RK[7];
-                RK[9]  = RK[3] ^ RK[8];
-                RK[10] = RK[4] ^ RK[9];
-                RK[11] = RK[5] ^ RK[10];
-            }
-            break;
-
-        case 14:
-
-            for( i = 0; i < 7; i++, RK += 8 )
-            {
-                RK[8]  = RK[0] ^ RCON[i] ^
-                ( (uint32_t) FSb[ ( RK[7] >>  8 ) & 0xFF ]       ) ^
-                ( (uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] <<  8 ) ^
-                ( (uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
-                ( (uint32_t) FSb[ ( RK[7]       ) & 0xFF ] << 24 );
-
-                RK[9]  = RK[1] ^ RK[8];
-                RK[10] = RK[2] ^ RK[9];
-                RK[11] = RK[3] ^ RK[10];
-
-                RK[12] = RK[4] ^
-                ( (uint32_t) FSb[ ( RK[11]       ) & 0xFF ]       ) ^
-                ( (uint32_t) FSb[ ( RK[11] >>  8 ) & 0xFF ] <<  8 ) ^
-                ( (uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
-                ( (uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 );
-
-                RK[13] = RK[5] ^ RK[12];
-                RK[14] = RK[6] ^ RK[13];
-                RK[15] = RK[7] ^ RK[14];
-            }
-            break;
-    }
-
-    return( 0 );
-}
-#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */
-
-/*
- * AES key schedule (decryption)
- */
-#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
-int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keybits )
-{
-    int i, j, ret;
-    mbedtls_aes_context cty;
-    uint32_t *RK;
-    uint32_t *SK;
-
-    mbedtls_aes_init( &cty );
-
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
-    if( aes_padlock_ace == -1 )
-        aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
-
-    if( aes_padlock_ace )
-        ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf );
-    else
-#endif
-    ctx->rk = RK = ctx->buf;
-
-    /* Also checks keybits */
-    if( ( ret = mbedtls_aes_setkey_enc( &cty, key, keybits ) ) != 0 )
-        goto exit;
-
-    ctx->nr = cty.nr;
-
-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
-    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
-    {
-        mbedtls_aesni_inverse_key( (unsigned char *) ctx->rk,
-                           (const unsigned char *) cty.rk, ctx->nr );
-        goto exit;
-    }
-#endif
-
-    SK = cty.rk + cty.nr * 4;
-
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-
-    for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 )
-    {
-        for( j = 0; j < 4; j++, SK++ )
-        {
-            *RK++ = RT0[ FSb[ ( *SK       ) & 0xFF ] ] ^
-                    RT1[ FSb[ ( *SK >>  8 ) & 0xFF ] ] ^
-                    RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^
-                    RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ];
-        }
-    }
-
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-
-exit:
-    mbedtls_aes_free( &cty );
-
-    return( ret );
-}
-#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
-
-#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3)     \
-{                                               \
-    X0 = *RK++ ^ FT0[ ( Y0       ) & 0xFF ] ^   \
-                 FT1[ ( Y1 >>  8 ) & 0xFF ] ^   \
-                 FT2[ ( Y2 >> 16 ) & 0xFF ] ^   \
-                 FT3[ ( Y3 >> 24 ) & 0xFF ];    \
-                                                \
-    X1 = *RK++ ^ FT0[ ( Y1       ) & 0xFF ] ^   \
-                 FT1[ ( Y2 >>  8 ) & 0xFF ] ^   \
-                 FT2[ ( Y3 >> 16 ) & 0xFF ] ^   \
-                 FT3[ ( Y0 >> 24 ) & 0xFF ];    \
-                                                \
-    X2 = *RK++ ^ FT0[ ( Y2       ) & 0xFF ] ^   \
-                 FT1[ ( Y3 >>  8 ) & 0xFF ] ^   \
-                 FT2[ ( Y0 >> 16 ) & 0xFF ] ^   \
-                 FT3[ ( Y1 >> 24 ) & 0xFF ];    \
-                                                \
-    X3 = *RK++ ^ FT0[ ( Y3       ) & 0xFF ] ^   \
-                 FT1[ ( Y0 >>  8 ) & 0xFF ] ^   \
-                 FT2[ ( Y1 >> 16 ) & 0xFF ] ^   \
-                 FT3[ ( Y2 >> 24 ) & 0xFF ];    \
-}
-
-#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3)     \
-{                                               \
-    X0 = *RK++ ^ RT0[ ( Y0       ) & 0xFF ] ^   \
-                 RT1[ ( Y3 >>  8 ) & 0xFF ] ^   \
-                 RT2[ ( Y2 >> 16 ) & 0xFF ] ^   \
-                 RT3[ ( Y1 >> 24 ) & 0xFF ];    \
-                                                \
-    X1 = *RK++ ^ RT0[ ( Y1       ) & 0xFF ] ^   \
-                 RT1[ ( Y0 >>  8 ) & 0xFF ] ^   \
-                 RT2[ ( Y3 >> 16 ) & 0xFF ] ^   \
-                 RT3[ ( Y2 >> 24 ) & 0xFF ];    \
-                                                \
-    X2 = *RK++ ^ RT0[ ( Y2       ) & 0xFF ] ^   \
-                 RT1[ ( Y1 >>  8 ) & 0xFF ] ^   \
-                 RT2[ ( Y0 >> 16 ) & 0xFF ] ^   \
-                 RT3[ ( Y3 >> 24 ) & 0xFF ];    \
-                                                \
-    X3 = *RK++ ^ RT0[ ( Y3       ) & 0xFF ] ^   \
-                 RT1[ ( Y2 >>  8 ) & 0xFF ] ^   \
-                 RT2[ ( Y1 >> 16 ) & 0xFF ] ^   \
-                 RT3[ ( Y0 >> 24 ) & 0xFF ];    \
-}
-
-/*
- * AES-ECB block encryption
- */
-#if !defined(MBEDTLS_AES_ENCRYPT_ALT)
-int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
-                                  const unsigned char input[16],
-                                  unsigned char output[16] )
-{
-    int i;
-    uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
-
-    RK = ctx->rk;
-
-    GET_UINT32_LE( X0, input,  0 ); X0 ^= *RK++;
-    GET_UINT32_LE( X1, input,  4 ); X1 ^= *RK++;
-    GET_UINT32_LE( X2, input,  8 ); X2 ^= *RK++;
-    GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
-
-    for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
-    {
-        AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
-        AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
-    }
-
-    AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
-
-    X0 = *RK++ ^ \
-            ( (uint32_t) FSb[ ( Y0       ) & 0xFF ]       ) ^
-            ( (uint32_t) FSb[ ( Y1 >>  8 ) & 0xFF ] <<  8 ) ^
-            ( (uint32_t) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
-            ( (uint32_t) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
-
-    X1 = *RK++ ^ \
-            ( (uint32_t) FSb[ ( Y1       ) & 0xFF ]       ) ^
-            ( (uint32_t) FSb[ ( Y2 >>  8 ) & 0xFF ] <<  8 ) ^
-            ( (uint32_t) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
-            ( (uint32_t) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
-
-    X2 = *RK++ ^ \
-            ( (uint32_t) FSb[ ( Y2       ) & 0xFF ]       ) ^
-            ( (uint32_t) FSb[ ( Y3 >>  8 ) & 0xFF ] <<  8 ) ^
-            ( (uint32_t) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
-            ( (uint32_t) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
-
-    X3 = *RK++ ^ \
-            ( (uint32_t) FSb[ ( Y3       ) & 0xFF ]       ) ^
-            ( (uint32_t) FSb[ ( Y0 >>  8 ) & 0xFF ] <<  8 ) ^
-            ( (uint32_t) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
-            ( (uint32_t) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
-
-    PUT_UINT32_LE( X0, output,  0 );
-    PUT_UINT32_LE( X1, output,  4 );
-    PUT_UINT32_LE( X2, output,  8 );
-    PUT_UINT32_LE( X3, output, 12 );
-
-    return( 0 );
-}
-#endif /* !MBEDTLS_AES_ENCRYPT_ALT */
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
-                          const unsigned char input[16],
-                          unsigned char output[16] )
-{
-    mbedtls_internal_aes_encrypt( ctx, input, output );
-}
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/*
- * AES-ECB block decryption
- */
-#if !defined(MBEDTLS_AES_DECRYPT_ALT)
-int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
-                                  const unsigned char input[16],
-                                  unsigned char output[16] )
-{
-    int i;
-    uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
-
-    RK = ctx->rk;
-
-    GET_UINT32_LE( X0, input,  0 ); X0 ^= *RK++;
-    GET_UINT32_LE( X1, input,  4 ); X1 ^= *RK++;
-    GET_UINT32_LE( X2, input,  8 ); X2 ^= *RK++;
-    GET_UINT32_LE( X3, input, 12 ); X3 ^= *RK++;
-
-    for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
-    {
-        AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
-        AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
-    }
-
-    AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
-
-    X0 = *RK++ ^ \
-            ( (uint32_t) RSb[ ( Y0       ) & 0xFF ]       ) ^
-            ( (uint32_t) RSb[ ( Y3 >>  8 ) & 0xFF ] <<  8 ) ^
-            ( (uint32_t) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
-            ( (uint32_t) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
-
-    X1 = *RK++ ^ \
-            ( (uint32_t) RSb[ ( Y1       ) & 0xFF ]       ) ^
-            ( (uint32_t) RSb[ ( Y0 >>  8 ) & 0xFF ] <<  8 ) ^
-            ( (uint32_t) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
-            ( (uint32_t) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
-
-    X2 = *RK++ ^ \
-            ( (uint32_t) RSb[ ( Y2       ) & 0xFF ]       ) ^
-            ( (uint32_t) RSb[ ( Y1 >>  8 ) & 0xFF ] <<  8 ) ^
-            ( (uint32_t) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
-            ( (uint32_t) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
-
-    X3 = *RK++ ^ \
-            ( (uint32_t) RSb[ ( Y3       ) & 0xFF ]       ) ^
-            ( (uint32_t) RSb[ ( Y2 >>  8 ) & 0xFF ] <<  8 ) ^
-            ( (uint32_t) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
-            ( (uint32_t) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
-
-    PUT_UINT32_LE( X0, output,  0 );
-    PUT_UINT32_LE( X1, output,  4 );
-    PUT_UINT32_LE( X2, output,  8 );
-    PUT_UINT32_LE( X3, output, 12 );
-
-    return( 0 );
-}
-#endif /* !MBEDTLS_AES_DECRYPT_ALT */
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
-                          const unsigned char input[16],
-                          unsigned char output[16] )
-{
-    mbedtls_internal_aes_decrypt( ctx, input, output );
-}
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/*
- * AES-ECB block encryption/decryption
- */
-int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
-                    int mode,
-                    const unsigned char input[16],
-                    unsigned char output[16] )
-{
-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
-    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
-        return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) );
-#endif
-
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
-    if( aes_padlock_ace )
-    {
-        if( mbedtls_padlock_xcryptecb( ctx, mode, input, output ) == 0 )
-            return( 0 );
-
-        // If padlock data misaligned, we just fall back to
-        // unaccelerated mode
-        //
-    }
-#endif
-
-    if( mode == MBEDTLS_AES_ENCRYPT )
-        return( mbedtls_internal_aes_encrypt( ctx, input, output ) );
-    else
-        return( mbedtls_internal_aes_decrypt( ctx, input, output ) );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/*
- * AES-CBC buffer encryption/decryption
- */
-int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[16],
-                    const unsigned char *input,
-                    unsigned char *output )
-{
-    int i;
-    unsigned char temp[16];
-
-    if( length % 16 )
-        return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
-
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
-    if( aes_padlock_ace )
-    {
-        if( mbedtls_padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 )
-            return( 0 );
-
-        // If padlock data misaligned, we just fall back to
-        // unaccelerated mode
-        //
-    }
-#endif
-
-    if( mode == MBEDTLS_AES_DECRYPT )
-    {
-        while( length > 0 )
-        {
-            memcpy( temp, input, 16 );
-            mbedtls_aes_crypt_ecb( ctx, mode, input, output );
-
-            for( i = 0; i < 16; i++ )
-                output[i] = (unsigned char)( output[i] ^ iv[i] );
-
-            memcpy( iv, temp, 16 );
-
-            input  += 16;
-            output += 16;
-            length -= 16;
-        }
-    }
-    else
-    {
-        while( length > 0 )
-        {
-            for( i = 0; i < 16; i++ )
-                output[i] = (unsigned char)( input[i] ^ iv[i] );
-
-            mbedtls_aes_crypt_ecb( ctx, mode, output, output );
-            memcpy( iv, output, 16 );
-
-            input  += 16;
-            output += 16;
-            length -= 16;
-        }
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/*
- * AES-CFB128 buffer encryption/decryption
- */
-int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
-                       int mode,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    int c;
-    size_t n = *iv_off;
-
-    if( mode == MBEDTLS_AES_DECRYPT )
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-                mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
-
-            c = *input++;
-            *output++ = (unsigned char)( c ^ iv[n] );
-            iv[n] = (unsigned char) c;
-
-            n = ( n + 1 ) & 0x0F;
-        }
-    }
-    else
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-                mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
-
-            iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
-
-            n = ( n + 1 ) & 0x0F;
-        }
-    }
-
-    *iv_off = n;
-
-    return( 0 );
-}
-
-/*
- * AES-CFB8 buffer encryption/decryption
- */
-int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
-                       int mode,
-                       size_t length,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    unsigned char c;
-    unsigned char ov[17];
-
-    while( length-- )
-    {
-        memcpy( ov, iv, 16 );
-        mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
-
-        if( mode == MBEDTLS_AES_DECRYPT )
-            ov[16] = *input;
-
-        c = *output++ = (unsigned char)( iv[0] ^ *input++ );
-
-        if( mode == MBEDTLS_AES_ENCRYPT )
-            ov[16] = c;
-
-        memcpy( iv, ov + 1, 16 );
-    }
-
-    return( 0 );
-}
-#endif /*MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/*
- * AES-CTR buffer encryption/decryption
- */
-int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[16],
-                       unsigned char stream_block[16],
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    int c, i;
-    size_t n = *nc_off;
-
-    while( length-- )
-    {
-        if( n == 0 ) {
-            mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
-
-            for( i = 16; i > 0; i-- )
-                if( ++nonce_counter[i - 1] != 0 )
-                    break;
-        }
-        c = *input++;
-        *output++ = (unsigned char)( c ^ stream_block[n] );
-
-        n = ( n + 1 ) & 0x0F;
-    }
-
-    *nc_off = n;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#endif /* !MBEDTLS_AES_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * AES test vectors from:
- *
- * http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip
- */
-static const unsigned char aes_test_ecb_dec[3][16] =
-{
-    { 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58,
-      0x33, 0x03, 0x91, 0x7E, 0x6B, 0xE9, 0xEB, 0xE0 },
-    { 0x48, 0xE3, 0x1E, 0x9E, 0x25, 0x67, 0x18, 0xF2,
-      0x92, 0x29, 0x31, 0x9C, 0x19, 0xF1, 0x5B, 0xA4 },
-    { 0x05, 0x8C, 0xCF, 0xFD, 0xBB, 0xCB, 0x38, 0x2D,
-      0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE }
-};
-
-static const unsigned char aes_test_ecb_enc[3][16] =
-{
-    { 0xC3, 0x4C, 0x05, 0x2C, 0xC0, 0xDA, 0x8D, 0x73,
-      0x45, 0x1A, 0xFE, 0x5F, 0x03, 0xBE, 0x29, 0x7F },
-    { 0xF3, 0xF6, 0x75, 0x2A, 0xE8, 0xD7, 0x83, 0x11,
-      0x38, 0xF0, 0x41, 0x56, 0x06, 0x31, 0xB1, 0x14 },
-    { 0x8B, 0x79, 0xEE, 0xCC, 0x93, 0xA0, 0xEE, 0x5D,
-      0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 }
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const unsigned char aes_test_cbc_dec[3][16] =
-{
-    { 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73,
-      0xDF, 0x70, 0x6E, 0x73, 0xF7, 0xC9, 0xAF, 0x86 },
-    { 0x5D, 0xF6, 0x78, 0xDD, 0x17, 0xBA, 0x4E, 0x75,
-      0xB6, 0x17, 0x68, 0xC6, 0xAD, 0xEF, 0x7C, 0x7B },
-    { 0x48, 0x04, 0xE1, 0x81, 0x8F, 0xE6, 0x29, 0x75,
-      0x19, 0xA3, 0xE8, 0x8C, 0x57, 0x31, 0x04, 0x13 }
-};
-
-static const unsigned char aes_test_cbc_enc[3][16] =
-{
-    { 0x8A, 0x05, 0xFC, 0x5E, 0x09, 0x5A, 0xF4, 0x84,
-      0x8A, 0x08, 0xD3, 0x28, 0xD3, 0x68, 0x8E, 0x3D },
-    { 0x7B, 0xD9, 0x66, 0xD5, 0x3A, 0xD8, 0xC1, 0xBB,
-      0x85, 0xD2, 0xAD, 0xFA, 0xE8, 0x7B, 0xB1, 0x04 },
-    { 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5,
-      0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 }
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/*
- * AES-CFB128 test vectors from:
- *
- * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
- */
-static const unsigned char aes_test_cfb128_key[3][32] =
-{
-    { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
-      0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C },
-    { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
-      0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
-      0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B },
-    { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
-      0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
-      0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
-      0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
-};
-
-static const unsigned char aes_test_cfb128_iv[16] =
-{
-    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-    0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
-};
-
-static const unsigned char aes_test_cfb128_pt[64] =
-{
-    0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
-    0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
-    0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
-    0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51,
-    0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
-    0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF,
-    0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17,
-    0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10
-};
-
-static const unsigned char aes_test_cfb128_ct[3][64] =
-{
-    { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20,
-      0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A,
-      0xC8, 0xA6, 0x45, 0x37, 0xA0, 0xB3, 0xA9, 0x3F,
-      0xCD, 0xE3, 0xCD, 0xAD, 0x9F, 0x1C, 0xE5, 0x8B,
-      0x26, 0x75, 0x1F, 0x67, 0xA3, 0xCB, 0xB1, 0x40,
-      0xB1, 0x80, 0x8C, 0xF1, 0x87, 0xA4, 0xF4, 0xDF,
-      0xC0, 0x4B, 0x05, 0x35, 0x7C, 0x5D, 0x1C, 0x0E,
-      0xEA, 0xC4, 0xC6, 0x6F, 0x9F, 0xF7, 0xF2, 0xE6 },
-    { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB,
-      0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74,
-      0x67, 0xCE, 0x7F, 0x7F, 0x81, 0x17, 0x36, 0x21,
-      0x96, 0x1A, 0x2B, 0x70, 0x17, 0x1D, 0x3D, 0x7A,
-      0x2E, 0x1E, 0x8A, 0x1D, 0xD5, 0x9B, 0x88, 0xB1,
-      0xC8, 0xE6, 0x0F, 0xED, 0x1E, 0xFA, 0xC4, 0xC9,
-      0xC0, 0x5F, 0x9F, 0x9C, 0xA9, 0x83, 0x4F, 0xA0,
-      0x42, 0xAE, 0x8F, 0xBA, 0x58, 0x4B, 0x09, 0xFF },
-    { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B,
-      0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60,
-      0x39, 0xFF, 0xED, 0x14, 0x3B, 0x28, 0xB1, 0xC8,
-      0x32, 0x11, 0x3C, 0x63, 0x31, 0xE5, 0x40, 0x7B,
-      0xDF, 0x10, 0x13, 0x24, 0x15, 0xE5, 0x4B, 0x92,
-      0xA1, 0x3E, 0xD0, 0xA8, 0x26, 0x7A, 0xE2, 0xF9,
-      0x75, 0xA3, 0x85, 0x74, 0x1A, 0xB9, 0xCE, 0xF8,
-      0x20, 0x31, 0x62, 0x3D, 0x55, 0xB1, 0xE4, 0x71 }
-};
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/*
- * AES-CTR test vectors from:
- *
- * http://www.faqs.org/rfcs/rfc3686.html
- */
-
-static const unsigned char aes_test_ctr_key[3][16] =
-{
-    { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
-      0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
-    { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
-      0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
-    { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
-      0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
-};
-
-static const unsigned char aes_test_ctr_nonce_counter[3][16] =
-{
-    { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
-    { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
-      0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
-    { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
-      0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
-};
-
-static const unsigned char aes_test_ctr_pt[3][48] =
-{
-    { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
-      0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
-
-    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-      0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
-
-    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-      0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
-      0x20, 0x21, 0x22, 0x23 }
-};
-
-static const unsigned char aes_test_ctr_ct[3][48] =
-{
-    { 0xE4, 0x09, 0x5D, 0x4F, 0xB7, 0xA7, 0xB3, 0x79,
-      0x2D, 0x61, 0x75, 0xA3, 0x26, 0x13, 0x11, 0xB8 },
-    { 0x51, 0x04, 0xA1, 0x06, 0x16, 0x8A, 0x72, 0xD9,
-      0x79, 0x0D, 0x41, 0xEE, 0x8E, 0xDA, 0xD3, 0x88,
-      0xEB, 0x2E, 0x1E, 0xFC, 0x46, 0xDA, 0x57, 0xC8,
-      0xFC, 0xE6, 0x30, 0xDF, 0x91, 0x41, 0xBE, 0x28 },
-    { 0xC1, 0xCF, 0x48, 0xA8, 0x9F, 0x2F, 0xFD, 0xD9,
-      0xCF, 0x46, 0x52, 0xE9, 0xEF, 0xDB, 0x72, 0xD7,
-      0x45, 0x40, 0xA4, 0x2B, 0xDE, 0x6D, 0x78, 0x36,
-      0xD5, 0x9A, 0x5C, 0xEA, 0xAE, 0xF3, 0x10, 0x53,
-      0x25, 0xB2, 0x07, 0x2F }
-};
-
-static const int aes_test_ctr_len[3] =
-    { 16, 32, 36 };
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-/*
- * Checkup routine
- */
-int mbedtls_aes_self_test( int verbose )
-{
-    int ret = 0, i, j, u, mode;
-    unsigned int keybits;
-    unsigned char key[32];
-    unsigned char buf[64];
-    const unsigned char *aes_tests;
-#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)
-    unsigned char iv[16];
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    unsigned char prv[16];
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR) || defined(MBEDTLS_CIPHER_MODE_CFB)
-    size_t offset;
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    int len;
-    unsigned char nonce_counter[16];
-    unsigned char stream_block[16];
-#endif
-    mbedtls_aes_context ctx;
-
-    memset( key, 0, 32 );
-    mbedtls_aes_init( &ctx );
-
-    /*
-     * ECB mode
-     */
-    for( i = 0; i < 6; i++ )
-    {
-        u = i >> 1;
-        keybits = 128 + u * 64;
-        mode = i & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  AES-ECB-%3d (%s): ", keybits,
-                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
-
-        memset( buf, 0, 16 );
-
-        if( mode == MBEDTLS_AES_DECRYPT )
-        {
-            ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
-            aes_tests = aes_test_ecb_dec[u];
-        }
-        else
-        {
-            ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
-            aes_tests = aes_test_ecb_enc[u];
-        }
-
-        /*
-         * AES-192 is an optional feature that may be unavailable when
-         * there is an alternative underlying implementation i.e. when
-         * MBEDTLS_AES_ALT is defined.
-         */
-        if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
-        {
-            mbedtls_printf( "skipped\n" );
-            continue;
-        }
-        else if( ret != 0 )
-        {
-            goto exit;
-        }
-
-        for( j = 0; j < 10000; j++ )
-        {
-            ret = mbedtls_aes_crypt_ecb( &ctx, mode, buf, buf );
-            if( ret != 0 )
-                goto exit;
-        }
-
-        if( memcmp( buf, aes_tests, 16 ) != 0 )
-        {
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    /*
-     * CBC mode
-     */
-    for( i = 0; i < 6; i++ )
-    {
-        u = i >> 1;
-        keybits = 128 + u * 64;
-        mode = i & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  AES-CBC-%3d (%s): ", keybits,
-                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
-
-        memset( iv , 0, 16 );
-        memset( prv, 0, 16 );
-        memset( buf, 0, 16 );
-
-        if( mode == MBEDTLS_AES_DECRYPT )
-        {
-            ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
-            aes_tests = aes_test_cbc_dec[u];
-        }
-        else
-        {
-            ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
-            aes_tests = aes_test_cbc_enc[u];
-        }
-
-        /*
-         * AES-192 is an optional feature that may be unavailable when
-         * there is an alternative underlying implementation i.e. when
-         * MBEDTLS_AES_ALT is defined.
-         */
-        if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
-        {
-            mbedtls_printf( "skipped\n" );
-            continue;
-        }
-        else if( ret != 0 )
-        {
-            goto exit;
-        }
-
-        for( j = 0; j < 10000; j++ )
-        {
-            if( mode == MBEDTLS_AES_ENCRYPT )
-            {
-                unsigned char tmp[16];
-
-                memcpy( tmp, prv, 16 );
-                memcpy( prv, buf, 16 );
-                memcpy( buf, tmp, 16 );
-            }
-
-            ret = mbedtls_aes_crypt_cbc( &ctx, mode, 16, iv, buf, buf );
-            if( ret != 0 )
-                goto exit;
-
-        }
-
-        if( memcmp( buf, aes_tests, 16 ) != 0 )
-        {
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    /*
-     * CFB128 mode
-     */
-    for( i = 0; i < 6; i++ )
-    {
-        u = i >> 1;
-        keybits = 128 + u * 64;
-        mode = i & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  AES-CFB128-%3d (%s): ", keybits,
-                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
-
-        memcpy( iv,  aes_test_cfb128_iv, 16 );
-        memcpy( key, aes_test_cfb128_key[u], keybits / 8 );
-
-        offset = 0;
-        ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
-        /*
-         * AES-192 is an optional feature that may be unavailable when
-         * there is an alternative underlying implementation i.e. when
-         * MBEDTLS_AES_ALT is defined.
-         */
-        if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
-        {
-            mbedtls_printf( "skipped\n" );
-            continue;
-        }
-        else if( ret != 0 )
-        {
-            goto exit;
-        }
-
-        if( mode == MBEDTLS_AES_DECRYPT )
-        {
-            memcpy( buf, aes_test_cfb128_ct[u], 64 );
-            aes_tests = aes_test_cfb128_pt;
-        }
-        else
-        {
-            memcpy( buf, aes_test_cfb128_pt, 64 );
-            aes_tests = aes_test_cfb128_ct[u];
-        }
-
-        ret = mbedtls_aes_crypt_cfb128( &ctx, mode, 64, &offset, iv, buf, buf );
-        if( ret != 0 )
-            goto exit;
-
-        if( memcmp( buf, aes_tests, 64 ) != 0 )
-        {
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    /*
-     * CTR mode
-     */
-    for( i = 0; i < 6; i++ )
-    {
-        u = i >> 1;
-        mode = i & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  AES-CTR-128 (%s): ",
-                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
-
-        memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
-        memcpy( key, aes_test_ctr_key[u], 16 );
-
-        offset = 0;
-        if( ( ret = mbedtls_aes_setkey_enc( &ctx, key, 128 ) ) != 0 )
-            goto exit;
-
-        len = aes_test_ctr_len[u];
-
-        if( mode == MBEDTLS_AES_DECRYPT )
-        {
-            memcpy( buf, aes_test_ctr_ct[u], len );
-            aes_tests = aes_test_ctr_pt[u];
-        }
-        else
-        {
-            memcpy( buf, aes_test_ctr_pt[u], len );
-            aes_tests = aes_test_ctr_ct[u];
-        }
-
-        ret = mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter,
-                                     stream_block, buf, buf );
-        if( ret != 0 )
-            goto exit;
-
-        if( memcmp( buf, aes_tests, len ) != 0 )
-        {
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-    ret = 0;
-
-exit:
-    if( ret != 0 && verbose != 0 )
-        mbedtls_printf( "failed\n" );
-
-    mbedtls_aes_free( &ctx );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_AES_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/aesni.c b/components/ssl/mbedtls/mbedtls/library/aesni.c
deleted file mode 100644
index 1ca3c3ef..00000000
--- a/components/ssl/mbedtls/mbedtls/library/aesni.c
+++ /dev/null
@@ -1,464 +0,0 @@
-/*
- *  AES-NI support functions
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- * [AES-WP] http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set
- * [CLMUL-WP] http://software.intel.com/en-us/articles/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode/
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_AESNI_C)
-
-#include "mbedtls/aesni.h"
-
-#include <string.h>
-
-#ifndef asm
-#define asm __asm
-#endif
-
-#if defined(MBEDTLS_HAVE_X86_64)
-
-/*
- * AES-NI support detection routine
- */
-int mbedtls_aesni_has_support( unsigned int what )
-{
-    static int done = 0;
-    static unsigned int c = 0;
-
-    if( ! done )
-    {
-        asm( "movl  $1, %%eax   \n\t"
-             "cpuid             \n\t"
-             : "=c" (c)
-             :
-             : "eax", "ebx", "edx" );
-        done = 1;
-    }
-
-    return( ( c & what ) != 0 );
-}
-
-/*
- * Binutils needs to be at least 2.19 to support AES-NI instructions.
- * Unfortunately, a lot of users have a lower version now (2014-04).
- * Emit bytecode directly in order to support "old" version of gas.
- *
- * Opcodes from the Intel architecture reference manual, vol. 3.
- * We always use registers, so we don't need prefixes for memory operands.
- * Operand macros are in gas order (src, dst) as opposed to Intel order
- * (dst, src) in order to blend better into the surrounding assembly code.
- */
-#define AESDEC      ".byte 0x66,0x0F,0x38,0xDE,"
-#define AESDECLAST  ".byte 0x66,0x0F,0x38,0xDF,"
-#define AESENC      ".byte 0x66,0x0F,0x38,0xDC,"
-#define AESENCLAST  ".byte 0x66,0x0F,0x38,0xDD,"
-#define AESIMC      ".byte 0x66,0x0F,0x38,0xDB,"
-#define AESKEYGENA  ".byte 0x66,0x0F,0x3A,0xDF,"
-#define PCLMULQDQ   ".byte 0x66,0x0F,0x3A,0x44,"
-
-#define xmm0_xmm0   "0xC0"
-#define xmm0_xmm1   "0xC8"
-#define xmm0_xmm2   "0xD0"
-#define xmm0_xmm3   "0xD8"
-#define xmm0_xmm4   "0xE0"
-#define xmm1_xmm0   "0xC1"
-#define xmm1_xmm2   "0xD1"
-
-/*
- * AES-NI AES-ECB block en(de)cryption
- */
-int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
-                     int mode,
-                     const unsigned char input[16],
-                     unsigned char output[16] )
-{
-    asm( "movdqu    (%3), %%xmm0    \n\t" // load input
-         "movdqu    (%1), %%xmm1    \n\t" // load round key 0
-         "pxor      %%xmm1, %%xmm0  \n\t" // round 0
-         "add       $16, %1         \n\t" // point to next round key
-         "subl      $1, %0          \n\t" // normal rounds = nr - 1
-         "test      %2, %2          \n\t" // mode?
-         "jz        2f              \n\t" // 0 = decrypt
-
-         "1:                        \n\t" // encryption loop
-         "movdqu    (%1), %%xmm1    \n\t" // load round key
-         AESENC     xmm1_xmm0      "\n\t" // do round
-         "add       $16, %1         \n\t" // point to next round key
-         "subl      $1, %0          \n\t" // loop
-         "jnz       1b              \n\t"
-         "movdqu    (%1), %%xmm1    \n\t" // load round key
-         AESENCLAST xmm1_xmm0      "\n\t" // last round
-         "jmp       3f              \n\t"
-
-         "2:                        \n\t" // decryption loop
-         "movdqu    (%1), %%xmm1    \n\t"
-         AESDEC     xmm1_xmm0      "\n\t" // do round
-         "add       $16, %1         \n\t"
-         "subl      $1, %0          \n\t"
-         "jnz       2b              \n\t"
-         "movdqu    (%1), %%xmm1    \n\t" // load round key
-         AESDECLAST xmm1_xmm0      "\n\t" // last round
-
-         "3:                        \n\t"
-         "movdqu    %%xmm0, (%4)    \n\t" // export output
-         :
-         : "r" (ctx->nr), "r" (ctx->rk), "r" (mode), "r" (input), "r" (output)
-         : "memory", "cc", "xmm0", "xmm1" );
-
-
-    return( 0 );
-}
-
-/*
- * GCM multiplication: c = a times b in GF(2^128)
- * Based on [CLMUL-WP] algorithms 1 (with equation 27) and 5.
- */
-void mbedtls_aesni_gcm_mult( unsigned char c[16],
-                     const unsigned char a[16],
-                     const unsigned char b[16] )
-{
-    unsigned char aa[16], bb[16], cc[16];
-    size_t i;
-
-    /* The inputs are in big-endian order, so byte-reverse them */
-    for( i = 0; i < 16; i++ )
-    {
-        aa[i] = a[15 - i];
-        bb[i] = b[15 - i];
-    }
-
-    asm( "movdqu (%0), %%xmm0               \n\t" // a1:a0
-         "movdqu (%1), %%xmm1               \n\t" // b1:b0
-
-         /*
-          * Caryless multiplication xmm2:xmm1 = xmm0 * xmm1
-          * using [CLMUL-WP] algorithm 1 (p. 13).
-          */
-         "movdqa %%xmm1, %%xmm2             \n\t" // copy of b1:b0
-         "movdqa %%xmm1, %%xmm3             \n\t" // same
-         "movdqa %%xmm1, %%xmm4             \n\t" // same
-         PCLMULQDQ xmm0_xmm1 ",0x00         \n\t" // a0*b0 = c1:c0
-         PCLMULQDQ xmm0_xmm2 ",0x11         \n\t" // a1*b1 = d1:d0
-         PCLMULQDQ xmm0_xmm3 ",0x10         \n\t" // a0*b1 = e1:e0
-         PCLMULQDQ xmm0_xmm4 ",0x01         \n\t" // a1*b0 = f1:f0
-         "pxor %%xmm3, %%xmm4               \n\t" // e1+f1:e0+f0
-         "movdqa %%xmm4, %%xmm3             \n\t" // same
-         "psrldq $8, %%xmm4                 \n\t" // 0:e1+f1
-         "pslldq $8, %%xmm3                 \n\t" // e0+f0:0
-         "pxor %%xmm4, %%xmm2               \n\t" // d1:d0+e1+f1
-         "pxor %%xmm3, %%xmm1               \n\t" // c1+e0+f1:c0
-
-         /*
-          * Now shift the result one bit to the left,
-          * taking advantage of [CLMUL-WP] eq 27 (p. 20)
-          */
-         "movdqa %%xmm1, %%xmm3             \n\t" // r1:r0
-         "movdqa %%xmm2, %%xmm4             \n\t" // r3:r2
-         "psllq $1, %%xmm1                  \n\t" // r1<<1:r0<<1
-         "psllq $1, %%xmm2                  \n\t" // r3<<1:r2<<1
-         "psrlq $63, %%xmm3                 \n\t" // r1>>63:r0>>63
-         "psrlq $63, %%xmm4                 \n\t" // r3>>63:r2>>63
-         "movdqa %%xmm3, %%xmm5             \n\t" // r1>>63:r0>>63
-         "pslldq $8, %%xmm3                 \n\t" // r0>>63:0
-         "pslldq $8, %%xmm4                 \n\t" // r2>>63:0
-         "psrldq $8, %%xmm5                 \n\t" // 0:r1>>63
-         "por %%xmm3, %%xmm1                \n\t" // r1<<1|r0>>63:r0<<1
-         "por %%xmm4, %%xmm2                \n\t" // r3<<1|r2>>62:r2<<1
-         "por %%xmm5, %%xmm2                \n\t" // r3<<1|r2>>62:r2<<1|r1>>63
-
-         /*
-          * Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1
-          * using [CLMUL-WP] algorithm 5 (p. 20).
-          * Currently xmm2:xmm1 holds x3:x2:x1:x0 (already shifted).
-          */
-         /* Step 2 (1) */
-         "movdqa %%xmm1, %%xmm3             \n\t" // x1:x0
-         "movdqa %%xmm1, %%xmm4             \n\t" // same
-         "movdqa %%xmm1, %%xmm5             \n\t" // same
-         "psllq $63, %%xmm3                 \n\t" // x1<<63:x0<<63 = stuff:a
-         "psllq $62, %%xmm4                 \n\t" // x1<<62:x0<<62 = stuff:b
-         "psllq $57, %%xmm5                 \n\t" // x1<<57:x0<<57 = stuff:c
-
-         /* Step 2 (2) */
-         "pxor %%xmm4, %%xmm3               \n\t" // stuff:a+b
-         "pxor %%xmm5, %%xmm3               \n\t" // stuff:a+b+c
-         "pslldq $8, %%xmm3                 \n\t" // a+b+c:0
-         "pxor %%xmm3, %%xmm1               \n\t" // x1+a+b+c:x0 = d:x0
-
-         /* Steps 3 and 4 */
-         "movdqa %%xmm1,%%xmm0              \n\t" // d:x0
-         "movdqa %%xmm1,%%xmm4              \n\t" // same
-         "movdqa %%xmm1,%%xmm5              \n\t" // same
-         "psrlq $1, %%xmm0                  \n\t" // e1:x0>>1 = e1:e0'
-         "psrlq $2, %%xmm4                  \n\t" // f1:x0>>2 = f1:f0'
-         "psrlq $7, %%xmm5                  \n\t" // g1:x0>>7 = g1:g0'
-         "pxor %%xmm4, %%xmm0               \n\t" // e1+f1:e0'+f0'
-         "pxor %%xmm5, %%xmm0               \n\t" // e1+f1+g1:e0'+f0'+g0'
-         // e0'+f0'+g0' is almost e0+f0+g0, ex\tcept for some missing
-         // bits carried from d. Now get those\t bits back in.
-         "movdqa %%xmm1,%%xmm3              \n\t" // d:x0
-         "movdqa %%xmm1,%%xmm4              \n\t" // same
-         "movdqa %%xmm1,%%xmm5              \n\t" // same
-         "psllq $63, %%xmm3                 \n\t" // d<<63:stuff
-         "psllq $62, %%xmm4                 \n\t" // d<<62:stuff
-         "psllq $57, %%xmm5                 \n\t" // d<<57:stuff
-         "pxor %%xmm4, %%xmm3               \n\t" // d<<63+d<<62:stuff
-         "pxor %%xmm5, %%xmm3               \n\t" // missing bits of d:stuff
-         "psrldq $8, %%xmm3                 \n\t" // 0:missing bits of d
-         "pxor %%xmm3, %%xmm0               \n\t" // e1+f1+g1:e0+f0+g0
-         "pxor %%xmm1, %%xmm0               \n\t" // h1:h0
-         "pxor %%xmm2, %%xmm0               \n\t" // x3+h1:x2+h0
-
-         "movdqu %%xmm0, (%2)               \n\t" // done
-         :
-         : "r" (aa), "r" (bb), "r" (cc)
-         : "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5" );
-
-    /* Now byte-reverse the outputs */
-    for( i = 0; i < 16; i++ )
-        c[i] = cc[15 - i];
-
-    return;
-}
-
-/*
- * Compute decryption round keys from encryption round keys
- */
-void mbedtls_aesni_inverse_key( unsigned char *invkey,
-                        const unsigned char *fwdkey, int nr )
-{
-    unsigned char *ik = invkey;
-    const unsigned char *fk = fwdkey + 16 * nr;
-
-    memcpy( ik, fk, 16 );
-
-    for( fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16 )
-        asm( "movdqu (%0), %%xmm0       \n\t"
-             AESIMC  xmm0_xmm0         "\n\t"
-             "movdqu %%xmm0, (%1)       \n\t"
-             :
-             : "r" (fk), "r" (ik)
-             : "memory", "xmm0" );
-
-    memcpy( ik, fk, 16 );
-}
-
-/*
- * Key expansion, 128-bit case
- */
-static void aesni_setkey_enc_128( unsigned char *rk,
-                                  const unsigned char *key )
-{
-    asm( "movdqu (%1), %%xmm0               \n\t" // copy the original key
-         "movdqu %%xmm0, (%0)               \n\t" // as round key 0
-         "jmp 2f                            \n\t" // skip auxiliary routine
-
-         /*
-          * Finish generating the next round key.
-          *
-          * On entry xmm0 is r3:r2:r1:r0 and xmm1 is X:stuff:stuff:stuff
-          * with X = rot( sub( r3 ) ) ^ RCON.
-          *
-          * On exit, xmm0 is r7:r6:r5:r4
-          * with r4 = X + r0, r5 = r4 + r1, r6 = r5 + r2, r7 = r6 + r3
-          * and those are written to the round key buffer.
-          */
-         "1:                                \n\t"
-         "pshufd $0xff, %%xmm1, %%xmm1      \n\t" // X:X:X:X
-         "pxor %%xmm0, %%xmm1               \n\t" // X+r3:X+r2:X+r1:r4
-         "pslldq $4, %%xmm0                 \n\t" // r2:r1:r0:0
-         "pxor %%xmm0, %%xmm1               \n\t" // X+r3+r2:X+r2+r1:r5:r4
-         "pslldq $4, %%xmm0                 \n\t" // etc
-         "pxor %%xmm0, %%xmm1               \n\t"
-         "pslldq $4, %%xmm0                 \n\t"
-         "pxor %%xmm1, %%xmm0               \n\t" // update xmm0 for next time!
-         "add $16, %0                       \n\t" // point to next round key
-         "movdqu %%xmm0, (%0)               \n\t" // write it
-         "ret                               \n\t"
-
-         /* Main "loop" */
-         "2:                                \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x01        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x02        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x04        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x08        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x10        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x20        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x40        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x80        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x1B        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x36        \n\tcall 1b \n\t"
-         :
-         : "r" (rk), "r" (key)
-         : "memory", "cc", "0" );
-}
-
-/*
- * Key expansion, 192-bit case
- */
-static void aesni_setkey_enc_192( unsigned char *rk,
-                                  const unsigned char *key )
-{
-    asm( "movdqu (%1), %%xmm0   \n\t" // copy original round key
-         "movdqu %%xmm0, (%0)   \n\t"
-         "add $16, %0           \n\t"
-         "movq 16(%1), %%xmm1   \n\t"
-         "movq %%xmm1, (%0)     \n\t"
-         "add $8, %0            \n\t"
-         "jmp 2f                \n\t" // skip auxiliary routine
-
-         /*
-          * Finish generating the next 6 quarter-keys.
-          *
-          * On entry xmm0 is r3:r2:r1:r0, xmm1 is stuff:stuff:r5:r4
-          * and xmm2 is stuff:stuff:X:stuff with X = rot( sub( r3 ) ) ^ RCON.
-          *
-          * On exit, xmm0 is r9:r8:r7:r6 and xmm1 is stuff:stuff:r11:r10
-          * and those are written to the round key buffer.
-          */
-         "1:                            \n\t"
-         "pshufd $0x55, %%xmm2, %%xmm2  \n\t" // X:X:X:X
-         "pxor %%xmm0, %%xmm2           \n\t" // X+r3:X+r2:X+r1:r4
-         "pslldq $4, %%xmm0             \n\t" // etc
-         "pxor %%xmm0, %%xmm2           \n\t"
-         "pslldq $4, %%xmm0             \n\t"
-         "pxor %%xmm0, %%xmm2           \n\t"
-         "pslldq $4, %%xmm0             \n\t"
-         "pxor %%xmm2, %%xmm0           \n\t" // update xmm0 = r9:r8:r7:r6
-         "movdqu %%xmm0, (%0)           \n\t"
-         "add $16, %0                   \n\t"
-         "pshufd $0xff, %%xmm0, %%xmm2  \n\t" // r9:r9:r9:r9
-         "pxor %%xmm1, %%xmm2           \n\t" // stuff:stuff:r9+r5:r10
-         "pslldq $4, %%xmm1             \n\t" // r2:r1:r0:0
-         "pxor %%xmm2, %%xmm1           \n\t" // xmm1 = stuff:stuff:r11:r10
-         "movq %%xmm1, (%0)             \n\t"
-         "add $8, %0                    \n\t"
-         "ret                           \n\t"
-
-         "2:                            \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x01    \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x02    \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x04    \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x08    \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x10    \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x20    \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x40    \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x80    \n\tcall 1b \n\t"
-
-         :
-         : "r" (rk), "r" (key)
-         : "memory", "cc", "0" );
-}
-
-/*
- * Key expansion, 256-bit case
- */
-static void aesni_setkey_enc_256( unsigned char *rk,
-                                  const unsigned char *key )
-{
-    asm( "movdqu (%1), %%xmm0           \n\t"
-         "movdqu %%xmm0, (%0)           \n\t"
-         "add $16, %0                   \n\t"
-         "movdqu 16(%1), %%xmm1         \n\t"
-         "movdqu %%xmm1, (%0)           \n\t"
-         "jmp 2f                        \n\t" // skip auxiliary routine
-
-         /*
-          * Finish generating the next two round keys.
-          *
-          * On entry xmm0 is r3:r2:r1:r0, xmm1 is r7:r6:r5:r4 and
-          * xmm2 is X:stuff:stuff:stuff with X = rot( sub( r7 )) ^ RCON
-          *
-          * On exit, xmm0 is r11:r10:r9:r8 and xmm1 is r15:r14:r13:r12
-          * and those have been written to the output buffer.
-          */
-         "1:                                \n\t"
-         "pshufd $0xff, %%xmm2, %%xmm2      \n\t"
-         "pxor %%xmm0, %%xmm2               \n\t"
-         "pslldq $4, %%xmm0                 \n\t"
-         "pxor %%xmm0, %%xmm2               \n\t"
-         "pslldq $4, %%xmm0                 \n\t"
-         "pxor %%xmm0, %%xmm2               \n\t"
-         "pslldq $4, %%xmm0                 \n\t"
-         "pxor %%xmm2, %%xmm0               \n\t"
-         "add $16, %0                       \n\t"
-         "movdqu %%xmm0, (%0)               \n\t"
-
-         /* Set xmm2 to stuff:Y:stuff:stuff with Y = subword( r11 )
-          * and proceed to generate next round key from there */
-         AESKEYGENA xmm0_xmm2 ",0x00        \n\t"
-         "pshufd $0xaa, %%xmm2, %%xmm2      \n\t"
-         "pxor %%xmm1, %%xmm2               \n\t"
-         "pslldq $4, %%xmm1                 \n\t"
-         "pxor %%xmm1, %%xmm2               \n\t"
-         "pslldq $4, %%xmm1                 \n\t"
-         "pxor %%xmm1, %%xmm2               \n\t"
-         "pslldq $4, %%xmm1                 \n\t"
-         "pxor %%xmm2, %%xmm1               \n\t"
-         "add $16, %0                       \n\t"
-         "movdqu %%xmm1, (%0)               \n\t"
-         "ret                               \n\t"
-
-         /*
-          * Main "loop" - Generating one more key than necessary,
-          * see definition of mbedtls_aes_context.buf
-          */
-         "2:                                \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x01        \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x02        \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x04        \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x08        \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x10        \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x20        \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x40        \n\tcall 1b \n\t"
-         :
-         : "r" (rk), "r" (key)
-         : "memory", "cc", "0" );
-}
-
-/*
- * Key expansion, wrapper
- */
-int mbedtls_aesni_setkey_enc( unsigned char *rk,
-                      const unsigned char *key,
-                      size_t bits )
-{
-    switch( bits )
-    {
-        case 128: aesni_setkey_enc_128( rk, key ); break;
-        case 192: aesni_setkey_enc_192( rk, key ); break;
-        case 256: aesni_setkey_enc_256( rk, key ); break;
-        default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
-    }
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_HAVE_X86_64 */
-
-#endif /* MBEDTLS_AESNI_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/arc4.c b/components/ssl/mbedtls/mbedtls/library/arc4.c
deleted file mode 100644
index 05b33d3f..00000000
--- a/components/ssl/mbedtls/mbedtls/library/arc4.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/*
- *  An implementation of the ARCFOUR algorithm
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  The ARCFOUR algorithm was publicly disclosed on 94/09.
- *
- *  http://groups.google.com/group/sci.crypt/msg/10a300c9d21afca0
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_ARC4_C)
-
-#include "mbedtls/arc4.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#if !defined(MBEDTLS_ARC4_ALT)
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
-void mbedtls_arc4_init( mbedtls_arc4_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_arc4_context ) );
-}
-
-void mbedtls_arc4_free( mbedtls_arc4_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_arc4_context ) );
-}
-
-/*
- * ARC4 key schedule
- */
-void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
-                 unsigned int keylen )
-{
-    int i, j, a;
-    unsigned int k;
-    unsigned char *m;
-
-    ctx->x = 0;
-    ctx->y = 0;
-    m = ctx->m;
-
-    for( i = 0; i < 256; i++ )
-        m[i] = (unsigned char) i;
-
-    j = k = 0;
-
-    for( i = 0; i < 256; i++, k++ )
-    {
-        if( k >= keylen ) k = 0;
-
-        a = m[i];
-        j = ( j + a + key[k] ) & 0xFF;
-        m[i] = m[j];
-        m[j] = (unsigned char) a;
-    }
-}
-
-/*
- * ARC4 cipher function
- */
-int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
-                unsigned char *output )
-{
-    int x, y, a, b;
-    size_t i;
-    unsigned char *m;
-
-    x = ctx->x;
-    y = ctx->y;
-    m = ctx->m;
-
-    for( i = 0; i < length; i++ )
-    {
-        x = ( x + 1 ) & 0xFF; a = m[x];
-        y = ( y + a ) & 0xFF; b = m[y];
-
-        m[x] = (unsigned char) b;
-        m[y] = (unsigned char) a;
-
-        output[i] = (unsigned char)
-            ( input[i] ^ m[(unsigned char)( a + b )] );
-    }
-
-    ctx->x = x;
-    ctx->y = y;
-
-    return( 0 );
-}
-
-#endif /* !MBEDTLS_ARC4_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * ARC4 tests vectors as posted by Eric Rescorla in sep. 1994:
- *
- * http://groups.google.com/group/comp.security.misc/msg/10a300c9d21afca0
- */
-static const unsigned char arc4_test_key[3][8] =
-{
-    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
-    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-};
-
-static const unsigned char arc4_test_pt[3][8] =
-{
-    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-};
-
-static const unsigned char arc4_test_ct[3][8] =
-{
-    { 0x75, 0xB7, 0x87, 0x80, 0x99, 0xE0, 0xC5, 0x96 },
-    { 0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79 },
-    { 0xDE, 0x18, 0x89, 0x41, 0xA3, 0x37, 0x5D, 0x3A }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_arc4_self_test( int verbose )
-{
-    int i, ret = 0;
-    unsigned char ibuf[8];
-    unsigned char obuf[8];
-    mbedtls_arc4_context ctx;
-
-    mbedtls_arc4_init( &ctx );
-
-    for( i = 0; i < 3; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  ARC4 test #%d: ", i + 1 );
-
-        memcpy( ibuf, arc4_test_pt[i], 8 );
-
-        mbedtls_arc4_setup( &ctx, arc4_test_key[i], 8 );
-        mbedtls_arc4_crypt( &ctx, 8, ibuf, obuf );
-
-        if( memcmp( obuf, arc4_test_ct[i], 8 ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-exit:
-    mbedtls_arc4_free( &ctx );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_ARC4_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/asn1parse.c b/components/ssl/mbedtls/mbedtls/library/asn1parse.c
deleted file mode 100644
index 4dd65c03..00000000
--- a/components/ssl/mbedtls/mbedtls/library/asn1parse.c
+++ /dev/null
@@ -1,393 +0,0 @@
-/*
- *  Generic ASN.1 parsing
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-
-#include "mbedtls/asn1.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_BIGNUM_C)
-#include "mbedtls/bignum.h"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc    calloc
-#define mbedtls_free       free
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
-/*
- * ASN.1 DER decoding routines
- */
-int mbedtls_asn1_get_len( unsigned char **p,
-                  const unsigned char *end,
-                  size_t *len )
-{
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-    if( ( **p & 0x80 ) == 0 )
-        *len = *(*p)++;
-    else
-    {
-        switch( **p & 0x7F )
-        {
-        case 1:
-            if( ( end - *p ) < 2 )
-                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-            *len = (*p)[1];
-            (*p) += 2;
-            break;
-
-        case 2:
-            if( ( end - *p ) < 3 )
-                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-            *len = ( (size_t)(*p)[1] << 8 ) | (*p)[2];
-            (*p) += 3;
-            break;
-
-        case 3:
-            if( ( end - *p ) < 4 )
-                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-            *len = ( (size_t)(*p)[1] << 16 ) |
-                   ( (size_t)(*p)[2] << 8  ) | (*p)[3];
-            (*p) += 4;
-            break;
-
-        case 4:
-            if( ( end - *p ) < 5 )
-                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-            *len = ( (size_t)(*p)[1] << 24 ) | ( (size_t)(*p)[2] << 16 ) |
-                   ( (size_t)(*p)[3] << 8  ) |           (*p)[4];
-            (*p) += 5;
-            break;
-
-        default:
-            return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-        }
-    }
-
-    if( *len > (size_t) ( end - *p ) )
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-    return( 0 );
-}
-
-int mbedtls_asn1_get_tag( unsigned char **p,
-                  const unsigned char *end,
-                  size_t *len, int tag )
-{
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-    if( **p != tag )
-        return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
-
-    (*p)++;
-
-    return( mbedtls_asn1_get_len( p, end, len ) );
-}
-
-int mbedtls_asn1_get_bool( unsigned char **p,
-                   const unsigned char *end,
-                   int *val )
-{
-    int ret;
-    size_t len;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_BOOLEAN ) ) != 0 )
-        return( ret );
-
-    if( len != 1 )
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-
-    *val = ( **p != 0 ) ? 1 : 0;
-    (*p)++;
-
-    return( 0 );
-}
-
-int mbedtls_asn1_get_int( unsigned char **p,
-                  const unsigned char *end,
-                  int *val )
-{
-    int ret;
-    size_t len;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
-        return( ret );
-
-    if( len == 0 || len > sizeof( int ) || ( **p & 0x80 ) != 0 )
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-
-    *val = 0;
-
-    while( len-- > 0 )
-    {
-        *val = ( *val << 8 ) | **p;
-        (*p)++;
-    }
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_BIGNUM_C)
-int mbedtls_asn1_get_mpi( unsigned char **p,
-                  const unsigned char *end,
-                  mbedtls_mpi *X )
-{
-    int ret;
-    size_t len;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
-        return( ret );
-
-    ret = mbedtls_mpi_read_binary( X, *p, len );
-
-    *p += len;
-
-    return( ret );
-}
-#endif /* MBEDTLS_BIGNUM_C */
-
-int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
-                        mbedtls_asn1_bitstring *bs)
-{
-    int ret;
-
-    /* Certificate type is a single byte bitstring */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
-        return( ret );
-
-    /* Check length, subtract one for actual bit string length */
-    if( bs->len < 1 )
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-    bs->len -= 1;
-
-    /* Get number of unused bits, ensure unused bits <= 7 */
-    bs->unused_bits = **p;
-    if( bs->unused_bits > 7 )
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-    (*p)++;
-
-    /* Get actual bitstring */
-    bs->p = *p;
-    *p += bs->len;
-
-    if( *p != end )
-        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-
-/*
- * Get a bit string without unused bits
- */
-int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
-                             size_t *len )
-{
-    int ret;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
-        return( ret );
-
-    if( (*len)-- < 2 || *(*p)++ != 0 )
-        return( MBEDTLS_ERR_ASN1_INVALID_DATA );
-
-    return( 0 );
-}
-
-
-
-/*
- *  Parses and splits an ASN.1 "SEQUENCE OF <tag>"
- */
-int mbedtls_asn1_get_sequence_of( unsigned char **p,
-                          const unsigned char *end,
-                          mbedtls_asn1_sequence *cur,
-                          int tag)
-{
-    int ret;
-    size_t len;
-    mbedtls_asn1_buf *buf;
-
-    /* Get main sequence tag */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( ret );
-
-    if( *p + len != end )
-        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    while( *p < end )
-    {
-        buf = &(cur->buf);
-        buf->tag = **p;
-
-        if( ( ret = mbedtls_asn1_get_tag( p, end, &buf->len, tag ) ) != 0 )
-            return( ret );
-
-        buf->p = *p;
-        *p += buf->len;
-
-        /* Allocate and assign next pointer */
-        if( *p < end )
-        {
-            cur->next = (mbedtls_asn1_sequence*)mbedtls_calloc( 1,
-                                            sizeof( mbedtls_asn1_sequence ) );
-
-            if( cur->next == NULL )
-                return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
-
-            cur = cur->next;
-        }
-    }
-
-    /* Set final sequence entry's next pointer to NULL */
-    cur->next = NULL;
-
-    if( *p != end )
-        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-
-int mbedtls_asn1_get_alg( unsigned char **p,
-                  const unsigned char *end,
-                  mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params )
-{
-    int ret;
-    size_t len;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( ret );
-
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-    alg->tag = **p;
-    end = *p + len;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &alg->len, MBEDTLS_ASN1_OID ) ) != 0 )
-        return( ret );
-
-    alg->p = *p;
-    *p += alg->len;
-
-    if( *p == end )
-    {
-        mbedtls_zeroize( params, sizeof(mbedtls_asn1_buf) );
-        return( 0 );
-    }
-
-    params->tag = **p;
-    (*p)++;
-
-    if( ( ret = mbedtls_asn1_get_len( p, end, &params->len ) ) != 0 )
-        return( ret );
-
-    params->p = *p;
-    *p += params->len;
-
-    if( *p != end )
-        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-
-int mbedtls_asn1_get_alg_null( unsigned char **p,
-                       const unsigned char *end,
-                       mbedtls_asn1_buf *alg )
-{
-    int ret;
-    mbedtls_asn1_buf params;
-
-    memset( &params, 0, sizeof(mbedtls_asn1_buf) );
-
-    if( ( ret = mbedtls_asn1_get_alg( p, end, alg, &params ) ) != 0 )
-        return( ret );
-
-    if( ( params.tag != MBEDTLS_ASN1_NULL && params.tag != 0 ) || params.len != 0 )
-        return( MBEDTLS_ERR_ASN1_INVALID_DATA );
-
-    return( 0 );
-}
-
-void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur )
-{
-    if( cur == NULL )
-        return;
-
-    mbedtls_free( cur->oid.p );
-    mbedtls_free( cur->val.p );
-
-    mbedtls_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
-}
-
-void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
-{
-    mbedtls_asn1_named_data *cur;
-
-    while( ( cur = *head ) != NULL )
-    {
-        *head = cur->next;
-        mbedtls_asn1_free_named_data( cur );
-        mbedtls_free( cur );
-    }
-}
-
-mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
-                                       const char *oid, size_t len )
-{
-    while( list != NULL )
-    {
-        if( list->oid.len == len &&
-            memcmp( list->oid.p, oid, len ) == 0 )
-        {
-            break;
-        }
-
-        list = list->next;
-    }
-
-    return( list );
-}
-
-#endif /* MBEDTLS_ASN1_PARSE_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/asn1write.c b/components/ssl/mbedtls/mbedtls/library/asn1write.c
deleted file mode 100644
index 69b61b20..00000000
--- a/components/ssl/mbedtls/mbedtls/library/asn1write.c
+++ /dev/null
@@ -1,390 +0,0 @@
-/*
- * ASN.1 buffer writing functionality
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_ASN1_WRITE_C)
-
-#include "mbedtls/asn1write.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc    calloc
-#define mbedtls_free       free
-#endif
-
-int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len )
-{
-    if( len < 0x80 )
-    {
-        if( *p - start < 1 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-        *--(*p) = (unsigned char) len;
-        return( 1 );
-    }
-
-    if( len <= 0xFF )
-    {
-        if( *p - start < 2 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-        *--(*p) = (unsigned char) len;
-        *--(*p) = 0x81;
-        return( 2 );
-    }
-
-    if( len <= 0xFFFF )
-    {
-        if( *p - start < 3 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-        *--(*p) = ( len       ) & 0xFF;
-        *--(*p) = ( len >>  8 ) & 0xFF;
-        *--(*p) = 0x82;
-        return( 3 );
-    }
-
-    if( len <= 0xFFFFFF )
-    {
-        if( *p - start < 4 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-        *--(*p) = ( len       ) & 0xFF;
-        *--(*p) = ( len >>  8 ) & 0xFF;
-        *--(*p) = ( len >> 16 ) & 0xFF;
-        *--(*p) = 0x83;
-        return( 4 );
-    }
-
-    if( len <= 0xFFFFFFFF )
-    {
-        if( *p - start < 5 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-        *--(*p) = ( len       ) & 0xFF;
-        *--(*p) = ( len >>  8 ) & 0xFF;
-        *--(*p) = ( len >> 16 ) & 0xFF;
-        *--(*p) = ( len >> 24 ) & 0xFF;
-        *--(*p) = 0x84;
-        return( 5 );
-    }
-
-    return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-}
-
-int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag )
-{
-    if( *p - start < 1 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    *--(*p) = tag;
-
-    return( 1 );
-}
-
-int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
-                           const unsigned char *buf, size_t size )
-{
-    size_t len = 0;
-
-    if( *p < start || (size_t)( *p - start ) < size )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    len = size;
-    (*p) -= len;
-    memcpy( *p, buf, len );
-
-    return( (int) len );
-}
-
-#if defined(MBEDTLS_BIGNUM_C)
-int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X )
-{
-    int ret;
-    size_t len = 0;
-
-    // Write the MPI
-    //
-    len = mbedtls_mpi_size( X );
-
-    if( *p < start || (size_t)( *p - start ) < len )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    (*p) -= len;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( X, *p, len ) );
-
-    // DER format assumes 2s complement for numbers, so the leftmost bit
-    // should be 0 for positive numbers and 1 for negative numbers.
-    //
-    if( X->s ==1 && **p & 0x80 )
-    {
-        if( *p - start < 1 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-        *--(*p) = 0x00;
-        len += 1;
-    }
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) );
-
-    ret = (int) len;
-
-cleanup:
-    return( ret );
-}
-#endif /* MBEDTLS_BIGNUM_C */
-
-int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start )
-{
-    int ret;
-    size_t len = 0;
-
-    // Write NULL
-    //
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, 0) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_NULL ) );
-
-    return( (int) len );
-}
-
-int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
-                    const char *oid, size_t oid_len )
-{
-    int ret;
-    size_t len = 0;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
-                                  (const unsigned char *) oid, oid_len ) );
-    MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OID ) );
-
-    return( (int) len );
-}
-
-int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
-                                     const char *oid, size_t oid_len,
-                                     size_t par_len )
-{
-    int ret;
-    size_t len = 0;
-
-    if( par_len == 0 )
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_null( p, start ) );
-    else
-        len += par_len;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
-                                       MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
-
-    return( (int) len );
-}
-
-int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean )
-{
-    int ret;
-    size_t len = 0;
-
-    if( *p - start < 1 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    *--(*p) = (boolean) ? 255 : 0;
-    len++;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BOOLEAN ) );
-
-    return( (int) len );
-}
-
-int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val )
-{
-    int ret;
-    size_t len = 0;
-
-    // TODO negative values and values larger than 128
-    // DER format assumes 2s complement for numbers, so the leftmost bit
-    // should be 0 for positive numbers and 1 for negative numbers.
-    //
-    if( *p - start < 1 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    len += 1;
-    *--(*p) = val;
-
-    if( val > 0 && **p & 0x80 )
-    {
-        if( *p - start < 1 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-        *--(*p) = 0x00;
-        len += 1;
-    }
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) );
-
-    return( (int) len );
-}
-
-int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start,
-                                 const char *text, size_t text_len )
-{
-    int ret;
-    size_t len = 0;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
-                  (const unsigned char *) text, text_len ) );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_PRINTABLE_STRING ) );
-
-    return( (int) len );
-}
-
-int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
-                           const char *text, size_t text_len )
-{
-    int ret;
-    size_t len = 0;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
-                  (const unsigned char *) text, text_len ) );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_IA5_STRING ) );
-
-    return( (int) len );
-}
-
-int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
-                          const unsigned char *buf, size_t bits )
-{
-    int ret;
-    size_t len = 0, size;
-
-    size = ( bits / 8 ) + ( ( bits % 8 ) ? 1 : 0 );
-
-    // Calculate byte length
-    //
-    if( *p < start || (size_t)( *p - start ) < size + 1 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    len = size + 1;
-    (*p) -= size;
-    memcpy( *p, buf, size );
-
-    // Write unused bits
-    //
-    *--(*p) = (unsigned char) (size * 8 - bits);
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) );
-
-    return( (int) len );
-}
-
-int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
-                             const unsigned char *buf, size_t size )
-{
-    int ret;
-    size_t len = 0;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, buf, size ) );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OCTET_STRING ) );
-
-    return( (int) len );
-}
-
-mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **head,
-                                        const char *oid, size_t oid_len,
-                                        const unsigned char *val,
-                                        size_t val_len )
-{
-    mbedtls_asn1_named_data *cur;
-
-    if( ( cur = mbedtls_asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
-    {
-        // Add new entry if not present yet based on OID
-        //
-        cur = (mbedtls_asn1_named_data*)mbedtls_calloc( 1,
-                                            sizeof(mbedtls_asn1_named_data) );
-        if( cur == NULL )
-            return( NULL );
-
-        cur->oid.len = oid_len;
-        cur->oid.p = mbedtls_calloc( 1, oid_len );
-        if( cur->oid.p == NULL )
-        {
-            mbedtls_free( cur );
-            return( NULL );
-        }
-
-        memcpy( cur->oid.p, oid, oid_len );
-
-        cur->val.len = val_len;
-        cur->val.p = mbedtls_calloc( 1, val_len );
-        if( cur->val.p == NULL )
-        {
-            mbedtls_free( cur->oid.p );
-            mbedtls_free( cur );
-            return( NULL );
-        }
-
-        cur->next = *head;
-        *head = cur;
-    }
-    else if( cur->val.len < val_len )
-    {
-        /*
-         * Enlarge existing value buffer if needed
-         * Preserve old data until the allocation succeeded, to leave list in
-         * a consistent state in case allocation fails.
-         */
-        void *p = mbedtls_calloc( 1, val_len );
-        if( p == NULL )
-            return( NULL );
-
-        mbedtls_free( cur->val.p );
-        cur->val.p = p;
-        cur->val.len = val_len;
-    }
-
-    if( val != NULL )
-        memcpy( cur->val.p, val, val_len );
-
-    return( cur );
-}
-#endif /* MBEDTLS_ASN1_WRITE_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/base64.c b/components/ssl/mbedtls/mbedtls/library/base64.c
deleted file mode 100644
index f06b57b3..00000000
--- a/components/ssl/mbedtls/mbedtls/library/base64.c
+++ /dev/null
@@ -1,293 +0,0 @@
-/*
- *  RFC 1521 base64 encoding/decoding
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_BASE64_C)
-
-#include "mbedtls/base64.h"
-
-#include <stdint.h>
-
-#if defined(MBEDTLS_SELF_TEST)
-#include <string.h>
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-static const unsigned char base64_enc_map[64] =
-{
-    'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
-    'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
-    'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd',
-    'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
-    'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
-    'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7',
-    '8', '9', '+', '/'
-};
-
-static const unsigned char base64_dec_map[128] =
-{
-    127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
-    127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
-    127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
-    127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
-    127, 127, 127,  62, 127, 127, 127,  63,  52,  53,
-     54,  55,  56,  57,  58,  59,  60,  61, 127, 127,
-    127,  64, 127, 127, 127,   0,   1,   2,   3,   4,
-      5,   6,   7,   8,   9,  10,  11,  12,  13,  14,
-     15,  16,  17,  18,  19,  20,  21,  22,  23,  24,
-     25, 127, 127, 127, 127, 127, 127,  26,  27,  28,
-     29,  30,  31,  32,  33,  34,  35,  36,  37,  38,
-     39,  40,  41,  42,  43,  44,  45,  46,  47,  48,
-     49,  50,  51, 127, 127, 127, 127, 127
-};
-
-#define BASE64_SIZE_T_MAX   ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
-
-/*
- * Encode a buffer into base64 format
- */
-int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
-                   const unsigned char *src, size_t slen )
-{
-    size_t i, n;
-    int C1, C2, C3;
-    unsigned char *p;
-
-    if( slen == 0 )
-    {
-        *olen = 0;
-        return( 0 );
-    }
-
-    n = slen / 3 + ( slen % 3 != 0 );
-
-    if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 )
-    {
-        *olen = BASE64_SIZE_T_MAX;
-        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
-    }
-
-    n *= 4;
-
-    if( ( dlen < n + 1 ) || ( NULL == dst ) )
-    {
-        *olen = n + 1;
-        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
-    }
-
-    n = ( slen / 3 ) * 3;
-
-    for( i = 0, p = dst; i < n; i += 3 )
-    {
-        C1 = *src++;
-        C2 = *src++;
-        C3 = *src++;
-
-        *p++ = base64_enc_map[(C1 >> 2) & 0x3F];
-        *p++ = base64_enc_map[(((C1 &  3) << 4) + (C2 >> 4)) & 0x3F];
-        *p++ = base64_enc_map[(((C2 & 15) << 2) + (C3 >> 6)) & 0x3F];
-        *p++ = base64_enc_map[C3 & 0x3F];
-    }
-
-    if( i < slen )
-    {
-        C1 = *src++;
-        C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
-
-        *p++ = base64_enc_map[(C1 >> 2) & 0x3F];
-        *p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
-
-        if( ( i + 1 ) < slen )
-             *p++ = base64_enc_map[((C2 & 15) << 2) & 0x3F];
-        else *p++ = '=';
-
-        *p++ = '=';
-    }
-
-    *olen = p - dst;
-    *p = 0;
-
-    return( 0 );
-}
-
-/*
- * Decode a base64-formatted buffer
- */
-int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
-                   const unsigned char *src, size_t slen )
-{
-    size_t i, n;
-    uint32_t j, x;
-    unsigned char *p;
-
-    /* First pass: check for validity and get output length */
-    for( i = n = j = 0; i < slen; i++ )
-    {
-        /* Skip spaces before checking for EOL */
-        x = 0;
-        while( i < slen && src[i] == ' ' )
-        {
-            ++i;
-            ++x;
-        }
-
-        /* Spaces at end of buffer are OK */
-        if( i == slen )
-            break;
-
-        if( ( slen - i ) >= 2 &&
-            src[i] == '\r' && src[i + 1] == '\n' )
-            continue;
-
-        if( src[i] == '\n' )
-            continue;
-
-        /* Space inside a line is an error */
-        if( x != 0 )
-            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-
-        if( src[i] == '=' && ++j > 2 )
-            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-
-        if( src[i] > 127 || base64_dec_map[src[i]] == 127 )
-            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-
-        if( base64_dec_map[src[i]] < 64 && j != 0 )
-            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-
-        n++;
-    }
-
-    if( n == 0 )
-    {
-        *olen = 0;
-        return( 0 );
-    }
-
-    /* The following expression is to calculate the following formula without
-     * risk of integer overflow in n:
-     *     n = ( ( n * 6 ) + 7 ) >> 3;
-     */
-    n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 );
-    n -= j;
-
-    if( dst == NULL || dlen < n )
-    {
-        *olen = n;
-        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
-    }
-
-   for( j = 3, n = x = 0, p = dst; i > 0; i--, src++ )
-   {
-        if( *src == '\r' || *src == '\n' || *src == ' ' )
-            continue;
-
-        j -= ( base64_dec_map[*src] == 64 );
-        x  = ( x << 6 ) | ( base64_dec_map[*src] & 0x3F );
-
-        if( ++n == 4 )
-        {
-            n = 0;
-            if( j > 0 ) *p++ = (unsigned char)( x >> 16 );
-            if( j > 1 ) *p++ = (unsigned char)( x >>  8 );
-            if( j > 2 ) *p++ = (unsigned char)( x       );
-        }
-    }
-
-    *olen = p - dst;
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_SELF_TEST)
-
-static const unsigned char base64_test_dec[64] =
-{
-    0x24, 0x48, 0x6E, 0x56, 0x87, 0x62, 0x5A, 0xBD,
-    0xBF, 0x17, 0xD9, 0xA2, 0xC4, 0x17, 0x1A, 0x01,
-    0x94, 0xED, 0x8F, 0x1E, 0x11, 0xB3, 0xD7, 0x09,
-    0x0C, 0xB6, 0xE9, 0x10, 0x6F, 0x22, 0xEE, 0x13,
-    0xCA, 0xB3, 0x07, 0x05, 0x76, 0xC9, 0xFA, 0x31,
-    0x6C, 0x08, 0x34, 0xFF, 0x8D, 0xC2, 0x6C, 0x38,
-    0x00, 0x43, 0xE9, 0x54, 0x97, 0xAF, 0x50, 0x4B,
-    0xD1, 0x41, 0xBA, 0x95, 0x31, 0x5A, 0x0B, 0x97
-};
-
-static const unsigned char base64_test_enc[] =
-    "JEhuVodiWr2/F9mixBcaAZTtjx4Rs9cJDLbpEG8i7hPK"
-    "swcFdsn6MWwINP+Nwmw4AEPpVJevUEvRQbqVMVoLlw==";
-
-/*
- * Checkup routine
- */
-int mbedtls_base64_self_test( int verbose )
-{
-    size_t len;
-    const unsigned char *src;
-    unsigned char buffer[128];
-
-    if( verbose != 0 )
-        mbedtls_printf( "  Base64 encoding test: " );
-
-    src = base64_test_dec;
-
-    if( mbedtls_base64_encode( buffer, sizeof( buffer ), &len, src, 64 ) != 0 ||
-         memcmp( base64_test_enc, buffer, 88 ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n  Base64 decoding test: " );
-
-    src = base64_test_enc;
-
-    if( mbedtls_base64_decode( buffer, sizeof( buffer ), &len, src, 88 ) != 0 ||
-         memcmp( base64_test_dec, buffer, 64 ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n\n" );
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_BASE64_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/bignum.c b/components/ssl/mbedtls/mbedtls/library/bignum.c
deleted file mode 100644
index 9f13da44..00000000
--- a/components/ssl/mbedtls/mbedtls/library/bignum.c
+++ /dev/null
@@ -1,2457 +0,0 @@
-/*
- *  Multi-precision integer library
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- *  The following sources were referenced in the design of this Multi-precision
- *  Integer library:
- *
- *  [1] Handbook of Applied Cryptography - 1997
- *      Menezes, van Oorschot and Vanstone
- *
- *  [2] Multi-Precision Math
- *      Tom St Denis
- *      https://github.com/libtom/libtommath/blob/develop/tommath.pdf
- *
- *  [3] GNU Multi-Precision Arithmetic Library
- *      https://gmplib.org/manual/index.html
- *
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-#include "mbedtls/bignum.h"
-#include "mbedtls/bn_mul.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#include <stdlib.h>
-#define mbedtls_printf     printf
-#define mbedtls_calloc    calloc
-#define mbedtls_free       free
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) {
-    volatile mbedtls_mpi_uint *p = v; while( n-- ) *p++ = 0;
-}
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-#define ciL    (sizeof(mbedtls_mpi_uint))         /* chars in limb  */
-#define biL    (ciL << 3)               /* bits  in limb  */
-#define biH    (ciL << 2)               /* half limb size */
-
-#define MPI_SIZE_T_MAX  ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
-
-/*
- * Convert between bits/chars and number of limbs
- * Divide first in order to avoid potential overflows
- */
-#define BITS_TO_LIMBS(i)  ( (i) / biL + ( (i) % biL != 0 ) )
-#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
-
-/*
- * Initialize one MPI
- */
-void mbedtls_mpi_init( mbedtls_mpi *X )
-{
-    if( X == NULL )
-        return;
-
-    X->s = 1;
-    X->n = 0;
-    X->p = NULL;
-}
-
-/*
- * Unallocate one MPI
- */
-void mbedtls_mpi_free( mbedtls_mpi *X )
-{
-    if( X == NULL )
-        return;
-
-    if( X->p != NULL )
-    {
-        mbedtls_mpi_zeroize( X->p, X->n );
-        mbedtls_free( X->p );
-    }
-
-    X->s = 1;
-    X->n = 0;
-    X->p = NULL;
-}
-
-/*
- * Enlarge to the specified number of limbs
- */
-int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs )
-{
-    mbedtls_mpi_uint *p;
-
-    if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-
-    if( X->n < nblimbs )
-    {
-        if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( nblimbs, ciL ) ) == NULL )
-            return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-
-        if( X->p != NULL )
-        {
-            memcpy( p, X->p, X->n * ciL );
-            mbedtls_mpi_zeroize( X->p, X->n );
-            mbedtls_free( X->p );
-        }
-
-        X->n = nblimbs;
-        X->p = p;
-    }
-
-    return( 0 );
-}
-
-/*
- * Resize down as much as possible,
- * while keeping at least the specified number of limbs
- */
-int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs )
-{
-    mbedtls_mpi_uint *p;
-    size_t i;
-
-    /* Actually resize up in this case */
-    if( X->n <= nblimbs )
-        return( mbedtls_mpi_grow( X, nblimbs ) );
-
-    for( i = X->n - 1; i > 0; i-- )
-        if( X->p[i] != 0 )
-            break;
-    i++;
-
-    if( i < nblimbs )
-        i = nblimbs;
-
-    if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( i, ciL ) ) == NULL )
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-
-    if( X->p != NULL )
-    {
-        memcpy( p, X->p, i * ciL );
-        mbedtls_mpi_zeroize( X->p, X->n );
-        mbedtls_free( X->p );
-    }
-
-    X->n = i;
-    X->p = p;
-
-    return( 0 );
-}
-
-/*
- * Copy the contents of Y into X
- */
-int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
-{
-    int ret;
-    size_t i;
-
-    if( X == Y )
-        return( 0 );
-
-    if( Y->p == NULL )
-    {
-        mbedtls_mpi_free( X );
-        return( 0 );
-    }
-
-    for( i = Y->n - 1; i > 0; i-- )
-        if( Y->p[i] != 0 )
-            break;
-    i++;
-
-    X->s = Y->s;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) );
-
-    memset( X->p, 0, X->n * ciL );
-    memcpy( X->p, Y->p, i * ciL );
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Swap the contents of X and Y
- */
-void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
-{
-    mbedtls_mpi T;
-
-    memcpy( &T,  X, sizeof( mbedtls_mpi ) );
-    memcpy(  X,  Y, sizeof( mbedtls_mpi ) );
-    memcpy(  Y, &T, sizeof( mbedtls_mpi ) );
-}
-
-/*
- * Conditionally assign X = Y, without leaking information
- * about whether the assignment was made or not.
- * (Leaking information about the respective sizes of X and Y is ok however.)
- */
-int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign )
-{
-    int ret = 0;
-    size_t i;
-
-    /* make sure assign is 0 or 1 in a time-constant manner */
-    assign = (assign | (unsigned char)-assign) >> 7;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
-
-    X->s = X->s * ( 1 - assign ) + Y->s * assign;
-
-    for( i = 0; i < Y->n; i++ )
-        X->p[i] = X->p[i] * ( 1 - assign ) + Y->p[i] * assign;
-
-    for( ; i < X->n; i++ )
-        X->p[i] *= ( 1 - assign );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Conditionally swap X and Y, without leaking information
- * about whether the swap was made or not.
- * Here it is not ok to simply swap the pointers, which whould lead to
- * different memory access patterns when X and Y are used afterwards.
- */
-int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap )
-{
-    int ret, s;
-    size_t i;
-    mbedtls_mpi_uint tmp;
-
-    if( X == Y )
-        return( 0 );
-
-    /* make sure swap is 0 or 1 in a time-constant manner */
-    swap = (swap | (unsigned char)-swap) >> 7;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( Y, X->n ) );
-
-    s = X->s;
-    X->s = X->s * ( 1 - swap ) + Y->s * swap;
-    Y->s = Y->s * ( 1 - swap ) +    s * swap;
-
-
-    for( i = 0; i < X->n; i++ )
-    {
-        tmp = X->p[i];
-        X->p[i] = X->p[i] * ( 1 - swap ) + Y->p[i] * swap;
-        Y->p[i] = Y->p[i] * ( 1 - swap ) +     tmp * swap;
-    }
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Set value from integer
- */
-int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z )
-{
-    int ret;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) );
-    memset( X->p, 0, X->n * ciL );
-
-    X->p[0] = ( z < 0 ) ? -z : z;
-    X->s    = ( z < 0 ) ? -1 : 1;
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Get a specific bit
- */
-int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos )
-{
-    if( X->n * biL <= pos )
-        return( 0 );
-
-    return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 );
-}
-
-/*
- * Set a bit to a specific value of 0 or 1
- */
-int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val )
-{
-    int ret = 0;
-    size_t off = pos / biL;
-    size_t idx = pos % biL;
-
-    if( val != 0 && val != 1 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    if( X->n * biL <= pos )
-    {
-        if( val == 0 )
-            return( 0 );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, off + 1 ) );
-    }
-
-    X->p[off] &= ~( (mbedtls_mpi_uint) 0x01 << idx );
-    X->p[off] |= (mbedtls_mpi_uint) val << idx;
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Return the number of less significant zero-bits
- */
-size_t mbedtls_mpi_lsb( const mbedtls_mpi *X )
-{
-    size_t i, j, count = 0;
-
-    for( i = 0; i < X->n; i++ )
-        for( j = 0; j < biL; j++, count++ )
-            if( ( ( X->p[i] >> j ) & 1 ) != 0 )
-                return( count );
-
-    return( 0 );
-}
-
-/*
- * Count leading zero bits in a given integer
- */
-static size_t mbedtls_clz( const mbedtls_mpi_uint x )
-{
-    size_t j;
-    mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1);
-
-    for( j = 0; j < biL; j++ )
-    {
-        if( x & mask ) break;
-
-        mask >>= 1;
-    }
-
-    return j;
-}
-
-/*
- * Return the number of bits
- */
-size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X )
-{
-    size_t i, j;
-
-    if( X->n == 0 )
-        return( 0 );
-
-    for( i = X->n - 1; i > 0; i-- )
-        if( X->p[i] != 0 )
-            break;
-
-    j = biL - mbedtls_clz( X->p[i] );
-
-    return( ( i * biL ) + j );
-}
-
-/*
- * Return the total size in bytes
- */
-size_t mbedtls_mpi_size( const mbedtls_mpi *X )
-{
-    return( ( mbedtls_mpi_bitlen( X ) + 7 ) >> 3 );
-}
-
-/*
- * Convert an ASCII character to digit value
- */
-static int mpi_get_digit( mbedtls_mpi_uint *d, int radix, char c )
-{
-    *d = 255;
-
-    if( c >= 0x30 && c <= 0x39 ) *d = c - 0x30;
-    if( c >= 0x41 && c <= 0x46 ) *d = c - 0x37;
-    if( c >= 0x61 && c <= 0x66 ) *d = c - 0x57;
-
-    if( *d >= (mbedtls_mpi_uint) radix )
-        return( MBEDTLS_ERR_MPI_INVALID_CHARACTER );
-
-    return( 0 );
-}
-
-/*
- * Import from an ASCII string
- */
-int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
-{
-    int ret;
-    size_t i, j, slen, n;
-    mbedtls_mpi_uint d;
-    mbedtls_mpi T;
-
-    if( radix < 2 || radix > 16 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    mbedtls_mpi_init( &T );
-
-    slen = strlen( s );
-
-    if( radix == 16 )
-    {
-        if( slen > MPI_SIZE_T_MAX >> 2 )
-            return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-        n = BITS_TO_LIMBS( slen << 2 );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
-
-        for( i = slen, j = 0; i > 0; i--, j++ )
-        {
-            if( i == 1 && s[i - 1] == '-' )
-            {
-                X->s = -1;
-                break;
-            }
-
-            MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) );
-            X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 );
-        }
-    }
-    else
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
-
-        for( i = 0; i < slen; i++ )
-        {
-            if( i == 0 && s[i] == '-' )
-            {
-                X->s = -1;
-                continue;
-            }
-
-            MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) );
-
-            if( X->s == 1 )
-            {
-                MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
-            }
-            else
-            {
-                MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( X, &T, d ) );
-            }
-        }
-    }
-
-cleanup:
-
-    mbedtls_mpi_free( &T );
-
-    return( ret );
-}
-
-/*
- * Helper to write the digits high-order first
- */
-static int mpi_write_hlp( mbedtls_mpi *X, int radix, char **p )
-{
-    int ret;
-    mbedtls_mpi_uint r;
-
-    if( radix < 2 || radix > 16 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) );
-
-    if( mbedtls_mpi_cmp_int( X, 0 ) != 0 )
-        MBEDTLS_MPI_CHK( mpi_write_hlp( X, radix, p ) );
-
-    if( r < 10 )
-        *(*p)++ = (char)( r + 0x30 );
-    else
-        *(*p)++ = (char)( r + 0x37 );
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Export into an ASCII string
- */
-int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
-                              char *buf, size_t buflen, size_t *olen )
-{
-    int ret = 0;
-    size_t n;
-    char *p;
-    mbedtls_mpi T;
-
-    if( radix < 2 || radix > 16 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    n = mbedtls_mpi_bitlen( X );
-    if( radix >=  4 ) n >>= 1;
-    if( radix >= 16 ) n >>= 1;
-    /*
-     * Round up the buffer length to an even value to ensure that there is
-     * enough room for hexadecimal values that can be represented in an odd
-     * number of digits.
-     */
-    n += 3 + ( ( n + 1 ) & 1 );
-
-    if( buflen < n )
-    {
-        *olen = n;
-        return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
-    }
-
-    p = buf;
-    mbedtls_mpi_init( &T );
-
-    if( X->s == -1 )
-        *p++ = '-';
-
-    if( radix == 16 )
-    {
-        int c;
-        size_t i, j, k;
-
-        for( i = X->n, k = 0; i > 0; i-- )
-        {
-            for( j = ciL; j > 0; j-- )
-            {
-                c = ( X->p[i - 1] >> ( ( j - 1 ) << 3) ) & 0xFF;
-
-                if( c == 0 && k == 0 && ( i + j ) != 2 )
-                    continue;
-
-                *(p++) = "0123456789ABCDEF" [c / 16];
-                *(p++) = "0123456789ABCDEF" [c % 16];
-                k = 1;
-            }
-        }
-    }
-    else
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T, X ) );
-
-        if( T.s == -1 )
-            T.s = 1;
-
-        MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p ) );
-    }
-
-    *p++ = '\0';
-    *olen = p - buf;
-
-cleanup:
-
-    mbedtls_mpi_free( &T );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_FS_IO)
-/*
- * Read X from an opened file
- */
-int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin )
-{
-    mbedtls_mpi_uint d;
-    size_t slen;
-    char *p;
-    /*
-     * Buffer should have space for (short) label and decimal formatted MPI,
-     * newline characters and '\0'
-     */
-    char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
-
-    memset( s, 0, sizeof( s ) );
-    if( fgets( s, sizeof( s ) - 1, fin ) == NULL )
-        return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
-
-    slen = strlen( s );
-    if( slen == sizeof( s ) - 2 )
-        return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
-
-    if( slen > 0 && s[slen - 1] == '\n' ) { slen--; s[slen] = '\0'; }
-    if( slen > 0 && s[slen - 1] == '\r' ) { slen--; s[slen] = '\0'; }
-
-    p = s + slen;
-    while( p-- > s )
-        if( mpi_get_digit( &d, radix, *p ) != 0 )
-            break;
-
-    return( mbedtls_mpi_read_string( X, radix, p + 1 ) );
-}
-
-/*
- * Write X into an opened file (or stdout if fout == NULL)
- */
-int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout )
-{
-    int ret;
-    size_t n, slen, plen;
-    /*
-     * Buffer should have space for (short) label and decimal formatted MPI,
-     * newline characters and '\0'
-     */
-    char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
-
-    memset( s, 0, sizeof( s ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_string( X, radix, s, sizeof( s ) - 2, &n ) );
-
-    if( p == NULL ) p = "";
-
-    plen = strlen( p );
-    slen = strlen( s );
-    s[slen++] = '\r';
-    s[slen++] = '\n';
-
-    if( fout != NULL )
-    {
-        if( fwrite( p, 1, plen, fout ) != plen ||
-            fwrite( s, 1, slen, fout ) != slen )
-            return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
-    }
-    else
-        mbedtls_printf( "%s%s", p, s );
-
-cleanup:
-
-    return( ret );
-}
-#endif /* MBEDTLS_FS_IO */
-
-/*
- * Import X from unsigned binary data, big endian
- */
-int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen )
-{
-    int ret;
-    size_t i, j;
-    size_t const limbs = CHARS_TO_LIMBS( buflen );
-
-    /* Ensure that target MPI has exactly the necessary number of limbs */
-    if( X->n != limbs )
-    {
-        mbedtls_mpi_free( X );
-        mbedtls_mpi_init( X );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) );
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
-
-    for( i = buflen, j = 0; i > 0; i--, j++ )
-        X->p[j / ciL] |= ((mbedtls_mpi_uint) buf[i - 1]) << ((j % ciL) << 3);
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Export X into unsigned binary data, big endian
- */
-int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen )
-{
-    size_t i, j, n;
-
-    n = mbedtls_mpi_size( X );
-
-    if( buflen < n )
-        return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
-
-    memset( buf, 0, buflen );
-
-    for( i = buflen - 1, j = 0; n > 0; i--, j++, n-- )
-        buf[i] = (unsigned char)( X->p[j / ciL] >> ((j % ciL) << 3) );
-
-    return( 0 );
-}
-
-/*
- * Left-shift: X <<= count
- */
-int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count )
-{
-    int ret;
-    size_t i, v0, t1;
-    mbedtls_mpi_uint r0 = 0, r1;
-
-    v0 = count / (biL    );
-    t1 = count & (biL - 1);
-
-    i = mbedtls_mpi_bitlen( X ) + count;
-
-    if( X->n * biL < i )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, BITS_TO_LIMBS( i ) ) );
-
-    ret = 0;
-
-    /*
-     * shift by count / limb_size
-     */
-    if( v0 > 0 )
-    {
-        for( i = X->n; i > v0; i-- )
-            X->p[i - 1] = X->p[i - v0 - 1];
-
-        for( ; i > 0; i-- )
-            X->p[i - 1] = 0;
-    }
-
-    /*
-     * shift by count % limb_size
-     */
-    if( t1 > 0 )
-    {
-        for( i = v0; i < X->n; i++ )
-        {
-            r1 = X->p[i] >> (biL - t1);
-            X->p[i] <<= t1;
-            X->p[i] |= r0;
-            r0 = r1;
-        }
-    }
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Right-shift: X >>= count
- */
-int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count )
-{
-    size_t i, v0, v1;
-    mbedtls_mpi_uint r0 = 0, r1;
-
-    v0 = count /  biL;
-    v1 = count & (biL - 1);
-
-    if( v0 > X->n || ( v0 == X->n && v1 > 0 ) )
-        return mbedtls_mpi_lset( X, 0 );
-
-    /*
-     * shift by count / limb_size
-     */
-    if( v0 > 0 )
-    {
-        for( i = 0; i < X->n - v0; i++ )
-            X->p[i] = X->p[i + v0];
-
-        for( ; i < X->n; i++ )
-            X->p[i] = 0;
-    }
-
-    /*
-     * shift by count % limb_size
-     */
-    if( v1 > 0 )
-    {
-        for( i = X->n; i > 0; i-- )
-        {
-            r1 = X->p[i - 1] << (biL - v1);
-            X->p[i - 1] >>= v1;
-            X->p[i - 1] |= r0;
-            r0 = r1;
-        }
-    }
-
-    return( 0 );
-}
-
-/*
- * Compare unsigned values
- */
-int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y )
-{
-    size_t i, j;
-
-    for( i = X->n; i > 0; i-- )
-        if( X->p[i - 1] != 0 )
-            break;
-
-    for( j = Y->n; j > 0; j-- )
-        if( Y->p[j - 1] != 0 )
-            break;
-
-    if( i == 0 && j == 0 )
-        return( 0 );
-
-    if( i > j ) return(  1 );
-    if( j > i ) return( -1 );
-
-    for( ; i > 0; i-- )
-    {
-        if( X->p[i - 1] > Y->p[i - 1] ) return(  1 );
-        if( X->p[i - 1] < Y->p[i - 1] ) return( -1 );
-    }
-
-    return( 0 );
-}
-
-/*
- * Compare signed values
- */
-int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y )
-{
-    size_t i, j;
-
-    for( i = X->n; i > 0; i-- )
-        if( X->p[i - 1] != 0 )
-            break;
-
-    for( j = Y->n; j > 0; j-- )
-        if( Y->p[j - 1] != 0 )
-            break;
-
-    if( i == 0 && j == 0 )
-        return( 0 );
-
-    if( i > j ) return(  X->s );
-    if( j > i ) return( -Y->s );
-
-    if( X->s > 0 && Y->s < 0 ) return(  1 );
-    if( Y->s > 0 && X->s < 0 ) return( -1 );
-
-    for( ; i > 0; i-- )
-    {
-        if( X->p[i - 1] > Y->p[i - 1] ) return(  X->s );
-        if( X->p[i - 1] < Y->p[i - 1] ) return( -X->s );
-    }
-
-    return( 0 );
-}
-
-/*
- * Compare signed values
- */
-int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z )
-{
-    mbedtls_mpi Y;
-    mbedtls_mpi_uint p[1];
-
-    *p  = ( z < 0 ) ? -z : z;
-    Y.s = ( z < 0 ) ? -1 : 1;
-    Y.n = 1;
-    Y.p = p;
-
-    return( mbedtls_mpi_cmp_mpi( X, &Y ) );
-}
-
-/*
- * Unsigned addition: X = |A| + |B|  (HAC 14.7)
- */
-int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
-    int ret;
-    size_t i, j;
-    mbedtls_mpi_uint *o, *p, c, tmp;
-
-    if( X == B )
-    {
-        const mbedtls_mpi *T = A; A = X; B = T;
-    }
-
-    if( X != A )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
-
-    /*
-     * X should always be positive as a result of unsigned additions.
-     */
-    X->s = 1;
-
-    for( j = B->n; j > 0; j-- )
-        if( B->p[j - 1] != 0 )
-            break;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
-
-    o = B->p; p = X->p; c = 0;
-
-    /*
-     * tmp is used because it might happen that p == o
-     */
-    for( i = 0; i < j; i++, o++, p++ )
-    {
-        tmp= *o;
-        *p +=  c; c  = ( *p <  c );
-        *p += tmp; c += ( *p < tmp );
-    }
-
-    while( c != 0 )
-    {
-        if( i >= X->n )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + 1 ) );
-            p = X->p + i;
-        }
-
-        *p += c; c = ( *p < c ); i++; p++;
-    }
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Helper for mbedtls_mpi subtraction
- */
-static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d )
-{
-    size_t i;
-    mbedtls_mpi_uint c, z;
-
-    for( i = c = 0; i < n; i++, s++, d++ )
-    {
-        z = ( *d <  c );     *d -=  c;
-        c = ( *d < *s ) + z; *d -= *s;
-    }
-
-    while( c != 0 )
-    {
-        z = ( *d < c ); *d -= c;
-        c = z; i++; d++;
-    }
-}
-
-/*
- * Unsigned subtraction: X = |A| - |B|  (HAC 14.9)
- */
-int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
-    mbedtls_mpi TB;
-    int ret;
-    size_t n;
-
-    if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
-        return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
-
-    mbedtls_mpi_init( &TB );
-
-    if( X == B )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) );
-        B = &TB;
-    }
-
-    if( X != A )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
-
-    /*
-     * X should always be positive as a result of unsigned subtractions.
-     */
-    X->s = 1;
-
-    ret = 0;
-
-    for( n = B->n; n > 0; n-- )
-        if( B->p[n - 1] != 0 )
-            break;
-
-    mpi_sub_hlp( n, B->p, X->p );
-
-cleanup:
-
-    mbedtls_mpi_free( &TB );
-
-    return( ret );
-}
-
-/*
- * Signed addition: X = A + B
- */
-int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
-    int ret, s = A->s;
-
-    if( A->s * B->s < 0 )
-    {
-        if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
-            X->s =  s;
-        }
-        else
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
-            X->s = -s;
-        }
-    }
-    else
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) );
-        X->s = s;
-    }
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Signed subtraction: X = A - B
- */
-int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
-    int ret, s = A->s;
-
-    if( A->s * B->s > 0 )
-    {
-        if( mbedtls_mpi_cmp_abs( A, B ) >= 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
-            X->s =  s;
-        }
-        else
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
-            X->s = -s;
-        }
-    }
-    else
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) );
-        X->s = s;
-    }
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Signed addition: X = A + b
- */
-int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b )
-{
-    mbedtls_mpi _B;
-    mbedtls_mpi_uint p[1];
-
-    p[0] = ( b < 0 ) ? -b : b;
-    _B.s = ( b < 0 ) ? -1 : 1;
-    _B.n = 1;
-    _B.p = p;
-
-    return( mbedtls_mpi_add_mpi( X, A, &_B ) );
-}
-
-/*
- * Signed subtraction: X = A - b
- */
-int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b )
-{
-    mbedtls_mpi _B;
-    mbedtls_mpi_uint p[1];
-
-    p[0] = ( b < 0 ) ? -b : b;
-    _B.s = ( b < 0 ) ? -1 : 1;
-    _B.n = 1;
-    _B.p = p;
-
-    return( mbedtls_mpi_sub_mpi( X, A, &_B ) );
-}
-
-/*
- * Helper for mbedtls_mpi multiplication
- */
-static
-#if defined(__APPLE__) && defined(__arm__)
-/*
- * Apple LLVM version 4.2 (clang-425.0.24) (based on LLVM 3.2svn)
- * appears to need this to prevent bad ARM code generation at -O3.
- */
-__attribute__ ((noinline))
-#endif
-void mpi_mul_hlp( size_t i, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d, mbedtls_mpi_uint b )
-{
-    mbedtls_mpi_uint c = 0, t = 0;
-
-#if defined(MULADDC_HUIT)
-    for( ; i >= 8; i -= 8 )
-    {
-        MULADDC_INIT
-        MULADDC_HUIT
-        MULADDC_STOP
-    }
-
-    for( ; i > 0; i-- )
-    {
-        MULADDC_INIT
-        MULADDC_CORE
-        MULADDC_STOP
-    }
-#else /* MULADDC_HUIT */
-    for( ; i >= 16; i -= 16 )
-    {
-        MULADDC_INIT
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_STOP
-    }
-
-    for( ; i >= 8; i -= 8 )
-    {
-        MULADDC_INIT
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_STOP
-    }
-
-    for( ; i > 0; i-- )
-    {
-        MULADDC_INIT
-        MULADDC_CORE
-        MULADDC_STOP
-    }
-#endif /* MULADDC_HUIT */
-
-    t++;
-
-    do {
-        *d += c; c = ( *d < c ); d++;
-    }
-    while( c != 0 );
-}
-
-/*
- * Baseline multiplication: X = A * B  (HAC 14.12)
- */
-int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
-    int ret;
-    size_t i, j;
-    mbedtls_mpi TA, TB;
-
-    mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
-
-    if( X == A ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); A = &TA; }
-    if( X == B ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); B = &TB; }
-
-    for( i = A->n; i > 0; i-- )
-        if( A->p[i - 1] != 0 )
-            break;
-
-    for( j = B->n; j > 0; j-- )
-        if( B->p[j - 1] != 0 )
-            break;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
-
-    for( i++; j > 0; j-- )
-        mpi_mul_hlp( i - 1, A->p, X->p + j - 1, B->p[j - 1] );
-
-    X->s = A->s * B->s;
-
-cleanup:
-
-    mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TA );
-
-    return( ret );
-}
-
-/*
- * Baseline multiplication: X = A * b
- */
-int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b )
-{
-    mbedtls_mpi _B;
-    mbedtls_mpi_uint p[1];
-
-    _B.s = 1;
-    _B.n = 1;
-    _B.p = p;
-    p[0] = b;
-
-    return( mbedtls_mpi_mul_mpi( X, A, &_B ) );
-}
-
-/*
- * Unsigned integer divide - double mbedtls_mpi_uint dividend, u1/u0, and
- * mbedtls_mpi_uint divisor, d
- */
-static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1,
-            mbedtls_mpi_uint u0, mbedtls_mpi_uint d, mbedtls_mpi_uint *r )
-{
-#if defined(MBEDTLS_HAVE_UDBL)
-    mbedtls_t_udbl dividend, quotient;
-#else
-    const mbedtls_mpi_uint radix = (mbedtls_mpi_uint) 1 << biH;
-    const mbedtls_mpi_uint uint_halfword_mask = ( (mbedtls_mpi_uint) 1 << biH ) - 1;
-    mbedtls_mpi_uint d0, d1, q0, q1, rAX, r0, quotient;
-    mbedtls_mpi_uint u0_msw, u0_lsw;
-    size_t s;
-#endif
-
-    /*
-     * Check for overflow
-     */
-    if( 0 == d || u1 >= d )
-    {
-        if (r != NULL) *r = ~0;
-
-        return ( ~0 );
-    }
-
-#if defined(MBEDTLS_HAVE_UDBL)
-    dividend  = (mbedtls_t_udbl) u1 << biL;
-    dividend |= (mbedtls_t_udbl) u0;
-    quotient = dividend / d;
-    if( quotient > ( (mbedtls_t_udbl) 1 << biL ) - 1 )
-        quotient = ( (mbedtls_t_udbl) 1 << biL ) - 1;
-
-    if( r != NULL )
-        *r = (mbedtls_mpi_uint)( dividend - (quotient * d ) );
-
-    return (mbedtls_mpi_uint) quotient;
-#else
-
-    /*
-     * Algorithm D, Section 4.3.1 - The Art of Computer Programming
-     *   Vol. 2 - Seminumerical Algorithms, Knuth
-     */
-
-    /*
-     * Normalize the divisor, d, and dividend, u0, u1
-     */
-    s = mbedtls_clz( d );
-    d = d << s;
-
-    u1 = u1 << s;
-    u1 |= ( u0 >> ( biL - s ) ) & ( -(mbedtls_mpi_sint)s >> ( biL - 1 ) );
-    u0 =  u0 << s;
-
-    d1 = d >> biH;
-    d0 = d & uint_halfword_mask;
-
-    u0_msw = u0 >> biH;
-    u0_lsw = u0 & uint_halfword_mask;
-
-    /*
-     * Find the first quotient and remainder
-     */
-    q1 = u1 / d1;
-    r0 = u1 - d1 * q1;
-
-    while( q1 >= radix || ( q1 * d0 > radix * r0 + u0_msw ) )
-    {
-        q1 -= 1;
-        r0 += d1;
-
-        if ( r0 >= radix ) break;
-    }
-
-    rAX = ( u1 * radix ) + ( u0_msw - q1 * d );
-    q0 = rAX / d1;
-    r0 = rAX - q0 * d1;
-
-    while( q0 >= radix || ( q0 * d0 > radix * r0 + u0_lsw ) )
-    {
-        q0 -= 1;
-        r0 += d1;
-
-        if ( r0 >= radix ) break;
-    }
-
-    if (r != NULL)
-        *r = ( rAX * radix + u0_lsw - q0 * d ) >> s;
-
-    quotient = q1 * radix + q0;
-
-    return quotient;
-#endif
-}
-
-/*
- * Division by mbedtls_mpi: A = Q * B + R  (HAC 14.20)
- */
-int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
-    int ret;
-    size_t i, n, t, k;
-    mbedtls_mpi X, Y, Z, T1, T2;
-
-    if( mbedtls_mpi_cmp_int( B, 0 ) == 0 )
-        return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
-
-    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
-    mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 );
-
-    if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
-    {
-        if( Q != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_lset( Q, 0 ) );
-        if( R != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, A ) );
-        return( 0 );
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &X, A ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, B ) );
-    X.s = Y.s = 1;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Z, A->n + 2 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Z,  0 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T1, 2 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T2, 3 ) );
-
-    k = mbedtls_mpi_bitlen( &Y ) % biL;
-    if( k < biL - 1 )
-    {
-        k = biL - 1 - k;
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &X, k ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, k ) );
-    }
-    else k = 0;
-
-    n = X.n - 1;
-    t = Y.n - 1;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, biL * ( n - t ) ) );
-
-    while( mbedtls_mpi_cmp_mpi( &X, &Y ) >= 0 )
-    {
-        Z.p[n - t]++;
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &Y ) );
-    }
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, biL * ( n - t ) ) );
-
-    for( i = n; i > t ; i-- )
-    {
-        if( X.p[i] >= Y.p[t] )
-            Z.p[i - t - 1] = ~0;
-        else
-        {
-            Z.p[i - t - 1] = mbedtls_int_div_int( X.p[i], X.p[i - 1],
-                                                            Y.p[t], NULL);
-        }
-
-        Z.p[i - t - 1]++;
-        do
-        {
-            Z.p[i - t - 1]--;
-
-            MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T1, 0 ) );
-            T1.p[0] = ( t < 1 ) ? 0 : Y.p[t - 1];
-            T1.p[1] = Y.p[t];
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) );
-
-            MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T2, 0 ) );
-            T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2];
-            T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1];
-            T2.p[2] = X.p[i];
-        }
-        while( mbedtls_mpi_cmp_mpi( &T1, &T2 ) > 0 );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1,  biL * ( i - t - 1 ) ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T1 ) );
-
-        if( mbedtls_mpi_cmp_int( &X, 0 ) < 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &Y ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &X, &X, &T1 ) );
-            Z.p[i - t - 1]--;
-        }
-    }
-
-    if( Q != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( Q, &Z ) );
-        Q->s = A->s * B->s;
-    }
-
-    if( R != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &X, k ) );
-        X.s = A->s;
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, &X ) );
-
-        if( mbedtls_mpi_cmp_int( R, 0 ) == 0 )
-            R->s = 1;
-    }
-
-cleanup:
-
-    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
-    mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 );
-
-    return( ret );
-}
-
-/*
- * Division by int: A = Q * b + R
- */
-int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b )
-{
-    mbedtls_mpi _B;
-    mbedtls_mpi_uint p[1];
-
-    p[0] = ( b < 0 ) ? -b : b;
-    _B.s = ( b < 0 ) ? -1 : 1;
-    _B.n = 1;
-    _B.p = p;
-
-    return( mbedtls_mpi_div_mpi( Q, R, A, &_B ) );
-}
-
-/*
- * Modulo: R = A mod B
- */
-int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
-    int ret;
-
-    if( mbedtls_mpi_cmp_int( B, 0 ) < 0 )
-        return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( NULL, R, A, B ) );
-
-    while( mbedtls_mpi_cmp_int( R, 0 ) < 0 )
-      MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( R, R, B ) );
-
-    while( mbedtls_mpi_cmp_mpi( R, B ) >= 0 )
-      MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( R, R, B ) );
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Modulo: r = A mod b
- */
-int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b )
-{
-    size_t i;
-    mbedtls_mpi_uint x, y, z;
-
-    if( b == 0 )
-        return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
-
-    if( b < 0 )
-        return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
-
-    /*
-     * handle trivial cases
-     */
-    if( b == 1 )
-    {
-        *r = 0;
-        return( 0 );
-    }
-
-    if( b == 2 )
-    {
-        *r = A->p[0] & 1;
-        return( 0 );
-    }
-
-    /*
-     * general case
-     */
-    for( i = A->n, y = 0; i > 0; i-- )
-    {
-        x  = A->p[i - 1];
-        y  = ( y << biH ) | ( x >> biH );
-        z  = y / b;
-        y -= z * b;
-
-        x <<= biH;
-        y  = ( y << biH ) | ( x >> biH );
-        z  = y / b;
-        y -= z * b;
-    }
-
-    /*
-     * If A is negative, then the current y represents a negative value.
-     * Flipping it to the positive side.
-     */
-    if( A->s < 0 && y != 0 )
-        y = b - y;
-
-    *r = y;
-
-    return( 0 );
-}
-
-/*
- * Fast Montgomery initialization (thanks to Tom St Denis)
- */
-static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N )
-{
-    mbedtls_mpi_uint x, m0 = N->p[0];
-    unsigned int i;
-
-    x  = m0;
-    x += ( ( m0 + 2 ) & 4 ) << 1;
-
-    for( i = biL; i >= 8; i /= 2 )
-        x *= ( 2 - ( m0 * x ) );
-
-    *mm = ~x + 1;
-}
-
-/*
- * Montgomery multiplication: A = A * B * R^-1 mod N  (HAC 14.36)
- */
-static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
-                         const mbedtls_mpi *T )
-{
-    size_t i, n, m;
-    mbedtls_mpi_uint u0, u1, *d;
-
-    if( T->n < N->n + 1 || T->p == NULL )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    memset( T->p, 0, T->n * ciL );
-
-    d = T->p;
-    n = N->n;
-    m = ( B->n < n ) ? B->n : n;
-
-    for( i = 0; i < n; i++ )
-    {
-        /*
-         * T = (T + u0*B + u1*N) / 2^biL
-         */
-        u0 = A->p[i];
-        u1 = ( d[0] + u0 * B->p[0] ) * mm;
-
-        mpi_mul_hlp( m, B->p, d, u0 );
-        mpi_mul_hlp( n, N->p, d, u1 );
-
-        *d++ = u0; d[n + 1] = 0;
-    }
-
-    memcpy( A->p, d, ( n + 1 ) * ciL );
-
-    if( mbedtls_mpi_cmp_abs( A, N ) >= 0 )
-        mpi_sub_hlp( n, N->p, A->p );
-    else
-        /* prevent timing attacks */
-        mpi_sub_hlp( n, A->p, T->p );
-
-    return( 0 );
-}
-
-/*
- * Montgomery reduction: A = A * R^-1 mod N
- */
-static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T )
-{
-    mbedtls_mpi_uint z = 1;
-    mbedtls_mpi U;
-
-    U.n = U.s = (int) z;
-    U.p = &z;
-
-    return( mpi_montmul( A, &U, N, mm, T ) );
-}
-
-/*
- * Sliding-window exponentiation: X = A^E mod N  (HAC 14.85)
- */
-int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR )
-{
-    int ret;
-    size_t wbits, wsize, one = 1;
-    size_t i, j, nblimbs;
-    size_t bufsize, nbits;
-    mbedtls_mpi_uint ei, mm, state;
-    mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos;
-    int neg;
-
-    if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    /*
-     * Init temps and window size
-     */
-    mpi_montg_init( &mm, N );
-    mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &T );
-    mbedtls_mpi_init( &Apos );
-    memset( W, 0, sizeof( W ) );
-
-    i = mbedtls_mpi_bitlen( E );
-
-    wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 :
-            ( i >  79 ) ? 4 : ( i >  23 ) ? 3 : 1;
-
-    if( wsize > MBEDTLS_MPI_WINDOW_SIZE )
-        wsize = MBEDTLS_MPI_WINDOW_SIZE;
-
-    j = N->n + 1;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1],  j ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) );
-
-    /*
-     * Compensate for negative A (and correct at the end)
-     */
-    neg = ( A->s == -1 );
-    if( neg )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Apos, A ) );
-        Apos.s = 1;
-        A = &Apos;
-    }
-
-    /*
-     * If 1st call, pre-compute R^2 mod N
-     */
-    if( _RR == NULL || _RR->p == NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &RR, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &RR, N->n * 2 * biL ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &RR, &RR, N ) );
-
-        if( _RR != NULL )
-            memcpy( _RR, &RR, sizeof( mbedtls_mpi ) );
-    }
-    else
-        memcpy( &RR, _RR, sizeof( mbedtls_mpi ) );
-
-    /*
-     * W[1] = A * R^2 * R^-1 mod N = A * R mod N
-     */
-    if( mbedtls_mpi_cmp_mpi( A, N ) >= 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &W[1], A, N ) );
-    else
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) );
-
-    MBEDTLS_MPI_CHK( mpi_montmul( &W[1], &RR, N, mm, &T ) );
-
-    /*
-     * X = R^2 * R^-1 mod N = R mod N
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) );
-    MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) );
-
-    if( wsize > 1 )
-    {
-        /*
-         * W[1 << (wsize - 1)] = W[1] ^ (wsize - 1)
-         */
-        j =  one << ( wsize - 1 );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[j], N->n + 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1]    ) );
-
-        for( i = 0; i < wsize - 1; i++ )
-            MBEDTLS_MPI_CHK( mpi_montmul( &W[j], &W[j], N, mm, &T ) );
-
-        /*
-         * W[i] = W[i - 1] * W[1]
-         */
-        for( i = j + 1; i < ( one << wsize ); i++ )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) );
-
-            MBEDTLS_MPI_CHK( mpi_montmul( &W[i], &W[1], N, mm, &T ) );
-        }
-    }
-
-    nblimbs = E->n;
-    bufsize = 0;
-    nbits   = 0;
-    wbits   = 0;
-    state   = 0;
-
-    while( 1 )
-    {
-        if( bufsize == 0 )
-        {
-            if( nblimbs == 0 )
-                break;
-
-            nblimbs--;
-
-            bufsize = sizeof( mbedtls_mpi_uint ) << 3;
-        }
-
-        bufsize--;
-
-        ei = (E->p[nblimbs] >> bufsize) & 1;
-
-        /*
-         * skip leading 0s
-         */
-        if( ei == 0 && state == 0 )
-            continue;
-
-        if( ei == 0 && state == 1 )
-        {
-            /*
-             * out of window, square X
-             */
-            MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
-            continue;
-        }
-
-        /*
-         * add ei to current window
-         */
-        state = 2;
-
-        nbits++;
-        wbits |= ( ei << ( wsize - nbits ) );
-
-        if( nbits == wsize )
-        {
-            /*
-             * X = X^wsize R^-1 mod N
-             */
-            for( i = 0; i < wsize; i++ )
-                MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
-
-            /*
-             * X = X * W[wbits] R^-1 mod N
-             */
-            MBEDTLS_MPI_CHK( mpi_montmul( X, &W[wbits], N, mm, &T ) );
-
-            state--;
-            nbits = 0;
-            wbits = 0;
-        }
-    }
-
-    /*
-     * process the remaining bits
-     */
-    for( i = 0; i < nbits; i++ )
-    {
-        MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
-
-        wbits <<= 1;
-
-        if( ( wbits & ( one << wsize ) ) != 0 )
-            MBEDTLS_MPI_CHK( mpi_montmul( X, &W[1], N, mm, &T ) );
-    }
-
-    /*
-     * X = A^E * R * R^-1 mod N = A^E mod N
-     */
-    MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) );
-
-    if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 )
-    {
-        X->s = -1;
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, N, X ) );
-    }
-
-cleanup:
-
-    for( i = ( one << ( wsize - 1 ) ); i < ( one << wsize ); i++ )
-        mbedtls_mpi_free( &W[i] );
-
-    mbedtls_mpi_free( &W[1] ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &Apos );
-
-    if( _RR == NULL || _RR->p == NULL )
-        mbedtls_mpi_free( &RR );
-
-    return( ret );
-}
-
-/*
- * Greatest common divisor: G = gcd(A, B)  (HAC 14.54)
- */
-int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
-    int ret;
-    size_t lz, lzt;
-    mbedtls_mpi TG, TA, TB;
-
-    mbedtls_mpi_init( &TG ); mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) );
-
-    lz = mbedtls_mpi_lsb( &TA );
-    lzt = mbedtls_mpi_lsb( &TB );
-
-    if( lzt < lz )
-        lz = lzt;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, lz ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, lz ) );
-
-    TA.s = TB.s = 1;
-
-    while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, mbedtls_mpi_lsb( &TB ) ) );
-
-        if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TA, &TA, &TB ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, 1 ) );
-        }
-        else
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TB, &TB, &TA ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, 1 ) );
-        }
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &TB, lz ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( G, &TB ) );
-
-cleanup:
-
-    mbedtls_mpi_free( &TG ); mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TB );
-
-    return( ret );
-}
-
-/*
- * Fill X with size bytes of random.
- *
- * Use a temporary bytes representation to make sure the result is the same
- * regardless of the platform endianness (useful when f_rng is actually
- * deterministic, eg for tests).
- */
-int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
-{
-    int ret;
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
-
-    if( size > MBEDTLS_MPI_MAX_SIZE )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    MBEDTLS_MPI_CHK( f_rng( p_rng, buf, size ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( X, buf, size ) );
-
-cleanup:
-    mbedtls_zeroize( buf, sizeof( buf ) );
-    return( ret );
-}
-
-/*
- * Modular inverse: X = A^-1 mod N  (HAC 14.61 / 14.64)
- */
-int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N )
-{
-    int ret;
-    mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2;
-
-    if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TU ); mbedtls_mpi_init( &U1 ); mbedtls_mpi_init( &U2 );
-    mbedtls_mpi_init( &G ); mbedtls_mpi_init( &TB ); mbedtls_mpi_init( &TV );
-    mbedtls_mpi_init( &V1 ); mbedtls_mpi_init( &V2 );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, A, N ) );
-
-    if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
-    {
-        ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
-        goto cleanup;
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &TA, A, N ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TU, &TA ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, N ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TV, N ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U1, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U2, 0 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V1, 0 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V2, 1 ) );
-
-    do
-    {
-        while( ( TU.p[0] & 1 ) == 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TU, 1 ) );
-
-            if( ( U1.p[0] & 1 ) != 0 || ( U2.p[0] & 1 ) != 0 )
-            {
-                MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &U1, &U1, &TB ) );
-                MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &TA ) );
-            }
-
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U1, 1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U2, 1 ) );
-        }
-
-        while( ( TV.p[0] & 1 ) == 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TV, 1 ) );
-
-            if( ( V1.p[0] & 1 ) != 0 || ( V2.p[0] & 1 ) != 0 )
-            {
-                MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, &TB ) );
-                MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &TA ) );
-            }
-
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V1, 1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V2, 1 ) );
-        }
-
-        if( mbedtls_mpi_cmp_mpi( &TU, &TV ) >= 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TU, &TU, &TV ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U1, &U1, &V1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &V2 ) );
-        }
-        else
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TV, &TV, &TU ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, &U1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &U2 ) );
-        }
-    }
-    while( mbedtls_mpi_cmp_int( &TU, 0 ) != 0 );
-
-    while( mbedtls_mpi_cmp_int( &V1, 0 ) < 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, N ) );
-
-    while( mbedtls_mpi_cmp_mpi( &V1, N ) >= 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, N ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &V1 ) );
-
-cleanup:
-
-    mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TU ); mbedtls_mpi_free( &U1 ); mbedtls_mpi_free( &U2 );
-    mbedtls_mpi_free( &G ); mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TV );
-    mbedtls_mpi_free( &V1 ); mbedtls_mpi_free( &V2 );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_GENPRIME)
-
-static const int small_prime[] =
-{
-        3,    5,    7,   11,   13,   17,   19,   23,
-       29,   31,   37,   41,   43,   47,   53,   59,
-       61,   67,   71,   73,   79,   83,   89,   97,
-      101,  103,  107,  109,  113,  127,  131,  137,
-      139,  149,  151,  157,  163,  167,  173,  179,
-      181,  191,  193,  197,  199,  211,  223,  227,
-      229,  233,  239,  241,  251,  257,  263,  269,
-      271,  277,  281,  283,  293,  307,  311,  313,
-      317,  331,  337,  347,  349,  353,  359,  367,
-      373,  379,  383,  389,  397,  401,  409,  419,
-      421,  431,  433,  439,  443,  449,  457,  461,
-      463,  467,  479,  487,  491,  499,  503,  509,
-      521,  523,  541,  547,  557,  563,  569,  571,
-      577,  587,  593,  599,  601,  607,  613,  617,
-      619,  631,  641,  643,  647,  653,  659,  661,
-      673,  677,  683,  691,  701,  709,  719,  727,
-      733,  739,  743,  751,  757,  761,  769,  773,
-      787,  797,  809,  811,  821,  823,  827,  829,
-      839,  853,  857,  859,  863,  877,  881,  883,
-      887,  907,  911,  919,  929,  937,  941,  947,
-      953,  967,  971,  977,  983,  991,  997, -103
-};
-
-/*
- * Small divisors test (X must be positive)
- *
- * Return values:
- * 0: no small factor (possible prime, more tests needed)
- * 1: certain prime
- * MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: certain non-prime
- * other negative: error
- */
-static int mpi_check_small_factors( const mbedtls_mpi *X )
-{
-    int ret = 0;
-    size_t i;
-    mbedtls_mpi_uint r;
-
-    if( ( X->p[0] & 1 ) == 0 )
-        return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
-
-    for( i = 0; small_prime[i] > 0; i++ )
-    {
-        if( mbedtls_mpi_cmp_int( X, small_prime[i] ) <= 0 )
-            return( 1 );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, small_prime[i] ) );
-
-        if( r == 0 )
-            return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
-    }
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Miller-Rabin pseudo-primality test  (HAC 4.24)
- */
-static int mpi_miller_rabin( const mbedtls_mpi *X,
-                             int (*f_rng)(void *, unsigned char *, size_t),
-                             void *p_rng )
-{
-    int ret, count;
-    size_t i, j, k, n, s;
-    mbedtls_mpi W, R, T, A, RR;
-
-    mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A );
-    mbedtls_mpi_init( &RR );
-
-    /*
-     * W = |X| - 1
-     * R = W >> lsb( W )
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &W, X, 1 ) );
-    s = mbedtls_mpi_lsb( &W );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R, &W ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &R, s ) );
-
-    i = mbedtls_mpi_bitlen( X );
-    /*
-     * HAC, table 4.4
-     */
-    n = ( ( i >= 1300 ) ?  2 : ( i >=  850 ) ?  3 :
-          ( i >=  650 ) ?  4 : ( i >=  350 ) ?  8 :
-          ( i >=  250 ) ? 12 : ( i >=  150 ) ? 18 : 27 );
-
-    for( i = 0; i < n; i++ )
-    {
-        /*
-         * pick a random A, 1 < A < |X| - 1
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
-
-        if( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 )
-        {
-            j = mbedtls_mpi_bitlen( &A ) - mbedtls_mpi_bitlen( &W );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &A, j + 1 ) );
-        }
-        A.p[0] |= 3;
-
-        count = 0;
-        do {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
-
-            j = mbedtls_mpi_bitlen( &A );
-            k = mbedtls_mpi_bitlen( &W );
-            if (j > k) {
-                MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &A, j - k ) );
-            }
-
-            if (count++ > 30) {
-                return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
-            }
-
-        } while ( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 ||
-                  mbedtls_mpi_cmp_int( &A, 1 )  <= 0    );
-
-        /*
-         * A = A^R mod |X|
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &A, &A, &R, X, &RR ) );
-
-        if( mbedtls_mpi_cmp_mpi( &A, &W ) == 0 ||
-            mbedtls_mpi_cmp_int( &A,  1 ) == 0 )
-            continue;
-
-        j = 1;
-        while( j < s && mbedtls_mpi_cmp_mpi( &A, &W ) != 0 )
-        {
-            /*
-             * A = A * A mod |X|
-             */
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &A, &A ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &A, &T, X  ) );
-
-            if( mbedtls_mpi_cmp_int( &A, 1 ) == 0 )
-                break;
-
-            j++;
-        }
-
-        /*
-         * not prime if A != |X| - 1 or A == 1
-         */
-        if( mbedtls_mpi_cmp_mpi( &A, &W ) != 0 ||
-            mbedtls_mpi_cmp_int( &A,  1 ) == 0 )
-        {
-            ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
-            break;
-        }
-    }
-
-cleanup:
-    mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A );
-    mbedtls_mpi_free( &RR );
-
-    return( ret );
-}
-
-/*
- * Pseudo-primality test: small factors, then Miller-Rabin
- */
-int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
-                  int (*f_rng)(void *, unsigned char *, size_t),
-                  void *p_rng )
-{
-    int ret;
-    mbedtls_mpi XX;
-
-    XX.s = 1;
-    XX.n = X->n;
-    XX.p = X->p;
-
-    if( mbedtls_mpi_cmp_int( &XX, 0 ) == 0 ||
-        mbedtls_mpi_cmp_int( &XX, 1 ) == 0 )
-        return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
-
-    if( mbedtls_mpi_cmp_int( &XX, 2 ) == 0 )
-        return( 0 );
-
-    if( ( ret = mpi_check_small_factors( &XX ) ) != 0 )
-    {
-        if( ret == 1 )
-            return( 0 );
-
-        return( ret );
-    }
-
-    return( mpi_miller_rabin( &XX, f_rng, p_rng ) );
-}
-
-/*
- * Prime number generation
- */
-int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
-                   int (*f_rng)(void *, unsigned char *, size_t),
-                   void *p_rng )
-{
-    int ret;
-    size_t k, n;
-    mbedtls_mpi_uint r;
-    mbedtls_mpi Y;
-
-    if( nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    mbedtls_mpi_init( &Y );
-
-    n = BITS_TO_LIMBS( nbits );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) );
-
-    k = mbedtls_mpi_bitlen( X );
-    if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits + 1 ) );
-
-    mbedtls_mpi_set_bit( X, nbits-1, 1 );
-
-    X->p[0] |= 1;
-
-    if( dh_flag == 0 )
-    {
-        while( ( ret = mbedtls_mpi_is_prime( X, f_rng, p_rng ) ) != 0 )
-        {
-            if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
-                goto cleanup;
-
-            MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 2 ) );
-        }
-    }
-    else
-    {
-        /*
-         * An necessary condition for Y and X = 2Y + 1 to be prime
-         * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3).
-         * Make sure it is satisfied, while keeping X = 3 mod 4
-         */
-
-        X->p[0] |= 2;
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) );
-        if( r == 0 )
-            MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) );
-        else if( r == 1 )
-            MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) );
-
-        /* Set Y = (X-1) / 2, which is X / 2 because X is odd */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) );
-
-        while( 1 )
-        {
-            /*
-             * First, check small factors for X and Y
-             * before doing Miller-Rabin on any of them
-             */
-            if( ( ret = mpi_check_small_factors(  X         ) ) == 0 &&
-                ( ret = mpi_check_small_factors( &Y         ) ) == 0 &&
-                ( ret = mpi_miller_rabin(  X, f_rng, p_rng  ) ) == 0 &&
-                ( ret = mpi_miller_rabin( &Y, f_rng, p_rng  ) ) == 0 )
-            {
-                break;
-            }
-
-            if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
-                goto cleanup;
-
-            /*
-             * Next candidates. We want to preserve Y = (X-1) / 2 and
-             * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3)
-             * so up Y by 6 and X by 12.
-             */
-            MBEDTLS_MPI_CHK( mbedtls_mpi_add_int(  X,  X, 12 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6  ) );
-        }
-    }
-
-cleanup:
-
-    mbedtls_mpi_free( &Y );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_GENPRIME */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#define GCD_PAIR_COUNT  3
-
-static const int gcd_pairs[GCD_PAIR_COUNT][3] =
-{
-    { 693, 609, 21 },
-    { 1764, 868, 28 },
-    { 768454923, 542167814, 1 }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_mpi_self_test( int verbose )
-{
-    int ret, i;
-    mbedtls_mpi A, E, N, X, Y, U, V;
-
-    mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &X );
-    mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &U ); mbedtls_mpi_init( &V );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &A, 16,
-        "EFE021C2645FD1DC586E69184AF4A31E" \
-        "D5F53E93B5F123FA41680867BA110131" \
-        "944FE7952E2517337780CB0DB80E61AA" \
-        "E7C8DDC6C5C6AADEB34EB38A2F40D5E6" ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &E, 16,
-        "B2E7EFD37075B9F03FF989C7C5051C20" \
-        "34D2A323810251127E7BF8625A4F49A5" \
-        "F3E27F4DA8BD59C47D6DAABA4C8127BD" \
-        "5B5C25763222FEFCCFC38B832366C29E" ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &N, 16,
-        "0066A198186C18C10B2F5ED9B522752A" \
-        "9830B69916E535C8F047518A889A43A5" \
-        "94B6BED27A168D31D4A52F88925AA8F5" ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &X, &A, &N ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
-        "602AB7ECA597A3D6B56FF9829A5E8B85" \
-        "9E857EA95A03512E2BAE7391688D264A" \
-        "A5663B0341DB9CCFD2C4C5F421FEC814" \
-        "8001B72E848A38CAE1C65F78E56ABDEF" \
-        "E12D3C039B8A02D6BE593F0BBBDA56F1" \
-        "ECF677152EF804370C1A305CAF3B5BF1" \
-        "30879B56C61DE584A0F53A2447A51E" ) );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  MPI test #1 (mul_mpi): " );
-
-    if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &X, &Y, &A, &N ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
-        "256567336059E52CAE22925474705F39A94" ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &V, 16,
-        "6613F26162223DF488E9CD48CC132C7A" \
-        "0AC93C701B001B092E4E5B9F73BCD27B" \
-        "9EE50D0657C77F374E903CDFA4C642" ) );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  MPI test #2 (div_mpi): " );
-
-    if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 ||
-        mbedtls_mpi_cmp_mpi( &Y, &V ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &X, &A, &E, &N, NULL ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
-        "36E139AEA55215609D2816998ED020BB" \
-        "BD96C37890F65171D948E9BC7CBAA4D9" \
-        "325D24D6A3C12710F10A09FA08AB87" ) );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  MPI test #3 (exp_mod): " );
-
-    if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &X, &A, &N ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
-        "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \
-        "C3DBA76456363A10869622EAC2DD84EC" \
-        "C5B8A74DAC4D09E03B5E0BE779F2DF61" ) );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  MPI test #4 (inv_mod): " );
-
-    if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  MPI test #5 (simple gcd): " );
-
-    for( i = 0; i < GCD_PAIR_COUNT; i++ )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &X, gcd_pairs[i][0] ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Y, gcd_pairs[i][1] ) );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &A, &X, &Y ) );
-
-        if( mbedtls_mpi_cmp_int( &A, gcd_pairs[i][2] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed at %d\n", i );
-
-            ret = 1;
-            goto cleanup;
-        }
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-cleanup:
-
-    if( ret != 0 && verbose != 0 )
-        mbedtls_printf( "Unexpected error, return code = %08X\n", ret );
-
-    mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &X );
-    mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &U ); mbedtls_mpi_free( &V );
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_BIGNUM_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/blowfish.c b/components/ssl/mbedtls/mbedtls/library/blowfish.c
deleted file mode 100644
index 9003f0df..00000000
--- a/components/ssl/mbedtls/mbedtls/library/blowfish.c
+++ /dev/null
@@ -1,656 +0,0 @@
-/*
- *  Blowfish implementation
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  The Blowfish block cipher was designed by Bruce Schneier in 1993.
- *  http://www.schneier.com/blowfish.html
- *  http://en.wikipedia.org/wiki/Blowfish_%28cipher%29
- *
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_BLOWFISH_C)
-
-#include "mbedtls/blowfish.h"
-
-#include <string.h>
-
-#if !defined(MBEDTLS_BLOWFISH_ALT)
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
-        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 3]       );            \
-}
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
-}
-#endif
-
-static const uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2] = {
-        0x243F6A88L, 0x85A308D3L, 0x13198A2EL, 0x03707344L,
-        0xA4093822L, 0x299F31D0L, 0x082EFA98L, 0xEC4E6C89L,
-        0x452821E6L, 0x38D01377L, 0xBE5466CFL, 0x34E90C6CL,
-        0xC0AC29B7L, 0xC97C50DDL, 0x3F84D5B5L, 0xB5470917L,
-        0x9216D5D9L, 0x8979FB1BL
-};
-
-/* declarations of data at the end of this file */
-static const uint32_t S[4][256];
-
-static uint32_t F( mbedtls_blowfish_context *ctx, uint32_t x )
-{
-   unsigned short a, b, c, d;
-   uint32_t  y;
-
-   d = (unsigned short)(x & 0xFF);
-   x >>= 8;
-   c = (unsigned short)(x & 0xFF);
-   x >>= 8;
-   b = (unsigned short)(x & 0xFF);
-   x >>= 8;
-   a = (unsigned short)(x & 0xFF);
-   y = ctx->S[0][a] + ctx->S[1][b];
-   y = y ^ ctx->S[2][c];
-   y = y + ctx->S[3][d];
-
-   return( y );
-}
-
-static void blowfish_enc( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr )
-{
-    uint32_t  Xl, Xr, temp;
-    short i;
-
-    Xl = *xl;
-    Xr = *xr;
-
-    for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i )
-    {
-        Xl = Xl ^ ctx->P[i];
-        Xr = F( ctx, Xl ) ^ Xr;
-
-        temp = Xl;
-        Xl = Xr;
-        Xr = temp;
-    }
-
-    temp = Xl;
-    Xl = Xr;
-    Xr = temp;
-
-    Xr = Xr ^ ctx->P[MBEDTLS_BLOWFISH_ROUNDS];
-    Xl = Xl ^ ctx->P[MBEDTLS_BLOWFISH_ROUNDS + 1];
-
-    *xl = Xl;
-    *xr = Xr;
-}
-
-static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr )
-{
-    uint32_t  Xl, Xr, temp;
-    short i;
-
-    Xl = *xl;
-    Xr = *xr;
-
-    for( i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i )
-    {
-        Xl = Xl ^ ctx->P[i];
-        Xr = F( ctx, Xl ) ^ Xr;
-
-        temp = Xl;
-        Xl = Xr;
-        Xr = temp;
-    }
-
-    temp = Xl;
-    Xl = Xr;
-    Xr = temp;
-
-    Xr = Xr ^ ctx->P[1];
-    Xl = Xl ^ ctx->P[0];
-
-    *xl = Xl;
-    *xr = Xr;
-}
-
-void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_blowfish_context ) );
-}
-
-void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_blowfish_context ) );
-}
-
-/*
- * Blowfish key schedule
- */
-int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
-                     unsigned int keybits )
-{
-    unsigned int i, j, k;
-    uint32_t data, datal, datar;
-
-    if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS || keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS ||
-        ( keybits % 8 ) )
-    {
-        return( MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH );
-    }
-
-    keybits >>= 3;
-
-    for( i = 0; i < 4; i++ )
-    {
-        for( j = 0; j < 256; j++ )
-            ctx->S[i][j] = S[i][j];
-    }
-
-    j = 0;
-    for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i )
-    {
-        data = 0x00000000;
-        for( k = 0; k < 4; ++k )
-        {
-            data = ( data << 8 ) | key[j++];
-            if( j >= keybits )
-                j = 0;
-        }
-        ctx->P[i] = P[i] ^ data;
-    }
-
-    datal = 0x00000000;
-    datar = 0x00000000;
-
-    for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2 )
-    {
-        blowfish_enc( ctx, &datal, &datar );
-        ctx->P[i] = datal;
-        ctx->P[i + 1] = datar;
-    }
-
-    for( i = 0; i < 4; i++ )
-    {
-       for( j = 0; j < 256; j += 2 )
-       {
-            blowfish_enc( ctx, &datal, &datar );
-            ctx->S[i][j] = datal;
-            ctx->S[i][j + 1] = datar;
-        }
-    }
-    return( 0 );
-}
-
-/*
- * Blowfish-ECB block encryption/decryption
- */
-int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
-                    int mode,
-                    const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                    unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] )
-{
-    uint32_t X0, X1;
-
-    GET_UINT32_BE( X0, input,  0 );
-    GET_UINT32_BE( X1, input,  4 );
-
-    if( mode == MBEDTLS_BLOWFISH_DECRYPT )
-    {
-        blowfish_dec( ctx, &X0, &X1 );
-    }
-    else /* MBEDTLS_BLOWFISH_ENCRYPT */
-    {
-        blowfish_enc( ctx, &X0, &X1 );
-    }
-
-    PUT_UINT32_BE( X0, output,  0 );
-    PUT_UINT32_BE( X1, output,  4 );
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/*
- * Blowfish-CBC buffer encryption/decryption
- */
-int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                    const unsigned char *input,
-                    unsigned char *output )
-{
-    int i;
-    unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE];
-
-    if( length % MBEDTLS_BLOWFISH_BLOCKSIZE )
-        return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH );
-
-    if( mode == MBEDTLS_BLOWFISH_DECRYPT )
-    {
-        while( length > 0 )
-        {
-            memcpy( temp, input, MBEDTLS_BLOWFISH_BLOCKSIZE );
-            mbedtls_blowfish_crypt_ecb( ctx, mode, input, output );
-
-            for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE;i++ )
-                output[i] = (unsigned char)( output[i] ^ iv[i] );
-
-            memcpy( iv, temp, MBEDTLS_BLOWFISH_BLOCKSIZE );
-
-            input  += MBEDTLS_BLOWFISH_BLOCKSIZE;
-            output += MBEDTLS_BLOWFISH_BLOCKSIZE;
-            length -= MBEDTLS_BLOWFISH_BLOCKSIZE;
-        }
-    }
-    else
-    {
-        while( length > 0 )
-        {
-            for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++ )
-                output[i] = (unsigned char)( input[i] ^ iv[i] );
-
-            mbedtls_blowfish_crypt_ecb( ctx, mode, output, output );
-            memcpy( iv, output, MBEDTLS_BLOWFISH_BLOCKSIZE );
-
-            input  += MBEDTLS_BLOWFISH_BLOCKSIZE;
-            output += MBEDTLS_BLOWFISH_BLOCKSIZE;
-            length -= MBEDTLS_BLOWFISH_BLOCKSIZE;
-        }
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/*
- * Blowfish CFB buffer encryption/decryption
- */
-int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
-                       int mode,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    int c;
-    size_t n = *iv_off;
-
-    if( mode == MBEDTLS_BLOWFISH_DECRYPT )
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-                mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv );
-
-            c = *input++;
-            *output++ = (unsigned char)( c ^ iv[n] );
-            iv[n] = (unsigned char) c;
-
-            n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
-        }
-    }
-    else
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-                mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv );
-
-            iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
-
-            n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
-        }
-    }
-
-    *iv_off = n;
-
-    return( 0 );
-}
-#endif /*MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/*
- * Blowfish CTR buffer encryption/decryption
- */
-int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                       unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    int c, i;
-    size_t n = *nc_off;
-
-    while( length-- )
-    {
-        if( n == 0 ) {
-            mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, nonce_counter,
-                                stream_block );
-
-            for( i = MBEDTLS_BLOWFISH_BLOCKSIZE; i > 0; i-- )
-                if( ++nonce_counter[i - 1] != 0 )
-                    break;
-        }
-        c = *input++;
-        *output++ = (unsigned char)( c ^ stream_block[n] );
-
-        n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
-    }
-
-    *nc_off = n;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-static const uint32_t S[4][256] = {
-    {   0xD1310BA6L, 0x98DFB5ACL, 0x2FFD72DBL, 0xD01ADFB7L,
-        0xB8E1AFEDL, 0x6A267E96L, 0xBA7C9045L, 0xF12C7F99L,
-        0x24A19947L, 0xB3916CF7L, 0x0801F2E2L, 0x858EFC16L,
-        0x636920D8L, 0x71574E69L, 0xA458FEA3L, 0xF4933D7EL,
-        0x0D95748FL, 0x728EB658L, 0x718BCD58L, 0x82154AEEL,
-        0x7B54A41DL, 0xC25A59B5L, 0x9C30D539L, 0x2AF26013L,
-        0xC5D1B023L, 0x286085F0L, 0xCA417918L, 0xB8DB38EFL,
-        0x8E79DCB0L, 0x603A180EL, 0x6C9E0E8BL, 0xB01E8A3EL,
-        0xD71577C1L, 0xBD314B27L, 0x78AF2FDAL, 0x55605C60L,
-        0xE65525F3L, 0xAA55AB94L, 0x57489862L, 0x63E81440L,
-        0x55CA396AL, 0x2AAB10B6L, 0xB4CC5C34L, 0x1141E8CEL,
-        0xA15486AFL, 0x7C72E993L, 0xB3EE1411L, 0x636FBC2AL,
-        0x2BA9C55DL, 0x741831F6L, 0xCE5C3E16L, 0x9B87931EL,
-        0xAFD6BA33L, 0x6C24CF5CL, 0x7A325381L, 0x28958677L,
-        0x3B8F4898L, 0x6B4BB9AFL, 0xC4BFE81BL, 0x66282193L,
-        0x61D809CCL, 0xFB21A991L, 0x487CAC60L, 0x5DEC8032L,
-        0xEF845D5DL, 0xE98575B1L, 0xDC262302L, 0xEB651B88L,
-        0x23893E81L, 0xD396ACC5L, 0x0F6D6FF3L, 0x83F44239L,
-        0x2E0B4482L, 0xA4842004L, 0x69C8F04AL, 0x9E1F9B5EL,
-        0x21C66842L, 0xF6E96C9AL, 0x670C9C61L, 0xABD388F0L,
-        0x6A51A0D2L, 0xD8542F68L, 0x960FA728L, 0xAB5133A3L,
-        0x6EEF0B6CL, 0x137A3BE4L, 0xBA3BF050L, 0x7EFB2A98L,
-        0xA1F1651DL, 0x39AF0176L, 0x66CA593EL, 0x82430E88L,
-        0x8CEE8619L, 0x456F9FB4L, 0x7D84A5C3L, 0x3B8B5EBEL,
-        0xE06F75D8L, 0x85C12073L, 0x401A449FL, 0x56C16AA6L,
-        0x4ED3AA62L, 0x363F7706L, 0x1BFEDF72L, 0x429B023DL,
-        0x37D0D724L, 0xD00A1248L, 0xDB0FEAD3L, 0x49F1C09BL,
-        0x075372C9L, 0x80991B7BL, 0x25D479D8L, 0xF6E8DEF7L,
-        0xE3FE501AL, 0xB6794C3BL, 0x976CE0BDL, 0x04C006BAL,
-        0xC1A94FB6L, 0x409F60C4L, 0x5E5C9EC2L, 0x196A2463L,
-        0x68FB6FAFL, 0x3E6C53B5L, 0x1339B2EBL, 0x3B52EC6FL,
-        0x6DFC511FL, 0x9B30952CL, 0xCC814544L, 0xAF5EBD09L,
-        0xBEE3D004L, 0xDE334AFDL, 0x660F2807L, 0x192E4BB3L,
-        0xC0CBA857L, 0x45C8740FL, 0xD20B5F39L, 0xB9D3FBDBL,
-        0x5579C0BDL, 0x1A60320AL, 0xD6A100C6L, 0x402C7279L,
-        0x679F25FEL, 0xFB1FA3CCL, 0x8EA5E9F8L, 0xDB3222F8L,
-        0x3C7516DFL, 0xFD616B15L, 0x2F501EC8L, 0xAD0552ABL,
-        0x323DB5FAL, 0xFD238760L, 0x53317B48L, 0x3E00DF82L,
-        0x9E5C57BBL, 0xCA6F8CA0L, 0x1A87562EL, 0xDF1769DBL,
-        0xD542A8F6L, 0x287EFFC3L, 0xAC6732C6L, 0x8C4F5573L,
-        0x695B27B0L, 0xBBCA58C8L, 0xE1FFA35DL, 0xB8F011A0L,
-        0x10FA3D98L, 0xFD2183B8L, 0x4AFCB56CL, 0x2DD1D35BL,
-        0x9A53E479L, 0xB6F84565L, 0xD28E49BCL, 0x4BFB9790L,
-        0xE1DDF2DAL, 0xA4CB7E33L, 0x62FB1341L, 0xCEE4C6E8L,
-        0xEF20CADAL, 0x36774C01L, 0xD07E9EFEL, 0x2BF11FB4L,
-        0x95DBDA4DL, 0xAE909198L, 0xEAAD8E71L, 0x6B93D5A0L,
-        0xD08ED1D0L, 0xAFC725E0L, 0x8E3C5B2FL, 0x8E7594B7L,
-        0x8FF6E2FBL, 0xF2122B64L, 0x8888B812L, 0x900DF01CL,
-        0x4FAD5EA0L, 0x688FC31CL, 0xD1CFF191L, 0xB3A8C1ADL,
-        0x2F2F2218L, 0xBE0E1777L, 0xEA752DFEL, 0x8B021FA1L,
-        0xE5A0CC0FL, 0xB56F74E8L, 0x18ACF3D6L, 0xCE89E299L,
-        0xB4A84FE0L, 0xFD13E0B7L, 0x7CC43B81L, 0xD2ADA8D9L,
-        0x165FA266L, 0x80957705L, 0x93CC7314L, 0x211A1477L,
-        0xE6AD2065L, 0x77B5FA86L, 0xC75442F5L, 0xFB9D35CFL,
-        0xEBCDAF0CL, 0x7B3E89A0L, 0xD6411BD3L, 0xAE1E7E49L,
-        0x00250E2DL, 0x2071B35EL, 0x226800BBL, 0x57B8E0AFL,
-        0x2464369BL, 0xF009B91EL, 0x5563911DL, 0x59DFA6AAL,
-        0x78C14389L, 0xD95A537FL, 0x207D5BA2L, 0x02E5B9C5L,
-        0x83260376L, 0x6295CFA9L, 0x11C81968L, 0x4E734A41L,
-        0xB3472DCAL, 0x7B14A94AL, 0x1B510052L, 0x9A532915L,
-        0xD60F573FL, 0xBC9BC6E4L, 0x2B60A476L, 0x81E67400L,
-        0x08BA6FB5L, 0x571BE91FL, 0xF296EC6BL, 0x2A0DD915L,
-        0xB6636521L, 0xE7B9F9B6L, 0xFF34052EL, 0xC5855664L,
-        0x53B02D5DL, 0xA99F8FA1L, 0x08BA4799L, 0x6E85076AL   },
-    {   0x4B7A70E9L, 0xB5B32944L, 0xDB75092EL, 0xC4192623L,
-        0xAD6EA6B0L, 0x49A7DF7DL, 0x9CEE60B8L, 0x8FEDB266L,
-        0xECAA8C71L, 0x699A17FFL, 0x5664526CL, 0xC2B19EE1L,
-        0x193602A5L, 0x75094C29L, 0xA0591340L, 0xE4183A3EL,
-        0x3F54989AL, 0x5B429D65L, 0x6B8FE4D6L, 0x99F73FD6L,
-        0xA1D29C07L, 0xEFE830F5L, 0x4D2D38E6L, 0xF0255DC1L,
-        0x4CDD2086L, 0x8470EB26L, 0x6382E9C6L, 0x021ECC5EL,
-        0x09686B3FL, 0x3EBAEFC9L, 0x3C971814L, 0x6B6A70A1L,
-        0x687F3584L, 0x52A0E286L, 0xB79C5305L, 0xAA500737L,
-        0x3E07841CL, 0x7FDEAE5CL, 0x8E7D44ECL, 0x5716F2B8L,
-        0xB03ADA37L, 0xF0500C0DL, 0xF01C1F04L, 0x0200B3FFL,
-        0xAE0CF51AL, 0x3CB574B2L, 0x25837A58L, 0xDC0921BDL,
-        0xD19113F9L, 0x7CA92FF6L, 0x94324773L, 0x22F54701L,
-        0x3AE5E581L, 0x37C2DADCL, 0xC8B57634L, 0x9AF3DDA7L,
-        0xA9446146L, 0x0FD0030EL, 0xECC8C73EL, 0xA4751E41L,
-        0xE238CD99L, 0x3BEA0E2FL, 0x3280BBA1L, 0x183EB331L,
-        0x4E548B38L, 0x4F6DB908L, 0x6F420D03L, 0xF60A04BFL,
-        0x2CB81290L, 0x24977C79L, 0x5679B072L, 0xBCAF89AFL,
-        0xDE9A771FL, 0xD9930810L, 0xB38BAE12L, 0xDCCF3F2EL,
-        0x5512721FL, 0x2E6B7124L, 0x501ADDE6L, 0x9F84CD87L,
-        0x7A584718L, 0x7408DA17L, 0xBC9F9ABCL, 0xE94B7D8CL,
-        0xEC7AEC3AL, 0xDB851DFAL, 0x63094366L, 0xC464C3D2L,
-        0xEF1C1847L, 0x3215D908L, 0xDD433B37L, 0x24C2BA16L,
-        0x12A14D43L, 0x2A65C451L, 0x50940002L, 0x133AE4DDL,
-        0x71DFF89EL, 0x10314E55L, 0x81AC77D6L, 0x5F11199BL,
-        0x043556F1L, 0xD7A3C76BL, 0x3C11183BL, 0x5924A509L,
-        0xF28FE6EDL, 0x97F1FBFAL, 0x9EBABF2CL, 0x1E153C6EL,
-        0x86E34570L, 0xEAE96FB1L, 0x860E5E0AL, 0x5A3E2AB3L,
-        0x771FE71CL, 0x4E3D06FAL, 0x2965DCB9L, 0x99E71D0FL,
-        0x803E89D6L, 0x5266C825L, 0x2E4CC978L, 0x9C10B36AL,
-        0xC6150EBAL, 0x94E2EA78L, 0xA5FC3C53L, 0x1E0A2DF4L,
-        0xF2F74EA7L, 0x361D2B3DL, 0x1939260FL, 0x19C27960L,
-        0x5223A708L, 0xF71312B6L, 0xEBADFE6EL, 0xEAC31F66L,
-        0xE3BC4595L, 0xA67BC883L, 0xB17F37D1L, 0x018CFF28L,
-        0xC332DDEFL, 0xBE6C5AA5L, 0x65582185L, 0x68AB9802L,
-        0xEECEA50FL, 0xDB2F953BL, 0x2AEF7DADL, 0x5B6E2F84L,
-        0x1521B628L, 0x29076170L, 0xECDD4775L, 0x619F1510L,
-        0x13CCA830L, 0xEB61BD96L, 0x0334FE1EL, 0xAA0363CFL,
-        0xB5735C90L, 0x4C70A239L, 0xD59E9E0BL, 0xCBAADE14L,
-        0xEECC86BCL, 0x60622CA7L, 0x9CAB5CABL, 0xB2F3846EL,
-        0x648B1EAFL, 0x19BDF0CAL, 0xA02369B9L, 0x655ABB50L,
-        0x40685A32L, 0x3C2AB4B3L, 0x319EE9D5L, 0xC021B8F7L,
-        0x9B540B19L, 0x875FA099L, 0x95F7997EL, 0x623D7DA8L,
-        0xF837889AL, 0x97E32D77L, 0x11ED935FL, 0x16681281L,
-        0x0E358829L, 0xC7E61FD6L, 0x96DEDFA1L, 0x7858BA99L,
-        0x57F584A5L, 0x1B227263L, 0x9B83C3FFL, 0x1AC24696L,
-        0xCDB30AEBL, 0x532E3054L, 0x8FD948E4L, 0x6DBC3128L,
-        0x58EBF2EFL, 0x34C6FFEAL, 0xFE28ED61L, 0xEE7C3C73L,
-        0x5D4A14D9L, 0xE864B7E3L, 0x42105D14L, 0x203E13E0L,
-        0x45EEE2B6L, 0xA3AAABEAL, 0xDB6C4F15L, 0xFACB4FD0L,
-        0xC742F442L, 0xEF6ABBB5L, 0x654F3B1DL, 0x41CD2105L,
-        0xD81E799EL, 0x86854DC7L, 0xE44B476AL, 0x3D816250L,
-        0xCF62A1F2L, 0x5B8D2646L, 0xFC8883A0L, 0xC1C7B6A3L,
-        0x7F1524C3L, 0x69CB7492L, 0x47848A0BL, 0x5692B285L,
-        0x095BBF00L, 0xAD19489DL, 0x1462B174L, 0x23820E00L,
-        0x58428D2AL, 0x0C55F5EAL, 0x1DADF43EL, 0x233F7061L,
-        0x3372F092L, 0x8D937E41L, 0xD65FECF1L, 0x6C223BDBL,
-        0x7CDE3759L, 0xCBEE7460L, 0x4085F2A7L, 0xCE77326EL,
-        0xA6078084L, 0x19F8509EL, 0xE8EFD855L, 0x61D99735L,
-        0xA969A7AAL, 0xC50C06C2L, 0x5A04ABFCL, 0x800BCADCL,
-        0x9E447A2EL, 0xC3453484L, 0xFDD56705L, 0x0E1E9EC9L,
-        0xDB73DBD3L, 0x105588CDL, 0x675FDA79L, 0xE3674340L,
-        0xC5C43465L, 0x713E38D8L, 0x3D28F89EL, 0xF16DFF20L,
-        0x153E21E7L, 0x8FB03D4AL, 0xE6E39F2BL, 0xDB83ADF7L   },
-    {   0xE93D5A68L, 0x948140F7L, 0xF64C261CL, 0x94692934L,
-        0x411520F7L, 0x7602D4F7L, 0xBCF46B2EL, 0xD4A20068L,
-        0xD4082471L, 0x3320F46AL, 0x43B7D4B7L, 0x500061AFL,
-        0x1E39F62EL, 0x97244546L, 0x14214F74L, 0xBF8B8840L,
-        0x4D95FC1DL, 0x96B591AFL, 0x70F4DDD3L, 0x66A02F45L,
-        0xBFBC09ECL, 0x03BD9785L, 0x7FAC6DD0L, 0x31CB8504L,
-        0x96EB27B3L, 0x55FD3941L, 0xDA2547E6L, 0xABCA0A9AL,
-        0x28507825L, 0x530429F4L, 0x0A2C86DAL, 0xE9B66DFBL,
-        0x68DC1462L, 0xD7486900L, 0x680EC0A4L, 0x27A18DEEL,
-        0x4F3FFEA2L, 0xE887AD8CL, 0xB58CE006L, 0x7AF4D6B6L,
-        0xAACE1E7CL, 0xD3375FECL, 0xCE78A399L, 0x406B2A42L,
-        0x20FE9E35L, 0xD9F385B9L, 0xEE39D7ABL, 0x3B124E8BL,
-        0x1DC9FAF7L, 0x4B6D1856L, 0x26A36631L, 0xEAE397B2L,
-        0x3A6EFA74L, 0xDD5B4332L, 0x6841E7F7L, 0xCA7820FBL,
-        0xFB0AF54EL, 0xD8FEB397L, 0x454056ACL, 0xBA489527L,
-        0x55533A3AL, 0x20838D87L, 0xFE6BA9B7L, 0xD096954BL,
-        0x55A867BCL, 0xA1159A58L, 0xCCA92963L, 0x99E1DB33L,
-        0xA62A4A56L, 0x3F3125F9L, 0x5EF47E1CL, 0x9029317CL,
-        0xFDF8E802L, 0x04272F70L, 0x80BB155CL, 0x05282CE3L,
-        0x95C11548L, 0xE4C66D22L, 0x48C1133FL, 0xC70F86DCL,
-        0x07F9C9EEL, 0x41041F0FL, 0x404779A4L, 0x5D886E17L,
-        0x325F51EBL, 0xD59BC0D1L, 0xF2BCC18FL, 0x41113564L,
-        0x257B7834L, 0x602A9C60L, 0xDFF8E8A3L, 0x1F636C1BL,
-        0x0E12B4C2L, 0x02E1329EL, 0xAF664FD1L, 0xCAD18115L,
-        0x6B2395E0L, 0x333E92E1L, 0x3B240B62L, 0xEEBEB922L,
-        0x85B2A20EL, 0xE6BA0D99L, 0xDE720C8CL, 0x2DA2F728L,
-        0xD0127845L, 0x95B794FDL, 0x647D0862L, 0xE7CCF5F0L,
-        0x5449A36FL, 0x877D48FAL, 0xC39DFD27L, 0xF33E8D1EL,
-        0x0A476341L, 0x992EFF74L, 0x3A6F6EABL, 0xF4F8FD37L,
-        0xA812DC60L, 0xA1EBDDF8L, 0x991BE14CL, 0xDB6E6B0DL,
-        0xC67B5510L, 0x6D672C37L, 0x2765D43BL, 0xDCD0E804L,
-        0xF1290DC7L, 0xCC00FFA3L, 0xB5390F92L, 0x690FED0BL,
-        0x667B9FFBL, 0xCEDB7D9CL, 0xA091CF0BL, 0xD9155EA3L,
-        0xBB132F88L, 0x515BAD24L, 0x7B9479BFL, 0x763BD6EBL,
-        0x37392EB3L, 0xCC115979L, 0x8026E297L, 0xF42E312DL,
-        0x6842ADA7L, 0xC66A2B3BL, 0x12754CCCL, 0x782EF11CL,
-        0x6A124237L, 0xB79251E7L, 0x06A1BBE6L, 0x4BFB6350L,
-        0x1A6B1018L, 0x11CAEDFAL, 0x3D25BDD8L, 0xE2E1C3C9L,
-        0x44421659L, 0x0A121386L, 0xD90CEC6EL, 0xD5ABEA2AL,
-        0x64AF674EL, 0xDA86A85FL, 0xBEBFE988L, 0x64E4C3FEL,
-        0x9DBC8057L, 0xF0F7C086L, 0x60787BF8L, 0x6003604DL,
-        0xD1FD8346L, 0xF6381FB0L, 0x7745AE04L, 0xD736FCCCL,
-        0x83426B33L, 0xF01EAB71L, 0xB0804187L, 0x3C005E5FL,
-        0x77A057BEL, 0xBDE8AE24L, 0x55464299L, 0xBF582E61L,
-        0x4E58F48FL, 0xF2DDFDA2L, 0xF474EF38L, 0x8789BDC2L,
-        0x5366F9C3L, 0xC8B38E74L, 0xB475F255L, 0x46FCD9B9L,
-        0x7AEB2661L, 0x8B1DDF84L, 0x846A0E79L, 0x915F95E2L,
-        0x466E598EL, 0x20B45770L, 0x8CD55591L, 0xC902DE4CL,
-        0xB90BACE1L, 0xBB8205D0L, 0x11A86248L, 0x7574A99EL,
-        0xB77F19B6L, 0xE0A9DC09L, 0x662D09A1L, 0xC4324633L,
-        0xE85A1F02L, 0x09F0BE8CL, 0x4A99A025L, 0x1D6EFE10L,
-        0x1AB93D1DL, 0x0BA5A4DFL, 0xA186F20FL, 0x2868F169L,
-        0xDCB7DA83L, 0x573906FEL, 0xA1E2CE9BL, 0x4FCD7F52L,
-        0x50115E01L, 0xA70683FAL, 0xA002B5C4L, 0x0DE6D027L,
-        0x9AF88C27L, 0x773F8641L, 0xC3604C06L, 0x61A806B5L,
-        0xF0177A28L, 0xC0F586E0L, 0x006058AAL, 0x30DC7D62L,
-        0x11E69ED7L, 0x2338EA63L, 0x53C2DD94L, 0xC2C21634L,
-        0xBBCBEE56L, 0x90BCB6DEL, 0xEBFC7DA1L, 0xCE591D76L,
-        0x6F05E409L, 0x4B7C0188L, 0x39720A3DL, 0x7C927C24L,
-        0x86E3725FL, 0x724D9DB9L, 0x1AC15BB4L, 0xD39EB8FCL,
-        0xED545578L, 0x08FCA5B5L, 0xD83D7CD3L, 0x4DAD0FC4L,
-        0x1E50EF5EL, 0xB161E6F8L, 0xA28514D9L, 0x6C51133CL,
-        0x6FD5C7E7L, 0x56E14EC4L, 0x362ABFCEL, 0xDDC6C837L,
-        0xD79A3234L, 0x92638212L, 0x670EFA8EL, 0x406000E0L  },
-    {   0x3A39CE37L, 0xD3FAF5CFL, 0xABC27737L, 0x5AC52D1BL,
-        0x5CB0679EL, 0x4FA33742L, 0xD3822740L, 0x99BC9BBEL,
-        0xD5118E9DL, 0xBF0F7315L, 0xD62D1C7EL, 0xC700C47BL,
-        0xB78C1B6BL, 0x21A19045L, 0xB26EB1BEL, 0x6A366EB4L,
-        0x5748AB2FL, 0xBC946E79L, 0xC6A376D2L, 0x6549C2C8L,
-        0x530FF8EEL, 0x468DDE7DL, 0xD5730A1DL, 0x4CD04DC6L,
-        0x2939BBDBL, 0xA9BA4650L, 0xAC9526E8L, 0xBE5EE304L,
-        0xA1FAD5F0L, 0x6A2D519AL, 0x63EF8CE2L, 0x9A86EE22L,
-        0xC089C2B8L, 0x43242EF6L, 0xA51E03AAL, 0x9CF2D0A4L,
-        0x83C061BAL, 0x9BE96A4DL, 0x8FE51550L, 0xBA645BD6L,
-        0x2826A2F9L, 0xA73A3AE1L, 0x4BA99586L, 0xEF5562E9L,
-        0xC72FEFD3L, 0xF752F7DAL, 0x3F046F69L, 0x77FA0A59L,
-        0x80E4A915L, 0x87B08601L, 0x9B09E6ADL, 0x3B3EE593L,
-        0xE990FD5AL, 0x9E34D797L, 0x2CF0B7D9L, 0x022B8B51L,
-        0x96D5AC3AL, 0x017DA67DL, 0xD1CF3ED6L, 0x7C7D2D28L,
-        0x1F9F25CFL, 0xADF2B89BL, 0x5AD6B472L, 0x5A88F54CL,
-        0xE029AC71L, 0xE019A5E6L, 0x47B0ACFDL, 0xED93FA9BL,
-        0xE8D3C48DL, 0x283B57CCL, 0xF8D56629L, 0x79132E28L,
-        0x785F0191L, 0xED756055L, 0xF7960E44L, 0xE3D35E8CL,
-        0x15056DD4L, 0x88F46DBAL, 0x03A16125L, 0x0564F0BDL,
-        0xC3EB9E15L, 0x3C9057A2L, 0x97271AECL, 0xA93A072AL,
-        0x1B3F6D9BL, 0x1E6321F5L, 0xF59C66FBL, 0x26DCF319L,
-        0x7533D928L, 0xB155FDF5L, 0x03563482L, 0x8ABA3CBBL,
-        0x28517711L, 0xC20AD9F8L, 0xABCC5167L, 0xCCAD925FL,
-        0x4DE81751L, 0x3830DC8EL, 0x379D5862L, 0x9320F991L,
-        0xEA7A90C2L, 0xFB3E7BCEL, 0x5121CE64L, 0x774FBE32L,
-        0xA8B6E37EL, 0xC3293D46L, 0x48DE5369L, 0x6413E680L,
-        0xA2AE0810L, 0xDD6DB224L, 0x69852DFDL, 0x09072166L,
-        0xB39A460AL, 0x6445C0DDL, 0x586CDECFL, 0x1C20C8AEL,
-        0x5BBEF7DDL, 0x1B588D40L, 0xCCD2017FL, 0x6BB4E3BBL,
-        0xDDA26A7EL, 0x3A59FF45L, 0x3E350A44L, 0xBCB4CDD5L,
-        0x72EACEA8L, 0xFA6484BBL, 0x8D6612AEL, 0xBF3C6F47L,
-        0xD29BE463L, 0x542F5D9EL, 0xAEC2771BL, 0xF64E6370L,
-        0x740E0D8DL, 0xE75B1357L, 0xF8721671L, 0xAF537D5DL,
-        0x4040CB08L, 0x4EB4E2CCL, 0x34D2466AL, 0x0115AF84L,
-        0xE1B00428L, 0x95983A1DL, 0x06B89FB4L, 0xCE6EA048L,
-        0x6F3F3B82L, 0x3520AB82L, 0x011A1D4BL, 0x277227F8L,
-        0x611560B1L, 0xE7933FDCL, 0xBB3A792BL, 0x344525BDL,
-        0xA08839E1L, 0x51CE794BL, 0x2F32C9B7L, 0xA01FBAC9L,
-        0xE01CC87EL, 0xBCC7D1F6L, 0xCF0111C3L, 0xA1E8AAC7L,
-        0x1A908749L, 0xD44FBD9AL, 0xD0DADECBL, 0xD50ADA38L,
-        0x0339C32AL, 0xC6913667L, 0x8DF9317CL, 0xE0B12B4FL,
-        0xF79E59B7L, 0x43F5BB3AL, 0xF2D519FFL, 0x27D9459CL,
-        0xBF97222CL, 0x15E6FC2AL, 0x0F91FC71L, 0x9B941525L,
-        0xFAE59361L, 0xCEB69CEBL, 0xC2A86459L, 0x12BAA8D1L,
-        0xB6C1075EL, 0xE3056A0CL, 0x10D25065L, 0xCB03A442L,
-        0xE0EC6E0EL, 0x1698DB3BL, 0x4C98A0BEL, 0x3278E964L,
-        0x9F1F9532L, 0xE0D392DFL, 0xD3A0342BL, 0x8971F21EL,
-        0x1B0A7441L, 0x4BA3348CL, 0xC5BE7120L, 0xC37632D8L,
-        0xDF359F8DL, 0x9B992F2EL, 0xE60B6F47L, 0x0FE3F11DL,
-        0xE54CDA54L, 0x1EDAD891L, 0xCE6279CFL, 0xCD3E7E6FL,
-        0x1618B166L, 0xFD2C1D05L, 0x848FD2C5L, 0xF6FB2299L,
-        0xF523F357L, 0xA6327623L, 0x93A83531L, 0x56CCCD02L,
-        0xACF08162L, 0x5A75EBB5L, 0x6E163697L, 0x88D273CCL,
-        0xDE966292L, 0x81B949D0L, 0x4C50901BL, 0x71C65614L,
-        0xE6C6C7BDL, 0x327A140AL, 0x45E1D006L, 0xC3F27B9AL,
-        0xC9AA53FDL, 0x62A80F00L, 0xBB25BFE2L, 0x35BDD2F6L,
-        0x71126905L, 0xB2040222L, 0xB6CBCF7CL, 0xCD769C2BL,
-        0x53113EC0L, 0x1640E3D3L, 0x38ABBD60L, 0x2547ADF0L,
-        0xBA38209CL, 0xF746CE76L, 0x77AFA1C5L, 0x20756060L,
-        0x85CBFE4EL, 0x8AE88DD8L, 0x7AAAF9B0L, 0x4CF9AA7EL,
-        0x1948C25CL, 0x02FB8A8CL, 0x01C36AE4L, 0xD6EBE1F9L,
-        0x90D4F869L, 0xA65CDEA0L, 0x3F09252DL, 0xC208E69FL,
-        0xB74E6132L, 0xCE77E25BL, 0x578FDFE3L, 0x3AC372E6L  }
-};
-
-#endif /* !MBEDTLS_BLOWFISH_ALT */
-#endif /* MBEDTLS_BLOWFISH_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/camellia.c b/components/ssl/mbedtls/mbedtls/library/camellia.c
deleted file mode 100644
index ac6f96a8..00000000
--- a/components/ssl/mbedtls/mbedtls/library/camellia.c
+++ /dev/null
@@ -1,1072 +0,0 @@
-/*
- *  Camellia implementation
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  The Camellia block cipher was designed by NTT and Mitsubishi Electric
- *  Corporation.
- *
- *  http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_CAMELLIA_C)
-
-#include "mbedtls/camellia.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#if !defined(MBEDTLS_CAMELLIA_ALT)
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
-        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 3]       );            \
-}
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
-}
-#endif
-
-static const unsigned char SIGMA_CHARS[6][8] =
-{
-    { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
-    { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
-    { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
-    { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
-    { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
-    { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
-};
-
-#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
-
-static const unsigned char FSb[256] =
-{
-    112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
-     35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
-    134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
-    166,225, 57,202,213, 71, 93, 61,217,  1, 90,214, 81, 86,108, 77,
-    139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
-    223, 76,203,194, 52,126,118,  5,109,183,169, 49,209, 23,  4,215,
-     20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
-    254, 68,207,178,195,181,122,145, 36,  8,232,168, 96,252,105, 80,
-    170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
-     16,196,  0, 72,163,247,117,219,138,  3,230,218,  9, 63,221,148,
-    135, 92,131,  2,205, 74,144, 51,115,103,246,243,157,127,191,226,
-     82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
-    233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
-    120,152,  6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
-    114,  7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
-     64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
-};
-
-#define SBOX1(n) FSb[(n)]
-#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
-#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
-#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
-
-#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
-
-static const unsigned char FSb[256] =
-{
- 112, 130,  44, 236, 179,  39, 192, 229, 228, 133,  87,  53, 234,  12, 174,  65,
-  35, 239, 107, 147,  69,  25, 165,  33, 237,  14,  79,  78,  29, 101, 146, 189,
- 134, 184, 175, 143, 124, 235,  31, 206,  62,  48, 220,  95,  94, 197,  11,  26,
- 166, 225,  57, 202, 213,  71,  93,  61, 217,   1,  90, 214,  81,  86, 108,  77,
- 139,  13, 154, 102, 251, 204, 176,  45, 116,  18,  43,  32, 240, 177, 132, 153,
- 223,  76, 203, 194,  52, 126, 118,   5, 109, 183, 169,  49, 209,  23,   4, 215,
-  20,  88,  58,  97, 222,  27,  17,  28,  50,  15, 156,  22,  83,  24, 242,  34,
- 254,  68, 207, 178, 195, 181, 122, 145,  36,   8, 232, 168,  96, 252, 105,  80,
- 170, 208, 160, 125, 161, 137,  98, 151,  84,  91,  30, 149, 224, 255, 100, 210,
-  16, 196,   0,  72, 163, 247, 117, 219, 138,   3, 230, 218,   9,  63, 221, 148,
- 135,  92, 131,   2, 205,  74, 144,  51, 115, 103, 246, 243, 157, 127, 191, 226,
-  82, 155, 216,  38, 200,  55, 198,  59, 129, 150, 111,  75,  19, 190,  99,  46,
- 233, 121, 167, 140, 159, 110, 188, 142,  41, 245, 249, 182,  47, 253, 180,  89,
- 120, 152,   6, 106, 231,  70, 113, 186, 212,  37, 171,  66, 136, 162, 141, 250,
- 114,   7, 185,  85, 248, 238, 172,  10,  54,  73,  42, 104,  60,  56, 241, 164,
- 64,  40, 211, 123, 187, 201,  67, 193,  21, 227, 173, 244, 119, 199, 128, 158
-};
-
-static const unsigned char FSb2[256] =
-{
- 224,   5,  88, 217, 103,  78, 129, 203, 201,  11, 174, 106, 213,  24,  93, 130,
-  70, 223, 214,  39, 138,  50,  75,  66, 219,  28, 158, 156,  58, 202,  37, 123,
-  13, 113,  95,  31, 248, 215,  62, 157, 124,  96, 185, 190, 188, 139,  22,  52,
-  77, 195, 114, 149, 171, 142, 186, 122, 179,   2, 180, 173, 162, 172, 216, 154,
-  23,  26,  53, 204, 247, 153,  97,  90, 232,  36,  86,  64, 225,  99,   9,  51,
- 191, 152, 151, 133, 104, 252, 236,  10, 218, 111,  83,  98, 163,  46,   8, 175,
-  40, 176, 116, 194, 189,  54,  34,  56, 100,  30,  57,  44, 166,  48, 229,  68,
- 253, 136, 159, 101, 135, 107, 244,  35,  72,  16, 209,  81, 192, 249, 210, 160,
-  85, 161,  65, 250,  67,  19, 196,  47, 168, 182,  60,  43, 193, 255, 200, 165,
-  32, 137,   0, 144,  71, 239, 234, 183,  21,   6, 205, 181,  18, 126, 187,  41,
-  15, 184,   7,   4, 155, 148,  33, 102, 230, 206, 237, 231,  59, 254, 127, 197,
- 164,  55, 177,  76, 145, 110, 141, 118,   3,  45, 222, 150,  38, 125, 198,  92,
- 211, 242,  79,  25,  63, 220, 121,  29,  82, 235, 243, 109,  94, 251, 105, 178,
- 240,  49,  12, 212, 207, 140, 226, 117, 169,  74,  87, 132,  17,  69,  27, 245,
- 228,  14, 115, 170, 241, 221,  89,  20, 108, 146,  84, 208, 120, 112, 227,  73,
- 128,  80, 167, 246, 119, 147, 134, 131,  42, 199,  91, 233, 238, 143,   1,  61
-};
-
-static const unsigned char FSb3[256] =
-{
-  56,  65,  22, 118, 217, 147,  96, 242, 114, 194, 171, 154, 117,   6,  87, 160,
- 145, 247, 181, 201, 162, 140, 210, 144, 246,   7, 167,  39, 142, 178,  73, 222,
-  67,  92, 215, 199,  62, 245, 143, 103,  31,  24, 110, 175,  47, 226, 133,  13,
-  83, 240, 156, 101, 234, 163, 174, 158, 236, 128,  45, 107, 168,  43,  54, 166,
- 197, 134,  77,  51, 253, 102,  88, 150,  58,   9, 149,  16, 120, 216,  66, 204,
- 239,  38, 229,  97,  26,  63,  59, 130, 182, 219, 212, 152, 232, 139,   2, 235,
-  10,  44,  29, 176, 111, 141, 136,  14,  25, 135,  78,  11, 169,  12, 121,  17,
- 127,  34, 231,  89, 225, 218,  61, 200,  18,   4, 116,  84,  48, 126, 180,  40,
-  85, 104,  80, 190, 208, 196,  49, 203,  42, 173,  15, 202, 112, 255,  50, 105,
-   8,  98,   0,  36, 209, 251, 186, 237,  69, 129, 115, 109, 132, 159, 238,  74,
- 195,  46, 193,   1, 230,  37,  72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
-  41, 205, 108,  19, 100, 155,  99, 157, 192,  75, 183, 165, 137,  95, 177,  23,
- 244, 188, 211,  70, 207,  55,  94,  71, 148, 250, 252,  91, 151, 254,  90, 172,
-  60,  76,   3,  53, 243,  35, 184,  93, 106, 146, 213,  33,  68,  81, 198, 125,
-  57, 131, 220, 170, 124, 119,  86,   5,  27, 164,  21,  52,  30,  28, 248,  82,
-  32,  20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227,  64,  79
-};
-
-static const unsigned char FSb4[256] =
-{
- 112,  44, 179, 192, 228,  87, 234, 174,  35, 107,  69, 165, 237,  79,  29, 146,
- 134, 175, 124,  31,  62, 220,  94,  11, 166,  57, 213,  93, 217,  90,  81, 108,
- 139, 154, 251, 176, 116,  43, 240, 132, 223, 203,  52, 118, 109, 169, 209,   4,
-  20,  58, 222,  17,  50, 156,  83, 242, 254, 207, 195, 122,  36, 232,  96, 105,
- 170, 160, 161,  98,  84,  30, 224, 100,  16,   0, 163, 117, 138, 230,   9, 221,
- 135, 131, 205, 144, 115, 246, 157, 191,  82, 216, 200, 198, 129, 111,  19,  99,
- 233, 167, 159, 188,  41, 249,  47, 180, 120,   6, 231, 113, 212, 171, 136, 141,
- 114, 185, 248, 172,  54,  42,  60, 241,  64, 211, 187,  67,  21, 173, 119, 128,
- 130, 236,  39, 229, 133,  53,  12,  65, 239, 147,  25,  33,  14,  78, 101, 189,
- 184, 143, 235, 206,  48,  95, 197,  26, 225, 202,  71,  61,   1, 214,  86,  77,
-  13, 102, 204,  45,  18,  32, 177, 153,  76, 194, 126,   5, 183,  49,  23, 215,
-  88,  97,  27,  28,  15,  22,  24,  34,  68, 178, 181, 145,   8, 168, 252,  80,
- 208, 125, 137, 151,  91, 149, 255, 210, 196,  72, 247, 219,   3, 218,  63, 148,
-  92,   2,  74,  51, 103, 243, 127, 226, 155,  38,  55,  59, 150,  75, 190,  46,
- 121, 140, 110, 142, 245, 182, 253,  89, 152, 106,  70, 186,  37,  66, 162, 250,
-  7,  85, 238,  10,  73, 104,  56, 164,  40, 123, 201, 193, 227, 244, 199, 158
-};
-
-#define SBOX1(n) FSb[(n)]
-#define SBOX2(n) FSb2[(n)]
-#define SBOX3(n) FSb3[(n)]
-#define SBOX4(n) FSb4[(n)]
-
-#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
-
-static const unsigned char shifts[2][4][4] =
-{
-    {
-        { 1, 1, 1, 1 }, /* KL */
-        { 0, 0, 0, 0 }, /* KR */
-        { 1, 1, 1, 1 }, /* KA */
-        { 0, 0, 0, 0 }  /* KB */
-    },
-    {
-        { 1, 0, 1, 1 }, /* KL */
-        { 1, 1, 0, 1 }, /* KR */
-        { 1, 1, 1, 0 }, /* KA */
-        { 1, 1, 0, 1 }  /* KB */
-    }
-};
-
-static const signed char indexes[2][4][20] =
-{
-    {
-        {  0,  1,  2,  3,  8,  9, 10, 11, 38, 39,
-          36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
-        { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-          -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
-        {  4,  5,  6,  7, 12, 13, 14, 15, 16, 17,
-          18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
-        { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-          -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }  /* KB -> RK */
-    },
-    {
-        {  0,  1,  2,  3, 61, 62, 63, 60, -1, -1,
-          -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
-        { -1, -1, -1, -1,  8,  9, 10, 11, 16, 17,
-          18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
-        { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
-          56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
-        {  4,  5,  6,  7, 65, 66, 67, 64, 20, 21,
-          22, 23, -1, -1, -1, -1, 43, 40, 41, 42 }  /* KB -> RK */
-    }
-};
-
-static const signed char transposes[2][20] =
-{
-    {
-        21, 22, 23, 20,
-        -1, -1, -1, -1,
-        18, 19, 16, 17,
-        11,  8,  9, 10,
-        15, 12, 13, 14
-    },
-    {
-        25, 26, 27, 24,
-        29, 30, 31, 28,
-        18, 19, 16, 17,
-        -1, -1, -1, -1,
-        -1, -1, -1, -1
-    }
-};
-
-/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
-#define ROTL(DEST, SRC, SHIFT)                                      \
-{                                                                   \
-    (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT));   \
-    (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT));   \
-    (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT));   \
-    (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT));   \
-}
-
-#define FL(XL, XR, KL, KR)                                          \
-{                                                                   \
-    (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR);   \
-    (XL) = ((XR) | (KR)) ^ (XL);                                    \
-}
-
-#define FLInv(YL, YR, KL, KR)                                       \
-{                                                                   \
-    (YL) = ((YR) | (KR)) ^ (YL);                                    \
-    (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR);   \
-}
-
-#define SHIFT_AND_PLACE(INDEX, OFFSET)                      \
-{                                                           \
-    TK[0] = KC[(OFFSET) * 4 + 0];                           \
-    TK[1] = KC[(OFFSET) * 4 + 1];                           \
-    TK[2] = KC[(OFFSET) * 4 + 2];                           \
-    TK[3] = KC[(OFFSET) * 4 + 3];                           \
-                                                            \
-    for( i = 1; i <= 4; i++ )                               \
-        if( shifts[(INDEX)][(OFFSET)][i -1] )               \
-            ROTL(TK + i * 4, TK, ( 15 * i ) % 32);          \
-                                                            \
-    for( i = 0; i < 20; i++ )                               \
-        if( indexes[(INDEX)][(OFFSET)][i] != -1 ) {         \
-            RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ];    \
-        }                                                   \
-}
-
-static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
-                              uint32_t z[2])
-{
-    uint32_t I0, I1;
-    I0 = x[0] ^ k[0];
-    I1 = x[1] ^ k[1];
-
-    I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
-         ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
-         ((uint32_t) SBOX3((I0 >>  8) & 0xFF) <<  8) |
-         ((uint32_t) SBOX4((I0      ) & 0xFF)      );
-    I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
-         ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
-         ((uint32_t) SBOX4((I1 >>  8) & 0xFF) <<  8) |
-         ((uint32_t) SBOX1((I1      ) & 0xFF)      );
-
-    I0 ^= (I1 << 8) | (I1 >> 24);
-    I1 ^= (I0 << 16) | (I0 >> 16);
-    I0 ^= (I1 >> 8) | (I1 << 24);
-    I1 ^= (I0 >> 8) | (I0 << 24);
-
-    z[0] ^= I1;
-    z[1] ^= I0;
-}
-
-void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_camellia_context ) );
-}
-
-void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
-}
-
-/*
- * Camellia key schedule (encryption)
- */
-int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
-                         unsigned int keybits )
-{
-    int idx;
-    size_t i;
-    uint32_t *RK;
-    unsigned char t[64];
-    uint32_t SIGMA[6][2];
-    uint32_t KC[16];
-    uint32_t TK[20];
-
-    RK = ctx->rk;
-
-    memset( t, 0, 64 );
-    memset( RK, 0, sizeof(ctx->rk) );
-
-    switch( keybits )
-    {
-        case 128: ctx->nr = 3; idx = 0; break;
-        case 192:
-        case 256: ctx->nr = 4; idx = 1; break;
-        default : return( MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH );
-    }
-
-    for( i = 0; i < keybits / 8; ++i )
-        t[i] = key[i];
-
-    if( keybits == 192 ) {
-        for( i = 0; i < 8; i++ )
-            t[24 + i] = ~t[16 + i];
-    }
-
-    /*
-     * Prepare SIGMA values
-     */
-    for( i = 0; i < 6; i++ ) {
-        GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
-        GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
-    }
-
-    /*
-     * Key storage in KC
-     * Order: KL, KR, KA, KB
-     */
-    memset( KC, 0, sizeof(KC) );
-
-    /* Store KL, KR */
-    for( i = 0; i < 8; i++ )
-        GET_UINT32_BE( KC[i], t, i * 4 );
-
-    /* Generate KA */
-    for( i = 0; i < 4; ++i )
-        KC[8 + i] = KC[i] ^ KC[4 + i];
-
-    camellia_feistel( KC + 8, SIGMA[0], KC + 10 );
-    camellia_feistel( KC + 10, SIGMA[1], KC + 8 );
-
-    for( i = 0; i < 4; ++i )
-        KC[8 + i] ^= KC[i];
-
-    camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
-    camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
-
-    if( keybits > 128 ) {
-        /* Generate KB */
-        for( i = 0; i < 4; ++i )
-            KC[12 + i] = KC[4 + i] ^ KC[8 + i];
-
-        camellia_feistel( KC + 12, SIGMA[4], KC + 14 );
-        camellia_feistel( KC + 14, SIGMA[5], KC + 12 );
-    }
-
-    /*
-     * Generating subkeys
-     */
-
-    /* Manipulating KL */
-    SHIFT_AND_PLACE( idx, 0 );
-
-    /* Manipulating KR */
-    if( keybits > 128 ) {
-        SHIFT_AND_PLACE( idx, 1 );
-    }
-
-    /* Manipulating KA */
-    SHIFT_AND_PLACE( idx, 2 );
-
-    /* Manipulating KB */
-    if( keybits > 128 ) {
-        SHIFT_AND_PLACE( idx, 3 );
-    }
-
-    /* Do transpositions */
-    for( i = 0; i < 20; i++ ) {
-        if( transposes[idx][i] != -1 ) {
-            RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
-        }
-    }
-
-    return( 0 );
-}
-
-/*
- * Camellia key schedule (decryption)
- */
-int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
-                         unsigned int keybits )
-{
-    int idx, ret;
-    size_t i;
-    mbedtls_camellia_context cty;
-    uint32_t *RK;
-    uint32_t *SK;
-
-    mbedtls_camellia_init( &cty );
-
-    /* Also checks keybits */
-    if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 )
-        goto exit;
-
-    ctx->nr = cty.nr;
-    idx = ( ctx->nr == 4 );
-
-    RK = ctx->rk;
-    SK = cty.rk + 24 * 2 + 8 * idx * 2;
-
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-
-    for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
-    {
-        *RK++ = *SK++;
-        *RK++ = *SK++;
-    }
-
-    SK -= 2;
-
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-
-exit:
-    mbedtls_camellia_free( &cty );
-
-    return( ret );
-}
-
-/*
- * Camellia-ECB block encryption/decryption
- */
-int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
-                    int mode,
-                    const unsigned char input[16],
-                    unsigned char output[16] )
-{
-    int NR;
-    uint32_t *RK, X[4];
-
-    ( (void) mode );
-
-    NR = ctx->nr;
-    RK = ctx->rk;
-
-    GET_UINT32_BE( X[0], input,  0 );
-    GET_UINT32_BE( X[1], input,  4 );
-    GET_UINT32_BE( X[2], input,  8 );
-    GET_UINT32_BE( X[3], input, 12 );
-
-    X[0] ^= *RK++;
-    X[1] ^= *RK++;
-    X[2] ^= *RK++;
-    X[3] ^= *RK++;
-
-    while( NR ) {
-        --NR;
-        camellia_feistel( X, RK, X + 2 );
-        RK += 2;
-        camellia_feistel( X + 2, RK, X );
-        RK += 2;
-        camellia_feistel( X, RK, X + 2 );
-        RK += 2;
-        camellia_feistel( X + 2, RK, X );
-        RK += 2;
-        camellia_feistel( X, RK, X + 2 );
-        RK += 2;
-        camellia_feistel( X + 2, RK, X );
-        RK += 2;
-
-        if( NR ) {
-            FL(X[0], X[1], RK[0], RK[1]);
-            RK += 2;
-            FLInv(X[2], X[3], RK[0], RK[1]);
-            RK += 2;
-        }
-    }
-
-    X[2] ^= *RK++;
-    X[3] ^= *RK++;
-    X[0] ^= *RK++;
-    X[1] ^= *RK++;
-
-    PUT_UINT32_BE( X[2], output,  0 );
-    PUT_UINT32_BE( X[3], output,  4 );
-    PUT_UINT32_BE( X[0], output,  8 );
-    PUT_UINT32_BE( X[1], output, 12 );
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/*
- * Camellia-CBC buffer encryption/decryption
- */
-int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[16],
-                    const unsigned char *input,
-                    unsigned char *output )
-{
-    int i;
-    unsigned char temp[16];
-
-    if( length % 16 )
-        return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
-
-    if( mode == MBEDTLS_CAMELLIA_DECRYPT )
-    {
-        while( length > 0 )
-        {
-            memcpy( temp, input, 16 );
-            mbedtls_camellia_crypt_ecb( ctx, mode, input, output );
-
-            for( i = 0; i < 16; i++ )
-                output[i] = (unsigned char)( output[i] ^ iv[i] );
-
-            memcpy( iv, temp, 16 );
-
-            input  += 16;
-            output += 16;
-            length -= 16;
-        }
-    }
-    else
-    {
-        while( length > 0 )
-        {
-            for( i = 0; i < 16; i++ )
-                output[i] = (unsigned char)( input[i] ^ iv[i] );
-
-            mbedtls_camellia_crypt_ecb( ctx, mode, output, output );
-            memcpy( iv, output, 16 );
-
-            input  += 16;
-            output += 16;
-            length -= 16;
-        }
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/*
- * Camellia-CFB128 buffer encryption/decryption
- */
-int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
-                       int mode,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    int c;
-    size_t n = *iv_off;
-
-    if( mode == MBEDTLS_CAMELLIA_DECRYPT )
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-                mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
-
-            c = *input++;
-            *output++ = (unsigned char)( c ^ iv[n] );
-            iv[n] = (unsigned char) c;
-
-            n = ( n + 1 ) & 0x0F;
-        }
-    }
-    else
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-                mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
-
-            iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
-
-            n = ( n + 1 ) & 0x0F;
-        }
-    }
-
-    *iv_off = n;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/*
- * Camellia-CTR buffer encryption/decryption
- */
-int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[16],
-                       unsigned char stream_block[16],
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    int c, i;
-    size_t n = *nc_off;
-
-    while( length-- )
-    {
-        if( n == 0 ) {
-            mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
-                                stream_block );
-
-            for( i = 16; i > 0; i-- )
-                if( ++nonce_counter[i - 1] != 0 )
-                    break;
-        }
-        c = *input++;
-        *output++ = (unsigned char)( c ^ stream_block[n] );
-
-        n = ( n + 1 ) & 0x0F;
-    }
-
-    *nc_off = n;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-#endif /* !MBEDTLS_CAMELLIA_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/*
- * Camellia test vectors from:
- *
- * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
- *   http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
- *   http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
- *                      (For each bitlength: Key 0, Nr 39)
- */
-#define CAMELLIA_TESTS_ECB  2
-
-static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
-{
-    {
-        { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-          0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
-        { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-    },
-    {
-        { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-          0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-          0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
-        { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-    },
-    {
-        { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-          0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-          0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-          0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
-        { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-    },
-};
-
-static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
-{
-    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-      0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
-    { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-};
-
-static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
-{
-    {
-        { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
-          0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
-        { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
-          0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
-    },
-    {
-        { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
-          0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
-        { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
-          0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
-    },
-    {
-        { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
-          0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
-        { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
-          0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
-    }
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define CAMELLIA_TESTS_CBC  3
-
-static const unsigned char camellia_test_cbc_key[3][32] =
-{
-        { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
-          0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
-    ,
-        { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
-          0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
-          0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
-    ,
-        { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
-          0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
-          0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
-          0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
-};
-
-static const unsigned char camellia_test_cbc_iv[16] =
-
-    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
-;
-
-static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
-{
-    { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
-      0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
-    { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
-      0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
-    { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
-      0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
-
-};
-
-static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
-{
-    {
-        { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
-          0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
-        { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
-          0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
-        { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
-          0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
-    },
-    {
-        { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
-          0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
-        { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
-          0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
-        { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
-          0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
-    },
-    {
-        { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
-          0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
-        { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
-          0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
-        { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
-          0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
-    }
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/*
- * Camellia-CTR test vectors from:
- *
- * http://www.faqs.org/rfcs/rfc5528.html
- */
-
-static const unsigned char camellia_test_ctr_key[3][16] =
-{
-    { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
-      0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
-    { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
-      0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
-    { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
-      0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
-};
-
-static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
-{
-    { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
-    { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
-      0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
-    { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
-      0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
-};
-
-static const unsigned char camellia_test_ctr_pt[3][48] =
-{
-    { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
-      0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
-
-    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-      0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
-
-    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-      0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
-      0x20, 0x21, 0x22, 0x23 }
-};
-
-static const unsigned char camellia_test_ctr_ct[3][48] =
-{
-    { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
-      0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
-    { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
-      0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
-      0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
-      0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
-    { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
-      0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
-      0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
-      0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
-      0xDF, 0x50, 0x86, 0x96 }
-};
-
-static const int camellia_test_ctr_len[3] =
-    { 16, 32, 36 };
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-/*
- * Checkup routine
- */
-int mbedtls_camellia_self_test( int verbose )
-{
-    int i, j, u, v;
-    unsigned char key[32];
-    unsigned char buf[64];
-    unsigned char src[16];
-    unsigned char dst[16];
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    unsigned char iv[16];
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    size_t offset, len;
-    unsigned char nonce_counter[16];
-    unsigned char stream_block[16];
-#endif
-
-    mbedtls_camellia_context ctx;
-
-    memset( key, 0, 32 );
-
-    for( j = 0; j < 6; j++ ) {
-        u = j >> 1;
-    v = j & 1;
-
-    if( verbose != 0 )
-        mbedtls_printf( "  CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
-                         (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
-
-    for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
-        memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
-
-        if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
-            mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
-            memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
-            memcpy( dst, camellia_test_ecb_plain[i], 16 );
-        } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
-            mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
-            memcpy( src, camellia_test_ecb_plain[i], 16 );
-            memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
-        }
-
-        mbedtls_camellia_crypt_ecb( &ctx, v, src, buf );
-
-        if( memcmp( buf, dst, 16 ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            return( 1 );
-        }
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    /*
-     * CBC mode
-     */
-    for( j = 0; j < 6; j++ )
-    {
-        u = j >> 1;
-        v = j  & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
-                             ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
-
-        memcpy( src, camellia_test_cbc_iv, 16 );
-        memcpy( dst, camellia_test_cbc_iv, 16 );
-        memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
-
-        if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
-            mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
-        } else {
-            mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
-        }
-
-        for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
-
-            if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
-                memcpy( iv , src, 16 );
-                memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
-                memcpy( dst, camellia_test_cbc_plain[i], 16 );
-            } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
-                memcpy( iv , dst, 16 );
-                memcpy( src, camellia_test_cbc_plain[i], 16 );
-                memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
-            }
-
-            mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
-
-            if( memcmp( buf, dst, 16 ) != 0 )
-            {
-                if( verbose != 0 )
-                    mbedtls_printf( "failed\n" );
-
-                return( 1 );
-            }
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    /*
-     * CTR mode
-     */
-    for( i = 0; i < 6; i++ )
-    {
-        u = i >> 1;
-        v = i  & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  CAMELLIA-CTR-128 (%s): ",
-                             ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
-
-        memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
-        memcpy( key, camellia_test_ctr_key[u], 16 );
-
-        offset = 0;
-        mbedtls_camellia_setkey_enc( &ctx, key, 128 );
-
-        if( v == MBEDTLS_CAMELLIA_DECRYPT )
-        {
-            len = camellia_test_ctr_len[u];
-            memcpy( buf, camellia_test_ctr_ct[u], len );
-
-            mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
-                                buf, buf );
-
-            if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
-            {
-                if( verbose != 0 )
-                    mbedtls_printf( "failed\n" );
-
-                return( 1 );
-            }
-        }
-        else
-        {
-            len = camellia_test_ctr_len[u];
-            memcpy( buf, camellia_test_ctr_pt[u], len );
-
-            mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
-                                buf, buf );
-
-            if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
-            {
-                if( verbose != 0 )
-                    mbedtls_printf( "failed\n" );
-
-                return( 1 );
-            }
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_CAMELLIA_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/ccm.c b/components/ssl/mbedtls/mbedtls/library/ccm.c
deleted file mode 100644
index 9101e5f7..00000000
--- a/components/ssl/mbedtls/mbedtls/library/ccm.c
+++ /dev/null
@@ -1,467 +0,0 @@
-/*
- *  NIST SP800-38C compliant CCM implementation
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- * Definition of CCM:
- * http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
- * RFC 3610 "Counter with CBC-MAC (CCM)"
- *
- * Related:
- * RFC 5116 "An Interface and Algorithms for Authenticated Encryption"
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_CCM_C)
-
-#include "mbedtls/ccm.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
-
-#if !defined(MBEDTLS_CCM_ALT)
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
-#define CCM_ENCRYPT 0
-#define CCM_DECRYPT 1
-
-/*
- * Initialize context
- */
-void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_ccm_context ) );
-}
-
-int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
-                        mbedtls_cipher_id_t cipher,
-                        const unsigned char *key,
-                        unsigned int keybits )
-{
-    int ret;
-    const mbedtls_cipher_info_t *cipher_info;
-
-    cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB );
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    if( cipher_info->block_size != 16 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-
-    if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
-                               MBEDTLS_ENCRYPT ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    return( 0 );
-}
-
-/*
- * Free context
- */
-void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
-{
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-    mbedtls_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
-}
-
-/*
- * Macros for common operations.
- * Results in smaller compiled code than static inline functions.
- */
-
-/*
- * Update the CBC-MAC state in y using a block in b
- * (Always using b as the source helps the compiler optimise a bit better.)
- */
-#define UPDATE_CBC_MAC                                                      \
-    for( i = 0; i < 16; i++ )                                               \
-        y[i] ^= b[i];                                                       \
-                                                                            \
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, y, 16, y, &olen ) ) != 0 ) \
-        return( ret );
-
-/*
- * Encrypt or decrypt a partial block with CTR
- * Warning: using b for temporary storage! src and dst must not be b!
- * This avoids allocating one more 16 bytes buffer while allowing src == dst.
- */
-#define CTR_CRYPT( dst, src, len  )                                            \
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctr, 16, b, &olen ) ) != 0 )  \
-        return( ret );                                                         \
-                                                                               \
-    for( i = 0; i < len; i++ )                                                 \
-        dst[i] = src[i] ^ b[i];
-
-/*
- * Authenticated encryption or decryption
- */
-static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
-                           const unsigned char *iv, size_t iv_len,
-                           const unsigned char *add, size_t add_len,
-                           const unsigned char *input, unsigned char *output,
-                           unsigned char *tag, size_t tag_len )
-{
-    int ret;
-    unsigned char i;
-    unsigned char q;
-    size_t len_left, olen;
-    unsigned char b[16];
-    unsigned char y[16];
-    unsigned char ctr[16];
-    const unsigned char *src;
-    unsigned char *dst;
-
-    /*
-     * Check length requirements: SP800-38C A.1
-     * Additional requirement: a < 2^16 - 2^8 to simplify the code.
-     * 'length' checked later (when writing it to the first block)
-     */
-    if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    /* Also implies q is within bounds */
-    if( iv_len < 7 || iv_len > 13 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    if( add_len > 0xFF00 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    q = 16 - 1 - (unsigned char) iv_len;
-
-    /*
-     * First block B_0:
-     * 0        .. 0        flags
-     * 1        .. iv_len   nonce (aka iv)
-     * iv_len+1 .. 15       length
-     *
-     * With flags as (bits):
-     * 7        0
-     * 6        add present?
-     * 5 .. 3   (t - 2) / 2
-     * 2 .. 0   q - 1
-     */
-    b[0] = 0;
-    b[0] |= ( add_len > 0 ) << 6;
-    b[0] |= ( ( tag_len - 2 ) / 2 ) << 3;
-    b[0] |= q - 1;
-
-    memcpy( b + 1, iv, iv_len );
-
-    for( i = 0, len_left = length; i < q; i++, len_left >>= 8 )
-        b[15-i] = (unsigned char)( len_left & 0xFF );
-
-    if( len_left > 0 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-
-    /* Start CBC-MAC with first block */
-    memset( y, 0, 16 );
-    UPDATE_CBC_MAC;
-
-    /*
-     * If there is additional data, update CBC-MAC with
-     * add_len, add, 0 (padding to a block boundary)
-     */
-    if( add_len > 0 )
-    {
-        size_t use_len;
-        len_left = add_len;
-        src = add;
-
-        memset( b, 0, 16 );
-        b[0] = (unsigned char)( ( add_len >> 8 ) & 0xFF );
-        b[1] = (unsigned char)( ( add_len      ) & 0xFF );
-
-        use_len = len_left < 16 - 2 ? len_left : 16 - 2;
-        memcpy( b + 2, src, use_len );
-        len_left -= use_len;
-        src += use_len;
-
-        UPDATE_CBC_MAC;
-
-        while( len_left > 0 )
-        {
-            use_len = len_left > 16 ? 16 : len_left;
-
-            memset( b, 0, 16 );
-            memcpy( b, src, use_len );
-            UPDATE_CBC_MAC;
-
-            len_left -= use_len;
-            src += use_len;
-        }
-    }
-
-    /*
-     * Prepare counter block for encryption:
-     * 0        .. 0        flags
-     * 1        .. iv_len   nonce (aka iv)
-     * iv_len+1 .. 15       counter (initially 1)
-     *
-     * With flags as (bits):
-     * 7 .. 3   0
-     * 2 .. 0   q - 1
-     */
-    ctr[0] = q - 1;
-    memcpy( ctr + 1, iv, iv_len );
-    memset( ctr + 1 + iv_len, 0, q );
-    ctr[15] = 1;
-
-    /*
-     * Authenticate and {en,de}crypt the message.
-     *
-     * The only difference between encryption and decryption is
-     * the respective order of authentication and {en,de}cryption.
-     */
-    len_left = length;
-    src = input;
-    dst = output;
-
-    while( len_left > 0 )
-    {
-        size_t use_len = len_left > 16 ? 16 : len_left;
-
-        if( mode == CCM_ENCRYPT )
-        {
-            memset( b, 0, 16 );
-            memcpy( b, src, use_len );
-            UPDATE_CBC_MAC;
-        }
-
-        CTR_CRYPT( dst, src, use_len );
-
-        if( mode == CCM_DECRYPT )
-        {
-            memset( b, 0, 16 );
-            memcpy( b, dst, use_len );
-            UPDATE_CBC_MAC;
-        }
-
-        dst += use_len;
-        src += use_len;
-        len_left -= use_len;
-
-        /*
-         * Increment counter.
-         * No need to check for overflow thanks to the length check above.
-         */
-        for( i = 0; i < q; i++ )
-            if( ++ctr[15-i] != 0 )
-                break;
-    }
-
-    /*
-     * Authentication: reset counter and crypt/mask internal tag
-     */
-    for( i = 0; i < q; i++ )
-        ctr[15-i] = 0;
-
-    CTR_CRYPT( y, y, 16 );
-    memcpy( tag, y, tag_len );
-
-    return( 0 );
-}
-
-/*
- * Authenticated encryption
- */
-int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *add, size_t add_len,
-                         const unsigned char *input, unsigned char *output,
-                         unsigned char *tag, size_t tag_len )
-{
-    return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
-                            add, add_len, input, output, tag, tag_len ) );
-}
-
-/*
- * Authenticated decryption
- */
-int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
-                      const unsigned char *iv, size_t iv_len,
-                      const unsigned char *add, size_t add_len,
-                      const unsigned char *input, unsigned char *output,
-                      const unsigned char *tag, size_t tag_len )
-{
-    int ret;
-    unsigned char check_tag[16];
-    unsigned char i;
-    int diff;
-
-    if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
-                                iv, iv_len, add, add_len,
-                                input, output, check_tag, tag_len ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    /* Check tag in "constant-time" */
-    for( diff = 0, i = 0; i < tag_len; i++ )
-        diff |= tag[i] ^ check_tag[i];
-
-    if( diff != 0 )
-    {
-        mbedtls_zeroize( output, length );
-        return( MBEDTLS_ERR_CCM_AUTH_FAILED );
-    }
-
-    return( 0 );
-}
-
-#endif /* !MBEDTLS_CCM_ALT */
-
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
-/*
- * Examples 1 to 3 from SP800-38C Appendix C
- */
-
-#define NB_TESTS 3
-
-/*
- * The data is the same for all tests, only the used length changes
- */
-static const unsigned char key[] = {
-    0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
-    0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
-};
-
-static const unsigned char iv[] = {
-    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-    0x18, 0x19, 0x1a, 0x1b
-};
-
-static const unsigned char ad[] = {
-    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-    0x10, 0x11, 0x12, 0x13
-};
-
-static const unsigned char msg[] = {
-    0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
-    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-};
-
-static const size_t iv_len [NB_TESTS] = { 7, 8,  12 };
-static const size_t add_len[NB_TESTS] = { 8, 16, 20 };
-static const size_t msg_len[NB_TESTS] = { 4, 16, 24 };
-static const size_t tag_len[NB_TESTS] = { 4, 6,  8  };
-
-static const unsigned char res[NB_TESTS][32] = {
-    {   0x71, 0x62, 0x01, 0x5b, 0x4d, 0xac, 0x25, 0x5d },
-    {   0xd2, 0xa1, 0xf0, 0xe0, 0x51, 0xea, 0x5f, 0x62,
-        0x08, 0x1a, 0x77, 0x92, 0x07, 0x3d, 0x59, 0x3d,
-        0x1f, 0xc6, 0x4f, 0xbf, 0xac, 0xcd },
-    {   0xe3, 0xb2, 0x01, 0xa9, 0xf5, 0xb7, 0x1a, 0x7a,
-        0x9b, 0x1c, 0xea, 0xec, 0xcd, 0x97, 0xe7, 0x0b,
-        0x61, 0x76, 0xaa, 0xd9, 0xa4, 0x42, 0x8a, 0xa5,
-        0x48, 0x43, 0x92, 0xfb, 0xc1, 0xb0, 0x99, 0x51 }
-};
-
-int mbedtls_ccm_self_test( int verbose )
-{
-    mbedtls_ccm_context ctx;
-    unsigned char out[32];
-    size_t i;
-    int ret;
-
-    mbedtls_ccm_init( &ctx );
-
-    if( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  CCM: setup failed" );
-
-        return( 1 );
-    }
-
-    for( i = 0; i < NB_TESTS; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  CCM-AES #%u: ", (unsigned int) i + 1 );
-
-        ret = mbedtls_ccm_encrypt_and_tag( &ctx, msg_len[i],
-                                   iv, iv_len[i], ad, add_len[i],
-                                   msg, out,
-                                   out + msg_len[i], tag_len[i] );
-
-        if( ret != 0 ||
-            memcmp( out, res[i], msg_len[i] + tag_len[i] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            return( 1 );
-        }
-
-        ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len[i],
-                                iv, iv_len[i], ad, add_len[i],
-                                res[i], out,
-                                res[i] + msg_len[i], tag_len[i] );
-
-        if( ret != 0 ||
-            memcmp( out, msg, msg_len[i] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            return( 1 );
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    mbedtls_ccm_free( &ctx );
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
-
-#endif /* MBEDTLS_CCM_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/certs.c b/components/ssl/mbedtls/mbedtls/library/certs.c
deleted file mode 100644
index f1379b8c..00000000
--- a/components/ssl/mbedtls/mbedtls/library/certs.c
+++ /dev/null
@@ -1,403 +0,0 @@
-/*
- *  X.509 test certificates
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/certs.h"
-
-#if defined(MBEDTLS_CERTS_C)
-
-#if defined(MBEDTLS_ECDSA_C)
-#define TEST_CA_CRT_EC                                                  \
-"-----BEGIN CERTIFICATE-----\r\n"                                       \
-"MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT\r\n"  \
-"Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF\r\n"  \
-"QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT\r\n"  \
-"Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF\r\n"  \
-"QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu\r\n"  \
-"ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy\r\n"  \
-"aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g\r\n"  \
-"JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7\r\n"  \
-"NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE\r\n"  \
-"AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w\r\n"  \
-"CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56\r\n"  \
-"t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv\r\n"  \
-"uCjn8pwUOkABXK8Mss90fzCfCEOtIA==\r\n"                                  \
-"-----END CERTIFICATE-----\r\n"
-const char mbedtls_test_ca_crt_ec[] = TEST_CA_CRT_EC;
-const size_t mbedtls_test_ca_crt_ec_len = sizeof( mbedtls_test_ca_crt_ec );
-
-const char mbedtls_test_ca_key_ec[] =
-"-----BEGIN EC PRIVATE KEY-----\r\n"
-"Proc-Type: 4,ENCRYPTED\r\n"
-"DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n"
-"\r\n"
-"IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n"
-"ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n"
-"UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n"
-"a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n"
-"-----END EC PRIVATE KEY-----\r\n";
-const size_t mbedtls_test_ca_key_ec_len = sizeof( mbedtls_test_ca_key_ec );
-
-const char mbedtls_test_ca_pwd_ec[] = "PolarSSLTest";
-const size_t mbedtls_test_ca_pwd_ec_len = sizeof( mbedtls_test_ca_pwd_ec ) - 1;
-
-const char mbedtls_test_srv_crt_ec[] =
-"-----BEGIN CERTIFICATE-----\r\n"
-"MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n"
-"A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n"
-"MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n"
-"A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n"
-"CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n"
-"2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n"
-"BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n"
-"PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n"
-"clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n"
-"CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n"
-"C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n"
-"fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n"
-"-----END CERTIFICATE-----\r\n";
-const size_t mbedtls_test_srv_crt_ec_len = sizeof( mbedtls_test_srv_crt_ec );
-
-const char mbedtls_test_srv_key_ec[] =
-"-----BEGIN EC PRIVATE KEY-----\r\n"
-"MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n"
-"AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n"
-"6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n"
-"-----END EC PRIVATE KEY-----\r\n";
-const size_t mbedtls_test_srv_key_ec_len = sizeof( mbedtls_test_srv_key_ec );
-
-const char mbedtls_test_cli_crt_ec[] =
-"-----BEGIN CERTIFICATE-----\r\n"
-"MIICLDCCAbKgAwIBAgIBDTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n"
-"A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n"
-"MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjBBMQswCQYDVQQGEwJOTDERMA8G\r\n"
-"A1UEChMIUG9sYXJTU0wxHzAdBgNVBAMTFlBvbGFyU1NMIFRlc3QgQ2xpZW50IDIw\r\n"
-"WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARX5a6xc9/TrLuTuIH/Eq7u5lOszlVT\r\n"
-"9jQOzC7jYyUL35ji81xgNpbA1RgUcOV/n9VLRRjlsGzVXPiWj4dwo+THo4GdMIGa\r\n"
-"MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMG4GA1Ud\r\n"
-"IwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJOTDER\r\n"
-"MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC\r\n"
-"CQDBQ+J+YkPM6DAKBggqhkjOPQQDAgNoADBlAjBKZQ17IIOimbmoD/yN7o89u3BM\r\n"
-"lgOsjnhw3fIOoLIWy2WOGsk/LGF++DzvrRzuNiACMQCd8iem1XS4JK7haj8xocpU\r\n"
-"LwjQje5PDGHfd3h9tP38Qknu5bJqws0md2KOKHyeV0U=\r\n"
-"-----END CERTIFICATE-----\r\n";
-const size_t mbedtls_test_cli_crt_ec_len = sizeof( mbedtls_test_cli_crt_ec );
-
-const char mbedtls_test_cli_key_ec[] =
-"-----BEGIN EC PRIVATE KEY-----\r\n"
-"MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n"
-"AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n"
-"wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n"
-"-----END EC PRIVATE KEY-----\r\n";
-const size_t mbedtls_test_cli_key_ec_len = sizeof( mbedtls_test_cli_key_ec );
-#endif /* MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_RSA_C)
-
-#if defined(MBEDTLS_SHA256_C)
-#define TEST_CA_CRT_RSA_SHA256                                          \
-"-----BEGIN CERTIFICATE-----\r\n"                                       \
-"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n"  \
-"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"  \
-"MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n"  \
-"A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n"  \
-"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n"  \
-"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n"  \
-"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n"  \
-"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n"  \
-"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n"  \
-"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n"  \
-"gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA\r\n"  \
-"FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE\r\n"  \
-"CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T\r\n"  \
-"BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHK/HHrTZMnnVMpde1io+voAtql7j\r\n"  \
-"4sRhLrjD7o3THtwRbDa2diCvpq0Sq23Ng2LMYoXsOxoL/RQK3iN7UKxV3MKPEr0w\r\n"  \
-"XQS+kKQqiT2bsfrjnWMVHZtUOMpm6FNqcdGm/Rss3vKda2lcKl8kUnq/ylc1+QbB\r\n"  \
-"G6A6tUvQcr2ZyWfVg+mM5XkhTrOOXus2OLikb4WwEtJTJRNE0f+yPODSUz0/vT57\r\n"  \
-"ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY\r\n"  \
-"n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==\r\n"      \
-"-----END CERTIFICATE-----\r\n"
-
-const char   mbedtls_test_ca_crt_rsa[]   = TEST_CA_CRT_RSA_SHA256;
-const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa );
-#define TEST_CA_CRT_RSA_SOME
-
-static const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256;
-
-#endif
-
-#if !defined(TEST_CA_CRT_RSA_SOME) || defined(MBEDTLS_SHA1_C)
-#define TEST_CA_CRT_RSA_SHA1                                            \
-"-----BEGIN CERTIFICATE-----\r\n"                                       \
-"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"  \
-"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"  \
-"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n"  \
-"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n"  \
-"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n"  \
-"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n"  \
-"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n"  \
-"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n"  \
-"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n"  \
-"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n"  \
-"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n"  \
-"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n"  \
-"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n"  \
-"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n"  \
-"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n"  \
-"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n"  \
-"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n"  \
-"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n"  \
-"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n"      \
-"-----END CERTIFICATE-----\r\n"
-
-#if !defined (TEST_CA_CRT_RSA_SOME)
-const char   mbedtls_test_ca_crt_rsa[]   = TEST_CA_CRT_RSA_SHA1;
-const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa );
-#endif
-
-static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1;
-
-#endif
-
-const char mbedtls_test_ca_key_rsa[] =
-"-----BEGIN RSA PRIVATE KEY-----\r\n"
-"Proc-Type: 4,ENCRYPTED\r\n"
-"DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B\r\n"
-"\r\n"
-"9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA\r\n"
-"7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl//8xFKwZr3Xb5yO5JUP8AUctQq\r\n"
-"Nb8CLlZyuUC+52REAAthdWgsX+7dJO4yabzUcQ22Tp9JSD0hiL43BlkWYUNK3dAo\r\n"
-"PZlmiptjnzVTjg1MxsBSydZinWOLBV8/JQgxSPo2yD4uEfig28qbvQ2wNIn0pnAb\r\n"
-"GxnSAOazkongEGfvcjIIs+LZN9gXFhxcOh6kc4Q/c99B7QWETwLLkYgZ+z1a9VY9\r\n"
-"gEU7CwCxYCD+h9hY6FPmsK0/lC4O7aeRKpYq00rPPxs6i7phiexg6ax6yTMmArQq\r\n"
-"QmK3TAsJm8V/J5AWpLEV6jAFgRGymGGHnof0DXzVWZidrcZJWTNuGEX90nB3ee2w\r\n"
-"PXJEFWKoD3K3aFcSLdHYr3mLGxP7H9ThQai9VsycxZKS5kwvBKQ//YMrmFfwPk8x\r\n"
-"vTeY4KZMaUrveEel5tWZC94RSMKgxR6cyE1nBXyTQnDOGbfpNNgBKxyKbINWoOJU\r\n"
-"WJZAwlsQn+QzCDwpri7+sV1mS3gBE6UY7aQmnmiiaC2V3Hbphxct/en5QsfDOt1X\r\n"
-"JczSfpRWLlbPznZg8OQh/VgCMA58N5DjOzTIK7sJJ5r+94ZBTCpgAMbF588f0NTR\r\n"
-"KCe4yrxGJR7X02M4nvD4IwOlpsQ8xQxZtOSgXv4LkxvdU9XJJKWZ/XNKJeWztxSe\r\n"
-"Z1vdTc2YfsDBA2SEv33vxHx2g1vqtw8SjDRT2RaQSS0QuSaMJimdOX6mTOCBKk1J\r\n"
-"9Q5mXTrER+/LnK0jEmXsBXWA5bqqVZIyahXSx4VYZ7l7w/PHiUDtDgyRhMMKi4n2\r\n"
-"iQvQcWSQTjrpnlJbca1/DkpRt3YwrvJwdqb8asZU2VrNETh5x0QVefDRLFiVpif/\r\n"
-"tUaeAe/P1F8OkS7OIZDs1SUbv/sD2vMbhNkUoCms3/PvNtdnvgL4F0zhaDpKCmlT\r\n"
-"P8vx49E7v5CyRNmED9zZg4o3wmMqrQO93PtTug3Eu9oVx1zPQM1NVMyBa2+f29DL\r\n"
-"1nuTCeXdo9+ni45xx+jAI4DCwrRdhJ9uzZyC6962H37H6D+5naNvClFR1s6li1Gb\r\n"
-"nqPoiy/OBsEx9CaDGcqQBp5Wme/3XW+6z1ISOx+igwNTVCT14mHdBMbya0eIKft5\r\n"
-"X+GnwtgEMyCYyyWuUct8g4RzErcY9+yW9Om5Hzpx4zOuW4NPZgPDTgK+t2RSL/Yq\r\n"
-"rE1njrgeGYcVeG3f+OftH4s6fPbq7t1A5ZgUscbLMBqr9tK+OqygR4EgKBPsH6Cz\r\n"
-"L6zlv/2RV0qAHvVuDJcIDIgwY5rJtINEm32rhOeFNJwZS5MNIC1czXZx5//ugX7l\r\n"
-"I4sy5nbVhwSjtAk8Xg5dZbdTZ6mIrb7xqH+fdakZor1khG7bC2uIwibD3cSl2XkR\r\n"
-"wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde\r\n"
-"P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n"
-"-----END RSA PRIVATE KEY-----\r\n";
-const size_t mbedtls_test_ca_key_rsa_len = sizeof( mbedtls_test_ca_key_rsa );
-
-const char mbedtls_test_ca_pwd_rsa[] = "PolarSSLTest";
-const size_t mbedtls_test_ca_pwd_rsa_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
-
-const char mbedtls_test_srv_crt_rsa[] =
-"-----BEGIN CERTIFICATE-----\r\n"
-"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
-"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
-"MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n"
-"A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n"
-"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n"
-"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n"
-"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n"
-"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n"
-"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n"
-"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n"
-"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n"
-"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJxnXClY\r\n"
-"oHkbp70cqBrsGXLybA74czbO5RdLEgFs7rHVS9r+c293luS/KdliLScZqAzYVylw\r\n"
-"UfRWvKMoWhHYKp3dEIS4xTXk6/5zXxhv9Rw8SGc8qn6vITHk1S1mPevtekgasY5Y\r\n"
-"iWQuM3h4YVlRH3HHEMAD1TnAexfXHHDFQGe+Bd1iAbz1/sH9H8l4StwX6egvTK3M\r\n"
-"wXRwkKkvjKaEDA9ATbZx0mI8LGsxSuCqe9r9dyjmttd47J1p1Rulz3CLzaRcVIuS\r\n"
-"RRQfaD8neM9c1S/iJ/amTVqJxA1KOdOS5780WhPfSArA+g4qAmSjelc3p4wWpha8\r\n"
-"zhuYwjVuX6JHG0c=\r\n"
-"-----END CERTIFICATE-----\r\n";
-const size_t mbedtls_test_srv_crt_rsa_len = sizeof( mbedtls_test_srv_crt_rsa );
-
-const char mbedtls_test_srv_key_rsa[] =
-"-----BEGIN RSA PRIVATE KEY-----\r\n"
-"MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n"
-"lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n"
-"2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n"
-"Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n"
-"GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n"
-"y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n"
-"++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n"
-"Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n"
-"/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n"
-"WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n"
-"GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n"
-"TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n"
-"CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n"
-"nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n"
-"AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n"
-"sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n"
-"mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n"
-"BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n"
-"whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n"
-"vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n"
-"3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n"
-"3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n"
-"ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n"
-"4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n"
-"TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n"
-"-----END RSA PRIVATE KEY-----\r\n";
-const size_t mbedtls_test_srv_key_rsa_len = sizeof( mbedtls_test_srv_key_rsa );
-
-const char mbedtls_test_cli_crt_rsa[] =
-"-----BEGIN CERTIFICATE-----\r\n"
-"MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n"
-"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
-"MTcwNTA1MTMwNzU5WhcNMjcwNTA2MTMwNzU5WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n"
-"A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n"
-"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n"
-"M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n"
-"1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n"
-"MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n"
-"4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n"
-"/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n"
-"o4GSMIGPMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITBjBgNVHSMEXDBa\r\n"
-"gBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNV\r\n"
-"BAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEAMAkGA1Ud\r\n"
-"EwQCMAAwDQYJKoZIhvcNAQELBQADggEBAC7yO786NvcHpK8UovKIG9cB32oSQQom\r\n"
-"LoR0eHDRzdqEkoq7yGZufHFiRAAzbMqJfogRtxlrWAeB4y/jGaMBV25IbFOIcH2W\r\n"
-"iCEaMMbG+VQLKNvuC63kmw/Zewc9ThM6Pa1Hcy0axT0faf1B/U01j0FIcw/6mTfK\r\n"
-"D8w48OIwc1yr0JtutCVjig5DC0yznGMt32RyseOLcUe+lfq005v2PAiCozr5X8rE\r\n"
-"ofGZpiM2NqRPePgYy+Vc75Zk28xkRQq1ncprgQb3S4vTsZdScpM9hLf+eMlrgqlj\r\n"
-"c5PLSkXBeLE5+fedkyfTaLxxQlgCpuoOhKBm04/R1pWNzUHyqagjO9Q=\r\n"
-"-----END CERTIFICATE-----\r\n";
-const size_t mbedtls_test_cli_crt_rsa_len = sizeof( mbedtls_test_cli_crt_rsa );
-
-const char mbedtls_test_cli_key_rsa[] =
-"-----BEGIN RSA PRIVATE KEY-----\r\n"
-"MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n"
-"B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n"
-"bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9\r\n"
-"Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH\r\n"
-"7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v\r\n"
-"dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst\r\n"
-"yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz\r\n"
-"4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt\r\n"
-"ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA\r\n"
-"zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d\r\n"
-"l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf\r\n"
-"DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT\r\n"
-"VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL\r\n"
-"Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7\r\n"
-"wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys\r\n"
-"c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi\r\n"
-"33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60\r\n"
-"ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0\r\n"
-"BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW\r\n"
-"KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+\r\n"
-"UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc\r\n"
-"7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq\r\n"
-"gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu\r\n"
-"bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n"
-"8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n"
-"-----END RSA PRIVATE KEY-----\r\n";
-const size_t mbedtls_test_cli_key_rsa_len = sizeof( mbedtls_test_cli_key_rsa );
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-/* Concatenation of all available CA certificates */
-const char mbedtls_test_cas_pem[] =
-#ifdef TEST_CA_CRT_RSA_SHA1
-    TEST_CA_CRT_RSA_SHA1
-#endif
-#ifdef TEST_CA_CRT_RSA_SHA256
-    TEST_CA_CRT_RSA_SHA256
-#endif
-#ifdef TEST_CA_CRT_EC
-    TEST_CA_CRT_EC
-#endif
-    "";
-const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem );
-#endif
-
-/* List of all available CA certificates */
-const char * mbedtls_test_cas[] = {
-#if defined(TEST_CA_CRT_RSA_SHA1)
-    mbedtls_test_ca_crt_rsa_sha1,
-#endif
-#if defined(TEST_CA_CRT_RSA_SHA256)
-    mbedtls_test_ca_crt_rsa_sha256,
-#endif
-#if defined(MBEDTLS_ECDSA_C)
-    mbedtls_test_ca_crt_ec,
-#endif
-    NULL
-};
-const size_t mbedtls_test_cas_len[] = {
-#if defined(TEST_CA_CRT_RSA_SHA1)
-    sizeof( mbedtls_test_ca_crt_rsa_sha1 ),
-#endif
-#if defined(TEST_CA_CRT_RSA_SHA256)
-    sizeof( mbedtls_test_ca_crt_rsa_sha256 ),
-#endif
-#if defined(MBEDTLS_ECDSA_C)
-    sizeof( mbedtls_test_ca_crt_ec ),
-#endif
-    0
-};
-
-#if defined(MBEDTLS_RSA_C)
-const char *mbedtls_test_ca_crt  = mbedtls_test_ca_crt_rsa; /* SHA1 or SHA256 */
-const char *mbedtls_test_ca_key  = mbedtls_test_ca_key_rsa;
-const char *mbedtls_test_ca_pwd  = mbedtls_test_ca_pwd_rsa;
-const char *mbedtls_test_srv_crt = mbedtls_test_srv_crt_rsa;
-const char *mbedtls_test_srv_key = mbedtls_test_srv_key_rsa;
-const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa;
-const char *mbedtls_test_cli_key = mbedtls_test_cli_key_rsa;
-const size_t mbedtls_test_ca_crt_len  = sizeof( mbedtls_test_ca_crt_rsa );
-const size_t mbedtls_test_ca_key_len  = sizeof( mbedtls_test_ca_key_rsa );
-const size_t mbedtls_test_ca_pwd_len  = sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
-const size_t mbedtls_test_srv_crt_len = sizeof( mbedtls_test_srv_crt_rsa );
-const size_t mbedtls_test_srv_key_len = sizeof( mbedtls_test_srv_key_rsa );
-const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa );
-const size_t mbedtls_test_cli_key_len = sizeof( mbedtls_test_cli_key_rsa );
-#else /* ! MBEDTLS_RSA_C, so MBEDTLS_ECDSA_C */
-const char *mbedtls_test_ca_crt  = mbedtls_test_ca_crt_ec;
-const char *mbedtls_test_ca_key  = mbedtls_test_ca_key_ec;
-const char *mbedtls_test_ca_pwd  = mbedtls_test_ca_pwd_ec;
-const char *mbedtls_test_srv_crt = mbedtls_test_srv_crt_ec;
-const char *mbedtls_test_srv_key = mbedtls_test_srv_key_ec;
-const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_ec;
-const char *mbedtls_test_cli_key = mbedtls_test_cli_key_ec;
-const size_t mbedtls_test_ca_crt_len  = sizeof( mbedtls_test_ca_crt_ec );
-const size_t mbedtls_test_ca_key_len  = sizeof( mbedtls_test_ca_key_ec );
-const size_t mbedtls_test_ca_pwd_len  = sizeof( mbedtls_test_ca_pwd_ec ) - 1;
-const size_t mbedtls_test_srv_crt_len = sizeof( mbedtls_test_srv_crt_ec );
-const size_t mbedtls_test_srv_key_len = sizeof( mbedtls_test_srv_key_ec );
-const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_ec );
-const size_t mbedtls_test_cli_key_len = sizeof( mbedtls_test_cli_key_ec );
-#endif /* MBEDTLS_RSA_C */
-
-#endif /* MBEDTLS_CERTS_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/cipher.c b/components/ssl/mbedtls/mbedtls/library/cipher.c
deleted file mode 100644
index ff032738..00000000
--- a/components/ssl/mbedtls/mbedtls/library/cipher.c
+++ /dev/null
@@ -1,917 +0,0 @@
-/**
- * \file cipher.c
- *
- * \brief Generic cipher wrapper for mbed TLS
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_CIPHER_C)
-
-#include "mbedtls/cipher.h"
-#include "mbedtls/cipher_internal.h"
-
-#include <stdlib.h>
-#include <string.h>
-
-#if defined(MBEDTLS_GCM_C)
-#include "mbedtls/gcm.h"
-#endif
-
-#if defined(MBEDTLS_CCM_C)
-#include "mbedtls/ccm.h"
-#endif
-
-#if defined(MBEDTLS_CMAC_C)
-#include "mbedtls/cmac.h"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#define mbedtls_calloc calloc
-#define mbedtls_free   free
-#endif
-
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#define MBEDTLS_CIPHER_MODE_STREAM
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
-static int supported_init = 0;
-
-const int *mbedtls_cipher_list( void )
-{
-    const mbedtls_cipher_definition_t *def;
-    int *type;
-
-    if( ! supported_init )
-    {
-        def = mbedtls_cipher_definitions;
-        type = mbedtls_cipher_supported;
-
-        while( def->type != 0 )
-            *type++ = (*def++).type;
-
-        *type = 0;
-
-        supported_init = 1;
-    }
-
-    return( mbedtls_cipher_supported );
-}
-
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type )
-{
-    const mbedtls_cipher_definition_t *def;
-
-    for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
-        if( def->type == cipher_type )
-            return( def->info );
-
-    return( NULL );
-}
-
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name )
-{
-    const mbedtls_cipher_definition_t *def;
-
-    if( NULL == cipher_name )
-        return( NULL );
-
-    for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
-        if( !  strcmp( def->info->name, cipher_name ) )
-            return( def->info );
-
-    return( NULL );
-}
-
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
-                                              int key_bitlen,
-                                              const mbedtls_cipher_mode_t mode )
-{
-    const mbedtls_cipher_definition_t *def;
-
-    for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
-        if( def->info->base->cipher == cipher_id &&
-            def->info->key_bitlen == (unsigned) key_bitlen &&
-            def->info->mode == mode )
-            return( def->info );
-
-    return( NULL );
-}
-
-void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
-}
-
-void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-#if defined(MBEDTLS_CMAC_C)
-    if( ctx->cmac_ctx )
-    {
-       mbedtls_zeroize( ctx->cmac_ctx, sizeof( mbedtls_cmac_context_t ) );
-       mbedtls_free( ctx->cmac_ctx );
-    }
-#endif
-
-    if( ctx->cipher_ctx )
-        ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
-
-    mbedtls_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
-}
-
-int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info )
-{
-    if( NULL == cipher_info || NULL == ctx )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
-
-    if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
-        return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
-
-    ctx->cipher_info = cipher_info;
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-    /*
-     * Ignore possible errors caused by a cipher mode that doesn't use padding
-     */
-#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
-    (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_PKCS7 );
-#else
-    (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_NONE );
-#endif
-#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
-
-    return( 0 );
-}
-
-int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
-        int key_bitlen, const mbedtls_operation_t operation )
-{
-    if( NULL == ctx || NULL == ctx->cipher_info )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
-        (int) ctx->cipher_info->key_bitlen != key_bitlen )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-    ctx->key_bitlen = key_bitlen;
-    ctx->operation = operation;
-
-    /*
-     * For CFB and CTR mode always use the encryption key schedule
-     */
-    if( MBEDTLS_ENCRYPT == operation ||
-        MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
-        MBEDTLS_MODE_CTR == ctx->cipher_info->mode )
-    {
-        return ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
-                ctx->key_bitlen );
-    }
-
-    if( MBEDTLS_DECRYPT == operation )
-        return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
-                ctx->key_bitlen );
-
-    return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-}
-
-int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
-                   const unsigned char *iv, size_t iv_len )
-{
-    size_t actual_iv_size;
-
-    if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    /* avoid buffer overflow in ctx->iv */
-    if( iv_len > MBEDTLS_MAX_IV_LENGTH )
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-
-    if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN ) != 0 )
-        actual_iv_size = iv_len;
-    else
-    {
-        actual_iv_size = ctx->cipher_info->iv_size;
-
-        /* avoid reading past the end of input buffer */
-        if( actual_iv_size > iv_len )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-    memcpy( ctx->iv, iv, actual_iv_size );
-    ctx->iv_size = actual_iv_size;
-
-    return( 0 );
-}
-
-int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
-{
-    if( NULL == ctx || NULL == ctx->cipher_info )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    ctx->unprocessed_len = 0;
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_GCM_C)
-int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
-                      const unsigned char *ad, size_t ad_len )
-{
-    if( NULL == ctx || NULL == ctx->cipher_info )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
-    {
-        return mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation,
-                           ctx->iv, ctx->iv_size, ad, ad_len );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_GCM_C */
-
-int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
-                   size_t ilen, unsigned char *output, size_t *olen )
-{
-    int ret;
-    size_t block_size = 0;
-
-    if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-    *olen = 0;
-    block_size = mbedtls_cipher_get_block_size( ctx );
-
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
-    {
-        if( ilen != block_size )
-            return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
-
-        *olen = ilen;
-
-        if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
-                    ctx->operation, input, output ) ) )
-        {
-            return( ret );
-        }
-
-        return( 0 );
-    }
-
-#if defined(MBEDTLS_GCM_C)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM )
-    {
-        *olen = ilen;
-        return mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input,
-                           output );
-    }
-#endif
-
-    if ( 0 == block_size )
-    {
-        return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
-    }
-
-    if( input == output &&
-       ( ctx->unprocessed_len != 0 || ilen % block_size ) )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC )
-    {
-        size_t copy_len = 0;
-
-        /*
-         * If there is not enough data for a full block, cache it.
-         */
-        if( ( ctx->operation == MBEDTLS_DECRYPT &&
-                ilen <= block_size - ctx->unprocessed_len ) ||
-             ( ctx->operation == MBEDTLS_ENCRYPT &&
-                ilen < block_size - ctx->unprocessed_len ) )
-        {
-            memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
-                    ilen );
-
-            ctx->unprocessed_len += ilen;
-            return( 0 );
-        }
-
-        /*
-         * Process cached data first
-         */
-        if( 0 != ctx->unprocessed_len )
-        {
-            copy_len = block_size - ctx->unprocessed_len;
-
-            memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
-                    copy_len );
-
-            if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
-                    ctx->operation, block_size, ctx->iv,
-                    ctx->unprocessed_data, output ) ) )
-            {
-                return( ret );
-            }
-
-            *olen += block_size;
-            output += block_size;
-            ctx->unprocessed_len = 0;
-
-            input += copy_len;
-            ilen -= copy_len;
-        }
-
-        /*
-         * Cache final, incomplete block
-         */
-        if( 0 != ilen )
-        {
-            if( 0 == block_size )
-            {
-                return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
-            }
-
-            copy_len = ilen % block_size;
-            if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT )
-                copy_len = block_size;
-
-            memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
-                    copy_len );
-
-            ctx->unprocessed_len += copy_len;
-            ilen -= copy_len;
-        }
-
-        /*
-         * Process remaining full blocks
-         */
-        if( ilen )
-        {
-            if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
-                    ctx->operation, ilen, ctx->iv, input, output ) ) )
-            {
-                return( ret );
-            }
-
-            *olen += ilen;
-        }
-
-        return( 0 );
-    }
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_CFB )
-    {
-        if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
-                ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
-                input, output ) ) )
-        {
-            return( ret );
-        }
-
-        *olen = ilen;
-
-        return( 0 );
-    }
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_CTR )
-    {
-        if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
-                ilen, &ctx->unprocessed_len, ctx->iv,
-                ctx->unprocessed_data, input, output ) ) )
-        {
-            return( ret );
-        }
-
-        *olen = ilen;
-
-        return( 0 );
-    }
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_STREAM )
-    {
-        if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
-                                                    ilen, input, output ) ) )
-        {
-            return( ret );
-        }
-
-        *olen = ilen;
-
-        return( 0 );
-    }
-#endif /* MBEDTLS_CIPHER_MODE_STREAM */
-
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
-/*
- * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
- */
-static void add_pkcs_padding( unsigned char *output, size_t output_len,
-        size_t data_len )
-{
-    size_t padding_len = output_len - data_len;
-    unsigned char i;
-
-    for( i = 0; i < padding_len; i++ )
-        output[data_len + i] = (unsigned char) padding_len;
-}
-
-static int get_pkcs_padding( unsigned char *input, size_t input_len,
-        size_t *data_len )
-{
-    size_t i, pad_idx;
-    unsigned char padding_len, bad = 0;
-
-    if( NULL == input || NULL == data_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    padding_len = input[input_len - 1];
-    *data_len = input_len - padding_len;
-
-    /* Avoid logical || since it results in a branch */
-    bad |= padding_len > input_len;
-    bad |= padding_len == 0;
-
-    /* The number of bytes checked must be independent of padding_len,
-     * so pick input_len, which is usually 8 or 16 (one block) */
-    pad_idx = input_len - padding_len;
-    for( i = 0; i < input_len; i++ )
-        bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
-
-    return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
-}
-#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
-
-#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
-/*
- * One and zeros padding: fill with 80 00 ... 00
- */
-static void add_one_and_zeros_padding( unsigned char *output,
-                                       size_t output_len, size_t data_len )
-{
-    size_t padding_len = output_len - data_len;
-    unsigned char i = 0;
-
-    output[data_len] = 0x80;
-    for( i = 1; i < padding_len; i++ )
-        output[data_len + i] = 0x00;
-}
-
-static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
-                                      size_t *data_len )
-{
-    size_t i;
-    unsigned char done = 0, prev_done, bad;
-
-    if( NULL == input || NULL == data_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    bad = 0x80;
-    *data_len = 0;
-    for( i = input_len; i > 0; i-- )
-    {
-        prev_done = done;
-        done |= ( input[i - 1] != 0 );
-        *data_len |= ( i - 1 ) * ( done != prev_done );
-        bad ^= input[i - 1] * ( done != prev_done );
-    }
-
-    return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
-
-}
-#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
-
-#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
-/*
- * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
- */
-static void add_zeros_and_len_padding( unsigned char *output,
-                                       size_t output_len, size_t data_len )
-{
-    size_t padding_len = output_len - data_len;
-    unsigned char i = 0;
-
-    for( i = 1; i < padding_len; i++ )
-        output[data_len + i - 1] = 0x00;
-    output[output_len - 1] = (unsigned char) padding_len;
-}
-
-static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
-                                      size_t *data_len )
-{
-    size_t i, pad_idx;
-    unsigned char padding_len, bad = 0;
-
-    if( NULL == input || NULL == data_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    padding_len = input[input_len - 1];
-    *data_len = input_len - padding_len;
-
-    /* Avoid logical || since it results in a branch */
-    bad |= padding_len > input_len;
-    bad |= padding_len == 0;
-
-    /* The number of bytes checked must be independent of padding_len */
-    pad_idx = input_len - padding_len;
-    for( i = 0; i < input_len - 1; i++ )
-        bad |= input[i] * ( i >= pad_idx );
-
-    return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
-}
-#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
-
-#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
-/*
- * Zero padding: fill with 00 ... 00
- */
-static void add_zeros_padding( unsigned char *output,
-                               size_t output_len, size_t data_len )
-{
-    size_t i;
-
-    for( i = data_len; i < output_len; i++ )
-        output[i] = 0x00;
-}
-
-static int get_zeros_padding( unsigned char *input, size_t input_len,
-                              size_t *data_len )
-{
-    size_t i;
-    unsigned char done = 0, prev_done;
-
-    if( NULL == input || NULL == data_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    *data_len = 0;
-    for( i = input_len; i > 0; i-- )
-    {
-        prev_done = done;
-        done |= ( input[i-1] != 0 );
-        *data_len |= i * ( done != prev_done );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_PADDING_ZEROS */
-
-/*
- * No padding: don't pad :)
- *
- * There is no add_padding function (check for NULL in mbedtls_cipher_finish)
- * but a trivial get_padding function
- */
-static int get_no_padding( unsigned char *input, size_t input_len,
-                              size_t *data_len )
-{
-    if( NULL == input || NULL == data_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    *data_len = input_len;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
-
-int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
-                   unsigned char *output, size_t *olen )
-{
-    if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    *olen = 0;
-
-    if( MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
-        MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
-        MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
-        MBEDTLS_MODE_STREAM == ctx->cipher_info->mode )
-    {
-        return( 0 );
-    }
-
-    if( MBEDTLS_MODE_ECB == ctx->cipher_info->mode )
-    {
-        if( ctx->unprocessed_len != 0 )
-            return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
-
-        return( 0 );
-    }
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    if( MBEDTLS_MODE_CBC == ctx->cipher_info->mode )
-    {
-        int ret = 0;
-
-        if( MBEDTLS_ENCRYPT == ctx->operation )
-        {
-            /* check for 'no padding' mode */
-            if( NULL == ctx->add_padding )
-            {
-                if( 0 != ctx->unprocessed_len )
-                    return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
-
-                return( 0 );
-            }
-
-            ctx->add_padding( ctx->unprocessed_data, mbedtls_cipher_get_iv_size( ctx ),
-                    ctx->unprocessed_len );
-        }
-        else if( mbedtls_cipher_get_block_size( ctx ) != ctx->unprocessed_len )
-        {
-            /*
-             * For decrypt operations, expect a full block,
-             * or an empty block if no padding
-             */
-            if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
-                return( 0 );
-
-            return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
-        }
-
-        /* cipher block */
-        if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
-                ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv,
-                ctx->unprocessed_data, output ) ) )
-        {
-            return( ret );
-        }
-
-        /* Set output size for decryption */
-        if( MBEDTLS_DECRYPT == ctx->operation )
-            return ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ),
-                                     olen );
-
-        /* Set output size for encryption */
-        *olen = mbedtls_cipher_get_block_size( ctx );
-        return( 0 );
-    }
-#else
-    ((void) output);
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode )
-{
-    if( NULL == ctx ||
-        MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-    switch( mode )
-    {
-#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
-    case MBEDTLS_PADDING_PKCS7:
-        ctx->add_padding = add_pkcs_padding;
-        ctx->get_padding = get_pkcs_padding;
-        break;
-#endif
-#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
-    case MBEDTLS_PADDING_ONE_AND_ZEROS:
-        ctx->add_padding = add_one_and_zeros_padding;
-        ctx->get_padding = get_one_and_zeros_padding;
-        break;
-#endif
-#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
-    case MBEDTLS_PADDING_ZEROS_AND_LEN:
-        ctx->add_padding = add_zeros_and_len_padding;
-        ctx->get_padding = get_zeros_and_len_padding;
-        break;
-#endif
-#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
-    case MBEDTLS_PADDING_ZEROS:
-        ctx->add_padding = add_zeros_padding;
-        ctx->get_padding = get_zeros_padding;
-        break;
-#endif
-    case MBEDTLS_PADDING_NONE:
-        ctx->add_padding = NULL;
-        ctx->get_padding = get_no_padding;
-        break;
-
-    default:
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
-
-#if defined(MBEDTLS_GCM_C)
-int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
-                      unsigned char *tag, size_t tag_len )
-{
-    if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    if( MBEDTLS_ENCRYPT != ctx->operation )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
-        return mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx, tag, tag_len );
-
-    return( 0 );
-}
-
-int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
-                      const unsigned char *tag, size_t tag_len )
-{
-    int ret;
-
-    if( NULL == ctx || NULL == ctx->cipher_info ||
-        MBEDTLS_DECRYPT != ctx->operation )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
-    {
-        unsigned char check_tag[16];
-        size_t i;
-        int diff;
-
-        if( tag_len > sizeof( check_tag ) )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-        if( 0 != ( ret = mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx,
-                                     check_tag, tag_len ) ) )
-        {
-            return( ret );
-        }
-
-        /* Check the tag in "constant-time" */
-        for( diff = 0, i = 0; i < tag_len; i++ )
-            diff |= tag[i] ^ check_tag[i];
-
-        if( diff != 0 )
-            return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
-
-        return( 0 );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_GCM_C */
-
-/*
- * Packet-oriented wrapper for non-AEAD modes
- */
-int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
-                  const unsigned char *iv, size_t iv_len,
-                  const unsigned char *input, size_t ilen,
-                  unsigned char *output, size_t *olen )
-{
-    int ret;
-    size_t finish_olen;
-
-    if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_cipher_reset( ctx ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_cipher_update( ctx, input, ilen, output, olen ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_cipher_finish( ctx, output + *olen, &finish_olen ) ) != 0 )
-        return( ret );
-
-    *olen += finish_olen;
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_AEAD)
-/*
- * Packet-oriented encryption for AEAD modes
- */
-int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen,
-                         unsigned char *tag, size_t tag_len )
-{
-#if defined(MBEDTLS_GCM_C)
-    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
-    {
-        *olen = ilen;
-        return( mbedtls_gcm_crypt_and_tag( ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT, ilen,
-                                   iv, iv_len, ad, ad_len, input, output,
-                                   tag_len, tag ) );
-    }
-#endif /* MBEDTLS_GCM_C */
-#if defined(MBEDTLS_CCM_C)
-    if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
-    {
-        *olen = ilen;
-        return( mbedtls_ccm_encrypt_and_tag( ctx->cipher_ctx, ilen,
-                                     iv, iv_len, ad, ad_len, input, output,
-                                     tag, tag_len ) );
-    }
-#endif /* MBEDTLS_CCM_C */
-
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-}
-
-/*
- * Packet-oriented decryption for AEAD modes
- */
-int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen,
-                         const unsigned char *tag, size_t tag_len )
-{
-#if defined(MBEDTLS_GCM_C)
-    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
-    {
-        int ret;
-
-        *olen = ilen;
-        ret = mbedtls_gcm_auth_decrypt( ctx->cipher_ctx, ilen,
-                                iv, iv_len, ad, ad_len,
-                                tag, tag_len, input, output );
-
-        if( ret == MBEDTLS_ERR_GCM_AUTH_FAILED )
-            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
-
-        return( ret );
-    }
-#endif /* MBEDTLS_GCM_C */
-#if defined(MBEDTLS_CCM_C)
-    if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
-    {
-        int ret;
-
-        *olen = ilen;
-        ret = mbedtls_ccm_auth_decrypt( ctx->cipher_ctx, ilen,
-                                iv, iv_len, ad, ad_len,
-                                input, output, tag, tag_len );
-
-        if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
-            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
-
-        return( ret );
-    }
-#endif /* MBEDTLS_CCM_C */
-
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-}
-#endif /* MBEDTLS_CIPHER_MODE_AEAD */
-
-#endif /* MBEDTLS_CIPHER_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/cipher_wrap.c b/components/ssl/mbedtls/mbedtls/library/cipher_wrap.c
deleted file mode 100644
index dc76af8f..00000000
--- a/components/ssl/mbedtls/mbedtls/library/cipher_wrap.c
+++ /dev/null
@@ -1,1451 +0,0 @@
-/**
- * \file cipher_wrap.c
- *
- * \brief Generic cipher wrapper for mbed TLS
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_CIPHER_C)
-
-#include "mbedtls/cipher_internal.h"
-
-#if defined(MBEDTLS_AES_C)
-#include "mbedtls/aes.h"
-#endif
-
-#if defined(MBEDTLS_ARC4_C)
-#include "mbedtls/arc4.h"
-#endif
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#include "mbedtls/camellia.h"
-#endif
-
-#if defined(MBEDTLS_DES_C)
-#include "mbedtls/des.h"
-#endif
-
-#if defined(MBEDTLS_BLOWFISH_C)
-#include "mbedtls/blowfish.h"
-#endif
-
-#if defined(MBEDTLS_GCM_C)
-#include "mbedtls/gcm.h"
-#endif
-
-#if defined(MBEDTLS_CCM_C)
-#include "mbedtls/ccm.h"
-#endif
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#include <string.h>
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc    calloc
-#define mbedtls_free       free
-#endif
-
-#if defined(MBEDTLS_GCM_C)
-/* shared by all GCM ciphers */
-static void *gcm_ctx_alloc( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_gcm_context ) );
-
-    if( ctx != NULL )
-        mbedtls_gcm_init( (mbedtls_gcm_context *) ctx );
-
-    return( ctx );
-}
-
-static void gcm_ctx_free( void *ctx )
-{
-    mbedtls_gcm_free( ctx );
-    mbedtls_free( ctx );
-}
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CCM_C)
-/* shared by all CCM ciphers */
-static void *ccm_ctx_alloc( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ccm_context ) );
-
-    if( ctx != NULL )
-        mbedtls_ccm_init( (mbedtls_ccm_context *) ctx );
-
-    return( ctx );
-}
-
-static void ccm_ctx_free( void *ctx )
-{
-    mbedtls_ccm_free( ctx );
-    mbedtls_free( ctx );
-}
-#endif /* MBEDTLS_CCM_C */
-
-#if defined(MBEDTLS_AES_C)
-
-static int aes_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_aes_crypt_ecb( (mbedtls_aes_context *) ctx, operation, input, output );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int aes_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
-        unsigned char *iv, const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_aes_crypt_cbc( (mbedtls_aes_context *) ctx, operation, length, iv, input,
-                          output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static int aes_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
-        size_t length, size_t *iv_off, unsigned char *iv,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_aes_crypt_cfb128( (mbedtls_aes_context *) ctx, operation, length, iv_off, iv,
-                             input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static int aes_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
-        unsigned char *nonce_counter, unsigned char *stream_block,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_aes_crypt_ctr( (mbedtls_aes_context *) ctx, length, nc_off, nonce_counter,
-                          stream_block, input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-static int aes_setkey_dec_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
-{
-    return mbedtls_aes_setkey_dec( (mbedtls_aes_context *) ctx, key, key_bitlen );
-}
-
-static int aes_setkey_enc_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
-{
-    return mbedtls_aes_setkey_enc( (mbedtls_aes_context *) ctx, key, key_bitlen );
-}
-
-static void * aes_ctx_alloc( void )
-{
-    mbedtls_aes_context *aes = mbedtls_calloc( 1, sizeof( mbedtls_aes_context ) );
-
-    if( aes == NULL )
-        return( NULL );
-
-    mbedtls_aes_init( aes );
-
-    return( aes );
-}
-
-static void aes_ctx_free( void *ctx )
-{
-    mbedtls_aes_free( (mbedtls_aes_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static const mbedtls_cipher_base_t aes_info = {
-    MBEDTLS_CIPHER_ID_AES,
-    aes_crypt_ecb_wrap,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    aes_crypt_cbc_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    aes_crypt_cfb128_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    aes_crypt_ctr_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    aes_setkey_enc_wrap,
-    aes_setkey_dec_wrap,
-    aes_ctx_alloc,
-    aes_ctx_free
-};
-
-static const mbedtls_cipher_info_t aes_128_ecb_info = {
-    MBEDTLS_CIPHER_AES_128_ECB,
-    MBEDTLS_MODE_ECB,
-    128,
-    "AES-128-ECB",
-    16,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_192_ecb_info = {
-    MBEDTLS_CIPHER_AES_192_ECB,
-    MBEDTLS_MODE_ECB,
-    192,
-    "AES-192-ECB",
-    16,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_256_ecb_info = {
-    MBEDTLS_CIPHER_AES_256_ECB,
-    MBEDTLS_MODE_ECB,
-    256,
-    "AES-256-ECB",
-    16,
-    0,
-    16,
-    &aes_info
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const mbedtls_cipher_info_t aes_128_cbc_info = {
-    MBEDTLS_CIPHER_AES_128_CBC,
-    MBEDTLS_MODE_CBC,
-    128,
-    "AES-128-CBC",
-    16,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_192_cbc_info = {
-    MBEDTLS_CIPHER_AES_192_CBC,
-    MBEDTLS_MODE_CBC,
-    192,
-    "AES-192-CBC",
-    16,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_256_cbc_info = {
-    MBEDTLS_CIPHER_AES_256_CBC,
-    MBEDTLS_MODE_CBC,
-    256,
-    "AES-256-CBC",
-    16,
-    0,
-    16,
-    &aes_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static const mbedtls_cipher_info_t aes_128_cfb128_info = {
-    MBEDTLS_CIPHER_AES_128_CFB128,
-    MBEDTLS_MODE_CFB,
-    128,
-    "AES-128-CFB128",
-    16,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_192_cfb128_info = {
-    MBEDTLS_CIPHER_AES_192_CFB128,
-    MBEDTLS_MODE_CFB,
-    192,
-    "AES-192-CFB128",
-    16,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_256_cfb128_info = {
-    MBEDTLS_CIPHER_AES_256_CFB128,
-    MBEDTLS_MODE_CFB,
-    256,
-    "AES-256-CFB128",
-    16,
-    0,
-    16,
-    &aes_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static const mbedtls_cipher_info_t aes_128_ctr_info = {
-    MBEDTLS_CIPHER_AES_128_CTR,
-    MBEDTLS_MODE_CTR,
-    128,
-    "AES-128-CTR",
-    16,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_192_ctr_info = {
-    MBEDTLS_CIPHER_AES_192_CTR,
-    MBEDTLS_MODE_CTR,
-    192,
-    "AES-192-CTR",
-    16,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_256_ctr_info = {
-    MBEDTLS_CIPHER_AES_256_CTR,
-    MBEDTLS_MODE_CTR,
-    256,
-    "AES-256-CTR",
-    16,
-    0,
-    16,
-    &aes_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#if defined(MBEDTLS_GCM_C)
-static int gcm_aes_setkey_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
-{
-    return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
-                     key, key_bitlen );
-}
-
-static const mbedtls_cipher_base_t gcm_aes_info = {
-    MBEDTLS_CIPHER_ID_AES,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    gcm_aes_setkey_wrap,
-    gcm_aes_setkey_wrap,
-    gcm_ctx_alloc,
-    gcm_ctx_free,
-};
-
-static const mbedtls_cipher_info_t aes_128_gcm_info = {
-    MBEDTLS_CIPHER_AES_128_GCM,
-    MBEDTLS_MODE_GCM,
-    128,
-    "AES-128-GCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &gcm_aes_info
-};
-
-static const mbedtls_cipher_info_t aes_192_gcm_info = {
-    MBEDTLS_CIPHER_AES_192_GCM,
-    MBEDTLS_MODE_GCM,
-    192,
-    "AES-192-GCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &gcm_aes_info
-};
-
-static const mbedtls_cipher_info_t aes_256_gcm_info = {
-    MBEDTLS_CIPHER_AES_256_GCM,
-    MBEDTLS_MODE_GCM,
-    256,
-    "AES-256-GCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &gcm_aes_info
-};
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CCM_C)
-static int ccm_aes_setkey_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
-{
-    return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
-                     key, key_bitlen );
-}
-
-static const mbedtls_cipher_base_t ccm_aes_info = {
-    MBEDTLS_CIPHER_ID_AES,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    ccm_aes_setkey_wrap,
-    ccm_aes_setkey_wrap,
-    ccm_ctx_alloc,
-    ccm_ctx_free,
-};
-
-static const mbedtls_cipher_info_t aes_128_ccm_info = {
-    MBEDTLS_CIPHER_AES_128_CCM,
-    MBEDTLS_MODE_CCM,
-    128,
-    "AES-128-CCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &ccm_aes_info
-};
-
-static const mbedtls_cipher_info_t aes_192_ccm_info = {
-    MBEDTLS_CIPHER_AES_192_CCM,
-    MBEDTLS_MODE_CCM,
-    192,
-    "AES-192-CCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &ccm_aes_info
-};
-
-static const mbedtls_cipher_info_t aes_256_ccm_info = {
-    MBEDTLS_CIPHER_AES_256_CCM,
-    MBEDTLS_MODE_CCM,
-    256,
-    "AES-256-CCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &ccm_aes_info
-};
-#endif /* MBEDTLS_CCM_C */
-
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-
-static int camellia_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_camellia_crypt_ecb( (mbedtls_camellia_context *) ctx, operation, input,
-                               output );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int camellia_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
-        size_t length, unsigned char *iv,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_camellia_crypt_cbc( (mbedtls_camellia_context *) ctx, operation, length, iv,
-                               input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static int camellia_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
-        size_t length, size_t *iv_off, unsigned char *iv,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_camellia_crypt_cfb128( (mbedtls_camellia_context *) ctx, operation, length,
-                                  iv_off, iv, input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static int camellia_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
-        unsigned char *nonce_counter, unsigned char *stream_block,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_camellia_crypt_ctr( (mbedtls_camellia_context *) ctx, length, nc_off,
-                               nonce_counter, stream_block, input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-static int camellia_setkey_dec_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
-{
-    return mbedtls_camellia_setkey_dec( (mbedtls_camellia_context *) ctx, key, key_bitlen );
-}
-
-static int camellia_setkey_enc_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
-{
-    return mbedtls_camellia_setkey_enc( (mbedtls_camellia_context *) ctx, key, key_bitlen );
-}
-
-static void * camellia_ctx_alloc( void )
-{
-    mbedtls_camellia_context *ctx;
-    ctx = mbedtls_calloc( 1, sizeof( mbedtls_camellia_context ) );
-
-    if( ctx == NULL )
-        return( NULL );
-
-    mbedtls_camellia_init( ctx );
-
-    return( ctx );
-}
-
-static void camellia_ctx_free( void *ctx )
-{
-    mbedtls_camellia_free( (mbedtls_camellia_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static const mbedtls_cipher_base_t camellia_info = {
-    MBEDTLS_CIPHER_ID_CAMELLIA,
-    camellia_crypt_ecb_wrap,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    camellia_crypt_cbc_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    camellia_crypt_cfb128_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    camellia_crypt_ctr_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    camellia_setkey_enc_wrap,
-    camellia_setkey_dec_wrap,
-    camellia_ctx_alloc,
-    camellia_ctx_free
-};
-
-static const mbedtls_cipher_info_t camellia_128_ecb_info = {
-    MBEDTLS_CIPHER_CAMELLIA_128_ECB,
-    MBEDTLS_MODE_ECB,
-    128,
-    "CAMELLIA-128-ECB",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_192_ecb_info = {
-    MBEDTLS_CIPHER_CAMELLIA_192_ECB,
-    MBEDTLS_MODE_ECB,
-    192,
-    "CAMELLIA-192-ECB",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_256_ecb_info = {
-    MBEDTLS_CIPHER_CAMELLIA_256_ECB,
-    MBEDTLS_MODE_ECB,
-    256,
-    "CAMELLIA-256-ECB",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const mbedtls_cipher_info_t camellia_128_cbc_info = {
-    MBEDTLS_CIPHER_CAMELLIA_128_CBC,
-    MBEDTLS_MODE_CBC,
-    128,
-    "CAMELLIA-128-CBC",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_192_cbc_info = {
-    MBEDTLS_CIPHER_CAMELLIA_192_CBC,
-    MBEDTLS_MODE_CBC,
-    192,
-    "CAMELLIA-192-CBC",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_256_cbc_info = {
-    MBEDTLS_CIPHER_CAMELLIA_256_CBC,
-    MBEDTLS_MODE_CBC,
-    256,
-    "CAMELLIA-256-CBC",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static const mbedtls_cipher_info_t camellia_128_cfb128_info = {
-    MBEDTLS_CIPHER_CAMELLIA_128_CFB128,
-    MBEDTLS_MODE_CFB,
-    128,
-    "CAMELLIA-128-CFB128",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_192_cfb128_info = {
-    MBEDTLS_CIPHER_CAMELLIA_192_CFB128,
-    MBEDTLS_MODE_CFB,
-    192,
-    "CAMELLIA-192-CFB128",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_256_cfb128_info = {
-    MBEDTLS_CIPHER_CAMELLIA_256_CFB128,
-    MBEDTLS_MODE_CFB,
-    256,
-    "CAMELLIA-256-CFB128",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static const mbedtls_cipher_info_t camellia_128_ctr_info = {
-    MBEDTLS_CIPHER_CAMELLIA_128_CTR,
-    MBEDTLS_MODE_CTR,
-    128,
-    "CAMELLIA-128-CTR",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_192_ctr_info = {
-    MBEDTLS_CIPHER_CAMELLIA_192_CTR,
-    MBEDTLS_MODE_CTR,
-    192,
-    "CAMELLIA-192-CTR",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_256_ctr_info = {
-    MBEDTLS_CIPHER_CAMELLIA_256_CTR,
-    MBEDTLS_MODE_CTR,
-    256,
-    "CAMELLIA-256-CTR",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#if defined(MBEDTLS_GCM_C)
-static int gcm_camellia_setkey_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
-{
-    return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
-                     key, key_bitlen );
-}
-
-static const mbedtls_cipher_base_t gcm_camellia_info = {
-    MBEDTLS_CIPHER_ID_CAMELLIA,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    gcm_camellia_setkey_wrap,
-    gcm_camellia_setkey_wrap,
-    gcm_ctx_alloc,
-    gcm_ctx_free,
-};
-
-static const mbedtls_cipher_info_t camellia_128_gcm_info = {
-    MBEDTLS_CIPHER_CAMELLIA_128_GCM,
-    MBEDTLS_MODE_GCM,
-    128,
-    "CAMELLIA-128-GCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &gcm_camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_192_gcm_info = {
-    MBEDTLS_CIPHER_CAMELLIA_192_GCM,
-    MBEDTLS_MODE_GCM,
-    192,
-    "CAMELLIA-192-GCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &gcm_camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_256_gcm_info = {
-    MBEDTLS_CIPHER_CAMELLIA_256_GCM,
-    MBEDTLS_MODE_GCM,
-    256,
-    "CAMELLIA-256-GCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &gcm_camellia_info
-};
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CCM_C)
-static int ccm_camellia_setkey_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
-{
-    return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
-                     key, key_bitlen );
-}
-
-static const mbedtls_cipher_base_t ccm_camellia_info = {
-    MBEDTLS_CIPHER_ID_CAMELLIA,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    ccm_camellia_setkey_wrap,
-    ccm_camellia_setkey_wrap,
-    ccm_ctx_alloc,
-    ccm_ctx_free,
-};
-
-static const mbedtls_cipher_info_t camellia_128_ccm_info = {
-    MBEDTLS_CIPHER_CAMELLIA_128_CCM,
-    MBEDTLS_MODE_CCM,
-    128,
-    "CAMELLIA-128-CCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &ccm_camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_192_ccm_info = {
-    MBEDTLS_CIPHER_CAMELLIA_192_CCM,
-    MBEDTLS_MODE_CCM,
-    192,
-    "CAMELLIA-192-CCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &ccm_camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_256_ccm_info = {
-    MBEDTLS_CIPHER_CAMELLIA_256_CCM,
-    MBEDTLS_MODE_CCM,
-    256,
-    "CAMELLIA-256-CCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &ccm_camellia_info
-};
-#endif /* MBEDTLS_CCM_C */
-
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-
-static int des_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
-        const unsigned char *input, unsigned char *output )
-{
-    ((void) operation);
-    return mbedtls_des_crypt_ecb( (mbedtls_des_context *) ctx, input, output );
-}
-
-static int des3_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
-        const unsigned char *input, unsigned char *output )
-{
-    ((void) operation);
-    return mbedtls_des3_crypt_ecb( (mbedtls_des3_context *) ctx, input, output );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int des_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
-        unsigned char *iv, const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_des_crypt_cbc( (mbedtls_des_context *) ctx, operation, length, iv, input,
-                          output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int des3_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
-        unsigned char *iv, const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_des3_crypt_cbc( (mbedtls_des3_context *) ctx, operation, length, iv, input,
-                           output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-static int des_setkey_dec_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
-{
-    ((void) key_bitlen);
-
-    return mbedtls_des_setkey_dec( (mbedtls_des_context *) ctx, key );
-}
-
-static int des_setkey_enc_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
-{
-    ((void) key_bitlen);
-
-    return mbedtls_des_setkey_enc( (mbedtls_des_context *) ctx, key );
-}
-
-static int des3_set2key_dec_wrap( void *ctx, const unsigned char *key,
-                                  unsigned int key_bitlen )
-{
-    ((void) key_bitlen);
-
-    return mbedtls_des3_set2key_dec( (mbedtls_des3_context *) ctx, key );
-}
-
-static int des3_set2key_enc_wrap( void *ctx, const unsigned char *key,
-                                  unsigned int key_bitlen )
-{
-    ((void) key_bitlen);
-
-    return mbedtls_des3_set2key_enc( (mbedtls_des3_context *) ctx, key );
-}
-
-static int des3_set3key_dec_wrap( void *ctx, const unsigned char *key,
-                                  unsigned int key_bitlen )
-{
-    ((void) key_bitlen);
-
-    return mbedtls_des3_set3key_dec( (mbedtls_des3_context *) ctx, key );
-}
-
-static int des3_set3key_enc_wrap( void *ctx, const unsigned char *key,
-                                  unsigned int key_bitlen )
-{
-    ((void) key_bitlen);
-
-    return mbedtls_des3_set3key_enc( (mbedtls_des3_context *) ctx, key );
-}
-
-static void * des_ctx_alloc( void )
-{
-    mbedtls_des_context *des = mbedtls_calloc( 1, sizeof( mbedtls_des_context ) );
-
-    if( des == NULL )
-        return( NULL );
-
-    mbedtls_des_init( des );
-
-    return( des );
-}
-
-static void des_ctx_free( void *ctx )
-{
-    mbedtls_des_free( (mbedtls_des_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static void * des3_ctx_alloc( void )
-{
-    mbedtls_des3_context *des3;
-    des3 = mbedtls_calloc( 1, sizeof( mbedtls_des3_context ) );
-
-    if( des3 == NULL )
-        return( NULL );
-
-    mbedtls_des3_init( des3 );
-
-    return( des3 );
-}
-
-static void des3_ctx_free( void *ctx )
-{
-    mbedtls_des3_free( (mbedtls_des3_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static const mbedtls_cipher_base_t des_info = {
-    MBEDTLS_CIPHER_ID_DES,
-    des_crypt_ecb_wrap,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    des_crypt_cbc_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    des_setkey_enc_wrap,
-    des_setkey_dec_wrap,
-    des_ctx_alloc,
-    des_ctx_free
-};
-
-static const mbedtls_cipher_info_t des_ecb_info = {
-    MBEDTLS_CIPHER_DES_ECB,
-    MBEDTLS_MODE_ECB,
-    MBEDTLS_KEY_LENGTH_DES,
-    "DES-ECB",
-    8,
-    0,
-    8,
-    &des_info
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const mbedtls_cipher_info_t des_cbc_info = {
-    MBEDTLS_CIPHER_DES_CBC,
-    MBEDTLS_MODE_CBC,
-    MBEDTLS_KEY_LENGTH_DES,
-    "DES-CBC",
-    8,
-    0,
-    8,
-    &des_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-static const mbedtls_cipher_base_t des_ede_info = {
-    MBEDTLS_CIPHER_ID_DES,
-    des3_crypt_ecb_wrap,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    des3_crypt_cbc_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    des3_set2key_enc_wrap,
-    des3_set2key_dec_wrap,
-    des3_ctx_alloc,
-    des3_ctx_free
-};
-
-static const mbedtls_cipher_info_t des_ede_ecb_info = {
-    MBEDTLS_CIPHER_DES_EDE_ECB,
-    MBEDTLS_MODE_ECB,
-    MBEDTLS_KEY_LENGTH_DES_EDE,
-    "DES-EDE-ECB",
-    8,
-    0,
-    8,
-    &des_ede_info
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const mbedtls_cipher_info_t des_ede_cbc_info = {
-    MBEDTLS_CIPHER_DES_EDE_CBC,
-    MBEDTLS_MODE_CBC,
-    MBEDTLS_KEY_LENGTH_DES_EDE,
-    "DES-EDE-CBC",
-    8,
-    0,
-    8,
-    &des_ede_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-static const mbedtls_cipher_base_t des_ede3_info = {
-    MBEDTLS_CIPHER_ID_3DES,
-    des3_crypt_ecb_wrap,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    des3_crypt_cbc_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    des3_set3key_enc_wrap,
-    des3_set3key_dec_wrap,
-    des3_ctx_alloc,
-    des3_ctx_free
-};
-
-static const mbedtls_cipher_info_t des_ede3_ecb_info = {
-    MBEDTLS_CIPHER_DES_EDE3_ECB,
-    MBEDTLS_MODE_ECB,
-    MBEDTLS_KEY_LENGTH_DES_EDE3,
-    "DES-EDE3-ECB",
-    8,
-    0,
-    8,
-    &des_ede3_info
-};
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const mbedtls_cipher_info_t des_ede3_cbc_info = {
-    MBEDTLS_CIPHER_DES_EDE3_CBC,
-    MBEDTLS_MODE_CBC,
-    MBEDTLS_KEY_LENGTH_DES_EDE3,
-    "DES-EDE3-CBC",
-    8,
-    0,
-    8,
-    &des_ede3_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_BLOWFISH_C)
-
-static int blowfish_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_blowfish_crypt_ecb( (mbedtls_blowfish_context *) ctx, operation, input,
-                               output );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int blowfish_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
-        size_t length, unsigned char *iv, const unsigned char *input,
-        unsigned char *output )
-{
-    return mbedtls_blowfish_crypt_cbc( (mbedtls_blowfish_context *) ctx, operation, length, iv,
-                               input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static int blowfish_crypt_cfb64_wrap( void *ctx, mbedtls_operation_t operation,
-        size_t length, size_t *iv_off, unsigned char *iv,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_blowfish_crypt_cfb64( (mbedtls_blowfish_context *) ctx, operation, length,
-                                 iv_off, iv, input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static int blowfish_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
-        unsigned char *nonce_counter, unsigned char *stream_block,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_blowfish_crypt_ctr( (mbedtls_blowfish_context *) ctx, length, nc_off,
-                               nonce_counter, stream_block, input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-static int blowfish_setkey_wrap( void *ctx, const unsigned char *key,
-                                 unsigned int key_bitlen )
-{
-    return mbedtls_blowfish_setkey( (mbedtls_blowfish_context *) ctx, key, key_bitlen );
-}
-
-static void * blowfish_ctx_alloc( void )
-{
-    mbedtls_blowfish_context *ctx;
-    ctx = mbedtls_calloc( 1, sizeof( mbedtls_blowfish_context ) );
-
-    if( ctx == NULL )
-        return( NULL );
-
-    mbedtls_blowfish_init( ctx );
-
-    return( ctx );
-}
-
-static void blowfish_ctx_free( void *ctx )
-{
-    mbedtls_blowfish_free( (mbedtls_blowfish_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static const mbedtls_cipher_base_t blowfish_info = {
-    MBEDTLS_CIPHER_ID_BLOWFISH,
-    blowfish_crypt_ecb_wrap,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    blowfish_crypt_cbc_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    blowfish_crypt_cfb64_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    blowfish_crypt_ctr_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    blowfish_setkey_wrap,
-    blowfish_setkey_wrap,
-    blowfish_ctx_alloc,
-    blowfish_ctx_free
-};
-
-static const mbedtls_cipher_info_t blowfish_ecb_info = {
-    MBEDTLS_CIPHER_BLOWFISH_ECB,
-    MBEDTLS_MODE_ECB,
-    128,
-    "BLOWFISH-ECB",
-    8,
-    MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
-    8,
-    &blowfish_info
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const mbedtls_cipher_info_t blowfish_cbc_info = {
-    MBEDTLS_CIPHER_BLOWFISH_CBC,
-    MBEDTLS_MODE_CBC,
-    128,
-    "BLOWFISH-CBC",
-    8,
-    MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
-    8,
-    &blowfish_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static const mbedtls_cipher_info_t blowfish_cfb64_info = {
-    MBEDTLS_CIPHER_BLOWFISH_CFB64,
-    MBEDTLS_MODE_CFB,
-    128,
-    "BLOWFISH-CFB64",
-    8,
-    MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
-    8,
-    &blowfish_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static const mbedtls_cipher_info_t blowfish_ctr_info = {
-    MBEDTLS_CIPHER_BLOWFISH_CTR,
-    MBEDTLS_MODE_CTR,
-    128,
-    "BLOWFISH-CTR",
-    8,
-    MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
-    8,
-    &blowfish_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-#endif /* MBEDTLS_BLOWFISH_C */
-
-#if defined(MBEDTLS_ARC4_C)
-static int arc4_crypt_stream_wrap( void *ctx, size_t length,
-                                   const unsigned char *input,
-                                   unsigned char *output )
-{
-    return( mbedtls_arc4_crypt( (mbedtls_arc4_context *) ctx, length, input, output ) );
-}
-
-static int arc4_setkey_wrap( void *ctx, const unsigned char *key,
-                             unsigned int key_bitlen )
-{
-    /* we get key_bitlen in bits, arc4 expects it in bytes */
-    if( key_bitlen % 8 != 0 )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    mbedtls_arc4_setup( (mbedtls_arc4_context *) ctx, key, key_bitlen / 8 );
-    return( 0 );
-}
-
-static void * arc4_ctx_alloc( void )
-{
-    mbedtls_arc4_context *ctx;
-    ctx = mbedtls_calloc( 1, sizeof( mbedtls_arc4_context ) );
-
-    if( ctx == NULL )
-        return( NULL );
-
-    mbedtls_arc4_init( ctx );
-
-    return( ctx );
-}
-
-static void arc4_ctx_free( void *ctx )
-{
-    mbedtls_arc4_free( (mbedtls_arc4_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static const mbedtls_cipher_base_t arc4_base_info = {
-    MBEDTLS_CIPHER_ID_ARC4,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    arc4_crypt_stream_wrap,
-#endif
-    arc4_setkey_wrap,
-    arc4_setkey_wrap,
-    arc4_ctx_alloc,
-    arc4_ctx_free
-};
-
-static const mbedtls_cipher_info_t arc4_128_info = {
-    MBEDTLS_CIPHER_ARC4_128,
-    MBEDTLS_MODE_STREAM,
-    128,
-    "ARC4-128",
-    0,
-    0,
-    1,
-    &arc4_base_info
-};
-#endif /* MBEDTLS_ARC4_C */
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-static int null_crypt_stream( void *ctx, size_t length,
-                              const unsigned char *input,
-                              unsigned char *output )
-{
-    ((void) ctx);
-    memmove( output, input, length );
-    return( 0 );
-}
-
-static int null_setkey( void *ctx, const unsigned char *key,
-                        unsigned int key_bitlen )
-{
-    ((void) ctx);
-    ((void) key);
-    ((void) key_bitlen);
-
-    return( 0 );
-}
-
-static void * null_ctx_alloc( void )
-{
-    return( (void *) 1 );
-}
-
-static void null_ctx_free( void *ctx )
-{
-    ((void) ctx);
-}
-
-static const mbedtls_cipher_base_t null_base_info = {
-    MBEDTLS_CIPHER_ID_NULL,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    null_crypt_stream,
-#endif
-    null_setkey,
-    null_setkey,
-    null_ctx_alloc,
-    null_ctx_free
-};
-
-static const mbedtls_cipher_info_t null_cipher_info = {
-    MBEDTLS_CIPHER_NULL,
-    MBEDTLS_MODE_STREAM,
-    0,
-    "NULL",
-    0,
-    0,
-    1,
-    &null_base_info
-};
-#endif /* defined(MBEDTLS_CIPHER_NULL_CIPHER) */
-
-const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
-{
-#if defined(MBEDTLS_AES_C)
-    { MBEDTLS_CIPHER_AES_128_ECB,          &aes_128_ecb_info },
-    { MBEDTLS_CIPHER_AES_192_ECB,          &aes_192_ecb_info },
-    { MBEDTLS_CIPHER_AES_256_ECB,          &aes_256_ecb_info },
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_CIPHER_AES_128_CBC,          &aes_128_cbc_info },
-    { MBEDTLS_CIPHER_AES_192_CBC,          &aes_192_cbc_info },
-    { MBEDTLS_CIPHER_AES_256_CBC,          &aes_256_cbc_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    { MBEDTLS_CIPHER_AES_128_CFB128,       &aes_128_cfb128_info },
-    { MBEDTLS_CIPHER_AES_192_CFB128,       &aes_192_cfb128_info },
-    { MBEDTLS_CIPHER_AES_256_CFB128,       &aes_256_cfb128_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    { MBEDTLS_CIPHER_AES_128_CTR,          &aes_128_ctr_info },
-    { MBEDTLS_CIPHER_AES_192_CTR,          &aes_192_ctr_info },
-    { MBEDTLS_CIPHER_AES_256_CTR,          &aes_256_ctr_info },
-#endif
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_CIPHER_AES_128_GCM,          &aes_128_gcm_info },
-    { MBEDTLS_CIPHER_AES_192_GCM,          &aes_192_gcm_info },
-    { MBEDTLS_CIPHER_AES_256_GCM,          &aes_256_gcm_info },
-#endif
-#if defined(MBEDTLS_CCM_C)
-    { MBEDTLS_CIPHER_AES_128_CCM,          &aes_128_ccm_info },
-    { MBEDTLS_CIPHER_AES_192_CCM,          &aes_192_ccm_info },
-    { MBEDTLS_CIPHER_AES_256_CCM,          &aes_256_ccm_info },
-#endif
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-    { MBEDTLS_CIPHER_ARC4_128,             &arc4_128_info },
-#endif
-
-#if defined(MBEDTLS_BLOWFISH_C)
-    { MBEDTLS_CIPHER_BLOWFISH_ECB,         &blowfish_ecb_info },
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_CIPHER_BLOWFISH_CBC,         &blowfish_cbc_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    { MBEDTLS_CIPHER_BLOWFISH_CFB64,       &blowfish_cfb64_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    { MBEDTLS_CIPHER_BLOWFISH_CTR,         &blowfish_ctr_info },
-#endif
-#endif /* MBEDTLS_BLOWFISH_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-    { MBEDTLS_CIPHER_CAMELLIA_128_ECB,     &camellia_128_ecb_info },
-    { MBEDTLS_CIPHER_CAMELLIA_192_ECB,     &camellia_192_ecb_info },
-    { MBEDTLS_CIPHER_CAMELLIA_256_ECB,     &camellia_256_ecb_info },
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_CIPHER_CAMELLIA_128_CBC,     &camellia_128_cbc_info },
-    { MBEDTLS_CIPHER_CAMELLIA_192_CBC,     &camellia_192_cbc_info },
-    { MBEDTLS_CIPHER_CAMELLIA_256_CBC,     &camellia_256_cbc_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    { MBEDTLS_CIPHER_CAMELLIA_128_CFB128,  &camellia_128_cfb128_info },
-    { MBEDTLS_CIPHER_CAMELLIA_192_CFB128,  &camellia_192_cfb128_info },
-    { MBEDTLS_CIPHER_CAMELLIA_256_CFB128,  &camellia_256_cfb128_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    { MBEDTLS_CIPHER_CAMELLIA_128_CTR,     &camellia_128_ctr_info },
-    { MBEDTLS_CIPHER_CAMELLIA_192_CTR,     &camellia_192_ctr_info },
-    { MBEDTLS_CIPHER_CAMELLIA_256_CTR,     &camellia_256_ctr_info },
-#endif
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_CIPHER_CAMELLIA_128_GCM,     &camellia_128_gcm_info },
-    { MBEDTLS_CIPHER_CAMELLIA_192_GCM,     &camellia_192_gcm_info },
-    { MBEDTLS_CIPHER_CAMELLIA_256_GCM,     &camellia_256_gcm_info },
-#endif
-#if defined(MBEDTLS_CCM_C)
-    { MBEDTLS_CIPHER_CAMELLIA_128_CCM,     &camellia_128_ccm_info },
-    { MBEDTLS_CIPHER_CAMELLIA_192_CCM,     &camellia_192_ccm_info },
-    { MBEDTLS_CIPHER_CAMELLIA_256_CCM,     &camellia_256_ccm_info },
-#endif
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-    { MBEDTLS_CIPHER_DES_ECB,              &des_ecb_info },
-    { MBEDTLS_CIPHER_DES_EDE_ECB,          &des_ede_ecb_info },
-    { MBEDTLS_CIPHER_DES_EDE3_ECB,         &des_ede3_ecb_info },
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_CIPHER_DES_CBC,              &des_cbc_info },
-    { MBEDTLS_CIPHER_DES_EDE_CBC,          &des_ede_cbc_info },
-    { MBEDTLS_CIPHER_DES_EDE3_CBC,         &des_ede3_cbc_info },
-#endif
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-    { MBEDTLS_CIPHER_NULL,                 &null_cipher_info },
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
-
-    { MBEDTLS_CIPHER_NONE, NULL }
-};
-
-#define NUM_CIPHERS sizeof mbedtls_cipher_definitions / sizeof mbedtls_cipher_definitions[0]
-int mbedtls_cipher_supported[NUM_CIPHERS];
-
-#endif /* MBEDTLS_CIPHER_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/cmac.c b/components/ssl/mbedtls/mbedtls/library/cmac.c
deleted file mode 100644
index 9dbff903..00000000
--- a/components/ssl/mbedtls/mbedtls/library/cmac.c
+++ /dev/null
@@ -1,1080 +0,0 @@
-/**
- * \file cmac.c
- *
- * \brief NIST SP800-38B compliant CMAC implementation for AES and 3DES
- *
- *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- * References:
- *
- * - NIST SP 800-38B Recommendation for Block Cipher Modes of Operation: The
- *      CMAC Mode for Authentication
- *   http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf
- *
- * - RFC 4493 - The AES-CMAC Algorithm
- *   https://tools.ietf.org/html/rfc4493
- *
- * - RFC 4615 - The Advanced Encryption Standard-Cipher-based Message
- *      Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128)
- *      Algorithm for the Internet Key Exchange Protocol (IKE)
- *   https://tools.ietf.org/html/rfc4615
- *
- *   Additional test vectors: ISO/IEC 9797-1
- *
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_CMAC_C)
-
-#include "mbedtls/cmac.h"
-
-#include <string.h>
-
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc     calloc
-#define mbedtls_free       free
-#if defined(MBEDTLS_SELF_TEST)
-#include <stdio.h>
-#define mbedtls_printf     printf
-#endif /* MBEDTLS_SELF_TEST */
-#endif /* MBEDTLS_PLATFORM_C */
-
-#if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST)
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
-/*
- * Multiplication by u in the Galois field of GF(2^n)
- *
- * As explained in NIST SP 800-38B, this can be computed:
- *
- *   If MSB(p) = 0, then p = (p << 1)
- *   If MSB(p) = 1, then p = (p << 1) ^ R_n
- *   with R_64 = 0x1B and  R_128 = 0x87
- *
- * Input and output MUST NOT point to the same buffer
- * Block size must be 8 bytes or 16 bytes - the block sizes for DES and AES.
- */
-static int cmac_multiply_by_u( unsigned char *output,
-                               const unsigned char *input,
-                               size_t blocksize )
-{
-    const unsigned char R_128 = 0x87;
-    const unsigned char R_64 = 0x1B;
-    unsigned char R_n, mask;
-    unsigned char overflow = 0x00;
-    int i;
-
-    if( blocksize == MBEDTLS_AES_BLOCK_SIZE )
-    {
-        R_n = R_128;
-    }
-    else if( blocksize == MBEDTLS_DES3_BLOCK_SIZE )
-    {
-        R_n = R_64;
-    }
-    else
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-    for( i = (int)blocksize - 1; i >= 0; i-- )
-    {
-        output[i] = input[i] << 1 | overflow;
-        overflow = input[i] >> 7;
-    }
-
-    /* mask = ( input[0] >> 7 ) ? 0xff : 0x00
-     * using bit operations to avoid branches */
-
-    /* MSVC has a warning about unary minus on unsigned, but this is
-     * well-defined and precisely what we want to do here */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
-    mask = - ( input[0] >> 7 );
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-
-    output[ blocksize - 1 ] ^= R_n & mask;
-
-    return( 0 );
-}
-
-/*
- * Generate subkeys
- *
- * - as specified by RFC 4493, section 2.3 Subkey Generation Algorithm
- */
-static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx,
-                                  unsigned char* K1, unsigned char* K2 )
-{
-    int ret;
-    unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX];
-    size_t olen, block_size;
-
-    mbedtls_zeroize( L, sizeof( L ) );
-
-    block_size = ctx->cipher_info->block_size;
-
-    /* Calculate Ek(0) */
-    if( ( ret = mbedtls_cipher_update( ctx, L, block_size, L, &olen ) ) != 0 )
-        goto exit;
-
-    /*
-     * Generate K1 and K2
-     */
-    if( ( ret = cmac_multiply_by_u( K1, L , block_size ) ) != 0 )
-        goto exit;
-
-    if( ( ret = cmac_multiply_by_u( K2, K1 , block_size ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_zeroize( L, sizeof( L ) );
-
-    return( ret );
-}
-#endif /* !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) */
-
-#if !defined(MBEDTLS_CMAC_ALT)
-static void cmac_xor_block( unsigned char *output, const unsigned char *input1,
-                            const unsigned char *input2,
-                            const size_t block_size )
-{
-    size_t idx;
-
-    for( idx = 0; idx < block_size; idx++ )
-        output[ idx ] = input1[ idx ] ^ input2[ idx ];
-}
-
-/*
- * Create padded last block from (partial) last block.
- *
- * We can't use the padding option from the cipher layer, as it only works for
- * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition.
- */
-static void cmac_pad( unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX],
-                      size_t padded_block_len,
-                      const unsigned char *last_block,
-                      size_t last_block_len )
-{
-    size_t j;
-
-    for( j = 0; j < padded_block_len; j++ )
-    {
-        if( j < last_block_len )
-            padded_block[j] = last_block[j];
-        else if( j == last_block_len )
-            padded_block[j] = 0x80;
-        else
-            padded_block[j] = 0x00;
-    }
-}
-
-int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
-                                const unsigned char *key, size_t keybits )
-{
-    mbedtls_cipher_type_t type;
-    mbedtls_cmac_context_t *cmac_ctx;
-    int retval;
-
-    if( ctx == NULL || ctx->cipher_info == NULL || key == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    if( ( retval = mbedtls_cipher_setkey( ctx, key, (int)keybits,
-                                          MBEDTLS_ENCRYPT ) ) != 0 )
-        return( retval );
-
-    type = ctx->cipher_info->type;
-
-    switch( type )
-    {
-        case MBEDTLS_CIPHER_AES_128_ECB:
-        case MBEDTLS_CIPHER_AES_192_ECB:
-        case MBEDTLS_CIPHER_AES_256_ECB:
-        case MBEDTLS_CIPHER_DES_EDE3_ECB:
-            break;
-        default:
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-    /* Allocated and initialise in the cipher context memory for the CMAC
-     * context */
-    cmac_ctx = mbedtls_calloc( 1, sizeof( mbedtls_cmac_context_t ) );
-    if( cmac_ctx == NULL )
-        return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
-
-    ctx->cmac_ctx = cmac_ctx;
-
-    mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) );
-
-    return 0;
-}
-
-int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
-                                const unsigned char *input, size_t ilen )
-{
-    mbedtls_cmac_context_t* cmac_ctx;
-    unsigned char *state;
-    int ret = 0;
-    size_t n, j, olen, block_size;
-
-    if( ctx == NULL || ctx->cipher_info == NULL || input == NULL ||
-        ctx->cmac_ctx == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    cmac_ctx = ctx->cmac_ctx;
-    block_size = ctx->cipher_info->block_size;
-    state = ctx->cmac_ctx->state;
-
-    /* Is there data still to process from the last call, that's greater in
-     * size than a block? */
-    if( cmac_ctx->unprocessed_len > 0 &&
-        ilen > block_size - cmac_ctx->unprocessed_len )
-    {
-        memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
-                input,
-                block_size - cmac_ctx->unprocessed_len );
-
-        cmac_xor_block( state, cmac_ctx->unprocessed_block, state, block_size );
-
-        if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state,
-                                           &olen ) ) != 0 )
-        {
-           goto exit;
-        }
-
-        input += block_size - cmac_ctx->unprocessed_len;
-        ilen -= block_size - cmac_ctx->unprocessed_len;
-        cmac_ctx->unprocessed_len = 0;
-    }
-
-    /* n is the number of blocks including any final partial block */
-    n = ( ilen + block_size - 1 ) / block_size;
-
-    /* Iterate across the input data in block sized chunks, excluding any
-     * final partial or complete block */
-    for( j = 1; j < n; j++ )
-    {
-        cmac_xor_block( state, input, state, block_size );
-
-        if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state,
-                                           &olen ) ) != 0 )
-           goto exit;
-
-        ilen -= block_size;
-        input += block_size;
-    }
-
-    /* If there is data left over that wasn't aligned to a block */
-    if( ilen > 0 )
-    {
-        memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
-                input,
-                ilen );
-        cmac_ctx->unprocessed_len += ilen;
-    }
-
-exit:
-    return( ret );
-}
-
-int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
-                                unsigned char *output )
-{
-    mbedtls_cmac_context_t* cmac_ctx;
-    unsigned char *state, *last_block;
-    unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
-    unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
-    unsigned char M_last[MBEDTLS_CIPHER_BLKSIZE_MAX];
-    int ret;
-    size_t olen, block_size;
-
-    if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ||
-        output == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    cmac_ctx = ctx->cmac_ctx;
-    block_size = ctx->cipher_info->block_size;
-    state = cmac_ctx->state;
-
-    mbedtls_zeroize( K1, sizeof( K1 ) );
-    mbedtls_zeroize( K2, sizeof( K2 ) );
-    cmac_generate_subkeys( ctx, K1, K2 );
-
-    last_block = cmac_ctx->unprocessed_block;
-
-    /* Calculate last block */
-    if( cmac_ctx->unprocessed_len < block_size )
-    {
-        cmac_pad( M_last, block_size, last_block, cmac_ctx->unprocessed_len );
-        cmac_xor_block( M_last, M_last, K2, block_size );
-    }
-    else
-    {
-        /* Last block is complete block */
-        cmac_xor_block( M_last, last_block, K1, block_size );
-    }
-
-
-    cmac_xor_block( state, M_last, state, block_size );
-    if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state,
-                                       &olen ) ) != 0 )
-    {
-        goto exit;
-    }
-
-    memcpy( output, state, block_size );
-
-exit:
-    /* Wipe the generated keys on the stack, and any other transients to avoid
-     * side channel leakage */
-    mbedtls_zeroize( K1, sizeof( K1 ) );
-    mbedtls_zeroize( K2, sizeof( K2 ) );
-
-    cmac_ctx->unprocessed_len = 0;
-    mbedtls_zeroize( cmac_ctx->unprocessed_block,
-                     sizeof( cmac_ctx->unprocessed_block ) );
-
-    mbedtls_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX );
-    return( ret );
-}
-
-int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx )
-{
-    mbedtls_cmac_context_t* cmac_ctx;
-
-    if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    cmac_ctx = ctx->cmac_ctx;
-
-    /* Reset the internal state */
-    cmac_ctx->unprocessed_len = 0;
-    mbedtls_zeroize( cmac_ctx->unprocessed_block,
-                     sizeof( cmac_ctx->unprocessed_block ) );
-    mbedtls_zeroize( cmac_ctx->state,
-                     sizeof( cmac_ctx->state ) );
-
-    return( 0 );
-}
-
-int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
-                         const unsigned char *key, size_t keylen,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output )
-{
-    mbedtls_cipher_context_t ctx;
-    int ret;
-
-    if( cipher_info == NULL || key == NULL || input == NULL || output == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    mbedtls_cipher_init( &ctx );
-
-    if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 )
-        goto exit;
-
-    ret = mbedtls_cipher_cmac_starts( &ctx, key, keylen );
-    if( ret != 0 )
-        goto exit;
-
-    ret = mbedtls_cipher_cmac_update( &ctx, input, ilen );
-    if( ret != 0 )
-        goto exit;
-
-    ret = mbedtls_cipher_cmac_finish( &ctx, output );
-
-exit:
-    mbedtls_cipher_free( &ctx );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_AES_C)
-/*
- * Implementation of AES-CMAC-PRF-128 defined in RFC 4615
- */
-int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
-                              const unsigned char *input, size_t in_len,
-                              unsigned char *output )
-{
-    int ret;
-    const mbedtls_cipher_info_t *cipher_info;
-    unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE];
-    unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE];
-
-    if( key == NULL || input == NULL || output == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB );
-    if( cipher_info == NULL )
-    {
-        /* Failing at this point must be due to a build issue */
-        ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
-        goto exit;
-    }
-
-    if( key_length == MBEDTLS_AES_BLOCK_SIZE )
-    {
-        /* Use key as is */
-        memcpy( int_key, key, MBEDTLS_AES_BLOCK_SIZE );
-    }
-    else
-    {
-        memset( zero_key, 0, MBEDTLS_AES_BLOCK_SIZE );
-
-        ret = mbedtls_cipher_cmac( cipher_info, zero_key, 128, key,
-                                   key_length, int_key );
-        if( ret != 0 )
-            goto exit;
-    }
-
-    ret = mbedtls_cipher_cmac( cipher_info, int_key, 128, input, in_len,
-                               output );
-
-exit:
-    mbedtls_zeroize( int_key, sizeof( int_key ) );
-
-    return( ret );
-}
-#endif /* MBEDTLS_AES_C */
-
-#endif /* !MBEDTLS_CMAC_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * CMAC test data for SP800-38B
- * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/AES_CMAC.pdf
- * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/TDES_CMAC.pdf
- *
- * AES-CMAC-PRF-128 test data from RFC 4615
- * https://tools.ietf.org/html/rfc4615#page-4
- */
-
-#define NB_CMAC_TESTS_PER_KEY 4
-#define NB_PRF_TESTS 3
-
-#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C)
-/* All CMAC test inputs are truncated from the same 64 byte buffer. */
-static const unsigned char test_message[] = {
-    /* PT */
-    0x6b, 0xc1, 0xbe, 0xe2,     0x2e, 0x40, 0x9f, 0x96,
-    0xe9, 0x3d, 0x7e, 0x11,     0x73, 0x93, 0x17, 0x2a,
-    0xae, 0x2d, 0x8a, 0x57,     0x1e, 0x03, 0xac, 0x9c,
-    0x9e, 0xb7, 0x6f, 0xac,     0x45, 0xaf, 0x8e, 0x51,
-    0x30, 0xc8, 0x1c, 0x46,     0xa3, 0x5c, 0xe4, 0x11,
-    0xe5, 0xfb, 0xc1, 0x19,     0x1a, 0x0a, 0x52, 0xef,
-    0xf6, 0x9f, 0x24, 0x45,     0xdf, 0x4f, 0x9b, 0x17,
-    0xad, 0x2b, 0x41, 0x7b,     0xe6, 0x6c, 0x37, 0x10
-};
-#endif /* MBEDTLS_AES_C || MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_AES_C)
-/* Truncation point of message for AES CMAC tests  */
-static const  unsigned int  aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = {
-    /* Mlen */
-    0,
-    16,
-    20,
-    64
-};
-
-/* CMAC-AES128 Test Data */
-static const unsigned char aes_128_key[16] = {
-    0x2b, 0x7e, 0x15, 0x16,     0x28, 0xae, 0xd2, 0xa6,
-    0xab, 0xf7, 0x15, 0x88,     0x09, 0xcf, 0x4f, 0x3c
-};
-static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
-    {
-        /* K1 */
-        0xfb, 0xee, 0xd6, 0x18,     0x35, 0x71, 0x33, 0x66,
-        0x7c, 0x85, 0xe0, 0x8f,     0x72, 0x36, 0xa8, 0xde
-    },
-    {
-        /* K2 */
-        0xf7, 0xdd, 0xac, 0x30,     0x6a, 0xe2, 0x66, 0xcc,
-        0xf9, 0x0b, 0xc1, 0x1e,     0xe4, 0x6d, 0x51, 0x3b
-    }
-};
-static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
-    {
-        /* Example #1 */
-        0xbb, 0x1d, 0x69, 0x29,     0xe9, 0x59, 0x37, 0x28,
-        0x7f, 0xa3, 0x7d, 0x12,     0x9b, 0x75, 0x67, 0x46
-    },
-    {
-        /* Example #2 */
-        0x07, 0x0a, 0x16, 0xb4,     0x6b, 0x4d, 0x41, 0x44,
-        0xf7, 0x9b, 0xdd, 0x9d,     0xd0, 0x4a, 0x28, 0x7c
-    },
-    {
-        /* Example #3 */
-        0x7d, 0x85, 0x44, 0x9e,     0xa6, 0xea, 0x19, 0xc8,
-        0x23, 0xa7, 0xbf, 0x78,     0x83, 0x7d, 0xfa, 0xde
-    },
-    {
-        /* Example #4 */
-        0x51, 0xf0, 0xbe, 0xbf,     0x7e, 0x3b, 0x9d, 0x92,
-        0xfc, 0x49, 0x74, 0x17,     0x79, 0x36, 0x3c, 0xfe
-    }
-};
-
-/* CMAC-AES192 Test Data */
-static const unsigned char aes_192_key[24] = {
-    0x8e, 0x73, 0xb0, 0xf7,     0xda, 0x0e, 0x64, 0x52,
-    0xc8, 0x10, 0xf3, 0x2b,     0x80, 0x90, 0x79, 0xe5,
-    0x62, 0xf8, 0xea, 0xd2,     0x52, 0x2c, 0x6b, 0x7b
-};
-static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
-    {
-        /* K1 */
-        0x44, 0x8a, 0x5b, 0x1c,     0x93, 0x51, 0x4b, 0x27,
-        0x3e, 0xe6, 0x43, 0x9d,     0xd4, 0xda, 0xa2, 0x96
-    },
-    {
-        /* K2 */
-        0x89, 0x14, 0xb6, 0x39,     0x26, 0xa2, 0x96, 0x4e,
-        0x7d, 0xcc, 0x87, 0x3b,     0xa9, 0xb5, 0x45, 0x2c
-    }
-};
-static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
-    {
-        /* Example #1 */
-        0xd1, 0x7d, 0xdf, 0x46,     0xad, 0xaa, 0xcd, 0xe5,
-        0x31, 0xca, 0xc4, 0x83,     0xde, 0x7a, 0x93, 0x67
-    },
-    {
-        /* Example #2 */
-        0x9e, 0x99, 0xa7, 0xbf,     0x31, 0xe7, 0x10, 0x90,
-        0x06, 0x62, 0xf6, 0x5e,     0x61, 0x7c, 0x51, 0x84
-    },
-    {
-        /* Example #3 */
-        0x3d, 0x75, 0xc1, 0x94,     0xed, 0x96, 0x07, 0x04,
-        0x44, 0xa9, 0xfa, 0x7e,     0xc7, 0x40, 0xec, 0xf8
-    },
-    {
-        /* Example #4 */
-        0xa1, 0xd5, 0xdf, 0x0e,     0xed, 0x79, 0x0f, 0x79,
-        0x4d, 0x77, 0x58, 0x96,     0x59, 0xf3, 0x9a, 0x11
-    }
-};
-
-/* CMAC-AES256 Test Data */
-static const unsigned char aes_256_key[32] = {
-    0x60, 0x3d, 0xeb, 0x10,     0x15, 0xca, 0x71, 0xbe,
-    0x2b, 0x73, 0xae, 0xf0,     0x85, 0x7d, 0x77, 0x81,
-    0x1f, 0x35, 0x2c, 0x07,     0x3b, 0x61, 0x08, 0xd7,
-    0x2d, 0x98, 0x10, 0xa3,     0x09, 0x14, 0xdf, 0xf4
-};
-static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
-    {
-        /* K1 */
-        0xca, 0xd1, 0xed, 0x03,     0x29, 0x9e, 0xed, 0xac,
-        0x2e, 0x9a, 0x99, 0x80,     0x86, 0x21, 0x50, 0x2f
-    },
-    {
-        /* K2 */
-        0x95, 0xa3, 0xda, 0x06,     0x53, 0x3d, 0xdb, 0x58,
-        0x5d, 0x35, 0x33, 0x01,     0x0c, 0x42, 0xa0, 0xd9
-    }
-};
-static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
-    {
-        /* Example #1 */
-        0x02, 0x89, 0x62, 0xf6,     0x1b, 0x7b, 0xf8, 0x9e,
-        0xfc, 0x6b, 0x55, 0x1f,     0x46, 0x67, 0xd9, 0x83
-    },
-    {
-        /* Example #2 */
-        0x28, 0xa7, 0x02, 0x3f,     0x45, 0x2e, 0x8f, 0x82,
-        0xbd, 0x4b, 0xf2, 0x8d,     0x8c, 0x37, 0xc3, 0x5c
-    },
-    {
-        /* Example #3 */
-        0x15, 0x67, 0x27, 0xdc,     0x08, 0x78, 0x94, 0x4a,
-        0x02, 0x3c, 0x1f, 0xe0,     0x3b, 0xad, 0x6d, 0x93
-    },
-    {
-        /* Example #4 */
-        0xe1, 0x99, 0x21, 0x90,     0x54, 0x9f, 0x6e, 0xd5,
-        0x69, 0x6a, 0x2c, 0x05,     0x6c, 0x31, 0x54, 0x10
-    }
-};
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_DES_C)
-/* Truncation point of message for 3DES CMAC tests  */
-static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = {
-    0,
-    16,
-    20,
-    32
-};
-
-/* CMAC-TDES (Generation) - 2 Key Test Data */
-static const unsigned char des3_2key_key[24] = {
-    /* Key1 */
-    0x01, 0x23, 0x45, 0x67,     0x89, 0xab, 0xcd, 0xef,
-    /* Key2 */
-    0x23, 0x45, 0x67, 0x89,     0xab, 0xcd, 0xEF, 0x01,
-    /* Key3 */
-    0x01, 0x23, 0x45, 0x67,     0x89, 0xab, 0xcd, 0xef
-};
-static const unsigned char des3_2key_subkeys[2][8] = {
-    {
-        /* K1 */
-        0x0d, 0xd2, 0xcb, 0x7a,     0x3d, 0x88, 0x88, 0xd9
-    },
-    {
-        /* K2 */
-        0x1b, 0xa5, 0x96, 0xf4,     0x7b, 0x11, 0x11, 0xb2
-    }
-};
-static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
-    {
-        /* Sample #1 */
-        0x79, 0xce, 0x52, 0xa7,     0xf7, 0x86, 0xa9, 0x60
-    },
-    {
-        /* Sample #2 */
-        0xcc, 0x18, 0xa0, 0xb7,     0x9a, 0xf2, 0x41, 0x3b
-    },
-    {
-        /* Sample #3 */
-        0xc0, 0x6d, 0x37, 0x7e,     0xcd, 0x10, 0x19, 0x69
-    },
-    {
-        /* Sample #4 */
-        0x9c, 0xd3, 0x35, 0x80,     0xf9, 0xb6, 0x4d, 0xfb
-    }
-};
-
-/* CMAC-TDES (Generation) - 3 Key Test Data */
-static const unsigned char des3_3key_key[24] = {
-    /* Key1 */
-    0x01, 0x23, 0x45, 0x67,     0x89, 0xaa, 0xcd, 0xef,
-    /* Key2 */
-    0x23, 0x45, 0x67, 0x89,     0xab, 0xcd, 0xef, 0x01,
-    /* Key3 */
-    0x45, 0x67, 0x89, 0xab,     0xcd, 0xef, 0x01, 0x23
-};
-static const unsigned char des3_3key_subkeys[2][8] = {
-    {
-        /* K1 */
-        0x9d, 0x74, 0xe7, 0x39,     0x33, 0x17, 0x96, 0xc0
-    },
-    {
-        /* K2 */
-        0x3a, 0xe9, 0xce, 0x72,     0x66, 0x2f, 0x2d, 0x9b
-    }
-};
-static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
-    {
-        /* Sample #1 */
-        0x7d, 0xb0, 0xd3, 0x7d,     0xf9, 0x36, 0xc5, 0x50
-    },
-    {
-        /* Sample #2 */
-        0x30, 0x23, 0x9c, 0xf1,     0xf5, 0x2e, 0x66, 0x09
-    },
-    {
-        /* Sample #3 */
-        0x6c, 0x9f, 0x3e, 0xe4,     0x92, 0x3f, 0x6b, 0xe2
-    },
-    {
-        /* Sample #4 */
-        0x99, 0x42, 0x9b, 0xd0,     0xbF, 0x79, 0x04, 0xe5
-    }
-};
-
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_AES_C)
-/* AES AES-CMAC-PRF-128 Test Data */
-static const unsigned char PRFK[] = {
-    /* Key */
-    0x00, 0x01, 0x02, 0x03,     0x04, 0x05, 0x06, 0x07,
-    0x08, 0x09, 0x0a, 0x0b,     0x0c, 0x0d, 0x0e, 0x0f,
-    0xed, 0xcb
-};
-
-/* Sizes in bytes */
-static const size_t PRFKlen[NB_PRF_TESTS] = {
-    18,
-    16,
-    10
-};
-
-/* Message */
-static const unsigned char PRFM[] = {
-    0x00, 0x01, 0x02, 0x03,     0x04, 0x05, 0x06, 0x07,
-    0x08, 0x09, 0x0a, 0x0b,     0x0c, 0x0d, 0x0e, 0x0f,
-    0x10, 0x11, 0x12, 0x13
-};
-
-static const unsigned char PRFT[NB_PRF_TESTS][16] = {
-    {
-        0x84, 0xa3, 0x48, 0xa4,     0xa4, 0x5d, 0x23, 0x5b,
-        0xab, 0xff, 0xfc, 0x0d,     0x2b, 0x4d, 0xa0, 0x9a
-    },
-    {
-        0x98, 0x0a, 0xe8, 0x7b,     0x5f, 0x4c, 0x9c, 0x52,
-        0x14, 0xf5, 0xb6, 0xa8,     0x45, 0x5e, 0x4c, 0x2d
-    },
-    {
-        0x29, 0x0d, 0x9e, 0x11,     0x2e, 0xdb, 0x09, 0xee,
-        0x14, 0x1f, 0xcf, 0x64,     0xc0, 0xb7, 0x2f, 0x3d
-    }
-};
-#endif /* MBEDTLS_AES_C */
-
-static int cmac_test_subkeys( int verbose,
-                              const char* testname,
-                              const unsigned char* key,
-                              int keybits,
-                              const unsigned char* subkeys,
-                              mbedtls_cipher_type_t cipher_type,
-                              int block_size,
-                              int num_tests )
-{
-    int i, ret;
-    mbedtls_cipher_context_t ctx;
-    const mbedtls_cipher_info_t *cipher_info;
-    unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
-    unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
-
-    cipher_info = mbedtls_cipher_info_from_type( cipher_type );
-    if( cipher_info == NULL )
-    {
-        /* Failing at this point must be due to a build issue */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-    }
-
-    for( i = 0; i < num_tests; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  %s CMAC subkey #%u: ", testname, i + 1 );
-
-        mbedtls_cipher_init( &ctx );
-
-        if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "test execution failed\n" );
-
-            goto cleanup;
-        }
-
-        if( ( ret = mbedtls_cipher_setkey( &ctx, key, keybits,
-                                       MBEDTLS_ENCRYPT ) ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "test execution failed\n" );
-
-            goto cleanup;
-        }
-
-        ret = cmac_generate_subkeys( &ctx, K1, K2 );
-        if( ret != 0 )
-        {
-           if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            goto cleanup;
-        }
-
-        if( ( ret = memcmp( K1, subkeys, block_size ) ) != 0  ||
-            ( ret = memcmp( K2, &subkeys[block_size], block_size ) ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            goto cleanup;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-
-        mbedtls_cipher_free( &ctx );
-    }
-
-    goto exit;
-
-cleanup:
-    mbedtls_cipher_free( &ctx );
-
-exit:
-    return( ret );
-}
-
-static int cmac_test_wth_cipher( int verbose,
-                                 const char* testname,
-                                 const unsigned char* key,
-                                 int keybits,
-                                 const unsigned char* messages,
-                                 const unsigned int message_lengths[4],
-                                 const unsigned char* expected_result,
-                                 mbedtls_cipher_type_t cipher_type,
-                                 int block_size,
-                                 int num_tests )
-{
-    const mbedtls_cipher_info_t *cipher_info;
-    int i, ret;
-    unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
-
-    cipher_info = mbedtls_cipher_info_from_type( cipher_type );
-    if( cipher_info == NULL )
-    {
-        /* Failing at this point must be due to a build issue */
-        ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
-        goto exit;
-    }
-
-    for( i = 0; i < num_tests; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  %s CMAC #%u: ", testname, i + 1 );
-
-        if( ( ret = mbedtls_cipher_cmac( cipher_info, key, keybits, messages,
-                                         message_lengths[i], output ) ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-            goto exit;
-        }
-
-        if( ( ret = memcmp( output, &expected_result[i * block_size], block_size ) ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-exit:
-    return( ret );
-}
-
-#if defined(MBEDTLS_AES_C)
-static int test_aes128_cmac_prf( int verbose )
-{
-    int i;
-    int ret;
-    unsigned char output[MBEDTLS_AES_BLOCK_SIZE];
-
-    for( i = 0; i < NB_PRF_TESTS; i++ )
-    {
-        mbedtls_printf( "  AES CMAC 128 PRF #%u: ", i );
-        ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, output );
-        if( ret != 0 ||
-            memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 )
-        {
-
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            return( ret );
-        }
-        else if( verbose != 0 )
-        {
-            mbedtls_printf( "passed\n" );
-        }
-    }
-    return( ret );
-}
-#endif /* MBEDTLS_AES_C */
-
-int mbedtls_cmac_self_test( int verbose )
-{
-    int ret;
-
-#if defined(MBEDTLS_AES_C)
-    /* AES-128 */
-    if( ( ret = cmac_test_subkeys( verbose,
-                                   "AES 128",
-                                   aes_128_key,
-                                   128,
-                                   (const unsigned char*)aes_128_subkeys,
-                                   MBEDTLS_CIPHER_AES_128_ECB,
-                                   MBEDTLS_AES_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = cmac_test_wth_cipher( verbose,
-                                      "AES 128",
-                                      aes_128_key,
-                                      128,
-                                      test_message,
-                                      aes_message_lengths,
-                                      (const unsigned char*)aes_128_expected_result,
-                                      MBEDTLS_CIPHER_AES_128_ECB,
-                                      MBEDTLS_AES_BLOCK_SIZE,
-                                      NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    /* AES-192 */
-    if( ( ret = cmac_test_subkeys( verbose,
-                                   "AES 192",
-                                   aes_192_key,
-                                   192,
-                                   (const unsigned char*)aes_192_subkeys,
-                                   MBEDTLS_CIPHER_AES_192_ECB,
-                                   MBEDTLS_AES_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = cmac_test_wth_cipher( verbose,
-                                      "AES 192",
-                                      aes_192_key,
-                                      192,
-                                      test_message,
-                                      aes_message_lengths,
-                                      (const unsigned char*)aes_192_expected_result,
-                                      MBEDTLS_CIPHER_AES_192_ECB,
-                                      MBEDTLS_AES_BLOCK_SIZE,
-                                      NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    /* AES-256 */
-    if( ( ret = cmac_test_subkeys( verbose,
-                                   "AES 256",
-                                   aes_256_key,
-                                   256,
-                                   (const unsigned char*)aes_256_subkeys,
-                                   MBEDTLS_CIPHER_AES_256_ECB,
-                                   MBEDTLS_AES_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = cmac_test_wth_cipher ( verbose,
-                                       "AES 256",
-                                       aes_256_key,
-                                       256,
-                                       test_message,
-                                       aes_message_lengths,
-                                       (const unsigned char*)aes_256_expected_result,
-                                       MBEDTLS_CIPHER_AES_256_ECB,
-                                       MBEDTLS_AES_BLOCK_SIZE,
-                                       NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_DES_C)
-    /* 3DES 2 key */
-    if( ( ret = cmac_test_subkeys( verbose,
-                                   "3DES 2 key",
-                                   des3_2key_key,
-                                   192,
-                                   (const unsigned char*)des3_2key_subkeys,
-                                   MBEDTLS_CIPHER_DES_EDE3_ECB,
-                                   MBEDTLS_DES3_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = cmac_test_wth_cipher( verbose,
-                                      "3DES 2 key",
-                                      des3_2key_key,
-                                      192,
-                                      test_message,
-                                      des3_message_lengths,
-                                      (const unsigned char*)des3_2key_expected_result,
-                                      MBEDTLS_CIPHER_DES_EDE3_ECB,
-                                      MBEDTLS_DES3_BLOCK_SIZE,
-                                      NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    /* 3DES 3 key */
-    if( ( ret = cmac_test_subkeys( verbose,
-                                   "3DES 3 key",
-                                   des3_3key_key,
-                                   192,
-                                   (const unsigned char*)des3_3key_subkeys,
-                                   MBEDTLS_CIPHER_DES_EDE3_ECB,
-                                   MBEDTLS_DES3_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = cmac_test_wth_cipher( verbose,
-                                      "3DES 3 key",
-                                      des3_3key_key,
-                                      192,
-                                      test_message,
-                                      des3_message_lengths,
-                                      (const unsigned char*)des3_3key_expected_result,
-                                      MBEDTLS_CIPHER_DES_EDE3_ECB,
-                                      MBEDTLS_DES3_BLOCK_SIZE,
-                                      NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_AES_C)
-    if( ( ret = test_aes128_cmac_prf( verbose ) ) != 0 )
-        return( ret );
-#endif /* MBEDTLS_AES_C */
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_CMAC_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/ctr_drbg.c b/components/ssl/mbedtls/mbedtls/library/ctr_drbg.c
deleted file mode 100644
index ff532a01..00000000
--- a/components/ssl/mbedtls/mbedtls/library/ctr_drbg.c
+++ /dev/null
@@ -1,654 +0,0 @@
-/*
- *  CTR_DRBG implementation based on AES-256 (NIST SP 800-90)
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  The NIST SP 800-90 DRBGs are described in the following publication.
- *
- *  http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_CTR_DRBG_C)
-
-#include "mbedtls/ctr_drbg.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- * CTR_DRBG context initialization
- */
-void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_ctr_drbg_context ) );
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
-#endif
-}
-
-/*
- * Non-public function wrapped by mbedtls_ctr_drbg_seed(). Necessary to allow
- * NIST tests to succeed (which require known length fixed entropy)
- */
-int mbedtls_ctr_drbg_seed_entropy_len(
-                   mbedtls_ctr_drbg_context *ctx,
-                   int (*f_entropy)(void *, unsigned char *, size_t),
-                   void *p_entropy,
-                   const unsigned char *custom,
-                   size_t len,
-                   size_t entropy_len )
-{
-    int ret;
-    unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
-
-    memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE );
-
-    mbedtls_aes_init( &ctx->aes_ctx );
-
-    ctx->f_entropy = f_entropy;
-    ctx->p_entropy = p_entropy;
-
-    ctx->entropy_len = entropy_len;
-    ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
-
-    /*
-     * Initialize with an empty key
-     */
-    if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = mbedtls_ctr_drbg_reseed( ctx, custom, len ) ) != 0 )
-    {
-        return( ret );
-    }
-    return( 0 );
-}
-
-int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
-                   int (*f_entropy)(void *, unsigned char *, size_t),
-                   void *p_entropy,
-                   const unsigned char *custom,
-                   size_t len )
-{
-    return( mbedtls_ctr_drbg_seed_entropy_len( ctx, f_entropy, p_entropy, custom, len,
-                                       MBEDTLS_CTR_DRBG_ENTROPY_LEN ) );
-}
-
-void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free( &ctx->mutex );
-#endif
-    mbedtls_aes_free( &ctx->aes_ctx );
-    mbedtls_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
-}
-
-void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, int resistance )
-{
-    ctx->prediction_resistance = resistance;
-}
-
-void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx, size_t len )
-{
-    ctx->entropy_len = len;
-}
-
-void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, int interval )
-{
-    ctx->reseed_interval = interval;
-}
-
-static int block_cipher_df( unsigned char *output,
-                            const unsigned char *data, size_t data_len )
-{
-    unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16];
-    unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
-    unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
-    unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE];
-    unsigned char *p, *iv;
-    mbedtls_aes_context aes_ctx;
-    int ret = 0;
-
-    int i, j;
-    size_t buf_len, use_len;
-
-    if( data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
-
-    memset( buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16 );
-    mbedtls_aes_init( &aes_ctx );
-
-    /*
-     * Construct IV (16 bytes) and S in buffer
-     * IV = Counter (in 32-bits) padded to 16 with zeroes
-     * S = Length input string (in 32-bits) || Length of output (in 32-bits) ||
-     *     data || 0x80
-     *     (Total is padded to a multiple of 16-bytes with zeroes)
-     */
-    p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE;
-    *p++ = ( data_len >> 24 ) & 0xff;
-    *p++ = ( data_len >> 16 ) & 0xff;
-    *p++ = ( data_len >> 8  ) & 0xff;
-    *p++ = ( data_len       ) & 0xff;
-    p += 3;
-    *p++ = MBEDTLS_CTR_DRBG_SEEDLEN;
-    memcpy( p, data, data_len );
-    p[data_len] = 0x80;
-
-    buf_len = MBEDTLS_CTR_DRBG_BLOCKSIZE + 8 + data_len + 1;
-
-    for( i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++ )
-        key[i] = i;
-
-    if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
-    {
-        goto exit;
-    }
-
-    /*
-     * Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data
-     */
-    for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
-    {
-        p = buf;
-        memset( chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE );
-        use_len = buf_len;
-
-        while( use_len > 0 )
-        {
-            for( i = 0; i < MBEDTLS_CTR_DRBG_BLOCKSIZE; i++ )
-                chain[i] ^= p[i];
-            p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
-            use_len -= ( use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE ) ?
-                       MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len;
-
-            if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, chain, chain ) ) != 0 )
-            {
-                goto exit;
-            }
-        }
-
-        memcpy( tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE );
-
-        /*
-         * Update IV
-         */
-        buf[3]++;
-    }
-
-    /*
-     * Do final encryption with reduced data
-     */
-    if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
-    {
-        goto exit;
-    }
-    iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE;
-    p = output;
-
-    for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
-    {
-        if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, iv, iv ) ) != 0 )
-        {
-            goto exit;
-        }
-        memcpy( p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE );
-        p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
-    }
-exit:
-    mbedtls_aes_free( &aes_ctx );
-    /*
-    * tidy up the stack
-    */
-    mbedtls_zeroize( buf, sizeof( buf ) );
-    mbedtls_zeroize( tmp, sizeof( tmp ) );
-    mbedtls_zeroize( key, sizeof( key ) );
-    mbedtls_zeroize( chain, sizeof( chain ) );
-    if( 0 != ret )
-    {
-        /*
-        * wipe partial seed from memory
-        */
-        mbedtls_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN );
-    }
-
-    return( ret );
-}
-
-static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
-                              const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] )
-{
-    unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
-    unsigned char *p = tmp;
-    int i, j;
-    int ret = 0;
-
-    memset( tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN );
-
-    for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
-    {
-        /*
-         * Increase counter
-         */
-        for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
-            if( ++ctx->counter[i - 1] != 0 )
-                break;
-
-        /*
-         * Crypt counter block
-         */
-        if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, p ) ) != 0 )
-        {
-            return( ret );
-        }
-
-        p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
-    }
-
-    for( i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++ )
-        tmp[i] ^= data[i];
-
-    /*
-     * Update key and counter
-     */
-    if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
-    {
-        return( ret );
-    }
-    memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, MBEDTLS_CTR_DRBG_BLOCKSIZE );
-
-    return( 0 );
-}
-
-void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
-                      const unsigned char *additional, size_t add_len )
-{
-    unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
-
-    if( add_len > 0 )
-    {
-        /* MAX_INPUT would be more logical here, but we have to match
-         * block_cipher_df()'s limits since we can't propagate errors */
-        if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
-            add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT;
-
-        block_cipher_df( add_input, additional, add_len );
-        ctr_drbg_update_internal( ctx, add_input );
-    }
-}
-
-int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
-                     const unsigned char *additional, size_t len )
-{
-    unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT];
-    size_t seedlen = 0;
-    int ret;
-
-    if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ||
-        len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
-
-    memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT );
-
-    /*
-     * Gather entropy_len bytes of entropy to seed state
-     */
-    if( 0 != ctx->f_entropy( ctx->p_entropy, seed,
-                             ctx->entropy_len ) )
-    {
-        return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
-    }
-
-    seedlen += ctx->entropy_len;
-
-    /*
-     * Add additional data
-     */
-    if( additional && len )
-    {
-        memcpy( seed + seedlen, additional, len );
-        seedlen += len;
-    }
-
-    /*
-     * Reduce to 384 bits
-     */
-    if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    /*
-     * Update state
-     */
-    if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 )
-    {
-        return( ret );
-    }
-    ctx->reseed_counter = 1;
-
-    return( 0 );
-}
-
-int mbedtls_ctr_drbg_random_with_add( void *p_rng,
-                              unsigned char *output, size_t output_len,
-                              const unsigned char *additional, size_t add_len )
-{
-    int ret = 0;
-    mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
-    unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
-    unsigned char *p = output;
-    unsigned char tmp[MBEDTLS_CTR_DRBG_BLOCKSIZE];
-    int i;
-    size_t use_len;
-
-    if( output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST )
-        return( MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG );
-
-    if( add_len > MBEDTLS_CTR_DRBG_MAX_INPUT )
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
-
-    memset( add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN );
-
-    if( ctx->reseed_counter > ctx->reseed_interval ||
-        ctx->prediction_resistance )
-    {
-        if( ( ret = mbedtls_ctr_drbg_reseed( ctx, additional, add_len ) ) != 0 )
-        {
-            return( ret );
-        }
-        add_len = 0;
-    }
-
-    if( add_len > 0 )
-    {
-        if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
-        {
-            return( ret );
-        }
-        if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
-        {
-            return( ret );
-        }
-    }
-
-    while( output_len > 0 )
-    {
-        /*
-         * Increase counter
-         */
-        for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
-            if( ++ctx->counter[i - 1] != 0 )
-                break;
-
-        /*
-         * Crypt counter block
-         */
-        if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, tmp ) ) != 0 )
-        {
-            return( ret );
-        }
-
-        use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE ) ? MBEDTLS_CTR_DRBG_BLOCKSIZE :
-                                                       output_len;
-        /*
-         * Copy random block to destination
-         */
-        memcpy( p, tmp, use_len );
-        p += use_len;
-        output_len -= use_len;
-    }
-
-    if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    ctx->reseed_counter++;
-
-    return( 0 );
-}
-
-int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len )
-{
-    int ret;
-    mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    ret = mbedtls_ctr_drbg_random_with_add( ctx, output, output_len, NULL, 0 );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_FS_IO)
-int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path )
-{
-    int ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
-    FILE *f;
-    unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
-
-    if( ( f = fopen( path, "wb" ) ) == NULL )
-        return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
-
-    if( ( ret = mbedtls_ctr_drbg_random( ctx, buf, MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 )
-        goto exit;
-
-    if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) != MBEDTLS_CTR_DRBG_MAX_INPUT )
-        ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
-    else
-        ret = 0;
-
-exit:
-    mbedtls_zeroize( buf, sizeof( buf ) );
-
-    fclose( f );
-    return( ret );
-}
-
-int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path )
-{
-    int ret = 0;
-    FILE *f;
-    size_t n;
-    unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
-
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
-
-    fseek( f, 0, SEEK_END );
-    n = (size_t) ftell( f );
-    fseek( f, 0, SEEK_SET );
-
-    if( n > MBEDTLS_CTR_DRBG_MAX_INPUT )
-    {
-        fclose( f );
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
-    }
-
-    if( fread( buf, 1, n, f ) != n )
-        ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
-    else
-        mbedtls_ctr_drbg_update( ctx, buf, n );
-
-    fclose( f );
-
-    mbedtls_zeroize( buf, sizeof( buf ) );
-
-    if( ret != 0 )
-        return( ret );
-
-    return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) );
-}
-#endif /* MBEDTLS_FS_IO */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-static const unsigned char entropy_source_pr[96] =
-    { 0xc1, 0x80, 0x81, 0xa6, 0x5d, 0x44, 0x02, 0x16,
-      0x19, 0xb3, 0xf1, 0x80, 0xb1, 0xc9, 0x20, 0x02,
-      0x6a, 0x54, 0x6f, 0x0c, 0x70, 0x81, 0x49, 0x8b,
-      0x6e, 0xa6, 0x62, 0x52, 0x6d, 0x51, 0xb1, 0xcb,
-      0x58, 0x3b, 0xfa, 0xd5, 0x37, 0x5f, 0xfb, 0xc9,
-      0xff, 0x46, 0xd2, 0x19, 0xc7, 0x22, 0x3e, 0x95,
-      0x45, 0x9d, 0x82, 0xe1, 0xe7, 0x22, 0x9f, 0x63,
-      0x31, 0x69, 0xd2, 0x6b, 0x57, 0x47, 0x4f, 0xa3,
-      0x37, 0xc9, 0x98, 0x1c, 0x0b, 0xfb, 0x91, 0x31,
-      0x4d, 0x55, 0xb9, 0xe9, 0x1c, 0x5a, 0x5e, 0xe4,
-      0x93, 0x92, 0xcf, 0xc5, 0x23, 0x12, 0xd5, 0x56,
-      0x2c, 0x4a, 0x6e, 0xff, 0xdc, 0x10, 0xd0, 0x68 };
-
-static const unsigned char entropy_source_nopr[64] =
-    { 0x5a, 0x19, 0x4d, 0x5e, 0x2b, 0x31, 0x58, 0x14,
-      0x54, 0xde, 0xf6, 0x75, 0xfb, 0x79, 0x58, 0xfe,
-      0xc7, 0xdb, 0x87, 0x3e, 0x56, 0x89, 0xfc, 0x9d,
-      0x03, 0x21, 0x7c, 0x68, 0xd8, 0x03, 0x38, 0x20,
-      0xf9, 0xe6, 0x5e, 0x04, 0xd8, 0x56, 0xf3, 0xa9,
-      0xc4, 0x4a, 0x4c, 0xbd, 0xc1, 0xd0, 0x08, 0x46,
-      0xf5, 0x98, 0x3d, 0x77, 0x1c, 0x1b, 0x13, 0x7e,
-      0x4e, 0x0f, 0x9d, 0x8e, 0xf4, 0x09, 0xf9, 0x2e };
-
-static const unsigned char nonce_pers_pr[16] =
-    { 0xd2, 0x54, 0xfc, 0xff, 0x02, 0x1e, 0x69, 0xd2,
-      0x29, 0xc9, 0xcf, 0xad, 0x85, 0xfa, 0x48, 0x6c };
-
-static const unsigned char nonce_pers_nopr[16] =
-    { 0x1b, 0x54, 0xb8, 0xff, 0x06, 0x42, 0xbf, 0xf5,
-      0x21, 0xf1, 0x5c, 0x1c, 0x0b, 0x66, 0x5f, 0x3f };
-
-static const unsigned char result_pr[16] =
-    { 0x34, 0x01, 0x16, 0x56, 0xb4, 0x29, 0x00, 0x8f,
-      0x35, 0x63, 0xec, 0xb5, 0xf2, 0x59, 0x07, 0x23 };
-
-static const unsigned char result_nopr[16] =
-    { 0xa0, 0x54, 0x30, 0x3d, 0x8a, 0x7e, 0xa9, 0x88,
-      0x9d, 0x90, 0x3e, 0x07, 0x7c, 0x6f, 0x21, 0x8f };
-
-static size_t test_offset;
-static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf,
-                                       size_t len )
-{
-    const unsigned char *p = data;
-    memcpy( buf, p + test_offset, len );
-    test_offset += len;
-    return( 0 );
-}
-
-#define CHK( c )    if( (c) != 0 )                          \
-                    {                                       \
-                        if( verbose != 0 )                  \
-                            mbedtls_printf( "failed\n" );  \
-                        return( 1 );                        \
-                    }
-
-/*
- * Checkup routine
- */
-int mbedtls_ctr_drbg_self_test( int verbose )
-{
-    mbedtls_ctr_drbg_context ctx;
-    unsigned char buf[16];
-
-    mbedtls_ctr_drbg_init( &ctx );
-
-    /*
-     * Based on a NIST CTR_DRBG test vector (PR = True)
-     */
-    if( verbose != 0 )
-        mbedtls_printf( "  CTR_DRBG (PR = TRUE) : " );
-
-    test_offset = 0;
-    CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
-                                (void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) );
-    mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
-    CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
-    CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
-    CHK( memcmp( buf, result_pr, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
-
-    mbedtls_ctr_drbg_free( &ctx );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    /*
-     * Based on a NIST CTR_DRBG test vector (PR = FALSE)
-     */
-    if( verbose != 0 )
-        mbedtls_printf( "  CTR_DRBG (PR = FALSE): " );
-
-    mbedtls_ctr_drbg_init( &ctx );
-
-    test_offset = 0;
-    CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
-                            (void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
-    CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
-    CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) );
-    CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
-    CHK( memcmp( buf, result_nopr, 16 ) );
-
-    mbedtls_ctr_drbg_free( &ctx );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    if( verbose != 0 )
-            mbedtls_printf( "\n" );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_CTR_DRBG_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/debug.c b/components/ssl/mbedtls/mbedtls/library/debug.c
deleted file mode 100644
index db3924ac..00000000
--- a/components/ssl/mbedtls/mbedtls/library/debug.c
+++ /dev/null
@@ -1,368 +0,0 @@
-/*
- *  Debugging routines
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_DEBUG_C)
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc      calloc
-#define mbedtls_free        free
-#define mbedtls_time_t      time_t
-#define mbedtls_snprintf    snprintf
-#endif
-
-#include "mbedtls/debug.h"
-
-#include <stdarg.h>
-#include <stdio.h>
-#include <string.h>
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-#define DEBUG_BUF_SIZE      512
-
-static int debug_threshold = 0;
-
-void mbedtls_debug_set_threshold( int threshold )
-{
-    debug_threshold = threshold;
-}
-
-/*
- * All calls to f_dbg must be made via this function
- */
-static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level,
-                                    const char *file, int line,
-                                    const char *str )
-{
-    /*
-     * If in a threaded environment, we need a thread identifier.
-     * Since there is no portable way to get one, use the address of the ssl
-     * context instead, as it shouldn't be shared between threads.
-     */
-#if defined(MBEDTLS_THREADING_C)
-    char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */
-    mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", (void*)ssl, str );
-    ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr );
-#else
-    ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
-#endif
-}
-
-void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
-                              const char *file, int line,
-                              const char *format, ... )
-{
-    va_list argp;
-    char str[DEBUG_BUF_SIZE];
-    int ret;
-
-    if( NULL == ssl || NULL == ssl->conf || NULL == ssl->conf->f_dbg || level > debug_threshold )
-        return;
-
-    va_start( argp, format );
-#if defined(_WIN32)
-#if defined(_TRUNCATE) && !defined(__MINGW32__)
-    ret = _vsnprintf_s( str, DEBUG_BUF_SIZE, _TRUNCATE, format, argp );
-#else
-    ret = _vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
-    if( ret < 0 || (size_t) ret == DEBUG_BUF_SIZE )
-    {
-        str[DEBUG_BUF_SIZE-1] = '\0';
-        ret = -1;
-    }
-#endif
-#else
-    ret = vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
-#endif
-    va_end( argp );
-
-    if( ret >= 0 && ret < DEBUG_BUF_SIZE - 1 )
-    {
-        str[ret]     = '\n';
-        str[ret + 1] = '\0';
-    }
-
-    debug_send_line( ssl, level, file, line, str );
-}
-
-void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, int ret )
-{
-    char str[DEBUG_BUF_SIZE];
-
-    if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
-        return;
-
-    /*
-     * With non-blocking I/O and examples that just retry immediately,
-     * the logs would be quickly flooded with WANT_READ, so ignore that.
-     * Don't ignore WANT_WRITE however, since is is usually rare.
-     */
-    if( ret == MBEDTLS_ERR_SSL_WANT_READ )
-        return;
-
-    mbedtls_snprintf( str, sizeof( str ), "%s() returned %d (-0x%04x)\n",
-              text, ret, -ret );
-
-    debug_send_line( ssl, level, file, line, str );
-}
-
-void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line, const char *text,
-                      const unsigned char *buf, size_t len )
-{
-    char str[DEBUG_BUF_SIZE];
-    char txt[17];
-    size_t i, idx = 0;
-
-    if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
-        return;
-
-    mbedtls_snprintf( str + idx, sizeof( str ) - idx, "dumping '%s' (%u bytes)\n",
-              text, (unsigned int) len );
-
-    debug_send_line( ssl, level, file, line, str );
-
-    idx = 0;
-    memset( txt, 0, sizeof( txt ) );
-    for( i = 0; i < len; i++ )
-    {
-        if( i >= 4096 )
-            break;
-
-        if( i % 16 == 0 )
-        {
-            if( i > 0 )
-            {
-                mbedtls_snprintf( str + idx, sizeof( str ) - idx, "  %s\n", txt );
-                debug_send_line( ssl, level, file, line, str );
-
-                idx = 0;
-                memset( txt, 0, sizeof( txt ) );
-            }
-
-            idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, "%04x: ",
-                             (unsigned int) i );
-
-        }
-
-        idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x",
-                         (unsigned int) buf[i] );
-        txt[i % 16] = ( buf[i] > 31 && buf[i] < 127 ) ? buf[i] : '.' ;
-    }
-
-    if( len > 0 )
-    {
-        for( /* i = i */; i % 16 != 0; i++ )
-            idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, "   " );
-
-        mbedtls_snprintf( str + idx, sizeof( str ) - idx, "  %s\n", txt );
-        debug_send_line( ssl, level, file, line, str );
-    }
-}
-
-#if defined(MBEDTLS_ECP_C)
-void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_ecp_point *X )
-{
-    char str[DEBUG_BUF_SIZE];
-
-    if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold )
-        return;
-
-    mbedtls_snprintf( str, sizeof( str ), "%s(X)", text );
-    mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->X );
-
-    mbedtls_snprintf( str, sizeof( str ), "%s(Y)", text );
-    mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->Y );
-}
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_BIGNUM_C)
-void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_mpi *X )
-{
-    char str[DEBUG_BUF_SIZE];
-    int j, k, zeros = 1;
-    size_t i, n, idx = 0;
-
-    if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || X == NULL || level > debug_threshold )
-        return;
-
-    for( n = X->n - 1; n > 0; n-- )
-        if( X->p[n] != 0 )
-            break;
-
-    for( j = ( sizeof(mbedtls_mpi_uint) << 3 ) - 1; j >= 0; j-- )
-        if( ( ( X->p[n] >> j ) & 1 ) != 0 )
-            break;
-
-    mbedtls_snprintf( str + idx, sizeof( str ) - idx, "value of '%s' (%d bits) is:\n",
-              text, (int) ( ( n * ( sizeof(mbedtls_mpi_uint) << 3 ) ) + j + 1 ) );
-
-    debug_send_line( ssl, level, file, line, str );
-
-    idx = 0;
-    for( i = n + 1, j = 0; i > 0; i-- )
-    {
-        if( zeros && X->p[i - 1] == 0 )
-            continue;
-
-        for( k = sizeof( mbedtls_mpi_uint ) - 1; k >= 0; k-- )
-        {
-            if( zeros && ( ( X->p[i - 1] >> ( k << 3 ) ) & 0xFF ) == 0 )
-                continue;
-            else
-                zeros = 0;
-
-            if( j % 16 == 0 )
-            {
-                if( j > 0 )
-                {
-                    mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
-                    debug_send_line( ssl, level, file, line, str );
-                    idx = 0;
-                }
-            }
-
-            idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", (unsigned int)
-                             ( X->p[i - 1] >> ( k << 3 ) ) & 0xFF );
-
-            j++;
-        }
-
-    }
-
-    if( zeros == 1 )
-        idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " 00" );
-
-    mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
-    debug_send_line( ssl, level, file, line, str );
-}
-#endif /* MBEDTLS_BIGNUM_C */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-static void debug_print_pk( const mbedtls_ssl_context *ssl, int level,
-                            const char *file, int line,
-                            const char *text, const mbedtls_pk_context *pk )
-{
-    size_t i;
-    mbedtls_pk_debug_item items[MBEDTLS_PK_DEBUG_MAX_ITEMS];
-    char name[16];
-
-    memset( items, 0, sizeof( items ) );
-
-    if( mbedtls_pk_debug( pk, items ) != 0 )
-    {
-        debug_send_line( ssl, level, file, line,
-                          "invalid PK context\n" );
-        return;
-    }
-
-    for( i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++ )
-    {
-        if( items[i].type == MBEDTLS_PK_DEBUG_NONE )
-            return;
-
-        mbedtls_snprintf( name, sizeof( name ), "%s%s", text, items[i].name );
-        name[sizeof( name ) - 1] = '\0';
-
-        if( items[i].type == MBEDTLS_PK_DEBUG_MPI )
-            mbedtls_debug_print_mpi( ssl, level, file, line, name, items[i].value );
-        else
-#if defined(MBEDTLS_ECP_C)
-        if( items[i].type == MBEDTLS_PK_DEBUG_ECP )
-            mbedtls_debug_print_ecp( ssl, level, file, line, name, items[i].value );
-        else
-#endif
-            debug_send_line( ssl, level, file, line,
-                              "should not happen\n" );
-    }
-}
-
-static void debug_print_line_by_line( const mbedtls_ssl_context *ssl, int level,
-                                      const char *file, int line, const char *text )
-{
-    char str[DEBUG_BUF_SIZE];
-    const char *start, *cur;
-
-    start = text;
-    for( cur = text; *cur != '\0'; cur++ )
-    {
-        if( *cur == '\n' )
-        {
-            size_t len = cur - start + 1;
-            if( len > DEBUG_BUF_SIZE - 1 )
-                len = DEBUG_BUF_SIZE - 1;
-
-            memcpy( str, start, len );
-            str[len] = '\0';
-
-            debug_send_line( ssl, level, file, line, str );
-
-            start = cur + 1;
-        }
-    }
-}
-
-void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_x509_crt *crt )
-{
-    char str[DEBUG_BUF_SIZE];
-    int i = 0;
-
-    if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || crt == NULL || level > debug_threshold )
-        return;
-
-    while( crt != NULL )
-    {
-        char buf[1024];
-
-        mbedtls_snprintf( str, sizeof( str ), "%s #%d:\n", text, ++i );
-        debug_send_line( ssl, level, file, line, str );
-
-        mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
-        debug_print_line_by_line( ssl, level, file, line, buf );
-
-        debug_print_pk( ssl, level, file, line, "crt->", &crt->pk );
-
-        crt = crt->next;
-    }
-}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#endif /* MBEDTLS_DEBUG_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/des.c b/components/ssl/mbedtls/mbedtls/library/des.c
deleted file mode 100644
index 09f95cfc..00000000
--- a/components/ssl/mbedtls/mbedtls/library/des.c
+++ /dev/null
@@ -1,1061 +0,0 @@
-/*
- *  FIPS-46-3 compliant Triple-DES implementation
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  DES, on which TDES is based, was originally designed by Horst Feistel
- *  at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
- *
- *  http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_DES_C)
-
-#include "mbedtls/des.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#if !defined(MBEDTLS_DES_ALT)
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
-        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 3]       );            \
-}
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
-}
-#endif
-
-/*
- * Expanded DES S-boxes
- */
-static const uint32_t SB1[64] =
-{
-    0x01010400, 0x00000000, 0x00010000, 0x01010404,
-    0x01010004, 0x00010404, 0x00000004, 0x00010000,
-    0x00000400, 0x01010400, 0x01010404, 0x00000400,
-    0x01000404, 0x01010004, 0x01000000, 0x00000004,
-    0x00000404, 0x01000400, 0x01000400, 0x00010400,
-    0x00010400, 0x01010000, 0x01010000, 0x01000404,
-    0x00010004, 0x01000004, 0x01000004, 0x00010004,
-    0x00000000, 0x00000404, 0x00010404, 0x01000000,
-    0x00010000, 0x01010404, 0x00000004, 0x01010000,
-    0x01010400, 0x01000000, 0x01000000, 0x00000400,
-    0x01010004, 0x00010000, 0x00010400, 0x01000004,
-    0x00000400, 0x00000004, 0x01000404, 0x00010404,
-    0x01010404, 0x00010004, 0x01010000, 0x01000404,
-    0x01000004, 0x00000404, 0x00010404, 0x01010400,
-    0x00000404, 0x01000400, 0x01000400, 0x00000000,
-    0x00010004, 0x00010400, 0x00000000, 0x01010004
-};
-
-static const uint32_t SB2[64] =
-{
-    0x80108020, 0x80008000, 0x00008000, 0x00108020,
-    0x00100000, 0x00000020, 0x80100020, 0x80008020,
-    0x80000020, 0x80108020, 0x80108000, 0x80000000,
-    0x80008000, 0x00100000, 0x00000020, 0x80100020,
-    0x00108000, 0x00100020, 0x80008020, 0x00000000,
-    0x80000000, 0x00008000, 0x00108020, 0x80100000,
-    0x00100020, 0x80000020, 0x00000000, 0x00108000,
-    0x00008020, 0x80108000, 0x80100000, 0x00008020,
-    0x00000000, 0x00108020, 0x80100020, 0x00100000,
-    0x80008020, 0x80100000, 0x80108000, 0x00008000,
-    0x80100000, 0x80008000, 0x00000020, 0x80108020,
-    0x00108020, 0x00000020, 0x00008000, 0x80000000,
-    0x00008020, 0x80108000, 0x00100000, 0x80000020,
-    0x00100020, 0x80008020, 0x80000020, 0x00100020,
-    0x00108000, 0x00000000, 0x80008000, 0x00008020,
-    0x80000000, 0x80100020, 0x80108020, 0x00108000
-};
-
-static const uint32_t SB3[64] =
-{
-    0x00000208, 0x08020200, 0x00000000, 0x08020008,
-    0x08000200, 0x00000000, 0x00020208, 0x08000200,
-    0x00020008, 0x08000008, 0x08000008, 0x00020000,
-    0x08020208, 0x00020008, 0x08020000, 0x00000208,
-    0x08000000, 0x00000008, 0x08020200, 0x00000200,
-    0x00020200, 0x08020000, 0x08020008, 0x00020208,
-    0x08000208, 0x00020200, 0x00020000, 0x08000208,
-    0x00000008, 0x08020208, 0x00000200, 0x08000000,
-    0x08020200, 0x08000000, 0x00020008, 0x00000208,
-    0x00020000, 0x08020200, 0x08000200, 0x00000000,
-    0x00000200, 0x00020008, 0x08020208, 0x08000200,
-    0x08000008, 0x00000200, 0x00000000, 0x08020008,
-    0x08000208, 0x00020000, 0x08000000, 0x08020208,
-    0x00000008, 0x00020208, 0x00020200, 0x08000008,
-    0x08020000, 0x08000208, 0x00000208, 0x08020000,
-    0x00020208, 0x00000008, 0x08020008, 0x00020200
-};
-
-static const uint32_t SB4[64] =
-{
-    0x00802001, 0x00002081, 0x00002081, 0x00000080,
-    0x00802080, 0x00800081, 0x00800001, 0x00002001,
-    0x00000000, 0x00802000, 0x00802000, 0x00802081,
-    0x00000081, 0x00000000, 0x00800080, 0x00800001,
-    0x00000001, 0x00002000, 0x00800000, 0x00802001,
-    0x00000080, 0x00800000, 0x00002001, 0x00002080,
-    0x00800081, 0x00000001, 0x00002080, 0x00800080,
-    0x00002000, 0x00802080, 0x00802081, 0x00000081,
-    0x00800080, 0x00800001, 0x00802000, 0x00802081,
-    0x00000081, 0x00000000, 0x00000000, 0x00802000,
-    0x00002080, 0x00800080, 0x00800081, 0x00000001,
-    0x00802001, 0x00002081, 0x00002081, 0x00000080,
-    0x00802081, 0x00000081, 0x00000001, 0x00002000,
-    0x00800001, 0x00002001, 0x00802080, 0x00800081,
-    0x00002001, 0x00002080, 0x00800000, 0x00802001,
-    0x00000080, 0x00800000, 0x00002000, 0x00802080
-};
-
-static const uint32_t SB5[64] =
-{
-    0x00000100, 0x02080100, 0x02080000, 0x42000100,
-    0x00080000, 0x00000100, 0x40000000, 0x02080000,
-    0x40080100, 0x00080000, 0x02000100, 0x40080100,
-    0x42000100, 0x42080000, 0x00080100, 0x40000000,
-    0x02000000, 0x40080000, 0x40080000, 0x00000000,
-    0x40000100, 0x42080100, 0x42080100, 0x02000100,
-    0x42080000, 0x40000100, 0x00000000, 0x42000000,
-    0x02080100, 0x02000000, 0x42000000, 0x00080100,
-    0x00080000, 0x42000100, 0x00000100, 0x02000000,
-    0x40000000, 0x02080000, 0x42000100, 0x40080100,
-    0x02000100, 0x40000000, 0x42080000, 0x02080100,
-    0x40080100, 0x00000100, 0x02000000, 0x42080000,
-    0x42080100, 0x00080100, 0x42000000, 0x42080100,
-    0x02080000, 0x00000000, 0x40080000, 0x42000000,
-    0x00080100, 0x02000100, 0x40000100, 0x00080000,
-    0x00000000, 0x40080000, 0x02080100, 0x40000100
-};
-
-static const uint32_t SB6[64] =
-{
-    0x20000010, 0x20400000, 0x00004000, 0x20404010,
-    0x20400000, 0x00000010, 0x20404010, 0x00400000,
-    0x20004000, 0x00404010, 0x00400000, 0x20000010,
-    0x00400010, 0x20004000, 0x20000000, 0x00004010,
-    0x00000000, 0x00400010, 0x20004010, 0x00004000,
-    0x00404000, 0x20004010, 0x00000010, 0x20400010,
-    0x20400010, 0x00000000, 0x00404010, 0x20404000,
-    0x00004010, 0x00404000, 0x20404000, 0x20000000,
-    0x20004000, 0x00000010, 0x20400010, 0x00404000,
-    0x20404010, 0x00400000, 0x00004010, 0x20000010,
-    0x00400000, 0x20004000, 0x20000000, 0x00004010,
-    0x20000010, 0x20404010, 0x00404000, 0x20400000,
-    0x00404010, 0x20404000, 0x00000000, 0x20400010,
-    0x00000010, 0x00004000, 0x20400000, 0x00404010,
-    0x00004000, 0x00400010, 0x20004010, 0x00000000,
-    0x20404000, 0x20000000, 0x00400010, 0x20004010
-};
-
-static const uint32_t SB7[64] =
-{
-    0x00200000, 0x04200002, 0x04000802, 0x00000000,
-    0x00000800, 0x04000802, 0x00200802, 0x04200800,
-    0x04200802, 0x00200000, 0x00000000, 0x04000002,
-    0x00000002, 0x04000000, 0x04200002, 0x00000802,
-    0x04000800, 0x00200802, 0x00200002, 0x04000800,
-    0x04000002, 0x04200000, 0x04200800, 0x00200002,
-    0x04200000, 0x00000800, 0x00000802, 0x04200802,
-    0x00200800, 0x00000002, 0x04000000, 0x00200800,
-    0x04000000, 0x00200800, 0x00200000, 0x04000802,
-    0x04000802, 0x04200002, 0x04200002, 0x00000002,
-    0x00200002, 0x04000000, 0x04000800, 0x00200000,
-    0x04200800, 0x00000802, 0x00200802, 0x04200800,
-    0x00000802, 0x04000002, 0x04200802, 0x04200000,
-    0x00200800, 0x00000000, 0x00000002, 0x04200802,
-    0x00000000, 0x00200802, 0x04200000, 0x00000800,
-    0x04000002, 0x04000800, 0x00000800, 0x00200002
-};
-
-static const uint32_t SB8[64] =
-{
-    0x10001040, 0x00001000, 0x00040000, 0x10041040,
-    0x10000000, 0x10001040, 0x00000040, 0x10000000,
-    0x00040040, 0x10040000, 0x10041040, 0x00041000,
-    0x10041000, 0x00041040, 0x00001000, 0x00000040,
-    0x10040000, 0x10000040, 0x10001000, 0x00001040,
-    0x00041000, 0x00040040, 0x10040040, 0x10041000,
-    0x00001040, 0x00000000, 0x00000000, 0x10040040,
-    0x10000040, 0x10001000, 0x00041040, 0x00040000,
-    0x00041040, 0x00040000, 0x10041000, 0x00001000,
-    0x00000040, 0x10040040, 0x00001000, 0x00041040,
-    0x10001000, 0x00000040, 0x10000040, 0x10040000,
-    0x10040040, 0x10000000, 0x00040000, 0x10001040,
-    0x00000000, 0x10041040, 0x00040040, 0x10000040,
-    0x10040000, 0x10001000, 0x10001040, 0x00000000,
-    0x10041040, 0x00041000, 0x00041000, 0x00001040,
-    0x00001040, 0x00040040, 0x10000000, 0x10041000
-};
-
-/*
- * PC1: left and right halves bit-swap
- */
-static const uint32_t LHs[16] =
-{
-    0x00000000, 0x00000001, 0x00000100, 0x00000101,
-    0x00010000, 0x00010001, 0x00010100, 0x00010101,
-    0x01000000, 0x01000001, 0x01000100, 0x01000101,
-    0x01010000, 0x01010001, 0x01010100, 0x01010101
-};
-
-static const uint32_t RHs[16] =
-{
-    0x00000000, 0x01000000, 0x00010000, 0x01010000,
-    0x00000100, 0x01000100, 0x00010100, 0x01010100,
-    0x00000001, 0x01000001, 0x00010001, 0x01010001,
-    0x00000101, 0x01000101, 0x00010101, 0x01010101,
-};
-
-/*
- * Initial Permutation macro
- */
-#define DES_IP(X,Y)                                             \
-{                                                               \
-    T = ((X >>  4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T <<  4);   \
-    T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16);   \
-    T = ((Y >>  2) ^ X) & 0x33333333; X ^= T; Y ^= (T <<  2);   \
-    T = ((Y >>  8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T <<  8);   \
-    Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF;                    \
-    T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T;                   \
-    X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF;                    \
-}
-
-/*
- * Final Permutation macro
- */
-#define DES_FP(X,Y)                                             \
-{                                                               \
-    X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF;                    \
-    T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T;                   \
-    Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF;                    \
-    T = ((Y >>  8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T <<  8);   \
-    T = ((Y >>  2) ^ X) & 0x33333333; X ^= T; Y ^= (T <<  2);   \
-    T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16);   \
-    T = ((X >>  4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T <<  4);   \
-}
-
-/*
- * DES round macro
- */
-#define DES_ROUND(X,Y)                          \
-{                                               \
-    T = *SK++ ^ X;                              \
-    Y ^= SB8[ (T      ) & 0x3F ] ^              \
-         SB6[ (T >>  8) & 0x3F ] ^              \
-         SB4[ (T >> 16) & 0x3F ] ^              \
-         SB2[ (T >> 24) & 0x3F ];               \
-                                                \
-    T = *SK++ ^ ((X << 28) | (X >> 4));         \
-    Y ^= SB7[ (T      ) & 0x3F ] ^              \
-         SB5[ (T >>  8) & 0x3F ] ^              \
-         SB3[ (T >> 16) & 0x3F ] ^              \
-         SB1[ (T >> 24) & 0x3F ];               \
-}
-
-#define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
-
-void mbedtls_des_init( mbedtls_des_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_des_context ) );
-}
-
-void mbedtls_des_free( mbedtls_des_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_des_context ) );
-}
-
-void mbedtls_des3_init( mbedtls_des3_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_des3_context ) );
-}
-
-void mbedtls_des3_free( mbedtls_des3_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_des3_context ) );
-}
-
-static const unsigned char odd_parity_table[128] = { 1,  2,  4,  7,  8,
-        11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
-        47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
-        82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
-        115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
-        143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
-        171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
-        199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
-        227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
-        254 };
-
-void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] )
-{
-    int i;
-
-    for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
-        key[i] = odd_parity_table[key[i] / 2];
-}
-
-/*
- * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
- */
-int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
-{
-    int i;
-
-    for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
-        if( key[i] != odd_parity_table[key[i] / 2] )
-            return( 1 );
-
-    return( 0 );
-}
-
-/*
- * Table of weak and semi-weak keys
- *
- * Source: http://en.wikipedia.org/wiki/Weak_key
- *
- * Weak:
- * Alternating ones + zeros (0x0101010101010101)
- * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
- * '0xE0E0E0E0F1F1F1F1'
- * '0x1F1F1F1F0E0E0E0E'
- *
- * Semi-weak:
- * 0x011F011F010E010E and 0x1F011F010E010E01
- * 0x01E001E001F101F1 and 0xE001E001F101F101
- * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
- * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
- * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
- * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
- *
- */
-
-#define WEAK_KEY_COUNT 16
-
-static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] =
-{
-    { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
-    { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
-    { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
-    { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
-
-    { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
-    { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
-    { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
-    { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
-    { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
-    { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
-    { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
-    { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
-    { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
-    { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
-    { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
-    { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
-};
-
-int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
-{
-    int i;
-
-    for( i = 0; i < WEAK_KEY_COUNT; i++ )
-        if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 )
-            return( 1 );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DES_SETKEY_ALT)
-void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
-{
-    int i;
-    uint32_t X, Y, T;
-
-    GET_UINT32_BE( X, key, 0 );
-    GET_UINT32_BE( Y, key, 4 );
-
-    /*
-     * Permuted Choice 1
-     */
-    T =  ((Y >>  4) ^ X) & 0x0F0F0F0F;  X ^= T; Y ^= (T <<  4);
-    T =  ((Y      ) ^ X) & 0x10101010;  X ^= T; Y ^= (T      );
-
-    X =   (LHs[ (X      ) & 0xF] << 3) | (LHs[ (X >>  8) & 0xF ] << 2)
-        | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ]     )
-        | (LHs[ (X >>  5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
-        | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
-
-    Y =   (RHs[ (Y >>  1) & 0xF] << 3) | (RHs[ (Y >>  9) & 0xF ] << 2)
-        | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ]     )
-        | (RHs[ (Y >>  4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
-        | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
-
-    X &= 0x0FFFFFFF;
-    Y &= 0x0FFFFFFF;
-
-    /*
-     * calculate subkeys
-     */
-    for( i = 0; i < 16; i++ )
-    {
-        if( i < 2 || i == 8 || i == 15 )
-        {
-            X = ((X <<  1) | (X >> 27)) & 0x0FFFFFFF;
-            Y = ((Y <<  1) | (Y >> 27)) & 0x0FFFFFFF;
-        }
-        else
-        {
-            X = ((X <<  2) | (X >> 26)) & 0x0FFFFFFF;
-            Y = ((Y <<  2) | (Y >> 26)) & 0x0FFFFFFF;
-        }
-
-        *SK++ =   ((X <<  4) & 0x24000000) | ((X << 28) & 0x10000000)
-                | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
-                | ((X <<  6) & 0x01000000) | ((X <<  9) & 0x00200000)
-                | ((X >>  1) & 0x00100000) | ((X << 10) & 0x00040000)
-                | ((X <<  2) & 0x00020000) | ((X >> 10) & 0x00010000)
-                | ((Y >> 13) & 0x00002000) | ((Y >>  4) & 0x00001000)
-                | ((Y <<  6) & 0x00000800) | ((Y >>  1) & 0x00000400)
-                | ((Y >> 14) & 0x00000200) | ((Y      ) & 0x00000100)
-                | ((Y >>  5) & 0x00000020) | ((Y >> 10) & 0x00000010)
-                | ((Y >>  3) & 0x00000008) | ((Y >> 18) & 0x00000004)
-                | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
-
-        *SK++ =   ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
-                | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
-                | ((X >>  2) & 0x02000000) | ((X <<  1) & 0x01000000)
-                | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
-                | ((X <<  3) & 0x00080000) | ((X >>  6) & 0x00040000)
-                | ((X << 15) & 0x00020000) | ((X >>  4) & 0x00010000)
-                | ((Y >>  2) & 0x00002000) | ((Y <<  8) & 0x00001000)
-                | ((Y >> 14) & 0x00000808) | ((Y >>  9) & 0x00000400)
-                | ((Y      ) & 0x00000200) | ((Y <<  7) & 0x00000100)
-                | ((Y >>  7) & 0x00000020) | ((Y >>  3) & 0x00000011)
-                | ((Y <<  2) & 0x00000004) | ((Y >> 21) & 0x00000002);
-    }
-}
-#endif /* !MBEDTLS_DES_SETKEY_ALT */
-
-/*
- * DES key schedule (56-bit, encryption)
- */
-int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
-{
-    mbedtls_des_setkey( ctx->sk, key );
-
-    return( 0 );
-}
-
-/*
- * DES key schedule (56-bit, decryption)
- */
-int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
-{
-    int i;
-
-    mbedtls_des_setkey( ctx->sk, key );
-
-    for( i = 0; i < 16; i += 2 )
-    {
-        SWAP( ctx->sk[i    ], ctx->sk[30 - i] );
-        SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
-    }
-
-    return( 0 );
-}
-
-static void des3_set2key( uint32_t esk[96],
-                          uint32_t dsk[96],
-                          const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] )
-{
-    int i;
-
-    mbedtls_des_setkey( esk, key );
-    mbedtls_des_setkey( dsk + 32, key + 8 );
-
-    for( i = 0; i < 32; i += 2 )
-    {
-        dsk[i     ] = esk[30 - i];
-        dsk[i +  1] = esk[31 - i];
-
-        esk[i + 32] = dsk[62 - i];
-        esk[i + 33] = dsk[63 - i];
-
-        esk[i + 64] = esk[i    ];
-        esk[i + 65] = esk[i + 1];
-
-        dsk[i + 64] = dsk[i    ];
-        dsk[i + 65] = dsk[i + 1];
-    }
-}
-
-/*
- * Triple-DES key schedule (112-bit, encryption)
- */
-int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
-{
-    uint32_t sk[96];
-
-    des3_set2key( ctx->sk, sk, key );
-    mbedtls_zeroize( sk,  sizeof( sk ) );
-
-    return( 0 );
-}
-
-/*
- * Triple-DES key schedule (112-bit, decryption)
- */
-int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
-{
-    uint32_t sk[96];
-
-    des3_set2key( sk, ctx->sk, key );
-    mbedtls_zeroize( sk,  sizeof( sk ) );
-
-    return( 0 );
-}
-
-static void des3_set3key( uint32_t esk[96],
-                          uint32_t dsk[96],
-                          const unsigned char key[24] )
-{
-    int i;
-
-    mbedtls_des_setkey( esk, key );
-    mbedtls_des_setkey( dsk + 32, key +  8 );
-    mbedtls_des_setkey( esk + 64, key + 16 );
-
-    for( i = 0; i < 32; i += 2 )
-    {
-        dsk[i     ] = esk[94 - i];
-        dsk[i +  1] = esk[95 - i];
-
-        esk[i + 32] = dsk[62 - i];
-        esk[i + 33] = dsk[63 - i];
-
-        dsk[i + 64] = esk[30 - i];
-        dsk[i + 65] = esk[31 - i];
-    }
-}
-
-/*
- * Triple-DES key schedule (168-bit, encryption)
- */
-int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
-{
-    uint32_t sk[96];
-
-    des3_set3key( ctx->sk, sk, key );
-    mbedtls_zeroize( sk,  sizeof( sk ) );
-
-    return( 0 );
-}
-
-/*
- * Triple-DES key schedule (168-bit, decryption)
- */
-int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
-{
-    uint32_t sk[96];
-
-    des3_set3key( sk, ctx->sk, key );
-    mbedtls_zeroize( sk,  sizeof( sk ) );
-
-    return( 0 );
-}
-
-/*
- * DES-ECB block encryption/decryption
- */
-#if !defined(MBEDTLS_DES_CRYPT_ECB_ALT)
-int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
-                    const unsigned char input[8],
-                    unsigned char output[8] )
-{
-    int i;
-    uint32_t X, Y, T, *SK;
-
-    SK = ctx->sk;
-
-    GET_UINT32_BE( X, input, 0 );
-    GET_UINT32_BE( Y, input, 4 );
-
-    DES_IP( X, Y );
-
-    for( i = 0; i < 8; i++ )
-    {
-        DES_ROUND( Y, X );
-        DES_ROUND( X, Y );
-    }
-
-    DES_FP( Y, X );
-
-    PUT_UINT32_BE( Y, output, 0 );
-    PUT_UINT32_BE( X, output, 4 );
-
-    return( 0 );
-}
-#endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/*
- * DES-CBC buffer encryption/decryption
- */
-int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[8],
-                    const unsigned char *input,
-                    unsigned char *output )
-{
-    int i;
-    unsigned char temp[8];
-
-    if( length % 8 )
-        return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
-
-    if( mode == MBEDTLS_DES_ENCRYPT )
-    {
-        while( length > 0 )
-        {
-            for( i = 0; i < 8; i++ )
-                output[i] = (unsigned char)( input[i] ^ iv[i] );
-
-            mbedtls_des_crypt_ecb( ctx, output, output );
-            memcpy( iv, output, 8 );
-
-            input  += 8;
-            output += 8;
-            length -= 8;
-        }
-    }
-    else /* MBEDTLS_DES_DECRYPT */
-    {
-        while( length > 0 )
-        {
-            memcpy( temp, input, 8 );
-            mbedtls_des_crypt_ecb( ctx, input, output );
-
-            for( i = 0; i < 8; i++ )
-                output[i] = (unsigned char)( output[i] ^ iv[i] );
-
-            memcpy( iv, temp, 8 );
-
-            input  += 8;
-            output += 8;
-            length -= 8;
-        }
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-/*
- * 3DES-ECB block encryption/decryption
- */
-#if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
-int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
-                     const unsigned char input[8],
-                     unsigned char output[8] )
-{
-    int i;
-    uint32_t X, Y, T, *SK;
-
-    SK = ctx->sk;
-
-    GET_UINT32_BE( X, input, 0 );
-    GET_UINT32_BE( Y, input, 4 );
-
-    DES_IP( X, Y );
-
-    for( i = 0; i < 8; i++ )
-    {
-        DES_ROUND( Y, X );
-        DES_ROUND( X, Y );
-    }
-
-    for( i = 0; i < 8; i++ )
-    {
-        DES_ROUND( X, Y );
-        DES_ROUND( Y, X );
-    }
-
-    for( i = 0; i < 8; i++ )
-    {
-        DES_ROUND( Y, X );
-        DES_ROUND( X, Y );
-    }
-
-    DES_FP( Y, X );
-
-    PUT_UINT32_BE( Y, output, 0 );
-    PUT_UINT32_BE( X, output, 4 );
-
-    return( 0 );
-}
-#endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/*
- * 3DES-CBC buffer encryption/decryption
- */
-int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
-                     int mode,
-                     size_t length,
-                     unsigned char iv[8],
-                     const unsigned char *input,
-                     unsigned char *output )
-{
-    int i;
-    unsigned char temp[8];
-
-    if( length % 8 )
-        return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
-
-    if( mode == MBEDTLS_DES_ENCRYPT )
-    {
-        while( length > 0 )
-        {
-            for( i = 0; i < 8; i++ )
-                output[i] = (unsigned char)( input[i] ^ iv[i] );
-
-            mbedtls_des3_crypt_ecb( ctx, output, output );
-            memcpy( iv, output, 8 );
-
-            input  += 8;
-            output += 8;
-            length -= 8;
-        }
-    }
-    else /* MBEDTLS_DES_DECRYPT */
-    {
-        while( length > 0 )
-        {
-            memcpy( temp, input, 8 );
-            mbedtls_des3_crypt_ecb( ctx, input, output );
-
-            for( i = 0; i < 8; i++ )
-                output[i] = (unsigned char)( output[i] ^ iv[i] );
-
-            memcpy( iv, temp, 8 );
-
-            input  += 8;
-            output += 8;
-            length -= 8;
-        }
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#endif /* !MBEDTLS_DES_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * DES and 3DES test vectors from:
- *
- * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
- */
-static const unsigned char des3_test_keys[24] =
-{
-    0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
-    0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
-    0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
-};
-
-static const unsigned char des3_test_buf[8] =
-{
-    0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
-};
-
-static const unsigned char des3_test_ecb_dec[3][8] =
-{
-    { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D },
-    { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB },
-    { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A }
-};
-
-static const unsigned char des3_test_ecb_enc[3][8] =
-{
-    { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B },
-    { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 },
-    { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const unsigned char des3_test_iv[8] =
-{
-    0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
-};
-
-static const unsigned char des3_test_cbc_dec[3][8] =
-{
-    { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
-    { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 },
-    { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C }
-};
-
-static const unsigned char des3_test_cbc_enc[3][8] =
-{
-    { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 },
-    { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
-    { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-/*
- * Checkup routine
- */
-int mbedtls_des_self_test( int verbose )
-{
-    int i, j, u, v, ret = 0;
-    mbedtls_des_context ctx;
-    mbedtls_des3_context ctx3;
-    unsigned char buf[8];
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    unsigned char prv[8];
-    unsigned char iv[8];
-#endif
-
-    mbedtls_des_init( &ctx );
-    mbedtls_des3_init( &ctx3 );
-    /*
-     * ECB mode
-     */
-    for( i = 0; i < 6; i++ )
-    {
-        u = i >> 1;
-        v = i  & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  DES%c-ECB-%3d (%s): ",
-                             ( u == 0 ) ? ' ' : '3', 56 + u * 56,
-                             ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
-
-        memcpy( buf, des3_test_buf, 8 );
-
-        switch( i )
-        {
-        case 0:
-            mbedtls_des_setkey_dec( &ctx, des3_test_keys );
-            break;
-
-        case 1:
-            mbedtls_des_setkey_enc( &ctx, des3_test_keys );
-            break;
-
-        case 2:
-            mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
-            break;
-
-        case 3:
-            mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
-            break;
-
-        case 4:
-            mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
-            break;
-
-        case 5:
-            mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
-            break;
-
-        default:
-            return( 1 );
-        }
-
-        for( j = 0; j < 10000; j++ )
-        {
-            if( u == 0 )
-                mbedtls_des_crypt_ecb( &ctx, buf, buf );
-            else
-                mbedtls_des3_crypt_ecb( &ctx3, buf, buf );
-        }
-
-        if( ( v == MBEDTLS_DES_DECRYPT &&
-                memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
-            ( v != MBEDTLS_DES_DECRYPT &&
-                memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    /*
-     * CBC mode
-     */
-    for( i = 0; i < 6; i++ )
-    {
-        u = i >> 1;
-        v = i  & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  DES%c-CBC-%3d (%s): ",
-                             ( u == 0 ) ? ' ' : '3', 56 + u * 56,
-                             ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
-
-        memcpy( iv,  des3_test_iv,  8 );
-        memcpy( prv, des3_test_iv,  8 );
-        memcpy( buf, des3_test_buf, 8 );
-
-        switch( i )
-        {
-        case 0:
-            mbedtls_des_setkey_dec( &ctx, des3_test_keys );
-            break;
-
-        case 1:
-            mbedtls_des_setkey_enc( &ctx, des3_test_keys );
-            break;
-
-        case 2:
-            mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
-            break;
-
-        case 3:
-            mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
-            break;
-
-        case 4:
-            mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
-            break;
-
-        case 5:
-            mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
-            break;
-
-        default:
-            return( 1 );
-        }
-
-        if( v == MBEDTLS_DES_DECRYPT )
-        {
-            for( j = 0; j < 10000; j++ )
-            {
-                if( u == 0 )
-                    mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
-                else
-                    mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
-            }
-        }
-        else
-        {
-            for( j = 0; j < 10000; j++ )
-            {
-                unsigned char tmp[8];
-
-                if( u == 0 )
-                    mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
-                else
-                    mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
-
-                memcpy( tmp, prv, 8 );
-                memcpy( prv, buf, 8 );
-                memcpy( buf, tmp, 8 );
-            }
-
-            memcpy( buf, prv, 8 );
-        }
-
-        if( ( v == MBEDTLS_DES_DECRYPT &&
-                memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
-            ( v != MBEDTLS_DES_DECRYPT &&
-                memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-exit:
-    mbedtls_des_free( &ctx );
-    mbedtls_des3_free( &ctx3 );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_DES_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/dhm.c b/components/ssl/mbedtls/mbedtls/library/dhm.c
deleted file mode 100644
index 28ac3100..00000000
--- a/components/ssl/mbedtls/mbedtls/library/dhm.c
+++ /dev/null
@@ -1,663 +0,0 @@
-/*
- *  Diffie-Hellman-Merkle key exchange
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  The following sources were referenced in the design of this implementation
- *  of the Diffie-Hellman-Merkle algorithm:
- *
- *  [1] Handbook of Applied Cryptography - 1997, Chapter 12
- *      Menezes, van Oorschot and Vanstone
- *
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_DHM_C)
-
-#include "mbedtls/dhm.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-#include "mbedtls/pem.h"
-#endif
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-#include "mbedtls/asn1.h"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#include <stdio.h>
-#define mbedtls_printf     printf
-#define mbedtls_calloc    calloc
-#define mbedtls_free       free
-#endif
-
-#if !defined(MBEDTLS_DHM_ALT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- * helper to validate the mbedtls_mpi size and import it
- */
-static int dhm_read_bignum( mbedtls_mpi *X,
-                            unsigned char **p,
-                            const unsigned char *end )
-{
-    int ret, n;
-
-    if( end - *p < 2 )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
-    n = ( (*p)[0] << 8 ) | (*p)[1];
-    (*p) += 2;
-
-    if( (int)( end - *p ) < n )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
-    if( ( ret = mbedtls_mpi_read_binary( X, *p, n ) ) != 0 )
-        return( MBEDTLS_ERR_DHM_READ_PARAMS_FAILED + ret );
-
-    (*p) += n;
-
-    return( 0 );
-}
-
-/*
- * Verify sanity of parameter with regards to P
- *
- * Parameter should be: 2 <= public_param <= P - 2
- *
- * This means that we need to return an error if
- *              public_param < 2 or public_param > P-2
- *
- * For more information on the attack, see:
- *  http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
- *  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
- */
-static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
-{
-    mbedtls_mpi L, U;
-    int ret = 0;
-
-    mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &L, 2 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) );
-
-    if( mbedtls_mpi_cmp_mpi( param, &L ) < 0 ||
-        mbedtls_mpi_cmp_mpi( param, &U ) > 0 )
-    {
-        ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
-    }
-
-cleanup:
-    mbedtls_mpi_free( &L ); mbedtls_mpi_free( &U );
-    return( ret );
-}
-
-void mbedtls_dhm_init( mbedtls_dhm_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_dhm_context ) );
-}
-
-/*
- * Parse the ServerKeyExchange parameters
- */
-int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
-                     unsigned char **p,
-                     const unsigned char *end )
-{
-    int ret;
-
-    if( ( ret = dhm_read_bignum( &ctx->P,  p, end ) ) != 0 ||
-        ( ret = dhm_read_bignum( &ctx->G,  p, end ) ) != 0 ||
-        ( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 )
-        return( ret );
-
-    if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
-        return( ret );
-
-    ctx->len = mbedtls_mpi_size( &ctx->P );
-
-    return( 0 );
-}
-
-/*
- * Setup and write the ServerKeyExchange parameters
- */
-int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
-                     unsigned char *output, size_t *olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
-{
-    int ret, count = 0;
-    size_t n1, n2, n3;
-    unsigned char *p;
-
-    if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
-    /*
-     * Generate X as large as possible ( < P )
-     */
-    do
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) );
-
-        while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) );
-
-        if( count++ > 10 )
-            return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED );
-    }
-    while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
-
-    /*
-     * Calculate GX = G^X mod P
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
-                          &ctx->P , &ctx->RP ) );
-
-    if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
-        return( ret );
-
-    /*
-     * export P, G, GX
-     */
-#define DHM_MPI_EXPORT( X, n )                                          \
-    do {                                                                \
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ),               \
-                                                   p + 2,               \
-                                                   ( n ) ) );           \
-        *p++ = (unsigned char)( ( n ) >> 8 );                           \
-        *p++ = (unsigned char)( ( n )      );                           \
-        p += ( n );                                                     \
-    } while( 0 )
-
-    n1 = mbedtls_mpi_size( &ctx->P  );
-    n2 = mbedtls_mpi_size( &ctx->G  );
-    n3 = mbedtls_mpi_size( &ctx->GX );
-
-    p = output;
-    DHM_MPI_EXPORT( &ctx->P , n1 );
-    DHM_MPI_EXPORT( &ctx->G , n2 );
-    DHM_MPI_EXPORT( &ctx->GX, n3 );
-
-    *olen = p - output;
-
-    ctx->len = n1;
-
-cleanup:
-
-    if( ret != 0 )
-        return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED + ret );
-
-    return( 0 );
-}
-
-/*
- * Set prime modulus and generator
- */
-int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
-                           const mbedtls_mpi *P,
-                           const mbedtls_mpi *G )
-{
-    int ret;
-
-    if( ctx == NULL || P == NULL || G == NULL )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
-    if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ||
-        ( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
-    {
-        return( MBEDTLS_ERR_DHM_SET_GROUP_FAILED + ret );
-    }
-
-    ctx->len = mbedtls_mpi_size( &ctx->P );
-    return( 0 );
-}
-
-/*
- * Import the peer's public value G^Y
- */
-int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
-                     const unsigned char *input, size_t ilen )
-{
-    int ret;
-
-    if( ctx == NULL || ilen < 1 || ilen > ctx->len )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
-    if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
-        return( MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED + ret );
-
-    return( 0 );
-}
-
-/*
- * Create own private value X and export G^X
- */
-int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
-                     unsigned char *output, size_t olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
-{
-    int ret, count = 0;
-
-    if( ctx == NULL || olen < 1 || olen > ctx->len )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
-    if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
-    /*
-     * generate X and calculate GX = G^X mod P
-     */
-    do
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) );
-
-        while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) );
-
-        if( count++ > 10 )
-            return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED );
-    }
-    while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
-                          &ctx->P , &ctx->RP ) );
-
-    if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
-        return( ret );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->GX, output, olen ) );
-
-cleanup:
-
-    if( ret != 0 )
-        return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED + ret );
-
-    return( 0 );
-}
-
-/*
- * Use the blinding method and optimisation suggested in section 10 of:
- *  KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
- *  DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer
- *  Berlin Heidelberg, 1996. p. 104-113.
- */
-static int dhm_update_blinding( mbedtls_dhm_context *ctx,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    int ret, count;
-
-    /*
-     * Don't use any blinding the first time a particular X is used,
-     * but remember it to use blinding next time.
-     */
-    if( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->pX ) != 0 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &ctx->pX, &ctx->X ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vi, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vf, 1 ) );
-
-        return( 0 );
-    }
-
-    /*
-     * Ok, we need blinding. Can we re-use existing values?
-     * If yes, just update them by squaring them.
-     */
-    if( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->P ) );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
-
-        return( 0 );
-    }
-
-    /*
-     * We need to generate blinding values from scratch
-     */
-
-    /* Vi = random( 2, P-1 ) */
-    count = 0;
-    do
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ) );
-
-        while( mbedtls_mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 )
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->Vi, 1 ) );
-
-        if( count++ > 10 )
-            return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
-    }
-    while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) <= 0 );
-
-    /* Vf = Vi^-X mod P */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vi, &ctx->P ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Derive and export the shared secret (G^Y)^X mod P
- */
-int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
-                     unsigned char *output, size_t output_size, size_t *olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
-{
-    int ret;
-    mbedtls_mpi GYb;
-
-    if( ctx == NULL || output_size < ctx->len )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
-    if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
-        return( ret );
-
-    mbedtls_mpi_init( &GYb );
-
-    /* Blind peer's value */
-    if( f_rng != NULL )
-    {
-        MBEDTLS_MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &GYb, &GYb, &ctx->P ) );
-    }
-    else
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &GYb, &ctx->GY ) );
-
-    /* Do modular exponentiation */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->K, &GYb, &ctx->X,
-                          &ctx->P, &ctx->RP ) );
-
-    /* Unblind secret value */
-    if( f_rng != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
-    }
-
-    *olen = mbedtls_mpi_size( &ctx->K );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->K, output, *olen ) );
-
-cleanup:
-    mbedtls_mpi_free( &GYb );
-
-    if( ret != 0 )
-        return( MBEDTLS_ERR_DHM_CALC_SECRET_FAILED + ret );
-
-    return( 0 );
-}
-
-/*
- * Free the components of a DHM key
- */
-void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
-{
-    mbedtls_mpi_free( &ctx->pX ); mbedtls_mpi_free( &ctx->Vf );
-    mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->RP );
-    mbedtls_mpi_free( &ctx->K  ); mbedtls_mpi_free( &ctx->GY );
-    mbedtls_mpi_free( &ctx->GX ); mbedtls_mpi_free( &ctx->X  );
-    mbedtls_mpi_free( &ctx->G  ); mbedtls_mpi_free( &ctx->P  );
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
-}
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-/*
- * Parse DHM parameters
- */
-int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
-                   size_t dhminlen )
-{
-    int ret;
-    size_t len;
-    unsigned char *p, *end;
-#if defined(MBEDTLS_PEM_PARSE_C)
-    mbedtls_pem_context pem;
-
-    mbedtls_pem_init( &pem );
-
-    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( dhminlen == 0 || dhmin[dhminlen - 1] != '\0' )
-        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN DH PARAMETERS-----",
-                               "-----END DH PARAMETERS-----",
-                               dhmin, NULL, 0, &dhminlen );
-
-    if( ret == 0 )
-    {
-        /*
-         * Was PEM encoded
-         */
-        dhminlen = pem.buflen;
-    }
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-        goto exit;
-
-    p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
-#else
-    p = (unsigned char *) dhmin;
-#endif /* MBEDTLS_PEM_PARSE_C */
-    end = p + dhminlen;
-
-    /*
-     *  DHParams ::= SEQUENCE {
-     *      prime              INTEGER,  -- P
-     *      generator          INTEGER,  -- g
-     *      privateValueLength INTEGER OPTIONAL
-     *  }
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret;
-        goto exit;
-    }
-
-    end = p + len;
-
-    if( ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->P  ) ) != 0 ||
-        ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
-    {
-        ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret;
-        goto exit;
-    }
-
-    if( p != end )
-    {
-        /* This might be the optional privateValueLength.
-         * If so, we can cleanly discard it */
-        mbedtls_mpi rec;
-        mbedtls_mpi_init( &rec );
-        ret = mbedtls_asn1_get_mpi( &p, end, &rec );
-        mbedtls_mpi_free( &rec );
-        if ( ret != 0 )
-        {
-            ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret;
-            goto exit;
-        }
-        if ( p != end )
-        {
-            ret = MBEDTLS_ERR_DHM_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
-            goto exit;
-        }
-    }
-
-    ret = 0;
-
-    dhm->len = mbedtls_mpi_size( &dhm->P );
-
-exit:
-#if defined(MBEDTLS_PEM_PARSE_C)
-    mbedtls_pem_free( &pem );
-#endif
-    if( ret != 0 )
-        mbedtls_dhm_free( dhm );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_FS_IO)
-/*
- * Load all data from a file into a given buffer.
- *
- * The file is expected to contain either PEM or DER encoded data.
- * A terminating null byte is always appended. It is included in the announced
- * length only if the data looks like it is PEM encoded.
- */
-static int load_file( const char *path, unsigned char **buf, size_t *n )
-{
-    FILE *f;
-    long size;
-
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
-
-    fseek( f, 0, SEEK_END );
-    if( ( size = ftell( f ) ) == -1 )
-    {
-        fclose( f );
-        return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
-    }
-    fseek( f, 0, SEEK_SET );
-
-    *n = (size_t) size;
-
-    if( *n + 1 == 0 ||
-        ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
-    {
-        fclose( f );
-        return( MBEDTLS_ERR_DHM_ALLOC_FAILED );
-    }
-
-    if( fread( *buf, 1, *n, f ) != *n )
-    {
-        fclose( f );
-
-        mbedtls_zeroize( *buf, *n + 1 );
-        mbedtls_free( *buf );
-
-        return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
-    }
-
-    fclose( f );
-
-    (*buf)[*n] = '\0';
-
-    if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
-        ++*n;
-
-    return( 0 );
-}
-
-/*
- * Load and parse DHM parameters
- */
-int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
-{
-    int ret;
-    size_t n;
-    unsigned char *buf;
-
-    if( ( ret = load_file( path, &buf, &n ) ) != 0 )
-        return( ret );
-
-    ret = mbedtls_dhm_parse_dhm( dhm, buf, n );
-
-    mbedtls_zeroize( buf, n );
-    mbedtls_free( buf );
-
-    return( ret );
-}
-#endif /* MBEDTLS_FS_IO */
-#endif /* MBEDTLS_ASN1_PARSE_C */
-#endif /* MBEDTLS_DHM_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-static const char mbedtls_test_dhm_params[] =
-"-----BEGIN DH PARAMETERS-----\r\n"
-"MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n"
-"1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n"
-"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
-"-----END DH PARAMETERS-----\r\n";
-
-static const size_t mbedtls_test_dhm_params_len = sizeof( mbedtls_test_dhm_params );
-
-/*
- * Checkup routine
- */
-int mbedtls_dhm_self_test( int verbose )
-{
-    int ret;
-    mbedtls_dhm_context dhm;
-
-    mbedtls_dhm_init( &dhm );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  DHM parameter load: " );
-
-    if( ( ret = mbedtls_dhm_parse_dhm( &dhm,
-                    (const unsigned char *) mbedtls_test_dhm_params,
-                    mbedtls_test_dhm_params_len ) ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto exit;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n\n" );
-
-exit:
-    mbedtls_dhm_free( &dhm );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_DHM_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/ecdh.c b/components/ssl/mbedtls/mbedtls/library/ecdh.c
deleted file mode 100644
index 61380b69..00000000
--- a/components/ssl/mbedtls/mbedtls/library/ecdh.c
+++ /dev/null
@@ -1,268 +0,0 @@
-/*
- *  Elliptic curve Diffie-Hellman
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- * References:
- *
- * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
- * RFC 4492
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_ECDH_C)
-
-#include "mbedtls/ecdh.h"
-
-#include <string.h>
-
-#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
-/*
- * Generate public key: simple wrapper around mbedtls_ecp_gen_keypair
- */
-int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
-{
-    return mbedtls_ecp_gen_keypair( grp, d, Q, f_rng, p_rng );
-}
-#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */
-
-#if !defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT)
-/*
- * Compute shared secret (SEC1 3.3.1)
- */
-int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
-                         const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng )
-{
-    int ret;
-    mbedtls_ecp_point P;
-
-    mbedtls_ecp_point_init( &P );
-
-    /*
-     * Make sure Q is a valid pubkey before using it
-     */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, Q ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, &P, d, Q, f_rng, p_rng ) );
-
-    if( mbedtls_ecp_is_zero( &P ) )
-    {
-        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( z, &P.X ) );
-
-cleanup:
-    mbedtls_ecp_point_free( &P );
-
-    return( ret );
-}
-#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
-
-/*
- * Initialize context
- */
-void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_ecdh_context ) );
-}
-
-/*
- * Free context
- */
-void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_ecp_group_free( &ctx->grp );
-    mbedtls_ecp_point_free( &ctx->Q   );
-    mbedtls_ecp_point_free( &ctx->Qp  );
-    mbedtls_ecp_point_free( &ctx->Vi  );
-    mbedtls_ecp_point_free( &ctx->Vf  );
-    mbedtls_mpi_free( &ctx->d  );
-    mbedtls_mpi_free( &ctx->z  );
-    mbedtls_mpi_free( &ctx->_d );
-}
-
-/*
- * Setup and write the ServerKeyExhange parameters (RFC 4492)
- *      struct {
- *          ECParameters    curve_params;
- *          ECPoint         public;
- *      } ServerECDHParams;
- */
-int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
-                      unsigned char *buf, size_t blen,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng )
-{
-    int ret;
-    size_t grp_len, pt_len;
-
-    if( ctx == NULL || ctx->grp.pbits == 0 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
-                != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf, blen ) )
-                != 0 )
-        return( ret );
-
-    buf += grp_len;
-    blen -= grp_len;
-
-    if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
-                                     &pt_len, buf, blen ) ) != 0 )
-        return( ret );
-
-    *olen = grp_len + pt_len;
-    return( 0 );
-}
-
-/*
- * Read the ServerKeyExhange parameters (RFC 4492)
- *      struct {
- *          ECParameters    curve_params;
- *          ECPoint         public;
- *      } ServerECDHParams;
- */
-int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
-                      const unsigned char **buf, const unsigned char *end )
-{
-    int ret;
-
-    if( ( ret = mbedtls_ecp_tls_read_group( &ctx->grp, buf, end - *buf ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, end - *buf ) )
-                != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-/*
- * Get parameters from a keypair
- */
-int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
-                     mbedtls_ecdh_side side )
-{
-    int ret;
-
-    if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 )
-        return( ret );
-
-    /* If it's not our key, just import the public part as Qp */
-    if( side == MBEDTLS_ECDH_THEIRS )
-        return( mbedtls_ecp_copy( &ctx->Qp, &key->Q ) );
-
-    /* Our key: import public (as Q) and private parts */
-    if( side != MBEDTLS_ECDH_OURS )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    if( ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 ||
-        ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-/*
- * Setup and export the client public value
- */
-int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
-                      unsigned char *buf, size_t blen,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng )
-{
-    int ret;
-
-    if( ctx == NULL || ctx->grp.pbits == 0 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) )
-                != 0 )
-        return( ret );
-
-    return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format,
-                                olen, buf, blen );
-}
-
-/*
- * Parse and import the client's public value
- */
-int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
-                      const unsigned char *buf, size_t blen )
-{
-    int ret;
-    const unsigned char *p = buf;
-
-    if( ctx == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p, blen ) ) != 0 )
-        return( ret );
-
-    if( (size_t)( p - buf ) != blen )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    return( 0 );
-}
-
-/*
- * Derive and export the shared secret
- */
-int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
-                      unsigned char *buf, size_t blen,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng )
-{
-    int ret;
-
-    if( ctx == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    if( ( ret = mbedtls_ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp, &ctx->d,
-                                     f_rng, p_rng ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( mbedtls_mpi_size( &ctx->z ) > blen )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    *olen = ctx->grp.pbits / 8 + ( ( ctx->grp.pbits % 8 ) != 0 );
-    return mbedtls_mpi_write_binary( &ctx->z, buf, *olen );
-}
-
-#endif /* MBEDTLS_ECDH_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/ecdsa.c b/components/ssl/mbedtls/mbedtls/library/ecdsa.c
deleted file mode 100644
index 826fefe5..00000000
--- a/components/ssl/mbedtls/mbedtls/library/ecdsa.c
+++ /dev/null
@@ -1,458 +0,0 @@
-/*
- *  Elliptic curve DSA
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- * References:
- *
- * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_ECDSA_C)
-
-#include "mbedtls/ecdsa.h"
-#include "mbedtls/asn1write.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#include "mbedtls/hmac_drbg.h"
-#endif
-
-/*
- * Derive a suitable integer for group grp from a buffer of length len
- * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3
- */
-static int derive_mpi( const mbedtls_ecp_group *grp, mbedtls_mpi *x,
-                       const unsigned char *buf, size_t blen )
-{
-    int ret;
-    size_t n_size = ( grp->nbits + 7 ) / 8;
-    size_t use_size = blen > n_size ? n_size : blen;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( x, buf, use_size ) );
-    if( use_size * 8 > grp->nbits )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( x, use_size * 8 - grp->nbits ) );
-
-    /* While at it, reduce modulo N */
-    if( mbedtls_mpi_cmp_mpi( x, &grp->N ) >= 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( x, x, &grp->N ) );
-
-cleanup:
-    return( ret );
-}
-
-#if !defined(MBEDTLS_ECDSA_SIGN_ALT)
-/*
- * Compute ECDSA signature of a hashed message (SEC1 4.1.3)
- * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message)
- */
-int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
-                const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    int ret, key_tries, sign_tries, blind_tries;
-    mbedtls_ecp_point R;
-    mbedtls_mpi k, e, t;
-
-    /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
-    if( grp->N.p == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /* Make sure d is in range 1..n-1 */
-    if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 )
-        return( MBEDTLS_ERR_ECP_INVALID_KEY );
-
-    mbedtls_ecp_point_init( &R );
-    mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t );
-
-    sign_tries = 0;
-    do
-    {
-        /*
-         * Steps 1-3: generate a suitable ephemeral keypair
-         * and set r = xR mod n
-         */
-        key_tries = 0;
-        do
-        {
-            MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair( grp, &k, &R, f_rng, p_rng ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( r, &R.X, &grp->N ) );
-
-            if( key_tries++ > 10 )
-            {
-                ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
-                goto cleanup;
-            }
-        }
-        while( mbedtls_mpi_cmp_int( r, 0 ) == 0 );
-
-        /*
-         * Step 5: derive MPI from hashed message
-         */
-        MBEDTLS_MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
-
-        /*
-         * Generate a random value to blind inv_mod in next step,
-         * avoiding a potential timing leak.
-         */
-        blind_tries = 0;
-        do
-        {
-            size_t n_size = ( grp->nbits + 7 ) / 8;
-            MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &t, n_size, f_rng, p_rng ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &t, 8 * n_size - grp->nbits ) );
-
-            /* See mbedtls_ecp_gen_keypair() */
-            if( ++blind_tries > 30 )
-                return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
-        }
-        while( mbedtls_mpi_cmp_int( &t, 1 ) < 0 ||
-               mbedtls_mpi_cmp_mpi( &t, &grp->N ) >= 0 );
-
-        /*
-         * Step 6: compute s = (e + r * d) / k = t (e + rd) / (kt) mod n
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, r, d ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &e, &e, s ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &e, &e, &t ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &k, &k, &t ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, &k, &grp->N ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
-
-        if( sign_tries++ > 10 )
-        {
-            ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
-            goto cleanup;
-        }
-    }
-    while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );
-
-cleanup:
-    mbedtls_ecp_point_free( &R );
-    mbedtls_mpi_free( &k ); mbedtls_mpi_free( &e ); mbedtls_mpi_free( &t );
-
-    return( ret );
-}
-#endif /* MBEDTLS_ECDSA_SIGN_ALT */
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-/*
- * Deterministic signature wrapper
- */
-int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
-                    const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
-                    mbedtls_md_type_t md_alg )
-{
-    int ret;
-    mbedtls_hmac_drbg_context rng_ctx;
-    unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
-    size_t grp_len = ( grp->nbits + 7 ) / 8;
-    const mbedtls_md_info_t *md_info;
-    mbedtls_mpi h;
-
-    if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    mbedtls_mpi_init( &h );
-    mbedtls_hmac_drbg_init( &rng_ctx );
-
-    /* Use private key and message hash (reduced) to initialize HMAC_DRBG */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) );
-    MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) );
-    mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len );
-
-    ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
-                      mbedtls_hmac_drbg_random, &rng_ctx );
-
-cleanup:
-    mbedtls_hmac_drbg_free( &rng_ctx );
-    mbedtls_mpi_free( &h );
-
-    return( ret );
-}
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
-#if !defined(MBEDTLS_ECDSA_VERIFY_ALT)
-/*
- * Verify ECDSA signature of hashed message (SEC1 4.1.4)
- * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message)
- */
-int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
-                  const unsigned char *buf, size_t blen,
-                  const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s)
-{
-    int ret;
-    mbedtls_mpi e, s_inv, u1, u2;
-    mbedtls_ecp_point R;
-
-    mbedtls_ecp_point_init( &R );
-    mbedtls_mpi_init( &e ); mbedtls_mpi_init( &s_inv ); mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 );
-
-    /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
-    if( grp->N.p == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /*
-     * Step 1: make sure r and s are in range 1..n-1
-     */
-    if( mbedtls_mpi_cmp_int( r, 1 ) < 0 || mbedtls_mpi_cmp_mpi( r, &grp->N ) >= 0 ||
-        mbedtls_mpi_cmp_int( s, 1 ) < 0 || mbedtls_mpi_cmp_mpi( s, &grp->N ) >= 0 )
-    {
-        ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
-        goto cleanup;
-    }
-
-    /*
-     * Additional precaution: make sure Q is valid
-     */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, Q ) );
-
-    /*
-     * Step 3: derive MPI from hashed message
-     */
-    MBEDTLS_MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
-
-    /*
-     * Step 4: u1 = e / s mod n, u2 = r / s mod n
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &s_inv, s, &grp->N ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &u1, &e, &s_inv ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &u1, &u1, &grp->N ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &u2, r, &s_inv ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &u2, &u2, &grp->N ) );
-
-    /*
-     * Step 5: R = u1 G + u2 Q
-     *
-     * Since we're not using any secret data, no need to pass a RNG to
-     * mbedtls_ecp_mul() for countermesures.
-     */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, &R, &u1, &grp->G, &u2, Q ) );
-
-    if( mbedtls_ecp_is_zero( &R ) )
-    {
-        ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
-        goto cleanup;
-    }
-
-    /*
-     * Step 6: convert xR to an integer (no-op)
-     * Step 7: reduce xR mod n (gives v)
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &R.X, &R.X, &grp->N ) );
-
-    /*
-     * Step 8: check if v (that is, R.X) is equal to r
-     */
-    if( mbedtls_mpi_cmp_mpi( &R.X, r ) != 0 )
-    {
-        ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
-        goto cleanup;
-    }
-
-cleanup:
-    mbedtls_ecp_point_free( &R );
-    mbedtls_mpi_free( &e ); mbedtls_mpi_free( &s_inv ); mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 );
-
-    return( ret );
-}
-#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
-
-/*
- * Convert a signature (given by context) to ASN.1
- */
-static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
-                                    unsigned char *sig, size_t *slen )
-{
-    int ret;
-    unsigned char buf[MBEDTLS_ECDSA_MAX_LEN];
-    unsigned char *p = buf + sizeof( buf );
-    size_t len = 0;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, s ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, r ) );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, buf,
-                                       MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
-
-    memcpy( sig, p, len );
-    *slen = len;
-
-    return( 0 );
-}
-
-/*
- * Compute and write signature
- */
-int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
-                           const unsigned char *hash, size_t hlen,
-                           unsigned char *sig, size_t *slen,
-                           int (*f_rng)(void *, unsigned char *, size_t),
-                           void *p_rng )
-{
-    int ret;
-    mbedtls_mpi r, s;
-
-    mbedtls_mpi_init( &r );
-    mbedtls_mpi_init( &s );
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-    (void) f_rng;
-    (void) p_rng;
-
-    MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ctx->grp, &r, &s, &ctx->d,
-                             hash, hlen, md_alg ) );
-#else
-    (void) md_alg;
-
-    MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ctx->grp, &r, &s, &ctx->d,
-                         hash, hlen, f_rng, p_rng ) );
-#endif
-
-    MBEDTLS_MPI_CHK( ecdsa_signature_to_asn1( &r, &s, sig, slen ) );
-
-cleanup:
-    mbedtls_mpi_free( &r );
-    mbedtls_mpi_free( &s );
-
-    return( ret );
-}
-
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED) && \
-    defined(MBEDTLS_ECDSA_DETERMINISTIC)
-int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
-                               const unsigned char *hash, size_t hlen,
-                               unsigned char *sig, size_t *slen,
-                               mbedtls_md_type_t md_alg )
-{
-    return( mbedtls_ecdsa_write_signature( ctx, md_alg, hash, hlen, sig, slen,
-                                   NULL, NULL ) );
-}
-#endif
-
-/*
- * Read and check signature
- */
-int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
-                          const unsigned char *hash, size_t hlen,
-                          const unsigned char *sig, size_t slen )
-{
-    int ret;
-    unsigned char *p = (unsigned char *) sig;
-    const unsigned char *end = sig + slen;
-    size_t len;
-    mbedtls_mpi r, s;
-
-    mbedtls_mpi_init( &r );
-    mbedtls_mpi_init( &s );
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    if( p + len != end )
-    {
-        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA +
-              MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
-        goto cleanup;
-    }
-
-    if( ( ret = mbedtls_asn1_get_mpi( &p, end, &r ) ) != 0 ||
-        ( ret = mbedtls_asn1_get_mpi( &p, end, &s ) ) != 0 )
-    {
-        ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    if( ( ret = mbedtls_ecdsa_verify( &ctx->grp, hash, hlen,
-                              &ctx->Q, &r, &s ) ) != 0 )
-        goto cleanup;
-
-    if( p != end )
-        ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH;
-
-cleanup:
-    mbedtls_mpi_free( &r );
-    mbedtls_mpi_free( &s );
-
-    return( ret );
-}
-
-#if !defined(MBEDTLS_ECDSA_GENKEY_ALT)
-/*
- * Generate key pair
- */
-int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
-                  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
-            mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
-}
-#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
-
-/*
- * Set context from an mbedtls_ecp_keypair
- */
-int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key )
-{
-    int ret;
-
-    if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 ||
-        ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 ||
-        ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 )
-    {
-        mbedtls_ecdsa_free( ctx );
-    }
-
-    return( ret );
-}
-
-/*
- * Initialize context
- */
-void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx )
-{
-    mbedtls_ecp_keypair_init( ctx );
-}
-
-/*
- * Free context
- */
-void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx )
-{
-    mbedtls_ecp_keypair_free( ctx );
-}
-
-#endif /* MBEDTLS_ECDSA_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/ecjpake.c b/components/ssl/mbedtls/mbedtls/library/ecjpake.c
deleted file mode 100644
index e8f40862..00000000
--- a/components/ssl/mbedtls/mbedtls/library/ecjpake.c
+++ /dev/null
@@ -1,1106 +0,0 @@
-/*
- *  Elliptic curve J-PAKE
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- * References in the code are to the Thread v1.0 Specification,
- * available to members of the Thread Group http://threadgroup.org/
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_ECJPAKE_C)
-
-#include "mbedtls/ecjpake.h"
-
-#include <string.h>
-
-#if !defined(MBEDTLS_ECJPAKE_ALT)
-
-/*
- * Convert a mbedtls_ecjpake_role to identifier string
- */
-static const char * const ecjpake_id[] = {
-    "client",
-    "server"
-};
-
-#define ID_MINE     ( ecjpake_id[ ctx->role ] )
-#define ID_PEER     ( ecjpake_id[ 1 - ctx->role ] )
-
-/*
- * Initialize context
- */
-void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    ctx->md_info = NULL;
-    mbedtls_ecp_group_init( &ctx->grp );
-    ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
-
-    mbedtls_ecp_point_init( &ctx->Xm1 );
-    mbedtls_ecp_point_init( &ctx->Xm2 );
-    mbedtls_ecp_point_init( &ctx->Xp1 );
-    mbedtls_ecp_point_init( &ctx->Xp2 );
-    mbedtls_ecp_point_init( &ctx->Xp  );
-
-    mbedtls_mpi_init( &ctx->xm1 );
-    mbedtls_mpi_init( &ctx->xm2 );
-    mbedtls_mpi_init( &ctx->s   );
-}
-
-/*
- * Free context
- */
-void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    ctx->md_info = NULL;
-    mbedtls_ecp_group_free( &ctx->grp );
-
-    mbedtls_ecp_point_free( &ctx->Xm1 );
-    mbedtls_ecp_point_free( &ctx->Xm2 );
-    mbedtls_ecp_point_free( &ctx->Xp1 );
-    mbedtls_ecp_point_free( &ctx->Xp2 );
-    mbedtls_ecp_point_free( &ctx->Xp  );
-
-    mbedtls_mpi_free( &ctx->xm1 );
-    mbedtls_mpi_free( &ctx->xm2 );
-    mbedtls_mpi_free( &ctx->s   );
-}
-
-/*
- * Setup context
- */
-int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
-                           mbedtls_ecjpake_role role,
-                           mbedtls_md_type_t hash,
-                           mbedtls_ecp_group_id curve,
-                           const unsigned char *secret,
-                           size_t len )
-{
-    int ret;
-
-    ctx->role = role;
-
-    if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL )
-        return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
-
-    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, curve ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->s, secret, len ) );
-
-cleanup:
-    if( ret != 0 )
-        mbedtls_ecjpake_free( ctx );
-
-    return( ret );
-}
-
-/*
- * Check if context is ready for use
- */
-int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )
-{
-    if( ctx->md_info == NULL ||
-        ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
-        ctx->s.p == NULL )
-    {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-    }
-
-    return( 0 );
-}
-
-/*
- * Write a point plus its length to a buffer
- */
-static int ecjpake_write_len_point( unsigned char **p,
-                                    const unsigned char *end,
-                                    const mbedtls_ecp_group *grp,
-                                    const int pf,
-                                    const mbedtls_ecp_point *P )
-{
-    int ret;
-    size_t len;
-
-    /* Need at least 4 for length plus 1 for point */
-    if( end < *p || end - *p < 5 )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-    ret = mbedtls_ecp_point_write_binary( grp, P, pf,
-                                          &len, *p + 4, end - ( *p + 4 ) );
-    if( ret != 0 )
-        return( ret );
-
-    (*p)[0] = (unsigned char)( ( len >> 24 ) & 0xFF );
-    (*p)[1] = (unsigned char)( ( len >> 16 ) & 0xFF );
-    (*p)[2] = (unsigned char)( ( len >>  8 ) & 0xFF );
-    (*p)[3] = (unsigned char)( ( len       ) & 0xFF );
-
-    *p += 4 + len;
-
-    return( 0 );
-}
-
-/*
- * Size of the temporary buffer for ecjpake_hash:
- * 3 EC points plus their length, plus ID and its length (4 + 6 bytes)
- */
-#define ECJPAKE_HASH_BUF_LEN    ( 3 * ( 4 + MBEDTLS_ECP_MAX_PT_LEN ) + 4 + 6 )
-
-/*
- * Compute hash for ZKP (7.4.2.2.2.1)
- */
-static int ecjpake_hash( const mbedtls_md_info_t *md_info,
-                         const mbedtls_ecp_group *grp,
-                         const int pf,
-                         const mbedtls_ecp_point *G,
-                         const mbedtls_ecp_point *V,
-                         const mbedtls_ecp_point *X,
-                         const char *id,
-                         mbedtls_mpi *h )
-{
-    int ret;
-    unsigned char buf[ECJPAKE_HASH_BUF_LEN];
-    unsigned char *p = buf;
-    const unsigned char *end = buf + sizeof( buf );
-    const size_t id_len = strlen( id );
-    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-
-    /* Write things to temporary buffer */
-    MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, G ) );
-    MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, V ) );
-    MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, X ) );
-
-    if( end - p < 4 )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-    *p++ = (unsigned char)( ( id_len >> 24 ) & 0xFF );
-    *p++ = (unsigned char)( ( id_len >> 16 ) & 0xFF );
-    *p++ = (unsigned char)( ( id_len >>  8 ) & 0xFF );
-    *p++ = (unsigned char)( ( id_len       ) & 0xFF );
-
-    if( end < p || (size_t)( end - p ) < id_len )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-    memcpy( p, id, id_len );
-    p += id_len;
-
-    /* Compute hash */
-    mbedtls_md( md_info, buf, p - buf, hash );
-
-    /* Turn it into an integer mod n */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( h, hash,
-                                        mbedtls_md_get_size( md_info ) ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( h, h, &grp->N ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Parse a ECShnorrZKP (7.4.2.2.2) and verify it (7.4.2.3.3)
- */
-static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,
-                             const mbedtls_ecp_group *grp,
-                             const int pf,
-                             const mbedtls_ecp_point *G,
-                             const mbedtls_ecp_point *X,
-                             const char *id,
-                             const unsigned char **p,
-                             const unsigned char *end )
-{
-    int ret;
-    mbedtls_ecp_point V, VV;
-    mbedtls_mpi r, h;
-    size_t r_len;
-
-    mbedtls_ecp_point_init( &V );
-    mbedtls_ecp_point_init( &VV );
-    mbedtls_mpi_init( &r );
-    mbedtls_mpi_init( &h );
-
-    /*
-     * struct {
-     *     ECPoint V;
-     *     opaque r<1..2^8-1>;
-     * } ECSchnorrZKP;
-     */
-    if( end < *p )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_point( grp, &V, p, end - *p ) );
-
-    if( end < *p || (size_t)( end - *p ) < 1 )
-    {
-        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    r_len = *(*p)++;
-
-    if( end < *p || (size_t)( end - *p ) < r_len )
-    {
-        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, *p, r_len ) );
-    *p += r_len;
-
-    /*
-     * Verification
-     */
-    MBEDTLS_MPI_CHK( ecjpake_hash( md_info, grp, pf, G, &V, X, id, &h ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( (mbedtls_ecp_group *) grp,
-                     &VV, &h, X, &r, G ) );
-
-    if( mbedtls_ecp_point_cmp( &VV, &V ) != 0 )
-    {
-        ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
-        goto cleanup;
-    }
-
-cleanup:
-    mbedtls_ecp_point_free( &V );
-    mbedtls_ecp_point_free( &VV );
-    mbedtls_mpi_free( &r );
-    mbedtls_mpi_free( &h );
-
-    return( ret );
-}
-
-/*
- * Generate ZKP (7.4.2.3.2) and write it as ECSchnorrZKP (7.4.2.2.2)
- */
-static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
-                              const mbedtls_ecp_group *grp,
-                              const int pf, 
-                              const mbedtls_ecp_point *G,
-                              const mbedtls_mpi *x,
-                              const mbedtls_ecp_point *X,
-                              const char *id,
-                              unsigned char **p,
-                              const unsigned char *end,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng )
-{
-    int ret;
-    mbedtls_ecp_point V;
-    mbedtls_mpi v;
-    mbedtls_mpi h; /* later recycled to hold r */
-    size_t len;
-
-    if( end < *p )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-    mbedtls_ecp_point_init( &V );
-    mbedtls_mpi_init( &v );
-    mbedtls_mpi_init( &h );
-
-    /* Compute signature */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( (mbedtls_ecp_group *) grp,
-                                                   G, &v, &V, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( ecjpake_hash( md_info, grp, pf, G, &V, X, id, &h ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &h, &h, x ) ); /* x*h */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &h, &v, &h ) ); /* v - x*h */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &h, &h, &grp->N ) ); /* r */
-
-    /* Write it out */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( grp, &V,
-                pf, &len, *p, end - *p ) );
-    *p += len;
-
-    len = mbedtls_mpi_size( &h ); /* actually r */
-    if( end < *p || (size_t)( end - *p ) < 1 + len || len > 255 )
-    {
-        ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
-        goto cleanup;
-    }
-
-    *(*p)++ = (unsigned char)( len & 0xFF );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, *p, len ) ); /* r */
-    *p += len;
-
-cleanup:
-    mbedtls_ecp_point_free( &V );
-    mbedtls_mpi_free( &v );
-    mbedtls_mpi_free( &h );
-
-    return( ret );
-}
-
-/*
- * Parse a ECJPAKEKeyKP (7.4.2.2.1) and check proof
- * Output: verified public key X
- */
-static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info,
-                             const mbedtls_ecp_group *grp,
-                             const int pf,
-                             const mbedtls_ecp_point *G,
-                             mbedtls_ecp_point *X,
-                             const char *id,
-                             const unsigned char **p,
-                             const unsigned char *end )
-{
-    int ret;
-
-    if( end < *p )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /*
-     * struct {
-     *     ECPoint X;
-     *     ECSchnorrZKP zkp;
-     * } ECJPAKEKeyKP;
-     */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_point( grp, X, p, end - *p ) );
-    if( mbedtls_ecp_is_zero( X ) )
-    {
-        ret = MBEDTLS_ERR_ECP_INVALID_KEY;
-        goto cleanup;
-    }
-
-    MBEDTLS_MPI_CHK( ecjpake_zkp_read( md_info, grp, pf, G, X, id, p, end ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Generate an ECJPAKEKeyKP
- * Output: the serialized structure, plus private/public key pair
- */
-static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info,
-                              const mbedtls_ecp_group *grp,
-                              const int pf,
-                              const mbedtls_ecp_point *G,
-                              mbedtls_mpi *x,
-                              mbedtls_ecp_point *X,
-                              const char *id,
-                              unsigned char **p,
-                              const unsigned char *end,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng )
-{
-    int ret;
-    size_t len;
-
-    if( end < *p )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-    /* Generate key (7.4.2.3.1) and write it out */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( (mbedtls_ecp_group *) grp, G, x, X,
-                                                   f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( grp, X,
-                pf, &len, *p, end - *p ) );
-    *p += len;
-
-    /* Generate and write proof */
-    MBEDTLS_MPI_CHK( ecjpake_zkp_write( md_info, grp, pf, G, x, X, id,
-                                        p, end, f_rng, p_rng ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs
- * Ouputs: verified peer public keys Xa, Xb
- */
-static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info,
-                              const mbedtls_ecp_group *grp,
-                              const int pf,
-                              const mbedtls_ecp_point *G,
-                              mbedtls_ecp_point *Xa,
-                              mbedtls_ecp_point *Xb,
-                              const char *id,
-                              const unsigned char *buf,
-                              size_t len )
-{
-    int ret;
-    const unsigned char *p = buf;
-    const unsigned char *end = buf + len;
-
-    /*
-     * struct {
-     *     ECJPAKEKeyKP ecjpake_key_kp_pair_list[2];
-     * } ECJPAKEKeyKPPairList;
-     */
-    MBEDTLS_MPI_CHK( ecjpake_kkp_read( md_info, grp, pf, G, Xa, id, &p, end ) );
-    MBEDTLS_MPI_CHK( ecjpake_kkp_read( md_info, grp, pf, G, Xb, id, &p, end ) );
-
-    if( p != end )
-        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Generate a ECJPAKEKeyKPPairList
- * Outputs: the serialized structure, plus two private/public key pairs
- */
-static int ecjpake_kkpp_write( const mbedtls_md_info_t *md_info,
-                               const mbedtls_ecp_group *grp,
-                               const int pf,
-                               const mbedtls_ecp_point *G,
-                               mbedtls_mpi *xm1,
-                               mbedtls_ecp_point *Xa,
-                               mbedtls_mpi *xm2,
-                               mbedtls_ecp_point *Xb,
-                               const char *id,
-                               unsigned char *buf,
-                               size_t len,
-                               size_t *olen,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng )
-{
-    int ret;
-    unsigned char *p = buf;
-    const unsigned char *end = buf + len;
-
-    MBEDTLS_MPI_CHK( ecjpake_kkp_write( md_info, grp, pf, G, xm1, Xa, id,
-                &p, end, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( ecjpake_kkp_write( md_info, grp, pf, G, xm2, Xb, id,
-                &p, end, f_rng, p_rng ) );
-
-    *olen = p - buf;
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Read and process the first round message
- */
-int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
-                                    const unsigned char *buf,
-                                    size_t len )
-{
-    return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, ctx->point_format,
-                               &ctx->grp.G,
-                               &ctx->Xp1, &ctx->Xp2, ID_PEER,
-                               buf, len ) );
-}
-
-/*
- * Generate and write the first round message
- */
-int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng )
-{
-    return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, ctx->point_format,
-                                &ctx->grp.G,
-                                &ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
-                                ID_MINE, buf, len, olen, f_rng, p_rng ) );
-}
-
-/*
- * Compute the sum of three points R = A + B + C
- */
-static int ecjpake_ecp_add3( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                             const mbedtls_ecp_point *A,
-                             const mbedtls_ecp_point *B,
-                             const mbedtls_ecp_point *C )
-{
-    int ret;
-    mbedtls_mpi one;
-
-    mbedtls_mpi_init( &one );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &one, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, R, &one, A, &one, B ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, R, &one, R, &one, C ) );
-
-cleanup:
-    mbedtls_mpi_free( &one );
-
-    return( ret );
-}
-
-/*
- * Read and process second round message (C: 7.4.2.5, S: 7.4.2.6)
- */
-int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
-                                            const unsigned char *buf,
-                                            size_t len )
-{
-    int ret;
-    const unsigned char *p = buf;
-    const unsigned char *end = buf + len;
-    mbedtls_ecp_group grp;
-    mbedtls_ecp_point G;    /* C: GB, S: GA */
-
-    mbedtls_ecp_group_init( &grp );
-    mbedtls_ecp_point_init( &G );
-
-    /*
-     * Server: GA = X3  + X4  + X1      (7.4.2.6.1)
-     * Client: GB = X1  + X2  + X3      (7.4.2.5.1)
-     * Unified: G = Xm1 + Xm2 + Xp1
-     * We need that before parsing in order to check Xp as we read it
-     */
-    MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G,
-                                       &ctx->Xm1, &ctx->Xm2, &ctx->Xp1 ) );
-
-    /*
-     * struct {
-     *     ECParameters curve_params;   // only client reading server msg
-     *     ECJPAKEKeyKP ecjpake_key_kp;
-     * } Client/ServerECJPAKEParams;
-     */
-    if( ctx->role == MBEDTLS_ECJPAKE_CLIENT )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_group( &grp, &p, len ) );
-        if( grp.id != ctx->grp.id )
-        {
-            ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
-            goto cleanup;
-        }
-    }
-
-    MBEDTLS_MPI_CHK( ecjpake_kkp_read( ctx->md_info, &ctx->grp,
-                            ctx->point_format,
-                            &G, &ctx->Xp, ID_PEER, &p, end ) );
-
-    if( p != end )
-    {
-        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-cleanup:
-    mbedtls_ecp_group_free( &grp );
-    mbedtls_ecp_point_free( &G );
-
-    return( ret );
-}
-
-/*
- * Compute R = +/- X * S mod N, taking care not to leak S
- */
-static int ecjpake_mul_secret( mbedtls_mpi *R, int sign,
-                               const mbedtls_mpi *X,
-                               const mbedtls_mpi *S,
-                               const mbedtls_mpi *N,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng )
-{
-    int ret;
-    mbedtls_mpi b; /* Blinding value, then s + N * blinding */
-
-    mbedtls_mpi_init( &b );
-
-    /* b = s + rnd-128-bit * N */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &b, 16, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &b, &b, N ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &b, &b, S ) );
-
-    /* R = sign * X * b mod N */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( R, X, &b ) );
-    R->s *= sign;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( R, R, N ) );
-
-cleanup:
-    mbedtls_mpi_free( &b );
-
-    return( ret );
-}
-
-/*
- * Generate and write the second round message (S: 7.4.2.5, C: 7.4.2.6)
- */
-int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng )
-{
-    int ret;
-    mbedtls_ecp_point G;    /* C: GA, S: GB */
-    mbedtls_ecp_point Xm;   /* C: Xc, S: Xs */
-    mbedtls_mpi xm;         /* C: xc, S: xs */
-    unsigned char *p = buf;
-    const unsigned char *end = buf + len;
-    size_t ec_len;
-
-    mbedtls_ecp_point_init( &G );
-    mbedtls_ecp_point_init( &Xm );
-    mbedtls_mpi_init( &xm );
-
-    /*
-     * First generate private/public key pair (S: 7.4.2.5.1, C: 7.4.2.6.1)
-     *
-     * Client:  GA = X1  + X3  + X4  | xs = x2  * s | Xc = xc * GA
-     * Server:  GB = X3  + X1  + X2  | xs = x4  * s | Xs = xs * GB
-     * Unified: G  = Xm1 + Xp1 + Xp2 | xm = xm2 * s | Xm = xm * G
-     */
-    MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G,
-                                       &ctx->Xp1, &ctx->Xp2, &ctx->Xm1 ) );
-    MBEDTLS_MPI_CHK( ecjpake_mul_secret( &xm, 1, &ctx->xm2, &ctx->s,
-                                         &ctx->grp.N, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &Xm, &xm, &G, f_rng, p_rng ) );
-
-    /*
-     * Now write things out
-     *
-     * struct {
-     *     ECParameters curve_params;   // only server writing its message
-     *     ECJPAKEKeyKP ecjpake_key_kp;
-     * } Client/ServerECJPAKEParams;
-     */
-    if( ctx->role == MBEDTLS_ECJPAKE_SERVER )
-    {
-        if( end < p )
-        {
-            ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
-            goto cleanup;
-        }
-        MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_group( &ctx->grp, &ec_len,
-                                                      p, end - p ) );
-        p += ec_len;
-    }
-
-    if( end < p )
-    {
-        ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
-        goto cleanup;
-    }
-    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( &ctx->grp, &Xm,
-                     ctx->point_format, &ec_len, p, end - p ) );
-    p += ec_len;
-
-    MBEDTLS_MPI_CHK( ecjpake_zkp_write( ctx->md_info, &ctx->grp,
-                                        ctx->point_format,
-                                        &G, &xm, &Xm, ID_MINE,
-                                        &p, end, f_rng, p_rng ) );
-
-    *olen = p - buf;
-
-cleanup:
-    mbedtls_ecp_point_free( &G );
-    mbedtls_ecp_point_free( &Xm );
-    mbedtls_mpi_free( &xm );
-
-    return( ret );
-}
-
-/*
- * Derive PMS (7.4.2.7 / 7.4.2.8)
- */
-int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng )
-{
-    int ret;
-    mbedtls_ecp_point K;
-    mbedtls_mpi m_xm2_s, one;
-    unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
-    size_t x_bytes;
-
-    *olen = mbedtls_md_get_size( ctx->md_info );
-    if( len < *olen )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-    mbedtls_ecp_point_init( &K );
-    mbedtls_mpi_init( &m_xm2_s );
-    mbedtls_mpi_init( &one );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &one, 1 ) );
-
-    /*
-     * Client:  K = ( Xs - X4  * x2  * s ) * x2
-     * Server:  K = ( Xc - X2  * x4  * s ) * x4
-     * Unified: K = ( Xp - Xp2 * xm2 * s ) * xm2
-     */
-    MBEDTLS_MPI_CHK( ecjpake_mul_secret( &m_xm2_s, -1, &ctx->xm2, &ctx->s,
-                                         &ctx->grp.N, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( &ctx->grp, &K,
-                                         &one, &ctx->Xp,
-                                         &m_xm2_s, &ctx->Xp2 ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &K, &ctx->xm2, &K,
-                                      f_rng, p_rng ) );
-
-    /* PMS = SHA-256( K.X ) */
-    x_bytes = ( ctx->grp.pbits + 7 ) / 8;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &K.X, kx, x_bytes ) );
-    MBEDTLS_MPI_CHK( mbedtls_md( ctx->md_info, kx, x_bytes, buf ) );
-
-cleanup:
-    mbedtls_ecp_point_free( &K );
-    mbedtls_mpi_free( &m_xm2_s );
-    mbedtls_mpi_free( &one );
-
-    return( ret );
-}
-
-#undef ID_MINE
-#undef ID_PEER
-
-#endif /* ! MBEDTLS_ECJPAKE_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf     printf
-#endif
-
-#if !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
-    !defined(MBEDTLS_SHA256_C)
-int mbedtls_ecjpake_self_test( int verbose )
-{
-    (void) verbose;
-    return( 0 );
-}
-#else
-
-static const unsigned char ecjpake_test_password[] = {
-    0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x6a, 0x70, 0x61, 0x6b, 0x65, 0x74,
-    0x65, 0x73, 0x74
-};
-
-static const unsigned char ecjpake_test_x1[] = {
-    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
-    0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
-    0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x21
-};
-
-static const unsigned char ecjpake_test_x2[] = {
-    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
-    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
-    0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x81
-};
-
-static const unsigned char ecjpake_test_x3[] = {
-    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
-    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
-    0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x81
-};
-
-static const unsigned char ecjpake_test_x4[] = {
-    0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc,
-    0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8,
-    0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe1
-};
-
-static const unsigned char ecjpake_test_cli_one[] = {
-    0x41, 0x04, 0xac, 0xcf, 0x01, 0x06, 0xef, 0x85, 0x8f, 0xa2, 0xd9, 0x19,
-    0x33, 0x13, 0x46, 0x80, 0x5a, 0x78, 0xb5, 0x8b, 0xba, 0xd0, 0xb8, 0x44,
-    0xe5, 0xc7, 0x89, 0x28, 0x79, 0x14, 0x61, 0x87, 0xdd, 0x26, 0x66, 0xad,
-    0xa7, 0x81, 0xbb, 0x7f, 0x11, 0x13, 0x72, 0x25, 0x1a, 0x89, 0x10, 0x62,
-    0x1f, 0x63, 0x4d, 0xf1, 0x28, 0xac, 0x48, 0xe3, 0x81, 0xfd, 0x6e, 0xf9,
-    0x06, 0x07, 0x31, 0xf6, 0x94, 0xa4, 0x41, 0x04, 0x1d, 0xd0, 0xbd, 0x5d,
-    0x45, 0x66, 0xc9, 0xbe, 0xd9, 0xce, 0x7d, 0xe7, 0x01, 0xb5, 0xe8, 0x2e,
-    0x08, 0xe8, 0x4b, 0x73, 0x04, 0x66, 0x01, 0x8a, 0xb9, 0x03, 0xc7, 0x9e,
-    0xb9, 0x82, 0x17, 0x22, 0x36, 0xc0, 0xc1, 0x72, 0x8a, 0xe4, 0xbf, 0x73,
-    0x61, 0x0d, 0x34, 0xde, 0x44, 0x24, 0x6e, 0xf3, 0xd9, 0xc0, 0x5a, 0x22,
-    0x36, 0xfb, 0x66, 0xa6, 0x58, 0x3d, 0x74, 0x49, 0x30, 0x8b, 0xab, 0xce,
-    0x20, 0x72, 0xfe, 0x16, 0x66, 0x29, 0x92, 0xe9, 0x23, 0x5c, 0x25, 0x00,
-    0x2f, 0x11, 0xb1, 0x50, 0x87, 0xb8, 0x27, 0x38, 0xe0, 0x3c, 0x94, 0x5b,
-    0xf7, 0xa2, 0x99, 0x5d, 0xda, 0x1e, 0x98, 0x34, 0x58, 0x41, 0x04, 0x7e,
-    0xa6, 0xe3, 0xa4, 0x48, 0x70, 0x37, 0xa9, 0xe0, 0xdb, 0xd7, 0x92, 0x62,
-    0xb2, 0xcc, 0x27, 0x3e, 0x77, 0x99, 0x30, 0xfc, 0x18, 0x40, 0x9a, 0xc5,
-    0x36, 0x1c, 0x5f, 0xe6, 0x69, 0xd7, 0x02, 0xe1, 0x47, 0x79, 0x0a, 0xeb,
-    0x4c, 0xe7, 0xfd, 0x65, 0x75, 0xab, 0x0f, 0x6c, 0x7f, 0xd1, 0xc3, 0x35,
-    0x93, 0x9a, 0xa8, 0x63, 0xba, 0x37, 0xec, 0x91, 0xb7, 0xe3, 0x2b, 0xb0,
-    0x13, 0xbb, 0x2b, 0x41, 0x04, 0xa4, 0x95, 0x58, 0xd3, 0x2e, 0xd1, 0xeb,
-    0xfc, 0x18, 0x16, 0xaf, 0x4f, 0xf0, 0x9b, 0x55, 0xfc, 0xb4, 0xca, 0x47,
-    0xb2, 0xa0, 0x2d, 0x1e, 0x7c, 0xaf, 0x11, 0x79, 0xea, 0x3f, 0xe1, 0x39,
-    0x5b, 0x22, 0xb8, 0x61, 0x96, 0x40, 0x16, 0xfa, 0xba, 0xf7, 0x2c, 0x97,
-    0x56, 0x95, 0xd9, 0x3d, 0x4d, 0xf0, 0xe5, 0x19, 0x7f, 0xe9, 0xf0, 0x40,
-    0x63, 0x4e, 0xd5, 0x97, 0x64, 0x93, 0x77, 0x87, 0xbe, 0x20, 0xbc, 0x4d,
-    0xee, 0xbb, 0xf9, 0xb8, 0xd6, 0x0a, 0x33, 0x5f, 0x04, 0x6c, 0xa3, 0xaa,
-    0x94, 0x1e, 0x45, 0x86, 0x4c, 0x7c, 0xad, 0xef, 0x9c, 0xf7, 0x5b, 0x3d,
-    0x8b, 0x01, 0x0e, 0x44, 0x3e, 0xf0
-};
-
-static const unsigned char ecjpake_test_srv_one[] = {
-    0x41, 0x04, 0x7e, 0xa6, 0xe3, 0xa4, 0x48, 0x70, 0x37, 0xa9, 0xe0, 0xdb,
-    0xd7, 0x92, 0x62, 0xb2, 0xcc, 0x27, 0x3e, 0x77, 0x99, 0x30, 0xfc, 0x18,
-    0x40, 0x9a, 0xc5, 0x36, 0x1c, 0x5f, 0xe6, 0x69, 0xd7, 0x02, 0xe1, 0x47,
-    0x79, 0x0a, 0xeb, 0x4c, 0xe7, 0xfd, 0x65, 0x75, 0xab, 0x0f, 0x6c, 0x7f,
-    0xd1, 0xc3, 0x35, 0x93, 0x9a, 0xa8, 0x63, 0xba, 0x37, 0xec, 0x91, 0xb7,
-    0xe3, 0x2b, 0xb0, 0x13, 0xbb, 0x2b, 0x41, 0x04, 0x09, 0xf8, 0x5b, 0x3d,
-    0x20, 0xeb, 0xd7, 0x88, 0x5c, 0xe4, 0x64, 0xc0, 0x8d, 0x05, 0x6d, 0x64,
-    0x28, 0xfe, 0x4d, 0xd9, 0x28, 0x7a, 0xa3, 0x65, 0xf1, 0x31, 0xf4, 0x36,
-    0x0f, 0xf3, 0x86, 0xd8, 0x46, 0x89, 0x8b, 0xc4, 0xb4, 0x15, 0x83, 0xc2,
-    0xa5, 0x19, 0x7f, 0x65, 0xd7, 0x87, 0x42, 0x74, 0x6c, 0x12, 0xa5, 0xec,
-    0x0a, 0x4f, 0xfe, 0x2f, 0x27, 0x0a, 0x75, 0x0a, 0x1d, 0x8f, 0xb5, 0x16,
-    0x20, 0x93, 0x4d, 0x74, 0xeb, 0x43, 0xe5, 0x4d, 0xf4, 0x24, 0xfd, 0x96,
-    0x30, 0x6c, 0x01, 0x17, 0xbf, 0x13, 0x1a, 0xfa, 0xbf, 0x90, 0xa9, 0xd3,
-    0x3d, 0x11, 0x98, 0xd9, 0x05, 0x19, 0x37, 0x35, 0x14, 0x41, 0x04, 0x19,
-    0x0a, 0x07, 0x70, 0x0f, 0xfa, 0x4b, 0xe6, 0xae, 0x1d, 0x79, 0xee, 0x0f,
-    0x06, 0xae, 0xb5, 0x44, 0xcd, 0x5a, 0xdd, 0xaa, 0xbe, 0xdf, 0x70, 0xf8,
-    0x62, 0x33, 0x21, 0x33, 0x2c, 0x54, 0xf3, 0x55, 0xf0, 0xfb, 0xfe, 0xc7,
-    0x83, 0xed, 0x35, 0x9e, 0x5d, 0x0b, 0xf7, 0x37, 0x7a, 0x0f, 0xc4, 0xea,
-    0x7a, 0xce, 0x47, 0x3c, 0x9c, 0x11, 0x2b, 0x41, 0xcc, 0xd4, 0x1a, 0xc5,
-    0x6a, 0x56, 0x12, 0x41, 0x04, 0x36, 0x0a, 0x1c, 0xea, 0x33, 0xfc, 0xe6,
-    0x41, 0x15, 0x64, 0x58, 0xe0, 0xa4, 0xea, 0xc2, 0x19, 0xe9, 0x68, 0x31,
-    0xe6, 0xae, 0xbc, 0x88, 0xb3, 0xf3, 0x75, 0x2f, 0x93, 0xa0, 0x28, 0x1d,
-    0x1b, 0xf1, 0xfb, 0x10, 0x60, 0x51, 0xdb, 0x96, 0x94, 0xa8, 0xd6, 0xe8,
-    0x62, 0xa5, 0xef, 0x13, 0x24, 0xa3, 0xd9, 0xe2, 0x78, 0x94, 0xf1, 0xee,
-    0x4f, 0x7c, 0x59, 0x19, 0x99, 0x65, 0xa8, 0xdd, 0x4a, 0x20, 0x91, 0x84,
-    0x7d, 0x2d, 0x22, 0xdf, 0x3e, 0xe5, 0x5f, 0xaa, 0x2a, 0x3f, 0xb3, 0x3f,
-    0xd2, 0xd1, 0xe0, 0x55, 0xa0, 0x7a, 0x7c, 0x61, 0xec, 0xfb, 0x8d, 0x80,
-    0xec, 0x00, 0xc2, 0xc9, 0xeb, 0x12
-};
-
-static const unsigned char ecjpake_test_srv_two[] = {
-    0x03, 0x00, 0x17, 0x41, 0x04, 0x0f, 0xb2, 0x2b, 0x1d, 0x5d, 0x11, 0x23,
-    0xe0, 0xef, 0x9f, 0xeb, 0x9d, 0x8a, 0x2e, 0x59, 0x0a, 0x1f, 0x4d, 0x7c,
-    0xed, 0x2c, 0x2b, 0x06, 0x58, 0x6e, 0x8f, 0x2a, 0x16, 0xd4, 0xeb, 0x2f,
-    0xda, 0x43, 0x28, 0xa2, 0x0b, 0x07, 0xd8, 0xfd, 0x66, 0x76, 0x54, 0xca,
-    0x18, 0xc5, 0x4e, 0x32, 0xa3, 0x33, 0xa0, 0x84, 0x54, 0x51, 0xe9, 0x26,
-    0xee, 0x88, 0x04, 0xfd, 0x7a, 0xf0, 0xaa, 0xa7, 0xa6, 0x41, 0x04, 0x55,
-    0x16, 0xea, 0x3e, 0x54, 0xa0, 0xd5, 0xd8, 0xb2, 0xce, 0x78, 0x6b, 0x38,
-    0xd3, 0x83, 0x37, 0x00, 0x29, 0xa5, 0xdb, 0xe4, 0x45, 0x9c, 0x9d, 0xd6,
-    0x01, 0xb4, 0x08, 0xa2, 0x4a, 0xe6, 0x46, 0x5c, 0x8a, 0xc9, 0x05, 0xb9,
-    0xeb, 0x03, 0xb5, 0xd3, 0x69, 0x1c, 0x13, 0x9e, 0xf8, 0x3f, 0x1c, 0xd4,
-    0x20, 0x0f, 0x6c, 0x9c, 0xd4, 0xec, 0x39, 0x22, 0x18, 0xa5, 0x9e, 0xd2,
-    0x43, 0xd3, 0xc8, 0x20, 0xff, 0x72, 0x4a, 0x9a, 0x70, 0xb8, 0x8c, 0xb8,
-    0x6f, 0x20, 0xb4, 0x34, 0xc6, 0x86, 0x5a, 0xa1, 0xcd, 0x79, 0x06, 0xdd,
-    0x7c, 0x9b, 0xce, 0x35, 0x25, 0xf5, 0x08, 0x27, 0x6f, 0x26, 0x83, 0x6c
-};
-
-static const unsigned char ecjpake_test_cli_two[] = {
-    0x41, 0x04, 0x69, 0xd5, 0x4e, 0xe8, 0x5e, 0x90, 0xce, 0x3f, 0x12, 0x46,
-    0x74, 0x2d, 0xe5, 0x07, 0xe9, 0x39, 0xe8, 0x1d, 0x1d, 0xc1, 0xc5, 0xcb,
-    0x98, 0x8b, 0x58, 0xc3, 0x10, 0xc9, 0xfd, 0xd9, 0x52, 0x4d, 0x93, 0x72,
-    0x0b, 0x45, 0x54, 0x1c, 0x83, 0xee, 0x88, 0x41, 0x19, 0x1d, 0xa7, 0xce,
-    0xd8, 0x6e, 0x33, 0x12, 0xd4, 0x36, 0x23, 0xc1, 0xd6, 0x3e, 0x74, 0x98,
-    0x9a, 0xba, 0x4a, 0xff, 0xd1, 0xee, 0x41, 0x04, 0x07, 0x7e, 0x8c, 0x31,
-    0xe2, 0x0e, 0x6b, 0xed, 0xb7, 0x60, 0xc1, 0x35, 0x93, 0xe6, 0x9f, 0x15,
-    0xbe, 0x85, 0xc2, 0x7d, 0x68, 0xcd, 0x09, 0xcc, 0xb8, 0xc4, 0x18, 0x36,
-    0x08, 0x91, 0x7c, 0x5c, 0x3d, 0x40, 0x9f, 0xac, 0x39, 0xfe, 0xfe, 0xe8,
-    0x2f, 0x72, 0x92, 0xd3, 0x6f, 0x0d, 0x23, 0xe0, 0x55, 0x91, 0x3f, 0x45,
-    0xa5, 0x2b, 0x85, 0xdd, 0x8a, 0x20, 0x52, 0xe9, 0xe1, 0x29, 0xbb, 0x4d,
-    0x20, 0x0f, 0x01, 0x1f, 0x19, 0x48, 0x35, 0x35, 0xa6, 0xe8, 0x9a, 0x58,
-    0x0c, 0x9b, 0x00, 0x03, 0xba, 0xf2, 0x14, 0x62, 0xec, 0xe9, 0x1a, 0x82,
-    0xcc, 0x38, 0xdb, 0xdc, 0xae, 0x60, 0xd9, 0xc5, 0x4c
-};
-
-static const unsigned char ecjpake_test_pms[] = {
-    0xf3, 0xd4, 0x7f, 0x59, 0x98, 0x44, 0xdb, 0x92, 0xa5, 0x69, 0xbb, 0xe7,
-    0x98, 0x1e, 0x39, 0xd9, 0x31, 0xfd, 0x74, 0x3b, 0xf2, 0x2e, 0x98, 0xf9,
-    0xb4, 0x38, 0xf7, 0x19, 0xd3, 0xc4, 0xf3, 0x51
-};
-
-/* Load my private keys and generate the correponding public keys */
-static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
-                              const unsigned char *xm1, size_t len1,
-                              const unsigned char *xm2, size_t len2 )
-{
-    int ret;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm1, xm1, len1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm2, xm2, len2 ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm1, &ctx->xm1,
-                                      &ctx->grp.G, NULL, NULL ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm2, &ctx->xm2,
-                                      &ctx->grp.G, NULL, NULL ) );
-
-cleanup:
-    return( ret );
-}
-
-/* For tests we don't need a secure RNG;
- * use the LGC from Numerical Recipes for simplicity */
-static int ecjpake_lgc( void *p, unsigned char *out, size_t len )
-{
-    static uint32_t x = 42;
-    (void) p;
-
-    while( len > 0 )
-    {
-        size_t use_len = len > 4 ? 4 : len;
-        x = 1664525 * x + 1013904223;
-        memcpy( out, &x, use_len );
-        out += use_len;
-        len -= use_len;
-    }
-
-    return( 0 );
-}
-
-#define TEST_ASSERT( x )    \
-    do {                    \
-        if( x )             \
-            ret = 0;        \
-        else                \
-        {                   \
-            ret = 1;        \
-            goto cleanup;   \
-        }                   \
-    } while( 0 )
-
-/*
- * Checkup routine
- */
-int mbedtls_ecjpake_self_test( int verbose )
-{
-    int ret;
-    mbedtls_ecjpake_context cli;
-    mbedtls_ecjpake_context srv;
-    unsigned char buf[512], pms[32];
-    size_t len, pmslen;
-
-    mbedtls_ecjpake_init( &cli );
-    mbedtls_ecjpake_init( &srv );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  ECJPAKE test #0 (setup): " );
-
-    TEST_ASSERT( mbedtls_ecjpake_setup( &cli, MBEDTLS_ECJPAKE_CLIENT,
-                    MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
-                    ecjpake_test_password,
-            sizeof( ecjpake_test_password ) ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_setup( &srv, MBEDTLS_ECJPAKE_SERVER,
-                    MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
-                    ecjpake_test_password,
-            sizeof( ecjpake_test_password ) ) == 0 );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  ECJPAKE test #1 (random handshake): " );
-
-    TEST_ASSERT( mbedtls_ecjpake_write_round_one( &cli,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &srv, buf, len ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_write_round_one( &srv,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &cli, buf, len ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_write_round_two( &srv,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &cli, buf, len ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_derive_secret( &cli,
-                 pms, sizeof( pms ), &pmslen, ecjpake_lgc, NULL ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_write_round_two( &cli,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &srv, buf, len ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_derive_secret( &srv,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
-
-    TEST_ASSERT( len == pmslen );
-    TEST_ASSERT( memcmp( buf, pms, len ) == 0 );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  ECJPAKE test #2 (reference handshake): " );
-
-    /* Simulate generation of round one */
-    MBEDTLS_MPI_CHK( ecjpake_test_load( &cli,
-                ecjpake_test_x1, sizeof( ecjpake_test_x1 ),
-                ecjpake_test_x2, sizeof( ecjpake_test_x2 ) ) );
-
-    MBEDTLS_MPI_CHK( ecjpake_test_load( &srv,
-                ecjpake_test_x3, sizeof( ecjpake_test_x3 ),
-                ecjpake_test_x4, sizeof( ecjpake_test_x4 ) ) );
-
-    /* Read round one */
-    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &srv,
-                                    ecjpake_test_cli_one,
-                            sizeof( ecjpake_test_cli_one ) ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &cli,
-                                    ecjpake_test_srv_one,
-                            sizeof( ecjpake_test_srv_one ) ) == 0 );
-
-    /* Skip generation of round two, read round two */
-    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &cli,
-                                    ecjpake_test_srv_two,
-                            sizeof( ecjpake_test_srv_two ) ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &srv,
-                                    ecjpake_test_cli_two,
-                            sizeof( ecjpake_test_cli_two ) ) == 0 );
-
-    /* Server derives PMS */
-    TEST_ASSERT( mbedtls_ecjpake_derive_secret( &srv,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
-
-    TEST_ASSERT( len == sizeof( ecjpake_test_pms ) );
-    TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 );
-
-    memset( buf, 0, len ); /* Avoid interferences with next step */
-
-    /* Client derives PMS */
-    TEST_ASSERT( mbedtls_ecjpake_derive_secret( &cli,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
-
-    TEST_ASSERT( len == sizeof( ecjpake_test_pms ) );
-    TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-cleanup:
-    mbedtls_ecjpake_free( &cli );
-    mbedtls_ecjpake_free( &srv );
-
-    if( ret != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( ret );
-}
-
-#undef TEST_ASSERT
-
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED && MBEDTLS_SHA256_C */
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_ECJPAKE_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/ecp.c b/components/ssl/mbedtls/mbedtls/library/ecp.c
deleted file mode 100644
index b41baef2..00000000
--- a/components/ssl/mbedtls/mbedtls/library/ecp.c
+++ /dev/null
@@ -1,2195 +0,0 @@
-/*
- *  Elliptic curves over GF(p): generic functions
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- * References:
- *
- * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
- * GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone
- * FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
- * RFC 4492 for the related TLS structures and constants
- *
- * [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf
- *
- * [2] CORON, Jean-S'ebastien. Resistance against differential power analysis
- *     for elliptic curve cryptosystems. In : Cryptographic Hardware and
- *     Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302.
- *     <http://link.springer.com/chapter/10.1007/3-540-48059-5_25>
- *
- * [3] HEDABOU, Mustapha, PINEL, Pierre, et B'EN'ETEAU, Lucien. A comb method to
- *     render ECC resistant against Side Channel Attacks. IACR Cryptology
- *     ePrint Archive, 2004, vol. 2004, p. 342.
- *     <http://eprint.iacr.org/2004/342.pdf>
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-
-#include "mbedtls/ecp.h"
-#include "mbedtls/threading.h"
-
-#include <string.h>
-
-#if !defined(MBEDTLS_ECP_ALT)
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#include <stdio.h>
-#define mbedtls_printf     printf
-#define mbedtls_calloc    calloc
-#define mbedtls_free       free
-#endif
-
-#include "mbedtls/ecp_internal.h"
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * Counts of point addition and doubling, and field multiplications.
- * Used to test resistance of point multiplication to simple timing attacks.
- */
-static unsigned long add_count, dbl_count, mul_count;
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)   ||   \
-    defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)   ||   \
-    defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)   ||   \
-    defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define ECP_SHORTWEIERSTRASS
-#endif
-
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define ECP_MONTGOMERY
-#endif
-
-/*
- * Curve types: internal for now, might be exposed later
- */
-typedef enum
-{
-    ECP_TYPE_NONE = 0,
-    ECP_TYPE_SHORT_WEIERSTRASS,    /* y^2 = x^3 + a x + b      */
-    ECP_TYPE_MONTGOMERY,           /* y^2 = x^3 + a x^2 + x    */
-} ecp_curve_type;
-
-/*
- * List of supported curves:
- *  - internal ID
- *  - TLS NamedCurve ID (RFC 4492 sec. 5.1.1, RFC 7071 sec. 2)
- *  - size in bits
- *  - readable name
- *
- * Curves are listed in order: largest curves first, and for a given size,
- * fastest curves first. This provides the default order for the SSL module.
- *
- * Reminder: update profiles in x509_crt.c when adding a new curves!
- */
-static const mbedtls_ecp_curve_info ecp_supported_curves[] =
-{
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-    { MBEDTLS_ECP_DP_SECP521R1,    25,     521,    "secp521r1"         },
-#endif
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-    { MBEDTLS_ECP_DP_BP512R1,      28,     512,    "brainpoolP512r1"   },
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-    { MBEDTLS_ECP_DP_SECP384R1,    24,     384,    "secp384r1"         },
-#endif
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-    { MBEDTLS_ECP_DP_BP384R1,      27,     384,    "brainpoolP384r1"   },
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-    { MBEDTLS_ECP_DP_SECP256R1,    23,     256,    "secp256r1"         },
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-    { MBEDTLS_ECP_DP_SECP256K1,    22,     256,    "secp256k1"         },
-#endif
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-    { MBEDTLS_ECP_DP_BP256R1,      26,     256,    "brainpoolP256r1"   },
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-    { MBEDTLS_ECP_DP_SECP224R1,    21,     224,    "secp224r1"         },
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-    { MBEDTLS_ECP_DP_SECP224K1,    20,     224,    "secp224k1"         },
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-    { MBEDTLS_ECP_DP_SECP192R1,    19,     192,    "secp192r1"         },
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-    { MBEDTLS_ECP_DP_SECP192K1,    18,     192,    "secp192k1"         },
-#endif
-    { MBEDTLS_ECP_DP_NONE,          0,     0,      NULL                },
-};
-
-#define ECP_NB_CURVES   sizeof( ecp_supported_curves ) /    \
-                        sizeof( ecp_supported_curves[0] )
-
-static mbedtls_ecp_group_id ecp_supported_grp_id[ECP_NB_CURVES];
-
-/*
- * List of supported curves and associated info
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void )
-{
-    return( ecp_supported_curves );
-}
-
-/*
- * List of supported curves, group ID only
- */
-const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void )
-{
-    static int init_done = 0;
-
-    if( ! init_done )
-    {
-        size_t i = 0;
-        const mbedtls_ecp_curve_info *curve_info;
-
-        for( curve_info = mbedtls_ecp_curve_list();
-             curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
-             curve_info++ )
-        {
-            ecp_supported_grp_id[i++] = curve_info->grp_id;
-        }
-        ecp_supported_grp_id[i] = MBEDTLS_ECP_DP_NONE;
-
-        init_done = 1;
-    }
-
-    return( ecp_supported_grp_id );
-}
-
-/*
- * Get the curve info for the internal identifier
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id )
-{
-    const mbedtls_ecp_curve_info *curve_info;
-
-    for( curve_info = mbedtls_ecp_curve_list();
-         curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
-         curve_info++ )
-    {
-        if( curve_info->grp_id == grp_id )
-            return( curve_info );
-    }
-
-    return( NULL );
-}
-
-/*
- * Get the curve info from the TLS identifier
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id )
-{
-    const mbedtls_ecp_curve_info *curve_info;
-
-    for( curve_info = mbedtls_ecp_curve_list();
-         curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
-         curve_info++ )
-    {
-        if( curve_info->tls_id == tls_id )
-            return( curve_info );
-    }
-
-    return( NULL );
-}
-
-/*
- * Get the curve info from the name
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name )
-{
-    const mbedtls_ecp_curve_info *curve_info;
-
-    for( curve_info = mbedtls_ecp_curve_list();
-         curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
-         curve_info++ )
-    {
-        if( strcmp( curve_info->name, name ) == 0 )
-            return( curve_info );
-    }
-
-    return( NULL );
-}
-
-/*
- * Get the type of a curve
- */
-static inline ecp_curve_type ecp_get_type( const mbedtls_ecp_group *grp )
-{
-    if( grp->G.X.p == NULL )
-        return( ECP_TYPE_NONE );
-
-    if( grp->G.Y.p == NULL )
-        return( ECP_TYPE_MONTGOMERY );
-    else
-        return( ECP_TYPE_SHORT_WEIERSTRASS );
-}
-
-/*
- * Initialize (the components of) a point
- */
-void mbedtls_ecp_point_init( mbedtls_ecp_point *pt )
-{
-    if( pt == NULL )
-        return;
-
-    mbedtls_mpi_init( &pt->X );
-    mbedtls_mpi_init( &pt->Y );
-    mbedtls_mpi_init( &pt->Z );
-}
-
-/*
- * Initialize (the components of) a group
- */
-void mbedtls_ecp_group_init( mbedtls_ecp_group *grp )
-{
-    if( grp == NULL )
-        return;
-
-    memset( grp, 0, sizeof( mbedtls_ecp_group ) );
-}
-
-/*
- * Initialize (the components of) a key pair
- */
-void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key )
-{
-    if( key == NULL )
-        return;
-
-    mbedtls_ecp_group_init( &key->grp );
-    mbedtls_mpi_init( &key->d );
-    mbedtls_ecp_point_init( &key->Q );
-}
-
-/*
- * Unallocate (the components of) a point
- */
-void mbedtls_ecp_point_free( mbedtls_ecp_point *pt )
-{
-    if( pt == NULL )
-        return;
-
-    mbedtls_mpi_free( &( pt->X ) );
-    mbedtls_mpi_free( &( pt->Y ) );
-    mbedtls_mpi_free( &( pt->Z ) );
-}
-
-/*
- * Unallocate (the components of) a group
- */
-void mbedtls_ecp_group_free( mbedtls_ecp_group *grp )
-{
-    size_t i;
-
-    if( grp == NULL )
-        return;
-
-    if( grp->h != 1 )
-    {
-        mbedtls_mpi_free( &grp->P );
-        mbedtls_mpi_free( &grp->A );
-        mbedtls_mpi_free( &grp->B );
-        mbedtls_ecp_point_free( &grp->G );
-        mbedtls_mpi_free( &grp->N );
-    }
-
-    if( grp->T != NULL )
-    {
-        for( i = 0; i < grp->T_size; i++ )
-            mbedtls_ecp_point_free( &grp->T[i] );
-        mbedtls_free( grp->T );
-    }
-
-    mbedtls_zeroize( grp, sizeof( mbedtls_ecp_group ) );
-}
-
-/*
- * Unallocate (the components of) a key pair
- */
-void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key )
-{
-    if( key == NULL )
-        return;
-
-    mbedtls_ecp_group_free( &key->grp );
-    mbedtls_mpi_free( &key->d );
-    mbedtls_ecp_point_free( &key->Q );
-}
-
-/*
- * Copy the contents of a point
- */
-int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
-{
-    int ret;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->X, &Q->X ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Y, &Q->Y ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Z, &Q->Z ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Copy the contents of a group object
- */
-int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src )
-{
-    return mbedtls_ecp_group_load( dst, src->id );
-}
-
-/*
- * Set point to zero
- */
-int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt )
-{
-    int ret;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Y , 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z , 0 ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Tell if a point is zero
- */
-int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt )
-{
-    return( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 );
-}
-
-/*
- * Compare two points lazyly
- */
-int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
-                           const mbedtls_ecp_point *Q )
-{
-    if( mbedtls_mpi_cmp_mpi( &P->X, &Q->X ) == 0 &&
-        mbedtls_mpi_cmp_mpi( &P->Y, &Q->Y ) == 0 &&
-        mbedtls_mpi_cmp_mpi( &P->Z, &Q->Z ) == 0 )
-    {
-        return( 0 );
-    }
-
-    return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-}
-
-/*
- * Import a non-zero point from ASCII strings
- */
-int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
-                           const char *x, const char *y )
-{
-    int ret;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->X, radix, x ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->Y, radix, y ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Export a point into unsigned binary data (SEC1 2.3.3)
- */
-int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
-                            int format, size_t *olen,
-                            unsigned char *buf, size_t buflen )
-{
-    int ret = 0;
-    size_t plen;
-
-    if( format != MBEDTLS_ECP_PF_UNCOMPRESSED &&
-        format != MBEDTLS_ECP_PF_COMPRESSED )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /*
-     * Common case: P == 0
-     */
-    if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
-    {
-        if( buflen < 1 )
-            return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-        buf[0] = 0x00;
-        *olen = 1;
-
-        return( 0 );
-    }
-
-    plen = mbedtls_mpi_size( &grp->P );
-
-    if( format == MBEDTLS_ECP_PF_UNCOMPRESSED )
-    {
-        *olen = 2 * plen + 1;
-
-        if( buflen < *olen )
-            return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-        buf[0] = 0x04;
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->Y, buf + 1 + plen, plen ) );
-    }
-    else if( format == MBEDTLS_ECP_PF_COMPRESSED )
-    {
-        *olen = plen + 1;
-
-        if( buflen < *olen )
-            return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-        buf[0] = 0x02 + mbedtls_mpi_get_bit( &P->Y, 0 );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
-    }
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Import a point from unsigned binary data (SEC1 2.3.4)
- */
-int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
-                           const unsigned char *buf, size_t ilen )
-{
-    int ret;
-    size_t plen;
-
-    if( ilen < 1 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    if( buf[0] == 0x00 )
-    {
-        if( ilen == 1 )
-            return( mbedtls_ecp_set_zero( pt ) );
-        else
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-    }
-
-    plen = mbedtls_mpi_size( &grp->P );
-
-    if( buf[0] != 0x04 )
-        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-
-    if( ilen != 2 * plen + 1 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->X, buf + 1, plen ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->Y, buf + 1 + plen, plen ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Import a point from a TLS ECPoint record (RFC 4492)
- *      struct {
- *          opaque point <1..2^8-1>;
- *      } ECPoint;
- */
-int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
-                        const unsigned char **buf, size_t buf_len )
-{
-    unsigned char data_len;
-    const unsigned char *buf_start;
-
-    /*
-     * We must have at least two bytes (1 for length, at least one for data)
-     */
-    if( buf_len < 2 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    data_len = *(*buf)++;
-    if( data_len < 1 || data_len > buf_len - 1 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /*
-     * Save buffer start for read_binary and update buf
-     */
-    buf_start = *buf;
-    *buf += data_len;
-
-    return mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len );
-}
-
-/*
- * Export a point as a TLS ECPoint record (RFC 4492)
- *      struct {
- *          opaque point <1..2^8-1>;
- *      } ECPoint;
- */
-int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
-                         int format, size_t *olen,
-                         unsigned char *buf, size_t blen )
-{
-    int ret;
-
-    /*
-     * buffer length must be at least one, for our length byte
-     */
-    if( blen < 1 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    if( ( ret = mbedtls_ecp_point_write_binary( grp, pt, format,
-                    olen, buf + 1, blen - 1) ) != 0 )
-        return( ret );
-
-    /*
-     * write length to the first byte and update total length
-     */
-    buf[0] = (unsigned char) *olen;
-    ++*olen;
-
-    return( 0 );
-}
-
-/*
- * Set a group from an ECParameters record (RFC 4492)
- */
-int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len )
-{
-    uint16_t tls_id;
-    const mbedtls_ecp_curve_info *curve_info;
-
-    /*
-     * We expect at least three bytes (see below)
-     */
-    if( len < 3 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /*
-     * First byte is curve_type; only named_curve is handled
-     */
-    if( *(*buf)++ != MBEDTLS_ECP_TLS_NAMED_CURVE )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /*
-     * Next two bytes are the namedcurve value
-     */
-    tls_id = *(*buf)++;
-    tls_id <<= 8;
-    tls_id |= *(*buf)++;
-
-    if( ( curve_info = mbedtls_ecp_curve_info_from_tls_id( tls_id ) ) == NULL )
-        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-
-    return mbedtls_ecp_group_load( grp, curve_info->grp_id );
-}
-
-/*
- * Write the ECParameters record corresponding to a group (RFC 4492)
- */
-int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
-                         unsigned char *buf, size_t blen )
-{
-    const mbedtls_ecp_curve_info *curve_info;
-
-    if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( grp->id ) ) == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /*
-     * We are going to write 3 bytes (see below)
-     */
-    *olen = 3;
-    if( blen < *olen )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-    /*
-     * First byte is curve_type, always named_curve
-     */
-    *buf++ = MBEDTLS_ECP_TLS_NAMED_CURVE;
-
-    /*
-     * Next two bytes are the namedcurve value
-     */
-    buf[0] = curve_info->tls_id >> 8;
-    buf[1] = curve_info->tls_id & 0xFF;
-
-    return( 0 );
-}
-
-/*
- * Wrapper around fast quasi-modp functions, with fall-back to mbedtls_mpi_mod_mpi.
- * See the documentation of struct mbedtls_ecp_group.
- *
- * This function is in the critial loop for mbedtls_ecp_mul, so pay attention to perf.
- */
-static int ecp_modp( mbedtls_mpi *N, const mbedtls_ecp_group *grp )
-{
-    int ret;
-
-    if( grp->modp == NULL )
-        return( mbedtls_mpi_mod_mpi( N, N, &grp->P ) );
-
-    /* N->s < 0 is a much faster test, which fails only if N is 0 */
-    if( ( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 ) ||
-        mbedtls_mpi_bitlen( N ) > 2 * grp->pbits )
-    {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-    }
-
-    MBEDTLS_MPI_CHK( grp->modp( N ) );
-
-    /* N->s < 0 is a much faster test, which fails only if N is 0 */
-    while( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &grp->P ) );
-
-    while( mbedtls_mpi_cmp_mpi( N, &grp->P ) >= 0 )
-        /* we known P, N and the result are positive */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, N, &grp->P ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Fast mod-p functions expect their argument to be in the 0..p^2 range.
- *
- * In order to guarantee that, we need to ensure that operands of
- * mbedtls_mpi_mul_mpi are in the 0..p range. So, after each operation we will
- * bring the result back to this range.
- *
- * The following macros are shortcuts for doing that.
- */
-
-/*
- * Reduce a mbedtls_mpi mod p in-place, general case, to use after mbedtls_mpi_mul_mpi
- */
-#if defined(MBEDTLS_SELF_TEST)
-#define INC_MUL_COUNT   mul_count++;
-#else
-#define INC_MUL_COUNT
-#endif
-
-#define MOD_MUL( N )    do { MBEDTLS_MPI_CHK( ecp_modp( &N, grp ) ); INC_MUL_COUNT } \
-                        while( 0 )
-
-/*
- * Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_sub_mpi
- * N->s < 0 is a very fast test, which fails only if N is 0
- */
-#define MOD_SUB( N )                                \
-    while( N.s < 0 && mbedtls_mpi_cmp_int( &N, 0 ) != 0 )   \
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &N, &N, &grp->P ) )
-
-/*
- * Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_add_mpi and mbedtls_mpi_mul_int.
- * We known P, N and the result are positive, so sub_abs is correct, and
- * a bit faster.
- */
-#define MOD_ADD( N )                                \
-    while( mbedtls_mpi_cmp_mpi( &N, &grp->P ) >= 0 )        \
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &N, &N, &grp->P ) )
-
-#if defined(ECP_SHORTWEIERSTRASS)
-/*
- * For curves in short Weierstrass form, we do all the internal operations in
- * Jacobian coordinates.
- *
- * For multiplication, we'll use a comb method with coutermeasueres against
- * SPA, hence timing attacks.
- */
-
-/*
- * Normalize jacobian coordinates so that Z == 0 || Z == 1  (GECC 3.2.1)
- * Cost: 1N := 1I + 3M + 1S
- */
-static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt )
-{
-    int ret;
-    mbedtls_mpi Zi, ZZi;
-
-    if( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 )
-        return( 0 );
-
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
-    if ( mbedtls_internal_ecp_grp_capable( grp ) )
-    {
-        return mbedtls_internal_ecp_normalize_jac( grp, pt );
-    }
-#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */
-    mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi );
-
-    /*
-     * X = X / Z^2  mod p
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &Zi,      &pt->Z,     &grp->P ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ZZi,     &Zi,        &Zi     ) ); MOD_MUL( ZZi );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->X,   &pt->X,     &ZZi    ) ); MOD_MUL( pt->X );
-
-    /*
-     * Y = Y / Z^3  mod p
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Y,   &pt->Y,     &ZZi    ) ); MOD_MUL( pt->Y );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Y,   &pt->Y,     &Zi     ) ); MOD_MUL( pt->Y );
-
-    /*
-     * Z = 1
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
-
-cleanup:
-
-    mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi );
-
-    return( ret );
-}
-
-/*
- * Normalize jacobian coordinates of an array of (pointers to) points,
- * using Montgomery's trick to perform only one inversion mod P.
- * (See for example Cohen's "A Course in Computational Algebraic Number
- * Theory", Algorithm 10.3.4.)
- *
- * Warning: fails (returning an error) if one of the points is zero!
- * This should never happen, see choice of w in ecp_mul_comb().
- *
- * Cost: 1N(t) := 1I + (6t - 3)M + 1S
- */
-static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp,
-                                   mbedtls_ecp_point *T[], size_t t_len )
-{
-    int ret;
-    size_t i;
-    mbedtls_mpi *c, u, Zi, ZZi;
-
-    if( t_len < 2 )
-        return( ecp_normalize_jac( grp, *T ) );
-
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
-    if ( mbedtls_internal_ecp_grp_capable( grp ) )
-    {
-        return mbedtls_internal_ecp_normalize_jac_many(grp, T, t_len);
-    }
-#endif
-
-    if( ( c = mbedtls_calloc( t_len, sizeof( mbedtls_mpi ) ) ) == NULL )
-        return( MBEDTLS_ERR_ECP_ALLOC_FAILED );
-
-    mbedtls_mpi_init( &u ); mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi );
-
-    /*
-     * c[i] = Z_0 * ... * Z_i
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &c[0], &T[0]->Z ) );
-    for( i = 1; i < t_len; i++ )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &c[i], &c[i-1], &T[i]->Z ) );
-        MOD_MUL( c[i] );
-    }
-
-    /*
-     * u = 1 / (Z_0 * ... * Z_n) mod P
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &u, &c[t_len-1], &grp->P ) );
-
-    for( i = t_len - 1; ; i-- )
-    {
-        /*
-         * Zi = 1 / Z_i mod p
-         * u = 1 / (Z_0 * ... * Z_i) mod P
-         */
-        if( i == 0 ) {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Zi, &u ) );
-        }
-        else
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &Zi, &u, &c[i-1]  ) ); MOD_MUL( Zi );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &u,  &u, &T[i]->Z ) ); MOD_MUL( u );
-        }
-
-        /*
-         * proceed as in normalize()
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ZZi,     &Zi,      &Zi  ) ); MOD_MUL( ZZi );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T[i]->X, &T[i]->X, &ZZi ) ); MOD_MUL( T[i]->X );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T[i]->Y, &T[i]->Y, &ZZi ) ); MOD_MUL( T[i]->Y );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T[i]->Y, &T[i]->Y, &Zi  ) ); MOD_MUL( T[i]->Y );
-
-        /*
-         * Post-precessing: reclaim some memory by shrinking coordinates
-         * - not storing Z (always 1)
-         * - shrinking other coordinates, but still keeping the same number of
-         *   limbs as P, as otherwise it will too likely be regrown too fast.
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->X, grp->P.n ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->Y, grp->P.n ) );
-        mbedtls_mpi_free( &T[i]->Z );
-
-        if( i == 0 )
-            break;
-    }
-
-cleanup:
-
-    mbedtls_mpi_free( &u ); mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi );
-    for( i = 0; i < t_len; i++ )
-        mbedtls_mpi_free( &c[i] );
-    mbedtls_free( c );
-
-    return( ret );
-}
-
-/*
- * Conditional point inversion: Q -> -Q = (Q.X, -Q.Y, Q.Z) without leak.
- * "inv" must be 0 (don't invert) or 1 (invert) or the result will be invalid
- */
-static int ecp_safe_invert_jac( const mbedtls_ecp_group *grp,
-                            mbedtls_ecp_point *Q,
-                            unsigned char inv )
-{
-    int ret;
-    unsigned char nonzero;
-    mbedtls_mpi mQY;
-
-    mbedtls_mpi_init( &mQY );
-
-    /* Use the fact that -Q.Y mod P = P - Q.Y unless Q.Y == 0 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mQY, &grp->P, &Q->Y ) );
-    nonzero = mbedtls_mpi_cmp_int( &Q->Y, 0 ) != 0;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &Q->Y, &mQY, inv & nonzero ) );
-
-cleanup:
-    mbedtls_mpi_free( &mQY );
-
-    return( ret );
-}
-
-/*
- * Point doubling R = 2 P, Jacobian coordinates
- *
- * Based on http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html#doubling-dbl-1998-cmo-2 .
- *
- * We follow the variable naming fairly closely. The formula variations that trade a MUL for a SQR
- * (plus a few ADDs) aren't useful as our bignum implementation doesn't distinguish squaring.
- *
- * Standard optimizations are applied when curve parameter A is one of { 0, -3 }.
- *
- * Cost: 1D := 3M + 4S          (A ==  0)
- *             4M + 4S          (A == -3)
- *             3M + 6S + 1a     otherwise
- */
-static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                           const mbedtls_ecp_point *P )
-{
-    int ret;
-    mbedtls_mpi M, S, T, U;
-
-#if defined(MBEDTLS_SELF_TEST)
-    dbl_count++;
-#endif
-
-#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
-    if ( mbedtls_internal_ecp_grp_capable( grp ) )
-    {
-        return mbedtls_internal_ecp_double_jac( grp, R, P );
-    }
-#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */
-
-    mbedtls_mpi_init( &M ); mbedtls_mpi_init( &S ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &U );
-
-    /* Special case for A = -3 */
-    if( grp->A.p == NULL )
-    {
-        /* M = 3(X + Z^2)(X - Z^2) */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S,  &P->Z,  &P->Z   ) ); MOD_MUL( S );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T,  &P->X,  &S      ) ); MOD_ADD( T );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U,  &P->X,  &S      ) ); MOD_SUB( U );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S,  &T,     &U      ) ); MOD_MUL( S );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M,  &S,     3       ) ); MOD_ADD( M );
-    }
-    else
-    {
-        /* M = 3.X^2 */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S,  &P->X,  &P->X   ) ); MOD_MUL( S );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M,  &S,     3       ) ); MOD_ADD( M );
-
-        /* Optimize away for "koblitz" curves with A = 0 */
-        if( mbedtls_mpi_cmp_int( &grp->A, 0 ) != 0 )
-        {
-            /* M += A.Z^4 */
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S,  &P->Z,  &P->Z   ) ); MOD_MUL( S );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T,  &S,     &S      ) ); MOD_MUL( T );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S,  &T,     &grp->A ) ); MOD_MUL( S );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M,  &M,     &S      ) ); MOD_ADD( M );
-        }
-    }
-
-    /* S = 4.X.Y^2 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T,  &P->Y,  &P->Y   ) ); MOD_MUL( T );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T,  1               ) ); MOD_ADD( T );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S,  &P->X,  &T      ) ); MOD_MUL( S );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &S,  1               ) ); MOD_ADD( S );
-
-    /* U = 8.Y^4 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &U,  &T,     &T      ) ); MOD_MUL( U );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &U,  1               ) ); MOD_ADD( U );
-
-    /* T = M^2 - 2.S */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T,  &M,     &M      ) ); MOD_MUL( T );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T,  &T,     &S      ) ); MOD_SUB( T );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T,  &T,     &S      ) ); MOD_SUB( T );
-
-    /* S = M(S - T) - U */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &S,  &S,     &T      ) ); MOD_SUB( S );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S,  &S,     &M      ) ); MOD_MUL( S );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &S,  &S,     &U      ) ); MOD_SUB( S );
-
-    /* U = 2.Y.Z */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &U,  &P->Y,  &P->Z   ) ); MOD_MUL( U );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &U,  1               ) ); MOD_ADD( U );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &T ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &S ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &U ) );
-
-cleanup:
-    mbedtls_mpi_free( &M ); mbedtls_mpi_free( &S ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &U );
-
-    return( ret );
-}
-
-/*
- * Addition: R = P + Q, mixed affine-Jacobian coordinates (GECC 3.22)
- *
- * The coordinates of Q must be normalized (= affine),
- * but those of P don't need to. R is not normalized.
- *
- * Special cases: (1) P or Q is zero, (2) R is zero, (3) P == Q.
- * None of these cases can happen as intermediate step in ecp_mul_comb():
- * - at each step, P, Q and R are multiples of the base point, the factor
- *   being less than its order, so none of them is zero;
- * - Q is an odd multiple of the base point, P an even multiple,
- *   due to the choice of precomputed points in the modified comb method.
- * So branches for these cases do not leak secret information.
- *
- * We accept Q->Z being unset (saving memory in tables) as meaning 1.
- *
- * Cost: 1A := 8M + 3S
- */
-static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                          const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
-{
-    int ret;
-    mbedtls_mpi T1, T2, T3, T4, X, Y, Z;
-
-#if defined(MBEDTLS_SELF_TEST)
-    add_count++;
-#endif
-
-#if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
-    if ( mbedtls_internal_ecp_grp_capable( grp ) )
-    {
-        return mbedtls_internal_ecp_add_mixed( grp, R, P, Q );
-    }
-#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */
-
-    /*
-     * Trivial cases: P == 0 or Q == 0 (case 1)
-     */
-    if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
-        return( mbedtls_ecp_copy( R, Q ) );
-
-    if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 0 ) == 0 )
-        return( mbedtls_ecp_copy( R, P ) );
-
-    /*
-     * Make sure Q coordinates are normalized
-     */
-    if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 1 ) != 0 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); mbedtls_mpi_init( &T3 ); mbedtls_mpi_init( &T4 );
-    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1,  &P->Z,  &P->Z ) );  MOD_MUL( T1 );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T2,  &T1,    &P->Z ) );  MOD_MUL( T2 );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1,  &T1,    &Q->X ) );  MOD_MUL( T1 );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T2,  &T2,    &Q->Y ) );  MOD_MUL( T2 );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T1,  &T1,    &P->X ) );  MOD_SUB( T1 );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T2,  &T2,    &P->Y ) );  MOD_SUB( T2 );
-
-    /* Special cases (2) and (3) */
-    if( mbedtls_mpi_cmp_int( &T1, 0 ) == 0 )
-    {
-        if( mbedtls_mpi_cmp_int( &T2, 0 ) == 0 )
-        {
-            ret = ecp_double_jac( grp, R, P );
-            goto cleanup;
-        }
-        else
-        {
-            ret = mbedtls_ecp_set_zero( R );
-            goto cleanup;
-        }
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &Z,   &P->Z,  &T1   ) );  MOD_MUL( Z  );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T3,  &T1,    &T1   ) );  MOD_MUL( T3 );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T4,  &T3,    &T1   ) );  MOD_MUL( T4 );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T3,  &T3,    &P->X ) );  MOD_MUL( T3 );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1,  &T3,    2     ) );  MOD_ADD( T1 );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &X,   &T2,    &T2   ) );  MOD_MUL( X  );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X,   &X,     &T1   ) );  MOD_SUB( X  );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X,   &X,     &T4   ) );  MOD_SUB( X  );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T3,  &T3,    &X    ) );  MOD_SUB( T3 );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T3,  &T3,    &T2   ) );  MOD_MUL( T3 );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T4,  &T4,    &P->Y ) );  MOD_MUL( T4 );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &Y,   &T3,    &T4   ) );  MOD_SUB( Y  );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &X ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &Y ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &Z ) );
-
-cleanup:
-
-    mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 ); mbedtls_mpi_free( &T3 ); mbedtls_mpi_free( &T4 );
-    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
-
-    return( ret );
-}
-
-/*
- * Randomize jacobian coordinates:
- * (X, Y, Z) -> (l^2 X, l^3 Y, l Z) for random l
- * This is sort of the reverse operation of ecp_normalize_jac().
- *
- * This countermeasure was first suggested in [2].
- */
-static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    int ret;
-    mbedtls_mpi l, ll;
-    size_t p_size;
-    int count = 0;
-
-#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
-    if ( mbedtls_internal_ecp_grp_capable( grp ) )
-    {
-        return mbedtls_internal_ecp_randomize_jac( grp, pt, f_rng, p_rng );
-    }
-#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */
-
-    p_size = ( grp->pbits + 7 ) / 8;
-    mbedtls_mpi_init( &l ); mbedtls_mpi_init( &ll );
-
-    /* Generate l such that 1 < l < p */
-    do
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) );
-
-        while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 )
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) );
-
-        if( count++ > 10 )
-            return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
-    }
-    while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 );
-
-    /* Z = l * Z */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Z,   &pt->Z,     &l  ) ); MOD_MUL( pt->Z );
-
-    /* X = l^2 * X */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ll,      &l,         &l  ) ); MOD_MUL( ll );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->X,   &pt->X,     &ll ) ); MOD_MUL( pt->X );
-
-    /* Y = l^3 * Y */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ll,      &ll,        &l  ) ); MOD_MUL( ll );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &pt->Y,   &pt->Y,     &ll ) ); MOD_MUL( pt->Y );
-
-cleanup:
-    mbedtls_mpi_free( &l ); mbedtls_mpi_free( &ll );
-
-    return( ret );
-}
-
-/*
- * Check and define parameters used by the comb method (see below for details)
- */
-#if MBEDTLS_ECP_WINDOW_SIZE < 2 || MBEDTLS_ECP_WINDOW_SIZE > 7
-#error "MBEDTLS_ECP_WINDOW_SIZE out of bounds"
-#endif
-
-/* d = ceil( n / w ) */
-#define COMB_MAX_D      ( MBEDTLS_ECP_MAX_BITS + 1 ) / 2
-
-/* number of precomputed points */
-#define COMB_MAX_PRE    ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
-
-/*
- * Compute the representation of m that will be used with our comb method.
- *
- * The basic comb method is described in GECC 3.44 for example. We use a
- * modified version that provides resistance to SPA by avoiding zero
- * digits in the representation as in [3]. We modify the method further by
- * requiring that all K_i be odd, which has the small cost that our
- * representation uses one more K_i, due to carries.
- *
- * Also, for the sake of compactness, only the seven low-order bits of x[i]
- * are used to represent K_i, and the msb of x[i] encodes the the sign (s_i in
- * the paper): it is set if and only if if s_i == -1;
- *
- * Calling conventions:
- * - x is an array of size d + 1
- * - w is the size, ie number of teeth, of the comb, and must be between
- *   2 and 7 (in practice, between 2 and MBEDTLS_ECP_WINDOW_SIZE)
- * - m is the MPI, expected to be odd and such that bitlength(m) <= w * d
- *   (the result will be incorrect if these assumptions are not satisfied)
- */
-static void ecp_comb_fixed( unsigned char x[], size_t d,
-                            unsigned char w, const mbedtls_mpi *m )
-{
-    size_t i, j;
-    unsigned char c, cc, adjust;
-
-    memset( x, 0, d+1 );
-
-    /* First get the classical comb values (except for x_d = 0) */
-    for( i = 0; i < d; i++ )
-        for( j = 0; j < w; j++ )
-            x[i] |= mbedtls_mpi_get_bit( m, i + d * j ) << j;
-
-    /* Now make sure x_1 .. x_d are odd */
-    c = 0;
-    for( i = 1; i <= d; i++ )
-    {
-        /* Add carry and update it */
-        cc   = x[i] & c;
-        x[i] = x[i] ^ c;
-        c = cc;
-
-        /* Adjust if needed, avoiding branches */
-        adjust = 1 - ( x[i] & 0x01 );
-        c   |= x[i] & ( x[i-1] * adjust );
-        x[i] = x[i] ^ ( x[i-1] * adjust );
-        x[i-1] |= adjust << 7;
-    }
-}
-
-/*
- * Precompute points for the comb method
- *
- * If i = i_{w-1} ... i_1 is the binary representation of i, then
- * T[i] = i_{w-1} 2^{(w-1)d} P + ... + i_1 2^d P + P
- *
- * T must be able to hold 2^{w - 1} elements
- *
- * Cost: d(w-1) D + (2^{w-1} - 1) A + 1 N(w-1) + 1 N(2^{w-1} - 1)
- */
-static int ecp_precompute_comb( const mbedtls_ecp_group *grp,
-                                mbedtls_ecp_point T[], const mbedtls_ecp_point *P,
-                                unsigned char w, size_t d )
-{
-    int ret;
-    unsigned char i, k;
-    size_t j;
-    mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1];
-
-    /*
-     * Set T[0] = P and
-     * T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value)
-     */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) );
-
-    k = 0;
-    for( i = 1; i < ( 1U << ( w - 1 ) ); i <<= 1 )
-    {
-        cur = T + i;
-        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( cur, T + ( i >> 1 ) ) );
-        for( j = 0; j < d; j++ )
-            MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) );
-
-        TT[k++] = cur;
-    }
-
-    MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, k ) );
-
-    /*
-     * Compute the remaining ones using the minimal number of additions
-     * Be careful to update T[2^l] only after using it!
-     */
-    k = 0;
-    for( i = 1; i < ( 1U << ( w - 1 ) ); i <<= 1 )
-    {
-        j = i;
-        while( j-- )
-        {
-            MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) );
-            TT[k++] = &T[i + j];
-        }
-    }
-
-    MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, k ) );
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Select precomputed point: R = sign(i) * T[ abs(i) / 2 ]
- */
-static int ecp_select_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                            const mbedtls_ecp_point T[], unsigned char t_len,
-                            unsigned char i )
-{
-    int ret;
-    unsigned char ii, j;
-
-    /* Ignore the "sign" bit and scale down */
-    ii =  ( i & 0x7Fu ) >> 1;
-
-    /* Read the whole table to thwart cache-based timing attacks */
-    for( j = 0; j < t_len; j++ )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->X, &T[j].X, j == ii ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->Y, &T[j].Y, j == ii ) );
-    }
-
-    /* Safely invert result if i is "negative" */
-    MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, i >> 7 ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Core multiplication algorithm for the (modified) comb method.
- * This part is actually common with the basic comb method (GECC 3.44)
- *
- * Cost: d A + d D + 1 R
- */
-static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                              const mbedtls_ecp_point T[], unsigned char t_len,
-                              const unsigned char x[], size_t d,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng )
-{
-    int ret;
-    mbedtls_ecp_point Txi;
-    size_t i;
-
-    mbedtls_ecp_point_init( &Txi );
-
-    /* Start with a non-zero point and randomize its coordinates */
-    i = d;
-    MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, t_len, x[i] ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) );
-    if( f_rng != 0 )
-        MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) );
-
-    while( i-- != 0 )
-    {
-        MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R ) );
-        MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, t_len, x[i] ) );
-        MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi ) );
-    }
-
-cleanup:
-
-    mbedtls_ecp_point_free( &Txi );
-
-    return( ret );
-}
-
-/*
- * Multiplication using the comb method,
- * for curves in short Weierstrass form
- */
-static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                         const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng )
-{
-    int ret;
-    unsigned char w, m_is_odd, p_eq_g, pre_len, i;
-    size_t d;
-    unsigned char k[COMB_MAX_D + 1];
-    mbedtls_ecp_point *T;
-    mbedtls_mpi M, mm;
-
-    mbedtls_mpi_init( &M );
-    mbedtls_mpi_init( &mm );
-
-    /* we need N to be odd to trnaform m in an odd number, check now */
-    if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /*
-     * Minimize the number of multiplications, that is minimize
-     * 10 * d * w + 18 * 2^(w-1) + 11 * d + 7 * w, with d = ceil( nbits / w )
-     * (see costs of the various parts, with 1S = 1M)
-     */
-    w = grp->nbits >= 384 ? 5 : 4;
-
-    /*
-     * If P == G, pre-compute a bit more, since this may be re-used later.
-     * Just adding one avoids upping the cost of the first mul too much,
-     * and the memory cost too.
-     */
-#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
-    p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
-               mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 );
-    if( p_eq_g )
-        w++;
-#else
-    p_eq_g = 0;
-#endif
-
-    /*
-     * Make sure w is within bounds.
-     * (The last test is useful only for very small curves in the test suite.)
-     */
-    if( w > MBEDTLS_ECP_WINDOW_SIZE )
-        w = MBEDTLS_ECP_WINDOW_SIZE;
-    if( w >= grp->nbits )
-        w = 2;
-
-    /* Other sizes that depend on w */
-    pre_len = 1U << ( w - 1 );
-    d = ( grp->nbits + w - 1 ) / w;
-
-    /*
-     * Prepare precomputed points: if P == G we want to
-     * use grp->T if already initialized, or initialize it.
-     */
-    T = p_eq_g ? grp->T : NULL;
-
-    if( T == NULL )
-    {
-        T = mbedtls_calloc( pre_len, sizeof( mbedtls_ecp_point ) );
-        if( T == NULL )
-        {
-            ret = MBEDTLS_ERR_ECP_ALLOC_FAILED;
-            goto cleanup;
-        }
-
-        MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d ) );
-
-        if( p_eq_g )
-        {
-            grp->T = T;
-            grp->T_size = pre_len;
-        }
-    }
-
-    /*
-     * Make sure M is odd (M = m or M = N - m, since N is odd)
-     * using the fact that m * P = - (N - m) * P
-     */
-    m_is_odd = ( mbedtls_mpi_get_bit( m, 0 ) == 1 );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &M, m ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &M, &mm, ! m_is_odd ) );
-
-    /*
-     * Go for comb multiplication, R = M * P
-     */
-    ecp_comb_fixed( k, d, w, &M );
-    MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, R, T, pre_len, k, d, f_rng, p_rng ) );
-
-    /*
-     * Now get m * P from M * P and normalize it
-     */
-    MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, ! m_is_odd ) );
-    MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) );
-
-cleanup:
-
-    if( T != NULL && ! p_eq_g )
-    {
-        for( i = 0; i < pre_len; i++ )
-            mbedtls_ecp_point_free( &T[i] );
-        mbedtls_free( T );
-    }
-
-    mbedtls_mpi_free( &M );
-    mbedtls_mpi_free( &mm );
-
-    if( ret != 0 )
-        mbedtls_ecp_point_free( R );
-
-    return( ret );
-}
-
-#endif /* ECP_SHORTWEIERSTRASS */
-
-#if defined(ECP_MONTGOMERY)
-/*
- * For Montgomery curves, we do all the internal arithmetic in projective
- * coordinates. Import/export of points uses only the x coordinates, which is
- * internaly represented as X / Z.
- *
- * For scalar multiplication, we'll use a Montgomery ladder.
- */
-
-/*
- * Normalize Montgomery x/z coordinates: X = X/Z, Z = 1
- * Cost: 1M + 1I
- */
-static int ecp_normalize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P )
-{
-    int ret;
-
-#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
-    if ( mbedtls_internal_ecp_grp_capable( grp ) )
-    {
-        return mbedtls_internal_ecp_normalize_mxz( grp, P );
-    }
-#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &P->Z, &P->Z, &grp->P ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->X, &P->X, &P->Z ) ); MOD_MUL( P->X );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Randomize projective x/z coordinates:
- * (X, Z) -> (l X, l Z) for random l
- * This is sort of the reverse operation of ecp_normalize_mxz().
- *
- * This countermeasure was first suggested in [2].
- * Cost: 2M
- */
-static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    int ret;
-    mbedtls_mpi l;
-    size_t p_size;
-    int count = 0;
-
-#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
-    if ( mbedtls_internal_ecp_grp_capable( grp ) )
-    {
-        return mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng );
-    }
-#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
-
-    p_size = ( grp->pbits + 7 ) / 8;
-    mbedtls_mpi_init( &l );
-
-    /* Generate l such that 1 < l < p */
-    do
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) );
-
-        while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 )
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) );
-
-        if( count++ > 10 )
-            return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
-    }
-    while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->X, &P->X, &l ) ); MOD_MUL( P->X );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->Z, &P->Z, &l ) ); MOD_MUL( P->Z );
-
-cleanup:
-    mbedtls_mpi_free( &l );
-
-    return( ret );
-}
-
-/*
- * Double-and-add: R = 2P, S = P + Q, with d = X(P - Q),
- * for Montgomery curves in x/z coordinates.
- *
- * http://www.hyperelliptic.org/EFD/g1p/auto-code/montgom/xz/ladder/mladd-1987-m.op3
- * with
- * d =  X1
- * P = (X2, Z2)
- * Q = (X3, Z3)
- * R = (X4, Z4)
- * S = (X5, Z5)
- * and eliminating temporary variables tO, ..., t4.
- *
- * Cost: 5M + 4S
- */
-static int ecp_double_add_mxz( const mbedtls_ecp_group *grp,
-                               mbedtls_ecp_point *R, mbedtls_ecp_point *S,
-                               const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q,
-                               const mbedtls_mpi *d )
-{
-    int ret;
-    mbedtls_mpi A, AA, B, BB, E, C, D, DA, CB;
-
-#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
-    if ( mbedtls_internal_ecp_grp_capable( grp ) )
-    {
-        return mbedtls_internal_ecp_double_add_mxz( grp, R, S, P, Q, d );
-    }
-#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */
-
-    mbedtls_mpi_init( &A ); mbedtls_mpi_init( &AA ); mbedtls_mpi_init( &B );
-    mbedtls_mpi_init( &BB ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &C );
-    mbedtls_mpi_init( &D ); mbedtls_mpi_init( &DA ); mbedtls_mpi_init( &CB );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &A,    &P->X,   &P->Z ) ); MOD_ADD( A    );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &AA,   &A,      &A    ) ); MOD_MUL( AA   );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &B,    &P->X,   &P->Z ) ); MOD_SUB( B    );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &BB,   &B,      &B    ) ); MOD_MUL( BB   );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &E,    &AA,     &BB   ) ); MOD_SUB( E    );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &C,    &Q->X,   &Q->Z ) ); MOD_ADD( C    );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &D,    &Q->X,   &Q->Z ) ); MOD_SUB( D    );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DA,   &D,      &A    ) ); MOD_MUL( DA   );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &CB,   &C,      &B    ) ); MOD_MUL( CB   );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &S->X, &DA,     &CB   ) ); MOD_MUL( S->X );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->X, &S->X,   &S->X ) ); MOD_MUL( S->X );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &S->Z, &DA,     &CB   ) ); MOD_SUB( S->Z );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->Z, &S->Z,   &S->Z ) ); MOD_MUL( S->Z );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &S->Z, d,       &S->Z ) ); MOD_MUL( S->Z );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->X, &AA,     &BB   ) ); MOD_MUL( R->X );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->Z, &grp->A, &E    ) ); MOD_MUL( R->Z );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &R->Z, &BB,     &R->Z ) ); MOD_ADD( R->Z );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &R->Z, &E,      &R->Z ) ); MOD_MUL( R->Z );
-
-cleanup:
-    mbedtls_mpi_free( &A ); mbedtls_mpi_free( &AA ); mbedtls_mpi_free( &B );
-    mbedtls_mpi_free( &BB ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &C );
-    mbedtls_mpi_free( &D ); mbedtls_mpi_free( &DA ); mbedtls_mpi_free( &CB );
-
-    return( ret );
-}
-
-/*
- * Multiplication with Montgomery ladder in x/z coordinates,
- * for curves in Montgomery form
- */
-static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                        const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-                        int (*f_rng)(void *, unsigned char *, size_t),
-                        void *p_rng )
-{
-    int ret;
-    size_t i;
-    unsigned char b;
-    mbedtls_ecp_point RP;
-    mbedtls_mpi PX;
-
-    mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX );
-
-    /* Save PX and read from P before writing to R, in case P == R */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) );
-
-    /* Set R to zero in modified x/z coordinates */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->X, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 0 ) );
-    mbedtls_mpi_free( &R->Y );
-
-    /* RP.X might be sligtly larger than P, so reduce it */
-    MOD_ADD( RP.X );
-
-    /* Randomize coordinates of the starting point */
-    if( f_rng != NULL )
-        MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) );
-
-    /* Loop invariant: R = result so far, RP = R + P */
-    i = mbedtls_mpi_bitlen( m ); /* one past the (zero-based) most significant bit */
-    while( i-- > 0 )
-    {
-        b = mbedtls_mpi_get_bit( m, i );
-        /*
-         *  if (b) R = 2R + P else R = 2R,
-         * which is:
-         *  if (b) double_add( RP, R, RP, R )
-         *  else   double_add( R, RP, R, RP )
-         * but using safe conditional swaps to avoid leaks
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
-        MBEDTLS_MPI_CHK( ecp_double_add_mxz( grp, R, &RP, R, &RP, &PX ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
-    }
-
-    MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) );
-
-cleanup:
-    mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX );
-
-    return( ret );
-}
-
-#endif /* ECP_MONTGOMERY */
-
-/*
- * Multiplication R = m * P
- */
-int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-    char is_grp_capable = 0;
-#endif
-
-    /* Common sanity checks */
-    if( mbedtls_mpi_cmp_int( &P->Z, 1 ) != 0 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    if( ( ret = mbedtls_ecp_check_privkey( grp, m ) ) != 0 ||
-        ( ret = mbedtls_ecp_check_pubkey( grp, P ) ) != 0 )
-        return( ret );
-
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-    if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp )  )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
-    }
-
-#endif /* MBEDTLS_ECP_INTERNAL_ALT */
-#if defined(ECP_MONTGOMERY)
-    if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
-        ret = ecp_mul_mxz( grp, R, m, P, f_rng, p_rng );
-
-#endif
-#if defined(ECP_SHORTWEIERSTRASS)
-    if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
-        ret = ecp_mul_comb( grp, R, m, P, f_rng, p_rng );
-
-#endif
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-cleanup:
-
-    if ( is_grp_capable )
-    {
-        mbedtls_internal_ecp_free( grp );
-    }
-
-#endif /* MBEDTLS_ECP_INTERNAL_ALT */
-    return( ret );
-}
-
-#if defined(ECP_SHORTWEIERSTRASS)
-/*
- * Check that an affine point is valid as a public key,
- * short weierstrass curves (SEC1 3.2.3.1)
- */
-static int ecp_check_pubkey_sw( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
-{
-    int ret;
-    mbedtls_mpi YY, RHS;
-
-    /* pt coordinates must be normalized for our checks */
-    if( mbedtls_mpi_cmp_int( &pt->X, 0 ) < 0 ||
-        mbedtls_mpi_cmp_int( &pt->Y, 0 ) < 0 ||
-        mbedtls_mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 ||
-        mbedtls_mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 )
-        return( MBEDTLS_ERR_ECP_INVALID_KEY );
-
-    mbedtls_mpi_init( &YY ); mbedtls_mpi_init( &RHS );
-
-    /*
-     * YY = Y^2
-     * RHS = X (X^2 + A) + B = X^3 + A X + B
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &YY,  &pt->Y,   &pt->Y  ) );  MOD_MUL( YY  );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &RHS, &pt->X,   &pt->X  ) );  MOD_MUL( RHS );
-
-    /* Special case for A = -3 */
-    if( grp->A.p == NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &RHS, &RHS, 3       ) );  MOD_SUB( RHS );
-    }
-    else
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &RHS, &RHS, &grp->A ) );  MOD_ADD( RHS );
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &RHS, &RHS,     &pt->X  ) );  MOD_MUL( RHS );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &RHS, &RHS,     &grp->B ) );  MOD_ADD( RHS );
-
-    if( mbedtls_mpi_cmp_mpi( &YY, &RHS ) != 0 )
-        ret = MBEDTLS_ERR_ECP_INVALID_KEY;
-
-cleanup:
-
-    mbedtls_mpi_free( &YY ); mbedtls_mpi_free( &RHS );
-
-    return( ret );
-}
-#endif /* ECP_SHORTWEIERSTRASS */
-
-/*
- * R = m * P with shortcuts for m == 1 and m == -1
- * NOT constant-time - ONLY for short Weierstrass!
- */
-static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
-                                      mbedtls_ecp_point *R,
-                                      const mbedtls_mpi *m,
-                                      const mbedtls_ecp_point *P )
-{
-    int ret;
-
-    if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
-    }
-    else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
-        if( mbedtls_mpi_cmp_int( &R->Y, 0 ) != 0 )
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->Y, &grp->P, &R->Y ) );
-    }
-    else
-    {
-        MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) );
-    }
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Linear combination
- * NOT constant-time
- */
-int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             const mbedtls_mpi *n, const mbedtls_ecp_point *Q )
-{
-    int ret;
-    mbedtls_ecp_point mP;
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-    char is_grp_capable = 0;
-#endif
-
-    if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS )
-        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-
-    mbedtls_ecp_point_init( &mP );
-
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, &mP, m, P ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R,   n, Q ) );
-
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-    if (  is_grp_capable = mbedtls_internal_ecp_grp_capable( grp )  )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
-    }
-
-#endif /* MBEDTLS_ECP_INTERNAL_ALT */
-    MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, &mP, R ) );
-    MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) );
-
-cleanup:
-
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-    if ( is_grp_capable )
-    {
-        mbedtls_internal_ecp_free( grp );
-    }
-
-#endif /* MBEDTLS_ECP_INTERNAL_ALT */
-    mbedtls_ecp_point_free( &mP );
-
-    return( ret );
-}
-
-
-#if defined(ECP_MONTGOMERY)
-/*
- * Check validity of a public key for Montgomery curves with x-only schemes
- */
-static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
-{
-    /* [Curve25519 p. 5] Just check X is the correct number of bytes */
-    if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 )
-        return( MBEDTLS_ERR_ECP_INVALID_KEY );
-
-    return( 0 );
-}
-#endif /* ECP_MONTGOMERY */
-
-/*
- * Check that a point is valid as a public key
- */
-int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
-{
-    /* Must use affine coordinates */
-    if( mbedtls_mpi_cmp_int( &pt->Z, 1 ) != 0 )
-        return( MBEDTLS_ERR_ECP_INVALID_KEY );
-
-#if defined(ECP_MONTGOMERY)
-    if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
-        return( ecp_check_pubkey_mx( grp, pt ) );
-#endif
-#if defined(ECP_SHORTWEIERSTRASS)
-    if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
-        return( ecp_check_pubkey_sw( grp, pt ) );
-#endif
-    return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-}
-
-/*
- * Check that an mbedtls_mpi is valid as a private key
- */
-int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d )
-{
-#if defined(ECP_MONTGOMERY)
-    if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
-    {
-        /* see [Curve25519] page 5 */
-        if( mbedtls_mpi_get_bit( d, 0 ) != 0 ||
-            mbedtls_mpi_get_bit( d, 1 ) != 0 ||
-            mbedtls_mpi_get_bit( d, 2 ) != 0 ||
-            mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */
-            return( MBEDTLS_ERR_ECP_INVALID_KEY );
-        else
-            return( 0 );
-    }
-#endif /* ECP_MONTGOMERY */
-#if defined(ECP_SHORTWEIERSTRASS)
-    if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
-    {
-        /* see SEC1 3.2 */
-        if( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
-            mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 )
-            return( MBEDTLS_ERR_ECP_INVALID_KEY );
-        else
-            return( 0 );
-    }
-#endif /* ECP_SHORTWEIERSTRASS */
-
-    return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-}
-
-/*
- * Generate a keypair with configurable base point
- */
-int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
-                     const mbedtls_ecp_point *G,
-                     mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
-{
-    int ret;
-    size_t n_size = ( grp->nbits + 7 ) / 8;
-
-#if defined(ECP_MONTGOMERY)
-    if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
-    {
-        /* [M225] page 5 */
-        size_t b;
-
-        do {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
-        } while( mbedtls_mpi_bitlen( d ) == 0);
-
-        /* Make sure the most significant bit is nbits */
-        b = mbedtls_mpi_bitlen( d ) - 1; /* mbedtls_mpi_bitlen is one-based */
-        if( b > grp->nbits )
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, b - grp->nbits ) );
-        else
-            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, grp->nbits, 1 ) );
-
-        /* Make sure the last three bits are unset */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
-    }
-    else
-#endif /* ECP_MONTGOMERY */
-#if defined(ECP_SHORTWEIERSTRASS)
-    if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
-    {
-        /* SEC1 3.2.1: Generate d such that 1 <= n < N */
-        int count = 0;
-
-        /*
-         * Match the procedure given in RFC 6979 (deterministic ECDSA):
-         * - use the same byte ordering;
-         * - keep the leftmost nbits bits of the generated octet string;
-         * - try until result is in the desired range.
-         * This also avoids any biais, which is especially important for ECDSA.
-         */
-        do
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_size - grp->nbits ) );
-
-            /*
-             * Each try has at worst a probability 1/2 of failing (the msb has
-             * a probability 1/2 of being 0, and then the result will be < N),
-             * so after 30 tries failure probability is a most 2**(-30).
-             *
-             * For most curves, 1 try is enough with overwhelming probability,
-             * since N starts with a lot of 1s in binary, but some curves
-             * such as secp224k1 are actually very close to the worst case.
-             */
-            if( ++count > 30 )
-                return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
-        }
-        while( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
-               mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 );
-    }
-    else
-#endif /* ECP_SHORTWEIERSTRASS */
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-cleanup:
-    if( ret != 0 )
-        return( ret );
-
-    return( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) );
-}
-
-/*
- * Generate key pair, wrapper for conventional base point
- */
-int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp,
-                             mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                             int (*f_rng)(void *, unsigned char *, size_t),
-                             void *p_rng )
-{
-    return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) );
-}
-
-/*
- * Generate a keypair, prettier wrapper
- */
-int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    int ret;
-
-    if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
-        return( ret );
-
-    return( mbedtls_ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) );
-}
-
-/*
- * Check a public-private key pair
- */
-int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv )
-{
-    int ret;
-    mbedtls_ecp_point Q;
-    mbedtls_ecp_group grp;
-
-    if( pub->grp.id == MBEDTLS_ECP_DP_NONE ||
-        pub->grp.id != prv->grp.id ||
-        mbedtls_mpi_cmp_mpi( &pub->Q.X, &prv->Q.X ) ||
-        mbedtls_mpi_cmp_mpi( &pub->Q.Y, &prv->Q.Y ) ||
-        mbedtls_mpi_cmp_mpi( &pub->Q.Z, &prv->Q.Z ) )
-    {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-    }
-
-    mbedtls_ecp_point_init( &Q );
-    mbedtls_ecp_group_init( &grp );
-
-    /* mbedtls_ecp_mul() needs a non-const group... */
-    mbedtls_ecp_group_copy( &grp, &prv->grp );
-
-    /* Also checks d is valid */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, NULL, NULL ) );
-
-    if( mbedtls_mpi_cmp_mpi( &Q.X, &prv->Q.X ) ||
-        mbedtls_mpi_cmp_mpi( &Q.Y, &prv->Q.Y ) ||
-        mbedtls_mpi_cmp_mpi( &Q.Z, &prv->Q.Z ) )
-    {
-        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-cleanup:
-    mbedtls_ecp_point_free( &Q );
-    mbedtls_ecp_group_free( &grp );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/*
- * Checkup routine
- */
-int mbedtls_ecp_self_test( int verbose )
-{
-    int ret;
-    size_t i;
-    mbedtls_ecp_group grp;
-    mbedtls_ecp_point R, P;
-    mbedtls_mpi m;
-    unsigned long add_c_prev, dbl_c_prev, mul_c_prev;
-    /* exponents especially adapted for secp192r1 */
-    const char *exponents[] =
-    {
-        "000000000000000000000000000000000000000000000001", /* one */
-        "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22830", /* N - 1 */
-        "5EA6F389A38B8BC81E767753B15AA5569E1782E30ABE7D25", /* random */
-        "400000000000000000000000000000000000000000000000", /* one and zeros */
-        "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", /* all ones */
-        "555555555555555555555555555555555555555555555555", /* 101010... */
-    };
-
-    mbedtls_ecp_group_init( &grp );
-    mbedtls_ecp_point_init( &R );
-    mbedtls_ecp_point_init( &P );
-    mbedtls_mpi_init( &m );
-
-    /* Use secp192r1 if available, or any available curve */
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_SECP192R1 ) );
-#else
-    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, mbedtls_ecp_curve_list()->grp_id ) );
-#endif
-
-    if( verbose != 0 )
-        mbedtls_printf( "  ECP test #1 (constant op_count, base point G): " );
-
-    /* Do a dummy multiplication first to trigger precomputation */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &m, 2 ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &P, &m, &grp.G, NULL, NULL ) );
-
-    add_count = 0;
-    dbl_count = 0;
-    mul_count = 0;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &m, 16, exponents[0] ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &R, &m, &grp.G, NULL, NULL ) );
-
-    for( i = 1; i < sizeof( exponents ) / sizeof( exponents[0] ); i++ )
-    {
-        add_c_prev = add_count;
-        dbl_c_prev = dbl_count;
-        mul_c_prev = mul_count;
-        add_count = 0;
-        dbl_count = 0;
-        mul_count = 0;
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &m, 16, exponents[i] ) );
-        MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &R, &m, &grp.G, NULL, NULL ) );
-
-        if( add_count != add_c_prev ||
-            dbl_count != dbl_c_prev ||
-            mul_count != mul_c_prev )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed (%u)\n", (unsigned int) i );
-
-            ret = 1;
-            goto cleanup;
-        }
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  ECP test #2 (constant op_count, other point): " );
-    /* We computed P = 2G last time, use it */
-
-    add_count = 0;
-    dbl_count = 0;
-    mul_count = 0;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &m, 16, exponents[0] ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &R, &m, &P, NULL, NULL ) );
-
-    for( i = 1; i < sizeof( exponents ) / sizeof( exponents[0] ); i++ )
-    {
-        add_c_prev = add_count;
-        dbl_c_prev = dbl_count;
-        mul_c_prev = mul_count;
-        add_count = 0;
-        dbl_count = 0;
-        mul_count = 0;
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &m, 16, exponents[i] ) );
-        MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &R, &m, &P, NULL, NULL ) );
-
-        if( add_count != add_c_prev ||
-            dbl_count != dbl_c_prev ||
-            mul_count != mul_c_prev )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed (%u)\n", (unsigned int) i );
-
-            ret = 1;
-            goto cleanup;
-        }
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-cleanup:
-
-    if( ret < 0 && verbose != 0 )
-        mbedtls_printf( "Unexpected error, return code = %08X\n", ret );
-
-    mbedtls_ecp_group_free( &grp );
-    mbedtls_ecp_point_free( &R );
-    mbedtls_ecp_point_free( &P );
-    mbedtls_mpi_free( &m );
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* !MBEDTLS_ECP_ALT */
-
-#endif /* MBEDTLS_ECP_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/ecp_curves.c b/components/ssl/mbedtls/mbedtls/library/ecp_curves.c
deleted file mode 100644
index df5ac3ee..00000000
--- a/components/ssl/mbedtls/mbedtls/library/ecp_curves.c
+++ /dev/null
@@ -1,1329 +0,0 @@
-/*
- *  Elliptic curves over GF(p): curve-specific data and functions
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-
-#include "mbedtls/ecp.h"
-
-#include <string.h>
-
-#if !defined(MBEDTLS_ECP_ALT)
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-/*
- * Conversion macros for embedded constants:
- * build lists of mbedtls_mpi_uint's from lists of unsigned char's grouped by 8, 4 or 2
- */
-#if defined(MBEDTLS_HAVE_INT32)
-
-#define BYTES_TO_T_UINT_4( a, b, c, d )             \
-    ( (mbedtls_mpi_uint) a <<  0 ) |                          \
-    ( (mbedtls_mpi_uint) b <<  8 ) |                          \
-    ( (mbedtls_mpi_uint) c << 16 ) |                          \
-    ( (mbedtls_mpi_uint) d << 24 )
-
-#define BYTES_TO_T_UINT_2( a, b )                   \
-    BYTES_TO_T_UINT_4( a, b, 0, 0 )
-
-#define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
-    BYTES_TO_T_UINT_4( a, b, c, d ),                \
-    BYTES_TO_T_UINT_4( e, f, g, h )
-
-#else /* 64-bits */
-
-#define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
-    ( (mbedtls_mpi_uint) a <<  0 ) |                          \
-    ( (mbedtls_mpi_uint) b <<  8 ) |                          \
-    ( (mbedtls_mpi_uint) c << 16 ) |                          \
-    ( (mbedtls_mpi_uint) d << 24 ) |                          \
-    ( (mbedtls_mpi_uint) e << 32 ) |                          \
-    ( (mbedtls_mpi_uint) f << 40 ) |                          \
-    ( (mbedtls_mpi_uint) g << 48 ) |                          \
-    ( (mbedtls_mpi_uint) h << 56 )
-
-#define BYTES_TO_T_UINT_4( a, b, c, d )             \
-    BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 )
-
-#define BYTES_TO_T_UINT_2( a, b )                   \
-    BYTES_TO_T_UINT_8( a, b, 0, 0, 0, 0, 0, 0 )
-
-#endif /* bits in mbedtls_mpi_uint */
-
-/*
- * Note: the constants are in little-endian order
- * to be directly usable in MPIs
- */
-
-/*
- * Domain parameters for secp192r1
- */
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-static const mbedtls_mpi_uint secp192r1_p[] = {
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-static const mbedtls_mpi_uint secp192r1_b[] = {
-    BYTES_TO_T_UINT_8( 0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE ),
-    BYTES_TO_T_UINT_8( 0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F ),
-    BYTES_TO_T_UINT_8( 0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64 ),
-};
-static const mbedtls_mpi_uint secp192r1_gx[] = {
-    BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ),
-    BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ),
-    BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ),
-};
-static const mbedtls_mpi_uint secp192r1_gy[] = {
-    BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ),
-    BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ),
-    BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ),
-};
-static const mbedtls_mpi_uint secp192r1_n[] = {
-    BYTES_TO_T_UINT_8( 0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14 ),
-    BYTES_TO_T_UINT_8( 0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-
-/*
- * Domain parameters for secp224r1
- */
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-static const mbedtls_mpi_uint secp224r1_p[] = {
-    BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
-    BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
-};
-static const mbedtls_mpi_uint secp224r1_b[] = {
-    BYTES_TO_T_UINT_8( 0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27 ),
-    BYTES_TO_T_UINT_8( 0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50 ),
-    BYTES_TO_T_UINT_8( 0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C ),
-    BYTES_TO_T_UINT_4( 0x85, 0x0A, 0x05, 0xB4 ),
-};
-static const mbedtls_mpi_uint secp224r1_gx[] = {
-    BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ),
-    BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ),
-    BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ),
-    BYTES_TO_T_UINT_4( 0xBD, 0x0C, 0x0E, 0xB7 ),
-};
-static const mbedtls_mpi_uint secp224r1_gy[] = {
-    BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ),
-    BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ),
-    BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ),
-    BYTES_TO_T_UINT_4( 0x88, 0x63, 0x37, 0xBD ),
-};
-static const mbedtls_mpi_uint secp224r1_n[] = {
-    BYTES_TO_T_UINT_8( 0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13 ),
-    BYTES_TO_T_UINT_8( 0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-
-/*
- * Domain parameters for secp256r1
- */
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-static const mbedtls_mpi_uint secp256r1_p[] = {
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
-    BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
-    BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-static const mbedtls_mpi_uint secp256r1_b[] = {
-    BYTES_TO_T_UINT_8( 0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B ),
-    BYTES_TO_T_UINT_8( 0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65 ),
-    BYTES_TO_T_UINT_8( 0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3 ),
-    BYTES_TO_T_UINT_8( 0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A ),
-};
-static const mbedtls_mpi_uint secp256r1_gx[] = {
-    BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ),
-    BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ),
-    BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ),
-    BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ),
-};
-static const mbedtls_mpi_uint secp256r1_gy[] = {
-    BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ),
-    BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ),
-    BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ),
-    BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ),
-};
-static const mbedtls_mpi_uint secp256r1_n[] = {
-    BYTES_TO_T_UINT_8( 0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3 ),
-    BYTES_TO_T_UINT_8( 0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-
-/*
- * Domain parameters for secp384r1
- */
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-static const mbedtls_mpi_uint secp384r1_p[] = {
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
-    BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-static const mbedtls_mpi_uint secp384r1_b[] = {
-    BYTES_TO_T_UINT_8( 0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A ),
-    BYTES_TO_T_UINT_8( 0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6 ),
-    BYTES_TO_T_UINT_8( 0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03 ),
-    BYTES_TO_T_UINT_8( 0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18 ),
-    BYTES_TO_T_UINT_8( 0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98 ),
-    BYTES_TO_T_UINT_8( 0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3 ),
-};
-static const mbedtls_mpi_uint secp384r1_gx[] = {
-    BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ),
-    BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ),
-    BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ),
-    BYTES_TO_T_UINT_8( 0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E ),
-    BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ),
-    BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ),
-};
-static const mbedtls_mpi_uint secp384r1_gy[] = {
-    BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ),
-    BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ),
-    BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ),
-    BYTES_TO_T_UINT_8( 0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8 ),
-    BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ),
-    BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ),
-};
-static const mbedtls_mpi_uint secp384r1_n[] = {
-    BYTES_TO_T_UINT_8( 0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC ),
-    BYTES_TO_T_UINT_8( 0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58 ),
-    BYTES_TO_T_UINT_8( 0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7 ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-
-/*
- * Domain parameters for secp521r1
- */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-static const mbedtls_mpi_uint secp521r1_p[] = {
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
-};
-static const mbedtls_mpi_uint secp521r1_b[] = {
-    BYTES_TO_T_UINT_8( 0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF ),
-    BYTES_TO_T_UINT_8( 0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35 ),
-    BYTES_TO_T_UINT_8( 0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16 ),
-    BYTES_TO_T_UINT_8( 0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56 ),
-    BYTES_TO_T_UINT_8( 0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8 ),
-    BYTES_TO_T_UINT_8( 0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2 ),
-    BYTES_TO_T_UINT_8( 0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92 ),
-    BYTES_TO_T_UINT_8( 0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95 ),
-    BYTES_TO_T_UINT_2( 0x51, 0x00 ),
-};
-static const mbedtls_mpi_uint secp521r1_gx[] = {
-    BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ),
-    BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ),
-    BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ),
-    BYTES_TO_T_UINT_8( 0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1 ),
-    BYTES_TO_T_UINT_8( 0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8 ),
-    BYTES_TO_T_UINT_8( 0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C ),
-    BYTES_TO_T_UINT_8( 0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E ),
-    BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ),
-    BYTES_TO_T_UINT_2( 0xC6, 0x00 ),
-};
-static const mbedtls_mpi_uint secp521r1_gy[] = {
-    BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ),
-    BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ),
-    BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ),
-    BYTES_TO_T_UINT_8( 0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97 ),
-    BYTES_TO_T_UINT_8( 0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17 ),
-    BYTES_TO_T_UINT_8( 0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98 ),
-    BYTES_TO_T_UINT_8( 0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C ),
-    BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ),
-    BYTES_TO_T_UINT_2( 0x18, 0x01 ),
-};
-static const mbedtls_mpi_uint secp521r1_n[] = {
-    BYTES_TO_T_UINT_8( 0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB ),
-    BYTES_TO_T_UINT_8( 0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B ),
-    BYTES_TO_T_UINT_8( 0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F ),
-    BYTES_TO_T_UINT_8( 0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51 ),
-    BYTES_TO_T_UINT_8( 0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
-};
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-static const mbedtls_mpi_uint secp192k1_p[] = {
-    BYTES_TO_T_UINT_8( 0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-static const mbedtls_mpi_uint secp192k1_a[] = {
-    BYTES_TO_T_UINT_2( 0x00, 0x00 ),
-};
-static const mbedtls_mpi_uint secp192k1_b[] = {
-    BYTES_TO_T_UINT_2( 0x03, 0x00 ),
-};
-static const mbedtls_mpi_uint secp192k1_gx[] = {
-    BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ),
-    BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ),
-    BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ),
-};
-static const mbedtls_mpi_uint secp192k1_gy[] = {
-    BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ),
-    BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ),
-    BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ),
-};
-static const mbedtls_mpi_uint secp192k1_n[] = {
-    BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F ),
-    BYTES_TO_T_UINT_8( 0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-static const mbedtls_mpi_uint secp224k1_p[] = {
-    BYTES_TO_T_UINT_8( 0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-static const mbedtls_mpi_uint secp224k1_a[] = {
-    BYTES_TO_T_UINT_2( 0x00, 0x00 ),
-};
-static const mbedtls_mpi_uint secp224k1_b[] = {
-    BYTES_TO_T_UINT_2( 0x05, 0x00 ),
-};
-static const mbedtls_mpi_uint secp224k1_gx[] = {
-    BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ),
-    BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ),
-    BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ),
-    BYTES_TO_T_UINT_4( 0x33, 0x5B, 0x45, 0xA1 ),
-};
-static const mbedtls_mpi_uint secp224k1_gy[] = {
-    BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ),
-    BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ),
-    BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ),
-    BYTES_TO_T_UINT_4( 0xED, 0x9F, 0x08, 0x7E ),
-};
-static const mbedtls_mpi_uint secp224k1_n[] = {
-    BYTES_TO_T_UINT_8( 0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA ),
-    BYTES_TO_T_UINT_8( 0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00 ),
-    BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
-    BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ),
-};
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-static const mbedtls_mpi_uint secp256k1_p[] = {
-    BYTES_TO_T_UINT_8( 0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-static const mbedtls_mpi_uint secp256k1_a[] = {
-    BYTES_TO_T_UINT_2( 0x00, 0x00 ),
-};
-static const mbedtls_mpi_uint secp256k1_b[] = {
-    BYTES_TO_T_UINT_2( 0x07, 0x00 ),
-};
-static const mbedtls_mpi_uint secp256k1_gx[] = {
-    BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ),
-    BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ),
-    BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ),
-    BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ),
-};
-static const mbedtls_mpi_uint secp256k1_gy[] = {
-    BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ),
-    BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ),
-    BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ),
-    BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ),
-};
-static const mbedtls_mpi_uint secp256k1_n[] = {
-    BYTES_TO_T_UINT_8( 0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF ),
-    BYTES_TO_T_UINT_8( 0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA ),
-    BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
-
-/*
- * Domain parameters for brainpoolP256r1 (RFC 5639 3.4)
- */
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-static const mbedtls_mpi_uint brainpoolP256r1_p[] = {
-    BYTES_TO_T_UINT_8( 0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20 ),
-    BYTES_TO_T_UINT_8( 0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E ),
-    BYTES_TO_T_UINT_8( 0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
-    BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
-};
-static const mbedtls_mpi_uint brainpoolP256r1_a[] = {
-    BYTES_TO_T_UINT_8( 0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9 ),
-    BYTES_TO_T_UINT_8( 0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB ),
-    BYTES_TO_T_UINT_8( 0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE ),
-    BYTES_TO_T_UINT_8( 0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D ),
-};
-static const mbedtls_mpi_uint brainpoolP256r1_b[] = {
-    BYTES_TO_T_UINT_8( 0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B ),
-    BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95 ),
-    BYTES_TO_T_UINT_8( 0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3 ),
-    BYTES_TO_T_UINT_8( 0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26 ),
-};
-static const mbedtls_mpi_uint brainpoolP256r1_gx[] = {
-    BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ),
-    BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ),
-    BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ),
-    BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ),
-};
-static const mbedtls_mpi_uint brainpoolP256r1_gy[] = {
-    BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ),
-    BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ),
-    BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ),
-    BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ),
-};
-static const mbedtls_mpi_uint brainpoolP256r1_n[] = {
-    BYTES_TO_T_UINT_8( 0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90 ),
-    BYTES_TO_T_UINT_8( 0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C ),
-    BYTES_TO_T_UINT_8( 0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
-    BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
-};
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-
-/*
- * Domain parameters for brainpoolP384r1 (RFC 5639 3.6)
- */
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-static const mbedtls_mpi_uint brainpoolP384r1_p[] = {
-    BYTES_TO_T_UINT_8( 0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87 ),
-    BYTES_TO_T_UINT_8( 0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC ),
-    BYTES_TO_T_UINT_8( 0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12 ),
-    BYTES_TO_T_UINT_8( 0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
-    BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
-    BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
-};
-static const mbedtls_mpi_uint brainpoolP384r1_a[] = {
-    BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
-    BYTES_TO_T_UINT_8( 0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A ),
-    BYTES_TO_T_UINT_8( 0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13 ),
-    BYTES_TO_T_UINT_8( 0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2 ),
-    BYTES_TO_T_UINT_8( 0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C ),
-    BYTES_TO_T_UINT_8( 0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B ),
-};
-static const mbedtls_mpi_uint brainpoolP384r1_b[] = {
-    BYTES_TO_T_UINT_8( 0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A ),
-    BYTES_TO_T_UINT_8( 0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C ),
-    BYTES_TO_T_UINT_8( 0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E ),
-    BYTES_TO_T_UINT_8( 0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F ),
-    BYTES_TO_T_UINT_8( 0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B ),
-    BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
-};
-static const mbedtls_mpi_uint brainpoolP384r1_gx[] = {
-    BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ),
-    BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ),
-    BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ),
-    BYTES_TO_T_UINT_8( 0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88 ),
-    BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ),
-    BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ),
-};
-static const mbedtls_mpi_uint brainpoolP384r1_gy[] = {
-    BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ),
-    BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ),
-    BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ),
-    BYTES_TO_T_UINT_8( 0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62 ),
-    BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ),
-    BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ),
-};
-static const mbedtls_mpi_uint brainpoolP384r1_n[] = {
-    BYTES_TO_T_UINT_8( 0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B ),
-    BYTES_TO_T_UINT_8( 0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF ),
-    BYTES_TO_T_UINT_8( 0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F ),
-    BYTES_TO_T_UINT_8( 0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
-    BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
-    BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
-};
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-
-/*
- * Domain parameters for brainpoolP512r1 (RFC 5639 3.7)
- */
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-static const mbedtls_mpi_uint brainpoolP512r1_p[] = {
-    BYTES_TO_T_UINT_8( 0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28 ),
-    BYTES_TO_T_UINT_8( 0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28 ),
-    BYTES_TO_T_UINT_8( 0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE ),
-    BYTES_TO_T_UINT_8( 0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D ),
-    BYTES_TO_T_UINT_8( 0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
-    BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
-    BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
-    BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
-};
-static const mbedtls_mpi_uint brainpoolP512r1_a[] = {
-    BYTES_TO_T_UINT_8( 0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7 ),
-    BYTES_TO_T_UINT_8( 0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F ),
-    BYTES_TO_T_UINT_8( 0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A ),
-    BYTES_TO_T_UINT_8( 0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D ),
-    BYTES_TO_T_UINT_8( 0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8 ),
-    BYTES_TO_T_UINT_8( 0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94 ),
-    BYTES_TO_T_UINT_8( 0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2 ),
-    BYTES_TO_T_UINT_8( 0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78 ),
-};
-static const mbedtls_mpi_uint brainpoolP512r1_b[] = {
-    BYTES_TO_T_UINT_8( 0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28 ),
-    BYTES_TO_T_UINT_8( 0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98 ),
-    BYTES_TO_T_UINT_8( 0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77 ),
-    BYTES_TO_T_UINT_8( 0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B ),
-    BYTES_TO_T_UINT_8( 0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B ),
-    BYTES_TO_T_UINT_8( 0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8 ),
-    BYTES_TO_T_UINT_8( 0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA ),
-    BYTES_TO_T_UINT_8( 0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D ),
-};
-static const mbedtls_mpi_uint brainpoolP512r1_gx[] = {
-    BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ),
-    BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ),
-    BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ),
-    BYTES_TO_T_UINT_8( 0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF ),
-    BYTES_TO_T_UINT_8( 0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4 ),
-    BYTES_TO_T_UINT_8( 0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85 ),
-    BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ),
-    BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ),
-};
-static const mbedtls_mpi_uint brainpoolP512r1_gy[] = {
-    BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ),
-    BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ),
-    BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ),
-    BYTES_TO_T_UINT_8( 0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2 ),
-    BYTES_TO_T_UINT_8( 0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0 ),
-    BYTES_TO_T_UINT_8( 0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2 ),
-    BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ),
-    BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ),
-};
-static const mbedtls_mpi_uint brainpoolP512r1_n[] = {
-    BYTES_TO_T_UINT_8( 0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5 ),
-    BYTES_TO_T_UINT_8( 0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D ),
-    BYTES_TO_T_UINT_8( 0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41 ),
-    BYTES_TO_T_UINT_8( 0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55 ),
-    BYTES_TO_T_UINT_8( 0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
-    BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
-    BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
-    BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
-};
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
-
-/*
- * Create an MPI from embedded constants
- * (assumes len is an exact multiple of sizeof mbedtls_mpi_uint)
- */
-static inline void ecp_mpi_load( mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len )
-{
-    X->s = 1;
-    X->n = len / sizeof( mbedtls_mpi_uint );
-    X->p = (mbedtls_mpi_uint *) p;
-}
-
-/*
- * Set an MPI to static value 1
- */
-static inline void ecp_mpi_set1( mbedtls_mpi *X )
-{
-    static mbedtls_mpi_uint one[] = { 1 };
-    X->s = 1;
-    X->n = 1;
-    X->p = one;
-}
-
-/*
- * Make group available from embedded constants
- */
-static int ecp_group_load( mbedtls_ecp_group *grp,
-                           const mbedtls_mpi_uint *p,  size_t plen,
-                           const mbedtls_mpi_uint *a,  size_t alen,
-                           const mbedtls_mpi_uint *b,  size_t blen,
-                           const mbedtls_mpi_uint *gx, size_t gxlen,
-                           const mbedtls_mpi_uint *gy, size_t gylen,
-                           const mbedtls_mpi_uint *n,  size_t nlen)
-{
-    ecp_mpi_load( &grp->P, p, plen );
-    if( a != NULL )
-        ecp_mpi_load( &grp->A, a, alen );
-    ecp_mpi_load( &grp->B, b, blen );
-    ecp_mpi_load( &grp->N, n, nlen );
-
-    ecp_mpi_load( &grp->G.X, gx, gxlen );
-    ecp_mpi_load( &grp->G.Y, gy, gylen );
-    ecp_mpi_set1( &grp->G.Z );
-
-    grp->pbits = mbedtls_mpi_bitlen( &grp->P );
-    grp->nbits = mbedtls_mpi_bitlen( &grp->N );
-
-    grp->h = 1;
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_ECP_NIST_OPTIM)
-/* Forward declarations */
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-static int ecp_mod_p192( mbedtls_mpi * );
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-static int ecp_mod_p224( mbedtls_mpi * );
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-static int ecp_mod_p256( mbedtls_mpi * );
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-static int ecp_mod_p384( mbedtls_mpi * );
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-static int ecp_mod_p521( mbedtls_mpi * );
-#endif
-
-#define NIST_MODP( P )      grp->modp = ecp_mod_ ## P;
-#else
-#define NIST_MODP( P )
-#endif /* MBEDTLS_ECP_NIST_OPTIM */
-
-/* Additional forward declarations */
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-static int ecp_mod_p255( mbedtls_mpi * );
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-static int ecp_mod_p192k1( mbedtls_mpi * );
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-static int ecp_mod_p224k1( mbedtls_mpi * );
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-static int ecp_mod_p256k1( mbedtls_mpi * );
-#endif
-
-#define LOAD_GROUP_A( G )   ecp_group_load( grp,            \
-                            G ## _p,  sizeof( G ## _p  ),   \
-                            G ## _a,  sizeof( G ## _a  ),   \
-                            G ## _b,  sizeof( G ## _b  ),   \
-                            G ## _gx, sizeof( G ## _gx ),   \
-                            G ## _gy, sizeof( G ## _gy ),   \
-                            G ## _n,  sizeof( G ## _n  ) )
-
-#define LOAD_GROUP( G )     ecp_group_load( grp,            \
-                            G ## _p,  sizeof( G ## _p  ),   \
-                            NULL,     0,                    \
-                            G ## _b,  sizeof( G ## _b  ),   \
-                            G ## _gx, sizeof( G ## _gx ),   \
-                            G ## _gy, sizeof( G ## _gy ),   \
-                            G ## _n,  sizeof( G ## _n  ) )
-
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-/*
- * Specialized function for creating the Curve25519 group
- */
-static int ecp_use_curve25519( mbedtls_ecp_group *grp )
-{
-    int ret;
-
-    /* Actually ( A + 2 ) / 4 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "01DB42" ) );
-
-    /* P = 2^255 - 19 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 255 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 19 ) );
-    grp->pbits = mbedtls_mpi_bitlen( &grp->P );
-
-    /* Y intentionaly not set, since we use x/z coordinates.
-     * This is used as a marker to identify Montgomery curves! */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
-    mbedtls_mpi_free( &grp->G.Y );
-
-    /* Actually, the required msb for private keys */
-    grp->nbits = 254;
-
-cleanup:
-    if( ret != 0 )
-        mbedtls_ecp_group_free( grp );
-
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
-
-/*
- * Set a group using well-known domain parameters
- */
-int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
-{
-    mbedtls_ecp_group_free( grp );
-
-    grp->id = id;
-
-    switch( id )
-    {
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-        case MBEDTLS_ECP_DP_SECP192R1:
-            NIST_MODP( p192 );
-            return( LOAD_GROUP( secp192r1 ) );
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-        case MBEDTLS_ECP_DP_SECP224R1:
-            NIST_MODP( p224 );
-            return( LOAD_GROUP( secp224r1 ) );
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-        case MBEDTLS_ECP_DP_SECP256R1:
-            NIST_MODP( p256 );
-            return( LOAD_GROUP( secp256r1 ) );
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-        case MBEDTLS_ECP_DP_SECP384R1:
-            NIST_MODP( p384 );
-            return( LOAD_GROUP( secp384r1 ) );
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-        case MBEDTLS_ECP_DP_SECP521R1:
-            NIST_MODP( p521 );
-            return( LOAD_GROUP( secp521r1 ) );
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-        case MBEDTLS_ECP_DP_SECP192K1:
-            grp->modp = ecp_mod_p192k1;
-            return( LOAD_GROUP_A( secp192k1 ) );
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-        case MBEDTLS_ECP_DP_SECP224K1:
-            grp->modp = ecp_mod_p224k1;
-            return( LOAD_GROUP_A( secp224k1 ) );
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-        case MBEDTLS_ECP_DP_SECP256K1:
-            grp->modp = ecp_mod_p256k1;
-            return( LOAD_GROUP_A( secp256k1 ) );
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-        case MBEDTLS_ECP_DP_BP256R1:
-            return( LOAD_GROUP_A( brainpoolP256r1 ) );
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-        case MBEDTLS_ECP_DP_BP384R1:
-            return( LOAD_GROUP_A( brainpoolP384r1 ) );
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-        case MBEDTLS_ECP_DP_BP512R1:
-            return( LOAD_GROUP_A( brainpoolP512r1 ) );
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-        case MBEDTLS_ECP_DP_CURVE25519:
-            grp->modp = ecp_mod_p255;
-            return( ecp_use_curve25519( grp ) );
-#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
-
-        default:
-            mbedtls_ecp_group_free( grp );
-            return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-    }
-}
-
-#if defined(MBEDTLS_ECP_NIST_OPTIM)
-/*
- * Fast reduction modulo the primes used by the NIST curves.
- *
- * These functions are critical for speed, but not needed for correct
- * operations. So, we make the choice to heavily rely on the internals of our
- * bignum library, which creates a tight coupling between these functions and
- * our MPI implementation.  However, the coupling between the ECP module and
- * MPI remains loose, since these functions can be deactivated at will.
- */
-
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-/*
- * Compared to the way things are presented in FIPS 186-3 D.2,
- * we proceed in columns, from right (least significant chunk) to left,
- * adding chunks to N in place, and keeping a carry for the next chunk.
- * This avoids moving things around in memory, and uselessly adding zeros,
- * compared to the more straightforward, line-oriented approach.
- *
- * For this prime we need to handle data in chunks of 64 bits.
- * Since this is always a multiple of our basic mbedtls_mpi_uint, we can
- * use a mbedtls_mpi_uint * to designate such a chunk, and small loops to handle it.
- */
-
-/* Add 64-bit chunks (dst += src) and update carry */
-static inline void add64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry )
-{
-    unsigned char i;
-    mbedtls_mpi_uint c = 0;
-    for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++, src++ )
-    {
-        *dst += c;      c  = ( *dst < c );
-        *dst += *src;   c += ( *dst < *src );
-    }
-    *carry += c;
-}
-
-/* Add carry to a 64-bit chunk and update carry */
-static inline void carry64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry )
-{
-    unsigned char i;
-    for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++ )
-    {
-        *dst += *carry;
-        *carry  = ( *dst < *carry );
-    }
-}
-
-#define WIDTH       8 / sizeof( mbedtls_mpi_uint )
-#define A( i )      N->p + i * WIDTH
-#define ADD( i )    add64( p, A( i ), &c )
-#define NEXT        p += WIDTH; carry64( p, &c )
-#define LAST        p += WIDTH; *p = c; while( ++p < end ) *p = 0
-
-/*
- * Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1)
- */
-static int ecp_mod_p192( mbedtls_mpi *N )
-{
-    int ret;
-    mbedtls_mpi_uint c = 0;
-    mbedtls_mpi_uint *p, *end;
-
-    /* Make sure we have enough blocks so that A(5) is legal */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, 6 * WIDTH ) );
-
-    p = N->p;
-    end = p + N->n;
-
-    ADD( 3 ); ADD( 5 );             NEXT; // A0 += A3 + A5
-    ADD( 3 ); ADD( 4 ); ADD( 5 );   NEXT; // A1 += A3 + A4 + A5
-    ADD( 4 ); ADD( 5 );             LAST; // A2 += A4 + A5
-
-cleanup:
-    return( ret );
-}
-
-#undef WIDTH
-#undef A
-#undef ADD
-#undef NEXT
-#undef LAST
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-/*
- * The reader is advised to first understand ecp_mod_p192() since the same
- * general structure is used here, but with additional complications:
- * (1) chunks of 32 bits, and (2) subtractions.
- */
-
-/*
- * For these primes, we need to handle data in chunks of 32 bits.
- * This makes it more complicated if we use 64 bits limbs in MPI,
- * which prevents us from using a uniform access method as for p192.
- *
- * So, we define a mini abstraction layer to access 32 bit chunks,
- * load them in 'cur' for work, and store them back from 'cur' when done.
- *
- * While at it, also define the size of N in terms of 32-bit chunks.
- */
-#define LOAD32      cur = A( i );
-
-#if defined(MBEDTLS_HAVE_INT32)  /* 32 bit */
-
-#define MAX32       N->n
-#define A( j )      N->p[j]
-#define STORE32     N->p[i] = cur;
-
-#else                               /* 64-bit */
-
-#define MAX32       N->n * 2
-#define A( j ) j % 2 ? (uint32_t)( N->p[j/2] >> 32 ) : (uint32_t)( N->p[j/2] )
-#define STORE32                                   \
-    if( i % 2 ) {                                 \
-        N->p[i/2] &= 0x00000000FFFFFFFF;          \
-        N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32;        \
-    } else {                                      \
-        N->p[i/2] &= 0xFFFFFFFF00000000;          \
-        N->p[i/2] |= (mbedtls_mpi_uint) cur;                \
-    }
-
-#endif /* sizeof( mbedtls_mpi_uint ) */
-
-/*
- * Helpers for addition and subtraction of chunks, with signed carry.
- */
-static inline void add32( uint32_t *dst, uint32_t src, signed char *carry )
-{
-    *dst += src;
-    *carry += ( *dst < src );
-}
-
-static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry )
-{
-    *carry -= ( *dst < src );
-    *dst -= src;
-}
-
-#define ADD( j )    add32( &cur, A( j ), &c );
-#define SUB( j )    sub32( &cur, A( j ), &c );
-
-/*
- * Helpers for the main 'loop'
- * (see fix_negative for the motivation of C)
- */
-#define INIT( b )                                           \
-    int ret;                                                \
-    signed char c = 0, cc;                                  \
-    uint32_t cur;                                           \
-    size_t i = 0, bits = b;                                 \
-    mbedtls_mpi C;                                                  \
-    mbedtls_mpi_uint Cp[ b / 8 / sizeof( mbedtls_mpi_uint) + 1 ];               \
-                                                            \
-    C.s = 1;                                                \
-    C.n = b / 8 / sizeof( mbedtls_mpi_uint) + 1;                      \
-    C.p = Cp;                                               \
-    memset( Cp, 0, C.n * sizeof( mbedtls_mpi_uint ) );                \
-                                                            \
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, b * 2 / 8 / sizeof( mbedtls_mpi_uint ) ) ); \
-    LOAD32;
-
-#define NEXT                    \
-    STORE32; i++; LOAD32;       \
-    cc = c; c = 0;              \
-    if( cc < 0 )                \
-        sub32( &cur, -cc, &c ); \
-    else                        \
-        add32( &cur, cc, &c );  \
-
-#define LAST                                    \
-    STORE32; i++;                               \
-    cur = c > 0 ? c : 0; STORE32;               \
-    cur = 0; while( ++i < MAX32 ) { STORE32; }  \
-    if( c < 0 ) fix_negative( N, c, &C, bits );
-
-/*
- * If the result is negative, we get it in the form
- * c * 2^(bits + 32) + N, with c negative and N positive shorter than 'bits'
- */
-static inline int fix_negative( mbedtls_mpi *N, signed char c, mbedtls_mpi *C, size_t bits )
-{
-    int ret;
-
-    /* C = - c * 2^(bits + 32) */
-#if !defined(MBEDTLS_HAVE_INT64)
-    ((void) bits);
-#else
-    if( bits == 224 )
-        C->p[ C->n - 1 ] = ((mbedtls_mpi_uint) -c) << 32;
-    else
-#endif
-        C->p[ C->n - 1 ] = (mbedtls_mpi_uint) -c;
-
-    /* N = - ( C - N ) */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, C, N ) );
-    N->s = -1;
-
-cleanup:
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-/*
- * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2)
- */
-static int ecp_mod_p224( mbedtls_mpi *N )
-{
-    INIT( 224 );
-
-    SUB(  7 ); SUB( 11 );               NEXT; // A0 += -A7 - A11
-    SUB(  8 ); SUB( 12 );               NEXT; // A1 += -A8 - A12
-    SUB(  9 ); SUB( 13 );               NEXT; // A2 += -A9 - A13
-    SUB( 10 ); ADD(  7 ); ADD( 11 );    NEXT; // A3 += -A10 + A7 + A11
-    SUB( 11 ); ADD(  8 ); ADD( 12 );    NEXT; // A4 += -A11 + A8 + A12
-    SUB( 12 ); ADD(  9 ); ADD( 13 );    NEXT; // A5 += -A12 + A9 + A13
-    SUB( 13 ); ADD( 10 );               LAST; // A6 += -A13 + A10
-
-cleanup:
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-/*
- * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3)
- */
-static int ecp_mod_p256( mbedtls_mpi *N )
-{
-    INIT( 256 );
-
-    ADD(  8 ); ADD(  9 );
-    SUB( 11 ); SUB( 12 ); SUB( 13 ); SUB( 14 );             NEXT; // A0
-
-    ADD(  9 ); ADD( 10 );
-    SUB( 12 ); SUB( 13 ); SUB( 14 ); SUB( 15 );             NEXT; // A1
-
-    ADD( 10 ); ADD( 11 );
-    SUB( 13 ); SUB( 14 ); SUB( 15 );                        NEXT; // A2
-
-    ADD( 11 ); ADD( 11 ); ADD( 12 ); ADD( 12 ); ADD( 13 );
-    SUB( 15 ); SUB(  8 ); SUB(  9 );                        NEXT; // A3
-
-    ADD( 12 ); ADD( 12 ); ADD( 13 ); ADD( 13 ); ADD( 14 );
-    SUB(  9 ); SUB( 10 );                                   NEXT; // A4
-
-    ADD( 13 ); ADD( 13 ); ADD( 14 ); ADD( 14 ); ADD( 15 );
-    SUB( 10 ); SUB( 11 );                                   NEXT; // A5
-
-    ADD( 14 ); ADD( 14 ); ADD( 15 ); ADD( 15 ); ADD( 14 ); ADD( 13 );
-    SUB(  8 ); SUB(  9 );                                   NEXT; // A6
-
-    ADD( 15 ); ADD( 15 ); ADD( 15 ); ADD( 8 );
-    SUB( 10 ); SUB( 11 ); SUB( 12 ); SUB( 13 );             LAST; // A7
-
-cleanup:
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-/*
- * Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4)
- */
-static int ecp_mod_p384( mbedtls_mpi *N )
-{
-    INIT( 384 );
-
-    ADD( 12 ); ADD( 21 ); ADD( 20 );
-    SUB( 23 );                                              NEXT; // A0
-
-    ADD( 13 ); ADD( 22 ); ADD( 23 );
-    SUB( 12 ); SUB( 20 );                                   NEXT; // A2
-
-    ADD( 14 ); ADD( 23 );
-    SUB( 13 ); SUB( 21 );                                   NEXT; // A2
-
-    ADD( 15 ); ADD( 12 ); ADD( 20 ); ADD( 21 );
-    SUB( 14 ); SUB( 22 ); SUB( 23 );                        NEXT; // A3
-
-    ADD( 21 ); ADD( 21 ); ADD( 16 ); ADD( 13 ); ADD( 12 ); ADD( 20 ); ADD( 22 );
-    SUB( 15 ); SUB( 23 ); SUB( 23 );                        NEXT; // A4
-
-    ADD( 22 ); ADD( 22 ); ADD( 17 ); ADD( 14 ); ADD( 13 ); ADD( 21 ); ADD( 23 );
-    SUB( 16 );                                              NEXT; // A5
-
-    ADD( 23 ); ADD( 23 ); ADD( 18 ); ADD( 15 ); ADD( 14 ); ADD( 22 );
-    SUB( 17 );                                              NEXT; // A6
-
-    ADD( 19 ); ADD( 16 ); ADD( 15 ); ADD( 23 );
-    SUB( 18 );                                              NEXT; // A7
-
-    ADD( 20 ); ADD( 17 ); ADD( 16 );
-    SUB( 19 );                                              NEXT; // A8
-
-    ADD( 21 ); ADD( 18 ); ADD( 17 );
-    SUB( 20 );                                              NEXT; // A9
-
-    ADD( 22 ); ADD( 19 ); ADD( 18 );
-    SUB( 21 );                                              NEXT; // A10
-
-    ADD( 23 ); ADD( 20 ); ADD( 19 );
-    SUB( 22 );                                              LAST; // A11
-
-cleanup:
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-
-#undef A
-#undef LOAD32
-#undef STORE32
-#undef MAX32
-#undef INIT
-#undef NEXT
-#undef LAST
-
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED ||
-          MBEDTLS_ECP_DP_SECP256R1_ENABLED ||
-          MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-/*
- * Here we have an actual Mersenne prime, so things are more straightforward.
- * However, chunks are aligned on a 'weird' boundary (521 bits).
- */
-
-/* Size of p521 in terms of mbedtls_mpi_uint */
-#define P521_WIDTH      ( 521 / 8 / sizeof( mbedtls_mpi_uint ) + 1 )
-
-/* Bits to keep in the most significant mbedtls_mpi_uint */
-#define P521_MASK       0x01FF
-
-/*
- * Fast quasi-reduction modulo p521 (FIPS 186-3 D.2.5)
- * Write N as A1 + 2^521 A0, return A0 + A1
- */
-static int ecp_mod_p521( mbedtls_mpi *N )
-{
-    int ret;
-    size_t i;
-    mbedtls_mpi M;
-    mbedtls_mpi_uint Mp[P521_WIDTH + 1];
-    /* Worst case for the size of M is when mbedtls_mpi_uint is 16 bits:
-     * we need to hold bits 513 to 1056, which is 34 limbs, that is
-     * P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */
-
-    if( N->n < P521_WIDTH )
-        return( 0 );
-
-    /* M = A1 */
-    M.s = 1;
-    M.n = N->n - ( P521_WIDTH - 1 );
-    if( M.n > P521_WIDTH + 1 )
-        M.n = P521_WIDTH + 1;
-    M.p = Mp;
-    memcpy( Mp, N->p + P521_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 521 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) );
-
-    /* N = A0 */
-    N->p[P521_WIDTH - 1] &= P521_MASK;
-    for( i = P521_WIDTH; i < N->n; i++ )
-        N->p[i] = 0;
-
-    /* N = A0 + A1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
-
-cleanup:
-    return( ret );
-}
-
-#undef P521_WIDTH
-#undef P521_MASK
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-
-#endif /* MBEDTLS_ECP_NIST_OPTIM */
-
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-
-/* Size of p255 in terms of mbedtls_mpi_uint */
-#define P255_WIDTH      ( 255 / 8 / sizeof( mbedtls_mpi_uint ) + 1 )
-
-/*
- * Fast quasi-reduction modulo p255 = 2^255 - 19
- * Write N as A0 + 2^255 A1, return A0 + 19 * A1
- */
-static int ecp_mod_p255( mbedtls_mpi *N )
-{
-    int ret;
-    size_t i;
-    mbedtls_mpi M;
-    mbedtls_mpi_uint Mp[P255_WIDTH + 2];
-
-    if( N->n < P255_WIDTH )
-        return( 0 );
-
-    /* M = A1 */
-    M.s = 1;
-    M.n = N->n - ( P255_WIDTH - 1 );
-    if( M.n > P255_WIDTH + 1 )
-        M.n = P255_WIDTH + 1;
-    M.p = Mp;
-    memset( Mp, 0, sizeof Mp );
-    memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 255 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) );
-    M.n++; /* Make room for multiplication by 19 */
-
-    /* N = A0 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( N, 255, 0 ) );
-    for( i = P255_WIDTH; i < N->n; i++ )
-        N->p[i] = 0;
-
-    /* N = A0 + 19 * A1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &M, 19 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
-
-cleanup:
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-/*
- * Fast quasi-reduction modulo P = 2^s - R,
- * with R about 33 bits, used by the Koblitz curves.
- *
- * Write N as A0 + 2^224 A1, return A0 + R * A1.
- * Actually do two passes, since R is big.
- */
-#define P_KOBLITZ_MAX   ( 256 / 8 / sizeof( mbedtls_mpi_uint ) )  // Max limbs in P
-#define P_KOBLITZ_R     ( 8 / sizeof( mbedtls_mpi_uint ) )        // Limbs in R
-static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs,
-                                   size_t adjust, size_t shift, mbedtls_mpi_uint mask )
-{
-    int ret;
-    size_t i;
-    mbedtls_mpi M, R;
-    mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
-
-    if( N->n < p_limbs )
-        return( 0 );
-
-    /* Init R */
-    R.s = 1;
-    R.p = Rp;
-    R.n = P_KOBLITZ_R;
-
-    /* Common setup for M */
-    M.s = 1;
-    M.p = Mp;
-
-    /* M = A1 */
-    M.n = N->n - ( p_limbs - adjust );
-    if( M.n > p_limbs + adjust )
-        M.n = p_limbs + adjust;
-    memset( Mp, 0, sizeof Mp );
-    memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
-    if( shift != 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
-    M.n += R.n; /* Make room for multiplication by R */
-
-    /* N = A0 */
-    if( mask != 0 )
-        N->p[p_limbs - 1] &= mask;
-    for( i = p_limbs; i < N->n; i++ )
-        N->p[i] = 0;
-
-    /* N = A0 + R * A1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
-
-    /* Second pass */
-
-    /* M = A1 */
-    M.n = N->n - ( p_limbs - adjust );
-    if( M.n > p_limbs + adjust )
-        M.n = p_limbs + adjust;
-    memset( Mp, 0, sizeof Mp );
-    memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
-    if( shift != 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
-    M.n += R.n; /* Make room for multiplication by R */
-
-    /* N = A0 */
-    if( mask != 0 )
-        N->p[p_limbs - 1] &= mask;
-    for( i = p_limbs; i < N->n; i++ )
-        N->p[i] = 0;
-
-    /* N = A0 + R * A1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
-
-cleanup:
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||
-          MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||
-          MBEDTLS_ECP_DP_SECP256K1_ENABLED) */
-
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-/*
- * Fast quasi-reduction modulo p192k1 = 2^192 - R,
- * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119
- */
-static int ecp_mod_p192k1( mbedtls_mpi *N )
-{
-    static mbedtls_mpi_uint Rp[] = {
-        BYTES_TO_T_UINT_8( 0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
-
-    return( ecp_mod_koblitz( N, Rp, 192 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, 0 ) );
-}
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-/*
- * Fast quasi-reduction modulo p224k1 = 2^224 - R,
- * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93
- */
-static int ecp_mod_p224k1( mbedtls_mpi *N )
-{
-    static mbedtls_mpi_uint Rp[] = {
-        BYTES_TO_T_UINT_8( 0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
-
-#if defined(MBEDTLS_HAVE_INT64)
-    return( ecp_mod_koblitz( N, Rp, 4, 1, 32, 0xFFFFFFFF ) );
-#else
-    return( ecp_mod_koblitz( N, Rp, 224 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, 0 ) );
-#endif
-}
-
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-/*
- * Fast quasi-reduction modulo p256k1 = 2^256 - R,
- * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1
- */
-static int ecp_mod_p256k1( mbedtls_mpi *N )
-{
-    static mbedtls_mpi_uint Rp[] = {
-        BYTES_TO_T_UINT_8( 0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
-    return( ecp_mod_koblitz( N, Rp, 256 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, 0 ) );
-}
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
-
-#endif /* !MBEDTLS_ECP_ALT */
-
-#endif /* MBEDTLS_ECP_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/entropy.c b/components/ssl/mbedtls/mbedtls/library/entropy.c
deleted file mode 100644
index e17512e7..00000000
--- a/components/ssl/mbedtls/mbedtls/library/entropy.c
+++ /dev/null
@@ -1,725 +0,0 @@
-/*
- *  Entropy accumulator implementation
- *
- *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_ENTROPY_C)
-
-#if defined(MBEDTLS_TEST_NULL_ENTROPY)
-#warning "**** WARNING!  MBEDTLS_TEST_NULL_ENTROPY defined! "
-#warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES "
-#warning "**** THIS BUILD IS *NOT* SUITABLE FOR PRODUCTION USE "
-#endif
-
-#include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#endif
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-#include "mbedtls/platform.h"
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf     printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#if defined(MBEDTLS_HAVEGE_C)
-#include "mbedtls/havege.h"
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-#define ENTROPY_MAX_LOOP    256     /**< Maximum amount to loop before error */
-
-void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
-{
-    ctx->source_count = 0;
-    memset( ctx->source, 0, sizeof( ctx->source ) );
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
-#endif
-
-    ctx->accumulator_started = 0;
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-    mbedtls_sha512_init( &ctx->accumulator );
-#else
-    mbedtls_sha256_init( &ctx->accumulator );
-#endif
-#if defined(MBEDTLS_HAVEGE_C)
-    mbedtls_havege_init( &ctx->havege_data );
-#endif
-
-    /* Reminder: Update ENTROPY_HAVE_STRONG in the test files
-     *           when adding more strong entropy sources here. */
-
-#if defined(MBEDTLS_TEST_NULL_ENTROPY)
-    mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL,
-                                1, MBEDTLS_ENTROPY_SOURCE_STRONG );
-#endif
-
-#if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
-#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
-    mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL,
-                                MBEDTLS_ENTROPY_MIN_PLATFORM,
-                                MBEDTLS_ENTROPY_SOURCE_STRONG );
-#endif
-#if defined(MBEDTLS_TIMING_C)
-    mbedtls_entropy_add_source( ctx, mbedtls_hardclock_poll, NULL,
-                                MBEDTLS_ENTROPY_MIN_HARDCLOCK,
-                                MBEDTLS_ENTROPY_SOURCE_WEAK );
-#endif
-#if defined(MBEDTLS_HAVEGE_C)
-    mbedtls_entropy_add_source( ctx, mbedtls_havege_poll, &ctx->havege_data,
-                                MBEDTLS_ENTROPY_MIN_HAVEGE,
-                                MBEDTLS_ENTROPY_SOURCE_STRONG );
-#endif
-#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-    mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL,
-                                MBEDTLS_ENTROPY_MIN_HARDWARE,
-                                MBEDTLS_ENTROPY_SOURCE_STRONG );
-#endif
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-    mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL,
-                                MBEDTLS_ENTROPY_BLOCK_SIZE,
-                                MBEDTLS_ENTROPY_SOURCE_STRONG );
-    ctx->initial_entropy_run = 0;
-#endif
-#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
-}
-
-void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
-{
-#if defined(MBEDTLS_HAVEGE_C)
-    mbedtls_havege_free( &ctx->havege_data );
-#endif
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free( &ctx->mutex );
-#endif
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-    mbedtls_sha512_free( &ctx->accumulator );
-#else
-    mbedtls_sha256_free( &ctx->accumulator );
-#endif
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-    ctx->initial_entropy_run = 0;
-#endif
-    ctx->source_count = 0;
-    mbedtls_zeroize( ctx->source, sizeof( ctx->source ) );
-    ctx->accumulator_started = 0;
-}
-
-int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
-                        mbedtls_entropy_f_source_ptr f_source, void *p_source,
-                        size_t threshold, int strong )
-{
-    int idx, ret = 0;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    idx = ctx->source_count;
-    if( idx >= MBEDTLS_ENTROPY_MAX_SOURCES )
-    {
-        ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES;
-        goto exit;
-    }
-
-    ctx->source[idx].f_source  = f_source;
-    ctx->source[idx].p_source  = p_source;
-    ctx->source[idx].threshold = threshold;
-    ctx->source[idx].strong    = strong;
-
-    ctx->source_count++;
-
-exit:
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    return( ret );
-}
-
-/*
- * Entropy accumulator update
- */
-static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id,
-                           const unsigned char *data, size_t len )
-{
-    unsigned char header[2];
-    unsigned char tmp[MBEDTLS_ENTROPY_BLOCK_SIZE];
-    size_t use_len = len;
-    const unsigned char *p = data;
-    int ret = 0;
-
-    if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE )
-    {
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-        if( ( ret = mbedtls_sha512_ret( data, len, tmp, 0 ) ) != 0 )
-            goto cleanup;
-#else
-        if( ( ret = mbedtls_sha256_ret( data, len, tmp, 0 ) ) != 0 )
-            goto cleanup;
-#endif
-        p = tmp;
-        use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
-    }
-
-    header[0] = source_id;
-    header[1] = use_len & 0xFF;
-
-    /*
-     * Start the accumulator if this has not already happened. Note that
-     * it is sufficient to start the accumulator here only because all calls to
-     * gather entropy eventually execute this code.
-     */
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-    if( ctx->accumulator_started == 0 &&
-        ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
-        goto cleanup;
-    else
-        ctx->accumulator_started = 1;
-    if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, header, 2 ) ) != 0 )
-        goto cleanup;
-    ret = mbedtls_sha512_update_ret( &ctx->accumulator, p, use_len );
-#else
-    if( ctx->accumulator_started == 0 &&
-        ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
-        goto cleanup;
-    else
-        ctx->accumulator_started = 1;
-    if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, header, 2 ) ) != 0 )
-        goto cleanup;
-    ret = mbedtls_sha256_update_ret( &ctx->accumulator, p, use_len );
-#endif
-
-cleanup:
-    mbedtls_zeroize( tmp, sizeof( tmp ) );
-
-    return( ret );
-}
-
-int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
-                           const unsigned char *data, size_t len )
-{
-    int ret;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    ret = entropy_update( ctx, MBEDTLS_ENTROPY_SOURCE_MANUAL, data, len );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    return( ret );
-}
-
-/*
- * Run through the different sources to add entropy to our accumulator
- */
-static int entropy_gather_internal( mbedtls_entropy_context *ctx )
-{
-    int ret, i, have_one_strong = 0;
-    unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER];
-    size_t olen;
-
-    if( ctx->source_count == 0 )
-        return( MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED );
-
-    /*
-     * Run through our entropy sources
-     */
-    for( i = 0; i < ctx->source_count; i++ )
-    {
-        if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG )
-            have_one_strong = 1;
-
-        olen = 0;
-        if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
-                        buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen ) ) != 0 )
-        {
-            goto cleanup;
-        }
-
-        /*
-         * Add if we actually gathered something
-         */
-        if( olen > 0 )
-        {
-            if( ( ret = entropy_update( ctx, (unsigned char) i,
-                                        buf, olen ) ) != 0 )
-                return( ret );
-            ctx->source[i].size += olen;
-        }
-    }
-
-    if( have_one_strong == 0 )
-        ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE;
-
-cleanup:
-    mbedtls_zeroize( buf, sizeof( buf ) );
-
-    return( ret );
-}
-
-/*
- * Thread-safe wrapper for entropy_gather_internal()
- */
-int mbedtls_entropy_gather( mbedtls_entropy_context *ctx )
-{
-    int ret;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    ret = entropy_gather_internal( ctx );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    return( ret );
-}
-
-int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
-{
-    int ret, count = 0, i, done;
-    mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data;
-    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
-
-    if( len > MBEDTLS_ENTROPY_BLOCK_SIZE )
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-    /* Update the NV entropy seed before generating any entropy for outside
-     * use.
-     */
-    if( ctx->initial_entropy_run == 0 )
-    {
-        ctx->initial_entropy_run = 1;
-        if( ( ret = mbedtls_entropy_update_nv_seed( ctx ) ) != 0 )
-            return( ret );
-    }
-#endif
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    /*
-     * Always gather extra entropy before a call
-     */
-    do
-    {
-        if( count++ > ENTROPY_MAX_LOOP )
-        {
-            ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
-            goto exit;
-        }
-
-        if( ( ret = entropy_gather_internal( ctx ) ) != 0 )
-            goto exit;
-
-        done = 1;
-        for( i = 0; i < ctx->source_count; i++ )
-            if( ctx->source[i].size < ctx->source[i].threshold )
-                done = 0;
-    }
-    while( ! done );
-
-    memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
-
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-    /*
-     * Note that at this stage it is assumed that the accumulator was started
-     * in a previous call to entropy_update(). If this is not guaranteed, the
-     * code below will fail.
-     */
-    if( ( ret = mbedtls_sha512_finish_ret( &ctx->accumulator, buf ) ) != 0 )
-        goto exit;
-
-    /*
-     * Reset accumulator and counters and recycle existing entropy
-     */
-    mbedtls_sha512_free( &ctx->accumulator );
-    mbedtls_sha512_init( &ctx->accumulator );
-    if( ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, buf,
-                                           MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
-        goto exit;
-
-    /*
-     * Perform second SHA-512 on entropy
-     */
-    if( ( ret = mbedtls_sha512_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
-                                    buf, 0 ) ) != 0 )
-        goto exit;
-#else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
-    if( ( ret = mbedtls_sha256_finish_ret( &ctx->accumulator, buf ) ) != 0 )
-        goto exit;
-
-    /*
-     * Reset accumulator and counters and recycle existing entropy
-     */
-    mbedtls_sha256_free( &ctx->accumulator );
-    mbedtls_sha256_init( &ctx->accumulator );
-    if( ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, buf,
-                                           MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
-        goto exit;
-
-    /*
-     * Perform second SHA-256 on entropy
-     */
-    if( ( ret = mbedtls_sha256_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
-                                    buf, 0 ) ) != 0 )
-        goto exit;
-#endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
-
-    for( i = 0; i < ctx->source_count; i++ )
-        ctx->source[i].size = 0;
-
-    memcpy( output, buf, len );
-
-    ret = 0;
-
-exit:
-    mbedtls_zeroize( buf, sizeof( buf ) );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
-{
-    int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
-    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
-
-    /* Read new seed  and write it to NV */
-    if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
-        return( ret );
-
-    if( mbedtls_nv_seed_write( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
-        return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
-
-    /* Manually update the remaining stream with a separator value to diverge */
-    memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
-    ret = mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
-
-    return( ret );
-}
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-
-#if defined(MBEDTLS_FS_IO)
-int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path )
-{
-    int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
-    FILE *f;
-    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
-
-    if( ( f = fopen( path, "wb" ) ) == NULL )
-        return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
-
-    if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
-        goto exit;
-
-    if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE )
-    {
-        ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
-        goto exit;
-    }
-
-    ret = 0;
-
-exit:
-    mbedtls_zeroize( buf, sizeof( buf ) );
-
-    fclose( f );
-    return( ret );
-}
-
-int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path )
-{
-    int ret = 0;
-    FILE *f;
-    size_t n;
-    unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ];
-
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
-
-    fseek( f, 0, SEEK_END );
-    n = (size_t) ftell( f );
-    fseek( f, 0, SEEK_SET );
-
-    if( n > MBEDTLS_ENTROPY_MAX_SEED_SIZE )
-        n = MBEDTLS_ENTROPY_MAX_SEED_SIZE;
-
-    if( fread( buf, 1, n, f ) != n )
-        ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
-    else
-        ret = mbedtls_entropy_update_manual( ctx, buf, n );
-
-    fclose( f );
-
-    mbedtls_zeroize( buf, sizeof( buf ) );
-
-    if( ret != 0 )
-        return( ret );
-
-    return( mbedtls_entropy_write_seed_file( ctx, path ) );
-}
-#endif /* MBEDTLS_FS_IO */
-
-#if defined(MBEDTLS_SELF_TEST)
-#if !defined(MBEDTLS_TEST_NULL_ENTROPY)
-/*
- * Dummy source function
- */
-static int entropy_dummy_source( void *data, unsigned char *output,
-                                 size_t len, size_t *olen )
-{
-    ((void) data);
-
-    memset( output, 0x2a, len );
-    *olen = len;
-
-    return( 0 );
-}
-#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
-
-#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-
-static int mbedtls_entropy_source_self_test_gather( unsigned char *buf, size_t buf_len )
-{
-    int ret = 0;
-    size_t entropy_len = 0;
-    size_t olen = 0;
-    size_t attempts = buf_len;
-
-    while( attempts > 0 && entropy_len < buf_len )
-    {
-        if( ( ret = mbedtls_hardware_poll( NULL, buf + entropy_len,
-            buf_len - entropy_len, &olen ) ) != 0 )
-            return( ret );
-
-        entropy_len += olen;
-        attempts--;
-    }
-
-    if( entropy_len < buf_len )
-    {
-        ret = 1;
-    }
-
-    return( ret );
-}
-
-
-static int mbedtls_entropy_source_self_test_check_bits( const unsigned char *buf,
-                                                        size_t buf_len )
-{
-    unsigned char set= 0xFF;
-    unsigned char unset = 0x00;
-    size_t i;
-
-    for( i = 0; i < buf_len; i++ )
-    {
-        set &= buf[i];
-        unset |= buf[i];
-    }
-
-    return( set == 0xFF || unset == 0x00 );
-}
-
-/*
- * A test to ensure hat the entropy sources are functioning correctly
- * and there is no obvious failure. The test performs the following checks:
- *  - The entropy source is not providing only 0s (all bits unset) or 1s (all
- *    bits set).
- *  - The entropy source is not providing values in a pattern. Because the
- *    hardware could be providing data in an arbitrary length, this check polls
- *    the hardware entropy source twice and compares the result to ensure they
- *    are not equal.
- *  - The error code returned by the entropy source is not an error.
- */
-int mbedtls_entropy_source_self_test( int verbose )
-{
-    int ret = 0;
-    unsigned char buf0[2 * sizeof( unsigned long long int )];
-    unsigned char buf1[2 * sizeof( unsigned long long int )];
-
-    if( verbose != 0 )
-        mbedtls_printf( "  ENTROPY_BIAS test: " );
-
-    memset( buf0, 0x00, sizeof( buf0 ) );
-    memset( buf1, 0x00, sizeof( buf1 ) );
-
-    if( ( ret = mbedtls_entropy_source_self_test_gather( buf0, sizeof( buf0 ) ) ) != 0 )
-        goto cleanup;
-    if( ( ret = mbedtls_entropy_source_self_test_gather( buf1, sizeof( buf1 ) ) ) != 0 )
-        goto cleanup;
-
-    /* Make sure that the returned values are not all 0 or 1 */
-    if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf0, sizeof( buf0 ) ) ) != 0 )
-        goto cleanup;
-    if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf1, sizeof( buf1 ) ) ) != 0 )
-        goto cleanup;
-
-    /* Make sure that the entropy source is not returning values in a
-     * pattern */
-    ret = memcmp( buf0, buf1, sizeof( buf0 ) ) == 0;
-
-cleanup:
-    if( verbose != 0 )
-    {
-        if( ret != 0 )
-            mbedtls_printf( "failed\n" );
-        else
-            mbedtls_printf( "passed\n" );
-
-        mbedtls_printf( "\n" );
-    }
-
-    return( ret != 0 );
-}
-
-#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
-
-/*
- * The actual entropy quality is hard to test, but we can at least
- * test that the functions don't cause errors and write the correct
- * amount of data to buffers.
- */
-int mbedtls_entropy_self_test( int verbose )
-{
-    int ret = 1;
-#if !defined(MBEDTLS_TEST_NULL_ENTROPY)
-    mbedtls_entropy_context ctx;
-    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
-    unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
-    size_t i, j;
-#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
-
-    if( verbose != 0 )
-        mbedtls_printf( "  ENTROPY test: " );
-
-#if !defined(MBEDTLS_TEST_NULL_ENTROPY)
-    mbedtls_entropy_init( &ctx );
-
-    /* First do a gather to make sure we have default sources */
-    if( ( ret = mbedtls_entropy_gather( &ctx ) ) != 0 )
-        goto cleanup;
-
-    ret = mbedtls_entropy_add_source( &ctx, entropy_dummy_source, NULL, 16,
-                                      MBEDTLS_ENTROPY_SOURCE_WEAK );
-    if( ret != 0 )
-        goto cleanup;
-
-    if( ( ret = mbedtls_entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 )
-        goto cleanup;
-
-    /*
-     * To test that mbedtls_entropy_func writes correct number of bytes:
-     * - use the whole buffer and rely on ASan to detect overruns
-     * - collect entropy 8 times and OR the result in an accumulator:
-     *   any byte should then be 0 with probably 2^(-64), so requiring
-     *   each of the 32 or 64 bytes to be non-zero has a false failure rate
-     *   of at most 2^(-58) which is acceptable.
-     */
-    for( i = 0; i < 8; i++ )
-    {
-        if( ( ret = mbedtls_entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 )
-            goto cleanup;
-
-        for( j = 0; j < sizeof( buf ); j++ )
-            acc[j] |= buf[j];
-    }
-
-    for( j = 0; j < sizeof( buf ); j++ )
-    {
-        if( acc[j] == 0 )
-        {
-            ret = 1;
-            goto cleanup;
-        }
-    }
-
-#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-    if( ( ret = mbedtls_entropy_source_self_test( 0 ) ) != 0 )
-        goto cleanup;
-#endif
-
-cleanup:
-    mbedtls_entropy_free( &ctx );
-#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
-
-    if( verbose != 0 )
-    {
-        if( ret != 0 )
-            mbedtls_printf( "failed\n" );
-        else
-            mbedtls_printf( "passed\n" );
-
-        mbedtls_printf( "\n" );
-    }
-
-    return( ret != 0 );
-}
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_ENTROPY_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/entropy_poll.c b/components/ssl/mbedtls/mbedtls/library/entropy_poll.c
deleted file mode 100644
index a116e605..00000000
--- a/components/ssl/mbedtls/mbedtls/library/entropy_poll.c
+++ /dev/null
@@ -1,268 +0,0 @@
-/*
- *  Platform-specific and custom entropy polling functions
- *
- *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_ENTROPY_C)
-
-#include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
-
-#if defined(MBEDTLS_TIMING_C)
-#include <string.h>
-#include "mbedtls/timing.h"
-#endif
-#if defined(MBEDTLS_HAVEGE_C)
-#include "mbedtls/havege.h"
-#endif
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-#include "mbedtls/platform.h"
-#endif
-
-#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
-
-#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
-    !defined(__APPLE__) && !defined(_WIN32)
-#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h"
-#endif
-
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-
-#if !defined(_WIN32_WINNT)
-#define _WIN32_WINNT 0x0400
-#endif
-#include <windows.h>
-#include <wincrypt.h>
-
-int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len,
-                           size_t *olen )
-{
-    HCRYPTPROV provider;
-    ((void) data);
-    *olen = 0;
-
-    if( CryptAcquireContext( &provider, NULL, NULL,
-                              PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE )
-    {
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-    }
-
-    if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE )
-    {
-        CryptReleaseContext( provider, 0 );
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-    }
-
-    CryptReleaseContext( provider, 0 );
-    *olen = len;
-
-    return( 0 );
-}
-#else /* _WIN32 && !EFIX64 && !EFI32 */
-
-/*
- * Test for Linux getrandom() support.
- * Since there is no wrapper in the libc yet, use the generic syscall wrapper
- * available in GNU libc and compatible libc's (eg uClibc).
- */
-#if defined(__linux__) && defined(__GLIBC__)
-#include <unistd.h>
-#include <sys/syscall.h>
-#if defined(SYS_getrandom)
-#define HAVE_GETRANDOM
-
-static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
-{
-    /* MemSan cannot understand that the syscall writes to the buffer */
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer)
-    memset( buf, 0, buflen );
-#endif
-#endif
-
-    return( syscall( SYS_getrandom, buf, buflen, flags ) );
-}
-
-#include <sys/utsname.h>
-/* Check if version is at least 3.17.0 */
-static int check_version_3_17_plus( void )
-{
-    int minor;
-    struct utsname un;
-    const char *ver;
-
-    /* Get version information */
-    uname(&un);
-    ver = un.release;
-
-    /* Check major version; assume a single digit */
-    if( ver[0] < '3' || ver[0] > '9' || ver [1] != '.' )
-        return( -1 );
-
-    if( ver[0] - '0' > 3 )
-        return( 0 );
-
-    /* Ok, so now we know major == 3, check minor.
-     * Assume 1 or 2 digits. */
-    if( ver[2] < '0' || ver[2] > '9' )
-        return( -1 );
-
-    minor = ver[2] - '0';
-
-    if( ver[3] >= '0' && ver[3] <= '9' )
-        minor = 10 * minor + ver[3] - '0';
-    else if( ver [3] != '.' )
-        return( -1 );
-
-    if( minor < 17 )
-        return( -1 );
-
-    return( 0 );
-}
-static int has_getrandom = -1;
-#endif /* SYS_getrandom */
-#endif /* __linux__ */
-
-#include <stdio.h>
-
-int mbedtls_platform_entropy_poll( void *data,
-                           unsigned char *output, size_t len, size_t *olen )
-{
-    FILE *file;
-    size_t read_len;
-    ((void) data);
-
-#if defined(HAVE_GETRANDOM)
-    if( has_getrandom == -1 )
-        has_getrandom = ( check_version_3_17_plus() == 0 );
-
-    if( has_getrandom )
-    {
-        int ret;
-
-        if( ( ret = getrandom_wrapper( output, len, 0 ) ) < 0 )
-            return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-
-        *olen = ret;
-        return( 0 );
-    }
-#endif /* HAVE_GETRANDOM */
-
-    *olen = 0;
-
-    file = fopen( "/dev/urandom", "rb" );
-    if( file == NULL )
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-
-    read_len = fread( output, 1, len, file );
-    if( read_len != len )
-    {
-        fclose( file );
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-    }
-
-    fclose( file );
-    *olen = len;
-
-    return( 0 );
-}
-#endif /* _WIN32 && !EFIX64 && !EFI32 */
-#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
-
-#if defined(MBEDTLS_TEST_NULL_ENTROPY)
-int mbedtls_null_entropy_poll( void *data,
-                    unsigned char *output, size_t len, size_t *olen )
-{
-    ((void) data);
-    ((void) output);
-    *olen = 0;
-
-    if( len < sizeof(unsigned char) )
-        return( 0 );
-
-    *olen = sizeof(unsigned char);
-
-    return( 0 );
-}
-#endif
-
-#if defined(MBEDTLS_TIMING_C)
-int mbedtls_hardclock_poll( void *data,
-                    unsigned char *output, size_t len, size_t *olen )
-{
-    unsigned long timer = mbedtls_timing_hardclock();
-    ((void) data);
-    *olen = 0;
-
-    if( len < sizeof(unsigned long) )
-        return( 0 );
-
-    memcpy( output, &timer, sizeof(unsigned long) );
-    *olen = sizeof(unsigned long);
-
-    return( 0 );
-}
-#endif /* MBEDTLS_TIMING_C */
-
-#if defined(MBEDTLS_HAVEGE_C)
-int mbedtls_havege_poll( void *data,
-                 unsigned char *output, size_t len, size_t *olen )
-{
-    mbedtls_havege_state *hs = (mbedtls_havege_state *) data;
-    *olen = 0;
-
-    if( mbedtls_havege_random( hs, output, len ) != 0 )
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-
-    *olen = len;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_HAVEGE_C */
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-int mbedtls_nv_seed_poll( void *data,
-                          unsigned char *output, size_t len, size_t *olen )
-{
-    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
-    size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
-    ((void) data);
-
-    memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
-
-    if( mbedtls_nv_seed_read( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
-      return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-
-    if( len < use_len )
-      use_len = len;
-
-    memcpy( output, buf, use_len );
-    *olen = use_len;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-
-#endif /* MBEDTLS_ENTROPY_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/error.c b/components/ssl/mbedtls/mbedtls/library/error.c
deleted file mode 100644
index 0292480a..00000000
--- a/components/ssl/mbedtls/mbedtls/library/error.c
+++ /dev/null
@@ -1,822 +0,0 @@
-/*
- *  Error message information
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
-#include "mbedtls/error.h"
-#include <string.h>
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#define mbedtls_snprintf snprintf
-#define mbedtls_time_t   time_t
-#endif
-
-#if defined(MBEDTLS_ERROR_C)
-
-#include <stdio.h>
-
-#if defined(MBEDTLS_AES_C)
-#include "mbedtls/aes.h"
-#endif
-
-#if defined(MBEDTLS_ARC4_C)
-#include "mbedtls/arc4.h"
-#endif
-
-#if defined(MBEDTLS_BASE64_C)
-#include "mbedtls/base64.h"
-#endif
-
-#if defined(MBEDTLS_BIGNUM_C)
-#include "mbedtls/bignum.h"
-#endif
-
-#if defined(MBEDTLS_BLOWFISH_C)
-#include "mbedtls/blowfish.h"
-#endif
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#include "mbedtls/camellia.h"
-#endif
-
-#if defined(MBEDTLS_CCM_C)
-#include "mbedtls/ccm.h"
-#endif
-
-#if defined(MBEDTLS_CIPHER_C)
-#include "mbedtls/cipher.h"
-#endif
-
-#if defined(MBEDTLS_CMAC_C)
-#include "mbedtls/cmac.h"
-#endif
-
-#if defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/ctr_drbg.h"
-#endif
-
-#if defined(MBEDTLS_DES_C)
-#include "mbedtls/des.h"
-#endif
-
-#if defined(MBEDTLS_DHM_C)
-#include "mbedtls/dhm.h"
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
-#endif
-
-#if defined(MBEDTLS_ENTROPY_C)
-#include "mbedtls/entropy.h"
-#endif
-
-#if defined(MBEDTLS_GCM_C)
-#include "mbedtls/gcm.h"
-#endif
-
-#if defined(MBEDTLS_HMAC_DRBG_C)
-#include "mbedtls/hmac_drbg.h"
-#endif
-
-#if defined(MBEDTLS_MD_C)
-#include "mbedtls/md.h"
-#endif
-
-#if defined(MBEDTLS_MD2_C)
-#include "mbedtls/md2.h"
-#endif
-
-#if defined(MBEDTLS_MD4_C)
-#include "mbedtls/md4.h"
-#endif
-
-#if defined(MBEDTLS_MD5_C)
-#include "mbedtls/md5.h"
-#endif
-
-#if defined(MBEDTLS_NET_C)
-#include "mbedtls/net_sockets.h"
-#endif
-
-#if defined(MBEDTLS_OID_C)
-#include "mbedtls/oid.h"
-#endif
-
-#if defined(MBEDTLS_PADLOCK_C)
-#include "mbedtls/padlock.h"
-#endif
-
-#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
-#include "mbedtls/pem.h"
-#endif
-
-#if defined(MBEDTLS_PK_C)
-#include "mbedtls/pk.h"
-#endif
-
-#if defined(MBEDTLS_PKCS12_C)
-#include "mbedtls/pkcs12.h"
-#endif
-
-#if defined(MBEDTLS_PKCS5_C)
-#include "mbedtls/pkcs5.h"
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
-#include "mbedtls/ripemd160.h"
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
-#include "mbedtls/sha1.h"
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-#include "mbedtls/sha256.h"
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-#include "mbedtls/sha512.h"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C)
-#include "mbedtls/ssl.h"
-#endif
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
-#include "mbedtls/x509.h"
-#endif
-
-#if defined(MBEDTLS_XTEA_C)
-#include "mbedtls/xtea.h"
-#endif
-
-
-void mbedtls_strerror( int ret, char *buf, size_t buflen )
-{
-    size_t len;
-    int use_ret;
-
-    if( buflen == 0 )
-        return;
-
-    memset( buf, 0x00, buflen );
-
-    if( ret < 0 )
-        ret = -ret;
-
-    if( ret & 0xFF80 )
-    {
-        use_ret = ret & 0xFF80;
-
-        // High level error codes
-        //
-        // BEGIN generated code
-#if defined(MBEDTLS_CIPHER_C)
-        if( use_ret == -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) )
-            mbedtls_snprintf( buf, buflen, "CIPHER - The selected feature is not available" );
-        if( use_ret == -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA) )
-            mbedtls_snprintf( buf, buflen, "CIPHER - Bad input parameters" );
-        if( use_ret == -(MBEDTLS_ERR_CIPHER_ALLOC_FAILED) )
-            mbedtls_snprintf( buf, buflen, "CIPHER - Failed to allocate memory" );
-        if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_PADDING) )
-            mbedtls_snprintf( buf, buflen, "CIPHER - Input data contains invalid padding and is rejected" );
-        if( use_ret == -(MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED) )
-            mbedtls_snprintf( buf, buflen, "CIPHER - Decryption of block requires a full block" );
-        if( use_ret == -(MBEDTLS_ERR_CIPHER_AUTH_FAILED) )
-            mbedtls_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" );
-        if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT) )
-            mbedtls_snprintf( buf, buflen, "CIPHER - The context is invalid. For example, because it was freed" );
-        if( use_ret == -(MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED) )
-            mbedtls_snprintf( buf, buflen, "CIPHER - Cipher hardware accelerator failed" );
-#endif /* MBEDTLS_CIPHER_C */
-
-#if defined(MBEDTLS_DHM_C)
-        if( use_ret == -(MBEDTLS_ERR_DHM_BAD_INPUT_DATA) )
-            mbedtls_snprintf( buf, buflen, "DHM - Bad input parameters" );
-        if( use_ret == -(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED) )
-            mbedtls_snprintf( buf, buflen, "DHM - Reading of the DHM parameters failed" );
-        if( use_ret == -(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED) )
-            mbedtls_snprintf( buf, buflen, "DHM - Making of the DHM parameters failed" );
-        if( use_ret == -(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED) )
-            mbedtls_snprintf( buf, buflen, "DHM - Reading of the public values failed" );
-        if( use_ret == -(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED) )
-            mbedtls_snprintf( buf, buflen, "DHM - Making of the public value failed" );
-        if( use_ret == -(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED) )
-            mbedtls_snprintf( buf, buflen, "DHM - Calculation of the DHM secret failed" );
-        if( use_ret == -(MBEDTLS_ERR_DHM_INVALID_FORMAT) )
-            mbedtls_snprintf( buf, buflen, "DHM - The ASN.1 data is not formatted correctly" );
-        if( use_ret == -(MBEDTLS_ERR_DHM_ALLOC_FAILED) )
-            mbedtls_snprintf( buf, buflen, "DHM - Allocation of memory failed" );
-        if( use_ret == -(MBEDTLS_ERR_DHM_FILE_IO_ERROR) )
-            mbedtls_snprintf( buf, buflen, "DHM - Read or write of file failed" );
-        if( use_ret == -(MBEDTLS_ERR_DHM_HW_ACCEL_FAILED) )
-            mbedtls_snprintf( buf, buflen, "DHM - DHM hardware accelerator failed" );
-        if( use_ret == -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED) )
-            mbedtls_snprintf( buf, buflen, "DHM - Setting the modulus and generator failed" );
-#endif /* MBEDTLS_DHM_C */
-
-#if defined(MBEDTLS_ECP_C)
-        if( use_ret == -(MBEDTLS_ERR_ECP_BAD_INPUT_DATA) )
-            mbedtls_snprintf( buf, buflen, "ECP - Bad input parameters to function" );
-        if( use_ret == -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL) )
-            mbedtls_snprintf( buf, buflen, "ECP - The buffer is too small to write to" );
-        if( use_ret == -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE) )
-            mbedtls_snprintf( buf, buflen, "ECP - Requested curve not available" );
-        if( use_ret == -(MBEDTLS_ERR_ECP_VERIFY_FAILED) )
-            mbedtls_snprintf( buf, buflen, "ECP - The signature is not valid" );
-        if( use_ret == -(MBEDTLS_ERR_ECP_ALLOC_FAILED) )
-            mbedtls_snprintf( buf, buflen, "ECP - Memory allocation failed" );
-        if( use_ret == -(MBEDTLS_ERR_ECP_RANDOM_FAILED) )
-            mbedtls_snprintf( buf, buflen, "ECP - Generation of random value, such as (ephemeral) key, failed" );
-        if( use_ret == -(MBEDTLS_ERR_ECP_INVALID_KEY) )
-            mbedtls_snprintf( buf, buflen, "ECP - Invalid private or public key" );
-        if( use_ret == -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) )
-            mbedtls_snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" );
-        if( use_ret == -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) )
-            mbedtls_snprintf( buf, buflen, "ECP - ECP hardware accelerator failed" );
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_MD_C)
-        if( use_ret == -(MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE) )
-            mbedtls_snprintf( buf, buflen, "MD - The selected feature is not available" );
-        if( use_ret == -(MBEDTLS_ERR_MD_BAD_INPUT_DATA) )
-            mbedtls_snprintf( buf, buflen, "MD - Bad input parameters to function" );
-        if( use_ret == -(MBEDTLS_ERR_MD_ALLOC_FAILED) )
-            mbedtls_snprintf( buf, buflen, "MD - Failed to allocate memory" );
-        if( use_ret == -(MBEDTLS_ERR_MD_FILE_IO_ERROR) )
-            mbedtls_snprintf( buf, buflen, "MD - Opening or reading of file failed" );
-        if( use_ret == -(MBEDTLS_ERR_MD_HW_ACCEL_FAILED) )
-            mbedtls_snprintf( buf, buflen, "MD - MD hardware accelerator failed" );
-#endif /* MBEDTLS_MD_C */
-
-#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
-        if( use_ret == -(MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) )
-            mbedtls_snprintf( buf, buflen, "PEM - No PEM header or footer found" );
-        if( use_ret == -(MBEDTLS_ERR_PEM_INVALID_DATA) )
-            mbedtls_snprintf( buf, buflen, "PEM - PEM string is not as expected" );
-        if( use_ret == -(MBEDTLS_ERR_PEM_ALLOC_FAILED) )
-            mbedtls_snprintf( buf, buflen, "PEM - Failed to allocate memory" );
-        if( use_ret == -(MBEDTLS_ERR_PEM_INVALID_ENC_IV) )
-            mbedtls_snprintf( buf, buflen, "PEM - RSA IV is not in hex-format" );
-        if( use_ret == -(MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG) )
-            mbedtls_snprintf( buf, buflen, "PEM - Unsupported key encryption algorithm" );
-        if( use_ret == -(MBEDTLS_ERR_PEM_PASSWORD_REQUIRED) )
-            mbedtls_snprintf( buf, buflen, "PEM - Private key password can't be empty" );
-        if( use_ret == -(MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) )
-            mbedtls_snprintf( buf, buflen, "PEM - Given private key password does not allow for correct decryption" );
-        if( use_ret == -(MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE) )
-            mbedtls_snprintf( buf, buflen, "PEM - Unavailable feature, e.g. hashing/encryption combination" );
-        if( use_ret == -(MBEDTLS_ERR_PEM_BAD_INPUT_DATA) )
-            mbedtls_snprintf( buf, buflen, "PEM - Bad input parameters to function" );
-#endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */
-
-#if defined(MBEDTLS_PK_C)
-        if( use_ret == -(MBEDTLS_ERR_PK_ALLOC_FAILED) )
-            mbedtls_snprintf( buf, buflen, "PK - Memory allocation failed" );
-        if( use_ret == -(MBEDTLS_ERR_PK_TYPE_MISMATCH) )
-            mbedtls_snprintf( buf, buflen, "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" );
-        if( use_ret == -(MBEDTLS_ERR_PK_BAD_INPUT_DATA) )
-            mbedtls_snprintf( buf, buflen, "PK - Bad input parameters to function" );
-        if( use_ret == -(MBEDTLS_ERR_PK_FILE_IO_ERROR) )
-            mbedtls_snprintf( buf, buflen, "PK - Read/write of file failed" );
-        if( use_ret == -(MBEDTLS_ERR_PK_KEY_INVALID_VERSION) )
-            mbedtls_snprintf( buf, buflen, "PK - Unsupported key version" );
-        if( use_ret == -(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT) )
-            mbedtls_snprintf( buf, buflen, "PK - Invalid key tag or value" );
-        if( use_ret == -(MBEDTLS_ERR_PK_UNKNOWN_PK_ALG) )
-            mbedtls_snprintf( buf, buflen, "PK - Key algorithm is unsupported (only RSA and EC are supported)" );
-        if( use_ret == -(MBEDTLS_ERR_PK_PASSWORD_REQUIRED) )
-            mbedtls_snprintf( buf, buflen, "PK - Private key password can't be empty" );
-        if( use_ret == -(MBEDTLS_ERR_PK_PASSWORD_MISMATCH) )
-            mbedtls_snprintf( buf, buflen, "PK - Given private key password does not allow for correct decryption" );
-        if( use_ret == -(MBEDTLS_ERR_PK_INVALID_PUBKEY) )
-            mbedtls_snprintf( buf, buflen, "PK - The pubkey tag or value is invalid (only RSA and EC are supported)" );
-        if( use_ret == -(MBEDTLS_ERR_PK_INVALID_ALG) )
-            mbedtls_snprintf( buf, buflen, "PK - The algorithm tag or value is invalid" );
-        if( use_ret == -(MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE) )
-            mbedtls_snprintf( buf, buflen, "PK - Elliptic curve is unsupported (only NIST curves are supported)" );
-        if( use_ret == -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) )
-            mbedtls_snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" );
-        if( use_ret == -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH) )
-            mbedtls_snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" );
-        if( use_ret == -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED) )
-            mbedtls_snprintf( buf, buflen, "PK - PK hardware accelerator failed" );
-#endif /* MBEDTLS_PK_C */
-
-#if defined(MBEDTLS_PKCS12_C)
-        if( use_ret == -(MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA) )
-            mbedtls_snprintf( buf, buflen, "PKCS12 - Bad input parameters to function" );
-        if( use_ret == -(MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE) )
-            mbedtls_snprintf( buf, buflen, "PKCS12 - Feature not available, e.g. unsupported encryption scheme" );
-        if( use_ret == -(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT) )
-            mbedtls_snprintf( buf, buflen, "PKCS12 - PBE ASN.1 data not as expected" );
-        if( use_ret == -(MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH) )
-            mbedtls_snprintf( buf, buflen, "PKCS12 - Given private key password does not allow for correct decryption" );
-#endif /* MBEDTLS_PKCS12_C */
-
-#if defined(MBEDTLS_PKCS5_C)
-        if( use_ret == -(MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA) )
-            mbedtls_snprintf( buf, buflen, "PKCS5 - Bad input parameters to function" );
-        if( use_ret == -(MBEDTLS_ERR_PKCS5_INVALID_FORMAT) )
-            mbedtls_snprintf( buf, buflen, "PKCS5 - Unexpected ASN.1 data" );
-        if( use_ret == -(MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE) )
-            mbedtls_snprintf( buf, buflen, "PKCS5 - Requested encryption or digest alg not available" );
-        if( use_ret == -(MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH) )
-            mbedtls_snprintf( buf, buflen, "PKCS5 - Given private key password does not allow for correct decryption" );
-#endif /* MBEDTLS_PKCS5_C */
-
-#if defined(MBEDTLS_RSA_C)
-        if( use_ret == -(MBEDTLS_ERR_RSA_BAD_INPUT_DATA) )
-            mbedtls_snprintf( buf, buflen, "RSA - Bad input parameters to function" );
-        if( use_ret == -(MBEDTLS_ERR_RSA_INVALID_PADDING) )
-            mbedtls_snprintf( buf, buflen, "RSA - Input data contains invalid padding and is rejected" );
-        if( use_ret == -(MBEDTLS_ERR_RSA_KEY_GEN_FAILED) )
-            mbedtls_snprintf( buf, buflen, "RSA - Something failed during generation of a key" );
-        if( use_ret == -(MBEDTLS_ERR_RSA_KEY_CHECK_FAILED) )
-            mbedtls_snprintf( buf, buflen, "RSA - Key failed to pass the validity check of the library" );
-        if( use_ret == -(MBEDTLS_ERR_RSA_PUBLIC_FAILED) )
-            mbedtls_snprintf( buf, buflen, "RSA - The public key operation failed" );
-        if( use_ret == -(MBEDTLS_ERR_RSA_PRIVATE_FAILED) )
-            mbedtls_snprintf( buf, buflen, "RSA - The private key operation failed" );
-        if( use_ret == -(MBEDTLS_ERR_RSA_VERIFY_FAILED) )
-            mbedtls_snprintf( buf, buflen, "RSA - The PKCS#1 verification failed" );
-        if( use_ret == -(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE) )
-            mbedtls_snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" );
-        if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) )
-            mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" );
-        if( use_ret == -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) )
-            mbedtls_snprintf( buf, buflen, "RSA - The implementation does not offer the requested operation, for example, because of security violations or lack of functionality" );
-        if( use_ret == -(MBEDTLS_ERR_RSA_HW_ACCEL_FAILED) )
-            mbedtls_snprintf( buf, buflen, "RSA - RSA hardware accelerator failed" );
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_SSL_TLS_C)
-        if( use_ret == -(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) )
-            mbedtls_snprintf( buf, buflen, "SSL - The requested feature is not available" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_INPUT_DATA) )
-            mbedtls_snprintf( buf, buflen, "SSL - Bad input parameters to function" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_MAC) )
-            mbedtls_snprintf( buf, buflen, "SSL - Verification of the message MAC failed" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_RECORD) )
-            mbedtls_snprintf( buf, buflen, "SSL - An invalid SSL record was received" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_CONN_EOF) )
-            mbedtls_snprintf( buf, buflen, "SSL - The connection indicated an EOF" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_UNKNOWN_CIPHER) )
-            mbedtls_snprintf( buf, buflen, "SSL - An unknown cipher was received" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN) )
-            mbedtls_snprintf( buf, buflen, "SSL - The server has no ciphersuites in common with the client" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_NO_RNG) )
-            mbedtls_snprintf( buf, buflen, "SSL - No RNG was provided to the SSL module" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE) )
-            mbedtls_snprintf( buf, buflen, "SSL - No client certification received from the client, but required by the authentication mode" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE) )
-            mbedtls_snprintf( buf, buflen, "SSL - Our own certificate(s) is/are too large to send in an SSL message" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED) )
-            mbedtls_snprintf( buf, buflen, "SSL - The own certificate is not set, but needed by the server" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED) )
-            mbedtls_snprintf( buf, buflen, "SSL - The own private key or pre-shared key is not set, but needed" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED) )
-            mbedtls_snprintf( buf, buflen, "SSL - No CA Chain is set, but required to operate" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) )
-            mbedtls_snprintf( buf, buflen, "SSL - An unexpected message was received from our peer" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE) )
-        {
-            mbedtls_snprintf( buf, buflen, "SSL - A fatal alert message was received from our peer" );
-            return;
-        }
-        if( use_ret == -(MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED) )
-            mbedtls_snprintf( buf, buflen, "SSL - Verification of our peer failed" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) )
-            mbedtls_snprintf( buf, buflen, "SSL - The peer notified us that the connection is going to be closed" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO) )
-            mbedtls_snprintf( buf, buflen, "SSL - Processing of the ClientHello handshake message failed" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO) )
-            mbedtls_snprintf( buf, buflen, "SSL - Processing of the ServerHello handshake message failed" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE) )
-            mbedtls_snprintf( buf, buflen, "SSL - Processing of the Certificate handshake message failed" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST) )
-            mbedtls_snprintf( buf, buflen, "SSL - Processing of the CertificateRequest handshake message failed" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE) )
-            mbedtls_snprintf( buf, buflen, "SSL - Processing of the ServerKeyExchange handshake message failed" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE) )
-            mbedtls_snprintf( buf, buflen, "SSL - Processing of the ServerHelloDone handshake message failed" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE) )
-            mbedtls_snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP) )
-            mbedtls_snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS) )
-            mbedtls_snprintf( buf, buflen, "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY) )
-            mbedtls_snprintf( buf, buflen, "SSL - Processing of the CertificateVerify handshake message failed" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC) )
-            mbedtls_snprintf( buf, buflen, "SSL - Processing of the ChangeCipherSpec handshake message failed" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_FINISHED) )
-            mbedtls_snprintf( buf, buflen, "SSL - Processing of the Finished handshake message failed" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_ALLOC_FAILED) )
-            mbedtls_snprintf( buf, buflen, "SSL - Memory allocation failed" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED) )
-            mbedtls_snprintf( buf, buflen, "SSL - Hardware acceleration function returned with error" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH) )
-            mbedtls_snprintf( buf, buflen, "SSL - Hardware acceleration function skipped / left alone data" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_COMPRESSION_FAILED) )
-            mbedtls_snprintf( buf, buflen, "SSL - Processing of the compression / decompression failed" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION) )
-            mbedtls_snprintf( buf, buflen, "SSL - Handshake protocol not within min/max boundaries" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET) )
-            mbedtls_snprintf( buf, buflen, "SSL - Processing of the NewSessionTicket handshake message failed" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED) )
-            mbedtls_snprintf( buf, buflen, "SSL - Session ticket has expired" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH) )
-            mbedtls_snprintf( buf, buflen, "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) )
-            mbedtls_snprintf( buf, buflen, "SSL - Unknown identity received (eg, PSK identity)" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_INTERNAL_ERROR) )
-            mbedtls_snprintf( buf, buflen, "SSL - Internal error (eg, unexpected failure in lower-level module)" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_COUNTER_WRAPPING) )
-            mbedtls_snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO) )
-            mbedtls_snprintf( buf, buflen, "SSL - Unexpected message at ServerHello in renegotiation" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) )
-            mbedtls_snprintf( buf, buflen, "SSL - DTLS client must retry for hello verification" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) )
-            mbedtls_snprintf( buf, buflen, "SSL - A buffer is too small to receive or write a message" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE) )
-            mbedtls_snprintf( buf, buflen, "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_WANT_READ) )
-            mbedtls_snprintf( buf, buflen, "SSL - Connection requires a read call" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_WANT_WRITE) )
-            mbedtls_snprintf( buf, buflen, "SSL - Connection requires a write call" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_TIMEOUT) )
-            mbedtls_snprintf( buf, buflen, "SSL - The operation timed out" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_CLIENT_RECONNECT) )
-            mbedtls_snprintf( buf, buflen, "SSL - The client initiated a reconnect from the same port" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_UNEXPECTED_RECORD) )
-            mbedtls_snprintf( buf, buflen, "SSL - Record header looks valid but is not expected" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_NON_FATAL) )
-            mbedtls_snprintf( buf, buflen, "SSL - The alert message received indicates a non-fatal error" );
-        if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH) )
-            mbedtls_snprintf( buf, buflen, "SSL - Couldn't set the hash for verifying CertificateVerify" );
-#endif /* MBEDTLS_SSL_TLS_C */
-
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
-        if( use_ret == -(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) )
-            mbedtls_snprintf( buf, buflen, "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" );
-        if( use_ret == -(MBEDTLS_ERR_X509_UNKNOWN_OID) )
-            mbedtls_snprintf( buf, buflen, "X509 - Requested OID is unknown" );
-        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_FORMAT) )
-            mbedtls_snprintf( buf, buflen, "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected" );
-        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_VERSION) )
-            mbedtls_snprintf( buf, buflen, "X509 - The CRT/CRL/CSR version element is invalid" );
-        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_SERIAL) )
-            mbedtls_snprintf( buf, buflen, "X509 - The serial tag or value is invalid" );
-        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_ALG) )
-            mbedtls_snprintf( buf, buflen, "X509 - The algorithm tag or value is invalid" );
-        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_NAME) )
-            mbedtls_snprintf( buf, buflen, "X509 - The name tag or value is invalid" );
-        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_DATE) )
-            mbedtls_snprintf( buf, buflen, "X509 - The date tag or value is invalid" );
-        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_SIGNATURE) )
-            mbedtls_snprintf( buf, buflen, "X509 - The signature tag or value invalid" );
-        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_EXTENSIONS) )
-            mbedtls_snprintf( buf, buflen, "X509 - The extension tag or value is invalid" );
-        if( use_ret == -(MBEDTLS_ERR_X509_UNKNOWN_VERSION) )
-            mbedtls_snprintf( buf, buflen, "X509 - CRT/CRL/CSR has an unsupported version number" );
-        if( use_ret == -(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG) )
-            mbedtls_snprintf( buf, buflen, "X509 - Signature algorithm (oid) is unsupported" );
-        if( use_ret == -(MBEDTLS_ERR_X509_SIG_MISMATCH) )
-            mbedtls_snprintf( buf, buflen, "X509 - Signature algorithms do not match. (see \\c ::mbedtls_x509_crt sig_oid)" );
-        if( use_ret == -(MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) )
-            mbedtls_snprintf( buf, buflen, "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" );
-        if( use_ret == -(MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT) )
-            mbedtls_snprintf( buf, buflen, "X509 - Format not recognized as DER or PEM" );
-        if( use_ret == -(MBEDTLS_ERR_X509_BAD_INPUT_DATA) )
-            mbedtls_snprintf( buf, buflen, "X509 - Input invalid" );
-        if( use_ret == -(MBEDTLS_ERR_X509_ALLOC_FAILED) )
-            mbedtls_snprintf( buf, buflen, "X509 - Allocation of memory failed" );
-        if( use_ret == -(MBEDTLS_ERR_X509_FILE_IO_ERROR) )
-            mbedtls_snprintf( buf, buflen, "X509 - Read/write of file failed" );
-        if( use_ret == -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL) )
-            mbedtls_snprintf( buf, buflen, "X509 - Destination buffer is too small" );
-        if( use_ret == -(MBEDTLS_ERR_X509_FATAL_ERROR) )
-            mbedtls_snprintf( buf, buflen, "X509 - A fatal error occured, eg the chain is too long or the vrfy callback failed" );
-#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
-        // END generated code
-
-        if( strlen( buf ) == 0 )
-            mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
-    }
-
-    use_ret = ret & ~0xFF80;
-
-    if( use_ret == 0 )
-        return;
-
-    // If high level code is present, make a concatenation between both
-    // error strings.
-    //
-    len = strlen( buf );
-
-    if( len > 0 )
-    {
-        if( buflen - len < 5 )
-            return;
-
-        mbedtls_snprintf( buf + len, buflen - len, " : " );
-
-        buf += len + 3;
-        buflen -= len + 3;
-    }
-
-    // Low level error codes
-    //
-    // BEGIN generated code
-#if defined(MBEDTLS_AES_C)
-    if( use_ret == -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH) )
-        mbedtls_snprintf( buf, buflen, "AES - Invalid key length" );
-    if( use_ret == -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH) )
-        mbedtls_snprintf( buf, buflen, "AES - Invalid data input length" );
-    if( use_ret == -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE) )
-        mbedtls_snprintf( buf, buflen, "AES - Feature not available. For example, an unsupported AES key size" );
-    if( use_ret == -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED) )
-        mbedtls_snprintf( buf, buflen, "AES - AES hardware accelerator failed" );
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-    if( use_ret == -(MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED) )
-        mbedtls_snprintf( buf, buflen, "ARC4 - ARC4 hardware accelerator failed" );
-#endif /* MBEDTLS_ARC4_C */
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-    if( use_ret == -(MBEDTLS_ERR_ASN1_OUT_OF_DATA) )
-        mbedtls_snprintf( buf, buflen, "ASN1 - Out of data when parsing an ASN1 data structure" );
-    if( use_ret == -(MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) )
-        mbedtls_snprintf( buf, buflen, "ASN1 - ASN1 tag was of an unexpected value" );
-    if( use_ret == -(MBEDTLS_ERR_ASN1_INVALID_LENGTH) )
-        mbedtls_snprintf( buf, buflen, "ASN1 - Error when trying to determine the length or invalid length" );
-    if( use_ret == -(MBEDTLS_ERR_ASN1_LENGTH_MISMATCH) )
-        mbedtls_snprintf( buf, buflen, "ASN1 - Actual length differs from expected length" );
-    if( use_ret == -(MBEDTLS_ERR_ASN1_INVALID_DATA) )
-        mbedtls_snprintf( buf, buflen, "ASN1 - Data is invalid. (not used)" );
-    if( use_ret == -(MBEDTLS_ERR_ASN1_ALLOC_FAILED) )
-        mbedtls_snprintf( buf, buflen, "ASN1 - Memory allocation failed" );
-    if( use_ret == -(MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) )
-        mbedtls_snprintf( buf, buflen, "ASN1 - Buffer too small when writing ASN.1 data structure" );
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
-#if defined(MBEDTLS_BASE64_C)
-    if( use_ret == -(MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) )
-        mbedtls_snprintf( buf, buflen, "BASE64 - Output buffer too small" );
-    if( use_ret == -(MBEDTLS_ERR_BASE64_INVALID_CHARACTER) )
-        mbedtls_snprintf( buf, buflen, "BASE64 - Invalid character in input" );
-#endif /* MBEDTLS_BASE64_C */
-
-#if defined(MBEDTLS_BIGNUM_C)
-    if( use_ret == -(MBEDTLS_ERR_MPI_FILE_IO_ERROR) )
-        mbedtls_snprintf( buf, buflen, "BIGNUM - An error occurred while reading from or writing to a file" );
-    if( use_ret == -(MBEDTLS_ERR_MPI_BAD_INPUT_DATA) )
-        mbedtls_snprintf( buf, buflen, "BIGNUM - Bad input parameters to function" );
-    if( use_ret == -(MBEDTLS_ERR_MPI_INVALID_CHARACTER) )
-        mbedtls_snprintf( buf, buflen, "BIGNUM - There is an invalid character in the digit string" );
-    if( use_ret == -(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL) )
-        mbedtls_snprintf( buf, buflen, "BIGNUM - The buffer is too small to write to" );
-    if( use_ret == -(MBEDTLS_ERR_MPI_NEGATIVE_VALUE) )
-        mbedtls_snprintf( buf, buflen, "BIGNUM - The input arguments are negative or result in illegal output" );
-    if( use_ret == -(MBEDTLS_ERR_MPI_DIVISION_BY_ZERO) )
-        mbedtls_snprintf( buf, buflen, "BIGNUM - The input argument for division is zero, which is not allowed" );
-    if( use_ret == -(MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) )
-        mbedtls_snprintf( buf, buflen, "BIGNUM - The input arguments are not acceptable" );
-    if( use_ret == -(MBEDTLS_ERR_MPI_ALLOC_FAILED) )
-        mbedtls_snprintf( buf, buflen, "BIGNUM - Memory allocation failed" );
-#endif /* MBEDTLS_BIGNUM_C */
-
-#if defined(MBEDTLS_BLOWFISH_C)
-    if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH) )
-        mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid key length" );
-    if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) )
-        mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" );
-    if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH) )
-        mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" );
-#endif /* MBEDTLS_BLOWFISH_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-    if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH) )
-        mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid key length" );
-    if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH) )
-        mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" );
-    if( use_ret == -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED) )
-        mbedtls_snprintf( buf, buflen, "CAMELLIA - Camellia hardware accelerator failed" );
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_CCM_C)
-    if( use_ret == -(MBEDTLS_ERR_CCM_BAD_INPUT) )
-        mbedtls_snprintf( buf, buflen, "CCM - Bad input parameters to the function" );
-    if( use_ret == -(MBEDTLS_ERR_CCM_AUTH_FAILED) )
-        mbedtls_snprintf( buf, buflen, "CCM - Authenticated decryption failed" );
-    if( use_ret == -(MBEDTLS_ERR_CCM_HW_ACCEL_FAILED) )
-        mbedtls_snprintf( buf, buflen, "CCM - CCM hardware accelerator failed" );
-#endif /* MBEDTLS_CCM_C */
-
-#if defined(MBEDTLS_CMAC_C)
-    if( use_ret == -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED) )
-        mbedtls_snprintf( buf, buflen, "CMAC - CMAC hardware accelerator failed" );
-#endif /* MBEDTLS_CMAC_C */
-
-#if defined(MBEDTLS_CTR_DRBG_C)
-    if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) )
-        mbedtls_snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" );
-    if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG) )
-        mbedtls_snprintf( buf, buflen, "CTR_DRBG - The requested random buffer length is too big" );
-    if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG) )
-        mbedtls_snprintf( buf, buflen, "CTR_DRBG - The input (entropy + additional data) is too large" );
-    if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR) )
-        mbedtls_snprintf( buf, buflen, "CTR_DRBG - Read or write error in file" );
-#endif /* MBEDTLS_CTR_DRBG_C */
-
-#if defined(MBEDTLS_DES_C)
-    if( use_ret == -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH) )
-        mbedtls_snprintf( buf, buflen, "DES - The data input has an invalid length" );
-    if( use_ret == -(MBEDTLS_ERR_DES_HW_ACCEL_FAILED) )
-        mbedtls_snprintf( buf, buflen, "DES - DES hardware accelerator failed" );
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ENTROPY_C)
-    if( use_ret == -(MBEDTLS_ERR_ENTROPY_SOURCE_FAILED) )
-        mbedtls_snprintf( buf, buflen, "ENTROPY - Critical entropy source failure" );
-    if( use_ret == -(MBEDTLS_ERR_ENTROPY_MAX_SOURCES) )
-        mbedtls_snprintf( buf, buflen, "ENTROPY - No more sources can be added" );
-    if( use_ret == -(MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED) )
-        mbedtls_snprintf( buf, buflen, "ENTROPY - No sources have been added to poll" );
-    if( use_ret == -(MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE) )
-        mbedtls_snprintf( buf, buflen, "ENTROPY - No strong sources have been added to poll" );
-    if( use_ret == -(MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR) )
-        mbedtls_snprintf( buf, buflen, "ENTROPY - Read/write error in file" );
-#endif /* MBEDTLS_ENTROPY_C */
-
-#if defined(MBEDTLS_GCM_C)
-    if( use_ret == -(MBEDTLS_ERR_GCM_AUTH_FAILED) )
-        mbedtls_snprintf( buf, buflen, "GCM - Authenticated decryption failed" );
-    if( use_ret == -(MBEDTLS_ERR_GCM_HW_ACCEL_FAILED) )
-        mbedtls_snprintf( buf, buflen, "GCM - GCM hardware accelerator failed" );
-    if( use_ret == -(MBEDTLS_ERR_GCM_BAD_INPUT) )
-        mbedtls_snprintf( buf, buflen, "GCM - Bad input parameters to function" );
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_HMAC_DRBG_C)
-    if( use_ret == -(MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG) )
-        mbedtls_snprintf( buf, buflen, "HMAC_DRBG - Too many random requested in single call" );
-    if( use_ret == -(MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG) )
-        mbedtls_snprintf( buf, buflen, "HMAC_DRBG - Input too large (Entropy + additional)" );
-    if( use_ret == -(MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR) )
-        mbedtls_snprintf( buf, buflen, "HMAC_DRBG - Read/write error in file" );
-    if( use_ret == -(MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED) )
-        mbedtls_snprintf( buf, buflen, "HMAC_DRBG - The entropy source failed" );
-#endif /* MBEDTLS_HMAC_DRBG_C */
-
-#if defined(MBEDTLS_MD2_C)
-    if( use_ret == -(MBEDTLS_ERR_MD2_HW_ACCEL_FAILED) )
-        mbedtls_snprintf( buf, buflen, "MD2 - MD2 hardware accelerator failed" );
-#endif /* MBEDTLS_MD2_C */
-
-#if defined(MBEDTLS_MD4_C)
-    if( use_ret == -(MBEDTLS_ERR_MD4_HW_ACCEL_FAILED) )
-        mbedtls_snprintf( buf, buflen, "MD4 - MD4 hardware accelerator failed" );
-#endif /* MBEDTLS_MD4_C */
-
-#if defined(MBEDTLS_MD5_C)
-    if( use_ret == -(MBEDTLS_ERR_MD5_HW_ACCEL_FAILED) )
-        mbedtls_snprintf( buf, buflen, "MD5 - MD5 hardware accelerator failed" );
-#endif /* MBEDTLS_MD5_C */
-
-#if defined(MBEDTLS_NET_C)
-    if( use_ret == -(MBEDTLS_ERR_NET_SOCKET_FAILED) )
-        mbedtls_snprintf( buf, buflen, "NET - Failed to open a socket" );
-    if( use_ret == -(MBEDTLS_ERR_NET_CONNECT_FAILED) )
-        mbedtls_snprintf( buf, buflen, "NET - The connection to the given server / port failed" );
-    if( use_ret == -(MBEDTLS_ERR_NET_BIND_FAILED) )
-        mbedtls_snprintf( buf, buflen, "NET - Binding of the socket failed" );
-    if( use_ret == -(MBEDTLS_ERR_NET_LISTEN_FAILED) )
-        mbedtls_snprintf( buf, buflen, "NET - Could not listen on the socket" );
-    if( use_ret == -(MBEDTLS_ERR_NET_ACCEPT_FAILED) )
-        mbedtls_snprintf( buf, buflen, "NET - Could not accept the incoming connection" );
-    if( use_ret == -(MBEDTLS_ERR_NET_RECV_FAILED) )
-        mbedtls_snprintf( buf, buflen, "NET - Reading information from the socket failed" );
-    if( use_ret == -(MBEDTLS_ERR_NET_SEND_FAILED) )
-        mbedtls_snprintf( buf, buflen, "NET - Sending information through the socket failed" );
-    if( use_ret == -(MBEDTLS_ERR_NET_CONN_RESET) )
-        mbedtls_snprintf( buf, buflen, "NET - Connection was reset by peer" );
-    if( use_ret == -(MBEDTLS_ERR_NET_UNKNOWN_HOST) )
-        mbedtls_snprintf( buf, buflen, "NET - Failed to get an IP address for the given hostname" );
-    if( use_ret == -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL) )
-        mbedtls_snprintf( buf, buflen, "NET - Buffer is too small to hold the data" );
-    if( use_ret == -(MBEDTLS_ERR_NET_INVALID_CONTEXT) )
-        mbedtls_snprintf( buf, buflen, "NET - The context is invalid, eg because it was free()ed" );
-#endif /* MBEDTLS_NET_C */
-
-#if defined(MBEDTLS_OID_C)
-    if( use_ret == -(MBEDTLS_ERR_OID_NOT_FOUND) )
-        mbedtls_snprintf( buf, buflen, "OID - OID is not found" );
-    if( use_ret == -(MBEDTLS_ERR_OID_BUF_TOO_SMALL) )
-        mbedtls_snprintf( buf, buflen, "OID - output buffer is too small" );
-#endif /* MBEDTLS_OID_C */
-
-#if defined(MBEDTLS_PADLOCK_C)
-    if( use_ret == -(MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED) )
-        mbedtls_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" );
-#endif /* MBEDTLS_PADLOCK_C */
-
-#if defined(MBEDTLS_RIPEMD160_C)
-    if( use_ret == -(MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED) )
-        mbedtls_snprintf( buf, buflen, "RIPEMD160 - RIPEMD160 hardware accelerator failed" );
-#endif /* MBEDTLS_RIPEMD160_C */
-
-#if defined(MBEDTLS_SHA1_C)
-    if( use_ret == -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED) )
-        mbedtls_snprintf( buf, buflen, "SHA1 - SHA-1 hardware accelerator failed" );
-#endif /* MBEDTLS_SHA1_C */
-
-#if defined(MBEDTLS_SHA256_C)
-    if( use_ret == -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED) )
-        mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 hardware accelerator failed" );
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-    if( use_ret == -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED) )
-        mbedtls_snprintf( buf, buflen, "SHA512 - SHA-512 hardware accelerator failed" );
-#endif /* MBEDTLS_SHA512_C */
-
-#if defined(MBEDTLS_THREADING_C)
-    if( use_ret == -(MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE) )
-        mbedtls_snprintf( buf, buflen, "THREADING - The selected feature is not available" );
-    if( use_ret == -(MBEDTLS_ERR_THREADING_BAD_INPUT_DATA) )
-        mbedtls_snprintf( buf, buflen, "THREADING - Bad input parameters to function" );
-    if( use_ret == -(MBEDTLS_ERR_THREADING_MUTEX_ERROR) )
-        mbedtls_snprintf( buf, buflen, "THREADING - Locking / unlocking / free failed with error code" );
-#endif /* MBEDTLS_THREADING_C */
-
-#if defined(MBEDTLS_XTEA_C)
-    if( use_ret == -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH) )
-        mbedtls_snprintf( buf, buflen, "XTEA - The data input has an invalid length" );
-    if( use_ret == -(MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED) )
-        mbedtls_snprintf( buf, buflen, "XTEA - XTEA hardware accelerator failed" );
-#endif /* MBEDTLS_XTEA_C */
-    // END generated code
-
-    if( strlen( buf ) != 0 )
-        return;
-
-    mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
-}
-
-#else /* MBEDTLS_ERROR_C */
-
-#if defined(MBEDTLS_ERROR_STRERROR_DUMMY)
-
-/*
- * Provide an non-function in case MBEDTLS_ERROR_C is not defined
- */
-void mbedtls_strerror( int ret, char *buf, size_t buflen )
-{
-    ((void) ret);
-
-    if( buflen > 0 )
-        buf[0] = '\0';
-}
-
-#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */
-
-#endif /* MBEDTLS_ERROR_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/gcm.c b/components/ssl/mbedtls/mbedtls/library/gcm.c
deleted file mode 100644
index 294a86d3..00000000
--- a/components/ssl/mbedtls/mbedtls/library/gcm.c
+++ /dev/null
@@ -1,958 +0,0 @@
-/*
- *  NIST SP800-38D compliant GCM implementation
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- * http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
- *
- * See also:
- * [MGV] http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
- *
- * We use the algorithm described as Shoup's method with 4-bit tables in
- * [MGV] 4.1, pp. 12-13, to enhance speed without using too much memory.
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_GCM_C)
-
-#include "mbedtls/gcm.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_AESNI_C)
-#include "mbedtls/aesni.h"
-#endif
-
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
-#include "mbedtls/aes.h"
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
-
-#if !defined(MBEDTLS_GCM_ALT)
-
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
-        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 3]       );            \
-}
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
-}
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- * Initialize a context
- */
-void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_gcm_context ) );
-}
-
-/*
- * Precompute small multiples of H, that is set
- *      HH[i] || HL[i] = H times i,
- * where i is seen as a field element as in [MGV], ie high-order bits
- * correspond to low powers of P. The result is stored in the same way, that
- * is the high-order bit of HH corresponds to P^0 and the low-order bit of HL
- * corresponds to P^127.
- */
-static int gcm_gen_table( mbedtls_gcm_context *ctx )
-{
-    int ret, i, j;
-    uint64_t hi, lo;
-    uint64_t vl, vh;
-    unsigned char h[16];
-    size_t olen = 0;
-
-    memset( h, 0, 16 );
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, h, 16, h, &olen ) ) != 0 )
-        return( ret );
-
-    /* pack h as two 64-bits ints, big-endian */
-    GET_UINT32_BE( hi, h,  0  );
-    GET_UINT32_BE( lo, h,  4  );
-    vh = (uint64_t) hi << 32 | lo;
-
-    GET_UINT32_BE( hi, h,  8  );
-    GET_UINT32_BE( lo, h,  12 );
-    vl = (uint64_t) hi << 32 | lo;
-
-    /* 8 = 1000 corresponds to 1 in GF(2^128) */
-    ctx->HL[8] = vl;
-    ctx->HH[8] = vh;
-
-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
-    /* With CLMUL support, we need only h, not the rest of the table */
-    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) )
-        return( 0 );
-#endif
-
-    /* 0 corresponds to 0 in GF(2^128) */
-    ctx->HH[0] = 0;
-    ctx->HL[0] = 0;
-
-    for( i = 4; i > 0; i >>= 1 )
-    {
-        uint32_t T = ( vl & 1 ) * 0xe1000000U;
-        vl  = ( vh << 63 ) | ( vl >> 1 );
-        vh  = ( vh >> 1 ) ^ ( (uint64_t) T << 32);
-
-        ctx->HL[i] = vl;
-        ctx->HH[i] = vh;
-    }
-
-    for( i = 2; i <= 8; i *= 2 )
-    {
-        uint64_t *HiL = ctx->HL + i, *HiH = ctx->HH + i;
-        vh = *HiH;
-        vl = *HiL;
-        for( j = 1; j < i; j++ )
-        {
-            HiH[j] = vh ^ ctx->HH[j];
-            HiL[j] = vl ^ ctx->HL[j];
-        }
-    }
-
-    return( 0 );
-}
-
-int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
-                        mbedtls_cipher_id_t cipher,
-                        const unsigned char *key,
-                        unsigned int keybits )
-{
-    int ret;
-    const mbedtls_cipher_info_t *cipher_info;
-
-    cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB );
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
-
-    if( cipher_info->block_size != 16 )
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
-
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-
-    if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
-                               MBEDTLS_ENCRYPT ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = gcm_gen_table( ctx ) ) != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-/*
- * Shoup's method for multiplication use this table with
- *      last4[x] = x times P^128
- * where x and last4[x] are seen as elements of GF(2^128) as in [MGV]
- */
-static const uint64_t last4[16] =
-{
-    0x0000, 0x1c20, 0x3840, 0x2460,
-    0x7080, 0x6ca0, 0x48c0, 0x54e0,
-    0xe100, 0xfd20, 0xd940, 0xc560,
-    0x9180, 0x8da0, 0xa9c0, 0xb5e0
-};
-
-/*
- * Sets output to x times H using the precomputed tables.
- * x and output are seen as elements of GF(2^128) as in [MGV].
- */
-static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
-                      unsigned char output[16] )
-{
-    int i = 0;
-    unsigned char lo, hi, rem;
-    uint64_t zh, zl;
-
-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
-    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) {
-        unsigned char h[16];
-
-        PUT_UINT32_BE( ctx->HH[8] >> 32, h,  0 );
-        PUT_UINT32_BE( ctx->HH[8],       h,  4 );
-        PUT_UINT32_BE( ctx->HL[8] >> 32, h,  8 );
-        PUT_UINT32_BE( ctx->HL[8],       h, 12 );
-
-        mbedtls_aesni_gcm_mult( output, x, h );
-        return;
-    }
-#endif /* MBEDTLS_AESNI_C && MBEDTLS_HAVE_X86_64 */
-
-    lo = x[15] & 0xf;
-
-    zh = ctx->HH[lo];
-    zl = ctx->HL[lo];
-
-    for( i = 15; i >= 0; i-- )
-    {
-        lo = x[i] & 0xf;
-        hi = x[i] >> 4;
-
-        if( i != 15 )
-        {
-            rem = (unsigned char) zl & 0xf;
-            zl = ( zh << 60 ) | ( zl >> 4 );
-            zh = ( zh >> 4 );
-            zh ^= (uint64_t) last4[rem] << 48;
-            zh ^= ctx->HH[lo];
-            zl ^= ctx->HL[lo];
-
-        }
-
-        rem = (unsigned char) zl & 0xf;
-        zl = ( zh << 60 ) | ( zl >> 4 );
-        zh = ( zh >> 4 );
-        zh ^= (uint64_t) last4[rem] << 48;
-        zh ^= ctx->HH[hi];
-        zl ^= ctx->HL[hi];
-    }
-
-    PUT_UINT32_BE( zh >> 32, output, 0 );
-    PUT_UINT32_BE( zh, output, 4 );
-    PUT_UINT32_BE( zl >> 32, output, 8 );
-    PUT_UINT32_BE( zl, output, 12 );
-}
-
-int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
-                int mode,
-                const unsigned char *iv,
-                size_t iv_len,
-                const unsigned char *add,
-                size_t add_len )
-{
-    int ret;
-    unsigned char work_buf[16];
-    size_t i;
-    const unsigned char *p;
-    size_t use_len, olen = 0;
-
-    /* IV and AD are limited to 2^64 bits, so 2^61 bytes */
-    /* IV is not allowed to be zero length */
-    if( iv_len == 0 ||
-      ( (uint64_t) iv_len  ) >> 61 != 0 ||
-      ( (uint64_t) add_len ) >> 61 != 0 )
-    {
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
-    }
-
-    memset( ctx->y, 0x00, sizeof(ctx->y) );
-    memset( ctx->buf, 0x00, sizeof(ctx->buf) );
-
-    ctx->mode = mode;
-    ctx->len = 0;
-    ctx->add_len = 0;
-
-    if( iv_len == 12 )
-    {
-        memcpy( ctx->y, iv, iv_len );
-        ctx->y[15] = 1;
-    }
-    else
-    {
-        memset( work_buf, 0x00, 16 );
-        PUT_UINT32_BE( iv_len * 8, work_buf, 12 );
-
-        p = iv;
-        while( iv_len > 0 )
-        {
-            use_len = ( iv_len < 16 ) ? iv_len : 16;
-
-            for( i = 0; i < use_len; i++ )
-                ctx->y[i] ^= p[i];
-
-            gcm_mult( ctx, ctx->y, ctx->y );
-
-            iv_len -= use_len;
-            p += use_len;
-        }
-
-        for( i = 0; i < 16; i++ )
-            ctx->y[i] ^= work_buf[i];
-
-        gcm_mult( ctx, ctx->y, ctx->y );
-    }
-
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr,
-                             &olen ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    ctx->add_len = add_len;
-    p = add;
-    while( add_len > 0 )
-    {
-        use_len = ( add_len < 16 ) ? add_len : 16;
-
-        for( i = 0; i < use_len; i++ )
-            ctx->buf[i] ^= p[i];
-
-        gcm_mult( ctx, ctx->buf, ctx->buf );
-
-        add_len -= use_len;
-        p += use_len;
-    }
-
-    return( 0 );
-}
-
-int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
-                size_t length,
-                const unsigned char *input,
-                unsigned char *output )
-{
-    int ret;
-    unsigned char ectr[16];
-    size_t i;
-    const unsigned char *p;
-    unsigned char *out_p = output;
-    size_t use_len, olen = 0;
-
-    if( output > input && (size_t) ( output - input ) < length )
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
-
-    /* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
-     * Also check for possible overflow */
-    if( ctx->len + length < ctx->len ||
-        (uint64_t) ctx->len + length > 0xFFFFFFFE0ull )
-    {
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
-    }
-
-    ctx->len += length;
-
-    p = input;
-    while( length > 0 )
-    {
-        use_len = ( length < 16 ) ? length : 16;
-
-        for( i = 16; i > 12; i-- )
-            if( ++ctx->y[i - 1] != 0 )
-                break;
-
-        if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ectr,
-                                   &olen ) ) != 0 )
-        {
-            return( ret );
-        }
-
-        for( i = 0; i < use_len; i++ )
-        {
-            if( ctx->mode == MBEDTLS_GCM_DECRYPT )
-                ctx->buf[i] ^= p[i];
-            out_p[i] = ectr[i] ^ p[i];
-            if( ctx->mode == MBEDTLS_GCM_ENCRYPT )
-                ctx->buf[i] ^= out_p[i];
-        }
-
-        gcm_mult( ctx, ctx->buf, ctx->buf );
-
-        length -= use_len;
-        p += use_len;
-        out_p += use_len;
-    }
-
-    return( 0 );
-}
-
-int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
-                unsigned char *tag,
-                size_t tag_len )
-{
-    unsigned char work_buf[16];
-    size_t i;
-    uint64_t orig_len = ctx->len * 8;
-    uint64_t orig_add_len = ctx->add_len * 8;
-
-    if( tag_len > 16 || tag_len < 4 )
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
-
-    memcpy( tag, ctx->base_ectr, tag_len );
-
-    if( orig_len || orig_add_len )
-    {
-        memset( work_buf, 0x00, 16 );
-
-        PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0  );
-        PUT_UINT32_BE( ( orig_add_len       ), work_buf, 4  );
-        PUT_UINT32_BE( ( orig_len     >> 32 ), work_buf, 8  );
-        PUT_UINT32_BE( ( orig_len           ), work_buf, 12 );
-
-        for( i = 0; i < 16; i++ )
-            ctx->buf[i] ^= work_buf[i];
-
-        gcm_mult( ctx, ctx->buf, ctx->buf );
-
-        for( i = 0; i < tag_len; i++ )
-            tag[i] ^= ctx->buf[i];
-    }
-
-    return( 0 );
-}
-
-int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
-                       int mode,
-                       size_t length,
-                       const unsigned char *iv,
-                       size_t iv_len,
-                       const unsigned char *add,
-                       size_t add_len,
-                       const unsigned char *input,
-                       unsigned char *output,
-                       size_t tag_len,
-                       unsigned char *tag )
-{
-    int ret;
-
-    if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len, add, add_len ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_gcm_update( ctx, length, input, output ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_gcm_finish( ctx, tag, tag_len ) ) != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
-                      size_t length,
-                      const unsigned char *iv,
-                      size_t iv_len,
-                      const unsigned char *add,
-                      size_t add_len,
-                      const unsigned char *tag,
-                      size_t tag_len,
-                      const unsigned char *input,
-                      unsigned char *output )
-{
-    int ret;
-    unsigned char check_tag[16];
-    size_t i;
-    int diff;
-
-    if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length,
-                                   iv, iv_len, add, add_len,
-                                   input, output, tag_len, check_tag ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    /* Check tag in "constant-time" */
-    for( diff = 0, i = 0; i < tag_len; i++ )
-        diff |= tag[i] ^ check_tag[i];
-
-    if( diff != 0 )
-    {
-        mbedtls_zeroize( output, length );
-        return( MBEDTLS_ERR_GCM_AUTH_FAILED );
-    }
-
-    return( 0 );
-}
-
-void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
-{
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-    mbedtls_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
-}
-
-#endif /* !MBEDTLS_GCM_ALT */
-
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
-/*
- * AES-GCM test vectors from:
- *
- * http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip
- */
-#define MAX_TESTS   6
-
-static const int key_index[MAX_TESTS] =
-    { 0, 0, 1, 1, 1, 1 };
-
-static const unsigned char key[MAX_TESTS][32] =
-{
-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-    { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
-      0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
-};
-
-static const size_t iv_len[MAX_TESTS] =
-    { 12, 12, 12, 12, 8, 60 };
-
-static const int iv_index[MAX_TESTS] =
-    { 0, 0, 1, 1, 1, 2 };
-
-static const unsigned char iv[MAX_TESTS][64] =
-{
-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00 },
-    { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
-      0xde, 0xca, 0xf8, 0x88 },
-    { 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
-      0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
-      0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
-      0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
-      0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
-      0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
-      0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
-      0xa6, 0x37, 0xb3, 0x9b },
-};
-
-static const size_t add_len[MAX_TESTS] =
-    { 0, 0, 0, 20, 20, 20 };
-
-static const int add_index[MAX_TESTS] =
-    { 0, 0, 0, 1, 1, 1 };
-
-static const unsigned char additional[MAX_TESTS][64] =
-{
-    { 0x00 },
-    { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-      0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-      0xab, 0xad, 0xda, 0xd2 },
-};
-
-static const size_t pt_len[MAX_TESTS] =
-    { 0, 16, 64, 60, 60, 60 };
-
-static const int pt_index[MAX_TESTS] =
-    { 0, 0, 1, 1, 1, 1 };
-
-static const unsigned char pt[MAX_TESTS][64] =
-{
-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-    { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-      0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-      0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-      0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-      0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-      0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-      0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-      0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
-};
-
-static const unsigned char ct[MAX_TESTS * 3][64] =
-{
-    { 0x00 },
-    { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
-      0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 },
-    { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
-      0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
-      0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
-      0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
-      0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
-      0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
-      0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
-      0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 },
-    { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
-      0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
-      0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
-      0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
-      0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
-      0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
-      0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
-      0x3d, 0x58, 0xe0, 0x91 },
-    { 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
-      0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
-      0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
-      0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
-      0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
-      0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
-      0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
-      0xc2, 0x3f, 0x45, 0x98 },
-    { 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
-      0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
-      0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
-      0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
-      0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
-      0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
-      0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
-      0x4c, 0x34, 0xae, 0xe5 },
-    { 0x00 },
-    { 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
-      0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 },
-    { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
-      0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
-      0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
-      0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
-      0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
-      0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
-      0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
-      0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 },
-    { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
-      0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
-      0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
-      0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
-      0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
-      0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
-      0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
-      0xcc, 0xda, 0x27, 0x10 },
-    { 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
-      0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
-      0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
-      0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
-      0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
-      0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
-      0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
-      0xa0, 0xf0, 0x62, 0xf7 },
-    { 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
-      0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
-      0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
-      0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
-      0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
-      0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
-      0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
-      0xe9, 0xb7, 0x37, 0x3b },
-    { 0x00 },
-    { 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
-      0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 },
-    { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
-      0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
-      0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
-      0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
-      0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
-      0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
-      0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
-      0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad },
-    { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
-      0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
-      0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
-      0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
-      0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
-      0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
-      0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
-      0xbc, 0xc9, 0xf6, 0x62 },
-    { 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
-      0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
-      0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
-      0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
-      0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
-      0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
-      0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
-      0xf4, 0x7c, 0x9b, 0x1f },
-    { 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
-      0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
-      0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
-      0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
-      0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
-      0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
-      0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
-      0x44, 0xae, 0x7e, 0x3f },
-};
-
-static const unsigned char tag[MAX_TESTS * 3][16] =
-{
-    { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
-      0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a },
-    { 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
-      0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf },
-    { 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
-      0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 },
-    { 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
-      0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 },
-    { 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
-      0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb },
-    { 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
-      0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 },
-    { 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
-      0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 },
-    { 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
-      0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb },
-    { 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
-      0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 },
-    { 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
-      0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c },
-    { 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
-      0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 },
-    { 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
-      0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 },
-    { 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
-      0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b },
-    { 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
-      0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 },
-    { 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
-      0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c },
-    { 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
-      0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b },
-    { 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
-      0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 },
-    { 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
-      0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a },
-};
-
-int mbedtls_gcm_self_test( int verbose )
-{
-    mbedtls_gcm_context ctx;
-    unsigned char buf[64];
-    unsigned char tag_buf[16];
-    int i, j, ret;
-    mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
-
-    for( j = 0; j < 3; j++ )
-    {
-        int key_len = 128 + 64 * j;
-
-        for( i = 0; i < MAX_TESTS; i++ )
-        {
-            mbedtls_gcm_init( &ctx );
-
-            if( verbose != 0 )
-                mbedtls_printf( "  AES-GCM-%3d #%d (%s): ",
-                                key_len, i, "enc" );
-
-            ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
-                                      key_len );
-            /*
-             * AES-192 is an optional feature that may be unavailable when
-             * there is an alternative underlying implementation i.e. when
-             * MBEDTLS_AES_ALT is defined.
-             */
-            if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && key_len == 192 )
-            {
-                mbedtls_printf( "skipped\n" );
-                break;
-            }
-            else if( ret != 0 )
-            {
-                goto exit;
-            }
-
-            ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT,
-                                        pt_len[i],
-                                        iv[iv_index[i]], iv_len[i],
-                                        additional[add_index[i]], add_len[i],
-                                        pt[pt_index[i]], buf, 16, tag_buf );
-            if( ret != 0 )
-                goto exit;
-
-            if ( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
-                 memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
-            {
-                ret = 1;
-                goto exit;
-            }
-
-            mbedtls_gcm_free( &ctx );
-
-            if( verbose != 0 )
-                mbedtls_printf( "passed\n" );
-
-            mbedtls_gcm_init( &ctx );
-
-            if( verbose != 0 )
-                mbedtls_printf( "  AES-GCM-%3d #%d (%s): ",
-                                key_len, i, "dec" );
-
-            ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
-                                      key_len );
-            if( ret != 0 )
-                goto exit;
-
-            ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT,
-                                        pt_len[i],
-                                        iv[iv_index[i]], iv_len[i],
-                                        additional[add_index[i]], add_len[i],
-                                        ct[j * 6 + i], buf, 16, tag_buf );
-
-            if( ret != 0 )
-                goto exit;
-
-            if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
-                memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
-            {
-                ret = 1;
-                goto exit;
-            }
-
-            mbedtls_gcm_free( &ctx );
-
-            if( verbose != 0 )
-                mbedtls_printf( "passed\n" );
-
-            mbedtls_gcm_init( &ctx );
-
-            if( verbose != 0 )
-                mbedtls_printf( "  AES-GCM-%3d #%d split (%s): ",
-                                key_len, i, "enc" );
-
-            ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
-                                      key_len );
-            if( ret != 0 )
-                goto exit;
-
-            ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT,
-                                      iv[iv_index[i]], iv_len[i],
-                                      additional[add_index[i]], add_len[i] );
-            if( ret != 0 )
-                goto exit;
-
-            if( pt_len[i] > 32 )
-            {
-                size_t rest_len = pt_len[i] - 32;
-                ret = mbedtls_gcm_update( &ctx, 32, pt[pt_index[i]], buf );
-                if( ret != 0 )
-                    goto exit;
-
-                ret = mbedtls_gcm_update( &ctx, rest_len, pt[pt_index[i]] + 32,
-                                  buf + 32 );
-                if( ret != 0 )
-                    goto exit;
-            }
-            else
-            {
-                ret = mbedtls_gcm_update( &ctx, pt_len[i], pt[pt_index[i]], buf );
-                if( ret != 0 )
-                    goto exit;
-            }
-
-            ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );
-            if( ret != 0 )
-                goto exit;
-
-            if( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
-                memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
-            {
-                ret = 1;
-                goto exit;
-            }
-
-            mbedtls_gcm_free( &ctx );
-
-            if( verbose != 0 )
-                mbedtls_printf( "passed\n" );
-
-            mbedtls_gcm_init( &ctx );
-
-            if( verbose != 0 )
-                mbedtls_printf( "  AES-GCM-%3d #%d split (%s): ",
-                                key_len, i, "dec" );
-
-            ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
-                                      key_len );
-            if( ret != 0 )
-                goto exit;
-
-            ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT,
-                              iv[iv_index[i]], iv_len[i],
-                              additional[add_index[i]], add_len[i] );
-            if( ret != 0 )
-                goto exit;
-
-            if( pt_len[i] > 32 )
-            {
-                size_t rest_len = pt_len[i] - 32;
-                ret = mbedtls_gcm_update( &ctx, 32, ct[j * 6 + i], buf );
-                if( ret != 0 )
-                    goto exit;
-
-                ret = mbedtls_gcm_update( &ctx, rest_len, ct[j * 6 + i] + 32,
-                                          buf + 32 );
-                if( ret != 0 )
-                    goto exit;
-            }
-            else
-            {
-                ret = mbedtls_gcm_update( &ctx, pt_len[i], ct[j * 6 + i],
-                                          buf );
-                if( ret != 0 )
-                    goto exit;
-            }
-
-            ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );
-            if( ret != 0 )
-                goto exit;
-
-            if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
-                memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
-            {
-                ret = 1;
-                goto exit;
-            }
-
-            mbedtls_gcm_free( &ctx );
-
-            if( verbose != 0 )
-                mbedtls_printf( "passed\n" );
-        }
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    ret = 0;
-
-exit:
-    if( ret != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-        mbedtls_gcm_free( &ctx );
-    }
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
-
-#endif /* MBEDTLS_GCM_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/havege.c b/components/ssl/mbedtls/mbedtls/library/havege.c
deleted file mode 100644
index 2b75ef7b..00000000
--- a/components/ssl/mbedtls/mbedtls/library/havege.c
+++ /dev/null
@@ -1,245 +0,0 @@
-/**
- *  \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  The HAVEGE RNG was designed by Andre Seznec in 2002.
- *
- *  http://www.irisa.fr/caps/projects/hipsor/publi.php
- *
- *  Contact: seznec(at)irisa_dot_fr - orocheco(at)irisa_dot_fr
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_HAVEGE_C)
-
-#include "mbedtls/havege.h"
-#include "mbedtls/timing.h"
-
-#include <string.h>
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/* ------------------------------------------------------------------------
- * On average, one iteration accesses two 8-word blocks in the havege WALK
- * table, and generates 16 words in the RES array.
- *
- * The data read in the WALK table is updated and permuted after each use.
- * The result of the hardware clock counter read is used  for this update.
- *
- * 25 conditional tests are present.  The conditional tests are grouped in
- * two nested  groups of 12 conditional tests and 1 test that controls the
- * permutation; on average, there should be 6 tests executed and 3 of them
- * should be mispredicted.
- * ------------------------------------------------------------------------
- */
-
-#define SWAP(X,Y) { int *T = X; X = Y; Y = T; }
-
-#define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
-#define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
-
-#define TST1_LEAVE U1++; }
-#define TST2_LEAVE U2++; }
-
-#define ONE_ITERATION                                   \
-                                                        \
-    PTEST = PT1 >> 20;                                  \
-                                                        \
-    TST1_ENTER  TST1_ENTER  TST1_ENTER  TST1_ENTER      \
-    TST1_ENTER  TST1_ENTER  TST1_ENTER  TST1_ENTER      \
-    TST1_ENTER  TST1_ENTER  TST1_ENTER  TST1_ENTER      \
-                                                        \
-    TST1_LEAVE  TST1_LEAVE  TST1_LEAVE  TST1_LEAVE      \
-    TST1_LEAVE  TST1_LEAVE  TST1_LEAVE  TST1_LEAVE      \
-    TST1_LEAVE  TST1_LEAVE  TST1_LEAVE  TST1_LEAVE      \
-                                                        \
-    PTX = (PT1 >> 18) & 7;                              \
-    PT1 &= 0x1FFF;                                      \
-    PT2 &= 0x1FFF;                                      \
-    CLK = (int) mbedtls_timing_hardclock();                            \
-                                                        \
-    i = 0;                                              \
-    A = &WALK[PT1    ]; RES[i++] ^= *A;                 \
-    B = &WALK[PT2    ]; RES[i++] ^= *B;                 \
-    C = &WALK[PT1 ^ 1]; RES[i++] ^= *C;                 \
-    D = &WALK[PT2 ^ 4]; RES[i++] ^= *D;                 \
-                                                        \
-    IN = (*A >> (1)) ^ (*A << (31)) ^ CLK;              \
-    *A = (*B >> (2)) ^ (*B << (30)) ^ CLK;              \
-    *B = IN ^ U1;                                       \
-    *C = (*C >> (3)) ^ (*C << (29)) ^ CLK;              \
-    *D = (*D >> (4)) ^ (*D << (28)) ^ CLK;              \
-                                                        \
-    A = &WALK[PT1 ^ 2]; RES[i++] ^= *A;                 \
-    B = &WALK[PT2 ^ 2]; RES[i++] ^= *B;                 \
-    C = &WALK[PT1 ^ 3]; RES[i++] ^= *C;                 \
-    D = &WALK[PT2 ^ 6]; RES[i++] ^= *D;                 \
-                                                        \
-    if( PTEST & 1 ) SWAP( A, C );                       \
-                                                        \
-    IN = (*A >> (5)) ^ (*A << (27)) ^ CLK;              \
-    *A = (*B >> (6)) ^ (*B << (26)) ^ CLK;              \
-    *B = IN; CLK = (int) mbedtls_timing_hardclock();                   \
-    *C = (*C >> (7)) ^ (*C << (25)) ^ CLK;              \
-    *D = (*D >> (8)) ^ (*D << (24)) ^ CLK;              \
-                                                        \
-    A = &WALK[PT1 ^ 4];                                 \
-    B = &WALK[PT2 ^ 1];                                 \
-                                                        \
-    PTEST = PT2 >> 1;                                   \
-                                                        \
-    PT2 = (RES[(i - 8) ^ PTY] ^ WALK[PT2 ^ PTY ^ 7]);   \
-    PT2 = ((PT2 & 0x1FFF) & (~8)) ^ ((PT1 ^ 8) & 0x8);  \
-    PTY = (PT2 >> 10) & 7;                              \
-                                                        \
-    TST2_ENTER  TST2_ENTER  TST2_ENTER  TST2_ENTER      \
-    TST2_ENTER  TST2_ENTER  TST2_ENTER  TST2_ENTER      \
-    TST2_ENTER  TST2_ENTER  TST2_ENTER  TST2_ENTER      \
-                                                        \
-    TST2_LEAVE  TST2_LEAVE  TST2_LEAVE  TST2_LEAVE      \
-    TST2_LEAVE  TST2_LEAVE  TST2_LEAVE  TST2_LEAVE      \
-    TST2_LEAVE  TST2_LEAVE  TST2_LEAVE  TST2_LEAVE      \
-                                                        \
-    C = &WALK[PT1 ^ 5];                                 \
-    D = &WALK[PT2 ^ 5];                                 \
-                                                        \
-    RES[i++] ^= *A;                                     \
-    RES[i++] ^= *B;                                     \
-    RES[i++] ^= *C;                                     \
-    RES[i++] ^= *D;                                     \
-                                                        \
-    IN = (*A >> ( 9)) ^ (*A << (23)) ^ CLK;             \
-    *A = (*B >> (10)) ^ (*B << (22)) ^ CLK;             \
-    *B = IN ^ U2;                                       \
-    *C = (*C >> (11)) ^ (*C << (21)) ^ CLK;             \
-    *D = (*D >> (12)) ^ (*D << (20)) ^ CLK;             \
-                                                        \
-    A = &WALK[PT1 ^ 6]; RES[i++] ^= *A;                 \
-    B = &WALK[PT2 ^ 3]; RES[i++] ^= *B;                 \
-    C = &WALK[PT1 ^ 7]; RES[i++] ^= *C;                 \
-    D = &WALK[PT2 ^ 7]; RES[i++] ^= *D;                 \
-                                                        \
-    IN = (*A >> (13)) ^ (*A << (19)) ^ CLK;             \
-    *A = (*B >> (14)) ^ (*B << (18)) ^ CLK;             \
-    *B = IN;                                            \
-    *C = (*C >> (15)) ^ (*C << (17)) ^ CLK;             \
-    *D = (*D >> (16)) ^ (*D << (16)) ^ CLK;             \
-                                                        \
-    PT1 = ( RES[( i - 8 ) ^ PTX] ^                      \
-            WALK[PT1 ^ PTX ^ 7] ) & (~1);               \
-    PT1 ^= (PT2 ^ 0x10) & 0x10;                         \
-                                                        \
-    for( n++, i = 0; i < 16; i++ )                      \
-        hs->pool[n % MBEDTLS_HAVEGE_COLLECT_SIZE] ^= RES[i];
-
-/*
- * Entropy gathering function
- */
-static void havege_fill( mbedtls_havege_state *hs )
-{
-    int i, n = 0;
-    int  U1,  U2, *A, *B, *C, *D;
-    int PT1, PT2, *WALK, RES[16];
-    int PTX, PTY, CLK, PTEST, IN;
-
-    WALK = hs->WALK;
-    PT1  = hs->PT1;
-    PT2  = hs->PT2;
-
-    PTX  = U1 = 0;
-    PTY  = U2 = 0;
-
-    (void)PTX;
-
-    memset( RES, 0, sizeof( RES ) );
-
-    while( n < MBEDTLS_HAVEGE_COLLECT_SIZE * 4 )
-    {
-        ONE_ITERATION
-        ONE_ITERATION
-        ONE_ITERATION
-        ONE_ITERATION
-    }
-
-    hs->PT1 = PT1;
-    hs->PT2 = PT2;
-
-    hs->offset[0] = 0;
-    hs->offset[1] = MBEDTLS_HAVEGE_COLLECT_SIZE / 2;
-}
-
-/*
- * HAVEGE initialization
- */
-void mbedtls_havege_init( mbedtls_havege_state *hs )
-{
-    memset( hs, 0, sizeof( mbedtls_havege_state ) );
-
-    havege_fill( hs );
-}
-
-void mbedtls_havege_free( mbedtls_havege_state *hs )
-{
-    if( hs == NULL )
-        return;
-
-    mbedtls_zeroize( hs, sizeof( mbedtls_havege_state ) );
-}
-
-/*
- * HAVEGE rand function
- */
-int mbedtls_havege_random( void *p_rng, unsigned char *buf, size_t len )
-{
-    int val;
-    size_t use_len;
-    mbedtls_havege_state *hs = (mbedtls_havege_state *) p_rng;
-    unsigned char *p = buf;
-
-    while( len > 0 )
-    {
-        use_len = len;
-        if( use_len > sizeof(int) )
-            use_len = sizeof(int);
-
-        if( hs->offset[1] >= MBEDTLS_HAVEGE_COLLECT_SIZE )
-            havege_fill( hs );
-
-        val  = hs->pool[hs->offset[0]++];
-        val ^= hs->pool[hs->offset[1]++];
-
-        memcpy( p, &val, use_len );
-
-        len -= use_len;
-        p += use_len;
-    }
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_HAVEGE_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/hmac_drbg.c b/components/ssl/mbedtls/mbedtls/library/hmac_drbg.c
deleted file mode 100644
index 24c609e9..00000000
--- a/components/ssl/mbedtls/mbedtls/library/hmac_drbg.c
+++ /dev/null
@@ -1,534 +0,0 @@
-/*
- *  HMAC_DRBG implementation (NIST SP 800-90)
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- *  The NIST SP 800-90A DRBGs are described in the following publication.
- *  http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf
- *  References below are based on rev. 1 (January 2012).
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_HMAC_DRBG_C)
-
-#include "mbedtls/hmac_drbg.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_SELF_TEST */
-#endif /* MBEDTLS_PLATFORM_C */
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- * HMAC_DRBG context initialization
- */
-void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_hmac_drbg_context ) );
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
-#endif
-}
-
-/*
- * HMAC_DRBG update, using optional additional data (10.1.2.2)
- */
-void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
-                       const unsigned char *additional, size_t add_len )
-{
-    size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info );
-    unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1;
-    unsigned char sep[1];
-    unsigned char K[MBEDTLS_MD_MAX_SIZE];
-
-    for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
-    {
-        /* Step 1 or 4 */
-        mbedtls_md_hmac_reset( &ctx->md_ctx );
-        mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
-        mbedtls_md_hmac_update( &ctx->md_ctx, sep, 1 );
-        if( rounds == 2 )
-            mbedtls_md_hmac_update( &ctx->md_ctx, additional, add_len );
-        mbedtls_md_hmac_finish( &ctx->md_ctx, K );
-
-        /* Step 2 or 5 */
-        mbedtls_md_hmac_starts( &ctx->md_ctx, K, md_len );
-        mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
-        mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V );
-    }
-}
-
-/*
- * Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA)
- */
-int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
-                        const mbedtls_md_info_t * md_info,
-                        const unsigned char *data, size_t data_len )
-{
-    int ret;
-
-    if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
-        return( ret );
-
-    /*
-     * Set initial working state.
-     * Use the V memory location, which is currently all 0, to initialize the
-     * MD context with an all-zero key. Then set V to its initial value.
-     */
-    mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, mbedtls_md_get_size( md_info ) );
-    memset( ctx->V, 0x01, mbedtls_md_get_size( md_info ) );
-
-    mbedtls_hmac_drbg_update( ctx, data, data_len );
-
-    return( 0 );
-}
-
-/*
- * HMAC_DRBG reseeding: 10.1.2.4 (arabic) + 9.2 (Roman)
- */
-int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
-                      const unsigned char *additional, size_t len )
-{
-    unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT];
-    size_t seedlen;
-
-    /* III. Check input length */
-    if( len > MBEDTLS_HMAC_DRBG_MAX_INPUT ||
-        ctx->entropy_len + len > MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT )
-    {
-        return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
-    }
-
-    memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT );
-
-    /* IV. Gather entropy_len bytes of entropy for the seed */
-    if( ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) != 0 )
-        return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED );
-
-    seedlen = ctx->entropy_len;
-
-    /* 1. Concatenate entropy and additional data if any */
-    if( additional != NULL && len != 0 )
-    {
-        memcpy( seed + seedlen, additional, len );
-        seedlen += len;
-    }
-
-    /* 2. Update state */
-    mbedtls_hmac_drbg_update( ctx, seed, seedlen );
-
-    /* 3. Reset reseed_counter */
-    ctx->reseed_counter = 1;
-
-    /* 4. Done */
-    return( 0 );
-}
-
-/*
- * HMAC_DRBG initialisation (10.1.2.3 + 9.1)
- */
-int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
-                    const mbedtls_md_info_t * md_info,
-                    int (*f_entropy)(void *, unsigned char *, size_t),
-                    void *p_entropy,
-                    const unsigned char *custom,
-                    size_t len )
-{
-    int ret;
-    size_t entropy_len, md_size;
-
-    if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
-        return( ret );
-
-    md_size = mbedtls_md_get_size( md_info );
-
-    /*
-     * Set initial working state.
-     * Use the V memory location, which is currently all 0, to initialize the
-     * MD context with an all-zero key. Then set V to its initial value.
-     */
-    mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, md_size );
-    memset( ctx->V, 0x01, md_size );
-
-    ctx->f_entropy = f_entropy;
-    ctx->p_entropy = p_entropy;
-
-    ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
-
-    /*
-     * See SP800-57 5.6.1 (p. 65-66) for the security strength provided by
-     * each hash function, then according to SP800-90A rev1 10.1 table 2,
-     * min_entropy_len (in bits) is security_strength.
-     *
-     * (This also matches the sizes used in the NIST test vectors.)
-     */
-    entropy_len = md_size <= 20 ? 16 : /* 160-bits hash -> 128 bits */
-                  md_size <= 28 ? 24 : /* 224-bits hash -> 192 bits */
-                                  32;  /* better (256+) -> 256 bits */
-
-    /*
-     * For initialisation, use more entropy to emulate a nonce
-     * (Again, matches test vectors.)
-     */
-    ctx->entropy_len = entropy_len * 3 / 2;
-
-    if( ( ret = mbedtls_hmac_drbg_reseed( ctx, custom, len ) ) != 0 )
-        return( ret );
-
-    ctx->entropy_len = entropy_len;
-
-    return( 0 );
-}
-
-/*
- * Set prediction resistance
- */
-void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
-                                          int resistance )
-{
-    ctx->prediction_resistance = resistance;
-}
-
-/*
- * Set entropy length grabbed for reseeds
- */
-void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, size_t len )
-{
-    ctx->entropy_len = len;
-}
-
-/*
- * Set reseed interval
- */
-void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, int interval )
-{
-    ctx->reseed_interval = interval;
-}
-
-/*
- * HMAC_DRBG random function with optional additional data:
- * 10.1.2.5 (arabic) + 9.3 (Roman)
- */
-int mbedtls_hmac_drbg_random_with_add( void *p_rng,
-                               unsigned char *output, size_t out_len,
-                               const unsigned char *additional, size_t add_len )
-{
-    int ret;
-    mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;
-    size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info );
-    size_t left = out_len;
-    unsigned char *out = output;
-
-    /* II. Check request length */
-    if( out_len > MBEDTLS_HMAC_DRBG_MAX_REQUEST )
-        return( MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG );
-
-    /* III. Check input length */
-    if( add_len > MBEDTLS_HMAC_DRBG_MAX_INPUT )
-        return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
-
-    /* 1. (aka VII and IX) Check reseed counter and PR */
-    if( ctx->f_entropy != NULL && /* For no-reseeding instances */
-        ( ctx->prediction_resistance == MBEDTLS_HMAC_DRBG_PR_ON ||
-          ctx->reseed_counter > ctx->reseed_interval ) )
-    {
-        if( ( ret = mbedtls_hmac_drbg_reseed( ctx, additional, add_len ) ) != 0 )
-            return( ret );
-
-        add_len = 0; /* VII.4 */
-    }
-
-    /* 2. Use additional data if any */
-    if( additional != NULL && add_len != 0 )
-        mbedtls_hmac_drbg_update( ctx, additional, add_len );
-
-    /* 3, 4, 5. Generate bytes */
-    while( left != 0 )
-    {
-        size_t use_len = left > md_len ? md_len : left;
-
-        mbedtls_md_hmac_reset( &ctx->md_ctx );
-        mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
-        mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V );
-
-        memcpy( out, ctx->V, use_len );
-        out += use_len;
-        left -= use_len;
-    }
-
-    /* 6. Update */
-    mbedtls_hmac_drbg_update( ctx, additional, add_len );
-
-    /* 7. Update reseed counter */
-    ctx->reseed_counter++;
-
-    /* 8. Done */
-    return( 0 );
-}
-
-/*
- * HMAC_DRBG random function
- */
-int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len )
-{
-    int ret;
-    mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    ret = mbedtls_hmac_drbg_random_with_add( ctx, output, out_len, NULL, 0 );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    return( ret );
-}
-
-/*
- * Free an HMAC_DRBG context
- */
-void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free( &ctx->mutex );
-#endif
-    mbedtls_md_free( &ctx->md_ctx );
-    mbedtls_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) );
-}
-
-#if defined(MBEDTLS_FS_IO)
-int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
-{
-    int ret;
-    FILE *f;
-    unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
-
-    if( ( f = fopen( path, "wb" ) ) == NULL )
-        return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );
-
-    if( ( ret = mbedtls_hmac_drbg_random( ctx, buf, sizeof( buf ) ) ) != 0 )
-        goto exit;
-
-    if( fwrite( buf, 1, sizeof( buf ), f ) != sizeof( buf ) )
-    {
-        ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
-        goto exit;
-    }
-
-    ret = 0;
-
-exit:
-    fclose( f );
-    mbedtls_zeroize( buf, sizeof( buf ) );
-
-    return( ret );
-}
-
-int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
-{
-    int ret = 0;
-    FILE *f;
-    size_t n;
-    unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
-
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );
-
-    fseek( f, 0, SEEK_END );
-    n = (size_t) ftell( f );
-    fseek( f, 0, SEEK_SET );
-
-    if( n > MBEDTLS_HMAC_DRBG_MAX_INPUT )
-    {
-        fclose( f );
-        return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
-    }
-
-    if( fread( buf, 1, n, f ) != n )
-        ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
-    else
-        mbedtls_hmac_drbg_update( ctx, buf, n );
-
-    fclose( f );
-
-    mbedtls_zeroize( buf, sizeof( buf ) );
-
-    if( ret != 0 )
-        return( ret );
-
-    return( mbedtls_hmac_drbg_write_seed_file( ctx, path ) );
-}
-#endif /* MBEDTLS_FS_IO */
-
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#if !defined(MBEDTLS_SHA1_C)
-/* Dummy checkup routine */
-int mbedtls_hmac_drbg_self_test( int verbose )
-{
-    (void) verbose;
-    return( 0 );
-}
-#else
-
-#define OUTPUT_LEN  80
-
-/* From a NIST PR=true test vector */
-static const unsigned char entropy_pr[] = {
-    0xa0, 0xc9, 0xab, 0x58, 0xf1, 0xe2, 0xe5, 0xa4, 0xde, 0x3e, 0xbd, 0x4f,
-    0xf7, 0x3e, 0x9c, 0x5b, 0x64, 0xef, 0xd8, 0xca, 0x02, 0x8c, 0xf8, 0x11,
-    0x48, 0xa5, 0x84, 0xfe, 0x69, 0xab, 0x5a, 0xee, 0x42, 0xaa, 0x4d, 0x42,
-    0x17, 0x60, 0x99, 0xd4, 0x5e, 0x13, 0x97, 0xdc, 0x40, 0x4d, 0x86, 0xa3,
-    0x7b, 0xf5, 0x59, 0x54, 0x75, 0x69, 0x51, 0xe4 };
-static const unsigned char result_pr[OUTPUT_LEN] = {
-    0x9a, 0x00, 0xa2, 0xd0, 0x0e, 0xd5, 0x9b, 0xfe, 0x31, 0xec, 0xb1, 0x39,
-    0x9b, 0x60, 0x81, 0x48, 0xd1, 0x96, 0x9d, 0x25, 0x0d, 0x3c, 0x1e, 0x94,
-    0x10, 0x10, 0x98, 0x12, 0x93, 0x25, 0xca, 0xb8, 0xfc, 0xcc, 0x2d, 0x54,
-    0x73, 0x19, 0x70, 0xc0, 0x10, 0x7a, 0xa4, 0x89, 0x25, 0x19, 0x95, 0x5e,
-    0x4b, 0xc6, 0x00, 0x1d, 0x7f, 0x4e, 0x6a, 0x2b, 0xf8, 0xa3, 0x01, 0xab,
-    0x46, 0x05, 0x5c, 0x09, 0xa6, 0x71, 0x88, 0xf1, 0xa7, 0x40, 0xee, 0xf3,
-    0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 };
-
-/* From a NIST PR=false test vector */
-static const unsigned char entropy_nopr[] = {
-    0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, 0x86, 0x66,
-    0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, 0xbf, 0x8c, 0x35, 0xc8,
-    0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3,
-    0xe9, 0x9d, 0xfe, 0xdf };
-static const unsigned char result_nopr[OUTPUT_LEN] = {
-    0xc6, 0xa1, 0x6a, 0xb8, 0xd4, 0x20, 0x70, 0x6f, 0x0f, 0x34, 0xab, 0x7f,
-    0xec, 0x5a, 0xdc, 0xa9, 0xd8, 0xca, 0x3a, 0x13, 0x3e, 0x15, 0x9c, 0xa6,
-    0xac, 0x43, 0xc6, 0xf8, 0xa2, 0xbe, 0x22, 0x83, 0x4a, 0x4c, 0x0a, 0x0a,
-    0xff, 0xb1, 0x0d, 0x71, 0x94, 0xf1, 0xc1, 0xa5, 0xcf, 0x73, 0x22, 0xec,
-    0x1a, 0xe0, 0x96, 0x4e, 0xd4, 0xbf, 0x12, 0x27, 0x46, 0xe0, 0x87, 0xfd,
-    0xb5, 0xb3, 0xe9, 0x1b, 0x34, 0x93, 0xd5, 0xbb, 0x98, 0xfa, 0xed, 0x49,
-    0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7 };
-
-/* "Entropy" from buffer */
-static size_t test_offset;
-static int hmac_drbg_self_test_entropy( void *data,
-                                        unsigned char *buf, size_t len )
-{
-    const unsigned char *p = data;
-    memcpy( buf, p + test_offset, len );
-    test_offset += len;
-    return( 0 );
-}
-
-#define CHK( c )    if( (c) != 0 )                          \
-                    {                                       \
-                        if( verbose != 0 )                  \
-                            mbedtls_printf( "failed\n" );  \
-                        return( 1 );                        \
-                    }
-
-/*
- * Checkup routine for HMAC_DRBG with SHA-1
- */
-int mbedtls_hmac_drbg_self_test( int verbose )
-{
-    mbedtls_hmac_drbg_context ctx;
-    unsigned char buf[OUTPUT_LEN];
-    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
-
-    mbedtls_hmac_drbg_init( &ctx );
-
-    /*
-     * PR = True
-     */
-    if( verbose != 0 )
-        mbedtls_printf( "  HMAC_DRBG (PR = True) : " );
-
-    test_offset = 0;
-    CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
-                         hmac_drbg_self_test_entropy, (void *) entropy_pr,
-                         NULL, 0 ) );
-    mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON );
-    CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
-    CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
-    CHK( memcmp( buf, result_pr, OUTPUT_LEN ) );
-    mbedtls_hmac_drbg_free( &ctx );
-
-    mbedtls_hmac_drbg_free( &ctx );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    /*
-     * PR = False
-     */
-    if( verbose != 0 )
-        mbedtls_printf( "  HMAC_DRBG (PR = False) : " );
-
-    mbedtls_hmac_drbg_init( &ctx );
-
-    test_offset = 0;
-    CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
-                         hmac_drbg_self_test_entropy, (void *) entropy_nopr,
-                         NULL, 0 ) );
-    CHK( mbedtls_hmac_drbg_reseed( &ctx, NULL, 0 ) );
-    CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
-    CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
-    CHK( memcmp( buf, result_nopr, OUTPUT_LEN ) );
-    mbedtls_hmac_drbg_free( &ctx );
-
-    mbedtls_hmac_drbg_free( &ctx );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_HMAC_DRBG_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/md.c b/components/ssl/mbedtls/mbedtls/library/md.c
deleted file mode 100644
index 00249af7..00000000
--- a/components/ssl/mbedtls/mbedtls/library/md.c
+++ /dev/null
@@ -1,478 +0,0 @@
-/**
- * \file mbedtls_md.c
- *
- * \brief Generic message digest wrapper for mbed TLS
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_MD_C)
-
-#include "mbedtls/md.h"
-#include "mbedtls/md_internal.h"
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc    calloc
-#define mbedtls_free       free
-#endif
-
-#include <string.h>
-
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- * Reminder: update profiles in x509_crt.c when adding a new hash!
- */
-static const int supported_digests[] = {
-
-#if defined(MBEDTLS_SHA512_C)
-        MBEDTLS_MD_SHA512,
-        MBEDTLS_MD_SHA384,
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-        MBEDTLS_MD_SHA256,
-        MBEDTLS_MD_SHA224,
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
-        MBEDTLS_MD_SHA1,
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
-        MBEDTLS_MD_RIPEMD160,
-#endif
-
-#if defined(MBEDTLS_MD5_C)
-        MBEDTLS_MD_MD5,
-#endif
-
-#if defined(MBEDTLS_MD4_C)
-        MBEDTLS_MD_MD4,
-#endif
-
-#if defined(MBEDTLS_MD2_C)
-        MBEDTLS_MD_MD2,
-#endif
-
-        MBEDTLS_MD_NONE
-};
-
-const int *mbedtls_md_list( void )
-{
-    return( supported_digests );
-}
-
-const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name )
-{
-    if( NULL == md_name )
-        return( NULL );
-
-    /* Get the appropriate digest information */
-#if defined(MBEDTLS_MD2_C)
-    if( !strcmp( "MD2", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_MD2 );
-#endif
-#if defined(MBEDTLS_MD4_C)
-    if( !strcmp( "MD4", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_MD4 );
-#endif
-#if defined(MBEDTLS_MD5_C)
-    if( !strcmp( "MD5", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_MD5 );
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-    if( !strcmp( "RIPEMD160", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_RIPEMD160 );
-#endif
-#if defined(MBEDTLS_SHA1_C)
-    if( !strcmp( "SHA1", md_name ) || !strcmp( "SHA", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
-#endif
-#if defined(MBEDTLS_SHA256_C)
-    if( !strcmp( "SHA224", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA224 );
-    if( !strcmp( "SHA256", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 );
-#endif
-#if defined(MBEDTLS_SHA512_C)
-    if( !strcmp( "SHA384", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA384 );
-    if( !strcmp( "SHA512", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 );
-#endif
-    return( NULL );
-}
-
-const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type )
-{
-    switch( md_type )
-    {
-#if defined(MBEDTLS_MD2_C)
-        case MBEDTLS_MD_MD2:
-            return( &mbedtls_md2_info );
-#endif
-#if defined(MBEDTLS_MD4_C)
-        case MBEDTLS_MD_MD4:
-            return( &mbedtls_md4_info );
-#endif
-#if defined(MBEDTLS_MD5_C)
-        case MBEDTLS_MD_MD5:
-            return( &mbedtls_md5_info );
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-        case MBEDTLS_MD_RIPEMD160:
-            return( &mbedtls_ripemd160_info );
-#endif
-#if defined(MBEDTLS_SHA1_C)
-        case MBEDTLS_MD_SHA1:
-            return( &mbedtls_sha1_info );
-#endif
-#if defined(MBEDTLS_SHA256_C)
-        case MBEDTLS_MD_SHA224:
-            return( &mbedtls_sha224_info );
-        case MBEDTLS_MD_SHA256:
-            return( &mbedtls_sha256_info );
-#endif
-#if defined(MBEDTLS_SHA512_C)
-        case MBEDTLS_MD_SHA384:
-            return( &mbedtls_sha384_info );
-        case MBEDTLS_MD_SHA512:
-            return( &mbedtls_sha512_info );
-#endif
-        default:
-            return( NULL );
-    }
-}
-
-void mbedtls_md_init( mbedtls_md_context_t *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_md_context_t ) );
-}
-
-void mbedtls_md_free( mbedtls_md_context_t *ctx )
-{
-    if( ctx == NULL || ctx->md_info == NULL )
-        return;
-
-    if( ctx->md_ctx != NULL )
-        ctx->md_info->ctx_free_func( ctx->md_ctx );
-
-    if( ctx->hmac_ctx != NULL )
-    {
-        mbedtls_zeroize( ctx->hmac_ctx, 2 * ctx->md_info->block_size );
-        mbedtls_free( ctx->hmac_ctx );
-    }
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_md_context_t ) );
-}
-
-int mbedtls_md_clone( mbedtls_md_context_t *dst,
-                      const mbedtls_md_context_t *src )
-{
-    if( dst == NULL || dst->md_info == NULL ||
-        src == NULL || src->md_info == NULL ||
-        dst->md_info != src->md_info )
-    {
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-    }
-
-    dst->md_info->clone_func( dst->md_ctx, src->md_ctx );
-
-    return( 0 );
-}
-
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info )
-{
-    return mbedtls_md_setup( ctx, md_info, 1 );
-}
-#endif
-
-int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac )
-{
-    if( md_info == NULL || ctx == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL )
-        return( MBEDTLS_ERR_MD_ALLOC_FAILED );
-
-    if( hmac != 0 )
-    {
-        ctx->hmac_ctx = mbedtls_calloc( 2, md_info->block_size );
-        if( ctx->hmac_ctx == NULL )
-        {
-            md_info->ctx_free_func( ctx->md_ctx );
-            return( MBEDTLS_ERR_MD_ALLOC_FAILED );
-        }
-    }
-
-    ctx->md_info = md_info;
-
-    return( 0 );
-}
-
-int mbedtls_md_starts( mbedtls_md_context_t *ctx )
-{
-    if( ctx == NULL || ctx->md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    return( ctx->md_info->starts_func( ctx->md_ctx ) );
-}
-
-int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
-{
-    if( ctx == NULL || ctx->md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) );
-}
-
-int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
-{
-    if( ctx == NULL || ctx->md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    return( ctx->md_info->finish_func( ctx->md_ctx, output ) );
-}
-
-int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
-            unsigned char *output )
-{
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    return( md_info->digest_func( input, ilen, output ) );
-}
-
-#if defined(MBEDTLS_FS_IO)
-int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output )
-{
-    int ret;
-    FILE *f;
-    size_t n;
-    mbedtls_md_context_t ctx;
-    unsigned char buf[1024];
-
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_MD_FILE_IO_ERROR );
-
-    mbedtls_md_init( &ctx );
-
-    if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 )
-        goto cleanup;
-
-    if( ( ret = md_info->starts_func( ctx.md_ctx ) ) != 0 )
-        goto cleanup;
-
-    while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
-        if( ( ret = md_info->update_func( ctx.md_ctx, buf, n ) ) != 0 )
-            goto cleanup;
-
-    if( ferror( f ) != 0 )
-        ret = MBEDTLS_ERR_MD_FILE_IO_ERROR;
-    else
-        ret = md_info->finish_func( ctx.md_ctx, output );
-
-cleanup:
-    mbedtls_zeroize( buf, sizeof( buf ) );
-    fclose( f );
-    mbedtls_md_free( &ctx );
-
-    return( ret );
-}
-#endif /* MBEDTLS_FS_IO */
-
-int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen )
-{
-    int ret;
-    unsigned char sum[MBEDTLS_MD_MAX_SIZE];
-    unsigned char *ipad, *opad;
-    size_t i;
-
-    if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    if( keylen > (size_t) ctx->md_info->block_size )
-    {
-        if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 )
-            goto cleanup;
-        if( ( ret = ctx->md_info->update_func( ctx->md_ctx, key, keylen ) ) != 0 )
-            goto cleanup;
-        if( ( ret = ctx->md_info->finish_func( ctx->md_ctx, sum ) ) != 0 )
-            goto cleanup;
-
-        keylen = ctx->md_info->size;
-        key = sum;
-    }
-
-    ipad = (unsigned char *) ctx->hmac_ctx;
-    opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
-
-    memset( ipad, 0x36, ctx->md_info->block_size );
-    memset( opad, 0x5C, ctx->md_info->block_size );
-
-    for( i = 0; i < keylen; i++ )
-    {
-        ipad[i] = (unsigned char)( ipad[i] ^ key[i] );
-        opad[i] = (unsigned char)( opad[i] ^ key[i] );
-    }
-
-    if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 )
-        goto cleanup;
-    if( ( ret = ctx->md_info->update_func( ctx->md_ctx, ipad,
-                                           ctx->md_info->block_size ) ) != 0 )
-        goto cleanup;
-
-cleanup:
-    mbedtls_zeroize( sum, sizeof( sum ) );
-
-    return( ret );
-}
-
-int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
-{
-    if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) );
-}
-
-int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output )
-{
-    int ret;
-    unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
-    unsigned char *opad;
-
-    if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
-
-    if( ( ret = ctx->md_info->finish_func( ctx->md_ctx, tmp ) ) != 0 )
-        return( ret );
-    if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 )
-        return( ret );
-    if( ( ret = ctx->md_info->update_func( ctx->md_ctx, opad,
-                                           ctx->md_info->block_size ) ) != 0 )
-        return( ret );
-    if( ( ret = ctx->md_info->update_func( ctx->md_ctx, tmp,
-                                           ctx->md_info->size ) ) != 0 )
-        return( ret );
-    return( ctx->md_info->finish_func( ctx->md_ctx, output ) );
-}
-
-int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx )
-{
-    int ret;
-    unsigned char *ipad;
-
-    if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    ipad = (unsigned char *) ctx->hmac_ctx;
-
-    if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 )
-        return( ret );
-    return( ctx->md_info->update_func( ctx->md_ctx, ipad,
-                                       ctx->md_info->block_size ) );
-}
-
-int mbedtls_md_hmac( const mbedtls_md_info_t *md_info,
-                     const unsigned char *key, size_t keylen,
-                     const unsigned char *input, size_t ilen,
-                     unsigned char *output )
-{
-    mbedtls_md_context_t ctx;
-    int ret;
-
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    mbedtls_md_init( &ctx );
-
-    if( ( ret = mbedtls_md_setup( &ctx, md_info, 1 ) ) != 0 )
-        goto cleanup;
-
-    if( ( ret = mbedtls_md_hmac_starts( &ctx, key, keylen ) ) != 0 )
-        goto cleanup;
-    if( ( ret = mbedtls_md_hmac_update( &ctx, input, ilen ) ) != 0 )
-        goto cleanup;
-    if( ( ret = mbedtls_md_hmac_finish( &ctx, output ) ) != 0 )
-        goto cleanup;
-
-cleanup:
-    mbedtls_md_free( &ctx );
-
-    return( ret );
-}
-
-int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
-{
-    if( ctx == NULL || ctx->md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    return( ctx->md_info->process_func( ctx->md_ctx, data ) );
-}
-
-unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info )
-{
-    if( md_info == NULL )
-        return( 0 );
-
-    return md_info->size;
-}
-
-mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info )
-{
-    if( md_info == NULL )
-        return( MBEDTLS_MD_NONE );
-
-    return md_info->type;
-}
-
-const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info )
-{
-    if( md_info == NULL )
-        return( NULL );
-
-    return md_info->name;
-}
-
-#endif /* MBEDTLS_MD_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/md2.c b/components/ssl/mbedtls/mbedtls/library/md2.c
deleted file mode 100644
index b88aa406..00000000
--- a/components/ssl/mbedtls/mbedtls/library/md2.c
+++ /dev/null
@@ -1,367 +0,0 @@
-/*
- *  RFC 1115/1319 compliant MD2 implementation
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  The MD2 algorithm was designed by Ron Rivest in 1989.
- *
- *  http://www.ietf.org/rfc/rfc1115.txt
- *  http://www.ietf.org/rfc/rfc1319.txt
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_MD2_C)
-
-#include "mbedtls/md2.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#if !defined(MBEDTLS_MD2_ALT)
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-static const unsigned char PI_SUBST[256] =
-{
-    0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,
-    0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3,
-    0xC0, 0xC7, 0x73, 0x8C, 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C,
-    0x82, 0xCA, 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
-    0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, 0xBE, 0x4E,
-    0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, 0xA0, 0xFB, 0xF5, 0x8E,
-    0xBB, 0x2F, 0xEE, 0x7A, 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2,
-    0x07, 0x3F, 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
-    0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, 0x35, 0x3E,
-    0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, 0xFF, 0x19, 0x30, 0xB3,
-    0x48, 0xA5, 0xB5, 0xD1, 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56,
-    0xAA, 0xC6, 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
-    0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, 0x45, 0x9D,
-    0x70, 0x59, 0x64, 0x71, 0x87, 0x20, 0x86, 0x5B, 0xCF, 0x65,
-    0xE6, 0x2D, 0xA8, 0x02, 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0,
-    0xB9, 0xF6, 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
-    0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, 0xC3, 0x5C,
-    0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, 0x2C, 0x53, 0x0D, 0x6E,
-    0x85, 0x28, 0x84, 0x09, 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81,
-    0x4D, 0x52, 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
-    0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, 0x78, 0x88,
-    0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, 0xE9, 0xCB, 0xD5, 0xFE,
-    0x3B, 0x00, 0x1D, 0x39, 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58,
-    0xD0, 0xE4, 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
-    0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, 0xDB, 0x99,
-    0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14
-};
-
-void mbedtls_md2_init( mbedtls_md2_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_md2_context ) );
-}
-
-void mbedtls_md2_free( mbedtls_md2_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_md2_context ) );
-}
-
-void mbedtls_md2_clone( mbedtls_md2_context *dst,
-                        const mbedtls_md2_context *src )
-{
-    *dst = *src;
-}
-
-/*
- * MD2 context setup
- */
-int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx )
-{
-    memset( ctx->cksum, 0, 16 );
-    memset( ctx->state, 0, 46 );
-    memset( ctx->buffer, 0, 16 );
-    ctx->left = 0;
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2_starts( mbedtls_md2_context *ctx )
-{
-    mbedtls_md2_starts_ret( ctx );
-}
-#endif
-
-#if !defined(MBEDTLS_MD2_PROCESS_ALT)
-int mbedtls_internal_md2_process( mbedtls_md2_context *ctx )
-{
-    int i, j;
-    unsigned char t = 0;
-
-    for( i = 0; i < 16; i++ )
-    {
-        ctx->state[i + 16] = ctx->buffer[i];
-        ctx->state[i + 32] =
-            (unsigned char)( ctx->buffer[i] ^ ctx->state[i]);
-    }
-
-    for( i = 0; i < 18; i++ )
-    {
-        for( j = 0; j < 48; j++ )
-        {
-            ctx->state[j] = (unsigned char)
-               ( ctx->state[j] ^ PI_SUBST[t] );
-            t  = ctx->state[j];
-        }
-
-        t = (unsigned char)( t + i );
-    }
-
-    t = ctx->cksum[15];
-
-    for( i = 0; i < 16; i++ )
-    {
-        ctx->cksum[i] = (unsigned char)
-           ( ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t] );
-        t  = ctx->cksum[i];
-    }
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2_process( mbedtls_md2_context *ctx )
-{
-    mbedtls_internal_md2_process( ctx );
-}
-#endif
-#endif /* !MBEDTLS_MD2_PROCESS_ALT */
-
-/*
- * MD2 process buffer
- */
-int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
-                            const unsigned char *input,
-                            size_t ilen )
-{
-    int ret;
-    size_t fill;
-
-    while( ilen > 0 )
-    {
-        if( ilen > 16 - ctx->left )
-            fill = 16 - ctx->left;
-        else
-            fill = ilen;
-
-        memcpy( ctx->buffer + ctx->left, input, fill );
-
-        ctx->left += fill;
-        input += fill;
-        ilen  -= fill;
-
-        if( ctx->left == 16 )
-        {
-            ctx->left = 0;
-            if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )
-                return( ret );
-        }
-    }
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2_update( mbedtls_md2_context *ctx,
-                         const unsigned char *input,
-                         size_t ilen )
-{
-    mbedtls_md2_update_ret( ctx, input, ilen );
-}
-#endif
-
-/*
- * MD2 final digest
- */
-int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
-                            unsigned char output[16] )
-{
-    int ret;
-    size_t i;
-    unsigned char x;
-
-    x = (unsigned char)( 16 - ctx->left );
-
-    for( i = ctx->left; i < 16; i++ )
-        ctx->buffer[i] = x;
-
-    if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )
-        return( ret );
-
-    memcpy( ctx->buffer, ctx->cksum, 16 );
-    if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )
-        return( ret );
-
-    memcpy( output, ctx->state, 16 );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2_finish( mbedtls_md2_context *ctx,
-                         unsigned char output[16] )
-{
-    mbedtls_md2_finish_ret( ctx, output );
-}
-#endif
-
-#endif /* !MBEDTLS_MD2_ALT */
-
-/*
- * output = MD2( input buffer )
- */
-int mbedtls_md2_ret( const unsigned char *input,
-                     size_t ilen,
-                     unsigned char output[16] )
-{
-    int ret;
-    mbedtls_md2_context ctx;
-
-    mbedtls_md2_init( &ctx );
-
-    if( ( ret = mbedtls_md2_starts_ret( &ctx ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_md2_update_ret( &ctx, input, ilen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_md2_finish_ret( &ctx, output ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_md2_free( &ctx );
-
-    return( ret );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2( const unsigned char *input,
-                  size_t ilen,
-                  unsigned char output[16] )
-{
-    mbedtls_md2_ret( input, ilen, output );
-}
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/*
- * RFC 1319 test vectors
- */
-static const unsigned char md2_test_str[7][81] =
-{
-    { "" },
-    { "a" },
-    { "abc" },
-    { "message digest" },
-    { "abcdefghijklmnopqrstuvwxyz" },
-    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
-    { "12345678901234567890123456789012345678901234567890123456789012"
-      "345678901234567890" }
-};
-
-static const size_t md2_test_strlen[7] =
-{
-    0, 1, 3, 14, 26, 62, 80
-};
-
-static const unsigned char md2_test_sum[7][16] =
-{
-    { 0x83, 0x50, 0xE5, 0xA3, 0xE2, 0x4C, 0x15, 0x3D,
-      0xF2, 0x27, 0x5C, 0x9F, 0x80, 0x69, 0x27, 0x73 },
-    { 0x32, 0xEC, 0x01, 0xEC, 0x4A, 0x6D, 0xAC, 0x72,
-      0xC0, 0xAB, 0x96, 0xFB, 0x34, 0xC0, 0xB5, 0xD1 },
-    { 0xDA, 0x85, 0x3B, 0x0D, 0x3F, 0x88, 0xD9, 0x9B,
-      0x30, 0x28, 0x3A, 0x69, 0xE6, 0xDE, 0xD6, 0xBB },
-    { 0xAB, 0x4F, 0x49, 0x6B, 0xFB, 0x2A, 0x53, 0x0B,
-      0x21, 0x9F, 0xF3, 0x30, 0x31, 0xFE, 0x06, 0xB0 },
-    { 0x4E, 0x8D, 0xDF, 0xF3, 0x65, 0x02, 0x92, 0xAB,
-      0x5A, 0x41, 0x08, 0xC3, 0xAA, 0x47, 0x94, 0x0B },
-    { 0xDA, 0x33, 0xDE, 0xF2, 0xA4, 0x2D, 0xF1, 0x39,
-      0x75, 0x35, 0x28, 0x46, 0xC3, 0x03, 0x38, 0xCD },
-    { 0xD5, 0x97, 0x6F, 0x79, 0xD8, 0x3D, 0x3A, 0x0D,
-      0xC9, 0x80, 0x6C, 0x3C, 0x66, 0xF3, 0xEF, 0xD8 }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_md2_self_test( int verbose )
-{
-    int i, ret = 0;
-    unsigned char md2sum[16];
-
-    for( i = 0; i < 7; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  MD2 test #%d: ", i + 1 );
-
-        ret = mbedtls_md2_ret( md2_test_str[i], md2_test_strlen[i], md2sum );
-        if( ret != 0 )
-            goto fail;
-
-        if( memcmp( md2sum, md2_test_sum[i], 16 ) != 0 )
-        {
-            ret = 1;
-            goto fail;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-
-fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_MD2_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/md4.c b/components/ssl/mbedtls/mbedtls/library/md4.c
deleted file mode 100644
index ba704f58..00000000
--- a/components/ssl/mbedtls/mbedtls/library/md4.c
+++ /dev/null
@@ -1,472 +0,0 @@
-/*
- *  RFC 1186/1320 compliant MD4 implementation
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  The MD4 algorithm was designed by Ron Rivest in 1990.
- *
- *  http://www.ietf.org/rfc/rfc1186.txt
- *  http://www.ietf.org/rfc/rfc1320.txt
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_MD4_C)
-
-#include "mbedtls/md4.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#if !defined(MBEDTLS_MD4_ALT)
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- * 32-bit integer manipulation macros (little endian)
- */
-#ifndef GET_UINT32_LE
-#define GET_UINT32_LE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ]       )             \
-        | ( (uint32_t) (b)[(i) + 1] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 2] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 3] << 24 );            \
-}
-#endif
-
-#ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i)                                    \
-{                                                               \
-    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
-    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
-    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
-    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
-}
-#endif
-
-void mbedtls_md4_init( mbedtls_md4_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_md4_context ) );
-}
-
-void mbedtls_md4_free( mbedtls_md4_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_md4_context ) );
-}
-
-void mbedtls_md4_clone( mbedtls_md4_context *dst,
-                        const mbedtls_md4_context *src )
-{
-    *dst = *src;
-}
-
-/*
- * MD4 context setup
- */
-int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx )
-{
-    ctx->total[0] = 0;
-    ctx->total[1] = 0;
-
-    ctx->state[0] = 0x67452301;
-    ctx->state[1] = 0xEFCDAB89;
-    ctx->state[2] = 0x98BADCFE;
-    ctx->state[3] = 0x10325476;
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4_starts( mbedtls_md4_context *ctx )
-{
-    mbedtls_md4_starts_ret( ctx );
-}
-#endif
-
-#if !defined(MBEDTLS_MD4_PROCESS_ALT)
-int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
-                                  const unsigned char data[64] )
-{
-    uint32_t X[16], A, B, C, D;
-
-    GET_UINT32_LE( X[ 0], data,  0 );
-    GET_UINT32_LE( X[ 1], data,  4 );
-    GET_UINT32_LE( X[ 2], data,  8 );
-    GET_UINT32_LE( X[ 3], data, 12 );
-    GET_UINT32_LE( X[ 4], data, 16 );
-    GET_UINT32_LE( X[ 5], data, 20 );
-    GET_UINT32_LE( X[ 6], data, 24 );
-    GET_UINT32_LE( X[ 7], data, 28 );
-    GET_UINT32_LE( X[ 8], data, 32 );
-    GET_UINT32_LE( X[ 9], data, 36 );
-    GET_UINT32_LE( X[10], data, 40 );
-    GET_UINT32_LE( X[11], data, 44 );
-    GET_UINT32_LE( X[12], data, 48 );
-    GET_UINT32_LE( X[13], data, 52 );
-    GET_UINT32_LE( X[14], data, 56 );
-    GET_UINT32_LE( X[15], data, 60 );
-
-#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
-
-    A = ctx->state[0];
-    B = ctx->state[1];
-    C = ctx->state[2];
-    D = ctx->state[3];
-
-#define F(x, y, z) ((x & y) | ((~x) & z))
-#define P(a,b,c,d,x,s) { a += F(b,c,d) + x; a = S(a,s); }
-
-    P( A, B, C, D, X[ 0],  3 );
-    P( D, A, B, C, X[ 1],  7 );
-    P( C, D, A, B, X[ 2], 11 );
-    P( B, C, D, A, X[ 3], 19 );
-    P( A, B, C, D, X[ 4],  3 );
-    P( D, A, B, C, X[ 5],  7 );
-    P( C, D, A, B, X[ 6], 11 );
-    P( B, C, D, A, X[ 7], 19 );
-    P( A, B, C, D, X[ 8],  3 );
-    P( D, A, B, C, X[ 9],  7 );
-    P( C, D, A, B, X[10], 11 );
-    P( B, C, D, A, X[11], 19 );
-    P( A, B, C, D, X[12],  3 );
-    P( D, A, B, C, X[13],  7 );
-    P( C, D, A, B, X[14], 11 );
-    P( B, C, D, A, X[15], 19 );
-
-#undef P
-#undef F
-
-#define F(x,y,z) ((x & y) | (x & z) | (y & z))
-#define P(a,b,c,d,x,s) { a += F(b,c,d) + x + 0x5A827999; a = S(a,s); }
-
-    P( A, B, C, D, X[ 0],  3 );
-    P( D, A, B, C, X[ 4],  5 );
-    P( C, D, A, B, X[ 8],  9 );
-    P( B, C, D, A, X[12], 13 );
-    P( A, B, C, D, X[ 1],  3 );
-    P( D, A, B, C, X[ 5],  5 );
-    P( C, D, A, B, X[ 9],  9 );
-    P( B, C, D, A, X[13], 13 );
-    P( A, B, C, D, X[ 2],  3 );
-    P( D, A, B, C, X[ 6],  5 );
-    P( C, D, A, B, X[10],  9 );
-    P( B, C, D, A, X[14], 13 );
-    P( A, B, C, D, X[ 3],  3 );
-    P( D, A, B, C, X[ 7],  5 );
-    P( C, D, A, B, X[11],  9 );
-    P( B, C, D, A, X[15], 13 );
-
-#undef P
-#undef F
-
-#define F(x,y,z) (x ^ y ^ z)
-#define P(a,b,c,d,x,s) { a += F(b,c,d) + x + 0x6ED9EBA1; a = S(a,s); }
-
-    P( A, B, C, D, X[ 0],  3 );
-    P( D, A, B, C, X[ 8],  9 );
-    P( C, D, A, B, X[ 4], 11 );
-    P( B, C, D, A, X[12], 15 );
-    P( A, B, C, D, X[ 2],  3 );
-    P( D, A, B, C, X[10],  9 );
-    P( C, D, A, B, X[ 6], 11 );
-    P( B, C, D, A, X[14], 15 );
-    P( A, B, C, D, X[ 1],  3 );
-    P( D, A, B, C, X[ 9],  9 );
-    P( C, D, A, B, X[ 5], 11 );
-    P( B, C, D, A, X[13], 15 );
-    P( A, B, C, D, X[ 3],  3 );
-    P( D, A, B, C, X[11],  9 );
-    P( C, D, A, B, X[ 7], 11 );
-    P( B, C, D, A, X[15], 15 );
-
-#undef F
-#undef P
-
-    ctx->state[0] += A;
-    ctx->state[1] += B;
-    ctx->state[2] += C;
-    ctx->state[3] += D;
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4_process( mbedtls_md4_context *ctx,
-                          const unsigned char data[64] )
-{
-    mbedtls_internal_md4_process( ctx, data );
-}
-#endif
-#endif /* !MBEDTLS_MD4_PROCESS_ALT */
-
-/*
- * MD4 process buffer
- */
-int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
-                            const unsigned char *input,
-                            size_t ilen )
-{
-    int ret;
-    size_t fill;
-    uint32_t left;
-
-    if( ilen == 0 )
-        return( 0 );
-
-    left = ctx->total[0] & 0x3F;
-    fill = 64 - left;
-
-    ctx->total[0] += (uint32_t) ilen;
-    ctx->total[0] &= 0xFFFFFFFF;
-
-    if( ctx->total[0] < (uint32_t) ilen )
-        ctx->total[1]++;
-
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left),
-                (void *) input, fill );
-
-        if( ( ret = mbedtls_internal_md4_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
-
-        input += fill;
-        ilen  -= fill;
-        left = 0;
-    }
-
-    while( ilen >= 64 )
-    {
-        if( ( ret = mbedtls_internal_md4_process( ctx, input ) ) != 0 )
-            return( ret );
-
-        input += 64;
-        ilen  -= 64;
-    }
-
-    if( ilen > 0 )
-    {
-        memcpy( (void *) (ctx->buffer + left),
-                (void *) input, ilen );
-    }
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4_update( mbedtls_md4_context *ctx,
-                         const unsigned char *input,
-                         size_t ilen )
-{
-    mbedtls_md4_update_ret( ctx, input, ilen );
-}
-#endif
-
-static const unsigned char md4_padding[64] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/*
- * MD4 final digest
- */
-int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
-                            unsigned char output[16] )
-{
-    int ret;
-    uint32_t last, padn;
-    uint32_t high, low;
-    unsigned char msglen[8];
-
-    high = ( ctx->total[0] >> 29 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
-
-    PUT_UINT32_LE( low,  msglen, 0 );
-    PUT_UINT32_LE( high, msglen, 4 );
-
-    last = ctx->total[0] & 0x3F;
-    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
-
-    ret = mbedtls_md4_update_ret( ctx, (unsigned char *)md4_padding, padn );
-    if( ret != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_md4_update_ret( ctx, msglen, 8 ) ) != 0 )
-        return( ret );
-
-
-    PUT_UINT32_LE( ctx->state[0], output,  0 );
-    PUT_UINT32_LE( ctx->state[1], output,  4 );
-    PUT_UINT32_LE( ctx->state[2], output,  8 );
-    PUT_UINT32_LE( ctx->state[3], output, 12 );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4_finish( mbedtls_md4_context *ctx,
-                         unsigned char output[16] )
-{
-    mbedtls_md4_finish_ret( ctx, output );
-}
-#endif
-
-#endif /* !MBEDTLS_MD4_ALT */
-
-/*
- * output = MD4( input buffer )
- */
-int mbedtls_md4_ret( const unsigned char *input,
-                     size_t ilen,
-                     unsigned char output[16] )
-{
-    int ret;
-    mbedtls_md4_context ctx;
-
-    mbedtls_md4_init( &ctx );
-
-    if( ( ret = mbedtls_md4_starts_ret( &ctx ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_md4_update_ret( &ctx, input, ilen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_md4_finish_ret( &ctx, output ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_md4_free( &ctx );
-
-    return( ret );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4( const unsigned char *input,
-                  size_t ilen,
-                  unsigned char output[16] )
-{
-    mbedtls_md4_ret( input, ilen, output );
-}
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/*
- * RFC 1320 test vectors
- */
-static const unsigned char md4_test_str[7][81] =
-{
-    { "" },
-    { "a" },
-    { "abc" },
-    { "message digest" },
-    { "abcdefghijklmnopqrstuvwxyz" },
-    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
-    { "12345678901234567890123456789012345678901234567890123456789012"
-      "345678901234567890" }
-};
-
-static const size_t md4_test_strlen[7] =
-{
-    0, 1, 3, 14, 26, 62, 80
-};
-
-static const unsigned char md4_test_sum[7][16] =
-{
-    { 0x31, 0xD6, 0xCF, 0xE0, 0xD1, 0x6A, 0xE9, 0x31,
-      0xB7, 0x3C, 0x59, 0xD7, 0xE0, 0xC0, 0x89, 0xC0 },
-    { 0xBD, 0xE5, 0x2C, 0xB3, 0x1D, 0xE3, 0x3E, 0x46,
-      0x24, 0x5E, 0x05, 0xFB, 0xDB, 0xD6, 0xFB, 0x24 },
-    { 0xA4, 0x48, 0x01, 0x7A, 0xAF, 0x21, 0xD8, 0x52,
-      0x5F, 0xC1, 0x0A, 0xE8, 0x7A, 0xA6, 0x72, 0x9D },
-    { 0xD9, 0x13, 0x0A, 0x81, 0x64, 0x54, 0x9F, 0xE8,
-      0x18, 0x87, 0x48, 0x06, 0xE1, 0xC7, 0x01, 0x4B },
-    { 0xD7, 0x9E, 0x1C, 0x30, 0x8A, 0xA5, 0xBB, 0xCD,
-      0xEE, 0xA8, 0xED, 0x63, 0xDF, 0x41, 0x2D, 0xA9 },
-    { 0x04, 0x3F, 0x85, 0x82, 0xF2, 0x41, 0xDB, 0x35,
-      0x1C, 0xE6, 0x27, 0xE1, 0x53, 0xE7, 0xF0, 0xE4 },
-    { 0xE3, 0x3B, 0x4D, 0xDC, 0x9C, 0x38, 0xF2, 0x19,
-      0x9C, 0x3E, 0x7B, 0x16, 0x4F, 0xCC, 0x05, 0x36 }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_md4_self_test( int verbose )
-{
-    int i, ret = 0;
-    unsigned char md4sum[16];
-
-    for( i = 0; i < 7; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  MD4 test #%d: ", i + 1 );
-
-        ret = mbedtls_md4_ret( md4_test_str[i], md4_test_strlen[i], md4sum );
-        if( ret != 0 )
-            goto fail;
-
-        if( memcmp( md4sum, md4_test_sum[i], 16 ) != 0 )
-        {
-            ret = 1;
-            goto fail;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-
-fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_MD4_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/md5.c b/components/ssl/mbedtls/mbedtls/library/md5.c
deleted file mode 100644
index 8440ebff..00000000
--- a/components/ssl/mbedtls/mbedtls/library/md5.c
+++ /dev/null
@@ -1,485 +0,0 @@
-/*
- *  RFC 1321 compliant MD5 implementation
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  The MD5 algorithm was designed by Ron Rivest in 1991.
- *
- *  http://www.ietf.org/rfc/rfc1321.txt
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_MD5_C)
-
-#include "mbedtls/md5.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#if !defined(MBEDTLS_MD5_ALT)
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- * 32-bit integer manipulation macros (little endian)
- */
-#ifndef GET_UINT32_LE
-#define GET_UINT32_LE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ]       )             \
-        | ( (uint32_t) (b)[(i) + 1] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 2] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 3] << 24 );            \
-}
-#endif
-
-#ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i)                                    \
-{                                                               \
-    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
-    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
-    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
-    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
-}
-#endif
-
-void mbedtls_md5_init( mbedtls_md5_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_md5_context ) );
-}
-
-void mbedtls_md5_free( mbedtls_md5_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_md5_context ) );
-}
-
-void mbedtls_md5_clone( mbedtls_md5_context *dst,
-                        const mbedtls_md5_context *src )
-{
-    *dst = *src;
-}
-
-/*
- * MD5 context setup
- */
-int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx )
-{
-    ctx->total[0] = 0;
-    ctx->total[1] = 0;
-
-    ctx->state[0] = 0x67452301;
-    ctx->state[1] = 0xEFCDAB89;
-    ctx->state[2] = 0x98BADCFE;
-    ctx->state[3] = 0x10325476;
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5_starts( mbedtls_md5_context *ctx )
-{
-    mbedtls_md5_starts_ret( ctx );
-}
-#endif
-
-#if !defined(MBEDTLS_MD5_PROCESS_ALT)
-int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
-                                  const unsigned char data[64] )
-{
-    uint32_t X[16], A, B, C, D;
-
-    GET_UINT32_LE( X[ 0], data,  0 );
-    GET_UINT32_LE( X[ 1], data,  4 );
-    GET_UINT32_LE( X[ 2], data,  8 );
-    GET_UINT32_LE( X[ 3], data, 12 );
-    GET_UINT32_LE( X[ 4], data, 16 );
-    GET_UINT32_LE( X[ 5], data, 20 );
-    GET_UINT32_LE( X[ 6], data, 24 );
-    GET_UINT32_LE( X[ 7], data, 28 );
-    GET_UINT32_LE( X[ 8], data, 32 );
-    GET_UINT32_LE( X[ 9], data, 36 );
-    GET_UINT32_LE( X[10], data, 40 );
-    GET_UINT32_LE( X[11], data, 44 );
-    GET_UINT32_LE( X[12], data, 48 );
-    GET_UINT32_LE( X[13], data, 52 );
-    GET_UINT32_LE( X[14], data, 56 );
-    GET_UINT32_LE( X[15], data, 60 );
-
-#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
-
-#define P(a,b,c,d,k,s,t)                                \
-{                                                       \
-    a += F(b,c,d) + X[k] + t; a = S(a,s) + b;           \
-}
-
-    A = ctx->state[0];
-    B = ctx->state[1];
-    C = ctx->state[2];
-    D = ctx->state[3];
-
-#define F(x,y,z) (z ^ (x & (y ^ z)))
-
-    P( A, B, C, D,  0,  7, 0xD76AA478 );
-    P( D, A, B, C,  1, 12, 0xE8C7B756 );
-    P( C, D, A, B,  2, 17, 0x242070DB );
-    P( B, C, D, A,  3, 22, 0xC1BDCEEE );
-    P( A, B, C, D,  4,  7, 0xF57C0FAF );
-    P( D, A, B, C,  5, 12, 0x4787C62A );
-    P( C, D, A, B,  6, 17, 0xA8304613 );
-    P( B, C, D, A,  7, 22, 0xFD469501 );
-    P( A, B, C, D,  8,  7, 0x698098D8 );
-    P( D, A, B, C,  9, 12, 0x8B44F7AF );
-    P( C, D, A, B, 10, 17, 0xFFFF5BB1 );
-    P( B, C, D, A, 11, 22, 0x895CD7BE );
-    P( A, B, C, D, 12,  7, 0x6B901122 );
-    P( D, A, B, C, 13, 12, 0xFD987193 );
-    P( C, D, A, B, 14, 17, 0xA679438E );
-    P( B, C, D, A, 15, 22, 0x49B40821 );
-
-#undef F
-
-#define F(x,y,z) (y ^ (z & (x ^ y)))
-
-    P( A, B, C, D,  1,  5, 0xF61E2562 );
-    P( D, A, B, C,  6,  9, 0xC040B340 );
-    P( C, D, A, B, 11, 14, 0x265E5A51 );
-    P( B, C, D, A,  0, 20, 0xE9B6C7AA );
-    P( A, B, C, D,  5,  5, 0xD62F105D );
-    P( D, A, B, C, 10,  9, 0x02441453 );
-    P( C, D, A, B, 15, 14, 0xD8A1E681 );
-    P( B, C, D, A,  4, 20, 0xE7D3FBC8 );
-    P( A, B, C, D,  9,  5, 0x21E1CDE6 );
-    P( D, A, B, C, 14,  9, 0xC33707D6 );
-    P( C, D, A, B,  3, 14, 0xF4D50D87 );
-    P( B, C, D, A,  8, 20, 0x455A14ED );
-    P( A, B, C, D, 13,  5, 0xA9E3E905 );
-    P( D, A, B, C,  2,  9, 0xFCEFA3F8 );
-    P( C, D, A, B,  7, 14, 0x676F02D9 );
-    P( B, C, D, A, 12, 20, 0x8D2A4C8A );
-
-#undef F
-
-#define F(x,y,z) (x ^ y ^ z)
-
-    P( A, B, C, D,  5,  4, 0xFFFA3942 );
-    P( D, A, B, C,  8, 11, 0x8771F681 );
-    P( C, D, A, B, 11, 16, 0x6D9D6122 );
-    P( B, C, D, A, 14, 23, 0xFDE5380C );
-    P( A, B, C, D,  1,  4, 0xA4BEEA44 );
-    P( D, A, B, C,  4, 11, 0x4BDECFA9 );
-    P( C, D, A, B,  7, 16, 0xF6BB4B60 );
-    P( B, C, D, A, 10, 23, 0xBEBFBC70 );
-    P( A, B, C, D, 13,  4, 0x289B7EC6 );
-    P( D, A, B, C,  0, 11, 0xEAA127FA );
-    P( C, D, A, B,  3, 16, 0xD4EF3085 );
-    P( B, C, D, A,  6, 23, 0x04881D05 );
-    P( A, B, C, D,  9,  4, 0xD9D4D039 );
-    P( D, A, B, C, 12, 11, 0xE6DB99E5 );
-    P( C, D, A, B, 15, 16, 0x1FA27CF8 );
-    P( B, C, D, A,  2, 23, 0xC4AC5665 );
-
-#undef F
-
-#define F(x,y,z) (y ^ (x | ~z))
-
-    P( A, B, C, D,  0,  6, 0xF4292244 );
-    P( D, A, B, C,  7, 10, 0x432AFF97 );
-    P( C, D, A, B, 14, 15, 0xAB9423A7 );
-    P( B, C, D, A,  5, 21, 0xFC93A039 );
-    P( A, B, C, D, 12,  6, 0x655B59C3 );
-    P( D, A, B, C,  3, 10, 0x8F0CCC92 );
-    P( C, D, A, B, 10, 15, 0xFFEFF47D );
-    P( B, C, D, A,  1, 21, 0x85845DD1 );
-    P( A, B, C, D,  8,  6, 0x6FA87E4F );
-    P( D, A, B, C, 15, 10, 0xFE2CE6E0 );
-    P( C, D, A, B,  6, 15, 0xA3014314 );
-    P( B, C, D, A, 13, 21, 0x4E0811A1 );
-    P( A, B, C, D,  4,  6, 0xF7537E82 );
-    P( D, A, B, C, 11, 10, 0xBD3AF235 );
-    P( C, D, A, B,  2, 15, 0x2AD7D2BB );
-    P( B, C, D, A,  9, 21, 0xEB86D391 );
-
-#undef F
-
-    ctx->state[0] += A;
-    ctx->state[1] += B;
-    ctx->state[2] += C;
-    ctx->state[3] += D;
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5_process( mbedtls_md5_context *ctx,
-                          const unsigned char data[64] )
-{
-    mbedtls_internal_md5_process( ctx, data );
-}
-#endif
-#endif /* !MBEDTLS_MD5_PROCESS_ALT */
-
-/*
- * MD5 process buffer
- */
-int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
-                            const unsigned char *input,
-                            size_t ilen )
-{
-    int ret;
-    size_t fill;
-    uint32_t left;
-
-    if( ilen == 0 )
-        return( 0 );
-
-    left = ctx->total[0] & 0x3F;
-    fill = 64 - left;
-
-    ctx->total[0] += (uint32_t) ilen;
-    ctx->total[0] &= 0xFFFFFFFF;
-
-    if( ctx->total[0] < (uint32_t) ilen )
-        ctx->total[1]++;
-
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, fill );
-        if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
-
-        input += fill;
-        ilen  -= fill;
-        left = 0;
-    }
-
-    while( ilen >= 64 )
-    {
-        if( ( ret = mbedtls_internal_md5_process( ctx, input ) ) != 0 )
-            return( ret );
-
-        input += 64;
-        ilen  -= 64;
-    }
-
-    if( ilen > 0 )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, ilen );
-    }
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5_update( mbedtls_md5_context *ctx,
-                         const unsigned char *input,
-                         size_t ilen )
-{
-    mbedtls_md5_update_ret( ctx, input, ilen );
-}
-#endif
-
-static const unsigned char md5_padding[64] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/*
- * MD5 final digest
- */
-int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
-                            unsigned char output[16] )
-{
-    int ret;
-    uint32_t last, padn;
-    uint32_t high, low;
-    unsigned char msglen[8];
-
-    high = ( ctx->total[0] >> 29 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
-
-    PUT_UINT32_LE( low,  msglen, 0 );
-    PUT_UINT32_LE( high, msglen, 4 );
-
-    last = ctx->total[0] & 0x3F;
-    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
-
-    if( ( ret = mbedtls_md5_update_ret( ctx, md5_padding, padn ) ) != 0 )
-            return( ret );
-
-    if( ( ret = mbedtls_md5_update_ret( ctx, msglen, 8 ) ) != 0 )
-            return( ret );
-
-    PUT_UINT32_LE( ctx->state[0], output,  0 );
-    PUT_UINT32_LE( ctx->state[1], output,  4 );
-    PUT_UINT32_LE( ctx->state[2], output,  8 );
-    PUT_UINT32_LE( ctx->state[3], output, 12 );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5_finish( mbedtls_md5_context *ctx,
-                         unsigned char output[16] )
-{
-    mbedtls_md5_finish_ret( ctx, output );
-}
-#endif
-
-#endif /* !MBEDTLS_MD5_ALT */
-
-/*
- * output = MD5( input buffer )
- */
-int mbedtls_md5_ret( const unsigned char *input,
-                     size_t ilen,
-                     unsigned char output[16] )
-{
-    int ret;
-    mbedtls_md5_context ctx;
-
-    mbedtls_md5_init( &ctx );
-
-    if( ( ret = mbedtls_md5_starts_ret( &ctx ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_md5_update_ret( &ctx, input, ilen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_md5_finish_ret( &ctx, output ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_md5_free( &ctx );
-
-    return( ret );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5( const unsigned char *input,
-                  size_t ilen,
-                  unsigned char output[16] )
-{
-    mbedtls_md5_ret( input, ilen, output );
-}
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * RFC 1321 test vectors
- */
-static const unsigned char md5_test_buf[7][81] =
-{
-    { "" },
-    { "a" },
-    { "abc" },
-    { "message digest" },
-    { "abcdefghijklmnopqrstuvwxyz" },
-    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
-    { "12345678901234567890123456789012345678901234567890123456789012"
-      "345678901234567890" }
-};
-
-static const size_t md5_test_buflen[7] =
-{
-    0, 1, 3, 14, 26, 62, 80
-};
-
-static const unsigned char md5_test_sum[7][16] =
-{
-    { 0xD4, 0x1D, 0x8C, 0xD9, 0x8F, 0x00, 0xB2, 0x04,
-      0xE9, 0x80, 0x09, 0x98, 0xEC, 0xF8, 0x42, 0x7E },
-    { 0x0C, 0xC1, 0x75, 0xB9, 0xC0, 0xF1, 0xB6, 0xA8,
-      0x31, 0xC3, 0x99, 0xE2, 0x69, 0x77, 0x26, 0x61 },
-    { 0x90, 0x01, 0x50, 0x98, 0x3C, 0xD2, 0x4F, 0xB0,
-      0xD6, 0x96, 0x3F, 0x7D, 0x28, 0xE1, 0x7F, 0x72 },
-    { 0xF9, 0x6B, 0x69, 0x7D, 0x7C, 0xB7, 0x93, 0x8D,
-      0x52, 0x5A, 0x2F, 0x31, 0xAA, 0xF1, 0x61, 0xD0 },
-    { 0xC3, 0xFC, 0xD3, 0xD7, 0x61, 0x92, 0xE4, 0x00,
-      0x7D, 0xFB, 0x49, 0x6C, 0xCA, 0x67, 0xE1, 0x3B },
-    { 0xD1, 0x74, 0xAB, 0x98, 0xD2, 0x77, 0xD9, 0xF5,
-      0xA5, 0x61, 0x1C, 0x2C, 0x9F, 0x41, 0x9D, 0x9F },
-    { 0x57, 0xED, 0xF4, 0xA2, 0x2B, 0xE3, 0xC9, 0x55,
-      0xAC, 0x49, 0xDA, 0x2E, 0x21, 0x07, 0xB6, 0x7A }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_md5_self_test( int verbose )
-{
-    int i, ret = 0;
-    unsigned char md5sum[16];
-
-    for( i = 0; i < 7; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  MD5 test #%d: ", i + 1 );
-
-        ret = mbedtls_md5_ret( md5_test_buf[i], md5_test_buflen[i], md5sum );
-        if( ret != 0 )
-            goto fail;
-
-        if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 )
-        {
-            ret = 1;
-            goto fail;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-
-fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_MD5_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/md_wrap.c b/components/ssl/mbedtls/mbedtls/library/md_wrap.c
deleted file mode 100644
index 32f08719..00000000
--- a/components/ssl/mbedtls/mbedtls/library/md_wrap.c
+++ /dev/null
@@ -1,586 +0,0 @@
-/**
- * \file md_wrap.c
- *
- * \brief Generic message digest wrapper for mbed TLS
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_MD_C)
-
-#include "mbedtls/md_internal.h"
-
-#if defined(MBEDTLS_MD2_C)
-#include "mbedtls/md2.h"
-#endif
-
-#if defined(MBEDTLS_MD4_C)
-#include "mbedtls/md4.h"
-#endif
-
-#if defined(MBEDTLS_MD5_C)
-#include "mbedtls/md5.h"
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
-#include "mbedtls/ripemd160.h"
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
-#include "mbedtls/sha1.h"
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-#include "mbedtls/sha256.h"
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-#include "mbedtls/sha512.h"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc    calloc
-#define mbedtls_free       free
-#endif
-
-#if defined(MBEDTLS_MD2_C)
-
-static int md2_starts_wrap( void *ctx )
-{
-    return( mbedtls_md2_starts_ret( (mbedtls_md2_context *) ctx ) );
-}
-
-static int md2_update_wrap( void *ctx, const unsigned char *input,
-                             size_t ilen )
-{
-    return( mbedtls_md2_update_ret( (mbedtls_md2_context *) ctx, input, ilen ) );
-}
-
-static int md2_finish_wrap( void *ctx, unsigned char *output )
-{
-    return( mbedtls_md2_finish_ret( (mbedtls_md2_context *) ctx, output ) );
-}
-
-static void *md2_ctx_alloc( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md2_context ) );
-
-    if( ctx != NULL )
-        mbedtls_md2_init( (mbedtls_md2_context *) ctx );
-
-    return( ctx );
-}
-
-static void md2_ctx_free( void *ctx )
-{
-    mbedtls_md2_free( (mbedtls_md2_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static void md2_clone_wrap( void *dst, const void *src )
-{
-    mbedtls_md2_clone( (mbedtls_md2_context *) dst,
-                 (const mbedtls_md2_context *) src );
-}
-
-static int md2_process_wrap( void *ctx, const unsigned char *data )
-{
-    ((void) data);
-
-    return( mbedtls_internal_md2_process( (mbedtls_md2_context *) ctx ) );
-}
-
-const mbedtls_md_info_t mbedtls_md2_info = {
-    MBEDTLS_MD_MD2,
-    "MD2",
-    16,
-    16,
-    md2_starts_wrap,
-    md2_update_wrap,
-    md2_finish_wrap,
-    mbedtls_md2_ret,
-    md2_ctx_alloc,
-    md2_ctx_free,
-    md2_clone_wrap,
-    md2_process_wrap,
-};
-
-#endif /* MBEDTLS_MD2_C */
-
-#if defined(MBEDTLS_MD4_C)
-
-static int md4_starts_wrap( void *ctx )
-{
-    return( mbedtls_md4_starts_ret( (mbedtls_md4_context *) ctx ) );
-}
-
-static int md4_update_wrap( void *ctx, const unsigned char *input,
-                             size_t ilen )
-{
-    return( mbedtls_md4_update_ret( (mbedtls_md4_context *) ctx, input, ilen ) );
-}
-
-static int md4_finish_wrap( void *ctx, unsigned char *output )
-{
-    return( mbedtls_md4_finish_ret( (mbedtls_md4_context *) ctx, output ) );
-}
-
-static void *md4_ctx_alloc( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md4_context ) );
-
-    if( ctx != NULL )
-        mbedtls_md4_init( (mbedtls_md4_context *) ctx );
-
-    return( ctx );
-}
-
-static void md4_ctx_free( void *ctx )
-{
-    mbedtls_md4_free( (mbedtls_md4_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static void md4_clone_wrap( void *dst, const void *src )
-{
-    mbedtls_md4_clone( (mbedtls_md4_context *) dst,
-                       (const mbedtls_md4_context *) src );
-}
-
-static int md4_process_wrap( void *ctx, const unsigned char *data )
-{
-    return( mbedtls_internal_md4_process( (mbedtls_md4_context *) ctx, data ) );
-}
-
-const mbedtls_md_info_t mbedtls_md4_info = {
-    MBEDTLS_MD_MD4,
-    "MD4",
-    16,
-    64,
-    md4_starts_wrap,
-    md4_update_wrap,
-    md4_finish_wrap,
-    mbedtls_md4_ret,
-    md4_ctx_alloc,
-    md4_ctx_free,
-    md4_clone_wrap,
-    md4_process_wrap,
-};
-
-#endif /* MBEDTLS_MD4_C */
-
-#if defined(MBEDTLS_MD5_C)
-
-static int md5_starts_wrap( void *ctx )
-{
-    return( mbedtls_md5_starts_ret( (mbedtls_md5_context *) ctx ) );
-}
-
-static int md5_update_wrap( void *ctx, const unsigned char *input,
-                             size_t ilen )
-{
-    return( mbedtls_md5_update_ret( (mbedtls_md5_context *) ctx, input, ilen ) );
-}
-
-static int md5_finish_wrap( void *ctx, unsigned char *output )
-{
-    return( mbedtls_md5_finish_ret( (mbedtls_md5_context *) ctx, output ) );
-}
-
-static void *md5_ctx_alloc( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md5_context ) );
-
-    if( ctx != NULL )
-        mbedtls_md5_init( (mbedtls_md5_context *) ctx );
-
-    return( ctx );
-}
-
-static void md5_ctx_free( void *ctx )
-{
-    mbedtls_md5_free( (mbedtls_md5_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static void md5_clone_wrap( void *dst, const void *src )
-{
-    mbedtls_md5_clone( (mbedtls_md5_context *) dst,
-                       (const mbedtls_md5_context *) src );
-}
-
-static int md5_process_wrap( void *ctx, const unsigned char *data )
-{
-    return( mbedtls_internal_md5_process( (mbedtls_md5_context *) ctx, data ) );
-}
-
-const mbedtls_md_info_t mbedtls_md5_info = {
-    MBEDTLS_MD_MD5,
-    "MD5",
-    16,
-    64,
-    md5_starts_wrap,
-    md5_update_wrap,
-    md5_finish_wrap,
-    mbedtls_md5_ret,
-    md5_ctx_alloc,
-    md5_ctx_free,
-    md5_clone_wrap,
-    md5_process_wrap,
-};
-
-#endif /* MBEDTLS_MD5_C */
-
-#if defined(MBEDTLS_RIPEMD160_C)
-
-static int ripemd160_starts_wrap( void *ctx )
-{
-    return( mbedtls_ripemd160_starts_ret( (mbedtls_ripemd160_context *) ctx ) );
-}
-
-static int ripemd160_update_wrap( void *ctx, const unsigned char *input,
-                                   size_t ilen )
-{
-    return( mbedtls_ripemd160_update_ret( (mbedtls_ripemd160_context *) ctx,
-                                          input, ilen ) );
-}
-
-static int ripemd160_finish_wrap( void *ctx, unsigned char *output )
-{
-    return( mbedtls_ripemd160_finish_ret( (mbedtls_ripemd160_context *) ctx,
-                                          output ) );
-}
-
-static void *ripemd160_ctx_alloc( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ripemd160_context ) );
-
-    if( ctx != NULL )
-        mbedtls_ripemd160_init( (mbedtls_ripemd160_context *) ctx );
-
-    return( ctx );
-}
-
-static void ripemd160_ctx_free( void *ctx )
-{
-    mbedtls_ripemd160_free( (mbedtls_ripemd160_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static void ripemd160_clone_wrap( void *dst, const void *src )
-{
-    mbedtls_ripemd160_clone( (mbedtls_ripemd160_context *) dst,
-                       (const mbedtls_ripemd160_context *) src );
-}
-
-static int ripemd160_process_wrap( void *ctx, const unsigned char *data )
-{
-    return( mbedtls_internal_ripemd160_process(
-                                (mbedtls_ripemd160_context *) ctx, data ) );
-}
-
-const mbedtls_md_info_t mbedtls_ripemd160_info = {
-    MBEDTLS_MD_RIPEMD160,
-    "RIPEMD160",
-    20,
-    64,
-    ripemd160_starts_wrap,
-    ripemd160_update_wrap,
-    ripemd160_finish_wrap,
-    mbedtls_ripemd160_ret,
-    ripemd160_ctx_alloc,
-    ripemd160_ctx_free,
-    ripemd160_clone_wrap,
-    ripemd160_process_wrap,
-};
-
-#endif /* MBEDTLS_RIPEMD160_C */
-
-#if defined(MBEDTLS_SHA1_C)
-
-static int sha1_starts_wrap( void *ctx )
-{
-    return( mbedtls_sha1_starts_ret( (mbedtls_sha1_context *) ctx ) );
-}
-
-static int sha1_update_wrap( void *ctx, const unsigned char *input,
-                              size_t ilen )
-{
-    return( mbedtls_sha1_update_ret( (mbedtls_sha1_context *) ctx,
-                                     input, ilen ) );
-}
-
-static int sha1_finish_wrap( void *ctx, unsigned char *output )
-{
-    return( mbedtls_sha1_finish_ret( (mbedtls_sha1_context *) ctx, output ) );
-}
-
-static void *sha1_ctx_alloc( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha1_context ) );
-
-    if( ctx != NULL )
-        mbedtls_sha1_init( (mbedtls_sha1_context *) ctx );
-
-    return( ctx );
-}
-
-static void sha1_clone_wrap( void *dst, const void *src )
-{
-    mbedtls_sha1_clone( (mbedtls_sha1_context *) dst,
-                  (const mbedtls_sha1_context *) src );
-}
-
-static void sha1_ctx_free( void *ctx )
-{
-    mbedtls_sha1_free( (mbedtls_sha1_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static int sha1_process_wrap( void *ctx, const unsigned char *data )
-{
-    return( mbedtls_internal_sha1_process( (mbedtls_sha1_context *) ctx,
-                                           data ) );
-}
-
-const mbedtls_md_info_t mbedtls_sha1_info = {
-    MBEDTLS_MD_SHA1,
-    "SHA1",
-    20,
-    64,
-    sha1_starts_wrap,
-    sha1_update_wrap,
-    sha1_finish_wrap,
-    mbedtls_sha1_ret,
-    sha1_ctx_alloc,
-    sha1_ctx_free,
-    sha1_clone_wrap,
-    sha1_process_wrap,
-};
-
-#endif /* MBEDTLS_SHA1_C */
-
-/*
- * Wrappers for generic message digests
- */
-#if defined(MBEDTLS_SHA256_C)
-
-static int sha224_starts_wrap( void *ctx )
-{
-    return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 1 ) );
-}
-
-static int sha224_update_wrap( void *ctx, const unsigned char *input,
-                                size_t ilen )
-{
-    return( mbedtls_sha256_update_ret( (mbedtls_sha256_context *) ctx,
-                                       input, ilen ) );
-}
-
-static int sha224_finish_wrap( void *ctx, unsigned char *output )
-{
-    return( mbedtls_sha256_finish_ret( (mbedtls_sha256_context *) ctx,
-                                       output ) );
-}
-
-static int sha224_wrap( const unsigned char *input, size_t ilen,
-                        unsigned char *output )
-{
-    return( mbedtls_sha256_ret( input, ilen, output, 1 ) );
-}
-
-static void *sha224_ctx_alloc( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha256_context ) );
-
-    if( ctx != NULL )
-        mbedtls_sha256_init( (mbedtls_sha256_context *) ctx );
-
-    return( ctx );
-}
-
-static void sha224_ctx_free( void *ctx )
-{
-    mbedtls_sha256_free( (mbedtls_sha256_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static void sha224_clone_wrap( void *dst, const void *src )
-{
-    mbedtls_sha256_clone( (mbedtls_sha256_context *) dst,
-                    (const mbedtls_sha256_context *) src );
-}
-
-static int sha224_process_wrap( void *ctx, const unsigned char *data )
-{
-    return( mbedtls_internal_sha256_process( (mbedtls_sha256_context *) ctx,
-                                             data ) );
-}
-
-const mbedtls_md_info_t mbedtls_sha224_info = {
-    MBEDTLS_MD_SHA224,
-    "SHA224",
-    28,
-    64,
-    sha224_starts_wrap,
-    sha224_update_wrap,
-    sha224_finish_wrap,
-    sha224_wrap,
-    sha224_ctx_alloc,
-    sha224_ctx_free,
-    sha224_clone_wrap,
-    sha224_process_wrap,
-};
-
-static int sha256_starts_wrap( void *ctx )
-{
-    return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 0 ) );
-}
-
-static int sha256_wrap( const unsigned char *input, size_t ilen,
-                        unsigned char *output )
-{
-    return( mbedtls_sha256_ret( input, ilen, output, 0 ) );
-}
-
-const mbedtls_md_info_t mbedtls_sha256_info = {
-    MBEDTLS_MD_SHA256,
-    "SHA256",
-    32,
-    64,
-    sha256_starts_wrap,
-    sha224_update_wrap,
-    sha224_finish_wrap,
-    sha256_wrap,
-    sha224_ctx_alloc,
-    sha224_ctx_free,
-    sha224_clone_wrap,
-    sha224_process_wrap,
-};
-
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-
-static int sha384_starts_wrap( void *ctx )
-{
-    return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 1 ) );
-}
-
-static int sha384_update_wrap( void *ctx, const unsigned char *input,
-                               size_t ilen )
-{
-    return( mbedtls_sha512_update_ret( (mbedtls_sha512_context *) ctx,
-                                       input, ilen ) );
-}
-
-static int sha384_finish_wrap( void *ctx, unsigned char *output )
-{
-    return( mbedtls_sha512_finish_ret( (mbedtls_sha512_context *) ctx,
-                                       output ) );
-}
-
-static int sha384_wrap( const unsigned char *input, size_t ilen,
-                        unsigned char *output )
-{
-    return( mbedtls_sha512_ret( input, ilen, output, 1 ) );
-}
-
-static void *sha384_ctx_alloc( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha512_context ) );
-
-    if( ctx != NULL )
-        mbedtls_sha512_init( (mbedtls_sha512_context *) ctx );
-
-    return( ctx );
-}
-
-static void sha384_ctx_free( void *ctx )
-{
-    mbedtls_sha512_free( (mbedtls_sha512_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static void sha384_clone_wrap( void *dst, const void *src )
-{
-    mbedtls_sha512_clone( (mbedtls_sha512_context *) dst,
-                    (const mbedtls_sha512_context *) src );
-}
-
-static int sha384_process_wrap( void *ctx, const unsigned char *data )
-{
-    return( mbedtls_internal_sha512_process( (mbedtls_sha512_context *) ctx,
-                                             data ) );
-}
-
-const mbedtls_md_info_t mbedtls_sha384_info = {
-    MBEDTLS_MD_SHA384,
-    "SHA384",
-    48,
-    128,
-    sha384_starts_wrap,
-    sha384_update_wrap,
-    sha384_finish_wrap,
-    sha384_wrap,
-    sha384_ctx_alloc,
-    sha384_ctx_free,
-    sha384_clone_wrap,
-    sha384_process_wrap,
-};
-
-static int sha512_starts_wrap( void *ctx )
-{
-    return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 0 ) );
-}
-
-static int sha512_wrap( const unsigned char *input, size_t ilen,
-                        unsigned char *output )
-{
-    return( mbedtls_sha512_ret( input, ilen, output, 0 ) );
-}
-
-const mbedtls_md_info_t mbedtls_sha512_info = {
-    MBEDTLS_MD_SHA512,
-    "SHA512",
-    64,
-    128,
-    sha512_starts_wrap,
-    sha384_update_wrap,
-    sha384_finish_wrap,
-    sha512_wrap,
-    sha384_ctx_alloc,
-    sha384_ctx_free,
-    sha384_clone_wrap,
-    sha384_process_wrap,
-};
-
-#endif /* MBEDTLS_SHA512_C */
-
-#endif /* MBEDTLS_MD_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/memory_buffer_alloc.c b/components/ssl/mbedtls/mbedtls/library/memory_buffer_alloc.c
deleted file mode 100644
index 821ae2c7..00000000
--- a/components/ssl/mbedtls/mbedtls/library/memory_buffer_alloc.c
+++ /dev/null
@@ -1,752 +0,0 @@
-/*
- *  Buffer-based memory allocator
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#include "mbedtls/memory_buffer_alloc.h"
-
-/* No need for the header guard as MBEDTLS_MEMORY_BUFFER_ALLOC_C
-   is dependent upon MBEDTLS_PLATFORM_C */
-#include "mbedtls/platform.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-#include <execinfo.h>
-#endif
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-#define MAGIC1       0xFF00AA55
-#define MAGIC2       0xEE119966
-#define MAX_BT 20
-
-typedef struct _memory_header memory_header;
-struct _memory_header
-{
-    size_t          magic1;
-    size_t          size;
-    size_t          alloc;
-    memory_header   *prev;
-    memory_header   *next;
-    memory_header   *prev_free;
-    memory_header   *next_free;
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-    char            **trace;
-    size_t          trace_count;
-#endif
-    size_t          magic2;
-};
-
-typedef struct
-{
-    unsigned char   *buf;
-    size_t          len;
-    memory_header   *first;
-    memory_header   *first_free;
-    int             verify;
-#if defined(MBEDTLS_MEMORY_DEBUG)
-    size_t          alloc_count;
-    size_t          free_count;
-    size_t          total_used;
-    size_t          maximum_used;
-    size_t          header_count;
-    size_t          maximum_header_count;
-#endif
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_threading_mutex_t   mutex;
-#endif
-}
-buffer_alloc_ctx;
-
-static buffer_alloc_ctx heap;
-
-#if defined(MBEDTLS_MEMORY_DEBUG)
-static void debug_header( memory_header *hdr )
-{
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-    size_t i;
-#endif
-
-    mbedtls_fprintf( stderr, "HDR:  PTR(%10zu), PREV(%10zu), NEXT(%10zu), "
-                              "ALLOC(%zu), SIZE(%10zu)\n",
-                      (size_t) hdr, (size_t) hdr->prev, (size_t) hdr->next,
-                      hdr->alloc, hdr->size );
-    mbedtls_fprintf( stderr, "      FPREV(%10zu), FNEXT(%10zu)\n",
-                      (size_t) hdr->prev_free, (size_t) hdr->next_free );
-
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-    mbedtls_fprintf( stderr, "TRACE: \n" );
-    for( i = 0; i < hdr->trace_count; i++ )
-        mbedtls_fprintf( stderr, "%s\n", hdr->trace[i] );
-    mbedtls_fprintf( stderr, "\n" );
-#endif
-}
-
-static void debug_chain( void )
-{
-    memory_header *cur = heap.first;
-
-    mbedtls_fprintf( stderr, "\nBlock list\n" );
-    while( cur != NULL )
-    {
-        debug_header( cur );
-        cur = cur->next;
-    }
-
-    mbedtls_fprintf( stderr, "Free list\n" );
-    cur = heap.first_free;
-
-    while( cur != NULL )
-    {
-        debug_header( cur );
-        cur = cur->next_free;
-    }
-}
-#endif /* MBEDTLS_MEMORY_DEBUG */
-
-static int verify_header( memory_header *hdr )
-{
-    if( hdr->magic1 != MAGIC1 )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: MAGIC1 mismatch\n" );
-#endif
-        return( 1 );
-    }
-
-    if( hdr->magic2 != MAGIC2 )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: MAGIC2 mismatch\n" );
-#endif
-        return( 1 );
-    }
-
-    if( hdr->alloc > 1 )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: alloc has illegal value\n" );
-#endif
-        return( 1 );
-    }
-
-    if( hdr->prev != NULL && hdr->prev == hdr->next )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: prev == next\n" );
-#endif
-        return( 1 );
-    }
-
-    if( hdr->prev_free != NULL && hdr->prev_free == hdr->next_free )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: prev_free == next_free\n" );
-#endif
-        return( 1 );
-    }
-
-    return( 0 );
-}
-
-static int verify_chain( void )
-{
-    memory_header *prv = heap.first, *cur;
-
-    if( prv == NULL || verify_header( prv ) != 0 )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: verification of first header "
-                                  "failed\n" );
-#endif
-        return( 1 );
-    }
-
-    if( heap.first->prev != NULL )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: verification failed: "
-                                  "first->prev != NULL\n" );
-#endif
-        return( 1 );
-    }
-
-    cur = heap.first->next;
-
-    while( cur != NULL )
-    {
-        if( verify_header( cur ) != 0 )
-        {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-            mbedtls_fprintf( stderr, "FATAL: verification of header "
-                                      "failed\n" );
-#endif
-            return( 1 );
-        }
-
-        if( cur->prev != prv )
-        {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-            mbedtls_fprintf( stderr, "FATAL: verification failed: "
-                                      "cur->prev != prv\n" );
-#endif
-            return( 1 );
-        }
-
-        prv = cur;
-        cur = cur->next;
-    }
-
-    return( 0 );
-}
-
-static void *buffer_alloc_calloc( size_t n, size_t size )
-{
-    memory_header *new, *cur = heap.first_free;
-    unsigned char *p;
-    void *ret;
-    size_t original_len, len;
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-    void *trace_buffer[MAX_BT];
-    size_t trace_cnt;
-#endif
-
-    if( heap.buf == NULL || heap.first == NULL )
-        return( NULL );
-
-    original_len = len = n * size;
-
-    if( n == 0 || size == 0 || len / n != size )
-        return( NULL );
-    else if( len > (size_t)-MBEDTLS_MEMORY_ALIGN_MULTIPLE )
-        return( NULL );
-
-    if( len % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
-    {
-        len -= len % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
-        len += MBEDTLS_MEMORY_ALIGN_MULTIPLE;
-    }
-
-    // Find block that fits
-    //
-    while( cur != NULL )
-    {
-        if( cur->size >= len )
-            break;
-
-        cur = cur->next_free;
-    }
-
-    if( cur == NULL )
-        return( NULL );
-
-    if( cur->alloc != 0 )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: block in free_list but allocated "
-                                  "data\n" );
-#endif
-        mbedtls_exit( 1 );
-    }
-
-#if defined(MBEDTLS_MEMORY_DEBUG)
-    heap.alloc_count++;
-#endif
-
-    // Found location, split block if > memory_header + 4 room left
-    //
-    if( cur->size - len < sizeof(memory_header) +
-                          MBEDTLS_MEMORY_ALIGN_MULTIPLE )
-    {
-        cur->alloc = 1;
-
-        // Remove from free_list
-        //
-        if( cur->prev_free != NULL )
-            cur->prev_free->next_free = cur->next_free;
-        else
-            heap.first_free = cur->next_free;
-
-        if( cur->next_free != NULL )
-            cur->next_free->prev_free = cur->prev_free;
-
-        cur->prev_free = NULL;
-        cur->next_free = NULL;
-
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        heap.total_used += cur->size;
-        if( heap.total_used > heap.maximum_used )
-            heap.maximum_used = heap.total_used;
-#endif
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-        trace_cnt = backtrace( trace_buffer, MAX_BT );
-        cur->trace = backtrace_symbols( trace_buffer, trace_cnt );
-        cur->trace_count = trace_cnt;
-#endif
-
-        if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 )
-            mbedtls_exit( 1 );
-
-        ret = (unsigned char *) cur + sizeof( memory_header );
-        memset( ret, 0, original_len );
-
-        return( ret );
-    }
-
-    p = ( (unsigned char *) cur ) + sizeof(memory_header) + len;
-    new = (memory_header *) p;
-
-    new->size = cur->size - len - sizeof(memory_header);
-    new->alloc = 0;
-    new->prev = cur;
-    new->next = cur->next;
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-    new->trace = NULL;
-    new->trace_count = 0;
-#endif
-    new->magic1 = MAGIC1;
-    new->magic2 = MAGIC2;
-
-    if( new->next != NULL )
-        new->next->prev = new;
-
-    // Replace cur with new in free_list
-    //
-    new->prev_free = cur->prev_free;
-    new->next_free = cur->next_free;
-    if( new->prev_free != NULL )
-        new->prev_free->next_free = new;
-    else
-        heap.first_free = new;
-
-    if( new->next_free != NULL )
-        new->next_free->prev_free = new;
-
-    cur->alloc = 1;
-    cur->size = len;
-    cur->next = new;
-    cur->prev_free = NULL;
-    cur->next_free = NULL;
-
-#if defined(MBEDTLS_MEMORY_DEBUG)
-    heap.header_count++;
-    if( heap.header_count > heap.maximum_header_count )
-        heap.maximum_header_count = heap.header_count;
-    heap.total_used += cur->size;
-    if( heap.total_used > heap.maximum_used )
-        heap.maximum_used = heap.total_used;
-#endif
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-    trace_cnt = backtrace( trace_buffer, MAX_BT );
-    cur->trace = backtrace_symbols( trace_buffer, trace_cnt );
-    cur->trace_count = trace_cnt;
-#endif
-
-    if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 )
-        mbedtls_exit( 1 );
-
-    ret = (unsigned char *) cur + sizeof( memory_header );
-    memset( ret, 0, original_len );
-
-    return( ret );
-}
-
-static void buffer_alloc_free( void *ptr )
-{
-    memory_header *hdr, *old = NULL;
-    unsigned char *p = (unsigned char *) ptr;
-
-    if( ptr == NULL || heap.buf == NULL || heap.first == NULL )
-        return;
-
-    if( p < heap.buf || p >= heap.buf + heap.len )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: mbedtls_free() outside of managed "
-                                  "space\n" );
-#endif
-        mbedtls_exit( 1 );
-    }
-
-    p -= sizeof(memory_header);
-    hdr = (memory_header *) p;
-
-    if( verify_header( hdr ) != 0 )
-        mbedtls_exit( 1 );
-
-    if( hdr->alloc != 1 )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: mbedtls_free() on unallocated "
-                                  "data\n" );
-#endif
-        mbedtls_exit( 1 );
-    }
-
-    hdr->alloc = 0;
-
-#if defined(MBEDTLS_MEMORY_DEBUG)
-    heap.free_count++;
-    heap.total_used -= hdr->size;
-#endif
-
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-    free( hdr->trace );
-    hdr->trace = NULL;
-    hdr->trace_count = 0;
-#endif
-
-    // Regroup with block before
-    //
-    if( hdr->prev != NULL && hdr->prev->alloc == 0 )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        heap.header_count--;
-#endif
-        hdr->prev->size += sizeof(memory_header) + hdr->size;
-        hdr->prev->next = hdr->next;
-        old = hdr;
-        hdr = hdr->prev;
-
-        if( hdr->next != NULL )
-            hdr->next->prev = hdr;
-
-        memset( old, 0, sizeof(memory_header) );
-    }
-
-    // Regroup with block after
-    //
-    if( hdr->next != NULL && hdr->next->alloc == 0 )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        heap.header_count--;
-#endif
-        hdr->size += sizeof(memory_header) + hdr->next->size;
-        old = hdr->next;
-        hdr->next = hdr->next->next;
-
-        if( hdr->prev_free != NULL || hdr->next_free != NULL )
-        {
-            if( hdr->prev_free != NULL )
-                hdr->prev_free->next_free = hdr->next_free;
-            else
-                heap.first_free = hdr->next_free;
-
-            if( hdr->next_free != NULL )
-                hdr->next_free->prev_free = hdr->prev_free;
-        }
-
-        hdr->prev_free = old->prev_free;
-        hdr->next_free = old->next_free;
-
-        if( hdr->prev_free != NULL )
-            hdr->prev_free->next_free = hdr;
-        else
-            heap.first_free = hdr;
-
-        if( hdr->next_free != NULL )
-            hdr->next_free->prev_free = hdr;
-
-        if( hdr->next != NULL )
-            hdr->next->prev = hdr;
-
-        memset( old, 0, sizeof(memory_header) );
-    }
-
-    // Prepend to free_list if we have not merged
-    // (Does not have to stay in same order as prev / next list)
-    //
-    if( old == NULL )
-    {
-        hdr->next_free = heap.first_free;
-        if( heap.first_free != NULL )
-            heap.first_free->prev_free = hdr;
-        heap.first_free = hdr;
-    }
-
-    if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_FREE ) && verify_chain() != 0 )
-        mbedtls_exit( 1 );
-}
-
-void mbedtls_memory_buffer_set_verify( int verify )
-{
-    heap.verify = verify;
-}
-
-int mbedtls_memory_buffer_alloc_verify( void )
-{
-    return verify_chain();
-}
-
-#if defined(MBEDTLS_MEMORY_DEBUG)
-void mbedtls_memory_buffer_alloc_status( void )
-{
-    mbedtls_fprintf( stderr,
-                      "Current use: %zu blocks / %zu bytes, max: %zu blocks / "
-                      "%zu bytes (total %zu bytes), alloc / free: %zu / %zu\n",
-                      heap.header_count, heap.total_used,
-                      heap.maximum_header_count, heap.maximum_used,
-                      heap.maximum_header_count * sizeof( memory_header )
-                      + heap.maximum_used,
-                      heap.alloc_count, heap.free_count );
-
-    if( heap.first->next == NULL )
-        mbedtls_fprintf( stderr, "All memory de-allocated in stack buffer\n" );
-    else
-    {
-        mbedtls_fprintf( stderr, "Memory currently allocated:\n" );
-        debug_chain();
-    }
-}
-
-void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks )
-{
-    *max_used   = heap.maximum_used;
-    *max_blocks = heap.maximum_header_count;
-}
-
-void mbedtls_memory_buffer_alloc_max_reset( void )
-{
-    heap.maximum_used = 0;
-    heap.maximum_header_count = 0;
-}
-
-void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks )
-{
-    *cur_used   = heap.total_used;
-    *cur_blocks = heap.header_count;
-}
-#endif /* MBEDTLS_MEMORY_DEBUG */
-
-#if defined(MBEDTLS_THREADING_C)
-static void *buffer_alloc_calloc_mutexed( size_t n, size_t size )
-{
-    void *buf;
-    if( mbedtls_mutex_lock( &heap.mutex ) != 0 )
-        return( NULL );
-    buf = buffer_alloc_calloc( n, size );
-    if( mbedtls_mutex_unlock( &heap.mutex ) )
-        return( NULL );
-    return( buf );
-}
-
-static void buffer_alloc_free_mutexed( void *ptr )
-{
-    /* We have to good option here, but corrupting the heap seems
-     * worse than loosing memory. */
-    if( mbedtls_mutex_lock( &heap.mutex ) )
-        return;
-    buffer_alloc_free( ptr );
-    (void) mbedtls_mutex_unlock( &heap.mutex );
-}
-#endif /* MBEDTLS_THREADING_C */
-
-void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len )
-{
-    memset( &heap, 0, sizeof( buffer_alloc_ctx ) );
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &heap.mutex );
-    mbedtls_platform_set_calloc_free( buffer_alloc_calloc_mutexed,
-                              buffer_alloc_free_mutexed );
-#else
-    mbedtls_platform_set_calloc_free( buffer_alloc_calloc, buffer_alloc_free );
-#endif
-
-    if( len < sizeof( memory_header ) + MBEDTLS_MEMORY_ALIGN_MULTIPLE )
-        return;
-    else if( (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
-    {
-        /* Adjust len first since buf is used in the computation */
-        len -= MBEDTLS_MEMORY_ALIGN_MULTIPLE
-             - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
-        buf += MBEDTLS_MEMORY_ALIGN_MULTIPLE
-             - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
-    }
-
-    memset( buf, 0, len );
-
-    heap.buf = buf;
-    heap.len = len;
-
-    heap.first = (memory_header *)buf;
-    heap.first->size = len - sizeof( memory_header );
-    heap.first->magic1 = MAGIC1;
-    heap.first->magic2 = MAGIC2;
-    heap.first_free = heap.first;
-}
-
-void mbedtls_memory_buffer_alloc_free( void )
-{
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free( &heap.mutex );
-#endif
-    mbedtls_zeroize( &heap, sizeof(buffer_alloc_ctx) );
-}
-
-#if defined(MBEDTLS_SELF_TEST)
-static int check_pointer( void *p )
-{
-    if( p == NULL )
-        return( -1 );
-
-    if( (size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0 )
-        return( -1 );
-
-    return( 0 );
-}
-
-static int check_all_free( void )
-{
-    if(
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        heap.total_used != 0 ||
-#endif
-        heap.first != heap.first_free ||
-        (void *) heap.first != (void *) heap.buf )
-    {
-        return( -1 );
-    }
-
-    return( 0 );
-}
-
-#define TEST_ASSERT( condition )            \
-    if( ! (condition) )                     \
-    {                                       \
-        if( verbose != 0 )                  \
-            mbedtls_printf( "failed\n" );  \
-                                            \
-        ret = 1;                            \
-        goto cleanup;                       \
-    }
-
-int mbedtls_memory_buffer_alloc_self_test( int verbose )
-{
-    unsigned char buf[1024];
-    unsigned char *p, *q, *r, *end;
-    int ret = 0;
-
-    if( verbose != 0 )
-        mbedtls_printf( "  MBA test #1 (basic alloc-free cycle): " );
-
-    mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
-
-    p = mbedtls_calloc( 1, 1 );
-    q = mbedtls_calloc( 1, 128 );
-    r = mbedtls_calloc( 1, 16 );
-
-    TEST_ASSERT( check_pointer( p ) == 0 &&
-                 check_pointer( q ) == 0 &&
-                 check_pointer( r ) == 0 );
-
-    mbedtls_free( r );
-    mbedtls_free( q );
-    mbedtls_free( p );
-
-    TEST_ASSERT( check_all_free( ) == 0 );
-
-    /* Memorize end to compare with the next test */
-    end = heap.buf + heap.len;
-
-    mbedtls_memory_buffer_alloc_free( );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  MBA test #2 (buf not aligned): " );
-
-    mbedtls_memory_buffer_alloc_init( buf + 1, sizeof( buf ) - 1 );
-
-    TEST_ASSERT( heap.buf + heap.len == end );
-
-    p = mbedtls_calloc( 1, 1 );
-    q = mbedtls_calloc( 1, 128 );
-    r = mbedtls_calloc( 1, 16 );
-
-    TEST_ASSERT( check_pointer( p ) == 0 &&
-                 check_pointer( q ) == 0 &&
-                 check_pointer( r ) == 0 );
-
-    mbedtls_free( r );
-    mbedtls_free( q );
-    mbedtls_free( p );
-
-    TEST_ASSERT( check_all_free( ) == 0 );
-
-    mbedtls_memory_buffer_alloc_free( );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  MBA test #3 (full): " );
-
-    mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
-
-    p = mbedtls_calloc( 1, sizeof( buf ) - sizeof( memory_header ) );
-
-    TEST_ASSERT( check_pointer( p ) == 0 );
-    TEST_ASSERT( mbedtls_calloc( 1, 1 ) == NULL );
-
-    mbedtls_free( p );
-
-    p = mbedtls_calloc( 1, sizeof( buf ) - 2 * sizeof( memory_header ) - 16 );
-    q = mbedtls_calloc( 1, 16 );
-
-    TEST_ASSERT( check_pointer( p ) == 0 && check_pointer( q ) == 0 );
-    TEST_ASSERT( mbedtls_calloc( 1, 1 ) == NULL );
-
-    mbedtls_free( q );
-
-    TEST_ASSERT( mbedtls_calloc( 1, 17 ) == NULL );
-
-    mbedtls_free( p );
-
-    TEST_ASSERT( check_all_free( ) == 0 );
-
-    mbedtls_memory_buffer_alloc_free( );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-cleanup:
-    mbedtls_memory_buffer_alloc_free( );
-
-    return( ret );
-}
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/net_sockets.c b/components/ssl/mbedtls/mbedtls/library/net_sockets.c
deleted file mode 100644
index b1e8f41d..00000000
--- a/components/ssl/mbedtls/mbedtls/library/net_sockets.c
+++ /dev/null
@@ -1,591 +0,0 @@
-/*
- *  TCP/IP or UDP/IP networking functions
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_NET_C)
-
-#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
-    !defined(__APPLE__) && !defined(_WIN32)
-#error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#endif
-
-#include "mbedtls/net_sockets.h"
-
-#include <string.h>
-
-#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
-    !defined(EFI32)
-
-#ifdef _WIN32_WINNT
-#undef _WIN32_WINNT
-#endif
-/* Enables getaddrinfo() & Co */
-#define _WIN32_WINNT 0x0501
-#include <ws2tcpip.h>
-
-#include <winsock2.h>
-#include <windows.h>
-
-#if defined(_MSC_VER)
-#if defined(_WIN32_WCE)
-#pragma comment( lib, "ws2.lib" )
-#else
-#pragma comment( lib, "ws2_32.lib" )
-#endif
-#endif /* _MSC_VER */
-
-#define read(fd,buf,len)        recv( fd, (char*)( buf ), (int)( len ), 0 )
-#define write(fd,buf,len)       send( fd, (char*)( buf ), (int)( len ), 0 )
-#define close(fd)               closesocket(fd)
-
-static int wsa_init_done = 0;
-
-#else /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <sys/time.h>
-#include <unistd.h>
-#include <signal.h>
-#include <fcntl.h>
-#include <netdb.h>
-#include <errno.h>
-
-#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
-
-/* Some MS functions want int and MSVC warns if we pass size_t,
- * but the standard functions use socklen_t, so cast only for MSVC */
-#if defined(_MSC_VER)
-#define MSVC_INT_CAST   (int)
-#else
-#define MSVC_INT_CAST
-#endif
-
-#include <stdio.h>
-
-#include <time.h>
-
-#include <stdint.h>
-
-/*
- * Prepare for using the sockets interface
- */
-static int net_prepare( void )
-{
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-    WSADATA wsaData;
-
-    if( wsa_init_done == 0 )
-    {
-        if( WSAStartup( MAKEWORD(2,0), &wsaData ) != 0 )
-            return( MBEDTLS_ERR_NET_SOCKET_FAILED );
-
-        wsa_init_done = 1;
-    }
-#else
-#if !defined(EFIX64) && !defined(EFI32)
-    signal( SIGPIPE, SIG_IGN );
-#endif
-#endif
-    return( 0 );
-}
-
-/*
- * Initialize a context
- */
-void mbedtls_net_init( mbedtls_net_context *ctx )
-{
-    ctx->fd = -1;
-}
-
-/*
- * Initiate a TCP connection with host:port and the given protocol
- */
-int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host,
-                         const char *port, int proto )
-{
-    int ret;
-    struct addrinfo hints, *addr_list, *cur;
-
-    if( ( ret = net_prepare() ) != 0 )
-        return( ret );
-
-    /* Do name resolution with both IPv6 and IPv4 */
-    memset( &hints, 0, sizeof( hints ) );
-    hints.ai_family = AF_UNSPEC;
-    hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
-    hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
-
-    if( getaddrinfo( host, port, &hints, &addr_list ) != 0 )
-        return( MBEDTLS_ERR_NET_UNKNOWN_HOST );
-
-    /* Try the sockaddrs until a connection succeeds */
-    ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
-    for( cur = addr_list; cur != NULL; cur = cur->ai_next )
-    {
-        ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype,
-                            cur->ai_protocol );
-        if( ctx->fd < 0 )
-        {
-            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
-            continue;
-        }
-
-        if( connect( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) == 0 )
-        {
-            ret = 0;
-            break;
-        }
-
-        close( ctx->fd );
-        ret = MBEDTLS_ERR_NET_CONNECT_FAILED;
-    }
-
-    freeaddrinfo( addr_list );
-
-    return( ret );
-}
-
-/*
- * Create a listening socket on bind_ip:port
- */
-int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto )
-{
-    int ret;
-    struct addrinfo hints, *addr_list, *cur;
-
-    if( ( ret = net_prepare() ) != 0 )
-        return( ret );
-
-    /* Bind to IPv6 and/or IPv4, but only in the desired protocol */
-    memset( &hints, 0, sizeof( hints ) );
-    hints.ai_family = AF_UNSPEC;
-    hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
-    hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
-    if( bind_ip == NULL )
-        hints.ai_flags = AI_PASSIVE;
-
-    if( getaddrinfo( bind_ip, port, &hints, &addr_list ) != 0 )
-        return( MBEDTLS_ERR_NET_UNKNOWN_HOST );
-
-    /* Try the sockaddrs until a binding succeeds */
-    ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
-    for( cur = addr_list; cur != NULL; cur = cur->ai_next )
-    {
-        ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype,
-                            cur->ai_protocol );
-        if( ctx->fd < 0 )
-        {
-            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
-            continue;
-        }
-
-        n = 1;
-        if( setsockopt( ctx->fd, SOL_SOCKET, SO_REUSEADDR,
-                        (const char *) &n, sizeof( n ) ) != 0 )
-        {
-            close( ctx->fd );
-            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
-            continue;
-        }
-
-        if( bind( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) != 0 )
-        {
-            close( ctx->fd );
-            ret = MBEDTLS_ERR_NET_BIND_FAILED;
-            continue;
-        }
-
-        /* Listen only makes sense for TCP */
-        if( proto == MBEDTLS_NET_PROTO_TCP )
-        {
-            if( listen( ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG ) != 0 )
-            {
-                close( ctx->fd );
-                ret = MBEDTLS_ERR_NET_LISTEN_FAILED;
-                continue;
-            }
-        }
-
-        /* Bind was successful */
-        ret = 0;
-        break;
-    }
-
-    freeaddrinfo( addr_list );
-
-    return( ret );
-
-}
-
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-/*
- * Check if the requested operation would be blocking on a non-blocking socket
- * and thus 'failed' with a negative return value.
- */
-static int net_would_block( const mbedtls_net_context *ctx )
-{
-    ((void) ctx);
-    return( WSAGetLastError() == WSAEWOULDBLOCK );
-}
-#else
-/*
- * Check if the requested operation would be blocking on a non-blocking socket
- * and thus 'failed' with a negative return value.
- *
- * Note: on a blocking socket this function always returns 0!
- */
-static int net_would_block( const mbedtls_net_context *ctx )
-{
-    int err = errno;
-    
-    /*
-     * Never return 'WOULD BLOCK' on a non-blocking socket
-     */
-    if( ( fcntl( ctx->fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK )
-    {
-        errno = err;
-        return( 0 );
-    }
-
-    switch( errno = err )
-    {
-#if defined EAGAIN
-        case EAGAIN:
-#endif
-#if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN
-        case EWOULDBLOCK:
-#endif
-            return( 1 );
-    }
-    return( 0 );
-}
-#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
-
-/*
- * Accept a connection from a remote client
- */
-int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
-                        mbedtls_net_context *client_ctx,
-                        void *client_ip, size_t buf_size, size_t *ip_len )
-{
-    int ret;
-    int type;
-
-    struct sockaddr_storage client_addr;
-
-#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) ||  \
-    defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t)
-    socklen_t n = (socklen_t) sizeof( client_addr );
-    socklen_t type_len = (socklen_t) sizeof( type );
-#else
-    int n = (int) sizeof( client_addr );
-    int type_len = (int) sizeof( type );
-#endif
-
-    /* Is this a TCP or UDP socket? */
-    if( getsockopt( bind_ctx->fd, SOL_SOCKET, SO_TYPE,
-                    (void *) &type, &type_len ) != 0 ||
-        ( type != SOCK_STREAM && type != SOCK_DGRAM ) )
-    {
-        return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
-    }
-
-    if( type == SOCK_STREAM )
-    {
-        /* TCP: actual accept() */
-        ret = client_ctx->fd = (int) accept( bind_ctx->fd,
-                                             (struct sockaddr *) &client_addr, &n );
-    }
-    else
-    {
-        /* UDP: wait for a message, but keep it in the queue */
-        char buf[1] = { 0 };
-
-        ret = (int) recvfrom( bind_ctx->fd, buf, sizeof( buf ), MSG_PEEK,
-                        (struct sockaddr *) &client_addr, &n );
-
-#if defined(_WIN32)
-        if( ret == SOCKET_ERROR &&
-            WSAGetLastError() == WSAEMSGSIZE )
-        {
-            /* We know buf is too small, thanks, just peeking here */
-            ret = 0;
-        }
-#endif
-    }
-
-    if( ret < 0 )
-    {
-        if( net_would_block( bind_ctx ) != 0 )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-
-        return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
-    }
-
-    /* UDP: hijack the listening socket to communicate with the client,
-     * then bind a new socket to accept new connections */
-    if( type != SOCK_STREAM )
-    {
-        struct sockaddr_storage local_addr;
-        int one = 1;
-
-        if( connect( bind_ctx->fd, (struct sockaddr *) &client_addr, n ) != 0 )
-            return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
-
-        client_ctx->fd = bind_ctx->fd;
-        bind_ctx->fd   = -1; /* In case we exit early */
-
-        n = sizeof( struct sockaddr_storage );
-        if( getsockname( client_ctx->fd,
-                         (struct sockaddr *) &local_addr, &n ) != 0 ||
-            ( bind_ctx->fd = (int) socket( local_addr.ss_family,
-                                           SOCK_DGRAM, IPPROTO_UDP ) ) < 0 ||
-            setsockopt( bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR,
-                        (const char *) &one, sizeof( one ) ) != 0 )
-        {
-            return( MBEDTLS_ERR_NET_SOCKET_FAILED );
-        }
-
-        if( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 )
-        {
-            return( MBEDTLS_ERR_NET_BIND_FAILED );
-        }
-    }
-
-    if( client_ip != NULL )
-    {
-        if( client_addr.ss_family == AF_INET )
-        {
-            struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr;
-            *ip_len = sizeof( addr4->sin_addr.s_addr );
-
-            if( buf_size < *ip_len )
-                return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL );
-
-            memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len );
-        }
-        else
-        {
-            struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &client_addr;
-            *ip_len = sizeof( addr6->sin6_addr.s6_addr );
-
-            if( buf_size < *ip_len )
-                return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL );
-
-            memcpy( client_ip, &addr6->sin6_addr.s6_addr, *ip_len);
-        }
-    }
-
-    return( 0 );
-}
-
-/*
- * Set the socket blocking or non-blocking
- */
-int mbedtls_net_set_block( mbedtls_net_context *ctx )
-{
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-    u_long n = 0;
-    return( ioctlsocket( ctx->fd, FIONBIO, &n ) );
-#else
-    return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL ) & ~O_NONBLOCK ) );
-#endif
-}
-
-int mbedtls_net_set_nonblock( mbedtls_net_context *ctx )
-{
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-    u_long n = 1;
-    return( ioctlsocket( ctx->fd, FIONBIO, &n ) );
-#else
-    return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL ) | O_NONBLOCK ) );
-#endif
-}
-
-/*
- * Portable usleep helper
- */
-void mbedtls_net_usleep( unsigned long usec )
-{
-#if defined(_WIN32)
-    Sleep( ( usec + 999 ) / 1000 );
-#else
-    struct timeval tv;
-    tv.tv_sec  = usec / 1000000;
-#if defined(__unix__) || defined(__unix) || \
-    ( defined(__APPLE__) && defined(__MACH__) )
-    tv.tv_usec = (suseconds_t) usec % 1000000;
-#else
-    tv.tv_usec = usec % 1000000;
-#endif
-    select( 0, NULL, NULL, NULL, &tv );
-#endif
-}
-
-/*
- * Read at most 'len' characters
- */
-int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
-{
-    int ret;
-    int fd = ((mbedtls_net_context *) ctx)->fd;
-
-    if( fd < 0 )
-        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
-
-    ret = (int) read( fd, buf, len );
-
-    if( ret < 0 )
-    {
-        if( net_would_block( ctx ) != 0 )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-        if( WSAGetLastError() == WSAECONNRESET )
-            return( MBEDTLS_ERR_NET_CONN_RESET );
-#else
-        if( errno == EPIPE || errno == ECONNRESET )
-            return( MBEDTLS_ERR_NET_CONN_RESET );
-
-        if( errno == EINTR )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-#endif
-
-        return( MBEDTLS_ERR_NET_RECV_FAILED );
-    }
-
-    return( ret );
-}
-
-/*
- * Read at most 'len' characters, blocking for at most 'timeout' ms
- */
-int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
-                      uint32_t timeout )
-{
-    int ret;
-    struct timeval tv;
-    fd_set read_fds;
-    int fd = ((mbedtls_net_context *) ctx)->fd;
-
-    if( fd < 0 )
-        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
-
-    FD_ZERO( &read_fds );
-    FD_SET( fd, &read_fds );
-
-    tv.tv_sec  = timeout / 1000;
-    tv.tv_usec = ( timeout % 1000 ) * 1000;
-
-    ret = select( fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv );
-
-    /* Zero fds ready means we timed out */
-    if( ret == 0 )
-        return( MBEDTLS_ERR_SSL_TIMEOUT );
-
-    if( ret < 0 )
-    {
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-        if( WSAGetLastError() == WSAEINTR )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-#else
-        if( errno == EINTR )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-#endif
-
-        return( MBEDTLS_ERR_NET_RECV_FAILED );
-    }
-
-    /* This call will not block */
-    return( mbedtls_net_recv( ctx, buf, len ) );
-}
-
-/*
- * Write at most 'len' characters
- */
-int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
-{
-    int ret;
-    int fd = ((mbedtls_net_context *) ctx)->fd;
-
-    if( fd < 0 )
-        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
-
-    ret = (int) write( fd, buf, len );
-
-    if( ret < 0 )
-    {
-        if( net_would_block( ctx ) != 0 )
-            return( MBEDTLS_ERR_SSL_WANT_WRITE );
-
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-        if( WSAGetLastError() == WSAECONNRESET )
-            return( MBEDTLS_ERR_NET_CONN_RESET );
-#else
-        if( errno == EPIPE || errno == ECONNRESET )
-            return( MBEDTLS_ERR_NET_CONN_RESET );
-
-        if( errno == EINTR )
-            return( MBEDTLS_ERR_SSL_WANT_WRITE );
-#endif
-
-        return( MBEDTLS_ERR_NET_SEND_FAILED );
-    }
-
-    return( ret );
-}
-
-/*
- * Gracefully close the connection
- */
-void mbedtls_net_free( mbedtls_net_context *ctx )
-{
-    if( ctx->fd == -1 )
-        return;
-
-    shutdown( ctx->fd, 2 );
-    close( ctx->fd );
-
-    ctx->fd = -1;
-}
-
-#endif /* MBEDTLS_NET_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/oid.c b/components/ssl/mbedtls/mbedtls/library/oid.c
deleted file mode 100644
index edea950f..00000000
--- a/components/ssl/mbedtls/mbedtls/library/oid.c
+++ /dev/null
@@ -1,755 +0,0 @@
-/**
- * \file oid.c
- *
- * \brief Object Identifier (OID) database
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_OID_C)
-
-#include "mbedtls/oid.h"
-#include "mbedtls/rsa.h"
-
-#include <stdio.h>
-#include <string.h>
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#define mbedtls_snprintf snprintf
-#endif
-
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
-#include "mbedtls/x509.h"
-#endif
-
-/*
- * Macro to automatically add the size of #define'd OIDs
- */
-#define ADD_LEN(s)      s, MBEDTLS_OID_SIZE(s)
-
-/*
- * Macro to generate an internal function for oid_XXX_from_asn1() (used by
- * the other functions)
- */
-#define FN_OID_TYPED_FROM_ASN1( TYPE_T, NAME, LIST )                        \
-static const TYPE_T * oid_ ## NAME ## _from_asn1( const mbedtls_asn1_buf *oid )     \
-{                                                                           \
-    const TYPE_T *p = LIST;                                                 \
-    const mbedtls_oid_descriptor_t *cur = (const mbedtls_oid_descriptor_t *) p;             \
-    if( p == NULL || oid == NULL ) return( NULL );                          \
-    while( cur->asn1 != NULL ) {                                            \
-        if( cur->asn1_len == oid->len &&                                    \
-            memcmp( cur->asn1, oid->p, oid->len ) == 0 ) {                  \
-            return( p );                                                    \
-        }                                                                   \
-        p++;                                                                \
-        cur = (const mbedtls_oid_descriptor_t *) p;                                 \
-    }                                                                       \
-    return( NULL );                                                         \
-}
-
-/*
- * Macro to generate a function for retrieving a single attribute from the
- * descriptor of an mbedtls_oid_descriptor_t wrapper.
- */
-#define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
-int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 )                  \
-{                                                                       \
-    const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid );        \
-    if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND );            \
-    *ATTR1 = data->descriptor.ATTR1;                                    \
-    return( 0 );                                                        \
-}
-
-/*
- * Macro to generate a function for retrieving a single attribute from an
- * mbedtls_oid_descriptor_t wrapper.
- */
-#define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
-int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 )                  \
-{                                                                       \
-    const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid );        \
-    if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND );            \
-    *ATTR1 = data->ATTR1;                                               \
-    return( 0 );                                                        \
-}
-
-/*
- * Macro to generate a function for retrieving two attributes from an
- * mbedtls_oid_descriptor_t wrapper.
- */
-#define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1,     \
-                         ATTR2_TYPE, ATTR2)                                 \
-int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, ATTR2_TYPE * ATTR2 )  \
-{                                                                           \
-    const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid );            \
-    if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND );                \
-    *ATTR1 = data->ATTR1;                                                   \
-    *ATTR2 = data->ATTR2;                                                   \
-    return( 0 );                                                            \
-}
-
-/*
- * Macro to generate a function for retrieving the OID based on a single
- * attribute from a mbedtls_oid_descriptor_t wrapper.
- */
-#define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1)   \
-int FN_NAME( ATTR1_TYPE ATTR1, const char **oid, size_t *olen )             \
-{                                                                           \
-    const TYPE_T *cur = LIST;                                               \
-    while( cur->descriptor.asn1 != NULL ) {                                 \
-        if( cur->ATTR1 == ATTR1 ) {                                         \
-            *oid = cur->descriptor.asn1;                                    \
-            *olen = cur->descriptor.asn1_len;                               \
-            return( 0 );                                                    \
-        }                                                                   \
-        cur++;                                                              \
-    }                                                                       \
-    return( MBEDTLS_ERR_OID_NOT_FOUND );                                   \
-}
-
-/*
- * Macro to generate a function for retrieving the OID based on two
- * attributes from a mbedtls_oid_descriptor_t wrapper.
- */
-#define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1,   \
-                                ATTR2_TYPE, ATTR2)                          \
-int FN_NAME( ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid ,         \
-             size_t *olen )                                                 \
-{                                                                           \
-    const TYPE_T *cur = LIST;                                               \
-    while( cur->descriptor.asn1 != NULL ) {                                 \
-        if( cur->ATTR1 == ATTR1 && cur->ATTR2 == ATTR2 ) {                  \
-            *oid = cur->descriptor.asn1;                                    \
-            *olen = cur->descriptor.asn1_len;                               \
-            return( 0 );                                                    \
-        }                                                                   \
-        cur++;                                                              \
-    }                                                                       \
-    return( MBEDTLS_ERR_OID_NOT_FOUND );                                   \
-}
-
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
-/*
- * For X520 attribute types
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    const char          *short_name;
-} oid_x520_attr_t;
-
-static const oid_x520_attr_t oid_x520_attr_type[] =
-{
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_CN ),          "id-at-commonName",               "Common Name" },
-        "CN",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_COUNTRY ),     "id-at-countryName",              "Country" },
-        "C",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_LOCALITY ),    "id-at-locality",                 "Locality" },
-        "L",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_STATE ),       "id-at-state",                    "State" },
-        "ST",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_ORGANIZATION ),"id-at-organizationName",         "Organization" },
-        "O",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_ORG_UNIT ),    "id-at-organizationalUnitName",   "Org Unit" },
-        "OU",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS9_EMAIL ),    "emailAddress",                   "E-mail address" },
-        "emailAddress",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_SERIAL_NUMBER ),"id-at-serialNumber",            "Serial number" },
-        "serialNumber",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_POSTAL_ADDRESS ),"id-at-postalAddress",          "Postal address" },
-        "postalAddress",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_POSTAL_CODE ), "id-at-postalCode",               "Postal code" },
-        "postalCode",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_SUR_NAME ),    "id-at-surName",                  "Surname" },
-        "SN",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_GIVEN_NAME ),  "id-at-givenName",                "Given name" },
-        "GN",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_INITIALS ),    "id-at-initials",                 "Initials" },
-        "initials",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_GENERATION_QUALIFIER ), "id-at-generationQualifier", "Generation qualifier" },
-        "generationQualifier",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_TITLE ),       "id-at-title",                    "Title" },
-        "title",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_DN_QUALIFIER ),"id-at-dnQualifier",              "Distinguished Name qualifier" },
-        "dnQualifier",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_PSEUDONYM ),   "id-at-pseudonym",                "Pseudonym" },
-        "pseudonym",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_DOMAIN_COMPONENT ), "id-domainComponent",           "Domain component" },
-        "DC",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_UNIQUE_IDENTIFIER ), "id-at-uniqueIdentifier",    "Unique Identifier" },
-        "uniqueIdentifier",
-    },
-    {
-        { NULL, 0, NULL, NULL },
-        NULL,
-    }
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type)
-FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, oid_x520_attr_t, x520_attr, const char *, short_name)
-
-/*
- * For X509 extensions
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    int                 ext_type;
-} oid_x509_ext_t;
-
-static const oid_x509_ext_t oid_x509_ext[] =
-{
-    {
-        { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ),    "id-ce-basicConstraints",   "Basic Constraints" },
-        MBEDTLS_X509_EXT_BASIC_CONSTRAINTS,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_KEY_USAGE ),            "id-ce-keyUsage",           "Key Usage" },
-        MBEDTLS_X509_EXT_KEY_USAGE,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ),   "id-ce-extKeyUsage",        "Extended Key Usage" },
-        MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ),     "id-ce-subjectAltName",     "Subject Alt Name" },
-        MBEDTLS_X509_EXT_SUBJECT_ALT_NAME,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ),         "id-netscape-certtype",     "Netscape Certificate Type" },
-        MBEDTLS_X509_EXT_NS_CERT_TYPE,
-    },
-    {
-        { NULL, 0, NULL, NULL },
-        0,
-    },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext)
-FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type)
-
-static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
-{
-    { ADD_LEN( MBEDTLS_OID_SERVER_AUTH ),      "id-kp-serverAuth",      "TLS Web Server Authentication" },
-    { ADD_LEN( MBEDTLS_OID_CLIENT_AUTH ),      "id-kp-clientAuth",      "TLS Web Client Authentication" },
-    { ADD_LEN( MBEDTLS_OID_CODE_SIGNING ),     "id-kp-codeSigning",     "Code Signing" },
-    { ADD_LEN( MBEDTLS_OID_EMAIL_PROTECTION ), "id-kp-emailProtection", "E-mail Protection" },
-    { ADD_LEN( MBEDTLS_OID_TIME_STAMPING ),    "id-kp-timeStamping",    "Time Stamping" },
-    { ADD_LEN( MBEDTLS_OID_OCSP_SIGNING ),     "id-kp-OCSPSigning",     "OCSP Signing" },
-    { NULL, 0, NULL, NULL },
-};
-
-FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
-FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, ext_key_usage, const char *, description)
-#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
-
-#if defined(MBEDTLS_MD_C)
-/*
- * For SignatureAlgorithmIdentifier
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    mbedtls_md_type_t           md_alg;
-    mbedtls_pk_type_t           pk_alg;
-} oid_sig_alg_t;
-
-static const oid_sig_alg_t oid_sig_alg[] =
-{
-#if defined(MBEDTLS_RSA_C)
-#if defined(MBEDTLS_MD2_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_MD2 ),        "md2WithRSAEncryption",     "RSA with MD2" },
-        MBEDTLS_MD_MD2,      MBEDTLS_PK_RSA,
-    },
-#endif /* MBEDTLS_MD2_C */
-#if defined(MBEDTLS_MD4_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_MD4 ),        "md4WithRSAEncryption",     "RSA with MD4" },
-        MBEDTLS_MD_MD4,      MBEDTLS_PK_RSA,
-    },
-#endif /* MBEDTLS_MD4_C */
-#if defined(MBEDTLS_MD5_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_MD5 ),        "md5WithRSAEncryption",     "RSA with MD5" },
-        MBEDTLS_MD_MD5,      MBEDTLS_PK_RSA,
-    },
-#endif /* MBEDTLS_MD5_C */
-#if defined(MBEDTLS_SHA1_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_SHA1 ),       "sha-1WithRSAEncryption",   "RSA with SHA1" },
-        MBEDTLS_MD_SHA1,     MBEDTLS_PK_RSA,
-    },
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_SHA224 ),     "sha224WithRSAEncryption",  "RSA with SHA-224" },
-        MBEDTLS_MD_SHA224,   MBEDTLS_PK_RSA,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_SHA256 ),     "sha256WithRSAEncryption",  "RSA with SHA-256" },
-        MBEDTLS_MD_SHA256,   MBEDTLS_PK_RSA,
-    },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_SHA384 ),     "sha384WithRSAEncryption",  "RSA with SHA-384" },
-        MBEDTLS_MD_SHA384,   MBEDTLS_PK_RSA,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_SHA512 ),     "sha512WithRSAEncryption",  "RSA with SHA-512" },
-        MBEDTLS_MD_SHA512,   MBEDTLS_PK_RSA,
-    },
-#endif /* MBEDTLS_SHA512_C */
-#if defined(MBEDTLS_SHA1_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_RSA_SHA_OBS ),      "sha-1WithRSAEncryption",   "RSA with SHA1" },
-        MBEDTLS_MD_SHA1,     MBEDTLS_PK_RSA,
-    },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECDSA_C)
-#if defined(MBEDTLS_SHA1_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_ECDSA_SHA1 ),       "ecdsa-with-SHA1",      "ECDSA with SHA1" },
-        MBEDTLS_MD_SHA1,     MBEDTLS_PK_ECDSA,
-    },
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_ECDSA_SHA224 ),     "ecdsa-with-SHA224",    "ECDSA with SHA224" },
-        MBEDTLS_MD_SHA224,   MBEDTLS_PK_ECDSA,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_ECDSA_SHA256 ),     "ecdsa-with-SHA256",    "ECDSA with SHA256" },
-        MBEDTLS_MD_SHA256,   MBEDTLS_PK_ECDSA,
-    },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_ECDSA_SHA384 ),     "ecdsa-with-SHA384",    "ECDSA with SHA384" },
-        MBEDTLS_MD_SHA384,   MBEDTLS_PK_ECDSA,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_ECDSA_SHA512 ),     "ecdsa-with-SHA512",    "ECDSA with SHA512" },
-        MBEDTLS_MD_SHA512,   MBEDTLS_PK_ECDSA,
-    },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_ECDSA_C */
-#if defined(MBEDTLS_RSA_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_RSASSA_PSS ),        "RSASSA-PSS",           "RSASSA-PSS" },
-        MBEDTLS_MD_NONE,     MBEDTLS_PK_RSASSA_PSS,
-    },
-#endif /* MBEDTLS_RSA_C */
-    {
-        { NULL, 0, NULL, NULL },
-        MBEDTLS_MD_NONE, MBEDTLS_PK_NONE,
-    },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg)
-FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description)
-FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, oid_sig_alg_t, sig_alg, mbedtls_md_type_t, md_alg, mbedtls_pk_type_t, pk_alg)
-FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, mbedtls_pk_type_t, pk_alg, mbedtls_md_type_t, md_alg)
-#endif /* MBEDTLS_MD_C */
-
-/*
- * For PublicKeyInfo (PKCS1, RFC 5480)
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    mbedtls_pk_type_t           pk_alg;
-} oid_pk_alg_t;
-
-static const oid_pk_alg_t oid_pk_alg[] =
-{
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_RSA ),      "rsaEncryption",   "RSA" },
-        MBEDTLS_PK_RSA,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_ALG_UNRESTRICTED ),  "id-ecPublicKey",   "Generic EC key" },
-        MBEDTLS_PK_ECKEY,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_ALG_ECDH ),          "id-ecDH",          "EC key for ECDH" },
-        MBEDTLS_PK_ECKEY_DH,
-    },
-    {
-        { NULL, 0, NULL, NULL },
-        MBEDTLS_PK_NONE,
-    },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg)
-FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg)
-FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, oid_pk_alg_t, oid_pk_alg, mbedtls_pk_type_t, pk_alg)
-
-#if defined(MBEDTLS_ECP_C)
-/*
- * For namedCurve (RFC 5480)
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    mbedtls_ecp_group_id        grp_id;
-} oid_ecp_grp_t;
-
-static const oid_ecp_grp_t oid_ecp_grp[] =
-{
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192R1 ), "secp192r1",    "secp192r1" },
-        MBEDTLS_ECP_DP_SECP192R1,
-    },
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224R1 ), "secp224r1",    "secp224r1" },
-        MBEDTLS_ECP_DP_SECP224R1,
-    },
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256R1 ), "secp256r1",    "secp256r1" },
-        MBEDTLS_ECP_DP_SECP256R1,
-    },
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP384R1 ), "secp384r1",    "secp384r1" },
-        MBEDTLS_ECP_DP_SECP384R1,
-    },
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP521R1 ), "secp521r1",    "secp521r1" },
-        MBEDTLS_ECP_DP_SECP521R1,
-    },
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192K1 ), "secp192k1",    "secp192k1" },
-        MBEDTLS_ECP_DP_SECP192K1,
-    },
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224K1 ), "secp224k1",    "secp224k1" },
-        MBEDTLS_ECP_DP_SECP224K1,
-    },
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256K1 ), "secp256k1",    "secp256k1" },
-        MBEDTLS_ECP_DP_SECP256K1,
-    },
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_BP256R1 ),   "brainpoolP256r1","brainpool256r1" },
-        MBEDTLS_ECP_DP_BP256R1,
-    },
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_BP384R1 ),   "brainpoolP384r1","brainpool384r1" },
-        MBEDTLS_ECP_DP_BP384R1,
-    },
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_BP512R1 ),   "brainpoolP512r1","brainpool512r1" },
-        MBEDTLS_ECP_DP_BP512R1,
-    },
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
-    {
-        { NULL, 0, NULL, NULL },
-        MBEDTLS_ECP_DP_NONE,
-    },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp)
-FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id)
-FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, mbedtls_ecp_group_id, grp_id)
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_CIPHER_C)
-/*
- * For PKCS#5 PBES2 encryption algorithm
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    mbedtls_cipher_type_t       cipher_alg;
-} oid_cipher_alg_t;
-
-static const oid_cipher_alg_t oid_cipher_alg[] =
-{
-    {
-        { ADD_LEN( MBEDTLS_OID_DES_CBC ),              "desCBC",       "DES-CBC" },
-        MBEDTLS_CIPHER_DES_CBC,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_DES_EDE3_CBC ),         "des-ede3-cbc", "DES-EDE3-CBC" },
-        MBEDTLS_CIPHER_DES_EDE3_CBC,
-    },
-    {
-        { NULL, 0, NULL, NULL },
-        MBEDTLS_CIPHER_NONE,
-    },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg)
-FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, oid_cipher_alg_t, cipher_alg, mbedtls_cipher_type_t, cipher_alg)
-#endif /* MBEDTLS_CIPHER_C */
-
-#if defined(MBEDTLS_MD_C)
-/*
- * For digestAlgorithm
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    mbedtls_md_type_t           md_alg;
-} oid_md_alg_t;
-
-static const oid_md_alg_t oid_md_alg[] =
-{
-#if defined(MBEDTLS_MD2_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD2 ),       "id-md2",       "MD2" },
-        MBEDTLS_MD_MD2,
-    },
-#endif /* MBEDTLS_MD2_C */
-#if defined(MBEDTLS_MD4_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD4 ),       "id-md4",       "MD4" },
-        MBEDTLS_MD_MD4,
-    },
-#endif /* MBEDTLS_MD4_C */
-#if defined(MBEDTLS_MD5_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD5 ),       "id-md5",       "MD5" },
-        MBEDTLS_MD_MD5,
-    },
-#endif /* MBEDTLS_MD5_C */
-#if defined(MBEDTLS_SHA1_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA1 ),      "id-sha1",      "SHA-1" },
-        MBEDTLS_MD_SHA1,
-    },
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA224 ),    "id-sha224",    "SHA-224" },
-        MBEDTLS_MD_SHA224,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA256 ),    "id-sha256",    "SHA-256" },
-        MBEDTLS_MD_SHA256,
-    },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA384 ),    "id-sha384",    "SHA-384" },
-        MBEDTLS_MD_SHA384,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA512 ),    "id-sha512",    "SHA-512" },
-        MBEDTLS_MD_SHA512,
-    },
-#endif /* MBEDTLS_SHA512_C */
-    {
-        { NULL, 0, NULL, NULL },
-        MBEDTLS_MD_NONE,
-    },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg)
-FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg)
-FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, mbedtls_md_type_t, md_alg)
-
-/*
- * For HMAC digestAlgorithm
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    mbedtls_md_type_t           md_hmac;
-} oid_md_hmac_t;
-
-static const oid_md_hmac_t oid_md_hmac[] =
-{
-#if defined(MBEDTLS_SHA1_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_HMAC_SHA1 ),      "hmacSHA1",      "HMAC-SHA-1" },
-        MBEDTLS_MD_SHA1,
-    },
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_HMAC_SHA224 ),    "hmacSHA224",    "HMAC-SHA-224" },
-        MBEDTLS_MD_SHA224,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_HMAC_SHA256 ),    "hmacSHA256",    "HMAC-SHA-256" },
-        MBEDTLS_MD_SHA256,
-    },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_HMAC_SHA384 ),    "hmacSHA384",    "HMAC-SHA-384" },
-        MBEDTLS_MD_SHA384,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_HMAC_SHA512 ),    "hmacSHA512",    "HMAC-SHA-512" },
-        MBEDTLS_MD_SHA512,
-    },
-#endif /* MBEDTLS_SHA512_C */
-    {
-        { NULL, 0, NULL, NULL },
-        MBEDTLS_MD_NONE,
-    },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac)
-FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac)
-#endif /* MBEDTLS_MD_C */
-
-#if defined(MBEDTLS_PKCS12_C)
-/*
- * For PKCS#12 PBEs
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    mbedtls_md_type_t           md_alg;
-    mbedtls_cipher_type_t       cipher_alg;
-} oid_pkcs12_pbe_alg_t;
-
-static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
-{
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC ), "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" },
-        MBEDTLS_MD_SHA1,      MBEDTLS_CIPHER_DES_EDE3_CBC,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC ), "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" },
-        MBEDTLS_MD_SHA1,      MBEDTLS_CIPHER_DES_EDE_CBC,
-    },
-    {
-        { NULL, 0, NULL, NULL },
-        MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE,
-    },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg)
-FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, mbedtls_md_type_t, md_alg, mbedtls_cipher_type_t, cipher_alg)
-#endif /* MBEDTLS_PKCS12_C */
-
-#define OID_SAFE_SNPRINTF                               \
-    do {                                                \
-        if( ret < 0 || (size_t) ret >= n )              \
-            return( MBEDTLS_ERR_OID_BUF_TOO_SMALL );    \
-                                                        \
-        n -= (size_t) ret;                              \
-        p += (size_t) ret;                              \
-    } while( 0 )
-
-/* Return the x.y.z.... style numeric string for the given OID */
-int mbedtls_oid_get_numeric_string( char *buf, size_t size,
-                            const mbedtls_asn1_buf *oid )
-{
-    int ret;
-    size_t i, n;
-    unsigned int value;
-    char *p;
-
-    p = buf;
-    n = size;
-
-    /* First byte contains first two dots */
-    if( oid->len > 0 )
-    {
-        ret = mbedtls_snprintf( p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40 );
-        OID_SAFE_SNPRINTF;
-    }
-
-    value = 0;
-    for( i = 1; i < oid->len; i++ )
-    {
-        /* Prevent overflow in value. */
-        if( ( ( value << 7 ) >> 7 ) != value )
-            return( MBEDTLS_ERR_OID_BUF_TOO_SMALL );
-
-        value <<= 7;
-        value += oid->p[i] & 0x7F;
-
-        if( !( oid->p[i] & 0x80 ) )
-        {
-            /* Last byte */
-            ret = mbedtls_snprintf( p, n, ".%d", value );
-            OID_SAFE_SNPRINTF;
-            value = 0;
-        }
-    }
-
-    return( (int) ( size - n ) );
-}
-
-#endif /* MBEDTLS_OID_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/padlock.c b/components/ssl/mbedtls/mbedtls/library/padlock.c
deleted file mode 100644
index b85ff9cd..00000000
--- a/components/ssl/mbedtls/mbedtls/library/padlock.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
- *  VIA PadLock support functions
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  This implementation is based on the VIA PadLock Programming Guide:
- *
- *  http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/
- *  programming_guide.pdf
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PADLOCK_C)
-
-#include "mbedtls/padlock.h"
-
-#include <string.h>
-
-#ifndef asm
-#define asm __asm
-#endif
-
-#if defined(MBEDTLS_HAVE_X86)
-
-/*
- * PadLock detection routine
- */
-int mbedtls_padlock_has_support( int feature )
-{
-    static int flags = -1;
-    int ebx = 0, edx = 0;
-
-    if( flags == -1 )
-    {
-        asm( "movl  %%ebx, %0           \n\t"
-             "movl  $0xC0000000, %%eax  \n\t"
-             "cpuid                     \n\t"
-             "cmpl  $0xC0000001, %%eax  \n\t"
-             "movl  $0, %%edx           \n\t"
-             "jb    unsupported         \n\t"
-             "movl  $0xC0000001, %%eax  \n\t"
-             "cpuid                     \n\t"
-             "unsupported:              \n\t"
-             "movl  %%edx, %1           \n\t"
-             "movl  %2, %%ebx           \n\t"
-             : "=m" (ebx), "=m" (edx)
-             :  "m" (ebx)
-             : "eax", "ecx", "edx" );
-
-        flags = edx;
-    }
-
-    return( flags & feature );
-}
-
-/*
- * PadLock AES-ECB block en(de)cryption
- */
-int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
-                       int mode,
-                       const unsigned char input[16],
-                       unsigned char output[16] )
-{
-    int ebx = 0;
-    uint32_t *rk;
-    uint32_t *blk;
-    uint32_t *ctrl;
-    unsigned char buf[256];
-
-    rk  = ctx->rk;
-    blk = MBEDTLS_PADLOCK_ALIGN16( buf );
-    memcpy( blk, input, 16 );
-
-     ctrl = blk + 4;
-    *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode^1 ) - 10 ) << 9 );
-
-    asm( "pushfl                        \n\t"
-         "popfl                         \n\t"
-         "movl    %%ebx, %0             \n\t"
-         "movl    $1, %%ecx             \n\t"
-         "movl    %2, %%edx             \n\t"
-         "movl    %3, %%ebx             \n\t"
-         "movl    %4, %%esi             \n\t"
-         "movl    %4, %%edi             \n\t"
-         ".byte  0xf3,0x0f,0xa7,0xc8    \n\t"
-         "movl    %1, %%ebx             \n\t"
-         : "=m" (ebx)
-         :  "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk)
-         : "memory", "ecx", "edx", "esi", "edi" );
-
-    memcpy( output, blk, 16 );
-
-    return( 0 );
-}
-
-/*
- * PadLock AES-CBC buffer en(de)cryption
- */
-int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
-                       int mode,
-                       size_t length,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    int ebx = 0;
-    size_t count;
-    uint32_t *rk;
-    uint32_t *iw;
-    uint32_t *ctrl;
-    unsigned char buf[256];
-
-    if( ( (long) input  & 15 ) != 0 ||
-        ( (long) output & 15 ) != 0 )
-        return( MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED );
-
-    rk = ctx->rk;
-    iw = MBEDTLS_PADLOCK_ALIGN16( buf );
-    memcpy( iw, iv, 16 );
-
-     ctrl = iw + 4;
-    *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode ^ 1 ) - 10 ) << 9 );
-
-    count = ( length + 15 ) >> 4;
-
-    asm( "pushfl                        \n\t"
-         "popfl                         \n\t"
-         "movl    %%ebx, %0             \n\t"
-         "movl    %2, %%ecx             \n\t"
-         "movl    %3, %%edx             \n\t"
-         "movl    %4, %%ebx             \n\t"
-         "movl    %5, %%esi             \n\t"
-         "movl    %6, %%edi             \n\t"
-         "movl    %7, %%eax             \n\t"
-         ".byte  0xf3,0x0f,0xa7,0xd0    \n\t"
-         "movl    %1, %%ebx             \n\t"
-         : "=m" (ebx)
-         :  "m" (ebx), "m" (count), "m" (ctrl),
-            "m"  (rk), "m" (input), "m" (output), "m" (iw)
-         : "memory", "eax", "ecx", "edx", "esi", "edi" );
-
-    memcpy( iv, iw, 16 );
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_HAVE_X86 */
-
-#endif /* MBEDTLS_PADLOCK_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/pem.c b/components/ssl/mbedtls/mbedtls/library/pem.c
deleted file mode 100644
index ac86d7e4..00000000
--- a/components/ssl/mbedtls/mbedtls/library/pem.c
+++ /dev/null
@@ -1,492 +0,0 @@
-/*
- *  Privacy Enhanced Mail (PEM) decoding
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
-
-#include "mbedtls/pem.h"
-#include "mbedtls/base64.h"
-#include "mbedtls/des.h"
-#include "mbedtls/aes.h"
-#include "mbedtls/md5.h"
-#include "mbedtls/cipher.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc    calloc
-#define mbedtls_free       free
-#endif
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-void mbedtls_pem_init( mbedtls_pem_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_pem_context ) );
-}
-
-#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) &&         \
-    ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
-/*
- * Read a 16-byte hex string and convert it to binary
- */
-static int pem_get_iv( const unsigned char *s, unsigned char *iv,
-                       size_t iv_len )
-{
-    size_t i, j, k;
-
-    memset( iv, 0, iv_len );
-
-    for( i = 0; i < iv_len * 2; i++, s++ )
-    {
-        if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
-        if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
-        if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
-            return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
-
-        k = ( ( i & 1 ) != 0 ) ? j : j << 4;
-
-        iv[i >> 1] = (unsigned char)( iv[i >> 1] | k );
-    }
-
-    return( 0 );
-}
-
-static int pem_pbkdf1( unsigned char *key, size_t keylen,
-                       unsigned char *iv,
-                       const unsigned char *pwd, size_t pwdlen )
-{
-    mbedtls_md5_context md5_ctx;
-    unsigned char md5sum[16];
-    size_t use_len;
-    int ret;
-
-    mbedtls_md5_init( &md5_ctx );
-
-    /*
-     * key[ 0..15] = MD5(pwd || IV)
-     */
-    if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv,  8 ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 )
-        goto exit;
-
-    if( keylen <= 16 )
-    {
-        memcpy( key, md5sum, keylen );
-        goto exit;
-    }
-
-    memcpy( key, md5sum, 16 );
-
-    /*
-     * key[16..23] = MD5(key[ 0..15] || pwd || IV])
-     */
-    if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md5_update_ret( &md5_ctx, md5sum, 16 ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 )
-        goto exit;
-
-    use_len = 16;
-    if( keylen < 32 )
-        use_len = keylen - 16;
-
-    memcpy( key + 16, md5sum, use_len );
-
-exit:
-    mbedtls_md5_free( &md5_ctx );
-    mbedtls_zeroize( md5sum, 16 );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_DES_C)
-/*
- * Decrypt with DES-CBC, using PBKDF1 for key derivation
- */
-static int pem_des_decrypt( unsigned char des_iv[8],
-                            unsigned char *buf, size_t buflen,
-                            const unsigned char *pwd, size_t pwdlen )
-{
-    mbedtls_des_context des_ctx;
-    unsigned char des_key[8];
-    int ret;
-
-    mbedtls_des_init( &des_ctx );
-
-    if( ( ret = pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_des_setkey_dec( &des_ctx, des_key ) ) != 0 )
-        goto exit;
-    ret = mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen,
-                     des_iv, buf, buf );
-
-exit:
-    mbedtls_des_free( &des_ctx );
-    mbedtls_zeroize( des_key, 8 );
-
-    return( ret );
-}
-
-/*
- * Decrypt with 3DES-CBC, using PBKDF1 for key derivation
- */
-static int pem_des3_decrypt( unsigned char des3_iv[8],
-                             unsigned char *buf, size_t buflen,
-                             const unsigned char *pwd, size_t pwdlen )
-{
-    mbedtls_des3_context des3_ctx;
-    unsigned char des3_key[24];
-    int ret;
-
-    mbedtls_des3_init( &des3_ctx );
-
-    if( ( ret = pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 )
-        goto exit;
-    ret = mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
-                     des3_iv, buf, buf );
-
-exit:
-    mbedtls_des3_free( &des3_ctx );
-    mbedtls_zeroize( des3_key, 24 );
-
-    return( ret );
-}
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_AES_C)
-/*
- * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
- */
-static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
-                            unsigned char *buf, size_t buflen,
-                            const unsigned char *pwd, size_t pwdlen )
-{
-    mbedtls_aes_context aes_ctx;
-    unsigned char aes_key[32];
-    int ret;
-
-    mbedtls_aes_init( &aes_ctx );
-
-    if( ( ret = pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 )
-        goto exit;
-    ret = mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
-                     aes_iv, buf, buf );
-
-exit:
-    mbedtls_aes_free( &aes_ctx );
-    mbedtls_zeroize( aes_key, keylen );
-
-    return( ret );
-}
-#endif /* MBEDTLS_AES_C */
-
-#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
-          ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
-
-int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
-                     const unsigned char *data, const unsigned char *pwd,
-                     size_t pwdlen, size_t *use_len )
-{
-    int ret, enc;
-    size_t len;
-    unsigned char *buf;
-    const unsigned char *s1, *s2, *end;
-#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) &&         \
-    ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
-    unsigned char pem_iv[16];
-    mbedtls_cipher_type_t enc_alg = MBEDTLS_CIPHER_NONE;
-#else
-    ((void) pwd);
-    ((void) pwdlen);
-#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
-          ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
-
-    if( ctx == NULL )
-        return( MBEDTLS_ERR_PEM_BAD_INPUT_DATA );
-
-    s1 = (unsigned char *) strstr( (const char *) data, header );
-
-    if( s1 == NULL )
-        return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
-
-    s2 = (unsigned char *) strstr( (const char *) data, footer );
-
-    if( s2 == NULL || s2 <= s1 )
-        return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
-
-    s1 += strlen( header );
-    if( *s1 == ' '  ) s1++;
-    if( *s1 == '\r' ) s1++;
-    if( *s1 == '\n' ) s1++;
-    else return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
-
-    end = s2;
-    end += strlen( footer );
-    if( *end == ' '  ) end++;
-    if( *end == '\r' ) end++;
-    if( *end == '\n' ) end++;
-    *use_len = end - data;
-
-    enc = 0;
-
-    if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
-    {
-#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) &&         \
-    ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
-        enc++;
-
-        s1 += 22;
-        if( *s1 == '\r' ) s1++;
-        if( *s1 == '\n' ) s1++;
-        else return( MBEDTLS_ERR_PEM_INVALID_DATA );
-
-
-#if defined(MBEDTLS_DES_C)
-        if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
-        {
-            enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC;
-
-            s1 += 23;
-            if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 )
-                return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
-
-            s1 += 16;
-        }
-        else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
-        {
-            enc_alg = MBEDTLS_CIPHER_DES_CBC;
-
-            s1 += 18;
-            if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 )
-                return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
-
-            s1 += 16;
-        }
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_AES_C)
-        if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
-        {
-            if( s2 - s1 < 22 )
-                return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
-            else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
-                enc_alg = MBEDTLS_CIPHER_AES_128_CBC;
-            else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
-                enc_alg = MBEDTLS_CIPHER_AES_192_CBC;
-            else if( memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 )
-                enc_alg = MBEDTLS_CIPHER_AES_256_CBC;
-            else
-                return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
-
-            s1 += 22;
-            if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 )
-                return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
-
-            s1 += 32;
-        }
-#endif /* MBEDTLS_AES_C */
-
-        if( enc_alg == MBEDTLS_CIPHER_NONE )
-            return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
-
-        if( *s1 == '\r' ) s1++;
-        if( *s1 == '\n' ) s1++;
-        else return( MBEDTLS_ERR_PEM_INVALID_DATA );
-#else
-        return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
-#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
-          ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
-    }
-
-    if( s1 >= s2 )
-        return( MBEDTLS_ERR_PEM_INVALID_DATA );
-
-    ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 );
-
-    if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER )
-        return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
-
-    if( ( buf = mbedtls_calloc( 1, len ) ) == NULL )
-        return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
-
-    if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 )
-    {
-        mbedtls_zeroize( buf, len );
-        mbedtls_free( buf );
-        return( MBEDTLS_ERR_PEM_INVALID_DATA + ret );
-    }
-
-    if( enc != 0 )
-    {
-#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) &&         \
-    ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
-        if( pwd == NULL )
-        {
-            mbedtls_zeroize( buf, len );
-            mbedtls_free( buf );
-            return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
-        }
-
-        ret = 0;
-
-#if defined(MBEDTLS_DES_C)
-        if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC )
-            ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
-        else if( enc_alg == MBEDTLS_CIPHER_DES_CBC )
-            ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_AES_C)
-        if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC )
-            ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
-        else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC )
-            ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
-        else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC )
-            ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
-#endif /* MBEDTLS_AES_C */
-
-        if( ret != 0 )
-        {
-            mbedtls_free( buf );
-            return( ret );
-        }
-
-        /*
-         * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
-         * length bytes (allow 4 to be sure) in all known use cases.
-         *
-         * Use that as heurisitic to try detecting password mismatchs.
-         */
-        if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
-        {
-            mbedtls_zeroize( buf, len );
-            mbedtls_free( buf );
-            return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH );
-        }
-#else
-        mbedtls_zeroize( buf, len );
-        mbedtls_free( buf );
-        return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
-#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
-          ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
-    }
-
-    ctx->buf = buf;
-    ctx->buflen = len;
-
-    return( 0 );
-}
-
-void mbedtls_pem_free( mbedtls_pem_context *ctx )
-{
-    if( ctx->buf != NULL )
-        mbedtls_zeroize( ctx->buf, ctx->buflen );
-    mbedtls_free( ctx->buf );
-    mbedtls_free( ctx->info );
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_pem_context ) );
-}
-#endif /* MBEDTLS_PEM_PARSE_C */
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-int mbedtls_pem_write_buffer( const char *header, const char *footer,
-                      const unsigned char *der_data, size_t der_len,
-                      unsigned char *buf, size_t buf_len, size_t *olen )
-{
-    int ret;
-    unsigned char *encode_buf = NULL, *c, *p = buf;
-    size_t len = 0, use_len, add_len = 0;
-
-    mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len );
-    add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
-
-    if( use_len + add_len > buf_len )
-    {
-        *olen = use_len + add_len;
-        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
-    }
-
-    if( use_len != 0 &&
-        ( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) )
-        return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
-
-    if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data,
-                               der_len ) ) != 0 )
-    {
-        mbedtls_free( encode_buf );
-        return( ret );
-    }
-
-    memcpy( p, header, strlen( header ) );
-    p += strlen( header );
-    c = encode_buf;
-
-    while( use_len )
-    {
-        len = ( use_len > 64 ) ? 64 : use_len;
-        memcpy( p, c, len );
-        use_len -= len;
-        p += len;
-        c += len;
-        *p++ = '\n';
-    }
-
-    memcpy( p, footer, strlen( footer ) );
-    p += strlen( footer );
-
-    *p++ = '\0';
-    *olen = p - buf;
-
-    mbedtls_free( encode_buf );
-    return( 0 );
-}
-#endif /* MBEDTLS_PEM_WRITE_C */
-#endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/pk.c b/components/ssl/mbedtls/mbedtls/library/pk.c
deleted file mode 100644
index b52c73fb..00000000
--- a/components/ssl/mbedtls/mbedtls/library/pk.c
+++ /dev/null
@@ -1,382 +0,0 @@
-/*
- *  Public Key abstraction layer
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PK_C)
-#include "mbedtls/pk.h"
-#include "mbedtls/pk_internal.h"
-
-#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
-#endif
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
-#endif
-#if defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdsa.h"
-#endif
-
-#include <limits.h>
-#include <stdint.h>
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- * Initialise a mbedtls_pk_context
- */
-void mbedtls_pk_init( mbedtls_pk_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    ctx->pk_info = NULL;
-    ctx->pk_ctx = NULL;
-}
-
-/*
- * Free (the components of) a mbedtls_pk_context
- */
-void mbedtls_pk_free( mbedtls_pk_context *ctx )
-{
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return;
-
-    ctx->pk_info->ctx_free_func( ctx->pk_ctx );
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) );
-}
-
-/*
- * Get pk_info structure from type
- */
-const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
-{
-    switch( pk_type ) {
-#if defined(MBEDTLS_RSA_C)
-        case MBEDTLS_PK_RSA:
-            return( &mbedtls_rsa_info );
-#endif
-#if defined(MBEDTLS_ECP_C)
-        case MBEDTLS_PK_ECKEY:
-            return( &mbedtls_eckey_info );
-        case MBEDTLS_PK_ECKEY_DH:
-            return( &mbedtls_eckeydh_info );
-#endif
-#if defined(MBEDTLS_ECDSA_C)
-        case MBEDTLS_PK_ECDSA:
-            return( &mbedtls_ecdsa_info );
-#endif
-        /* MBEDTLS_PK_RSA_ALT omitted on purpose */
-        default:
-            return( NULL );
-    }
-}
-
-/*
- * Initialise context
- */
-int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
-{
-    if( ctx == NULL || info == NULL || ctx->pk_info != NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
-        return( MBEDTLS_ERR_PK_ALLOC_FAILED );
-
-    ctx->pk_info = info;
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/*
- * Initialize an RSA-alt context
- */
-int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
-                         mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
-                         mbedtls_pk_rsa_alt_sign_func sign_func,
-                         mbedtls_pk_rsa_alt_key_len_func key_len_func )
-{
-    mbedtls_rsa_alt_context *rsa_alt;
-    const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
-
-    if( ctx == NULL || ctx->pk_info != NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
-        return( MBEDTLS_ERR_PK_ALLOC_FAILED );
-
-    ctx->pk_info = info;
-
-    rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx;
-
-    rsa_alt->key = key;
-    rsa_alt->decrypt_func = decrypt_func;
-    rsa_alt->sign_func = sign_func;
-    rsa_alt->key_len_func = key_len_func;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-
-/*
- * Tell if a PK can do the operations of the given type
- */
-int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
-{
-    /* null or NONE context can't do anything */
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return( 0 );
-
-    return( ctx->pk_info->can_do( type ) );
-}
-
-/*
- * Helper for mbedtls_pk_sign and mbedtls_pk_verify
- */
-static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len )
-{
-    const mbedtls_md_info_t *md_info;
-
-    if( *hash_len != 0 )
-        return( 0 );
-
-    if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
-        return( -1 );
-
-    *hash_len = mbedtls_md_get_size( md_info );
-    return( 0 );
-}
-
-/*
- * Verify a signature
- */
-int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-               const unsigned char *hash, size_t hash_len,
-               const unsigned char *sig, size_t sig_len )
-{
-    if( ctx == NULL || ctx->pk_info == NULL ||
-        pk_hashlen_helper( md_alg, &hash_len ) != 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    if( ctx->pk_info->verify_func == NULL )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-
-    return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len,
-                                       sig, sig_len ) );
-}
-
-/*
- * Verify a signature with options
- */
-int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
-                   mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   const unsigned char *sig, size_t sig_len )
-{
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    if( ! mbedtls_pk_can_do( ctx, type ) )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-
-    if( type == MBEDTLS_PK_RSASSA_PSS )
-    {
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
-        int ret;
-        const mbedtls_pk_rsassa_pss_options *pss_opts;
-
-#if SIZE_MAX > UINT_MAX
-        if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
-            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-#endif /* SIZE_MAX > UINT_MAX */
-
-        if( options == NULL )
-            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-        pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
-
-        if( sig_len < mbedtls_pk_get_len( ctx ) )
-            return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
-
-        ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ),
-                NULL, NULL, MBEDTLS_RSA_PUBLIC,
-                md_alg, (unsigned int) hash_len, hash,
-                pss_opts->mgf1_hash_id,
-                pss_opts->expected_salt_len,
-                sig );
-        if( ret != 0 )
-            return( ret );
-
-        if( sig_len > mbedtls_pk_get_len( ctx ) )
-            return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
-
-        return( 0 );
-#else
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
-    }
-
-    /* General case: no options */
-    if( options != NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
-}
-
-/*
- * Make a signature
- */
-int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-             const unsigned char *hash, size_t hash_len,
-             unsigned char *sig, size_t *sig_len,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    if( ctx == NULL || ctx->pk_info == NULL ||
-        pk_hashlen_helper( md_alg, &hash_len ) != 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    if( ctx->pk_info->sign_func == NULL )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-
-    return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len,
-                                     sig, sig_len, f_rng, p_rng ) );
-}
-
-/*
- * Decrypt message
- */
-int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
-                const unsigned char *input, size_t ilen,
-                unsigned char *output, size_t *olen, size_t osize,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    if( ctx->pk_info->decrypt_func == NULL )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-
-    return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen,
-                output, olen, osize, f_rng, p_rng ) );
-}
-
-/*
- * Encrypt message
- */
-int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
-                const unsigned char *input, size_t ilen,
-                unsigned char *output, size_t *olen, size_t osize,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    if( ctx->pk_info->encrypt_func == NULL )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-
-    return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen,
-                output, olen, osize, f_rng, p_rng ) );
-}
-
-/*
- * Check public-private key pair
- */
-int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
-{
-    if( pub == NULL || pub->pk_info == NULL ||
-        prv == NULL || prv->pk_info == NULL ||
-        prv->pk_info->check_pair_func == NULL )
-    {
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-    }
-
-    if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT )
-    {
-        if( pub->pk_info->type != MBEDTLS_PK_RSA )
-            return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-    }
-    else
-    {
-        if( pub->pk_info != prv->pk_info )
-            return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-    }
-
-    return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) );
-}
-
-/*
- * Get key size in bits
- */
-size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
-{
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return( 0 );
-
-    return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) );
-}
-
-/*
- * Export debug information
- */
-int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
-{
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    if( ctx->pk_info->debug_func == NULL )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-
-    ctx->pk_info->debug_func( ctx->pk_ctx, items );
-    return( 0 );
-}
-
-/*
- * Access the PK type name
- */
-const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx )
-{
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return( "invalid PK" );
-
-    return( ctx->pk_info->name );
-}
-
-/*
- * Access the PK type
- */
-mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
-{
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return( MBEDTLS_PK_NONE );
-
-    return( ctx->pk_info->type );
-}
-
-#endif /* MBEDTLS_PK_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/pk_wrap.c b/components/ssl/mbedtls/mbedtls/library/pk_wrap.c
deleted file mode 100644
index a4bb35fc..00000000
--- a/components/ssl/mbedtls/mbedtls/library/pk_wrap.c
+++ /dev/null
@@ -1,521 +0,0 @@
-/*
- *  Public Key abstraction layer: wrapper functions
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PK_C)
-#include "mbedtls/pk_internal.h"
-
-/* Even if RSA not activated, for the sake of RSA-alt */
-#include "mbedtls/rsa.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
-#endif
-
-#if defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdsa.h"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc    calloc
-#define mbedtls_free       free
-#endif
-
-#include <limits.h>
-#include <stdint.h>
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-static int rsa_can_do( mbedtls_pk_type_t type )
-{
-    return( type == MBEDTLS_PK_RSA ||
-            type == MBEDTLS_PK_RSASSA_PSS );
-}
-
-static size_t rsa_get_bitlen( const void *ctx )
-{
-    const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx;
-    return( 8 * mbedtls_rsa_get_len( rsa ) );
-}
-
-static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   const unsigned char *sig, size_t sig_len )
-{
-    int ret;
-    mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
-    size_t rsa_len = mbedtls_rsa_get_len( rsa );
-
-#if SIZE_MAX > UINT_MAX
-    if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-#endif /* SIZE_MAX > UINT_MAX */
-
-    if( sig_len < rsa_len )
-        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
-
-    if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
-                                  MBEDTLS_RSA_PUBLIC, md_alg,
-                                  (unsigned int) hash_len, hash, sig ) ) != 0 )
-        return( ret );
-
-    if( sig_len > rsa_len )
-        return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
-
-    return( 0 );
-}
-
-static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
-
-#if SIZE_MAX > UINT_MAX
-    if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-#endif /* SIZE_MAX > UINT_MAX */
-
-    *sig_len = mbedtls_rsa_get_len( rsa );
-
-    return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
-                md_alg, (unsigned int) hash_len, hash, sig ) );
-}
-
-static int rsa_decrypt_wrap( void *ctx,
-                    const unsigned char *input, size_t ilen,
-                    unsigned char *output, size_t *olen, size_t osize,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
-
-    if( ilen != mbedtls_rsa_get_len( rsa ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
-                MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
-}
-
-static int rsa_encrypt_wrap( void *ctx,
-                    const unsigned char *input, size_t ilen,
-                    unsigned char *output, size_t *olen, size_t osize,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
-    *olen = mbedtls_rsa_get_len( rsa );
-
-    if( *olen > osize )
-        return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
-
-    return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
-                                       ilen, input, output ) );
-}
-
-static int rsa_check_pair_wrap( const void *pub, const void *prv )
-{
-    return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
-                                (const mbedtls_rsa_context *) prv ) );
-}
-
-static void *rsa_alloc_wrap( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
-
-    if( ctx != NULL )
-        mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
-
-    return( ctx );
-}
-
-static void rsa_free_wrap( void *ctx )
-{
-    mbedtls_rsa_free( (mbedtls_rsa_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
-{
-    items->type = MBEDTLS_PK_DEBUG_MPI;
-    items->name = "rsa.N";
-    items->value = &( ((mbedtls_rsa_context *) ctx)->N );
-
-    items++;
-
-    items->type = MBEDTLS_PK_DEBUG_MPI;
-    items->name = "rsa.E";
-    items->value = &( ((mbedtls_rsa_context *) ctx)->E );
-}
-
-const mbedtls_pk_info_t mbedtls_rsa_info = {
-    MBEDTLS_PK_RSA,
-    "RSA",
-    rsa_get_bitlen,
-    rsa_can_do,
-    rsa_verify_wrap,
-    rsa_sign_wrap,
-    rsa_decrypt_wrap,
-    rsa_encrypt_wrap,
-    rsa_check_pair_wrap,
-    rsa_alloc_wrap,
-    rsa_free_wrap,
-    rsa_debug,
-};
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/*
- * Generic EC key
- */
-static int eckey_can_do( mbedtls_pk_type_t type )
-{
-    return( type == MBEDTLS_PK_ECKEY ||
-            type == MBEDTLS_PK_ECKEY_DH ||
-            type == MBEDTLS_PK_ECDSA );
-}
-
-static size_t eckey_get_bitlen( const void *ctx )
-{
-    return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits );
-}
-
-#if defined(MBEDTLS_ECDSA_C)
-/* Forward declarations */
-static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                       const unsigned char *hash, size_t hash_len,
-                       const unsigned char *sig, size_t sig_len );
-
-static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                       const unsigned char *hash, size_t hash_len,
-                       const unsigned char *sig, size_t sig_len )
-{
-    int ret;
-    mbedtls_ecdsa_context ecdsa;
-
-    mbedtls_ecdsa_init( &ecdsa );
-
-    if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
-        ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
-
-    mbedtls_ecdsa_free( &ecdsa );
-
-    return( ret );
-}
-
-static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    int ret;
-    mbedtls_ecdsa_context ecdsa;
-
-    mbedtls_ecdsa_init( &ecdsa );
-
-    if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
-        ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
-                               f_rng, p_rng );
-
-    mbedtls_ecdsa_free( &ecdsa );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_ECDSA_C */
-
-static int eckey_check_pair( const void *pub, const void *prv )
-{
-    return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
-                                (const mbedtls_ecp_keypair *) prv ) );
-}
-
-static void *eckey_alloc_wrap( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
-
-    if( ctx != NULL )
-        mbedtls_ecp_keypair_init( ctx );
-
-    return( ctx );
-}
-
-static void eckey_free_wrap( void *ctx )
-{
-    mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx );
-    mbedtls_free( ctx );
-}
-
-static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items )
-{
-    items->type = MBEDTLS_PK_DEBUG_ECP;
-    items->name = "eckey.Q";
-    items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q );
-}
-
-const mbedtls_pk_info_t mbedtls_eckey_info = {
-    MBEDTLS_PK_ECKEY,
-    "EC",
-    eckey_get_bitlen,
-    eckey_can_do,
-#if defined(MBEDTLS_ECDSA_C)
-    eckey_verify_wrap,
-    eckey_sign_wrap,
-#else
-    NULL,
-    NULL,
-#endif
-    NULL,
-    NULL,
-    eckey_check_pair,
-    eckey_alloc_wrap,
-    eckey_free_wrap,
-    eckey_debug,
-};
-
-/*
- * EC key restricted to ECDH
- */
-static int eckeydh_can_do( mbedtls_pk_type_t type )
-{
-    return( type == MBEDTLS_PK_ECKEY ||
-            type == MBEDTLS_PK_ECKEY_DH );
-}
-
-const mbedtls_pk_info_t mbedtls_eckeydh_info = {
-    MBEDTLS_PK_ECKEY_DH,
-    "EC_DH",
-    eckey_get_bitlen,         /* Same underlying key structure */
-    eckeydh_can_do,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    eckey_check_pair,
-    eckey_alloc_wrap,       /* Same underlying key structure */
-    eckey_free_wrap,        /* Same underlying key structure */
-    eckey_debug,            /* Same underlying key structure */
-};
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_ECDSA_C)
-static int ecdsa_can_do( mbedtls_pk_type_t type )
-{
-    return( type == MBEDTLS_PK_ECDSA );
-}
-
-static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                       const unsigned char *hash, size_t hash_len,
-                       const unsigned char *sig, size_t sig_len )
-{
-    int ret;
-    ((void) md_alg);
-
-    ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
-                                hash, hash_len, sig, sig_len );
-
-    if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
-        return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
-
-    return( ret );
-}
-
-static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx,
-                md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
-}
-
-static void *ecdsa_alloc_wrap( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
-
-    if( ctx != NULL )
-        mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
-
-    return( ctx );
-}
-
-static void ecdsa_free_wrap( void *ctx )
-{
-    mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-const mbedtls_pk_info_t mbedtls_ecdsa_info = {
-    MBEDTLS_PK_ECDSA,
-    "ECDSA",
-    eckey_get_bitlen,     /* Compatible key structures */
-    ecdsa_can_do,
-    ecdsa_verify_wrap,
-    ecdsa_sign_wrap,
-    NULL,
-    NULL,
-    eckey_check_pair,   /* Compatible key structures */
-    ecdsa_alloc_wrap,
-    ecdsa_free_wrap,
-    eckey_debug,        /* Compatible key structures */
-};
-#endif /* MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/*
- * Support for alternative RSA-private implementations
- */
-
-static int rsa_alt_can_do( mbedtls_pk_type_t type )
-{
-    return( type == MBEDTLS_PK_RSA );
-}
-
-static size_t rsa_alt_get_bitlen( const void *ctx )
-{
-    const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
-
-    return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
-}
-
-static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
-
-#if SIZE_MAX > UINT_MAX
-    if( UINT_MAX < hash_len )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-#endif /* SIZE_MAX > UINT_MAX */
-
-    *sig_len = rsa_alt->key_len_func( rsa_alt->key );
-
-    return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
-                md_alg, (unsigned int) hash_len, hash, sig ) );
-}
-
-static int rsa_alt_decrypt_wrap( void *ctx,
-                    const unsigned char *input, size_t ilen,
-                    unsigned char *output, size_t *olen, size_t osize,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
-
-    ((void) f_rng);
-    ((void) p_rng);
-
-    if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    return( rsa_alt->decrypt_func( rsa_alt->key,
-                MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
-}
-
-#if defined(MBEDTLS_RSA_C)
-static int rsa_alt_check_pair( const void *pub, const void *prv )
-{
-    unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
-    unsigned char hash[32];
-    size_t sig_len = 0;
-    int ret;
-
-    if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-
-    memset( hash, 0x2a, sizeof( hash ) );
-
-    if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
-                                   hash, sizeof( hash ),
-                                   sig, &sig_len, NULL, NULL ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
-                         hash, sizeof( hash ), sig, sig_len ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_RSA_C */
-
-static void *rsa_alt_alloc_wrap( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) );
-
-    if( ctx != NULL )
-        memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) );
-
-    return( ctx );
-}
-
-static void rsa_alt_free_wrap( void *ctx )
-{
-    mbedtls_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
-    mbedtls_free( ctx );
-}
-
-const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
-    MBEDTLS_PK_RSA_ALT,
-    "RSA-alt",
-    rsa_alt_get_bitlen,
-    rsa_alt_can_do,
-    NULL,
-    rsa_alt_sign_wrap,
-    rsa_alt_decrypt_wrap,
-    NULL,
-#if defined(MBEDTLS_RSA_C)
-    rsa_alt_check_pair,
-#else
-    NULL,
-#endif
-    rsa_alt_alloc_wrap,
-    rsa_alt_free_wrap,
-    NULL,
-};
-
-#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-
-#endif /* MBEDTLS_PK_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/pkcs11.c b/components/ssl/mbedtls/mbedtls/library/pkcs11.c
deleted file mode 100644
index 0ea64252..00000000
--- a/components/ssl/mbedtls/mbedtls/library/pkcs11.c
+++ /dev/null
@@ -1,240 +0,0 @@
-/**
- * \file pkcs11.c
- *
- * \brief Wrapper for PKCS#11 library libpkcs11-helper
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#include "mbedtls/pkcs11.h"
-
-#if defined(MBEDTLS_PKCS11_C)
-
-#include "mbedtls/md.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/x509_crt.h"
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc    calloc
-#define mbedtls_free       free
-#endif
-
-#include <string.h>
-
-void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_pkcs11_context ) );
-}
-
-int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11_cert )
-{
-    int ret = 1;
-    unsigned char *cert_blob = NULL;
-    size_t cert_blob_size = 0;
-
-    if( cert == NULL )
-    {
-        ret = 2;
-        goto cleanup;
-    }
-
-    if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL,
-                                                &cert_blob_size ) != CKR_OK )
-    {
-        ret = 3;
-        goto cleanup;
-    }
-
-    cert_blob = mbedtls_calloc( 1, cert_blob_size );
-    if( NULL == cert_blob )
-    {
-        ret = 4;
-        goto cleanup;
-    }
-
-    if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob,
-                                                &cert_blob_size ) != CKR_OK )
-    {
-        ret = 5;
-        goto cleanup;
-    }
-
-    if( 0 != mbedtls_x509_crt_parse( cert, cert_blob, cert_blob_size ) )
-    {
-        ret = 6;
-        goto cleanup;
-    }
-
-    ret = 0;
-
-cleanup:
-    if( NULL != cert_blob )
-        mbedtls_free( cert_blob );
-
-    return( ret );
-}
-
-
-int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key,
-        pkcs11h_certificate_t pkcs11_cert )
-{
-    int ret = 1;
-    mbedtls_x509_crt cert;
-
-    mbedtls_x509_crt_init( &cert );
-
-    if( priv_key == NULL )
-        goto cleanup;
-
-    if( 0 != mbedtls_pkcs11_x509_cert_bind( &cert, pkcs11_cert ) )
-        goto cleanup;
-
-    priv_key->len = mbedtls_pk_get_len( &cert.pk );
-    priv_key->pkcs11h_cert = pkcs11_cert;
-
-    ret = 0;
-
-cleanup:
-    mbedtls_x509_crt_free( &cert );
-
-    return( ret );
-}
-
-void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key )
-{
-    if( NULL != priv_key )
-        pkcs11h_certificate_freeCertificate( priv_key->pkcs11h_cert );
-}
-
-int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
-                       int mode, size_t *olen,
-                       const unsigned char *input,
-                       unsigned char *output,
-                       size_t output_max_len )
-{
-    size_t input_len, output_len;
-
-    if( NULL == ctx )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    if( MBEDTLS_RSA_PRIVATE != mode )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    output_len = input_len = ctx->len;
-
-    if( input_len < 16 || input_len > output_max_len )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    /* Determine size of output buffer */
-    if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
-            input_len, NULL, &output_len ) != CKR_OK )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-    if( output_len > output_max_len )
-        return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
-
-    if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
-            input_len, output, &output_len ) != CKR_OK )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-    *olen = output_len;
-    return( 0 );
-}
-
-int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
-                    int mode,
-                    mbedtls_md_type_t md_alg,
-                    unsigned int hashlen,
-                    const unsigned char *hash,
-                    unsigned char *sig )
-{
-    size_t sig_len = 0, asn_len = 0, oid_size = 0;
-    unsigned char *p = sig;
-    const char *oid;
-
-    if( NULL == ctx )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    if( MBEDTLS_RSA_PRIVATE != mode )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    if( md_alg != MBEDTLS_MD_NONE )
-    {
-        const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
-        if( md_info == NULL )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        hashlen = mbedtls_md_get_size( md_info );
-        asn_len = 10 + oid_size;
-    }
-
-    sig_len = ctx->len;
-    if( hashlen > sig_len || asn_len > sig_len ||
-        hashlen + asn_len > sig_len )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-    if( md_alg != MBEDTLS_MD_NONE )
-    {
-        /*
-         * DigestInfo ::= SEQUENCE {
-         *   digestAlgorithm DigestAlgorithmIdentifier,
-         *   digest Digest }
-         *
-         * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-         *
-         * Digest ::= OCTET STRING
-         */
-        *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
-        *p++ = (unsigned char) ( 0x08 + oid_size + hashlen );
-        *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
-        *p++ = (unsigned char) ( 0x04 + oid_size );
-        *p++ = MBEDTLS_ASN1_OID;
-        *p++ = oid_size & 0xFF;
-        memcpy( p, oid, oid_size );
-        p += oid_size;
-        *p++ = MBEDTLS_ASN1_NULL;
-        *p++ = 0x00;
-        *p++ = MBEDTLS_ASN1_OCTET_STRING;
-        *p++ = hashlen;
-    }
-
-    memcpy( p, hash, hashlen );
-
-    if( pkcs11h_certificate_signAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, sig,
-            asn_len + hashlen, sig, &sig_len ) != CKR_OK )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-    return( 0 );
-}
-
-#endif /* defined(MBEDTLS_PKCS11_C) */
diff --git a/components/ssl/mbedtls/mbedtls/library/pkcs12.c b/components/ssl/mbedtls/mbedtls/library/pkcs12.c
deleted file mode 100644
index c603a135..00000000
--- a/components/ssl/mbedtls/mbedtls/library/pkcs12.c
+++ /dev/null
@@ -1,365 +0,0 @@
-/*
- *  PKCS#12 Personal Information Exchange Syntax
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  The PKCS #12 Personal Information Exchange Syntax Standard v1.1
- *
- *  http://www.rsa.com/rsalabs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf
- *  ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1-1.asn
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PKCS12_C)
-
-#include "mbedtls/pkcs12.h"
-#include "mbedtls/asn1.h"
-#include "mbedtls/cipher.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_ARC4_C)
-#include "mbedtls/arc4.h"
-#endif
-
-#if defined(MBEDTLS_DES_C)
-#include "mbedtls/des.h"
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
-                                    mbedtls_asn1_buf *salt, int *iterations )
-{
-    int ret;
-    unsigned char **p = &params->p;
-    const unsigned char *end = params->p + params->len;
-
-    /*
-     *  pkcs-12PbeParams ::= SEQUENCE {
-     *    salt          OCTET STRING,
-     *    iterations    INTEGER
-     *  }
-     *
-     */
-    if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
-        return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
-
-    salt->p = *p;
-    *p += salt->len;
-
-    if( ( ret = mbedtls_asn1_get_int( p, end, iterations ) ) != 0 )
-        return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret );
-
-    if( *p != end )
-        return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-
-#define PKCS12_MAX_PWDLEN 128
-
-static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type,
-                                     const unsigned char *pwd,  size_t pwdlen,
-                                     unsigned char *key, size_t keylen,
-                                     unsigned char *iv,  size_t ivlen )
-{
-    int ret, iterations = 0;
-    mbedtls_asn1_buf salt;
-    size_t i;
-    unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
-
-    if( pwdlen > PKCS12_MAX_PWDLEN )
-        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
-
-    memset( &salt, 0, sizeof(mbedtls_asn1_buf) );
-    memset( &unipwd, 0, sizeof(unipwd) );
-
-    if( ( ret = pkcs12_parse_pbe_params( pbe_params, &salt,
-                                         &iterations ) ) != 0 )
-        return( ret );
-
-    for( i = 0; i < pwdlen; i++ )
-        unipwd[i * 2 + 1] = pwd[i];
-
-    if( ( ret = mbedtls_pkcs12_derivation( key, keylen, unipwd, pwdlen * 2 + 2,
-                                   salt.p, salt.len, md_type,
-                                   MBEDTLS_PKCS12_DERIVE_KEY, iterations ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( iv == NULL || ivlen == 0 )
-        return( 0 );
-
-    if( ( ret = mbedtls_pkcs12_derivation( iv, ivlen, unipwd, pwdlen * 2 + 2,
-                                   salt.p, salt.len, md_type,
-                                   MBEDTLS_PKCS12_DERIVE_IV, iterations ) ) != 0 )
-    {
-        return( ret );
-    }
-    return( 0 );
-}
-
-#undef PKCS12_MAX_PWDLEN
-
-int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
-                             const unsigned char *pwd,  size_t pwdlen,
-                             const unsigned char *data, size_t len,
-                             unsigned char *output )
-{
-#if !defined(MBEDTLS_ARC4_C)
-    ((void) pbe_params);
-    ((void) mode);
-    ((void) pwd);
-    ((void) pwdlen);
-    ((void) data);
-    ((void) len);
-    ((void) output);
-    return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
-#else
-    int ret;
-    unsigned char key[16];
-    mbedtls_arc4_context ctx;
-    ((void) mode);
-
-    mbedtls_arc4_init( &ctx );
-
-    if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, MBEDTLS_MD_SHA1,
-                                          pwd, pwdlen,
-                                          key, 16, NULL, 0 ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    mbedtls_arc4_setup( &ctx, key, 16 );
-    if( ( ret = mbedtls_arc4_crypt( &ctx, len, data, output ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_zeroize( key, sizeof( key ) );
-    mbedtls_arc4_free( &ctx );
-
-    return( ret );
-#endif /* MBEDTLS_ARC4_C */
-}
-
-int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
-                mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
-                const unsigned char *pwd,  size_t pwdlen,
-                const unsigned char *data, size_t len,
-                unsigned char *output )
-{
-    int ret, keylen = 0;
-    unsigned char key[32];
-    unsigned char iv[16];
-    const mbedtls_cipher_info_t *cipher_info;
-    mbedtls_cipher_context_t cipher_ctx;
-    size_t olen = 0;
-
-    cipher_info = mbedtls_cipher_info_from_type( cipher_type );
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
-
-    keylen = cipher_info->key_bitlen / 8;
-
-    if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, md_type, pwd, pwdlen,
-                                          key, keylen,
-                                          iv, cipher_info->iv_size ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    mbedtls_cipher_init( &cipher_ctx );
-
-    if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_cipher_reset( &cipher_ctx ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_cipher_update( &cipher_ctx, data, len,
-                                output, &olen ) ) != 0 )
-    {
-        goto exit;
-    }
-
-    if( ( ret = mbedtls_cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
-        ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH;
-
-exit:
-    mbedtls_zeroize( key, sizeof( key ) );
-    mbedtls_zeroize( iv,  sizeof( iv  ) );
-    mbedtls_cipher_free( &cipher_ctx );
-
-    return( ret );
-}
-
-static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
-                                const unsigned char *filler, size_t fill_len )
-{
-    unsigned char *p = data;
-    size_t use_len;
-
-    while( data_len > 0 )
-    {
-        use_len = ( data_len > fill_len ) ? fill_len : data_len;
-        memcpy( p, filler, use_len );
-        p += use_len;
-        data_len -= use_len;
-    }
-}
-
-int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
-                       const unsigned char *pwd, size_t pwdlen,
-                       const unsigned char *salt, size_t saltlen,
-                       mbedtls_md_type_t md_type, int id, int iterations )
-{
-    int ret;
-    unsigned int j;
-
-    unsigned char diversifier[128];
-    unsigned char salt_block[128], pwd_block[128], hash_block[128];
-    unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
-    unsigned char *p;
-    unsigned char c;
-
-    size_t hlen, use_len, v, i;
-
-    const mbedtls_md_info_t *md_info;
-    mbedtls_md_context_t md_ctx;
-
-    // This version only allows max of 64 bytes of password or salt
-    if( datalen > 128 || pwdlen > 64 || saltlen > 64 )
-        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
-
-    md_info = mbedtls_md_info_from_type( md_type );
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
-
-    mbedtls_md_init( &md_ctx );
-
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
-        return( ret );
-    hlen = mbedtls_md_get_size( md_info );
-
-    if( hlen <= 32 )
-        v = 64;
-    else
-        v = 128;
-
-    memset( diversifier, (unsigned char) id, v );
-
-    pkcs12_fill_buffer( salt_block, v, salt, saltlen );
-    pkcs12_fill_buffer( pwd_block,  v, pwd,  pwdlen  );
-
-    p = data;
-    while( datalen > 0 )
-    {
-        // Calculate hash( diversifier || salt_block || pwd_block )
-        if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )
-            goto exit;
-
-        if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 )
-            goto exit;
-
-        if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v ) ) != 0 )
-            goto exit;
-
-        if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v ) ) != 0 )
-            goto exit;
-
-        if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 )
-            goto exit;
-
-        // Perform remaining ( iterations - 1 ) recursive hash calculations
-        for( i = 1; i < (size_t) iterations; i++ )
-        {
-            if( ( ret = mbedtls_md( md_info, hash_output, hlen, hash_output ) ) != 0 )
-                goto exit;
-        }
-
-        use_len = ( datalen > hlen ) ? hlen : datalen;
-        memcpy( p, hash_output, use_len );
-        datalen -= use_len;
-        p += use_len;
-
-        if( datalen == 0 )
-            break;
-
-        // Concatenating copies of hash_output into hash_block (B)
-        pkcs12_fill_buffer( hash_block, v, hash_output, hlen );
-
-        // B += 1
-        for( i = v; i > 0; i-- )
-            if( ++hash_block[i - 1] != 0 )
-                break;
-
-        // salt_block += B
-        c = 0;
-        for( i = v; i > 0; i-- )
-        {
-            j = salt_block[i - 1] + hash_block[i - 1] + c;
-            c = (unsigned char) (j >> 8);
-            salt_block[i - 1] = j & 0xFF;
-        }
-
-        // pwd_block  += B
-        c = 0;
-        for( i = v; i > 0; i-- )
-        {
-            j = pwd_block[i - 1] + hash_block[i - 1] + c;
-            c = (unsigned char) (j >> 8);
-            pwd_block[i - 1] = j & 0xFF;
-        }
-    }
-
-    ret = 0;
-
-exit:
-    mbedtls_zeroize( salt_block, sizeof( salt_block ) );
-    mbedtls_zeroize( pwd_block, sizeof( pwd_block ) );
-    mbedtls_zeroize( hash_block, sizeof( hash_block ) );
-    mbedtls_zeroize( hash_output, sizeof( hash_output ) );
-
-    mbedtls_md_free( &md_ctx );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_PKCS12_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/pkcs5.c b/components/ssl/mbedtls/mbedtls/library/pkcs5.c
deleted file mode 100644
index 95f44fa9..00000000
--- a/components/ssl/mbedtls/mbedtls/library/pkcs5.c
+++ /dev/null
@@ -1,404 +0,0 @@
-/**
- * \file pkcs5.c
- *
- * \brief PKCS#5 functions
- *
- * \author Mathias Olsson <mathias@kompetensum.com>
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- * PKCS#5 includes PBKDF2 and more
- *
- * http://tools.ietf.org/html/rfc2898 (Specification)
- * http://tools.ietf.org/html/rfc6070 (Test vectors)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PKCS5_C)
-
-#include "mbedtls/pkcs5.h"
-#include "mbedtls/asn1.h"
-#include "mbedtls/cipher.h"
-#include "mbedtls/oid.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif
-
-static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
-                                      mbedtls_asn1_buf *salt, int *iterations,
-                                      int *keylen, mbedtls_md_type_t *md_type )
-{
-    int ret;
-    mbedtls_asn1_buf prf_alg_oid;
-    unsigned char *p = params->p;
-    const unsigned char *end = params->p + params->len;
-
-    if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
-        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
-    /*
-     *  PBKDF2-params ::= SEQUENCE {
-     *    salt              OCTET STRING,
-     *    iterationCount    INTEGER,
-     *    keyLength         INTEGER OPTIONAL
-     *    prf               AlgorithmIdentifier DEFAULT algid-hmacWithSHA1
-     *  }
-     *
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
-
-    salt->p = p;
-    p += salt->len;
-
-    if( ( ret = mbedtls_asn1_get_int( &p, end, iterations ) ) != 0 )
-        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
-
-    if( p == end )
-        return( 0 );
-
-    if( ( ret = mbedtls_asn1_get_int( &p, end, keylen ) ) != 0 )
-    {
-        if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-            return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
-    }
-
-    if( p == end )
-        return( 0 );
-
-    if( ( ret = mbedtls_asn1_get_alg_null( &p, end, &prf_alg_oid ) ) != 0 )
-        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
-
-    if( mbedtls_oid_get_md_hmac( &prf_alg_oid, md_type ) != 0 )
-        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-
-    if( p != end )
-        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-
-int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
-                 const unsigned char *pwd,  size_t pwdlen,
-                 const unsigned char *data, size_t datalen,
-                 unsigned char *output )
-{
-    int ret, iterations = 0, keylen = 0;
-    unsigned char *p, *end;
-    mbedtls_asn1_buf kdf_alg_oid, enc_scheme_oid, kdf_alg_params, enc_scheme_params;
-    mbedtls_asn1_buf salt;
-    mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1;
-    unsigned char key[32], iv[32];
-    size_t olen = 0;
-    const mbedtls_md_info_t *md_info;
-    const mbedtls_cipher_info_t *cipher_info;
-    mbedtls_md_context_t md_ctx;
-    mbedtls_cipher_type_t cipher_alg;
-    mbedtls_cipher_context_t cipher_ctx;
-
-    p = pbe_params->p;
-    end = p + pbe_params->len;
-
-    /*
-     *  PBES2-params ::= SEQUENCE {
-     *    keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
-     *    encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
-     *  }
-     */
-    if( pbe_params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
-        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
-
-    if( ( ret = mbedtls_asn1_get_alg( &p, end, &kdf_alg_oid, &kdf_alg_params ) ) != 0 )
-        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
-
-    // Only PBKDF2 supported at the moment
-    //
-    if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBKDF2, &kdf_alg_oid ) != 0 )
-        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-
-    if( ( ret = pkcs5_parse_pbkdf2_params( &kdf_alg_params,
-                                           &salt, &iterations, &keylen,
-                                           &md_type ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    md_info = mbedtls_md_info_from_type( md_type );
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-
-    if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid,
-                              &enc_scheme_params ) ) != 0 )
-    {
-        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
-    }
-
-    if( mbedtls_oid_get_cipher_alg( &enc_scheme_oid, &cipher_alg ) != 0 )
-        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-
-    cipher_info = mbedtls_cipher_info_from_type( cipher_alg );
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-
-    /*
-     * The value of keylen from pkcs5_parse_pbkdf2_params() is ignored
-     * since it is optional and we don't know if it was set or not
-     */
-    keylen = cipher_info->key_bitlen / 8;
-
-    if( enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING ||
-        enc_scheme_params.len != cipher_info->iv_size )
-    {
-        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT );
-    }
-
-    mbedtls_md_init( &md_ctx );
-    mbedtls_cipher_init( &cipher_ctx );
-
-    memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
-
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len,
-                                   iterations, keylen, key ) ) != 0 )
-    {
-        goto exit;
-    }
-
-    if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_cipher_crypt( &cipher_ctx, iv, enc_scheme_params.len,
-                              data, datalen, output, &olen ) ) != 0 )
-        ret = MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH;
-
-exit:
-    mbedtls_md_free( &md_ctx );
-    mbedtls_cipher_free( &cipher_ctx );
-
-    return( ret );
-}
-
-int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
-                       size_t plen, const unsigned char *salt, size_t slen,
-                       unsigned int iteration_count,
-                       uint32_t key_length, unsigned char *output )
-{
-    int ret, j;
-    unsigned int i;
-    unsigned char md1[MBEDTLS_MD_MAX_SIZE];
-    unsigned char work[MBEDTLS_MD_MAX_SIZE];
-    unsigned char md_size = mbedtls_md_get_size( ctx->md_info );
-    size_t use_len;
-    unsigned char *out_p = output;
-    unsigned char counter[4];
-
-    memset( counter, 0, 4 );
-    counter[3] = 1;
-
-    if( iteration_count > 0xFFFFFFFF )
-        return( MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA );
-
-    while( key_length )
-    {
-        // U1 ends up in work
-        //
-        if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 )
-            return( ret );
-
-        if( ( ret = mbedtls_md_hmac_update( ctx, salt, slen ) ) != 0 )
-            return( ret );
-
-        if( ( ret = mbedtls_md_hmac_update( ctx, counter, 4 ) ) != 0 )
-            return( ret );
-
-        if( ( ret = mbedtls_md_hmac_finish( ctx, work ) ) != 0 )
-            return( ret );
-
-        memcpy( md1, work, md_size );
-
-        for( i = 1; i < iteration_count; i++ )
-        {
-            // U2 ends up in md1
-            //
-            if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 )
-                return( ret );
-
-            if( ( ret = mbedtls_md_hmac_update( ctx, md1, md_size ) ) != 0 )
-                return( ret );
-
-            if( ( ret = mbedtls_md_hmac_finish( ctx, md1 ) ) != 0 )
-                return( ret );
-
-            // U1 xor U2
-            //
-            for( j = 0; j < md_size; j++ )
-                work[j] ^= md1[j];
-        }
-
-        use_len = ( key_length < md_size ) ? key_length : md_size;
-        memcpy( out_p, work, use_len );
-
-        key_length -= (uint32_t) use_len;
-        out_p += use_len;
-
-        for( i = 4; i > 0; i-- )
-            if( ++counter[i - 1] != 0 )
-                break;
-    }
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#if !defined(MBEDTLS_SHA1_C)
-int mbedtls_pkcs5_self_test( int verbose )
-{
-    if( verbose != 0 )
-        mbedtls_printf( "  PBKDF2 (SHA1): skipped\n\n" );
-
-    return( 0 );
-}
-#else
-
-#define MAX_TESTS   6
-
-static const size_t plen[MAX_TESTS] =
-    { 8, 8, 8, 24, 9 };
-
-static const unsigned char password[MAX_TESTS][32] =
-{
-    "password",
-    "password",
-    "password",
-    "passwordPASSWORDpassword",
-    "pass\0word",
-};
-
-static const size_t slen[MAX_TESTS] =
-    { 4, 4, 4, 36, 5 };
-
-static const unsigned char salt[MAX_TESTS][40] =
-{
-    "salt",
-    "salt",
-    "salt",
-    "saltSALTsaltSALTsaltSALTsaltSALTsalt",
-    "sa\0lt",
-};
-
-static const uint32_t it_cnt[MAX_TESTS] =
-    { 1, 2, 4096, 4096, 4096 };
-
-static const uint32_t key_len[MAX_TESTS] =
-    { 20, 20, 20, 25, 16 };
-
-static const unsigned char result_key[MAX_TESTS][32] =
-{
-    { 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
-      0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
-      0x2f, 0xe0, 0x37, 0xa6 },
-    { 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
-      0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
-      0xd8, 0xde, 0x89, 0x57 },
-    { 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
-      0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
-      0x65, 0xa4, 0x29, 0xc1 },
-    { 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
-      0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
-      0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
-      0x38 },
-    { 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
-      0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 },
-};
-
-int mbedtls_pkcs5_self_test( int verbose )
-{
-    mbedtls_md_context_t sha1_ctx;
-    const mbedtls_md_info_t *info_sha1;
-    int ret, i;
-    unsigned char key[64];
-
-    mbedtls_md_init( &sha1_ctx );
-
-    info_sha1 = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
-    if( info_sha1 == NULL )
-    {
-        ret = 1;
-        goto exit;
-    }
-
-    if( ( ret = mbedtls_md_setup( &sha1_ctx, info_sha1, 1 ) ) != 0 )
-    {
-        ret = 1;
-        goto exit;
-    }
-
-    for( i = 0; i < MAX_TESTS; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  PBKDF2 (SHA1) #%d: ", i );
-
-        ret = mbedtls_pkcs5_pbkdf2_hmac( &sha1_ctx, password[i], plen[i], salt[i],
-                                  slen[i], it_cnt[i], key_len[i], key );
-        if( ret != 0 ||
-            memcmp( result_key[i], key, key_len[i] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-exit:
-    mbedtls_md_free( &sha1_ctx );
-
-    return( ret );
-}
-#endif /* MBEDTLS_SHA1_C */
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_PKCS5_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/pkparse.c b/components/ssl/mbedtls/mbedtls/library/pkparse.c
deleted file mode 100644
index 9022db2f..00000000
--- a/components/ssl/mbedtls/mbedtls/library/pkparse.c
+++ /dev/null
@@ -1,1452 +0,0 @@
-/*
- *  Public Key layer for parsing key files and structures
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PK_PARSE_C)
-
-#include "mbedtls/pk.h"
-#include "mbedtls/asn1.h"
-#include "mbedtls/oid.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
-#endif
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
-#endif
-#if defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdsa.h"
-#endif
-#if defined(MBEDTLS_PEM_PARSE_C)
-#include "mbedtls/pem.h"
-#endif
-#if defined(MBEDTLS_PKCS5_C)
-#include "mbedtls/pkcs5.h"
-#endif
-#if defined(MBEDTLS_PKCS12_C)
-#include "mbedtls/pkcs12.h"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc    calloc
-#define mbedtls_free       free
-#endif
-
-#if defined(MBEDTLS_FS_IO) || \
-    defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-#endif
-
-#if defined(MBEDTLS_FS_IO)
-/*
- * Load all data from a file into a given buffer.
- *
- * The file is expected to contain either PEM or DER encoded data.
- * A terminating null byte is always appended. It is included in the announced
- * length only if the data looks like it is PEM encoded.
- */
-int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
-{
-    FILE *f;
-    long size;
-
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
-
-    fseek( f, 0, SEEK_END );
-    if( ( size = ftell( f ) ) == -1 )
-    {
-        fclose( f );
-        return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
-    }
-    fseek( f, 0, SEEK_SET );
-
-    *n = (size_t) size;
-
-    if( *n + 1 == 0 ||
-        ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
-    {
-        fclose( f );
-        return( MBEDTLS_ERR_PK_ALLOC_FAILED );
-    }
-
-    if( fread( *buf, 1, *n, f ) != *n )
-    {
-        fclose( f );
-
-        mbedtls_zeroize( *buf, *n );
-        mbedtls_free( *buf );
-
-        return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
-    }
-
-    fclose( f );
-
-    (*buf)[*n] = '\0';
-
-    if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
-        ++*n;
-
-    return( 0 );
-}
-
-/*
- * Load and parse a private key
- */
-int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
-                      const char *path, const char *pwd )
-{
-    int ret;
-    size_t n;
-    unsigned char *buf;
-
-    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
-        return( ret );
-
-    if( pwd == NULL )
-        ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 );
-    else
-        ret = mbedtls_pk_parse_key( ctx, buf, n,
-                (const unsigned char *) pwd, strlen( pwd ) );
-
-    mbedtls_zeroize( buf, n );
-    mbedtls_free( buf );
-
-    return( ret );
-}
-
-/*
- * Load and parse a public key
- */
-int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
-{
-    int ret;
-    size_t n;
-    unsigned char *buf;
-
-    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
-        return( ret );
-
-    ret = mbedtls_pk_parse_public_key( ctx, buf, n );
-
-    mbedtls_zeroize( buf, n );
-    mbedtls_free( buf );
-
-    return( ret );
-}
-#endif /* MBEDTLS_FS_IO */
-
-#if defined(MBEDTLS_ECP_C)
-/* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
- *
- * ECParameters ::= CHOICE {
- *   namedCurve         OBJECT IDENTIFIER
- *   specifiedCurve     SpecifiedECDomain -- = SEQUENCE { ... }
- *   -- implicitCurve   NULL
- * }
- */
-static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
-                            mbedtls_asn1_buf *params )
-{
-    int ret;
-
-    if ( end - *p < 1 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-    /* Tag may be either OID or SEQUENCE */
-    params->tag = **p;
-    if( params->tag != MBEDTLS_ASN1_OID
-#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
-            && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE )
-#endif
-            )
-    {
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
-    }
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &params->len, params->tag ) ) != 0 )
-    {
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-    }
-
-    params->p = *p;
-    *p += params->len;
-
-    if( *p != end )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
-/*
- * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
- * WARNING: the resulting group should only be used with
- * pk_group_id_from_specified(), since its base point may not be set correctly
- * if it was encoded compressed.
- *
- *  SpecifiedECDomain ::= SEQUENCE {
- *      version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
- *      fieldID FieldID {{FieldTypes}},
- *      curve Curve,
- *      base ECPoint,
- *      order INTEGER,
- *      cofactor INTEGER OPTIONAL,
- *      hash HashAlgorithm OPTIONAL,
- *      ...
- *  }
- *
- * We only support prime-field as field type, and ignore hash and cofactor.
- */
-static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
-{
-    int ret;
-    unsigned char *p = params->p;
-    const unsigned char * const end = params->p + params->len;
-    const unsigned char *end_field, *end_curve;
-    size_t len;
-    int ver;
-
-    /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
-    if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-
-    if( ver < 1 || ver > 3 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-
-    /*
-     * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
-     *       fieldType FIELD-ID.&id({IOSet}),
-     *       parameters FIELD-ID.&Type({IOSet}{@fieldType})
-     * }
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( ret );
-
-    end_field = p + len;
-
-    /*
-     * FIELD-ID ::= TYPE-IDENTIFIER
-     * FieldTypes FIELD-ID ::= {
-     *       { Prime-p IDENTIFIED BY prime-field } |
-     *       { Characteristic-two IDENTIFIED BY characteristic-two-field }
-     * }
-     * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 )
-        return( ret );
-
-    if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) ||
-        memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
-    {
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-    }
-
-    p += len;
-
-    /* Prime-p ::= INTEGER -- Field of size p. */
-    if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-
-    grp->pbits = mbedtls_mpi_bitlen( &grp->P );
-
-    if( p != end_field )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    /*
-     * Curve ::= SEQUENCE {
-     *       a FieldElement,
-     *       b FieldElement,
-     *       seed BIT STRING OPTIONAL
-     *       -- Shall be present if used in SpecifiedECDomain
-     *       -- with version equal to ecdpVer2 or ecdpVer3
-     * }
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( ret );
-
-    end_curve = p + len;
-
-    /*
-     * FieldElement ::= OCTET STRING
-     * containing an integer in the case of a prime field
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
-        ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 )
-    {
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-    }
-
-    p += len;
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
-        ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 )
-    {
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-    }
-
-    p += len;
-
-    /* Ignore seed BIT STRING OPTIONAL */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 )
-        p += len;
-
-    if( p != end_curve )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    /*
-     * ECPoint ::= OCTET STRING
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-
-    if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G,
-                                      ( const unsigned char *) p, len ) ) != 0 )
-    {
-        /*
-         * If we can't read the point because it's compressed, cheat by
-         * reading only the X coordinate and the parity bit of Y.
-         */
-        if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ||
-            ( p[0] != 0x02 && p[0] != 0x03 ) ||
-            len != mbedtls_mpi_size( &grp->P ) + 1 ||
-            mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
-            mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
-            mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 )
-        {
-            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-        }
-    }
-
-    p += len;
-
-    /*
-     * order INTEGER
-     */
-    if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-
-    grp->nbits = mbedtls_mpi_bitlen( &grp->N );
-
-    /*
-     * Allow optional elements by purposefully not enforcing p == end here.
-     */
-
-    return( 0 );
-}
-
-/*
- * Find the group id associated with an (almost filled) group as generated by
- * pk_group_from_specified(), or return an error if unknown.
- */
-static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id )
-{
-    int ret = 0;
-    mbedtls_ecp_group ref;
-    const mbedtls_ecp_group_id *id;
-
-    mbedtls_ecp_group_init( &ref );
-
-    for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ )
-    {
-        /* Load the group associated to that id */
-        mbedtls_ecp_group_free( &ref );
-        MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) );
-
-        /* Compare to the group we were given, starting with easy tests */
-        if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
-            mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
-            mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
-            mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
-            mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
-            mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
-            mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
-            /* For Y we may only know the parity bit, so compare only that */
-            mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) )
-        {
-            break;
-        }
-
-    }
-
-cleanup:
-    mbedtls_ecp_group_free( &ref );
-
-    *grp_id = *id;
-
-    if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE )
-        ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
-
-    return( ret );
-}
-
-/*
- * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
- */
-static int pk_group_id_from_specified( const mbedtls_asn1_buf *params,
-                                       mbedtls_ecp_group_id *grp_id )
-{
-    int ret;
-    mbedtls_ecp_group grp;
-
-    mbedtls_ecp_group_init( &grp );
-
-    if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
-        goto cleanup;
-
-    ret = pk_group_id_from_group( &grp, grp_id );
-
-cleanup:
-    mbedtls_ecp_group_free( &grp );
-
-    return( ret );
-}
-#endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
-
-/*
- * Use EC parameters to initialise an EC group
- *
- * ECParameters ::= CHOICE {
- *   namedCurve         OBJECT IDENTIFIER
- *   specifiedCurve     SpecifiedECDomain -- = SEQUENCE { ... }
- *   -- implicitCurve   NULL
- */
-static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
-{
-    int ret;
-    mbedtls_ecp_group_id grp_id;
-
-    if( params->tag == MBEDTLS_ASN1_OID )
-    {
-        if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 )
-            return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE );
-    }
-    else
-    {
-#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
-        if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
-            return( ret );
-#else
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-#endif
-    }
-
-    /*
-     * grp may already be initilialized; if so, make sure IDs match
-     */
-    if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-
-    if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-/*
- * EC public key is an EC point
- *
- * The caller is responsible for clearing the structure upon failure if
- * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
- * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state.
- */
-static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
-                            mbedtls_ecp_keypair *key )
-{
-    int ret;
-
-    if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q,
-                    (const unsigned char *) *p, end - *p ) ) == 0 )
-    {
-        ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q );
-    }
-
-    /*
-     * We know mbedtls_ecp_point_read_binary consumed all bytes or failed
-     */
-    *p = (unsigned char *) end;
-
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_RSA_C)
-/*
- *  RSAPublicKey ::= SEQUENCE {
- *      modulus           INTEGER,  -- n
- *      publicExponent    INTEGER   -- e
- *  }
- */
-static int pk_get_rsapubkey( unsigned char **p,
-                             const unsigned char *end,
-                             mbedtls_rsa_context *rsa )
-{
-    int ret;
-    size_t len;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
-
-    if( *p + len != end )
-        return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    /* Import N */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
-        return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
-
-    if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0,
-                                        NULL, 0, NULL, 0 ) ) != 0 )
-        return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
-
-    *p += len;
-
-    /* Import E */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
-        return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
-
-    if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
-                                        NULL, 0, *p, len ) ) != 0 )
-        return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
-
-    *p += len;
-
-    if( mbedtls_rsa_complete( rsa ) != 0 ||
-        mbedtls_rsa_check_pubkey( rsa ) != 0 )
-    {
-        return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
-    }
-
-    if( *p != end )
-        return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_RSA_C */
-
-/* Get a PK algorithm identifier
- *
- *  AlgorithmIdentifier  ::=  SEQUENCE  {
- *       algorithm               OBJECT IDENTIFIER,
- *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
- */
-static int pk_get_pk_alg( unsigned char **p,
-                          const unsigned char *end,
-                          mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params )
-{
-    int ret;
-    mbedtls_asn1_buf alg_oid;
-
-    memset( params, 0, sizeof(mbedtls_asn1_buf) );
-
-    if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
-        return( MBEDTLS_ERR_PK_INVALID_ALG + ret );
-
-    if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
-        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
-
-    /*
-     * No parameters with RSA (only for EC)
-     */
-    if( *pk_alg == MBEDTLS_PK_RSA &&
-            ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) ||
-                params->len != 0 ) )
-    {
-        return( MBEDTLS_ERR_PK_INVALID_ALG );
-    }
-
-    return( 0 );
-}
-
-/*
- *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
- *       algorithm            AlgorithmIdentifier,
- *       subjectPublicKey     BIT STRING }
- */
-int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
-                        mbedtls_pk_context *pk )
-{
-    int ret;
-    size_t len;
-    mbedtls_asn1_buf alg_params;
-    mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
-    const mbedtls_pk_info_t *pk_info;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-    }
-
-    end = *p + len;
-
-    if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
-        return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
-
-    if( *p + len != end )
-        return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
-        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
-
-    if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
-        return( ret );
-
-#if defined(MBEDTLS_RSA_C)
-    if( pk_alg == MBEDTLS_PK_RSA )
-    {
-        ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
-    } else
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
-    if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
-    {
-        ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp );
-        if( ret == 0 )
-            ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
-    } else
-#endif /* MBEDTLS_ECP_C */
-        ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
-
-    if( ret == 0 && *p != end )
-        ret = MBEDTLS_ERR_PK_INVALID_PUBKEY
-              MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
-
-    if( ret != 0 )
-        mbedtls_pk_free( pk );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_RSA_C)
-/*
- * Parse a PKCS#1 encoded private RSA key
- */
-static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
-                                   const unsigned char *key,
-                                   size_t keylen )
-{
-    int ret, version;
-    size_t len;
-    unsigned char *p, *end;
-
-    mbedtls_mpi T;
-    mbedtls_mpi_init( &T );
-
-    p = (unsigned char *) key;
-    end = p + keylen;
-
-    /*
-     * This function parses the RSAPrivateKey (PKCS#1)
-     *
-     *  RSAPrivateKey ::= SEQUENCE {
-     *      version           Version,
-     *      modulus           INTEGER,  -- n
-     *      publicExponent    INTEGER,  -- e
-     *      privateExponent   INTEGER,  -- d
-     *      prime1            INTEGER,  -- p
-     *      prime2            INTEGER,  -- q
-     *      exponent1         INTEGER,  -- d mod (p-1)
-     *      exponent2         INTEGER,  -- d mod (q-1)
-     *      coefficient       INTEGER,  -- (inverse of q) mod p
-     *      otherPrimeInfos   OtherPrimeInfos OPTIONAL
-     *  }
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-    }
-
-    end = p + len;
-
-    if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
-    {
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-    }
-
-    if( version != 0 )
-    {
-        return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
-    }
-
-    /* Import N */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                                      MBEDTLS_ASN1_INTEGER ) ) != 0 ||
-        ( ret = mbedtls_rsa_import_raw( rsa, p, len, NULL, 0, NULL, 0,
-                                        NULL, 0, NULL, 0 ) ) != 0 )
-        goto cleanup;
-    p += len;
-
-    /* Import E */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                                      MBEDTLS_ASN1_INTEGER ) ) != 0 ||
-        ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
-                                        NULL, 0, p, len ) ) != 0 )
-        goto cleanup;
-    p += len;
-
-    /* Import D */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                                      MBEDTLS_ASN1_INTEGER ) ) != 0 ||
-        ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
-                                        p, len, NULL, 0 ) ) != 0 )
-        goto cleanup;
-    p += len;
-
-    /* Import P */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                                      MBEDTLS_ASN1_INTEGER ) ) != 0 ||
-        ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, p, len, NULL, 0,
-                                        NULL, 0, NULL, 0 ) ) != 0 )
-        goto cleanup;
-    p += len;
-
-    /* Import Q */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                                      MBEDTLS_ASN1_INTEGER ) ) != 0 ||
-        ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, p, len,
-                                        NULL, 0, NULL, 0 ) ) != 0 )
-        goto cleanup;
-    p += len;
-
-    /* Complete the RSA private key */
-    if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 )
-        goto cleanup;
-
-    /* Check optional parameters */
-    if( ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 )
-        goto cleanup;
-
-    if( p != end )
-    {
-        ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
-              MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ;
-    }
-
-cleanup:
-
-    mbedtls_mpi_free( &T );
-
-    if( ret != 0 )
-    {
-        /* Wrap error code if it's coming from a lower level */
-        if( ( ret & 0xff80 ) == 0 )
-            ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret;
-        else
-            ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
-
-        mbedtls_rsa_free( rsa );
-    }
-
-    return( ret );
-}
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/*
- * Parse a SEC1 encoded private EC key
- */
-static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
-                                  const unsigned char *key,
-                                  size_t keylen )
-{
-    int ret;
-    int version, pubkey_done;
-    size_t len;
-    mbedtls_asn1_buf params;
-    unsigned char *p = (unsigned char *) key;
-    unsigned char *end = p + keylen;
-    unsigned char *end2;
-
-    /*
-     * RFC 5915, or SEC1 Appendix C.4
-     *
-     * ECPrivateKey ::= SEQUENCE {
-     *      version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
-     *      privateKey     OCTET STRING,
-     *      parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
-     *      publicKey  [1] BIT STRING OPTIONAL
-     *    }
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-    }
-
-    end = p + len;
-
-    if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-
-    if( version != 1 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-
-    if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 )
-    {
-        mbedtls_ecp_keypair_free( eck );
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-    }
-
-    p += len;
-
-    pubkey_done = 0;
-    if( p != end )
-    {
-        /*
-         * Is 'parameters' present?
-         */
-        if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                        MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
-        {
-            if( ( ret = pk_get_ecparams( &p, p + len, &params) ) != 0 ||
-                ( ret = pk_use_ecparams( &params, &eck->grp )  ) != 0 )
-            {
-                mbedtls_ecp_keypair_free( eck );
-                return( ret );
-            }
-        }
-        else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        {
-            mbedtls_ecp_keypair_free( eck );
-            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-        }
-
-        /*
-         * Is 'publickey' present? If not, or if we can't read it (eg because it
-         * is compressed), create it from the private key.
-         */
-        if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                        MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
-        {
-            end2 = p + len;
-
-            if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
-                return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-
-            if( p + len != end2 )
-                return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
-                        MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-            if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
-                pubkey_done = 1;
-            else
-            {
-                /*
-                 * The only acceptable failure mode of pk_get_ecpubkey() above
-                 * is if the point format is not recognized.
-                 */
-                if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE )
-                    return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-            }
-        }
-        else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        {
-            mbedtls_ecp_keypair_free( eck );
-            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-        }
-    }
-
-    if( ! pubkey_done &&
-        ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
-                                                      NULL, NULL ) ) != 0 )
-    {
-        mbedtls_ecp_keypair_free( eck );
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-    }
-
-    if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
-    {
-        mbedtls_ecp_keypair_free( eck );
-        return( ret );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_ECP_C */
-
-/*
- * Parse an unencrypted PKCS#8 encoded private key
- *
- * Notes:
- *
- * - This function does not own the key buffer. It is the
- *   responsibility of the caller to take care of zeroizing
- *   and freeing it after use.
- *
- * - The function is responsible for freeing the provided
- *   PK context on failure.
- *
- */
-static int pk_parse_key_pkcs8_unencrypted_der(
-                                    mbedtls_pk_context *pk,
-                                    const unsigned char* key,
-                                    size_t keylen )
-{
-    int ret, version;
-    size_t len;
-    mbedtls_asn1_buf params;
-    unsigned char *p = (unsigned char *) key;
-    unsigned char *end = p + keylen;
-    mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
-    const mbedtls_pk_info_t *pk_info;
-
-    /*
-     * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208)
-     *
-     *    PrivateKeyInfo ::= SEQUENCE {
-     *      version                   Version,
-     *      privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
-     *      privateKey                PrivateKey,
-     *      attributes           [0]  IMPLICIT Attributes OPTIONAL }
-     *
-     *    Version ::= INTEGER
-     *    PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
-     *    PrivateKey ::= OCTET STRING
-     *
-     *  The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
-     */
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-    }
-
-    end = p + len;
-
-    if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-
-    if( version != 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
-
-    if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-
-    if( len < 1 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-    if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
-        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
-
-    if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
-        return( ret );
-
-#if defined(MBEDTLS_RSA_C)
-    if( pk_alg == MBEDTLS_PK_RSA )
-    {
-        if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 )
-        {
-            mbedtls_pk_free( pk );
-            return( ret );
-        }
-    } else
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
-    if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
-    {
-        if( ( ret = pk_use_ecparams( &params, &mbedtls_pk_ec( *pk )->grp ) ) != 0 ||
-            ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len )  ) != 0 )
-        {
-            mbedtls_pk_free( pk );
-            return( ret );
-        }
-    } else
-#endif /* MBEDTLS_ECP_C */
-        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
-
-    return( 0 );
-}
-
-/*
- * Parse an encrypted PKCS#8 encoded private key
- *
- * To save space, the decryption happens in-place on the given key buffer.
- * Also, while this function may modify the keybuffer, it doesn't own it,
- * and instead it is the responsibility of the caller to zeroize and properly
- * free it after use.
- *
- */
-#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
-static int pk_parse_key_pkcs8_encrypted_der(
-                                    mbedtls_pk_context *pk,
-                                    unsigned char *key, size_t keylen,
-                                    const unsigned char *pwd, size_t pwdlen )
-{
-    int ret, decrypted = 0;
-    size_t len;
-    unsigned char *buf;
-    unsigned char *p, *end;
-    mbedtls_asn1_buf pbe_alg_oid, pbe_params;
-#if defined(MBEDTLS_PKCS12_C)
-    mbedtls_cipher_type_t cipher_alg;
-    mbedtls_md_type_t md_alg;
-#endif
-
-    p = key;
-    end = p + keylen;
-
-    if( pwdlen == 0 )
-        return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
-
-    /*
-     * This function parses the EncryptedPrivateKeyInfo object (PKCS#8)
-     *
-     *  EncryptedPrivateKeyInfo ::= SEQUENCE {
-     *    encryptionAlgorithm  EncryptionAlgorithmIdentifier,
-     *    encryptedData        EncryptedData
-     *  }
-     *
-     *  EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-     *
-     *  EncryptedData ::= OCTET STRING
-     *
-     *  The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
-     *
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-    }
-
-    end = p + len;
-
-    if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
-
-    buf = p;
-
-    /*
-     * Decrypt EncryptedData with appropriate PBE
-     */
-#if defined(MBEDTLS_PKCS12_C)
-    if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
-    {
-        if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
-                                cipher_alg, md_alg,
-                                pwd, pwdlen, p, len, buf ) ) != 0 )
-        {
-            if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH )
-                return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
-
-            return( ret );
-        }
-
-        decrypted = 1;
-    }
-    else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 )
-    {
-        if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params,
-                                             MBEDTLS_PKCS12_PBE_DECRYPT,
-                                             pwd, pwdlen,
-                                             p, len, buf ) ) != 0 )
-        {
-            return( ret );
-        }
-
-        // Best guess for password mismatch when using RC4. If first tag is
-        // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE
-        //
-        if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
-            return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
-
-        decrypted = 1;
-    }
-    else
-#endif /* MBEDTLS_PKCS12_C */
-#if defined(MBEDTLS_PKCS5_C)
-    if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 )
-    {
-        if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
-                                  p, len, buf ) ) != 0 )
-        {
-            if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH )
-                return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
-
-            return( ret );
-        }
-
-        decrypted = 1;
-    }
-    else
-#endif /* MBEDTLS_PKCS5_C */
-    {
-        ((void) pwd);
-    }
-
-    if( decrypted == 0 )
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-
-    return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
-}
-#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
-
-/*
- * Parse a private key
- */
-int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
-                  const unsigned char *key, size_t keylen,
-                  const unsigned char *pwd, size_t pwdlen )
-{
-    int ret;
-    const mbedtls_pk_info_t *pk_info;
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-    size_t len;
-    mbedtls_pem_context pem;
-
-    mbedtls_pem_init( &pem );
-
-#if defined(MBEDTLS_RSA_C)
-    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( keylen == 0 || key[keylen - 1] != '\0' )
-        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN RSA PRIVATE KEY-----",
-                               "-----END RSA PRIVATE KEY-----",
-                               key, pwd, pwdlen, &len );
-
-    if( ret == 0 )
-    {
-        pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
-        if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
-            ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
-                                            pem.buf, pem.buflen ) ) != 0 )
-        {
-            mbedtls_pk_free( pk );
-        }
-
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-    else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
-        return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
-    else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
-        return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-        return( ret );
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( keylen == 0 || key[keylen - 1] != '\0' )
-        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN EC PRIVATE KEY-----",
-                               "-----END EC PRIVATE KEY-----",
-                               key, pwd, pwdlen, &len );
-    if( ret == 0 )
-    {
-        pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
-
-        if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
-            ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
-                                           pem.buf, pem.buflen ) ) != 0 )
-        {
-            mbedtls_pk_free( pk );
-        }
-
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-    else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
-        return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
-    else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
-        return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-        return( ret );
-#endif /* MBEDTLS_ECP_C */
-
-    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( keylen == 0 || key[keylen - 1] != '\0' )
-        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN PRIVATE KEY-----",
-                               "-----END PRIVATE KEY-----",
-                               key, NULL, 0, &len );
-    if( ret == 0 )
-    {
-        if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
-                                                pem.buf, pem.buflen ) ) != 0 )
-        {
-            mbedtls_pk_free( pk );
-        }
-
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-        return( ret );
-
-#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
-    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( keylen == 0 || key[keylen - 1] != '\0' )
-        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN ENCRYPTED PRIVATE KEY-----",
-                               "-----END ENCRYPTED PRIVATE KEY-----",
-                               key, NULL, 0, &len );
-    if( ret == 0 )
-    {
-        if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
-                                                      pem.buf, pem.buflen,
-                                                      pwd, pwdlen ) ) != 0 )
-        {
-            mbedtls_pk_free( pk );
-        }
-
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-        return( ret );
-#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
-#else
-    ((void) ret);
-    ((void) pwd);
-    ((void) pwdlen);
-#endif /* MBEDTLS_PEM_PARSE_C */
-
-    /*
-     * At this point we only know it's not a PEM formatted key. Could be any
-     * of the known DER encoded private key formats
-     *
-     * We try the different DER format parsers to see if one passes without
-     * error
-     */
-#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
-    {
-        unsigned char *key_copy;
-
-        if( keylen == 0 )
-            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-
-        if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
-            return( MBEDTLS_ERR_PK_ALLOC_FAILED );
-
-        memcpy( key_copy, key, keylen );
-
-        ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
-                                                pwd, pwdlen );
-
-        mbedtls_zeroize( key_copy, keylen );
-        mbedtls_free( key_copy );
-    }
-
-    if( ret == 0 )
-        return( 0 );
-
-    mbedtls_pk_free( pk );
-
-    if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
-    {
-        return( ret );
-    }
-#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
-
-    if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
-        return( 0 );
-
-    mbedtls_pk_free( pk );
-
-#if defined(MBEDTLS_RSA_C)
-
-    pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
-    if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
-        ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
-                                        key, keylen ) ) != 0 )
-    {
-        mbedtls_pk_free( pk );
-    }
-    else
-    {
-        return( 0 );
-    }
-
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-
-    pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
-    if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
-        ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
-                                       key, keylen ) ) != 0 )
-    {
-        mbedtls_pk_free( pk );
-    }
-    else
-    {
-        return( 0 );
-    }
-
-#endif /* MBEDTLS_ECP_C */
-
-    return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-}
-
-/*
- * Parse a public key
- */
-int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
-                         const unsigned char *key, size_t keylen )
-{
-    int ret;
-    unsigned char *p;
-#if defined(MBEDTLS_RSA_C)
-    const mbedtls_pk_info_t *pk_info;
-#endif
-#if defined(MBEDTLS_PEM_PARSE_C)
-    size_t len;
-    mbedtls_pem_context pem;
-
-    mbedtls_pem_init( &pem );
-#if defined(MBEDTLS_RSA_C)
-    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( keylen == 0 || key[keylen - 1] != '\0' )
-        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN RSA PUBLIC KEY-----",
-                               "-----END RSA PUBLIC KEY-----",
-                               key, NULL, 0, &len );
-
-    if( ret == 0 )
-    {
-        p = pem.buf;
-        if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
-            return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
-
-        if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
-            return( ret );
-
-        if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 )
-            mbedtls_pk_free( ctx );
-
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-    {
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-#endif /* MBEDTLS_RSA_C */
-
-    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( keylen == 0 || key[keylen - 1] != '\0' )
-        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                "-----BEGIN PUBLIC KEY-----",
-                "-----END PUBLIC KEY-----",
-                key, NULL, 0, &len );
-
-    if( ret == 0 )
-    {
-        /*
-         * Was PEM encoded
-         */
-        p = pem.buf;
-
-        ret = mbedtls_pk_parse_subpubkey( &p,  p + pem.buflen, ctx );
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-    {
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-    mbedtls_pem_free( &pem );
-#endif /* MBEDTLS_PEM_PARSE_C */
-
-#if defined(MBEDTLS_RSA_C)
-    if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
-        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
-
-    if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
-        return( ret );
-
-    p = (unsigned char *)key;
-    ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) );
-    if( ret == 0 )
-    {
-        return( ret );
-    }
-    mbedtls_pk_free( ctx );
-    if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
-    {
-        return( ret );
-    }
-#endif /* MBEDTLS_RSA_C */
-    p = (unsigned char *) key;
-
-    ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_PK_PARSE_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/pkwrite.c b/components/ssl/mbedtls/mbedtls/library/pkwrite.c
deleted file mode 100644
index 8eabd889..00000000
--- a/components/ssl/mbedtls/mbedtls/library/pkwrite.c
+++ /dev/null
@@ -1,515 +0,0 @@
-/*
- *  Public Key layer for writing key files and structures
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PK_WRITE_C)
-
-#include "mbedtls/pk.h"
-#include "mbedtls/asn1write.h"
-#include "mbedtls/oid.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
-#endif
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
-#endif
-#if defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdsa.h"
-#endif
-#if defined(MBEDTLS_PEM_WRITE_C)
-#include "mbedtls/pem.h"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc    calloc
-#define mbedtls_free       free
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-/*
- *  RSAPublicKey ::= SEQUENCE {
- *      modulus           INTEGER,  -- n
- *      publicExponent    INTEGER   -- e
- *  }
- */
-static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start,
-                                mbedtls_rsa_context *rsa )
-{
-    int ret;
-    size_t len = 0;
-    mbedtls_mpi T;
-
-    mbedtls_mpi_init( &T );
-
-    /* Export E */
-    if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 ||
-         ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )
-        goto end_of_export;
-    len += ret;
-
-    /* Export N */
-    if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 ||
-         ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )
-        goto end_of_export;
-    len += ret;
-
-end_of_export:
-
-    mbedtls_mpi_free( &T );
-    if( ret < 0 )
-        return( ret );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
-                                                 MBEDTLS_ASN1_SEQUENCE ) );
-
-    return( (int) len );
-}
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/*
- * EC public key is an EC point
- */
-static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
-                               mbedtls_ecp_keypair *ec )
-{
-    int ret;
-    size_t len = 0;
-    unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
-
-    if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q,
-                                        MBEDTLS_ECP_PF_UNCOMPRESSED,
-                                        &len, buf, sizeof( buf ) ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( *p < start || (size_t)( *p - start ) < len )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    *p -= len;
-    memcpy( *p, buf, len );
-
-    return( (int) len );
-}
-
-/*
- * ECParameters ::= CHOICE {
- *   namedCurve         OBJECT IDENTIFIER
- * }
- */
-static int pk_write_ec_param( unsigned char **p, unsigned char *start,
-                              mbedtls_ecp_keypair *ec )
-{
-    int ret;
-    size_t len = 0;
-    const char *oid;
-    size_t oid_len;
-
-    if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 )
-        return( ret );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
-
-    return( (int) len );
-}
-#endif /* MBEDTLS_ECP_C */
-
-int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
-                             const mbedtls_pk_context *key )
-{
-    int ret;
-    size_t len = 0;
-
-#if defined(MBEDTLS_RSA_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
-        MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) );
-    else
-#endif
-#if defined(MBEDTLS_ECP_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
-        MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, mbedtls_pk_ec( *key ) ) );
-    else
-#endif
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-
-    return( (int) len );
-}
-
-int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
-{
-    int ret;
-    unsigned char *c;
-    size_t len = 0, par_len = 0, oid_len;
-    const char *oid;
-
-    c = buf + size;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) );
-
-    if( c - buf < 1 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    /*
-     *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
-     *       algorithm            AlgorithmIdentifier,
-     *       subjectPublicKey     BIT STRING }
-     */
-    *--c = 0;
-    len += 1;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
-
-    if( ( ret = mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_get_type( key ),
-                                       &oid, &oid_len ) ) != 0 )
-    {
-        return( ret );
-    }
-
-#if defined(MBEDTLS_ECP_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
-    {
-        MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, mbedtls_pk_ec( *key ) ) );
-    }
-#endif
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len,
-                                                        par_len ) );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                MBEDTLS_ASN1_SEQUENCE ) );
-
-    return( (int) len );
-}
-
-int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
-{
-    int ret;
-    unsigned char *c = buf + size;
-    size_t len = 0;
-
-#if defined(MBEDTLS_RSA_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
-    {
-        mbedtls_mpi T; /* Temporary holding the exported parameters */
-        mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *key );
-
-        /*
-         * Export the parameters one after another to avoid simultaneous copies.
-         */
-
-        mbedtls_mpi_init( &T );
-
-        /* Export QP */
-        if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, NULL, &T ) ) != 0 ||
-            ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
-            goto end_of_export;
-        len += ret;
-
-        /* Export DQ */
-        if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, &T, NULL ) ) != 0 ||
-            ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
-            goto end_of_export;
-        len += ret;
-
-        /* Export DP */
-        if( ( ret = mbedtls_rsa_export_crt( rsa, &T, NULL, NULL ) ) != 0 ||
-            ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
-            goto end_of_export;
-        len += ret;
-
-        /* Export Q */
-        if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
-                                         &T, NULL, NULL ) ) != 0 ||
-             ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
-            goto end_of_export;
-        len += ret;
-
-        /* Export P */
-        if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T,
-                                         NULL, NULL, NULL ) ) != 0 ||
-             ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
-            goto end_of_export;
-        len += ret;
-
-        /* Export D */
-        if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
-                                         NULL, &T, NULL ) ) != 0 ||
-             ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
-            goto end_of_export;
-        len += ret;
-
-        /* Export E */
-        if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
-                                         NULL, NULL, &T ) ) != 0 ||
-             ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
-            goto end_of_export;
-        len += ret;
-
-        /* Export N */
-        if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL,
-                                         NULL, NULL, NULL ) ) != 0 ||
-             ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
-            goto end_of_export;
-        len += ret;
-
-    end_of_export:
-
-        mbedtls_mpi_free( &T );
-        if( ret < 0 )
-            return( ret );
-
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c,
-                                               buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                               MBEDTLS_ASN1_SEQUENCE ) );
-    }
-    else
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
-    {
-        mbedtls_ecp_keypair *ec = mbedtls_pk_ec( *key );
-        size_t pub_len = 0, par_len = 0;
-
-        /*
-         * RFC 5915, or SEC1 Appendix C.4
-         *
-         * ECPrivateKey ::= SEQUENCE {
-         *      version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
-         *      privateKey     OCTET STRING,
-         *      parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
-         *      publicKey  [1] BIT STRING OPTIONAL
-         *    }
-         */
-
-        /* publicKey */
-        MBEDTLS_ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, ec ) );
-
-        if( c - buf < 1 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-        *--c = 0;
-        pub_len += 1;
-
-        MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );
-        MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
-
-        MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );
-        MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf,
-                            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) );
-        len += pub_len;
-
-        /* parameters */
-        MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, ec ) );
-
-        MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_len( &c, buf, par_len ) );
-        MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_tag( &c, buf,
-                            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
-        len += par_len;
-
-        /* privateKey: write as MPI then fix tag */
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &ec->d ) );
-        *c = MBEDTLS_ASN1_OCTET_STRING;
-
-        /* version */
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 1 ) );
-
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                    MBEDTLS_ASN1_SEQUENCE ) );
-    }
-    else
-#endif /* MBEDTLS_ECP_C */
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-
-    return( (int) len );
-}
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-
-#define PEM_BEGIN_PUBLIC_KEY    "-----BEGIN PUBLIC KEY-----\n"
-#define PEM_END_PUBLIC_KEY      "-----END PUBLIC KEY-----\n"
-
-#define PEM_BEGIN_PRIVATE_KEY_RSA   "-----BEGIN RSA PRIVATE KEY-----\n"
-#define PEM_END_PRIVATE_KEY_RSA     "-----END RSA PRIVATE KEY-----\n"
-#define PEM_BEGIN_PRIVATE_KEY_EC    "-----BEGIN EC PRIVATE KEY-----\n"
-#define PEM_END_PRIVATE_KEY_EC      "-----END EC PRIVATE KEY-----\n"
-
-/*
- * Max sizes of key per types. Shown as tag + len (+ content).
- */
-
-#if defined(MBEDTLS_RSA_C)
-/*
- * RSA public keys:
- *  SubjectPublicKeyInfo  ::=  SEQUENCE  {          1 + 3
- *       algorithm            AlgorithmIdentifier,  1 + 1 (sequence)
- *                                                + 1 + 1 + 9 (rsa oid)
- *                                                + 1 + 1 (params null)
- *       subjectPublicKey     BIT STRING }          1 + 3 + (1 + below)
- *  RSAPublicKey ::= SEQUENCE {                     1 + 3
- *      modulus           INTEGER,  -- n            1 + 3 + MPI_MAX + 1
- *      publicExponent    INTEGER   -- e            1 + 3 + MPI_MAX + 1
- *  }
- */
-#define RSA_PUB_DER_MAX_BYTES   38 + 2 * MBEDTLS_MPI_MAX_SIZE
-
-/*
- * RSA private keys:
- *  RSAPrivateKey ::= SEQUENCE {                    1 + 3
- *      version           Version,                  1 + 1 + 1
- *      modulus           INTEGER,                  1 + 3 + MPI_MAX + 1
- *      publicExponent    INTEGER,                  1 + 3 + MPI_MAX + 1
- *      privateExponent   INTEGER,                  1 + 3 + MPI_MAX + 1
- *      prime1            INTEGER,                  1 + 3 + MPI_MAX / 2 + 1
- *      prime2            INTEGER,                  1 + 3 + MPI_MAX / 2 + 1
- *      exponent1         INTEGER,                  1 + 3 + MPI_MAX / 2 + 1
- *      exponent2         INTEGER,                  1 + 3 + MPI_MAX / 2 + 1
- *      coefficient       INTEGER,                  1 + 3 + MPI_MAX / 2 + 1
- *      otherPrimeInfos   OtherPrimeInfos OPTIONAL  0 (not supported)
- *  }
- */
-#define MPI_MAX_SIZE_2          MBEDTLS_MPI_MAX_SIZE / 2 + \
-                                MBEDTLS_MPI_MAX_SIZE % 2
-#define RSA_PRV_DER_MAX_BYTES   47 + 3 * MBEDTLS_MPI_MAX_SIZE \
-                                   + 5 * MPI_MAX_SIZE_2
-
-#else /* MBEDTLS_RSA_C */
-
-#define RSA_PUB_DER_MAX_BYTES   0
-#define RSA_PRV_DER_MAX_BYTES   0
-
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/*
- * EC public keys:
- *  SubjectPublicKeyInfo  ::=  SEQUENCE  {      1 + 2
- *    algorithm         AlgorithmIdentifier,    1 + 1 (sequence)
- *                                            + 1 + 1 + 7 (ec oid)
- *                                            + 1 + 1 + 9 (namedCurve oid)
- *    subjectPublicKey  BIT STRING              1 + 2 + 1               [1]
- *                                            + 1 (point format)        [1]
- *                                            + 2 * ECP_MAX (coords)    [1]
- *  }
- */
-#define ECP_PUB_DER_MAX_BYTES   30 + 2 * MBEDTLS_ECP_MAX_BYTES
-
-/*
- * EC private keys:
- * ECPrivateKey ::= SEQUENCE {                  1 + 2
- *      version        INTEGER ,                1 + 1 + 1
- *      privateKey     OCTET STRING,            1 + 1 + ECP_MAX
- *      parameters [0] ECParameters OPTIONAL,   1 + 1 + (1 + 1 + 9)
- *      publicKey  [1] BIT STRING OPTIONAL      1 + 2 + [1] above
- *    }
- */
-#define ECP_PRV_DER_MAX_BYTES   29 + 3 * MBEDTLS_ECP_MAX_BYTES
-
-#else /* MBEDTLS_ECP_C */
-
-#define ECP_PUB_DER_MAX_BYTES   0
-#define ECP_PRV_DER_MAX_BYTES   0
-
-#endif /* MBEDTLS_ECP_C */
-
-#define PUB_DER_MAX_BYTES   RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \
-                            RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES
-#define PRV_DER_MAX_BYTES   RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \
-                            RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES
-
-int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
-{
-    int ret;
-    unsigned char output_buf[PUB_DER_MAX_BYTES];
-    size_t olen = 0;
-
-    if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf,
-                                     sizeof(output_buf) ) ) < 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
-                                  output_buf + sizeof(output_buf) - ret,
-                                  ret, buf, size, &olen ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    return( 0 );
-}
-
-int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
-{
-    int ret;
-    unsigned char output_buf[PRV_DER_MAX_BYTES];
-    const char *begin, *end;
-    size_t olen = 0;
-
-    if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 )
-        return( ret );
-
-#if defined(MBEDTLS_RSA_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
-    {
-        begin = PEM_BEGIN_PRIVATE_KEY_RSA;
-        end = PEM_END_PRIVATE_KEY_RSA;
-    }
-    else
-#endif
-#if defined(MBEDTLS_ECP_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
-    {
-        begin = PEM_BEGIN_PRIVATE_KEY_EC;
-        end = PEM_END_PRIVATE_KEY_EC;
-    }
-    else
-#endif
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-
-    if( ( ret = mbedtls_pem_write_buffer( begin, end,
-                                  output_buf + sizeof(output_buf) - ret,
-                                  ret, buf, size, &olen ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_PEM_WRITE_C */
-
-#endif /* MBEDTLS_PK_WRITE_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/platform.c b/components/ssl/mbedtls/mbedtls/library/platform.c
deleted file mode 100644
index a295f9b9..00000000
--- a/components/ssl/mbedtls/mbedtls/library/platform.c
+++ /dev/null
@@ -1,336 +0,0 @@
-/*
- *  Platform abstraction layer
- *
- *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED) && \
-    !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-#endif
-
-#if defined(MBEDTLS_PLATFORM_MEMORY)
-#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
-static void *platform_calloc_uninit( size_t n, size_t size )
-{
-    ((void) n);
-    ((void) size);
-    return( NULL );
-}
-
-#define MBEDTLS_PLATFORM_STD_CALLOC   platform_calloc_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_CALLOC */
-
-#if !defined(MBEDTLS_PLATFORM_STD_FREE)
-static void platform_free_uninit( void *ptr )
-{
-    ((void) ptr);
-}
-
-#define MBEDTLS_PLATFORM_STD_FREE     platform_free_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_FREE */
-
-void * (*mbedtls_calloc)( size_t, size_t ) = MBEDTLS_PLATFORM_STD_CALLOC;
-void (*mbedtls_free)( void * )     = MBEDTLS_PLATFORM_STD_FREE;
-
-int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
-                              void (*free_func)( void * ) )
-{
-    mbedtls_calloc = calloc_func;
-    mbedtls_free = free_func;
-    return( 0 );
-}
-#endif /* MBEDTLS_PLATFORM_MEMORY */
-
-#if defined(_WIN32)
-#include <stdarg.h>
-int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... )
-{
-    int ret;
-    va_list argp;
-
-    /* Avoid calling the invalid parameter handler by checking ourselves */
-    if( s == NULL || n == 0 || fmt == NULL )
-        return( -1 );
-
-    va_start( argp, fmt );
-#if defined(_TRUNCATE) && !defined(__MINGW32__)
-    ret = _vsnprintf_s( s, n, _TRUNCATE, fmt, argp );
-#else
-    ret = _vsnprintf( s, n, fmt, argp );
-    if( ret < 0 || (size_t) ret == n )
-    {
-        s[n-1] = '\0';
-        ret = -1;
-    }
-#endif
-    va_end( argp );
-
-    return( ret );
-}
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
-/*
- * Make dummy function to prevent NULL pointer dereferences
- */
-static int platform_snprintf_uninit( char * s, size_t n,
-                                     const char * format, ... )
-{
-    ((void) s);
-    ((void) n);
-    ((void) format);
-    return( 0 );
-}
-
-#define MBEDTLS_PLATFORM_STD_SNPRINTF    platform_snprintf_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_SNPRINTF */
-
-int (*mbedtls_snprintf)( char * s, size_t n,
-                          const char * format,
-                          ... ) = MBEDTLS_PLATFORM_STD_SNPRINTF;
-
-int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
-                                                 const char * format,
-                                                 ... ) )
-{
-    mbedtls_snprintf = snprintf_func;
-    return( 0 );
-}
-#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
-
-#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
-/*
- * Make dummy function to prevent NULL pointer dereferences
- */
-static int platform_printf_uninit( const char *format, ... )
-{
-    ((void) format);
-    return( 0 );
-}
-
-#define MBEDTLS_PLATFORM_STD_PRINTF    platform_printf_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_PRINTF */
-
-int (*mbedtls_printf)( const char *, ... ) = MBEDTLS_PLATFORM_STD_PRINTF;
-
-int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) )
-{
-    mbedtls_printf = printf_func;
-    return( 0 );
-}
-#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
-
-#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
-#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
-/*
- * Make dummy function to prevent NULL pointer dereferences
- */
-static int platform_fprintf_uninit( FILE *stream, const char *format, ... )
-{
-    ((void) stream);
-    ((void) format);
-    return( 0 );
-}
-
-#define MBEDTLS_PLATFORM_STD_FPRINTF   platform_fprintf_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_FPRINTF */
-
-int (*mbedtls_fprintf)( FILE *, const char *, ... ) =
-                                        MBEDTLS_PLATFORM_STD_FPRINTF;
-
-int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *, const char *, ... ) )
-{
-    mbedtls_fprintf = fprintf_func;
-    return( 0 );
-}
-#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
-
-#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
-/*
- * Make dummy function to prevent NULL pointer dereferences
- */
-static void platform_exit_uninit( int status )
-{
-    ((void) status);
-}
-
-#define MBEDTLS_PLATFORM_STD_EXIT   platform_exit_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_EXIT */
-
-void (*mbedtls_exit)( int status ) = MBEDTLS_PLATFORM_STD_EXIT;
-
-int mbedtls_platform_set_exit( void (*exit_func)( int status ) )
-{
-    mbedtls_exit = exit_func;
-    return( 0 );
-}
-#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
-
-#if defined(MBEDTLS_HAVE_TIME)
-
-#if defined(MBEDTLS_PLATFORM_TIME_ALT)
-#if !defined(MBEDTLS_PLATFORM_STD_TIME)
-/*
- * Make dummy function to prevent NULL pointer dereferences
- */
-static mbedtls_time_t platform_time_uninit( mbedtls_time_t* timer )
-{
-    ((void) timer);
-    return( 0 );
-}
-
-#define MBEDTLS_PLATFORM_STD_TIME   platform_time_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_TIME */
-
-mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* timer ) = MBEDTLS_PLATFORM_STD_TIME;
-
-int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* timer ) )
-{
-    mbedtls_time = time_func;
-    return( 0 );
-}
-#endif /* MBEDTLS_PLATFORM_TIME_ALT */
-
-#endif /* MBEDTLS_HAVE_TIME */
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
-/* Default implementations for the platform independent seed functions use
- * standard libc file functions to read from and write to a pre-defined filename
- */
-int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len )
-{
-    FILE *file;
-    size_t n;
-
-    if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL )
-        return( -1 );
-
-    if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len )
-    {
-        fclose( file );
-        mbedtls_zeroize( buf, buf_len );
-        return( -1 );
-    }
-
-    fclose( file );
-    return( (int)n );
-}
-
-int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len )
-{
-    FILE *file;
-    size_t n;
-
-    if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL )
-        return -1;
-
-    if( ( n = fwrite( buf, 1, buf_len, file ) ) != buf_len )
-    {
-        fclose( file );
-        return -1;
-    }
-
-    fclose( file );
-    return( (int)n );
-}
-#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
-/*
- * Make dummy function to prevent NULL pointer dereferences
- */
-static int platform_nv_seed_read_uninit( unsigned char *buf, size_t buf_len )
-{
-    ((void) buf);
-    ((void) buf_len);
-    return( -1 );
-}
-
-#define MBEDTLS_PLATFORM_STD_NV_SEED_READ   platform_nv_seed_read_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_NV_SEED_READ */
-
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
-/*
- * Make dummy function to prevent NULL pointer dereferences
- */
-static int platform_nv_seed_write_uninit( unsigned char *buf, size_t buf_len )
-{
-    ((void) buf);
-    ((void) buf_len);
-    return( -1 );
-}
-
-#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE   platform_nv_seed_write_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_NV_SEED_WRITE */
-
-int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) =
-            MBEDTLS_PLATFORM_STD_NV_SEED_READ;
-int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ) =
-            MBEDTLS_PLATFORM_STD_NV_SEED_WRITE;
-
-int mbedtls_platform_set_nv_seed(
-        int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
-        int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len ) )
-{
-    mbedtls_nv_seed_read = nv_seed_read_func;
-    mbedtls_nv_seed_write = nv_seed_write_func;
-    return( 0 );
-}
-#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-
-#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
-/*
- * Placeholder platform setup that does nothing by default
- */
-int mbedtls_platform_setup( mbedtls_platform_context *ctx )
-{
-    (void)ctx;
-
-    return( 0 );
-}
-
-/*
- * Placeholder platform teardown that does nothing by default
- */
-void mbedtls_platform_teardown( mbedtls_platform_context *ctx )
-{
-    (void)ctx;
-}
-#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
-
-#endif /* MBEDTLS_PLATFORM_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/ripemd160.c b/components/ssl/mbedtls/mbedtls/library/ripemd160.c
deleted file mode 100644
index 2ba48b7f..00000000
--- a/components/ssl/mbedtls/mbedtls/library/ripemd160.c
+++ /dev/null
@@ -1,556 +0,0 @@
-/*
- *  RIPE MD-160 implementation
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- *  The RIPEMD-160 algorithm was designed by RIPE in 1996
- *  http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html
- *  http://ehash.iaik.tugraz.at/wiki/RIPEMD-160
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
-
-#include "mbedtls/ripemd160.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#if !defined(MBEDTLS_RIPEMD160_ALT)
-
-/*
- * 32-bit integer manipulation macros (little endian)
- */
-#ifndef GET_UINT32_LE
-#define GET_UINT32_LE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ]       )             \
-        | ( (uint32_t) (b)[(i) + 1] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 2] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 3] << 24 );            \
-}
-#endif
-
-#ifndef PUT_UINT32_LE
-#define PUT_UINT32_LE(n,b,i)                                    \
-{                                                               \
-    (b)[(i)    ] = (unsigned char) ( ( (n)       ) & 0xFF );    \
-    (b)[(i) + 1] = (unsigned char) ( ( (n) >>  8 ) & 0xFF );    \
-    (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF );    \
-    (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF );    \
-}
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) );
-}
-
-void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) );
-}
-
-void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
-                        const mbedtls_ripemd160_context *src )
-{
-    *dst = *src;
-}
-
-/*
- * RIPEMD-160 context setup
- */
-int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx )
-{
-    ctx->total[0] = 0;
-    ctx->total[1] = 0;
-
-    ctx->state[0] = 0x67452301;
-    ctx->state[1] = 0xEFCDAB89;
-    ctx->state[2] = 0x98BADCFE;
-    ctx->state[3] = 0x10325476;
-    ctx->state[4] = 0xC3D2E1F0;
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx )
-{
-    mbedtls_ripemd160_starts_ret( ctx );
-}
-#endif
-
-#if !defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
-/*
- * Process one block
- */
-int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
-                                        const unsigned char data[64] )
-{
-    uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
-
-    GET_UINT32_LE( X[ 0], data,  0 );
-    GET_UINT32_LE( X[ 1], data,  4 );
-    GET_UINT32_LE( X[ 2], data,  8 );
-    GET_UINT32_LE( X[ 3], data, 12 );
-    GET_UINT32_LE( X[ 4], data, 16 );
-    GET_UINT32_LE( X[ 5], data, 20 );
-    GET_UINT32_LE( X[ 6], data, 24 );
-    GET_UINT32_LE( X[ 7], data, 28 );
-    GET_UINT32_LE( X[ 8], data, 32 );
-    GET_UINT32_LE( X[ 9], data, 36 );
-    GET_UINT32_LE( X[10], data, 40 );
-    GET_UINT32_LE( X[11], data, 44 );
-    GET_UINT32_LE( X[12], data, 48 );
-    GET_UINT32_LE( X[13], data, 52 );
-    GET_UINT32_LE( X[14], data, 56 );
-    GET_UINT32_LE( X[15], data, 60 );
-
-    A = Ap = ctx->state[0];
-    B = Bp = ctx->state[1];
-    C = Cp = ctx->state[2];
-    D = Dp = ctx->state[3];
-    E = Ep = ctx->state[4];
-
-#define F1( x, y, z )   ( x ^ y ^ z )
-#define F2( x, y, z )   ( ( x & y ) | ( ~x & z ) )
-#define F3( x, y, z )   ( ( x | ~y ) ^ z )
-#define F4( x, y, z )   ( ( x & z ) | ( y & ~z ) )
-#define F5( x, y, z )   ( x ^ ( y | ~z ) )
-
-#define S( x, n ) ( ( x << n ) | ( x >> (32 - n) ) )
-
-#define P( a, b, c, d, e, r, s, f, k )      \
-    a += f( b, c, d ) + X[r] + k;           \
-    a = S( a, s ) + e;                      \
-    c = S( c, 10 );
-
-#define P2( a, b, c, d, e, r, s, rp, sp )   \
-    P( a, b, c, d, e, r, s, F, K );         \
-    P( a ## p, b ## p, c ## p, d ## p, e ## p, rp, sp, Fp, Kp );
-
-#define F   F1
-#define K   0x00000000
-#define Fp  F5
-#define Kp  0x50A28BE6
-    P2( A, B, C, D, E,  0, 11,  5,  8 );
-    P2( E, A, B, C, D,  1, 14, 14,  9 );
-    P2( D, E, A, B, C,  2, 15,  7,  9 );
-    P2( C, D, E, A, B,  3, 12,  0, 11 );
-    P2( B, C, D, E, A,  4,  5,  9, 13 );
-    P2( A, B, C, D, E,  5,  8,  2, 15 );
-    P2( E, A, B, C, D,  6,  7, 11, 15 );
-    P2( D, E, A, B, C,  7,  9,  4,  5 );
-    P2( C, D, E, A, B,  8, 11, 13,  7 );
-    P2( B, C, D, E, A,  9, 13,  6,  7 );
-    P2( A, B, C, D, E, 10, 14, 15,  8 );
-    P2( E, A, B, C, D, 11, 15,  8, 11 );
-    P2( D, E, A, B, C, 12,  6,  1, 14 );
-    P2( C, D, E, A, B, 13,  7, 10, 14 );
-    P2( B, C, D, E, A, 14,  9,  3, 12 );
-    P2( A, B, C, D, E, 15,  8, 12,  6 );
-#undef F
-#undef K
-#undef Fp
-#undef Kp
-
-#define F   F2
-#define K   0x5A827999
-#define Fp  F4
-#define Kp  0x5C4DD124
-    P2( E, A, B, C, D,  7,  7,  6,  9 );
-    P2( D, E, A, B, C,  4,  6, 11, 13 );
-    P2( C, D, E, A, B, 13,  8,  3, 15 );
-    P2( B, C, D, E, A,  1, 13,  7,  7 );
-    P2( A, B, C, D, E, 10, 11,  0, 12 );
-    P2( E, A, B, C, D,  6,  9, 13,  8 );
-    P2( D, E, A, B, C, 15,  7,  5,  9 );
-    P2( C, D, E, A, B,  3, 15, 10, 11 );
-    P2( B, C, D, E, A, 12,  7, 14,  7 );
-    P2( A, B, C, D, E,  0, 12, 15,  7 );
-    P2( E, A, B, C, D,  9, 15,  8, 12 );
-    P2( D, E, A, B, C,  5,  9, 12,  7 );
-    P2( C, D, E, A, B,  2, 11,  4,  6 );
-    P2( B, C, D, E, A, 14,  7,  9, 15 );
-    P2( A, B, C, D, E, 11, 13,  1, 13 );
-    P2( E, A, B, C, D,  8, 12,  2, 11 );
-#undef F
-#undef K
-#undef Fp
-#undef Kp
-
-#define F   F3
-#define K   0x6ED9EBA1
-#define Fp  F3
-#define Kp  0x6D703EF3
-    P2( D, E, A, B, C,  3, 11, 15,  9 );
-    P2( C, D, E, A, B, 10, 13,  5,  7 );
-    P2( B, C, D, E, A, 14,  6,  1, 15 );
-    P2( A, B, C, D, E,  4,  7,  3, 11 );
-    P2( E, A, B, C, D,  9, 14,  7,  8 );
-    P2( D, E, A, B, C, 15,  9, 14,  6 );
-    P2( C, D, E, A, B,  8, 13,  6,  6 );
-    P2( B, C, D, E, A,  1, 15,  9, 14 );
-    P2( A, B, C, D, E,  2, 14, 11, 12 );
-    P2( E, A, B, C, D,  7,  8,  8, 13 );
-    P2( D, E, A, B, C,  0, 13, 12,  5 );
-    P2( C, D, E, A, B,  6,  6,  2, 14 );
-    P2( B, C, D, E, A, 13,  5, 10, 13 );
-    P2( A, B, C, D, E, 11, 12,  0, 13 );
-    P2( E, A, B, C, D,  5,  7,  4,  7 );
-    P2( D, E, A, B, C, 12,  5, 13,  5 );
-#undef F
-#undef K
-#undef Fp
-#undef Kp
-
-#define F   F4
-#define K   0x8F1BBCDC
-#define Fp  F2
-#define Kp  0x7A6D76E9
-    P2( C, D, E, A, B,  1, 11,  8, 15 );
-    P2( B, C, D, E, A,  9, 12,  6,  5 );
-    P2( A, B, C, D, E, 11, 14,  4,  8 );
-    P2( E, A, B, C, D, 10, 15,  1, 11 );
-    P2( D, E, A, B, C,  0, 14,  3, 14 );
-    P2( C, D, E, A, B,  8, 15, 11, 14 );
-    P2( B, C, D, E, A, 12,  9, 15,  6 );
-    P2( A, B, C, D, E,  4,  8,  0, 14 );
-    P2( E, A, B, C, D, 13,  9,  5,  6 );
-    P2( D, E, A, B, C,  3, 14, 12,  9 );
-    P2( C, D, E, A, B,  7,  5,  2, 12 );
-    P2( B, C, D, E, A, 15,  6, 13,  9 );
-    P2( A, B, C, D, E, 14,  8,  9, 12 );
-    P2( E, A, B, C, D,  5,  6,  7,  5 );
-    P2( D, E, A, B, C,  6,  5, 10, 15 );
-    P2( C, D, E, A, B,  2, 12, 14,  8 );
-#undef F
-#undef K
-#undef Fp
-#undef Kp
-
-#define F   F5
-#define K   0xA953FD4E
-#define Fp  F1
-#define Kp  0x00000000
-    P2( B, C, D, E, A,  4,  9, 12,  8 );
-    P2( A, B, C, D, E,  0, 15, 15,  5 );
-    P2( E, A, B, C, D,  5,  5, 10, 12 );
-    P2( D, E, A, B, C,  9, 11,  4,  9 );
-    P2( C, D, E, A, B,  7,  6,  1, 12 );
-    P2( B, C, D, E, A, 12,  8,  5,  5 );
-    P2( A, B, C, D, E,  2, 13,  8, 14 );
-    P2( E, A, B, C, D, 10, 12,  7,  6 );
-    P2( D, E, A, B, C, 14,  5,  6,  8 );
-    P2( C, D, E, A, B,  1, 12,  2, 13 );
-    P2( B, C, D, E, A,  3, 13, 13,  6 );
-    P2( A, B, C, D, E,  8, 14, 14,  5 );
-    P2( E, A, B, C, D, 11, 11,  0, 15 );
-    P2( D, E, A, B, C,  6,  8,  3, 13 );
-    P2( C, D, E, A, B, 15,  5,  9, 11 );
-    P2( B, C, D, E, A, 13,  6, 11, 11 );
-#undef F
-#undef K
-#undef Fp
-#undef Kp
-
-    C             = ctx->state[1] + C + Dp;
-    ctx->state[1] = ctx->state[2] + D + Ep;
-    ctx->state[2] = ctx->state[3] + E + Ap;
-    ctx->state[3] = ctx->state[4] + A + Bp;
-    ctx->state[4] = ctx->state[0] + B + Cp;
-    ctx->state[0] = C;
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx,
-                                const unsigned char data[64] )
-{
-    mbedtls_internal_ripemd160_process( ctx, data );
-}
-#endif
-#endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */
-
-/*
- * RIPEMD-160 process buffer
- */
-int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx,
-                                  const unsigned char *input,
-                                  size_t ilen )
-{
-    int ret;
-    size_t fill;
-    uint32_t left;
-
-    if( ilen == 0 )
-        return( 0 );
-
-    left = ctx->total[0] & 0x3F;
-    fill = 64 - left;
-
-    ctx->total[0] += (uint32_t) ilen;
-    ctx->total[0] &= 0xFFFFFFFF;
-
-    if( ctx->total[0] < (uint32_t) ilen )
-        ctx->total[1]++;
-
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, fill );
-
-        if( ( ret = mbedtls_internal_ripemd160_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
-
-        input += fill;
-        ilen  -= fill;
-        left = 0;
-    }
-
-    while( ilen >= 64 )
-    {
-        if( ( ret = mbedtls_internal_ripemd160_process( ctx, input ) ) != 0 )
-            return( ret );
-
-        input += 64;
-        ilen  -= 64;
-    }
-
-    if( ilen > 0 )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, ilen );
-    }
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
-                               const unsigned char *input,
-                               size_t ilen )
-{
-    mbedtls_ripemd160_update_ret( ctx, input, ilen );
-}
-#endif
-
-static const unsigned char ripemd160_padding[64] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/*
- * RIPEMD-160 final digest
- */
-int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx,
-                                  unsigned char output[20] )
-{
-    int ret;
-    uint32_t last, padn;
-    uint32_t high, low;
-    unsigned char msglen[8];
-
-    high = ( ctx->total[0] >> 29 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
-
-    PUT_UINT32_LE( low,  msglen, 0 );
-    PUT_UINT32_LE( high, msglen, 4 );
-
-    last = ctx->total[0] & 0x3F;
-    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
-
-    ret = mbedtls_ripemd160_update_ret( ctx, ripemd160_padding, padn );
-    if( ret != 0 )
-        return( ret );
-
-    ret = mbedtls_ripemd160_update_ret( ctx, msglen, 8 );
-    if( ret != 0 )
-        return( ret );
-
-    PUT_UINT32_LE( ctx->state[0], output,  0 );
-    PUT_UINT32_LE( ctx->state[1], output,  4 );
-    PUT_UINT32_LE( ctx->state[2], output,  8 );
-    PUT_UINT32_LE( ctx->state[3], output, 12 );
-    PUT_UINT32_LE( ctx->state[4], output, 16 );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
-                               unsigned char output[20] )
-{
-    mbedtls_ripemd160_finish_ret( ctx, output );
-}
-#endif
-
-#endif /* ! MBEDTLS_RIPEMD160_ALT */
-
-/*
- * output = RIPEMD-160( input buffer )
- */
-int mbedtls_ripemd160_ret( const unsigned char *input,
-                           size_t ilen,
-                           unsigned char output[20] )
-{
-    int ret;
-    mbedtls_ripemd160_context ctx;
-
-    mbedtls_ripemd160_init( &ctx );
-
-    if( ( ret = mbedtls_ripemd160_starts_ret( &ctx ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_ripemd160_update_ret( &ctx, input, ilen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_ripemd160_finish_ret( &ctx, output ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_ripemd160_free( &ctx );
-
-    return( ret );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160( const unsigned char *input,
-                        size_t ilen,
-                        unsigned char output[20] )
-{
-    mbedtls_ripemd160_ret( input, ilen, output );
-}
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * Test vectors from the RIPEMD-160 paper and
- * http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html#HMAC
- */
-#define TESTS   8
-static const unsigned char ripemd160_test_str[TESTS][81] =
-{
-    { "" },
-    { "a" },
-    { "abc" },
-    { "message digest" },
-    { "abcdefghijklmnopqrstuvwxyz" },
-    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
-    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
-    { "12345678901234567890123456789012345678901234567890123456789012"
-      "345678901234567890" },
-};
-
-static const size_t ripemd160_test_strlen[TESTS] =
-{
-    0, 1, 3, 14, 26, 56, 62, 80
-};
-
-static const unsigned char ripemd160_test_md[TESTS][20] =
-{
-    { 0x9c, 0x11, 0x85, 0xa5, 0xc5, 0xe9, 0xfc, 0x54, 0x61, 0x28,
-      0x08, 0x97, 0x7e, 0xe8, 0xf5, 0x48, 0xb2, 0x25, 0x8d, 0x31 },
-    { 0x0b, 0xdc, 0x9d, 0x2d, 0x25, 0x6b, 0x3e, 0xe9, 0xda, 0xae,
-      0x34, 0x7b, 0xe6, 0xf4, 0xdc, 0x83, 0x5a, 0x46, 0x7f, 0xfe },
-    { 0x8e, 0xb2, 0x08, 0xf7, 0xe0, 0x5d, 0x98, 0x7a, 0x9b, 0x04,
-      0x4a, 0x8e, 0x98, 0xc6, 0xb0, 0x87, 0xf1, 0x5a, 0x0b, 0xfc },
-    { 0x5d, 0x06, 0x89, 0xef, 0x49, 0xd2, 0xfa, 0xe5, 0x72, 0xb8,
-      0x81, 0xb1, 0x23, 0xa8, 0x5f, 0xfa, 0x21, 0x59, 0x5f, 0x36 },
-    { 0xf7, 0x1c, 0x27, 0x10, 0x9c, 0x69, 0x2c, 0x1b, 0x56, 0xbb,
-      0xdc, 0xeb, 0x5b, 0x9d, 0x28, 0x65, 0xb3, 0x70, 0x8d, 0xbc },
-    { 0x12, 0xa0, 0x53, 0x38, 0x4a, 0x9c, 0x0c, 0x88, 0xe4, 0x05,
-      0xa0, 0x6c, 0x27, 0xdc, 0xf4, 0x9a, 0xda, 0x62, 0xeb, 0x2b },
-    { 0xb0, 0xe2, 0x0b, 0x6e, 0x31, 0x16, 0x64, 0x02, 0x86, 0xed,
-      0x3a, 0x87, 0xa5, 0x71, 0x30, 0x79, 0xb2, 0x1f, 0x51, 0x89 },
-    { 0x9b, 0x75, 0x2e, 0x45, 0x57, 0x3d, 0x4b, 0x39, 0xf4, 0xdb,
-      0xd3, 0x32, 0x3c, 0xab, 0x82, 0xbf, 0x63, 0x32, 0x6b, 0xfb },
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_ripemd160_self_test( int verbose )
-{
-    int i, ret = 0;
-    unsigned char output[20];
-
-    memset( output, 0, sizeof output );
-
-    for( i = 0; i < TESTS; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  RIPEMD-160 test #%d: ", i + 1 );
-
-        ret = mbedtls_ripemd160_ret( ripemd160_test_str[i],
-                                     ripemd160_test_strlen[i], output );
-        if( ret != 0 )
-            goto fail;
-
-        if( memcmp( output, ripemd160_test_md[i], 20 ) != 0 )
-        {
-            ret = 1;
-            goto fail;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-
-fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_RIPEMD160_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/rsa.c b/components/ssl/mbedtls/mbedtls/library/rsa.c
deleted file mode 100644
index c9f7ba91..00000000
--- a/components/ssl/mbedtls/mbedtls/library/rsa.c
+++ /dev/null
@@ -1,2382 +0,0 @@
-/*
- *  The RSA public-key cryptosystem
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/*
- *  The following sources were referenced in the design of this implementation
- *  of the RSA algorithm:
- *
- *  [1] A method for obtaining digital signatures and public-key cryptosystems
- *      R Rivest, A Shamir, and L Adleman
- *      http://people.csail.mit.edu/rivest/pubs.html#RSA78
- *
- *  [2] Handbook of Applied Cryptography - 1997, Chapter 8
- *      Menezes, van Oorschot and Vanstone
- *
- *  [3] Malware Guard Extension: Using SGX to Conceal Cache Attacks
- *      Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice and
- *      Stefan Mangard
- *      https://arxiv.org/abs/1702.08719v2
- *
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-
-#include "mbedtls/rsa.h"
-#include "mbedtls/rsa_internal.h"
-#include "mbedtls/oid.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_PKCS1_V21)
-#include "mbedtls/md.h"
-#endif
-
-#if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__)
-#include <stdlib.h>
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#define mbedtls_calloc calloc
-#define mbedtls_free   free
-#endif
-
-#if !defined(MBEDTLS_RSA_ALT)
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
-/* constant-time buffer comparison */
-static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n )
-{
-    size_t i;
-    const unsigned char *A = (const unsigned char *) a;
-    const unsigned char *B = (const unsigned char *) b;
-    unsigned char diff = 0;
-
-    for( i = 0; i < n; i++ )
-        diff |= A[i] ^ B[i];
-
-    return( diff );
-}
-
-int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
-                        const mbedtls_mpi *N,
-                        const mbedtls_mpi *P, const mbedtls_mpi *Q,
-                        const mbedtls_mpi *D, const mbedtls_mpi *E )
-{
-    int ret;
-
-    if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) ||
-        ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) ||
-        ( Q != NULL && ( ret = mbedtls_mpi_copy( &ctx->Q, Q ) ) != 0 ) ||
-        ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) ||
-        ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
-    }
-
-    if( N != NULL )
-        ctx->len = mbedtls_mpi_size( &ctx->N );
-
-    return( 0 );
-}
-
-int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
-                            unsigned char const *N, size_t N_len,
-                            unsigned char const *P, size_t P_len,
-                            unsigned char const *Q, size_t Q_len,
-                            unsigned char const *D, size_t D_len,
-                            unsigned char const *E, size_t E_len )
-{
-    int ret = 0;
-
-    if( N != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->N, N, N_len ) );
-        ctx->len = mbedtls_mpi_size( &ctx->N );
-    }
-
-    if( P != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->P, P, P_len ) );
-
-    if( Q != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->Q, Q, Q_len ) );
-
-    if( D != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->D, D, D_len ) );
-
-    if( E != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->E, E, E_len ) );
-
-cleanup:
-
-    if( ret != 0 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
-
-    return( 0 );
-}
-
-/*
- * Checks whether the context fields are set in such a way
- * that the RSA primitives will be able to execute without error.
- * It does *not* make guarantees for consistency of the parameters.
- */
-static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv,
-                              int blinding_needed )
-{
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    /* blinding_needed is only used for NO_CRT to decide whether
-     * P,Q need to be present or not. */
-    ((void) blinding_needed);
-#endif
-
-    if( ctx->len != mbedtls_mpi_size( &ctx->N ) ||
-        ctx->len > MBEDTLS_MPI_MAX_SIZE )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-    /*
-     * 1. Modular exponentiation needs positive, odd moduli.
-     */
-
-    /* Modular exponentiation wrt. N is always used for
-     * RSA public key operations. */
-    if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) <= 0 ||
-        mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0  )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    /* Modular exponentiation for P and Q is only
-     * used for private key operations and if CRT
-     * is used. */
-    if( is_priv &&
-        ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 ||
-          mbedtls_mpi_get_bit( &ctx->P, 0 ) == 0 ||
-          mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ||
-          mbedtls_mpi_get_bit( &ctx->Q, 0 ) == 0  ) )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-#endif /* !MBEDTLS_RSA_NO_CRT */
-
-    /*
-     * 2. Exponents must be positive
-     */
-
-    /* Always need E for public key operations */
-    if( mbedtls_mpi_cmp_int( &ctx->E, 0 ) <= 0 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_RSA_NO_CRT)
-    /* For private key operations, use D or DP & DQ
-     * as (unblinded) exponents. */
-    if( is_priv && mbedtls_mpi_cmp_int( &ctx->D, 0 ) <= 0 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-#else
-    if( is_priv &&
-        ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) <= 0 ||
-          mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) <= 0  ) )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-#endif /* MBEDTLS_RSA_NO_CRT */
-
-    /* Blinding shouldn't make exponents negative either,
-     * so check that P, Q >= 1 if that hasn't yet been
-     * done as part of 1. */
-#if defined(MBEDTLS_RSA_NO_CRT)
-    if( is_priv && blinding_needed &&
-        ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 ||
-          mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ) )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-#endif
-
-    /* It wouldn't lead to an error if it wasn't satisfied,
-     * but check for QP >= 1 nonetheless. */
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    if( is_priv &&
-        mbedtls_mpi_cmp_int( &ctx->QP, 0 ) <= 0 )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-#endif
-
-    return( 0 );
-}
-
-int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
-{
-    int ret = 0;
-
-    const int have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
-    const int have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
-    const int have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
-    const int have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
-    const int have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
-
-    /*
-     * Check whether provided parameters are enough
-     * to deduce all others. The following incomplete
-     * parameter sets for private keys are supported:
-     *
-     * (1) P, Q missing.
-     * (2) D and potentially N missing.
-     *
-     */
-
-    const int n_missing  =              have_P &&  have_Q &&  have_D && have_E;
-    const int pq_missing =   have_N && !have_P && !have_Q &&  have_D && have_E;
-    const int d_missing  =              have_P &&  have_Q && !have_D && have_E;
-    const int is_pub     =   have_N && !have_P && !have_Q && !have_D && have_E;
-
-    /* These three alternatives are mutually exclusive */
-    const int is_priv = n_missing || pq_missing || d_missing;
-
-    if( !is_priv && !is_pub )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    /*
-     * Step 1: Deduce N if P, Q are provided.
-     */
-
-    if( !have_N && have_P && have_Q )
-    {
-        if( ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P,
-                                         &ctx->Q ) ) != 0 )
-        {
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
-        }
-
-        ctx->len = mbedtls_mpi_size( &ctx->N );
-    }
-
-    /*
-     * Step 2: Deduce and verify all remaining core parameters.
-     */
-
-    if( pq_missing )
-    {
-        ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->E, &ctx->D,
-                                         &ctx->P, &ctx->Q );
-        if( ret != 0 )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
-
-    }
-    else if( d_missing )
-    {
-        if( ( ret = mbedtls_rsa_deduce_private_exponent( &ctx->P,
-                                                         &ctx->Q,
-                                                         &ctx->E,
-                                                         &ctx->D ) ) != 0 )
-        {
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
-        }
-    }
-
-    /*
-     * Step 3: Deduce all additional parameters specific
-     *         to our current RSA implementation.
-     */
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    if( is_priv )
-    {
-        ret = mbedtls_rsa_deduce_crt( &ctx->P,  &ctx->Q,  &ctx->D,
-                                      &ctx->DP, &ctx->DQ, &ctx->QP );
-        if( ret != 0 )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
-    }
-#endif /* MBEDTLS_RSA_NO_CRT */
-
-    /*
-     * Step 3: Basic sanity checks
-     */
-
-    return( rsa_check_context( ctx, is_priv, 1 ) );
-}
-
-int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
-                            unsigned char *N, size_t N_len,
-                            unsigned char *P, size_t P_len,
-                            unsigned char *Q, size_t Q_len,
-                            unsigned char *D, size_t D_len,
-                            unsigned char *E, size_t E_len )
-{
-    int ret = 0;
-
-    /* Check if key is private or public */
-    const int is_priv =
-        mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
-
-    if( !is_priv )
-    {
-        /* If we're trying to export private parameters for a public key,
-         * something must be wrong. */
-        if( P != NULL || Q != NULL || D != NULL )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    }
-
-    if( N != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->N, N, N_len ) );
-
-    if( P != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->P, P, P_len ) );
-
-    if( Q != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->Q, Q, Q_len ) );
-
-    if( D != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->D, D, D_len ) );
-
-    if( E != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->E, E, E_len ) );
-
-cleanup:
-
-    return( ret );
-}
-
-int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
-                        mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
-                        mbedtls_mpi *D, mbedtls_mpi *E )
-{
-    int ret;
-
-    /* Check if key is private or public */
-    int is_priv =
-        mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
-
-    if( !is_priv )
-    {
-        /* If we're trying to export private parameters for a public key,
-         * something must be wrong. */
-        if( P != NULL || Q != NULL || D != NULL )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    }
-
-    /* Export all requested core parameters. */
-
-    if( ( N != NULL && ( ret = mbedtls_mpi_copy( N, &ctx->N ) ) != 0 ) ||
-        ( P != NULL && ( ret = mbedtls_mpi_copy( P, &ctx->P ) ) != 0 ) ||
-        ( Q != NULL && ( ret = mbedtls_mpi_copy( Q, &ctx->Q ) ) != 0 ) ||
-        ( D != NULL && ( ret = mbedtls_mpi_copy( D, &ctx->D ) ) != 0 ) ||
-        ( E != NULL && ( ret = mbedtls_mpi_copy( E, &ctx->E ) ) != 0 ) )
-    {
-        return( ret );
-    }
-
-    return( 0 );
-}
-
-/*
- * Export CRT parameters
- * This must also be implemented if CRT is not used, for being able to
- * write DER encoded RSA keys. The helper function mbedtls_rsa_deduce_crt
- * can be used in this case.
- */
-int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
-                            mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP )
-{
-    int ret;
-
-    /* Check if key is private or public */
-    int is_priv =
-        mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
-
-    if( !is_priv )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    /* Export all requested blinding parameters. */
-    if( ( DP != NULL && ( ret = mbedtls_mpi_copy( DP, &ctx->DP ) ) != 0 ) ||
-        ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) ||
-        ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
-    }
-#else
-    if( ( ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
-                                        DP, DQ, QP ) ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
-    }
-#endif
-
-    return( 0 );
-}
-
-/*
- * Initialize an RSA context
- */
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
-               int padding,
-               int hash_id )
-{
-    memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
-
-    mbedtls_rsa_set_padding( ctx, padding, hash_id );
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
-#endif
-}
-
-/*
- * Set padding for an existing RSA context
- */
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id )
-{
-    ctx->padding = padding;
-    ctx->hash_id = hash_id;
-}
-
-/*
- * Get length in bytes of RSA modulus
- */
-
-size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx )
-{
-    return( ctx->len );
-}
-
-
-#if defined(MBEDTLS_GENPRIME)
-
-/*
- * Generate an RSA keypair
- */
-int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
-                 int (*f_rng)(void *, unsigned char *, size_t),
-                 void *p_rng,
-                 unsigned int nbits, int exponent )
-{
-    int ret;
-    mbedtls_mpi H, G;
-
-    if( f_rng == NULL || nbits < 128 || exponent < 3 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    if( nbits % 2 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    mbedtls_mpi_init( &H );
-    mbedtls_mpi_init( &G );
-
-    /*
-     * find primes P and Q with Q < P so that:
-     * GCD( E, (P-1)*(Q-1) ) == 1
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) );
-
-    do
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0,
-                                                f_rng, p_rng ) );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
-                                                f_rng, p_rng ) );
-
-        if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
-            continue;
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) );
-        if( mbedtls_mpi_bitlen( &ctx->N ) != nbits )
-            continue;
-
-        if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
-            mbedtls_mpi_swap( &ctx->P, &ctx->Q );
-
-        /* Temporarily replace P,Q by P-1, Q-1 */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &ctx->P, &ctx->Q ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H  ) );
-    }
-    while( mbedtls_mpi_cmp_int( &G, 1 ) != 0 );
-
-    /* Restore P,Q */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P,  &ctx->P, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q,  &ctx->Q, 1 ) );
-
-    ctx->len = mbedtls_mpi_size( &ctx->N );
-
-    /*
-     * D  = E^-1 mod ((P-1)*(Q-1))
-     * DP = D mod (P - 1)
-     * DQ = D mod (Q - 1)
-     * QP = Q^-1 mod P
-     */
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &H  ) );
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    MBEDTLS_MPI_CHK( mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
-                                             &ctx->DP, &ctx->DQ, &ctx->QP ) );
-#endif /* MBEDTLS_RSA_NO_CRT */
-
-    /* Double-check */
-    MBEDTLS_MPI_CHK( mbedtls_rsa_check_privkey( ctx ) );
-
-cleanup:
-
-    mbedtls_mpi_free( &H );
-    mbedtls_mpi_free( &G );
-
-    if( ret != 0 )
-    {
-        mbedtls_rsa_free( ctx );
-        return( MBEDTLS_ERR_RSA_KEY_GEN_FAILED + ret );
-    }
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_GENPRIME */
-
-/*
- * Check a public RSA key
- */
-int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
-{
-    if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 )
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-
-    if( mbedtls_mpi_bitlen( &ctx->N ) < 128 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-    }
-
-    if( mbedtls_mpi_get_bit( &ctx->E, 0 ) == 0 ||
-        mbedtls_mpi_bitlen( &ctx->E )     < 2  ||
-        mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-    }
-
-    return( 0 );
-}
-
-/*
- * Check for the consistency of all fields in an RSA private key context
- */
-int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
-{
-    if( mbedtls_rsa_check_pubkey( ctx ) != 0 ||
-        rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-    }
-
-    if( mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q,
-                                     &ctx->D, &ctx->E, NULL, NULL ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-    }
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    else if( mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D,
-                                       &ctx->DP, &ctx->DQ, &ctx->QP ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-    }
-#endif
-
-    return( 0 );
-}
-
-/*
- * Check if contexts holding a public and private key match
- */
-int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
-                                const mbedtls_rsa_context *prv )
-{
-    if( mbedtls_rsa_check_pubkey( pub )  != 0 ||
-        mbedtls_rsa_check_privkey( prv ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-    }
-
-    if( mbedtls_mpi_cmp_mpi( &pub->N, &prv->N ) != 0 ||
-        mbedtls_mpi_cmp_mpi( &pub->E, &prv->E ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-    }
-
-    return( 0 );
-}
-
-/*
- * Do an RSA public key operation
- */
-int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
-                const unsigned char *input,
-                unsigned char *output )
-{
-    int ret;
-    size_t olen;
-    mbedtls_mpi T;
-
-    if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    mbedtls_mpi_init( &T );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
-
-    if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
-    {
-        ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    olen = ctx->len;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
-
-cleanup:
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    mbedtls_mpi_free( &T );
-
-    if( ret != 0 )
-        return( MBEDTLS_ERR_RSA_PUBLIC_FAILED + ret );
-
-    return( 0 );
-}
-
-/*
- * Generate or update blinding values, see section 10 of:
- *  KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
- *  DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer
- *  Berlin Heidelberg, 1996. p. 104-113.
- */
-static int rsa_prepare_blinding( mbedtls_rsa_context *ctx,
-                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    int ret, count = 0;
-
-    if( ctx->Vf.p != NULL )
-    {
-        /* We already have blinding values, just update them by squaring */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->N ) );
-
-        goto cleanup;
-    }
-
-    /* Unblinding value: Vf = random number, invertible mod N */
-    do {
-        if( count++ > 10 )
-            return( MBEDTLS_ERR_RSA_RNG_FAILED );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &ctx->Vi, &ctx->Vf, &ctx->N ) );
-    } while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 );
-
-    /* Blinding value: Vi =  Vf^(-e) mod N */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vf, &ctx->N ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) );
-
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Exponent blinding supposed to prevent side-channel attacks using multiple
- * traces of measurements to recover the RSA key. The more collisions are there,
- * the more bits of the key can be recovered. See [3].
- *
- * Collecting n collisions with m bit long blinding value requires 2^(m-m/n)
- * observations on avarage.
- *
- * For example with 28 byte blinding to achieve 2 collisions the adversary has
- * to make 2^112 observations on avarage.
- *
- * (With the currently (as of 2017 April) known best algorithms breaking 2048
- * bit RSA requires approximately as much time as trying out 2^112 random keys.
- * Thus in this sense with 28 byte blinding the security is not reduced by
- * side-channel attacks like the one in [3])
- *
- * This countermeasure does not help if the key recovery is possible with a
- * single trace.
- */
-#define RSA_EXPONENT_BLINDING 28
-
-/*
- * Do an RSA private key operation
- */
-int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
-                 int (*f_rng)(void *, unsigned char *, size_t),
-                 void *p_rng,
-                 const unsigned char *input,
-                 unsigned char *output )
-{
-    int ret;
-    size_t olen;
-
-    /* Temporary holding the result */
-    mbedtls_mpi T;
-
-    /* Temporaries holding P-1, Q-1 and the
-     * exponent blinding factor, respectively. */
-    mbedtls_mpi P1, Q1, R;
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    /* Temporaries holding the results mod p resp. mod q. */
-    mbedtls_mpi TP, TQ;
-
-    /* Temporaries holding the blinded exponents for
-     * the mod p resp. mod q computation (if used). */
-    mbedtls_mpi DP_blind, DQ_blind;
-
-    /* Pointers to actual exponents to be used - either the unblinded
-     * or the blinded ones, depending on the presence of a PRNG. */
-    mbedtls_mpi *DP = &ctx->DP;
-    mbedtls_mpi *DQ = &ctx->DQ;
-#else
-    /* Temporary holding the blinded exponent (if used). */
-    mbedtls_mpi D_blind;
-
-    /* Pointer to actual exponent to be used - either the unblinded
-     * or the blinded one, depending on the presence of a PRNG. */
-    mbedtls_mpi *D = &ctx->D;
-#endif /* MBEDTLS_RSA_NO_CRT */
-
-    /* Temporaries holding the initial input and the double
-     * checked result; should be the same in the end. */
-    mbedtls_mpi I, C;
-
-    if( rsa_check_context( ctx, 1             /* private key checks */,
-                                f_rng != NULL /* blinding y/n       */ ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    /* MPI Initialization */
-    mbedtls_mpi_init( &T );
-
-    mbedtls_mpi_init( &P1 );
-    mbedtls_mpi_init( &Q1 );
-    mbedtls_mpi_init( &R );
-
-    if( f_rng != NULL )
-    {
-#if defined(MBEDTLS_RSA_NO_CRT)
-        mbedtls_mpi_init( &D_blind );
-#else
-        mbedtls_mpi_init( &DP_blind );
-        mbedtls_mpi_init( &DQ_blind );
-#endif
-    }
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ );
-#endif
-
-    mbedtls_mpi_init( &I );
-    mbedtls_mpi_init( &C );
-
-    /* End of MPI initialization */
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
-    if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
-    {
-        ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) );
-
-    if( f_rng != NULL )
-    {
-        /*
-         * Blinding
-         * T = T * Vi mod N
-         */
-        MBEDTLS_MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vi ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
-
-        /*
-         * Exponent blinding
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
-
-#if defined(MBEDTLS_RSA_NO_CRT)
-        /*
-         * D_blind = ( P - 1 ) * ( Q - 1 ) * R + D
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
-                         f_rng, p_rng ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &P1, &Q1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &D_blind, &R ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &D_blind, &D_blind, &ctx->D ) );
-
-        D = &D_blind;
-#else
-        /*
-         * DP_blind = ( P - 1 ) * R + DP
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
-                         f_rng, p_rng ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DP_blind, &P1, &R ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DP_blind, &DP_blind,
-                    &ctx->DP ) );
-
-        DP = &DP_blind;
-
-        /*
-         * DQ_blind = ( Q - 1 ) * R + DQ
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
-                         f_rng, p_rng ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DQ_blind, &Q1, &R ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DQ_blind, &DQ_blind,
-                    &ctx->DQ ) );
-
-        DQ = &DQ_blind;
-#endif /* MBEDTLS_RSA_NO_CRT */
-    }
-
-#if defined(MBEDTLS_RSA_NO_CRT)
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, D, &ctx->N, &ctx->RN ) );
-#else
-    /*
-     * Faster decryption using the CRT
-     *
-     * TP = input ^ dP mod P
-     * TQ = input ^ dQ mod Q
-     */
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TP, &T, DP, &ctx->P, &ctx->RP ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TQ, &T, DQ, &ctx->Q, &ctx->RQ ) );
-
-    /*
-     * T = (TP - TQ) * (Q^-1 mod P) mod P
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &TP, &TQ ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->QP ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &TP, &ctx->P ) );
-
-    /*
-     * T = TQ + T * Q
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->Q ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &TQ, &TP ) );
-#endif /* MBEDTLS_RSA_NO_CRT */
-
-    if( f_rng != NULL )
-    {
-        /*
-         * Unblind
-         * T = T * Vf mod N
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vf ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
-    }
-
-    /* Verify the result to prevent glitching attacks. */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E,
-                                          &ctx->N, &ctx->RN ) );
-    if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 )
-    {
-        ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
-        goto cleanup;
-    }
-
-    olen = ctx->len;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
-
-cleanup:
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    mbedtls_mpi_free( &P1 );
-    mbedtls_mpi_free( &Q1 );
-    mbedtls_mpi_free( &R );
-
-    if( f_rng != NULL )
-    {
-#if defined(MBEDTLS_RSA_NO_CRT)
-        mbedtls_mpi_free( &D_blind );
-#else
-        mbedtls_mpi_free( &DP_blind );
-        mbedtls_mpi_free( &DQ_blind );
-#endif
-    }
-
-    mbedtls_mpi_free( &T );
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    mbedtls_mpi_free( &TP ); mbedtls_mpi_free( &TQ );
-#endif
-
-    mbedtls_mpi_free( &C );
-    mbedtls_mpi_free( &I );
-
-    if( ret != 0 )
-        return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret );
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_PKCS1_V21)
-/**
- * Generate and apply the MGF1 operation (from PKCS#1 v2.1) to a buffer.
- *
- * \param dst       buffer to mask
- * \param dlen      length of destination buffer
- * \param src       source of the mask generation
- * \param slen      length of the source buffer
- * \param md_ctx    message digest context to use
- */
-static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src,
-                      size_t slen, mbedtls_md_context_t *md_ctx )
-{
-    unsigned char mask[MBEDTLS_MD_MAX_SIZE];
-    unsigned char counter[4];
-    unsigned char *p;
-    unsigned int hlen;
-    size_t i, use_len;
-    int ret = 0;
-
-    memset( mask, 0, MBEDTLS_MD_MAX_SIZE );
-    memset( counter, 0, 4 );
-
-    hlen = mbedtls_md_get_size( md_ctx->md_info );
-
-    /* Generate and apply dbMask */
-    p = dst;
-
-    while( dlen > 0 )
-    {
-        use_len = hlen;
-        if( dlen < hlen )
-            use_len = dlen;
-
-        if( ( ret = mbedtls_md_starts( md_ctx ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_md_update( md_ctx, src, slen ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_md_update( md_ctx, counter, 4 ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_md_finish( md_ctx, mask ) ) != 0 )
-            goto exit;
-
-        for( i = 0; i < use_len; ++i )
-            *p++ ^= mask[i];
-
-        counter[3]++;
-
-        dlen -= use_len;
-    }
-
-exit:
-    mbedtls_zeroize( mask, sizeof( mask ) );
-
-    return( ret );
-}
-#endif /* MBEDTLS_PKCS1_V21 */
-
-#if defined(MBEDTLS_PKCS1_V21)
-/*
- * Implementation of the PKCS#1 v2.1 RSAES-OAEP-ENCRYPT function
- */
-int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng,
-                            int mode,
-                            const unsigned char *label, size_t label_len,
-                            size_t ilen,
-                            const unsigned char *input,
-                            unsigned char *output )
-{
-    size_t olen;
-    int ret;
-    unsigned char *p = output;
-    unsigned int hlen;
-    const mbedtls_md_info_t *md_info;
-    mbedtls_md_context_t md_ctx;
-
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    if( f_rng == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    olen = ctx->len;
-    hlen = mbedtls_md_get_size( md_info );
-
-    /* first comparison checks for overflow */
-    if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    memset( output, 0, olen );
-
-    *p++ = 0;
-
-    /* Generate a random octet string seed */
-    if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 )
-        return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
-
-    p += hlen;
-
-    /* Construct DB */
-    if( ( ret = mbedtls_md( md_info, label, label_len, p ) ) != 0 )
-        return( ret );
-    p += hlen;
-    p += olen - 2 * hlen - 2 - ilen;
-    *p++ = 1;
-    memcpy( p, input, ilen );
-
-    mbedtls_md_init( &md_ctx );
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
-        goto exit;
-
-    /* maskedDB: Apply dbMask to DB */
-    if( ( ret = mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
-                          &md_ctx ) ) != 0 )
-        goto exit;
-
-    /* maskedSeed: Apply seedMask to seed */
-    if( ( ret = mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
-                          &md_ctx ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_md_free( &md_ctx );
-
-    if( ret != 0 )
-        return( ret );
-
-    return( ( mode == MBEDTLS_RSA_PUBLIC )
-            ? mbedtls_rsa_public(  ctx, output, output )
-            : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
-}
-#endif /* MBEDTLS_PKCS1_V21 */
-
-#if defined(MBEDTLS_PKCS1_V15)
-/*
- * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-ENCRYPT function
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng,
-                                 int mode, size_t ilen,
-                                 const unsigned char *input,
-                                 unsigned char *output )
-{
-    size_t nb_pad, olen;
-    int ret;
-    unsigned char *p = output;
-
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    // We don't check p_rng because it won't be dereferenced here
-    if( f_rng == NULL || input == NULL || output == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    olen = ctx->len;
-
-    /* first comparison checks for overflow */
-    if( ilen + 11 < ilen || olen < ilen + 11 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    nb_pad = olen - 3 - ilen;
-
-    *p++ = 0;
-    if( mode == MBEDTLS_RSA_PUBLIC )
-    {
-        *p++ = MBEDTLS_RSA_CRYPT;
-
-        while( nb_pad-- > 0 )
-        {
-            int rng_dl = 100;
-
-            do {
-                ret = f_rng( p_rng, p, 1 );
-            } while( *p == 0 && --rng_dl && ret == 0 );
-
-            /* Check if RNG failed to generate data */
-            if( rng_dl == 0 || ret != 0 )
-                return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
-
-            p++;
-        }
-    }
-    else
-    {
-        *p++ = MBEDTLS_RSA_SIGN;
-
-        while( nb_pad-- > 0 )
-            *p++ = 0xFF;
-    }
-
-    *p++ = 0;
-    memcpy( p, input, ilen );
-
-    return( ( mode == MBEDTLS_RSA_PUBLIC )
-            ? mbedtls_rsa_public(  ctx, output, output )
-            : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
-}
-#endif /* MBEDTLS_PKCS1_V15 */
-
-/*
- * Add the message padding, then do an RSA operation
- */
-int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng,
-                       int mode, size_t ilen,
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    switch( ctx->padding )
-    {
-#if defined(MBEDTLS_PKCS1_V15)
-        case MBEDTLS_RSA_PKCS_V15:
-            return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen,
-                                                input, output );
-#endif
-
-#if defined(MBEDTLS_PKCS1_V21)
-        case MBEDTLS_RSA_PKCS_V21:
-            return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0,
-                                           ilen, input, output );
-#endif
-
-        default:
-            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
-    }
-}
-
-#if defined(MBEDTLS_PKCS1_V21)
-/*
- * Implementation of the PKCS#1 v2.1 RSAES-OAEP-DECRYPT function
- */
-int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng,
-                            int mode,
-                            const unsigned char *label, size_t label_len,
-                            size_t *olen,
-                            const unsigned char *input,
-                            unsigned char *output,
-                            size_t output_max_len )
-{
-    int ret;
-    size_t ilen, i, pad_len;
-    unsigned char *p, bad, pad_done;
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
-    unsigned char lhash[MBEDTLS_MD_MAX_SIZE];
-    unsigned int hlen;
-    const mbedtls_md_info_t *md_info;
-    mbedtls_md_context_t md_ctx;
-
-    /*
-     * Parameters sanity checks
-     */
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    ilen = ctx->len;
-
-    if( ilen < 16 || ilen > sizeof( buf ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    hlen = mbedtls_md_get_size( md_info );
-
-    // checking for integer underflow
-    if( 2 * hlen + 2 > ilen )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    /*
-     * RSA operation
-     */
-    ret = ( mode == MBEDTLS_RSA_PUBLIC )
-          ? mbedtls_rsa_public(  ctx, input, buf )
-          : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
-
-    if( ret != 0 )
-        goto cleanup;
-
-    /*
-     * Unmask data and generate lHash
-     */
-    mbedtls_md_init( &md_ctx );
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
-    {
-        mbedtls_md_free( &md_ctx );
-        goto cleanup;
-    }
-
-    /* seed: Apply seedMask to maskedSeed */
-    if( ( ret = mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
-                          &md_ctx ) ) != 0 ||
-    /* DB: Apply dbMask to maskedDB */
-        ( ret = mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
-                          &md_ctx ) ) != 0 )
-    {
-        mbedtls_md_free( &md_ctx );
-        goto cleanup;
-    }
-
-    mbedtls_md_free( &md_ctx );
-
-    /* Generate lHash */
-    if( ( ret = mbedtls_md( md_info, label, label_len, lhash ) ) != 0 )
-        goto cleanup;
-
-    /*
-     * Check contents, in "constant-time"
-     */
-    p = buf;
-    bad = 0;
-
-    bad |= *p++; /* First byte must be 0 */
-
-    p += hlen; /* Skip seed */
-
-    /* Check lHash */
-    for( i = 0; i < hlen; i++ )
-        bad |= lhash[i] ^ *p++;
-
-    /* Get zero-padding len, but always read till end of buffer
-     * (minus one, for the 01 byte) */
-    pad_len = 0;
-    pad_done = 0;
-    for( i = 0; i < ilen - 2 * hlen - 2; i++ )
-    {
-        pad_done |= p[i];
-        pad_len += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
-    }
-
-    p += pad_len;
-    bad |= *p++ ^ 0x01;
-
-    /*
-     * The only information "leaked" is whether the padding was correct or not
-     * (eg, no data is copied if it was not correct). This meets the
-     * recommendations in PKCS#1 v2.2: an opponent cannot distinguish between
-     * the different error conditions.
-     */
-    if( bad != 0 )
-    {
-        ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
-        goto cleanup;
-    }
-
-    if( ilen - ( p - buf ) > output_max_len )
-    {
-        ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
-        goto cleanup;
-    }
-
-    *olen = ilen - (p - buf);
-    memcpy( output, p, *olen );
-    ret = 0;
-
-cleanup:
-    mbedtls_zeroize( buf, sizeof( buf ) );
-    mbedtls_zeroize( lhash, sizeof( lhash ) );
-
-    return( ret );
-}
-#endif /* MBEDTLS_PKCS1_V21 */
-
-#if defined(MBEDTLS_PKCS1_V15)
-/*
- * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-DECRYPT function
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng,
-                                 int mode, size_t *olen,
-                                 const unsigned char *input,
-                                 unsigned char *output,
-                                 size_t output_max_len)
-{
-    int ret;
-    size_t ilen, pad_count = 0, i;
-    unsigned char *p, bad, pad_done = 0;
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
-
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    ilen = ctx->len;
-
-    if( ilen < 16 || ilen > sizeof( buf ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    ret = ( mode == MBEDTLS_RSA_PUBLIC )
-          ? mbedtls_rsa_public(  ctx, input, buf )
-          : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
-
-    if( ret != 0 )
-        goto cleanup;
-
-    p = buf;
-    bad = 0;
-
-    /*
-     * Check and get padding len in "constant-time"
-     */
-    bad |= *p++; /* First byte must be 0 */
-
-    /* This test does not depend on secret data */
-    if( mode == MBEDTLS_RSA_PRIVATE )
-    {
-        bad |= *p++ ^ MBEDTLS_RSA_CRYPT;
-
-        /* Get padding len, but always read till end of buffer
-         * (minus one, for the 00 byte) */
-        for( i = 0; i < ilen - 3; i++ )
-        {
-            pad_done  |= ((p[i] | (unsigned char)-p[i]) >> 7) ^ 1;
-            pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
-        }
-
-        p += pad_count;
-        bad |= *p++; /* Must be zero */
-    }
-    else
-    {
-        bad |= *p++ ^ MBEDTLS_RSA_SIGN;
-
-        /* Get padding len, but always read till end of buffer
-         * (minus one, for the 00 byte) */
-        for( i = 0; i < ilen - 3; i++ )
-        {
-            pad_done |= ( p[i] != 0xFF );
-            pad_count += ( pad_done == 0 );
-        }
-
-        p += pad_count;
-        bad |= *p++; /* Must be zero */
-    }
-
-    bad |= ( pad_count < 8 );
-
-    if( bad )
-    {
-        ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
-        goto cleanup;
-    }
-
-    if( ilen - ( p - buf ) > output_max_len )
-    {
-        ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
-        goto cleanup;
-    }
-
-    *olen = ilen - (p - buf);
-    memcpy( output, p, *olen );
-    ret = 0;
-
-cleanup:
-    mbedtls_zeroize( buf, sizeof( buf ) );
-
-    return( ret );
-}
-#endif /* MBEDTLS_PKCS1_V15 */
-
-/*
- * Do an RSA operation, then remove the message padding
- */
-int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng,
-                       int mode, size_t *olen,
-                       const unsigned char *input,
-                       unsigned char *output,
-                       size_t output_max_len)
-{
-    switch( ctx->padding )
-    {
-#if defined(MBEDTLS_PKCS1_V15)
-        case MBEDTLS_RSA_PKCS_V15:
-            return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, mode, olen,
-                                                input, output, output_max_len );
-#endif
-
-#if defined(MBEDTLS_PKCS1_V21)
-        case MBEDTLS_RSA_PKCS_V21:
-            return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, mode, NULL, 0,
-                                           olen, input, output,
-                                           output_max_len );
-#endif
-
-        default:
-            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
-    }
-}
-
-#if defined(MBEDTLS_PKCS1_V21)
-/*
- * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function
- */
-int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         int mode,
-                         mbedtls_md_type_t md_alg,
-                         unsigned int hashlen,
-                         const unsigned char *hash,
-                         unsigned char *sig )
-{
-    size_t olen;
-    unsigned char *p = sig;
-    unsigned char salt[MBEDTLS_MD_MAX_SIZE];
-    unsigned int slen, hlen, offset = 0;
-    int ret;
-    size_t msb;
-    const mbedtls_md_info_t *md_info;
-    mbedtls_md_context_t md_ctx;
-
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    if( f_rng == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    olen = ctx->len;
-
-    if( md_alg != MBEDTLS_MD_NONE )
-    {
-        /* Gather length of hash to sign */
-        md_info = mbedtls_md_info_from_type( md_alg );
-        if( md_info == NULL )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        hashlen = mbedtls_md_get_size( md_info );
-    }
-
-    md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    hlen = mbedtls_md_get_size( md_info );
-    slen = hlen;
-
-    if( olen < hlen + slen + 2 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    memset( sig, 0, olen );
-
-    /* Generate salt of length slen */
-    if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
-        return( MBEDTLS_ERR_RSA_RNG_FAILED + ret );
-
-    /* Note: EMSA-PSS encoding is over the length of N - 1 bits */
-    msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
-    p += olen - hlen * 2 - 2;
-    *p++ = 0x01;
-    memcpy( p, salt, slen );
-    p += slen;
-
-    mbedtls_md_init( &md_ctx );
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
-        goto exit;
-
-    /* Generate H = Hash( M' ) */
-    if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md_update( &md_ctx, p, 8 ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md_update( &md_ctx, hash, hashlen ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md_update( &md_ctx, salt, slen ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md_finish( &md_ctx, p ) ) != 0 )
-        goto exit;
-
-    /* Compensate for boundary condition when applying mask */
-    if( msb % 8 == 0 )
-        offset = 1;
-
-    /* maskedDB: Apply dbMask to DB */
-    if( ( ret = mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen,
-                          &md_ctx ) ) != 0 )
-        goto exit;
-
-    msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
-    sig[0] &= 0xFF >> ( olen * 8 - msb );
-
-    p += hlen;
-    *p++ = 0xBC;
-
-    mbedtls_zeroize( salt, sizeof( salt ) );
-
-exit:
-    mbedtls_md_free( &md_ctx );
-
-    if( ret != 0 )
-        return( ret );
-
-    return( ( mode == MBEDTLS_RSA_PUBLIC )
-            ? mbedtls_rsa_public(  ctx, sig, sig )
-            : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) );
-}
-#endif /* MBEDTLS_PKCS1_V21 */
-
-#if defined(MBEDTLS_PKCS1_V15)
-/*
- * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-V1_5-SIGN function
- */
-
-/* Construct a PKCS v1.5 encoding of a hashed message
- *
- * This is used both for signature generation and verification.
- *
- * Parameters:
- * - md_alg:  Identifies the hash algorithm used to generate the given hash;
- *            MBEDTLS_MD_NONE if raw data is signed.
- * - hashlen: Length of hash in case hashlen is MBEDTLS_MD_NONE.
- * - hash:    Buffer containing the hashed message or the raw data.
- * - dst_len: Length of the encoded message.
- * - dst:     Buffer to hold the encoded message.
- *
- * Assumptions:
- * - hash has size hashlen if md_alg == MBEDTLS_MD_NONE.
- * - hash has size corresponding to md_alg if md_alg != MBEDTLS_MD_NONE.
- * - dst points to a buffer of size at least dst_len.
- *
- */
-static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
-                                        unsigned int hashlen,
-                                        const unsigned char *hash,
-                                        size_t dst_len,
-                                        unsigned char *dst )
-{
-    size_t oid_size  = 0;
-    size_t nb_pad    = dst_len;
-    unsigned char *p = dst;
-    const char *oid  = NULL;
-
-    /* Are we signing hashed or raw data? */
-    if( md_alg != MBEDTLS_MD_NONE )
-    {
-        const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
-        if( md_info == NULL )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        hashlen = mbedtls_md_get_size( md_info );
-
-        /* Double-check that 8 + hashlen + oid_size can be used as a
-         * 1-byte ASN.1 length encoding and that there's no overflow. */
-        if( 8 + hashlen + oid_size  >= 0x80         ||
-            10 + hashlen            <  hashlen      ||
-            10 + hashlen + oid_size <  10 + hashlen )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        /*
-         * Static bounds check:
-         * - Need 10 bytes for five tag-length pairs.
-         *   (Insist on 1-byte length encodings to protect against variants of
-         *    Bleichenbacher's forgery attack against lax PKCS#1v1.5 verification)
-         * - Need hashlen bytes for hash
-         * - Need oid_size bytes for hash alg OID.
-         */
-        if( nb_pad < 10 + hashlen + oid_size )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-        nb_pad -= 10 + hashlen + oid_size;
-    }
-    else
-    {
-        if( nb_pad < hashlen )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        nb_pad -= hashlen;
-    }
-
-    /* Need space for signature header and padding delimiter (3 bytes),
-     * and 8 bytes for the minimal padding */
-    if( nb_pad < 3 + 8 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    nb_pad -= 3;
-
-    /* Now nb_pad is the amount of memory to be filled
-     * with padding, and at least 8 bytes long. */
-
-    /* Write signature header and padding */
-    *p++ = 0;
-    *p++ = MBEDTLS_RSA_SIGN;
-    memset( p, 0xFF, nb_pad );
-    p += nb_pad;
-    *p++ = 0;
-
-    /* Are we signing raw data? */
-    if( md_alg == MBEDTLS_MD_NONE )
-    {
-        memcpy( p, hash, hashlen );
-        return( 0 );
-    }
-
-    /* Signing hashed data, add corresponding ASN.1 structure
-     *
-     * DigestInfo ::= SEQUENCE {
-     *   digestAlgorithm DigestAlgorithmIdentifier,
-     *   digest Digest }
-     * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-     * Digest ::= OCTET STRING
-     *
-     * Schematic:
-     * TAG-SEQ + LEN [ TAG-SEQ + LEN [ TAG-OID  + LEN [ OID  ]
-     *                                 TAG-NULL + LEN [ NULL ] ]
-     *                 TAG-OCTET + LEN [ HASH ] ]
-     */
-    *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
-    *p++ = (unsigned char)( 0x08 + oid_size + hashlen );
-    *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
-    *p++ = (unsigned char)( 0x04 + oid_size );
-    *p++ = MBEDTLS_ASN1_OID;
-    *p++ = (unsigned char) oid_size;
-    memcpy( p, oid, oid_size );
-    p += oid_size;
-    *p++ = MBEDTLS_ASN1_NULL;
-    *p++ = 0x00;
-    *p++ = MBEDTLS_ASN1_OCTET_STRING;
-    *p++ = (unsigned char) hashlen;
-    memcpy( p, hash, hashlen );
-    p += hashlen;
-
-    /* Just a sanity-check, should be automatic
-     * after the initial bounds check. */
-    if( p != dst + dst_len )
-    {
-        mbedtls_zeroize( dst, dst_len );
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-    return( 0 );
-}
-
-/*
- * Do an RSA operation to sign the message digest
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng,
-                               int mode,
-                               mbedtls_md_type_t md_alg,
-                               unsigned int hashlen,
-                               const unsigned char *hash,
-                               unsigned char *sig )
-{
-    int ret;
-    unsigned char *sig_try = NULL, *verif = NULL;
-
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    /*
-     * Prepare PKCS1-v1.5 encoding (padding and hash identifier)
-     */
-
-    if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash,
-                                             ctx->len, sig ) ) != 0 )
-        return( ret );
-
-    /*
-     * Call respective RSA primitive
-     */
-
-    if( mode == MBEDTLS_RSA_PUBLIC )
-    {
-        /* Skip verification on a public key operation */
-        return( mbedtls_rsa_public( ctx, sig, sig ) );
-    }
-
-    /* Private key operation
-     *
-     * In order to prevent Lenstra's attack, make the signature in a
-     * temporary buffer and check it before returning it.
-     */
-
-    sig_try = mbedtls_calloc( 1, ctx->len );
-    if( sig_try == NULL )
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-
-    verif = mbedtls_calloc( 1, ctx->len );
-    if( verif == NULL )
-    {
-        mbedtls_free( sig_try );
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) );
-
-    if( mbedtls_safer_memcmp( verif, sig, ctx->len ) != 0 )
-    {
-        ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
-        goto cleanup;
-    }
-
-    memcpy( sig, sig_try, ctx->len );
-
-cleanup:
-    mbedtls_free( sig_try );
-    mbedtls_free( verif );
-
-    return( ret );
-}
-#endif /* MBEDTLS_PKCS1_V15 */
-
-/*
- * Do an RSA operation to sign the message digest
- */
-int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
-                    int (*f_rng)(void *, unsigned char *, size_t),
-                    void *p_rng,
-                    int mode,
-                    mbedtls_md_type_t md_alg,
-                    unsigned int hashlen,
-                    const unsigned char *hash,
-                    unsigned char *sig )
-{
-    switch( ctx->padding )
-    {
-#if defined(MBEDTLS_PKCS1_V15)
-        case MBEDTLS_RSA_PKCS_V15:
-            return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg,
-                                              hashlen, hash, sig );
-#endif
-
-#if defined(MBEDTLS_PKCS1_V21)
-        case MBEDTLS_RSA_PKCS_V21:
-            return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg,
-                                        hashlen, hash, sig );
-#endif
-
-        default:
-            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
-    }
-}
-
-#if defined(MBEDTLS_PKCS1_V21)
-/*
- * Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function
- */
-int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng,
-                               int mode,
-                               mbedtls_md_type_t md_alg,
-                               unsigned int hashlen,
-                               const unsigned char *hash,
-                               mbedtls_md_type_t mgf1_hash_id,
-                               int expected_salt_len,
-                               const unsigned char *sig )
-{
-    int ret;
-    size_t siglen;
-    unsigned char *p;
-    unsigned char *hash_start;
-    unsigned char result[MBEDTLS_MD_MAX_SIZE];
-    unsigned char zeros[8];
-    unsigned int hlen;
-    size_t observed_salt_len, msb;
-    const mbedtls_md_info_t *md_info;
-    mbedtls_md_context_t md_ctx;
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
-
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    siglen = ctx->len;
-
-    if( siglen < 16 || siglen > sizeof( buf ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    ret = ( mode == MBEDTLS_RSA_PUBLIC )
-          ? mbedtls_rsa_public(  ctx, sig, buf )
-          : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf );
-
-    if( ret != 0 )
-        return( ret );
-
-    p = buf;
-
-    if( buf[siglen - 1] != 0xBC )
-        return( MBEDTLS_ERR_RSA_INVALID_PADDING );
-
-    if( md_alg != MBEDTLS_MD_NONE )
-    {
-        /* Gather length of hash to sign */
-        md_info = mbedtls_md_info_from_type( md_alg );
-        if( md_info == NULL )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        hashlen = mbedtls_md_get_size( md_info );
-    }
-
-    md_info = mbedtls_md_info_from_type( mgf1_hash_id );
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    hlen = mbedtls_md_get_size( md_info );
-
-    memset( zeros, 0, 8 );
-
-    /*
-     * Note: EMSA-PSS verification is over the length of N - 1 bits
-     */
-    msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
-
-    if( buf[0] >> ( 8 - siglen * 8 + msb ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    /* Compensate for boundary condition when applying mask */
-    if( msb % 8 == 0 )
-    {
-        p++;
-        siglen -= 1;
-    }
-
-    if( siglen < hlen + 2 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    hash_start = p + siglen - hlen - 1;
-
-    mbedtls_md_init( &md_ctx );
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
-        goto exit;
-
-    ret = mgf_mask( p, siglen - hlen - 1, hash_start, hlen, &md_ctx );
-    if( ret != 0 )
-        goto exit;
-
-    buf[0] &= 0xFF >> ( siglen * 8 - msb );
-
-    while( p < hash_start - 1 && *p == 0 )
-        p++;
-
-    if( *p++ != 0x01 )
-    {
-        ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
-        goto exit;
-    }
-
-    observed_salt_len = hash_start - p;
-
-    if( expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY &&
-        observed_salt_len != (size_t) expected_salt_len )
-    {
-        ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
-        goto exit;
-    }
-
-    /*
-     * Generate H = Hash( M' )
-     */
-    ret = mbedtls_md_starts( &md_ctx );
-    if ( ret != 0 )
-        goto exit;
-    ret = mbedtls_md_update( &md_ctx, zeros, 8 );
-    if ( ret != 0 )
-        goto exit;
-    ret = mbedtls_md_update( &md_ctx, hash, hashlen );
-    if ( ret != 0 )
-        goto exit;
-    ret = mbedtls_md_update( &md_ctx, p, observed_salt_len );
-    if ( ret != 0 )
-        goto exit;
-    ret = mbedtls_md_finish( &md_ctx, result );
-    if ( ret != 0 )
-        goto exit;
-
-    if( memcmp( hash_start, result, hlen ) != 0 )
-    {
-        ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
-        goto exit;
-    }
-
-exit:
-    mbedtls_md_free( &md_ctx );
-
-    return( ret );
-}
-
-/*
- * Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function
- */
-int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
-                           int (*f_rng)(void *, unsigned char *, size_t),
-                           void *p_rng,
-                           int mode,
-                           mbedtls_md_type_t md_alg,
-                           unsigned int hashlen,
-                           const unsigned char *hash,
-                           const unsigned char *sig )
-{
-    mbedtls_md_type_t mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
-                             ? (mbedtls_md_type_t) ctx->hash_id
-                             : md_alg;
-
-    return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, p_rng, mode,
-                                       md_alg, hashlen, hash,
-                                       mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY,
-                                       sig ) );
-
-}
-#endif /* MBEDTLS_PKCS1_V21 */
-
-#if defined(MBEDTLS_PKCS1_V15)
-/*
- * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng,
-                                 int mode,
-                                 mbedtls_md_type_t md_alg,
-                                 unsigned int hashlen,
-                                 const unsigned char *hash,
-                                 const unsigned char *sig )
-{
-    int ret = 0;
-    const size_t sig_len = ctx->len;
-    unsigned char *encoded = NULL, *encoded_expected = NULL;
-
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    /*
-     * Prepare expected PKCS1 v1.5 encoding of hash.
-     */
-
-    if( ( encoded          = mbedtls_calloc( 1, sig_len ) ) == NULL ||
-        ( encoded_expected = mbedtls_calloc( 1, sig_len ) ) == NULL )
-    {
-        ret = MBEDTLS_ERR_MPI_ALLOC_FAILED;
-        goto cleanup;
-    }
-
-    if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash, sig_len,
-                                             encoded_expected ) ) != 0 )
-        goto cleanup;
-
-    /*
-     * Apply RSA primitive to get what should be PKCS1 encoded hash.
-     */
-
-    ret = ( mode == MBEDTLS_RSA_PUBLIC )
-          ? mbedtls_rsa_public(  ctx, sig, encoded )
-          : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, encoded );
-    if( ret != 0 )
-        goto cleanup;
-
-    /*
-     * Compare
-     */
-
-    if( ( ret = mbedtls_safer_memcmp( encoded, encoded_expected,
-                                      sig_len ) ) != 0 )
-    {
-        ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
-        goto cleanup;
-    }
-
-cleanup:
-
-    if( encoded != NULL )
-    {
-        mbedtls_zeroize( encoded, sig_len );
-        mbedtls_free( encoded );
-    }
-
-    if( encoded_expected != NULL )
-    {
-        mbedtls_zeroize( encoded_expected, sig_len );
-        mbedtls_free( encoded_expected );
-    }
-
-    return( ret );
-}
-#endif /* MBEDTLS_PKCS1_V15 */
-
-/*
- * Do an RSA operation and check the message digest
- */
-int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng,
-                      int mode,
-                      mbedtls_md_type_t md_alg,
-                      unsigned int hashlen,
-                      const unsigned char *hash,
-                      const unsigned char *sig )
-{
-    switch( ctx->padding )
-    {
-#if defined(MBEDTLS_PKCS1_V15)
-        case MBEDTLS_RSA_PKCS_V15:
-            return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg,
-                                                hashlen, hash, sig );
-#endif
-
-#if defined(MBEDTLS_PKCS1_V21)
-        case MBEDTLS_RSA_PKCS_V21:
-            return mbedtls_rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg,
-                                          hashlen, hash, sig );
-#endif
-
-        default:
-            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
-    }
-}
-
-/*
- * Copy the components of an RSA key
- */
-int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
-{
-    int ret;
-
-    dst->ver = src->ver;
-    dst->len = src->len;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->N, &src->N ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->E, &src->E ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->D, &src->D ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->P, &src->P ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Q, &src->Q ) );
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DP, &src->DP ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DQ, &src->DQ ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->QP, &src->QP ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RP, &src->RP ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RQ, &src->RQ ) );
-#endif
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RN, &src->RN ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vi, &src->Vi ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vf, &src->Vf ) );
-
-    dst->padding = src->padding;
-    dst->hash_id = src->hash_id;
-
-cleanup:
-    if( ret != 0 )
-        mbedtls_rsa_free( dst );
-
-    return( ret );
-}
-
-/*
- * Free the components of an RSA key
- */
-void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
-{
-    mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf );
-    mbedtls_mpi_free( &ctx->RN ); mbedtls_mpi_free( &ctx->D  );
-    mbedtls_mpi_free( &ctx->Q  ); mbedtls_mpi_free( &ctx->P  );
-    mbedtls_mpi_free( &ctx->E  ); mbedtls_mpi_free( &ctx->N  );
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    mbedtls_mpi_free( &ctx->RQ ); mbedtls_mpi_free( &ctx->RP );
-    mbedtls_mpi_free( &ctx->QP ); mbedtls_mpi_free( &ctx->DQ );
-    mbedtls_mpi_free( &ctx->DP );
-#endif /* MBEDTLS_RSA_NO_CRT */
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free( &ctx->mutex );
-#endif
-}
-
-#endif /* !MBEDTLS_RSA_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#include "mbedtls/sha1.h"
-
-/*
- * Example RSA-1024 keypair, for test purposes
- */
-#define KEY_LEN 128
-
-#define RSA_N   "9292758453063D803DD603D5E777D788" \
-                "8ED1D5BF35786190FA2F23EBC0848AEA" \
-                "DDA92CA6C3D80B32C4D109BE0F36D6AE" \
-                "7130B9CED7ACDF54CFC7555AC14EEBAB" \
-                "93A89813FBF3C4F8066D2D800F7C38A8" \
-                "1AE31942917403FF4946B0A83D3D3E05" \
-                "EE57C6F5F5606FB5D4BC6CD34EE0801A" \
-                "5E94BB77B07507233A0BC7BAC8F90F79"
-
-#define RSA_E   "10001"
-
-#define RSA_D   "24BF6185468786FDD303083D25E64EFC" \
-                "66CA472BC44D253102F8B4A9D3BFA750" \
-                "91386C0077937FE33FA3252D28855837" \
-                "AE1B484A8A9A45F7EE8C0C634F99E8CD" \
-                "DF79C5CE07EE72C7F123142198164234" \
-                "CABB724CF78B8173B9F880FC86322407" \
-                "AF1FEDFDDE2BEB674CA15F3E81A1521E" \
-                "071513A1E85B5DFA031F21ECAE91A34D"
-
-#define RSA_P   "C36D0EB7FCD285223CFB5AABA5BDA3D8" \
-                "2C01CAD19EA484A87EA4377637E75500" \
-                "FCB2005C5C7DD6EC4AC023CDA285D796" \
-                "C3D9E75E1EFC42488BB4F1D13AC30A57"
-
-#define RSA_Q   "C000DF51A7C77AE8D7C7370C1FF55B69" \
-                "E211C2B9E5DB1ED0BF61D0D9899620F4" \
-                "910E4168387E3C30AA1E00C339A79508" \
-                "8452DD96A9A5EA5D9DCA68DA636032AF"
-
-#define PT_LEN  24
-#define RSA_PT  "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \
-                "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"
-
-#if defined(MBEDTLS_PKCS1_V15)
-static int myrand( void *rng_state, unsigned char *output, size_t len )
-{
-#if !defined(__OpenBSD__)
-    size_t i;
-
-    if( rng_state != NULL )
-        rng_state  = NULL;
-
-    for( i = 0; i < len; ++i )
-        output[i] = rand();
-#else
-    if( rng_state != NULL )
-        rng_state = NULL;
-
-    arc4random_buf( output, len );
-#endif /* !OpenBSD */
-
-    return( 0 );
-}
-#endif /* MBEDTLS_PKCS1_V15 */
-
-/*
- * Checkup routine
- */
-int mbedtls_rsa_self_test( int verbose )
-{
-    int ret = 0;
-#if defined(MBEDTLS_PKCS1_V15)
-    size_t len;
-    mbedtls_rsa_context rsa;
-    unsigned char rsa_plaintext[PT_LEN];
-    unsigned char rsa_decrypted[PT_LEN];
-    unsigned char rsa_ciphertext[KEY_LEN];
-#if defined(MBEDTLS_SHA1_C)
-    unsigned char sha1sum[20];
-#endif
-
-    mbedtls_mpi K;
-
-    mbedtls_mpi_init( &K );
-    mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_N  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, &K, NULL, NULL, NULL, NULL ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_P  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, &K, NULL, NULL, NULL ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_Q  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, &K, NULL, NULL ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_D  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, &K, NULL ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_E  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, NULL, &K ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_rsa_complete( &rsa ) );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  RSA key validation: " );
-
-    if( mbedtls_rsa_check_pubkey(  &rsa ) != 0 ||
-        mbedtls_rsa_check_privkey( &rsa ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n  PKCS#1 encryption : " );
-
-    memcpy( rsa_plaintext, RSA_PT, PT_LEN );
-
-    if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC,
-                                   PT_LEN, rsa_plaintext,
-                                   rsa_ciphertext ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n  PKCS#1 decryption : " );
-
-    if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE,
-                                   &len, rsa_ciphertext, rsa_decrypted,
-                                   sizeof(rsa_decrypted) ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-#if defined(MBEDTLS_SHA1_C)
-    if( verbose != 0 )
-        mbedtls_printf( "  PKCS#1 data sign  : " );
-
-    if( mbedtls_sha1_ret( rsa_plaintext, PT_LEN, sha1sum ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL,
-                                MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0,
-                                sha1sum, rsa_ciphertext ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n  PKCS#1 sig. verify: " );
-
-    if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL,
-                                  MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0,
-                                  sha1sum, rsa_ciphertext ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-#endif /* MBEDTLS_SHA1_C */
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-cleanup:
-    mbedtls_mpi_free( &K );
-    mbedtls_rsa_free( &rsa );
-#else /* MBEDTLS_PKCS1_V15 */
-    ((void) verbose);
-#endif /* MBEDTLS_PKCS1_V15 */
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_RSA_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/rsa_internal.c b/components/ssl/mbedtls/mbedtls/library/rsa_internal.c
deleted file mode 100644
index 507009f1..00000000
--- a/components/ssl/mbedtls/mbedtls/library/rsa_internal.c
+++ /dev/null
@@ -1,487 +0,0 @@
-/*
- *  Helper functions for the RSA module
- *
- *  Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- *
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-
-#include "mbedtls/rsa.h"
-#include "mbedtls/bignum.h"
-#include "mbedtls/rsa_internal.h"
-
-/*
- * Compute RSA prime factors from public and private exponents
- *
- * Summary of algorithm:
- * Setting F := lcm(P-1,Q-1), the idea is as follows:
- *
- * (a) For any 1 <= X < N with gcd(X,N)=1, we have X^F = 1 modulo N, so X^(F/2)
- *     is a square root of 1 in Z/NZ. Since Z/NZ ~= Z/PZ x Z/QZ by CRT and the
- *     square roots of 1 in Z/PZ and Z/QZ are +1 and -1, this leaves the four
- *     possibilities X^(F/2) = (+-1, +-1). If it happens that X^(F/2) = (-1,+1)
- *     or (+1,-1), then gcd(X^(F/2) + 1, N) will be equal to one of the prime
- *     factors of N.
- *
- * (b) If we don't know F/2 but (F/2) * K for some odd (!) K, then the same
- *     construction still applies since (-)^K is the identity on the set of
- *     roots of 1 in Z/NZ.
- *
- * The public and private key primitives (-)^E and (-)^D are mutually inverse
- * bijections on Z/NZ if and only if (-)^(DE) is the identity on Z/NZ, i.e.
- * if and only if DE - 1 is a multiple of F, say DE - 1 = F * L.
- * Splitting L = 2^t * K with K odd, we have
- *
- *   DE - 1 = FL = (F/2) * (2^(t+1)) * K,
- *
- * so (F / 2) * K is among the numbers
- *
- *   (DE - 1) >> 1, (DE - 1) >> 2, ..., (DE - 1) >> ord
- *
- * where ord is the order of 2 in (DE - 1).
- * We can therefore iterate through these numbers apply the construction
- * of (a) and (b) above to attempt to factor N.
- *
- */
-int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N,
-                     mbedtls_mpi const *E, mbedtls_mpi const *D,
-                     mbedtls_mpi *P, mbedtls_mpi *Q )
-{
-    int ret = 0;
-
-    uint16_t attempt;  /* Number of current attempt  */
-    uint16_t iter;     /* Number of squares computed in the current attempt */
-
-    uint16_t order;    /* Order of 2 in DE - 1 */
-
-    mbedtls_mpi T;  /* Holds largest odd divisor of DE - 1     */
-    mbedtls_mpi K;  /* Temporary holding the current candidate */
-
-    const unsigned char primes[] = { 2,
-           3,    5,    7,   11,   13,   17,   19,   23,
-          29,   31,   37,   41,   43,   47,   53,   59,
-          61,   67,   71,   73,   79,   83,   89,   97,
-         101,  103,  107,  109,  113,  127,  131,  137,
-         139,  149,  151,  157,  163,  167,  173,  179,
-         181,  191,  193,  197,  199,  211,  223,  227,
-         229,  233,  239,  241,  251
-    };
-
-    const size_t num_primes = sizeof( primes ) / sizeof( *primes );
-
-    if( P == NULL || Q == NULL || P->p != NULL || Q->p != NULL )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 ||
-        mbedtls_mpi_cmp_int( D, 1 ) <= 0 ||
-        mbedtls_mpi_cmp_mpi( D, N ) >= 0 ||
-        mbedtls_mpi_cmp_int( E, 1 ) <= 0 ||
-        mbedtls_mpi_cmp_mpi( E, N ) >= 0 )
-    {
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-    }
-
-    /*
-     * Initializations and temporary changes
-     */
-
-    mbedtls_mpi_init( &K );
-    mbedtls_mpi_init( &T );
-
-    /* T := DE - 1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, D,  E ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &T, &T, 1 ) );
-
-    if( ( order = (uint16_t) mbedtls_mpi_lsb( &T ) ) == 0 )
-    {
-        ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    /* After this operation, T holds the largest odd divisor of DE - 1. */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &T, order ) );
-
-    /*
-     * Actual work
-     */
-
-    /* Skip trying 2 if N == 1 mod 8 */
-    attempt = 0;
-    if( N->p[0] % 8 == 1 )
-        attempt = 1;
-
-    for( ; attempt < num_primes; ++attempt )
-    {
-        mbedtls_mpi_lset( &K, primes[attempt] );
-
-        /* Check if gcd(K,N) = 1 */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) );
-        if( mbedtls_mpi_cmp_int( P, 1 ) != 0 )
-            continue;
-
-        /* Go through K^T + 1, K^(2T) + 1, K^(4T) + 1, ...
-         * and check whether they have nontrivial GCD with N. */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &K, &K, &T, N,
-                             Q /* temporarily use Q for storing Montgomery
-                                * multiplication helper values */ ) );
-
-        for( iter = 1; iter <= order; ++iter )
-        {
-            /* If we reach 1 prematurely, there's no point
-             * in continuing to square K */
-            if( mbedtls_mpi_cmp_int( &K, 1 ) == 0 )
-                break;
-
-            MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) );
-
-            if( mbedtls_mpi_cmp_int( P, 1 ) ==  1 &&
-                mbedtls_mpi_cmp_mpi( P, N ) == -1 )
-            {
-                /*
-                 * Have found a nontrivial divisor P of N.
-                 * Set Q := N / P.
-                 */
-
-                MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, NULL, N, P ) );
-                goto cleanup;
-            }
-
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &K ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, N ) );
-        }
-
-        /*
-         * If we get here, then either we prematurely aborted the loop because
-         * we reached 1, or K holds primes[attempt]^(DE - 1) mod N, which must
-         * be 1 if D,E,N were consistent.
-         * Check if that's the case and abort if not, to avoid very long,
-         * yet eventually failing, computations if N,D,E were not sane.
-         */
-        if( mbedtls_mpi_cmp_int( &K, 1 ) != 0 )
-        {
-            break;
-        }
-    }
-
-    ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
-
-cleanup:
-
-    mbedtls_mpi_free( &K );
-    mbedtls_mpi_free( &T );
-    return( ret );
-}
-
-/*
- * Given P, Q and the public exponent E, deduce D.
- * This is essentially a modular inversion.
- */
-int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P,
-                                         mbedtls_mpi const *Q,
-                                         mbedtls_mpi const *E,
-                                         mbedtls_mpi *D )
-{
-    int ret = 0;
-    mbedtls_mpi K, L;
-
-    if( D == NULL || mbedtls_mpi_cmp_int( D, 0 ) != 0 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 ||
-        mbedtls_mpi_cmp_int( Q, 1 ) <= 0 ||
-        mbedtls_mpi_cmp_int( E, 0 ) == 0 )
-    {
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-    }
-
-    mbedtls_mpi_init( &K );
-    mbedtls_mpi_init( &L );
-
-    /* Temporarily put K := P-1 and L := Q-1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) );
-
-    /* Temporarily put D := gcd(P-1, Q-1) */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, &K, &L ) );
-
-    /* K := LCM(P-1, Q-1) */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &L ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &K, NULL, &K, D ) );
-
-    /* Compute modular inverse of E in LCM(P-1, Q-1) */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( D, E, &K ) );
-
-cleanup:
-
-    mbedtls_mpi_free( &K );
-    mbedtls_mpi_free( &L );
-
-    return( ret );
-}
-
-/*
- * Check that RSA CRT parameters are in accordance with core parameters.
- */
-int mbedtls_rsa_validate_crt( const mbedtls_mpi *P,  const mbedtls_mpi *Q,
-                              const mbedtls_mpi *D,  const mbedtls_mpi *DP,
-                              const mbedtls_mpi *DQ, const mbedtls_mpi *QP )
-{
-    int ret = 0;
-
-    mbedtls_mpi K, L;
-    mbedtls_mpi_init( &K );
-    mbedtls_mpi_init( &L );
-
-    /* Check that DP - D == 0 mod P - 1 */
-    if( DP != NULL )
-    {
-        if( P == NULL )
-        {
-            ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
-            goto cleanup;
-        }
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DP, D ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) );
-
-        if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
-    }
-
-    /* Check that DQ - D == 0 mod Q - 1 */
-    if( DQ != NULL )
-    {
-        if( Q == NULL )
-        {
-            ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
-            goto cleanup;
-        }
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DQ, D ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) );
-
-        if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
-    }
-
-    /* Check that QP * Q - 1 == 0 mod P */
-    if( QP != NULL )
-    {
-        if( P == NULL || Q == NULL )
-        {
-            ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
-            goto cleanup;
-        }
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, QP, Q ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) );
-        if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
-    }
-
-cleanup:
-
-    /* Wrap MPI error codes by RSA check failure error code */
-    if( ret != 0 &&
-        ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED &&
-        ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
-    {
-        ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-    }
-
-    mbedtls_mpi_free( &K );
-    mbedtls_mpi_free( &L );
-
-    return( ret );
-}
-
-/*
- * Check that core RSA parameters are sane.
- */
-int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P,
-                                 const mbedtls_mpi *Q, const mbedtls_mpi *D,
-                                 const mbedtls_mpi *E,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng )
-{
-    int ret = 0;
-    mbedtls_mpi K, L;
-
-    mbedtls_mpi_init( &K );
-    mbedtls_mpi_init( &L );
-
-    /*
-     * Step 1: If PRNG provided, check that P and Q are prime
-     */
-
-#if defined(MBEDTLS_GENPRIME)
-    if( f_rng != NULL && P != NULL &&
-        ( ret = mbedtls_mpi_is_prime( P, f_rng, p_rng ) ) != 0 )
-    {
-        ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-        goto cleanup;
-    }
-
-    if( f_rng != NULL && Q != NULL &&
-        ( ret = mbedtls_mpi_is_prime( Q, f_rng, p_rng ) ) != 0 )
-    {
-        ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-        goto cleanup;
-    }
-#else
-    ((void) f_rng);
-    ((void) p_rng);
-#endif /* MBEDTLS_GENPRIME */
-
-    /*
-     * Step 2: Check that 1 < N = P * Q
-     */
-
-    if( P != NULL && Q != NULL && N != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) );
-        if( mbedtls_mpi_cmp_int( N, 1 )  <= 0 ||
-            mbedtls_mpi_cmp_mpi( &K, N ) != 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
-    }
-
-    /*
-     * Step 3: Check and 1 < D, E < N if present.
-     */
-
-    if( N != NULL && D != NULL && E != NULL )
-    {
-        if ( mbedtls_mpi_cmp_int( D, 1 ) <= 0 ||
-             mbedtls_mpi_cmp_int( E, 1 ) <= 0 ||
-             mbedtls_mpi_cmp_mpi( D, N ) >= 0 ||
-             mbedtls_mpi_cmp_mpi( E, N ) >= 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
-    }
-
-    /*
-     * Step 4: Check that D, E are inverse modulo P-1 and Q-1
-     */
-
-    if( P != NULL && Q != NULL && D != NULL && E != NULL )
-    {
-        if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 ||
-            mbedtls_mpi_cmp_int( Q, 1 ) <= 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
-
-        /* Compute DE-1 mod P-1 */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, P, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) );
-        if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
-
-        /* Compute DE-1 mod Q-1 */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) );
-        if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
-    }
-
-cleanup:
-
-    mbedtls_mpi_free( &K );
-    mbedtls_mpi_free( &L );
-
-    /* Wrap MPI error codes by RSA check failure error code */
-    if( ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED )
-    {
-        ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-    }
-
-    return( ret );
-}
-
-int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
-                            const mbedtls_mpi *D, mbedtls_mpi *DP,
-                            mbedtls_mpi *DQ, mbedtls_mpi *QP )
-{
-    int ret = 0;
-    mbedtls_mpi K;
-    mbedtls_mpi_init( &K );
-
-    /* DP = D mod P-1 */
-    if( DP != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1  ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, D, &K ) );
-    }
-
-    /* DQ = D mod Q-1 */
-    if( DQ != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1  ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, D, &K ) );
-    }
-
-    /* QP = Q^{-1} mod P */
-    if( QP != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( QP, Q, P ) );
-    }
-
-cleanup:
-    mbedtls_mpi_free( &K );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_RSA_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/ssl_cache.c b/components/ssl/mbedtls/mbedtls/library/ssl_cache.c
deleted file mode 100644
index 47867f13..00000000
--- a/components/ssl/mbedtls/mbedtls/library/ssl_cache.c
+++ /dev/null
@@ -1,327 +0,0 @@
-/*
- *  SSL session cache implementation
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- * These session callbacks use a simple chained list
- * to store and retrieve the session information.
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_SSL_CACHE_C)
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc    calloc
-#define mbedtls_free      free
-#endif
-
-#include "mbedtls/ssl_cache.h"
-
-#include <string.h>
-
-void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache )
-{
-    memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) );
-
-    cache->timeout = MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT;
-    cache->max_entries = MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES;
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &cache->mutex );
-#endif
-}
-
-int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session )
-{
-    int ret = 1;
-#if defined(MBEDTLS_HAVE_TIME)
-    mbedtls_time_t t = mbedtls_time( NULL );
-#endif
-    mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
-    mbedtls_ssl_cache_entry *cur, *entry;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_lock( &cache->mutex ) != 0 )
-        return( 1 );
-#endif
-
-    cur = cache->chain;
-    entry = NULL;
-
-    while( cur != NULL )
-    {
-        entry = cur;
-        cur = cur->next;
-
-#if defined(MBEDTLS_HAVE_TIME)
-        if( cache->timeout != 0 &&
-            (int) ( t - entry->timestamp ) > cache->timeout )
-            continue;
-#endif
-
-        if( session->ciphersuite != entry->session.ciphersuite ||
-            session->compression != entry->session.compression ||
-            session->id_len != entry->session.id_len )
-            continue;
-
-        if( memcmp( session->id, entry->session.id,
-                    entry->session.id_len ) != 0 )
-            continue;
-
-        memcpy( session->master, entry->session.master, 48 );
-
-        session->verify_result = entry->session.verify_result;
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-        /*
-         * Restore peer certificate (without rest of the original chain)
-         */
-        if( entry->peer_cert.p != NULL )
-        {
-            if( ( session->peer_cert = mbedtls_calloc( 1,
-                                 sizeof(mbedtls_x509_crt) ) ) == NULL )
-            {
-                ret = 1;
-                goto exit;
-            }
-
-            mbedtls_x509_crt_init( session->peer_cert );
-            if( mbedtls_x509_crt_parse( session->peer_cert, entry->peer_cert.p,
-                                entry->peer_cert.len ) != 0 )
-            {
-                mbedtls_free( session->peer_cert );
-                session->peer_cert = NULL;
-                ret = 1;
-                goto exit;
-            }
-        }
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-        ret = 0;
-        goto exit;
-    }
-
-exit:
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
-        ret = 1;
-#endif
-
-    return( ret );
-}
-
-int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
-{
-    int ret = 1;
-#if defined(MBEDTLS_HAVE_TIME)
-    mbedtls_time_t t = mbedtls_time( NULL ), oldest = 0;
-    mbedtls_ssl_cache_entry *old = NULL;
-#endif
-    mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
-    mbedtls_ssl_cache_entry *cur, *prv;
-    int count = 0;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &cache->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    cur = cache->chain;
-    prv = NULL;
-
-    while( cur != NULL )
-    {
-        count++;
-
-#if defined(MBEDTLS_HAVE_TIME)
-        if( cache->timeout != 0 &&
-            (int) ( t - cur->timestamp ) > cache->timeout )
-        {
-            cur->timestamp = t;
-            break; /* expired, reuse this slot, update timestamp */
-        }
-#endif
-
-        if( memcmp( session->id, cur->session.id, cur->session.id_len ) == 0 )
-            break; /* client reconnected, keep timestamp for session id */
-
-#if defined(MBEDTLS_HAVE_TIME)
-        if( oldest == 0 || cur->timestamp < oldest )
-        {
-            oldest = cur->timestamp;
-            old = cur;
-        }
-#endif
-
-        prv = cur;
-        cur = cur->next;
-    }
-
-    if( cur == NULL )
-    {
-#if defined(MBEDTLS_HAVE_TIME)
-        /*
-         * Reuse oldest entry if max_entries reached
-         */
-        if( count >= cache->max_entries )
-        {
-            if( old == NULL )
-            {
-                ret = 1;
-                goto exit;
-            }
-
-            cur = old;
-        }
-#else /* MBEDTLS_HAVE_TIME */
-        /*
-         * Reuse first entry in chain if max_entries reached,
-         * but move to last place
-         */
-        if( count >= cache->max_entries )
-        {
-            if( cache->chain == NULL )
-            {
-                ret = 1;
-                goto exit;
-            }
-
-            cur = cache->chain;
-            cache->chain = cur->next;
-            cur->next = NULL;
-            prv->next = cur;
-        }
-#endif /* MBEDTLS_HAVE_TIME */
-        else
-        {
-            /*
-             * max_entries not reached, create new entry
-             */
-            cur = mbedtls_calloc( 1, sizeof(mbedtls_ssl_cache_entry) );
-            if( cur == NULL )
-            {
-                ret = 1;
-                goto exit;
-            }
-
-            if( prv == NULL )
-                cache->chain = cur;
-            else
-                prv->next = cur;
-        }
-
-#if defined(MBEDTLS_HAVE_TIME)
-        cur->timestamp = t;
-#endif
-    }
-
-    memcpy( &cur->session, session, sizeof( mbedtls_ssl_session ) );
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    /*
-     * If we're reusing an entry, free its certificate first
-     */
-    if( cur->peer_cert.p != NULL )
-    {
-        mbedtls_free( cur->peer_cert.p );
-        memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) );
-    }
-
-    /*
-     * Store peer certificate
-     */
-    if( session->peer_cert != NULL )
-    {
-        cur->peer_cert.p = mbedtls_calloc( 1, session->peer_cert->raw.len );
-        if( cur->peer_cert.p == NULL )
-        {
-            ret = 1;
-            goto exit;
-        }
-
-        memcpy( cur->peer_cert.p, session->peer_cert->raw.p,
-                session->peer_cert->raw.len );
-        cur->peer_cert.len = session->peer_cert->raw.len;
-
-        cur->session.peer_cert = NULL;
-    }
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-    ret = 0;
-
-exit:
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
-        ret = 1;
-#endif
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_HAVE_TIME)
-void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout )
-{
-    if( timeout < 0 ) timeout = 0;
-
-    cache->timeout = timeout;
-}
-#endif /* MBEDTLS_HAVE_TIME */
-
-void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max )
-{
-    if( max < 0 ) max = 0;
-
-    cache->max_entries = max;
-}
-
-void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache )
-{
-    mbedtls_ssl_cache_entry *cur, *prv;
-
-    cur = cache->chain;
-
-    while( cur != NULL )
-    {
-        prv = cur;
-        cur = cur->next;
-
-        mbedtls_ssl_session_free( &prv->session );
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-        mbedtls_free( prv->peer_cert.p );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-        mbedtls_free( prv );
-    }
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free( &cache->mutex );
-#endif
-    cache->chain = NULL;
-}
-
-#endif /* MBEDTLS_SSL_CACHE_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/ssl_ciphersuites.c b/components/ssl/mbedtls/mbedtls/library/ssl_ciphersuites.c
deleted file mode 100644
index 95e6163c..00000000
--- a/components/ssl/mbedtls/mbedtls/library/ssl_ciphersuites.c
+++ /dev/null
@@ -1,1875 +0,0 @@
-/**
- * \file ssl_ciphersuites.c
- *
- * \brief SSL ciphersuites for mbed TLS
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C)
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#endif
-
-#include "mbedtls/ssl_ciphersuites.h"
-#include "mbedtls/ssl.h"
-
-#include <string.h>
-
-/*
- * Ordered from most preferred to least preferred in terms of security.
- *
- * Current rule (except rc4, weak and null which come last):
- * 1. By key exchange:
- *    Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
- * 2. By key length and cipher:
- *    AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES
- * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
- * 4. By hash function used when relevant
- * 5. By key exchange/auth again: EC > non-EC
- */
-static const int ciphersuite_preference[] =
-{
-#if defined(MBEDTLS_SSL_CIPHERSUITES)
-    MBEDTLS_SSL_CIPHERSUITES,
-#else
-    /* All AES-256 ephemeral suites */
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
-
-    /* All CAMELLIA-256 ephemeral suites */
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
-    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
-    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-
-    /* All AES-128 ephemeral suites */
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
-
-    /* All CAMELLIA-128 ephemeral suites */
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-
-    /* All remaining >= 128-bit ephemeral suites */
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-
-    /* The PSK ephemeral suites */
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
-    MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
-
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
-
-    MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
-
-    /* The ECJPAKE suite */
-    MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
-
-    /* All AES-256 suites */
-    MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
-    MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
-    MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
-
-    /* All CAMELLIA-256 suites */
-    MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
-    MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
-    MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
-
-    /* All AES-128 suites */
-    MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
-    MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
-
-    /* All CAMELLIA-128 suites */
-    MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
-    MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
-
-    /* All remaining >= 128-bit suites */
-    MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-
-    /* The RSA PSK suites */
-    MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
-
-    MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
-
-    MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
-
-    /* The PSK suites */
-    MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
-    MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
-    MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
-
-    MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
-    MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
-
-    MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
-
-    /* RC4 suites */
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA,
-    MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA,
-    MBEDTLS_TLS_RSA_WITH_RC4_128_SHA,
-    MBEDTLS_TLS_RSA_WITH_RC4_128_MD5,
-    MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
-    MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA,
-    MBEDTLS_TLS_PSK_WITH_RC4_128_SHA,
-
-    /* Weak suites */
-    MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA,
-    MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA,
-
-    /* NULL suites */
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
-    MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384,
-    MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256,
-    MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA,
-
-    MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
-    MBEDTLS_TLS_RSA_WITH_NULL_SHA,
-    MBEDTLS_TLS_RSA_WITH_NULL_MD5,
-    MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
-    MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384,
-    MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256,
-    MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA,
-    MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
-    MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
-    MBEDTLS_TLS_PSK_WITH_NULL_SHA,
-
-#endif /* MBEDTLS_SSL_CIPHERSUITES */
-    0
-};
-
-static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
-{
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_SHA1_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_SHA512_C */
-#if defined(MBEDTLS_CCM_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_ARC4_C */
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_SHA1_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_ARC4_C */
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C && MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_CCM_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C && MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA1_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_CCM_C)
-    { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-    { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_MD5_C)
-    { MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif
-#endif /* MBEDTLS_ARC4_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_SHA1_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS-ECDH-RSA-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_ARC4_C */
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_SHA1_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS-ECDH-ECDSA-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_ARC4_C */
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_CCM_C)
-    { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-    { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_ARC4_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_CCM_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_ARC4_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-#if defined(MBEDTLS_AES_C)
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA, "TLS-ECDHE-PSK-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_ARC4_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_ARC4_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_CCM_C)
-    { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_ENABLE_WEAK_CIPHERSUITES)
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-#if defined(MBEDTLS_MD5_C)
-    { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
-      MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
-      MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-#endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */
-
-    { 0, "",
-      MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
-      0, 0, 0, 0, 0 }
-};
-
-#if defined(MBEDTLS_SSL_CIPHERSUITES)
-const int *mbedtls_ssl_list_ciphersuites( void )
-{
-    return( ciphersuite_preference );
-}
-#else
-#define MAX_CIPHERSUITES    sizeof( ciphersuite_definitions     ) /         \
-                            sizeof( ciphersuite_definitions[0]  )
-static int supported_ciphersuites[MAX_CIPHERSUITES];
-static int supported_init = 0;
-
-const int *mbedtls_ssl_list_ciphersuites( void )
-{
-    /*
-     * On initial call filter out all ciphersuites not supported by current
-     * build based on presence in the ciphersuite_definitions.
-     */
-    if( supported_init == 0 )
-    {
-        const int *p;
-        int *q;
-
-        for( p = ciphersuite_preference, q = supported_ciphersuites;
-             *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
-             p++ )
-        {
-#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
-            const mbedtls_ssl_ciphersuite_t *cs_info;
-            if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL &&
-                cs_info->cipher != MBEDTLS_CIPHER_ARC4_128 )
-#else
-            if( mbedtls_ssl_ciphersuite_from_id( *p ) != NULL )
-#endif
-                *(q++) = *p;
-        }
-        *q = 0;
-
-        supported_init = 1;
-    }
-
-    return( supported_ciphersuites );
-}
-#endif /* MBEDTLS_SSL_CIPHERSUITES */
-
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
-                                                const char *ciphersuite_name )
-{
-    const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
-
-    if( NULL == ciphersuite_name )
-        return( NULL );
-
-    while( cur->id != 0 )
-    {
-        if( 0 == strcmp( cur->name, ciphersuite_name ) )
-            return( cur );
-
-        cur++;
-    }
-
-    return( NULL );
-}
-
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite )
-{
-    const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
-
-    while( cur->id != 0 )
-    {
-        if( cur->id == ciphersuite )
-            return( cur );
-
-        cur++;
-    }
-
-    return( NULL );
-}
-
-const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id )
-{
-    const mbedtls_ssl_ciphersuite_t *cur;
-
-    cur = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
-
-    if( cur == NULL )
-        return( "unknown" );
-
-    return( cur->name );
-}
-
-int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name )
-{
-    const mbedtls_ssl_ciphersuite_t *cur;
-
-    cur = mbedtls_ssl_ciphersuite_from_string( ciphersuite_name );
-
-    if( cur == NULL )
-        return( 0 );
-
-    return( cur->id );
-}
-
-#if defined(MBEDTLS_PK_C)
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
-            return( MBEDTLS_PK_RSA );
-
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return( MBEDTLS_PK_ECDSA );
-
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-            return( MBEDTLS_PK_ECKEY );
-
-        default:
-            return( MBEDTLS_PK_NONE );
-    }
-}
-
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-            return( MBEDTLS_PK_RSA );
-
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return( MBEDTLS_PK_ECDSA );
-
-        default:
-            return( MBEDTLS_PK_NONE );
-    }
-}
-
-#endif /* MBEDTLS_PK_C */
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
-int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
-        case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
-
-#endif /* MBEDTLS_SSL_TLS_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/ssl_cli.c b/components/ssl/mbedtls/mbedtls/library/ssl_cli.c
deleted file mode 100644
index 36d9be7b..00000000
--- a/components/ssl/mbedtls/mbedtls/library/ssl_cli.c
+++ /dev/null
@@ -1,3462 +0,0 @@
-/*
- *  SSLv3/TLSv1 client-side functions
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_SSL_CLI_C)
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc    calloc
-#define mbedtls_free      free
-#endif
-
-#include "mbedtls/debug.h"
-#include "mbedtls/ssl.h"
-#include "mbedtls/ssl_internal.h"
-
-#include <string.h>
-
-#include <stdint.h>
-
-#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
-#endif
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-#endif
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
-                                    unsigned char *buf,
-                                    size_t *olen )
-{
-    unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-    size_t hostname_len;
-
-    *olen = 0;
-
-    if( ssl->hostname == NULL )
-        return;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s",
-                   ssl->hostname ) );
-
-    hostname_len = strlen( ssl->hostname );
-
-    if( end < p || (size_t)( end - p ) < hostname_len + 9 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
-        return;
-    }
-
-    /*
-     * Sect. 3, RFC 6066 (TLS Extensions Definitions)
-     *
-     * In order to provide any of the server names, clients MAY include an
-     * extension of type "server_name" in the (extended) client hello. The
-     * "extension_data" field of this extension SHALL contain
-     * "ServerNameList" where:
-     *
-     * struct {
-     *     NameType name_type;
-     *     select (name_type) {
-     *         case host_name: HostName;
-     *     } name;
-     * } ServerName;
-     *
-     * enum {
-     *     host_name(0), (255)
-     * } NameType;
-     *
-     * opaque HostName<1..2^16-1>;
-     *
-     * struct {
-     *     ServerName server_name_list<1..2^16-1>
-     * } ServerNameList;
-     *
-     */
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME      ) & 0xFF );
-
-    *p++ = (unsigned char)( ( (hostname_len + 5) >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( (hostname_len + 5)      ) & 0xFF );
-
-    *p++ = (unsigned char)( ( (hostname_len + 3) >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( (hostname_len + 3)      ) & 0xFF );
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF );
-    *p++ = (unsigned char)( ( hostname_len >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( hostname_len      ) & 0xFF );
-
-    memcpy( p, ssl->hostname, hostname_len );
-
-    *olen = hostname_len + 9;
-}
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
-                                         unsigned char *buf,
-                                         size_t *olen )
-{
-    unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-
-    *olen = 0;
-
-    /* We're always including an TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the
-     * initial ClientHello, in which case also adding the renegotiation
-     * info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */
-    if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-        return;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
-
-    if( end < p || (size_t)( end - p ) < 5 + ssl->verify_data_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
-        return;
-    }
-
-    /*
-     * Secure renegotiation
-     */
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO      ) & 0xFF );
-
-    *p++ = 0x00;
-    *p++ = ( ssl->verify_data_len + 1 ) & 0xFF;
-    *p++ = ssl->verify_data_len & 0xFF;
-
-    memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
-
-    *olen = 5 + ssl->verify_data_len;
-}
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-/*
- * Only if we handle at least one key exchange that needs signatures.
- */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
-                                                unsigned char *buf,
-                                                size_t *olen )
-{
-    unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-    size_t sig_alg_len = 0;
-    const int *md;
-#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
-    unsigned char *sig_alg_list = buf + 6;
-#endif
-
-    *olen = 0;
-
-    if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
-        return;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
-
-    for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
-    {
-#if defined(MBEDTLS_ECDSA_C)
-        sig_alg_len += 2;
-#endif
-#if defined(MBEDTLS_RSA_C)
-        sig_alg_len += 2;
-#endif
-    }
-
-    if( end < p || (size_t)( end - p ) < sig_alg_len + 6 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
-        return;
-    }
-
-    /*
-     * Prepare signature_algorithms extension (TLS 1.2)
-     */
-    sig_alg_len = 0;
-
-    for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
-    {
-#if defined(MBEDTLS_ECDSA_C)
-        sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
-        sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
-#endif
-#if defined(MBEDTLS_RSA_C)
-        sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
-        sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
-#endif
-    }
-
-    /*
-     * enum {
-     *     none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
-     *     sha512(6), (255)
-     * } HashAlgorithm;
-     *
-     * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
-     *   SignatureAlgorithm;
-     *
-     * struct {
-     *     HashAlgorithm hash;
-     *     SignatureAlgorithm signature;
-     * } SignatureAndHashAlgorithm;
-     *
-     * SignatureAndHashAlgorithm
-     *   supported_signature_algorithms<2..2^16-2>;
-     */
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG      ) & 0xFF );
-
-    *p++ = (unsigned char)( ( ( sig_alg_len + 2 ) >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( ( sig_alg_len + 2 )      ) & 0xFF );
-
-    *p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( sig_alg_len      ) & 0xFF );
-
-    *olen = 6 + sig_alg_len;
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
-          MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
-                                                     unsigned char *buf,
-                                                     size_t *olen )
-{
-    unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-    unsigned char *elliptic_curve_list = p + 6;
-    size_t elliptic_curve_len = 0;
-    const mbedtls_ecp_curve_info *info;
-#if defined(MBEDTLS_ECP_C)
-    const mbedtls_ecp_group_id *grp_id;
-#else
-    ((void) ssl);
-#endif
-
-    *olen = 0;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
-
-#if defined(MBEDTLS_ECP_C)
-    for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
-#else
-    for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
-#endif
-    {
-#if defined(MBEDTLS_ECP_C)
-        info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
-#endif
-        if( info == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) );
-            return;
-        }
-
-        elliptic_curve_len += 2;
-    }
-
-    if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
-        return;
-    }
-
-    elliptic_curve_len = 0;
-
-#if defined(MBEDTLS_ECP_C)
-    for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
-#else
-    for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
-#endif
-    {
-#if defined(MBEDTLS_ECP_C)
-        info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
-#endif
-        elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
-        elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
-    }
-
-    if( elliptic_curve_len == 0 )
-        return;
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES      ) & 0xFF );
-
-    *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 )      ) & 0xFF );
-
-    *p++ = (unsigned char)( ( ( elliptic_curve_len     ) >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( ( elliptic_curve_len     )      ) & 0xFF );
-
-    *olen = 6 + elliptic_curve_len;
-}
-
-static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
-                                                   unsigned char *buf,
-                                                   size_t *olen )
-{
-    unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-
-    *olen = 0;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) );
-
-    if( end < p || (size_t)( end - p ) < 6 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
-        return;
-    }
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS      ) & 0xFF );
-
-    *p++ = 0x00;
-    *p++ = 2;
-
-    *p++ = 1;
-    *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED;
-
-    *olen = 6;
-}
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || 
-          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
-                                        unsigned char *buf,
-                                        size_t *olen )
-{
-    int ret;
-    unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-    size_t kkpp_len;
-
-    *olen = 0;
-
-    /* Skip costly extension if we can't use EC J-PAKE anyway */
-    if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
-        return;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding ecjpake_kkpp extension" ) );
-
-    if( end - p < 4 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
-        return;
-    }
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP      ) & 0xFF );
-
-    /*
-     * We may need to send ClientHello multiple times for Hello verification.
-     * We don't want to compute fresh values every time (both for performance
-     * and consistency reasons), so cache the extension content.
-     */
-    if( ssl->handshake->ecjpake_cache == NULL ||
-        ssl->handshake->ecjpake_cache_len == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) );
-
-        ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
-                                        p + 2, end - p - 2, &kkpp_len,
-                                        ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret );
-            return;
-        }
-
-        ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len );
-        if( ssl->handshake->ecjpake_cache == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "allocation failed" ) );
-            return;
-        }
-
-        memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len );
-        ssl->handshake->ecjpake_cache_len = kkpp_len;
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "re-using cached ecjpake parameters" ) );
-
-        kkpp_len = ssl->handshake->ecjpake_cache_len;
-
-        if( (size_t)( end - p - 2 ) < kkpp_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
-            return;
-        }
-
-        memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
-    }
-
-    *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( kkpp_len      ) & 0xFF );
-
-    *olen = kkpp_len + 4;
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
-                                               unsigned char *buf,
-                                               size_t *olen )
-{
-    unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-
-    *olen = 0;
-
-    if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) {
-        return;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) );
-
-    if( end < p || (size_t)( end - p ) < 5 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
-        return;
-    }
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH      ) & 0xFF );
-
-    *p++ = 0x00;
-    *p++ = 1;
-
-    *p++ = ssl->conf->mfl_code;
-
-    *olen = 5;
-}
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
-                                          unsigned char *buf, size_t *olen )
-{
-    unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-
-    *olen = 0;
-
-    if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
-    {
-        return;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) );
-
-    if( end < p || (size_t)( end - p ) < 4 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
-        return;
-    }
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC      ) & 0xFF );
-
-    *p++ = 0x00;
-    *p++ = 0x00;
-
-    *olen = 4;
-}
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
-                                       unsigned char *buf, size_t *olen )
-{
-    unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-
-    *olen = 0;
-
-    if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
-        ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-    {
-        return;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding encrypt_then_mac "
-                        "extension" ) );
-
-    if( end < p || (size_t)( end - p ) < 4 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
-        return;
-    }
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC      ) & 0xFF );
-
-    *p++ = 0x00;
-    *p++ = 0x00;
-
-    *olen = 4;
-}
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
-                                       unsigned char *buf, size_t *olen )
-{
-    unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-
-    *olen = 0;
-
-    if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
-        ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-    {
-        return;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding extended_master_secret "
-                        "extension" ) );
-
-    if( end < p || (size_t)( end - p ) < 4 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
-        return;
-    }
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET      ) & 0xFF );
-
-    *p++ = 0x00;
-    *p++ = 0x00;
-
-    *olen = 4;
-}
-#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
-                                          unsigned char *buf, size_t *olen )
-{
-    unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-    size_t tlen = ssl->session_negotiate->ticket_len;
-
-    *olen = 0;
-
-    if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
-    {
-        return;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) );
-
-    if( end < p || (size_t)( end - p ) < 4 + tlen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
-        return;
-    }
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET      ) & 0xFF );
-
-    *p++ = (unsigned char)( ( tlen >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( tlen      ) & 0xFF );
-
-    *olen = 4;
-
-    if( ssl->session_negotiate->ticket == NULL || tlen == 0 )
-    {
-        return;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "sending session ticket of length %d", tlen ) );
-
-    memcpy( p, ssl->session_negotiate->ticket, tlen );
-
-    *olen += tlen;
-}
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-#if defined(MBEDTLS_SSL_ALPN)
-static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
-                                unsigned char *buf, size_t *olen )
-{
-    unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-    size_t alpnlen = 0;
-    const char **cur;
-
-    *olen = 0;
-
-    if( ssl->conf->alpn_list == NULL )
-    {
-        return;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
-
-    for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
-        alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1;
-
-    if( end < p || (size_t)( end - p ) < 6 + alpnlen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
-        return;
-    }
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN      ) & 0xFF );
-
-    /*
-     * opaque ProtocolName<1..2^8-1>;
-     *
-     * struct {
-     *     ProtocolName protocol_name_list<2..2^16-1>
-     * } ProtocolNameList;
-     */
-
-    /* Skip writing extension and list length for now */
-    p += 4;
-
-    for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
-    {
-        *p = (unsigned char)( strlen( *cur ) & 0xFF );
-        memcpy( p + 1, *cur, *p );
-        p += 1 + *p;
-    }
-
-    *olen = p - buf;
-
-    /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
-    buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF );
-    buf[5] = (unsigned char)( ( ( *olen - 6 )      ) & 0xFF );
-
-    /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */
-    buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF );
-    buf[3] = (unsigned char)( ( ( *olen - 4 )      ) & 0xFF );
-}
-#endif /* MBEDTLS_SSL_ALPN */
-
-/*
- * Generate random bytes for ClientHello
- */
-static int ssl_generate_random( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    unsigned char *p = ssl->handshake->randbytes;
-#if defined(MBEDTLS_HAVE_TIME)
-    mbedtls_time_t t;
-#endif
-
-    /*
-     * When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
-     */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake->verify_cookie != NULL )
-    {
-        return( 0 );
-    }
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME)
-    t = mbedtls_time( NULL );
-    *p++ = (unsigned char)( t >> 24 );
-    *p++ = (unsigned char)( t >> 16 );
-    *p++ = (unsigned char)( t >>  8 );
-    *p++ = (unsigned char)( t       );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) );
-#else
-    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
-        return( ret );
-
-    p += 4;
-#endif /* MBEDTLS_HAVE_TIME */
-
-    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    size_t i, n, olen, ext_len = 0;
-    unsigned char *buf;
-    unsigned char *p, *q;
-    unsigned char offer_compress;
-    const int *ciphersuites;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
-
-    if( ssl->conf->f_rng == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") );
-        return( MBEDTLS_ERR_SSL_NO_RNG );
-    }
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
-#endif
-    {
-        ssl->major_ver = ssl->conf->min_major_ver;
-        ssl->minor_ver = ssl->conf->min_minor_ver;
-    }
-
-    if( ssl->conf->max_major_ver == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "configured max major version is invalid, "
-                            "consider using mbedtls_ssl_config_defaults()" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    /*
-     *     0  .   0   handshake type
-     *     1  .   3   handshake length
-     *     4  .   5   highest version supported
-     *     6  .   9   current UNIX time
-     *    10  .  37   random bytes
-     */
-    buf = ssl->out_msg;
-    p = buf + 4;
-
-    mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
-                       ssl->conf->transport, p );
-    p += 2;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]",
-                   buf[4], buf[5] ) );
-
-    if( ( ret = ssl_generate_random( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret );
-        return( ret );
-    }
-
-    memcpy( p, ssl->handshake->randbytes, 32 );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", p, 32 );
-    p += 32;
-
-    /*
-     *    38  .  38   session id length
-     *    39  . 39+n  session id
-     *   39+n . 39+n  DTLS only: cookie length (1 byte)
-     *   40+n .  ..   DTSL only: cookie
-     *   ..   . ..    ciphersuitelist length (2 bytes)
-     *   ..   . ..    ciphersuitelist
-     *   ..   . ..    compression methods length (1 byte)
-     *   ..   . ..    compression methods
-     *   ..   . ..    extensions length (2 bytes)
-     *   ..   . ..    extensions
-     */
-    n = ssl->session_negotiate->id_len;
-
-    if( n < 16 || n > 32 ||
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-        ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
-#endif
-        ssl->handshake->resume == 0 )
-    {
-        n = 0;
-    }
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    /*
-     * RFC 5077 section 3.4: "When presenting a ticket, the client MAY
-     * generate and include a Session ID in the TLS ClientHello."
-     */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
-#endif
-    {
-        if( ssl->session_negotiate->ticket != NULL &&
-                ssl->session_negotiate->ticket_len != 0 )
-        {
-            ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, 32 );
-
-            if( ret != 0 )
-                return( ret );
-
-            ssl->session_negotiate->id_len = n = 32;
-        }
-    }
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-    *p++ = (unsigned char) n;
-
-    for( i = 0; i < n; i++ )
-        *p++ = ssl->session_negotiate->id[i];
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) );
-    MBEDTLS_SSL_DEBUG_BUF( 3,   "client hello, session id", buf + 39, n );
-
-    /*
-     * DTLS cookie
-     */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        if( ssl->handshake->verify_cookie == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) );
-            *p++ = 0;
-        }
-        else
-        {
-            MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
-                              ssl->handshake->verify_cookie,
-                              ssl->handshake->verify_cookie_len );
-
-            *p++ = ssl->handshake->verify_cookie_len;
-            memcpy( p, ssl->handshake->verify_cookie,
-                       ssl->handshake->verify_cookie_len );
-            p += ssl->handshake->verify_cookie_len;
-        }
-    }
-#endif
-
-    /*
-     * Ciphersuite list
-     */
-    ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
-
-    /* Skip writing ciphersuite length for now */
-    n = 0;
-    q = p;
-    p += 2;
-
-    for( i = 0; ciphersuites[i] != 0; i++ )
-    {
-        ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] );
-
-        if( ciphersuite_info == NULL )
-            continue;
-
-        if( ciphersuite_info->min_minor_ver > ssl->conf->max_minor_ver ||
-            ciphersuite_info->max_minor_ver < ssl->conf->min_minor_ver )
-            continue;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-            ( ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
-            continue;
-#endif
-
-#if defined(MBEDTLS_ARC4_C)
-        if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
-            ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
-            continue;
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
-            mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
-            continue;
-#endif
-
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x",
-                                    ciphersuites[i] ) );
-
-        n++;
-        *p++ = (unsigned char)( ciphersuites[i] >> 8 );
-        *p++ = (unsigned char)( ciphersuites[i]      );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
-
-    /*
-     * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
-     */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
-#endif
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
-        *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
-        *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO      );
-        n++;
-    }
-
-    /* Some versions of OpenSSL don't handle it correctly if not at end */
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
-    if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) );
-        *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 );
-        *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE      );
-        n++;
-    }
-#endif
-
-    *q++ = (unsigned char)( n >> 7 );
-    *q++ = (unsigned char)( n << 1 );
-
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    offer_compress = 1;
-#else
-    offer_compress = 0;
-#endif
-
-    /*
-     * We don't support compression with DTLS right now: is many records come
-     * in the same datagram, uncompressing one could overwrite the next one.
-     * We don't want to add complexity for handling that case unless there is
-     * an actual need for it.
-     */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        offer_compress = 0;
-#endif
-
-    if( offer_compress )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) );
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d",
-                            MBEDTLS_SSL_COMPRESS_DEFLATE, MBEDTLS_SSL_COMPRESS_NULL ) );
-
-        *p++ = 2;
-        *p++ = MBEDTLS_SSL_COMPRESS_DEFLATE;
-        *p++ = MBEDTLS_SSL_COMPRESS_NULL;
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 1 ) );
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d",
-                            MBEDTLS_SSL_COMPRESS_NULL ) );
-
-        *p++ = 1;
-        *p++ = MBEDTLS_SSL_COMPRESS_NULL;
-    }
-
-    // First write extensions, then the total length
-    //
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    ssl_write_hostname_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-    /* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added
-     * even if MBEDTLS_SSL_RENEGOTIATION is not defined. */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-    ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-
-    ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-    ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-    ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-    ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_ALPN)
-    ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-    /* olen unused if all extensions are disabled */
-    ((void) olen);
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
-                   ext_len ) );
-
-    if( ext_len > 0 )
-    {
-        *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
-        *p++ = (unsigned char)( ( ext_len      ) & 0xFF );
-        p += ext_len;
-    }
-
-    ssl->out_msglen  = p - buf;
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = MBEDTLS_SSL_HS_CLIENT_HELLO;
-
-    ssl->state++;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        mbedtls_ssl_send_flight_completed( ssl );
-#endif
-
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
-
-    return( 0 );
-}
-
-static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         size_t len )
-{
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-    {
-        /* Check verify-data in constant-time. The length OTOH is no secret */
-        if( len    != 1 + ssl->verify_data_len * 2 ||
-            buf[0] !=     ssl->verify_data_len * 2 ||
-            mbedtls_ssl_safer_memcmp( buf + 1,
-                          ssl->own_verify_data, ssl->verify_data_len ) != 0 ||
-            mbedtls_ssl_safer_memcmp( buf + 1 + ssl->verify_data_len,
-                          ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-        }
-    }
-    else
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-    {
-        if( len != 1 || buf[0] != 0x00 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-        }
-
-        ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
-    }
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
-                                              const unsigned char *buf,
-                                              size_t len )
-{
-    /*
-     * server should use the extension only if we did,
-     * and if so the server's value should match ours (and len is always 1)
-     */
-    if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ||
-        len != 1 ||
-        buf[0] != ssl->conf->mfl_code )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching max fragment length extension" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         size_t len )
-{
-    if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ||
-        len != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching truncated HMAC extension" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    ((void) buf);
-
-    ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         size_t len )
-{
-    if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
-        ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
-        len != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching encrypt-then-MAC extension" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    ((void) buf);
-
-    ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         size_t len )
-{
-    if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
-        ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
-        len != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching extended master secret extension" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    ((void) buf);
-
-    ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         size_t len )
-{
-    if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
-        len != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching session ticket extension" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    ((void) buf);
-
-    ssl->handshake->new_session_ticket = 1;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
-                                                  const unsigned char *buf,
-                                                  size_t len )
-{
-    size_t list_size;
-    const unsigned char *p;
-
-    list_size = buf[0];
-    if( list_size + 1 != len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    p = buf + 1;
-    while( list_size > 0 )
-    {
-        if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
-            p[0] == MBEDTLS_ECP_PF_COMPRESSED )
-        {
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
-            ssl->handshake->ecdh_ctx.point_format = p[0];
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-            ssl->handshake->ecjpake_ctx.point_format = p[0];
-#endif
-            MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
-            return( 0 );
-        }
-
-        list_size--;
-        p++;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "no point format in common" ) );
-    mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                    MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-    return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-}
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || 
-          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
-                                   const unsigned char *buf,
-                                   size_t len )
-{
-    int ret;
-
-    if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
-        MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) );
-        return( 0 );
-    }
-
-    /* If we got here, we no longer need our cached extension */
-    mbedtls_free( ssl->handshake->ecjpake_cache );
-    ssl->handshake->ecjpake_cache = NULL;
-    ssl->handshake->ecjpake_cache_len = 0;
-
-    if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx,
-                                                buf, len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( ret );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_SSL_ALPN)
-static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
-                               const unsigned char *buf, size_t len )
-{
-    size_t list_len, name_len;
-    const char **p;
-
-    /* If we didn't send it, the server shouldn't send it */
-    if( ssl->conf->alpn_list == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching ALPN extension" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    /*
-     * opaque ProtocolName<1..2^8-1>;
-     *
-     * struct {
-     *     ProtocolName protocol_name_list<2..2^16-1>
-     * } ProtocolNameList;
-     *
-     * the "ProtocolNameList" MUST contain exactly one "ProtocolName"
-     */
-
-    /* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */
-    if( len < 4 )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    list_len = ( buf[0] << 8 ) | buf[1];
-    if( list_len != len - 2 )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    name_len = buf[2];
-    if( name_len != list_len - 1 )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    /* Check that the server chosen protocol was in our list and save it */
-    for( p = ssl->conf->alpn_list; *p != NULL; p++ )
-    {
-        if( name_len == strlen( *p ) &&
-            memcmp( buf + 3, *p, name_len ) == 0 )
-        {
-            ssl->alpn_chosen = *p;
-            return( 0 );
-        }
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "ALPN extension: no matching protocol" ) );
-    mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                    MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-    return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-}
-#endif /* MBEDTLS_SSL_ALPN */
-
-/*
- * Parse HelloVerifyRequest.  Only called after verifying the HS type.
- */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
-{
-    const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
-    int major_ver, minor_ver;
-    unsigned char cookie_len;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) );
-
-    /*
-     * struct {
-     *   ProtocolVersion server_version;
-     *   opaque cookie<0..2^8-1>;
-     * } HelloVerifyRequest;
-     */
-    MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
-    mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p );
-    p += 2;
-
-    /*
-     * Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1)
-     * even is lower than our min version.
-     */
-    if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
-        minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
-        major_ver > ssl->conf->max_major_ver  ||
-        minor_ver > ssl->conf->max_minor_ver  )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) );
-
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                     MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
-
-        return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
-    }
-
-    cookie_len = *p++;
-    MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
-
-    if( ( ssl->in_msg + ssl->in_msglen ) - p < cookie_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "cookie length does not match incoming message size" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                    MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    mbedtls_free( ssl->handshake->verify_cookie );
-
-    ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
-    if( ssl->handshake->verify_cookie  == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", cookie_len ) );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-    }
-
-    memcpy( ssl->handshake->verify_cookie, p, cookie_len );
-    ssl->handshake->verify_cookie_len = cookie_len;
-
-    /* Start over at ClientHello */
-    ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
-    mbedtls_ssl_reset_checksum( ssl );
-
-    mbedtls_ssl_recv_flight_completed( ssl );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse hello verify request" ) );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
-{
-    int ret, i;
-    size_t n;
-    size_t ext_len;
-    unsigned char *buf, *ext;
-    unsigned char comp;
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    int accept_comp;
-#endif
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    int renegotiation_info_seen = 0;
-#endif
-    int handshake_failure = 0;
-    const mbedtls_ssl_ciphersuite_t *suite_info;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) );
-
-    buf = ssl->in_msg;
-
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
-    {
-        /* No alert on a read error. */
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
-    }
-
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-        if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-        {
-            ssl->renego_records_seen++;
-
-            if( ssl->conf->renego_max_records >= 0 &&
-                ssl->renego_records_seen > ssl->conf->renego_max_records )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
-                                    "but not honored by server" ) );
-                return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-            }
-
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-handshake message during renego" ) );
-
-            ssl->keep_current_message = 1;
-            return( MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO );
-        }
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-    }
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        if( buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "received hello verify request" ) );
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) );
-            return( ssl_parse_hello_verify_request( ssl ) );
-        }
-        else
-        {
-            /* We made it through the verification process */
-            mbedtls_free( ssl->handshake->verify_cookie );
-            ssl->handshake->verify_cookie = NULL;
-            ssl->handshake->verify_cookie_len = 0;
-        }
-    }
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-    if( ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len( ssl ) ||
-        buf[0] != MBEDTLS_SSL_HS_SERVER_HELLO )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    /*
-     *  0   .  1    server_version
-     *  2   . 33    random (maybe including 4 bytes of Unix time)
-     * 34   . 34    session_id length = n
-     * 35   . 34+n  session_id
-     * 35+n . 36+n  cipher_suite
-     * 37+n . 37+n  compression_method
-     *
-     * 38+n . 39+n  extensions length (optional)
-     * 40+n .  ..   extensions
-     */
-    buf += mbedtls_ssl_hs_hdr_len( ssl );
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf + 0, 2 );
-    mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
-                      ssl->conf->transport, buf + 0 );
-
-    if( ssl->major_ver < ssl->conf->min_major_ver ||
-        ssl->minor_ver < ssl->conf->min_minor_ver ||
-        ssl->major_ver > ssl->conf->max_major_ver ||
-        ssl->minor_ver > ssl->conf->max_minor_ver )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server version out of bounds - "
-                            " min: [%d:%d], server: [%d:%d], max: [%d:%d]",
-                            ssl->conf->min_major_ver, ssl->conf->min_minor_ver,
-                            ssl->major_ver, ssl->minor_ver,
-                            ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) );
-
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                     MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
-
-        return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu",
-                           ( (uint32_t) buf[2] << 24 ) |
-                           ( (uint32_t) buf[3] << 16 ) |
-                           ( (uint32_t) buf[4] <<  8 ) |
-                           ( (uint32_t) buf[5]       ) ) );
-
-    memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
-
-    n = buf[34];
-
-    MBEDTLS_SSL_DEBUG_BUF( 3,   "server hello, random bytes", buf + 2, 32 );
-
-    if( n > 32 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    if( ssl->in_hslen > mbedtls_ssl_hs_hdr_len( ssl ) + 39 + n )
-    {
-        ext_len = ( ( buf[38 + n] <<  8 )
-                  | ( buf[39 + n]       ) );
-
-        if( ( ext_len > 0 && ext_len < 4 ) ||
-            ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-        }
-    }
-    else if( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) + 38 + n )
-    {
-        ext_len = 0;
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    /* ciphersuite (used later) */
-    i = ( buf[35 + n] << 8 ) | buf[36 + n];
-
-    /*
-     * Read and check compression
-     */
-    comp = buf[37 + n];
-
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    /* See comments in ssl_write_client_hello() */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        accept_comp = 0;
-    else
-#endif
-        accept_comp = 1;
-
-    if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
-        ( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) )
-#else /* MBEDTLS_ZLIB_SUPPORT */
-    if( comp != MBEDTLS_SSL_COMPRESS_NULL )
-#endif/* MBEDTLS_ZLIB_SUPPORT */
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server hello, bad compression: %d", comp ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-    }
-
-    /*
-     * Initialize update checksum functions
-     */
-    ssl->transform_negotiate->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i );
-
-    if( ssl->transform_negotiate->ciphersuite_info == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", i ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    mbedtls_ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
-    MBEDTLS_SSL_DEBUG_BUF( 3,   "server hello, session id", buf + 35, n );
-
-    /*
-     * Check if the session can be resumed
-     */
-    if( ssl->handshake->resume == 0 || n == 0 ||
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-        ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
-#endif
-        ssl->session_negotiate->ciphersuite != i ||
-        ssl->session_negotiate->compression != comp ||
-        ssl->session_negotiate->id_len != n ||
-        memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 )
-    {
-        ssl->state++;
-        ssl->handshake->resume = 0;
-#if defined(MBEDTLS_HAVE_TIME)
-        ssl->session_negotiate->start = mbedtls_time( NULL );
-#endif
-        ssl->session_negotiate->ciphersuite = i;
-        ssl->session_negotiate->compression = comp;
-        ssl->session_negotiate->id_len = n;
-        memcpy( ssl->session_negotiate->id, buf + 35, n );
-    }
-    else
-    {
-        ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
-
-        if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-            return( ret );
-        }
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
-                   ssl->handshake->resume ? "a" : "no" ) );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) );
-
-    suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
-    if( suite_info == NULL
-#if defined(MBEDTLS_ARC4_C)
-            || ( ssl->conf->arc4_disabled &&
-                suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
-#endif
-        )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
-
-    i = 0;
-    while( 1 )
-    {
-        if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-        }
-
-        if( ssl->conf->ciphersuite_list[ssl->minor_ver][i++] ==
-            ssl->session_negotiate->ciphersuite )
-        {
-            break;
-        }
-    }
-
-    if( comp != MBEDTLS_SSL_COMPRESS_NULL
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-        && comp != MBEDTLS_SSL_COMPRESS_DEFLATE
-#endif
-      )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-    ssl->session_negotiate->compression = comp;
-
-    ext = buf + 40 + n;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "server hello, total extension length: %d", ext_len ) );
-
-    while( ext_len )
-    {
-        unsigned int ext_id   = ( ( ext[0] <<  8 )
-                                | ( ext[1]       ) );
-        unsigned int ext_size = ( ( ext[2] <<  8 )
-                                | ( ext[3]       ) );
-
-        if( ext_size + 4 > ext_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-        }
-
-        switch( ext_id )
-        {
-        case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-            renegotiation_info_seen = 1;
-#endif
-
-            if( ( ret = ssl_parse_renegotiation_info( ssl, ext + 4,
-                                                      ext_size ) ) != 0 )
-                return( ret );
-
-            break;
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-        case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max_fragment_length extension" ) );
-
-            if( ( ret = ssl_parse_max_fragment_length_ext( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
-
-            break;
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-        case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated_hmac extension" ) );
-
-            if( ( ret = ssl_parse_truncated_hmac_ext( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
-
-            break;
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-        case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt_then_mac extension" ) );
-
-            if( ( ret = ssl_parse_encrypt_then_mac_ext( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
-
-            break;
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-        case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended_master_secret extension" ) );
-
-            if( ( ret = ssl_parse_extended_ms_ext( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
-
-            break;
-#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-        case MBEDTLS_TLS_EXT_SESSION_TICKET:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session_ticket extension" ) );
-
-            if( ( ret = ssl_parse_session_ticket_ext( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
-
-            break;
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-        case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported_point_formats extension" ) );
-
-            if( ( ret = ssl_parse_supported_point_formats_ext( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
-
-            break;
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
-          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-        case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake_kkpp extension" ) );
-
-            if( ( ret = ssl_parse_ecjpake_kkpp( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
-
-            break;
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_SSL_ALPN)
-        case MBEDTLS_TLS_EXT_ALPN:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
-
-            if( ( ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ) ) != 0 )
-                return( ret );
-
-            break;
-#endif /* MBEDTLS_SSL_ALPN */
-
-        default:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
-                           ext_id ) );
-        }
-
-        ext_len -= 4 + ext_size;
-        ext += 4 + ext_size;
-
-        if( ext_len > 0 && ext_len < 4 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-        }
-    }
-
-    /*
-     * Renegotiation security checks
-     */
-    if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
-        ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
-        handshake_failure = 1;
-    }
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
-             ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION &&
-             renegotiation_info_seen == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) );
-        handshake_failure = 1;
-    }
-    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
-             ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
-             ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
-        handshake_failure = 1;
-    }
-    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
-             ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
-             renegotiation_info_seen == 1 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) );
-        handshake_failure = 1;
-    }
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-    if( handshake_failure == 1 )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) );
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char **p,
-                                       unsigned char *end )
-{
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-
-    /*
-     * Ephemeral DH parameters:
-     *
-     * struct {
-     *     opaque dh_p<1..2^16-1>;
-     *     opaque dh_g<1..2^16-1>;
-     *     opaque dh_Ys<1..2^16-1>;
-     * } ServerDHParams;
-     */
-    if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx, p, end ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 2, ( "mbedtls_dhm_read_params" ), ret );
-        return( ret );
-    }
-
-    if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d",
-                                    ssl->handshake->dhm_ctx.len * 8,
-                                    ssl->conf->dhm_min_bitlen ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-    }
-
-    MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P  );
-    MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G  );
-    MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY );
-
-    return( ret );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
-{
-    const mbedtls_ecp_curve_info *curve_info;
-
-    curve_info = mbedtls_ecp_curve_info_from_grp_id( ssl->handshake->ecdh_ctx.grp.id );
-    if( curve_info == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
-
-#if defined(MBEDTLS_ECP_C)
-    if( mbedtls_ssl_check_curve( ssl, ssl->handshake->ecdh_ctx.grp.id ) != 0 )
-#else
-    if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
-        ssl->handshake->ecdh_ctx.grp.nbits > 521 )
-#endif
-        return( -1 );
-
-    MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp", &ssl->handshake->ecdh_ctx.Qp );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
-                                         unsigned char **p,
-                                         unsigned char *end )
-{
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-
-    /*
-     * Ephemeral ECDH parameters:
-     *
-     * struct {
-     *     ECParameters curve_params;
-     *     ECPoint      public;
-     * } ServerECDHParams;
-     */
-    if( ( ret = mbedtls_ecdh_read_params( &ssl->handshake->ecdh_ctx,
-                                  (const unsigned char **) p, end ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_read_params" ), ret );
-        return( ret );
-    }
-
-    if( ssl_check_server_ecdh_params( ssl ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message (ECDHE curve)" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-    }
-
-    return( ret );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
-                                      unsigned char **p,
-                                      unsigned char *end )
-{
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-    size_t  len;
-    ((void) ssl);
-
-    /*
-     * PSK parameters:
-     *
-     * opaque psk_identity_hint<0..2^16-1>;
-     */
-    if( (*p) > end - 2 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
-                                    "(psk_identity_hint length)" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-    }
-    len = (*p)[0] << 8 | (*p)[1];
-    *p += 2;
-
-    if( (*p) > end - len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
-                                    "(psk_identity_hint length)" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-    }
-
-    /*
-     * Note: we currently ignore the PKS identity hint, as we only allow one
-     * PSK to be provisionned on the client. This could be changed later if
-     * someone needs that feature.
-     */
-    *p += len;
-    ret = 0;
-
-    return( ret );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||                           \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-/*
- * Generate a pre-master secret and encrypt it with the server's RSA key
- */
-static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
-                                    size_t offset, size_t *olen,
-                                    size_t pms_offset )
-{
-    int ret;
-    size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2;
-    unsigned char *p = ssl->handshake->premaster + pms_offset;
-
-    if( offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small for encrypted pms" ) );
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-    }
-
-    /*
-     * Generate (part of) the pre-master as
-     *  struct {
-     *      ProtocolVersion client_version;
-     *      opaque random[46];
-     *  } PreMasterSecret;
-     */
-    mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
-                       ssl->conf->transport, p );
-
-    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret );
-        return( ret );
-    }
-
-    ssl->handshake->pmslen = 48;
-
-    if( ssl->session_negotiate->peer_cert == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-    }
-
-    /*
-     * Now write it out, encrypted
-     */
-    if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
-                MBEDTLS_PK_RSA ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate key type mismatch" ) );
-        return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
-    }
-
-    if( ( ret = mbedtls_pk_encrypt( &ssl->session_negotiate->peer_cert->pk,
-                            p, ssl->handshake->pmslen,
-                            ssl->out_msg + offset + len_bytes, olen,
-                            MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes,
-                            ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret );
-        return( ret );
-    }
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( len_bytes == 2 )
-    {
-        ssl->out_msg[offset+0] = (unsigned char)( *olen >> 8 );
-        ssl->out_msg[offset+1] = (unsigned char)( *olen      );
-        *olen += 2;
-    }
-#endif
-
-    return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
-                                          unsigned char **p,
-                                          unsigned char *end,
-                                          mbedtls_md_type_t *md_alg,
-                                          mbedtls_pk_type_t *pk_alg )
-{
-    ((void) ssl);
-    *md_alg = MBEDTLS_MD_NONE;
-    *pk_alg = MBEDTLS_PK_NONE;
-
-    /* Only in TLS 1.2 */
-    if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
-    {
-        return( 0 );
-    }
-
-    if( (*p) + 2 > end )
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-
-    /*
-     * Get hash algorithm
-     */
-    if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) == MBEDTLS_MD_NONE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Server used unsupported "
-                            "HashAlgorithm %d", *(p)[0] ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-    }
-
-    /*
-     * Get signature algorithm
-     */
-    if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) == MBEDTLS_PK_NONE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used unsupported "
-                            "SignatureAlgorithm %d", (*p)[1] ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-    }
-
-    /*
-     * Check if the hash is acceptable
-     */
-    if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm %d that was not offered",
-                                    *(p)[0] ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", (*p)[1] ) );
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", (*p)[0] ) );
-    *p += 2;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    const mbedtls_ecp_keypair *peer_key;
-
-    if( ssl->session_negotiate->peer_cert == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-    }
-
-    if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
-                     MBEDTLS_PK_ECKEY ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
-        return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
-    }
-
-    peer_key = mbedtls_pk_ec( ssl->session_negotiate->peer_cert->pk );
-
-    if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
-                                 MBEDTLS_ECDH_THEIRS ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret );
-        return( ret );
-    }
-
-    if( ssl_check_server_ecdh_params( ssl ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
-    }
-
-    return( ret );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
-static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-        ssl->transform_negotiate->ciphersuite_info;
-    unsigned char *p = NULL, *end = NULL;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
-        ssl->state++;
-        return( 0 );
-    }
-    ((void) p);
-    ((void) end);
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
-    {
-        if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( ret );
-        }
-
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
-        ssl->state++;
-        return( 0 );
-    }
-    ((void) p);
-    ((void) end);
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
-    }
-
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-    }
-
-    /*
-     * ServerKeyExchange may be skipped with PSK and RSA-PSK when the server
-     * doesn't use a psk_identity_hint
-     */
-    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE )
-    {
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-            ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
-        {
-            /* Current message is probably either
-             * CertificateRequest or ServerHelloDone */
-            ssl->keep_current_message = 1;
-            goto exit;
-        }
-
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key exchange message must "
-                                    "not be skipped" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-    }
-
-    p   = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
-    end = ssl->in_msg + ssl->in_hslen;
-    MBEDTLS_SSL_DEBUG_BUF( 3,   "server key exchange", p, end - p );
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
-    {
-        if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-        }
-    } /* FALLTROUGH */
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||                       \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
-        ; /* nothing more to do */
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
-    {
-        if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-        }
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
-    {
-        if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-        }
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx,
-                                              p, end - p );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-        }
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
-    if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
-    {
-        size_t sig_len, hashlen;
-        unsigned char hash[64];
-        mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
-        mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
-        unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
-        size_t params_len = p - params;
-
-        /*
-         * Handle the digitally-signed structure
-         */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
-        {
-            if( ssl_parse_signature_algorithm( ssl, &p, end,
-                                               &md_alg, &pk_alg ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-                return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-            }
-
-            if( pk_alg != mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-                return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-            }
-        }
-        else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-        if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
-        {
-            pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
-
-            /* Default hash for ECDSA is SHA-1 */
-            if( pk_alg == MBEDTLS_PK_ECDSA && md_alg == MBEDTLS_MD_NONE )
-                md_alg = MBEDTLS_MD_SHA1;
-        }
-        else
-#endif
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        /*
-         * Read signature
-         */
-
-        if( p > end - 2 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-        }
-        sig_len = ( p[0] << 8 ) | p[1];
-        p += 2;
-
-        if( p != end - sig_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-        }
-
-        MBEDTLS_SSL_DEBUG_BUF( 3, "signature", p, sig_len );
-
-        /*
-         * Compute the hash that has been signed
-         */
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-        if( md_alg == MBEDTLS_MD_NONE )
-        {
-            hashlen = 36;
-            ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash, params,
-                                                           params_len );
-            if( ret != 0 )
-                return( ret );
-        }
-        else
-#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
-          MBEDTLS_SSL_PROTO_TLS1_1 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        if( md_alg != MBEDTLS_MD_NONE )
-        {
-            /* Info from md_alg will be used instead */
-            hashlen = 0;
-            ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, params,
-                                                          params_len, md_alg );
-            if( ret != 0 )
-                return( ret );
-        }
-        else
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
-          MBEDTLS_SSL_PROTO_TLS1_2 */
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen :
-            (unsigned int) ( mbedtls_md_get_size( mbedtls_md_info_from_type( md_alg ) ) ) );
-
-        if( ssl->session_negotiate->peer_cert == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-        }
-
-        /*
-         * Verify signature
-         */
-        if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
-        }
-
-        if( ( ret = mbedtls_pk_verify( &ssl->session_negotiate->peer_cert->pk,
-                               md_alg, hash, hashlen, p, sig_len ) ) != 0 )
-        {
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
-            return( ret );
-        }
-    }
-#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
-
-exit:
-    ssl->state++;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server key exchange" ) );
-
-    return( 0 );
-}
-
-#if ! defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
-static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
-{
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-        ssl->transform_negotiate->ciphersuite_info;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
-
-    if( ! mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-}
-#else /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
-static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    unsigned char *buf;
-    size_t n = 0;
-    size_t cert_type_len = 0, dn_len = 0;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-        ssl->transform_negotiate->ciphersuite_info;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
-
-    if( ! mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
-    }
-
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-    }
-
-    ssl->state++;
-    ssl->client_auth = ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "got %s certificate request",
-                        ssl->client_auth ? "a" : "no" ) );
-
-    if( ssl->client_auth == 0 )
-    {
-        /* Current message is probably the ServerHelloDone */
-        ssl->keep_current_message = 1;
-        goto exit;
-    }
-
-    /*
-     *  struct {
-     *      ClientCertificateType certificate_types<1..2^8-1>;
-     *      SignatureAndHashAlgorithm
-     *        supported_signature_algorithms<2^16-1>; -- TLS 1.2 only
-     *      DistinguishedName certificate_authorities<0..2^16-1>;
-     *  } CertificateRequest;
-     *
-     *  Since we only support a single certificate on clients, let's just
-     *  ignore all the information that's supposed to help us pick a
-     *  certificate.
-     *
-     *  We could check that our certificate matches the request, and bail out
-     *  if it doesn't, but it's simpler to just send the certificate anyway,
-     *  and give the server the opportunity to decide if it should terminate
-     *  the connection when it doesn't like our certificate.
-     *
-     *  Same goes for the hash in TLS 1.2's signature_algorithms: at this
-     *  point we only have one hash available (see comments in
-     *  write_certificate_verify), so let's just use what we have.
-     *
-     *  However, we still minimally parse the message to check it is at least
-     *  superficially sane.
-     */
-    buf = ssl->in_msg;
-
-    /* certificate_types */
-    cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )];
-    n = cert_type_len;
-
-    if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
-    }
-
-    /* supported_signature_algorithms */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
-    {
-        size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] <<  8 )
-                             | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n]       ) );
-#if defined(MBEDTLS_DEBUG_C)
-        unsigned char* sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
-        size_t i;
-
-        for( i = 0; i < sig_alg_len; i += 2 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Signature Algorithm found: %d"
-                                        ",%d", sig_alg[i], sig_alg[i + 1]  ) );
-        }
-#endif
-
-        n += 2 + sig_alg_len;
-
-        if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
-        }
-    }
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-    /* certificate_authorities */
-    dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] <<  8 )
-             | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n]       ) );
-
-    n += dn_len;
-    if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
-    }
-
-exit:
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate request" ) );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
-
-static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
-{
-    int ret;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello done" ) );
-
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
-    }
-
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-    }
-
-    if( ssl->in_hslen  != mbedtls_ssl_hs_hdr_len( ssl ) ||
-        ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE );
-    }
-
-    ssl->state++;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        mbedtls_ssl_recv_flight_completed( ssl );
-#endif
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello done" ) );
-
-    return( 0 );
-}
-
-static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    size_t i, n;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-        ssl->transform_negotiate->ciphersuite_info;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA )
-    {
-        /*
-         * DHM key exchange -- send G^X mod P
-         */
-        n = ssl->handshake->dhm_ctx.len;
-
-        ssl->out_msg[4] = (unsigned char)( n >> 8 );
-        ssl->out_msg[5] = (unsigned char)( n      );
-        i = 6;
-
-        ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
-                                (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
-                               &ssl->out_msg[i], n,
-                                ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
-            return( ret );
-        }
-
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X  );
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
-
-        if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
-                                      ssl->handshake->premaster,
-                                      MBEDTLS_PREMASTER_SIZE,
-                                     &ssl->handshake->pmslen,
-                                      ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
-            return( ret );
-        }
-
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K  );
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
-    {
-        /*
-         * ECDH key exchange -- send client public value
-         */
-        i = 4;
-
-        ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
-                                &n,
-                                &ssl->out_msg[i], 1000,
-                                ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
-            return( ret );
-        }
-
-        MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
-
-        if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
-                                      &ssl->handshake->pmslen,
-                                       ssl->handshake->premaster,
-                                       MBEDTLS_MPI_MAX_SIZE,
-                                       ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
-            return( ret );
-        }
-
-        MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-    if( mbedtls_ssl_ciphersuite_uses_psk( ciphersuite_info ) )
-    {
-        /*
-         * opaque psk_identity<0..2^16-1>;
-         */
-        if( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for PSK" ) );
-            return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
-        }
-
-        i = 4;
-        n = ssl->conf->psk_identity_len;
-
-        if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or "
-                                        "SSL buffer too short" ) );
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-        }
-
-        ssl->out_msg[i++] = (unsigned char)( n >> 8 );
-        ssl->out_msg[i++] = (unsigned char)( n      );
-
-        memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len );
-        i += ssl->conf->psk_identity_len;
-
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
-        {
-            n = 0;
-        }
-        else
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
-        {
-            if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 2 ) ) != 0 )
-                return( ret );
-        }
-        else
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
-        {
-            /*
-             * ClientDiffieHellmanPublic public (DHM send G^X mod P)
-             */
-            n = ssl->handshake->dhm_ctx.len;
-
-            if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long"
-                                            " or SSL buffer too short" ) );
-                return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-            }
-
-            ssl->out_msg[i++] = (unsigned char)( n >> 8 );
-            ssl->out_msg[i++] = (unsigned char)( n      );
-
-            ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
-                    (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
-                    &ssl->out_msg[i], n,
-                    ssl->conf->f_rng, ssl->conf->p_rng );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
-                return( ret );
-            }
-        }
-        else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
-        {
-            /*
-             * ClientECDiffieHellmanPublic public;
-             */
-            ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n,
-                    &ssl->out_msg[i], MBEDTLS_SSL_OUT_CONTENT_LEN - i,
-                    ssl->conf->f_rng, ssl->conf->p_rng );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
-                return( ret );
-            }
-
-            MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q", &ssl->handshake->ecdh_ctx.Q );
-        }
-        else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
-                        ciphersuite_info->key_exchange ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
-            return( ret );
-        }
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
-    {
-        i = 4;
-        if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 0 ) ) != 0 )
-            return( ret );
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        i = 4;
-
-        ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
-                ssl->out_msg + i, MBEDTLS_SSL_OUT_CONTENT_LEN - i, &n,
-                ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
-            return( ret );
-        }
-
-        ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx,
-                ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
-                ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret );
-            return( ret );
-        }
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-    {
-        ((void) ciphersuite_info);
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    ssl->out_msglen  = i + n;
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE;
-
-    ssl->state++;
-
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client key exchange" ) );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)       && \
-    !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)   && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)  && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
-{
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-        ssl->transform_negotiate->ciphersuite_info;
-    int ret;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
-
-    if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
-        return( ret );
-    }
-
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-}
-#else
-static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
-{
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-        ssl->transform_negotiate->ciphersuite_info;
-    size_t n = 0, offset = 0;
-    unsigned char hash[48];
-    unsigned char *hash_start = hash;
-    mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
-    unsigned int hashlen;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
-
-    if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
-        return( ret );
-    }
-
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-    if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-    if( mbedtls_ssl_own_key( ssl ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for certificate" ) );
-        return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
-    }
-
-    /*
-     * Make an RSA signature of the handshake digests
-     */
-    ssl->handshake->calc_verify( ssl, hash );
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-    if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
-    {
-        /*
-         * digitally-signed struct {
-         *     opaque md5_hash[16];
-         *     opaque sha_hash[20];
-         * };
-         *
-         * md5_hash
-         *     MD5(handshake_messages);
-         *
-         * sha_hash
-         *     SHA(handshake_messages);
-         */
-        hashlen = 36;
-        md_alg = MBEDTLS_MD_NONE;
-
-        /*
-         * For ECDSA, default hash is SHA-1 only
-         */
-        if( mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) )
-        {
-            hash_start += 16;
-            hashlen -= 16;
-            md_alg = MBEDTLS_MD_SHA1;
-        }
-    }
-    else
-#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
-          MBEDTLS_SSL_PROTO_TLS1_1 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
-    {
-        /*
-         * digitally-signed struct {
-         *     opaque handshake_messages[handshake_messages_length];
-         * };
-         *
-         * Taking shortcut here. We assume that the server always allows the
-         * PRF Hash function and has sent it in the allowed signature
-         * algorithms list received in the Certificate Request message.
-         *
-         * Until we encounter a server that does not, we will take this
-         * shortcut.
-         *
-         * Reason: Otherwise we should have running hashes for SHA512 and SHA224
-         *         in order to satisfy 'weird' needs from the server side.
-         */
-        if( ssl->transform_negotiate->ciphersuite_info->mac ==
-            MBEDTLS_MD_SHA384 )
-        {
-            md_alg = MBEDTLS_MD_SHA384;
-            ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384;
-        }
-        else
-        {
-            md_alg = MBEDTLS_MD_SHA256;
-            ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256;
-        }
-        ssl->out_msg[5] = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) );
-
-        /* Info from md_alg will be used instead */
-        hashlen = 0;
-        offset = 2;
-    }
-    else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ), md_alg, hash_start, hashlen,
-                         ssl->out_msg + 6 + offset, &n,
-                         ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
-        return( ret );
-    }
-
-    ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 );
-    ssl->out_msg[5 + offset] = (unsigned char)( n      );
-
-    ssl->out_msglen  = 6 + n + offset;
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY;
-
-    ssl->state++;
-
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) );
-
-    return( ret );
-}
-#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    uint32_t lifetime;
-    size_t ticket_len;
-    unsigned char *ticket;
-    const unsigned char *msg;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse new session ticket" ) );
-
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
-    }
-
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-    }
-
-    /*
-     * struct {
-     *     uint32 ticket_lifetime_hint;
-     *     opaque ticket<0..2^16-1>;
-     * } NewSessionTicket;
-     *
-     * 0  .  3   ticket_lifetime_hint
-     * 4  .  5   ticket_len (n)
-     * 6  .  5+n ticket content
-     */
-    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET ||
-        ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len( ssl ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
-    }
-
-    msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
-
-    lifetime = ( msg[0] << 24 ) | ( msg[1] << 16 ) |
-               ( msg[2] <<  8 ) | ( msg[3]       );
-
-    ticket_len = ( msg[4] << 8 ) | ( msg[5] );
-
-    if( ticket_len + 6 + mbedtls_ssl_hs_hdr_len( ssl ) != ssl->in_hslen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", ticket_len ) );
-
-    /* We're not waiting for a NewSessionTicket message any more */
-    ssl->handshake->new_session_ticket = 0;
-    ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
-
-    /*
-     * Zero-length ticket means the server changed his mind and doesn't want
-     * to send a ticket after all, so just forget it
-     */
-    if( ticket_len == 0 )
-        return( 0 );
-
-    mbedtls_zeroize( ssl->session_negotiate->ticket,
-                      ssl->session_negotiate->ticket_len );
-    mbedtls_free( ssl->session_negotiate->ticket );
-    ssl->session_negotiate->ticket = NULL;
-    ssl->session_negotiate->ticket_len = 0;
-
-    if( ( ticket = mbedtls_calloc( 1, ticket_len ) ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ticket alloc failed" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-    }
-
-    memcpy( ticket, msg + 6, ticket_len );
-
-    ssl->session_negotiate->ticket = ticket;
-    ssl->session_negotiate->ticket_len = ticket_len;
-    ssl->session_negotiate->ticket_lifetime = lifetime;
-
-    /*
-     * RFC 5077 section 3.4:
-     * "If the client receives a session ticket from the server, then it
-     * discards any Session ID that was sent in the ServerHello."
-     */
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket in use, discarding session id" ) );
-    ssl->session_negotiate->id_len = 0;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse new session ticket" ) );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-/*
- * SSL handshake -- client side -- single step
- */
-int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
-{
-    int ret = 0;
-
-    if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
-
-    if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
-        return( ret );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
-    {
-        if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
-            return( ret );
-    }
-#endif
-
-    /* Change state now, so that it is right in mbedtls_ssl_read_record(), used
-     * by DTLS for dropping out-of-sequence ChangeCipherSpec records */
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC &&
-        ssl->handshake->new_session_ticket != 0 )
-    {
-        ssl->state = MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET;
-    }
-#endif
-
-    switch( ssl->state )
-    {
-        case MBEDTLS_SSL_HELLO_REQUEST:
-            ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
-            break;
-
-       /*
-        *  ==>   ClientHello
-        */
-       case MBEDTLS_SSL_CLIENT_HELLO:
-           ret = ssl_write_client_hello( ssl );
-           break;
-
-       /*
-        *  <==   ServerHello
-        *        Certificate
-        *      ( ServerKeyExchange  )
-        *      ( CertificateRequest )
-        *        ServerHelloDone
-        */
-       case MBEDTLS_SSL_SERVER_HELLO:
-           ret = ssl_parse_server_hello( ssl );
-           break;
-
-       case MBEDTLS_SSL_SERVER_CERTIFICATE:
-           ret = mbedtls_ssl_parse_certificate( ssl );
-           break;
-
-       case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
-           ret = ssl_parse_server_key_exchange( ssl );
-           break;
-
-       case MBEDTLS_SSL_CERTIFICATE_REQUEST:
-           ret = ssl_parse_certificate_request( ssl );
-           break;
-
-       case MBEDTLS_SSL_SERVER_HELLO_DONE:
-           ret = ssl_parse_server_hello_done( ssl );
-           break;
-
-       /*
-        *  ==> ( Certificate/Alert  )
-        *        ClientKeyExchange
-        *      ( CertificateVerify  )
-        *        ChangeCipherSpec
-        *        Finished
-        */
-       case MBEDTLS_SSL_CLIENT_CERTIFICATE:
-           ret = mbedtls_ssl_write_certificate( ssl );
-           break;
-
-       case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
-           ret = ssl_write_client_key_exchange( ssl );
-           break;
-
-       case MBEDTLS_SSL_CERTIFICATE_VERIFY:
-           ret = ssl_write_certificate_verify( ssl );
-           break;
-
-       case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
-           ret = mbedtls_ssl_write_change_cipher_spec( ssl );
-           break;
-
-       case MBEDTLS_SSL_CLIENT_FINISHED:
-           ret = mbedtls_ssl_write_finished( ssl );
-           break;
-
-       /*
-        *  <==   ( NewSessionTicket )
-        *        ChangeCipherSpec
-        *        Finished
-        */
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-       case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:
-           ret = ssl_parse_new_session_ticket( ssl );
-           break;
-#endif
-
-       case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
-           ret = mbedtls_ssl_parse_change_cipher_spec( ssl );
-           break;
-
-       case MBEDTLS_SSL_SERVER_FINISHED:
-           ret = mbedtls_ssl_parse_finished( ssl );
-           break;
-
-       case MBEDTLS_SSL_FLUSH_BUFFERS:
-           MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
-           ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
-           break;
-
-       case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
-           mbedtls_ssl_handshake_wrapup( ssl );
-           break;
-
-       default:
-           MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
-           return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-   }
-
-    return( ret );
-}
-#endif /* MBEDTLS_SSL_CLI_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/ssl_cookie.c b/components/ssl/mbedtls/mbedtls/library/ssl_cookie.c
deleted file mode 100644
index caf11999..00000000
--- a/components/ssl/mbedtls/mbedtls/library/ssl_cookie.c
+++ /dev/null
@@ -1,260 +0,0 @@
-/*
- *  DTLS cookie callbacks implementation
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- * These session callbacks use a simple chained list
- * to store and retrieve the session information.
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_SSL_COOKIE_C)
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#define mbedtls_calloc    calloc
-#define mbedtls_free      free
-#endif
-
-#include "mbedtls/ssl_cookie.h"
-#include "mbedtls/ssl_internal.h"
-
-#include <string.h>
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- * If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
- * available. Try SHA-256 first, 512 wastes resources since we need to stay
- * with max 32 bytes of cookie for DTLS 1.0
- */
-#if defined(MBEDTLS_SHA256_C)
-#define COOKIE_MD           MBEDTLS_MD_SHA224
-#define COOKIE_MD_OUTLEN    32
-#define COOKIE_HMAC_LEN     28
-#elif defined(MBEDTLS_SHA512_C)
-#define COOKIE_MD           MBEDTLS_MD_SHA384
-#define COOKIE_MD_OUTLEN    48
-#define COOKIE_HMAC_LEN     28
-#elif defined(MBEDTLS_SHA1_C)
-#define COOKIE_MD           MBEDTLS_MD_SHA1
-#define COOKIE_MD_OUTLEN    20
-#define COOKIE_HMAC_LEN     20
-#else
-#error "DTLS hello verify needs SHA-1 or SHA-2"
-#endif
-
-/*
- * Cookies are formed of a 4-bytes timestamp (or serial number) and
- * an HMAC of timestemp and client ID.
- */
-#define COOKIE_LEN      ( 4 + COOKIE_HMAC_LEN )
-
-void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx )
-{
-    mbedtls_md_init( &ctx->hmac_ctx );
-#if !defined(MBEDTLS_HAVE_TIME)
-    ctx->serial = 0;
-#endif
-    ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT;
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
-#endif
-}
-
-void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay )
-{
-    ctx->timeout = delay;
-}
-
-void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
-{
-    mbedtls_md_free( &ctx->hmac_ctx );
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free( &ctx->mutex );
-#endif
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
-}
-
-int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng )
-{
-    int ret;
-    unsigned char key[COOKIE_MD_OUTLEN];
-
-    if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
-        return( ret );
-
-    ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 );
-    if( ret != 0 )
-        return( ret );
-
-    ret = mbedtls_md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) );
-    if( ret != 0 )
-        return( ret );
-
-    mbedtls_zeroize( key, sizeof( key ) );
-
-    return( 0 );
-}
-
-/*
- * Generate the HMAC part of a cookie
- */
-static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx,
-                            const unsigned char time[4],
-                            unsigned char **p, unsigned char *end,
-                            const unsigned char *cli_id, size_t cli_id_len )
-{
-    unsigned char hmac_out[COOKIE_MD_OUTLEN];
-
-    if( (size_t)( end - *p ) < COOKIE_HMAC_LEN )
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-
-    if( mbedtls_md_hmac_reset(  hmac_ctx ) != 0 ||
-        mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 ||
-        mbedtls_md_hmac_update( hmac_ctx, cli_id, cli_id_len ) != 0 ||
-        mbedtls_md_hmac_finish( hmac_ctx, hmac_out ) != 0 )
-    {
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    memcpy( *p, hmac_out, COOKIE_HMAC_LEN );
-    *p += COOKIE_HMAC_LEN;
-
-    return( 0 );
-}
-
-/*
- * Generate cookie for DTLS ClientHello verification
- */
-int mbedtls_ssl_cookie_write( void *p_ctx,
-                      unsigned char **p, unsigned char *end,
-                      const unsigned char *cli_id, size_t cli_id_len )
-{
-    int ret;
-    mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
-    unsigned long t;
-
-    if( ctx == NULL || cli_id == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    if( (size_t)( end - *p ) < COOKIE_LEN )
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-
-#if defined(MBEDTLS_HAVE_TIME)
-    t = (unsigned long) mbedtls_time( NULL );
-#else
-    t = ctx->serial++;
-#endif
-
-    (*p)[0] = (unsigned char)( t >> 24 );
-    (*p)[1] = (unsigned char)( t >> 16 );
-    (*p)[2] = (unsigned char)( t >>  8 );
-    (*p)[3] = (unsigned char)( t       );
-    *p += 4;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret );
-#endif
-
-    ret = ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4,
-                           p, end, cli_id, cli_id_len );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR +
-                MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    return( ret );
-}
-
-/*
- * Check a cookie
- */
-int mbedtls_ssl_cookie_check( void *p_ctx,
-                      const unsigned char *cookie, size_t cookie_len,
-                      const unsigned char *cli_id, size_t cli_id_len )
-{
-    unsigned char ref_hmac[COOKIE_HMAC_LEN];
-    int ret = 0;
-    unsigned char *p = ref_hmac;
-    mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
-    unsigned long cur_time, cookie_time;
-
-    if( ctx == NULL || cli_id == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    if( cookie_len != COOKIE_LEN )
-        return( -1 );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret );
-#endif
-
-    if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie,
-                         &p, p + sizeof( ref_hmac ),
-                         cli_id, cli_id_len ) != 0 )
-        ret = -1;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR +
-                MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    if( ret != 0 )
-        return( ret );
-
-    if( mbedtls_ssl_safer_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
-        return( -1 );
-
-#if defined(MBEDTLS_HAVE_TIME)
-    cur_time = (unsigned long) mbedtls_time( NULL );
-#else
-    cur_time = ctx->serial;
-#endif
-
-    cookie_time = ( (unsigned long) cookie[0] << 24 ) |
-                  ( (unsigned long) cookie[1] << 16 ) |
-                  ( (unsigned long) cookie[2] <<  8 ) |
-                  ( (unsigned long) cookie[3]       );
-
-    if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout )
-        return( -1 );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_COOKIE_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/ssl_srv.c b/components/ssl/mbedtls/mbedtls/library/ssl_srv.c
deleted file mode 100644
index 57a270ae..00000000
--- a/components/ssl/mbedtls/mbedtls/library/ssl_srv.c
+++ /dev/null
@@ -1,4096 +0,0 @@
-/*
- *  SSLv3/TLSv1 server-side functions
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_SSL_SRV_C)
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc    calloc
-#define mbedtls_free      free
-#endif
-
-#include "mbedtls/debug.h"
-#include "mbedtls/ssl.h"
-#include "mbedtls/ssl_internal.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
-#endif
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
-                                 const unsigned char *info,
-                                 size_t ilen )
-{
-    if( ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    mbedtls_free( ssl->cli_id );
-
-    if( ( ssl->cli_id = mbedtls_calloc( 1, ilen ) ) == NULL )
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-
-    memcpy( ssl->cli_id, info, ilen );
-    ssl->cli_id_len = ilen;
-
-    return( 0 );
-}
-
-void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
-                           mbedtls_ssl_cookie_write_t *f_cookie_write,
-                           mbedtls_ssl_cookie_check_t *f_cookie_check,
-                           void *p_cookie )
-{
-    conf->f_cookie_write = f_cookie_write;
-    conf->f_cookie_check = f_cookie_check;
-    conf->p_cookie       = p_cookie;
-}
-#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl,
-                                     const unsigned char *buf,
-                                     size_t len )
-{
-    int ret;
-    size_t servername_list_size, hostname_len;
-    const unsigned char *p;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) );
-
-    servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
-    if( servername_list_size + 2 != len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    p = buf + 2;
-    while( servername_list_size > 0 )
-    {
-        hostname_len = ( ( p[1] << 8 ) | p[2] );
-        if( hostname_len + 3 > servername_list_size )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-        }
-
-        if( p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME )
-        {
-            ret = ssl->conf->f_sni( ssl->conf->p_sni,
-                                    ssl, p + 3, hostname_len );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_sni_wrapper", ret );
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                        MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME );
-                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-            }
-            return( 0 );
-        }
-
-        servername_list_size -= hostname_len + 3;
-        p += hostname_len + 3;
-    }
-
-    if( servername_list_size != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-
-static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         size_t len )
-{
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-    {
-        /* Check verify-data in constant-time. The length OTOH is no secret */
-        if( len    != 1 + ssl->verify_data_len ||
-            buf[0] !=     ssl->verify_data_len ||
-            mbedtls_ssl_safer_memcmp( buf + 1, ssl->peer_verify_data,
-                          ssl->verify_data_len ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-        }
-    }
-    else
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-    {
-        if( len != 1 || buf[0] != 0x0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-        }
-
-        ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
-    }
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-
-/*
- * Status of the implementation of signature-algorithms extension:
- *
- * Currently, we are only considering the signature-algorithm extension
- * to pick a ciphersuite which allows us to send the ServerKeyExchange
- * message with a signature-hash combination that the user allows.
- *
- * We do *not* check whether all certificates in our certificate
- * chain are signed with an allowed signature-hash pair.
- * This needs to be done at a later stage.
- *
- */
-static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,
-                                               const unsigned char *buf,
-                                               size_t len )
-{
-    size_t sig_alg_list_size;
-
-    const unsigned char *p;
-    const unsigned char *end = buf + len;
-
-    mbedtls_md_type_t md_cur;
-    mbedtls_pk_type_t sig_cur;
-
-    sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
-    if( sig_alg_list_size + 2 != len ||
-        sig_alg_list_size % 2 != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    /* Currently we only guarantee signing the ServerKeyExchange message according
-     * to the constraints specified in this extension (see above), so it suffices
-     * to remember only one suitable hash for each possible signature algorithm.
-     *
-     * This will change when we also consider certificate signatures,
-     * in which case we will need to remember the whole signature-hash
-     * pair list from the extension.
-     */
-
-    for( p = buf + 2; p < end; p += 2 )
-    {
-        /* Silently ignore unknown signature or hash algorithms. */
-
-        if( ( sig_cur = mbedtls_ssl_pk_alg_from_sig( p[1] ) ) == MBEDTLS_PK_NONE )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext"
-                                        " unknown sig alg encoding %d", p[1] ) );
-            continue;
-        }
-
-        /* Check if we support the hash the user proposes */
-        md_cur = mbedtls_ssl_md_alg_from_hash( p[0] );
-        if( md_cur == MBEDTLS_MD_NONE )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:"
-                                        " unknown hash alg encoding %d", p[0] ) );
-            continue;
-        }
-
-        if( mbedtls_ssl_check_sig_hash( ssl, md_cur ) == 0 )
-        {
-            mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur );
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:"
-                                        " match sig %d and hash %d",
-                                        sig_cur, md_cur ) );
-        }
-        else
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: "
-                                        "hash alg %d not supported", md_cur ) );
-        }
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
-          MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl,
-                                                const unsigned char *buf,
-                                                size_t len )
-{
-    size_t list_size, our_size;
-    const unsigned char *p;
-    const mbedtls_ecp_curve_info *curve_info, **curves;
-
-    list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
-    if( list_size + 2 != len ||
-        list_size % 2 != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    /* Should never happen unless client duplicates the extension */
-    if( ssl->handshake->curves != NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    /* Don't allow our peer to make us allocate too much memory,
-     * and leave room for a final 0 */
-    our_size = list_size / 2 + 1;
-    if( our_size > MBEDTLS_ECP_DP_MAX )
-        our_size = MBEDTLS_ECP_DP_MAX;
-
-    if( ( curves = mbedtls_calloc( our_size, sizeof( *curves ) ) ) == NULL )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-    }
-
-    ssl->handshake->curves = curves;
-
-    p = buf + 2;
-    while( list_size > 0 && our_size > 1 )
-    {
-        curve_info = mbedtls_ecp_curve_info_from_tls_id( ( p[0] << 8 ) | p[1] );
-
-        if( curve_info != NULL )
-        {
-            *curves++ = curve_info;
-            our_size--;
-        }
-
-        list_size -= 2;
-        p += 2;
-    }
-
-    return( 0 );
-}
-
-static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl,
-                                              const unsigned char *buf,
-                                              size_t len )
-{
-    size_t list_size;
-    const unsigned char *p;
-
-    list_size = buf[0];
-    if( list_size + 1 != len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    p = buf + 1;
-    while( list_size > 0 )
-    {
-        if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
-            p[0] == MBEDTLS_ECP_PF_COMPRESSED )
-        {
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
-            ssl->handshake->ecdh_ctx.point_format = p[0];
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-            ssl->handshake->ecjpake_ctx.point_format = p[0];
-#endif
-            MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
-            return( 0 );
-        }
-
-        list_size--;
-        p++;
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
-          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
-                                   const unsigned char *buf,
-                                   size_t len )
-{
-    int ret;
-
-    if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) );
-        return( 0 );
-    }
-
-    if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx,
-                                                buf, len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( ret );
-    }
-
-    /* Only mark the extension as OK when we're sure it is */
-    ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
-                                              const unsigned char *buf,
-                                              size_t len )
-{
-    if( len != 1 || buf[0] >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    ssl->session_negotiate->mfl_code = buf[0];
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         size_t len )
-{
-    if( len != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    ((void) buf);
-
-    if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
-        ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
-                                      const unsigned char *buf,
-                                      size_t len )
-{
-    if( len != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    ((void) buf);
-
-    if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
-        ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
-    {
-        ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
-                                      const unsigned char *buf,
-                                      size_t len )
-{
-    if( len != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    ((void) buf);
-
-    if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED &&
-        ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
-    {
-        ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
-                                         unsigned char *buf,
-                                         size_t len )
-{
-    int ret;
-    mbedtls_ssl_session session;
-
-    mbedtls_ssl_session_init( &session );
-
-    if( ssl->conf->f_ticket_parse == NULL ||
-        ssl->conf->f_ticket_write == NULL )
-    {
-        return( 0 );
-    }
-
-    /* Remember the client asked us to send a new ticket */
-    ssl->handshake->new_session_ticket = 1;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", len ) );
-
-    if( len == 0 )
-        return( 0 );
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket rejected: renegotiating" ) );
-        return( 0 );
-    }
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-    /*
-     * Failures are ok: just ignore the ticket and proceed.
-     */
-    if( ( ret = ssl->conf->f_ticket_parse( ssl->conf->p_ticket, &session,
-                                           buf, len ) ) != 0 )
-    {
-        mbedtls_ssl_session_free( &session );
-
-        if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is not authentic" ) );
-        else if( ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED )
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is expired" ) );
-        else
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_parse", ret );
-
-        return( 0 );
-    }
-
-    /*
-     * Keep the session ID sent by the client, since we MUST send it back to
-     * inform them we're accepting the ticket  (RFC 5077 section 3.4)
-     */
-    session.id_len = ssl->session_negotiate->id_len;
-    memcpy( &session.id, ssl->session_negotiate->id, session.id_len );
-
-    mbedtls_ssl_session_free( ssl->session_negotiate );
-    memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) );
-
-    /* Zeroize instead of free as we copied the content */
-    mbedtls_zeroize( &session, sizeof( mbedtls_ssl_session ) );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from ticket" ) );
-
-    ssl->handshake->resume = 1;
-
-    /* Don't send a new ticket after all, this one is OK */
-    ssl->handshake->new_session_ticket = 0;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-#if defined(MBEDTLS_SSL_ALPN)
-static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
-                               const unsigned char *buf, size_t len )
-{
-    size_t list_len, cur_len, ours_len;
-    const unsigned char *theirs, *start, *end;
-    const char **ours;
-
-    /* If ALPN not configured, just ignore the extension */
-    if( ssl->conf->alpn_list == NULL )
-        return( 0 );
-
-    /*
-     * opaque ProtocolName<1..2^8-1>;
-     *
-     * struct {
-     *     ProtocolName protocol_name_list<2..2^16-1>
-     * } ProtocolNameList;
-     */
-
-    /* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */
-    if( len < 4 )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    list_len = ( buf[0] << 8 ) | buf[1];
-    if( list_len != len - 2 )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    /*
-     * Validate peer's list (lengths)
-     */
-    start = buf + 2;
-    end = buf + len;
-    for( theirs = start; theirs != end; theirs += cur_len )
-    {
-        cur_len = *theirs++;
-
-        /* Current identifier must fit in list */
-        if( cur_len > (size_t)( end - theirs ) )
-        {
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-        }
-
-        /* Empty strings MUST NOT be included */
-        if( cur_len == 0 )
-        {
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-        }
-    }
-
-    /*
-     * Use our order of preference
-     */
-    for( ours = ssl->conf->alpn_list; *ours != NULL; ours++ )
-    {
-        ours_len = strlen( *ours );
-        for( theirs = start; theirs != end; theirs += cur_len )
-        {
-            cur_len = *theirs++;
-
-            if( cur_len == ours_len &&
-                memcmp( theirs, *ours, cur_len ) == 0 )
-            {
-                ssl->alpn_chosen = *ours;
-                return( 0 );
-            }
-        }
-    }
-
-    /* If we get there, no match was found */
-    mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                            MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL );
-    return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-}
-#endif /* MBEDTLS_SSL_ALPN */
-
-/*
- * Auxiliary functions for ServerHello parsing and related actions
- */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/*
- * Return 0 if the given key uses one of the acceptable curves, -1 otherwise
- */
-#if defined(MBEDTLS_ECDSA_C)
-static int ssl_check_key_curve( mbedtls_pk_context *pk,
-                                const mbedtls_ecp_curve_info **curves )
-{
-    const mbedtls_ecp_curve_info **crv = curves;
-    mbedtls_ecp_group_id grp_id = mbedtls_pk_ec( *pk )->grp.id;
-
-    while( *crv != NULL )
-    {
-        if( (*crv)->grp_id == grp_id )
-            return( 0 );
-        crv++;
-    }
-
-    return( -1 );
-}
-#endif /* MBEDTLS_ECDSA_C */
-
-/*
- * Try picking a certificate for this ciphersuite,
- * return 0 on success and -1 on failure.
- */
-static int ssl_pick_cert( mbedtls_ssl_context *ssl,
-                          const mbedtls_ssl_ciphersuite_t * ciphersuite_info )
-{
-    mbedtls_ssl_key_cert *cur, *list, *fallback = NULL;
-    mbedtls_pk_type_t pk_alg =
-        mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
-    uint32_t flags;
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    if( ssl->handshake->sni_key_cert != NULL )
-        list = ssl->handshake->sni_key_cert;
-    else
-#endif
-        list = ssl->conf->key_cert;
-
-    if( pk_alg == MBEDTLS_PK_NONE )
-        return( 0 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite requires certificate" ) );
-
-    if( list == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "server has no certificate" ) );
-        return( -1 );
-    }
-
-    for( cur = list; cur != NULL; cur = cur->next )
-    {
-        MBEDTLS_SSL_DEBUG_CRT( 3, "candidate certificate chain, certificate",
-                          cur->cert );
-
-        if( ! mbedtls_pk_can_do( cur->key, pk_alg ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: key type" ) );
-            continue;
-        }
-
-        /*
-         * This avoids sending the client a cert it'll reject based on
-         * keyUsage or other extensions.
-         *
-         * It also allows the user to provision different certificates for
-         * different uses based on keyUsage, eg if they want to avoid signing
-         * and decrypting with the same RSA key.
-         */
-        if( mbedtls_ssl_check_cert_usage( cur->cert, ciphersuite_info,
-                                  MBEDTLS_SSL_IS_SERVER, &flags ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: "
-                                "(extended) key usage extension" ) );
-            continue;
-        }
-
-#if defined(MBEDTLS_ECDSA_C)
-        if( pk_alg == MBEDTLS_PK_ECDSA &&
-            ssl_check_key_curve( cur->key, ssl->handshake->curves ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: elliptic curve" ) );
-            continue;
-        }
-#endif
-
-        /*
-         * Try to select a SHA-1 certificate for pre-1.2 clients, but still
-         * present them a SHA-higher cert rather than failing if it's the only
-         * one we got that satisfies the other conditions.
-         */
-        if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 &&
-            cur->cert->sig_md != MBEDTLS_MD_SHA1 )
-        {
-            if( fallback == NULL )
-                fallback = cur;
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate not preferred: "
-                                    "sha-2 with pre-TLS 1.2 client" ) );
-            continue;
-            }
-        }
-
-        /* If we get there, we got a winner */
-        break;
-    }
-
-    if( cur == NULL )
-        cur = fallback;
-
-    /* Do not update ssl->handshake->key_cert unless there is a match */
-    if( cur != NULL )
-    {
-        ssl->handshake->key_cert = cur;
-        MBEDTLS_SSL_DEBUG_CRT( 3, "selected certificate chain, certificate",
-                          ssl->handshake->key_cert->cert );
-        return( 0 );
-    }
-
-    return( -1 );
-}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-/*
- * Check if a given ciphersuite is suitable for use with our config/keys/etc
- * Sets ciphersuite_info only if the suite matches.
- */
-static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
-                                  const mbedtls_ssl_ciphersuite_t **ciphersuite_info )
-{
-    const mbedtls_ssl_ciphersuite_t *suite_info;
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)    
-    mbedtls_pk_type_t sig_type;
-#endif
-
-    suite_info = mbedtls_ssl_ciphersuite_from_id( suite_id );
-    if( suite_info == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %s", suite_info->name ) );
-
-    if( suite_info->min_minor_ver > ssl->minor_ver ||
-        suite_info->max_minor_ver < ssl->minor_ver )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: version" ) );
-        return( 0 );
-    }
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
-        return( 0 );
-#endif
-
-#if defined(MBEDTLS_ARC4_C)
-    if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
-            suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: rc4" ) );
-        return( 0 );
-    }
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
-        ( ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK ) == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: ecjpake "
-                                    "not configured or ext missing" ) );
-        return( 0 );
-    }
-#endif
-
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
-    if( mbedtls_ssl_ciphersuite_uses_ec( suite_info ) &&
-        ( ssl->handshake->curves == NULL ||
-          ssl->handshake->curves[0] == NULL ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: "
-                            "no common elliptic curve" ) );
-        return( 0 );
-    }
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-    /* If the ciphersuite requires a pre-shared key and we don't
-     * have one, skip it now rather than failing later */
-    if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
-        ssl->conf->f_psk == NULL &&
-        ( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ||
-          ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no pre-shared key" ) );
-        return( 0 );
-    }
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-    /* If the ciphersuite requires signing, check whether
-     * a suitable hash algorithm is present. */
-    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
-    {
-        sig_type = mbedtls_ssl_get_ciphersuite_sig_alg( suite_info );
-        if( sig_type != MBEDTLS_PK_NONE &&
-            mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
-                                        "for signature algorithm %d", sig_type ) );
-            return( 0 );
-        }
-    }
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
-          MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    /*
-     * Final check: if ciphersuite requires us to have a
-     * certificate/key of a particular type:
-     * - select the appropriate certificate if we have one, or
-     * - try the next ciphersuite if we don't
-     * This must be done last since we modify the key_cert list.
-     */
-    if( ssl_pick_cert( ssl, suite_info ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: "
-                            "no suitable certificate" ) );
-        return( 0 );
-    }
-#endif
-
-    *ciphersuite_info = suite_info;
-    return( 0 );
-}
-
-#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
-static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
-{
-    int ret, got_common_suite;
-    unsigned int i, j;
-    size_t n;
-    unsigned int ciph_len, sess_len, chal_len;
-    unsigned char *buf, *p;
-    const int *ciphersuites;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello v2" ) );
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello v2 illegal for renegotiation" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-    buf = ssl->in_hdr;
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, 5 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, message type: %d",
-                   buf[2] ) );
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, message len.: %d",
-                   ( ( buf[0] & 0x7F ) << 8 ) | buf[1] ) );
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, max. version: [%d:%d]",
-                   buf[3], buf[4] ) );
-
-    /*
-     * SSLv2 Client Hello
-     *
-     * Record layer:
-     *     0  .   1   message length
-     *
-     * SSL layer:
-     *     2  .   2   message type
-     *     3  .   4   protocol version
-     */
-    if( buf[2] != MBEDTLS_SSL_HS_CLIENT_HELLO ||
-        buf[3] != MBEDTLS_SSL_MAJOR_VERSION_3 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    n = ( ( buf[0] << 8 ) | buf[1] ) & 0x7FFF;
-
-    if( n < 17 || n > 512 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
-    ssl->minor_ver = ( buf[4] <= ssl->conf->max_minor_ver )
-                     ? buf[4]  : ssl->conf->max_minor_ver;
-
-    if( ssl->minor_ver < ssl->conf->min_minor_ver )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
-                            " [%d:%d] < [%d:%d]",
-                            ssl->major_ver, ssl->minor_ver,
-                            ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
-
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                     MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
-        return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
-    }
-
-    ssl->handshake->max_major_ver = buf[3];
-    ssl->handshake->max_minor_ver = buf[4];
-
-    if( ( ret = mbedtls_ssl_fetch_input( ssl, 2 + n ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
-        return( ret );
-    }
-
-    ssl->handshake->update_checksum( ssl, buf + 2, n );
-
-    buf = ssl->in_msg;
-    n = ssl->in_left - 5;
-
-    /*
-     *    0  .   1   ciphersuitelist length
-     *    2  .   3   session id length
-     *    4  .   5   challenge length
-     *    6  .  ..   ciphersuitelist
-     *   ..  .  ..   session id
-     *   ..  .  ..   challenge
-     */
-    MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, n );
-
-    ciph_len = ( buf[0] << 8 ) | buf[1];
-    sess_len = ( buf[2] << 8 ) | buf[3];
-    chal_len = ( buf[4] << 8 ) | buf[5];
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d",
-                   ciph_len, sess_len, chal_len ) );
-
-    /*
-     * Make sure each parameter length is valid
-     */
-    if( ciph_len < 3 || ( ciph_len % 3 ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    if( sess_len > 32 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    if( chal_len < 8 || chal_len > 32 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    if( n != 6 + ciph_len + sess_len + chal_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
-                   buf + 6, ciph_len );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id",
-                   buf + 6 + ciph_len, sess_len );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, challenge",
-                   buf + 6 + ciph_len + sess_len, chal_len );
-
-    p = buf + 6 + ciph_len;
-    ssl->session_negotiate->id_len = sess_len;
-    memset( ssl->session_negotiate->id, 0,
-            sizeof( ssl->session_negotiate->id ) );
-    memcpy( ssl->session_negotiate->id, p, ssl->session_negotiate->id_len );
-
-    p += sess_len;
-    memset( ssl->handshake->randbytes, 0, 64 );
-    memcpy( ssl->handshake->randbytes + 32 - chal_len, p, chal_len );
-
-    /*
-     * Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
-     */
-    for( i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3 )
-    {
-        if( p[0] == 0 && p[1] == 0 && p[2] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-            if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV "
-                                    "during renegotiation" ) );
-
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-            }
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-            ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
-            break;
-        }
-    }
-
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
-    for( i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3 )
-    {
-        if( p[0] == 0 &&
-            p[1] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ) & 0xff ) &&
-            p[2] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE      ) & 0xff ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "received FALLBACK_SCSV" ) );
-
-            if( ssl->minor_ver < ssl->conf->max_minor_ver )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
-
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK );
-
-                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-            }
-
-            break;
-        }
-    }
-#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
-
-    got_common_suite = 0;
-    ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
-    ciphersuite_info = NULL;
-#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
-    for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
-        for( i = 0; ciphersuites[i] != 0; i++ )
-#else
-    for( i = 0; ciphersuites[i] != 0; i++ )
-        for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
-#endif
-        {
-            if( p[0] != 0 ||
-                p[1] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) ||
-                p[2] != ( ( ciphersuites[i]      ) & 0xFF ) )
-                continue;
-
-            got_common_suite = 1;
-
-            if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
-                                               &ciphersuite_info ) ) != 0 )
-                return( ret );
-
-            if( ciphersuite_info != NULL )
-                goto have_ciphersuite_v2;
-        }
-
-    if( got_common_suite )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, "
-                            "but none of them usable" ) );
-        return( MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE );
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
-        return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN );
-    }
-
-have_ciphersuite_v2:
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) );
-
-    ssl->session_negotiate->ciphersuite = ciphersuites[i];
-    ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
-
-    /*
-     * SSLv2 Client Hello relevant renegotiation security checks
-     */
-    if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
-        ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    ssl->in_left = 0;
-    ssl->state++;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client hello v2" ) );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
-
-/* This function doesn't alert on errors that happen early during
-   ClientHello parsing because they might indicate that the client is
-   not talking SSL/TLS at all and would not understand our alert. */
-static int ssl_parse_client_hello( mbedtls_ssl_context *ssl )
-{
-    int ret, got_common_suite;
-    size_t i, j;
-    size_t ciph_offset, comp_offset, ext_offset;
-    size_t msg_len, ciph_len, sess_len, comp_len, ext_len;
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    size_t cookie_offset, cookie_len;
-#endif
-    unsigned char *buf, *p, *ext;
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    int renegotiation_info_seen = 0;
-#endif
-    int handshake_failure = 0;
-    const int *ciphersuites;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-    int major, minor;
-
-    /* If there is no signature-algorithm extension present,
-     * we need to fall back to the default values for allowed
-     * signature-hash pairs. */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-    int sig_hash_alg_ext_present = 0;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
-          MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-read_record_header:
-#endif
-    /*
-     * If renegotiating, then the input was read with mbedtls_ssl_read_record(),
-     * otherwise read it ourselves manually in order to support SSLv2
-     * ClientHello, which doesn't use the same record layer format.
-     */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
-#endif
-    {
-        if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 )
-        {
-            /* No alert on a read error. */
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
-            return( ret );
-        }
-    }
-
-    buf = ssl->in_hdr;
-
-#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
-#endif
-        if( ( buf[0] & 0x80 ) != 0 )
-            return( ssl_parse_client_hello_v2( ssl ) );
-#endif
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_hdr_len( ssl ) );
-
-    /*
-     * SSLv3/TLS Client Hello
-     *
-     * Record layer:
-     *     0  .   0   message type
-     *     1  .   2   protocol version
-     *     3  .   11  DTLS: epoch + record sequence number
-     *     3  .   4   message length
-     */
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, message type: %d",
-                   buf[0] ) );
-
-    if( buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, message len.: %d",
-                   ( ssl->in_len[0] << 8 ) | ssl->in_len[1] ) );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, protocol version: [%d:%d]",
-                   buf[1], buf[2] ) );
-
-    mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 );
-
-    /* According to RFC 5246 Appendix E.1, the version here is typically
-     * "{03,00}, the lowest version number supported by the client, [or] the
-     * value of ClientHello.client_version", so the only meaningful check here
-     * is the major version shouldn't be less than 3 */
-    if( major < MBEDTLS_SSL_MAJOR_VERSION_3 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    /* For DTLS if this is the initial handshake, remember the client sequence
-     * number to use it in our next message (RFC 6347 4.2.1) */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-        && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
-#endif
-        )
-    {
-        /* Epoch should be 0 for initial handshakes */
-        if( ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-        }
-
-        memcpy( ssl->out_ctr + 2, ssl->in_ctr + 2, 6 );
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-        if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record, discarding" ) );
-            ssl->next_record_offset = 0;
-            ssl->in_left = 0;
-            goto read_record_header;
-        }
-
-        /* No MAC to check yet, so we can update right now */
-        mbedtls_ssl_dtls_replay_update( ssl );
-#endif
-    }
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-    msg_len = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-    {
-        /* Set by mbedtls_ssl_read_record() */
-        msg_len = ssl->in_hslen;
-    }
-    else
-#endif
-    {
-        if( msg_len > MBEDTLS_SSL_IN_CONTENT_LEN )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-        }
-
-        if( ( ret = mbedtls_ssl_fetch_input( ssl,
-                       mbedtls_ssl_hdr_len( ssl ) + msg_len ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
-            return( ret );
-        }
-
-    /* Done reading this record, get ready for the next one */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-            ssl->next_record_offset = msg_len + mbedtls_ssl_hdr_len( ssl );
-        else
-#endif
-            ssl->in_left = 0;
-    }
-
-    buf = ssl->in_msg;
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, msg_len );
-
-    ssl->handshake->update_checksum( ssl, buf, msg_len );
-
-    /*
-     * Handshake layer:
-     *     0  .   0   handshake type
-     *     1  .   3   handshake length
-     *     4  .   5   DTLS only: message seqence number
-     *     6  .   8   DTLS only: fragment offset
-     *     9  .  11   DTLS only: fragment length
-     */
-    if( msg_len < mbedtls_ssl_hs_hdr_len( ssl ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake type: %d", buf[0] ) );
-
-    if( buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d",
-                   ( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) );
-
-    /* We don't support fragmentation of ClientHello (yet?) */
-    if( buf[1] != 0 ||
-        msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        /*
-         * Copy the client's handshake message_seq on initial handshakes,
-         * check sequence number on renego.
-         */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-        if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-        {
-            /* This couldn't be done in ssl_prepare_handshake_record() */
-            unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) |
-                                         ssl->in_msg[5];
-
-            if( cli_msg_seq != ssl->handshake->in_msg_seq )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: "
-                                    "%d (expected %d)", cli_msg_seq,
-                                    ssl->handshake->in_msg_seq ) );
-                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-            }
-
-            ssl->handshake->in_msg_seq++;
-        }
-        else
-#endif
-        {
-            unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) |
-                                         ssl->in_msg[5];
-            ssl->handshake->out_msg_seq = cli_msg_seq;
-            ssl->handshake->in_msg_seq  = cli_msg_seq + 1;
-        }
-
-        /*
-         * For now we don't support fragmentation, so make sure
-         * fragment_offset == 0 and fragment_length == length
-         */
-        if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 ||
-            memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "ClientHello fragmentation not supported" ) );
-            return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-        }
-    }
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-    buf += mbedtls_ssl_hs_hdr_len( ssl );
-    msg_len -= mbedtls_ssl_hs_hdr_len( ssl );
-
-    /*
-     * ClientHello layer:
-     *     0  .   1   protocol version
-     *     2  .  33   random bytes (starting with 4 bytes of Unix time)
-     *    34  .  35   session id length (1 byte)
-     *    35  . 34+x  session id
-     *   35+x . 35+x  DTLS only: cookie length (1 byte)
-     *   36+x .  ..   DTLS only: cookie
-     *    ..  .  ..   ciphersuite list length (2 bytes)
-     *    ..  .  ..   ciphersuite list
-     *    ..  .  ..   compression alg. list length (1 byte)
-     *    ..  .  ..   compression alg. list
-     *    ..  .  ..   extensions length (2 bytes, optional)
-     *    ..  .  ..   extensions (optional)
-     */
-
-    /*
-     * Minimal length (with everything empty and extensions ommitted) is
-     * 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can
-     * read at least up to session id length without worrying.
-     */
-    if( msg_len < 38 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    /*
-     * Check and save the protocol version
-     */
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, version", buf, 2 );
-
-    mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
-                      ssl->conf->transport, buf );
-
-    ssl->handshake->max_major_ver = ssl->major_ver;
-    ssl->handshake->max_minor_ver = ssl->minor_ver;
-
-    if( ssl->major_ver < ssl->conf->min_major_ver ||
-        ssl->minor_ver < ssl->conf->min_minor_ver )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
-                            " [%d:%d] < [%d:%d]",
-                            ssl->major_ver, ssl->minor_ver,
-                            ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                     MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
-        return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
-    }
-
-    if( ssl->major_ver > ssl->conf->max_major_ver )
-    {
-        ssl->major_ver = ssl->conf->max_major_ver;
-        ssl->minor_ver = ssl->conf->max_minor_ver;
-    }
-    else if( ssl->minor_ver > ssl->conf->max_minor_ver )
-        ssl->minor_ver = ssl->conf->max_minor_ver;
-
-    /*
-     * Save client random (inc. Unix time)
-     */
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf + 2, 32 );
-
-    memcpy( ssl->handshake->randbytes, buf + 2, 32 );
-
-    /*
-     * Check the session ID length and save session ID
-     */
-    sess_len = buf[34];
-
-    if( sess_len > sizeof( ssl->session_negotiate->id ) ||
-        sess_len + 34 + 2 > msg_len ) /* 2 for cipherlist length field */
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 35, sess_len );
-
-    ssl->session_negotiate->id_len = sess_len;
-    memset( ssl->session_negotiate->id, 0,
-            sizeof( ssl->session_negotiate->id ) );
-    memcpy( ssl->session_negotiate->id, buf + 35,
-            ssl->session_negotiate->id_len );
-
-    /*
-     * Check the cookie length and content
-     */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        cookie_offset = 35 + sess_len;
-        cookie_len = buf[cookie_offset];
-
-        if( cookie_offset + 1 + cookie_len + 2 > msg_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-        }
-
-        MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
-                       buf + cookie_offset + 1, cookie_len );
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-        if( ssl->conf->f_cookie_check != NULL
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-            && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
-#endif
-            )
-        {
-            if( ssl->conf->f_cookie_check( ssl->conf->p_cookie,
-                                     buf + cookie_offset + 1, cookie_len,
-                                     ssl->cli_id, ssl->cli_id_len ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification failed" ) );
-                ssl->handshake->verify_cookie_len = 1;
-            }
-            else
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification passed" ) );
-                ssl->handshake->verify_cookie_len = 0;
-            }
-        }
-        else
-#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
-        {
-            /* We know we didn't send a cookie, so it should be empty */
-            if( cookie_len != 0 )
-            {
-                /* This may be an attacker's probe, so don't send an alert */
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-            }
-
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification skipped" ) );
-        }
-
-    /*
-     * Check the ciphersuitelist length (will be parsed later)
-     */
-        ciph_offset = cookie_offset + 1 + cookie_len;
-    }
-    else
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-        ciph_offset = 35 + sess_len;
-
-    ciph_len = ( buf[ciph_offset + 0] << 8 )
-             | ( buf[ciph_offset + 1]      );
-
-    if( ciph_len < 2 ||
-        ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */
-        ( ciph_len % 2 ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist",
-                   buf + ciph_offset + 2,  ciph_len );
-
-    /*
-     * Check the compression algorithms length and pick one
-     */
-    comp_offset = ciph_offset + 2 + ciph_len;
-
-    comp_len = buf[comp_offset];
-
-    if( comp_len < 1 ||
-        comp_len > 16 ||
-        comp_len + comp_offset + 1 > msg_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, compression",
-                      buf + comp_offset + 1, comp_len );
-
-    ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    for( i = 0; i < comp_len; ++i )
-    {
-        if( buf[comp_offset + 1 + i] == MBEDTLS_SSL_COMPRESS_DEFLATE )
-        {
-            ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_DEFLATE;
-            break;
-        }
-    }
-#endif
-
-    /* See comments in ssl_write_client_hello() */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
-#endif
-
-    /* Do not parse the extensions if the protocol is SSLv3 */
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-    if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
-    {
-#endif
-        /*
-         * Check the extension length
-         */
-        ext_offset = comp_offset + 1 + comp_len;
-        if( msg_len > ext_offset )
-        {
-            if( msg_len < ext_offset + 2 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-            }
-
-            ext_len = ( buf[ext_offset + 0] << 8 )
-                    | ( buf[ext_offset + 1]      );
-
-            if( ( ext_len > 0 && ext_len < 4 ) ||
-                msg_len != ext_offset + 2 + ext_len )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-            }
-        }
-        else
-            ext_len = 0;
-
-        ext = buf + ext_offset + 2;
-        MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len );
-
-        while( ext_len != 0 )
-        {
-            unsigned int ext_id   = ( ( ext[0] <<  8 )
-                                    | ( ext[1]       ) );
-            unsigned int ext_size = ( ( ext[2] <<  8 )
-                                    | ( ext[3]       ) );
-
-            if( ext_size + 4 > ext_len )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-            }
-            switch( ext_id )
-            {
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-            case MBEDTLS_TLS_EXT_SERVERNAME:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
-                if( ssl->conf->f_sni == NULL )
-                    break;
-
-                ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
-                break;
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-
-            case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-                renegotiation_info_seen = 1;
-#endif
-
-                ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
-                break;
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-            case MBEDTLS_TLS_EXT_SIG_ALG:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
-
-                ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
-
-                sig_hash_alg_ext_present = 1;
-                break;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
-          MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-            case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) );
-
-                ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
-                break;
-
-            case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) );
-                ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT;
-
-                ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
-                break;
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
-          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-            case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake kkpp extension" ) );
-
-                ret = ssl_parse_ecjpake_kkpp( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
-                break;
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-            case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) );
-
-                ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
-                break;
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-            case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) );
-
-                ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
-                break;
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-            case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) );
-
-                ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
-                break;
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-            case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) );
-
-                ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
-                break;
-#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-            case MBEDTLS_TLS_EXT_SESSION_TICKET:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) );
-
-                ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
-                break;
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-#if defined(MBEDTLS_SSL_ALPN)
-            case MBEDTLS_TLS_EXT_ALPN:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
-
-                ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size );
-                if( ret != 0 )
-                    return( ret );
-                break;
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-            default:
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
-                               ext_id ) );
-            }
-
-            ext_len -= 4 + ext_size;
-            ext += 4 + ext_size;
-
-            if( ext_len > 0 && ext_len < 4 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-            }
-        }
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-    }
-#endif
-
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
-    for( i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2 )
-    {
-        if( p[0] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ) & 0xff ) &&
-            p[1] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE      ) & 0xff ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "received FALLBACK_SCSV" ) );
-
-            if( ssl->minor_ver < ssl->conf->max_minor_ver )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
-
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK );
-
-                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-            }
-
-            break;
-        }
-    }
-#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-
-    /*
-     * Try to fall back to default hash SHA1 if the client
-     * hasn't provided any preferred signature-hash combinations.
-     */
-    if( sig_hash_alg_ext_present == 0 )
-    {
-        mbedtls_md_type_t md_default = MBEDTLS_MD_SHA1;
-
-        if( mbedtls_ssl_check_sig_hash( ssl, md_default ) != 0 )
-            md_default = MBEDTLS_MD_NONE;
-
-        mbedtls_ssl_sig_hash_set_const_hash( &ssl->handshake->hash_algs, md_default );
-    }
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
-          MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
-
-    /*
-     * Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
-     */
-    for( i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2 )
-    {
-        if( p[0] == 0 && p[1] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) );
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-            if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV "
-                                            "during renegotiation" ) );
-                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-            }
-#endif
-            ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
-            break;
-        }
-    }
-
-    /*
-     * Renegotiation security checks
-     */
-    if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION &&
-        ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
-        handshake_failure = 1;
-    }
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
-             ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION &&
-             renegotiation_info_seen == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) );
-        handshake_failure = 1;
-    }
-    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
-             ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
-             ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
-        handshake_failure = 1;
-    }
-    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
-             ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
-             renegotiation_info_seen == 1 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) );
-        handshake_failure = 1;
-    }
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-    if( handshake_failure == 1 )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    /*
-     * Search for a matching ciphersuite
-     * (At the end because we need information from the EC-based extensions
-     * and certificate from the SNI callback triggered by the SNI extension.)
-     */
-    got_common_suite = 0;
-    ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
-    ciphersuite_info = NULL;
-#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
-    for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
-        for( i = 0; ciphersuites[i] != 0; i++ )
-#else
-    for( i = 0; ciphersuites[i] != 0; i++ )
-        for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
-#endif
-        {
-            if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) ||
-                p[1] != ( ( ciphersuites[i]      ) & 0xFF ) )
-                continue;
-
-            got_common_suite = 1;
-
-            if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
-                                               &ciphersuite_info ) ) != 0 )
-                return( ret );
-
-            if( ciphersuite_info != NULL )
-                goto have_ciphersuite;
-        }
-
-    if( got_common_suite )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, "
-                            "but none of them usable" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE );
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN );
-    }
-
-have_ciphersuite:
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) );
-
-    ssl->session_negotiate->ciphersuite = ciphersuites[i];
-    ssl->transform_negotiate->ciphersuite_info = ciphersuite_info;
-
-    ssl->state++;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        mbedtls_ssl_recv_flight_completed( ssl );
-#endif
-
-    /* Debugging-only output for testsuite */
-#if defined(MBEDTLS_DEBUG_C)                         && \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)                && \
-    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
-    {
-        mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg( ciphersuite_info );
-        if( sig_alg != MBEDTLS_PK_NONE )
-        {
-            mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
-                                                                  sig_alg );
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",
-                                        mbedtls_ssl_hash_from_md_alg( md_alg ) ) );
-        }
-        else
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
-                                        "%d - should not happen", sig_alg ) );
-        }
-    }
-#endif
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client hello" ) );
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
-                                          unsigned char *buf,
-                                          size_t *olen )
-{
-    unsigned char *p = buf;
-
-    if( ssl->session_negotiate->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
-    {
-        *olen = 0;
-        return;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding truncated hmac extension" ) );
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC      ) & 0xFF );
-
-    *p++ = 0x00;
-    *p++ = 0x00;
-
-    *olen = 4;
-}
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
-                                            unsigned char *buf,
-                                            size_t *olen )
-{
-    unsigned char *p = buf;
-    const mbedtls_ssl_ciphersuite_t *suite = NULL;
-    const mbedtls_cipher_info_t *cipher = NULL;
-
-    if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
-        ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-    {
-        *olen = 0;
-        return;
-    }
-
-    /*
-     * RFC 7366: "If a server receives an encrypt-then-MAC request extension
-     * from a client and then selects a stream or Authenticated Encryption
-     * with Associated Data (AEAD) ciphersuite, it MUST NOT send an
-     * encrypt-then-MAC response extension back to the client."
-     */
-    if( ( suite = mbedtls_ssl_ciphersuite_from_id(
-                    ssl->session_negotiate->ciphersuite ) ) == NULL ||
-        ( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL ||
-        cipher->mode != MBEDTLS_MODE_CBC )
-    {
-        *olen = 0;
-        return;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) );
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC      ) & 0xFF );
-
-    *p++ = 0x00;
-    *p++ = 0x00;
-
-    *olen = 4;
-}
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
-                                       unsigned char *buf,
-                                       size_t *olen )
-{
-    unsigned char *p = buf;
-
-    if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
-        ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-    {
-        *olen = 0;
-        return;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret "
-                        "extension" ) );
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET      ) & 0xFF );
-
-    *p++ = 0x00;
-    *p++ = 0x00;
-
-    *olen = 4;
-}
-#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
-                                          unsigned char *buf,
-                                          size_t *olen )
-{
-    unsigned char *p = buf;
-
-    if( ssl->handshake->new_session_ticket == 0 )
-    {
-        *olen = 0;
-        return;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) );
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET      ) & 0xFF );
-
-    *p++ = 0x00;
-    *p++ = 0x00;
-
-    *olen = 4;
-}
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
-                                         unsigned char *buf,
-                                         size_t *olen )
-{
-    unsigned char *p = buf;
-
-    if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION )
-    {
-        *olen = 0;
-        return;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) );
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO      ) & 0xFF );
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-    {
-        *p++ = 0x00;
-        *p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF;
-        *p++ = ssl->verify_data_len * 2 & 0xFF;
-
-        memcpy( p, ssl->peer_verify_data, ssl->verify_data_len );
-        p += ssl->verify_data_len;
-        memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
-        p += ssl->verify_data_len;
-    }
-    else
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-    {
-        *p++ = 0x00;
-        *p++ = 0x01;
-        *p++ = 0x00;
-    }
-
-    *olen = p - buf;
-}
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
-                                               unsigned char *buf,
-                                               size_t *olen )
-{
-    unsigned char *p = buf;
-
-    if( ssl->session_negotiate->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE )
-    {
-        *olen = 0;
-        return;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) );
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH      ) & 0xFF );
-
-    *p++ = 0x00;
-    *p++ = 1;
-
-    *p++ = ssl->session_negotiate->mfl_code;
-
-    *olen = 5;
-}
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
-                                                   unsigned char *buf,
-                                                   size_t *olen )
-{
-    unsigned char *p = buf;
-    ((void) ssl);
-
-    if( ( ssl->handshake->cli_exts &
-          MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT ) == 0 )
-    {
-        *olen = 0;
-        return;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) );
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS      ) & 0xFF );
-
-    *p++ = 0x00;
-    *p++ = 2;
-
-    *p++ = 1;
-    *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED;
-
-    *olen = 6;
-}
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
-                                        unsigned char *buf,
-                                        size_t *olen )
-{
-    int ret;
-    unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-    size_t kkpp_len;
-
-    *olen = 0;
-
-    /* Skip costly computation if not needed */
-    if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
-        MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-        return;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, ecjpake kkpp extension" ) );
-
-    if( end - p < 4 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
-        return;
-    }
-
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP      ) & 0xFF );
-
-    ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
-                                        p + 2, end - p - 2, &kkpp_len,
-                                        ssl->conf->f_rng, ssl->conf->p_rng );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret );
-        return;
-    }
-
-    *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( kkpp_len      ) & 0xFF );
-
-    *olen = kkpp_len + 4;
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_SSL_ALPN )
-static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
-                                unsigned char *buf, size_t *olen )
-{
-    if( ssl->alpn_chosen == NULL )
-    {
-        *olen = 0;
-        return;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding alpn extension" ) );
-
-    /*
-     * 0 . 1    ext identifier
-     * 2 . 3    ext length
-     * 4 . 5    protocol list length
-     * 6 . 6    protocol name length
-     * 7 . 7+n  protocol name
-     */
-    buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF );
-    buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN      ) & 0xFF );
-
-    *olen = 7 + strlen( ssl->alpn_chosen );
-
-    buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF );
-    buf[3] = (unsigned char)( ( ( *olen - 4 )      ) & 0xFF );
-
-    buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF );
-    buf[5] = (unsigned char)( ( ( *olen - 6 )      ) & 0xFF );
-
-    buf[6] = (unsigned char)( ( ( *olen - 7 )      ) & 0xFF );
-
-    memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 );
-}
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    unsigned char *p = ssl->out_msg + 4;
-    unsigned char *cookie_len_byte;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello verify request" ) );
-
-    /*
-     * struct {
-     *   ProtocolVersion server_version;
-     *   opaque cookie<0..2^8-1>;
-     * } HelloVerifyRequest;
-     */
-
-    /* The RFC is not clear on this point, but sending the actual negotiated
-     * version looks like the most interoperable thing to do. */
-    mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
-                       ssl->conf->transport, p );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
-    p += 2;
-
-    /* If we get here, f_cookie_check is not null */
-    if( ssl->conf->f_cookie_write == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "inconsistent cookie callbacks" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    /* Skip length byte until we know the length */
-    cookie_len_byte = p++;
-
-    if( ( ret = ssl->conf->f_cookie_write( ssl->conf->p_cookie,
-                                     &p, ssl->out_buf + MBEDTLS_SSL_OUT_BUFFER_LEN,
-                                     ssl->cli_id, ssl->cli_id_len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "f_cookie_write", ret );
-        return( ret );
-    }
-
-    *cookie_len_byte = (unsigned char)( p - ( cookie_len_byte + 1 ) );
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "cookie sent", cookie_len_byte + 1, *cookie_len_byte );
-
-    ssl->out_msglen  = p - ssl->out_msg;
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST;
-
-    ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT;
-
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello verify request" ) );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
-
-static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
-{
-#if defined(MBEDTLS_HAVE_TIME)
-    mbedtls_time_t t;
-#endif
-    int ret;
-    size_t olen, ext_len = 0, n;
-    unsigned char *buf, *p;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake->verify_cookie_len != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello was not authenticated" ) );
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
-
-        return( ssl_write_hello_verify_request( ssl ) );
-    }
-#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
-
-    if( ssl->conf->f_rng == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") );
-        return( MBEDTLS_ERR_SSL_NO_RNG );
-    }
-
-    /*
-     *     0  .   0   handshake type
-     *     1  .   3   handshake length
-     *     4  .   5   protocol version
-     *     6  .   9   UNIX time()
-     *    10  .  37   random bytes
-     */
-    buf = ssl->out_msg;
-    p = buf + 4;
-
-    mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
-                       ssl->conf->transport, p );
-    p += 2;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
-                        buf[4], buf[5] ) );
-
-#if defined(MBEDTLS_HAVE_TIME)
-    t = mbedtls_time( NULL );
-    *p++ = (unsigned char)( t >> 24 );
-    *p++ = (unsigned char)( t >> 16 );
-    *p++ = (unsigned char)( t >>  8 );
-    *p++ = (unsigned char)( t       );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
-#else
-    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
-        return( ret );
-
-    p += 4;
-#endif /* MBEDTLS_HAVE_TIME */
-
-    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 )
-        return( ret );
-
-    p += 28;
-
-    memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 );
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 );
-
-    /*
-     * Resume is 0  by default, see ssl_handshake_init().
-     * It may be already set to 1 by ssl_parse_session_ticket_ext().
-     * If not, try looking up session ID in our cache.
-     */
-    if( ssl->handshake->resume == 0 &&
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-        ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
-#endif
-        ssl->session_negotiate->id_len != 0 &&
-        ssl->conf->f_get_cache != NULL &&
-        ssl->conf->f_get_cache( ssl->conf->p_cache, ssl->session_negotiate ) == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
-        ssl->handshake->resume = 1;
-    }
-
-    if( ssl->handshake->resume == 0 )
-    {
-        /*
-         * New session, create a new session id,
-         * unless we're about to issue a session ticket
-         */
-        ssl->state++;
-
-#if defined(MBEDTLS_HAVE_TIME)
-        ssl->session_negotiate->start = mbedtls_time( NULL );
-#endif
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-        if( ssl->handshake->new_session_ticket != 0 )
-        {
-            ssl->session_negotiate->id_len = n = 0;
-            memset( ssl->session_negotiate->id, 0, 32 );
-        }
-        else
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-        {
-            ssl->session_negotiate->id_len = n = 32;
-            if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id,
-                                    n ) ) != 0 )
-                return( ret );
-        }
-    }
-    else
-    {
-        /*
-         * Resuming a session
-         */
-        n = ssl->session_negotiate->id_len;
-        ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
-
-        if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
-            return( ret );
-        }
-    }
-
-    /*
-     *    38  .  38     session id length
-     *    39  . 38+n    session id
-     *   39+n . 40+n    chosen ciphersuite
-     *   41+n . 41+n    chosen compression alg.
-     *   42+n . 43+n    extensions length
-     *   44+n . 43+n+m  extensions
-     */
-    *p++ = (unsigned char) ssl->session_negotiate->id_len;
-    memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
-    p += ssl->session_negotiate->id_len;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
-    MBEDTLS_SSL_DEBUG_BUF( 3,   "server hello, session id", buf + 39, n );
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
-                   ssl->handshake->resume ? "a" : "no" ) );
-
-    *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite >> 8 );
-    *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite      );
-    *p++ = (unsigned char)( ssl->session_negotiate->compression      );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
-           mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
-                   ssl->session_negotiate->compression ) );
-
-    /* Do not write the extensions if the protocol is SSLv3 */
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-    if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
-    {
-#endif
-
-    /*
-     *  First write extensions, then the total length
-     */
-    ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-    ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-    ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-    ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_ALPN)
-    ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
-#endif
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
-
-    if( ext_len > 0 )
-    {
-        *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
-        *p++ = (unsigned char)( ( ext_len      ) & 0xFF );
-        p += ext_len;
-    }
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-    }
-#endif
-
-    ssl->out_msglen  = p - buf;
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = MBEDTLS_SSL_HS_SERVER_HELLO;
-
-    ret = mbedtls_ssl_write_record( ssl );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
-
-    return( ret );
-}
-
-#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)       && \
-    !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)   && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)  && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
-{
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-        ssl->transform_negotiate->ciphersuite_info;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
-
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-}
-#else
-static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
-{
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-        ssl->transform_negotiate->ciphersuite_info;
-    size_t dn_size, total_dn_size; /* excluding length bytes */
-    size_t ct_len, sa_len; /* including length bytes */
-    unsigned char *buf, *p;
-    const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-    const mbedtls_x509_crt *crt;
-    int authmode;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
-
-    ssl->state++;
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET )
-        authmode = ssl->handshake->sni_authmode;
-    else
-#endif
-        authmode = ssl->conf->authmode;
-
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ||
-        authmode == MBEDTLS_SSL_VERIFY_NONE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
-        return( 0 );
-    }
-
-    /*
-     *     0  .   0   handshake type
-     *     1  .   3   handshake length
-     *     4  .   4   cert type count
-     *     5  .. m-1  cert types
-     *     m  .. m+1  sig alg length (TLS 1.2 only)
-     *    m+1 .. n-1  SignatureAndHashAlgorithms (TLS 1.2 only)
-     *     n  .. n+1  length of all DNs
-     *    n+2 .. n+3  length of DN 1
-     *    n+4 .. ...  Distinguished Name #1
-     *    ... .. ...  length of DN 2, etc.
-     */
-    buf = ssl->out_msg;
-    p = buf + 4;
-
-    /*
-     * Supported certificate types
-     *
-     *     ClientCertificateType certificate_types<1..2^8-1>;
-     *     enum { (255) } ClientCertificateType;
-     */
-    ct_len = 0;
-
-#if defined(MBEDTLS_RSA_C)
-    p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN;
-#endif
-#if defined(MBEDTLS_ECDSA_C)
-    p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN;
-#endif
-
-    p[0] = (unsigned char) ct_len++;
-    p += ct_len;
-
-    sa_len = 0;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    /*
-     * Add signature_algorithms for verify (TLS 1.2)
-     *
-     *     SignatureAndHashAlgorithm supported_signature_algorithms<2..2^16-2>;
-     *
-     *     struct {
-     *           HashAlgorithm hash;
-     *           SignatureAlgorithm signature;
-     *     } SignatureAndHashAlgorithm;
-     *
-     *     enum { (255) } HashAlgorithm;
-     *     enum { (255) } SignatureAlgorithm;
-     */
-    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
-    {
-        const int *cur;
-
-        /*
-         * Supported signature algorithms
-         */
-        for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
-        {
-            unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur );
-
-            if( MBEDTLS_SSL_HASH_NONE == hash || mbedtls_ssl_set_calc_verify_md( ssl, hash ) )
-                continue;
-
-#if defined(MBEDTLS_RSA_C)
-            p[2 + sa_len++] = hash;
-            p[2 + sa_len++] = MBEDTLS_SSL_SIG_RSA;
-#endif
-#if defined(MBEDTLS_ECDSA_C)
-            p[2 + sa_len++] = hash;
-            p[2 + sa_len++] = MBEDTLS_SSL_SIG_ECDSA;
-#endif
-        }
-
-        p[0] = (unsigned char)( sa_len >> 8 );
-        p[1] = (unsigned char)( sa_len      );
-        sa_len += 2;
-        p += sa_len;
-    }
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-    /*
-     * DistinguishedName certificate_authorities<0..2^16-1>;
-     * opaque DistinguishedName<1..2^16-1>;
-     */
-    p += 2;
-
-    total_dn_size = 0;
-
-    if( ssl->conf->cert_req_ca_list ==  MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED )
-    {
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-        if( ssl->handshake->sni_ca_chain != NULL )
-            crt = ssl->handshake->sni_ca_chain;
-        else
-#endif
-            crt = ssl->conf->ca_chain;
-
-        while( crt != NULL && crt->version != 0 )
-        {
-            dn_size = crt->subject_raw.len;
-
-            if( end < p ||
-                (size_t)( end - p ) < dn_size ||
-                (size_t)( end - p ) < 2 + dn_size )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
-                break;
-            }
-
-            *p++ = (unsigned char)( dn_size >> 8 );
-            *p++ = (unsigned char)( dn_size      );
-            memcpy( p, crt->subject_raw.p, dn_size );
-            p += dn_size;
-
-            MBEDTLS_SSL_DEBUG_BUF( 3, "requested DN", p - dn_size, dn_size );
-
-            total_dn_size += 2 + dn_size;
-            crt = crt->next;
-        }
-    }
-
-    ssl->out_msglen  = p - buf;
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST;
-    ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size  >> 8 );
-    ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size       );
-
-    ret = mbedtls_ssl_write_record( ssl );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
-
-    return( ret );
-}
-#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
-{
-    int ret;
-
-    if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECKEY ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
-        return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
-    }
-
-    if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx,
-                                 mbedtls_pk_ec( *mbedtls_ssl_own_key( ssl ) ),
-                                 MBEDTLS_ECDH_OURS ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret );
-        return( ret );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
-static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    size_t n = 0;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-                            ssl->transform_negotiate->ciphersuite_info;
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED)
-    unsigned char *p = ssl->out_msg + 4;
-    size_t len;
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
-    unsigned char *dig_signed = p;
-    size_t dig_signed_len = 0;
-#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
-
-    /*
-     *
-     * Part 1: Extract static ECDH parameters and abort
-     *         if ServerKeyExchange not needed.
-     *
-     */
-
-    /* For suites involving ECDH, extract DH parameters
-     * from certificate at this point. */
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
-    if( mbedtls_ssl_ciphersuite_uses_ecdh( ciphersuite_info ) )
-    {
-        ssl_get_ecdh_params_from_cert( ssl );
-    }
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */
-
-    /* Key exchanges not involving ephemeral keys don't use
-     * ServerKeyExchange, so end here. */
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED)
-    if( mbedtls_ssl_ciphersuite_no_pfs( ciphersuite_info ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
-        ssl->state++;
-        return( 0 );
-    }
-#endif /* MBEDTLS_KEY_EXCHANGE__NON_PFS__ENABLED */
-
-    /*
-     *
-     * Part 2: Provide key exchange parameters for chosen ciphersuite.
-     *
-     */
-
-    /*
-     * - ECJPAKE key exchanges
-     */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
-
-        ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
-                p, end - p, &len, ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
-            return( ret );
-        }
-
-        p += len;
-        n += len;
-    }
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-    /*
-     * For (EC)DHE key exchanges with PSK, parameters are prefixed by support
-     * identity hint (RFC 4279, Sec. 3). Until someone needs this feature,
-     * we use empty support identity hints here.
-     **/
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)   || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
-    {
-        *(p++) = 0x00;
-        *(p++) = 0x00;
-
-        n += 2;
-    }
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-
-    /*
-     * - DHE key exchanges
-     */
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED)
-    if( mbedtls_ssl_ciphersuite_uses_dhe( ciphersuite_info ) )
-    {
-        if( ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "no DH parameters set" ) );
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        }
-
-        /*
-         * Ephemeral DH parameters:
-         *
-         * struct {
-         *     opaque dh_p<1..2^16-1>;
-         *     opaque dh_g<1..2^16-1>;
-         *     opaque dh_Ys<1..2^16-1>;
-         * } ServerDHParams;
-         */
-        if( ( ret = mbedtls_dhm_set_group( &ssl->handshake->dhm_ctx,
-                                           &ssl->conf->dhm_P,
-                                           &ssl->conf->dhm_G ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_set_group", ret );
-            return( ret );
-        }
-
-        if( ( ret = mbedtls_dhm_make_params( &ssl->handshake->dhm_ctx,
-                        (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
-                        p, &len, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_params", ret );
-            return( ret );
-        }
-
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)        
-        dig_signed = p;
-        dig_signed_len = len;
-#endif
-
-        p += len;
-        n += len;
-
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X  );
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P  );
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G  );
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
-    }
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED */
-
-    /*
-     * - ECDHE key exchanges
-     */
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
-    if( mbedtls_ssl_ciphersuite_uses_ecdhe( ciphersuite_info ) )
-    {
-        /*
-         * Ephemeral ECDH parameters:
-         *
-         * struct {
-         *     ECParameters curve_params;
-         *     ECPoint      public;
-         * } ServerECDHParams;
-         */
-        const mbedtls_ecp_curve_info **curve = NULL;
-        const mbedtls_ecp_group_id *gid;
-
-        /* Match our preference list against the offered curves */
-        for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
-            for( curve = ssl->handshake->curves; *curve != NULL; curve++ )
-                if( (*curve)->grp_id == *gid )
-                    goto curve_matching_done;
-
-curve_matching_done:
-        if( curve == NULL || *curve == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "no matching curve for ECDHE" ) );
-            return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN );
-        }
-
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s", (*curve)->name ) );
-
-        if( ( ret = mbedtls_ecp_group_load( &ssl->handshake->ecdh_ctx.grp,
-                                       (*curve)->grp_id ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret );
-            return( ret );
-        }
-
-        if( ( ret = mbedtls_ecdh_make_params( &ssl->handshake->ecdh_ctx, &len,
-                                      p, MBEDTLS_SSL_OUT_CONTENT_LEN - n,
-                                      ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret );
-            return( ret );
-        }
-
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
-        dig_signed     = p;
-        dig_signed_len = len;
-#endif
-
-        p += len;
-        n += len;
-
-        MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Q ", &ssl->handshake->ecdh_ctx.Q );
-    }
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED */
-
-    /*
-     *
-     * Part 3: For key exchanges involving the server signing the
-     *         exchange parameters, compute and add the signature here.
-     *
-     */
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
-    if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
-    {
-        size_t signature_len = 0;
-        unsigned int hashlen = 0;
-        unsigned char hash[64];
-
-        /*
-         * 3.1: Choose hash algorithm:
-         * A: For TLS 1.2, obey signature-hash-algorithm extension 
-         *    to choose appropriate hash.
-         * B: For SSL3, TLS1.0, TLS1.1 and ECDHE_ECDSA, use SHA1
-         *    (RFC 4492, Sec. 5.4)
-         * C: Otherwise, use MD5 + SHA1 (RFC 4346, Sec. 7.4.3)
-         */
-
-        mbedtls_md_type_t md_alg;
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        mbedtls_pk_type_t sig_alg =
-            mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
-        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
-        {
-            /* A: For TLS 1.2, obey signature-hash-algorithm extension
-             *    (RFC 5246, Sec. 7.4.1.4.1). */
-            if( sig_alg == MBEDTLS_PK_NONE ||
-                ( md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
-                                                          sig_alg ) ) == MBEDTLS_MD_NONE )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-                /* (... because we choose a cipher suite 
-                 *      only if there is a matching hash.) */
-                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-            }
-        }
-        else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
-        {
-            /* B: Default hash SHA1 */
-            md_alg = MBEDTLS_MD_SHA1;
-        }
-        else
-#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
-          MBEDTLS_SSL_PROTO_TLS1_1 */
-        {
-            /* C: MD5 + SHA1 */
-            md_alg = MBEDTLS_MD_NONE;
-        }
-
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %d for signing", md_alg ) );
-
-        /*
-         * 3.2: Compute the hash to be signed
-         */
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-        if( md_alg == MBEDTLS_MD_NONE )
-        {
-            hashlen = 36;
-            ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash,
-                                                           dig_signed,
-                                                           dig_signed_len );
-            if( ret != 0 )
-                return( ret );
-        }
-        else
-#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
-          MBEDTLS_SSL_PROTO_TLS1_1 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        if( md_alg != MBEDTLS_MD_NONE )
-        {
-            /* Info from md_alg will be used instead */
-            hashlen = 0;
-            ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash,
-                                                          dig_signed,
-                                                          dig_signed_len,
-                                                          md_alg );
-            if( ret != 0 )
-                return( ret );
-        }
-        else
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
-          MBEDTLS_SSL_PROTO_TLS1_2 */
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen :
-            (unsigned int) ( mbedtls_md_get_size( mbedtls_md_info_from_type( md_alg ) ) ) );
-
-        /*
-         * 3.3: Compute and add the signature
-         */
-        if( mbedtls_ssl_own_key( ssl ) == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key" ) );
-            return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
-        }
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
-        {
-            /*
-             * For TLS 1.2, we need to specify signature and hash algorithm
-             * explicitly through a prefix to the signature.
-             *
-             * struct {
-             *    HashAlgorithm hash;
-             *    SignatureAlgorithm signature;
-             * } SignatureAndHashAlgorithm;
-             *
-             * struct {
-             *    SignatureAndHashAlgorithm algorithm;
-             *    opaque signature<0..2^16-1>;
-             * } DigitallySigned;
-             *
-             */
-
-            *(p++) = mbedtls_ssl_hash_from_md_alg( md_alg );
-            *(p++) = mbedtls_ssl_sig_from_pk_alg( sig_alg );
-
-            n += 2;
-        }
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-        if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ), md_alg, hash, hashlen,
-                        p + 2 , &signature_len, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
-            return( ret );
-        }
-
-        *(p++) = (unsigned char)( signature_len >> 8 );
-        *(p++) = (unsigned char)( signature_len      );
-        n += 2;
-
-        MBEDTLS_SSL_DEBUG_BUF( 3, "my signature", p, signature_len );
-
-        n += signature_len;
-    }
-#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
-
-    /* Done with actual work; add header and send. */
-
-    ssl->out_msglen  = 4 + n;
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE;
-
-    ssl->state++;
-
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server key exchange" ) );
-
-    return( 0 );
-}
-
-static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl )
-{
-    int ret;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello done" ) );
-
-    ssl->out_msglen  = 4;
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = MBEDTLS_SSL_HS_SERVER_HELLO_DONE;
-
-    ssl->state++;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        mbedtls_ssl_send_flight_completed( ssl );
-#endif
-
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello done" ) );
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char **p,
-                                       const unsigned char *end )
-{
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-    size_t n;
-
-    /*
-     * Receive G^Y mod P, premaster = (G^Y)^X mod P
-     */
-    if( *p + 2 > end )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
-    }
-
-    n = ( (*p)[0] << 8 ) | (*p)[1];
-    *p += 2;
-
-    if( *p + n > end )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
-    }
-
-    if( ( ret = mbedtls_dhm_read_public( &ssl->handshake->dhm_ctx, *p, n ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_read_public", ret );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
-    }
-
-    *p += n;
-
-    MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY );
-
-    return( ret );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||                           \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
-                                    const unsigned char *p,
-                                    const unsigned char *end,
-                                    size_t pms_offset )
-{
-    int ret;
-    size_t len = mbedtls_pk_get_len( mbedtls_ssl_own_key( ssl ) );
-    unsigned char *pms = ssl->handshake->premaster + pms_offset;
-    unsigned char ver[2];
-    unsigned char fake_pms[48], peer_pms[48];
-    unsigned char mask;
-    size_t i, peer_pmslen;
-    unsigned int diff;
-
-    if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_RSA ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no RSA private key" ) );
-        return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
-    }
-
-    /*
-     * Decrypt the premaster using own private RSA key
-     */
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
-    {
-        if( *p++ != ( ( len >> 8 ) & 0xFF ) ||
-            *p++ != ( ( len      ) & 0xFF ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
-        }
-    }
-#endif
-
-    if( p + len != end )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
-    }
-
-    mbedtls_ssl_write_version( ssl->handshake->max_major_ver,
-                       ssl->handshake->max_minor_ver,
-                       ssl->conf->transport, ver );
-
-    /*
-     * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
-     * must not cause the connection to end immediately; instead, send a
-     * bad_record_mac later in the handshake.
-     * Also, avoid data-dependant branches here to protect against
-     * timing-based variants.
-     */
-    ret = ssl->conf->f_rng( ssl->conf->p_rng, fake_pms, sizeof( fake_pms ) );
-    if( ret != 0 )
-        return( ret );
-
-    ret = mbedtls_pk_decrypt( mbedtls_ssl_own_key( ssl ), p, len,
-                      peer_pms, &peer_pmslen,
-                      sizeof( peer_pms ),
-                      ssl->conf->f_rng, ssl->conf->p_rng );
-
-    diff  = (unsigned int) ret;
-    diff |= peer_pmslen ^ 48;
-    diff |= peer_pms[0] ^ ver[0];
-    diff |= peer_pms[1] ^ ver[1];
-
-#if defined(MBEDTLS_SSL_DEBUG_ALL)
-    if( diff != 0 )
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-#endif
-
-    if( sizeof( ssl->handshake->premaster ) < pms_offset ||
-        sizeof( ssl->handshake->premaster ) - pms_offset < 48 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-    ssl->handshake->pmslen = 48;
-
-    /* mask = diff ? 0xff : 0x00 using bit operations to avoid branches */
-    /* MSVC has a warning about unary minus on unsigned, but this is
-     * well-defined and precisely what we want to do here */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
-    mask = - ( ( diff | - diff ) >> ( sizeof( unsigned int ) * 8 - 1 ) );
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-
-    for( i = 0; i < ssl->handshake->pmslen; i++ )
-        pms[i] = ( mask & fake_pms[i] ) | ( (~mask) & peer_pms[i] );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned char **p,
-                                          const unsigned char *end )
-{
-    int ret = 0;
-    size_t n;
-
-    if( ssl->conf->f_psk == NULL &&
-        ( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ||
-          ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no pre-shared key" ) );
-        return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
-    }
-
-    /*
-     * Receive client pre-shared key identity name
-     */
-    if( end - *p < 2 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
-    }
-
-    n = ( (*p)[0] << 8 ) | (*p)[1];
-    *p += 2;
-
-    if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
-    }
-
-    if( ssl->conf->f_psk != NULL )
-    {
-        if( ssl->conf->f_psk( ssl->conf->p_psk, ssl, *p, n ) != 0 )
-            ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
-    }
-    else
-    {
-        /* Identity is not a big secret since clients send it in the clear,
-         * but treat it carefully anyway, just in case */
-        if( n != ssl->conf->psk_identity_len ||
-            mbedtls_ssl_safer_memcmp( ssl->conf->psk_identity, *p, n ) != 0 )
-        {
-            ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
-        }
-    }
-
-    if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY )
-    {
-        MBEDTLS_SSL_DEBUG_BUF( 3, "Unknown PSK identity", *p, n );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY );
-        return( MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY );
-    }
-
-    *p += n;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
-
-static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-    unsigned char *p, *end;
-
-    ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) );
-
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
-    }
-
-    p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
-    end = ssl->in_msg + ssl->in_hslen;
-
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
-    }
-
-    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
-    }
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA )
-    {
-        if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret );
-            return( ret );
-        }
-
-        if( p != end )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
-        }
-
-        if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
-                                      ssl->handshake->premaster,
-                                      MBEDTLS_PREMASTER_SIZE,
-                                     &ssl->handshake->pmslen,
-                                      ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
-        }
-
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K  );
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
-    {
-        if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx,
-                                      p, end - p) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
-        }
-
-        MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
-
-        if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
-                                      &ssl->handshake->pmslen,
-                                       ssl->handshake->premaster,
-                                       MBEDTLS_MPI_MAX_SIZE,
-                                       ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS );
-        }
-
-        MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z  ", &ssl->handshake->ecdh_ctx.z );
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
-    {
-        if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
-            return( ret );
-        }
-
-        if( p != end )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
-        }
-
-        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
-                        ciphersuite_info->key_exchange ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
-            return( ret );
-        }
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
-    {
-        if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
-            return( ret );
-        }
-
-        if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 2 ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_encrypted_pms" ), ret );
-            return( ret );
-        }
-
-        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
-                        ciphersuite_info->key_exchange ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
-            return( ret );
-        }
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
-    {
-        if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
-            return( ret );
-        }
-        if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret );
-            return( ret );
-        }
-
-        if( p != end )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
-        }
-
-        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
-                        ciphersuite_info->key_exchange ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
-            return( ret );
-        }
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
-    {
-        if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret );
-            return( ret );
-        }
-
-        if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx,
-                                       p, end - p ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP );
-        }
-
-        MBEDTLS_SSL_DEBUG_ECP( 3, "ECDH: Qp ", &ssl->handshake->ecdh_ctx.Qp );
-
-        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
-                        ciphersuite_info->key_exchange ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
-            return( ret );
-        }
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
-    {
-        if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 0 ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_parse_encrypted_pms_secret" ), ret );
-            return( ret );
-        }
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx,
-                                              p, end - p );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-        }
-
-        ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx,
-                ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
-                ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret );
-            return( ret );
-        }
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
-        return( ret );
-    }
-
-    ssl->state++;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client key exchange" ) );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)       && \
-    !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)   && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)  && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
-{
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-        ssl->transform_negotiate->ciphersuite_info;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
-
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-}
-#else
-static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
-{
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-    size_t i, sig_len;
-    unsigned char hash[48];
-    unsigned char *hash_start = hash;
-    size_t hashlen;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    mbedtls_pk_type_t pk_alg;
-#endif
-    mbedtls_md_type_t md_alg;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-        ssl->transform_negotiate->ciphersuite_info;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
-
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ||
-        ssl->session_negotiate->peer_cert == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-    /* Read the message without adding it to the checksum */
-    do {
-
-        if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
-            return( ret );
-        }
-
-        ret = mbedtls_ssl_handle_message_type( ssl );
-
-    } while( MBEDTLS_ERR_SSL_NON_FATAL == ret );
-
-    if( 0 != ret )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret );
-        return( ret );
-    }
-
-    ssl->state++;
-
-    /* Process the message contents */
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
-        ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
-    }
-
-    i = mbedtls_ssl_hs_hdr_len( ssl );
-
-    /*
-     *  struct {
-     *     SignatureAndHashAlgorithm algorithm; -- TLS 1.2 only
-     *     opaque signature<0..2^16-1>;
-     *  } DigitallySigned;
-     */
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-    if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
-    {
-        md_alg = MBEDTLS_MD_NONE;
-        hashlen = 36;
-
-        /* For ECDSA, use SHA-1, not MD-5 + SHA-1 */
-        if( mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
-                        MBEDTLS_PK_ECDSA ) )
-        {
-            hash_start += 16;
-            hashlen -= 16;
-            md_alg = MBEDTLS_MD_SHA1;
-        }
-    }
-    else
-#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 ||
-          MBEDTLS_SSL_PROTO_TLS1_1 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
-    {
-        if( i + 2 > ssl->in_hslen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
-        }
-
-        /*
-         * Hash
-         */
-        md_alg = mbedtls_ssl_md_alg_from_hash( ssl->in_msg[i] );
-
-        if( md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md( ssl, ssl->in_msg[i] ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
-                                " for verify message" ) );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
-        }
-
-#if !defined(MBEDTLS_MD_SHA1)
-        if( MBEDTLS_MD_SHA1 == md_alg )
-            hash_start += 16;
-#endif
-
-        /* Info from md_alg will be used instead */
-        hashlen = 0;
-
-        i++;
-
-        /*
-         * Signature
-         */
-        if( ( pk_alg = mbedtls_ssl_pk_alg_from_sig( ssl->in_msg[i] ) )
-                        == MBEDTLS_PK_NONE )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
-                                " for verify message" ) );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
-        }
-
-        /*
-         * Check the certificate's key type matches the signature alg
-         */
-        if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
-        }
-
-        i++;
-    }
-    else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    if( i + 2 > ssl->in_hslen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
-    }
-
-    sig_len = ( ssl->in_msg[i] << 8 ) | ssl->in_msg[i+1];
-    i += 2;
-
-    if( i + sig_len != ssl->in_hslen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
-    }
-
-    /* Calculate hash and verify signature */
-    ssl->handshake->calc_verify( ssl, hash );
-
-    if( ( ret = mbedtls_pk_verify( &ssl->session_negotiate->peer_cert->pk,
-                           md_alg, hash_start, hashlen,
-                           ssl->in_msg + i, sig_len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
-        return( ret );
-    }
-
-    mbedtls_ssl_update_handshake_status( ssl );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
-
-    return( ret );
-}
-#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED &&
-          !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    size_t tlen;
-    uint32_t lifetime;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write new session ticket" ) );
-
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = MBEDTLS_SSL_HS_NEW_SESSION_TICKET;
-
-    /*
-     * struct {
-     *     uint32 ticket_lifetime_hint;
-     *     opaque ticket<0..2^16-1>;
-     * } NewSessionTicket;
-     *
-     * 4  .  7   ticket_lifetime_hint (0 = unspecified)
-     * 8  .  9   ticket_len (n)
-     * 10 .  9+n ticket content
-     */
-
-    if( ( ret = ssl->conf->f_ticket_write( ssl->conf->p_ticket,
-                                ssl->session_negotiate,
-                                ssl->out_msg + 10,
-                                ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN,
-                                &tlen, &lifetime ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_write", ret );
-        tlen = 0;
-    }
-
-    ssl->out_msg[4] = ( lifetime >> 24 ) & 0xFF;
-    ssl->out_msg[5] = ( lifetime >> 16 ) & 0xFF;
-    ssl->out_msg[6] = ( lifetime >>  8 ) & 0xFF;
-    ssl->out_msg[7] = ( lifetime       ) & 0xFF;
-
-    ssl->out_msg[8] = (unsigned char)( ( tlen >> 8 ) & 0xFF );
-    ssl->out_msg[9] = (unsigned char)( ( tlen      ) & 0xFF );
-
-    ssl->out_msglen = 10 + tlen;
-
-    /*
-     * Morally equivalent to updating ssl->state, but NewSessionTicket and
-     * ChangeCipherSpec share the same state.
-     */
-    ssl->handshake->new_session_ticket = 0;
-
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-/*
- * SSL handshake -- server side -- single step
- */
-int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl )
-{
-    int ret = 0;
-
-    if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) );
-
-    if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
-        return( ret );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
-    {
-        if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
-            return( ret );
-    }
-#endif
-
-    switch( ssl->state )
-    {
-        case MBEDTLS_SSL_HELLO_REQUEST:
-            ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
-            break;
-
-        /*
-         *  <==   ClientHello
-         */
-        case MBEDTLS_SSL_CLIENT_HELLO:
-            ret = ssl_parse_client_hello( ssl );
-            break;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-        case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT:
-            return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
-#endif
-
-        /*
-         *  ==>   ServerHello
-         *        Certificate
-         *      ( ServerKeyExchange  )
-         *      ( CertificateRequest )
-         *        ServerHelloDone
-         */
-        case MBEDTLS_SSL_SERVER_HELLO:
-            ret = ssl_write_server_hello( ssl );
-            break;
-
-        case MBEDTLS_SSL_SERVER_CERTIFICATE:
-            ret = mbedtls_ssl_write_certificate( ssl );
-            break;
-
-        case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
-            ret = ssl_write_server_key_exchange( ssl );
-            break;
-
-        case MBEDTLS_SSL_CERTIFICATE_REQUEST:
-            ret = ssl_write_certificate_request( ssl );
-            break;
-
-        case MBEDTLS_SSL_SERVER_HELLO_DONE:
-            ret = ssl_write_server_hello_done( ssl );
-            break;
-
-        /*
-         *  <== ( Certificate/Alert  )
-         *        ClientKeyExchange
-         *      ( CertificateVerify  )
-         *        ChangeCipherSpec
-         *        Finished
-         */
-        case MBEDTLS_SSL_CLIENT_CERTIFICATE:
-            ret = mbedtls_ssl_parse_certificate( ssl );
-            break;
-
-        case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
-            ret = ssl_parse_client_key_exchange( ssl );
-            break;
-
-        case MBEDTLS_SSL_CERTIFICATE_VERIFY:
-            ret = ssl_parse_certificate_verify( ssl );
-            break;
-
-        case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
-            ret = mbedtls_ssl_parse_change_cipher_spec( ssl );
-            break;
-
-        case MBEDTLS_SSL_CLIENT_FINISHED:
-            ret = mbedtls_ssl_parse_finished( ssl );
-            break;
-
-        /*
-         *  ==> ( NewSessionTicket )
-         *        ChangeCipherSpec
-         *        Finished
-         */
-        case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-            if( ssl->handshake->new_session_ticket != 0 )
-                ret = ssl_write_new_session_ticket( ssl );
-            else
-#endif
-                ret = mbedtls_ssl_write_change_cipher_spec( ssl );
-            break;
-
-        case MBEDTLS_SSL_SERVER_FINISHED:
-            ret = mbedtls_ssl_write_finished( ssl );
-            break;
-
-        case MBEDTLS_SSL_FLUSH_BUFFERS:
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
-            ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
-            break;
-
-        case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
-            mbedtls_ssl_handshake_wrapup( ssl );
-            break;
-
-        default:
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    return( ret );
-}
-#endif /* MBEDTLS_SSL_SRV_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/ssl_ticket.c b/components/ssl/mbedtls/mbedtls/library/ssl_ticket.c
deleted file mode 100644
index 4d9116d2..00000000
--- a/components/ssl/mbedtls/mbedtls/library/ssl_ticket.c
+++ /dev/null
@@ -1,489 +0,0 @@
-/*
- *  TLS server tickets callbacks implementation
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_SSL_TICKET_C)
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc    calloc
-#define mbedtls_free      free
-#endif
-
-#include "mbedtls/ssl_ticket.h"
-
-#include <string.h>
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- * Initialze context
- */
-void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_ssl_ticket_context ) );
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
-#endif
-}
-
-#define MAX_KEY_BYTES 32    /* 256 bits */
-
-/*
- * Generate/update a key
- */
-static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx,
-                               unsigned char index )
-{
-    int ret;
-    unsigned char buf[MAX_KEY_BYTES];
-    mbedtls_ssl_ticket_key *key = ctx->keys + index;
-
-#if defined(MBEDTLS_HAVE_TIME)
-    key->generation_time = (uint32_t) mbedtls_time( NULL );
-#endif
-
-    if( ( ret = ctx->f_rng( ctx->p_rng, key->name, sizeof( key->name ) ) ) != 0 )
-        return( ret );
-
-    if( ( ret = ctx->f_rng( ctx->p_rng, buf, sizeof( buf ) ) ) != 0 )
-        return( ret );
-
-    /* With GCM and CCM, same context can encrypt & decrypt */
-    ret = mbedtls_cipher_setkey( &key->ctx, buf,
-                                 mbedtls_cipher_get_key_bitlen( &key->ctx ),
-                                 MBEDTLS_ENCRYPT );
-
-    mbedtls_zeroize( buf, sizeof( buf ) );
-
-    return( ret );
-}
-
-/*
- * Rotate/generate keys if necessary
- */
-static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx )
-{
-#if !defined(MBEDTLS_HAVE_TIME)
-    ((void) ctx);
-#else
-    if( ctx->ticket_lifetime != 0 )
-    {
-        uint32_t current_time = (uint32_t) mbedtls_time( NULL );
-        uint32_t key_time = ctx->keys[ctx->active].generation_time;
-
-        if( current_time > key_time &&
-            current_time - key_time < ctx->ticket_lifetime )
-        {
-            return( 0 );
-        }
-
-        ctx->active = 1 - ctx->active;
-
-        return( ssl_ticket_gen_key( ctx, ctx->active ) );
-    }
-    else
-#endif /* MBEDTLS_HAVE_TIME */
-        return( 0 );
-}
-
-/*
- * Setup context for actual use
- */
-int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
-    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-    mbedtls_cipher_type_t cipher,
-    uint32_t lifetime )
-{
-    int ret;
-    const mbedtls_cipher_info_t *cipher_info;
-
-    ctx->f_rng = f_rng;
-    ctx->p_rng = p_rng;
-
-    ctx->ticket_lifetime = lifetime;
-
-    cipher_info = mbedtls_cipher_info_from_type( cipher);
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    if( cipher_info->mode != MBEDTLS_MODE_GCM &&
-        cipher_info->mode != MBEDTLS_MODE_CCM )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 ||
-        ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 ||
-        ( ret = ssl_ticket_gen_key( ctx, 1 ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    return( 0 );
-}
-
-/*
- * Serialize a session in the following format:
- *  0   .   n-1     session structure, n = sizeof(mbedtls_ssl_session)
- *  n   .   n+2     peer_cert length = m (0 if no certificate)
- *  n+3 .   n+2+m   peer cert ASN.1
- */
-static int ssl_save_session( const mbedtls_ssl_session *session,
-                             unsigned char *buf, size_t buf_len,
-                             size_t *olen )
-{
-    unsigned char *p = buf;
-    size_t left = buf_len;
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    size_t cert_len;
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-    if( left < sizeof( mbedtls_ssl_session ) )
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-
-    memcpy( p, session, sizeof( mbedtls_ssl_session ) );
-    p += sizeof( mbedtls_ssl_session );
-    left -= sizeof( mbedtls_ssl_session );
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    if( session->peer_cert == NULL )
-        cert_len = 0;
-    else
-        cert_len = session->peer_cert->raw.len;
-
-    if( left < 3 + cert_len )
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-
-    *p++ = (unsigned char)( cert_len >> 16 & 0xFF );
-    *p++ = (unsigned char)( cert_len >>  8 & 0xFF );
-    *p++ = (unsigned char)( cert_len       & 0xFF );
-
-    if( session->peer_cert != NULL )
-        memcpy( p, session->peer_cert->raw.p, cert_len );
-
-    p += cert_len;
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-    *olen = p - buf;
-
-    return( 0 );
-}
-
-/*
- * Unserialise session, see ssl_save_session()
- */
-static int ssl_load_session( mbedtls_ssl_session *session,
-                             const unsigned char *buf, size_t len )
-{
-    const unsigned char *p = buf;
-    const unsigned char * const end = buf + len;
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    size_t cert_len;
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-    if( p + sizeof( mbedtls_ssl_session ) > end )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    memcpy( session, p, sizeof( mbedtls_ssl_session ) );
-    p += sizeof( mbedtls_ssl_session );
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    if( p + 3 > end )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
-    p += 3;
-
-    if( cert_len == 0 )
-    {
-        session->peer_cert = NULL;
-    }
-    else
-    {
-        int ret;
-
-        if( p + cert_len > end )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-        session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
-
-        if( session->peer_cert == NULL )
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-
-        mbedtls_x509_crt_init( session->peer_cert );
-
-        if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert,
-                                        p, cert_len ) ) != 0 )
-        {
-            mbedtls_x509_crt_free( session->peer_cert );
-            mbedtls_free( session->peer_cert );
-            session->peer_cert = NULL;
-            return( ret );
-        }
-
-        p += cert_len;
-    }
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-    if( p != end )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    return( 0 );
-}
-
-/*
- * Create session ticket, with the following structure:
- *
- *    struct {
- *        opaque key_name[4];
- *        opaque iv[12];
- *        opaque encrypted_state<0..2^16-1>;
- *        opaque tag[16];
- *    } ticket;
- *
- * The key_name, iv, and length of encrypted_state are the additional
- * authenticated data.
- */
-int mbedtls_ssl_ticket_write( void *p_ticket,
-                              const mbedtls_ssl_session *session,
-                              unsigned char *start,
-                              const unsigned char *end,
-                              size_t *tlen,
-                              uint32_t *ticket_lifetime )
-{
-    int ret;
-    mbedtls_ssl_ticket_context *ctx = p_ticket;
-    mbedtls_ssl_ticket_key *key;
-    unsigned char *key_name = start;
-    unsigned char *iv = start + 4;
-    unsigned char *state_len_bytes = iv + 12;
-    unsigned char *state = state_len_bytes + 2;
-    unsigned char *tag;
-    size_t clear_len, ciph_len;
-
-    *tlen = 0;
-
-    if( ctx == NULL || ctx->f_rng == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    /* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag,
-     * in addition to session itself, that will be checked when writing it. */
-    if( end - start < 4 + 12 + 2 + 16 )
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 )
-        goto cleanup;
-
-    key = &ctx->keys[ctx->active];
-
-    *ticket_lifetime = ctx->ticket_lifetime;
-
-    memcpy( key_name, key->name, 4 );
-
-    if( ( ret = ctx->f_rng( ctx->p_rng, iv, 12 ) ) != 0 )
-        goto cleanup;
-
-    /* Dump session state */
-    if( ( ret = ssl_save_session( session,
-                                  state, end - state, &clear_len ) ) != 0 ||
-        (unsigned long) clear_len > 65535 )
-    {
-         goto cleanup;
-    }
-    state_len_bytes[0] = ( clear_len >> 8 ) & 0xff;
-    state_len_bytes[1] = ( clear_len      ) & 0xff;
-
-    /* Encrypt and authenticate */
-    tag = state + clear_len;
-    if( ( ret = mbedtls_cipher_auth_encrypt( &key->ctx,
-                    iv, 12, key_name, 4 + 12 + 2,
-                    state, clear_len, state, &ciph_len, tag, 16 ) ) != 0 )
-    {
-        goto cleanup;
-    }
-    if( ciph_len != clear_len )
-    {
-        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-        goto cleanup;
-    }
-
-    *tlen = 4 + 12 + 2 + 16 + ciph_len;
-
-cleanup:
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    return( ret );
-}
-
-/*
- * Select key based on name
- */
-static mbedtls_ssl_ticket_key *ssl_ticket_select_key(
-        mbedtls_ssl_ticket_context *ctx,
-        const unsigned char name[4] )
-{
-    unsigned char i;
-
-    for( i = 0; i < sizeof( ctx->keys ) / sizeof( *ctx->keys ); i++ )
-        if( memcmp( name, ctx->keys[i].name, 4 ) == 0 )
-            return( &ctx->keys[i] );
-
-    return( NULL );
-}
-
-/*
- * Load session ticket (see mbedtls_ssl_ticket_write for structure)
- */
-int mbedtls_ssl_ticket_parse( void *p_ticket,
-                              mbedtls_ssl_session *session,
-                              unsigned char *buf,
-                              size_t len )
-{
-    int ret;
-    mbedtls_ssl_ticket_context *ctx = p_ticket;
-    mbedtls_ssl_ticket_key *key;
-    unsigned char *key_name = buf;
-    unsigned char *iv = buf + 4;
-    unsigned char *enc_len_p = iv + 12;
-    unsigned char *ticket = enc_len_p + 2;
-    unsigned char *tag;
-    size_t enc_len, clear_len;
-
-    if( ctx == NULL || ctx->f_rng == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    /* See mbedtls_ssl_ticket_write() */
-    if( len < 4 + 12 + 2 + 16 )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 )
-        goto cleanup;
-
-    enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1];
-    tag = ticket + enc_len;
-
-    if( len != 4 + 12 + 2 + enc_len + 16 )
-    {
-        ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    /* Select key */
-    if( ( key = ssl_ticket_select_key( ctx, key_name ) ) == NULL )
-    {
-        /* We can't know for sure but this is a likely option unless we're
-         * under attack - this is only informative anyway */
-        ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
-        goto cleanup;
-    }
-
-    /* Decrypt and authenticate */
-    if( ( ret = mbedtls_cipher_auth_decrypt( &key->ctx, iv, 12,
-                    key_name, 4 + 12 + 2, ticket, enc_len,
-                    ticket, &clear_len, tag, 16 ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
-            ret = MBEDTLS_ERR_SSL_INVALID_MAC;
-
-        goto cleanup;
-    }
-    if( clear_len != enc_len )
-    {
-        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-        goto cleanup;
-    }
-
-    /* Actually load session */
-    if( ( ret = ssl_load_session( session, ticket, clear_len ) ) != 0 )
-        goto cleanup;
-
-#if defined(MBEDTLS_HAVE_TIME)
-    {
-        /* Check for expiration */
-        mbedtls_time_t current_time = mbedtls_time( NULL );
-
-        if( current_time < session->start ||
-            (uint32_t)( current_time - session->start ) > ctx->ticket_lifetime )
-        {
-            ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
-            goto cleanup;
-        }
-    }
-#endif
-
-cleanup:
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    return( ret );
-}
-
-/*
- * Free context
- */
-void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx )
-{
-    mbedtls_cipher_free( &ctx->keys[0].ctx );
-    mbedtls_cipher_free( &ctx->keys[1].ctx );
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free( &ctx->mutex );
-#endif
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) );
-}
-
-#endif /* MBEDTLS_SSL_TICKET_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/ssl_tls.c b/components/ssl/mbedtls/mbedtls/library/ssl_tls.c
deleted file mode 100644
index e21125d1..00000000
--- a/components/ssl/mbedtls/mbedtls/library/ssl_tls.c
+++ /dev/null
@@ -1,8309 +0,0 @@
-/*
- *  SSLv3/TLSv1 shared functions
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  The SSL 3.0 specification was drafted by Netscape in 1996,
- *  and became an IETF standard in 1999.
- *
- *  http://wp.netscape.com/eng/ssl3/
- *  http://www.ietf.org/rfc/rfc2246.txt
- *  http://www.ietf.org/rfc/rfc4346.txt
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C)
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_calloc    calloc
-#define mbedtls_free      free
-#endif
-
-#include "mbedtls/debug.h"
-#include "mbedtls/ssl.h"
-#include "mbedtls/ssl_internal.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#include "mbedtls/oid.h"
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/* Length of the "epoch" field in the record header */
-static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
-{
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        return( 2 );
-#else
-    ((void) ssl);
-#endif
-    return( 0 );
-}
-
-/*
- * Start a timer.
- * Passing millisecs = 0 cancels a running timer.
- */
-static void ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs )
-{
-    if( ssl->f_set_timer == NULL )
-        return;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "set_timer to %d ms", (int) millisecs ) );
-    ssl->f_set_timer( ssl->p_timer, millisecs / 4, millisecs );
-}
-
-/*
- * Return -1 is timer is expired, 0 if it isn't.
- */
-static int ssl_check_timer( mbedtls_ssl_context *ssl )
-{
-    if( ssl->f_get_timer == NULL )
-        return( 0 );
-
-    if( ssl->f_get_timer( ssl->p_timer ) == 2 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) );
-        return( -1 );
-    }
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-/*
- * Double the retransmit timeout value, within the allowed range,
- * returning -1 if the maximum value has already been reached.
- */
-static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
-{
-    uint32_t new_timeout;
-
-    if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max )
-        return( -1 );
-
-    new_timeout = 2 * ssl->handshake->retransmit_timeout;
-
-    /* Avoid arithmetic overflow and range overflow */
-    if( new_timeout < ssl->handshake->retransmit_timeout ||
-        new_timeout > ssl->conf->hs_timeout_max )
-    {
-        new_timeout = ssl->conf->hs_timeout_max;
-    }
-
-    ssl->handshake->retransmit_timeout = new_timeout;
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
-                        ssl->handshake->retransmit_timeout ) );
-
-    return( 0 );
-}
-
-static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
-{
-    ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
-                        ssl->handshake->retransmit_timeout ) );
-}
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-/*
- * Convert max_fragment_length codes to length.
- * RFC 6066 says:
- *    enum{
- *        2^9(1), 2^10(2), 2^11(3), 2^12(4), (255)
- *    } MaxFragmentLength;
- * and we add 0 -> extension unused
- */
-static unsigned int ssl_mfl_code_to_length( int mfl )
-{
-    switch( mfl )
-    {
-    case MBEDTLS_SSL_MAX_FRAG_LEN_NONE:
-        return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN );
-    case MBEDTLS_SSL_MAX_FRAG_LEN_512:
-        return 512;
-    case MBEDTLS_SSL_MAX_FRAG_LEN_1024:
-        return 1024;
-    case MBEDTLS_SSL_MAX_FRAG_LEN_2048:
-        return 2048;
-    case MBEDTLS_SSL_MAX_FRAG_LEN_4096:
-        return 4096;
-    default:
-        return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN );
-    }
-}
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_CLI_C)
-static int ssl_session_copy( mbedtls_ssl_session *dst, const mbedtls_ssl_session *src )
-{
-    mbedtls_ssl_session_free( dst );
-    memcpy( dst, src, sizeof( mbedtls_ssl_session ) );
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    if( src->peer_cert != NULL )
-    {
-        int ret;
-
-        dst->peer_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
-        if( dst->peer_cert == NULL )
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-
-        mbedtls_x509_crt_init( dst->peer_cert );
-
-        if( ( ret = mbedtls_x509_crt_parse_der( dst->peer_cert, src->peer_cert->raw.p,
-                                        src->peer_cert->raw.len ) ) != 0 )
-        {
-            mbedtls_free( dst->peer_cert );
-            dst->peer_cert = NULL;
-            return( ret );
-        }
-    }
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
-    if( src->ticket != NULL )
-    {
-        dst->ticket = mbedtls_calloc( 1, src->ticket_len );
-        if( dst->ticket == NULL )
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-
-        memcpy( dst->ticket, src->ticket, src->ticket_len );
-    }
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_CLI_C */
-
-#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
-int (*mbedtls_ssl_hw_record_init)( mbedtls_ssl_context *ssl,
-                     const unsigned char *key_enc, const unsigned char *key_dec,
-                     size_t keylen,
-                     const unsigned char *iv_enc,  const unsigned char *iv_dec,
-                     size_t ivlen,
-                     const unsigned char *mac_enc, const unsigned char *mac_dec,
-                     size_t maclen ) = NULL;
-int (*mbedtls_ssl_hw_record_activate)( mbedtls_ssl_context *ssl, int direction) = NULL;
-int (*mbedtls_ssl_hw_record_reset)( mbedtls_ssl_context *ssl ) = NULL;
-int (*mbedtls_ssl_hw_record_write)( mbedtls_ssl_context *ssl ) = NULL;
-int (*mbedtls_ssl_hw_record_read)( mbedtls_ssl_context *ssl ) = NULL;
-int (*mbedtls_ssl_hw_record_finish)( mbedtls_ssl_context *ssl ) = NULL;
-#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
-
-/*
- * Key material generation
- */
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-static int ssl3_prf( const unsigned char *secret, size_t slen,
-                     const char *label,
-                     const unsigned char *random, size_t rlen,
-                     unsigned char *dstbuf, size_t dlen )
-{
-    int ret = 0;
-    size_t i;
-    mbedtls_md5_context md5;
-    mbedtls_sha1_context sha1;
-    unsigned char padding[16];
-    unsigned char sha1sum[20];
-    ((void)label);
-
-    mbedtls_md5_init(  &md5  );
-    mbedtls_sha1_init( &sha1 );
-
-    /*
-     *  SSLv3:
-     *    block =
-     *      MD5( secret + SHA1( 'A'    + secret + random ) ) +
-     *      MD5( secret + SHA1( 'BB'   + secret + random ) ) +
-     *      MD5( secret + SHA1( 'CCC'  + secret + random ) ) +
-     *      ...
-     */
-    for( i = 0; i < dlen / 16; i++ )
-    {
-        memset( padding, (unsigned char) ('A' + i), 1 + i );
-
-        if( ( ret = mbedtls_sha1_starts_ret( &sha1 ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_sha1_update_ret( &sha1, padding, 1 + i ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_sha1_update_ret( &sha1, secret, slen ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_sha1_update_ret( &sha1, random, rlen ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_sha1_finish_ret( &sha1, sha1sum ) ) != 0 )
-            goto exit;
-
-        if( ( ret = mbedtls_md5_starts_ret( &md5 ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_md5_update_ret( &md5, secret, slen ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_md5_update_ret( &md5, sha1sum, 20 ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_md5_finish_ret( &md5, dstbuf + i * 16 ) ) != 0 )
-            goto exit;
-    }
-
-exit:
-    mbedtls_md5_free(  &md5  );
-    mbedtls_sha1_free( &sha1 );
-
-    mbedtls_zeroize( padding, sizeof( padding ) );
-    mbedtls_zeroize( sha1sum, sizeof( sha1sum ) );
-
-    return( ret );
-}
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-static int tls1_prf( const unsigned char *secret, size_t slen,
-                     const char *label,
-                     const unsigned char *random, size_t rlen,
-                     unsigned char *dstbuf, size_t dlen )
-{
-    size_t nb, hs;
-    size_t i, j, k;
-    const unsigned char *S1, *S2;
-    unsigned char tmp[128];
-    unsigned char h_i[20];
-    const mbedtls_md_info_t *md_info;
-    mbedtls_md_context_t md_ctx;
-    int ret;
-
-    mbedtls_md_init( &md_ctx );
-
-    if( sizeof( tmp ) < 20 + strlen( label ) + rlen )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    hs = ( slen + 1 ) / 2;
-    S1 = secret;
-    S2 = secret + slen - hs;
-
-    nb = strlen( label );
-    memcpy( tmp + 20, label, nb );
-    memcpy( tmp + 20 + nb, random, rlen );
-    nb += rlen;
-
-    /*
-     * First compute P_md5(secret,label+random)[0..dlen]
-     */
-    if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
-        return( ret );
-
-    mbedtls_md_hmac_starts( &md_ctx, S1, hs );
-    mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
-    mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
-
-    for( i = 0; i < dlen; i += 16 )
-    {
-        mbedtls_md_hmac_reset ( &md_ctx );
-        mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 + nb );
-        mbedtls_md_hmac_finish( &md_ctx, h_i );
-
-        mbedtls_md_hmac_reset ( &md_ctx );
-        mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 );
-        mbedtls_md_hmac_finish( &md_ctx, 4 + tmp );
-
-        k = ( i + 16 > dlen ) ? dlen % 16 : 16;
-
-        for( j = 0; j < k; j++ )
-            dstbuf[i + j]  = h_i[j];
-    }
-
-    mbedtls_md_free( &md_ctx );
-
-    /*
-     * XOR out with P_sha1(secret,label+random)[0..dlen]
-     */
-    if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
-        return( ret );
-
-    mbedtls_md_hmac_starts( &md_ctx, S2, hs );
-    mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb );
-    mbedtls_md_hmac_finish( &md_ctx, tmp );
-
-    for( i = 0; i < dlen; i += 20 )
-    {
-        mbedtls_md_hmac_reset ( &md_ctx );
-        mbedtls_md_hmac_update( &md_ctx, tmp, 20 + nb );
-        mbedtls_md_hmac_finish( &md_ctx, h_i );
-
-        mbedtls_md_hmac_reset ( &md_ctx );
-        mbedtls_md_hmac_update( &md_ctx, tmp, 20 );
-        mbedtls_md_hmac_finish( &md_ctx, tmp );
-
-        k = ( i + 20 > dlen ) ? dlen % 20 : 20;
-
-        for( j = 0; j < k; j++ )
-            dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] );
-    }
-
-    mbedtls_md_free( &md_ctx );
-
-    mbedtls_zeroize( tmp, sizeof( tmp ) );
-    mbedtls_zeroize( h_i, sizeof( h_i ) );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-static int tls_prf_generic( mbedtls_md_type_t md_type,
-                            const unsigned char *secret, size_t slen,
-                            const char *label,
-                            const unsigned char *random, size_t rlen,
-                            unsigned char *dstbuf, size_t dlen )
-{
-    size_t nb;
-    size_t i, j, k, md_len;
-    unsigned char tmp[128];
-    unsigned char h_i[MBEDTLS_MD_MAX_SIZE];
-    const mbedtls_md_info_t *md_info;
-    mbedtls_md_context_t md_ctx;
-    int ret;
-
-    mbedtls_md_init( &md_ctx );
-
-    if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL )
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-
-    md_len = mbedtls_md_get_size( md_info );
-
-    if( sizeof( tmp ) < md_len + strlen( label ) + rlen )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    nb = strlen( label );
-    memcpy( tmp + md_len, label, nb );
-    memcpy( tmp + md_len + nb, random, rlen );
-    nb += rlen;
-
-    /*
-     * Compute P_<hash>(secret, label + random)[0..dlen]
-     */
-    if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
-        return( ret );
-
-    mbedtls_md_hmac_starts( &md_ctx, secret, slen );
-    mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb );
-    mbedtls_md_hmac_finish( &md_ctx, tmp );
-
-    for( i = 0; i < dlen; i += md_len )
-    {
-        mbedtls_md_hmac_reset ( &md_ctx );
-        mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb );
-        mbedtls_md_hmac_finish( &md_ctx, h_i );
-
-        mbedtls_md_hmac_reset ( &md_ctx );
-        mbedtls_md_hmac_update( &md_ctx, tmp, md_len );
-        mbedtls_md_hmac_finish( &md_ctx, tmp );
-
-        k = ( i + md_len > dlen ) ? dlen % md_len : md_len;
-
-        for( j = 0; j < k; j++ )
-            dstbuf[i + j]  = h_i[j];
-    }
-
-    mbedtls_md_free( &md_ctx );
-
-    mbedtls_zeroize( tmp, sizeof( tmp ) );
-    mbedtls_zeroize( h_i, sizeof( h_i ) );
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_SHA256_C)
-static int tls_prf_sha256( const unsigned char *secret, size_t slen,
-                           const char *label,
-                           const unsigned char *random, size_t rlen,
-                           unsigned char *dstbuf, size_t dlen )
-{
-    return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen,
-                             label, random, rlen, dstbuf, dlen ) );
-}
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-static int tls_prf_sha384( const unsigned char *secret, size_t slen,
-                           const char *label,
-                           const unsigned char *random, size_t rlen,
-                           unsigned char *dstbuf, size_t dlen )
-{
-    return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen,
-                             label, random, rlen, dstbuf, dlen ) );
-}
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t );
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-static void ssl_calc_verify_ssl( mbedtls_ssl_context *, unsigned char * );
-static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int );
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-static void ssl_calc_verify_tls( mbedtls_ssl_context *, unsigned char * );
-static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int );
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t );
-static void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *,unsigned char * );
-static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t );
-static void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *, unsigned char * );
-static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
-{
-    int ret = 0;
-    unsigned char tmp[64];
-    unsigned char keyblk[256];
-    unsigned char *key1;
-    unsigned char *key2;
-    unsigned char *mac_enc;
-    unsigned char *mac_dec;
-    size_t mac_key_len;
-    size_t iv_copy_len;
-    const mbedtls_cipher_info_t *cipher_info;
-    const mbedtls_md_info_t *md_info;
-
-    mbedtls_ssl_session *session = ssl->session_negotiate;
-    mbedtls_ssl_transform *transform = ssl->transform_negotiate;
-    mbedtls_ssl_handshake_params *handshake = ssl->handshake;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
-
-    cipher_info = mbedtls_cipher_info_from_type( transform->ciphersuite_info->cipher );
-    if( cipher_info == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found",
-                            transform->ciphersuite_info->cipher ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    md_info = mbedtls_md_info_from_type( transform->ciphersuite_info->mac );
-    if( md_info == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found",
-                            transform->ciphersuite_info->mac ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    /*
-     * Set appropriate PRF function and other SSL / TLS / TLS1.2 functions
-     */
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-    {
-        handshake->tls_prf = ssl3_prf;
-        handshake->calc_verify = ssl_calc_verify_ssl;
-        handshake->calc_finished = ssl_calc_finished_ssl;
-    }
-    else
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-    if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
-    {
-        handshake->tls_prf = tls1_prf;
-        handshake->calc_verify = ssl_calc_verify_tls;
-        handshake->calc_finished = ssl_calc_finished_tls;
-    }
-    else
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA512_C)
-    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
-        transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
-    {
-        handshake->tls_prf = tls_prf_sha384;
-        handshake->calc_verify = ssl_calc_verify_tls_sha384;
-        handshake->calc_finished = ssl_calc_finished_tls_sha384;
-    }
-    else
-#endif
-#if defined(MBEDTLS_SHA256_C)
-    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
-    {
-        handshake->tls_prf = tls_prf_sha256;
-        handshake->calc_verify = ssl_calc_verify_tls_sha256;
-        handshake->calc_finished = ssl_calc_finished_tls_sha256;
-    }
-    else
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    /*
-     * SSLv3:
-     *   master =
-     *     MD5( premaster + SHA1( 'A'   + premaster + randbytes ) ) +
-     *     MD5( premaster + SHA1( 'BB'  + premaster + randbytes ) ) +
-     *     MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) )
-     *
-     * TLSv1+:
-     *   master = PRF( premaster, "master secret", randbytes )[0..47]
-     */
-    if( handshake->resume == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", handshake->premaster,
-                       handshake->pmslen );
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-        if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED )
-        {
-            unsigned char session_hash[48];
-            size_t hash_len;
-
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "using extended master secret" ) );
-
-            ssl->handshake->calc_verify( ssl, session_hash );
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-            if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
-            {
-#if defined(MBEDTLS_SHA512_C)
-                if( ssl->transform_negotiate->ciphersuite_info->mac ==
-                    MBEDTLS_MD_SHA384 )
-                {
-                    hash_len = 48;
-                }
-                else
-#endif
-                    hash_len = 32;
-            }
-            else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-                hash_len = 36;
-
-            MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len );
-
-            ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
-                                      "extended master secret",
-                                      session_hash, hash_len,
-                                      session->master, 48 );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
-                return( ret );
-            }
-
-        }
-        else
-#endif
-        ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
-                                  "master secret",
-                                  handshake->randbytes, 64,
-                                  session->master, 48 );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
-            return( ret );
-        }
-
-        mbedtls_zeroize( handshake->premaster, sizeof(handshake->premaster) );
-    }
-    else
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
-
-    /*
-     * Swap the client and server random values.
-     */
-    memcpy( tmp, handshake->randbytes, 64 );
-    memcpy( handshake->randbytes, tmp + 32, 32 );
-    memcpy( handshake->randbytes + 32, tmp, 32 );
-    mbedtls_zeroize( tmp, sizeof( tmp ) );
-
-    /*
-     *  SSLv3:
-     *    key block =
-     *      MD5( master + SHA1( 'A'    + master + randbytes ) ) +
-     *      MD5( master + SHA1( 'BB'   + master + randbytes ) ) +
-     *      MD5( master + SHA1( 'CCC'  + master + randbytes ) ) +
-     *      MD5( master + SHA1( 'DDDD' + master + randbytes ) ) +
-     *      ...
-     *
-     *  TLSv1:
-     *    key block = PRF( master, "key expansion", randbytes )
-     */
-    ret = handshake->tls_prf( session->master, 48, "key expansion",
-                              handshake->randbytes, 64, keyblk, 256 );
-    if( ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s",
-                   mbedtls_ssl_get_ciphersuite_name( session->ciphersuite ) ) );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", session->master, 48 );
-    MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 );
-    MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
-
-    mbedtls_zeroize( handshake->randbytes, sizeof( handshake->randbytes ) );
-
-    /*
-     * Determine the appropriate key, IV and MAC length.
-     */
-
-    transform->keylen = cipher_info->key_bitlen / 8;
-
-    if( cipher_info->mode == MBEDTLS_MODE_GCM ||
-        cipher_info->mode == MBEDTLS_MODE_CCM )
-    {
-        transform->maclen = 0;
-        mac_key_len = 0;
-
-        transform->ivlen = 12;
-        transform->fixed_ivlen = 4;
-
-        /* Minimum length is expicit IV + tag */
-        transform->minlen = transform->ivlen - transform->fixed_ivlen
-                            + ( transform->ciphersuite_info->flags &
-                                MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16 );
-    }
-    else
-    {
-        /* Initialize HMAC contexts */
-        if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
-            ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
-            return( ret );
-        }
-
-        /* Get MAC length */
-        mac_key_len = mbedtls_md_get_size( md_info );
-        transform->maclen = mac_key_len;
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-        /*
-         * If HMAC is to be truncated, we shall keep the leftmost bytes,
-         * (rfc 6066 page 13 or rfc 2104 section 4),
-         * so we only need to adjust the length here.
-         */
-        if( session->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
-        {
-            transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN;
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
-            /* Fall back to old, non-compliant version of the truncated
-             * HMAC implementation which also truncates the key
-             * (Mbed TLS versions from 1.3 to 2.6.0) */
-            mac_key_len = transform->maclen;
-#endif
-        }
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
-        /* IV length */
-        transform->ivlen = cipher_info->iv_size;
-
-        /* Minimum length */
-        if( cipher_info->mode == MBEDTLS_MODE_STREAM )
-            transform->minlen = transform->maclen;
-        else
-        {
-            /*
-             * GenericBlockCipher:
-             * 1. if EtM is in use: one block plus MAC
-             *    otherwise: * first multiple of blocklen greater than maclen
-             * 2. IV except for SSL3 and TLS 1.0
-             */
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-            if( session->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
-            {
-                transform->minlen = transform->maclen
-                                  + cipher_info->block_size;
-            }
-            else
-#endif
-            {
-                transform->minlen = transform->maclen
-                                  + cipher_info->block_size
-                                  - transform->maclen % cipher_info->block_size;
-            }
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
-            if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
-                ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 )
-                ; /* No need to adjust minlen */
-            else
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
-            if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 ||
-                ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
-            {
-                transform->minlen += transform->ivlen;
-            }
-            else
-#endif
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-            }
-        }
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
-                   transform->keylen, transform->minlen, transform->ivlen,
-                   transform->maclen ) );
-
-    /*
-     * Finally setup the cipher contexts, IVs and MAC secrets.
-     */
-#if defined(MBEDTLS_SSL_CLI_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-    {
-        key1 = keyblk + mac_key_len * 2;
-        key2 = keyblk + mac_key_len * 2 + transform->keylen;
-
-        mac_enc = keyblk;
-        mac_dec = keyblk + mac_key_len;
-
-        /*
-         * This is not used in TLS v1.1.
-         */
-        iv_copy_len = ( transform->fixed_ivlen ) ?
-                            transform->fixed_ivlen : transform->ivlen;
-        memcpy( transform->iv_enc, key2 + transform->keylen,  iv_copy_len );
-        memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len,
-                iv_copy_len );
-    }
-    else
-#endif /* MBEDTLS_SSL_CLI_C */
-#if defined(MBEDTLS_SSL_SRV_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
-        key1 = keyblk + mac_key_len * 2 + transform->keylen;
-        key2 = keyblk + mac_key_len * 2;
-
-        mac_enc = keyblk + mac_key_len;
-        mac_dec = keyblk;
-
-        /*
-         * This is not used in TLS v1.1.
-         */
-        iv_copy_len = ( transform->fixed_ivlen ) ?
-                            transform->fixed_ivlen : transform->ivlen;
-        memcpy( transform->iv_dec, key1 + transform->keylen,  iv_copy_len );
-        memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
-                iv_copy_len );
-    }
-    else
-#endif /* MBEDTLS_SSL_SRV_C */
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-    {
-        if( mac_key_len > sizeof transform->mac_enc )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        memcpy( transform->mac_enc, mac_enc, mac_key_len );
-        memcpy( transform->mac_dec, mac_dec, mac_key_len );
-    }
-    else
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
-    {
-        mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len );
-        mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len );
-    }
-    else
-#endif
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
-    if( mbedtls_ssl_hw_record_init != NULL )
-    {
-        int ret = 0;
-
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) );
-
-        if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, transform->keylen,
-                                        transform->iv_enc, transform->iv_dec,
-                                        iv_copy_len,
-                                        mac_enc, mac_dec,
-                                        mac_key_len ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret );
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
-    }
-#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
-
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-    if( ssl->conf->f_export_keys != NULL )
-    {
-        ssl->conf->f_export_keys( ssl->conf->p_export_keys,
-                                  session->master, keyblk,
-                                  mac_key_len, transform->keylen,
-                                  iv_copy_len );
-    }
-#endif
-
-    if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
-                                 cipher_info ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
-        return( ret );
-    }
-
-    if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec,
-                                 cipher_info ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret );
-        return( ret );
-    }
-
-    if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1,
-                               cipher_info->key_bitlen,
-                               MBEDTLS_ENCRYPT ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
-        return( ret );
-    }
-
-    if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2,
-                               cipher_info->key_bitlen,
-                               MBEDTLS_DECRYPT ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
-        return( ret );
-    }
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    if( cipher_info->mode == MBEDTLS_MODE_CBC )
-    {
-        if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc,
-                                             MBEDTLS_PADDING_NONE ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
-            return( ret );
-        }
-
-        if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec,
-                                             MBEDTLS_PADDING_NONE ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret );
-            return( ret );
-        }
-    }
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-    mbedtls_zeroize( keyblk, sizeof( keyblk ) );
-
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    // Initialize compression
-    //
-    if( session->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
-    {
-        if( ssl->compress_buf == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) );
-            ssl->compress_buf = mbedtls_calloc( 1, MBEDTLS_SSL_COMPRESS_BUFFER_LEN );
-            if( ssl->compress_buf == NULL )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
-                                    MBEDTLS_SSL_COMPRESS_BUFFER_LEN ) );
-                return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-            }
-        }
-
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) );
-
-        memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) );
-        memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) );
-
-        if( deflateInit( &transform->ctx_deflate,
-                         Z_DEFAULT_COMPRESSION )   != Z_OK ||
-            inflateInit( &transform->ctx_inflate ) != Z_OK )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) );
-            return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
-        }
-    }
-#endif /* MBEDTLS_ZLIB_SUPPORT */
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] )
-{
-    mbedtls_md5_context md5;
-    mbedtls_sha1_context sha1;
-    unsigned char pad_1[48];
-    unsigned char pad_2[48];
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) );
-
-    mbedtls_md5_init( &md5 );
-    mbedtls_sha1_init( &sha1 );
-
-    mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
-    mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
-
-    memset( pad_1, 0x36, 48 );
-    memset( pad_2, 0x5C, 48 );
-
-    mbedtls_md5_update_ret( &md5, ssl->session_negotiate->master, 48 );
-    mbedtls_md5_update_ret( &md5, pad_1, 48 );
-    mbedtls_md5_finish_ret( &md5, hash );
-
-    mbedtls_md5_starts_ret( &md5 );
-    mbedtls_md5_update_ret( &md5, ssl->session_negotiate->master, 48 );
-    mbedtls_md5_update_ret( &md5, pad_2, 48 );
-    mbedtls_md5_update_ret( &md5, hash,  16 );
-    mbedtls_md5_finish_ret( &md5, hash );
-
-    mbedtls_sha1_update_ret( &sha1, ssl->session_negotiate->master, 48 );
-    mbedtls_sha1_update_ret( &sha1, pad_1, 40 );
-    mbedtls_sha1_finish_ret( &sha1, hash + 16 );
-
-    mbedtls_sha1_starts_ret( &sha1 );
-    mbedtls_sha1_update_ret( &sha1, ssl->session_negotiate->master, 48 );
-    mbedtls_sha1_update_ret( &sha1, pad_2, 40 );
-    mbedtls_sha1_update_ret( &sha1, hash + 16, 20 );
-    mbedtls_sha1_finish_ret( &sha1, hash + 16 );
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
-
-    mbedtls_md5_free(  &md5  );
-    mbedtls_sha1_free( &sha1 );
-
-    return;
-}
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] )
-{
-    mbedtls_md5_context md5;
-    mbedtls_sha1_context sha1;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) );
-
-    mbedtls_md5_init( &md5 );
-    mbedtls_sha1_init( &sha1 );
-
-    mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
-    mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
-
-     mbedtls_md5_finish_ret( &md5,  hash );
-    mbedtls_sha1_finish_ret( &sha1, hash + 16 );
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
-
-    mbedtls_md5_free(  &md5  );
-    mbedtls_sha1_free( &sha1 );
-
-    return;
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] )
-{
-    mbedtls_sha256_context sha256;
-
-    mbedtls_sha256_init( &sha256 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) );
-
-    mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
-    mbedtls_sha256_finish_ret( &sha256, hash );
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 );
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
-
-    mbedtls_sha256_free( &sha256 );
-
-    return;
-}
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] )
-{
-    mbedtls_sha512_context sha512;
-
-    mbedtls_sha512_init( &sha512 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) );
-
-    mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
-    mbedtls_sha512_finish_ret( &sha512, hash );
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 );
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
-
-    mbedtls_sha512_free( &sha512 );
-
-    return;
-}
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex )
-{
-    unsigned char *p = ssl->handshake->premaster;
-    unsigned char *end = p + sizeof( ssl->handshake->premaster );
-    const unsigned char *psk = ssl->conf->psk;
-    size_t psk_len = ssl->conf->psk_len;
-
-    /* If the psk callback was called, use its result */
-    if( ssl->handshake->psk != NULL )
-    {
-        psk = ssl->handshake->psk;
-        psk_len = ssl->handshake->psk_len;
-    }
-
-    /*
-     * PMS = struct {
-     *     opaque other_secret<0..2^16-1>;
-     *     opaque psk<0..2^16-1>;
-     * };
-     * with "other_secret" depending on the particular key exchange
-     */
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-    if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK )
-    {
-        if( end - p < 2 )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-        *(p++) = (unsigned char)( psk_len >> 8 );
-        *(p++) = (unsigned char)( psk_len      );
-
-        if( end < p || (size_t)( end - p ) < psk_len )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-        memset( p, 0, psk_len );
-        p += psk_len;
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-    if( key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
-    {
-        /*
-         * other_secret already set by the ClientKeyExchange message,
-         * and is 48 bytes long
-         */
-        *p++ = 0;
-        *p++ = 48;
-        p += 48;
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-    if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
-    {
-        int ret;
-        size_t len;
-
-        /* Write length only when we know the actual value */
-        if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
-                                      p + 2, end - ( p + 2 ), &len,
-                                      ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
-            return( ret );
-        }
-        *(p++) = (unsigned char)( len >> 8 );
-        *(p++) = (unsigned char)( len );
-        p += len;
-
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K  );
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-    if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
-    {
-        int ret;
-        size_t zlen;
-
-        if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen,
-                                       p + 2, end - ( p + 2 ),
-                                       ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
-            return( ret );
-        }
-
-        *(p++) = (unsigned char)( zlen >> 8 );
-        *(p++) = (unsigned char)( zlen      );
-        p += zlen;
-
-        MBEDTLS_SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    /* opaque psk<0..2^16-1>; */
-    if( end - p < 2 )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    *(p++) = (unsigned char)( psk_len >> 8 );
-    *(p++) = (unsigned char)( psk_len      );
-
-    if( end < p || (size_t)( end - p ) < psk_len )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    memcpy( p, psk, psk_len );
-    p += psk_len;
-
-    ssl->handshake->pmslen = p - ssl->handshake->premaster;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-/*
- * SSLv3.0 MAC functions
- */
-#define SSL_MAC_MAX_BYTES   20  /* MD-5 or SHA-1 */
-static void ssl_mac( mbedtls_md_context_t *md_ctx,
-                     const unsigned char *secret,
-                     const unsigned char *buf, size_t len,
-                     const unsigned char *ctr, int type,
-                     unsigned char out[SSL_MAC_MAX_BYTES] )
-{
-    unsigned char header[11];
-    unsigned char padding[48];
-    int padlen;
-    int md_size = mbedtls_md_get_size( md_ctx->md_info );
-    int md_type = mbedtls_md_get_type( md_ctx->md_info );
-
-    /* Only MD5 and SHA-1 supported */
-    if( md_type == MBEDTLS_MD_MD5 )
-        padlen = 48;
-    else
-        padlen = 40;
-
-    memcpy( header, ctr, 8 );
-    header[ 8] = (unsigned char)  type;
-    header[ 9] = (unsigned char)( len >> 8 );
-    header[10] = (unsigned char)( len      );
-
-    memset( padding, 0x36, padlen );
-    mbedtls_md_starts( md_ctx );
-    mbedtls_md_update( md_ctx, secret,  md_size );
-    mbedtls_md_update( md_ctx, padding, padlen  );
-    mbedtls_md_update( md_ctx, header,  11      );
-    mbedtls_md_update( md_ctx, buf,     len     );
-    mbedtls_md_finish( md_ctx, out              );
-
-    memset( padding, 0x5C, padlen );
-    mbedtls_md_starts( md_ctx );
-    mbedtls_md_update( md_ctx, secret,    md_size );
-    mbedtls_md_update( md_ctx, padding,   padlen  );
-    mbedtls_md_update( md_ctx, out,       md_size );
-    mbedtls_md_finish( md_ctx, out                );
-}
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) ||     \
-    ( defined(MBEDTLS_CIPHER_MODE_CBC) &&                                  \
-      ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) ) )
-#define SSL_SOME_MODES_USE_MAC
-#endif
-
-/*
- * Encryption/decryption functions
- */
-static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
-{
-    mbedtls_cipher_mode_t mode;
-    int auth_done = 0;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
-
-    if( ssl->session_out == NULL || ssl->transform_out == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc );
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
-                      ssl->out_msg, ssl->out_msglen );
-
-    if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %u too large, maximum %d",
-                                    (unsigned) ssl->out_msglen,
-                                    MBEDTLS_SSL_OUT_CONTENT_LEN ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    /*
-     * Add MAC before if needed
-     */
-#if defined(SSL_SOME_MODES_USE_MAC)
-    if( mode == MBEDTLS_MODE_STREAM ||
-        ( mode == MBEDTLS_MODE_CBC
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-          && ssl->session_out->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
-#endif
-        ) )
-    {
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-        {
-            unsigned char mac[SSL_MAC_MAX_BYTES];
-
-            ssl_mac( &ssl->transform_out->md_ctx_enc,
-                      ssl->transform_out->mac_enc,
-                      ssl->out_msg, ssl->out_msglen,
-                      ssl->out_ctr, ssl->out_msgtype,
-                      mac );
-
-            memcpy( ssl->out_msg + ssl->out_msglen, mac, ssl->transform_out->maclen );
-        }
-        else
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-        defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
-        {
-            unsigned char mac[MBEDTLS_SSL_MAC_ADD];
-
-            mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 8 );
-            mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_hdr, 3 );
-            mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_len, 2 );
-            mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc,
-                             ssl->out_msg, ssl->out_msglen );
-            mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, mac );
-            mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc );
-
-            memcpy( ssl->out_msg + ssl->out_msglen, mac, ssl->transform_out->maclen );
-        }
-        else
-#endif
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac",
-                       ssl->out_msg + ssl->out_msglen,
-                       ssl->transform_out->maclen );
-
-        ssl->out_msglen += ssl->transform_out->maclen;
-        auth_done++;
-    }
-#endif /* AEAD not the only option */
-
-    /*
-     * Encrypt
-     */
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
-    if( mode == MBEDTLS_MODE_STREAM )
-    {
-        int ret;
-        size_t olen = 0;
-
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
-                            "including %d bytes of padding",
-                       ssl->out_msglen, 0 ) );
-
-        if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
-                                   ssl->transform_out->iv_enc,
-                                   ssl->transform_out->ivlen,
-                                   ssl->out_msg, ssl->out_msglen,
-                                   ssl->out_msg, &olen ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
-            return( ret );
-        }
-
-        if( ssl->out_msglen != olen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-    }
-    else
-#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
-    if( mode == MBEDTLS_MODE_GCM ||
-        mode == MBEDTLS_MODE_CCM )
-    {
-        int ret;
-        size_t enc_msglen, olen;
-        unsigned char *enc_msg;
-        unsigned char add_data[13];
-        unsigned char taglen = ssl->transform_out->ciphersuite_info->flags &
-                               MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
-
-        memcpy( add_data, ssl->out_ctr, 8 );
-        add_data[8]  = ssl->out_msgtype;
-        mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
-                           ssl->conf->transport, add_data + 9 );
-        add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF;
-        add_data[12] = ssl->out_msglen & 0xFF;
-
-        MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
-                       add_data, 13 );
-
-        /*
-         * Generate IV
-         */
-        if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 )
-        {
-            /* Reminder if we ever add an AEAD mode with a different size */
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
-                             ssl->out_ctr, 8 );
-        memcpy( ssl->out_iv, ssl->out_ctr, 8 );
-
-        MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
-                ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
-
-        /*
-         * Fix pointer positions and message length with added IV
-         */
-        enc_msg = ssl->out_msg;
-        enc_msglen = ssl->out_msglen;
-        ssl->out_msglen += ssl->transform_out->ivlen -
-                           ssl->transform_out->fixed_ivlen;
-
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
-                            "including %d bytes of padding",
-                       ssl->out_msglen, 0 ) );
-
-        /*
-         * Encrypt and authenticate
-         */
-        if( ( ret = mbedtls_cipher_auth_encrypt( &ssl->transform_out->cipher_ctx_enc,
-                                         ssl->transform_out->iv_enc,
-                                         ssl->transform_out->ivlen,
-                                         add_data, 13,
-                                         enc_msg, enc_msglen,
-                                         enc_msg, &olen,
-                                         enc_msg + enc_msglen, taglen ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret );
-            return( ret );
-        }
-
-        if( olen != enc_msglen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        ssl->out_msglen += taglen;
-        auth_done++;
-
-        MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, taglen );
-    }
-    else
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
-#if defined(MBEDTLS_CIPHER_MODE_CBC) &&                                    \
-    ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) )
-    if( mode == MBEDTLS_MODE_CBC )
-    {
-        int ret;
-        unsigned char *enc_msg;
-        size_t enc_msglen, padlen, olen = 0, i;
-
-        padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) %
-                 ssl->transform_out->ivlen;
-        if( padlen == ssl->transform_out->ivlen )
-            padlen = 0;
-
-        for( i = 0; i <= padlen; i++ )
-            ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen;
-
-        ssl->out_msglen += padlen + 1;
-
-        enc_msglen = ssl->out_msglen;
-        enc_msg = ssl->out_msg;
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        /*
-         * Prepend per-record IV for block cipher in TLS v1.1 and up as per
-         * Method 1 (6.2.3.2. in RFC4346 and RFC5246)
-         */
-        if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
-        {
-            /*
-             * Generate IV
-             */
-            ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc,
-                                  ssl->transform_out->ivlen );
-            if( ret != 0 )
-                return( ret );
-
-            memcpy( ssl->out_iv, ssl->transform_out->iv_enc,
-                    ssl->transform_out->ivlen );
-
-            /*
-             * Fix pointer positions and message length with added IV
-             */
-            enc_msg = ssl->out_msg;
-            enc_msglen = ssl->out_msglen;
-            ssl->out_msglen += ssl->transform_out->ivlen;
-        }
-#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
-
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
-                            "including %d bytes of IV and %d bytes of padding",
-                            ssl->out_msglen, ssl->transform_out->ivlen,
-                            padlen + 1 ) );
-
-        if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
-                                   ssl->transform_out->iv_enc,
-                                   ssl->transform_out->ivlen,
-                                   enc_msg, enc_msglen,
-                                   enc_msg, &olen ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
-            return( ret );
-        }
-
-        if( enc_msglen != olen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
-        if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
-        {
-            /*
-             * Save IV in SSL3 and TLS1
-             */
-            memcpy( ssl->transform_out->iv_enc,
-                    ssl->transform_out->cipher_ctx_enc.iv,
-                    ssl->transform_out->ivlen );
-        }
-#endif
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-        if( auth_done == 0 )
-        {
-            /*
-             * MAC(MAC_write_key, seq_num +
-             *     TLSCipherText.type +
-             *     TLSCipherText.version +
-             *     length_of( (IV +) ENC(...) ) +
-             *     IV + // except for TLS 1.0
-             *     ENC(content + padding + padding_length));
-             */
-            unsigned char pseudo_hdr[13];
-
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
-
-            memcpy( pseudo_hdr +  0, ssl->out_ctr, 8 );
-            memcpy( pseudo_hdr +  8, ssl->out_hdr, 3 );
-            pseudo_hdr[11] = (unsigned char)( ( ssl->out_msglen >> 8 ) & 0xFF );
-            pseudo_hdr[12] = (unsigned char)( ( ssl->out_msglen      ) & 0xFF );
-
-            MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 );
-
-            mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 );
-            mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc,
-                             ssl->out_iv, ssl->out_msglen );
-            mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc,
-                             ssl->out_iv + ssl->out_msglen );
-            mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc );
-
-            ssl->out_msglen += ssl->transform_out->maclen;
-            auth_done++;
-        }
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-    }
-    else
-#endif /* MBEDTLS_CIPHER_MODE_CBC &&
-          ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    /* Make extra sure authentication was performed, exactly once */
-    if( auth_done != 1 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
-
-    return( 0 );
-}
-
-static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
-{
-    size_t i;
-    mbedtls_cipher_mode_t mode;
-    int auth_done = 0;
-#if defined(SSL_SOME_MODES_USE_MAC)
-    size_t padlen = 0, correct = 1;
-#endif
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
-
-    if( ssl->session_in == NULL || ssl->transform_in == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_in->cipher_ctx_dec );
-
-    if( ssl->in_msglen < ssl->transform_in->minlen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)",
-                       ssl->in_msglen, ssl->transform_in->minlen ) );
-        return( MBEDTLS_ERR_SSL_INVALID_MAC );
-    }
-
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
-    if( mode == MBEDTLS_MODE_STREAM )
-    {
-        int ret;
-        size_t olen = 0;
-
-        padlen = 0;
-
-        if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec,
-                                   ssl->transform_in->iv_dec,
-                                   ssl->transform_in->ivlen,
-                                   ssl->in_msg, ssl->in_msglen,
-                                   ssl->in_msg, &olen ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
-            return( ret );
-        }
-
-        if( ssl->in_msglen != olen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-    }
-    else
-#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
-    if( mode == MBEDTLS_MODE_GCM ||
-        mode == MBEDTLS_MODE_CCM )
-    {
-        int ret;
-        size_t dec_msglen, olen;
-        unsigned char *dec_msg;
-        unsigned char *dec_msg_result;
-        unsigned char add_data[13];
-        unsigned char taglen = ssl->transform_in->ciphersuite_info->flags &
-                               MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
-        size_t explicit_iv_len = ssl->transform_in->ivlen -
-                                 ssl->transform_in->fixed_ivlen;
-
-        if( ssl->in_msglen < explicit_iv_len + taglen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) "
-                                "+ taglen (%d)", ssl->in_msglen,
-                                explicit_iv_len, taglen ) );
-            return( MBEDTLS_ERR_SSL_INVALID_MAC );
-        }
-        dec_msglen = ssl->in_msglen - explicit_iv_len - taglen;
-
-        dec_msg = ssl->in_msg;
-        dec_msg_result = ssl->in_msg;
-        ssl->in_msglen = dec_msglen;
-
-        memcpy( add_data, ssl->in_ctr, 8 );
-        add_data[8]  = ssl->in_msgtype;
-        mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
-                           ssl->conf->transport, add_data + 9 );
-        add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF;
-        add_data[12] = ssl->in_msglen & 0xFF;
-
-        MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
-                       add_data, 13 );
-
-        memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen,
-                ssl->in_iv,
-                ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen );
-
-        MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec,
-                                     ssl->transform_in->ivlen );
-        MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, taglen );
-
-        /*
-         * Decrypt and authenticate
-         */
-        if( ( ret = mbedtls_cipher_auth_decrypt( &ssl->transform_in->cipher_ctx_dec,
-                                         ssl->transform_in->iv_dec,
-                                         ssl->transform_in->ivlen,
-                                         add_data, 13,
-                                         dec_msg, dec_msglen,
-                                         dec_msg_result, &olen,
-                                         dec_msg + dec_msglen, taglen ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret );
-
-            if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
-                return( MBEDTLS_ERR_SSL_INVALID_MAC );
-
-            return( ret );
-        }
-        auth_done++;
-
-        if( olen != dec_msglen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-    }
-    else
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
-#if defined(MBEDTLS_CIPHER_MODE_CBC) &&                                    \
-    ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) )
-    if( mode == MBEDTLS_MODE_CBC )
-    {
-        /*
-         * Decrypt and check the padding
-         */
-        int ret;
-        unsigned char *dec_msg;
-        unsigned char *dec_msg_result;
-        size_t dec_msglen;
-        size_t minlen = 0;
-        size_t olen = 0;
-
-        /*
-         * Check immediate ciphertext sanity
-         */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
-            minlen += ssl->transform_in->ivlen;
-#endif
-
-        if( ssl->in_msglen < minlen + ssl->transform_in->ivlen ||
-            ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) "
-                                "+ 1 ) ( + expl IV )", ssl->in_msglen,
-                                ssl->transform_in->ivlen,
-                                ssl->transform_in->maclen ) );
-            return( MBEDTLS_ERR_SSL_INVALID_MAC );
-        }
-
-        dec_msglen = ssl->in_msglen;
-        dec_msg = ssl->in_msg;
-        dec_msg_result = ssl->in_msg;
-
-        /*
-         * Authenticate before decrypt if enabled
-         */
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-        if( ssl->session_in->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED )
-        {
-            unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
-            unsigned char pseudo_hdr[13];
-
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) );
-
-            dec_msglen -= ssl->transform_in->maclen;
-            ssl->in_msglen -= ssl->transform_in->maclen;
-
-            memcpy( pseudo_hdr +  0, ssl->in_ctr, 8 );
-            memcpy( pseudo_hdr +  8, ssl->in_hdr, 3 );
-            pseudo_hdr[11] = (unsigned char)( ( ssl->in_msglen >> 8 ) & 0xFF );
-            pseudo_hdr[12] = (unsigned char)( ( ssl->in_msglen      ) & 0xFF );
-
-            MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 );
-
-            mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, pseudo_hdr, 13 );
-            mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec,
-                             ssl->in_iv, ssl->in_msglen );
-            mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect );
-            mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec );
-
-            MBEDTLS_SSL_DEBUG_BUF( 4, "message  mac", ssl->in_iv + ssl->in_msglen,
-                                              ssl->transform_in->maclen );
-            MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect,
-                                              ssl->transform_in->maclen );
-
-            if( mbedtls_ssl_safer_memcmp( ssl->in_iv + ssl->in_msglen, mac_expect,
-                                          ssl->transform_in->maclen ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
-
-                return( MBEDTLS_ERR_SSL_INVALID_MAC );
-            }
-            auth_done++;
-        }
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-
-        /*
-         * Check length sanity
-         */
-        if( ssl->in_msglen % ssl->transform_in->ivlen != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
-                           ssl->in_msglen, ssl->transform_in->ivlen ) );
-            return( MBEDTLS_ERR_SSL_INVALID_MAC );
-        }
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        /*
-         * Initialize for prepended IV for block cipher in TLS v1.1 and up
-         */
-        if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
-        {
-            dec_msglen -= ssl->transform_in->ivlen;
-            ssl->in_msglen -= ssl->transform_in->ivlen;
-
-            for( i = 0; i < ssl->transform_in->ivlen; i++ )
-                ssl->transform_in->iv_dec[i] = ssl->in_iv[i];
-        }
-#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
-
-        if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec,
-                                   ssl->transform_in->iv_dec,
-                                   ssl->transform_in->ivlen,
-                                   dec_msg, dec_msglen,
-                                   dec_msg_result, &olen ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
-            return( ret );
-        }
-
-        if( dec_msglen != olen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
-        if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
-        {
-            /*
-             * Save IV in SSL3 and TLS1
-             */
-            memcpy( ssl->transform_in->iv_dec,
-                    ssl->transform_in->cipher_ctx_dec.iv,
-                    ssl->transform_in->ivlen );
-        }
-#endif
-
-        padlen = 1 + ssl->in_msg[ssl->in_msglen - 1];
-
-        if( ssl->in_msglen < ssl->transform_in->maclen + padlen &&
-            auth_done == 0 )
-        {
-#if defined(MBEDTLS_SSL_DEBUG_ALL)
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
-                        ssl->in_msglen, ssl->transform_in->maclen, padlen ) );
-#endif
-            padlen = 0;
-            correct = 0;
-        }
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-        {
-            if( padlen > ssl->transform_in->ivlen )
-            {
-#if defined(MBEDTLS_SSL_DEBUG_ALL)
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
-                                    "should be no more than %d",
-                               padlen, ssl->transform_in->ivlen ) );
-#endif
-                correct = 0;
-            }
-        }
-        else
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
-        {
-            /*
-             * TLSv1+: always check the padding up to the first failure
-             * and fake check up to 256 bytes of padding
-             */
-            size_t pad_count = 0, real_count = 1;
-            size_t padding_idx = ssl->in_msglen - padlen - 1;
-
-            /*
-             * Padding is guaranteed to be incorrect if:
-             *   1. padlen >= ssl->in_msglen
-             *
-             *   2. padding_idx >= MBEDTLS_SSL_IN_CONTENT_LEN +
-             *                     ssl->transform_in->maclen
-             *
-             * In both cases we reset padding_idx to a safe value (0) to
-             * prevent out-of-buffer reads.
-             */
-            correct &= ( ssl->in_msglen >= padlen + 1 );
-            correct &= ( padding_idx < MBEDTLS_SSL_IN_CONTENT_LEN +
-                                       ssl->transform_in->maclen );
-
-            padding_idx *= correct;
-
-            for( i = 1; i <= 256; i++ )
-            {
-                real_count &= ( i <= padlen );
-                pad_count += real_count *
-                             ( ssl->in_msg[padding_idx + i] == padlen - 1 );
-            }
-
-            correct &= ( pad_count == padlen ); /* Only 1 on correct padding */
-
-#if defined(MBEDTLS_SSL_DEBUG_ALL)
-            if( padlen > 0 && correct == 0 )
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
-#endif
-            padlen &= correct * 0x1FF;
-        }
-        else
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
-          MBEDTLS_SSL_PROTO_TLS1_2 */
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        ssl->in_msglen -= padlen;
-    }
-    else
-#endif /* MBEDTLS_CIPHER_MODE_CBC &&
-          ( MBEDTLS_AES_C || MBEDTLS_CAMELLIA_C ) */
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption",
-                   ssl->in_msg, ssl->in_msglen );
-
-    /*
-     * Authenticate if not done yet.
-     * Compute the MAC regardless of the padding result (RFC4346, CBCTIME).
-     */
-#if defined(SSL_SOME_MODES_USE_MAC)
-    if( auth_done == 0 )
-    {
-        unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
-
-        ssl->in_msglen -= ssl->transform_in->maclen;
-
-        ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 );
-        ssl->in_len[1] = (unsigned char)( ssl->in_msglen      );
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-        {
-            ssl_mac( &ssl->transform_in->md_ctx_dec,
-                      ssl->transform_in->mac_dec,
-                      ssl->in_msg, ssl->in_msglen,
-                      ssl->in_ctr, ssl->in_msgtype,
-                      mac_expect );
-        }
-        else
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-        defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 )
-        {
-            /*
-             * Process MAC and always update for padlen afterwards to make
-             * total time independent of padlen
-             *
-             * extra_run compensates MAC check for padlen
-             *
-             * Known timing attacks:
-             *  - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf)
-             *
-             * We use ( ( Lx + 8 ) / 64 ) to handle 'negative Lx' values
-             * correctly. (We round down instead of up, so -56 is the correct
-             * value for our calculations instead of -55)
-             */
-            size_t j, extra_run = 0;
-            extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 -
-                        ( 13 + ssl->in_msglen          + 8 ) / 64;
-
-            extra_run &= correct * 0xFF;
-
-            mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 8 );
-            mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_hdr, 3 );
-            mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 );
-            mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg,
-                             ssl->in_msglen );
-            mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect );
-            /* Call mbedtls_md_process at least once due to cache attacks */
-            for( j = 0; j < extra_run + 1; j++ )
-                mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg );
-
-            mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec );
-        }
-        else
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
-              MBEDTLS_SSL_PROTO_TLS1_2 */
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, ssl->transform_in->maclen );
-        MBEDTLS_SSL_DEBUG_BUF( 4, "message  mac", ssl->in_msg + ssl->in_msglen,
-                               ssl->transform_in->maclen );
-
-        if( mbedtls_ssl_safer_memcmp( ssl->in_msg + ssl->in_msglen, mac_expect,
-                                      ssl->transform_in->maclen ) != 0 )
-        {
-#if defined(MBEDTLS_SSL_DEBUG_ALL)
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
-#endif
-            correct = 0;
-        }
-        auth_done++;
-
-        /*
-         * Finally check the correct flag
-         */
-        if( correct == 0 )
-            return( MBEDTLS_ERR_SSL_INVALID_MAC );
-    }
-#endif /* SSL_SOME_MODES_USE_MAC */
-
-    /* Make extra sure authentication was performed, exactly once */
-    if( auth_done != 1 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    if( ssl->in_msglen == 0 )
-    {
-        ssl->nb_zero++;
-
-        /*
-         * Three or more empty messages may be a DoS attack
-         * (excessive CPU consumption).
-         */
-        if( ssl->nb_zero > 3 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
-                                "messages, possible DoS attack" ) );
-            return( MBEDTLS_ERR_SSL_INVALID_MAC );
-        }
-    }
-    else
-        ssl->nb_zero = 0;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        ; /* in_ctr read from peer, not maintained internally */
-    }
-    else
-#endif
-    {
-        for( i = 8; i > ssl_ep_len( ssl ); i-- )
-            if( ++ssl->in_ctr[i - 1] != 0 )
-                break;
-
-        /* The loop goes to its end iff the counter is wrapping */
-        if( i == ssl_ep_len( ssl ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
-            return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
-        }
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
-
-    return( 0 );
-}
-
-#undef MAC_NONE
-#undef MAC_PLAINTEXT
-#undef MAC_CIPHERTEXT
-
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-/*
- * Compression/decompression functions
- */
-static int ssl_compress_buf( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    unsigned char *msg_post = ssl->out_msg;
-    size_t len_pre = ssl->out_msglen;
-    unsigned char *msg_pre = ssl->compress_buf;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> compress buf" ) );
-
-    if( len_pre == 0 )
-        return( 0 );
-
-    memcpy( msg_pre, ssl->out_msg, len_pre );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ",
-                   ssl->out_msglen ) );
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload",
-                   ssl->out_msg, ssl->out_msglen );
-
-    ssl->transform_out->ctx_deflate.next_in = msg_pre;
-    ssl->transform_out->ctx_deflate.avail_in = len_pre;
-    ssl->transform_out->ctx_deflate.next_out = msg_post;
-    ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_OUT_BUFFER_LEN;
-
-    ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH );
-    if( ret != Z_OK )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) );
-        return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
-    }
-
-    ssl->out_msglen = MBEDTLS_SSL_OUT_BUFFER_LEN -
-                      ssl->transform_out->ctx_deflate.avail_out;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
-                   ssl->out_msglen ) );
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload",
-                   ssl->out_msg, ssl->out_msglen );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= compress buf" ) );
-
-    return( 0 );
-}
-
-static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    unsigned char *msg_post = ssl->in_msg;
-    size_t len_pre = ssl->in_msglen;
-    unsigned char *msg_pre = ssl->compress_buf;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) );
-
-    if( len_pre == 0 )
-        return( 0 );
-
-    memcpy( msg_pre, ssl->in_msg, len_pre );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ",
-                   ssl->in_msglen ) );
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload",
-                   ssl->in_msg, ssl->in_msglen );
-
-    ssl->transform_in->ctx_inflate.next_in = msg_pre;
-    ssl->transform_in->ctx_inflate.avail_in = len_pre;
-    ssl->transform_in->ctx_inflate.next_out = msg_post;
-    ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_IN_BUFFER_LEN;
-
-    ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH );
-    if( ret != Z_OK )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) );
-        return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
-    }
-
-    ssl->in_msglen = MBEDTLS_SSL_IN_BUFFER_LEN -
-                     ssl->transform_in->ctx_inflate.avail_out;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
-                   ssl->in_msglen ) );
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload",
-                   ssl->in_msg, ssl->in_msglen );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_ZLIB_SUPPORT */
-
-#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
-static int ssl_write_hello_request( mbedtls_ssl_context *ssl );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-static int ssl_resend_hello_request( mbedtls_ssl_context *ssl )
-{
-    /* If renegotiation is not enforced, retransmit until we would reach max
-     * timeout if we were using the usual handshake doubling scheme */
-    if( ssl->conf->renego_max_records < 0 )
-    {
-        uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1;
-        unsigned char doublings = 1;
-
-        while( ratio != 0 )
-        {
-            ++doublings;
-            ratio >>= 1;
-        }
-
-        if( ++ssl->renego_records_seen > doublings )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "no longer retransmitting hello request" ) );
-            return( 0 );
-        }
-    }
-
-    return( ssl_write_hello_request( ssl ) );
-}
-#endif
-#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
-
-/*
- * Fill the input message buffer by appending data to it.
- * The amount of data already fetched is in ssl->in_left.
- *
- * If we return 0, is it guaranteed that (at least) nb_want bytes are
- * available (from this read and/or a previous one). Otherwise, an error code
- * is returned (possibly EOF or WANT_READ).
- *
- * With stream transport (TLS) on success ssl->in_left == nb_want, but
- * with datagram transport (DTLS) on success ssl->in_left >= nb_want,
- * since we always read a whole datagram at once.
- *
- * For DTLS, it is up to the caller to set ssl->next_record_offset when
- * they're done reading a record.
- */
-int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
-{
-    int ret;
-    size_t len;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> fetch input" ) );
-
-    if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
-                            "or mbedtls_ssl_set_bio()" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    if( nb_want > MBEDTLS_SSL_IN_BUFFER_LEN - (size_t)( ssl->in_hdr - ssl->in_buf ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "requesting more data than fits" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        uint32_t timeout;
-
-        /* Just to be sure */
-        if( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use "
-                        "mbedtls_ssl_set_timer_cb() for DTLS" ) );
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        }
-
-        /*
-         * The point is, we need to always read a full datagram at once, so we
-         * sometimes read more then requested, and handle the additional data.
-         * It could be the rest of the current record (while fetching the
-         * header) and/or some other records in the same datagram.
-         */
-
-        /*
-         * Move to the next record in the already read datagram if applicable
-         */
-        if( ssl->next_record_offset != 0 )
-        {
-            if( ssl->in_left < ssl->next_record_offset )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-            }
-
-            ssl->in_left -= ssl->next_record_offset;
-
-            if( ssl->in_left != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %d",
-                                    ssl->next_record_offset ) );
-                memmove( ssl->in_hdr,
-                         ssl->in_hdr + ssl->next_record_offset,
-                         ssl->in_left );
-            }
-
-            ssl->next_record_offset = 0;
-        }
-
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
-                       ssl->in_left, nb_want ) );
-
-        /*
-         * Done if we already have enough data.
-         */
-        if( nb_want <= ssl->in_left)
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
-            return( 0 );
-        }
-
-        /*
-         * A record can't be split accross datagrams. If we need to read but
-         * are not at the beginning of a new record, the caller did something
-         * wrong.
-         */
-        if( ssl->in_left != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        /*
-         * Don't even try to read if time's out already.
-         * This avoids by-passing the timer when repeatedly receiving messages
-         * that will end up being dropped.
-         */
-        if( ssl_check_timer( ssl ) != 0 )
-            ret = MBEDTLS_ERR_SSL_TIMEOUT;
-        else
-        {
-            len = MBEDTLS_SSL_IN_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf );
-
-            if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
-                timeout = ssl->handshake->retransmit_timeout;
-            else
-                timeout = ssl->conf->read_timeout;
-
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) );
-
-            if( ssl->f_recv_timeout != NULL )
-                ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len,
-                                                                    timeout );
-            else
-                ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr, len );
-
-            MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
-
-            if( ret == 0 )
-                return( MBEDTLS_ERR_SSL_CONN_EOF );
-        }
-
-        if( ret == MBEDTLS_ERR_SSL_TIMEOUT )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) );
-            ssl_set_timer( ssl, 0 );
-
-            if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
-            {
-                if( ssl_double_retransmit_timeout( ssl ) != 0 )
-                {
-                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake timeout" ) );
-                    return( MBEDTLS_ERR_SSL_TIMEOUT );
-                }
-
-                if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
-                {
-                    MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
-                    return( ret );
-                }
-
-                return( MBEDTLS_ERR_SSL_WANT_READ );
-            }
-#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
-            else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
-                     ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
-            {
-                if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
-                {
-                    MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret );
-                    return( ret );
-                }
-
-                return( MBEDTLS_ERR_SSL_WANT_READ );
-            }
-#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
-        }
-
-        if( ret < 0 )
-            return( ret );
-
-        ssl->in_left = ret;
-    }
-    else
-#endif
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
-                       ssl->in_left, nb_want ) );
-
-        while( ssl->in_left < nb_want )
-        {
-            len = nb_want - ssl->in_left;
-
-            if( ssl_check_timer( ssl ) != 0 )
-                ret = MBEDTLS_ERR_SSL_TIMEOUT;
-            else
-            {
-                if( ssl->f_recv_timeout != NULL )
-                {
-                    ret = ssl->f_recv_timeout( ssl->p_bio,
-                                               ssl->in_hdr + ssl->in_left, len,
-                                               ssl->conf->read_timeout );
-                }
-                else
-                {
-                    ret = ssl->f_recv( ssl->p_bio,
-                                       ssl->in_hdr + ssl->in_left, len );
-                }
-            }
-
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
-                                        ssl->in_left, nb_want ) );
-            MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
-
-            if( ret == 0 )
-                return( MBEDTLS_ERR_SSL_CONN_EOF );
-
-            if( ret < 0 )
-                return( ret );
-
-            ssl->in_left += ret;
-        }
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
-
-    return( 0 );
-}
-
-/*
- * Flush any data not yet written
- */
-int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    unsigned char *buf, i;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) );
-
-    if( ssl->f_send == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
-                            "or mbedtls_ssl_set_bio()" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    /* Avoid incrementing counter if data is flushed */
-    if( ssl->out_left == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
-        return( 0 );
-    }
-
-    while( ssl->out_left > 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
-                       mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
-
-        buf = ssl->out_hdr + mbedtls_ssl_hdr_len( ssl ) +
-              ssl->out_msglen - ssl->out_left;
-        ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left );
-
-        MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", ret );
-
-        if( ret <= 0 )
-            return( ret );
-
-        ssl->out_left -= ret;
-    }
-
-    for( i = 8; i > ssl_ep_len( ssl ); i-- )
-        if( ++ssl->out_ctr[i - 1] != 0 )
-            break;
-
-    /* The loop goes to its end iff the counter is wrapping */
-    if( i == ssl_ep_len( ssl ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) );
-        return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
-
-    return( 0 );
-}
-
-/*
- * Functions to handle the DTLS retransmission state machine
- */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-/*
- * Append current handshake message to current outgoing flight
- */
-static int ssl_flight_append( mbedtls_ssl_context *ssl )
-{
-    mbedtls_ssl_flight_item *msg;
-
-    /* Allocate space for current message */
-    if( ( msg = mbedtls_calloc( 1, sizeof(  mbedtls_ssl_flight_item ) ) ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed",
-                            sizeof( mbedtls_ssl_flight_item ) ) );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-    }
-
-    if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) );
-        mbedtls_free( msg );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-    }
-
-    /* Copy current handshake message with headers */
-    memcpy( msg->p, ssl->out_msg, ssl->out_msglen );
-    msg->len = ssl->out_msglen;
-    msg->type = ssl->out_msgtype;
-    msg->next = NULL;
-
-    /* Append to the current flight */
-    if( ssl->handshake->flight == NULL )
-        ssl->handshake->flight = msg;
-    else
-    {
-        mbedtls_ssl_flight_item *cur = ssl->handshake->flight;
-        while( cur->next != NULL )
-            cur = cur->next;
-        cur->next = msg;
-    }
-
-    return( 0 );
-}
-
-/*
- * Free the current flight of handshake messages
- */
-static void ssl_flight_free( mbedtls_ssl_flight_item *flight )
-{
-    mbedtls_ssl_flight_item *cur = flight;
-    mbedtls_ssl_flight_item *next;
-
-    while( cur != NULL )
-    {
-        next = cur->next;
-
-        mbedtls_free( cur->p );
-        mbedtls_free( cur );
-
-        cur = next;
-    }
-}
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
-#endif
-
-/*
- * Swap transform_out and out_ctr with the alternative ones
- */
-static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
-{
-    mbedtls_ssl_transform *tmp_transform;
-    unsigned char tmp_out_ctr[8];
-
-    if( ssl->transform_out == ssl->handshake->alt_transform_out )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) );
-        return;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) );
-
-    /* Swap transforms */
-    tmp_transform                     = ssl->transform_out;
-    ssl->transform_out                = ssl->handshake->alt_transform_out;
-    ssl->handshake->alt_transform_out = tmp_transform;
-
-    /* Swap epoch + sequence_number */
-    memcpy( tmp_out_ctr,                 ssl->out_ctr,                8 );
-    memcpy( ssl->out_ctr,                ssl->handshake->alt_out_ctr, 8 );
-    memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr,                 8 );
-
-    /* Adjust to the newly activated transform */
-    if( ssl->transform_out != NULL &&
-        ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
-    {
-        ssl->out_msg = ssl->out_iv + ssl->transform_out->ivlen -
-                                     ssl->transform_out->fixed_ivlen;
-    }
-    else
-        ssl->out_msg = ssl->out_iv;
-
-#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
-    if( mbedtls_ssl_hw_record_activate != NULL )
-    {
-        if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
-    }
-#endif
-}
-
-/*
- * Retransmit the current flight of messages.
- *
- * Need to remember the current message in case flush_output returns
- * WANT_WRITE, causing us to exit this function and come back later.
- * This function must be called until state is no longer SENDING.
- */
-int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
-{
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) );
-
-    if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise resending" ) );
-
-        ssl->handshake->cur_msg = ssl->handshake->flight;
-        ssl_swap_epochs( ssl );
-
-        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
-    }
-
-    while( ssl->handshake->cur_msg != NULL )
-    {
-        int ret;
-        mbedtls_ssl_flight_item *cur = ssl->handshake->cur_msg;
-
-        /* Swap epochs before sending Finished: we can't do it after
-         * sending ChangeCipherSpec, in case write returns WANT_READ.
-         * Must be done before copying, may change out_msg pointer */
-        if( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
-            cur->p[0] == MBEDTLS_SSL_HS_FINISHED )
-        {
-            ssl_swap_epochs( ssl );
-        }
-
-        memcpy( ssl->out_msg, cur->p, cur->len );
-        ssl->out_msglen = cur->len;
-        ssl->out_msgtype = cur->type;
-
-        ssl->handshake->cur_msg = cur->next;
-
-        MBEDTLS_SSL_DEBUG_BUF( 3, "resent handshake message header", ssl->out_msg, 12 );
-
-        if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
-            return( ret );
-        }
-    }
-
-    if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
-        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
-    else
-    {
-        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
-        ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) );
-
-    return( 0 );
-}
-
-/*
- * To be called when the last message of an incoming flight is received.
- */
-void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl )
-{
-    /* We won't need to resend that one any more */
-    ssl_flight_free( ssl->handshake->flight );
-    ssl->handshake->flight = NULL;
-    ssl->handshake->cur_msg = NULL;
-
-    /* The next incoming flight will start with this msg_seq */
-    ssl->handshake->in_flight_start_seq = ssl->handshake->in_msg_seq;
-
-    /* Cancel timer */
-    ssl_set_timer( ssl, 0 );
-
-    if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
-        ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
-    {
-        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
-    }
-    else
-        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
-}
-
-/*
- * To be called when the last message of an outgoing flight is send.
- */
-void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
-{
-    ssl_reset_retransmit_timeout( ssl );
-    ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
-
-    if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
-        ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
-    {
-        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
-    }
-    else
-        ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
-}
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-/*
- * Record layer functions
- */
-
-/*
- * Write current record.
- * Uses ssl->out_msgtype, ssl->out_msglen and bytes at ssl->out_msg.
- */
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
-{
-    int ret, done = 0, out_msg_type;
-    size_t len = ssl->out_msglen;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake != NULL &&
-        ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
-    {
-        ; /* Skip special handshake treatment when resending */
-    }
-    else
-#endif
-    if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        out_msg_type = ssl->out_msg[0];
-
-        if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST &&
-            ssl->handshake == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 );
-        ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >>  8 );
-        ssl->out_msg[3] = (unsigned char)( ( len - 4 )       );
-
-        /*
-         * DTLS has additional fields in the Handshake layer,
-         * between the length field and the actual payload:
-         *      uint16 message_seq;
-         *      uint24 fragment_offset;
-         *      uint24 fragment_length;
-         */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        {
-            /* Make room for the additional DTLS fields */
-            if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: "
-                              "size %u, maximum %u",
-                               (unsigned) ( ssl->in_hslen - 4 ),
-                               (unsigned) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) );
-                return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-            }
-
-            memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 );
-            ssl->out_msglen += 8;
-            len += 8;
-
-            /* Write message_seq and update it, except for HelloRequest */
-            if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
-            {
-                ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
-                ssl->out_msg[5] = ( ssl->handshake->out_msg_seq      ) & 0xFF;
-                ++( ssl->handshake->out_msg_seq );
-            }
-            else
-            {
-                ssl->out_msg[4] = 0;
-                ssl->out_msg[5] = 0;
-            }
-
-            /* We don't fragment, so frag_offset = 0 and frag_len = len */
-            memset( ssl->out_msg + 6, 0x00, 3 );
-            memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 );
-        }
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-        if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
-            ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
-    }
-
-    /* Save handshake and CCS messages for resending */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake != NULL &&
-        ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING &&
-        ( ssl->out_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ||
-          ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) )
-    {
-        if( ( ret = ssl_flight_append( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_flight_append", ret );
-            return( ret );
-        }
-    }
-#endif
-
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    if( ssl->transform_out != NULL &&
-        ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
-    {
-        if( ( ret = ssl_compress_buf( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compress_buf", ret );
-            return( ret );
-        }
-
-        len = ssl->out_msglen;
-    }
-#endif /*MBEDTLS_ZLIB_SUPPORT */
-
-#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
-    if( mbedtls_ssl_hw_record_write != NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_write()" ) );
-
-        ret = mbedtls_ssl_hw_record_write( ssl );
-        if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_write", ret );
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
-
-        if( ret == 0 )
-            done = 1;
-    }
-#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
-    if( !done )
-    {
-        ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
-        mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
-                           ssl->conf->transport, ssl->out_hdr + 1 );
-
-        ssl->out_len[0] = (unsigned char)( len >> 8 );
-        ssl->out_len[1] = (unsigned char)( len      );
-
-        if( ssl->transform_out != NULL )
-        {
-            if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
-                return( ret );
-            }
-
-            len = ssl->out_msglen;
-            ssl->out_len[0] = (unsigned char)( len >> 8 );
-            ssl->out_len[1] = (unsigned char)( len      );
-        }
-
-        ssl->out_left = mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen;
-
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
-                            "version = [%d:%d], msglen = %d",
-                       ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2],
-                     ( ssl->out_len[0] << 8 ) | ssl->out_len[1] ) );
-
-        MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
-                       ssl->out_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen );
-    }
-
-    if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write record" ) );
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-/*
- * Mark bits in bitmask (used for DTLS HS reassembly)
- */
-static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len )
-{
-    unsigned int start_bits, end_bits;
-
-    start_bits = 8 - ( offset % 8 );
-    if( start_bits != 8 )
-    {
-        size_t first_byte_idx = offset / 8;
-
-        /* Special case */
-        if( len <= start_bits )
-        {
-            for( ; len != 0; len-- )
-                mask[first_byte_idx] |= 1 << ( start_bits - len );
-
-            /* Avoid potential issues with offset or len becoming invalid */
-            return;
-        }
-
-        offset += start_bits; /* Now offset % 8 == 0 */
-        len -= start_bits;
-
-        for( ; start_bits != 0; start_bits-- )
-            mask[first_byte_idx] |= 1 << ( start_bits - 1 );
-    }
-
-    end_bits = len % 8;
-    if( end_bits != 0 )
-    {
-        size_t last_byte_idx = ( offset + len ) / 8;
-
-        len -= end_bits; /* Now len % 8 == 0 */
-
-        for( ; end_bits != 0; end_bits-- )
-            mask[last_byte_idx] |= 1 << ( 8 - end_bits );
-    }
-
-    memset( mask + offset / 8, 0xFF, len / 8 );
-}
-
-/*
- * Check that bitmask is full
- */
-static int ssl_bitmask_check( unsigned char *mask, size_t len )
-{
-    size_t i;
-
-    for( i = 0; i < len / 8; i++ )
-        if( mask[i] != 0xFF )
-            return( -1 );
-
-    for( i = 0; i < len % 8; i++ )
-        if( ( mask[len / 8] & ( 1 << ( 7 - i ) ) ) == 0 )
-            return( -1 );
-
-    return( 0 );
-}
-
-/*
- * Reassemble fragmented DTLS handshake messages.
- *
- * Use a temporary buffer for reassembly, divided in two parts:
- * - the first holds the reassembled message (including handshake header),
- * - the second holds a bitmask indicating which parts of the message
- *   (excluding headers) have been received so far.
- */
-static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
-{
-    unsigned char *msg, *bitmask;
-    size_t frag_len, frag_off;
-    size_t msg_len = ssl->in_hslen - 12; /* Without headers */
-
-    if( ssl->handshake == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "not supported outside handshake (for now)" ) );
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-    }
-
-    /*
-     * For first fragment, check size and allocate buffer
-     */
-    if( ssl->handshake->hs_msg == NULL )
-    {
-        size_t alloc_len;
-
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
-                            msg_len ) );
-
-        if( ssl->in_hslen > MBEDTLS_SSL_IN_CONTENT_LEN )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too large" ) );
-            return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-        }
-
-        /* The bitmask needs one bit per byte of message excluding header */
-        alloc_len = 12 + msg_len + msg_len / 8 + ( msg_len % 8 != 0 );
-
-        ssl->handshake->hs_msg = mbedtls_calloc( 1, alloc_len );
-        if( ssl->handshake->hs_msg == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", alloc_len ) );
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-        }
-
-        /* Prepare final header: copy msg_type, length and message_seq,
-         * then add standardised fragment_offset and fragment_length */
-        memcpy( ssl->handshake->hs_msg, ssl->in_msg, 6 );
-        memset( ssl->handshake->hs_msg + 6, 0, 3 );
-        memcpy( ssl->handshake->hs_msg + 9,
-                ssl->handshake->hs_msg + 1, 3 );
-    }
-    else
-    {
-        /* Make sure msg_type and length are consistent */
-        if( memcmp( ssl->handshake->hs_msg, ssl->in_msg, 4 ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment header mismatch" ) );
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
-        }
-    }
-
-    msg = ssl->handshake->hs_msg + 12;
-    bitmask = msg + msg_len;
-
-    /*
-     * Check and copy current fragment
-     */
-    frag_off = ( ssl->in_msg[6]  << 16 ) |
-               ( ssl->in_msg[7]  << 8  ) |
-                 ssl->in_msg[8];
-    frag_len = ( ssl->in_msg[9]  << 16 ) |
-               ( ssl->in_msg[10] << 8  ) |
-                 ssl->in_msg[11];
-
-    if( frag_off + frag_len > msg_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment offset/len: %d + %d > %d",
-                          frag_off, frag_len, msg_len ) );
-        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
-    }
-
-    if( frag_len + 12 > ssl->in_msglen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment length: %d + 12 > %d",
-                          frag_len, ssl->in_msglen ) );
-        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d",
-                        frag_off, frag_len ) );
-
-    memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
-    ssl_bitmask_set( bitmask, frag_off, frag_len );
-
-    /*
-     * Do we have the complete message by now?
-     * If yes, finalize it, else ask to read the next record.
-     */
-    if( ssl_bitmask_check( bitmask, msg_len ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "message is not complete yet" ) );
-        return( MBEDTLS_ERR_SSL_WANT_READ );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake message completed" ) );
-
-    if( frag_len + 12 < ssl->in_msglen )
-    {
-        /*
-         * We'got more handshake messages in the same record.
-         * This case is not handled now because no know implementation does
-         * that and it's hard to test, so we prefer to fail cleanly for now.
-         */
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "last fragment not alone in its record" ) );
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-    }
-
-    if( ssl->in_left > ssl->next_record_offset )
-    {
-        /*
-         * We've got more data in the buffer after the current record,
-         * that we don't want to overwrite. Move it before writing the
-         * reassembled message, and adjust in_left and next_record_offset.
-         */
-        unsigned char *cur_remain = ssl->in_hdr + ssl->next_record_offset;
-        unsigned char *new_remain = ssl->in_msg + ssl->in_hslen;
-        size_t remain_len = ssl->in_left - ssl->next_record_offset;
-
-        /* First compute and check new lengths */
-        ssl->next_record_offset = new_remain - ssl->in_hdr;
-        ssl->in_left = ssl->next_record_offset + remain_len;
-
-        if( ssl->in_left > MBEDTLS_SSL_IN_BUFFER_LEN -
-                           (size_t)( ssl->in_hdr - ssl->in_buf ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "reassembled message too large for buffer" ) );
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-        }
-
-        memmove( new_remain, cur_remain, remain_len );
-    }
-
-    memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen );
-
-    mbedtls_free( ssl->handshake->hs_msg );
-    ssl->handshake->hs_msg = NULL;
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "reassembled handshake message",
-                   ssl->in_msg, ssl->in_hslen );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
-{
-    if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %d",
-                            ssl->in_msglen ) );
-        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
-    }
-
-    ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + (
-                    ( ssl->in_msg[1] << 16 ) |
-                    ( ssl->in_msg[2] << 8  ) |
-                      ssl->in_msg[3] );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
-                        " %d, type = %d, hslen = %d",
-                        ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        int ret;
-        unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
-
-        /* ssl->handshake is NULL when receiving ClientHello for renego */
-        if( ssl->handshake != NULL &&
-            recv_msg_seq != ssl->handshake->in_msg_seq )
-        {
-            /* Retransmit only on last message from previous flight, to avoid
-             * too many retransmissions.
-             * Besides, No sane server ever retransmits HelloVerifyRequest */
-            if( recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 &&
-                ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, "
-                                    "message_seq = %d, start_of_flight = %d",
-                                    recv_msg_seq,
-                                    ssl->handshake->in_flight_start_seq ) );
-
-                if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
-                {
-                    MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
-                    return( ret );
-                }
-            }
-            else
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: "
-                                    "message_seq = %d, expected = %d",
-                                    recv_msg_seq,
-                                    ssl->handshake->in_msg_seq ) );
-            }
-
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-        }
-        /* Wait until message completion to increment in_msg_seq */
-
-        /* Reassemble if current message is fragmented or reassembly is
-         * already in progress */
-        if( ssl->in_msglen < ssl->in_hslen ||
-            memcmp( ssl->in_msg + 6, "\0\0\0",        3 ) != 0 ||
-            memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 ||
-            ( ssl->handshake != NULL && ssl->handshake->hs_msg != NULL ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) );
-
-            if( ( ret = ssl_reassemble_dtls_handshake( ssl ) ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_reassemble_dtls_handshake", ret );
-                return( ret );
-            }
-        }
-    }
-    else
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-    /* With TLS we don't handle fragmentation (for now) */
-    if( ssl->in_msglen < ssl->in_hslen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) );
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-    }
-
-    return( 0 );
-}
-
-void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
-{
-
-    if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER &&
-        ssl->handshake != NULL )
-    {
-        ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
-    }
-
-    /* Handshake message is complete, increment counter */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake != NULL )
-    {
-        ssl->handshake->in_msg_seq++;
-    }
-#endif
-}
-
-/*
- * DTLS anti-replay: RFC 6347 4.1.2.6
- *
- * in_window is a field of bits numbered from 0 (lsb) to 63 (msb).
- * Bit n is set iff record number in_window_top - n has been seen.
- *
- * Usually, in_window_top is the last record number seen and the lsb of
- * in_window is set. The only exception is the initial state (record number 0
- * not seen yet).
- */
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-static void ssl_dtls_replay_reset( mbedtls_ssl_context *ssl )
-{
-    ssl->in_window_top = 0;
-    ssl->in_window = 0;
-}
-
-static inline uint64_t ssl_load_six_bytes( unsigned char *buf )
-{
-    return( ( (uint64_t) buf[0] << 40 ) |
-            ( (uint64_t) buf[1] << 32 ) |
-            ( (uint64_t) buf[2] << 24 ) |
-            ( (uint64_t) buf[3] << 16 ) |
-            ( (uint64_t) buf[4] <<  8 ) |
-            ( (uint64_t) buf[5]       ) );
-}
-
-/*
- * Return 0 if sequence number is acceptable, -1 otherwise
- */
-int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context *ssl )
-{
-    uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 );
-    uint64_t bit;
-
-    if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
-        return( 0 );
-
-    if( rec_seqnum > ssl->in_window_top )
-        return( 0 );
-
-    bit = ssl->in_window_top - rec_seqnum;
-
-    if( bit >= 64 )
-        return( -1 );
-
-    if( ( ssl->in_window & ( (uint64_t) 1 << bit ) ) != 0 )
-        return( -1 );
-
-    return( 0 );
-}
-
-/*
- * Update replay window on new validated record
- */
-void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl )
-{
-    uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 );
-
-    if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED )
-        return;
-
-    if( rec_seqnum > ssl->in_window_top )
-    {
-        /* Update window_top and the contents of the window */
-        uint64_t shift = rec_seqnum - ssl->in_window_top;
-
-        if( shift >= 64 )
-            ssl->in_window = 1;
-        else
-        {
-            ssl->in_window <<= shift;
-            ssl->in_window |= 1;
-        }
-
-        ssl->in_window_top = rec_seqnum;
-    }
-    else
-    {
-        /* Mark that number as seen in the current window */
-        uint64_t bit = ssl->in_window_top - rec_seqnum;
-
-        if( bit < 64 ) /* Always true, but be extra sure */
-            ssl->in_window |= (uint64_t) 1 << bit;
-    }
-}
-#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-
-#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
-/* Forward declaration */
-static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
-
-/*
- * Without any SSL context, check if a datagram looks like a ClientHello with
- * a valid cookie, and if it doesn't, generate a HelloVerifyRequest message.
- * Both input and output include full DTLS headers.
- *
- * - if cookie is valid, return 0
- * - if ClientHello looks superficially valid but cookie is not,
- *   fill obuf and set olen, then
- *   return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
- * - otherwise return a specific error code
- */
-static int ssl_check_dtls_clihlo_cookie(
-                           mbedtls_ssl_cookie_write_t *f_cookie_write,
-                           mbedtls_ssl_cookie_check_t *f_cookie_check,
-                           void *p_cookie,
-                           const unsigned char *cli_id, size_t cli_id_len,
-                           const unsigned char *in, size_t in_len,
-                           unsigned char *obuf, size_t buf_len, size_t *olen )
-{
-    size_t sid_len, cookie_len;
-    unsigned char *p;
-
-    if( f_cookie_write == NULL || f_cookie_check == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    /*
-     * Structure of ClientHello with record and handshake headers,
-     * and expected values. We don't need to check a lot, more checks will be
-     * done when actually parsing the ClientHello - skipping those checks
-     * avoids code duplication and does not make cookie forging any easier.
-     *
-     *  0-0  ContentType type;                  copied, must be handshake
-     *  1-2  ProtocolVersion version;           copied
-     *  3-4  uint16 epoch;                      copied, must be 0
-     *  5-10 uint48 sequence_number;            copied
-     * 11-12 uint16 length;                     (ignored)
-     *
-     * 13-13 HandshakeType msg_type;            (ignored)
-     * 14-16 uint24 length;                     (ignored)
-     * 17-18 uint16 message_seq;                copied
-     * 19-21 uint24 fragment_offset;            copied, must be 0
-     * 22-24 uint24 fragment_length;            (ignored)
-     *
-     * 25-26 ProtocolVersion client_version;    (ignored)
-     * 27-58 Random random;                     (ignored)
-     * 59-xx SessionID session_id;              1 byte len + sid_len content
-     * 60+   opaque cookie<0..2^8-1>;           1 byte len + content
-     *       ...
-     *
-     * Minimum length is 61 bytes.
-     */
-    if( in_len < 61 ||
-        in[0] != MBEDTLS_SSL_MSG_HANDSHAKE ||
-        in[3] != 0 || in[4] != 0 ||
-        in[19] != 0 || in[20] != 0 || in[21] != 0 )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-    }
-
-    sid_len = in[59];
-    if( sid_len > in_len - 61 )
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-
-    cookie_len = in[60 + sid_len];
-    if( cookie_len > in_len - 60 )
-        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
-
-    if( f_cookie_check( p_cookie, in + sid_len + 61, cookie_len,
-                        cli_id, cli_id_len ) == 0 )
-    {
-        /* Valid cookie */
-        return( 0 );
-    }
-
-    /*
-     * If we get here, we've got an invalid cookie, let's prepare HVR.
-     *
-     *  0-0  ContentType type;                  copied
-     *  1-2  ProtocolVersion version;           copied
-     *  3-4  uint16 epoch;                      copied
-     *  5-10 uint48 sequence_number;            copied
-     * 11-12 uint16 length;                     olen - 13
-     *
-     * 13-13 HandshakeType msg_type;            hello_verify_request
-     * 14-16 uint24 length;                     olen - 25
-     * 17-18 uint16 message_seq;                copied
-     * 19-21 uint24 fragment_offset;            copied
-     * 22-24 uint24 fragment_length;            olen - 25
-     *
-     * 25-26 ProtocolVersion server_version;    0xfe 0xff
-     * 27-27 opaque cookie<0..2^8-1>;           cookie_len = olen - 27, cookie
-     *
-     * Minimum length is 28.
-     */
-    if( buf_len < 28 )
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-
-    /* Copy most fields and adapt others */
-    memcpy( obuf, in, 25 );
-    obuf[13] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST;
-    obuf[25] = 0xfe;
-    obuf[26] = 0xff;
-
-    /* Generate and write actual cookie */
-    p = obuf + 28;
-    if( f_cookie_write( p_cookie,
-                        &p, obuf + buf_len, cli_id, cli_id_len ) != 0 )
-    {
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    *olen = p - obuf;
-
-    /* Go back and fill length fields */
-    obuf[27] = (unsigned char)( *olen - 28 );
-
-    obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 );
-    obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >>  8 );
-    obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 )       );
-
-    obuf[11] = (unsigned char)( ( *olen - 13 ) >>  8 );
-    obuf[12] = (unsigned char)( ( *olen - 13 )       );
-
-    return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
-}
-
-/*
- * Handle possible client reconnect with the same UDP quadruplet
- * (RFC 6347 Section 4.2.8).
- *
- * Called by ssl_parse_record_header() in case we receive an epoch 0 record
- * that looks like a ClientHello.
- *
- * - if the input looks like a ClientHello without cookies,
- *   send back HelloVerifyRequest, then
- *   return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
- * - if the input looks like a ClientHello with a valid cookie,
- *   reset the session of the current context, and
- *   return MBEDTLS_ERR_SSL_CLIENT_RECONNECT
- * - if anything goes wrong, return a specific error code
- *
- * mbedtls_ssl_read_record() will ignore the record if anything else than
- * MBEDTLS_ERR_SSL_CLIENT_RECONNECT or 0 is returned, although this function
- * cannot not return 0.
- */
-static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    size_t len;
-
-    ret = ssl_check_dtls_clihlo_cookie(
-            ssl->conf->f_cookie_write,
-            ssl->conf->f_cookie_check,
-            ssl->conf->p_cookie,
-            ssl->cli_id, ssl->cli_id_len,
-            ssl->in_buf, ssl->in_left,
-            ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len );
-
-    MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_dtls_clihlo_cookie", ret );
-
-    if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
-    {
-        /* Don't check write errors as we can't do anything here.
-         * If the error is permanent we'll catch it later,
-         * if it's not, then hopefully it'll work next time. */
-        (void) ssl->f_send( ssl->p_bio, ssl->out_buf, len );
-
-        return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED );
-    }
-
-    if( ret == 0 )
-    {
-        /* Got a valid cookie, partially reset context */
-        if( ( ret = ssl_session_reset_int( ssl, 1 ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret );
-            return( ret );
-        }
-
-        return( MBEDTLS_ERR_SSL_CLIENT_RECONNECT );
-    }
-
-    return( ret );
-}
-#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
-
-/*
- * ContentType type;
- * ProtocolVersion version;
- * uint16 epoch;            // DTLS only
- * uint48 sequence_number;  // DTLS only
- * uint16 length;
- *
- * Return 0 if header looks sane (and, for DTLS, the record is expected)
- * MBEDTLS_ERR_SSL_INVALID_RECORD if the header looks bad,
- * MBEDTLS_ERR_SSL_UNEXPECTED_RECORD (DTLS only) if sane but unexpected.
- *
- * With DTLS, mbedtls_ssl_read_record() will:
- * 1. proceed with the record if this function returns 0
- * 2. drop only the current record if this function returns UNEXPECTED_RECORD
- * 3. return CLIENT_RECONNECT if this function return that value
- * 4. drop the whole datagram if this function returns anything else.
- * Point 2 is needed when the peer is resending, and we have already received
- * the first record from a datagram but are still waiting for the others.
- */
-static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
-{
-    int major_ver, minor_ver;
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) );
-
-    ssl->in_msgtype =  ssl->in_hdr[0];
-    ssl->in_msglen = ( ssl->in_len[0] << 8 ) | ssl->in_len[1];
-    mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, ssl->in_hdr + 1 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
-                        "version = [%d:%d], msglen = %d",
-                        ssl->in_msgtype,
-                        major_ver, minor_ver, ssl->in_msglen ) );
-
-    /* Check record type */
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
-        ssl->in_msgtype != MBEDTLS_SSL_MSG_ALERT &&
-        ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
-        ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-        /* Silently ignore invalid DTLS records as recommended by RFC 6347
-         * Section 4.1.2.7 */
-        if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                    MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-
-        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
-    }
-
-    /* Check version */
-    if( major_ver != ssl->major_ver )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch" ) );
-        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
-    }
-
-    if( minor_ver > ssl->conf->max_minor_ver )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) );
-        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
-    }
-
-    /* Check length against the size of our buffer */
-    if( ssl->in_msglen > MBEDTLS_SSL_IN_BUFFER_LEN
-                         - (size_t)( ssl->in_msg - ssl->in_buf ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
-        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
-    }
-
-    /* Check length against bounds of the current transform and version */
-    if( ssl->transform_in == NULL )
-    {
-        if( ssl->in_msglen < 1 ||
-            ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
-        }
-    }
-    else
-    {
-        if( ssl->in_msglen < ssl->transform_in->minlen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
-        }
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
-            ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_IN_CONTENT_LEN )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
-        }
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        /*
-         * TLS encrypted messages can have up to 256 bytes of padding
-         */
-        if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 &&
-            ssl->in_msglen > ssl->transform_in->minlen +
-                             MBEDTLS_SSL_IN_CONTENT_LEN + 256 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
-        }
-#endif
-    }
-
-    /*
-     * DTLS-related tests done last, because most of them may result in
-     * silently dropping the record (but not the whole datagram), and we only
-     * want to consider that after ensuring that the "basic" fields (type,
-     * version, length) are sane.
-     */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1];
-
-        /* Drop unexpected ChangeCipherSpec messages */
-        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
-            ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
-            ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) );
-            return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
-        }
-
-        /* Drop unexpected ApplicationData records,
-         * except at the beginning of renegotiations */
-        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
-            ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-            && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
-                   ssl->state == MBEDTLS_SSL_SERVER_HELLO )
-#endif
-            )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) );
-            return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
-        }
-
-        /* Check epoch (and sequence number) with DTLS */
-        if( rec_epoch != ssl->in_epoch )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
-                                        "expected %d, received %d",
-                                        ssl->in_epoch, rec_epoch ) );
-
-#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
-            /*
-             * Check for an epoch 0 ClientHello. We can't use in_msg here to
-             * access the first byte of record content (handshake type), as we
-             * have an active transform (possibly iv_len != 0), so use the
-             * fact that the record header len is 13 instead.
-             */
-            if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
-                ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER &&
-                rec_epoch == 0 &&
-                ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
-                ssl->in_left > 13 &&
-                ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "possible client reconnect "
-                                            "from the same port" ) );
-                return( ssl_handle_possible_reconnect( ssl ) );
-            }
-            else
-#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
-                return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
-        }
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-        /* Replay detection only works for the current epoch */
-        if( rec_epoch == ssl->in_epoch &&
-            mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) );
-            return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
-        }
-#endif
-    }
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-    return( 0 );
-}
-
-/*
- * If applicable, decrypt (and decompress) record content
- */
-static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
-{
-    int ret, done = 0;
-
-    MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network",
-                   ssl->in_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen );
-
-#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
-    if( mbedtls_ssl_hw_record_read != NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_read()" ) );
-
-        ret = mbedtls_ssl_hw_record_read( ssl );
-        if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_read", ret );
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
-
-        if( ret == 0 )
-            done = 1;
-    }
-#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
-    if( !done && ssl->transform_in != NULL )
-    {
-        if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
-            return( ret );
-        }
-
-        MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt",
-                       ssl->in_msg, ssl->in_msglen );
-
-        if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
-        }
-    }
-
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    if( ssl->transform_in != NULL &&
-        ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
-    {
-        if( ( ret = ssl_decompress_buf( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret );
-            return( ret );
-        }
-    }
-#endif /* MBEDTLS_ZLIB_SUPPORT */
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        mbedtls_ssl_dtls_replay_update( ssl );
-    }
-#endif
-
-    return( 0 );
-}
-
-static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
-
-/*
- * Read a record.
- *
- * Silently ignore non-fatal alert (and for DTLS, invalid records as well,
- * RFC 6347 4.1.2.7) and continue reading until a valid record is found.
- *
- */
-int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl )
-{
-    int ret;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) );
-
-    if( ssl->keep_current_message == 0 )
-    {
-        do {
-
-            if( ( ret = mbedtls_ssl_read_record_layer( ssl ) ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
-                return( ret );
-            }
-
-            ret = mbedtls_ssl_handle_message_type( ssl );
-
-        } while( MBEDTLS_ERR_SSL_NON_FATAL == ret );
-
-        if( 0 != ret )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
-            return( ret );
-        }
-
-        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
-        {
-            mbedtls_ssl_update_handshake_status( ssl );
-        }
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= reuse previously read message" ) );
-        ssl->keep_current_message = 0;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) );
-
-    return( 0 );
-}
-
-int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl )
-{
-    int ret;
-
-    /*
-     * Step A
-     *
-     * Consume last content-layer message and potentially
-     * update in_msglen which keeps track of the contents'
-     * consumption state.
-     *
-     * (1) Handshake messages:
-     *     Remove last handshake message, move content
-     *     and adapt in_msglen.
-     *
-     * (2) Alert messages:
-     *     Consume whole record content, in_msglen = 0.
-     *
-     *     NOTE: This needs to be fixed, since like for
-     *     handshake messages it is allowed to have
-     *     multiple alerts witin a single record.
-     *     Internal reference IOTSSL-1321.
-     *
-     * (3) Change cipher spec:
-     *     Consume whole record content, in_msglen = 0.
-     *
-     * (4) Application data:
-     *     Don't do anything - the record layer provides
-     *     the application data as a stream transport
-     *     and consumes through mbedtls_ssl_read only.
-     *
-     */
-
-    /* Case (1): Handshake messages */
-    if( ssl->in_hslen != 0 )
-    {
-        /* Hard assertion to be sure that no application data
-         * is in flight, as corrupting ssl->in_msglen during
-         * ssl->in_offt != NULL is fatal. */
-        if( ssl->in_offt != NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        /*
-         * Get next Handshake message in the current record
-         */
-
-        /* Notes:
-         * (1) in_hslen is *NOT* necessarily the size of the
-         *     current handshake content: If DTLS handshake
-         *     fragmentation is used, that's the fragment
-         *     size instead. Using the total handshake message
-         *     size here is FAULTY and should be changed at
-         *     some point. Internal reference IOTSSL-1414.
-         * (2) While it doesn't seem to cause problems, one
-         *     has to be very careful not to assume that in_hslen
-         *     is always <= in_msglen in a sensible communication.
-         *     Again, it's wrong for DTLS handshake fragmentation.
-         *     The following check is therefore mandatory, and
-         *     should not be treated as a silently corrected assertion.
-         *     Additionally, ssl->in_hslen might be arbitrarily out of
-         *     bounds after handling a DTLS message with an unexpected
-         *     sequence number, see mbedtls_ssl_prepare_handshake_record.
-         */
-        if( ssl->in_hslen < ssl->in_msglen )
-        {
-            ssl->in_msglen -= ssl->in_hslen;
-            memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen,
-                     ssl->in_msglen );
-
-            MBEDTLS_SSL_DEBUG_BUF( 4, "remaining content in record",
-                                   ssl->in_msg, ssl->in_msglen );
-        }
-        else
-        {
-            ssl->in_msglen = 0;
-        }
-
-        ssl->in_hslen   = 0;
-    }
-    /* Case (4): Application data */
-    else if( ssl->in_offt != NULL )
-    {
-        return( 0 );
-    }
-    /* Everything else (CCS & Alerts) */
-    else
-    {
-        ssl->in_msglen = 0;
-    }
-
-    /*
-     * Step B
-     *
-     * Fetch and decode new record if current one is fully consumed.
-     *
-     */
-
-    if( ssl->in_msglen > 0 )
-    {
-        /* There's something left to be processed in the current record. */
-        return( 0 );
-    }
-
-    /* Need to fetch a new record */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-read_record_header:
-#endif
-
-    /* Current record either fully processed or to be discarded. */
-
-    if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
-        return( ret );
-    }
-
-    if( ( ret = ssl_parse_record_header( ssl ) ) != 0 )
-    {
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-            ret != MBEDTLS_ERR_SSL_CLIENT_RECONNECT )
-        {
-            if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD )
-            {
-                /* Skip unexpected record (but not whole datagram) */
-                ssl->next_record_offset = ssl->in_msglen
-                                        + mbedtls_ssl_hdr_len( ssl );
-
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record "
-                                            "(header)" ) );
-            }
-            else
-            {
-                /* Skip invalid record and the rest of the datagram */
-                ssl->next_record_offset = 0;
-                ssl->in_left = 0;
-
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record "
-                                            "(header)" ) );
-            }
-
-            /* Get next record */
-            goto read_record_header;
-        }
-#endif
-        return( ret );
-    }
-
-    /*
-     * Read and optionally decrypt the message contents
-     */
-    if( ( ret = mbedtls_ssl_fetch_input( ssl,
-                                 mbedtls_ssl_hdr_len( ssl ) + ssl->in_msglen ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
-        return( ret );
-    }
-
-    /* Done reading this record, get ready for the next one */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        ssl->next_record_offset = ssl->in_msglen + mbedtls_ssl_hdr_len( ssl );
-    else
-#endif
-        ssl->in_left = 0;
-
-    if( ( ret = ssl_prepare_record_content( ssl ) ) != 0 )
-    {
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        {
-            /* Silently discard invalid records */
-            if( ret == MBEDTLS_ERR_SSL_INVALID_RECORD ||
-                ret == MBEDTLS_ERR_SSL_INVALID_MAC )
-            {
-                /* Except when waiting for Finished as a bad mac here
-                 * probably means something went wrong in the handshake
-                 * (eg wrong psk used, mitm downgrade attempt, etc.) */
-                if( ssl->state == MBEDTLS_SSL_CLIENT_FINISHED ||
-                    ssl->state == MBEDTLS_SSL_SERVER_FINISHED )
-                {
-#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
-                    if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
-                    {
-                        mbedtls_ssl_send_alert_message( ssl,
-                                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC );
-                    }
-#endif
-                    return( ret );
-                }
-
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
-                if( ssl->conf->badmac_limit != 0 &&
-                    ++ssl->badmac_seen >= ssl->conf->badmac_limit )
-                {
-                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) );
-                    return( MBEDTLS_ERR_SSL_INVALID_MAC );
-                }
-#endif
-
-                /* As above, invalid records cause
-                 * dismissal of the whole datagram. */
-
-                ssl->next_record_offset = 0;
-                ssl->in_left = 0;
-
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) );
-                goto read_record_header;
-            }
-
-            return( ret );
-        }
-        else
-#endif
-        {
-            /* Error out (and send alert) on invalid records */
-#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
-            if( ret == MBEDTLS_ERR_SSL_INVALID_MAC )
-            {
-                mbedtls_ssl_send_alert_message( ssl,
-                        MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                        MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC );
-            }
-#endif
-            return( ret );
-        }
-    }
-
-    /*
-     * When we sent the last flight of the handshake, we MUST respond to a
-     * retransmit of the peer's previous flight with a retransmit. (In
-     * practice, only the Finished message will make it, other messages
-     * including CCS use the old transform so they're dropped as invalid.)
-     *
-     * If the record we received is not a handshake message, however, it
-     * means the peer received our last flight so we can clean up
-     * handshake info.
-     *
-     * This check needs to be done before prepare_handshake() due to an edge
-     * case: if the client immediately requests renegotiation, this
-     * finishes the current handshake first, avoiding the new ClientHello
-     * being mistaken for an ancient message in the current handshake.
-     */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake != NULL &&
-        ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
-    {
-        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
-                ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "received retransmit of last flight" ) );
-
-            if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret );
-                return( ret );
-            }
-
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-        }
-        else
-        {
-            ssl_handshake_wrapup_free_hs_transform( ssl );
-        }
-    }
-#endif
-
-    return( 0 );
-}
-
-int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
-{
-    int ret;
-
-    /*
-     * Handle particular types of records
-     */
-    if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        if( ( ret = mbedtls_ssl_prepare_handshake_record( ssl ) ) != 0 )
-        {
-            return( ret );
-        }
-    }
-
-    if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
-                       ssl->in_msg[0], ssl->in_msg[1] ) );
-
-        /*
-         * Ignore non-fatal alerts, except close_notify and no_renegotiation
-         */
-        if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)",
-                           ssl->in_msg[1] ) );
-            return( MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE );
-        }
-
-        if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
-            ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a close notify message" ) );
-            return( MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY );
-        }
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED)
-        if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
-            ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) );
-            /* Will be handled when trying to parse ServerHello */
-            return( 0 );
-        }
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C)
-        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
-            ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
-            ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING &&
-            ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) );
-            /* Will be handled in mbedtls_ssl_parse_certificate() */
-            return( 0 );
-        }
-#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
-
-        /* Silently ignore: fetch new message */
-        return MBEDTLS_ERR_SSL_NON_FATAL;
-    }
-
-    return( 0 );
-}
-
-int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl )
-{
-    int ret;
-
-    if( ( ret = mbedtls_ssl_send_alert_message( ssl,
-                    MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                    MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    return( 0 );
-}
-
-int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
-                            unsigned char level,
-                            unsigned char message )
-{
-    int ret;
-
-    if( ssl == NULL || ssl->conf == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "send alert level=%u message=%u", level, message ));
-
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
-    ssl->out_msglen = 2;
-    ssl->out_msg[0] = level;
-    ssl->out_msg[1] = message;
-
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
-        return( ret );
-    }
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= send alert message" ) );
-
-    return( 0 );
-}
-
-/*
- * Handshake functions
- */
-#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)         && \
-    !defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)     && \
-    !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)     && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)   && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)    && \
-    !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-/* No certificate support -> dummy functions */
-int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
-{
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
-
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-}
-
-int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
-{
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
-
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-}
-
-#else
-/* Some certificate support -> implement write and parse */
-
-int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
-{
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-    size_t i, n;
-    const mbedtls_x509_crt *crt;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
-
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-#if defined(MBEDTLS_SSL_CLI_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-    {
-        if( ssl->client_auth == 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
-            ssl->state++;
-            return( 0 );
-        }
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-        /*
-         * If using SSLv3 and got no cert, send an Alert message
-         * (otherwise an empty Certificate message will be sent).
-         */
-        if( mbedtls_ssl_own_cert( ssl )  == NULL &&
-            ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-        {
-            ssl->out_msglen  = 2;
-            ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
-            ssl->out_msg[0]  = MBEDTLS_SSL_ALERT_LEVEL_WARNING;
-            ssl->out_msg[1]  = MBEDTLS_SSL_ALERT_MSG_NO_CERT;
-
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) );
-            goto write_msg;
-        }
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-    }
-#endif /* MBEDTLS_SSL_CLI_C */
-#if defined(MBEDTLS_SSL_SRV_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
-        if( mbedtls_ssl_own_cert( ssl ) == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
-            return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED );
-        }
-    }
-#endif
-
-    MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) );
-
-    /*
-     *     0  .  0    handshake type
-     *     1  .  3    handshake length
-     *     4  .  6    length of all certs
-     *     7  .  9    length of cert. 1
-     *    10  . n-1   peer certificate
-     *     n  . n+2   length of cert. 2
-     *    n+3 . ...   upper level cert, etc.
-     */
-    i = 7;
-    crt = mbedtls_ssl_own_cert( ssl );
-
-    while( crt != NULL )
-    {
-        n = crt->raw.len;
-        if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",
-                           i + 3 + n, MBEDTLS_SSL_OUT_CONTENT_LEN ) );
-            return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
-        }
-
-        ssl->out_msg[i    ] = (unsigned char)( n >> 16 );
-        ssl->out_msg[i + 1] = (unsigned char)( n >>  8 );
-        ssl->out_msg[i + 2] = (unsigned char)( n       );
-
-        i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
-        i += n; crt = crt->next;
-    }
-
-    ssl->out_msg[4]  = (unsigned char)( ( i - 7 ) >> 16 );
-    ssl->out_msg[5]  = (unsigned char)( ( i - 7 ) >>  8 );
-    ssl->out_msg[6]  = (unsigned char)( ( i - 7 )       );
-
-    ssl->out_msglen  = i;
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = MBEDTLS_SSL_HS_CERTIFICATE;
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C)
-write_msg:
-#endif
-
-    ssl->state++;
-
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) );
-
-    return( ret );
-}
-
-int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
-{
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-    size_t i, n;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
-    int authmode = ssl->conf->authmode;
-    uint8_t alert;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
-
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-#if defined(MBEDTLS_SSL_SRV_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET )
-        authmode = ssl->handshake->sni_authmode;
-#endif
-
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
-        authmode == MBEDTLS_SSL_VERIFY_NONE )
-    {
-        ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
-        ssl->state++;
-        return( 0 );
-    }
-#endif
-
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
-    {
-        /* mbedtls_ssl_read_record may have sent an alert already. We
-           let it decide whether to alert. */
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
-    }
-
-    ssl->state++;
-
-#if defined(MBEDTLS_SSL_SRV_C)
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-    /*
-     * Check if the client sent an empty certificate
-     */
-    if( ssl->conf->endpoint  == MBEDTLS_SSL_IS_SERVER &&
-        ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-    {
-        if( ssl->in_msglen  == 2                        &&
-            ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT            &&
-            ssl->in_msg[0]  == MBEDTLS_SSL_ALERT_LEVEL_WARNING  &&
-            ssl->in_msg[1]  == MBEDTLS_SSL_ALERT_MSG_NO_CERT )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
-
-            /* The client was asked for a certificate but didn't send
-               one. The client should know what's going on, so we
-               don't send an alert. */
-            ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
-            if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
-                return( 0 );
-            else
-                return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
-        }
-    }
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->conf->endpoint  == MBEDTLS_SSL_IS_SERVER &&
-        ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
-    {
-        if( ssl->in_hslen   == 3 + mbedtls_ssl_hs_hdr_len( ssl ) &&
-            ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE    &&
-            ssl->in_msg[0]  == MBEDTLS_SSL_HS_CERTIFICATE   &&
-            memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
-
-            /* The client was asked for a certificate but didn't send
-               one. The client should know what's going on, so we
-               don't send an alert. */
-            ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
-            if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
-                return( 0 );
-            else
-                return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
-        }
-    }
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
-          MBEDTLS_SSL_PROTO_TLS1_2 */
-#endif /* MBEDTLS_SSL_SRV_C */
-
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-    }
-
-    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE ||
-        ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
-    }
-
-    i = mbedtls_ssl_hs_hdr_len( ssl );
-
-    /*
-     * Same message structure as in mbedtls_ssl_write_certificate()
-     */
-    n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2];
-
-    if( ssl->in_msg[i] != 0 ||
-        ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
-    }
-
-    /* In case we tried to reuse a session but it failed */
-    if( ssl->session_negotiate->peer_cert != NULL )
-    {
-        mbedtls_x509_crt_free( ssl->session_negotiate->peer_cert );
-        mbedtls_free( ssl->session_negotiate->peer_cert );
-    }
-
-    if( ( ssl->session_negotiate->peer_cert = mbedtls_calloc( 1,
-                    sizeof( mbedtls_x509_crt ) ) ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
-                       sizeof( mbedtls_x509_crt ) ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-    }
-
-    mbedtls_x509_crt_init( ssl->session_negotiate->peer_cert );
-
-    i += 3;
-
-    while( i < ssl->in_hslen )
-    {
-        if( ssl->in_msg[i] != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
-        }
-
-        n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
-            | (unsigned int) ssl->in_msg[i + 2];
-        i += 3;
-
-        if( n < 128 || i + n > ssl->in_hslen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
-        }
-
-        ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert,
-                                  ssl->in_msg + i, n );
-        switch( ret )
-        {
-        case 0: /*ok*/
-        case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND:
-            /* Ignore certificate with an unknown algorithm: maybe a
-               prior certificate was already trusted. */
-            break;
-
-        case MBEDTLS_ERR_X509_ALLOC_FAILED:
-            alert = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR;
-            goto crt_parse_der_failed;
-
-        case MBEDTLS_ERR_X509_UNKNOWN_VERSION:
-            alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
-            goto crt_parse_der_failed;
-
-        default:
-            alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
-        crt_parse_der_failed:
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert );
-            MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
-            return( ret );
-        }
-
-        i += n;
-    }
-
-    MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", ssl->session_negotiate->peer_cert );
-
-    /*
-     * On client, make sure the server cert doesn't change during renego to
-     * avoid "triple handshake" attack: https://secure-resumption.com/
-     */
-#if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
-        ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-    {
-        if( ssl->session->peer_cert == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
-        }
-
-        if( ssl->session->peer_cert->raw.len !=
-            ssl->session_negotiate->peer_cert->raw.len ||
-            memcmp( ssl->session->peer_cert->raw.p,
-                    ssl->session_negotiate->peer_cert->raw.p,
-                    ssl->session->peer_cert->raw.len ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "server cert changed during renegotiation" ) );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
-        }
-    }
-#endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */
-
-    if( authmode != MBEDTLS_SSL_VERIFY_NONE )
-    {
-        mbedtls_x509_crt *ca_chain;
-        mbedtls_x509_crl *ca_crl;
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-        if( ssl->handshake->sni_ca_chain != NULL )
-        {
-            ca_chain = ssl->handshake->sni_ca_chain;
-            ca_crl   = ssl->handshake->sni_ca_crl;
-        }
-        else
-#endif
-        {
-            ca_chain = ssl->conf->ca_chain;
-            ca_crl   = ssl->conf->ca_crl;
-        }
-
-        /*
-         * Main check: verify certificate
-         */
-        ret = mbedtls_x509_crt_verify_with_profile(
-                                ssl->session_negotiate->peer_cert,
-                                ca_chain, ca_crl,
-                                ssl->conf->cert_profile,
-                                ssl->hostname,
-                               &ssl->session_negotiate->verify_result,
-                                ssl->conf->f_vrfy, ssl->conf->p_vrfy );
-
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
-        }
-
-        /*
-         * Secondary checks: always done, but change 'ret' only if it was 0
-         */
-
-#if defined(MBEDTLS_ECP_C)
-        {
-            const mbedtls_pk_context *pk = &ssl->session_negotiate->peer_cert->pk;
-
-            /* If certificate uses an EC key, make sure the curve is OK */
-            if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
-                mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
-            {
-                ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY;
-
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) );
-                if( ret == 0 )
-                    ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
-            }
-        }
-#endif /* MBEDTLS_ECP_C */
-
-        if( mbedtls_ssl_check_cert_usage( ssl->session_negotiate->peer_cert,
-                                 ciphersuite_info,
-                                 ! ssl->conf->endpoint,
-                                 &ssl->session_negotiate->verify_result ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
-            if( ret == 0 )
-                ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
-        }
-
-        /* mbedtls_x509_crt_verify_with_profile is supposed to report a
-         * verification failure through MBEDTLS_ERR_X509_CERT_VERIFY_FAILED,
-         * with details encoded in the verification flags. All other kinds
-         * of error codes, including those from the user provided f_vrfy
-         * functions, are treated as fatal and lead to a failure of
-         * ssl_parse_certificate even if verification was optional. */
-        if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
-            ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
-              ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) )
-        {
-            ret = 0;
-        }
-
-        if( ca_chain == NULL && authmode == MBEDTLS_SSL_VERIFY_REQUIRED )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
-            ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED;
-        }
-
-        if( ret != 0 )
-        {
-            /* The certificate may have been rejected for several reasons.
-               Pick one and send the corresponding alert. Which alert to send
-               may be a subject of debate in some cases. */
-            if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER )
-                alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH )
-                alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE )
-                alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE )
-                alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE )
-                alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK )
-                alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY )
-                alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED )
-                alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED )
-                alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED;
-            else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED )
-                alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA;
-            else
-                alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN;
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            alert );
-        }
-
-#if defined(MBEDTLS_DEBUG_C)
-        if( ssl->session_negotiate->verify_result != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x",
-                                        ssl->session_negotiate->verify_result ) );
-        }
-        else
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) );
-        }
-#endif /* MBEDTLS_DEBUG_C */
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
-
-    return( ret );
-}
-#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-          !MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-          !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-          !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-          !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-          !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-          !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
-int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl )
-{
-    int ret;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) );
-
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
-    ssl->out_msglen  = 1;
-    ssl->out_msg[0]  = 1;
-
-    ssl->state++;
-
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) );
-
-    return( 0 );
-}
-
-int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
-{
-    int ret;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) );
-
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
-    }
-
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-    }
-
-    if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC );
-    }
-
-    /*
-     * Switch to our negotiated transform and session parameters for inbound
-     * data.
-     */
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) );
-    ssl->transform_in = ssl->transform_negotiate;
-    ssl->session_in = ssl->session_negotiate;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-        ssl_dtls_replay_reset( ssl );
-#endif
-
-        /* Increment epoch */
-        if( ++ssl->in_epoch == 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) );
-            /* This is highly unlikely to happen for legitimate reasons, so
-               treat it as an attack and don't send an alert. */
-            return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
-        }
-    }
-    else
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-    memset( ssl->in_ctr, 0, 8 );
-
-    /*
-     * Set the in_msg pointer to the correct location based on IV length
-     */
-    if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
-    {
-        ssl->in_msg = ssl->in_iv + ssl->transform_negotiate->ivlen -
-                      ssl->transform_negotiate->fixed_ivlen;
-    }
-    else
-        ssl->in_msg = ssl->in_iv;
-
-#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
-    if( mbedtls_ssl_hw_record_activate != NULL )
-    {
-        if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_INBOUND ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
-            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                            MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
-    }
-#endif
-
-    ssl->state++;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) );
-
-    return( 0 );
-}
-
-void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
-                            const mbedtls_ssl_ciphersuite_t *ciphersuite_info )
-{
-    ((void) ciphersuite_info);
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-    if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
-        ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
-    else
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA512_C)
-    if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
-        ssl->handshake->update_checksum = ssl_update_checksum_sha384;
-    else
-#endif
-#if defined(MBEDTLS_SHA256_C)
-    if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 )
-        ssl->handshake->update_checksum = ssl_update_checksum_sha256;
-    else
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return;
-    }
-}
-
-void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl )
-{
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-     mbedtls_md5_starts_ret( &ssl->handshake->fin_md5  );
-    mbedtls_sha1_starts_ret( &ssl->handshake->fin_sha1 );
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-    mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 );
-#endif
-#if defined(MBEDTLS_SHA512_C)
-    mbedtls_sha512_starts_ret( &ssl->handshake->fin_sha512, 1 );
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-}
-
-static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
-                                       const unsigned char *buf, size_t len )
-{
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-     mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len );
-    mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len );
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-    mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
-#endif
-#if defined(MBEDTLS_SHA512_C)
-    mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-}
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf, size_t len )
-{
-     mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len );
-    mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len );
-}
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
-                                        const unsigned char *buf, size_t len )
-{
-    mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
-}
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
-                                        const unsigned char *buf, size_t len )
-{
-    mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
-}
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-static void ssl_calc_finished_ssl(
-                mbedtls_ssl_context *ssl, unsigned char *buf, int from )
-{
-    const char *sender;
-    mbedtls_md5_context  md5;
-    mbedtls_sha1_context sha1;
-
-    unsigned char padbuf[48];
-    unsigned char md5sum[16];
-    unsigned char sha1sum[20];
-
-    mbedtls_ssl_session *session = ssl->session_negotiate;
-    if( !session )
-        session = ssl->session;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc  finished ssl" ) );
-
-    mbedtls_md5_init( &md5 );
-    mbedtls_sha1_init( &sha1 );
-
-    mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
-    mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
-
-    /*
-     * SSLv3:
-     *   hash =
-     *      MD5( master + pad2 +
-     *          MD5( handshake + sender + master + pad1 ) )
-     *   + SHA1( master + pad2 +
-     *         SHA1( handshake + sender + master + pad1 ) )
-     */
-
-#if !defined(MBEDTLS_MD5_ALT)
-    MBEDTLS_SSL_DEBUG_BUF( 4, "finished  md5 state", (unsigned char *)
-                    md5.state, sizeof(  md5.state ) );
-#endif
-
-#if !defined(MBEDTLS_SHA1_ALT)
-    MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
-                   sha1.state, sizeof( sha1.state ) );
-#endif
-
-    sender = ( from == MBEDTLS_SSL_IS_CLIENT ) ? "CLNT"
-                                       : "SRVR";
-
-    memset( padbuf, 0x36, 48 );
-
-    mbedtls_md5_update_ret( &md5, (const unsigned char *) sender, 4 );
-    mbedtls_md5_update_ret( &md5, session->master, 48 );
-    mbedtls_md5_update_ret( &md5, padbuf, 48 );
-    mbedtls_md5_finish_ret( &md5, md5sum );
-
-    mbedtls_sha1_update_ret( &sha1, (const unsigned char *) sender, 4 );
-    mbedtls_sha1_update_ret( &sha1, session->master, 48 );
-    mbedtls_sha1_update_ret( &sha1, padbuf, 40 );
-    mbedtls_sha1_finish_ret( &sha1, sha1sum );
-
-    memset( padbuf, 0x5C, 48 );
-
-    mbedtls_md5_starts_ret( &md5 );
-    mbedtls_md5_update_ret( &md5, session->master, 48 );
-    mbedtls_md5_update_ret( &md5, padbuf, 48 );
-    mbedtls_md5_update_ret( &md5, md5sum, 16 );
-    mbedtls_md5_finish_ret( &md5, buf );
-
-    mbedtls_sha1_starts_ret( &sha1 );
-    mbedtls_sha1_update_ret( &sha1, session->master, 48 );
-    mbedtls_sha1_update_ret( &sha1, padbuf , 40 );
-    mbedtls_sha1_update_ret( &sha1, sha1sum, 20 );
-    mbedtls_sha1_finish_ret( &sha1, buf + 16 );
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 );
-
-    mbedtls_md5_free(  &md5  );
-    mbedtls_sha1_free( &sha1 );
-
-    mbedtls_zeroize(  padbuf, sizeof(  padbuf ) );
-    mbedtls_zeroize(  md5sum, sizeof(  md5sum ) );
-    mbedtls_zeroize( sha1sum, sizeof( sha1sum ) );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc  finished" ) );
-}
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-static void ssl_calc_finished_tls(
-                mbedtls_ssl_context *ssl, unsigned char *buf, int from )
-{
-    int len = 12;
-    const char *sender;
-    mbedtls_md5_context  md5;
-    mbedtls_sha1_context sha1;
-    unsigned char padbuf[36];
-
-    mbedtls_ssl_session *session = ssl->session_negotiate;
-    if( !session )
-        session = ssl->session;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc  finished tls" ) );
-
-    mbedtls_md5_init( &md5 );
-    mbedtls_sha1_init( &sha1 );
-
-    mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
-    mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
-
-    /*
-     * TLSv1:
-     *   hash = PRF( master, finished_label,
-     *               MD5( handshake ) + SHA1( handshake ) )[0..11]
-     */
-
-#if !defined(MBEDTLS_MD5_ALT)
-    MBEDTLS_SSL_DEBUG_BUF( 4, "finished  md5 state", (unsigned char *)
-                    md5.state, sizeof(  md5.state ) );
-#endif
-
-#if !defined(MBEDTLS_SHA1_ALT)
-    MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
-                   sha1.state, sizeof( sha1.state ) );
-#endif
-
-    sender = ( from == MBEDTLS_SSL_IS_CLIENT )
-             ? "client finished"
-             : "server finished";
-
-    mbedtls_md5_finish_ret(  &md5, padbuf );
-    mbedtls_sha1_finish_ret( &sha1, padbuf + 16 );
-
-    ssl->handshake->tls_prf( session->master, 48, sender,
-                             padbuf, 36, buf, len );
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
-
-    mbedtls_md5_free(  &md5  );
-    mbedtls_sha1_free( &sha1 );
-
-    mbedtls_zeroize(  padbuf, sizeof(  padbuf ) );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc  finished" ) );
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-static void ssl_calc_finished_tls_sha256(
-                mbedtls_ssl_context *ssl, unsigned char *buf, int from )
-{
-    int len = 12;
-    const char *sender;
-    mbedtls_sha256_context sha256;
-    unsigned char padbuf[32];
-
-    mbedtls_ssl_session *session = ssl->session_negotiate;
-    if( !session )
-        session = ssl->session;
-
-    mbedtls_sha256_init( &sha256 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc  finished tls sha256" ) );
-
-    mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
-
-    /*
-     * TLSv1.2:
-     *   hash = PRF( master, finished_label,
-     *               Hash( handshake ) )[0.11]
-     */
-
-#if !defined(MBEDTLS_SHA256_ALT)
-    MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
-                   sha256.state, sizeof( sha256.state ) );
-#endif
-
-    sender = ( from == MBEDTLS_SSL_IS_CLIENT )
-             ? "client finished"
-             : "server finished";
-
-    mbedtls_sha256_finish_ret( &sha256, padbuf );
-
-    ssl->handshake->tls_prf( session->master, 48, sender,
-                             padbuf, 32, buf, len );
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
-
-    mbedtls_sha256_free( &sha256 );
-
-    mbedtls_zeroize(  padbuf, sizeof(  padbuf ) );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc  finished" ) );
-}
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-static void ssl_calc_finished_tls_sha384(
-                mbedtls_ssl_context *ssl, unsigned char *buf, int from )
-{
-    int len = 12;
-    const char *sender;
-    mbedtls_sha512_context sha512;
-    unsigned char padbuf[48];
-
-    mbedtls_ssl_session *session = ssl->session_negotiate;
-    if( !session )
-        session = ssl->session;
-
-    mbedtls_sha512_init( &sha512 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc  finished tls sha384" ) );
-
-    mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
-
-    /*
-     * TLSv1.2:
-     *   hash = PRF( master, finished_label,
-     *               Hash( handshake ) )[0.11]
-     */
-
-#if !defined(MBEDTLS_SHA512_ALT)
-    MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *)
-                   sha512.state, sizeof( sha512.state ) );
-#endif
-
-    sender = ( from == MBEDTLS_SSL_IS_CLIENT )
-             ? "client finished"
-             : "server finished";
-
-    mbedtls_sha512_finish_ret( &sha512, padbuf );
-
-    ssl->handshake->tls_prf( session->master, 48, sender,
-                             padbuf, 48, buf, len );
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
-
-    mbedtls_sha512_free( &sha512 );
-
-    mbedtls_zeroize(  padbuf, sizeof( padbuf ) );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc  finished" ) );
-}
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl )
-{
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) );
-
-    /*
-     * Free our handshake params
-     */
-    mbedtls_ssl_handshake_free( ssl->handshake );
-    mbedtls_free( ssl->handshake );
-    ssl->handshake = NULL;
-
-    /*
-     * Free the previous transform and swith in the current one
-     */
-    if( ssl->transform )
-    {
-        mbedtls_ssl_transform_free( ssl->transform );
-        mbedtls_free( ssl->transform );
-    }
-    ssl->transform = ssl->transform_negotiate;
-    ssl->transform_negotiate = NULL;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) );
-}
-
-void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl )
-{
-    int resume = ssl->handshake->resume;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-    {
-        ssl->renego_status =  MBEDTLS_SSL_RENEGOTIATION_DONE;
-        ssl->renego_records_seen = 0;
-    }
-#endif
-
-    /*
-     * Free the previous session and switch in the current one
-     */
-    if( ssl->session )
-    {
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-        /* RFC 7366 3.1: keep the EtM state */
-        ssl->session_negotiate->encrypt_then_mac =
-                  ssl->session->encrypt_then_mac;
-#endif
-
-        mbedtls_ssl_session_free( ssl->session );
-        mbedtls_free( ssl->session );
-    }
-    ssl->session = ssl->session_negotiate;
-    ssl->session_negotiate = NULL;
-
-    /*
-     * Add cache entry
-     */
-    if( ssl->conf->f_set_cache != NULL &&
-        ssl->session->id_len != 0 &&
-        resume == 0 )
-    {
-        if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 )
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) );
-    }
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake->flight != NULL )
-    {
-        /* Cancel handshake timer */
-        ssl_set_timer( ssl, 0 );
-
-        /* Keep last flight around in case we need to resend it:
-         * we need the handshake and transform structures for that */
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) );
-    }
-    else
-#endif
-        ssl_handshake_wrapup_free_hs_transform( ssl );
-
-    ssl->state++;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) );
-}
-
-int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
-{
-    int ret, hash_len;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
-
-    /*
-     * Set the out_msg pointer to the correct location based on IV length
-     */
-    if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
-    {
-        ssl->out_msg = ssl->out_iv + ssl->transform_negotiate->ivlen -
-                       ssl->transform_negotiate->fixed_ivlen;
-    }
-    else
-        ssl->out_msg = ssl->out_iv;
-
-    ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
-
-    /*
-     * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites
-     * may define some other value. Currently (early 2016), no defined
-     * ciphersuite does this (and this is unlikely to change as activity has
-     * moved to TLS 1.3 now) so we can keep the hardcoded 12 here.
-     */
-    hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12;
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    ssl->verify_data_len = hash_len;
-    memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len );
-#endif
-
-    ssl->out_msglen  = 4 + hash_len;
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = MBEDTLS_SSL_HS_FINISHED;
-
-    /*
-     * In case of session resuming, invert the client and server
-     * ChangeCipherSpec messages order.
-     */
-    if( ssl->handshake->resume != 0 )
-    {
-#if defined(MBEDTLS_SSL_CLI_C)
-        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-            ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
-#endif
-#if defined(MBEDTLS_SSL_SRV_C)
-        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
-            ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
-#endif
-    }
-    else
-        ssl->state++;
-
-    /*
-     * Switch to our negotiated transform and session parameters for outbound
-     * data.
-     */
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        unsigned char i;
-
-        /* Remember current epoch settings for resending */
-        ssl->handshake->alt_transform_out = ssl->transform_out;
-        memcpy( ssl->handshake->alt_out_ctr, ssl->out_ctr, 8 );
-
-        /* Set sequence_number to zero */
-        memset( ssl->out_ctr + 2, 0, 6 );
-
-        /* Increment epoch */
-        for( i = 2; i > 0; i-- )
-            if( ++ssl->out_ctr[i - 1] != 0 )
-                break;
-
-        /* The loop goes to its end iff the counter is wrapping */
-        if( i == 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) );
-            return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
-        }
-    }
-    else
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-    memset( ssl->out_ctr, 0, 8 );
-
-    ssl->transform_out = ssl->transform_negotiate;
-    ssl->session_out = ssl->session_negotiate;
-
-#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
-    if( mbedtls_ssl_hw_record_activate != NULL )
-    {
-        if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret );
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
-    }
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        mbedtls_ssl_send_flight_completed( ssl );
-#endif
-
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-#define SSL_MAX_HASH_LEN 36
-#else
-#define SSL_MAX_HASH_LEN 12
-#endif
-
-int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
-{
-    int ret;
-    unsigned int hash_len;
-    unsigned char buf[SSL_MAX_HASH_LEN];
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
-
-    ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 );
-
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
-    }
-
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-    }
-
-    /* There is currently no ciphersuite using another length with TLS 1.2 */
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-        hash_len = 36;
-    else
-#endif
-        hash_len = 12;
-
-    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED ||
-        ssl->in_hslen  != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
-    }
-
-    if( mbedtls_ssl_safer_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ),
-                      buf, hash_len ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
-    }
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    ssl->verify_data_len = hash_len;
-    memcpy( ssl->peer_verify_data, buf, hash_len );
-#endif
-
-    if( ssl->handshake->resume != 0 )
-    {
-#if defined(MBEDTLS_SSL_CLI_C)
-        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-            ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
-#endif
-#if defined(MBEDTLS_SSL_SRV_C)
-        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
-            ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
-#endif
-    }
-    else
-        ssl->state++;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        mbedtls_ssl_recv_flight_completed( ssl );
-#endif
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) );
-
-    return( 0 );
-}
-
-static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
-{
-    memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-     mbedtls_md5_init(   &handshake->fin_md5  );
-    mbedtls_sha1_init(   &handshake->fin_sha1 );
-     mbedtls_md5_starts_ret( &handshake->fin_md5  );
-    mbedtls_sha1_starts_ret( &handshake->fin_sha1 );
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-    mbedtls_sha256_init(   &handshake->fin_sha256    );
-    mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 );
-#endif
-#if defined(MBEDTLS_SHA512_C)
-    mbedtls_sha512_init(   &handshake->fin_sha512    );
-    mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 );
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-    handshake->update_checksum = ssl_update_checksum_start;
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-    mbedtls_ssl_sig_hash_set_init( &handshake->hash_algs );
-#endif
-
-#if defined(MBEDTLS_DHM_C)
-    mbedtls_dhm_init( &handshake->dhm_ctx );
-#endif
-#if defined(MBEDTLS_ECDH_C)
-    mbedtls_ecdh_init( &handshake->ecdh_ctx );
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    mbedtls_ecjpake_init( &handshake->ecjpake_ctx );
-#if defined(MBEDTLS_SSL_CLI_C)
-    handshake->ecjpake_cache = NULL;
-    handshake->ecjpake_cache_len = 0;
-#endif
-#endif
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    handshake->sni_authmode = MBEDTLS_SSL_VERIFY_UNSET;
-#endif
-}
-
-static void ssl_transform_init( mbedtls_ssl_transform *transform )
-{
-    memset( transform, 0, sizeof(mbedtls_ssl_transform) );
-
-    mbedtls_cipher_init( &transform->cipher_ctx_enc );
-    mbedtls_cipher_init( &transform->cipher_ctx_dec );
-
-    mbedtls_md_init( &transform->md_ctx_enc );
-    mbedtls_md_init( &transform->md_ctx_dec );
-}
-
-void mbedtls_ssl_session_init( mbedtls_ssl_session *session )
-{
-    memset( session, 0, sizeof(mbedtls_ssl_session) );
-}
-
-static int ssl_handshake_init( mbedtls_ssl_context *ssl )
-{
-    /* Clear old handshake information if present */
-    if( ssl->transform_negotiate )
-        mbedtls_ssl_transform_free( ssl->transform_negotiate );
-    if( ssl->session_negotiate )
-        mbedtls_ssl_session_free( ssl->session_negotiate );
-    if( ssl->handshake )
-        mbedtls_ssl_handshake_free( ssl->handshake );
-
-    /*
-     * Either the pointers are now NULL or cleared properly and can be freed.
-     * Now allocate missing structures.
-     */
-    if( ssl->transform_negotiate == NULL )
-    {
-        ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) );
-    }
-
-    if( ssl->session_negotiate == NULL )
-    {
-        ssl->session_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_session) );
-    }
-
-    if( ssl->handshake == NULL )
-    {
-        ssl->handshake = mbedtls_calloc( 1, sizeof(mbedtls_ssl_handshake_params) );
-    }
-
-    /* All pointers should exist and can be directly freed without issue */
-    if( ssl->handshake == NULL ||
-        ssl->transform_negotiate == NULL ||
-        ssl->session_negotiate == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) );
-
-        mbedtls_free( ssl->handshake );
-        mbedtls_free( ssl->transform_negotiate );
-        mbedtls_free( ssl->session_negotiate );
-
-        ssl->handshake = NULL;
-        ssl->transform_negotiate = NULL;
-        ssl->session_negotiate = NULL;
-
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-    }
-
-    /* Initialize structures */
-    mbedtls_ssl_session_init( ssl->session_negotiate );
-    ssl_transform_init( ssl->transform_negotiate );
-    ssl_handshake_params_init( ssl->handshake );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        ssl->handshake->alt_transform_out = ssl->transform_out;
-
-        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-            ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
-        else
-            ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
-
-        ssl_set_timer( ssl, 0 );
-    }
-#endif
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-/* Dummy cookie callbacks for defaults */
-static int ssl_cookie_write_dummy( void *ctx,
-                      unsigned char **p, unsigned char *end,
-                      const unsigned char *cli_id, size_t cli_id_len )
-{
-    ((void) ctx);
-    ((void) p);
-    ((void) end);
-    ((void) cli_id);
-    ((void) cli_id_len);
-
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-}
-
-static int ssl_cookie_check_dummy( void *ctx,
-                      const unsigned char *cookie, size_t cookie_len,
-                      const unsigned char *cli_id, size_t cli_id_len )
-{
-    ((void) ctx);
-    ((void) cookie);
-    ((void) cookie_len);
-    ((void) cli_id);
-    ((void) cli_id_len);
-
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-}
-#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
-
-/*
- * Initialize an SSL context
- */
-void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
-{
-    memset( ssl, 0, sizeof( mbedtls_ssl_context ) );
-}
-
-/*
- * Setup an SSL context
- */
-int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
-                       const mbedtls_ssl_config *conf )
-{
-    int ret;
-
-    ssl->conf = conf;
-
-    /*
-     * Prepare base structures
-     */
-    ssl->in_buf = mbedtls_calloc( 1, MBEDTLS_SSL_IN_BUFFER_LEN );
-    if( ssl->in_buf == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", MBEDTLS_SSL_IN_BUFFER_LEN) );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-    }
-     ssl->out_buf = mbedtls_calloc( 1, MBEDTLS_SSL_OUT_BUFFER_LEN );
-    if( ssl->out_buf == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", MBEDTLS_SSL_OUT_BUFFER_LEN ) );
-        mbedtls_free( ssl->in_buf );
-        ssl->in_buf = NULL;
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-    }
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        ssl->out_hdr = ssl->out_buf;
-        ssl->out_ctr = ssl->out_buf +  3;
-        ssl->out_len = ssl->out_buf + 11;
-        ssl->out_iv  = ssl->out_buf + 13;
-        ssl->out_msg = ssl->out_buf + 13;
-
-        ssl->in_hdr = ssl->in_buf;
-        ssl->in_ctr = ssl->in_buf +  3;
-        ssl->in_len = ssl->in_buf + 11;
-        ssl->in_iv  = ssl->in_buf + 13;
-        ssl->in_msg = ssl->in_buf + 13;
-    }
-    else
-#endif
-    {
-        ssl->out_ctr = ssl->out_buf;
-        ssl->out_hdr = ssl->out_buf +  8;
-        ssl->out_len = ssl->out_buf + 11;
-        ssl->out_iv  = ssl->out_buf + 13;
-        ssl->out_msg = ssl->out_buf + 13;
-
-        ssl->in_ctr = ssl->in_buf;
-        ssl->in_hdr = ssl->in_buf +  8;
-        ssl->in_len = ssl->in_buf + 11;
-        ssl->in_iv  = ssl->in_buf + 13;
-        ssl->in_msg = ssl->in_buf + 13;
-    }
-
-    if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-/*
- * Reset an initialized and used SSL context for re-use while retaining
- * all application-set variables, function pointers and data.
- *
- * If partial is non-zero, keep data in the input buffer and client ID.
- * (Use when a DTLS client reconnects from the same port.)
- */
-static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
-{
-    int ret;
-
-    ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
-
-    /* Cancel any possibly running timer */
-    ssl_set_timer( ssl, 0 );
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE;
-    ssl->renego_records_seen = 0;
-
-    ssl->verify_data_len = 0;
-    memset( ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN );
-    memset( ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN );
-#endif
-    ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION;
-
-    ssl->in_offt = NULL;
-
-    ssl->in_msg = ssl->in_buf + 13;
-    ssl->in_msgtype = 0;
-    ssl->in_msglen = 0;
-    if( partial == 0 )
-        ssl->in_left = 0;
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    ssl->next_record_offset = 0;
-    ssl->in_epoch = 0;
-#endif
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-    ssl_dtls_replay_reset( ssl );
-#endif
-
-    ssl->in_hslen = 0;
-    ssl->nb_zero = 0;
-
-    ssl->keep_current_message = 0;
-
-    ssl->out_msg = ssl->out_buf + 13;
-    ssl->out_msgtype = 0;
-    ssl->out_msglen = 0;
-    ssl->out_left = 0;
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-    if( ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED )
-        ssl->split_done = 0;
-#endif
-
-    ssl->transform_in = NULL;
-    ssl->transform_out = NULL;
-
-    memset( ssl->out_buf, 0, MBEDTLS_SSL_OUT_BUFFER_LEN );
-    if( partial == 0 )
-        memset( ssl->in_buf, 0, MBEDTLS_SSL_IN_BUFFER_LEN );
-
-#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
-    if( mbedtls_ssl_hw_record_reset != NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_reset()" ) );
-        if( ( ret = mbedtls_ssl_hw_record_reset( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_reset", ret );
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
-    }
-#endif
-
-    if( ssl->transform )
-    {
-        mbedtls_ssl_transform_free( ssl->transform );
-        mbedtls_free( ssl->transform );
-        ssl->transform = NULL;
-    }
-
-    if( ssl->session )
-    {
-        mbedtls_ssl_session_free( ssl->session );
-        mbedtls_free( ssl->session );
-        ssl->session = NULL;
-    }
-
-#if defined(MBEDTLS_SSL_ALPN)
-    ssl->alpn_chosen = NULL;
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-    if( partial == 0 )
-    {
-        mbedtls_free( ssl->cli_id );
-        ssl->cli_id = NULL;
-        ssl->cli_id_len = 0;
-    }
-#endif
-
-    if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-/*
- * Reset an initialized and used SSL context for re-use while retaining
- * all application-set variables, function pointers and data.
- */
-int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl )
-{
-    return( ssl_session_reset_int( ssl, 0 ) );
-}
-
-/*
- * SSL set accessors
- */
-void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint )
-{
-    conf->endpoint   = endpoint;
-}
-
-void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport )
-{
-    conf->transport = transport;
-}
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode )
-{
-    conf->anti_replay = mode;
-}
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
-void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit )
-{
-    conf->badmac_limit = limit;
-}
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max )
-{
-    conf->hs_timeout_min = min;
-    conf->hs_timeout_max = max;
-}
-#endif
-
-void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode )
-{
-    conf->authmode   = authmode;
-}
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy )
-{
-    conf->f_vrfy      = f_vrfy;
-    conf->p_vrfy      = p_vrfy;
-}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
-                  int (*f_rng)(void *, unsigned char *, size_t),
-                  void *p_rng )
-{
-    conf->f_rng      = f_rng;
-    conf->p_rng      = p_rng;
-}
-
-void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
-                  void (*f_dbg)(void *, int, const char *, int, const char *),
-                  void  *p_dbg )
-{
-    conf->f_dbg      = f_dbg;
-    conf->p_dbg      = p_dbg;
-}
-
-void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
-        void *p_bio,
-        mbedtls_ssl_send_t *f_send,
-        mbedtls_ssl_recv_t *f_recv,
-        mbedtls_ssl_recv_timeout_t *f_recv_timeout )
-{
-    ssl->p_bio          = p_bio;
-    ssl->f_send         = f_send;
-    ssl->f_recv         = f_recv;
-    ssl->f_recv_timeout = f_recv_timeout;
-}
-
-void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
-{
-    conf->read_timeout   = timeout;
-}
-
-void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
-                               void *p_timer,
-                               mbedtls_ssl_set_timer_t *f_set_timer,
-                               mbedtls_ssl_get_timer_t *f_get_timer )
-{
-    ssl->p_timer        = p_timer;
-    ssl->f_set_timer    = f_set_timer;
-    ssl->f_get_timer    = f_get_timer;
-
-    /* Make sure we start with no timer running */
-    ssl_set_timer( ssl, 0 );
-}
-
-#if defined(MBEDTLS_SSL_SRV_C)
-void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
-        void *p_cache,
-        int (*f_get_cache)(void *, mbedtls_ssl_session *),
-        int (*f_set_cache)(void *, const mbedtls_ssl_session *) )
-{
-    conf->p_cache = p_cache;
-    conf->f_get_cache = f_get_cache;
-    conf->f_set_cache = f_set_cache;
-}
-#endif /* MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_CLI_C)
-int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session )
-{
-    int ret;
-
-    if( ssl == NULL ||
-        session == NULL ||
-        ssl->session_negotiate == NULL ||
-        ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    if( ( ret = ssl_session_copy( ssl->session_negotiate, session ) ) != 0 )
-        return( ret );
-
-    ssl->handshake->resume = 1;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_CLI_C */
-
-void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
-                                   const int *ciphersuites )
-{
-    conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites;
-    conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites;
-    conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites;
-    conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites;
-}
-
-void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
-                                       const int *ciphersuites,
-                                       int major, int minor )
-{
-    if( major != MBEDTLS_SSL_MAJOR_VERSION_3 )
-        return;
-
-    if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 )
-        return;
-
-    conf->ciphersuite_list[minor] = ciphersuites;
-}
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
-                                    const mbedtls_x509_crt_profile *profile )
-{
-    conf->cert_profile = profile;
-}
-
-/* Append a new keycert entry to a (possibly empty) list */
-static int ssl_append_key_cert( mbedtls_ssl_key_cert **head,
-                                mbedtls_x509_crt *cert,
-                                mbedtls_pk_context *key )
-{
-    mbedtls_ssl_key_cert *new;
-
-    new = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) );
-    if( new == NULL )
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-
-    new->cert = cert;
-    new->key  = key;
-    new->next = NULL;
-
-    /* Update head is the list was null, else add to the end */
-    if( *head == NULL )
-    {
-        *head = new;
-    }
-    else
-    {
-        mbedtls_ssl_key_cert *cur = *head;
-        while( cur->next != NULL )
-            cur = cur->next;
-        cur->next = new;
-    }
-
-    return( 0 );
-}
-
-int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
-                              mbedtls_x509_crt *own_cert,
-                              mbedtls_pk_context *pk_key )
-{
-    return( ssl_append_key_cert( &conf->key_cert, own_cert, pk_key ) );
-}
-
-void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
-                               mbedtls_x509_crt *ca_chain,
-                               mbedtls_x509_crl *ca_crl )
-{
-    conf->ca_chain   = ca_chain;
-    conf->ca_crl     = ca_crl;
-}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
-                                 mbedtls_x509_crt *own_cert,
-                                 mbedtls_pk_context *pk_key )
-{
-    return( ssl_append_key_cert( &ssl->handshake->sni_key_cert,
-                                 own_cert, pk_key ) );
-}
-
-void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
-                                  mbedtls_x509_crt *ca_chain,
-                                  mbedtls_x509_crl *ca_crl )
-{
-    ssl->handshake->sni_ca_chain   = ca_chain;
-    ssl->handshake->sni_ca_crl     = ca_crl;
-}
-
-void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
-                                  int authmode )
-{
-    ssl->handshake->sni_authmode = authmode;
-}
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-/*
- * Set EC J-PAKE password for current handshake
- */
-int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
-                                         const unsigned char *pw,
-                                         size_t pw_len )
-{
-    mbedtls_ecjpake_role role;
-
-    if( ssl->handshake == NULL || ssl->conf == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
-        role = MBEDTLS_ECJPAKE_SERVER;
-    else
-        role = MBEDTLS_ECJPAKE_CLIENT;
-
-    return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx,
-                                   role,
-                                   MBEDTLS_MD_SHA256,
-                                   MBEDTLS_ECP_DP_SECP256R1,
-                                   pw, pw_len ) );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
-                const unsigned char *psk, size_t psk_len,
-                const unsigned char *psk_identity, size_t psk_identity_len )
-{
-    if( psk == NULL || psk_identity == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    if( psk_len > MBEDTLS_PSK_MAX_LEN )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    /* Identity len will be encoded on two bytes */
-    if( ( psk_identity_len >> 16 ) != 0 ||
-        psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    if( conf->psk != NULL )
-    {
-        mbedtls_zeroize( conf->psk, conf->psk_len );
-
-        mbedtls_free( conf->psk );
-        conf->psk = NULL;
-        conf->psk_len = 0;
-    }
-    if( conf->psk_identity != NULL )
-    {
-        mbedtls_free( conf->psk_identity );
-        conf->psk_identity = NULL;
-        conf->psk_identity_len = 0;
-    }
-
-    if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ||
-        ( conf->psk_identity = mbedtls_calloc( 1, psk_identity_len ) ) == NULL )
-    {
-        mbedtls_free( conf->psk );
-        mbedtls_free( conf->psk_identity );
-        conf->psk = NULL;
-        conf->psk_identity = NULL;
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-    }
-
-    conf->psk_len = psk_len;
-    conf->psk_identity_len = psk_identity_len;
-
-    memcpy( conf->psk, psk, conf->psk_len );
-    memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len );
-
-    return( 0 );
-}
-
-int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
-                            const unsigned char *psk, size_t psk_len )
-{
-    if( psk == NULL || ssl->handshake == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    if( psk_len > MBEDTLS_PSK_MAX_LEN )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    if( ssl->handshake->psk != NULL )
-    {
-        mbedtls_zeroize( ssl->handshake->psk, ssl->handshake->psk_len );
-        mbedtls_free( ssl->handshake->psk );
-        ssl->handshake->psk_len = 0;
-    }
-
-    if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL )
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-
-    ssl->handshake->psk_len = psk_len;
-    memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len );
-
-    return( 0 );
-}
-
-void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
-                     int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
-                     size_t),
-                     void *p_psk )
-{
-    conf->f_psk = f_psk;
-    conf->p_psk = p_psk;
-}
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G )
-{
-    int ret;
-
-    if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 ||
-        ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 )
-    {
-        mbedtls_mpi_free( &conf->dhm_P );
-        mbedtls_mpi_free( &conf->dhm_G );
-        return( ret );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
-                                   const unsigned char *dhm_P, size_t P_len,
-                                   const unsigned char *dhm_G, size_t G_len )
-{
-    int ret;
-
-    if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 ||
-        ( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 )
-    {
-        mbedtls_mpi_free( &conf->dhm_P );
-        mbedtls_mpi_free( &conf->dhm_G );
-        return( ret );
-    }
-
-    return( 0 );
-}
-
-int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx )
-{
-    int ret;
-
-    if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 ||
-        ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 )
-    {
-        mbedtls_mpi_free( &conf->dhm_P );
-        mbedtls_mpi_free( &conf->dhm_G );
-        return( ret );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
-/*
- * Set the minimum length for Diffie-Hellman parameters
- */
-void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
-                                      unsigned int bitlen )
-{
-    conf->dhm_min_bitlen = bitlen;
-}
-#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
-
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-/*
- * Set allowed/preferred hashes for handshake signatures
- */
-void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
-                                  const int *hashes )
-{
-    conf->sig_hashes = hashes;
-}
-#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
-
-#if defined(MBEDTLS_ECP_C)
-/*
- * Set the allowed elliptic curves
- */
-void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
-                             const mbedtls_ecp_group_id *curve_list )
-{
-    conf->curve_list = curve_list;
-}
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
-{
-    /* Initialize to suppress unnecessary compiler warning */
-    size_t hostname_len = 0;
-
-    /* Check if new hostname is valid before
-     * making any change to current one */
-    if( hostname != NULL )
-    {
-        hostname_len = strlen( hostname );
-
-        if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    /* Now it's clear that we will overwrite the old hostname,
-     * so we can free it safely */
-
-    if( ssl->hostname != NULL )
-    {
-        mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) );
-        mbedtls_free( ssl->hostname );
-    }
-
-    /* Passing NULL as hostname shall clear the old one */
-
-    if( hostname == NULL )
-    {
-        ssl->hostname = NULL;
-    }
-    else
-    {
-        ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 );
-        if( ssl->hostname == NULL )
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-
-        memcpy( ssl->hostname, hostname, hostname_len );
-
-        ssl->hostname[hostname_len] = '\0';
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
-                  int (*f_sni)(void *, mbedtls_ssl_context *,
-                                const unsigned char *, size_t),
-                  void *p_sni )
-{
-    conf->f_sni = f_sni;
-    conf->p_sni = p_sni;
-}
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-
-#if defined(MBEDTLS_SSL_ALPN)
-int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos )
-{
-    size_t cur_len, tot_len;
-    const char **p;
-
-    /*
-     * RFC 7301 3.1: "Empty strings MUST NOT be included and byte strings
-     * MUST NOT be truncated."
-     * We check lengths now rather than later.
-     */
-    tot_len = 0;
-    for( p = protos; *p != NULL; p++ )
-    {
-        cur_len = strlen( *p );
-        tot_len += cur_len;
-
-        if( cur_len == 0 || cur_len > 255 || tot_len > 65535 )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    conf->alpn_list = protos;
-
-    return( 0 );
-}
-
-const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl )
-{
-    return( ssl->alpn_chosen );
-}
-#endif /* MBEDTLS_SSL_ALPN */
-
-void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor )
-{
-    conf->max_major_ver = major;
-    conf->max_minor_ver = minor;
-}
-
-void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor )
-{
-    conf->min_major_ver = major;
-    conf->min_minor_ver = minor;
-}
-
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
-void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback )
-{
-    conf->fallback = fallback;
-}
-#endif
-
-#if defined(MBEDTLS_SSL_SRV_C)
-void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
-                                          char cert_req_ca_list )
-{
-    conf->cert_req_ca_list = cert_req_ca_list;
-}
-#endif
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm )
-{
-    conf->encrypt_then_mac = etm;
-}
-#endif
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems )
-{
-    conf->extended_ms = ems;
-}
-#endif
-
-#if defined(MBEDTLS_ARC4_C)
-void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 )
-{
-    conf->arc4_disabled = arc4;
-}
-#endif
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code )
-{
-    if( mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID ||
-        ssl_mfl_code_to_length( mfl_code ) > MBEDTLS_TLS_EXT_ADV_CONTENT_LEN )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    conf->mfl_code = mfl_code;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate )
-{
-    conf->trunc_hmac = truncate;
-}
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split )
-{
-    conf->cbc_record_splitting = split;
-}
-#endif
-
-void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy )
-{
-    conf->allow_legacy_renegotiation = allow_legacy;
-}
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation )
-{
-    conf->disable_renegotiation = renegotiation;
-}
-
-void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records )
-{
-    conf->renego_max_records = max_records;
-}
-
-void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
-                                   const unsigned char period[8] )
-{
-    memcpy( conf->renego_period, period, 8 );
-}
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-#if defined(MBEDTLS_SSL_CLI_C)
-void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets )
-{
-    conf->session_tickets = use_tickets;
-}
-#endif
-
-#if defined(MBEDTLS_SSL_SRV_C)
-void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
-        mbedtls_ssl_ticket_write_t *f_ticket_write,
-        mbedtls_ssl_ticket_parse_t *f_ticket_parse,
-        void *p_ticket )
-{
-    conf->f_ticket_write = f_ticket_write;
-    conf->f_ticket_parse = f_ticket_parse;
-    conf->p_ticket       = p_ticket;
-}
-#endif
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
-        mbedtls_ssl_export_keys_t *f_export_keys,
-        void *p_export_keys )
-{
-    conf->f_export_keys = f_export_keys;
-    conf->p_export_keys = p_export_keys;
-}
-#endif
-
-/*
- * SSL get accessors
- */
-size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl )
-{
-    return( ssl->in_offt == NULL ? 0 : ssl->in_msglen );
-}
-
-uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl )
-{
-    if( ssl->session != NULL )
-        return( ssl->session->verify_result );
-
-    if( ssl->session_negotiate != NULL )
-        return( ssl->session_negotiate->verify_result );
-
-    return( 0xFFFFFFFF );
-}
-
-const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl )
-{
-    if( ssl == NULL || ssl->session == NULL )
-        return( NULL );
-
-    return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite );
-}
-
-const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
-{
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        switch( ssl->minor_ver )
-        {
-            case MBEDTLS_SSL_MINOR_VERSION_2:
-                return( "DTLSv1.0" );
-
-            case MBEDTLS_SSL_MINOR_VERSION_3:
-                return( "DTLSv1.2" );
-
-            default:
-                return( "unknown (DTLS)" );
-        }
-    }
-#endif
-
-    switch( ssl->minor_ver )
-    {
-        case MBEDTLS_SSL_MINOR_VERSION_0:
-            return( "SSLv3.0" );
-
-        case MBEDTLS_SSL_MINOR_VERSION_1:
-            return( "TLSv1.0" );
-
-        case MBEDTLS_SSL_MINOR_VERSION_2:
-            return( "TLSv1.1" );
-
-        case MBEDTLS_SSL_MINOR_VERSION_3:
-            return( "TLSv1.2" );
-
-        default:
-            return( "unknown" );
-    }
-}
-
-int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
-{
-    size_t transform_expansion;
-    const mbedtls_ssl_transform *transform = ssl->transform_out;
-
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-#endif
-
-    if( transform == NULL )
-        return( (int) mbedtls_ssl_hdr_len( ssl ) );
-
-    switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
-    {
-        case MBEDTLS_MODE_GCM:
-        case MBEDTLS_MODE_CCM:
-        case MBEDTLS_MODE_STREAM:
-            transform_expansion = transform->minlen;
-            break;
-
-        case MBEDTLS_MODE_CBC:
-            transform_expansion = transform->maclen
-                      + mbedtls_cipher_get_block_size( &transform->cipher_ctx_enc );
-            break;
-
-        default:
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    return( (int)( mbedtls_ssl_hdr_len( ssl ) + transform_expansion ) );
-}
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
-{
-    size_t max_len;
-
-    /*
-     * Assume mfl_code is correct since it was checked when set
-     */
-    max_len = ssl_mfl_code_to_length( ssl->conf->mfl_code );
-
-    /*
-     * Check if a smaller max length was negotiated
-     */
-    if( ssl->session_out != NULL &&
-        ssl_mfl_code_to_length( ssl->session_out->mfl_code ) < max_len )
-    {
-        max_len = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
-    }
-
-    return max_len;
-}
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
-{
-    if( ssl == NULL || ssl->session == NULL )
-        return( NULL );
-
-    return( ssl->session->peer_cert );
-}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_CLI_C)
-int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *dst )
-{
-    if( ssl == NULL ||
-        dst == NULL ||
-        ssl->session == NULL ||
-        ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    return( ssl_session_copy( dst, ssl->session ) );
-}
-#endif /* MBEDTLS_SSL_CLI_C */
-
-/*
- * Perform a single step of the SSL handshake
- */
-int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
-{
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-
-    if( ssl == NULL || ssl->conf == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_SSL_CLI_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-        ret = mbedtls_ssl_handshake_client_step( ssl );
-#endif
-#if defined(MBEDTLS_SSL_SRV_C)
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
-        ret = mbedtls_ssl_handshake_server_step( ssl );
-#endif
-
-    return( ret );
-}
-
-/*
- * Perform the SSL handshake
- */
-int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl )
-{
-    int ret = 0;
-
-    if( ssl == NULL || ssl->conf == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
-
-    while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
-    {
-        ret = mbedtls_ssl_handshake_step( ssl );
-
-        if( ret != 0 )
-            break;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= handshake" ) );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-#if defined(MBEDTLS_SSL_SRV_C)
-/*
- * Write HelloRequest to request renegotiation on server
- */
-static int ssl_write_hello_request( mbedtls_ssl_context *ssl )
-{
-    int ret;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello request" ) );
-
-    ssl->out_msglen  = 4;
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = MBEDTLS_SSL_HS_HELLO_REQUEST;
-
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_SRV_C */
-
-/*
- * Actually renegotiate current connection, triggered by either:
- * - any side: calling mbedtls_ssl_renegotiate(),
- * - client: receiving a HelloRequest during mbedtls_ssl_read(),
- * - server: receiving any handshake message on server during mbedtls_ssl_read() after
- *   the initial handshake is completed.
- * If the handshake doesn't complete due to waiting for I/O, it will continue
- * during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively.
- */
-static int ssl_start_renegotiation( mbedtls_ssl_context *ssl )
-{
-    int ret;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) );
-
-    if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
-        return( ret );
-
-    /* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and
-     * the ServerHello will have message_seq = 1" */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
-    {
-        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
-            ssl->handshake->out_msg_seq = 1;
-        else
-            ssl->handshake->in_msg_seq = 1;
-    }
-#endif
-
-    ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
-    ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS;
-
-    if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) );
-
-    return( 0 );
-}
-
-/*
- * Renegotiate current connection on client,
- * or request renegotiation on server
- */
-int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl )
-{
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-
-    if( ssl == NULL || ssl->conf == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_SSL_SRV_C)
-    /* On server, just send the request */
-    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
-        if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-        ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
-
-        /* Did we already try/start sending HelloRequest? */
-        if( ssl->out_left != 0 )
-            return( mbedtls_ssl_flush_output( ssl ) );
-
-        return( ssl_write_hello_request( ssl ) );
-    }
-#endif /* MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_CLI_C)
-    /*
-     * On client, either start the renegotiation process or,
-     * if already in progress, continue the handshake
-     */
-    if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-    {
-        if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-        if( ( ret = ssl_start_renegotiation( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
-            return( ret );
-        }
-    }
-    else
-    {
-        if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
-            return( ret );
-        }
-    }
-#endif /* MBEDTLS_SSL_CLI_C */
-
-    return( ret );
-}
-
-/*
- * Check record counters and renegotiate if they're above the limit.
- */
-static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
-{
-    size_t ep_len = ssl_ep_len( ssl );
-    int in_ctr_cmp;
-    int out_ctr_cmp;
-
-    if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ||
-        ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ||
-        ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED )
-    {
-        return( 0 );
-    }
-
-    in_ctr_cmp = memcmp( ssl->in_ctr + ep_len,
-                        ssl->conf->renego_period + ep_len, 8 - ep_len );
-    out_ctr_cmp = memcmp( ssl->out_ctr + ep_len,
-                          ssl->conf->renego_period + ep_len, 8 - ep_len );
-
-    if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 )
-    {
-        return( 0 );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "record counter limit reached: renegotiate" ) );
-    return( mbedtls_ssl_renegotiate( ssl ) );
-}
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-/*
- * Receive application data decrypted from the SSL layer
- */
-int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
-{
-    int ret;
-    size_t n;
-
-    if( ssl == NULL || ssl->conf == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
-            return( ret );
-
-        if( ssl->handshake != NULL &&
-            ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
-        {
-            if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
-                return( ret );
-        }
-    }
-#endif
-
-    /*
-     * Check if renegotiation is necessary and/or handshake is
-     * in process. If yes, perform/continue, and fall through
-     * if an unexpected packet is received while the client
-     * is waiting for the ServerHello.
-     *
-     * (There is no equivalent to the last condition on
-     *  the server-side as it is not treated as within
-     *  a handshake while waiting for the ClientHello
-     *  after a renegotiation request.)
-     */
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    ret = ssl_check_ctr_renegotiate( ssl );
-    if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
-        ret != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
-        return( ret );
-    }
-#endif
-
-    if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
-    {
-        ret = mbedtls_ssl_handshake( ssl );
-        if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
-            ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
-            return( ret );
-        }
-    }
-
-    /*
-     * TODO
-     *
-     * The logic should be streamlined here:
-     *
-     * Instead of
-     *
-     * - Manually checking whether ssl->in_offt is NULL
-     * - Fetching a new record if yes
-     * - Setting ssl->in_offt if one finds an application record
-     * - Resetting keep_current_message after handling the application data
-     *
-     * one should
-     *
-     * - Adapt read_record to set ssl->in_offt automatically
-     *   when a new application data record is processed.
-     * - Always call mbedtls_ssl_read_record here.
-     *
-     * This way, the logic of ssl_read would be much clearer:
-     *
-     * (1) Always call record layer and see what kind of record is on
-     *     and have it ready for consumption (in particular, in_offt
-     *     properly set for application data records).
-     * (2) If it's application data (either freshly fetched
-     *     or something already being partially processed),
-     *     serve the read request from it.
-     * (3) If it's something different from application data,
-     *     handle it accordingly, e.g. potentially start a
-     *     renegotiation.
-     *
-     * This will also remove the need to manually reset
-     * ssl->keep_current_message = 0 below.
-     *
-     */
-
-    if( ssl->in_offt == NULL )
-    {
-        /* Start timer if not already running */
-        if( ssl->f_get_timer != NULL &&
-            ssl->f_get_timer( ssl->p_timer ) == -1 )
-        {
-            ssl_set_timer( ssl, ssl->conf->read_timeout );
-        }
-
-        if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
-        {
-            if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
-                return( 0 );
-
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-            return( ret );
-        }
-
-        if( ssl->in_msglen  == 0 &&
-            ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA )
-        {
-            /*
-             * OpenSSL sends empty messages to randomize the IV
-             */
-            if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
-            {
-                if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
-                    return( 0 );
-
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-                return( ret );
-            }
-        }
-
-        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
-
-            /*
-             * - For client-side, expect SERVER_HELLO_REQUEST.
-             * - For server-side, expect CLIENT_HELLO.
-             * - Fail (TLS) or silently drop record (DTLS) in other cases.
-             */
-
-#if defined(MBEDTLS_SSL_CLI_C)
-            if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
-                ( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST ||
-                  ssl->in_hslen  != mbedtls_ssl_hs_hdr_len( ssl ) ) )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) );
-
-                /* With DTLS, drop the packet (probably from last handshake) */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-                if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-                    return( MBEDTLS_ERR_SSL_WANT_READ );
-#endif
-                return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-            }
-#endif /* MBEDTLS_SSL_CLI_C */
-
-#if defined(MBEDTLS_SSL_SRV_C)
-            if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
-                ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) );
-
-                /* With DTLS, drop the packet (probably from last handshake) */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-                if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-                    return( MBEDTLS_ERR_SSL_WANT_READ );
-#endif
-                return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-            }
-#endif /* MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-            /* Determine whether renegotiation attempt should be accepted */
-            if( ! ( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
-                    ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
-                      ssl->conf->allow_legacy_renegotiation ==
-                                                   MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) ) )
-            {
-                /*
-                 * Accept renegotiation request
-                 */
-
-                /* DTLS clients need to know renego is server-initiated */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-                if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-                    ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
-                {
-                    ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
-                }
-#endif
-                ret = ssl_start_renegotiation( ssl );
-                if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
-                    ret != 0 )
-                {
-                    MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
-                    return( ret );
-                }
-            }
-            else
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-            {
-                /*
-                 * Refuse renegotiation
-                 */
-
-                MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) );
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-                if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-                {
-                    /* SSLv3 does not have a "no_renegotiation" warning, so
-                       we send a fatal alert and abort the connection. */
-                    mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                                    MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-                    return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-                }
-                else
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
-                if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
-                {
-                    if( ( ret = mbedtls_ssl_send_alert_message( ssl,
-                                    MBEDTLS_SSL_ALERT_LEVEL_WARNING,
-                                    MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 )
-                    {
-                        return( ret );
-                    }
-                }
-                else
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 ||
-          MBEDTLS_SSL_PROTO_TLS1_2 */
-                {
-                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-                    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-                }
-            }
-
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-        }
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-        else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
-        {
-            if( ssl->conf->renego_max_records >= 0 )
-            {
-                if( ++ssl->renego_records_seen > ssl->conf->renego_max_records )
-                {
-                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
-                                        "but not honored by client" ) );
-                    return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-                }
-            }
-        }
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-        /* Fatal and closure alerts handled by mbedtls_ssl_read_record() */
-        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "ignoring non-fatal non-closure alert" ) );
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-        }
-
-        if( ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad application data message" ) );
-            return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-        }
-
-        ssl->in_offt = ssl->in_msg;
-
-        /* We're going to return something now, cancel timer,
-         * except if handshake (renegotiation) is in progress */
-        if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
-            ssl_set_timer( ssl, 0 );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-        /* If we requested renego but received AppData, resend HelloRequest.
-         * Do it now, after setting in_offt, to avoid taking this branch
-         * again if ssl_write_hello_request() returns WANT_WRITE */
-#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION)
-        if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER &&
-            ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
-        {
-            if( ( ret = ssl_resend_hello_request( ssl ) ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_resend_hello_request", ret );
-                return( ret );
-            }
-        }
-#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-    }
-
-    n = ( len < ssl->in_msglen )
-        ? len : ssl->in_msglen;
-
-    memcpy( buf, ssl->in_offt, n );
-    ssl->in_msglen -= n;
-
-    if( ssl->in_msglen == 0 )
-    {
-        /* all bytes consumed */
-        ssl->in_offt = NULL;
-        ssl->keep_current_message = 0;
-    }
-    else
-    {
-        /* more data available */
-        ssl->in_offt += n;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read" ) );
-
-    return( (int) n );
-}
-
-/*
- * Send application data to be encrypted by the SSL layer,
- * taking care of max fragment length and buffer size
- */
-static int ssl_write_real( mbedtls_ssl_context *ssl,
-                           const unsigned char *buf, size_t len )
-{
-    int ret;
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    size_t max_len = mbedtls_ssl_get_max_frag_len( ssl );
-#else
-    size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-    if( len > max_len )
-    {
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
-                                "maximum fragment length: %d > %d",
-                                len, max_len ) );
-            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        }
-        else
-#endif
-            len = max_len;
-    }
-
-    if( ssl->out_left != 0 )
-    {
-        if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
-            return( ret );
-        }
-    }
-    else
-    {
-        ssl->out_msglen  = len;
-        ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
-        memcpy( ssl->out_msg, buf, len );
-
-        if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
-            return( ret );
-        }
-    }
-
-    return( (int) len );
-}
-
-/*
- * Write application data, doing 1/n-1 splitting if necessary.
- *
- * With non-blocking I/O, ssl_write_real() may return WANT_WRITE,
- * then the caller will call us again with the same arguments, so
- * remember whether we already did the split or not.
- */
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-static int ssl_write_split( mbedtls_ssl_context *ssl,
-                            const unsigned char *buf, size_t len )
-{
-    int ret;
-
-    if( ssl->conf->cbc_record_splitting ==
-            MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ||
-        len <= 1 ||
-        ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 ||
-        mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc )
-                                != MBEDTLS_MODE_CBC )
-    {
-        return( ssl_write_real( ssl, buf, len ) );
-    }
-
-    if( ssl->split_done == 0 )
-    {
-        if( ( ret = ssl_write_real( ssl, buf, 1 ) ) <= 0 )
-            return( ret );
-        ssl->split_done = 1;
-    }
-
-    if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) <= 0 )
-        return( ret );
-    ssl->split_done = 0;
-
-    return( ret + 1 );
-}
-#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
-
-/*
- * Write application data (public-facing wrapper)
- */
-int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len )
-{
-    int ret;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) );
-
-    if( ssl == NULL || ssl->conf == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret );
-        return( ret );
-    }
-#endif
-
-    if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
-    {
-        if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret );
-            return( ret );
-        }
-    }
-
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-    ret = ssl_write_split( ssl, buf, len );
-#else
-    ret = ssl_write_real( ssl, buf, len );
-#endif
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) );
-
-    return( ret );
-}
-
-/*
- * Notify the peer that the connection is being closed
- */
-int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl )
-{
-    int ret;
-
-    if( ssl == NULL || ssl->conf == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
-
-    if( ssl->out_left != 0 )
-        return( mbedtls_ssl_flush_output( ssl ) );
-
-    if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
-    {
-        if( ( ret = mbedtls_ssl_send_alert_message( ssl,
-                        MBEDTLS_SSL_ALERT_LEVEL_WARNING,
-                        MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_send_alert_message", ret );
-            return( ret );
-        }
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write close notify" ) );
-
-    return( 0 );
-}
-
-void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
-{
-    if( transform == NULL )
-        return;
-
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    deflateEnd( &transform->ctx_deflate );
-    inflateEnd( &transform->ctx_inflate );
-#endif
-
-    mbedtls_cipher_free( &transform->cipher_ctx_enc );
-    mbedtls_cipher_free( &transform->cipher_ctx_dec );
-
-    mbedtls_md_free( &transform->md_ctx_enc );
-    mbedtls_md_free( &transform->md_ctx_dec );
-
-    mbedtls_zeroize( transform, sizeof( mbedtls_ssl_transform ) );
-}
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert )
-{
-    mbedtls_ssl_key_cert *cur = key_cert, *next;
-
-    while( cur != NULL )
-    {
-        next = cur->next;
-        mbedtls_free( cur );
-        cur = next;
-    }
-}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-void mbedtls_ssl_handshake_free( mbedtls_ssl_handshake_params *handshake )
-{
-    if( handshake == NULL )
-        return;
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-    mbedtls_md5_free(    &handshake->fin_md5  );
-    mbedtls_sha1_free(   &handshake->fin_sha1 );
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-    mbedtls_sha256_free(   &handshake->fin_sha256    );
-#endif
-#if defined(MBEDTLS_SHA512_C)
-    mbedtls_sha512_free(   &handshake->fin_sha512    );
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#if defined(MBEDTLS_DHM_C)
-    mbedtls_dhm_free( &handshake->dhm_ctx );
-#endif
-#if defined(MBEDTLS_ECDH_C)
-    mbedtls_ecdh_free( &handshake->ecdh_ctx );
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    mbedtls_ecjpake_free( &handshake->ecjpake_ctx );
-#if defined(MBEDTLS_SSL_CLI_C)
-    mbedtls_free( handshake->ecjpake_cache );
-    handshake->ecjpake_cache = NULL;
-    handshake->ecjpake_cache_len = 0;
-#endif
-#endif
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    /* explicit void pointer cast for buggy MS compiler */
-    mbedtls_free( (void *) handshake->curves );
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-    if( handshake->psk != NULL )
-    {
-        mbedtls_zeroize( handshake->psk, handshake->psk_len );
-        mbedtls_free( handshake->psk );
-    }
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
-    defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    /*
-     * Free only the linked list wrapper, not the keys themselves
-     * since the belong to the SNI callback
-     */
-    if( handshake->sni_key_cert != NULL )
-    {
-        mbedtls_ssl_key_cert *cur = handshake->sni_key_cert, *next;
-
-        while( cur != NULL )
-        {
-            next = cur->next;
-            mbedtls_free( cur );
-            cur = next;
-        }
-    }
-#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    mbedtls_free( handshake->verify_cookie );
-    mbedtls_free( handshake->hs_msg );
-    ssl_flight_free( handshake->flight );
-#endif
-
-    mbedtls_zeroize( handshake, sizeof( mbedtls_ssl_handshake_params ) );
-}
-
-void mbedtls_ssl_session_free( mbedtls_ssl_session *session )
-{
-    if( session == NULL )
-        return;
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    if( session->peer_cert != NULL )
-    {
-        mbedtls_x509_crt_free( session->peer_cert );
-        mbedtls_free( session->peer_cert );
-    }
-#endif
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
-    mbedtls_free( session->ticket );
-#endif
-
-    mbedtls_zeroize( session, sizeof( mbedtls_ssl_session ) );
-}
-
-/*
- * Free an SSL context
- */
-void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
-{
-    if( ssl == NULL )
-        return;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> free" ) );
-
-    if( ssl->out_buf != NULL )
-    {
-        mbedtls_zeroize( ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN );
-        mbedtls_free( ssl->out_buf );
-    }
-
-    if( ssl->in_buf != NULL )
-    {
-        mbedtls_zeroize( ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN );
-        mbedtls_free( ssl->in_buf );
-    }
-
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    if( ssl->compress_buf != NULL )
-    {
-        mbedtls_zeroize( ssl->compress_buf, MBEDTLS_SSL_COMPRESS_BUFFER_LEN );
-        mbedtls_free( ssl->compress_buf );
-    }
-#endif
-
-    if( ssl->transform )
-    {
-        mbedtls_ssl_transform_free( ssl->transform );
-        mbedtls_free( ssl->transform );
-    }
-
-    if( ssl->handshake )
-    {
-        mbedtls_ssl_handshake_free( ssl->handshake );
-        mbedtls_ssl_transform_free( ssl->transform_negotiate );
-        mbedtls_ssl_session_free( ssl->session_negotiate );
-
-        mbedtls_free( ssl->handshake );
-        mbedtls_free( ssl->transform_negotiate );
-        mbedtls_free( ssl->session_negotiate );
-    }
-
-    if( ssl->session )
-    {
-        mbedtls_ssl_session_free( ssl->session );
-        mbedtls_free( ssl->session );
-    }
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    if( ssl->hostname != NULL )
-    {
-        mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) );
-        mbedtls_free( ssl->hostname );
-    }
-#endif
-
-#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
-    if( mbedtls_ssl_hw_record_finish != NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_finish()" ) );
-        mbedtls_ssl_hw_record_finish( ssl );
-    }
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-    mbedtls_free( ssl->cli_id );
-#endif
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) );
-
-    /* Actually clear after last debug message */
-    mbedtls_zeroize( ssl, sizeof( mbedtls_ssl_context ) );
-}
-
-/*
- * Initialze mbedtls_ssl_config
- */
-void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
-{
-    memset( conf, 0, sizeof( mbedtls_ssl_config ) );
-}
-
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-static int ssl_preset_default_hashes[] = {
-#if defined(MBEDTLS_SHA512_C)
-    MBEDTLS_MD_SHA512,
-    MBEDTLS_MD_SHA384,
-#endif
-#if defined(MBEDTLS_SHA256_C)
-    MBEDTLS_MD_SHA256,
-    MBEDTLS_MD_SHA224,
-#endif
-#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
-    MBEDTLS_MD_SHA1,
-#endif
-    MBEDTLS_MD_NONE
-};
-#endif
-
-static int ssl_preset_suiteb_ciphersuites[] = {
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-    0
-};
-
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-static int ssl_preset_suiteb_hashes[] = {
-    MBEDTLS_MD_SHA256,
-    MBEDTLS_MD_SHA384,
-    MBEDTLS_MD_NONE
-};
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
-    MBEDTLS_ECP_DP_SECP256R1,
-    MBEDTLS_ECP_DP_SECP384R1,
-    MBEDTLS_ECP_DP_NONE
-};
-#endif
-
-/*
- * Load default in mbedtls_ssl_config
- */
-int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
-                                 int endpoint, int transport, int preset )
-{
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
-    int ret;
-#endif
-
-    /* Use the functions here so that they are covered in tests,
-     * but otherwise access member directly for efficiency */
-    mbedtls_ssl_conf_endpoint( conf, endpoint );
-    mbedtls_ssl_conf_transport( conf, transport );
-
-    /*
-     * Things that are common to all presets
-     */
-#if defined(MBEDTLS_SSL_CLI_C)
-    if( endpoint == MBEDTLS_SSL_IS_CLIENT )
-    {
-        conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-        conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED;
-#endif
-    }
-#endif
-
-#if defined(MBEDTLS_ARC4_C)
-    conf->arc4_disabled = MBEDTLS_SSL_ARC4_DISABLED;
-#endif
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-    conf->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
-#endif
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-    conf->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
-#endif
-
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-    conf->cbc_record_splitting = MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED;
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-    conf->f_cookie_write = ssl_cookie_write_dummy;
-    conf->f_cookie_check = ssl_cookie_check_dummy;
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-    conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED;
-#endif
-
-#if defined(MBEDTLS_SSL_SRV_C)
-    conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED;
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN;
-    conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX;
-#endif
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT;
-    memset( conf->renego_period,     0x00, 2 );
-    memset( conf->renego_period + 2, 0xFF, 6 );
-#endif
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
-            if( endpoint == MBEDTLS_SSL_IS_SERVER )
-            {
-                const unsigned char dhm_p[] =
-                    MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
-                const unsigned char dhm_g[] =
-                    MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN;
-
-                if ( ( ret = mbedtls_ssl_conf_dh_param_bin( conf,
-                                               dhm_p, sizeof( dhm_p ),
-                                               dhm_g, sizeof( dhm_g ) ) ) != 0 )
-                {
-                    return( ret );
-                }
-            }
-#endif
-
-    /*
-     * Preset-specific defaults
-     */
-    switch( preset )
-    {
-        /*
-         * NSA Suite B
-         */
-        case MBEDTLS_SSL_PRESET_SUITEB:
-            conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
-            conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */
-            conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
-            conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
-
-            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =
-            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
-            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =
-            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] =
-                                   ssl_preset_suiteb_ciphersuites;
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-            conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-            conf->sig_hashes = ssl_preset_suiteb_hashes;
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-            conf->curve_list = ssl_preset_suiteb_curves;
-#endif
-            break;
-
-        /*
-         * Default
-         */
-        default:
-            conf->min_major_ver = ( MBEDTLS_SSL_MIN_MAJOR_VERSION >
-                                    MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION ) ?
-                                    MBEDTLS_SSL_MIN_MAJOR_VERSION :
-                                    MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION;
-            conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION >
-                                    MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ?
-                                    MBEDTLS_SSL_MIN_MINOR_VERSION :
-                                    MBEDTLS_SSL_MIN_VALID_MINOR_VERSION;
-            conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
-            conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-            if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-                conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
-#endif
-
-            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] =
-            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] =
-            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] =
-            conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] =
-                                   mbedtls_ssl_list_ciphersuites();
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-            conf->cert_profile = &mbedtls_x509_crt_profile_default;
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-            conf->sig_hashes = ssl_preset_default_hashes;
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-            conf->curve_list = mbedtls_ecp_grp_id_list();
-#endif
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
-            conf->dhm_min_bitlen = 1024;
-#endif
-    }
-
-    return( 0 );
-}
-
-/*
- * Free mbedtls_ssl_config
- */
-void mbedtls_ssl_config_free( mbedtls_ssl_config *conf )
-{
-#if defined(MBEDTLS_DHM_C)
-    mbedtls_mpi_free( &conf->dhm_P );
-    mbedtls_mpi_free( &conf->dhm_G );
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-    if( conf->psk != NULL )
-    {
-        mbedtls_zeroize( conf->psk, conf->psk_len );
-        mbedtls_zeroize( conf->psk_identity, conf->psk_identity_len );
-        mbedtls_free( conf->psk );
-        mbedtls_free( conf->psk_identity );
-        conf->psk_len = 0;
-        conf->psk_identity_len = 0;
-    }
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    ssl_key_cert_free( conf->key_cert );
-#endif
-
-    mbedtls_zeroize( conf, sizeof( mbedtls_ssl_config ) );
-}
-
-#if defined(MBEDTLS_PK_C) && \
-    ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) )
-/*
- * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
- */
-unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk )
-{
-#if defined(MBEDTLS_RSA_C)
-    if( mbedtls_pk_can_do( pk, MBEDTLS_PK_RSA ) )
-        return( MBEDTLS_SSL_SIG_RSA );
-#endif
-#if defined(MBEDTLS_ECDSA_C)
-    if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECDSA ) )
-        return( MBEDTLS_SSL_SIG_ECDSA );
-#endif
-    return( MBEDTLS_SSL_SIG_ANON );
-}
-
-unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type )
-{
-    switch( type ) {
-        case MBEDTLS_PK_RSA:
-            return( MBEDTLS_SSL_SIG_RSA );
-        case MBEDTLS_PK_ECDSA:
-        case MBEDTLS_PK_ECKEY:
-            return( MBEDTLS_SSL_SIG_ECDSA );
-        default:
-            return( MBEDTLS_SSL_SIG_ANON );
-    }
-}
-
-mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig )
-{
-    switch( sig )
-    {
-#if defined(MBEDTLS_RSA_C)
-        case MBEDTLS_SSL_SIG_RSA:
-            return( MBEDTLS_PK_RSA );
-#endif
-#if defined(MBEDTLS_ECDSA_C)
-        case MBEDTLS_SSL_SIG_ECDSA:
-            return( MBEDTLS_PK_ECDSA );
-#endif
-        default:
-            return( MBEDTLS_PK_NONE );
-    }
-}
-#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-
-/* Find an entry in a signature-hash set matching a given hash algorithm. */
-mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
-                                                 mbedtls_pk_type_t sig_alg )
-{
-    switch( sig_alg )
-    {
-        case MBEDTLS_PK_RSA:
-            return( set->rsa );
-        case MBEDTLS_PK_ECDSA:
-            return( set->ecdsa );
-        default:
-            return( MBEDTLS_MD_NONE );
-    }
-}
-
-/* Add a signature-hash-pair to a signature-hash set */
-void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
-                                   mbedtls_pk_type_t sig_alg,
-                                   mbedtls_md_type_t md_alg )
-{
-    switch( sig_alg )
-    {
-        case MBEDTLS_PK_RSA:
-            if( set->rsa == MBEDTLS_MD_NONE )
-                set->rsa = md_alg;
-            break;
-
-        case MBEDTLS_PK_ECDSA:
-            if( set->ecdsa == MBEDTLS_MD_NONE )
-                set->ecdsa = md_alg;
-            break;
-
-        default:
-            break;
-    }
-}
-
-/* Allow exactly one hash algorithm for each signature. */
-void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
-                                          mbedtls_md_type_t md_alg )
-{
-    set->rsa   = md_alg;
-    set->ecdsa = md_alg;
-}
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
-          MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
-
-/*
- * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
- */
-mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash )
-{
-    switch( hash )
-    {
-#if defined(MBEDTLS_MD5_C)
-        case MBEDTLS_SSL_HASH_MD5:
-            return( MBEDTLS_MD_MD5 );
-#endif
-#if defined(MBEDTLS_SHA1_C)
-        case MBEDTLS_SSL_HASH_SHA1:
-            return( MBEDTLS_MD_SHA1 );
-#endif
-#if defined(MBEDTLS_SHA256_C)
-        case MBEDTLS_SSL_HASH_SHA224:
-            return( MBEDTLS_MD_SHA224 );
-        case MBEDTLS_SSL_HASH_SHA256:
-            return( MBEDTLS_MD_SHA256 );
-#endif
-#if defined(MBEDTLS_SHA512_C)
-        case MBEDTLS_SSL_HASH_SHA384:
-            return( MBEDTLS_MD_SHA384 );
-        case MBEDTLS_SSL_HASH_SHA512:
-            return( MBEDTLS_MD_SHA512 );
-#endif
-        default:
-            return( MBEDTLS_MD_NONE );
-    }
-}
-
-/*
- * Convert from MBEDTLS_MD_XXX to MBEDTLS_SSL_HASH_XXX
- */
-unsigned char mbedtls_ssl_hash_from_md_alg( int md )
-{
-    switch( md )
-    {
-#if defined(MBEDTLS_MD5_C)
-        case MBEDTLS_MD_MD5:
-            return( MBEDTLS_SSL_HASH_MD5 );
-#endif
-#if defined(MBEDTLS_SHA1_C)
-        case MBEDTLS_MD_SHA1:
-            return( MBEDTLS_SSL_HASH_SHA1 );
-#endif
-#if defined(MBEDTLS_SHA256_C)
-        case MBEDTLS_MD_SHA224:
-            return( MBEDTLS_SSL_HASH_SHA224 );
-        case MBEDTLS_MD_SHA256:
-            return( MBEDTLS_SSL_HASH_SHA256 );
-#endif
-#if defined(MBEDTLS_SHA512_C)
-        case MBEDTLS_MD_SHA384:
-            return( MBEDTLS_SSL_HASH_SHA384 );
-        case MBEDTLS_MD_SHA512:
-            return( MBEDTLS_SSL_HASH_SHA512 );
-#endif
-        default:
-            return( MBEDTLS_SSL_HASH_NONE );
-    }
-}
-
-#if defined(MBEDTLS_ECP_C)
-/*
- * Check if a curve proposed by the peer is in our list.
- * Return 0 if we're willing to use it, -1 otherwise.
- */
-int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id )
-{
-    const mbedtls_ecp_group_id *gid;
-
-    if( ssl->conf->curve_list == NULL )
-        return( -1 );
-
-    for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
-        if( *gid == grp_id )
-            return( 0 );
-
-    return( -1 );
-}
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-/*
- * Check if a hash proposed by the peer is in our list.
- * Return 0 if we're willing to use it, -1 otherwise.
- */
-int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
-                                mbedtls_md_type_t md )
-{
-    const int *cur;
-
-    if( ssl->conf->sig_hashes == NULL )
-        return( -1 );
-
-    for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
-        if( *cur == (int) md )
-            return( 0 );
-
-    return( -1 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
-                          const mbedtls_ssl_ciphersuite_t *ciphersuite,
-                          int cert_endpoint,
-                          uint32_t *flags )
-{
-    int ret = 0;
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
-    int usage = 0;
-#endif
-#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
-    const char *ext_oid;
-    size_t ext_len;
-#endif
-
-#if !defined(MBEDTLS_X509_CHECK_KEY_USAGE) &&          \
-    !defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
-    ((void) cert);
-    ((void) cert_endpoint);
-    ((void) flags);
-#endif
-
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
-    if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
-        /* Server part of the key exchange */
-        switch( ciphersuite->key_exchange )
-        {
-            case MBEDTLS_KEY_EXCHANGE_RSA:
-            case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
-                usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
-                break;
-
-            case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-            case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-            case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-                usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
-                break;
-
-            case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-            case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-                usage = MBEDTLS_X509_KU_KEY_AGREEMENT;
-                break;
-
-            /* Don't use default: we want warnings when adding new values */
-            case MBEDTLS_KEY_EXCHANGE_NONE:
-            case MBEDTLS_KEY_EXCHANGE_PSK:
-            case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
-            case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-            case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
-                usage = 0;
-        }
-    }
-    else
-    {
-        /* Client auth: we only implement rsa_sign and mbedtls_ecdsa_sign for now */
-        usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
-    }
-
-    if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 )
-    {
-        *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE;
-        ret = -1;
-    }
-#else
-    ((void) ciphersuite);
-#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */
-
-#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
-    if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
-    {
-        ext_oid = MBEDTLS_OID_SERVER_AUTH;
-        ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH );
-    }
-    else
-    {
-        ext_oid = MBEDTLS_OID_CLIENT_AUTH;
-        ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH );
-    }
-
-    if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 )
-    {
-        *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
-        ret = -1;
-    }
-#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
-
-    return( ret );
-}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-/*
- * Convert version numbers to/from wire format
- * and, for DTLS, to/from TLS equivalent.
- *
- * For TLS this is the identity.
- * For DTLS, use 1's complement (v -> 255 - v, and then map as follows:
- * 1.0 <-> 3.2      (DTLS 1.0 is based on TLS 1.1)
- * 1.x <-> 3.x+1    for x != 0 (DTLS 1.2 based on TLS 1.2)
- */
-void mbedtls_ssl_write_version( int major, int minor, int transport,
-                        unsigned char ver[2] )
-{
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        if( minor == MBEDTLS_SSL_MINOR_VERSION_2 )
-            --minor; /* DTLS 1.0 stored as TLS 1.1 internally */
-
-        ver[0] = (unsigned char)( 255 - ( major - 2 ) );
-        ver[1] = (unsigned char)( 255 - ( minor - 1 ) );
-    }
-    else
-#else
-    ((void) transport);
-#endif
-    {
-        ver[0] = (unsigned char) major;
-        ver[1] = (unsigned char) minor;
-    }
-}
-
-void mbedtls_ssl_read_version( int *major, int *minor, int transport,
-                       const unsigned char ver[2] )
-{
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        *major = 255 - ver[0] + 2;
-        *minor = 255 - ver[1] + 1;
-
-        if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 )
-            ++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */
-    }
-    else
-#else
-    ((void) transport);
-#endif
-    {
-        *major = ver[0];
-        *minor = ver[1];
-    }
-}
-
-int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
-{
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
-        return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
-
-    switch( md )
-    {
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
-#if defined(MBEDTLS_MD5_C)
-        case MBEDTLS_SSL_HASH_MD5:
-            return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
-#endif
-#if defined(MBEDTLS_SHA1_C)
-        case MBEDTLS_SSL_HASH_SHA1:
-            ssl->handshake->calc_verify = ssl_calc_verify_tls;
-            break;
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
-#if defined(MBEDTLS_SHA512_C)
-        case MBEDTLS_SSL_HASH_SHA384:
-            ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
-            break;
-#endif
-#if defined(MBEDTLS_SHA256_C)
-        case MBEDTLS_SSL_HASH_SHA256:
-            ssl->handshake->calc_verify = ssl_calc_verify_tls_sha256;
-            break;
-#endif
-        default:
-            return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
-    }
-
-    return 0;
-#else /* !MBEDTLS_SSL_PROTO_TLS1_2 */
-    (void) ssl;
-    (void) md;
-
-    return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-}
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
-                                        unsigned char *output,
-                                        unsigned char *data, size_t data_len )
-{
-    int ret = 0;
-    mbedtls_md5_context mbedtls_md5;
-    mbedtls_sha1_context mbedtls_sha1;
-
-    mbedtls_md5_init( &mbedtls_md5 );
-    mbedtls_sha1_init( &mbedtls_sha1 );
-
-    /*
-     * digitally-signed struct {
-     *     opaque md5_hash[16];
-     *     opaque sha_hash[20];
-     * };
-     *
-     * md5_hash
-     *     MD5(ClientHello.random + ServerHello.random
-     *                            + ServerParams);
-     * sha_hash
-     *     SHA(ClientHello.random + ServerHello.random
-     *                            + ServerParams);
-     */
-    if( ( ret = mbedtls_md5_starts_ret( &mbedtls_md5 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_starts_ret", ret );
-        goto exit;
-    }
-    if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5,
-                                        ssl->handshake->randbytes, 64 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret );
-        goto exit;
-    }
-    if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5, data, data_len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret );
-        goto exit;
-    }
-    if( ( ret = mbedtls_md5_finish_ret( &mbedtls_md5, output ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_finish_ret", ret );
-        goto exit;
-    }
-
-    if( ( ret = mbedtls_sha1_starts_ret( &mbedtls_sha1 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_starts_ret", ret );
-        goto exit;
-    }
-    if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1,
-                                         ssl->handshake->randbytes, 64 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret );
-        goto exit;
-    }
-    if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1, data,
-                                         data_len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret );
-        goto exit;
-    }
-    if( ( ret = mbedtls_sha1_finish_ret( &mbedtls_sha1,
-                                         output + 16 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_finish_ret", ret );
-        goto exit;
-    }
-
-exit:
-    mbedtls_md5_free( &mbedtls_md5 );
-    mbedtls_sha1_free( &mbedtls_sha1 );
-
-    if( ret != 0 )
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-
-    return( ret );
-
-}
-#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
-          MBEDTLS_SSL_PROTO_TLS1_1 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
-int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
-                                       unsigned char *output,
-                                       unsigned char *data, size_t data_len,
-                                       mbedtls_md_type_t md_alg )
-{
-    int ret = 0;
-    mbedtls_md_context_t ctx;
-    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
-
-    mbedtls_md_init( &ctx );
-
-    /*
-     * digitally-signed struct {
-     *     opaque client_random[32];
-     *     opaque server_random[32];
-     *     ServerDHParams params;
-     * };
-     */
-    if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
-        goto exit;
-    }
-    if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_starts", ret );
-        goto exit;
-    }
-    if( ( ret = mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret );
-        goto exit;
-    }
-    if( ( ret = mbedtls_md_update( &ctx, data, data_len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret );
-        goto exit;
-    }
-    if( ( ret = mbedtls_md_finish( &ctx, output ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_finish", ret );
-        goto exit;
-    }
-
-exit:
-    mbedtls_md_free( &ctx );
-
-    if( ret != 0 )
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-
-    return( ret );
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
-          MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#endif /* MBEDTLS_SSL_TLS_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/threading.c b/components/ssl/mbedtls/mbedtls/library/threading.c
deleted file mode 100644
index 07586756..00000000
--- a/components/ssl/mbedtls/mbedtls/library/threading.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- *  Threading abstraction layer
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_THREADING_C)
-
-#include "mbedtls/threading.h"
-
-#if defined(MBEDTLS_THREADING_PTHREAD)
-static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex )
-{
-    if( mutex == NULL )
-        return;
-
-    mutex->is_valid = pthread_mutex_init( &mutex->mutex, NULL ) == 0;
-}
-
-static void threading_mutex_free_pthread( mbedtls_threading_mutex_t *mutex )
-{
-    if( mutex == NULL || !mutex->is_valid )
-        return;
-
-    (void) pthread_mutex_destroy( &mutex->mutex );
-    mutex->is_valid = 0;
-}
-
-static int threading_mutex_lock_pthread( mbedtls_threading_mutex_t *mutex )
-{
-    if( mutex == NULL || ! mutex->is_valid )
-        return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA );
-
-    if( pthread_mutex_lock( &mutex->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-
-    return( 0 );
-}
-
-static int threading_mutex_unlock_pthread( mbedtls_threading_mutex_t *mutex )
-{
-    if( mutex == NULL || ! mutex->is_valid )
-        return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA );
-
-    if( pthread_mutex_unlock( &mutex->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-
-    return( 0 );
-}
-
-void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t * ) = threading_mutex_init_pthread;
-void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t * ) = threading_mutex_free_pthread;
-int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_lock_pthread;
-int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_unlock_pthread;
-
-/*
- * With phtreads we can statically initialize mutexes
- */
-#define MUTEX_INIT  = { PTHREAD_MUTEX_INITIALIZER, 1 }
-
-#endif /* MBEDTLS_THREADING_PTHREAD */
-
-#if defined(MBEDTLS_THREADING_ALT)
-static int threading_mutex_fail( mbedtls_threading_mutex_t *mutex )
-{
-    ((void) mutex );
-    return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA );
-}
-static void threading_mutex_dummy( mbedtls_threading_mutex_t *mutex )
-{
-    ((void) mutex );
-    return;
-}
-
-void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t * ) = threading_mutex_dummy;
-void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t * ) = threading_mutex_dummy;
-int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_fail;
-int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_fail;
-
-/*
- * Set functions pointers and initialize global mutexes
- */
-void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
-                       void (*mutex_free)( mbedtls_threading_mutex_t * ),
-                       int (*mutex_lock)( mbedtls_threading_mutex_t * ),
-                       int (*mutex_unlock)( mbedtls_threading_mutex_t * ) )
-{
-    mbedtls_mutex_init = mutex_init;
-    mbedtls_mutex_free = mutex_free;
-    mbedtls_mutex_lock = mutex_lock;
-    mbedtls_mutex_unlock = mutex_unlock;
-
-    mbedtls_mutex_init( &mbedtls_threading_readdir_mutex );
-    mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex );
-}
-
-/*
- * Free global mutexes
- */
-void mbedtls_threading_free_alt( void )
-{
-    mbedtls_mutex_free( &mbedtls_threading_readdir_mutex );
-    mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex );
-}
-#endif /* MBEDTLS_THREADING_ALT */
-
-/*
- * Define global mutexes
- */
-#ifndef MUTEX_INIT
-#define MUTEX_INIT
-#endif
-mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT;
-mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT;
-
-#endif /* MBEDTLS_THREADING_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/timing.c b/components/ssl/mbedtls/mbedtls/library/timing.c
deleted file mode 100644
index 35d6d89e..00000000
--- a/components/ssl/mbedtls/mbedtls/library/timing.c
+++ /dev/null
@@ -1,536 +0,0 @@
-/*
- *  Portable interface to the CPU cycle counter
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf     printf
-#endif
-
-#if defined(MBEDTLS_TIMING_C)
-
-#include "mbedtls/timing.h"
-
-#if !defined(MBEDTLS_TIMING_ALT)
-
-#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
-    !defined(__APPLE__) && !defined(_WIN32)
-#error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h"
-#endif
-
-#ifndef asm
-#define asm __asm
-#endif
-
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-
-#include <windows.h>
-#include <winbase.h>
-
-struct _hr_time
-{
-    LARGE_INTEGER start;
-};
-
-#else
-
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <signal.h>
-#include <time.h>
-
-struct _hr_time
-{
-    struct timeval start;
-};
-
-#endif /* _WIN32 && !EFIX64 && !EFI32 */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) &&  \
-    ( defined(_MSC_VER) && defined(_M_IX86) ) || defined(__WATCOMC__)
-
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
-    unsigned long tsc;
-    __asm   rdtsc
-    __asm   mov  [tsc], eax
-    return( tsc );
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
-          ( _MSC_VER && _M_IX86 ) || __WATCOMC__ */
-
-/* some versions of mingw-64 have 32-bit longs even on x84_64 */
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) &&  \
-    defined(__GNUC__) && ( defined(__i386__) || (                       \
-    ( defined(__amd64__) || defined( __x86_64__) ) && __SIZEOF_LONG__ == 4 ) )
-
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
-    unsigned long lo, hi;
-    asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) );
-    return( lo );
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
-          __GNUC__ && __i386__ */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) &&  \
-    defined(__GNUC__) && ( defined(__amd64__) || defined(__x86_64__) )
-
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
-    unsigned long lo, hi;
-    asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) );
-    return( lo | ( hi << 32 ) );
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
-          __GNUC__ && ( __amd64__ || __x86_64__ ) */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) &&  \
-    defined(__GNUC__) && ( defined(__powerpc__) || defined(__ppc__) )
-
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
-    unsigned long tbl, tbu0, tbu1;
-
-    do
-    {
-        asm volatile( "mftbu %0" : "=r" (tbu0) );
-        asm volatile( "mftb  %0" : "=r" (tbl ) );
-        asm volatile( "mftbu %0" : "=r" (tbu1) );
-    }
-    while( tbu0 != tbu1 );
-
-    return( tbl );
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
-          __GNUC__ && ( __powerpc__ || __ppc__ ) */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) &&  \
-    defined(__GNUC__) && defined(__sparc64__)
-
-#if defined(__OpenBSD__)
-#warning OpenBSD does not allow access to tick register using software version instead
-#else
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
-    unsigned long tick;
-    asm volatile( "rdpr %%tick, %0;" : "=&r" (tick) );
-    return( tick );
-}
-#endif /* __OpenBSD__ */
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
-          __GNUC__ && __sparc64__ */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) &&  \
-    defined(__GNUC__) && defined(__sparc__) && !defined(__sparc64__)
-
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
-    unsigned long tick;
-    asm volatile( ".byte 0x83, 0x41, 0x00, 0x00" );
-    asm volatile( "mov   %%g1, %0" : "=r" (tick) );
-    return( tick );
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
-          __GNUC__ && __sparc__ && !__sparc64__ */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) &&      \
-    defined(__GNUC__) && defined(__alpha__)
-
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
-    unsigned long cc;
-    asm volatile( "rpcc %0" : "=r" (cc) );
-    return( cc & 0xFFFFFFFF );
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
-          __GNUC__ && __alpha__ */
-
-#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) &&      \
-    defined(__GNUC__) && defined(__ia64__)
-
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
-    unsigned long itc;
-    asm volatile( "mov %0 = ar.itc" : "=r" (itc) );
-    return( itc );
-}
-#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
-          __GNUC__ && __ia64__ */
-
-#if !defined(HAVE_HARDCLOCK) && defined(_MSC_VER) && \
-    !defined(EFIX64) && !defined(EFI32)
-
-#define HAVE_HARDCLOCK
-
-unsigned long mbedtls_timing_hardclock( void )
-{
-    LARGE_INTEGER offset;
-
-    QueryPerformanceCounter( &offset );
-
-    return( (unsigned long)( offset.QuadPart ) );
-}
-#endif /* !HAVE_HARDCLOCK && _MSC_VER && !EFIX64 && !EFI32 */
-
-#if !defined(HAVE_HARDCLOCK)
-
-#define HAVE_HARDCLOCK
-
-static int hardclock_init = 0;
-static struct timeval tv_init;
-
-unsigned long mbedtls_timing_hardclock( void )
-{
-    struct timeval tv_cur;
-
-    if( hardclock_init == 0 )
-    {
-        gettimeofday( &tv_init, NULL );
-        hardclock_init = 1;
-    }
-
-    gettimeofday( &tv_cur, NULL );
-    return( ( tv_cur.tv_sec  - tv_init.tv_sec  ) * 1000000
-          + ( tv_cur.tv_usec - tv_init.tv_usec ) );
-}
-#endif /* !HAVE_HARDCLOCK */
-
-volatile int mbedtls_timing_alarmed = 0;
-
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-
-unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset )
-{
-    struct _hr_time *t = (struct _hr_time *) val;
-
-    if( reset )
-    {
-        QueryPerformanceCounter( &t->start );
-        return( 0 );
-    }
-    else
-    {
-        unsigned long delta;
-        LARGE_INTEGER now, hfreq;
-        QueryPerformanceCounter(  &now );
-        QueryPerformanceFrequency( &hfreq );
-        delta = (unsigned long)( ( now.QuadPart - t->start.QuadPart ) * 1000ul
-                                 / hfreq.QuadPart );
-        return( delta );
-    }
-}
-
-/* It's OK to use a global because alarm() is supposed to be global anyway */
-static DWORD alarmMs;
-
-static DWORD WINAPI TimerProc( LPVOID TimerContext )
-{
-    ((void) TimerContext);
-    Sleep( alarmMs );
-    mbedtls_timing_alarmed = 1;
-    return( TRUE );
-}
-
-void mbedtls_set_alarm( int seconds )
-{
-    DWORD ThreadId;
-
-    if( seconds == 0 )
-    {
-        /* No need to create a thread for this simple case.
-         * Also, this shorcut is more reliable at least on MinGW32 */
-        mbedtls_timing_alarmed = 1;
-        return;
-    }
-
-    mbedtls_timing_alarmed = 0;
-    alarmMs = seconds * 1000;
-    CloseHandle( CreateThread( NULL, 0, TimerProc, NULL, 0, &ThreadId ) );
-}
-
-#else /* _WIN32 && !EFIX64 && !EFI32 */
-
-unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset )
-{
-    struct _hr_time *t = (struct _hr_time *) val;
-
-    if( reset )
-    {
-        gettimeofday( &t->start, NULL );
-        return( 0 );
-    }
-    else
-    {
-        unsigned long delta;
-        struct timeval now;
-        gettimeofday( &now, NULL );
-        delta = ( now.tv_sec  - t->start.tv_sec  ) * 1000ul
-              + ( now.tv_usec - t->start.tv_usec ) / 1000;
-        return( delta );
-    }
-}
-
-static void sighandler( int signum )
-{
-    mbedtls_timing_alarmed = 1;
-    signal( signum, sighandler );
-}
-
-void mbedtls_set_alarm( int seconds )
-{
-    mbedtls_timing_alarmed = 0;
-    signal( SIGALRM, sighandler );
-    alarm( seconds );
-    if( seconds == 0 )
-    {
-        /* alarm(0) cancelled any previous pending alarm, but the
-           handler won't fire, so raise the flag straight away. */
-        mbedtls_timing_alarmed = 1;
-    }
-}
-
-#endif /* _WIN32 && !EFIX64 && !EFI32 */
-
-/*
- * Set delays to watch
- */
-void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms )
-{
-    mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data;
-
-    ctx->int_ms = int_ms;
-    ctx->fin_ms = fin_ms;
-
-    if( fin_ms != 0 )
-        (void) mbedtls_timing_get_timer( &ctx->timer, 1 );
-}
-
-/*
- * Get number of delays expired
- */
-int mbedtls_timing_get_delay( void *data )
-{
-    mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data;
-    unsigned long elapsed_ms;
-
-    if( ctx->fin_ms == 0 )
-        return( -1 );
-
-    elapsed_ms = mbedtls_timing_get_timer( &ctx->timer, 0 );
-
-    if( elapsed_ms >= ctx->fin_ms )
-        return( 2 );
-
-    if( elapsed_ms >= ctx->int_ms )
-        return( 1 );
-
-    return( 0 );
-}
-
-#endif /* !MBEDTLS_TIMING_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/*
- * Busy-waits for the given number of milliseconds.
- * Used for testing mbedtls_timing_hardclock.
- */
-static void busy_msleep( unsigned long msec )
-{
-    struct mbedtls_timing_hr_time hires;
-    unsigned long i = 0; /* for busy-waiting */
-    volatile unsigned long j; /* to prevent optimisation */
-
-    (void) mbedtls_timing_get_timer( &hires, 1 );
-
-    while( mbedtls_timing_get_timer( &hires, 0 ) < msec )
-        i++;
-
-    j = i;
-    (void) j;
-}
-
-#define FAIL    do                                                      \
-    {                                                                   \
-        if( verbose != 0 )                                              \
-        {                                                               \
-            mbedtls_printf( "failed at line %d\n", __LINE__ );          \
-            mbedtls_printf( " cycles=%lu ratio=%lu millisecs=%lu secs=%lu hardfail=%d a=%lu b=%lu\n", \
-                            cycles, ratio, millisecs, secs, hardfail,   \
-                            (unsigned long) a, (unsigned long) b );     \
-            mbedtls_printf( " elapsed(hires)=%lu elapsed(ctx)=%lu status(ctx)=%d\n", \
-                            mbedtls_timing_get_timer( &hires, 0 ),      \
-                            mbedtls_timing_get_timer( &ctx.timer, 0 ),  \
-                            mbedtls_timing_get_delay( &ctx ) );         \
-        }                                                               \
-        return( 1 );                                                    \
-    } while( 0 )
-
-/*
- * Checkup routine
- *
- * Warning: this is work in progress, some tests may not be reliable enough
- * yet! False positives may happen.
- */
-int mbedtls_timing_self_test( int verbose )
-{
-    unsigned long cycles = 0, ratio = 0;
-    unsigned long millisecs = 0, secs = 0;
-    int hardfail = 0;
-    struct mbedtls_timing_hr_time hires;
-    uint32_t a = 0, b = 0;
-    mbedtls_timing_delay_context ctx;
-
-    if( verbose != 0 )
-        mbedtls_printf( "  TIMING tests note: will take some time!\n" );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  TIMING test #1 (set_alarm / get_timer): " );
-
-    {
-        secs = 1;
-
-        (void) mbedtls_timing_get_timer( &hires, 1 );
-
-        mbedtls_set_alarm( (int) secs );
-        while( !mbedtls_timing_alarmed )
-            ;
-
-        millisecs = mbedtls_timing_get_timer( &hires, 0 );
-
-        /* For some reason on Windows it looks like alarm has an extra delay
-         * (maybe related to creating a new thread). Allow some room here. */
-        if( millisecs < 800 * secs || millisecs > 1200 * secs + 300 )
-            FAIL;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  TIMING test #2 (set/get_delay        ): " );
-
-    {
-        a = 800;
-        b = 400;
-        mbedtls_timing_set_delay( &ctx, a, a + b );          /* T = 0 */
-
-        busy_msleep( a - a / 4 );                      /* T = a - a/4 */
-        if( mbedtls_timing_get_delay( &ctx ) != 0 )
-            FAIL;
-
-        busy_msleep( a / 4 + b / 4 );                  /* T = a + b/4 */
-        if( mbedtls_timing_get_delay( &ctx ) != 1 )
-            FAIL;
-
-        busy_msleep( b );                          /* T = a + b + b/4 */
-        if( mbedtls_timing_get_delay( &ctx ) != 2 )
-            FAIL;
-    }
-
-    mbedtls_timing_set_delay( &ctx, 0, 0 );
-    busy_msleep( 200 );
-    if( mbedtls_timing_get_delay( &ctx ) != -1 )
-        FAIL;
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  TIMING test #3 (hardclock / get_timer): " );
-
-    /*
-     * Allow one failure for possible counter wrapping.
-     * On a 4Ghz 32-bit machine the cycle counter wraps about once per second;
-     * since the whole test is about 10ms, it shouldn't happen twice in a row.
-     */
-
-hard_test:
-    if( hardfail > 1 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed (ignored)\n" );
-
-        goto hard_test_done;
-    }
-
-    /* Get a reference ratio cycles/ms */
-    millisecs = 1;
-    cycles = mbedtls_timing_hardclock();
-    busy_msleep( millisecs );
-    cycles = mbedtls_timing_hardclock() - cycles;
-    ratio = cycles / millisecs;
-
-    /* Check that the ratio is mostly constant */
-    for( millisecs = 2; millisecs <= 4; millisecs++ )
-    {
-        cycles = mbedtls_timing_hardclock();
-        busy_msleep( millisecs );
-        cycles = mbedtls_timing_hardclock() - cycles;
-
-        /* Allow variation up to 20% */
-        if( cycles / millisecs < ratio - ratio / 5 ||
-            cycles / millisecs > ratio + ratio / 5 )
-        {
-            hardfail++;
-            goto hard_test;
-        }
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-hard_test_done:
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_TIMING_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/version.c b/components/ssl/mbedtls/mbedtls/library/version.c
deleted file mode 100644
index fd967508..00000000
--- a/components/ssl/mbedtls/mbedtls/library/version.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- *  Version information
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_VERSION_C)
-
-#include "mbedtls/version.h"
-#include <string.h>
-
-unsigned int mbedtls_version_get_number( void )
-{
-    return( MBEDTLS_VERSION_NUMBER );
-}
-
-void mbedtls_version_get_string( char *string )
-{
-    memcpy( string, MBEDTLS_VERSION_STRING,
-            sizeof( MBEDTLS_VERSION_STRING ) );
-}
-
-void mbedtls_version_get_string_full( char *string )
-{
-    memcpy( string, MBEDTLS_VERSION_STRING_FULL,
-            sizeof( MBEDTLS_VERSION_STRING_FULL ) );
-}
-
-#endif /* MBEDTLS_VERSION_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/version_features.c b/components/ssl/mbedtls/mbedtls/library/version_features.c
deleted file mode 100644
index da47e3d7..00000000
--- a/components/ssl/mbedtls/mbedtls/library/version_features.c
+++ /dev/null
@@ -1,719 +0,0 @@
-/*
- *  Version feature information
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_VERSION_C)
-
-#include "mbedtls/version.h"
-
-#include <string.h>
-
-static const char *features[] = {
-#if defined(MBEDTLS_VERSION_FEATURES)
-#if defined(MBEDTLS_HAVE_ASM)
-    "MBEDTLS_HAVE_ASM",
-#endif /* MBEDTLS_HAVE_ASM */
-#if defined(MBEDTLS_NO_UDBL_DIVISION)
-    "MBEDTLS_NO_UDBL_DIVISION",
-#endif /* MBEDTLS_NO_UDBL_DIVISION */
-#if defined(MBEDTLS_HAVE_SSE2)
-    "MBEDTLS_HAVE_SSE2",
-#endif /* MBEDTLS_HAVE_SSE2 */
-#if defined(MBEDTLS_HAVE_TIME)
-    "MBEDTLS_HAVE_TIME",
-#endif /* MBEDTLS_HAVE_TIME */
-#if defined(MBEDTLS_HAVE_TIME_DATE)
-    "MBEDTLS_HAVE_TIME_DATE",
-#endif /* MBEDTLS_HAVE_TIME_DATE */
-#if defined(MBEDTLS_PLATFORM_MEMORY)
-    "MBEDTLS_PLATFORM_MEMORY",
-#endif /* MBEDTLS_PLATFORM_MEMORY */
-#if defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
-    "MBEDTLS_PLATFORM_NO_STD_FUNCTIONS",
-#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
-#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
-    "MBEDTLS_PLATFORM_EXIT_ALT",
-#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
-#if defined(MBEDTLS_PLATFORM_TIME_ALT)
-    "MBEDTLS_PLATFORM_TIME_ALT",
-#endif /* MBEDTLS_PLATFORM_TIME_ALT */
-#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
-    "MBEDTLS_PLATFORM_FPRINTF_ALT",
-#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-    "MBEDTLS_PLATFORM_PRINTF_ALT",
-#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-    "MBEDTLS_PLATFORM_SNPRINTF_ALT",
-#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-    "MBEDTLS_PLATFORM_NV_SEED_ALT",
-#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
-#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
-    "MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT",
-#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-    "MBEDTLS_DEPRECATED_WARNING",
-#endif /* MBEDTLS_DEPRECATED_WARNING */
-#if defined(MBEDTLS_DEPRECATED_REMOVED)
-    "MBEDTLS_DEPRECATED_REMOVED",
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#if defined(MBEDTLS_TIMING_ALT)
-    "MBEDTLS_TIMING_ALT",
-#endif /* MBEDTLS_TIMING_ALT */
-#if defined(MBEDTLS_AES_ALT)
-    "MBEDTLS_AES_ALT",
-#endif /* MBEDTLS_AES_ALT */
-#if defined(MBEDTLS_ARC4_ALT)
-    "MBEDTLS_ARC4_ALT",
-#endif /* MBEDTLS_ARC4_ALT */
-#if defined(MBEDTLS_BLOWFISH_ALT)
-    "MBEDTLS_BLOWFISH_ALT",
-#endif /* MBEDTLS_BLOWFISH_ALT */
-#if defined(MBEDTLS_CAMELLIA_ALT)
-    "MBEDTLS_CAMELLIA_ALT",
-#endif /* MBEDTLS_CAMELLIA_ALT */
-#if defined(MBEDTLS_CCM_ALT)
-    "MBEDTLS_CCM_ALT",
-#endif /* MBEDTLS_CCM_ALT */
-#if defined(MBEDTLS_CMAC_ALT)
-    "MBEDTLS_CMAC_ALT",
-#endif /* MBEDTLS_CMAC_ALT */
-#if defined(MBEDTLS_DES_ALT)
-    "MBEDTLS_DES_ALT",
-#endif /* MBEDTLS_DES_ALT */
-#if defined(MBEDTLS_DHM_ALT)
-    "MBEDTLS_DHM_ALT",
-#endif /* MBEDTLS_DHM_ALT */
-#if defined(MBEDTLS_ECJPAKE_ALT)
-    "MBEDTLS_ECJPAKE_ALT",
-#endif /* MBEDTLS_ECJPAKE_ALT */
-#if defined(MBEDTLS_GCM_ALT)
-    "MBEDTLS_GCM_ALT",
-#endif /* MBEDTLS_GCM_ALT */
-#if defined(MBEDTLS_MD2_ALT)
-    "MBEDTLS_MD2_ALT",
-#endif /* MBEDTLS_MD2_ALT */
-#if defined(MBEDTLS_MD4_ALT)
-    "MBEDTLS_MD4_ALT",
-#endif /* MBEDTLS_MD4_ALT */
-#if defined(MBEDTLS_MD5_ALT)
-    "MBEDTLS_MD5_ALT",
-#endif /* MBEDTLS_MD5_ALT */
-#if defined(MBEDTLS_RIPEMD160_ALT)
-    "MBEDTLS_RIPEMD160_ALT",
-#endif /* MBEDTLS_RIPEMD160_ALT */
-#if defined(MBEDTLS_RSA_ALT)
-    "MBEDTLS_RSA_ALT",
-#endif /* MBEDTLS_RSA_ALT */
-#if defined(MBEDTLS_SHA1_ALT)
-    "MBEDTLS_SHA1_ALT",
-#endif /* MBEDTLS_SHA1_ALT */
-#if defined(MBEDTLS_SHA256_ALT)
-    "MBEDTLS_SHA256_ALT",
-#endif /* MBEDTLS_SHA256_ALT */
-#if defined(MBEDTLS_SHA512_ALT)
-    "MBEDTLS_SHA512_ALT",
-#endif /* MBEDTLS_SHA512_ALT */
-#if defined(MBEDTLS_XTEA_ALT)
-    "MBEDTLS_XTEA_ALT",
-#endif /* MBEDTLS_XTEA_ALT */
-#if defined(MBEDTLS_ECP_ALT)
-    "MBEDTLS_ECP_ALT",
-#endif /* MBEDTLS_ECP_ALT */
-#if defined(MBEDTLS_MD2_PROCESS_ALT)
-    "MBEDTLS_MD2_PROCESS_ALT",
-#endif /* MBEDTLS_MD2_PROCESS_ALT */
-#if defined(MBEDTLS_MD4_PROCESS_ALT)
-    "MBEDTLS_MD4_PROCESS_ALT",
-#endif /* MBEDTLS_MD4_PROCESS_ALT */
-#if defined(MBEDTLS_MD5_PROCESS_ALT)
-    "MBEDTLS_MD5_PROCESS_ALT",
-#endif /* MBEDTLS_MD5_PROCESS_ALT */
-#if defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
-    "MBEDTLS_RIPEMD160_PROCESS_ALT",
-#endif /* MBEDTLS_RIPEMD160_PROCESS_ALT */
-#if defined(MBEDTLS_SHA1_PROCESS_ALT)
-    "MBEDTLS_SHA1_PROCESS_ALT",
-#endif /* MBEDTLS_SHA1_PROCESS_ALT */
-#if defined(MBEDTLS_SHA256_PROCESS_ALT)
-    "MBEDTLS_SHA256_PROCESS_ALT",
-#endif /* MBEDTLS_SHA256_PROCESS_ALT */
-#if defined(MBEDTLS_SHA512_PROCESS_ALT)
-    "MBEDTLS_SHA512_PROCESS_ALT",
-#endif /* MBEDTLS_SHA512_PROCESS_ALT */
-#if defined(MBEDTLS_DES_SETKEY_ALT)
-    "MBEDTLS_DES_SETKEY_ALT",
-#endif /* MBEDTLS_DES_SETKEY_ALT */
-#if defined(MBEDTLS_DES_CRYPT_ECB_ALT)
-    "MBEDTLS_DES_CRYPT_ECB_ALT",
-#endif /* MBEDTLS_DES_CRYPT_ECB_ALT */
-#if defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
-    "MBEDTLS_DES3_CRYPT_ECB_ALT",
-#endif /* MBEDTLS_DES3_CRYPT_ECB_ALT */
-#if defined(MBEDTLS_AES_SETKEY_ENC_ALT)
-    "MBEDTLS_AES_SETKEY_ENC_ALT",
-#endif /* MBEDTLS_AES_SETKEY_ENC_ALT */
-#if defined(MBEDTLS_AES_SETKEY_DEC_ALT)
-    "MBEDTLS_AES_SETKEY_DEC_ALT",
-#endif /* MBEDTLS_AES_SETKEY_DEC_ALT */
-#if defined(MBEDTLS_AES_ENCRYPT_ALT)
-    "MBEDTLS_AES_ENCRYPT_ALT",
-#endif /* MBEDTLS_AES_ENCRYPT_ALT */
-#if defined(MBEDTLS_AES_DECRYPT_ALT)
-    "MBEDTLS_AES_DECRYPT_ALT",
-#endif /* MBEDTLS_AES_DECRYPT_ALT */
-#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
-    "MBEDTLS_ECDH_GEN_PUBLIC_ALT",
-#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */
-#if defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT)
-    "MBEDTLS_ECDH_COMPUTE_SHARED_ALT",
-#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
-#if defined(MBEDTLS_ECDSA_VERIFY_ALT)
-    "MBEDTLS_ECDSA_VERIFY_ALT",
-#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
-#if defined(MBEDTLS_ECDSA_SIGN_ALT)
-    "MBEDTLS_ECDSA_SIGN_ALT",
-#endif /* MBEDTLS_ECDSA_SIGN_ALT */
-#if defined(MBEDTLS_ECDSA_GENKEY_ALT)
-    "MBEDTLS_ECDSA_GENKEY_ALT",
-#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-    "MBEDTLS_ECP_INTERNAL_ALT",
-#endif /* MBEDTLS_ECP_INTERNAL_ALT */
-#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
-    "MBEDTLS_ECP_RANDOMIZE_JAC_ALT",
-#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */
-#if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
-    "MBEDTLS_ECP_ADD_MIXED_ALT",
-#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */
-#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
-    "MBEDTLS_ECP_DOUBLE_JAC_ALT",
-#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
-    "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT",
-#endif /* MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT */
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
-    "MBEDTLS_ECP_NORMALIZE_JAC_ALT",
-#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */
-#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
-    "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT",
-#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */
-#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
-    "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT",
-#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
-#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
-    "MBEDTLS_ECP_NORMALIZE_MXZ_ALT",
-#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
-#if defined(MBEDTLS_TEST_NULL_ENTROPY)
-    "MBEDTLS_TEST_NULL_ENTROPY",
-#endif /* MBEDTLS_TEST_NULL_ENTROPY */
-#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-    "MBEDTLS_ENTROPY_HARDWARE_ALT",
-#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
-#if defined(MBEDTLS_AES_ROM_TABLES)
-    "MBEDTLS_AES_ROM_TABLES",
-#endif /* MBEDTLS_AES_ROM_TABLES */
-#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
-    "MBEDTLS_CAMELLIA_SMALL_MEMORY",
-#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    "MBEDTLS_CIPHER_MODE_CBC",
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    "MBEDTLS_CIPHER_MODE_CFB",
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    "MBEDTLS_CIPHER_MODE_CTR",
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-    "MBEDTLS_CIPHER_NULL_CIPHER",
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
-#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
-    "MBEDTLS_CIPHER_PADDING_PKCS7",
-#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
-#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
-    "MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS",
-#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
-#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
-    "MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN",
-#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
-#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
-    "MBEDTLS_CIPHER_PADDING_ZEROS",
-#endif /* MBEDTLS_CIPHER_PADDING_ZEROS */
-#if defined(MBEDTLS_ENABLE_WEAK_CIPHERSUITES)
-    "MBEDTLS_ENABLE_WEAK_CIPHERSUITES",
-#endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */
-#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
-    "MBEDTLS_REMOVE_ARC4_CIPHERSUITES",
-#endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-    "MBEDTLS_ECP_DP_SECP192R1_ENABLED",
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-    "MBEDTLS_ECP_DP_SECP224R1_ENABLED",
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-    "MBEDTLS_ECP_DP_SECP256R1_ENABLED",
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-    "MBEDTLS_ECP_DP_SECP384R1_ENABLED",
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-    "MBEDTLS_ECP_DP_SECP521R1_ENABLED",
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-    "MBEDTLS_ECP_DP_SECP192K1_ENABLED",
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-    "MBEDTLS_ECP_DP_SECP224K1_ENABLED",
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-    "MBEDTLS_ECP_DP_SECP256K1_ENABLED",
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-    "MBEDTLS_ECP_DP_BP256R1_ENABLED",
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-    "MBEDTLS_ECP_DP_BP384R1_ENABLED",
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-    "MBEDTLS_ECP_DP_BP512R1_ENABLED",
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-    "MBEDTLS_ECP_DP_CURVE25519_ENABLED",
-#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
-#if defined(MBEDTLS_ECP_NIST_OPTIM)
-    "MBEDTLS_ECP_NIST_OPTIM",
-#endif /* MBEDTLS_ECP_NIST_OPTIM */
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-    "MBEDTLS_ECDSA_DETERMINISTIC",
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-    "MBEDTLS_KEY_EXCHANGE_PSK_ENABLED",
-#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-    "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED",
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-    "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED",
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-    "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED",
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED",
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-    "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED",
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
-    "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED",
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-    "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED",
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-    "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED",
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
-    "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED",
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED",
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
-    "MBEDTLS_PK_PARSE_EC_EXTENDED",
-#endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
-#if defined(MBEDTLS_ERROR_STRERROR_DUMMY)
-    "MBEDTLS_ERROR_STRERROR_DUMMY",
-#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */
-#if defined(MBEDTLS_GENPRIME)
-    "MBEDTLS_GENPRIME",
-#endif /* MBEDTLS_GENPRIME */
-#if defined(MBEDTLS_FS_IO)
-    "MBEDTLS_FS_IO",
-#endif /* MBEDTLS_FS_IO */
-#if defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
-    "MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES",
-#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
-#if defined(MBEDTLS_NO_PLATFORM_ENTROPY)
-    "MBEDTLS_NO_PLATFORM_ENTROPY",
-#endif /* MBEDTLS_NO_PLATFORM_ENTROPY */
-#if defined(MBEDTLS_ENTROPY_FORCE_SHA256)
-    "MBEDTLS_ENTROPY_FORCE_SHA256",
-#endif /* MBEDTLS_ENTROPY_FORCE_SHA256 */
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-    "MBEDTLS_ENTROPY_NV_SEED",
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-#if defined(MBEDTLS_MEMORY_DEBUG)
-    "MBEDTLS_MEMORY_DEBUG",
-#endif /* MBEDTLS_MEMORY_DEBUG */
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-    "MBEDTLS_MEMORY_BACKTRACE",
-#endif /* MBEDTLS_MEMORY_BACKTRACE */
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-    "MBEDTLS_PK_RSA_ALT_SUPPORT",
-#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-#if defined(MBEDTLS_PKCS1_V15)
-    "MBEDTLS_PKCS1_V15",
-#endif /* MBEDTLS_PKCS1_V15 */
-#if defined(MBEDTLS_PKCS1_V21)
-    "MBEDTLS_PKCS1_V21",
-#endif /* MBEDTLS_PKCS1_V21 */
-#if defined(MBEDTLS_RSA_NO_CRT)
-    "MBEDTLS_RSA_NO_CRT",
-#endif /* MBEDTLS_RSA_NO_CRT */
-#if defined(MBEDTLS_SELF_TEST)
-    "MBEDTLS_SELF_TEST",
-#endif /* MBEDTLS_SELF_TEST */
-#if defined(MBEDTLS_SHA256_SMALLER)
-    "MBEDTLS_SHA256_SMALLER",
-#endif /* MBEDTLS_SHA256_SMALLER */
-#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
-    "MBEDTLS_SSL_ALL_ALERT_MESSAGES",
-#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
-#if defined(MBEDTLS_SSL_DEBUG_ALL)
-    "MBEDTLS_SSL_DEBUG_ALL",
-#endif /* MBEDTLS_SSL_DEBUG_ALL */
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-    "MBEDTLS_SSL_ENCRYPT_THEN_MAC",
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-    "MBEDTLS_SSL_EXTENDED_MASTER_SECRET",
-#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
-    "MBEDTLS_SSL_FALLBACK_SCSV",
-#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
-#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
-    "MBEDTLS_SSL_HW_RECORD_ACCEL",
-#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-    "MBEDTLS_SSL_CBC_RECORD_SPLITTING",
-#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    "MBEDTLS_SSL_RENEGOTIATION",
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
-    "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO",
-#endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
-#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
-    "MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE",
-#endif /* MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE */
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH",
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-    "MBEDTLS_SSL_PROTO_SSL3",
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1)
-    "MBEDTLS_SSL_PROTO_TLS1",
-#endif /* MBEDTLS_SSL_PROTO_TLS1 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
-    "MBEDTLS_SSL_PROTO_TLS1_1",
-#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    "MBEDTLS_SSL_PROTO_TLS1_2",
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    "MBEDTLS_SSL_PROTO_DTLS",
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-#if defined(MBEDTLS_SSL_ALPN)
-    "MBEDTLS_SSL_ALPN",
-#endif /* MBEDTLS_SSL_ALPN */
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-    "MBEDTLS_SSL_DTLS_ANTI_REPLAY",
-#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-    "MBEDTLS_SSL_DTLS_HELLO_VERIFY",
-#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
-#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
-    "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE",
-#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE */
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
-    "MBEDTLS_SSL_DTLS_BADMAC_LIMIT",
-#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    "MBEDTLS_SSL_SESSION_TICKETS",
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-    "MBEDTLS_SSL_EXPORT_KEYS",
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    "MBEDTLS_SSL_SERVER_NAME_INDICATION",
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-    "MBEDTLS_SSL_TRUNCATED_HMAC",
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
-    "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT",
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */
-#if defined(MBEDTLS_THREADING_ALT)
-    "MBEDTLS_THREADING_ALT",
-#endif /* MBEDTLS_THREADING_ALT */
-#if defined(MBEDTLS_THREADING_PTHREAD)
-    "MBEDTLS_THREADING_PTHREAD",
-#endif /* MBEDTLS_THREADING_PTHREAD */
-#if defined(MBEDTLS_VERSION_FEATURES)
-    "MBEDTLS_VERSION_FEATURES",
-#endif /* MBEDTLS_VERSION_FEATURES */
-#if defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
-    "MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3",
-#endif /* MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 */
-#if defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
-    "MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION",
-#endif /* MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
-    "MBEDTLS_X509_CHECK_KEY_USAGE",
-#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */
-#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
-    "MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE",
-#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-    "MBEDTLS_X509_RSASSA_PSS_SUPPORT",
-#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    "MBEDTLS_ZLIB_SUPPORT",
-#endif /* MBEDTLS_ZLIB_SUPPORT */
-#if defined(MBEDTLS_AESNI_C)
-    "MBEDTLS_AESNI_C",
-#endif /* MBEDTLS_AESNI_C */
-#if defined(MBEDTLS_AES_C)
-    "MBEDTLS_AES_C",
-#endif /* MBEDTLS_AES_C */
-#if defined(MBEDTLS_ARC4_C)
-    "MBEDTLS_ARC4_C",
-#endif /* MBEDTLS_ARC4_C */
-#if defined(MBEDTLS_ASN1_PARSE_C)
-    "MBEDTLS_ASN1_PARSE_C",
-#endif /* MBEDTLS_ASN1_PARSE_C */
-#if defined(MBEDTLS_ASN1_WRITE_C)
-    "MBEDTLS_ASN1_WRITE_C",
-#endif /* MBEDTLS_ASN1_WRITE_C */
-#if defined(MBEDTLS_BASE64_C)
-    "MBEDTLS_BASE64_C",
-#endif /* MBEDTLS_BASE64_C */
-#if defined(MBEDTLS_BIGNUM_C)
-    "MBEDTLS_BIGNUM_C",
-#endif /* MBEDTLS_BIGNUM_C */
-#if defined(MBEDTLS_BLOWFISH_C)
-    "MBEDTLS_BLOWFISH_C",
-#endif /* MBEDTLS_BLOWFISH_C */
-#if defined(MBEDTLS_CAMELLIA_C)
-    "MBEDTLS_CAMELLIA_C",
-#endif /* MBEDTLS_CAMELLIA_C */
-#if defined(MBEDTLS_CCM_C)
-    "MBEDTLS_CCM_C",
-#endif /* MBEDTLS_CCM_C */
-#if defined(MBEDTLS_CERTS_C)
-    "MBEDTLS_CERTS_C",
-#endif /* MBEDTLS_CERTS_C */
-#if defined(MBEDTLS_CIPHER_C)
-    "MBEDTLS_CIPHER_C",
-#endif /* MBEDTLS_CIPHER_C */
-#if defined(MBEDTLS_CMAC_C)
-    "MBEDTLS_CMAC_C",
-#endif /* MBEDTLS_CMAC_C */
-#if defined(MBEDTLS_CTR_DRBG_C)
-    "MBEDTLS_CTR_DRBG_C",
-#endif /* MBEDTLS_CTR_DRBG_C */
-#if defined(MBEDTLS_DEBUG_C)
-    "MBEDTLS_DEBUG_C",
-#endif /* MBEDTLS_DEBUG_C */
-#if defined(MBEDTLS_DES_C)
-    "MBEDTLS_DES_C",
-#endif /* MBEDTLS_DES_C */
-#if defined(MBEDTLS_DHM_C)
-    "MBEDTLS_DHM_C",
-#endif /* MBEDTLS_DHM_C */
-#if defined(MBEDTLS_ECDH_C)
-    "MBEDTLS_ECDH_C",
-#endif /* MBEDTLS_ECDH_C */
-#if defined(MBEDTLS_ECDSA_C)
-    "MBEDTLS_ECDSA_C",
-#endif /* MBEDTLS_ECDSA_C */
-#if defined(MBEDTLS_ECJPAKE_C)
-    "MBEDTLS_ECJPAKE_C",
-#endif /* MBEDTLS_ECJPAKE_C */
-#if defined(MBEDTLS_ECP_C)
-    "MBEDTLS_ECP_C",
-#endif /* MBEDTLS_ECP_C */
-#if defined(MBEDTLS_ENTROPY_C)
-    "MBEDTLS_ENTROPY_C",
-#endif /* MBEDTLS_ENTROPY_C */
-#if defined(MBEDTLS_ERROR_C)
-    "MBEDTLS_ERROR_C",
-#endif /* MBEDTLS_ERROR_C */
-#if defined(MBEDTLS_GCM_C)
-    "MBEDTLS_GCM_C",
-#endif /* MBEDTLS_GCM_C */
-#if defined(MBEDTLS_HAVEGE_C)
-    "MBEDTLS_HAVEGE_C",
-#endif /* MBEDTLS_HAVEGE_C */
-#if defined(MBEDTLS_HMAC_DRBG_C)
-    "MBEDTLS_HMAC_DRBG_C",
-#endif /* MBEDTLS_HMAC_DRBG_C */
-#if defined(MBEDTLS_MD_C)
-    "MBEDTLS_MD_C",
-#endif /* MBEDTLS_MD_C */
-#if defined(MBEDTLS_MD2_C)
-    "MBEDTLS_MD2_C",
-#endif /* MBEDTLS_MD2_C */
-#if defined(MBEDTLS_MD4_C)
-    "MBEDTLS_MD4_C",
-#endif /* MBEDTLS_MD4_C */
-#if defined(MBEDTLS_MD5_C)
-    "MBEDTLS_MD5_C",
-#endif /* MBEDTLS_MD5_C */
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-    "MBEDTLS_MEMORY_BUFFER_ALLOC_C",
-#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
-#if defined(MBEDTLS_NET_C)
-    "MBEDTLS_NET_C",
-#endif /* MBEDTLS_NET_C */
-#if defined(MBEDTLS_OID_C)
-    "MBEDTLS_OID_C",
-#endif /* MBEDTLS_OID_C */
-#if defined(MBEDTLS_PADLOCK_C)
-    "MBEDTLS_PADLOCK_C",
-#endif /* MBEDTLS_PADLOCK_C */
-#if defined(MBEDTLS_PEM_PARSE_C)
-    "MBEDTLS_PEM_PARSE_C",
-#endif /* MBEDTLS_PEM_PARSE_C */
-#if defined(MBEDTLS_PEM_WRITE_C)
-    "MBEDTLS_PEM_WRITE_C",
-#endif /* MBEDTLS_PEM_WRITE_C */
-#if defined(MBEDTLS_PK_C)
-    "MBEDTLS_PK_C",
-#endif /* MBEDTLS_PK_C */
-#if defined(MBEDTLS_PK_PARSE_C)
-    "MBEDTLS_PK_PARSE_C",
-#endif /* MBEDTLS_PK_PARSE_C */
-#if defined(MBEDTLS_PK_WRITE_C)
-    "MBEDTLS_PK_WRITE_C",
-#endif /* MBEDTLS_PK_WRITE_C */
-#if defined(MBEDTLS_PKCS5_C)
-    "MBEDTLS_PKCS5_C",
-#endif /* MBEDTLS_PKCS5_C */
-#if defined(MBEDTLS_PKCS11_C)
-    "MBEDTLS_PKCS11_C",
-#endif /* MBEDTLS_PKCS11_C */
-#if defined(MBEDTLS_PKCS12_C)
-    "MBEDTLS_PKCS12_C",
-#endif /* MBEDTLS_PKCS12_C */
-#if defined(MBEDTLS_PLATFORM_C)
-    "MBEDTLS_PLATFORM_C",
-#endif /* MBEDTLS_PLATFORM_C */
-#if defined(MBEDTLS_RIPEMD160_C)
-    "MBEDTLS_RIPEMD160_C",
-#endif /* MBEDTLS_RIPEMD160_C */
-#if defined(MBEDTLS_RSA_C)
-    "MBEDTLS_RSA_C",
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_SHA1_C)
-    "MBEDTLS_SHA1_C",
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
-    "MBEDTLS_SHA256_C",
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-    "MBEDTLS_SHA512_C",
-#endif /* MBEDTLS_SHA512_C */
-#if defined(MBEDTLS_SSL_CACHE_C)
-    "MBEDTLS_SSL_CACHE_C",
-#endif /* MBEDTLS_SSL_CACHE_C */
-#if defined(MBEDTLS_SSL_COOKIE_C)
-    "MBEDTLS_SSL_COOKIE_C",
-#endif /* MBEDTLS_SSL_COOKIE_C */
-#if defined(MBEDTLS_SSL_TICKET_C)
-    "MBEDTLS_SSL_TICKET_C",
-#endif /* MBEDTLS_SSL_TICKET_C */
-#if defined(MBEDTLS_SSL_CLI_C)
-    "MBEDTLS_SSL_CLI_C",
-#endif /* MBEDTLS_SSL_CLI_C */
-#if defined(MBEDTLS_SSL_SRV_C)
-    "MBEDTLS_SSL_SRV_C",
-#endif /* MBEDTLS_SSL_SRV_C */
-#if defined(MBEDTLS_SSL_TLS_C)
-    "MBEDTLS_SSL_TLS_C",
-#endif /* MBEDTLS_SSL_TLS_C */
-#if defined(MBEDTLS_THREADING_C)
-    "MBEDTLS_THREADING_C",
-#endif /* MBEDTLS_THREADING_C */
-#if defined(MBEDTLS_TIMING_C)
-    "MBEDTLS_TIMING_C",
-#endif /* MBEDTLS_TIMING_C */
-#if defined(MBEDTLS_VERSION_C)
-    "MBEDTLS_VERSION_C",
-#endif /* MBEDTLS_VERSION_C */
-#if defined(MBEDTLS_X509_USE_C)
-    "MBEDTLS_X509_USE_C",
-#endif /* MBEDTLS_X509_USE_C */
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    "MBEDTLS_X509_CRT_PARSE_C",
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-#if defined(MBEDTLS_X509_CRL_PARSE_C)
-    "MBEDTLS_X509_CRL_PARSE_C",
-#endif /* MBEDTLS_X509_CRL_PARSE_C */
-#if defined(MBEDTLS_X509_CSR_PARSE_C)
-    "MBEDTLS_X509_CSR_PARSE_C",
-#endif /* MBEDTLS_X509_CSR_PARSE_C */
-#if defined(MBEDTLS_X509_CREATE_C)
-    "MBEDTLS_X509_CREATE_C",
-#endif /* MBEDTLS_X509_CREATE_C */
-#if defined(MBEDTLS_X509_CRT_WRITE_C)
-    "MBEDTLS_X509_CRT_WRITE_C",
-#endif /* MBEDTLS_X509_CRT_WRITE_C */
-#if defined(MBEDTLS_X509_CSR_WRITE_C)
-    "MBEDTLS_X509_CSR_WRITE_C",
-#endif /* MBEDTLS_X509_CSR_WRITE_C */
-#if defined(MBEDTLS_XTEA_C)
-    "MBEDTLS_XTEA_C",
-#endif /* MBEDTLS_XTEA_C */
-#endif /* MBEDTLS_VERSION_FEATURES */
-    NULL
-};
-
-int mbedtls_version_check_feature( const char *feature )
-{
-    const char **idx = features;
-
-    if( *idx == NULL )
-        return( -2 );
-
-    if( feature == NULL )
-        return( -1 );
-
-    while( *idx != NULL )
-    {
-        if( !strcmp( *idx, feature ) )
-            return( 0 );
-        idx++;
-    }
-    return( -1 );
-}
-
-#endif /* MBEDTLS_VERSION_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/x509.c b/components/ssl/mbedtls/mbedtls/library/x509.c
deleted file mode 100644
index 371d6da1..00000000
--- a/components/ssl/mbedtls/mbedtls/library/x509.c
+++ /dev/null
@@ -1,1104 +0,0 @@
-/*
- *  X.509 common functions for parsing and verification
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  The ITU-T X.509 standard defines a certificate format for PKI.
- *
- *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
- *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
- *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
- *
- *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
- *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_X509_USE_C)
-
-#include "mbedtls/x509.h"
-#include "mbedtls/asn1.h"
-#include "mbedtls/oid.h"
-
-#include <stdio.h>
-#include <string.h>
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-#include "mbedtls/pem.h"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#include <stdlib.h>
-#define mbedtls_free      free
-#define mbedtls_calloc    calloc
-#define mbedtls_printf    printf
-#define mbedtls_snprintf  snprintf
-#endif
-
-
-#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
-#endif
-
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-#include <windows.h>
-#else
-#include <time.h>
-#endif
-
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#if !defined(_WIN32)
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <dirent.h>
-#endif
-#endif
-
-#define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); }
-#define CHECK_RANGE(min, max, val) if( val < min || val > max ){ return( ret ); }
-
-/*
- *  CertificateSerialNumber  ::=  INTEGER
- */
-int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
-                     mbedtls_x509_buf *serial )
-{
-    int ret;
-
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERR_X509_INVALID_SERIAL +
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-    if( **p != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2 ) &&
-        **p !=   MBEDTLS_ASN1_INTEGER )
-        return( MBEDTLS_ERR_X509_INVALID_SERIAL +
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
-
-    serial->tag = *(*p)++;
-
-    if( ( ret = mbedtls_asn1_get_len( p, end, &serial->len ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_SERIAL + ret );
-
-    serial->p = *p;
-    *p += serial->len;
-
-    return( 0 );
-}
-
-/* Get an algorithm identifier without parameters (eg for signatures)
- *
- *  AlgorithmIdentifier  ::=  SEQUENCE  {
- *       algorithm               OBJECT IDENTIFIER,
- *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
- */
-int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
-                       mbedtls_x509_buf *alg )
-{
-    int ret;
-
-    if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
-
-    return( 0 );
-}
-
-/*
- * Parse an algorithm identifier with (optional) paramaters
- */
-int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
-                  mbedtls_x509_buf *alg, mbedtls_x509_buf *params )
-{
-    int ret;
-
-    if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-/*
- * HashAlgorithm ::= AlgorithmIdentifier
- *
- * AlgorithmIdentifier  ::=  SEQUENCE  {
- *      algorithm               OBJECT IDENTIFIER,
- *      parameters              ANY DEFINED BY algorithm OPTIONAL  }
- *
- * For HashAlgorithm, parameters MUST be NULL or absent.
- */
-static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg )
-{
-    int ret;
-    unsigned char *p;
-    const unsigned char *end;
-    mbedtls_x509_buf md_oid;
-    size_t len;
-
-    /* Make sure we got a SEQUENCE and setup bounds */
-    if( alg->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
-        return( MBEDTLS_ERR_X509_INVALID_ALG +
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
-
-    p = (unsigned char *) alg->p;
-    end = p + alg->len;
-
-    if( p >= end )
-        return( MBEDTLS_ERR_X509_INVALID_ALG +
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-    /* Parse md_oid */
-    md_oid.tag = *p;
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &md_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
-
-    md_oid.p = p;
-    p += md_oid.len;
-
-    /* Get md_alg from md_oid */
-    if( ( ret = mbedtls_oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
-
-    /* Make sure params is absent of NULL */
-    if( p == end )
-        return( 0 );
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_NULL ) ) != 0 || len != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
-
-    if( p != end )
-        return( MBEDTLS_ERR_X509_INVALID_ALG +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-
-/*
- *    RSASSA-PSS-params  ::=  SEQUENCE  {
- *       hashAlgorithm     [0] HashAlgorithm DEFAULT sha1Identifier,
- *       maskGenAlgorithm  [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
- *       saltLength        [2] INTEGER DEFAULT 20,
- *       trailerField      [3] INTEGER DEFAULT 1  }
- *    -- Note that the tags in this Sequence are explicit.
- *
- * RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
- * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
- * option. Enfore this at parsing time.
- */
-int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
-                                mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
-                                int *salt_len )
-{
-    int ret;
-    unsigned char *p;
-    const unsigned char *end, *end2;
-    size_t len;
-    mbedtls_x509_buf alg_id, alg_params;
-
-    /* First set everything to defaults */
-    *md_alg = MBEDTLS_MD_SHA1;
-    *mgf_md = MBEDTLS_MD_SHA1;
-    *salt_len = 20;
-
-    /* Make sure params is a SEQUENCE and setup bounds */
-    if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
-        return( MBEDTLS_ERR_X509_INVALID_ALG +
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
-
-    p = (unsigned char *) params->p;
-    end = p + params->len;
-
-    if( p == end )
-        return( 0 );
-
-    /*
-     * HashAlgorithm
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
-    {
-        end2 = p + len;
-
-        /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
-        if( ( ret = mbedtls_x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
-            return( ret );
-
-        if( ( ret = mbedtls_oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
-            return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
-
-        if( p != end2 )
-            return( MBEDTLS_ERR_X509_INVALID_ALG +
-                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-    }
-    else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
-
-    if( p == end )
-        return( 0 );
-
-    /*
-     * MaskGenAlgorithm
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
-    {
-        end2 = p + len;
-
-        /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
-        if( ( ret = mbedtls_x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
-            return( ret );
-
-        /* Only MFG1 is recognised for now */
-        if( MBEDTLS_OID_CMP( MBEDTLS_OID_MGF1, &alg_id ) != 0 )
-            return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE +
-                    MBEDTLS_ERR_OID_NOT_FOUND );
-
-        /* Parse HashAlgorithm */
-        if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
-            return( ret );
-
-        if( p != end2 )
-            return( MBEDTLS_ERR_X509_INVALID_ALG +
-                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-    }
-    else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
-
-    if( p == end )
-        return( 0 );
-
-    /*
-     * salt_len
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2 ) ) == 0 )
-    {
-        end2 = p + len;
-
-        if( ( ret = mbedtls_asn1_get_int( &p, end2, salt_len ) ) != 0 )
-            return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
-
-        if( p != end2 )
-            return( MBEDTLS_ERR_X509_INVALID_ALG +
-                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-    }
-    else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
-
-    if( p == end )
-        return( 0 );
-
-    /*
-     * trailer_field (if present, must be 1)
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 3 ) ) == 0 )
-    {
-        int trailer_field;
-
-        end2 = p + len;
-
-        if( ( ret = mbedtls_asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
-            return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
-
-        if( p != end2 )
-            return( MBEDTLS_ERR_X509_INVALID_ALG +
-                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-        if( trailer_field != 1 )
-            return( MBEDTLS_ERR_X509_INVALID_ALG );
-    }
-    else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
-
-    if( p != end )
-        return( MBEDTLS_ERR_X509_INVALID_ALG +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-
-/*
- *  AttributeTypeAndValue ::= SEQUENCE {
- *    type     AttributeType,
- *    value    AttributeValue }
- *
- *  AttributeType ::= OBJECT IDENTIFIER
- *
- *  AttributeValue ::= ANY DEFINED BY AttributeType
- */
-static int x509_get_attr_type_value( unsigned char **p,
-                                     const unsigned char *end,
-                                     mbedtls_x509_name *cur )
-{
-    int ret;
-    size_t len;
-    mbedtls_x509_buf *oid;
-    mbedtls_x509_buf *val;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
-
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERR_X509_INVALID_NAME +
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-    oid = &cur->oid;
-    oid->tag = **p;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &oid->len, MBEDTLS_ASN1_OID ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
-
-    oid->p = *p;
-    *p += oid->len;
-
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERR_X509_INVALID_NAME +
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-    if( **p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING      &&
-        **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING &&
-        **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING &&
-        **p != MBEDTLS_ASN1_BIT_STRING )
-        return( MBEDTLS_ERR_X509_INVALID_NAME +
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
-
-    val = &cur->val;
-    val->tag = *(*p)++;
-
-    if( ( ret = mbedtls_asn1_get_len( p, end, &val->len ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
-
-    val->p = *p;
-    *p += val->len;
-
-    cur->next = NULL;
-
-    return( 0 );
-}
-
-/*
- *  Name ::= CHOICE { -- only one possibility for now --
- *       rdnSequence  RDNSequence }
- *
- *  RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
- *
- *  RelativeDistinguishedName ::=
- *    SET OF AttributeTypeAndValue
- *
- *  AttributeTypeAndValue ::= SEQUENCE {
- *    type     AttributeType,
- *    value    AttributeValue }
- *
- *  AttributeType ::= OBJECT IDENTIFIER
- *
- *  AttributeValue ::= ANY DEFINED BY AttributeType
- *
- * The data structure is optimized for the common case where each RDN has only
- * one element, which is represented as a list of AttributeTypeAndValue.
- * For the general case we still use a flat list, but we mark elements of the
- * same set so that they are "merged" together in the functions that consume
- * this list, eg mbedtls_x509_dn_gets().
- */
-int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
-                   mbedtls_x509_name *cur )
-{
-    int ret;
-    size_t set_len;
-    const unsigned char *end_set;
-
-    /* don't use recursion, we'd risk stack overflow if not optimized */
-    while( 1 )
-    {
-        /*
-         * parse SET
-         */
-        if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len,
-                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 )
-            return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
-
-        end_set  = *p + set_len;
-
-        while( 1 )
-        {
-            if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
-                return( ret );
-
-            if( *p == end_set )
-                break;
-
-            /* Mark this item as being no the only one in a set */
-            cur->next_merged = 1;
-
-            cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
-
-            if( cur->next == NULL )
-                return( MBEDTLS_ERR_X509_ALLOC_FAILED );
-
-            cur = cur->next;
-        }
-
-        /*
-         * continue until end of SEQUENCE is reached
-         */
-        if( *p == end )
-            return( 0 );
-
-        cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) );
-
-        if( cur->next == NULL )
-            return( MBEDTLS_ERR_X509_ALLOC_FAILED );
-
-        cur = cur->next;
-    }
-}
-
-static int x509_parse_int( unsigned char **p, size_t n, int *res )
-{
-    *res = 0;
-
-    for( ; n > 0; --n )
-    {
-        if( ( **p < '0') || ( **p > '9' ) )
-            return ( MBEDTLS_ERR_X509_INVALID_DATE );
-
-        *res *= 10;
-        *res += ( *(*p)++ - '0' );
-    }
-
-    return( 0 );
-}
-
-static int x509_date_is_valid(const mbedtls_x509_time *t )
-{
-    int ret = MBEDTLS_ERR_X509_INVALID_DATE;
-    int month_len;
-
-    CHECK_RANGE( 0, 9999, t->year );
-    CHECK_RANGE( 0, 23,   t->hour );
-    CHECK_RANGE( 0, 59,   t->min  );
-    CHECK_RANGE( 0, 59,   t->sec  );
-
-    switch( t->mon )
-    {
-        case 1: case 3: case 5: case 7: case 8: case 10: case 12:
-            month_len = 31;
-            break;
-        case 4: case 6: case 9: case 11:
-            month_len = 30;
-            break;
-        case 2:
-            if( ( !( t->year % 4 ) && t->year % 100 ) ||
-                !( t->year % 400 ) )
-                month_len = 29;
-            else
-                month_len = 28;
-            break;
-        default:
-            return( ret );
-    }
-    CHECK_RANGE( 1, month_len, t->day );
-
-    return( 0 );
-}
-
-/*
- * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4)
- * field.
- */
-static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
-                            mbedtls_x509_time *tm )
-{
-    int ret;
-
-    /*
-     * Minimum length is 10 or 12 depending on yearlen
-     */
-    if ( len < yearlen + 8 )
-        return ( MBEDTLS_ERR_X509_INVALID_DATE );
-    len -= yearlen + 8;
-
-    /*
-     * Parse year, month, day, hour, minute
-     */
-    CHECK( x509_parse_int( p, yearlen, &tm->year ) );
-    if ( 2 == yearlen )
-    {
-        if ( tm->year < 50 )
-            tm->year += 100;
-
-        tm->year += 1900;
-    }
-
-    CHECK( x509_parse_int( p, 2, &tm->mon ) );
-    CHECK( x509_parse_int( p, 2, &tm->day ) );
-    CHECK( x509_parse_int( p, 2, &tm->hour ) );
-    CHECK( x509_parse_int( p, 2, &tm->min ) );
-
-    /*
-     * Parse seconds if present
-     */
-    if ( len >= 2 )
-    {
-        CHECK( x509_parse_int( p, 2, &tm->sec ) );
-        len -= 2;
-    }
-    else
-        return ( MBEDTLS_ERR_X509_INVALID_DATE );
-
-    /*
-     * Parse trailing 'Z' if present
-     */
-    if ( 1 == len && 'Z' == **p )
-    {
-        (*p)++;
-        len--;
-    }
-
-    /*
-     * We should have parsed all characters at this point
-     */
-    if ( 0 != len )
-        return ( MBEDTLS_ERR_X509_INVALID_DATE );
-
-    CHECK( x509_date_is_valid( tm ) );
-
-    return ( 0 );
-}
-
-/*
- *  Time ::= CHOICE {
- *       utcTime        UTCTime,
- *       generalTime    GeneralizedTime }
- */
-int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
-                           mbedtls_x509_time *tm )
-{
-    int ret;
-    size_t len, year_len;
-    unsigned char tag;
-
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERR_X509_INVALID_DATE +
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-    tag = **p;
-
-    if( tag == MBEDTLS_ASN1_UTC_TIME )
-        year_len = 2;
-    else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME )
-        year_len = 4;
-    else
-        return( MBEDTLS_ERR_X509_INVALID_DATE +
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
-
-    (*p)++;
-    ret = mbedtls_asn1_get_len( p, end, &len );
-
-    if( ret != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
-
-    return x509_parse_time( p, len, year_len, tm );
-}
-
-int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig )
-{
-    int ret;
-    size_t len;
-    int tag_type;
-
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERR_X509_INVALID_SIGNATURE +
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-    tag_type = **p;
-
-    if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + ret );
-
-    sig->tag = tag_type;
-    sig->len = len;
-    sig->p = *p;
-
-    *p += len;
-
-    return( 0 );
-}
-
-/*
- * Get signature algorithm from alg OID and optional parameters
- */
-int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
-                      mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
-                      void **sig_opts )
-{
-    int ret;
-
-    if( *sig_opts != NULL )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-
-    if( ( ret = mbedtls_oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
-        return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + ret );
-
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-    if( *pk_alg == MBEDTLS_PK_RSASSA_PSS )
-    {
-        mbedtls_pk_rsassa_pss_options *pss_opts;
-
-        pss_opts = mbedtls_calloc( 1, sizeof( mbedtls_pk_rsassa_pss_options ) );
-        if( pss_opts == NULL )
-            return( MBEDTLS_ERR_X509_ALLOC_FAILED );
-
-        ret = mbedtls_x509_get_rsassa_pss_params( sig_params,
-                                          md_alg,
-                                          &pss_opts->mgf1_hash_id,
-                                          &pss_opts->expected_salt_len );
-        if( ret != 0 )
-        {
-            mbedtls_free( pss_opts );
-            return( ret );
-        }
-
-        *sig_opts = (void *) pss_opts;
-    }
-    else
-#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-    {
-        /* Make sure parameters are absent or NULL */
-        if( ( sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0 ) ||
-              sig_params->len != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_ALG );
-    }
-
-    return( 0 );
-}
-
-/*
- * X.509 Extensions (No parsing of extensions, pointer should
- * be either manually updated or extensions should be parsed!)
- */
-int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
-                  mbedtls_x509_buf *ext, int tag )
-{
-    int ret;
-    size_t len;
-
-    if( *p == end )
-        return( 0 );
-
-    ext->tag = **p;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &ext->len,
-            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag ) ) != 0 )
-        return( ret );
-
-    ext->p = *p;
-    end = *p + ext->len;
-
-    /*
-     * Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
-     *
-     * Extension  ::=  SEQUENCE  {
-     *      extnID      OBJECT IDENTIFIER,
-     *      critical    BOOLEAN DEFAULT FALSE,
-     *      extnValue   OCTET STRING  }
-     */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-
-    if( end != *p + len )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-
-/*
- * Store the name in printable form into buf; no more
- * than size characters will be written
- */
-int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn )
-{
-    int ret;
-    size_t i, n;
-    unsigned char c, merge = 0;
-    const mbedtls_x509_name *name;
-    const char *short_name = NULL;
-    char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
-
-    memset( s, 0, sizeof( s ) );
-
-    name = dn;
-    p = buf;
-    n = size;
-
-    while( name != NULL )
-    {
-        if( !name->oid.p )
-        {
-            name = name->next;
-            continue;
-        }
-
-        if( name != dn )
-        {
-            ret = mbedtls_snprintf( p, n, merge ? " + " : ", " );
-            MBEDTLS_X509_SAFE_SNPRINTF;
-        }
-
-        ret = mbedtls_oid_get_attr_short_name( &name->oid, &short_name );
-
-        if( ret == 0 )
-            ret = mbedtls_snprintf( p, n, "%s=", short_name );
-        else
-            ret = mbedtls_snprintf( p, n, "\?\?=" );
-        MBEDTLS_X509_SAFE_SNPRINTF;
-
-        for( i = 0; i < name->val.len; i++ )
-        {
-            if( i >= sizeof( s ) - 1 )
-                break;
-
-            c = name->val.p[i];
-            if( c < 32 || c == 127 || ( c > 128 && c < 160 ) )
-                 s[i] = '?';
-            else s[i] = c;
-        }
-        s[i] = '\0';
-        ret = mbedtls_snprintf( p, n, "%s", s );
-        MBEDTLS_X509_SAFE_SNPRINTF;
-
-        merge = name->next_merged;
-        name = name->next;
-    }
-
-    return( (int) ( size - n ) );
-}
-
-/*
- * Store the serial in printable form into buf; no more
- * than size characters will be written
- */
-int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial )
-{
-    int ret;
-    size_t i, n, nr;
-    char *p;
-
-    p = buf;
-    n = size;
-
-    nr = ( serial->len <= 32 )
-        ? serial->len  : 28;
-
-    for( i = 0; i < nr; i++ )
-    {
-        if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
-            continue;
-
-        ret = mbedtls_snprintf( p, n, "%02X%s",
-                serial->p[i], ( i < nr - 1 ) ? ":" : "" );
-        MBEDTLS_X509_SAFE_SNPRINTF;
-    }
-
-    if( nr != serial->len )
-    {
-        ret = mbedtls_snprintf( p, n, "...." );
-        MBEDTLS_X509_SAFE_SNPRINTF;
-    }
-
-    return( (int) ( size - n ) );
-}
-
-/*
- * Helper for writing signature algorithms
- */
-int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
-                       mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
-                       const void *sig_opts )
-{
-    int ret;
-    char *p = buf;
-    size_t n = size;
-    const char *desc = NULL;
-
-    ret = mbedtls_oid_get_sig_alg_desc( sig_oid, &desc );
-    if( ret != 0 )
-        ret = mbedtls_snprintf( p, n, "???"  );
-    else
-        ret = mbedtls_snprintf( p, n, "%s", desc );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-    if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
-    {
-        const mbedtls_pk_rsassa_pss_options *pss_opts;
-        const mbedtls_md_info_t *md_info, *mgf_md_info;
-
-        pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts;
-
-        md_info = mbedtls_md_info_from_type( md_alg );
-        mgf_md_info = mbedtls_md_info_from_type( pss_opts->mgf1_hash_id );
-
-        ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
-                              md_info ? mbedtls_md_get_name( md_info ) : "???",
-                              mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???",
-                              pss_opts->expected_salt_len );
-        MBEDTLS_X509_SAFE_SNPRINTF;
-    }
-#else
-    ((void) pk_alg);
-    ((void) md_alg);
-    ((void) sig_opts);
-#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-
-    return( (int)( size - n ) );
-}
-
-/*
- * Helper for writing "RSA key size", "EC key size", etc
- */
-int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name )
-{
-    char *p = buf;
-    size_t n = buf_size;
-    int ret;
-
-    ret = mbedtls_snprintf( p, n, "%s key size", name );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_HAVE_TIME_DATE)
-/*
- * Set the time structure to the current time.
- * Return 0 on success, non-zero on failure.
- */
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-static int x509_get_current_time( mbedtls_x509_time *now )
-{
-    SYSTEMTIME st;
-
-    GetSystemTime( &st );
-
-    now->year = st.wYear;
-    now->mon  = st.wMonth;
-    now->day  = st.wDay;
-    now->hour = st.wHour;
-    now->min  = st.wMinute;
-    now->sec  = st.wSecond;
-
-    return( 0 );
-}
-#else
-static int x509_get_current_time( mbedtls_x509_time *now )
-{
-    struct tm *lt;
-    mbedtls_time_t tt;
-    int ret = 0;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    tt = mbedtls_time( NULL );
-    lt = gmtime( &tt );
-
-    if( lt == NULL )
-        ret = -1;
-    else
-    {
-        now->year = lt->tm_year + 1900;
-        now->mon  = lt->tm_mon  + 1;
-        now->day  = lt->tm_mday;
-        now->hour = lt->tm_hour;
-        now->min  = lt->tm_min;
-        now->sec  = lt->tm_sec;
-    }
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    return( ret );
-}
-#endif /* _WIN32 && !EFIX64 && !EFI32 */
-
-/*
- * Return 0 if before <= after, 1 otherwise
- */
-static int x509_check_time( const mbedtls_x509_time *before, const mbedtls_x509_time *after )
-{
-    if( before->year  > after->year )
-        return( 1 );
-
-    if( before->year == after->year &&
-        before->mon   > after->mon )
-        return( 1 );
-
-    if( before->year == after->year &&
-        before->mon  == after->mon  &&
-        before->day   > after->day )
-        return( 1 );
-
-    if( before->year == after->year &&
-        before->mon  == after->mon  &&
-        before->day  == after->day  &&
-        before->hour  > after->hour )
-        return( 1 );
-
-    if( before->year == after->year &&
-        before->mon  == after->mon  &&
-        before->day  == after->day  &&
-        before->hour == after->hour &&
-        before->min   > after->min  )
-        return( 1 );
-
-    if( before->year == after->year &&
-        before->mon  == after->mon  &&
-        before->day  == after->day  &&
-        before->hour == after->hour &&
-        before->min  == after->min  &&
-        before->sec   > after->sec  )
-        return( 1 );
-
-    return( 0 );
-}
-
-int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
-{
-    mbedtls_x509_time now;
-
-    if( x509_get_current_time( &now ) != 0 )
-        return( 1 );
-
-    return( x509_check_time( &now, to ) );
-}
-
-int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
-{
-    mbedtls_x509_time now;
-
-    if( x509_get_current_time( &now ) != 0 )
-        return( 1 );
-
-    return( x509_check_time( from, &now ) );
-}
-
-#else  /* MBEDTLS_HAVE_TIME_DATE */
-
-int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
-{
-    ((void) to);
-    return( 0 );
-}
-
-int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
-{
-    ((void) from);
-    return( 0 );
-}
-#endif /* MBEDTLS_HAVE_TIME_DATE */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/certs.h"
-
-/*
- * Checkup routine
- */
-int mbedtls_x509_self_test( int verbose )
-{
-#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C)
-    int ret;
-    uint32_t flags;
-    mbedtls_x509_crt cacert;
-    mbedtls_x509_crt clicert;
-
-    if( verbose != 0 )
-        mbedtls_printf( "  X.509 certificate load: " );
-
-    mbedtls_x509_crt_init( &clicert );
-
-    ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
-                           mbedtls_test_cli_crt_len );
-    if( ret != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        return( ret );
-    }
-
-    mbedtls_x509_crt_init( &cacert );
-
-    ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt,
-                          mbedtls_test_ca_crt_len );
-    if( ret != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        return( ret );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n  X.509 signature verify: ");
-
-    ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
-    if( ret != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        return( ret );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n\n");
-
-    mbedtls_x509_crt_free( &cacert  );
-    mbedtls_x509_crt_free( &clicert );
-
-    return( 0 );
-#else
-    ((void) verbose);
-    return( 0 );
-#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA1_C */
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_X509_USE_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/x509_create.c b/components/ssl/mbedtls/mbedtls/library/x509_create.c
deleted file mode 100644
index df20ec8e..00000000
--- a/components/ssl/mbedtls/mbedtls/library/x509_create.c
+++ /dev/null
@@ -1,340 +0,0 @@
-/*
- *  X.509 base functions for creating certificates / CSRs
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_X509_CREATE_C)
-
-#include "mbedtls/x509.h"
-#include "mbedtls/asn1write.h"
-#include "mbedtls/oid.h"
-
-#include <string.h>
-
-typedef struct {
-    const char *name;
-    size_t name_len;
-    const char*oid;
-} x509_attr_descriptor_t;
-
-#define ADD_STRLEN( s )     s, sizeof( s ) - 1
-
-static const x509_attr_descriptor_t x509_attrs[] =
-{
-    { ADD_STRLEN( "CN" ),                       MBEDTLS_OID_AT_CN },
-    { ADD_STRLEN( "commonName" ),               MBEDTLS_OID_AT_CN },
-    { ADD_STRLEN( "C" ),                        MBEDTLS_OID_AT_COUNTRY },
-    { ADD_STRLEN( "countryName" ),              MBEDTLS_OID_AT_COUNTRY },
-    { ADD_STRLEN( "O" ),                        MBEDTLS_OID_AT_ORGANIZATION },
-    { ADD_STRLEN( "organizationName" ),         MBEDTLS_OID_AT_ORGANIZATION },
-    { ADD_STRLEN( "L" ),                        MBEDTLS_OID_AT_LOCALITY },
-    { ADD_STRLEN( "locality" ),                 MBEDTLS_OID_AT_LOCALITY },
-    { ADD_STRLEN( "R" ),                        MBEDTLS_OID_PKCS9_EMAIL },
-    { ADD_STRLEN( "OU" ),                       MBEDTLS_OID_AT_ORG_UNIT },
-    { ADD_STRLEN( "organizationalUnitName" ),   MBEDTLS_OID_AT_ORG_UNIT },
-    { ADD_STRLEN( "ST" ),                       MBEDTLS_OID_AT_STATE },
-    { ADD_STRLEN( "stateOrProvinceName" ),      MBEDTLS_OID_AT_STATE },
-    { ADD_STRLEN( "emailAddress" ),             MBEDTLS_OID_PKCS9_EMAIL },
-    { ADD_STRLEN( "serialNumber" ),             MBEDTLS_OID_AT_SERIAL_NUMBER },
-    { ADD_STRLEN( "postalAddress" ),            MBEDTLS_OID_AT_POSTAL_ADDRESS },
-    { ADD_STRLEN( "postalCode" ),               MBEDTLS_OID_AT_POSTAL_CODE },
-    { ADD_STRLEN( "dnQualifier" ),              MBEDTLS_OID_AT_DN_QUALIFIER },
-    { ADD_STRLEN( "title" ),                    MBEDTLS_OID_AT_TITLE },
-    { ADD_STRLEN( "surName" ),                  MBEDTLS_OID_AT_SUR_NAME },
-    { ADD_STRLEN( "SN" ),                       MBEDTLS_OID_AT_SUR_NAME },
-    { ADD_STRLEN( "givenName" ),                MBEDTLS_OID_AT_GIVEN_NAME },
-    { ADD_STRLEN( "GN" ),                       MBEDTLS_OID_AT_GIVEN_NAME },
-    { ADD_STRLEN( "initials" ),                 MBEDTLS_OID_AT_INITIALS },
-    { ADD_STRLEN( "pseudonym" ),                MBEDTLS_OID_AT_PSEUDONYM },
-    { ADD_STRLEN( "generationQualifier" ),      MBEDTLS_OID_AT_GENERATION_QUALIFIER },
-    { ADD_STRLEN( "domainComponent" ),          MBEDTLS_OID_DOMAIN_COMPONENT },
-    { ADD_STRLEN( "DC" ),                       MBEDTLS_OID_DOMAIN_COMPONENT },
-    { NULL, 0, NULL }
-};
-
-static const char *x509_at_oid_from_name( const char *name, size_t name_len )
-{
-    const x509_attr_descriptor_t *cur;
-
-    for( cur = x509_attrs; cur->name != NULL; cur++ )
-        if( cur->name_len == name_len &&
-            strncmp( cur->name, name, name_len ) == 0 )
-            break;
-
-    return( cur->oid );
-}
-
-int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name )
-{
-    int ret = 0;
-    const char *s = name, *c = s;
-    const char *end = s + strlen( s );
-    const char *oid = NULL;
-    int in_tag = 1;
-    char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
-    char *d = data;
-
-    /* Clear existing chain if present */
-    mbedtls_asn1_free_named_data_list( head );
-
-    while( c <= end )
-    {
-        if( in_tag && *c == '=' )
-        {
-            if( ( oid = x509_at_oid_from_name( s, c - s ) ) == NULL )
-            {
-                ret = MBEDTLS_ERR_X509_UNKNOWN_OID;
-                goto exit;
-            }
-
-            s = c + 1;
-            in_tag = 0;
-            d = data;
-        }
-
-        if( !in_tag && *c == '\\' && c != end )
-        {
-            c++;
-
-            /* Check for valid escaped characters */
-            if( c == end || *c != ',' )
-            {
-                ret = MBEDTLS_ERR_X509_INVALID_NAME;
-                goto exit;
-            }
-        }
-        else if( !in_tag && ( *c == ',' || c == end ) )
-        {
-            if( mbedtls_asn1_store_named_data( head, oid, strlen( oid ),
-                                       (unsigned char *) data,
-                                       d - data ) == NULL )
-            {
-                return( MBEDTLS_ERR_X509_ALLOC_FAILED );
-            }
-
-            while( c < end && *(c + 1) == ' ' )
-                c++;
-
-            s = c + 1;
-            in_tag = 1;
-        }
-
-        if( !in_tag && s != c + 1 )
-        {
-            *(d++) = *c;
-
-            if( d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE )
-            {
-                ret = MBEDTLS_ERR_X509_INVALID_NAME;
-                goto exit;
-            }
-        }
-
-        c++;
-    }
-
-exit:
-
-    return( ret );
-}
-
-/* The first byte of the value in the mbedtls_asn1_named_data structure is reserved
- * to store the critical boolean for us
- */
-int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
-                        int critical, const unsigned char *val, size_t val_len )
-{
-    mbedtls_asn1_named_data *cur;
-
-    if( ( cur = mbedtls_asn1_store_named_data( head, oid, oid_len,
-                                       NULL, val_len + 1 ) ) == NULL )
-    {
-        return( MBEDTLS_ERR_X509_ALLOC_FAILED );
-    }
-
-    cur->val.p[0] = critical;
-    memcpy( cur->val.p + 1, val, val_len );
-
-    return( 0 );
-}
-
-/*
- *  RelativeDistinguishedName ::=
- *    SET OF AttributeTypeAndValue
- *
- *  AttributeTypeAndValue ::= SEQUENCE {
- *    type     AttributeType,
- *    value    AttributeValue }
- *
- *  AttributeType ::= OBJECT IDENTIFIER
- *
- *  AttributeValue ::= ANY DEFINED BY AttributeType
- */
-static int x509_write_name( unsigned char **p, unsigned char *start,
-                            const char *oid, size_t oid_len,
-                            const unsigned char *name, size_t name_len )
-{
-    int ret;
-    size_t len = 0;
-
-    // Write PrintableString for all except MBEDTLS_OID_PKCS9_EMAIL
-    //
-    if( MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_EMAIL ) == oid_len &&
-        memcmp( oid, MBEDTLS_OID_PKCS9_EMAIL, oid_len ) == 0 )
-    {
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_ia5_string( p, start,
-                                                  (const char *) name,
-                                                  name_len ) );
-    }
-    else
-    {
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_printable_string( p, start,
-                                                        (const char *) name,
-                                                        name_len ) );
-    }
-
-    // Write OID
-    //
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
-                                                 MBEDTLS_ASN1_SEQUENCE ) );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
-                                                 MBEDTLS_ASN1_SET ) );
-
-    return( (int) len );
-}
-
-int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
-                      mbedtls_asn1_named_data *first )
-{
-    int ret;
-    size_t len = 0;
-    mbedtls_asn1_named_data *cur = first;
-
-    while( cur != NULL )
-    {
-        MBEDTLS_ASN1_CHK_ADD( len, x509_write_name( p, start, (char *) cur->oid.p,
-                                            cur->oid.len,
-                                            cur->val.p, cur->val.len ) );
-        cur = cur->next;
-    }
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
-                                                 MBEDTLS_ASN1_SEQUENCE ) );
-
-    return( (int) len );
-}
-
-int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
-                    const char *oid, size_t oid_len,
-                    unsigned char *sig, size_t size )
-{
-    int ret;
-    size_t len = 0;
-
-    if( *p < start || (size_t)( *p - start ) < size )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    len = size;
-    (*p) -= len;
-    memcpy( *p, sig, len );
-
-    if( *p - start < 1 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    *--(*p) = 0;
-    len += 1;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) );
-
-    // Write OID
-    //
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( p, start, oid,
-                                                        oid_len, 0 ) );
-
-    return( (int) len );
-}
-
-static int x509_write_extension( unsigned char **p, unsigned char *start,
-                                 mbedtls_asn1_named_data *ext )
-{
-    int ret;
-    size_t len = 0;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, ext->val.p + 1,
-                                              ext->val.len - 1 ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, ext->val.len - 1 ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OCTET_STRING ) );
-
-    if( ext->val.p[0] != 0 )
-    {
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( p, start, 1 ) );
-    }
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, ext->oid.p,
-                                              ext->oid.len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, ext->oid.len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OID ) );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
-                                                 MBEDTLS_ASN1_SEQUENCE ) );
-
-    return( (int) len );
-}
-
-/*
- * Extension  ::=  SEQUENCE  {
- *     extnID      OBJECT IDENTIFIER,
- *     critical    BOOLEAN DEFAULT FALSE,
- *     extnValue   OCTET STRING
- *                 -- contains the DER encoding of an ASN.1 value
- *                 -- corresponding to the extension type identified
- *                 -- by extnID
- *     }
- */
-int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
-                           mbedtls_asn1_named_data *first )
-{
-    int ret;
-    size_t len = 0;
-    mbedtls_asn1_named_data *cur_ext = first;
-
-    while( cur_ext != NULL )
-    {
-        MBEDTLS_ASN1_CHK_ADD( len, x509_write_extension( p, start, cur_ext ) );
-        cur_ext = cur_ext->next;
-    }
-
-    return( (int) len );
-}
-
-#endif /* MBEDTLS_X509_CREATE_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/x509_crl.c b/components/ssl/mbedtls/mbedtls/library/x509_crl.c
deleted file mode 100644
index b0f39d42..00000000
--- a/components/ssl/mbedtls/mbedtls/library/x509_crl.c
+++ /dev/null
@@ -1,776 +0,0 @@
-/*
- *  X.509 Certidicate Revocation List (CRL) parsing
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  The ITU-T X.509 standard defines a certificate format for PKI.
- *
- *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
- *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
- *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
- *
- *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
- *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_X509_CRL_PARSE_C)
-
-#include "mbedtls/x509_crl.h"
-#include "mbedtls/oid.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-#include "mbedtls/pem.h"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#include <stdio.h>
-#define mbedtls_free       free
-#define mbedtls_calloc    calloc
-#define mbedtls_snprintf   snprintf
-#endif
-
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-#include <windows.h>
-#else
-#include <time.h>
-#endif
-
-#if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
-#include <stdio.h>
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- *  Version  ::=  INTEGER  {  v1(0), v2(1)  }
- */
-static int x509_crl_get_version( unsigned char **p,
-                             const unsigned char *end,
-                             int *ver )
-{
-    int ret;
-
-    if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        {
-            *ver = 0;
-            return( 0 );
-        }
-
-        return( MBEDTLS_ERR_X509_INVALID_VERSION + ret );
-    }
-
-    return( 0 );
-}
-
-/*
- * X.509 CRL v2 extensions
- *
- * We currently don't parse any extension's content, but we do check that the
- * list of extensions is well-formed and abort on critical extensions (that
- * are unsupported as we don't support any extension so far)
- */
-static int x509_get_crl_ext( unsigned char **p,
-                             const unsigned char *end,
-                             mbedtls_x509_buf *ext )
-{
-    int ret;
-
-    /*
-     * crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
-     *                              -- if present, version MUST be v2
-     */
-    if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0 ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-            return( 0 );
-
-        return( ret );
-    }
-
-    while( *p < end )
-    {
-        /*
-         * Extension  ::=  SEQUENCE  {
-         *      extnID      OBJECT IDENTIFIER,
-         *      critical    BOOLEAN DEFAULT FALSE,
-         *      extnValue   OCTET STRING  }
-         */
-        int is_critical = 0;
-        const unsigned char *end_ext_data;
-        size_t len;
-
-        /* Get enclosing sequence tag */
-        if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-
-        end_ext_data = *p + len;
-
-        /* Get OID (currently ignored) */
-        if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
-                                          MBEDTLS_ASN1_OID ) ) != 0 )
-        {
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-        }
-        *p += len;
-
-        /* Get optional critical */
-        if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data,
-                                           &is_critical ) ) != 0 &&
-            ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
-        {
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-        }
-
-        /* Data should be octet string type */
-        if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
-                MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-
-        /* Ignore data so far and just check its length */
-        *p += len;
-        if( *p != end_ext_data )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-        /* Abort on (unsupported) critical extensions */
-        if( is_critical )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                    MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
-    }
-
-    if( *p != end )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-
-/*
- * X.509 CRL v2 entry extensions (no extensions parsed yet.)
- */
-static int x509_get_crl_entry_ext( unsigned char **p,
-                             const unsigned char *end,
-                             mbedtls_x509_buf *ext )
-{
-    int ret;
-    size_t len = 0;
-
-    /* OPTIONAL */
-    if( end <= *p )
-        return( 0 );
-
-    ext->tag = **p;
-    ext->p = *p;
-
-    /*
-     * Get CRL-entry extension sequence header
-     * crlEntryExtensions      Extensions OPTIONAL  -- if present, MUST be v2
-     */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &ext->len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        {
-            ext->p = NULL;
-            return( 0 );
-        }
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-    }
-
-    end = *p + ext->len;
-
-    if( end != *p + ext->len )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    while( *p < end )
-    {
-        if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-
-        *p += len;
-    }
-
-    if( *p != end )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-
-/*
- * X.509 CRL Entries
- */
-static int x509_get_entries( unsigned char **p,
-                             const unsigned char *end,
-                             mbedtls_x509_crl_entry *entry )
-{
-    int ret;
-    size_t entry_len;
-    mbedtls_x509_crl_entry *cur_entry = entry;
-
-    if( *p == end )
-        return( 0 );
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &entry_len,
-            MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-            return( 0 );
-
-        return( ret );
-    }
-
-    end = *p + entry_len;
-
-    while( *p < end )
-    {
-        size_t len2;
-        const unsigned char *end2;
-
-        if( ( ret = mbedtls_asn1_get_tag( p, end, &len2,
-                MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 )
-        {
-            return( ret );
-        }
-
-        cur_entry->raw.tag = **p;
-        cur_entry->raw.p = *p;
-        cur_entry->raw.len = len2;
-        end2 = *p + len2;
-
-        if( ( ret = mbedtls_x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 )
-            return( ret );
-
-        if( ( ret = mbedtls_x509_get_time( p, end2,
-                                   &cur_entry->revocation_date ) ) != 0 )
-            return( ret );
-
-        if( ( ret = x509_get_crl_entry_ext( p, end2,
-                                            &cur_entry->entry_ext ) ) != 0 )
-            return( ret );
-
-        if( *p < end )
-        {
-            cur_entry->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl_entry ) );
-
-            if( cur_entry->next == NULL )
-                return( MBEDTLS_ERR_X509_ALLOC_FAILED );
-
-            cur_entry = cur_entry->next;
-        }
-    }
-
-    return( 0 );
-}
-
-/*
- * Parse one  CRLs in DER format and append it to the chained list
- */
-int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
-                        const unsigned char *buf, size_t buflen )
-{
-    int ret;
-    size_t len;
-    unsigned char *p = NULL, *end = NULL;
-    mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
-    mbedtls_x509_crl *crl = chain;
-
-    /*
-     * Check for valid input
-     */
-    if( crl == NULL || buf == NULL )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-
-    memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) );
-    memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) );
-    memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) );
-
-    /*
-     * Add new CRL on the end of the chain if needed.
-     */
-    while( crl->version != 0 && crl->next != NULL )
-        crl = crl->next;
-
-    if( crl->version != 0 && crl->next == NULL )
-    {
-        crl->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) );
-
-        if( crl->next == NULL )
-        {
-            mbedtls_x509_crl_free( crl );
-            return( MBEDTLS_ERR_X509_ALLOC_FAILED );
-        }
-
-        mbedtls_x509_crl_init( crl->next );
-        crl = crl->next;
-    }
-
-    /*
-     * Copy raw DER-encoded CRL
-     */
-    if( buflen == 0 )
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT );
-
-    p = mbedtls_calloc( 1, buflen );
-    if( p == NULL )
-        return( MBEDTLS_ERR_X509_ALLOC_FAILED );
-
-    memcpy( p, buf, buflen );
-
-    crl->raw.p = p;
-    crl->raw.len = buflen;
-
-    end = p + buflen;
-
-    /*
-     * CertificateList  ::=  SEQUENCE  {
-     *      tbsCertList          TBSCertList,
-     *      signatureAlgorithm   AlgorithmIdentifier,
-     *      signatureValue       BIT STRING  }
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT );
-    }
-
-    if( len != (size_t) ( end - p ) )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-    }
-
-    /*
-     * TBSCertList  ::=  SEQUENCE  {
-     */
-    crl->tbs.p = p;
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
-    }
-
-    end = p + len;
-    crl->tbs.len = end - crl->tbs.p;
-
-    /*
-     * Version  ::=  INTEGER  OPTIONAL {  v1(0), v2(1)  }
-     *               -- if present, MUST be v2
-     *
-     * signature            AlgorithmIdentifier
-     */
-    if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
-        ( ret = mbedtls_x509_get_alg( &p, end, &crl->sig_oid, &sig_params1 ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( ret );
-    }
-
-    if( crl->version < 0 || crl->version > 1 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
-    }
-
-    crl->version++;
-
-    if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1,
-                                  &crl->sig_md, &crl->sig_pk,
-                                  &crl->sig_opts ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG );
-    }
-
-    /*
-     * issuer               Name
-     */
-    crl->issuer_raw.p = p;
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
-    }
-
-    if( ( ret = mbedtls_x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( ret );
-    }
-
-    crl->issuer_raw.len = p - crl->issuer_raw.p;
-
-    /*
-     * thisUpdate          Time
-     * nextUpdate          Time OPTIONAL
-     */
-    if( ( ret = mbedtls_x509_get_time( &p, end, &crl->this_update ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( ret );
-    }
-
-    if( ( ret = mbedtls_x509_get_time( &p, end, &crl->next_update ) ) != 0 )
-    {
-        if( ret != ( MBEDTLS_ERR_X509_INVALID_DATE +
-                        MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) &&
-            ret != ( MBEDTLS_ERR_X509_INVALID_DATE +
-                        MBEDTLS_ERR_ASN1_OUT_OF_DATA ) )
-        {
-            mbedtls_x509_crl_free( crl );
-            return( ret );
-        }
-    }
-
-    /*
-     * revokedCertificates    SEQUENCE OF SEQUENCE   {
-     *      userCertificate        CertificateSerialNumber,
-     *      revocationDate         Time,
-     *      crlEntryExtensions     Extensions OPTIONAL
-     *                                   -- if present, MUST be v2
-     *                        } OPTIONAL
-     */
-    if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( ret );
-    }
-
-    /*
-     * crlExtensions          EXPLICIT Extensions OPTIONAL
-     *                              -- if present, MUST be v2
-     */
-    if( crl->version == 2 )
-    {
-        ret = x509_get_crl_ext( &p, end, &crl->crl_ext );
-
-        if( ret != 0 )
-        {
-            mbedtls_x509_crl_free( crl );
-            return( ret );
-        }
-    }
-
-    if( p != end )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-    }
-
-    end = crl->raw.p + crl->raw.len;
-
-    /*
-     *  signatureAlgorithm   AlgorithmIdentifier,
-     *  signatureValue       BIT STRING
-     */
-    if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( ret );
-    }
-
-    if( crl->sig_oid.len != sig_oid2.len ||
-        memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 ||
-        sig_params1.len != sig_params2.len ||
-        ( sig_params1.len != 0 &&
-          memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERR_X509_SIG_MISMATCH );
-    }
-
-    if( ( ret = mbedtls_x509_get_sig( &p, end, &crl->sig ) ) != 0 )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( ret );
-    }
-
-    if( p != end )
-    {
-        mbedtls_x509_crl_free( crl );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-    }
-
-    return( 0 );
-}
-
-/*
- * Parse one or more CRLs and add them to the chained list
- */
-int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen )
-{
-#if defined(MBEDTLS_PEM_PARSE_C)
-    int ret;
-    size_t use_len;
-    mbedtls_pem_context pem;
-    int is_pem = 0;
-
-    if( chain == NULL || buf == NULL )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-
-    do
-    {
-        mbedtls_pem_init( &pem );
-
-        // Avoid calling mbedtls_pem_read_buffer() on non-null-terminated
-        // string
-        if( buflen == 0 || buf[buflen - 1] != '\0' )
-            ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-        else
-            ret = mbedtls_pem_read_buffer( &pem,
-                                           "-----BEGIN X509 CRL-----",
-                                           "-----END X509 CRL-----",
-                                            buf, NULL, 0, &use_len );
-
-        if( ret == 0 )
-        {
-            /*
-             * Was PEM encoded
-             */
-            is_pem = 1;
-
-            buflen -= use_len;
-            buf += use_len;
-
-            if( ( ret = mbedtls_x509_crl_parse_der( chain,
-                                            pem.buf, pem.buflen ) ) != 0 )
-            {
-                mbedtls_pem_free( &pem );
-                return( ret );
-            }
-        }
-        else if( is_pem )
-        {
-            mbedtls_pem_free( &pem );
-            return( ret );
-        }
-
-        mbedtls_pem_free( &pem );
-    }
-    /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte.
-     * And a valid CRL cannot be less than 1 byte anyway. */
-    while( is_pem && buflen > 1 );
-
-    if( is_pem )
-        return( 0 );
-    else
-#endif /* MBEDTLS_PEM_PARSE_C */
-        return( mbedtls_x509_crl_parse_der( chain, buf, buflen ) );
-}
-
-#if defined(MBEDTLS_FS_IO)
-/*
- * Load one or more CRLs and add them to the chained list
- */
-int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path )
-{
-    int ret;
-    size_t n;
-    unsigned char *buf;
-
-    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
-        return( ret );
-
-    ret = mbedtls_x509_crl_parse( chain, buf, n );
-
-    mbedtls_zeroize( buf, n );
-    mbedtls_free( buf );
-
-    return( ret );
-}
-#endif /* MBEDTLS_FS_IO */
-
-/*
- * Return an informational string about the certificate.
- */
-#define BEFORE_COLON    14
-#define BC              "14"
-/*
- * Return an informational string about the CRL.
- */
-int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
-                   const mbedtls_x509_crl *crl )
-{
-    int ret;
-    size_t n;
-    char *p;
-    const mbedtls_x509_crl_entry *entry;
-
-    p = buf;
-    n = size;
-
-    ret = mbedtls_snprintf( p, n, "%sCRL version   : %d",
-                               prefix, crl->version );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_snprintf( p, n, "\n%sissuer name   : ", prefix );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-    ret = mbedtls_x509_dn_gets( p, n, &crl->issuer );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_snprintf( p, n, "\n%sthis update   : " \
-                   "%04d-%02d-%02d %02d:%02d:%02d", prefix,
-                   crl->this_update.year, crl->this_update.mon,
-                   crl->this_update.day,  crl->this_update.hour,
-                   crl->this_update.min,  crl->this_update.sec );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_snprintf( p, n, "\n%snext update   : " \
-                   "%04d-%02d-%02d %02d:%02d:%02d", prefix,
-                   crl->next_update.year, crl->next_update.mon,
-                   crl->next_update.day,  crl->next_update.hour,
-                   crl->next_update.min,  crl->next_update.sec );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    entry = &crl->entry;
-
-    ret = mbedtls_snprintf( p, n, "\n%sRevoked certificates:",
-                               prefix );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    while( entry != NULL && entry->raw.len != 0 )
-    {
-        ret = mbedtls_snprintf( p, n, "\n%sserial number: ",
-                               prefix );
-        MBEDTLS_X509_SAFE_SNPRINTF;
-
-        ret = mbedtls_x509_serial_gets( p, n, &entry->serial );
-        MBEDTLS_X509_SAFE_SNPRINTF;
-
-        ret = mbedtls_snprintf( p, n, " revocation date: " \
-                   "%04d-%02d-%02d %02d:%02d:%02d",
-                   entry->revocation_date.year, entry->revocation_date.mon,
-                   entry->revocation_date.day,  entry->revocation_date.hour,
-                   entry->revocation_date.min,  entry->revocation_date.sec );
-        MBEDTLS_X509_SAFE_SNPRINTF;
-
-        entry = entry->next;
-    }
-
-    ret = mbedtls_snprintf( p, n, "\n%ssigned using  : ", prefix );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md,
-                             crl->sig_opts );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_snprintf( p, n, "\n" );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    return( (int) ( size - n ) );
-}
-
-/*
- * Initialize a CRL chain
- */
-void mbedtls_x509_crl_init( mbedtls_x509_crl *crl )
-{
-    memset( crl, 0, sizeof(mbedtls_x509_crl) );
-}
-
-/*
- * Unallocate all CRL data
- */
-void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
-{
-    mbedtls_x509_crl *crl_cur = crl;
-    mbedtls_x509_crl *crl_prv;
-    mbedtls_x509_name *name_cur;
-    mbedtls_x509_name *name_prv;
-    mbedtls_x509_crl_entry *entry_cur;
-    mbedtls_x509_crl_entry *entry_prv;
-
-    if( crl == NULL )
-        return;
-
-    do
-    {
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-        mbedtls_free( crl_cur->sig_opts );
-#endif
-
-        name_cur = crl_cur->issuer.next;
-        while( name_cur != NULL )
-        {
-            name_prv = name_cur;
-            name_cur = name_cur->next;
-            mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
-            mbedtls_free( name_prv );
-        }
-
-        entry_cur = crl_cur->entry.next;
-        while( entry_cur != NULL )
-        {
-            entry_prv = entry_cur;
-            entry_cur = entry_cur->next;
-            mbedtls_zeroize( entry_prv, sizeof( mbedtls_x509_crl_entry ) );
-            mbedtls_free( entry_prv );
-        }
-
-        if( crl_cur->raw.p != NULL )
-        {
-            mbedtls_zeroize( crl_cur->raw.p, crl_cur->raw.len );
-            mbedtls_free( crl_cur->raw.p );
-        }
-
-        crl_cur = crl_cur->next;
-    }
-    while( crl_cur != NULL );
-
-    crl_cur = crl;
-    do
-    {
-        crl_prv = crl_cur;
-        crl_cur = crl_cur->next;
-
-        mbedtls_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) );
-        if( crl_prv != crl )
-            mbedtls_free( crl_prv );
-    }
-    while( crl_cur != NULL );
-}
-
-#endif /* MBEDTLS_X509_CRL_PARSE_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/x509_crt.c b/components/ssl/mbedtls/mbedtls/library/x509_crt.c
deleted file mode 100644
index c869e8d3..00000000
--- a/components/ssl/mbedtls/mbedtls/library/x509_crt.c
+++ /dev/null
@@ -1,2432 +0,0 @@
-/*
- *  X.509 certificate parsing and verification
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  The ITU-T X.509 standard defines a certificate format for PKI.
- *
- *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
- *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
- *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
- *
- *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
- *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/oid.h"
-
-#include <stdio.h>
-#include <string.h>
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-#include "mbedtls/pem.h"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#define mbedtls_free       free
-#define mbedtls_calloc    calloc
-#define mbedtls_snprintf   snprintf
-#endif
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-#include <windows.h>
-#else
-#include <time.h>
-#endif
-
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#if !defined(_WIN32) || defined(EFIX64) || defined(EFI32)
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <dirent.h>
-#endif /* !_WIN32 || EFIX64 || EFI32 */
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- * Default profile
- */
-const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
-{
-#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
-    /* Allow SHA-1 (weak, but still safe in controlled environments) */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
-#endif
-    /* Only SHA-2 hashes */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
-    0xFFFFFFF, /* Any PK alg    */
-    0xFFFFFFF, /* Any curve     */
-    MBEDTLS_RSA_BITLEN_MIN,
-};
-
-/*
- * Next-default profile
- */
-const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
-{
-    /* Hashes from SHA-256 and above */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
-    0xFFFFFFF, /* Any PK alg    */
-#if defined(MBEDTLS_ECP_C)
-    /* Curves at or above 128-bit security level */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1 ),
-#else
-    0,
-#endif
-    MBEDTLS_RSA_BITLEN_MIN,
-};
-
-/*
- * NSA Suite B Profile
- */
-const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
-{
-    /* Only SHA-256 and 384 */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ),
-    /* Only ECDSA */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ),
-#if defined(MBEDTLS_ECP_C)
-    /* Only NIST P-256 and P-384 */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ),
-#else
-    0,
-#endif
-    0,
-};
-
-/*
- * Check md_alg against profile
- * Return 0 if md_alg acceptable for this profile, -1 otherwise
- */
-static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile,
-                                      mbedtls_md_type_t md_alg )
-{
-    if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 )
-        return( 0 );
-
-    return( -1 );
-}
-
-/*
- * Check pk_alg against profile
- * Return 0 if pk_alg acceptable for this profile, -1 otherwise
- */
-static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile,
-                                      mbedtls_pk_type_t pk_alg )
-{
-    if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 )
-        return( 0 );
-
-    return( -1 );
-}
-
-/*
- * Check key against profile
- * Return 0 if pk_alg acceptable for this profile, -1 otherwise
- */
-static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
-                                   mbedtls_pk_type_t pk_alg,
-                                   const mbedtls_pk_context *pk )
-{
-#if defined(MBEDTLS_RSA_C)
-    if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS )
-    {
-        if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen )
-            return( 0 );
-
-        MBEDTLS_DEBUGF("ERROR: Certification RSA bit length is %d and should be >= %d",
-                mbedtls_pk_get_bitlen(pk), MBEDTLS_RSA_BITLEN_MIN);
-
-        return( -1 );
-    }
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-    if( pk_alg == MBEDTLS_PK_ECDSA ||
-        pk_alg == MBEDTLS_PK_ECKEY ||
-        pk_alg == MBEDTLS_PK_ECKEY_DH )
-    {
-        mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
-
-        if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 )
-            return( 0 );
-
-        return( -1 );
-    }
-#endif
-
-    return( -1 );
-}
-
-/*
- *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
- */
-static int x509_get_version( unsigned char **p,
-                             const unsigned char *end,
-                             int *ver )
-{
-    int ret;
-    size_t len;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        {
-            *ver = 0;
-            return( 0 );
-        }
-
-        return( ret );
-    }
-
-    end = *p + len;
-
-    if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_VERSION + ret );
-
-    if( *p != end )
-        return( MBEDTLS_ERR_X509_INVALID_VERSION +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-
-/*
- *  Validity ::= SEQUENCE {
- *       notBefore      Time,
- *       notAfter       Time }
- */
-static int x509_get_dates( unsigned char **p,
-                           const unsigned char *end,
-                           mbedtls_x509_time *from,
-                           mbedtls_x509_time *to )
-{
-    int ret;
-    size_t len;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
-
-    end = *p + len;
-
-    if( ( ret = mbedtls_x509_get_time( p, end, from ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_x509_get_time( p, end, to ) ) != 0 )
-        return( ret );
-
-    if( *p != end )
-        return( MBEDTLS_ERR_X509_INVALID_DATE +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-
-/*
- * X.509 v2/v3 unique identifier (not parsed)
- */
-static int x509_get_uid( unsigned char **p,
-                         const unsigned char *end,
-                         mbedtls_x509_buf *uid, int n )
-{
-    int ret;
-
-    if( *p == end )
-        return( 0 );
-
-    uid->tag = **p;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &uid->len,
-            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | n ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-            return( 0 );
-
-        return( ret );
-    }
-
-    uid->p = *p;
-    *p += uid->len;
-
-    return( 0 );
-}
-
-static int x509_get_basic_constraints( unsigned char **p,
-                                       const unsigned char *end,
-                                       int *ca_istrue,
-                                       int *max_pathlen )
-{
-    int ret;
-    size_t len;
-
-    /*
-     * BasicConstraints ::= SEQUENCE {
-     *      cA                      BOOLEAN DEFAULT FALSE,
-     *      pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
-     */
-    *ca_istrue = 0; /* DEFAULT FALSE */
-    *max_pathlen = 0; /* endless */
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-
-    if( *p == end )
-        return( 0 );
-
-    if( ( ret = mbedtls_asn1_get_bool( p, end, ca_istrue ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-            ret = mbedtls_asn1_get_int( p, end, ca_istrue );
-
-        if( ret != 0 )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-
-        if( *ca_istrue != 0 )
-            *ca_istrue = 1;
-    }
-
-    if( *p == end )
-        return( 0 );
-
-    if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-
-    if( *p != end )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    (*max_pathlen)++;
-
-    return( 0 );
-}
-
-static int x509_get_ns_cert_type( unsigned char **p,
-                                       const unsigned char *end,
-                                       unsigned char *ns_cert_type)
-{
-    int ret;
-    mbedtls_x509_bitstring bs = { 0, 0, NULL };
-
-    if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-
-    if( bs.len != 1 )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-
-    /* Get actual bitstring */
-    *ns_cert_type = *bs.p;
-    return( 0 );
-}
-
-static int x509_get_key_usage( unsigned char **p,
-                               const unsigned char *end,
-                               unsigned int *key_usage)
-{
-    int ret;
-    size_t i;
-    mbedtls_x509_bitstring bs = { 0, 0, NULL };
-
-    if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-
-    if( bs.len < 1 )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-
-    /* Get actual bitstring */
-    *key_usage = 0;
-    for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ )
-    {
-        *key_usage |= (unsigned int) bs.p[i] << (8*i);
-    }
-
-    return( 0 );
-}
-
-/*
- * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
- *
- * KeyPurposeId ::= OBJECT IDENTIFIER
- */
-static int x509_get_ext_key_usage( unsigned char **p,
-                               const unsigned char *end,
-                               mbedtls_x509_sequence *ext_key_usage)
-{
-    int ret;
-
-    if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-
-    /* Sequence length must be >= 1 */
-    if( ext_key_usage->buf.p == NULL )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-
-    return( 0 );
-}
-
-/*
- * SubjectAltName ::= GeneralNames
- *
- * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
- *
- * GeneralName ::= CHOICE {
- *      otherName                       [0]     OtherName,
- *      rfc822Name                      [1]     IA5String,
- *      dNSName                         [2]     IA5String,
- *      x400Address                     [3]     ORAddress,
- *      directoryName                   [4]     Name,
- *      ediPartyName                    [5]     EDIPartyName,
- *      uniformResourceIdentifier       [6]     IA5String,
- *      iPAddress                       [7]     OCTET STRING,
- *      registeredID                    [8]     OBJECT IDENTIFIER }
- *
- * OtherName ::= SEQUENCE {
- *      type-id    OBJECT IDENTIFIER,
- *      value      [0] EXPLICIT ANY DEFINED BY type-id }
- *
- * EDIPartyName ::= SEQUENCE {
- *      nameAssigner            [0]     DirectoryString OPTIONAL,
- *      partyName               [1]     DirectoryString }
- *
- * NOTE: we only parse and use dNSName at this point.
- */
-static int x509_get_subject_alt_name( unsigned char **p,
-                                      const unsigned char *end,
-                                      mbedtls_x509_sequence *subject_alt_name )
-{
-    int ret;
-    size_t len, tag_len;
-    mbedtls_asn1_buf *buf;
-    unsigned char tag;
-    mbedtls_asn1_sequence *cur = subject_alt_name;
-
-    /* Get main sequence tag */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-
-    if( *p + len != end )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    while( *p < end )
-    {
-        if( ( end - *p ) < 1 )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                    MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-        tag = **p;
-        (*p)++;
-        if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-
-        if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) !=
-                MBEDTLS_ASN1_CONTEXT_SPECIFIC )
-        {
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                    MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
-        }
-
-        /* Skip everything but DNS name */
-        if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) )
-        {
-            *p += tag_len;
-            continue;
-        }
-
-        /* Allocate and assign next pointer */
-        if( cur->buf.p != NULL )
-        {
-            if( cur->next != NULL )
-                return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
-
-            cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
-
-            if( cur->next == NULL )
-                return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                        MBEDTLS_ERR_ASN1_ALLOC_FAILED );
-
-            cur = cur->next;
-        }
-
-        buf = &(cur->buf);
-        buf->tag = tag;
-        buf->p = *p;
-        buf->len = tag_len;
-        *p += buf->len;
-    }
-
-    /* Set final sequence entry's next pointer to NULL */
-    cur->next = NULL;
-
-    if( *p != end )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-
-/*
- * X.509 v3 extensions
- *
- */
-static int x509_get_crt_ext( unsigned char **p,
-                             const unsigned char *end,
-                             mbedtls_x509_crt *crt )
-{
-    int ret;
-    size_t len;
-    unsigned char *end_ext_data, *end_ext_octet;
-
-    if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-            return( 0 );
-
-        return( ret );
-    }
-
-    while( *p < end )
-    {
-        /*
-         * Extension  ::=  SEQUENCE  {
-         *      extnID      OBJECT IDENTIFIER,
-         *      critical    BOOLEAN DEFAULT FALSE,
-         *      extnValue   OCTET STRING  }
-         */
-        mbedtls_x509_buf extn_oid = {0, 0, NULL};
-        int is_critical = 0; /* DEFAULT FALSE */
-        int ext_type = 0;
-
-        if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-
-        end_ext_data = *p + len;
-
-        /* Get extension ID */
-        extn_oid.tag = **p;
-
-        if( ( ret = mbedtls_asn1_get_tag( p, end, &extn_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-
-        extn_oid.p = *p;
-        *p += extn_oid.len;
-
-        if( ( end - *p ) < 1 )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                    MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-        /* Get optional critical */
-        if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
-            ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-
-        /* Data should be octet string type */
-        if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
-                MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
-
-        end_ext_octet = *p + len;
-
-        if( end_ext_octet != end_ext_data )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-        /*
-         * Detect supported extensions
-         */
-        ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type );
-
-        if( ret != 0 )
-        {
-            /* No parser found, skip extension */
-            *p = end_ext_octet;
-
-#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
-            if( is_critical )
-            {
-                /* Data is marked as critical: fail */
-                return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                        MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
-            }
-#endif
-            continue;
-        }
-
-        /* Forbid repeated extensions */
-        if( ( crt->ext_types & ext_type ) != 0 )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS );
-
-        crt->ext_types |= ext_type;
-
-        switch( ext_type )
-        {
-        case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS:
-            /* Parse basic constraints */
-            if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
-                    &crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
-                return( ret );
-            break;
-
-        case MBEDTLS_X509_EXT_KEY_USAGE:
-            /* Parse key usage */
-            if( ( ret = x509_get_key_usage( p, end_ext_octet,
-                    &crt->key_usage ) ) != 0 )
-                return( ret );
-            break;
-
-        case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE:
-            /* Parse extended key usage */
-            if( ( ret = x509_get_ext_key_usage( p, end_ext_octet,
-                    &crt->ext_key_usage ) ) != 0 )
-                return( ret );
-            break;
-
-        case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
-            /* Parse subject alt name */
-            if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
-                    &crt->subject_alt_names ) ) != 0 )
-                return( ret );
-            break;
-
-        case MBEDTLS_X509_EXT_NS_CERT_TYPE:
-            /* Parse netscape certificate type */
-            if( ( ret = x509_get_ns_cert_type( p, end_ext_octet,
-                    &crt->ns_cert_type ) ) != 0 )
-                return( ret );
-            break;
-
-        default:
-            return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
-        }
-    }
-
-    if( *p != end )
-        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-
-/*
- * Parse and fill a single X.509 certificate in DER format
- */
-static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *buf,
-                                    size_t buflen )
-{
-    int ret;
-    size_t len;
-    unsigned char *p, *end, *crt_end;
-    mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
-
-    memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) );
-    memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) );
-    memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) );
-
-    /*
-     * Check for valid input
-     */
-    if( crt == NULL || buf == NULL )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-
-    // Use the original buffer until we figure out actual length
-    p = (unsigned char*) buf;
-    len = buflen;
-    end = p + len;
-
-    /*
-     * Certificate  ::=  SEQUENCE  {
-     *      tbsCertificate       TBSCertificate,
-     *      signatureAlgorithm   AlgorithmIdentifier,
-     *      signatureValue       BIT STRING  }
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT );
-    }
-
-    if( len > (size_t) ( end - p ) )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-    }
-    crt_end = p + len;
-
-    // Create and populate a new buffer for the raw field
-    crt->raw.len = crt_end - buf;
-    crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
-    if( p == NULL )
-        return( MBEDTLS_ERR_X509_ALLOC_FAILED );
-
-    memcpy( p, buf, crt->raw.len );
-
-    // Direct pointers to the new buffer 
-    p += crt->raw.len - len;
-    end = crt_end = p + len;
-
-    /*
-     * TBSCertificate  ::=  SEQUENCE  {
-     */
-    crt->tbs.p = p;
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
-    }
-
-    end = p + len;
-    crt->tbs.len = end - crt->tbs.p;
-
-    /*
-     * Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
-     *
-     * CertificateSerialNumber  ::=  INTEGER
-     *
-     * signature            AlgorithmIdentifier
-     */
-    if( ( ret = x509_get_version(  &p, end, &crt->version  ) ) != 0 ||
-        ( ret = mbedtls_x509_get_serial(   &p, end, &crt->serial   ) ) != 0 ||
-        ( ret = mbedtls_x509_get_alg(      &p, end, &crt->sig_oid,
-                                            &sig_params1 ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( ret );
-    }
-
-    if( crt->version < 0 || crt->version > 2 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
-    }
-
-    crt->version++;
-
-    if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1,
-                                  &crt->sig_md, &crt->sig_pk,
-                                  &crt->sig_opts ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( ret );
-    }
-
-    /*
-     * issuer               Name
-     */
-    crt->issuer_raw.p = p;
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
-    }
-
-    if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( ret );
-    }
-
-    crt->issuer_raw.len = p - crt->issuer_raw.p;
-
-    /*
-     * Validity ::= SEQUENCE {
-     *      notBefore      Time,
-     *      notAfter       Time }
-     *
-     */
-    if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
-                                         &crt->valid_to ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( ret );
-    }
-
-    /*
-     * subject              Name
-     */
-    crt->subject_raw.p = p;
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
-    }
-
-    if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( ret );
-    }
-
-    crt->subject_raw.len = p - crt->subject_raw.p;
-
-    /*
-     * SubjectPublicKeyInfo
-     */
-    if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( ret );
-    }
-
-    /*
-     *  issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
-     *                       -- If present, version shall be v2 or v3
-     *  subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
-     *                       -- If present, version shall be v2 or v3
-     *  extensions      [3]  EXPLICIT Extensions OPTIONAL
-     *                       -- If present, version shall be v3
-     */
-    if( crt->version == 2 || crt->version == 3 )
-    {
-        ret = x509_get_uid( &p, end, &crt->issuer_id,  1 );
-        if( ret != 0 )
-        {
-            mbedtls_x509_crt_free( crt );
-            return( ret );
-        }
-    }
-
-    if( crt->version == 2 || crt->version == 3 )
-    {
-        ret = x509_get_uid( &p, end, &crt->subject_id,  2 );
-        if( ret != 0 )
-        {
-            mbedtls_x509_crt_free( crt );
-            return( ret );
-        }
-    }
-
-#if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
-    if( crt->version == 3 )
-#endif
-    {
-        ret = x509_get_crt_ext( &p, end, crt );
-        if( ret != 0 )
-        {
-            mbedtls_x509_crt_free( crt );
-            return( ret );
-        }
-    }
-
-    if( p != end )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-    }
-
-    end = crt_end;
-
-    /*
-     *  }
-     *  -- end of TBSCertificate
-     *
-     *  signatureAlgorithm   AlgorithmIdentifier,
-     *  signatureValue       BIT STRING
-     */
-    if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( ret );
-    }
-
-    if( crt->sig_oid.len != sig_oid2.len ||
-        memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 ||
-        sig_params1.len != sig_params2.len ||
-        ( sig_params1.len != 0 &&
-          memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERR_X509_SIG_MISMATCH );
-    }
-
-    if( ( ret = mbedtls_x509_get_sig( &p, end, &crt->sig ) ) != 0 )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( ret );
-    }
-
-    if( p != end )
-    {
-        mbedtls_x509_crt_free( crt );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-    }
-
-    return( 0 );
-}
-
-/*
- * Parse one X.509 certificate in DER format from a buffer and add them to a
- * chained list
- */
-int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
-                        size_t buflen )
-{
-    int ret;
-    mbedtls_x509_crt *crt = chain, *prev = NULL;
-
-    /*
-     * Check for valid input
-     */
-    if( crt == NULL || buf == NULL )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-
-    while( crt->version != 0 && crt->next != NULL )
-    {
-        prev = crt;
-        crt = crt->next;
-    }
-
-    /*
-     * Add new certificate on the end of the chain if needed.
-     */
-    if( crt->version != 0 && crt->next == NULL )
-    {
-        crt->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
-
-        if( crt->next == NULL )
-            return( MBEDTLS_ERR_X509_ALLOC_FAILED );
-
-        prev = crt;
-        mbedtls_x509_crt_init( crt->next );
-        crt = crt->next;
-    }
-
-    if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
-    {
-        if( prev )
-            prev->next = NULL;
-
-        if( crt != chain )
-            mbedtls_free( crt );
-
-        return( ret );
-    }
-
-    return( 0 );
-}
-
-/*
- * Parse one or more PEM certificates from a buffer and add them to the chained
- * list
- */
-int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen )
-{
-#if defined(MBEDTLS_PEM_PARSE_C)
-    int success = 0, first_error = 0, total_failed = 0;
-    int buf_format = MBEDTLS_X509_FORMAT_DER;
-#endif
-
-    /*
-     * Check for valid input
-     */
-    if( chain == NULL || buf == NULL )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-
-    /*
-     * Determine buffer content. Buffer contains either one DER certificate or
-     * one or more PEM certificates.
-     */
-#if defined(MBEDTLS_PEM_PARSE_C)
-    if( buflen != 0 && buf[buflen - 1] == '\0' &&
-        strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
-    {
-        buf_format = MBEDTLS_X509_FORMAT_PEM;
-    }
-
-    if( buf_format == MBEDTLS_X509_FORMAT_DER )
-        return mbedtls_x509_crt_parse_der( chain, buf, buflen );
-#else
-    return mbedtls_x509_crt_parse_der( chain, buf, buflen );
-#endif
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-    if( buf_format == MBEDTLS_X509_FORMAT_PEM )
-    {
-        int ret;
-        mbedtls_pem_context pem;
-
-        /* 1 rather than 0 since the terminating NULL byte is counted in */
-        while( buflen > 1 )
-        {
-            size_t use_len;
-            mbedtls_pem_init( &pem );
-
-            /* If we get there, we know the string is null-terminated */
-            ret = mbedtls_pem_read_buffer( &pem,
-                           "-----BEGIN CERTIFICATE-----",
-                           "-----END CERTIFICATE-----",
-                           buf, NULL, 0, &use_len );
-
-            if( ret == 0 )
-            {
-                /*
-                 * Was PEM encoded
-                 */
-                buflen -= use_len;
-                buf += use_len;
-            }
-            else if( ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA )
-            {
-                return( ret );
-            }
-            else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-            {
-                mbedtls_pem_free( &pem );
-
-                /*
-                 * PEM header and footer were found
-                 */
-                buflen -= use_len;
-                buf += use_len;
-
-                if( first_error == 0 )
-                    first_error = ret;
-
-                total_failed++;
-                continue;
-            }
-            else
-                break;
-
-            ret = mbedtls_x509_crt_parse_der( chain, pem.buf, pem.buflen );
-
-            mbedtls_pem_free( &pem );
-
-            if( ret != 0 )
-            {
-                /*
-                 * Quit parsing on a memory error
-                 */
-                if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED )
-                    return( ret );
-
-                if( first_error == 0 )
-                    first_error = ret;
-
-                total_failed++;
-                continue;
-            }
-
-            success = 1;
-        }
-    }
-
-    if( success )
-        return( total_failed );
-    else if( first_error )
-        return( first_error );
-    else
-        return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT );
-#endif /* MBEDTLS_PEM_PARSE_C */
-}
-
-#if defined(MBEDTLS_FS_IO)
-/*
- * Load one or more certificates and add them to the chained list
- */
-int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path )
-{
-    int ret;
-    size_t n;
-    unsigned char *buf;
-
-    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
-        return( ret );
-
-    ret = mbedtls_x509_crt_parse( chain, buf, n );
-
-    mbedtls_zeroize( buf, n );
-    mbedtls_free( buf );
-
-    return( ret );
-}
-
-int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
-{
-    int ret = 0;
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-    int w_ret;
-    WCHAR szDir[MAX_PATH];
-    char filename[MAX_PATH];
-    char *p;
-    size_t len = strlen( path );
-
-    WIN32_FIND_DATAW file_data;
-    HANDLE hFind;
-
-    if( len > MAX_PATH - 3 )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-
-    memset( szDir, 0, sizeof(szDir) );
-    memset( filename, 0, MAX_PATH );
-    memcpy( filename, path, len );
-    filename[len++] = '\\';
-    p = filename + len;
-    filename[len++] = '*';
-
-    w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir,
-                                 MAX_PATH - 3 );
-    if( w_ret == 0 )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-
-    hFind = FindFirstFileW( szDir, &file_data );
-    if( hFind == INVALID_HANDLE_VALUE )
-        return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
-
-    len = MAX_PATH - len;
-    do
-    {
-        memset( p, 0, len );
-
-        if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
-            continue;
-
-        w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
-                                     lstrlenW( file_data.cFileName ),
-                                     p, (int) len - 1,
-                                     NULL, NULL );
-        if( w_ret == 0 )
-        {
-            ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
-            goto cleanup;
-        }
-
-        w_ret = mbedtls_x509_crt_parse_file( chain, filename );
-        if( w_ret < 0 )
-            ret++;
-        else
-            ret += w_ret;
-    }
-    while( FindNextFileW( hFind, &file_data ) != 0 );
-
-    if( GetLastError() != ERROR_NO_MORE_FILES )
-        ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
-
-cleanup:
-    FindClose( hFind );
-#else /* _WIN32 */
-    int t_ret;
-    int snp_ret;
-    struct stat sb;
-    struct dirent *entry;
-    char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN];
-    DIR *dir = opendir( path );
-
-    if( dir == NULL )
-        return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 )
-    {
-        closedir( dir );
-        return( ret );
-    }
-#endif /* MBEDTLS_THREADING_C */
-
-    while( ( entry = readdir( dir ) ) != NULL )
-    {
-        snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name,
-                                    "%s/%s", path, entry->d_name );
-
-        if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name )
-        {
-            ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
-            goto cleanup;
-        }
-        else if( stat( entry_name, &sb ) == -1 )
-        {
-            ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
-            goto cleanup;
-        }
-
-        if( !S_ISREG( sb.st_mode ) )
-            continue;
-
-        // Ignore parse errors
-        //
-        t_ret = mbedtls_x509_crt_parse_file( chain, entry_name );
-        if( t_ret < 0 )
-            ret++;
-        else
-            ret += t_ret;
-    }
-
-cleanup:
-    closedir( dir );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 )
-        ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR;
-#endif /* MBEDTLS_THREADING_C */
-
-#endif /* _WIN32 */
-
-    return( ret );
-}
-#endif /* MBEDTLS_FS_IO */
-
-static int x509_info_subject_alt_name( char **buf, size_t *size,
-                                       const mbedtls_x509_sequence *subject_alt_name )
-{
-    size_t i;
-    size_t n = *size;
-    char *p = *buf;
-    const mbedtls_x509_sequence *cur = subject_alt_name;
-    const char *sep = "";
-    size_t sep_len = 0;
-
-    while( cur != NULL )
-    {
-        if( cur->buf.len + sep_len >= n )
-        {
-            *p = '\0';
-            return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
-        }
-
-        n -= cur->buf.len + sep_len;
-        for( i = 0; i < sep_len; i++ )
-            *p++ = sep[i];
-        for( i = 0; i < cur->buf.len; i++ )
-            *p++ = cur->buf.p[i];
-
-        sep = ", ";
-        sep_len = 2;
-
-        cur = cur->next;
-    }
-
-    *p = '\0';
-
-    *size = n;
-    *buf = p;
-
-    return( 0 );
-}
-
-#define PRINT_ITEM(i)                           \
-    {                                           \
-        ret = mbedtls_snprintf( p, n, "%s" i, sep );    \
-        MBEDTLS_X509_SAFE_SNPRINTF;                        \
-        sep = ", ";                             \
-    }
-
-#define CERT_TYPE(type,name)                    \
-    if( ns_cert_type & type )                   \
-        PRINT_ITEM( name );
-
-static int x509_info_cert_type( char **buf, size_t *size,
-                                unsigned char ns_cert_type )
-{
-    int ret;
-    size_t n = *size;
-    char *p = *buf;
-    const char *sep = "";
-
-    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT,         "SSL Client" );
-    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER,         "SSL Server" );
-    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL,              "Email" );
-    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING,     "Object Signing" );
-    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED,           "Reserved" );
-    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA,             "SSL CA" );
-    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA,           "Email CA" );
-    CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA,  "Object Signing CA" );
-
-    *size = n;
-    *buf = p;
-
-    return( 0 );
-}
-
-#define KEY_USAGE(code,name)    \
-    if( key_usage & code )      \
-        PRINT_ITEM( name );
-
-static int x509_info_key_usage( char **buf, size_t *size,
-                                unsigned int key_usage )
-{
-    int ret;
-    size_t n = *size;
-    char *p = *buf;
-    const char *sep = "";
-
-    KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE,    "Digital Signature" );
-    KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION,      "Non Repudiation" );
-    KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT,     "Key Encipherment" );
-    KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT,    "Data Encipherment" );
-    KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT,        "Key Agreement" );
-    KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN,        "Key Cert Sign" );
-    KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN,             "CRL Sign" );
-    KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY,        "Encipher Only" );
-    KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY,        "Decipher Only" );
-
-    *size = n;
-    *buf = p;
-
-    return( 0 );
-}
-
-static int x509_info_ext_key_usage( char **buf, size_t *size,
-                                    const mbedtls_x509_sequence *extended_key_usage )
-{
-    int ret;
-    const char *desc;
-    size_t n = *size;
-    char *p = *buf;
-    const mbedtls_x509_sequence *cur = extended_key_usage;
-    const char *sep = "";
-
-    while( cur != NULL )
-    {
-        if( mbedtls_oid_get_extended_key_usage( &cur->buf, &desc ) != 0 )
-            desc = "???";
-
-        ret = mbedtls_snprintf( p, n, "%s%s", sep, desc );
-        MBEDTLS_X509_SAFE_SNPRINTF;
-
-        sep = ", ";
-
-        cur = cur->next;
-    }
-
-    *size = n;
-    *buf = p;
-
-    return( 0 );
-}
-
-/*
- * Return an informational string about the certificate.
- */
-#define BEFORE_COLON    18
-#define BC              "18"
-int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
-                   const mbedtls_x509_crt *crt )
-{
-    int ret;
-    size_t n;
-    char *p;
-    char key_size_str[BEFORE_COLON];
-
-    p = buf;
-    n = size;
-
-    if( NULL == crt )
-    {
-        ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" );
-        MBEDTLS_X509_SAFE_SNPRINTF;
-
-        return( (int) ( size - n ) );
-    }
-
-    ret = mbedtls_snprintf( p, n, "%scert. version     : %d\n",
-                               prefix, crt->version );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-    ret = mbedtls_snprintf( p, n, "%sserial number     : ",
-                               prefix );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_snprintf( p, n, "\n%sissuer name       : ", prefix );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-    ret = mbedtls_x509_dn_gets( p, n, &crt->issuer  );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_snprintf( p, n, "\n%ssubject name      : ", prefix );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-    ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_snprintf( p, n, "\n%sissued  on        : " \
-                   "%04d-%02d-%02d %02d:%02d:%02d", prefix,
-                   crt->valid_from.year, crt->valid_from.mon,
-                   crt->valid_from.day,  crt->valid_from.hour,
-                   crt->valid_from.min,  crt->valid_from.sec );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_snprintf( p, n, "\n%sexpires on        : " \
-                   "%04d-%02d-%02d %02d:%02d:%02d", prefix,
-                   crt->valid_to.year, crt->valid_to.mon,
-                   crt->valid_to.day,  crt->valid_to.hour,
-                   crt->valid_to.min,  crt->valid_to.sec );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_snprintf( p, n, "\n%ssigned using      : ", prefix );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk,
-                             crt->sig_md, crt->sig_opts );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    /* Key size */
-    if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
-                                      mbedtls_pk_get_name( &crt->pk ) ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str,
-                          (int) mbedtls_pk_get_bitlen( &crt->pk ) );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    /*
-     * Optional extensions
-     */
-
-    if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS )
-    {
-        ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix,
-                        crt->ca_istrue ? "true" : "false" );
-        MBEDTLS_X509_SAFE_SNPRINTF;
-
-        if( crt->max_pathlen > 0 )
-        {
-            ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 );
-            MBEDTLS_X509_SAFE_SNPRINTF;
-        }
-    }
-
-    if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
-    {
-        ret = mbedtls_snprintf( p, n, "\n%ssubject alt name  : ", prefix );
-        MBEDTLS_X509_SAFE_SNPRINTF;
-
-        if( ( ret = x509_info_subject_alt_name( &p, &n,
-                                            &crt->subject_alt_names ) ) != 0 )
-            return( ret );
-    }
-
-    if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE )
-    {
-        ret = mbedtls_snprintf( p, n, "\n%scert. type        : ", prefix );
-        MBEDTLS_X509_SAFE_SNPRINTF;
-
-        if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 )
-            return( ret );
-    }
-
-    if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE )
-    {
-        ret = mbedtls_snprintf( p, n, "\n%skey usage         : ", prefix );
-        MBEDTLS_X509_SAFE_SNPRINTF;
-
-        if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 )
-            return( ret );
-    }
-
-    if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE )
-    {
-        ret = mbedtls_snprintf( p, n, "\n%sext key usage     : ", prefix );
-        MBEDTLS_X509_SAFE_SNPRINTF;
-
-        if( ( ret = x509_info_ext_key_usage( &p, &n,
-                                             &crt->ext_key_usage ) ) != 0 )
-            return( ret );
-    }
-
-    ret = mbedtls_snprintf( p, n, "\n" );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    return( (int) ( size - n ) );
-}
-
-struct x509_crt_verify_string {
-    int code;
-    const char *string;
-};
-
-static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
-    { MBEDTLS_X509_BADCERT_EXPIRED,       "The certificate validity has expired" },
-    { MBEDTLS_X509_BADCERT_REVOKED,       "The certificate has been revoked (is on a CRL)" },
-    { MBEDTLS_X509_BADCERT_CN_MISMATCH,   "The certificate Common Name (CN) does not match with the expected CN" },
-    { MBEDTLS_X509_BADCERT_NOT_TRUSTED,   "The certificate is not correctly signed by the trusted CA" },
-    { MBEDTLS_X509_BADCRL_NOT_TRUSTED,    "The CRL is not correctly signed by the trusted CA" },
-    { MBEDTLS_X509_BADCRL_EXPIRED,        "The CRL is expired" },
-    { MBEDTLS_X509_BADCERT_MISSING,       "Certificate was missing" },
-    { MBEDTLS_X509_BADCERT_SKIP_VERIFY,   "Certificate verification was skipped" },
-    { MBEDTLS_X509_BADCERT_OTHER,         "Other reason (can be used by verify callback)" },
-    { MBEDTLS_X509_BADCERT_FUTURE,        "The certificate validity starts in the future" },
-    { MBEDTLS_X509_BADCRL_FUTURE,         "The CRL is from the future" },
-    { MBEDTLS_X509_BADCERT_KEY_USAGE,     "Usage does not match the keyUsage extension" },
-    { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
-    { MBEDTLS_X509_BADCERT_NS_CERT_TYPE,  "Usage does not match the nsCertType extension" },
-    { MBEDTLS_X509_BADCERT_BAD_MD,        "The certificate is signed with an unacceptable hash." },
-    { MBEDTLS_X509_BADCERT_BAD_PK,        "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
-    { MBEDTLS_X509_BADCERT_BAD_KEY,       "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." },
-    { MBEDTLS_X509_BADCRL_BAD_MD,         "The CRL is signed with an unacceptable hash." },
-    { MBEDTLS_X509_BADCRL_BAD_PK,         "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." },
-    { MBEDTLS_X509_BADCRL_BAD_KEY,        "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." },
-    { 0, NULL }
-};
-
-int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
-                          uint32_t flags )
-{
-    int ret;
-    const struct x509_crt_verify_string *cur;
-    char *p = buf;
-    size_t n = size;
-
-    for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ )
-    {
-        if( ( flags & cur->code ) == 0 )
-            continue;
-
-        ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string );
-        MBEDTLS_X509_SAFE_SNPRINTF;
-        flags ^= cur->code;
-    }
-
-    if( flags != 0 )
-    {
-        ret = mbedtls_snprintf( p, n, "%sUnknown reason "
-                                       "(this should not happen)\n", prefix );
-        MBEDTLS_X509_SAFE_SNPRINTF;
-    }
-
-    return( (int) ( size - n ) );
-}
-
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
-int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
-                                      unsigned int usage )
-{
-    unsigned int usage_must, usage_may;
-    unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY
-                          | MBEDTLS_X509_KU_DECIPHER_ONLY;
-
-    if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 )
-        return( 0 );
-
-    usage_must = usage & ~may_mask;
-
-    if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-
-    usage_may = usage & may_mask;
-
-    if( ( ( crt->key_usage & may_mask ) | usage_may ) != usage_may )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-
-    return( 0 );
-}
-#endif
-
-#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
-int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
-                                       const char *usage_oid,
-                                       size_t usage_len )
-{
-    const mbedtls_x509_sequence *cur;
-
-    /* Extension is not mandatory, absent means no restriction */
-    if( ( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) == 0 )
-        return( 0 );
-
-    /*
-     * Look for the requested usage (or wildcard ANY) in our list
-     */
-    for( cur = &crt->ext_key_usage; cur != NULL; cur = cur->next )
-    {
-        const mbedtls_x509_buf *cur_oid = &cur->buf;
-
-        if( cur_oid->len == usage_len &&
-            memcmp( cur_oid->p, usage_oid, usage_len ) == 0 )
-        {
-            return( 0 );
-        }
-
-        if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid ) == 0 )
-            return( 0 );
-    }
-
-    return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-}
-#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
-
-#if defined(MBEDTLS_X509_CRL_PARSE_C)
-/*
- * Return 1 if the certificate is revoked, or 0 otherwise.
- */
-int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl )
-{
-    const mbedtls_x509_crl_entry *cur = &crl->entry;
-
-    while( cur != NULL && cur->serial.len != 0 )
-    {
-        if( crt->serial.len == cur->serial.len &&
-            memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 )
-        {
-            if( mbedtls_x509_time_is_past( &cur->revocation_date ) )
-                return( 1 );
-        }
-
-        cur = cur->next;
-    }
-
-    return( 0 );
-}
-
-/*
- * Check that the given certificate is not revoked according to the CRL.
- * Skip validation is no CRL for the given CA is present.
- */
-static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
-                               mbedtls_x509_crl *crl_list,
-                               const mbedtls_x509_crt_profile *profile )
-{
-    int flags = 0;
-    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-    const mbedtls_md_info_t *md_info;
-
-    if( ca == NULL )
-        return( flags );
-
-    while( crl_list != NULL )
-    {
-        if( crl_list->version == 0 ||
-            crl_list->issuer_raw.len != ca->subject_raw.len ||
-            memcmp( crl_list->issuer_raw.p, ca->subject_raw.p,
-                    crl_list->issuer_raw.len ) != 0 )
-        {
-            crl_list = crl_list->next;
-            continue;
-        }
-
-        /*
-         * Check if the CA is configured to sign CRLs
-         */
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
-        if( mbedtls_x509_crt_check_key_usage( ca, MBEDTLS_X509_KU_CRL_SIGN ) != 0 )
-        {
-            flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
-            break;
-        }
-#endif
-
-        /*
-         * Check if CRL is correctly signed by the trusted CA
-         */
-        if( x509_profile_check_md_alg( profile, crl_list->sig_md ) != 0 )
-            flags |= MBEDTLS_X509_BADCRL_BAD_MD;
-
-        if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 )
-            flags |= MBEDTLS_X509_BADCRL_BAD_PK;
-
-        md_info = mbedtls_md_info_from_type( crl_list->sig_md );
-        if( md_info == NULL )
-        {
-            /*
-             * Cannot check 'unknown' hash
-             */
-            flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
-            break;
-        }
-
-        mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
-
-        if( x509_profile_check_key( profile, crl_list->sig_pk, &ca->pk ) != 0 )
-            flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
-
-        if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
-                           crl_list->sig_md, hash, mbedtls_md_get_size( md_info ),
-                           crl_list->sig.p, crl_list->sig.len ) != 0 )
-        {
-            flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
-            break;
-        }
-
-        /*
-         * Check for validity of CRL (Do not drop out)
-         */
-        if( mbedtls_x509_time_is_past( &crl_list->next_update ) )
-            flags |= MBEDTLS_X509_BADCRL_EXPIRED;
-
-        if( mbedtls_x509_time_is_future( &crl_list->this_update ) )
-            flags |= MBEDTLS_X509_BADCRL_FUTURE;
-
-        /*
-         * Check if certificate is revoked
-         */
-        if( mbedtls_x509_crt_is_revoked( crt, crl_list ) )
-        {
-            flags |= MBEDTLS_X509_BADCERT_REVOKED;
-            break;
-        }
-
-        crl_list = crl_list->next;
-    }
-
-    return( flags );
-}
-#endif /* MBEDTLS_X509_CRL_PARSE_C */
-
-/*
- * Like memcmp, but case-insensitive and always returns -1 if different
- */
-static int x509_memcasecmp( const void *s1, const void *s2, size_t len )
-{
-    size_t i;
-    unsigned char diff;
-    const unsigned char *n1 = s1, *n2 = s2;
-
-    for( i = 0; i < len; i++ )
-    {
-        diff = n1[i] ^ n2[i];
-
-        if( diff == 0 )
-            continue;
-
-        if( diff == 32 &&
-            ( ( n1[i] >= 'a' && n1[i] <= 'z' ) ||
-              ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) )
-        {
-            continue;
-        }
-
-        return( -1 );
-    }
-
-    return( 0 );
-}
-
-/*
- * Return 0 if name matches wildcard, -1 otherwise
- */
-static int x509_check_wildcard( const char *cn, mbedtls_x509_buf *name )
-{
-    size_t i;
-    size_t cn_idx = 0, cn_len = strlen( cn );
-
-    if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' )
-        return( 0 );
-
-    for( i = 0; i < cn_len; ++i )
-    {
-        if( cn[i] == '.' )
-        {
-            cn_idx = i;
-            break;
-        }
-    }
-
-    if( cn_idx == 0 )
-        return( -1 );
-
-    if( cn_len - cn_idx == name->len - 1 &&
-        x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 )
-    {
-        return( 0 );
-    }
-
-    return( -1 );
-}
-
-/*
- * Compare two X.509 strings, case-insensitive, and allowing for some encoding
- * variations (but not all).
- *
- * Return 0 if equal, -1 otherwise.
- */
-static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b )
-{
-    if( a->tag == b->tag &&
-        a->len == b->len &&
-        memcmp( a->p, b->p, b->len ) == 0 )
-    {
-        return( 0 );
-    }
-
-    if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
-        ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) &&
-        a->len == b->len &&
-        x509_memcasecmp( a->p, b->p, b->len ) == 0 )
-    {
-        return( 0 );
-    }
-
-    return( -1 );
-}
-
-/*
- * Compare two X.509 Names (aka rdnSequence).
- *
- * See RFC 5280 section 7.1, though we don't implement the whole algorithm:
- * we sometimes return unequal when the full algorithm would return equal,
- * but never the other way. (In particular, we don't do Unicode normalisation
- * or space folding.)
- *
- * Return 0 if equal, -1 otherwise.
- */
-static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b )
-{
-    /* Avoid recursion, it might not be optimised by the compiler */
-    while( a != NULL || b != NULL )
-    {
-        if( a == NULL || b == NULL )
-            return( -1 );
-
-        /* type */
-        if( a->oid.tag != b->oid.tag ||
-            a->oid.len != b->oid.len ||
-            memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 )
-        {
-            return( -1 );
-        }
-
-        /* value */
-        if( x509_string_cmp( &a->val, &b->val ) != 0 )
-            return( -1 );
-
-        /* structure of the list of sets */
-        if( a->next_merged != b->next_merged )
-            return( -1 );
-
-        a = a->next;
-        b = b->next;
-    }
-
-    /* a == NULL == b */
-    return( 0 );
-}
-
-/*
- * Check if 'parent' is a suitable parent (signing CA) for 'child'.
- * Return 0 if yes, -1 if not.
- *
- * top means parent is a locally-trusted certificate
- * bottom means child is the end entity cert
- */
-static int x509_crt_check_parent( const mbedtls_x509_crt *child,
-                                  const mbedtls_x509_crt *parent,
-                                  int top, int bottom )
-{
-    int need_ca_bit;
-
-    /* Parent must be the issuer */
-    if( x509_name_cmp( &child->issuer, &parent->subject ) != 0 )
-        return( -1 );
-
-    /* Parent must have the basicConstraints CA bit set as a general rule */
-    need_ca_bit = 1;
-
-    /* Exception: v1/v2 certificates that are locally trusted. */
-    if( top && parent->version < 3 )
-        need_ca_bit = 0;
-
-    /* Exception: self-signed end-entity certs that are locally trusted. */
-    if( top && bottom &&
-        child->raw.len == parent->raw.len &&
-        memcmp( child->raw.p, parent->raw.p, child->raw.len ) == 0 )
-    {
-        need_ca_bit = 0;
-    }
-
-    if( need_ca_bit && ! parent->ca_istrue )
-        return( -1 );
-
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
-    if( need_ca_bit &&
-        mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 )
-    {
-        return( -1 );
-    }
-#endif
-
-    return( 0 );
-}
-
-static int x509_crt_verify_top(
-                mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca,
-                mbedtls_x509_crl *ca_crl,
-                const mbedtls_x509_crt_profile *profile,
-                int path_cnt, int self_cnt, uint32_t *flags,
-                int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                void *p_vrfy )
-{
-    int ret;
-    uint32_t ca_flags = 0;
-    int check_path_cnt;
-    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-    const mbedtls_md_info_t *md_info;
-    mbedtls_x509_crt *future_past_ca = NULL;
-
-    if( mbedtls_x509_time_is_past( &child->valid_to ) )
-        *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
-
-    if( mbedtls_x509_time_is_future( &child->valid_from ) )
-        *flags |= MBEDTLS_X509_BADCERT_FUTURE;
-
-    if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
-        *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
-
-    if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
-        *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
-
-    /*
-     * Child is the top of the chain. Check against the trust_ca list.
-     */
-    *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
-
-    md_info = mbedtls_md_info_from_type( child->sig_md );
-    if( md_info == NULL )
-    {
-        /*
-         * Cannot check 'unknown', no need to try any CA
-         */
-        trust_ca = NULL;
-    }
-    else
-        mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash );
-
-    for( /* trust_ca */ ; trust_ca != NULL; trust_ca = trust_ca->next )
-    {
-        if( x509_crt_check_parent( child, trust_ca, 1, path_cnt == 0 ) != 0 )
-            continue;
-
-        check_path_cnt = path_cnt + 1;
-
-        /*
-         * Reduce check_path_cnt to check against if top of the chain is
-         * the same as the trusted CA
-         */
-        if( child->subject_raw.len == trust_ca->subject_raw.len &&
-            memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
-                            child->issuer_raw.len ) == 0 )
-        {
-            check_path_cnt--;
-        }
-
-        /* Self signed certificates do not count towards the limit */
-        if( trust_ca->max_pathlen > 0 &&
-            trust_ca->max_pathlen < check_path_cnt - self_cnt )
-        {
-            continue;
-        }
-
-        if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &trust_ca->pk,
-                           child->sig_md, hash, mbedtls_md_get_size( md_info ),
-                           child->sig.p, child->sig.len ) != 0 )
-        {
-            continue;
-        }
-
-        if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) ||
-            mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
-        {
-            if ( future_past_ca == NULL )
-                future_past_ca = trust_ca;
-
-            continue;
-        }
-
-        break;
-    }
-
-    if( trust_ca != NULL || ( trust_ca = future_past_ca ) != NULL )
-    {
-        /*
-         * Top of chain is signed by a trusted CA
-         */
-        *flags &= ~MBEDTLS_X509_BADCERT_NOT_TRUSTED;
-
-        if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 )
-            *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
-    }
-
-    /*
-     * If top of chain is not the same as the trusted CA send a verify request
-     * to the callback for any issues with validity and CRL presence for the
-     * trusted CA certificate.
-     */
-    if( trust_ca != NULL &&
-        ( child->subject_raw.len != trust_ca->subject_raw.len ||
-          memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
-                            child->issuer_raw.len ) != 0 ) )
-    {
-#if defined(MBEDTLS_X509_CRL_PARSE_C)
-        /* Check trusted CA's CRL for the chain's top crt */
-        *flags |= x509_crt_verifycrl( child, trust_ca, ca_crl, profile );
-#else
-        ((void) ca_crl);
-#endif
-
-        if( mbedtls_x509_time_is_past( &trust_ca->valid_to ) )
-            ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED;
-
-        if( mbedtls_x509_time_is_future( &trust_ca->valid_from ) )
-            ca_flags |= MBEDTLS_X509_BADCERT_FUTURE;
-
-        if( NULL != f_vrfy )
-        {
-            if( ( ret = f_vrfy( p_vrfy, trust_ca, path_cnt + 1,
-                                &ca_flags ) ) != 0 )
-            {
-                return( ret );
-            }
-        }
-    }
-
-    /* Call callback on top cert */
-    if( NULL != f_vrfy )
-    {
-        if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
-            return( ret );
-    }
-
-    *flags |= ca_flags;
-
-    return( 0 );
-}
-
-static int x509_crt_verify_child(
-                mbedtls_x509_crt *child, mbedtls_x509_crt *parent,
-                mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl,
-                const mbedtls_x509_crt_profile *profile,
-                int path_cnt, int self_cnt, uint32_t *flags,
-                int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                void *p_vrfy )
-{
-    int ret;
-    uint32_t parent_flags = 0;
-    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-    mbedtls_x509_crt *grandparent;
-    const mbedtls_md_info_t *md_info;
-
-    /* Counting intermediate self signed certificates */
-    if( ( path_cnt != 0 ) && x509_name_cmp( &child->issuer, &child->subject ) == 0 )
-        self_cnt++;
-
-    /* path_cnt is 0 for the first intermediate CA */
-    if( 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
-    {
-        /* return immediately as the goal is to avoid unbounded recursion */
-        return( MBEDTLS_ERR_X509_FATAL_ERROR );
-    }
-
-    if( mbedtls_x509_time_is_past( &child->valid_to ) )
-        *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
-
-    if( mbedtls_x509_time_is_future( &child->valid_from ) )
-        *flags |= MBEDTLS_X509_BADCERT_FUTURE;
-
-    if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
-        *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
-
-    if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
-        *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
-
-    md_info = mbedtls_md_info_from_type( child->sig_md );
-    if( md_info == NULL )
-    {
-        /*
-         * Cannot check 'unknown' hash
-         */
-        *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
-    }
-    else
-    {
-        mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash );
-
-        if( x509_profile_check_key( profile, child->sig_pk, &parent->pk ) != 0 )
-            *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
-
-        if( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk,
-                           child->sig_md, hash, mbedtls_md_get_size( md_info ),
-                           child->sig.p, child->sig.len ) != 0 )
-        {
-            *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
-        }
-    }
-
-#if defined(MBEDTLS_X509_CRL_PARSE_C)
-    /* Check trusted CA's CRL for the given crt */
-    *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile );
-#endif
-
-    /* Look for a grandparent in trusted CAs */
-    for( grandparent = trust_ca;
-         grandparent != NULL;
-         grandparent = grandparent->next )
-    {
-        if( x509_crt_check_parent( parent, grandparent,
-                                   0, path_cnt == 0 ) == 0 )
-            break;
-    }
-
-    if( grandparent != NULL )
-    {
-        ret = x509_crt_verify_top( parent, grandparent, ca_crl, profile,
-                                path_cnt + 1, self_cnt, &parent_flags, f_vrfy, p_vrfy );
-        if( ret != 0 )
-            return( ret );
-    }
-    else
-    {
-        /* Look for a grandparent upwards the chain */
-        for( grandparent = parent->next;
-             grandparent != NULL;
-             grandparent = grandparent->next )
-        {
-            /* +2 because the current step is not yet accounted for
-             * and because max_pathlen is one higher than it should be.
-             * Also self signed certificates do not count to the limit. */
-            if( grandparent->max_pathlen > 0 &&
-                grandparent->max_pathlen < 2 + path_cnt - self_cnt )
-            {
-                continue;
-            }
-
-            if( x509_crt_check_parent( parent, grandparent,
-                                       0, path_cnt == 0 ) == 0 )
-                break;
-        }
-
-        /* Is our parent part of the chain or at the top? */
-        if( grandparent != NULL )
-        {
-            ret = x509_crt_verify_child( parent, grandparent, trust_ca, ca_crl,
-                                         profile, path_cnt + 1, self_cnt, &parent_flags,
-                                         f_vrfy, p_vrfy );
-            if( ret != 0 )
-                return( ret );
-        }
-        else
-        {
-            ret = x509_crt_verify_top( parent, trust_ca, ca_crl, profile,
-                                       path_cnt + 1, self_cnt, &parent_flags,
-                                       f_vrfy, p_vrfy );
-            if( ret != 0 )
-                return( ret );
-        }
-    }
-
-    /* child is verified to be a child of the parent, call verify callback */
-    if( NULL != f_vrfy )
-        if( ( ret = f_vrfy( p_vrfy, child, path_cnt, flags ) ) != 0 )
-            return( ret );
-
-    *flags |= parent_flags;
-
-    return( 0 );
-}
-
-/*
- * Verify the certificate validity
- */
-int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt *trust_ca,
-                     mbedtls_x509_crl *ca_crl,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy )
-{
-    return( mbedtls_x509_crt_verify_with_profile( crt, trust_ca, ca_crl,
-                &mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) );
-}
-
-
-/*
- * Verify the certificate validity, with profile
- */
-int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt *trust_ca,
-                     mbedtls_x509_crl *ca_crl,
-                     const mbedtls_x509_crt_profile *profile,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy )
-{
-    size_t cn_len;
-    int ret;
-    int pathlen = 0, selfsigned = 0;
-    mbedtls_x509_crt *parent;
-    mbedtls_x509_name *name;
-    mbedtls_x509_sequence *cur = NULL;
-    mbedtls_pk_type_t pk_type;
-
-    *flags = 0;
-
-    if( profile == NULL )
-    {
-        ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
-        goto exit;
-    }
-
-    if( cn != NULL )
-    {
-        name = &crt->subject;
-        cn_len = strlen( cn );
-
-        if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
-        {
-            cur = &crt->subject_alt_names;
-
-            while( cur != NULL )
-            {
-                if( cur->buf.len == cn_len &&
-                    x509_memcasecmp( cn, cur->buf.p, cn_len ) == 0 )
-                    break;
-
-                if( cur->buf.len > 2 &&
-                    memcmp( cur->buf.p, "*.", 2 ) == 0 &&
-                    x509_check_wildcard( cn, &cur->buf ) == 0 )
-                {
-                    break;
-                }
-
-                cur = cur->next;
-            }
-
-            if( cur == NULL )
-                *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
-        }
-        else
-        {
-            while( name != NULL )
-            {
-                if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 )
-                {
-                    if( name->val.len == cn_len &&
-                        x509_memcasecmp( name->val.p, cn, cn_len ) == 0 )
-                        break;
-
-                    if( name->val.len > 2 &&
-                        memcmp( name->val.p, "*.", 2 ) == 0 &&
-                        x509_check_wildcard( cn, &name->val ) == 0 )
-                        break;
-                }
-
-                name = name->next;
-            }
-
-            if( name == NULL )
-                *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
-        }
-    }
-
-    /* Check the type and size of the key */
-    pk_type = mbedtls_pk_get_type( &crt->pk );
-
-    if( x509_profile_check_pk_alg( profile, pk_type ) != 0 )
-        *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
-
-    if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 )
-        *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
-
-    /* Look for a parent in trusted CAs */
-    for( parent = trust_ca; parent != NULL; parent = parent->next )
-    {
-        if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
-            break;
-    }
-
-    if( parent != NULL )
-    {
-        ret = x509_crt_verify_top( crt, parent, ca_crl, profile,
-                                   pathlen, selfsigned, flags, f_vrfy, p_vrfy );
-        if( ret != 0 )
-            goto exit;
-    }
-    else
-    {
-        /* Look for a parent upwards the chain */
-        for( parent = crt->next; parent != NULL; parent = parent->next )
-            if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
-                break;
-
-        /* Are we part of the chain or at the top? */
-        if( parent != NULL )
-        {
-            ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile,
-                                         pathlen, selfsigned, flags, f_vrfy, p_vrfy );
-            if( ret != 0 )
-                goto exit;
-        }
-        else
-        {
-            ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile,
-                                       pathlen, selfsigned, flags, f_vrfy, p_vrfy );
-            if( ret != 0 )
-                goto exit;
-        }
-    }
-
-exit:
-    /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
-     * the SSL module for authmode optional, but non-zero return from the
-     * callback means a fatal error so it shouldn't be ignored */
-    if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
-        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
-
-    if( ret != 0 )
-    {
-        *flags = (uint32_t) -1;
-        return( ret );
-    }
-
-    if( *flags != 0 )
-        return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
-
-    return( 0 );
-}
-
-/*
- * Initialize a certificate chain
- */
-void mbedtls_x509_crt_init( mbedtls_x509_crt *crt )
-{
-    memset( crt, 0, sizeof(mbedtls_x509_crt) );
-}
-
-/*
- * Unallocate all certificate data
- */
-void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
-{
-    mbedtls_x509_crt *cert_cur = crt;
-    mbedtls_x509_crt *cert_prv;
-    mbedtls_x509_name *name_cur;
-    mbedtls_x509_name *name_prv;
-    mbedtls_x509_sequence *seq_cur;
-    mbedtls_x509_sequence *seq_prv;
-
-    if( crt == NULL )
-        return;
-
-    do
-    {
-        mbedtls_pk_free( &cert_cur->pk );
-
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-        mbedtls_free( cert_cur->sig_opts );
-#endif
-
-        name_cur = cert_cur->issuer.next;
-        while( name_cur != NULL )
-        {
-            name_prv = name_cur;
-            name_cur = name_cur->next;
-            mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
-            mbedtls_free( name_prv );
-        }
-
-        name_cur = cert_cur->subject.next;
-        while( name_cur != NULL )
-        {
-            name_prv = name_cur;
-            name_cur = name_cur->next;
-            mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
-            mbedtls_free( name_prv );
-        }
-
-        seq_cur = cert_cur->ext_key_usage.next;
-        while( seq_cur != NULL )
-        {
-            seq_prv = seq_cur;
-            seq_cur = seq_cur->next;
-            mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) );
-            mbedtls_free( seq_prv );
-        }
-
-        seq_cur = cert_cur->subject_alt_names.next;
-        while( seq_cur != NULL )
-        {
-            seq_prv = seq_cur;
-            seq_cur = seq_cur->next;
-            mbedtls_zeroize( seq_prv, sizeof( mbedtls_x509_sequence ) );
-            mbedtls_free( seq_prv );
-        }
-
-        if( cert_cur->raw.p != NULL )
-        {
-            mbedtls_zeroize( cert_cur->raw.p, cert_cur->raw.len );
-            mbedtls_free( cert_cur->raw.p );
-        }
-
-        cert_cur = cert_cur->next;
-    }
-    while( cert_cur != NULL );
-
-    cert_cur = crt;
-    do
-    {
-        cert_prv = cert_cur;
-        cert_cur = cert_cur->next;
-
-        mbedtls_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) );
-        if( cert_prv != crt )
-            mbedtls_free( cert_prv );
-    }
-    while( cert_cur != NULL );
-}
-
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/x509_csr.c b/components/ssl/mbedtls/mbedtls/library/x509_csr.c
deleted file mode 100644
index 26a06db4..00000000
--- a/components/ssl/mbedtls/mbedtls/library/x509_csr.c
+++ /dev/null
@@ -1,423 +0,0 @@
-/*
- *  X.509 Certificate Signing Request (CSR) parsing
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  The ITU-T X.509 standard defines a certificate format for PKI.
- *
- *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
- *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
- *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
- *
- *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
- *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_X509_CSR_PARSE_C)
-
-#include "mbedtls/x509_csr.h"
-#include "mbedtls/oid.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-#include "mbedtls/pem.h"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdlib.h>
-#include <stdio.h>
-#define mbedtls_free       free
-#define mbedtls_calloc    calloc
-#define mbedtls_snprintf   snprintf
-#endif
-
-#if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
-#include <stdio.h>
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- *  Version  ::=  INTEGER  {  v1(0)  }
- */
-static int x509_csr_get_version( unsigned char **p,
-                             const unsigned char *end,
-                             int *ver )
-{
-    int ret;
-
-    if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
-    {
-        if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        {
-            *ver = 0;
-            return( 0 );
-        }
-
-        return( MBEDTLS_ERR_X509_INVALID_VERSION + ret );
-    }
-
-    return( 0 );
-}
-
-/*
- * Parse a CSR in DER format
- */
-int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
-                        const unsigned char *buf, size_t buflen )
-{
-    int ret;
-    size_t len;
-    unsigned char *p, *end;
-    mbedtls_x509_buf sig_params;
-
-    memset( &sig_params, 0, sizeof( mbedtls_x509_buf ) );
-
-    /*
-     * Check for valid input
-     */
-    if( csr == NULL || buf == NULL || buflen == 0 )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-
-    mbedtls_x509_csr_init( csr );
-
-    /*
-     * first copy the raw DER data
-     */
-    p = mbedtls_calloc( 1, len = buflen );
-
-    if( p == NULL )
-        return( MBEDTLS_ERR_X509_ALLOC_FAILED );
-
-    memcpy( p, buf, buflen );
-
-    csr->raw.p = p;
-    csr->raw.len = len;
-    end = p + len;
-
-    /*
-     *  CertificationRequest ::= SEQUENCE {
-     *       certificationRequestInfo CertificationRequestInfo,
-     *       signatureAlgorithm AlgorithmIdentifier,
-     *       signature          BIT STRING
-     *  }
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT );
-    }
-
-    if( len != (size_t) ( end - p ) )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-    }
-
-    /*
-     *  CertificationRequestInfo ::= SEQUENCE {
-     */
-    csr->cri.p = p;
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
-    }
-
-    end = p + len;
-    csr->cri.len = end - csr->cri.p;
-
-    /*
-     *  Version  ::=  INTEGER {  v1(0) }
-     */
-    if( ( ret = x509_csr_get_version( &p, end, &csr->version ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( ret );
-    }
-
-    if( csr->version != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
-    }
-
-    csr->version++;
-
-    /*
-     *  subject               Name
-     */
-    csr->subject_raw.p = p;
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
-    }
-
-    if( ( ret = mbedtls_x509_get_name( &p, p + len, &csr->subject ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( ret );
-    }
-
-    csr->subject_raw.len = p - csr->subject_raw.p;
-
-    /*
-     *  subjectPKInfo SubjectPublicKeyInfo
-     */
-    if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &csr->pk ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( ret );
-    }
-
-    /*
-     *  attributes    [0] Attributes
-     *
-     *  The list of possible attributes is open-ended, though RFC 2985
-     *  (PKCS#9) defines a few in section 5.4. We currently don't support any,
-     *  so we just ignore them. This is a safe thing to do as the worst thing
-     *  that could happen is that we issue a certificate that does not match
-     *  the requester's expectations - this cannot cause a violation of our
-     *  signature policies.
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
-    }
-
-    p += len;
-
-    end = csr->raw.p + csr->raw.len;
-
-    /*
-     *  signatureAlgorithm   AlgorithmIdentifier,
-     *  signature            BIT STRING
-     */
-    if( ( ret = mbedtls_x509_get_alg( &p, end, &csr->sig_oid, &sig_params ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( ret );
-    }
-
-    if( ( ret = mbedtls_x509_get_sig_alg( &csr->sig_oid, &sig_params,
-                                  &csr->sig_md, &csr->sig_pk,
-                                  &csr->sig_opts ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG );
-    }
-
-    if( ( ret = mbedtls_x509_get_sig( &p, end, &csr->sig ) ) != 0 )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( ret );
-    }
-
-    if( p != end )
-    {
-        mbedtls_x509_csr_free( csr );
-        return( MBEDTLS_ERR_X509_INVALID_FORMAT +
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-    }
-
-    return( 0 );
-}
-
-/*
- * Parse a CSR, allowing for PEM or raw DER encoding
- */
-int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen )
-{
-#if defined(MBEDTLS_PEM_PARSE_C)
-    int ret;
-    size_t use_len;
-    mbedtls_pem_context pem;
-#endif
-
-    /*
-     * Check for valid input
-     */
-    if( csr == NULL || buf == NULL || buflen == 0 )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-    mbedtls_pem_init( &pem );
-
-    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( buf[buflen - 1] != '\0' )
-        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN CERTIFICATE REQUEST-----",
-                               "-----END CERTIFICATE REQUEST-----",
-                               buf, NULL, 0, &use_len );
-
-    if( ret == 0 )
-    {
-        /*
-         * Was PEM encoded, parse the result
-         */
-        if( ( ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen ) ) != 0 )
-            return( ret );
-
-        mbedtls_pem_free( &pem );
-        return( 0 );
-    }
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-    {
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-    else
-#endif /* MBEDTLS_PEM_PARSE_C */
-    return( mbedtls_x509_csr_parse_der( csr, buf, buflen ) );
-}
-
-#if defined(MBEDTLS_FS_IO)
-/*
- * Load a CSR into the structure
- */
-int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path )
-{
-    int ret;
-    size_t n;
-    unsigned char *buf;
-
-    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
-        return( ret );
-
-    ret = mbedtls_x509_csr_parse( csr, buf, n );
-
-    mbedtls_zeroize( buf, n );
-    mbedtls_free( buf );
-
-    return( ret );
-}
-#endif /* MBEDTLS_FS_IO */
-
-#define BEFORE_COLON    14
-#define BC              "14"
-/*
- * Return an informational string about the CSR.
- */
-int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
-                   const mbedtls_x509_csr *csr )
-{
-    int ret;
-    size_t n;
-    char *p;
-    char key_size_str[BEFORE_COLON];
-
-    p = buf;
-    n = size;
-
-    ret = mbedtls_snprintf( p, n, "%sCSR version   : %d",
-                               prefix, csr->version );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_snprintf( p, n, "\n%ssubject name  : ", prefix );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-    ret = mbedtls_x509_dn_gets( p, n, &csr->subject );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_snprintf( p, n, "\n%ssigned using  : ", prefix );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    ret = mbedtls_x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md,
-                             csr->sig_opts );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
-                                      mbedtls_pk_get_name( &csr->pk ) ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
-                          (int) mbedtls_pk_get_bitlen( &csr->pk ) );
-    MBEDTLS_X509_SAFE_SNPRINTF;
-
-    return( (int) ( size - n ) );
-}
-
-/*
- * Initialize a CSR
- */
-void mbedtls_x509_csr_init( mbedtls_x509_csr *csr )
-{
-    memset( csr, 0, sizeof(mbedtls_x509_csr) );
-}
-
-/*
- * Unallocate all CSR data
- */
-void mbedtls_x509_csr_free( mbedtls_x509_csr *csr )
-{
-    mbedtls_x509_name *name_cur;
-    mbedtls_x509_name *name_prv;
-
-    if( csr == NULL )
-        return;
-
-    mbedtls_pk_free( &csr->pk );
-
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-    mbedtls_free( csr->sig_opts );
-#endif
-
-    name_cur = csr->subject.next;
-    while( name_cur != NULL )
-    {
-        name_prv = name_cur;
-        name_cur = name_cur->next;
-        mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
-        mbedtls_free( name_prv );
-    }
-
-    if( csr->raw.p != NULL )
-    {
-        mbedtls_zeroize( csr->raw.p, csr->raw.len );
-        mbedtls_free( csr->raw.p );
-    }
-
-    mbedtls_zeroize( csr, sizeof( mbedtls_x509_csr ) );
-}
-
-#endif /* MBEDTLS_X509_CSR_PARSE_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/x509write_crt.c b/components/ssl/mbedtls/mbedtls/library/x509write_crt.c
deleted file mode 100644
index 41dfe87b..00000000
--- a/components/ssl/mbedtls/mbedtls/library/x509write_crt.c
+++ /dev/null
@@ -1,485 +0,0 @@
-/*
- *  X.509 certificate writing
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- * References:
- * - certificates: RFC 5280, updated by RFC 6818
- * - CSRs: PKCS#10 v1.7 aka RFC 2986
- * - attributes: PKCS#9 v2.0 aka RFC 2985
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_X509_CRT_WRITE_C)
-
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/asn1write.h"
-#include "mbedtls/sha1.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-#include "mbedtls/pem.h"
-#endif /* MBEDTLS_PEM_WRITE_C */
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_x509write_cert ) );
-
-    mbedtls_mpi_init( &ctx->serial );
-    ctx->version = MBEDTLS_X509_CRT_VERSION_3;
-}
-
-void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx )
-{
-    mbedtls_mpi_free( &ctx->serial );
-
-    mbedtls_asn1_free_named_data_list( &ctx->subject );
-    mbedtls_asn1_free_named_data_list( &ctx->issuer );
-    mbedtls_asn1_free_named_data_list( &ctx->extensions );
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_cert ) );
-}
-
-void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version )
-{
-    ctx->version = version;
-}
-
-void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg )
-{
-    ctx->md_alg = md_alg;
-}
-
-void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key )
-{
-    ctx->subject_key = key;
-}
-
-void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key )
-{
-    ctx->issuer_key = key;
-}
-
-int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
-                                    const char *subject_name )
-{
-    return mbedtls_x509_string_to_names( &ctx->subject, subject_name );
-}
-
-int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
-                                   const char *issuer_name )
-{
-    return mbedtls_x509_string_to_names( &ctx->issuer, issuer_name );
-}
-
-int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial )
-{
-    int ret;
-
-    if( ( ret = mbedtls_mpi_copy( &ctx->serial, serial ) ) != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
-                                const char *not_after )
-{
-    if( strlen( not_before ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 ||
-        strlen( not_after )  != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 )
-    {
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-    }
-    strncpy( ctx->not_before, not_before, MBEDTLS_X509_RFC5280_UTC_TIME_LEN );
-    strncpy( ctx->not_after , not_after , MBEDTLS_X509_RFC5280_UTC_TIME_LEN );
-    ctx->not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z';
-    ctx->not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z';
-
-    return( 0 );
-}
-
-int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
-                                 const char *oid, size_t oid_len,
-                                 int critical,
-                                 const unsigned char *val, size_t val_len )
-{
-    return mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len,
-                               critical, val, val_len );
-}
-
-int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
-                                         int is_ca, int max_pathlen )
-{
-    int ret;
-    unsigned char buf[9];
-    unsigned char *c = buf + sizeof(buf);
-    size_t len = 0;
-
-    memset( buf, 0, sizeof(buf) );
-
-    if( is_ca && max_pathlen > 127 )
-        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
-
-    if( is_ca )
-    {
-        if( max_pathlen >= 0 )
-        {
-            MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, max_pathlen ) );
-        }
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( &c, buf, 1 ) );
-    }
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                MBEDTLS_ASN1_SEQUENCE ) );
-
-    return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS,
-                                        MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ),
-                                        0, buf + sizeof(buf) - len, len );
-}
-
-#if defined(MBEDTLS_SHA1_C)
-int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx )
-{
-    int ret;
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
-    unsigned char *c = buf + sizeof(buf);
-    size_t len = 0;
-
-    memset( buf, 0, sizeof(buf) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) );
-
-    ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len,
-                            buf + sizeof( buf ) - 20 );
-    if( ret != 0 )
-        return( ret );
-    c = buf + sizeof( buf ) - 20;
-    len = 20;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_OCTET_STRING ) );
-
-    return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
-                                        MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ),
-                                        0, buf + sizeof(buf) - len, len );
-}
-
-int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx )
-{
-    int ret;
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
-    unsigned char *c = buf + sizeof( buf );
-    size_t len = 0;
-
-    memset( buf, 0, sizeof(buf) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) );
-
-    ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len,
-                            buf + sizeof( buf ) - 20 );
-    if( ret != 0 )
-        return( ret );
-    c = buf + sizeof( buf ) - 20;
-    len = 20;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0 ) );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                MBEDTLS_ASN1_SEQUENCE ) );
-
-    return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
-                                   MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
-                                   0, buf + sizeof( buf ) - len, len );
-}
-#endif /* MBEDTLS_SHA1_C */
-
-int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
-                                         unsigned int key_usage )
-{
-    unsigned char buf[4], ku;
-    unsigned char *c;
-    int ret;
-
-    /* We currently only support 7 bits, from 0x80 to 0x02 */
-    if( ( key_usage & ~0xfe ) != 0 )
-        return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
-
-    c = buf + 4;
-    ku = (unsigned char) key_usage;
-
-    if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ku, 7 ) ) != 4 )
-        return( ret );
-
-    ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
-                                       MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
-                                       1, buf, 4 );
-    if( ret != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
-                                    unsigned char ns_cert_type )
-{
-    unsigned char buf[4];
-    unsigned char *c;
-    int ret;
-
-    c = buf + 4;
-
-    if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
-        return( ret );
-
-    ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
-                                       MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
-                                       0, buf, 4 );
-    if( ret != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-static int x509_write_time( unsigned char **p, unsigned char *start,
-                            const char *t, size_t size )
-{
-    int ret;
-    size_t len = 0;
-
-    /*
-     * write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter)
-     */
-    if( t[0] == '2' && t[1] == '0' && t[2] < '5' )
-    {
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
-                                             (const unsigned char *) t + 2,
-                                             size - 2 ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_UTC_TIME ) );
-    }
-    else
-    {
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
-                                                  (const unsigned char *) t,
-                                                  size ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_GENERALIZED_TIME ) );
-    }
-
-    return( (int) len );
-}
-
-int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng )
-{
-    int ret;
-    const char *sig_oid;
-    size_t sig_oid_len = 0;
-    unsigned char *c, *c2;
-    unsigned char hash[64];
-    unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
-    unsigned char tmp_buf[2048];
-    size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
-    size_t len = 0;
-    mbedtls_pk_type_t pk_alg;
-
-    /*
-     * Prepare data to be signed in tmp_buf
-     */
-    c = tmp_buf + sizeof( tmp_buf );
-
-    /* Signature algorithm needed in TBS, and later for actual signature */
-
-    /* There's no direct way of extracting a signature algorithm
-     * (represented as an element of mbedtls_pk_type_t) from a PK instance. */
-    if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_RSA ) )
-        pk_alg = MBEDTLS_PK_RSA;
-    else if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_ECDSA ) )
-        pk_alg = MBEDTLS_PK_ECDSA;
-    else
-        return( MBEDTLS_ERR_X509_INVALID_ALG );
-
-    if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
-                                          &sig_oid, &sig_oid_len ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    /*
-     *  Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
-     */
-
-    /* Only for v3 */
-    if( ctx->version == MBEDTLS_X509_CRT_VERSION_3 )
-    {
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                           MBEDTLS_ASN1_SEQUENCE ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
-                                                           MBEDTLS_ASN1_CONSTRUCTED | 3 ) );
-    }
-
-    /*
-     *  SubjectPublicKeyInfo
-     */
-    MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->subject_key,
-                                                tmp_buf, c - tmp_buf ) );
-    c -= pub_len;
-    len += pub_len;
-
-    /*
-     *  Subject  ::=  Name
-     */
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->subject ) );
-
-    /*
-     *  Validity ::= SEQUENCE {
-     *       notBefore      Time,
-     *       notAfter       Time }
-     */
-    sub_len = 0;
-
-    MBEDTLS_ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_after,
-                                            MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
-
-    MBEDTLS_ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_before,
-                                            MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
-
-    len += sub_len;
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                    MBEDTLS_ASN1_SEQUENCE ) );
-
-    /*
-     *  Issuer  ::=  Name
-     */
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->issuer ) );
-
-    /*
-     *  Signature   ::=  AlgorithmIdentifier
-     */
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, tmp_buf,
-                       sig_oid, strlen( sig_oid ), 0 ) );
-
-    /*
-     *  Serial   ::=  INTEGER
-     */
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, tmp_buf, &ctx->serial ) );
-
-    /*
-     *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
-     */
-
-    /* Can be omitted for v1 */
-    if( ctx->version != MBEDTLS_X509_CRT_VERSION_1 )
-    {
-        sub_len = 0;
-        MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) );
-        len += sub_len;
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
-                                                           MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
-    }
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                       MBEDTLS_ASN1_SEQUENCE ) );
-
-    /*
-     * Make signature
-     */
-    if( ( ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c,
-                            len, hash ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg, hash, 0, sig, &sig_len,
-                         f_rng, p_rng ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    /*
-     * Write data to output buffer
-     */
-    c2 = buf + size;
-    MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf,
-                                        sig_oid, sig_oid_len, sig, sig_len ) );
-
-    if( len > (size_t)( c2 - buf ) )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    c2 -= len;
-    memcpy( c2, c, len );
-
-    len += sig_and_oid_len;
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                 MBEDTLS_ASN1_SEQUENCE ) );
-
-    return( (int) len );
-}
-
-#define PEM_BEGIN_CRT           "-----BEGIN CERTIFICATE-----\n"
-#define PEM_END_CRT             "-----END CERTIFICATE-----\n"
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt, unsigned char *buf, size_t size,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng )
-{
-    int ret;
-    unsigned char output_buf[4096];
-    size_t olen = 0;
-
-    if( ( ret = mbedtls_x509write_crt_der( crt, output_buf, sizeof(output_buf),
-                                   f_rng, p_rng ) ) < 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CRT, PEM_END_CRT,
-                                  output_buf + sizeof(output_buf) - ret,
-                                  ret, buf, size, &olen ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_PEM_WRITE_C */
-
-#endif /* MBEDTLS_X509_CRT_WRITE_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/x509write_csr.c b/components/ssl/mbedtls/mbedtls/library/x509write_csr.c
deleted file mode 100644
index e8005382..00000000
--- a/components/ssl/mbedtls/mbedtls/library/x509write_csr.c
+++ /dev/null
@@ -1,266 +0,0 @@
-/*
- *  X.509 Certificate Signing Request writing
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- * References:
- * - CSRs: PKCS#10 v1.7 aka RFC 2986
- * - attributes: PKCS#9 v2.0 aka RFC 2985
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_X509_CSR_WRITE_C)
-
-#include "mbedtls/x509_csr.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/asn1write.h"
-
-#include <string.h>
-#include <stdlib.h>
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-#include "mbedtls/pem.h"
-#endif
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_x509write_csr ) );
-}
-
-void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx )
-{
-    mbedtls_asn1_free_named_data_list( &ctx->subject );
-    mbedtls_asn1_free_named_data_list( &ctx->extensions );
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_csr ) );
-}
-
-void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg )
-{
-    ctx->md_alg = md_alg;
-}
-
-void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key )
-{
-    ctx->key = key;
-}
-
-int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
-                                    const char *subject_name )
-{
-    return mbedtls_x509_string_to_names( &ctx->subject, subject_name );
-}
-
-int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
-                                 const char *oid, size_t oid_len,
-                                 const unsigned char *val, size_t val_len )
-{
-    return mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len,
-                               0, val, val_len );
-}
-
-int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage )
-{
-    unsigned char buf[4];
-    unsigned char *c;
-    int ret;
-
-    c = buf + 4;
-
-    if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &key_usage, 7 ) ) != 4 )
-        return( ret );
-
-    ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
-                                       MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
-                                       buf, 4 );
-    if( ret != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
-                                    unsigned char ns_cert_type )
-{
-    unsigned char buf[4];
-    unsigned char *c;
-    int ret;
-
-    c = buf + 4;
-
-    if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
-        return( ret );
-
-    ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
-                                       MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
-                                       buf, 4 );
-    if( ret != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng )
-{
-    int ret;
-    const char *sig_oid;
-    size_t sig_oid_len = 0;
-    unsigned char *c, *c2;
-    unsigned char hash[64];
-    unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
-    unsigned char tmp_buf[2048];
-    size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
-    size_t len = 0;
-    mbedtls_pk_type_t pk_alg;
-
-    /*
-     * Prepare data to be signed in tmp_buf
-     */
-    c = tmp_buf + sizeof( tmp_buf );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
-
-    if( len )
-    {
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                        MBEDTLS_ASN1_SEQUENCE ) );
-
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                        MBEDTLS_ASN1_SET ) );
-
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( &c, tmp_buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ,
-                                          MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) );
-
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                        MBEDTLS_ASN1_SEQUENCE ) );
-    }
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                    MBEDTLS_ASN1_CONTEXT_SPECIFIC ) );
-
-    MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->key,
-                                                tmp_buf, c - tmp_buf ) );
-    c -= pub_len;
-    len += pub_len;
-
-    /*
-     *  Subject  ::=  Name
-     */
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->subject ) );
-
-    /*
-     *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
-     */
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, tmp_buf, 0 ) );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                    MBEDTLS_ASN1_SEQUENCE ) );
-
-    /*
-     * Prepare signature
-     */
-    mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
-
-    if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
-                                 f_rng, p_rng ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_RSA ) )
-        pk_alg = MBEDTLS_PK_RSA;
-    else if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_ECDSA ) )
-        pk_alg = MBEDTLS_PK_ECDSA;
-    else
-        return( MBEDTLS_ERR_X509_INVALID_ALG );
-
-    if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
-                                                &sig_oid, &sig_oid_len ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    /*
-     * Write data to output buffer
-     */
-    c2 = buf + size;
-    MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf,
-                                        sig_oid, sig_oid_len, sig, sig_len ) );
-
-    if( len > (size_t)( c2 - buf ) )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    c2 -= len;
-    memcpy( c2, c, len );
-
-    len += sig_and_oid_len;
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                 MBEDTLS_ASN1_SEQUENCE ) );
-
-    return( (int) len );
-}
-
-#define PEM_BEGIN_CSR           "-----BEGIN CERTIFICATE REQUEST-----\n"
-#define PEM_END_CSR             "-----END CERTIFICATE REQUEST-----\n"
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng )
-{
-    int ret;
-    unsigned char output_buf[4096];
-    size_t olen = 0;
-
-    if( ( ret = mbedtls_x509write_csr_der( ctx, output_buf, sizeof(output_buf),
-                                   f_rng, p_rng ) ) < 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CSR, PEM_END_CSR,
-                                  output_buf + sizeof(output_buf) - ret,
-                                  ret, buf, size, &olen ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_PEM_WRITE_C */
-
-#endif /* MBEDTLS_X509_CSR_WRITE_C */
diff --git a/components/ssl/mbedtls/mbedtls/library/xtea.c b/components/ssl/mbedtls/mbedtls/library/xtea.c
deleted file mode 100644
index fe0a3509..00000000
--- a/components/ssl/mbedtls/mbedtls/library/xtea.c
+++ /dev/null
@@ -1,281 +0,0 @@
-/*
- *  An 32-bit implementation of the XTEA algorithm
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_XTEA_C)
-
-#include "mbedtls/xtea.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#if !defined(MBEDTLS_XTEA_ALT)
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
-        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 3]       );            \
-}
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
-}
-#endif
-
-void mbedtls_xtea_init( mbedtls_xtea_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_xtea_context ) );
-}
-
-void mbedtls_xtea_free( mbedtls_xtea_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_zeroize( ctx, sizeof( mbedtls_xtea_context ) );
-}
-
-/*
- * XTEA key schedule
- */
-void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] )
-{
-    int i;
-
-    memset( ctx, 0, sizeof(mbedtls_xtea_context) );
-
-    for( i = 0; i < 4; i++ )
-    {
-        GET_UINT32_BE( ctx->k[i], key, i << 2 );
-    }
-}
-
-/*
- * XTEA encrypt function
- */
-int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, int mode,
-                    const unsigned char input[8], unsigned char output[8])
-{
-    uint32_t *k, v0, v1, i;
-
-    k = ctx->k;
-
-    GET_UINT32_BE( v0, input, 0 );
-    GET_UINT32_BE( v1, input, 4 );
-
-    if( mode == MBEDTLS_XTEA_ENCRYPT )
-    {
-        uint32_t sum = 0, delta = 0x9E3779B9;
-
-        for( i = 0; i < 32; i++ )
-        {
-            v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
-            sum += delta;
-            v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
-        }
-    }
-    else /* MBEDTLS_XTEA_DECRYPT */
-    {
-        uint32_t delta = 0x9E3779B9, sum = delta * 32;
-
-        for( i = 0; i < 32; i++ )
-        {
-            v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]);
-            sum -= delta;
-            v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]);
-        }
-    }
-
-    PUT_UINT32_BE( v0, output, 0 );
-    PUT_UINT32_BE( v1, output, 4 );
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/*
- * XTEA-CBC buffer encryption/decryption
- */
-int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, int mode, size_t length,
-                    unsigned char iv[8], const unsigned char *input,
-                    unsigned char *output)
-{
-    int i;
-    unsigned char temp[8];
-
-    if( length % 8 )
-        return( MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH );
-
-    if( mode == MBEDTLS_XTEA_DECRYPT )
-    {
-        while( length > 0 )
-        {
-            memcpy( temp, input, 8 );
-            mbedtls_xtea_crypt_ecb( ctx, mode, input, output );
-
-            for( i = 0; i < 8; i++ )
-                output[i] = (unsigned char)( output[i] ^ iv[i] );
-
-            memcpy( iv, temp, 8 );
-
-            input  += 8;
-            output += 8;
-            length -= 8;
-        }
-    }
-    else
-    {
-        while( length > 0 )
-        {
-            for( i = 0; i < 8; i++ )
-                output[i] = (unsigned char)( input[i] ^ iv[i] );
-
-            mbedtls_xtea_crypt_ecb( ctx, mode, output, output );
-            memcpy( iv, output, 8 );
-
-            input  += 8;
-            output += 8;
-            length -= 8;
-        }
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* !MBEDTLS_XTEA_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/*
- * XTEA tests vectors (non-official)
- */
-
-static const unsigned char xtea_test_key[6][16] =
-{
-   { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
-     0x0c, 0x0d, 0x0e, 0x0f },
-   { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
-     0x0c, 0x0d, 0x0e, 0x0f },
-   { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
-     0x0c, 0x0d, 0x0e, 0x0f },
-   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x00 },
-   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x00 },
-   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x00 }
-};
-
-static const unsigned char xtea_test_pt[6][8] =
-{
-    { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
-    { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
-    { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f },
-    { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 },
-    { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
-    { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 }
-};
-
-static const unsigned char xtea_test_ct[6][8] =
-{
-    { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 },
-    { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 },
-    { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 },
-    { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 },
-    { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d },
-    { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_xtea_self_test( int verbose )
-{
-    int i, ret = 0;
-    unsigned char buf[8];
-    mbedtls_xtea_context ctx;
-
-    mbedtls_xtea_init( &ctx );
-    for( i = 0; i < 6; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  XTEA test #%d: ", i + 1 );
-
-        memcpy( buf, xtea_test_pt[i], 8 );
-
-        mbedtls_xtea_setup( &ctx, xtea_test_key[i] );
-        mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, buf, buf );
-
-        if( memcmp( buf, xtea_test_ct[i], 8 ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-exit:
-    mbedtls_xtea_free( &ctx );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_XTEA_C */
diff --git a/components/ssl/mbedtls/port/esp8266/include/aes_alt.h b/components/ssl/mbedtls/port/esp8266/include/aes_alt.h
deleted file mode 100644
index f820aaf6..00000000
--- a/components/ssl/mbedtls/port/esp8266/include/aes_alt.h
+++ /dev/null
@@ -1,116 +0,0 @@
-/**
- * \file aes_alt.h
- *
- * \brief AES block cipher
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-#ifndef AES_ALT_H
-#define AES_ALT_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_AES_ALT)
-#include "esp_aes.h"
-
-typedef esp_aes_t mbedtls_aes_context;
-
-#define mbedtls_aes_init(_ctx)                              { }
-#define mbedtls_aes_free(_ctx)                              { }
-#define mbedtls_aes_setkey_enc(_ctx, _key, _keybits)        esp_aes_set_encrypt_key(_ctx, _key, _keybits)
-#define mbedtls_aes_setkey_dec(_ctx, _key, _keybits)        esp_aes_set_decrypt_key(_ctx, _key, _keybits)
-
-#define mbedtls_aes_crypt_ecb(_ctx, _mode, _input, _output)                                         \
-({                                                                                                  \
-    int ret;                                                                                        \
-                                                                                                    \
-    if (_mode == MBEDTLS_AES_DECRYPT)                                                               \
-        ret = esp_aes_decrypt_ecb(_ctx, _input, _output);                                           \
-    else if (_mode == MBEDTLS_AES_ENCRYPT)                                                          \
-        ret = esp_aes_encrypt_ecb(_ctx, _input, _output);                                           \
-    else                                                                                            \
-        ret = -1;                                                                                   \
-                                                                                                    \
-    ret;                                                                                            \
-})
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define mbedtls_aes_crypt_cbc(_ctx, _mode, _length, _iv, _input, _output)                           \
-({                                                                                                  \
-    int ret;                                                                                        \
-                                                                                                    \
-    if (_mode == MBEDTLS_AES_DECRYPT)                                                               \
-        ret = esp_aes_decrypt_cbc(_ctx, _input, _length, _output, _length, _iv);                    \
-    else if (_mode == MBEDTLS_AES_ENCRYPT)                                                          \
-        ret = esp_aes_encrypt_cbc(_ctx, _input, _length, _output, _length, _iv);                    \
-    else                                                                                            \
-        ret = -1;                                                                                   \
-                                                                                                    \
-    ret;                                                                                            \
-})
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-#define mbedtls_aes_crypt_cfb128(_ctx, _mode, _length, _iv_off, _iv, _input, _output)               \
-({                                                                                                  \
-    int ret;                                                                                        \
-                                                                                                    \
-    if (_mode == MBEDTLS_AES_DECRYPT)                                                               \
-        ret = esp_aes_decrypt_cfb128(_ctx, _input, _length, _output, _length, _iv, _iv_off);        \
-    else if (_mode == MBEDTLS_AES_ENCRYPT)                                                          \
-        ret = esp_aes_encrypt_cfb128(_ctx, _input, _length, _output, _length, _iv, _iv_off);        \
-    else                                                                                            \
-        ret = -1;                                                                                   \
-                                                                                                    \
-    ret;                                                                                            \
-})
-
-#define mbedtls_aes_crypt_cfb8(_ctx, _mode, _length, _iv, _input, _output)                          \
-({                                                                                                  \
-    int ret;                                                                                        \
-                                                                                                    \
-    if (_mode == MBEDTLS_AES_DECRYPT)                                                               \
-        ret = esp_aes_decrypt_cfb8(_ctx, _input, _length, _output, _length, _iv);                   \
-    else if (_mode == MBEDTLS_AES_ENCRYPT)                                                          \
-        ret = esp_aes_encrypt_cfb8(_ctx, _input, _length, _output, _length, _iv);                   \
-    else                                                                                            \
-        ret = -1;                                                                                   \
-                                                                                                    \
-    ret;                                                                                            \
-})
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-#define mbedtls_aes_crypt_ctr(_ctx, _length, _nc_off, _nonce_counter,                               \
-                              _stream_block, _input, _output)                                       \
-                                                                                                    \
-        esp_aes_encrypt_ctr(_ctx, _nc_off, _nonce_counter, _stream_block, _input,                   \
-                            _length, _output, _length)
-#endif
-
-#define mbedtls_internal_aes_encrypt(_ctx, _input, _output)     esp_aes_encrypt(_ctx, _input, 16, _output, 16)
-#define mbedtls_internal_aes_decrypt(_ctx, _input, _output)     esp_aes_decrypt(_ctx, _input, 16, _output, 16)
-#endif /* MBEDTLS_AES_ALT */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/components/ssl/mbedtls/port/esp8266/include/arc4_alt.h b/components/ssl/mbedtls/port/esp8266/include/arc4_alt.h
deleted file mode 100644
index 1fe52e57..00000000
--- a/components/ssl/mbedtls/port/esp8266/include/arc4_alt.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-#ifndef ARC4_ALT_H
-#define ARC4_ALT_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_ARC4_ALT)
-#include "esp_arc4.h"
-
-typedef esp_arc4_context mbedtls_arc4_context;
-
-#define mbedtls_arc4_init(_ctx)                     { }
-
-#define mbedtls_arc4_free(_ctx)                     { }
-
-#define mbedtls_arc4_setup(_ctx, _s, _l)            esp_arc4_setup(_ctx, _s, _l)
-
-#define mbedtls_arc4_crypt(_ctx, _l, _i, _o)        esp_arc4_encrypt(_ctx, _l, _i, _o)
-
-#endif /* MBEDTLS_ARC4_ALT */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/components/ssl/mbedtls/port/esp8266/include/mbedtls/esp_config.h b/components/ssl/mbedtls/port/esp8266/include/mbedtls/esp_config.h
deleted file mode 100644
index 8a9af79b..00000000
--- a/components/ssl/mbedtls/port/esp8266/include/mbedtls/esp_config.h
+++ /dev/null
@@ -1,2995 +0,0 @@
-/**
- * \file config.h
- *
- * \brief Configuration options (set of defines)
- *
- *  This set of compile-time options may be used to enable
- *  or disable features selectively, and reduce the global
- *  memory footprint.
- */
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#ifndef MBEDTLS_CONFIG_H
-#define MBEDTLS_CONFIG_H
-
-#include "sdkconfig.h"
-
-#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
-#define _CRT_SECURE_NO_DEPRECATE 1
-#endif
-
-/**
- * \name SECTION: System support
- *
- * This section sets system specific settings.
- * \{
- */
-
-/**
- * \def MBEDTLS_HAVE_ASM
- *
- * The compiler has support for asm().
- *
- * Requires support for asm() in compiler.
- *
- * Used in:
- *      library/timing.c
- *      library/padlock.c
- *      include/mbedtls/bn_mul.h
- *
- * Comment to disable the use of assembly code.
- */
-#define MBEDTLS_HAVE_ASM
-
-/**
- * \def MBEDTLS_NO_UDBL_DIVISION
- *
- * The platform lacks support for double-width integer division (64-bit
- * division on a 32-bit platform, 128-bit division on a 64-bit platform).
- *
- * Used in:
- *      include/mbedtls/bignum.h
- *      library/bignum.c
- *
- * The bignum code uses double-width division to speed up some operations.
- * Double-width division is often implemented in software that needs to
- * be linked with the program. The presence of a double-width integer
- * type is usually detected automatically through preprocessor macros,
- * but the automatic detection cannot know whether the code needs to
- * and can be linked with an implementation of division for that type.
- * By default division is assumed to be usable if the type is present.
- * Uncomment this option to prevent the use of double-width division.
- *
- * Note that division for the native integer type is always required.
- * Furthermore, a 64-bit type is always required even on a 32-bit
- * platform, but it need not support multiplication or division. In some
- * cases it is also desirable to disable some double-width operations. For
- * example, if double-width division is implemented in software, disabling
- * it can reduce code size in some embedded targets.
- */
-//#define MBEDTLS_NO_UDBL_DIVISION
-
-/**
- * \def MBEDTLS_HAVE_SSE2
- *
- * CPU supports SSE2 instruction set.
- *
- * Uncomment if the CPU supports SSE2 (IA-32 specific).
- */
-//#define MBEDTLS_HAVE_SSE2
-
-/**
- * \def MBEDTLS_HAVE_TIME
- *
- * System has time.h and time().
- * The time does not need to be correct, only time differences are used,
- * by contrast with MBEDTLS_HAVE_TIME_DATE
- *
- * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
- * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
- * MBEDTLS_PLATFORM_STD_TIME.
- *
- * Comment if your system does not support time functions
- */
-#ifdef CONFIG_MBEDTLS_HAVE_TIME
-#define MBEDTLS_HAVE_TIME
-#endif
-
-/**
- * \def MBEDTLS_HAVE_TIME_DATE
- *
- * System has time.h and time(), gmtime() and the clock is correct.
- * The time needs to be correct (not necesarily very accurate, but at least
- * the date should be correct). This is used to verify the validity period of
- * X.509 certificates.
- *
- * Comment if your system does not have a correct clock.
- */
-#ifdef CONFIG_MBEDTLS_HAVE_TIME_DATE
-#define MBEDTLS_HAVE_TIME_DATE
-#endif
-
-/**
- * \def MBEDTLS_PLATFORM_MEMORY
- *
- * Enable the memory allocation layer.
- *
- * By default mbed TLS uses the system-provided calloc() and free().
- * This allows different allocators (self-implemented or provided) to be
- * provided to the platform abstraction layer.
- *
- * Enabling MBEDTLS_PLATFORM_MEMORY without the
- * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
- * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
- * free() function pointer at runtime.
- *
- * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
- * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
- * alternate function at compile time.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Enable this layer to allow use of alternative memory allocators.
- */
-//#define MBEDTLS_PLATFORM_MEMORY
-
-/**
- * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
- *
- * Do not assign standard functions in the platform layer (e.g. calloc() to
- * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
- *
- * This makes sure there are no linking errors on platforms that do not support
- * these functions. You will HAVE to provide alternatives, either at runtime
- * via the platform_set_xxx() functions or at compile time by setting
- * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
- * MBEDTLS_PLATFORM_XXX_MACRO.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Uncomment to prevent default assignment of standard functions in the
- * platform layer.
- */
-//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-
-/**
- * \def MBEDTLS_PLATFORM_EXIT_ALT
- *
- * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
- * function in the platform abstraction layer.
- *
- * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
- * provide a function "mbedtls_platform_set_printf()" that allows you to set an
- * alternative printf function pointer.
- *
- * All these define require MBEDTLS_PLATFORM_C to be defined!
- *
- * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
- * it will be enabled automatically by check_config.h
- *
- * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
- * MBEDTLS_PLATFORM_XXX_MACRO!
- *
- * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
- *
- * Uncomment a macro to enable alternate implementation of specific base
- * platform function
- */
-//#define MBEDTLS_PLATFORM_EXIT_ALT
-//#define MBEDTLS_PLATFORM_TIME_ALT
-//#define MBEDTLS_PLATFORM_FPRINTF_ALT
-//#define MBEDTLS_PLATFORM_PRINTF_ALT
-//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
-//#define MBEDTLS_PLATFORM_NV_SEED_ALT
-//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
-
-/**
- * \def MBEDTLS_DEPRECATED_WARNING
- *
- * Mark deprecated functions so that they generate a warning if used.
- * Functions deprecated in one version will usually be removed in the next
- * version. You can enable this to help you prepare the transition to a new
- * major version by making sure your code is not using these functions.
- *
- * This only works with GCC and Clang. With other compilers, you may want to
- * use MBEDTLS_DEPRECATED_REMOVED
- *
- * Uncomment to get warnings on using deprecated functions.
- */
-//#define MBEDTLS_DEPRECATED_WARNING
-
-/**
- * \def MBEDTLS_DEPRECATED_REMOVED
- *
- * Remove deprecated functions so that they generate an error if used.
- * Functions deprecated in one version will usually be removed in the next
- * version. You can enable this to help you prepare the transition to a new
- * major version by making sure your code is not using these functions.
- *
- * Uncomment to get errors on using deprecated functions.
- */
-//#define MBEDTLS_DEPRECATED_REMOVED
-
-/* \} name SECTION: System support */
-
-/**
- * \name SECTION: mbed TLS feature support
- *
- * This section sets support for features that are or are not needed
- * within the modules that are enabled.
- * \{
- */
-
-/**
- * \def MBEDTLS_TIMING_ALT
- *
- * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
- * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
- *
- * Only works if you have MBEDTLS_TIMING_C enabled.
- *
- * You will need to provide a header "timing_alt.h" and an implementation at
- * compile time.
- */
-//#define MBEDTLS_TIMING_ALT
-
-/**
- * \def MBEDTLS_AES_ALT
- *
- * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
- * alternate core implementation of a symmetric crypto, an arithmetic or hash
- * module (e.g. platform specific assembly optimized implementations). Keep
- * in mind that the function prototypes should remain the same.
- *
- * This replaces the whole module. If you only want to replace one of the
- * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
- *
- * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
- * provide the "struct mbedtls_aes_context" definition and omit the base
- * function declarations and implementations. "aes_alt.h" will be included from
- * "aes.h" to include the new function definitions.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * module.
- *
- * \warning   MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their
- *            use constitutes a security risk. If possible, we recommend
- *            avoiding dependencies on them, and considering stronger message
- *            digests and ciphers instead.
- *
- */
-//#define MBEDTLS_BLOWFISH_ALT
-//#define MBEDTLS_CAMELLIA_ALT
-//#define MBEDTLS_CCM_ALT
-//#define MBEDTLS_CMAC_ALT
-//#define MBEDTLS_DES_ALT
-//#define MBEDTLS_DHM_ALT
-//#define MBEDTLS_ECJPAKE_ALT
-//#define MBEDTLS_GCM_ALT
-//#define MBEDTLS_MD2_ALT
-//#define MBEDTLS_MD4_ALT
-//#define MBEDTLS_RIPEMD160_ALT
-//#define MBEDTLS_RSA_ALT
-//#define MBEDTLS_XTEA_ALT
-
-#ifdef CONFIG_ESP_AES
-#define MBEDTLS_AES_ALT
-#endif
-
-#ifdef CONFIG_ESP_SHA
-#define MBEDTLS_SHA1_ALT
-#define MBEDTLS_SHA256_ALT
-#define MBEDTLS_SHA512_ALT
-#endif
-
-#ifdef CONFIG_ESP_MD5
-#define MBEDTLS_MD5_ALT
-#endif
-
-#ifdef CONFIG_ESP_ARC4
-#define MBEDTLS_ARC4_ALT
-#endif
-
-/*
- * When replacing the elliptic curve module, pleace consider, that it is
- * implemented with two .c files:
- *      - ecp.c
- *      - ecp_curves.c
- * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
- * macros as described above. The only difference is that you have to make sure
- * that you provide functionality for both .c files.
- */
-//#define MBEDTLS_ECP_ALT
-
-/**
- * \def MBEDTLS_MD2_PROCESS_ALT
- *
- * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
- * alternate core implementation of symmetric crypto or hash function. Keep in
- * mind that function prototypes should remain the same.
- *
- * This replaces only one function. The header file from mbed TLS is still
- * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
- *
- * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
- * no longer provide the mbedtls_sha1_process() function, but it will still provide
- * the other function (using your mbedtls_sha1_process() function) and the definition
- * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
- * with this definition.
- *
- * \note Because of a signature change, the core AES encryption and decryption routines are
- *       currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
- *       respectively. When setting up alternative implementations, these functions should
- *       be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
- *       must stay untouched.
- *
- * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
- *       MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
- *       tables.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * function.
- *
- * \warning   MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
- *            constitutes a security risk. If possible, we recommend avoiding
- *            dependencies on them, and considering stronger message digests
- *            and ciphers instead.
- *
- */
-//#define MBEDTLS_MD2_PROCESS_ALT
-//#define MBEDTLS_MD4_PROCESS_ALT
-//#define MBEDTLS_MD5_PROCESS_ALT
-//#define MBEDTLS_RIPEMD160_PROCESS_ALT
-//#define MBEDTLS_SHA1_PROCESS_ALT
-//#define MBEDTLS_SHA256_PROCESS_ALT
-//#define MBEDTLS_SHA512_PROCESS_ALT
-//#define MBEDTLS_DES_SETKEY_ALT
-//#define MBEDTLS_DES_CRYPT_ECB_ALT
-//#define MBEDTLS_DES3_CRYPT_ECB_ALT
-//#define MBEDTLS_AES_SETKEY_ENC_ALT
-//#define MBEDTLS_AES_SETKEY_DEC_ALT
-//#define MBEDTLS_AES_ENCRYPT_ALT
-//#define MBEDTLS_AES_DECRYPT_ALT
-//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
-//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
-//#define MBEDTLS_ECDSA_VERIFY_ALT
-//#define MBEDTLS_ECDSA_SIGN_ALT
-//#define MBEDTLS_ECDSA_GENKEY_ALT
-
-/**
- * \def MBEDTLS_ECP_INTERNAL_ALT
- *
- * Expose a part of the internal interface of the Elliptic Curve Point module.
- *
- * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
- * alternative core implementation of elliptic curve arithmetic. Keep in mind
- * that function prototypes should remain the same.
- *
- * This partially replaces one function. The header file from mbed TLS is still
- * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
- * is still present and it is used for group structures not supported by the
- * alternative.
- *
- * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
- * and implementing the following functions:
- *      unsigned char mbedtls_internal_ecp_grp_capable(
- *          const mbedtls_ecp_group *grp )
- *      int  mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
- *      void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp )
- * The mbedtls_internal_ecp_grp_capable function should return 1 if the
- * replacement functions implement arithmetic for the given group and 0
- * otherwise.
- * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are
- * called before and after each point operation and provide an opportunity to
- * implement optimized set up and tear down instructions.
- *
- * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and
- * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac
- * function, but will use your mbedtls_internal_ecp_double_jac if the group is
- * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when
- * receives it as an argument). If the group is not supported then the original
- * implementation is used. The other functions and the definition of
- * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your
- * implementation of mbedtls_internal_ecp_double_jac and
- * mbedtls_internal_ecp_grp_capable must be compatible with this definition.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * function.
- */
-/* Required for all the functions in this section */
-//#define MBEDTLS_ECP_INTERNAL_ALT
-/* Support for Weierstrass curves with Jacobi representation */
-//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
-//#define MBEDTLS_ECP_ADD_MIXED_ALT
-//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
-//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
-//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
-/* Support for curves with Montgomery arithmetic */
-//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
-//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
-//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
-
-/**
- * \def MBEDTLS_TEST_NULL_ENTROPY
- *
- * Enables testing and use of mbed TLS without any configured entropy sources.
- * This permits use of the library on platforms before an entropy source has
- * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
- * MBEDTLS_ENTROPY_NV_SEED switches).
- *
- * WARNING! This switch MUST be disabled in production builds, and is suitable
- * only for development.
- * Enabling the switch negates any security provided by the library.
- *
- * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- */
-//#define MBEDTLS_TEST_NULL_ENTROPY
-
-/**
- * \def MBEDTLS_ENTROPY_HARDWARE_ALT
- *
- * Uncomment this macro to let mbed TLS use your own implementation of a
- * hardware entropy collector.
- *
- * Your function must be called \c mbedtls_hardware_poll(), have the same
- * prototype as declared in entropy_poll.h, and accept NULL as first argument.
- *
- * Uncomment to use your own hardware entropy collector.
- */
-#define MBEDTLS_ENTROPY_HARDWARE_ALT
-
-/**
- * \def MBEDTLS_AES_ROM_TABLES
- *
- * Store the AES tables in ROM.
- *
- * Uncomment this macro to store the AES tables in ROM.
- */
-#define MBEDTLS_AES_ROM_TABLES
-
-/**
- * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
- *
- * Use less ROM for the Camellia implementation (saves about 768 bytes).
- *
- * Uncomment this macro to use less memory for Camellia.
- */
-//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CBC
- *
- * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CBC
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CFB
- *
- * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
- */
-//#define MBEDTLS_CIPHER_MODE_CFB
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CTR
- *
- * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
- */
-
-#ifdef CONFIG_MBEDTLS_CIPHER_MODE_CTR
-#define MBEDTLS_CIPHER_MODE_CTR
-#endif
-
-/**
- * \def MBEDTLS_CIPHER_NULL_CIPHER
- *
- * Enable NULL cipher.
- * Warning: Only do so when you know what you are doing. This allows for
- * encryption or channels without any security!
- *
- * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
- * the following ciphersuites:
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
- *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
- *      MBEDTLS_TLS_RSA_WITH_NULL_SHA256
- *      MBEDTLS_TLS_RSA_WITH_NULL_SHA
- *      MBEDTLS_TLS_RSA_WITH_NULL_MD5
- *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
- *      MBEDTLS_TLS_PSK_WITH_NULL_SHA384
- *      MBEDTLS_TLS_PSK_WITH_NULL_SHA256
- *      MBEDTLS_TLS_PSK_WITH_NULL_SHA
- *
- * Uncomment this macro to enable the NULL cipher and ciphersuites
- */
-//#define MBEDTLS_CIPHER_NULL_CIPHER
-
-/**
- * \def MBEDTLS_CIPHER_PADDING_PKCS7
- *
- * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
- * specific padding modes in the cipher layer with cipher modes that support
- * padding (e.g. CBC)
- *
- * If you disable all padding modes, only full blocks can be used with CBC.
- *
- * Enable padding modes in the cipher layer.
- */
-//#define MBEDTLS_CIPHER_PADDING_PKCS7
-//#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
-//#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
-//#define MBEDTLS_CIPHER_PADDING_ZEROS
-
-/**
- * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
- *
- * Enable weak ciphersuites in SSL / TLS.
- * Warning: Only do so when you know what you are doing. This allows for
- * channels with virtually no security at all!
- *
- * This enables the following ciphersuites:
- *      MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
- *      MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
- *
- * Uncomment this macro to enable weak ciphersuites
- *
- * \warning   DES is considered a weak cipher and its use constitutes a
- *            security risk. We recommend considering stronger ciphers instead.
- */
-//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
-
-/**
- * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
- *
- * Remove RC4 ciphersuites by default in SSL / TLS.
- * This flag removes the ciphersuites based on RC4 from the default list as
- * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
- * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
- * explicitly.
- *
- * Uncomment this macro to remove RC4 ciphersuites by default.
- */
-#ifdef CONFIG_MBEDTLS_RC4_ENABLED
-#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-#endif
-
-/**
- * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
- *
- * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
- * module.  By default all supported curves are enabled.
- *
- * Comment macros to disable the curve and functions for it
- */
-#ifdef CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#endif
-#ifdef CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#endif
-#ifdef CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#endif
-#ifdef CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#endif
-#ifdef CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#endif
-#ifdef CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#endif
-#ifdef CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#endif
-#ifdef CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#endif
-#ifdef CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-#endif
-#ifdef CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-#endif
-#ifdef CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED
-#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-#endif
-#ifdef CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#endif
-
-/**
- * \def MBEDTLS_ECP_NIST_OPTIM
- *
- * Enable specific 'modulo p' routines for each NIST prime.
- * Depending on the prime and architecture, makes operations 4 to 8 times
- * faster on the corresponding curve.
- *
- * Comment this macro to disable NIST curves optimisation.
- */
-#ifdef CONFIG_MBEDTLS_ECP_NIST_OPTIM
-#define MBEDTLS_ECP_NIST_OPTIM
-#endif
-
-/**
- * \def MBEDTLS_ECDSA_DETERMINISTIC
- *
- * Enable deterministic ECDSA (RFC 6979).
- * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
- * may result in a compromise of the long-term signing key. This is avoided by
- * the deterministic variant.
- *
- * Requires: MBEDTLS_HMAC_DRBG_C
- *
- * Comment this macro to disable deterministic ECDSA.
- */
-//#define MBEDTLS_ECDSA_DETERMINISTIC
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
- *
- * Enable the PSK based ciphersuite modes in SSL / TLS.
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
- */
-#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_PSK
-#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-#endif
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
- *
- * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_DHM_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
- *
- * \warning    Using DHE constitutes a security risk as it
- *             is not possible to validate custom DH parameters.
- *             If possible, it is recommended users should consider
- *             preferring other methods of key exchange.
- *             See dhm.h for more details.
- *
- */
-#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK
-#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
-#endif
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
- *
- * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
- */
-#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-#endif
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
- *
- * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- *           MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
- */
-#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK
-#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-#endif
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
- *
- * Enable the RSA-only based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- *           MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
- */
-#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_RSA
-#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-#endif
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
- *
- * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- *           MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- *
- * \warning    Using DHE constitutes a security risk as it
- *             is not possible to validate custom DH parameters.
- *             If possible, it is recommended users should consider
- *             preferring other methods of key exchange.
- *             See dhm.h for more details.
- *
- */
-#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA
-#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-#endif
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
- *
- * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- *           MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
- */
-#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-#endif
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
- *
- * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- */
-#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-#endif
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
- *
- * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- */
-#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
-#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-#endif
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
- *
- * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
- */
-#ifdef CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA
-#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-#endif
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
- *
- * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
- *
- * \warning This is currently experimental. EC J-PAKE support is based on the
- * Thread v1.0.0 specification; incompatible changes to the specification
- * might still happen. For this reason, this is disabled by default.
- *
- * Requires: MBEDTLS_ECJPAKE_C
- *           MBEDTLS_SHA256_C
- *           MBEDTLS_ECP_DP_SECP256R1_ENABLED
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
- */
-//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
-
-/**
- * \def MBEDTLS_PK_PARSE_EC_EXTENDED
- *
- * Enhance support for reading EC keys using variants of SEC1 not allowed by
- * RFC 5915 and RFC 5480.
- *
- * Currently this means parsing the SpecifiedECDomain choice of EC
- * parameters (only known groups are supported, not arbitrary domains, to
- * avoid validation issues).
- *
- * Disable if you only need to support RFC 5915 + 5480 key formats.
- */
-#define MBEDTLS_PK_PARSE_EC_EXTENDED
-
-/**
- * \def MBEDTLS_ERROR_STRERROR_DUMMY
- *
- * Enable a dummy error function to make use of mbedtls_strerror() in
- * third party libraries easier when MBEDTLS_ERROR_C is disabled
- * (no effect when MBEDTLS_ERROR_C is enabled).
- *
- * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
- * not using mbedtls_strerror() or error_strerror() in your application.
- *
- * Disable if you run into name conflicts and want to really remove the
- * mbedtls_strerror()
- */
-#define MBEDTLS_ERROR_STRERROR_DUMMY
-
-/**
- * \def MBEDTLS_GENPRIME
- *
- * Enable the prime-number generation code.
- *
- * Requires: MBEDTLS_BIGNUM_C
- */
-#define MBEDTLS_GENPRIME
-
-/**
- * \def MBEDTLS_FS_IO
- *
- * Enable functions that use the filesystem.
- */
-//#define MBEDTLS_FS_IO
-
-/**
- * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- * Do not add default entropy sources. These are the platform specific,
- * mbedtls_timing_hardclock and HAVEGE based poll functions.
- *
- * This is useful to have more control over the added entropy sources in an
- * application.
- *
- * Uncomment this macro to prevent loading of default entropy functions.
- */
-//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-
-/**
- * \def MBEDTLS_NO_PLATFORM_ENTROPY
- *
- * Do not use built-in platform entropy functions.
- * This is useful if your platform does not support
- * standards like the /dev/urandom or Windows CryptoAPI.
- *
- * Uncomment this macro to disable the built-in platform entropy functions.
- */
-#define MBEDTLS_NO_PLATFORM_ENTROPY
-
-/**
- * \def MBEDTLS_ENTROPY_FORCE_SHA256
- *
- * Force the entropy accumulator to use a SHA-256 accumulator instead of the
- * default SHA-512 based one (if both are available).
- *
- * Requires: MBEDTLS_SHA256_C
- *
- * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
- * if you have performance concerns.
- *
- * This option is only useful if both MBEDTLS_SHA256_C and
- * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
- */
-//#define MBEDTLS_ENTROPY_FORCE_SHA256
-
-/**
- * \def MBEDTLS_ENTROPY_NV_SEED
- *
- * Enable the non-volatile (NV) seed file-based entropy source.
- * (Also enables the NV seed read/write functions in the platform layer)
- *
- * This is crucial (if not required) on systems that do not have a
- * cryptographic entropy source (in hardware or kernel) available.
- *
- * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
- *
- * \note The read/write functions that are used by the entropy source are
- *       determined in the platform layer, and can be modified at runtime and/or
- *       compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
- *
- * \note If you use the default implementation functions that read a seedfile
- *       with regular fopen(), please make sure you make a seedfile with the
- *       proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
- *       least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
- *       and written to or you will get an entropy source error! The default
- *       implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
- *       bytes from the file.
- *
- * \note The entropy collector will write to the seed file before entropy is
- *       given to an external source, to update it.
- */
-//#define MBEDTLS_ENTROPY_NV_SEED
-
-/**
- * \def MBEDTLS_MEMORY_DEBUG
- *
- * Enable debugging of buffer allocator memory issues. Automatically prints
- * (to stderr) all (fatal) messages on memory allocation issues. Enables
- * function for 'debug output' of allocated memory.
- *
- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Uncomment this macro to let the buffer allocator print out error messages.
- */
-//#define MBEDTLS_MEMORY_DEBUG
-
-/**
- * \def MBEDTLS_MEMORY_BACKTRACE
- *
- * Include backtrace information with each allocated block.
- *
- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *           GLIBC-compatible backtrace() an backtrace_symbols() support
- *
- * Uncomment this macro to include backtrace information
- */
-//#define MBEDTLS_MEMORY_BACKTRACE
-
-/**
- * \def MBEDTLS_PK_RSA_ALT_SUPPORT
- *
- * Support external private RSA keys (eg from a HSM) in the PK layer.
- *
- * Comment this macro to disable support for external private RSA keys.
- */
-#define MBEDTLS_PK_RSA_ALT_SUPPORT
-
-/**
- * \def MBEDTLS_PKCS1_V15
- *
- * Enable support for PKCS#1 v1.5 encoding.
- *
- * Requires: MBEDTLS_RSA_C
- *
- * This enables support for PKCS#1 v1.5 operations.
- */
-#define MBEDTLS_PKCS1_V15
-
-/**
- * \def MBEDTLS_PKCS1_V21
- *
- * Enable support for PKCS#1 v2.1 encoding.
- *
- * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
- *
- * This enables support for RSAES-OAEP and RSASSA-PSS operations.
- */
-#define MBEDTLS_PKCS1_V21
-
-/**
- * \def MBEDTLS_RSA_NO_CRT
- *
- * Do not use the Chinese Remainder Theorem
- * for the RSA private operation.
- *
- * Uncomment this macro to disable the use of CRT in RSA.
- *
- */
-//#define MBEDTLS_RSA_NO_CRT
-
-/**
- * \def MBEDTLS_SELF_TEST
- *
- * Enable the checkup functions (*_self_test).
- */
-//#define MBEDTLS_SELF_TEST
-
-/**
- * \def MBEDTLS_SHA256_SMALLER
- *
- * Enable an implementation of SHA-256 that has lower ROM footprint but also
- * lower performance.
- *
- * The default implementation is meant to be a reasonnable compromise between
- * performance and size. This version optimizes more aggressively for size at
- * the expense of performance. Eg on Cortex-M4 it reduces the size of
- * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
- * 30%.
- *
- * Uncomment to enable the smaller implementation of SHA256.
- */
-//#define MBEDTLS_SHA256_SMALLER
-
-/**
- * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
- *
- * Enable sending of alert messages in case of encountered errors as per RFC.
- * If you choose not to send the alert messages, mbed TLS can still communicate
- * with other servers, only debugging of failures is harder.
- *
- * The advantage of not sending alert messages, is that no information is given
- * about reasons for failures thus preventing adversaries of gaining intel.
- *
- * Enable sending of all alert messages
- */
-#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
-
-/**
- * \def MBEDTLS_SSL_DEBUG_ALL
- *
- * Enable the debug messages in SSL module for all issues.
- * Debug messages have been disabled in some places to prevent timing
- * attacks due to (unbalanced) debugging function calls.
- *
- * If you need all error reporting you should enable this during debugging,
- * but remove this for production servers that should log as well.
- *
- * Uncomment this macro to report all debug messages on errors introducing
- * a timing side-channel.
- *
- */
-//#define MBEDTLS_SSL_DEBUG_ALL
-
-/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
- *
- * Enable support for Encrypt-then-MAC, RFC 7366.
- *
- * This allows peers that both support it to use a more robust protection for
- * ciphersuites using CBC, providing deep resistance against timing attacks
- * on the padding or underlying cipher.
- *
- * This only affects CBC ciphersuites, and is useless if none is defined.
- *
- * Requires: MBEDTLS_SSL_PROTO_TLS1    or
- *           MBEDTLS_SSL_PROTO_TLS1_1  or
- *           MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Comment this macro to disable support for Encrypt-then-MAC
- */
-//#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
-
-/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
- *
- * Enable support for Extended Master Secret, aka Session Hash
- * (draft-ietf-tls-session-hash-02).
- *
- * This was introduced as "the proper fix" to the Triple Handshake familiy of
- * attacks, but it is recommended to always use it (even if you disable
- * renegotiation), since it actually fixes a more fundamental issue in the
- * original SSL/TLS design, and has implications beyond Triple Handshake.
- *
- * Requires: MBEDTLS_SSL_PROTO_TLS1    or
- *           MBEDTLS_SSL_PROTO_TLS1_1  or
- *           MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Comment this macro to disable support for Extended Master Secret.
- */
-#ifdef CONFIG_MBEDTLS_TLS_ENABLED
-#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
-#endif
-
-/**
- * \def MBEDTLS_SSL_FALLBACK_SCSV
- *
- * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
- *
- * For servers, it is recommended to always enable this, unless you support
- * only one version of TLS, or know for sure that none of your clients
- * implements a fallback strategy.
- *
- * For clients, you only need this if you're using a fallback strategy, which
- * is not recommended in the first place, unless you absolutely need it to
- * interoperate with buggy (version-intolerant) servers.
- *
- * Comment this macro to disable support for FALLBACK_SCSV
- */
-//#define MBEDTLS_SSL_FALLBACK_SCSV
-
-/**
- * \def MBEDTLS_SSL_HW_RECORD_ACCEL
- *
- * Enable hooking functions in SSL module for hardware acceleration of
- * individual records.
- *
- * Uncomment this macro to enable hooking functions.
- */
-//#define MBEDTLS_SSL_HW_RECORD_ACCEL
-
-/**
- * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
- *
- * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
- *
- * This is a countermeasure to the BEAST attack, which also minimizes the risk
- * of interoperability issues compared to sending 0-length records.
- *
- * Comment this macro to disable 1/n-1 record splitting.
- */
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1)
-#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
-#endif
-
-/**
- * \def MBEDTLS_SSL_RENEGOTIATION
- *
- * Disable support for TLS renegotiation.
- *
- * The two main uses of renegotiation are (1) refresh keys on long-lived
- * connections and (2) client authentication after the initial handshake.
- * If you don't need renegotiation, it's probably better to disable it, since
- * it has been associated with security issues in the past and is easy to
- * misuse/misunderstand.
- *
- * Comment this to disable support for renegotiation.
- *
- * \note   Even if this option is disabled, both client and server are aware
- *         of the Renegotiation Indication Extension (RFC 5746) used to
- *         prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
- *         (See \c mbedtls_ssl_conf_legacy_renegotiation for the
- *          configuration of this extension).
- *
- */
-#ifdef CONFIG_MBEDTLS_SSL_RENEGOTIATION
-#define MBEDTLS_SSL_RENEGOTIATION
-#endif
-
-/**
- * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
- *
- * Enable support for receiving and parsing SSLv2 Client Hello messages for the
- * SSL Server module (MBEDTLS_SSL_SRV_C).
- *
- * Uncomment this macro to enable support for SSLv2 Client Hello messages.
- */
-//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
-
-/**
- * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
- *
- * Pick the ciphersuite according to the client's preferences rather than ours
- * in the SSL Server module (MBEDTLS_SSL_SRV_C).
- *
- * Uncomment this macro to respect client's ciphersuite order
- */
-//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
-
-/**
- * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
- *
- * Enable support for RFC 6066 max_fragment_length extension in SSL.
- *
- * Comment this macro to disable support for the max_fragment_length extension
- */
-//#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-
-/**
- * \def MBEDTLS_SSL_PROTO_SSL3
- *
- * Enable support for SSL 3.0.
- *
- * Requires: MBEDTLS_MD5_C
- *           MBEDTLS_SHA1_C
- *
- * Comment this macro to disable support for SSL 3.0
- */
-#ifdef CONFIG_MBEDTLS_SSL_PROTO_SSL3
-#define MBEDTLS_SSL_PROTO_SSL3
-#endif
-
-/**
- * \def MBEDTLS_SSL_PROTO_TLS1
- *
- * Enable support for TLS 1.0.
- *
- * Requires: MBEDTLS_MD5_C
- *           MBEDTLS_SHA1_C
- *
- * Comment this macro to disable support for TLS 1.0
- */
-#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1
-#define MBEDTLS_SSL_PROTO_TLS1
-#endif
-
-/**
- * \def MBEDTLS_SSL_PROTO_TLS1_1
- *
- * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
- *
- * Requires: MBEDTLS_MD5_C
- *           MBEDTLS_SHA1_C
- *
- * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
- */
-#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_1
-#define MBEDTLS_SSL_PROTO_TLS1_1
-#endif
-
-/**
- * \def MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
- *
- * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
- *           (Depends on ciphersuites)
- *
- * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
- */
-#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_2
-#define MBEDTLS_SSL_PROTO_TLS1_2
-#endif
-
-/**
- * \def MBEDTLS_SSL_PROTO_DTLS
- *
- * Enable support for DTLS (all available versions).
- *
- * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
- * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
- *
- * Requires: MBEDTLS_SSL_PROTO_TLS1_1
- *        or MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Comment this macro to disable support for DTLS
- */
-#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
-#define MBEDTLS_SSL_PROTO_DTLS
-#endif
-
-/**
- * \def MBEDTLS_SSL_ALPN
- *
- * Enable support for RFC 7301 Application Layer Protocol Negotiation.
- *
- * Comment this macro to disable support for ALPN.
- */
-#ifdef CONFIG_MBEDTLS_SSL_ALPN
-#define MBEDTLS_SSL_ALPN
-#endif
-
-/**
- * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
- *
- * Enable support for the anti-replay mechanism in DTLS.
- *
- * Requires: MBEDTLS_SSL_TLS_C
- *           MBEDTLS_SSL_PROTO_DTLS
- *
- * \warning Disabling this is often a security risk!
- * See mbedtls_ssl_conf_dtls_anti_replay() for details.
- *
- * Comment this to disable anti-replay in DTLS.
- */
-#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
-#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
-#endif
-
-/**
- * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
- *
- * Enable support for HelloVerifyRequest on DTLS servers.
- *
- * This feature is highly recommended to prevent DTLS servers being used as
- * amplifiers in DoS attacks against other hosts. It should always be enabled
- * unless you know for sure amplification cannot be a problem in the
- * environment in which your server operates.
- *
- * \warning Disabling this can ba a security risk! (see above)
- *
- * Requires: MBEDTLS_SSL_PROTO_DTLS
- *
- * Comment this to disable support for HelloVerifyRequest.
- */
-#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
-#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
-#endif
-
-/**
- * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
- *
- * Enable server-side support for clients that reconnect from the same port.
- *
- * Some clients unexpectedly close the connection and try to reconnect using the
- * same source port. This needs special support from the server to handle the
- * new connection securely, as described in section 4.2.8 of RFC 6347. This
- * flag enables that support.
- *
- * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
- *
- * Comment this to disable support for clients reusing the source port.
- */
-#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
-#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
-#endif
-
-/**
- * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
- *
- * Enable support for a limit of records with bad MAC.
- *
- * See mbedtls_ssl_conf_dtls_badmac_limit().
- *
- * Requires: MBEDTLS_SSL_PROTO_DTLS
- */
-#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS
-#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
-#endif
-
-/**
- * \def MBEDTLS_SSL_SESSION_TICKETS
- *
- * Enable support for RFC 5077 session tickets in SSL.
- * Client-side, provides full support for session tickets (maintainance of a
- * session store remains the responsibility of the application, though).
- * Server-side, you also need to provide callbacks for writing and parsing
- * tickets, including authenticated encryption and key management. Example
- * callbacks are provided by MBEDTLS_SSL_TICKET_C.
- *
- * Comment this macro to disable support for SSL session tickets
- */
-#ifdef CONFIG_MBEDTLS_SSL_SESSION_TICKETS
-#define MBEDTLS_SSL_SESSION_TICKETS
-#endif
-
-/**
- * \def MBEDTLS_SSL_EXPORT_KEYS
- *
- * Enable support for exporting key block and master secret.
- * This is required for certain users of TLS, e.g. EAP-TLS.
- *
- * Comment this macro to disable support for key export
- */
-//#define MBEDTLS_SSL_EXPORT_KEYS
-
-/**
- * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
- *
- * Enable support for RFC 6066 server name indication (SNI) in SSL.
- *
- * Requires: MBEDTLS_X509_CRT_PARSE_C
- *
- * Comment this macro to disable support for server name indication in SSL
- */
-#define MBEDTLS_SSL_SERVER_NAME_INDICATION
-
-/**
- * \def MBEDTLS_SSL_TRUNCATED_HMAC
- *
- * Enable support for RFC 6066 truncated HMAC in SSL.
- *
- * Comment this macro to disable support for truncated HMAC in SSL
- */
-//#define MBEDTLS_SSL_TRUNCATED_HMAC
-
-/**
- * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
- *
- * Fallback to old (pre-2.7), non-conforming implementation of the truncated
- * HMAC extension which also truncates the HMAC key. Note that this option is
- * only meant for a transitory upgrade period and is likely to be removed in
- * a future version of the library.
- *
- * \warning The old implementation is non-compliant and has a security weakness
- *          (2^80 brute force attack on the HMAC key used for a single,
- *          uninterrupted connection). This should only be enabled temporarily
- *          when (1) the use of truncated HMAC is essential in order to save
- *          bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
- *          the fixed implementation yet (pre-2.7).
- *
- * \deprecated This option is deprecated and will likely be removed in a
- *             future version of Mbed TLS.
- *
- * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
- *
- * Requires: MBEDTLS_SSL_TRUNCATED_HMAC
- */
-//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
-
-/**
- * \def MBEDTLS_THREADING_ALT
- *
- * Provide your own alternate threading implementation.
- *
- * Requires: MBEDTLS_THREADING_C
- *
- * Uncomment this to allow your own alternate threading implementation.
- */
-//#define MBEDTLS_THREADING_ALT
-
-/**
- * \def MBEDTLS_THREADING_PTHREAD
- *
- * Enable the pthread wrapper layer for the threading layer.
- *
- * Requires: MBEDTLS_THREADING_C
- *
- * Uncomment this to enable pthread mutexes.
- */
-//#define MBEDTLS_THREADING_PTHREAD
-
-/**
- * \def MBEDTLS_VERSION_FEATURES
- *
- * Allow run-time checking of compile-time enabled features. Thus allowing users
- * to check at run-time if the library is for instance compiled with threading
- * support via mbedtls_version_check_feature().
- *
- * Requires: MBEDTLS_VERSION_C
- *
- * Comment this to disable run-time checking and save ROM space
- */
-//#define MBEDTLS_VERSION_FEATURES
-
-/**
- * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
- *
- * If set, the X509 parser will not break-off when parsing an X509 certificate
- * and encountering an extension in a v1 or v2 certificate.
- *
- * Uncomment to prevent an error.
- */
-//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
-
-/**
- * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
- *
- * If set, the X509 parser will not break-off when parsing an X509 certificate
- * and encountering an unknown critical extension.
- *
- * \warning Depending on your PKI use, enabling this can be a security risk!
- *
- * Uncomment to prevent an error.
- */
-//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-
-/**
- * \def MBEDTLS_X509_CHECK_KEY_USAGE
- *
- * Enable verification of the keyUsage extension (CA and leaf certificates).
- *
- * Disabling this avoids problems with mis-issued and/or misused
- * (intermediate) CA and leaf certificates.
- *
- * \warning Depending on your PKI use, disabling this can be a security risk!
- *
- * Comment to skip keyUsage checking for both CA and leaf certificates.
- */
-//#define MBEDTLS_X509_CHECK_KEY_USAGE
-
-/**
- * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
- *
- * Enable verification of the extendedKeyUsage extension (leaf certificates).
- *
- * Disabling this avoids problems with mis-issued and/or misused certificates.
- *
- * \warning Depending on your PKI use, disabling this can be a security risk!
- *
- * Comment to skip extendedKeyUsage checking for certificates.
- */
-//#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
-
-/**
- * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
- *
- * Enable parsing and verification of X.509 certificates, CRLs and CSRS
- * signed with RSASSA-PSS (aka PKCS#1 v2.1).
- *
- * Comment this macro to disallow using RSASSA-PSS in certificates.
- */
-//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
-
-/**
- * \def MBEDTLS_ZLIB_SUPPORT
- *
- * If set, the SSL/TLS module uses ZLIB to support compression and
- * decompression of packet data.
- *
- * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
- * CRIME attack. Before enabling this option, you should examine with care if
- * CRIME or similar exploits may be a applicable to your use case.
- *
- * \note Currently compression can't be used with DTLS.
- *
- * \deprecated This feature is deprecated and will be removed
- *             in the next major revision of the library.
- *
- * Used in: library/ssl_tls.c
- *          library/ssl_cli.c
- *          library/ssl_srv.c
- *
- * This feature requires zlib library and headers to be present.
- *
- * Uncomment to enable use of ZLIB
- */
-//#define MBEDTLS_ZLIB_SUPPORT
-/* \} name SECTION: mbed TLS feature support */
-
-/**
- * \name SECTION: mbed TLS modules
- *
- * This section enables or disables entire modules in mbed TLS
- * \{
- */
-
-/**
- * \def MBEDTLS_AESNI_C
- *
- * Enable AES-NI support on x86-64.
- *
- * Module:  library/aesni.c
- * Caller:  library/aes.c
- *
- * Requires: MBEDTLS_HAVE_ASM
- *
- * This modules adds support for the AES-NI instructions on x86-64
- */
-#define MBEDTLS_AESNI_C
-
-/**
- * \def MBEDTLS_AES_C
- *
- * Enable the AES block cipher.
- *
- * Module:  library/aes.c
- * Caller:  library/ssl_tls.c
- *          library/pem.c
- *          library/ctr_drbg.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
- *
- * PEM_PARSE uses AES for decrypting encrypted keys.
- */
-#ifdef CONFIG_MBEDTLS_AES_C
-#define MBEDTLS_AES_C
-#endif
-
-/**
- * \def MBEDTLS_ARC4_C
- *
- * Enable the ARCFOUR stream cipher.
- *
- * Module:  library/arc4.c
- * Caller:  library/ssl_tls.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
- *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
- *
- * \warning   ARC4 is considered a weak cipher and its use constitutes a
- *            security risk. If possible, we recommend avoidng dependencies on
- *            it, and considering stronger ciphers instead.
- *
- */
-#if defined(CONFIG_MBEDTLS_RC4_ENABLED_NO_DEFAULT) || defined(CONFIG_MBEDTLS_RC4_ENABLED)
-//#define MBEDTLS_ARC4_C
-#endif
-
-/**
- * \def MBEDTLS_ASN1_PARSE_C
- *
- * Enable the generic ASN1 parser.
- *
- * Module:  library/asn1.c
- * Caller:  library/x509.c
- *          library/dhm.c
- *          library/pkcs12.c
- *          library/pkcs5.c
- *          library/pkparse.c
- */
-#define MBEDTLS_ASN1_PARSE_C
-
-/**
- * \def MBEDTLS_ASN1_WRITE_C
- *
- * Enable the generic ASN1 writer.
- *
- * Module:  library/asn1write.c
- * Caller:  library/ecdsa.c
- *          library/pkwrite.c
- *          library/x509_create.c
- *          library/x509write_crt.c
- *          library/x509write_csr.c
- */
-#define MBEDTLS_ASN1_WRITE_C
-
-/**
- * \def MBEDTLS_BASE64_C
- *
- * Enable the Base64 module.
- *
- * Module:  library/base64.c
- * Caller:  library/pem.c
- *
- * This module is required for PEM support (required by X.509).
- */
-#define MBEDTLS_BASE64_C
-
-/**
- * \def MBEDTLS_BIGNUM_C
- *
- * Enable the multi-precision integer library.
- *
- * Module:  library/bignum.c
- * Caller:  library/dhm.c
- *          library/ecp.c
- *          library/ecdsa.c
- *          library/rsa.c
- *          library/rsa_internal.c
- *          library/ssl_tls.c
- *
- * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
- */
-#define MBEDTLS_BIGNUM_C
-
-/**
- * \def MBEDTLS_BLOWFISH_C
- *
- * Enable the Blowfish block cipher.
- *
- * Module:  library/blowfish.c
- */
-#ifdef CONFIG_MBEDTLS_BLOWFISH_C
-#define MBEDTLS_BLOWFISH_C
-#endif
-
-/**
- * \def MBEDTLS_CAMELLIA_C
- *
- * Enable the Camellia block cipher.
- *
- * Module:  library/camellia.c
- * Caller:  library/ssl_tls.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
- */
-#ifdef CONFIG_MBEDTLS_CAMELLIA_C
-#define MBEDTLS_CAMELLIA_C
-#endif
-
-/**
- * \def MBEDTLS_CCM_C
- *
- * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
- *
- * Module:  library/ccm.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
- *
- * This module enables the AES-CCM ciphersuites, if other requisites are
- * enabled as well.
- */
-#ifdef CONFIG_MBEDTLS_CCM_C
-#define MBEDTLS_CCM_C
-#endif
-
-/**
- * \def MBEDTLS_CERTS_C
- *
- * Enable the test certificates.
- *
- * Module:  library/certs.c
- * Caller:
- *
- * This module is used for testing (ssl_client/server).
- */
-//#define MBEDTLS_CERTS_C
-
-/**
- * \def MBEDTLS_CIPHER_C
- *
- * Enable the generic cipher layer.
- *
- * Module:  library/cipher.c
- * Caller:  library/ssl_tls.c
- *
- * Uncomment to enable generic cipher wrappers.
- */
-#define MBEDTLS_CIPHER_C
-
-/**
- * \def MBEDTLS_CMAC_C
- *
- * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
- * ciphers.
- *
- * Module:  library/cmac.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
- *
- */
-//#define MBEDTLS_CMAC_C
-
-/**
- * \def MBEDTLS_CTR_DRBG_C
- *
- * Enable the CTR_DRBG AES-256-based random generator.
- *
- * Module:  library/ctr_drbg.c
- * Caller:
- *
- * Requires: MBEDTLS_AES_C
- *
- * This module provides the CTR_DRBG AES-256 random number generator.
- */
-#define MBEDTLS_CTR_DRBG_C
-
-/**
- * \def MBEDTLS_DEBUG_C
- *
- * Enable the debug functions.
- *
- * Module:  library/debug.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *          library/ssl_tls.c
- *
- * This module provides debugging functions.
- */
-#if CONFIG_MBEDTLS_DEBUG
-#define MBEDTLS_DEBUG_C
-#endif
-
-/**
- * \def MBEDTLS_DES_C
- *
- * Enable the DES block cipher.
- *
- * Module:  library/des.c
- * Caller:  library/pem.c
- *          library/ssl_tls.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
- *
- * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
- *
- * \warning   DES is considered a weak cipher and its use constitutes a
- *            security risk. We recommend considering stronger ciphers instead.
- */
-#ifdef CONFIG_MBEDTLS_DES_C
-#define MBEDTLS_DES_C
-#endif
-
-/**
- * \def MBEDTLS_DHM_C
- *
- * Enable the Diffie-Hellman-Merkle module.
- *
- * Module:  library/dhm.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *
- * This module is used by the following key exchanges:
- *      DHE-RSA, DHE-PSK
- *
- * \warning    Using DHE constitutes a security risk as it
- *             is not possible to validate custom DH parameters.
- *             If possible, it is recommended users should consider
- *             preferring other methods of key exchange.
- *             See dhm.h for more details.
- *
- */
-#ifdef CONFIG_MBEDTLS_DHM_C
-#define MBEDTLS_DHM_C
-#endif
-
-/**
- * \def MBEDTLS_ECDH_C
- *
- * Enable the elliptic curve Diffie-Hellman library.
- *
- * Module:  library/ecdh.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *
- * This module is used by the following key exchanges:
- *      ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
- *
- * Requires: MBEDTLS_ECP_C
- */
-#ifdef CONFIG_MBEDTLS_ECDH_C
-#define MBEDTLS_ECDH_C
-#endif
-
-/**
- * \def MBEDTLS_ECDSA_C
- *
- * Enable the elliptic curve DSA library.
- *
- * Module:  library/ecdsa.c
- * Caller:
- *
- * This module is used by the following key exchanges:
- *      ECDHE-ECDSA
- *
- * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
- */
-#ifdef CONFIG_MBEDTLS_ECDSA_C
-#define MBEDTLS_ECDSA_C
-#endif
-
-/**
- * \def MBEDTLS_ECJPAKE_C
- *
- * Enable the elliptic curve J-PAKE library.
- *
- * \warning This is currently experimental. EC J-PAKE support is based on the
- * Thread v1.0.0 specification; incompatible changes to the specification
- * might still happen. For this reason, this is disabled by default.
- *
- * Module:  library/ecjpake.c
- * Caller:
- *
- * This module is used by the following key exchanges:
- *      ECJPAKE
- *
- * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
- */
-//#define MBEDTLS_ECJPAKE_C
-
-/**
- * \def MBEDTLS_ECP_C
- *
- * Enable the elliptic curve over GF(p) library.
- *
- * Module:  library/ecp.c
- * Caller:  library/ecdh.c
- *          library/ecdsa.c
- *          library/ecjpake.c
- *
- * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
- */
-#ifdef CONFIG_MBEDTLS_ECP_C
-#define MBEDTLS_ECP_C
-#endif
-
-/**
- * \def MBEDTLS_ENTROPY_C
- *
- * Enable the platform-specific entropy code.
- *
- * Module:  library/entropy.c
- * Caller:
- *
- * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
- *
- * This module provides a generic entropy pool
- */
-#define MBEDTLS_ENTROPY_C
-
-/**
- * \def MBEDTLS_ERROR_C
- *
- * Enable error code to error string conversion.
- *
- * Module:  library/error.c
- * Caller:
- *
- * This module enables mbedtls_strerror().
- */
-//#define MBEDTLS_ERROR_C
-
-/**
- * \def MBEDTLS_GCM_C
- *
- * Enable the Galois/Counter Mode (GCM) for AES.
- *
- * Module:  library/gcm.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
- *
- * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
- * requisites are enabled as well.
- */
-#ifdef CONFIG_MBEDTLS_GCM_C
-#define MBEDTLS_GCM_C
-#endif
-
-/**
- * \def MBEDTLS_HAVEGE_C
- *
- * Enable the HAVEGE random generator.
- *
- * Warning: the HAVEGE random generator is not suitable for virtualized
- *          environments
- *
- * Warning: the HAVEGE random generator is dependent on timing and specific
- *          processor traits. It is therefore not advised to use HAVEGE as
- *          your applications primary random generator or primary entropy pool
- *          input. As a secondary input to your entropy pool, it IS able add
- *          the (limited) extra entropy it provides.
- *
- * Module:  library/havege.c
- * Caller:
- *
- * Requires: MBEDTLS_TIMING_C
- *
- * Uncomment to enable the HAVEGE random generator.
- */
-//#define MBEDTLS_HAVEGE_C
-
-/**
- * \def MBEDTLS_HMAC_DRBG_C
- *
- * Enable the HMAC_DRBG random generator.
- *
- * Module:  library/hmac_drbg.c
- * Caller:
- *
- * Requires: MBEDTLS_MD_C
- *
- * Uncomment to enable the HMAC_DRBG random number geerator.
- */
-//#define MBEDTLS_HMAC_DRBG_C
-
-/**
- * \def MBEDTLS_MD_C
- *
- * Enable the generic message digest layer.
- *
- * Module:  library/md.c
- * Caller:
- *
- * Uncomment to enable generic message digest wrappers.
- */
-#define MBEDTLS_MD_C
-
-/**
- * \def MBEDTLS_MD2_C
- *
- * Enable the MD2 hash algorithm.
- *
- * Module:  library/md2.c
- * Caller:
- *
- * Uncomment to enable support for (rare) MD2-signed X.509 certs.
- *
- * \warning   MD2 is considered a weak message digest and its use constitutes a
- *            security risk. If possible, we recommend avoiding dependencies on
- *            it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_MD2_C
-
-/**
- * \def MBEDTLS_MD4_C
- *
- * Enable the MD4 hash algorithm.
- *
- * Module:  library/md4.c
- * Caller:
- *
- * Uncomment to enable support for (rare) MD4-signed X.509 certs.
- *
- * \warning   MD4 is considered a weak message digest and its use constitutes a
- *            security risk. If possible, we recommend avoiding dependencies on
- *            it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_MD4_C
-
-/**
- * \def MBEDTLS_MD5_C
- *
- * Enable the MD5 hash algorithm.
- *
- * Module:  library/md5.c
- * Caller:  library/md.c
- *          library/pem.c
- *          library/ssl_tls.c
- *
- * This module is required for SSL/TLS up to version 1.1, and for TLS 1.2
- * depending on the handshake parameters. Further, it is used for checking
- * MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded
- * encrypted keys.
- *
- * \warning   MD5 is considered a weak message digest and its use constitutes a
- *            security risk. If possible, we recommend avoiding dependencies on
- *            it, and considering stronger message digests instead.
- *
- */
-#define MBEDTLS_MD5_C
-
-/**
- * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Enable the buffer allocator implementation that makes use of a (stack)
- * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
- * calls)
- *
- * Module:  library/memory_buffer_alloc.c
- *
- * Requires: MBEDTLS_PLATFORM_C
- *           MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
- *
- * Enable this module to enable the buffer memory allocator.
- */
-//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
-
-/**
- * \def MBEDTLS_NET_C
- *
- * Enable the TCP and UDP over IPv6/IPv4 networking routines.
- *
- * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
- * and Windows. For other platforms, you'll want to disable it, and write your
- * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
- *
- * \note See also our Knowledge Base article about porting to a new
- * environment:
- * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
- *
- * Module:  library/net_sockets.c
- *
- * This module provides networking routines.
- */
-//#define MBEDTLS_NET_C
-
-/**
- * \def MBEDTLS_OID_C
- *
- * Enable the OID database.
- *
- * Module:  library/oid.c
- * Caller:  library/asn1write.c
- *          library/pkcs5.c
- *          library/pkparse.c
- *          library/pkwrite.c
- *          library/rsa.c
- *          library/x509.c
- *          library/x509_create.c
- *          library/x509_crl.c
- *          library/x509_crt.c
- *          library/x509_csr.c
- *          library/x509write_crt.c
- *          library/x509write_csr.c
- *
- * This modules translates between OIDs and internal values.
- */
-#define MBEDTLS_OID_C
-
-/**
- * \def MBEDTLS_PADLOCK_C
- *
- * Enable VIA Padlock support on x86.
- *
- * Module:  library/padlock.c
- * Caller:  library/aes.c
- *
- * Requires: MBEDTLS_HAVE_ASM
- *
- * This modules adds support for the VIA PadLock on x86.
- */
-//#define MBEDTLS_PADLOCK_C
-
-/**
- * \def MBEDTLS_PEM_PARSE_C
- *
- * Enable PEM decoding / parsing.
- *
- * Module:  library/pem.c
- * Caller:  library/dhm.c
- *          library/pkparse.c
- *          library/x509_crl.c
- *          library/x509_crt.c
- *          library/x509_csr.c
- *
- * Requires: MBEDTLS_BASE64_C
- *
- * This modules adds support for decoding / parsing PEM files.
- */
-#ifdef CONFIG_MBEDTLS_PEM_PARSE_C
-#define MBEDTLS_PEM_PARSE_C
-#endif
-
-/**
- * \def MBEDTLS_PEM_WRITE_C
- *
- * Enable PEM encoding / writing.
- *
- * Module:  library/pem.c
- * Caller:  library/pkwrite.c
- *          library/x509write_crt.c
- *          library/x509write_csr.c
- *
- * Requires: MBEDTLS_BASE64_C
- *
- * This modules adds support for encoding / writing PEM files.
- */
-#ifdef CONFIG_MBEDTLS_PEM_WRITE_C
-#define MBEDTLS_PEM_WRITE_C
-#endif
-
-/**
- * \def MBEDTLS_PK_C
- *
- * Enable the generic public (asymetric) key layer.
- *
- * Module:  library/pk.c
- * Caller:  library/ssl_tls.c
- *          library/ssl_cli.c
- *          library/ssl_srv.c
- *
- * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
- *
- * Uncomment to enable generic public key wrappers.
- */
-#define MBEDTLS_PK_C
-
-/**
- * \def MBEDTLS_PK_PARSE_C
- *
- * Enable the generic public (asymetric) key parser.
- *
- * Module:  library/pkparse.c
- * Caller:  library/x509_crt.c
- *          library/x509_csr.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * Uncomment to enable generic public key parse functions.
- */
-#define MBEDTLS_PK_PARSE_C
-
-/**
- * \def MBEDTLS_PK_WRITE_C
- *
- * Enable the generic public (asymetric) key writer.
- *
- * Module:  library/pkwrite.c
- * Caller:  library/x509write.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * Uncomment to enable generic public key write functions.
- */
-#define MBEDTLS_PK_WRITE_C
-
-/**
- * \def MBEDTLS_PKCS5_C
- *
- * Enable PKCS#5 functions.
- *
- * Module:  library/pkcs5.c
- *
- * Requires: MBEDTLS_MD_C
- *
- * This module adds support for the PKCS#5 functions.
- */
-//#define MBEDTLS_PKCS5_C
-
-/**
- * \def MBEDTLS_PKCS11_C
- *
- * Enable wrapper for PKCS#11 smartcard support.
- *
- * Module:  library/pkcs11.c
- * Caller:  library/pk.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * This module enables SSL/TLS PKCS #11 smartcard support.
- * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
- */
-//#define MBEDTLS_PKCS11_C
-
-/**
- * \def MBEDTLS_PKCS12_C
- *
- * Enable PKCS#12 PBE functions.
- * Adds algorithms for parsing PKCS#8 encrypted private keys
- *
- * Module:  library/pkcs12.c
- * Caller:  library/pkparse.c
- *
- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
- * Can use:  MBEDTLS_ARC4_C
- *
- * This module enables PKCS#12 functions.
- */
-//#define MBEDTLS_PKCS12_C
-
-/**
- * \def MBEDTLS_PLATFORM_C
- *
- * Enable the platform abstraction layer that allows you to re-assign
- * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
- *
- * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
- * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
- * above to be specified at runtime or compile time respectively.
- *
- * \note This abstraction layer must be enabled on Windows (including MSYS2)
- * as other module rely on it for a fixed snprintf implementation.
- *
- * Module:  library/platform.c
- * Caller:  Most other .c files
- *
- * This module enables abstraction of common (libc) functions.
- */
-#define MBEDTLS_PLATFORM_C
-
-/**
- * \def MBEDTLS_RIPEMD160_C
- *
- * Enable the RIPEMD-160 hash algorithm.
- *
- * Module:  library/ripemd160.c
- * Caller:  library/md.c
- *
- */
-#ifdef CONFIG_MBEDTLS_RIPEMD160_C
-#define MBEDTLS_RIPEMD160_C
-#endif
-
-/**
- * \def MBEDTLS_RSA_C
- *
- * Enable the RSA public-key cryptosystem.
- *
- * Module:  library/rsa.c
- *          library/rsa_internal.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *          library/ssl_tls.c
- *          library/x509.c
- *
- * This module is used by the following key exchanges:
- *      RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
- *
- * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
- */
-#define MBEDTLS_RSA_C
-
-/**
- * \def MBEDTLS_SHA1_C
- *
- * Enable the SHA1 cryptographic hash algorithm.
- *
- * Module:  library/sha1.c
- * Caller:  library/md.c
- *          library/ssl_cli.c
- *          library/ssl_srv.c
- *          library/ssl_tls.c
- *          library/x509write_crt.c
- *
- * This module is required for SSL/TLS up to version 1.1, for TLS 1.2
- * depending on the handshake parameters, and for SHA1-signed certificates.
- *
- * \warning   SHA-1 is considered a weak message digest and its use constitutes
- *            a security risk. If possible, we recommend avoiding dependencies
- *            on it, and considering stronger message digests instead.
- *
- */
-#define MBEDTLS_SHA1_C
-
-/**
- * \def MBEDTLS_SHA256_C
- *
- * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
- *
- * Module:  library/sha256.c
- * Caller:  library/entropy.c
- *          library/md.c
- *          library/ssl_cli.c
- *          library/ssl_srv.c
- *          library/ssl_tls.c
- *
- * This module adds support for SHA-224 and SHA-256.
- * This module is required for the SSL/TLS 1.2 PRF function.
- */
-#define MBEDTLS_SHA256_C
-
-/**
- * \def MBEDTLS_SHA512_C
- *
- * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
- *
- * Module:  library/sha512.c
- * Caller:  library/entropy.c
- *          library/md.c
- *          library/ssl_cli.c
- *          library/ssl_srv.c
- *
- * This module adds support for SHA-384 and SHA-512.
- */
-#define MBEDTLS_SHA512_C
-
-/**
- * \def MBEDTLS_SSL_CACHE_C
- *
- * Enable simple SSL cache implementation.
- *
- * Module:  library/ssl_cache.c
- * Caller:
- *
- * Requires: MBEDTLS_SSL_CACHE_C
- */
-//#define MBEDTLS_SSL_CACHE_C
-
-/**
- * \def MBEDTLS_SSL_COOKIE_C
- *
- * Enable basic implementation of DTLS cookies for hello verification.
- *
- * Module:  library/ssl_cookie.c
- * Caller:
- */
-//#define MBEDTLS_SSL_COOKIE_C
-
-/**
- * \def MBEDTLS_SSL_TICKET_C
- *
- * Enable an implementation of TLS server-side callbacks for session tickets.
- *
- * Module:  library/ssl_ticket.c
- * Caller:
- *
- * Requires: MBEDTLS_CIPHER_C
- */
-//#define MBEDTLS_SSL_TICKET_C
-
-/**
- * \def MBEDTLS_SSL_CLI_C
- *
- * Enable the SSL/TLS client code.
- *
- * Module:  library/ssl_cli.c
- * Caller:
- *
- * Requires: MBEDTLS_SSL_TLS_C
- *
- * This module is required for SSL/TLS client support.
- */
-#ifdef CONFIG_MBEDTLS_TLS_CLIENT
-#define MBEDTLS_SSL_CLI_C
-#endif
-
-/**
- * \def MBEDTLS_SSL_SRV_C
- *
- * Enable the SSL/TLS server code.
- *
- * Module:  library/ssl_srv.c
- * Caller:
- *
- * Requires: MBEDTLS_SSL_TLS_C
- *
- * This module is required for SSL/TLS server support.
- */
-#ifdef CONFIG_MBEDTLS_TLS_SERVER
-#define MBEDTLS_SSL_SRV_C
-#endif
-
-/**
- * \def MBEDTLS_SSL_TLS_C
- *
- * Enable the generic SSL/TLS code.
- *
- * Module:  library/ssl_tls.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *
- * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
- *           and at least one of the MBEDTLS_SSL_PROTO_XXX defines
- *
- * This module is required for SSL/TLS.
- */
-#ifdef CONFIG_MBEDTLS_TLS_ENABLED
-#define MBEDTLS_SSL_TLS_C
-#endif
-
-/**
- * \def MBEDTLS_THREADING_C
- *
- * Enable the threading abstraction layer.
- * By default mbed TLS assumes it is used in a non-threaded environment or that
- * contexts are not shared between threads. If you do intend to use contexts
- * between threads, you will need to enable this layer to prevent race
- * conditions. See also our Knowledge Base article about threading:
- * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
- *
- * Module:  library/threading.c
- *
- * This allows different threading implementations (self-implemented or
- * provided).
- *
- * You will have to enable either MBEDTLS_THREADING_ALT or
- * MBEDTLS_THREADING_PTHREAD.
- *
- * Enable this layer to allow use of mutexes within mbed TLS
- */
-//#define MBEDTLS_THREADING_C
-
-/**
- * \def MBEDTLS_TIMING_C
- *
- * Enable the semi-portable timing interface.
- *
- * \note The provided implementation only works on POSIX/Unix (including Linux,
- * BSD and OS X) and Windows. On other platforms, you can either disable that
- * module and provide your own implementations of the callbacks needed by
- * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
- * your own implementation of the whole module by setting
- * \c MBEDTLS_TIMING_ALT in the current file.
- *
- * \note See also our Knowledge Base article about porting to a new
- * environment:
- * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
- *
- * Module:  library/timing.c
- * Caller:  library/havege.c
- *
- * This module is used by the HAVEGE random number generator.
- */
-//#define MBEDTLS_TIMING_C
-
-/**
- * \def MBEDTLS_VERSION_C
- *
- * Enable run-time version information.
- *
- * Module:  library/version.c
- *
- * This module provides run-time version information.
- */
-#define MBEDTLS_VERSION_C
-
-/**
- * \def MBEDTLS_X509_USE_C
- *
- * Enable X.509 core for using certificates.
- *
- * Module:  library/x509.c
- * Caller:  library/x509_crl.c
- *          library/x509_crt.c
- *          library/x509_csr.c
- *
- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
- *           MBEDTLS_PK_PARSE_C
- *
- * This module is required for the X.509 parsing modules.
- */
-#define MBEDTLS_X509_USE_C
-
-/**
- * \def MBEDTLS_X509_CRT_PARSE_C
- *
- * Enable X.509 certificate parsing.
- *
- * Module:  library/x509_crt.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *          library/ssl_tls.c
- *
- * Requires: MBEDTLS_X509_USE_C
- *
- * This module is required for X.509 certificate parsing.
- */
-#define MBEDTLS_X509_CRT_PARSE_C
-
-/**
- * \def MBEDTLS_X509_CRL_PARSE_C
- *
- * Enable X.509 CRL parsing.
- *
- * Module:  library/x509_crl.c
- * Caller:  library/x509_crt.c
- *
- * Requires: MBEDTLS_X509_USE_C
- *
- * This module is required for X.509 CRL parsing.
- */
-#ifdef CONFIG_MBEDTLS_X509_CRL_PARSE_C
-#define MBEDTLS_X509_CRL_PARSE_C
-#endif
-
-/**
- * \def MBEDTLS_X509_CSR_PARSE_C
- *
- * Enable X.509 Certificate Signing Request (CSR) parsing.
- *
- * Module:  library/x509_csr.c
- * Caller:  library/x509_crt_write.c
- *
- * Requires: MBEDTLS_X509_USE_C
- *
- * This module is used for reading X.509 certificate request.
- */
-#ifdef CONFIG_MBEDTLS_X509_CSR_PARSE_C
-#define MBEDTLS_X509_CSR_PARSE_C
-#endif
-
-/**
- * \def MBEDTLS_X509_CREATE_C
- *
- * Enable X.509 core for creating certificates.
- *
- * Module:  library/x509_create.c
- *
- * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
- *
- * This module is the basis for creating X.509 certificates and CSRs.
- */
-#define MBEDTLS_X509_CREATE_C
-
-/**
- * \def MBEDTLS_X509_CRT_WRITE_C
- *
- * Enable creating X.509 certificates.
- *
- * Module:  library/x509_crt_write.c
- *
- * Requires: MBEDTLS_X509_CREATE_C
- *
- * This module is required for X.509 certificate creation.
- */
-#define MBEDTLS_X509_CRT_WRITE_C
-
-/**
- * \def MBEDTLS_X509_CSR_WRITE_C
- *
- * Enable creating X.509 Certificate Signing Requests (CSR).
- *
- * Module:  library/x509_csr_write.c
- *
- * Requires: MBEDTLS_X509_CREATE_C
- *
- * This module is required for X.509 certificate request writing.
- */
-#define MBEDTLS_X509_CSR_WRITE_C
-
-/**
- * \def MBEDTLS_XTEA_C
- *
- * Enable the XTEA block cipher.
- *
- * Module:  library/xtea.c
- * Caller:
- */
-#ifdef CONFIG_MBEDTLS_XTEA_C
-#define MBEDTLS_XTEA_C
-#endif
-
-/* \} name SECTION: mbed TLS modules */
-
-/**
- * \name SECTION: Module configuration options
- *
- * This section allows for the setting of module specific sizes and
- * configuration options. The default values are already present in the
- * relevant header files and should suffice for the regular use cases.
- *
- * Our advice is to enable options and change their values here
- * only if you have a good reason and know the consequences.
- *
- * Please check the respective header file for documentation on these
- * parameters (to prevent duplicate documentation).
- * \{
- */
-
-/* MPI / BIGNUM options */
-//#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum windows size used. */
-//#define MBEDTLS_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */
-
-/* CTR_DRBG options */
-//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
-//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL        10000 /**< Interval before reseed is performed by default */
-//#define MBEDTLS_CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
-//#define MBEDTLS_CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
-//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT           384 /**< Maximum size of (re)seed buffer */
-
-/* HMAC_DRBG options */
-//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000 /**< Interval before reseed is performed by default */
-//#define MBEDTLS_HMAC_DRBG_MAX_INPUT           256 /**< Maximum number of additional input bytes */
-//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST        1024 /**< Maximum number of requested bytes per call */
-//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT      384 /**< Maximum size of (re)seed buffer */
-
-/* ECP options */
-//#define MBEDTLS_ECP_MAX_BITS             521 /**< Maximum bit size of groups */
-//#define MBEDTLS_ECP_WINDOW_SIZE            6 /**< Maximum window size used */
-//#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
-
-/* Entropy options */
-//#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
-//#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
-//#define MBEDTLS_ENTROPY_MIN_HARDWARE               32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
-
-/* Memory buffer allocator options */
-//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE      4 /**< Align on multiples of this value */
-
-/* Platform options */
-//#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
-//#define MBEDTLS_PLATFORM_STD_CALLOC        calloc /**< Default allocator to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_FREE            free /**< Default free to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT            exit /**< Default exit to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_TIME            time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
-/* Note: your snprintf must correclty zero-terminate the buffer! */
-//#define MBEDTLS_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS       0 /**< Default exit value to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE       1 /**< Default exit value to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE  "seedfile" /**< Seed file to read/write with default implementation */
-
-/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
-/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
-//#define MBEDTLS_PLATFORM_CALLOC_MACRO        calloc /**< Default allocator macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_FREE_MACRO            free /**< Default free macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_EXIT_MACRO            exit /**< Default exit macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_TIME_MACRO            time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO       time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
-/* Note: your snprintf must correclty zero-terminate the buffer! */
-//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-
-/* SSL Cache options */
-//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
-//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
-
-/* SSL options */
-//#define MBEDTLS_SSL_MAX_CONTENT_LEN             CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
-#define MBEDTLS_SSL_IN_CONTENT_LEN              CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN  /**<  Determines the size of the internal Input buffer in bytes */
-#define MBEDTLS_SSL_OUT_CONTENT_LEN             CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN /**<  Determines the size of the internal Output buffer in bytes */
-//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
-//#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
-//#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
-
-/**
- * Complete list of ciphersuites to use, in order of preference.
- *
- * \warning No dependency checking is done on that field! This option can only
- * be used to restrict the set of available ciphersuites. It is your
- * responsibility to make sure the needed modules are active.
- *
- * Use this to save a few hundred bytes of ROM (default ordering of all
- * available ciphersuites) and a few to a few hundred bytes of RAM.
- *
- * The value below is only an example, not the default.
- */
-//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-
-/* X509 options */
-//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
-//#define MBEDTLS_X509_MAX_FILE_PATH_LEN     512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
-
-/**
- * Allow SHA-1 in the default TLS configuration for certificate signing.
- * Without this build-time option, SHA-1 support must be activated explicitly
- * through mbedtls_ssl_conf_cert_profile. Turning on this option is not
- * recommended because of it is possible to generate SHA-1 collisions, however
- * this may be safe for legacy infrastructure where additional controls apply.
- *
- * \warning   SHA-1 is considered a weak message digest and its use constitutes
- *            a security risk. If possible, we recommend avoiding dependencies
- *            on it, and considering stronger message digests instead.
- *
- */
-#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-
-/**
- * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
- * signature and ciphersuite selection. Without this build-time option, SHA-1
- * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
- * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
- * default. At the time of writing, there is no practical attack on the use
- * of SHA-1 in handshake signatures, hence this option is turned on by default
- * to preserve compatibility with existing peers, but the general
- * warning applies nonetheless:
- *
- * \warning   SHA-1 is considered a weak message digest and its use constitutes
- *            a security risk. If possible, we recommend avoiding dependencies
- *            on it, and considering stronger message digests instead.
- *
- */
-#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
-
-/* \} name SECTION: Customisation configuration options */
-
-/* Target and application specific configurations */
-//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h"
-
-#if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE)
-#include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE
-#endif
-
-/*
- * Allow user to override any previous default.
- *
- * Use two macro names for that, as:
- * - with yotta the prefix YOTTA_CFG_ is forced
- * - without yotta is looks weird to have a YOTTA prefix.
- */
-#if defined(YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE)
-#include YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE
-#elif defined(MBEDTLS_USER_CONFIG_FILE)
-#include MBEDTLS_USER_CONFIG_FILE
-#endif
-
-#ifdef CONFIG_MBEDTLS_RSA_BITLEN_MIN
-#define MBEDTLS_RSA_BITLEN_MIN CONFIG_MBEDTLS_RSA_BITLEN_MIN
-#else
-#define MBEDTLS_RSA_BITLEN_MIN 2048
-#endif
-
-#define MBEDTLS_DEBUGF(_fmt, ...)   printf(_fmt "\r\n", ##__VA_ARGS__)
-
-#include "mbedtls/check_config.h"
-
-#endif /* MBEDTLS_CONFIG_H */
diff --git a/components/ssl/mbedtls/port/esp8266/include/md5_alt.h b/components/ssl/mbedtls/port/esp8266/include/md5_alt.h
deleted file mode 100644
index 8a0b808b..00000000
--- a/components/ssl/mbedtls/port/esp8266/include/md5_alt.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-#ifndef MD5_ALT_H
-#define MD5_ALT_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_MD5_ALT)
-#include "esp_md5.h"
-
-typedef esp_md5_context_t mbedtls_md5_context;
-
-#define mbedtls_md5_init(_ctx)                     { }
-
-#define mbedtls_md5_free(_ctx)                     { }
-
-#define mbedtls_md5_clone(_d, _s)                  { *(_d) = *(_s); }
-
-#define mbedtls_md5_starts_ret(_ctx)               esp_md5_init(_ctx)
-
-#define mbedtls_md5_update_ret(_ctx, _s, _l)       esp_md5_update(_ctx, _s, _l)
-
-#define mbedtls_md5_finish_ret(_ctx, _d)           esp_md5_final(_ctx, _d)
-
-#define mbedtls_internal_md5_process(_ctx, _s)     esp_md5_update(_ctx, _s, 64)
-#endif /* MBEDTLS_MD5_ALT */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/components/ssl/mbedtls/port/esp8266/include/sha256_alt.h b/components/ssl/mbedtls/port/esp8266/include/sha256_alt.h
deleted file mode 100644
index d602e532..00000000
--- a/components/ssl/mbedtls/port/esp8266/include/sha256_alt.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- *  SHA-256 implementation with extra ESP8266 support added.
- *  Uses mbedTLS software implementation for failover when concurrent
- *  SHA operations are in use.
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-#ifndef _SHA256_ALT_H_
-#define _SHA256_ALT_H_
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_SHA256_ALT)
-
-#include "esp_sha.h"
-
-typedef esp_sha_t mbedtls_sha256_context;
-
-#define mbedtls_sha256_init(_ctx)                   { }
-
-#define mbedtls_sha256_free(_ctx)                   { }
-
-#define mbedtls_sha256_clone(_d, _s)                { *(_d) = *(_s); }
-
-#define mbedtls_sha256_starts_ret(_ctx, _is224)     \
-({                                                  \
-    int ret;                                        \
-                                                    \
-    if (_is224)                                     \
-        ret = esp_sha224_init(_ctx);                \
-    else                                            \
-        ret = esp_sha256_init(_ctx);                \
-                                                    \
-    ret;                                            \
-})
-
-#define mbedtls_sha256_update_ret(_ctx, _s, _l)     esp_sha256_update(_ctx, _s, _l)
-
-#define mbedtls_sha256_finish_ret(_ctx, _d)         esp_sha256_finish(_ctx, _d)
-
-#define mbedtls_internal_sha256_process(_ctx, _s)   esp_sha256_update(_ctx, _s, 64)
-
-#endif /* MBEDTLS_SHA256_ALT */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/components/ssl/mbedtls/port/esp8266/include/sha512_alt.h b/components/ssl/mbedtls/port/esp8266/include/sha512_alt.h
deleted file mode 100644
index 1fe60382..00000000
--- a/components/ssl/mbedtls/port/esp8266/include/sha512_alt.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- *  SHA-512 implementation with extra ESP8266 support added.
- *  Uses mbedTLS software implementation for failover when concurrent
- *  SHA operations are in use.
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-#ifndef _SHA512_ALT_H_
-#define _SHA512_ALT_H_
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_SHA512_ALT)
-
-#include "esp_sha.h"
-
-typedef esp_sha512_t mbedtls_sha512_context;
-
-#define mbedtls_sha512_init(_ctx)                   { }
-
-#define mbedtls_sha512_free(_ctx)                   { }
-
-#define mbedtls_sha512_clone(_d, _s)                { *(_d) = *(_s); }
-
-#define mbedtls_sha512_starts_ret(_ctx, _is384)     \
-({                                                  \
-    int ret;                                        \
-                                                    \
-    if (_is384)                                     \
-        ret = esp_sha384_init(_ctx);                \
-    else                                            \
-        ret = esp_sha512_init(_ctx);                \
-                                                    \
-    ret;                                            \
-})
-
-#define mbedtls_sha512_update_ret(_ctx, _s, _l)     esp_sha512_update(_ctx, _s, _l)
-
-#define mbedtls_sha512_finish_ret(_ctx, _d)         esp_sha512_finish(_ctx, _d)
-
-#define mbedtls_internal_sha512_process(_ctx, _s)   esp_sha512_update(_ctx, _s, 128)
-
-#endif /* MBEDTLS_SHA512_ALT */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/components/ssl/mbedtls/port/esp8266/net.c b/components/ssl/mbedtls/port/esp8266/net.c
deleted file mode 100644
index fdcb8bed..00000000
--- a/components/ssl/mbedtls/port/esp8266/net.c
+++ /dev/null
@@ -1,519 +0,0 @@
-/*
- *  TCP/IP or UDP/IP networking functions
- *  modified for LWIP support on ESP8266
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  Additions Copyright (C) 2015 Angus Gratton
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if !defined(MBEDTLS_NET_C)
-
-#include "mbedtls/net.h"
-
-#include <string.h>
-
-#include <sys/types.h>
-#include <sys/socket.h>
-//#include <sys/time.h>
-#include <unistd.h>
-#include <netdb.h>
-#include <errno.h>
-
-#include <stdlib.h>
-#include <stdio.h>
-
-#include <time.h>
-
-#include <stdint.h>
-
-/*
- * Prepare for using the sockets interface
- */
-static int net_prepare( void )
-{
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-    WSADATA wsaData;
-
-    if( wsa_init_done == 0 )
-    {
-        if( WSAStartup( MAKEWORD(2,0), &wsaData ) != 0 )
-            return( MBEDTLS_ERR_NET_SOCKET_FAILED );
-
-        wsa_init_done = 1;
-    }
-#else
-#endif
-    return( 0 );
-}
-
-/*
- * Initialize a context
- */
-void mbedtls_net_init( mbedtls_net_context *ctx )
-{
-    ctx->fd = -1;
-}
-
-/*
- * Initiate a TCP connection with host:port and the given protocol
- */
-int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto )
-{
-    int ret;
-    struct addrinfo hints, *addr_list, *cur;
-
-    if( ( ret = net_prepare() ) != 0 )
-        return( ret );
-
-    /* Do name resolution with both IPv6 and IPv4 */
-    memset( &hints, 0, sizeof( hints ) );
-    hints.ai_family = AF_UNSPEC;
-    hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
-    hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
-
-    if( getaddrinfo( host, port, &hints, &addr_list ) != 0 )
-        return( MBEDTLS_ERR_NET_UNKNOWN_HOST );
-
-    /* Try the sockaddrs until a connection succeeds */
-    ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
-    for( cur = addr_list; cur != NULL; cur = cur->ai_next )
-    {
-        ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype,
-                            cur->ai_protocol );
-        if( ctx->fd < 0 )
-        {
-            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
-            continue;
-        }
-
-        if( connect( ctx->fd, cur->ai_addr, cur->ai_addrlen ) == 0 )
-        {
-            ret = 0;
-            break;
-        }
-
-        close( ctx->fd );
-        ret = MBEDTLS_ERR_NET_CONNECT_FAILED;
-    }
-
-    freeaddrinfo( addr_list );
-
-    return( ret );
-}
-
-/*
- * Create a listening socket on bind_ip:port
- */
-int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto )
-{
-#if SO_REUSE
-    int n;
-#endif
-    int ret;
-    struct addrinfo hints, *addr_list, *cur;
-
-    if( ( ret = net_prepare() ) != 0 )
-        return( ret );
-
-    /* Bind to IPv6 and/or IPv4, but only in the desired protocol */
-    memset( &hints, 0, sizeof( hints ) );
-    hints.ai_family = AF_UNSPEC;
-    hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
-    hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
-
-    if( getaddrinfo( bind_ip, port, &hints, &addr_list ) != 0 )
-        return( MBEDTLS_ERR_NET_UNKNOWN_HOST );
-
-    /* Try the sockaddrs until a binding succeeds */
-    ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
-    for( cur = addr_list; cur != NULL; cur = cur->ai_next )
-    {
-        ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype,
-                            cur->ai_protocol );
-        if( ctx->fd < 0 )
-        {
-            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
-            continue;
-        }
-
-		/*SO_REUSEADDR option dafault is disable in source code(lwip)*/
-#if SO_REUSE
-        n = 1;
-        if( setsockopt( ctx->fd, SOL_SOCKET, SO_REUSEADDR,
-                        (const char *) &n, sizeof( n ) ) != 0 )
-        {
-            close( ctx->fd );
-            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
-            continue;
-        }
-#endif
-		/*bind interface dafault don't process the addr is 0xffffffff for TCP Protocol*/
-		struct sockaddr_in *serv_addr = NULL;
-		serv_addr = (struct sockaddr_in *)cur->ai_addr;		
-		serv_addr->sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
-        if( bind( ctx->fd, (struct sockaddr *)serv_addr, cur->ai_addrlen ) != 0 )
-        {
-            close( ctx->fd );
-            ret = MBEDTLS_ERR_NET_BIND_FAILED;
-            continue;
-        }
-
-        /* Listen only makes sense for TCP */
-        if( proto == MBEDTLS_NET_PROTO_TCP )
-        {
-            if( listen( ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG ) != 0 )
-            {
-                close( ctx->fd );
-                ret = MBEDTLS_ERR_NET_LISTEN_FAILED;
-                continue;
-            }
-        }
-
-        /* I we ever get there, it's a success */
-        ret = 0;
-        break;
-    }
-
-    freeaddrinfo( addr_list );
-
-    return( ret );
-
-}
-
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-/*
- * Check if the requested operation would be blocking on a non-blocking socket
- * and thus 'failed' with a negative return value.
- */
-static int net_would_block( const mbedtls_net_context *ctx )
-{
-    ((void) ctx);
-    return( WSAGetLastError() == WSAEWOULDBLOCK );
-}
-#else
-/*
- * Check if the requested operation would be blocking on a non-blocking socket
- * and thus 'failed' with a negative return value.
- *
- * Note: on a blocking socket this function always returns 0!
- */
-static int net_would_block( const mbedtls_net_context *ctx )
-{
-    /*
-     * Never return 'WOULD BLOCK' on a non-blocking socket
-     */
-    if( ( fcntl( ctx->fd, F_GETFL, 0) & O_NONBLOCK ) != O_NONBLOCK )
-        return( 0 );
-
-    switch( errno )
-    {
-#if defined EAGAIN
-        case EAGAIN:
-#endif
-#if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN
-        case EWOULDBLOCK:
-#endif
-            return( 1 );
-    }
-    return( 0 );
-}
-#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
-
-/*
- * Accept a connection from a remote client
- */
-int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
-                        mbedtls_net_context *client_ctx,
-                        void *client_ip, size_t buf_size, size_t *ip_len )
-{
-    int ret;
-    int type;
-
-    struct sockaddr_in client_addr;
-
-    socklen_t n = (socklen_t) sizeof( client_addr );
-    socklen_t type_len = (socklen_t) sizeof( type );
-
-    /* Is this a TCP or UDP socket? */
-    if( getsockopt( bind_ctx->fd, SOL_SOCKET, SO_TYPE,
-                    (void *) &type, (socklen_t *) &type_len ) != 0 ||
-        ( type != SOCK_STREAM && type != SOCK_DGRAM ) )
-    {
-        return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
-    }
-
-    if( type == SOCK_STREAM )
-    {
-        /* TCP: actual accept() */
-        ret = client_ctx->fd = (int) accept( bind_ctx->fd,
-                                             (struct sockaddr *) &client_addr, &n );
-    }
-    else
-    {
-        /* UDP: wait for a message, but keep it in the queue */
-        char buf[1] = { 0 };
-
-        ret = recvfrom( bind_ctx->fd, buf, sizeof( buf ), MSG_PEEK,
-                        (struct sockaddr *) &client_addr, &n );
-
-#if defined(_WIN32)
-        if( ret == SOCKET_ERROR &&
-            WSAGetLastError() == WSAEMSGSIZE )
-        {
-            /* We know buf is too small, thanks, just peeking here */
-            ret = 0;
-        }
-#endif
-    }
-
-    if( ret < 0 )
-    {
-        if( net_would_block( bind_ctx ) != 0 )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-
-        return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
-    }
-
-    /* UDP: hijack the listening socket to communicate with the client,
-     * then bind a new socket to accept new connections */
-    if( type != SOCK_STREAM )
-    {
-        struct sockaddr_in local_addr;
-        int one = 1;
-
-        if( connect( bind_ctx->fd, (struct sockaddr *) &client_addr, n ) != 0 )
-            return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
-
-        client_ctx->fd = bind_ctx->fd;
-        bind_ctx->fd   = -1; /* In case we exit early */
-
-        n = sizeof( struct sockaddr_in );
-        if( getsockname( client_ctx->fd,
-                         (struct sockaddr *) &local_addr, &n ) != 0 ||
-            ( bind_ctx->fd = (int) socket( AF_INET,
-                                           SOCK_DGRAM, IPPROTO_UDP ) ) < 0 ||
-            setsockopt( bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR,
-                        (const char *) &one, sizeof( one ) ) != 0 )
-        {
-            return( MBEDTLS_ERR_NET_SOCKET_FAILED );
-        }
-
-        if( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 )
-        {
-            return( MBEDTLS_ERR_NET_BIND_FAILED );
-        }
-    }
-
-    if( client_ip != NULL )
-    {
-            struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr;
-            *ip_len = sizeof( addr4->sin_addr.s_addr );
-
-            if( buf_size < *ip_len )
-                return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL );
-
-            memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len );
-    }
-
-    return( 0 );
-}
-
-/*
- * Set the socket blocking or non-blocking
- */
-int mbedtls_net_set_block( mbedtls_net_context *ctx )
-{
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-    u_long n = 0;
-    return( ioctlsocket( ctx->fd, FIONBIO, &n ) );
-#else
-    return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) & ~O_NONBLOCK ) );
-#endif
-}
-
-int mbedtls_net_set_nonblock( mbedtls_net_context *ctx )
-{
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-    u_long n = 1;
-    return( ioctlsocket( ctx->fd, FIONBIO, &n ) );
-#else
-    return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL, 0 ) | O_NONBLOCK ) );
-#endif
-}
-
-/*
- * Portable usleep helper
- */
-void mbedtls_net_usleep( unsigned long usec )
-{
-#if defined(_WIN32)
-    Sleep( ( usec + 999 ) / 1000 );
-#else
-    struct timeval tv;
-    tv.tv_sec  = usec / 1000000;
-#if defined(__unix__) || defined(__unix) || \
-    ( defined(__APPLE__) && defined(__MACH__) )
-    tv.tv_usec = (suseconds_t) usec % 1000000;
-#else
-    tv.tv_usec = usec % 1000000;
-#endif
-    select( 0, NULL, NULL, NULL, &tv );
-#endif
-}
-
-/*
- * Read at most 'len' characters
- */
-int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
-{
-    int ret;
-    int fd = ((mbedtls_net_context *) ctx)->fd;
-
-    if( fd < 0 )
-        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
-
-    ret = (int) read( fd, buf, len );
-
-    if( ret < 0 )
-    {
-        if( net_would_block( ctx ) != 0 )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-        if( WSAGetLastError() == WSAECONNRESET )
-            return( MBEDTLS_ERR_NET_CONN_RESET );
-#else
-        if( errno == EPIPE || errno == ECONNRESET )
-            return( MBEDTLS_ERR_NET_CONN_RESET );
-
-        if( errno == EINTR )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-#endif
-
-        return( MBEDTLS_ERR_NET_RECV_FAILED );
-    }
-
-    return( ret );
-}
-
-/*
- * Read at most 'len' characters, blocking for at most 'timeout' ms
- */
-int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
-                      uint32_t timeout )
-{
-    int ret;
-    struct timeval tv;
-    fd_set read_fds;
-    int fd = ((mbedtls_net_context *) ctx)->fd;
-
-    if( fd < 0 )
-        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
-
-    FD_ZERO( &read_fds );
-    FD_SET( fd, &read_fds );
-
-    tv.tv_sec  = timeout / 1000;
-    tv.tv_usec = ( timeout % 1000 ) * 1000;
-
-    ret = select( fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv );
-
-    /* Zero fds ready means we timed out */
-    if( ret == 0 )
-        return( MBEDTLS_ERR_SSL_TIMEOUT );
-
-    if( ret < 0 )
-    {
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-        if( WSAGetLastError() == WSAEINTR )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-#else
-        if( errno == EINTR )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-#endif
-
-        return( MBEDTLS_ERR_NET_RECV_FAILED );
-    }
-
-    /* This call will not block */
-    return( mbedtls_net_recv( ctx, buf, len ) );
-}
-
-/*
- * Write at most 'len' characters
- */
-int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
-{
-    int ret;
-    int fd = ((mbedtls_net_context *) ctx)->fd;
-
-    if( fd < 0 )
-        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
-
-    ret = (int) write( fd, buf, len );
-
-    if( ret < 0 )
-    {
-        if( net_would_block( ctx ) != 0 )
-            return( MBEDTLS_ERR_SSL_WANT_WRITE );
-
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-        if( WSAGetLastError() == WSAECONNRESET )
-            return( MBEDTLS_ERR_NET_CONN_RESET );
-#else
-        if( errno == EPIPE || errno == ECONNRESET )
-            return( MBEDTLS_ERR_NET_CONN_RESET );
-
-        if( errno == EINTR )
-            return( MBEDTLS_ERR_SSL_WANT_WRITE );
-#endif
-
-        return( MBEDTLS_ERR_NET_SEND_FAILED );
-    }
-
-    return( ret );
-}
-
-/*
- * Gracefully close the connection
- */
-void mbedtls_net_free( mbedtls_net_context *ctx )
-{
-    if( ctx->fd == -1 )
-        return;
-
-    shutdown( ctx->fd, 2 );
-    close( ctx->fd );
-
-    ctx->fd = -1;
-}
-
-#endif /* MBEDTLS_NET_C */
diff --git a/components/ssl/mbedtls/port/openssl/include/platform/ssl_opt.h b/components/ssl/mbedtls/port/openssl/include/platform/ssl_opt.h
deleted file mode 100644
index 65cd4232..00000000
--- a/components/ssl/mbedtls/port/openssl/include/platform/ssl_opt.h
+++ /dev/null
@@ -1,89 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef _SSL_OPT_H_
-#define _SSL_OPT_H_
-
-/*
- * Enable OpenSSL debugging function.
- *
- * If the option is enabled, "SSL_DEBUG" works.
- */
-//#define CONFIG_OPENSSL_DEBUG
-
-#ifdef CONFIG_OPENSSL_DEBUG
-
-/*
- * OpenSSL debugging level.
- *
- * Only function whose debugging level is higher than "OPENSSL_DEBUG_LEVEL" works.
- *
- * For example:
- *     If OPENSSL_DEBUG_LEVEL = 2, you use function "SSL_DEBUG(1, "malloc failed")". 
- *     Because 1 < 2, it will not print.
- */
-//#define CONFIG_OPENSSL_DEBUG_LEVEL
-
-/*
- * If the option is enabled, low-level module debugging function of OpenSSL is enabled, 
- * e.g. mbedtls internal debugging function.
- */
-//#define CONFIG_OPENSSL_LOWLEVEL_DEBUG
-
-#endif /* CONFIG_OPENSSL_DEBUG */
-
-/*
- * OpenSSL function needs "assert" function to check if input parameters are valid.
- *
- * If you want to use assert debugging function, "OPENSSL_DEBUG" should be enabled.
- *
- * You must only select one of following:
- *     1. CONFIG_OPENSSL_ASSERT_DO_NOTHING
- *     2. CONFIG_OPENSSL_ASSERT_EXIT
- *     3. CONFIG_OPENSSL_ASSERT_DEBUG (depend on "CONFIG_OPENSSL_DEBUG")
- *     4. CONFIG_OPENSSL_ASSERT_DEBUG_EXIT (depend on "CONFIG_OPENSSL_DEBUG")
- *     5. CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK (depend on "CONFIG_OPENSSL_DEBUG")
- */
-
-/*
- * Do nothing and "SSL_ASSERT" does not work.
- */
-//#define CONFIG_OPENSSL_ASSERT_DO_NOTHING
-
-/*
- * Enable assert exiting, it will check and return error code.
- */
-#define CONFIG_OPENSSL_ASSERT_EXIT
-  
-#ifdef CONFIG_OPENSSL_DEBUG
-      
-/*
- * Enable assert debugging, it will check and show debugging message.
- */
-//#define CONFIG_OPENSSL_ASSERT_DEBUG
-
-/*
- * Enable assert debugging and exiting, it will check, show debugging message and return error code.
- */
-//#define CONFIG_OPENSSL_ASSERT_DEBUG_EXIT
-
-/*
- * Enable assert debugging and blocking, it will check, show debugging message and block by "while (1);".
- */
-//#define CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK
-
-#endif /* CONFIG_OPENSSL_DEBUG */
-
-#endif
-
diff --git a/components/ssl/mbedtls/port/openssl/source/platform/ssl_pm_extend.c b/components/ssl/mbedtls/port/openssl/source/platform/ssl_pm_extend.c
deleted file mode 100644
index 0710b574..00000000
--- a/components/ssl/mbedtls/port/openssl/source/platform/ssl_pm_extend.c
+++ /dev/null
@@ -1,365 +0,0 @@
-
-/*
- * Copyright (c) 2007, Cameron Rich
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice,
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- *   this list of conditions and the following disclaimer in the documentation
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors
- *   may be used to endorse or promote products derived from this software
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * Enable a subset of espressif platom ssl compatible functions. We don't aim to be 100%
- * compatible - just to be able to do basic ports etc.
- *
- * Only really tested on mini_httpd, so I'm not too sure how extensive this
- * port is.
- */
-#include <stdint.h>
-
-#include "ssl_pm.h"
-#include "lwip/err.h"
-#include "openssl/ssl.h"
-
-typedef int MD5_CTX;
-typedef int X509_CTX;
-
-/*
-Sets up digest context ctx to use a digest type from ENGINE impl.
-Type will typically be supplied by a function such as EVP_sha1().
-If impl is NULL then the default implementation of digest type is used.
-*/
-void EVP_DigestInit(MD5_CTX* ctx, uint8_t* out)
-{
-    return;
-}
-
-/*
-Hashes ilen bytes of data at input into the digest context ctx.
-This function can be called several times on the same ctx to hash additional data.
-*/
-void EVP_DigestUpdate(MD5_CTX* ctx, const uint8_t* input, int ilen)
-{
-    return;
-}
-
-/*
-Retrieves the digest value from ctx and places it in output.
-If the olen parameter is not NULL then the number of bytes of data written (i.e. the length of the digest)
-will be written to the integer at s, at most EVP_MAX_MD_SIZE bytes will be written.
-After calling EVP_DigestFinal() no additional calls to EVP_DigestUpdate() can be made,
-but EVP_DigestInit() can be called to initialize a new digest operation.
-*/
-void EVP_DigestFinal(MD5_CTX* ctx, uint8_t* output, uint16_t* olen)
-{
-    return;
-}
-
-/*
-Return EVP_MD structures for the SHA1 digest algorithms respectively.
-The associated signature algorithm is RSA in each case.
-*/
-char* EVP_sha1(void)
-{
-    return NULL;
-}
-
-/*
-cleans up EVP.
-*/
-char* EVP_cleanup(void)
-{
-    return NULL;
-}
-
-static const unsigned char base64_enc_map[64] = {
-    'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
-    'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
-    'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd',
-    'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
-    'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
-    'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7',
-    '8', '9', '+', '/'
-};
-
-/******************************************************************************
- * FunctionName : base64_encode
- * Description  : Encode Base64 data
- * Parameters	 : dst -- destination buffer
- * 			   dlen -- destination buffer len
- * 			   olen -- output buffer len
- * 			   src -- source buffer
- * 			   slen -- source buffer len
- * Returns 	 : none
-*******************************************************************************/
-int base64_encode(uint8_t* dst, size_t dlen, size_t* olen,
-                  const uint8_t* src, size_t slen)
-{
-    size_t i, n;
-    int C1, C2, C3;
-    unsigned char* p = NULL;
-
-    if (slen == 0) {
-        *olen = 0;
-        return 0;
-    }
-
-    n = (slen << 3) / 6;
-
-    switch ((slen << 3) - (n * 6)) {
-        case 2:
-            n += 3;
-            break;
-
-        case 4:
-            n += 2;
-            break;
-
-        default:
-            break;
-    }
-
-    if (dlen < (n + 1)) {
-        *olen = n + 1;
-        return -42;
-    }
-
-    n = (slen / 3) * 3;
-
-    for (i = 0, p = dst; i < n; i += 3) {
-        C1 = *src++;
-        C2 = *src++;
-        C3 = *src++;
-
-        *p++ = base64_enc_map[(C1 >> 2) & 0x3F];
-        *p++ = base64_enc_map[(((C1 &  3) << 4) + (C2 >> 4)) & 0x3F];
-        *p++ = base64_enc_map[(((C2 & 15) << 2) + (C3 >> 6)) & 0x3F];
-        *p++ = base64_enc_map[C3 & 0x3F];
-    }
-
-    if (i < slen) {
-        C1 = *src++;
-        C2 = ((i + 1) < slen) ? *src++ : 0;
-
-        *p++ = base64_enc_map[(C1 >> 2) & 0x3F];
-        *p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
-
-        if ((i + 1) < slen) {
-            *p++ = base64_enc_map[((C2 & 15) << 2) & 0x3F];
-        } else {
-            *p++ = '=';
-        }
-
-        *p++ = '=';
-
-        *olen = p - dst;
-        *p  = 0;
-    }
-
-    return 0;
-}
-
-/*
-Return server SSLv23 method.
-*/
-const SSL_METHOD* SSLv23_server_method(void)
-{
-    return NULL;
-}
-
-/*
-Return client SSLv23 method.
-*/
-const SSL_METHOD* SSLv23_client_method(void)
-{
-    return NULL;
-}
-
-/*
-Add crt file for ssl_ctx.
-*/
-int SSL_CTX_use_certificate_chain_file(SSL_CTX* ssl_ctx, const char* file)
-{
-    return 1;
-}
-
-/******************************************************************************
- * FunctionName : SSL_CTX_load_verify_locations
- * Description  : load verify locations
- * Parameters	 : ctx -- espconn to set for client or server
- * 			   cafile -- ca file
- * 			   CApath -- no use
- * Returns 	 : 1
-*******************************************************************************/
-int SSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* CAfile,
-                                  const char* CApath)
-{
-    X509* cacrt = NULL;
-    cacrt = d2i_X509(NULL, (const unsigned char *)CAfile, strlen(CAfile));
-
-    if (cacrt) {
-        SSL_CTX_add_client_CA(ctx, cacrt);
-    }
-
-    return 1;
-}
-
-/*
-Return SSLv23 method.
-*/
-void SSLv23_method(void)
-{
-    return;
-}
-
-/*
-Check private key in ctx.
-*/
-int SSL_CTX_check_private_key(const SSL_CTX* ctx)
-{
-    return 1;
-}
-
-/*
-Init SSL library.
-*/
-void SSL_library_init(void)
-{
-    return;
-}
-
-/*
-Set SSL_CTX verify paths.
-*/
-int SSL_CTX_set_default_verify_paths(SSL_CTX* ssl_ctx)
-{
-    return 1;
-}
-
-/*
-Get current cert in x509 store ctx.
-*/
-X509_CTX* X509_STORE_CTX_get_current_cert(X509_CTX* store)
-{
-    return NULL;
-}
-
-/*
-Prints an ASCII version of x509 ctx.
-*/
-void X509_NAME_oneline(X509_CTX* x509_CTX)
-{
-    return;
-}
-
-/*
-Get issuer name.
-*/
-char* X509_get_issuer_name(X509_CTX* x509_CTX)
-{
-    return NULL;
-}
-
-/*
-Get subject name.
-*/
-char* X509_get_subject_name(X509_CTX* x509_CTX)
-{
-    return NULL;
-}
-
-/*
-Returns the depth of the error.
-*/
-void X509_STORE_CTX_get_error_depth(X509_CTX* x509_CTX)
-{
-    return;
-}
-/*
-Returns the error code of ctx.
-*/
-char* X509_STORE_CTX_get_error(X509_CTX* x509_CTX)
-{
-    return NULL;
-}
-
-/*
-Returns a human readable error string for verification error n.
-*/
-char* X509_verify_cert_error_string(X509_CTX* x509_CTX)
-{
-    return NULL;
-}
-
-/*
-Cleanup extra crypto data.
-*/
-void CRYPTO_cleanup_all_ex_data(void)
-{
-    return;
-}
-
-/*
-Get error number.
-*/
-int ERR_get_error(void)
-{
-    return 0;
-}
-
-/*
-Generates a human-readable string representing the error code e,
-and places it at buf. buf must be at least 120 bytes long.
-Buf may not be NULL.
-*/
-void ERR_error_string_n(uint32_t error, char* out, uint32_t olen)
-{
-    return;
-}
-
-/*
-Generates a human-readable string representing the error code e,
-and places it at buf. buf must be at least 120 bytes long.
-If buf is NULL , the error string is placed in a static buffer.
-*/
-char* ERR_error_string(unsigned long e, char* ret)
-{
-    return NULL;
-}
-
-/*
-Frees all previously loaded error strings.
-*/
-void ERR_free_strings(void)
-{
-    return;
-}
-
-/*
-Convert an internal error to a string representation.
-*/
-const char* ERR_strerror(uint32_t error)
-{
-    return lwip_strerr(error);
-}
diff --git a/components/ssl/wolfssl/README b/components/ssl/wolfssl/README
deleted file mode 100644
index 429dd11a..00000000
--- a/components/ssl/wolfssl/README
+++ /dev/null
@@ -1,8 +0,0 @@
-Espressif has a license to distribute wolfSSL royalty-free in binary form on all Espressif MCU products.
-You can use the binary wolfSSL library on Espressif devices in products, without additional royalty costs.
-The binary library does not include wolfSSL features for TLS 1.3, FIPS or DTLS 1.2.
-
-Updates to these wolfSSL binary libraries will be available until at least March 2021.
-
-To discuss additional features, additional support and updates, or to obtain a quote for
-other individual licensing options then please contact licensing@wolfssl.com
diff --git a/components/ssl/wolfssl/include/user_settings.h b/components/ssl/wolfssl/include/user_settings.h
deleted file mode 100644
index a4488ff0..00000000
--- a/components/ssl/wolfssl/include/user_settings.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/* user_settings.h
- *
- * Copyright (C) 2006-2017 wolfSSL Inc.  All rights reserved.
- * Additions Copyright 2018 Espressif Systems (Shanghai) PTE LTD.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * http://www.wolfssl.com
- */
-
-
-#ifndef __USER_SETTINGS_H__
-#define __USER_SETTINGS_H__
-
-#define WOLFSSL_LWIP
-#define NO_WRITEV
-#define NO_WOLFSSL_DIR
-#define NO_INLINE
-#define NO_WOLFSSL_MEMORY
-#define HAVE_PK_CALLBACKS
-#define WOLFSSL_KEY_GEN
-#define WOLFSSL_RIPEMD
-#define USE_WOLFSSL_IO
-#define WOLFSSL_STATIC_RSA
-#define NO_DH
-#define NO_MD4
-#define NO_DES3
-#define NO_DSA
-#define NO_RC4
-#define NO_RABBIT
-#define HAVE_ECC
-#define HAVE_AES_ECB
-#define WOLFSSL_AES_DIRECT
-#define WC_NO_HARDEN
-#define FREERTOS
-#define WOLFSSL_TYPES
-#define NO_FILESYSTEM
-#define WOLFSSL_ALT_CERT_CHAINS
-#define WOLFSSL_ALLOW_TLSV10
-#define WOLFSSL_SMALL_STACK
-#define SMALL_SESSION_CACHE
-#define OPENSSL_EXTRA
-
-#define SSL_CTX_use_certificate_ASN1(ctx,len,buf) wolfSSL_CTX_use_certificate_buffer(ctx,buf,len,WOLFSSL_FILETYPE_PEM)
-#define SSL_CTX_use_PrivateKey_ASN1(type,ctx,buf,len) wolfSSL_CTX_use_PrivateKey_buffer(ctx,buf,len, WOLFSSL_FILETYPE_PEM)
-#define SSL_CTX_load_verify_buffer(ctx,buf,len) wolfSSL_CTX_load_verify_buffer(ctx,buf,len, WOLFSSL_FILETYPE_PEM)
-
-#ifdef WOLFSSL_TYPES
-    #ifndef byte
-        typedef unsigned char  byte;
-    #endif
-    typedef unsigned short word16;
-    typedef unsigned int   word32;
-    typedef byte           word24[3];
-#endif
-
-#ifndef CUSTOM_RAND_GENERATE_BLOCK
-#include "esp_libc.h"
-    /* To use define the following:*/
-    #define CUSTOM_RAND_GENERATE_BLOCK os_get_random
-#endif
-
-#endif
\ No newline at end of file
diff --git a/components/ssl/wolfssl/lib/libwolfssl.a b/components/ssl/wolfssl/lib/libwolfssl.a
deleted file mode 100644
index f475465b08073894280d8916d4e63a9d2fda6d7b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1843000
zcmeFa4SZDBbuW5mBrrC^hXhs}L+sIjVIUGnBLTvO1dTL8GLn!bfw4<Ej7B4*Fw%&b
z5r$lDV;h&cuWD;!*Ui0`+b3|^roFs4cHG?D)@gzGQ9BP>m!^46YWiH)x6e-Pgu1!6
zPMg^G|KA_y>~rQw*h%woTh32MXYIAtUVH7e_g?$+oT=WF%BP1va^2dn`>J2pxS^r0
zzAn}f4%Z2i`9B<PXxy+qCh&W%v#eR;mi6ERrT4`-mUZ>MYJ;nF;A$PXS_iJyfva`k
zY8|**2d>tEt99UN9r!7z19O+1wtiywXSY~$uiifuHdt`si`EZxfBUP}g7<kZj6|&&
z?-xMFT@ib(^#0h}R>jr(r`86Gf4$N2y`O#1TKto`zx}ke_<i2jM_;!7MeqOlnsvRp
zt9CzUx$a`8RrPQ1zG34t){J*%p>@OixqsmS>xQfMkIe=*-nGywxgV{uZhSxYKMq?r
zPIE80A!?P}9pAB*On3hRXfxffe$HAl{oR)-wv3DqXYzgHnRLNIa9ie3p>Jd`WAznt
z`3yr=YbHN(K!RPVeVMLQp@;~XbUstG?#X3``uaMPE&aQaL-|a`MvP_dv0)csq>wCR
z@&__`n_S2glle?)FgY~n!rhY}DQ3J#gJ&<|rG@s%>`1}U#e+{~4%%WJQo)5Q45#v$
zK_$&iG7=mtW*r&>$Vo9do-y(wuuR2;-I^)(c5k&)L~#4S$1~|--^eE%i_wJsl&(a7
z`}Wpph=|gaI=FqJI6mQ)M_Hv<rh;Pb8W~HZ(<t6#-zRLnro%gNdJ8GvIHh<|c(!C%
zW1k&hS=#}m*_t`f;UH9ErAXw*7ulXkjoac1nK4IHK9fG+P>QLdW9+>sqD(%Yb7~<m
zsca@+Ob(+m<?@H@nD?Z{WCe9&+&N72_DX@tLNPxww%6wM5|U#!X<H^U-ki^;(8hE-
zYC{|Hpvcvp8XH6%-IwXj6mk>!bjBTH1~SdLqmXIIj%3D)eG_O=PSok}uyj`{?bE_R
zXn}>gQe&yTMx{4!)ZfmGf$z@TW41###V^8+v1~3i*wXB1o7mZtWFg5WKX7O)HR>cq
z;>g&D;{?W05zJzs9oSm;=5rI{$<a)qfGjw|XCOJXe`h9N7|A*1C)<k`3nO_^VAQDQ
zEUW*azLC9SupkZEEdR$3bu&ZFgUGaPkPb6TR0M9-Wk-p!dh$8ci9&p0Xvn`@5@V@>
zY^J5R(-v(MLF-6i1}Zck89H<&(c4@4dS;M49a-u{YF{xmo^_R&Q`3}!zHI4YKI<e5
zd$<tk;Y@m8avU8PT7Pn1#%a~N*41rH4vwG_IF)9ikV&SI?8wka+VmD4e6qQ(yWW*1
z3b=oCJkgSDZBKYSsy{x_*VnPVTh!-K(Vx0>>+>Zivzf8I#bH;%thWb50oiCD6x3sJ
zw+yrtoxV`j>z3x00Xr_+oXd?lEhIZKkWb|gxm%fTRRvT&w2Wjr1%oF?a~MBpkEU7t
zdTOfbhqrsti2`awax6DCkj<r?9>nf@{pkl{$+YlyXy?V@oZTTDh&8wgMpGh9a{D56
zc1lEOLNc8j8$*}w4U77ukx)#IeS8#i5j;A$Xj)h@l}=~Iodm}+dvnDRv)ZEA+Y7C^
zv5Zl|E!j+JY{Ka<hq4oeVQ3}F&naz|OmSp1lbdi7&?Twya9({fp6p%d#}vZWaWCX3
z;T&Ch$xKF*b%haZ93XbI(i?iC$QC`A8%>RjC0%_0g{5<&<9Vr+t%KHkys%Ffe>#=T
z4y244#ke!kO&O{*rj;=rowi^a7+sGQM~a6q&=_;9>!rHXrvsWk>daKCF50#96Ul*T
zJBd!w<9a>4Cwh9AhL=K;L%IBD%E<$hqB4dLElEzX^hlS?(WF-)A0h8IQIp>`<P|g{
zd3vqfRF_O6lB;82l-|DPnaHN0Or5=k^{Q_2+PbJA6C8a3W_8*!OQm!;l^PtxcsGlC
zZw?c!;ZY~Tb_||4sVilHD~6vNvXhj}q97+i()ky>a~d|S{SzbjUl^V!4(9H022eAQ
zq+~Q`>Bw7}-E%xW=VYsyhDA#l%nYR_vbvj0j;D&lPF5KoqXN;rBwea2io;4}rOU+-
z-*mH>(Q@dS9K!#?aK`R##H5(9ilgJnd?AJ2(Z}nQ7=?N>@!WV3U8<A5&W|5H4X>Ur
ziNUn<#{8AxdyKG7iM0@U!hGLTu&`|@NerC&`nUHcL<U6(Oyu+MX|BF5>BHxqaZSgN
z97MO~40Ake%!Kk}X=mUP@7SIk@_G^?MV`e%f^u1|LKYm!fsve@aVe-!aK@C9r-1Q?
zvED&sCg(H+!351pA_8YvoNP4MXl67ym@1}R$&RBZb|FOHY-4o!>-s#NDirR)n#BNJ
zZr&wrT2_}ZDpDfs${eN1aq<;EgqdZ34vxo`Fg7uYjwij(slqG_VmPQPX$-|-u?RHc
zv>&pMAcx*&!zneDcULE3RM(rwbU8O_D?*BL5^hQ+WorwN)yg%$>uOz>bj`qs*f9=M
zI}L@Xwvn-vQ(yYpo87U9@WdjjBvyS%w0fU-^`#MG>(-Y<C9X74V%_QLS+$%A`OK=j
zT9d^?<4%SdVRUevZCr-2G~vvL6aq=Pcp!(>vP71`(}Vi)o9l>_tk_4LT0(3pQ%Kgw
zn$Q^1E+GQH5z_%5JZ<5J7jlZu!jLVWa(wVYjt`!4GKPyX<@n(#$BP#=S1fU&WQ>+U
zS(&kPa%>{&R6HVEI(pg@y~5HZ7By(>FU(nhh$_-?)pw6Xbd=sXsE30sb~-L0-c>p+
za`ASW2#K+D{?K@_L?HujOp}t-q!o+Oeo+j(H;Q2tZ&fo$t`%%go?WwDL9-26l9-@)
znxzw^v}LNi&P?#8qH<dr$s~9q8JYDN3>jHAsCRDfY!d@9S?Po!G|q@oY9ObQvce2y
zQ+u60!iY$JAxAdTvP?_RUEnwdvF550#dBQiS@|KlXItVf(Q-;kTR9!SR-;HIQEXw}
zT4fWMb&d-CG!#sOvNpR{Tx><r{8`sasmz^RRB<&nArk(iE;&4!a=c{EwwAti$)5PO
z*0xx(y{ow;iN48k=3*BpaS$6m=;Atd+7kORXqY8fD%UEO)Jj^dgZ9=uE`^q`?-XlV
zC1@$dH-;q57|*BSQIro_it!;h3QSA9LR_C_DJ&-Nrfpalw!Jyzkxjup=pjCz8O<HY
zcqS#i&E2g6HQ_WZfkX9hNoCCiBlj#EP8OuMwyUt1G-eLEhp$34TWrachE77SX|meu
z6(qgnqZ_NsQ!o<yKNpgmzDSDIgIO_-ObwgcOgaU%*d&IPIaJ_-&Y*)5W*|!mnCgl?
zS*&xqrV_3}DJH99#*hhxgxxvMc(pWw+onv1yNKp$ifv*sDRMa-f$47UN+hx1=Sp5s
z24f?3WWZu}W+Ma#(;I_9P{2jkx|&TLDHvN5HnxB!lqyablShYyR-DRWlrlPCY)jbW
zK`-)vX8<lZ$8yDZ1`AD&JvF*{2p-7J1Xk7r!8MJtkvV6{Q{#lO4y3XZj$}>p$ByU5
z-J9H+-Bl1kZcTJ2dYe0w{wcVqu#KGqp}ttEGuMSY%VS((N^Xzeo@nVWQN|^?L|Zea
z*(*U|ljOCZrnMyclaOg^>xt&FfyfCf6zh{&^@Om#{@#x6t;u38xud_W$q@*CwTkX>
zW|UOoRCHU-XE6VDe46$%E`2D#Te+~IF%vF1>^(Q27dhmpwZOepTX!aqb}`r_HL@ay
zt66D9r=tszA}w2#gK~@V;88Dfqe)){(NDOPkWI-rt6`U1VL}{HaI@11it&YBm9tf|
z<Bb#w6L4CksZdGVSGebaBC=>KWTID24jf8$V*^0<5Q2mFkphMu(^7>Yu-b#|yR0u0
z8KelV19rMM)a*RWM8j-l2ltNMs!?ug0-H@p{Lr?{A+PGBD~tM2Mb@!^hV8X<Zo=3U
za2sZ1Y!Dr<pJjxAM0bDhU7~w(Ee4rQ&TRH3-ql!40;lWTbhdMA647J&;-^jCyMZa^
z0fU)BIzJ*-J8f~WSH13yZ6x=9F<j1LU46pX^yQ+O>6pY?9GBSah{RxZFjdH`Z*(Eq
z=ews6a@>ToO&MpITHu6V9vaCy1>ds0t0(yhxDi{Vz~sFwqQN-(Ql7m(u|hd`2*(|;
zQH^x5xKz60MLji-Wc03ynH(@^F`q+S@-m6)1V4!Ve7UkK29s*^XXiq2b#C9jZHJyJ
zIi0LYE47G89Zq3iad5;xs>_ZdmRwM#sj|7;K4XJ&BsS<Ctmx5;YuT1aPG#z2F0?{P
zv)UO{*q(TT&df#|dgx)M*k|!$5M_$BaX*@?F&RS5W@MmC>!63IhqdmV3xkQy1zth<
z7eAGlpAmC~&4^9fG^&v_U2aJ8P7#Duqkg$n!RZs>ow7La;F&#%h?>qp=yY@`+%4DH
zi=Zhvw{X*q!4k(8ML1e#rXx~LV}nNb-mdt1fY+PYxqVxrl_OcVY^}3mu!-J??g6E6
zq8;7+iLF?xGi~o8lv-Z&B4SM4?H*E#c>Nt1{9{n%Ie_MpiJaOxx(E<$6FilJsd^`T
z2F|<DGcxF$G4V)Z`MBq=tVP6*j1A>V{S~K3TQThHO*Hpy@3!@m$Mi(kB=ZWNVVt;=
zWcDh`6mGKEyz`~>B)T|<EY*V=dbizZ0WVHWgQvlw>R_g>4{5k|_KLY8hAYz$MV-zT
z#6UVTFtIn8$~%V(QO(2xoal)%d1o7o+TnmIV==!I1&+j>T5kyTBbUY=8JsCHsh&B0
zJ*L=xIN1U*?G{x73DqTw1K2+v*^7;6iEQrNx?ODW)Y(k3j`i$_V~I{8B}{)($00$=
zX_r)fT%In#Sj`%V70v05&`H-iZp;o2JLPTLk}`~=B&y3cOrY#82Qc&sMoky}B6{hR
zd;eCKm5d`D0xP&+XUg717%HKhDUP&Y3)^l0Qh%&Pc#Z(sc<*5(o1iwZ_vV~aQDVuH
zlPMMrk1!?usVb^dO&vFDi`NonWEvhZYN8W$0Ow(R31Y2f$lU3$BaLFVVVvT$@oIs|
zDKMLYvNG2qh-Y7p){(~sy*S&#$+ySU-o|9ML5g5e>G|k1XW+;(!@|@IB-M^{<Ei}<
zI0lp-g16*yk{;f<JVJA#k2^zL8n*L5oLWqF;pheQGBTTro@|kyG`#@rrD2y!$8*KO
zZkj)SXh3X+dDIf)cC0%Voo#f{CGF^M5nUM?u`v}AB(=cNad)Csu(-NNG%&VAoeKor
zy{=scm^abFjgh<Phtxq9^vKv5v<121sl`@<%mJ$5{Oo8PlKSEGyq_9)7ec)>TbTBi
zdXU%R^oDZAk};M*1cpOw_bgnX)k_uTJVxL%d!2!>K(u(a2nBM0yZp9N0ySR9Obq5Q
z{w$^BjLpe-x9~IOU`L@`<5Goll`C-Gut$vScfCv)58J9j2G)^1L9}{jG$c8aqZ7`C
zDo~;ZaYfaP%C6j<UvLVf>A--)$)Hb|y|P4kq=6}C%tF9p4$=@D7>f;zII~e=Mu2iK
zI6=G*IKz2@hbJ9OrByk3(MTOJ+1yQLwh*9A6qduxG?BufF-t=*of~&t2*Q+cPcH9L
zf_2`DgO~9LMuvej6VDcgM}}PL<V!Gg<6hb3^bRT^vv4Y-85F!J9W|pQCUh_t01;XF
zc{8H$48@euU4W0$M#j)_7o19iV}R~DOoUm9U1M>K;p0a82I~M8^tp|RnrNp_5$+ub
zy@%<KbyW~X9-n~NQjhK3VRR*^23ERjuxWNAZ$BdvQpfMT{Ss+=F(l4&%>$i`Su9?f
zoe~LLM)WchXERZqJ|NtiZH(%fK$3B%SP&^?Rrc}A(bmjZv(aY7z9}n%Ys0b~`>ZWy
zqhMlsD;an*2Og505nHmWbqTCHE$-YBV+s{)o|&}3x$`Pe-l;qlVrv}~o0FxdPsDaI
zns_~rxZ3J6mfmQtPqt1=!J85s$?L9~(ePSYe{+Ar50~srIL(1adT<OUIpVz9#pqZ-
z%#04!udj0nfVE2+gK^Sf<iHH)SxSl9dlKF3(On&lMvh{!E$28b&Lw4E%d>v4QICD#
z+0jr~fo8@WMm9!ss3nag$>OyoZ$x@n-5{rnI0K#0edU^M(l5<aVXR&(oB9#`Gt#pi
z%N<yy#fZ-3SCL0a8k{gzCV<`AyB*7qW>07%UFNs3%#E*NQWD2>SR=zKk9P~imcZ(M
zCHi1yula_XD=zvvV>>d@(!<;)F+4QPByr}B7(_@5nB9Smq)w@!A?zlje?<Z~X^3%F
za%-D2aItyKp^J_5SWqVAwIC0^xN*82yRf2V(~w5@sd085^-64$bOh$vTH8BN2Areo
zohN8aH9S^OsOgJNX2@p%Xj=fCeo8DbaiHmpP!cV0PszTHt)86QXtyS0#xU32%Lraz
zJ)H_oV2ig6!`z#PRNPLOvxu4El=f!eZWoIb6P`EQ9M=QmL#U7Eaaib`d|B+mDmk$!
zirjM;QQ)}2!et-r)|n@N&!;KE>1{Knp6sGK@fr%=IX7#WJ^g`qF+H7H$rpP<cCs`-
zlPwXh38kLcNY)l(8vt$4)62=K>Z7Nq{Bo5_8$s1;#cWF#oTZ9zgvv7?ID;W~Xxuvx
z9Aorlit^QM3_@C*8IB8WyymynWH<1RC|0c!K>}&8OEF%oBSa3OO2jC1iJ(%vBdSll
zj4xk5E)nP=mWZ8>s)XY;bx&qJ1imfmPEtp4C*^~6B>9;F5lXWRoBHA%QHim1i8{oU
zXyZXT5?V8*5{N62;6aKOC$^PcU4Vl&-J^pwyBj(gv>kCWR}H#4y4$wfO@MSbPoC2<
z`b|fc+|QmSc}etFLekV;>a^SCV%d*-?zTcs(l(79PtiCehP|XD4r0f010Og2lYzFS
z5eK%I8Qp!hvc1_nB+oMQyys=h;!>GdA>^u#>u7~ex!_EGh$@W5%=6+}7cY)k$+}}g
z-IA!@$pOb&2jn)g&$~LF!w9f}`ChDJWY!IF=)uk=mN6W1$@wKgn*N1uEJq~0uZeMe
zo!_2Fa?eq{*z7tRr;YB@N0KB|^qh4x@Th*6>f=y`odXr2l)zXtn|C8^I$UZTTNCCR
zLVl_cSHj4;;(7;OoPL0s?lU*Ua;Mc+orrt9pH0xhU`6-$6iD#HQ6-Kk#*H^3$jhN{
ziB`<KoFw6pn|r3lIHUOB1(u<5*x)hF5!fnWQv~rvv&d(#G;X}ePo6PSoavyAa%Gr2
zHp1z>nW~MZpAxB16;{IODaqy?yKE{`ggKn`Qd5wNYs~#E5k_=lMAgSs&R7rU5K5p;
zRmC#WdtE$t%cF9tERao~_TXmlAJ>^VoKA*q%J(9|J(hB*;Ig2o3oZ=n1}h@o(nIOt
ze5&K-;yc=sUC6H4duSXc#Li(Sjdb-vEFBkuDVc>JYMOCmN`;d?uMpBtP)SsOm-3X)
zgVru2nOz5G#Ll7f_N$BLGL^g5vWdFiVD)j6cFN@Dq6Zw9jkEdX`5}5#x3h9H*zrVt
zr9gPWQWt4bU9L|MXl1YS6a>-T$Ym-!A*HbJ-z9r2GBd&(a|1Y&9&}#2)DiWWde5f>
zNT&XIv%EF(9xsxE8~x!Pmuh%{o|91*4r1$|llTsUO%NHBUEXlc@NXlrl-$%-he+%Q
zPUqy_&vcxS?ugu{1Jce!LZq3&=M}Q<YA*25vObwh7o6n>Lq&1)({ZPQ;vCKqQRV4S
zTV26o?jv9Xpx+=;r-c3X@SuZOs42K#3fEa1E%>}%D*S;T!7r9;OVu0GMYNayu=;51
zhiIXx?D!bg=yJuJQv!y?(#{*e!gUu@dt*2TVB1F^l_7+?HV2)KvuBm`oUL>dUCqfM
zVWUB=^=0wW{-EpR(?~4sU&Dm<7-yMVtpZ0SFer4rL2DBVm}82U1UP!O;u9m;!TxN)
z{%%z}4hz~?ER4wa==rs|{?5Jw^_C4KO*m%T3CjieL>(kzEkS><PKWeFT*$~4T%WJ=
z!)g9ejy~{hF|JZMg|`*oRKe0!zxhgRAHM#B%mCei0~C1+Iy)~}i45SR9KXM%&XMRs
z^dX5HNj&QK^pQM7BN|>(oj#g}Xhd^=`$lSDd_702<i}R8vSmn%`Q}t(4Mz3Cwx3uR
z$%w*p!TdaoZxSA&5zX`I9d{Xch*n1d8OHzSVrK?32buer7tvsG$A#{{OMYia2RXYI
zJxTFkulitH8<&mwPvJ#W`2uV~;5AGc5|-a&6f(tk+t^63e9?>#cF2U~*WAd!cGk_$
zhcN{^peZ)iQtK9c%H;@4J`6n80Z7Jzf`w%!E|>7BxQQ`VXGmcaGFR~E`8o<}{MfS(
zZNs*b`uv>85sW53Gl`D^$qrd)>GB9TYCv8;9O4Lm^{qT+n@Tiu4~Bq3Bo1QzYz&9>
zJ9GD-B>J)Uo4063`DMi3)ICN>fE_$qWAzPVti4Y%#pU;MBubDq273DyuR9}}gJ0Ji
z8<bITR%0v1nWnH7E<H6LK(EVBvGwsIDqX2!dbm}5=tz{UWXTp8C|DxYjzNK>VLuTi
zhYxQJ_UBjuq|rzA_HaF`HD~)&m;n38J*h!eqQVuo;KUQH0<j|8g<%L^aiGSesqdln
ziIaq)O|i^4$ira1fbV{}&XJ?Y6a2JdpZpLaJf^JAQg3%qWYmS~P_LDWui}Z<Ul^|g
zpB%Ik-iw|lE#JZ!1C4V_@qX&`42*53BC25<UXc-&gSJw=PJTnQXC%GP+s;`3Q0w<)
zI&etUl9qJiuov8euSsQOS=b@LFKj3(p-e^?)h-T?g?rUJmgr`Fj8cEuuLq05ED3aO
zx#n?vC{La)Y~>1pEO%qZCWMMkpgn^IA*%|?TXfAWcoQL;DQ5bF6O|0DIWr_{MvD+2
zY$fY~2%~M;Z3+f;5{07>W$DR~s%6BQNjPCsps4UNMcOyZ4js)0JA*t)iJVKFq|WM-
zhrOBc>>;Z+lg?lOAk5*&7L5G<nO!lUGCr0HZfvFbsVj0Sq{K&ZN~i^pGKCP#{eV7T
zC2)#xP&07E0D@o=1e;yCHm=!sY!?yr=z?xiU|qb54<EiX)@KFsPJYA2#3Cyc>1Gwk
z5>{Jko9j(`M{WteGq-my+=Q|A+{&}Z#3hY`*aot#&AJC?N!ac&SW06PM{v`BGl=@T
zPdJ5c@ohjLaGukJK&x?ud&OJLE>sJ@a%5x7WJnR;vq;mZDsA~;*tGIf<~!0zUcM_L
zRsihK5c_B-E7pMo14Hae*z|;dU{+*QwdZ7qk*-cqaiB0f82uhfn&0vj8BsnGVm-m;
zOrd2Uji$|$oOj~;T<q1rCh_Q<J$Tu%fJsFmuZ>ge#I-OUWkCb^`Wr_=c7RYHozPf1
zW5S9FnH1QOy~1~bx$BU2ER2cw-}qes^6;^JWRQNg1KnMwh-ruX>ah%(Fo!h2LOqN;
z9G@Z`o7JD|&!-0QQeTeWAQ%&?4ba&K?Z#1O7ZVeJB0c-kg(gGf_MxEy^5tUX@JCs)
zMZPkkwbQ$bQaLe<lxn*P99pRSxCwIDqI+>xE}F7$VxS1HU>S?|37$z#7vYXXQE>30
zs>{w)c4QD}L6VswRppOZ(e+3QgUy8&ycIDvn92)2wh{U2BOtpV0NX`Re7XpP?85~K
z!y*(bdXJGb8a3d=K?fE^*lMYoX4niEG<l9A)l1@{3|jhIl42Z&7bV4bP}Aw+h>+$L
zqYq&*TL2koHIqTYJvnH0XgefwOv(rt?2)wu?B^JZIdEz(Y}JCnOfkd8+r$PU^33<w
zyXBE_)^GFO8=0v5<dqnAViKw}!vr2Jm19xj0851h*pnHBBsd0adbQ<p;th7Re%YWi
zgDg1E8Oep~Ns04>X?)`*-=Bk!1U4O<kOfSCPNinT$cY)GBeTP7Y)<9Oiw+SofkrG_
znhr`<l>`R<c2vnJzZBAfPvG)c#mHVYEJ+v`<_YoaU2kbYW<v~S9Rg7>0<>Uh?ie!~
zD~w`!f=aBD6IM7&7>wEN&1CT=#sLE(j4Qr=ZfDY^*K}A>HR#INVp)5w1U|BXH&Mi4
zws>M|N4Fg!g_h{)#aB}#$qtgn<0%eFhXkctk_@2<6D86_RD(`QB1js~G8m%mAZcPf
zhF^h}8reb8S`xke3NOJFUzg=Km1xem49V8)4kZd{HzL`c>&^;P{dzM#LMlEM#IkK8
z2Qd!<l$Q{{AlI8Yz;m;AVtCdNvpkprnPoJ*#%o6e>|rd$6oA^5%TsQ_I+)83V7<L9
zhwrH0&EwhdR#*=oD{^Rz-vO{NL$XFw2d#8NteA^6TIu@r#av1T@rX4RbI>j&X!u{h
zo-i;2#oUOM#t5^pZ)?8|Box%CQJpyDD7g~*70{h4+HhYctFVCBi{f_z;IDZ!GA(>2
z*Pfs<EG66oD<bM7TM8J^<su*|r(#D?f3=3cHXvmH8Han?r`tRu=&>4MeQH#4W4gi*
z+^GOOD&eldbvhZ$jtmf++B&446fOOT>M$JyMbSM<GDE@{I6*+l6KZ9FX`2{Ji%9|a
z5mc@Nb(O;#IYywUX-Gz|EuE2y=o`gh=4f6{Xj~~cXdPd;BBit+&MlJNlj6cayomQx
zZP%*M=x8ypVyC3dgW1mjJ27Nj9cQ<ls6ik*`$CvOMHY6)QQ0mz+7ggc*1aMuOM5RS
z+1ORViDLOl0y}IG;%fww%rx*G1@z-Q+{&c!)}`3=1X{v!tzJ;D63)W_@W#o(fvh|a
z>Lu{(g*YfG2&4RQ2Puj>MuL#UevJpE5rY{e)#1UhNFK?@U{FPp2pzIxXarAMD+N>p
z9BOeRa7qi?68JQwc-K{`LaWHrqaNfKItwk^WGclKu<C<77ks+|Yvd|zGsZzl^cUzv
z_NPNzA$n#i{9lS+0xr#yjGc2dE6CqWDWJ_E>)1!ovD^g5?k>D$mIdlPqbZXYEAZod
zi^mA>Q|}45QJQ50j>afz1~mz_Qh)0~#vM|QOjJ{}L2TCHlLdyp8mA?|<MPW19ySB3
z8AnD%dysj<I8WnMJDCoDaO3(04=YiIN<1FOQ^lGqEq>krCea9$vNxL4$49=CTdkXP
zh<MQi%PPw5nk3vBn!cFX&}y2X;usWd0Yz~aS}9SdlrM-E*fDxkNdp0?9%Nx;FEMhV
zfqE!`<a9EmkP~BIALH9`veX@3jbY1i;JxA;3SX|oVSX8f>6uJyld2(b)29#d<A=nK
zkaz`yI7a2u@vRIw{U`!-#hQ&BpoY=e3umo<S!pYJb8utXis^_&C^3h3-ZhayV+o{C
z%olU`wFL40dm$qnXeT=RE}RrTs4Rq3M3757X(3Alb)cE+j~F1>NNQ*YY++>IG3EqE
z4<T&~rt)&lv3Fuj%vv+WB36zH7W}Aak$8&6hbNDg<u!qC-xWs~!uP(?8S(BMdH78n
zzK<p(=mG^|Oco1R#IX&*ikHyvw4-KIc&`A640Zze#Cu}{>N&_Ky9S)l2Q-KmJ|u*?
z<w^v{$H%dM3m&|OCSy%x6|XqWVseu$H6XazZ;Yn)62o(m@{tq*;EWhXd)9B?AtW@g
z3Q2(I1SP<i7*%+PXV?IbVnJeW4m%l#u>3wafrXmskb`-HLrFp+<d-q2Kn$njycmWN
z8C2M30zVPqNdoF)vs*IRFaYL;=ombM08}za!)8MnOB>iUA)FQ^AUwEeZ8{)ceL?^=
zMZ5#2((sfL<9bls6Bn}a=BG9u-poUmWI}|Jg)9#Ih@><DhEgmj1qHEa8l(_WK85{x
zBP6mkf(mZaAdoB~Y*T>*EHn~h5<<2SWFZ)3OAmza?c)a)usbilB|v@}mTEIUMts}4
zjy!=fi&ko*1Q@bB85thg%MbVH+)#T5#eAWd*#!~YpI7#Q&19i+^d`)kMw87JMCGNv
zgI2bPQ-NZ*T1*MF46sWhmh#*fdMY5rP}64Fn-<cu=~1CT66O&VQM5xY6RJ1>Z0CS4
z+Y17mmH5zUz4C!FKp!T*e<~okx+@Tx%|MX_OR#-d2*bxvH7xwK5ojIBizBZBrRD)H
zoSJXAa9Hj&rVOt2UzL*XF+kHD20(NWNMCjiGQsqKTTmiBU`%i*rI(*ek!~NL%BLc9
z=eYLkP(@g=;8*OhFeBgC6!S;&xsaH|6G#12BAnicr9UXDwX|_^I;E$H9yA5nD4lEx
zuO?`fF)vlx0&@Ca1nlmYIYpQ;h*q61K>50+z_Q=Pcu-5l6jw<F<VZz8NbQw_A{{hh
z5hPkA0#GLcurv|z6>u?C0T}^TQV4re(-<Q`pj4V9I>{nrq>PYG+*-Rf{JySrO`3hr
zb=Y6WUkooW=CX(C8|v1r$*sMPn_OZhj`NE7LeY)lQEXx`CM@8oMTP6vHEw9AtFMbS
zgv0f9b@j&o_3IlEYTB^APH^wJ?vshmwm=|Y=__FUtmT9(>%}dglv!4zV2E1ltp?5d
zo}cC5oP&EI?i+B2aYu1WnE+<GwkYDge43gm{MCoc0+nZ8xc15CPkjC1*YEr8{!76(
z%Py3Ef7VFFp+IEToD~DXw%e@Z-;d7Q`IHqou@u%kZCQ~~D>|?0;{5oDrJ*v3I{sJD
z`R9+>9INI>=U2t&84Qzewx4MVL~2<e5V7;ExyR?nt3$DBE3!u8VsoPvLzPX(|9xn7
z@6^3_?~dPW#m;YW;yiV2)lIWPRlQRWDcYXsd@1gkV@GectmC7M=n&_rv|_W5|Hi;n
z05W@a->Zb$i4K%cc15NFk*-;j9|=`Px@S#}hJumo>PYs(r+$S{G?HC48<jEg#F4hy
zupFPPpOGhSZwsoYWrc!so_y}aix0nc-`o2u&(zJkY{lc2)zZ>pwc-MsmEeVEo471%
ztGujsb&;n-Uw|vmT)wtG^uUIvgXe0jX3N^rFx6BxRc3WAip8x^<?N_cZ&~p&D^?aj
zQn7ddxMjrkmH{2;1+FX@j|XD$V5suwQpMdXxZ`EPUQo));_+ZCUIzMNWT79CrO85-
zZ40f?pcxKXp`sa{V}%|t!{t`!Q8O$|QeSyyAxt6Ka0Gc;kGlu=e%$xrei-)&+)v^b
z`F+0n>lGJ*(MWsbQh6viyUc2;X<D?pAvCME#aa^ie<R<H)-+W{vr@}9;%)FVilaPk
zb3`jA<C3GPCKOz?Xioie)h|{kRdhNRf|1DMv8g@bWebPS&Z`Z{2rDXsv;V}3ycFyW
zJ`$Nazw+0DZRf4X)ajMi2WO8G9|=AhIs1>{x?;_%D4E%RY}J+_*L9JpXmBbBhCnDC
zi$4=W8GR|#8jt^B=z)0rk7DuDHD$5*nVKW9_}LJkFE0&7c7G$X`!6HAUz&ZVC)#o&
z+R_%kXfGjVTgQ8kR>RboBqPqg&55`;uGEah|A=~>t|^a0P3U~qQIe5jF9qX^+C!D$
z<>5$Qd)sP9gvcqh{KL=@3Tc=*uS-1<m$@QNpWAcu-cLkVe&bJUxjhl83I#U@x2%7p
zt1R|J<E`uJRy?xufnZzQS{h>+Z-I0c?WVpB$Aagot(6UPYW`tE<)Wjgted{Pq4J}f
z{v3q1RaRT4M-LVj@{L?iul&)dCsL~&$-i2N@?C;9;jT~9rsc}-Y_F-NO-)3LOf8i4
z0%=8ppBswp6u^^Jky-JY$62=<!?7%ZShn&Dk+_NcLVRPjWrdf8BiYA8!M3?p<g=l3
z*HUjhuTjrg48dcH<{S#13jjI_8ayW2rEHa-MC<z^?kw8#O!p&*_Z8eT@ytYP^Q5u+
zhmgf|*!xwUdHLG?@e|M99$&F+{)&c0LyH>kKie59I|_R2Y=3AD5(NU_K;-d*#}5DZ
zy8?SMi+fKzeRuD@(J%y@wybl|Bl1Mw9CRIF`b$@zd?C28;?45NMHJ7MRzx<Uc-{)0
zxn{7kYeD41v#V>Qgi8yAP3L`J>_&m@TCl6)8|xxxRRaHXsSOsN7g_p^Re_f;mmkjw
zruKkj+9G8{1FJ8EBH?c>JU-?k?{UbzOaJn&!0}&|Nz7tw_S6xF;dnP`=auBChqQjB
z{bS{s)7Sp}^MC#IKYRVmcb~izME+vIGm#H{WA(DwhyHT)vdfW*e~xvPMb6$-7k_+9
zYjsC`WNNWYC;Un{GS#Z!w*Vhf@L9kQNqAL7WJ>A1syZ??sIcfHL*<*xUydEQy!?^6
zNO<e9`cUQO^3$;+b#=vE6+O!z35SbYA6dHf*awN<Rox>g0Zj>Rt?ZlpmC3PMHS(DJ
z)yZ7#0x5lRax$wsl4!-`fbNBMRZsqA)z4c!x2VF12CD9_s=8PuV{trjw-v2c8s2gK
z{wPP+s1>X3*mcLw-(1jCyQw^K;ty6g=yXEC*Hho!|NY?e&ClI&bd|N_+nX0en`M-$
zi`Uugz18L4yhWw)Cw04OYszCMK2f*sUf@^T_#TPB`_^^4nl<+P8}UEg-_#tbwq)!J
z!Skn@Qd+AE!KJNDsov^qBL8=tq@O?E+1j*U=iox{rO@e*Rzxf6V)r_@@6X>=f9Dgy
z*<XG4`8!@qy}kdrX7=5dCE>_tFEX>||02}bRPjQsveT+N3_CkkHf^l>d0048J4<R4
z4IIB;L3hl?K#lg5<Fq4a1JOI?{QYx({o<d!cINFTE6;2}W2-##xnOG1*;M7lRK+W)
zh2Q=A?_>NCjjT#J_3dIfa#Ghl)UlH-QvRDkr;ar{b?gpV$6kmXIj!p0Qr0EZIo7de
zU6ZcadaQi-j;)WiP5$!aXssHnnpMcGX3=J+IyK!<wd{tf^bNK2KBy+h;JKeg&Qujx
zwI4O;4oO<If7kw<vld3zwx^mZb=3^b9=Y%955Kto`4eq1tLeU4Rol*=eDUGuPOv2Q
zpIZz3k}r3KHV1S)r-)c2aC*(XQu40US9aXBziDj^s^;CR8+tT;cz@(vco)#9Yqzdj
zy+(3J_s7p}Isc{2^CQ)&lr9C&|6ffHYdtTqPCdNq#Bl24s%A!0@w1E1e<@adozB;#
z;7h;UzINArr`J_PPJC|lvek`$(BROXzi;@yzg-_}`+wg3`hMmk3M=ULvTDC!V7vA>
zb*rg)GOdld>kg+T4e#H1&bqu-)y8wPEK5s_?njlP-BE+_2v#pTTU~jvy5g1Ug>V0T
z<(VGo!!dr3MIQhE({rQ|&<{vpPQC2)wzjm~8jhy(xdMIwGMBCG-WqlSV|#1s*TiCL
z>S{OE*Y2$!+^~LKW7Deex-~#qA*36|4SCisY+B=|jKrz49es&pbG&bR=Z^kFva_R~
zzl71Zx$e5=c*o}Y>%feQ^Jrd8@*(Eg1Ub*<g(f2|9X_nW`pJ1YFUn#1yeLb<q-&Tm
zG)%b~Hu03J@g{7_0gF}61aYmy&GyXaLfo8Ja9&lR;GKAC{1D(ug+GWVW;ud?63?)L
zPvQ9?1wW4`bz#~ZXWWRJ@?XWRdDvV?C;nQ%I^7!q&r|r7fbl2zq5x(Crp{~*d@??r
zC-IcC-oQ5*_>UO)Ee4+B7+#b^m@;{{173h9W!`D<ASf<vL)xGGeDb0k!mJ|1Gd?e!
zPuh)m&fj<uPnh;09>ZjD5l=XboA`0uRD<~axLGd5--nwQ@q{)0VIpx6Pgvtm5Q&R;
z!W#c1k+_H_tnp`v#6>(|F($>6Wy*_qeQBF8tl=ua)RRwM<R@H>JA!)y?f`D$n{X4y
z`)=HG6`aA7mtR`TfTw&uH{xd8-MD#?pD@!P568T`h$pP^W?l$W4*A(D@FG9q7Cedf
z))~#uu{SUB6V`Z+$9WM?nE9lf%YZ+MX9V|JAjn3ZI>59)@mm1%BAzhYD)AErp0LLM
zE?|<#e+mHe7{UEFMB*Zzu;#x3V~1AY$g>+TFY*x9ZE658qZ2=9;6HBQIfmE#dBD8L
zPgu9vg9e^3x&e{yzc=uNHU54BPgvuB0kF2!gMf8CdBosn`n+^KG-1vMnIAs2oTY%N
zFYT}#H!p?>FT+jzR@|Du9WdKC@x8ctkzZdrU0uic)Nxt<H{oX7ow#{1F5w_<;&-Vh
z;ZNYkqMX402Ry44{QG#`px}#mRw(#y@Z{yE592TmKKpS~J_q2u$WNH<llbL;Z&7fE
z!9zH$@TUOJSMcux4lDQ@fLAHF3<<JmD1SEKl)~=?3^suu2CVDP7-0Mf{J4QXK%~MG
z*7^Mf11~w8a=#A<lKE`I9l`y_xOKYE0oM8bE5Kpg<aq}-FX~KK+nG}hUc?g~z?1w3
z0c$%P1<ZOw{O<z3Pr)A!I_cH`)_vSYz`Q7vu(rcT4gM{FwVpc-ei0G>bbZtP3!l6w
zldw*!nn+y4TWbo3M!Ai-hG#9rb67)poHt&R#oIdhRCWzE3b8p?u-167J^9QK_A1?Y
zafSmF`Hr%O2vPD4GWlMpJElrUyi)0*@OQm^bihGw9K-V=h{N-Rtm{2#w@7lh$>N9f
z)(rA(v^4_-on2xL3*<<r!RpsEs=R3qmo@T|5m|Df1+TA#w3JfwIHF2vIu=b}*iE86
zMia;qiwW%X=Ca9dTj6&FM)5AVwFbYci9z$45x!L@4GeRk;y3{ummFtpoAxRbHQOPV
z*`q0mE3-c65CN45&+VYf#E8-i(_1=Mnedoqm>%7^%7m9Q!z-Ntpfcgf98{V0VJ9Hy
zXynFKCcK@4C=)%G8Rm+fbCrovl^JG_=3Hf>^_pRhOr5JtctSJ0$O!-{6CS`pm08z2
z0YR_zgx7e&Ydzt5;XgH!V-?{~6oO$>LxyiuG(H$MEzGc)BEv1X^~G?z4&ce~9V*N|
zzY@LU9u?+;^t=kQZ>~fS{&On)HzItC^`Hu~@2G?}dTdBE<Nt=D>+tV*!e8)&&w9dt
z>Iwg)3e*2qqW-+$q2s7NPpVn?j!r?oID<nG#!(6B8c9y`1LdCc3W&MS8saWFUh<b;
zZ9oLmTgW2{?$=?3Q<v|r+n&O34@kr~Vn7g^`D#<%wV`jHNWj?xhrlxl;>3N4qa^|_
z#kw2{%@N?l5LY?wz)b=a^-AM8SJ!x!Q9w0w_HP<yKOG3;A1;pR0%82a6~-OlKV0ma
z17ZAASAYrP66qR!Ye2ywT?LDD6)e(Kut-<IB3%WCAy>;0>8cJmO1y$=47kpK8x0ts
z6^QV^(sP-F`9GlC3EN<RiQp2tt&lMPbFQr~ovz5Q(m}*ku*k21MSc}5WGa}lbh!vQ
zs_cXu1q(R}7IG9U<S1C!P31+{O~GNxSFo^~f`#1_EbOLWVYk)PN}g>9C>Py?u+Hx$
z!e!*JtSz`TzSV%+4Y-pq6T#JkJD}WTKVfBuU4)hM+D%xw$~}asEUrP^IxoWpoHgKa
z11=iyK?4T(!`WQf>Ibs9vaPVWvaPVWvO^<vQ?@O!x#HPE9tD@!T-mvkJj%|(=89j~
zT-jOJT-jOJoD&UPdvI$z|3Eh91QVCAxq=xE)bqb;cdBbXhcFkixlY7+l7>HQzzqg`
zn*p~NFzY<yvT4(u5niamgcHEA858E5on~6h!8|U)b5%Ry{E|FeBl{>}@RZ|8c&_rL
zltrE)JUbM;6VGnK;Gd&lEt7U8KiAjxD4r0Wgtbh{A`fkrBMdnU6+Bn@=LyBb^*Hj8
ze-h6lgu%a9!J7XU70(v%{fdIQF7vR0PvQAEVZ^;b!E?g^aIv4Je3lFO2-EldAz|>-
z-h?&(vjz{-Apfg)vcD#OSizeAuZaf_<&#g#f15D)m*YuT^S`5b$WJ}U&$Uk8gjv?S
z33J_(H({<ZL7cUCKK|hnb)(F(z6_Xkh4^wj8we}>dWB~>b{TlKBl5HCMh$#H;aOfk
zXW)-0Jj+GcU&-efiE?Q3-yp2;k1ITF`&k43d4&(-Nt<hac2|U%zv~oy2G0Y8A)huR
zJhvMEa2>@>Jl!c_jektxYw#qj@xP_;b$Ali_%A3teHCGi2Wa~)+En{7+EK%_orY;I
z4bw&%rd>2lTWC0Jz>5GchHqJhC-orAcF8c|Dm<B=#S8Ec7vZ_8-;V(%&)s-34&f#|
zI~ClIXE$NQWj+YcrC?kfFE6IzxE{j2c(z=B{9^;QQ0FvW_$bA5*ueju0doz5{9NPP
zY`}R1b8Ydr4ftgPt_6+yP|x)WroH0|roForOttSKjI{m_Jd*~z*MM^dJYm3}FyK!b
z@B;>1i8LsG8J-^?j6_+sgy*inKU{RRnkTGau9J%LLR^*)yCw2)os|BX@NIaqoCsfr
z{e<rYyd5}Ec7VBlI!D=OKAv+8TP;*@6`qR>{7nj8j%T%kx#r6-)8abvDg|@>D5hYp
z7jIB7%k5SLb6xl*=)t&LpIxb7uE}mvFxO$XDVS@oyaM3oCEAXHMcYv@%Tn{OEHy0J
zj^Yt*N5P`)C^&5JFE?QN0xgI3*KnNyvwdki?XTfY2E4_9TMf9~fLTU5ZjS-8y=nX|
z1Kw@GdklEcfQJn@Yrx|MTr}W=27K6n?=|2D4ER9<o;2Wx4ERw4{*(b9H{dA){<Hyq
z#(+;5@aGKpX#@VE0p9?4@f^!qjc2t1)BeP7!&CGNfR_Rm{UG4wfEOyBc04~qxB~xh
z5uS^-#j6qb;%iZ_@$6IZE<Cx4MEp)XBMNT9vxYDo04~D1UtoOlGcI)^Pq~6M&mQ8z
z^9ejzcI1Jo0@ggAR6Ja}|5e2kQn2O`{VC-9KJc_5<uI>=H4kY_>mr`#34>>`f;A6q
zuo%WWh_=iz1Y!Cdi)|cm1)hTnCeJ<tE*P+|Av-Hvg!Pzk3*g1T(+-3+zEk0ucfuM^
z+mWC7C9Lsjg=ZcKYy6nPGhc)?{^yB@{<Oh=G~oYiz)u_Se^oH|Glbm`_Z)D~C_LfQ
zgrVCF3f6rkX-tcDe$Ie}&B4z)Nm%ofkNkgy=T{B*MZ(|@<4IWazYLiC-^BA31Adh-
z_*u^hYyLMB&p+Y$Ed%}zVem)sB&_+rr+B!h@~(opj}l~k0Dlc|gf+hye*#|zJmI;k
z0pPlU{Lqv08y;9^+(zID&sB546`BX~8x>CzcnIq{xn1Em0Z(|Y>Nj=}5Bb~^8d5x4
zz(ZKa{W*ni1)i|RKdSKUz!TQ^|42M!a$oAxil-Aigy%BjxJV<<@8kKD;^_gN@Z4I#
zVm+(y{Rk4)^1nhn;(i0qi;8C#cnHs3Bjb`ro^Rp#w~A*sNQCEdfPm{Q#q&0v|3kst
zR}=j^;<684ikmjy1AfADS<tvd{|=rtz(p0$An=5BnUY2wn(!3;KI9C8hp^@$jXZHY
zHxUL;7CeMCPpjhT#FK}=$TJQe!kVXB@$AC0SMe0VLs;|Nt$4U^w_EWX1P@`&^DM%P
zF~4pB?w=L>9Bo4T0RJ^SMSc~}ddg9-&|kr9pNkjcA1=b$htPb)m*YuT;~N!z4xWTH
z{-X*X!jrJZ->&fVU4%70MLcx456=Sze8_-*PQlONNj~!bGM+~a_!kI6PyAVgwSCA(
ze!Cx0@FR-<20RICe)5t3H}U*W2K;{#hH%=3u;%}5#q%Vdzhl7vg)sQTcoNq9pC=yj
zxo64w6k(1t|9~*~m*YuT^M6I*X?w!j&j|mCxb&Z2Q#@>{gteb}nRxKL8nCRtBMkZU
zSA=!j6#fnPM&N{hQ+{R+;xI1vYr}-WLmx$0$E{QNO~4b@c+T6&zXf>08vnBj-wHfo
zjUOQ%X>mVzT=BGnhp_fPq><++p2ELDekXW@e^dVFAr+T?iLjRcpH$r6#q*@%=?4#C
z?SDw4{BwBzq2i&BBCP$-R}{|+cwSKOJK%Xy!L;*BgrVDR;0e!N1ppUmlu!Tmn&R05
zJYikdq>+dIP53&<83Yeu%|jY_f~Yg!BMhEl@DSEK<)D#=bD}wf!9yQKSo4Va5qNGS
zUGdOI5!O6Qi3bnotP#ai1P|f4m`C#xJ`?ikmk4V-hnS1u1a8E0j)K7^&Ydh)TWJt&
z&8^2jT%-|CKO^`^R99f01SlskU&8bwfdvv~8x9bGD~vm!#<x+z81M0_!ySMh=EZs(
zU?RA-;0`E#7}jY)bvrE~U!}$NsnZfNRa$HVI<0oXDy@FPDy=<)Raz_$y}v-)Y4`yH
ze#n528}Mfg_-O+^ZNTRZ_(cPL)qpP>@b?UO4(gKDXR!gZ?Q1*_{%g3&fLjf?$AEVm
z@UQ_F4ftLIo;2W38StkK_;ZAnzk0@ipEKaE8t}^o{DuLuO=&r7I~ryi(J<SBhS{HL
zxY2;=$2FdPzlPbzYk1IrIlk2R!v_4I0Y7TMQwGd63mx~12K+2xHX>Xv5LWH<B?ErV
zfWKqF7Hp~cLk7$>DUDxlz;%RY%e1)Gq2YD|?l<5)2F$e^&Chic4Rd`-!w(toaRdI0
z0Y7cPrw#bL0l#R#uNv@W1OA=?&w>544vP&qY``@J++@J52Ha!7yA62QfQtrvuK`aQ
z@TUy;(+2!G1AfMUpEKaE8t}^o{DuL)ZNTNIFFNlF4S1;mM-8~qfVUWMrvdLGe2uIp
zgM{hGag7`BVFP~9fFCvBDFZ%bz+W`rXASrT!kGK>ddYxaGvMzSFb|Pw{*VFRV8F`_
zxXyq#8F0G+_Z#pY!q-WCvIcz6fFCg6hYa|*0e{ATpElsr27KOtUo_xX4fwJFf6svD
zpsci>iw!tzz%>TkWWcQk+(TIP<GT%b*no=$e6Imd8t|tK_|pdbIRk#ifS)tquNv^n
z2K<Hrziq(fsGC~ng$BITfTIT7Xuw+tbKroh(|~sw@Sp*Y8?cOZ<^N%@pu1vK6;~tv
zM-|KmnzFc-D0qtuTA`ce7>)dlPd=);UWK(hj$1iC(wCOUVH)8ritqsBeFiY)!FAg5
zx&fQ|J&G{0X<u4i2Qa3*ny_3`qC7N7Ti!mvraX>=I3ClNmNx{1DX%pw=Tel1;<e>H
z2-uYOw4&i5E-mi}LZ-aou(TKD(WQ_^`<=vX%KIY1e)@6E&6HORV{QZ-<*|uqd0clh
z<-LILVchy6AFtoTZOVHlY*`#jQ67iOTHc=nHsy69;3w}-RGck%@~VqC@;LO>^8N>4
zQy#}!e&x%trK#VimpSFjA+wgpmlsWWoLiZf4qmVLSl4(>$F~H0)aOcke9?=tb-kxN
z{mu&IQ$Jo|;LUtIgM4rdM>|*H*7@MM1<H%z<`snkACaK=Pd?JODn6a=F!(sH*OyK=
z4n8y8@CwZHfMdEJ#I4g6<7$MVlDHZ{Sgv3`$j6I$BfNzHTo104b3)3~zJm3+;L&dv
zB4rpsU0U9lN8WcJ?;v<6k9&UPqr6}C$U6;!e&+yWTfYZA^0HB^eJeY|)!6cWTglV;
z?MGohLqY1&`f+Ygc#Fb6yBfMFdDXya{l2W^>GD{J#@(yp@S){#9l(_Lc8z820iF3p
zm9XV;9TR_cy&8nPzd=}ETHarH<n6*5#`nNPdAH!!`hD9YuN~tDeRiKRwY+b7<n?1+
zm19E6L($msX2AxgelMVq^x1e*9xD`OZy^%b!UoIYIF#~M;U<mcyWAr$3TIIbyuQfC
z>t>I<&*1P)JMfhEVcc5YZAxApaJ)Jo?=}gF|J0p#EBNTw_4NSwnsfk9^6+BbG|ccb
z;A6V_(zH7~`dx;8Sujz*wYar@X^*_}h481SgZk3)e%2#zH<TkE<>|hZ_M<O^3$U+y
z(RpMMS6^Blp9b1`0}Cr*L|g~FZf{UU^i8I`&`m&UAqH3|WX(@7UGW=C>o+uPTo()D
zy7D)ecAY>*p#<~F(aEn}cTA0X1w#CLw~X4#Ym)}lQ`>qm!Z3$eb6t*S6gTU|7ToQ)
zdvO2nc<q7GgSc70inz`G7(w4_53r2$UU+>4`~;BSQEPSo5=jeLTi(B<d#8(nDk?6g
z8cxUgp75VhTu-a#Y4tp>o-eBBtLk}KJ?Zm#%`w`j#Qf<0zx(cwK8+uB3h%!A?*E50
z!gzigPnPCSz>+`eT>hBk{|mK+ACtB}+GPHX*n;f__dBW`xonE2CCD!14;fgn=OJ-c
z_lFeY8(sH}dlZ%Z<xlEroWTptMEgnU`_q!H9^>qJj|#nC{`V-hgpGBJY3(VY%#3*V
z-G4+I`e!z;X?oil2nge@n_18_)X%B))oI8-5c)?U^9NGoM-pkVwFzyL`;=S@>&MMC
zlxuqQZkjvMLD0<W$7!1^(&n1pLEMLN--~+^_oKL}_i^0Z59L1SGq_ntpT$%Az4L&%
zuJt1BmvO&_`|9=6Z-M@weidyEFJG-wwk@s#S1oYW0{#~GLB~)2()_VMuCbth>OXnx
zcdq*4pL`)))!<*91%8}k{(p7GyPBb^7I=>q7>>V3#vdUY&&V&v&GWuI=lheq>X3dD
z?k%``aPP*=Gs8vPlej;H`!l#dhnr`Bzl!@s+;8CK{_9fQO}IO8kK_In?oZ?XB5t0K
zeGNA^w##vca4*NrbFH1Yc`kJlH~0Kc;r=3So+ahstU0)OHk9W*dA4&8Zl2%#H15;5
zc?OebFRxx#E%0y20z6~vy|@PVh7aD$_pc>P|4F||Uqm1Jzw>qZU$ES8)`Q1J-}^;h
z`$Jsscg)Ij@I17}bMO3?MHqJ!cO!1^8u(0VVI%RAUOLal^WwSqP6hK^e2;=9^<U=y
zZpa*b4{}#53$19V99nc^j6Y{J?{Wyg1tbCdhL8a8p4$_B{FFZ5^}V+rzYh|y8Y+5P
z!m(iR-iC@T4dF<zEW9i{?=pTnDwrxmLq84seO^BGSN8EUPvPoWLX5SxrF%1TxwcO|
zTQ*y3J8}2*OZ;}g+jmGfGnyL7HV+QwGlc>$Yg@t0xH~#p39K#PE3T<*_r&NxCJ#hk
zdoyqT1R$RcO^xEYt{w+cyIR*-J@^gPLMB|87$46b3a7#Y6GKCpd>FsB8_wkO_>Zr%
z;+J}@=0sm@eXOarCEg<8jWHXBa2pmp{k;y4f(4JpLr$V4Zu4lEJcRrDIy0$5Vg6<y
zz%V|KI*wmE9T>rvQ2F|=)xD#$lTUn~@c_@viRYSn^^92)WBbN(_l#K$YwFjn!Fj!1
zv32X}HzHncEW>!cea#kr+{EhX+h!$NTH6x@a0ysFRT!KW^^8I{9&Z#d@@T^!1q8cN
z4J*uh+d)wt;pPeX#1C&02zRB#le>C#^|6M=b?Y}YZETLWv?khsvTAw76I(mF!xGlG
zM0aag!#FM1-@7A$pw)(-P$1Bf$rne4M$)Nb=2jl2<4L?$d{vhL!o2Xk%ECx)?A9>o
zw+voq2_*jYiK-Hobp_O02E)<1gSQ-9g}B#gCO#RjE_U!%_0;Luzr-1C&hE|SM~cIv
zA`MMv)Q&=7B9j+ri(y_n@%y!dC`*%%`0iXW9M7QYWhB2#2NIiy@D1g#OoI`4^-T<X
z96zl}q|L8z;U4k(<Y9czH_RWRFm1x92HD5}Y6ldPv|2=U?8rFcq8$pi6!0?{Fd2S)
zc-3{c6c9&Ioky4asbt#CK^hS7b=cmeZ2?-h+8Ho-VEtPaLn%3Na2$1d47oSUm9hQv
zmT2+XT%<HUF+d%g`?~AH+dEpRi@+QIh(j)!X;)r%t*hI3pdpO!I^)yDsAL5g*@zZa
zbX_8%C<dW1>MW|ob<F!NRj+n=byIPhCyK+YU58{rnz2ju4DZVv8X1HwDVRE&$_N-g
zvD=**%^*=1O(hmj6-LtG7G$KDPvJ+6z4_7NTAFVacHlpa3nM+F46S%-FkHkB8HW#~
zvJ>z;%x50A_~~Le6gsa$COr-?PY2Rd3kXl*;HVW&xNL!27pqq|K;VliM@MIbf)VG<
zcLV<LZJR#AXZ^-o3V2wtI{8d&Z?WRrw|6F*yRDAy{>0WquNCj;5BK%=c64vW_e5Iy
z6HW->`0a@nY&yzkxHZw&(%aF~zn$mc6T9#;F5S(-5BDbIGts@H3%~8spFj=TBq~#V
zJ>PZM(cjjj(@^*Z;uYLz!0QP2CGOaf=xz~yt}oFKe-E)8En0-t19khG<DChG>0e)O
z({^^WCbsuOJB8_JUT4#G^tbePbS12<iEgOb*>QKGRfc<;d)f{8J3IP19O-yBL-IRv
zx;u6z;3hg1M&={7k-EpbdTc&)UT7Np*e`ly{fph;5&hLP_}Db~`ec0xMaW5(#%P@;
z0f{e-Aob+$WwT2-02kYy!3UJtZ;T8b3ioFAPh{}h;_R1^pL@_0Gcz(uz8OU+8(cX}
znUyQ2Df!+*ny}-QQ&nXI-Yci<@XnOFF01#RcI<tm9h<Q{RDHN&(u(iBWZ6=@Gi6!v
zpuSx(Wt_Xw26_*v+q^TTuIp<_;?ve+G)+Y_1?%=&DrdU7NjatU(Wxh;k{nuT_8ppA
zD~<OtuTCGPpI)B3&QNDnrhe*anx8mLbE#*SQHeC0GJ`BA?vkd<#T3?u2@nPx;r@~I
zK78dJmydrcVRHE<4^@`g%xU<PxkrjB7o7nQRmAuBAP<YIJ6_-8VbXGxnLJegy5VJ#
zGCXy}!=!npOUI|qcqG{M%2nQ8CM9ROWE}r6L-F|6EN@C$AE%CaIb<C%6XGn(w|)tN
zt4>K)pZ-k}ggxD@QV=9wW#5$HsVj=)Uq?LgOli6tOLOJa6;}bdWZBJ8V13Hm#QTZy
z_y{T7E-xRYY?_ZWn`UOvZvUn*PB#(<)5EE;y%>M{_y-q*s~lYv-KM9P?NhEU39j;W
zQMCQt;}Q>xe|dYDWEt0M&*P%{mA{Jt_R~BrlY5vnk21ZB>QgWL=rf7;)Du^9e;?px
zad>7(#an+oB2+yw%UX_yTh;oJPd#!mxayHX5w`Og3~9NN?o!-{t?Qt&yg`v=;;ugi
z*}v`>3_5<PWT#F{XAK$G(}$GEw*7}e(SCS(gQ)s6tw9vsPi?0jOryA62d0&-^>g|O
zQ+Zj&rtlWwWx~!6#rXM~QYPDPsciUg$a*nzT9U_=86QcWI^@Hl>%z>b>3ZRrAI%_d
z`rK(*?s2S-D1ZOt!>H@zOlhjRbERx*e{@B|y6a-8Qg(g2LW(xu6;ibMX2@h|9mS6b
zjTDA6SReE8VK&j_zih0oJ7xwPqEG#^iIS!iwXwR~-G0j;`}-|}LDyBUWL^ILn(A~t
zKC48o?Xzr(Dq~-<ismXcJ0jY+qI*^K_ftkhyPT(yY|~35>oOMV${(we>pHHocM)t~
z<i^VKE0rVhQZaW7U02*#U0$V<beU*>;vdhA)p3;H@DOz!@Y7DyJW+HR`KhOAe&RIE
zCC)AvA89ttN19D@N%Jd9_o&5e&nl{mLDKywx~xn^T~TE_RC5+T39=seQFIxpHtx^j
zY3Ke-y6*T<b$L#o1FeT{^L|ns9zUuq7dcj$f$l0%w-s$4;1}KF2Ygu^o*7c{)*r79
zvL2Y0D($O$>QX6_*H`#($a*nzT9U_=As<P)jw-wOaOnCmb85PbJ$_~edDEw;Wx4&2
zk0{T$WqOIa9#79<*P$zAQ~RVV8dlZoX_K_;(-l&*`L2+n%{Og|e!kA>5Pj;VO?3G<
z8>{P%nE{9BQ~zwDq$x#htS)!APcz8={>)&|b=50bm%qQJI$e(sE0G%ud*!M!_7$sW
zu2M5Z>U!iA>G&dFsk)xp3((WYFQMr2Z%>U47KZWjmSOk&cp5y`$-ES8PcL5O*^74a
z<fhnF_C2BD7rR;;Eqq6*p>}kz5kU>}lS~puwzz+bb0zvnjg`t22&V_q60eTe2s~ho
z#|E)DYC}9>jb~gQozZeK=>c1gjfWhKXIz2jxgHU~xgI4`@IXZiH%R!Mv%z(D;&2C#
z%@Ak8pxZ%B!!a6hY(~W=U7{d>+w(kUqad8k!TEvkfY@|Tr(hEiPGyVXG3?P}_gaM0
zc^s3|G@J$qi(g1qybM#Sq8H?O5QUOFAcrRkDXswuc_U-PI8Iayr^dv2B7wsR2F7vm
zQ3o79vd;qOG}6wYoA7upJCYuus^TmT&iz22?Ja#hX1JwU9fXlQNLR)?WVNUAgZHHJ
z8IfNtgLHACVlXqPGQt(pa6#_QrkpHGdFkv3j#Pw8@KhsQ7}+}}h46Q#b7MUGfO4G3
zGj}*wkhhPEA$cpEn;0wR4+$px5-#?wi!uOOp@>sP+w(p7+<}p?bVl&x@_SQbYHwRg
z#%~uIxKwrr_P-^?Ji5lTdg9w!+YZF=OoVm4YH8##Gtz7v&K-Ee4f5<*tO=vi)Hr2{
z^JyFD8=WvJryWLn<IikZy=B(Q>*xMbL;Iqg%ipcWH!&~Qmh%)|KGN59&CxPzyy5ii
z1HC6U-MurGu$HtoRc=`Rccc$jetg;72)=N?a>bI+EHL)8oxZ(gZfm^U+Ino>k{v5=
zc{9A?^t{W5-;(!=c*Tl=*+a2wmImituE8C`y)-Tk{I$nB%A&D(mw!7ws~M-|8^YqW
zAkJw7t=N}esB4(I+)@z<1|nx)SiO911e(`HrWkSZl~CEn;Ks_0k&Urfd|@nJ0kN-c
zcse-yK}!glYATz;+5Omw-`G%j%gTo9b|2YrEO_odYxXCBJF%g1UhL#AZm0~l{W~i}
zO*(PDF>+Ffj-5QZp>p@ih7ZS1h8QPot!!8jJ2_`V<yh?G+zpkv*%gp`a^8l@{jrnt
zH&l+##>YfsCx3NA<>r+Qm9di#BGS=eU?BhI**IqzJNfX2%GwRFWwDdTHdI!$1+2))
zqezqXiJbgJ{yWAzMNa-I;fEyrFyT28o=Z3+;dzAT&$}EuIU5Ph?t%E9-*Bv~woDp3
zcH$|fzYV!Ox1n+Y^Y0Lm#))%?fA$YzQ)%Q%+A|uQ3R;n=pO*q6Q%Je97hF@n#(($n
z-)E3^Wa`%mLcPco^o>mwH&o7zO-(Slm^B-@nkp(CrjXCz(KS}*QxNqJglnu$#OXY;
zp)!oZ=qxZ&)I!}Mxgs|8>(H|Etc>1yKRDlF4j)C-b2nSe+lt8H6|rlFASx^j7m7ip
z*ooiUP&phs@jS~DrRwA~a^iWa_@xb%cf?M-U=Vbr><l6wCm)nHoelT|bVU}9FnbeH
z5%PBCB^-*7=l94Dt}pSq7$A-ciQi7*@8Qh~$lt|Vg(tuL`HQ$8!_Dt(@*5NUjSBuw
z)+Ic*;g0_sx%nNAq{=IQgNOOv{66x|v(;!c7Jmap+l;^Wq~Ra-c^71b9;NT-v6|_G
zr0<AD9*ak|c9g{<kM%}cVv)96*KJ%Li?qiEe*I|N64Wk-+9|2spw7NcQhOZgc1gX1
zaT_GH&!P58YCq%FNa{|9x<gX$WZdPFdY41pC8>8a?uR6Gw?q9IN&Oh(UN5P)JJb$I
z-Nv}{B{k_#e^yfWFz#$g9dM{ANlk+aQ?!>&J`j4gW0Caj^zUdFi*Uokh~J|e#q*bN
z{|@dy#{J)M^Eh}lZC~D2X5HS~JIfmSwX!A4=UraXx?%aZ*yv@suUs5j(tscE+}ZlB
zkj%5_I8T0UeQo*VqnpZOUuJ_ljd!l<E6*%MBtd(=`s)>!f)~nvYjI6H(s%prXyu(J
zgIms?j-04ly?k};>CSNEY)Hn7)b@QP5*h8Q4dM84C^)D7x#|}yq$tRG;o2vkKk@a4
zU%&6W`!57HR=*gZ+`O$;Fg6{YT(+&@)=1N-$z`|k`I3CbY8FaDtY%SF3;MCLTO+ZW
zDvkS~z|ALa>EyDXLBv?i&66#$FVC-w+}m5T?xkDWW?AtsM^Cp-wKr~Sy*;v|fytHK
zx$N~N5vlR2K-JmJq2Q{Tl^^N}Rj#V3Mkf=*8T`Pm0J>@%zK<sYIC&pS1S5&E=%%6I
zg7(g)>TUd>Gwd|G9Phk^+B;V_><VaHD86dbYn`jV#gyhp4_C!zMQfHsR@F2GzPSu#
z2<!Kj1>$i4!QOZvR#p~|2V?QFZQqJ!hk_ODhnuQ*1-|K)f0*($?)7Z+@ak_xPgT8A
z?h=eKNW3i2i}q9&j6-ldc-yz4$A^NI?WZX6<y-D`>3qs1^LX?WWWH1tbSvvC^E_p~
z<dS(*+To?u4ZYQtozm;)qc5%gR-|TORj*s@3^w>4Y!I(m=rKZ52soF*--B4nUQ`uv
z%l1<_Qd0??<28#+v28+UAWgZiWGf+)f~%^Ixdl(Jbfo6`q2Qu;O_j?gT7H#V{`C+|
z`5&x0rphn$DyoH1Kz|474MN`!`sw>Yx4au5it^U&9GG>k%5qhSX;prwDHOR7J{_4_
zRS~Ux<wErIx2D=ZLb?B>DqghWyOpnf<eT4Ka*5S=9>lM#eLPaLwCaAXbiYtqSIVD(
z21|s_OZ{|S>ehJ)BvI#^9dSN3xJgunn@xFWZ>$P8yT#oENvOS{$$?3BU}%@oz^c&e
zOGCkP@Qsltj?8)Txf3rw{MvnQ@2@;lM_*|Bwbug|f|ttPoE54J&HmWz)4fOPRy@)Z
z3GY3&eDCtrTN=ZsYr<0E$L4nhH_xk8e(r0*z~Q&fVW{^+AG=c~(kGqWYXRl%tjV|>
zSKH}L-e2=<NWHkD9IUMewFp(lr!1x!JMzNvN9rQst;arGEj}=c9KA6RpL%rjyvWq6
zt81i2HtBd}<cY^H{(}y)F(yEOWmaiAUzN^<U{&mz(9?(+i&#1@RlT$0Q*%AIfmx-v
z`^!btrl5}b%u@<sTj|s*9+o#^p<``x&=t(S1}dGKWrZU26`|PdGAoon7qCM2ABFj3
zSK;b&E~Wx9pO=E6M$|PKxDfo_#oBoi{z80fXb_YaYE>CQABHvknV2j1#@VwcPoBHh
z64Er!OTD4abLCcN2=+UBa*Fmld-4SB7pe`J78G^He(%cZA78$9|MRJ@-|>3$ck3?%
zzhAcHRi(?N;1^<hLXDe4FsxMfrQR=etqctsnB!+d!J{ya$#pyk9BdQEyfQR^sQ|4L
zn_RGpKV5)&P_@R2j9Fhh29q6y^@6gf_dl0<@s8J;-$u6`mi5im*P@1(e}5KwxxlvO
z&4F4<g{Yy*CBqdX3sAG?Z4O11wNYz>N10}&x6!En`$Bn_VqFzFf2>x)R3pe3vVn>E
zHV~Xw^|kUZv|TrF?z^Ftd;e?oxdqlhFjRHUikwweI(jYYs}8iyCVBF=Yy?Wfh9~cL
zW!ODFxez?w8wnmhZr9AotgfRhLsz}3#xKSOcV+{4N;5om)(R~}=y{p%rLx>zalT%`
z_IdoRXyvKksfJqBhF^MX^StO%DdhP5hu=Cn3)3lh{ljmea>G4<g0L{9dmM!E7ROZd
zJylO#`{J>xFI|h49Z~wMz(j4C6}zx7QlpIfW)QfxFf1GyjYMlEFUBq?`wdm@Cu&pG
zQ;1L}RT-)rh;|CZ7LB+wx_k0u>_U$YcSf@e@6qAr=wXJ(b$COlGSV4s3t5NXnLQW(
z&}t69gPO|lH4G!C@30*sjI6$ctRjqBbNHRw`CdP0__$}DdNKCQg=lc{*k;v+hbkMQ
zOPTgUopux%MA**Yhp5ZKP$fokFf6TmE{K1q{KB}0-!faNkruk|7h_fbc~&$C%RV;1
z86}$!Mq{C-;KmQtEqkagGWBw-q8h()y=+w%v^b_!Shs2(lz1g}p<QF5p~$LvN)cFq
z>6?W;gFf&NwPl;jI|3gIbOoij^RZ|E)dHHMI}**+JvRP+@XfN0in{`rW}{as-&}q<
zcI0K%AN*XXa&vi4>_}Z*anJHc!r|i9M+#eyjYn2kQZy>m{j;OrzGmP9ADh<|YO1K6
zFY%9^4TR<&h2oY64?i-WrhJDAy|ZHeyw~P+&3C-PDR@CCp>{rU%r52}KjXkB3xH*g
z68CnmvVYZ`vA3_g6g-u$)~)YC@Kg|)RMp{Y_XnCT=_Jv8!w1sMSt6ZMe|&BI<o!*-
zrazY|s&tOW@fK`sYEQUfVJH|{T(|rP>;$I>o#`5_$+NM6bnL|Bt+9=9&VNk&VC=+0
z!1tPXqfWsG+%MA_s$BHKW@mIT8(1bVO<k06E~)Zgd1}F9O9Q9RKlE}<#p>Fq<Hx=8
zCE+J7lpR+UbF%k1hBR$ucF#?#m^~-^D8ui+8LayU)r?kEOBGgCgfPr_Id)|3+VI+N
zc<n5#5$-%WD-=3ciRQ8Cp_i9cG*z!&7DZ2?bzTzr$CDrJTF?~Gb?F;x+AHQZZa8(_
zl2<l8j<=Vo#hd80BHgGEFI=qq#=A?-M=Ms=JQ1p-1An3q43Q@emsAqluCE8`z8rqD
z{FE}SHq(-rPSG5B)rOp0zgVG1TazgBG)kAtOp^opEoeD;K70|&PPiu{(E&NB7QY!H
z>O$lMYX+<sSM%WG`Pju^yzJLwQwugcy4W6epdvCSPBE)NUga6p|A#Mzk%`A1QAPaN
z+29{XR$%;BjX7n-#=z2hMnfMf>nhX34tPz<Yh$&sBA*?cBRX*94H_!y>gq$YLW{%w
zN9wlE+L8#rRIJ;w{G|u}T}xfd=eIOe$9lujr((TpomvW6A|H5Vyd-Wv<Mu}`24(b?
z>Ui%Rc1#`7C*Grs_o$QR%}jF*V+!4!hT{|0Cr!+*RTPz`QT}2KUM{_zG5W39x+d0J
z^SfKGpBGvjI#L_L*Iq*RN3#E=Yrfg`-pg2Aq!r??I-Rx`H%ij)jr{K9Zz81@rV~dx
zp;_>S_L$$>uT9<`xi~*I&}ioiMLF3U8|X6-td}gA$#m?`=SP+`q9(pV`=KtfMlOp!
zB5S0r%Y`7UaLxGM@acggbt@m)6A9mQ?1T3#zv*JlP;Yj~9%o<74zUWk>!fR~MU640
zmzU|yW(;|m8RbpJA`vtmQF4E~=*Ht05sZBnOTstCKKtJ`RDLk_+27f4?D~-1z62xJ
zc`<fne(n6d9(Xf&Y1T74qJQzdf#^-LJT3&!A44;N-#^OFOMfjM43%kG<m@|Nh<rd&
zU7bJHv(WXZE<w8iGo4GpH)mnI#+71}xk}@&YD4GvKJeFqOyfh6Cem1pG(d%Sh3@A-
zaP>Jl0o0CJqqD+;kJKfOY@K~W<YFLx_F!-1rby)GyUKPgU$rROc-OK>8a@_F=8=KO
zXTP-a5fM=9cmns|+&E>M3uTk)V-B?;;b*E@Q`O+L^2}5)^?|dgs*9=XFO^*=@BD|Y
zpTACbn&+;ujz7CuIqbRTyF!}-_LS%=7vPvXtzh*B&Q@1ltiHbT%pOtyF2WzgE8Aly
zth&Z<thXIVp~tD9^nam$*zjmo{9>?oaeM5u@7Aqb80&8jEt2-q{cNR_0VgSCFpp;2
zo_tF3WAaCPf~2QS*5t)_aC2xG<HfQ1X2-)+R_Ns?^HeY%dAxUO&z8i(p=Se=%g#T5
zR(0apTUpCuCtej#ibC6ZO8a?j+u-r1+Mm)N%ZQv;17W{ef?ZcJ|AbSIOsPTgh2S%>
z_|zUfe|Ka&<qTIa_QxhqWcQk-XCu4Ue*GC#ws+q(hXm5bA=OEE$3++l^<F&Nqx*<A
zg6+?QKCh)~EGE&ezUVQJd}BWPX7CJZ@oaphYpIUCBo2S3#)Omi|I+!lLpv96==bJ=
zKf{la&$34r;0xJ&y}xwnxex8Ec?Yenbe;)6Q?18xD795(KkkrSry`LktG1|Hw}lpo
zx^<i3i*?<KP2H>ND;lZ0zDCY&3J7;`&Qo7SJ*s-kil6)sTO#-R^E^`-yNKo7&kZ%y
z!7oIDPyWwdb5{@}H6-`h-$&I%jip=UphKlE@z4k9hH*FJ=KJ^fnKrTRZ;$IRz>myc
zv8-}M!_uKes%l1dzsRw<)Cz$%R1iBbQ1f`areV+OS$j6k+Ouoco_{}U&(AOZ#pXlx
zcU5n!SQXfFXx5%R<)Q0iHCa8C#Z*fS+q4bD;ND(0GwPREvsx4?uPr~l?8pm^kAxe-
zTOVn+UC;M}ubl7EmFRo%(|<bkT!?eVrLD2^jk-ck9y?o8x%1RJObpX-%}xg#5_<?-
zhH=+Ad(0)*TrOe1R_6Bm!Dq5Yl5f1ClN2f1dQHZe<Z;YYWi)g<dLbp~Neb=N7*DSX
zyjfNipB*{d6VYo^96K+#v;h59Q=o3`)N{de<syG!E&P1&QV7YRQ^)A<bo`MQmOZld
z{+E`#8(I`P`HxQpFdE0O2djM>?*CG>Lg_Ql(8n{gsyuW0+P{DPufP6hub=tuliv?+
ztmtS)FIR?5jP2pbZ!VVtP)9D_yz7se0`1G1lxaS;plf~zyE2mDQZRDz^y->b)m6VS
zD|(o_-<2N{Ti@FvH)DCJA{?%NEEa598V-MFWy3P=$wzKptME?+6#jpa_deiJUFV(f
z%$+|1boFOOV!&nuGe<(YgGV5)ur(r*Ee%)_7}+3fA-j+;gDr3h36`DO&f*rNL`m9l
z*GMr*lSwlYw)g8(#WuK)`*o`%($LB#pJ=es5IYMEQBv3Gf)}gaY@CJo`@Q#^bMGBV
zI8HX*=h<g@xSD&<J@@>1&wJkU{yXmpk{mqs{N5Izp7Bfk$kg-QEvUn|nLNYJdl*~L
zI_=)q+#RSp-;QUkw>4RyHCOr<u=5J@f2t~3HTjKLxLRnpE-9B9wQuuQUREwC6JFp!
z;neeAMJ@ans<A>Z#KJ<tn5pMq<B&ZY@4Hyu*V?O0+~Uv<MV4#PI)9#~MsC%DkwT-|
zyktHU<?It~=+@aMJXE{#7Q1tie%@2RP3sG-bhA72wb95Yw8_XHCjVjGgKL8u(Jn7<
zi-AGxA42>oh7TT1F5*3)9F8zR^iemK+E4f+D%-y_GRpR=+FG7HvNrkMt;vM4yHb3A
zsW-OvN_i%x=%4WaOwqzTTgRH>^!MAE_c>#gninjn7jp&HrEgzcEk2ui;g}pjYvqzy
za~|r6ewz-suZ0w$3*LG4$FINk*7z?@_{W=!HU23ju`HXoaVl}cbYkgDVo79NPZVEv
z-+Sc2p`JuhW1eX8k7GmZ)c*vQx_7xl+xxbL9@#g(d);7_OKE}1pycyIhcVyFp`lhL
z{-cA1%chv}FV#xRpE}O29%I>MEK%?>6YK&@_ySWQwM0+&`!R6tc*5T?9_&c?)S~xJ
zoGE(m=uEiGdl$x8i6qY6Iu=>8??`vx#)$KYqJ2N^7+=~p)Eh4Tp~l;FMuF`W<8`E)
ztwjFjn(d+Zc&R>KoJ5{Vp648MWMBBG)*Ragz0S7Sw)!=fqFq038)D;2Wg+MNZQD@l
z+1Oz%Vd~vFFXd?ojkTRvweBOeU9Z*Md}}i7+k6ZE=JO{$^7$_u)e>zirgVgTe=N-;
z_+a1BRh5ww+L~1tdc(og{~KF?Y8Mc8W?wj@4Rv=^#KyaRvi06(wY2G;nx=b-_3@?q
z#<iDaThs+#IEvh0KaZL%WSQYrQ4{$4j_zL9SNGXa>&TMcu)lR_J`4L={X(Gy>V;+Z
zU%sKVyzqYPL}0^$ws!(|yP5l&sbQ8m8>%?W>mdNdP9SC9JE2OEc1G!(@_hasrmbr`
zp@)5%U`teg>>ak@n=QqTw(-$tvVT`<N(oem9?q9Yct$xt)iti&6A$O(a}$o3ouJ+Q
z0D!6{!~WFEy<uN!Uo{;$H%2TwtyQqeOjvp(p>bA}@Um?9#;NcP)8VBv;U)g@gR~$T
zYi}4Iha9Nme3qAUbs9<H_M~;&Yu$DLE@L4ajk}ED$HtgIFF~3x_CnB0v<vnUFK^2+
zV=m*_<S7LINV?h!O3hC~C>>?lno;R54P0;suDRuchQ5$9OQ6vW-GbBTGPKhtFWwn~
z%*vn7WlcRbSYv3wM+)TEVEsYp6u<`M5FCkhwy}{?4l&v#c~O&(Jgg*EWE0D$5@pkg
z;7nrKWkpXcjwebw62-}c|5~1^o<4H=sGQ?0QQBA}*D00=oIb(Ap;!EFJzP=`952pa
z`LeFGe9K7`wq`@<V!ZDP7B5Bd{;iW`QnG7-<R{{plx#}sPuc3tpn$9Ihy*buy8~f1
zUV*6$L@4bT55>cNl+MCJ5Wk?b+yMB8OCqo7$Xvb}Q+m83ToNB&r;pc|*^b3wfdoEH
zz3_-O9(xVb>osGbkQ#ffKH6D^)|R4ZHZA~sL7ALtLy?QMBNC}Q!lA(J4i;4+o@4C_
z3y0Iwr+vwA=s}PfASt>V50~Hz2@kOT$1ZzWl;tJ&v2byvKglveY5+YO9oVOizS$L2
z-8)@lUdILHSlp!@QR@yAfHn|`kW+*uN}$;fi<NyUTr#1c8+|Q+9`$D{=1uD1nsU)@
zi>jZy;4phrUEuwMvm@;9zUQXNe=<|SIJWF_cD<cLSV9^d96ScDKjB2Lu2!bM%Zf%*
z11vMPY7Kv*9buoWfhPN|QSTC<>7RPoKNQP1kvqLm12R<QUz`3mEBY3F`FHj&*V32Y
zf+ZmRD|0o}jzs>H)+)1Uhk7TPQKTOB=WkFKtI7eT>4Cm>FYrO1xK^_g43N^&<Is+F
zo`gB`%e-=0B;uRn;eZ}4<tZ1GPPPaLF{B;oV)3v~AJ^nyriO`Hs%kb-+#htLe#CyH
zWc^zmlfJRBwV*!P<tzBT33!&se`Qz!vy%Ec)}gyzWuL4?zSKwYaA!s2`Sc5H4QY(4
z`j$5;VTU7BUd%puTn$qBZcs6FI#G-dh@#OtR%{jwJT#htVNX3!El6_eN$)R=y!alS
z?)<sRGF?_T2O8|%?3`IRUl%*|ymS%z#r)ei<HZsr__5`nKE$8l(QHHn)Z1T2{p(gs
z>W`*B7GHB5w2y=w^rDvccf##R7j_h`kGg7Z4(WHUN4nAVKN4Mc6%Y{wypM{x6*S97
z=K`N~Y+Wg^wDWQe_3C8}Bbd}$#tC6MPga@iCtwxmSfd@mq-<lbGh_Pj&Z{o-_FUF!
z-ec+qUW!U4{!q66BxJbn%4RLZQbIs(LF0ny6<U!t-P)6{uQ_gx6Xve=fZ<eHTvh9-
zoVjVj=g`0L?t1of{kGJPWX=#q6m0s)x8jBCgG#6(#O_=VgGg?M7MCOSJTkCMG0&0y
zZ|EwkJjFhFD)t9#*jqIiwHMd|&CBy>KPx}QKCv?Pu#saC3Q!sU9$#yJU@+JRh{1+s
zuiBw{?j6#+ZGn58Pk55!QQ$QP52(n@!jU3${BzUGjG^Buc<!kMu@hCtm6mdFUK8sa
zfqz<{z5S)6G6C2E)j7W&=Xtzg%5xLgtVTBg!&aW+h4a6W6X|cG{h#|uK>v}Vmu%ze
z;$wZDI<`x#^)5%zp4i)8`pGUGcxI?|k3EccJMnG_+@>ZLqi`&5Y6+%NzhC?o<F};<
z!&5R*z>_BO#V?HQwZO^=*#3=QtZlV4qiO+Yo<tLfUZq#CqE{!gz*X%8%}&r0V8QdO
zuwt?Uh^n24JZ~ZlfST%-oO!BoqQaP#s?x4p*)TX(K3Me`1z-Ri^QPUZmk=iqUsJp3
zM9-Sz2UmFxHh2zpc@945IrwzxpEZ9$$iW96_dp0<vtL`mAq6!{vE$Ime)J2J79FGC
zK6H%#V$rTHfL{Zpd2tJ#=1{f;>K{DAI++E^;yr5iE8!K{@bal}*>pHK6J9ouIs6s)
zSNq3bR1ziGgnugGn@$wJ_YP#aBNyD4Jr5pzd<c{9#2KXpzyyaI@v-sZi1V?beMff{
zj<t_zN5=HSSJsHRc&^tGYkspN50wJs^(SJ@>nDE@ors-CLF=f5OR{1ARM<BiF8;+k
z{_(8^S0>|J;lN(#;JT7t)uqSpCM^l|(@2}sHfT~^*B~KKbIe%|AyZihKHT5B@0%*j
zn@_kq#)~a};<A$NLBlyP1Cw64AXXPn+~ClfyS{0V29vX-@$UL&dr@Pd%%~PlzP*d|
z{w|qv*;-X)!PbH~`75X`Nc`!W0O$+*F;3Nm^8f(p^TVJs2L`kA%zh?a4qYaHIPh%E
zQ@$|(<)oLfny$3L1UPy3^=E#%ey!}q1tpc0P7}Zznm3+yPoqbsrB2E_@P0tB=-PH?
zjLDVnj3VEHk49fq1r>kAH%kWyot(NvUHIg}(C7MU9v?jXXy{8{DrKzfiG>GTR$2Ue
zlhx(A4zA#?xqmQpd*5DnWxTv>N9oF#yRG6$&%Hj3Fo>3NV1c?)vh&@36}V>@X}K>7
zoIp%n5p*Y5|GiImYd$p?>g;>ebHjtO40WX`4R`w&V9cZpV1AAmrtgmUCtuQ)itgGK
zvElSjkPtt0sj2DR=s&mKyc9}nW5_t(+Vp%9kCB~v10&kjt&aq6se9R}x|^CFfjMpR
zr&}uO))lcSm)-&Oi^P5Lp%~L$P_vKxBZM$-yEn9<Z|g0C*ix}~FuXTf-r#!Wxbuvw
zUDdM@x#)v)2Tg03Wy}?3LZla5fv;QMo}#2uuP)x&9Xj;=t)0ak@%qW1P|8Y5`DdQ8
zWX~c>x_xVB2=D9m6m=-|hhD0=r&#Tyr8{09Pljot24+y6FG)J_!}z@8`S<Dj<nhiD
zCnXL!DDj0q;)zT4<Wu6XgGx;vuiNA6fRX$g@1t1#83&b{Jie*dnExrIzK3p79oos1
zUr&-BFg*h<rvFo=AO3FwbtVVVz@Qs&jZ<^;<4V1r2^s3wdIGLFM@U~d8rQO&Jx(@6
zp6p{#a!!u)#E0&d@<V$;Y*Nk?=*CJz>jrB=kARv=<gz)^80EIRVtzR}#0S+b3#Vz0
zQrr1ly{IJevI#HCxOwFe%#!?$ZG!^OtQZa_pgN=rwEQ!yzNg}P21FCadOo^FJLc2r
z&zDAiKcvH54tA3vSa*4G-M|vHL{`oAC*kVT--8C@7PimS_f@h&TeeRYHGCV&iz~Cr
z#Dky@;eeu;bQB+T_T0dt`#Rwe1QnO-D-4|0hOZdvuCJ)at6oxCK1Ld4_`Vo>RcsY^
z4g`=5{B8UzsN|KTTm2e5fYc|vSoCb!j`ftP165yx+v)LFrv388WQY311PGEtEi>wR
z`UmVgR9d-F+B18TN(;m<Bp}{7wMN~*tI;#wDpz4n`&kja-!7UlZQ5U{Z;%-9ZqIeU
z^{aTVXY!CCr_5<m*6EoAv(ry5r1A!ljKxFt1r;6ZHT09p(`sMUOK(!1<H*x?KJAWO
z!dSQ+=XxB-24AEbF$Bk#%zTtZpZV+QU9t%1;!24ydEvMZFBu>HK%WBtCD4037tk}j
zt7Ztc$P4$X8E_MLzMgLpRyWFNC-hGP+JA}bJzR@`#(rEnt~+sk64&Q&y?~1pCSneb
z__Hvt1>3f`XnO7x?oCM0U-)*-x?-eIEruHk$L;IQn?P2qZF46M*&DG^TeIi7^W$_F
zGod$Zn+Z4Q8Hat`Fc+}N%$N&+a;V8oLYhnI{|}Dy@3Lr3;N)@*EADbl=(Q(@v0MiH
zu*Nz93Y>z&=_xrNggmSa6Jv7Nm=|9)=EYYrvP}7E&_(m&6W5s+$2x8_vK`Yii>hAw
zXWSd}|Eu<fb|#k+k^rf{YRroqq*a#CJ0R^m?*<mryS{nfu~K>m<mBHKKbp)bcEC@s
zftT|X%Y5|iCGjrlYw^yS!!*a3a!mc6K<`tO6`y<$zjm0#jS2S?q~>&&(L7WCO_V=9
zw|ql6Zj~Q&AuFa&shmE&V)`)f(=>mcFy_x8SvAl-NYh~%{(xbm>9Lfam(cTK<GGZc
zOX%5WJd5dtXE5v5^ujZkb!&Rz8A?Aq=lE&brk8>EFJMk>1y4=a-{Jnhi0A(yeo3`W
z3Kg1bAIJ4HuCL*G3D<XU{dZhq&V{le5PCzqpqeo3M>&UPblB!HyD{;)Pvyy;(+uZx
zFV$N=wQ1U5Pi(xo;nxwy+8H7>WWWze$AQYm9FEScho`@)<Tv1Ty@EfQLaxFt{-U0g
z8%`s0ckpKOKIPB8a4h$UXF8vRLj+_tKe6X%!!a*dJ^zGpUt~7a;1#l+<uJm(t0(tb
z{1oz~%ygEMo@2+VZ-z+h>{7b^`IQG0FO~^nX?9nAR_WhB?(o4lZ%t%dyR%WzNVSCC
zs<r%=VLcB!ItL2FvTL2JP)m$ueMtCDRxLNZXs;=6srhf8dw!w1yk#ZY_VQ}-sf{Hr
zmS^~a_$oW?8$0{%*w}v`Yj|;NL*{Jbi)U+}8iO3XF4OFAY%c#37I{cNwRLlO+qPIU
z%LaH0t}_1n5Zcx7;>B9ucebBB@Zyzj-w#{HHu{=w&ungOtN7u>7}QgLpZU%!v4-{Q
z>Yzn`fAVd0Iq{4Ts~$1{?8txnxfM#w8}EY(>WMtGpBJn>1Z0IYVC1#&LUU|8Hrrri
zTYUn|?xu%Ox-+(ol^?H5D&AJd52opF-b|rZo*I}L`pPe7T7cr%P?@=;ZTsa+yEE#N
zwm1pl3yS9KoU*|;S$MYk#VgGBLpG-S#u0#iQZ1Lp<IBpcYX0Q8^9$6VmjT96rN3N)
zrS{?mA7FZ=*7w8Ov2x$4b?D)$@;}k*o1^Z=B9;}>VrN{iX9*La8!kTLJG<+}EBE+*
z_}Q^G-;?gmt(#lgD*m``{VlOtfb*o@^-x;^V-glBIMS-;zn$8WKiQAYsln%#D=p`-
z<t@_O4-|IQHv@_32`z9M=%h7&NEl=OrB0G|g@4yV<w#D@ob%jY9C%zey%B^muKYOl
zu6_#Yq0vzEF#qt9a7=0|h?P+fDlJDd_~pl=QiHeu_?&T{%>$<%zD`?a+3GLP^|0IV
z-16UReVQ2#b&>*IQ_{U5-STY}@>!7q$)c-87jF%*j8M{sn%<4?%s|CG6gPX8YlqxU
z5b}SZT^&AZKvFCNK+%Z-Lec&KM^}_^kqvz%B=@c5;A6HtEQhW$&TROI<n`<=W!bIu
z3QEkIS$pwT%*hN#J(|uyybA0pz?5Ilx}w<gIP|ycZ)RDcq9=yzgTA2r1?wBk{PE~B
zO`F{pSHF0X`Tmt%oblP3vi`PrP|5r8kFAYGqc8`3WmPTvu0V1vYWRr!XLeT&N09sq
zcqs>eQdO&o>bKKe5e;6+vImU@>%*h#8~#=hoOpEa2Ufi4HjWpOHEqsIe`T9_C~8%C
z%)hL*9<oz6vnn!P(5|J<jj)zmf<`~oX~9fDS+EVzx%0(~8-4$}?&8C8GWU(`^F8VP
z_}-5{z&iCmu7ZEWeQahZ{>!WJV20+kpp)%RJ(!tITw>17K{u)$>+s#Tz0I@i{s%ox
z@eBy=)OPpuc28_E8o9W;l3Zy$P$N31!_%3IcN%T}-cw`M7)_(qL^C^d6DiL3YECTl
z&?*q=Yys({^{WK{F>Yo%BhT?Efzb<d+~$kAl|@&!`WIMsSK+aK4T4%Fm`M)m%XnIu
z?tvmpyk^nLRd0iVy%UoFtzgf;22Rw}b>up>7)|S-<<yZ%s-^Mxm-S>7$<NTEjP~}h
z<4_zt8tO?N*OQqzt39~hb8x@s;O9LDzvemkZ0TP#|Jm9vgdc>nF?5*+JUZL2kwh>C
zFG8-7G0TLT)O=+Q{WfI|#8_&OW&UhcIai30z(DQq)foI^vrF+rNnDOFco%qLK1?#g
zGtikj;+Z2X^NiflmObyJHx*pY;areOQ{f$VQez|8$vt}f&j8GY`1o)~=FhfDe=K84
zkvj7R@F?iHO=VydWsGt6;-a36BbgEFL_e*md5`-ZcdDHNSPxk;zs>gt`<0!vhiddB
z&&L14N;op3iKNrtBrhAN5ya3NWbK>s2}WFe1HO~~%tk-(ilEiA+D1Hq8hFr$_RVRX
zkze&b=zGw)`wv37E$8oyP9-w}FXc`X{*DUu!t&|O`H;(L!Za(EG+RASC{oWN3d?z?
z2EdKx6vz2rXyCA~k{sDv2Dfeu?fqi0y0WcSFBi+Fv8K#kKWV>AJJj)N-hsT(1AR3+
z26x{Rdi3c<>PlV#tthj<nUh=X$S6Gf+&Tbj1F!@G<vQ)24F`d{fs<~gjHZ+9d?8aN
zC#T7>8s+s6>W(t?n<*rowI_a)sozQukR{cY^IHazLPbEmG35Fjd{3QZET5M<VbBH3
zcNXI`uO2QZU4hwNj3Ietr;f*!_4*5k4XxaIJfGrzwy*|D_g|dxT92HVyS9B2v~MCE
zkNbb9`~S=Ob;go4zMg^iLq^(bF_Qf<8#&!O^tXTfg)g{1&-9^BuaDJxVvG&l2Qz(M
zgA#E^m54XyjKCftzM=2@<4<uvq%(@nj<d{eD8jn4Z2(~+@Pmh&AjXdlOHDT(x)>IZ
z@h*vg=_Dklu)~2JKGt8@Z1*3R-(WQ`Wi9Si!ktM{<oB#AUs7kP2J@&zk~jgz)c298
znyu~^A8^LmaV&LP?=A-BsTEDN#Wi=Wtywo#bDL*ugA?lw9HOBOhRzfprQqXF@Q`|E
zA@`k8QZsnL$B^y!(PX1MrreZP4!v8mt|rcWC|^(dC`yAYBX@@q^g2oV&LoUchdxw8
z9?yc_iaI&pIcMz(Xrt!3rIkfSwF0((%hdj@c5RX|?gAjjeXlGW_%Of&w;)}qpCUK`
z?4&3(U`Fkx=k4N|?rUxL<>FqON?~&Ya4)VW5&yt&`=)!9?y2V4q#~~kK{Cjfn=r=V
zsMjM{WN5aa4CtlrzytkmreBN!{Sr9np5E~_Cu91}PbW%e5+&D^GuRA!@A!kSJ^o{s
zaYV5G2w#>9N?;f}p;N#e4AmGa>W%DD-THV)a>iJ?hGF6|>HDSqvG%TABuBspVy*V$
zNEn~MRp_zT_KnBGH?Xkja29yd+NJzva3L4~q0+8aP1pSCaOq6AggfZ-wp;UDN*KmC
z1He#wB^_gmu}8s93xS#u3<syZr^Cd<G*yW8;f!)_8VJ}_6)YGV+s(UZi_;<2NQ2Ii
z?PK((b8H{F&Yp=6IiRrETe4bXd;L{V^uO|wf}KyWg<$UM(i+l8){v+ROP=a7=r5df
zO~l7M5cvAr)pOs6uLqz4Gz@$-eo?PUJ166iRPfFYzYp<#;o5drqf#vvut}Y(j&j!{
ztBzT(f7j*P@WQO~!>0Y({?Bduhv>Ua=KSBa|A6nMzO1|kzbA+Ya<<y{Figf-fdkqr
zV<*GpH5zi-EhXLQI6eYd_^gl+6nOd@q#G+Fm|g?F<3k~7*ODa~>8HbN$efdMlPomm
zrshx7i~R<?Jl?8#aMjp*0S2bCL$n-C)g&q!bs^#Z>i7EdA6?JX!K&Jgv}y~Zmw=}#
zfYw4g!bDo0Oe4=wk*3JBTv}0w95>>+TU>GcmfN21!2N1m7y^U#q_T&gFfSnSn$}Ju
z23@LGr0GdxUCY^TaEAL`fX5H$>pEXTFe3QNy<at`^#6ln3Ncx5|225XvHjcG{w}s(
zi4O&_cCpD2Z+B%`X<+pN8IMD3cIfN?+rzeCfBT_6+91u~#2twSm53S%YR;dtd>B#v
zZO*3hKDI?o|2GDQH<ua+?HTOy1xZOK3x^wn?tLB}nB4!q%eOT?Xt;+iZS>eP^-esC
zOf7(10aFVq+2X*hvPq_2d#948vbk;Qji_js(JE?$KOT07X8kCqS)aLbTgX;r=KxgA
zwA-R1?39fv-g<LRmf;XJMxPHpXp26lE#P6zwqO8R#%VR?yY|MABC|=V_~60VapSLT
z3oJ)yOHV0WuV#<cNw?Z#Ym5H_$LibE4i6;0&;x_<OtBp(5K}uF{Zviw;=tRo8VmlY
zr+02W0{&gjpRZg<@ZZXDBDbEUv+F5Pbs)t+RY@RF=ruY77eK43tXmzJQ<WXOstWU(
zlQ3|QF!1X}uYiFM3`X6k%LFd<>1!UUYo@BCBygukr5SEj)azDfP!X6jW8`4ND8x!X
zq0$^~$#?W)&cp0FftVJgR-%0-WEX<dmK%S-yi^x}c_F0@{h1@LgC_>3$(ip|921)O
zSELv;_iK<})quL-i3OoQ=zD74;KA<D=Z+ovT<ISoAWA&*erw><>brZ_{fB0Uqp3U7
z=FPYfZcI)66l}#pGu#Qh&vKv9a3kBhImuqMJttv8akP7?7jg=qD(M0A8T~?^g$V)A
z)GvkiOSmvN{vVW1^h{p#EU%B^US2ZI{`(ocH~Kx&E2;&#y}?FqgG!6X5mlhih?)@{
zj0OaI<+>O}8D+TWoLZO-9P}(NnO=o7qaIZ#6vf9zTDxbLcfNFEEA3eBo^K<sm$%hk
z2Cd8Y^JEBbaeg<?x@_33XT+jlxuDtCZ}`rzPzdq&IEwIgQ@scBX4N}O$8-%ofQb8n
z=?2~7ZXTauAiyO$!~sFvk1pp{9{Hn0>A%O(3Jdw&j@Ca{`tNpZDr!AOPb|9qIlr&n
z+i3Y!gf5IB-j=Ff>R{2XZhxpPs1I$08apg{p#@__5ZH_G>s(c<C#a0B;EsWf@u7yz
zTP)X@z;F>tIiJKDvcIbhnc2`*snsBTl~qocbJacfIvLiZ{oAn#%LkTO$W4*(n`ksF
zZ@$p>UPECf%=dw*g>AvEaML}#_xiS87`u-e+(`lHJ~yp&mxgGi>(ZQEzWa1rty)pc
zx1L3cCg5{Qjp_>LuMAc6MiB9C)y=v2!bU!)Ln}fV_~f~=n-KZP@;IbzArQbxFNvQC
zt}~{+;6hHAO9n8mHh!1<o95bBjA%aSL$U}k#c)l89h(YKVub_U8_jA#*jK<46t;wb
z-+FZWvF~{+{eK{t*sh>40`_<ZfnE>oYJ>i$1n}<m16%3~K`$_}qsf_}t-rhq8C8Jv
zjB>0OezBI&dYZoTQ2!)Bpx#jzi6G3g{}J*a_|Oi7ZTe?{D;E8boTf1^A%6s>DP!vU
z9L2Ab@57e&q4K5UV2aWkUfz(WpL$P)Q{N&Dl-L-*+_{$)(>blb9QUy7dq3Cng9-!!
z8gIb;dNN>Ic{#oS*<aQRS^y+w^+{^i1Wiiy@J@3mO0o()O&f!Tt)8J#sbNFkLkY!{
zV9>4We3#CqPQgPKJMSqktuA;X$s0w{6Pj)Cl;)a~%3_pw6Zm-M5_qF7qFao$2BfgS
z&O4d1bSDA`n_IfbSE4drT$x<jt=}S%s2@wBz$f%y-s(f9UIcpkLs)E=ig{uPS6rKE
z)@!zIetK!<8}VP-u4Z{hMi8SxkGu7_M~{2;c;0C|*E6im_BG6^4C}A~8-ht{8exG-
zy7#Eq>|KxDw;UNbF-}eKclldfvtOZP<eaOA(xHcnON7etUBH|N#lGf!yg4=1?Gnbl
zMg_<M&Br+Y#1Ub!If7kA2MQ5-$<?TuZtOPsdzK~NTu*`AspBtiD9}&Mfak0`Sq9%R
zuOkQ><kI!}e`U7uHVg}<%2%$(*Zcmz>K#K%@B4M%i@2{?i%5@jR__}VQK<IEGhVFk
zriS&r&Mr8~!D*?a@hzn^sVHopL>Hb1dO<4>Os%u>^inw+?0Mjvz^5qwa+zJ~spivn
zz&1bsJp7=!mLqdrfO-&XFt%r~<2$NKmHv>!2qI{D+>bEcts)M5Fjz(}#bYPf&bu&4
z)K3~z<u(M{6N1-e<<L(doteAP&nTBzmlN@2OnoB!ccv~lclNOMrD_ngJqsF*Jr=6h
z=U~;XlT(mkOrL3XpcQE&y7hH_9O^pQ{hIdljosY0*Hx%jx7MrJFN?;|<{5a7t8>^`
z!B0tF@h0Ibu6`*X^wwY}3I1MmmVPC>_P_RB$CR_fv$XPdU*!Wgbl)77SnTymi5twi
z%Oqww6!nA05o^^4jeiGgJ^xu$p7bp3$n4m0Ot6t@2HzU+F1#HCuX$+a9Q%^k&Wd54
z3zylJs}IO~I!roHBXGph$_>jZ_pI)&Z3eF-?31Hu63szZ;Wuifj--NdO7%jBu~O41
zlB1B9?1tnmWLTI4O}1H>0K<9aj*Sn!AoLE&gmUneP@qnYXIz-c96lqxIYBi?;yK|o
zJF^SXw6*GndMBEJwy#xd>z$YoXxdtJPd)fWp%aI;y(90?Po;vaGwaT^o?g=1!iZld
zc*gU?h({vt<Jx$d#n#pveI&E0+-)p#5Xz`&o9VS>uK(2B*+2{Ge6XR_gWlOM0}q8S
z_sjyAu)>actWoeZ1=G6WX|~}Q`CxDOD%<cSw&BZc!y$cW1l;!q2ipMeY-B-X>5&0F
zb7{Sx$*~5O`TVMK4)P1iRX-Ajw#bA_@u}m%AD)-pZA+_WU@^6f;6b}(@fZ95b9{va
zuL{un7c%zDj_KdmtEuHxeJc@$qC}R*4kV9t<ndQfIj{rATYG+A4Fal%uFBM6AVl3j
z3=4zJ-hFJw$*Pfgq1u5mK*YdkRwvK<-wYP@!|f`FrX9L!G%ea4Tp_FL_TOM^3b%YR
zIiF?NCMZZE#Wod2`JAX|lN<T^jR{C&(_Ox(Ls`FtZ$wy6Rw<eXeAT9V+n8N|CsaHW
z`oTH{0t)<YR8KtP9J_rGoA!1L1a_1xJ=+d_k#LWm+VTh{kt7QSzhR4MZrDo<yW5;H
z)lymHvK=L5?FDfElCo0vyfU@r$HoK|<R-UV8A;35?gQ?TPqlgS?k@)u;pK>7S#<O<
z%c3&@s?hF|6U)j|V$XvDIGMBYPgDAoTQ9#YHK-pCO4}l5ndY4rCOnP3@uxzgQ#w;j
zYtviRqpLeFSqd4rZ}e6dKIhl+ry=tdNVec#qr~HZO8^B1Tc_X-pq@AOR*tO2*J)C&
zVQV_#s$4<z59JYaciLravB<;5s-m%m5Qi1tWo7DzF3p4`MMKNtg#J9AB@d>iWg|`c
zBG&TMKgd<xKxQ@d&C}=*u$#jaq-C~aj{z$gj76-XkX_i4bZwk1OIO6!wYlTTWd_np
zoTXoiWw;`w;Vc<G5GKsAoV$R<Sn}IplI}ZuGwn{=F}OTd5RWcyEnl|7zd(-)Cq0BG
zr{Ja3KIwmABMbI<kyB<!mbs%W94lxGww8zV%**RVgd~WdR3?OE;t!-CWvqp^ICN<x
z&dO5nrc2r?Ho33^O=`_#A9M9+Z~+Cv8~xT<wnlW?)@O>5O}wbhFRMulwhpLo1T_^g
z_ObfWw#h6XN-R}`Te=Yo9})Ir!FqozT8~itR(2qpZ63@wuSbS8_Ifa_$Ncrd7^{y4
zro>9<HO3nXYBiP3N8Q-XCko4@yOd93`L&#O4U#9p#<8ZmJguL7i}t4-@EE)826wN+
z__;`Y<wH%!!2DL<&6+3IT%#SYGTH#}R#Xd)6*(*kOe;XU3(gd>YRAvn#csb_E2H-Z
zBxRn1#ul#7oDX!kUuFFZs9@8{8v52?RnYWimo;bwKWDFZ`}1YUJ!C7h)sth4tNEBm
z^<wLna2N{h@=g#SmffQU>Q*}ODi1GP`}Th3Umrz`pB&MSd{;1QxW9mnuP17ODx14Y
zSvy=!v4v6T7%!IH92qcos`ls6!ihO$rc7oLPY)4`r0>b=&4DKuyj2kR(*-86!7i2_
zuj*;5ZWQ!^(;8Deve6oZzO~aDlcxc#5!{Wrb_<C+h5bexoe3Y%xB|0jgl^ol0)!KR
zqRhRQ#=1nLP4lM}U2Vb!K&jHCF=A>{UUH#@3O41XIp1iEM+aVIP>vJo@K#u#*vIyt
zx-k?YoZ|Jy)hIWcz>>S07lrM21K9r{S1LBSk?mhh)~Tl1ZV49Nk&f;EKpODx2UDB=
z@iJg@%^lEhO;sG4iMS;h1bQanY=bC}Y>Sg^!HtV;akDKRw#Cb~<gqOa*p`KC%ObWV
zA7?gIeU0J@{D9rieOa0Kyn|(qAf@H2jx8NkWy-|gJ6i5V+EGetLas$P>#C~khKX+j
zGjYfjlKc1K=1cVcxWoIO9c*>=m!_4LzY#POky)}5pFwwDgGbRPktMXs9VtRlkuz#C
zazQU>QpwiE+MB$8gK}3_zcQ^%`~_~71d^)|142o49GZs8*Gca})%bRL^%6{l8|STM
z;;%tImh+;uTO(z%c<_CPzE{JFQH^#hJ5ZwC%F&V?@V!--{wK>HztV5YA!ggv&eiWt
z9Hsj6;I95z+>{48!n`wKG>8{P-8IPo`ujA&j<*CKM9SFes>ro@+JmFisOTy{?jhV%
z1UiDe=<=MR&DJOrf9Svn$&xFmWNqG(C+??${{`^e<w)HYT64YfK5mSsEHFd`M&>QB
zA3-WsS3imZH&cOHPJ#BmccSlyWr1NTaMip8wlokft*&kbT<fUFl{rP)`rJ%yJR*wB
ze0kN|KPy9+_Icr1Wt7PR`oi>WY<2Wy=CvVEWljb5Hb)4TWt$nb`KI~HF9Icoff0ZE
zv1PUZ21Y!C563gkcPMB<0E`0CZ{QhxZb1u#^8zqU^lZ@dk+Q}Dv*JpBRIUbAZ?S+|
z4_<t4+41J#H@T0cp$~yIl_R56-hk*b+FerTcB|zrXag9t<Dr!l3f$y9cns~R$#;?*
zBBNWbFq~3ORI;*4Jr8Som_%dakMMP{-=lZp(fmy-<a??N9^UBFl`qy*pjOWF#aVWv
zxHsr!>Lg~m;N@toGt@GWSGa1~_y+k*U4|1HNz>4WdhPGzM@G3YqG9gmWH-{WHifdG
zQJt~<{3Z62l8XG>l}V+$7aPgGIRYj8fjWN$@t`~l|Ldil2E+@ajSzHsyxTA}#*E)<
ztj9>=AHcrYYsnlKK$#Kk#_<kQUcI~)a@cc5bX&<R8-23TdmM~1OI2M;Cr8LgI*@^S
z7T6YnnY<6V2t0F%H!>2OoDN)d+tAMEn0e+BMd{!f+KW_|l!UYcuz4!W7$Fp5AZiC9
z(bEUOjtk9;fv(rz_mCRa*<<MN(CfK^C;4&)>^Q-Fy)NLSvTMQn>72P5M>Fi`;+(l@
zwt)_pdppZov31mV+C)#A`<L*i1U)6arTl3NJ+=22^QXJ$X{)z@KXuU4cDM)_rQAbL
zotVMKQx`qm+pqAa`|0Tuqi0AMZFilG4^kvbrJ~WZEGh^4IsfAPI3!EK<K;(JU4Y_&
zwL9{oKx{)O<2Yb*Ni%$jFijn|;cCbAd$=CN^#-m-aeY?Y)AMg~4I=;OfPU(5@b0>G
zx7eV^Sam3ZDNnyN_33xD_^lGZ75KH`V>Qa61Bg+IVZWzeY|k~G>HfF5R^q$swr`ba
zN45A}BYsIlruMGH@BfDO5q+!<-6Sf*oCTh)wCI?Bi;1(g`Fag{Rm2LMK~U7{e@QM&
z-L1JN&{xn4eT_JG4+gq5Atb5@dyC2K+U2@<_u$zLeLLJy2t6D6u%&bCV{6Cm8Qc0X
zPhIKKy2XnjohWh+LJMI;zM0RCd!2SXI;$P4oCX!8c7*>O+Cgx-UBG6v17|^w-qXQ0
zKDT(C>gh;6URj$Le0oO-t(=Utv<_&7AO~l;<l~Gzmd~o5DP3P7jGy$%e(^B~ns5ib
z1w9WcvOlTbpj%2Bx%Aec{bU<W4`|ABkWr)7IbxQyV^L_4A4>%<I~6}|`Vq^$+aeE-
z8+jQTev(<Rm-(V~wAV*kM;4jtsAbt>R~4-~)ngiGCDn~or-w1dg5sWr&IOA<P{zI>
z=D4zw49w(0Zr88m*e$Qwd==nVBF-DbDMMd}dxWvle;em`u3L`@EQu><QN0hLEBJ4|
z_+2P|^Te-5{JO+1V8ri?LdPmga6V&Y?IJ9eR8ANxC;yetPX27<9!+hp+>;N^$4G0&
zmM`7^!^)rdyZ>zoebg*IZU#j7Gyk~RU{JmVHYznx$%-oDrBnp*ACa|i@t~}0@hN}i
zpRV;f`Lo=g2*aG|u#&%eRdqJw$i^+}UFhwxpE*}uZlk>*a`wfX`Q@utBbSvBsvWC$
z;$%7@4zyway7f}zHgO>44E-CtblNFsxS5#0Ca1{I`$i7yV4wNl+gde$21GU%7&YJf
zD|dxHL>rnvs0gDMADkh!)_ni|FW=7IDI%sRvtt%FVeCGQ>maT+TwBF`m-yX{-+j1@
zId>iVA1w*68L?D(o4%<wrsJ1wDyP%3>5YLKWOp`fJirU}VQ~-tjcIbam_{bb*X?q%
zXK+V~TDi>7FTIl&+F|mflJAsxQ8r~WdErz%!v2KuvP``lbXAClpq8|IK=H?f7Ph*0
zt)Ms1Atg0+a#)_&7E#mFz^nop1qFvoQ6ReQ6Nc@!510)(31=YM?I@xy)a0sn*7?Ko
z^oW=<ef&9pSv%}j_-xGKNOz=nMpVhg<<cD#D9kc|y}7=S76KY3XVvl!UIg?HS$C?8
z9l%M&CSG?rQ;Xm97fUKPN{*TZATGvoCXAmrq(i<>f5UiBY<6y2q^3wH+^zOJH9OAr
zkM)G_g8Pi;!Pj~c@CYFmzU#+0O3NaBcRE_riWhh&>PPTaeLQ4Z>?7|SV}5<SLbiz^
z&Slc4y%v~W^cLV18G8M-$T+;afIeB-^T{dIrH%8amJnVc+9Q*j)UH8;is+b&&Ly4J
zI%CUUDujiI+Bx71q%406TORmOv<)>1`l1a*f?ebHMqjVafBW<}=SMG6%z5ym%ETM*
zL*fMdZp5F+IIf3Scts?^!pkGu5WyR<{ldY>S_GQCH>{1rYvpLf*%L0__fFT5IHIqH
zOSB)$UUj`Ta=X<A!+1A)T=0zEI_8V$OcMa>k~#NG+#%gwKzD0?{0VG#v+}Y)kDI1K
zn;tWPb~VYW%P6{@<}`P1s*Bq_jZUed1Zf9L-A_mGK^Q}j7&Mzwc+4_u7Kk+(>wb@>
zr*$o8uD#Z1SgXFEFF8C#nsJCkf{^C?kp|d+u+XG;;w-s1e<N|l0EcSX+BmJ64*pfE
zt4MCsHdl1ZwG5(^qzzJ^+flD<^53gt_;yAPMN*M;WJKG7Q!IN$Q?^V_qs#LALFvCN
z#Y>}J^r1myha8#(35e6#RI<f$`b@mhsE#dX(s9h{pVlCIs%`mTu89*qqy7;+ri^UZ
zS2EHW^N&2NmzRw^j7`DidbwkFrJ!*W#u#F%+xlYKu59wZq^oHq7Ehhp<ch`HN_gzm
zJx)oFWght}VGtE#1O(8d8zpaedOsW(5QhlpJA1qg9<fL3h2k9NCyK8>09UyG6bCDa
z;Iv083zk<MUv(1`W3_+Mc6f}p*rAo(#3F}uH3Vlb(tmCVY5OUHnj^M<S*<w(ma(q=
zZDnMNYYfTQ7`FD#wqb$B8;(ICats>WO;*CP=k8viEAZ8H-o$oP+_=k)BfNQ&&gTm3
zL@vmM%R~tYL-~vSpuNU?#y-sDxCzzlj=zv@J+2_8HKpsB$Es={1T!JG-h@qM(Z9<b
zwaX|NGv0^m;D@*#`4D-ioPfx;?APQE{hIf(O(f^8!nFq1I$ZU*ZpF0$7x6hVAIbh5
zwr83C+y3tO9hUW*v|;COSZ@OPyFcKY-^V-5<vF}opkuMl{<5+>ue)TS>LIGSm?rbe
zI1cM_zgW3$Q8M$Zy`|L@Hq2q9ov18blrF8TXsle9hh;-8ZNXNNbx;JUZg`c)GxxVF
z5*d@3YkNzVB{T2u{i0jl*pH1HnfpO&@t3Nppla^!E@{=-NU){umi6et?md}(-i#N!
zrCT(Iy2o4PP&Z7h#Aa#uf2)Hn<qq{Y;v_)<o6PJERTc-Pz1`WzCze4eivVcwD?)Nz
z{{myv`qM2=><7f|^<(Nxo!$U650z((Adcz=_z0@oC!mGi(~q`4+=90Ed7+6OgfobG
z99k^(CBzq0PeJ@qzX#%qUAa)qQ5a^VflowsYJ54%++S6CW7Ec`YHDA+f=D?V@4LGh
z65u@<&0{gV$o}`Z{sI>{15g}7QeRNoeAm~J{)~9{74iH0th_JbxdLTSdGxzp{LUc#
zf8e@`%ZW6vNT<*U<ZMe(8g9fzQJZP*3!5*fZO1~!hLJi3=6C<_4|<CA^EjO8L^nLe
z5oKgue8Y*qHq&a2v<jsCCo`?wNGnC!50b@(8u$ckoVX#Mf)hzZZu_;TDs^O>I9ACt
zjkD-5!Ps_6GS^uQgHTf2&3FLAMm&Jw*)j&5E%-N*Apkri4Zhwl(O>&J(w4|Hx|i=L
zjr1~qE!rW|KkV<Ec+teiAtdxRtYT1kSiTz2E^Gn=Y}(zSpdR*7_-bY1c89j*QW89r
z2uz}`Y<D5fl+7ffwA_l`M2>iMM2bEihxT+_xVLn66t*=t7HZq1iN5Pn&Y=jU+9<~Z
zM3d}a<M_qS)W@_nsU*!<THRD7*8GuL>3A1867VlduW4J8-WZcy_0C@~nj@-+fYo*6
zmp98ObRT)2s_r^+MJ~iz^Q!l!CrhPd+jSmthIz=wWLDdWlT^(^DWpDFJ2L7Y75oJB
zJK*V|-@%+!XwK5f>GV8T_7Tk8d{M3uf9E9P2hK=zp|MQIW7Dtf!68M|Y4(FX3lLA3
zVU?zL&}UA;(y@_00UvO-rBjb@l;0EXb;t+cp20&s;ht@O_@cUZ$-;J}I*$WfO25Bl
zey;1k4Bw3lhW@P4ZBw7EiVy8mO}EGYuw`t^OB89QX+zl3v!@WCwI8jeP{p}AGNb*!
zarpt&^P80aB*6zUY!2Vwhl9~}Zwx*9MfPaPibtO=4tm;^!<yi^uz)xyL59?pP_y~3
zy!X%roGrh}dB$_u`?!w_ua@XK&_$<0LyKoS75etpfw<;u^*1(pr8o-(qi=EsKIa9%
zNa0h01t2#8dkZqZSl=M=SGtw_;vw!>BIyU=i~++`Z?r<P&Z6OVog>lf>-at)n-Fd=
zLR7B241Bcjue4>fmkpfEoRj7vj+1kE0V<0wqIX7n!)T9^n#K=DQ6n^Fy=hc5Wl=g?
z?lNF5<tnTw^2DXouu;h5@CEL#sFtCZNKy+@GnQ=(5+NO|trpU3TMnNX0r8X>-<mK}
zEyU^BLU-{C7&eJ%Mmy*9V-AgtG?Oji-fa&)^msxjGn#=B;+$~oGD|>qG&XGjDfVp>
zhlPXE?xHP&Ejt~pUs5J^!n~d0a6tb~1`zy2j^)hc(k<^c7MR-}$aJ{Z!ke@bh?dGO
zsRa|;&=)qjFLETdlb07cTInweG??+Bk*CcOE36;t+IjB@Y!MGH;`x@beJ4WadbJ_!
zP@F8d;B7BBi!F}L`-VQgl4ocu+}w`+a&`M2>O#;>b3wrV^XWhuRuY~I*7UWGw{~86
z+b0#ct5!pnB9>tcXQ(A2E|@Z-i_Fja!F)q!CMbMY;w_KF_*JVRt;Agp-Gvx6<U6=8
z@s`(ATR}%lD&1YqRd>dAvaoRMzpPkN;OO(QgytGe@|ycW%cr1<!?r5p7o^<y1u-X2
z0P+F=3r1UwxhKHuN2?3wqvr-*h6#7maqPo);+9vCf+m143=tMN_E@?_IiE~gM-kLs
z_opwI8ZC4EG4&N#VS`p*IMo#5HmCVSGjTc!uN>}S)7Au;oEkMf2eE49ix!%-;ba3j
zT1vmm@kY>anKf;~28Ete*Uy{=H!*t$(mG9T9T1}zQAdW=<$N}2YRoTtl^*C`4(CkX
zR45OGG6Aar%}d(v_yOwzG#>1AeY8==@$2@l(a#jKNn!Ty_OH~>g#IMT3-9&^VWisP
z!x}xi9#d&yImOz>BQWEAT@MuGX-Zoercl$mr<yioF0S*fzd80&J=>?Yl~EF+SArE^
zsre%T^slU5!7f`pu*b>Hh`kh7b(6{L_E&2K-K<bQ)5azRdUpF)kXIenjR|TX;hm*c
z$z37mg@2%T!RrI?dX%sLALR`>0FFCE|1T@u{!g)L*6rVs1C?(5OwIpi!sw&=nI<+V
zP^a5}w|-_Tn-n};w|}#KW;dG@9qRTs>t_zK$)JR99d#f=A=7^a#5(jVnox&+1@;Kf
zdGzcto-xF~!i2&zKE!+a0|J}7_|H#Yp<g@T0!L$bR73B+Tj<>v?^v>=%^zE$iQPhz
z(}o2u*PlVUr0_ZNyDaBP&zu&mBFn%*!xnt_=0TA69bXLY7`&m&-?r4&%qfgEse1|6
zIh$+o6{4^IUS*#Shlx^M>gA&cdKz)1PpTzS(TTmF<5(`Df<S=gsKy60P67dqIRgJ5
z{|EU0e3(3`VH7c}A#RssUL{8$cv9$n{cyz3h?PQ&?!0gtQE;5N5>uWlQ8j2o^QIAd
zh44%e;BNmyOQxb)jP^md>`(WmU((B+=~EmYpiBNB6vdc%bLoXq7||sT2%`+rJC2~8
zBk|5b0W&YWu6b$a<EGvle566!Y&6H3&!&Cmy|uKz>x{eeT~PuG?@?D6^s{ILe!e4d
zI`v+(b!x=q6)hQrpLJsF)R2nDSv(Byzim(1H6?p0ujbTCW2eG3H5Gw!M|RQ)OB$~Q
z=h0@&rId3sXDwbP*jl#0Ttot^^W{pdsuK}t+yA4sB7IV(rF+AKdgq5D&K9UTV1@#W
z>1P5FJqmF`k`wa*S;*`)+Do3@yaiYNdI5}NV}{o$ymD4m$1!>M8Pa5vDv;+wrKV6V
zUfB*M)10ZKtl#o|PJK(JfeMj3$81&_v?2#So1FLhen&9+mU+fEc8@}}cs&?}IgG*_
zMqvq~unD7ZV9IlPZM$k7UD?Sz=x!VyvHf0$0kXp!WPphsf-zrrNpWl~Ox(W-Aj7F1
zlhX>=BIeEBZ!;H|e6C@R1mezkCRkS?cJp8{n0GF7+A%}E@f-m#uDP*E?0c!rxpP^m
z`CbTU%M#|?2}~~t6nGI`41PV5^VsDy%$NeVj%D4Gx4!Pgu?1S;<P@(iQaITQj*r+r
zLXWbx!jZqSqHJ7>cb92wwWtF;BDs%ZiJQYSmKn3QV3tf#fb9Tt?4gGJ=nWsj=8Q~h
z{!!6wVhM48j`ZBOacC_bhgN`1EfmPlPUj38)@&QYb>dEz#)7hFs6LF+sLOIWvRER%
zZc@BVL5EWmw+5gRv{jNr$%DdVBRcSAM}Zb3ax4qxJe{O_oDPZcgTEvwK~-73RyI1&
z?o^M9xzD5}9ni?C&)|#!0gn-VWWU9;ViX9M=IUW`XrL*>EnK_Ho$hV(r@xp!rIn;<
z`!=sH-8-ukqpL`RY+zxXSf38K(*r2une_Ki#*FHbTmR-SWPW(@H7*nv^{1x6o#)OA
z)8feI(M*?r#4}Q>m5g+Zd?r>pGPw12@$CqS8(4eLWazX_V9;|8vmp!2p>d?c;3M#$
zR)$!cmgo@By&N{FY?$cx<cwOltFYhY*rlq=2@g<XAsFQJVjKZcWLm;fjEYNrLXMFo
zxoFNxzaLE{JE#}BJI>{D-RtW|-#Q}o8HQX%$Je#`!JgnxyJQ5W5I>x($G|JOo(c)e
z)DcL0Y6Lz_wL60@-iND6&56Beq9DR4NNm3woSLH-AQ{hW59usOTDt7+l(9e{)+6H9
z3ZgMZlb5?!v`A24!2FKMUv;mjH)UdAMWF*ReU?k~KlHu2ffd~=nC%-venW0G_FmHz
z1s6c0GbeJ4z+d8B0s~%cK-$W+w6vUJ?9$pH4l`}P_!a5{ZHstr5Whl-ki3o*>txfc
zk++yg!8?(>`ej}UZCUfMj4102&@Au`x5-+d|2|1_U1n;!$0~cIT2grA^*Y{2lU78t
zNTis<xg-+fW1P!Te*{cNbDe)pS5JJrSZChiu$WYrltw2T7Y}C?=^oM@EYyzVPAkJV
zil5{Tm_vOg`UrY>k}2BcusN9B{$ef7drkAlK;hZ;Y$E-Yd-8%6ttG|Yg$_;l>p=62
ze_BsE3AYHr!{?5<)lW%h`Ffh=6{ZHxG9TuRN$4dno0%1hH*%!@=%%4F2zZq`R~b;i
z&Z&0=ha)Gv__k;!k<V1EbJ}uyf!x``%v}(X*ChS83`cjNahCLB8bQ;?CtQvv5bh{4
zj<!5RI2sursoIA@!>O8UaiVDWJ>MJ7uGerd`Vs9YZ#v>-5H_pYc%avE!UKg7-g3vb
z;FLIM5)2AzquYmO<_+U(u2=3SJx_Q?I@<i*|5(+gbd`2LuyP;kx*J=$7aXh-BY!OE
zG&Zn`(ou&UhNfsF@#&4%em4Hz37i|+ylI;O!sogJ?dqL?UxMIQIGykk{7zc%>-N{m
z`2r}o>etqXV~KjiD}JJ2m(sS4BKd`de&ad6p_sDPU@WV%gVade<9+k<ZiRWb4#z@P
zzx+nOu;ds3!(Sptc3&79AIxJ<obiNi^QdkZkPzz(MvB&fkFk{tTm2tvU7lz?wg*gT
z>p;GFATiVqS~}uHd=&=I2{DB`d)($^Q1kXVcPVrzgB(YS&Cf^tQvA)J26Y0UZLDj=
zYf;ENJd=Ko=p2rWqD6o(V=m`ObS|g;*IZ3M4F!}u#uh@oV+uAPgGr2wW6a?=Hlt`?
zi#TOlcBvGgOY$J+dnAqN_WN182JJGf)fTU4Zk<n0%F)EmW7$?4PFkBn<!WcrWb#W6
zO^437j`a#(H}Hi}aGSg3EByr~1;lt23ZR0{45%IiM}TdP_odRmP__a>j^KE0d*S&w
zo7)<4e2_1|qCv5f&g5|&2mIVGa;*#W)OSJrYWM6m)Eo!7ngh{z?r`iVQM{WSl~X}|
zI8)~@sEjN9tqwN)g$Q{8v!Or7FIu*<7w&ATW^Fbkoz-m)xop7UO$wYW;SBT^vSHD~
zNO*Eu^94?do?!fMacJ8>3Vpo4>5i}=U=BpqVxAcyCT=F&4$X%ECw`<U4&=bS5=m%l
zu|>M8*>KJb^Y5WD?Lh>n^zdVA_ochGk)*AOSI_w?B1H(2k>|iEn5KX38%Uz5V~=y9
zB~oUCG@o2gweZL=uLNuI^>EpaAL^Vb4O|AVtS;@9@{QCg&#^!7*t8csqk6mZj<vkn
z=lr!=S$DDu;lP+GG<nCSoR94~P_(PC&CF)tvyHaRukU^__k85Y(aSErR6Kr!Gz8q2
zUQh>&?ah|&7~CpPny45#0mc6cRaynmeI1h;=P4gaju-DLg70LZr2TLDZ%lnsX4Fm~
zMhfp1zJawsJF;(JS3%neYg_1>{u^@g%ju2$H{ev}x`C>8C3Zp<c)r)3d30Ko?VrG|
zLHnDL0a@#>;j?+bzIlLmow3^b{m^JKJ{~gth@bPX11Ejm@j4=Xf<N4NnKClj&1fI;
z8PDj=+S8-)(TA_T41zs5Y@^pTl4k5n8+5r)QVtMa3{TDiOV7r7F-yh7arJcKjcp*U
z(|MXsf3^f>^0X-Z*-3x)<H#bD&FUP;(;6W5nR>_z%6Y#QjqPkJ0skc>&kM@rWo^r>
zYz4@+pR!36<^_{WyYwW2!~FX5J53qF3TDH3rh)hn)?$ebQqaxe=_z`_bos`31}9Sq
zvfDXLt|&|?t&ICClgqpHPg!^g&eVDU|A-h-=9;mk2)_OL<Uw}kAg_{TUTiN~)ex#a
zET6AL-K!c_RrAN`0~?LmT#CqKti6<}i&;Ci=wm%JdBEAjf^mVaq1~l_5B@ewcYbQe
zV4>VBi4TG8j>-*-EBCPO+SS+%A@~iLV?eQTp0T3kJR3M5743rec*AEzc9?A)s)-MU
z8dY-vW6@T~yx8R`Xgq?arTtbsDRjofF}o28b<B~s28QUEZzXX@HnDjsv57nrbk^G0
zM-jZ@uBCcrN8K0K;P5mP>0l^AO->F?gmn#u8v1I+9+4@K9Yk1Sz!SDY>a*?JWw6zo
zUt5xal)04f9og{asqiK=i%yl#S>G+YndN~qu%1=7u>CDt3fo~JI>?5C=BaH+$h=t7
zc$f|CG}A1+A>L=!Ql88A$n_x5<6~@N#2L8R%>#o8{$jERVYT<Sz<9&s>B$K{nN*XM
z4u;E!qbJtg&W-{#j&zWEcqYS#9r1mt-1i*%sU#eTt=*Hq3+FBAQB$TpchVFNyf<M#
zd_j8wq54ozMqR>l=0(Ka8rmsS)Uy5%ED<folsuDLq@ZN7n$9WDRJ7&n*+($jrsCL;
zr^go?z#9spoJlc>(2Aj*c+R{i%cUh>mXV&mz<qcMNOwd5rUg$|){kjaM#Qb`I=tE(
z{Np&8nobM-=DBGMizy?DVAZ*{0~wo&f|88I`)XDWHZerGy4mdSv1w%#C*!tM#tSQx
zi@Wuk5VnoBnJsj{6B;+r^icRV+|8oPB4q5WIfEE{ae?kq3ncKeGM-mCRRCT|+AjL%
zjjV6Z?Rhacr0s0==j-ay?h=7oZ|o#7d?_MF1i44lEcu&sfOMs@aiu{0N!=GI$~Gp8
zm5wl(>U7oMLN>I(mTt5I7D2hk`k)9%!}gXGAFK<Rp}M`)ArX^vw&xSoA^HPF(2Nl}
zj{|3<mm|E&AEDdJiI&+BjAKsFHl7w2pbxGR(eyA2MSvwKcQXYceAM!)T31l?(nbR=
zC}Eub%q#&Aa)!wmjSl1GtL6q9`>T=obze<RBWf<>5wyjLKZLtE&^G!i$6qXFNSg<b
zXYqG9UoEj|+r7=#yqB>}J>rb`B4IGmCG84CfP>|Iz}e1hFmNfTr32H!__(T%FMxQ+
zfd^us1ZT7RIL}$mKuCoMEfqP!b4MNuOyAIU1S&b9Ac^?SO*yoO0=<G~o%k3$f7Oz%
zZCf`Cb~SIkZSB@tI{B&2eP=8Y7<513Jm3N6?z&^G_7E@ei~@s5*FynMsr0qFp!VPC
zc-41h(kHq5Rg;=vlUGGq_P$6Vrqz|KkA)RphW$M}R|++uaX6!#&$4iywfDjqPznQ6
zf=+_(b*M}BIlBtMYx-n+B86}Iwb(;}hs{_3mJUn9_lpo|o7d_EXWR8q>H*nqvSrEP
z(+Za{0kI-5(IZ|7&WR;J__o4j=AMbR!bVl@aXg>2xY<!tdrowJ#C!t%%R{>@dPvF!
zF5_M>a0>Kr9>x~6+MUMizF=aGUB?cwR*RbFU&)1s?N<U*PLl{$LjNoDf>?=(y_tjC
zsE<kiNbXN&<9We@_ACSs+PhFw>5p=(ccIizLG37I3DbA%n&CTEpsw(8dt}jhB~X@U
zvMgu=juwfjT_tS|x>RYv&1fc2W?Gq$$7je60v9aXqa3J8e`R$c7%NDz1aDJaZ)i2>
z+3M#kE-r_cAUX`|7J4`136ywQxeLcmGqpHZw{$lvD4raU;O+KrdcBeSR3`Uu9BNcX
zPsx{1HeBtnfga&bqy`3XC!rcVEVYkRVW59_CjVQafB4JYIiya}rh6eCB%ZKs3oB9G
z*xRzb@8Y__t*1h*AX>Kx7VrYbr-+pFUB2$yT|dN)=DafFTlT&b*D#(_1;i^$;A@4F
z_YYN%Ez`Ba^$jxNoZ<}Z%s2akcHZPbxht8rT=VDn3$O_QLuG_oI^r>5zazMuEsiS}
ze9JCSW)3P;(6)S4gC=}qsQ6Kj98<ue6w;_OU&pQl$NDH!99K5@mfd~d&d~0458*WO
zy-BYldAnotmQY3Wsw%u@8y)$z=W4HkYb3RnT*L{U*7%F?VNz2><8Ll}^5{lim(u2H
zeY&vCua#7l=9B)}@FT~sxz0)AA!xr1kDzkP^8Nvhas%_}@dbK(p&nnP$Ma8v<HP>{
zn(a^3+>^O@yKfr~-oCx9v^8B)uheXKs%9M><-7Uz*k9FCOuJ>Zvog9n*IhMdF2@l&
z%?L1eOgUD9J%+)Ts%rJM*2W~3If%#tnGF3Iqdyn%XUIW+n&{7A{289*;lVOUb;N;{
z6}aek_O%*mbVd+ecZzETe(8eqf+L2jQ9M%_lt$msd;4=Oo@HK>)=_*m?CzQ^{j5hs
zL_cky7;`u-D_7&Of|~NDYIJfULw{G5gH>T((_t(<ENv>7ZBQG7603zkQ+ThUPIdVl
z_bE&6CVLaL;4;odozseqt&3YgBcP`>Cq}owo;dbcgC;1}$TY$#V;?TGewST(<~umo
z%?<wa;&iC>&u^&q<e)3qT$($A=bS~ZxXekuiD$&Qp-m6;jfrzZZ|Z7zbn#7(`d7CJ
zVH4!%Qj)2@T>7;HvH<AK+}KRu&Fw6%tZQW2JOvx9T{38{h8*&dhV#AYQES%9X~+8^
zO~%sW$u_10&kN-B1=<zb-Zuu?RSpIC?OH>t|90}}g%doSzOZc>L5x}lW32->&w;ZR
zQ>At}7L-(X4*zan;>1a4b96`7$ot;&prLa!e9T1*c$i{z2bwgX^sjZaKCQH@b!a!^
zX`;q~LrD5-9L$5UFOYl%)UOj!oV0r&Z&zM>9+|s@AK+!B)4wQIG#f)>`sT2J<I(fk
zdEUpR1RXi59mRPhOGusPY-@-$e*TDQ&yO6Hxy<^sqgQqEB{X-QU*>xMLadO$dl1ON
zdFKKAwCCeUjBx`Jd!O)zKGj##Ie2hoXz#!}t#+?}-QLn$V(a#n)bW0d>dWFd6v)%)
zX}YDa-Ib4{5^E}nt=-{YQSGJm85V{Q?+-RQrRk|&UNrdS2C3PWli6Zs=wz=*6z-qs
zv@J5{96KpIUQwobPJ?Y{?{9B=#VUFdr)^a5c4CY0uv{O|<}F&VGMN`Fuk+uCU259S
zk)$EjiE&4UonA;l+M(36u7<Fe&+P0Wi<`B2Vah#I2`45v%hd4vn442LP~2R{-%v?V
zJoHnzG_gt1Fk7Tw3f+bEgKv2?-CX#bmnI`qt}*$)%ixc^reYO`t|Yx0B9$7J9U<Ud
zP|h)DeB2Eai!}9s3DE^f0`ScUpph;1ZNV-1FbC*i!MD88kp9-`LfBWXrzb_j1#L7O
zQF8Q%mz8UvEOf5HpKs=hl`HYStq2a#+azIyQ+EYzMk}VDD^o23HbHg?=`sIC!_T5W
zg9A4tc<>Q`8OYlE@5`#?P6l&K-tbK)u-8B^G{6dfp+zrc6*~nwM;a`%4cHZIkKOqh
zsUg*bKR__fTZ|B8S@}KkV#&11eZAqWpvZNr7Sx%`^q01KqPHwD!!<-yJK$+cCDc7u
z_+Z_36p5W<5p_h*Tbms$yQxGZlfD{$SRolZD4=*^%IOm9_EcxFJo`$?pt|GO(t3B7
z#rR+W-@F05&&v6EpJ)E(EZzt7X&%|zXoImY+}(6{$hOE-v8b!nUpZ$zxk1AHO@FDy
zK^jY$;L4%ukrryPmSL0!oSMR+BgxWyGuOzUO(;@aBG-G&emQokeT0F8VkSg_9{_KI
z@td=jT~_Lk+9NTUOIiP|&;hz=Eo;P~Ovbt;W-YB-^*9Ka_X2{PBE)jxXn+9!MeiNK
z+I|h{F>Fr6ba1>wQv&-4|7gKH>s{wb?-Nd}Rb36(2zb==cDy>xYe3(Vx?CG!gf($n
z?MKhCZpsY^*j;0LN1U2!u5ohFBQB16=cw8d_^3**3(_^O?E~q^e9Il^piSNaJ%Rok
z92fkj1Y;tCsSK=dUEIJ{0+&8w@BwyP{Ti(xR`yuK0jI$Wn#P#(CpG8!>~+^c?!YqV
z1g;$V#(f7Mp{C-ma#>OB91-XOY@Bv$suZ!{Gbn^D?5GGr%J#zoFNQYlPhk(mrML-S
z#k&Bmo4=fSuQ0uf0=?(3avc9HvTLV(IXW(AxW+HIiQ%nwkFD&hxxEjk4RlWB!#Z(E
zfqGfTQA|BmuzcU-;HDiuMv)^wIH_Roczit6XsIjS#8y@uAQo*suY)K%Sy<p}CtCn>
zRJr3VMO$8(Tu6&+)kF~JVOVjbO}5AT*hdc(bd5s^=H#_ZAh-dRneiIA#sSrnZj`Sn
zT|F>IA1MxpB!*hp(?V_&01gO&myo`N<V!CJ?GriPfQlWL{Nr0mCu**pG-_BqHF($a
z8g7ECsJvel#Z#I2G-<n!>X|>PddZ{K8gfcGPOo#0+^Q9(XArBttgDo)b-cV(2c{#P
zK@uy}oXCd1oJ!gkN`Pn<y%6JNNLQ8x1$^&jf;)oK*~YBDW!9L*#yfxFHk9Yh5Zn~4
zq&w-?#;*=*+j*M|1^Y)FaJ?F+(#9__?O_c&3v#(&O}T?zVLn6gUW4`-7$A|75MY&o
z0KKsS?MU58XQZGFm>`1<;kb^VzygECs>KNB;6T>-*hiD&6?P;5-!kPw*dL0+gfoLw
zN82CjVatAsDU@{rMPv_TQ`BHT5gLN28g)tHV|c{@6X+cmH0B_I0rUCji2-xlUSCB2
z0V%0#U0iR_l=?X|CHfw=<Uz7*l<U;_Y0de;v;+=KvveL@hmkX9-+Sl7>!llPdTB3*
zk<d#QTPqmW6X>O7EAL<znU5vJ)(1;3Ets7D)AiDO|L@UD2TSVwexkOX?xYtwp`g$d
z2ca9Y>z@o>Cw0>FHZW)xG@4vfMKs8yi`<u&>s2iJGw^BHIa&u6$;sF4e_Y-|=9$SB
zO9kd-B@oB?C$L4cs1TiS6pUX9-0GI90WAN8aPnWz*54UND3ds}X-0couav)~6?}(9
z3etaW%M14^Sfhxr1HCcZ=U?+|?KdcUPaZj@+VsMI1P6?-@%cdnM;P(owA16ET@%(j
z$V-8*yYXLk2`g_gcyiT$Q6D@sGsbE{Ydlr1y!RjvL1X9`Sz~4NdJTD+wtPZ=%zePG
z*J=TCnAdqUyx_LS(sfI=9YEZq&@HsTF8}`B_lI_W($iVuzWQeO;-Xz{Qep5eKwajr
zKOfUglUldGjCO@;B&(qr^Tx8m5|k^aVclh=4T5VXid)j)mcox-eIpzGY}KHbB-jav
zIt&(11+snh4T2^^W(!<0RU24_H#*|gH|W)3;YY?u1FH^3MsaRv@=n;#U^f+??!>1l
zi{B)_Hw5Ksh;8BTEB!09o%|M6?yO1^pCU02R33qhV!<E-|I$(g42ggtMEELE_MsGO
z(<lEi&|sR7yx=#w8n9f6;?MQkLf}cKa1?WBA|Dz6*@UH*_#hLFJPPvAk?QEVw05BH
z0K21~beg8GdM>ZVcWTU<a|6#g;NU?P5BBW4H?mEN{_K?-YwvYk^Tx-E**`*YT|ZEN
zvVN)qZ|~{y)Gc<_dl<4HUO{RYfqW@<%*FN~a6PQjpM=7a6r9%l1^xd^gIN{@V9!1<
zEQ!y$_j%1-`u)eTAwlsD!`YbkU4Ql$H`Yd6m%dJ*?Ri#1V?K?qDn5RH$Fnu}-5q~6
z3hsY%+;TdAJ%v5H4x$9{Mfl*;4^!?vlzTgJZ{A>KJ(h%981?PdsX%mvRMJO^a2{a?
z(!cLPC=t^rm_*7sk2WycBf6@&ER{|i-PqXXj<_M6z8=K}Pt$5?4cwW6&gie8X**~H
z()sn$wReXjEM>k6N(bO@Pn*ZwubISicb6B(8AlNiM(7mD(*Yp{<l|+;cQYR(^V;$e
zip6M#qQMr0Ia#Dd6Cf`_R`xvr0$$-}pW+74w1JWM2;-yF532Kl{cfp6MysKX1#FFw
zPb&SpWYg^R$^o#~n-oLvo7B75`Fa%R6vcTvb4KIp&qU`20&qQ&pf-o{YL9G#g#@V=
z>}{0o3B<(#8i;xE9=ho;khTqEl-J7PB}Z&HW}Uh-YrxPRqxv``oC*P-z)3fg11cL7
z=t0~fUUuL|4il8dyc07@6P%b@$oM4vnbI<49|GBTSrBg|20FXez%@;*Pf5&o%+QFp
zQ+FGfk7$LgTr^HqOmJ1LP;Cu~6q#-HSM!#_!g3M~;6Q_dDY=dThY`<`JsVq9$@7p>
z9HB=E<+`%*XJeZ;=+B<T7wd0fj3Qr+IUHaur;2nm3e-k(;bcXB91oa$uL_M~WT&7o
z8f*zTQC0J39i77-bJmL1$d<GF9aSqVbTnXS79jJQKoC$n8JMELTWF5=36f8Wbr8tK
z@p4r!7tO5ncXa^ppp+7jsv?Fa;++jEvpcdr(WQvngyNJ~uDl6Mqi17)iG*1{1=eWd
z4TG{5aIM1`G;zv>hOH8sUYwo%J8h5j6YpOqhm;Rk3kIy_mc!<71qQAQ`G|Wq96kix
z<$k$-3Q8!zq`8CT^?uC_py=m3dbuAlBu?6}$^<XgFebi<3DCA>H`R*Kjd`_`kqzo{
zT1m+&LKYD+i;&iXtb_CnnQnOt-BlN2!TgGEj^a0mkG+i5wCUZ@$SFRq(8%{7zE_c6
zZPGs59)ffs>9>t~OxbZRr}=BkU;MvXK6IoiMVA9|oBDo3Z))tJ4Gf!#d${<M*L!ta
zW31gYbyoUs2KR&%xqw&tBk~qpNS=*#BDfkpRfen#4raFXVGe(~^|6M!C0pm=PhIY-
z=YAc3>bLQyM%0pGjP5M<l<#$cge=)p$3W(+;rCjbP3TjJwbO~3nZz2zkaxpT%3l-j
zJG;h1+AOx@E%4BKqEc!BIy)BP)N7}n`SSX;rn0lMV}X1xF(MGpW8q4c&>{_{4@|Bd
z#M|PChcy`opE%&uiY)P0b{5vQf7!c!7XMmp!QWde^%b%mpm$cI5gTqL2B<&cn5XU8
zJo$~;_5tryxbh8MuHR_4%_iYpN}4s<ZerQZc87QgkwZCV2Sjbm;k$7-D$fTj@i=7V
z#ugjP54biP)~CX2r^7Wf;WZd6@&-0!%{e%1>_y~z$0FOVaa%KjA*lW)y>BZ<u{_i{
z?7ug0$2LQ+DEFYhiQ^<+c%%;6@QsetceNs$=}|=CfvhrxO-zyIs&8Qa$`(VR4#8ks
zeGq<h7slRbxDJd!J!6IK1zpYe5rc#&r){fD<_B49TUAK|6j>lO*B$4Ti0^5aQ?^;P
zdzTyES#Y+G%M$poHRw?>k1OdATG?uZ;<X+oRL4jPJ_}GCb|tEA_QVQFhnW8MX(-?!
zV_??i$QXP~K(S_TmvhjWA<y8nGU-E>Ld@K|p({Y_#i>F)c{BOSP#nHO#&A#CC_E$2
zJyxDuY<X~R<>|EY)Y<aj-paGX$`iBY!M&BIi}Ik(`>ee6w!FBv^4@FZS#QgOdn?cH
zS$RHU%Y%C>&rT~(gDns4c^=cAWZG~o{?)QNksN2xXZFk`K8}cOos_&M#v|80HOILr
z*v7ibca-LBtr!DE20pr^?W!M7ho<M~Xd=!tE|daEBebrs+A~%`(G+(KXb7U#XnJc&
zQ!m_WO<8VsYy(MT{o{v~#ENWU`Bb88IuV>nEF%TV8TS*GbInDu8}b1%w?L?b=!h*)
zh95{*>%cv`ygOY`)Q{ykt|`ZQ2=^1EV1S9Zm9lVYw|}WxhrL+NHk>CSXCeg<!|Uf(
z1dY?2gjxf+p*I1=G3>j501}k&ifnlKRJd$99GnR+8^|2a*>ga90~rhAB&W&U(1Y<Y
zm~W(vae}=M-c#m4&BQZ@rJ93H?q>U8Tee1w#@41MrZ@tZ-S;{l^vUl>I%bk(QdNbI
z+k7$65x`*o^10{p&Qkr(F8{I%!RH%XRWB*t4Rl^e4a*pTb`Q<411)TIP*bpngssMz
z25s<<Uyt>Z9oQt&Hyi19Abp*Yo)GCtBYh9jR~zYDM0&fCekam3BmFLszST(IhV=iR
zy|;n0sygre&zu<smBZVJ;|rsn*$i+72ZRA-pkQVO7)ON&BO+Rj%<v*6yah0tlr)G+
z(`0UAkr<nhbTo#W_F`g<ZE{=MONb#R#T!f0RCD2fTVjpr)m$%0Q{&Zof8TTV@64Lx
zJ~#%G{y+C~pAQe~w}1Ot&wAF{YpuP`p8XQ#`L3A1CeJSwUzg{vjrnDH{yOosd474!
zU!Ui15I-u<|7OhJnCEX2e@32vPt4z(=U0g5idD3JRm^XQ@4e#N;ZyYI^mO!Kruf)U
z?XJ`Ee}2EWY4oJYQS`M5HEZsDZFKa|ib)si4KRJ%_25!;Fuu-xd`eyP&;fRQT=!kJ
z_l+t()%5D?da3`$Kl2~rqK%L5@97-TGNo{sn=gJmH)2>cX<Yu#@;a~^zqT`-8he=W
znaS+EamSh)M;5O21kWeE=`V)5$4>6vP#)5WO5Y{DPP$S0JJLUtvhS-(zZ+w=-;SRB
zHtpYz?;k0q0po#h`SA9jTkAilM^L%m^m6gD7Q5CJ*HbU0^){etonD&?_W|nfCB-#M
zZ`atvO~=3W(D9}d6YDNJaCmfmD)pU%YwMSf?yP9Z^#4(CUyuG^G)>QC70>#fM@rZ1
zx=*)ckd^#>jlZqvJ;A!3)iE@6pm}tg?q;3QQaN+a2yM)s@#L8=On+sZ{*IU$8#VoK
z;^&WMM!Y_v>8CSyr8{P)4!^-ur#?sTt*OYotM?}!|4myoZgqDWuL`kA<LILw)*(5-
z59iwUVa@4Qe_>QzNFU(bc04<d4}pIBsb3t^e7NYeJ@5YbQ+BAyyMIa36SbZ8nQ5Na
z#~xJsjQ;qN?~E^aZ>g9)XV&Y{@Yb`BS9YHN;wryNqw##L@#4R_tB($+Ons+7@A%g@
zPE|*Lh_v(dk56-+$;C(TwZ_mf&kXo8>MQ>%|A*9kU*NY&Wg&p#Z<XS8c<zeUI=wcN
zJ}}`fohtT@OZW7pR;<{%q9?no_Vn7hr>{BdH*>mFJxhOrPOVva$@15)YV+mo`wym<
zkG}t3(sNGyD5@HES%;pgQoXbmn(vl<DgAs+s}`oZ;9A4uDO+{lOd%af$of;_$B((@
zW7~&aHuLeSm(ubx>?b_?Y%l+OSgpQLujt~ZCA-yq!avWJoEr-#MtXYj@6xYr#$R#s
z#Uq-wy;y#+tH|$pt!_Sh;<cWBZpA;p6hB3)q3ii<N&l%XIL{3@Kfm1=dWtdZ%QRID
zh(RkzReHerwoDN58Yln!{=w`^l}8SaDvoc>+q`aCe=LnV+A=+SuCq+xYbo&wIht}_
z^F!4$YtCwZ=$@IoE^5xqE)0Z)N;MAKwH@h~T(oeuCi!UHc%25~X3=tjGjj1!{?s<z
zAg_D1PcOM~sdLQ4-Tn7->a~^nQ&_@%+Lw>}R$+O^x-H=zrF{S8H4QuqG_h`c?nOP*
zvi7y*M;ZCWyO-~eDq4<uFe=hF|8k`(6;_h0EqQ-_`@_X&vUpx(PnT{N<j-W$`Gp}A
zHJ#u1B3+R8Xyt2M^Yu~6Tx@&ht=bc3+<)dUeU<Jr(aeX^hbE;myJj|zDgOS~`?DW>
zVNz3dj<L}6!P+Cbmtx-j9nDR5%=~O^bCX&(TDLoDS`@9@mFbDreM(KQ7iz9Jpzm1D
z%kMk#)Y=2b`f}@KP`674nS;@~`&i68z@s$s*)j36bEBiWm3#L7`=Y+@Pa2nZcsUO9
zrp;u+J|BpFsL;j2zRq@joCQ_X?e3!D`}w23FR@vu_nX$sW7f{w)1hCg(^p&?|Gr`#
z%MYOZGirr4qwUqzbCqM;uh1v6SW6YLk4wH?^}KLjYQPkhKW_PbC37434)2n)_Vk>Y
zW2$n^%i7-{Q2m{?*}oa~>}aVudRKFL&YF3Zxy{30UUSW;Tzl_{+zuJKT&MXm_Md2}
z>HW&oajuIduYB$yIepq)-=Vl>d`tVjYjSt(tr^*Q-^7M9TDG*#J8)&Bi7(ZnH<TRE
ziAr_vpS=2?!A$7e!EbQZvQNdoLAj^n!u+cVCpJ|)#V>|<AitFUR<x|8qIS!WZ?`Qf
zzRTdiPY&$8V7gCIuj}?*ozW|vZ2OLXL$CKm?O&|_@n7bK_xAiEt$VNjQr8GSd>}f|
z_~HJ^uMm6w9;-LM=w-k=JD$ql^Huz-*30n^lG{C@zLdVdM$g?J?Z1z7U2S{yv-?{z
zy;~Y9b+gs}=AMfF-$M5vsmksD!DV_c(nDkY4yeX;`wzCX%_7UnLKa25j(bo4IsQ9K
zZkwLi*`~Li4B=1G)%v+syk3~EgH9eLzrNqpeJ7~%^gQuu=A4Y~NMEu1uJuE@p7^&#
zLl<}6)!L!=v=7Ur8!IR4X;60(jRRmX2XKFs`d8P2`|qmCEnK#vYSuQ;y5Jj*&nU)1
zpH`isXZP#EYwxT*Et!2^alJI@#*b$e{$QCrM&pUMFr)^~L&YQEJMR`m83i>z8qWW@
zg_rM|pIgL#>vT7MaMD>*Gc&h-*>MJB@dUD_Cim>ZZ!a2LOamUnO7$MpXqhl?m})ri
zO{;!**3S@)?`*$iOvCb3x!se-H&(XXz4y#v%XiNlU!B{!I65%=<=pP<I3>j~T5RuQ
zY2CT0U)z(1Jgpzv3+~I#&tA8?N41>L-jiE&T}{t*dorCpxm}YQblisM2}QTO-hY-K
zO)ZOZ_vw~~`*MpqceQMuxqB3U$<@XVHu%H;j{Ke-Gj~UYJ+pR{Uf<bvym*Ew{5lQq
z50BSd$0~!{!1XavJ(gJ<#>$jm)5L#x9<YYzUP`^+pD9^a(q7Y>DwcJ<!5Qe#`Ke|d
z(Jk5R)zh-`4?O*@X;0^$M*aSCsot+F8m^Z%dFbtF!tk2mofRUBXQDkB*m=Wv+xbAt
z>BD&|OF#Rgx=1VOW9cWG4ym)NXdZ$+Fz>!?Kg~{`nt%Q^z4PcBrK@_*55=|SvGmj*
zX7x9gLZ^R9UsLUh`+tRwL-<n6iF@j`S>az6I??+{{{wujuKL^g_vUAE6?+~kc+hpV
z0oU2`XBw^J1}qa5OE9<U-B?RlKTP~XJ`){{R9{I~U!3x97frW%CZ*tAcgq|<LofZP
zoE)#C_4mfw3;Ms$s?sLtm&j9f4}I&Qncr@U4nJSFyQN}M{LA#k9h!Bg42!gW&K#L|
z-^CXl%Z&NXWiCfINXE~$a&7;ZzU%vg;=Tzre;jjK3&;1LK9$Zb=}mt-y|4JzG5xmE
z`am(T%=Sr~?f877Rw$Y8G;R{kJHa&+)-W&W+I{KW3A*j$`6=l`m*_rdHP?^{UGLEg
zWZiFG=RL~$b)=%zj@*yzJ$q}W_P@gFM^Q$fOr4vlYM+<Vh)KmzKckB4{SH0grq^nn
zANn}lgXc`g7`+3-OS&IL!;7w1U-bLZFe~=)r_$Mrr|FcY`++iN{-`OfrNqqiutk}0
z=nXhQ>vG<}AE&z>T#^6##&rj~mmTT8_IUTw6W!ND-SeBfJKMXj=<2?*r+Z<cvAXK#
z>z<9S`c7SV<IQ9`XaBvHOmnNc>aQr=%+XbUWqeUiuc|u2=N5K8%|lTgPpjRcwl|K{
z&(|p{^SGwoQNF9TR?mj?y`egJ+ImVqtNz>Gx}jRabuXyaan@f|7PQwdSTp8wjZRGx
zLx*kqP<@n6wIBRx@K{mv!Jp@!E7B7Fx?Ml`PJRATNp$#sXO^n8N%e)!u1kJZ?cEEy
z<n655=<v%?_oC?V|0?W@y01D~vs3+8<t=LNzKWuY#&zxWi~eF-RDV^$wz>W)5v}94
ztG)H0MBZPzS}*a_p9PP1cXYHU%Dr_B34u<XmsO;T$7l5jR6f+d8+%m2eqLUF5XW4R
zny~A)+xt#e-2NH2>_o+h?$+W{|FvD!`RX07?})lPG%)m#<qxiI@4kHOjHte&5F+Ec
z>Y{~nD_)J44kzj_S7_8qFBt4ln{)H@{DLv_Rr=78H}qal)j&6MWc2pHLscmkpd*1>
z9mMVh&!4X^Q+9PPXs%x{@vd}-DlN9P`uu#Aql7AJfg2v1zb~!uz^ZEcX|8XbJ$G!l
zzKf_xRNp%3;zGQFKR9xvyY;1!3H8`{O!e^5d;a_(U41Eq8|j$q9m(~JbnK$9pI-3O
ztM{L$+`Z1}s$cY(@%a~31pS37tEy|xtnK<6-Ds=WJX?jGX*^!*J7=Z4>O0!&ueiP{
zs=xBbX@%Kbzp%0Lcwb6Qf4p0r=BnP^y<1xw;>EVCd++Ig2f?17?3-fmidUDcv^L7m
z{r-t8cBg&=)h|fbUw5#6*^&BdkJm3fQGbm_ap97*{v^b+7unT!O^qJ{eQ%f6YS*q^
z-hTU8w`h5%rNWN<Qeo)umzVEYyX%%O3|YMFz|Ntmy|w9E&bs1`&5N%)@cdb$YA5jh
z(H(nht8UWYA5%9Cy{@5R(U7%0%Xi$c?E1=<9kXZ5+Od4|b@ydkcI`d$LKYGJ^A3x}
zZO8jRQ4Wu4=oZhHy83md9ulk812|7#df(#d*<0?rz!zTVi)S-qdM4EQPe)73-Qsgr
z{r9g0=e))xFX`P|nc>fBE%9udo_Ckj-gpMH`Q|iVpG)h@t}hPlIs2+5n)-`hrfUB3
zr89S(r~0Q7_@OF!+v}?Tw%2oQM^Chjp4GkQz6rz6F8*3-Y&)FRzV5~f&UGohh@xWV
zV`uvtSuds8`$|Plw>ql_RNcS6VtvK(wnZa#-Ph-jW9e5aUTE9XlwZ6K=PNq>dkSoO
z3A;}({Ft+*xvqC%%aYvR9<9+EIR@m)hx_ClZWlek?V?Y|w~MBC{>2-)w*GsW^c%nA
z+_~$)#rbo=H3z%9j&v_M-o5xl_tp7pm2Wy*?)+qBd*296QN>dczu|trGC#Sy2BNBe
zuhJ9yOFFQ()is29_SUSrX+)du=R7m=Elx$Cw>ImZmZJN;HM5%XW3lf6natMTZW=2a
z&ukpmIK6RR<28*d8@IGS$SoaLF6b|Bg6=u&Oz9Zv9**DA{Tp?6GpEKEzzD95q4az-
zy{qDj>xT?B4psm=n^SMDe#d0y!nRSFk-Y3H>U*Gvn{-}{n)_ax-O=9N*_BSIjOIQ~
z4xQ@J2bfTGI*k@oW|jtb?TvjyK@E#0e)+VQFTS_A?>!Sg|CN4UC;DD{_2)%L;YW(D
z#>>cJ^A*9H+Ohw-+3Pyho_1(LrS5B)&bJ)T8`wNM>npvIdp%tUSkA&Fw%Ty#xs@4?
zY0#`4wZ&tee_dfA>+9*dF$3&s4qsS3yjX%_sHsft`-Dr>3{YIPKVKu;j>^z>Xl3y3
zz|sJ!Uri6}XB_KUsk+@Nzu2MRW~5F$RdeHz_OFks+v0*J)YRsg=Du@^%{xK1`4e5+
z&E?uv?mDt1ZMe5)(}|~=-{k+yH~C*vb2&Yytn<A!6Wyy>wiX+7#()ML+o2t5#{=oZ
z7w-J?;$JFs@6!HsYTuV#!A0qThmf{?G_c<JXgX-yrh#RotN&v<nw-Cqx+`7%gA^B2
zRrBAiXxcg;mh{fMxy@DQT@UPKH7mL%pR1;Bez0oljO~$c&DJvkHraW5MgJ|LdZ$@&
zN5}gsPV_yX>EP9$s+3t3Pj4RGok}f96~@y_*DU%Q%4{Fz?SXx0MA6;Oo77OLx>fR}
zk)=svQv62@J1AQ2*WYUM!}#a+Iq72M>e6Vbtmtajx3bdh?fP7xe#AxHR~*7^egSz!
z(L>aIrC5#isJnC7!Tu`k)T1uV8vL$1tEdIlbCmzZcWDK2^f}E8ul`HdNUE5b7xlf?
z(|^ZbweC4j)owg3^HW*A+EDPntY@ghS6iu4ul|c;9@q}&_SARwu9;jNhvfh|bc11j
zf-Gs0`USF|G@&@>6hg^P*j~u5-)EZ6UOiEWl*uh0YH@#Nsir^Ga&~jUZ`R+7)Fd}H
zQk_pwz?HZBmvr^lHSu*8Z!*^Y{f{-*U!lKx{xmxHMxnHQyMj8ltByY_j?saYOz(V7
zZ5=PO)b!s!-rw|xj;Z;yXz%>_f~rhMPj{z^)zK@IpkI3Z9kSzZb&p|vrxuBYof<er
zrwZ-o*Hq<3stT%^Vwp6bIlg{D8*}_h`7Goq0w&`6&i;9_w*PfeYM+8}^;dN@xA-d7
zetKW3iQd|uIlXgVO0RvMd_mD>S<NK<81N7~EgWLCVZZyFx}uA7N0IAaa!~a@d)x8R
z{vp-V-&c!e>CNbBs<=%`#=-~H%nx##^OfytqJqty9mTBTYNyxv0!8%(PP5$|J7=X{
zyiiBy)t{B?dz!N)nV%N>$g&;b7?J;1Pm~!W1IpeqrdamX$z!CW=PkyF8ohs%l#b`p
zF;bk4>N^-B9VhfVPrtS_M85Gx?RTp*9=;oohyBNc@zA6C6z8dd!{MA_eH2FVo$)*M
zL2tEf?@Cus{h^&fmAmr}tyteY!6rA>u%h!0O$P2;`WTJ6RdBjJedoCqIv4T8PBeM)
z?Z?v{x->PpzV@+U(d0?BUBjB57--L;J%1W6y41odLl%})%y3h$-QJbBtXisC6?2{V
zZbj6$@?V=zQ!$!ICcbNb-i7MgLxUA2w#+=&t-WtZewfE2vgoE{9rb)om7eAJC#v$J
z<LN^S1+ukAYNE-FwVP|&`}me(Q1^7lyi^@$$f7&CaHn3u(9hiX!--!xXHi;bxiF*N
zbH~zPl-#RQvm+m((y#|C{<`WryS`bWwoy3hnG-MlgJQY)0z8lGt+_pMUGcagwaxQ2
zqiaVFDGs6hAGuTet}YS-JKFGlSGyr~86lX<O4ev<yq)*cc%SNdchlWLaeHg@XWR>a
zr)TJr!Z)vrop4pL3PmuWF3;Btk<U97c>I?KEjS+z9JAiLB~=VN+m&rAOw{hMH1n2n
zzSGsq742D3_dNVu8=nvK?B1?1?fLVY9zh!ElAo^`UVGu0#df$NRj)fP(=9buv_&;l
zvzA0lbYF?e(i@kWG(R1E>IWD5XvV9J2^u2@RR64Yr|QNP|4y-N^N^FoII8x$!;1B*
z#&xmWTr_J*V|Uqdbfn7dV{R(^;wr>6_E=OuZ{j2AoqzL2|A}hv`BR$vYNDs&S*iAf
zE^mi{mW-XfdY4ASfJ3ubW2uI<t6n`af@d8^RFBkuhx9o1h@HAGc!XXCBTmmcYMa~h
zHPdKYacf(b6i0A@WCYhqwVg`of(vggy5?Yg*OB@q$LklLsJ~i2Zj1K@f4lxoe-=Bh
zdEEK8oO$k(;}+=|j`;9S+{0zC(!X!|Z6CqCNckry^WRTAFz>Ex{Qbm*b-R5{<LC*l
zOFTRJ+4^UvJ=^x|k|S;BWS*k|DhiF-p}5cY#-en1h4=ZI(}T<1!wXk$3!fzJzn<dn
z-(2+5H(%F2G(HtQ6)*NOGv=l}uK!VGj_JSJkZJh%T<;pl|EGWt4qB$+ugmTDAHj~G
zg!%oy=yY96-IG6;$M?DvUmj8Nw;|nWn!on&56ySQFD==%Ew`|7bm5UpT_o0(7qy}8
zimzB(!P8W_Upc-xQZE_mivJ#?aauFv4&F;NTz{4-T4+(Yzxdumg*1Zu)r(h#^w+3Q
z^v@UHI$uwmc5p>bfBBZJE+;7dyAJ8%LRvkJdqf6aSQq!E`@S06^tY}h*LUmN#drFn
zGb(1+Fz)LAMd59}o;I>kUwDs;t|f){_(z1A&i!Gb|L7G<J$wx+{yR$XIHq+Ee!-$~
z;nA)ngF_=z&(4vnIA`x~7oSzoeXo2hKwls3?p&g`oVK|rd)Hr~sdw3XvmPz^jzQb3
z_g``6^}pZKea7bQ_#vs+bxG(q3VwCZa`Q31Gk@gEciq2e#G;XUT~zU-EXQP*-Z?#0
z`&#kwZ<*-@NiA(r<(vsU>75hxOKw$M)$ZQ*V<YKbvdN5mYNTe7f4=$pCHMbRmA*vg
z==FBlDA&Dzb0Lo|V0Oz|H-zd=f^J_je`U%2kLa%xtMpytxc1!h^;n1U<ee|??!8Ty
z@(V7WzwqLHnSI;r|HzlOWip4ViJ^n%agThtOWSFs+nj&f{loS1vbT`^C4IWF_QwAA
zoDh5d%NNXN+PMFbD&1eLKhwoWD);`z5iNJlx?uT(*H`FUKh?|sr1SUt$Cvv4LlrGk
zre1wu@0gn9ZP5@l(iyYo6oc*W3jOyfC%<{t&)`(fty(lhmxOh<<@NQ~)pTC<{*QP2
z5sUlVc?EB!J}p$=+gulQFdlmsc4m6@dYt9s{<?Ti-BtC4y7n&A+jjNs)8KU^`AfR-
z-@Nr6Gkt8(_rC1e%y0U0p6sffoI1EZ?#_PxBfLwgczyY)l33^FWBq2K?ECd<rqM0w
zS<`g+G}Ei+KRTnop603dtpe0>eAAdN{5|pYA-C#=<<h??9^zJXzqhdXr?H(I_|sVR
z`r=BZ@%=ukjopoRHuqJw*AI!FNEZUui!z!IzH92GZL_1s_;k_O#>HJdSdzaFe$Q<;
zRdlwsEb+vVsci47$j;#T{iFBgug4bGlhMI{QO+^(&aZU7U+;n|?reE~cHDtr_g(ov
zg}6UQ2Vd>q7eD*7ynFG*(-uek^>Jd=yA}=UpX*z?v-9wER%`wPHl24)+<mS-r5Bt&
z^z!avB+I+UUVHtWN59co(OlpE?V^^7sgZp2SLUwF?!ZBG@L&5q9R20%a&&s<`=cjD
zFTZorH+6Ss)1-#~eNZD#e~!(y?dd7^H+Vnm6294`<i1qC|F(aZZj_nOo>|j1Q`f8a
zH1>83XT}6IZqp4j?S(@uW?iH1`k8p<S-LYM)4BhOGj&@}{^LvfpW&3h=cI<4@p{v<
zjuh|5@gwW|+Vg)8)HmC8DXO_$<E5&(eMobAb#wdB@P%!~dt~G1`QrDesxv*U^K0Q5
zs3Svi=TF=}^xNm_Z|{1>vSsqOrk}HXc<-NP7wTa6mnnO9>LPb$`s}8-n;svn56bwa
zpW%BR`|;%E=PxGD4N<`&pNG?Bu|oZKR5GseG3gP>v|cFiSn)ED+D5D8#-_%)#8)`>
z=i^&@?fRRX9xSekGIRH|>sHC4m)v2uwRY|A%B|bi+>+U&Cx~a(jP)Llf||YfWHsA*
za(qYe7-jnB%HV+H=Y(Q=7VbILLw&tJ)R}2bbb8A-Jc4?4ceI!@TAnHnx#p%v_Eknr
zUz&JkrgxXiiPn87YI>xw74@Z}b&nih_s9{EncUFhncmMekC-!IT$M(`to>(e`?K5%
z6jjyhHvPi`Z&P*K<e%G&`dSMvwce;1vatAS4Sl~gS~!Q-b<Azo5Rc!}c^`kY{Wt!g
ze&58ZiSA}4uL-P5wXB<^^`zE7df$Zf&G!by?UFs1Jr>_yQV61VM`m1e`<x@~bH9DC
zbPg}J<xAWpufD0ZA5U5Gd|rI%+cnvL;@Qp5K34pB)VMBOBk6ZScq1K)9N%cC`~T>O
z)rz^K$=qfg>C}_Wg<>XWmPK!1mLGqGu^0T^QA>vk9gKo)V_WU6)AhSf7gqe|%k1&|
zH_`gyKRc=U^$y~PUySYb7RTDA;zLu1MyF0Z{33tOE9}lcnB=9|O}XJ?^XJx@#>}%#
zcCTJqp*w4M@q_+C9=Ff3^ef))mCNM(=XT$8d!Xt&;NF<Y{AHH!W%U1!*{Yu-g>du)
z!DH2awO_N}%&8k6AL?Icw-3o1@K*lf?O(jd`@-VOZ1M|jt+V=9D_Z*%uX#RScfJ<X
zth2Rj(jnr;-GM*B-n`J}*}-&_{*>>5&CezICK(caIsQ$0{|;T1eQ0LQQ1#aQioL%0
zc(XpcI{f9@`6)4tRlT~Jn~GLzIT_vqoPV!IarNXU;&j;GbWbm@xm#bw-`^M9wW1;0
zs~0-z{n=mc%HOBk9z~Jw@hiPQ@QjwqmT}EJ<G2Y~Ka8;Fw!ig5va7i5Prk0(rJDe+
zKeM=-=O?2_Vt-&FE}k3q9Bht0-`=-k>Wooqz7aowv@;#|(|8Kb_vln=e^+2y%bnus
zPirx=d*<W%9j^x`h$VjmdHOS=f7VY^n0DpcyEk4+4|MJE^z7(eU*H2mPw9z_2@5XM
zE$5jbol&zsY8kI-3Wv*EFQzqIGv4a|{!j0V>JmII;G?MZl^p9i{P14x0e$*)Jq1!&
znZ4ZqW%cyVmQ>4zsIp?s@pSdf)b{p@`|nQa)jdszcwf05+nV_JP0_*a6QZflHxHRm
zbJ@;|Qxlp;=`K3`jW?=HZ;vW6GY)ZH&NPf&dgVO5L@G6ZbhaT|;Kq+#aKklSLsHwX
z9i1H?a}8skxN>@PWhy&8JF6l;`>43OmWpNHs483wiJvRVMAiCS_J;37&FR$C8Eu&{
z>Xmvsc)Zs;rp}0W6tDM;Jv{c<PQ{)X-cm7h?q9w<ZgfdIz3HhWj$1H~aes4h1^cpZ
z@#>hMHw;}~Q?2jw)f~#-L@`ny7~6GPF3Lan*4U=ENS|ALkE|w$T|+e^P0rnz(_P%Y
zYxy^RlDn}b-C6O^(|y-t<M~Hx`oG$c8`-!`$90tE%t=4VwdspVHI2ic9jRg8GExI9
z(mlg%&qmL-$!j$6vfs~}_kWTn|C~lmzV2_H-ZVyXj~#B0Z)eufiq{$P{bb}bzh?M!
z{|ryN6z}Wgn{G#<+`iYNr{c8@FLC(m6MALjlm;J_Xi9F<#rYN3FY>RY%HOf#bxz3z
zj=22zJCypJQ@oetsdVwT_nYS6=9Z?;=<@rf>4l2L^T>;vbxnBRiRLNw`##?_xv_o9
zq{}~fUPb=G;nB^9hNS9_>dKh@S3jsbs_~+2^^dxvK1;_h=FN}apuUWkWAXiw;fUe=
z=AY&L=1*RB`JQvC`P7=<ZF{&!-)gMs(Cho3Y+APN-=Z%x6vEKCZpZ1-<or-?DPDMr
zM|xb3*J`4pLvlMN_MDj;(frW&`oAqv_#VpeqjSX{?kv7HE~bl%s%^!^)c(mDDusd@
zNA7#5O=BTmbL2+yBA9J@KWO;Ehx{a>A>6?@PPh)Gb%>^^PQ9SUz1H)7wMxlF!=_KY
zdfL?a2U@QllBv#|m0fn%<@daBOHE}?y{s@X4w#2n&FHDp4d-b|Q>TY(zcV?1591-0
zTpu3N`hokh%kH~wXj*>)9`@SQHx6V@{Od#M>ba>!BWKU`Joswi4#7nub>bOSAD@)<
zwZA-JBdt9LZttodxP3w|$CHD8`@(j=!yQ!v4E7(-Zx;9OFTR0(Zu<KVr8~|_)osyQ
zt8R;~$<}RA$4J%PrJh%JSBE;@ebu@qTX$c+=lyM_CUs`3K2@sws>e-jo^l>f9&R{q
z?3}TOhc)Tp*>q~zj-Tit_5VgFxuQm^?n(EqY(Ju3mR<ADZSHx3v!xDSp~ZW<ntQ(K
zhj{Y+I$lfa9(v}sO8v^wuVVF#Z_Ut^my}LzT2&tHacA07qdT+XVXgsF>>C5mEyeX|
zVXePUC*J<w5G)jm_cKT9#`YdOvQ8i8k~f{x3q39GtvLAfj`!%o-}&M2D4Kjr&#+7|
zQx*D9`<MRhN?xB|c~fQUvbz=y>H5;oZ|GWl>0PbUv$fZxn!ohM)M!-Q4<}APLx(i~
zu(sNxK9zr*sdRqVcSPHYGkp9&y>9!wGnH$*rKdfb5}%2EuTNw5MMwM>jm9OlT^B4G
z?g4evNVTEH{}MIQ0gZ+3v3xCF?WGrMq;qZh+uor$sXhNwFM2M%lVak9XXWH1Ze6Xw
zZq*&(Bh@0uMrOt+b{~TYifDOi>|}jIwoQK<YPn!)L%j-{)S&JWwWX#`oiTexR4G`I
z8<Cw+KYNDGsm*O#rOb#;Dl_xL>*qRW>&+d%dF<J4R?5#z$&Hxwl76{159jPE$FaAR
zeh2mY&_zF;zKS!;geZMzdP*Ov>DKqDx_>nH>%E`Qjq34__gwcOy)ZDnQ{SUXCDyqn
zzSt=n{Y@sWbFOV@&-L~Cd7X}G(z7a}CFvKY=y5Cm!C+5%K%=awSu$34*6X&xVoYml
zE*pDn>`$T*8Z@tk@#w*c8hxXxWr|z0WyH)~H9z><5}VUgd;YsV?|WQ_O-E3%<)4#F
zSZ*htQ=@c6Jnnj<i=zJdt~fTd5;!vSxDMHW{jo;b&!gLW$30nj^v0&BP#zb(tD73!
zpXzo@{M_ies{Xs=b?sq{=8er0Ki65eLyyPSrK5!v7d15xPtTb@^YNOCZqkvfi)VM)
zo}NmTP#yek(3y{#_0J~*hhD0-X7mpIH0d1r$Z75AF`LurVQaN~Km9LHU-74RZMy!x
zuMVkLbUIUetG;e=OWQ5?H0`hI>f3(%CC%5JeP%{aPjNNph8}%&=*16=y_Ug!$wlwI
zW&Dfm+NobKLo;U`QW)A&Ae;N%$edMOQAlt2s3rtmL_6oh`qWA7PfuH0S$l12b4RM@
zP(@d|;_zzy^{gYMySn$xs2-ZSXz2}IT1<9zq{glpJAbEoS*A)>*ERf;el9K=GVIzL
z)@YK|J=q<pVe^NriOmn6^?buW5Bq>Vk3{Chi&x}#YhI3-Z9iYUY--o#srSx*@9ocz
z`EjoDV_IhUxi3<c6RcHU(gD-AgY@<%Ju@m89b8;ElKLz*e>h1!-Q3qwsru>dTVoF|
z+w#WP=#T={R}?azpZNKI%w15-pu-g};B{<hwD@_dct+Iso%QyTVR4`Gc~t#M-{;WF
z52L8IP;R~*lr{bdlbSlMdHRe?E}hvjtF3+B`~@BBs#B>=(mSNvrM=P_%DPAC!_u!w
zpO7AwJ|lfj`m*#j>1jh#sWH;5v_U#UI$ye2x<a~6x>b6&bhq?j>EqHTq)$uxW9jZ$
zxoY*AE4w$OI#&0j7Ikk<wQbt0^n<A@Z`&YUmukE1mee(?H>Iv#xi$6fjUPzOU%fJQ
zR6eXf6VC7)jkF=qIl|VZ!q#=d*1LuGNxvt3MVi$(>6EUMJ|KNU`hs+f{;t|8T_x?6
zeocB*dYT@%oguwZx>b6w^kM0K=`+$7rKjl`(FW-p>2m2-X|ME)(kG<PNJnX$AUUNA
zrJJO^(nqD=lfEn+qdwFkT`t`w?UNpmJ|{g*&!pz03#D77yQTZ2Pe`AUzAQa$lx75J
zi*%`Ut@LhbpY(C*Vd)Ff*QDo+R=uPPrR$`<(l1J%l)fOX()0W|=|bsRX|MEA>0#-M
z(otvXyP(p=(yh|n(#NIWlfEd;Xzpr~&X=x|-YxBu9+3Wn^fhVSS!y%sa_Jq?J<_j9
zk4md_-L*m5DcvN!SNb*SKS--|%Se-Ssq_wMpY%!T3(`?~<5r9GM(G{W-O_#1C#BCx
zUz66It8%4FrCX)DrTe5$N?(xj!LF>dReGaztMp#!!_xiIXQVGmPtzr?2I(B>a_LrS
zuk?%3C#26ve<mHJcUa}5ozk_^yQL3HpOF58v`SAx<)rhaYo)!?FG`=3z9>EI0@YW#
zSh`8NTe@F*RLaM~a?(!eCg}sx{nF>8nXJa4bh&i9v`_k^^kpf(si#U8N>@p@OZP}0
zmwr$BGifGLxzdHwRnqO!KIzw_&q!a9jv3dlO~Tgs!qyvwty_hyy~36a8*lF3v}xU~
zE4#Pex^ctJn>KIUx^d;kb*Y~2RX49(y?N`cYuL5=<}F*hx8Anp=FO|OY}&YC%j(o^
z8#b?Ax$%|_w|;2#s+%`-uU{>P^0j&OhSj%h+<I%?8)ewx%^z63d5cPbTeW)S<_~V#
zdh_bdn>TJQY;Rn(y11FTb=|tvw{)+&c~kdhIo`S&n=qE!HoR}c#@jax;8x$U>DJAw
zR}J7cul~Ts_ldi0!<O4NZQ8hbt3nO@l-7~>!`-R1-5XYIS=;@-)i<x{zIEMgo2jE>
z-?)C0nt{p$Jgu>L)y*4K%{A*b-k$dzbL+cTrWAuBT)mPI)+=-OEpoPU-Nr4eZ{DEh
zTJu4<PE|<1r(^Ssber&VN>?a-IZmIzAeJvGeN8;+X$|T>O2@=$R_Ot4H^pg-(wDV8
zKTa1beNEdp#_3w6T&3Hpbi1@yYH1Z%9&bD#zAv3heJ+k;kG4OmZ4~NZZU3$?%J!q$
z{)8~f_I_=jCXBLuSlbz4l<lM1zDF3<ztoG`<~JP5_Rq9U*=UuvsrzHXDBHAw7B_ii
z`+)SGSaoVmrN*aHcPT;H9;NNySBkQo)%F6VDBDfi{-jcr?K#@st`uc^p|<Z-in6^z
z+r)&jy-C}jQtJJ8Yx`bpqwIe`+q;yaY(J{)tx8dydQ*qBeVbC0?W5YhN-6fINnh6X
z6-uv`>Qt(4yelRpl&Mo_YLvDwSBkQo({`s)l<ih+lNV)sxwb2nqNAnjv`ssrY~P{n
zAxcrUw`;pvDa!V}+9pnv?LFEiPL%C^+NK<o?E~7@X*{oNe^1*}m7;9FsO{Z4@F;e#
zX<LUkuR1lSswNit1$~3<bF}UF+0JSEL1jR-6iBsb`%i^YwmY@`ZDEw{<#B$-9(7(J
zt(LBmT4b6(zLZISqr3xB><>$6n`fltdrmr3`m&TZV9arx7;8njeBQj-+1$#_8@FuP
zx^d&W$?v{A+rP2lmdVqmG&fI~I(gQ#$+t{fHS^L-X0$YBFPS1LA97ZH@V0#G>J3}E
zZ@yx~nvJPzuUT+&Tl+OvFT8f?f}0m!v2;OK+rn$+PCcWo{ffEMXnP6aAWjJ%aaxY|
z{@n%hH{~A{^Bh9Nsq<y?Y=5~f$N9X?;Xu5d&2JSB6VUedJ0{-m?b7}BQ<~b&sq>fG
znSZOaG@rL!pSQ|yyV7{fYZaB3btUyJ_3Qklsr}4}^LNH+Hcso})c&3<+0K=*vwgYL
z<$8bVwt1&5CFPddx5oS3zS(%YDNY@y{ka`Vx7`k<`)ya6x;*zcZ<pG=Q`@EWF7@l<
z^~=WL{#5GM+rO+|=YOYC$LaQPT&1bYGhe!G{+CVN-uAm9?r)CIe!ah3YCEU4Yl!^~
zwm&-GTczdVb9<KNcO0d>w>{3h?X;Y~(t4J&pApyJ`?DqOYu;&TJGuN^i67gSOC6v6
zd0r^xy<O_Z`Bs%F*ZWKJdHb#Wx?Vnx-gbVc_ERpko#T15OuV)$m%4nH<N2^9_E);!
z<(2v?&F}r@o!Y<mFD;3?v^>XQd#CnSnwE>teoM!_%lCf!x1ZAEWIONAmc;M;<x=M>
zx8J<WaXK|F$Eod{x?Z+7Uz!fKeEW0$(tJLSj>q;czx24+PeVz2+1~r@*Z!QA_5<fL
z?`@|(ZuV<Gu7~Zs-}dHPOX9R$Y3h2K_qP2tl<~7E<{eKi-gf<)O7hvS%W*#QPR+X>
zrRCed+r!(=XaC-BetsN}%dwreU7r25me`xm#=N&(Py5*v@3()qqf?jD8QV3*Kf%m9
zb$*v)enpA@)_B|HJ9U2NGhdo|zvFW{wWJ)kqxU;?ewXLe<#_v4Q<vxVu>aEX%{yM(
zH<Z*T8*i_OQ|GhYK7LP29Jl?n6zG)W@pfm-J0AP<_QH6-{W*1<wzprWrTZO+^G}Wa
zy1(0x_m`%n`|aO;z3qIqH{VoJkIpjncD_|_5g&HG3K3$;Hy`4`*o5}G13%^RQa6`1
zwG0k@W&@khXNW_eAy0pBSs@?#3~fR`VGJBE`w97S_F-A&aF{p5q5pDuLz}mY%lQoX
zuua~s|1fX4dWANOJ-6+;01u|z(0@4`mNh5v-x=U+fEnA4Cye3AGJG!J%jFII3<ifW
zhxX<8&?dypmq~Rg=chHW5Bozl;F|&*);%mYJQn5n@K}_y5A&A8VVvPO4f%3;f1P}}
zHZK=L*q444bqU8^xfnwJR}n+#|JRAbx`)RltYbMG#u?g_<3pQY1rGa37{iKSoQCxc
zV+idBgTuTb4)Zny<(|s84t>5|Jec~1$Gx2YurB3nLOz@uLq5cVDYsnP4#v-np#4Mp
zY`}-@6WWBh+_4Me&jmiiyl)qW^$p7n&k^NpLcUzNq0d!=h&i+`=QHHrZVX`?hQ}i0
zL;oQT%Nh(0^M>_$bP(+j<{b<U;}2sC&&w@Ax#jG`ILnn=&VOhh+JrcaC$wK0#1``9
z;tcB&+J`tSw;Uc!eZv^a&G}*cp?w%nSXQ~d7v>G^vt`;R^gkFJ`W%dXXcNX3;;BJw
zArA9~IBdhvPiRvPpGy2;xuO4ZKEu8m)+_WA#$T?Fg=IAaZ58sNpO6n@2+Iv|xv>!X
z3~fR_#9^NdV+hL%+bYZ(+J}BZo7OUQ5A&A8VcUi_As?38Fo?1?1vX*5aseN<e^bDh
ziy`DgpJALK4sF7=Di?nkPk3BHKJ*#J6WWJ1^MiVYv4wd<K8!Ogx3!F)&?Xz$gnZbx
zVOg63`!JsHScf=_tux5W^=JPc4{bsm`VV6ZZB_(6L;Kc%591GUXdn6vZOY-$KCEwu
zrv@>EWrfE&v=4FUKg=8AFt(8YRpT(u@VJEWl#4&K3ELs`(@>_}vH`y$z@g7DFW1uD
z$HF!V%W4Vyg!Kyf&cG(DS6FVyFAVI%azh-}J@gaC5aM$7VO>K1Q-c`7c_u6?v@eIt
z*@y9jF@${RGxQVMGzD>n_MHJAwr%Jq#H#}P!PHmgsj3|R7w)Cwc1Get@C)Wv#YoDX
z`3OANJp0H8-yr4IN4Q2Q0&j6ySrOzRMUrfE=YHOX6iKpybJ^u=xCIj%r{qCvq{OKw
z3GxC5rv2f$yB~qKIDWX&a^duJ#9QX&mR9nTBIE<>>4|*aoKgfH?0D!S2t3&QR7eTD
z#c}GXmV8;H2sU8nEseqaSr|*O2b&N30Q(V_g>7k@<P8EF`V2Ot?kC)$izLO*F~I(0
z$AaUCjnhb&v4|x3)YCC}ds5~_Y_Lc1lanIwVC?Yu8&ccP5q6uj3M1IJN?or7!uW%~
zT-p$CzfY<CtP|FgLwWzd74X}H>Gzb&ZQQnhK-m5EkA)HZgI(^Ig>C<+FmV#c<5C2B
zu<iddqy!#p{;z}`|AB!2rZ9p%*!JHMw*BFN{~KWhd$8@lFKqi~0{)mVf<4&w$AxYG
zT)_WW7{MNF`=3Bc;K4rb6*P_n9_-`D3uF*@Fnyi!E(mzA?Rk#W@iYj#+{VBj?0z*j
z;KA6FpNDu6$_3khN5F$^&j)}I?7`UM=jwn5+kR=lgUw$b@L==r5oQ<uZw~lXkP>*X
z?Qacuu=x!E5BB)n9`Io7Bk4T>4|ctNH{ijZ)9w#=a7I38hlc_l?BmYu{s{4dJ?@?e
zc(B|5$$$r&KOFF2^G^pn*l`{UcrfQw;(RIK!S=()px8y6Cj>aBV9(<+2t3&KJT`;C
zgWaB^10L*h>jNHaKjQ-)Y`!tz!R99iJlOoSfCoFCONH4*oGk%A7g7Qbwtc&>+hJbJ
zW7^4o670dYUlj0Q$Fn5h!RD_Gc(D2F10HPtrho^V?+$pd<5?rjZ7jrjYm6h|b;A0W
z0&f6Fu(9}jnm@<n%&NQ?yFZg6<OTa&ISo<*4>r%^JqSG5{CY?UJlOolAtmr&^M3>>
zfd`xa7Ni6oZ2q4hCGcSLJUfrTgU#0mJUFNQG}9FU4|e-63V5)2-VA}@-{Ll8+nD2p
ze^LZ{F!Kq=XtWf82cIs557&*_%!_?;-0?|D7~~}`&p8|~^PC?XGrx6^q?mmkA?0x*
zVmR5_SWm9zV<62+v7akN@DFB=g1=IVB$Z1&sY_U2@EKC_Hb}__ZVK=WVYd}!@#q#d
zodLfj;BO50)d9ar*#7SjM%V^(Jn;FuQUo6SZYliVOWn?_F}$YwsW5^)c)k?-nKHJ0
zi-6bj?-r&G*nB*&=?!c+*VyL22R8p8%yA{}E5a^oPFjS77{In!D*P^S*xx6tEO{Fq
ze`8Go|A=r$jDH%~{4B5;uFiL9Y%@>Te&!3?&rQNUMr(u-;sGyJN?Cs%@L<>RUxn@S
z6=C}vt<LOnFBeAe3AW7&VgKH_UD$r^5cc}^W5Nh|EgoN;B2?9UUt%9NaQwz2W{y8$
z!_&vW@YKnDzFQc<#$x|)_;*TP`a6<jPd~(-)MJz5i6q%C5|2G8f(_X5UnA@`A!hS8
z2qV~oU6)%RB}rv%7f)HF2sYcL%yHD~9w`D3Hvch52|U>RCxji_y#fD8VFY`y?LQ4E
zfd`xaLt*>r6ZZV@pM(+YEj}(QL{Jw}1e+DoF;eQXRf@oaUDgL7CGcRk=SPGc!}fsR
zDU4tbrcC^QRO&Vl>nl1hj+6PFJfsMIEVfx70vl2U8?ftgJ){I4?7F-MQUVV)zfzcf
z4!=g~I<6D;x$KU3KXutIMX=v4wV!*05qPlY*!v+R@D|slO$2ozb$hnQ9A(Xy`rJp~
zMw0ww#p8z*!6qwp-?&H^Ny>Y!c=D1W*nmBskk_$so^qSC2qV~oUEeDpCGcR@&(wuu
zfxv^^Zl%Y?^XkdQCNUB7$?7#ewjp)=6Jm~da?)W^@N_9cY!)A*sUj$g6u}1U_%DH!
zz=O@thLpgA&2x@&Jgou0Kp4Ru?D5hCDS@{*Hue!4soS6aY|L18``;bl-2r}B7~izR
zJ}JUB*fIYJqy!#p{?8yK@L=<QA?!Nt5BRSOBiMs&e+W_n4>teT!uE4G;QvM#!5(b;
z??X!9!RG&)u>Bkr9xbK5FG&&XEpFSa2-=p^ZOCyqZWZ=g?n+?<KVX;3?*#-NY<?-E
z1RiXDuw%r1<9#@hB*o9zBYx5`QtEq?)G;%@+$L*<9m9HI1fO8@n;|9eVDq;N+Yj@k
z`40;t*n`dQfRw<4T^G)e2)xC|qD};LAw{qOd#)G{DM`w^Ry=u~V)I^Utu&Humm=`n
zrH=C+VFVtGE&3m&uJ0FxeZKgTFy&zXXuvZr5O}ctmyQwl$)_-uU~h3d&{mW|I#fzL
z99tyG{!;PSlOouF9m8)3yDoEtIS=BqbdK^dTBLnQQdz`LS)`8b9APBMo^>qtq>cf5
z$9BFjl9ZP*NM2F|8?f`91u1!_^G=jc%5{qWMycDaN!aI<nZig?4A|j^6u}1U_@_Zi
z;K6SH%OE95KF<@6Pf`RMu;Upo>~{8f5c{0e<0vdwbY9%|=pWdV+Rt2J&TWyjbRM8=
z_+3(jc)%Vn4?s%b!8KCs|5%E^TO0%Zl^9C<t=C9b#Tk<F(kIDF>iDs%l2UF)iX`P_
z&Ll4>f(_VtM?gxF@?t|?QskGlq22I9ir@$A7{b`tkGS3FSL7u{l42N)&0y+sq5M-8
zsoOa#?BhN`nEk|%lM;6%ZI&WQv6VaS_Svp{Uc)blF+Mw`?*AuSKTnYzF_9v~0H#gw
z!}`#5nGx`_gps6}-|iT9S>aq=@ZNtM!#IhTa;Hk2cQ9+wQlGzyIGGcOkF-`w8!nb2
z#0>VaTPEyd$NI-}>5amk_ihzNlG>T`A7!2FJV^Q2kdBR0<}M`3CvySz;hX?=J9Cah
zlJYW_l9v?02JE~eASFq8%gs?9Bg~NqdBGn0v@w$8lXfN^QUn{Y+rPAq_R0AaN%Bb_
z#ivtjTBP>Ld5Zn;ty1b7N#89+eqBDp_H?;$J{Do!*^hY6yg-;bkRrqkcKc8t_QN+w
z?XyuBfd|`uvash6k7Il=e(?i7*&H}2wsVUACTX3Nyq!`69_)C+H5=G`moVjGzf|gR
zcbzZ-5B9lr4WtC#;<lO~0$)zC$w?jCd|?D0?0#~kuwz&#>=^j1<hEk2a11vKBS|q(
z9==H3=CluzWY64!Jt=|>*m+Mj#!n?LW0i89QZDOW`eGz)kRnMjXT_736u~Adb$>e9
z_@X}KbxK)hN|B_p=)2gHGG?%+uOdnIthuod*WO_FH`aqlQeNgV@;b$a`P}nfI0i-M
z#eL8936B@p<<ibbQn{xRGxH-cle*6kv)hXEjQcR-!2Gy?=U6*$P8dmwlkq}XqzE=(
z=cS#Hq`cF_la~}pvf*5aO?XZOb37s`;}Ib*m^BslH%O5rpR@%wq)3tt>ndzY*H@k&
zypAC69O(!t@i1>7Nj}44>h`A(kPqcNg^(9a3g0S4*lv}cFNMEJN`C@xkRnOteoTB?
zN{S@e&?m7WMUreN3mZ}d8}P5XKQk9lE~(pXuw(G-I4`O5GN;imqga(B*0<d61^PDe
zFh&sC0qk~2I?rN1S&Co}wx4N`5_qurOCTliVEZrad*<6PmS7LIp9PQ-c#G#Kwv8G8
z#92BIc>ZUObsG|At2C0nUy9%#>@jk?u<h><_88eIj3mV~PdqV@I`4d8ju~a$C}lr+
z-y`+;?tQ|xUnlG~DUFRjgrB>mNKy>V;wgg^!3IpbkoQ_C0uOds;hX~=EybSLkfgFE
ziKi@51RJpX=L|>*JlH-trk)3Sgz4Xu^+73uJ=n4RHlzd|Y(JlXl)ziuA2@!*R(c#=
z7J1#~_X_*C-yi40=K}%%xq$Br_`SlFQtbaI#?)n>lyew(ztnx;d&2HZ$Aw*&p9(vk
zp9$lSyst?Sw!!ABFpjsuZmZJ+9&DbE=CO<Xd^?Mn)6yDY_l--0$B3g`?rB*RWA10e
zmb?!LUl;TLQ`mLq-Z1Kg9skwGHuZU;kQeNBo+zv=d7rs}pAy)E-9GOMc#1%Ltak{r
zn-n2V@VU}R`WdOq+9S*y2mehef<1V=G%fvSDfzKkr;N_KUV!?-ZxW`jgFlUd1V3Qr
zE_hxEJuAk4FN_&B&j{2jO-p|v%>0ObY2BUo78yG4T45j4^#RYlTl!asO~C#9cLJM_
z3cLM(Pgwu*@!T8pY~Rm+65<5Atj`ELhCRYQ_dgcc=QHX*AD1b@>?X}gBk3|J9R8O}
z9S`%N`4s`bCg9fw{Dy$vB<wloL&6CDEskfV2+DAZ4Q<>M^Q)D*j+8qx=5JGqU=OBE
z@Dr8=c3XW!*nYOhJofiU5&VE{|1n4jJlN-jPeDrHEv^gW6rZF>k`3b*8`62wNXlF{
zF~(n2>Nvk9%(%e*AEgLB!5-KDQ@A+Zg)fz2pOcfEQvCB36pkzSi^2$gz&_Sr61JZ|
z5vKjIFTFSQ?3n*q;0Nq$O(Q8>f`72>CkWGq_?#|Gc5G${`y6_Cz;oZG=jRo|&dc~h
z$P4zm{UgHmxm}p{iKL}tYHiHFA{zuhVCFQa(`f_=JlOSW5OxgH0voW8-SU73)Bo|=
zBTS0VRl?Ml?b`!;Fl`0@dx8DE!t_b_PYPeHG?G3ijNlWTRSI9FiO%QodL}&yHejDe
zE)jP7%oBFI%@^jk8)aQ3OcCULx9~+V|3P5{9^9pra{pS`ehv%!JbN^-2YY<|W59!5
z_g91+X9i;lWr0a4YmBhZLE{4(u*<z9;K8=<2zapDVW}{_(GLVR;0t1Yw=nB7Y<?Wr
zfE!|dI0H&Ttl*hSv7aCC;JTP!5%6H#V!t}z!RFr^@L;#e=70yA|4_h#?dK!HK3>}c
z{+_@dY(M`Y;KAlU8Sr59pAC4h`7Z=K*zx>vz=O?yS=eztDr`S|8VO+=?0M$9!tS?6
zgnfMfLD*yYe+whz1*eswuM2zZoX0?rU;}PZ%5mumc(CKVPS|lS7p4g8-y@7~{HzH0
zH37di=CRu#Y(E=?@ej|ZoDlqg@elu@fCoFCj|4o}e)t>|f*-K`d@SI>_VbB=2iwo?
zfCn>I6VJYY*JfUPew?5!Y)BDe08f@i(rcuy`%+=12zbt2o_kjd`+RYSFoGY8%OVWQ
zBDGKKTrd0~NqK$Ehtzp9!p_TFf+Xeb5l^|K2sYreq>=P?seKYZ9Qx@1?-xeM3+5PM
zb5M%FgB{PegzfW5VV8AG7{T81@7+G9a$HU&FMTO3B}J0jWH2`KlovmwZu9xVo;SLM
z5&VOF?kHV<dfl=MV@XmxKIf9UEY@YGOC#weQY0zwZ-^&OQUn{Y`%J4a0^ce%zd#s)
z2fM6yLrRj$nj)UEND*wn_BmbH@y`&p&$+@#l26tE_#|~(dH%pYC$)d(4+I{}ag3zX
zqzF9N_Ff~yw*>rP<MFws^tjmn$;wr6iS_k5pVal`c)8u?2-|;~Fhcxb^Bs^9crf!9
z?XX0Oz*{^I45rWXyOLu;>ezC^Bc%AJJv}F1A<X#~exa0n;CD-rq!`W-j~%J!E{-F=
z^~g)z%~Kcq<a}X#tuT`0KdhtenNyJ@d-^AKP9tI35=pYh)>_VHbZkS)Jcdu|izNBv
z{De<Zw?mz<`*v0sNy^I{L0(c{Z&@IWU=Mbmxe`(W52id~yH1KE`L7p`e^MmLCT#O^
zHu$iXvl)yZ<{JEvy3cbB0ZEE2oLhV>#um)q(ta>L%h@z*2XT@TLnLLKGJe3@q&{As
z6h??2>^A>1NC`aH$MG+OD`I}X(wr2Z&q*m0`{!c}|AMq#3ZA5l^er&Y5ocq(MwmGW
z{y|{`Kj4{4;kj;xz=MfDE#(<i1Rl(I!~S1|*#-ZKfa8B1QUVV)pT?O49&CQ7u>G7C
z@WTUpu<dIC9&G+>Vf#5J;Li{2!M2YA9&CQ1u>Ir$esW+BwtaKJgU!zrwx7X11MBu_
zS6+|bs{{Y+M?B|;IGiisX=gZ(BaSlyZ?T`jjLjL!L@1>8`L5VelFx8#VwPkRjw5g+
zT_tUZ@kf<<96czE;0Mfk2z#!ZxzF?MYvYN+{GARP#)A1CVdif5EyDVj_qkPIM9l9H
z=KO@s-v&0{3v7-HbB@PmSi0X2&t-e;ls;$ezA;HQ2z3FQzc}zSHQ+A^?7_C59q?fD
zT+df{dH<~ezaX#&+y2Uc2b-tw+0WvDFMXcc_BRB6z~*lb{HzH0)qy?O_U{dNu=$O`
zj%QQA-xk<|ZU3Qw2b(Xw#%TVYz#eS=V*w8~{|RBo!*zc1pA7859xr_X&+$h*21880
z#gx?kv%<B~NXmJJH4XS=W6;+vozmYjQpd?SK;SKor&R<oke(-{tQ({rBWr~{N8Kij
z;0J8~T(`#u{5Gl29Xo^(c(Cn%N7(iKs4%fo?rtf9y~T0j-^#uu8#ru8y-r{)=CZif
z=orotMt+rkcE~^RIHjz+rPM!?GLJd7jDTZ4Q`pzU_%b;@us=uG$EaBt!6(@DDt+GB
z{M^7EY`#6<!Jad(3HW?L`p?H=wlFb~I!=CzEt3-GeNwU$8^`pwr11RB)chy`uh-8F
z`16GEjeVW4`(C3kf={s9YHGlPYqX!drS)=sFP9Bj@Y5+^zVw{~=DRSKU=McttPJ?P
zf&O#*B%KrCJeIlkfZ)^Oyy5x%BJHFutnDcd`{hz%qm6EoBJg0x+yg0r2V)yaIp=zg
z+9-@9#lScr4=I8T*zt4TLz41xz9ugzf(_WQ@f*-}St{(<=sOdo#Q9+<LSC@vle>hS
zmvLnNW5NjbU>~E;KuVJ0+#{Z{N$vBq!e5jU!vc}N8RI_T2V%?`&-Sx~J%=wBrj5wE
zRv4jNu<O1);KAlM3$qLRtpctW=Q5A4563u?&30k`#^l_DB-L@Pcy^N_*nsH+@LQy=
z%T{5x+daYv_7?X~VkR#sl4Rrakkd$Z%<)K)eVcfEl6qWs3L{DO_UrVW_RpL{JfsLQ
zfUBgGMLQwzVDl$Cr?|~Y-R883^OlY^^UNDaQahX}o;XSE6Z?88ab6-tlJa`(8jfYK
zuYdA8!aiGs-B;%dBlrY+KIw#%B$aixc;Y0rPp+lVUc@<BiX`P_z928D^D=KZp6i7X
z@`Bxm-wP>8@>wn(c;dO3jFP0hW5p8>De}wO@H+)Rq)3t<jwLoH>jQ)F<2i~HNh*uE
zm$FFR&N*Sv`O}1vq`cUXmlVMUJea)WWJg|7m)j8JJz3uvOuYuvhK+Fyr0$cK345)@
zITxW`V9(F*ft0|5Jr-_-l)zg&f0i4w%w>_3@rNYkrEk+#q@E`kN60&2&zysQQY6VI
zzYDN&O3dNhrOmv!zU;%^DfX<<kR<<M4CKR}_C}KI*@s<d1I7<|X;&mEZ&+42n{so7
z{hw_7GLH}&sr&X+VdtG8j1U{xd<&!`DQ5Z~K1u2S)bVyHl4KwD8QZ|Qtni!#HXoiB
z$cOltQoa>FsoZI?jZ@;Bj<F=kp8kwaQnwX$p6A1JvFN-w9>ytoosy5^;@_1yVI-;C
zr1=5P<({k^JO)USB>#i4VV)#@QUpI>AB&UKeUj|ROX~V^-N18En=q0T+o_D5f3Li>
z3H5av35R1}n|X2HVEki$s`J2L{Jc{(VcQZrb@cIbDyldh;jklhpE=oj`|a9$T#+K=
z2fM73owLHaI4>#UW8`B=is0X38^$AbbV{2rS0L|%eYyF^bv#*no=RTU4b+SDGAZ@i
zBSoke*mKc?kP>)strYvON|B^?7);xSYm#z)LL1M|%#+Mh#Be?tB}p-a?NiPsryaBd
zsp}iA{lK2nPIi8r75gD2K4M!WMTiY-|6Pz0c(D2Fgk49UZ}D@3)G@3UM#yV%U;Y0>
z4Ah18Bt??q9E{DW9QRYndyZlzeo}<^!R~MMkdmZ&h2`1?&UsI^W()JW4-B@Sztb@j
zJK}y7#s)vwx?_tZ`FXo_Op0N!ZF?&1!`hVoK<b!1|1maOqzG*SCWUX6B5b!xnWx}y
zlClm4Z;&Ey)t)Yw{y-lhFY9@PykN)F0VzrH8P?@jZA1C#AdaMX!rwUM;tAIPo&(2Y
zEO{%RZa0p<$6$RvXL4TJmzYVtrp*c?NoD;%`&25MZ=HXi_6hrjj}aWln&Zf|9fV^C
zHs2)dzBwh}X9^?OgKgg`Z2R_rze*Uv9&G!ikP>(>d?aP;Bk&f_jcgka=KSdE8cy+l
zvg;f4XX-%ewIz9xq<9*|V^2yy$NyaE#2BwqIw{7#7pK@fDn;-K#s~akQjP)m@1zJe
zVCoD111SOzcHX1Hp7&l6W=)3ucnxsIGnjiY?Eh9_u9L#wEzB_nKPH@w@eyI$|BJBg
zN2UAgHCx!%I(UD3Wt{g$VaIbvVE<5H|MkHBiGcs1u;U*khdwV%7PkMX0`|X9nBy8r
z--CgK_5r)yRtl>Md7kHn%-<T=gV|K^sdWOjUmx(BFp%IM%qHb-5wQK%fah5x^LGUN
zZw36efd5FqZx?o)_Xs1D3pW3;fCroZgs{uKH{f~h3BeE8=h?jhpEuBd9&1Uz6X85Y
zPWJnqa%fLdgcNmN#v0=NV3*7MLf+Cj$LHvU7)!_tW~_27Zj`!Ae!JOzi?G{dtFZ0w
z7Dn&`_B!fQ!nS`v*lqh+VFY`y`G+7S@L==*QP_UI81Rn>BiMsI2mTqP1m5B{VcVE-
zK|M(k?7@@^A4w5-uzBVu1RiX@2~q+NcKlo?MBu^ZFNKuAgNdJV-z7!hEsmLOW9Cfk
zNs%Ob)+N}GB1tyyl%MciIhb|Sc*R3(q)1Y1ZWB@j8?gKTa7al~-oey;z48(RDaS05
z{(+R^0sgMkeeY@E+L(V{DeGWtnq*KP<I;OAaxs4!P9($$CMEBOg=v5A?*}$u<_P#t
z3A2kl4+K2VkEdh4FW~oL9P?oJxBn!}F8u5hATR!T-gab+{}KZUHWv4{xgy9zieLlw
z9QbZw$Fo>?sucg*r3m)hr5P!FuM~j?yZyfgDS-#O9sUYZ0uOe*z9H;-JrVHV7DliK
z+y1{oO5nl7OgtQ4x5IxIMzFEC9nKa(9#WS}U$cMa5QMy7`YZk?NRj{Nv(OH1Pu3o^
zC#lCZ;|z|rI$7J=zFu}nQrnUrUnle9J~mEvKBf)AK6aCZktF}&yk{FY_XpN@_L&X%
z@xll`!7hunB$8CtDDl*V6u}1UyyrqnlJa6hUZ;^T^E8rVKSDhAPO%Tm)n;CN98V>-
zun*vrc;G0Ta<ftdJ}Y(GhHWT1FOG-4LHwjhQXRdvAw{qO+dsz<fd{*t=_klr`SkhX
zBH6kRFwc3;Zxu%H(<=3O^D1Ek9-NiZ4)2rN&pKh--!6<K#X}p>4kv3X`W!Z-2!6nB
zhv~vDcSgW-Js80r?0DuwN|NG%qb%<uMLAB?F(XC1AM9gVuAewB?TwHZY(6}W>__aA
z^B3`uBIE@-Z)x8!f3mTL4L(Vcq`D9jHeqaF`@cXKNy^K*lf0xpE;(TzFXpQ#)~f@X
z#lk*ccMBs){s%K>x(`n)xXJqgJBCXG9_+Dmvi0r1SGn^PAMNRsHd!Eb8{QJ{hrc!8
zKQ8R{?-llWWS204J=pVDpD>ct=KkG8iX_>b${c$td6z04+J_V&Hn5NN^}=q48-y>D
z(smC>5$wUV4}Lx;Mc~2q^La=KJeWR){a2;F7W9w82sU8neI8N*52hW7;TKW_-r})8
zP6Yl*9e;zck0WKWpS;Z5{8q<j*tfNrmtUn%))2%|x|Z;Kdr={Te4JqOVVr{<gQwC@
zP9<--W8rxtT!Vpq+?#{CgKhsC0UyKSoSzjzdy*m?->lTfm*b8k^_i^rUpDW>ab8mQ
zx2eLMW9U~40=^^Qe>32@KI6J~3nRn{Hopc^0uMI-K4F(T*!9C;=A~uwOPi1)lnZu0
zERA!y_EF#eEJd&fJI=p?l)!_{e?!>uKOsz+_&FqXS$`vpkQY2!ip_B;0uQ#&9|_y%
z3jzO<FoHeU_9q}E@L>DryO0RH#dAVhgq3|sHiKzr)&}??MUwou98%=p+h)6BAQsXK
zq>+?4A0ald+xGLqJ{AuPlMnm7(%~`wic%!0Uh~A0hZMmE%)Ee~+oT9Q*nMWZFap0_
z>Ui!EM&QBbKPK!rKQ2s}=zoy<ywfL)khf3jyk8JT;KAnq7*YZcHveT|m-T4C|EVy7
zJ=pDY5K;nfaX&mu1aXog*nnMDxE5tU;=HV3$V*E9i=;JDB&jTHuqQ=+SsQ#<%lQe{
zjX4<+TPwyA%59apjthhlc(B{83sRC4XXyVT+2Egk<>NA6*#55&M(_i+|8Q<(KjOCi
zb+#41>(WwE$2?uwb(taTaY~!m=DNU!`P=+W!U**RdrYl`lq9t$b0#s6BG`aw2imr@
zf0{p6`;a7`gPA|68|9L6ZH}^*ND+L3U9a$Xfz6kmiz~GcKQ~L=hAV_eO5rz3k))VE
zBA$3iop-x1*B0SFB{ly*%)x(J>UGZN1Dl71i4&VYk|LA~rhVc6T#6*c<MlQvl4Rr9
zNF5vF!^eofD<b3to6ia(@L8$(24N(rtTV(DGbw@%*m;?Ykfgkqh$k;8c_Qh%q>i~&
z*vE8%FoGYj$Lz`G1bpGY)MvFg%Ic6J_yn6@2q}RFQwQw%-Gn67CF!`pxgBVKguHL}
zSmZP6KhH(PNxeuBe1ct8cr4hDIPXwl@{+op$?v=wVI--JVP4z7IWO}Hl9YFvc*-S3
zumQ8qrfpY95%?8SANSS52t3%weKVvasjP|ODT~x~%n1`Ge3R6EW(gzs0lVDGASLi%
z+g}AKNh+6l2LGfkmog_ysbgu~-EQ=M<k#hs{zsgoj+1%2RZ5)KOOd2_nD@y`>b$kW
zi=^aTDMj8YuWj(-^HElKv=l#sX)D^zZ5SR$(Rp#7Kb7$^Q=X`=Q|d)oJ~wgRp<fd7
zUr601`-MFZ|E(~6g1q0CGN0h{IVl1UrtiW3Sc<@d-6pR>O5iQ7W4#FSl5#AGXSNhc
zvM)DZ&67QOuOp)*DKEc=DT@@r2JGW_vfuR_SMrt~-~XHDfm3N)&d0P5DdUi1ahnvO
zoxzM5_>W1kh3}P`e^3~K2WO?&e_dK3g+D0uIrp$IeHEJ@N^L`*bUb-d+vEk4Vt-nI
zd9MP(KCpfAo*Z_;=L9%sllMcyj7{)%3?$fq>BDL19|$u~Ve=<}4Y)Dpe;~{*^8Pmg
z=jC0~j-mAZIk`A5@03Q!3m&DEvgQjr?{5m*KlgpP+|qZsI4|#Gam<ehBlrh9@Ark-
z1^<kI^S&VLa^DbkxlACFWE)8*32RqAZ<DZ(dz&zVPcSL=R|q?v?!X4@cuw^`E1x$%
z9ry>E|3hKdr7z&W5ZHrl|HlCjHveT|`*}3r|1_`%+y2i39&G-<2;0wrfd6K|9};E_
zK^wj#jL@cFuLoWYc(DDyA#DGgq|6TyM(_jn++G{-c?13Dxt(1c@7N@tx73FIgAFNb
zGGeA5A(UmY&(NNI*uc47oZk?5FlFPjUWz37WIiDVQUn{Y^PcRt0QszfiT;TLo6^|a
zwo$yFavP-P>Ej4I*!&b>{J~ER_)CNlc#GSOyyPK8ep#FFx3K$3x!((glKT4t$CnsL
zotHS=&L>;LmpeDPO_)0o{DDuG(yl0yRA0&^9#SO9#&dG$zhK>8udq$Z`C%TTEK($?
zERH=kq`pqlE{tFgc6~1wb{lpEJnLBmd$8>}ci|g;sg$;kq${Kdyv2Qn7|28FHB#6o
zOYNBxuqQ?E38sB1i}@ab2b(`x+ukWVe3ByM1=B|O{DKsL2m9K{<B$?~u-oB3LrUPm
z=Kl&(0uMI-4Pm$Q6T+VN{!SRd-r{!iIysy-z^-pioPoSx^ZXt`l6;=Z*cm6Ev>_>i
zf3V}61}T9Do9Fri0uMG{+Q-au{R+VzZ2neA2|U>R?T`|9u=#r+CGcSL_d!bF!EI9N
z^*yPN*R#S1HemDrAEX2x?0)hRqy*mL<H)u#{gtvx`!M<7OXqg;<FyZA8*F|uq=ap-
z`AZ-rY=h0ug_N)jcAudQ5O}cp1&|VWi|fL+@&B#$I+b(!sf@K#$s3MS`V_~GKEwGX
zlD0?@crg6{{x+%Ss1FE}7yb^Z`}yw(BT4<?->ckHX)DGX^&~~87ntKt-6u-jCOKix
z+p~lb?7>5%*k2|^;K3e8?T`|9u=x&12|O4+Exl5Tz=Po;>B0cNTNuH{;_-MYZE}H}
zQ6A}F&evSKz@8LIiifp0Hl%J()-d)To>N5U#dT@c7I{gT<09$JQu|pU?Dk(Rj1U9Z
z{CgoK@L>1n4?;?kVm_7YW~Y+3Rq;??QiRxA;}pJAiok<O;TKC0w!!9?LrT~Nn_nS}
zu)QKq@v~Nnz=KKQH%Sq;!K9It`GNgxe@M#ugYA2z2t3&K4?s%T29sjnCq>xqi&OY7
zN)dRl=dsf3jqH!4Pe>8A!5*`J2PuIElj8rF6k!`oil2XyB5Z@tmBRm<lzi}XLfdmK
z2w~gTg|I8VE@XS&DT=TSCdED*@Zg<N%H7LO33g!D>#G5uH_(3`J8T<|62_Di!4KHK
zai|{xZ*gAFOQcAW%^BkHPs;vCT5erRAHf$k=Sh*b@_8yY)REYnQZ923l2k6X)^axF
z!^ZhZQP=Baze5Mpp6`^6>p_Y*Ua*hvJ7vSz#1|=&RMtCHuOaeJS)@o(S%a}5AAX#l
z6dlZQoD=6I^>|z)jNk*zxge5WBV}mA^V`|{4Z<$}Mqz%ZU>}~dw3!zlukf764t&B<
zU-HhBx~!IfpDT=D54L?fqy!$Emf~l=)bm4FFVT5%JQK7<9#Y0Uc`4Uza)mI0e{fcc
z&8<=d9_)BFKuX}j=C=sDURwh`JdcBI|J%X{e!xEO{|873yv23dCW5*+bzaZ^pNjXx
z|ABOhl)8LNiok;#r11Yk>X=^?o*eVMdl|tVOw5#fLBNCQH}LNdc(CjEfq(~_|1Dv5
z;eT7e-w7#!2iu<W4CTOoRCtV1w)X_~+RTgFiv3o0kk?`x`Z+eF2sU7kFU}W8QeM}+
zbnLjTt}kTG=LNei?+JLY`IW+zQp#E*C9X)iR%)B|!d{o&A&ex&#&IM+DUxKv?+0v1
zX+~^vQeQWlAv|143~f>b8?a+w&5tDc57*VUfpcBzASL7lpDv}W@lqtoC&z`DNs(XH
z=AD|O+zy?Ea1!I8PQ*-V`;#3PuTe?qf8@&sc#`miQh4SoB&i)J(^}5vqS%JieV|F$
z$7mWECHM!MzZ6me4>r%=m+faxz|&_C?7=?PS3*jX;(w=(^<eyXK5<Ih(*8(NY;IRl
zB*|tl<^DQt8Wkt;k|M+mcAsRtBT01`%zQ#Wz<+7q@Hw|r`|uM<xt@bi7TEL54oFE-
z470@JpA^9c?7nvyqy!#pex9)V<otlYLKwjw>~>fRDM^aq*Ll3&ZdtSqZ5y7;s0ZTn
z9c_Z0Q|yOIk)--^F2LR?_N)PsBzx9W*pnjIfL&fVroiUM3M1Hq&1Z!X_^j0Ycwqz{
zY@WFhfd`upum6C}hkYJwKB<pUucST(Pai`l7i>SBkP>*X`9+Wtc(C~{NC`aH{B@8L
zc(C~!Atmr&^WBgVc(8fa6$m`o{QDp!@L=<sASLi%_sOl05_qufKL{y-x47@IZG5IM
z?M8|u*`KU0Maom!m&S;L=eXk=pPb9gw+bWhtx{sfet{H$2fHrexe09htA!El!HhS`
zyH<+8gIVj~f1MP82itx#qy!#pK3vy<UG9g45$wU|Nb&zkDFP36{GW!Dz=O^IA*2Kz
zZ2n<L2|U>RA3;js!REgNDS-!@{|cl89$X`(eZDD0;KA4v|97MaJQ#cUqf!JO%<+al
zAw}T9F85y{CGcSLuR%)S!R9MCDM;YK=Boo9Y@YA(AlQS=mtI3Ne^y`*HqW<g5d476
zUl{OU^9=zHhNm4$zkOr-DS<uM_S1#aak-boJlnGadoUb2NBDfDk@Wh&2FyGFe^bDN
z&36a9%<|%~zf@bs>@X%T<&q+_kHt2OXKYHxwZ}NVjn@j#mJ;VfQUsr1pX(oilq8kK
zd6BY6sSY-%>zENnlJXJ*c}Wp$z|PCqMUwIkrX2=jbGrN!11UmTV8_6k3;9*XFqk<1
z4|{I{Z&y{`{X>`p83X|Z1wtUqQ$i938Is)G43LT31Q~?G&AlhdC3oTufgqDiB94fn
zC@3OmQE@`6)LNuSEe=)dYpqplskKg3>rm(F|My*IKj*CdoVE73O569-|Lc>iyMDiC
zJ^NY1UVH7e_t|^x|BW`ZtA+n9ZD{2s{{K^%pUQFizp?NAzg*_a)N$#*#5N|62`^Qc
zq3~x42xA)9&V7%dl%NM6p@99j6wJ@Jh0Xr^k^Tq5%N4Na{J39%`4*mSyH>!q_2){{
zUyQMYGJs9bH{(b`-yi8&Clf&rHv8d74>tX{FiF_+JyX+fMJYiKHvKh`9=wmzspIXD
zUNnfEe>vw(Q;5%fVEQE6`rq$NAD;(h7NnC;{Ngh{SAxkO{r(Ytt}sF!P0ar;Qm_p%
zf(_WpR&_o5`_vcTh~@iK&cBDr4`n81e51a{Dj=yk{=W7r<Ol!6>~4InR6s{ws}*)D
z@I{J|RKEXJez+zlZ(=LY3BuL~P7}6vh_AJ!4q|P-Q4BxC2xSJ_JoZN6Jrt<p?FvY$
zUih$(v!VZBLyV;SOvNU?&b2zmeZJwn)vxS2kr*LgFnLk0xSxv#vG&<cj4~5jJF}g&
z&%we7KEdX5CQ3=Fj@C}Z$bYBJRNC{Yw9o&oZJ)|m!95h(o)}5B|5V!TzsiQOnDP)?
ze?CMQNtJE3^w<+4*nn+Ye=m+>V}`;x3JCUKJFlIKQi2|A=j#z+>+{^pB2NPI2aZ8}
z-k^Y_$~l#GzE|7g(_;MGr+{z5UnwBy!L$qd?<g?Ffmt^j!3KPsV)TB#!MHX};UluK
zdi}Y8_2Iu1CLKQ?FZB5NWTgLeq-V`-1beWx=a+;@LjU)X{%a^D=)q?H&ygN%`fmx7
zg#EV#C>!PZuCUELeuses8xtG5rc1###0WOi70eI5tj`=NjHLWf9=0JyQZ}Spcq%sC
zg&$%hmDeok$%`1l27I8x424w+2zs#9(f4!egZ+gHG$ZyeP_Xm(fH0CO!(8bp1F>y8
zPk6clKBt<Om7!PLAmjx${RWg0^k6#|Pok8h%C<my%0`S}12&(FQA*H*O@FrVwuOFq
zq(4U(!5(b(zK+&zeHcqpWxGUr%0|o_m$sTv;2aFTMgd`4u;s-#V`aNB(!WF)!5(b(
zuRtk54>mn>81wTQVJq`ngppL4Z<C%f6O&Fk?^HnGVDtYbloIq{)4x^N@@0H8{R6@X
z_F&V$8>Iw2*z^wxo1YIv`iF%P?7?RL7bqp@!KQyq*!+Av(mx@LU=Q9?f%^V~0)pPe
z#+j*%^Ru)OZAgsZ2W;ix*g?>PP49mn-&tvtr&|F@mFIslucayj^&&<n57^4jd>=s%
zHvJlu67*oJ7h@5E-o)A&zyDKtom}Kayt@Kz9*-NML9A>X%an~6q5NR0?|vvH=)qQB
z{35CP{&)DKE|ilPAz$$J3Y29p1q40V^!uWepa+|tYicA_etwrFFJe2^nB!TS94w5m
zE!gyjp_HHpTU#BEQj*Gx-_FR3*z#iDXFj=JLD&{-=fp!%O3;I?UPqvmpa+}&7?cw9
zVAFH$iJ&*JzA;@2%0`S}GhM;THd7cu4>tW#C?)8@rl%dOj^t~4&cz7!VAG$9Qi2|A
z?b(G=g5Jc+oZEMdb@Y>`S_b<)rMt*DRfd^Lquq$DzVwGf6ez<o1%z$ER^OE<CFsGX
z?-4dXYa{*n!U*<Yv%eUn1U-091@awHK+v05yU`ygGcl5~IaqpZh!-i~v#wxe+aSzw
zg8q611V3Qww=Y2{K@T?lt58bNgLhWI&z%YgdNBJQ{Z|zb^kA#|lPD$V!KVLLloIsd
znF{#vzjaQNj<B05W$kt#6_l{8iM1PkuqU=Q84zX@>@QWYHn~|CK@YaNzZ|6mJ=pZG
zK`B8Gwl=vNr35|rPzCDpr~-l>yoUn%&nY12!RQD-R<Pq@hp3KVYqwn@J=pYnM0)TM
zh0l|ONg}V41*Rz`a6j4F^K1+x*qB&*=8j*>_uyg!wgsF1ut*QKw&Hk4Qh71XQZ`})
zo2s$b@}lh!?7^1T(I_RUyv~xIyoeEOz}Eg3p_HHpTVCr?O3;IC47mxV1U=a7Z$&9V
z4>tWPg=u#59ABn?tuTTfZ2C8#l%NNjp64jc&ppD{$KDg^-z!XA3GY`hn@5Eae45yP
zXWYl07{LZ?ZF>ev33{-Vhw;G5!|`YOWx@#d;N28vD4eT+q{=WyddfhIU;{Rvr=XOe
z2b<5uC?zSMzwi0o>KpgxhIft4M>Nm@iYO;BLcU-tC-p?ogYBGkEJ{hLoZCx}Phuox
z!*wP$#Mb72$n~a`^TNo_3xrMID~wPEu<19Tl%NM&`;ViPq{__kLYavXY{2I82$T}^
zVAIEK1vdR`VFY`y=}!{2HaS_?_TvI!1bY+PkBr-tjTpfOY(9@fDM1f5{c$KI=)tBx
zQP|2*)o-nA3uTX_%Jx4w4j-;E&<?~_{v(8~UQcyjn4i<-6QRCf)5q-qHvJM|1beWx
z+iH}ORJ+ZWp1Ket*vwbhNnwTpezsFU&-lN;0{VW10}Fh;VgwtomFLC6);_mH`j<!g
zR|rp2z$fFpjlGQ92tG}$A5NEoZHN(UrYl&!GldcKVACIkQi2|A?L$9AQhBYCp1g>y
zF0`llTqlgME!gxIpp>8oo4zJ&elCghbzua1u-RXVQi2}5n*wchxdMXT#M*~*G-W16
zQZ}Sp$k{NaV-t_<;Jp=QD4eQ*;2%tW=vOEp=)ngopdVI1(1Wdx<HFV^6On$aFoHeU
z?5{y7K@T?l4Z`N<Mq!)3y;c~(-o)C9@rybVGrm*KYZZ``J?D7ri4knTT%)pWuL6P|
zysHBGAq50I*vdSHQi2|AdiJl?<qF~56!3GC0)oAX)n&dEl#Lj{X1;>?>=s7QgH3-H
zN(p+foqyM%l%(?7UV8E(Mp8ChM_@y2J`WeRdL1EbWjIzC!4KH%IX59G|MWxr6C>Dw
zZQFx{ZS0yMZ2jRxVJpKNVJm~5FQLaj^EU+lV6*QMHb0AmZ9G{ajHJrEkM#H?Mz8^!
z&;3zK(1XqAAt)s&pR^Y~eH*ep^=1qw4LqTM;0J8}uSO|B54QgNfUwo^9m4n^d|Cm)
z9&F|RJW2_Au<8E}r35|L^j{G+|6dj6o)`Xqtbkx|V*Pxc6w?%l5p2Nb^LfJN^R!66
zKp4RuZ1#&$O3;I?|D1zTk}AVY=_vy-f(@AYGvy~=<~m@;Z3G*z<vSv5<s6Ollfnr0
zVC%Oxqm-n|!`zPY5F^-tEiXUcGrgZ<SlyT6M3TyjzD{1m3l*qiTsE-zf2pw5@nw<z
zHem$+V6(pir35|L^lub4KX*m?w+JKHgU$YJC?)8@rhlif`FWSHwe3fR5$sK@zx7E$
zeTi+`eqnr~A5cKp7HoO>^WA<*qphmuMM@5SUar{uyc(qh|6t4ab;4Gj*9%h@%EK{>
zr0T*Lhm9ZWW=codE>_sBz?&7D|3P6Z&t<|0{=qh9yG|HM<;%Q>e2Eckz{KRcQNi-s
zBy7jgwZa_R*nCg{VH@ys70`cP0YMMmSpoe&C?M#;*0;ZjQi2}5Kmq&1D1Zb#*yb~*
zM0&8b!x@ntZ2B%?lJK)gfO8)HH%IzGVYC0Act=~=hw|JU<@?g8JTDX8vnc1?!U*Lz
zv15V#GEIRPN!e7*nb~$-*s`%L*xKQONDs!Ac6)(>?F+_CB$e+)(z6XQf(@8+JbrFd
zplawjj*eGA|EL0j9(;@f`tK{4{SSmWe(}GPl%{9R7ArsZU=jR)O}|&92b=y`!X#nO
zS}vwP0Hp*y*z_|ZJ=pZD6^vjH-bXRz=RFYwy@~C|9x12`F=p7TRlq0u^A!;EV9Sf~
z0YMMOmb@-euzfTxjHL2CL3*|!evSg$o~>YIST1aNog<9k2W<LtQA*H*O@E=V`JvC4
zzE>E*9&G)545cJh&hw<FoWy%6P)^R>dl&c`#WwCSRwMZ7G;ZU^kK0zxyKy4H57_kg
zqLiQqoBr*>R^LB~^bZOn*n`df{U{~q!MiC?o<|fA^d{C%sQWYpVjEZ4Z%E4iOzE*F
zMz8@}UhH4e(XUjX&rybZ6%h1bE3>bo?YoCDmZZvXko4qXF*XM)JX?XhPEoLSJ5|{B
z<FZJ9R;2gGg0;hX*&wMhER>!y5L?|>30uBZ_Ylm!%0I^%{)v%P85mo!nd*3JZC=wh
z+Z8@3!;uR3d8vYx|7F7Ti5UuSQb1B=;Fx4ve{5QtGsi$u+nyvn+Y(#8Cku1#Az#`P
zVOy|`d(6$Ar-03y6>QskgsBVqClnC21#eJ5f4q#%{saMQ6W+^1u(x;gu=nrinf;lO
zpZSrW?#K_=?9YnyU>i#>iuB}<*s(d4K0u$Jra+8Pez4_x07?mZu<5BAf*!nc5g)A>
zL2qK^Sttd05hK`uZCgLioBj{!pEL{pFHx{E*M$-EU^|Y+P)br|#)dKzTY2^sMpE{>
zOOL(9*gQkQw%tz{K@T?l43rY|VD$K@YR~vwNgixBUjf0-d<CoH3Sk7jiS3u|r64b2
z<PWvsn8gpVwLj&;?+gXbjR^k1rjPp`>4=r>zr!bON;xg2JjW`K7v(%nVW$FjDMtR#
zHesA0FJfyG{O_nhUJDfv{DZBpE)h2SrI9|~kKkPu@DrbdM1xoxT3;ka$O~-k&p3^w
z>ewg!GzDTSPrtC0b3hnjTd?VeQA*H*cT=F8FH}HMdC@1xEAA)QB375FjA@M3_#x)}
zO}_UiAmn?GLbn1o-&8=*gAZ1~en%=RK@Y|rJ-_vngnqfenTqk_ua)K$`j5$mbnO39
zcvhkRiLm|$J>S%@e!iWIO~1YH4zih{urp31_yL=K_ec*m{WFEl&)$)KzsMepJ*opE
zJs3)uu0M9(oQpz28BA=y(4R>rMz8@}AKL|`<iC2`qvVr(i4Rwpp}@5OLSA5N6MtR6
zcG#b%@bm)H&yoM?a?%duM~tNWFO(h|VgwtojYZ2)O3;HDH)kmHD%ieWFMLR$zbVq+
zEPQC8e}`fOKVWO0_XwMx_eS~;3M1Hq&Hm3&O3;H%|A?^p`B<cXTo}O~Z1$f-DM1gO
zra-+utzcvFSA-F4Oswx=Z-KOwP3~N2=grmHZn^^bjw&Gd0b4mIQA*H*O@Ady33{;U
zuNAg-xGvJ)B#dAWHv3yqO3;H%|4L!=^QuVy+DLzgFl|8jU$0>O`K`hTK25CM&XR&{
zh*v4F?VSn;_Tc>$&_ASLW%z)wmF;0+1bZ+s_KzwcaPT|@^gmZHKfe&RzWuvMj{)N(
z_OmdS;0J8^&WrS5(?3s`B<#7rVfqCqCFsGXUmWSddn%oLpC9Q(gIK#w6SF`9K26Mq
zV+|W(1RL=73iv-l0YMKo{V^yd=)tBx0i^`JiRCqw^QM)T7)kk=D?RDN2sU6FSGi|`
zpa<LdGl5cq9&CM&{*R>cdMf7&`XuEfM(_`2pQ1lV0YMKoJ?)R62b=y#loIq{(;tUY
zf*x%86H!XggH3-jN(p+f=}$)~K@T?lLX;BpVB6P=QA*H*P0w+Ppa+|NB}xf;u=(#n
zDM4>yeFkp$LSfpCm~M|f`xiem6nYg9^kCC(Kq)~FHvMK{^D`)H$JEurNUA){i75jy
zeVu&S7Qr5D{x3r*K@T?l7L*e7VAC__wDMdP>0cy_U=Ox(z8a+jy@|EeA}J^*vHADs
zWz(nj3-w~ZSb5e)e$J2d7YLIN_UsFrKMx2asj{6SJ=+i?*nq7(XP}gz2b;c2*veB?
zFFUR&Gm<L9YUwEh@qP-FKQ1%a@*NgN@B=pexUiLn@x=67g%Rw*HaEBhr6g6Ji>0SL
z#OEqdo)0KIx4@rMY~!0hH(9>_DH{a;VAD^dkP`G@)Bktf|EC_5e}Cn*Pl34~g{10!
zw)AX6j2Sk|6|9`+2qWmhrl*|{^kCCJ)$w6x`J((I3P`HV^cl)be5wNWRpS_G*jL%i
zENqDFIGQbtPzJEwGh8NYZN(UCeS>iZNtKyxC<8Hq4R|{R%1@gk=)qQo^HEAtKKGU$
zpTtPYhI0cp#5U(25Js>E@2fx=I2T*Jt`oL>dXq4MJ=pZOqLiQqo4#r;YWA-cuw(N+
zl#*2W86PRXA1AGE_bJWF+%Ifp@O3o3A5SO){;SSA-GvRY<wbiQtw6i6-%URzd}5)$
zUok?x!1Pz_|3U#l4?bN1{jU|w&u@fxDD>N+lwc3Gc8k}h3kLdQ=OD%|>P3vOE!fVR
zzQ5T#jW$HE2itf)f>MIs#PWKk6y!yWq-^F$j}7rN6sYea1q6Gr)tBP}K@T>)?*pdi
zxVCm%D{N)12_vcU94|fPAx1jcn19;O#(^cmre7*-<yj$&;1g`+IS-{Il^5d(<sr7?
zbVwM%9=x*x?Y2b$Tl7~bFh-#Nyn>bIZ-t*z=)WK7e;~~9&i315EWr<$@}u8b*!=MR
z%K_5ipWlT|e}sV5_gIt?{D4hAJJN$q@86d({ppcC*pBfvkv?RkKi2o?H<X!}c|7HO
zs$+tcXI#F>ntDwrn0~7;f*x%8YfwtigZEURJg-zh(3@EKX<N!qY<V3hY{$rP!UX)h
zKw-B6`|)j$LQj7{$O~*`yBehgJ=pZuqm-ZroBqYZR-RjgtuA*8BiNf*T{u3e3$c~?
zs=^3+u$A+r!q}pJxx$Qszelm<`(EL>h5nn05$wT~lkLB&fS?Ck`F|*Ee*Qhu|A#Pw
zJ=pAjg;IhZZ2I4!l%NM&zE#JL*>fD(*!WxuBf*b}wc9Ews0*=`dA0CN1=?j&0byG(
zG5V_gxJO}gn_?uDFXIvU5?j8ECHpJjpZ<@qE%;~!^lwsNJM{M`9ISx;Q3dNKj6VoA
zU@Om)C?)8@$0*<{_1p`3o^?U62U7<0eyp(lvM{m-V>?4(k+7A)ueHLq*qk423pV}5
zksi!G#Xf%KN;HV=)1_kMO>E~2&PTYSE|(~n|GF@O9&GwcQA*H*O+O-Renum`?<Zz|
zrEC!VfNdXf3?k@Fto++cLHUW1lnvMO*btwpK%3m7fM9=*Lbn1o-&8=*gAZ1~en%=I
zK@Y|r{U3irNw+zDnD!*LKJW}-_7m;4w*o?Yf=&NyloIq{(=#VT(3@Bv*ij1dB1XbK
zQf%Aq613@UZQLWaa#9|f!*ISsQu)r2o_vYVP@rDSs}bzM)`xEpHvcyY+t|ezg<ub+
z4*0oG0YMMmK>_^(3J7}eb_(d<rGTIZPg6kuZUq}pJ}Qi0V`6Q1s1$5NY;{>*7-0|I
zPXV9)9+d5Cj#I1S%Y?1W@z@SF{T;#x{=ueyqp<n8OW5l8W?=+-u<7qbDM1gOra(Dq
zH>>+Y!U#4dR`>Z*unn>0yFeHpguY1MFKp%Xa~snS%LXAYu<6Hz&HqHCXKsdI4}Q7=
z`QE62q{=*3`e_Qp2sYrE3T%6U0)ig=JO%WxRY1^#ZT|C^u$ArO!pAFM|C31nQ{f{N
z$TyxRfDe@p`}sJL;2*rJV)XpJjGzZwo17Er!RYaSt}rq7=Ly@szED{IgZ>2q=BF2B
zp$D6OL!<|rezP!1_#YIo`RZ1b67(k4PZmf)nTYpMpkC)H>{Q^36mx8#|9b@lKj3Q=
zf_>zlI-(<75$VB47W%hDdhqiL{V#+`!v8M?))x8|(^~qK!qW@=urO_i{bj;t|9E8o
zSCRd{3M1HqIe*VkI9E>0&-nt(mC=7un6VQ4V_|I)w*9H_wS|6s`<8xE_&({e+fO^i
z`r#5`tJhND1%=H^BAX9IHXjydjK$9r!U$ysGdHC?`)N>Z`WJ5c7ha}xw!JN~c|;f;
zejXKOt_k0t9W6l*COh;837gO9k$z@m55|6m!cmbPZ2IGc&Cdyuer{wBHv3Z}J(#lK
z|1@E)oxy7&8_^)vpP37>4e`zj*mo&d85Rj!UbGWJ-NB|`iBf_dZ09@XkO+E{|J(WQ
zt%6WrVkA|z71Covj9>${@xhO))(+Iy+U*iy)7OO&{D4jG=gj8+a*QRZvdx#CvJqQe
z3xsDBp-(ZwwqVO^6G{nsu<3_TO3;H%@8>Y4r)-w*6~cC&x<MGhkBRN;o1~!3#0WNE
z_5tO-Q-Qf1_=5@vHel0#9;F05nDXHB?-UU9V6*=*N(p+f+5a4+1U-1M0)DtgvwHDv
z3v)rr!}-X34q+f+Td?V066wLVAMc3tU@OBLg-OECT>{K;DZ>X)O3<5F8&0L)a;)Nq
zn0YqkU#oCXfth=dj{ix8Llv;0{jEH25VkS=L&9eNu&~wli^2$gz^4BZN(p+f>A7Au
z|GNu3M``4HBuWYPVA_rR=0$q2?Tcl?Hb%ww*}$|dK6%bT|ASBF45q&bWuXU~eto0|
zn|`A(NtA7qz@CcnUo|)28iVr3*BapM71(xn1q7cawtvZ&Z7s&W7`Bu4_`u#`?Bjez
zgP8w6maWkq)?OC>vE3T|s8fHlera(hduv~d|Jcq`YiDaOi~nD3x0yOzrzsF4w1<g}
zX`ElMA+~wQ;e}Dkp7R~{7Gramf}O8V6t*#cj<B6;P8UW}K9@+3Ph#74sW8XM422a6
z2-||KoadpGq<q@71~GyS*v{8i3-6<V|5qy@*nlnH*9lvBULWc27DliK@27yDKUF|d
z<>5X6btFboHnbx)#8$^y!br;g_iZ;j|6bg1ne@rNrwqgh`GReJbtXy)da&uAk5Ymj
zZ2A$D67*oxzZj(iJ=pYbMkzrLHa+tw1U=aFpG7G_4>tX`P)g8)P5(QT67*ox^Ik22
z9=w-g+QHAS4w7z$!qUhdJXYxcEYgGNOZa(2m?ZpvOu&wp&!Ci`2V39!+ei;KKVK3i
z3H!enV4vduJ18aSP3#zl8|MBM_QdArG~ojjs29hG-M4(5u-Uv`*vjVnzv=Il4MG{f
z*54jNDM^(r9)HXRoy~7g61Fm&EX=V%IqAdfBQW<=jx6w<iV^YxAESWH;|j+Y_@|2P
zm}Op#U=L<~iT!hgEnn`-nf+6Jr_aWmbvT!#+GHx%DF<uYX$r)rC{Sj9O-<iMPv1ny
z3vB!Aa$$;r{tAU16|m<X8@|zBr(pV<h0UI07C+c=j~c-q%smtI_bMRh!Pd6#6}J1C
ze=dw*1Gcg~ic*3eyobUJh0iG<=uNC|UnB+j5+m4v&F6ZQ67*oxZ$v3U4>tWEN(p)}
z^`Z>dD<J4i{wvC0ZM#WMtqem&2IK{{GF06wxI}i-6o?VFy+pyb-6D*j2U}h*6t*&4
zC2Vc}Qegyp6RYp`QjixhlCr@+HpB=vmgfxN!xb#wBZTc(TOf?2d~!XDPhuox!+3!W
zF@g=)@;+VI@@34!mh#M3uzAZeVI<{$Ds`WV4f$Hg<wgG3SUD`l-uA_zg$*%+4cPW0
zb2B8h?L6u6Z!tEs75ip}LQTQi>Js4t6wqI-VCS-1g{_Q?1LTLzBMP?d$Aqo@9~VZ*
z3vBvNqLiQqoBp%H=7({>^!{FomFJ&jgQV(9IW6RDrn2v*VnaE}ix^3j=V<A%A+|am
zBW!hy=Ye4EMa)p(JdUJ%PNi(jGs%}2N%@(I%~bN5ip{fB2FgQ>q{=fDKT|n}PQ_1b
zWBY}DLb+&v`r38{euiSoj-I&*k}5yvQ|yQlY{2Bjw(MIZwXNkrj9>$1AF(a-CMzfN
zC@cSTVFdf>3YOQQ!U%e>>5o7uK@T=PeG)-$V&hM|@2m{ZmXVe15Mk4km(B6cjP&z`
z@l9QpDj;yM9Y-rrO3;Jt7+Hf-f*x#R_=PAX=uNE5Q#p@ZuZ^ZD5bvr$*<PW5;1g_R
zyIt7o_?kkG{hbO3_F%Jr6G{nsu+8V+gHn<zGj*dp#IqIff1`q(H}4ik*cMFR!se|C
zR<`?ut>3;q(*KFDwdaGv2!6n(e?LkIda%v&A44fYZ({9yiWHQY7{LZ?{pxg-67*ox
zFF+|t`NRgF#7N3!o%GlcBiMkgE`H8zdVjt%eH|wf{D4h=DM|@?u<1vHt<6Ux{iHC0
zJ$N?-_R;kU2znE1!=+MC7h=XY>|dZ@{rtbHY*v>ml@~(Uz^1=e*y?y)q`yfR!5(aN
zd^Ji5dK0T-ZhW);K)n&R1)H9621)rmL3-Ma7{La-lLBpcl7f|=Igj<L(}WT1!Isy2
zVI-B;snU}dF@g=4dXd*zMGPKP*tg)<D@L#fTid=^*vfWGq<^_Ef<4&m<F*Bx{&m9U
z=k>z2FYXsc@MB{8Vx|<+6o}1!c43sVXCGi6?+dVv4@XAZf^BZOTG-lQgRu2&`k3io
zB}|?(6ez#d%a3(72L7pRY~K60Fp?_s1=3SyVgwtom3gzUwHy1(^1VzL!5(b-Ehr`E
z!KQzqu=%-4*vj@&VI)<yi=?M)#J26l!i<}=gWso?mv0l(->Yp9@&a2s(^d$2@Jt2#
ze?`Ia{i?9}c~Tg`9&Gx5MJYiKHvRX6&CkC@`X31+*n`dfXDB7;!FwuDo}F+aL2qJx
zbt>oaQ?=1F1!4q0;C&U)(+`Q!uTeNmfqbt}u<~ye#vc7EBR&1o%KzF(e}^#bjNf-C
zAovGcU*)`M`93augaZD*uVDS;H^SzB+o&DD=-Hm<X%YN`&Hm|;9!z^;&wVWfdlPHV
zF)6SiMz8@NszBMOm(A<mB8*@Iw);Hq5yl7l_bGHKu<cJ34k+-RQ5nGIGcFt0>Ugm5
zA;q>l<IR4@C%;)E<OL>Q^gP#nM1fx<ytu%h5Z3=-|JMRX75X2el;8(!_1zbT67*m@
zcN`Gu!B+R9h0Xsl!Zv=MB5eKnEMWwnVCW2m<pS3C#)LN&`hUPcf<4&w@7ING4)ASZ
zYug>RYdyDcsIci52p=OKGZcn|XBGHO!U+Ds=Krn2R+sxC{R5Fb*zDgO>A^e7A9;Ns
z(u1x4e<sq)EQs|(%Bd=a@{&N=&^6l=r35|WqUFUk1=l0wd#(b44cPYGMZ(h+u(?_R
z!3J#S`WK;;pa+}&CX^ENVAH<@r35|L^e;y#K@T?lZ73z^!KP;nLC}Lue<w-_dJ}7_
z=Se|Z5!?P^-ePUCP#9rbFvlA9D-@8F&jY2$hM3)i&A|%Rf7sUYS}AO8UKd8N2k)RT
zL*Y^d1U(qP=x<T5{ld6Pp4iYP`zT=ZHicaZ{9eT;6!@PM?_1!XDSk$Q83S#6*pEU=
z@Cn90KDp07r@*Ts8>xa=+kRP$ZHN*4fT<Vye=K73|D-^>pg%V92|lRM^Xx83*sl;+
zu9))NDa^G8m}gTFY`~V+e+rX?{<i`*C?>BL>5u8J7d~1#{5%-x-z|JuVSkWzD8~Rc
zR|zjE@MFT}=i|bb?-RlZ`GWUSEO*;{C9?mj@Uhb2b7ys0^RtWa*24aVNPnX+b42X#
z5=QV3UZoiQ_k_tB{SSoK75Xj}%=C+enNwmvB5e7N3fnyAM&W5n$Is2eGYk87M*0VZ
zdkQ@Vj``VEcwV7Di33W4A29P#^8Kvva|--jVJqABg%2<Ed#jV1&wYdsDfA}`(`WE=
zQ)F|qFnybH-zAKM_7Of?82z^*`)>=MCmnv~%h2*#Ak16`{R<=gRl>Hv9uP)|z{L1}
zU!(`)gYX4mtK;7Z+y0u#$w<OxVA>5o7YY-jzexBF#rXM&u$A+t!mFjjZV?B&1beWJ
z73(8CSi3CPZxlBF1Hz1b@cScsaF=xC`)%PR1wLMbA%4)$VPKSyFL=IU{7eX2IVXh=
zmk#^8gkM_V!*^}9$x*`Cu<bd*w(S~W8wV~EM#u|{KkRQ8CPx2S;iDCk_Ay~A=i|cW
z^RI+&S329AznlI@*cMEmL_Z;HKDP)TARRt$7q<O)hwv$d{<D$&=Y@}wp6!1vZ2A61
z_{PHiIwn67@&(&|xhc|vO@C{o2V1>f8R@~Me@&zZo1Z%)J=pBu6zRdHf2**S|Gr57
zKx7X#|L>0UVDs~ku=)8wq<=WF2b-V2i1c9d^O&&t`FLdiL}U+UAJP7w7Pc|-Um_bN
z1+jA$=QZq!5%vq%%ENv}(1Wc!XP}gz2djIBezHt4g5JdPS}p~75hK`urz^}*7*s&e
zgDo%4MF@JZx>K;fMlq7g>k;Y6i`d%jW5S$|$m?$vkkqzwrDt1W+m`WZsRG-^`GV0A
z?omMSd5?mX|9)WvJ=pZ`5GEh=?^4hyAozK|Vgx<d>^~%I<@vDio(kmqgaU%SiM2WB
zZt@^TumK;Tz_vFjAn3sdE1-Xy0)ifVx&r!dC|DW(McC$DzZ6EWH?cC%ZzzNBOUFuw
z&kYI)+ky{JK!1aR<;D1+p*Z+?g<=GIFk=q(v<ZS9e3%0Ie^jus>q%i7lb?oj3HIO}
z6;D&(*=b_*tfxVYpJzw*V6#6^*!*+tY5sZU2Vr}#?MLQv2zoHv;(xX9<pt*26T!yB
z+SAUJ#0WNE+6O=L6`ot*7bv!Tdxa6~!FJ5X#~ta2<#nj=GzDU_KVF#P;fMLP9gp-8
zBvt14n6k2+BU>xmxnax3wqVOEE^}ehEZc)pP&Q)gGoKXZyh%HJN5S&iK?SzC$68_b
z9X1yTPcQJ5!e-BV1m@?1k^b|-`xf@!64w7v-){@pb;PeD{cnV=j@we$!X9k;9V0#1
z^iLNy|GNs?v377|-|*PlU$g_s#J25$!bd2~P*|*hu#do&*V)2mzdX{jj}Yv^wqNL1
zNNQhiFFj=-CXlb$Su9m^KgNAyr^5a;3?wQ0qov0`v6cB4VcRbYh0PD=BeOY6_(TQD
zbF~73f3UT~^(ZCi!FwoRf13i5Di3{Tnga3u3fRw6KvMSXN9>9BRKWf)1v`E@rVcLj
zw7Hdkjqt7tY<sc7Aqs5!A_XLs7k;rPw*JXDY;yzrTOBVE-cJFaTNUgY`6a@3jNc)Q
zr1I*Op1g<=Y`{A!;PX-i($O>K*tj<$yltT$Rcv|1`$*~_HZH~WvOYPhut}9|h0@5I
z7{LZids4RZ6>MKnP6QjU^^H_H@mW<)_9-^R2tL8qSEmajsWQjMQO@R2CE%af+Hj`u
zNea{}K2E{tuxH+akT00_B<(&08)qICMz8@}`+O3mBvoe4U-&1s@?0T2T><~ES3uYn
zY;AitN(p+f>F-4;K@T?l+fho;gH8V~loIq{)4va;1U=a5@|P$j=uNDT<@O!>g}M~e
z>g2Z5l|D^@7{UK^1uM@?VFW#xyzqIv0+K2Z`QnopN!g&ohM0g)j$_N0eT$^FwQE3P
zBxS>~hJRutWiyp>PQ@l3CoL~@Ru{%vBvl5+f67U0{SZ6yrA;{Qk<_*aNYA#!2sU8L
zm+g_%wv4N6ON?Lxwryjdq$Aefo=TaY%C_<Oi}FxrbT)3!L@7ZJHvMrZC8>6Z+tBJx
zyV*P$KX%@+>rK*6Q9$qsw*7TFN=Yg&`ZsM(j9>${a_)yxlG=8i^lVFvU<0-?Uw~4A
z9&GxWu=T4;g!fXQ{9_78Dz7u7CohY!nXf>fW?Nr|y$k(-Vg!4z>90m9K@T?lZ73z^
z!FJxi52XY>n0-XPk18PO!KW&q|FweE@i)SDUfvm{1beWx3D->sda&uADNGXjy#;LS
zorzL{-o%cD*-}hXAV#nOKTCnKEmJ_ygO@6x_jR|t?o}FsJ@`Nc>_4V}p#PYHmHBaD
z1U=aF@wpFd`p*hm9X}^*`93L(;K#)3h;EvKr4bXX&&OjF*z|EfmpX{~%$>6sgQzb7
zu{^=HZMQJxAx5wPTOH3rDM1gmI$nrUlJa?}^!Ox3umPJ-Kc_PNB*qf#!KS|wr35|L
z^w$bo`(Gzap49bv1siALz9DrGt2^^`wu$HMU^{l`W9FZ_oB!p)D;3D=4GIWl16yBx
zA4&;&ux<O0Fk>9s{+j}V4cO}SBa{;KVAKB$r35|L^!}JN{k9Zdf<1Uo#pJtJq!$fh
zZNfZ&vJxX~YhpHx=hzTi`_NDA_#zL4ZNb)unQtN~pNvcRBu20Se@X!#-&R1-gRPF=
zM=3!MHvNxLO3;H%|8rq0^DiR(e+nbmgUx<g)K*~A^UR6);Xab-cZ>9lhx^MH<v&8$
z+W!<`guKAEEo&nn=)u_2CRM*b(ze(TBW!D8`-^b|8)D`Rl!rb}cGz<cv3(TJVWbXX
zex{Pw&f0>!h!OmQ%|GW8BvsDo(z7kG-G@0-*vdIy*xIUF7{L$N&QohpN>cvmpZF)H
zf71?r?y+N`Ctn0VU>i?3?va%Ly`;xKF@g=)>b@^Z33{;U=_3ewu<0o$lFI8)>B)=O
z%66i#wbdM9Ypb}9QU|ep%2<paV%v69`1nHq=16~!Fg~%rUjd<P;30)jcR68y&rsku
zbOamlD#hq8jr3qE=ZLV)6~}}RmMuPS7uNsa=QRRm&u`)g{=v-o@c;fu4`yDA{%?ej
zDe$i%8?d#f|F)4Gv&X9-Y(icq2wNHA?;L^AE86B%{z$L~oBqs54>muGB0bphT^H$t
zL;bOR_f+Qp^mAMjBa{<teQy_(67(jP?+hu}me|gB^fCH0I`*@*)oS6R3;hct{Z+yo
z8`!@>0U<B2waM+m=I1q${!U>8d$8HR38e%*cn<~qKd6AD>e40sGzDVIYmqQxCEHSd
zgl)mQE1<tv0YMM8akY+8f*x%8L6j2oU}F4CC?Ie!?T-E$1q40V+Lm^(vF<Ix2sU7A
zhqs}Wpa)xD`jD{I@x#Jg&y&|<3JCUK8^b@1Qi2|A*DOy8@2$YL|Dk|j1D>vcejhTD
zpa)yO+Aq?BO@Bb74;$)_^*8#@GzDVJ@OexTlh+&t1U=Z=X8}qHda#WT7oe1&2V1+<
zgw6jYk>2l9>sJ%9LGWW@WoAE8=J+@QTYc$A2-|{9AD=r&N6aV38a|1woSd(1yggVL
zNtFk^`S~NJ1sd|lHu+!P4#$me9h&G}zs+&u6Jw2dlcBNtVDE8*0~7VJ-ofLR_Kt7r
z8Q3^nAKT`*Qo`jUgByB!me;z^U0vH)pQsJ>Z`0g}wA#3oBcl@oBg5lv(-kAb6PtP_
zyvLD&{@KF=a#P9&-^0B_^@UrPkMy~;HTCg{k+FJDeSBQmxWo+ugM$kvH*9d~HTCtA
z1B3mGCkF>t%I$)FpP^N3tlryS8yHqI4EGK?C(DKhCd_Wlc&|%cQlD5<ua9<(jBZUA
zt#4p-Q+;gh*3r7#awydTeM7a;fxgYPq58z8kz8qQH*C`W8W`R%;v8FHF<UgSQSIgo
z!hTM+V|~kLS19ko!I8erZnN$y8tt=qtX@BF?g^*3WXpEVf|ZMEG@48AsZT5$?jP7P
z&_CHbxGde)vQZP~6T7=sk7zel8Ju0;nn|_-E?l;%ws1jD_q;hZ_PZ-)!s_xd9UvLA
zuC?dYHmE@|$;0)_Gbt4taWrknm5XDf(Wh#I18uw3O7E;{^(!*PXc_t=H+D6?sdud2
zU*s!88!^mAN5QJ~m)83xdIqk{HHB<e^j@)Qa$<C{gIPzLsvR;~ultT`rL5T7<MrWO
zgOAnwwqzQQp2WCV;n+;7irl?sO|3pQHZoSzuskrlF_W7&tNBsT>d67RU~H^+Yhq8G
zt-)$(?{L5N=;pe{)RD=tzItxg<0xh9cmKNade`7UeR!g0Qb$V8TUUKdJz%(ZV|@(A
znOa6xE9;l%J8s#ov$J)>gCo8DT?=xhvq80SY^~qQc_`x*(}DH@&YGVgK?B)}f#GxO
zV~LZM*-gbp2TeyOX@doW^vbQt^SQisEpU|!x`kUgPr4MHHruRMkBz9?jBCe_b#3Y$
z$o0g;X~1evD`|AB*uf10SC}GWPWElnlp-w@C~45lyVVobcmo@@R$BLMs_TqAIySJS
zccNa~T;J-7WL`NZ*7{Q?T(g)Quh;sN_rQjMKKaV{aaOejJu7ErOnbU}dX}wP*_f2|
zj_dqfQNF=}^<%wbTRU}K&OV(_FjKPHGW*0@Ul<sQ2~BoyW7(MVOu;1G7;TxQ&1!uk
z!^1jLRi}pClr|wBb^9%9>nW7DWSMqY>+S2SkLC(AT;Dh{F_7;qU4!-B;mJ|wT1Rs+
z9c>KE*<_bsJ$0ix!FY0ts8K6D(X~zK8R<>UBDkOdmo0MHYpAJq-Z&QfM}{=!gi8hI
zz_OqaqvM;c_x1G-4zBNQo6&mfVrO-*X5``+#s5IR&UynATWgw#=l0<5V~cOjQ#G}Y
z#--Z&)Hr9wj!uEg!?~?;81t_C7`KZIY8ytzhI(@qunI>*SBHWXEws8ZW@<`4HTyV&
zr&hdp>r5A6x5OD%HZ{gmtxegsBKOE)#TbvfH9ZTaZX8!CZinif?3*LrGE;|QN~IIp
zxOQ=FVny%iH2Lc7@2}|)RoFP9i>*yVIcKXz>%+{r+c&5Uk7#7~cL3~AVLWIIvzlXv
z!PL)T!?3k!a-x6a^4x5OnqZc`(_vYe6}v&1>7GTV`M5OLP<>!vGG1Fhkh{chxELSz
z_bjX|jqS&EEnm+a+)QQ{Zq=-P?TB__rl{1KI|8~msdX3~CpIzf)WBHbYCxBg)gv<3
zI-G;TWl_dc;~W)E#ACXm85yduD`p{P=XQR*H&byXFcMcx;#Vx1o4VOyJAmYMqy72Q
zHwKFb+V47<gPx@es{E5&=^uj*{%3W_U{=Q*W_8M9_S|_LGQpx#MX;%=i(SGs=HMMK
z;Z`iFO|;*ZvxdjnQ2*RapCVP4(7Abek*oq&Y_I$oD=MxeaZ_03ZzM%V+?OrgP>n0o
zTOY5@ntgJuZ@s^@+Gcgi>?v5WH>Ti=9NTXHCUfj)6>{uoMIGyXy4zjd5~^coD{`#1
zVi0QHGRO{k?4$Z{Uu{@-qALp474E%OTr}gSVbswJ7lO6H`tZhyO%=A?!+m30M|DHB
z?RIUviz2J+<yrV~U{QT4?joydcU{X?FYR6vj*{yB9~oBMS8cT(_3e;#*cFu{Qp;VZ
zL8)lJ-^Z-FbVUnxau}OcJ1iP-Jtz6vc>7J<=dW76n0Z%WH#E}kXEkOKTBWhy5>|1q
zDtv7i?A@4~?%{0p+1=-dF3@4m76WBp@_IPVw=nGBu9<DV=dC`wt7mR)^}@3kEuLLl
zx?(|BO=sKODWQj%p#6lh?A**T*~5<{jh|VvHZ)4(cbyK0ZOf>7=W~y+gR67H<!FVG
zemN@cebq*FSzJAyGzvC_Y#W9hGjFv>#{-s3I~p}I%$jMwT`SjjvTBOgD&3SakL#Q*
zg8drXFzz@GgqxDVD&G_6z?ojjY<#RfG_s{`S5L`vD~F!{q1O()@u^)}6*rD_`M`a;
ziTV|}%a(At*0@2{*|>Byp`Xo$>orZu{ZF}8)NmiSVsr@UD;KQju8j=Wah7Sd#{J;g
z1DWLh*#k99GRa}<aEYTH+dDCty^L%b>KN@E)Er}IecP>ZtDA0F1^dy-@!YhaX)@w(
zDz-Tp8Lj&5(;Rhb%5c9czG+c;Cx$yEwN(qx>h4<GA@e2OE4$Y$SY8XeYP7nnvDf^7
zuNuXM)s1MDUEOPI%0082oy$&b6|RY|n5e1q<Qy^~ZQSCvgVkN_h70Qs$0PYvU-;_R
zgqDTRAxf-m%Kr9TOaREM;@38k8#C-ojavp&a}%u8cSeS4<NRJ(<#tlH7plC5gDKx(
zxW407RdM^F?PoMQqJo>yPpJ&UUTyu>+RC>3<0X5n2F5jGn4)cHC*57sZ%>0$*aY+5
zNj-+5O}6URP<3Ij9-j=)094tAgQ92cnq@1O@atcu>0_&kBO*5AN`8tSb?V6ETXe|&
z`gq^iKzN)fW2oBB>hL2+<JQ|yJ$F~CaqDh<?|6OQoJ=mESLi6@hk$T5aS9I!gl(3u
zT6Oli)is_E(xfbRN{&tS09Ecd7?|B(b)K@*SjAmROqeUrnq6U381(7xVfK&=CGJ_f
zYE5_JsL~zQs-|mLR&=1qU%oR&Moc=YE>|Mc4tI8(<&<*AWv9wSy(QB!;h<Tza&7k#
zU0LVzEtz%7H5~k5_OY^R@)3NlU8afC#E8yK6_2{~4s!E69McUu-F?nJ7t=82pe>wM
z8Hc<7Q?b*o?tGu0v0cOPSZ}TIa|uUjuHCzPxCO-BmI{mh#toDT3;JN;r{cH%1<DP}
z!e0kV-QqHz6*=o>UneW(X2rB?*#+H;!oIHPJmFEn@p?UX+cKo5f8e$=VK7<G?-!Yp
z2ZPb^`egrzPI~Qj#l4wD^|AcV9}OQP*?V^jS9Z8ZC4-7)P-^>u*b_f4*<Cz(>FOw(
z;)%#A1Jx^^tj8@giPpj@UAVC8Py?O(UFjkRx)W5HsDmgsL00zKx;8YKyKyRmExm)2
zb*{$pndqu0x%;C+29tq_Tt`wq1LM`1^bJ+iV*T*!_1Ood<Xnlf*XMqER64(1<?C1U
z@M<HKf4y#eYGBAaV$_gP-azyD%5wI%J&Y2yai5-(&bub>%SXm4s>zwA+Ct5&K`)=j
zpq`oDP*J_H4(SZ})g_QcK6~wg(XoM{dj39)b~PQoIuF${e_bUH%oWsD`EroOz%ZA1
zxr0W}98?|hB)5-RwyR6i2c7K~uFMn#H;Mbr=BIfBcq%sPwz-3sY(^*74-RxXg*7v*
zK34~S#S?+m=j^7#YO~m3=d3r@^^%6>$>B$y?DaK1W6R22uyHuwC2=&a+fW$?RFPYo
zRktB=(U_c8I5{_5>vVEc?8naSxuib4AbTu^`}G_q6*sk)4)yl&W=BPl`7uEjHQuSn
z-gTpa?B@xLvwO@LCh~2+_q?Iv>49b?E5_YmQ`HFkut9ph*uh2Rz3O05wPS-p=ihD^
z|NFz;Z2i1n`EzUd{YEF0Sv)+IXvpvsk$w`_kJGh*+ynl_{^&6H6t@iqwp9P#x@vXz
zN^-5337W}}o{njI1Iot4)!i#<;dKH%e>zltG%Qok?yed?qH%iF$*03(%!Tn329DTm
zV{F}=eS%1~t5@l=Q@29(q-4d(ONL9<tkT_!ie_rs=mf-_tiDdS>6#ma{!`zWfBm3j
zsi{c*m~Om^RMYK|Y^#Ttm1_BWwaTo~DESj<(}a@uZqUK5rxr(4Fdg-}n5ivUoSSks
zx6DtSn<n{*Yty89chJ46EbMpO3Y&1ivO}|@qgiCy+io+R-1x~j|I{2uwfU-Ph_ARh
zR`sb`<^CxQrrHr3d%WW%RkPtWW9-$9-eK)}-H6T9y}N6XPOv@8mQ?PArcqUWaHMPH
zs`GvDBb&+-I=iD;tX#3RC*t2btIiPIhn%{<PV*6YTB-wSNH3#Rz0*-1Yjv^Re4@Fc
zMxk$UXE*;8B$d&5siQly3&U&04GQfu9s$=~jQrsf?m04yXabcVsEhlsqrLen1NJP1
z?@%Z+>(pdS4U58eYE+fJ>U>@ttsPq;j1=n@>cGuq*f{K~OBK9ys$6LF@XJoc(AP4`
zADAth{9sLQWd}3B6_b)>D;KZIR1#|)#GCZEZuTtK%C&pt+BKD9yf>XnRT@qk_xu?@
zJN)7m+A-X79iAA=4TY_8G%ayGk$sdvKPJ~Smz+Ja{?h!x6B%Wi6AQVRozJN1>7b<x
z@(+u0mEs=HuP6gm8P8p+QONP(#H;r<xwKm3C)cg^ZR|Zdoa&u_rK+_7rg~o{yX&l?
z9f!r@_J(#Br)HfT`?HgVkY{Hz=El9FdWI?gTnL^znDC>XE+__TdQCwywA`D#n02;T
z(Y<1o4!I657Z+Al?-z%kB31atMT4HMsJi2V@sQpP=BK*aXm9q{L+pk-lnt8>CKbu8
zQJS)3dOU*|K0<NnX;ZbUEm(J6#+G7hXXoxE#aUK(z)PpSQk5PK8(pqt-z#Ho5RCGz
z)B44&%2BZLKigDoKnoO|Nu8wQ(ONdIn)Zz9g0{IgE9NNiPM=ctO{Z14+ZY({;M(e{
zc|xgX6@6i>uJI+8zHV_%2XVzU#=^p4<Jd^<i3u~Qm}Jl&E0P%i^Bswe^C$EowO09}
zkr{E*LSs;_HHuR5I#|YJkoO~-Pt?>Z9$hHyo~nl!ctDVaBWi<siMsNoqo!r!S&UB4
z5|+&~6$%IO6wg!KKw{EnOE_d)VkVC#ba+T5<lK0tcGF09F_D4Uy^ZJIipK^rdA3f<
z<sZaz<7mjdt~YrHtNNui&aB!<-+1m`M^ul2@$t#*56Z!=@mNSv+FANhPa9M|Ba{C{
z3nw~oW;O0WjaRM6(!8}-AL{5&oqu##x9UbFMskf8#_WmSjkEQ9L}q^klj2#cFq-FQ
zx2^MpeyeHR`5V+r0R0pCr7Gh+G-a251Deb|;beO*+)4;furkfw=D5aFy^V?1`f;lu
z+T(iSWiyu62S?d4A!UW8B+u7vuf=+7k9+M!sX|&<&q%*NG>w;yFPaz}UpX?-(>F1?
zqVcZ62pO^h)~w^^#2ee7&ovXrVDlZS;Ci&TKVAwc=)&=`y18&r(BXw!^W06+OE*QK
z%{OQ2w$oH|yKrB&{H#exb4zCh9rxkQYj;=chCoOxFRC@xsBu{t?5HLWT*k|671pVw
zu#IIZgXOvhxjcTcC>S(G5gx+PqcGMbLrQYxu8`uE?JBG@Yj%ZHD@Hh<YiblP*cA-o
z23k0<QO_gAJ3CHot>qOqT#{SJE2K6aK#f-M3fj^VUJbj{`duN#N^bp(hx4MvyV`6T
zx5eVZhi+b4lOb%BT(c{r*n=I5b-SB`F?MFf36HkWEODX^!|YOB!Ltn7*Xgp9^deoY
zRP|bW$0g3xO2j;&eR;01dBP-~L6>Y8nxpAXDXle=DXDYjx&zx-86s6&4gZZPYjee}
zl24KwQ{{YmI)y{A(e2{XO3Ar1X^rn0tI}9&jfoS#zE^m?qs>XWoc$VV-FSy8jB1)w
z*#K_Yg*5VPq_yX?M15=Jl2lVGC0=E$R6cfhRr-qVwM$nm@+QgLQ>&Df@**F<j9JNm
z!srmu3Q*mBed_MDo-0%JnSx2nla9Aeo+?eU2THVHTB#BYv6)gYs&84AOe>08nXcCB
zl)kjyYcsu4k)l=FO8RJtwvxVB>Y;rvZ&d$_mlh~(#Q?<oIoAM|o^4UQHy%peq!s!`
znzy@3xm?~m+!#1gZ5$G_{<)|~JPKZN?`@ik#g(jB4bE1IYi}ja8~N1AmE=mf;3u_=
zTzii6pLNN_<Vp^wV4_~OqPMR{kJC0Uyh|>~Nj6=2V7FM4F0~(`WGd0YWM%y0WjVK2
zHZtnq#xIsq@?_J8#+jkC#zC9iKsc?J)aAR5r6gK}vz6{LOpfZ&g7I;!)R#PCOwFno
z3)+^!D`nak0`=Taw8TcqK>MhiT1-^!bkdey+FI_*TZh!t(s&_(4q?xVv=pU9@fr^L
zTPxxPMP@m?kY*+IlPuHIPMVNpPToao++|Wr;KilrVqvF+@xoE1azuT)d$@P~V7+V2
z^4NW|T&+I4XkdJ5hH7lTnqGC@tGaqtPc8E)ST?GIVb4VGsBX>J{r6lMih7l|C>e7z
z-%W1VBMo)?_|>=w(#5uW#-`*mTo*SUVoFs#{Yy{DgENU&2rStZhv3?wQT;NyXlZwT
z9@5byv(R8EyYy;=<%gn58&Ez5lP#g!q#C0-RfjjdxodsbgspGe<{z5{U3xaXloIYC
z#^=!FK$loCvE;?dZ*ML4^{NB#^lti0QPj4>q@F65OiEccr_Yn)EXFiEG91=yaMf#0
zz^kmbXqA_EamGaZx2>s|9;H&NH^!xIrB5Y~gpIw?S|qu1KzT*SIAhzcSk5s{QteY~
zGnP%VD?L`4r7BQb<I$DBloor|d7-@cV<}NRd+GQhz4buvZXb)9@6D7p+Ayd$zg6?F
zih8os)Bm{dH!@keC(t}C6umfMqSI%wdSh4US8=IYX|dLvZd9H{nc`&Cuy7b_Z6gYr
z*vOK@#-&vzLqq6^;0m9O0lc)nWU2Yclc$FCgHCS7VuM0{`N=kqQ#6e|r<bZsdY*zQ
z?VnrDvgFenruGZP<P0?>hf_AhYZ$c~CyVmBd8IN&6C57k=~_@R7jjPHMGwo%C6;q2
zYS^cfPqCJ7Re1{Q)*av}7{{)kLaE|SQ~QeMkF(MbbFFoiOLfL_N;N1O<}!_3@#90z
ztn_njcAn#F5!bq6H&$(yDo}d8%Tg=RODnJ6cqS>i(q+lb6qdOx**8Xp@y1QJ#w;Xy
zW<6m#QM+t%fbp}uEKA9fv97aKBWsO{jj4ow5sE%bQ1Zt;6|5OUymiUYT=v&D^iB@i
z^iU6@Ol(S?v2eJ#zO`-fs*=;fDCvNjmRARDKb`6(FxS)ixp{a%uX+@}V;yH_8!Pj~
z&}eOJT<-&y*S9Pch3u*t-Wn<Kn~=}0gGu8l<EBwtDaN>^+orudeWTZk#dx7Ns9Ou0
zmK<0^R9l5>pwbVq{DeBDhr^1gTKf)2Y?8f&m$TLT(4)=u@JhvYTd<3Y6HRj|!IC{U
z0b7f=wk5HB<F<ceM2(-gYB!D^yl6|*!&=SdUE30Mz{hL5wx!oc>^Y0Jq|gZ~JgWlf
zZa~dBn0St(@gr`V@5aJ7ZR#-hObx8oXY7C<?HwP#T+eu{XC5&YJ(5>)ncXUv1*LAw
z;`cJHEDyKl;+1quh2`a97T3#;KbhrqOHTaSx}`*RX#2vtB@=E6(+Jt)hQwmJXiMd`
zABY$g<9F7mwW4lZfcE8d<5ayOS6WNAEv@v1SzBuS?m#J#C2(^$-$={5CAG?JY2{p>
zr&~6+J-Ny=3y)TmndHi1W03W4_mG<}(zU+%Q7R>NdTlXUB)2WOwL)%NQnWm7DlI(j
z+?G(hC0UhaVZzBcb?g>}W^l;-%o|yhANH`5D+cYW<+hbIn3R^vO`5PPTI=K{O~SIg
z&F6U1CS+7?5;CebDX)#2&8W5HZPJ8{Don!o5SCAk-_dmUJZR&zVOy4Z9Xeh(w=KPR
z(}6u+)hQyg@_VN34*fE`?G~+tX*KbzxWh>`ql_7&r?5fDzv$eFcI%4M+shVG+q20!
zYBz23SuB#08<D7GWRku~m{}mWEw4qbHH0f1MU7f<m`7H*hdbOJ%H6yTX3c(4Rj^=`
zADml`D#z!dIj3w>QKF(jD_zAl6|SQ8tiIZcS~YEG%LNx6eY0C~<j0%Dqjgj+4zYNR
zuD1Ra*%mKhMhg(<tf%Uc-1W?0<K2%oXI%W}fB2!U;nhJ#va0TCO9_-#I&RCXu&Q#@
z%&p=OYT8gWu56ptYo8f5YtY{~hAYS8;8<fjD`FLfZFQi*8o!0)PW8cyP9!JPHtE^R
zlvU*_&7~aEOEi~F66-UU3}}MJqkC0@Wy_-CVB;0mDkqH}TXPoW1&RkMW=oC2bjqz^
zRh?(6^3~%Xc~x69@=4pYFM%-`FTb4G9i8)xYnaZNJ6NqcRu8DDC6`M@W5o-1^M&iP
z#+a17Lc^rI6m!XGc$|~Ro+fpn*`A`~$*J+j5K%0N=eMG^&Dm1PU!e^*GxZu??jk)@
zCv{j>-2kJV?Z;$>oy2cVHu~F5fX3OOR6@Kk#Y`lzRYekc+Kqznq;W4V$);*y*%!Y<
zwJ$|oDiMBDmL;QxOWn&2)8p`qa^qfZ$*OcIAC|OE>{z|rp1;;__mJI*l!V7M<DUvr
ztr2db<xV&uF}%TBUN*Z_tze`V|5Dz0ACUA^TG)<a4(l}n^~s57LE-icFdP^!Kk8#0
zs_AK5gH*ikcG`{Zmb5LpowjVfWZj;wTaCG&6GM51M<y25^^LaVa|LFxV1piqPc@D$
z#2u|yT`EE|y}3$tGCAzKu+&~vCLImjO5Dk;a(zf8Ev@QZm08KK^_EI0ztD7z_sOR8
zQ(kyaMz2V_#m7rNeHp9j8~e-5!Q?Kss@R8SR$g%2m(8rIs?a<JIGDoGSn?8F6fYL(
zeW7)07oVK$5jx7;O62WRMh?ZQQ-KYaV|CpM_9rhpN94K-&MOYBXqEC*`J?1$5%W?@
zkU{fzi^g?#yrg&s+f=5-)d`LpLs-d&Rk+P6-LUzob0~PDz`2pqnP`^a7ECXdtZ0ey
zYUw45#xRwB`nB2NiY3J3CD%(%I5~!k0{gWw)rL)PjaU1!&YE`3p+0-BGnj?}kcv{I
z@^TgK=1M2?Qk{Y^9uteXr~GD2(>}v~NiO=HbDiI!JqK(XrRK-k_LsuiPO4Kh(>=0v
zJbqlccaw|Lr^}dFnZDgH?B1|Eg@&!k=4<yE!%%hBohWyNjCE_NjNC*y9#k`@g4iTC
z<i$2&{p>0D(zG<y(6Otjl)Ch>u~It}!&Upb`mPUV?MmL%^3me^r6iu@)eQ<QT~wRo
z!QJ*@kzX%cU*jlkOwu?%Yv#7o@4fMI{p}m;Xee$JmC_m)WqK2V7em{N6q3Uvr12_y
zY1^(<D^}O8)Tzi#?}L7fMf=;$!vNWONKIAJR~-DgGhE|r9S$G-Di+{rJ+n~q8Cy2Y
zo6k06?X;^W#zwR<U(>X`-eKI+={fUxgOcxHTYT1l>V>ZwWG$k`%w(JXLPFMIw8lWY
zP3waMgCirGo2ws}3~jBB)c&{Yn%q+Wq_=%Oq2%3tJ0X>}dSUoxLMs2zw(eOBULojU
z8+w^$%^l2g167o3W{8R`=z^&u%bD0Ud-0@DsU0FyhHkA0Rh$$$l%E+#?(SLS6SL0s
zz^c(8xw2u=yy24RywNe^4*yUfz0VQu9k7;#-N$Or&aAj#uC{7qH-%<mFEv&SXwNRX
zXyT$^Lg!h3uPGE>i<>oP)Cpg9sk)~7+*N0HFKVnl(4L!Bt}t`0<eg-%BEuQ5{aYEO
z{7N>Jot<vixLu&P(p#VCYWL<pk<o5pWeQ8d<&%}8tGes46sdXhuH+|5X)H3-8XyMx
zlP_C1*K~&LT}*m82D|`Yd5+*F)e?O`Yfblpo>ePTeX#OVA#Q$AX<Mp(<u^r2mbnj#
zxU3UqB{wWpqv5NvF=(;ovwZDi1G}suIoyeD8I*Ewr16ZB9>FW#IT#oj_DAT%$b>!}
z<xSd45(a|7aV}K)>+2^s)_TYEDpn~+9fRR{&@jEJk7;?YQZjYXOXPTH+|5=uZ5uG6
zZ1P6!o(B4Tz1khMY}~zQtruf6sYFU+Xk(?pP@8Z_r~oI_Cf4gwy@8GTzI~juVEK|&
z;fbshVl5>OTiVi7Enf`{qx%U=b9*&aZELpT?K53M6^R40C*oU3g*LQ)aTxN@YX7FF
z?**sL{X>DGmmZ4wWLqN^d$jRrM7ZJBDtKe`2=g*cA$unhoy&SeWBX!E4jvc;!lsm{
z@jW1A-rnsfXK`-S`x$z2*tJe$)X|-Fd*P<kcFol0>qP0~;z8k!BW+V^@1a&@Q@Cjz
zOl?#7uya&eyN5Of(@o(E2<dX`Y0Apv@Jqvn@PX>IgCX5c;f3IIYVjLQHeDSebIzmL
zm`v&jA4_~lDUqEY8^Z9?-XCyGpRjv~onOzxdTKxTOwFno!bV1WFVhEVM#nbjjK_~M
zc3IRI7~4zE=bMV3##0@g<l-mxTrxwN{kR^6f^;UB*^l)VX6+w{D(w}@Q~Ekod+LVu
z;n_3$09MH$T$8iVp&nK)C4{-vy0u+lLZopmeNQG>`Q;09Gck=aVQ6Y^4yD9{j@`Oy
z9@I2d7zx`h#qB`FLe~Il3RjPkkK)(cHX|+(qf<(1$8sgu!Nl$mQ__l`O}$wvH#>XT
zg;G~?{?)j-5x(J7+IK<Eb#v-Ic1UbIAD_7A5mM_LlRvnIw66S<FCjht&R2V(5+4H#
zM#UpnT0{Hn=4T8NTem&~R!S^Bx)ZJeQwfc0$W%(MtIA_VlDpXKiI;5ZE`Kg8WGaL7
zx58Sfs&-~ett^vDv13FfZOkAm%G>%rm~R99KA-A-a;g-a6_QKA6sfIm8+fnbSdKo|
z<<pt$X8Vb}hxFD5h5Y7v9q7t1ZEYV&w6RiKUn5IwI@0_sjZbVX?(I`b-w$g`EIuAq
z(hv1&Op88>R7zASqmPC8r1sB=c?(ss{4FtWz-ZX|keE*`eMQVCwiZbADbaUqd=mLZ
zAI<W~42X?npQ7_$>w{)KvGh4HpIG{qm`^NyNX#cP->E39k~4>dnq4Qt`1@hrH3v<F
z>(ZCQ{I<o6$(_E`Rl*r;qBniFPw8Y@{+w9JHB0>G#s<>dU}ob=>E2556|pwI`lwe}
zYg<QLs?Bhpdl!<Yo5BNx9Sw3v5#E#E6)P39nNP)>E_f;y4yl;iHC<KM#I8Ez7=PtQ
zLv5}BW3!wMKcZH+AUU-u73xu1_Gvn5lfMPY=I4gr5GoxczZq8AM`W`k{$N-sHGH0m
zgCO^~rTbJ^X=BRB)3|Nl2}@cj6GpjAQ<|^B%C~6yvymI3&x4inYgQ>YrUrv-ecQhZ
z*6!WzE4QB`gYWDf3#rT~hSR^M&<Kp@{cT?YE0qDW#^K%kY)Cp?zGl_*-5WRVHMbAx
zjgO1?24^~sofiCCyI^g1hveGw?&KtzSBdm?Pxug7TM_jsa;+IWYo2ZrwKpVrt8Y~e
zV8ySh^j`movbMYm+e$lI$v8KlTYBjuW~H23>vHG5U{*3OKI@{rpu1lFLt|OXu#Q=>
z$*R7FmUUO$R^w$E-%VQnI^|g&M^kw*i|HL7o)v!X>QwqpZPE6{HJ@X{pntOY-CA$Z
z_!L`aQmXwDf2u9L?Nln%@WQ2Y>SJzcza0N<-+jxQ_QxN6bNA+(^}uJzFz+w^G@P?)
zeDzJ2^Xc8^KMLozZu=r!I-R0cehx0ZS>}34El_-xEZY+r>A7RRI7G9_HWKFy!Z1w-
zNY6nmIn|=}^LX25-^wjuB_NaXH{Z&3{)2Cs)G77UqD^%o8_Q0An@z8oefxLbT<(dF
zyk#shGwQ|%)XJZCOL*|#b}O0C;Qm8wB?Hb$@yit1^E|h_rs%11irD@!w^DgpryIU$
zllX{R#+s8;C+p@Mq3V_8(0!X<D=p>L+`jz1xRMRcr0MBu|E;m4k^3lH$%Z-Za{rmQ
zl11~LpU$(H`@xA1#FbpoJt%EeLCmJIMp0=~$9=QqG!(`kg)0@N7?-Lm9Y&D&GcOe`
zQY8u7S5}3qcHW=RiwWT!3f9O^KVZWwtw*=&!n)DA9!an5R<cO1eYhlck~V4O#nDxj
zQ%FxcY2;I3(8{H8omQ1kVNsP+rAaHV9({zMu9e<c|F<f~l3i84Q!p%Y*Ui#=dpes<
z^}fy7;+dmtv8oMPS#@Z5xv6Yb?cz=*t-N#>y{bYaSJfw<-pXQ8y)p}utFp+ahtV%Q
z2ArFxv@9|w*p@+N(#*+7BUa`cjir$%JQLzR&{#5PW!Cm}#!9=6WzT<?G2=J<ej9z+
z&&{w~1@(rV{4vjJeNnMw&8G_6zT23yNR8X}t;39et^Sf+mrnYycuD)kI9=2&D(9{h
z`KdGfbj;6Qxi>GYV$H8OwpFV13CFfnzCzjj(oS=QGV?m9+i-20s0lKgG;hO{w&AL7
zOXJbq>Ls<p(bRhSz4W2TlE+pT;piy75?Qj)j~Oka)>~C2n_!Swg}G#;pBHM)b?Qnf
zJZZxB5TfsZ74KH&cXm82D><V#gu3M4j*U#XE{VTmS#njliEK*AxM7c^ALT2hwAX{=
z)@LnCemj(&<jj`z^V}lYr0K3?fA(b?40tRxb<C1>dBrOBma%qY`~}WZwXo@s-2Uy&
zHV=spZ?@UcLR>|RvMf(qs-9=4Y$Wzfa}l}hEk0_K`e0{UcI*!gK6nj7&{$m$r8GbK
z)@DA8QSzQ6Ifm5S4#I$~bLqLX)<it_EIg;gP<XE7IM`EJv>8R;`fRJFc2V+Sve-!~
zlh6p+Pjrw<s5HnXhEYs69MjLca5)$(TAyny)hhgI_6IyNlg*H(DEeXQbDyQm%eL98
z*35@K+gvsGbv(+pk74o7>U^nOvbKjT(@vY!&UJxsJmnHO)HwXL45NDO#N=4=7cl#F
zXJ%Gr$<fz8OU-2IxhX5%FqcLFGrcJE@ATW6MN)^gCplSBc`bmMYafcm0uqU_k*#xY
z-GpaBTPw)s%*tIcH&`%4hljIMg-px`Tv^$i-+*)qu5=I{g%5Ly>?#Y*%(9Qohohbx
zb)wJB1!9}VTYIJ65|Y{N&ACE*#}77P;@0?qEmg6i&S8R6^_*FwX~OJ;r;O`;{iRPg
z+Asa)&XzXGFRzXzO)!?}x0Zf+MS9``s-;H4$H1`ur<WKkvhW{QEx8D7*qDe$Usf%d
zWIn4}vT02a%g@FpPgyn%EI&Bkm;5?FC|}#hS4(*Z6E$_|%d71cjY^h2yV`EldV3@|
zEPZpe-8%F9k1hagU9e*Hf$W<*MN_yBvzBtQ)*2e$*nA#0)ziZuUb5-vCihscca^hi
z{(>5RD>j*H`-fsnW>GKf>rGWI%oWO?ku5n0>FICCw%dg{2ghdqP2kqt1iQ+&itR0^
z#&4$nbF`)02WIy*-f$>?ptxicnxgc*+V*71q^sJ>rC6{T*X`2igSN%Z4n5KqzI}S=
ztdr-Ra#GRSMVgve*Ocq)gCw4$<ua)HaeBs3eC}M$V)Y^1<F3$rR<D;_f$oG88#*57
zXsBkNSeW%qT+vkN1_fJcoYqDs%u}v0)$AR*ewe2b51lpdq*DrwTtH8pt5P;T6Fa1L
z@;3EMj7dFjHtPCducfV8w|4cqwR*r|jZ#mX#Z8gMM#Cdq{|yc_Ug&6iu()qzkask&
zqz;AUdOq15EwNI(ucO)1s9rM)t51b3TD~WBh0!;%ahT5#hewDDud`2K&fm<x^-_dh
zDQTL}`VEut5oO9$?ANAAtLnv*RIN|ysU)*cX_Z~+`l63ZZWVN3aImfydm8WK)U^bU
zWpQ$=pmEhFhc^$8T;43}$*r=+R(kApKsT_PzFNhNt;XtGMm9%QtwK)@k57({j*Lwx
zHQu7JYi6I^Du4T~Vdu?0sa1OI=7furS_N-@jl8x&U-O<Ev;8^yq*k$M#pZWY+U!~d
zXRnX-*G9CzHVlqjZVhl!xxj@LKjaoQn%64tq;4LJ*88Y>@fo|OQLD^-gCpv9T3CtK
z&&`L5%K^g+^M}rwd&)^VT*85Bih1+O2D6Ie$<j|ydVJ*c4i5B=>*X&U_H*XZrCQ$S
z%srvB@tirQ6wWnqQMoCBbhAs_%sF{ZHiHxA&ZTzIam(b2@uP9mP1BhTdd-d!FtJ%O
zII_NXFnnnh)y5W$T@2|i&3etx8(ZlM+ZuVey$|mSYp`_j-cUnf@7WAZYG`e!dKweC
z$cUfqcwdA?guA;IHq1;pORF5WD`%hFu4MDBwQJfpZ&zybHf7j+q1NA{B603rZAvyr
z88=JueXeHHg!MvdQN3y5HT4Z$jdeuS^M`atbDQJzT>kKQuiBqI5gh8H=Y!2zrijL?
z(QP`&cH8`ByVzvAZGP+c?;PKD`?CEs$G3BQ2gi4Ed}qg>?)a{b@9y|B9N)|Fy&d1z
z@n<`}zvIt!{6NR2J3hnlLmfZN@gp2R%JE|yKhE(J9G~s@9LMK5ezN1II)0ktXE;9J
z@r8~ra(uDlOC3MU@#T)MbbPhrYaCze__>as=lBJVzrgW}9lyl!^^W&DUUz(h<C`46
z)bY)Z4>~^V_^9J!j!!tg#qlc~ztZum9KXi#>m0w{@f#h#+3{N(zt!=VIsOXAU*-6#
z9e<7EcR2of$KT-iU5>xW@p~M<*YW!tf1Bff;`lopf0yI$cKp4Lzu)l>IR2-Of7tPd
z9sh{qA9ef@#~*e4F~=Ww{1c8p;rOQ<|BU0Gb^P;=f5GuDI{qcczwG!|9RHf*Uw8aT
z$G_qDHy!_$<KJ=oyN-X)@$WnSL&tyQ_)i@F566G*_%9v*mE*s0{I`y8vxA#YIKG|Z
zJ2<|R<2yV4bjNpfd^g8;cl;TS@8$U3j_>REvmM{x@#i{zfa3=_ez4<*I6l+y!yP};
z@uM9-#_{7EKf&?Yj?Zy?p5rGweyZcAIev!Y^BrH{c$eedjxTY1nd4_WzQXZUj-TUr
zkK^kcf4<}AJAR?#7dc*Yyw~wQ$Lo%7bbP?^&5jQ_KH~Ugj*mM&>G&4MuW<ZI$FFky
z8pp47{6&u6;P_3Bzu56x9KY4^mpT3l$6w|6ZH~X%@z*$hhvTnz{0)xZ<@lQ%zsK>n
zIQ~}0?|1y|jz8e|I~{+}@%K3XUdP|(_(P6=(D4sB{;=a8as1C6{|m=I=J;Pa{&C0u
z%JIK;{F9D<+VQ_}{Bw@~t>gd4@xOEY?;ZaK$G__MKRW(Tj{mdc|Kj++I{t0Pzw7wF
zIsOC3f9Uv+9RG>q|Ka%09si}{zjpjT9six<+wNGNk8J1o4vz2S_|A?$-SOQV-^1}e
z9e<|d`#AnA$M<vmIgTIT_(6^z?D!#$&vg87$B%UUXvdFr{CLM_Iewz!a~(g)@lzas
zp5v!Gex~CK9Pe_x+wmoiFLV5C$Co?4((%=fuW@{><L5elp5qrdexc(RIbL(T*YQ5b
z>yB@9e8BO|jt@CL;`n8bk2^l;_~njob^L{nU+ws{j=#w98yvsU@tYlgvE#Qm{u0M;
zb^N7{zufUxI)0nuw>$nC$6xFC9ge@=@i#dBM#t}R{BFnJ?D$(8f2-s7JN|aZA8`Dg
zjz8%5dmMkC;}1FhLB~Jj_`{BW#PN?h{)pp`I{ujBk30Se$DeTgQ;vVe@y|N`dB?xt
z_!k}jlH*@?{2v_us^kCY_&+)Rq~qUk{F{z{%kl3x{yoRP@AwZK|98iK?D$U||C!^z
zaQs(}|Hkp(I=;<L<@v`n$G3NUN5`M$_%4p`>iF)CKg0389N*jVeI0+c<NG`QT*nV|
ze7fT^96!|Y!yG@t@uM6+#_{7EKi=_Kj-TlGT*psx{A9;Zb^LjbpXT`Kj-TQ9nU2qQ
ze4*oAjxTb2vExe}Kg;puj<0llwc~3X?{R#c<Ii{ee8(?z{36FMcD&|zuj74=*B#&B
z_$J2(9KY1@&5jQ_KJ562<D-sW=J=T76OM0j{0hgfbo_;mU*-7Kj$h;Wb&g-}_>GR=
z?D#E?-|G0w9Djx5uXOx2$8UH1wT|E6`0E_M)A2Vr{zk{|a{O+`-{kn49lyu%w>W;U
z<8O8RKF9BO{B4fE-SIzh`~k<`;rKfpf0yI$cKkh#zt{2iIsSgfA9DNyj(^bcKXv>=
zj(^zkhaLYj$N${%zi|9xj{l|OA9wt(9RF*_Kk4|V9se80Kj--0I{pR6|BvHebo@(>
zf7$V`IQ~_~zvlQqI{tOXpLF~ij(^kfZ#n)Q$G_|N_Z<H>$A94XzdQb8$A9Yh&m8}S
z<G*zLSC0S2@!vYW&C}fc(edpa-_h}>IlhbIyE?wR<Iiw>FUR+Gd|$_(?fCwVKiBaC
z9iQ&_495>~e5T`vJAS0&M>~G3<HtKb%kdK(pX>NM$4_?rRL4(q{0ztEJHF8IMUF3a
ze5vEh96#If6^^fR{2a&EIKI~La~(g=@e3S(f#VlDeu?Aj9q)I1gX5bVztr(T$A=vs
zb$rb63CFiMeud*#I)0Vo*EoKi<JUWWqvJO_ev9L`I{q@pU*Y(x9KX%+S3CY1$M10b
z^^V`^_!}L++wnI${uamI>iGSRzuoZ%9Dk?d4?6yC$KUJt`y7AB@eexwr;dNv@jr9?
zBaVO6@kbng)bYn0f86m;IR1p=pK|;&j(^ti&pZAF$G_<KmmL4H<6m+7YmR^2@h2Vs
zhU4FK{9BHH$MNqu{(Z-P==hHu|B2)O;rP!T|E1%<a{M=r|JLzsc6Rd%$G3NUN5`M$
z_%4p`>iF)CKg0389N*jVeI0+c<NG`QT*nV|e7fT^96!|Y!yG@t@uM6+#_{7EKf&?Y
zj?Zy?p5rGweyZcAIev!Y^BrI4_#(#_JHFKMvm9UU_)5oDJHE#8wT_?b_<4?B;P?w1
zzu56h9AEEvzvCMm-{knEjt@FM?D(kTV~&qIKI!=7j&F7RO2=R5_*ITy?fA8hzsT|H
z9lycx8y&yN@fSOOi{rOC{xZj3?)WPlf0g66Iexq2uW|ei$6xRG8yvsO@i#eskK^|`
zexKv_JN|aZA8`Dgjz8%5dmMkC;}1FhLB~Jj_`{BW#PN?h{)pp`I{ujBk30Se$DeTg
zQ;vVe@y|N`dB?xt_!k}jlH*@?{40)s&GD~0{-opIaQvH&f6MXjIQ~7yzwh`D9shU7
zf9&{A9sil*zi|AQj{n;6|8)F!j&HL|c|NkO<J&pDgX23nzO&;`cYHU;_i%hq$Dir=
zK8`=j@%<csj^hV7evsn_JAR1cGaWzN@gp5S%JE|yKi2W%9iQd+iH^^8{3ORuar}9X
zpYHgXjxTV$%kgf<mpH!E@v|I1+wtX&uW)>&<EtEB?f5y4uW`J`@pX=$>-h5>KhN>=
z9lyZw3mt!f;}<!8vEwzzFLAur@%4`PIo|Jh-SG{MZ*+W<;{%Rg>iA~I2OS@Be8lll
z$1ihy%<*x@Cmp}s@hcqP>i7#Czsm8e9lyr$YaPGN@fSIMz2i4Hexu_zIexR_FLwME
z$8UA~rH*eKpDwo9PXA)rZky8Mph_)0o*`bk92PIR7vD8@C%(Jm&v1M%$M<%8U&o*A
z`2LPR*YN`#pYHe!#}9S<FvpK@{3yqdar`*PPjGy;<8vIJ=lIEvpX&H&j-TQ9e8(3$
zzR2;#jxTY1nd4_WzQXZUj-TUrkK^kcf4<}AJAR?#7dc*Y{1V64JKpDb-SLf%4>-Qr
z@gc`Y9KX!*amObezufVyj=#|Hs~x}A@fSIMgX1?j{$j^p;`mD)f4SqYbo@5QZ+HB)
zj=#?FI~{+c<99p$X2;*+_*)&n-|@FQ{($4}bo@cb-{biE9Dm614?6xK#~*h5BaVO6
z@kbng)bYn0f86m;IR1p=pK|;&j(^ti&pZAF$G_<KmmL4H<6m+7YmR^2@h2VshU4FK
z{9BHH$MNqu{(Z-P==hHu|FPpgb^K?J|HAQKIsO~Rf9v=*+s2CRwwdPm_Kxr9_|qKU
z#qnJo-_7wo9N*LNXF9%*<Ii$@KgXZr_yLX|<oLmkAL95-#}9Y>NXL(M{8-12cYK!P
zCptdY@sk`s#qsAke!AmlI=;a1F2}naU*h;O$Io_rh2yInKgaPN$JaUje8<ms{6fbs
za=hkvuj74=*B#&J_<-Y^9UpRh#PQ1<A9sAx@yi|G>i7#CzuNI@9e<JIH#mNi<1cpn
zC62$;@s~UPO2=<={C3A*>-g&&ztizII)1m~Z+84Gj=$CM`yGF~;}1CgPRAc~{5_7p
z&+&&G|DfX^a{OV(KjQdD9e>2}M;(96@y8wigyT;*{{OM}=J9n^Rr~k}+_5cCE@cJ@
zP@qVKj!?8fhlI8?Z9|hnnY>Mt+a{1EAwvfSsf?AeAR@{<DF`SE2nf8QG76}uhy%#{
zGKr#qfPn9JJ!?JZ-gWj(_~P&P{_*?ccRqysJZrDL_S$O?XP<qBJ{s`H1OCf^KN0ZX
z1pLW>|1RLa5BMJg{-=OH6YysP{(Qh+4EW0de<k3r1^kVGzZvkq1^n*;e>>ps2K>E%
ze-Q8w1O9Qq|0m!z8zk2U8wNZb@NB^I0UsXljRL+&z&8!}W&z(k;9CZK>ws??@a+S>
zL%??o_|5^}CE&XSeD{Fw5%A9ie6N6y5BS7@PY(D#0pB;^UkLbq0Y4z%(*r&;;PnBY
z74SI$pBwOb0bdaCg9F|a@I?VXG~kB?{D^=b74TxfTLRu1@KV5+2fQQT#{_&uz`Fx}
zY{2^hJ`nI#0bdjF;{$$Tz)uSJmjixEz)uVK83F%Fz|RW!IRQT};O7VYs{#L7z`q{w
zZv_03fL|8yD*}F1z^@7Tbpii&z;6injRC(o;NJ`Q_XB=wz;6%u9Ra^9;CBc7-hlr&
z;6DlY&jS8Hz#j_uBLROj;ExCVmjQnw;J*p@lL3D!;C~4Cp920&z@H8H^8tS`;4cUK
zm4Lq%@HYbfX2Aaz@V^KA?SQ`<@b?1#LBKx@_{RbNpMckF7@YqDo(_06;Q4?L5BNp_
z-z4Ch27I%CZyxY11HN^@w+;CA0pB6uI|h8`fbSCU-2%RQ!1oCF=K{W0z{dxCV!$T{
ze4l{t8}Kg#e7}Gn5b)^%pBeD_fX@o}oPf^__`HBG2>8JPZwmOLfFBz0!vcOpz>f-e
zG2kr$Zw+`U;L8Kv5%6OIz9Qh=0Y5h2eE}Z`_^N=f3Hb2=KQZ7Z1^mkaKPBL&1^kSF
ze<k2&1^k?VpBM1+1OC;3e=Xo&5BN6%eo4SD3-}cQzbfF@1pK;ye>>ne1pLN;-yHDo
z1^oK~zct{u2mFqJ-xct?1AcG7e;n|i1pH?Ke<0uw1^khKKN|4I1OCf^KN0ZX1pLW>
zKNavl1pH3{e<tA12K@PezZmeB1O7_DUkmsf0e>^#e+&5E1O9fv-wpVC0skQ2{|fkr
z0Y5u&gMY*5oPeJj@b!ref86aK?iLK-{*FKR)<L?zV~_NGg7ldIKPcdb27Fn-y8`a-
zsG>Z7hZ6kiK>s@d_jlx=|6q{r?@%HA)gb+YfcrZx(BH`Iz<_Ta@a+S>YrsDr@Yw-B
zBH$h5coL%!9h5pQNI#u?o~AdXE(p@U8Styg@#ID!nxBeyIJZ~cn2L88H&?ze74PU7
zZ%)0={OAXT=#W&rgM}v>3en=!rf!9b_|yh`BKdgLKRh)*Nbe>`yB4A&Q~rt;_Tnql
zxtjjP)VG5C{t5{C@f8oAgegQzQoo}<o`fkxOH=U`13m;>h}u%|irjc9wFyTc238?j
zmii2NT6ueFQi30ynon-|k4YUvjweeBQD^E@@+Re7sc(`Cjo@#5hT2!tds6X?jweqF
zQEw`qA@QV1A?i=XGm53JOl^XK<>-*VLbN)yJvn5szbm=*r{hu+$@f$J6H@UP)HhZB
zrPRSpw|K2h#a{^DLeo!99nW;wE<~rM&Lf|%{Pa}(MQY>gQa3Q&+T+aB9po0Dvs3XG
zmGR_GA-W(Hf05YyxiA%f0oeFOsT>+Yj?wa0h%Qd;NDdi%ioXzR<$p63e^GTa)xR|L
zMe2`JetF7&K@|DpFMi_5rb2XO>JsW>UMxgcr+yTa_XN4c=i1bp<d*+isdPp%%7G`B
z3eokcZOE;EeJ3@U+{VXEsd?nc1AqJ%(!h^q`r(2L(RWk+3t&i(zrbbfeM{<k>K~-~
zKS;%2bm~%mTj~X-pQ-$Zskg~djY4#1YQwAmIjnwnrFJ5>`rVz{kKE#OZz}#`%1)A}
z5dAn6e_^Cv`A<^u7dcK>{y@rq0R#T~FH(T}FFb(zFDQV=Uo<#Xa3Ojq<-a(9^!SSb
z$7uQ^srZWkc=DwXJ(`N&&_6)ti9+;v>P^;1k~RJx2R!Q@!GnGOhB^55LHg$c?%%kE
zzJFsH{GdR;Dd0ztABVD|CsO{6VB}xL^sj6BZ&LmZS)|8ruv-6kGW9L$<I5O@=&96g
zL3s}c{MP~ZZy>_Hf1?k4L|*>K1ALo+?;ddfh8Ohx8(HA~4JvT|#uK=IBM98Tfdl>>
zmba1MLiDFp{Dy|jFVCdnHyH4wN+EhSmBv8jf&B3k^OpblRQv?F<$p2NOnpm#Idxou
zzmmF&9MfPSdM)+c1b;pCWAY0${f*Qg$l(IYe>vdqlTTLtH&Y|H;IsMfZ>iDbHsAj}
zH9f)KP8~&V=aY9+1LOy*z4uZVlAFIDq<%zh_WzZ7f_#zcf0TNO9Mec4`giIBa{S2J
zGrbW`1ajcCT!=PEk0H19$%g6u$ZIt{onAtYb!8#SrcWRjs_{6Jd`C^sr>`bAe}|`k
zN^a$iNWYLs-zfbray$QSoZbQr#{==+g?wAVg=l2@^W-*u3h9OfAC)eVFVOj9i}V0F
zOv2vD0Y5L`R|Nc~fZr4FUkCivfPWD1%*OD<*7b#GoAkEi7O(Bn6Uh${okFyIdI7oB
zcZYO4`ITC~9n-7GVH5ScAmCRA{LX;?BH%9v`~!0HXP5NwO;A!4*?8M6y#x7$A}d6@
zr}rX<4*Z!;ZtcHEdNH}JZ^x!P6MWC~spL(v?k&h_;%nrwy{pJuHGM+*CURR(PfFiM
z-Yppl(cbAt$#I=kh^C~UCC8JIh3NC?x5>}bcur0KoBT9Q-#@(-Dj|oRkEf-_k)zud
zqUq^o^4ZE~ru!4=_34Wf>9f*zl3V@fq<=?l?K?O9H*%X#=A}19pye?83(|X$e@<kD
z=-~8x@}reErMt-YQobntO>!GQho<jM@Way2lH<woLUcrW6PYA%m_J9Qr;uBEF?}fc
z4x&?tTG9jL<CV9j&ra}C`g(HncX|4uME;KS+vHZ>G3l+aP?V!X{tD5G^f+=`-*l%B
zB)9qM*mO&R_odGwxA8QPzL6YZEkrBRKPN}AvR+TWOm6e#ap@Eskpt6uK~|%?k(<3Q
zr5ngC9w()jkxx<mFQ-?LuTp+WdOf*N9S@h1TYo$)eLK00k2BK0BcG`G*QMVe$23xi
z&P;EJjw8ny`71<cr?(|Hd*`MnlVjKxqV?(e1V2B$h}`U5knSO$uKE|I&my<_UzENz
z!7on#Ho?D{{*c__cWJs73spHR|K;h)<QBgx(}yO~uS$0$_%-R{6a2dLdU7m#3emUI
zSCZTKyCHpBg5Q{ah}`<i&FSaJ&A;!Z|4wfH+>+jKOLaHGGP4kUKfPyy-<obDxAJaJ
z_a^uq>C4FP(EN9$ZzG3Q^tp!v{v^4Te|P#7a&*H&bWb{kj?F{+EV<2Z|CJt1ZvNhv
zo=QGN@)V+<rWcaK1oF2Ad?k5F_3uxwPw)rR-yyg8?&0+93I6l+!{p}AW9dJT$K}10
zNdHCpy&ye>jw*+(7k-uAf*dmVyA!#MuV1Gp2I>2gTlv3D9~`8Ak=*S6F5MHPpFnQ$
z{(bt~1pj0D>I8o}eLK08_viE@<gvd`k(<BIrQZzFKPESSUPu>k;l=~?-I2UYa3Ojr
zy+8SZ%KtmPkQ~FT5WSjSn&7Xe`x5*w>C?$=y!<tNIXSvnA^KbThvd5`|9kpza`W%)
z^o!)Rn*MJ3!vudXy%|m<a@5LSA^IS_M}mKto|)hur;kYR|4H{HcunT41m7@oO@gO0
zcatBb<z+KZkz4;9p7{&8&F33sa%c!SbnHZ%WOgI}mhAf!qD?dVlgB!91AZvE&0m{k
z){xuy-#l{#`47cFA=)zY19Dp*ZJYTOIi~GGv_s}qatwn)v}0yNbR;<}edo-!<d(im
zW^Zz9pWQMCC;0A}734O5?~(aRBLC+y*N~$O#NZ}!Jn2}7_R2g!{;Z@GqVbt$$ahsf
zG4sy^pPVURB9+6^_sQ&$;QMA~kz4=yLZ*Y<&iDIe&LH1YY!spcGMA8JSjhS*b1S)B
zpUlksmfYH}KJ#8ee^zEB79Mg~eCA{(lG}VbH**mA&Z1L@8ZvF<tCY{roJ0;ADC4Yv
zUlj1G0{%U6E59-G5P6;2UzmB0-1<v%CS5BDa$p$A{%vOGS}@!9m;Kw!^jfeeGXD?H
zEUr}=q1v(@%k+`AC_gH50l851|5EY;gcqV>=C%ZH$^4xBN=<LgJWp=(Un%n;xwXgg
z%t$n(9L75`yOBeNcufrWbn?9=P1b9fBNMzkvxeOKJ2rCxx!Lc_+>qb{nV*u!<^78M
zvub}$=FJ2@J~Lt`Xv)5e{1u`TGo#6^ekWxPAm6YC>0iz?kRuQ3a~Sysn*Wr{vE-Kj
z)XbTI{^jJ>UZ-b%K)!+IKO^(A1YehVI>En^c`L!s%#1)smE%_VD@12ywjqZM{_RZu
zQ%yf7Gbu>lpWOP_d6_Sg+kAL_rjOkG{c2`if?t@qjC=#N|Fz70<O`KwlzEZ-5akzV
zHW)2H4zu^o%uWe@NoGHCvv+BxiM(C%6r#&AedN~uS7g?cTfDEzTut7s`qyOcA^(x`
z>oSj%3)T2MOK$V&w=-{%<EIeakl7dmRSsJZ-<TOqZuPr4a{&3_qEm>zm-!-jt@7_@
z`pE5kaBF5AIoE@kE68pBx+8Ntd9UWbEAw;mxytX({F!{R@_REMB>0arn_!}q<1qOv
zL_f)lA#YXwv&??v`zn7Ra|F5h_fTdP`M)&%k<6v!pI829=63Q!l|P>O9r+iO|1$Ge
za`XR*%&^@gK@Ri(H<?|?E&r35>Ev6a;O|qJ!^wpT|3hXa`IgH6m|0JbVO)rw&Rj=s
z?epi%J>=GZp36KzZt;3P^D=o_^S_w+Ai-bGY>EpbIqZD;N@fDNwbyHzdE`5ZP9b_D
zQzAEi-^`pwZvFGGnTyG-f4-Huh1~4_Bl8<_l!@{B8u=2zg-HIrfZYY~K>DTu-;o?Y
zh3KD|3FKD(`<X`aCpG<FnWM>Z8B>Tp%A7%N_4{|`+vIO*dX#;Hyk2=K`$~f6vLi6D
z%3<*zk=>Kr>}{MqD8WZ&+sMz5JcX!`JvG5cWv@=?Z;`!^e7@>$m3=XhzD+i@2TG4L
zOoeE>>~`d~fAN{@WO7VHg{U^WkbI5uow7%h4^uumdrE@un!TJHPl6VrG1<GwExu#3
zzaY2v-!uC%`8H~Auk5?zW`BG(J600pFg`K69r<vP6{5-63FOv)_sJeeK0?!{WRD`Z
z@;;yKPVg^e*CzPX?6u@(Z@=ur3BG^!^#ng4y9pLva#(+zmYqxv8T#KMaw~sE_SgiU
znLUr(##deTrUXAQ`vCa}u~mp>XI~^gTKPfQcgW`{Z^-8N6d=br@+bGdv$f=q!Jj<?
zzF)xSl3%Ll@5XFPkbZ2yPbRl`EzEv{+}f)t`y=wz>d&I=@5teHAv!esSMmnshh@{~
zh;m?>mi1V6CvuD5QQ27u{>5wu`E1oMW=|tG`z_fk$>(T#YxW*;^S6}!6Zt`!zAXC=
zxs}(R9W_o8<S^cmos{55XB)_EemExENpAL6WY10LcV%x%@b2ux3Eq=^Il+(3ZitOO
zIVQ=U+#k<wM{f1&&+birvZk-hHj^XINcsCBd9$Xk&K?(}uOqkm9hbc-!H>`WD8Wz2
zK9k@lW>XVTQlww*C`4b%?n0gwSs_}Rok_m2@{_ZNliPf9YIY5|jh}Vdi^*HG|DBor
z0lE2iZuU{~o7LWV*=NaZe4L+so7~P9U(MzxilQ8r|7+RLCiq3!S>zjuP9gewwk?tV
zjqHgD{>|*A34TfT?gYOy`-cR-Ec;%9U!EO~hLpqnxgxt;f?t`PN^bq<s%%3d{pxH>
zf?tzeo#5AI&r9&@vR9Csy>DgjPNaW3`*ea|pZ#Zo-;f=Ng+STg?_|f4o4p&e)5$IV
zH)W4V=zllcm*C&ao}J*gWN%3D?`I!M@E>H~Nbp;;BXQwV_UE?jt_gm7_J9QcVfKgw
zza!h1;CE)vN$|U}*O7l!``?eU50a0PGG)Io`zkrM84A&VWryzrZ{qX$ec4^fG4^DC
zFgu;x`q%y0mE<;lAIzRf4jagGc_RJc><@zU2g#38`#;aVkl>GH|4lwq(|?iOVu}Dc
zzAAr(=vUc2$*ui<ot;B&{qZ;1BNP0$*;V9QY5pg(-ypa7{i*Er<ThXbA$u3O+5c1a
z$pn8o`}YKYCOdLpco&a{KWE2~oBe0A(-Qpo?2!rnVs?Ps;`?%TJ^5y0vk<+Ky_($W
z_geO@1b;pIM1sGOeSzH8KYz)-M-Cs+J{w?RFUKkJSBU<a-JBdUq<@y&%6}_c7o^V*
z_|ky)kYm{>>)GtdLHY&cwqE#W_BwKl_xstq68wYg<K*>f?_b$x$c3uEuLt}e<Q=O2
zQMLvbDm+lX&B(2OncVK=W<Qsk66hb0NFSD)AEYlLKSFF5q7k|FAiXb<zH#pKAbmag
zftr70?z$lT7V@1my^wn#NdIFZeN^tRLHbAJ+i3nRa+^#QAP1HSg=nkXj^vPO`;(8;
z^lfre$!$Dtmzx{tFC@44eJ0lyq^~0HR(rL%uLS9rlUx7ZDR&F`XLSDBId>oVT;;pu
zo+3B@cgwv=9{c|xIhNsae>u1Den_zc_1l{KCxQ#n9=Sb&^nJ+>(e%&dW|Ld{?3G(g
zj>}%z56yLw+k7}Nx0c-MGdXtwd7tX<ox7G?sK)yT0l$}gy6R8K{W3`Z1NjV1|9tL^
zApKo(i_g?tet(o?2kKuSZv>X7nRX1)$B<v4>C<ut1nJG>6E%HCu02RUmVA|_*X2$j
zxAAsh?jmv<@3V6^l7CJ0=j47$E>z?582L$>J~#Ia`Dx1M<=zbRKO|qI=?ijOU?Y(S
z>c4%!cO|#>IykpKIi~qSv@o}Te4g^=T#4M~*F$p0lmA207w0Y_7pnf>On$JYAD(-V
z{B-3<=3WT&|3z-s17FN-Hcb@exL5w<`PkfE)4=RNefFD1B0t~_<TnVG=Vx>6<U%!l
zCHY$6@;q(sJo3wQd@ajeLoUgx|3mUEg%_gs+(YCxo{!EwLq1jWcjn$A7j?~FgN`hR
z_5ZHi*5th+D?~lHN#s9P-kY06jy$MOBl)(P-k)1WewXr<xmAJw$pJqn;Fpju)%?fh
zen@Wp^Mu?l$dA$VwYitbkE(&cC+Gf2F3IX&gn=lB<v%sIIl0Y0r{{JjxB9NjO(ow#
z^2q)9+`$R`vvVuRt-qa{JA>T%=la}L34VU=zsR>zdl%$>o!}SdUMIKt`=Z>(iToGm
zHba6Ohsj?d`bKUy@`Cb9a<j>gSAJQpL~iTJD{{w?Tm7%folib_1K7JJcRRUc*LXb|
z@IMCpRdQQDU6;$&A!odQ^6lJ?<gFr;{o35LMEZ@nCFChhzd5&t{7=fioBJBMQ1$0}
za&cGe-I9BN{2Jxo&%GGvze9eg_J><@o8ZL91O0Vpa<g}PZeQ|ol2(X*n43>-@w+qE
zmeBuE?iBKqRR8YWx5zCX_vRiXZ_@N1=UyN`QTfkuACn8!`VGg4OO6ZVuMj<u+kqT1
z_`46et(P9k%?;99$(uF*Be~V&>y$s5yOw+}jmP7;yMp`=1^h{Jn?HV;dp$`1klgC`
zL~herQV<XLyA!#k|0cIL`LU8#h@Q+fkXwI#Dz}8(;{Au*vE<jP{-1JZlcNaOza-!{
zkz0J9$vr|oQtSI{?rCzX&-1yD$!$EmnA;i?xg16LD?~5n_9cf5<t-w&^YtsaPV&X7
z|61;3@`YO78@Y>v{5O%Gr}}T^?hn%cNd65?|6A^@Abo>5k|4)+YX9%KTJrNnR*2rt
z?M)6H_*)<FL&%TS{O{&^$<NaK@8!-4^sgaLY5E7b2gz-|_*d?=K>vO6?NtAx+{On9
zki*8qzjHg0Z!a>Lv+`dcxAWx&`9<WnYI-W)MGhON&&dJ*I{B%ppUHnWNWY(ajn+4p
ze>zD22l>J*{27+d&P7RfpuDXEzB{?~j}iG93BGauNOJ4HBlA7vw!SLl&m=!ZY!{+Y
z`D@8<Q~$Qe-;v0_RsI*`=KnVNm&xHF{QHR9_Pe&rZ;OphIixyb|1<f$$%iSg&Ce${
z{hjj568fX_CnfZE&3`SSKPG=;LjSY*2NU{Z^M6k0@0tH+LVsL-OPna>Fn=cGCzG2$
zlk!dE=KtRL&IF&5KQod4^Z6?i`KRW8n9$!p|3pH6TK=_!{)~LheDlZ3tIKaqZvGvZ
z-;><@o1LGT&_5`DL_)tI-;>avpFfR!7b&I?HRdlRN2zGP8_0Ll^o98!2kDQI@2Ba_
z`4`A-zBwen!2(I(0ef4K|4^_ze~{mkd@tpP=jW1-SAJxEIr$fre=&a!Ilkm1>(~4Z
z<Tf7L@{f@(()4Bd7s(~N*5}QDze{f8p*^2(gk}`|O8yGb(fRGkA%p+B1$-a!lU2Vn
zUl*h=B)9R@m2U~sd&$qz{5|<|$!$LC&0kMGUDNyWcaz)sU?Besa!FSI{y>gtt`M!t
zzZs-|KyLQe<VPHgobi6sars(uTW=hnpG2M$9eEx#KaYH(@)Pqt<S!^cDSvh%|CjUM
zA-D2Q&Oegir{td@Piy{D^ZzEtHbWsgEx+|b0diRWGxFofhl{Kbt;^3(@H6wv6Z&W8
zPfGA}@?Ryl>yLBu*C*1~=kFo6{&0T&iA4HW^DmGWwEPS6?~~hjyeOY<g11pLR{rGu
zwESntk5K;2{66HHDZey7m)zR->U=A?)%V)`YI5se*X6%Xeu3uycK-Y1wqCy>|0MY|
zO}{b!D*1KFZ_fXV`~l_P&kt`FAcyt8Tk|`SXLbDCo}Ws-ndlUvJMxE<+xh*j{4wNs
zbG#7UonK3C>w|mqUnO6l_I{GTjvQr<l)vwizqB#(|1AHLApPe7|8>Bh3HV#&*8d;K
zr*Yvf$Cu<!-Ve)fPyTD=kL0J3Kcf86d<(fy^=}3F2b%tP{(SOI<xk|lPj2(yZ}Pt-
zZ_)H8^KX&wC<98KPsnGm5hTZv@+Z$H<hLTX@%5+tKIGVTDn!rZ=aQeV{Mq~x^1YQm
zpC2Iqvho-6r;`g+|IZKjr2)T|{36Z&a{e~*6P3S`zn^@(^4IczN~FJ$f1A8k)8EYJ
z4izAW_20kcw<rI($O_S0`F+WMs{9}MW^!qMNq;B5jC?QU|ID9EE>!FDRdTcce*W9!
zo2&i@`G?83RsLcAS#p~%KF)uf$p1h2EpVce!|X-F_9D0a&6;7e$w!DzA=+?Q8~IMk
z)5E?@zP<A7uqzY#`C+#w`0!yrC*M=`HyZXLx%Hn-hP_9=wWe=6Y~*1A<mi>ZLbTbi
zG31b8{OnD>i;l0&hb<s~UiG&ec5I-(iX3?h(bmH*Cb#-*JM0#6o3FMX_7J)Cza54>
zPhQaSb{v*ETnx!!@!omZ=H$DItPt%oY%;lx|J{ZyBu5_j&_izV-+kCQ<XdU}&kp-m
zB7N+zhsZb5^v?}@i5%0gJYPEOLvk!bWIuJ-mZ*pvpOL>pG;!GH$oEw~dDsl{MLItB
z8CE2>_TG2c3FJ1ve_`0y$#2&D`whE?e0z<@0mGgo@7MI{!(JmVD4#iO0}OmQc9g$D
zR6i^#76(>zxAk>Qj8>FZwDzotR<v|>cDF{$dP}8fRd?sIrlyACtWy8HmemVOt=+wC
zO&!OTB7vojm8H6t{uboxEA>aKT8j<ct;ft8=r64XS=3dbef_;%tt)yW`Ry!qsoCa+
zrj_H1t(_gEuKwbRQh$4Q8*<HV>1&tL>N=K}`uepf3XwRkZ8FjUr<eL>E^V#vYVBRq
zqh*_*uH*&vtxJ;{B8W8(l=>~6JZ@hYo72_Nzp!h0w4$fjArQZ<-4cpYYim)e)(0Kn
zj=ti`md=j0Vn^HRXhut4Y41rzvDe*JikTEAtT?}WerHlt4&}_|#YK%R96)Sm_Di@J
z=dRMK2+oK+VtP4EGsTMHNnfdVWvREEEPfVyOD%21WfDi4gKSlAM}H|4I-TXB)7sI~
zUg|A&cJ%c}68xD;=eMjV^##-#gw}(cMKpVLQkR&KsP>n7yIML2QRqXb=t9TynfuyX
zdP{9|OyWP3-Igxte;wAN5KQ>wD%aNES;-87<}CJ<T-;QOYze7EVd4B)<#L5CSbB7+
zl|7Q)peYAWnOEODdqLe0iIPPI(}IEio`Ix2*s4fp40Lq1%`5fwwJfg;L=@R1`8&Gm
zTU+Or))bqLD?2%qypm^OU(29*s^!{iqNY+;n-1|f{t}~O%H^TAm5CHyS6VrzB4DZ2
zLaF7T!r7&kp0c?<DY;B~ORX!*q_4lFzY>q-(r~5T-tNjcfTX3f)Z1Tdm+su%Tj^J;
zT4bh4IIR+^YFxwmg$vDKQMzS^%n4GldKA!PbSS-Ir4P<6m3pT4_O`64bUln^iX4n>
zA;avJt~TlP$CMV9`nm^tTV?3Q$;dHC@(|)U7vjIDuQXF9*roxQ1S%GXl1tOfYiVtg
zITZ7GvX{@4kj|6gw%m;!CxbUOWpym?D)lzEEbWw5YAr&}Q$lR7VrYJ8mChPA1AmfQ
z#hXg*MO~fUEp0QWSL#)NNTbdGHlHnBgSn@i6Nx&z#}(_5K86;KIU?34y=QrE_dt)F
zl62%%jDJE>WrQ74>h0_3uJi@zJu+59sl+)HiDE38C%r(=j!_vE$2&a1P7&6m(>u|l
z*EDI=^%O3rS+PHJy8VB~8qDL-^fn2U=Ckuv8=5X^Z0VIA0)&!i11;vD*GE#Fw0~o1
zMRPZR6x38YcA(VNDn($~0AcII3H{v@CY9rg6Pl8lI9Kb*ww#8@$w?2rfakr$`H;y`
zV{f;Nh`t#E%a)=0wH6J@WG3$E3gEzQ88e5Mdb`W#bDQgIEg}<KV{gYwnK>*A&e&o_
z#9SZ5D-G1pW<#XwIbXbICzUC8Fe}jN!=i{emWhqX!q(g^<*}s3fu)@tn6oX3Hj#O`
zbh_>ineVJb(AEJtxvN!KEOf7s1xF=hl@U<ig<&>xVZ&gFbsc@5kSd+6W7!%8wA>FC
zmO5MdWnDLzJu7U%%%;Y{Qd!zi$(77a{VhG6iD6f%k26xG)+$TKO2N`?5`xzDQtL6r
z9&6*`F%op`P94h|kD0j?ft?A3O6!#^VF_4l)755KHqcipwu)CB%Q{;9$tI8&r#H<X
zU(Uoipm{}4{mf$B?E2u$Jh;5RscFuF`Pu<iwDiduNnMX8q^3cWi?V`V-Y<*bcs}K{
zwNhKOEXH&dh-8kzV4u0vFFEP=%;|^|O=4b6oCPbhU}wkD-j?1q$(a;3P+p&mQJMXU
ztu4|XMY*hS9f>M_sR@5{so8*qXIwZ8d97GpUZ@T9N%tvsb$2b538%6gDKGB^PhUA9
zyx6eHuADG2nc(N5dAu&EsM?i^4&G20*PzN`oFEq!U0t$>EKhY!9TFidvTPid+LYKS
zdv;0Y(|F=rSnBCqV~MU`BBv?KtWv+awY{ZFmWnE^XxTtFsVZ2=RdAr35Bu7s*f_>?
zP<wwYl)%}gM)@kOQt?DW5R^n(Y^>PQ+FHT|o7pI$=gjHjxNJN|dW1UGq}MhUf}lP!
zG4v1gIjv8q`$C+Xq-(*1Gg;T&Rq2>rrRClI9e$XL6SMoE<3_~H&QeR)fUQsMH0C9^
z@>te6(AOT1fXaA5Z|?6{QR*H@R@%$;EUF{NS~F_sUM0)GX354=tR|L&h7$ybnp92B
zz{zBoj+5g!s~WBs=hR^>5N5IIv#onYOGj5Rv1)>`*6tNOy+I-Iknia`CLTVmvT?Aq
z#f?bh{iJkngS}-)8$+cd7AQkTQdfUR{~B5KcU2-Crj|p9qA{Hho%NGbkzZ#?n_`Pg
zxiX2nwTwS5mK$`9$`fte9AS1Dx)OLZQe4*EyP~C1huBqjMye`~wW*xnhSKmx{?kIe
zemRigIWY(Xl85#xnVPWaG9^y4$g;3$`X?oS+B$}=4_ZH7WJr7V$wX5b*JzdM3y_w!
zHo5rhl)vTOvhUKqqLN{OTy9{Vs8*3vnasP(%GHNyj9>Ymj6FS-+VV2)T$<irJa(W%
z6#Ci+`rEo!RW3P@YltMXEJkhDZRT{_@`-yT+=B{6%@8WFg|^bNmVwTAg;DHj>2I%8
z75QZerl)7FjOjX4DyneSP6=|ot&?zN)m;vVY<9_sN;Y=F(^c$Eziim`_O(c`2AP4X
z0u)!VyQg0kD-~a2YlF#KW&ZCihAHsA*KId}uW~#t2|ZHk*WFt=?Zkx*lB7%0rsf3;
z>np7>(A$fBQfQaMGKgMsD`Y5zVw;?TD+|a#4VB=m)>>H-&X}{HxGbDiAk;eR9wVo(
zL|;{n;?fSeEMpfiLw$Xf#k}eC$y(0sIzU+Jt_%uQ63?nKip)hEYUpILCtYmA=Cm)i
zN6yd*fu6I=lDJ9YzTMN(*SAXcAeZ7y(VMU~q-w$#9H}z)f7hrk4qF#9*2oS{`FfI<
zt);d(UCX*>+3tJejJb6Oj(4lDV%NY5IZL%3Q|aSqEl99}u8fve-BZNIy<771x9fJY
zyYfV4+5E2LW0PXf40UDiYb`bobav{d*?eATW3kj*mQ>t9E}q$YWdp2xML9Z1;T)7q
zDYcY$^aP@(CN^B=)lKFO12>i0CYNm@ZBdUjqzps7nGh4!1L?9P#x}Jk6En4G_Vk41
zruItjLRxH0g4x~@6PLGaS(2+Pk56ukh`sS;gB2U&WA`ee36u8@y%JHm%3=r_u{-LU
z2x6YJ<2@9mq?7U9nq4aovbQ#`uGqh(r!vDK!wMIDaM|IkTrpGN-GxZ(V0cy8q8w*}
za`l`(Zk@z~-HBIJE^Z)gDfJb{PnaTux;3G#@_pqJaS%BIIG9}R^jCJC%l2Vs5V_hJ
zL=HP8H`RJOgUMkhl<RQOYiVg2H)LT;cIRX!=&Ve*5YC*_IJ<tKM!G7ZE)D0s___zn
z1I?=C%+Yqx8*xpgepwq~(8x_VA#)B%#MYUURYACY5jcZ6W+*K!H)&c$LuKG3X`ZsH
zqc|t`vn7(aomiE{$-^wJdSM@QNxCWM`=?7wY?LG;jKYetKeZA!XcO7B=D|3w<gFgN
ztn?=*gmq)Jt26n8Fq5m<AWJ~?(K???J#<0Cfx7&(6pctMb2+LbRq4j)Im<d*mRHU$
zE+b|XTf+^hGGs!0vhR_lyWhBkd93Dx-9v~Q=hh#lW2>s!Ig6FYmE7@O(b9@-=lG;U
zh_gfm%9uCix-m^v6;Uoc?2hFGgbM5B!D^&RZMLhP+~q4*OePfF$*-C?5DnY9OY~JW
zDKpf#V!PC}oYXjXX4B-Nu39D(XV05Hvxw6k!eFwpViQ)*^{ed`vYT8m)$qo$lfq4V
ze4u(1>pm~UVV}hfk1F*;bVt?1)=nNv={oDV7O`RnwPi`(VpYCD1~W_zA~rK|g1Hv6
zDzih_@D2@`caVXvAym1KA({^@r=8iBP_ZMjIJA+Myg0$4vA49M8@D;)E5B+PjVzo#
zzfRR;=P#ZGRVF>IEI@7y22sSF+lnT7M0vo`BDr3zmsTgQ71Ukbq{XFC*?###65EN>
zaf`W}gsCgut;gURYR4}ze<2gj+X*2in?Z#z8(&Q5!n~#3-+zxMDQ^7fI=x#4$Lflc
zu<!}VW<j<cbS+W6?T}dI%f^A*Lq(E2%n)AyxR!@4ZFkL(3^UU3(8ZwlTJ)kcF}0~=
z{`7hEMcJB76t5|56FQ=q^3aZ)ndG9Qt+_kVc9L352s95o=#mggFX&I~dX`f=`sB80
z+~dm9J{gv>3+*oFD@ihEv~=RiYbowjG8E<Hwon*ezo=$ccmIr%Yy(yn)3JE^GMNR-
zW@X<~6A~A;Wns5_oPvrPK6!*`pkg^zA6(kg-D6KH#Wji56HOz+S@rYl7fx>|4qiec
zRbo@Ffx537seack*hItzU~$2WgX(8CS2>fgT;;9L>CcAZuulr(7pKjvZ!U_>vbRCD
zL=3bh+TEo;p)<x2Q)5ld3+K$ARqXFBE^0n-N;wTfGQQ`+S&%&jmdX=OY$_hTy(QU^
zs7!qE%#-j32ExuIH}5`4R%{O+;flANY?<AMM-IxqqX4;0ZTnKmr8!rC&`1oc*wLZV
z)nw9CMU*rZ$faM%U2=19R(x9#Pd>y8gwSm{?Wk*W`lk0cl;qy4J&!1h?8;5}gzq*2
z-9=`(!TSdE(Xga{m`!y#6mPYb9VqAP=<6Gh*{`}3)U7<lBrk+DvyL$+VR|nvT~nMd
zcXi@Eq8gBQ;8JYJRE?i(+sPg7&Ow!+U?#A++mO8HT&}|>rO9R7qQt{%<y<WT^0=oI
zzD5>Mq3c?Ci|8P!T6Nh8l{?U_-2?7UPckqaU2SqwA1pFzpniVy!o&1Dm)O<wBh}9q
zUY;0ZJ^}j`c$B5w5I#}H`JnP4ix2Pd+htB$sjs!SL$|HV<|JO@<I{Rsh{rHwbuUl%
z6bIa66WAT~^O<g{Vz0EE5fa(vZNa0h2_a^x<Q0;w$>dQnKG2KhjLLL6U)F)=zc`uA
zTrjV(c$~~WNr^lQoD}GQsoZP~ZaC{!bK4qu>PsH=kaA@ouX-;Me#SbcIM_XbSVIEZ
z-`g#HDOA$#B-5unBcscc#M2OEr)|C3(kG8R*dm9|494|VD-8=4%v}^;DOS$iKCL=p
zKDAvQd6tXJ!LugfthwyY0Ycf?-F*!2S)*|}CbT8jK=Gm|u|E$XuFS?yFtJ>X8PmR9
zW;PC5ai*g}IV#k*7Q%dbp!AWMvRt;uJjy0w1$Gi<Yn)M!iL-3Y)hS*Z>y5g>6tw^N
zb-Bx&7`RUEhpZD<_xB(%UW+GheK{peWHJNs>@b+Ss85IA&UCqvHiT<P8mcx(3omul
zs_V;1SLEq2oe4YT92i^&YQ{Jn>*S%*&3Mvo<pvf)i3_4+x?9g-3Dhr>dgY2uOO_V~
z$_tD{{&)?#u>Oz*bL;D{*iPDxeWpS=G0d1;^Xh~>XMS`2EZG?Ku}>saM_$iZy6m5C
ztNx~vEGZJtXsLzfIdbhHD?m;Xvr7GV!lNnqTydf-yfP8bC5Z$nvYZff8h8_4&^no2
zFjN``Z!*M11eVZl$!m7>E=W7%rc?EtiP><Lte6+pPj6Z<ziibW#@5rL)m-K!_tdQ=
z<IKjuB$IVjJZMT|{XAR{SNj1E!#lNzKq%A8{2`>$rDS&^el{p^o4CKbUzSWmB%*A2
z%>e7Kw$jpp<;9lX$^*vI{V)&P*-#%<b&GxGLVXANqy^n*a7G79M%|LRJK8EksX8-K
z;YYk07me|Fz;qCqjZE1?(5@i`jVtyql?M|#mdg_kCY;_dYk}VW8&_7cKGwKshU|ix
z&@kqiaafkLRK_cu@3F@=WxW`6Oz8JlX6jSi>u{I9t-aFT<ygXodq#=N1{VUx-4;=p
zEnH96bFZuv<hfV>FhJZ^md7RvbZ}Ki$<~)Eg}@0;vhu8yJR4CS0Or4JtPJw(n?C2k
zE5M;L6qk47-KcmirDIU6#n+94r}CkSN;j=czh!@73!kXe-r;&;CF@do&}z^G-8fq2
zZ#R`Qt&l4o_ZC7~&fT&~EXyg<R(=}=a-8F3bo9#89{SK!;*ki;7!C(N2BCqbiZ7*y
zcvKZCpRmjJ2}vA@-90Vx?4fk+Winf0Z!BJ7CT4``^-Z`v=iXuCZJN3cdFiFng`meh
zc`T^pHXCoi45EhtAMem(NW~ooHjozY?T2Y{OEJ!u$RoEt2bV8fs&_79_t`)78bkJ9
z`zz0G=&5T_^GrPf%3ybwZJNYAoH>Wr*QrY46e|M}BQ~yu(BxUW+*eRHoeA7kMm$!K
zCTDcHjaxR9$j6OnmyE@-n-I&{u-+X^9#5w5fc?3gCrm3R#ItI=NR*Ff#PzhRtCHL0
zQ3;m&$sGd~^Cdrj&870v^2)@af|>FCTw9gnrN=~xOYxKmx|qEECa<r_n>=!rH3Jt?
zNxh!F(m-3ctZ$(%uaL%fDBYVG?8*8X<oLaD)73u@uHN)?<F0gTxu7Or-x>4u4w_$x
zQIuFSQ<ms6B2z9W4B16(EggrGEr{Mwi#zIkTjbe(58n5bYh&Lx#fmKv!fdjnhc*1f
z!4qBC#)lL?NvTX%JxGzC{y|b#40LL~fzBXN`#CndwJ_;dfpb`+SObXhfiCPA$t#mf
z<w4TqBUn;TXkxk+Mcp<r=G>G=>@-M85zEFxJW(mp?sk`G2$ZZ;VcacPMY^<Wg1CbO
zS@wDleS}0~!ctYzS#?k~c{$>kDxdLOkT=9W8H&YOsXL}VIO3SAE9M7Lf<g>ks%(qG
zL%i@S9ocR$_=4NqMK)rASBG78SX?D9PJ0=qiBKjJGm3FJC4M4=SG_H59jmQfHJZx3
zYG+@2$1<&e^rzy4L}9(<G#REr8cwI`h?oUVWE24k$B*+$LMW5Cywxka#gb~+3!ScX
z>9Tp?gdwS(-*J}E@$BqN(|NkT#ocTZJ(%j~lI2#P4i15S?8x)M$)OH`&Le!)TVD+;
z7m~QLl8!oKKHh7aBWEe8oz4JdRTz@Dxb(e28JP)rV$hZEl@Bh}!5D`LMtk(-u*!K>
z-%YbO#yF26+HsDub)M(T32KTjLGe7VlX>~|H|e~3>wYj}<qVu4y|HpZ<(K8vA9Yht
zhcfvjyjae2hd!Hw(&ULcyxp1%J&N#}2@{ymSc;uInyPNQAwSg0`4AbXC2w3qE#9Lj
zyL^c5?j>@Xs5&oOXRrXtIdZy<5;+~X?yb)=pzqov0}Lr{kK-n#hNEqA4CPr52jy80
zW6Xp)#gC2PEETk!ODb2UTzadYi&U!qs8?_%nFDFwyk-bCeN>hVk%}--!Y9Qr%eCnP
z1JzHZ=|dqhHIB#Q{AD-FJzKJlFV+p2BJbGY;?fTYc`?3udUO3?vSLI1{IVR6`pM&Y
z#g585<tSD5)k`bd#_v6@tjM@mjbQhDlT4?<PCYVFp*nFvWBq)Lmc)W07V^6rah0&W
zVaqx^%PcW!EWf~t-XpKz$|NQ4%*!3+1G~HRuCR7(xoKkW=8BTMjoaKUn)Pn#(7^FZ
z+$J4=Az*Q}WPK015)I3UlbOu;c$F4IJ4}{llPmn8(~*5pyUAI=)?_PW!YI!l@nER9
z(bCs7UhheSPN<KrZe|VZ|KtKsD%-d~HvCL%=OWWZ$F)~*{j-#@dfR|o=7^D53m3=+
zzhC>5g^89fOX1+4-kT+ODm%yKK;rgb*+Rv^q0`$+%l&#ckyn-@@*IJj-*nBDTus!^
zY{WVk_Y2U|@P@K1UAyHK1`VHFKvr%=#JX}>6zg`Z7*dzv_Dg#4%Gv-mYFV~S9xIUr
zl(;7k5y`bhan^yAEzq(qm&~{hC<^W`mo3CE1j-q-ZLBH+hw28_Sf<ui>a147Q+>%6
zmC>#fSwgB3G@_fSV_CVc#y3u;m;rr7qO~ZaxBPN_b9XZu2K!R7;pl9YCrOkcllWi*
zF^DldhxU-&${Jyi>z#58Wrf$GTfYdqp25&FtV@Jx<-sa5c(G~DtRQMLV{y_;Nado^
zPUzMQz(u_Q=IgKdMYD2FhbzXav=Qj~xJ15}Uq4gc(S~asmFr(b)jt%MJjY=_pkhV(
zkeu%DG^k!S*aM26XtR1zBGzV0S6?BUL!3%kW&89^pMHhIH+$ubAe}{=@h1cZyrP1W
zMpC7<Sg)Uq;n^W>qPPcFJ#Vi))=z)2ChiVnzc@ZqAvD4HiN@oU_{#^8EdShR5PF;V
z)dX7=%Be~f<*Ze<jg?!2yg?~44TW15%TSTktlv{8Z>Pw5P0vkQWmjNAoA(>_F1emj
z?KbBuJ*&#3Bj;F?P=j?scS3E;b&A6fC%Drzv$#r>D^?!EGVcXTAUnhPTDzjTs~#6B
zqZ31$%4O?1xl|lU%p`NV@bH}PSh#k>b9nL;oZakB-eAQlwn@H%qrFGgyY3yKgxGz@
zN`hEXck+rUjE5>iDs<{*CX`l;*m}Ln48>K3s^t|^vILh8PT8k#sthI)tIQ6SO5@VG
zgUSX8_%cPZ$T&-~s6nI^OM`_%GE`StVmhe2VoENys@#FB%9}t~u^{8J$^v9n76PFT
zV0}VI&!-2<@&%&#{xd!m9h^LH#qtR%eocnCQ3jj6!eX~|=FC5E0S3BM1XsoOHeF*2
zb`|0QhFo%{!Lzn*TB<l<j}j$L|6!s($%ScrjAh6tm9QnFk2{qes#qwe;jG^89`u!4
z>qU79XhQeWqcO}EbhI5PPshz^i)68<-}Z|u=M>BKA(M;~U{LxBZ)Dp{+t@8%uvxRf
zJ+c))v5$6;ao}ead-V+AWum^fRJjsCcL`p>E<1sn2)Z)Ges^Mp8@t?Bx#owcuWJHc
zdveg%5%oc`)W<&KCb9782v%p(pj2P8c(w2n7t8pS_KeUVZ`1})nu!noj!vZ+(I=Bl
zEPI`m<f>;{HL3c0H?gC#8CeWp?AGVA<<o6NJmle?$1VpUZi_*d6i8ARgNNju91BZ*
z;;w9u8LAVI3t<bNP#8+q(j!~X{ypBoT!E}g5nU+pi6DKnP25aAPzfm>Z7I7B!K(1n
zV6ibdPbR+^hJ?Xna0yGW9{0W<ba7o(<rOM#m-_PHbFg_YdGs<EOTL~K_YhdwCAr%y
z`RzK6-#dx>0(82NQrXlfixL%vPFbLf2fcYOi`&YJ+n5Qp6u5#;Sk6$DQk=eMaXA$w
zN;oQacfEQ-t1I~_K4dgW5gWe#4LBVGvdtiSw0&LryUac#Dc{YQC0|78SZ?PGTT%1s
zb@je`Pb`;*rKwu+Rn(o}PkWcrijPB$O0f+kJboNiwqeSJCzS_ZJNqal>~S%eNdGh@
z>~V}i{Vh9&kZXTRNYKB~ndN<aNtO2=DpTc*MF$q=N!9&1E|$qYPvvRYSeQ6dqBs?F
zuIj*6d$*i;XLNM)<FbHw)u!wV{P4|%?1_Sn7YF&20A?aoK?YdaTwFTd0ZIs=oOrHM
zANr_#5hIb7Y|F&Bz$B1-s(+A)ST8hWZm!2iChdKBwlK0|w@~KHvU_C%L%md!R4C`u
zt`37T@uGUk>Ds3zW?M}_*u(i+6Z8yc`@7|W=&+tLs_uhZW%LAqhj~h^ZI$ma#2Mpv
z!h-J&AsPPn`VJ5aSA{~X*y0arCR~%7qu9Pk$i(b8@hSNcC9R;HW!t;u6H+s=N}nw#
zu^8=`&|;4(@v*_O-OAZ9`J_r;)ROo%VthVKKEKskxv{K%l;pcioyk2Em5b-&i`}h#
zl`S&ow!U6a89bU&dG1fM+8YREr&Yz@%#?*l{1Pr-U>WS$3-Lj>D*N~~8Jl#`Sn(FB
zxGryJB-U|p#aHzC4^gn^>x45{!eF@)57dM?6N%-WcG>86w`^mhEuB4GvUlCx-(5LZ
zxp=l#KKG#KiT;-56XYSVa`aTlFzLC$FNP~;7Q`jEXOK)x48Tf~+?cdI@=n<_X~WPe
zm)tQy9tpxbQeiJt?`1LQAD~egoRF1k;>#K3gg&`6*SFhn5uqOom;cqs_sMbKJLxrd
z;9twIqvi_vhZp2fc|{!6oM3XK)og<QQ->J5W>fs%j+#3wnG={|Zy*0wK@H{jPI`>-
zJ@*)oav0xokLCDxmttJ&@Mwp}I6M~kE-P#tF#Vk5@Dzvf?<T}L(;TjIc(%h04mUcC
ze?}s<gHQ6u7@u#C@e+sI9By~G)8QV6@qPH%&T5BGaCoi5r#igO;j<lH5Bww7j&~bQ
zL4J>u-|O(zuK)a($#c%;2;d(({hOTrjfPeKJBC&NTZTs>?{$W?KU`~A`@?-^Q~LvP
zE%b>;J3PkWu?`C?_a&_(-Bf>w)gNN@hgki|z=HgnMDiDxtN#4Nlxm&)Q~UE%7J$5j
zpXeLQQr}p2^^Lg7x1Txt_(u)oQ2X~g`2&Vk&UpiRH4i%ZLxwe04;$84Jz`k(f9~{s
zzq-uYQSD!DSnWLO@;>JBKJMhBVVOP?YhGgYfmmZgtT7?hm=J4w5yNf`amrzDUv+-r
zeEX$g)xkenA&2(?yyjQVf6hf}{|T4(*M>DO=P32x$L+VKqj_mZ%l)0p`;=iV*W*9B
zynk{!e|GX`o&0$xf5yoN(N`bX57qw{o&L+t4s}%jzfJDztM%fXqyGQR<^8*}`JTgD
zLeq{KkN@d(KB&f8Rt*QRWUrxqm7G~so^kqV!zw4%dinF<FsHwf!<)IhqYP_a-`2jL
zaK2TYElgkIR&X{qcbN0A`o^*}ub+o6abxgiHwJw>at_gcNV%U|5cL`#AI|Ms7Uk+E
z=Xte5x!U2Juj7$&9gjDdKef*OXyEHjKE}z%0)N}&<D7gFFwY}XoO~)U&neTKybhS>
zm)XEuTRa;aZgjZW;l&Og>F^SV+Z=9pSYT8m|Mp9KBydM86`h^TA8pf}4Qrf78`e1Q
zVi>t<EF?C!`}6W{PT%*3|5V@iG1^prXjA?4bJQNL+_8qWKkRB)`@`o9Yk%N4(*8hP
z>*_Tcm_CdFX1UrQ_B1=%ANDe={ek04`@=YsOV+67W9xiXK94sYjqL=(>hnay>N9;)
zpC_5T%ID9TTzzJ_>NEXOpD9<LX<vP&eebjOVd_kS|J11i_H)ShtWmXIT&HOpeb?k#
zuf1KpIJaoMh_zmfv)0S^8E=2G*-`uSLG7~-Xxyflj@ti?#a!)spZ9S(Y!}t}$n@0*
z+N?!=IX7x-*<Ko3wwK11vC`NwRvO!GF(8M=mNqrEUoao0Nm|WR!#=jNA*as`z-+rl
zhns=f?u(uLNQaj=+~#n*!=1qNtp|8N^QRwpf5WSR4={WJ@HE3~f$8U|z_hatc)IDF
z4Lrl}df=IcF9fbLd@(TXTnbD(R|0cfUkhAs`qu+<+}#Asyte=!Xgaq6&oX=`@NC2P
z05k7>z|4C;u%F*PZ~7uG`;!7@AIJf-T}A-Y&PZVTJj&s%fE&!_cEI$Z7MONM1JjPc
zvK=kA+45?+%&X<nrj|>&mb=LGwOq>8<_`G39W}m=9<vWatA^uFG22D`@oR>Xi<QS-
zpXU+v{}`u#w8NbaQ?6xw-Tc+OJ*J~|Ki06;z1OhTz0a`L9R}pknD?8!R(Q>T;nBb=
z4UYj{Wq2&`YQy7zX>$^=Uu$)nj);@}WT^Tc@ANN2E?#S}URuX5nNC$5>4VnsB-7D4
zvR+!pwI;6>yER`ntaUuuu-5Su!&*n$)H<^6T1VD>3hYp4DzLBniDpOJ$j8CY+dLO&
zy?Bn$dU4Lzw&R?y^%`Y1wO+(puQN<8E<`ncPv9y$*Qot#+<AxVf3;tWTv4R<xi_Wu
z{dtG_wW3$U^@hgnY%5pe=Fd&u2bQZoz<?ZDN0y~Nuq^d~WvLG=OY6w8Y9)US6y;DK
ze7Wbim@}`I%e-3dHkKFvuQ|`f?JSp<a?Lx)wUXu?s*a4gmQ@Q)`?nI~eLt-u>#KF-
ze4=$Eu9ZCTx<cznxyG4w8S8Yke<G6{ljJWhYYMQB59d$qlm2>;bCLS&=Qls+d+e_<
zJ?@7G9J7AT#6PeZ%lEZ7YixN9rR82`a_tXXpCC`oP&U2&q43qNeTUMy&gl$=ecl_K
zKF>`WPhzbXvHHK2)A#3#n@w&pH>`E%dO-UL*8tj2I0vdt{DY`GY8XS%ns3?|SNsi!
zFLwCr4*PSEKWA}oN_~6E`SyFm>YG0o|H<T9?v>8I$IqIM#_Bnz@B5p_ye3tf|Lyc&
zb@+9M|Kjjp9e&H<HynP`;lDZjuEXy+{DH$4Ssk@5+{4#)|4*;q{r<lnkG%HRx-$-1
z*1wz&|EZkqt2TYRNBGz2?QmN%QH|d#-o};7{RH*L%ekLWCFg!Zm7MztRdVhpRLQxY
zP$lPnLY18R303kf?1EqA8(Q79?NWxd&!-LRc+4BtK0nN`j>qAK5xICDMzN3E|C>E_
zwy&NS*mkuji+y7>@TTU&7~q28u}(+N3)Gq9bo9JHJ5!yVX-=mOm^!naPJ@#-I(f5`
zFLv@Hom^m4^BEWa2d$DCf9`2({JE#C@#mhl#^28mwa(7Auxv-oNY^f(2K%wFvCF%O
zVeKb=uJbnW4_C{fI`mEJvZKkhE|hCsb}*Y-7wTwVqE6Ksfc9anhOTK@%&TSLe{%S;
zz-xANb@?>d$I#<3&W^`ECVQEV`ZnIM`ZmF^`Zm$9#$l3SjRUXo)#q_0uZlU_NOk<Y
z=jY7*EU)VLe&VsuORRnptDo%i>gPK)@2Q`ZYkR$Ha&0flYo*{Ce}0+f{22=Wr~a_4
zDu2FUWvM@PhSi^X!=vHb-iF5jdw*uzI1;h!133JO)lu7m=Sq#$Ki#=tw%N424$n2L
zdA-hjXW!%3Tv<F9YgzBRvgSMc|66fmzxu?uu`U|7gUyGrh!y+!IAA{(noURh64x!-
zm$*LBw&NN@`x5WdsSiiEyhj<<ydPMFHSggj*O>dh?eQRMEsZDT>YHDK;UAFaQN!yU
zZ9B$C^U{8md=G0Qwb@`;eP&+unf228t}y?#zDFCbm9pbKpV7cRo}HhfzAOt>NaUp*
z_1W8Gxn8byq+ILb^A5GIHPO|V@zMIyAFVIrqxEHcYT+k!w7!gw_A$n1EOh9P_OZRJ
ztVynpQ-J-ohWFXmcdf;+s=k!_`ijZ2Z>m4Yx>0rhx9p#6zG?hVGpznlu6>DejV<SV
zjqNF>ud!uaYT-ZiHMX>)v87yNOS#6Da*ZwJ8e7Vz!Y1X@oc%f{pY7xgPTuI`&A{||
zF))2T(&;R5SYTA+ulqjDyhk0)>oM;It9-rd59b?J`SX<wH5WO#FZW`TYkSRdWB(h@
zCi}MPuy3pVONP*)zVC<H?tV=9et3zUN3?%(zS6S%9C(>K*IePSpWnRxP;&ZKH5P^%
zYu|BkV_((0)K@=!eZ3Dp&cv!utnne%_z>&3Al7j~tmA^XRvMs&c(lV~9M*9`9UT|M
zIxdKHToCKH_@2dfnzK{q@N9>5TrjVW3t}A??1wroxTmD!f-zhIJCwHpQ{E1Iw#B^D
z>GU|AekWh;<R>`!S|>l%$=5mg*-pOR$uD&Bi=F&ZC%@9kuXXb4o%|*z7Z}x?YvW7t
z*WA9!g%026`rB8X`~rvjh8TCg@BPxsN}*hT&V9t?rA`hyKR5XZ;71LQbaH{^Hd33z
zAc-Q)OMf&k$Aad4-0X}Jy&CFl1<bLt9WZrjfth!-(;4G*#sagB<A8r*_9r<Vfl&?5
z<LW2%)lc3-R2}ZKsg6JQ`T1c>i=pQAdz-(ua@Ecp*QU&?a&PA;r_a1vF4qHU{{+*~
z7}6h&q4#ZWby;f1&!yC_s@KbAU*+^o%l&Ux?yH8iT;G>oH@Vj9eCvm5XT4#ybDm-K
z|6Idr=N!Y@2hKLEec&v^+6T@wTq_0Ce8uo+;B|(_0H0x4`@rdjwGW(TSo^@KhNnRP
z6vI=2Pc}Ra_{)atfY%zH4SbT}2H-ClZUlbaoooK#;_#-)H4elYhZ8NYWQ}ULud6zK
zzuk{t?nP@}_FIi1<F7GfzttGB?KFne(HKs$zEO*EDc2ZsJ*hFIeT^Y?G=}Vl8bjaT
zc7|7W)a>Fg`<vElQx}t=<lO&Jeg8~j!Sbs7K|6V99Q@u9{e&0s^9hP~Hop`P^$g^G
z&SyRwsbx`L%VIn==6q&SV}5|;)tJ+cpS!f&{hfWD`_#T4UyO;`=lM?Ub01#qGv;ca
zHnmMDua&}TrdwH~foXFL@C=h{n^Irfl;=}zQ~IOhf;u`b=+89Rp?;mivw>%t{RUv>
zZFE>*R5Mik>n*S99Ph@(K_=H&%{7ew$M!W=EKBp!|EkzhNA(drIW)F>-c@5e$NA9U
z%H?ygTCUgG&mPj%vWQiO7-iJ>XIAH#P1V`o@~S^x|Nmms>#P6Nx4vgKwQo?aeZ$-L
z{x_OG>gPg-n;kyH;p41bw7!fFQfn5Qj{4^9AMWxV>2T5Er4CbH?YEg6|F7|Oe7h`j
zI=<XbGk)1mG=}UORpX0eTw};FUJHL%?r30+_c6e<GuB~&QO*C?{5i(rroOFk*pD5K
zairFCn~t_G<F9cmncR;Z?R$Pa`t}-X9Qo(W*_YI}!<=s`4Qt<^pODn7GP(NZ%U$F0
z9`Epp4xi-kr)eWU=YQGq+PE`ZRrgbz{r}W|#!chkW5|9E%QeJW_jOj5wu>JNd?rof
z#`sj_rM}Nw)uz<Zu|Qnwe9*B#`54HzmjB67H5Pmy^X*9Av@Xo6{+wm?sv4WVt<NzX
ztt00;t>d{ShaWY&;Qzc|bAVeLuXlO*3?B4q&Ubl->KnAFKGTl+%zCNM>@(UoE;O4q
zCmXIsS-vh`b>(`WX&<RIUw1keIqdbnX>!$PUiI@5ldGS8&EwmJK5O1S)7QM0xxCZt
zT=R+j-}l>I%d0loPt@j_&gP|t)#g_WYuu<WRUdjT^=-j<qpB@fM?X%rEm+@L*uT=s
z)&9&_je(qN%dx<W+c;ph-6V$vMm1NM9mTwVq5TsD%7N6HtDKIHKe6igaY36}FUmDm
z#9FUw&8F6i@>-Ndto7paQDdB3>qVVUtk+O=xyIGS_e0-r>6;WA)%f>}uD87Se+}0m
z+BYcI`ckg-_2ZiBTeZpiUmE8doz0sJtIeAYt4+44+9cK(`s;}AnEt1+sXj2T>hr!E
zEYzG}<3)A8Yc>^o`v==Kj_Qv$tUgm;eP;aCXWlcdDwjT}9oko&H2%*ykXUtywJhFe
z)Ut@REMkoh<E(wG-u$c;yYYQ7?PK&|4CKUPoz6I5+L`2ZrZ_wm_y_RNj+*Z~%zJZ4
zsbSm{Gj57MvUy(H;$t`Gb8b-`e_csGRsO#aE4A}!o(bVvt19M{Ys?vcjXCADQb7Ei
zhL*+gtC(|$;s-2l8i!pV;r!#z3)EL19yEPzciL1R_O?D;HMh_oZFk}^Qbv58sO?U<
zwmZwxcBg%9cVcb#hs=j*utRyB!?PW3aJbRoW?+`J*vXFs=De{4nC;%?blM&6bXZ_{
z-KFvDF+cJDn%$7f=P^FbIg7rHkUTYhZOQs-{C{EgHU5-q{CN(lMPAA^{s*{uhW@CZ
zyNaS5>gN+?Q_JNwskXb%>-+z2OkeZzeF4qu`wZi$KJ$7_edcvsRiB}b`b?cM;$K`B
z_?p1}I-2FG&b6+-UWexw_4#S@Uw!uH4#q^|^Jmjho6i|mIj_@I&T>`G`l@{&Pqu~X
zd;7<lP1Pq>9q+SmqnAuyeWw4~M#LKDmrY0G%z9~@iEE{R8t?xrrmy9`W?1XOz6wd=
znu2mI*Vl{BrfOcwtMa~T_BHSC46Dx@p>)2x?QOC@SK0iE<<&U6?ri$JL$wRnz?%0B
z%ZsvW{^GE|_whHA<Nq~p8P>dS8rHh7EUgP|YW)4VgZf$*>Z?uat4*&zl>dyC>QhI3
zU>wv3_Cxa_gX-Bk9n`NCUPJxSz|<cD%zir-nDf9mr#}gpcBVM_RA8>{r#ZR6<bKyb
zEN&`ie^Bhl#Xp@6`<uqi_sOB!nm%Z3-!nTJE6O!ilxw*|UB~%(+sB!6vc{R?QRDnC
zD@(`P`-W?!fEr$VYMfc_7$?^_Q?7BIYk4)!#2ROg1&y<>yPwZLvb<U^`k-;69i-L}
zYfS!a`c*N>!vfcYC)r%8d3lYXc~Mb0G%wfr8k3LBrpDw$!x|GG^BOBaedC<3_9<8U
zl&k#>=#Z3`*gK_I^ZIoQeb&4jQ|cRiR^ND?rM`V&e%8W%WJasn%RiUsW1e=t`85@F
z)Hm)SXuW)2%2{6ZjcuyF{r_t!X$fhIyo)W@sM=@P)*4&JQ)A0Ds<u1h>0_%ly`7EC
zewCd~O#X>>_`aw5v#GPgJrFI6zNwC18+f1TXH{Q4)B2?L2kK~F9cg9NB0fA1YG0+!
z7|1!tjs>QC9PnnAcaoD&0p_`2Dlpf3)0|G7)6u$Y?&`aRVU0hr)`fNS@vo{2eXDh4
zX<e9C>%!-Sv@U#hPV2&F=d><-7EbHJdy!ffK07xJ_Nk+Fq0Vf`dEdOj`OxTav%`xW
zJ`$KVmjJKI%KxLN4Vd=ZfoZ=JnDy;(xZmN`4xixgT8B>sW_;E;`PslMYrT_S2+SB>
z49pl_3d|T@3Cvhs3(R_54@{qL0;c_2fLX`eoc^6o{~lnjsqO=&{{6tT^Dr>&KL&hO
zPW~T7zXIm?`YkZW!ta4;=V@Ttc@Fpu%li^AZN3W3@$wg7=6ws8dEWtM-uHo-_ak8L
zlgmj#t_N)$l>(-n95C&S0H&Rhz_c?8nD20H1<btL0W&XNU5N9J24>zdz+6|0JLNc}
zfLSlpI-UnUwGQ)E>2K}EHFZWf`y(CJysVe{!?{KM@z;!OQ`Je#lNL|4{~xTSw}TJt
z54FII`DkGJJjTh#0<#^*0ka(^0n_Ixz>M=$VEQu+m}9LDm}Sid=DMN*nDcF;(`g3Y
z*5bL?$&Uo~ZAu*xM>RW`zQ&4WX*}tV#)@)n3qQwFz7_1yxBo}6VqG*=w5hS$-h9(o
zQLeEfR{y`?{AV9lIsMdn?PoeF=Xz2x&yT9ZeIc#;G^fvRL8uP(HSdi!_o{rTa=rdc
z=jTn9SIfHDu-bgr*1c+T3rM(6!q{qC5LdMY<;YWWsk=Y!>&3l0wNq#QsGWMlqmXxo
ztGl<u=WNwy+EhEUogF@(tahkV)i?OORxQe+&!d6on4K}ed?tCU(-A1&i*UX*7}i+L
zGhF4HkI5PrlLbzn?`djX_@1W5WTLf;*2UXd?d%-v?C?EJwZr!`)sBD9$lKvFPU=6O
zaZ>-i4)<iV?uS@eiWeK!yc<JeM<PBboJY-7Ht&JftTO)<uXMQG*+1IhZC&0TCqLHt
z@JrM2{%agK1~m?>m&VhN7jK99YKJz}4*Q0;qyE#5#=(#Ge)CQ35L?}y|Erz<KIUVf
z$?MRaEk0^z8^h|)eAB`IYliZFjoDZI?F_5`zV3{t_g~B6HJ#?AzUJlJr7@&^9bd#c
z_nu_^widqmvW|Ck_dff!E1*W)H)egc+*OuW%cYK%%NT08K8AkJmRRdWto0&R`<$25
z{)twW+V}Sw*uJ&mU;GUAXkhA~+2Zr&SYY;<alrI#5-{yg0cKu3r%->I)30;-vz>l}
z!;QfFzF#viW4_qoBOMkf&uv;AwcUN(_&q?C^Lv0AH`ZO_=EuVBu*UCZ>|y;=<F>6~
zZI=b6Q!78QZ;;gdr)@-iZ6jhWi&)Dd*0PATjfl04h_#J~wT+0ijfl04h_#J~r#b(%
zjVRYPBGxt{);1#6HX_zGBGxt{UgGSxIo$4Wr^7uC_dC4W;S(HQ>+q=#uXFfphu1rN
zp~DwDe5u1%I()6e*E@WZ!?!qmo5OcHe2>HT0k5?_e80mF1NYnf^O%$W3iuS$|1B`r
z2ETVYPXqT_-shbBC1B=#6_|Pd;&k3}_#LPJKJckl?nh3p*H)D4wH0mZwH527*H)LC
zKYDFNxn5hHW;XTOih1?giaL62MXc9Wmzf>CwmQb}SX^gOXPmqKngmRnQ=HCJr!&pr
zI;S(+;Rc5rfnT?Bn;l*Z%(9Mj`b!*cbNcNLcLFnSkJIl5<~vrafmz=ZoX%Qc&XcDC
z)6P1lbGFl2@9>3A=VFI11wJb$tsF&H0&i+<bS*Hi#jXeDGgmh``7OZgW48g*pF4rs
zM)x@V`+zxb-w(_^<cEQo_c37ZC;tkVbNFw8>Cf+hdC&1_VEXVJFuzUo5-@GP3QT|g
z0?Zh`1x%ao0Mobkfobz2ha<Vnh{r_=n09i&EO!Jj%N+^Kaz_EPURwdP-0gtlbF`C>
z2Ih6p7+}_SEHHf=2h6f20kf<r!1Qe@Fw4SrXDqLC^4Y-5+W^dO+%*F8y1N;e*TRc|
zxlev1F#TBqOn=&dX|o-ec{_m_=N@3%=?7*URy%z>c2je@^~tqPekw5QxDJ>;oDIyj
zSPx8pE(E4O7X#CuOMz+UN?`hSEii3f@9<5)oC9wGW?8oZv#dLTS=K$kEbBgCmUX|w
z4+FET$AD?)SHQIMTVUGxy~9sCo#z~W37B<x6`1z_0!;tka`Jba{C!~h@DVV5h-7&b
z;}kIM=YXj{!s(0zX1Sw)S?*R&e><mN3(PrxG%)ADF-~VJFk?6lnB`7#I#Zm^REMWI
zojQkS1Jln2VA^bSI?cd5uPt`+BY}BdTLMfwZNRkC?({o>+0T1`kG1nlKQQZsOXb+k
z3BX@w{|BbcQ-Rqo>wuZ}Y+(AZ-r);@8UKr&{-waQe<d*OUkgn8*E@{!L@Za#wO<PI
z*Q_o$o5X!%1Tbxm1djU>u+K}Zd67vD%}afsca)^XcD8bOJBMo>9_{cLhsQcR&f!T8
z3zYMt#b4{lwo^a(jFbAw_*eN!x!U0#yV@D*z8LrD)Xq@PaZyL>8=pJiC(F|MQb+5{
zajNyDj@I`~tC!Z7`s$~@&h_>6*XF*y)X{d~b(XdZb<|J#Pzyh4NByLZ`bn&Q(x&=J
zx%$a-;uP57w;iSev!6@@rhc8n0_9y%>Bw?u{6AxL*LLKd64GkUac%8m;`4G}qAKrD
z{h4y@C&b#m92XilVvQT$|Eg+VUfXKiSYM4BvBr&9<3_A;Bi6VPSH+ETjT`Z7#DwwG
z_;}1VQaRg2W6N(PX?)lpwC;Ximv&U&+x)!+NabI5ZA2ZlL##3Un(1f^y`76)JAT92
z`LVl~ai3webCI({to33Y)gSt=^`cz;@%oRNP1V1|Y^t5xY;N@Oq3ozX950&J+xLC!
z3Rf>)JE%YOP3;i-_-G%aeeGkcSFIEl-}4#`%)PHMPCgdc`{Unl<$PFGFUr*)wvqb7
zKBoRquJO6n#f|lqV&%K^PCj5`S>@d>=KOZ6%Kba|yqBu>c`sG{yxnYS-1ag%n%Bn}
zCuccSpFXQTvDS-N^ZGt>r)wj=o3D9&U-dYVw^I3dU1a^oooD@XKE$eXk1LlpwOqzQ
zeP$fAEyh^gwJmlxtbKzqsg;Vw^T23e+SI<`$F=|dfR7=u#*kS3Ay$8g)gNN@hgkg~
zR)5%s)t~z;LH!{f3qOg+IXubXDGuv=Nd0L}UI+XWi>Jo+XQ)N;9us)YPfe~m51PKp
z>9flFT)*{lVvSF)>3m{*9x?kGAD%ljK5Um-_``M?4a_y6#)o}X<HNqE@u6JfL#**3
z*7#6=8f;Qt2Tb{F;LYTJax}<atkdXlGcffRJNc1LzQkdHL$4Km-)4QaFR^cEUt--g
zR>W$P-}2RV@!#5Y_l8Ev^*`*PMS$^Y8%75(;;Q%-YcJs8a=nBDCPs-Iwt<K9I#FOW
z>iedzHYF46<8y(KLm!_Kz$c>dxntZm07kz+7a1i(AOBnn`~Zer%Mws47`<YY;4$)x
zPXPj>ook8Xe|l_`D56aDK`<Uwh5wL4N98{-KZQo4#3|Uu?bT7YI=N(ok5WuD>Nb<_
z0xVALBC%*EzD0glJA9$T-*$L{#1(cBhZBLt&S~=d17hqOA;gfQOpS@)-9?DFKt4@=
z5j)^9@{3Qy1H-SKh(9O#dk~{vk0;(oe$oF`Uvv&4{*L_4BR)ZXn}`pS-$RI>kza7+
z?Udgl@e}e}BL2Pn;-61|&P(z;K>V8go<w|~{GLpFvHY$hK39IvA|5Zkolkt5{9Z!*
znEYN&{DAykOMI97{+;+e`F)3YirD!VG5!se9OJyP{0=9^W3ihOkCxvpiSaqmy@+SX
z@3F*d<#!b^+VD8y*<uI#lc@Uz@_QcfJdtBh67tLC7oUg%K3L?}5@V0>+r+oaFZLm!
zgMNX}7y&O5{X2-Uk9aRJ`pj>L{~*7=BR)*@pCLX<F!m2&2cP(Ok@z+F{cqw<(Rr7+
zMev8jBLw5$2}Ir;eu+EecN^jz<rhbd=-@#AjxqXij7K=E^BDC<Il0bblyB$cwGNMV
z7-Jx|kGUYm;~YkxkL6Pw#@LAE(;TjIc(%h04mUd7?C@fTk92s6!)*??JKX7TkHh^A
zuXY$?HTHk4!>2mD&f&8iUhnXQ4qxo>r4C=|@U;$K@9<3y-{SCX4&UkUJr3XJ@cj-y
z?C@g_|H|RtI{bTwpLX~;hhK8|RfqrL@LLYQ<M8_qf8=l^<0Wp3l*5>FV)+P%M>>r2
zZLG7E!`nGr>oDf2SbvPeV;vsn@Fa()I6T$iX%5#pJlo+0hZ`Mkc6hPFM>@R3;Wmfc
z9qx3v$Kig5S37)y!)qNr)!}sxpY8B^hc9&aVuvqv_)3Sbb@+ORZ*uq+hi`NEPKWPt
z_&$g4clcq4bJE{N-EQlUJ%L9?(NsxqaQJA4*E#$xhcUk5ye~K$iLF?U^IwcHy#u3s
zU6Tl&Bk9wrGf#eT)QB8MO8#PuJTV^OFjQmtD2KOlcsqw{9Ukql`X-AsEX(mJw^4#O
zm0xgR_={td2(ZS3Z@?%M{s2RUtIkm(gdC@zQ9rae0}tnV`}2^?!twz5#hMa$Kl#<Q
znPB{L5}$?q4$BK1=T#k9V4_aCE)smM;M1Wm7;7JGqdP6{Zz+FOe%~T~SAJ87x#+;>
zNx+hKw)`GNIpU2z4>|hp_bEqRpQijD@~h`^v4eKlSAqzAtX0~8MUFV&9uwr($?v_C
zqkV911@g4GipNTzk9ti57WpFiZ6*Gx{Ni2!bZSKhp@Ggl^7|{w(Vp*6o|lU4Ab-#w
zBl0?6(O)dT{lv%1uePtqu@=TZ3jv+c^1CbXSozg4BJxRsvG#=y+G`r|Z26r_e6ajB
z6CWwRy1o^CtZmyV?~&g=;;+cBu2)58wcz!Ti_a(*csQ@!E`}UB;`0^6Z_6*%uaN&<
zet!WhdB+jQedYzq;XiOJ#~K%T@u}*a*``zEcTZrkGey#YV|}b&A)hL8;8>119Cogj
z-<8CeBTohv{b`~P9P3|1d7a3CV>#wS*m+-me@^_I{OVd%>>$p-vHoA6Bk~531IKb*
zbBdkj4Wei_`Gd`=@;eb&^czJVIM$y<Iob_4mLCea<h@ybzeIeY{GJIcb{301aIAj?
z<!E={SbhuSVrL`io6ivAUgGP(VrPly1IPORLwTFXfn)hd_U)tO7mp7jFZvX4tg|O|
zaPRK()aeu*;8<q?<vk(?j^#@r7e9X_zxZb=V835<fMcB>Q)ij{K0v&w^vS1yMSr#E
z1IPL=Q0IO5{VR1&5FOxHXG6)4ylX`c9Lq;RF8(Z$-`#*k=Ty-Fj&&wLE;_U1cYk2f
zStmNcvCcxu&lWjwEME$_<n5H-Hiwr1iye$V;NjedsTV#<CSddv9q+`ol%s#{OpJK|
zV|dhEQc>dJ{P$;d{ujBJj(~^r-@l$FIJPe^8nu->SITAv&PT%`M*|TL=YGzPkl$@`
zjL#S!1T2#q`Xu^&j1P5K=RMKEwfktu#SVM}9?tzAJs*h<>b^I1a>Q{waXv%d5%LQ>
zocl!@H_3ar$Z#GUg-KhEorqDE+7vl#&Y>K3kO%rB<+qb~l>D9uESoo1%kRk!pW*P?
z4qxE#*B!ppVVu`tbFKVJx6pE>2^0^%FD=N<yU;mJu*O7u+m1Na87CY%XUgyXz@k%2
z9P89UE;{IA+AgAlcmu~ehfwEh^1BpRbjA?JI_=c?ru^zTMRdjz$2x1Mb0vQ9cdx}?
z&ufAafAv!^;;(x+f)W3tpf43%C%@{0$VUo3*2z~oe1gNLI6Mqk@}hj;;Tid#95RGd
zjyMCyKJNgzl)FTJcLtWch%@kT?&a<dxd{8^cM`DZ)Dp*bJ`cI*AO<smMF(*Pj&-!Z
ziOyP)EtEg#AkM(C&SJ<#2XR;qEINoYaICWea?!zB4AmR;UmME*4G-tPy$=6JVG@;N
zGBM&m16T%PyZov@qLUM>eSq>KoX!%5bu5Su`o4|@Vr^@&gLVXt<0dX@S!?B2*Eynt
zHU*CBg1W&Uj9u*~f)5is1#;1cJ>Xb>f5=7Wi}Kq5EIMdY;8;gvD>}<WhI&H3Q-1LW
zefR}D{AV`SdLb8`)$)r!V2r!{fu)1g$*=a4`z)To!$k+jF7g-aXx|VW#2I)v|2=x`
z8<GjJ-yZt4HYe#E`xCPXJe>b#y{;8SNB*;ZD>|^L{dNNZa_GDvlQCj7M*c<#M!mJI
zi4SygZC{Zu5t+6xG1?w^VMqNDytQEUK`>&k?I?Jx;GN`e6c)+E!}<N#y(ovDz{B}1
z*)KpYdC}MY4_)U1ujyFs|FtHkJmU}#F{EWIV`4DIU~*i>7-I|uW11KY29r}_k`RL_
zLXuRHG$9F<q*D3YDqAX@RZ@wPq?6sYONYJtf4|p#-D}@%^?c@;>-%2s@4oKy{T$xs
zeb<OgTJw~<{C(Ov=^u-gyZo)%=tt5XiSNZ~$lUy6ZBJfD|CdU6<SzdXh-0Gaqx@(r
zn_Q2xtE#!bq+KgnP4rRv&9C3Aw6W!r9lwz;8tW4I=I<LszNz0@{V?YY*eMO~)bOqi
zPj7gQ<jGi%$HuX5qhDahRIF*993^-8J1tRuG$Z&a%0Q21rQ|MuAMzFY(KzouA~TR5
z!+xycPd0pa!}m7)rG_7D_!|v>x8X+`jyjU>?f9ZS;ZMNh)I3n?C3lq5ZHV1++Wt{5
z_|xzt{phWuT=g*@(b!he=I}l6p6tds7#nkhwDzN1)6PlF7qIh^kHsD)qaT}G^^5cq
z^8xH}$xE>($>?48<f@P38v2Luov8+1jy*?4-zQi71*!Qq_ASX*V=t4@JMQGFe}{fz
zejoep<eRYXlhHd5<f{Lme)K=aI$rw;Wvz&INIt0X&u{qfhP&k1*qBqKJrIs@3lG6D
zZogdmSFUA<af`<Gj(G<={<mQ7(c8ar)yMoo<JuMT3m$=^uhHA5a@Fq!TQAp>?d1nc
z85YX~w*60R__Yn&msN9i!{;{~btldeeD=5cQ?Rinz^B6-=_g<7B6r_hng0g{Hf2|T
z7B<!d*fn!^{phWW+);kF8SLucgxxRs2<%)Lz2j4^b&vi+e<42C_kLoz4-tLzmC_D!
zm)`?gFEx&n<75_$i?QZc*;titN_K6yt>IWhNUQ(u#&0!DdkglJ$#-C*?)c^D`oCJr
zCf9oujxE!E8td4S?YEel=xtlM%kLsBg4Ha;+6Tt8J>@Q+<Feh=ycugf<!i84$>?oQ
zxn6_#o|=2G*U4zsPOirnd$!-Q+<RM9{#vPv+&x_SJ=Va7ia*BWR;Aw4)F(%qBzNiG
z5o>-uX|1nZ+h+s)=uNkYjK=!P-S<nr!}`&TU@@Vwj&k>dqKWcPYOV*rUdq`u8gQUz
zBATaL&q<tRaqG7&9C=MHYje~Wrs>N1@Qo5P#@?eP-xzzTkMg6jj#2&}6^-fp?aDkR
z%Tcy${WqI(K34Rx{@^!`-2JrpV=fSfYL@dHn15xBno^GY<9XdDzc|_P8+mzCFu8l8
z#C!>_)sMqQzL|Do{pc-&-2J5JWBk+km*9(a26l~kJ9`hiPQR<+b>wfCeC00dXny*Q
zFV{Lw)lZzOu=~kq91n6mS3gug8prjKG8)H&-2J?iGuB2lXW_e44eXjaO(v7wvG%>}
z*o$(0rzvOt?W8Ct{?T&gb=I(H@mn^z%fBVWPzb-}k?R};2l^e#y^CNb#p(iEPou6<
zaG?KgDZ{$@A1)kyLE*Q;x0(KAYbp<6qb~47czyk(wajw8#}aj?;<NDWp(fe!ERVLs
z_nLP2eQD1P8hsoW(C>|JihlIwC3pW(^ih5?alA)b*uD+_NEyT7haJP=-?Ow?_+gr>
z_*qaL^Wlfp@6X=vRqo*&((q97Tx_%znpeXy2jQJzLJaiZe-Zx|?*3HDY`fH$u?Bk6
zjxE+e5B_YuI~8}Hv0M)Hj}(pEr3M`6XO_=Eg7+!c1i@so8sOf;jyt!0-!cXq2eRX5
zdwF)bF5ji$Xn*|E@NJU*5p0y_hfR6@Sn3sVm_U1>i8#p-2Of<BkH&eliSy?YhvWnO
zoYEe_bb|S-?BSRP$+mZ_E%+S+HjNtR#1`@arC(^uQKm|xd|<=#8ji6_TAHqm4VbVc
z{*OwT&8y2YzdX}Ae%#I1c+n>49k+5fSZ1JeK+UVLo5>X9U@XINl<Ce<ra4AA>Wh8`
zzIFBgxRgikvM-{|(M-hWZhT{GE2FnOaxIU2qsH+(Rt8KL<K&>``6~*!2L8zRkaE5j
z^W`U{3@<h<etn&c-@N2*l~VVY>8Ei<u#QW42pfI(SktyE7rpOQ{jiM2m~xkz?bE*+
zR{n?ekcHefb9D9do8xS9wEs^_zH+yE$=6u@<HZjS^mNvG*tO&ZrMwXn?(sQ)`zMNC
z?$#)Az=58{!7@b5pEWTLD=|ZJcr&))wQ;U#TG;r$mR+Z#-I94Z&@U`~743gS>ANWB
z&r4o%w{9s<^cQ~HF#5>{_}F5OXIj^t9*yOd>-n4OT7P6Y$BZ$V9A$g5<R$;Zc~@#;
zj-WALx!ymYXiWU(C3owW@@%7@v>a~A`j5u3IYmwW4XkMMUo>sLUP(LIw2R8|XQzf^
zOyZx4FWT^_l2)$w+oOHZI7f%rdo-3=u5B1)#y?u-yx$&e{>%T3*&kijB9Ae$?H6r`
z#+cSkKSQWo<Ks8xIQDuTGC>V~>n_)OdXw~%b{f_;kv$Gim(kk~a*e}s6Mn~%T;t5s
zPg=UZTra>QaE$GzOI>0d!j^em_8zvJjz!tBZJKPpag4xkUfZVMcD1bPO&4{Chv1p%
zAI5Tc2#swVWkX|KJ-(XOzC9*+D)xkAW1p66-@QJ01bbfc46Nlg&aC8a!!l-UJN<L8
za`js#{d2K$^+%iIw~TW2kHG2|VCCwM_Q$^vU$lSb>udFkuyWO(nEu6Bx%$sa{}QZR
z{op{4*mcIOKd!7T_D6qwvtGgW%j)`nRr*)<c}h3m>uJ=DurUVU4d569&;0Lr_y_&3
ziyzrQPr)4T(ax}aVVU&Xer|)X+e++})mL^rRkr+<hv1&Za1L$V@Ttk?V3#%=^Bw)`
z@J0Dy%Mj&(w^N&X+cJ(pzbSQ*yYXdgn5M^XdF5`i;*a$BExX(e7e7rLdg~!~`8U@_
z^q*8dTZr)tFT!VY=syD+bx9sd|H;@1@^4Go<Sv^$j(zwoTO9lHbHi7vC(i4z`^ji5
zr`+XtF%Hs?hGn*V-T}{mV}7Bx{Br#~G3GLb*&E-%>^<z5eO1G;KKLOsn_SE3cv62T
zcD#(nGRt-Cov0tpVc1wF(O71=mU#qLGYe}uWar;(8U5JgTIMbEpHkM3=r7o`XQqD{
z)^Vdoeo68hvE$_5m%7NcoJ0E2yRPgaqp>b>E$5#4(OAZL$y2eev-)k<*CcO=jeaMN
z^_6S+V?5)y9pB~beeydSeqX~kHvDYzTFmV~C$9thEVXguRT_?Gs?-0@^!vQC&(!tL
zmUf6|KhO+};hcfpIFqr%4R6)(hMDiC_~IOZIJQ-s1LQL{(MQCYh$hxmG`2&mtNERv
z5#!*uf8}n{D*T`KyGU#M#5jbV%hAs1k9LNy#P58t%-3KqNM3<`Yw}01#!_<+_O6CM
zoBSNs_tZR${ZhjZHvH}6zhTv>{~7jCnYy^P$=!rfm&f&^@fk67@{8f8Wb{2&?zS%a
z-=)TWjOYE(55t?Xo7O(sGI<B=&dEOece+eW*LJy{GcQa3#`xvxzf?al9SiYHJ86f|
z$aRk2rw0Epe!0$<2lSKn57>C72+c$^@k~*kJN+~@mibRInn`HnZktlyF}$aLGJd(s
z?|;R!aKv8+pU=CinTkfP=dSVGJN{|-<u1Qh8_&R#b{l->``&8@2Hu8se8`WG{}+=t
zhF@dZ@cVr0dy@TLz{8b^6XRbEyqG=o*b^IGo_sy_vWDN;@HGvOw+#PL=AhjDw@2qP
z7mPm>-iuwnl5}&E=VK2^emDMw$;V)iO1=(1OMj%j5KD7JUd~gwp3lEQKk+X?|Ka3+
z$9_(xY|dG^%kMsaML+sKU>}pwIDh4CO6k)l^`m(P`^RM4`R_7%=ZM_p@9C|Y?W|^f
z8IAKou4C2rjA_4Ym3#_zdl|iBUheX5mCjDTV_vRtj@C~c`#R<ed@X#Le&P(Fm%IGC
zs2@zf<6o|0>~s1_`xrL9_W?VuzLfs&V87DvLo)H5BXS+Xrm1m$lzbhU$CH=PFTY53
zJpVfR&)ENziRqk@YuQ#sr{6gx*LGe@zjepPI*-OVCD-<G-B)ue*6->V$N44K`1_=P
zSNw8~f1v)1e`IP#(8x9Z8L7Dtdsf5e%H%Zzy<FSJ8PWft%n|!ob_{Qp?D*WK;a4VO
z;+#OenwT%AmGiN~)g&L=aLkwVubF;huPqbDaV~c|mT~Sig>e>OH<Ho#zFe<)H`R}3
z5q5%%#<49|js2%)2{z7W&{$WwuD3g-23a}xL*v-qPff13=H35iX)F7+=fHR=_LzoG
zZ#d?DYR+x^7dCux!*Se4ZyQH_$;-Zo`tDHLB<h<Q=Zt0Wx-HHJ;IrYVFKO);x%PGR
z9hznM_F%Uzwz*u_t9|sNIUakUjK+G)-Lz5$&qvj~8GD$F#x|F`@0K;z^tF9XOpR?W
z*Yd2Y--n>t<Zh=D|1P*cgJ&q1bFl`(PvZMc`k%voi1*a^J%igCel+>r1pJSN;~0lt
zf6PJHHGc-XapXAGB*%P7j$;jMT7Q~W{Yeyi6?S<Y>^8|hySk73U;M{*X!_M3)$r2f
zbFr5tzn1vk4l^c)-GMdeeB)pSHj(k~fE`Jmi=EZ*naTe2<%7wV`G?6r$3E8Z?`7gU
zPF_s68GjyjLm9tgV|?SE((ulWX0OJ7V)`93XQcmXtRKS||Nqg&-Y%@XXTwJ{d`!b9
zH0)0U)U<DC_}qpsZ1~cKuWI<(hHq&2!wuiw@TVGnDEV>h^T}_gonOjs**3-=m~8vc
zYuKNISEK*fhW%-z>h~vvD*My+mHo-`$`>?zal@B4{EmjVq(AIa=c!!Jg<{>q@7$ET
zztK@_d$XI@{@8<)U58`t<3E_#$EDwO-L+Ny0{ou;n3wCPT-TPkenhhfjn{!{hOlzI
zx4B$Dnk%vIOuid?yNrG~xt=fGrysrNOW&2zOiZrlOFvA_6WHgIU0b|nP(KNuT#vJ3
z^%GOgOH(r$ja-kjL#dgFbyx3q3*!3-$@}Oh{#4S+9mj6B_znV^FXEf8CV64Q$H=6e
zhF-31cv5O^!M--x@4K9v?0R^GOj^$$<Su`^`?~ax;Fr7nyDFd2pJliwH8ar2b*;9n
zYCN}!YZKznLL*mAoP(kH2|mxyEW;c$ay_?+^DZ==EB#yz{2cb_)XzmPSN$rkx5Sx;
zU#{nkUbmQbmNt1RcEjWe*ddv;j$66LRA*Y({GC&?5RF_l`=w?X_JHJ5u!kfs!X73Q
ze-UZrnpRzne|l;bqmirTqVzj&<m&&3e#-W7?Cr^KT#0AelCR{r@EMtWPbRHg$HslB
zS;GAKN@`9+BX_&8P_cbGHE$r!lc`yXU+(hnKE!uDD8uvk+%3<G(XYpDzGtDAyZjBw
zP4uG~#=6VfVclhqiSF_O?DXWt*i&U<dVVB#Bc+_@r{=BLi&C=;ja<i@?-}!5*lUtc
zqOGo%iMbrTT-)cvsaZ<<+>x3~(8!$!A~wGQXUta<=gX<N9KYO6FPg8XW(JyXCG%0s
z0H;BbuWOgw?N#*ulbV&#uf}ftO|kB>$8>kuWBP8%2Vf78sms;Gl)D)v=EBr0!5)*E
zYtYEGeSFWDXS*gR|2N6cX!zXZzv918Ca>#=BiDAjEH%rC^S;!qKqGf~uj%IW--KW8
z_AceTT|Z@b2z#eY{9Dk-^<Kp1Q*$Zt?@P_?XyjTK(;Mf<*oTv!z<N%j|9R}M8umuK
z{vP|H<gwUQl6SzqB-wKwb?P_Ay36|2$uqI;)gNi_pNVgA`me_NT8;dchObNZBhDL=
zZ^3>jc@ciUx?}s?LEYtUW@*DOrsg<a{(JJTus)`2Uh)r<PekLRJo=x+`Z$q%I(~KX
z+3@d@pTqiSi2h~xy+tCw86LwfuZCSY`EA&j%9Qgi$|-mI@E_aD(tmeymw%gbbN$3|
z=z7^-`IX7<!g?su|9-4G`9s)!lW)ZyntTU#L9%~R<o_jq2m8f_eQlh_u|H_|=Q8EL
zhjPkw9R4OXf5bkUn)}embsYMhF`Y**X1vO4VaFz4jrC91>K}*QM<%cPi6hs~H8$gQ
z&%*0*$77y+6n47&M;46aZf7!L^H{599@cX*+2fk&<q6oMlaIr?^;{UPR&b!_<ZCQ!
z9z7SPU&WFv*fsF8jsM>ow%k=eB>$<DO|I+1ME%6HJ-1Hw7~yrLdZuN$#>{(M`=sU=
z?3~nCPPrZj<D8S2U&QyS)L4GG_C=g$5`S%cah{oL(K23}Z;zGh8f85#=e5|YWHcKj
zcXLWRUzh%kv2q<7A4>laR<7l|O+PU|h5fip%;Dr(PTy1WAl9v?ajdUf|HjfU!CbtL
z`p+pmqJ|UX3$aHwd~U-pNnVD1x%_<TBe~XnQu^%+xtmw&J5@jNXJDtvq_qrkt-JlA
z-}aYlTSXs{)^RsKHTH#E(|WycTKhuooWyJ~_VC;Oa@9|S`}6ajQ?lh9FaNpJOYW>3
zTa<Yja|@2o$CIb?x=)Vwfp@|8()5pDx0U}=V#;-{?Vx{Ixdz%wzMy>PZ*s#C6aO~&
zqHKR{%9e9B>Vn2L_TB!%^1KF1Y_M&zdb0Cot>o>njz9I*FZ>tr8Xl(~woNukRv+!K
zysQ(u>rdXR;VyYsY{W;iCmdr2o(T`9<`vke@82wW;d<@k>;5feEcmXxKGt2f-cfgW
zN7!BezF4>Z;&Q(*(!!1bcm1|QtRb-Fbk~0n)~&y!d<Gu;R@Pu(CH={($p2l+EO$Hj
zf0<+bW#zL<U-y@n=d#vFwmo9Zysgx0AN|Rpf%nE2{SMpyF_t{JORno-v?rR`_$RRU
zXe^^#uXCrQe>JS!9aqX3ef0MdQ?CB8>LW_2OU=tM(X*I24x|0in3r5XTi;9#Uh|T>
zlS*Fx-w&$hyokN?<bf^ndZ%gf8LcrzvnsE<lZ!^~{Q@*w_%m(XWAsFq?Nat0_SGll
zcXMrry}RKj8uqgXHGV$!y=3pt{jOoJ71ikfOT&L}cqQJen$;VQ`}3JLt{IcZHJX<<
zJlyb>4R70UTuWvguODl^do&z<ipKkqF=k-<JmxR$W53AVX{Bwq$Try;yJhn8q>Xin
zv@`J?nEpet2PgkGngz+{Vvm%GZ-2_&>q`6+^b^O=15Zg-zdYG~yExg;3Ev|VXKk$9
zc{0hig55Z4p!rzxr?L0S=p8?DcSg~FSwDKO-5*MJJbb6&AIPM2J&?OHlm>p1ny0Y8
zOTGvDx8yO@{qM;e5Pt(+o0p&EZXy$NW8Rm$rKLPuq~>Ml{j690Ozh4w`XTgk_xhsW
zOFx?N=;tLLk3CFAKa5`P&Mf+4Q!^2Ld=`dgA{x2#<|W%Xso5G$d|r%Z5`MWmt7zVt
znki^*l+n00%e8H9Pt7zmaX*K0`gz*@>GyN6uQwc@g`wFE{S)b*4nHLme=70i_L<B<
z^lo-ZWyfx1$5~~^N@d4EW&5?V{ZV<SVcW6#ZLi9&fctC8TDNMlZS_)l<uXv@&YQ$+
zmZx8(_~n0CGdT&gj*%9Psz{s9BUuL1T0gn2nUU|RC8pe+Q}VKDdN1zT{Oq&8j?cug
z-%9>1*14qrJy^$3<t-YX)Uf?sH9IxDYs2<g)x_t98GlaWKe*vnHN3FlV;Vl8;gcIa
zz2P@B9G{hBz85zBiyOYY;j0?<_-*<9ZOQeLN7qK$(-z%?{U6pw^rLGd?Aq+PopJWW
z?w&juzpwQ##?DOM0snr<uGw>C^0Kex?!3~c^HXEm!;?qQADz56d_wXi*pp=9IM(F4
z-Y(To8D^vB6hBz~mC24B4!7Z-i{?g|IL;w?bdIOyP&9WZe-Qg+8NKsN?#?ge|CWC8
z_1@%T$-l?`Tt@F)l<Ru<8~y0LxA~XkZZOwX^c&-IjqSWqz_uFisXq>VJXZj_rf#Gk
z{SX?tyP)WY^`kiv{gh<a+gN+?%dz&7c9^uW_Fh=h?v?t}NPAH7G1$0&j(#F~xx1+7
zk4nw!(fb^O`Cf=UQ${}ty<FS&{M4L{KGtFMOYwam^^?)db=~&<yD^uc|8#0xPvp98
z|66L_j3(Az^gqM*{nSrGFV`~sH1(IFe<t~1?4Ody;vZl)UpdZa;49(v(*G{(IGH-`
zid_DOH5|R0^J*~JabMZ7TiNkf*|AmGaZ`EYhKCxq|Ek8mscgGfwoNPBc9m_H%GROs
zNW<paUtg}hET=q#U0?PGwUWCxmGQ8Zel$B`%~y>oxgIaTf&K&KxZ&E~uU_J;o9wGN
zw@<(2teTNVGbh=0J*@GcF0bJ8UhEqhKEL7R4M)9Jl+X90UgT^4$o08}Xa_Xs;@h6x
z_#@c8Wc0?6>oW}d>R(arC&W1<8v9o6@_P-QQ>wA-@k}5Z`&_P?V_`K*u<qt%S>*2G
z(&ne?Us1l32oCf&l;=AblEJo*TYqEYhxH$#KTrM^C)@tfRyURNySF#~Pb8c6;f7<4
zO8wf-BiMB))}oBRZTe?mr#2jG5qkZ5H2yee!2dGx8E0Ow>)B?>o~KMmo`&CRGwWjC
z$@M#lyQbehlDi@PW1GRQ-hPqmZ%xnDPhPtbbAD><7rBmyg{hg2Cfc7k_KRHeJv%j?
zBQH-LJ?AIBpMO4}pR_|*xjv)&kbX2{(0oHiGmMqH%S*riJvFxRO6=;_$HqB1>^XQG
zBjDv|<2;-=6O-#$-N`uIY@2~SN*=os|Fdo<`|3&=&BnyMv+;ksVe6yDzO@`xKcVq&
z-EfS7%q#kxwDWl1abQ|`cEblY{PHZ%=GgJc_Jyxa>pEmT<yrV+U4nPRH#z<CY?(4R
zp5;0=4o<&gNv>lf`kgrY6Z4qVIIiS6HkRl|b1<5iN5prG$#rbFHmR{auTH)e`<~=i
z;QyjbTF0JT$Hs%Hah`oGHI6;Gj*Y*hW-^*p*o`xUPwp%X+dBFw!#J$vkjG<Ro@}{x
zl1V$9T*u5yc-`Mz*2tBU4co~+P?OyGK?d7??ERX>KTrN}IafTa;TU`Aw@uY7z;2j4
z32QlwV<fq@$(H)jyLPHmW1q^kO{VEbV_)qdqp^SGZXExy?af}xwuXEQ?Szdw!j@}Q
z{cDxF$lcqUI)0?A6LZxhpPhU;c3Hz0H#|Q1P1wzomt!X;AAp@AuU+z$yUR+xJEz9=
zX?ki@$+c{=^iv+&KGrn&Qus*y#9S@8j?dH6Z~Msgp5$KoUsB2teFyvM!t~4Um2c(q
zaO_=;|CbH>jH_|fFKYO_hTqfh-3_lfrlhsZJILg<0K0$sjp^%JPS2awcn;|~apl)G
z9M@T?S>JNP&Z!uC@DjAX);}Km@?@Vu*hZ!<ww2rs@gLic?D`!ua$Q44^b^PO%#_hM
zcjUT;%t_5sG)t1-kB#dW^sWhV?Uyg9!EYJm>i=u{hp=+>Z)kf`hP|<|_L6p(_vNZN
zA=`W+e!0%0*Xbwi3hZSK`&z$kANNV%JMnp+QNO<h`>BTGek1u#BEDSn{i_=Mlkv;l
z5Ww~#((9j^T-&qLpZWT1apl8P@4T1m+I4hl-h@4l_xjt)vF@~nhmx0KCnP)PUeU1S
z?$>d&<vQbs$!wNSzwgNPdydo7@3@ugeUkn4QwIAv&c{gWSdwd-fCK$U%jX!e7JaN-
zbI0}gx}^+q{oFJ3A8+(`G<ttTlkEk1PVQXue7A>P<K6l@%ei{^VaKz3|H*RS^u@_N
zHs;8BCB9sLk0R#OU1hC}_DPPlD>>r8_E)UEu*c}N*n8NyI9^`A#FuOQUjL^`Uq$=C
z&XG0szqIJ(ZYlq<4YBL@9l3rcHCO+q%YBIX4aYqb{PXa|dFcivrrf=Z|JXD=e&3Nh
zKX_-0@k82I!&|beaSX`y`@+!<`0aPO^8<ReS?ua<Z@E7A8}<E6IX*;v;nDhT_`>=|
zyW#hpXt(_AEZS#Wqi_8iz0e<hv2pRswcX;F__E@UW8w{^{Gs=uTDDfd4zGKEjG0ZY
zafadk-fXAjiP%l#p`w>NA6j7BoW1|Iq92#6KGx?=i(an!AvO19pCp@Sq#a-Ma@9vU
zH!J?OoKfH5;*a`%q?9MF=~#dl5#w<7J~_rVyZ~Rc3G7-DV<|c6xOs^gb(~yc#yW#$
zcl6sE6OAglem=gZel$m7W6YpgExBr9&fZ`0j4=Z{j#fAAgp#k^ZBX*{|K1<gWt0Em
zGroT>>qBTJHkyx?w2tHcfo2VPu*^kc^<OFLNAOq6dK3J$l27p0%Xkj{Mmc9UmmZ#q
z-AjH&$#>smUmcii-D8e?v-Cx*OUW@8k|(6z^2(hLy0Ezh8Q(UO>oaNgK~Gxy@h};U
z`N;K|vE$Rf0amW}R6%}IsI*D6IqbU9>EE){CB`#cUg7^v`Tj(t{cgEtk1_Lb8RIdo
zVCxrid8?9A?hKq;|2<+=ex!V!8*TE#a&EFI@AdGO*kO56i6hrF3LNMkZTjd(4ga{|
zpEP~Cb%_&cw`q9Wh9?&uWBi{tah@#ojkLcgyq21$%6tv~ugbZ3@G}knx=H(+!tXWh
zZ_B;j>l>aRZ&%77*W>awsksijQ)*Pn_4DPJYor~WYn$*U+gx_@az4g!1dU@%?tDm!
z&G*z?f?Xz~alFahBSqtTYOcm!A)~P$<@(%<@2UA9)>QqJQWv@VQHc}tef#1!kN(+m
z?H1z@9vvG~i^g%#|Dim);aKW@aFR{#ep+I#538Aojj;r84afXKZ;Ck9JYMv()&FOi
zD+e|_ui=;rX!ge!G2w$@^QdXfLv{{spZrSfba}^8PPv{tMZV89`6frc$&oKSnlC(>
zZ)zf6cr;&lG~b<Gm@h>b=%*Eb@GA>P`~Ru5zb(`6T>NtPRB5YNKhgB~LjQcD-=)z%
z-RRM%k8_njmpKyk+O_EA?wO*G>vuF8)cAiX>3p~M!B{rA^I<)<C=Z%-;V92voAUU>
z>TIF^U86@cTAsf(<=LYt&$C4z<w0Y4^z<W5%wHEx`1fr5zis@}8~^W%Kgu~U8251_
z?Ou)MzltX6g=Vy!2M445LO-L?|EbZVu^pnFxj{D$j&|O==%bzgT=Y>dG}bHDu9-!%
zj&*#|U|i$uki0Y2y+@;JxAZT-nuq??lIu0ag!Eevx&C&_B>lvnhMkh^e2qCm9NQ-5
z$QN80%I|&{-*z~Fy~ddb8|Mh@VaX%dHDrHapDo&%8<6G`a|Cu?#QK0nm0Zg_9yYCY
zk!xNt$4NUG-&8fQ<%zXxR>{jWJ?tyF`%7u((Cpi2;D4%_-Du$dtBLh+zoL=rIv@Ty
zjX!@MAo_9jG6pPbk4BZ;#hs$UJs<Gdhfz-0@eu3k{v~FttEDPMb3pM&%;Xqj++@`k
zY4NLywBwp~IIu~Z9BJ2R(&GQ8Y3DX+lOye#O<Mf_H0?o6+T=*PR+AS0KTUgZlQuch
za+7nkzWD!XS|8YFi?&LRv@dDW;{T^<=QU}QBP};aNAt!1PtzXSq)m>r>o#fe|I@Vd
zo3zQ1wr|qn|G#Nt4S7{bJ7k^L8;o;`S2R4e;aEdbGpq3*)NrhUXy)OIb%yxnAa^hF
z>Lx#P!S9^gjJ;c___u+3{Kk;Gm5V>lm+-qb#QBmBakItxgWtA|^=I|s-;dYEabCz>
zSN!0>AZ2s2OqDH1W%I6VewEFmvT-YWUQv0d;o*iseoL*ib1)yO7(1AoXXa^p^?rec
z?V~a`(qHqUe9j6!1^z+$e~kU5jNTMWsgi6x;<IMhnDI;qY+mslBG`KDMlAK#<8Yby
z@4+r=`1pn`N7Y!4%BM9P-;K>UXElDmD_iv!Hhgizmp6P>!!M<Lracm0j3wByxmo&U
zk5g*=UedP7j?<Ykb+muvy7tb|uO1ucjWCxp<@y@^P;xzv9L;O>k7CbHz5?s6{|@Yp
zGHHjCyO)&lc3W!h#NL-|-#sX!pP1bF<pZ{Fu^Us(Pm`a={w&$w<oLZz+DTZsmh-<F
zjYHfxn`7N&pVQbyChcUjaxG^(r-8=)JT&#@b!6(NqL*tqk57$#esc11>}!+%3ww@C
zUeib`*K%IaXg-+ieO-6U`5o++Wzz0STDg|<o2hYpJ&|l)@!SRa5%h8`=O0qz7<@i?
z?J@Z`L&?i$sa9n-uNkD3YdL*B((<U;DtTwDyMF&}sn7kGb{1*nT29|nvy6O?N<IsF
zO!EEM_`HC$jz_uX>$5MWRpWCZ@(oyb`3u;)Wzx<itz7f<JvDD8-}o*e{BwK{rGGO1
zM`hBw-pDoI#~aN6I^(R3b(gos#`gqCyMVNE&DZzTT#DTxc@B13@|D=VWYR7qtz7fn
zH#P6Vy7e0k#yNX1A0)b_IoA8bT<Oa5=sjQZy%K&kd*#y_zM$c&lRu8Vw&4#nd{e`>
zHthOn{A;iqCBGl*JlB5%Hjb6>E%46iw@>$yDYK=P>)*>bB>mP)u75A%X#K=liak*#
z?bzh{_cG2&|Jqo&{=JM#(%)m{daY_38Pns5+aT;_nJQb3%H~(uJSrQvvTag%<A#SC
zwtcE*V#D@h^-peiYQxhScK%m=oEsl*$@6|JA1tdiuRb~YB00__lDBU(an6i?JAAIX
zJu!_ccXl${TI|NOyl#WAo4U%;Zt0J9OOAF+j&@6qc1w<SOCD-sT9+C>%C^uPvutaZ
zV?><S9Z~#pm;TTn`7iWGy-*+5Ad8A$uJ@^;ojGX4@fLrNMwNBx)+}Xsv9Bi##<A79
z_eYmFa_1N8*dk79;@S<3s<?K`&$iU{TMWkcL84yAlsIj@9#X>t43A^u`3?9@bjRuJ
z`sFK<KZd=!;rBIsW5e+rAZgVPXZ&}-yCm<4-97ml{Ju7?eXuhczpwT0kDZ;o0{wx>
zhhh&-z8U|5<WsQ6$j6rY%H4YW$95XKG2e@QeZv>Z=uIKlIevX=p2FTLqj7A?-KPA<
zb_csLt?#FkzlD83MsL5#HRkWq?^u?*mzO^MqkiK24a@DGVB3FHcH=lk<eD#+h@<&#
zn*4e!!y^2Xu!IZt8JJyV;y732TAsz}ciza=Z{C*2&xhZVnjtiDZO>Sfw;YUftNnPd
zPkvLwZ*BNf4S&Aj`x=gR%Q#<a{Ns~d^EOYu8@pw)=cSXAcf`iJM4Wr!k@PRa#u&pt
z7mnivd_O#&y_WxQd2ty(a=pYkHT}LLcboDb+fw$LHpUV$FUR-x^nV2#$46p1e&kMI
zyMf)b-@x7`qjAj0wJ+@ZeyhRwtSr`!<XCTE`?O2V%dl(8$CdKS-KJ%XMH~i(pR+}r
z<W<ze#xZYsG|ut=BF@%Loa87EJX#)jG|mbCBF;8VoaBfDkH&#V<1Be$9E!}}#VGnn
z3#+%*`du&MxRd^<I}cn<z(1rWInu(TX<t+FGEO~yt&#d+Y{W!wIbC9mqd%^#wi}Gt
z&Z{2Y0vlsEIokZh5?`+Iqx~~&^dlVQ%{ZH5qYP6@y`s#p>q*r2q^8Uh^^~pWK^~7S
zZvE837$Xs9hb9g@8t3GH5ogCzuQA4fZQD2=O)JN&sC#mh4YqBfY_N4%-L$8a_;USx
z#JSzSaxmuQZVk_BcuDf9*k~*C#*e-@wZxRWZA;zlOJh#LM*E{tC3o8ujqj-$!ET$p
zA9hOe$=ID_(mHMBZc0fzJ^hwN?zS)f{nKxI%H7oBUyy$1qFjG-CXV|%H^=?gmbw_X
zn_SXHJEvxS<DgL`*EZZr|1N`Zyq(;zYhv|BUTC&4UHYeDqYY1M+A!~(#@I&hy<)eX
z1BmV5*6&uvK#XVDvbgoT55{vT;fF{2XrzpRVKsYl?SqXq{B<SYIq5$b8)FI0M0msW
ztB*N_-V}1ZUmbmc-?Bwt>{i-s7O%}~E;i=U^m2Y{{rluNUL?o3g*}gru?joK?F;pe
zsb~|}cAcRA^iqDguG^6pHvp#Li@cH}ujI%J9?c6L%?lpQ3m(nuj2GrL-ZCsL{t<b`
zVElcXebVnciyQw*>9?&eY5Z?*INF&wm*bnLpZK<cT(2>sUTF5lw{vP7^K$o`y<fgR
zY+A>>{ae%8$CmRo*!YYUjdhp1UzD_`sljhq<eK(O{iMALd!dYGD7kAthkAW!6Qgw_
zWjw5*erB`o!Is%~`!kDP{s;X&jUFD=zu|@Y=!>(8e~K|-U+tM}o5y`!9(Y~|&)1*)
zuH>h&?`wEP!;dxm^M+%*5oZWrtb6c{aP%Ez_@{k`W*(YY-_TgESl{k*WDb<iw$K~~
z&t$hQ_M=?;!alY9*I*aPXzWM1+oiO*eW!o4A7>Q*S^7zPJvRCg%}{c;chOvu8r$UN
z<j-I~CZiut?shEt&!y%G?0qsC+d!^;`mlcTeF{4y?>iW4{}v5fPyNP^wFsUBM?1f<
z^sn3z$8CtcpWVbsjyUjW9C$R&*)NO}^KQSgZbaWD$GVXm>o#njYnm_Y+W(Sd*NVvZ
zoDyH|ez^+&XF2iv&JcT-pU;}U$G;j@?)-5VwwNz-n(+^hj{kE@d|SSoRoXxF`!{-c
zRR5+I>W4_%A21l7CC0HJIgZ82mPySpcHLx;1?$V_m6&q3UnxVhA$sSZY1F8aYdK?%
z95`6+d8>hku+i7&mzZ)#9JkQVZS?RE{?IRbq25034;qYXh3O41XgJor)EwLRmoyxG
zie|FD^v}dbzW7~3Hqn1UDTCbos`Q=pwG2mNr=~`g+~w!*JL^YtJa)EB9NSy&o-c9c
z>PK@jR!@In$xH4IC~dx}{)>t~jtj7_c1yo850MXP*8Jp8r~d(LTpQw-?`!<uNd7K1
z?%|_(4t_HI@-q$pzTu6Me})~FDcjiOx{k%zBj$YkG1t&IZsn@+9LVz9p3$dh`sAva
zm71rqwwHOi9?JDz&{F-x`7QPw8I5CB?s9FsKtGyqV=tG{3?<jK(c_<*&tk8Y(O5sZ
z&V?2F(cFu@Sw=H4xjU%z-R-HlAA3i#?f;;Reo}HhXSNTF`3LL|QselP>$&JE`j@Z7
z|M|>`Km5rS<N3|SA7dEyRm?AVHTZq({o#XA-W3hUx`+RIe21ie8TK%lv}2R&^EoG^
z-+q+qb26{hPn?^uaSS4@{U~?&%*lDFvCS@)(b$i2{hP?|Ouv06cmAL$Th!|<rH*k9
z0Q+i$y<b?)muAWMt?vQJYEGBYybb%N<jb%ZHvTA2YTlpz&tPw8_`?lH|DsoOXXB6d
z#J>Vx^b5QU9>;DO_QGx^Q%>7f?v5yRbWEuE5O$a3Td@ZvTmI-5(%SxV{d;G}q~^`o
zCCRVHMqd!qv}dPZb~i7_=2bE=?Jv1Itd!>({b)XgT|+*iTz7!{9jJ268*9-q<$mLI
z{mJVj+rJZ%N3gF*-WxkbzW9Ipw4UdW=s$KaJ`bPSaKyxK%+1q313NK!Uu?v@<b^Sv
zOZ^Fh@jbtJ4M%&XKd$58sk|TcO}1V7x0aZ4eGV{=iD+D#$E$%CV52<fO(A!WJ9G2d
zTKuae*El1*HtoUKs4sj3JV!rz$BA6yfc)*Aay@7)+3P2B=`StilsgN>7IWdm!MKkb
zb3ECy_Q@XeDm%7h$DM86Ushtu^?Oo7`q8+yN8MrDE$WVbwC;J$8|{zAeAJnC5q1w5
zz4egm7&uV><t5*9<&y?uzFwVtEp|onZP=R|9!kCjJ3%Ink>q;3u+NNn6Ly-6X0%_n
zvh~Vue(AUU_hGNUOSV63+GSY#OpR?O*Z486vdoK8<Jghwns#FPZCANFrOdn2^k>?o
zsd22y-HAoBJpDshx&FS{rTR&0`&=PYw&CP@9PvFhAHf=}f7?p@U${HD#P@Z7N||db
zCtHTqlZUWw{i%cD+f{yTvkoMC?xcSN8+`#g_hTJ^cYx!(^omjjxsHK|dD>unMzI(E
zKG}I*IpX6V!58OC@Ju+yA?&<~vG?{8U#{^%enY-IcNBGm?Tcs=*!sHle1KC%1bjww
zuZD+N)W%ri!-5lF=WU;SOvA>~zX%)UgtvpY*MDUxn_S0FoEM=v4&ShvGs`v3j>#j~
zI7Z-?<G2HxE{;2}ZLkr0O&e|Xj*^#L$3v7K{qFeO`Ztt1+7_}YwoJCnZv9z}1|HSG
zYFv-{H<s&#C=Wav-%$FE7xlWTlt-@RaZH$YLu|}Vcm#IWZ=4x2X-zHHwCm_UyIkwV
z8V<WgMLWDxb>TXXHs`f^$3@f;jVigu+&MMtW8-*--f=ZuKYG^<xyJN8W18<=8I5a*
zTw_K#&nb0`a>BM-loK9;w_xvK+cL@q+cs|fxn)dFmHBYVygaAruP$}GJN@@!zm@z5
z_KD<QW1nhx-DJnlW-@V%B-h_Uk2#xp#h5{3-R1gSn-SQw)>p2-dG4I7<%~8#vo^kH
zle?XL`I#f}pM+x`!M}o!WjChlr(EaAN&3-z9~<i=8pmv`levapqz1q9Pp)hDTlJIn
z9_$q|nxW(x|K0l0*oN21Xoi#P8h&&7oojMk!*AE0Y41qQB&=M=$$jacjFsye{(yec
z+FxIl$=80C>-hOm`ln&#+Ws%re_k0&F|OcE@x^#cj=2fH41b(gzpIQHxyHAiHBOAf
zjJcJ5^rn!jKIZuOWgbPo@NC|<Kl*o<_;R<*6*I4|(b#U|+103$Ys@M7(b(^?Ccq<b
z%t!Q&J-Np8J@w{0Lq_8`lxxhb^)D;yQYXKslufSv9&-VW{W2~!s^t1?UX1?>nl(T9
z81>1q=EIBd*$4Wa<FV#nQ}TVmnvZ65&A+f&^WhQF?qZzeC_g;9=EJsUtRb-D&2_$i
zZ^=up?GWWhvpc@%yNjB>gGc-B+LHDKeTQbW@6f1vLEoVn?K^k`P4pf5f7*AM?+kQ3
zn*ZB(r|VxnIPjyvyncjzj_dmL%l9U)N`W3veh~kEC$C1@HQ0^A5?y|$1y;|L3%~l0
zCF}n|<B#81OZ|3Z{#WmJzm2K>!p47V<Nt2s|6AkVg8WQtzPl&;teMY})|l}OYHH#c
z)Z};uHQDE4Yn<yEzM<g{H+*};cQ*W)hVN<kiw*l{M{C*mN#ardTf<{$i>iq^MLGRB
z-1W0BoF9(K{(T6O>l~b*AH4(X;N%6^LzADx`dZEFv4<xgjXg5?&9w32<P)(cBtL@x
z<YdQG+`Ax-<L9jOpNBmsnWdooJrOjQ<6EBo4`Sb*{4VTO$^K^NHObdw-<Ldz_%|ir
ziv4i1&m8*Nc3253cNdm*^3K$J5&LNwjdMrt-dr@kXFEKE{bllRvCky?yyCOT*TVmq
z>|FR$@&LRxyYZcOaxKFK`iVagyK!pPMkCiUcuUu`&Ud+fhWKjzq;;+xm6{FE$lXPy
z{KqvKE(;@$V?(ZMdptu${2}~u&DXfbx4bML!EeRJGdB2FP~Xeb{~`G8$?wIwTjpV6
z%C){9OwA{-H>bw6POkYrmYOHAPbA+;{9h*D0Y8)c9M;{uCJ{%jdHpRlqrbg|#^cTa
zW2oj8zs*Qp{4LFRrWgJc@qKOGXJFlp?|Fh;<IhQr&j!acz-XqSiD!Uw{9KZnE3omm
zsEGMF;``e8KHD45_mXy3(#kdd`&08#><u!S5j1iw|Bv(&=Lzg%$@dZ8*ZQBvx|?<e
zY2_OK+0+c6e=aq%(8x9Zw!CMY2e4C;T|ak9-V+<o?h=0vY2_OKpwt|VoiC%Ai$<>T
zU6+mjTkJPeGY^ei$ME-3voaI-(bOzJBiAwfv-B^-FW30|iP^|^5q`P)JuB`R$j-IZ
z<?CD>3fJ#ehvxmoALm^cm(PjR^|0r7t{1X#-1<w(HM{e$zrLhZC#xM!b{&Xwe*CiI
zQjIBAkuNRZaab$a_t!}_-g?Q#bL&4)@(Nzj@Y~9HLin#J*OhTj!esSaCXN@$QD4|~
zCeC$XuM^{3=z}F@oXh<}WtQ`X;<wD*m1WJbK0SWlk-K*kf7I*7M*l>K6Y+0q;`;}-
z*y8@x)r0YO17`5LPoCZIfekxu`VakY9QD)j**E%qNA9jE@uTi&hVjL*GI>+=uybLH
z<o&UelFcX1Gl^-R#(CyG)~<Ya*SxH^=Z@WbOJ4rp-(1QT;|=zeT#w7qzwa81vc&j7
zV|=+@6M>w2H}@xD$AZVyo*y@Q0DD97hq0e%{Bev+&F35ceGNxDps`J&9pJm*32HuE
z$}e~CEA@(VT{NG?7j1$@RkTUopWMZ?Xzs<HAfvHfa;<xuC!o0i-|N)C_hZkL(c7MK
zJ;%Nz{r0C^?>k+c{vIpWYl`di6Z1n@xBi-Pk3GgbY}>o_9IR@a_qUY#Mjfv$pX0bj
z_sKC1lU<Lh|M-TNHhf{jS2q0p<j1i;YB<IN@$LVZ@9+=d>r?X>_V(n5v7eMFv!#~n
z{p9Ft(yFmd)mTTlwi`Gwh{nzImDN?Y4=UU4mHUP*YxQs3@KD3U4Nq)%Qp1xQp4#xV
zhV6@**GR)N8lKhgoQCH%Jg;H<vBr#f`Vm{BZ2fhdCxDK8dC&9@!fw%S$<c1f(Qe7n
zZpqPZ$<c1f(Qe5@#I5n8-O?ZJmK^Pt9PO4I?Uo$vmK^PtJkrFEc1wS>TXM8pa<p4=
zv|Dnt)vZliUEj17Jla;UTeMYjv{iDnRdTdda<o-)v{iDnRq_yV2a}_%lB2DXqpgyo
zt&*dylB2DXqpgxhn)uOH>5sNbj<!mUwn~n+N+!%ezoMKc1anes8wB4_c!(GMjpbR~
z9g;1}>B(nd*G+a^^f;~FvfC!|=GZOe+e*L4bxp9$YK*h6;iDQ}B9qqCa$PHi^xxE!
z4IV8UJX$t*v~2Kb+2GN#-Tp7imT{tN$x*iCC>v@2Z`mjs$NJKSaes*mi<vsvde~!f
ztoiWnaEx2n^MqJ$Vb8DP-W@y<9%47GeLE$2HrB2GaLFs;e6-X>uE({Ac}sIlN26*3
zHUH0&<hj;I$}`?^o(bEBkv7@!-zTpxf2`ys*JGk-)OdUzlF_J=t0v;y+C1C*@utkT
zmSei}u18}Tqy29y&(a*DKRJ%$$(yEs5q3D)cG^<Dqr{i%b!)UCX^+FVlN#9ew{I%%
zDwEdKaxMRi^sk1MYdhOFracjRuuR&q$#vZFa-hGx`Ml|)g=2nwqFjHCsDa(~mbqDV
zK6aLj-+Vn6tbXUXe)BrC@h?cfZFxlFUzC3P!TQ%YOVV$fpVIhGOTT^l`o@2D`Yq|(
z(!T<GrJUt|SNcDSy(axb*!RoSOaBTPz41RJr~j7p8~^U~e-C?4`Y{7vkkLPb{klw?
zVeEGrziDdxM;rf7(mxUVv&R36^iRV6HT~Wr8DOvVT3IGvzMfWo$DVwrB8hvC>5uy@
z_^07tuhGZ-maOl~8vl@te=_<*lSg2tQ}}1VzfPV7Z#|~?9e42^UeeBmZ`4m2Zo!V{
zwQL<XPrey{jDP(0?VHnYdtZ`lA6}Ylzr}eSdfWa}>AxTQ<z(CPtI4+Cv&q)!Ka*|0
z|4R1W)bq)<(-!R3eI7o!UaxJR{ss8u`n!lT)4veET<7&+>0g9juKJVGzZkz<_2;I4
z34Xcr4<NH~2_5A*Il0F1^we_NZgP$D@$@gnFIWA&=|2m<T=m~f|GD_(s(&o~%kaxp
z|7`k~<Cm-c@9DSS<f>oWF+e#l$1hiX{Cy()_OD#^+o%3&{BqS#PrqY8uKM^pw#2y(
zzg+dlq<#f{x$6DBSIct~e!1!|O21=IuKKIfe>;A;>UlXZ$T)Ocso~Wc9^3HR4fhRi
z(D23$4>dg8@EUM`NArv>Y-~qMf2SqM=PRyQCD{M^JInVwd{<r_YuV&=ux|Y)OWNSO
z8va!C{iDy6<GYdjPZf>a-B-qHr2TZ0_A?ECsid84+WX7%QF9x9Rl~M}n*Fik<-1E9
zxjUoewPk9Yr*Tb+epfiw6ZEE#>oGAt4??pL-*k3k+E;QtCT^?$-?`6;o!W4uO@G{n
zNshjN&Bu1^KU>Nvci$}SKQ7};!$!T(?*?zCAH6B$`aDeB2Sa1Iwo;RM&6FP)99V`u
zzTuM^KCNNTHLL!dhT}Y$IIqDM=T4t1WsY;FuavgkB=x6aH%*>^jq;#3g<R{neQK=Z
z4$1psqutQk&T{wF5`P4?Y)i3m&kBv>QSQE0G>4|<jo8CvG>&t*##yAFIOk#2^<U=s
z5T@kS$s5A=H~e(N>+_!a@z{-$U29Kmm`89zqyMai&ujRihPTW3p2x-bAwG}yl=C{+
zevdYRc?_o9)BAjBf5%l_a}F>Le&3NhCoJ21cFXMX;Yb;cZ7bJ#aYAY?Kyz~PCh#&D
zz3nX5d2xw;V!ju9g^b2_mb<T)zW6};d#qgZ`mlb|-husS@|Ur`*8e%|T{1CU=j3|s
zdT;uj6LQVV^y-JOaxLdK^%L_q*zY7ihJ8dvKb&0S|1A9zv2u<7Z2Bi*<vRD*rj3m6
zxL7y&Jl>x#6Mu4Y_l;E{p07)dW8?VL*ynQ1OI`n!a$Y@G{_0>{J4QbyAKv&EH5_XT
zntAwQZGm46ua}x5u^T139$3%*9!E?*3%dO(!Q1eE&DZr&jVig;J=SFWjwQMNZTcm!
zX-~n%J@BuUd!bRb<hXwhk5lXZ|4JF;`n#s_Ug|eVjVihJ*RcMF%5%%RH|)^w?=3Oq
zIv%1;&_}&fqbl-!X{mdxx2XvoyeAs_-n^z_qkV{P-Q`;59o67>zR2BoO20=Pzh16k
zH&m0na<bRT(N_4)e@*@WR?07T{vl|#IM#e?FxCLe(I?0HkQ{N~DZKyk)VRjRvE#lH
zGmag3Z#mXy^sY0}ZeREp?e=ZfJv7liXjIAF4@w;)-|q|#jNpsDhS!JJX79gPV#>8m
zoZCH`A#C(D8dY+A2Fd)?Y>6F~(b(p4cW%iy`UQ>c9sQE*+*5B~$aTy_AE6n+7wv||
za>-Q_{r+$nR}nKgj#<gJX`dWpFFE=Ywp`IBuxos@32go`{^4C=+sHVMv8eBtN?Xa@
zex={Rf&P*5xsvZzo*;9gZ68M8-CxqaV9cX=1)6AcG^*r(xPS7~W}d?KL(G@t7{mWw
z;>)$I)b*J*<|!Ig?L3Wkdwekd?$hb&lRNo=5>xJeQTjB_H_*HuU&M!J!7-lEn?kPh
zdJEW?wrz}OG>#Lwd#c2ouLi&4LGGR|{u9&h7?A7wW~}~+@|^!J4UaTDv*Bo4^smGh
zYb@-zh(3a6z%iD-T<R-#&y+I6Tt>4mKDYj<^2}=RF9+j(n<Jrry8Omn@Pp-gImQy~
zw!RwJx<?sc>pPTw>$rKceYj<^WskK5y>mLs0}sL0$C$&|80WC_W3Ti(&g~mD&a?fK
zjd5`DG;Ex!qjAhHO#cY>=w#dH_+;aqlspH!G}&6dNd8s1_6G+BVK?8aZ2c=+|H{_C
zvh}ZQ{VQAl%0mrX|LV8?m92ke>tEUWSGN9@t$*c_hOK|~TmQ<|zw+FM=QX^bVcWLq
z7d5=N;Ux{9-0*1)+vYXSSq-1t@Un)NH+)IMmp6Q6!&f(aO~cnUyrSWo8os6B+Z(>4
z;kz2XyWx8pzOUi?8-B3ihZ_D?!w)z7NW(vF`0<9HZ20Mhf79@@4L{fL^9}#4;Q@wz
z?IW*YDzDb?*oN0`xNq2ddNu9F4G%Ru-0;MPCpA2|;i(NzYk1d&M;e~d@T`XCG(5NA
zc?~aUcwxhf8eZJ+l7>%i__T(XHhfmYUPsloTGsILhA(OO@`kT$`09qQY52N^S2TQ6
z!?!eid&74$d{@JFH+)aS_ceTf!w)w6P{ZG9_~C{hY52ztKi+U0v%aztqc^`F`iFAt
zTa(xQZ^~ySaokVdBK@8(cy6l3YyIiT=VSM2cuvD{+(EDAHI4tZ4SQ~3Of_dWe5w4^
zQqK3Je^=_^x};wIV8b^zd|Sh=MOFXB<Q+)+<;MTR<ey=GDU+``JNIkaKR5h84Znz3
zRkK>daSuPsxlZGMX~P>gylKM|8s4hm$qnz+@PRUAUX60OS)Nzpi@t_EH;Hp#*mD!l
z3Dr!(4kvrhW=ir1c8BEISnr9bKMT8a^4{1Zli!40oP09YzEuBJ?8V9dj&;q~zYS&k
zw`BX#^<2Me_LIrO`1fGfe+1TT5O%X~DqH8uV;f$(;lAMw8s50!p@waf8gpX9wpaB}
zZg^_L(;D8j;gN=CG(4-}IStQkcwWN`8eZ7&qJ|eYyrg0Krk4M-hL<*MA6Lz}4KHhW
zdBc}9e0jrHHv9p&|9$x$WsF1k27GJj|Jq9YU%38F7W+uO?Y(KkzScj2jq#c6YyGy9
z=kAq#E!zf1H2iLve9c+@hrbK<Y`NEsd!YZ1=9$CintSQ1jfuH-s+#r2#NUYiO!617
z_cZ)u^0U}y8lKBgHm%35xKEXQc;jExaNMU#%}I^_w1&MeS!41wuu-0v`FgDr*JZ?+
z$NO<T_)uwox!xO$>nt>`AtRY~CN{1$@E?hPR{A|I#5zD6BgyseRV_}<iP#g87n3&D
zdGxE{lk4}tmZj!3XfBh{jK#|Jdho{duZ@-K{jQJbr)(d`-k$9J;7=rf4*RKO*PdAa
ziQgyJYuIn5W+`dEll(OH`^mq<J}Q&eaVpoc{W1L;W94qDD=?qw5KH|~a@BjkQvWc1
zxqd&(wNJnOCfD}aQa^Rv89OyK&I!53bUiigWc+fyhciPzY2S#QnS360mW+NXdb!?D
z;3a=cZcMbl{VLn$F@Ik=Chm=e2DTkS1KVG5E&-2Iz}9atChm&_Z&)<J<Hkh1_0?=N
zCa%#pY<Niix{(J4hS<B!95H!)y>X*Y9^$?J8;ySRqW2iqzido=t{ocq0DN2O|7Ow4
z^*+o<`h7>PzYFagsBt3ZCQVFuH0HPdMNItvG-k%JFMB>v-4z>ck{oT4?ATIc|4xv<
zUGkFa?<((@e&3Pn?<z0WKQt!p=Qy_H<=B|-$-6iHnD6P2`hKV6CD-31pWEnTy+!X_
zk2L|kDPm1{z&mpJJsSM>jOT&%_oB~(d;E?cxsGR3^}}Q09Hx`MTgo8U{sQ^CZ)5)V
z`_~i7`W(j**c5Re2HsRLThEW6m)QwVYM2KiM*aN3Ovk&g`-e-ua<>`(u|?UwSNxW{
zhkf<ZWK6jq$cN$fTO9AuSa-SGt&GnJaR2?1c3XMsn7GFi{h0j9)L_bQHQ-+WAEH0`
z<Yd?6IEN>uImmT=i*`VN8oo`~&DXNa-PcMV4eLka`QTQ`=D&OLLD(5GX<ZZKZjVxz
z7$>BikI(WM=NRll8NKVRT<h+8YAo~dG8+3$u4|EP-v7Xs&1;t3OI~qavE!Kd4$YU;
zB>TBw<v7l!|787-lsI0CRn5OO%*RNh{%<z?aKn!_%q`bZ{gVxEljU(;-7fha-k+H~
z2OH-ql<j`}zP3CEV-HN$?`!?GrRV7KL--Gusf)FdYyTdb8g8wZdv|DTt&`N`b9(2f
z!Ee9I^|^>k({G>3^>49Vsh@mr!d{i^wPswG5yw82Yk%FQ2EY9%ciCT`)K8oTu%Ax;
z32{Czqj!$THO_a_KZKRLJxjm;LO*eSg?&yY?Qn9fV@F*56Y<O4^pZ9{A0+MO_~Lmg
z_-F9A)K5Y$*D_2>|784f{hW7N`t4u2w*Pef#GHqXV=nv*JX=5InTB4j@fW0jSNwAA
zi^b_5!7tZ*FHHXo{BreQlm1!w<!-N1-xc~P!>!nxQsY>YYZ-h`&C}RBlApoeDO2XT
z=;f-9b?=9cy!>1V_SMVS`<=$b=O?Q-?E2HAu|#sWcPU#O*U%5)bL$^1F*|t|&U3J_
zX2Q0=<E;Nt(a7EG6320)-*@D0zv3U(Pg?tQf{ey@<XV@An|axnYMd8x)x=!hmGfSF
zwq2imNW;$0>NkD=<5Et!j*TckX<Zwg8){U^RWqa?jcdmE<b~KMKl=Y${#aY^n~&TX
zjLo(){@TgiLuG9r(NBEWm>Dt}%O!XFmUf$>pDzwh!$uw9CGdju%eI9YIo6zHk0bi6
zqlZa(M{Jb;C#6lI{pXatqHWPw$2h*AQ6+a@FJ+E$qB$DhOm<@)kKIp3ZzQ>vKjQ3O
z*37-sB+qKtbG7P^I;JMZ9=s>-$Jm3-({bBBR?07Tl)){=FdD~2^cNaca@9<P&Fdg+
zj5jovS*{w}NR90l=MO(EdBs}2$C$WIU8W}aEe&7R@RbcmUC^J0&v9Vd<=ALLcoA&5
zd-5_jx!d28<#7kiTj5u+tMMJVqnvJWO^xOX_!xHMFU6iDqjyZowT`dTkLGIZyXBEF
z17E|wui+I9-`wzR4d2o5ryGvrNXERc@juXTeEy5(z4+Ei|Ml2t^T$h@%eBn0rlEH%
z53yV3o3PQR=uIJ4y?v_YBiQIu_#JSJN%Xd%T=g?x^&i7VU!bwwqAzlc#W?_)yYL^b
z9*zAe*Er4%<9rr-qKw9QEmzHH`qA8reWQ%V<wCBS^Yx>-AA5<6#x+&08v9$#SFo$d
zPuL21ZkB7vHu|TR^Vsbhc1@{%^Ojw=HcGb5hUK4?m~uDQR?F)(^t-|lf3GHfa>P%L
z`0!|acr^acoA?Je@zEH6Z}y%qNzcR1ZaB`(((m=HnpxPbll|N^#sGeK7yVC`yyR|P
z$;<V{wDxV}wRe+Oa^#g9dBLN3!J~O4M_#{Z@|xe|g~q&AHQ%R-#_>^kV#Cpfsc|g!
zGt04H&D5A$?s5&^u+h9cHRddL3rZO_Z#2<&#5cBF*X@_6*=J0Qh4mZuD4^f+zBt)D
zJNcKTE^>ER$t&W_YT_hE9C$PiJR0ZeCeFeVhmiahak<ywyRvJB@5+`j#@OsJu?B3S
zKRJ$l$&oMYJc{zeo5Inazbg4gdmdHtjebEh!FcZbjfu95F_4Tq{KMEN8~%xKlnu6A
zar}Z^!=hi{NpP%beCgkD9>=WYEqL80tE)Vv;hh?edZ8b}7xjWShofKMEn(Lw<2Wa5
zyZ)I{U%5M`)Hm7?jrVk;j_}TK`1dd6jPfK$d6J_%$x#N_yw+gvVPi%+z_x#s;nz(W
za?JQ%kKcFXZgDAFv=3=5PxJ>G-;wKh3(Wzg{b%Cu;YHZ}8lKzm{Du#2IL<LhYwQ^R
zzbWOE>s*U5hGt)U6Ep1r*k~X8^WbP7(wbWCjxTkY23xjQW37*TBzAWhy(+oR$2g|*
zBM^R;b*7r%mY8vjz`p|DTl6Qtt>Je!{9c)~Za<XKKaG8?;h#4gpQB~I8>Qd*GAt9v
za?16bdE4}l#mdzmeL<Y#@!4MH>oxR&GI1Q6ay`$F>uWS#FCLZ}=bv0P#xl-@*f`F@
zZ-r0QPfW+GT<@hU)sN;%>^aG{$BN`1V{ev8>$sEay_DPallBShH)S+K$+b_vrytEz
z*k_WT!~RZ2Z#&8Lev9v^{~zr0GMb6WwT`~0#(p2euEy~tS536TLFHcb+3J5+#>Pc5
z{+qCuHvEo;uWk7KGHKoJl}T%xe7)f)1OAtgf80w?9&6c><9;~oz42J<VAmq+W_-tt
zT*pS7li+vE$kjg^Hl}^+@l|%d93rE4%*eGJd{50Z@;x#&jv2XXjHTu+*cd0UbLDjX
z#B|Kab<CWlAI;U+m}{`@WSi<=nY=zGlh!dK*D-TfYF0<{+2k)^KcD<9>|@D)z{VIL
z&QNk4SO1fmwTKh<OvrZ=cmsCxbzI4HT=|}5+Y&pR8rxg0?cjTA>?1z|Hjd*;t{U5-
zKe#!bCdctKdF9kt_gM4sZwjxK{t4K1<lmQZC3hz|0`eJbzHDUq$FcXxF=mn@K5SVc
zKI}0wj%&}Bm~p;wN{Jcg8)!TZ>|@M%V+L-(x^Bpeu}3xR+EFzZH+*@+S2g^ehOcY*
z_T)RUalH7CQnol=<a5QFq~;E+ZDhW0#>TN8c8=NyJ!wrX*LzAkr{7x2-D^vINA#1{
zHEpkC=gpktBd`a^#2lMkk6-gsa||}t5aPTGK3P9{=a<|aSMoYtKbmW?OOsb%&z8|U
z*W`N4vfb6&CO6Ay>_@qdu_^iw9TUgrT^b%~cxJ=aLH+Jn%O}skt|R}Uw7FdCI4(6F
zbB1Izs^of4V}gF-?10@;Mq`cTT9@tg&mR-l5IZ*PxYs`w8}s5nOBv)E{}riurPlpb
z%{gRpjC0ubSzXO@C5~Lr+oQf{9RE=-e#CAVj`@-ta|9lpBmY(6#2k5b>BpEOXvULv
z7JGkKxpx%fBstdD<OPl9$cB$?IOaS0Ir`Fn5H`yB$5IBlJF}EwC^e2j>(HZ7CD-+T
zl73<?#M-`UOf7eBC~<bykLGCXuF1z^M`ZMl7rBnNA-F%hoI`HjaP)inw{859Z~9kF
zfAnqgMC=;LTVtbb(L1i4`~9Cv-R16$rOYvA&`iS@>%hV?u3{V}Z)Mu#$qmQYOMjFH
zjy6k;V=c;qe;YW;16vR8rS#92^2pser96%m^KyJT{`w=DH9tAVc5;kW*m}fxgRRG!
zru}n?FL!S$@q7Jfte<7=k1XfR(dNm~=E>3K$<e>bdo*chG#uqYV_!shVEZDD5wLv`
z;}f>cqfOx5;Pu!o&va~z)xVVT$5=hTlz%8S`(TaL|Fw)&)AvU;_ivM94xn*6KQ&ik
zmp6QA!%+s(UWhNs0AB*fye5vNkn6mN;{}>4@I@P<ah%Kbyd}mAnh|_)T?WsF4`jE@
zi?K1UN$a{IcNdiU#vD(LI`yYwm&oYtPr06N_@0`xu&2vtHb}1X?(Edq4l&*qmFwT}
z`jewx$<dGS5bryd)Hq+)mH$@SR_-n;W!^9~wn4Q2(PQG+b+G>AS2gUKQvJs?d_u!9
zW=K0%U-}QlMj!omDMO5tc1=Tn7@CRd(WsJZ-$lQmS%hyIyBcdC*EP*!n`Ju=JCb}N
zc7}}JzLsm-uA={cN_pgZ?29?OxXg<f1MpjT-*M0<pVaVa4WHR?Tq~u1S>uns!0)_{
zweIhw46)Yb{isb+?-+?TLBBI>KUs#Q*qHmIHMLxix$4yHkBzk*ej_|xKYH6uuKGA;
z;kSL{?h+MwpO&=e!7;Ys<?ylW##uYL#)+|a+?cq|j<E+1qfyt#lLm#m5nDUgOf*BV
z<3Wvek!v5>M*1z0T=Uu{{gzp-{#fVHo2Oj;F*fi!9_8wv2^-&eCs+Rg>36M`tABp_
zhp=+>NBa=R`pVURJZyaXQ0|;?Y$vn#*;X-r&`iQ7*Sg1=dHk3-H;nknj_E%6wGBHa
zs^50$2VLRwcmMKSI_4v3Pr)B;j%KvYQ!}3TjN^Ho^^sklV(g)}FXUQIb>?NBa;@V?
z`t1w3yR3|>Xmes7jc*pa@m+7`$i%UXa*ZEr5t_5`Mf;<%zoPx~?^ee#<%Dt`72`bF
zV^5zP$9H%H-$we!l=hLkx0SMaJXXIqc4BI5AGv;Z5dA`0Q^?&FC9P|bX=h`j-Ci>$
z=4G^7a?BCfcx$SM9b>U3yr`5%?l$K?wpgFhcwF9uy+>nt<Zh2u_&<-!CzkUNWA(6Y
zJh|Z=8;<LR)QmKKb2sf&Y?KqWFQS~V<6?a^E0uD}-Ib;8QC~E><FjtYnSqVEqqod4
zX7(y&UPsMIrS6_nRgN;?Uk~4^`d2P_$=y3jUeS+e9KR9&<Z`ZZy!us2Uayn!FUOwU
z@S9SDDc4qLZim03AASt`jfTJ5@FNXJJEI@%7uYt4@dG~u$Gm_YgVE-c%^JwHfA@sV
zSB>o@e;d26jDBo#ZD-eK{mv=59v=_aPulNekCf5acXB<qS*#z;QfwT*VB5ns(tj)V
zdYQD&FS)zAwE4&Mqxl^6E*Xt&AlLI5-&1ox_FfsyP;#BizNhBL*zM(0%I85bcanE+
z{ChPV{f@@59Ot6&uCQe_j%_(XUbT!FxqD|R|D@E+#5#`qQ_H>m6O!M6J-Ol28;<db
zesg>=AK?>W``$Q~A?mVP$ycuZ`^wa~u1CGltdv~)^hh=MEvekSr<8fIe&W9#8^?Nn
z+{knJsrr+5ZaCTpziZOE>9<{@zAr9ile>49_!Cp(+If+DTKNq3l7_En_?-=3)A02T
z-`Mai4R4nG7VImMFULl|kncO-s3ZJtIOYyK1CF_~dMW=4<_?<c(9C7;(b%?fcWtTT
zeEn!Xh+Qb7@g2Fg|EcL8i<P_gm9%H2-?=8&aekhDV&05hmV7&Qk^H*yT;lN!$6QPQ
z^7LPey|m%CH+*%&eexyPamjDP4#{0<6S=Mf6ZMnVRoJa$G`5Lc*MaTyqgjlN@q@-1
z%iS5J?z7b3w@u{k{l$NPe$u`Md$5eg_K~}hG5nv`M`&!z)7jNn54pBsv@IIP(YdMF
zAi1s;&h!5CF#~5{moyyxm45S9b22u@{Mgbaay_5lI5n@s##}&So5Wl=z0_-BYMigz
z$Y^{=uIF+wm+{*sa(8J->$+nZoV)wUXe^i9T~{;*=}%3JNi?>J+`YAE7OBB+JIFQP
z7`JDXI@)J_@}0?73=Rx@NnWGW>l^9+9rgze|E%F($mrcRBfT+wrhdnUcWHQ};U&rD
zduqe+do{$-e^%r78GYmHzo_9$8lGTz&`iR{`T(EI`@5!pI@YyMjlXH*Yk3xS@5b+I
z{Y$V1Bp-#1_Q(G!cwYMbu1TCf<3Ast<IFa(H{`m8zfpf`VywdFlJ<hsJ09dN?-O30
ze#d}Z=jOZgllB7AzArV70l8{!OwFgTA5MM?dXLSP&9NcZIr5p*d>i|D8I9vzuJip1
z`pNfE?1Rbn|Fg-jB>rDz(hgzeZiTJDcjS4`w7X;DGfj8`9N+suKa3{6_mOMn#;Koy
zjpt6$OhgmUo#x*^nw6S^v2$cJ_Pboy2cJDP--X!ushNyMu5~{$HJ4)-rDiG`xoTGD
zb-!jA=W_RfQm;AsUtjK#x^`7|d{o{rc`o+l@>(U1T>p0M=BaUxZkc>2c6%AU>x|sl
zDQvNZkndseOm;PvNbWvZ%I16hnPUcCK|QW$_}+$}X?P{;o_aqstL*1qmHUR{IpNg5
zyzvh=9OpJ@EW7P)9Q!}k<h4sX$aUQAo*F-I-AhJe-Q}u@wUIbS;M-pfybk(kfArQ~
zu6=i^8vJ9ia_zgN`bm2g_6^AwV9$}!ubo`uT$CC=>w8OToOg27T%UgDm)zY{`r;=2
z<n;w?%t!bW@NN3Z%WjoxoKNaU<L_C1IyFOBxoW<oAI<Nu56Q%F9?9JntMGq*Z!0wq
z^IH95*hgga6O(Jq$MvHbPrk9vqnU(Ht{U@G^E~zsG8+3<uA0B-N3#WS{+1f&lw38=
zhyD%aUfleK4{vx}@;vN#`6Xq{$aU^mhZ<*_<X2;NlF>VU<T`gePgQ>;cD9VhUXr^T
zOMlJMf7Y0|M|D8MhcvvPVPjSOddYLJG53k%abu(OTi2H*FT_T@(Ab7s=wGMQQLe|1
zm`7-i#y2H3)=RGEpVQNC4dgoZF4h0W^2}tMA0}Vj_^)mF0}aQxP5rHn|KkmJ$(~O-
zXUyv=Y_tP>4IKRlzaNe@5WWF+ysEziyQREtsk>aC)3#mId=$G&YOK55-BS81)(SNC
zNsKGv_>SD=GmX(-Ximg;47+)aO|Ef#&%DmVo|zi!B-c30(%)m{dfz721k&D#&sy|n
zmuKY6qwh<-<odmgUG<++${g3}$<hAst-K%YpB!ztUWp^uztcUGacs{x=Rv;*JSqK-
z-))m^=N)C@*oJa<ThoU4eHH8N?Ztm^>Mgt6eYE(GO~36U*YByFk$&4puKo+tzX4XR
z{*CpYJ0_mtjj|=rZ2a>ZUMqQ1t^4|=P2}#@Qnq-HI6LDTRs+w*#{7a^A7ZT_t?eM!
zcGw*@rjg_>+acBg{I-K!+hGpezp0!PMq4FEy<o>+<oo~Gd;2gu=d0~MlcW)@lwg-2
zjiJFH7z9BuiC{!9C5<3uL@)@320<`1NJ$x_ItYfQ1SzSeM4ReR)l}0qRc%vsyVKT7
zs-bC{o3u^!cYeNWt=y}>`+1Jz`RDoX*~hW7K6CE#`~GrW``Xvu+1lz^*0rC*G<w?6
zie<l&hx(NLYX6Ny{uzYw;e4R<i9FN|uGAJD{q(F2vi#xd3G0VapKI;2s*~_Iv+o4Y
zO1zcxWW^nwDR*~x8_OS#e%{+Xrznna5A}!R|8}R}NlT63_&?mwah?8zqs|wgtDdtJ
zFN2kK!x}u!`lQ444QsH`^s>e~Y;PZeM@(CX!`oW@;h1~Pu2W|?^wMwgQ|B`0eO{G5
z+3vsdsa==e|4JvHG9O%L->*q0pSiGf&QD)TJWPLwzE9%vyB6*rne@?#k4jwjTlpKM
zmE()oVHd9h{R~$<R{wHLk%zHjzo4G<GaQ~H(B(N^v8+LP=yNzcWiH9XZ;7<K|A&f~
z!}1Suj{WLd_i*piE$$ht2v<kgINt7_ZpFJ`<x}q*^JjtULlxl|yXRbQP=rHYhOT<@
z9`qIW3{!+7&o^9WUBXf4H_?^$2&FCO$*K?Y2#);Adl~8UXL&E<Yn*c_>OWFCTs_5X
z(DiL}<vCWdtlz;lE@l0G-8^MXKX2EB%l_}Yz0%j5OIk7gOe%E7e-rqVmM2^tV|~jQ
z<6$nBai3}5Q*K6gF7w~H>>JKytex2-!q51@>=k8=46$<I*asTi!(LJL6Zu=k^fhTm
zEAHz&PH}(dvlPj#c7yK2RHPNP?Ja*e#;!uYF@3%uW^R<eaxVFZ>4VZ&V$RV@pVV8P
zaJ8OZ_47CBtZRJLKTSVGT)WBYT-q*flD32Ev}u>byTLnH{%~BY5$gX1v-*^FiCJGf
zYPTd^j9&V1wp}aU3XgL+&lIz!OaJd^WtINlf}FiSrPCJrHs&pTTKkmw%N!HqDd!Sm
z`iVJRyVZ_mWzIN{N&48t8#^=SOW!J=0nV{+l=>?l#=VS@Jb2;o>?Ee#X2o*6mWO^Q
z$7|omSciCyRV;mYn|)8A%!i@YuF`K}+Qqp|O-#F5;m&le)%pCSQyzZm563-$^{!KA
zIO@DJy7HN#SkAkYmUM8WE$6Y)S+nIl*4r{lf0OoH#nPYhFu&kPI{}aMdPO+OorJEm
z7b?=~+U;q*>}35w|HS*RvTy8cIvnq>IY+PE*}GSLZ+{QyT(04W*~7}U7uRR$@9=*o
z@tVZFlvjBAC9V<=OuSX%?Gl%<R=ItpagIcu8;hA|@TOwsN^KWw7hHXxk@oim^3>!h
zeJDO#I{OiR<^~+^xmwZP!})F0zYUh3T;X{Cb(!nT6FB<w8g%7Df8OLC<_uiDWOcjE
zJ>80Pobi7dR$0s+IL2;~d-|!5pG~|JmY;bASNkgyJ(lZ99o|y>h4VIg=`~n><`^9L
zuXep&5sta{f$KvR;m`*#*2<?r8XS5#CQ2VBy&Mytw{a=gh@>}4hoi5`xsd8PPTJn&
zDds$(+|w>U;}1tY%XyLaZTXEX=h38<pM47s|3ufBFL3n(>;H1yPibdMI}4AvUGY3v
z`83H7M?SoU=SszC?inKw9G)5OVH~ebe7*ad<%h%1b#3zOQoO@G<K%(EbB}xGDb7uN
zKdgGT$Pb5qzU$+q!_m(R(N)$9icdLHPyN>jC7+4%!;#NY*V$v>cn|xk>#fq^IHtUY
zuKd?3zV7_C;!0TcWN(Bce_q2+9o}_Mn>=uM$P3R9dDgjSsyuLb^r!xx$Mm};Uoz(X
zTJ0`-uU)R;I5Y3jIZxlgnd39_yVl@yRUDt8FptsuD#BH}&7b|ymCpplvbW2_D`jur
zMWDwhJ);gs!txAIgd=~U{!c@z^ZxLzR#rLY-fh3DQ_?yg?H<yd21{S2czxnW5-&*n
zRN`k6FG>7D;vXd5%=s~*^FqaP9-=yYQ#{1=Zz+BXR$J&3IObtF50t-0S~<SUL!Xr6
z`;V;uS@X1Ov|{O7G3_p6DxNH6-sAbcB4a>V1D#`Tlw-Pd>I+vtv9T-HE0p#|X_x9r
zJ})a?3Cqu33P(Qp@N_EP49mkjg5z@sUc+;b;v86>dgsVzuItP-xH_!2{`LRsQ)wB;
z3-qkrYuC^&Nql+Y8Huk?%<(1C&Q5$s;&Se%{M)5%;W~Zr31`~9opXm`StIf{ika56
z-E55DihuOjLr==RL9v|Ai<`s;pv%wNfvcVMj~?Y*S|0lENIgm0qSy?}&nUsw&uqMS
z4Ns@ycvv3h3>@Ft|17#ZcPTPI@C<a0er|J5mm<E}T%Bju`TzSM{<gHIU5B4@UZ=R$
z8UK1`K4&SPmF#YPvZwxzJoimJA~Bzbh3D|ZTa%~qp|9ZT=hpUNUe-Q}<=j&B<T%OS
z_;JBib3gs-pUca$zdVQQZ^|00SoT2q={Gpm<Eif9xH<)vhkk=&&%e<1nj#$E{k+z7
z)(afp8)Y6)?%j&BoJT4DTVdrtSP_nOaj$!xSDfd(NbzxJ&UbzaD{Z}V)Zq=+hbqER
zhd0qx2gdFl=Oa~z)v)quP=uonj3xeFie<06-`-1Zg<p*Slg^9@BVKzToo^4bIk1uR
z$g_;mgXw#wdzj~B(n`Nf@f_Ioi<4ft-d7Qh@!H%y(-e<zo}^gDNO|rj=23gdjwz)r
zds?|g|BBt?hf)(WH<%OfXbgJPiFr_VF!L-Je=u_;nE4URoCs#TgX<GBW}(x+!Sru%
zW8&e7M<gDZxGC|N#LbDvC2mPPKJmoF^l#LsHSv_hZHcEQK3H7a%le-@YhShZYo{eH
z?=@T}pYRNEru=d|mFEmG+bDT5K5%?)vM0JcXDiZPJpG-k*C9WK%0nGb&=b!9=lEQM
z_oB6jdzX8=%Di$e$4%$y$#YF&#+0<=&*1@PUYBEpn6WCyh(_xZIF1Vkx}SBy*wy5r
zjd1mb)t~uFo--7uIA5oDB>ae7`#mNx;~V;f#M?S^UcvPTJjW^S=*(Ow_21j-30Etv
z4$MjXrzo=CVCq=LT7K#b$8W`qau4IUKRiEu|IWE7>7^~MZ{#|C!#LIUvHHNVC$R3w
z^H9aoE_tW}9D8`Zn6$J2j$>;By3$hr-JI!@GMD71960tg=2q>|-sLm%^AooxX8gia
z@64Rq$(cFD`o%L%vGkjB=_@hgb`+j{t-Wx}lVj24xk8a~!b5xE>S7zCvc9DA7aTfs
zr8eC1d@%7^_%YoZT-U4D-xL2UG1q>>vq|D|4&Z5PNiTgXo&MY1^I4}@=8tsdLRkyq
ze~Qc85VJ<gS`hbEevB*SGDf4E`%C9<bk;=aD>3&`l>QOZ?y|<!Uit@)J}i5Ydrp;3
zK3gbl8B_V`H@JG!`m?Nkc?QWd8^1iv4LJ6eIq32%Qd|JbGtfCaPrGNi;!^k2oU6C2
ztXEtgqzK2p^c&X)E5f1w9$n=!cB|b}uL#E)Y({@P-QVSWV$w^WxL)RubJ?GrsVn)6
zQ{2Xx_mb2JeS+c+&aC&L@P0Pm;OZS~V_9qRpCRpVJYv??#_$3g(~mn-PC1V6Z~4I0
zA1t5k@JMHT;dozJju+B#!J(IVD1Cr5IP}BBQSKO69>xxiwO{J?wNy88y<W#xJHYA&
zS7Z9=U%$WFJ!M~#hkBNM$-jS5_FL)H6OQ_n{*g{S;cAt&cONljQ4U=F()5E|XMEs_
z&eNkw&zje{v`cB3SGiq#;d#Q=OWAv!OMAs_dcE}jh}8f7`=#Z)U7nrfDf2<h_?K~!
zpZ1n<@%HYbzbT8l4|8Vy4tHkWm9;Mq%wAAaKC}{!&k>k^QD^2~@OW5$`VFq$wf-sd
zS$Wcy$?l;K;TYf2_9yK)cr+g8GQJ0<@qN~qe#C>f9+rpp!g1Uw?UGI{;JClKjF-~V
zjzje%Ep>*gKU$qPLO;mLf~(c0vrcMX?_I8s&PaTH;+qoBPJBn=vc8m0hqNux54N)4
z_&*}cILdQ_v<COkM!5Qu)u$0%9{TTKSo!b@T&*!rS>y8DEUomjJhT_C-ZRf}V)E%!
zJOP%6zK7#je+s%h=PH&lm8a$${l@W?w2TiN*XS-oSK2Qr9s@sR=c28NOW(TA{vV#L
zoTn)6<V+nJ;E~pEaI~fLiRV-1fIReDnFBt5%G{QRc9%KeT>46WdIgSll|GS9zm+~&
zY~_yD-?eY_F87?4wmUzR^lv9#m-wT^WsM(Vd6qra>si*g@?0<P5d8Ac7C7el&aP8u
zIQE}CU8l})jN|_3%9HUgYe9K3)@ASVHOsz0S&T0nWtD!A&iGnC^b`5#8qx<lM_H_K
z%DP1HY*?Op=hz?0+>kz0Ivizni19PFaGW<XN708V!f_quE_9XkRmFQ?d6)}ul=X<~
z%mp~=`6Rm1KBxE%SZPN%N7^@CXYRmpul{OurLC*;`;(QnN!l7b-k)WEUS#uaC;W%n
zSmO&W`<^`X(@9A`19p8A*ZV5M)n6EOKMu+>MNFIVk5fF&nQ>vHYKK|5a2(f0p+9Zs
z4@V|0>(up@q?fixA0w^2e-Tsn(k?N5%kjO|WM#o|?zcC(JgmDi59OgPaP@(;h5p4e
zUU6gi8T;Pxrtm1s6OQBcR<4r|96D`|wDqvkQUV;u9p+GNar$1rbD96nrO!uOxuws2
zZEoRdn-y6PHF>B59CM={UHLF3Lt%NS16+M*?JeUaeSkDL(lY-@%Q<!F6L|(YN7~cz
z9B$>F2S1y>7vMbIJqq?cLFsG6@1i?1cVRwH<8!{?^4XbmKJVJib$GAD!xJBrco)xq
z55?V_8}xc<ukvKf_YIHqa_%90th7VX)h>Dnj_bW+(A{&C^FB(;T*prz!m+NIL-@H4
zTGo_2^dTJIH7M6_<+(uG6!+6-*E;il>o!<vYl?8ZH{p0j{=7eX*gcFtT>ag~cY%A}
zS9}6iKFm$HT4$c8(UlM5QjQn$)H}y_c%OIAD~d0{@-UC!m=C{ly+IL<wEuzb`Tx#6
z!xZ62`&ZW)A2@!``5&&cuHn!(Rh!9^_hr0)qdv@8I6j-;H9UtX4t5W78ICpBs=sUB
zvU8!c6PI%U*V~hRS>me_@9fMN?&^H5;$F@dDwb;|%9D9?F!~r<*Ko|SQRwnaQ!MjG
zp1#i2dK<4(+;fFu*<<CuM!YThx9z=2X^Z$~X_vYVUzxbfG55?&`j*bjL-sWC9HLn7
zyr&}Xt!hVD{o$BPW$%^$YH9nphx)@Yc4a?NT3Q2#ew>&*Sx0d7k+rw<gYu+5C*ToJ
zQY`%-zFu7VL1|fEaLlWV#Q0|^(qFYD_FI4a4gX8AtP$7C{B(XN`Bx|YOX3d`uTNa|
zG|#8(Y0g94^Oj=Sm!#8H<~Q{@NbvyYcNLr9Bdwp|ii46K&3fV|?J>@*-_k$w)8}xd
z`%8JyU-&00mVI0NU*fY|pP_gmthDqx9N(>AE|T`|iXF~hRJ_4?q2ise(lT~%d<Wrf
zbfw*}N6Et&J&eb{gYXO<=`}^T`X@E;|1V5wH`aPxuD|iHzroc%%=4P-gB9Tz_i^ao
zvENC!#F;r+=DhTo;>}#YUa`#cqpY9ds?IukM?BK$PdGk*X>^@hz~LY1I{g5LzZ@@A
zZi}=sMq=u7ik{RHE^Ah04Ro%0TOFplhjsiJ__^NYJ6r9EZ-JYw{`V&Rr_N*4hi^Eu
zAC~KQ$_Kq%$8#>nQ0H==iF1p5QSOAq<^Qgdr&Zce&!2f+j=$2!OXnC&+LIO8qv1mp
z%N~d>&lq&opMHj8o-@DkcPoC@`E!cQ<IqdLDJ^3G$9+m=-}AIrCjTR_{EQJCYvgP0
z`G(>`XTCG{wDT*9OPrrq`~j?d7%w>9Z~hWp<^ERjH_jZF-ht(3p2M+5-g6JvF#q8m
z<~bbSaVz(vDNn|W>wV<IoQJEw*;?2UU7pd3oa^AJmj|xO*{t?q*BL7~)=RVN4btIi
zWIvJb8{f6h9ZH`&pQG1m&Sic&m$l}6dGb&m{#M1Z?}^V6m$@N6PrR?5c$n7*IyWmG
z1|My68;)b;5$<7}PjC<O2d+M5YiA<5@?`w)gP+&&vA5sv=Un<$O#hXBaD5hi;#}_c
zb6%75Udk&x{SsG+%l&?ycB`asm$>Zz@@%-@PrR{SFZ+pjQ!#x}8*BXl|J(h3^3>!h
zdyANLQ1%x2=@U5mtyN5&@to;QpR~d9_g93g!)*>+<~r*Ij`Q1V(3KBqZ*mW70j~O6
z|KH}GZpAsy_`eLREY<=X=VOc9!!h&O#7klMSr_oX-S4M5yd~`yc*NT%|JPvoStD@d
zzuNVBML6!?`@nVPDI7ZQNyw)`8XS7L-%t85>Hp(?Kk1FqhvN75Ys1J#bsMKx?)MY3
z*OvD$@-zN$)RX%XqHoJSEI<7=8eM+&Q8@e)U1z?)|8~Eh($1E479KJ8^qmJQpC<X?
z$cNYPT&XzCJ!9m7!!yG@)aTm7*So)2emMN)em~{eCG8IPjFSfr&pqh!%u}43xZLlj
zdbY^_KkoOFK3@8K^6`FN=xJY2e9D=6miztWXFvEK_xnkoBz-CQe8<+;tE83QDjkl!
z{WZ^Xt>Wv>Z!4~Z<)0!y9PQ$@7{_<r(<Tob9`eF7MD<+fo~iP{;n7RIYA@J#A2xDk
zt!?7WI^t3Lp56bzYqb~c_v&d8jHmdIu{Ofh#<ot&dGhz|_e?tQi*HoC*ZB#>2NOS>
z_|e4m&i5<s?9ALQ?+eCRxp1|U{?Vgclksx**WWdH*stI?jx+zz`zyjR*32R5IZyE<
zSe^mSaldgn*Oh0c^vQU{)VCbJ<fotD=x5rDhvQh;yTl8`oYRs&eF%rY<o}Y@VLBe?
zS&45=T=H>GSJLMuejxGY&a)M_b{?v@9ek|yCmj8`gL~+c2KV%Jt~Rx?ZgkJ>ishKA
zeCS&^`u1S=+@&}MmWRHDtIaH*ap-Cb{d&AJ?I_1$>9nJai_+51aP-^7V$#k~<Ox5d
z*a6E=Kf~ca1pNngJ*w6DD#f!CpP#rr@nwlObDlzUK38#9XWsV=OT4G^D8&Qd<E+o&
z>d=1r*FS@n-q*R>-1_HO{Y{;xDV9Ewhkh>SCrzwq|Lqrft`P5|XKktdE?Ma}@rBw0
z?r<IMNxa6HW6Cyqk{0ItKKN*7(jJ%i#Kasg@Z;fpH~7rNZHX%{_tVlC*V^&cCveQ4
zLGB^%?cGEFz_G`cJwfH}C#^|O@}Ym=$fp@y9?oCJI!{ubWxmPJoP=YZwBnIYUEtWa
zFF{v6FDf!`@G$;x{4UMs(dGG);tkGcsH~e|`DqgzW!>xgU`4nZXyg7Mx|j8^d+HV8
z_#AT~x;#%Se#7}}m9-dFSwj`!C~K*Eexmpz=c)4l3YNb?5squ}|LLB$6o2o$R*}Cc
zmwECothCH`ILi9F>y3(VwWYPIm(q}Suwpr97W1B^{64?(87?mz`IPsS(nm;#<MW6i
zV#*yU9gh1{IbS0GCdFNxIak^pmcL1UIPx#|no1ud9gh6VdEgJVzND3TF6O-EQax+p
zkvf2KE&+ce+k<e6&EfxY{cY)E^~BSrc)l}fbr>%CO2ywNeL$c8&gVqf%lcE|b}fR?
zx%?NrDDg|q%M`h#0ME86cS+){^>?HloOs8?yCfc#c%Q@vBxXFwbChCPcj5_Rp6I;)
zp6bkcy2!a+d2~A8rC5$}^6w;_zezh+@or~y&JXBwb%*_a$R})$J?@?ria&Kvf9Gl|
z^OX6iw5<IyKV2{LQ)TU@{Q3VpD7Q|1KhVdQJpqorWsrNOD}Ks(55=7lmwBkN*el?e
zdwd6&{FztGSGZYmG%Wuh`Qh-F>m>3_kyiFtdDu7L@bDV>un(90R-Sr!;P6l$9<IS~
zu1s0%6>zlcY1i2k;ObO$h#o(3o%Ie^yK6$}QO;?V59=MS#+m**{3`2jitoVku*TtP
zFZ2A#b=Ei>|M&Dqt~00L>H@0+?{CTTV#Q5h<=G?;9C>cxI_nyaJhye7xd~S@EYD%+
z%5#L`UWxaCmH#;T;poFA_pq)<CmsXK-y%O8{uA9ZNpXUE#>)eThu5gX*@~_1nJ5n&
z9?HXWoZ>Y1Op*tVwqNUdt8}=!+}d~py3(>Q-Rzzz^1#tQcevgr9ghB)hpw~>6(33b
z7_9cPrs1fkKK3jAm5TakVFT+@Z1K0t4~PFp?s--5C+?Xh4;&s|qYiH<u5izEdEoF+
z9v+<v_IlU(FN&*S)pLgYaQJx*|9Zs_+|wZs93J*}JnZos`#$_}Z91F5%5$dtaIBpn
z?m1bp!FeCW-4YLjm3EfW!ci7J%4$;F-#xSCfnzM1-NVl~9OIr&dEm%rvg>oC!?Av6
zxZWilj`e$s>vN^Uv3?(Ly<0jQYw)Y+s^?n8$K5ke9ysRVv+j9OaY^FmV6}a|{BYD6
zA9?;l@n!cckOz*ozv22q>2S>34_#j*9gaGDOyfkJjMql6%3UlE9OZt(J^QIYw|CDH
zdEmHjYESoEsyNa;J@UX&hhyFIS;Z6G^P)U()c-7W)#o6U)#je1^1xA_*{&~>4##ge
z&p}t(AL^L?q<faj1IPP_XWYZ>J^Xj_wD(nc;5bL+zfvO~UE1x%e|Ldrg*<SyrN3Uo
zvyI}WuspBJ14mnSbbY0CIPNvl?NcQ!=Q-RaLfSXwfuoHRTwf&}j`QA0=qi``x4CDv
zJaE+Q3io_L@mlw+kq3^t-QoIL>2TETadhQR-JWpII(guzTaWAOrNi;t=_}Bc_6^0~
zIIq$n>}^<W<lF(S7Ta-cwR`w_(K`3^l?RTtY^>KxKPzqqE1&-Iz|oc+T^}GFj<y_(
zuKI9Z$J<EKa&7`gTTXMmCLOLu>mNO)peyb3itVt{axMc$-L7-b?TR<Khx2wg>UNLo
z_0r*}+c(g?Zcn>ss624g?RTy>NQdLz*Cy4k_OgA>b!6gW64#u^C~gIRTAk_~^Lz-p
z@;O>@7g!!m@xn3R%4Y}i93;KGcb2EWbG*;uHS#%5u?g0}sztHX&AHUgxztU(p>8Mq
zZ|Ww`hPuh~zpR@)8|o&{|FUlKP&Z8j{l8RJ794FHi~eK#UP-wo;5;emlM|nlc!2XM
zikrdXEq^%rd29EyDh_t$y2Z}0{Im<Mwy|^XVd$#ES&9e1^3X0g>RhhX$a9{w(e9xx
zaE#0Gt`Ag%LoaD{;y@i*^{k1nRHVFM@(sQy@wCLW5zm=K=QhP%oi9)<ZIK5q*LlRF
z#HC%IvA!zp@^yC<X{FOAaJ(<3u9U@lq7z_w=o2{J+fGE6XS(9`@K1Y}_n=QD=DmIB
zKX+zt|C93<wAR)p&q4Y-{N;MS=Xqn&?@Zj4xQws-bEWM=o^0fLz;VnPAtwKyDVDa&
zv!U(z8kao3l!x|`&xW=)^^@Y)xTG@&=!dvhwpC32wDCe%9_9la=VO<l%X5Pw^8gRy
z3CDhQv+IKt;kf2A2VH4--&x*oDlKyyj`{zvd%mgo7%We{bL9VR*M};?G0&ezSN?xd
zd<j<C2Iolon(NFpIF3i}xZbD;$8qO9bmjS>V!6hmJcm2SeB*uyJj{npVR;xUIQC(V
z8R#R)58dyz<`@uZcXm&cJaF{+p6)qRk<W<9XN){>w5z<&mEJ79ywByJuLswa$e(M2
zyhkPNIO%X)o8mn$o(mKwyN5j)j{HC8`grMZwVmxhSD-8HU5eMZhdBjD+FM*_kA$O7
zHqzg<ldPU_<k^n?GwoOMmg^PHi(KDT`YXxve&S6i%l)N4o%c=p@rlPLJ|*$#iKirH
z&XNBK(pa0diD{i~Z+*hp<6(>rO+3nZqSEpj9{Q6p3mywA&%TOq^dUZU)-oLPhdw3k
zXO(B!Tg8`3YeScxH4aBUWv`RYx`tzpu};b79>rT>d1}s)_953<*Kn-svQCwj&xgN`
zNBn2S=V0Z-8i!+zm$fMm*9Bj8PrY-L^&8jeZ#dTYZ_$-@f3^2*_cSQNk@f@ES>tfb
z^N-M#mUY=%PwK{cha>Hlt`C<ESD&;oE!XqC+#&8^oZ(2jyX&lRICSbtxvZyhZAyH!
zm?t{dlX%o#>0Le#Ec|o*AEQN;t~cw9JCE8glINGn^Q+|1oA^!4-mCWO<asT5ev>?}
zC(nN*k1h^u$mc(kM;8V*)a|#)|GVVZh1d<AH<RbB<k7{G4W4(BXI1k2A$i_So<Ew0
z`CU8Na)GOZZM?QX*To6u-d65mO~G-_OxtRwSXwyNLP`5xN-NKXw1-&!JCOE$yKk8}
z6wI1|nLpb(@2t2Re5#cN$Gv=G(EnujoR3XRz0sQ$Nnhj5oO66$v#0CS4UT&u4sxA2
z16NH}=O%RJ$@$R)c#VCx>o(_Z#W{)D3-F-t>U@VH^BcWO@vy|lIiIX}hV#{mWk3I{
z)gP{Sv!%yndXf(wp74E&H^TDME;!mtD{6mE_y3FOr!8IIFxID8S!Jvr=g8vc(w??n
zf7j$8e>mntg?_rFg=0RH{B?1QaoE;9q=lnyW6=Ma#?g6e^j6Cgt`4`cD4)T}vtfMY
zAy3Mv7FeD4^|Xv5Tz$>-a!gTL#<9$kGc5lyE^B+2y=OdWou?+AnRssEMTwUselzj<
z#N~X(^DoC)=OeV2Q7+f5%RL_A?~9kX{(|Dm&Uk*B_|?RW9r@6{ZJasompxW`kGPy~
ztL^j~T#-nRvd7BvV`(jVlFzpk&xYlvKjAojb-2#{0f&B@>jS03F(1l#yYhTR+WqdS
z$pc4P+DW<1inJeIp~$07%!7IdQ>S3+5lq>^lo8A^IG8>Pu1`EPaYN!^i5n9SPt36`
z@*J7CDe;)Z&56e)Zb>{o@x;WF61OIvlDIAL)Wq$HrzM`Act+xm#4{7mN<2GpXW}`D
zyAsb$+?{w{;`xaeBwm<!QR2mkmn7~<JVIR4#dZ3%?8B37A2<WunL6X4E@eM=ejw=$
z&a|l<Q<S!^a~xC3u}OM=>2Un^BjZc{?D-R%M=GA`%zn-oQJ(?M)fn3Yr@M!9$?M%S
z(78IoJd6ctYl?6++Vrv~d}!Bm%3gY=wS72#>4z)c<xJbl`vU2swFU>V9>rWkEAOXV
zKfrZ7BNMYH<EOuA8$4L?2xqQWH9PY;WVwDN&uP+5L|5JDPq;d&pZ@Jt`ip$<@Pz57
z$*}zNGaUVY9=dxjaAwcD43?k1g{x-kpKIK6w_*n@4}A+)*V}Pq7P|6ezx<l>_Z7bZ
z%TJ%fQHSrkK1dOcz3wNj(<gAX%JP51^?F4({O_Tw+_j2-apryS2e8T=st8v{TU$PI
z5BE0o))P;IG`Q-pvUYQQm~=SG;?>#|n;UR-l;wF6`rqt(E9IJ%_$F!7T>qZpRf#{J
z_zQ{4I#Sws(w<HFbBW7&pgcQB+r{-Iin}>KuegUZbNoQ(OB6@LXIcH>YMj--%s1u9
z8aft_xI^&-=Tj7?z)IWKxjNR;PIb>h#ZLDy-{2VQvR5e2hon8`9_APveY-FE*;cnw
z2WQHz{k?a&AK~=Gr9Q5ooAgp2Ps<!4PwEU;$6K9ubpK}+cZcPn&T#d<t*O1ymH%W#
z)+!$A3|DK+b11qz=P0sA;9*_B)xOLS|Gx|6p<bmw<zX$r|JL?%Qrn$N+y7x}xwPH6
zwB5O^W#<c&XU)@=wu?8k{nM%K@^5InJR92nVQRZP8`>_<hPMALwOyVzm08*@&xW=S
zPi>cndX=`z^Z#!<^{DAX-fI*;mzcR2`c^O>H0c3XjaG*;|E1GLxZ2nBJ;bEFOz~h?
z9@+>;pC5%TPpe{?Z{iu^-st*Znf0_Oe6E#S=BM)~+|!_VkTWhyubpRpxSC*nz8`w8
zKE0Y0i{H6i#}=3Ql{`Db=UYB-HPP~+Jn~`Q?d2ZY4p&rG5B7!H$NJd0zw=PV(uY$m
z&(ep!ca?Va>r?J8n}lC{wc<_A&nPZ&{*~ejiGPrIS>jg`f84o8k@-RX-&Y*uJVdeV
zY0_U7*Sk)i><nLEb%rZ4&|{dM<b$V-uXwh2l<U<0Nat3?+nkpxb~$sssPt#mr@X)3
z6Wy6P3R6xwHxRQQlySK*jmv|KvOQ`Sna*FecH>Rpi~pOeHXFx{&@V9^uFf-EsQ=TX
zPcQn6`3lqI(ud+Gp|(|@GS~D{uiDmq%HGC2fa?{>4JIv5m^o19t=Q&~^g(^f`CdI9
z=aGqzNIW+2@rkJuX`2;Gxnjn)tewwUjp1rL>#H)>@=zb1q-Fi>>dZc|hjWwSK8eYp
zHqG*ct9I+RThO=d)2mytGx1%C?@hcVe5vIFR~K78WvrFY_R<Es|9-_!In!@t?kO$(
z4aaY)40q41ishKAeCCKpqsz~D!m<C9^E!F1m)7E*0nYK>a3Z=qcPmbI590|(KIfs!
zbBW?qSY<JP;kXtt9o@^i2i~qv`8})d#PbqAmiWoUJ38N|xC?xl^&uR6$X-PL<X8Gc
z%$SZqm!E!vqm51I^2}E}${GIzSbq8qj(#qCl>A?lb`~D-OvTa<^3#WKobS;uc%D+c
z(i#73Sbq8wj{e*XeQ=*LhGkC>A0mx9)rRyb{~t&>-*YbYaV}%zd`|K+7Lm5p$32zn
zpHbZ0`4pmat74gx^3zuKO7fw7WloBz<4&%_%+cEAHZE|?fqh)3|KaHWay(K#?b43K
zBfeCz=+iA9)@RMRv~l}B<@iwA=v><9T-xY-Icc3|B)&dzS!?pp#xlpmw6U~BOx?<!
zAf|4mEn>#=06odSS@AGf^`wn(HO<!b5$N)CD2{bz+)jk$@9!M`lihQJB9B_V?WObv
z%=nafvO_v{i$_W?$6s-ycxU|1rJg(XDes%FMR#T{2H%|cw#0K1m%dV3`mgkrc$Szo
zNIqXw+|8LWq)s(%%yF(Rw>}w-F8>{hrGLcqP1$qAjOSVIfy<am?-Fl{ex>CJSJN#|
z&MRu4>Qm+;dng{p0*>`njzL5Fl<S?Pf5Z>!^?UF;Z|lrHQ}U5MNIcB-7Ddj1@WbV}
z?_9?BDyth@F^TlRhyQFv)?08ZEI;*xE7hL|K0M5^^Ak^l<!8>omG)I0`0#fsmhpAI
z8D0JXig0zD{?P*;{-+i1bf#|?CjA@EyDFAFXQw{pyKHUf;%gKyO#HdT(-RMLW*oPK
zXITHhv2T~-vhuuGTG?mhp-<r0E6RAubD6ZV&&xwUz||Et2lf+Fw^J0$7|BE1;cBpX
zPH+!v@HFQcimkBx)EADui@a((_bI=7T-Jhkv9x<!pQrdh;?i&KS>gIR#WxcFKJlu=
z?<f9i;xccQC;c?Y_16`LI1g1UYhRw<ic4QzZT$?#xk{PC^00@MJ`}$#=I@&P^f?@T
zeh|7ms}&E2<)P2v_>S<==<;+aj&uIAV(Dl3>3=x-bFzC_U+u6w^f?@#B{9b2`H<r0
zotdk*!t&RgW85EeoxXuXUx==J80Y6;r5)^CUAvLUe=}2_Wn!NAKTuo_%U|yt_3wv%
zjrA>DU1jsC?6JDBx2p5^bYiaaT#8@Zp*Y(a{f@+sIImaiai%UGIpZ()Y<QmB3rL>m
zWgiwd$h(vK>!kBHo;?+JckU;h_Y&xg?QrM26i33`Ea@C;a}2utjNt@W9_9)BZ|6nw
zbV@tZJ<Joh+Cu;6aju@^bA{rKu<{w;9Q#;VQ_=@YhvRtBEha5v`vfcxa{!L~7op4Z
zeZ^N{d6*Ay93$RAm*+i2o-lpRc;jboz;V2|2z}Q+We!e*JFI{1cl}|-1<tJd-@)?G
zKjr=zrR92H`OICsgSgzMAwICT+Ni(r(^oIT()X7BC+80px76REZ=1Lw@lnqDIf7m{
zz@F!?T-Qh5y|(CMI(>dGtg@a_>`we};>QzzJ@J9GQE3lTEOSPDzg{oLHSwv^C%R{z
zbpFPFh9c__M(1z%9K|Wlk4nE1R{fa+a9p47K$rh6#am!`YR=Wwwg&HX&n1fZ@IR>d
zsPkIIpF4kDvCIeM!#shbtTH#07XOEOlF#NEi?RmgXP&^ZPjU|~9>$kz@$eYMy<qw4
z<%g@^+x$5SU7lkV$2$K-@nq-g6t8hUNpX(zRvO0#VC6YfdBRcWuexWc;uG#+4}hbd
zi`?@`<-=!w<TFejINr0o<{rNL@_Y9*$^*x`_?PR$rNhzx8z~L#`ncjI&a{a+jn14O
z={#ETFlXH+(QBOZC5jh0k5#-GRy{|kEI8WR=^p0xT=y^^;b_Y|_q?X~q<fm=fuk)y
zaD9w)INI`4bk$k6sr1tAEQP5f<)Kq&-MUfuW16@67@*X%S^2<G&wnOQfB8r|R8f~g
zihrE^aQHu&Ji9oLQXCGeA6n#xtK~MA4oaRe&KD@QJ72AMN#e_4<uhLSz;RsbaL;VT
z>l5Dy%g>sI!;g=)JfV22^CHDNVEHG>4~Kt${aw?SUC8Ie#G5%^tys=;<hf3~t?M@^
ze$tt_%3LHL_Mx&Di8t&;;x9;NETgQWoOy3@obv=l>VfC8iWfNFuE^ej{v}1`Ty6J0
z<=P2l1edx=XTEKZew~d4TwQB>(Jskf>MT!RX>iQFa^9;i`g~GrWGsI1RK>}O&q+Mn
zd7<J~N`rqp#T{IKS+SHWeGl<&N#EC*J~$M<-s%ijKQk_UrL<>BqmS@VXSjOBJg1|}
zbDrXb&h*=~#Fr(W0V^Mlad7NKGu<;wk-jER+I0^s{{ZJ$%MZDSV=g}YwD&n!{(;Wb
zt^z%H4bMu&pC(=b%U@H3D~%(Mm3rd;K=G}_@5AyBQiLmA&*6a&KmGrY#2-0xuGLph
zJRJYa`GE2ntk>b{c!3_n+{5R$<#-|g4$_CaeyC!(?@l^A0$usk%LB*yD(7{dw|+iC
zuhqo#A!7;CKV@9RwEdUpdszSc#(CMMehwoK?JaE)Q|I!zr2OktW+QcwUN61e`zL*t
zw8^dymHxOh$Ds1vXL;r*|G%S)DXWgXQTYs$hhqcWC_ck^xcC~_{f{O7R`TmB0VVAS
z`G4y?QhWq^k@9R3Kjl0|+yg7mA1c1&Onp`)?x%?#<!%KlANKY`oyUng+%tI-eFr)5
zJoikJXMuBzxO_iL`HUAo<@!YNs+4w(>#fpv){>*#DdHwrb>=5l_$URYT(%zg(tcV;
zu>5WE&v$*i^nWIQAN`GIsyy2};~x$yAN+^8-Y)$e*C}iBjm!fd2`isz^6)Wy)aP#J
zW97NuJ=5iRGkN~z`V8rH{VgB*r>`^pvyn6X!%xFU{)fBXDt&s=A5P4F-HpFXTk*Hu
z-zNWZ*STc0qn?rHF0l6rx3xtd^3fL_{AamNpR946e)zba_&cNzbe<{R(s`D66s&yk
zx41rA`suF!P;+mJGxM;+J)QE*ai&ima?h_7pLKnX^mWc%;=OfYm$Jxb9IU#{mEP*y
zExy=2uP8q0`aJ2I3^4zE@laU#OjSHC@oDa9l;=X%DeDT?7fAo2v#?jEd%6_A<a%G}
z{7u~!ieGRK`Ml!#FzJ7CUL>CIajQ><JSW3SyIA_guJ0`UYS$U-PS<PFmpPO6XYN@d
z&s)jAF8S-^BY(#F0%zKLHSB$Red3!E&rW=M;=2;xo47mi!-*eHyfE?8iNBq=C-F;(
z8&q%Vyr<&s&Nt}wa=k)r?2!gn9h%g79HJ-w!xfvHZ<c>7EdPs&aQIu?GeNPO*D397
z^0RL7FI9xAX<GDpwCYLzzg9dSmS>rB<au%OT;rbQig5LLtLIIwzp4nw{T_F@zCsa>
zJXr%#E_I^Z*A?OF5~~|!;NjR<-Y1GV-o1k^|4KzT@_Y|np1&%tamN3F^B!W(14#R(
zG&t(Nnd_^h!%_bsuCJC3M_J{4rOM(sybB&Nzn4(X4U|9S!{IOYeaSOg+F|aeZs)`D
zuazH;`jmS|rLU7-?j4<J{rp8wd$;0U&b)6e?<M75FFzdlyo5)3FGaZWe17UW=R|O{
z_YK#%rUgg+-$Ymasq?$A^5lIsTybF0gZIpMK2q%G$9=x*3P(Nz(B;`eaWm(;H9u>x
z@~n}ExVpjGJJ|I>(&4D*?yhq^2af#9dt2pyfVAOw#P=)zL)~95KOFus?%};{xo#u>
zJo(G}U)6_khO7ImjVIxk-XI;W&NuyR*ExTLBmb%B%JX`~i=3w^UhMp+%DN0zo}9<Q
zaSllu(mtVhqkA|Hg`*$taD9YyILhrp_q6vqcPri(y2^bBR=LbgILf6w(k@nf$~{f;
zz~T9>>tm$DQSSHAmG(!9OPv>~te?Xwt66?H{J(Y&@8e&0eo^Or@4)hplOGPhzCKa%
z*KO*(bX$L6{QrXG=e}&Xde_E<YXQ_pANlp#5|(GYJaBlnNgjQ~yCKi=eqa8H^25>R
z<u@OsPm*4K^TGG(k)C$6;$bPDv9SED^25=VmgG6zJyYa?qi$!pXNKbE+|wox9G)xO
zLqE)P&s2HfsPmn!w@Zhk4tJxge@M%9L+UwA9=N*K`f$GM)1|{P=bv$XhIBac{0_SE
zd|i=qdiW=bKXQIn^I<uxvO1I&j(J5I{F~^cWTks%$^%DR-gkYLbU4c8cP=9BhtBI2
z|K|Lh%KZpdxwDlPj&doFv^B*|VR<^`fy1+%>vN>TQSJ`tO1q2VQ0Es_)*jCLDmFUL
zRhRDX%<obh=*+q3;jqf>QvPt{f3$m!R~+Yz|0G!cx$?vDeO`Xsg8JaO$UWWi!10@P
z{6+?znTl7sXP!K8e0TLG*XK)zE8d9c@kMl{ovV1Kdltw8N7`?>zEC<G$D@~BUnCul
zG5w|Mi>1TS_Sex>*87UTbI%fa;3(@KuJ=fX<9f~jfB*HObU1#ydkcU6b)@1D_binM
zj`|$u`ZDQo{Ju9|E2YnuONZn7Nh`YQ$?aZeyXRGT;Hal=F)3+RNQdM9a=j5<X}_j;
zOX7!MmG!#(aP%QQ{0C?_o^j7gdEknF^!QHlaH)uV-joN9HooEdD(P_a`J3p<zfSqT
z>%3O+eOURdmLHCF@uBN$q{GqPO_d)1TIq0%%bu>UlMY9_j&pszbU5^LT<3;NIL=|N
zLRUSnQ@qBRzMSd&Ma7$7)uFG_!cpf=_xx0Gu6z2+14kb|lswP4hw~RW`tW<M50nl^
zAN~+sbtC^}&aB5*VAY3n9609HZ`|{q;&0tENFF%)lUt3+bDiQx?%|vWj(ONm`wN~=
zC|0n_s+R|je719asB}2KYqpE)4btJ5pZtaqd5%y#-aW(Qfn$s&y51-qj{Z5@b<V}$
z=%1<R%JW9Wi=3}e{2Z)0kB}dZ@!}`I&__y#qb;N-pH9V_-P0rw9BJ=#opU`n(tgGD
zX6bO$?NM~)`J^IWnS&X-XJFNV^Fg>8rH*H<CC@AFX^{tx@A9v34_{$;!#(5Wf#ZAY
ze{_AKbU1#Od$ayl?j-4O^!fI#w@Qbj&v$oyigY;IwKuxjGD`6P_q53aM;(rHo%2>W
z*6c~Hw@ZhkZfCmAIV~LXa4NdWnxS}!d#1|+M_D(yK0`WO-RSRe(3SR4#XH>7ArBmB
z?{yF3((Rs^^1w0fUw04xh2qQZnI#V#efS&KXG@1;?f({Cb@;5R#D5vZxOd6}M?d%0
zYv^;N!_m+DBsyt#Qsk$2@pQ=pNBy^U5B29(7(8?3fusKWxZW)tj<Gnw^?B0aXv-z8
z&zBB|ezWTfq{Fd)-jA+&&QpBQnLguh^tFl$VAXA*(!$X{PbJSw?pY)c9R2f(>x-qs
z(LXEDJ^we{vqT;^`sW?@&_D0Gr$-(*`sYLU)XDP?_q-?%9G>m;8uec)9gaTvl<Ui+
z!%^qGTwg97jyms$t~!rVJlH+2$^%E8k8*v5bU5@0uD>oFjyxx!E6;Nkr#fGvc#-pP
zT?@Q4@l}a$gw?K<$`g(}XS?SP#oL_sQa<;<^1mrR9CPUf*H=l0qkopWzFImQbLMq)
z)p?cTTh3oq{1>eJ*T@e?KAWm+^tICA$Y*QU*GY$?|95tMy>vL*H4I(l(kBNvAEJ1W
z^ToP0*_8Om#3#V2Loc20!;$Ai_nfA9sx#MD&xYmiD?c24HQjYSH-@9m9q6jtT*X`5
zGe90V%DUY>UsjysOj%FEDr=zpaP-^vT(3!oqu*AbtE@{E-*As^n=c&o`J?NDrNdE&
zKcg!x<$mCvdU@cuzQKo7)Mu!4INs}R=6Zv4IP&}iy7Jsjaga0l4}q1BJ|-(1>k%LR
z6BPGyPoq3=)c;`D`CJ{2vPPkM+A+?Q)eNhw5%R-P7G>a{q&UGnBjtg^bEfM}(%~rU
zTy&*nUQKg;N%0z3WsQ*^4*yK|^eEo!%=PsLVfmZohhuynbA6n2INJV<>n+mZ$p1U&
zst<Ko>YnlPz;XTUSFTT#4oBMmKv&w|E3S0r+WXtE>NZJ!IIg*^bG=nM9ChyJ*XO55
zhojD0y51%oj&ip_SGn6O4tA#8ot$@9Y)CqPQ=h5I2aa=zeUoRjd)noJtBZA_q(`%R
z_$=ZWXUb}UmFG11;TZSJ+;f-W&F+~l4;<~i*Yz3F;p#daSoC-hUF}-0_?UY-<bk74
zo^gGqbU6CtJLpQw=N>)I)bk}+^_(R?9QFK*>$9c9QMXN%27jk?IP@W|&yfztzOgI1
z%H2zGm@|FA-{=P_?h7l=E~SN|4!nlve8ti3nJW(*ebSsfC%UIw9yt1Bvg`At!_g;g
z=*pjdxWqm4<$=R9-93CJRX$ta)4oHuzs95Hd~o8eoQEq8cIN(+o#B}}7C1-#!_bw_
zp^7|fH<;&Wc&|Raj#E6>`E!aFCNBBQGgaEB(3Mt~AqrQ2u=%;G`^PCB?jD_L6^`Re
zi|bl)<-Vfmx6@o7s0c@$r=Y7`KA$O{6Y=I(k8;n9m^$2|XU%yDtj+d&iaR<tDDLFk
zqqsXPKXrpEDx*jFd`dch=Fg{&)Zh528ys~z!S$LV9C~Ss{DY+Bww&jF`VtQR<*wH&
z!l8fO^`VMz=$)?9E;#hLt`Ad$L!a+@qaqyoBG;KeaOnG>?``+%Ugi8P#rqOJl=zXv
zPbMz;D<9I<yWXu>`d>QpdJOtaHl}cOi|s$-(B=86BDbyJVXWcUGfzU7XMy6`usn<@
z9RFv~RCIZ+QM}0cDMjWt{sGRh56pC(v4*2hW}_>gF2y@wrL8$fT3*AmSn(8iAG_E6
z`ov#JyfSgQr)!q=L%FBR|DW_--1DX)bFwB6{Q$@RDO2XBblP6#=d+d%>zO)mzZvtB
zw6qtF-`6_Rb=nKZ|21<yy3*dDSoQ(&bnzwV%7?bY(e^7{AEXFJ{-npxoQGrVzKE_o
zA6C50`EJEKVfpKwBma9{AF2pP{tH}hP=sTjc?w<me@F2dSa}X}jy!+jI_m<ic;l$Y
z3O(@;caE~kKD@8pgID@ZJXF{5I`E5cQoP0aCB<(#Gj_j8{4u4$Pg?HX5B@}A?(qu!
z2<H~Xv5Cu^;m3#dD09ZY*IDL_@;_VpZhF?_Va~wO|NEfJ!|`IIGxa$NmY=x<$M+h_
z8kGMt(oVqR_2+N6ztWaDue8iDIQqHFC3)Dx%Ulu<lz$p&<!A1}QMVcB^2}7c!<jz3
z2bQ0?2mjlBdh)aGm`|krt>S!Ge&!?`^?A;9<|G_*hA|^8Wi5x5w%$4Vq09|=Zk7Hv
z9`T<Q{|L)J)H%xHH9Yj~TIWIH51hGw`|q&QGKb+vOB&KPEAkmU9_BC{eZ@U|c$gc*
zo%yVs-#5X}+=e4heE9EIJjFf3<$>cG>2%jeNQbMv`-wEq(LL>~#GQ$|V3o_9f@A-r
zJkrire8@db^1x9yUc>X0BA>O8&lq{&@a(I<YkJc}-8i<wti?|_pP@JezS-6VTq#c;
zj1B&AihDV;rpXJvNwKU2=OfXTPhUm28e;pyajvsQ;P`!p@#soBNpWIg#;mrVeFthY
zm=8eofU7TBo~8csFkYqpV(MG!EI)OCV=p>UT+;`$lvC1*Cx}bh+5eli%QH%zJv{Ax
zihCzM7*<-!g5&#Zhr3RD;b`yC=*sicipM7YI{Zbe!+Xx;S^h64>Ev?_<11#bc-9%u
zoA3dB$~_nBoHy;Q>;H-S=x;pe{S%kHPC9*9+9>98mL~m;pD`?L5py4C8DBB;p|r*I
zGQO(YK<Q<CpSQM@F_q5#1IM{*+25oOk_J~?eAeR{J!vER3><5=>}e|NYtrVrr`|d4
zdFD0h{IX&>ekmWuAC5J}Yk2;k_$n+<gL8Oz4G+hhzqp6_2#05D?_2hOdRY0;hj4hx
z?>i}<@zS`z2M_xO9G<eD$aAH%Def5|4;&s|qdwf%^Lh8M=HT#@dw%5krnGMNG|2;p
zhu6sGXNu3cXN){>cz6xZDn&legZpXR-*+A$UIVKw%}NW$KC`X<uIXY6>#WQfXMCZT
zdE)xUt}~}Lb!IJY?#vuxY)DJrmbrSX%_}&{rN8j7rg+p2>{Hg`M(}Oshhr{%99>_?
zU@e#Y54PiGncL1+;&Hw<G4m4rYQ-I#nHzgLk5w%DtvsW}j8m=C>Hx>_qV$7w)-POb
zPYwNhSkn7D$MO11{Y|;oE4IV(3~-J-OMmJ@7VEgQQA~Zy{wZdyZJ}rFcB>B@eYhjK
zr`^Rp)C~?#sq-QBJ<U><_%gk|DSk0~DrLZo*C(BKR;-8buyWyQg>mVB_m}aNhjPpK
zewk9dKjoP!<{X~<Pg5*=ulNM<VM(Xo@h}$5Z_1@V;b;qK@SLJpjzRL!pKy3u#ds)p
zGAz$P=juyVH(tX-Ka_Eir{)~_Ov7`hwRfg7Z7lQrQ2Q<nX=-BnYMaFMu+mb0xcY8C
z{p;5&<mX&;cRfi9m$@fDZGo#E^Ot!jPph<1dg5ojl>Tu(5?yI&BV65OZKO}osUsZv
zx#&uJg<|Ok=ZllhYk0n(I3w|Oi5bh9Zj8D_@tnjZPuI&Fo@0Gj&H?=W+ScyJ%id9w
zhrWelT^xa~d>9|*1RnYmjy<8w2YJqr#yJ5V`VfxxmU+(2`+C6DkF0OY*h!~cxVqQ+
zt?Y-ofV{J`Qm(!rMjc8Uol6^?S*tbid5YzI%3W4gd7rXqBdLB(MmlBfq-T`HnkOy!
z?+?pE8{uf<q3H4)t60{EJhTyxHXiSulNC>g<zYU+an4UoYNPEpE=XVdvegrgd`h3l
zvx&4a&%4aC1O74gn-Y`(&r`h0xkK@3=Wi2vD(!~8eZcy*^p(;+tJimN5AB8H{<KDP
z&%gAE@}Z9Zqfgv32ERPC7mj`#hc3?~#j*#wpW_^U>IlbrFMG9g_Ch%N?IJOL>JG>J
zycAt|UZZ#;EKj|2{C_U@x;|79j_<QSh_1BEg@<9KZE%jXPq;oz5sopMhORH)d_(a|
ziSJ4LK;n6cA5C2H_k8MI?^0ym*Y37)hbwN}&|^<MDfd3bk+3{{o#Pr5{g3A%#iQKA
z_`)$RWv<Heh_ut(!}!9H&lGfdrYoM~yg+d(ta2G^IL3}KKxa(hI4>&WqI^1~-RvI5
z7ml>NMp<81<WW1)=6^X39%bMC-x1xJF{|BU{j;ev{Qy^d*se#J|MJ(1%YGszT_0Y%
z*U}1m)sEKn1Vx@O?J9ZB{qOv%hb>RN)T?%%>6^jF*|EFm$6G!{*N08iz3`{){GoVG
zFi+tVjknPsweh;wQL(hqnNrYqQlw5W^M6bDeyamqUDQwi`Zam!^aH-?YSVeG_8B|I
zRnFwe7@$+ny_|<Dmh+zpx}RKJ>L8~4jqp5R<-*mimVep*PtyH7(oVwTJSlOhv-HnM
zD{btyeBk)M*c$Omr~YvKUu<RnQCiM74s{P>1y|p+acOp)ISj}DgLWLc(zYrd3{SM*
zSSWQC*XsOQuJ{7Iex-Y^Q@qug^<DM~Ps<#wJ!tiR&OKWxpC7wU{ohW!&OIL~mhVa^
zAN=K7oby2aP2JGz-M_Qqr<^yIUd~nI*<0G4uJb)h#*DO0iibPTQ#{)FYQ=HR^#AeB
zw=42DY0p)h=zN;usm}Dz0_XLL<@lnu)BkX+@mKLkr~l#5-*=t)1Bc#A`BLul(#qUB
zxlj3jLXN~QUZ`05-}SPWil31F9rwJV_(I|zBwm)d-g!fRDxV%{4X*E_IKuh+iibGA
ztauE}jiS!6f1Zf0e3mOthUH=0;cBtX$!V_BS8&A*dV0*zleF~zHO{jXuZNWneF(?i
z_+@nYA5vW8%-Hg%onm_kWy7Q`>-1F3B{6^3#5KiD;jdU*;K&~z9?myL!;|b9#Zig3
za6Uq@oHx$1eBkJl?cFn0aW_~V>IKJf{2cVp+Iz97i7!cfdE(Mn?xzj4uUffq++R`3
zl}=f3oWl&que9eWmbEW#7ne55&$z(xn>^GT|D}p$jd;1^UB6zj>}k^3Cr(FKKJ+mh
z`J9C=Plw{Z@M(QYer0Zp`)KZ$F%{3%>&$69-%wl%KWuIMMdClWhqUh}{%hj0&v^dq
zHROqZN9P8`ot#%I@;9D670cct{<FBz^>K;^!Kx2^3s*~QZa1OJPoLp~_g6dtmY=?b
zV{V*+F3$&wZLmD_8yx%pWv&lYgk%3Nb3kdoF75Mp#P=xP1}h)t0$erp)4zU=OCI|3
zVLkB-a;|nY&o^BktO&>P;@jv-`;uZ0thDvcv0iu$&w9ll!SW1sj`sfCJ$35;*W5#Y
z!*TA)8mv8HV-3gtAk_auVe6WD!}R}l&Wz`_@EP`9x$<6MzU9MQuZi(r>C9N%>`b5E
z<4iw4=1d=!wks`VzU(^v^A@bK4pm#;b>?{Wr^IU$|2^@)68BXa@*(XeiT8JIQam{E
z-k$aV#o^8kdi_x6F^Z#{50pL@R{iT0;n;J^I+e~Cm37)<eRY=prar3_FM{P^jNtgK
z67~W-?<rmj%QMV5JU6)KFN(}VJggx&JYParKCICPV0ma09G<VD%kxjgg|Iv$oWt|9
zdwQ$AJ?<H)2#2T4Pvz5Jp5^XoQiQ|vOLTcSe|Qa6S@b7dJ#TCLckW@l_SO^sC#CVI
zooUCE-p<S`9<{Uj^ddFKh1#Rm&(yDWcAxV8V|3zeo$D2Mc5YJK4OUv_FkF3)8SML#
z@;O4hzn*w_1&*;U`Z@NwLn+sJbNu216}NI8qFC0~V^&YNdcn#n^^r~;;EJ1Y_1H^K
z@;R*hCDsjETZqX4Chy9b_U#HkZuyisEap+x^11ezODRjt>!<2jTVS54@OgH9Y_9W>
z>hOo0A5nZ1mY;eqb*2S_7%!!rpvY%_c+k&roqVPy?o51_^Sz4Qu+lQVPrCkl#c~Z?
z`atRYh8Ja#=XQDq4@<mHV!lTjo{@=1CEii_;%QLa$+=Olm$@OmU0Nf$>QHm8erRLF
znn7ng;rQHy`HenU5stlj9J=z{Px+tdo_a+%_Ug&54^@QY-mvNDO3QiNRnC{FKlmHH
zTk%F%<<b^7&Vgs6%kx#m+nvu-+BvZN!xZ5-?mXc-?S><tMd-@sTZ+#(4^dlsoVQS(
zAHm9VxFQ^B%bu*X?8h7FNj{|Ia~Ayc9~}N>_Z+8qj5B`b8ELtX;AH2s6#2jI(Bacz
z<;l8)qh0hDo;ix;^BQ@Y<bk8y4)^dK?HimAQn|BW`58|*^1RPIe^*@Oo@ROAYD<A0
z-*V4S6u;*l<^mk${?I+N@t5vtkp~VB-zAHFd)t}Ml>gw&Z^OKo_)oCvJYM<0QRiMN
z1AU@&IPx!_Ir_NpyJM8KjpF8s%Wvo@?Ib0IBTwp$|1iZJoyRB+h2?LR9}d6%)NkY4
zxkq8$INDE8*2o1mpU=nhHQS@g{CB;~dFg%i`Ym`|?@WAG;(HU9YYy_?Dy>`(5i|E$
ztK_qzV!bnaIO~u)u&2SXmRU3S?^fIwmS=!-tmT8<!#FZ;@C<a0<48G=RX+DiKO2vD
zhGIJ`f6Y1efpT6deUNlG^d@obLc7j?tTTC+ectuS$#ZVvixZc<MSk`V>O`JgKlqCC
z_Y@a7vk&w*<N2ZUFBCaPAuZ<yJYenvVvJ$NaC>L^bx-Hh6wCRTJZFi^aaKH4%y^KN
z{yf@wn&Nn8`j~p-*+ylRxgnk-t-KEsKPcvjXR%^=k1u{${JQJEReZyFnIdh#|6gME
z*4jn(TZ^ThV(N9M>qjV_lsv4H@R$Dgv}GQOPtoff*YUI}GOjRf9|AvN^B=CBGp4`r
zj8ZIpA|5U-@1w=c&ExSXZC~f=yOvge>i;#c_u#w+Z%X8OvHhMiPMErs*PgVraQy!i
z!d`WrCHVxiPJ&qv!OZ($$_l28VAf!8ePY@hI{hC^JA)e&(-)zSNIWueQ{pj+n-h;q
z%$$on$0wecn6VB|YvL)1+Y(Pr+@5$^;^~Qn8}k2ueNJ!Kb&~&^eLh2FME)I#XC|JN
zcy{8>#B&mNC7zqOJMp~4^Aj&fyfE>i#ETOzN!*k8#l%Y!FH5{U@ruN+CtjKO&BUt`
zuTH!s@!G`e60c9(OM7qhKj)Ca?8(6c67wE1bgn4}^FAebaN_#JLlZY79+tQ<@$keW
z5|2#Wlz2?y=EUO?w<I2)cw*v7iCYs-N!*s0_g~TW_QcZ?Pft7}aYy2riDxCAowzgc
zoWxy;=O*q>JTLM5#0wHHOuQ)Z;>1f5_auHX@zTW05-(5uYT^}%Ur)R;@tcWPC0?C)
zP2#nQ*Ck$`nDg@(yS|AzR}Y>0y@CfOt|cCncyQwS#GIc;J`IU^e;qpSjf00L9+8;$
z+Tm$RJSK5-;&F*v5|2+jG4Z6tt%;{3Zc98haeLxviKi!?k+>uA%*3-2&raN#cuwN3
z#B&pOC!Uvhe&Pj*7baemcyZz-iF*>in0RU8Wr>$3el_um#IGk_nfT4bs}iqHye9G5
z#Oo5TPt1qtF_-!#?w@!-;(>{4i3cSfoVY&m(8LXihb3-IJUsD;#JWXqL!Fxvk4fB|
zcwFL^#QGS1Lq7Tla|7#Rvkk0E_8WLgVqGHKpzE#m2G;5R2A-C9dg2+0I}*=KJS*|+
z#GQ%fB<@N)H*t63d5PyIUXXZU;zfxUCti}cC-IAkmnL48czNPi6R$}8dg7Id-%PAi
zm<|2hH*x>O0}>BRTuVGC@!-V5|Eu}er~HQ|Zb&>Vabx1)iAN+JnYbzOn8eMA$0cq_
zJU;Qn#FG-|zRmrX>zwP8%gXsoO?l2pJUj8+#0wHHNxUra>xow<UY~eCItLh>cv#|*
ziN__Llz3|58Hr~no|||<;w6cfC4N2e>cs044@i6X;Kaick4!u+@ub946VFIIJMrAa
z3lc9$ye#qSiB~7i>vTXGi@YBHPdtND+Prp#B|Wc^kx9>ML2|D;HatDbzVUVAvR6E1
zT=s`=7}v{J$EK)9S*PDLE^G5?<FX!~F>aEtj*U}~vhJQWE^F;u#$|nd+qhM}IyP55
z+TiaPx5LjFPlvy2+yS!z>oE&{-nbKf!MF?lo^dzKCauSO`1{5S;g^gT!#^<Yf!WCQ
zSPK8pcscyC@d}t9FVthDo^@>YdaQzfY`g~kiSau4r^daQ&m0i+=nwzQcp&_W@gVr;
z#`Q1<4Lus*Ul=#Szcd~J|H`-t=D?yyGyH4g7Wg&eiSTcXTVW19dbGj+VcZVCVLToF
zPvZ`l1C$=K;NKc|!oM@_f`4z^4Ra9FV?O+r@k01*<Hhhh#y#*V<E8K)jF-dj8n1x=
zXuJ|$ZM+J8&v*^|zVSNvPsY7in`?~w!+$m&2>-=+5d2r;dU&mI1N>jcjqnG?Bj68>
zo8WcE&G6rhTj0MNPlW$r+zPKZZiD}6+zx+aJRSa*aR*$kz^eb@I(83zw;k?n+y(bB
z?uPps&xb!|yb$I`^z~Q_Z)Ds9_cvY&Z*06A=0`F0SOHhYE8zjgtKg3tuYvioOg+}Y
zn;G{~GwKE!_lGw(9tdw?JP6*>xE|(5IQ3|NKVjSm^TYpojDWW`Zh{9HH^bW)x4_#P
zPlWlwPCZ)T!NzUyCym?TA;#0;?TtI&dgEE}4#u7Ej>cW^r;NMdp~my!os1X4I~y;C
zcQNjP8;qC2yBaTtcQalA?{2&j9%j4>=0`^LSOf2Aybj*Wn5k38kB{oXFxTyE%#hUW
zV@&te@gt>r(A2u&##F0rKV!0}<A+Q27y%z(+yo=&(G2s0rh2r%2N_R<4>oRv`QcMN
z+TcTs+hP7Q2R)|4hZ%Rk6r#s0c$9G`JlePmKHRt)9%DQoKEik*e5CPW_$cEZn2PJM
z6z0cP^;iy%HC_Q9W4sdPM_Bb(1s`j?20qSs9elhoH(S)T825)iZ9EV@!FUjSqH#Su
z-naq&jBz78!FUAB55DTr1Wz<>hEFzbflo1>2%l=)3Qsa_gZZ&oJ=)>ZjHkn=8+X91
z#<Sovj631U#$E84#@+A~<N5Ge#tY%IjTgh`827+!#!KOIjhDmc8LxoPH(m)(HC_c@
zV7vyt(0CopkKOXnhlO?R#{J=ojR(S)7!QI!XIu|YGv*e(I({fu5B{6^y3345z?U00
z!PAYK;VX<=;46(M!dDr$!ZVE9;H!<>;cJYi!`B*jz#Yc3;OmS#;p>gN;LjU(!!wQN
z!#5Z&gl{xn4Buqj1J5#E3V*?PIefG63iuY|mGEriRqz*$*TA<LuY+$h<_6!oPUHUY
z?ZyM)JB$axcN*8jbBr6{FB$V2q;+>0kAS~y+yr+SH^X-ux4`!p^LwOq_ZqjtbB){J
z`;6P+`;Di=4;XjA-Nv)v2aP-7hm5=6uNZg3^Ni=iUo~C`KWw}he#E#3o^QMqe$;q5
z{Fw0y_;KTv@B-si@Yjsjz)u*jgP%0!q`z*Vaew&h#slG}j0eHrFs_Fe88^V+G;V~S
zHXZ>#W84HUHg1NWHEw~wWjqo7ws9-G#JCOqj&VEuoH758Ox<^lJK!GUS@845o$w3B
zUGVpeyWtm&=fmGOUI@Qrycqt0aSy!Icq#lt<K^(n#w*|-8Lxzw8LxtWY`g~kiSau4
zr^ei1Shw7m-vzDvnejmQ72`qh&yDNhSB)FsUl=#Szcd~J|H`-tUSZq}|Jt|(e$99y
z{2Sv|_;uqp_&<!>;Wvz@!~bdA0k1Tk1^?E#6aJlX7yNtUZum{(`S4rD3*ono7sKxu
z_rR-+m%@KAUJk!&yaN8C@k)5L@hbQ|<2CU6#_Qle8S_Pfx;4iA;XfPme*@M1#dr|>
zSL1qkt#JeVU&f8_2gW1d4~?7Pb;ix`-;7(}zZ*}4|6$w;uQzUk|7qL~e`Guz{+DqF
z+)D>EJ!ZjvA-faqZF(2n$G98rYdjzRnDIimpYdXNBjX;pzwuIdW8>xUCdMn^%6KI_
zz<3q>apN`crpD{w&5XIhv~Hkre|U4_f$$c_gWxTV>*1Pl1N;f&MtCdZ5%AW=P4FP&
zW_TOp7I<6ZiSTyDt?*#uHu#gq?eGxe>G1Z(9dNzzEO-awPIyP-F8EW%-SAN3`S4E0
z3*nuO7sI<4_rMLtOW|FOm&3amuYh+qUI`B~UIp)AyawLWcpbc#F*lUeH5&Ja_ck5~
z?_<pGcGm4{Tn`U7Zh-eQZiM$Y9swU<+ysv>ZiWvuZh;Rno(Lao+zO90Zi5doZif#w
zo(>;o+yOTk&w@u8cfzBMyWqo(yWug$^Wh_m7s5vxFNTjY?tz<)m%>LIFNen(uYiv+
zUI~vgUIia(yaqnbcpZGaaWCDZRo7zNAO5uQK==gXLGX#j_3(IOejBsyGscbZ1mh9#
zNybg^L}Pvfv+iVLe(SRC6yu5Tsm87FB;z*tv&QZ4X~xsx(~UdeR^wUl8OELPWaBRQ
zOyh2Nit&8-EaQdn*~W|EbBuf7Hshu6xyH-k^Nd%(=Nqqtry8$<FECyMUue7zzQ~xH
z&+6KZ`@<I-4}>o<9t3~RxE`Kn+yGx{+z4N0JOaMlxCx$a%x_@UU18h;UuirMzRI{2
zo?*=IUe;Z0+zwx3%x_)RU2EI{cNoutuQTq1uQ%?3KX2R(&orJ7-(b8DzR`Fwe3Nkx
zJj-|~`~~CX@Xf|6;9HDW!n2K6!Cy391K(=A4!+H}*Jk2Q<NomN#slFyj0eGY8rQ>f
zj2qxD88^ar8IOR!Y}^EQ88^ds8@Iss7*B-nHExCH8n?ms8Mnjt8&8KHFz$f6jc36R
z8h64E8F#^7G46)v8PA8mYP=AB*myDgh;a`*-*_qfsPS_6G2<2R<HjrD1;(r3uNkj_
zpD<nrKWWT)LtOvYwxsiaT^!P55bW3ghr)jSzY+H9|K&3Uzy9Bh?$`gzXJ>x>zZIPe
zT6#={{rdlO*suT3g#G$|C+ye%=fZyde?IKj{};i2{l5q1BAFh`V88xfuF3oL|2NV7
z`hU3&@7Mp=qx<#${#+CG>;E;_um9J>TzJ!C80^>oN5Fple+=x`|65?c{yz!!>;G-A
zU;m#5`}O}0n2ULO%!d8?e;4f6|I0l~e*M2(C->|B<+C%t{$H+*`}O~FPmy2$Ur9b(
zAk?FLj^@|@%QbMn{@<7Dv3~u3Ane!w2g82-zXA5^|HEOw{@(<1(NT|auwVb52>bQ_
zDX?GvZ-@Q*{|wl#|IdQ``u`l*um5+$T*%a;eD3Dg|I0OMzy4qDIq~cN<+`+A|1Y1x
z`St&DE!waDmwQ6u`oFS{>;D5_zy3c6_Ur#cVZZ+02>bQ_k+5I?Z~p(7x*za$-|_zA
zeaVCnLM&UeSO_5&LdZ0lg%H0GLI@#*5JCtc#6k!m#6q*s2qA<JLbFE5gb>27^L>6h
z?&r0`aXgO8>pZXPzTbc9zCQC#eChdrTzu*Ie@ZL|uBVX|UwZyu5MO%!Ulw0_{$CSc
zdj8)OUwZ!E5np=#FF$_g^MCo)KcD~0x83>tU%uq$^MASB=kx!Ib6~SRJIFHU^MA`}
z>U{oh7hhg8F0uTVr{NV}K^+iZQ5_avNgWeg)k*P{)fw?s)Oqn$)g`e_T@_zV-4I`0
z-4<U%-4n|OPeYCg&gcIV@wIe*F21%}9!<~Z|MFOPKL3|Tvh(@B`Sh#seEx3}JGIs+
zzMk46{u{Nt{XL)mhs1J|PD9@IozMT}E!X+{U*7JV&;RAE#`*kTUgpo||MC)hKL3}O
zxAXbGytJIp|K->E`TTz%zOk-57T-iY6U!IsG?wC<syE`BsrTZWt4(qi=Tlq7w@^F8
zw^X~uw^IAWesxfMYjs3?8?}5U@%j8eC6;fN)5wZ%t1gIdr!I?cuda!MYWb|C^ZEb9
zS>+vdzAy84Qjf$TwS11!`TYOlO!6)|zn1yCsxQtV<s0@ijxv8YwMEXv{z+{Y-(Bqz
zN7P>NKdS@cd#J<Wd#YpNs5&YB7j;H_FSUHM>iPV?B$gkV)2NE?t!{|#qi&1utG+lV
zjH`z-e?Rrb+2H-vbD4jDdL>S%x8et?FU|lTq?XTdKA->F#PWlC8cy+p)gJLf)PC_p
z)gf_89Th)Joe)1<ofbbrofD_k^4UM<^Z$zYQ9552KU#fpUMIgiPNOUHk5ONo(LGi@
zmifo2FV5w%>ZQy-UVU*E_XPD`=AWoG$yrcNZ52OB?GQg%?G`^p?GxwKLGe@75%JU1
zaq-jDDRDua6+c5=5I<907C%c}6BpG@@w3$zXJyY(_htUM>WlNSl6orh&r@HVi9KJv
zmiZT`FV4Zr>Z8oRP;HSjnHQ<;;uou3;)>cUeu+9DeyLhM^X7d19}`z~UOvC(eEy#i
zze4Bp;#aCm;+k4Mo92A}-w?lA=iB1fs4vc`>gu7)zgB&5HuXC7T;^Y|zBrF+sJAlz
z2KB`m)Em`iIS=_awN2bqJH>BOd&F;6%V*4-&;LW>md?xPcc0Jy6XLh&d|Lc=bxtfV
zXs1yWze8OSzf&!r|8hS6zc?@I=zLe^->tqlBYKZ|Ec5SGUz`hd)k~RwpZek~=>6)w
z%zr>_lCy}O+A98_+9CdsT0UF+eE#nf_jNuf{;)bC{)jp*{-`=79;oHBSkCAF1@Xsp
zUOpS;eEwe(4|TpN{<!+$tmYHyzRZ78eQ`cBQcq?6()0g|Gnr56{95Ket-d&i8LN*n
z{~5JK&ICTIwu?Wfc8MoyulV!ofcOjQu=tDWn0TsAioc}Jh`+4Pi@%~SiD&An_^axM
z_-pF6`0MJ6bCS7wDD&S?U!0A6Q$3gYZ>cZNLl)|-%zs;baR%}owOO9WzpJ*1mujc@
zduosP`)a@V2kMY`rH+a(J^xRLf2i|m@&BlE;<dUc{$F)P{3CT;{A2aSdBsNEmHD5j
zFU}}_svgVy&(s&^5?l3B=6|lfIE(l{^<L(Gp*G30@J?+N|5EJ`|4Qu^|61)6@6|!^
zZ`2X-Z`E<}@6;*rL7f%<UR@CXL0uOAQC$-s)lKoA)E8$3e^&Qp{x9l_^8wT84c%!>
zW&RTN#hJim)N7f)toq^{K;H14#!==kr?%Km{wuXze0jA?Y*Bl~S5ODUS5$|^S5n8s
zR&`Q*Wpze;6?I;GRdq=$Z@N#TD!!V!A-=l0Exv}jC$_7H;%llW;%lkr;%lo{VuyMw
zzK;4JzOLGQwUhr^Z4=8I|I=`auc!8i|3>W>|E)SCcB!M{zf&i~*H@>-f3MDo-Rh$F
z2I`9VhU&WbAJi?eJbau+S9~M&Kzw8MSbP)pOzc%J#Wz)N#5Ys##Wz>W|1kJ`{%;lE
zLgyXgTdLjSTd93wc>p?%p!nA6i1;?@xcDE{DRDrZ72j4}5Z_K+7T;c769?5z@g3A1
z@g3ED@txEou{?yG##DS~^+J3X^;&#a^-dgCAH{c5TTXvR;e7sY7vEjyUE+w^EB<G7
zKzt8%SbR@)Oe_zAr;!x@i#j8|mpU*0S9M7oQ&+|JRyV}=QMbkSRrkbk^-z32^+bGs
z^<4Y_^-3%cqo=VIKTv%TKS*sp{XZX{&;M=Wq|Q6V4_14`4^jKY4^@Z6DRor*Fm*!w
zaCKVz2z5@JRu{#OR9D20QrE?gR=30%byxft^+5bs^;rBk^-P>qFU5~nZ^Tbf@5N74
z%O9&gpZ{CMPttjZ_{nOw_$g|iIIj+hpQ?_CpQetBpRP`c3+k-+8R~-gnd-9m()0hC
zxTy0@@w3$(@pIID@pIK9aY;QDKTo|7KVQ8Tzd*ecm(@q{3)Pm>ANx6<|J%hc)_Iq>
zqV|ekq7H~(st$`^rjCiL>ZJJP>Wugm>b&@s>XNvou8Lo!Zirv4Zi`=|?uqN_q4>4x
ziTHKux%l<!mAIkair=6<h~KC-pZ>tp`TXA|ZtA>K{3f+W{ARUZ{1$ac+)_uyZ&fG6
zZ&RnmZ&&BUZFN!n4s}I*>G^+M{4Skui9719_}%J(_&w^e_`T|xxT{`@->2S)->=?_
zKcJR_e)+p@GOVxzcEdh62uI*JoPx9B(|N9p0$he`;?udLj3(TH`(l0jV;aFzcp*NW
z@5orgJNO7&u4ClwunYEzPiH7H0&p0P!AUqHKAk(r$ipSL3OC?3+=GYk1fGje&-OA_
z@D@J6=F=bdI_GV$6ZXJ<I3zwjSIdaP2{<i2J#)&)!9}<N*Ttu2GZ`(o3lGGn=NTDe
zcm^-wjrjDwU&bDmKVEj8x55tC4g26A9D(C-3eLg>xD40eCftGh@Ccs53wRCh;3I5t
z8u!5tyI?OIfWvSMPQn>D50~I7+<@C~4<5o3cn+`NEqs8@r#}RE{vNQwPS^wc;Sd~!
z6L1>N!9}<N*Wni2g$M8$p216a1Mgw^13>3%x55tC4g26A9D(C-3eLg>xD40eCftGh
z@Ccs53wRCh;3I4~{h_GyeXzqW*b4{XFdT!Ea0br9CAbPV;5OWYhwucR!z*|TA7Hb~
zxON-tggvky4#8140jJ>{T!brd9d5y0cmR*#8N7ry@E(>A?>T?nt*`@j!#+3&N8mV|
zg0pY|F2gnP>0Cxe6YhvlXBIO0@Ccs53wRCh;3I6gzR}+fyI?OIfWvSMPQn>D50~I7
z+<@C~4<5o3cn+`Nt@w2IA>$xEJ^#xv|Gi-w?1VkA9}dA$@#(o*MgmU5Ik*T{;5ytA
zpPpA`bm0L!hG*i_bDfMOyn*+y$!+AVutR)$Mv~!%eQ*$tz;QSQXW;@|hHG#W?!bL`
z1W(}wyoPu15w_gGxL!N#g1vA64#P1x31{FuT!O1`18&1TcnDA6IlO|m@Bud8(71LR
z?1VkA9}dA$I02{O99)Dea2;;JUGeGJRmK1w!!vjZZ{R&FA5?PgX%(NI31v87H|&Fh
z;?r}Kj0hZuQ*c&%diIb}fXi?VZo(b750Bs}ybzz>-^*CTJNO7&JVxFQyI?OIfWvSM
zPQn>D50~I7+<@ES)BAN9J$MLD;5od4x9|Zr-^l21gPpJk_QN4KDn7lpmXUzda87)B
z-zlRASKvC_g1hhl9>X(u32)#%EPsUhydNv<fZebU4vJ6jBV|P3IGlpBZ~-ohU8g3e
zQG=Us2kyfo@#%exj48Z;*YFNL!j_vDeeAFc_QC-;49DOkoPqP=)B6t@CAbPV#HZJ3
z8Ev=+58(+shgag$>zs@&e1OefBV&V|um|?TAvg*r;53|ri{jJkkc<jkhg)zL9>8OG
z1~1_ayocpOGS7Rk!VcIC``{oPf#Yxr&cX$_4A<Z$+=2V>2%f?V@#%F=#v0ziN7!;R
zBX5UYuon)%VK@dS;S8LIOK=r#h)=IiGTLwt9>NoN4zJ)Xe1Oe2H`cPjPS^wc;Sd~!
z6L4C5dcBd6gNtwluEQ<y>G!paE<Aw8@C;tU8+Z@P2M?V4TVV(6hJA1lj=*s^1!u*l
z-?=gha2c+_P4VgXl#CAChez-fUchU32OnX}Elz8lelN(d!!Fnh2gIkJ9~ogd1}EVR
zoEM+I|74WlD%^nEa8G>t`pFo=6L=1<;H~&{%`y(K`Ig4K4R*pF*e^cS%Lu_yI02{O
z99)De;?sX*)ZrG~g$M8$p216aBfgdP-^22U_0RKG*a5p?9~^`ua2!s-S+QUDP=L#D
z4Q|36@vXJC50Bs}ynxr@+i2|$KEjsMzRnpt>=OT@)_UOp92N&O6N8g*Mtob%<lz!r
zg&S~Nd^@e}!9#c=zP)DV@Cx3FgPJ+O=F@#W&)dXz(2NuIz<xLcN8tpV7T-~O=HMb+
zf$MM!?!p6jEWVTWpTSFb1Mgw^@Pl)$6?TY2+S3jD;2<1<<8TVjitnsF3vd~(!A-aW
z_u-NFF4}VnFW@!2gO9M~^gVv=V;A35d%9pR9Du`c3{JusI1iV^VO^^VH{iDTZkp-A
zLwEwu#s8%F6}*KHu=(_}d(PX$ch_1c?1BAo2#$&)TAP5=a1JiQ6}S$!#Q&^4yYK)W
z!!vjZZ{WT79@<kr+~RC2?10^{4-Uc+@jbO?98SSmxB!>o8r&2|wPy$J!y|YKFU0?%
zwQG0>A7RVs_v<-thh4B24!~hJ1}EW+_+Gl7JY0gSa070`J$MLD;5od4x9|ZrpI$dE
z`B&YW4R*pF*bj%`D4c-Pa1JiQ6>&`WP={M^7aoZ3t@$xLgO~6I-iz;}wekU0XIo(h
z?1p{f`)X|vj=*s^1!u)^tu4T1xCS@jj`)6B+lNQ+6kdq$ulY5+gO9M~^qPOk12k`k
zU9cApz+rJhYh!Q{&cJ!NBz~aQR^bNRhI{Z({2;BJz;k#7Z{dUZ|7orH^xoub8|;KV
zupbV=Q8)po#YtT&2N&TAT!&lY2WxE?9>8PqLo_pkm+%JO!}8&W=UOZ55I<CVx?vw2
z6sI&3f#Yxr&cX$_4A;aD)1FPZ1NY$(JcSqV8s5Q2*b+Le`*2;?4!dBl_z{{3z+pHh
zPHQF!XW%?sf~(?3nl45IZo@rz2v5Y1GF^;0yn?sz0XCoBlV0*@)5WmCPS^wc;gC3^
zwNW?$r{Nr2ge!0zZoyr60FU7ryo5LK9+nS{KJVWOJ7Bl?F?x+Y@nh9NI0DDv6r6<%
za2c+_O}GR1#gEfHjNmD}fY<O2KEjsM`~7oIJM4nJa6p{ZJ%r&HoP;xQ9xlOExB<7t
zkJq(&@DQHBb9e=B;R9?wJ%610+h8Z`f&Fku`~=-w6i&ctI0qNu3S5U<a2FoHV|WHH
z;SIcpO{eFo^Zu={19rncI0#4JIGlpBZ~-pEHMj|P;66Npr|<$^!#ns0TTai5=lfuX
zU9eaDMEzO^;4mD6lW+#k!zH*1H{dqhgNN`0p2I763m;(f>3R2jT{hSWdtg5tf}?N(
zPQy942v^`b+=9FC03M5T`gNJXOLznCVfmx{=UOZ5fZebU4#E*QE`E~kCk1EW0$he`
za1-vpeRu><;RU>gckmImoX!}|d$z+a@ssshyl?;xi=U#I7@UMNa2_tfRk#7S;T}AM
zC-59z!CUwMo9|)l-v&Ej5A26Sa1>6!X*dTL;R;-bTW}X1z+-p@FX0WmhfSw5oAcMs
z3Oiso?1O`F1dhWgI13lxGF*e3a0l+gBX|lg;5EF1kFe!*&UC&HcGv}b;Q$<lV{j7A
zz<Ia?SK$WShI{Z3p1^Z>1#jU4Y(AZnov+;nJ7Ev(heL1_PQYn62N&TAT!&k57aqW4
zcm^-w4ZMd<_cE^C3Oiso?1O`F1dhWgI13lxGF*e3a0l+gBX|lg;5EF1kFe!*{&)T!
zu){9c3kTpZ9D|c^2F}AJxC%GmHr#`U@C2U2D|ibZVDstR@qFzz*a>@JKO7S0^|dbw
zC*U-kgNtwluEQ<3D}Ji3HGs$P3|_(;@zb<+51USBsONbr?10_kr)#Yb4#E*Q4yWKO
zT!71P4Q|36xDSuuskor~T)=C12OnX}={)$7XK1Y*cEMga0EflT)Y=%Fgfnm+E{UI|
zwN<zQx8WW<6c@F20?*-<_}QA-!Ux!VI?ul3IhwJ-PS^wc;Sd~!6L1>NiJz-$72yh8
zhg)!0T+-SBJceiR65hajSU%YP+|vp>#Lv^U+^`Q0!Vx$Qr{Jvk`P#Dpm*E=RggbB_
z9>G(10k7d5d=$Sx_hUKz+rrs)*adsx033#6a8g{>{uwwAm*6VgfZK2n9>NoNE`Fh|
zyMnjyLHr`knD1}c20LL7?1w{e6i$d=to_q)4lcqKxDL1AE<6xdwEq~M!Ap1}eu?Jy
zu<7(~KIeHW>=3_H^KRG&2gNVbOazX@DL5;xYQ6xM;Tqh8JK~pXZ66-NQ+NTd;T?R0
zEvJ9Ky5tqw-wwNAulSXk3BX}ECa!5F31{HE_*I%I!Bw~+ezj)Wa1S2B6Y*;_KZjTF
z7CwmUnm3>R{q1ZU>=eINGalFvhs3YbOcYMQX*dTL;R;-bTW}X1z+-p@FX0WmhfNPM
z_HTt9up9QlK{x`(;S`*O3vd~(!A-aW_u&ydg%|J|-oZ!Ma{9N>^ViW1yI?OIfWvSM
zPQn>D50~I7+<@C~4<5o3@#`=B{uejYD|ibZVDstUX3u$>_zha?ggvld{6@`$;3%Ac
z)8c>Ad=4(c6>(EDb+`q0;Q>5`XYdl<z<bzq`nTotx>nc$yI~(3gd=bqPQh8Y0GHt!
z+=M%DA0EL|cmc2B9eji>4>9h89d^N9H~@#?7@UMNa2_tfRk#7S;T}AMC-59z!CUwM
zn;&XiyA5{29@r0u;3%Ac({K(h!WFnKev|$zw8U>#ci{m%hG*~+-iY6#efF>^Wz1V)
z2kaKNOc%ok2jK`Dhf{DCF2H5D1~=gj+=oZ-RQy)c#aO^=cqe|_MZ|Q3Ee|v1?XU~>
z!U6HywNDt1!AUp+=i!pLt$nI+18&1TcnDA6IlO|m@BubI+}MK+cETRm4~O6=oDjc5
zuPY7b;38as>u?M1!UK2=&)_Azf%mZK5yn2Pumg6(J~#+R;5eLuvv5KDPQ5>6xCS@j
z4%`>NOKV5)6kfn<cn2S0OWNpZhh4B24v0IthcFz2lW+#ki{GuaCAbPV;5OWYhwucR
z!z*|TA7Jw%js4hQr}#a(PY>*eLvR#Mz-c%K7vTzAhg)zL9>8OG1~1_ayoXJXI$h&?
z^%||P19rncI0#4JxVWo5Q*ah8h~KA~GF*e3a7X-p&G+FEJcSqH4`_Z3@8BbBdGsmY
z)4Uya!Cp8Z{-EZ=a12hu88{D@;HvmT+Oq+-;T}AMC-59ziT_=DZs7xL&KMaR>=gI4
z)&u+D5FCXQa2n3RMYtmVu&z~yTW}X1z+>@8v~~tB;SIcpO^-2Zt*}G<QSIr5eQ*$t
zz;W?FYg2F*E{Oj_GiA62H^m>*Ob716Bk_M~W(qIhwRotR9eji>k3D5Rt{FS*g1zET
zXeI!M;TW8RGvZHbZ5}ScRk#7S#Uril!9#cg&*7E$zqED>A7Jz2PMJ?>#s)iKkNDG?
z@xviF3Mb$+oP&#S1+I(7x>gJB!UK2=&%~e6+9kY!_pp2@*Cn6TycKr9ZrCUOoaTdY
z1dfX*nn}S~xB!>MpVxd1Zo(b7FaCn&NAMJ0z-#drHNS(8u;uYa#tys0Q?2#F0XQuF
zl4fFX63)PRxFr6v)>h#L+=hGb5T3wu@mI9x3f{s8*!+Z3ex`XF?1VkA9}dA$I3fP3
z_DsV$xG4UbW-4$UZoysg*EK(Y$M6hZ!W;2iYxl6}iN?GYcEE1&H?-CV2jK`Dhg0Hj
zYHb!Sz-95bG*g3{a7Vn*OdlS>Q+NTd#oyN29eji>IU{3-UE=R(trrf!VK@dS#oyK1
z44j8ca20Ndms;C~d+-pRz;p5Uv~~q=;R9@b(kcIa&D&rn>=FM!Gk!P(N5w16B;Yih
z6aTknif{$4i+`w@7Tkpg;{Vai7@omPcq3kGeh-_TY|L9>hxmUr?}mMF5RQm{r1?0U
zg0pY|E{lJxwKcd2cf=db^x+Xa75_vt3wRCh;G_7bnzuZ~upM^6Uh&T~AArMf3{Jus
z@m6c|a0#x$4Y)1-xz_gJAv}TS@Cx3-2iTlH_5VNZZ-bq%NBj%T_~8&774I~YfYWde
zF2WV@FSWJ~x8Sb$SDG2XV|WHH;SIbO|62Q)o@&?%J772LgM)Acj>9Q93m3$D-9s6!
z!A-aW_u&ydg%|J|-oZ!lZ*&iqrx~`xF7a<Q<AnooSo}N9#NZ^Hf%9-le9+n|+<@C~
z4<3qtueB3+4zJ)Xd=URZYt2tLY=fP!2lk8qsI?(D3Mb$+oD(0lwg^|?I^2T0;y-Ea
z03O3L@t-xbgg5YB{1?rb3Wlw)Lwx!_8E)7I2jK`D7hn3J0x38P7vM5n6JJKxZNeS6
z50Buf__A8NfY<O2KEjq~7`1lT1$*HD92T2(-58vNGjJX*!Bw~+zMS@K!##K?{wvK)
z;5ob!UtTj?_yC)qdCJHKAfJW}cETR<6*S|ALvU1lMa?AOG@OHr;wx#s0@vXd+=T~X
ztJaR;8N7ry;wx)@51XE4%v)iH_$r!r!#+3&N5ogvd>l@}S-2p!X}%2C;3nJ=UrqCU
zcmz-3h4|{4U&A~22wRG${53Rhhh4B24v6K0vQHxn$KWKK5nogDdAI~u;Rf7>d+-pR
zz;k#7Z{Y)MezvhU8|;KVuwQ&Fy_S&p+Uh8rfYV}!W^!;5uE2Hibu{0CyYK)Wi?6Hs
z8N7ry@E$fj$EdZ!4%iL*;2<1<<8TVj!Uebt*Wf1Hf&1_Xp27=w4e#J1Y<aG6AMCIT
z_QC-;49DOkoPqOj39iBoxDEH<Av}TS@Cx3-2iROPuH6PZVGrzwLvR#Mz-c%K7vTzA
zhg)!0{MY(@K7hyY3|_(;u~TdJu<3cmycKr9Zt?XlG0E`3K{x`(;S`*O3vd~(!A-aW
z_u&ydg%|J|-oZ!M@_geO?XU~>!U6H$Tyk+w!s5SG$KWKKf%9+)uEGtt4fo(7Jb~x%
z3f{s8u}k-Ce!<Cqr?$aP*dxBaX8dpnj*9<YGYL2i=frN!6yXY77vDfLEw~F0;Ia6I
znxDZ-cq9G?&Fo=Q*_gM&4%jXBXsr(p!V&R}G!utYa277WWw-`6;SSt~NAMJ0z-xF1
zA7RT2js4qU7wm-ta2SrkNjL-N#W&V_Rf4N<18&1TcnDA6IlO|m@Bucz$k>k!cETRm
z4~O6=oPg7C4lassqW7T!*Wni2g$M8$o{7EMa|v(YJ#2chk+;GQ*e$-P_VmF)I0DDv
z6r6<%;+tvDGF*e3a0l+gBX}ylx%OPZYj_7AVN1oRwZkshEB0ys033#6a1zeIdAI~u
z#kbJ@4Y&>W;2}JL=kN;N!Uyp!buIHt4BKEQ?1BB_TWM_wj=~8zE%s|Z2N&TATo>P3
z^DVdw58yF86W>N_m+%JO!={%Sc`NLI-Qs`Lo<2ATN5lcm#Nia2g$r;QuE9<5ZMA0y
z?!zN^3NPR_yn~Oh<z>cNcGv}b#kbS_1mG|n6W?AlNjL-N;SyYh8*m%$!9#IS*P6g{
zcm;3agZK_wYpxo$!A{r%`{58A72i>NCg3!jgNtwluEQ<yowR2c9>8O9NHa5d32)#%
zY<l^r_Rd;sg&nXP_Q63o0>|N$_%7N%3m4!rT!Wi%2kyfocnUAXchz;*@D4u0mRA^g
zJM4nJZ~zX&F>zSeO~M&C50~I7+<@C~4<5o3crL!1?qLOQ;e+^}G-H0HVH@m(J+NPV
zcdZS<Q8)po;hZ?4wMDoB*Wni2g$M8$p216a1Mgu|&Df6>cEE1f2M6JZ_@DK<;&2Mi
z!Uebt*Wjl39@?`5_u&ydg%|J|-ihz2J&&;ERmQv>cEMga0EgiioD@fOtqh!pOK=r#
zi2p@v+i(va!V`EdzL(an;4OTB&964{HrNS!U_TrZ|EsPQg%fZZ&cQ`-OlvD}9d5y0
zcp$#F){fyByo5LK9yYzk=wpQ)up9QlK{x`(;S`(|-$(acfXi@Ad|%Bp;SSt~NAMJ0
zz-xF1A7M+~Sl14_U@shi!*C2v!WlRZm*6VgfZK3S9M}6ZgeUM^d_T>s;4OR*-(NH4
z*BZ9LPVoaY<AMEfNSx426i&ct@dGuJgNtxQ{2<NL;TGH#|3A$P;4wUdm+%JO!=~36
zJ*}`qoYb}4un!Kx5jYN~;4EB#%Ww^D!X3B|kKif1fY<O2KEjsQ8`o=xU9cAph##!?
zCk)5nB%Fcs;)iH$39iBoxGjFD=6moEo`_SLnZql1D}I<}4zRgl%-h5d*NhYPz<xLc
zN8tpVhI8UaX#XNyf$MM!?!p6j49~=A?Z1RK@Lv2#&6wU`*a|zukJ5}A_Q65%qcszO
z<8TVj!Uebt*Wf1Hf&1`CoY6f@;RU>gckmImywT`m7e7XOx?nFH5I<HkVK@dS;S8LI
zOK=r#z-_n(58;XUak`&5yn?sz0XF}eQEP*pum|?TAvg*r#97@>8qUE*@#8g9f$MM!
z?!p6j4A0;tyb(V^*V@CTrZI1Y9k5&cM6LC~K{x`(;S`*O3vgMS)BZKM33uQ=Jc6h2
z0$#&A@so6|BW!t-F>i-muon)%VK@dS#ZT6?GH@O)!Bw~+eu~z%;T}AMC-7XH*V+}l
zg%7a#%|_lPeyY|wVGrzwLvR#Mz-c%K7sXH0wJLBOZoyr60FU7ryo5LKUi@@j*Yp;{
zR@ec%VILfXBjSSgjKe873m4!rT!Wk9XK2q3+=oZ-6kdp*skLi(2OnWe%gEcs&(c~K
z?1ckx7>>b7I0NV55?mD*b=?NshI{Z3o`|2VwR3m{Z{Y)MeydSygPpJk_QN4K3Mb$+
zoD)Ci5|fM~T!HIwOZ?nRF7jP?0FU7rycCx%xv1U1d)V|gBV&af;^%3t8}`9LI0DDv
z6r6<%a9R9(U8@E+;SSt~NAMJ0z-xF1AH^@wbuDi<Y=>R27Y>NaS{sIAa1zeIdAI~u
z;Rf7>d+-pRz;k#7Z{Y)MZX4HPgPpJk_QN4K3Mb$+oP&#S1+K#_xC;;9F+78p@CM$)
zrgs?EZiOAN8}`9LI0DDv6r6<%a2c+_O}GR1;SoHA7w{V1!AIEgPUAk<VHfO$18^9Q
z!AUp+=iw4ug&S}i?!iNN0?*+UyoC?2`CZ1f+h8Z`f&Fj@j*4HXzY`L08qSGdq?saI
zf$MNf{9?^_;Q>5`XYdl<z<Y5;dzw0it*`@j!#?p#v^EGw;JEmunn}S~xB!>o8r+0C
za33DQQ+OeMneJf?@8F}jsu|0>4clRt_~n}M!T~r8$Ka&+6<V8t^Kc2S!VU2&wYClS
z;2}JL=kN;Nifh{Q0Gr=q%-h7T(u@=Kz<%+oH4}oPa6<eV&7|QRTol(eQ-SMn3+}=L
zcnr_rCA@+6u<5<V9<1Wm>V6!s8}`9L@#{1nf#Yxr&cX$_4A;c3*Pczd1NY$(JcSqV
z8s5Q2*wQuDwZksh3kTq^xS@NF!AUp+=iw4ug&X2GXwNp>gNN`0o{Qh8wJUfFA7JzQ
zjJyqY!XDTUhu|ojfYWdeF2WVK4!7VgJb=gW3|_(;cn_Q2Z(O@o{BL^S9O9<h4g26A
z9D(C-3eLg>xD40eCftGh@Ccs53wSMllU~bC{ATqLwtT>tx5F;j3kTpZ9D|c^2F}AJ
zxC%GmHr#`U;<xCvOvEkq9A3d&_yC)Gr`oq_tqpd<9@r0u#BbBuD4c-Pa1Jht->$V4
zxDL1AE<Aw8@C;tU8+b2n>$;{78n(g?*bV#OARK|?a0<?f-=XUk;4)l;n{Y?`POa_3
zBX|lg;5EF1kFe!KMt?i(g1vA64#P1x31{FuToS)aud50-;5OWYhvJUbPT)Dbg16##
zYyJS6|J|6kiQl6cC+va!a0rfy->bC=I1T6EB3yy%a0~9j19&X%>bf&{32)#%Z0etC
z->0=!*a5p?9~>0FUuz?998SSmxB!>o8r+0Ca33DQQ+NTd;T?R0Egv?n#SXh*FC2iw
za12hu88{D@;40jJ+i(va!V`E7ui!0wfXyE<uH6PZVGrzwLvR#Mz-c%K7vYNd1NyyG
z7x&aHxC;;9F+3B0P-~a)2HuN5q#4sk4O?Lc?1p`C5RQodU3<pi6r2_JHB*4ga83MS
z%{1W-+=oZvk7#}hFW|NKqng>lN7ynjGIrP{9%!u>4!~jYe`qEKC*h3vW17jsCAcd7
zPt7#oHrx{rH8X@K@Lc?H&8*-pd=P&^Gv@y=Y=fQRPin>k`{9syq?st3fYajt(o7C6
z!WHqSG*gFLa98|k%?#i%JcF0;Mm*NqJ#6}zF>i$(up9QlK{x`(;gt9@x^5OOz-71w
zH{lN4hez-fUchU3C;qJN=LlQ=)0nrzF4zkP;4mD6lW+#k!zH*1H{dqhgNNeJ>9tJY
zIlO|m@BuatjXpNm3435a9D<{80#3s@xCmF^I^2T0@BkjeGk6Ja#FI<E|6$X|jd`p1
z^O|wMZrBG0;fVMPS{sK`a277WWw-`6;SSt~NAMJ0z-#drb#FWP2wOgJ%1kw5hh4B2
z4!~hJ1}EW+_)FS950~I7+<@C~4<3rYtUV|29A1gPqM0pxfX$ygWoDYO!A{r%`{58A
zg%fZZ&WXROYZc)NT!&lYuW7yu58yF8gO~6|{B`ZKhfO16-YTAJ#sRxw9~^`ua2!s-
zS-1d~;Tqh8JK}HX-umzeo{GPznFYLtcj9kp<_KH<%b2%|7n*UwUN``U#oxZfBqIhV
z;f(k@n#sc@xGMgxW*TrC?unP08Nw5IF8-coR`3=+h`+BH^QR2kU?=Q>{o)^JZ3vFS
z3GqrZX*dTL;R;-bTW}X1i2qyrkKq}-gg5XWHhtRYV}%{C8}`9L@eg$m5jYN~#Q&q2
zEL?!g;<aXKa1-u`|5r18cmz+yKhn$sUc)>1DE_hLEn~xW*adsV8_fscFdT!E;-6?f
z1LxrqT!kBO8}7kFcmmJi6}*KHu=z8_K5eiQ_P~BP1V`ZnoQ8975w5^>xCM9N0X&9h
z@Dkp@d)V|@<JzsT19rncI0#4JIGlpBa6$Z2{oW{xf2OX%O}Hc8YNij5;3>R-*YFNL
z!j{h&{q3*|_QC-;49DOkoPqOj39iBoxDEH<Av}TS@Cx3-2iQC@uH6PZVGrzwLvR#M
zz-c%K7vTzAhg)zL9>8OG1~1_ayoXJnH?G|ZJ772LgM)Acj>9Q93m4!rT!Wi%2kyfo
zcnUAzHN1n5u;mNJeXzqW*b4{XFdT!Ea0br9CGpSo=ei0v#Q&%BZMX*y#lO(Z1fIhy
zcncq3^B0XiHrNS!#5-Nf4~O6=oPg8fUuta*F2WVK4!6X=(%LROfXCurYi0&7;f;8&
znLTWp8uM1z0lUS&(OMrIgd^hLY9<b+;H>y}nkm3#xF$YmrU`f8zWDc=8NpL{A^wAA
z*6<EKivOq?%a;t>VVC%*87~}w!{R?_CI%<rjQG!*$-^bMD*lUR8gLu#iA|Tec-9!g
z6L>DZL^CUR3m?Rn(Tw@ahHbD@d|AzSU_TrZn>7=K6L4C5InCtYB3u#wm1gR23+{?9
zubBZnhG$}nW|r^<-ovJ^7<sGs3R>%c-LOx5Ma=}^2pkt*Ni!)p3m3#z&6MF9+!S9~
zGaa}OkHlBe%oJY0Yw=YzvxASYWp>KgG-HQduvdIF%>>{u91~w%Gf6lD=f&61ObM>S
z4Y6G_ZMX*y#n;r#1fIhycncq3^H+^NHrNS!U_Ts!qi_OF!#TJJSKvC_g1hhl9>X(u
z32)#%Z2FpU?N-<UyI~(36kkj4e*})hDL4xk;4)kjUt4=N;SSt~NAMJ0z-xFXc4+@2
zZ27t|Z--s5S9~3<4ZvYI1}EW+__|t~hf8o3ZoqBvUu$g-9>NoNE_P~u1#jU4Y@VO;
z*VDWWcETRm4~O8W_;0jN0#3s@xCmF^y7+IkPYdqC19%M2;HB85eKznOHhsg$SYZe3
z7XO|0@xehjBEG(6;&2MiivM0S1-J~?#BR+r;SSt~N8%f3ehM$(HN1n5;u~tM<(r1>
zunYFW0XPiD#Q&f@lW+#ki#?ht!Bw~+zL93ya1S1eZ>*UKJcn1}n`mYWA7JyhjEoI-
zioIIvf&Fj@j=~A?O|>=+=ink-f$QR%X>AMc!UK2=&%`&^+9kY!_hO%BObf$S*de}!
zX56q34vKH7nFt(*Q{r1`CJPtfGF%h;HQ$6ga33DQQ+NTd;T?R0E#EfQwZksh3kSrv
z)_sQI7@QQ}Ml%^W50~I7+<@C~4<5o3cn+`NEqs8@-!b-SgPpJk_QN4K3Mb$+oP&#S
z1+K#_xC;-&|ETwN4A0;tyn*+y>AR;s0qtXj9k5$`Tg~|3ARH0jPBU>h1!u*#*GvH}
z!!>bGGflVy_u&ydg%|J|-oZ!MvNYDUi|?R&aKT<U0EgiioP;xQ9xlOExB<7}p7@Ts
zw;?=%=kN;N!Ux#=J)@@$cETRm4~O8W_)faF1e}I*a1pM+b+`q0;Q>5`XYdl<z<b#A
z{nMU9x@RlwfZebU4#E*Q4yWKOT!71P4Q|36xDSuuDZGH!@D4u0mLC}R!4A8`ch>vk
zg#&O{d>75c;3S-Z^Kc2S!VS0$_r!PAwTAEnp2I763m;(f%IIl>o#L>r<$?Wh2#&%D
zI1T6EB3u#QP1mZ!Ew~F0;4wUdm+%JOi~mX2GX1w<E9`*X;=60!2M6H@9EVeI7A}Y*
z+OrJT;3nLG`|t>!ivL-AF5or1gO9M~heoX(cEMgaAil?COftf73{JusI1iWLD%^nE
z;(K1^VyzxLgeUMEUcp=V0Gt2E=x>9aum|?TA#wCF7ki7s2{;Ys;38as>u?M1!UK2=
z&)_Azf%oEn(LI~ihOMvzcEdh62uI*JoPx7(L3}UWLm95YO}GR1;SoHA7w{V1!AIEg
zzs7#-unYEz|5f)KfWvT19Men^&cJ!N1Xtk(+=hGb5T3wucm;3a18n}0v1c3Xggvky
z4#8140jI_H)_anJi*N<5!!5WA58yF8gO~6I-ovIJ8+)_D4%iL*;2<1<<8TVj!Uebt
z*Wf1Hf&1e7==~hQQ+NTd;T?R0EgPe!9d?QDt801T033#6a1zeIdAI~u#c^G$0k`2E
zJcK9k9A3d&_yC)KVytU}ov;V?!yz~dC*U-kgNtwluEQ<3E54uJp8-6EXYdl<z<b#A
zQ=_L9cEE1fC%(V#AqYp{IGlpBZ~-ohAD}&Ja1-vpeRu><;e|M%J=gFKKEjrt8F@SG
zg1zDgYR>>1hGXIfX(kD0;5=M{t8fEu!##KiPvAMcg17JiHg8XR{(rh>8|;KVupbV=
zQ8)po;T&9qD{vidiIcjwE<Aw8@C;tU8+Z?!es1))!VcIC`{1DX!Me8y9EVeI7B0YL
zxCS@jj`$(ERv#Y0Q+NTd;T?R0E&pfqx5F;j3kTpZ9D|c^2F{Bgs@GD2t8fEu!##Ki
zPvAMcg17JiHvhudj}3Oh9&t+d?1w{e6i&ctI0qNu3S1XIOxJ3`U3dVG;TgPyH}D=d
z?Todoumg6(J~#+R#1Gd!$Ke#56+c2V1-J~?#A(em;SSt~NAMJ0z-xF1A7RTcjdks?
z3--bRI1I<&B%Fcs;z#N=mf$MffZO6nX}$*!;R!s4SMU}-z~)~W{cW%l_P~BPB!0B+
zEea>#G@OHra0RZzEx0Sr=vo7K49~=m(aaLwz<b#AYa?%k9k3hri65)|gKz|n!znlm
z7vM5ngPU*%?!zN^3NPTb_;I@D9eji>dn03qU9cAph_l)=49DOkoPqOj39iBoxDEH<
zAv}TS@Cx3-2iW`@<63O66ZVK7uh;8`LvR#Mz-c%K7vTzAhg)!0`~=;@03O3LcnNRd
zJ#6}|(bEb$U^nc8gW@OZej;!jPQh8Y0GHt!+=M&goUYY}NAMJ0z-xF1A7RVyjQ)1m
z1$*HD9EM|X63)PRxCB?>hWJT(y=}M$58(+shga|xKEURKv6c;X!XDTUhu|ojfYah9
z>$T+IB3yy%a0~9j19%M2;HCH}y6y(v!=~RG87u67-LMZ1!Vx$Qr{FAHfXi?VZo(b7
z50Bs}ynxs64nD$`KN$DH4!dA49Du`c3{JusI1iWLD%^nE;=Fzxd+-pRh@YyNIlO|m
z@Bude(Wte-PS^wc;gI-gx^5Isz-c%K7vTzAhg)zL9>8OG1~1_ayoXIkWB*pz0lQ%z
z9E2lq98SSm@zeEQ72q;lgPU*%?!zN^3NPTbxS;Fq;3I7LlaaB*F4zkP;4mD6lW+#k
z!zH*XeunO|0k`2EJcK9k9A3d&_yC*#Y^-a8ov;V?!yz~dC*U-kgNtwlu8W_k_n`%M
z;Q>4rKTGp7cnNRdJ#6}mQEP=Aup9QlK{z5V>K@{73eLg>xD40eCftGh@CcrYpRIdX
zz-xF1A7RVse^qj>wZkshD}Ijl55QqKCVsAFl5hsj!zH*1H{dqhgNN`0o{LMmhZVeq
z53u<XBX1KwPivj92lm4uI0`4=G@OHra0RZzEw~F0;4wUdm+%JO!=}p^*K36xup9P?
zpRe~P2uI+!_yw9t!CANfm*E=RggbB_9*N7k))ZdAYj_7AVasKWK6cmzd*J{ahGTFN
z&cJ!`3w6&WxC%Gmw)jPw@4-WO0?*+UyoC?2*=+Q;iC?U1Ibjd%heL1_PKYboCk^M|
zqWC46slau(C4Q-9y6^xV!!vjZZ{WT7W!lqpIm1@i0lQ%z9E2m{s`iY-DL4xk;4)kj
zzg+t?;SSsvzd|!3cnUAzHN1n5u;s6eo_5#;d*OiimAZ#89D|c^2F{CXT3dpva070`
zJ$MLD;5ob!ze?BI!Ux!V`BUcAnz6x7*du<8X8dpnj=~8z4d>t@T!HIw3+}=Lcnr_r
zCA@+6u*qUvmlbxvZrBG0;RqauQ*ah8z-71wH^p_m=N-5YkKif15WiMy*YFNL!j>x-
zdAs;^TI+(nZ~zX&F*pfl;5=Lszh2j>!VS0$_u!$pp|ulu4zI*-(99M-z~(C&85`_`
zJ+L1R!BIE?r{Nr2ge!0zZoyr60FU7ryo5LK9yVRcxOOY-5Wi9Hn;Z7QLGiz7CIZLd
z6r6<%a2c+_O}GR1;SoHA7w{V1!AIC)HLk@DyI?OIfWvT1+|+xLgfnm+F2Pl}0k`2E
zJcK9k9A3d&_yC))Z0y+vJ7Ev(heL1_PQYn62N&Ur_)U7>>TnD0ir=i60X&9h@Dkp@
zd)Rapqo);ih~J`XxnUn16t^@Jf#YyW{8r6m;R0NSYj6|pz<qcGPsMN3wHELi-oZ!M
za@AAq+qKpXyI?OIfWvSMPQn>D50~I7+<@C~4<5o3cn+`NEqs8@HsjiDuoL#cemDe2
z#cjQZ3GqABX*dTL;R;-bTW}X1z+-p@FU9ZFJ#64TY`U6}vBD164g26A9D(C-3eLg>
zxGa8`?z09r;SSt~NAMJ0z-xF1A7RVYjXl_5m$;*Q^TGi*49DOkoPqOj39iBoxGjFS
z?x6<{;R!s4SMU}-z~*Zh{cW%l_P~Dedvre`I0`4=G@OHra0RZzEw~F0;4wUdm+%JO
z!zR0NEmqh8yJ4UBy?X6II0DDv6r6<%a2c+_O}GR1;SoHA7w}r#)jjXvBW$^*k+F;4
zr+F9bg#+UEYbFfG;3S-Z^Kc2S!VU2Uw0|4!!9#cg&*2rk75B8~0XARDn74^Ps2L~h
zf&Fj@j=~8z4d>t@T!HIw3+}=Lcnr_PAJY9V;SIcpP1iQ^R@ec%VILfXBXC^&@4AN+
zoP`T;8Lq)ixC8g$5j=$#@EYF1N7&*x?YXaew!<#i3kTpZ9D|c^2F{B=tZS9vD%=o%
zL^Ex;2M^&1Jcn2C7Cyk{>lka<U?=Pme^mG5heL2wJkU%6PQy942v^`b+=9FCK>Q!N
z))=0_OLznCVbgVuK33QPyI~(3gd=bqPQh8Y0GHt!+=M%DA0EL|cmc2Bo%myV-;S{5
zuZ?*-?1H^;01m@3I0<LqJY0gSa070`J@J3){)g}cp2I763m;&!)97h~ov;V?!yz~d
zC*U-kgNx#!UP}e8!!5WA58yF8gO~6I-ovKr8GEq84%iL*;2<1<<8TVj!Uebt*Wf1H
zf&1c*>wO!+Q+NTd;T?R0Eq`P5w8JjgEB=J88-T-b3{JusI1iWLD%^nEa1S2B6L=1<
z;4OTB&3|iLmkoBp9@r0u;3%Ac({K(h!WHo+_1@Ou7Tkpg@ED%KOLznCVUx>P*9tpe
zH|&Fha6~-P{m0=HoE86<W(sf_uE9;X1NY$(JcSqV8s5Q2*z$MA-t4do_QC-;49DOk
zoPqOj39iBoxDEH<Av}TS@JjqCz2{r_0GqFGWNfe#_P~BP1V_c6*0mCF8qUE*xFQ~F
zZ5?jGU3dVG#h=mI8N7ry@E$h(y-{n09k3hr!9h3z$Ke#5g$r;Qu8BXZ*V2SLa33DQ
zQ+NTd;T?R0EpB67JM4nJZ~zX&F*pfl;5=M{tK!e;wKw24+=GYk1fIhycncq3^9_u3
zZLkyez<xL+p6H&VZ~{)lIk*T{;5yubyYK)W!!vjZZ{R&_x}mXuE9`*Xun!Kx5jYN~
z;4EB#%Ww^D!X3CT{=DAv5j=$#@EYF1N7(WYMo&BJg1vA64#P1x31{FuT!O1`18&1T
zcnDA6IlO|m@Bub^jBB^SPS^wc;Sd~!6L1>N!9}<N*Wni2g$M8$p216a1Mgwejf`uz
z!VcIC``{oPf#Yxr&cX$_EdGLiKiA+U+=2V>2%f?Vcn$C1qxg%uuI0vt?XU~>!T~r8
z$KWKKf%D?2u3Lhua6|kh&9vbjJcK9k9A3d&_yC)4VytC@ov;V?i@&UU3&Bx10jJ>{
zT!brd9d5y0cmR*#8N7ry;;-nQ_pr%p%v)gx?1p`C5RSlcI0a|n0$he`a1-vpeRu><
z;RU>gckmIm+|;-acGv}b#WTH!0XPiD#9!4+63)PRxCB?>2Hb{w@DQHBb9e=B;R9^G
znXzXZ?1VkA9}dA$I02{O99)Dea2;;JU3dVG;hFerdjFU32HwM_n;Utn`0HBhfZebU
z4vOcRkHB#_1!u+I(0l<d!!@`Gcf{Y++CDsjr|?4jEzPgt9eji>zEggoc{}Way>I{y
zi@&Y4F*pfl;Jo-dnlHgsxB<7t-_?8%9>NoN4zI*Zt=+;0*nA5kV-tT*^G?_U`{9uI
z`<jo!2{;Ys;G*~kT3dnZa0~8=SDGKdV|WHH#s97O4ZMd<w=^<V@eeicfZebU4#E-f
z|7dL-PQh8YAYN;}4A<Z$+!6n;=KJsnp27=wE&h?#?%*SAxs{Qzi+`+n7wm-ta9F(2
zd<;&)88{D@#6Qv6D%^nEa8LYG%@5%TJcn1}pJ{#zA7HcJ$k<?~c&oJ@*bj%qKi5nY
zPQYn6C;mUp7vTzAhg)zL9>8PqFSO?jUcwuA51Vdn)LLPOc&9zxun!Kx5jYN~;4EB#
z%Ww^D!X5E1bw7Q01W(1k(#!&0!#nsW{<Y>Uw=ryoU9cApz+pHh-fPb!oPqOj39iBo
zxDEH<Av}TS@Cx3-2iW|N#-44k6ZXJ<I0Q%G1e}I*a1pM+b+`q0;Q>5`XYdl<z<byf
zFs|JSJ7Bl?H~Ka8iGQmO!Vx$Qr{FAHfXi?VZo(b750AvZ)BQ~01-yoL@DaA$*63r0
zU9cApz+pHBC*cg7hf8o3ZoqB02M^&1JQpAIo~+<4d=UR$Gv?bFw!u!=1N-3+9EB5b
z8qUE*xB}PV7Tkpg@ED%KOLznCVbkr6YqyI3p!dW9yI~(3gd=bqPQh8Y0GHvK_>a1W
zCftGh@Ccs53wRCh;3I4a8tdA{N8N)9_QC-;49DOkoPqOjN&F{Ws|q*Zw)oGQ>A^#I
z0?*+UyoC?qzi3bM9SqxGr`UAai@)vcf&Fj@j=~8z4d>vZ_!8}3f$MNfd>PGj;Q>4r
zUsf|ScnNRBX3gwj(;ba@tN3!7almfa2M6JZ_^-4!4yWKOT!71P4Q|36xDSuuDZGH!
z@D4u0mOB~yx5F;j3kSrP*Xs?#F*qr<XeI;a;ga|YnyJDKxGlb-W_s`to`|ocnK`_I
zx9|Zrhm2Yq>=awIrw8`KA@P+p6NM9ST6`7F<lrJ)5noj^b+`q0#Wu|h;4wTCUrjSh
zcmwanSJ#Z`&W5e9LwpU*xM3e06x%fuf#YyWd`-<{;R0NSYj6|pz<u$xwC4z(!V7o}
z@5I;E+9Pbai!pD9U9cApz+pHBC*cg7hf8o(?9jb6;5OWYhwucR!z*|TA7Jxcjdg9X
z6ZXJ<I3&J~?l}r4;I#O<n#sXMxB}PV7Tkpg@ED%KOLznC#ec2)F@+6VVF&DneQ*$t
zz;QSQXW;@|hHG#W?uebb=RQ1wr|<$^!#nsWzMl59+|95ZcKv_G?gy^k`TigOLGQN^
zLI@!ogb*5`aZCsyw8?}JLMCJ~nM@{R?+{`k6GEnKjZ7w%2_cgSA(P1#3vKITZN86Z
z=e*AKIFH-wy8V9FP0pjv^W3l3zw0_zr#f%TTg7YgDHl;Lp<GV6igGRG2FlHp+bDNZ
z?xEaId5H2T<q68ul;<pO9q-E`<+MYCuV+%up`1s#kaCQ28RbgKHI(ZqH&Je-+(EgU
zav$YE$|ID=E$7DjI7NAu@&e_^VL^Qc<!s7P%iF}w0?NgdODR`SuBKc^xsh@U<#x;4
z#`o1lxtH<)<zdQWlqV_AP@bo}L^-`Q*l!l)T*~>Bizt^+E~i{&dAoRDYAH8RZl>I3
zIU29;q})TfpYjmpQOXmPrzy`-UZk9Mc(C70$~lztC>K(WS>8V0<}%8alxry0Q*NT%
zO1Xn_H|0LcgOo=ok5itqyhFTgvy>MoM~(<;GAL(Lj#4h5Tuix?as}mT%5{_*DYsB=
zr`$!km+}DRVaj8aCn?WRo~OJ-IsHhC!;bN>%A%Z0Ip1<#yrzh93FUIiRg`NfH&AY-
z+(x;Rau4Nx%0rY#DNj(IraVV^k#bsD(63C&Ih6A#7gCN<E~8v&d8hbT)ljad+(fyR
zatGyZ%6*gvDUVPdr#wY@mhuAS$WcK%Gbm?Mj#4h5Tuix?as}mT%5{_*DYsB=r`$!k
zm+}DRVaj8aCn?WRo~OJ-IsNEh9I`0qQqHGbM7e}=Ipr$KwUiquH&bq-+)25IazEuE
z%A=GgC{J77Ild0(C@)e@J0_^fq?|)Jk8&a9809j`m6U5J*Hdny+)BBFayR8Z%7c_g
zD34Q~qC87^fpVlg=zE6cUE*VvO*u-rfO0YAQpy#St1aip%{t1Blv^mbQ|_YNOL>6u
zFy%4IlayyD&r@EaoPKQ3&MeBgl=CSUQ7)lePPvM5t>s<g<Iq64nQ|NDPRc!$`za4m
z9;G}%d7APZ<weSA#|3T6q?|)Jk8&a9809j`m6U5J*Hdny+)BBFayR8Z%7c_gD34Q~
zqC87^fpX;dpzj%!vnfX@7f>#yTuQluay8{T%8is;D7RDYqTEY)fbuZqG0KyaXDH88
zUZR{{5sX6?<y^}7l#3{rP%fujMY)!81LbDQZInAH_fYPqJVbev@&x5+%5#(#DW`om
z=zAvR9Ljl=3n|Aamr<^yTtm5@auelN${m!uDfdwxq&z}-obnXqS;`BPBi{@9o<TXA
za+Gob<zmXElq)D#Q?8@jNV$b_JLN9Qy_5$i4^tkaJV|+m@;v1w%IPNr<B&x;mvTPk
zBFZI{%PCh;uBF^SxtVes<xa{yl=~?UQ68l{L3x_;9OXsIX_Z0WGb!g--Yx!|l}EXd
za*T2r<x0vml<O%sQEs)odwgFVl)EYSQ68i`LV29>6y;gU3ziGw`-+?x<P6H$l%tdj
zEbkG2Y%%3h$`zEWDc4bMq})QeopKlDUdjWMhbfOyo}@fOd7ko;<vrtlN&kM3vnc0M
z&Zk^NxrA~#<toaxlp82FTiz?)hBnHblzS-mQy!u`N_m3vH03$Ui<Hw&3fhoKIfrr{
z<wD9a%4L)*Dc4Z0r`$xjm2wB=ZpwX>2PuzG9=BW=AI~Yuvy>MoN2-GQ49eM*qm&CM
z7hC>Td|#!MD=1e}uA|&YxyAC{ai^Vf7v)~c1C)m;k5QhqyieSmp*&A{iE{eML46kG
zT*~>Bizt^+E~i{Yxt4MR<z~ullshT+Q0}KZM0u3*1m$VUbC!$ZW3os&?Udl_nUr%V
z=TR=C9HU%Dxsq}X<$BBe#@o<Dxs`GU<!;OS#q0Yh4^keXJZ^dac>NURS;`BPBc}%S
z8I-drM=2LjE~Z>cxq@=F<>GjI>L@o-ZlT<6`P=dOF3P=>2Ph9y9-}--d4}>l<t57p
z#P^k69po&^xs>xM7f~*uTu!-)a;@b9<NIo$+)TNRawp{;%KemwD34N}upEo;Ynt*L
z<weSAr=k9!czq`29Ljl=3n|Aamr<^yTtm5@a+Brn#P{1uxr1^y<vz-TmJg0Uc7*ac
z<tfW0@tRr63zQ?L2Q?X#vnfX@7f>#yTuQluay8{T%ZJ3<(@436ay#WN%Dt2aC=XK}
zqdZA@hVne+CCce%1Z~TroJ%>Ma*^dj<9#WiTu!-)axLWs%ZJ4u+f2EQawp{;%Kemw
zD34k$jhhpcrzy`_K0IEtNI9)0_<APg9Ljl?kBC3EkaCQ2ndKwnHI<ZWDA!vqi`O(!
zZl&B|`KWkJH|0LcgO-nu*Njjer#wY@mhyt-W8#mEoEhW{%Gs2olnX4E#~)ivxs-AR
z<!Z`xmXD1;wvloR<#x(llzS~77k}&k<zdQWlqV_ASUx`f*m=rJl+(`&YO*NjTCRvc
zHlK14<r2!}l&dJ$Qf{#P-MHCIxs7rs<sQoYl!qvfQl6kZZTWlgea%r`q?~qkP?JeH
z$MOmB$L3Kkq#UDMM!Ax54dr^uO_W<LSH}0%LAjf9ALT*HBb3J}Pf?zwyg)fp8|*iO
zayI2C<pRpZluIdBP_Cw2N4b%53*~moU6gw%4_H1iK32n&$0$!yo}oNXd5LoRIf0o)
zIhS%i<s!-@l*=hsQLd%jK)IQ68|6;R-;ejPhjKsVA<CnaCn!%-p0j*X++3ubc5d+X
zOv*Ww^DI}zA6rN{M!Ae~CFL5*^^}_|pBy(^DR)rrrrbw)kn#xSamrJaXDKgGj+_^?
zA%k)@<*4OT;_WP;Tuix?as}mT%5{_*DYsB=r`$!km+}DRVaj8aCn?WRo~OJ-IlV6E
zV;1FH%K4OwET0-5lM>41l&dUP$7^aSH&AY-+(x;Rau4Nx%csT7A<CnaCn!%-o};`-
zIqm$w%%q${IgfH7<rw8M%9WIBDA!YNqTEWkgK{_JKFWiXM<|a|o}xT!`Skd>El`g9
zAozNQ<ul?n*_5M{3n&*;E~Q*yxhC#ZQ?8@jX!*=|O$+6A%3YLuDGyjaEB@GF%43u#
zDbG-zr@TZt{er;EvV3;j&!wDCxrlNJ<#NhZlxrzBSgwux&6L|HcT(=5+)sIk@+jpA
z%F~w5iSKKU@*?H5`k*G0at`G@%jd?OLdr49Wt1x^*HEsf+(fyRatGyZ%6*gvDUVPd
zr#wY@mhuAS$b~__GAL(Lj#4h5Tuix?as}mT%5{_*DYsB=r`$!km+}DRVaj8aCn?WZ
zJ}*9Z^OTn;r(YD*WKqtwTo-?AKIJ0HC6vo4S6Mzk{@7Z|4V0THw^8n-+(Wsa@(|@w
z$`h2QDbG<}q?~qf(9TTCIh6A({~)pcDaR<6QLdz1L%E)E6XjOQ9hAE%_fa0CJVJS#
z@)YG+$_tbu4MD#$C}&fSQZAreOu3YD1?6hWb(9+^w@_}U+(o&U@&M&w%43!<h|kd^
z<r&KJl$R){UlKevi*hdIe9A?XODLC9uA*E^xq))C<@$J=+bDNZ?xEaId5H2T<q69d
z#?5KUbCee;r~NRf&$N6|{INNfFOKIt%MI~dX!(+Oj#>U;JeOI%G@dIhH^y^~<;&u^
z-tv#)xykb7@!V>;DV{qlUlGsUmVX@2eU`6`=RwQO@jPPrs(2o^{F8W|vV3(s&suJY
z=LO5x#B=0Q<e$cKhUIJHIoon;JVz~G7taNjuaD<q%QwVxspYnKuCRP#JXc%(Sv=QS
zUKP)cmfPdG#qv$@+-~{ic<!=%OFZ{l?uh3B%eTh!u;tt0dCc<d@jPj{GoEKG-x1IA
zmhX(`CCfjL=k!M8u6WL}d{;c@TE07;^DW;K&qbEI<GIB0z42Ub`4{nAW%<5%uC?3~
z&kdIEkLPB~55#ku<p<-r({gV-_gH=?p8G979M40RABpEt%YE@YVfoQ`p0@nUc%HNT
zSUfNPQSbkc|K*})HGHg0)E444J(2AuEs?iK<XGbKv1ijF*~qu79e=#lW#D69e6UxH
z&wZZl#~u^Ihix<DSr44|U1au368GU|d9ym(8t}n&rTE<4XZO2&K_bWOi`bU1Uu(DZ
z!^Xhs?DHG&!Co0Y_x0na__{qNh7a4)p9{vt>YaBlGJ6$?`*5?ox%PG8Gxl=fx%Q!n
zN$+W7_9_$i;bwVr-XK0>FP}Vf?LNDG2OsQJCGNw`^5(oZ@fmwX<gJ&u&%7`2!Co~!
z@4$!KoHvIruvY?a2oJRR$V}X4-iG)ZdkgrQZ$8#V5qpu5U_Le^Z*TFI68GU|d2{XC
zL%eKw)*fqL7H+N1KCckZ8f)!$oAZtlFAA>!MdodSTj$~FE2Y1g_}uE;<~&^Lr}Vc1
zUOS4+v*XiwKNBw&;$0`+40)TAcb|B!9ooLT#cOyz7{46yhQ-6BOC;A}i8}lADe;=&
zRpaZ{->q=#`umA^9r)b0Uj8E9G(2}+%Ox)zZ>50J<ax3y#9IS()`l29Y+EF6TYT=?
zx2<?R@O<lKOYt)Q7_65lc?XI&5YoQ=#EZdm{oR4QQ^d1l($=}#tRJ?WC|)HzYnRPO
z9&TNKe=Oc;Nc%1muZh~XGkNyUAc9EF$2dO8#piBw?Ym374tUilvi9ZU*0s<6X#)1<
z@rkd$_D`$WV`BKQZGrl`8$Ng5w0KMKeDiB>`^R4P3&H%_@$Ni(D-Uj8M&fbS2HUL8
zHhX&)_DbPdKdird;?{ZF<4KmiOgzrcXKr&|F6!8;fLDwn^9ph6Jo}L+d(n{g*^h<U
zYp3?@O`d%_&t4up-}u?fWbAdpizeDvM4nv^vsV<-KD*>*Z<yM*A9;3Z$X+o#-}%KZ
zKiM0D=Z-fUN4wAF=V|duLcBroX2?5$ypO~y3-R6;Z;8AZc^POZ_qPI`Z$8#U9rrhD
zG+58yA#XSFYC^o7#491MguLU#Yk-F@B{!FUD0Pjf^Ud3ZsI$k!5<&y^>yD$t@HM;7
zKEF%6<`Az_yk>ZA9UM*`E=N<wxizF8L*jK(`;H{<J@MK?yh-tT$UBO>Me*80ysyOT
zC+`^YHd>L|-;NM(J=B4W#PDI;5P8SqbGy&xV>j_SL%f~D8zt{}@(vfT3!ZPil!!M0
z&&{uW598WbCtgp8ceZ$Q<eflXyLf#e-VNfVy%@CbMDm^xZvdW+tJ|y}w*6YX9C%TD
z-JTat!maD?w0OhtoMDd3?}`_L=Z?3N$y*X{B*fbZ-^}s(YBZ!SiaKjU3?H_Y(SED(
zx$DQV;*EuPmr9+zowjfME|UFL()gW0`@Ks%d#hjHdAC!%CU|!JVDoV%dC!YC7t)Vm
z@%m_7&L;0~;@Mk@`uh8^c!Sj6bI99x&D43bw`sHE$Zc-DWTKAeZ3<o~imboq;nvMt
zOuQ^S-_<!RQD>j-FJAPeG<)lqW$*k%o%QQf@!a)-8Me9heP6uVmxJ}}UV||2TJh{9
zJZG@?6Y(0zyD+g|^Bxh;UgGn44~W-H-o@mNiDxeX`qtkI;<dqZ>+cfsJ`>MglJj}9
z;ti2^DS2z*WX#98y+r2o(okpP5W|OUbL3ry&+R@Nzb(ZZf@fcMn;Xk)@p8t3^WWtt
zcHTbXjl#3*KDRk<Pw`^#dQoKS`3l@R??~~|a7U@b5_R_Jq2kTLo5a`6yE0K{{W@2?
zGI+W8y4zg)&J=I>mEilRt5EFPca3;;xWm5BcboH?#mjv)EmDCZYv0wlb>0Kwwc-wE
znCbGp;x)jt{+V|Tc_ZSr0T?wXu{rM<@tWb~;9O+hwWzf^^QXnDNIZ`vxMcg@6|ZYN
zXy0|@t+rO`dai_*=deVbeYzxGFT6&4-P&ibUAp$|E?zS{-+b(hI(tkEAGYPb9?Zv$
z_}qCXh}RX;-{Zt<fam686?vD5*B#<Dh}TTsP2}ApUQdX3r+97T-9p|=;`N4j&x_Yd
z-mT>QTfDvy?@RG|$h)1q%`xA6{_BTl<Low@H`_Kw9nWt+yePhI>*WsIy7?^;Zz!aF
z2Z}dA?fW@-=ZZHR(!Mjro2K^NMP7$^V<GKZC0^Q}g7tR~c~6Kp9^(C4yiD@$CGRcq
zCPKVFiI+p(edPU5yh(UPxZiDVe*aIrJa}CwviZFqw{CuO)=6D2nThK%^)^MFJtmg8
zV}#oGAin0j1I5dN=UadKi8l@}3dh>_5P9c_mmAW)8u1pWeUFgWE}mWQ$8f*ftRJ@B
zAYSB+w8${NZtZ&%x30gBidO><r{d)1yk7B!;n{Vpd5_`Nd9R392QN3N#p~?TQSm0>
zRpaaC{R+3v`@48;@bYoL+g$tpDqhh<TBHR<=KTh@&RZLk$>*0rc)sVO6{xev#PDI;
z5IpyM^jm!HyzRuBhG+M=&E>7cD||CJexE?G^9~Vj2A=QwFD70LUKEb?_et_j5pN-+
zeJ6@nL+yKtyk_whL)v$_c=hny^|Sq~&-M2g;-%v{*>^p8mw4Uq1`_>!hP<c5D}m=5
zzsJR^_;b*{XUY3Wyb5@3PEnT3?~B(04_{iIk3W#N!MdsIuQJ5TK%MO;h7a4?$$K83
zyYV|vys8jyKk>TAdx5+Q#H$YR&K0khycfy)xp+13eCL<j#2bL;&Mz;MH!5BoJm2g5
ze-LjBo~<i8K3*a3U*a`~wC@Y?(%%Z&_ZoQx_@ObMUs^-PZx__@{N}=Q>*aOwP7|*!
z#H$i7pS(B7yGgwE5U)+VBJ$oO?=|r{LcEv6D<SVK@>Z^&I)0rY-fF1h@hd0qZSwXK
zuPemcO}r}d-X-r;@w!92?~7MU-h1S=h}RS1T`67zc^{DXOYwR`yobbVChtS?-W9Je
z#QU>&ZRCAK-o`i?^YPIi;$@<a=eLu*kI5?)ZvdVhM{YC2wu8m%ffvQs?R@YFZmrH9
z_XF{UL)v$ac%#(5PszJkypa&^M)4-d`#X70i8mVJJucofd7qK@m3a30nD6`P&&8XA
zR{+Px?;qrCyg};x&cgGZ?~9~vKBOOep^n!<4t}uX&XZr#eoql^A;ddTygc$2$h%g&
z#Srf&;uVtjFY+E1Zz;sPU%VK3i{!l|o(-~F>nKa+=fx`{?`!h@CZ2nJ(Jb4X{jqqJ
z<SixYY<||oFDLPFo{sj}^SRrcmySA~-x_$OD6)0+Kit}V=Itq7Zb*N36|axlXAN@R
z$>K#ryh`x~$y=SgE5yqS@fyV&Auo-*`^3wKhyRkB8^6278;9qvn^uzdf_Q}??R!qV
zS!!Q8dH)cvD8&1lcnjpMP2PqZrLLFa5N{W$i-pwffI41Rk+*~MhWnj5TUTY`m4tYQ
ziI+j%`qYo}#48Q)&Jr)1ybZ`}6R#}9yH>m?c^i?}Cti7o_n>$M<ZVpe%i>jpcz+bH
zn7mENn-i}x#QQ|NQt~z<F9Y8k;M3&qRaJ#}Yod<VO9gpbke4rBb%?j4c-7=>N#4=o
z)r5G5i&sb9*5q9vUTuhXu6T{)ZA0Eo;?;$CZQ`|%w;g%E6|X+T>ld$`yzR-G6t4lE
z?|J48@w(uZVqMtt%#P%(v2p5pX@h6y3AefP?*GJ_ffq%Qc{`D}y?CAQ@LzIsUM}i*
z{iVMXoX2+|?_lw|L%ajT%O!7D@=h18H^e(xydv^;C+}+U`r)}gTBlw9v3TY1Y@BWU
z-0vvc=MRZD5YoOL@v5kOdr|vd6>lh{eJ_gFK<)b$d0&b*9MZne#A~MZ?L%HRerXz?
zCeK%+A>Kx)<Mq->-oE4=Al`V0x375p<n2#hjd+tG-l^h^lJ{-$t`~1Q#JfhkY4Q#v
zuV1{`5bqK37Rft^yg!RKAL6|(Ugo>O@p~|NOX4ktc>fkJkGw<3+ji5`^%B9)*+3>Y
zcf4(hI$kd^@(v@fRJ?R}zV8PQ7OxUs1@>yk@8RTKBwiGrYm+t7<@3esgXhi%N0N7|
zczN)u4N7dzYZq@2UM?JK-%;fKPP|rlzUPnMiZ?kGJb$>qfw1<zD_%D|-+cU8yj=WZ
zqq}ZDmfE)_zKBng=Y!sm@mn2rJikTo-1r?&-mc>Hg?M@5m5}#c^1dfte~5Ric;)1s
zKwgu010mj};#HA{w@F<d3+w;=;tj&{%}2L*weawz<@JKM-%NV1iZ>kMy(nHYd3Y<w
zq_-&EXh?s*60ei`i?;<#dbyjWu9q=*QS`%Y?)caOb-Z4B;MJkXjt{)uT+%yCym@$d
zDJZ!)?>pjUz8}0kgtsnBdgqH5!Ty|KsLQqD#o)R1jJLr`dL81Wg?OvPD<cnYuaxwD
zFJ5|x_oR50<l(J)lHSMSWrTRs;?<Ccw|z-^>*J4>@M-dVkQw5wjXIv+dh*UEZ-4Q!
zLcG1jYa;Ig@=g{nJH)FLua&$D$-7#-oDlEF;&qURKc7#I-^1eNhIsdj*G-=NEt`$4
zt;au!7lnsIHMzO<{EB#e@Jdl-#~c2vH|hOHykgw%J74`vyajl+U-K>_Z<{Sr*Ngo=
zjBArM(&Ze~S&rEkv1NP^9B-GCS1Mj9JR1kMIqzWcvf)KhWbM0xyi3HZ2x(uvc*WGd
zE6Mx0c$FdEZQ_-ZcNKZhh*t&A`r$U$-`|N>0neRJuO@FsyylSheIVX2weK48GH`K*
zPm||^mJn}E)LC0&iH47ncP)9li`N?B?JV9TdG2p6ZCzA|*9I>?(FVJ5<9CdBGw@n)
zzpa-WsC`$6HyF~sM)7K=gY|qPc@Ky;6yn`0UITfn$a`J9VR*jdV@$kec+o_EZz69|
zys?n>eI;HGweJ@4w%jsxy^M!=*{I|7(of#4<dujw0nc~7I#9eJc<y|4J9!s~Hx<&p
zbH$sW_T53=o#IW0c(;l-P2SJRdqKPzc)t04PP{pIZhr3~?=$h{L)tehUgn3vdcKFe
zP4Gv<_%wMwSb$fE&)sHoYTE{=<N3{j*M+a!@pdnHdx)2p_&uv-1pjkhzIcPwzWd0l
z6fYlMuEWSXUc3=_#kk+vcRzUz;+4VkJ^x-HUgR&qd^||rE#kS~%X3Y1{r#DEQFyiv
ztbGrWHzHnb$oM@YUIBTJkoSdnb?|)G<8$H_!*f5ceU!Ydw@zIzO(E^u9Cf^2>ZpB>
zk$0eY&G3B3$A029!iy%x?^ooVEnXYEJU1D*b@Oq$cwO-765emf`>A*XA^p8dy!4NP
z`TZ?<_lq|e;&qFcMcxzSy(->Ni1(s+x#T@b-had!4)OjaUOstGk+)TD>UtRo@is#p
zua_e7o+d9Qp8Z~^@A+eY@k-#i=Z|N|J6pVQc)sJ~bn&X-x#Qzm@~#(e8lIhp+~(Hb
zHMyz%ZG+c~B0C@afxM?thfkB|=NudyzWxr1S2z>&_j&SW#EZi7_4fnu%HX;FzChka
z+oZOyFr<C!p^oRbiQ4xfdHaf249|@jh9Q{?#p{5F(&h1cnY=T^i-mZnh}TWtE9A9_
zR|3yBe%FfEN8|Szd5?=%0k6h7n%G?5e<j`&ynHyeUS22fJ@E!Z`a3CJ`d@?bdxN~l
zwyE<w6yj|sb;BX!vK8uh9b{p@Ze9JE_IrqU<01QviC04Xm?ZCX@g_pNR;il|sk>VC
zTTc6Zm-hQh@uuMUj^BsGtAgjwSMQPcns_rI?R!bQ25R32<o#2;*${7Dyk_z~ByWf9
zQrF8IJm2xL4eEFuw83-h;3M*m6mJP0{!4D|_&8L&AsWAr$vaoPbo`#K@A~gd@h0Gv
zVy||*eL~*N;^o5gweLppay|*JUp^)8Iq~unzensk?E3q(crkdkUu)mr$@^Tqf)MXh
z@yf{ijJ$24sq<S1&$pg)P-kt8B^q7{&#mWwkavuD#Ub7i;?<M)1$mc?R}$j=P`p<1
zz9R2l@ybHHF7dj_`zLv$;#I&)ON^1-xcmq42I0B+{Wp1EiB}2Fcf5Tr-UvK*y!{_}
zn{A&uzqRoCJ?+avowYTVxNiZTy@!sizyFZ;9r3agzt`<ZGi>{|cxitN`ukt<&J-^v
z#H$uBle}-pyGFd+5U*Lh9P(B}zpWoOKfU5bL%jRM%OlUdhn9I$;^l>SZ;4k(-U@2p
znmeS<Z+?ikI_h|SW8|$#-frUA-!oXd-R9<ZC-KVQMNwqyWi9fK60aDZ@BC6KUOhZ_
zep!dSdhtr&;a72zn`_^B;<dtauOF;S-mT(Q!YfK@!SUNJ-Uz&2)LDPmC+|t|+C#=~
zK)kxY2jjN^c^`?_6*7MBi`Nd%jo(J(t+iw7dg+1ZJHMo%j@L^sJa>NCn7rM@8-VBL
zz=qM~oy41j=gxndl6RtbgCSmpcr)Z}M&8xp4TX%~kHwp(@!NvDKJiB2`PScq;-$|8
z>(9Lhp7sCF;!TG1_jU0~;JNYJn%ehY@uouhyC_~cJhxu9AupPjx?W~Nysc5k>!p^w
z?Z_(=Z!To~4im4L#&3J_8pVqw{tm^~o^5XZT`b-Zjo*&s{X)Dnc=mfOZgbvU;*G*v
zLXn*hb|UXJ@hU^w_mX%cp9S-~3wcZ8Rl)O}pZ_i1IJ{`0eY=tu-6?f`YvHB4&f?bf
zcWcyHjwS9}faliB?&KXRUOhbD`Sc+1GCmK^r+bihiFmys<5w@<06cem>_y(~;`N1i
zH;Xq+-nYnmQoR0<@f#3t44xameaQPryulFfeeq_<+n2m`cTSz(;Set!bv(aI<n2%1
zUgC|y^F4p;CSKM*g6EHKlXs$clknV{v!&*8g?J_K-25I$-gV+lg?KIEm6LZ6c@K#<
z4bOMH^@vvmFN*ft`QTvk#>AV0my<ZAxW6xm*9_0jL*^Yq-e=;aV=~;Bu{SH;1oihY
z@;2Tjb-iT3^PT@PQD^&!*-o%c!*l1q!^zu2ylQy9@yi!)YCaghBgs2fyt<J7mWdbn
zB3Lg+k#~`J_3-dta&u#OzIYk%3Q%S9aSVCw;xz-a<J@h|yFt8Sc%>*Z?^yC46|WPX
zZ~S`2Yk?O{c*m3Xx_CVy-k5m3<b9XCFU9MJhyRkB>+fgcjnVj>K;8!Vsq1eTSZ-1a
z)^-N!%#J1QTY^`OY~$zN!`H@XH}R(7xi;BDUEWE&sxO1}auT)gIPqpeyraacCGTYN
zE)Z`v#5-5K2J%iNuT8wU5bs*?n#ntjyhp{G5Ak}%Ya{Or@?I5h0UrKKZf-ta6t5Fr
z0jg|%&m`{)@zN51pXfm6&51Wk?K_*itX)&rUwVkQKI+VlC3ZAH-Z|v$EnY^5w}*Js
z<ef*}_r%K#@s1U5j=b~9yI8y|co}Z+aO=kJ2jVTli{gHpj|<4VMZDY)?`PuW;0;!t
zcOiMd5icK}tpm5Y_We@47`%2AS^F*~?{)F2LcB5Y#>u;cynl(;2G6z0+UW8Z;#DsM
z=a);#+kCgw_17NaZHzjzW404)b>zAC9JhJgU%U=@zUz&>#cPD;t~V~H_MIeNKRn-h
z`JQ-V@S<ps&BqnwHHtSB(%*~4o2UL>N#1SZ4TpF)iMK@FRpbqdHxlCgM!fWY2J?G0
zdGClf3eR``dsDnDc<%gn4S8RSHyP5te~MQ^?Yow|&38{-e^Vje#;D`<S5Dq_<n1Tk
zbcpvY@v6wXfxIg5W<tCZ#H%ImM)EEbZx){K_-GKX0iHWPR*`qNcxj2hf3{=PHg`U_
zL%dOH-%aEVi)Vi??^`cVi8leyt(RNKn-(uSq<!y-m-eq<J>N>+YS;;0eh+@10bbT}
zPvie{{aq3-6J9Y&?0j%Lc{_+#0MGj2Hs@`FFY@{;gV&BC^X?$;5b>(v`Q|q!-V{7H
zzdtAM4Dp)a`Obf*h*$9M;QV(Nd2Qmg!t=fUa;<n3@Z9SM_mKC9c<mwH1LD<@cQ1Lb
ziPs6w&4JB{%P)!70?)?9=Hou{z7nqsUeut(=Dg3vYll~d8uRWaFK3U`^*0>SzD-eQ
zb}X@<C2HS;<Q**D2t42X9w1)&VlclCk$1j$<00*<6)zv28^1@$>kw}Op6_^DC0-Fc
zcf37H-tWbmh37jyo)oVEo;yAsBX3r`H2j^u&-+NcQSyF8-uio{&TlR}-|LBMqmJh{
z=l_D&6MsYA9^zFd-bWy@ERyRvU%U}`Za#iXUb%Qx@O<m#Nb$zu*}Av&`~-Oo;?;)q
z_X6=2sJ~B=cdK~aA?<4yuj}ieeNU11lz8@j62AUEF5WPCPm?zz-XJ{R>m?tEHv`YT
zUh)iiEA~oVFXQmsImPBUnNi2<CI3Ic{60(GPU20#^R4Hoct!Bs@$m=pO2wOpm+2NC
zweMi@+Th`oxV&DTC+|Y>>}24Zk2>*&;JNkp0(p0eXYZep95ZU)t>R77_`OKpuy~p9
zeDnL1cysXF{Ju=y-^9xc>F>wl6)pw+eTBUB3RBlhA-ov+={DE*wNS_Fr4rsSitPA(
zjlA8&Yk=nrGhN<EyzKu5>+f~)juo#l#48goO5PjfT`XQxi1!2W3dnntybkf2L%dbu
z6_fWCc~6Mf0?&6n^lR}-;koOfx5@iZJoi2&HW#+J`Ir)~n%eg+d24+ub-lEQv@Z>H
zyk6?4eeaRCvv{5Ge8<Q3;<dnY$Hxccm5FEXqY{mGHKo6Yi8ltX4i&bZKP2x`@h0H8
zF*DHRi^MDXU$CA(BJWP|?EPDu!QQRnm5}!_dC!P91+U(q#OCbZiB}G<9N)NDe?KAb
z3-QV}_Me~U#OwYhI6r?%-d203u9qr!d9HD|b?w^>b(Uj^`^MolB3t|ZPF|^aE%4Cg
z<mSAC#Vd`hNM8SaMqYz>o$&ILTF|}=#A|`qf;wy8KghdFyb*Y=O~$(1DPH<&E0Wh&
zUy%2#c%$%q=Yt{fvf#P%!B^ycDc*QU`#uvdpW63N@^bb`o!<#~zUT8zQD=RR*&tvm
zg6E#k|4rT@;?0EgHzr;!_4ohCJ6pWD5bt#Hn#ubQdDn@z5Ypck@j9u$|0S<aytGaH
z*Dnu>HwrI`akTaK4S9bRFB6{Cxy`M=55=2<=gxnttr4FqyN+6`D0O}d;W@)hm(x&Z
zIc8tPR=Ikxp4T8RU%VoCzT<aC@oM0?@84FCS1w)|Jm2-{k>Yj3t3W$#{MIDzBJpZN
z+IPNq3)H@~$h%FvCV0N%<0kP6)(DP|b;uhOuMM7?0~>dje<NNsJeyDJ@4Do@C0={T
z`29(|I(TmU)+f*Y!DxOxtS_X${}FGP`nv&nyNEXguf#f<*j#^iK%M1S;_LJ9#*nSQ
z8<AHgUSw1M`SdXHhSGxb>Bi(;E?zo3*CuO<%Rdxv0-l?XP071oyo`|cb&EGm?c0pJ
zH^j?=XZv-VYu~HlEy9bU$i{CA@)pI*h37kdzY;HJMR5FXNnXx=sq3W>Ud%NPx2}Dg
zqRz6ruM*xcKDYL5O<qjAhLG{wU%c#<!TfGR-dW-`h4l9{@e1I%^VN3bT`!)!Pg5@X
z;WpRbYs9OASB)a;ul-xER%i40xOn{`?faE@W7NJK$$Lk<5qSC7kK0`P-V`r=&ER@y
zC-TzvPo3X+c)shGZ^UbZmyMlTe|I5o7x5P1`L1_&Kpn4_9(eA0cUSVN#H+<lT_3H_
zE}tOYLV9rg?oQs-;?=>kez?tfKNc^t){5l!GkcKth<Gg_-UH&5lD8Lme-f_?p6`6{
zig@ktqUeOp$G6D)w|Kqq?E5mex&D4B-T=Hw6q&aVd0XP3;pdNec=mUJZgXBX>MX|+
zceJg&BGL%QynV@wiI=mvzrXv7mxh0!)b)3N^3E17FT^`tygc&0P2MW;3gNjvTGw2@
zUc54RHgDG71Ihc9ct!Ah=jT50D&gTv%iclcy)9l@NPj29>!AJ~Ox|kWPMu$SAEavR
z*KMx9OX3Z}%f&jd{vJZ!w&D$jjNg{1Gdq^p(d7EU_#H;xVd4$JbC0oyy7qlXycu}I
zxZm1$IC*vAEy44h|IQY#Co?$z9ZB9z;-zij_u9l8BJU{jek)!EJl99=Z@+jG@Z9=4
zhP=1M%Y^4Uzf6cX4KJD)zhlW;^MKU#V(-)B8^6_2$Mc)EK`?&Dledd_(GYJ3@p8!f
zE_vS*FF(XPR=h&;P9U#Yyuy(2yIj07cy9boByT{x7(AR(lbf6C$Hc3LXXkNS&nJ=h
zzIc@(-rM30l6NwB>mQgpzxF;?_PT)ET>I8W9nWuM!xhP&cb`gLp?KZ!oMEQRyNlNj
z&#mXv$ormnJ@9<rza1-H7d-2Sjo%sMHHtS7GJY3}HwMqm$C>2aBHmbt_cQUb@DFu6
z?`-n=#k2S8@*TgAh*t$Kn&|I2<h>)_JUllCJRfh0*9_0i$9d%aN4$j)?_c7zk#|0M
zIkD9Bw+PR7e%Tat)^6M^Z=LY$II{V@fV=}@sh+(U;p^|dsAI36+IJy&7l@Y@;+-qr
z5P27qcZYcCAzp`gqvTye-gDyF`?2}@`?Poy<XuYMXX0gsc(dY7lXn?;SqG)gM^=cp
zKI(Wr=E%F8ynV#W4)OLBZ;`w!$osx{IU(M6#Y@Wyj*lzJyGp#=5U)wRO!BTG?>_OO
z@O;l7cZ-(;&z)bcChtY@isAXLPe;V7fma-fA8*%?H!of}Jm2yAck#O6x#Ra*^0xd=
z>Uyb!=R5ypqmI|hAbHo3cZhg3@O;NdOuTV;?)-NHd1s1O8`9ru@usMKH<H&XUOhbD
z^V`+pEx>cnZ>z|AP`qY%zWM!yc+ri6`Mrs}G4VR!MX?Ut=Em{`@v7m~p~%k9w~)6W
z-XJ_@nCbFA#2bU>=HpiKat}^jFGKKh4N7dz+X8i#V~MX%!mCEM_T5h2f#OZUvpTmq
zZ$H$rSF}m+{m~udoi1MSmj2`8WbrCD4UUhWllN2c?EMd;u5q|^?Ym06dU$R=?jr92
z@oM4OzxnPq=iMvb6uh)`;^TJ@c`t~UwN20_GoAOGc+=Yk^LsCOe-keoo^L&WEZ!Wv
zV(ic6_dfD6OH$WMKD;8=S!&-psI#`l68Gh8w<7uX_V<%_ka#uleCOw4@y6k~^Yeq`
z)r;2@(!TS=%Z>)^dx*SWh&KSw_UpE^M7T@5VR)0c&&KZ&@}3oM37#F7Zgbv{c%9n^
z*Qbw?_Yd*XxAh+%e-m#Ao_qdyjJ(`KQs*}lp09mdpw8MFOEi3f+V?B+ju0;gUYYAG
zZq2am5b+k_&EV@ce!n5_2jbPjbA~xCpCjJX4#Dy9Tk?J;UR{WHop`h4JwaZ-c=hmn
z&qt4lw*b#QA3aIl8{##?^IadjDqeKQV1Az>?_c7z!t)((Ux-%>&mC`1leh7qsq3XX
z#LGmT%}vZE30n(!&ycs5c!ThK<F}i5WANPgJxkuP;*G-djbE8~OEi9eAn%9bjl=Vu
zPcIZND=#>oK2Khkcr)<a8n$tA`F8Qj;n{I%$HxogJtN*MJR29cIq!GkRl#dVk$EqY
z_o;Z<+xdS!JtN*6yo!YPGI<*wmbzXF;rZrcUDWY<iR~2h_Z9Mr#VdyA`e=Q2c^~o0
z$a{^v^TdmVcxQ=MN#5(^wTo90;@u!#4S8>nHzZyuJm2^|AznQ^cfNm<ypO~y4{6`~
z;<Zxy-Xd>poFrDmxUaOq$5sK)cl@qE9nWtEJa_!QO<sX`HSm1L+b-gbz;o9x?~-?d
zc#R?LJ5IdF&O!U$Bkx-ATH(1hXZ?5iC*l>rbI0!o<UJ~08@zOb5}WgS#VdyA=J!ML
z{v=)pJl}l0B3=dc_apMY7Ow|hzH1zAUHkqiUJJZN+;8WXkICER@YMA(4$m3Jy1WDG
zEXVAN*p_JgJ|XW2@h0G*Dap-whlrQHOK`pRDS4NOmlO4057mn|4bRQT-^sgEygYd6
z$<_t^y;ZzL@;)PPM7)9!?-}tj^Mm&NgS=0~D}q<!Y2RPO%Y*0M|MUy;HasGAe!Jk|
zTf*d)mPqTO&T=gAdBv{5^T$`@9U|T!Jm2`m#OsCU=Hs8_oh{xlJl7^`ip!^qHw@1m
zzyBt0m3SlYc(Ze(ZMP=s@X+NgtnTNiv;O^m)!pye?@kHZZd^aQQD-@3U&J<sepnOj
zxLl%sJR{ybigN7%iOqTMN?qpm_<b8!gj-klXW8#O_Uq2~-_U;N#LI{0o8Pn}<Le54
zR<gVmqVCKc6QAJ5_G@FEov3rqM_px+$W}pFvV9w&&K?s>+?Tss@cgj`?y&o8zV{Yy
zD8$=CyefEZ{jDJH2=S)i*|@mP_G{ZA;x)i?<F_Vxr-+wvR3x%loLK(9^G+162VN8v
zwhq=JuR**#c)t0#P3j6zx1MLeH_3iSX<RaBzrPkQ2G2KdkBT=9&*sVcu^xGU6t5bd
z?>gdH@#e_OB<~~f8sPn4^`OHjUEbaoZ_&mX>)qP7A$k8wc#fDk2FIp5SwM2$7vkmY
zxgt`tBJO38w+_~kJ>0GP{$ugJG#+my>dcPe!?xyqRwVx&iA~6hCOp@^wB!B12fwv=
zIYq(qel~drO8fHR;a3Zio3+Wd{lx2l7sc0Y{5B`ATD($tcD%XGc_)cCNL~(kKN7DR
zp6|SNiFi}wZAD&(cunw*aE-&QYu_sIBKrpCp<MEM#T$ipy+g>mPrPDyO^NlgEqQ+w
zuc8wFj-01`&x$vAK=8U~l)O*G8-#}`OKz^Ie-STwU~v5IK;8-*U%Z}2;Q8h^f;zKf
zi9Hp-iz3^4$s;dUyeW8RCmv%rX4tlccopz^@pbcdChq|8N>0S<e#=7qf6m)iyd`+e
z=$Lu=<W-0_5ARlwcZ_&V2d#+ICcNFqJ4?LQ@8kE1J>F^J&3q?#-YOukS-dWIw|TtF
z#an_`l4#$a<n@SGcv2*SC7s+*y1d;ZUaTazPAnwvIq_QI?UK}j`F&cv4tS-gv-#MY
zytl<0fahB;6XH$5n@@N}<b5SxPL;oXpNltkNYLN?$XoyD)Z?QR-d>*mu8lf8EO~t7
z9=ak@ooHV%dHLcs!8^|5?I>O|Ja>E?K;BW}jl=uQ<CTh+ci4*L`&h@wJ6pWrlOvJy
zJl^Tz6&)VDuKXSHt`RT)lt^Ti$7>cZ=ZF=__suII?_TkS;NcQAxuJA<>k=>f$l$u}
zQ1V8^n}PRAQVZ7eGvbxPD@q)1rR2?uH*l)|dgvqZn#+Ro=@I0m;d%wTNnUS^!o$){
zZmz%Ih}Q$J3srW!m65lFc-htd^Zh2MGdqS4+hRur?K_&hy~Hc1jzsXIy5#2Cx0`r1
z@G?+k?JFm*T)gt?NCbaMmE4?nq<Hn@9Y@{;;?;(D=Ze=vUIlrp#A}APPqKBvdbwV_
zR(S4p+wYP0ka&ae4)AzA;!VLr>GJqhk~b#aB8u>q63Gpv%i9a$6(1d3Z+xG;FU8A0
zEfRS+sRjN0OuSxr!>F_Qts-xO^3?S_3GYacmw`HKYb<eJ?J>di?kVK$BVP1$|LaJ5
ziZ>0<t-osWjuo!}-g=()m5Db;-s$Akh!=xr{c@Yj%~DqqQg^S^m7)$qoZOt(CGA_J
z_MJuTdrG_tc({yBZq9pLytMLQ{A$U2OT4NO@842a6Vl(U@%<H_|7ua^UYoE+y7q03
zI?FNpBDPGl&mC`d)V_no>w@RI9y&n08hCYZZ9V^hyc+T5;o(o5lACMasp5^pv+Hd0
z>dCu7y!<n8y_D2~{{B?FS@JF-@0a4$z}wH`JtSV_*r0t4<h?0gcS!rj#mgq|hvY4a
zHwo_?Py4<SuK->(>TLWP$=d)IQ@mbEYW&Z?8K}d<lIx|N+V>;!b`q}=-nTvNi;C9^
zFPdmy6L|-T*9mU}k5??-7(92r`Z0MYi`NIwcfP6=Z<4%b@~#kX2p;~lGP$92d21AJ
zhQ{wF<lQCS1iZ|o7Odw^@s`MIA#X^$8F;w#Np2`z-kuOI>$u?ikDrn^AztB`e(yE$
zs>o|4Z%(`xcs6ftbM5;?ydHRNe(m)JtFzBn;N-;XxgFk~4#TbU>?CG6mbkAUUNN#A
zA8q7qE8Ymavl5T78|Q5)-W)vl{m0M9`;K_|z;KD0+?@Aq@j8wVelFfl-WlSx!OKr-
zLHkY-FIo|d-_7K;iZ=+)cf4IKUIBR><lQgcScumxUNL#Mk@pAjrr||B{r$aorSRPR
zc9Qprcxm`%+IM{XMZ6Yxb=a@1mpjQ@7f+(R{wm;Y<Y`|z>hQ4S`kSZzc9FM>c(w2f
zJl+oCEy1%oYv0}E9WGucJm2e`CF13OH+X*QChubL2H<VwY2OdTD}m?Q_Y3mw5^n;Y
z?|j-RUIRRLKIkEDM7+6>{yrmKGxhfY@;(tSz1IKw^Iyd4gy+^@FL`TzH+8)fz{8X!
zH<T`KtE0|xEdFU^g8KU~dAo{N3~!IbW9-IxdE!mOtH%AdUi!!@7q1>3USdmb&O1`P
z*!P0-)i24rM7%M0SxGHuU%hza@Z9xZKY6!{Hx2Iyk9V_pv+x>GXZ`&(dC!QKkBh4x
zc)Z_<SA9b8J_!TleIi~Lyz4#QU&PC=ToLKViNxCXIC=jQFYjFc_aB>mPu3Oce8*81
z>cA)0)zpc>ar7kZ_h9i#;rY%R2Z%RI-c#hABVG+W-+7}(yajmfyzw-7KNGJ7-nO1`
zzD~U8_XF=4@*Wef7v3Qr?_u#O$a|K&R}$Xp31c3fZ{3fI*8<O-H~v80XVShjyy*B-
zPy1%Y8-_QGI$KxIlef+Zsq3W;UW><Di8?$ixn7!23cMG{i;9<tCrgmY%?#VN7B5z{
zA~JxlTl-!l?_1(E!CSQ~#Q*2K0`V5$4JW*p$tx2t<9z)6x0@W)JMS>@22RHF{u=T2
zy+Yo};+0*1^NPo-6fgHQv@hYkM&4!OMJ|d&eiZNO^8a1?8pNB%4`JQ!zr0S~P2x4d
zyWQipiI;I!@O}?(koTB)Sr_})^TXm*ogJLV-z4uP@$%sHtr;}X_4j%48sOQ#b!+S8
zE%H7RZvum7=X<v~?|tzq8-nM-x5-<rGWGZ<yBzQT<1pMhZ%MpCc<#F7UGjDkuL_>;
zIy;Iwvtx;Ujga>qdB=%Y5AVIiW9-JY?<n!c;Wa0oXFeeB3h~OD{QYedul$EWe?KJe
z0r9Hg`TBdWcva+mMBcb~4I%A&S-e{EJ|=H9{9Kc-+gn1sCGi@_`-HsR#Or{EyOW#C
z2T5ILNZrX&*M+*9lUiU`qR#AC;=X3IZywo>5ByVv%lFxO{E2u4SK$3f5|6PP*S;&n
ztG_gOzQjM>mh|owuNI!~`=~DQy5Uu0f7U+y(@#lnM7%+G-?oM&HrKvq#EUcruUp`s
z@=1Dg;w^@FpNLlquNeEZ_TiuINO~LLBAC}p(U1MFJFbU1Yilgg?iP5_gon4*PkMWc
zR}b&l#AEEn4BPe)uNNMk3YXi5w<1q^Cy6%#&l%>p+$MFSsPoO+wX)x=%Yt$Fn)drk
z@v^UsL~zNP+}wU260e-RCGy6^tB1ETsRjLbLA*A2?!5ay^5(>Agtv~z`$W7>c-g44
zbzm>}TR+TSc~a^+Xn{vh`^j<6m%3Kendde)E<2*max8I2KlU3%w*BI**pmA#6R#Uy
zZsIX^<GjPfo1lKIAn!-w4a37zS#opUCF0G&YeAK@Z%y*<6)(Fv64@rH1?}q+ul`5D
zIIl(CGvXD)b8Rx#<&UK<hC1JTtW%XbZzZU62DoJ2P3lTfx33i>HuspFP-i)o_<Ae)
zftLW5$7Mb0$9KhRY4-m<SGjmo@S+JXle|mB>xSq1zM@{d$mPK}Z%E$F;thm&H;R`{
zUKV+ei#H1I7@80_e!mj00N!Ncx_A@vUQc+A$iCYDdgqvU=~o8pG@HE7rF|vv_Q5#2
z&9(1S@!H_I??X2yZ>^J4*HsfdXPD`7zSK3N?m)Lws@oBD_Lx}Wz9H<_t*b3*zsHL=
z49~X?jutPoIami<lXt0j6Y#p-pi}!U5-$&)z5ZtBgKfyWDd9Py0pF~aB>H4GZd}^L
z8*2$(SHYj!F4x(4_fcuzAUxmr^@`VdO)!4=)6S&#l6Z^oeAlPXi#G?)+GG9Qk-SgE
z%eXcY>9CF_HrL-7@fP8^_t(Rp4kg?7jd<Pg+*lgvylqZNU4K2O+t}@t>T*zLkBKGj
zE4?;Y2lx|;<bGq~4TX67i&sq^e$_bXogv-?yyNXcDzUkKoFZN$yfk#!#<_sJE5*yZ
z4(}7>@qQ#;({(E%g$Zv@@@^Hc?Rx+3=d_F0e?xFSC?sz{ygqn%X&|||{yrw&G`s;+
zS%3E??<MhaZt(wJ{qy2=v<2-eBJWf2is1b`*}7m|+3$JrdKrN?lW5<5<fWgQy8b5M
zt)hkM`nv||*z3J<MPxiNAI0QtC0@<XB9Uu6?b}Se#`fUnZ}`>V<oY{6yg7KdJGr^`
zohEe)sI%kTZLY3L_M3ZCa6Z7Vz$W+GE}p%3Rq8O@I`0PY^5I2szpaCV$$Lt?Qh2`h
zJuY53weJw}{w7{UNc%n(uZr4t7<n64r>=u8c)s&cChDy3F?`t849{I><5wh;<99%H
zsy6`7_x!dm>e%Zf55Iz#^iCIV6rS(<-;>4bhv%O6@hfFXZ<ToVN6fzYy<WU&c=*!t
z{Nh)RlHQ<rrSNt|o!i`c`Av0de`7ZX-~S#<-d|8>r$zU@QzN`{9fn)yy@xs;zgBp?
zxZl<vegvIt-@2!zdNc5L_ju{3W3S+rpndp}Q_?FDFY6}%b@74XHNtc21wVpGdKZaT
z5aOLLUORawl6Q}IW$<!5{k>DXUh?o#d9r=)h*t~Gx1Qe=Z<sv16rJ?eJ3VzinnK#Q
z7V3CDCdoUMydv>B;ce~d?_T1~lZThKlkGcAyg_(-cs%?4H*Q~gM{vBILEhEk&4qYB
z7O#lBGs$~cyj;Av<~!c*7q6DQv&owfuN<Cl{9Y5U6P{bo=a9F~8L9JI56`z=R-%r_
zub;g0$lG7M7I^s4WO6gZw!Ot0h1Z3z+xg&p@=g(N9^O{VLi~TuJ5juvTZ8$%fV?Zk
z%e=+^ddZK(>wp(cwC_Ul?iVjF#IxVe<MA6L?_%=a6fXwP_0f8q%r&X=R)V_B_>e6B
z-_`v`_B)0By6-FS67I5RpYJSQ1-uPC-u9?7JC?X_mOQ*<nDolUtA*#DBkZAO*mk6N
z3*_OYiKO=<@#^7WsU$b&T_RrOwxGZEcVSj%{k>1TCV0*;)a5s%t{HW{^Yg2yv&Y2j
z!PqirzxdXA`99n4qIg~Kik2S{|DPGQeI;HtJa_zFMPAmKsq0_@-lcJ3`Tx#aA9a>v
ziTeuRx$gt6Ca*}mvJU_E0eguzL+!)2n#um2AYLuJ)e~*78`r+8rLGQjdwJ@9Ec;!;
zexs<f^F}M}_dfBu;rV{9cDH!Bw+HLxdh-4#UO&7%Py3z~FCSh(qJ8+*COIyjiZ=;w
zGmkeTUKO?PXXLGQR_Z!ffVZB<+gj?<ZuQsgCv{n<^NruPP{-@4mfD9)ykvi?#f!o_
z$kV=)#A~4O!&5}k`>A-f@O<ZktHkS}_F?HHy(h(M2=NBQ>nE?1ypP3e4)N^w40-&9
z$h(ugP0vo9-!^zFJ>$0_>ew44uZz6H#OnxY-*?2DAn$JSP8Y8mp0&emF0Ycho{;@s
zFZ-RQ{oYIa?Gvv*#CuS@Ir8o!??v&3Lc9_27RkGxyidg&g_rII1-EWoX2eUwVsg*Z
z50aNwo4O9h;aQ#AocE1*ndCi0-ge?mg?L+`&g@uXM>*s@Lf%2*&BF6tui5VpvX@8R
zqvTbKmwuan-CrtonW%GPVNG_qL+Y|nw`QVGT(?TvS4i#q6}9gr@p3}E=f#VW_Z#y5
zEnXC!Z+^cNuZ+Ckk{89r_iE^vJ69Bhcw3{6=cAImC&>H0c*XFZ@QmMg#jAlggF1Vj
zev-UP#an>q=8ET|L+Tb$w~=SRt7N~WcLdi>L$u!^@iK1rzaIO9c-8QtiGKW^ytl>6
zhv!>Y6XLbNbI18Gc}wCI!t-4x{#(3ucom8EJxAV_=ccZMI(TP##xEOnybfmIH72|f
z^1dV9M2Poo@v88o=Da_WceZ%No&MKPPZw_jo*TbW@~#lCB*beJZ<@T9$osi?W$?E2
zjNfhI&B1fme`Dl5AzodG_iOQTeja$QlJ}-~ZSc17v~OIzGV;dB`%=7qc)ss@J`=Br
zyg!k*-g&9(Z!Dz0YoU(UUmtlB<mHPu7t-Gy#hW7U&*U90UgjPC^Gk_%8Mvs*P8=VT
z<eep6G{ieiyeN6^kavxEMIm0Zc*W#Rk$0bXW$=9K`EKzl;JNkuK6%fHR|n6xUY-`O
zg}iC<J`%4Lo^L(BFWvxoe<5#;y43a82k!@-<Kutg&A=N=%<l|&yNH)_XC!i{$J+sQ
zyq^2-3VyHZujCyeUJbmBJ>DVW<=`URJs-`IccyqvAzrn3G4lRK-c{mtgn0J*)7;-0
z^5)39Q@lQS>7M>REp-E^+tgDxDEn>2e%*2T58Cgvcw_Lk_jvD$*A1^2b$0#o1$nEV
zpSrFV;Q7|+f5n@E=Z>SV$lFf5Z2ZtP*VDeOP{-q(aZk{`f0B2octs)JLE@E?_iysf
z5w9}Ds}Zk-y#FJwO}xes?^^MO$@>p^kBQeA;yo<h5_$h6?@!_lhIp@tSJWNM$2a8t
zQ@qI#Z(h6x@>aveyv=<EKC*EVTMf7F`hGFQ+X!{MUi!&fgS`F4%kJ{8zrDqqBX0$H
zr-)Ys55IDf+^kKuohV)&zR91**X?*)le}vZo_h_k6JFl35dWX^n#IfhMR47@7J0vv
z_6@_sbR{?EJtST`JR5&&-#X;ID&8nO-|Ofviq}Qny5#*+yeW8@$=1c^)IOaTua~^_
z$=mvZ)b%n4?}0S}(Diq7)LD)t?izrXhJmsEZb05a;&pWUUxzCeZxAnPxbfSFydQ|y
z4bSS_=Gu3Tcq8O(Ox``>^>yR#-W-No=iMpZI6U`0UYnBlbi#A%ujbxhjEr^Opm<q$
z(PbF-+xTrp-h0x%9(V^Dl-Qg%Dc%IUM%0+M1$is$<MZp<Hv`Xie5{5#vtx<<lsz1H
zTavd&!o!!Aw~Sx-e?FKm-UvMR{JS-I72@T>vpToA{vIRV6nWc__apI&LfUtUcnjoh
zN8VlHm4&pgQ@jkk2<G~`J$Zi+uLj=suCusx{r$aoQFz6;-{yBm@;()>EySA<uNq!y
z!rO_w%nMV`2Ltfd^|Wst)bV=hh3AgnUC7%<ypfRc+f%#&8oyo1s}gSt-qZGkm)P9+
zogm&Ayx8jT@!OreX7RduB9RXqhFj-dE?&kjgZCZWgS`91Yq~!Y*}>!8EndT8!F=pR
z-V5UOgm}-1H$>jI$opKpu@LW5@zVN(_U%L7h8Lx-mxT~-UDWY<DI;%R^7a)k=K=rq
zbD?-0@Cq=_c6{tl-dW<s;O**}kJH2(fmfaIzD?dL@#^92=JBo<FNzn5op&I4zZ9<<
z-ew-}A@N$^x&9tR-s|EG!CS}Ujfpn^&mF%9llNcoM&V_8yhZVb$vcF+T`o>tFO%?m
z{oMg|yk5qrzlV``jCc$1w)eE}2=SKSx%2bk<TZ+y^I&ieFxH(9?v%P*)NSY4@2#@m
ztX~JmQ5o&`8SzTsUFz|ECtel2CDhrvKbpLc#T$a>8<%PED)GYy_q<R}UV207yv@KX
z@w9IZ)bYG^!>dlT?>O@E#mnpUU)Sv@USuFxrxoN?iB|}3b5HwD5HACsTL<4G?;7#S
z;rZ5Svv^VRD#?3DygGPpEm<>Nep%}3QRn-4*&k)U#WXG_(SE-WuN~fLo^hEIuM}P*
z>TF$|Ox_lkq^^Snc)sh?O;E?{U>IIq!aJ3`1H>zQ$nWhdUOs-P<-F6#J5{^}c-@}<
zeqX#!cv-lPu>PJw-c{mdJ?wuSxJkUe$AfisCV3Btmj}<cuI?3Y1fDzJpH1E$#VZN%
zo)vF_ymQE#6|WlJ|9QsmBk`j6p`d#ok@Lt~?}w@DrRov?-><HPI$kdmgTZ;|eDVs#
z>j?377cb|@z`KCFD)GkP`PTCZ;?=-wPpsz)$!iubqt8FTmy5Rm&&}_}<o!atyb$j$
z@uI&Ayi3UYqj)9o_V>*1v*K02bLWFg$@^TqW_UY$yidg&qxM}!-X?g`v&(sWX?g1l
z@issmua_nAE+;Q0-XuKV^XmTM<v$ht`#4vScZPW7kNVFCr-+v}6r2yPB=0)$YT&Km
z`F^HFyc~F$iSK8wBCkul+F$yAzwQ~St3%yJi7~eu_k8p_*>C>ugMPHoe%}|b8J;uP
zTa>z%koK*Q#m4KPHKcAgscQ?VE0wzTkh%+`t^;+y@r=v4sN?llf^nHaojrftK;zOX
zUg=|z$a5a=YVq=(3EnT`M)G>Z%joxC=iDP+?{IM4w2Hjf#LI)Xp{IQ>i8nyrP2~Me
zykdC1b+F>H)cK8t)a6QD3F@%ylbf@Tmby~Z9ha;M+Hg4Pc;1H5j|$Y;yxm6qXcDgr
z-uFD-rQ&5h8+e`M-7DTgNPl0Dy2X&XS*cq>oo`&$`cdjQM}8HF)Oz}nhB_XXTJ&Qq
zF)nveKMKXGg}0f<+g-fE=YsRbJ>*r1*8<OX9y&q1GV<;v?=tZ^;o+sy<mT2(gLpOY
z22f?|;6C#17BBtRk;w0oTClF}5HI@=!Rtf!llMFEM&M<6yx)q~j9<3NPPFeq^8PH|
zB)q7{dtJOvcvffqeTcko#9M;5p2z!IydiiQ3GWf|axYI^e;GKL9_R74Kpn5YQF!jS
ze3ZOH#jA$*eUEpLcsb7p--kX%p1pq&KhF%o%k_BYiPr?rjo+`xYZq?{9)>u%Ss!h?
zLA-8wZv1{jUcY#=@T|^l&U-|>KJtD`-k-!<faiOC=oRq>$$Nsluf(&1=pxrR+`9IC
zF5U>dYTR$@?@97DYD%4t26#t$y!B9Lb}VsU6u&%Hhiu+c<n1ZmFuZRi9%DDIeY=X+
z4lkPUo+htSyu}djc<~0vdxpHr#4GqMe)j2UpS|xC_jeK=o@$r-`z(2PiPr}243FpD
z|0$NZul$AJ?=SyA-qYgE!`s*64NChK;T5CK=Hq$t{wiMn<No90L-7jn%Y5$mc!9ii
zuSi`lMex4%v@acXJbp2F?)v#f^1dxz;S>J%WiJx1{H0(%UMBA}@#^87;Avl#c%$&}
z(#rDqy+YoN;*G-F-{ZB4SO0SG{qJk!^^2D_=s$iR5pNJ)b)tQ*llPW*jqrTO@1MlW
z#xFy<<M$2n{wv-HJm2`)`)u+2w!m}a_a=GKAE&ODoG0;qrS`zY=Hk|<V=w;|{QdzP
zThDKicd&ScPsbmp-nmj&gt|>#5pLan&y@Y<Oa$klcWA$>#4CrljmNuQycoO!)LB2K
z$a_q@26(>b{fEV?hv$yV_sJU*uLYj(`gBg}T2bdaKYt?oZNh%tdijv{yUvxV^E(W0
zg=bt=qK@ZxmiqA#c{__Y8scp)-U4|alXsMO<M6UQ?JE^8@@6p3pOAN%c(d?qKHTQk
zRfBjL<b6usJ>o6E+ty*Yb>5xgWy34Q{kE?DPTtevW&b`fjCJ0u)a9Vg_kG1jvfpa#
z*RAKzX}>F*Q`bQeyp3#!iOubIwdT}y&<@Y$!}?*zyVcov?u0tNPAr4xo3|+H>@hKX
z*w#zlm*kz$oa)uUtF{LuHrKx6np3@Dcw?xs_AQWi8S1!wBk*=gSa##Q2Gnu;+VD%y
zZr=Vy-mR!(Zyug+KH9~bfak_<k-XoFm+?#_@@6F1T>G9BZw{V&pV_a;`$)VQc$)-V
zvcK<(myKV_cI{gtZ=I`B`@00scO0!m9gklDJgc+$_#b(Di<ds^|M%ba5U&{Ce8RIo
z7_ohse@4P{=g>uXRrtEw-1wa$UjEy`&ox#j?`COV#k2nRoxV}L*gL`VQ5tzqB|O)@
zE_ju$akzEudtAI4c<HOf$8RNhe@%E8(&cRd-XV!>H_rP|yt;RT_N9}z$xq_*>)KcR
zoWFe=pw8@=?F3spJlDRp$ty)2nw@-|x&xl?`SM`#I;Vp5l0n`j;`PAut-pHlddORk
zye{$jL%iF?>nAUhyl2H5f_Lrm2*v;B=3_{_A$VOVvEySy^5(=V`Gep4M7+xP0xyfa
zjjv9fk1=?@@ykRV&+h^}cl>Tb-T~rG!aLg2-+jf4ydPW_XOmYaUfzhmeP@eT4bQc2
zbMiXHD}?7e-`^r$9lYYieB_Y#lz7$fcK7u6aq)WL)g`>G$ooLNc6i%)ym!RQ`XG2d
z&n0iomelzjfOnb4TOD<2_<AgHUkSW1WLtmRlDD&X1<(7x58Yn8%;{i0qU0SdUU7(b
zxOh3_?Lc0Gc%|^3SUu4x+@vMq1>)tw%UcoeZytGfCcGpu>i<2^Tg5B?IQYJHXY!s)
zc<%h12hVqX@U(cN@Z9xUK6&qnR{}3B=x#E9BXy;y+uT$4wd{8h`;DT`*1_(y-_5T{
zT~{^mP?FqS8#YFr<yhjLoWBO^U=Q;45wAYP+f%$e^7bO{1o4{S`ChL(PP{_$zD3@}
z;<ds{t_k$b_4j6}YeSu#hur4sZj}ATXun0Y-^ax3gy#%1U4B98x<cySm%8qdy7Zr>
z&TkLueEr>1>Uu-!zAtrsA$8YFT|er4-+x?#I_rDP1_4_c#?M`!#%TN=7jFcf8#8;H
z%ac+!8dA5~wW;GWhPo97B{t_RN&9MOeoLr*JBc?D;zd!%{jDeOQ1XrvZwj7o{gsN>
zL|!R*KNN2k-np)`xOM%#P`p-n?)v2j@@^Kd;zj?z|9hi&(N6-ejJ#iq*8}fHPx~Gf
zZx~)KE=29Tb~JhRey4nWTKG~V(q&&rY_7kri8qZu8tlLUVqQ6U^Wu%a>_3h+Y)#$o
z1nNK~H@Dw)QOE0`;qSru^my9u0pd-=YfNgvyzMJqGrVEcSwFr@-kIW6;^JUek5?^T
z41cUxo$yW|uT{KOcx4{%YVo?^^(MR%$$MD533%Iky!*u~{Ve!C{v`5V5pM~en*(EA
zUX(if$F|*lT(|vosq>qLx>8U3a#6?g+m7~Cqt52zRBB(DcxCW>^KqDX^YGkt>}lj(
zBwiD|!#(XgU%dR!gX_dI$m<Yq6rS(-<M&cGhPop>`+ZXOyNLa^C&uM0+V6YfWxwj5
zk2S7OosXQ5x}BshH>9pi>Y}Lgy{>W?>Ue%z@kh1pdFwpt$3@~5!}E>bol+MIY2WXq
zt|X*xTIxze>ejd+b^OXg>hh(o9Cd}B`P~t9JTBcB7dt*|-CsoGQZ8N#Jm0!MQoLDs
z)d{bGyi3FzfcFzm`|8CjoezHR;fLhiEnd-Uk>#JqJJOvS?htPYo}Hhqzm4P#i`NFv
z8D_ftfz-8!)csHDIzsApY)hTr&XBqjrLGHgD_v))eHEzV`EB?jc;5Ok_4gX_df?&i
z<mUR@EM7Bt&E)-3ygqpACADDu9ulvOyq}OaF5VD4-}lomi`NOyy&l#=-q#7w9ot3Y
zk;shadgGtsb$_`c(uWIATQ5H)Z-*OG=Pl<?{_E#$P{;F8wiuj;TFEOHuK?a@p7tFn
zUJbl%bjsRyJ$aWTJlEfjH~jCrUoT!7{y2RI`!%nPyxXOHc@x2$+BCcM@|4u&qwZ19
zI(S_6JG>NJZ>*yIz9ZfgybO=`rg*jZqj;;ce%wUf|A{vX&z=|D=K8T9UITfzkhk&A
zQrCg~(7+jHx?C)EX(4qrQkRapbzS4gI~8?i#}fB7Q~PeG_FXGpcF2Aokh+|Zx|gLc
zH>7S}>Y^caS*udVFE6C7Nb2%K>W-7Tf{?lfsVfYrTP1ZxsB_1Z4ZWM+`=zcp#2c2n
zSV-M_QdbgE_qEiOhSX)^BF;`H?m43jb-sS=DRt!`-icCI5mI-V)K!Mm-63^VA$3nl
zT{Y@_{diaEYEb7pZ~Pf`d>pmWanwi0(SO9N4{6_KH>HkqLr7hb)HR0Gog{TlA$3<u
zU2{m?LsHigQa2%Wts!;uQr8wzxBktk<I)~dw};eqgw!1)b)6w~7f4-KNZrj+*NwVc
zJkP&3qK?-~C)Udp7N9-P{EpVk@5L*8%l~_{Pm0%oBh-DLGDP0r#VduElQ{SDdFZd=
zwZSVufwk}V<ZX6K>U`9|ThHTVp^p1I1kXLM4wHAFcn$C}J>Guejgt2qd1s2(0?+q6
zSS{WJc_ZZAFJ1?{T|MpV7H^uy?~mk-h&K}AJtJP`YQcPrlJ}8#3-C_%wC{cKV(=<Z
zXY>0Kd24s1&Tqw}-&=t?p5G4g#>m@4ya9Lzd)k*T-YmT8MEhPPuR^><c<5Skvo_gw
zjCiH1uT1_P{5W|RiP!eF|9RmSscT1_+n4Rn<vywF2&wy%)ODiHj$gMq?-kTpjwS9`
zLO-I&Hg9iIKfV#KA0A4QoAbUFFL#aLxO|Je&2CLy2Sf0Duh-f8Wpn%T;kov`O<sX`
zGw^)RzsE`4Y)GBGZ#7?+%!Sn5A$9Ypb7NtH<FdW~F?$QB^NrsVsN?>Y)A)Tr{ry0^
z$UA=T9r3Ej`;feqx23i(Bg9(`b=<yM@;)MOXYsP(`OcHui`PKj$K;iZmj`d7<mwB?
z`AG4a;n}*k_52BWwc-`Sb92S>c8%1<LhA05x{{E(XQZwab=!IR@jKM<ICr8S?)9)a
z>c<D-)xo>k<Gmx^G`w6aNE?^W$@{N(^YDD*Z0{S)?Tf4k#(AE+ZEsIqS84A?BHwtf
zU$#UYd)e?B*NC_8OY-(t?>+zTZ|p5zdwTGEv_M{^cm?o$KhHZ}ycu}zdgEW@T_|1=
zJl}cf2B|9!se4%JVyHXBGr#vs`{vO;d~2{gzh6`Po)@nb-Z>s`SiI)7RwjSHZi&1P
z#9M%OiN||Ky!y3QCV$TKKk_1-sq3ZgegEHK{71Zkbpp@c0Mpiz&Cgcijl;Xw)4t76
z$Lnt%-VEyO_*k91{lshdAY!N9<YtC#-x6;kV`XGCalECGS0P^cwEuWJM!c@|g5zx^
zd6$S+1JAc!>cty?SB-XCf78iZC0<{McfEL7>j&Q2<UJ(b0=$#3U$?pO>k+R3ULA_8
zeHrAvAYS>0e(yQ)rpa56ypP4}gLkNF9By6vro}7ET$%iNcP4o&?nqtF3-Gq}coEc@
z9ZTFd3$GN}`nw@{+l!a|7r&P)Ucm-|mqlKQc*XEGPqe{qTz?M~uMu7}(Y{T{J6*g=
zc)NSNlf~<TSDo;($-7d#R(SS(quX5jek9%!yb2WA_-#&Jmw1El4t5xBop-x<<r}U{
z{@gi-yvM~`g6BKlekI-_d0Ub9hIl0(`Tq|0Rq?tvS{a#4^f#Bhzl%2j&-Kx|?Q;5^
zsq1tQbz9+l<u+Hh2I?%w5_dFat&HTX9v|oJXusQuH#vj9XYzPkiPy2o%1C9x+n&5b
z#Ebsbzpi59&1DDcYDe<U60ZW@F0Qk<b^Sd}yt2&#Zzu9v#A}B4tjD`jygqn67#CZo
zyO4LUcqO0s|Bk*(yz(uAb-F8gPl?wB&v#yXT)ahirRayXZ+G(kEZz*f9X$PgUA$OM
z;O#-)KgG+K^}h}>FW&!S?_A)cs?N2)XL2Es0g@1rO4ON62mu2mlK=sO4nqt<gF=Xa
zijoPppy47!MT<2kB5K-lt3^c(N-J$CqNOcWsv%N}ZKxP&OIv7>(iSbY5owD(Sik4l
zd#{;ymU}8a=kz;0-`DkH&3e|m-~C_Lz4m4HkX3?LEO<R1kDt$F;HfcXHI**V{6g?s
z;?j-*@Z&xqXWIdk+X>Bn87|5lukm((H^$kAi7K~T<F#HGyIw05yg3^040vG|UPR+f
zyeP&SC3yE~yt235kE73MyrbaNqFlDOOz@u8cn#o9bgADH8ZUHl?0W4o!P}+rc7gYl
z3-8++&+w;4|DV~A;QdnLO@GJz@1gxn<CO<u?F|dwhZ=7+cz3wekN<zPoG+WfQ}d-<
z@Gihha$FWu9Y)&k-LL=7gP-KBH)Gd-6@pi+@p8b!avBY4{!P~W{P4r0f@n~FS8L^N
zMY*NUdNp2@dz;4F3En+XT5R4g(s;-FrAGgr`c;CrM&p&9bpN~3%^I(ye`@r1PZI=h
ztHx^u?^>7oJ*)9*^J2%*HG;Qa<Mnwr)<$Ag|8;79Iq)lWDfjnUxt%CiUGG+la(z$4
z&zBnTCb;mrz)#MX=>uZVCu;<6u*TaAUOyLJzQ)VQkFDcV1n+8%w-3BiF1+y?ZyI>&
z`~7Kx*QoJ!{lPFMx$qWhyzD`EegHqNSJw;P291~TN4!7b!ds{Dn!(%Q@TLpiD;jSD
zc$F@^7d2k!lGyrkli>YY;~fR>yDq$6YP=Tk)c><xD|p?WjGr$pScJaf!b^dloG-@<
zV#j5j;1y}Ss`m_|$%R*-@k)lIM&Ey#C3x3ryms)O;DYD`bsSC9cx6LVjj|+reCG&W
zqsD7^-~IRE3pL)-U~E0D7rfOPZv}V@RppSX`aP`iR)dE_+M0hi3*Pe@?=*O2F74f_
z@d}Dlqwmu+2;S=&ukcUq*DpWNc<sYt^;;l#r!?MX@D{tY_g#%wKRh-1d!a>w*9RwW
zd4B8jXTx~Kh1Uyya{iUzKTB?O&NGVzZ@9)g1YTbkUXjMzQX0EoZ4|tz8t*iC-*Mqp
zYrJ;w)cahw3*HiqxBV}MQRl*2pz#ilj9m{c6}(3^UiKMx-g=F<epITl0_Af3yG!t1
z(RfS2>*Z3v7d2j=OJm2!GQm5h@tVQI)QARkd>qkuh2W{{q0b0j*OvJCQt*Lc+!Ce5
zj<;m^$@$_hi>;?kf;ULxZ2<2^m*cI!#%lsk-G|;Qc;htQnZLUCUs&TEx-8azD+F(@
z#`FD$`+aDg#_I&H*09HSrQog9c%|UE9ly&p-o(pe_l>IrZ?neR3SMuNtAZNer&{92
z;|zGYaN_)XNbvT+kKM1XclRV{?<*QFCltFLY8JfTYrIbI+^&aytMOKWSBZMCexDP(
z^iA>g3!RP4Ik-pH`%5&x@&ta9HNQ&u^&!X!s{gKrA9cvFA3*)+$NH@m^;@j*Y7_A0
zYrGSJw_fnRpz)T1H`b{G6IH*}8qXLLd%pIF;BC`*yAt%v>zZFH{H}8;_Xk?JH7K_o
ze(aY=MY(^_csU=s|9^~cYdn8A_C3zyf_K5w@$;Y%yidE-?>zX)aVr21O|k0tgy4lW
z-d6CkU3jB4UjEqFarBhn)oHv|@Z8q%8#P`Pcxqm461)`}?;v=?ys-+Zd2o-$n+4u3
zY~*-6BY5A?cs?BUaES)R+otjSm9g>olHeWDczqJ^4r#ms!FyKlywAjsZ!UN<qqU38
z`wul<DR^7p$M$|j@Cr2Ess!~L06#fjj*9wyP4KEU-g@v<pRt-s->&&>fZs1%+HtE^
z?n#uJ?6upmO_aMq<28CbuFnrzHNU0sgDDzR{a(__?YuJ8sQ1|AJ}=6BTjS+;J;qe{
zsi1hrHQqG*F#z@a`5S`QZFBtiHsU`AMsuS<@h;K)mcp+v>J{tfJos^+kh87v>ezAl
zEm7`O8gC1DZpV3r#@irxI|Xm9#@m&k9cwhdR`}iH(vD`W++8SlDf~E}UlQfMqVYn>
z?#J(o8n5J<*zx;a!FxyJRe?9zrGCHBcp>mO9<1Lhf|vOvdwkWHwt%<Dh3A7`GVCE|
z+amBLI`eP0;Ei&4>bfK&#bey<!W*XXS|`Sy3%n|LwHj|Vcz6Xe8dxWW8#G?yq!{me
zf_IO`%T4vTes6!5#>=mctykX{yeBo@YVi1dnF^|Yk7~RF;I+bu<MEo{y{z$$gSSe-
zkSgAHG~VjTG2Raa?@t=9p^L{D>aremYP^Z~;}&O}@!c<Y=Y2VTJ=lnwH@Exv4EV|U
zQaL5of3FMPFpcNy>OP+fHC`up8=d}pL-3|(yxIi3NgA(tYV3QzHwEuDjkg25TV2Lu
zk;a=fEp}h~W5Ihw<K=hrxL&WV(RdBl#h#!3RPes3@m7H6woY!>cxS;=*DpU4yf-x7
z2Jkk!w6|U3WnUkAZuSeo`-{daOLt!nPHDVpH^i<_j|kqy&&JQcUEpQ7%;yW>C+A=8
z^i(4siyV))UkTo5jo0pTpU<Tluj;1QbAh)6Z=S|0>+W&Ao}8ue4uGe|<JW?>TH{Rw
zZ-&cwJgo6ffTxa+-w57I8gDyzLtS{^(s(Oo#O{-SCwNCR-cj(Tx$q8YyyM`t!jI$e
zw&49u<CXUC7}YN0`+>&WT$^g_amM%ef_L$j`1#V@(_?(zrG6K{PtKS6nX&ozuHc0=
zUJfSTqb|JB8n0wlYV<w9KMLMVjkgoL9GCXqr15HIry3`n_4z%)Yu0!NGd;!{m-;=R
z@j`QB>)-o=_jQd|pM~|$rG8s9UZ46@W05l+e-gZd8t-r~kMXce{a)92t8R{s$6o~R
zeT`R-Kcd5NR6*$g9@ewksm_K5__^Je<-kwQgPL1n_ho+-<zA!lHuuK3sX~#ea<9~Q
z8H-}qyJrP&k;ZEU4~IrHDBdj^uLL|Fym%b_P4GUi@!G+=FiMNn?;(vB0#98h8eMHa
z^1q?+PJ;Jc7v46Fw+KA-J*QXj4r#ot=X+fL&c&M=Z_BN*`<`UMJFD?(`*^J9wyKJ%
z|Nf%!GM2>NPfQiOi@q8^Uyg%!r^~$m6#V3TISpQAl06=2f;UFv)n0&gt&6H%Y&^;|
zUfCU~#<Fyq*G=#u8gECy{k$+;<L$gRc3$ua-u)Uc+jQqOX}p^IV!R%L_f?J82%g(@
z$(J-<CwS^Sm?3ztX}ne7xxFv2N8_d8kHmDMn|XX>3Em$xp3%?a`o8zu8t)8v#~og_
z;Pv`i{Crsf-VT@f(gS{Sz8t<k_I`G6!7I{urTyLeuR!C~JQ(Z0K7uz{<5hv@HlMH7
zcn#p4cGmF=1n)MDw=d7*`unm)8n3oFwqE53-cuUy5P0J7h_0uPX}ku(yGZc9r}2)0
zhba&ZYCUMxcuNJ(FL)<3-pK^*{k6thA$X?XrEiU&FJ}|9Hx+(zzN{9!T)`Wv@sbC)
zw|9`n+bDQ>f;Um)Wq{}Q`@yR;-WI{j7ra|Fo*z87@oms}I|Of#;C)f!<tJ$GT8-B#
zcm;y@qQ)yp(B5xqymrAGB6vqMUU`D{^6!Dk@jWDXg@V`h>+$oYDnWab;U{^=1urOg
zL5(*pL3;;lyiUO@5xg5TUVVc0PSJR01#h_E-J|gqCE(qq@zU_es(jA+Tq<~5G~Ut#
z{r8N<%ND#*g7=!nTalpu_Gmo6;FSs9I~s3&g7*GK;}r<rWrCNnEq=aiOwitR_{sTF
zDtIBmE7o{h60~=S#w!=Ru;5M6csmoccap}ND0t<9cc;c{P0-#(jW=EJDg^IQjn|%_
zz5M%Zvj6G@uTt>7qwx+WXzvb<*C=>b3f^IjcRWFRf2#4C1g}c)&T72Q1nvEc#%mV5
zs|7FTx%l~K<a=CymwG<@WdCgdugp1qCkozW8ZRHb0nxL$&0uz<#yco@)q*!e<4pu_
zv<vTgjhFGc*!SHvg4d++R)gpE9OTm)ZyI<@Q7*4frwHEHG~NmDzU5NCFKfI5;O%gD
z(*&<w<FyQQf9~^rjkn_SvFAS53*KpscL2O1m-_ut;~fW2jqh~9>$^REz9bLw7&p1_
zdc#l77ys&5|J@{bRT^&=cyGI0kB`%M8^GHRKaNMO;4N`@xD>X+MEp^JJudZIpz$i#
zrW#ew^>dxz@$dPuI_h~u_F(t>-!E#s_3LBbi_a3gA85RN;9cv|-tTF=)nAA`7o8(`
zCpDfQUmCdGzx__*?fhcw{-a*-(w~oSZwYt@T>38+esX*dfT!Nayjk!DX}sh@kL&+8
z*I(mhKN{=52Ehw!yj9@c=Tg7X8ZYCq7;k~#P1kt7BKPN9Q#GFN@z`_zMS}Mkjkf_j
z_LB-qKco3=gx?tDgjD%Gsg=7C<*MUyi70os#ybk0+xro_G~OZb)P4MIg7+(pcN)C$
zF7^Al#_I&H0e(C#?-0BXG+rp^-Y;1%#LvI-1bzjYUnTt1G0$qM{;SaZs^EvmZ_%Lq
zZr1#2;8z^=it%Q{kNbq2ZPPc#p2OWO+PgvHtpe|u3vZpqYX<Ku{Mdi@2;Petuc6qz
zy}#7_7Qs)ok;N;W^o{s_ZcN~Jq2{*~ekm^P7_a#?!S7NRzjFA={#%7V8d?cIw)cL~
z-kUYvt_1b_tmfAWzjT*!S83%QK)LGvW0ffPn;Ne@0dKp;J1lq)3En}CcPK$SPHBFJ
z6ZmD~qCuXIj>7MJm-hPLC;RyX>ZgwL&x!gKXuLBC%DqbSI}5*TmvSq#a*Zcr<*pIs
z&e3=oCGPX|Ud=BXepxQ%-mR6}2j%9%kMnB1DEAqSmk%CXqCp)WPinj}@YH;HMDSkG
zcqQN!L}{_(?M01O37%TVHwfOZG+r%uH@NVAuJKlY2b0y_#{@6woAL8y7kIr~cz@G)
zrBB7iZKL3s8t(vjxO9vL)qfYlPtL!I;Neots^61>cZJ4l8s;%xjnZQM7t(mkT2iCm
z)3pfRJdIaA-2J>dOXF?a6l?F(g7<*NTLqqKBde+OvzlKs{O)yW$J1K5J5X*X{5Vg)
zB+7k5<7JF+f1jpZ<86LA_CCY2g7;^Qw;4RH2P&v`yr=QDJ`?MguLxd$+~ml0Xcu@P
z1w*QMe)v(VZF|5gM4s*an&6GqcxS=Gt1i)?c$aCs)8Mr`ysryht;XAoFSmkGTC9FI
zXuQ_VvE%YN!E4fZhrs)u3-8k!?<{z5wc7i<;BC}+EhF8pJHM#$O1>PsKKO><y{z#H
zM&Y?F2gnJk|GuN~3ZG4l{(aML3f`|ZUdg5I>&7oNUg#^a`SNYS^L;yhzEpze_WgMm
z_{sS)4ZMR+|9waB@-^Np{HSO@zRy!ZwYQ(fEBG4j^Kb#f`S+6GRcgGFko)@rV>RB=
z?Xh+DyMi}I;~fBRf~p)+RlkVFD|kM3AODKrJ)rUYV?4$+F5`Qz#%l&o-Pi6Gyv-VK
zQP^V~?-8q@s^3!@@6b0=jp-NL{r9TiwQ0PXN$&Rx-_>{}Z^qjDJ;6Js@mj$9Ossm*
z{yU=a)`O?cgWngtl%4VO&tL5^I$U@L{N((rJQ({P`!&HU)_AAEd(DM6MB{D$aqK?%
zhk`dl<F!uq82IT<G^p{oUgMqqN$mL8FL<BRc)Mym#`j(3%Yzzk-yys&<$N#xy5N0P
z<E@zDvF`I!1y%jNr17c_$HwCg!TYhs>jcm3x!wVdXB>(B4&zP1OZray_!ds}7!g%D
zq^f>@(|9%DZNzr22R|0PK^kv8cmZz=sCfP1M;&rDb%LkfZ~Cd=U8V7MUgvTByNneY
zZ^zNt`)fZFyn2n7eZBjA?M#hV`c~{Z_7{S;R^#P>$LmuSRC_<G@yfx=g%kVlh~Pc1
z@uq>dM!}FO-d2rQ51u-o|4Q)Q(0C`o8}7nu*LWqzV(ZIWg7==r%e}#4EO+6Z)OhQ`
zQ|I$v3tsmZ<LBQN@E&pDrNK|mm-b)Bu48{Ac=;MHG~NAu%zhg0<nh@1yT22>u^O)x
zydszSU8eEY|0Z@l^tRy5)_A8A)UQ_K9RN>_@9za~mBwqtj~4wd^}A2wZTxNQdh%Vt
zdq(4}2T#p8VwHYX^V<NwAGnnJvQ}<8%H4qVl=Hq*l>3gxn{|`NXmjEHM&r#of%B@v
zJ0*A-FU8NR{2A`w@2A60&a2k9W5@Yv!5ggcO2HfIQonqS*A89{{Mg<<3*I#vuO2+r
zx5O&FK=W&W-+3<O&eO{EzY|+uJ`m+TrtwyQ*Vl#j1&vn@ULW|e9sePCyEI-4cy7;;
zzOC`5gXeR29}3=4jkh&HzkH<mZBO9WZ&&<0*a5!_T-tjP{Ny~S7xnX?&D_TNj?;Jt
zz@uFSHEv;z*C=>Ng11299R|--Fr<n%PvbQSUW(v7qVbGc_xB>#XuM{@>mqoq8qW`&
zTYF#9cpC(-tKc2gcm)Y~ztDJ_1utFj_>v|L|LFHjrQi*5>A(Nbc-z6Ng&*g0cfrfm
zc=h19U0+=cKRI7Aeji&;dkWrIjkg87Pr20ZGL07!yiCEHtMT@Lx7dYOr|}knx5a61
zFTs0A<CRA6JvKYk32Oe`ukrevjIHD63Eno1S6k;X-cm56iuV<bxBcDN^}+dq_X~|z
zJ`=x(aN+$#<DK|JY`yxF;B|R9e!kRz=XSh#;U~w}_+#vR-dFGjX}qQ2-QZHc{u-|g
zyju8i{#__|{JZyZJ|6_n?fP$=#@h&<dLDMM;N7b6>Sy6Ou*>*1XuRgm*zY9+g7=ih
zTQ=MM{PCE^+j1&49{mLGC5^WMygZlw`<BLQ1uxg>zy5;vTaDKWp4<KYTN>{;c+0%@
zcnlD{uCK(8N5)+D^K_BsmkmFjFI7<Uz5sr5Ue*37)-QuZxf3;BL4tCZX?}(9>#hn#
zs>;1XD|ac%Rp;NqqTJ0IF9cq-3-2k7w*tJS@Z)?QDtLP}-g@w^cH!;TcxS<DaCk+6
z_pZh}4&FsByb~I){?D=bQY?5qTI0tzx!z-pbm4V{pB%Sl@YM6zVS+bA<AuPx7V}C4
zH68=uCwaTTYl4COH$w2Hz)!9R8*X+#|4!0)W&aTy-;sj%8I89YJZz2zRlhsoC+k-!
zc$W&^X86haZ3hpp@I`~-Jq16>s{v2l4~`bRgYc8Q+FNk_;<8@7uJM}B#-2A_E_i1&
zUQ>g|Xf$F$)$e_cclyKF@3+PX-ub)Z>vtNwtQgK}BePlXlkMH{x7cw$R`4#>cxm(T
zyu^h!T;sKar{>=kf>-PC)RZd#FT;hmO!F&)-!d1!JG64oqTEK0Jx?n|x$7OCdX&5~
zLAjgZmxgkb-#+-MF<|jZ?>tApAD*M%FJ1inEYJz6+;?64vXv83<#*P_Pi>>S(mmSF
zt-Tk*&x8HcxUpY2zA7l*NX_pI{5n-<!ddy1z>hlQ02bkG^sTrt<N7jLj9azFJ8`S~
zd25;GXDoJq&ah4M^TW^W_~_95O5m62)Rl>9$DcI6$^?FWUXAa+>F^Ve<)ge(&94D|
zZs*IXn%^?`xwYfdn%`>pxy_eNn&0LGe&5&pb|&z9SMzI!pWF4u`FrB~<v9G@)`O9n
z-)Z>ubQzE9HNWH~?)~x^&94vqdb{wxtoaqf&#iv@G`|r1-0JtX<~I?3Zr|JYz?YEn
zc$)=3w|OuaesaBPgkQ2tJ4QRaBxhS9zpFLgQt((06%_lXbM#x{l<Rc><mD?EQpH;U
zKkAUPEyvfzsD<WwFkh?(4{PPNB&grx=jivfbM$-V9Q_W$PmUYwSMRimiE8ib@RRLb
zhW7fgBip+~wD&!YmxhyDr|L|>JE`$DcJE@8z>mD!1h4zv`1x|?cK7+>ck$yqQ$e+(
z1b(u;<oT5oQsp-kezLs>dUlE4AKfYHH&!dR&mHddo9yD}c0QWr;-~7wYASt)i{EN>
zun4~gUHlY7@}4|Lzi*tQ-@bG7J93VGr_Rx@%lG5wOQP|}IY+;ubM(6kesW&1+==X9
zC#XKJfFE_pv7g4gQuk%6#JsvmE4MzuyjpmUe#@QusX0g9rA{4~u<ncx!LJJqPIv}>
zr7DAzJ`5Wjo}Dv{U%*eEXq4X<;V0W$n*lmbtUS&?C))cJo%evpII~nyV&!hudHG!|
zKk`-!9<P1G;b6Rp+zZ%O1x02mmM3G?z9hr{1m4vH>)R=I-Fg1RBlS4mmf6WhV7j8k
z>bGRUyg74bFCMaRsNV`j!%9XJ7Zw!;i~ath!oni)Ied7D-#>ihaNE&e+wGn!swzAl
zRWmYgiuN~4n#fIPREbq=KI)W;2k2wRj`HWvT)c3}lE#G#8wOuJ&L7Jxm^-*=NH930
zaPY{Y!E=jdjTk<xq;#Nv*btbk#}$5{NS)R=d%=>(jPVQREHtj2e8r40;mOxjU0ZX-
zjH>Z9S5%LwnmoF&+nDh9(R_4Z3|VsL{KiNf(#FMhTCY^&?4^yykXez&h%uyY$r5A8
z%!Tvk&t3rAQmcd^^H{<sgrvAuv&nLVn3p5VygIsUa8lfx!JkkVHuptjC!ja2VE3<+
zL83+^;AmBPBEJFflh-(j{0bbNIwtAoc1#X~y$hlW>_E3;QlInB!Y{0LLaN%qRQBje
z<ZBUGXZ8Vm({0XIVMoP)OH|KX+z_4boXr28^Z%an|F6&ag)^5dl9T@5bN=6R{{Qtk
z-`KE3PWew<=Zl9GJ6AWKd~I`b0Zu65+U7Z9D^D^14*%|f|Ir@srS45OZoc>C#<g9H
zn{Qj(#aMJ_;o?f8@0=0CPjv6ZebAdh^U;yXLG!V`ldJ0<8<`z89~-eF55~U5!MaDg
zcLvSJxp^ZuZ{+5UBX)Fwk((dy-kG&~yEoFSEt1s{$vhUx_~5;Px9(3GAGoe)-lRJt
zW{V%!Tdjuip*Jf1$Nc7|KDPOY*O%o>9-Z77yzgl4x<b=GZmoCR6PGl9zIox`p0-Q#
z=b9G`#{Y>&O7G8J*!#$ZgS*=~^SS%>-e#DA?7Xa$yl|hDULz;vx=i2jdCONO8#&>D
znZ7HoTfP^+B1)Z?>8l&KyfkyL&)##ON9Zxl;c1?}*IwtT_oUC6w<a9u9SoeO%GmFn
z;?0^?R2e8;9y7IfR7OfC9T@DiZNIm@z4LOv$oDSmR#9q9=vf+w?KGvWTV*5|ND*#R
zvbv!jPHRxo(_Qn|_%CZ^m)w|KSbbmpnA+U?2BhQ^Bn?irD?Y(nnmO&(`l6fpMg}^h
zqB~28Gvyck)f`x)m3?n=Tvf7?`~IOK$?&CIS9IO-4+3X0-_CqDrQS35Wp8T7M`r>j
zGWVt#Oj2>tZl$=7v{I~ZR*KS@s=A|s&S(`R9UbCyOK?*kwOx#6bSyW1U2PrgOT`5{
zMzey~^i1&=+<e|ZueLx|M<DZ9Amhw?S-U4<vaW48usXBV8!2v!1Un){$0CKNB16r{
zCBaBuI5Mz0GN3LpXmKRBZ-0Maj2Y=~ZZd*_{v%%SuAFC72Zl|Y+Eg9MH(Q#f!ZOD&
zTaMNR^5#O%HsEP@sJ{)9)6qvTXOG%uPG3j9>rC0!;C%<2DSMtT%bLQ4g^ifSet+Y*
zb>4AVBb%F>8`O+z{%rGn)!ydkdVk*N9O}2xy?bQ!z9~!1aI}79r4bI~`J!ElOt8g>
zc567$KNuLOxMpC0zc9Hv(7$k4>x7iLz`#+%RWac}ZZI&&+?`>U6Alau21=@TXVe99
z)$}m~BL)V7f#D-FeOUuNiv#&}yEDL=;0p%w)QFmq+_P(|10${r)CGp)Kr*FccRD%;
zCmauZkKW|(yv7f!8MwqQSM))w2ck#!t|8Ig1G%Z)F#5~zM=9{hsb{5_dYlufyk}(!
zDvtSFZ=kp>5bOvP9Sanm3Jk@}cr2648Rkf<HAjZFMTT@l1|N$QoQhn6y1kq9VRCh(
z|Nbs!AlSPNpGAXyin;L97gA8#-hRe}E~8ULXB7nlh3KpwI0u?9D;OyL@>q}0>o07q
z4ityKcgE-SofqnV9~Q0N)tF4lW~4Y67&bCc9Vodj(+m_3^xWOu>Cc{{d!Wj8f286;
z4E>7e7eF-zW}>KI1T(b%(aZc%KW|`YTVO~>VDPa(!KuI{XqMf;wJocy_VsIvm>rS8
zv55av<YF_@Cm8wEyJ+AAA9m^3?Jw}PR{3j(`_)`P4l9(oJ7m`Zvu5BVGmtlMj2Y-Z
zun1)i3{-gsX8z3M`)R~LO)i+wBN+IU8E}?qZ=hdW!0ZSFjs^Uu0vDqS|9W-F+I_U^
zt*=G)C;O7ed&Xym&1cR(ot81iIm$-+^7&k<6@N>#EI-p$X}9i+WbO82)@1GO>{?Xa
z;i*o^&buNdZ+3b`vSIt|^*UlDXW!(sqO9E+Jm<kb+~El)XXllt<jwjd|FtbG)|d@w
zi{y1g`X7tro{IE)*BgvnXm)toyxFY<PBqO)jykeG^p5rocIte@J0+ZaW6yBQ_A9TJ
z*289XASc|?8E<WWHypTdv@avzK#vI0;O^eQfVMzhN1*?)K<=qPKU7VP<#wx%m$XF&
zbwmapi{zh*3@{^ogONZu@~I;!b&)=(tm)0p3#a7ObzAu$PO+#ij>m$eU?k^QAm`}*
z)*n`dBj=m#=LK83`u#O_7Y5s}DjXgdRLs`C`d2e@0cO_E`=y(0UaWKHx9(|e?W{3d
z?&vgIu}fdmU(n>w3z(6MTKRc#TYD&@$lp4+$bs!nK2YF{UsbXh=o@TXWN(>r@2AX`
z&S0SLpnhh=9}eXBlI#uPzy)8<9^^Y14D^A&<NQKzGjKsmI5WKGeQTmS_U5{Z8pDV7
z-~jL?nSnqQ(Q+{JR3v+EIgZ_nv8!$W&>IX~6wR5D-o75Gd02zsl&#h^|IiGa5zNSW
znyt0b*Y;BrD{Y^j_X~TCy<F$eALG8>-Q3SQ4WboiLSJ&QrO6DOXP3C_{nl3tTU#4j
z%?w<qgo+Ds&MCayUub5OE&1IuS-~Ie8&x#H8%)9y+1uXZ;W6)&m}8B;f9QLp?9}f}
zZ^faHs*)eZF|WG9n<{f=iZ8h?kh3`8zc<jkB9)D~a_YlHSN1c#hQBn!OfmfZ{N@!#
z-}1S+zd_gbEe}U7Ko<l97mj$^yZ7541p`>r9Jak!KR4MMxTGyGs3S1&SRnsYV8Ggz
z?e?5=j@h40dV9<VMMu0`qV4O!1JUcjEN`l5jC;ykVH){83yKF6d-n#6%F$dYTTTvg
z*3|vp@ZhB2k21`bRsP&2yWRfw*cI8XYV!!D?#sUHZ&iE4Ek>}-TD=SV-xo6d7@dtz
zSB}OKy{Sq8v2%fUC8l;5BTx_?*z@q#!9Mf`mH=E$GjYyGlkFyMYvp2cXwr!>XRtzW
zNx_=Z<i+%jT+|V{@K_}0RHW~I?~$Z;lR;Y^-t8Y$qz?2cFQoX&i*U)~oJZTkZ&`m?
z5TB(5=BAf8pR>;_SMI^Xo?z0;l^fd*_oyx?xo*<<F(Zox20q9%cjpfD`2I4#M_EcZ
zknMX_E&blW#chF$IszBs2t5_(ySAlC^?j!=XpX_vj5#JLnCU6>Hx`yQHWg>$gk~*r
z7<sI7wvYMAK8ZZ6F<y4!!6IMUgMn3R9?V>|{N9MOsHWYj*5B5y@4fcc&)#@@_Xp4K
z_hOyt@a{Hqe(pcgWaj+h=N+9#GR5^*@5QP41;I@(jS7w&6Wnwcl1ZmFUEg`CDY}fR
zKB`6^^)I=uXnbH~CQipa>nD|^RE`<lU3K*lZ+n}sWONVJw@17iqt_#YyQg}2!Lbtk
zFt~f#d;8ux^u~$ZXP(d69kQ-7{uAxWH#;`H^z)9=tdV0%&5@IiZMy!QW2ZLV_19CX
z{6zJh-(%XO$}we0YE0Yf)E;j2((cFhdq*xGzvjb~DzAND9P#$fN-HfW=rI8^{`x`1
z3R+q~!(D@l-x+K>TC>mJugQ#bi(ak1>s2MIy2j5#`zqq@9`k#mr#F?Z$zN`>_Io!@
zPzB+79~b)QS{z$=j_-1vzj3W~s(Crj?3x$uH7Bc!FW9})7w+D<>{Rzo9DK;s*~gf5
z&R6TlejHvOreFn0nUHcId|zSzbvV4IuAS!dVgWSAdd#s9N#@vOb8Lz^Hq{*4#T=Vv
zj_qoW?PiWmH^=%WB#lm0wLDdo)`3N%`*yRctJ(c|v#Q%mWk>y|?dJHrYH9n}aldv`
zt#uxq+7_A85xMqQq~=s)@_wA_acZ3KZpw$Ly}jM*0@D^v^&h?3k9(xTB4@!e5BCV0
zC8ZnHNq@=<-Be#6!Fgty%An(`lXg$=j_xkb@Kf4SaXs2A9GDjBw{F?{oj5UEo-)GQ
zuMN(=-S1p`{fxRzeQu8Qy*3<}5DZkQGLCrn`V5>JH}x4+6tlITV$}i@B!557X<|3!
zjH3iS!UfSAnA#SY(h<1!SfJ)qU^2QvtusfxkuGhKR9qrQ=R%gP%t?6VQ?+ZbFM2^{
zU0?Z}`5L|E`d8z0dLzyyMsqmWk`xSkovPZ`lOL=9Kil7>f9hQN8An4Ej^b!%WBAUw
zzyF1Jx6HoNKYQt-$bu#F7V^>S{K%5V*^B*4X3tzayAk;%vlriv{G53U<}In8J<FKc
zFb`kj#`0sUuCDo?`0g21<LeR(HFgqx>wsTbGN{yNXRWU_Db?#hIgY*DNtM5{;|j$J
z*-onRil_V(FW>P~+jaj$d1XJ>^dIFnpk7>E7}!@zv%R0BS(fr)JKZ$<LD|cNmVD{M
zb}E1Nt<usi%a!}eI<UXhzS2Jt=UnX4=f9%=yXu1`8p+PY;;juI?J;FwUr_UBZziJp
zxd!bjsC@%4a9^ej^r5~Gk^5eT$nDf2L<Tnw=MVju79i5U36X*RO^9qe?ahb`v{Uov
ztF(U+k%4w<+R1zxk%4yVd_?;H0CAL~dG6!9qCFd$cUIKAlVsq&)N_#1-X!eQe651^
zmxP^K^}``yr?wuS!T(p#+(iCSVgH@5pAhyx3VWxp|3%o(K&!q=_S%2;lXV*hjZIcr
zmC&k<S3~2UWuGYQQ)qPT)chH<iFk{!b322Y58I%*nW^gA6VME7BlTYq$vMW#Aka>&
z>cjRjSpLHP2WYZsXWNzkpM{-mSN6XNJ9kueUfwEB8ibnX0U8m=S3$LlufuS&dM$=N
z)cJ@eVl5)q6Y6D%104MfQdGlYZbqv5<d@J4Ze=|LJIi9q@SpYJaZ3(UH4oM6KW<E}
zne=DMKp$$pn#OjK!9Y8;vggr=Ksz;G;UcFHk>P*3EM9)FK1}(O0JfzGk@cizKlgF;
z(?}WI>Kuff9HtEPp=L@B$CiP4>H~<hcjE*=pq-j)EA9MFM$Nr^;X}>sj8{VQ(K`2?
z0L@pmXulWQ>)2O7bDU`30L?&u>JU=e4?$n<=<~6oVqO3}+ObcC#y@M{>l`2Er{jY^
z1uzj8(||y}3hEeH3IjJY9f(N(O^6Kir&ewMGK~ndQ>!)nc^VODr%pvA=i7*Af@R-{
zRM}sKW|{PFMO5~^(8|6KT8;b9p&96}f~x-*7`P8p2KrEsLu4IRA*z0O5}Lt{6M&r@
zrVRgCpNp|CIZPScIQ?L!4^sv=pGRS*4^syEP^-Rr3fkk?TaacVnuu~NkhOy9t8*#0
z4tua%ru^v#nYSV`xYhGn*y+zy)n^N|s;4@)aNq5S{Fw;-UqxhaWAdCuAEpfSp-x6*
zeR%va&`z!F`dX*vE%#xdKeh7DqY=Ta4xfRYbx<jNnh@2TTno+Mw(kqDb6=(m^r6m0
zWcfcqRM#!Ph2~FUXn!A(`_cbTh)IaFpFvb}m=81=+{)$g%l(<EW3vRB!OfrR5B-@k
zxcU5VVam32L0i~we1(_6tzFXpTzvkOnM2S3jw4ew?jzYKg#T>Y|F<yNMzy|uqW(MY
zs4t$~5E;@i505({4MP^qsE;hEH-^L+XDysqU7^`NZkbU&d-1&6XV)|=xoY;Ec-1`)
zF=ImH7H*ngJy)4*KURr%nYtKtn0&<~ZO_X2k(o0pQK@Se;XV4<iMCeETM%iej@;q4
z{hHg*I3nCO+E{D%8DncSkMM2t8fKx|m5~LrmeivOE)?Yhg#BzNzFBuHY?w27a@F7M
zoxj&}YX48}z)$v2todlkjM<SzGw|3;A1UQCd3GZkj@}=?V8QIgTF2B>O`cJYZJL=o
zW7F+LGwcUsGv?23tY0{5#_Xl%=9tjy9{_5u36a5bucPLg5c$ciwLKC7iq4_KlutrP
z@Ejn@Cn3as;CT+DILCyzq8V|1e{Vu)t_hLBb4O~f#*mNwF2`D|XdN<lcH@kt3)OtL
zOyg!ZVqF@)0MCN$AMeDx<JL>dSuU2AA+}OlS=WWY-jetLwzg{vq-Aqo9pg7?OJi)K
zzAnbLxGsv;X0_V6t%z|BvE|S*TW#aYV0ZqIXnw}WEkS3@tsT{R<hDjy4hc7?JwKsa
zKVh??%y(Hc<0^<*!qKR?bCEhp#cg(9Pc0X1F^%r_cURKC=cV_b4bm3I*fFS~G(UHk
zwj?HmX@2f7ecjY56t`$<+tg~9umZ}#y=1ixCfr>)xbL1|QPb)e=j9I47QKYk(fr(D
z+H#i=ruhN3kUv!%f~$fV4UxLp4N;5zb(m&sY*^wf!BIb&>@$DVq_VERe6%l>u<GLa
z6MOJV6q!Yf7cSxz?cWJWasSH`Zx|=Wc_+pFuTtDzqivs}<)>-+>$UuJEq{}iuhsH(
zT7H(6pQGjLwfxOm{uV9YpylUl`S_oeCPg1**ltP263zcMEq{lWzf;S9TFc+9<?qq*
z%eDM{TK;}5|A3Z%P|H88<v*+CKd<H2X!&(o{tH@OeLZ8FlcJBKRQ_?z{|PP6$5gS9
z6n(U4+mfPR^QinYF=wbGW3!h3l9qR#hB(%b{|1<kfMOxZ`U*$pyT&q5N!IOi%#;-O
zzm;%1ABn|6Qr!Qh!|i;$6$?qxM_9HkDekY~&|f{uQrp!d3zb)ov{YU_R#f?bEu7D!
z=p#k7y}!17fR^XuomfaRE{SEJl8nJxeyEl&((=VxewdaYq2<+M3fr6%_e*D%KU(v@
zT+5Hq@?*996<U6rmLIR>uhQ~WT7H6-|FV{UR?BbE@?W(ck}4w~0;a1BQs&Ro^8A8I
z1#Xuk&b%BU<}X#wNST){WL~cL%*z#?`3Ry4%+FUDq|D0|k$FBKRe|~YRR$^Z>Om>Z
z%s)-x1m@KPYnqsUmBI<kA5s~l%%9Zqd^oBCw_EQ{IR@r?dDK>W|BJP}`Vxm;^yf>_
zDlk7v%a=QOekqZKua>XZw%2QU{8uv3K;8pdUVZuVq{XW@zM^e^-pL27?KelithV#F
zME`CASB5OS2J@!l-_Od=kN&+%_H&l8(BPNODzH8tJ~>3N{cklcbn>^tmWA_Uk(1}R
zWEr<vUr5uRf&24|Xa+t^&%*4ebMhSbEaOh&E+<bP`Y(6#e2|@GeA;+O+y0c3FR}K&
z+jvpi{+g5L1Kcd*9^<Vz|K-Nt;<n#s^htsvg3Y_%80O^d{U0!{aq?Vwvy2CgnQ_}6
zHX7r$f7W;?Zu{qrC*roRF}@MEeVwt_$#bR4GQMEE6}SD1#s_iRA2oU>v$pm_`7Gmc
zqtMCQ`#)h!h}(|y>x>z<&6;=nl6l2c^B2ydnjdLsSUA&|vv~Gw;|@GHw4Pt#;?mK$
z3&Yb%m2(~`I@_%KWMlrk1;+f@^JgxKdR35Bv2gLs+1JlrypS80;GM9U#lgmf5t1g?
zM`9pkg2RT#<)ioCwl6kI3!f<B*0Frv+}TSSC(pafuC{FqqbavY+xP`eQ)16US$X8_
z%Bu`(JhKsvt*W^K0#99Ux#CtwjH_|PWL)68-_8RwVb(C-(1PqVQRT)j8Pixb8;^1A
zo64ZG8Ld(tiis-O4@B|5p)8m=e~}Tr=Z`7e{YR}cz;b<98h?jBxpCp*+14Xw<?VI{
z?`Bi}^W$#iQM-oO3!+7{73wx#?V#Vg&nz0wv5(%jD?jWzAu`i>x=mw(J9rKwp9xQ}
zo{m~YyLbw_c1zAXx)@&DD7I)f-|@R?8^vz1+woW-&OLa{pzf>Vp~@;~>JB>IQCWp!
z+--8acibkii*`F4zmv96?55rL#_y(WwAUoh3_Il#q%^-^QkpL?d1~>2V4YiPEopth
zsO)`U^4w_Kd2QoyZXx~D5!;?iU1#fj>Y27Kpq^#xLSg6Hu6#;`PZ{-Wd?17nJ<jcB
zxzLr=4xd+hia(KhE<O-y5IyylwEiBq(!3j1x|W(B2&|&g+)Zh2Q+<^zbehmsA3FW~
zcl)pwJ0VzoSZhhckHj<2*11CGQ#)<9`q0r<A3ECVLq}VE=$x0VK6G@59OwGM>cd(X
z5GoN>8?8R9r4|1-6{4~;uj*j6-6_jzyTiBI&W%p+u(Ajr^LO^O{8MZnetMjX;dA!)
z+WT7m&Z7paKH{;1=N949U~7JQoC{-X-vz?%JaVw?i)_2a<OLOiRp-UFw#L`dydLp5
zk0Y#Oq|x@_r^k6Lk*J;)v#afIF`YSJF&(?bbhI^R93MaVx7+*X3Y{->0kw1CUr4<a
z9|+c*adav29*1wunQoSg5u#n(<aq9~?N(bpZELH4mf6~B%iXr-r^mVFwEX$4G=k;N
ziXd42ciP%&`#rX{+U_u|w##{vYWwgr?s#<kExzMp@tvC*i(f1D?IN_ZuT@XSZgEx!
zAGv<Y`7h`5gSNj_mcz8#;?&=2ORZqC5Cp5-W?S>q^RTTgyR)uZ^?As)TkZOst*x@^
zY;BdrjR;m*&f1uRyjmyy)U)t`kc+6+N#^7FvxydGyjI(qpPtVPE&F7-ZMW(v{l!gW
z9RJ<~{_6!_mi36ROXdb)m-{{@?6RIsw*6!E+?c>WQM-84=Y(@=SBve;Ws5I7e+nrh
zwVK}9*chOV5&ANud@7?f53Ovhx6`nVQ;nKW`PgjguOfX)=<~s*{VdYE9sMn&J01NR
z(jPmTK8J-qF7!#E`HL^bEJr=4S)Z$fo-DMV^(n#!f*&#68H-DxY3CfLR(3vRqMhSI
zt?XCRj<RZyPI7b;Qs!x|Mat(RO7qzWIXoPw(`)g8P>V>P2BdXD^Dw4Ak0)y7Pe1ze
z1#X@msQJ=%BQ^Z9ky0!F`y8KUq$?f$G}3L<@aJ(!o$g#mz3A9^j8dmN*Hmq^qpTkw
zJw%Ot{f<tLKp-4Nqz_*@|2;K)cuZ5L*Wm-<eMHL#<93!BKKV$g(`VuXfiL6JhjWqt
zB@BHEV5d%Z)(UQ;4_~tPJ3fW*p;jC|kD(7=el2!<O5j7Sd@gl-jv@^^KBe%XR%P)e
zTyjnzt#x!0(z(>ATN(VR(`Q2<+~L?mj!t*h<cA!4IqcNRzR|H)!cMK~wwZR6%a`51
z=J-^>hg#L`8;;Kzq(5}@8%TfTX#Qw{FT%5)6R|IKx^pecm)~ixft@<N9s;44W1r?|
zWxvR=Pluga*>h<}J%=F8cYJE$L#^f^x6!8*Y0&ZEP*N)&Zle!>Y*6O-uu9a*=Qqe_
zCnFCVe>|b|Z-oB6(C-WVA3`UQ?{N5JnVQc#Irh}Y;5*LI6Odl%XwHGjj=m15b&SKG
zW5j;R4&noWTCEjq1MP6L{_ksL=Or5LX-KJ+{WFf;hm=~`zd$=6JYKg5{WV9QKx!S=
z@Zqt$-LX^ephj6-PpH#t@qu6+@9^IXy$g|i>Q-v_XFFQ?a~pjQBHbtSkEr3_2Pw7k
zryu<}KY!|I1ATv(8vZ#*sg?g99lIYXb-HtH`8UU&i<DZ~t@Qz%eAuk@VGabs0F*~Q
z*9~fQtPOYUTq~%R-8#nMUjjR|vM+G_IWMTwF+UlsV;t?;0oxZHpEB5~l}`)pj?Xs7
zCj=krbVLU3PoI~OTIWI3p&WK<)hFCWpM6N%sNquyA8O^pZS?6t+V1#pt)Nyu+(sWB
z>pyXPxF%35AM04a1;9SoTM)Ayo$Kh$NQXL_eR4T<F+LEeRlku-JBqW`9c90Pb}(y^
zTJs-z8T4bc!#~Z@st?;7JC6nGbOI4-5wkg12v&Wdxrthpbs02$$fQ>G1&*Ce>U7kB
zp%yWl9e`jlp<S7<yE0+dnOR_E!}%hlJT|h2;{$=3YZ!xxNIT1-PQMu+2nC3=vn*<5
z&!ipqM|nsuaP&Z={e(_;bT-l+j=qp7BQIo_BBtMBN$Uqaw6hNMOK-64R$1LdS<un4
z9Bq{a9W4twS{5e>f>oAtpKEP{Jz5qA0l}*O$e2!FXzL+JvSFt`b^0RPKFYDPf2h-M
zwe4ZrQK^TJTJsS5a$Km>7vlqA8X|pIG?xtWGaRjaxQ#wdNS9K>hwY$F=j26Lfk=BF
zN2fQ^>dYS$${*6OyR)Hre01S)2hAVV^mjDRZ{r;OYozx$`Z1(m5SrKB+?U^@)Hs?P
zjtA{n7VJ3#&Hk87I|TxD`fZjpT9DAr{-jp(YO7;se^M*^i;f*w`<f7QkD(P&wdGA}
zFxiLHYJKL~PM>aQ$L|~;_91n;!+F>7VOu_OeAu7V$|uF?2mWZPH#N%2!FFm@))2?;
zhn+h8b_j$r$DZqGWv_PZ`LI(f`y9t!06TU19S{hOw4*I6kUrq(4M?qZ9`z}N4|O^x
z2!gd%!~YO$*4hi764<Ggk9FMwA6~QY+Jb!k(CZX6{7d0at@`1N<HNq<d6Ygp?@;sa
zY%=f%j%r*uSE%_zFZ_>1maas4g`@Mq<M(dlgs?AlIuB@sClRx|+t(V;2))hGKSa7i
z=$C|kRcO=E?C1WDejX|F<nx%m#L+vEavsypwqr@PbSu&@H80W-sMGJVq<swrJLmHh
z+COdE>yXf&^O-uGCmMu$MDjNw<#IsHAzS6>FC$$?jeXH|mQKGL0^zHO^xub+_0C4;
zlMh!*BeBjk**)y@_!!5|x>@TR{K=$FzY`w_*6|B}mS2oWCXXZP^n37ufF;Htle}tb
z`0zNQR_(givG+krt<Gz`X&;Rb1nTruOIm-oJG+<tJ^DtNl+L5(2@`=@U4L5bh5w_l
zU5Q8^wu@TT!Rk-g*(cPhEDja<4<WVc2_N=@RnPk&5V(y#El58{4IlOcb$Ts65UjRv
zA$4?m7h4ZPk{ya^RUfObU}rt8zH<DhA)kGoJujwH!-sXIPG5l!gw2TAC~!N{uL<3k
zngfAAt@_6rU-)l<tr(F$ESFkcdz3qNmPM`XR(;^lKA}#35FZG2h~%&zs8zdGJ9f?i
zYBkmyXm{#tjVbo+0~@vKLr5e0eES^DdQhV)toKK#O=wIt%l;{(pQZ-nKBT#hZbCYR
zI*bnl>U6>omLSs3wo|7!;{)M2#B2b6i?q|xXOIRQ{U@YWzm0`(bo#@#rYRdAWKyR`
zZ2NfH!6fHuYHVaRsM9&25N<%EoqbE4&IyIE0Fid~Ep<9O7~ytARZkXA{Q}Zwso~E)
zr%opj;Uz@c+0WGK{{2<jvF}fi{)ierIgVC7+@{L<rQ_pAO0DkkPdIk=J+-=jXYtwP
z_&}gm^N{t+zQA5rdQ-!P{YIVMgb##%h_th>sM9%#5O{cGUtvj0r+?noR#_D>9ak0_
z#Wl<-3qH}ZmfQYTS+Kj7HO}^7x#??dZIx9S({W{8B+7zMw5)q=f2%CmUCZKRL9ohN
zZ|hVf*;mGNTzmc4hD}zVTxI)M`#uu$&#sE;xcZx7-w9&h4Ke@ht7AIdsgKq6T(R#p
zV&BJXZTU=$>A3#Mv(HP`SimRRKTWp3)jzPi_Rl2S$7&-N3<RqzE}V{zD=S}=1)peH
za@=8eEo-vPw90zY)>c_HF&$SH7Wg69WVH)E(X!;Y!|qzvwW6#RTl3RXWNYr@3EDb?
znu`zuk7rMbB@I9IFk7S9hG)2~3#mugx|Et92q8qzNGj($%~7^S*BhQoZ9R>;%+|Hk
z&N;fC`ZC+Th}t>dEu{|G_9p5vwq8XYw)JZ2v9{hoU2f|ZYUjA#LXG2*VLPH{oF$E&
z)RnewrFM>&ebmk|a)8=777kHY;RE3)qQ{x%C#apd-AV1t;WN||@xkE1KWDzBQ9E-i
zgW8!JeW;!J;HP%R(c0Y^JI)z3c73RwvCE})#;%as89R2j8ap;sjU9_oV^>S<j9mk@
zGj>a<ov~X%?Tp=OYG>?t*r>7FLhX#*4(bp-5Lyw{*tJtTV`ufJGj_*mcgD`@Luc&H
z((a6%)o;$&@p-r!JFBmpu`8h68M{(yXY9(Uow1up?Tp=YYG>@~shzRoy^k8ZCTeHw
znyH<!+d%D%9iLsRvD;4VjNLA3M23Ar9~Ani&?klFy^qIh@0*NN=?tNBgy!>S<x?Vb
zh&svUR0+-Rjg)<s(2Im#CiE(y*9+Yu^j4vF3cW|@1417b`h?J@g*H%kRZpMLd_Pgy
zbA>Jxx=iRwp=*S$6}my_r9!U|ntvBimAg^sEkf@Qx>e|Qp$`dtTxkBiT*W^tbXqd(
zhzxwLskC3{0-;NVE*E;D(9?yk7rIgCCZU^!-XQd5p|=aYOXz(<9~Am1b&B1tlR}>n
zIvLxQPlnJrLgx!zB6LXTD(Y0btZ72e5_%CePt*v@gkB}|dg?UWr$y+kLhlrM4|P}D
z|A5ekg+3wlX`%T)f~b9cLiZ6mSLj0OZgyE^LRSi1BXq6M4MHy!dWF!dh2BV=ZkM%1
z=p9103f(UBA)${`^W=umDK!3UdeokVF;PC*Li>d-5V}<8a-k;*JzeN}p&Ny661rLF
z4MJ}gdb`lOgx)9gL7|TdeNyN%LMLOcdGH*DAw%dKq4R|<5jrGvmC)0Ko+b1mp_d80
zO6c`Mw+Ove=$%6Eq3&VV|A5ekg+3wlX`%T)Z>fEK)IDuZAE9%FE~L(|eaeKc6uO2w
z)Ap$qx<Tlr)LFLA3ZYjEy^*???XyMb9YVJX-7fSYp^ppQNu6yo&kCJ}V_Mm>sn4^0
z{6ZH9T`F`rHE$*mCJH@W=z5_Wg>DkMS?CSacz(jLS?KLT?-F{S&<BM+D)dRA&j_82
zHAa<{A#@HkFN6{Dg)R{~By^R~)2Q*hf?<}>i-cY#^eUm(3*90#|AxI{?i6~D&<CjT
zyn^Ad&?kgGEi`XRJ$-F|pU{1T&ZW+=eF}vx6S`998tMye|5~9NgkDOG=MM}kgkCN5
zMxnP*Uu^sD5V}?9c51)vb4cjpLU#&%mO5bjr(yk5n$M(__EVd-Pl3>-LYE6Yk-DGl
zKV9g0p&O}lZJ#Egn}yyW^k(Y*w*PjacL}|ZI?whwDD+XGPYQj8dVuYpjI~qg454$V
z^KGAep-Y4g30*}!(Dt7u^emwlQ4g|xmI=K|==DOkP+wyEZxwo{(0iy0Y@Y+vgKd47
zdWfx0P!F~BX=>ic{sX}eU)(bBa>)w39d2+m6I@POfrk=x$jafnKisqO{_yL_bAN8b
zw6ng8k-Qezc;Bpo;<1{N*BP?k?;;PE?@``(XvsT`ymOj@vi+ErJ37P+!pSlAcWvb1
zvM|cK0b25sk#XZqarOxzWylG~c(}xf@~r!P<W>Li9@~w##Mvi=l%Y!SaJq`}9*36o
z%SDF$s)FjjM_`csw+y^o*w|hygHhfK(2`e(3@#I*LGies<h6juQv~hZoo%eg0Yu5;
z^8z>C51oBNNEvnt9xp{$7I~eBk{3e8S(35E_G9{cM~9d}H~=2!73;@K62;@6Vv{^R
zt0>2I73jyn=OWZ0W)O16;yoCo<nhu(@rG)=7UbQ=caX;G1h3HH@sdOFCTl!C_i$_P
z)f&%V9&0Zz9~5t~#^bv@+@^xk^EF;0c<g_+m#1^Zdqm?MKt5Z+96x5)XuKxy%3vo?
ztrg_Ipz)47`(cw6RQ<lL@pg&&@sz9TcUa?{K%V8Opm;ykc>BQ1g%j(?)2-t1T}S+j
z9>1rNaT|{hG~P+@)cgwwp6QL}@wt=R@xkA{vJN3chR_wU<Bg|TRliD&*9Up$)Mf2Q
zKZdayZyI=9o7i5SVij+O#tR|u)_>P)yaV9nIy|0U70-IUg}hq-_^eFT3FfH2Pve~i
zPt8A`S`}{_{N#8{MBc4_U(tB{J4>p5Jgq9;&omz2iEyjmL5-ISo~qwq!Q(R~S-)EB
z=T^V78m~~)kEd%@zXFZdkf448;KzMJhzvENetgWWc-AvI<WuQ{z~_=~?d9)~C9hWS
zim{*K-LBQIF#+#Zjn^P}e5|f`U(k3<6Y%)FP}Xm$;PI;z#ruxN<Fi+8Q$cAyTa>&N
zg2%`BiuZGk*OY+wV~w|3@Gcd+ziGS`33&WnwyfVq!Q<Bks(u$k$oa?P&u#u)06)pw
z0$wgSTo3ql1GjO%N(jm0Giq*ALFus&)FEd>yQtq7*tm_n1rU<AAwm7-X}m+Ceq#mi
zQH{4bLH*WiytATySZbp6+pY1oB&Z*s!Qx-Ey=miO{RbK4S<haPPeo+dk)VFR(|84d
zu)jDSyvAi&%=b)*?>~MYAOriB;XKC=)5Z#k{QAO==bumV>+e#oa~o^%Sw99p{A9nB
zq8;iw@oH>W?I_iFhtQ4?0Zvf7VvRRZ^z%gcD&Ay`$L}%J9~mH0@vhc*jo|UQJo}kn
zK`GvBjkf~%faq(*tJQcXt}={TluaJb|B83J#@o`xem?^)R#3cKHD2X4_Papjse2C2
zgZniepCdkGqvCi?8m|*PbzL$Io~nLNX*|9g?8bXc<CS9&6z_V$dqv~5fX8)D1=Zdc
zHQolnn+|7Hzc)4BVeokUtb*eGNaLLZuK`Z%znc&h?++T!hv#B$ytg&pG<;{Nc(sDZ
zchuy%RtDbF*sg-AUn=~lL(Yah;I%`ueszede*HBbpXaInIG?*Jo?qjw#w6zVg5=E-
zymF0K)7>zBPLLB6?{bY-gYR7ZXc&2O5LNwVYrH}{TX<5z96x4jHC`ho@fO(0t4CD4
zWg3sqGXmJIf~sG$=Er9mZhlW{etmFL={!cWkc#(B&94-G{ZyeymEU&wQHPvuIa6cn
z+I+{4$K_8n-gNMuclKeTcyDOD67Y6lJNsp!<44{fHC{%Bd;Q+gcqc^tZWX-VSa;++
zEdh_)RZ#WIgr96LUno?^xq4Q?`VG@~Tflo&!H_Cmp~kBL?+~`Ly|+1j<W13d4Vm`)
zqu68x#haw@3a*RYPu~Gg`jK~=##;~GT8m_VDBdECHyyl6xUhbAA}XHs{S@-(ZY$(x
z;XOxos1p=#oyOY?-bDD3_i04M+p5*C6b~0l6wL8s_F0X08jGzOkGmZ|wzos$HGr2*
zfD=^x_G`S#8)EbM9{8&I{Ym3BC8%Gg#;XNS)o;1rU5N9PoPRqK)UOZxScecI!wylu
z`;b@l3v0Z63F<dm<F$+W-7k1IYrL}w>Ni{C`Ej!90}jXc0m1vc#>>E9^u=}+)Ob9k
z@k+tVg%f!XBC7Uo(|85oxsC5vG~RSkzlR0y2O2Mwpnl)ec#WcdpB22{YrN?R>i1iX
zw?WkJ^McnE=Xp6_7A2@(GW^&_Aw-7lqJC?TSN%6g<25I!Uw@5vP}Fao;91{)BCpni
z7Vt(QuL8?u7_0G4f>#4O$M*|}s(uT!`W;SCzj+!jbYpD(eNph%XuQq@^=sC6)4)^p
zdsOhgqwxyPbDw|wu2zo6R#Csl1@D&{F9e=j|NTtk?Gg2RLhw>?oh0YWvIO<xyBxB9
zeQ<H8j^C#QFVErOlFACJ!NVm-G^p{lz88j7`L!hQo1pQw!w;v-Xi&Ub&960q-xAI5
z0Q?k#P^Is6{0g0t4#Mx!XsLFevELqsAC~fH=-J!;4UIC;hv5l_XXo(SGx+7JjW8<7
z@3UElkmFd0e&+joocCK0xsB(ouWG!7=fj9=ClwU$OB(Ow4BL;quOccQPV>=wT1aDI
zo?(0g`>LRLOx2iiTW*nI_~Ew=8dJ>TaeOfS;&|ogyt%4#u}$&jEx@0(z+b%>vT&%M
zp=emih~mPc!eB9UVPTQ@96r3n?+=bBEGj9aXKlB8uBfW;cod1uo1$D4VYKhUjV1n-
zFoUPOw|kd3RcA%8pdxHnjbWA*_alZ7n-DD;9nzQ$LCD}oCb`z$OHN7Y^Z%``MSuDc
zE6V@B?SlVx4d0&rFI#0EUp&zLtl>w0`H0~|#Q#A2BjVo>f5mP8)xi5>28)U!?A*UU
z|NrR$o*Vx0V9iO+#9tx4^3lKiyy3fv9{)ey&VOW&95@#uRwCl@h4p_VtwP#@xC`+h
z;z>llGvY_AM4W}V3~@c;RzzO=@H=>Z&&>;u9K=$@8bp4#$M1hy5Ze*?9U-4%hY)KK
zn-Di6wj%O9cfQlk3zQ7RTtvQ`&iBw~AudJad*xdYTM>^U@_p}IL_T|;h**!v=fj&3
z_aPod<U7)7xS8=ImLg6>tVL`@<U7iI4z>r8?-_R@`f#!6N94P}e7~3P^738XR>b3o
ze8)Byk?+VhB5p=(N922{X}GBJBbFo1Lgag&t%%1FGjI*YYihnfxf*dN;sM07h<&iG
zmm$_7^8LZhh^>eR5&6C!-`fizPDkXsbh{7_BPMsp|80Oc3z6@Z@qMv0tdD$`i|=Z!
zM%;&Z7O@c5o_uz<6mf&N4n>cDENuUT?c8A}e0Dj0dywu!JmBO%2K*-)4q9cR^Tl0<
z$B$zN$Isz&tk21F@H=x3KA+gk5IxciyUvNd?ejd_^j{AbRf6Hiabbk`e@A>|c$x?e
z@#Ej&|4I)u{a-0X6vDahL;R-&Oii9cKe`9!(KIaT2)rKq#Pa;`!;YWm2M4yH&p)#b
z=TeFP2A_g|;WmW+8|zl}-^luJ==OgJMB-xt$Bcdq`B7!74@2jCjJP$j*6?Dv_Zl9*
zy)|(i?Ct;6PwV{h4?@oMynOChTnuTU_8*y#A?%E}=pWffEAPLS{doNq&+PD;-eui8
zP4gLlAf<a}wb#hIKdpMKVR}7gxzW87j(KLcIpHK<UH49(7cop@UN7IA;!Jq>f@Zk~
z`$J_}3fuZ6=Z($m-dP$9zFHHkyCi39u&w|*F<*~-L6V)%GktTyDdwgpv5n;E_ky17
zOT97GUvpn!#kz^*{<-Vths|fITWUjBWX#z!BHZB#C%-y3yHD8MJvV!**^y*=yUoqI
zHotuC+Om~+RBwdM*527ER;xbj-I1JMeloZ>%Q(Ep-m`gD<*CEDdvUE5?(l|_&+ghB
zHeas5*(`Zi&G;nN!F+BqKDO;)8?EGH+OfV$H|xXl-S}qEd~{@T(0r`#<m$S|MrMc2
z$42bPgRyUMu<p_Bok8<)Zr;ev8@YMoh#g&E<mSh_cV_MG>{|3%;Afd{d-i+ZO*)dC
z|3dG@$@ROYRZZwVx<_k)zctnP$+4sxf`6VoGJq?t;+FiR7O%1FR7E!<Snv!@{rqOb
zGs{lljfr@}UJu+>vN_*PE7})0lzGCFwL1e1oPhqqV`%F=<C#cDAXc}uPR;VJyv(S6
z_3Xsj#>FjPoBM5V>JsC|)Cg`Mu5Fo?(vo6K+0ngXp)se#yLW++H_Mw^Y^<DbOqu0N
zoloP+1{(JcHY#p0@^ZZ^FELVYHu6fm6$6dE^|Yi8Fjmf`WpA!gF~{;Tjnvr`6@Ftc
z{_si3rz`k*+uk~3%IVY!e6CO38zH;`pR;b<TWe{2&YHA$2I`YsF$3DW_a@jcufQ|&
zIk}}PZ^UOXm7m^~)3G5h6`$q)l{etin~Klu?3LGJYmZcXmZz<}&az);<P4j-)|)!b
zsD3VVeYLNTFZJ%!iA&er*k$o^C3h`eRKITOO7F@^w%5vuhS~DX5ifWvt}(>0^e*Ye
z$<#a9P7Y>Sxy^RcXeZ@Xf|{%xXU+aO+1}I&)?nooR=#&hCQNvKYVCVGgWJd2nf1)<
z9b;$8nOPaKGpBo6-g|n|cA0H!?1`SK7>(w7_m){E`uMW`1tRMq<3F)ZnA>~?aWmp6
z#NT-AcnvgWb~I1>CCG;~TYuz7X*R_;m-I*2myypr7{BSnmyj|pL0pD-KjOoP{0^4i
zOY*zAuORAW{7u--2(A15JOA;%`=9EQqZlW~-#U?+QPpRkqnR?^iOV>~d6<(*yQLMM
zuwCD$;~(_b_fM2xB)I(l6s6y0Cx3%x=if)8AKO@iSf_25jDIElkXBFrAH@ID^<)3b
zG5AO8!~gS`@q14Er2SQScfp@g`766h)pnI;?LOM|)>Uh^PTP>ScHoq)^PWD`<LN;o
zz7p87{41GvdhSl0pK@dJgrw2l!D)E9xzcNx&sC=a&ou4UtlfTIn^}y{cG-IV(k^QU
zT(@=L;zK<a4;Ur)Zp!y#_q~`~Zu{e^@`2-5RQ4)utbRImYA=8F)AvtZH<H(lSvaL<
z;%nzej(JP7{r=MfiZ9_g%Gxx^*>uX|Y|4?RFLT>mUKHYk7h7|v@qz2B#t}QbdmrKd
zBN-}gDNSlgGJ@tUU1oYy*BKL%e7y=w{K2|gNP^inYecel<>#<r*}B5=3}3&vtvM^O
zwPF>vHZ0-R`{K4v1@b;@D@ckn&z<RA`5Bn2gqbyXcBZ%DF4%*c4ck9xJ`--KEiB2H
z^J=%Sc}vdy<L>9R-;`hHn5fvy0ZHDyx1wbaTNVBGOz+->*c&eZ*n2<wYwz9$<NLqn
z1)y^JK8n6sI_2Cu!s|_)8+G_89A-%eryG6;`V47*_SffI*YK}|_nZxd8oyPN7B)AZ
zf84uws=-308o>@vFzJ;!W78|maPp(gD}2c-J-D#v)qS?v;W53h&cTK4)yAA&-c)=p
z@vfX;Olj<;YWf#+##M0z!cZBlXO|`3iVC^eSBHk|4M!c$heJp@jDTS@Hs66MfX+rX
z^-`nSe1@~&ij4O4^R1p6&Y=&Y(}$tc)4%_lv^w*a-~HCRvdB0*6FJV4_q}_E8tmoS
z86zI?{^b7j-kZ}gI?;Y-kD;8~Ip1!x=N^*88pEe%E$6A_>)4z;H#-{$w7N*`B2&wU
z27Nzavv%fo6k%>#X_syPCUg*v=}N>oh<78-!m;WWzkqGL#`zQ$fg;4G5qBd>-(ybx
z&A-Eu{{KwvMLVq7_}w}EdSL1Wy}NvC2dwK7?K)iMTI<(qk)KU^d&~z#M{vgnzc%k~
z)BD{yS%Fg*9v<CuFkh2x#W!Tf`nLaNm$&nEzd87sztr{qYkNhqF~{uDcHxo1{B<r|
zn!OLVfB)s~=C%hbP&E4bLC$(_+O7K{hbEmEbEe2%G;xnvpZu+1H{87B-Y%ZSU5tCj
zcrKYUFL}|T#(P`-_P`gfTI}(xea`dP7kzzw-9FoG^~39)NW1sBq=z23yIa$z*WK}8
z@r$?LnSAriV5;$Kue3{N&K)*r)QFMESQmZ0g5fXtys7y53T5w1O|jA!Q~7n9x$Q-J
z?cTQ2y6H6AI(_Q~6!+uoHCyt%xQ8`cc4BI@yn&CWdr)=o<4t^Q+eBL$=NDcpwf>*&
z0;Jg2(tVutLZl|*07TyNhkLi-_Bq(nF(RvEKygN}W#@>ji-Rq1jL5ohCB6<bf={Q7
z$QlxSy2pqtY<zRX+TQpppE;PuIn{`Z5${D@8#_!ma5+I%1LvIsU7vq#)6dqtz5Ih)
zPuWNFA2WO@zU-q{ti!rAKC?1w>UwX*CB~?lwv^<)#iL3(l9D_9$pZrc+@lZ880cv>
zecpkYzU0x}2m74y3+89`_NMu=g(>Tc_cZ!)rQv~l=J`qvjP~PUfW2F9)9Ae|#aAwz
z!e+qR`-Nm*jj);do?XX$vtpKA)vU@#8TcG<@lan@D!v2sc~^GDM@1SwIFQJvFrUmk
z1`>I!rdjs9dVb%gLu*bfKZBETA$rAmcCkMxzgP3q&0)K8Xk!i^H`tFFgwK*VpJlE-
z8YjOXZl8j4+NUgTpEB2d`o;Ma<mbfYbMildf%D~0XXZ>Z3zCB^Cr1U%O^^BeH`&c^
zUhDJjg+v$PBP$JuARoEJ&!2a_BQx>f?fk{bz9V$I(N~3DHagogTU#4{TJ~piNMN9+
zG;@?WsKBOv=<OX&X)ZfZ&^qX&N>B6p;1K^{{_pIqH~@OA-sm-l_=7#x6yh0JwPBm_
zQ10s0&C3q7x3*oq21laLYhJzP)B-=yrI~~JnG5=%o|xC>bN8ib!)lM&{G_c};jj_>
zu_v6gJsie4_W5Ag8|?qg`R{kTG+68B54=&lYM`^O?N9b4kN1qv#AVj`r_(aVI5T#%
zFW+PPUsaZ$>FkMB%3hz=ZYo@z+3Jm4)fTz3BQpM2r1Df`+<tE`5(-Bye>Y`uq^zUE
zbE^ApvwNEv866B%spH3tTxPZyW@Mxp8D$2_%rPg;mXjG~Q?Si*R8=tCa{PjFxli|(
z^Kd;-Vwi_}gw2v*L05CPQ_Cs$UNoU+FmPGau-_XFjK-=HHTc{8z7@fi<D-h=OeLHK
zai$49f`Q9pJ_Y_M)#r`&L=96qvOBNwe^OBsdWv2AV02^#1ECnCIy0&<m{+2nR+CCM
znk`NKfHNVd1T*bMwKSn;?5>ZttEK4z(>95g#TmmbNoZVQQ4^Ta{o!mkP})$xwlq{Y
zuI#jPEE~O%QRI&+gS=$6x20)Nz^>$!aI(Z>ZR(B_&FiT?eqxEI#yb&6D(rL8>lOAn
z>GcZxob-AHK$e3ya8+C2%8tPJV}Z(3fpM6EkKxHRk5lJ)>=Ez&<h*rV3aSV6x(LM#
zPPVIH9^tGheL_val_)6THk9<-WG+C5GM#0>=C4YAsNYqq9!!2<L^l2=Q}7C7bZTE`
z9MC52h2_!SBeupSHNOx$y1fH^`8iw7(&lGpX4n-A`U1;d@b}9ws{&ZgTo>cGbJ)Pl
z^k2VYp7I(W1VWd!b`Eupfg@hC<)h!3$!~kGXh071_<ZbByk!zlZEn4+wK8*5NifMM
zyu7f`%<v!aA2`t1w>{r8py1Hp?k?-eYHy@(TjYX{$fu4)`kacKKk)gHYsN3X?ycaP
zABBor^Vg(@r#(NYf4YhP^}(OpI&f3{^4f6gvQvep3Ohe4>U=*VWET2|7Ws2C2JTMJ
z8~C1oct$Xi(f)qr?#|rSL3z{O^Y_mf_y&d|CtSaLz$3j%cX#${%^5o=&+eLmZ(yav
zy7Wfna$nM5XCbP{G)i}?79H`HZc=*M^FR1r*k`;`<R6@Y5<8NN1E${`YxMmCM#k{<
zs9!#JTk1Qn=dT%1@ZHkoqdux!Gj8aK>OjWEZ&sumSLS0tZ_f1($QTr0WBL{1Sm|4i
zyHTHSg0KFKrSDB!zUr;1xj(7EyEArmdk^sW_I5K$-+HHChu6p%TlvP7L+pCnh$Dpu
zfcOJuuFv<b@67VQ40&^~&l~957Pz1z@Tp^gKBofbXYF2OosV&Ut*$Nidp}G*lJagU
z&oiek%*Um{pyI(PHaNfM4d%d}qkCLB*qJ-sJ?3HDDQzFHE<M=YYw70)^a`2<&)^ni
z#Jy?3!`@)h<KHUw^YSg2F$V9kud|JheQRv``HKezaUizz9<XkJc@Zzu1{CL+u(X}@
z72}$(?XVZ8pQ^iYPE5tY`QqMW9)jvR@oSi9%)h2zw(?l<Mw03}JawtN=FGwDIM1#w
zkC1Kq)DgmCwzcbfuf6rNH{Ra;!Sgt`j`<MFM6K<61eZm=%F9M$TAv)0YuomF+uLyU
z)KgtX@An=qD;-jnY;JmKQ1OAm&XM46^S2)^OGayAe(mj8rJ^4Dy;FRt<}a-U;Yn$I
zIys6H`yR7k!mqtOCwa6-cx){l6U!;Jaj;T@eW`pXav$g6U|-sM``$YA#);i$p3mAH
z;?jkF5Z9>hdOu7Oy$~Lf<PTzjJ?YPlo&*k?r9;9kg;ujw8R(mnAFJnK*=qF5l(Q+S
z+5d;V_m7L}y7q?89A?H}2V@2u6G1bxQ8)t!f(MNQ)#w})F@ljnkr=JcASlTIirAQY
z&8=cfb6aw6#58SMk^<(Y_iYVE)26+tX#f+_=3)~`-!#dEJWBf9q<ytF(mZLJYV&^A
zK0jsvbD#Tp-oM_@=koa+&Ypet&$ZWHd+oK>UOSer>T`OH8YaPTa<Ah@!Yr@7!3?3N
zlNc0t|1)AZWgzSx4!g#}$$!3zF+W0MzRMc(abwIM{683T<tvlg8{d13dD#ueeC)<!
z&I_A3=Bp=+`DNytt_~!dy*)3Qq0bw4(U&sda}WDmW4`21uDbg-8e<=)M;uMKVn5r8
zng4!7GRYc9AgGrJ72*5u`O1@GyMhrG|4W~Y=Bj0C45!R7!YvEhCT>0WU%;&?@c93T
zTk@o_N}mYblmA=Xnly_h(j1Ag6dk7se5`lSB0A=}3@!S`b}iE_5owbuI)}k{mu)nG
zE@h}?8%qf8QUXGlxV#Kwcf`vm$GRTTgf!LUBCIMV&gb*uXu@^-UA8OJ>RsEXrSDSD
z863$2Nqbz|6U%1@Y<C;Gg{ku;Ze0LhlW@gx-L7?c))(k~dmyP{_I3#yQ|WGFL6|~{
zb-Bhfbp<oHNbU3xcFbJZL+V5>^T0Pr|MsyuLE^!ADpnzQy)AX>EM~KPtj(OTN8*eQ
zV3A)MR5bxx4U#Jmz_f%3JWxzWu64Ia33}UqCrNI<^2-sm`y(~VSlROR1`ysn16bGi
zm$OrkI&TKtyAHE$x1<lSZC*uW+e)PlRu-UD>3|O(qqp$?UX~=*xl>iCC|&dxcqN8^
zibx9fvZ6y{ELv&KP5;^UVHPcad&DS)5A0()rx!nGj5&E;l*KrfOp=Et>^Fzlkg?{l
zA%mM^L#cZIWHN;ABMkDNWy(g#5E2UA2<Wlcs|#;2*=?kanw7jAm7`VKUzw8T85ZKW
zMixzrV@C}f*5NulU^jc$IS^P5*kv7GXX5eM%Vx+4TVPq4#r#UUCMBWYg0#TO_YY<&
zGp0Ri#!Q9{hBuO;M&_tmg{s}f?I5t$|I&xm#hP<WF&2ELq*$Fmq}fX<a{^!eOW%1h
z9eZ*?hsU9DRyLiL&0u9SS=lUBCdFmwJPNFp)`W`lrKO?b#ZqRZSPc~yNW~@SQNqa|
zrBxP1wC?;n>ZG;JB|=Wk*3ccBrMb;(gfCRy6G5!pS|V%>tuMG^P4j9&4Z#wI@Z6eb
zYK8ECedETDc6NQ#;c~aSQU_d~{QQ=>f|;7lHuQ)zYY<J8W>IBnh*U8v3T8;oHZXZG
z1`s5VCv+2^RvW9%&6Va$_CWs?d;XQ97xP>C%8##2utD-9NvRK)9bJ3WE~Qcy`+297
zAkE*n;&}eXmMzZN>Zv|evn%^m%^_v*UP+14g2V3~fBkUF*Q9yBKiAjyQPJ?&slKst
zyLwK{&;RJvf#I%<;WGO(4<>gWOpE`XQ@}q<Pva{-9X)*bqoRS~Q+@c!KYhJb>KrJw
zKeIWx^Q%+89&SCHUWU(~_iZ_St2OdTiLpYLk9_Wzq0jxYjlLX6s|56mS|tg;coVmV
zTDxv-U1JB}ZtAK&zGc=;U)PiLoa*bb(kwrSBx*>I94lt%NMw>iOaEleX^0&EmH8zp
z@$K}t6|HMzMI!5#yo$kIX<dgY;saBJqxI15o;~Jo)>E3Tu;`<(ql$iOV8lKgEsC3(
zz$I%R>Tx?{cYCXxXyQG~Ep9(!{s0YYD3&DJhd!*hvU3^xX{Ts}e$*Z@lcfzkwe4MM
zj!EI;cBNKbWP?P!gXfGGgt*k4M`O_iQUdFK%WOJ+JoS?KW4Mfq@?zFSoZin^JP;N!
zmp$XKby|SD7F<+i0diYEnQ~LCk!+|%2Rc(y&4x3@8#niTvFL?y`4r}9jnO%#%x!N*
zJ;nf9RARzD;XL*U>ng50MxD&(Zf_2Vh2am_Am&lh@4_<H{pypdNxK44Yeuyn7Fq|x
z4T;-lmsWsHm-?m)T)1#B8u7WRY5lEWK4VFK%AMd(gdBbfZxOdo(II`^!F;av4%A*D
zyZylu64d#F{t9ZrT_@e~Ex5~XI~d$kv3<7AuAzP>_E7?Mo{$qInG|<wos)QFv)=k6
z%;&*k5?tn<iR!y$=0B!af6U)4xxo$CUssQQxbS#B^RDgK!Fq)E)g9EVt!v$uB!D2Z
z7415<r#sZ2Y&C2!0nM7D^(V*L^^|)_;K;I$j6m?@{?a3+@UnA^^)`TW!V-L{5;A89
zKCo4$IE)=JOAR;TcBhQv75jBZeVF-@`8Za*#m6!6Z4Sk49!<0)=hWV9e%k|yIvkC0
z<Zu+WPa`<WK^<$JaytTHKTHEB0dz{;Iu12VquOa4!ymYL<4rue`y`7W#k+5WM;OP0
z(f=bHDh!U=!Oa1OliSZw?HI<2K>{A|sKU=NdGka}-t2b;DhdggXKzm`PmIA}PgKV(
z3ymjr9W-eI{?hz0>u#mG-*P)qGw30&w(4Y0e8;QQo)3$b`+bG3w~e~3dE_J^U8Lv3
zdw2r^73LTWb*ReOq5Z7)xi-Ru=ccx23T_u3S$B-uGzu2fA7qNa*cPxrYJakY1J}j~
zi?^I?wPFY>w)kDlH^*;l_NCGsFHefWh2~f)0Ch}0qT|Mmanf4*|Gb#y*w9yCr8?%e
z6G-IMABaqOp?#QUm0remk(T7y)Raw~12I4~XKZQ^tvNnTXoKJqKVb_hNA;XT&4Kdv
zg21zC^aXQmG8BC(+dOnaWz|E+8QV4lT~@rUA3$u$2hNM0o*CF4dUx7KotjbrAy3xP
z#Se(yY{%Z^j=j~6y$?C|elzv4;NLI43j^l2?Y-X->awXylqrVzjC4l=<U`&fhj*L9
zd(h#1$l+a->PMFQeRsJEZPMKB(~v<<*ITWNlCq9wUp~*2{F7s{c$UeM{_XM@Qx=~b
zm&I#tnAWz<B4Xf#!cKCxK`rGj(Pg>k3|a2Ek_1FT5(1PsM?iGz`<*zQ6quE>!}<BC
z&lJ0$cvnw-4_fwB1<<&kFwGq1LP3F@WBzI`(bE5uHO2|OMTBp(2R8Q~abwH(Pj<<z
zbqTAMctIljbP@@j!fAo!+SYbB);=MYJR``7s`O<0el=ID$`Cw%mt(G6>#v#Auc|d$
zR?@&qn-RZE3`p82MCi|CFVtWxl3*hZ40JE)rED}o4cVEJ!5Us*$|BZqjwvqI(8I8t
zHvE7oj5X|LiqHQLFiI4?-qdGQmzH~io%$YRm>}V-;Y2`E6B6?C?HdbRK|xr>jA$k;
z*C6#>{g`~&%N%=ETPXL0PY@tdHL_jKFL3NEuvOrYqnRggIe&>`l@%BAhEV+Fe4pd6
zYMYdIsUzP?$D5%_-$o-2{ZFefrev{(E~dz=p_`@OqMO>VO&eLd*9=!MDZo}gi54nY
zm0W1yq2~AouCVtNxT62dDiUo8*dH!%MNWNrXIz^L?S~6o&Ap%Pjf*R???v3x6XL#L
z--);%PKdib^}_<!p>M@!z0HAIS!$_wb8`M>Z)j5~s$J%I263nUhtWD77jU2{Mmsi@
z%4Mt}U*5(VmdNd_VKI{yvhrWZCs{*5)vp{(da`r8I#=sDqINx5w48N4<~22oaxS*l
z;K@|&=D<+<8(Q}!dA^RVm=FSfN(p8J<}+*tpbS{%wuGE*U@f>B*R3kI6uzJ;-oo?h
z2$XxP)lpF^zNkup;Zd7f{uHJea34!JpN1rGtmM<-(Mi<C;PYtDC97xMqyl4ld$4=#
zdN4b~`q5ox{(xdt)1yJ2<5jaJze{DcM@(|ax{ckhf4L{*(7Ml>yZ-9sG3^~hnkI;@
zspbdLfjwx&kDQ5%M{5@8Z6MN&?j4QW7MktQ_r$~t2SH&BSwrdQx=uE<jYV&kLM)oD
z4jojZu)WU!KYSwH<cAOauTZom6y2rfR-%n+WC`nT&sO|ptovcSwlPT3X$-%qYLBYg
zcU0}Ws`f2a>rk~$ReKyVBDJg<gh`FM2cj-DcXocEeO0k5;w~j>bsMK*q0&(Fi=pU_
zP;_S~8deiqRPB<6|L03t&snn>Eb#y<lVgDVk@?~B7g_gZz5jm2(=$`+zHIi7b#F30
zq<cDMlqbd896)DUvJeVJn<hTPPKnv8A<{}&m2vb#)u!pk5OgvVJ;4-b6%^a8Mp02u
zvx8(goQ^?(tRZa2o>bMGsx}RZ1uX^bhT6x=DoafTrn%OQjF~+k9sxr|sLtOg-5R?o
zdk;EKabA3jd9K?#&p}Dw{hgu}B>y)=LkxH>K99brnk3I}A24xJR!F!aD=}dW#i$WM
z?Y=A<d0~<e!(eWZFiE$E`G5_%<Y;hscOCCrb9Aj!k)<u}EYc-zTAMPfEkV#BQ(`j$
zvJ_Wjyo@4Fp77_zSHM%CWX_mhv{s#tdt_;CM?>c0q^O)f(>V`<u5S+#Y__#}I6Kyd
zJ6t8tfP<1$E}QQeoFk}ES!65;JfXMax=8%*<hZj<<q~AXhAmR=Y+8>&31BBe?^Pu2
z1d$+)J%lmA$P7YVi0{x$%$`grjQ!<#kuiV!Sgf-w>SxhxrsTAbTU$JAXQMeRs%S&Y
zRVCRR{n!k3_jifmxdUO(aCpvGICVUnLdRy-UBE^P21&rJPJILAKjJ_3mi_JU+xuvo
z#XdE-5W?8tA|}3A7a?VNX6wC~nppBZ;kiXy)qeT)yu&&;<Zur2hXeca)jsA*%`RBB
z@(XI0@oiL;l|Z<#zdW(%_E6VjTbYqXd1n}uI(rn2FUOLV8t5-V8B$`~gTip{Puu7&
zfRERRB~7-pTz~kT+o3qkED+loY&k2wkn8XFhl}!{E7Z&KUwSmMl|^4D?N3|i58pv)
z3;SOm?kgJo&5L5mE=;z*k%ihwf>LS1W>h>G8GHZ=Jcy#NcXlY17GH~19hx`5<a&E~
z$pO&+MB+c?OL|S)MU)ljm&0DO>s76la=5yGE80#OA%(q;(=hn^c#-H_3np5A$Iwhp
z1d_Ml@Uj=hwpEZA+!#<BO~V8E#*lhz-|K4M`T`VEvKW%^!f-YLBvTdJZWYopataFj
zjVKF7V>9Cbq*kQ9&ib-5vXDPZAP6m)0-=(nz)u}S&GE2{L1<914R=9|2Ck0z47}$s
zQeCMsTBO%aCI}edaCSxvNQ2Pj(l`^VOYeEc`zHSGY4h-RcN>Xx={t#QhkLu)NY*>t
z`}L})iw$sh0#|{cA2%mHr_q@v9KgeIB^<146`gm1+kSFxgaXy!yDn|?eiYbOcom#3
ztbSmv?C)n!Nu~X3&xmdBLOF<%``}1Ht-chvn!l(ohY@Vv5w!k=YX72*=78(N$ZW=X
z=)W|gwGCr_+ZJZJozm)cm#{)g-wcJ5WPL*9&=9r#D=@)pA&rF!tWR|%^FeUFEXe)i
z1FI~f0!(yIYyNmNyIN6Z!y=@6YyMILQ<&nfRw(Lkik5zA%qPT^_N%^W`L`ct1FQ6|
zsJ4Z$rA%3BV(+N<?{0Ch7ovNUs7G@=S`PMZK<jK(@y8NY_2lv%P0Lj0408IVJnwP)
zIW}A#2{}&yF%oc|aHyxGhsFck&hV+ftt!u^QON*BF-K(<Mx~?xqcR<MNn?^{jtK%j
z$4Jk(E7@e_{S_Xz5JI7F(d~K%A^@t#k$KxXClfSRa<grbsyxrSM!*zcw*=`)pu!xs
zM?(UuaDkMLidxSHca*7JGp#vo;Ok|WFHkWdB`2aN%}PJ(`ZY?j#R@^*6L!kGC@yaT
zQG=N!*gM7gc|MKGESS_!=WW!_!Nt_il6<3|g9x~i4df>znO=uEigSM17Rq@-)3BQB
zU53?KBy~*5Q5B`I-@>x(Vrl=1BnvlGmup$a{11Yie^t$V<zmbVc7#k3hkKucScqOg
zNd9hbG68+^I?lV{59KIYR*E=yn;-{0V~NUYRmsuY(LUf@N*&fSV`v|jsLRE)SR|N0
zZ*OMG6R~++iI0JB>4ieOR0D3UZ4s~cr)?Sh-P7jd@9wr+Q1DNk3-G_Ijr`v5`ER^$
zB0O@=<#BK$$lqkoIt&#)hL8Uy_aF2dY8Cu`37cR1r^S}Pr}J-4BMp{m#6H&sQ1CbZ
z57CC%1?!zC`sNP!Jj1>@W4_dJUy8ebr>>uXOj#0jpctFmDY9Si@;#xh2hFvudO1n;
zh<P%Igjq>vv+-#PKW$h%-9QiaJKLyu_vWqV#$NhMwTf~j+9w$0R<F<_Vig%i&YjHo
z6srhR1A;j&!8U7|(2wDB*Vg|Q9T}#!|Cc%wnbMg-02vI;#9FL9k9PoSDz7R{u(@PI
z2U*lhdjl9(va*L+*)fZ8vD$ZD9A@)EEN$axAI>Lq3Hb|;LNogB4I%^zYg^a8e&^!X
zSNE;D)3H{ZttvN{CvGjkmO~#hrrfMb2SD#l7AkHtLKU_^n@Rjr+HiE9-tHU7FVJ$m
zv>57}Ly86FTM?JZd&`zKF=kH|OS#BwgW7eLb;rr`N0Oky(S|Id!zq|_!pb=!4r`a0
z)Y9H6rC5>D!;s%wSybg|ru1f|ILvN8tp~<O60lOl5wu~<;-s<i>zvZXF+O8=&eVE7
z;l$6ZVyyfcQ<j>IX38=v7~8u2Cw!}5CO6BQsM$2(Z0KxAkHSRiqD5X}Fr*Q(S$&0E
z>`#$te1&=8at9xQg;PfWJZ;q2Dn0!f1Uj@;Ql9+U*o+tq4LDl`8?d=-z{YGh7^AV(
zGh-YOL9geNRb_|c;R;|`<-|daTD~+6bo6`KqzPj2`tm?kXqt1OuxALO2FRzXw}DMW
zseL%l-fBN|Zkc;aR>t&0&n|OkIYBrNy#YPMq4$<`)Uw`x8BCjSl%4esmCVI-j6dE^
zad0V)IA2yqp{B6x)moH!Gx}K6rzyUwU7t|v7?U18DVlxfw(XD_4h>?*g8W2BS?>cD
zHPJ^gPEJa;{y3vyCmT9!Y0D_3G}KOOk#4Ik4ZL#Zql>pX^6zx4V&1ATXVLA2wqLsX
zG7RnpE1>9X-}Va^8~S7RXPrrE?#(PWtvm^)c&7PwVoUot%e`4mjGx#rA}McaKQu7(
z$AR(##DrmEabUdRX4%FXaP*8dq>VMqbH-#dH?rZ5vjw9q(m0#PSeo~<zCYWTlKvs<
z`|ypv5ASq%S2}QttLlXFsrgO6>47Tg;_b1629K&v+4hth5~H+s$Qy4ipPjE7JtOF*
zjYsE!Mloexd7?hJ`aI1Pm#DojEOXzMmHP!%nOCH$(Rtp{zV{0*!0v<gkytUwq?F!V
zwtMO*R{>y5oP2-Z`vPC8S?`0BO<8pL%%jiRG?o!!zKyH<mi@>u5_pr@$Tm)wTMZJ-
z+E53r6Xv)|bEIhv)4a7uS8X}IbF=rpIbvI`@Dz@P$wG-Dq%~vDQ6UJeiv(}=;gG|&
zabs%T9FYxpy&GFROQ$PO?f&LwV88>;Sp`p}q^Io;O%t}taF+pLYn@vRz3kn%u|?_0
znlt)<bLc(Efn_>t&h5&-?{;t1Ua~Q}ki943wC&uPTIb<~dRwZ7uk-#3SO7wHVe5mD
z>Be`xuq_=6pGrwcTRp2FcN&^G_~vIQWkl_Srwa6I;xQHe8@4!>jGu7#dcrzeyZVa`
zj<-^hl+t(maoJWVmdq61S`Ow^F|~&6J(3u(LEW_g+?D`iPW0n=!cfwozy3n1Qm&`{
zfuubbGmcLgj+ne`G=bNI!y}RtWk6q|$jfzn7-~f+Lw~i7L`<}YHe~ChGby*}89F;;
zTb(<tJdtA;ZKL|&4R4(F{v7y$|7|q7)G6brlck%F!+APeWvMYQnlk#5<u;ag^V%NK
zx!flILmH&!kemwYuj*Oum-K27ASU@UD}oXoWO=Wi9Dt5rJt5Psr02J$9-Za=tC6qa
zU)p=Lynj{mUezN8MxDdad@8-WzUX#nIE-}4V!eDb0_8^w*t>SweHKcE5%ozsQh)z-
zs{(v6_C@OGG*+{u{fzpqy)+|W7^bn&S;KIxVpn?(BVX5ZR=&J{_Rm-IZaP`4<=qTJ
z?zJp^pzF=PTx0$M3fZ}@4qzIW2>>U-l9j)yB(S`f^>#kxp5xCg7uCF%*m=V!iKjzC
ze=enaC6;alr5j}D^Ythz-3mGBWUIX3<bWQ}8g4q-5%@c`VP0T?+HiB}f`GBjMv*Rv
zogsa5(fp;KREB!$s2aw2%{}X8d5)6<*dSyTWSM29c1B9SsOHVpf6HHF4Rhp1*5GlH
zAnK?eN`eJosnonD*m=XMU_@oP^R>Ju)Vxl{1U(;8qnbjO`~+*5tG??fJ<3kKNQUM|
zS?*lW*<bWlDbBW=1UbFVT`gmWm2U9QAnl<X*q+@Iuz5{#?_W7I?)h@IMcYBwzApr9
zg}3GxdsW4dBFifSwj!8uK_p65GzsGkb7_A3IrOeW{;GG0T}yo6(3qjMDSv>yE2`oL
zYQrMtKESq@1-_c^w`=pa9(oVQbzz>SZr_Sbx7t5su0y|GRh;Zy?bWt#WqG}<A%o?e
zVhvgNoNd3Tx^Ox`7twCtibC=ouS1>DVrYRV$H|jDEbr;3+y+0+8WwhHTHe!Y-bn-E
zc~7$jxdcCS@V@InF<-Fn&2XVP>eHXax5ww$$z0kGVcZ{U<0AV;#uZO-af*G_lsM+d
z*W=92paabARb4&-Qev)@;yoyEBp0~6-rtgzirW7owZHFV$Y^bYw=<;W^{II;n$7QH
z4Sqr^eZVz9`zv0b{b8t+=5J-EzHDf0Q1(~ympY&*(t1CO15f|SGc0ew6ETLLHTbCf
z0X47REPsGCWb^VleDw0O?2w9}{OGt<yt;6D{%xcs(oX%4xbn~9_#Vr9!4onR#H@jx
z1^i!7^9&sbKC*@!hGw^Vvm9N3FTj54MFM+<4uPMu28G6lBQ(o92VOyTwQ)(UzP>`O
z%GX!mCBXshoI=p2_+j#uirT`e-KowXE?9fke~y0M)&3Fvdc*%7EjzSLGOR(T@J_Hb
zwcq8cw_TrR(PB$q3R#^T4Q$IgAr58=0V$t7gX1jk6;?l9>JEse-WbPPB#m2O;#iA1
znxtkdVZ(McvNDj)p8Rc`xqj8SLr$zdQ|f}IoCI-LF|LT0Bfm&zBY;>|WG3tB%N`=|
z2*SY75;+lP($47V2pE!h9xGsb!Y>m#@ATsgF0ElC&*nVhsY6(7a+4+lYr<L!!)@5-
zjylM|y2c@$YePLs@o!SZHox$}?BB1@lqc5N?kHIH9LXq$-pBg5{Gurqtx{*mw(QY&
z{_s2O`A)!UAF8{$fu$s*ctpby+l5;6hth8~?a^1>+Z$4T(Ee2^73v_^AUT8qq=A{^
zx5(`H+hDKekd%|Bl~O4e<$tAS73KOTt;>dN#Dh=G$N8|{pAM2K23g_geAw%QaeUMy
zD|{O3$+CD_bl3HthXKa@7s?$goTmQ3f2lRs-M6Dp?)Pr)1JSe{ys)Q#)@B?c>raMp
zJZzb;EgmH)n3mWd6aEA)VdTLa9r~je2Wh-5-X+0&mh4se|Hbrw7LG`^!)oBQ8%aE-
zwvU*M`hMt9$N7=#Oo$K}Z7cp%<BX(_(2z;aoxA#GWx|e51pd5VGxq@p%rC^4xqQ``
zL@5R0pbuB~&06@r>cnDo30Nhi6kd{&S{3(2#IIg=fjaqsqag_%EfUd5ZZGD)T0UF8
zkiCNS8w+ZcIxTRi^y;b%Z<TwRl;TVlu63Y@4}Z&H^nl~g$J>)=>EPBY0FwVgIWQ@f
zU9-y<s#@(*!j%M$!+7gE$vQTRrH=;s$$+VCrtoQAc1CHx-wvipALsw<T-;R2ktMsJ
zeQo|5kbK}^!5R%rK-_VXDz~F_xq3dCL^=!gdF37RUJF?p$&+LBeIbJw$N1ic#+ZAv
z5r(|x55SYg0yA!sjOXD==g4r#DPh!p*M%$2`!9LUWEd)-$1x^Bf7lO0Hvj3nOV(9L
zm4*8XVedA7Bmy$zSmF3kJsR;P?p#F1ZE$<$Y=ZoDerH62+pg{6hn2_aqk1%dsTTsp
zwt7CLpbdE(`f`@g?+<1#^jD|}FVv;1R?|lcuW|&Mz2|Cu_dT$_N*8y-E!Y<YxdO*f
zaZD|6l?`0e0pbt0M<Tx2-poE&W`$KBDEDC&c0_#ht3FPZE3#e?ODcu8x=$vWe7XO$
zCj`?YoL*9Bfcr=!Top+v0iGrXj>r{IQb7ZtR=BrI@+I%87L)UkyH9F?eMKt^`va#7
zucjNEN4XfdDjUmHV4vI#9mYNwI$e<WWz+TCC|%z7d*+A6jLW?r-*ZVD{5>{J;tFxq
z(xdPf;!Dq8bUe$RTHRfG<c<xPr-q&ZjdIU4FwcFn91QHs&XDZbpJwmC;l{MpX-xGw
z*FO6p6%0Z1<9gCe#(?ZH$|7wtXu>7J_dD){?rr5^qEgcZ@36P(0Xt=bu=a7Bwp$tT
zEeN^X<(6D!l+LdYV_}0}A1`i8I1GA?^XrMU*ijgLqrg!r2W;2lL-U7y4n8UMUgstP
z+d%AZbf}INxC4#*5A5CB)Z9|L%Ue^wcTa7zcmIL<mRc&dzH#q?7VrL+a7(SXwz;{f
z8F7*DE^mF~uG)j%mL~7LwfB3Qn+`PY+AlOAWmBEEp|+u^`F^DPQf+g6-TmIZ%}tSL
zZG*R|(OXyFSigTy?JnzEL%7EL4j(_^=KV%3lz2~VcvmgecVBZ;<8E(Fw7#~n<<|YR
z%_!H~a{pf5zP+{hv8#SpV-{Lj+lUU-Hn&io+WO{Q-aTQoYft#zS}Q&8gV7(<vA?P2
z-dajudvI@U4FO<RxFxK38=G3ZEdT_sV^<TEz9;-8G_JAf!0tUf5p}+%sbO!l7NBVf
z@4r_#(0FfS(|wJ+E&#~eTwBvbjo5`w==JV8&|HtM?5eG4zJG5^eN&^*T>GV(UEXjM
zt@hTT>Zk$b3F&Jat@L%xfJzKxLSrr3OhCxmPeY;qM$3_;{!27y6p23rYz_7M_frd2
zmwEy1a09t#o7lGI{b8Qh+q9Ry)r6_<4dIrWJyURldf!}&0s%-AtS2&%ByylWx(leV
ze}8y)EqYcTJ-~sfk0Qo48f`+c(YmJQ2EqqEj{6Tp?!hQ{8^aB?R*8bp*wmOCiDIOv
z<@$(u?+Z7!?6<}tQVU>*QH&59@o4ydpau;jeY)R!e{G8r8?d_i=KVD8#u({|fmpmV
zMjviiZ!;!_H*%n^4u#hph(=L{)eSRVpEO1(7Ouz5147dJy80Rn5b{r&Cz0@ej42^!
z{qDwaiw?KF`|mYofVX}Z=0SbS{nmV>Z^roU!M#Hh;%R!;grm_&xaMB-!-h?v&3xV(
zE#$v<HAi+E3HWaV=O*Ma@YammUE9)9-%#6Bw<~<V>^Ea^A5txvhY!thk?2dfhA=)p
z?gr^5j7PM#ad*oet6<<_3(cLTT|jS|_Xck3xC5X7LQS9`7;~aKd{P0tf`%EhrnuN!
zd;p}wy9t!T+tlohqk2=)O!;h;v61Rsug@tevz&+ve#fD>K=Er15<#8#h2mG2uJM8*
zHDiRWNwEPq8uk_ky^;I982tJgplRd&mgaEWV3uy$w9(6<4I+z4<Gr)EawB!4I8+7%
z-)Hu-m<UOExDm6i*#sO<%0GbGG~G+nO`vR(qIjG^Aan{CZ2|?}rN=il*0-R#{k1Iz
z_8J9m+QW%a4gS-}T2zVG#|hKsP#Nlq)o)NpGcHuSe{T~Ol4ftTsp(#nOCW)4Eqt)P
z;Xs48cn=`pU0u5uII!km4JaLNy0CgvS*5oaIqGY@Ym7CC$5qzuI{>^jV=HM9+wa}j
z#4qErk_va~>lA1+YBoreg1SL{`8cm%6Vz#V9j$AEP#H$wF^%@rVh*97`Wo3%dyq(W
zeUvvUR9jP95A3q$S~CFE+=yYuVu<wtbcu%PK<$1kGU)%>+Q!;uqR*51vB9M0d?7Pv
zgx8=DMrZ5p<3z~px=<WO(@^?;3{b7HY#JonO0&6<X4dY;`oBSw_B8D`i0qBOH-ry*
z>zc#6y_kRo*a*cpV{YxL-(3$lRhp!U6IdXH30*VYy|wqRY19GLKr@r*a9lEB4S;8+
z)oItQ#?lZzfZ?8;T&SeAz1SpV#t3Sh@9>6bNi=%0uJKFZX#Fn4HP-G19ndjT|5$0P
zRh#N*(f4j@YVwv5XJG<i(swgj;By|#1&B{Q(S1&7Xr39%d1Y}3?bFx6N-XUt+iIy<
zNQuGuV3;_fVEQ*VHRxn4Qi}-<OaP8xtt{3#Fe9UZd&MU1nJcP}yn3S52lht!TH-AQ
zzf;Ni9W$L-|HkH~mZqAfD4`Nx<90P+YH%>?yq~vn!#V>JyuX~3?gEv>B#GWnD=!FA
zBjzjmZ4^p$^#BGB1FLtwMF%X#J~j_3fpJC#N<S&7+03|9I=$xQ8s%AY%3PC-`oY9d
zRV^4tFdxyV*{%&u-b$TI+(3-Py2f1u9imW}vbBx8`zBmMl|gR|nM=Y4qE`0=f~L+r
zn$4uDqTyzYl9_+Pyuu2v1DP{0W)e<Qh}N33xf0y;f&JccgE_L&nYhd8rIE<|sMFM@
zM$QKr+z(M-kP?CVFaZ#VqqSyoT$M5OM4I<|59|f23t|wi!%c-)aj>Y?=oknxZ(@nb
z)(PwMeE<#S6d<evd925*!?&82gWiS%AdTkQgL#gbi)zZlpnT037(PE54uArIYpZPx
zV{fpFcxlkD0~oC}<&`FqP~Xh8fYbNAO+euNR8OtB9IV#a0W^HlP}S-S!xl~|cVTVO
ziRONAPe4v$YWd=2BokukcywGcJ)fB_ejKq%^F_d#N;(H@ka=31X@1o<>}|PU*aQl_
z9>|K>iK$MT3|iz{u)yv2?#BLUFD(%*7})*PG%S0?e7oZ<B}N%=p!`!iS-+pyWX{o3
zt@XrKP}!J6v_Zo-hNA~iojKR_2I`Rp$B4;Qb0A8XKs4Ey9kjdRjmNBNx(|h-K~rlt
z_h8hv{k1jN+hCRC+X`%nn!RXTy-tm({aCVN<r7@2)sWa8+Og>LA883roJWeAuh`=8
z1{pvDzogT7nrXXq2nq(s?yCnWpc-~HdH2#v7i&4KEuh{8IY3o{vHVVgP*WrI2m~Mf
z<|7cQZE3zgq_5vXIfw*`ppxr%@3{}K!~8LqCTrc-F($}&cEwnzfC&cDnsbB7<3mQk
ziIFB_L~&=iv7h86c^eNjMEG`C*l_2DHPrTCS(&hUO-XQb*(S_)n)9nGgNWZ)xnAJ)
zQvcBT-L?9fLV3(}h{AEWY<A6np^kMrJTV$zzIZVc^MIUy%|@I~Z1p^Pcw(No@2dgX
z_<Duln##p$Ah)s<4F?!@fR^ppvTjr94t&^wFFT60;vM`e`n#r5U3%N+q{Wx`w17qF
znp~8Y8()K72mkh;)HETlRpaO8olvu$7yl>KOnuYq<=;NHkCXCSwSR8@3AJ+=8Sumh
zjLm-rQ%Vto>F1=6E1y#6?VAW!ijTGL^F~lFe^URZw3UA+NPP|-#M%HXH^&w@LRc}e
z9r%7jDC_Nj%oqL`)b1Qud}v*R%a$0&;oDw@eyRJ<MNIAfEbCdZ?L~6;ly7+S^a(=S
z3j+Q-&(i<4=Xv;Fc=#tg{2UMeh=-r$;nO_)3=jA6@Y6i}LmvJC5C1a{f1ii{iHD!$
z;T|6D=Hc)0@Dn`T$;02};m3IR+dTXz4}X(~kMnQ`4?oPq|H#7+@o+m2f1QW_o`=82
z!)-kL6&^my!$)}dFc1G74?n=ef6K#v!@~!8_&y#!z{4#(+|0xKc({p&8+ka&!}s!V
zJrD2U;W{3!<>4A0j_~kK9^S#j+j)2!4{zn+yLfmD4_EQ<CLXTj;R+t!$io|WxSWUA
z^Y9%!T*||1d3X&EujXNmhl4!4l80~S;pII11s*Qs;Q$Zc#=}c_xPXUM9?s|CTX{H_
zhZP>q=3ze%XYp_*4=?253?BCJu$PAy@bG*dPUGQuJbV)m&*kAcJe<nIZXR~=@N6DV
z;$ex0XYue19-hv_P9ApfZ~_mDJS@=vn4OUea_3oi9C-c(H0D`6OY!*e`@f&5F!&5g
z)(pUAKAyRF{*2#$#B&AD`*<$l`8PcOH=ft<+;0<vU*dfZ&kJ~dg6A}zAL98ZJm16f
z7@p&J9>ViAJV)^SEuI5-n()-)sll@y&lWrtc-G@tgJ&h4LOca{a`9y0@!?6sGY8LX
zJT#6o@J_&U9qsuOo~wBNA3XmP&;P*lHl8=|oX11y$zrA-&(HAu7|$s@{}-MUcpk??
zcL^NB^9?*-#q(u6lyATBZoqpto-iJ|Phm5jJMr9thkRs{MGzTH?*Ojdg=ZbY#ducW
zS%zmZ9x{n13y*j_oQB^vJbyu+|Aps2@ca(Xdw53iP}<+%eF4wE;=vLiyol%fc%H`7
zjpw^~$Y1wA;`w_#NAWy>=RQ39@Z5`sWVw}i=>DO#c!GGofag|}AK#w;4*xei{u>AW
z8wdXXfCEGmiB6hrC7Ns4OXQ#P;zu8j;@WYiiJ>aD4ul|&59FHsc1mZs|1<L*IPdE%
z`4?N@6js8wzU2>J%y5CnhR<$s`foZGOo*8Aen(>8(8Cwu_$fmcOF&1{hV(kKl$RzS
zkulpvXWRcz>u|SCtOH$`Y@_iZ_6;7`Vh_V^@ew8-*V_XPJ8Z0CJd(b@_^+g!VAD$$
z&3b`XL`f=1o&X@&GFaX-FKa;<=_{^RLl>8FU&YhaJB5pjT-ghmI3r+#KVMkJOz6vx
z>9o%cY@7~@;adj63x>n<$HM93;WQRbRl}|;cD)(rMcuG1<a2FQk6L!dgLlI*yRa75
z$=xkTOE7#F^9*G0h#sj05vFOBCj<iv7Iw4n92QPy;gsbk%um<Fp)+Q91zEFSRQr}2
zzWzo<7$qg;8o*fY&U)N7YxEr$*y98;4jyL+udlEWXL%~%Vx+8M(_nX!_8xY2@1GFc
z0<?WIzqM;>S6>OnDM9nO;8$wvLLAl4*&GTdzdri##at5$XZ-%RY=fQo+(QG%oa{3?
zc3D+@b1ol`EAM0oHfZ4#7-*!8zVfu#_ReR6PC=Rz3cEw$6elb+(CHLdiNJVD4bM@-
zDQW*v_1S-Dz7)?_>~Ohr@Sjwli@m|!L2g8Is8O5X8c%X)zB#JT4bNHn7%*Q7>^^W`
zfdfSmhQiT>h<{`<1H+ya(Ra&$Z^5u{{+KU)+?UqTb=dUvJqfq2zzAC%g-?t=n22dw
zh~-B08agBLd_<8IN`*XMP5cG9;?P1k4R2cNv=78mw4qD-uMDJzZ#G<5fq@CySWqap
zr7eEdw6>WK7k^qpNVN&eQXO?iGwV__G@A|AA=a(V3k};sj*2Zy7V)N_R=r9<P(Tya
zgg&_Xq4&>ud_~Ssn)1H-?I{R6!Do{{cpW|jMjap6J)7sG-Ck(_{jD%_gKy3>ZS9Z6
zl8}&HP*|bj79Z1*nP)s9P;oJX&JV*jsSKQCX~i8z>jM%FW=r^}xr96T_Y$FKr5rTI
z1n#vZ7#K;i1gyouVdP(h{FbGWgk$#7MLIML(w6l?NlB4lCS9>OXYr(T8q(Q{R<B**
z!O41wxdi;oXMJqouV_7?5YCdcWz%rGgsRYA0zsCMe-<8v&YqDC<EKs$0+59#4t017
zlHu4BCbPRvP_o4*2W0VNtC|t_sWga>giUe~S3T%i$OskbYfeZBW*^UXAmPF%^nP+f
zJG~wJj4|4Sq2leb8*em||K|TEIkTE%OL`^YE%zO{<Dz{l$i6-6dmG^mz?Pk>iuSb4
zTffL0_N?Qp;q=D55#;O`Y@5cl<FG6rRTJS};}LVc85J+LY71;?cYe|BW?XI}`o?<6
z6$QNp`82`%v(KiW5B5Q1GKE_mka*RSuKa?oB2{vPisz@Tmfl!<;{U<d$PP8K(>h=J
zOLF0<<A9WaQ_6cJ?M<=S{z!i1!xz`MDg@z<HJW|K+HYk?-V{U5<62kW+BpmI3oK%l
z{*{1e`f$ahDNDyJPAkaDcut0=#0cyDD@@Ct%vvI<(Vg*Ysa`+Mk~}@FgS~Y2@1Lr>
z?aZ*PdDiK@`AZH>KYU+u-+ivX*?(r%GtcBNfo*ruvcum<UiF}>nZ1m=!^FtoU+&)g
z^@7})xH-(aY7Fb;1b=5&U}^|Ib3uOl?9H76)%MWKe~~-kA%B|mrLC1(*BsD3Ye;Zh
zk0m^j#$dL}il6v6^hG%_M+*ek7HorqgT(B-kSMH6Ecydh2^Rh06$kve_-EHGngv@z
zpCAx=Mo-AIhkD|FOP19eJpU)+xN<h!>17q9`V-si!dUNSC&qKkw0A=Q_LGx55Kgeq
z#?pnOCqFbjbIm97xT84h3|rxowehyXPL9a<`UafVOtL?Y9YAb9g94cN?V(nwp$!JH
z4OmIa&d2+Zsfx@PqqBg%>_2Rm(pMv^dHw^Jl{jK0;kXAc>0}31h+r~o1ATrtAxmE?
zc|!0q2w!L>CXb45h6K9S7l=$}_;2nE@d26Jkhnc5eKoB`2H%BRUuTDLI1uM1?;De>
zVQNEG@Fm8&Z~72>MvU_>j<cL(@M@RNqen`4tesV@F171RW(`$6$!6~!kkU)Gle3LP
z%T`y1GPmoV7KDJ5<{aK?e`+khMExYg;q=|>8_-j&>r3%neKax?*zn4GUodl+BX>8A
z+;NN?A5R*f15&C2WPzPGeflF@43RgFZ_`B?T|0RrvgpHm7|;J*o*Te**F?C!Gdvu%
zJVNr0vEDv0&P#dBNBM;L1Q7J$4yz71ecWxk_cJ~ccVc*Op00{{zWX2O-rVtIDa9Hq
z4->{-yE6uos<G5z9iK+wzWUcOSKmOJ@)_u0L_DsYT6IT>ZuGlKB^%aLONwrT6)XG=
zZE?G}A!=WpI=u{h)65dIh_c4KE#UN0x_W*Va~s@~oUXY!Emi+5S8qOV{J(t$%#dFE
zbcK1iK87Qn9y@#Oy5Cq8acF3GdTH=(lE|R%I%ex5z9(pU{nNi)5o10M-uye;AYIrD
zx3qMk-2zC}Fl=Kv+D8nuPuiXc$KDgi=i=DmF$3?@t*oFJ#4+JG9nMVJz>QK5COf-C
zjW?iyj6Jz5l4c@dRrBltIB`lZJ+vQ3QPgdvZG{4%U@dP1FtF^XRcX~3iQKt%%o<mG
zpN@|OlZS(@;pon>Xt*wK0_BUr?_?{+5me<Qu8=Uuz!oVJlcVe_@%G2tXT!1`L}ind
zVcJ07y@T13*_{q%bFnox>48UIFo9*!h)E<HG=k%@anibLI*<e>t*z!0eZ|=bLK9jz
z`zBM@39!=r1a_vdu5V>$JjXmrj~@sB3SEQXd+qBMW6)j1w<vEEF2-+HdnY`$eJwHr
zY=n8Z(T%Nw{E+9&oaL=LN{~N|xjxA1IP&;yBW}-sc+Bo%9C6Jx+SP4-_l@+lf7$Z0
zA=^A1<bbA+`f#+QLRgNAj0Ed*5W}A!8)%Nhpg!!7<bU{n<W?Nt>rvTFCo37d86Gve
zJ}V8b?XmfTrNO6C-Lg+FQTCMv?@+N^7Yo1qN4e4eJq*?<+2`LOKj8neoaBE^-r#@n
z?ItW*85`SG|7`S;b?1ZIoGmvFwUYO=T>mX#ZA%}IH6pOUY|aqF8M<3aA6hY+`D}f5
zoW&nGGzji&D1D&!Cu)*UXXiHf25DR*Np5_~J<ZHp>TBO+de)b1<|+Qz)H)0ItS7!U
zHn(&!Fo%SvfRCy>K*So{aAKe#k}IJyf*I%I@aB9R-n6>>Z*ZWnVqNgM1JJO+zi5|n
z?g8#Mhxd++(xoUHI+fM2Wjzp-6Z{H%)+cp77ZKZjM#ptb-5Q*hG4ZK1_Bu0mJ@D!!
zCiC6OQ)#PTU+przxWPr$a-0kJ0{7KZDE#Z<(hBpyg{*u5-X;T!G1$17v}B1;x_lKQ
z$4R%)UG7e=AeZqy#Zy@)W~RGY!%xP0A0GUUEmq>njo+AB+;TAD0bdczT3J*o$z`k9
zGllK|0(78DDXl14QYe=C0?Hi)g^Iiw^|68L{>5?`9AB1|Bnaa;1Wx!(@545EaaG5k
z<TC#@fGiq!r4jol19tv&Py~Pu%UP!rhseh<4$XS@lD)>e(RfE~_&RuxP2TqJ@LpGe
z(`MJS_4^v&I~`|}By+T{i&d@FvTH~M=`Zt|XUF2|cCLb>)<HO#f!F&eTu*MS4oYtC
z=6os&t{<_?TV-7lhk7Rb`Ug3k4deXT+Q{yq4II;URQ;U;(23@&&tR`5d9zN~aRL|>
zyQ)-N7Fhkbv`MZAxW8e{tn1>VJsScQxUe=s_Q@i81_YH8;l+I6Hx`=**fQNSu82;X
zphPfcCzIHz)mh*?bD#XpSPD6JOeyt&rR20s;&eU<zTGU3(bvWHh<s>>{rM2w(HbY`
z;(9M{L$|ld+n!>g^F_YS&93^#H8cbn7y`@z<l^wnC%Se6_{89GUA&BQ=4hha{;h}`
zbpVW*WM#gp9n(KK1oWe7$H1N-ik#`FUG3OxKs-_|=C3)r!mf3F<&Ha7Ejo%rJDtPI
zld%b#-i$)y$}33}(g&!XhdMR6-CJnac)|MNQIzeVn#{`M3zFNv77?qyw~V@1Frj;G
zX9Rp4n~!6MM6L93z(LDp9W&#~Dotm<#%R;DRg>%9bAXb3?Y-6aMS^@<y;zqr7crqO
z<JMR8*P@zoV9R^rc<+~ag1*d@S)ts$lpWW?7R=HU+(!wH7-jxZFLT+~;8-%3ZfD}$
zT%z`Ck=ZYUbLtea?ZhwDepw1-B}lYpjrabYzGfjnJ@kw>MB;nR!8h17f$n{6Y>Aq?
z=;V8HdTB@dlX`bMLv&&bJQTZ`G2>Kzdk3T)<2aa)B=nZk<z}_VxvWDRT!ITXzq$-Z
z>}oipqvbxI^+*c2DJhpuSU2LdVY3WqGx2g~1b(ipc;KyM*NQK<5lI)}vpK!mjS_(K
z#vHh&8f4%ysx*XRtYI0>J*CrR(OXQPSVI8J&Uo(+2o(ISH}yi*muKrWd&ZLZ;wzRE
z;z;)MdR8<*P1z_ExbpKCFJoeximbbxi;b@IXFZZio>j`>HpObQ-WTv=GpR4Jcy%;^
z`Z81R3+_qMJJTQ6nKAhHC7L!94we}+mSNVgbSO05d%;<R+t;S_>b6P!`N8EcqY$bb
z{zR~(&11R!ab2k}y3zw=s?+iOmKg-XVhhg?wW~w7c*ng=@>1^;p3Hi7nz;;sVpy(Z
zuZtX9lG=Sw(aMiA?9yx?)X--@Mx4m38<<9=R?>DP!KATpu9f>lK!H3+F+LiULkR@^
z3E+c3r~#ev-Zx^@BIaSoECrq=r|f4*&-n<tIgUm70tWbBoZzW|rG^aNYsw<PqoPe^
z-;9?TOpv*Zir4J}?C}rmzb_~x;Wc>95lwnh?Gml=#a+fuV#E1TjQe_L0SteN%wh9K
zoYQbKugh%b&;W)8XK{&<<73|H9qI!B@c+?mw)XZ{{}8aL4Os&XayCx<A|aL8`%`lh
zYF@8u_JMqvf^3#mGwH6A<Frauo6I)=%|G<Mmi2f#-!G+MU!7rohM<T1W&ENI41Qt>
z*p)<GSnoFPB#rY|wCdO1o&WBwnuF7%I@YxJ7&3;e+n4$wZ6IQkb<`~p-8DDWy{~|2
z6SS^fF@_!Ffc(0k4C0k1C<o&FnO+eaxFqtqHS1)oe}3G9X5Q8(OJGuPU+8+4_4pF4
zYagmJ#RLgv2=Wh!<w5?Dwc-|t1OIbb8(Lvph-~=@>6+q0v=H~J+{lNhY{x;;eR}Wd
z;_ve|><-j~N2Mp1ElH6wti8c-?>9=`qE5pPN4}Q4>=DQN<6_%6oBE{wbJqLg)3LXm
zHU>8?wzm{{{>T~DV{+>A;d9pQX>QbdEMLQXXZm8M=J_}@Ez>=-1gwsb8A+{coi8O4
z%$d^d8NL@`;5>ypD2z1ZPxA2w?3p-+q?b|$XOaQo<B&7co!U0tCcpt|+fRi$I52D$
z+DMN9W~*B|p+=M8b=4eOI@4JXuO-#2^cp;Wnq(KzJ-cP&JnN|V=y09Cf_7-`jS#(h
zy^FJQqq4F*p^yP&??-NnIgVU8U+q^)`z=<KyIECT9vpi;J_Be<ZuB0s;WbdwX2a>!
zFnCzG0wcUK1N^63`E5>t=@$!ai0nX{gU&aRes{^=pbN-eauA#<Zqc|9tMo+?6dSFt
z?l;}cad(wh{o#l!wf++8I!tGEvvKY<aMhd9cMrMAY?E=pQMt3azi25NFjl!eR|A)d
zGI3~E(LHzE6j8cAQOe+wdfuu#538@;1X+tyz;;KGL$lQ7A1zx_7q|egoM>1d?mEAa
z^O3BShCmNz>oJrr`?C*MdaX3{UG0Xiq#RScuE>=+3~oLA86};1|5ovS{<wrZN>YE9
z^Y^nQMR;S+{qwsn@bNz9>46u57g%>gR!Rj8tx~BEt%a-rU}*h~#`dzf=UV-RT$;UT
zH(`2;wQe|vd+XX@Y9fbA_pMU<()j+uZ6kNB1YRf-{1v#&6Z-(bFbPAU_6UXW@sGO}
zszmsh#P;RfP^3s<;x&(|k(bs@a7GsMM21F*8Z;`vXWH>!?~KHMLmalN@JL(r!pc1t
z<PvZL@LpRXhxhb*GY{+St<qK)h=09m`-;I0Xe#&P%iWebR}dmhLcmM@aLAPkxOE-g
zaz=#D%RT$*G1NOV`nFOx1`7xk91~IDQs4ri0=706?kJ#j{if=x8%=olx%=8Z{n?ou
z9ve+~EW&>Gul^%CG#JiGqlec#t<!JhthTCSF*pew2%ZkOd|zbFN$;>X28R{5GUey8
z76%BEf?gw;3C;iOgNcMF&NGBBKgOK|I^Oge?~}&+2mJlLl7Hs!u9Bya`s-CI$U`b;
z@?%t_5LCpG=}u}}N<^f@2k)ROz!@EcZ@tBSTcqC$!3?hT2+RF28@15QyThS&Jzb<p
z36f{kZO6A96`ffEZkx$OeX8<v9W~m;z%@WaRt~zq!KB%LhQK${pIVKgwua39V=ohr
zF=*eocD*f?3Nf+*-RV+fzb)rJE4S4Su$deSFYCov@zl=*a&`<J0zEI`r|ipbrfAv(
zSlxFT-JeCyQ6m+ZtwA6NItwZVZ_lFt7!fL@*2FVfu@F!KDNKBp725*A_V<V~5e>^>
zI<77k{YRXOz}FesoeaR><g4F|`sB!mAAW>8Y7LqJe_9#Yw?b={@rfee8t6x*{UAe}
z2;FffXb}1{kqG@r98?9>Cru?X)%`hS1lEW8mC{O-yO7G|i#84YLnJ)?eE+Di;ef|G
zN(p8U&Qc4Lq;n7`gYe%M*%DZ;o?9JD2u0AL>+o+e-245uBsz;v_s9+RK3hW9h|rtX
zH==1^-S`{g9lXC+LOeTstCpa(6nGX;NNJA*GW6DSkL}E?MnA{j`~Cl_FA(xoa^0cA
zZ#V>3rr&U^_E-!V3(9aGe&p?A;J1o9%^Et-e0-}|@(=K%?2q?`eFV@u0%-(Op6}Fk
z7ngAlJaiX+TAqoZ5ntY}LW33b%SQsou(s*Glpg?5y2<n{E%S2lm9(Nzo|4bz`vkBF
z%RrkD;H7kq$M`R^S)Mb3YLh46Gi}b%98a^I^DCD<HFnJ<MQr|No2+(?6fLJ~T`*hW
zQ^C>;VmW6bv-#`X&bKS1#1e-9@9B!-r!e&Ci5x%h)*Et?p}@)hhgIKn_(!u^0-Bzf
z0t`{RFu!<vdS>A#c6%Q8EGw0#HRdz;3hwKj9p9O81ye@WhkHAGJ1f|S82q4rU!VfM
zgFgv&eulM1Pr|Jtj2UD24*tm?pVvPz(EBH68_fcovjjy8fB~5!2RoYs%i%Nl+-kj?
zp)m~IaPLphaeB4!|FKzNwY|NS+y)<kbxwGCysi!dC?nQ?gq*OLb7T<ye5c^}PYoRZ
zse$9Cj<!F|cjpF^4dmn=@y)@`y`gvC340lGi^AAqkC-Hj9yN(czxbGiZouFT;F2;w
z+(B|CZ-p(!<6VxJEZ(C%GY2q!>E=$jhujyj9RhqN0wkv@$A;h_7@qnqfS@vU;5wu>
z_6B=??NRTVqpLE#9)`;Yz=V{?Y3{1VxLnkz9e3<9W{e@QhS|*qOkhHoY(}FA2CdNV
z1scX(Knd`U0vZmMkPlbg4Xz@etj~aE@0Ez|x<taoS)3KF_#oZWyGX7W9>~CL*6$3j
zA2mUbOFtLb+Q;u@<ZwOMhB*NyRL>NYgYE2{;hfR$UXSgC+TG)?mBiE(RhrM#5JF#-
z8oOQrYlbR5qi&d?il@~LGu8CB)NOC`dGejh?w`G@K#^$jzE$FUI8i6fV)s_BdGCo_
z!8YV{o*Bl{lPJ+eEX&!i6djL;6Q$wvN(nZ_=jHTwZf9--#yO*bbS*_#UtqcPPsg`+
zhSPH2xgAzJ#pD%f_kJm7G&@f{H40yK04)8Wg_0a>k57BYaBQBF%fc~B1kacQB2Tvs
zH%`dGY&aw|Wa{fz@aP-{@?fn;_aYKb3r+3XH%6rds7Hi%zF5TQ?oCF<DexatkT%K{
zZ)-DtJ7^Q$3SxBeKL%##*oM#l<?W!gQ6CjO?wL@t87;&pS&CJt*>G21Oos^Rr*+fx
zn|Ipac^1-Pe7Eo!e#L0|J{zwp{U-Ong(O_T3fdmiJL68Z^hx^BPshjO^rPq>>wSpG
z3fC!MQ$9tiVeFI7i?~HJ#D37eSxQY$psH-xe8S}CG!EW4S7KFYz##qPJ<)kPXVnuP
zqjh41FfwcqqJm_f08@fwm=XZPXyi`wYv=3SH<_f${03(6G@nm(4CLKLY~N{4mxMZ%
zyb}{6blS=UStQBzGO*zFc*b!NJT(f}nEs?07rNNsuB`a95trfleshYZoFM5Xw1d$T
z^d0DBeosmNP2^_d`|9KgslZtqsfJQs8M_r!h)IuSJ)4W0<Ke%Qu94?^1-zXEOT3|3
z<2HTJYmyM+dBPLuG_m>DH~xl9h~z0W@5f353hVC3&QRa54JSN?>#;Hf+`5&ygnEX%
zx9E-zpTLdv^tn{kI<0E^H02}6ge>$xHE>^S5(r?T8LVn{R4dDI_e>&YBQBOV_$|II
zo@pk+ygW1xu)hD^G&2hQl=eeV)#jurXbqtGd64&&-x6b8JTpn}2)3r;uHYwjg>6wq
z=K<l<3>DxIZE8?}4O-4?0qe^7Ds_H!u3~@ncGmqjRs&ySf!u-DGP3hD<az^UaL>!R
z+)nLzC1LHeNia7fOnRP#Jhg&w@+I}9jOyUBAB%0<gja75b$`e79MA8oV&e1JL-G2w
z50$<zFj%eN=vYWdQ;;J;$XTveHY$d+<C^ve8%h9`z|AL~qk@)uV)sYl;5rDIM%Sh!
zqp02cXO<@zn9^{fw8C%yQ0=P@ZYdC*enErvp8c7+B{O;8^w6$02;uAivy|%j%Cww<
z(%`Zs_ujkM<hbr0`tVvGb0vH_ULE|?(vUP8EUF+pr<JZ>{A!*)=s8M`m3;jW%+A&q
zBg0y@DC82;Th`8T6b*4ayM>#hU1Jpq_*~WV7rEk>A~-03sU%GZ1dBc^t@tw}r9AEI
zk(JQSd_R(;YiHOGO`qP7=V78jaB7jV_6`URt1AKy@DdJFzzB?|a*0Q#H}RPCMuRCZ
zbF!4w!21w{n(TzP&n~T29gi@FVVR3-R68X%2rHRQ@(E*JnCkAIU<dQ(tC%-nmd|}Y
zDdhX8cupF(@c6qyKX9u_rk2HJS&4&m7AiBcFtha@XdQ`3ZLQ&p-DOX64Oq>^i0krb
z2)5x~4FugaOzHEeHJp>Z?#ZZ;HBYEU-%Gn^n9>b%hL9ZL9&85#*J3dx=`b!NK}0k5
zD<p{MjEpJ$o`2Y(v$CGh4tc{!bK3&|!WgRBfOrui2oG*N-QbDr@cewo4QlDBfx&TH
zB~D@(zfK58vQ{av>T&ZLolfxZ{(U+=;bM@`-5)6Of_MSo0^0d`LR+<|0>C@D+%BbL
zuRvSw!4(4JcF?Glzz@ug<YHStXAi0i<=SvG=o96GTUwQ_vT2d-dG|Dhx(;iv-K2Is
zR<u(0QMdy;tjbwz`A1pUK9<;MYxHedu_R&seQMWXT7NWKK!Mxeb2rHqddFl1uEUvo
zrv5AE4~E3c;MLK=Q1%~IBw1^JKpF3zS6caLL5?xes9r<hg+7GL%V78xF9f8JEBryU
z`vXO9c_X#_SG?uez>ssqFUGaJB;Cfk1T>u~aJFqo@vexF^SpmX#DzS8;6+n9CkL^6
z3kH;n8@%X^-ugfgT7Y0q9wfgQxg)Zob^mppF3Y-hM(g*c6_|V|ZeQwgLWUYI?iy*;
z`qKjy@rl|)CD&*R@%5_mRlu!@Vil*Vi&bVhaji^5&TI`2DtvI8%^PAM3Q4c7SZ*yY
z;B!fK5GOF1a~Jk=B=qoB2h%pkFkc&q6R}avpxxI8$xA3rgZ5@k>DTE7pD~8?g%`%F
zj4w*hGIHjIMLGdEy?-jz0xA|KH}Ru?GvFhAFjFW&yE7xs%+?16A@Puv58PlT2XX^P
zfcj*U@El}(B#y=232K3Tva%wHxk*OdN3sezgX9#l@(KI&udoI&ku9K%5ib3{ASOJG
zNi_(Wes4%!bYyaZaH_U+IB2A*s2WgZF89c!wiolQ>WTNE71RkAn<*s?q6tzS&FehG
zhQt@Omp_3iI=M!?jm*kk{!4!5QRvu*w7Oa{B$JX*CjP&*@11wQI|?y^b=gI`HhjKh
zI6Nb8EH+A2V+;5#2|iHyAk3KTaNcMzubsGw_PYhlWy~Y#=hTKLO0o5ogO&qXcyRnf
zoS|Ijz}T<;^1E(xo9hpI&fElA6}-DZ2PE~f61`NrY-StIvI$&rcXhb*7+ry@XSgED
zVbgX7>B3ogbANXXV3Zv3sYXS#Z8WKBK4c*AO!1y$)xil&F)nS8k73JfSf#}z0T6KN
z`u^9~996s57Olu%bQBjWc*Z5OCG8?f@$^Lq_b*}CUV`s_{Z01YBunC3Q@k^c_=UzB
z2*=ZVjW^xe^U@#;4fuN=|8}$SZLaa2W4w)fdmzU`YS^5R%_-FdF&5rGj+0~I*Wfh7
zJyGJM|KLi=FC~{_;SG550)Wd?<XCFlEyZSkX}6y;;BycATw}iEPp-ynDY@?MJWSV_
z_zPUum8s5#)EMh!0pI95ojj}$A78xMfRr>q;E2ry9!<HCk6goz>XdaHSJhnr|0>mx
z&4DJi{Ry(E694Hq)K*zfyZ?0HwAp&B#jS-g%%*`$0p3j#4pwQ)AO*mBs2H15&p?4$
z0;`w@?LGd~{v~D{$p@A&*F4X_VyOevIrv?s%U?mPaiO4r<G6E7%a6&*n37!AF`a~R
zw-Ib`7b1Q^9(NnI@j_Y6vJSh{fnR1FWcdkJw=}HUZeyac#7PV?UW!&l>$0xF1i=s-
z;o35zYTIpf?hT4Ymm6aF=(ft##uPu~S-c3V&`ClqWRi~s!njWZJ=DwN$W_-WL-?ga
z8fI0aC}s_mBO64*$Utz;p!uyN<66k$-h<bW54l5%AAt7TB3=KyGa4_Y<G=|#cnz}2
zAV^Rc_ov|&wd!Lzo11O7?MaWkX^S{3I+Vqa`Ticxyd(Yc)|g*k%-O0H)*WKJgo47b
z#;blLgQai65SAXh!yrBKu^fh?Q9*Us+H%m)RJ?Uft{55rAV#$+JUyv_V>t!oNg<yz
z-@GsmeTXR8XqE{@Rasn!`#$})(r(q~ur_AYtn)DN)#*7F88umR%?lhWS_0Y2N9sAl
zjAYC;52WZ1Kl{V);_z6fpZym7+y?@5Bl;Ofa?fh8==70+Cz)^W>95|W^^^pHR&zi>
z_r+1reOY-o{q8h4cu>&OF**xxwm@}|&|L7T6G-Uk8<5b`F%oLc7u_Fj?>Q%E0m;OG
z>YQE?6*@Xd!m*f~(UdISnC@^=aU)UsR2kZn-ygG=H6laVuRtG`kzkMdA-U_^(%7#q
zUcC5`At+N43WMXn!mULXTwv2Z{;NCVWMr-BaW>rxV`getbxB4ByKeC`OtewYD`WTl
z>`G~HU4{0NFLph8Rr5`<B;)L%P*=dP>#bAM&G|Rt=9_tT-q0SP|K)Tgp&dL%Yy(^!
z43+0p!*EeO5AncvOe6&lJPfuGJKwe$;6xNVWhr3iXX$gaG^my5kUZf#6ln<Gs)Opw
z3VS)XXoWT+hU~{f#R5g;W#?*kIA#a2KC!zwY3$`&aXsy+Q5er+3jyKU*Z?Ak@rDIl
z?4~HsfSp$Lpox``l#hSDEqM}zSczuGA>^`T-fw={#xGOS<y>*L<m0A!v}sE|dx|YN
zCKGK>VJH3J_+bdOV9;>in8zARwBE2LpUshH>OOSxSxS9F36^x~T63CK8~-I1o=wLh
zIU`ors*9S=RTX?GGa_ZS&dAh6=WlFnSfrr~9ckv5e#L8z+au1a7$2^)z=rPH<uS<)
zWuXZdY`3|0>(`ea)y_wC%R+vP1q-Hjjrx#SResQ1wTwnU?<w<5*lvNU&$VF<g62;Z
zAM+eNKpQE8*Yuy(cS>!~*mBgu(?1)2`)d4fwyW%XiT`TgYOFC;t@~nYC8*R(fzvv2
z$)|D9EpV(fShU32KM^7I9|NAA)?WH6RlBr0XyWQ1JUURTB+Y*s_TVgRFpppahikO{
zfLHYbUV7P8YK?sQtxMUXZ=VMG;=Xb7G81dJ)MoqrXil#G^v_1$z8b&QgN=QAQu}LT
z?FXe*V|y&4u}~H0Escq;L44El0Knky$FLkjXMYS91z<h1ajiD-=ltgfLGK?9TTPyj
zO0@-$tn?DJreHIza-FZxu-_O4?#+O~3iwnvLD0HMKK;QZ7-O9t_szfxS#<_V5tA2D
zE6ow|cUNgr$sIOh<q2iF9hvHuwzafL4!drkUuoTh!gK?g)iLEtmAf*wdwf(2k$@!5
zfad8i*|Zevg+lp1#Vm*6kPJ%Il-X+k>UgC|N4Z(9zuOE=P@nX08x9bsw@&Ab!vFi|
za5%<$)4oJR#9ODaUx^=ReZMk$0;Z0Y7$c2sGKNT72X>xl!;OcJMia-TEr6@OR1mk=
zNXL(1$Y(dv7+lRIJ!5!=IR<An4*k*~4hU~ut%@OwkD>{|!WceS?_qCiuxvP1J<?Nh
z5%>4-Sd7_pNkb$t;y5#fL)X7r<-ed$1&C(GmeP8F3u=p&>T%T-p>V22?(Z<9xWo*6
zT7V|7msjcOc=>1!T~eFRd~@_z>{a6V(bjyNOA|{kfKQ1_Qsq|VZh!v=>Fiy!J5=Y6
zSQPc_I2cI1C>;K9=YsbG9LJC@$><+(kJ*5yX(d1$q2f0=jq#{oKBoHYoSQUc8#>{r
zIzQ=p+q%{rIO~KXlL?{BxsJ?bx3;AS)!-ZbC|?I?L|I(#BQZmyKcD7WcAS`@WIBvM
z^u$ztNLhRrC7YP2>Y)sxr9cxyHjvpWI$7M%;D+Anl0%rd;05=A7wq@+F0c;H`}cXY
z1pqv1HU~%N1v%)OIVPwUFW4X0XF(A>5x5~>Q;>LMQ^eB^BNZH6IE_;%rvq2P^<J%d
zh}(P=TkX>ZKBeR4D;)YBf8di`hrY|-;!c%=TROzHDjYhJUQ&Gq7Z4+lo`~av)9e2*
z7EU(TYyS~XD1{J5J?GGeG=9e&@g-LuDZLtF1;H>LF^3Tek7VV||J~I#C$QELpKKJ?
z`_2GB2CmUy8IARO&(-SSq_bcEJ{C4?3w$!n-K^7)vGZ>F-ns^ByfcGVKhl3BmUvP6
zaPN;w7SJ1eUwy~?M9DlO9>?2xJlV$5zBiS>&y~1|1096X$Em-?ei{GC90~c!uLZql
z8gIJg_HPHVTRt_9%e3hm-!I4UsyF6QZ+x;p&d&7Di|I-lmLhmMrcZ;}Bd~40XKXs8
z@2^A_<5UN>``ab14>a_YYVWLN9s6>I`uaYi^<RPpIBWU8<$MNH9Qr*Q=kVP^*2@2h
zbJOVG_Sx|#DR|zcvAlZP<!|%cRM5)b)2VAaWc0I$)1xwg2^4t9G*SHow-tJEm^n^Y
zHEItqTonr)lEvi@k<!Q~7|K0x+fY~$b$Ak2ePyL6Bl{8jK8{#SNW{m>Q|X{@W1CoS
zgc~ypF*fnhklmtmroQ=_hC<%2vD8!aYofC1oLcs18`(QUrwPp)b%^y&P*8PrKl8Aw
zPYmBX5WZ(PTt61xGalZ31y}KC;YcVPmhCLOlPjwRXWLZY&LSLh*Y#Ci7WCo5Y4*jp
zHQ&yhm-4+Wb?QuJ^F4<H>Dapa)I0+SLp|ENQ2d+@*?eo4-s%~UI4M1?;o7?nvE)`L
zkFJw1j$EiveR?FWtkxq3vjnJ6Oa4foRNS@3wWw`Zg^@Ex>6R9?@dQfcT2$aM=}^tu
znf@guUWba5854A<hydX`9mzYP<rVDAcI;g4*jeq^`G8~RS5yB!c>m(Ne6)4kdB0=l
zPJ5`!rshRio=v9{Rz=Wyk>2%If#vn!6s7vEu6LdNlV%sfT<<ESlAOm*xN0}PXUzM4
z^IR>@)WJ5MKs=6jL%oXsMw*lbzlo$7X)HY~Pe~Szr=?Uq-B9r>V1G{vxRj2GP{xWS
zKNQZ||4V(6=AcXR0=-Aod5XPn#bMYmm}`B=x0Aih242p{hSvk3?zLs?wG7o4COzRJ
zLUmsG>{nOBZ^rVlB#mp&e>!Bs#*0DVxL5Te1G21A;Ikrx{Lo822-y*PHCL}W=Nd39
z|JJ?%m+MuQhNNNWIZBSeJX3iEnt{VYx%4S+SjyB>zxo+iy9#&OYoA_MXA5ZKMg_;^
z^h|B{37&!lbfc&fR9Q$Xd-c332}7`P40VleIc}5Yt`N`LXJx<vKvlwD&2}aai6bTL
z;>a}5_&iTlniY-ahkTKNTKL}B>Alv6t}k1OODbb-Vp<b(K10QSLTh2t+`TQ-?=4zt
z^=gQErNC_L=X&#&h$RaJSXl}mYa&GMU}z?$SJdum=rM|xm`9n`E2``4`r?r5=W7?$
zg<LO4zh3*zm1=ht&t@jN_u7E#XE~HID<e2i;Z{Vz4DiuhZUC)2Kh)36@%(fMD42bY
zxqgn+rfT%(_*r%4W9EzelAN`W&N3IEL)+1_J2C(OzXPbnjV(;b(7?VDxk>A1FrPN|
zF;(N!_*8u~^Td}hwq~>w3lfz{>k;(wCH$-g-l@iKxA7(&FQrQ|-n1UkZ?Y=*=^#vR
z5uRqm={nY#d_96{wFG!UiD!zwdk1{?4EyTGe0#=yyFubipE489xEF@6+v|h(S6p$(
z_Wzf;cY)Kgs`|h0dj`*ghe^!?>TrWF8gdv=Mumc5Ku|zV+Gr{a!@x`oGdMFS8WtoP
z8JXupnW3p!5viG3QIQ&1sVSLRX-|=zwWr6jtTg|>@4oh$d(EDE$mjj{zMpq}*zDi>
z?X}lldtduH?fbf}(bMH$D%<_j*|QpJHcqJ-aVxuNxh_4<FFuf>#m#G~<C%O%!+!I=
z^|$O36I$h5T-$i|{6R}5_8g3LHC0n~W5vtEuRY|J^TN9-J=Z*XS7kfj<10Qyu=JrL
z>z*sC8*u$|3x<t+OYhe>KD7M`nNHSc`K}pUv2*yX`lET;!LR>oO&`0pvMcZ+NM>@w
zb2Y<`JRotVJ!A7oyI|i~Iqb-TYxkQznJ4=Fn&X*^592-YU+Hm>w$JWt+pL3|e#hG_
zH)t_G(ap{c*6Hn!o2vKSRF-R*+b~&wuC~#9>W79?w2}hV(_wLSCAf(txY`oj*b>~x
z$Q7H_-}0mXx{m6~-fxP(kLdj-Jq5U*w&Z?cVXAD}QMrj_^dLNa!&60j^zDSsziGdU
z?*ebVuU5YJ#K&BYvq$BQ*>Cr~``GJxDRpr<7h#XTIIDWU+Vh9M<w(Wz)|U^OFtpdZ
zDvPptykpCv7eA-J#lHEzV!Ou;)UOvz@$YVD?z8x=vpetdZ09W^dFM5vKJQ_jp&etC
zR?^?A{M|~I3HO)2qVl_xu2FhHsZ+KK6Z=D={)EbVJ>T+p*@=_&C*S5yFTA!ye_$_v
z+T15+Rmo^uP7glK%k#&==GEP}dTvWze`3+EzwUmDzLE08<x}Zg;jr3)qhH?EFz(D%
zd##>}6O3&;zf^YSeY>~h2kUE_HSaEb|FvcJO$)1kHF<qm=MS|bP8)X2*xC^%#yhZv
zxyS6LU$^yc{(#znH4ncwYrmGsC!LT*R6XMFb=3op9i_hjcg#Tj`nh_pB242N9O61k
zj~;Ak+kS+?+o_e>!*kX3$960`eqqCa%wf;UhJHDk@{htXQ>q8*|AG2-v#zCP*|l%i
z(sRC6&u8Q>*?sZ$*XEV|VOIXMp6f;3OejLTov0n58;bJU5yy<(y-bZh$TqFmx9`_t
zl5sB-7Hhezd_{Rx^R;!iO*yr0((%`h-+jNDEnn6}$?o5mi|6;<jwkL!bojXDflhwU
z<x!pZedsV3D=K;xRBq@Tz4*2}-rY9uwolDDXKmeMZTfr9Zihaz5bjZR*>p{)xnIqo
z9kz}1ta7IglX|jP+vJ*^BM#TwAy#(qLp+sUD7)m$n%#E{+Tkv6JN5g=C--<c`>W-L
zA3Ijh0+w4X{id#srhVtp8wL)M+20l)7*_nki++Qi)89Z3w@f`BzSy|9FyinJ74&D&
z)fo3x*A#c6t({o_FTUJ4;!xF;qs6zcR!7S|RX1qIN#l!c-tf?%!k`_6HvLV!@Y~oW
z<hlX7Cba#jLHe1BgWd44dkmT~zH-L)mfWDG@s$Gyb&1#I!S*EznRVp1zC5%rqAl(R
z^X82>tj}m_D{Jxp;B)t%#ygYQ)8vQV^71_XfcxQvhyGc6%ZYr+Xz8(Mgb(NRY=;S5
zJ#b^EF8|;9=d$hdb=tB%+;U&&>rJ=R=!7O$*(hmKRSnrzIA@1?r$4iK`9uYIxL$P6
zM(Zs#b!&=0&7E1cf9(YIp>ES6{efS-KsvejfgEc^k96KQ;PT^gS+|Pp)_HpBYw?J~
z^eB5;w6wrq_q^fdJ*y`_cKePkpWe~7ST95#oy$!aJH9fEbGgR(Wp#eUVZ*=C`SVfR
z6!iF-vhAn8VH=^?%Y$#<p`-Eecg(MPW82GZhi{+uhK6v<5A=KR<@@smBE4l9uO}YW
z{cT~(ced}%(NgaOZ27Eyi_!Ij?%fMpzOBoi-0s`~e*1E6m$KuqwDgENSDUCx$6dDX
zhm=02G+LXNN0j<J>;3$Imv*bs$Fa72ZTPjj6*lQdP|Z!hvz`)n)-v7gsBhUt!&`bD
z{AU9V&go}H8&^4a=H-0NmQRnbTwJr|vGLcm)`e#{#}8Ok*wUp^MXqN^MpPes-)qO@
zhkq{r<NWk|&4}T)3iaGbmDPqXw6#?iMhqX#r<aC{d#+Qbn_J#r9M|gn?(tpO>O9Ax
z>U^KqVAK9;6+N5hkJVLtoH{dKFYe-JK2+hJv3{YVyl4HW*N;xSRn%oZw5(Rxt7hNb
z>h|4TABe2kcaOT$wYa8_MV1v#*B?(UJ~&)4O*i|!K0Q_Zh{!Xu@_GwN4-TumXJ^qf
z?7e@(3*V&b^=xpwj?nKZKhd5s*hXJRWqUSwU^*Jd@#y35Pv(y+=bNFMlJ{6&*Asqs
z@cpEk@r6<LL;YI|M?Jf=X3B``v^o{vjL?d~f2oa8qYth;zFN<}EH51MRPFgEk3I3W
z>F000qcCdR)=JS=H#~Lh8D~AE1+v>J79aCXy`xhx_Qa?3m519-{N{|SXPnPmu4q2%
zn;NF8iMgWb#BZwf>cXg&jXQZKQ13tv*>=pjFv+JsHG^*$SOj`(V7IdxFTYbk=-5@K
zD$iY0d;auqo;sxAYE``Vp@&}^K0$wO_G8ag+`3&qvEN(0F56&_m%VF8#d*c9Y`jmu
zLtL)1igRBYSW%&w5c_yc<C(V)uNhTU7&TbeWpmZSnPme*Ya=e%ui}9Qb!6LwDtmgZ
z=<u<JD(V~NzUz4NQ$1II6Ls>$vg+Hi0G#FR72|Z(5ZgO>cI~>t!>`vo_Iktl2mfl1
z>ba-Z&6qrKz?`Gw)k%N#mjAJKUCqP)IC0%WkNu-)!|WL~T95gZng8imZ+<~rrnao-
zn?0B7LM?RYt>^Bi+ky(~3#0MUfXB;^S*J)2lAo4$-gmP4T6OfctPA>%&#2M5SQynZ
zT}z@3bAKO~we`gQA4TeE)k2}8W%|0&_1k8w8~xZeeLt&wR(ZqKbLy_$HssRb1Kv@4
z{@Fw7Mzu_=(C1t-m-;1-*l>Bi$XONM?|1R~U3^xr+g8wwDE3qD2|V<~Kfg2ihM5EJ
z8gzv10s3w8p^8}*4RdS071v7H&nx!zJLHOrbNAJy)La{%=gX=m-&MKK!B-Z)wR*$z
zdlvpH{EWW1`V;z2pFRuMFgLD=#;vB=p?$AoaAA~w%G}F*>2Z>*%j?wThQ>KVu05r!
z?D7R~6t;YM_(5;4>1ffghu7i97yc`p`>#K4H@!@xSNVC5jl0M_^zx~W_~E))m(c9b
z+sim3@B-~L9p@TL{<PlbTDNhAK0&D?`<I7bJ3wm@I<WT~zKe$%9lv*<q{H#xgX?-8
z5#$hFR>r|wD@L`sc>G>prl)W15U!_hb2~<8*>L2s&sR_W(d~Qd3%IJLd-95b)r~(X
z9HU3fhJT!=_MWWSR@^i%KjhwN*;uC<+pBb&S*7;1zRva45#d<~y^5)4Aue38Z^PVK
zJ%1{Adp15d?9}hDgTtl5;GQEUA-|m8**0=V+i~HnbDW)ZhFZwecF+C(c`aa`va{^+
zXWr094H(niH3ikFKHuY7qZ|DV-0Y9a<?dE~KUfbRKdt;lrEPksYyShZEtIxtkzl6s
zC17pDjmqx;Ymxdf<<BYQCggIjDX(B5VWOTPQeLmLZFnx%rhEf<NG^Ae^2fmA_3h{X
zrJV4;l={<8nSIK<`rQ0^XU>~4bM}JVDO0ALR8`&7+0msxci7Q(-0V}Tic0&k<Hn4v
zsTn!?xD&@5w`|Ok@h2QVuJ)L!<420hu?$kB#Ar6~m#!KY&S+oSkvn7l)P<Al=AS<E
zj0IB{&YZDe>b%J_=T98H_vE@66UVTIFQG1?-&ulG$J}&w0c1p$<xIES>?}8bR^Ff9
z9sRLok<{M&u>^!zZg$$DLBcO6LZ(}L#+!Ybn}5sAe|7ZBPbEkipZT$NtlV;|Z+<N|
zd(->N%`VN&|F|ryp14>tLnej)i{oVVt)A)kL_6z;m8ZFtTbv7GJ@aF6Sh?|*TmAlW
zt9MiMYr4f@evCKW`de-FboqjqowaAW)id65YiD{^y=OnL?QZofPv^&oSg$_j7LWPc
z8hLBa;<4QPT7FBkw{fnD`l6Uyyw;B8=KqmsXS$8+oXE4@g;@JGj^|`_Ze`5PukqGz
z>#zA=6YU4ZoPNY6LK}whXPCAP<Hs<*4SU{WU)N*buD5?Pe79?t@hugD_v71TT+H5M
zAHxJ^Q|qwjy?<}x{q%=@JRbXas$IKmD~q|m{`$6jY~J2u@88GZvG?QoH-mlM{;-c{
zTt9tezFXfXIqb*E`}aOQe~+u{$I9FHhrPY;`vT|Fx8?id?Y)i1-v67y-sep&2G9Gx
z__n-_=lwWWd!IT^+xYvsK2FbjpWen}AKP@-mapsQyyrdkbHK+u!uhOs*xUGaw>ldi
z=bn!D*vH`UEzaK0jVi}4a@dc9kIiEr&m*p`=lvX*<7_y0l-hQFTc6|XS32xt@HT$T
z{W$x0);K?d92U$Cz_DacB`yKT5zE2<8yj8=!H?wyVeTA|Qa-tS#y(y~2OBW)Q<tA8
z5$b}C*WE>sQa;&^_#{WL0h8mC@unQiBRohcKXBMt899l*QI}U_*q(6sG+uW@L98B%
zjUk_V!6&)ZWzJf^(wL2BJ0qoh>dUObr{&m8QVKu+DnC;Rfd{iah<}-q#n2)gehyZC
zff9l}n0T>Ytpo>NtAwDhRnkgW;4f2-z=MsyLKr{r8y$bOFai(89=jW24u6x9`T4jo
z0uMI+c1Q_4*!+A7QUVV)elw&59&CQ@g_OX9jeh`A0&im5bg&3wCP%OV^HWwq$+io4
zk`hwNkM5R(A94g6u*Ez9QUVV?K#6u|DIxG+<IjVXz=N$XO^_0JuvXcFpQXwNDiLRw
z5`vA1^%vdn(Za+)j$jYg%1_|mrW}C>+i~F}NC`aH>?a8$@RO9x{&Zmk9?UWm?KUVO
z@L=N`Atmr&<KGP_fd?D!`wKRnV<&<=*!asJCGcR2|3i=xc(CzTLrUPm#@`4jfd?C(
z&U20t^!L+B2=-v(zX&OT2b-U-LQ3GlX8&#BeB>WhZuU<IBiMtDe;QH(4>mtP7e?TJ
zu4MMV7DnK~X8$sz1RiYmuR==T!N&g!QUVV)o;PCaq!*N?(GdwY;60QxR<j%rHhzKQ
z!N&6^B@z69jbH3|u<@;q2OGcA@nFtp#B;IZ!FHay!tr4CLG1Z+m<aKJjlaY3VB_y~
zJlJ@i@<;Fkwm84#c(B>;a6DM6gdv_^IUa21rr$Xp3{U(oIUa2G|KoVD*}vj=u<?I)
zJlOoa?s%}-=V@F*f5FD@=6JC2{25aOd$92X9S=7C0LO!k=TD;|_yHS#sN=!LAK`eg
z@q--?HvVYGgN;AN@nHCZ5`VfCAs(>Vk8wQM?2mUm*zEaJun2y@#!qxS*!)a(JlO1~
zIv#BN49A0wpXGS4`Jd}}u-TvCc(CzjIUa0&&UHN4>>C{qHon>MVB=dI4>tcR91k}B
ze8+>0U*&kP@fSHBZ2TpT2OGc6@nGXGb3EAi4>}%f{D&P6HvVeIgN?u5@nGX`c0Abl
zk2@Z0{B4d08-J(c!Nz~u@nGXW=XkL3_c|VI{1+V$HvY?w2OIx2$AgXkrsKiJf6MV;
z<G<s0u<?&O9&G$mjt3k6L&t-S|FPr4j;#Oe`t2U<s*Nq;(W0nEj<D~8IsX=vPEev8
zzE+8I9DJP;0&imex&EULIfrg+Mktxj8e#J}PS||DT^K3lbBuWEkR#ZD4_7KE%~V3*
z!8RsyASLi%;}<|m;K92o;U_#Yq#Pb>JlEA0^CHJL3nSQr&7Nyc1m48P$Ii3l2sYri
zD$&NVN(emoNG15`N(emI_@$5%c(D1o1X2PIHvT$c+b%phYujs^FmW&rKTtxb3qD$j
z7}D#v!I9_BawFJ-4^fW&7{`N0MShX6ZM*k48?cSxTE~Nli*&o=!Fr-FwDnELg9k@`
zr{lq9pI3ks5p$Wa@q>jA5=UDn2;2Q~y)f6e@N<N1teS+)&k|vazf~B)KiK$oVT#~a
zI(`+T1RiYm7YkDazsB+FASLi%v%g%JBKQrC|1hKk9&Gm4I38^K$PJDM8~;&Zituxb
zfcd!%QUVV){w~LZ&Ch3qDZ+lUfZ4y<<F?s<1t${xfQ|o#ux*!Zj{pC|@tI?_#rZQ~
zg!sWWK0Adef`384?0*L-fd`xYOO6Md{mYIAoBdyfDZ<aI0%rd@qy!#pe3=#y%zl8d
z@q4kbAi*AN{JxF{Tf3Ex4;A&F9UIXN+cAV3!9Upi41$!vgN?5eM&M1%C+8dbK)#Ps
zLFpYz2=-vs9O36Gu?_$}TZwwuoTFstvc<v(Joo@5?7NhZQZbw%9$)0#i(yY)IP8}w
znSahB#<w}X)A8Mozu57tW8e?}>y?mF@o*fY4RQn<FxwG69e?9l_d>7-8&7+PwQc<H
zj1D~5_z{i=!{Z}8*PA`pBuJ^gz}vRQ2k~2u{ZJ)4wx1}Bz=Li6OoWucgN>gIDS-zY
zKNV5}4>o=Vqy!!ePdu}f5O}cJGv5$+u<^_j1RiXBdaYvoxfn~ZH?c7x4q_l@8#6Y{
zXPdVx9Dc9xflAn1<M3U=wvRk0%y|==A1T@K_E}-uj?W7t!~-^dC!_=(Z2WJ8&ChQg
z|B^6*J=pADhLpgAjsKgl`FYjxuL~pCgU!ASV+lOi#^f!I4+i?r#`92YmB{x}VjM^a
zeoX!o_WR2jzK>C|wrXMn|E{h7R9*AK{$erI?IH&D^D-rJ+ZNTrHs;3(Bg79jpS#+}
zIo9Ko9HB0F4<*KDh?2E6RCrkAPgTx3GdAoy!~|Zegy3hb64%M_H!7K*n}lu7e?}O=
z-o&;q$FDLaa*JndG%96p*YM;=DADf8yRe_GfbdUlvCR<pORPJQLJ4hw?L0EY@nGX;
zI38^L>B8opYhB~d6xP4szrpe6IewAjmpZ=1@mvFQ89<!pM_dr@7Cu-x_zGd9)VLiY
zo?>zY8?fC|Fy<CN=X&GQ-xs*H$IrP+NU64t7LN@%f(>|YrGgUoG)Sqshl!^yd9@Pu
zbxJnRPZLH;)g2?Ay5tBpU~89oVq^Gr;aVm9U!a7P^7(G@_#{WL0o(Xo1}T9D+d1MU
zNC`Zc@ujWrDcLwbCT#agKM}U$=O2U->Vg>y>h4BG2|U>LueS;lBRuz#70S_%cJ^TQ
zbNsL`AlQTLe6-B*!9f4ne#-F+pXAIN{LEFd7@CCbI$^aiF<`S^X>i1MDo1D+Z2QP(
zg=rdov*Yg*rcL<!9sd=_Zxyx}_+19U-o)Z(d*O>5!3Jz|<7h}psk(LIsY`ChI*y07
zy_gSnoWEF@xm8el(D9E7+qQm2*!-mDXd9D1%f`lpW0ke#=YZ%S*2ihmh?CsLq(Ru~
zwhB*FBDTAfEanG<Ew)F5ZJzu_7%4R-zAftu#{_GuUD*7;SJ=jc?PWak-{Sn4u=#mK
z7@=M8?n=b`PbC|Z*Mx1p9RMjQ73Wa#jEUvg3{zrz<MT8n%Hd}zaeRQEqckw$T^;NE
zI9Ol)-x_m2hix1<kJ}ukUr4EOI8Z$OBuB6TTiqjtZM%#VMz8^6L)}^>1RiYrcs-<~
zRJ)v;s7r3=_alUnQue2a$DSN1WiwekHsnYt8;--+kR#ZD2PhSkm}@qMhd7?`L`wPe
zeK8w2^T}}<p)S~X#uh2%lQ@Vojb}G;#OcQhY-2c77%An`&y)Uarl^2+$!#3!g&9-Y
zy-cYp;yaZiv<0?#@<m8VsThtCkAL#fO8DfMX>+Do*xFqx%ryZv*DLK4@h0U+DgWce
z<DcC8Felk(;io#DeRQl6{x4EOO8KN;)Fnqs*-R9V4LMTEhJ6MbzaL?X*s+><hK-+Z
z;4w-CC5}bAMLbVAQmQS+4L{^I4ve?eJzf~0E||XIpYcK9!DfFdqy!$!Jj1?SX}^ds
zQI22(9;}4Ttx5<y_*f<QN0rzIz`s^veuDD~*seXQgy}y#f4-3Y2YjZ(JTqWC&jXmB
zJB96>^{B8Nw}0sHPGN-DOl(`6Bce=++~(f0XjICcxr9AAZm}7s#9Soi<w{7Yx|76H
zm)zoHTO+0HuN03xxm^R_D2$Y{KUzHY<Onuk=3+r<z7pl|XDHbit`xTI`#xdhKjGiD
zdspVNq)+B6F_9y*3!bh-%&V0Uc(C>5E@A7--NL&oVZTKQ!5(b<{g4uPu<>6J=DZL8
zwTSVvP3bL4;2$U<*qGS-c{5{f{?An9w<_Utg_4c=8eycA|KZ}xlq|=F<Eo9rJB4i?
zHV7Z0g#S0YP0g?6=D#NTd6#ko9$ck_|Mw^%rDFDDVzCXAEyp10;)gy__gtkaCHVB%
z!nnb&RkE@Ah%i#B-CFVZB_E|k-DOH}*taT~pVh*)eLp0Ol=8`OiTdQ$mm`F2oYP}0
z{iI#`X!aai4vqXO<rc$wVWd>MTuaj~If4y%fD-->QbORt#?uZ04>q2dky34)E}ph5
z$7ZflgA#3hS_y#%+rIO8Ve8{P!n-M9|3xJPd$95BYqSHuRmuE3<oHJ%|6O4Od$9TW
zzOc3Xq_FvUMi{{!Y{%GNLQ3FGZ2z4kf|$tnQYt9TP(rW=@2vzsUkNGY=LGTiA>UsK
z`)Nwpf@dqSmIS_9x!o^(QrP-(hw#v7|EMrReX#ZYamRzr{(l?~wlVpeu=(eAE93v=
z?7_zKTNOgPV2kr$#|Hz-t1~o78ScnSjiKluX3u=Zo_w)VLFqyzINIepjppFjD4Ea8
zgb{2^%;(<fB=yNJS5DolgzcREF=71+b#D={{@yNZ?eg59@t+YU2HN^u#Q3~N*yh#O
zgppG5j24eya^?_q=@(MUzFIu?<Onuk>-!i;2|SqlH+)W2G8^U?f{lrd&+#JgPmW*%
zw*H<hOga2SrNfo*&oKaj2iq}|>m0fd-=;J~3Hy&I8Gn_q`M*Kf{NLpG^tusy?CwxP
z@DDaWpMjLXgN?rjQUVV)KMz1k;K3Y2iSye^2)v1n71u4qKz^_i_FUuHx%)I>q*Ptn
zrtYrdp`5x8Dm5yhr_Y4YCj7}7OdC(GjZY9qS*Nhg&sD<P&0dvy?1cwM`*U$7p<VDv
z%As!5e`bG^u#M-f!jxmb$?-gsVEo;V-{N?lpE5rWIQ~J$f8Fuh9KYT19QVx66OMmU
znE9qG_h-kyBHS*npwy(nv3@NPwte<|22Dc0z;;}{K$tZt>edY?_OV{r=FAzw2z9}B
zY+2-ZFfl8X+)~GbheZB^jt5&GKO%grY>45@!gjy>EoTp|jy5kj9&Fd!`>0da_X=V5
zZG4{M`02vd?rdR%et{Vx;-4#ArJTCwI~%aoy-;{?w7JRIfX|KmD~<<S-G2&OoUb{)
zOa`=1JOhM#&OyS&27jn<m2zS`Q5b;-qr$&K!2C=Wwtm$MS4Ep8!nTiJ?CjSF>tCq<
ze#ftmJpQk6{6@!LBa9Fa7!~`Q91k}BRsoB1Q{>U_a{S$q$IljF1pi=E?C*Cx7!~`k
z2vCmwR>wc&_(vT7UB^EbdFt<Q{L{|<Cysy4+3yraXcvr%pWg~tJimARpD>VM4@SlA
zuL5TOs^kCVcoxUZes^KB-!t+B`Po+(!9UpM!vVs_h{NV2XCpO;ofkOg;+Gu3kBQmX
zHMHf}%vGW-{4Y?lV^O0pQpyi@v_+0!1Kv*wKTS%=zpHEe*BP?47&wnx49z%^l=4$6
zo*2lHQZ`46$A+BqBC)MhvSZ_WgppEpZxc^la_bl8O~c<1Uaf@B@pME|%Flt~@k4Ic
zEu(~yQucM?u_u3<QbB2j(*6-&qWrRm%XZN&=LP(bBeVq`ri9P&N>qnu49)*^VFVs*
z$G5YE@dwX6qw$>6jAv}eDB+)RGyk^>+x)*<7{L$N_$|WbhjE6-57$Kq_F%RhcHdM&
z;7x3v4-$b5If4zC-3OmTlq|NP!qyh&w~<QNG$^snz+6KPi})Jl2tL7wC}Hzvul;P?
z9#S2oRQ%J$mno5(|3$*s(pHPo*oZ%--1>5hu=VA3VSG^M4#yLx@tYlgpX2X${F}Wm
zwthXMx(Mx>*mhyuX?s`WPaW#AEp}5XD6zj-A4dz@J;jN_NU65`b+XyORV(3h8l;4}
zVB6Quhm^pBId))wgA&Im_?wjuQ-c43lFcg{EBLKSwk;kKwwS*sY<=OHj>{zMpHxEd
z4~8#OdRhsA2b=w~kP>*X@y|g@;K9cKTo{4>xsvfO2qW+&w!N5p#6XT<1KwYWn5&f#
zc(5JcrU+Xf>xJ!FagH!+J=EoxhEUhU+GQ@$E;)h?*yaQGI_95vNcbGBgkTT0^9c8h
zNU64J#M2fzf(_WVT`i;p9&9mqpI~e2RAHo4TUUywE%Ieb#Qcg9^AF7Z6y?;NC_F6k
zO~N+!mI~XP{E*|X6ee!`Y!gQC1Gf43ZDESw`8~q;?>qiUVfHKh>_spV?7`OeeTD6s
zWW2KhTWsez9(<B~6qI=W9Kk2p`nXm2v*NH>rp{WNEy7=q{4h;gs#CXG_`Jwp?)VMD
z{7!(MJruC{*;Cl&?ICnTf*-JL>m!BDf0g5hIlemb*o}1jXyHn6v|A^P;NQgN_Fxgz
zB{zGH<re2SVXEWDAK$?0THyWM6BWe#uaSm-avR&*g>C-aDQxY2N!Z$bP<U@8+I>i=
zzvGpS)ehOv4t?afWc*Kr5qK~*_~ck**G_*BMoNuOm3ZoqTWo`c?f5)XnEeo+>y@l8
z9G?+<g01gch0W#(VSHorq>{zVIm`HG9se`O|J?Dv7Dn&`w(Ui~Ean%5x!xkq*Oib`
z{oN>@w#g4v!hVwyQp%pWf_*w?Y=1nLiW2IA8FTF0ln{9EDN3}(`3r#uPf&vYZzb!?
zpM(#M{9cd}?7?>2J6M=@;Q50^j4e8UKg0N{$m4&Q<Ex$hNMW0+yk`W)ew?t456^}n
zv}I!R|6L+zj~p{>&QUr<2|wLR2t3&QUnp$$tA+7_{l!Yw#}5c2rP`$p>X09yMBR&&
zSjPl!QL^8Z9~XW{<o)-_z|$kod+wY|sC%oh_5D7Aln?`WigIjt|9WV|hn5LQumRgV
zKT4SD@Kuf<CaiyfuZ}$WNdA*x4`!Z2jn#kVXPmJ4KS|iO9nY-V*iI6*F`OlA$KiC{
zkMnv#iDyR<+BLE5%Q28*a-@_E*CE)DTbzT0Z4R?d5bA<$uAU4jfd?Bu8BzidHlBS5
zfd?Bu3sM3PHhw;&1RiYsS&$NVu<;8aCGcS5n;|9eVB?oVO5nl9r`NQ`Gv^WP!Ny+#
zDS-zYe<`E{9&G#vAtmr&<39o^fd?CZJ){I4Z2ZR{CGcS5Z-bP;gN^?bqy!#p{O2Gg
z@L=Q9W1aC|##n+q*!XWiO5nl9e+yCq4>taLkP>*X@lQcY;K9cK2vPzMHvV}?2|U>N
zUqVXY!N&g%QUVV)o?|!y4>tZ4NC`aH_<ur5;K9c8JPZO4HhvGsgN+~Pc(C#Q{R^=1
z>F*21ALaajjX&D)VB_EBc(C#5yQ{|gbsMnpTzez*7i|0#$AgXMxqSqCu<@rm9&G#>
zjt3k6F2{q7Z*)A^c>i29*!UIB9&CJ<<H5#X<an_0?{hrZ_{$s*HlF(tgmC~Hf3@Sm
z#^308u<;*vJlOb8Iv#BNryUPA{_~Cp8~;VegN^^H<H5#%)A3;AzwLOi@sB$mZ2S)#
z4>tbCjt3k6UycVG|0~CXjsJt=!N&iO<H5%N&GBI4Uw1s%_;Pn%1{<H=CmO$>vj-c0
zkmJF|AMSXt@q--?Hh#F{!Nwowc(CzYw;;?<u<<849&G$O91k{rs^h`NpXPY5@pByy
zHvXNC2OFPW7a8B=?7_yjIv#9%hvUJ<^G-U#IDn0RkK@6{uX8-u_zyT9Z2X5E4>tZ<
z$AgW(+3{fGKjC<=@pn2NZ2V^(4>tZ@$AgXklH<X~f6eh=;~#cB*!b@_9&G&g9S=7C
zhmHpu|5L|<jsJz?!N&i_@nGX$ay;1hKRX_5{NEi9HvSFAgN@&<JWQW3f567?<9M*~
z2RI&V{97FlHvS05gN+~Jc(C!uI35gNP#WcUFzXw1=|sm%4Py5fD29&~#-1Eue=#we
z-9%tRj+C-_Gxsb9t1f;l#}D_cqm&9t++T25hM%r<m=gSAC8Sil=F9Sb=ksv+!DkZ=
zC8c~~Q>H|2@o;aomlAb%HCF#Ob*to?cFC>X!NPA>qFwHfj9(;tgc3aWFG#7rbc)9(
zx%K_S!U*=@Dkc1IA5jr;dcSaT<o}`^p)R;qiMk^cm~Ah<cZXmD-bXn$a~%&h{v5}H
zsfYa%VT#b31*S%xXTuP9F!K_7u74<k=Q%Os(`zB)`IC1D_F&_`AzT)Du7%i@@c)P~
z^9=kGVT8ISw!hSipguW*4fw4})P0u{)!|u7*-r_6xsvg$UsXr`I^{O^J}zwI{3T(t
ze^B^XCH(AELQ2K9PJEdX`P-DR->igS54LUn8)5VRTVXrq{81Pm*t2eST-1+{ag{JW
zCkk8Lw+q<X&OBlEC2ZP-&Cg0<^M8TkS3CZ_j$iBe%N@VL@%&z3{;zWU4Z;ZVgW0~=
z-7IX|;%;Z7q9C??S!=+4S8EPb$3N?A*01*pTRdwWf4MM%J(w7<^J@rFgIEmgr`V7q
z)CC`@R8V3rAn+zu_aG6}B}cFUGe@b*`V0aOwt2f!*yiCy!bmCq__oxa&8%ocj+F8<
zQ9ORgrzjEIS|wXsyGr;7C3ucq2!6me=B$U<wz%K%UlC@zWB;{?@v}|o03|T%7)Ytu
z#)~ggvK*Tem29l$2p_71pH?LV8?YT`+94(I;1(t9pHZ^dek^>H5^cSzWXJHgs8iOj
z0|h9jE^E{SBOZc*1pg*B2iOOxLylkrw)NPh!j!`k*AgZCKc-~k|C}&_4S1*$HUwrd
z3=}4Qc+L@TiTEAD=6|v<{l%tU*v6lA0|fsj7XM%o)F;Ob8|qsO(}d5B+$WWr%^kug
zMV{Y25bA;(mGD7qHvV<O{I)_{tXEel$EI7@w#7$;^)LA0IAh!QddSFwnUnbWnB&3N
z!*6mt7>>j<(so?B*V(8jh>gkd(y%8-=oi?wMV;_CrGnB0N+(3TSvi6|c#;w}FDea*
zct5pE)7b1UKwq$7zS&qE8ZrDJVT<`~!U%OuEaqwvWlH1-HekCp7%NP5cw*-`h5s2!
z2t3%vd^V&69!&qSzf_5K;4f1;MhSk45&{o?pA!6WE@rT`%X~nv2eZ#$f1a?-+YVvO
zu;ILBv8@u`H`-q++!K%R>5+e0n0okpP8dN4+x*!nY;|9VJodkL{ELo%Ss1|&m^i6l
z&VLek6WcCliJ+Jq!3Nx{1pjp<1RiYHMNdOY;K8;Jj&U)7ZT^fG#vk@4I-Y$Hfd`LP
zj$Jyo=H~+E=l}MaLCu7AxqdMJ*SUDWBVs(;gstz-I2*8S_n!(=L|@pBHOdQ0JY!H1
z@nOQ0!xx0@JaVFNedI3@Mz90pAL{-3ub`a7J1ht`U{rXX8$Tpsp8dAt<W3AE*n{oZ
zo_>ezG?imIk)2(FJ=o^+X~NdWnZgrPUQpWL?7?;}_>|+p*59uS<D0tr6O%p1fv223
zc#6u2=fDBQzSIiaemYCo#`Y{>I~KJF+cm>w!U*kwtuNOKTVJjdwmI-oVZy-v;}H|*
zCSf}cY!ybZ0Uxa#n_mc<&z-_{9(={wgRQN93e!LQye>?;_+g`SOazY=HlO2!ZEWW|
zet~d(v`?Q8x3+GTjkUE&*!a5~f4A_7(a$f05n=-$shs+62wOZjv3QOWHoi)jYbN4<
zr{f!hZ9i%kws=+w>tC?H!11ev?fk_v*ml17GR6{O1H<Es=c^A?PP@+v503cn!nQ3c
z_9)Ju!NTTqgfN0nu=yPCc(7ar{}UY#wrw{___%1Z!r6!lV#i(-!^BDa<OngCm<{8A
zjpf+XD)sCO!U+5<CELe2HY4z0HY?+^SP6j#8^280wquL%5GCwC<oJ!kTra`js)XRj
z#A2Q%qD+Y#!3Jz&I1^F=54ITQLQ3Glc5QPWq@+|^BgE4dxm~lJB5Zw`E^K4cAdKJ#
zZ1Lb9AMlHm%zmXXQmS36W4YBepG#HGe6|Q1-|l$)8-IZ?f*-KOa5<!;R19Z}rwwxE
zAvSDlJ07+P+dNq(Y}@n>VcU)m2wR*F3R^s17q;#4u&|BiBf_@teBbd;I{v4Q=ib5E
zeZ%oMv^cr`v=|N$UN1ZJQrFl8@myEyU+C{G0v0pZ(g@=K<~|uek2xM}_B({FU9QcH
z_v=64A4fl5kg?R@|9)Y!=UcDlhvxu|f5`EVIR3kif6Vbagl#*ruHF*c<y>s-zFl})
z<kt%yCR|XuRajL*Y@39uBEL=8u7`goj4(dnt;(r$=K%dDfd>y!j?YJhkB&HfAIkdp
zXW3Y6e-SqRAHo*TYmP6|q%wYhu-WhJc;2frzS8jrI{q-n4|04#7@;p<x=edV3s=D@
zO?5WlipcX$7D8Px=S1pWA#5>k6y~^uezP#gVthU&j8GTMy*4(7t0Oi(gM{f9d;uT{
zaSG!DzTWZRy~I&A%kf}4&#o8dbc4-@gsm;!nX>)#Mqzx@*3H82SB`$TDjI);u#Huf
zaFxmnN}Sg?_kb@DM(_is%kb}UJXlQxex2jN#(zNA;@sf)D}^nds~mrW<8O*QcDFiy
zle53e@pn6Zi{tNc`~$-Doql~;*zTdeD{R*f&kG~ifbE+0FOCle`p?dT&BDY<j!+kD
z$K;EJt=&t6?R<BI@M5Kc(u+#AZgT>ICczKb<}LTC2t3%f%PGR<|5RaO!RJij5fO7g
zwJzen3nTae+xB`xm?C(b7{9wPKH>KiuyfWSkZ?-iBa}lO?|88JIa%2JPjGylvj@|c
zf)c-3+x6!X;h~Y=AdJv1*!*89OcDH5j_3Jp<KOK2xi+4kRz;g99RG*OcR}grIF!(q
ziOq*D5fodF%_=49*J|PSD&gm^O4wras*?5PUyf(cjNhFBlwc3GIk1o8!Di2S7Qr5D
zF&rpNzlh;zXCpO;^`%N0@sT6=sZtuLMBUj+2t1hG1pW*q1RiX2xKY^J?G$cO!v2R!
zwtfFDj8GRmMG2b;E>7^W$n%U1McCgVaAf2kf|S668LKiSo`InV{!sxq{C`)tA>sn0
z1RF5dQBXWb$~-S9@r;Dc&y~V<47pU;{I3_bZNc|N^)L9`7<u$-_)kJxV4H8BbbK(-
zf3{r?5vG`Yno>dOJS8~%EK;&-297_*uMyr?344w|%m?g0tYqhrn}qGS@rZDh680}B
z4U2ehb<pe&61Ho+p>$k=Pq6j<SYeA{gyU-*KhE(d2_yIc+dO9-i6Zz(j-LuCfd^Z=
zrwLO8&+*V=ekY^^-o(cCY!Sptj$i{mSqc7nB?KO9$HO~?&Hp{Z2sU7w|6Gfi&9{Xu
zwnv3+yF4R|P}js_dyfcWAh)_~)6q%=rOirQ&wziWWaqEfgoi}_DA#wejcvN^j*a%S
zWkZ|9Ge>xA<XQjJzre2-U@p=w*XjuNcHK_>+Z_+K>#NTTQ-u9J0v7-8gl(+;f`J4Z
zux;Oe2wQBgIlfG!@dE_Res5u$^8+I;$mjmTHiwTAMrg~##(%g7ipdEHn`$K+!{dYz
zc(BD^3n?k(lWm7javO7-gV>*=WY>qy!U#Or)<Z6Wl)!_n-Sv<Xc<>CRg3{wk2t0V0
z5;6Qa=J2m5O;p03{S<)*GoIMjIv#A}z;DM0_TWj%@pFl=-IIPq7&C0H60q_AgyS~}
zA0O-f(DAIzJ}90TIPW9)0e@UM)Z4V7Wfu4m!b2lJ$MJK8^)J{j5U3I^D0M?h@Cml@
zzr^uiY)PLGwzf72Pl)_;&K}G@PHevyrU?Hp3Dhaa&!_=eIs6!5Y_K0EJVZG*?-aJS
z8iXyjM#nD}W*$)Yr;dM4*v>EMy`Hu8C)wC}Z9i>LYioaD+r9?@B*Y13e;~FAjt8T{
zPZlsgb;86&suw;i+MFlMF&2C7xe)w=Cn<;jv9QhI^xn$OzsEB<CDa8ERZiWrga<{u
zO4!EpCSluOJ}GQ*-XW}iA<oYTlnLW=bL8=PpX2}2-;2Qif8u))`1#*_F9Q2g-;01R
z^}PuAU41X2Oy!K*{(BV1^I&1)4~aZ}j&yvLvmfU8YG*&v@uQvn3Bm~Ng4vGvpWt{f
zJaN=H9&G${$AgWZEo|}6i9G(#6lOo7-Lr&kUwgOkC~?@_ER0}dV&@mm*Z3v3dB}Oy
z<|lL3c;>ZTOLL4w@Cj!3p{<jY5O^?t@IO@vDHX#4@z{{hQ^L<(O4hGW3v;ax|2HLz
z=T+f>k>5?E@!Y5E9r^u*$3<L^frJ>qbCl!rI$_(FKP5~o*znA}U6*n$_<XeI8k=)1
zb$M=feZ<Er;L{>rOYjo>fX)B4!g3Y(>xAuC@u09>=l@U`p)Qy?KwCc*wz?eKjo&G(
zFoOLHj^~(<;0J7T=}(Ra8~;~fim?BC#I*aG@L=WOBL?U{2{zz^mBWv9ywo5z$2i^+
zA2~u@ux-2H!q%^9VLM+le-P}!%uCv0j&MB+=32te*JU`7U=Mzma%|2OHvjzQ-W>Ud
zg{{Bag=v>KpB1i(Hm?c~iTH2|CHM#1xD9qZn0*0?_XiQ|?Oj4B-X*kakMYh1Tg1j~
zrZC0iW>23KQt-)j+TltCr3;m;FBc0_4}Oi3t+U-Hj1UhP8`Awsi<GcGP|h17ZWFe)
zRtPK;kNwlaAB#3TKM#k`^9A0i9Q{%LlfZ-Rxbb7hgU?Vo)JTGtU=OCB@E;Vm7_JcJ
zd<uV;u+0a4|NXkSg3=l{55czI@trR7bCs|iudWxqEY@Z1_r{3t#Xv$lVD@*~{h8yz
zr$)Y7lYw&Vj}>N4qt6w#W5^}K7Q=gmi5Htq!gb2gcM3N}JXObSv!5n>P~_hwtS*PP
z&J)H5br%U&MZ8vcXvB92+wuJK!se5;O1eYcFA5{X4>tZQ!uW^ZDy;B={*dDzaXf3A
zX8%~^@xR0IPdol6j(;xl)Zgj&7o7d?9si=^UlvA)6Krw5>Ugm6|8hLo_yIVOkb&We
ze{W&ySB2v%9e-ftu{%r{Ap@KLD#wG3A0}-6t0PalBOO25*`FY6bKt~?v7aDp^Q}b~
ziCMsQY_a)FZu4QJuwAb*uMz5k_gBLI*-8jJ*!XutO5nlf=W<91JlKv`w?Rta!Hfg`
zKc!^x-0k=+!q(q=BgUR%mmM1)7Dn)CV*MQ>qD+Y#!3KP^5`NB9q8y&%pZQ!SZ0*u7
z#t8eHl=hAIF6Fj=5gURZu<b_=KuX}j#(!1V+Wnd^ZQ*~LlKK3eFhX4u>(^N#s89Y@
zCF-tJS`zWo$`R^<4^zVCk4n^o|C5sSg>_)-Z(bY1VyF;qRvC5AX9G#73%0&o;CS#b
zm1EDEOm)PM2wPkHPI`0Xmn#^HXNAB8k^iORe<f`3{7IPh3repF9~v?5(ddvK_=AL(
zM*JROH5clv5w^bkLfFnDT=O9K1=~I8Avl!4gLhZ1CUZv$lfzdD4~+bA!lQ+W?Ob8&
z?{Z;_p-mV+*mMe;pYF(`U+j3!WoG|=$FFzxS2%v7v%kji_G}XVc{a(~y~Wwz?)W<#
z{~2L~{(>!@dmIlo{sCe0|DfZ)?)Ytv-|l#RBgPN)pAcr#(C$;hwyl3JjKG`Ne!;#?
zU2+5)@VQC_r7M-p=hec;ME)zvE#|Gl!y>=a@h=DuiToaHPznCQcHB5v*!IWtSx~zs
zIm6WjbAG4ocRL<@VB~q10ii9h@z*#WZ2Vo02OIwt$AgW3!tr3@B%WUg+gQCI%zX-c
zUjJDi)8FRcu^GjG5@H6kUqCH%JlNXmbUfJj%N!3To`Mp;$B~mhBW!VgE@Jq5gb$83
z+lBQn#KU!|&DAFy|D>?_|A8>WLi|rV{zr~~R@nUfOc=o)Y{y29W9H`t;R94&P<lle
z!QRB?FuGyZpfDvzum@YarwdaKKUe9ZsDD>E0uQ$B^$SP|JQzRJ|BaHx`P;}Bl>br5
z{ByprcK<4j;0Mh45<Bj>5O}cpZxS~DO9X6RxDZl;y@~bx1QGZoN3a32`xDzqO4cv>
zj$i|}`LjfLq7wGEDRB=8{<9Lkv42Hruo67`@4|>z2^)WdFoHdJf92S-f7#q)-Jm-1
zPdR(A%`5JqYz%)Ad3-)EY{w#g2R}Ia86<2xzf;p^+I^p}{)Kqf3D|gE2N`*=-8=C6
zvhm=NQVL4xe71S}ylf^%n<EuG)rqr8*y0~XrzG%TRDANzDFP2Rp0#lV9&B@?M%et1
zbNorp9&GlL91kXD>Q8k%*y7}QV}y3WsMybTJlJ^F>JjY0=I5Ql+Dw6O5XOxDz6&71
z9&GlFjtAS=E)}K-`__o@(<W@^5w2ShY)ovwKsP*8n7)v+Z{X)_C4{<Q+twQ(CGcRo
zR(Vj^&aF=gBiMi~=4T)!@L=PADr{r&oG`Hv!_SngFE0rr)HSjAxz?f%x%sIQ{(usG
zKBa_E7i?=aUlz9Ov}c9w{(}A5{QO1O=FC5Y5&VD;P@-M`JcHCA7Tey^u(6zYDuPAn
zzPuyalUodvglm+j+o^;Q1DF`#FI6)8^}=?o`w_=qC2W2CtT1um=W|MS9s4a|1Rgw0
z3IBgkLg2x0q=9PG+TB;c<}GVM^P<gC;p&L56t0bUyRaQs%N2~&;Gf?>?U>A3neiOQ
z%s<aLJRbf0x3l5eenI5xHUDQte6`ybz&7`85LT7Y?oGnxpJx{l`U}P$yH5&RJa<HU
z_|FKNpUsgkh`&!5!4KHl{gUIs=6|c>!FCMa;rQTC|JfWHEKJ+vvz2JKL&@S?DQtc&
z7e<H&Og-#3DEWO^YOrCyewz|Dzf>}xF9^Rq@&!l<KEeBwEAiVa0uQ#nr|;lYs+>4@
z{sF<>#QKQ-{|Jxlx@bjr<Ko=NuI|n(Z!y%_+}1d<t+l(kv$1XDg&l26=g*%xueqtY
z^@8Ty$X<n0T35C-cg|}*e^qN|b5~M0zp=fw`=Ti=%}vW^buEhymh^9wIa|=Yx;wE6
zE~c#Nyr6kTTK&xC&eo+D&2Ls&=loR)IjK6Wv$?sxYkBkJ&ShzM6xFS2ZCj$?`YE2@
z)NjrCO&9c6sdRJo^QSKi9hu+U)z#Y3-lr?4baq^L`l{}gtGeq}EnV8&ne=4xk|i3#
zj?N|1n;Vz(DSc<B`aXZ^+@z8=+`^U>jZFzXuX$Bh^J&c&CG;uH-P0S}m&|WzT;5!=
z6^3k1XGhbV=H|{R&7IvPMqpNB*YY`yOO~{@FH5{rGOJH0YI7Ies&8)Uyl7>2eMjOe
z+ivy8_d_ovxNK^avY0=8aw&RRYkO-~OLIEKLR+fRztgGhrK5~|(v~*lu18r0(>fcM
zWm_PfwbTw1AT5}oosG>srF(VKU}WbtcXh1lY-(mBCKgbo>r#^Km!;avO6IR@ZYot8
z_Qz5M4abi@adzX1Qc?6%MCT|f5qAlCURUG%)@AL9vDlJRA|v~)qbb<ek+y6?PHk!`
z(WcmvZDQTh*x9^fz9x8cdc0HVEbW4QcTn5L{f;afaenKPbY$l@XH#QALlQNcm&w=_
zcKJrl{!-iP-&?5N5}qe_b~av=I;6?IJ)7Lt*3s0Lj>c10H?=gjFH5^s-;o{oRj(h5
znH?8u+AnBb(dU3UU7gL2w(}Y<OkyvVl_;3et|N59&u{5$ZC}2NgLh^Ss+K&sv)%sv
z{+YDeYvWn%bhzg?w=c<>>~mn_gwuaWIxvUA`o`|Yq~UNHn|wiIYg^;uw&wY*7pEI$
zR%3TlOMS<R#@6-{`+2B7t)p{tTQ{X?#F_V9luhsG3Ki3+I#yn!owZ|0^O6M}C5{SV
z=V@IwXZaLe^z^!l;gqJ6vYplDG<J5SJ*w~M=j@=lrBj{GcqRAqjO=^X3+EJ0QcSfz
zBaofl6j5WJDIc%K7EYZvZ((P1V^>G}!sgD-j?RU;cI$h})qX#f()pzdwSlwacd3og
zt8hlUE(O~g+md1HZPVDEP7{lDS#$Torf{LSuwC1GVQXo3{hIgn+|zP65KimtSW#k{
zsq<O?X0~>vJM5g+rsWL14%w62mZeu0^&M=Q)}^gYjor;$+&1@dFr{O~N*%vT9*DD<
z(sPcV(Y~~A1C!g-LNcE0s#C&oE{nTFaX*tV)ckiLV^pfy`i^XtPHAjwTin>RJZU!B
zInuqg*H|T0>pLc|T-nAb>Uy`taU@>d^{F+zS!aXN<KC;e`Q44(t4aja*4o_O-Tz6U
zmyeRWZFU%$)7g4~CP3e_QW);gNQgAobFUN*UGm8FebOr?Ok1<A(Zj7utk>%(WM{Kd
zWpN9IHp84tycZ+tzuVeriapZAFLB&X=26M9!KVLC6ifRLB%B>e^@3fdt$9IPmriD@
zR;*;!B>mK;^W&b3U(YV5JGuoIt?YXY_XdgQIL+rZuWU<ii{hPYi3wcnZP;k_9qno}
zxp7{oai7(=I=jjF_hX)fMGINO-Qm7?NjMuX?$WG>7&)UW-ehR3PS<Efvc9{mYj#KX
z{HE@evvfj?PD5cfx3dGE=Q$j5EL_mxhAz}l3-Zyoh7Pdxt;>qX#$ZfkTzS{Jp4A`}
z_oHAaM)#{TbnDc-Lc6QCFS+E<*+Jh+FGmE2*+DZ|i-@&KmW5jC7FPu6g}N_GZyZ8d
za###|e$vBTu7AY9c4_0fr6HZVdgY8W{V=(@S^pLkmrg>}`i?Lyv)#D&@icSI(oFAl
z6&tU<C7}lA)L!c_fz2A|y9g5sxk^n|V0!rMLZ{dAOHWy{_TqTI@KU6Euet=j-zAq&
z+Ru7RDAQebiB*YEl&rJ_j>~tq%o4a{jU{lJ^F4>4UJERtl#yau*>$K}T?yrVmsWb{
z;uWT~(_i@UoZGXa66~|>(6gM<i|f1WQ7kSlq!hX25~WyBatS3A$3s}}m?G&Xe7`Fv
z!Ar?y6D#SxW)j#LT?=N;_wHwOP41qlYwB+C7mQh0vx~B^cBGAqF0-1uTRLpvDD&QD
zIVRA|6s^$M-5Q(RH-jEcTnpLWZ5KMh4~8XZ?r}2OFUk}HVuiG;?}cw-;3Kk?7k7c(
z6F{<9)8ob6eD$*RetWOC1hbOI*?92kwW4Fzn#+kxO&ZUz%u-wk3e`#;=&|d&9Aoyq
z*J1)|_bO8sG%TFa6)&siEZ5=DH(zqOCe-gKDX!H7UJk<M?^&n`EE}8SM&DJM9%uii
zSWbOlIPA4J)6-0H3QLw{yjim15{m2+w(qrHDDJx&6KLjRx)hTX_~0@3i!i~o-xU~F
z+IOuZD=fYC63XKK=$r4gF>F8XwQq9GmMpmhXQkI$vZB6=ErHM0LQ1T(gwoQ>EX9g_
z*I0^W$>K|~AX#0>3i?@E358)U_gYs8baH{@7ga)epB0tBmR?Q?McI)cIn$M1ND216
zS5X4RmT|ZCJ@=2<rKOfo#*7^2x3%r&yIyVSeP#M@mS$ocCDvs^iLMZ`<9A$?DM7k>
zh`y!CQcVei;%Z7Lv@R~&^&-u#Z4;k8ohY?D6FhMp8CHbc+Ds@Yy)YAsdfm2{x|%Jq
zBoit!L3=K{+-giHEV)<{N_0IjN6R72eyy>0LF!BE9d21C*oGO`!rFD#Uq8DjD|NM$
z%+eBF#iCDB{jB4JFp{0o4p(vJ_EQ>a_8N5`eSeEPS*`4MyWaNUW~4-KdNt9rPx2eI
zMbOWJjujVIzOrLPuV%xFaB<<omxY1uvz`#VmRQNj_<omhVlaJ|MnXXrShjfKmp(#a
zF^+ytoZ6v^J<t_RdI(5nOy5z!pr6Q!Mg271XSpWC%nnt0ttJjc--Vi3(6cM{UZsh1
zQTMF!tgEr*&ArP@)b`sl&SAfP(|dONlHjZFvQD6j<KfnH!a`Fhw&SHXNvTzx9vAL3
z<HN+eTS$r_HWgRL*)_A%(VWTk+=BEdV|o-V?u;2*-*I94vQ9k;&_j2HrNth#Da`EL
z$fk}J*#gVz?&kKc#*wYX^=K_1X|+l<*x974?Cju~m|aSFc%7|iQl2{~KAw_s<>4_;
zUw%kZepsRpO7tTWy(-b|u^MY{Xi`2b(W?`k&zKaYJbVt@>m!r$(TQ%4?__n#!=H=v
z^-oCb`J_To%EPBnygnf*e|w@&O7yx!uTS)8i9S8iPfc__sZx~k-0Vc3lj!pjeL<q1
zndl9Pes-dtlj!Fq`l3W%oaj9AT$J)0kJS~WJlB%wJpNyl@*J;Z7NtD=IRvk-Ov*bG
zy*tq_Nc7c-esQ9&NpxOAC`x&5ZKAJBbUxuyl=9qViT;5^-;n56B>Kig=h4KXl!woJ
zc>S8B{JKQvk?x|D=Wa^$k0$ypiGFLMZ%Xvr6a9`vzbn!2PV~<t`sPI6lIZs&`hAIh
zf1*E-=np3PR}y_|qJKTnw<Y>RiT+5UZ%_0`6aBl1{#c?vk?2n*`i?|@I?<m=^k)<O
zCyD-CqW>(>f1c<&6a9rm|8=7OHqn2d=r1Pv9~1pgiT-k;|0U61N%X%a`m2flk3@eh
z(f^g`ZzOu2XGVLZyyx@s8C9O!Eh*n4(f3O9eG;8dE)}Ibw_l<kkmzqo^n()p;6%6A
zo-AHI$zGK59FIE}r95|JqE{t4k3<)xJU2Aa?UMqTO?mi~fVV$3u^*A>BNKgeqSquk
zpPwsAdG3TnuTAum5}nU37NtD*_C%kQ=yi!+pXk#PeR`swn&>kVeRiVHN%VP%z97-h
zO!S6CKReOSN%Zp)eNmz>PV^;-zBJKW61_Fi-<{~ZW?K|pPb7M;-BT~8#3$Bc74473
z%0lJg^NU5QJbW6;>-!XyU_UU?c{QXc<>6Hbuk$)nQFQ%YRD{aID+WcXJiNZ*bzYSy
zN_lv7(d)cAQk3%W_`TPM6cwTJ@Va=BDi5D|@H($(6{S2pcJKA$ii%Kq_(V^UD(`t+
zHRH;|r|*3E@kK?bJbbRVNR@|A*?Ilsq7v+RRih~7;m@smeR5F|Di5E+EK=n?pYh4K
z^4uxK!eGxUiA5<7pTqGwuW}TnJp2h0ug@(iLgnGlffuRrp3i({TzUB1h%Y~@s0fvZ
z&xjPM^6>hv*B2I*VBeVNO^M!|=*tqlHPM$R`iey76_28n_xyRVj4KbHboJ${ii%Kq
z`0PuODi5!Hdi^~`CD>n*=<iGPb%}myqF<KiA4v2MCi;gG{lkgQt4&2I&s|+qgvxW*
zCi?Y>eq*BFoai4*^p7X{CldX(ME_)>-<jyVidK~J+^36*P<igNiT=4n|9qm~o9JIi
z^e-m*mlB=V;fhk8`)W}UDi43QtVorIKi}^4Zx)qc|8SyzE78B5=-)~7?<M-<iT?dW
ze=5;`kmx^5^dBYqj}!f;iT-?||5u{_BGG@D=)X$z-z56)68#T}{$ir@T6Iy%!>2gB
z{&G<fDi41?vq+VPSFXMOYEcRH_PS$6m*-wf%K6+!QOdJ-!+MDF@ENThRqYSR7d7J9
zJ<<0}^t}_kBGGyEuqe7dPxJ#4y)x1HlXgWZ&++MyqG)|2(K{0T{4(!=m)`a%Ru3=1
z!I^-0snG=eNK=%fAD!rYjK_rXv8E_TpPuMvCVEq%`!fdhFHXugB)UIhVt-pwzB$pq
zlIVU9roP|f(0`rS`x#BSpJC|s!3?UQ`z?%qnA;%egA@I2i9RmTPfB!qAyKYEduJx)
zjfviw=zhhDcs>-%`M^<S?&AE_QD+`h=GNqGg@+fhEA^R<FU0c0gT6NJS3vOh{iMAg
zN1Y>mWo}*mS4p|QgQtE)oY9+t{iS(-M@f0LoAK!Wjtkx2!Jyk7a*=SQ*5}@n)ZdWk
zHzxWWQO8$h?gROIqRy3PWo|=$YhwTHsPl4qW$ubRA0j|_@whU#G5=E3Svjf9U73G1
z>dQj;ReAfP+slJ~O}<hGF%x3oqrAv0rAmG3kq-+XH!4-?6At_l6cg-EjXGCGm0JIs
zmz1|8`h`*N3icn(uS?2rPV{@C&Y7)JpGM;2b;uf}%G|B_Zzc9WN%U8up2fE*&&L@}
zi2r~Arp4n?)ZZhzQlG@;<3uLdPf7FzQRm96QlGa!FDbtu(LWgV4+Z<X@;4{tUrO}H
zqP{-Z-<|(aQvT~i|5u_Pu$wAMj!>%9pK=}%^<M^kbN=M0&ky>R{Pd_FtZ}N;=f3$v
zXD0N2Nusw!eTK>^bNA)fCgoQ~{jyMgfByEQ{0mY4T9~g7<iDDfe<$kM{`Fw~>7?8~
zFvv^bmHHFYzmDZxX;tR7=KnkDrv?4%dH#T!3H>SO?e{3?hbH>SL_Z<XXGEQk0#)kI
z7@U!mpB?qaQ2t21B`N2RtRYQGmAUQtOQYT#^hfg_jyfL@sMMc8*cA0_em<7x1IGw2
zm{;bW$Uhu)IQsKMqW?P4{}%O8vaQTLnSUedoaifaJMw%882P4Br9NdjB<c?Z{h9pO
zsAEHWCrACnQ2vuVAL2Ek{G6!2AY7?G)z}vG?0EO{{KZi}HI(nnZ-_b{rLN4qkpF1Z
z@rl3N68$q#&;0#5|3Ff{J<*>{^j}B)_0azB^Zyg|O+kM#pLcKS)BXWb|3E1JQ+{w#
zJ}S{CCi?8Cck4J^sXrb1uB3cr)Y+{o^=bXfqkdx8KmVG)E3tnt>PH9rf8@U%b*6n~
z?zQ|gQP2GSEC0KwFAn8z<ll&THXrk42kfN+N#?J-tfrT~TiNMRzeF~bxjo93Mx8p0
zPkYq)C7?35SJ|4R{L)0fBI-MXzkSL+nv{P!>c@ui1IoS{_3ZfYma^|hUBjvN4k~*-
z>e>11;IcnNeMpGsu(H>p&IiRRwf?*pUoDA3{0Aj^Rn+ed_D7bDk2=>`mAR_2$x-Kz
z4_0bDdR|h$A<^3teQl!Okm$EZ{Z_?RnLD=Z{-peSiM}(@{~YzBL%b)H4cNzen{BTH
zqs|{Usm#@u4UPIcgZ)WmW1`N-Y$|gT%BCju=O_AkQRj~~RBAoDE$Z3vY*N{Kqs~XS
zD|2;a*Cq8o74@m1z524PN%>Pz=Yz_XxoKs;iTe1^-t@A+MV*g(R_0DE8yLSt^KkGt
zv+R(le=q2>%SJ?9YM8&{qt3_kDsywnrbe9)4OQxDa9-433iZz^J1?ofGV1$;@jI_<
zebmV+bBoG89(6u;Qkh#^_PMBY9bTE!diKJFt5$R@>1rLDTdGHUb1RxxG_6>fTcJ1l
zI+}vE@}gYRm=n4?8gor!Ysh*%$I=vEL%*<TArH&VT5|lt=G8fALT9YhdpFHd(c@}*
z4Kyp@L0DjT{<Ebq*3gqX#Trt2YJg)6ay{(Lv&ON0rbQRcO-&0!H&h62RY(*y)r{-z
z7+aI0diEAmc$hQSq$hE@mY=d9f|(1ZYCPg_Xe7GyP_~&&?Xk%<c6W?9f%YdicTHK`
z6yJ-8eVd{OUV#ca!0;@oUQFwGT(75|y`~U`wPsu{d#j+&s{{!#HWx-sPaelN2d1uA
z+{`N{;TtPK;Ypz$D?aL=Cd0;ArDu$KHXn}}&C=tS%bGi9H($som3qS<8?nw(wJ7T0
zd2oN>`~|1an;JJj_U)I2fuB8jR-~z8Zz(9MnH~DTOBPkr!ZX@?shDPE#GX9^*%h{+
z;cO&B7)6up?S(K#eO_58vSE07UP8b{k7Cn%^8DFj7M@;r>eML<vMx~@s}MsE=y@92
zUQ4k0ddw?QaTB0vvxV0RgyW-jz0Kppe%UsQ6*6u{dt0mC5zLh6IH#O98G8E=Q*1Fl
z{1@kFbfRj!?$EoM7*}o8V!eH9GnAJccp1V~h*Ye>zSbp+g)O|lr?S4C>mgm03&JOO
zdMas`DSp=?Y0DKk2VH?)*p+<>LrvHV7n&Nxv`mjCceE}^0@u;wl;(ElW`!OZT)4dX
zqHq+66Su_s8DaXc1;fPZ*~7wDGu-PJ7C9c4vXAKL@b)Gh6_{o`qNu3#l^l(fUf)-s
z>UPcXC-h9?5*DH1U`2#64BM;cwJ(FEeta=Q5AQcMpWWQq5lD`eJuhQmC8FmI41IwB
zKa5rDij^Im-3wQrc*58)4owRQQL{LEQ!_j`DpN?RXl`V$cDCzH>dxkze?y~NU(Lv2
zSbR65r=Rf<Un~uV*;^SUUd8D9`3v?TdwC)Znp~4>9D26%8SQNyjo}dArQT|k<3_EU
zaeB5%s31qZH;H-e%5enkc@HCf`9dd#6&?DXRf#t&7A|b+)?2I#S9W(UT$oE=vdAjf
z=P82L^U4J03hkus6BL>?ZO!f3rmNRSNWx~1FH3-<HHYzBctrv<Pmg1E^RcbTZTiN;
zl8e}FRoA^Sk-jD|rK7#8yRp4HewHAYz80a;)u~+5z&5<5Yi~`H*N9#(PN?R**{A3w
zW<{XufI3}JEDs~=9&nA%Y}@wf?`;XWQWO4z6x!dss?zMNkiGoSTMbjU7uEBwLvNOs
z5iFEt{k_%DuK~4t{Pli+Ashj8S=IaH1+h&nog5zYFPFZ*&|_OXqxC%B99|#Dt|)qQ
zz27|O(Skjby4Ob{AbKuK)Ev7?IGCwk{M1;wz3dr$s%Ebd^mzk7m8VSR2%)pgoNyYE
z-)yo*Hl9}Oh@!)G2|Er+U3?#=@7n^=ch5H#iq3JB(wq`>m8b8J#7ou8yl7_!K%Ky{
z7Q;Zfhx>ay(O>Fo4B9=l&*>sB9BeWzgYh#%;d$_Q?)Fde7h95f&p}!Jqxa3Ldk)CV
zt75>~scr1CQOe?8*won8ly0ziBBmk#6n|0o4ZG*{nO5mT`U=9PMenaE^m>BcKOArS
zN_+FNj_y`&28s<ApOH5!`S1N;d>EeMD;lA4cm$riC;d1U@4W&Z7^v_O;(Ww`=SzrD
z^7Xpuk+3$Ae@lSjzkK`=iTm+<ygy>S&F~=(^E-p_RSpkzxY}XCTz+cSZhtt$Q^MxW
z@GPhF@;}YBb&Bin^bGg0pW*D|T19C0RA(P?i2ok`k7M}x3<sawP)ZoSeDoQ{vk>U;
zQS<!F%qEQItPF?ojJS%r5r^@NIE-h+Be0pB)gA5Z$2rWszxkQq>?eUw&+68L=VW*~
zcy5MgIy}c=K7eXA4Gy0Jo|n~K<oG2Hw>aDej`l0T^Rv2wx%`3*hw*2@ND{_2{zw+a
zmW7fi`38sM{0Vi>a&`T@Iy>Wo&AVLPa~vPP6du|=FXKbI3o{(HX|xY~oL7Ng<b1jx
z^78j&0f%<|oQd-@_*v}y$88<<!HE0JnK%ck<l5%dP;h^9Ci0`PiFL!AiSr@M89!G4
zshDG1VV=kNA7YO2>@sFQ&tse+=KpP+eC1sdwo#ntVQeD~V;gaZGtSQtXWU0ZoYAIQ
zzHDC@;cyt+SU1EO=XRg5U6REU=EK|MKoaKLaT(_SH#KM8Ouu40p<l5tRrrs6*=4_C
z-O#Vtmp<d)?B+a%QSwV2KR6>pe{0M_G4#hT&*}#IwhV{yiTh^QU)nQ1Y}1Ym<Jryy
zp>CWfq3-#aO{g1js2g#Z51pA!m=9eU4&&CH;VS1pjGLc_7i2b}-IW;*?M9o>?u8j2
z+Ko1$-PIW%+Vwu)<9tTk$EUZC;}gc=lB{mPkq@y&?8h_ML_dAT&Bwpa#pC_FFXKZW
zBMv^-I{S$G#P7F7Y%7dO#C}Y|wupR{8nA60w#9na-^*RQ?iHT=2OWP!KlYIiar$eC
z54*Zoy1G|6{%Xfx>-g&&e}m(1bUY18!ua2u@gatfI-6Tu-H$t)Tb<2&olV5S&nGfI
zY@<yX4rBYt42Q9ebGS-z<l|foV|zztQw<-_cO$@Y4zSzjqffz}YmCsBc-#mv+~s13
z+cDVRneo9so)d$8^dDl5=Z>)N#N$|)CwIHLL+}=l^RaHQd4FaT`Wxd9{k<sTt5hey
zCc~k>F^16J=qL0y@}a-CXZGW$8~IxBXEJ^Q_){4c>>0Pv$JqDK$B088H)r;tkA8go
zby2()@^yp%7(?*yubtxcQt<yd7f<xxCmwIJD6<bX_hdM<8^<vC<SX!!5c8JICXD&e
zj1OZT=WQ7Cdo!CV73ZUWO!Luy7;`_zqW>`F(SI28=s%2k^dH7N`k#c)maMIMuzvqR
zrYq$K1Q`C1rNuA@K91o6aEzhB;d2~b1imlxzXTlXwt&Bo@okP@364Iy!5cE0)!;bh
zYrxlM{94Da2gkl_0LQjAg5&S!SAp-(>Rtzq<9QP}9>;D0$L+q!@ppi;s=2$thv`4b
zW~Kb+V*&U9hv#OPp|oqxJ;5=~FgG6j|Ips=FL9hhY@WZ^#r)X}hnQm@L(E^#`2Fci
ztb3rthk)<QYz8^L3LN*}q2O<1Hr3#`eMf+|X8dUIS2H{gye-4E4o?8bx|1BPcX&ED
z#yQjBIp9k(pMtskstkuQ`C5iU-~IT+*!;K!o7mr7j!zuVFg`KnFg_7i5ktgbd?F6x
z6UQoyPmCvwPsAafI98!A{#X~cb)UXG;`;k7*I)O0eV(AA<iDNSpynU#2e)L#A)aUx
z=1Dw1hI#T>RyT}8j4g~qjJXQ`kq_hG&#kd;7>8&R#v#@X^Ca?No<tnxNyL-zANT!w
z*Vc5$hj|k1!#s)p7dZO{aOBT%{37t<Ss#};o}n@OHiuV&<96(J_N$%E8pp47{CdZ4
zaQsHcU*-7g950y5@5}%3nrgoc^MC&PS^NXQPh@yc@RJ#?06*n;e;qhng_2OWI>Y>*
z|AF)Qw5uC&uzAMW{K(m~WH_|@Y=-y8=Ll+Le-JOv17uNpt>eXQ6yoP0AW85uI5Q4@
z;(Rzzl+C?9^YhDD-70LxWOavvc~Ce?o((7oeUCV_8*yki;?Qoy2da+M4edrg>=zMN
zIh)XK<QZbC%WxPT?eI8<YaI^zMf5Yt@%0W*cX+15a~xjaaD&5Pzli=9Iev-5Ee^Li
zywYJ@Sie>~9QKRof34%!JG{Z+jSgSs@O2K~<nS#HZ*uq!hwpZHv%~i|e80mFI=t24
zZ4N);@S_et=J1maKke|d4nODc&mDfj;omy^qQif3_%9B>>hNn0=d^p+HX7jYo(@+y
zyuZT-I(&%3gB-4Mc&NkG4v%nnw8P^Zu61~V!;>7YcbL<F^=qcXa~xjaaD&6=IK0T=
zB@T0FGyiQ4uXMQE;nfbWad@r6>mA<U@J5HPa`-xjZ*uq+hc`KVhr@R}yxHM<9KPS-
z2OZw(@HU4ZarjY(A9MIgho5%%S%;r<_~#D4;P7u9e$nASIs6xgUv>C3hjV(~FMok{
z2+08O^D2yzClJX1r96WdCBMax_=tlI!J18X1_B>#_7s)(HotK8J012u89Yg-`|Au>
zq<(x`5eNI|C)h`Rf9ghjpu>kapM$`$tty9yf*E*8H8{pL0?fpbj0VTC8V8PkYQewD
zY$iB7$>DnNC7F$2F5jBrForD|4*iPvyul{&!Df-O`F(~%-y<LT9&zY<TssPV&&+X|
z%O4uDY`g!Vug_rPw^7`tAvQlx;y8yG{yXy%Vu)=8dv6o@V6#0_LY#xMczm2;8~r%5
zsZw!1`VZUa;phnd3t8PTKKEs~PrEN?_I=uoYucgRky+h7?fyBd8`_OARMW1HA@(uE
z;J0H8GmKB{Z-`-B)>i0yv=1@F-ycH^)3eG|v=#XfL-ZM9h}V!|en$Jz*vE0B8M}tB
z1;=Z}Fh65oCc($P^clCv_ZhbsLx?%H6=EJNXOb$VQrj!|k1>Zai8%O=_ZneLA|L!m
zKKPF~_>b#*VN4<pV-m+9j7eNS3}f=WEa)&Mmu5JON%R@UB;rZLA8|eSmCRl+m%oz#
zbGZ;tjI&C*t*M51A|K+3v4waVGCv`nh(kQlKE$&E@3~xv=d8?rlJtD!Lp%(aWV({w
z)6E3OzRv;wEvvf#yixy28kF+U=Q-f$a}hZ9af!n%;5cq=j$aA>PUgQG{Ah+(gX3D?
z8Zd()S*w)i1SMGyj{V&LjxiHr{_mO1Rp997I&k!J6ZjvQ%`M>QXA?O3xdZ&q%;s)z
z?E7YLM(6GU57U2=`;}~4KM4MOGy?zC;W$16;Qccg$BK{y-p`X*)$@DG&c>NK_B(hV
zn_{y)_Q59hH~5M3sscZ8to8@Lo>e{&9LMtza6B&z0>}H!D#s56$1$u1$79Y2aBOR|
z<HtGsT5ybE0{CB943ofdThu$7>0la^%v8$9wck1580P|TjHdw{{htGlbr*qS-6i0S
zS-UOZn=;%6j%!vc9pCNv)!^9H8gT6UT8Gy=n+@R1eQqQ8jZC=;{KE`i2i~0Fo4|2i
z4FI=f{GQ-=uCD;czV8o?@0%Uy><@8#*p3@AKUMJ8XPBWe|JC3)XGVad&(Ywx{yYxM
zg|MU+9Itc2cAS>+li>aFF!IykGm~sP#`!-7-tR|o+l9Wz`5F2i=V$19+(x1A(LVG&
z&ZW@zIF~}-<0rp@&u%p+2|nZ42A?su;L~4k&}m8V8TW<YGtPl3mDzj<;~D2e7|&=E
z#xwF^JY&0IJR={*GvY9w5l_N@jIACVw^10+=zk{sk29k%o^kvaz<)X88^G~Aeh%1Q
zlf+MegfWTRD~w6pMqx~jQYFcOO8Iyl7{(;V5XK~aI;{#D{*t^TjETQ)<S#Z$g8x`I
z_>VaFk8?Zt_s61$t5n~{B>3lMC5k<_HUOLMj12vX^CYzUv2092yMF#eKC~OhIrJ;y
zDtyM{TWB}Vhp?^v^?&TkXzb&59OvrRIzDXcXg>))9tY~d(P!A!(NEac(S8m#duM%L
z;BW)@BUvB+4_jvdXUBB6{~%aq%Sta6!G=Y!SS%L7V#Q*y2o|YsW3dQL2~rJREYeCz
z38GTA1SzTJt-OQ=sYa!ml2%$lkZP)-QK?4%X`AwYzGt43_t&@Y`Rv@^_dfSIXU?2+
z=FHr=bML0U_Wag`?tP~lw%!x;(XiJwCNNEz$N4ze^&AhEs~XS?d*A7U*=VH+T5_2a
zVb^~W?7Wj<xAT<XnHoI(u*dl{*yDUU>~TH=_Bfvjdz{aLJ@?LrUH>`oU_B_!)$(t1
zQU0L=bQ(Zupq5<cD%jgw4SPPXf&G4}0{bTdYhm7GE3wMFy>+nX+j_XCY?PreUpiH4
z(2_lku-mW+w!aznTs;i-T-^e@Pg`N<Z3}ukd|SER4)}(WM+8qN?7Smk_g7cYyWyM5
zyge`#R2r=%x7!%ldB?&ob6oI@huzn`u=~0Xc3)3`-PaRg_w^)rTRkXE*79$C>bY(p
zIxAPI(vs^|4ZBZkVAsC_dw);;=r&LN==#^;G1mtk8n_{FBV0Ds09KRRB=w`qN&V<{
zXu;!lXocMlZLr&+9gcImw=r$6=eo4Lp6k-~dY(z!>-wbabvvZ(rGiRndp(xw^!(qp
z*L|9{*Yi@^UYGwL+w1bv_PWfpz25c~%4g+DX?v}w?e)6S_Ih0%^5y+*1nm8;6ZW=`
zgneGo1^>O=;O^k*fqgD98ut0a7})0(G;7}P#wCv)l*Vhx<EIyP{rh0oe*)Z7u6H8r
zeS8v3M=4F#lE=do*m<W0?hiZ-_Pq+zVYkl=*!L>TguUKb!8057yfFv%yfGK{c$){i
zkLJUk9~Qu#Hx|NP?;_ZBUJQFqSOUA8rErrTl$L49`@(YA<*a~R&Pv$(!YbHxTMc_(
zSOa@s&}6%IUl<7chm)${AC~Pe`+#+><I!__<U!?JU8UF7sVTV{_B>Dn`<$l&$8(-*
z%JPSzn;T$nOJiV~AfL}S2YndaQ<l>bJgtG-0=Eb5fW58}uzz;86OP;Rpai8<|IJFS
zRmg2P81{K!UEun_X&dcH+gLVLdHwV0vi@lsZ&N0vw2hmWoVL+FvD+ePooh=yZQ~gw
zr)|8o<g|^qmz=h-EPg=R#$T6D(l+{Mbw|pY$5j_Rxy;)Q`-iG}VAp>%%td{rf$&ZV
z%VWf}lB<KB#(>9aYD2eqYD4=|8(Oa;ul0J^V_2yDmq)MH*D9;@e4Xh@F3*|AmYmjm
zZpmrAyOx~RYdx*k?Ng_h*TJZi*8A;}hbrW26shm*Z$uwcdYa%1$`?}KJyhzc@4T<I
z;PLorg<Vb?{Bijt^_{PscA)d&gVG52riA5nC+8iA?w>zS?NAB(pxZOGgZqmT@-aQ-
zbvY?-JWpeTlu}-MXqr6dq&D<CliJXIRENj&Olm`Kdul@;bJKdq%BYmq>v5IFOl?{J
zv|hh=PV03Y(t2IbwBCKoa_SUvd#3e1S!PJ<J+I{d=sSDZ)O??I>N~G1^_@K}q5M|Z
zdRySscS9s7rM`3hN9cK;XF6f)BZJ-rd%fMT_m`gF84bJ5$G~oLnljHt<KWoNaco%s
zk9Kx@rgnDush#cTl1fDn`PPw&I&c$dNf+l^i7M-t<0a{0${<yA-cCO!UA$J;@sxf}
zx|n($j9+GUy;IEhE7B(D4=Y|~W?QKfdaok4Xuzi_)|*=txul4GgCfHPo~YPtrko?q
zQxx0H-&H)xjE8c`%g29bn|l;Tnekj=o}tKd{Qsp$s_1)F3=i5FK2$N)$J~HEOAku?
zu2Dq|d!FK9uyi%`fMbKs7(>@8(l6>}e^>B)-b{T{o48D-!t597Ju;7;SIv~0_3FU%
zS=PBlvciwzDGk+9k@0<v;{(ip5g%e^H*Ys{dU>juQ^(Yv%FC(3`PTUrdB!<q@{95O
z_72Qp`Z_be1V6#Nm6(qc@N6rdY#t*1j(I0BQ!}1D#2ilG{lv4)2a4yJ4;S;BEqIO+
z|H^!f_$~8E;@_K36@O&@g7_2jm&E@xpDR9C+fTdEr)m7Fd<}yE+C9>`I2Rjau2tOJ
z{0Hef1rJ}Fp>BICa@c@Bl!xaq{m^8l%!2~An1?H-@h|`1<>5Jb+ZB&7llMe3{dRKD
zJI(arSwa7jnf~k!`h{ltmXAzW7v-n@T1-E)k7a$l`8q{@UoY$I&zWxy{O!Q}o?!N{
zKf@0w_M3NAU+_G8zHk1a;tccN^6)%+)NO0|$L60XK5ITiex7Il{J<{<USxhl@ip`D
z%FFYdcWL1F%qtY%H=iLt&$IvIz^em)8kpk@etwmH19P?FM&^s9*PC}!+{OGA=?&(6
z6!$V;E`2{U<GR`WRq4acSBsA~Un?GAzCnDJ`5WR<=5L8PouZ!K7LPGsp?I134(V5!
zdlj!X-z}Zz<h@bxdh>Us^R*WA?}@)<zFl#W`9bM-nZGaoj=5j)yXGHApJx6q@xxhH
z<ZBO<|KHO2C<T5>%-cnnQ+-Yy;Af;iYyOG&1@jBy`R11ue_{T)bWY#N`%Cd}%x@|#
zHvdXG&++_D@on>Oq?7*b+OIsMG|!s}*^}mZ>y@B0A7xKE2eYRx=p1XZhvP!#hQN)1
znWM6&IdD1$bNMYnZw=fQxIJ)3;1PkDukyOmIhf1u3Oe&u_VffE9hmtmd&UMH7nr##
zdwK)+1)dOiV&F-ECkLJqcxvGOz|#Ux4?H9A%)qk(&kj5%@Z7-j0?!Y;An?M#ivlkW
zyd?0_z{>(J54<Aq%D}4vuMWH>aJtq}EkTLnP41Vfz|4bLuL)cUTpM_B;JU!fpShf&
zftf$E-Wa$kF!N{j3=7;6xHT|u^RmA^a7SR~+wAEKJTh=s;O@XZfky`(6L@Ukae>DN
z?hV`*ctYTbfhPr?9C%9Lse$_gPYXOf@QlDS1J4RPJMf&qa|6!{JU{S)zzYK}3cNV*
zlE6y?FAKap@QT1I1Fs6aI`Epne5{hkK)QF)`$ARF`8X$gxCEA&%L<u!i=LVPq?EZX
zaD8BY>pFWH0yhS33fvr+|5TLowghes+!nY!a7W+~fja~9pMY}tU4gp;_XHjtcue52
zfyV_NAGkMgU*HLWCkCDrcyiz=fu{!U4?HdK^uRL$&kQ^(@a({I0?!RRFYx@p3j!|;
zyeRPEz)J!z4ZJMy^1v$suME5@@an*80`o>I_w~TQRe`Gm*97MJN6uRtcyQpl!1aNL
z25t!47?|Hb&*e7<9u~MIaBJYU!0mxM0*?sX8F*yiuE5=a`EB)Fx6y&e1RfiBT;TD6
zdjt0co)CCq;7Nfe2c8mmYT*9B(*jQqJR|VTz_S9+4m>CD+`#h!&kwvH@WQ~00xu4{
zB=FL}%K|SCydv<*z^ekU4!kBX7aMXv4h&osxH@o6V6OS)ytRP`2d)cTA9!fshQN)1
zn*uin9u~MIaBJYU!0mxM0`vR%x&EDjM+WW++#R?l@aVu}0*?(mF7Wuky@C4zPY66Q
z@T9<#15XJ&HE@66X@RE)o)LIv;8}rZ2c8pnZs2)==LcR8cwyj0ffol}5_oCgWr3Fm
zUJ-a@;8lTF2VN7Hf0LKTz`(#&fvW@81m@ay&RZLJaNxSY^?`>5=Kmt(avB3S1#S*J
zEO1NU*1-HPg<NKP;Euo}0(S-;8MrHOci^7D{2zwAt}%hf1|Ao9eBj=|eS!DT`?1O<
z<+cBGJ>0C11d`sUC@FEX;!t?g^4jKJfs<c)gS6xqH;FX`4ye?W*E2t7=K5&5HZHwG
zyo2=-io2QlXf<8CmZwX6l=X8JtKcW}p!BvDSVL{VdOF{RdA;7uY4$L)iW)Eu-b~l9
z71K2<Gq;_Qw;~VkBj8#w*K^^);!SiuleyMhC%x5NFXq2t;z1Xtbx|KRdE#z~TbL<x
zD>K&vQ+ujD`$^l!`WWfQn@>@sy{JFe{Vp(nS#h*^y!2l4jf&Tsx$ZZ`e6Qj?X3l?q
zWS*<|bl_*qTo2?m)_a?HzWHUvbbVg>ozj16o$Cs(o2N?uqxnO{56oNx<T+*jRdJ>H
zA?fK_y>zaXrfa8S&Yd@*FT@qa&CFZ_9Bke}aeFh@0GrGQDIQ>cS~?%yQBIfQh`?tC
z{(_nFZhZL9Q#{Aab;8l+uPKf-_bT$98viYd+*Sf}{gCJIWW{frxt7Rtbgp-%>z`t-
zCGs4d>xU1TA64W%HTvt)`8f=Djv^oZ!f#9GJu>`~;)`a^>t8d!rTB*Ved&C*f&Wj6
zyyt~Kl+M=%VBX8}`2_s2^!2sC+`?34=G?zx9-_F5d4I*-0yhTU*ZeO<e3aRt*lcFs
z;y>h~!-ty(YGOIojQ@D^M$&nXe-kk&f9}s5k(qrmGjl{{=7`M91(}%(GPB=it_#fm
zpY@@EnG>_#7?}An>&&g0hXrm4+#0woaC>0phg=TxY39zrBLjB@?hf1&n7JjFGbZrZ
zz~cgs58NBLFYtuG69Z2QJUQ@`z*7VF2c8yqdf*v>X9k`Xcy{19f#(LE7kGZ)1%Vd^
zUKDt7;3a`K5La|CtX0&IO*~j}7+fho13%qN|9mm<)@DAVu7{u0gA!b{YG+kS$5WLv
zQoN@Y%4||Rz<iQo`i$G_IvQQ&3{->*4%ABN7-SE5C})&ns*gS({kr&kbTh}K%vT0Z
z$3c16mTj#wzS6N?`dD%L+*5q2_yl{#D^|gDlu{~32hxV}sqVumfqG}gpSe14O<--t
zS`U4Y{q#ZRy1=w;*0&c|l!><4-%Q;}=(JO+r<iT|ob{s=sRJI$qw4U1imVr=J$5m3
zF0_aFaK(MitT&bOltAfVEfq0s@G~=Q!1zR`4Hm&$mDk|YXPxGEg1#(pI$qoJQP5Wf
z{zu@?0<&$bi!qqCMZ8#iq;=ZrMEI$4JK%y!D$!o#W!#=&eoK)tho63fv%d#j{)-ha
zG{38O87#k=G;#KS)t+k<zh+*p$T<^!`T@@ViRdc-HpN@bA1Y3P<*zemKj&EZA5wh4
z%;&>1VEJhqIQ!E%nEbP)J%LBOTJc#}{-NgVpJ&g%6kjo~t6jc;H8CiAIo`zDmCAc{
zo)(x3PJ)z@f1BVJul4^pSyJAA^Q&>zmM>oGpYxx76*r(F&#sEwns-u6`;Pnr&Hq-u
zjBCpmuPy%>nUyxxlKrWCdDfOMUR%EW|7ZEzh4RH~%crrG{-b<()|M|`TfY4NyZqgi
zzar0pifNw}?<d|1U4HgQIM=@(U5$a3=4vxOboyOgIH2;J9+cpM5B8PnwBTVqv{yxf
zR#)m`%DY+%`VESc&G!(^>Y8%Bb>*0BMxUz(CAjdta4llWnWC8XU-7Zxb}i^<D4qh(
zE!zYx+RA#4M6WCFCrZZ%bJ|bmmTdy(Ho07kzgKZXct|<Vvu&AohJT_5CAc`IT-P9R
zWrwmIYT@Vgpad5iB^;oalTP2k#j$1H2J5svob`Lrf2s$ibf1Qpyy<<!jyh(ot9xct
zMD}nyDU9bJy;iZOCGhaT?SW4Td{*Fd0$&t39SgKB>I@ghmD_T<m^xG|!nu7?`%CAz
z0T(;yL1~N@>Uo9YWoDZ6I#_<j3tY69<xjAOZNJ?f+88dl*+glY7V<L2;H>NPBI$LC
zaMoY4Uatse{Y~ra3vkw#p{ve^s17Uaq2J)*gt87F+jFEmpW4%?2<LJ(m6dunNrSVV
z-b+evmJVlqD1NQ?7?ruV^A3{-&g)I@H|62I$RYN$$O9KA>Otvr>#gRZqtw%TPvxa;
zFS4gi9=JHE^l-~Qb#9jqXPx_L&^x5VS%1{}2<dRvpR?X69nSiEbk(6#b$Hbt_G7p>
zSr1Cwu8OBio<G{tB^}P?{KI;;bU5pqDi8JSkq&1)T~|?=J<@ixXS6(UUhl5x@_a>c
zAA1<TaB+%OqO`e|iU!h&iu5;pvLfx3`EzE*ZJIaaVGN}CcAmgoaFIZ1H!T(E1I@*$
zrJm0Hq*qCYi_=Pdxc$|Na6yMF?VzQig9zg})j`ZLC9U@bfw|}`{plF3NsiZ(U%Z95
zMoZ;qdQgJ%{K@`Sk>?1-Iy2j)CQE+m4;N>Y<)`|~f2cIZI%Tpga4s{wci5%ezT^>i
z>GkcjR9@7B5?q{FmdWw5BG2B6)B_Leg$r&vQyQfO59>W2R)c&)@w&iwnBP{MZ|1tw
za`RRyit`@wZbme-n{Yh{9Zqw#m}w!+jbe^Dm$;l86t9Bk>p=-FM#`*os}^+X4;Sp9
zN>jC<SDA~mOMSX^`W-I5Sn3PWhnDvkzGj}HxYWEr@jdhU%96H6{y$0ER?o@HA$1>k
ze%a@6t|!}uXD7vTDCg&TP`W@1O#N>%S1H~P@2dS?aeCk%22OLeJ+;<3w@G73WwMQF
zEcsZ^F^F|B9^s-(l~JPKSr_k#(tA2_pE&h}nEG~U!Gk{9JWes44_N0po(C1LHP2A|
zrg@fP8Z+|D5vMw9$7O6%*NT{P#<ah`Brq3WD(m?LJ+J&C$paoS({3NYI=TCs;>y76
zhxlnvIG-=EKKvglYL&^u`r%?!xvqWC<)Lj3f>jRf2Ipf<YBzZ}zv{53V$L33qnryB
zN7=)6!`Z`Yco^50!de&e1e}jqyoQH;Z2~M$ojD)(C!yPOuRZmOa9-C#_RLnC39Fo;
z=Ir4$%9*b?7nY~NoISjT=eLUN^LQG~xz3BNGrz(4*vdALca`G1u<|yW^PF}p`T{*D
z-K_<tuW4Vn%AEU@Z9uP9gmXVqr%FRP#~*4>jUt@4Ww<?^iXE`Z`QQD>Ym{?=VwXL&
z=DfYUhDX`U`?Ll0;}u$RA6*kX6JdGk6yaQ-$><H``_p@2dH&CSl;;V({+K;%H=N7i
zHOiT%$o@t-dYU-b`DfN?Cph<!tSK-3yAYPpWX^r`CG=nFK`GTiOdox$rLsqP9=AI1
z*04PE9i01a2YWtI+!L0k+FWo^Uul0Wlu2Kuew1fzKXMRJO8qDg^TY@(ltVwl`5Y$A
zA@W=z?L2$vM>u<UjdjsiSHLP~Z9n?_D)pm0@9Fi4_SBj4x#DDWd+xV~euVS79<hi1
znFVWI^dp=-sqa({eL`R2X)tFGud%MT73niP^eLRr&6ZkkQiSvQ7~4SJHHsg=%G+$t
zeLVzSokQK)%pHoGnU7c8!o0I0^LXWDJt)CNciBhU?Nd4Ar5<<~GjPF+N(X6SU3iXw
z<zdXgh3ZL4^TR78r};rlITaQ$emIXY>WyBl2<LG{8&&oS<4T?yX^gSlw!`h|RHROn
zL)mcl@EYZ;ogd_3Ty^2`m`U@4JoHr>SMsbKSAKty#+5x2<zroSif~@nWOR8RQoI+I
zhj9gG53k{QLh&(J9=03K9$v%4m`Y<zo(6NS^Uv@|r=8$DX4nSu{#J1zEKid;j~TYV
zqKvu>QXb#MZ0{g+GAY5ux#ieMV@W5a>iPj`oQRbrU8AXp4;EKzfocCu%-bn$X>L}m
zgMXz5r8+GIg(z*PrLs>rKmT=-Q-2qHfT&cbrSdA|yhBP>wxl!0;DQIGG^Z{4A1>^t
z9V^oD!`Z(9`hMkS?3<ctr=;&+)-CDcR5qRi$~H{T%^O)KZ}LmuR@{PqV0q4XHvAhs
zD0ORrsSoo{_H1FD{RPhF&wE*?z2V}LvVBzbl($v!Vl(IG6JeEKV=lg2`X}4NIpHW+
zJNJ0S&zUz@O!fb*z?{cVnnUE@RXW>7-klT~PZjyu7C8G;n@eX~Qk#Dz)LA;)Lj4Qt
zhl(kOI>T8XZk;g(7nhdhoPw@8a85T8R$kg4E-ouQ7g}eW!^PNAzZ6}0uTmTfD{q}S
z*Z&%HdCpVpGvA?@-WN!pB>pD4^46Pk-X?VIAfpwTC*d~5LGWvOP=X6ChAB~RJk5%!
zJ)M_w@zb_&F{bqIhHel0Cmz}v&UHxbDGzOStUa_jTwGa}(}C`CM%Y99!+Bk)ZB>3n
zT54Nv3{gts$9ZWZ>cDouxejSgSS&#aF1P_eX-h2?>1-FA^*Z!J$}zShEDzfS=Q0^f
zcxdCa?eef)aof{+Uzezq*6a77Tj_b_u<|_)ufdFs?aUlEQ~53B=YC8p6?5uGal5pm
zt;38VJYQG5$K0>DgSk<0sG0G8fcYpzZAQvVpHLR%@O`OM1E=GZ^h=~&ZvAS-o6Yws
zK4PA)_zUxUiY%1L{UHOjz;%i&@GwOdm`gD%FvE-m{-z=e{Gj3tGuORdf!`RA5?oxZ
z2c<$w<?wR6q<(xe$z?yfFVg#8>5PH&{@41E<dsgp!+8#*9V_aDlhMpwii}ru`jIi3
zc?)=n9+cobe$xIWKjUSH7W~X<sh;vvA2|Dm+0&soJaAj!w0|itbx!-&QDr+&SITFs
zo(aoSZ7!}YJ*m!bNmSZQOGO*qqPR6Io%+DJ9d@(My5QpLWjSeF$xr!k)>B)xmftyM
zU#q;W2PL@ZE%WXyMrU1c*3)rEd36X&*QYAx)OYezhtzl8-qcposRNwnaK<`$*}u}h
zBM<!s=XR!j@i3pC0?R|&z}YhrU7l{mvtfB^&DnFlJzr5w`;PqZMd<PmHfR4>ba{Fe
zuMB(@EPtIMoc-6M%YTdF1X!MWbJ16}=ML!FXvS6AE-`gUeJb8b%=p8@zMkfpcLe5w
zFN7+cqopE!pt-oI)YEn;?-=Q6T^g9Xi_^Nq-D29MB4%BUX4b`6tSr@o5?p+vEc0wJ
zI_rW9c6y~fv{ckl`zxmTN6dCVV12IQqk;b`@RNa4J(ZWbsOqWA>59jhA5%>IF3&h|
zC;IR7pakbOxlW8uJ>gu>)ECM-SK7C<Q0G~Sx0#<&oB}Ivl{tStc&|Nk6;nOiLf?sL
z&(wEf+B5Z?_%v~9&vympf-meUrS_D*wmoktb;_zJ@5PGs@G)f@k1*4>j8XJm71P)d
z(+2cG<@b6}f{RIInQ5FzXI*gd?NX;K%3++Ob!l>9pH6Kn9xYDWC1zb|Tf}FHo3&Jy
z=|KrDZZFF`PmIpG;DVd-lv2B?Gj|iG^2Mx|eWxPsRZQy=?<`Jpi}(xTeYI5npa&(m
zxU($tLNPk)f{VLKopLGjYQ;1rU4A!udpUk~F;jQOT;)AID8WTl!m>T>KSUCFX|p3>
z`B^Vq++D8sQtM=gi|>?rI<L^=Hbh$LFYy85)DB|mp5}J(w&Hp%74d$Gv{&VidQgIk
zsb!hWpLm$_T3~so4_th=^rY>TPJQ6w-co0M<fUyc3A`SBLRlB`z?&<6&dheG2?kV7
zEZ-MAWL~T|Bk+#`r+r+0JkJIF#lQ;!zZ$qOe_t_;d6jdLcsTlUJt)BiAKWQjp#`0G
zfU|xby7JCcyutk6ir+NPQM|=GPw_Tb<<JIjabH>f6m*sIlHzyG3l+a-{;lHf@cVjD
z+FJ`ueduqPGE@CK%C_WrMSP4Ra|hg_$b!GxT=bW9_%-?mdQkdU3rzVN=w+Dlwl<S@
zPjij<2y;c;zpnghOz!)A!TgHiOM(Av-cSQ$Rp5UHUPrG{4xW0I3-6}5i}^3|?qOz5
zY7CtAYx%j~^<e9?O-tY-&7aDX+D(29%ksLGwzt+?JfMwJI#~<tz<7c4d#Fxy<>h|Y
zbL^>8g!B6yJ}bpDU-1(2w-tL~mC5$O#k6u=x7#yK@jLbml?TrEY&>ecK{}kz)3|?{
zb#dSFbN0|SaPI3g{<RS;(g$g&{7DZ=aK84N&R3-~2H<?nhxOrSJix_6Wu4O;t}=&7
zqd)L4PT+hFGZy`navv|u%mbUkEA*fQ7o6}b(Ff?%0nXR)>d;lrR~2a&Jk$ry?QocN
z>Hz0!??<7#4yW707>4sT+b;yqCH643;bMAOx6RN$)Pqu=7MOb8ZKgi^%Zg4NrobaK
zS17XEXMQ;F7S2n3;Jhtq467XK02kLOlhX5AD4({0^VnEuov{iRUoHJ_TCY=ti}9uY
zJ9O1;V?BKjR+;sRaBlNI+rwevZ}!mMaIWWP)*BSzoOeUzp?rq-AXw!$>UFrdUk^&P
z=<;l*xQ&^%;uIg9Q;uU{<!zE5&gFAy6%XGLnP5+|JaF-d9+Wr@!b6$2!77Kb3Kw*O
z(&w~PPA#w3(g!g0+zzGzl;GUX`-t%zp-7$Jwc}rY#>4(v^7v2lj65euYr`)O;{?v0
zGp#db;DR^4N~5$;{)LL&u<}wzIOk3C{AuMeVNX2f&CQJcbS@+v=9~Zz{kVg9Z$+M0
zKGK5{obRvTHFUNM&i7Fqh^}%DS4?A7o+@*$TWTxqWSsNTHx)7ar8X(?OvN7ac*Tk4
z*^0LZz9;ba0zVx12Z0|CoVHQxog^(CN5oUayV<j!;$G%M6saHeoTf-0S61pl3C?5h
zSTUYQ6puG|DrzcB`e?;2Sb1qTINz5t);etk=lf6Ce#(48u@6>W#sge1$d!0r(TW(4
zo0zvytbzZc2PHVS{}3^L#_5jc2F0CW`KcS6{fuLD>IUcarnWsp_Zh7_U_feH@n#!p
zzEZU+=H|d$0!GK5zB6LanR=f6lg)VU3Hk$p)A7!E9}oJE1OGJeF9NSLcWEQL)+^Wh
z*an)<%~vQMrq`&?d5R~S-<9VJ<`2Z@m@iPg(aiS?pEsW%{=oc^VwIj#=1GdJfsYG(
ziTOa4e~0;S@yF&3#j68<7WngeEw|zR=1tTW!_2LUR|e151K$+**1&fJz9;YlfgcV0
zUxA+t{9ND{1HTgZwZQKL{zKpo1OGMfKLf9)ZO-jb1U`~6toG*|c)0m;jYpoN&sJ<V
zv%j8bUa0Ys_Fs8sN;?bvV?8Lr`JS1th$#opm9RYO_QVAT8l_vbptB#r`Pjj_$@{G0
zkImz?O)r{%srZt)Px>3M%3;5U3wCy;cePN?M0x&U9-vkK%Y2*k^u0@YxEHHh3*|63
zz{O*Fz>6-=p^Dp^xkkG)EPq8FxTsI|^4!M$R(opo5}e;lo@RZpbh!90Jt&PtSKcYA
z8~p)uiJnXRNmu)GiIDZy$q(l?=dCy%-iq=z819$9AC{l$!MXisTOTSN&h5VhU3uSC
ze8)Up<^0L~7sWrDXG;GRR{6}CaBlw%^cv;NRvc{JL2-NYT*aNt!xZ;~RZgSIfph!s
zZ%>!v5#}!_w!!i<Z^OC$JMF>WV^6a@aBlyrtTTVZx&3?5Rp<GN%(*ag_%ib+ihnfo
z9m5aI%zHe?&wDj|nR%}TGsp6t3g$ggdLJhy@AjT=cT(KJ+^;dP3#@HyQ9a?JM-8mB
zhdtej&E`WD4>nI%-lJjVZIvG`w2)4--exYee$v_Kst<Gi`R1=Ee%*Y7;&tX(D*t9!
z<ugyfc^rPvo`)5undiv=Ls<R}`Qdz?!0%?T-g)x8WX}kB;5;VZw%#cn&icpJM@omY
z{x5Wuxxcn;T`jD)OCGrRQQ3wYqsvpH_&M_e)#3B7{N3`yxt@dVStQTy_VmaD7mt@^
z?rRTY=0J0+;xO~6ibtE5sGJTnW8kd7Jg07ybCvlUidUPjSL`)&4COigTNUwT=64}r
zj>Wf``5lNm%;det{FLJTu(o})whPYN{)jy*Rp-a;86yvz+kB2aFDO1|=64a^hE?WR
z`Qd^$A4<#Y`B3p6_KcGb=X0tZm7l!hrNhM?W#0X*_ezJepY6%*Hp=`J#dFOUDe}7n
zcsK{(IeeuezRdhC0nE9_RpwsBtIgz{Xr7{YtC{nZ+st^r1FQahswbTH-+p_xlIJ0N
zCddQlHh;{X)$+`-XQDhX$8ypytWPo*v&!~a<h-9KzHVNl_%^KiOqL(c$AS;6PmvDi
z>+mbl)eZwy2hO+P%@hk*<xG_y&gaIwhKFt6&RnlJ#LP`5JDaP-d%`NGU**7gy-oH|
z4oh0E{HMV3Pm>=m%FP{chCSViTgZoJx;${f8#|@#tj{nPKP)p#9#Hu!j`ALu;)zmc
zUaRP&hPmkT=93gDuChuGN^rhkXm>HXhHttineQ{)*LsyAoX5a{=q`V_J=KbE!2wx`
z^;I;v=`Cb=AHpZ7CFk{WysSuPy>MPH$2@e_3+MG7imo!*uH#^NSTFo<>(#}cPF`mb
zpQ^Y${5L%)!T(kV>HlXPr2n6FaQUeY^8D{Qq&7dhyso%~)>Zj`tku_l{P||8&lk(<
zxI5{!ikNw6Z*!|++TPUybDpo#ds6w?u5^AY5A}!hc&-sw{;mflxVWn9mox^X<4<FN
zFQzE%pannM3+FMG#zt3p9H)=)u)T2cY?+rns&ti}gJ5}BC!FhZ1bSEbnKs*ohyH=H
zr`>w3BAl-ovYq5rvzPa-EAL=)&U+pn>2->5zQ%H;^?F6Pc&@DTjn;=M!g(IP1HG%f
zPJa)qG8+`(VosTN8hTgx9)W8FcxVr}_;KlZ0==vJ9OEfio+d@Om|J?Dw@&-PS%1~~
zFhw}m?N8QQ6ydCYYMr)(v(B|Y>M%$#y+=?T+VpyQkKl2*xjow|ZVAgn+rznScd*_e
z9WJidgHpAY%9pe#rt1~|K=pkxya`ZB<6rtfbMZ{6(|_dMS+Ne5hp`9e^)iMkqr!gl
zPYFttnfqcpF`l*M$iuqo@OT^d#3P;Z;XJMmKv&))6kE&}D;^d2SXg=4RydFOlkGWE
zaRe+6^@a0#$DphHs}-+=<)N+M!u#D#)*16~?z?-f(@t>KAG2Pk2xtAL*6S7FtiNKN
zaSrG4zZhM0TdMd5thzDI;avaa=<=*o`~a4x(VRV-pr2FTd)Q>2u9(_T`fPEUC)Ws+
zPS=7TT~pYAiuH?vp0?ed2ZR1-;Ku_O<~~KXpYmz@U4zcHp*Jh0IaWMUe311v#ly_h
z|1$GT#neagZzjIYI{WvXu<FlvgY&+>6?%7h9k0&3m*TDFyA&TbvmNRBoBU~;tPfU9
zV_W)e;#7Zey_jvF{6`d9;eY8t3C`zW?P5IC|3q`AA`ALx#q(h09ca$SmoM9Mo#Iu2
z$HVehDZ+USr1nvnw9OPe=a$zz?hBl@*ZL2G{$$|i0<)h|&Q!(JU*c)vG{(eh`|DGQ
zO7vYZZ=J+P>5;rM6xnCtF2#<(XTr+Mw!_5>W!@{SvyE`Eu^yDtwyT_3V%mi==P2G_
zo~L-bxks@MRs-*&xJ%&FkJi_>Ua!d5!cSi_M^rx315ry+2l@O>o<{LDS}Nz4p9Sp*
z4=C$@q;=Zo5;JvAb(5blwyE{a6$hCYDDs>#DZAFpHnI)q&58$`pI2-#->sP1S)L2U
zscpqwVl`9BJ6w_1D2Mud#Y}xtn@e9LzRCKx6epSSK5S-RVN6rbVny=9Pb*San7XC0
zBxWCa!TJ)#7tKo*)Ap*fwifS%E<RbY#eAw_>KEy>2kl<r21s);zvTVV<!Mz+*CE9n
z;&$sW<>DEtnA-mWe<p)&-os3Lr#VgfAaR-p)-Bfs=k+pf$V<H_7p9(j!D?*wiTwf}
z6gbs^i-<~ap}LV$n<y`JNb{JOeoyO?f1o+nVK+TzU56+(tGJ3L@*@<x%oi&1wi%tz
z<v9Gqzg1*+&AcFRy8b55ChKZ{*Mf)ZY-gDH-1~O(zS@bnmW1bG#RuSlDop7~Gj;xj
zxk~(wxmvuVUL@}xis@Q}_*>$EDi{58ikq8R*EWIEdwhA&cMp1<$|dj4ly9!p>${ri
zpEM81QzxB%qRusnaK2}Naf8kr02efp(%D)l{}#oxkIO^9!+8$p9D}@r72$kb=tXzl
z39vkMig3<*pY?i0IM-*U^`VMzuFqU_mHCO{E3nFB``}#W8`c{Y;as2h(4F@qdzuvC
zoHu>etTGvgaMshgtMVQqjq_K^fz$PE`G?7$u5Y(VR5}`u^cHizhQLoJkoP>rGwo@W
z2hQtCpLr>7n{+tm<usSPd=`BjED!rVobz&98=kp}Q_M^q=~}n^^evp*<N<pYDsp*_
zGDpY*=Q3ZnhkfMjz`qat9<02b$_wZ6KeA^d<^7vIBjtf}`CGGpDQ}l_xcH@BRH{SQ
zwj7|Cu6xVVEj?ZLb~~SD&m6_G%}*<y56j;pKb-6HWqXEdU-+6mqve6K=X!hYRJ_5=
z?}>gBR+(euhx0i}zxA=w;k;eciTaOJJdAlj%)HSWI9-2Mnd6i<U4LfaD0SG=qu2?{
zGhRBJ%m2(C=97V1C?DPcmcLhiIB(ac=<*Cz+!B_jPaZgzc{aK{%uDA4=5tN_?7MI-
z^UL;3P`uKfiSod?%xCRkew!EgMf)eo59c!ZZCmQV=b!wZE$f{u51h;7I9gf1Y%Asn
zSTC2yJ9Q}g^_J-3A&Sh8@PUeH&bhd}_B9J#JV$Z9d5L10TcpFU1wE}x`kvBux4uA;
zV;JQyZ=~a(c#)Vn7M;F37T%z&GhDn<@@3YkKU}<A>R&}yUg~foth`m`f*n?gc^S`a
z#k<T8Dn16wUu`aaRr;T`=XpgI@-jzm3u{u}QIWb<nEaG(ho%2nF`fTNr=GtE`m2H8
z4E+1R%LCV%hbXc>%IA2M`bfM`O#h)Dq<DaNu_DjW+ZB(5RUg^}&euhcL6>K#;up+!
zDqd>lI55uKr#RibLh&*49L0LLs%!_i*hLRYXK6vF9pGZ99+Ym<Qu%Uu?@1%9iGuUB
zGtH|Mb=s74>M}FvtQ$Wbh6voG`1!!;z9#EC27ULyLtGA3P4$<beoN<0<P{%b4{dWI
z%#R+Ki&slN72WF^Wge|~4=g|14i}3`|M$@4uhr8>&2{25W~8r_#yBG{{RQW|OVQ;S
zD*qqMdyD^Jrh1*QPR_4VOy~3Fu|fa5d8Fd@Fc+oF1t)<@J88+~q<vN%wgoO;D?JC>
zL)k5`Jk%M^*N2Crs}78#lVN$P&BfxfoOJFay+%4*H0VL8TT8Bkrn!{2q6imz=|PEY
zu4s^KqWD8Im;1I@x71q{2M69U@a};d19KduO!A&-?o!-N>qF=B;v>wo;c0=-FmEN#
z7tPF1mj%AUTqn;YGy7~BGb*2bEA4CMG)}}r<^M5$e^3GE-?#iJx;(#BeACSFf2o;$
z`S)hd-<O-Y?wIx|l}Z1?`S`NR9)4HqQ&=AQ7cSmVMy0e5YQ3~oJ?$?K{R<aElBN8A
zZSstec91>vHJs1chFhn9;e7l`_b{l;TIq1sZ^W-M?^V1VmS?a$aPgELl<q-y-KLp;
zqR1t3bUwP}&;oy=$ddh>!%=3P%7Kf$DY3ja01v;jd$K+C(&1v8WJz_cT&{g(J<lgJ
zvR+TeJ6Ne%OZFTLOQ&rQ4f^5MY0uW6A8nmBOvg&E>v-$5VFzse6zjBM8mrdRSk-!I
zH^y=Hr*SL2PTHuTp9@Q8dwYVO_D$(SrRi|8wwyHoNN<ofHt1Kv(i;_-r}BEQw%(-J
z8}#d~(`GjY{TtSYDNYRft=3x<ZwvYz)@jQrLBGd(o8rAe|DN@B#c4r**g9?eNYH;^
zeT3r7pr^TA+uJGaiJ(6POQ-GU1pPVdU5d{K{RQjYit~g13+wdB%R&E@_0fupf}YOP
zwB9k&IKJfee+!mQUo8!Knm446lg2!f{qMul$1AP~`bXA#6+aI8C)WEER|ox{)+Z>Y
zdB)>&9qlTVPv7d)cI|pO<wBn%U5Aae`sb`qmR=L|bZ#I&eZED|xlfC7rb-_i^mJdA
z^nU3(1brv_84DbPb35#AeY*5LgU+#;@@Gir93}e?u+A7s^P#tw_sRHYNpA`MBdyPt
zp5{sWkFn0!X%GGrt<RNya?nq;K2LgQ(9g2Ym^wS?U$VYHdUw#zx4uyNg+agAI%922
z&@Z#TSo#$~|El#R(#Hq=>(-Y_Pw(Hoy*F52CVfKi-)w!kbl&slcK)_?#^&Up-(`KJ
z^zQ`yyVh4p?+<!<@2`Gg%sv$K@7upd`i!8b^APz5=#OJeuFrqN(izLMgU<O1x=xkL
zW0SY{C)O!y9&G(Z>x}W2g3jdt%Bd*wwkP{vwaz&wr*~OT*DK^_>@Nv=x=&9!=cVrk
z{SUD8dd1~I|C4q0i9ZMZFV-6rR|Wn5S#MPQN6`OeoqdJlWv=IXu-4lwJza-%J8-Q8
zeVFv>;7`A)D4l(1P|!EGzg2o|(6_PPCVji053$}Zy*}u>SnrU&ThRBgK0<mrpL9L<
zwaz}5?mx7Cp!Jc`hlO$uv)&~=-J@v#QP#Vqw*~)k)_bI%5cHF*kCr|n=%-sBBR!qp
zx_r)SY0t6JyMq55>*J)K7xW9PkC#3==;_*#%ITGUY0xjXzfbzOpr`9g@=uU{P0+8k
zf1>ohpx<PDlJs<~$@Tx1^~usF1%J9Ot@5Wx=UP=BS9jY#Rr=JR-)FsF`u#zF(E2p#
z(}SMwnOFJKr9T#QzMDsT&X7JU=ucXoDV=L@xjxTWpCx^6(0^)uw)CF`{pZ%_NM8_i
zz6Z#9=Su%|(0^lnp7g~*f7AMW>2C-9ch(n3Pxq|4o&RWkq4W=eKi#vc^)8aWGU$J`
zf3ftx1^w^Vmq=d|^v|p>mA<adp>zAJ53BrT(yM~by{PERrSrcovVSw{E2LL~zNPh*
z(zg!!w$@ikuM7H))>lj4Iq17uUn9LC=zCcosA+6dE!1bQ;viV{9H{Msi?@_fsa^{n
zu08BxrfkwW(n*w+xhimV;F`ddz_o#?M=qx>Fm=fK(7+9W8v{25ZVo&wa7*CUz-@us
z19t=-5x6t($iQ8Jy94(G9vyg0;IV<n1s)%`H*jCz34tdDo)ma;;3<Kp2JR0$E%5Zf
zGXl>HJS*_*z;go64LmRK{J;wWFATgW@Z!Kr0xu1`Eb#KcD*~?!yejbOz-s~z(C(4P
z<iNmHfweoW_0$Be1g;G{IB;Fy`oKd2Hw11B+!VMu@UXxwfm;K&1#S=A5qL!4&cGuB
zcLnYa+!J_o;4y*61|Ao9eBj=|eSs$go)~yi;K_lf1fCkWKk&4`(*w^4JTvgDz_SC-
z2|PFOyukAVF9^Ia@S?zr11|}@H1M*(%LA_nyfW~rz^enV3Cub0+VLN_Dlq50*;5m^
z5}0${?BQBy=DNU~-)5cbjF}q(b55Iet|4Y_4$OIM)>{I%2Ikx~d)fnc1m=7-dpZM;
z4BQpCJ8)0n(SgSV9vgUE;PHWb1NQ}<5O`wXNr5K^o)UO!;QqkV0#6S-Bk;_?vjWc!
zJSXtn!1Dsn54<4o!oZ6HFAlsU@Y2A`0xu7|BJj$<s{*eMye9Afode}DFfcIZep#;$
zToah{z3izCJUB4tc-d1QcxYhG>$0aYa8uysz{3K!1m?5sTuxiy_P~6WojoH0^I3M*
zM+WW++#R?l@aVu}0*?(mF7Wuky@C4zPY66Q@T9<#15XJ&HE@66X@RE)o)LIv;8}rZ
z2c8pnZs2)==LcR8cwyj0ffol}5_oCgWr3FmUJ-a@;8lTF2VN7Hlm6WA+_#XqDsXjR
zzI&EEmB6)u`QBOf)CH~&%zY2p(-62Za8uysz<f6?=WPkx8n`WRdtko5mh+AX+!=Ue
z;I6>kfqMdv4m>9C*udigj}P1%xG(U8z!L*c3OqURl)zI1_XnO9czWO&foBGu6?k^w
zIf3T}o)>t2;01vf23{0+ao{C^mj+%IczNIzfma4z6?k>vHGv1L|3Bk_d;jv-;C`3P
zd?zq-P2fsk?(@r@!GXEYFYEPzx#ubC4S~70DeFyvn*$FE+!DAoa9iN^z#V}{1nvwx
zGH_Sm?!Y~PM+Y7gcx>QtfyW2#4cr%aLg0ykCk37ycuL@@f%^kb3p_pWjKDJk&k8&{
z@SMPN1J4UQKk$OU3j;3-yg2ZZz)J%!3%oq=ioh!auL`_6@S4B_Hu#_MHZX8i;Of9N
zfh&P)0}l>d7q~v~(7+9W8w2y5%DgW$2Obu<C2(utw!rOyI|7dg+!=Ue;I6>kfqMdv
z4m>9C*udigj}P1%xG(U8z!L*c3OqURl)zI1_XnO9czWO&foBGu6?k^wIf3T}o)>t2
z;01vf23{0+ao{C^mj+%IczNIzfma4z6?k>vHGv0g_&;N8U|_!Mo5x;t;F`ddz_oz~
z2d)cTA9!fshQN)1n*uin9u~MIaBJYU!0mxM0*?sX8F*yiuE5=adjgLRJSOniz~cgs
z58NBLFYtuG69Z2QJUQ@`z*7VF2c8yqdf*v>X9k`Xcy{19f#(LE7kGZ)1%Vd^UKDt7
z;3a{V23{6;dEga+R|Z}ccy-`4fj8E*&<Zy-D8U66pOm)Hg054g@_UzDJaejWBb-vY
z$4@uc94p>VOJ&ni=eD`bt*|_&D(-A<Q%v`fN{7jhpLM|n7rm4^w2-$}F|F%sVO=$)
zKdsB0)+G=3AEo<|q?6KmrLSGDIjvWoDtZ26z4EYLmdf~Y`!sDN9;}!?XW6VQKYh;f
zyONV%HyP0$$uC~(9~At2=&iJ^mdZ8dJy5&A+(@EyP~efUJlyw`+Cd)L3eMlf*awev
zwgoQUE6Zs{SKcngQLsGK=G@Lb=<*CvJPNLqdDDGdV%GId^skrq5~ll$#BH*r`-tRW
zy}xr_%KwY~e^acMk23LWXRZ;adsn1a#OeMMmC5}bC*U!k5%^1iA2xH%mFu_o;dC#A
z`N^Pj%{F_s*7~RqeFf)sXhK(B+CGg>@gvH2i1i~CTg)@19|x-(`WMb^ev&=hi*c4c
zb&7EId<k9UKP}G{u*#`dgbOb2Dyd77=Ua-`!SW0>=YGG<dV?aI?{)0A-lz!Y@A6DX
z*Lt~+>?K%bvfXg5+d_1CxDV(}^Y0YjHq*}U!OF|{f{XXdI`df!dHL*Ruq3!au^yIx
zm~=S%ceCdt#l6fU759hbZ;>C){$ci<tH}7He8$UhX6|?UviVZ+<>sF#avvvUGEczy
ze+?Y2=at^_d$FB?d(7PLHp~2~BK=g^Tm_hm3rgM%y|=uNayTpx`wpD%Rc=S`E$@ZA
z3YLfc0_HPj(#=}%Ojf+bJX`VGf$uVZSMfXM1&R*@em3wz^JvBI!`JFQ1yy^Qd8Oi?
z%y&yq_l(KIy<Hb+!H<4f;I9R~K5)8M>e|wOd(gLZ`D3Ipjwy3b#of*0q%)o>TL_fk
z+-`@8@#`<m<M0V$_B*(D9e*ERd1><zTJrBZrGAv>5@{FNKS6%R2kWB!;o<{{N)xnD
zCT)MSd6HgY|H5Cb2<P%2vWGT&+`L@zX;}UmbN0U+JbyLMQ2eL)P_65;!0YKb<y54>
z`M0JwLcg~B4qUp2P)vXAY#lxgR^D3Wg$pet_A&C(r?g8&6U>c@V*`IJ@b!VyF-!ih
zNNcn{PBHb}mgNdk-)$vPDfONFz2cL#ROF$L;NnlE|4ek(;XHfj7dZFJM(C=@Hj1eZ
zV)|kbdS5xe?g-bGWwr!9&7QLrH?~e4;5`4Qaj0^*XF1LP<}}7sCiQ{yTzZz6^=__s
zp?QpADqoE`Tul8c=Dp#q%DP=?rVclmDgO~z!d%6ffu9VVwq2e>q@{YQOx6PzAC={&
zI?Ka6&%QvJvlQtwxK~llop_SsWLV|YnDaPEbBp|Qr9X&A{ET91tF6m*HK9)^&)3>u
z>1@||)@hTA0yBr=*RV|gvlBntUZdw(XS~7(D(-CVP;3pHwo7^0b~x8LjV0y1K-wt#
z8RO|VD?i(qj<Y{2>p$Ke>T@eBPel<fhUh`*UM=X<3(o7BhOTwJt~ev`d{}<Y4dCMS
za$O69=N<EE#gAe6>&&?y2Pzxo>#$Ychb&LMJR9qI@l!o0v71%CQJ!;l!P}JjIo4_W
z9_#cAb;ZwV{}3(stE8o4tMpbhd#L{ouspOgTzp)XKNQ{mMtf*mxNzI<A3P`6L)mct
zA8KE)hdPddwJzEjF80)eQtCUeEA^2))GhUq+x9L!r#^?PdfzoKQM@0Pzs_9zwXFYR
z=<?GJKQS**d^hNym<PzCQ|IL8d?wAYDwDo|bARoRM>=f-=RVqwa=uxfJM^2sulS~U
zsbXq>dG1j@PAMvb^`JBnmVUqDZGoo*PWKhtv#Iism%fJcF_d|Va_Ga|%pBMDF%MTf
z2v%Ok1DwZs3%c^+ITn_O@c`$(?m(A^dZw`_PmMIVXwrjH>N|O+iKl4652t-ce#Qoz
z>--~o-d3Cg%fr}!i(|ARrI)p!Galgl{hejj>lESa|FiXaML2KcDs<K72o<}=9{Lf^
z-&aceqda%WLq68q!0SBcgj8u4>y75T@2B%y<vmcZ?`sdu0_X29^BQ#+p?I7<&GNwc
zJ4c)==XO5RJXY}%SoIkuKb*%T=SKMZ6>qesMIJbh&ol;ZF3;K17}!=XDqXClA|9y7
zc&*6ulHyWWI^(38GMzW=Bjzpei1$<En2nz?1LyS)LARgngpW`>8kV2&1LrYzJi7g-
zm^p5oZ)Tpj3RYgm5=`HadbN<3@iigveX#tDD>(PpEbELbI3Ekxe#+TO<)&kqc!jk0
z&{a;IIk*1?@}V={;JocS;h(7eUXihqnSBiIP&_X1xiD{_m3p<{S*53s2A%`kvm5J`
zr%CZJ^Vy1{%{M8gu^|uq3v}hBubEPF`RQJLuj`LN=TswmKJPlPzie%0Y_n~6j!`_^
ze1am|hCWMWoErE{Sao1r!Fj(MWzQ1%d+e!JgtKRiJvS&`YF;M)m9WaJQH1lpHo-dM
z1kUA5LRZ}$Q@qX0@gyBzR1V_=&gG=>BmWAm>wf(5FlONFdBS>~BAoxv!cVO;HsGxP
z8eL_suQFc?yd>~)^M{Hb1$`B)It*2W^SrdP%A(9Y6w`4^%v_h=N6X(JFP#4;1@9jy
zr%^gwFhG<#(UtdX#UAq*#S6`Rhlb~PE?4}9d9vayu*zg?!1*`j?zD$F>O1x@AHcZ{
zIj&IVBZ|}PVSK^a!)tgLSC84#A`hHByoQI<n5WE(6rYDxw^sS#;uAe6F<vX%mz>Ul
z#q1+LM*mj1Z~e;LvZ249Wxa_q#puHVr+rZRWNDWL{cC~Kdur#sIq2UG{Hpo2b#=de
z;H&hU^<Jl#zK@_fSE-KQv;L6cJ7(^y`pC>ZQwObA=6zPNEik{QOquB1OOyF!^Q(&M
zt6^xXYOSl)%zk%<nSJd#SmpF9P6~WiV1C;d5ABwIn^$GB-=*K?l|Ep7^`AX3pYP*`
z8@0fvDRu--zsWECQEB&BhaU)>es5Nuhc?i0-}(;X!CEL29$}_#7n#4Ncv;{l%s*D#
zRX+0Wsn}#D??Hjn`JuLvc>~UK(avJ>9w6@lusn5&aGopL(B)yArsIY95c#{&<*!$S
zbD5*j<zXKkZx3??oXgZ9EqT7Jc#C<Q{LFil*`Np)Oa@BRwNNH=W;z~;Ikx<_b@r9n
z<_Xe&W?rQDmYM6p@4+gcIS0<=|I;4Mk2t?)UC&BO=Rfi@pTKz=N7=(1ljaurr;6{k
z{;tOPz2@I4&VW@8a}HcwEKo{wh4Rv0X|52@)$3`lke~S{%@t=zR9fwFTFkke0p7p(
zo_G3wnew*E0~hQdO1#E)ZLPSanf;gN=sPHGA9S9hU#+;eneTfYY$orqu-3&Gf%EVA
z@Lh89vRz-ar(GU6A1~5(tdzGyI$ZFjI;Hd-E9Iqp7Rq5hN#B_=r|(ILr%C7jQtB{5
zdEsJWDyICtl045!<Ni|0f#<^VcghAAZrj)GVcy~%QT&__Fn{H3N#FgE&OM&#yFZkv
zd1(vgD3v)<Wx}~%wnLYvU2zxlA&UE%$$P$eg5sB9mD8ni;Czg@6<y^#tjN8Bc-ZIQ
z?BQNPJU>(XshRfwjrmPQ?gPZb{PULiQ^h~RDzisr!ueRt{eJlI@VoeMMR7B8ns)<l
zYi?HDHSj)x4>cdJc&wRnP6_-)bC2S=X6AFAQwMmg`3A*a^JGPS&j`<V74J85PuXLz
zwvqV>&h5s%WcZoeUk<#;{I23}VdWho8(jRn9IM<*M&3^pKd@)4JaGOkJMJ07^Do5>
zJ?HcLNE@4fr&wd&Lh<uv`e<8olj3f$>M%~_!}<R~9AwW3#Ut!tu7!(wffC0m>cD+W
z=h)LL9WIzulrFHRU-3$N`lQ2o-s`o8`<o`%GeI6W@7EmjSQqu575HiMT*YUC{!>`n
z#cm51e=qCv8++bV<o=~xCif=6162OsVC9{pr*LkQ4fGnGI>k+3c_zyP=QiP3i)V~t
zqdimPfs22Xbx8j!N1k!ghTAh$9yqtjiRkilDxPgmzdUem6OP|_Xp`#$b01FDZ-G_M
zY03*1|19g!A3WSwga0wb^uKk)?BmZ^=N_5#|8%6ozqHQ%FK@#tpJOSU=gIf&`Mcs@
z0`r`8Rjd4Uv}CS<Rn82R1Lya@>38PkA0n;Qo|*E%#m)kyW6|Xqp?HElv!uiM{P{HN
zv!%oNH^a%lj`EVUE3M_Kz}10k0#^cWEUwg*Z3`EFD|ugZ4J5819c#W&F}-J$4u3J|
z-GSK$a^5;~v*K>>kg|L@&pC(MbG%}!nd_81r<_rWC&S9iw!#H(f|WY8;OSAk%*?*S
zwF&g=6pw^;a&?L#?~OC3_ZrqI4t==dV0eeJo^U~Bl^V3*X;<9Ge3Ih9u>8~w&fAr?
z<+k#gTzcPaJ`2A&tyj!;)S~ZLt{2W@DV?v%!}@o@Bkoe%$K0lv>Y%*;yACJfk<Pe)
zbKO!MZZH2A<T-fE7X`j7aH^*~UDE2%>&tq=`Mj|aT^{=4AXpyi1LyUoHjz$!;Jl5;
zipe`h@f0(Ccsi`fiu-^bH!o3~Yko&@LEy!K*O+(ETv)B@QVyK1>x%D}HpM#S-xrue
z8vdQ+e<kRz1)j;dkUi-;;9|;o&N}>J;PgFid(!(p^F8a8<#5jOo|*Ng<Fz~-lhg53
zjGm66&inuLT5g}u0;glEJ)0^|_G}q=`@rc~DL?PM_<wBp;hW6$;+F&0>Ny_t?E@cf
z-d5XwY~VDv%U>sbvURvt3+2F<nQ6Cifv*YN7x?DDw+Fr_@B@J#4g7fEH_S^Fn>}Wj
zlhQt=x?LfCxOL{GG;i#rfnd&K`y4%ITShCM7x)76*Hq4>=4%x%5B#;j*O=du{|56k
z#c#q|uev#LKIYzO&$aU3YY+PuoZn+UV$VFqADCw=&NM%($aCtyQ1QoR_O%zy+$Z>|
zd6JlY4?q32()>5Yznb4r6Y(6+0P)|=o6&Sy(78stp80)^{dE0SI{WKJ*7=<S9b(hA
zS1T)=&u!B6f7fAudurr?i+|}s=}>fgj<lyD9nR-h#|6(w^8&?m%}sfkE5=&q^N4F;
z^+m19f%E+ax7x$|-yfJ4DLxI$&+!D#zqj_hJ+$HbX0G+FF!Q}Y4$0)LQ(ic)tJ-r5
zzlpM`d5&WG{S(!Bh<H2e^AsCkl~b>B;Cwzd%AN&^7uqva9youFGu}GKAUKb!TdX%q
zhqM1a>rK+(yso9_s@tLJ>-Piy(|-0pIQQ>*o)2lCL9psSOdh!SRE?pOe)GX)?qE-g
zbU2?kHlf>dwE1|&W6e`k{uj;XDvmPuOXvTbk(asmDs!LWwPx;by~*6KI0;rgTU7@*
zZ_5;W*p`RP%=vsL4u6~ca6Tu0#vc5?wx?YlIR8(&^d44qn<>xlga2dmYQ;~?A8O)A
zzn!afb*LOTkEPA^8r!&yVy$_V;?Cv<#q=Il9=_9a0J_Q<p>p8dzo(<i^998-%>&hL
z>GyJ_UoP!Z>($b~Zl-M~m@DF2%nvHw1#4ZMS{Iz#^FDiMpGVCcE7SiVlYgZA>3@*b
z3zS|6{x@KGx}?LoJ(t=uSaqOIYzyV@Zyu(2pqXPI&+#0kc$k_0GsbiD;}qM>zf$Bm
z`b5PGVb!5qb%2YB<#_(OJvS&`XXgD`x~8hUcT0O5U3q(y7cMxFQF`7w#~?WWkCOC%
zQRN>a9nOB<H&P$AWn);LvGTw<FR$UD9riOHtk`Vk*v)f1t%`@5k5}Y5`rV30oB58#
zrRF}xYhbN+oYo8Hu{6{Ac<FGSTmFcyGWj2;ADEv~9n$|fRXM%#!`Z)qUZeaz>2NNe
zdgtxh%bp4H!1=s%KYLmfkFaN=JaF+@+2-keoZIJ1_S04u**{5sxcE)!pKH%ciu3GI
z_Qd&rD*f8}6zOn&-#1FnD|eK~|0@IYxi)&c;$eYX1E=GNJcZ`hHP+$vw2&9x+<cVc
zK7pG99~St0m=C*@Zm>Q>@#etk_nK5b`aMB^AaINFQ;v4O0dT%2VK}<-o~y|G2y_0G
zuDy%-?*3`$%3Gxf=X*QZH}GGr$hgmZy_xf=+s$_?-f5nsGShjK%B+@_&ZD}@ZJcG#
z(~3`;r^x?|`KO9=&Hd7UZeF4I3am0~%=~XW(ra4KE9SiIZ=tLH<bBVcT650(|Li$}
z>bXykRoo6%nVfIH`Tr_PN@X%m8qAz4rOzL=u5se@d7_MU$_wZJtH^8AhkoQUY?yH}
zDe#@J^42RaoVSJZA^f%Sb1sEvs622!k4>K^%JY4B9=E4K9yo9BbJiQB!-e(@(#zJH
z%=v#EE=E_GTt<7#JV52YYk#x+aK4xO&(=A|fb(x_uR>QjRm#hLlD9pbcWGN%<cITh
zo5A+%r^tC2{$Yx{!Sc7t59jh5?Kwg*eO@3B;~ma(QKvoKiu3_x@_S>PBT{C&{BV9h
z!Z{y$hjcj4A!%RGV6SMK(z&|%pYm1A>73kL#kQL_3Cws!U#*z#ixV>jx3_+|BK=q4
zB;A~k-Skr~GwtK@u<yh9ygj|oQkmnVos3@|_Hj6$w|An;vw>D|zWHLs3(d4$+TWG8
zS{j^>YiS=>UfLnOKaz)i6VCPgkvP}$XRthMH=NHuUk;x1{z#r$X>dOO{DVEb_xS*p
zhkX++)=}puZL6hnS9#xBn%~4{NK4yp{+m7Y)qyGt|51wl<|h@?J|g`k@jUDB_KXMV
zw<)&4LnSJmYo`5s?U}5YK4X#}zBTBB<fEKA#huN4di?-cWzt7*-uDl&hyFame5&GE
z<}WFxzEfWM2+m`kzGPjODqaE0Lm$EUJ|)f%@T7X$LmzSNGT#d~)1KcbGIvuBeFW$C
zVsp`5PMWLbp^xBv&hUmkyq8V=C{LX^d)8I6Qa*DaoX<l(Z=HD$&i*tHYrVsy9gRm!
ze=$c>4*L+C%Q@3}qjWg8a~HbuKCjqgp09W*ta8}r;9Sm4)|;inSx<Ag{LF!A4nIaO
zD$T*K@~0`L`Bt75>2U5Z-s|GoLF3^aSRUp&IM4Hcv}d9`%&~Zw>)_lb8|yXncIj}w
zPizpn%4dGv!k!L!;D4KY<!O?(yFDZ1f%AQR=`&n;7&EPS#QeVI>E<zt7s9Foa}1pC
zF-!M*NFOO3&i9zHot0h7dF)s-`$8J$Q_6cV&kOpMu=Se)-(wH^!uQMy<+T@;Pnl`n
z_PQ90tQTFE$WxgoDDDz?ufPWcX3S9s{6_?C3%n`i%Tr7F=3NvS-{`uWTV9tI>u<mw
z*7sFpjN)O8A80;Ik+Fr|B%SAQmm&*1UXca<mLdzRzx0_9{D}Br>j$ZvADCOjPnhQ^
zJ{9;S^D@O>22T63%G_9aKeP_lXklHOD-JR<-|DvGq_bZhfPXiE(&_Ns<^Kt}&8(qS
z*3J6k=<*L#q<-1IiTO;$G_T6fzQ3#WIf{Fk_fy;_=m)_nlQ972^NJR9l|$Ym1E*uF
z{ERU;pEHcaBfUluE;yJgjnYCnGZmSi@i522`FkZ7qsud2@fuj3T65m7Z?fkO#fkO|
zHW%w_XHxo(7Rq^0@jh7P)R_xz;!t{43wpgd*I^vG3aF9o0eJVaU()^}rp*US!lP58
za(^)&XPs+!z2+Mg?>7HP@jf%<&j|Wog3hfQxelKN-cWh6zLo1q^RoTutK?;$q0aOp
zT=3>h=|C+x@6oV4^c|er_CkBcE3)99p?JOd8;UoY*JxdnV3k8(!?~O^K9%<=X=y(a
z4^%Z?$1mnw=AFRrnm;Gca`PI+KL=jl?NBIInP)0;K17+@D{gIOKA~^W?^om=N_eUw
z^96Ng?7{i^)$riy2z<Kzj6*p4&#_M1!&$!!-RnyC2a5Zo-DaJ#83%ZNuJ~l&-@>X}
zoyvsSR?-r5`QKOk6D$wo7A|O5C7xF_@w0#L7MOZhm^_u>f=*Z3P7D5_igo5a6nBAX
zFr_pXP1QW1r=!r#={!n&nDlF{!)b1`zS26^SJJV=`hN0J4u0m`%oEKgtylIFI{a(v
zBgE;NfOL4M7Cgf?)aSfruBoJJt<v|_j+(Bun)#hE{7uqd51j7Rk<Pt2T%*jM5oWG=
zrvL3F54_kqpP{AC)W|F5S|oY-d~8tQbgfT1pN}1Cy;bo}Gxs*8&%fk3Ky9^;7RrH7
zfYlc&en7f!LHbB-<HPpAKMee2;B?=D{VxXnmB6nBekbrB0&|Uw`mnBaea!sNps%Ob
zvWNH6nLi(Ro4`8;-aYWXfe#FPSm2`q9~bzPz&m>EH7cg#l<NFdF`u=kx+!u#2cN4r
z(%h%`MKj0t9`iJ9>sQSD{>pgsEb&d|IpS}b=ZWt$^Lr}kd`#<FB!0kpv&QvISpCaf
z4d?fav+beHpSOqI7B22lMx|eCq5g;H>6_+H6qlNpXkG7{-xa61RQ`?RUu}J*^mX){
za#o8sFb~jr@u63Vw}4g88s&p?J<~NJd8lVPSCof&70&f!Kc^f#C%PQwAvmAUr#V(0
z?teMk{;L(!9IG-1%b(`hqa`YR*&aUoy%LtEPCA@FSGwLF=24Ep)M1k1H_ZKtJV(D%
z@pdzxLGc`&<3&1liyJgQJc6!u)oWdFe&3hob9vatPo0-(nYZPXQzt#$FRHxEw{ZSV
zfUWG|y>+_gBmYqOhoZ~hAU~Xst@~SNY{U6I*Kq4i(&5|=>HUbxX_gLWe~<mcq{F%V
zuUl`C4(IF1v(Z&I?)m(&xl#3e30C>7^22$%_{<gmn~ICg`^&!+mcLDYIM-*D^>*oS
zuFvLbcgkVT-wsyZ4td~WV;Plp4xZ+~N7~Q64rl*y!9%%}Pv7ym9ej~ukD22I&(X&!
zUShslk>}`qW_P8T--DbCtDc=&FI?QJL7_Cq`bcyB4CNQryQIVU`qI1TD*r>p4OI`y
z?3M@4dDG`^@=(w1>|x%5b2+?5Ic(!m=HnFG%pAXXj;B-c1T)9LlgxN{4bLdWv&`JH
z*<)@~`D4siC|+jnkp4|r^&hRe!MWcbus%jQob_4O$4ZCuc;NR5DQBE?IFC>2m$&g#
zGxvd}`&d+G{y#AHed6IWxAb|Om}7DJ-hs*-uQK6$-gTP&XDg0^<>{3N&ex98XK*Tq
zwoRYA$<rqfoUa}6IUMWdbGKVyc_zpM=k1+leWG+YZ*TgXPX0;K)8};MP#W+QewF#U
zBA?Sy=45%`Jg>fF&l#%QtM*Kh2hQccXI(`Nfb+KVJ9U)L=Y|8dP=3EWaK4tZ3A#L6
zDAw3BO&&O3OWE2UKKI+rp6T+y`C1C+I+Q~jwwTXQJO$QzXUGrd>nG>gbGhPZduGZ5
z=W8k7u!l0a|C4fN$ph!l-O_zTTJIETUGh<f3l+Oz`De=y=P|~8Jm_<z!^L2MQo6rL
z`do9qPF~UT%6H56({<)yis^l~bU3~DH*aJQ@69(c*D7viu2<Xz-m@G8a8X^(fe)bT
zf;8{BR+(#L<N6^we7Jdp;xscKDKeMgxl=LSdtm+n`d%_9rTYh@^Lw=Eo&oba&WoPT
zrL8k(Q6~Cd18+UB)VEh`c0CVOJlM=V??=O0udsZ7T2`UFpHpRykltxel{xQ^UFcr#
zczdc9;r#h&U+{d>{C&k+VXe2uoPWE6YYmjiz5jX}mOS(=T<~Fz(qmf4OMk(|fKpHI
ze_fwBc*ILo&a3thR)q6DyTqPl^8DVOIz>2thP47+<*ZixhnaJ?^uAa+eLYAE^{LnE
zaK6S{i!M*AVmfD&XQ({soK5>Y>0sw=Fz5AhjgK-LrNem+N#}1W^ZU}yv!_WOIInj!
zx;&E=$J;~y!}&9~o2?I%4(HF{?zP?`9nNzm>!VD@@PFIWDi56N_KNj3>2S{bF1qq=
zpl(X%Y}&4NdEnwUJt%FY*YNNeC7->q?H$tL;)c@0Yj_yv>Hj5(`=oKb7e8Ya&g;F#
zI^!44^-Q0YDDM(!oP$y(|1XH^%ak)xemIYlsrG!J^*(A(mppJT^HuBJ(&2(eRbm~v
z&gmX1t&8`+|FFMD9ylMrHq~p?VYGBOA0yJaney%@EuEXmGe(|tZsv3KbZ#ck-{slM
z<&2dF&h<RP`Z(!uE<b&rQF(i%jk0IFJa9e+jYgMe?YWui&?^t;Y55p5&K}Oi_+Aj(
z(kBm`k3r0RxlQgf&sO{qEdK=g;d~5w!5;ekC3_~y1LtGV#skZ|lcdANwgRO=)+d|u
z@nTCoujqp1V8wbf*K*P^Li(ZNIp~dLKYnJ<u6oMnIOM%haju!qjX#9t*DA~ZaV8J%
zC(?a=<{jyG^B|YGwc_?>=7)4mNuGnm!_ie{l{xnp`w!)utazF|)#f}uGmi7RzHCp8
zBAmzDP4;l?y33x5BAnlI>5#d$oQKW4Xa7OqAHk|;ts<P~qS?XoygjrzoX6y1>vf87
z)<3dN|G-(_#O+L5!CBwYdV_R0>+R@jtFsly*wZKvoZIsXdw!<aYfqCraGnPy*t3oL
z@K$@8<$?3M9<@G9I-K{N$I(@XXB3~br$rt(?>oGPhx;I2v8PoYIPW{mzqwD}Hm_Fv
z7*_kY$q(m!hf@~(J1eHo<K$uNz<J;4)bmPz*>B7j@GuRyADU+=UO@TMxfgCUWtv|w
zf4rftqncNXcV|D9hjMNV{8jB7=%30n(R_#EW1Is^AE5I?zBiS5Cq0L^RykLhxjx7B
zM|935JI$=?^8e4;9l*s_)qDRRIHVL<sAQy6<B<#tPjeJ?G_*-kQAtrz$w)bhiiL_t
zG_G=QXlRsFSX5NhrJ|(5qAnE`6)7bZ6%{wBOGQORMO_}FqM~|!-@VsjKCV0G^}nyz
z^Iyf;?^*NP-&uRlp1t?%8BpG9gSDo=U#c4Qe-i!-{3ZBN_}lPf@K4}h!T$~a5&j#T
zXXEhWIT(H#{0#V6@G<ZU;1l7DEwl3V{GR8m@0#ki`n5l}2-dzs{d)c{bN-aoU+sLS
zO<yV7`n0DgvcDd+-_>;6^d4tzC-=)%Z^Mf0uT6arHLCOL;VaJHu<4xhP4@KZwraj(
z({DN7YTK7?tN$^ZE;?(QTyfTOy(Zfjift<U>m+}0HGi?`pPZ*{c@NgMZS~qW%6^}4
zi26tD$EMM_oYj<CjqLZaNmrxCJyEurGOLmOK30ck^=rQ;`|}fBXH$RD`enZli9XA)
z{tD}t{r=~*svn8Jdl>D1tftaxqWzD%KJzwLqra^?CR<IF)yRH5MEfGk`K<MQ+STiC
z?mp`3wQrRDdibWVv8nb=%B;2;*{_EcSEKc?>1woZl>PEX*X3+p?Hi-(a&>m6HGPjt
znHlFItw3wnyZ%~dzkZ_YW>#Nk{n2$ZtyF8#dEJPebJ?=!do#+^wlDkZQA6stnpLaO
zch}@On|@rj`Ub0){rizmxf=Z~;m^66Myrwi`;muT%^Pe#x8SVb$&StmEq{;ouc_bi
z^;(nt>uAH(YrXx`)#!C9`|nmAjQwY^Y&k7fBm3`Gm7?ak&Kl1dvema*z3d<N99N^q
zy~5SBS&i(!D|Iz$T3t=M)yV#PP|-Cy%kQxM=sfUm@pGZ`NUd9qVaUzfX*IGxH+ZkB
z`H)Q~TuqnN$bQ@Vw5$1|O&@kO+ULlA+tYcV9!txz%XU;+-X5!w{kHUc*WYXXvfq}@
zaQ%JOFZ;1Yf1_i>-ZNQWbS=&@`>jSUvi*(P&2HWSXZ@bJ+N;$+V&4I`X|MBuP2VM3
z&Y;!E{&oF+S5si)|Cp;8vKrZsbJq0_Tfgl4qu=kgOnbQa_q*L|>X)jw&LeHC>u%mr
ztC5R789zsVcKu`4FZ=N%Y#z;9Y~zW3AI<W|twt`=&cj;tyJ;iwIzQIcYd>5iTm6L9
z$bNmE;A(ES=_#&e(rRS?xY2j=Ewj`f_d-`QWi_&Y->U0_%AdA=*}rd%t_|9}`>n6t
z)y!Cp?9Z=yT>q@~%YMJquYQ|X+s}KPbsjS2{0W;zzZ-5fKQ>3#_iPMvmJ?mybMH^}
z-;&VS=B;1$?`@Uk^AB}?hNjLspNT$~w0vEw({(`A>-+V4oG-R%^m(QACvBY3_xbIy
z7VNQPzYa65zS3$gkgaCXYGl97MBnGP{w3>|{d?8dx%y@6m;L(D`26_4?yS$bqR%%+
z?3#f2yRJWFkE_qa^tdaQBm3jvFJ1qt^~?S>zOH`DImh;~`fN<|u33%jmn&iSspeG6
ze~N51>sBNC<$9j$->`n!pL_3Bzvi`R^tq?ayJ<DD-!}AjVN`RKO{3rMwwf)giGIIZ
z2TE&~yBeKyUhmvv(>rCW-?kdrpL@UE)r{J7*wrK~O7`d8XWH^;-U92Fi=G`lRN{Qs
zUugZZf8QFtH+-M%TdeF{`zbZo+w=<OW}DvNtk>6To%?KRZ{4GM^^d|Ig-e|+Ht`H+
zy_ME`R6W+1O`qfZ37bCG`AVCfET52P|Hdx5Cu01aF`HM98=Zfe_n7zDk224<X>>km
z^V)7GvY+=ZSEG5O&wQ<3=cL*{YTo;7dW@_SE^EpyeSab`W79g>^<RqqR#?{$ef@vH
z+VA-OGTCx8Hn~V|o~-GqQq5kQ>b<(Gv7PSRWYaTY-Byj(+f~lGW_h!0`SvtNF47m4
ztaaLt>c3#qdt|FAcJ}Yh^}MQP#-`EwF%OyFqJFC{arWQWiasB=nh#n3h^x_aF8l9m
zX&Wl7j@ResoHe!?XN}=I@(1GI{rn;Ne~bRV!Dm^VGBuv_oV7l0mMy2trnkYbb2WOb
zk2-4%pFscB`EjP6lQ!9MI&2z!?rGjON9RuVxaC&!>|Jqv(i~l<vYIj*#Glk}{+mss
z&-l#8Tfct4PW_8EP0N;}brpRE=lY}Hm2-}c`_9qt$~nIdId6vF0Y|?d=jtCs|3h%}
zyK=7P^XPvB{sw%kjaB2XvgvWo?RNhK&M&j+#qc%G9X7qmdBmo=t(=Ul`)=oZZ2B7X
z-|Kw8O`~nn)j#0+bv<d&Svl`=9<gb3eaY49wjN8{r%fVv+L)tj5!Uf3>-(hZ*SVQ)
zN6(Q>7o9h3svq_1I~V$qi)|Wx56Yg$3cFt}`ZxQ>T6B%bYA&&x7uk>M^)kN<*7YOx
z-)hr+&bn@-2=(hb40pr&KAiezZTdm@>(1Y`={&6KJgV0@WAr}DtZO{~<@$BKM7LF=
zu|?N*Y*{L8{IXw`=z62|>v@;`@$m$+=Do?LFLHi~P0w&1wETM6=1pmxnEkw(NAnI_
z&0WrS+w|X@N3H)p+2*abd1e1Sz4!VWo4(KaBUb;Q^FucMi1UQ?Ps)~)wj9}yA$mV$
zW6*o6=vtF`%IbAnW1BIrJL`SbADp*rnzt*i`Gxrq=R<88U2nH}pJ&!><>*@b;m+!h
zuDx5oeqXiB^?%2FvU811Pj%LQL+`UR{u&#<?9YK~T}{$z>YXpK=|#@k7d6W^Z^q`8
z{W{$5YP8?F-C5VUyPfZ`>1&*o(=S_2t>wr*=e@4K&iZBF|1tG{Al@HF@43wS9N`i5
zTTZ>z%f4QJ)6m!J?{mpNwdwC=t8cJ+**|xO*qBtK@xH`azjqvc7sBcrtzIrV)Se(~
z(RU%NUi;oFUA?UDLnvRzQrRCXqvQUlozq#r_CclQUs_bO&pF9nG}b<Y{%P6zEh7GY
ztgF{~n4dS=S6GdXJLjw4tmDxQuBOlOqiZ!buN+;IasB{mqU*h`{~PF!UdyguuV3Yt
zSbp?-ovy!1{m#wsE$}^X^qR8z3F~{r^=mzR173g^VSRtdFMD(hwH(c>^FQ?;W7DMb
zob^Y?6zkt>ebHyiHvUrQqC*YV&axlPtH;zfB<t7`ougX4j@`09XTIIl=(y1Z-y>VS
zj^ncb4t#VRu}nRmwz)+4@(1DQ9M9%WTA%Fa{gSI$wdpMUP5Aq=&0Aqp+0XkcS97pE
zpV6_##vnhA{^<P2=GFdL_VcPv>*08t>OGM1wXc@lN8E`+UCj|TJ=|IKyJf4_{#h>i
zoc&|%`Rcb!J)d@oKk}J2)o0J@*Y<m^^SxGcwQM=sSIb2@VYC*VgIT}!y>ijhqwe^3
zNUgudZoW?a2V01>ce|X7bJ5-Ewd1wxuXQfc$%eH@T)*}|a?zWk?&v$%8jrS-@2mf<
zasP&^*ZxG-I#T<S`fa)LY#0UhBkK~Vh9&FuSRq@c_APRe4!G7%asAqd$VG?SKi1B2
z{mst)vCdP!%WQPM(x%b({j6W#xw}FA_E;@8uUw=ZkF`5pf2(uR+oJAhe9F}8H2MtM
zc~JFc9TTJDre(I-EVAEzG>>Y2Y}4raq<Pi+dG%X;yVc7@({5$i?L4bdE3hAL?bp1E
zVeNx_zh2MYdaZhw!%4UT)^_jfwS9YQ+x6D==dEqdTicm;2Cjv*4fz^vH{RM-y!G6B
z>-qLR$6RVBnfl&@=JkHHd~&?r9!39;;Z-<#zvFWLfc`5j!e_R?(R*sEzu0PbtKJ?<
z&xu_0T>HnG)|=+lXE<lbR-@-iE*iCeti9ZRRP!gB>OH4w^c>1QXTSQb=BGBj(|OIN
zJ<eaZ>5y#m>N%JF^%k2gns>vdld{!lTaf)RJ=!-~f0^|~`$jjmzpCB>USZ3v>ld0=
z+l%byjrL<!(`tP+t|n<UvR_7B%2ZB+O{3$l<y2UW?62GCcwhP;J}W;ZURN5o`nPQQ
zR^_N>mmMSEZ#gg8^fBj*)%;bq9IelP(QC@A)-793uTAfE{RP(lfa|}&=KYZKh34qk
zYW3~rqwL3z^B8CKN8j0SHOHYp`u>LNKL!1#!)L<L_cvU<#-YbjzQ*C*2sgo3!Pmma
z*s^KflWiIu>&-7TSGj)WXPnQm=~>Q6>(}c}^S0VF+E#5HY8#V_uCsrv?Xw?0wl3Lf
zw2jF{dO&ME_M;lDr#Csj&!%setzO%n>@(l1eyi8IjNT_&jkZ16@6V@PO{G1pUxvRS
zTYb`|a*+mO?K}44$N8A^A8o4FlIpch%0)V9v9@JDs;{y!{KNSOd#vcVZ~bza{b=4w
zyI=NyBk|elw;GMjPIIFgt#8?nKRPe9n%k{U$9UDt&9Y^ttX?kaFj&)TOf}Uu9$l)I
z@3(26vpxsYZS}w1rUTADvgweszW?<eXT63-oOQe!ch>9Zld_GW+8$T-{|&e)SMwd4
z>N^&yNn4FvWUp~G&95>1$TENKe2_U|KdRR;LH6g0I#*JE#=2#H&Z)N$$|<+$5%4pe
zwcRFVo43~HmHoOs*45~{W_#c|=L>Cmf$z7RYh=r*vmDv~H-Oq)jUMX`XYDiYldZnq
z>Sh1m@rlj>+_De5ng*+pi?(fLSQ}NptNDzp(d$eudR<f!|2;#i(f2YQcJ&wA7<60n
z>UIBhXPvkF(D~)o|6AvM=1u3n+Vs!Pr`basWcO+OP0oJ36|3L!Rdbm0jW$)wvwpP#
z`|&P>wV(C<+DCZn<>y@nUtuo&aD1I9I$o#a^%Gr#vi=|2{oism^7r5+_$X(+ezh$s
z^9-B5$XWAhzvdt70@)r*%OMwO<Fck>xoR{nJs+~>ZI-QG%PJR@#`W6$`OH^2Yaer~
zv*wMC*DmLN*MFr=2b^^pIV@Yg)}QQ;t?yUA%{yh&&pYe*Jmb7<)33@luhzHh&lStn
z|B?87WYqbuHjUmBof@y_4cEVI(?7$9$yTHFBl~Sb&z&-pHa%9h8m$xAe}=1loNAPr
zk*!9{CHv2hqV;e68gsP%<Ke{X-{#e3cDem%UTr(FKcBfu{Z_MSQ@!O-jm9PW&xzil
zeye$(P2VkBjn;?k&o^|RYV_Uj3E66r&i*@EpH{!sXj!87nC2z(chzt8+TLWpAN!5#
zue7P`KO554QmUQ3wI|6Rwf8tSt&zv$zu$g~^N>w@;C^__`4cwPPw9)|%!ggSt~0GU
z|IMaPvAdODsxljdyxXQ_aCDu``X9Hx=-QWM>Un>YUi;SnMVr1Aem6V<KL~#uo`gRO
zAL+*Vfb~7sIb+ioIPbS<wQS?jHYWS`O=qd!#x`X0M%#(G*ZN-W`Uh+pJ@3~4kU4rD
zEvMMINGrhFoc$<A-#v`>Gv?n~-%niss!jh}wt2O!%KmQ_{nPbp`;`4_<VjfPWwOny
z?Nj!zk)*59b-R>vfepz{i=*-Az05hX&8zKJF476IHJwANKk4ir_j2{y_%&~ftEsRW
zx#%<YkF^fhU+G+=VrzH0{wimm*`t2Te3MP1a}0ajl-0;S^Ifh+$LKNHYV=&mK0i8_
zu>Q35N9PiDpW2k0_p3IYk*!9r3EAg=-}Ps#U-n~LR=<r++w+>MskIu}&%1$|zq*<_
ztC4+8be+NF=vutSP;WJI(a{EL73#N|8*Tc0_(a+28>~k5+eUO=Vf~HPFZ=!ZtKGbx
zvuSkxU^Puv6P-Uy*r2R^KsDCi?Cj_LqU&$5e%Y^wS@ql4Dr{StcOEr=+j+yL(fb$6
zY_)l1zb{>OHRD$QOWA7LtVZ^aTWI&Gzuo#}zmJX14eW7`w!Y}Px^wjY$m%<+UiSN2
z)oGlcwCVGmbshZ-+3Gv3UiSOa=vunfYo8Xq-?5r5tC9VFRp(^N)HU^6oWEi<(RFp}
z|BUtB?fR!}8tory;`Q8ab)~j*(9PGvpMqDMe`V9?I-Z;NIW~`<_l2;|?S20<-MmNJ
z^f>1i+4P07<rFykbB~iyqt}VgIm7uro1P`xyoJtwJ=D7zt@BHqwOw82tYJsTO<P`V
z1N+b)ou62LpY;v6{<quot<ERdywSeYLW-?V_WMse97f|Qv8n9$Zxiab%qg2b;=F3p
zAIg@aeWvWUC9Pl8+aWdnKBv``S>K;j^N4j?i}trx6J0B{F28<sZ1aAev#zf`-&xD0
zmZuHOn%29wmd9Jm;H}5@*8bPK0<MHpa5b!bnV&ZU*TH)3d`%;)=g;@Iz<U0Ce>>a(
zcfsATF_AZ^f9<twKY7~NtwqbOgQT@+**_CIX_LIE*wOOpWXW2zyq}Amwn^USV`t>)
z*wHfT3lG*B>?iMw5u^QG-j`yxsDCDQoBZY2(Xu=oJ6aZPMAmxjCvR4Yx7R$q*sTrN
zPo7SGtqs{v-lGu{Bl2AAG5Kq;C*-fk*5c)TBle6uA6v8KeKYogtP=!lOZJoZ?TCpL
zS$A4nv!6Vj{9D_wpFEuyTHCUpJiT#Ivu!eOF=nCspRr5i@5k18Lf&Jsld>MrTBZDh
z*eO{rAZuy)zhY<P<=A!dk775-KaSlb|0H&cyb`-j{%PzE`Dd}a<e$gxkym5)$-js_
zApbJ<kgON9wGmk>#@d+t>(~?WZ(>i$I_a`DBd^DvlYbX`LH>R0C0Qq8)>dS#Y-?-s
z|B1aJKOTEa{zGh?1LtkVE|mWmyF}K`#+ptI^YmuOT2j^%XsuHIOYD^V*Vt+KZ?QA-
zc5Gc|$oqTj2KgVcn`G_GthLDYKQ&!v$jgh}A?L^Ll6S@Kk@dl*wLV!Vo7M*8gJKWK
zx<F-ZL@tayCO<j$gse9Q)}~~4GBG3T%N5q<<U?XF$T~^3wj@6-_KI8*drj6s(%Oc6
zSnMrXAAG6pGDmMl;&X|-r^o#z>OUfOnf#2{Nx3X`rTom;Df!6QY5Azw8M!>RuA}BX
zD|Umd3v$+U-6T&3aBD4cGIpDMbnFgU2O4W#@-eY{<cipR@^fPk$j8PWl64@mHX>KX
z9+QuYJt6A=Wo=4+LF^g1D)yYL1DUl2c~9&mStlLVR^(LdHF<CB4Os_nYg_V(v32mv
z(@Bc8LfJlJQY(>9j;-$;<k@v0wWOSmT`B7TZ7n6A7CSB5xtUr<wqv(%{#a9N9sXET
zCc9%zh3t+sDS68Nu~uV0dG1(KC%a=!bbNHjniloDV@-4%bjO-5^}AzDuk4OB1M-ah
zV{O=e{IO<CeptQnXCirz#GbK<Ki24w;Ey#+vOCtS%I;Vb?epiX!<u#h{#c`zpFh@U
z)Az?3ZFc@xqo>>-YqYxkv8Gmb$C?ItA&QT#3HxJBoBG|crc-vunjYC5Yx-q(tQnHs
zv1U|u$C?RQ3ukRwcE_4I*&S;ZWp}Juk(cB8b=e(jwq$p#(R*5dtSOOK;(EPT^v9Y?
z`Dbx|wfytg8CfgXTD|O!HBGWR*0jp*Skoc9V@<d0jx~L<JJt-!?pQM-yJO9`?2a|j
z{?Hw3^xn!JYodLio@8r!-{g-q(SFYzYc|#Ik2QMTxnqs4srqA0ne2`=de7#MH7R*3
z&aaW(v8GOT#~Qu&@yD7LSsR))y$|xonl9NLYkFmOtQnB)e`>?BJJv+|C3mdRwHkk{
ziS|YASTnDFcdUu_Kkitws(yE@iS{|#*sX1=-yLhB{fs--lonXOJJv+|mg2a+O8xFw
z6YWpjv8Go2?pV_xyJJnW?2a{UvOCsv%I;XxBkKicP2ack$C@G89cxBqcdXI()%>w$
zT6V{pIoTa+^t~m2tXYxWv1VO%$C@qK9cv1nWOm0I{auy3WIP`IcMklqrc!pt8vU&m
zf2_&K?pRYVyJJn0?2a|9vOCsv$dz$^x9pBJeX={&49f0UGa_rpV{Ke^$C@eG9cyM~
zcdS{E-LYm_cE_4E*&S;(Wq+(W$Xp%g7t8KgQzpA(O@-`^H7VI0YieY7tf`aTv8GXW
z$C?(|9c%PAOx)%i{de-bd(l52+v`(p7}kH!&i7Bsw(Y9T!1M4DyeixCt+oMg!}?ob
zzNQpT!c}luw)Lo13+wLz`Tl0O4eo?{WE+QCKRg7F!utJEUq21c!TR08Jo`~wf%Q9e
zzF)sH?5*E}@-BhPVf}tfp8cp*!x^|9Zh~9k4!9fcg9qUecpRRBXW<2S8D4`o;lz`(
z%T)}Q!4+@{u7T^|Mz{rThr8fjcmN)T$7K6an}lcJd3Xt4g*W7<#5vn=q4oLxQaA}$
z!D+Y_Zh)KNHn<b+f&1YhxhNjzsH~GyYZLG^JO?krEATqJ1sB-k`1}&M9Ik|`;S5|4
zH^HrN2iy(!!GrJ!JPuF6v+x4E46nhPur3z*WiN)y;0ibe*T8jfBisVF!(DJMJOB^F
zWAG$A1JA=t@G86kZ^MO$WY<F}oP?|3G+YZez|C+Q+zI!<{qPVx3Qxe(@Ep7dufXf@
z7F_Vu?6Q}@<!~ij4QJqbxCw5BJK%1(4<3X^;Bj~go`o0SWq1wVgcDE8E_*Rt23No-
zxCX9+8{rnX9qxjA;Q@FU9)l<08F(IEf>+@UcpEM($*zY|I0;w5X}A_{fSchqxD)Py
z`{5yY6rO;m;W>B_UV+!)Ex6#&?6Q}@<!~ij4QJqbxCw5BJK%1(4<3X^;Bj~go`o0S
zWq1wVg!RRdo&7&t23No-xCX9+8{rnX9qxjA;Q@FU9)l<08F(IEf>+@UcpEM}Ji8uB
z;UruIr{P+-0d9ud;7+&)?uUoqQFsELhUef#cm-aEx8Q=(?6Q}@<!~ij4QJqbxCw5R
z?RcZs0e8!`FIMY=2jLNT9G-$_;RV_DYii5z8oUW7o}R5QhRfgz+4dJ|DYyo%gB#%%
zxE=0-d*K0i7#@Qs;Td=yUV>NQ4cT7*YTIz(5!wDyI0;w5X}A_{fSchqxD)Py`{5yY
z6rO;m;W>B_UV+!)Ex6zr*<~+*%i&768qUD=a1-1Lcfj3nA3O+;z~k@~JPR+t%kUb!
z3G0JozdaPgWpD+Yf@|P9xDjrF+u<&_7ao9z;W2m;o`L7#C3qFyfVbhoXJ*$!DV&6>
z;51wdH^9ws8{7%^!2R$LJPJ?1)9@U;2(Q5F@D^NfWOmt0;BvSUu7)#kJ=_Gh!X0oo
z+y@WBBk(vp1<%3@@G`sxZ^DVAvddm9+c|++nQX^MwF)=|*T8jfBisVF%XaKh>w<gX
z0eBc5gD2q`cphGYSK$rW_WNqvaAA42zZ6cwRd5=vg&W{zxDD=vdt}=etM$V}@F+Y1
zPs4NYBD?~x!&`8{v$A6-fy?1axEjvD^|I|-)tY46zo@ms9dI|?2M@v{@HjjL&%z7v
zGQ0+F!uq2sew@W{8C(IU;2O9NZiHLlcG>njYF%(IJOB^FWAG$A1JA=t@G86kZ^MPp
z$&RfQPQq1i8m@&K;AXfD?u2{bes~BTg(u)?+4f~>bMPX(0<X*VnpfL`3zFIX61ZHp
z*NIwXGV5wM1J}b%vTbK-t;wuA;BL4N9+d65Q5#8SJq}O7v+x4EEZcIbttGSGgcC<+
z`-|Z+xB^beHosa8Tn9J8EpR*B1^2=O@Gv|EPr@_sylg*eOYkbZ0dLE@<N89IdY8gU
zxJo`Iu1~|Ya0A>7x51ro58MwA!K3g5JPpsmi|`7(4sXE)woHDxO5k$160Vjj;`NY$
z>)|H274Cq$;XZf}9+96LKh`)r1<%3@@UnbtJntI33G0_*d`&T2CO<Epw*pSVHE<o=
z2)DrPa%G&^1^2=O@Gv|EPr@_sJiG+2!W-~5TxjdqkF69=!c}k@u7w-mX1ERRl#h$o
zLl4{!55c4G1UwDT!He(;ybf={1-6a&@sz;ja3x$VKR+IS2Cj#j;8wUpenC8MH{1sg
z!XxlFJO$6f3-B_$25-U%+s6HPis3T3DjsJAoPulMI=B&Tf!pCOxK}<teyjm_7#@Qs
z;Td=yUV>NQ4R{+awAZB{Ln)kutK>cLIMZ+~+yFPjZEz>t1NX}>jPr-!QFsELhUef#
zcm-aEx8zj(SOxZ4^e%zR;Yzq#-W$)Gf$QNWxE1bzyWu`~5FUZY<rCt^oq}iK1$bFL
zF|J>OH(~w95Av$xnqs&Nu8>cPYf^9xTn9J8EpR*BC7&E;_QC`3FgylN!ZYx^d`g_T
z1h2vy@HSj%`y@YaDV&tkab^{qhHK?h<C+Gz8E%6+;U2gj9)d^Z)8hOIcp9FA7vU9n
z9o~WqY(JOxqBy?<E{7}OYB&Se!%cEcoY@L@z}@ocaZMjQ2#?5T#5Lpa6g(@xIIdZM
zm*F*d6V`u_+s|7pXX2bPxB^bWHE<o=2)DrPa2MPQ55U9l7(5Bj!1M4Dyb5o?+i;=n
z*Zs1W!b!LaPQ$fugZz?s9X7*la3|a&pBdNp!$a^WJONM3XT|f*!He(;ye`+q^;>X(
z9dmqt30y9p9oJXF)o=!`hnwJ5xC8E%&x!N<;6Zo<9*3vkS$IJ{H_lv!*WgW9za-}C
zi{Uc30#3m-a2?zTx4`Xi7u*XE$aV4fhv6}J5}twQ;U#z#-jL6W^S9wbJD&UgQaA}$
z!D+Y_ZjjH9^PAx|xD)Py`{5yYRK6h2oPej{Id~CXf!E<JxWLXSe0~XBF4xD8TM1Xg
z8Mq#9f?MGZ`K57YH{1sg!XxlFJO$6f3-B_$CSMpo?k221VCnmd;WD@aPQf*B9o#5i
z6hBrA+zxlaz3>1$43EK+@C-Z;FTtzu2D}Xy+Bu*fb19sJtKc+T3pdCO@v=9=ZEz>t
z1NXy2^2Kq^C_DjA!*lQ=yaKPoTX2D$+xo{Ufy?1axEjvD^>7p13U|QWa34G<UlK3-
z2s{o?!L#zEas2|k46nhPu>RPXpSKt;lN;mA3OEJVz;$pV+yb}5U2rcv01v}s@@4UO
zCgB-)9$u0!kLy?A4R{+awD%3Zz7$TvRd8CqBF?Xc8{lTR4eo?{;C^@r9)&01X?PA^
zgje8ocndDD_cwl7O5k$160U|ba6Q}vx5`cNy6S+t;XZf}9+6)b&pQrJ!L#rJybQ0w
zn{dM3xB2{HxD2j<Q*aGj2RFhka68-u_re44FgylN!ZYwZyacbp8}K$<XzwrmdMJgH
za21?}YvBgC8E%6+;U2gj9)d^V33wWwgBRfycpct?3+%nGU-lBX9Ik|`;S5|4H^HrN
z2iy(!!GrJ!JPuF6v+x4E46nhPuzrcxFMBau23No-xCX9+8{rnX9qxjA;Q@FU9)l<0
z8F(IEf>+@UcpEOX>kxiDl)_243Qohda0A>7x51ro58MwA!K3g5JPpsmi|`7(4sXE)
zc74S!dkI_)SHjhB2Cj#j;8wT;?v}5N_w9Y~AUq<!-0lD2DR>rMfS2JlxjD|+g!LcG
z@%_bc8C)U1BAzz|*T8jfBisVF%U8uYU2rcvAYUEV48vpaBs>Gp%PsM|OYkbZ0dK>F
zne4o!^1e7H30J{sxK_R<5w!-m8E%6+;U2hOzBUoHA$Sy?fT!U(coANK*WoR=z^+&M
z$1Q=&;Yzp~&cO9>6Wj`Sz};}4+?t5mAUpz(!&C4qyZ|r5Yw#wVI5YdW#c&y10jJ;^
zxK6$<9)Ba;0=L6ma4$Rn55r^dBs>Gp!%Ofgya8{+g?1g$kG~X7%GbxsRRyQvTDSpj
zhTGsyxCic+Z-^gj2p)we;AwacUW8ZRb$AOduxq0JaZBKGxDu|0GjKiJ1h>K+a5vls
z55gnxI6MW<!V7X+ybhP)HFy(F*!5jsUksPQ6>ti!f$QWO-S!W+!0m7s+zSuD!|)h9
zDZes)tQmM7UV>NQ4R{+awCm75vlLFsuZkb53Qohda0A>7x51ro58MwA!K3g5JPpsm
zi|`7(4sXE)cD>v$V+mXiSHjhB2Cj#j;8wT;?uPr|L3jinho|6KcmZC9*WgW9e@NRe
zdof%FSIF)0HjsjA;5xVwZh_n3F1S~|Db62&hv6}J5}twQ;U#z#-hj8^Li<d>kD(M!
z!c}k@u9a_&$KL=q!)<UU+ynQ+L+~g(0Z+qo@FKhduftn#!TH(om%!z4C0s4v5-)EC
zu7{i8R=Fdt?|{4EK6nrwfydz~cotrOm*F*d6V@NL_G2rC%isz)1=qlJa3kCTx5Hg<
zuY9Z9{^4PG44#B%;CXlnUWGT{ZFztExP|sPk9R4Ygsb2*TnjhA&2Sss3HQML@DMx-
zPr%dg9J~mx!0Yf9TwtF^`DHJG%i&768qUD=a1-1r-{!V|xEt=1Z;xvR;SqQoo`PrL
z1$Y@=gE!&Ch1tg~hRfgzI0e_hb#Nox0=L6ma4$Rn55r^dBs>Gp!%Ofgya8{+h4y)!
zU;m|W60U;Na4p;bH^XgkC)@+~!$a^WJONL`bMPX(0<XhcaDjbZ=a;<%E{7}OYB&Se
z!%c82+yQsPeefVW0*}K}@GQIlFT-o_CanLMfnWAwxD2j<Q*aGj2RFhka68-u_re44
zFgylN!ZYwZyacbp8}K$<XrDLw^-u~Y;VL){*TM~OGu#Gu!aZ<5JOq!z6Yw-V2QR`a
z@H)H&7uaW~e%VXla<~$%hBI(I+yuA69dI|?2M@v{@HjjL&%z7vGQ0+F!U_9~*Drf9
zTn1ObDYyo%gB#%%xE=0-d*K0i7#@Qs;Td=yUV>NQ4R{+aw9l6PdMJgHa21?}YvBgC
z8E%6+;U2gj9)d^V33wWwgBRfycpct?3og$tdkI_)SHjhB2Cj#j;8wT;?uPr|L3jin
zho|6KcmZC9*WgW9{}Cboycfe|a0Q%#Yv4M#5pIFo;V!rr9)O48F?bT5f#=~Rcop7&
zx8cI3?0P7LlW-NBhHK#lxEXGPJK-L<A0C27;R$#eo`V<R6?h%qf(u@jUG@^V9Ik|`
z;S5|4H^HrN2iy(!!GrJ!JPuF6v+^DBdxr)2)v=f1HF#6*ifa<~`I~n!TqgfZTvGw3
z;2QbPxTX$ngj?WtxC`!u2jsir%wc#8o`h%Md3Xt4mAm824R{+aw9goQO(~p||23Ys
z3Qohda0A>d|64q78{7%^!2R$LJPJ?9uZc6K;W>B_UV+!)Ex5ow7xkGXa5-EFSHl^&
z9&UnL;SRVP?t=&65qKP)f@k3cco|-UH{pbRuIrb*7%qb=<eqq)r{Eg64sL{7;C8qR
z?u7^7VR#IlglFWt<FU=dOYkbZ0dK>F_PMmrDTR}86`Y1^;Rd)FZi74F9=IPKf=A&A
zcp9FA7vU9n9o~WquC`^rCtimoa5-EFSHl^&9&UnL;SRVP?vq~|k6{oVfydz~cvkL>
z=Usr8;Wc;@PPAm_Er!eB3i;kd)KYK_TqoZbl_VPB7Pwu0U0l-z_re44FgylN!ZYwZ
zyacbp8}K$<xX;Gcmxx*^oP?|3G+YZez|C+Q+zI!<{qPVx3Qxe(@SObmc>Ig-3cL<)
z!3Ec3=PiND;Yzp~&cO9>6Wj`Sz};}4{Dye^gYXDE4o|_e@B+LHufdye;@a%v7Q<z5
z1)PFw;5xVwZh_n3F1QySfQRM#<8?9yPr@_sJiG+2!W-~5T-cg@tWr1$SHWqx7H*LH
z<1shGZEz>t1NXy2@F+Y1Ps4NYBD?~x!&`8{b=fhOz~yiyTn%U7dbkO0g*)JGxDOtL
zN8oXI3Z8`*;AMDCeq;Q+Y{H4_v;D<z8C(IU;2O9NZiHLlcDM`fg$LkacnqF|XW)5w
z30{Ra;BC0@hU|JMg_Cd<oQ7-R2Dlk+gFE3KxE~&ZN8t&08lHm};T3ot-hvC-vddlq
zm&28CHJpL#;U>5h?tr`DK6nrwfydz~cotrOm*F*d6HeTiUG`$Q46cAva1C4sH^MD&
zJKP2L!UOOyJO)p~Gw?jT1h2vy@HSld%Itb5g_Cd<oQ7-R2Dlk+gFE3KxE~&ZN8t&0
z8lHm};T3ot-hvBWm0k7{xE!v8tKke>4>!TB@|)s)Z-@Nm*xhg+JSY#uH6!piJO$6f
z3-B_$25-Xp561e(Du&D83OEJVz;*Hi@t7Oo7PuYmf_vcsco-goC*`-qk2M3&!%Ofg
zya8{+g*Rn0OW`D3CBHR(+%#MZH^9ws8{7%^!2R$LJPJ?9gYg)q;W>B_UV+!)Ex6$3
zY-R~u4p+j}a0af2o8VTs1MY_V;6Zo<9*3vkS$F|nhS%UtIB`pM*^A*axB^bWHE<o=
z2)DrPa2MPQ55U9l7(5Bj!1M4Dyb5o?+i+n=c0H8BNw^A5!?kb&+zhwDop2A_4-dhk
z@B};!&%ulE3cL<)!3DQwm%Riohb!S~I0M(iO>isR0e8cF@E|+_kHb^&EW7|O!)x#+
zoY<dT_F}jUu7Fc;4O|B|!Yyz++y(c-1Mo0B22a8>@I1T(ufiMfHe7gHc0H8BNw^A5
z!?kdO{I+=i+zhwDop2A_4-dhk@B};!&%ulE3cL<)!3CY!F_*yQa3x#~XW)9c32ucu
z;BL4N9)w5Wad--zg%{vucn#i!6SrrVy%;WoE8rAd1J}WgaEtu*czbAvyWn1U03L?N
z;7ND}o`;v<Rd@s5h70ZULqE<^I0;wD?{Mcoa4p;bH^XgkC)@+~!$a^WJONL`bMPX(
z0<XhcaDjbZ>X)koE{7}OYB&Se!%c82+yQsPeefVW0*}K}@T@!(KQ9aLGQ0+F!U_8v
z*w0%Gm%$Zq3a)|c;6}IwZil<zUU&c=hR5JZcm|$_m*7=+1Kx%U?Xzyb9!lY){LXmY
zR>5hw7H)u>;WoGv?t%N^A$Sy?fT!hm#bcX;7vU9n9o~Wq?#$+tz~yiyTn%U7dbkO0
zg*)JGxDOtLN8oXI3Z8`*;AMCX-h>l(WtY7eE`uxJ6kH>}J6`{Fa3kCTx5Hg<FFYU*
z$C<<M7(5Bj!1M4Dyb5o?+i+ob_Hj$$BwPij;aa!>Zid_7PPhl|hlk)%cmke==io(n
z1zv}@;DUe6E_(@F4p+j}a0af2o8VTs1MY_V;6Zo<9*3vkS$F|nhS%UtIPq`UWiN)y
z;0ibe*T8jfBisVF!(DJMJOB^FWAG$A1JA=t@G86kZ^MPJ$*zY|I0;w5X}A_{fSchq
zxD)Py`{5yY6rO;m;W>B_UV+!)Ex4d3yX+-!Ia~=>!x^|9Zh~9k4!9fcg9qUecpRRB
zXW<2S8D4`o;l$n9WiN)y;0ibe*T8jfBisVF!(DJMJOB^N?@2^$44#B%;CXlnUWGT{
zZMg8B>|>R}N%_6;7^>hjTnjhA&2Sss3HQML@DMx-Pr%dg9J~mx!0Yf9T=3fLGM2#Q
za3x#~XW)9c32ucu;BL4N9)w5Wad--zg%{vucn#i!6TP<V{~kZT#c&y10jJ;^xDIZF
zTi|xM3+{yn;9+<So`h%Md3Xt4g*V`BxbWWWdMJgHa21@EN8<HX3pc>ca2wnS_rU$|
z5IhP`z|-&?ya=zr>+lv_a9?&=O5k$160U|ba6Q}vx56E8H{1sg!XxlFJO$6f3-B_$
z25-WN*JYQz7%qb=;1pZ~*TIc&3)~KO!M*SRJPeP)lkf~Y4==&1@CLjM7xrb>Ln)ku
ztKc+T3pc>ca2wnS_rU$|5IhP`z|-&?ya=zr>+lv_@cQhsm%!z4C0q?>;Ci?TZiPGG
zZnzH~l;0QcTSnk<cnY3{7vN=h4c>$kZ^%AYF<b^$z$v%}u7exl7PuYmf_vrn$ICka
z55r^dBs>Gp!%Ofgya8{+h4*L2PzopEDmV?-!VPe<{DFA6+Tc#O2kwW5;8A!2o`&b(
zMR)~XhqvH@{_HqQ;BvSUu7)#kJ=_Gh!X0oo+y@WBBk(vp1<%3@@G`sxZ^DT;W|zGf
zE`uxJ6kG$>!HsYW+zxlaz3>1$43EK+@C-Z;FTtzu2D}XyzA3vNO5r421*hR!xB+g4
z+u%-lG=5$5!2R$LJPJ?1)9@U;2(Q5F@D^O~=InS%;BvSUu7)#kJ=_Gh!X0oo+y@WB
zBk(vp1<%3@@G`sxZ^DUz?6McbWpD+Yf@|P9xDjrF+u<&_7ao9z;W2m;o`L7#C3qFy
zfVbho2eRv-6i&iba9aLgybagNABx=oH^XgkC)@+~!$a^WJONL`bMPX(0<XhcaKT%$
z<1c~B;Yzp~&d3kO%U%yR!L4uy+zt1^gYXDE4o|_e@B+LHufdye;;q^77sF+61)PFw
z;5xVwZh_n3F1QySfQR8RcoLq0=iw!I72bfi;ljb}dMJgHa21?}YvBgC8E%6+;U2gj
z9)d^V33wWwgBRfycpct?3*MGp_7b=pu7s=M3|tR4$z$>BqE-HI><+ja?t=&65qKP)
zf@k3cco|-UH{rzFvtuiU%is$6Bk}lCa1C4sH^MD&JKP2L!UOOyJO)p~GxA5{vCYFv
z@G86^kH_`faN#?${iSdcu7cBWE!+S%!)<UU+ynQ+L+~g(0Z+qo@FKhduftn#!BBSD
zOW<<260U|ba6Q}vx56E8H{1sg!XxlFJO$6f3-B_$25-WNcV?Hp7%qb=<cHk$57)qT
za3kCTx5Hg<FFXJb!(;FyJOj_eOYkbZ0dK>F@3Lk5SiFp-^2cK*<%!r;@+V@a<xj@0
zmH#95|MuUc73SH`L2ia>n-)83Qs8`)bH?2spU;cxI`iZCRj2t*w;$$Z>~^93_~!G{
z)*)xy9aEN9W>(%VoBF&f&CIK_+m-g?o6oz<I+(YB@jc1ir}5dxZBNMSu-m!Dcc+^t
zV^g(djPGE(?Z>Cf3LIaTyU!+3^W)P;Hyqz4#`k1*pT_q^`(d7aJf5hsAK!f5XRU*I
ziErlVPY6ZpugKk}ydT>S^TynLHi??g`+?nJUZdq{emx(DxchYbFZRQ{ad)3hqUQ59
z?H2P|koPoqpYqBqjCtC`b3Gr2TM_fxEzfT+ha&I9AaCjbd3%DqUgRB)yq5-fGj^ZG
z?VDfTx*%`Z@+z!I>+k6{Rh{N*3-adOeKv`j&$~9ro3T92ue@j2)aSiE$Xl@ca*eMy
z$eYLbo{7A%AaB{-XOpP;@qHl3+raqzzCz>pYLK^LeYwW><sfex<9n9P<CphGLEgIE
z*J(e#`SC3UdC70(C7P{I>+d;M?DIB*ycWA%;=^2>ZvJ<W*Zu80{U`gPyrW&6maE9}
zt#oI9+TrH2uBiF(9b|QKChks*Tb}0E_>QruA753F*J*jV*5C7jyeZ48aCy%~-bF!P
zkLBfhy`3NAEnA*{y*&?kHwJlqmRD-``{tLoHOSkvyc#Rg@*ZbXzr3#r@`ewPcW027
zTF8#?1;~3(kT+p@eoPvp_fU{mXL<hlI39VQ3i2i`Ps`z(&zlJH8ZB?qinP2hw5ea-
z`5<q@^3p!c)#>J=L0;i^@)FvYD{rr>(|CU$<W<`3T;uz7kT+p@etah)?@4wrwju3o
z&w3tnZGSpwYnd|kqt^P}?Dlt(-S*3Sbdc9!dAXLiJjm;_JiolBAn&XoZ_F*1#-Qe(
zk28Y2)c3N_@2Rd%%k}agZ~Opxmj`(@$a@j;ZVmGMc3~w^^W$p|^6HSMb1J|7-V)?Z
z+W2z4e%~16HCmp3{k|A^9}n`T50LkfAg>*HFG1d1kT+|2x%LN-1bMxd=l2I^A@65F
z-jd~2+Wo%y_4lJ7Z^rVvtVpkqvu*0vUx9(!v$orEALi<G^PfRpdNF%`b*`(^_VVl?
zPup#-<Hs|tPGiW}k6ORw`QyiVc3bx;FCFAnxpCNCQB$4Ti3T~N8`h>RPxEVeFR-cZ
z)9uR*T;9|H@-7bY=8*SN<lPeFRa>4O$2UE$+AD*+Ma!$OevR)Uo2pLpy}`ioWe%|Z
z?hW#`u>LMa-Uoxch6Ch{1bLPJnH}Gy$eRxGS}ZTu_V<|}uio<f_UGT5XnDUE<n>uz
zuGjCkg1lMF^RM44Fuq?0c>@Q?TMhD-k@qs><=LAhJ|9Dtm+Sf64)Qj!{$7r}X9anq
z2N++O)mh}u_FVS;?DD<>c_##U;|It)KFCWU?`q_o8{|zMAn(i|uMT<pkoSrpZ~6dv
zO+j7@@~%bR?LpqG<>h)lI)c0|%d4;)z22@v-dlsbg#+ZhDaac}-VMkb5Av1|koRDa
zH-o$zk@vMAZ_V;@?N4Weyj9E7deQQ}3VEwR-j?N6+x@<2n^XHqkhfuZjn=Qcn{28&
z<^Mg%tFk+Cjc+T+t9>lHzrO`}&#?<He7)6Jo?hp^`SBfTb#lht(P?>gW{vMwo9aG|
z?<GNAqur6Qe&2jvO^`QjdBawuyxVN*^R5W;2JMbq$MZ{qye4}C=8xyMBd;UK8?(Gz
z+w-e}yg|#WaN~P5^6m@rCM_@5^Ko~OH)VPL`1>!&dry!zdw}r`1$k>2-(AT2e2}+b
zc@uWOZ+0_kpAPbhe~_0bvFAe1$G=*I>a?DI6y)`|?JNp$b@Eb>SN>nw*N3iw`Mf^|
zdA*jGYyCYQ<W*XpUw?Na?{K>~#_f6V0C`WfI*lP?KWa_Ld#&B}<EsktMh}qpydbX+
zdG{i(HprW_JUy0g-Y*XFrm+5AXT^Se*9Cb~mY3^z-V)@^TAn|izaDw_26;1<r~Qy`
zetbPa-m>LwTamVx`)%sSHyY%X+Vhy}_4e;U-qLdR_4Y>OeJ;pLT3)XG>8FCcZOilf
zmp3EtCqZ7L<>gv`KMeAQ>_U*1L(BUB^8Om+H6LJk{}|+rT3&_Adn@wFY%tuO+YXR-
zxYcQ$XY5C94ta00+y41DG05w*Jl*G;_nshc9n1R;EB1MfL0;DZ@-7PUwvhKu<n0gg
zx(|?dQ;=8i<LvYCZsa`><n<gNuRq8uLEd|i_fU}6YkAhS)BO4y3-Zb>&%fUO9eH01
z^7<`rXeTZE+{^}f)s{D88-}*O_aX1sL0*MzXV$gT{P<Rby!oGG$M*r`?RxSPw?FL<
zbM2r15#+5}p5H%z5P8Q2c{P@oYkzRG)oH95`%x=h$v(di+HJr6y*S9LJHYau7UU%@
z&p#g@M&2ueyoLjeuPMk&TV93b==u04@@^0Enk`R{>zjW*I)c1r%d4{@<vnCmzr1e^
z@;WWA(ucV^-F#D!H)?rZ)~~#eyE?7+j|F+dT7OpKn;+kYgS_&e+WNC?Re7JVVn4p+
zAaB%e+orM8eBNV0UiGiC&&Pit?=L~#xSP)h`n=5`uio<f{`phLJK`x%+@2?FzFgxw
z)asO-aSzml@qGq)rv-UamX~XLJ}JoSu)GS((fa!=@~#Z>W)HBumj!u)Sl-Vg@AX06
z+yU}>gS-*seF1rsLEgOO<=P*7JjffjJikBq67qf!<Z1iScJG^ieiwthWy@Q#BCWqK
z+f;R0?|%&PD(rTy=VK$tn_SC2ACDmK@S-PfFDaX^-0t_ykMF5gCuiIpOP1%~zkS8}
z{P<1|^6C#TzP&+S)vvSTdlY$>1bIyd$a`s!*MPjQA+IyYYqh*w@3(FV@;Z_C4dlHc
z$m_DaT>GnggS;WjYq1<Xzu!dOhl9Kk%d4{cee=)9XppyMdA(Moyl>moKOeI}-n`}2
z`Y>0gn_mj@x_^_Gn74lAeaF>lJNtEzS7NtwE$?cOSNGfO@_r9_c^1m^zqHMl>-Di6
z<c(S0jOA#2|B1Y0kk@1LP22sx`So{{)yWxmN85T{!u}uSJ!XA={k=HIt8w$W*`hl6
zv>>nX_u2jP50LlrATMLL3w@ZY)6L6+ycWyz$MgSkbykwNE6A%mK;9ieUKjFyguDlW
zyau~%|KDkT{q+ZV1D01|ReC;tVpG5VJ{IIPA0Y3;LEa?teu}(>Ag|4C>wS-Jeth2u
z@|G;mE@?;O`?(eS@jV{o6&#ZL{owC{ym9*=al>-7yuUzRsm;&rxyf!P?S9|<_?~9{
za>m^;{C~2qk6&4zAK!^VUYFf&ar0>6^Y#RJ+m=`AmiO1L&K4n2ALK3B?OeyV8-ltu
zyPfNGevS2WIZFPJr$4nBt(SE??(2iRlBed*>kaa{Ew9Dp{T_KA4D!;J=huam?RX@}
zTedu{2R(0k{``9WN|0A$d9w;~&1cU9d25!Ju`K01ZnZw|*Fj$5Y1uI;(&w!Pd6j?4
zj&Bor#Wo&pR|S?gq#)OP-ob7?WL$r><;}V6;7``)$CnE7hApqb&7+CWdqI%5{paj<
zzlFRDgS>UiE7pKr^Lgh5dFxxY-`EwezrR|oAK(5UZ_75)T>HtJg1nOL?0#|^dG`l-
zi9>V0Pq{D1tF*it%hB`u59B=*<ds=ov)%8TU*54GuhsI#tVnr!LjCf7Ey(M%ybd2`
zQ=c~*<Q4xtFOhW5Z$9#V6XdO0Uar^gFM_<Pe`H_31;{(to=>~E^F4*)!*VZgzSU{0
z8T(NivOK>ZItY2YgS<A&%XJ?1tRQdvpV{;5Lgdv1dEJ&*6%Qf$*RQ`*g1lwR>$M6!
zA5THv%YwWy%kvou^zI4j#;vY9dc^o2Uw2pVxGjnN=(}oq+(YoV?+x-Q56^u*{>~t8
zE-!!Q{q)n2HxcC3S{|E~M(xwC&R&X9J5b%U)#-Kk|5f+p9FLpp_51yxuHMF%tL_g$
zU8B|6CcV@Adj7rD$r*P~Nq+v${{9H8mm=GrXxZ&8e$?75&z`!S=JO7+I_8yIo<9#O
zL*8?Pyl%@oawjdjy(ELYYUCY>ywiicA<KJSj=Xe`SC71M<XsZv%~)Qp*V{{jyjJ8r
z8+q3Ud5f0!=^W$R7vyzY-jda6yVrh8>sH6(yMnxa8(hZvee=)99YJ2>uKb<z&fUm+
zdyqG8dAIp6oBF&5g1j!v>$3Ybz6#_`xIF8QTIT7w*WX8jyba6q$B$!?Hy@0z(ei%a
z!|f6L_#O@NstWQG`b=2kt3=)}gYl(oBki*~-+bOrgS@3D=O>1&PkGNrUcSA!?B>qv
zW9nIn#F;+KratfQL0-p^`8(G^s*v~WAaC39&d8DXOsi9N#@#o9ygkS}Ey$~RwtXii
zN8U+6-h$;dTAh|Rg}he;d1ID$nBU1+y<gs@Ag|)6{DeNER^AE7dyUJp?x;;4ok*-W
zYvS|n4DuSDlb;x|nUq(JyblE98{TcNpB#Db4e~aQ&hD>HM&1{KylKnJ_4=3!@(Oq7
z@0`D+k@w>uFLg{JI<ER5`sMvWkT+p@?N+4aJq>yP2=XQ^?_?ilQ=j*jAg}zG?DEzi
z?+Dwu+s%YMOw`sbFW33dq3$@Jadp*}=l2I^ATQ<e{PCl-BBB4p-cIx5dqI#lZh5^{
zrRB{a@0=j7)AA12fL-%>FA4He75O`#W1oq<YlFPL=Oz;N6z?>jcU6#=IX3(Htwr8l
zLEiWQ^6m)oI*@k`^4<~TEm+<OJEO}!zi$chMl7$z>a_mqkoWN*ui)6+c^?V#686Pz
zpLag;z8d7EE$_@6<NI=u*J61CZhZB~`*D!hZF#x2=N|-l8<tn+@-9T)c91t|c^}C!
zzCQ<fY5T&mKmIl#ugs3$c5`Qc-(n{lC+5gI-0HOLWZZov$7Q#dOOSVBkT+;~FUpa(
zC&<fKp5H$=BJbQFZ^823VB3IietSMM$Q!ggedkQu%jL*>d63uq{M@hK%Y(eS<MVeu
zXKzB@EkWM2<-O1k&Zd5RuMF~5EiYyFYkXHC?~Os;y5(JvBd;&WE8UabzceH7p&&2)
zf<)qu9C>3w-jL<Bxba<uyxAac!t!pg`+f7v`=uan%ks3{X?a_a_gIiuc6=i7Egxo6
zpZDD$uP&9J(EC8;U4y*GgS<7%vt7(i^Lf7u@*4JLpO04L9c<^1c5~<TQL-nIc#=9?
z^LhDJCudxLkLCI6%GV?Bs35P*HkMzxc{K5PM+AB8C*~(cEl11ShP=~)JZ)5m<`~~e
zL0-v8+3~#+c^3wGrF(O~KF$mBwolIP|JspvLy*^LdAXMNnjo+Ll<e}}jJ*4Tyyg=U
z3EKtkG{64t4)Ri`W}n{<<h?t{>$SYvowV%p@%A9E#qwILPS3}F<b5p2o3lJS<=tt1
zd>;<-W-PD5<#i%Y?_ccZ&i1!vdFSq=WykkukhhBEy#sl_4DwPZ+IJgs<oz_rD?Kf{
z{<@I29prUdUU`nZKL>fWmS=BOqV;zt@(!{0Lw0j#c?T@dPRVzgUw?&GCuiI}&B*IU
z-f=<Rgym^H`{wg1g1k;F@4q2W@BcWyMaw(NhuPHUT^ZDESly>`)Lj-l?x;QPu+?e1
zx*LysYmhfqok)!2$ZHSsGB3*C`Te}tB5xqbt2-%?(DyZc^UHC6kT+bD-S6Iuy!Qur
zvzBLX5qFx;`)p9RXmzLWRAtxSq}6GjjJt32^z8X~A0Brh$SbvzE89iyH2=8Y2=dC$
z$ZmgcK;CbIyjsh<WG5{<zF!7;)s|Obb$Z_Vkym`g6StQk%lnz#@0%ar!B)rRZL&O_
zhb!+*$lD#{b*Jt4>%(m7^PUyt4Zk>hel>u+(}KKJ%X?Lhypw{w4a@WAlW#%ZB|%=p
zsfol(bL71=$eYV#_osu%yFSPpu{?cG&o{rk`+~g6m*gk3AJzJMJM!)f^3tcpzq=mh
z-5%r(pP7BXI)uD826<DKcbgBhsUKfokXLwCc6r~0y!QurRd(|Hy&QS(3G&)3Z^P=e
zyu--*e2}M$Qr$W7J{{yW)n=FXy~z7!kk@T_`rfl|etGADyjkRpAnzwZ-nQl4<-=_1
z^L`lQrOwW-zxN~W@gT3ub}nzuk@veGZ@}_;txoGt=UIAOU7tMo8Bcuu7TU$D`*Y;w
zTb<^~xcf@a$?mT{guLBB-k{~_aeY&U+OvYZe#;xPevNModFddp?8UjyH%<)ls?W{t
zuRemjtAf0=<^4PwQT&e|-^+r$Cd*4&j>b2RysjXxJd;RVnj`PFAg`+~`}}?kc>_US
zhvgk%@AG`~<GVk|Te3WVK0blG4+VLBXC)Hn`7oRMy!Qopv-XSJU3R~g_mjx`N|3i`
zdH3eXn+fu2F38{c-pwTPR)f6e+C<_DcE4|ad_M{D3hVQCzW4BH<o!9wD?caqasTlk
zZ~3M9i5YuPE$<Za4k>%$>to3BF7$)5sUKgV)yWxm-|&Um^PJBiFB#;mS>B^=9!-4S
zQ9)kXegWUVznn&1b&xk<C(jq;$a`Us*VmAJe!qyki-Npu%RBAhY@i?C`9WUd;{3!^
zQM~?Ukau&Cm%b?X=L<Imc~i~V^OuK_cW;naZ+ZK&!`oSZJwe`r<@H*fp5IyIy*J34
zu)J$?<h?V<YkWm^{e2aAlR;i-L;QPmKGLthj|X}4mgmPehrF)^dEJ(m_F*>ld9y)Y
z!&TY+-`A1%s~~UE@^T%Ieir0)T3(Aip4Q(y@(P~$#Meja;zZ&UyWclIzJCUJi<Z}F
zS<3qs@{&Pbo1L7#(1+R7=N)Bra>m`4-j^NU0`g7_@`fxgKgam?1bIW2=dVY67kQTj
zdBe7||FRo{CVqSkL0-+Z`8(eiSVZ1UL0(H^BJpsJytW{(!B*b3)oJ~GA9;O2Ud3g0
ze~!G@26^?@W#9KKA#Wte+qS$@bL71{$ZNbl`+WQmd0!0j(w8R^t2y#M8{|z|o`1iv
zjJzKNdF5Bczjx^){qwOH<Za!Mef|Czd4CM@`YkWl`?rlCucIxyyer6is(n~)H+SCe
z&s*O4esDJR<9o8z$r*Rwg5`CY_5A(}dCv>-%9`x@{gd2GHt~78gS@&ME$E;)Zxwm9
zL0<DKaxd?T!@OIvpa1?6c`pz0hAr>6+2QSs@A4q8*YZj&N6Wj0yt{(DzN_qaX>;V=
z5#$YZWb=N5ya&R(t8-sx=nwM7Z_O^R&a<?hb^bga<W;uBpWpZ)`sd@pAaBj`{PFzv
z$oq1T*Rd~=c%2Wksn44Z^3u0u-ydxtZ#l@@vOKM0-+bO<L0+X54O*RQA4lGQ2YKzS
z*)b{8=M~vSBb#mKv#$=Td;Bo}sBxX{e~zoOO*3lxZ!Mm>%iXYv&pXoU<czy(`VRa2
z$esX=?@t)t`7Y18qo)7<9KU$u^Ue<P3SMh-*fC0ZTgZELFusv{a$j%XALhL~dp+^5
z$a^5jo3lK;e0P?&Kgg@LJZ*0p-!}3-6yz;fo?k|-0PoqLZqe$lQGsi|?n}YrX6$j>
ztwxV)Unz_7G>%^cdFj{YK5tqH^2ROC@7MAyQ;(~>{PHL6Cx<QXxz_KSAK%}Dyo%xM
zdftV+Jwe{=0rHNsI%Q|v12rP=NyxiA$XmC(fAxd2sUP3PL0+%r4cPr!e+MJ4E6CG-
zTSv!9-+bO}L0;*5@)Mhuqr4|0?|~q%?mjzi_%NILy#64sa3s6m(BB|aot}^JAg{`H
zLV92Bo6mbN$lJ2K63fx}4nf|0kf;B~$J>0EO?}>@L0;hpveyNkhP+<{dF`*a@A>4&
zTM6<eEYDu%(fAHUUjDP5xcv=T-oNC?`+JZ#XL<hlJsf%EL0;(_vft5AtY6-ff;#<o
zJ91r5Oj(`g$!KP4O{3Z6I0BD*VUX8mdEbd=iT?GEdtQ*&VR`dbq35j(dHaIAn)~hV
z%;ne)nuENW59UYLiIsOG^8Pi*Yw1rUF3XYE739r*D0@C$j=Z-8c~ft+-)qc~HxT5t
zk7d7)^lapPCdg}lb0YDA9C@D%@`^v2y&juH-h7ZZWE+e2Q@;7<<Iy0m$NqrW*sl2b
zu&)yBye`**yy3Ul`EHK)=RXhfDkt(2mG1p{1@a1>9dGx3NX75U{r&NO26+vi&whX7
zSmf<?dH#4_VR=XUg|(?)-e*}Ix91_t^RLTF<h>}!tFyfK=Eyra$eXY{zdb)6c}+py
zn&n-UBk$56uX{Rs+^Ry}tAf0`cjx|o`}INIrsWOW<LdQcUme(ae(w$PrYz5P<vY!<
zzn&m(;0xLPWD0qsL0-llbTh~H^6x=j`ir(7ciYPe$a^Hns~)xQ|JnV%`SE=*$gBIB
zy??ViwY=5H`&p1z`k)>6bG+Vu6y)`P)4tznb;`4k=6BZLKZ3j(yQplt=$+=r_m?2A
z;@fup&%NH#$b05<o_JhX`A8yhMUL^6TAi{p?vYl%n;)G=YJB#Q=g#={26^f6-0#n;
zg1qI$?EbU{c@05c$wPKdZTI`;m-m7oukHJGz0T@1zB7<_W005nc<$>>twCP$2ig5W
z26^`dd2N>W&K%p{-9cWP<<-0G&pw*kS$_`(c?F+||4v`HyzdY4CRelPv9-v1G{~#B
zJpGM4-#i}<@{+&EPt4khyVl=1$Xg5YdOmO0!|Z<FeBRH4yw%^>`Mulz>X5f9`NZvS
z>I?S$m_nZxuNU3=N07JiJNrJhTYq*be`ozw1bNA?CK8Wi<Dxp<e2&#=tQq@J8~#i7
z{j^<r-^n{I`NZ+9THZIJIpTl(@}6XM%$xXY_WiG2D&NU_S&%pJXd>|&A7YW7jX_>w
z+rAHH2OT{h4anOc<PF<F;g5E|Z$9rPtK;}4^LHi6-Sc}1@&>F<FMl5~`0d=kFLZy9
zw{Y;To$DKo$eVC^HuR`%Sl+91>|Z`=bsXPn;jW$Ef4dxcU$;8V?(^F0<nJ!qu6*;$
z`<3Jq^TwaDD>34hw+VSavpO#C>SFHizx*i3t1sD=uuGZI^Km8ewq2edpMJ^tcUI?{
zAK#yoPaNNf<u%(t^!zp>@9?9axV#&dSEK>E=JTFvb#lh_Zy&mA=ls+zMMw7)+kGbl
zdE0jJRQ<mByyJtszQcFzoWHan@A4q8@UcYVyE&eZi-Wuo%hTWH)AC+}yjz33<saJT
zJ$Zg~@p9-^dyrT1%w0RjqgLeI>+-BCYL&~mKd<cx@(PdIwe$T%yEMDA{@xYjjay#I
zWozQs--AKj@&W25gSz4$+56}mdEW@?O0CX679aPAL0#Da>VEC&{MgH_?nQXqJhOft
zw>pmJ3ad*8b-G!wJFfS4z1iyOFhFIg{nPT)ozV?zCH9A5+ueT6E|Ko6=R<?M$9`)2
zJv*26&F2+c9rL<(?~3ZQUD+kbY@W@C%`)-4?!3g2Hm`3!Pg9$1r`6h*Cnk<gByP7(
zU7y!umDtad?T2}rU&>2-8ZRWD_v%~PufOq@J-56t8MnPBRiAQVYH#X<6O+lksnlNl
zd-BQE$>b@g?maoKY<bFS&aOWvFV81w{azJ4Cw_3<N5q4ujyfvsd+8_oyZ+bHLpJR9
zWxl+Tzi*d4&W!zTMSkJl!@gXiZuLKT@7Iq0!J)s-`)2-+c4bzRyLUe{zW;>$niC$`
zK651Rl<K47nTEgn(x;w&$nL6#;+wxbtfc$#ujVJZAHOfp{yE3KvGTLRy>mw|9lDnH
zgzVkBKQ?^NCHXa%d}aHZk-RHT)-O)j7{33o&Gl8ydY_G=`*A-aH=g9f$++(H;&`fT
z<l3^dJ?WC&*R>q$>c0Ootwakh{*O}*JMx5)wo?v!=CNm%pD=RkDQ_w7{^U6aC6=%0
z{^WfHHq3K&CAz<RkUiJk5C6YB_VsvdeH!N;`_SmIOO8GBu<IXwdi03)kO%1@wY0$_
z+V{{NKH-|@oSA=n@!_fJ<Oyfqt|vu(N%b9*?K}0%LpDym<dBX2-Ib=|{HShsrS-%<
z;hO8B=ktVXuD9vAXPtFgvhv#fx7>DH=PkFiAAjMw$?T1rZ#aJMo)b>klREy?y~p3M
zxAl~hPpVEImpo~Ybw$UCq&*|HK#8W#>u$bn-__^ceEltn%Pu|p>X)2(=|%OIHJ*KS
z{dtXNU-FXrOHWTd<t1mHclzF^Sg|#~EAXdw;ced^PF1JJQ`3Fk2kK|dfvl{8O8pzZ
z*7bV#uX)Ymo3DAgb?AOg)pFHjtY0;ns;MSpKX!;q?6#k??MF@hvhP1%oz~PZD?|15
z_H&5y%WSHa>v1crU-M|HrW)DjA7|D&Q~&er$LCj>wO`j``MpN2{G;7GnyTfhIobM^
ztErl5WaX>>bo)_LzpSyT|4jQ)Q@`xTe6HD#xeom=MZdnIqJ8jg`?<n?)Rg0!fA0P_
z<Ja<QJevB))jrja=Tx(r@@3zDhB~dOU-tcHnSD;J*^g7>SIad{9aA(0Kh<*ikCXoY
zs4sB&nyTf>{NL0ZWb<mAnyM*B*1Q_Cd%5S#|9_cR>sF7esame_=d9Ut+rQk@x$m09
zp4&S2$I~{i{nxec+tYqy=XLw{weQh^`qE45udd&BTj$yP_usNVvF8c*pLydgmt1%4
zbvNE|-T%Df((7(+4SE%K-bGj2EO!L=oPE<Z*R|%3ax>+Ki)M=ZJFn~NOzdgh*SRmT
z=bGDYOYBj{p2q$AZoaL3U*~m~T-SN~{+rLbrPYr!y8A#&7v1?k7R~o!AUi2fT&So!
z#}ctTOu@25Yj~$ttN*OVrmHW#uJgQ$u;y|XWY@;dbLVE<*LqfGms>A>!K1sb*l$mE
zbl?Ac;B(^#b@LwJ{%pV##<cUe=d|y;!9OGa^O4=X*WPl|P1oK0f7yE<_^7Hg|9@r@
zBAVe}h!`R2%n)HF1`H8p(4a{OF=$W-5u>6okU*#*q#<Z*X^VoCwrLlY`gOOo3y79q
zODnjvYg@kC1X+p}yFguwTWpci7G3Nj>u%9v`~7^*eV&;o!=QFwzu#~7^?mhu<>b82
zbD#6vbIv{Y+;i_eGlOH;<*uP)7x5bEbv7JG^v6`9y<<tc*Wb_eKPx#(cotc{p?yrV
zl2<L=eo@-?i__90($bftrSTxfNS2QyY)Z0xBU1@bR-d<=Opi+2J~}PUD^^Ofd{?9r
zpsYUM4#G4?+LUBLV<js&VtCrDK6f+B&(S$0Sw1{eGLq%4!YM@-zYxesR-aEv(BBZV
zmFY2QY5VC0Zoe{Z`?x+e;`KmF$az2>j%U8f!R>YrOzU-t*RwqQDppOJeWRp#<nnwM
z`<l|Ww@I4U)jWJU=97~4>@VrFUW5C4M7Hz#mWN-F`ii7^{mMiC*xn~SGPxd<*Ni;$
z58N6%@zSH*_c2kyYe^oyJ>xt%#9lh)yF}6)@AJ?<#`j5MW;16_b4N$p5}z5^^lYrc
z_%*+?qjgR@#_UCH3w?G&M{}ZyncUD~H{8#G!<p*v*Lwe=_BkCK-TRDw%mfqXz?m%N
zr6D!qsnfp0+*#T_1xSuA9J$oA?|7!#K7&{vWpd<FZPKeZD)mu2V^7cH;5VndpPc~0
zW98=sU&LRe1ihT%&PI+6xB4&lY@D7Ka}mFs@@LscJp*gcIYhpkV&q&Y8|RhzIQ2Pi
zt}@KIr0O|;Cs!a22~R=H5i4INTjX4+Ba21*n-G_Y4a-8#mAdm;i27%?d>C+U%_dOh
zT!mbOn4>ef7%^|(^JTau=h6UDh@g4d=kw)+C+AArvbfa470v<ZrJZ@s^SjKaBfi$~
z4Th@?vu<iXkSsSj<Xkyk+&yhLr{~p!Hry|nYbq!_47A~KU^X(30}mm&7BNRY@-2wz
zi_CJmI<f(TbEQAHIzpdb$5Pnkqfu)RJ3qpFex>>f!>(R(*>m+`p}3tv^16EAU&eaD
zW;|?Ny}-N&pbO^ZSj#IEne9r+$AHaok&=(fC3!$<-kgtup!!by(x2hN=VzrM%;T57
zQ9x#4At40693z&&FYU%Q@k<?nKJ^(Si%;iAd=^nJK3!h%Sx&w9tR;)j2D0?AxrSQ}
zcafz(tTMdT@Om=NDasZE<sF854DU01$nY`4Ck>x5+#lst|6F_N&&Ebb$Z(0_xM4o)
zQ~T+L`HWumErvVE{XG9G40jvm`&_>q^v#C18Qy7lui=*sA2EEwFxT~||7;uw<-vvv
z4RalW+Keajh8<F2nD4?=&-W&Nc2WqRu`9P5UT%1e;dO>L7{)S?q#wSoRiC>J?>Bsy
zjPr|f-0(YwF{w)0@SUTd0}Q0VFu%J{^`(Z($ub43HQZo$E}175q}6bj;Z<au@07KM
z*Bj>g7q!`8xQEPv3bN1eA;ZTEpEP`iEK}6}=<mwBo+yXNgFXNJ4kTsw8*8HXwto2k
z5KPeRl4IF;FkB`@nRgZB3fZy>^<xv#p82_r=?VnvFOIZyIZ(<s$9n5;E&OqOqdzo3
z(jVu{)?bBeL*zuu*MOAu$M1jC^6|9R@+|>df7M85D&NP_{OvI1<7uY;K9}aN?i~JB
zrTN=u{PA>9f1A_%v0j<V_qS>Ojv0UK{_5`^()`UnhrjQo`8#9$@ib6>2h#jCA#H_i
zOZgcBna7fHF1y#TjrIF5yQ8qN$Bq6lWF&><qwpGM?OLFdOQYMacD&AzE1VYBd7N|F
z|9FYzHuj%O)BLS~j(t)^{ap+@>#qd<R>6q<nfq6Nyw|biJB)3d^Qox6E7Sb(`y|;H
z=#Q6l^><^Mzrjd{)tT5aS(WB58{<SN^z?Tzg8I8B%^%BqJGQH6`R+*bHy-|Wz=-~I
ztYG`ym*$Vx)37>2to}Zp=I^*EAD>`o`M#LukJnz_x2mYWHEI6%J+bRy#PV^jtNu2n
z`D3S&>6UY;{=S;#ZwLJ8_!2h$o=@|ae-3~Dkmj$)_#0{b{W8rTulZUg7EqaM`0<w<
z$8`-LZ76Ct0{N|7DbjLz?PI5Fb}O6~*D+H*KJlSH*8jRRf92=!r)%IUkcV=}_=_Q}
z{%%k6SBtbv%UnLKM`xPd^mEufDt7Gal-rQzwMT_*!SEI6W%}ectwoyGE*08Pz9s&=
z6n+os9CllvXIU%6klzE`0A~NY5<%<x{WO0Z2)PbXMfdxiG=Fh)QrgkqI0W^F-6Y3S
z`lv>wo=094^~cz#ef`l1IFGs-dObgI3c6=kIyTcs92bK+b%L~FXY0~&SEXK)hd%5*
z`85;eHF@a6-;;Cx&PuVaKHRyT&tCrD@EY_3UPbV6a-WC#86Oh6@}K+P+0R1l5n>bA
zBf+%kC~%wptn}P_^0siCX4C3@tk=G&TzYK7VyAmQmmS9ido4egU5WV9bCPzM&Pnz~
zdrmGvI@39s-sis#yD9_~tp{V<q9>4^i@-9o4cMBQ`aJu)`hZE2TbC?ch)0mgUjJcz
zeq8B<tII-^5AX98VeH8C`M5hXx%dD3B=QWFI-pt_GvU^XpbgOOJwD&zNHD7s4{owk
z|5nrfaa~#h`~Bx{e_`XRkG%2VyB~io@IF_&)F*sN53{OrUb)+k<lexUlB72BOvUP<
zG};>o2KMyx9S)jJGxzWU=i6I2BJ#7yvF;lp`)0=mb&vgVNo-)$-(4RmDT(`IS*Z*q
zS4f$*@7;Llk>d}Z{&-$*X|gWfI-JnaQ0Y%Y6}v;pY_qDe!STSppC(l(RZY;>eM{u|
z*^xG1_oN?>j4bwb*F{E_L|T2jMqUx;qQZ%Rr2UwnHb(jy9n&W72g(vYG|KdU4n;QX
z@VjPxDKIQAw`#+Vpe!DO$7lfiI5IZm8Pxsz=qLSSvYyThP76#L7}*!})MEx@*gOF3
z<Ec-zUJ><2T1$d~NZnnLx^IT*_QbO;S|1ozmpw-Opv^I@W&6Lt+Q`3PpymSK3wbdf
zCZ~!94$pH8dyYYoXI5gpO)!93<A4A3=Jxu|u0#L}jgZansyeGaXF>3MB%^^Gp6`zK
zAeooDFPI%18k+oA&kf^xuIeehq2Gj6$G0AgN4iJW=1m=ni)%b<!lUQaMnF~bd9h_W
zr#25XHLIHw>mKLN1GAV();nQW-lh`=fzbd~R_)Exd}D&M0)K+1SXSy^GDBZq$u(Zd
z?cI6y6wviv2NV9#!Bov(3LIwRzRG`oS5{Qpx9ge5#{|7aU2f@Ba;;d>>b1a$T}XUz
zd6U-kc@RDa7@z+g*Ju<YAAwTnMaeWTI~3mLQFOaI%aP{LPtoo4g9dX#TV<=KPt`M@
zvbCpw)pH-p)*kBQk|s`fd708_FT1OXE{pjnHuRx^`7`+`5*x-8+K_om5J4D=K*^N1
z9D4d^OrZ^#d8w~Kpioa9f<T|Vo#bgu{hbJS(%|$hh;xM75c4qx?H@qkFhO2}Kw(}o
zZ`G*Rm8I0HXj}0WLjZv>g*Ify%*$5*oMw=xAgG?Vl{`k&HzQEEjm+an{W1g!^(wmG
zsZazE7^^)W9cW!zjJ^xZwx-Xg5txrYw;-^;F})LkLOppn0`;#*O#LAQZNp!HDb$nM
zXXyV|2<(H@A4AaN@*iLd^(tBy=HtFJrVaZEW9szWVwxNlJ=;+0em6KI`cEO|V=v}i
zjX=q?U#%l!3T?=oYBFyng8I1$O!+WBdaPMSN+x^05(*$N_KOYcrFF4=9%?7rR+l2h
zyo@RIPre+1WuA<nKC8j%vjI%WR37Tpe@6a*dy_uPpzfbPr_P(UPHjuBR7tL(nm=cH
zbMw7!`P40`6-ajTvewoQ*j(Av^Z{Gzn-?#+ulWNECbu>xI+EM55a%34r(N5!_OrL+
zrMT3twmFeu`;_{6y!2-&<}B^RVk>WvQJ)*P^o2p<Z!%V(_1RS2Ja3ts{?EDfmUC~a
zsgXi@c{4S>Zpqa0$!!^$UAJXubKR7=!F6lq*4C|B?><ef8#A`EZalk@vCM5OI$kT5
z=FMqy{Yo_RmvwYtDOF!(Ggt4;X>kXTc1>*QIg6LUzi({D`|AJV;;St82A`*sCt2>v
zs-}36;_#o6Ecc|;rg;aQlB_=8G|c>bl9G}?f2|dVxs+u2VyOh^!`D`gNwe3>xu-t+
zc>^!YDM^2x@c;hWD_(k1a`xIcUiwmU_FA|rQyW29eLl&<H0IPsvhbvx122Ua!#o`S
zVJ@ZVi`;-u6$kJ<9REth*%F5MPW|a-FoiA2wO4n#l=qJV`9ewm4Pvgn;)Pv>+aJ~h
zVy4$gniGjU^q;3B&5JSDVtq%_jA*Zu08Kwn5aIS0HG!Dv18Hea7AU;va&6ZeF6FI}
z$@7hL-`Pb~*loYuH&7c4Y5E%>X<h)iwrh-}dGX3)|1=AcbO@Q3RQ4G()zT<2Tw<JX
z1He*}cyO00BpFY0;{XzU$4h5C|K8-*+uG`unB??611OC9jGBuRt*uMu`xZAZUfSI0
z!}8+R<~FA0w?E)p(9w*QWAm{RxbMXas`LTWmBC#T^a2G<4e}>Tl{Ri-^I3x>+L5B~
zblLa(oM}NgG4Ky`=$^gnyJsF3|0qw-|9$e}c`e1|6+iBVB<ks1UKv(+w)urQ@+s4@
zk54Is^C^CuPswY2y1bn6LR?+WRUYx_@^YpHapjRA%$0{H9i$M!FQ<NpEP7T?^(>aZ
z6#qo}l>c01ux%oFZJW?lA3yfEh)>rJwl3n+`4OKV*tTU}f%|h`<2~m8KKqsSbT;DO
zw*Oi7=PIY<b#0!Zz8oWUtsZZ*$UKI8|48Qkc`V4>KgSHNQ{YvL+o-2+vaWk$)6j-R
za(?I-!tTp8eDu#luIu?Gl2MQ^Am*4uJ^gVKP5nKHYekR9y<<^(-Z-kChsolHHxSgb
z%;elC{y{<rv{{3Aq%il%n*iz)h}lfc%X*P@ty>NCu;KN9*9hA1n3L6pWu*;m>5JTg
zn1S4exLufKUrvS}_7}4Hp<i8h7!qc?vE5bAcgkF!N8k0Lrwwnu)n*=9Y}~QHi|_u>
zk+n_u?v*yph%XoB&2ups_H0A4mW|tJe?4Lb@)X1j<Y|c6M$F4LBx~Mr)U$GsH3+&s
z@~?zhwkOHw`Fy`Yyv69hCCoZLE6lQek1X~*qNmM23e#qv;h&Pl{^y2|80M^xWn=lt
zxh41qaeW4P4}o2ufeoue&Sj^DxIPRek107<#;$5G_d69a1NjcbGs&<o6wZ}#?=I1Y
z5R=u<eCm<61u+A;3vmY-eu{+E&lkmJC*pO&Y}dzye}VWbWaNzs=d$BNIM<;6V~BIf
z7vdj;=ajB7<qVi>D<>o7zNtsj&19*kEA|Pscl{GK+0gNUf!Z%L+$oI6Jv^cfk0Zwx
z?YAhd+b<t9xW0{jasL&f=OJU6SO)sLQJ7_M=L_`QzdJ|3tzZVV=ef%LvJa58P3{*x
z_fOWojb`%Y55qr59s-$lbY(l=8~=FuR6V-|8M}7tL&&UST=a;N>uy<w3lOyKOmhuu
zC1Um)GV6XR8GcwcvX*%i^|0Y_yN(PS_D`~wpZm^dVIeq;9kcx8+%o)w@Ulc3mYJM8
z9{(U{Cby23{s)lh9OC*3n0{P85q%Wtd~_&wbypYY>65H=q$zDm5J$*Ru#99aGpgjv
zzZm}@sFGvuYXlj_9Jj_8J*z=`?rVZDBCpTDo_&P-pbcXNEf3q2KC2Ojgjo+)HrTW5
zu56_M2=`5U9*1kmu%QpKmLHg02h1|*I$-+xudXeQGcOwtQi0&depUWIS#vD=nv0$2
zzFNtCZ?9d3R~cSQ4tO@}4R0~LgPi5r^cdb}_z;-~9dZmo`J~}9hWn#jYLidyhmDYs
z;S$4c&9T_HHOInSv!Hq1nq$$o7=5SV6^6SFyEVs>*R44g=DH{K|37}sF$X`0TXQVj
zj$`W=c59A>*BHH9b1eD|M(@@fi{7m{7Itfnh4&kKx8_*%$Bo{tITk%07Wj1SvRiY^
z6At3m91FWO$HH#Sv9McnEbP`C3%fPP!gGy(x8_*%Zp|?VDu`QiEbP`C3%fPP!fws6
zuv>F1+(ZAo2teGLV_~=ESlF#O7ItfndC`WrHOInk&9Sgsb1WRfIpi01YmPB?QQVqi
zVXjB=3r{yZ+i;8FPQxq6yf{F*$-J0Do*?sL0@+OF;P+=p2(~y?+;xiCcuC?os{)r!
zcugQzxD>9NxJZ|SuR&mbZe!IZNt)L^N-YAfu`22>4u$pC2!9RG(I1B_^*0-A%h!Z-
zrt;k`c`6W7_<QGCJ`M@$?~`EbkK=0zf(q>@_aTrg5GcptZxv#ekEewC`)jcEw;AaI
z1Qps*)*+B95Gbvf-?MG#k6l##eIIQ7?L<0L`+Z09R3N78fIn?Nc0={|bFlTt@m{(h
z$g^Yoif{!Jkp5`oBE&2oyPf*`1K9dIhP3T+w4?kd0=WW#QUZUai0O~rRsHdKnf3P$
zwq<I+VKB1(X2YMhA8w<Q{@nEjY3+YpNnu5k*8|AxYm{@@@tVb<=)>%$ia)zwxfD77
z+Ad9LcD#mWvinS$T_Mr|=gIr0{x+o9g^=dlSVir=0=;d&&1k>5Fyisx6o=c`FTS7V
zkJstHfnG)ZeJ9OdHYTxbd-~I{g8um12KY-Jj}u5NQ)h_P-vQ`t`O1fR_lfj(iP+KK
zsWgAQX8s5CD(dg8G=H3Ta~?o{x_*=X1|UDw$@0y{fnKf75Uaobu(Rdck50<AroXV*
z(ccwm{&-Ef33?UvH!95^e~+LCM)Wrlfp+vaHO*fsHgJC`>aRM@-?rhY^W$<DtG@+l
z{u;1><D`oEOQiWb4S%gLV);fRsK1qI{?=kcgE|vCCO@6#uL+%`2YUL8A*ermJ$9e-
z?HD$2n~L%?AJL9;9((?t%iqsFqMe%`p)efFDD-!ohweZ762sf@r&A|xxC|$GoFGCQ
zN*4NuGSj!ij^mn&Zu=wrvF;VJp$HcRJsx~6#BJ;^gVX%|E&OfMM#FaXmkT@VZ!P@M
zj>qFF1og+U6{bnK74su}6<t!)A7d0TDJ{5Yw8M_~iD3l#<8^}9I+NXZ2+B%zf^CX?
z`O$nI-hImI(GOcY`j_?6XuLEz`~9UoLOc%kNHEQ#l#=xKo2f0CiQ_(xpI!sUr<v)o
z4U3)b{akh&XY9FqF1r%(r{^T?GM$rGLvPQ?B}ivFC)4}<*I`$MprZ9)Y+LjM(sL15
zX12k(`g|QSst=eYdBLLgrOCz8A$)V*hkTdb)upAdqI~#z>BHO+8r*BcDB1xf{BQY;
zK=SK}xE`X<(vpm87g+9(D4h4QT|cb<@%Ym2!}=el3?HfgVd!-JKCJ)oI{Z=kpDi1*
z_}Kr-2qM~dmbN6W9#@v?F(1}n{xU{t3#Q_~jFDbjuun1kPah-O@14K&&*}5yubNO6
z|A=Gc+^?bm%osVV&o6;`?ev%be`$gLQ7yp9#$V+B+7?KD?&P(=)`NS?@cEwTfOy`-
z0s8rv+<m_(JQ2O5yJJ{A$L}6I9bT*-Ke8V+$?M$~NDSST$UB%Aax^jc-M3?pyp=We
z!T0+`vtvVofmpauKB$AwJRQ8Ouv$Ozw0KbA<<tB(k4t{!>6JWx^pSW#KcW<QrZcD0
z7xl+VqC-ZMO&n4@wk+U_Y}hb*XkP6j@$8<GkXI_&eav_Fpf6P3JZ=mZ&7q{P1%8v4
zXPu21kdwfXjBNTs+&}uUDe5s2@Qtb(TKh;@k*|-xSsDBdPV+a-7Y)Za;l}=Ag@*$y
zRI2PNbEf!e!|@^4@^K(6qC?^j#<I{HLrxbq)>ZWmMqvkOVP7fppIwHlnWwUNWUO*e
zG48+vv2l%cKV}_M*#dnU40Vk9;+4^Hqn~swlqyW;o-m#>4{53MTHJVuI1kCXj~P&d
zsi_{Yv+Fb%PvRz4H4d46OHX{<wa4BlyYq&Lfj58s#*lb$VqPp5Egunym9y9rHU(B6
z{8Rjq7lzh87|%u}vd0WqjrM<LWgt9sS2*urc*xQ4;L~sC^-lLbr`L1-+b_KS>VY?U
z-`yUY@mAJL*{=Wi*<fF&oaEO7`<uK#P78WLfi~T+qr(bUm2Hq7%06|oF^^Tga>_UC
zk_)xpMk`l0qFG~OqJDHKe`xFq*8_$On>KX+m{fnNxz!#2)NW&y_-5{5cMmasYH&=$
zvC7yauOzVn!*-n?_cvBvJLSe7269IEruEZ9AD<NU7mwuripRR$1!_VW{8Q^ZP7{xp
z42$H5#~bDuchl%D<_`{?c=zw0EnvsEd(e+fr5`WzMaRYN#+eh0&UiHv>~}}yYCIf4
z+s7(v&hynjv+|D0ntn)kBAq2^?9&-ER_>g#^Hb3Q-Sc!D*!otg);XRZc!^f#<S<KT
zO*R>G8?>z-|JW{-{omgE`k@2IdrxoA>#e{6est4@wL^LWiLdWUJbf_n)X~J|Q;8>E
z!{;K`S0(<oBk|Q?Re5_O!<Od-^McuvvOB`-+sjs#mUccA{_2XN$3mgb8;1sJs(m-+
z1@=_=MvOWc8B(^<H~Q}aHI=?kW#^pd8&UL7@8GgS{+m_?&wsSG;1dr&)ZbS;@`~z*
zstQKjzi`4YM~tuU9US>*|4s9P{pxE9uBfg`e62LHqQ0siQWEf5`>nvR0H4(3RDC}X
zx}je%uPVId_v6t4vHQ@-(5y`tG#0khb<K_rh>Z)D#lmk4dDmYR{#x0_0_^+Rcw|#S
zan#HIct`)`$KnGby@S2<td8^U9#pld0E(NcCdml(Qeaj9`Tw>oygq68QefY{vhY_;
zI*B_A#{~D}qP=J06Pj%InKisTGsa;+JOjtUOY^w_^;lssC=mYouJF?b!%rOzZ$1@%
z5{Kb$hM4nh>!W)kTMzFX+ErfC|NeN{=lmU7=Epk%wdL_(a{qhSUuK$pAhpNa5s$TZ
zl(D|1_sIDle<AVej5jLZ9rx%{6*%Y*JvDy#nppq$vm#HG4v$O?lsy$6e$^dW4?R^r
ze9fZ%ubmgc_DD2<j{y(lD0TOM+QPCD-{7#Ejlq7?`c3LL#xG6zXuoOxhu~<<n*L=`
zU*t+T?-%4%MuX0CJS&zJEp*=3^pEx5_lsyr8TN1$^*L}7Es2d)Z|k?}5ShcqQ}tWH
zy(P0|{~pEvn<4!_zBh4b#_`J2_-g;qfRlYc>zwsgzxQ+YJ$7nO*}K`1XRg`PfOoQy
zJ!R~eGkn2$k!k(zofLf5EBU><M&Ogwd$6Au@2<pRlj^E$U)2=fh{%YmM(hi2p0MM$
zFHWj@W<%9vsAA!7mi%B}@tENJvMS$;lY*N(7sdPNVs&;#59|7R7;;z1z4R~{9(pFN
z&=H?5V*Y7^CJlU%%g1|Ant#G*@~4ygdS3AF+IQx~Nox64ptxk(pho|llZwUi&3}8d
zBtGQLUme-iQ?>68Q~fu+KWUH-%dsJi{^HB04SX?a9UW5qyIuQ!&wWdekNM$o;G{w7
zFYdqgceUX+k4+k&7B2;+4ZJJq;l;75*^!s0f6Ca+Tksj<LOF9^3UnVW%+^_j`$RTB
zo1FY*1DWS=_K_VAM3bNYjh5_0zw6$m<6N{Pm^CpFErCT}U0$?AZ7|rDbhm1+vHM8&
zd;Z?TTiG!5$A-kh!J*RvJ(E`+8M(3|5}I}Nyt@bR@|3*ZKAqQf_W*Z&ld<RVj+|(C
zLD`%%yT=3lqW;Dq#kWoKPYP;tJ^pM~-2bz`yC&VXDscAzYlqnd$7w#3;yH}tPFSj4
z+jVTHlJh})Z2917K217Q5)G!V1F3qyG+<WAAMF$ndDjLKBX%W*A52_)G*NIWaZ&8S
ziI2RWU7r}d==F}okYM&ye=u)ScH@K7%T_i%GQH@r(ntuydCupYdafJo+jXd4{ji_g
zR=I5_-M0GhU}W;H1baTi%{8CK)Wz$=vA2U+wXaXio;avJTsYxE|HOWnbQG<h9M4}I
zXndr0a(rkc%+*CbKHscoXE#0=y>QsB*~js{1F`L~-q?Y6H@-hGr;JmLMEussrnRGo
z2686&4h;(C#S&!$yeVg3b+NDUhN|BDvfcu{9KIBIeABc{%DToIeq7ntaM#WCS7x1+
z{n?vZZYaFGsy7?P$@$0Q4`p+jI%M=?wb2{)CVC=0u^Cd&-krN@XS^sgj>fk!<D3!g
z^|qlfks4OvP;XA5@ASr9&vfo7@_TVa;*g71?zz;TUb)|8s2rwRHU0e21ST$t;xRID
z`AyO=Szhe9>;^W&;J#HZyFQxm=C3&~Ay;~fY%0g*ahS-AV;kI@)?RtnMTeAaT0h~@
zK+R>ovQ1wlGyuLb0j1jD(^BajL7?Vq$%3U04{PvqUwmUU>%_sRv|;VWSoW~0%WG%E
z6Qz?@cy0HE%J_`NjnRHysw_Mhmk?}6*%CDmXV}+gGwkc}O{KaEOeM-f+`+YSq`r{w
zj+LIcF9lu+;7|;^{z}#4U~xut#^|jzI<!O*d50q~xur09d$jABl{MRZ(}G8?4@JUx
zURj4->Q8Pz8qV|1ZNLjNYBxr+_icJ3J30fWPOM)Iej~6=_okK0x#jH2<;==dxyZ;2
z{X7y$9y!|?^1_i#PqO>YJnJa!smS0QM`?9evLIeRTOIc$&ll_a)ChE%8O0;x<9LxB
zhjUZLO^oiRa`~+nzDS)vQU}P2)MZEN`bFw;B6a6Q>iS3O&X3ex5UI=6!xRf1&O-~A
zoUd(;2F_{p_30VW8L`5+zk7cCzzZXBHS)dS_qxRk2cqNRiP2BajwSY7=$&mfQ(e5W
z=0-_Rk@RHb<FTt0{S6XNlK47_C%SlL4c}|h9`}Eh+(#g%^iQ?D-MhOtkID9qI%f2}
zr!R|c$F+PrZrj~SzB(rHXkYxn=+J0c?e@_-0y!`K@$|;%p!Jcita;%fjjvaQ2jikG
zlPL_A-4Ej~p<ghVgLm-J2XS?jO~K%5R;wl-|8lVY=k&(aLzo`SG#1$)J%H&T(|9?8
z^!ZHpXBw9dr28?Q%``4NNc)*44QuTe9W?A&pSh+EiuZP}?4Ca+%c~!68MP#1f;pJ*
z^19V`zN>T5E6}sO?U=v?1K|<7!ov@SFFqPBI2FDqueTk)?Nc=oL;Zl0@WH9C55M(;
zl=u5SdA%C~iHmk6h8;{?cr=lJDlznZ+<Ly%@3ou<4g`mC?s;VL%Fxx1Ra_OieQ02H
zr4QHhekUidtf=Umd-Y?uL%BUakaN9{+sg3+aTnkISfHj{=A_;G;seW`|HH%wgAG%A
z_uvk`|L1zk!UeDVGz;^L?GrbCDlo6NsJ=H^)msujpo7-qWx?pin7?a#%Oi~krVS|T
z4Xx?@e2LdAuLbttl{R)$FluDK;LttL24@C0S0xH!iFap2!XsjpxB!fcg&ztRd~V1@
ze@A%uyzs^Ky`gAtab0Q`uLUqy9sSi{^ufC#v4Nbo;s8H>N%pYW+40_^&;Q}gx=90q
zGPjC7SbR_MThj*IReq-wV$48(i3^WMj<kE~z5@>+P$q5+gfH3^9(FK%;n8sZsqoOe
z-npDRpY@z*;>P#0U+cGM`&;J)gD+G@!WYKIMZy=w!jbT>*pNs#Kjz1MTTdOvyYsy!
zDBJMjwPnHl(%p~Y7HvW>kW=Z~_seKyWY>kU0jNn0*9aotE0HWrzi;h#?+s@9eGp$;
zgSqpq<FEw$s<JF!S+#G(YnXrU3qCpe?|zG$t3NkOw9+e7?7?C6=VdDVrv|ocM+MNG
zH|kX7tpFZKL?0ZsNlxW41948pDyIeF55CARp6uaysAopBviPmk9NW!~ZzvY47suwH
z<3}(~px+P7^ibvOzU@6$S#;pF^Q7RfW42QkF2saqPrGkccXr{a*r3|irzYOOMPtMr
z(worVCJw>FhE#u=7Pw2UY-P_}gA4NNHNN<u=!3Xk4#Gjmc^GvV6#Uibs{%D$DB%VS
z%E9b!mh0#hd;6PJQ+r>1u<`Xfup`rLGwo>70I#U8JmiyoE%w!7UyZ%RSC>6Mc*2fA
zO+wDM_XEQs1<}`Ia9S1~F;Pli6)u=M1T#5P`azQhL=SjwU*nZ{*bNuzT@M~o-G--m
zaDQj{4<epTZEx}T#<z?AdBm@-Ek_r@4ccpOmIoj8HWvS`_%+wB-mFXSSHBCcM8B$i
zaMGYR<=p9BqWeK(A>;nv^+bO1hgfg%860J)XzW0|w|L~V0dJNUORm}jH@$ZBC%=EQ
zJZaKfJa*au+(?N53j5lKF*T#v_cwh(j%UcXult*?y~+c!CxpZE%`u~|dO!|F6|Rf-
zCf(h8YQ)iL1L6nX6L;^u|K@A^Z|#}ddusQY_mWn)AG~tf0Je+n_D$^68=IHQ*t}fE
zgq0Zg@va=>KF0|(6k&O$G2zh--gBYRyAq=gCN4jkC_0rG$?wY={#L(vi4h%%OLv8f
zF{r&>^~@j3!dFImLteAbn)fLWUJL9yn$+U!tNsIO7<wDmS80<Olhr5uk#Nax^7`R;
zl_g3>6<+h3lJiCd^YDZNp9Lx@TTnhIcy)cE0GGApry_{Y_hs;s^K(3ZD@zpMvW8Lk
za@a@0!(-##4VQ&WCJw0&7u<mkH)8R?`rddDv-^;`-~d(?%nDvuarI-NEBlSk8kU^i
z*fKuvkG>w+)i07rJ}o+&u`b{9-xY}@3d_R7Ct~0A;gUNrY!*ZkKJ5HRTL^ov3KwGc
z$(_8C7to?4_c!cJi%x;?HD8<kzS!$M<<ih^1**aW(WOEqE4()Cdi@ihegNaf7h;vH
z>bUyw@H@iqa<6zInN#0eIxWZU&z-d4<nB}Z49+wA{H$MZV<L$Wv+@EN>}St0_Mh};
zE<o4oi-RaaRd|Fg!z)KKI85EmVz3zY{2e;?Kp$%I$9lV$C-2eg!&i*D@V4Jvo-?Z7
z2-n|{j@-7O?9ws}o{2)Qv*f#T4~Js;zoS=ROvh*0!Xvty$H+~^S&feU+~mjkx)ym{
zPjdI?^_$k#Cki7Q0_b@2!qNKhrB%J-@pL=cAg(=&P~_BXDTC|PSK(mQhhxKj%?A;0
zztnFv3e-~A7_90o4`yiw=L^@?5qiDR4auW~3vAdQeLH>tL;C?d6x;fT;|J~<8<WBF
zrND{Ehm|B}h~M|d#=Gk46PIayqGjRBbWg8r3Yh(;j)`tJC0YGP-(5$`!m(K+`|TO#
ziyk<F`{Io)mo*Nm>W!wx##aso*zU`wUoIW^gMGf?EB@W-D=|c!N?dvhzL&grDtsx%
z<VfO@<S7tITv`>r1clatuPl7&wV&?z(H|Z-fEn~1n6{L}#_<fqY2Z$Lo(3gzYeKdU
zy0$L<$aQ_*7v1iiZ*Sqd;Lym!min}ZeqfDqzJueQsZd=9cxsd!xus9BUa8N@Sf<py
zVumA;vmTeo?Wtnu>mu}rXZ!Sr5A?G7^S;<6skecR+v^h-M|(q;uZXnD+$dIfVv{Xh
z^8PhbneN9zy70yNbiJ{#7IW<p(e3c(wPUI*eTo>w`zkH}TY<y%8C=)Q#T&8YTgx|s
z@xthKoDTz|y|L>#4Bhf!`KR0b(O~S-H-gbZ<li2<9%IWZU*=UicFP`=(~Sph*^%%V
zzUPXk-gBX7k+X`ndaSQ-l|J`;V@zb@*J5MK!eb`h6MQIki&yK|rH9MT&KJTZYt^Jc
z^5j~d!S_YJcwuc_2_9p1^p?*H55GG(L&4LFGXGglYjS-tdDR&kn4z#3-lhf1ddt0X
zVeX2t<pRFd9Fr^tCSU!a;p73=AzI+-iZqjf@aSFPQ3u199}O3s3XjCR!M(^RUR}HT
z_XGUF3-E!(6#ETlDWA{Jd58_>zyA#j6mfjHj+)ZwMZOA&LlWzf3w#8?iLN14JuWj&
zbi3-erRhs0jjre92s;;q`xkU&P_8igkYV~)8}3t?<x;jbET8JFy|rOkGug1rs%N>C
zj{uaRPJS61J~rjn$TFsIA7rjGiy+*HK%rhmzsT(#DEQofF@-kdC<61YMxannE<&LG
z8wkut{Z<6Ln0NYD5L2iptNnXaLZ~N)5a?&PRET<Vh3M}zdNS9Y(!LqYO|)MCh>HG8
zR6?jH^Yb>e|2mkPsNVwM=OC!(m0R@(0bE~7{qLxR(4KrfV(R%__7v*L!w^$nW%Nio
z(Y9TT6gM-bFfW;FRGIft1Pb-!kqFd(2SLmBUGTR=KOaifHvyQB_N`Pxm?o>9pY5eE
zO;-JKqbI9=6_}ftei$$cG5vqj=(mD%ME@*}A+#s+zJd0CZ|t8l_WZp83hl{i|Gcr^
zZS*e~d$QX9#OTQZ_~U-}gZa5PGJmsx!hNaeahU@J^Dw5+hI}^y^X^1w73Q1l!NUCP
zm2$1|Pu4cM1x(-c$<KAEewNWU8vQ*+KiBBlx7AOJ(YG0WyV2hVrf|Px=4D;Fz}i>8
zWNfg>iMGjjq?m^>g?`9d{%gTno^qqF0#j&DR{L5ocSrqH1l$6<^3);5(h0|Sz~F>7
zDq5aOD7Zhy>WBV$oFWJtjeZkY&-WjInU6mIHv;<u)B6xOCNu951WKm;hM=cCV+w6T
z2zqW#25Wh$!Bq(Kxf+2&d-A^`Q2%inL#QWnT&8}d(Ie?Z>&|@z5E$#eIF9NVcqN#U
zsr<awFfU_0?)<ExUJK@fDVg#<4L$Q}Oq(qTIS4HCw-K@ssNXJ3{SJfy2;^P_N+$n2
zcj#YZ+OR$F$lc{FK|D~H{f&~z&syl|hp~>^TfwX|%di`P!n|Z2d+OJkHYamC^-mZ*
zS@j!?o~-&UMo(7#Hlrth9KKo3F#kblN8W~*`#k{GW6JLbpwNcA5HVGg(cpATeKmNL
z=s(5-0im88LL5Q(JeZrP|03Wb(Ql>_LOuCH#Pt6?qbKvYQvb1RpD%%!K7S0RFfUo#
z{I_5&+i|d4j{}=i;2>h={Ueydyky4I=WsBGFilqdK%*zCewfjdRevd%<z+eqW?yA`
zl(8qP{aB+XtNt3JC#(K?qbIAr#^}kazXh!2nGV)-XO^)ivkht20oFe7DPu!cpAQ>7
zS@mBudU8~Jeg~}Q(eq$EM!Ug7U=u<3XE24n$V^iIFGf#R{VxIP=ZMk&ng$U1Au~xo
zZyG&W_5TJ?KPQd;KWG4<A2O5l^PbU@RsSb|`e7rhz8@PLLO*2HUtsiP)ei!zpTS0d
zp|K~c{cxivtNt>u`Ux5R<;I?@_Qgg|4xqfOZwXkhQx)LLL_Y_t{^x@6=j;~%n3wf!
zG5R*6Z#Vk;jK0h0KW+3YjD9tkLjPpFrmQ!5XMlft{i3awiQAZF(7N+lL7`4X^U^Kz
zihE~6<}kwc;TS{7l(!Xn=4DKw4Y>w^d7nk#cItV}((~?zU~StTa4iDu`$MUEzINkv
zl==xq9|yC1)bp-i{Z|-$jnUT{J?DxPmWQnEGt=1L2Ide=|BYbn8+Oi*O-{587a+xQ
zXiWbt2$v$z&uRn;^<;jgl=_Vb6za)(J^db)5bDVZ1lp(HyG;~5%a1>2-vG!Fefm8e
z%Sb=7VS_iXj+Zbag!@v_dVLZK=3%V<mxFcQ{wjDb0)0+|f!bUP7%zIxpDFZDUWJ(U
zr@-`0{X1Z-dyq;9_2jz{(|#eCuBdMTYaQFb_;Y%GzmV$hGx{#0=V$iu=j>Mi^jPa>
z{^@^}vH!f-Q2#|^zZR^0V>6gS8x?KCnNV=E#<bx)Jd6-QxDSCsJz1~g4;lUvm_BI3
zIhbB+z6PdHPi9P?Pa{y6ChHiolS&BnWVPQ7R{wjz4G8p;-ru64ui}A#Fh7}fqy3k`
z+(iB3fTf~8pUxrFlS>iPexlKn?-Bj~GI}zv-4TSp1FQcXV4Z9I*y#6xwSE2tj6b(u
z&hbWqnf??0sULO#wI2vpdw%D@O|Xq1+-dauE)Bisy%(&0`29|Cu}`1-RfztWvHvxg
z_i6M$mV+&X?L*daa-z|b)&3!)C!dFW^z%8RCqE+k;T-57^iSqopY{z#Pi_+Zb6~C4
z_rOy`|3@%|e#o~Vrk^^TbZS2he5dHYZuDEgH;DeXMt>YUO7sI!kpP(f2ZObrRIq{&
z>dD&9U0~hs1K^R^&ho4`_T+J*f63^{A<@5O^knT1e=vG7tIzVef@p+7@t%tMJQfhb
zh)jEy=OVC{v%u&tp&^73S?wc6PgebCqbKW_d4thAhxn)C57Qr+Kk5%k@cXf6CKlkQ
z6#D#F!;Q_I)J|T~)`>5<$gpwI!nW!}XCiG2z7c!+&68)2E1NUFqZvQYFlTXM{y9zV
zYwlRI;DNNwEKhaw{K?H7opp<rrtkSI|MOutXI^4qnwOMaTl4+r+~&R;yl=gcv8im4
zRO0N6{5J3pEn0h`V`+MOrV6yQrDMsmraAXEr`J4XB5eng53E{q+x(6P+B@gW&v=m1
z-DUW#40puc&pxE}0;kK^1(I9(9)G7!-=jJBY1{i8dABX|VNc5@?UHuP(~MFFJZ*zH
z+PdYeL#-P!9B17m{o5Yov`zSyc=PimX&ce1=iYc$-$=`xv16p!WbPGdMxG<|?<Gw*
ziO1ePSx?)Uu6H&!-Q4^@Rbt_sTc=iMF#5oaJUz~xRkt=g(B3@m9PX<t8!Ej`8NYGk
zzxZn*oF5kHkm}+rceP5X@Y&T=0))4IY3Y)*^w_jCuW~8D>cCV2l$Cr!?5VTdw;82O
zvif}63+?qup4ykEj6qrM4NFRu<*P^~-1e%pbah&~CM{i?mgX!aC0TvGDUAESIkgd#
z<*Q3e^GcbLv%k-WSHqP2|Nr|We3F-vvwuJ4;?zb^mb=?ass8-mi{T6+C0TBkW7E@8
z2~d`sm8Dc!zFSiXw|$12i>Pui08_A}Fs;uEsAQV=IVwztG=Z3D+vAz$d`pFCu8mb;
z`bJG4W}5d8DoiIdftYE%N1~eP&k;nJ{<0<zGyP;*dV5;>AJWn<rlk+0rC(1=|9e_G
z$8=fle^^>Nl$MUBrN>K}?-}xN{_FkKe3u^Yn<3kKUHTf|oV5J<Y=UQg9>xQG-^gc1
zc^D76)9fEhOK(a`|6N*|?+7XE7kT(*y;mfCflFWSJDz6GrI0FYkMjbW@{UhITDmAL
zeN|ezLeiY)=HcnmjI`}@($XJGOMAcP()R~na7n#&-p88fcTR2cf$N&v7IwDi@4s*s
z)BN#exGFYtV`b~YC7#*LmL(mXQ!%&2wB^=CP1shOSlYrAV<f8=Eo@%eIdjn`-0#Q8
zWq*3r&DAw?@Jm*-!{k<f+J=nlKCX<q<+gTQT3uFdt69{RXw^-eUAXcsZuijv=DYY+
zttMU@ebYI4B-J;!COQ}0=R8bqX`X-Y^o~XM!6SD;2R0LbmnK<j{?3gLnq;+8^D@qj
zQYkkfLek8FQ0-|C%xdmfx@buoE&I%aQaQcJkNnUM3c_iq-YPUKY3N8aE$W1aL@QgW
zk77#Od{Y9QDWyE~Fz}bdpaG(;oPi)Q+1*a?AjH`Kx3!s_&?h`i>1uCXG#@{ThqNsa
zHub4fpBohV<{_wWTPR1BRYr;%>TkIbrD$vJK(klj7l!Wj`o3RYBI35(r_9?nWm@@5
z`QLl?>X$*(*~pZD&xZVRZt=WQ=J@Qt3jZLyCsaM3n<$6KV#67Y>Z4@YFJ~&Mr^-Jb
z{~(O~S37jG4YlFSLiH77DH~@D%C%%EKd<zvpH7zjHW)oH>C?59*tm9(HgWB64K2O#
zMBC7{gS4}22dS@X2hoR+NB8U6LF(w*LF`>S$bK31X@?0=K==$o_v_k0{BxV18zHXz
zd`Js%<(H|MEB|$#elQ|G9Y9?9<znf|f4!%7<>$i_5kDP6oc{`k?w`NXW2dk3*zI?+
z$8NvX9=rWYncaRx&#iu$;y6EicnEQRrg-f92s=N*&X2UGE5GPn`DNM|f(yS)0E)<>
zckM6suKh*t+F$JHTJ3?!<LJsMeZ%RcA3D9%(Uo7=m0#GlgUc)Z+~t+2s>>^SmshSY
zF0bfa-LvSy6YU$e4BX=9Lo<le_w(5Km%iuxi%;iY`kV7Fde^pcPPw*aBSAt4+E<In
zx8fhfwXN;j!px@UuWMWJ&+e<|EW4(T8x>^PS2dZLAhiho=?>j&UhSz;`v$VuH<D*~
z_Or=yEasBMf0NO-kR@-c(YG7!Bul-z$WoW(WNE7v#%7h_HDuXux8b#9Dcd@-l;H`Z
zUr)w7i?RX1Uq`|_e+13D#qd_L*Z_V0nfx#Pp~2(+i2S#C93;>3crf{PkMqfLj!@&L
z0+NlOzZ2s840393{iU2=&X2J3BXuueUa>DEOWi}{@%RTRLQs8_Eazqk*_MY7=OL~<
zQb$)F9(;(a*Bu_a@`(Pd@`(Pd^4Kv%>f*{H<#gqd^0RtcPHxt6#>tYm+~_NezM3pP
zYmL5+EcJDD<clhZt0N5|u8y-kc6F@x*ws;PlMA5oi;b(J=tD;D+MEs`u8v~k>L__#
z9r+L9>L@m@j$%`eZGQ1nK^7ZVN3n5rly-A<ly;s@d#P^&c?kYNczDzgU1(kAlEqIG
zS<2Qzmi@MpWxwslzLPBeyNvyEW50qd{#O}ZW4PP!TC(hS9a;AK1o=GtgRDnTpBu<x
zznLudTgYO+l`Li0X6$zu`{&3~_npSRhb;bglg0mDviRRe7XSMVzf6|AhscumFj?{*
zAxqw4hL4ja?+LQxJxRV1{~+%m=&?RcmSb^-EI#=VK{=Z&KHWQf@foCE>OR=m=Nm3C
zc?-#sm-o!N-y&nrduQEmiQ!VRl!5ot>WAwE)V`c7<*6|GYQwc;@l!{Z@=Pa>Ljyn>
z$l`}<1k^v@t1HhXi=QU4_-P@J_x!XPZYN9Ib{g&?%f5JDuRd3h#pf!rlx>Z%?>6>p
zjr}@f|Aet$Z|pZ1`_0CFi?QEo?6(>F9b_&NfIMexb{d-=a<*r)+t}<iHv7m@_x;A^
zWn*)QEbV#N=m)`dKGG4ye4k1#M_eErLOh&I1%#}>kH<W;&qF*~m{W+D;Sw_PvI=C)
zOFP{cZ&7H|A2C^Nc&W(89P&zpm4?4=_@{<{Z}=jVOY`1tc%JYO`22#=^Vq5VPYnO7
z;TZC$%}DM`9$}JmrTwpvGH@-vt0Qb!cXF=uy~(tJp7kZ`Z^ZF5pntyKuP4JMD4dIO
zP}&h_vl{Uy$gmkKtTtZ~eLiAxuFUryryhB?BK})4^762fHSc!nVe=m19}2&Mn9u%b
zUns2hzYu*0F<JNZ8|uZ+zmbu*2r*gn{!#Q%#AIzlJ||>euB#YGMqc(EvgQqmp3P3y
z-_yHJ^z7>7T$$farXD`I*5?+niNl7hK08Fu{!iAtpP(Ljzl3<D*i^uVta%?58=m+4
zy%m<Z8a8CL*&+H`=*fEAdA`&CLBxB+rVch_&HJ+Gr$bNHw)z+9k@t6qkBUtLY{;7T
zLTsna2n0S;Brm}BkHIcK%lmx7Um1SZ@Lc+Y&F2v>GR!sOs(--ngNE4_>i-$Tt{r5*
zKQQ_p!>%2~=Ep`ql4au{1R?7&a$^qcuY`_$MfdB@LD(nHL3S9(wFtD~*jz=14bMli
zo~P~{ggyuzIhTVI<W2<UU5uE+H~CrknMZ~_&quP3W1kY6M-i_O=6KI@nD#tR$!h;M
zqUX6u)^lnT_1M>U5kDo&&#Qcc3_m<K$?9jP=tGFf+GloC4?j)F`;sun(fz`$(Ep4K
zpGAntdVZY{n^TD0c@00Euz!zw*z;T_YncPs#(nii+)tQ&X&@Q)JXT~a8{Y}gemUaH
zgdavciVS-mKC+f4E;bE_ZxkDz`{djS0LV0B(=E(vDbHu_i=W|f=P!6Yc%A6UT%X1L
za;zY0+j1N8{si#`vEjHuR-4&K=cD5-M?8f#;4Z{B8|Ios)!$`!zTtZfFEtzz|FzIv
zE<7DvAzXuavT!5xOmkm#h~2dYOg+a7>hDB+yD-mtmYe!Hh}V-x;2(sX%LajLMxad#
z?A>)4Hb^?ook$CO?h1i6I}z^^ZioGE$*|{nN6x(#{~&K6(4KAedopZz4w7@P!#~LT
z2x=3A9c_5tk#oyw0Uh=56Ga>n8=h<A+)2*FZKF*bx>B*>c}LE@-m|$*^o2;0b8qnU
zmDD5eeTaE!=kHXrZ6_F}sp@$Pt$dy^`>LCFAuo%~cSp3TLOfKM#|qW+<+A_~axV5u
z2_vXaH}`-IH<5EI@DIXj@b{%(K>Rh~rx8CVybm$Uoqq}bLCCq44!yAsdirGl$YsGG
za}ntCe<SW7!-mI^oXbuJ=|WJOM}#*a-a>|bP&l_50Qoio?OC2@$*|!uCF?om<|NSb
zIFdCl>&Cn+9yYt*Ugo$|A$&XH8uF$12U&^0-)H`7#B0dVvyN@ZLp}4l_6LWcznnH;
zwrf<F*FYXW=4IX8vE)I9+<`!QR_%T=Y*=4%uGoBqdf2Q+{CzTPSYNW*uq~)(eaSlR
z9TPqKDp~FSQ}paA<Xl!7lE-?%Pe?fTMrtv>i@r!$?XM9%>q=JtHKH$po~-s9N9dp9
zGg<vF5Ix(5to9+K`Fqi$5MMyP4F4cxy%ywwX~VLyp0vpp)@$_n)Z-ufCfkloTbDNk
zfRJ@AG#pHu>4;HW$72zPgjwGR84B);tbMPHdgNsvbH^RbbC%Nr+M}p_?q8~@hfN(~
z*Y{u(6jq-s2W?pX26D)&2U%^Nq#g~k1MxQvv+bzgg4mTU3=r0NQ5<Q_%hNI+Hmnyp
z_h$TqOhr(eTZDNZz%tRE^&+d!xztN}mXKk?dXaMj_y<{rpf;Z{yqXMq9xJl?>^3(4
zOKkEHllgmPl&>PFPd85Hdh<O*$=|ykCLBWS`V2Obha=?kU_!{+wjnToE4vtR5g9gY
zAF|q%P!AjSqh2y9%g;4^(eJSzb^fw2KPU55!%rFhmf=g0hkp2(t5=2j`Lqhum3sPF
zX!x_jYY}f0{x;(83N!Cs1kKCerX#<J_z%L|R~CZW<Qg7oc!c4RhOaPumEr3QPd0qB
z;hBa%A<Q;>$ml<BxX188!#^{8*zi%qzcqZq@F~N;H+;r$0PU{rbDrU#;XK0^87?#&
zF+AGvY~eMC=NrD)@KVE{G`!OA)zS~IL+s9R9P7E*ezWLjAa>_6^!)r4)2!F+h}}3N
z`j3ge9r0pi*fUN0`w%ZR`Y!TF{DY8lxf9425NN*^@jBtHh@T|G9$nBe`yA!}L7+W9
z>$OdI1^6Z5<oyV2w&A?_rRaZ+_^9w&=-oXC{Bw*V>wU-X#pa)}zigg&uz@SbI_9`}
zBb5IFn*y;J3>&iEJA|l*%@Np)6&sFAWcA~&m9XLG40%oDzBu-f^&Y>Dde}UHxIuUW
z;<;ql^LkCzYai#+wBLf*%}HPrf(=>c0K7+H-XiG9xwir!tEfj_e!g+1@GitZ6y|3*
z_mPn|3VX7)+sk6Z=L$a)=I0@QE&Q*Dj|)Ex{eP0-rv!e;>gSJQ!_Q3enn0UU*pRi|
zhRV429&C!mW;|@jYJ=|&c6H(6yIQefe<y3(P8XYguxS*&2k~9P{7g$in4gbo66WWM
zxdw`D#m_`77Uo#W&p%Pm&p16O%+CpbiHy4Nx=+^nJ}x%v5&yL?KhL>An4hWU=bxCj
z0(r@LtiMe?_LYNncus7pVMEqqjc?m=d2693=S~Me-lQIRPa=Lxn4eF6kBoiQ!G^5m
z44}@m=VwaKBg2NS$XcF3VlxbW_#5xE;g~_z@<c`72t7HM0}P~;dibwKe6=vIW!I8N
z;xl!yA?vl3U#doXUe|6WkHmQZ8?u(CfqK~R^W=@fA(ZVN@<{LVIArzNA^H~hA#0ht
zsD~eZ{`}Ko(+V51=6zgjHX~-BJ+HI;ZF%mi9rk3k{}J`Dc?t20!lO{OpOHu6J_7b+
zZU0}24L`ekLTosWlC{sjBR2dTZx;F-{VazKS^GTi|G3`}Y=#Q+v++g3#fV1>^Yi56
z$?&rRe#ly$a<QpGe1kAQ4?InHCgSPB*TBylGW@K9AF}#cC^r1eaEEXg;$_18jQS_Z
z$h!u4$$ETOiVZ)n{%x`8h7DP5zAH9AM*MwYevbWzWcXYQd$JyvgQ8ytJz4v}FQ`Ym
z@p}ROQ<(FjI}xa#i}-HgFwUEK!u&jZli?OJ_WK0<lXbse7MrgienNORZ1`Ke^#2{i
z&ybOKJ@n*Uv>An;C!-BN5C5XrY=EAeTSp6TUPv2$=6M_fxdQQc;c~>+kl}wb?8#cT
zDzUi*akb%EGVHg&o~-r_qTdQVS<8T=FCP=|{sc(=KyPjIBJv>b9C=2V_n<q4e}uRn
zuM4o@J>q!7?iq{d-LraO_pD5Ky0O1Pe2zmrRydCBmBPHetro6;o@wrP8seLbo?{>N
zvk=b|u7y3*`9=5#A?I=<gyR?OTM@f?5qJmK&3|B@Eu6~%6Y>ax*7xgV*s$HmxwqjT
z<nIw^(}VbTWZ2-aI?m<JA@3s4hM)IlAm4)6&0)Z|frnF%yn|s&&gEneQX=|%VZ8^R
zk90naXJh+H;pFp>%b|dL4S_ZX5Pw&AAL1X7VZ-{mcWvUw9V21)-c9&=v1i@MxhOM*
zmks()&Pz3~=vxrqE4&f${bcNy?L*e*67E?F@~(#N8)Ac`_dI+G0P+(A?(2JqIlrVI
zwh39snV(Y+8_v=GBsK+z$y#Q7Ii0g%8@u+0{hi=J)Wc^XY{_~aMMNKho~&b0G4;q>
zhS(h=<i+80ta-1Myiw@M`do#5l=~`yo~*}|*OL4p7!NUaxp}Fudxi|=`<Zs;9R)+k
zzmdg;pE*``b0p1c^h*tY((nqypEb<3;J(;T$a)^}ew+I$MLb6M9h8M>>X#$Fhm5@J
zGvwSx{DUk+pv_{$?*2u}xkB{p1Fk<q&(FX=N<I9r&yaKZa1Qb#1nO}J9IOAAs7Kyc
z5xagO{EFz=w#S6uMEqM}&LNqmPxdRa_N!B3(*>JLrTy8j$hzNAax8e9W5R4#-fPe&
z+mEb$qe}E4=*ikQ__+t#voDeL9C7b1Q5W7rbc+r96<PbFdk+Ge_0T;oHtb_$-S0Nh
z^H`B}zq>>~9(uC&$)Aco4n0}R^DEJpLr+%w_ozo1e5m{T!kmXQO+CNwV6ZU1Yal{K
zeJfx>R{!qa0s3m_$y!Hu9|3(W^zJ@l3IKAa_^A`t@=QlM9}j<G=!kC27iJ&LAB}$y
zH~vHaG}w(r;2(pZL||Sr#~t<4YxHjX6rVS+zQXQU2<NbD!q*sHXLy@1?|1eJ7iMAp
zY50sV>%!-1^hulBg{f~5=DgQEYm)uGZfvf=37ssD@Rt#P#^_fI{}tkk`lak=82*mo
zKNy~xld|7z_?Y3`^E{hjh$jj2^XJP9|Fz*44Zmslv~V`+{=P8VVGx4Wk<X!(ha0}k
zaFO9M9^cX4xJS;t3;!TI2k3{Nd%unh8=&LdS^#7+0&O@wpo%seyU4k-@ejhGka~_?
z<lK7vgSashdG7<yL!b@EB62Pt^g`VA6#4>T_4xqO-0wq(8OS>kKP<c!@fzW;A!eF3
zdk{Y+{50Y%WcV)>*8Of5eF!mG_xrD+FG5VtWu+)`E(}MULx#^N)MWMPuDQ^2jB?jp
zX`hJLmqJh0aoAmRQRXV>+_;Lo9IxECD(y2t^72@bwVdu63j1>C$y!dg76LvwM&2iR
zD_}#`a(+hi)zFjG=fl(^FTd}A@5NciTG)_vy#0#kIWCcPyxl7L>ClsPy!yH58=xoW
zax8@$qaOR>b^cAUVc#KZIsaYsY(}z{^IhtZm*2nOp6#HVb74c)a=Pa{&^JNvp7XHr
zAzW|5y!`Hx;bhpfKu^~Fjud?>^km(yTXTiH5$t!Y*tEljto!BX+UT<rda~BHnR?{q
zcca`ZHeIkG>wY^$zZ`n9?)MYaBQLKz?pYB0uYe6%_v_|4u;F)1bkiO-t6)P`8}}>-
zHk+aQn%Jy?4OwlzPCaaV7+=33yaVyKg!du-dtrXx%J+pi&i_*Q4aC19qYT|}MOOd+
zD*Cn1leO;eh<+XPWUc!Z*a!VQ0X>=HEM+|PC?~($#XZjfSA(yo9`@^DL)QJeXFJeu
zfS#=Ty;bZtLr>QI&Y>PYw<Eq^Y_`CLtYugsHhea-TKG$d*O0NVt*|F+8Ted@`fbpY
zwG4kP`W?`dwG6!Gu?+m4n!gvD=U_wDG31A0^J~Prg@1y0FB$vV345}ZVZZ2mpeJh?
zUKRar=*e1!_e8%Jda~A?lW3NW-+hxKJP>hzGWNR<_GH~Jx6!@;ah}-hhYeY6hKv4X
z=*e2Pk)l5YJz2|k74`7R@6EYcY!1VQtmT{`HV+}bU3ebi*<_US2<*vP25xh0j(CCC
z9D@y6ZQ4YC9D1^r^M28vfS#=7<eY;(`F%iN6PuH;A?x`0jOgEio~+~NuS9<uda{lu
zC#Z+d;h3kK5`GWyJ7m=B4D88TW^SW>HthNAm^Qqok=2IJe5vO<3bNK~km&nEPu6-B
ziarQES^H!W_1ISf;+XJw#C-Ng|AS#q*8OrD?fG0TE;jkFA*)S===nZ`tYw=j`a<Z*
zTDDJ!J_J2k+ieB)*cZPeX|?c|5U(MlY(=mq>wdY7_I!T!sMthdLslDZqs=D7>&2!7
zHe|KgEc#OD$y)wziJs4&$Xfm%P!FH~i1>$M!)Hol_4y;wmqSn1_Wvj9k(b~1^s?|T
z5Fa9=j(i41RzKWE`{Rh+yGz(q!-lLje1F5dyuT-F`Tt$?b<mTw{Mnov!+tvSWL+cS
z-cdr&XBuQJGrt>>W#D&F6$$fM{U|c*`HYUN<>5Bk^O<6)*znmAS#9E?p9?)%%Umh?
zCg{mp=6cb$Ku^|tv?kHFLQhux$EZgcIuY}`Bw5aO*pRgh_lwPgh~4{B*mS~%tTvye
z4fI{mleJC$ihB6pg7`79Sq>Yr)`i~}z`QG<Cu?1{ihdRJWNrT+iGB_AWZl<4QICBc
zNBmQ<>4pti_jOqGYoRCWzD|gK9rR?~SJru+Pkt}h#ln{%E)?d?Mua>X=NIylwLHaQ
z!|x6oOCF8-!G^5mnIQTN(37=1)uP`FJz2|hr|7ppPu6|SqaJnV_mM3So2{@R>%NwV
zejD^;-Pa1y?|`11dpE{a$ZG20liy|bd9is8He~hrnCN#xPgbAb7JU!&<Xnu=l<!gx
zpZp%QABfFv*pSudZqe_Bo~%CqN%Z@mCu`k*Mm>D;JJfzIHv3^iR-ea2|1$Js^?6G4
zhoC3xd2t?&E05P<=*eo&I`|9t-@DKBU+nQ<M1C%WfpD{bghOA5T<CF>%*Aw&QUw2{
z4&6PhA8WBF6$t(i{y}OH{9%XgouWVDaU=C3J)TQ0^0<Y3xyS9~Q66`ZQ5O|0e~@}9
zzbmtppYF8$uAEZ-a_Xi0u542N2I{5!bIBq6gR~-O`CS>L{Hv&!@~<UJ`PY-B{9DLU
ze$FYi{5@nG6AI^N%7+XeGkntU88YVOl>YFcoNqW}xWsVWaJAv-hG!dYG2Cf*g<+0O
zS_Y0C$~@<ld9Et+98>1Gq0Bz5e8lhx!>0{rqYc!a&;67O4Mz=+H(X)3&M?;r_%XMp
zG#TbIT-7f(yvFc4!y625HOzPS>Swp%{f2q}rZ&e7^IlB#yeCu+8s@ur)fX8qHC%4E
z)-d0vYu>qrdC#MIzAIN=WtjI+s$Xw-i{TxHdkpV0e8})I!zanv-f=l&nD;fR&o>-0
zTw*wGxY{t^Wvd_FgDAHc?lio@aJS(n3~x5P&G1gcdkw#A_=sWNUubzw8|M9kAAvI1
zFz5fOj~eFOUiF-}E7uurG~8sk-SBe5oS&<ob!5yrC>soKHT<06-G=uYK5UrtVD<Tq
zVITIR`XCwCJW7FK&Rtc{xu|lvVZPT^J>O+3&o$g?nCsHiW|iT!<o;e6IQLWLd{KFa
z;U2^L$me@`4;emY_@v=8hWn%5{tLXkTr;j5GF)OfZn)a;bi=a^w~%u^|DA?8zfyg-
z;U^4lHoT3@3pHe?;k|}mHhjeJ3B!CQuYUMkUU{(LLc>wR;|*6Bt~1<dxXEz4;pK+c
z7+z<1gW;`)pEJDM@P5OG4IelBj$!^Njn+MAxWI6c;ZnophHDKs7@ljm)o_>LRfg9Z
zUT=7d;T?v14DU01$nY`4Ck>x5+#h{k+ktDql|zP0495*u8=h`>w&51TorYH!?l$~{
z;mwA(8Qy7lui=*sA2EEw@M*)@I4`xngAErNjv5|sxWaIq;YPzvhT9D<H@wF1I>Q?b
zZ#Dd!;oXM!8$N9KxZ!sU^Tn6eJ!rVVaFO9s!{vr+4L2B`Yq-^Lm*G{0*BV}Lc#Gj3
zhI<U}GknPKF~cVfpE2BjK&l<M_Db6%WVpm|+;Fww>0|`TY{M;vI}NWe+)c(>FUk{!
zHyhq&c&FjLWLfj`vf(3!PZ&OJI2-%ayn_uF8jczsZ@9v6o#95qO@`YIFE_l#@H)dA
z3~x33oZ;Pu_mc;EZFt!5al`Kz_My$xK4`eWaFO9s!{vr+4L2B`Yq-^Lm*G{0*BV}L
zcnewHGwv|lV|bt8LxztTK56)j;r?hd_0Kg^$|1ughU12-4No^b+i;8FPQxn<cN>1f
z@Mgo?4DU3&*YL}Rj~G5d#&aRcX~WrQSJe+TTxd9Ic)Z~X!*zxm4L2EXH@w{N8pG=h
zZ!o;o@N<TD8{TjDu;Jr|-!aS&U1{Beh6@ZA87?(kZn)NPgW<V`TMc&^US)W#;q`{M
z7~WyH$M8PGhYTMxeA4h4!~KV*+9BU?$Z(0_xZ!HU(+$ry++w)X@Cw7-hMzFJ+3+^Q
zI}PtO{IcOAhEEtiZ8$qWRrkS$3k^pNk2hRlxXy5+;U>fFhL;;&V|bn64TiTGe$Mc2
z!}|>%HhkRhJBEE1rs^IvTwu7!aH-*P!?lJR49_*(N=Ca=y2vO8Wfd8LvX(r|<Mrf=
zJpQQvLomdnJ>J$k8IS*%<|GA=J)H1yG`Yg1@c!;bpRWkqfWZ9R#(Wbbt^O*IZbVQ~
ze`Qcue|zDN&s6CTkC~GG)W7<B0^2GORMg+CP*{KaYkj^R=$IdmFOvS+z_z}8?i)f-
zQGbh|u>RIg_4(#PM}N2#PWpQUZ2g@^8n=r{QGeagSbrzsuK+sw!);a4-!`!I#{}(E
z)ZaIuu>Shr<UQ}FKTOw?{(b_s{tA$YL#LwtUVy^-n+|_lprb!b{gVFv6KwtQ`E{oH
zzAbqw5K~UWpVk-Ch@?M$4&M4}L?Yki@cwD}20(AiH~406-51M;%Tv<dm1+K3k<Qe9
z#cBTP;16BK)t9Fn_r?Cq&pY5Rd48-yB2#_&*+N^sb?~S4<*BOv7Nz;)GkhL%71~jn
z()?|OKR#<`eR+zjzt5)mD~C;{`aYEAZ|AgBefbJU{e2_NUjzJ=V!Mi#kDsF^SICC!
zTfFs$ET4`QY`+6({#L=?bjia={q0Nhw+{YJVmtlum64W@>)!B}JRUE@-w`TA)ZaU4
z{#Idt;B!*?<Etk1$Im=ke>>EH_*2&xiyg-%%DL<=gB|<FhuLu*UHX181SUm`Q3N}3
zg={If4ewLItVa<7x3QfkrTII94OP&o(2f#M^S1;3=Ay9lHwr=h-Ja&J0)yT!wK2pF
zk*_|@U;Z5_e^KMFEzMsDgWi`i_*<0buX8rur^AlrD>nYVl;)4mc~F(4XnjAI=5H<*
z<ZAns7=K*nXOBn!T=c7?H?Liod@9Y~8TiwFIu_ft{r)k{AD^diy}yc<uP4pli8;8o
zN_~0WsXu<M)RwOmgYuQ?OzfEab(+7miPU+n*If3OEF5#|Z$13Yrvni!-yhTb9fH4O
zu;K9-kD%qdB+VaxjI39DF;ahgPe!hw60&n1#(NZm{;ok#f7hh><30Pe%pjuv#-;h&
zKi~TtJpIKH)ZdIWf4q<9`vMj9SC{6mwh2CP?C6jCSAXu^9MbB7b1z;eRn*_YG=FtV
zyz`a*$`RDx=hDiz75>nrlcN6k?vGp{TN;hO>!DMBPpA2N4*qy8R8fB$)BH8TAKw|X
zd=&`lZ%>-PB3y))WboIU<}d%_-uL6tUzPFqW}3fsxM*z-z(7RH$2Fbg3eg|$K-r+9
zziI?6-yi^sqsJqTi;(`l9JA7nashx`!33ln3-kG0fc|O_xQ*w>C;<Iwk-A2D^D3yE
z(2l}&mey|7Iqcl~OxUZxwdb%~o#t;n>@xL(Z=~66fgR_ODq6mO6g!S3l<ly)&O`T~
zWoP&a>^QGgIRQJKKPt4L91(wB3fG__pKpaG5UbtKVTZqDJD*<d^YtLjcD@yX+t|);
z0W=SizRg9LccQPV=(gjqW1b4x@Z4uTJNlb}z-{!$xnLH8N*zvGey&(W{V~>K!EMzy
zpl+BS+y=f9fmzTkT$@^dMN{y30h3Yv&0p4WUvt^jSC5-GcFC2YP-xuM<0o8II<B<r
zDsXA(IP?FSYsQB{*G#+yR+PCHd}c~rjo+`H*dF)vX%o(|S*h`e_=$`2*~@R7Jo(yC
zbbiN@rAs@PENLBc%Z;H_qHW=rabwHM#+HtmIBv|saZMAhxq5s&7P@*YRIZsqa73?-
z_{GDe3H&O^f+fD&W=@$?SvB+4y4xD2%&D8&Fr~h-Zsw%Y3o5IoP8!EP_yIq&$e&#E
zjpgsF`Nqy$y3{u|<FA>)#|KGPpIWoZrlFDX?BCQf2i9%po!&<m&QsY4XiX<x`$__l
z9+9xH_JecTjfS0_`<=_KMEvPFNxMwv<kisIa}q;y#&a^g&wm|uRR}6t55~4dPar)P
zfn{bJoU6~*A*1?$S(2MOI+k>J-QD%%59{+~WfRLvo#lu3`Mo?5O`k8|gBM640>`BW
zgiZv`<(@;>i;#^%mLOChG$8PLw+`VsghL2t5V$U>7J=)EcrU_h4%Y@9LkMDj6$tGJ
z-3VI|_9Ji&%wRMQ*RV7obRn!q=s`G!!1W+p`w>UrI*u*`-fM8p1=m!tak(afYaUt<
zxMqQC5{@7Qae$);jR-3c_`aU+=8qtpLEt;}IKpg%6$pISy#;~qv-$4&7(#yx{Cv;M
z_sA;{HY4mr*pKiILLpAx3WQdK^$5=)>_<3>P=L8j3BqiI6$o1p_)hRNLI?vY-_x}q
ztV7^?wEYOj5%~Tqicp8pj<5lt2jMV6f6UeR&Zhx^?`$?B>_p)E70$c(euVErnh?4X
zwj%KTLl6Tl-x)L_tU}m|z~}L25K7U>`MkUZVFf}D!ZCzwJd@?~=0=3&2z=Ii7=h1Z
z>kzsS_&jt!0v{|CA=DytBJjE47K9!IJ_kI8a0a2!>uSj0$&&Wwwnc3VLmi2>rX`C*
zP0jZ$n%^99z2AqQYHB*yw)+>s{{E#Hm+_NPp+)%RCCLQ0eYY+2es~E#Bc&F7_r<-0
z?q9O3wJ9`@zs;mpIM1<R@iGj*B_R|OKi)(i3lfW3o11(MixxL8S(e)A{YzRGOm=0t
zHEBA%xy_Y7YQ0|>YECRnENY9T_LIt++D+S%&Jdc$<@Z_xp8;>5ld5QFX(xXc3_4c<
zXOq%3ceQseUee_4L)5hGTr#JttIMiOLh}=CqdP<R@mKtsYA25h?3ON@m&pj~&W^-<
zSivUI)W^R%g4*-3cv)*EA5eELYHxkO`9LDAnCeE&Lf9_;`qn3DsM{B{-FFUO*dlIN
z?)i(`ZMj&E&?lNZmV`Q*m!fPXA+|jl5I+Qm0}bJEUa}yxxOwrCjt9J~zFCQmMTvQ>
z&0gEm`=SMln$d+G2!R$fci`8KL!B)=Hop3qm7)7PmY|n=9jp_-SsGffq$9))3zoIb
zXUD>Rn4GtanZ2E$+b!#C$IdYc2`%Ms)rF90QJbpfEn4WS`ZMkEBW9gEr})coA@?J8
z)lwsTCy3oPec3$x3R(z1l9qWpezdtcbYG%%5q_dAWzyHj%w_K9^g?Zk#d=Qn*~iqS
zOP8UtW^*$Cyu?!M9i0+C4u`X)Gc>s})Y-92-6ZWWH^M9n?YA^pOkd^9TSEM0Io8vi
z7bR#kS5&X@cuZ-7{?44~Hf_rm&ui`wn}yAtA+$3x%DJBM<z{5`b1&K`bz-Ir+>sJL
z|A)QzfseAf)5YI;XEH?dCL}`)Xrj)%31ku{5GG(I2uda)36R(j5TioN1PH+f2q6e6
zZuw)Q-DbP|lX|;oL!{Q-rA4Xjb?>!%lW0?PLoZU-q8GZz`fIU;E~U1sdqsZFbKY}i
zP7+Y}&u8zwyPi)@&NI*Zeb0OTpYJ*6J?~lLq{K>DWi+8>A}k%TcvxBdR<Cbu6}(dp
zRS<cJMb!y^6B<1vj}}d*l&wUmWw_QPp0<AV7gw*@u-d<F{VG2%i|agBQ2E@1wr(Ad
zD7?%y=-;9^3;CwyD7ni=+&@Gn*4)7aWEj@reCJrl`u6yPR;@%y?pWG_x`OZtnGUq2
zDjX`Hf@4LI;c-g6%uP{2SFc&WqQx&VLCWA+${Q4%=9TTML~D(Q$HStouV1}xeOnt2
zZbUFza7?3LK1zl8a&pXOA;x&!zM$a_k@3sKnTtw(L^*4mIJLOUU(t?p441~x9;)K%
zN4g*#kqE5OqHv05$6AqeNU`NZY6ZTjT~Xl_UVp58#rjojU7XBjh_uqg#({ZAd4zMa
zpBc-LGoh{^C&pKzXyA}Uzm_zYk!PQ%nyh$G@VqLV(#~9F)?j?n#!eCe#sP~fc_t<5
z<GOVl*0e7ZZ5bObnA_JR=(hGX_pQX)m25!QuM^eJC~xiX-_E837tz$N3TZc&&zfIU
zT~X&RU*FM!#6aST-WlZzJvjSl_)nRNPm)=8|LUcFp4{kUA;VRH@S`tSr_*sxcE*)B
z(te~A#<~e!N;-N38p;)`MYhGuupbTjnx+1h<*jW_`CN@w9#X3LM{L;ujx5I&4Yd?h
zW$ubHpVq(6Rm`vdI1gFg;aB~vIzP_TT!!$?;^;)^M?wops7Hcpg9?B~DTE$#-MZL{
z<+7x<Iwy-J`kAHdgW7qh>beeptOG4s6SS>FL(T&>b4#6QPV;LG2a74H%zD)8p)v@i
zXk6GNwl810vTY?RO7oiatJ&sB*|?Im&c7kHx?>$WZxme7z)+_^FDn!@l<C>^^VzdI
zrJA|50R_~_R#7f165W%^>;^}Vy<PMnetGC8>bO)J9Y5>nXH8vsg})B{#wxVQ>}H*l
zSEc_A>tg<TCmkh&xgAFvaMIDgW_9cR{&mZxzCv|k4XQ#rYmdBR_G*6xqlUw2m#;tz
zbid!J9wJ^cz^EhsxuR<*U%hSvZePI67%5jdYktY65frid6dqF7`4nPCWka<3(+CPV
z<Oh_S^=sCzbE2U|6!Bzp@o64uED&m&e}2cBc9ve|jdN_QOxI!8q0+>&$Y7?j{eybA
zE-_k=?e{u=+ZrkoxZt$8s#IV+$OhZF8sm7TnF@ubSBdNMHnO{zcR%$)YNQy*AbhIm
zNk5#^eI2D_ooJ68)yEN=-%y`uzggHtGYw5u)l#(4ssUnKNO?5Bco?)LsJOD7jX#su
zRTm?wWTN_t{tPuzX@N|~*~{2iLsLeLV6BV?UbZo8&ew>d`Z3Z{mJ)Y}_GPG7aoz9=
z4^D(#>bqBbsFX}RNW?H6=2`5_*=JorK-YDhq+9N<U&FJ76OCMA?8iQ6CAx_Rmiw#F
zf5lZM<Uw4A5_u3W73_=A_&aALqd}A-l6d>30-Cs=%7QbzS<S)AvPrS~@F+s&HP5RS
z8qO6&7)|Pkj=v%Q@|B{&88SL)g?d8IDv-M!7%hp;|5M(CW0FO8u#$Qax&jdlr5M0Z
z<~xP~ZLy9Pzib4Z3}FbwgH?<#D=Q@0QPgA5gSCDZI!Zzr{37DGp*_}y&Upn3V#}(8
zpYnie1dgp{Typk8|FSj6QK~+o_t6KB%wK1YVrlF0*y{Cd@ty$l6!B}Kp<)YAQCV}D
zHcFNU<`J$}2pvZopRpC8lFRZS5=V3fV)j6eB#|CM&lyoPjM;KvBy@m=<?Gr|o|d<x
z>t4A|jGxwF7|gOOqPt$ywzv+v4&hPvv)4f*(I#6T(K#_fNF`$ywFUnMBqnt2_GKGl
z=#xa6tYK%xawo|RF;oF`-Dn@7f2~>HzEqUU`uX$yMXGzmL)Jk__OD#0v_UbH7D{|P
z&#=}Y3OH3Lw4}@YF@_A9q#AWISelGf;!!Xlyj--s%T*CuzFHiru9O+XxngA-I$BQ4
z(|_FS%t5Ui(kw%6SpK5RD`HgYV=LP?tVDX1ufP%ELMIfRZakNV-8ZYE5}oBI-ZkQR
zA6t}Af~gvRs{U|(O?lC$>ikE>8DX!Pb(yEc<BD(yJsxAAHA;tP(}4~G$IrJnL+6U?
z@gFB6^a<2mCR5R!OkFBxE7zfgUaIsS))NF#t3$H1&c%(Y65)Dz)fdWZtNrUR85r-{
zwK6;jla!O3@{4bOw61JIp@|P4#BVA9VgTWEAcA8N8^Vh5k8FoluJ%jiR1nLYVXYbq
z3tuoLAg3ja@V>NZcDVb`^S@_Sy~NXaitX;8*=-sDtdpPr?B8c;@SnCEXjK5`F1QRM
z3+qc6uv~xQci;I<_={MNdLQ<8u)l%j_r$nH#qW!~1^c(K+`Ilau>AgfAMA^;{4Uuc
zSbnRl680Hbe%p-SJ>x$4KZX5c*e}CwhUGV7?}J?n+X~C?@#o<AO>h^(Hp0$_y&ZNo
z>}{~qV5h<s!`=it0X6`e13MNr71jrv4C{vFH|hA^9^c9P2UvdJj^`Jgg5~${-hkzM
zf`hO>hV6&_AuQMJz6bkVSiTeWP1tY1@@$vwu${15U^l^TfNh6e1<P+IEQS3%>|L;2
z3;Y}`<MkB6GY5DUEY}HdfxQ`aGA!2)^I<7>CHqxe=l2V*haCqy1~v_r-+<=&<0Z7s
z{{;Jc*z>TzhW!QX+ps5Ke+GLD_6Y1@*q31c8uqVXpNBmN`xmg^g6)R=GuS<_J7BwD
zAA!}wwiUl08pdtJZ|XgquU`qvc?G;yCe94vvT8l-T-Ykua#+5H#P_ztutl&z*j(5f
zU;{{tYvKC(&R;e8l|b=JenhgD-wT^z7FiBXo_sjq>q}2P|9|481cZ%ixinY`6^6eN
zGGWLmOv1y+!7xs|jV=x4h?8K+Gww9xi51Uup&?JKc<HU+i51WEq@g^q;+fVo<cSr}
ze4rsuta#=T4S8b4my?7cPpo+6Ee&~M#WUY&$P+7`WrBu0vEo@?Xvh;Q{%(>m<cSr}
zaz;a*Sn(`_G~|gD&+<t_o>=iLyENp970+@_L!MaiEb}zvi51VfK|`Kc@mop4kSA6=
z>lY1qV#TxW(U2!rJnJP5d1A%0&eD)4Ry^x74S8b4cLURq?}k<Uw}5HL6Dyu=1Pys&
z#k2jOAy2G$wk<T|i534>Bw@%CE1qo<4S8b4zeEy-Jh9>rlY}8pta!F_G~|gD&o+>T
zJh9^0KGKjURy^BI8uG-7f14x>d1A%?f+P%iV#TvPrXf$Pc(&Cv<cSr}cASPhvEtdr
z(~u`tJllU7^2CZ~-#|m2Sn=#PXvh;Qo_z`pd1A%0zo8*dta$cCG~|gD&wh%AJh9^0
zhtZHHRy_MZ8uG-7XWvLeo>=khH)+TdE1rES4S8b4v%jSwPpo+M#WduJ70-T}hCH$2
z*@x4RCssWBc^dM>il+`hL!Mai)DLLL6Dyv&0}Xj%#Z#}KAy2G$>KruWi4{+MgoZq^
z;;F09kSA6=^%xrR#EPemLqnce@zj54$P+7`x)BX|V#QN`p&?JKc<NI$<cSqeU5kc1
zvEr$R(U2!rJasf0^2Ca#{zgNdSn<?<X~+{Ro;n{5d1A#=AEY5qta$2*G~|gDPd$=`
zJh9^YHJ(`UKh}6+#SdycvEr$>($Ifm#Z#xHAy2G$>bo@Li4}iJ<B1hdJ(-5`#EPd5
zO+%ho@zk$r$P+7`x;G7ZV#QN0ry)<Qc<Ssl<cSqeeV&FqvEr%g(~u`tJjVhw<cSr}
z@c|8aV#Ra(KtrBb@f=&wkSA6=#~n1}i51T=2@QE-#dEwuL!Mai9Lvy<CssViIW**n
z70)pc4S8b4b9_WYo>=i5i_wrLRy@a4G~|gD&+!%wd1A$LEJj0~Sn(XE(U2!rJjZY}
z<cSr}@f{6$V#Ra(M?;=i@f;h{kSA6=$Bi`Pi51T=B@KCE#dEw#L!Main>C(T@f@ep
zP@Y)v9K+I(CssViw>0F570<CR4S8b4b6iYAo>=i5Gt-bKRy@a#G~|gD&v7;ld1A$L
z98N=?Sn(XA(~u`tJjd@e<cSr}u{{lWV#RaZPeYzq@thN&Ay2G$&KJ;-CszDXjVD$-
z=NV`yPpo*(LC}yVRy^k?Xvh;Q{vC}cRy^l5Xedvtc+PpykSA6==R;`76Dyu`B{bxT
z70-DT8uG-7=Nt<Sd1A$L{)L7-vEn&5Lqnce@tn7zAy2G$&gsyQCsuqmFq>BL9LJNl
zVL8sGAy2I2CuqD7z&|yH<!^<@12d|0Y3R?#y|CZDyfrqlbtUGoW33Z6Ed4_D@(wY5
zJYT%4WlS7?eaOWTZ~M2e;j23n@uJt{iBsgw6uP3%@`futSlv71shFGQLWD6<yq^@C
zhz001@>zHi;*$7*1-UjRz?F^LNujuad&uq?zIvV#zeeC5vb&4FWd|vxM(#~u4knD-
z@Fso$xs6f7evcmZJAK&ijA6gW#6!R`;zRhyNC}n!AHvIWrHt@xWO9Si(-;}JdTHDJ
z@+Oyzq6fbfX1P+>(lGs3e5QuSX*fs2ehueoIH=)}hKn^kMZ*ydb6!M+VWx&FHC&_N
zS`F80c!7o+HM~f}OEk>+4E5X=4Yz8zO~V};=3Irkcaw%UYxrReKdRv_4R6=*ZVf-K
z;k_E}*6@A}KcnFT8h%#8&ujPv4Zo=2UJbvj;lmmp)bLRazpmlq8a|=nQyP9p!)G*n
zR>S8t{GNv2*YJlLX5~`(!tuJo{6>YsmWI<coT*`s#g%-HhW#4O({ND39A~S0i#0q&
z!x0Tn*YHdYS8BLM!?hZ&*YE-jH)?p1hL>n~nT9#`Rbg(`aGQoZG`vy69M`IQH*5G|
z4L_>kE)8$j@NNx1uHn5J?$+>r4L_sd0~&r-!_RB@1r5Kb;a&~Dtl`5N9@Owr4Zp78
z;~GAp;ZquZN5f|{d{)EfHT<52-`DVm8m2O#^1`EGj_nk0X*gZOnHnCaVUF9>y?zbn
zX*j6ikcK%XQ}<5Ma74q?H9S+pl^U+maIJ>xHM~H>jT&C0;UyYgrr{P1bDZRo`Wu>-
z__z8z#OY)(w+EXERe`cxe;}sengek%++2w*xIu||JJ%B^lL?n=2*l&ya@~M92kvx<
z{cy`A&V$P}0m{%nt^*K<;MPlA443o$<fp*p96xacF6Z@$>Gv{;XTs(DJ^4zwoU<pc
zfy;S%;##;HCFXNDA5VS(+^rHf!sWa>`9*NMBwhlS^XugKOwOqjx4`8*I&mx9Zi(CA
zeoNvGxSS)W44=<=apFyIpO<(uT+V-!e;6+3yon!$`;x>A%VCMP!{vN7Wp=~m95(Ue
za5-;Hycg~XiM!#xE%AQ1oRg-^GjKT%O?&|Ed5NEe%lT&V3?t{5iC=)rd1c}k;d)SK
ziF<)Le@y%`Fz1Yk8D7p46En=?Bpw9jd@%W=z?=gnejS+ezQo6YLlQF{oZlsX3Yc@c
z#P0xe9+&tG@Jxx%0&~8WJmbVUTH^PBIWJ56KJWsGKLqCdD|rJh=Uj;yKhCofC&O)#
z*n-RXRPyO?IfqJ|377Mx#Ek1EiF4p?k=PHHbE1^VgUfkP;vn4Z5;NYM?<8LgmvfxN
zQ{Zx5lQ;r*zr@qwa{iJ$(|~i9#FcP4Pf1(@_XUY-;c`Bbd_7#wK@u}PIPXZ@2zOB8
zMQ}O4NPY=i&M6WvgUfkDVy4Y0iCf`vzL0zyT+R^^cfjSmAn``H?@7#b;`|@^&2TyA
zNBl5c&hrsJ3e5JOxC@x`dBjXJ&fyX72IjmS@#Da3^NIHY2PEzW=A0aPrXT0wh@Syw
zJ5PK7nDcGK&jNFfjre(B&Z`kKE!nmczX;6vGvZ!g&Y2Ov49s~l;={mf&xx6?oDU;D
z3d}h$;@5#W??rqZnC&w031H4|5i^ZBr$zh@usC-Y_zdu7$)5%0d=+KR19OgwnCZ=V
zDdP8mITuCzAu#8khz+=$b0YS@<vbHH)BYKWEx4RdBG0~;b4bMOdpU1J%)a+UiJ1?a
zA0qFE%Q+$9Jh+?(A`ZemDsc!d=X=OAPdLXz%)XcNI>hXI-;sDaT+ZK+p9z<9HpI*y
z&eIUrz<pohTDY8#Azu%db1=m0dpYky%)H`U3-Kag&aV(J0p^?v@iJh}qY$?MbMA!L
zgJevGWqPoW<!GLmvNSGW8p<h5d4(+vr)xM<!{aoZqhY^>^E4dPa7e?&8lIxzh=!+Y
zc&3IcHC&_NS`F80c!7o+HM~f}OEkPp!z~(a)o`1JJ2bpe!<#g`S;G%&_)!gaX?VMa
zcWd}@4e!-(w}$s?_!$i!(D1VweqO^bX!u19_iFfM4IkF<poWiX_;n2**YF7qpVII<
z8a|`pvl>3H;rBHBzJ@>4uz|Klm2;1VlQnE<I9<b;8Xl+N91Z(5oTuTShC>=I*6<V!
zM>ITL!!tEpso@$8*J`+4!wWRrsNqE#UZUY;8g9{WtA^V&+@ax(8s4Pg%^H4K!;fmX
zOT*hWyj#PMYk04QyEVLD!_R2=fQFyd@bemeLBlU<xL3n3YxuB+2Q_?D!>?=jxQ0(?
z_>_j<(eN1!pVjbr4Zo-1_ci>Xh7Gj+@$#?XWDT=_RWj^f6=olzF#A`9*}p36*D(86
z#j}4^nEk85>|Yh0qG9&0if8|-F#A`9*}p2x{#9Z2uL`q&Rd|7h*}p2D{j0+4UlnHm
zsxbRkg<Cb;rr{0^Z`AN64R6-)!y0~6!(AHQuHoGpeq6(QHQcS?{TjX+ZD6LHh9^#;
zVgQo`OWq@~I!Bt<)EPU;#PVL9w={knF`h@02di+ghNo+|M#Bp<yhOvT8s4bkhc&!i
z!+SOSjE41otykmqeoF6;^nOS0U-W(?S*uf-8un{Aq~VB$D>YoN;YAv5(Qt=`H*2^{
z!;foNZ};@}O>f8a_DXM;^!7(@XY}^Oqm`?44d-ZBukU)j*6XicPxbn!*E_v_>Gepj
zFM7Su%l`o_JTGYYWep$I@Cgl{(eQg3#^P1HY*Rm1<y@SB200pW2Aaghn#^<!i!;!q
zj5q^L;w73)tA@oHXi`R;fhO^GO=ho##TjT)Mx22rajzybs9|vinv@Y|ph?W{KdCr=
zsNrNZ7>du-uwTO=4fFd^O1@IV^%@pupvmWoZw5--p~-C4aF>Q3*YJJ~KdWJJ2AcHq
zu*Scx;ZqtutKs)G%x_+)xQH{*q@Vl_mg2=3Xp*0z@iR3n&Onng{C1YQcbSI88E8^w
zlg5iP&?LWG<GVF1&Onng{2rI`|78t}Gti_Azt^Q?#2ILke^2ANl&fSc4U03-q`Wu-
zO=58dn#9vJd2t4s<QHiC5)HR%Se$_-<;59j5{om?B<43wRoKKCXp-mm#uVSH;Xw_H
zGti{GI0H>$aR!>iA8PW+Si)9*iZjrpj9=qJ8Wv}uNtsHG7iXYJUYvm@af>D+&Onp=
zW{vOCus8!v%Iw#8aR!>?#TjT4^E+!Q{NfBW$)D2rvl<p>ph+1I6asaxI0H@c{9c>l
z#TjUl7iXYJJX4bqXP`-5oPj3sGEGLDfhPG)8ZXX3le{<sP2z4%Mx22rd2t4s#4l?y
z;tVv&pU`-52Abr>8E6voRS6YGaR!>?#TjT4=V>zhHl30eXP`+LaR!>i;tVv2muT|h
z3^d7$GteY{Sd-bVVQ~hUlo4m3Ni5Dllekxt7iXYJUYvm@@jIH#c@2v*(4>qw15ILa
z2AafvD3>a};tVv&i!;z97H6PIT(8NCGteY2&Onn`oPj3sW=&q4fhKuz2Aag;3^a-P
zZEO`DaR!>?#TjT4i!;z9KBdWvGteY2&Onn`oPj2>I0H>$aR!>iK}@=-=ZZ7XBtKK*
z#TjUl7iXYJEY3iaSe$_-u{Z-w;zu=q#2ILk@78#62Abr>8E6uVGteX!XP`+e&Onox
z-|SZ57iXYJo?lQ^yf_0*^5P6MiSslWaR!>?#TjT4^V^EbA8`hn<d<l?I0H@c;tVv2
zAJ$~V8EBFhXP`;^j3y(_K$Cp0#)~u1BrncDllUD?Mx22rd2t4s#QX-N3col5P4a$?
z4{2DOfhJ|d8E6uVGteX!XP`;kqTMUbK$HAtjqlR1I0H?}h%?Y67H6PIEY3ia_^@`b
zI0H@cr!@YohQ%3ZQpSU^ql&vY15NTd8ZXX3lRUqNspMyBxK_jB3^XafOyk8FXp-mm
zG?hQ%3^d8_*7$A>AJDKk15L{Fd+N#`aR!>?`HfDsW-ZP@gU(0u9(jrR4bM1sE`Q>G
zKO`_bqv|Bg6#VD7Mj7RGHVERG@<R6{tPh|M<`|v#^BRh#xUT!haXz}PxKaMy0!H`m
z{LRi9IsJnwANQ{jSoe?PCf)EF&F5i>c`wbC<d)$Y!}CdUD<MPwxPDJV|0ZAKVE$*=
zd7W$JbXEGD8jCeF<vDm2U(ONe@lD3d0MwlrUvy*f_<jSJ{;6mtBjKM>KcpNS<1vY6
z@(0YOTd{^C{X_E@_m6Amdib8bKJhLp?^EI9JcJ&;jw-A#fn)ek)#CpB1epHu8qMFr
zKjx(}yhh8lb_6GG((&R%B>u~h;m>zrDX&Zo<kHm-xa!(Fz<T)hBYfk)F?@Ujlh;`O
z{s61)0W=!npQXLRsjmGN*L440gnyKye|%q4`A5IC>@=1YIqUqOg;D;|)w0Q0HqlxC
zMsX19T=b9eVqWY1b)X&<f>TEM*VG#O;_`4){436%^bP0FzFV$RFyW4T7g*0B=7XLS
z{LNfS7`J%aJMsII5Zg%RpK1%(mg+|3Z2%;(dis^*@*$(QRacS=N&i%xq}=7|<W%r_
zom_+8m#dS*%lx+?7ll<u#e=S%qG$1Y2`t0RG`Lckuf>hZ4~WI_y0$NDjNJT%o2ST9
z|5=&8%!~C*u#YjHm3b#|SiWfgZ!hz!mZ{S27v{4v|5=&;kKWE>a|^z##Sfo-x-(hI
zrbMPVwd0e|r+DW^RC;u*P8tS{K>Uj#PP_1b<9}b@(W{<&W#5}S-re%S+5%Tu#_Y-G
zl2!&Tj<S4~XNITIRUh8gm{Fg%tJwBe?_6d1W_V78w-pz6wB_yc`#Y+4#j1CH-rkpk
z_O913PMTR;lQz8*?q>Uk-$%@|JyzD@(KUe?X+^1u8$8`Oxh5mxN-zo?NL8rF>P#~1
zgY&)U$l+A6ueT3wtHK-3R`PR)_Z{DHX3P6)eSO9F!pzV(WRwLMhl}3(U3$27dWMI~
z+vutrJtACzNQMf-5mTYPMG6&JUXuaoM0iGq1n)fd^<MScSKfZ}wRihIc<zW<Rz7>}
z$)uI@?vKgzEJu1CbyCx3dUK8Hz5E}nt=?&N+Qx;!mWIL1y3vtE=O_7{<XU)WRB+J`
zw*FDbbbg;Rvv!UO)<$Aw83itDtksFsoi`)()I=$N((F2&^-)q0U-m@~6s3BzjNtTU
zd(1<lTWS}l)vS$_7rC8lC(ReXtI1hR=+3M8-+Pt7P}uB)n+CAVAzbQ=i24BTHbneW
zlYe{o?c=YV>3jb<U*AmR1mpj#85`3d^Bs$2oQ|b`@LQ1vTTrHkroky$qSjUCY<R!6
z`o@in<ozm=C`Zvz_FzlF+Q!&j86P<DG!f6VqeU{F=NQk2lH&Q2=FN2Cxp6JxnOd_Y
z5zlkxi;4V8^NJXDLQzCS2fX}WC5qa>i1?+Mfie97-?2c(=|KAXzxDOii#YDww`6-p
zuNk|uKeq5#?2gm11s7uTPnt*E(O7Lmtgb0``^8Zcs?DlRMr|U~`fsoUcQ-fPSdbAi
z3ta7i+nWM)4T0J^YeuTdgCnN*79$L)`2nlx<K-qB(ZJmk_M4rBMt11Doe|z=<Udv1
z^+)kyU>}?}u++%TZR$&(w$So6%`)aJZb&llvv9&qB@Iy{yK(@dPIsOA$9c!IbE6Pj
zV0ogmjGKNcWTH{S@)cYr9I4^H^hAIs+<1#+J7U&WJz5mA1NS%ut#EKajBc_%N>jJm
z2Ok``#pwDlYhqeF%&1$X#)QwAof8aESM9!Z=YBLJ7wo{Iy-k+4A#hK~Gb2sA<VEqc
zvPSY}&xUc!(uTlY(Lm!2&#*g;%kW(%x>l?3AuO5rU|~-DwiBN(vZ^?kfARB5hH<#s
zP`}V(iTd)OtS{SSd3q4_1=m>I9y9}Y_6HUo3*2!!u;4;qJ_^z|GX9T!B8yWPG{fCY
zhZb8l)OA+*kHfr2$y92X_o(g2Y%<u4)8*8J4f_Nv4To*SURd%^!O}nS`(YLT7r^v`
z`~i(W1WZGon8Qf=^Aao#d1X|1xP66w(N*DDD}^Xete(38ScPXJu=4*az%-ZhpVMUY
zpDqn$h=Z^U+Ye!B$P=q)>0u^T{42mTlqXjF{{&WHJF4+-0Q32jKd$jV*Z5N!{|k*j
z1MG%nIDZYR{O2%R#r+~M4gFU}rR_r?_-wi~lpzkn($8<f(vT-sarsMN^{kJ}UnTzn
z<Z0*+vEu(4SjD|p;|DbUFtCc_-vF!U4gy~T%W%F8OGE#aQE^-hg3q8!LmA>AEbsj?
zEDd?$@v!7shH1zX`(eqy3QI$txD}Q>x79G5<ja7W{w6H9&(M%3=F}nO7i&B*)lu?0
zfO(1XI{{c{$v+Kzy~Hm8({IZB2w3@f99ZT1yTCM*AyzVcol@P)ts<Oq<nJ{8gP}Yz
zr*uhW;~%{u&sU^W-r2ysPCifL3pGBZ@nH(XP@Xsmt_@qN@x<IpN4{R;|2dySC||y=
zqG_r8nD(9cDl|U7JMyClj?^q?jB!ON=lCOdAiW#uPh3KJHBzF2qZko}k>6h6mmJgw
z6Fw%~Lq#qdXeAO4&(IK$xI8qt>T)8i|E6DTV8y^9lxEyRX7G94r(NZ5)x9~iTg<vA
zL`KeGvFatv@Ojyh-)!J4d%}$TW`vcv2sH8=661zlXR%Efw{czK2ap>(I$4QmUV`-@
zJ@h+R3H`9j@b^vX2VDM+4EsHM*zX0ye%~d3e+8}&KCB&feXIO^QC#<leVIyx&tr$K
z41a%D{&*X%5BbwCf3u?ckUw1aQHJuz)epG*eP-Bi1B3j_7J42<wq~ik%ySDQ#DNE_
zN5gNEL>0bvZZz{>TwqvD8O~F1M16_I)-9iW^A}KkaEb~g>Z5Zjt0oVTRh0)<<26P}
zhQ&QNT4r+Cxz(szgAdK$EsoU^Dd1vD3`1SpC5t&5MHhQB7?wO27nxv~ZZ2v)FcfuZ
z#qLx2Ba7k3`jaEPcfupXCc?ws21bNOK3Di7tLn#wN8T&^k@pIJWT6-STq!Po@mSGO
zxULk2fFmQqAThmD>BA@~>?fA#oJTCvIjG?fu}rICVwwI^h-Ek<#5VrHOovtcObven
znD0|R54T&xTpv;VK@Ib{<ez|ho5ZYlQ4QA+v)6?oPLX+356pWHz-=Uk49gU8ij40P
z@{su&+*V@9Fi(h6WIA+^hfF8jKO%;VC2@*OhesvPd?QYgWs?5#UMllDiE%F<O`Iar
zZ8dqc5f8u>&ytvVl!>tz4Y7(B^N8|nuR_F-VZ4Y{yrz(cOcUIh#E@aUh*i95$V29C
zxDCXRVZ4Y_WL__lJmW>I;zfUX??$-I#JHF7B3AJd@kO`u8*u-PG7|S{ctFF08vdz<
z|CfgUUc+ZJTqrTiCYG1QvwjGdzxmvo;g(4J65NQyx5DK*A7wZgnM=%sf+0>}!o$pi
zrOZ*d3ne}d_a0)%GyREG9xWvg`BQKoB!&#VB~Fobb{l!fJO-DFHSrm^e@qNv<^{1z
z&##k*%y;2FO$-_43vr4M|6q8HGH2l)B8Cj}g;@E+a>jSMe*(8h!_R0~)IllpeU1O`
z8h%N`hc!G=;%~v7Eb#%j%mY4`VYx-(7vRn$mg)wvO2ZoRkne@Nlo&GjDX>bzFOmoO
z5ZqM~Gc4`IkWZFa#r;cCW)Ix2Ng1Xyaf)nvd5wM!!u<v@{9!s1D}U}L4-K6ImaQ88
zw#3}i{bPxl&Lxmj^3@Vk=57stO=1pYdL`z7<rflDUhQKiPJyML#N#x4qlWV}JW0b-
zG@K{H$vTuTF$Xds;;ZowhFIl`Xj|}H4r-=>XBZa4Z6Jm`^N2XbkAE;rU@7xuxDOCR
zhWSFQ^6^pfkYPT2RbmbjMP7h^72JQ3{C>Dk62l+n9kI$6rZxTf3%HyfrVR6rI3)l8
zlR_Rc%)6V2A;UUCtYr9X%5Z>otCSfB8DjM;-cK10PPraW%z;}2G5loHL9FB{N13H?
zmq^S3<`;<}?}t3GYQxu&hdj%}Mu|D#?Ieag^Nm=w=TAyL2%cE+yr2HCEd8a#92CDm
z41bun#H!6dD*0mY#Hx?u{q%=}<+mi}9>$*&!ylFlVijNUEe7yxYl%~A0GQuX9{z9;
z{gK2R*qX5PXF6nvl|Si{p9!8=@%S0vx5o118b!v*Zx;y|=9x>jEq-G7uZ-IB#xkVt
z74q_4rmwn}X`$|A_*@7#O%1HV3pBh$!>t<LsNsh-yj{b4HT;Z*pVx4&h6jm}E;Pqs
z6@Ev<=QaGHhClT_H}okq5yV@)Ln-#TNxoj=#XdL5i+yeqcW5%3H7xeINtwqrUhH#|
z{IeP__PI%3>~oX&bxr1!hQ&TNDf7O@dyr--E-Y6Hv+Yw@>~r%tac7&U-VL3p;aUxg
zeQr{InZ~zic$0?3J~t`9TjRSm%=aeMbHzS4DgUy@AJy;)4U2tlQvN-S$ACNTr`YF)
z`bZ=8xk)Vcxk)Vcxk)Vcxk)Vcxk<c$eoDMV!(yMC<i$QWiN!uQiN!uQiN!uQiN!uQ
ziJ#Z}?A5T?=O$&uJ~xTQJ~xTQJ~xTQJ~xTQJ~xTk=d1AhH7xeINg1)vO=7XnO=7Xn
zO=7XnO=7XnP2vvC&&?VZ``o0A*ykp(*ykp(*ykp(*ykp(*ykqk>zbcVZhrEAKSWR^
z#H1yq*@m+XR0duOla2qxGsQ1_^CsPC`}nE=@8>nPqgC>^7cNaL?B)C`2e140j^-b-
zHtwHjJMmljx9kf3tr+HCC?gR*CXWgq^$R_|oA5gmRvF6Cd<9kyUkChSyU+Ntn^FEf
z3#|LM9ltAKl~MlvB?#TWXW<{)ZTiRVN%{99VBNph@mn{%M)NnY#7rxiE6KfvYwXTG
zN$!6^X83bo0;i0M#~UE@cx>_^{ct1WktVOP9DD?;`^R>jX{wC!?*kCJf7>y3XCFrY
zP$c5%62Sesf7CrM;<_@*Kfb`B``3cZ<+JG@f*SX4=5YUzKyNG0q#S?p`(L_$oMvUe
zNB>xEc#ZM>!Z82XuGAxp%21Am`o8X8CFTj(4$?n(9rtgo^sksV!8D=*aLl9(E{pVd
z06?le;?ge2MU;?~;ZM=WYW&|oE~x#ce>9H(=;1qjU839r#>4ktAgAu(eZPZ$r&J{I
zTV2~d%s&qr63Q{YIk3Ei>4)kNFQb6QPg5{9Ri5Ctf^@ZHH8x@urWk}Dyvkpe8`ddR
z<^hdou;hJ#KpN#A-j`h(e_7V=_kZ^8;Aig+PEmzqSXl|-H_MHxla#w$otz3@uaj%=
z`*L-1c$xn;<f5?3s4_}dFY{;ddkHMtbyPc1hb~v<IVM$pKrD`9?MsKeF#B1V|E$da
zhcEN%R>$`Np_%{0c0OEOc5@^`$xnV?wwNCoL}%lqVG!Rs+!L>^mo8mmSBD9#Z|F^h
zp#ClYu@7Z`%08X#)Mw`3KLuv~`#<tu{zP;hmo8nrbm>bdp_e|oL}mNZrT-25kFb9S
z`#)g61p5z{4FA9UF`wP}?~?-5NjN^OfnD$kk6eQ5EwF8{9k3f=H^V**+XcH9_5kej
zu>aA`i-_RMu!FF#!=8YB2lg!Nd$1qEdZ0vEupH-deEI*1LFIM&p8r<@{8>0ZOM!ob
z6kyl&ukj{=I=%q54VLpJT!(lW_8nNR8F21tChQ{Ejj)`ze-ZW+>{;0NVTYR>5FY4=
z$*`Pn|CgG7&AtE9XENTy<Eqjm9dY5>z-Q*O6!<I!{&S{4qx+`iE2d;-&$_z-TeF()
z7(FLydyK);E8VH*vG0!m)^Nj_eQ>qdcV^8GV^@|t9CcYXiAMJ=xIYi~x3`Znn#bOF
z(;ai7QIFA_nR9nTG|8|`>zbM4chNieA^hub{1cA6KS$l4KQ?}U=G_f;lA(oT$bIbx
zAH3gVEts9ub+h$wwAq;8OK)!QS;z8sWn$l2l4XkLJ;?AkJI@0~7I#%PbSF0~GaB{{
z+_^K=iWa!Lp3gB0JiGy$qf*a{JMo^vg5o>U>nnQ)k74)cwB`3UMXQYLJF3tDBvp_9
z&753%*1m6G!_I50oduqNVHCLGSrWYRCZ3JwH8#}DzccTTsvq;VL^oEf$lqA~*yxSX
zmWmZ$Pj0f^?YZt1`75g*yT+l?HilbDR(yR_i`|}UuE<|d{aChhA=9~#y3uaQUGa5q
zi*MtY75Qb=k4<Zg)>KqKR@xY@DXD&JN~2wqTm9JNMqkaC>c=Jq&4@cc_a+9%@?FM~
zA8sLsx%j^GS52;S&oGNT=skMT@lE#ir9-+hT4C4~BIoN&E86K1?}$wcA1%o++%snu
z?-(peu^0Ay1W%&hd4EpS%Cg*x-7^<%t4nJ5&U<$^)Ze^qW{H3BsqlAxH_iToJ*vnn
zgN0xqt*m5gZ2cqKQtoTJ&)@c?q_&Ozg}+QCS-f#qTU$rU!<!%WZ~oJyg+H?vK4Wcl
z8=+rrc-$N)HdgF6tBQ@3tv?8wRg;WnUqgG65jvg!b;~k4y+-ziY`Y5aC`xMYHg=lE
zgg242@2<#qS?1Yx?CH(6vp4Wf9K46-w#=QQgn)f!MNdleo5|UwoBq+CUtC!EhhVMr
zwQ@;i@0^l4Z)cj3y)NuFkoQ4zT2qtPwPZ<Vb5>H*OMVoSRqpIBhm(wHwr#rn{>)~d
z8GgxMx+gcKa&x1<t<?XE%syrc>c?er0i3Vz)KzO=iM=`R-SQ76Uo_9TvwWi#zLYfG
zv_EH9*LPyMX@(Www0QJ$laE&R&iq1><*~;2D|Xda`nz_&bz8K*7#Vi#h^y<6fBIIn
zNAR5agHW3FR1rr-$lD`kr)gLgQ>YJFkh*ZuKfQIy;$v9Yu@^dd?cvz*d1uPsM<MWw
zeCkA6W!t5PZit#j)62iJ##y5lk6O~WZB<gk%YUdFRbR7hW|e=#?*B#M7oTb#<F)%y
zdhmW}uE*|&7tJMbv1z)w0xq`fHqVEPZLQ5q;Vyx@4sM&1E+QQ)cbTis<%D-nJKkd%
z{2p@*^%X(E|KznIXg+=4Gt<o3?|eSIP44vdnFDtihrd+4cXcP0vJBg@CfLanqSej5
zdj>`s$DhPD&X!PPPEAo{hGjdCTiEYAp1Sa%kGyHd@$c%_ee$|5!@2IIhZA3^302!^
z;gHLo$hTXNzFFb)!`8yk2Zz@zJaLuf^UjdZO_>l~IKgLj`VDM!KK|t1C%DxWTU3V!
z;Gzlt|Kua&`0?-V{h>9cth`EvGF;@gyXEfQ0vE(qeKcT+U>x4t9u{HA9UI}O7vb0&
zwlZf=#sl!2$zHbspC%*IL1Mf8VXKq6tyz#!FuA~0P=3)Y2rO*<JsR&Z=X1A30;OAv
ziECUl@vFRaYf${k;IGN0rr$EFM&WKR(g0Nsk1(t70MiRy8ov=D%Qt+N_OSAO#C;As
z{d+@xC$J|?>`5M7IMMm_R%m1y6m8Tifj2Wwnid0pG}Ik5yQ0nw*@I7aolBm4IB+~e
zG+YS5u(DA$?_5&QT~L10v7b%dRCt>;zM;bSVz~6y4VLwaD}AzmW}XZQ8VKXnfNdIs
zVfb46yXM;TxBd>*qt1ww-||z-hs;162i(S6x4l}9eh(E64a#8lNo&m0wJytzuM|YP
zUB8@RM!SvbZEx1hi+Hk2rd>kyded{04d1!Boq2Y!V|WrF%-VMmj+hsbM#nwbMFp;-
zxtkFpC$4_G`+PVfXiW>3SvQ>wx(YAZqvfTDRhU~~y_q)hTLoy}McR3fjB4t!R%G5)
zeRD=rPtuCaTbg>3S7c6|@ZMMyxTc=3tjH{A>iN?ZnUSWRM^|Kys>)zw(~Y_$=iwi2
z4flMdEH%enW>uxc*|YYdZ6GVkER+Z(I(RI+@5!>%5JXWT?1STm=Z^}L`$*E>-`Bb8
zr^*~q4Hdd0`Sk`-qRgT9*SD`(TD0K)w&h66Y5pmpS+`d-+*Q9|7Qbg&IcsjwY#z!h
zt{KMF;O5V&s1HxQxnVLm;*!V|f!o?wu3C-@_u<02<xAVZw^L?P#qFrMaOX?6VumrP
z7IyvuhyNV#=k9Ruy5;RFW39KZU)8j{9n7TVt70o#%a<){U%qY~f8Q~?l7f>e;R(!~
z*lIuBs^v|>t&6n_x4g}9>tgqd-*eVGa&y+VI@i~)5bpftZNmNB(hlL?zUDsRVw;a}
z$A_2s#}|i}O^g5Yk6-4mu3KQBSEPx~s-AtjzhYLyg4tEGE6Nwl60CD=*6o!euMD}b
zacXgyzoMbmxk>rS`-WW+0?xB$Rru>0W-r8}{BvjBCGQjt@4M{PA<t}>Up~@<`2Cl?
zI^_QPJEFC-D=zo!5m$!ZH$2esXO4`Hp0@GgI5O1Ie-Uq0Xh%ww&zfH}IUFgfKm#Li
zSvZbSTm=px?eR*5!PjI(xSX`E{MfX*>{Ygxn*QOmJy{D<ltOsYoF4sIkLf?=SGCiB
zTko+Wc|Uu~9LP1S{ird8A*YE@0@iz%BX@)Jhc-K+@#eoU1iHa(MBT22s1bIX(WomN
zHRIR)lX_F4Gt%O})ibVepJk5hKQ_9p<ga+LA9-Zz%m+Af+5C0a8wF<D_GRDLxM6D8
z8s&v<Yy9!fomUx~H)L$z;D6%k>_=1neBobx)OGV8=jTry`xW=oW5?d_DH;XEMviMR
zxM9NvN3c?lwz8baNgaAfKXe2-%ItD}o8{uDpgTKUI(0*tt1yJNy*a!-+UJ?!ibruz
zzc-Tc^q4h4S9a5i8Eu8N=xeNNtmKE1AD_2<{jQmf+ctc;=?@Pte<btTX?EdY%3y<K
zSX*b>y@qe5F@7IDlk>>V+fz!)GFGMq%e$gQ?nrroJL^VI6zZfokj8LVvFz9fSD_`R
z+fl{$aLDt02)cY1592`e?YKJN;{Pi4e#1Mic-c8(p7dDWm9B@pi`{d}(XBd3ads=Z
zsp(LiqbJSqg7q~S&3V@p4%(J$vz>A5r0Fm5hZnDh4k7#&+NYy=N`H@-)+l^z!+x^P
z74GSn7PjrZj=v|OHLlr<!lAu(=!wFTaO>E@JiGM?C-;@^Iwbx1y_DJI7m@ysrg${G
ztyg{%=ANL1{3yMru;{dDlv(yq-bE7r!JfZ(RGq7Lx<CF2m_1uPL6_bCyPT5zlFF_d
zPk+up@-_vn!jqBmH{HQ`UD2Q`GOxfLu@GnU#z^c@NVxe`UXi9ymguhNgqp$h?BxG1
z4olEPdU{SKE%w%UvLAlr=J8)~iGg<M?%Y+Q=9bS;>T$m-m{E`#aiQ~d@@tcqQ+)8-
zi&UcPR0f$KLXWb>4lARwFMii`&OGTp;#rln*i+{YD_wI>yC-5jJ?5rhYT@lDhG&;O
zom-G?7o-NQ6uZEB+Gpd!Z|pQ<v+df`<6^8h4^TzD5Me<I;Atv*g_3s0CDb$#7WJ&5
zLr=XuLYOdIhnkA|P|boh!==VHN6bAvZY1<XdsSZ~BfP3Vr?PriCWo?iPp`j7wlnyy
zN|F)n>77&OM7t9XLOF2hl4>VZc|$s=@DvY8qC|L(n8)lVE>jryw7XFZkJ`O8$fwyZ
zW-xxI*eH=j?v(IC^U~}bRaDEY2nvTNs{@zKBTWxvnLQ`t??gUP7Q;!wjI8z~=+5!)
zTA_SKf1c#`dwT7R#)n&fS3EV{pX)DpIOzKEq0kV)3$F0bO}paE>7OS>z7{em^);cx
zGXoJS)T594<`wFCJX{ws>KEA}$C!KiM=wrAdxjQ3HPw5}(QE{wZX?{?U7Bfj-Uz+9
zz_mDa$bI2dO=$N*C87JXH6<?6S-P9$P<R3nt?j%Dg<<tU2-Zede;3uzHQ+WP83fFG
z2L)aKc&Jc@XkY2>8<kIbBYX%69C7)fe#dYs>pvdyOZlGC-Pc@B-iH~5ffN?5Ds;+B
zNG#n87u8?5PW|r~QvW-KCG@a1t8Csyng3<wGM%MjyeC``{=1}_ZMCL9&tI^u^9eiz
zqvh<EUU5yEf%X>FGsEuQnm@+u%rhFxzsj1UZr$lU<2p6i8_amM|CNj!IjTIuZ>izq
zN;$zmwj2-_Odq_E^`b}RBfiDueblH4%nto(hEqc#(}RJ+Tuu=h!EY8=uY5Cz&zbp4
zddrY<OmXi<MtlGp$awGlA|1AQH!!Gn_ZEgN_n#3q--xj79TK+K6~lHAVLLcHZ1Y6e
z<~w0)U<f<w8Lm!*Yv8sK;Y!ictTFJb@sWA?PnlJPY~$GY7S8xp36g#K{^~JSw0lzZ
zE>}@fwtc7li-sS4bf;~4ZKH5v;S6Xwq2HkjRQZj<qOfU(F68g}lHHx|Bqy?9=O|2R
zA`9$(*~mM2;MMaW|BCUvY#xji@x-1<^y}VnA`iZRkF@dk7x2+3$K^Y@%%gParVWe#
z8%&^%s$^7!2(sKi*c-`s^`%$vO}Jpj)0k^nf_Ws>o(=y<Tf9$uw_I;IhP4~vq#9Rt
zUV&>)t&J(=({r8XAzrbc_T7d$9kN&d57zHqHuhtj#{P9RcYuCo6x#aN=iKfjCn`Pz
z?Zuo|JZy4;OEmgJ>YAgUv9B4p*;t(RH>@wJNsC?$RV-YVQ5d>l;@Vfs=T27Fe&I8#
za*gvxr=-lVe3$_EK`!PR{g?<i@}V;wz6~ETM8&#uP5RIq_gugPvJ=jWW>!y9FyQ<s
zxDj>kwxpub&QIh?)iucPNXE434igL%Ogi>CD^iX*jnN;tgOi=A1`UoG#PNWWQI6}h
zJ=@SBi~OxJk%7NFWDX1<zlNzE!{;DW&vR0?@bRp8W2<LijDZ9}elS6XwBt|vZn3+&
z^S_xC{YeNZZ+Gv@|K_CVPl_8RelwE69F(z;Ekw}uv+(nnI1+j$<)vOUvRy>~{E*k_
zp{H|~Xm5P3dWbH;1Hu!RjBwARrM^IZZd$k}xzv{z?y*XJxt&*m|4ONEe7NUNOMS_#
zzX1%V&WnFTuudB-?pyBLFx8*E@ZPOkla1zJ_D#*sO3F3k?rpNYMuF#kchJMN1uS2P
ze@ydr94a7f5&jl;HaxiT-uA7djP~yC4UbzlHLsL$>0~J_@Hlm7lN>?d{U5hA>VD5n
zxGj?1c`s(3jphj@f4sFR+4#f4;(H%?<onk^g>Uq1z9ZuSUaVi}zss{KIeSA&=fe9w
za)N^}sI{0x$h10n5+jo%o}j0|#r`-x(fnbP>Mzdj<kvHcZ`~Z%KDzqVHTz(D75mp3
z*R&~ewrA&1%}S0ht)#nLcX_Pemww;$_HvtkeMxu3-3^^!-;<@jpvaG_7i}v=eR_c>
zLnGz!y~(Wwp3dhbZUBBxVywe-e%Hxde}0LRxwnYSE$@8B$=pnlxz`QsPuw!FPs2}Y
z_|GJ6M+Q7DF&;gD9sl7TZ>bM{eHkGe*rDC?HSM0S8cHYkegzRaRO-7fyl<e?=NFMP
z2exVVZPxHZ8h*gA`~Q2mdujgn%z+Kuk6&zKnzLJ_M7Y4?ZI|N2Yc$*{F@o$}sqxJk
zUaH|G8eXj7yES~Lh8I9_ThI8<lO)sTc91(kcGgNViaeQZ)c%fKbwaSS(x`o^)OS~Y
z$>>^SZ&`jxw00fpUgxbs_O5XE*GqjVwSQ0l%M9;mQU8$j@NQsg!kdAxh9_w_q~QV$
zPtb5KvT--V6_6y$&kct4)6$*moq`6U>N;fI_e*_a!~0$-^<5v{x36^Po$;#!zQnBq
zqcv<H9e!Bq!zVG1mhQ|?$a|$s6XJo6DBSZWr8|@3r8?-63mIq|Zh*ZD_J^?V!2Sa)
zzYP&|;Tub^$6?RGa=-Ayuzvx|cUX8<dlKZ9;u_`uGuQ_a*IhEcbESLRKO_GC6|#52
za{rV{uQd{jJ@^00bo?g#inpyt+$TK|cXmbf)ZE#wX<?{`%}WDpWFgdxZzee7_n?bY
z1(+S6eul@xZSz6`?(p%un5R49j$n;!u_xit;8qS*oGAx3zVY$C_HE#kSW`ISxr<su
z20NO?-a6OZ$?+EboVl>a8_XyyDu@MLPy0Lt^Dv(exp~waz;j4ZW3i3L*a!W13VQ#A
z4Ig3tVRViiDbF91|J8CkWH=GqyAuk_yy{)4{;=N;FfNE~SJXb(T7_?urg;&!f3fay
z+B<N)R5{`b$(}=4h%X4NO10L1RoC14lZ4)OIW+}iWor809A|fTL<0G{(t{cH>hC~5
z8SGzu07KyvMA}iTsG(qR+{sWQM?^k#$b3r7vkV(9C(6LP<>$;JVhl$;iouKbuzPl<
z;eiwF))%4gxBd_<9AfY-F?kl32_I}N-D!G5#-0l)!3;K}t7Jo3o?kML4QX(|77gh}
z(U6WpL%Q?9sw^XX!i>7lT0V>p?TWJlQ2!NWJCyetMMR|xb$@x=Rw;wVP56_;Q6~Mt
z{Gh{N)<7`m{T)IKL?L2_{yG~oAAgN>gP!>+^vt1!`AoSio=79Dd|osyPrv;a$Lv4n
zH@_3JbI=EV#C1$pI2Fp|Qy807y=0uT7F%M@G+uu9oSwAUVvSIW$)4~el!<chbBGjl
zc3w&dUnmmgCCyqc%8MEoZ=H(#DB_f?FS9O9^Xo#1zgNtET8q<$JvSQWU`=-1-ko~K
zZU0?TaO;0<GQCe44S$zZX9f(zU+M4d^_&m6*uTG=?jQ8O@@0H}n~HIfQ%&AD<nP>N
zh+DtjWLE8TZnb;lt?8kRE8l8fKk$fi>$jWC&Q5vjetD}g;#NCg#3#z$2w&UzpmXz&
z@!SW71^Lv+1$pZ=Rr0y{c<w6aRx8TL`jM3`Mm#Sa1EGR1FFbqg@c3qQE_0qc7SCNO
zZ?>JApB;Mhrm?(vNU-};2kvri-+*T~$~bp#c2c_gGQmzn*}Qt7&bjvy+*>Q}-6zv)
z`^VlJ^$wIf_g0@aJ7*fD$meny_^r;vdoSZbJe#8?#+i->KSR8y8ko&-iU_B3&`x%R
zQ0mJQtq?|SRdttw<ymHmeQ=5QCbmZNs|rxM(JEEt^Z&qjf%7D13%3n(4ZL;({<l?K
zFL1WN*9kmMU~F#|?lt(o1fx6Q>p+I!oH>CdRa`mfz*`6OM@)1LaLn0;NdfZwviY<s
zXCAr@tpYi&8?;qjZrxxZO8X7y?EW)Ye*b9>EaOVuh3+Y&@TZM?Kkm)OeR*1X{Y3hM
zVdJOv=St6W!`~roF?EG=&=rn&hiVJ)wzb{8%4#gHOT#>fYCDga!Hgdty2fcf8&d16
z#I+MqstIC2fTaRuTNJOhkJSM<_kGcGE-9-7%{uPrg}!8>`K@!!u;LGGPqBRV8XK&2
zbcSEene5qm_2RVNT0bcJf6A$~Jv~<?IKT9-KRLn4IsZMT#?6#+(NPJxddY3|Cb%Wa
zzoZ1$COH%DCw7iOyyttJIkpZt$JT+@j9AOodRe2^cJi2jwO(f(Zmk#ntoZHJr?pbw
zSnGwa<cG}~Gyk-81I}fg^ju7GR=RrQ??mlv3#M_(Ty%PBax3iR1kR8-^sPxyM8?;R
z*5}@Pu=eFFS2m^9rD~I7Tix_<==~;i+O%LGvHXQFcTkfQu9)Q+aDEJrh|rxEO9eUp
zu9sY&#``~*pUb~~0+*<?{v1m|J6&~V1T){NXy6O@Y<%WZYtt9Og#YUOGTnbHu#Q?a
z%D;SD@twPt+~MEwSbC%T&M9M5P%tAQymQijethue>)UR|vioD#9gAIiIyUY?Y%D8J
zG&ZIomeCaRA-r1(_7%Kc@Y_A#ziF{M+7}G>`BfPA9LrfXI%j;eFHa}KIl(Q3MeY3`
zrPw%rpf42dn-WHfjWT3`x^P|ax#p%Ri$@RhEPUPhHU5U~lwsa&z1Hs89oa#>so5BQ
z6J{@QYC~|}nJtCC;k9BdAV^emT&+9UhiUH4FBs|&4?C8g)jzhTFS4b0#%3o-LHxkr
zV+(zVz=wpMb?BPlmR}ya&S?~E9|fjskJuB=<n^poqZ_($iOG<-_kvG5&7#N0NZ+$+
zv^8tETziJ)3HMD2@^j<8Xe2JApZ|j2Nt?K5h)XoRW?!vY-D3{SFd|!~&4_E*!F`F)
z>$$`Dr!p(>Mq>H9lOxZS1tR-+2+GFSTHbE#iw4re0jMHloX6tT%AjGT;Rup`^n2su
z5QnWO-0bzoafkPM4da6y>Q*m0;yBKf82xaZ!~BSq){j$Bu;vf9W8iA(CQH|A;Hv0{
zaTWcrf#0&t1+W9@Sq-u%B~G6>TU)a)97vuvBc5W>fG@I76;#oW&#%IpCYBk<?hjmd
zEO71Vz_<&6vA#aMyE(EB95KVO^k^)jL9YR;-0`xm+8*<IByi};W&KdL9Y|?zDs2d)
zJ2{#d^7UNT6iAO3_XOV`FYg1*ICNw9eVngni9f!j@T9mZio6WZIdjjUv9ic}KOZmh
zn4fPFB|bg{j{@({-CVFm_`o8cczzT`{%41>ou<+rBP2wbS8+Zxh5}g#z4d#iEGKSm
zkC%CzNMk!?o`SN_t3`)B$I^$E`EdHkm?AP;RhjRc#xg%Wp1Z2d2e)7rA31;_&xF&a
zx8yPjhEA7x#7gkyh)Pg5IvnuXfefb(oHIL7@KZ0Qp2ngJ%e{cj&_5-Kk-J1y*$NGe
zQwW1rUhT|O1UpO%o^8W?8{Lk9ROzNj_bLNdp?~t4m;Xh%r^|9r7a<d%YmL$lx>l)T
zJ@}g%)ctAGRkEJhSA-LIE?2&_aVqr^>P9&4X~df(C|kE+tVtCmp45B7Y2x*gzc#BP
zSo32_+bf65T(B_Q)b44wg4Qp?Ccf4!^{LTAt}kr2_*%^3w6<zLUQki-S!kvV(~k~8
znMp7A>t375U06u7*Qj?_iuiJndShkS?Z=X$f%L9CykO#q%<Ebjv8J7@nfIor2Cp!1
zCWwj*#~_X#(@`bfN5;EDBiEoXvo*l^Ehk@~zc~3qMP}Gy;SfDW>Y=V9UTQKkr}!}~
zpbm0cU!C<pwAEfR!S58lh0#%UqoMJ|D^nK+`OYP-QE<J}I5wEB(kkn;5tp<N?nE4F
zT#2)}4)mydl|21$bg}uOY%$)VY~kjSI*ic8j(F;lu<B8M*Sx!84Y5&o<`gva<ut^M
z_P)%fzHtreu%Q!C=+bNPvT!UY_1sR8tn^i#H-@z%zQcQjOU=iv;B@u!b62Yh=aJNf
zwI6A($%^$R{hpkE#y#)4PU0Qrt1;2wB;cU$HPl4D=@&274rQSiLa#f0dv8hisa(!X
z6z1l5BDPAk6LxQCdvAaDDKYg>m>cwA8r{eq9C}C4%n$uH%Nj_IpKVlUCh}siCtw)<
z!DoXx1E|#5gZveG_KdkO?IM;ihrUzPZN|p-$Fh#at~njcybv3M!@&9mx7kkx3qu7v
zI-wBm_Yej927AJTE6ZNHFj&I@l)Y~yX#AQI4m}YKJy~6Xw$QXgd*z&MI^R8$%dc<P
zhIgWQEcArk(@}V~A%r*6PTlH<tdmr@TovT4(a;mDB`A|6y>H3)DY|@BxwwW4g%z`1
zHGR#QDbdhgf8J)h^>DcL6%>}Y@7m%$Z@^c~SEa>09sV1gnD_4~745S$u`XX{irEx;
z;->p>X#>{TPT)19z4wOs;*HxCEl&@ZXUr__ShS!T%HW+w)Ri%z()8Y8+;Vfc^@#_f
z$2`W|``TNdm=?Z(*Y*065iJ=fvG(8jo~tJC>nZj=qh-qyySLQ#SZ=5U)|loQ<AZ(8
zzVrs?WxVlr>$qs^wHInz5YxsT1yg6wLg^Vmf6!c)4yt8GLG$eUKzX_8y?GTmh&?v@
zTjcodvgU`R+`#NN$X!G3Po&)Mqs!CjAM~K+CmcDu*%xgd0}^8>>rlR68+X{tuZb?t
z;{Dj`ws^GuWK=M8AXcVjE;f%Y*j1dj?M|~i_!?B&3yC#Ol)+ThXQ=XAv!(EL=S8lX
zKw(MaYj2HrQV4Is6cubi;o<8rc(=>@B_p&S^WW{RjA(af_1LSd(I|b^Xr|YV*6!+E
zIY@jipY6_xOrCagN{J|FW&5yE<GD_}Hs_hWZ}xL&U(oCBD|?P2*?7nCiLaK&^JI^2
zEOMe|3*P#~mJQ@ZD*e7b>$a<ZT~gZPvaUbzkoC@F>`8mADUiHm{AL->Ex)!4wje1Y
zJM5+7Fmbu`TJ0qS?5Q&gZsc^P9DfzuhIbLZl%Z0=Mqj%Qg<$q1WHlmNJXLxdxh?S;
z&;h)ZaNxudJ(XIv+#63P=-MS^TWX%ms=PWFxW~pha*bQ+OM3I4LXa1xUe&U1Le{99
zo%vb$nAx%xhzMx6Z@K4~416{NpX1FiYF=yHa(5mCQOX-o%A){g1KuHayQ5JPWxr+1
z+&2)|nz!wj{f#^7?d~$4{c;d)Bv2O4uAKdLbotaoXj@);Yr+-slmqk*ZwZH$+o~o*
zi0&l5^Egn%|5YKubyO9)SQ1=Z$h9s-UaQ$M$9YAnamVplU3GIWisCoAWk>M7E_<$B
zcqy_Y_*9pD3sB9D;OkxCTWtTO%_zX*)4RfRiCcEq6UIm$IhUIy`I;Se-nCufUn}{X
zuJAod{>Co**YGj8BWh1QQCa0hkq`F=x#(Up7n@SD?E#b*vvEhY{mbl0PK+Zv@S1SX
ztyx7$b?!)Rc1anNwL!g_-5_4gj=J3qQM{w=R^vfb-8+IwC=e|>A~)AmO`AGbHg;AN
z{*?qP=AOor@T@dMt|RNTCzyv7q`ZjdS0w@XZW>Y3g$+3krWvhpMNM}@1%TTL5d8k~
z+@CAon``cyHub2jit>&(n}Y3corbUbv+!cB?rYS9e=fW|A2rPe_*x-fw1I!$za{S9
zo|>nJ`nNOKBm8^)pW)yCm+)_(=8d8L^#_m9KRYiy%S;*)z)y;{y*wik?>|H*q)(fw
z`jFs`H!s+By5sSftP3LM_A*l@=#`^xFVBpJH9Wx=oiGOVS4+-gO+MQm<M^AEh1W}E
zik>Rj{3$ZZUOqM+;_!rPq7$<8ARlYG#<sH@zpu?|m$?=6yoPe|4h|DlnX1}Zw%*tM
zTIE!D!no*!Ylr$b&bF_8>$H{n0S=QryrUD7*hhlBcwr)()sPenp@fBk*01c3X%^=G
z=G`qpt7czA-rfsG{JodDBR8Ig7r*JQxpmsqhCp(?3RBCLl{cQb_1@oPpR_|$^NaSp
z550_)Fo*HT#glS_ZpLH5W#WO%Uv~XHKM#7?VCH2<^Kyo#IhM+DoOHSIQ>KewOP3p>
z6K))uE;rcrjr1?*`BfNO*D8z;(91z<ga)q7zp?Fd-sd+1WBUVH#{$=!4rE>kjPdnh
zPiB1mn)^|?dU-Ob_<TpG(sC<pGp9ZOn>l#v+o`5MXh^od-CD4y3d;uew~rPqLbHt5
z!Y5*^;|M$(=1Zae-0q{;y|xIu*A@j+k#M?*-|oiWsiD^~&zNQp@^e1Dc(-+t{mgDm
zGc9shIj<Y6#fz@Br2dA@FXV{7s^PgBR^i7U#bG;Lhn*vf_Y^Vrj0B9OHuO!2_NC+1
zzW8_{t9@+nwZg%$Wi0C9yjmj~Qfv|oZn3_{HvbNN4N#S6(U+;kA1oAIp1<V^{M0M(
zldixQT!GKM0)PD#__0^uGp@j=T!BxzJdbyLUPH-=>_E0=1j{kCHm@btxV9W!)lWX0
zD;Gp9-vBaJ?jg_*$Q8%qHlk~3gMAdX8}<d*qp)XSS^CDoa%#T@b_wid^11j_2lSqO
z1<w`qL7<oKoi+3Yser5El65GhW#7GB4ar9IM}Lbmkj)w9%+hVxCGn%57UyrnI(SyU
z=Yi&x`@+da=urMH&$&@mhOy}*Oj*sa>^@ok<SzyW&xkzNo10M_?mbnJ5$r3>^H1E`
zi%OE)iy8n;5#{Q!DHe7&K%&f5B-OD44TI<AQt`n3drxCM1&amo-%a?90V)<7xb30}
zZxi~w5C!8Kk!WCtr324RK8bk^Bt%C3u2e@KqAL3`#z%=?0~bP1w1=KdkNHIkVOUf=
zeRF)6vZo(4rXYZA#pMO_3StFoG55Wr#udr<YQPEf;CG<Coxjj~q4h^zOleE}<Griv
zQp2vG-IpxI`UfxC2k*r=8*#$$3~^$EwNj6VIvrVStB#n(fA7cc3`}@1VByX2%|d%F
zn00B1)@x4#wEqDl!m)$*f*+%@d5`HjF#~CrSf>z=t-`!#d}q8*?u(b>>m%k~^9L1Z
zVx5rlMIOcs=UVetyvBJr;Ot5k;l!()u7})MDsiOu_z*RH4PsRihG$UzU5j0H%)DNF
z?+kCvtUw6jf+FwY^8qK_cK4Tl98T`9Kt6Y3Fs|ZKXW9oh^9_wUUPv+u7o#tnHpTgR
zLvQhp@GR`XNU2=7K%X>Fep}0+J7q)DWeBou^)jlK)*npf+{}S+FnXZ<OiyA<POz>n
zEwb}fsZhQ;(aU)_F2lety2G2@;p<ix>?e-(bi8%U$;KI}i7f0-YYIKt&}~KsbGWXj
z#@l=PQ-hntJDMTq9Zm04Lu?ttz<iW0xbQ-XN*iwx>rGJBsxz)%+1aPzA(ZxM94k+E
zmtt>p=t*m8^eJm*?PmBQ^UF-KLoZ3(?~#u|aU1fS_V`)oC(Q$=QFrRn{z)d~n--Sz
zL+|GN>K{&XuNq!5LYk<(cMGbVH9u$Wp1hNG@%7Tyk@HNl9AJ-BUbN0Q;@({1dIN7}
z+u3q|#tbvt-aP1fqsu6)LmyRX+>|?Hj!0WGJZYA>X1*t5nmCCb$DY@QyEn50y6Z-3
z8SUEBWV|{t;>yoWfAu!in+^87I<bo7U+#1N)8Rozeyg(UIq9}a!j(q$6t&$XJ36QK
z7{Z7G7vIh=<fnVCP#)oz_)y8^$||l+&%E+|*y4vi-R?gx_WC8`o%Je~QNzZoBiNLP
z>M^y*<K%Us2C&_PzpLE1so`LEz3oSuW=|=Sl~ofQvYviU?5w+Mp51NOF(W_orsmA6
z<Lgfce9^&=u=>bOWhy(B?>so|*5dKos<)<DqX*EAPwK=(z$E6tB(eCN=7g%CJj>^u
zI~gy-IKR(f(G^=vCjHsunt6qJ4tK<?Gyg2UMqif}?(_7jopG=J1Wj{!{AcqdZmtR`
z6-8k2&=K1NkOsroJPUqX_BPeTrdWD=42Rd>NX;qPj-@p9g&O+uxONk`-VWqAq1w}s
z7u?Z|_hokAz<Rva0ypc4yt4;_`zDxt$9iye@a=H_%mMV;Z_l~4=DF}oMMyar>s0&T
z&3H#Un3}UIzr?J16d&oq5W))XbFN=B@3Fsl8`m@n`mAVUpFIohpM~#DGz4y_kIx?a
z@NTv2Z0y(#S<xG;hp}xiAiJq^=H7NYa6?x3ddJVAw9ZYOig|4SzoUU0X1`{A4eJII
z|I)5W&41q4_*&NQuPc&YNuZv+)|fUup1lynl*_5x{o%k3@!ikCEx!WUm>LcEv3R7~
zB|GMO1O4D@SzF~kVmsi&G89a3%Xz!k?*HGAI6r-}6RN^XT%+szC#hawA?BY-%KFrr
z=|vMeWM9jw^r=FO$qMgW`qlV$q;J~zd+bOml+~)JQPY=Q8IAcG`|h5OF2k-c=1dR1
z?K}d0LNn__4g}KTIZy+2#kqH?F=w#m?QmdpTr;kDF7mdDO=Dl--|`bCA54zyC<_#1
zyyDupuPNYPoQ4z>E2mO}KVrVI)0J4BLG;5iYp{lYgVFV+^OIz&6nU*{shV~uO6}yn
zre<zr;#_<tV#YQT)63$w^Ul(Pa&2OhT$|X2wF$g`3cZQ>B-+~mKkI?S8Q>dBo6vYU
z*RH(Q`K%cm(;xF4LphJ7fAHIjVqf=NF}Xr<K2gTZs{66X@{0x&8{h06Sw66?cl!D|
zGu#vJB@lm~E9?5}RU3*Os}CX&YF@5j9_HX4%2ro7=d{kKnFkN-pU4zEXTH(z>Ut<X
zHy@do_0qU_LZwx$FbZpD@0j75sXla4uoe}4A_`!6{<pHV8-w$*c3$ITJ=5YYBNEH{
zo@IB-5m>>#6a9(RvzmEXm1E*wGF(tKlB~RN;A*?)%Z@Jv&)rjQx$S_=P&{!*WbL%^
zm`2T;F}m@&LOCrMc@C3;J8HH}tDFt>f6mlt)2H29Q(n41Ukh8~ysqV{k_Go=`K&}Z
zCmASr`wFGfQM2Wq$qj+4>L<y165Q9-@5rK+4tE=6v6{6rT#d22rF<}kAlU`w*dUu4
z_oIByAQYK-aYg1QiFh~8%lek5e!MJ`D5IlU;P^5R%b~Ld#&U*<XHm|!p`4-2d7X0Q
z=$6}tm9sJZ0pGCz8qV~DUOTLu70l!J12E@XAX_Pvq@9^xg|6$5w>3x1uG3jR9HYt#
z!Zr^jFe{vf>1LtJp;a)m&SfY8wh6QGbtyB^um8e#U7{{#JuzB|!mnFVD5XE=%o9CY
z#mssL-;PrGv8`%~vDmWm`0jU)>=+ATb@)C`P=>r<EvAb@k+p@nk$E*S)mIg4sfo=<
zYn-PFMN16p&dn=h$d}QL^VAG-OYGi3k$>}Em4&Be?W+UmAu+ptZuF7SHGvtajqz)E
z&R|RV-U*2}9TJf{@FyzFh}$SO0n8(gp;(sP(4@WMou6&!dHLSM$UNHF-Mu}d*No-&
z$0i($jXxdByAaDgXBN3<c#b5gcZ~2}b5dPWxNo*<7mt{Qlk8YdxNotOVkgl@<A=(E
zIt#LI#lMDBH+lwobw@HB$ayQ*4CMC*CL9ZlKOM-s5XeOszL9|)X3$H_n4C6sq_Gl(
zHanraOTFt|mow7q>Yx6yC2x4Q^-XKYN*eW?5#IzknRK8%`mH>5lhtq6wp?i4d%E?>
zW3AuZglRl`|2y#>Zn&Z^^*-!yy^s|2W%V2Jw@@%-%)yFgk6NF^@9DusFGeE=qCMW~
zG1o?WzFfU4*NIbb(cY~N@}eRsPP=mv?$$<KQeS%|fae}cwvQ#*cJipE6gxC7{`g?1
z*>_dYQhwMc@Xq#%CM&qNt34dzZjN4bzX$XmFJ^7UkXT(B)GpbfS8*-wwSB^asOrT2
zchvsJ#K@3g)b#L+W?9Bb&s{D@Ye9E%)cHyU-YvKps!Sx~2Nfpr6<bU#UybVrdE9R5
z?^rnBT4-DSsc7JW@!lBqdbAUP?9+vlLVu54+M#XQ)nCaL@K?5#(}@q?)?|cVz6hnj
z>&FTdN_}?at25?sQ!|DYd)$}K=Do^YAjQSYvIo7E@#^Ax?`TLe>g$))-?{bflI<HZ
zQktt=#wrgcNZbqma51~})g$;Y39oP1`asFOFN;9Dg9Vzzb0e<O>5sC?i6(UDSaH+k
z#}2i!G2hz`jm#|bm4(ZqWesIbW$oc;N;rCTxXCx7%(KMXc9P2D#QJ%#wX11{Y`KD)
z5;(E0t_?+o=2JmNnG55tG%vP9XZSzr4vvNf0n=~$l#fN$!V4c2jL!ZI)`BL!IU+j7
zfuDB06Fu0CF^V+>iyu}V(%kZ7FPk&p%5R@#+_d1{rPkQ?D&y`FXl1wLaZl-dZYCWu
zcZ0DwTAY>T=SE>oGpQ))Xx=ssZ)R=F_gvRM7<|Qj=hsbdjbR5e3kUBRe8o)_8oD5Q
z>&)}Bc43y_PP_+LZrr(x`rw^oM@QVzK<1o~-CvadJ)ieBBjUCPgPhu&fqNQanfG9q
z5OnJJHzNz?-4iZbixTUubDxUtY6xW3=Wd&6rx$D~^>G`8)P1rW7{Me2<L(A4FSxdF
zhI->6G7k#Cy#JrQw~w=`y6^qZIWvq;1HuF+Du{CqPct|mjEIARVTPwcL3xs(LE#Jx
zFgiRq42lU!cu+!>q(Ln;39)F5NfR5RvDT(Gh0zdW(HMTIH5OAt)5PX#t|4h}uGQpz
z-fOS#IcwIOp}F_AfBo+F#bSNFpY>he^|04od+l}h-qUjPm=SeNOSeDWHfE}flA+t!
zq@*TpY3dfJR=PqoUFUZOWz*QirCa>c1=r1(v!J$V%v76am2r`>{e<g><@os#{if?z
z4)5u^bB%es-+8BAmudRN&Hsy-Ufh^;H?zCITT5L6bS&a~A>BwHn)Cf@f6S$NZ*msv
zv6ZEV<`>T69jV&y&%Qe|YlplZ$Tg)J4rK~!w|&jSb4}?Ba&^CaZeDFAH&NZEBpvZq
zraCihYNobO{pLe8V=lLAm{yS|Qq?yMwabXEX&=^Y1DBeCjX$pbCmsvc4wxV7FKBmY
z(&(XQR)6fAVuo4kQ?+|PmrF{^<p&+hRsZ(=mdrJAHRC(?=mX7q?s0}}wJ$LG8v}++
zv|s#&bnnt{u-QRFF22lr8PctX!=7)}s>>eF9P_R!BAa(EF4krL-Noy(?5j`sb*<Vk
zC-utSSN~C~h|2z2aP!bxb*29r<9nHg?7%U@^%;djLt1`mtB4medJ^usv5mh}%7uEc
zEnn60{m~EA6bo4T<LYb9pp?!td`ll)bojy)m)#+?hZ0JUwH>NnddOB7&+ATWpa$Nd
zcl?qgmmT=diK5GvUur#BNNoJ&JHuOkTwPxA(mdVs4O*D3tg)ZpDYnX=4BXr4W`#9l
za<5{~QSH<ka+fyJEB$j+Jm03Zh;CM}^>d}xC(?EAq6#}u`nk2>8m_mz%U|$c$<%nX
z$EY^Ue&m$H`atFx`i$YjL;L0Wr>b+m`_32BFX&SsxvNsr^<|%zAJ3d|&3C?-ng8vY
zA(s#FH=IKnE;w=NIQQ)jmd@|^MT$<KA(z`ZHsnN@^!$ZdQK=E`bn3kosB<Z(uYPyZ
z^Z&2;XV{CkRd-LBeO8m6sLPF>)O>w~e(WiJ8ui`omj3mb*}04KpxWhj>8tIZd>T>v
zy6VE-eW?4Kqz~<7%i`Bh3-!@=fBdGTHeiB1$%Wbv{CwRMJ#FLo!k%PvxqARW_s(;9
zNask6G8Ga}WZ1}j@W6G;njhSD#oQq2W&41VZe*E&xSvh#NBy_AdVC+tujgvIYhLrq
zIK8{Tw&hvPN6yv;_@z^dWp-BR6f9i%_wDF6wSPf-Ewe9|I(k44@)Rh2&uHk3h9eVm
zM_Q5-qOz=VaLvS>&ByxHT%=D6WmBn|k?wu2+lzS`QhRh4(C76sc_-o8boGgf%ExCn
zjKjx><OO$aiViw_T59OZ$%Aw?9lEe?(5#A7{i4Z(cBvC8AFLa+OS@qDoY`S%dinIk
zi-Yap)>S^zI`2$dk=9oJu%U6#<YqmuSk=%ycyi`nay_==cSe_Befq`y-P5@~zEE*(
z#OWQa)KrC;3VsdCcSs*;eJ=AzeeD#j9UJvav+t!$U1eSU=%J_B@YiBA?2vGc9;{Ic
z>vrRY&K#|Ww??KG=pzaK8vv=)9v+v_^BE)DJLLMIMk|2=cM53{S5boNSAr|=#XUWu
zK=~3LnNeWe8idmO3aJ#&YpL$3&-+lP7><54ju;)gwt&YjwBegUcPSM5p0!+ZRn>bf
zer<gB+R7*N^M+kfj^!$cPoAO=mCkKkwq$2Nfo0ksawdiA?6E3mvlE+lr(>cyx2KoK
zv8Z=mjt$46LX$3Ya9Z^dSlDx{2hRv=4WF)jA5WLPy=dp!^ooXi=3i8!Uy3W1rAFVI
znYAqST*Vb{E-Nc+p3KWodq0YFtI~Rw9{$~RO=?+L&A5Xq?Vx_u4o#{X2H(~FvniRw
z^Yw(wsZ+ji$-Sq1&gq)4D^shx(?gDYchIu3gC#S+mPr<B2b=GCX}EToGl!c~e=lFn
zDSf$i*7Vd%;||s}H5`~9lw0Vvy6kg<4o=nQot9-Tc`#FPX{z~qXV2mD;gz-icggDR
z{%Z%_cp;aCvl}PadHO<TNq1%K@*%t_uKSA#`k>9Ru4QGm{7V|=*CusYx^8WD#qfKy
zh+Q*P8wZ!{$W)9<4VhY-9p8L#&hp&%)+UwHJzc|@yY-Iq@S5D!yQk`nql9lvS8qC{
zPERZ7u0{u}Lf1Er+d2H6s1G2qx5e|o#L2$lR=;n!Ro7y%hk4V{zLB_9?>Z*7+Rkx2
z*Aey#uu0a5J@*ZJKhqrV<upyc`MvUM^ZFK{-sGP=h{fQ?Qu@U?y>WC+(u5^DvifB&
z!MqDFtiCf*-pXh{@UIKIg{;dyl4?HivBu)-&6Sni^FCI;s&SAl-ny?EW#@)oe$`m(
zF5`*NhNhbC=9E6~U)VqzGY%qMBTie42R?4O^fTv!!CqYTuxfLyKK@Yg%+v2i_Ups~
z9mVpo<!=w?R%B^@{=|Dmmt8jdyi*Hfskna9FP_=E7Bt>$!=d5PNqnngW~z3<m?LZz
zX>4lh*Z0nsHp!2U_Ux*mp{wfk{jFS%^Ce`guiMTJQ%ipI6GN*%S$uH0dcYZ>ZM{~0
z#pgVOHZINUanO+m>r}JnuP)Z@HMh>b{1o${edr-6>Zn_diA(dBd~s0qw+dUkj6Dso
zmIYG>*v?|H)ou@L!I<Hicd&EcjAO0GxZ0@;p!;&6QnaQfT?>H<jR0_|8xc1@ezc<1
zekZYONw0gww=$EPw7;;ueXrhM(A#u%gWfB<^zzC1x(STG!qKU_c}Z@#UbYTCx2O}-
z{YrK4;(N}RH*MrSdY^kqPG4Bic)H~70a>1#;J-n;eyP9e<H-I+a@L!_>&^YF1b6&*
zsp?}xev`JTLkBY3m{-dW%6E44dDXh>+n<r+nhOtVS#o~OukLBc4%T<D7VJN&uTJEr
zO+R>-pNsbG7}B^PH#~RB@gC3Lwlp;kDvbCSGDnVU+dFqwW7FiEPUwof)&PT&;<QJZ
zzvOYR04o~wZSXS9Vhi?M^m^`~p8U$z966{>nWpay_nR_j)YsJ4)Lht4gLKKlflK$Y
zKrQTlYpHejnYG*B$lP^9i{AIhWiv@Z`&#uO2zsolpX;}CkA3`an;OT}`g2K-d+%yU
z)s5405R+3!KJE-N`s)YU=l`cOUMZ_SuX34pq-#g_8MO<R>KCtNn*I*<PpQaGuKN0+
z_MY0m&0nt<bBm7m9nI8@(<W`>gwgkmR4?xTm6l><8he$Otm}V$Wy`q60ksQ~D%Rb+
zOM|cO=HmVHEY#{L{p`9`do%YlwKwl#3caC1&u7PTsK&UcU3yWCwfNZn$s9W0&!O}E
zT9^IS+M7#{aor#6-o7KBO6p`UVfGs1x&`0<o}S-o->dnxX|mqanOF8w^Uk-2-!m;&
zbIIKwe)z19<__#hoT$qdp3;0^k1ZnAS9O)Od+Ubg4h^hJf3%W!Fb7u-ZrpBjp=RSf
z!CLx-bnSwc-0aJ%8VkE^wF_R!xpVdCql<Ef{62=7n_Me6l{u~5d0wiSTI&?{1K-je
z(7XzLSGP&minBgiQL}mH>r3w0cumckKU((idHKrsuUJy^$%<*8xTp2me_!#zdp^-G
zv-<W$dbLFRhkBb;HMd6Y)3;`*=Tz$H$5riu=aPDMhxN2?$u45KLrrbkvDLGCDJA-S
zd;G6zs*m>%f8}cJ?|$V9PPF1rDEr<$!+zd+jb9`d7H-9NR*X}jTJ7}weJhxk_x<+N
zpV!xEs!Cd>qwzQW3gy1X!Q@9MJ_373Vo|r?)p~w~vR(ALd}GtAx-Re&lqPNeOL<*W
z@s|PpD$#VsaP18Z*HEm?ysB?3KR@m;+e3WHSF`isa?Q?eUf#*Ptlx*-!R&qA-<HXr
z-<=<JG=JXl{LmBmA#dru$idC|_a_V3*Bf@SRaV#+nxQ``ksGCVJ7%QDmdo+Lh6B1Z
zeq%`P;T^xKtbDJMb4oA2`=j@oKj&}CCG8wI<v`sx9?7|`D~{ED&FO*l2Y#4&^>_TC
zgoF0n)6V_<8^+ZXo=qFu|L|z8unmVs+V92sT(kC<{0^~xvlyGppEc$K4f*PY+4t)z
z7v^S+ob7f{YBV_~wb2t@heoP(wuho8Om!+%q*R&TWOQA5Txl=azQ{YTQMrHW;WJwu
zkH1Xz{O;_qquKM0XNR814!QflHuuYizc*M{R(aOc%nExQta$wk*5%wgFfZ_kRnM=?
z+&yXbAC=E(I;=m=soh3?tg>m1#mL<w^wrCzF~diH;B4N*v)-kGj0v?Eu(kK`FPz8!
z^X9trdwM7Tt$u|?e_dgDR+lx8FJubmON%~q^87Q;=lI&D{#wPvOB>U<?((E_U(ll-
z&o^)Vm1Wy^BK>@KWBU2&qWtLC*PVJk$43{`Bv-fS14Y3c^FMD+-f7hL0^E8a`p#^X
z9z(3D*XKSjX&8HbB^w=uGMY1<I5Vl2e#p-~dX4s|^#5U&E!X%t{Tg>7*#z>No9(@}
zXkAP_=IF0=6n0Jh7rJ%*+oj(=rj{>VFu!4^9^29Gl~$F!#<U|fTYJ~r^wy=`SPI^S
z+_&R=_tBri!P<9Xn0u%4@JIBiR=w1q=Z`CM-+q@rTQsk%X4XAp%bUOb&a_EdrS==O
zIWwzE9`9-jUz}Vxbnb9nvGq25#YX+IHa%&wW}F9y=u1+GR@bE2?7|_ocF|N(ag(07
z$X<JMW97Vl`Z|H{D7|l~!&;}$j{oc%^Tv$TL;HIEX!N~TPIliHq8){Wn7(_uZotry
z?#Um!L(0F~X-}`!ZGZVhM#pV?^P`LB<PYoG+V9%!*XDP*k9Tda%X4wnaNoZ0(XMOr
z%;ea%<d^)UA8)1p>>D?@()H1EeW&x@Ym+wHuzI*^F;|hEWL<vA-Q{oS=H!l_<*rn#
z23%U)#rLghY2roQ^0&(MD-jVJnU&=WAHC+<yg2>!m~!oG)q(YyaMCr0CKg+-&DZ9S
zRc+b6cER-n8gDK<`B9fI&dx1O)vJnUQEh%#l?K`(J#tPoOH-ucF8_V|E`RT4&)9Wo
z-Jw+NQL;8kuE+LUyjyqVOI?toYaQQFD@@>p5qfx!9%wzqKZAHhsyVMidS5asbd5T3
zW<hgfWL@Ehb;igxwZ5=7U$;Q}fPA+<$y|M2;kWhL1-mw5nalclK&A~DJ6igo-(Kvm
zo_czLU9fAdzJGP*y#9LZv@p5oYj4dw>zmdeK+>hO@Zq+%GH-S_Hd$VMx236}dtmMb
zzaM|(Xyq{GyyK7VPUbuTyJxdJ#fld%_qsmLR)_Db&@7;6mVP@}P%&Mryal`T;|Jf@
z%pBIoAhor}V`J*KrG<WbuyU@yywx@7zPC8{;-{go<I}6p!uD%RkM`?#C_gu<^_hNG
zHWeHCR_5Ik)&Pt3h(p!7{_3AfJ~-t&TsPk@77dPMDu?OQT}?@CjW68;8uqU3$^Jdh
z7pM<3?isT>roA4ryZgXP?%9Hiy7LW3^AnEe$Dhbws6BjrTBLSizV3yJ_f83}Vk-)3
zh+Jw;<<wKI%qDeW3e<5gOeT7o_`y4J9Vtt%tz2?k-+k4O_h;q~`8LLR-c+87y2|Ek
zT|>6Ec0ujqiR+h-7QE1gih@>KdE`Mchtt+JJ%4^tcedeZcEa)O_!HR+)wJZoU3Dm4
zAL+-chP;0MeoIdhzOOT{H&TW(U)Alc`##@LnVb0^k7o|Qt`X8Nmp{Gr&_wrnl<^JO
zY%c5fP4;z9svi43-M2iD>uzJO>4z!4973F&vkS91T|?gX9d>c>9AK_`$He40z>!H4
zwd--BHJhux<s$vFXFT=0%rPA={jjvlO<VHES1$gr@qyek=QKQX?&Jsb#gG~LmHX1E
z#p!GB(g&_vc<lp2y7^#2&VG%oec+v3-2=~mZ|Q*M?1+X#wKjtGWhRU{()hr^iw-tC
z^Y4=%&}GAK4c6^#eBjdDhc22|dFfR9;j(rwwhhm`Ir#xSb@LO=#)p#HC&mrW48~g9
zJ_(zcUpi&T@H#oJY}PN!LyqWJr7A00^HncYbY@4j9@5kOQ}~pNe&@^jbAMm==-OZE
z1&trC)kiM|>G!Y({hsJopl-kBEd3f)-H@%`;fEgQ``!9GyZYl;JOHD9Trqv;+ZW%X
zKMMH4_np?bx8a#-llN*GY22&F7Wbl$ojhRI9r~fL@%wu5p!;`8eYNU5)`06BL#vPa
z=SMmBKaxtSqqkcN^~q)J;kEq0mlx`Xz_W^vjJ3+el5?sbKF5xuT2^r*7mMsby`=Dc
z_od20_Ca-f?LkTn$v1NgvsHWU2%Y7scb&Du)|%AkgBo6SO*orS`&eC8b-H#?Yxb<x
zd}_;~*6avANt4a#7CV=HU(&Gmw2_oijcuOqRm8yRC(o?@>6upFv1iV@T%Du8okC|6
zA2QL;oqPUh&*s7dX-fw*J|MH{SI(II=kHSusw*nZ1=qZ>8kb20k|8<fNOShIhU{7M
zZGZ$-D&FhArQgawR2XtUuh*WJE~C7xtw%6tX-ieH?Wu0^d#XFNr@CuU>M+{@JN<Qe
zr@t=m^w;H`v)rC)cA&1y?ojyOH{J7BXEHyIJ#&|H-q+&)?gOv8dGeC({G_A#i;w3g
zp2%PHmflTxt$bmAOl!WrGtajkAJb#Lx%~OLd^VTQwdxn>L+%qn*~z(VW6~YkqJB`9
z_2vU9eP?1}_A*Tp3$s(~=BzQ8CoZc#IxU$eF1M`vPvo+qKal9UH~gJ0(+&BNyI9~f
zE7l9C*~=E@M^^60<)<9m-<kbD>!GfNhqg8!+A_89RQ;$bJ)8BWwuR2GOLu06wPw%L
zbxY4|Z|rfR$>zwrg=eXA`4RfFrTTqL#f><uPV9bk=bLkTyU1lnB$eBzm-+KUb<I(O
z-%QtTU)_3+>kqwtQ`6kNwxN4fE_<o9YstH(w(LD)qDre7KCotlUf~;<%a6_-_+3MG
zDleT^aqZICF=foiD~~sBAGLC{^RlAypX_<;Tz-`1<}u^0%;oa6RI;uie}P6u<vk7g
znq2pwT>gSwmbais<nnb3vlomR=}3KuX?!kQ=-;fyKz@{ZQ^gH9p07Kezu<Vj_IQ5O
z@%-o|Z)*J3UhpgZkeVIZoE>d<^!np?*`W)ikJKC1j}_P6&poCaqsPX4uQ@w(+L42~
z>}YM_J^x;V&QW{LxFI`w{}+^bOug<5isuE+r{%V(_uQ#|XuMAK?RC2J4ApOv`m9Ix
z^w#WD^+j{`vWD!~T(-W@i$kkww~uQ50JX?vYZF=u)ezyYTo8I<zFCiiXGaCa*68Wj
z;dPJA%ITf4ljk3w+gA5j$@~{heoTF<OZXKd<-%?wi&eOwXPqkV4)w}=wc}X0+&uO<
zRhydFYAW$kGj&@oJ0;B4oSo8;y{wo|J#(G1=CWg!W}3588xGam_3o#P`z2FOWiYlT
zjjRhjIp2O6n3U$`(rnO4Irj*$>z~uYtSx&rkP3C!n{;JTguj?D9Q0tN`c9qyLPq0Y
zzc!SI7S0!4nyYV574F&>W=HP-;{LxYOt(7M`LNAS*2Tj5ym6(@37!|dq&qw5X!hdc
z*@-8z7ipTZHBYb~!Tqk=k8p1&yj1v$RJz|C=k9mkc6Ym)gp#}6!(+JH)t3<lHud<X
zPq)5p7~UZ6YdEdv_ktQuPwstdbR4yZJtZ^xeIMtp^2(<0R&z<W)|8t4a@lm!hjmT+
zj`mBwG!(jD(yW_Deg5&xn#&Jb-@bd)z6!KU-|5x;m>z^?UC49L+>a%{YjkOyh|awi
z_hIaWF4iKzk=OLzKZ*7Sc!of~o9VZU*G@@RbH#5Ps$U*1*=G;BK6}8Wt#JLBY`P^~
zTJd?3cYRLlfV21+?sKWytxqn@%-R*c#GAV9k$S(@sT*3|P^0sI>r!Tcbmx%~tw(fe
zuP)Bwy1VE;U(YFQ)v|f?=QFdidiej2(dT9KkdZD#O@;fww=%g7?OdjOS5K*4Utaxq
zc}quQVTVtiazkXH%kw1-lb7yoS=Ml9VD0uKgAx~>)0{m^Yl>Qb-pPGE-;X=4>n*R1
z5HEA_)>+rN!t3TP+u_Sw_DCybnX`R62KOr9<xF}O&qm<q3dI5)O9oU`Hq>op-XA~%
z&%21$eSXdEWBVJoyt#Jo((QN6Refux96UAk79YM`y37++(k?wIzx(O^ue1zZx<7Yh
zVB-<@O})Kqw=0{r50iZTQd^d_9vQfFf6LH>w%jkjs3CLj=wX?|H7PwJk<u%~L1nIW
zmHAkqS9RyzT(NXdi{9<?LwfZ6XD_Ya|L1(%rEm`K&mDiXP5V{)e->+cV%qogJe#3*
zot~<lySggp9`{s=wpY|C6}p+jR;NB{GLA*K3SMA~c0K#A!JphCB{7#Vbjl*ue4+1-
z^?ttmPNnlK#NQ~~uMW6C8G8NJ@j~*g)(5H^hUxj{T8)aqQwx6;NxMUtbnd_(^M%7F
za~ZvvR3SgyQt=s;xtBaXrDe}gM`R9nq?+sZkD1Zj@uzxEzoFwRxsI<|_4R}2<ErHf
zjbMGJnSSYCJ6E5$*`-QV_D`NSI+T1MsrbCniE}M`-QIn<>c);*eIcH24!Osx-+%nv
z+RFV4bxf+u()!zMddD(3ymfn*ROz=C9-Mf6@jVUS`}gr9?)hNmqm?H{pT9*9Q)~Iq
z+9(fth<kMF`x+knfnGkgbw<On^4v-#mgjPfM@}>xX(^TPbXCK#evLb4uN>2yIpdKT
zKU;ZfE_3?+ZoROO5~!}~uP>Q5l)W+fqSN&)cAhvq^=SUIUiDc|ecDx2XRfjOk54~i
zoc=_YUNEcqz|OH{4KKbo{@3@^{H|v9`Q!EKXYG`hxl1oud&-vg@2G$OeapVw@u%6(
z4Elp~&5VO%E()KP&*e{BvasUF`KzxQB)^)I)rzD`sx{YcU$U@Y^`G_ACOuzg=3S@S
z?G=1$;n7XAcoV-u4-nSw)p?bBbZv$Hu%j@)DOXi!@>Qg{SN|X8mx~!%U)S!f&;aCH
z&H7tF+Zhk!C^i0i>=D1<C&2ggXZI?O)}Qn6c@u_=P3ov8Qy=W74gdPH6Fpad&Y0xE
zz~dcftH)b*CZC~Sd1|93#XCmdbI}`>Pha)Q(5J7r^Q$iXbcXLXB>CMRM9_<}y5%_~
zrBf~EPPMV_0c&v?-4wWLi;uUIljnpg{f(Ue5y1U6UfC~kUf`l@i+&f^Z-&g!yt`ic
zzImC~b-y}%r+zV9k~uRsu3R61XgGAXZGY&`+~pqdbGK%h*8bfO=ogSm|0JI7czLS8
zw<mcv_pi^e)@q$_q29~U-E_Y7!3u4m>$j4^E9AN?=+WF^1FPRVwO~JB*Ki%9?Z<M(
zJ+;~eb!W;@-}7!fvv$GgZw#!SS7G*CU*F%W0K0IgHpf#>zh=f-uT-Xre!qLBo;&C<
zUnPG#%B^n(>|#@AYlTKk>G2Y+ZRRxbm$#Eo7`6_cm$owZ?I?V4@Hg=%otrc6V}uvA
zG`)S%!FT)!v$cheJ<A4_uP9zFq*jP$F5aj>9lI2`uiT=*`eT~{>yg_Pc&2B+!gvMb
zcamwEUq>j6my>}C&uYXxr0}%3dlj}QEK?{~_=$LaLEfmaSb@`Z%&wMQ|D%7pAAeib
zFz<t1P?7G}@07CBe0-{p%Y9tt<BX5f*PJ)f=Q*|fn)7Nr9-q19ykRNQt~qa#!kG#+
z3Ih~|dz-ZKo-cin!uwJeY%fpq%jyN&`wiUH@`049om#Q0CEZq5p4Kby1<c=uFrNKM
z!(#%>^HRp+N9}uYs-^_rPOh#AS6-HJY30Q<`r7R9Z<y;~f-|Ri-%K*83kH;B_zs*;
z>vzrio7Qi*b$x14OOyWm@vSqb>+cvV8NHzRH2pQ`ga^!<aq+E=m_2>^r8TuHJ2!0F
z)U{zl$Jnc8*A$iYYsO9(*U&I-{MgA8#;%#L>XJzpPi(BKxp<tY6o;=yfod)7YFoc4
zzuf(G@oN^%T;9~Y=<2!GES|Z1?wrLl7dFjZG<E#xP0e$rPGF2lXdcp6tXbQMrL&EK
zFjNuaEjFGyAr?<_T5o&H_rDvP-#DM~Lw$KOd~EG7-t6N1);{Ac-xGb*-~5=JwSS|x
zxAa=C503npy_IM2GH<uo$2C!G`Qo_V+r92%EBAoc<MvzqtlT&@|HhkcevP;GoBsR8
zHNIXed~E$@?Y84#<(gm9Eq#Q~ANOypo84M(Z}m2Rrq}p%>mN(E@-3d??W`Viy>9I=
zyH%byJw6T-efs#w&dQDLr+K^GKCbcc9v?sCW6Rg#^$|Xf`^D;I<y*VqnOBhC2h)G0
z?CBrlX_Mi;e1<mE#q2{oE#Uj|^IyS-b?D1~Xu~nE`p*b(*jJ%Vn71$gVSk1;q0c9R
zvO=2>hh>F%!~WkG_zCT61D^3@Z4CW~enLLP%YwX%16<Pw4t@58>w~<n2RN+rfq?I;
z|HJl%b?ys?^$Bf4KCDA%6ZU_||KH%6pp7d693IoK&%<#Q);X+0$cOeL0{?xDhrakQ
z@7lmm*e7ARAzu^NhsP_l59=S|DM8+_Epr1t?5i;Es=y}X`x;9V1N-p-4)ca}?#s`#
zAn)z~*93S^fFBBQ=(8o@M+CU9V-(gitbf?&a+4~r<$ryML4jpBF+$tGEU$A4Sp@_h
zZ2Tx;^1<WEcy0#}coQp&&%2X{7%63Qfp~0)nX9m=S1|wj1;GhC*mz#AvidXzJg){J
zrOKi|$wQ1_12&&^kP>*X@jO{-WzomRUo4E2Dr=y4@(^ps#r5rQ#n#6Es&c7|)s-=m
zQ}}(4b-A}6sTe8ME^blrPmEv#X1q}rw}c2h*!@ham^7r6PrYU1d=gv#^fe~&f!G)u
zBussXt)J;z%BD=l1D^{AFH_*w6ue6Tp*~=1`<;*yc(C!Gf|S66jn|V3PT;}D?@MTB
z4>ta@0S`9*{(uJ?|6ss_jej`c!Nz|j;K9a!E#Se%KOXQN7W$UCH={s|&_)yMe~vpg
z#7HR{wo<Smw&RN(uk7U%&Ql;A%&|gB`Qe<zE<R7KE#X`QHa?s~L_4wiFOh~%VuW(R
z)Rp>NuV8iNr;!1k?@(;>z|8@^MHs;k*!+A{m@OvwZ3>(-l>14A5ek&`m;!<gnDYVt
zhynr+9<2cXD+R0DuZ69>zY#{T2OIw`qy!#pymR7tu<_c7ae_VAcs|O6z=MtFHz5Sx
z#QHfag7y+)h7E0C-Y1@?;2yzL%z0X+0KZ-V!5(aVzDd~pbP1b%d|oprQ0`|GkWzKy
zxL`wUK55ek1?o_%KstDg0#eG)>Ef}o7#q$DV)8N{Bj{k`heArw!NyZQf(|ym9#Vo1
zHhv<c1RZSr6i5j=*xGV=fTsx~*qGR{>uY|lkRk0NAXc9BC)W`h|6!e-vHmmv<AkY`
z#rWYmYvbVq!U#N=F@XIH1q2>!=gV?P2|U>BS3yeP!Djz)Vf?{wSI{q^PQTB`w2!%(
za~Aw11sf+{7PhhXO<@E-V74#u`)vgT9?Y@F&kq%>5C2gZ!3J!3e-0^u2UjbQmkL;3
ze$${FY&ai>DMlYfB_;4+I~MGXBk*A3Ck8y&{PR=~eMq@Hse~DMrwP~?`WU1H9&CNS
zQ<x<9+XMa&ASLi%v;S1UgN?sOm?Z4)^*r_YOu&Cun06EP3)}elsxU%c6B~Q153naj
zO4)>KIkSN~Pk}m&g_M-adzpCr6H^UrI0u;*$lIb|>y{4*o6Ry|>+`%YLS8WAle}9L
z%+Kw@c0CQ}I<OtbKM^+n2ZU|hJ}!)us{aSYQ-5NllufO8Y={wTz*e8IZ^72CW?=+-
zu#N4dkP>*X`B?`kfd`xYPDlwn*yf*I!kkArg}n+0HYPR(E)+riiLHN_f9!k@>o3}g
z<*k)QUgAGjpsd#vkWyt07mvNg*o;)LxoDcO)%i+ctIu3v>$e5M2zkNq_*~*+c>2xw
z>xB_`aJd5YWGo@@Ce|+ID0~tlrEESb9vfoL2Yh}~!RmjXFhX9ijl=te$p?Qx!T5)T
zjsJ4Me=Xp@9`H{F{8It{t$;rm@P~yF$^~1wM<6BeVB?QMO5nkR6lmi=DIoAB)^Asc
zpbf+bHpY>c<7oYJvU93YcK9K-d#EO1q*S@B;;|>LRLCi?UOL_5EsAYC-yw|P2W;)V
zOW4NSo`Anw7~k068}M8cjo%;e4+<mLgR2yB3Qs5?rRsmFczjum4fCYct=Xr;&j@(y
zTX_0*fC6P*r+}0y>-QPki<Ou95F_{jb57y^S_K3iZ2S$75_qujD}}9ZS$i1YE{tFg
zrcC_bq+rL3V~1d4V&jc@gFM7YDI4YpY~p#t`f9n-tZplWt<P5rBlrYUAN;WPMoN|S
z`_$(m<;4%Nl{-;*v_ekdLjliq(CT@kFjA`AkBi4AF@g=)+H!}mm9<M4Tguw4VC#fG
z7Dh_>w>gCv!3J#S=68h6|8v4t?u)`)ODOBN3Zpz8A!8c@JhO`66Kr{Thn6Jx@c}<c
znEJ!>_<-5-)U)x^0)AG&w*>rE0Y5+B`4j61{=s(st_^r+p#N+fUM5W0#AOQPy<CB@
zPTL<;K;Xe#YvI4IfWU)kOGe@E6(|n=6$NYKkAz8we_g@&p9)*K{~~;i0(SHXf<4&E
zT^I0RD|eGHN!WLJo_c;5QUVXQa<>VS1ixKil48pJ3t_A0UkVQvho2XO?YJKmW=?@0
zg|P%bV5{df0S~r%en?o^ojs41SbbWB_0RFEJdb{3z;}2)C%!Y_y8`~h0l(Gric&iQ
z{&vsj#NSDxg!+TuuNdlqfCmo~ms9u~VXOZ^VH;ydg%SLi*ce+Uf@ER@8?em}9}za6
zTZOGpb_gTbgRTERA#C=$g>4OUpD<FY4(E!e4#WsH;14L|6u1`HJhn}Ei~{^u6cFse
zqZHs@Qb6FrR_B+6DF^;P8voe+G_Zd|*!=t=;NK4Te-lRV4?af$KfGs*z?)eAj}w6n
zF@g=)+QL{y;KA1Rk3mY{!PE^uw<{p<VB_zEl)!^+Y_P^a;7zP<Lq*_|7%62lL_9Xc
zNGY4M#bZN^U<0;m1jp9KOs%kurLn>Y_F&^1gz*PIG2kZ)Bk*9ezg*b-Gp69lKSKe*
z9&Gk=ASLi7)+e<h$V-f11Gc>XH+9AzVr7jGrYvHFvcRV(<P<JYuy)l8pYD0)O9Xop
z^EpxkK8X=*z;?gfC~Rx#>B8o}ul}L0tnF6`BlrXxzX(zS4~C}>OBIk(^&~$wu}`ZT
za{@wMFxM&iWSK&LkJ}X^rTjBz;-47725fWe#gGzsu&w`_ASLi%c>K&$K;Xe<AJ>y{
zkNwRG2=-t*7q$r_@Y@v3&mLg}9&G%5kP>*X@ee^t;K9a!9Z~`hHvVa0JJx?KZ0GeW
z!U*<Yv;PUC1Rl(Bp<Vx70f7f+72tVu6@dqvA71=H;K9b%20Yk~3wvb<_F(Mse`Uaf
zjsIZ4gN<Jq@L=ON1U%UIj|4o}_)i2p*m(BV5b6mw{!aoPY<#$%1~#5G4}u@C@y`T2
z_$;N<53d9~*!Z^s9z59Fr^zJ2Klp6LQ0D|ZxLRCJ;X+|tVLx7&`oK>SM&QB5w*)-c
z_{9MaHhx9GgN<i>h2S3y55;4^2t3&ASw|u8VC#p^1Uz_<(xJW*@L-!Co(p)e`Ts${
zgN=VZ;KA0PzX^D-*_UhLvi|HR%shbUVBymg=M>Ika+A;&6PwSci7-r>;YMNn5F_LT
z+ZyI_VbbBJDHuOX*!ULV0SY;VB??HXI&l3U53$vGoG?<#zDYdx#0WNEyRK2L^$FLP
z*$UL*(+XD4eZmNN!FEmgoUrBHFKqq!Rbix5eW)w-3F{1Ar9ioND<I?r6T^R2!LGT?
zvG^eEVFl`m{)hqs54QS0E^PKs1pGGxo;kTnfwEpyK=5N?$9j?od=VqqfH~geU9W(^
zgY8<s9Z~`h=3Ky@HsTNdUIpX7D2%{^jek<u?4Jtw?+PQ>gU$X`VLL|u;Cb@DseoV)
z9-u&d-cf)9^Gv#3-&t2%xr2l`O|Tgp*kpwf@|#${tr0<fV)9~hqe6=UemF)5Jb0V}
z{Obw`{ObyrDd1;FP!`zu_}+i2w~wz8X8&T~2W<9dP>6(b!K`JWt_XPW6wmJpc(C!^
z0S}($?KA2GipGDL@DR@rqjMziU>n0DyiHF02ZSx}w7`b<@hFbGEdhU(Fai%YpNj(?
zZ2Wb?=4V;Jw+8&GfWJ`~!9N&3<lh+ZVDo=Vz=O?xYruoeen-HA&3<>lgU$X^!dCxJ
z2mHRk9&Gme1N-|uPyUAjd$8GmC9r=a;2#g{!B)?w0v>FBz7_Cbvwt?=!Djz_z=O^H
zrGN*U{ma7E53dCLj{<wJ`T0q}gU!#+10IaeoWh&J%=zGd4{W45v2!2A@D0M`C${Ss
zbApZMwZc{|^CxZ@S2uf1SzQWN?oMF@8xt$*m<Y-uMz8^!|Kq}>!?Uh7{^tSD+-UrX
zfd6&CGiM_B0h_&Rl;^?5$G>+QKR`BCAJ*;0R|ovr0Y5C@YXY9%%FPe!`6|^Rr@-&v
zNU6TsDxN&VLlv;UPXWOmZ1uTc*!&*|_=f}j%K`s2VFW*5^TV~6D#8D`0>_$ixvtsq
z{f;n#jfoxK!6K*!F;dEgy$NiH5p2L#2j+FF!!%*Lx4KdoDdqF`DR;E;QZBLiuNAg(
zxxSH(|M3d8wz*UoDOE0gM;_w46><vG<lK(eGU4@}e_nXH$NkA9!6%qDlK1R@2OB?J
z*y=nY;N$xdv%f5`=YGWa*#Xb}i1CX8p8FBwmk0a`Vd|SxSSyU6gUx=Eu+_6m*zDQw
zMbN><$M-45?+NU|#@`$8U^{l76($M0{Q>`Az&{l5+~e3h_GiMZJ#q?f2qX9boBv+~
zJh)ovIfZhZNU%4tbK$ch$VR+R0sHal92*;Rg>7tnQ<%LWY~rzD<M91*W_`=pFg_=Y
zxIPN_`hW+U{iJ{g8$T`J!N$kyt5Z}~PGLb{4>tSwcLY~2*{=%h!Nzw4JlJ@~4}yNO
zv1G?+M_>;&es{owjsKJ|N%;SC!0!wA`vU%cVH-0K2-hiJPT_fB8xOAwBltA2@o=vQ
zl8I{-$osUyxgNi)xYFa}KE|e82i<tCL3XaO#<uam-jTH{Crmlif!_p;9~1EP0pAet
z@iSWHXG&n-ER5hEZ2nsU9&G%{eiO9*yjJ#L+RL12*P5FGpGtCK{dt`<>PKvTt`|N}
z0Y4vBK&U5pgaZ8k$+gn_Kc@Uv&nJYfp3ev)lx1S|oGyZT5+m4v%M_^3ECpM4T`i21
z@-sj@euxolz@rrKGf@Hg&(1qcJ}H;j?wuzHv*$p$lN3m&+(v~972ww>aQNWYDx9kT
zze53m2WJ)Fzo20D>?hbfc~BU^-o*Nrd>I8|1RJoOkJQI}vc_oe={G69!DH^t5%Pjr
zSK%X1MhQH4uwwYl0S_J{E~CJHCP~;I5U@4g<HDrFKN0YU1OB;ye>LEb30t54cVYc=
ze%=<a`jq3`^I&WHxd9Kh`fx2UKVyaMy0cB#_7*-VY(Bx%0qQ`&gKZ3aG2p>=u6;M)
z!8Xpr-(<lyX40G#68Z|vyoZba!rYJN6l#Sp_jq++51!%quLxT|926et`S`wUr04%N
z@B?1%`NieMKFJFsZafIv{I*8e`g5)4sq=baV(d2t_O}Ql@L>F4w>99w#_td|Keu~6
zC;K}CdvMnK`Kqwh=MiDMc046)*XV9xyN<jN*!(cS{~X|72Kc=IpQZs|eg+Gh|6#&b
z=Ne(#`<ft((01^RifPN|0{hPkFZKMt3eWd=raHv%9|>RU`CkZ|J>PCz=J^MO&HjY2
z)$=`JggSupimAg5A}sGWg)Q&t8nkxq3}paI$P4BekvAu7?Hv*DV*<WD;2VSy{D8@e
zpNYbDUbh4`N^)ZJp6!(p+p(S^j6eL$P(aYZk1D|bN&$g4F`x7y^&m#D0iUe^zfl2!
z2OGZ|QUVV){(vw7e?Y<br-TuBu<<WJO5nl9zX2(M2OIAi?s>5B+>ayJgN<kHjlhGA
zkJl~6uL$hHw%-`f^BSVAZ@(DWgXuH+{7b?%{+|kLl;p(vAH^`|1^I~)>I~)><MUw!
z1Rh+c0RKG&ih!pN&s2c_M+M_w7q&Y8voL}^*!Z7AO5nl9|94@gO865B)Di!`R<Jhm
zaU%p96Khw!2=Wjk*nmH%fS;WT2t0VW0({(FtIt=JX6<@J*!ahU5&VFuGk%^>u<Pk}
zgppG9q@SrLvH52o`WyxPEKwkxyh{~q9$-yj{EC2IEsS6fw&SuHQc|i8tYh&-j9>${
zvgjKG9$cwF-7Zu>O8KPz_#|c;#J)xWDP><H9(!U0n;HeCCh{`wkWzWMUXz#D`f#W)
z=NEY=Dj?(qk5qtXUPt~TpMBX(QUc{#jGsmY>o?X8q{B~Bu(^GqFjA`ATg8)y*xIs1
zc$w#ap!foXoWk!E%m!fP{%7nlQiqf6F*44nKhJ#HnCD*4#@l67Oj4?itk3aJ%rT=a
z7c1CxbDA(xD(^V)<RwP10o$6tMcC$t@c4qQe^_%-J@T$lu;bDxjFc*Oym-nbMoQU)
z<M6-QChS8y7M!z;d-`)S6_Avw=P2>Cg%~Mi!(53C@h}B^UZH?s54Jh*YDft@*!abe
z5_oWj0)7rE*m?b3VFVkn9lKW{CGaLTx8Ep&x)CGTfNc!i4k>{L->g8n|Ehq%gKb`V
zSJ=kGd%`w9u)l#|59WCz{P4Vr^?9f89MAt%z<*2lQO~cVvJ(7&IYv-_5b$6dpMNN<
z?9Tr8-7mrw{tpCx9u_wK%K`tjfd6{HKN;{(1^l;!5&VPg_&y_S^?Ww4XP-*{oc)o2
zkMG5-y{};G?ZL+XNSGwbeLdiR3MqjH+x^$O0q+d-pN*L{!X#Tv-gX7fnViBd1q2?<
zc@F=i0s;?aeuw{s0s;><d*)089?aa0{l0()*LnVL0v=4?W)z+kUf^xcf{@@7Z2dDt
znC$RF1D<_a{d4??fFBd^+?(6H9q;X%|9Jn_j(fc4Z}!cB{~5kqMecWVV(K~9^Eu&#
zkP>+CS&E_71iVxyb{sj^NG3+e3(om)lVa-=<{RthKMMGL!nF$I`IZ8LAMhpx_z7}i
ze%QBUO%8uEqy&4gwf$CMlHj)pSl@mm;I|5!{SJ&J*n_QadA5xt_}v0#|0zfbJea<s
zK3@oUsZOk~?vj>KAV$b*Vm4=sz=qi7!}GmSDf_IqC$>GD@LKG%7S6kA-k#Xj2I2KW
zv=gfj*Ba_WJWzo);(w&aixksj>c%x?umbjL70MN`=eVEd@n*$HskY1%PhMhc3v06h
z3iw%}VEj7a3l!k*Q!xJz2qUHZPZW=T;z|YbPE(le@h22pTXqXud-0Fp6HH%_H=c`l
zRuldO1q6HW#R?gMoD;*dw{K(V^nmBP2gX+gJkR#nx`^MD5&W3g@v0R;8N@bzF7!sF
z>^YX$6K5523MU&6j7#i^5qyGAS0FFJuEmTI>H#-T0V!1n8#BZRHekCJOn{WYgZnAq
zbCLp5$|uJ(qd-h|Vbh{u^ABqf1RiY1db{ux1^oZD0)h?rdIfx*D~C4!@cRXV4cLy|
za$%C-R|NcOVSK=^4fypKOW?uy!LBRd!PVlZ+noU~)rpOP&r2gOF@jGpeMjCG6%crE
zjRO2H6ztgjQn*F|o@dMu?7{OD!^ivNHr{9#f<1VJV(gy_crf==@E^z&`)Zo7_2DdG
z{d0a=0{*IipC9l`F!uIf+LBYaHsHZFer^yZiF&ROuyR*JO5nj}f0HmxfbR(GJB9Vn
z@%&zCeoDRfl#?C5QCdIW;W0eFQ8Mnq{FaSSmWdr-<~@>$tv>a_Hs6jHw)v3z4y*s=
z!Zv;u3y)BstSt%%Wr5FAfae;Gz=N$_pM#XZgPE78&z~tErRv-&9vh3XS*2h;?H&T2
z>xJ>$1CkHEE8ssYY<>7qk8_H*DcE)G4~3CZ^|?(veu)umz*g?Zg{^P51^g~ytIzI$
z|CBI-A8>yK>J#>rR3~;E?~{fv;xiPm|AGQis?N3Iu_s2b0dwBLhx0tx_;8*C8$VST
z!4KH@8N$}~nE^jn7{MNlJ#}UcfWU+8dbb-=0uQEdsb}0*HhvB$4Z+^T`U>4}jWB+Q
z3DjYl0#YjP`@~~UjQnTV;154%DOkU8A6cnDeQFh~54q-;4d<rWaGf!mxc|+Dxz=nJ
z1b&tVemIZJrY*4P2y8g7&4zJq_1PwDWA83ugm!_==5ArL`MfZK4cO+E2O%Z!;Bp1}
z;b8>?9&G$qASLi%<G%(efd?D^IHUv~Z2Xgu5_quj--MLFgN^?dqy*l?#ud8ZX5owi
zF@imKxI#{Wen#NIaD-1NSU>L;X3WDg=54;(>oNSj3f8xOB8-%(8@@6M#H5q=(+W>}
z%rixUJicDo)-a!;G7|EDtv>N@8OA>x*n{o(@@@`E_<2OY?Bn0Kjpw;0>Wlr;fqi$t
zb5CvdJR^r-4>ta#fCn4@vatDoCE$M)@UI8_PXqpqfd56nzb(u$qHljCtbeXPzZS4^
z-x0QQ-wpVTNaOh}-t13@^nSp0jMytMK0(E?*D8W!VuU^cb4|)A{8&LnJN~$0(%@$V
zb(<wz?|Jsb5d46Rzdzu?)0OW02mFtP?SAKX!X)8`3TC~1Rv3W?TiZtqn|*D-j}z8E
zXFopRPqx2d{@Lp=|4lfNP%hZ`_*q9grdP^_EZENzFrGCe*M^+JN(>~fjR`Ew3Ebb2
zOpKJWxkWrS7GuNQYyO#6txxs@Jm<dg2Lk>Z0sn+B*H-HJFABpw=AIFuEU=xk@w%OS
zgo|WjWla>wdj1+=TQ}YyZ0jh#X)wpzJSoh+I)1({j8HDv=E3+l+I=y7P8RHK4UZrC
z-_}dl3nSQoSsP%pLD=$c6sC=eQk(ftf<4&Az(<75erv$9_SQdVe|x~+8Ss0AZEUdj
zi{Kw@{{JZ8!Pe(IkBVRqHvUh9tv&~Y@q_8Z`i~g<-*-<~rq2FJWn}$9{=elv34ToM
zTK4;l+doz&Tv&{s&nQ?w>=z!OkW=7#jV(5hC|IAw*J$IPk`01AxLN@}FDf9V>O4(6
zWe~HL#eRbV9QHRWSlzfUu)6IKHk;dptqykvJm;P9cLzMz;(-d3^^gKms%{?=PZ`A2
z0h=2XIJe2mxrxAo?fU*}NC`aH>hKPv1RiX>8!(;++gJ*JX9t`88NxQkPBss4PEr5i
z7)vPE#Kz1t5!etT*i2Kfd2Erem9<!ShC)u^zJO=^aIEq3XuyA6n0ry|f1!ZjA3RC{
zesEAX@Ho#m3*!%au6Ne<D*}G5@HyVTO&BTFM&>bm5hJB+CWyy|7{LZ?^;s@V5%4P%
ztUjxSZEUoAOuIT1Y+n6{FjA`A-Qp>i*!=&2u#I`fu=)9%FjC47;}So_2sU7==PF1E
zJlOafg~<m`osI7lM&QAN6lm8@1q9y2#?t*F@I^dF0sEgRSi9a3UgvqPK?r{0>yhzX
zn@*F0pEbhfhrOms&vykp&uW%?{x)ISN#56l5y}E{zXSi1fCn4@--JoR{!IZZ>o<@R
zc(C!T0}*(z`QaT#8yf?JFH?F>VU93@J=psEYGEsvYo+n*ap|A4UmEZy+t)JtwSoP5
zVdJ^Bn*UoMy??OrTu+VvKe@J=pSuG;V6J63g)arXD@gy@SXwDeGO_gu$Foj>yq^sC
zPYGY-`9lHUEj-Wjyi03-1`1f+s)g+so#Qe7hYDL+Gldb37nr=%?Mh*i;F*ie=R!yc
zJlN)QzRy4s{L+BuJ`RBgvqymc&jvhrv^eT^NSGw-xzD=7^OeeUuE(Q<vmVFmWUIfe
z&F~YCH&M<%W6$dUAz>?bnXvh36*haY%@w>WWPE~($CtT@WMZx>Ifcg+5b6W2Qh<L}
z0f7fwKR*vCfd`+hfc<d=1m48P6?+631!4pnFfn<%6>L0wTlhPk-=l_G+dnC=#Pk0Y
z@XR4u&-bGc34X!0-Z(4Z!8XP&4|woQ<;yAT6ebBj>><zb{ELthc(BcN4OCtN51yeo
zr@%YE2t0VUV)(xfc(C>DGs0?)vwt?=c?XuF@pB~Lj|Th?0{+#2KNj%Eg%SLKQK`>A
z2RzvLHv%4P_56jf)#vSi|F?kuO~C&);JH|sAO1|G`8hS<2L$}UfUgetvjcvZFhaY)
zcJ2%pw*DLu@O6PbSk-g=P%muj=jOl$--wN8)?U<`7@=G+G5z^~0)h@U{!bw#=-^rf
z?7y!t!sCBcZ0o>Nsk{Vxu=!ywB?+DTQ0h;8Sj&x4jL%CkkYEEQ9e#>1F@bBnmAfOb
z2T$@gPX#>q63_GA1U~WqOX1r+zggsk9zP`9;_;gpORxvOrZ}hYT~+=jk0+|nhk86;
z*zU*g5Jt!gw()b9Fx7+KBW%ZgZ(t8LeqX?YZSMM7z{`~rJJ$a!jj9tPlm)gr{5N5%
z!<zwrLYREm$M++~zZ=+Rg8nQQHvgyNT!J64@r(fk{`bAM+M4!)Ag^<x|E#@#AWZ#;
zF~k3z3V)^me~C!r8wIRBmkV3FrUg8EWyZGz{8hpT{=tokvD+2c?+)xgCCoU-ey?zU
zZ-2iq0uSbTjh}A^Jb19UoWc)<Ny7eBf#IHi4^jdT=Dr^L!E$E(HeA^9ju1Y@+gu=w
zkQY2tF%;`P1U_E-kp#a*!20lGfj!vD{bay{Pgg#uKh}R%pZkRSiOVT`o<s@$!RG%9
z!e-C8Y5Z4&_0QQq;(7GP^`G_mpL-1dl>W0hioFr@c|_QJ9u?L<=ko^v|7yS=3;5#!
z|C50KxiCUoz_yP4UBEj7{byqs-SBi_Oo^?YGlVZ!$SLelK=2QyZ{hbSm_6&>Ydn8k
zvF-m4lY!j}b6(VVn|RG>YpNS@D4{GcF=erDe51$5gzY%~SlIHiXU>?%-Ze-O`N7ub
z6~YKS*!*x$r0kBb4D71{d$8HZ??fAaUSJQla^v&D?CS!1F!oRv>OZT`c+cm=Pa;u5
z{lR8GCE&qUZgaqct=v*;@0@(H_D1jzHhbRFw{gze8?&4O_kA|bZ-SJ#K2Km_j4hN-
zGO^tg-QjJp2jd@~yA=?4u(gHzDFhyDb-PE{`s&_*kJlb%&prTk!OsB&8$XW=Bk(46
zjxaZphZy-kwb`z`_#sB{10JtH+aFV~woo6t{yr~^U=KF_IHUv~T(5wi0XUJsgSq#~
zD4Z{B{%ZuRZ$}A}j(u&wj|=$m!gh?}J$&oi$+AK412+F35GDzJnt+X&MUWDB6YKMd
zBB&Gb1O?jFrhs4%Hvg=T%zuZl9n+5qBc=SqTUq}P(*ue8zdrf@K|hS!blbYFd~0gl
zrmoH;UTdhcts_6KqrI!GGv6_8c3W3d$C?dG8dBqW@H6sVZFAc;ZCboGzdlv4ZoaLn
zZGLCl%Jxm|8$|cWF)!b>a&2>dQ`=Sfb!}1F2RC%Cx~O6ChDBYS?d#V>iPP7%t-NXa
z=FVH<T+=tKU)|oh4u68Ge!hKu*QO}<qPDIX?Q7aLbw&KF&bGG2>ozXjlrNEE(b^52
zU31pQdDIz;+j~{MCBJFytPP!u+SjblcWv&BYkBqN&iVOGn{HJTr>nnv^vSI&m(N_k
zvh%i$U2UuQo9ay)H@2-`6&b12xozv$bghke*DuZOT_rnhM%&5_tJ<z?yX~4y`89Es
z<gu^XDv3ku{=j?Bx+<k<(N!&N`BiP5%iFd@l?hWzCY9{Xt5<fZDy0s3QvXGpTW?ew
z=9K7?MQt~4Zd<=HZrY-*4V`T|sLB;pBk`yK*uHXlzBpb=T21fln9<&A$Rr+`I=UEf
z@u=~Mo4eMQs&Jt>T^e>Ji#+)#=7{+Qm+X6u^2jSW+Simg*OV}G%f^oOmF-<i+B!>|
zs50n%u&!=jHLG*Ox>83%qvGn;8{1ZP^-5fHQ~Sm~l2k|^DaDQ~F$j~ynOnO07}-hs
z^tMj5v8!!8t&0zoN@hmuRau>j8aMMh+i%hMm;1z3)T@g(Ebh#&YVVTYe8-&i9qsGe
zdLNGxMkjOgA2^7zs+wxS{F_#8Y7DA!_3G7|dJTad_0T*Mc~S$Jd2}kMr{dw`dt-B}
z21=nbde^k1*~0v-QBft$A{!>;KF%$Y7|EIrIDg_JdUf*^%QvlWSl?b^nkaDsXk>Ke
zSGs8~s)9O}`Mu<Xv?SlrzDgs5*|B%F(yYtV-WAV8$ssIpB}o$cn173jO`E3YJ9M4M
zcb4#>nV{s=LVO=5oKi|%UDX*n@KIA`tJA&r^ibgE&F`I~uWOVt*`(GxQ{R^cmn|Nz
zBIm42X0_hFY`*KA;%0&w5$`X_rB4hM#57?iMwC^lGgq$cD^-V3zI9#h>*|{v<LQg1
zFK1D4^_;k7bJpu}Z|jWdUGYVj<Yd}f#S|FTjkD+^nMv+DbCNQDgQkPqde>`S{wC+T
zt+S6ZPm-`W-`WwMQR;{3oozbP=3hB|QDg66sPyK|?H#Ms*KTr(i*-Y!vpwH&)#i1r
zy~@_eUetE7R5~wN=tRv)dSUT~-Zg6K=-9AwMz5lhPK~Rl>i1!<ls>b}Z(FCDC-s`O
zVT0D^QSFr358Y%nDeM2hVt&4JQ;EJ;I~H$HaWmrqrV=bI@+|Ac8+x~28Tw99FZP|t
zG3X;TJpWYWqV^A$XhX6F?4wSWn4G93s~w)krM$R>=FI8Sm(N(#v|OiE)E~)6={ucc
zrHSI?s|^{sMSjsNDn$m#G~N4@yk>o{Jm`J#KWU<`oXv4bTcV;hJ96_?m{6i*H?lZ}
z3w1Zy)!ysgt&kq&ON!RWDAnh_UWHEk{cPME5*4FfV`acBn;O^EwnZn3F7El%xYkX!
zx`1`Jzl*NAYI8?NVm3}Qi!Oi(;cn&3ta-zRjyCRvd$77vwykOFyhNA4FvT5Ju018m
z!p*kx?Us7;^R~9J@_O8rJCb$7Y&UCmCU@n<nvhhyTX)uKNN|a5j4D{_M&4zcvq?vs
zvS&`$zz?fm>i*tkDS30B)Is+LGuN-Wdi7kbqo=RcWE48oG17TjTx+;2y*2|9_GCK&
zNm0=@fFqe|d+q_4ZL|U4Xw@fJZ#k-uTYr}p-}i4|fU(^&Vcf*9nGEVa_W-QmWJy<C
zfA{1=cO`cPoOyB@>(mOj1k6!<9vjcd3GTy;F0m8PD=Dm%`mV>i(Tsy37@8+ljqm;~
zQ?zJwbnp9qM<<T@y6F#0dfxE|3DGS{m=fLV2TA@$rFWB<bc%Zq@o=|>^*+uzTSI5+
zP93n|-o}+JcHV70@9B-V6>#a)K1O?V>cv|CoymxfX)994JG$X;DJAv<EJrEx<N!9Q
ztK(6ar08a@)QC<Jx&FwY=RSb1_DL+PKJMnA$God^mBmNl0+cujk4%qy?s$X1IWA$*
zr-Nu9^vD`!QoVHWPr514yX@kkz@@1zy|)8gif?t#<v>)mk~YPSfWG~N&0sz*b-uwf
z*rWS@=d{<&zhl)K@!6q)5Z(5hWv_dFKSboDSCY$9VlTjaF<*vFl8<N?z*!~-EWVs1
zY^f=?m{RiQ-}%%W(c{kF$Wo`3Y{PqgtG!O8u=29%J!==p!mYj)6yN6?Z_`@jx{tYE
z{`D`ijqdHuvrTJ}wL5X`-r3puD{RkOdh^05ZG$`V6y61dNje^KS>jIK`Am*h@7s8n
z*vCD5AuX9x!W(#(#5qv7NEdJY3u%31OX&E%-R0_a(_ZjJIfc8+hz)PoU6Kw~$*Yb!
zq2xWh%cR7TH}K}M#QnKT(&==Pq+a*!E>F@0;Z3`vqdRba&PS}Xr0a|Kh>lYIOIeC8
zZLB+4RlUT$yDwH5`!ulvd#n=Wt@n5={*V;j*js)zq32zFoDe#UZoSR44_fm^A1Nhn
z<DIYYoa=cHZ$-&MZo^x=I3>P&xAgF&?Ulce`*xQ%87aMQ+C#@Dx%TTImcCuL{5oiA
zQt@8h@qOH=yR?#b>E<nLW>WL;0QPZz?#Ejnsm^ub);zj(@0l2urG~3AeH<;SS?IK0
zha<@v8icp&u1NJ7*Yf0E-QCmrMkIUwBQBYANrSJAPndbtjOFvMX<mNi%xillG|!wp
z=c>|4<Y6mk{=zv+N@XgYMy{FD`^;1_$>q5!$<$XBXZD%y+NL`8m6Q7SP9xXCleDgM
z8o8EUJbv=>=?mwU>XXuG<eENn;o?#`JfGY-Y;0}Y#E~=Yrd6vObT?68+P1KI*RXOo
ztXHqxw2=!_-xe&VHg)CKZS31*=DK`)$NWxhp04cb+iJSMu<KcblNfch>t{3WO!~Ib
zwd$6(&Xe0Tt-mdDU`ybZTN(FJqMK0NHhhVU{x)fPe$J*%o7+00ta#(*Gor&j?%Dfu
z)~{`EZSU$`P~n*Lv@g~zD#G8%M=brqeAv^8-RniPzd?^!>#B(MH~b;HYV9H&&W<*o
z#aO<nYt@XF<(t;#8!n!tQMdd*Hk=Tf-P)Po*rf4$@uV=bXD3YVF_4XIXbf#zJ8nuG
zOmAJ;o0p5yd_!Zz-_&;7%$2J)<wGChbo~sOP3>zIx%S@L%Q#7z&{u+*cxy>#6H3tY
zR$UykYuDvhCPjz!S*xwrgza(uczQxFQjQZY*+y$$bItmj)^E6VeR7*;WZ1-BDZYih
zc;CQYylY=i);BL9S8iCh&i!)kwixo`+VupFpY*hKtS6|7%ErzO8}0eJl5tsz*Qbk8
zmg*nr_DE-9Q&#xX&ZbvI_Vx<1rSnQ*QOevW>O=k9D4kagi&Ex3UmEH>N?Me%R5sG>
z_3p%`EHyGpA06p@I=U!jDSHLO@{f(uFO2jFk<KHkMJY>N9O*ocUX(KTxN4}|C#w^#
z%)J&Art>;SQOew7t)bo=rO$|TUi&CYS&CObic*%kBGP%4vnXZmm5@-MAEn#to{3Fa
zYH^glB+_~HvnXY$>mq$wq~8$fD<Zu$(pN?L>PTN3>Gmps)xRT3UmxikBb`?Uic(hi
zl%e^%B}(5C=^u{tt&#q*NZ%IeydqYVvefO7&TBkHDRZB94fQ*tbYAr=N}2oYYp8!Z
zO20eO?~U|*k$zvKe>T$hNBaGdejw5xjP!>h{ozRea-@GH(jSTRuSNRTBmMD6e<ISK
zjP$1>{hN{gbfkYP(ho*@ccecX>4zizxk!IL(vL*?i;@0Pq#up+A4K}gk^V}gzZ&Vs
zBK=2^{(7VzkMy5J`cEVMjY$7_q`w*Izlij=BmG3A|2oqDEz*Az>F-4PyOI9eNO$il
z6i&#pREBpK3R31i!B9~3B89z*lyGIKQzQG+Bc0chic*#u5a|OW-CkWX|GcJGl(JNH
zq@Nw>=SKR_NFNsIHIbf+^bwIhD$@BxS5eARV<Npi(#J(QuSpf9EY%R{6C>STrAqRY
zr5dC3OC#N0u`+vJhcAk*|B=q?Rz)dG&4~0_k=_#NS48^UNViwDk}}HNrxL>Q7Do1q
zBc0c{ic;oY<qGxdqV#2venX_Mi1d7<w?_KPNM9A{ZIQk@($_>fpA;!dS*ktKZ;W(%
zT`kE|=02$#=3f`tuaEQ%k<RO@MJY?&9O<2rZl9q@@@Rb$rSqD2QOZ)cMEb3fz9rIc
zi}VjiI-e*jN}2ofxS{^hD4o}Bi&B>Qc%*NO^zD(pBhq(9`t6a<XC;bKmf98RpNRC`
zk^TpferKfL73q5--Cik9>Y(*jl+Neaic*&9aXHZZ&Z}}oDRZwYhB~jV6-D!ZQ4uP0
zuh|x<GWS`ZP#;iKoIRiNC`y@o1uoR>)y0I<{9jBI(*0nh^U0Q?l)29ig!-_eB2<>D
ziS%5gkBIb9kzO0=V<Meb8;errK7keLyh2$N&HqJ3sI2g3pAx#P@cDMrdA+_UWvNSx
zijeOABAwTxi=z3zs0fv%nj@W8s*6(Q{`_jFw-gm2-Ty`U+(^GF(&tC|!bo2n>3k}t
zD4PF^ijeOAB7Iq;-w^35BE2=zS4H~jNM9T2H%2<Ibrz+}{R!((@43HH<~|P=rgs$;
zA<d_ez9rH>9O+vl-CiwC=(5zdD1Aqy-yZ3^B7JwH-x=w9BHdnxPUtfCIo_g4nftTw
zp?+^s5h`<k8oWrAxliYX`e%!Zv)>=-_ec7HNPjTWAByycBmK*f{*_37B+|bY>0gg@
zUY{;Xnfnubq5fo15h`<^hAdKLg-<ahT$%gSahU$Cq9Rn5IvDBQk^XF?ACC0rBK`SD
zKN9ILM*2&Uel*g55a};R`YVzCYNQ{F^dCj~>ydsu(ti@^KaKP^BK_x){$`~ABGTWE
z^b?W(>q!5%NdHZwzZ2>2M*43fz2^cz_kTSW1iJr=^omG7HPTOu^wT5#)0waWWvRW9
zes`qb+oM7Qm6?yHn4t5a4iog@rYJ^li1f*kJ}uH`M*7@HUl8fbB7IGyZ;tejMtV5I
zQr~b!MgO$7&nvD<U7qFx^2lI?D(&BX$!W<4Ijgi^`VFrWk^h@sAF8-2wJQBxuk!)V
zs?_TAOJ1Mj^tI`K@H+ierO%nz2<J*$r9ZP`BeLD;8`J;p?TIL_EI8umXGgm2xSyw`
zW|cmXVmszbWLuTGC4H&4|EkkJoSx<Nold_!J>TotRq3-re9RL0jzX38BR}T#q<`*A
z+m7OuE`3k>3qGAZ)bFc3>_3(MORrz*>_45h9j9_v-@DU4i}LdU7vyz~+^W>Q>5L!2
zH;J#(pG+I#^=D*LmAWr&cl1{~{j+JiW1i^r{pk;S`$WG#9o`{QU%Nv)=<E-qw|aZ2
zu03`~@++7AP&z#0$j`@x5Oxl$QV*xU80G((*ZaBjucZGfN<SFs-|_l|@>!Modito>
zYn=Xg`o~_cbNUnMcf5YB)1OS!uShZ;pGpt(Ivn*qKhh^g`s^P0pG`07p&w4S_Ryb8
zw|hMq-_NHvdwrD3s!AP6Z}&P^lB(2;>ASrCuIgQtdMW)`uPfQr@6kx__WE5e|I6vW
z^ZNNte<l61$o`#3=Yx63IE5;G%IX}iC*$Q<+CFl}yi%3=QTkG!P9FNJCDQq$?8pNO
zRjJq0tGqtS9pB^WF0UuY?<eVxdp#-dr|CPrKF{TUBmG&gPjdRt(_ixXozCBz>A&>4
zl3jg%;PpRq_HU<u;`Kjt`ib<fz5WHKYk!lkvPcdnRO!>O{Lyq|nnG3T-Si-@!_nR$
zUgzU1RjJ>mNB7WEnFg=3@~P7PW{cPPczl)iGnaXt^R!C)nVnu&vh%;y>+JkgrB2V>
z8KvLnbv`Usm8#4<<n_OG_5(717TNz*q<^nR{(+f)@H#7{s#I0x=U#uv>4P)xc%5G=
ztF#|Fph5|fHm9GRInV3K`E+ik!RsH9O_lz{;%u*f&gsK4OTE6+={1=fz5XRv|6FFf
z*Ol!0<9@HR6I7KNk$Egi|C>lZ9O*|R{mn>!&+ErseMV(Y=WA?UINs-Yoew!yrD`){
zyw1n|s<i()+3Q?as#5ittE2pFk$y|0e=^b!c%7ZMD(%lc9;H7O>Cbwdm3&odV&+A!
zC)cA%nb&&gjhSD0osSAtr7q2!aca`okGcF)GVk{~r^z7g*ADNYH)kgF&}U>W@1f7i
z%<G}IWUlR@Uy)hUL!X=3(nG&0b5{?2e&)U&`oheYdgzNYPxR22WS;4vFU`EvL%%Nb
zk3IBdnKydq+OJ){d}Y^d8{3v|?CM;;T-xSU?YC@dzX-H$!zz#-$7@@;a`~FJuH_r_
zSkAh(bt~6xbkWA!QmgeGY-;624P6`Zsn)Iy?O5x92=`!~pq{-5pdPAlnqGKXzfzeM
z>z(z~y7u+J^(*sTDLvR%e6OjXKo_1EUzg{-+K}SC183p#>wz%$EQXlkL&zlC2V8`C
zjb+`&<?VVonpkhhty;cWpN7yg&a0NUsy-rD>fOE0l%7xVAGuJr@ck93g{SCAO1>YV
zHuD&3;o(OA5N40JG>Wf)l%P{RI9jF-U$;RoOZG^hpH*rfuXpq?<(&>$Pv=QsJzAAg
zmBN=ge2wj4_oTv<TQY&yH%ca?c*xlvy>bc%q40JFBWP2bzQhx}o8gYRhLRpOE4+oF
z#>$MN8N6n(Y5hih1E_0ts>e$fU3_+D%{mvUN<NG4n8FJaNeXK8mV};B_pe3>6^^8i
zyAJy*Jr<^6;KoKcES7KLy<*vPZRj~%<f1S>aTk2U#wB&76ct`r5H7r>AnadFh~7t_
zm#><wX6dne)xKF{{w5knPquB@sE-jX-!gfUJ3Zsq4w5#9?;42V%v-E8T~GVz`NJ+;
zL8;q#__)^_2=R9VIJ`QulFu3Ou7UEyC68oV#oTlNoeZPojfDgk-!}+eGBB@tv!Do*
z*9p`y#nV@XMK2DB33@`~gHN<9->|;pHoCgU3ju0k4?U?*^6-D*iT$L~s>X)Sm2KCx
zb#9<Zg;d{Ip7<9m@mRjtUeDskT=D?^y4x7{3U~^hzvnYplP3CCNW!#K;W2t|lGGoQ
z=FO{Dw{_~I7R5R3E0;V`t#qXnGE438;62k+@uW}Qn3qj*JPRI7Ek0K-o0-AqEE3CJ
zPtYfI3?G~K`Qn*TG{>=hog2}19QCZCpMv72=Vi~(^uvy6S~G|_VLCV5%b}&L<lAA(
zRRV;@hB}Ee!1BolMfZ9HKYH$7=3zG!k4exP&QITrVx2vq1}s`Mce!4^Y+rp_az(Hz
z==2n~d@V1c_kQqRHJ;wY1UbE_`8Ic<E7;&bl~RKW$B#M|y1XwodAwdOap$hk?ul~$
zw0zG8<Vh(!_nssbRMPD6_9V$Pml8g|?vq2xm1$3^`$A16t?)d0l2%YjD?D|cq!m=s
z-1FrL@1R=%7B*_6rB8EI!mrgrQNnsK-JW2UOz9gFTp93!sWclAUeW^+;PQIx@^%Dy
zJ<nR(>{+{}y$v4HXYjwT1ApntOFDSGExjS&HzwGX>oHl<HwS!Yf?a(!1$nyy8~!SZ
z#M#^u*qrO=q)$9{HXge^@z}M?W7jV4^K7|Dd(2*0+PAAF;70^}ZNS$D{P=)p5665q
zf^SXgJSE@-Q|T>1TW$;RFj5mqhd8te^XAN2K8N>#M<%>G7QT(HuYCWL+9U6WgZg;v
z^7?%XmlwiII<)cF+4wrUW8two79P7};judw9^<x$PtQA_{AGHH^Xakk>Bph->Dw6k
zbjR1**C>D5V|RRg-dcE{*BxJ9t~<Wo-W^|$-SPE#-SPE#r{U-KX^XdaZ3&M>*q>qB
zJ>RSCzCNz)zCNz)-oL8TcYls0HIZ~*W9e9u?#94BB-kB`R}<{&^TPzYWARFYU48yO
z!Tg{8crdQ$c!~45BjKITox$<FJ+SAm6_~yMNyyp%UBbIM{2;-u4*q8)SBLK>yz7&f
z670sq_Yz#AD9z@J#Epj+670sqkp$N(O8;$w-FWandrgG@Zo<3q;Opte!!rp#4V&%+
z&j24va0~cgg6D$&Cc*Q;Y+gwgE2RJ0LHEmd`soBOga4}puK<5D!K=W3nc%hHrxM%&
z{)+@}1V5SJF7TfxcnkQ61aAfV9~QQO+1!xau8@Ar!Q_u_eLcZ@;2%x!r@>!K@V#I*
z0wwn;q@QyzwIBSQ1Rnq&PVhtEZzuT6;Aa#32>Aa?Fh%yb#)aqFu3*e~T#o%634ba$
zysm}kS~z!oBC)T;KJ*{jdmEXg(wFmp@)2mWcjLj^Pf?o9Y16<y?+mb?S6je-uAU2K
z16?v-Aw9;yWISA!;HB^vB-o9I`UJ0lAC=%$U^b#9YZcN|MAD&<9_OI@&+6v-%Gb^H
zRk1q@^>;S@Ty{3wgTC^3ApSib9N@D9JT$;H0Ui-x!M@Ag9hA%FzQmR5`w%_NCbbvC
zuKu44_&os*?Zad3%X01QmpF7|!`rxWy^U+H=Usb!eO!C}TwNm<cCB&k-Imm$7T#kH
zXWIK54-T(Eo_Ax+@1JsLZTw6F`}u!Hz_)<;s~eKJV1K=sAK=Ac-#>1Qh5h5pb$#gj
z!S#u6uj><U<NCz&u1|bFxIXc1aed<JSwp$L?Y;WM`*eNc^SVCq{6zBlesF!_%W{3<
z{ZGTjpUbXKd_TB8@%_-NPkcWpYtM1$+vVEs$DV7uA4;z6e*M;KJkU6aYrDtjX@4Co
z2m9-w^Y5>N&cC;D{yp#fdwbWno_GGkYv?^m<(&U}eMKqDx83m`yZZFS`?a*Q_t@3b
zV^>d)T|Mth%5wGGkLTnM1EfEj@UEU7*C@^S5n#VQuMK#?RQi9n4&L6?!DH7~9=ket
zTod?rb@05agU9vQ_~Y)zp&t(u;r&|9jl+*7ZJYw{ZKi?!wP^;}kI5FWZ|_{NAGh-Z
zesRDr1^c|q0)7S9pChXRycX<_X$RQ*-x%Po0B;HKR<QTE4g8s;UAG4|y90htz<)a6
z?+y6-0)BtM9|-t|0{+VZ|46`pJ>Z`R_@@H=bYOEZ;GYffa{)dA_HBGA;C~R{R|1=3
z0WX+J``3`l!T$dD)Bslocp&)w`cE=g!SLAu9va}90FMZ;U@Gk&R&nL}vFgh8*p=(C
zE7xOJuE(xik6pPQ*Wlk{SFXpk0bd{B@d2I~;70K0g7d<U`DyTeOwIs%z9r!22K@Yh
zUmWmD1AbY+uL$^60lzljI|6=Vz;^}wmVn<H@Y@3Z_JH3V@OuLO(*b{Pz~2|}`@#1o
zeI=MmA4qUH*!SV7U_X8;13VD?Kw>`_e7gRVoUPDfe<|ze<X+78zw`MgLAieJa^)^c
z?46CrFjhB*y-$aIJzZWZ=q3Hd!2iPub~e5anAx1^cz>;T<@#%@Yj17h(6!h5bnW%)
zSl8aF#Kw(hpSK48eoh+!4$BSe_NAb1Urw;A1A|NA>hPyQTf)5mH@JV|-?jaYpj_Wq
zuH3IAylcC!ziYe4uI(PXw(B=-leAyIIsg7QY1ght6Q9n%?;q#?v4nU2{dL6o_t^RO
z?X6KE)}O9#tCLbWRCW!j2mAVu2Y)j0KN0N9Z4B(EfW7}|U|;7MVBf};fS(KYYrOej
zU(dw>UK(Hyr`ZS=>frk4dKkYC>HYNTAJ4n~@%Fv?$J^A%m$lvXkLP>!kM9T9Ki<am
zkH@Zm{PA-Aa|5+Zo}DrOu7A9}>mQF@|9I^B$M>P@ACG(WkLOpY4D0h%0bUFCK05*|
z*t0($PmcAefz3(#^Ey2Exy$=^<IUq5rP-J{X@B~@a{cN1%Jruohps<;8(n{TJPrRI
zyZ-d}r2XmZrmU$ngF;fSkoI+OZTIE6wtJrgvGJH}h6S}(lk}VO^JIb@@7Eh4b~b+z
z*!cQ5-eXsXZzeXb4xV>)_^X6>bqL$im!ExsACH}%KMwqOeA4scFB5y$7XN#PtMi#K
z{v5n9D9iJ%tp7#b8;93bl<V6KM2PN)0k=}1!UiG)h!7w`ga{i55FtW@2oWL#h!CMb
zg@P4(Bw&OJMJg7oSg}Hd3RNmrtk@q`tWdE+#i~_%v|^PiJzBA9kH4zlbHDSx_4V?c
z>-zrq{`m%0-g`g$nOU=DX3ea%_D<@IFUEuM|5j(Oj~%<Sm6MP6>#089C~Wodxyafu
z&zU|yTRFKO{fnn|?5^7w_AyYS&bOs~`IxtT`8;6z^3P(d&fhHlTxaVqKfnI1oxL2}
zmmgy*`}JdKOWY3oInn`pnVqobwe!W<&KGZ=Ivzi+p5*UM+y{F*^d}xjJed4LNgqx;
zl03p~$71c~<y*V?F<QI1Zhjg-Df@Z-FV`M^{bS`E&bz+ue=CiL_ZHneeyw8rI<4r|
zM;x4z^^xn=NB&IG#>2VA!_S863R~Us7|7@Qw^JSRxP2;(r4@;<Pi6Wwyw%y+>g;TF
zcD6b@Tb-S)&dxRJ>`b!;w<T^*Y~#xPok_QG<+|i;<ybqo{%>`@yBwp{+1cvs{QtTf
zFaO_;-9LY{V}G{n%Z}ak8ufJDj@@-TcGvCLUAJR*-HzSIq#gTrOZnZD>Hc~uzXx`I
zFHB`UMVnh&tt{nOTlx60{&luv^f6;?<)6LUF*@5Z`n_09`-uB8JH|cAPVE@I96Ls5
zJ4VlI$LMUw=pH*p=Q`zouhiL&(RDjU=RQ2n{fP%)Z<E2K55ZpMaMDK-kHVgJa?*tp
z8djD182i|;w*BA6;r}*%T(`D$wzhSyu`g$9Tkkt-+dO`}4XthIKqYJ2XG%S-ZQXBe
z>;AfYF;1*)eSWaEU0w28+xqifYg->D*0!^X$J+J>g{^IU{u!ox?-!vyuPGkm-T3Kq
z?Ef&2HS4|bb4XE67509ycFXgamv4RHo+kX+<NGqt|5w-WdA;`Xt-l^F$7}uN>t;Lk
zaliFfZl9g?rjpfdLCI_N_cE<byw27puPJ_O6JKYoO}u;?OYW)38trCv^Y*d2Ia}S_
zPst4z^RuK_>#c5=gep(I7k0Kfd;P7>&Q@oyo7Fkr6FF1zzpS%2q;_!rH&6cT$)A7P
ze!bmnzs|N_Z*yxaKXz*?&s(DoH<$fdTlupBYb*CyTkT0rCfGlM8*SUE*A44R-Y(ep
zW#?V)Yp;*Br?a)2d#wJ?mvXHBuK!#8-DCBCtoUnbzgB<GYxVzd@mT%uEZl+rmxZnV
z&Q^af)9UYBPv!R{?uGqW`V#ji&j7r>>}xRTLy3pspBK*v?ANrT@Yjky8TN9fz`rW`
zRQT70r@=lKO@}@280>8_o>(}c!P~PD_O`Nq@ng4s*-*;2e(`!*zxem8CX(0pW&Pr8
z<>zNC?=R(8`Ti`$%J;fi`F@RR<@;E*^8NXVm7nLI+e(?O)FID5uD7GVP&^&*6NNir
z-)|S}b?Z)g9d>_D(yiY;Zy&lphv|pCoPp#YOgsepGnwI}k0iE!_wpwveM;h~iKoHd
zZqs3Jx3T0IhrQiqz}`N>ZQoC5g#CL9)<@oV)<=F^)<@oV)<<4X>mzSx>mzTs8fALk
zR@n76n4KtDAAKnGk(Y0M<oAr$M_zyHBR|Hv^2cWlJ+QZJFYJEnBflrLKJvWQNA9sc
za*y?qdxldvBZ)_0_gf#i-}=bQv_A6sTOYZ{`pC!gSSoWol{o`;|4i7+nU(a}NuLAz
zxjz^7ewmk8_^)ftb*0VehWIS68TPfn`r6O&D!R}A6XA^|uW&-co&5YCu5B<XS($nK
zI9r+jRm!n4eSV&#JaOzbIFBEni`vj%EP31E-xcnFe_yyW<?VvMRP=6ma^X7cZDr#p
zKYMwycpCA%SwEDlt!5P6j;m&J`QC+p?rF#MhvKp0da1A-*X-gaTf?gh^Rr=7+Ls@%
z?aRl&zqO(3mUn6@C$smR)jyZ%_s&+P`>n6N9jesF&r_?v>sEi~8Xo7?<hOot-TK8@
zmTjNaT7B}^^L9h8su|eNPR@HPa;l(Hwt4h@A<8z7_)szRtcvMp^XNxwc*J~_$UI`k
z2wyL*YJTIm*<k#13B1iO#!ss1`xW#FkDp-b$)yrZJ^6U4s<nXA#Of^O_K-a2+yd|#
z=A#Ys|EEBSuRv90q)b(DLRA&KNl{i~E|u+grQagvH6H40$K^~t&_ANcdoV+nuSo?T
zmiQ>=I~4KZ8B**?d}`t|62HUwE=BT?_in|DobOS*)cIb;_c-6LIL-M%MIOhH_X~>F
zwm%a%SEQ4yO*CM+J+$`xxyhxSrN2%ud9NzweQRem@&RJL)>#$5L6MK^s%l8;a*i|g
zz1n$9@jB;mMe2lqqvE6RI{i@kwl?%<6m1NMH;eaoeT(9OiLK4$>5}$F*S9M2nsSa&
zJlc7J#(LfPB*hb)8>RCa|6Ik>oX=Cd*m<(zyPeNc<TZYd*V^Cn-t78qii{^b*DCTl
z%Ab{({h`wi^Ams5d8Oh{oqwUohQCR5CJ+2Y#XVs?qn@sKne+P;rzB=ds#1W`2esj!
zp}4d2O+;tB*5>jvM&Qc3wNs_KHuAnzkqsVF9DwC#oWPY!i=X%KT%pLAz|-s;Wl~o>
zj44u8lgAE<Y;c?6>z%0&sj7<8zuP%eCL6jPhw~&wHuP3SHn?4p4enHAgS!<c!Ww|o
zhp#!p?BC9#=LOCcUkjAYJnZMS&iD_4HTiu?k#gbl6_0b~Tpx0tqj-Tc?J+&+^PO2@
z__{6SaH>Ax{A0zn&PU1ff-_@&du{m9_f33Y;zJX6JD;Y=@<v|vJC^vS#J48qQBL^p
zN?h~$?5DV|Gk;%$e#L*c;^EH6Djwl{gW{W<X`j>JU+RYvT+#R^G2SSLucgtZaE~Hm
z4u7L__@}yuTQk}k|A?ZU17h}dJG$~Rp5cmL+i+QipEjZ1aEIcjo$Jyca(+zl3(lOg
zUv#Dq7dz80OP%S*XJPG^u?$C@d5?X4OYs-Z^zWZx`E{BYhoATG|5kd%c|XNnoZq0h
zE3CX#dEhw4*SV)tk#Rsd3*<S+`6G&>&a)MHl#J(YMLT!a%d7-fIBAsV`>J&M0<QSA
z)+^EVyl5{)1!LA7zIsyqm3}C}6~E@eho9r^f_1{3s5t2S9!2JEboegk`xNIU-p%<F
zikz$X=PBBn@@s)}<w_lt(sA1G^eVDHxLc9e@Q~uw&eIe>;5@F#hUWrBt3M~Gb7e{?
z|0un#N~e9`(5-H2$Pc<+bv_oqm@)hI#Fr)>OH6y=zg$sWW!$D{?I3+nY;|*H?!(XZ
zi_K%MAL=^g9O-<#Vh_AQKa}9gd&+U0B93~V1IxoP!WF+p9Y$CA9LtrkJWbA(t4lf8
zB#+J8syKaR<44Rn$T+V4Mn8z!DpO0|NxYWMe&LEgyJj4svoE;fpNX)pR5@{!&eR5z
zchnjG_0F89oX>b@V{2PoD6JIhkW8m8aO~IGR-QI#2fBy%;qV-RE)QeuP0o~g0<3*;
z9B`aRr@CHKgrl56*IO0g@DICA9pLcWoT>6@V>tZp6|-O384mx)UGG$cLw~^aE=9QV
z-qIHjyUuaJ;jf|VpeTp-h5Hn(J;k(vn#1(BDO&qT=lrnt5!c0xSMqYKj7#{PiaWwD
z>W30s@!xm5Q(WD1!i3d|pG<sT;)fD{De>15e>3s76ElZL`OItZ9L4>e=PBBpvr*t&
z@#n*|9sUK1c3k2`;vUzRDB3wCeVLf!#Q&t?u=9T?UgymC`H=H%ifs6wQ#={g1VEeb
z4*!>aD8UtZNHuNYv3WrLQ>2;ycLL{s@z=^ceWTv1?mc0`XBB58zCE#xCHH(f>2{t<
zr|xfXeWs$diS*fG>QVi@ekj4whW%ppJ6G`>=X({ct)yQl9&w%VKE-*O;*sz^6DFLl
zcx+;8E7xs&io5mx>)b>CSe-WsoMXJT>osN4&WywAAM`^Bu1F^_zN<Q6FH<}#@wthI
z6JMOz`r;)CO4fJ#7Op8onVd85fZ`#}?@+Wpm42T17}rM>nNRS)TX84&kNTkmSG@ew
z#8n+Mbs0*0QDQCI<{4J3!JG9%siv($rIeVDq8vM~RVM9m61x12&M_}p`$%WbfMZRu
zdj3g*Qm$u*URSjfj&IQUd_|jE{w#2=T-RW%A!2@xsqWmVI2}HqjO7~>(}mT)=!X&<
z<=An_f4wvt!=CpDy~fXR!IkaxLy7Se<#Sx{O^VbNKgSDK$f)!#ZQ-|h>A-Ryy&T<{
z>p%D%itULHPkeOZ6B3`A_{_v~e|3v~D8X^Os;=$p0D0{g<=J+O-nMp(s!xYJZ*f28
z8s|pT*~Yx`a=dVy*B7{_OL?zwUZMB_SpH_`@Q=HvF8@cJA6L8=mcPY0{0rREEB`9z
zzbpPUG0O>gtBP>s{eye@m3M+Rj-^%6uEU-8Kv&+0vcQpdZ}*?2*hM)9O_=b=c7A^$
z{-*euq_1{Hx4OCKmr1uib)DPtD3eQ1n7k~{!Tfqj@M7m@759}d^fR2P+hEeqPkc#Y
z{$hOO<*&B~^Ow|vZ%%wq;-!ggy#2QhPU+vqn~r6fy#0EQGC6O~bpDOvd9d;_4&i9?
z5p?;#r#Kashw%ni-me2!vh!V@HR7AK;bDxy;kg}Mo_iH-jEUEY??RWKF$TxIjEynr
zj2}4Ww2flQVH*FvGap<36_%ed14sRBjLFX}Rf{$}lk`3ub(@GT50}LD96+9$JaBjp
za?de}+#llSR6Puqzg2!X>fhsfn{+tp&wV&~Z&Bo94`cPq9k9x2mmiM$^Q&BV-Y(BV
z=SLLz=n<WNeSt^k@N<eQoWHBcxJ2h8h95ZpRB??n|FXh*=ie&6;5=D6A19EPe|_LD
zu<F*Ky1~&V|8Ng~AG4wjPp3R^cwUXJa`sbvjWd5gb9Y#N&SN;*jepGpo%s)rcDuv%
zx^#G3`=G1*&nPZ-eoXNz&d11qskW*b_EyDdiCJ$#w>i)~d!aLkl;D`R?b<*d#{1#g
z$a|yWv9SD{J8;zPM09y(D005Rmn&Wf%irW2$9R?N&5CfW*Sn%?Vf?e=1I~==?<W2G
zNw>L<g;XA!>zrRq9xhWT6VE>I|J4sAIF6UGi-$R$cErOm!f}i}=<=MRc(OC|z<~2R
z6yNRqEyc;sV~X#ERVM8K$9}mkr_6PVv@ago1defa3%WcT6m4#ihdBfe&&S>KpyDT-
zH!0o&%g@{b$JkrsI&%md{jvpJ`}(`0vKjBLs9`sudT?1+-{#D<^ZT7|Q@kPZ&55ne
zw@Og@w>DRqQ>ELulIMRMSMrR@bE-D#KzpC<Oxtj+Syf)z7OtrNq-(X|*Z=l+o~wUD
zEgaX_JLz?mgH?j#I@YdH4=wd-m0oqWaq<t`e*Gq9zn$8uV*2h)&h(KTmvq|S#*dg|
z+#Zk0q`V!R=?n6sQ{FDll(&a7W$f+DVNzE0uu_g4ix{1<&?(3KI*AVvTm7A1jz`>1
zbZ%9&eQ~llSNuCs){iRiOz9kRRZM-Xo?@=u7%S+fDemRmrFfJx^NRK38_WHH%@xj*
z@HCYD!WAl`Wczi`etM0E<Ay6Y7QY>XJe-5<4-a*OD<3SLW6<THZpXv&(B5!`#Y*Yb
z+N#?XR`X4$9#Nk8DVyo+*UFL3XQIcs&c2uz@T0%gb;`G6bp49tv2)+`G50fOKAb!=
zU9T$Mne;iXPgML&(&xKQ`+Yv?cE0PlYSO-%^p&u5n)(MxU*kIC<rhicn7FZ_<ZYMs
zO4yIZu02#{hxFZ&KFR$W9`-L`hQHHw`s!HcZZX%~;j#M;m06cQko2?N-y?lE=@+@)
zE1gI7Q4WuBIo>|$(~{2R9eTfXhC=x5x<&ec^jS&&nEMB%^BF++KkfRE^aV+O$n|0A
zb}j8~^%d7gq%TYUm9CFUx9b`A|HAdj(z%X_{r<`IDboL*bpD02@YwZ+%Hf)ae<_UP
zohtvElBe7CY0^(jI{z{k{^`=+mh=JF$E3eA>BFv%OXpvqiaM}w%9$bknxykDH=)mz
zenZmv7l_bjNxv)Uc3&WUwsiisaFlQN2-4?B|5nmhcsX;We=q5)U7siYKa;-E_4(5O
zl=LmGFObgPR*C&`zfL_DN`Iv`bmo#4XXb>xotYc<cV=E`cV@m}j*c=JL-3g5`OfcA
ze3vtIyUcl!B7KRUHoVT6c39@TM)67Km5SeXrf$E6Re#EX<1@{d+`~D&#hLS%C6j$I
z2WT4IR_BAAIj8OOM0qHmulwL<T=P{b7@cc$m~s8Hr2pQTas5)#xA(qaeC^=8o1$Hl
zs~pDZPOdXH?V4OV<C?$8&Au3GdpmO;aJ`Ps`Eh_Vb+h|W>5M`C<*calCli0(nep`{
zXU5c5ohj#+&WxSkB)v)RMVV^O2@Tp8sZm>SQ{v{tjH~ce6HiP$DRC`vYvQ)VjKe6i
zBXMWquEgDm>xp|3_a^R3+@E+L@nB-cf7E9<@krv)#FG<GNz8c><xERFJ@HuL@x(I{
z&rCck@$AHN63<OMFY)}u3lc9(yeRSF#7hz{O}s4e^293=uS~ou@#@5D60c3XF7f)r
z8xn6!yeaYK#9I<?P0ZzH^pVXeel9d6y*V-SQTVHgdA<=k^HgvxacknX#O;YY5;K=Y
zIbDgn6W0^>B<30>^7bX}Pdt!#F!500;lv|}M-xv@JSFke#9Z@4eWoWKOFW)<M&g-?
zXC<DUcuwNEiRUGrpLjvyg^3p>UYvMI;-!g~C0?F*MdFo-?Rvhe+>0EoaaeUeA@R=6
zdaK+M3F_i~(6?7%&hdPp4PBmIMZ1q^EFQSRmt~Z8(^l0D9rr<YAE6tgbHpd2JAcfX
z`D0Gv{ot3Ca^NWQ;N(%!R?cyX!_M57*>!@-ze{{Iy2@#EuK4%E--qs=>z$eBX29|{
zImh=yKH?tAJP1}p-mhrSD8yeEf5vtAbBP~L{FTJkwmXz#gyT7hwXMp$TiTKM<)Qv?
zc;1XI5A!JZczCEYT;W1qX+Rqu=G04Jd77Q0AE&s7`Sn`oI}|^Vn7*ML+Wv63Ti-#`
zF07r!f0br_@lVCpCa&M>emq}F{AA)ECH_s~X6=K0RTcL{-?1DQ9PQBR{+;#K@$R9m
z;An?a-Saj@Yb%vW{dpbb4?1(5c&_smio?#IRlLY~iQ=g9Y(;BBmC2f5Z79A${C@Xv
z?3^C#>lKO|27H9{5j^V5_U+4e17P~g?oXR!RAPOpiaD;W&h+&}%8~z4<vkLXhyJzC
zs-#~l{VLa6q%)7<zft;qu2-eoGiT+UDE^LnHp=rG_e_%Bv|Y)2k950+l)onZWY-^&
zelaYaKKY>Qk4wMTb;kAAU4L4-T`S7pF8v>_|4jO;wNXxo^gUqJxmB^-nYx{j_|(L2
zOMG_X^Alf^`0~V8Cw^bz>l1${G5@|1b)!BXOZ<t%pGo{cV*c%;$ou8QUrYRr#7`yu
zZsPAJ{%PW0Bz_?=eZzhaRJ8jtab53sx_*?R%{kJ0rJsbZzTka0=8Zmdc}|n(Z1;32
z!f|fC(>(+7*gULqH0+JTWAm`e8Ip(Ro9wHu2*>$53tb-C`EKV&6z_xO?{SXLk!|jE
z|KslIRfOX+_vPsBdDfY8?m6c@wXa_}zo@vuc|`iF{JfwI;K~64rPrXVOvY->c|XN{
zou^1Y1y-H=<%cVDgi^nI$a}8y1&Zf6PnT}bXOwq9ez>AJnRJ_b$jdbeb+||Ilg=}w
zKLIN*^Bi1Z5mQ>>9`b(Q`NxVsbe<)Bv-4eI`)o+%3@I;M;pA0%nV-Lu)8fqY7`rD`
zedbF))b)kpV_=mtth{h#KT6RvR`*cO>CSvcW}m&PoF&q)Ls#Ar`Qgf5mUY6I`^kH&
z^G6l=mz-&n<<cL8m3LHG;0gm$$)2UiL*A#{|6RqWomWZcHRXI?ah3BL>3@b*=46!v
zS6C>Owz`Kh?fzGJcM{w46Y+X6<1EI^!OoqEhdN)Xa*lBRts*IYho~`eQ{v{t%=_VI
zt`BCe4`zN3t|e|w+?JRw4?lBsFmpsOb3rgo99&P_lejl=Ut-Ra$ji77W*i4I7K4Wq
zGd@D6zk}(g;3<ixCZ3jfdg8If<B4Y^o|$-7;@OGkB%YgiUgG(Q7bISocv0fTiI*f^
zns`~_<%w4$UYU4R;?;@QBwm|%UE=kLHzeMecvIrdiMJ%)ns|cdoaj5Qse*O-ZDXz*
zLvKmUb!6yVI|WZl%)A|XYvQ)V?TI@QcP8#i+?}|dxF>OM;=aVJ3sIke#Dj^45)UUH
zNj#c(a^fk8rzW13czWWo#N&x)B%YagM15C1wmh%3`vqsa_ISCBN^o2cyg`hARFP|u
zsyvO(aXnB+mxt%Wb}uPDPt3DsboeY-d7GRoWmn~Udh$$_{$o6K-OuU0pC^7H@$VD=
zCGp=9b9)@+u%F;pC*C8mT@TdDeqZC|a1QMbbA#X<ZBo-~%H(`v*~UYg!0~zIq3HE;
z4{|&#562EyZYX8;qSwpsmz@R6)2s-GX9&Gs?&(;2@U$qx;hBP7*AEr@0a%`@A{?G^
z^t#qPdAOg%Gf@!^&m8o6`OeP$uso9#;qWlm;o*FJ43?*+2#05x7*9=}XJC0+72)tO
zcj0N1=T7)IT}vo_GVy(hA4>ei#FR^3>TdVKKCs~EFMBQ_&pc^dGgsxIzu@SvK6H5&
zD4qk$Lw~^)P9~*cZFs(*Xni4`F1BlF`RO~j!VZ<}T3Vhji*M3Kne-hT*S#~*<>A<O
zgqs`m)4z**OW`BXPbklSx)Z<3nceLH^FgR{#q;iq?s>Tk!o#t{6)sejY`;7GlPgRZ
zO4hbIp=nDS=gy3+s<=&YH|Gw;Jz*}uoudw~;JQnVy-3l%o8(+eI-h@prz^2tf4aXv
z=|hR%m3T_x_a(N^^}L)9C!Ooj*f0N{aPX%S+h=^9_gAiOQhYHnw;bf%AkF%Vg-!{M
zacF%f&nx9QReDt(`T~wIX3s$6nJCX??qM9lm6z#<67wwkYL(|&XU60QVU@`^gk!%S
zMwh=s{=417ID})r^U&qtvntL3m@*%7=CduvDCN`taFqYJdzLGH!<o;&>>QVWqBJ<h
z{95-6%kxX;-zfgtc~ts~u<}k)gyXwLo82>2p1-@NrU=LPh;~)elb7)eS6C#K?03p^
zT+@|zA3Wl^;(>|nxsCENw&BS8X7`LM@A1y8^Y&~<{&xA{XivW1O!+hAw|ho;I7i?(
zmW$mpTb|3DpH_T7EPto`aFofiL78*qztufm^1ziH1WF%u&wP32xrcEFNBb{u&mwv3
zS(D2AvNXQ$NcnuOxD-|$>dFg8+pc!KM>-s3u0>Z~%G^#Hd3)u7D^yC!KBJUpsWiLq
zlc!I*-S_$L*6|+YJgK-0mZx7HIKDr|dw71Q_?&wN<bh*O`?>3b(&3oXY%V%k_rJW)
z=Db&8`yAHw!;}8z#P*!cJ*OpoF!2S6-<|k9iEWPZa;{JMhZ5VpvwJ?4bo(qg>Z#+b
z^3YYu);?deSQ|J-=A1KOd6;wHm`~o}9_F0$otYc1faPcYf#ZCiimo#Ek^d(5Fz3KA
zR%g10d40AsWq#cG2<i93DxbLsj`A0}hi6I;JJ;p^CM<td5stC<9rv6fk3BC^-PTCs
z`4RPeoAjT+%FA2?$2s`Cdxqq(IY*vtbI#?ZJ@uI0^48>qV@_bHru-4*RW{=eMf={7
zba;Psy~$hzN8UG}%QIPd4|DEQJOP%U`3H{ne2aUS_fB(9yF73l%USN3F3-8nk15*R
zqB5C(;3)Gw?zvHZn{(vpl*i_r9Rx}?=ct}D<e7zE9_Ac4+JBCh!#QQ&L6ZNo((ZMA
zmh^?N@-i2}F`s<PJ>OAW;XFtFAHnk1<%i=r=YP8AGxFFxBM);?o@eabRvo?|&jM|f
z!(0T%9Kw6F{}RPV+|wry93I}o!!xHR+{0W1$2`Mza8-q~7VMSS`rY+Il5XpZ>&GVj
z#Kfm2w)MsRZQ3{cI#}@_=SlJ&3GX6Mg5x~WBQ5iD-%J~k_Y_4Pl5xBA)18+po(roS
z<_9>+xd2^xJLSL3Jxz*mT<h93i9Fr%*foiGy54^uelct24bIF5x5C<2vvWo7lRl~q
zKka!hED!So9KX}IAbGyz9_9o%>ikvr^s1aE-NU&L$9Fqdx~E^BXPtkj$lO64o>zPc
zRvnlV;K;iLT^`nXyABaIifyhCw}{Wi^Oo}Y(R&lyJ&x=5CH<kq`#aB5JkWW8;^8ni
zvd-}xRGa5j<`<<~U&}*3!totc`kwl{Q}Hxdo+jt`4(f%j(=Tw8KZ>rr*D2b%puF^p
ztqVMOP#V)lne+u5`@IR>kM|Z>9{K`~{odg^?F@%rM_0v9QhcrR35soSwd@zJe5^3%
zM);3%5A6U~W*1Kd{nYXu-d&t`C$jOOfpg3Q_MZH$()Z*&c_<SO&wl9g?1TnuGC{NQ
z#oNk%?f+7~Jlo2b=YK3;9?GZPtGkxIv->_VsiqCRS<%`-OgT1Y^f2a9@p0~<48{R|
zcm$S*bLi@%U+?<;igR42o#w&r=RL|nf3-9H3s>$gb=wVHe%j31N`Cqp4o|y#4pr2l
zTA4NH@SK6Jau|=-Id>_J!z#1YIew>mmg|fWILf&TUFFPI{DSk1ihIGQmA^0aMrX#`
zlg_s^`t`g#oiF##bH(q~VSYkel?6d*E-d|!?R@Q%uB_#H+x2DcZ<7Aa<mbAYa_Gk&
zCH*(9(_b5t{&&}D{|4<Z_G{O-Du=$<HR<+wv2@zsu64aWx44I6{FF2IzV{}!Yj642
zNPE_G`0vi!Z?9`1ZPdS}@-Kqrr>*RBQt`Da|2g-x%JY(Yj*|X=U8ld!(`)ilpAl!u
zxh(P3iQkv_`ouRUUf}!%#XWRCP5E7l2Rpw}@eEk?C(UvF(~65+SJnwT>`*-P-C54`
z*8|S<QNxbKL%+PknZ9_$xhDQAtU3&<pk1`FUyl7c=T`C4&h*!AI{s+Sy%O)A_>jal
zXR7>tl=mQQ<YldRi!<xLoomu3DW9!b;>)Dly@2Y|?i_3VyF4$RQRi0W{QxX~hawzn
z@wj`K?{9W)m*3Vw`8%b-@q1XGanJpV_c_z=tZmePnd0|h<>lOmEBwN!(l524cRNQN
zeuJ*OzgOJoJY606S6KeKA{^gqnxNwFzf5sEXX>EGXQpcjE5GL`&$!Atz;&+mxUM4a
zZ8|3obM8`nW75xnwcj4?6OQZKLHAss$n6K^T%*YR0&^cf-I;4}UZXEoWP`bmwrgqe
zS}_~?CPg;5QFYrv8_e$ovcYdqJlc6ou@_c7dsR<3=G6h$89Q)X&vPGzzh62We(qb)
z2c*N{za3rsou@d*`Ll|jbN;rXU7yRt{r#`eRnDNwfur3vqRVrE`r^Nx8#I?NAE7^}
zXrK9tUnyooZ&REEtIQ#l2}j+IbbVMl9QRqrqATyH_GRC7QQi@G;P9O3o{JUV?mR{Q
zb71*7Z{WCou<yD^pDZ1YI^5!UssCJ9o+<Lc;o<Xp>NBA7?fWX?WzyI}|CTeKn?LRR
zCq?^?iprd-GT|t*S7ouUY0}})Z%0@8cPifD{B3#WJ1<mx#CeJ0Qs*ZWpLG7N;&aYF
zR{WXsuM~gl{0GH9JO52_JD-PNuDFvkf6s9@=R*~lyQy1E@hDjJpRT&W(JwvjIZWsB
z$<Ciryb_jwOn$h+Vy-m9^>OEDhx^dAuRke%$2~LTfg|q=uFsSXN8bNNSKbq~R_x*H
z#VmQ?$a|#gv!%n4_buqOzv5-?nIjJzd2e=ou5>u^-i@xjzf*j|J@e#&Bk#{$pD!Jb
zynjSj-jlRmz1G*S1@gd=_XyV)N{1uwsp!gkui{kqERqL~ymz?1SUMbeA3#^$mlT(}
zXNf#;c$T}qR5~1GKJWT6>2Ua8)>O(oPq80Xzb}^u4$npI`J3`x>HL`DI4u7P`Qh--
zbbY0CIO_1A>#L;0;r}|ij_VZ~hpXMQS{^t&Yh7O>9gZ^p>iSygaQM6Qx~c{J!-~fx
zo&@tyN(ruTajMj+4S$c~fv`M{&hfXuI^5H(c&dA}%kr7Ulv2(Wt~V>fk(V(|nJtQN
zWmo-Bx?dZ5)j4$f6@8*296Ei2PTk?qSGitOghOBJdaEKFx-R!8RCh0RzR;QDy&Uc@
z>#W^V$ip#yDCyjjl9yxrRMH=Gy+x7F`J$XBT;~|SoAjT!&N2Qf=`Xp?G5#&-uTXW_
zZ%rDvrcwSru5*m`EYa(Kl<RHM?U|D6cD<o;+NHlUm2;{4JEYHa?i4db*w+J!_a@#?
z?@^yFMY!@wy{SaG;paX07{#NVxlTFRnSMCM`Loi`fmLR=A{^HYm$+V6gkzjv<$8}I
z9Dci3RXM%V;P7+ZN%?(>aQHv&x~f|KZWtF_O808RKj0kxhg~03groe&Tpv<|!~c})
z!-{bDpL2ag5f1;)T_071!~a{?Co96?|BLHW6yfmO^{VPWRT><AKAPpYrb&mxFUj=j
z(&6yiGfW9%((T!`w~t-ZN*|XFhu@xON}nMej`C0O@@Gni!+*Bxv!uh}ztHvB(&6x5
z>G~Y$aQJzw!*R`(4p;cHrKbiuSE*53a8u&u#4U-di6<tWl(?3-HE~<w_QW=x&nSPJ
z;XdhA@#hs+I&W57oA~*}FC^ZWnCB_gJ<9RI6;3pzL$slD+;E(y_Dn<jWnX9E5i=j#
zd?>zDJQZDeX(u@5&l_E*&EU`%peye>#YbV~r7hvgXG(pRqRYda_qg*a#V26-tIm~I
z2$WW6!_Rns4wi?0fa7mRuR)jRCB*~aGt2YuG3S|z*3Qxwi>;o{UvLk)Jwub;F4mH)
zzt>ml3|IEn52XQZl#l;PSRUFIj&XPmx;!6LWZy7tdlxJ}?Fm;tUCL*?;#sJ8k2CkU
z_AFOBtc&&bgsON{@!Z50CEg2uT`3ced*0W(XHfBA_fTiJLcvO%+9?0ciYLJ;hkC-{
z=|h)iSn+h{ixqc=-(J>%T4G(&nEpD&iu1mTjEU-=rJit%)t%7yDmol(UPV8ve8+^c
zs%Mwy7`wo=;)i2wGd}Rt6peM@r-^x<SQT^qas<5hKkI<bIc?{WblS(xqh^7UUGvC8
zJ0Vr~DS6=vi<i>j+NxT(PEfS<&Ut6oyA)sJTvxR5#+S~VEB6;ZNUy8XsRJD2YAU)q
zpXUl&6K}8Aq4W7kFwZ7}b=quWb{YCUl*0!@N^p#sHZdMu;+F6G$wPgP!ZV}z>+Yco
zdYz{!($?hFP$|F5Bj&k?ja8MyxPs$zoOipQ<GKQthjxW4R77dIHgv`d9BqCly2@Xz
z$T^0m>KxxoT<D$&D*qApOjLv`3>>8;+9;<<p6|dahw%VMJ-_E3>iI+W)D+>kulyOh
z%4w0u=4zGGDh-Z)v@tML&KveoeZ9;|a2%J-WAeOFnvI8dmcIw3(_lhXO#A8WZOk!O
z_bcVV6)xD6Y&=WfHl7z0eLuZNIR`6t!t&5BaD{@Ej?spPzCF?T9g2Oh{PYoA`CKXU
z40QR26<-T;vEUrXMV@L~(cyp586-;orXTq4`mXX-FD&P{onPYDNjnhzpyG$4eDl+B
zN^s~Wi>o7L4dhsY-<J4EXU4)F&Zj6^+bVCnm_Dv@0q$IRrD3U$Jj|EJYoq)DMe95H
z8=d3#AN96*zO6VJmWO_UV}2NOy;%{iJXrSo5!X3K;23XnU1watp+Dq0=K>u17tvLb
zWr~l%s>38_{>B065^dFYm2>n4=M8%ArNsa3+^Fg?t>ectIq{Ojm+HOn+?1H_PK9pY
zd+~DYdoRxSCC@{N?Yl<q`C8JKC4MTgeU{<=A0+*!iS75}+{1iWJy-{!WOL)o3@6kT
zsPl)F??mTQ6*-sC`7Q+aKQK#hzcbH1ZLOEivrs$V#p8Pa9QO<>>NK;w3*_N7<y@+G
zEv))9I#+fSD9zA@hjDSMGvCp=3znZT23H;~$MOyL{7LaCSRTe39CO_&bd|Y8<^04w
zj6JyW#Zu1m?)jVI3(k+r|65pPGA7}8{@JW-l*#g{uWJ}Dm!FSI@iSK8@Y}tKbjGLM
zoA_GX?f#l{IL5Z!|H|Jg9j?4qpmZ*N?e{9hVds_F??tfuZSuge-!a$QrNeO!-tKyb
zbU3~r!mSA9Fu%glhWDduzmF?&8pAx_rW^2g$q&bVSGeaH#qT)tx!W&c`Mc$ZV}9G>
zdR;mk<ALY??CTYZJ36l;vZ<UN`Qd1{n(K^TILhI(0Q`N@;rNbUKf21lT=7h2{x;9q
zu>6d7IF9Rl_wX$LLiaFF!r`GT%ABTnm3s!|fx~0JgC@_ov=6vvNFF#mBYIuESo5&7
z4<`On;ujO!wUhh#dO_q}>bzWW7xv|ziHYs|gs$(O^!CJuC+<poY~qs>pPtyR6IA{o
zsxM=aI`G}<L!FOQWXz#YlFl4eJwz2&f@2&WFUHd<4}FP;IRvgS*(lK;c(`6W+nM8_
zeepAgz|qc^x!$Y@$G)ycS2;H+UgO-Ma;}3_4s!?`<=DC=y(-PtHLs7&T`K2M>7UR>
zne!Fzf#qkefTNuI(dFSghYz`Dk|G?Que)ATgyXz^7F~INr}&)ne=7b6*1lSuqnw|+
zr(64a-aX7AaCkPk=j-Z@Kf8xMgrlwg?jE~c^6~ZxMb=dI%RB=|nKpl_o;}*{F7BcK
z;qY+zMPB9>IOhB#UGJ6-SI!eCo$h+wIojkhbnWXd#VefOr+782@_XcmW54fr&xaJR
zcMtOk9G;uq)2I61;vU8z9G<zZGl#%2M=f-naSDfSpNFcRoTrbvhj{~zGFQ6J_=O|y
zI@gD#!=c;fr#i+F>2T;a-)djmss39%@2EU*?91j}dCriB`IokuEDs!>lk~cJN%?*y
z`GfCB{I$fIQq9w)Xno;%r@B5%aav+)fA@?h{no^s8`Ta8N^p!x#ya(RkKSV5!PBS+
zR~{*T<{dn5QMBh6V)lOwy8KOwa2)Tc=<*yU5B-XVc>|99(r0*Rt8<*E%YQyBe~Tg<
zWlnLOc>}JHNokrk%3=O^zw?I_uZLC6MCT}n_we7Secj?7+5-;H9M@}#aMXF8n7ofG
z-s{Y>z6W6Ki?)QL9Nxn}L;HHfJ#C6`cviUHt_a8Z`$N||6yZ33H@eO|0LS^e)%7k#
zIL5He8>(BkG@CarS7nr16{vIFIsA3kd!)mm_o3@pcy@c5^Pu7xu*&I`ACBYVz3>mY
zr%xU@Jd}m!BZ?Qhr(Yg8JbUSN^-u{)aD@S&M7y9fR^e#3y6a7faJ0|qt~V>faa=>L
zw<yA)U+Ox$gG1i|{jgFWxbo$~l#5P%;0hCx(k|MnT4WiAc5kb~_7?Aoet7Y~@%f!S
zPtXEemo^DcXYs({Im&hR1y{aOJhWYPa{1oh%boSozF&yGr`YNs-ktZ^_yUV_w0Vu!
z@*J$VkMn_wt+4#;7Y@Jmh5Vz^Y_1Rwh~KO&>Qjf6cU!+aR`$!d3C}6+X;y@ze99s(
zeFRs&R`OckX<sAK&T|jP1V>(Lhs(=(Y<(f#Tkq2!RcCt+a6~B+j=cN2hvREYOj}gt
zrybz%^L&RgPgJx%ay}MaevTck+*S5<GP*oxDE7hfaO`k+?AYZQmUfOdJhTH``FJVk
zLUeibf4P^Jhj!4ZwaqidJ<}EKnoVZ-T6Fno4>*qH26TCDQyfoxGb}&j5f1+yuGbXd
z%2!L>EbkTNdsuhk5#Oz7*XQCF#812aeZ_w`@2c!OYQqn|DsiiOX#4%0xo$exxl{3I
z=eptv&du`JTC6f*+P!+DKnae2H_*nFbov*ryh=ZmtPQ2pk8u23gx85FhrWZuPuo%d
zk15V_u4;Glo#!Y%;QU=hjvxP{iZ8(`v&A{e-0GegiaWwxrT%cNQ?Eq7vW!{sS5;a1
zcNh3g#Scf{?d~4Vb@~+##}0?b+Fa$(#&#~qLp#7R4m-r`>nKI~fO2RPI6S<Er$_M^
zSe_Q=*q6<L?<v<B%=uOEVTyL%9aZXY=N%W@O1y{X^@`T-Vvcub^sCDAOQG?hirYDJ
zj!=*4)#bZ*YI<X?xgK-=y5d=S9UfcD+;7hlobCGAnQN)=Tb-r%svN7QxJztvh4>xv
zp5gl%RD8ShuykHi4)fW$&ZE+8u9L3AEWf)UzCmo~vUs}qeeUO)@mBa~ff8K#M&XCV
zl>dJeAA#ke-{E-Xu+nw<8jf{#9lG-BBiiyTNO|e&7x3^PL}@z(%A|kcSVL>B)BbSf
zA^lKdsl!j-!QrpF&Ul1lO}Fb1`D@bQcs_HtURS4<-*5U(;ujO|M49ri|MQ$@Xkfg{
znaiYaC7pY}DD#BGrzW;%Bfj6Wl74RDixQ6}zB2K96Wi|(dYK(w|05I+cdpCJc%p8c
zPd5I=Jij>wy;}#N1jjXVzc`L%1eS+>hhq+z>>i%|sGH5h7=Yv7UcAwD`W>!(v+U~@
zbk*TgiZ%y|X^%V5wJ*j49OwJ}=<+bO7rCdZ2**9h*WB}r;^WTmP?_I^RVHHwjxwKf
zoiPK)as3os`}%_-_x$j%%6T4EIW<K%%CYrGo}E><9kk(T)%$RqBNJU`E`&or(Diod
za9qQy2rH*UIvmH?gRXsDpm>sVzv3ydjGgksQMWVQbFu1gbCf)c1vosM|K#nK4#&BF
zi|cjiaGX=~(N%{PiVrw{QIS)Wa(d*4qx>(qXR_+>RcF2nywv^7dvN%lb-hnI9OwAY
zT<@0-hyHul2c*NH{}o;J<o^5b?irK^j(s)jJ?cCp9ge*AOiy{IOWWT)!}7r4;Taa?
ze@M}u>8Tvf4>-!FzpK}j@3|`&&r-B;F5w>W9M|D}obOa*ts*aDfDPu}nsXaw%-FrQ
znDd%@Z}e%3r#aIm9CP)}I%ww@ds_ZYZ&ZZixTd?#xeSNj&RLbixeSN@d~sC^%b4ON
ziLHFs-<$MSXWD9i=gEp(H&Bk6v|Jk>Q|iq1K!r?7b#1XPyH1n;Kct<GE`OtQ)J<<s
zsA}i5xgD4D2b0cv7oOeWW6OTw_<X$P9@fmmV0qXV9G)(8l|QCv^^u1*gey$ON^jSO
zXNKaXuspOUTwyU$nxYNQM-(}>Dhry@PR{HXuE;~GvZ>SOC|Y~U&wk<f?EVeOa|A38
z`-Ll~>4#FcwkW3umZwD#t}u|4`n2IWL-A}_9`+AMIqyXG`i#0~q9PoB$JN?gc_&GO
zD_p!NeN<cIot^k~@NuOb+F^AB`?NLAnQ;>Oaf$7`a8G~I?KzKh_G$HTevNzRBO4FW
zIqo5J)q(bhW4#zbmxuncK9z^|w?3U)>a3R&8ss67KNw#y{Si#N2h+a6v|})B7hFr+
znz$`7?H2xuxcdHbjrpp?uXe5}+OZ#B>Tl=5w+rv*o<kK6g5}|u;F$MzKtG}Q;mTA0
z<SL7plIbiWO0+}u#KOBeQ>I<pOXq#tmzZ|4eizeD$7&-l?R2s;?R2Iy?ZoiHQ&YUe
znRdF;nRZfhn1^<{(YZs>u1}P=Q*2{W+$GjDKcV`8QumiRe@fBDk979ShUZ?z1Dq+7
z4gG$_H#_$zvY|hy_%`Q3MK<&=D89>ivLYM$BZ>?!cubKEepK;R=Q|YH&>vGIHHb-#
z+Jb58VA?vEwhp#2>3M1E&}~e*UQ2pwV%j?Vv~@6T5=>hM)7HV=iR+1b689$VOWdD$
zZ*i3iC?y*|W2J8?2c7n~5O&?hjC9&&Jn7c9?y<fW&(Qn(;gO&AgX8y4IbO;<UXkO9
z@=t-~Z&8H9-|rs!e8`zGI2o3oet^S&75Z42)98jM-;VL*a=dn2Vvh0Cc*GpnPn@YU
zOCUP+xeLCbTpux=1>cu=LE?uKe<ktP6F-&syNSP__@{|~nfS%Tn-c#e@jnvpxZOYN
zybs5CLwP3gdgo8b+va?*qRlh%%#(g3y4rzuhU4Gqws9hzu@6_cP*v*FM)~*arCkGv
zS@X|ueWCPoVC7}Jz)_}+G3hmFaFltum@*eDul28ZnzU<NUn>1SoEdvJCjOA~a(Qg5
zD(@_5A4k`|TAiZ~^IfMs;HbkAbme_q@oUact4v;_FIW7A^D61QMt@rIDd#oPpM$mE
zc11Y$yUz6vML72R2XvM57sbua>r{?CH&8j9((-eICcTG$gQDGY$-{YO_goA#rJ8#-
zDe@IG{D&yEJ8xFh#|EbNDe4iM)tR{mjyl`Dn98q9hojDe_-`n`Z}Cp&ixh{Qw<=x<
zD{qhT!g0NNjeEFfx!FCv^1u~NMy1=`!{>+R>vdHf&OP|;aIfA}`WfuHE=RVp?br2B
zCjDoLsbA#XQ{@J?CO#;!-TQc%_I(EDW0I#QG0z>M%)Pyy`zy9O@2&Sa4>^`bMYyt3
zl~SU=BkxhLJWYylT#p^^o;H<pvU`}*;PBYFd1IO5ZJiZ&$bXjmX=*sGXD)S}c>u0(
zqpW1t45|b3037;FV(P{@4#)2@%y+$}2#3DZb=m-~?4ch@%e8U5&nrIZ{5{3*z$%~f
z6pniG9)7;_@I&`-uEF71?>gri9Ci4e>$EW(`i?#xwA|R=&8Pg=id)cC2hJ}z%I7^i
zoM$}y!^61)hvz`o>(b%M_w+-FkGsgLN4^t|aPHT!*k_2+uafq5*Dp{!7gqT_$_q#N
zyhk}lEAPeb;XH!F^8xqVqj-b!ZHji@sZ8c_JMVbdtHgVhd7R3;1D2;>Ivi!rcYQ!Q
z9Ow0e=*s(L#fRN9C=VQYpLBglIvj2C47&3ELXl>IIfs4-s}95R!%>c{kMeMV`aAc(
zRs2WykLWEp{5$A9${CdoN1g52$c^f2X)W%VEDs!cU!m94x2P~BxU#D7MdIoyh2QPm
zsCb1l=j_$+c)9+a<~km`Zc$#&S-Vdcb3V?%<Nlejd+u=N+_ZH~I_KkDbobALrQ^BZ
zd6MEo&NanFu={`HI{ugIFwkGEXwQV5J6vC)_IMCh`Hht0OkV3d`SE<;b&l(0w5R;A
z&7bo0OFISK`5b4yE61}lbjq>s!Z}Y%x;+PW{pO_4OngV;k0+j+_`byU-C8g6OG!UW
z^``!<ig3)&HYdwJMcxzK)20Z=`gk6?Jc|`CcBcPrE|pH-+FB-_C%#Wx_{jrbqw>E7
zs}AjoaLiXvxz79s$GZ6}y7K-;@dt@tbZ%Dv{25l6or-XU4piEzjl8sfBmF4eS<&V<
z`MdPK&2P^Z|32>NRNT**XNfka$=@wM9Cfa{hq;a0X6jIv2afumnmlhye75s>ikCQF
zuK0fEaqZXUG?m$-GHp(KN^dIN?jFX-r(t<|rNfog#q(MB@HZPi@BFCZmz<fCcukwY
zkHadbPvyYzHyD?@=V?WDkN-}UNgjBu;tv!5*!gaGe&#$+Z1)24FA#4)*S?sC;aJ}{
zxqp#7d^d~o`97+B|4PjIxGTEy4k#~NnWaohuS1uIzwgNNUYK)}zmXAqJgmHf^23!M
zl)QY$6n#iKT=8cnoWtaORB^;T!}7rYGMCcHN;a1=VJN*-Ta^n@rP;79DCR0Y;LO;6
zIPsSgbM1tGq2i&=k0>4qtIS5{Xg9l0lz)kIu9xsISHtn$l2O;272%54a|*ihPFK7Z
zR^ArpI7Z%!`rF(t|0kr~;{K|0tU-2vs&Xbuhbt>eJ50uZb9q*Ly)$#aB-3G=LnOeh
zuB!{mGg9d@#Wr7w>tcHjBc_e}v{m0)_65f=GFD>0=Q_Vf@j_UB+7piYzt?rz5RUpY
zZmKi1X&1kCW*+)O(*Kh9Z;9>R$MZHRf0Sculk2;<f3qTOS3Rv93mko2Lzn-riU+~+
zP=7eS18mRP<e_bjbWf9W^r^L*JQK8w<K5G&2*<uoL6?WQ-`ZCEGWkzO*M1o%aFltm
z>x>6D>SNar%FDAZyM9n!jtP#u_8d%}W|e=VbjqKk2*+nwHs0i6Etut=nsd~74!S%$
ztDO1nX;p;dGw#K%w<*H$`Q6j5w=2T2-{;U(=2}Ir$*Eh1bJXA3^TXxyoPIoF>UgK~
zT*ZaXr>kzZe#rw<SNv~KJk}Zg<iyko59{_J&OLhnjm}3ab~)?RE1xULUzawBPJzyq
zoed`pE1)xe;L3vH8Fjr$5stRCzEhc;`!**iZ?kjs^|)SBPmb66NIW3sHToh&`hxwo
zI9FaHQ2L5CbjA-HpJ^_4oiPJPzx)_oWpdy1JgmHvoTE&;HjrMEZr28vmt)*P0e`D>
zIL`fjU2l^Phfd$HFV20g0mw_Az_G8L^t#$FK?$yK5-1(4t$J(et0CvfiWeo`&v{t!
z0B7cY`nCGDQYO6ZGiCQsj;%E+|J~xV(B*G*u3REevS&&&%lt_@R=GJ-g5&oP_YtF$
z7Y?1{L}xs}F-~l5k=`r~4*gVdRr^wNmFM~L(AQ_;d9du)j$Jx^4afN57|5&t%X%aa
zb-XrtrYDch=X%&bRoVsU&K!2|m5KL-&n$I-<8wf3bLC~OJKX&vipRk6(<X5In+QGV
z@=sQ@`A{C($L2$BOqJfQ4bN4I>*0@Ro!ZXti^cDg&F+PrNAwyG`g;=p#F^h2;eHYi
z%(YYSpAt9dz0jKypX5v(`Vya+*uK-E^6^}h^ve=oo!I^+w)^c~#@X&=oVf<2K9tFM
z1s|+<kn>xl*PTyNJi(dkH(ulKQ+!L(ZJZD2pq1e0M?1gdA5>l&1M<*!aQyobmy0QL
zSRVQYo~C$>^QiPYo$pbcllYU)+$%i*t9<$$j=yjAdG}l^&zGIQrntnJdy2<l<!x4k
zV~%~&J>&AMbPwka9G=zg*`WACXYK`l3ad=cDLB@q&8~AE!7-=VJ&}%``<GYw_~CwJ
zFIeR;m%?#euXoR=;$iNo$pgplaUbQLYZQ-hPpdp|{2up7?qQtU{f_GJpW+)`U$1z(
z^G3zHVbzDR14n)4xo3;w!|rL92aewd|B8DW)jnT$-bwtl`#a=^qfPAoLiK5vr&SyK
z?UV<utdmiR_ZTzWk94@FOFA5F-sK+d-R+sG%ITH|4$rV&S8p%(6LxLmY-7Wj>mfXo
z6knbAc;^w7*PHnC#M<Sy^3O^9@x+fO?xD`UU;F->v&|3AoLAwo`y<!)@nfNn>@yna
zL-HQ%I&H{$MqZw;+ci7`PYI5(eY_ZtKCUglhbs@~Z*TJSyJtl43}>!+&W7c0QiP+O
zM_uP!gDcOM{Z2vGzSNcF+!z0c_`T>Vhw~1Oa(EBFmZS+cx~HlLhv#FibFRU$FPk@%
z_X%n9v{63i7hHL))Mo*@JYQ6N2$rYj9Od&K9zL&l)IFSEaCmIqP~J9aHg9~ml)oCk
z@-mjz!}4&xz?D0TXJhib<Q~ouxWY}m(iUx$)1sGlU!!v9UpPEXVm!Mk?g`7oIReM=
z+A|jEoELED2jf>>uB|#?dFt}Oag25iCJ)bGj&e_rJaBl1(dD^V@gnC7w=2)1DYIAp
ztMD@kDP89tp3`0r%hM+v4iC>^DD!SbniXc9`UosPV-t=#%yoT0I$U9LQ<{&iyiX{8
z&iRXq55X#DP#!qS;XV9kX<v`JXGk76JT|8(@33^6(|)cum7epw`zh~FJ@1HgIKJCS
z*HS*77u>_S0>|%V{NDA+(&0Fkzo08`v+_1-qyC&*aOGEeQ;GNROj2xd&s6Df<=4eC
zF?nk4nI;b$&t%$MpDrDax-s`sKJ)Hj?irH@j`p!RSstGKbh~F<9ymM?>veTjId8s^
z_^HH<bv(>lM>;Q8tixxOV}aw`XH1|sD#8^%AGvO!obwciVR@RI<6NK*@I0nSd*Nwz
zu5baU#4(_^I9I&iZB0?$N2J^QBTv=2a#_jy8S=X4epsG~ig2{;V%M3k;Lw+%D=+uT
zUx7cWwNVH8b?5IY+BqV9wsyzz8J_KEf9Vy)U7X3wXFuT?OZ=V0hiv~(kNquH-|u5d
zUzXVZ{a^PyoAe(g{(0i(6aOmli;4f3*!~W-m%qJ^A?jaA{OZJeB(5diFR|T&sLVI1
z4Uh2l{6E^~X)q6umEibyVFtwPcey-gJKrYT1<qXmjySKB$L_P_zfv0KGkI4_zrmUD
zb~CJfsaoZCf_$D-mz#gB{CB&DaSO-al(^SD-%{k-nDS}Y2c2nGJJ(b`;~9=~@RxX`
zw<yB#UDm(4&KQQ{nr#;yCw|5)9Dgr@?+-*@9ONFxFdX-x$GTpV4#)2r*!KZcW~+2K
zo*iA`{x<1w`0sbUT{>K0;#69Qu489xGuKnk4(V`(A4=bG4@<-MoHwX_Ry%JJ{|Hvz
zPWj<zEAmi2_k&xU`JBqW10a8w{BW#a_H0~!u0!oQR=h>!AEMWkLucFksl45KndeWt
z4wPP(4oCgD&Lc11sb+nJCo5hI%ikkE9CfzeiIAsB`?|{gE#mjOzgK=Z{CBwCCmoKz
zYw>B<`=!Hij0@0J{xgc7cmAs4!->BHt8Sb(aO`WTdnT$rPq=4L9ymOIaeYWS9Dh&a
zAL!ceVQSBpX@mLO)jPu4*RcF>l+%JP4}Zscm&C7y<sXqB4*y>6*;94f$GKI!zx!D$
z;PAi6Jtr!5C$_(dt@1hV;qdpmhrfY+O5)RD`KQPahyQ%{T&wsl=L1xqOJVt^$`6Ns
zn(Nb~!*O2U?)r4;aGck3(A7Tk6z_J=m^^TlIp6hh>2RFakGMWVIvnTeU3y);L-+Km
z=RMAg6>aU44)cr~&(4akbgn8M>D;Y&z4N%@mz`PDxRj|fVJLC$N;&AiVQh%EwUs=o
z!h{?3BkD6F@kbJWEb$4-L-|dLaLoVq%uVI<Z1!Dv#Gg^T43?ic7LId-zQOY$mHh$t
zFyF#4hu`F$&ne#OJX3z|mngHU2uEMgc9i)&#V28Tn3Lg{4_BhQ2Os<=#TQ`tnV;d9
zTQ;G)2OrG6g{=kh*QD86;A_+N-sbd|ZSvD!Hvh}tD!<MDKKCB#e(oFaQT};~$0gP!
zk=3nDdEp9;uY?c(9~AB0L42c_br*e!BKHX#SG)Xh{0*_6x!xfijy7kkkas?jO?f-z
zf#dh-Y~Gg6+z!W>=d(}z%-e9BM`xp}%xe_wnVvj#dEoeba4sI{J<{Qr)2trK`)!>=
zpTi^GsA%)2{Jrwq{P~~`LTR~|)8`z&Gx!tN`=!HCw?Dc*ARUflY1ICx4|6XZ<?QY{
zb1xj_9O3$~bU4a6+4T|WaOh{dJ}MoK@@?+YekV(}x$E+BT+`h@MLHbie8lys(&6Z%
zdtGO)gQK30yUtt($F<6GbZ=+c8t&J*_Kb6<cnz$&jVUi2b@;98<I>?cmVdZDLpmIF
zuxnA3GgCSob++qI>9eH6;Xhi;erHRE!+$2a>N!R6T=&e82afx-k>t75J#*!OW8S#h
zJs(xP#`!MA>tOA7p8Rn5pV#ZE9<EGM*KA1q`^0}q{Ex&tDo^CKx!udLXKT)_?mtj*
zf9GE*9_3tDw9otG-zeraWuByXf-|~ZtG}a+AG=m(l2Br-<KL`!J}i$8ul!vU_t+dR
z&sOPNqvL6Ej(^+b8gzMRhwGfj6zw^c^hW77yZ#EXt$iw|SsEPAZ0V0E=K)xr7DYJj
z6YW}EW%A7Daraae;ds`%9Np{loO>oJ!W9-nr8U~{?53Bt?wnKfPKBxl*lfk4otJ1n
zI3e+=i9eY5*2JH5o~OtZPnpb}KTQ1B#5`NT!@lg<f|&1&T<$vepjRh;f8tx5$;)RO
zQ4ZgI37(hufy8z#>ib>cI`itYiGP&%=ZRlP+)jI{oWm3kabBtSk9Y1>JkfczbYA0U
zJlZvb82tj*FHszEUMro~`1#D_(xfvFqF<|cwex!UneWi)+xI)qk<N8ORejAkhvPcL
z#-#lG8&-?l!#Ia43?8K=+9;EDe!_W$;<ubnQ-6NPnQMw?oIfhv#+&xbn1^G(zs4h-
zaSn(6J9O=<OL_m`To>E*hWu4&cD?am5|y@7h`Lprc^<zjEI)?;$Me;_+{3XP=$=XP
zz%k$2^@j4+q}%m|U)$LAhUzv$-Vx8+Di0jbf+nMTTTOFMn>=vkMg343a}VblTlnvD
z{)wVJlT<mJJ6~}9TZ+%XsvF}DuKZ3vl-8ol|2M^E<-yY-9j@@OP>Hhev?}iI%=u^E
z-IC6=hCRm<-zMhsm8e@ctTH=Q4jlc}<DP|zcKstymppd;^QE%i0ryN%<af&{bDH9X
zu>9Tf!|{8Lqwe{DBIke9VH}pfE<YUW(e3W}vf|gAf2+6*mcK`SIR18uUQTFG9Y~xH
z!HoN0#%nNRG`KFV>ZIvawC_-f$HgCZ{dUCx`a=2v+UF(Cv?YCmJ}BN^TX0k2S0%Ro
za=-PLGkq3$d0rgcp7`*@Z%TY@V(U9E(>`x<?oXcG{J17a+uQk49S38&daghTt~^<o
zF-Lu9b6c;)b+N72;vH1ZTitV;;u+3^if?yj%yO?p`ScH5p#UYD>r~E-;`eD|U-ZLt
z=UtTd)3EZ=pK$y>?`PdZ``dFcdFW@jQqvEmN3>DqM0vjI{B^~p&YUaDou60yc4C|N
zlo$O+=qjJF1INGD_H%T3T2+qCZ(=?J`LpY=T_Z`~Q*6)HR8Cdz+p{%pc9dEbD2IFE
zgJ5}>>)^^u`l0k@bT7Xr@hOS>oOPL3eqX@-D$epUAJ|;y`VFrCQSqk4w>vX8EO2H{
zS_P{x=2*Dm=iQIpbG-aEcd7heNVEGgG3EajkMh=(7p}ZoptK2Ho?hkslQZ+p7H2-A
zxlz9A$IJJiKa}{^#Iq8sxNUxWR_}RVg+8Q$mEa0HSK3t@<x}?SoEgje!16P0;g}~6
zM3;YtBG(Fd7@u&gJ7=TI!}>hrOmhu8^K4-RR$j&}9OX|&SKfJwSHbcy_TVUgM|3{?
zRe~#14a?s<VsTT-x?LaMt@BrJeL?S4ou5i<<Jomvf1M{OPx$vuY-80u9Z5eTad+Z&
z-&alAQSkW!B{;5)>*ClK_W*cke>mFbH21VAJ97;l+8>U4@QYoiZQ*F2E6`Qv8x-H;
zOx>@ARSxY8$9km8YtuPr;dqvE54y^EMDa7uohs*kSmkj3!cop*_dKomsPi(#$6)z6
zr{M5EgRb(QSL8Yjev``oAuNAQ5f1-m*IO0gsOMI6<=shn|KZFS*j^juv`K@b9DMjE
zD%yM{5B+BI)fEzzF4R`liFKvoXkv~5y;E^tc)0lC_@2oD?s=EuG47#%;rQNB54y_X
zJQ#pg4*d(q+$)^Wusc7?@1F<Lf5G%Ya4j*%9C}A$;WqvMxBQ>f+}q@5g{@6Exs|L<
z))`KyDKz||u(b(;P08Bimxa3&8rB!C!@nxr3;()sKm0=BL3l&qVfZ(NN8#TVo&vvE
zcpAL1@EH7Gg=fIOD?AJSec?Iqro!`J7G9+V+8SOmwELZgKNens&IzHkOj`pFK9yEz
zYxuLF{Tpfxe<{2MeM{kW@P8NH0ROcxyKnfvg|Rkpl94pr8~#?X3I2QG7MPPyiSw!f
zqf!lSD9l{ezzvWR^HBpQrBWB%Shx=JKwYU9-l1?m%!P*1Ak5B{hT)eN9)({~cnZt}
zuQUyAE<6VFAV+Bi%w(W63w~AMIdDtidGOAK7r;ysN{e6~0x2zltA&@ruPM9&er@4Z
zFgJEeYv756*TFp8P}%_RUU(C{N8v3n3lwQP@#_k69p1o2mr@J7S7ELN8)}7X@ZN>n
z;C%{noz%cWr_=?v7OumuFU<8y!+wRi#%|cZFxR6EZH0&70}7AA2Ns?Jvv?{^gWC&_
z!EY!$13tL$EclSZbKs7`^WZ}ZFMtm#ya+zL@DiAXNog7U#=<LL7HXwcFc+UnYv8WJ
z>tGfgr48^=g*U-R7v2K1$dk4gbD^rlzd74*OkqBoYdE&>M7UnK1|L_Le~-4|_`)6V
z35C1hp2Btb#KL^O)^Jkce)#0VgK%%*VfZbDN8wWnPk~P@JPqc;S!oP@YvCF2X@zIO
zrx%_B_ZOZAzpd~B_>97f;4=#^fw_rPS_Z$p@Cuj*5=yJ!vkR|*2Me!*-%)r2tovWm
zCRo?fq%H7JVJ?&!{F;!@gB$!hkk5k~w2qVbEVg0T{d(Qt>jl?I4ZdDXgnhkeh1cna
zQirx!FS_C9QOo^v!!HZ7M#p+F4EuV)S|01gG}zaRahS<f$>w=qFXrlXtQR)7`+Bh$
z-Pem{u&);@VP7xSz`kCrhkd=UdE3_urtDZRn$#SzUNBX~dciai>jkH1tQVXfv0gAV
zW4&Nl#Ck!O#CkCb`+6}I_Vr>6_Vr>W?CZrG*w>5su>K=0f_=SM3j2Do0`~P{HQcBl
zO6y=>FE+xyUTlGVy=dh8r2&*$U|%mL!M<L!!M<K}!p+5Bhkd>1gMGaignhjjfm@1y
z3he8}blBI68L+Pxvtc?xX&&tB1<#~ny|6jW*Nf%o6N}&GF<&p%qWgMbbC<6do6#o~
z{{+q*UoV<rUoR%YzFxG#wc_u9eZAm20I^>5!oFS%z^%nU4EuU98TR#J8tm)EINVnJ
zvtVB@=EA;S*xcgl#bR^@qms=hzFzP>q*yO(4)OJ3J$gs++q~iH#a47*FKn*x^`grB
z&{_O7*w+iba}(=D7wqdr56lUn#Aj@=UJSv$UW~%NUQC6%i+>FE^@7jBW4++}1hHPs
zhwH_^2=?`Ye_uP+ixsf17pq}TN~LwMuNNC(UoW=6zFsuGOx#=iEwHZ_lVD#j+F)NV
zI^n+Jufx7x^ufMf48p!%jKE9`N>gB8FQ&u3Uhr>i$9gdv9w`2Ku&);jVP7wnz`kBA
zhX;#)73}N9TG-c%4Y02ln_(s=(hg!@FPdRrFDAmiUbMo)#oqyY*6zf;i3bu7C!U;m
zTH^7<vl7pRb*_>YBwn0&8LV+kTA6rF;`NC)CEl92Ne@b*oND4);&xc$hSZg~Cvkt`
zp~Rz!`M1BLoUz0+6VHLwPo(*Y7bWK30T0iL#H$mpOT01hmc)%s|175kR=bcUC2mXH
znYf;~FY#dFk;GGA?VB_`@r=Z?6VFS$F!7Sa%VBM#Rf+j`!$aSYcyr<jFPBFfsX6h)
z#I1=t5_c!=O+1izIPv7f(-My-o|SlR;suEpCtj9#W#To7*C*bTcx&ROSNyXbs)=if
z+Y@&s?n&IAcnH=;8cjSk@fchwo|%c~B%Tj*ajLW^@zTUA60c6YF7ZbAm8G05i5s>5
z&|4BuO5B#XGjSc>sg&85crfuu;wg!zC!UdbcH()77baekczNPgiPt9Hka%-q9y~|=
zn-fn=+?u!}ad+b0!~=<k6HiV&E%A8bS&8Q+UI6pJUTJaSWr<fNUXyrz;!TOSCT`NW
zi1Mq6Yl+(vcO~wDTT0#f6AvXGO*}R6SmK%R&ZV3=iRUL?lz3_46^U0TUYB@d;w_0A
zHGX5iEr};3ZcE&mxSqH#@nGT+c$acqQxZ>4JR|Y!#Pbp_OuQuVa@aphT9tTh;th#6
zC+0(-$lIKFV&c}s9f`XW_a+`lJe+uP;%SM;6VFOKH}QhRixV$PyfX2c#Oo7pO1w33
zlg4kfLp5<NaeLyf#65}o6AvXGO*}R6SmK$9=Omt=cv0e|iB}|Eop@d1jfuA;Zqzv!
z$KH~7QsTD6or&vkwT$h)#Dj@P;Me&0Pdq*GjKs4O&x2oE@-9rgB=PdZs}iqGydm-C
z#Qb9?QGRpciHTbicO>pk+?#kH@i4q=ssH4}(-M!vJaAH)m3VIA1&J3YUY2-e;x&oa
zC*G8JYvLx&A5n*D;#%VN#9fJd;N437`x6f(9!)$o@ff^E$vZRgoW%1JFM=l(|I)-O
z60c6YF7d|1TM{>F{6?8Ai6<p)OWc{bp13dZApE*g&ymDa5>JQsES?#OXD6PQcwyot
ziI*o{m3VF94T(1=<_}dz9hwtQOx&8dBXM`)-oyimhZ9duJT38f;#u%srA_80UXXZk
z;$?|fCSC*AN;&HjZ%Vv1ag*klhP{iwnz)v@J#km!p2Yo$hZ2t_o|<?p@yx_?63<V(
zDDl$7E8u-f{Z}Vmmw031Er}a7KSkb_#FG-YCGLdxE&Hk`?n^ufw-(Px;wg!zC!Udb
zcH()77baekczNPgiPt9Hka%-qJ`8SneW_=2;)#h{;r)uIBXM`)-oyimhZ9duJT38f
z;#u(iWnXg>FG#!?ZY!Q;iB~3GlX!jNO^LTAZqoeSa6l=unz)v@J#km!p2Yo$hZ2v%
z2bS`uCLT*XGx40n^Aj&hyfpEO#H$mpOT01hmc)(v4n@?hCGn)hZHYS**Aw?89!xxv
zcuL~wiD$qEmG+sPcwXX#iI*f^o_JN_wTU+*-kf-X*524}bK;4KTN8IA?oQmBcp&j`
z;>n4pB_2;aEAiaK3lc9*ye#p`#A_0-PrNDd*2GP^rigZ^CaxuJPu!KbCvkt`p~Rz!
zrzRdtJTvi}#Pbs`O1w1jio~lEuS>iUZZBhOOX5adr-a^;cv9lF#GQ%jiTe@{CLT#V
z1%5-R!}P>663<RNFY&^}OA;?nyeje9#2XTCPRu`c8ue*TJTY-=;*P}KiF*?dBpyyY
z89uli`?SR4iDxCAn|MLu#fg_CUYU4J;`NC)CEl92N!MHrhm^Wi6W0>A!yU!bmAEHy
zKYVEM3?&{-JT>uH;+cu(B%YsmQR1bES0rAYcwOR+iMJ$fto^gjEr}<=hm~V#OWc{b
zp13dZVB(R)QxZ>4JOe&_f~DDs=Otd4cuC^riB~0F3wKViv?1~4#1nMQ8=mIG6BD;4
z?nvC7xHs`Y;^D-T6HiM#4!^O~b5`QHi5DbZoOoH{m5J9RUJoBp%HNcDYvLwdJBO#5
zxR$s*aaZD=#Qlkf5|1XHns_Yn%*1mN&riH4@zTUA60c6YF7d|1TM{?wT0V}wCGn)h
zZHYS**Aw?89!xxv`2S(=eZcFg%CzsDKWzg&NE$+kG~#IpkU}VF32lI&rzMnt0V53%
zm?&wRwgCeTZGeDLBUFeQofM)*jlL;X$!L|}WSpv114fJ*HE4CB6X%WE(dtAeqt%Hs
zRlob*dp+meS)2&-e)G*-?|01uyZg7+diK4awf5R;|2gZNv<i0!cM10j4+tL=J|sLU
zJRv+Kd`$SbFu%ZUb&m-b2p0>N30DeN3)cxZ3bzQi3-1-~5$+cr6do2H5gr$w6h10E
zD||vY2hTv(4*9}y;ZorW;VR);;RfMm;Wpt;;cnqR;RC`$!iR;&gpUYM3(pA831{Qk
z&gz~kTqs;3TrQjtt`V*mZW3-4?hx)0?iC&oK1g04jbn#|N68gY{)F(9@G;@z!u&$A
zZ5tCV5H1!jBVQWrt5UdHxK6l{d|Bk*BHS*#SGY&GUwBY>Sa?KuTzFFWsPHWL@+h7Y
z!Z~=Jw)}kIxNxa(g>aQ{t#E^Ivv8Ymr*OA$pYQ?UA#!CD|6$=V;UmJ+!ZX5i!r6H4
zH_cq(Lg5nOa^Zw<jc~nilW?nWhj5p0uke8ILE%HfqrwxyQ^Lo{S48c0T$q0>-11|>
z1;WL`Wx|!h)xvecjlwO$?ZSJ7dxZOi2Ze`)M})_PCxwp+&kCOq&cV9}YlnQ{xNxa(
zg>aQ{t#E^Ivv8Ymr*OA$pYQ?UA>qTqW5P#-r-f&P=Y+HIOl)<}6)qGm5iS=_2-gVL
z3pWY33U>&13HJ&Q2p<$aBs?lSAv`5~O!&BPfM;>5drY`MxLCMMxKg-UxK6lHxJ9^K
zc&~7eaKG@N@UZZR@VM}#@KN$BqH}+i{7N_e3+Ldu-175<<HDuF6~a}*wZaYLM6|DF
z;Wpt;;cnqR;RC`$!iR;&gpUYM3(pA831{QE-{Q;_E)*^iE*DM+*9g}OHwm{2cL;Zp
zH$-jKD?A{4Q23DWsPKgFl<+a(<HDTKZ~Ki27YG*%mkC#rH%2j63)cxZlCO+>T7=t$
z_X_t2_X`gS50k4R%@N^o;YspUk<U@#S>Y4HIe2Gd{`taj;ZpLZNV7t?O1M_ILAY7C
zO}JCITewg7fbfv;Vc{|1Bf`_dGs1Ji*?7le^~x146fO}i7fuM*2-gcY3AYM&2zLqh
z3J(Y$6h0(8Dm)=PC45ZyxNv}XPFDAraDi~KaG7wWa5eersBhE>Hww21w+rtT?h)=6
z9uyuH9uXcFo)kVRJS%)cI0x^^EdG4qxNxa(g>aQ{t#E^Ivv8Ymr*OA$pYQ?UA>qTq
zW5P#-r-f&P=Y+HI?#=3+D_kgCB3v$<5UvrfCs#-Pp-H$^xI?&0xL0^U_@MA1;ZflU
z;VI!`!pDXAW4IP)Ot?U}Sh!5MQn*^UPPkFHMYvsfuW*lWzwjXWny5X8g-3+Pg(roN
z3eO6k5YEAS1=G(LjtiFxR|r=L*OIS|;%pFZ7H$*n6z&%8Bfl!rIUqbFd{}r)_z1Zs
z+ICuaMtDv*8}ClcKbL%6v~8hqiEz1aLbyh_UbsoPRk%aAOSo5fK=>f}`Y5(T!lS|y
z!c)S>gpUjJ2cb<fCR`v~EL<jBDO@dFC)_C9BHS*#SGY&GUwBY>Sa?KuTzFFWsPL@t
z3E>>Pqq26$7mf>;3RehM3D*iY2saD233m#23-<{h5FQdfEIcNBM0i?wMtDv*8}Gxc
z?zzH+!X?7x!U^FT;d<dF;a1@e;V$7`;Q`@;!iR)Mg(rlkgpUay7v_(3S>0p81;WL`
zWx|!h)xvecjlwO$?ZSJ7dxZOi2Ze`)M})_PCxwp+&kCOq&cVAeYlnQ{xNxa(g>aQ{
zt#E^Ivv8Ymr*OA$pYQ?ltD|vmNcgbunD7zdY2g{+IdW~JnT>Y?#<{|U!X?7x!U^FT
z;d<dF;a1@e;V$7`;Q`@;!iR)Mg(rlkgpUay7Y^_)#OfXsE)XsjE)%X4t`@EnZWL}2
zZYRGcYX80D8zSxz?iU^u9u^)E9v7YzJ}Nvbd_p)Uk%}Q-I4)c&Tp?T~Tr1o_-W-J1
zEZipCDcmjGCwxG7NcgbunD7zdY2g{+IpJ))cgd&=Ldz8{6fO}i7fuM*2-gcY3AYM&
z2zQZhjAG~&9uPh#d`NgyctUuJd{d-(O!&Akf7sM~V&t16{{rD+;WFV$;c9Yyv~8Vm
zqi~CGyYOD&9^roSEs^G+@UZX*`PRs1TzFFWsPL@t3E>>PqcWX*@?S)nap6+o3gIf@
zTHyxaX5lvBPT_9hKH&qxL&ArJ$ApgvPYcfo&ygFVI%eZtnsKghp>T<CIr+8Gwh7@H
z;d<dF;a1@e;V$7`;Q`@;<kv;}JtRCTJVCxK@|hAoCVZUS82RwWe2rtm1>`M}PqA>B
za3y(b<WntNC)_C9BHT{i7Hzv%xJS63+!Xl?3J(j92#*U-3Lh1o6+R)HgZG-YuYBRS
zaH((wd3zLFm2j<agK)EOn{cOaw{V~E0pTIx!@^_2M}((^XN2d3v+>@}>XIv5C|n|3
zE}Rgq5v~_*5^fdl5bhH06&?^iD11nGRCq#oO8A)Yabf=Ot<^myTp(O5Tqay8TrFHD
z+$h{a-VybgcHzCkJ;MFMgTlkYBf{gtlfp-ZXN6A)=iuFv#g;D|7cLd95Uvug6>bo2
z7H$*n6z&%86Fwk3Bz#zSO!$cKwD64ZoNzYYS6SV2g$spCgv-f0qvMzmt`V*mZW3-4
z?hx)0?iC&oJ}7)hcvN^ocuM$~@Nr@OXuH)VCR`v~EL<jBDO@dFC)`MGj@qh4xLtTJ
z`S!@CN4Q^jP<WVpN8~>uJT5#be3bn9$bVM&gm4bt7n)B#xh3+C3zrI42v-T$3O5Kh
z3%3b(lJAW6)h*m7d_Z_e_^|Mp@Dbr@@?DYsjPRUrHr{udPp)vGaEWlaa6-67xL&wP
zxK+4AxJ$TKctH4|@FC$*@~)_k6T(x%$ApiQTO)t|;R55BaDi|!`R>TSOt@0GTDVTQ
zQMg68oxD5J+$-E8+%G&RJS;pSJWk#dX-*0s6`mD7A)JHvE4FREa9p@lxI(x}xK_A9
zxLLSOxKp@WxKH?i@R0Cf;W2VsRQDso)50^tbHdqp4`kcs3Kt5O2$u^dglmNBg`0$1
zg*$}1gnNYtgbxZI5*`(v5S|h~CVX5tz&jYLdrY`MxLCMMxKg-UxK6lHxJ9^Kc&~7e
zaKG>%`JU+b4hxS6j|)!<9~GVzJ|Ucg_fMvuFB}&x6|NAj60Q|)Am1Cs+$`KC+$r2G
z+$VfMcu4rL@R;xs;c4L+@_kV}bHdqpM`iiB!iB;m!sWsV;Tqw3;U?i$a(fg*hj5p0
zukZl*{>cBJ@FC$*;R)d>;bX$bh53WprXLe75H1!j6Rs4l7OoR+6mAi27v3w}Biv7Z
zAgcQy`3(^d3y%no3r~_eBLAbpv%)9HZ;X6$@b1kxUpP*FQ{+=BTp?T~Tr1ol+$`KC
z+$r2G+$VfMcu4rL@R;xs;c4L+;W^=Kyd$(a<_Z@Imk5^&CxmN+>xG+yTZKD>yM%j%
z2ZRp_9}*rFo)DfAJ|=uzn19?i<IU0WjgdPeE)XsjE)%X4t`@EnZWL}2ZWrDw+#}pi
zeoGY3pzyHpi14`Zr0`MUS>Y4HIe2$#`^p!N3zrI42v-T$3O5Kh3%3b(3U>?l2_Fz1
z5<V<ECVWJAT6jiyPB<Iyn62))!iB;m!sWsV;Tqw3;U?i$;SS+0@`KT_?iC&oJ}7)h
zcvN^ocuM$~@NwY)@6K(%G2sH?V&O93O5tkZI^jm)7U6c`y}~`h{lbI7!@?uN<HD1|
zM}=pFPYCDWeZRFszHprUP;^{Mg)4-s$a^E7THyxaX5lvBPT_9hKH&qxL&ArJ$Apgv
zPYcfo&k1Maa{!A!SGZ8PM7UfyAzUL|FWe;DD%>I5CEP1KAbe2xknpJRgz%K`G2!FF
z0Y1mDy2peIgo}mCge!%sh3kYHg<FK%h4%{g2=@yQ3J(j92#*U-lHVHj$)m!v!Y9ZN
zM?N|DT*WwFI4)c&Tp?T~Tr1ol+$`KC+$r2mek6*gPxyfFknmyQG2tV^)50^tbHds9
zyvX*OD_kgCLhg!UD;G`(*9g}OHwm{2cL;Y0_X-aP9~3?$JSsdPJSBWg__%P;n5tKd
z{I;l$1;WL`Wx|!h)xvecjlwO$?ZSJ7dxZOi2Ze`)M})_PCxwp+&ywFBgmywW2cPv>
zem?mfkxyK>RJcO8O1M_ILAY7CO}JCIo7^4kw@>(h@R0Cf;W6PO<ab6o)50^tbHds9
z4AcB`g$spCgv*5!!ZpJ6<ab3eGzqr~cL;Y0_X-aP9~3?$JSsdPJSBWg__%PeEfr@>
zxInmAxJ<ZGxLUYQxKX%8xLtU!aF1}m@SyOp@QCoZ@TBlj;aTAm!a4Yy*^XDfa9p@l
zxI(x}xK_A9xLLSOxKp@WxKH>1`7fisG$edjcue?+@U-xZ@SJcqKF2owT;W3D65(>;
zgm8^;y>OFot8j;KmvFD}fbc=#L&BrN6T(x%$Apgy^AF=$-DAQ9!o|X6!j;0+!ga!p
z!Y#t>!h6X*(edpO?iU^u9u^)E9v7YzJ}Nvbe1g0$+HcOz6z2=ag-eAigsX&Wg&TyM
zh1-NXg}a6OgbxT02_F_76Fwq5Ej%MUC!CGXC#@ZFg$spCgv*5!!ZpJ6!cD@h!X3h0
z!o9)+!Uu&936Ba-2u}$g6Fx2+;B!~2drY`MxLCMMxKg-UxK6lHxJ9^Kc&~7eaKG@N
z@UZZR@HqL=s6S5%9~GVzJ|Ucg&y#K2eBroosc?mGm2j<agK)EOn{cOaw{V~E0pTIx
z!@^_2M}((^XN2d3vtOU8d#-SyaEWlaa6-67xL&wPxK+4AxJ$TKctH4|@FDVJ(Xk#C
zo)DfAJ|=uzn15i?bYj8<!o|X6!j;0+!ga!p!Y#t>!h3~#g!_dD$-Pm1hlNLk$Au?_
zj|$HUpAgQuGo_y|92YJXt`M#gt`%+&ZWeA6?iB78?h`&BJS2Qrcue?+@U-xZ@SJe=
zU8%a~3Kt5O2$u^dglmNBg`0$1g*$}1gnNYtgbxZI5*`(v5S|h~CVX6&f56uIRZO@*
zxLCMMxKg-UxK6lHxP|=gs1LW3-xKj(;U3|B;X&bH;Su3+;Ys16!n49BgmYR`@#G7~
zg-eAigsX&Wg&TyMh1-NXg}a6OgbxT02_F_76Fwq5Ej%MUC!BqEs_wbMg~BDm<-!T!
z8sU23CgE1$4&g50Uf}`ZgTjY|M};SZr^xS(`q(ky<HG!d;^q?*E)XsjE)%X4t`@En
zZWL}2ZWrDw+#}pi?u+6d6do2HA-^y385f=uK1zOn<TERLLO5qn$|qkqE?g>HAzUR~
zE8HO5EZipCDcmjGCwxG7NcgbunD7zdY2g{+IpOTKRNZsQABftjP`E_6TsR?IBU~@s
zB-~2wkMujpAB?z*{Go_@$^R?j0rEh^2g&;*K16;z;!*O4Bc321h<J+pk%*6xKN|6I
z@)HpU_kaf@j*<T=;sWx=A}%I>JmNC)!H6r#pNP1c{K<&x$WKPxNFIu~h5S^+?c`5I
zyqEmf5%-XXBkm{vO~ixbPe(jV{@aL0$cG{xCx0g5N%ChSK1%*v#IxkX5uYG`KH{8v
z!C#0tpZvv$<K&TuOUX}1TtR*&;wti&BCaKmM%+ODa>UK#XCrPSe<k8h@>s;(<gZ5D
zNB&yG2gqNKc!)e6@nP~eA|4}uGvXuUZ$&&!o``sc{9MFy<ZnlueINKc5$BSRL|jPz
zZp0<z??qfr{=0}1<jII@$ls5+p8SJ|o5+73aVvQ$;urgG9F7@S7P}3~vCekPmGKJ4
z31-4_@%I~JSid(j+Ma$)S71>+rcDEw<cl3Am<cNsy)2|n?|QK6Rk|{)LNjeVa?SHg
zAZ=xIG{)<xkQ2;=mB@bC2Daaa!Mfinq;s*DnciEFK~A`Wa_AL<*)BO)vyAP+Aw>1+
zTp3oOnI4BJ)vK5IPIhI~<7uXP^+*?BF*CitMTY7%L9ZHljE_1j<N8NfR1dc>Vf<Ky
zW_s*is&^22+%NTB;>xJ^dn~Hg?#i$V&Ge2VrFx@MU$!^PsK-Cwt9l)-46D#gkAEUq
z^(I6w51yuXp{Li0G9E88)8n7cRlO;xZ$6w&?@CXv3uTPk%=BL2=^ck&F`U?b%ds}S
zt)5;l%F^la&#Q8q1QuFBV@i+5#q{3f=?$PPfyIn|wEI21O6ZLspYffEwdsA>)0=i>
zScPVKAM*50K#%pHULn?|_c>4Rs4EM_gg@=+<!njmoh5pcp58Ihpr*z59ZxS`^y1Es
z@&4A+n-L9QQg7DNi;G^7^P^t)x3ICcad%cUfJwcjXeY*+U?!|o^oo&Y8THPGA9kJ8
zv-1jBp;>*;@$@Q0?_7AAUbUw;=gK0rRD4%@dR3xVB6{0Ay%P)Qz0T9C6}|IC?+u<F
zD{pmVjK=qRdJUpiDtdjM9{<ES+ttkU9`p2?p;rti_UF}D(~sMI+SB8oC^rohC;2H)
zuUq0PbAHqd|Moc6)?fH1%+u+8-P7w6y|tqE3okzYiSu;z{YOvlfYi5K^m1|0hD0(x
z{)uv)-)0u;QuvV*u3!v$bzrvNI;>g7I7&Ue1oWzqZ)SSud3uEyILF~cy$Y;N?;1~U
zFZ6hQF*Cg?PwyD?cpRvA8P=w^)6?r+puSr@y@GA2`c{hGL!RCc^wJ%VH+gz3&?|QF
zy+ZV!@bnHt&*})bBtP!y^+1pNWqlLQkLgiQZ)5?zFM4|YqPJ1>zVGRcLXX!gGmG_z
zr#A?_YB({zDy-?p_<rr_O)U`LFFn0kiEoqWod#h@B>VF;66yNOOW?;C5?E*_plAJs
zaaw#Oo*u6g!{HXuKlG!W4In3&fR#371cj(8>w7KIEMt8W0FCbe%2{S+d^v!ea0S&n
zQpdLjc`T#eYXPb^xPV^0r&lL>yjM59c2Dmh^tc~0`qB1ydX3O4Mn3CXi#7eY-J<}F
z?-0t<9glZ<dV8T~$KwXkd(zVzgI*5G&A4CM$2`4Z=&_$NK8{=TV|?H8^f+F(BHzsP
zzUJwTLvI95)Vm35)BCljmq5Qw*M7hB^tyMZ+OJ;pPF^&>{c51c>$4g6OIrj#a)Jri
z5cJxyW_-6|%`(Puk*C)Ny?o@Gncn%HUP*HXe-<j#Yrxv{>O8$Jcb@usulDqspvQO^
z-|Iy0UQe$Zdg+eu-JV`6^z8UHir%|Dz1{`l>+$ruB)+Yp_mrpCw}9S3Pp?<>nnZ8P
z)9Z&G+t<vF$KQE+1JL8W1lw;1ob7o0yQen?J@$7q)BByLH+*|WZ~{)$YsT923UK41
z=Wh)P;wI+&m^=-B+$O;UZ0L@Rpb=~8@fqLrUg_zzETDIpr<eQslwOPI?eO%vp_i_|
zZ1MD3p=bT&F423tr`NlH-djDrF45!oVfFopr`NxL-hih!AbPt+Z`9K}0KHO_n{mIi
zFM4{1ptl$KJRWUW(~sxh4?VpJ6ig%E%=9Kby~>u1U;tXwyBE%;_Zv@d2>mSGc=an!
zZ|bhpc*Swc^iEkazyD1_Z@_|ceoW@TkJ}`efYt5F2&Ucn@c`1Mx60FNM;wLW7STWS
zqZNC4<#(s<|2j}^dR3lYFZ9^1W~TQ_Pp=Dl#c*Q#y$Ng6yVcWUzeuNdqo;RJ^g2ba
z&C@&R+8r*TS$w-Zy$R@Xzl`retS!EGdU`_(=yiE|Q=+$5^gib44KJYg5l`=!=shfY
z&v|->pqFku829v!i(Z%L{oK<VSs=cno?fs!)qZamy(|Qy<0;SQbn*Ss(~CjR#;b18
zJJZt}hh7QF&FuJ|4nK0j6%<2{=NXUhyRf$7dy%Jie1ZC&@9FhReS1XjYEN$tdbutJ
zt}MQdp57qz%23Yu9(8`~k6S!FJMU2xn&~xodXo}gFFdWj9iCpywY!r`#&@5mcU1J=
zBYN-g^l}%_+vn-cie8`S{k5l;zkuE+J-rj6_kPhE^YjW9(EF07m$N6;pZi7c$DUr{
z0(w96^zudTL!x)W(~Cndj&d_QzW?g!#i7>-C-#>CtnK*bpEUn`OF)l)W~O&4{KyGc
z&<VY`yM8>5Jkwj_=?y@S*LyS5EA{jS+A@M#r*{C(ruS-3FBkPncfWS6r#E{~>VEB`
zqIajK*91L|8)g<?v!^$6Z|eDc5Y86gyF5LfFZe%cruQ~aul&B$c=a*S`=qD07h<MC
zQRBbz^lG4I*Q0}?_YF_4Yk~O2JiU5}?~|hUPo7>6^wPE8Pd&X>=v709{clM0PCj{l
z{~Lr}G0M%XzKh^TPPl?Y&}#ux?^9T_jP)<^^v0o=k9;%JJKNJMZcjbG4a3>=HhFr}
z&@&Bc8gKCQ8lh*$<I|#do2Pelf%tCq^jajoL!#I2>CG(=-yTnIP~!Wn=)K3&<9Jhy
zax<&%K2L8LdUiYx!<l}p|EE2@IQm7ii8((epYrtL_`s&ZjR#+Fe$@M(r`H9&bl1!0
zJiYn{QrF87(L3(x^+69+PMX#CpFO=U=&|3k|2>1X)i-bH{Qf+!KzygbkJ}`$&;}&F
zQKU_8wWl`(y*M{;MnBprPj3Qx948syvsjy6wWl`$J+`Zv>0RmR6~7^MKRyO$)4R>n
zn_8g#ZuRu4p=a&)HPO4r(>n@1i-|EBw|aVw&|^JV-*M6VOHc3E0(x)v^jbvko1!=9
z>CHf|66IzV--kWDcIa_jVSE!<Tl<ZBdK|yfji+Dn^h!HY<LS3W?^m8)0(vzTobzMy
z=bm00^o}B*@f~q~Y|lLWgVQkizPKBD>8|Iez>jrGV4>B&F?Buv9@19d)t=r7=&{Vq
zc$KF&h!1*^6~;G-wdqxRdI9RyWMa;b$tyj*Vd#~*@#P23kNUTHdQGmKs6n&%ZuRu0
z-<*nX%K1_6eowC%dW95nW_oR&-VF5Y{QU>`T7BQ+>FtFc_hV*y`#ilwXX^Z&hO_An
zdwM<4D>pIc$K;cqUK8~Ck<b3}W9P>>zUS$ULaz+@W)|Obo?h^ljGzZj)H{l`#rGRe
z?>O{KgPO*_^7MM3hpbTVr=qv~l==O64tnXv`(^N>b^;5nA9^-k9YfmUyVTR;PSYLV
za!+p<dUkw&A$s+mULo{Y4>POpW=}8Y!PN1cfwRTe?&+04EMa2KkI6lrUMciOkk8}s
zE38fLgPvY9^tw=PX7TlTdNa`LbLZPEoK5cwp583<;wI+&nEZ^Vw-+CDHX@(#{Tgf2
z`@W}_i*z^2%`Cnnp59UD9dPj-hqLL;d3yawA22cJ$K-E3y{?Bdf*GgxJLiY01*gAc
ze*a4#ovy#+BA+oNu+ZANQvGEPX^ZbtPp<*#>TrwbANtYCJ-spLaU5m){TtS%SMTW^
zK)RR$&P;E!r#JAn)cxNH_?lk3r#FUlzKJ<MCii%HvA3u0$N%X3*nT~p-jv&p8Z?XV
z9iCn_^te6i%L|&t_X$sLdI7ybPp?k&GDYt>Pwyzw>BhftPp=VrHvVOc-oJW!`KP8I
z4}R_G%|fr()pxPz#jrh+$?JI>X*HJ7@|<5*lnfT~D}W!z&lmD5O0(Y!oi<l?++GGh
za)Oz#{CA}4u~h1Dv8PvyG@2l3rgx3!*NF5LNw3s?tB|kzt&siN+&lK4+dRDiq%TRM
zcdMt@AbK`uhI;pVdXo$2wRw7-&||-1f6kM3d6%b`n;Qh@q>1lsp5BneXLE2E-$y*X
z3g{K3(PKMk`yG+^mP>q}@$?#?w=#|1u&0;Zox1)Oh~76ny-w)yeSn$ugRgpeh0x<T
z#r8W>^nUK?l`l(wKYrBHD|lxrzCzJE;px>tkL_w^@tujdv03uGtcTyr%?WGsI~{)7
z&Sltd8Om9Ym&<-H_Vn7Jw<e9=YEQ3G>akMvuJiN`vK|cBnZ;M_>9s?z6Ml^EY|-1{
z=^e@o0{4}aP|@_ZczSd1O3i~hNA!5y8O~xCPu*#lJLs4z(|d!bH~N>U@#Q?x`;e#C
z3B5!bz4v)~$Dr2;Kh}4Z=>4^)Hv+xVG<u)(^s0MO&v_S!-d8=n8R&hS4dBe`JL>86
zK<_wWV|*8i-amPIeW#}%Cx7bc?R_lO|1J`}0R4mE*zuTzUb^xA-#xuy=v87n#<xcF
z&hYedmZv|@^Wew2C$P|Fp*M^*^)42@)t=sA=-nJ{5&dKBx60EyfC+JBPVW-Y+u-Tt
zpAiK6(&$xsdPktg@s{ze7robddV|nQcirMRq4hoX?o|J~RP^q4dTU)w$Dnt;U9^!$
z4Y&ty_4ZqVFG&2*ZNrtdOQ*Nr>i1*>ZLS`bvfn2>y#n0qZb_r}xTkmcy{US<LiE1q
z>2*La-TmZeJ-tFaeAx3_LiCP!dOgtlNt*b+<>{3}F9$k2ZW~4KSDs$m%hLC&pL=?h
z?@RUjD$&cqxQJx(JQ|1IhBWbI!B6`^JM@a-$M`mhUfk2mJuCfuy%nBbKlJQ8susQV
zp57?*ZcP*4T2HU`{i)-7t?1q0>BVsoOm}>*^Yn(GXUDfj^zQKV%AwbuCcf>S-Wc@y
zUHe@xdT;jh4nmLLAu_Y`;{i{v=>w_w_&FE-cpvaSPj3u*drS;#)9dy0I-u8savt9s
zL~q#BtBj|Q?@3QD)}M;6PV~O+>D5E;4(!*=;(ON9D~2AQLmA&qqW5D@Z!``c6T{l{
ze(347K+ldxz345%bq~qp`O&ZvpD!@Ondt@aBPU#b&IdDsG59gQTd`&tkH=Y_-e^$}
zd>cMyruR}$ZvtNkDMcam8bq(c)9b^{c%O-3ZF(1bdM6%Fy?=R~=xz4&%FYdfQ&Dba
zde?h;hd-Qp|I#RWEuLQDJiO~NF|18*r>9r<kyLzJMem)S-W2pOq$bVux;(x7kEZ%x
zljuF+>CHhe-TC&or&lU^J4Ej@o?d=Q5L}atE>+)QPp=AkgYe_=W&dJ5*k8Wo=`}*{
z(lmNs^Ymt*SM2oe5WSyydi~H_mqzc$o?h+~sq?Kx^cG?8L^64P9D!ba8a)oOtW(03
z)r%gco+ayB=;@WN3ixwCNwed7hNm|GJv)C}MQ^pI*9X0qdG{q0U*+jl4q|=|ZZ3H|
zFqI=2-<3`e*`Xc6P4)yEz?sGO3QuqNlNmwlqDYVTG4$i{z154aYjrfA+1I<#(<>fM
zUEeTuAgR~p=}kiq|0m7j+vVx)g<dhdSl@Qh>-O|=FT!&`QZ3pqlaF|MgU}mydJl-+
zhdsT+(EDZ@y$^YMZGV$`p6(F6&wF~^xOwJtrJ2?Dkf+!B>D1>(_^2k?en0T^hSmhZ
zzo+Rh-}UrH{ucM`uD^7O-oH6L>o5F!@pwc^n#K29PjB|~8Nm<=c|0Bzy+S<aaC3X^
zsazif4<*%7$Kwq6Q9I$v2A)ZsAA3b_ji)yPz01<XSL*3iekmiEgCFC2SoAh~dM7G^
z;45k3yWZ0)|8nYnw@dWy@$^P9_@SwiX6@JN=~X_P8t?I{GI@M^Jw5(S?pGz%QtkJb
zo?adF8sW$K;?+)4Z^+XtzASxwANTZzB|f}zNa}sn)8pUt#{WsP`i^>f<It;i@v(o=
zkK@a~czXOh-`Q#U^NgpL|CNk@bGcdHM@8=xJjWuL?0@Z7V7@YZ%q%`WKa&%#VBqUG
z-<)2r=$+^3)nkL#a|g~$ugKGz{Z{JxJ$N)s*7sGO-spxP_>zfXZF-wLz1X)i0zMb9
zzIgOX>h1FMx;6&EtJCP+;px?WC-r#>ZuOITJ)R!_CTe*ay?1ze2cXvoKgNe!)ui5_
zrx&|2z21jCz3d|?J=|I*^+r9t1oTGI#P>x{uL*j*FJ*iKqW1$&k6%8kJ}D(=$K$)6
z-pF?|g2VXio_e@dO~&_2Pp|qqd^VPn3;mcp=IM1zXC&tn9uU23yr)1i*`N9Mvko!C
znZ@@fPp|(+8NqB;6yHZh?`2L8VTX1corUjn%uKHUe&mEJ=>Esl^A>JBlJ%|d;w!Gj
zca74-cd@5e_|w$!_?YO`dU~a=Nk2Zn%F}EAS?YRzQ1rHWddH!6k5v|HtMBVPy{coW
z`(4}`CF}cur`K`=zB83Z?;cNY26{IB4T)Zlr`Hd?cpANTczWeOPu&lFO7uSF>GAI!
z;g&LKR^N|!diBs_KVW~xtx>YR-}Lm3LGPBNTB`lN>gjbsug>Y=Rwk+U6Hl*dbNc6*
zfAI9CpjY7Z*#B7%UO)cL(`$qtLQI;~_qU$jap*O|i}n4i=)D9xK{9#14MXp8W;ipw
zli){Axcs_bq@Je_i(cH*<KGgpZMdoFt?={;XHv)G3!-<4r&o3(?*Cm3s#oUe)j)3;
z4y^Bp=+$_7{JTNv#)GRpz2KLr<AGbZ<nd_o^!Rs$(mk)<=IIrP-l*uk!PA>vK<{2p
zuT1oC>yeD_-JV|Tru6akczV^MHzs;dczXPsN9mq_ANTYcp=amY*F^6No*w@W(z$7l
z?`J%{9*J*U^uFuqbwlq5Y4j#My+P<zK!^S1o1*s%Pp|oAd^Z|CX4aqo(bJp$6|R>k
zq#mC~>BsXo`=#^Gx29WzU}qY=KY4onzrlPJr-xgkq~6Otz3~S8Mi0u(EWR`0M^3nc
z#2nr~yXz%x6_R?Fd3vp{3xao;7}lnDiKo}`@2TtM_e8JW(>nn@yz)$%>23D(Vkc7X
z$0tSa9#4;de<I!UbgQRV4ZULQmB-@;qPNe}<KL%9cR$(f>9t6FQ=)g!)9Z)cJ;~ap
z+V2TZZxDL<&|!T4AbMk-UVdW`>`$ZjB~S10A2O1k!%mCdPdvRt&^s69W_CRO!PBe!
zQ|kWZ$D;Q~Pj7ll`ul_5dwP9AX7YF(6}|j3=bs<^TMOxq$EomRtO*zRVd&X-k6W!|
ze?H&SYlI$dQIlr%J;&2)&B#pNzu;CTsdts9Hw3+PNww7RO?Y~TplAILm(HZ#Ydt;w
z4TiU)+|1&u_w=Tq$Mcr`1(&*{-UFT<|BgUEe9TPm9#3y5D>G<DA@wkHCH3Cx>E-SW
zf=`$j)~5HUr&o}ZnVerdD|(;u^hTifmud7q;pv@#p1n`}wdj4r)2nR`f)Aw88}sz~
zPRb0QqgdbLqW4ozZw7iFPNVlDPp|&u%;e{TzZ1PbczXQp@_{sZbDmx!elTeSevA)8
zb@F&D!_5Vf=<Sh};lr79_b)N{@z^AsUp$tX{QT(OMDIMOx7hhLLeI8gmL1<BPj3i%
zjVNb)7`l@2UFPWxK<_jPIWxUWJiXjgGL!eae-ypfczVMN=+$_7C8Ed1;(mGk-RbG^
zH_^Xf!C`IjZT0jL&}&0ntZ%01bvZp`g~s0~=W~FW={@A>4ZkEaIUgxo^giyz$KNOa
zUnYjN>3!7G8#*;Jm_<3`TP%8C^Yl7eaQ|n)ir$w!y#f5N*QC2Yz^RvPzkl-d`tAw>
z{w9{0#rIQBuRT9A=tLpo!>N+g%f^RAXx8NO$BEV;z@tmjOz%&g-dsVdzo087^;UR#
z`F95ae@n{D^p?YqoNxuXFU<_f-RA)~G)cXSJU#waY`XZ)_w=gHO2x<DNaMcP|2BDg
z{EgXk@7p(cdJWLC`-42uYxMNS+S1Qg{tHj9_2sGY1&1aX-y1wV{vPYuJV4H@{qFVj
z%Ho;H-}hNAdhhr2dhQK^?P>Jh?djDNWd=Mi*k5p{lkp9EdUN-sf1Y{L)2l5`9gj0b
z?}(?D-yQ^Su*za>_5GHo*9^VAC}({9T_Zcb$349s=zSoK-amVKGtirKdN|Zcy<E)y
z(DS48{`8+OEQKFqNVt8C;s^2uogNNNQtv`fZwPu%pxn&rTjJ@poQwX4Le>|DCaL#o
zPp`fM^BL0UUF+#}o}U@?y7LWHPwL(2>5acB`o4)DU$du|UzVACenY59y|;RLLvP0X
z9jhcn4Ld!(nl)%YTohT~64Bf5=^cM42tH{dqSx=~9bcarjJo=w>dE*%=jk2j3Ifji
zGc)N=dwPei$V|>>C>6aaPjBLFLGUM(o0;C<d3v3%%nasG$oj4py*a065)<9&KTr9M
zr`KMUnVi>$LzArU^0Vgm=cCYjy@?}8i*FhH$O#wtF!To9^=Pf=UF_-A;%4$wZX2#l
zZ?&h_P@Ni2%SEr+)64EjU*9V|z1C||<I6hH+v@2RETH#VPp?b#Dn#!gPp=euo741{
zH+gyk(5rzCkMCuo_fb!;b6@oPE7pY8e)~PWnOCL8ze>^jywgKgWRIqfAu~+xkf+y*
z;CSD}_+BA;-}Cem&@&Cyd(P7vg&wcB)JuroKYMyr3+VmA)0+^zjiPt*%je&ZS1+Kq
z2!4z^!JuJNqKB>>mNDL9Pp@VHy_b7>$3$<F=p{V8+6DA3_w<g79!`~He7AUdbqna#
zd3wQhspE02=(Txz^$Y0j^7LY&hftI8J?iN-ETH#JPp?4qt{1&ed3uct=zYS|D;B+4
z(Hr;lnikOeil<j5dN+vPF;A~~0llAidX=JACwiIj`Te<N0lhzXdex$Lljxo0>9sDP
z_fq)j`B5i&^`ckd>9sAOcd@6}D0;VwUY)1czJT7VJ-rsuYY@FVJiU$u^tO9??V|TO
z(R-t(*9krOxHfFF0QL^guX_Q%4|;xm@XMiqGaFmK7@yw{1{U!9vFA6qfM3qa`FcYO
z_+9Av9a_NeHJ;zd0)F>+eq->nI<m^fk9vON3+O%R`5jq6@9Uo5<N|uX@cgFXhufT_
zS$r8q^V{#}0)8tzzhevdm3w|O3;4at^P643ugUW}zJT8Yp5NR8em$Pw3HYV!r%!l(
z*^i}fzt4MqIScq5@%&;7`2E83%Y~o4L*v1-<96EF^N(8r{L-DjmwA503;5M~eq{^z
z?eP367x3%w{Hho5>-GHV7Vtah`86)!H|qJdz;8*i*QeTV((`LuK<^ixUnl(1^_NA(
z^N&Z@0{cD7^Xpk)zw14}{ssK5_xuJI@N4q?hT)g49uIhahZoS>=lPAn509Zq%Xaip
z&u?OZ{eIT@Wx4Gp7x4R*=Qj<%Q<8g49p9gOezWj9IgMY&Ini;m{hol|(lmZA_55;r
z)3@J6o?q?)epSw|%<ZcHewWLBGr(M~gP-=_&G4)6{FuDW=~>Y`;1|!fRHVh!t?*-Z
zf(h7O+#lF{)<-j=GCnV~czPf23xW>36EkCMw4I*b@aD|WkIzTFqPGmb*2diKyxff7
z9&Br7dR$|(r1j&=ah-9@)k9`83K@GY7LIkQS9nuK@EhsSrnhtZZ7sX*yY0^Hcdp)b
zQ9K@Bb4mI7i_6xOt-TmrR<=g|UAL}09$$CqI(X3<Pk!@NHJdUrOo?syy6~7_*P+$2
z2tkyGsS?D5k^1T@ue>Z?vTgUSJ$u@A?P|I3`m5uq#9cctT(f%Z+SO$jUb^POookxb
zue+qYVpaT-)yN7TE8~!&YJJ=GyY_6k?V7uG><Vt&eAR6mHg0}(&5d<e-Bxo=-BmYi
zsM&l)*~uF=UUS77_UYAo?!U8b%T}!0c1P=GqqgnsZNciMEp1zZ)m!)M30800b?2Si
z??PUCxQErZa}O_IS@UYmD(ewqT8{+N(($03HE(2ift{fkujIo$+I25#-_&+?L{>UK
z+xtR(=fRI%<AwZ6ot~YO)Ju0xUV?l*C)t4M&Pl(|KLNjuSj?;*Tx*NYAl-<CF|!R8
z>hm?&&@|wd<lS4gZoR!N>hJ8y|I_FHr_V2RZv6kH&u`n+bo*U9UwofmgOdWoJ?w?Y
z`D46JVep9BumtmhF5v0*pJI7W&wh1H--fP5<M-hc#j^FCYqNqKdF7>_I`6bAD!+Z+
zX{Vn1*h^zezOm%<OJaGSSn_Zzh%Jc~BC+-pu}vohu`^<^&&QBhvKRw}_+dC<Dz*Y;
zOW$5}-lsE{|9<h*$=#Q(D0%pdU`5H>tJYQpi%-XQ9Im;%WbtVjb4%V{UV78kD}(;a
zFQ_=bxbobs8-vSBE~~0J8;;MO9Q4<O+3PI(N^ZXhb3m4a`HL<8G~};Z6w7=TtyA=5
z$Jm;@r*lu4#czu|J&?KOjAyni|Mr&Cf4n9C*IQ0o_4K7rU9;~Gi+;H{mUZcdSYG1n
z$Kvs}Rr_NXZ(O;wXfzWe+X%jMP_%6AGp{ULw_(RwOUf?pd6?tfj@22ltn<%a^)Jic
zTvT#u{lDD2HuKrbgXVoVEiQ^Jx&OKQ-*VxSO_v5GZ&|Ui;_36x##{aRw_I>e^V8RE
zdL}zK|J=)OyyY!;(^@u>KXT!+ks}-8Ka7uzluwT@OPsr5<e7LPQFqOcnon)te}BgA
zf#8Oxb2qL$sch|r3ttk&bJNC?nolj+zbYfPBr2P@BAzUJa7pv275gtumW@=V%AQ%&
zd}{UnYm#LZKbl@0cbb{m^-taK<v-l=)VZryH$S&x$L-HGmX*((eGr>4j@TL4RrS8u
zhiymQyEkP8vCLJ^t$ItvQ=h&#bJOUbVyDHjUz^?hRO9By;^mLs{7~lN(xCk<E3U41
z`T@4Uj&o0{fBM?1zMUOxLeDs*Y$SiAblJq{hWL1VVxoNdhs)faSgGoLQs1eqQr+r(
zSHzN0pV(UQ)Q+=PNUczOiiODj7&M<+zyB5szw$d)Hg&_idZh|tr^mAH%!+S+XyZ5k
zn7HJzomtDHoxgFB*8ue!D*ol>)6QJ_idcSZapS%5vbM)s%i7|b9!n(JcAl2Gv-jn<
zoH|ofvTy2{q9@mFVkkvVZr;S}DA&B!7CpIxEs>eI@{DIzF8}t*(|^1&|JN%|%X_-<
zl-azer@wml_qY7~HNW5R!|Yp@ZT!+J6Pq?9t{hoWm8j}TY}`=4=<2`8eD?K0Ec^4>
z4>tuX+OECfhDE^zO%LpTa7l3a=p9>kFAiQ+^|h^A7YECKdq(B=-+M-O>?PdWS>WZ1
zV<)|je~mNt()VS=&Mf__n?IBJ_&_i)&=z}X>64FqF(Y<TPfuIV$Kp5Lar&bJ8IKQ~
zf8S>_9~}sg3GXL&!r^2%-*i&`O+Pp-cIKl458R9n$E?^(e?9QPBd<&e+?p4A>Ei<r
z+;>@&6+08<J5e5P|MT3NKAU^Pm%oe8Wp2F%;XgR`-M7E*!IJ`pd&=&wF#m!3cP|P1
z%M!+Y%GPI@dB^Rj7Av!O`o?9Qy&Gz8iH~$GYkhP>=iB0)ooxg6Eo;0l-rCx>;sc+(
z^M*~q`0L*P!3VDiF8Dxw#!aU$S@D_oe{lCT!R{}eSpLYOYj1dPQSj*4bnML7qB|G$
z-0{!{7jGT=P2;T(L2~@`9ewLBsM-Ccf9KJ<cI|^%!P5IyRK=FZvObvA`ku#b7@MwL
z_t1MEIvV@V`o5*zk2sIUs?HsKmtV2u(^qCb{JuXujN|<Illqo@<|K?qcwoS>U(9<d
z9Q&|)avk-F9g8!Wiw*Ga*xi#`j=g4XL*CPI_J!G#*2ES^Cu&YKnniib)8ui+;|Olt
zl73%Z^Zk`SUxu)A-k1}=_n}1dW34;lk1WsJbW!lgyEC7?DA;k@CC!T-Szh)?-i1Yo
z;h71HftB0N`|HeS&*$&#oPRcQ*ADz?{iB(SOM;@RAeOgk(S<qKe95-V#peX=i^{fa
z*!j1an~H<jN$))A+2z5C_P4X+ZGCp4v9axe-4}G>81DYc1dd4M9Xl`EbKhm{`*9HO
z_|)Ryfd`&h5^Q}k<BpHV&WfG###08~^w1}k+|hC8DXn)sG_WK7ckj9B{Y@jETQ>6b
z_%oY=wO{(<FWz@k*1x@vWBaL5TfQW0%gu}VyvVjZIc&om{JVKE?~l30B_b^2y*GW(
zKwOWlnOu2nSzdH)@SEp7w>)zCU$ifp-L`DSj-Bi4-<b0(_YhXAv3EmbWBKD>E&J5K
zrB8e=^YO2)fArb1$`8EvbD57myMD#a2ZkSiRd7es1@}F=DOl09zT#^u&U>IOmbLck
z@S4Qy5MnxIHvGpil!J`Stn5XLm*kxEr^rrT8aw4Br@BO%Ra72q*mz~tRhzD^zUJCj
z)m(S|t7~6#!{)jhZ@RhumRq-M-PW{y$Ij;4?|6O7op<eOy?ghbwtMcqul@c9%GRvC
zxcriJ>nkq3;G$PR`jt`Qvdb&4a63vx6YVB<S>9>+r!POF;H8nnnJWrkcGk<|D~rx9
zKIh!?N>-hJLFt97FQV>$$FnC|&mQ*dvB}aeX3g$E<F>}!?*Ejjm0iMrqmS1))aPTt
zEQ0Xo#&Al7#$kZWS4Z@D1r{3f$;>ap@+vHhh50pDEdLhCzZIN^h5jvA_-cZT8BU>b
zTQVQjng3=irr8M&PZg{mk^C-j91HyivCybPJ_8H$zlg<jM!>8m^N(OL&A$hm&lK2V
z_$io1O*3n^Ymt$O#n$v;-NREE>(^jeiG};xjfF-Z@-!Ca-@u*1m``4eHS_Di%p*5~
zOC5KMKY5eO|2BA~V|-H~jEmd<7HsVh%ZwhYsmYI6x#rRe4u>f4o51)#+;=Cy;(1u|
zyCnZzlHViw?*Y>o1DVMpEPOp>?SGJ&F#4ET+g^kW7IRIb4|x?9>eOSQF`sPl?_eg3
z`DDv)1IMs%+fFRFqYwGrSX=&nFz)cf{9&xE4?ivW>@$}CBQRs4Cf?G8#{H5_{~XCD
z^Zcd%jbOeqA@_jk#%=cj>{#O)@5%V_ZQ-QPI5^X7`%SQ&M}H?i{K|$MJAR#k{?wm#
z`Aq**@;Sxc{C_3+vy#tg)immm&7aecY0M|*VoiPaHyZQJ?D(<|u$XJw|Cc_mg+BMi
zHI4fs7hqvN#~d2-$?P{pSo|@;>ic7qaXb1S#bWutko*~!PrqMdq0ygg{&UQPF`vwQ
z`v1|bna_i6{=6r!{pPrQruoEW`Rse<&l@kxF96%Qz?&~xs2^eST2PEMx3M*S&c$M5
z$Q59|_AkOx?bhTwu-Lv@z%~Zn4W?0tZ26dln)Gj%{5OJW>0)EP^`9jFnRmLox3_Fr
z-Ew=|_T5`rR$qD5o^4xNw+E}|<yP(5xMk1wb>+8Rbr)WY_@%C_YWu=ve{Q>|4EyzV
zI&YV^UBB!4mNX7)*4<|Necrq2unNreY87UsuTof)u0C2YuQJasNY&)|Wm=77snj7A
zGJ`-ta$mdn(tUOF_I9i8?kHz#cwjuYDAPRCzN3#0Fxm!3-nA<dt-E)%vd=7NS>dfo
zsyHh-G(~w?;a^qPat<FU%L@Ohxuy$K2~bvWmY0ruX`V(Y%L>j;B|ur>DVfT8{$~w*
za!8r~SwdELtE1(-Y@`g&jj04EE4<95va*6xQ;D#g!+grJ_yd$;S@V7cmwFsVQkE5*
zmr8)LaA|krQkYM5i-;GJJhcBy-4?uP<YD+Wg(!Vy^0S2~U6}kG6ApNJXn)>}(m2TE
z1#x^Bc-uWqx8J+x_KSo0r-n<p&NnZ`lVDy()bp8@>h3P(w&yN`jFZDv#Q3feEgMUQ
z493R1Au(n<7_(l+?0v@UX~uD34&s(yBFq~M%LfJ-*3e{*;?5Ri*LApAK7)m=#=`GM
zG-1sf8)IH1jBgU=O)&G1VBI0SSNJ2shlM8{|8J}r3U$~v;R3D!v#&6p4;?)7$ZN1(
z>6i~MI~=!QeY@i+teK{NC)Rg4=8XZ<%<sZ_pW{KSxiEhOYc6Eg>uNIE^EFuSa?Bh1
zS7Tv*Bi3(o{4T6{v&DS&cm7>^GH;k45`Ks9W5R2x&pT5Xd8zAT8^F|In{XjBo*Nx^
zBHiG4E7rF;=EDe&CH;BB{|p)W*;td8qMSB{g+8pyKak;*gEiTFj*8E}IiDETWb@(4
zZ#ukjp$_{#*?bDchvzi?*`8~K%Z0BdLx=r>Y&zG8&#jIb|7#tyZ{Fp&4Qu=<#&BQw
zN=JY{6B05XzCJ~UKF>w6=^t`F-^Q9Z>+~sv57~TJ#`t-xzvq|_Yy561{p0W_n?GK>
zh55zECtE(Zrw(JoSBgTP68MnKr=0m%_|V6>#MCc^57~S;r<Fc@7`#LHPRD$>+wGWr
z@?OV$xT97+E<gNThOl3OdERYv`Mf#&C7E}iutlt+<5S4+&%^pm$uDyG=VAR$$M45_
z%<(s|KH?Z(jSl`^_$R{uB+Lh6?u-7v7cN3f%xAlu<9HI~uX4<N)jF=nIy_(C&+#K1
zAHZ$kH#nb8tRHqfjcxzZ@w>6^cf23#1CIId^@Q+~j)$>6?D%P{zv7tV#J3!CoSAa`
zBdo)74e|UAK0kB$<Ucv)0|Lh<)|U^YHIDf}db4Bp(<a9wSU=>r3+uN^{$DxfL+d9U
z^P%-AVWzn+J{Yopka-Nh?D!(YwS=*qihp3_rRY<%FrR~f<9YeZo}ZsUR(@WT&;G~1
zO}PU5;rUE{4(s=lolkfjaX!43nE%g&|5^CA!v8Lu#kx2ho=?W733H5KKCeY99P_v_
z&3vBMD;@I~GR=HGsIC$Y&o!5SnafXL%?C63&tM()TQJA@>s|h@v8EP%wqf1qcn<4k
z$L!0mcN`%0eU5X$y^h&`zTmh3%r>RwJy@?KWANuW!ox{!!J5rYz8mX8$L(0Jcg)x~
zI<Cf=+tdGCtZ5msXpO8O17jC0yf1QNNCDCruK&czuFsT^m*F2+8I}xp+?h5_N}Fb=
z<22d+rWtPQG%K0!G#RUD){)U3v_>q(tiLhqY`j;vN4Q^jP?%$ZZ95`7E<7pBK4kv0
z!Y71zT+N4Lf^l59RJcO8O1M_ILAY6%*HP2&6z(Rw^Sw{_fbfv;VPTFVwk@v(#?!(x
z!gIpe*r)mD3iG?9mR};wYpCTXglmNBg`0$VO|@-1gn3_O`Mtse!Uu&936Ba-2u}$g
zBV)X!9TyIeXZbPV0^wreGGYE^jcr>kTqoQp+#=jAyjQqKxL=sxH?(~X3y%no3-kN(
z=6_UpR``T)PIk(l->tQ6<HG!nY0Iw=t`e>lZV=}0dDymX!kxnWO-b|V6Fwk3B+TD5
zGXF6$7TOWvY2g_%-@3v0{Ziv><QeCZ7e_vY!X?7|Zhi*Fd0IlaMz~(MNtnO$Yuk1R
zcM0>m$mTO3d{Fq1Fu%)d{u9De!pDS<3-b-BZ5tCV5H1$xykGOL6s{Jo6K*8)Vg+jv
z=I<w4{$Al8;eKI$|JnTccj%2rgvW&^g^vo)3ZEdm=Xd_Ca(geqYq-7#h@$`V|He^_
zA(hP;S~>nj7fYHk?{~-vS5k3$^r1^B(%hb9ybiB(Y16Afn%7=4(_4cK)vJOYuc6e#
z>7CRIugOT8Ub8F1Dm2r3HBzc~MB+oYN$RzNwZ1K`46D#gkM~fjH!XTRg;>V=c4JXJ
z>YD~I$&WZrFcZe#rsejfSa>K+@8e+AYjb5-g=X3xMT(pVb1^Q6-cnaa{c$X+$NLx4
z04Dh>juXs;WiL;~$J;fF?<Zi@>!7n3%V<BxLgulgE#$|0bDm}|<oA2{`1}1S^31GG
z$C07!l8bu8u_4=;w~khi81ht)&q};bo0;Ac<f~p8K1Ja*nR@wHOpnjFs+WrbKG&O>
z9-oO-ui#7^L#KyOlX?kHuMj5y_h)8${GCbFt1pb+WiY-1EG&y*xy94tc$iMF&eLlZ
zJ%pOnyT{Y3T0pPW)9VsFU{dcfPp=+&_8}MCLO-tG<>?JTq!W3pFQ3D#z6U+MPMoxF
zq<}MPzb8DsI7I5;L%lc_(;IPm$wP`x%V!@m)8jiK{2!QK1^g1`gthto%=2r9Uu_yc
zK66vA%$1G7?{e{D8J9)aA;%@NEDS0fd(G%WI|F{kOkci$UmpAzYl2R&HffjhkhXRy
z_Vo5ZFD`-DzW6Rn^~Rt_KeqEK(c@#8jRnBqv0VHOENp9LdR$9(FoKht&j1%9-})&w
z4aZj1n?R@EX<}HL-krDa*_N77{lecPxOClm_vM)vo>Seyizk985BFPw=j2!NWzL`Q
zzeM8UX^D8zTQG|&D_V#1@HXIhY|KqmZ@|^FtSGm$Xjx%ayf}_Jj9?UvCgMRR@9Bw?
zp8D$k@9+EhTYi7{A2Kh^Nc?z1EQaZ6)1}MK|KAlE=bv4Y8Ev!blojJYtNdBcQ)Bxl
z_Z@r7+}(Lkmz^?ub5ktHPXxR7$8sL#p^U#~L&xtDJIaE^iQ3wIEZVcb^`1E4!TpKa
z#?r-&H|BPKIgw}#vJ++TeX%S|*T#%C6xG(&b^N~P#<Jk_L~zsoL}Mc~;_-d)bK-!q
zvVEOJ@z#qm^)TQ*v2p7@x6j$l%c6ZQPXssaM^U_WANL8L&VBRui7?jgk7Z(?@huy4
zpNkTWwfneFXk5I%?2<U4Xn$)_yffTq*rs1y`Tb>O-*IjDjm!)AG83(NMJ#8{*vd(p
zwwI<&f5J9h986f7R^+8x_0pHIU4P=WYiu#5<xbzU?AG14ZmwU{wWPMb?3N`fc3i#g
z7jEul*$wf;jq%#r{Hfn!>TMJVX7s{;+k=?qxFl$7F57x_u;Ru|7}OVCeaSzjj`?Er
zuUOVdJXpIixFUN+(b6k#`pF;BuJ6o@Wxh5O`@OXpGj(s>hUt=xJIfl2;wx^v`W)={
zyuZ%4FbjTIUy&ISj(6g>8?OxF)tK{_QFLV{N|6^o9%ckZS7tCHUVRUJ=$R1~WENdX
zosBpL>y~ZI%;>CImbfZjl$n_*imze`-VgoxGHg+lnSuUXv^fa<@jknAdj_<Es%4FJ
z@r{|8aH*|=XjW1bQ%Et9^px4MqLHOV@rxGWpLiR#Mp{yc_w4!QNY5)TTRRfVjOCXV
zKNOEQMiN0X?=i_MYs0+jvhp&VfAM0RET~s!QAWIE4f5h=C-W>GIQ%z!OAbNtqEF+X
zOT%>|G)vo>e&}h*GGqE1(>EP+Bb&`Ze;nWBer$jLQ6F9msKYfaoen=3qz~6L`jF4V
zQiLUeg_dqxz8mDWwx&-mmP@d3+pDn9m``4fh5381(Eh75|KGI31&EU|S218%x|sP;
z#CG7CMjtZnZ^LbQb4E+IEz7vA`jGJq5^l?fI~unovyaiAFNtaCG%<dKK3ub}(TDxc
zX7e#FTDomdLO%7mrqPFNb%}#%>9*B&phgiEUi4@$<j?r%ulwb8G&?VNLqlDzY3Ver
zFLF&w=fk>C=g+l6y7Pj1G>hlO_`H~yS#QR}H7#At%%hK$*_!?q58wII$G!Vc`l=5f
zK<VQ?H%ROApQXcxMDEKzXGj<Gi}86eZTMn*IOl}%*xZvao)<e~ZsYxJ+i%!@@Aln$
zw%@#Kchkjd{aI@B%kiD*c~k4W&DWLx`SLx_b7<eSd+R+rg4LW(Ht(z1;rz1QyV_bd
z-QK>vDRNki^lq1yxn}c2OjaS9p*FwJ;-9acjLNd3oy^Z(sH$mqGk??iUAx)1^LB0(
zPt{}7uHD<V-@1MGF4u;k@Rhsn+S9h>uC^<8-PyWjx6NG)i|)MrF7>=~OS@~OZ5OX?
z+qD*lB6QofW?kDZeBnJxuqc^WTi&*d%@r1Hk!`?h)}`{3K3m&%-EK;4*KOJJ`m5`_
z<W=+1HS>#W>gE?;b@x2)>vy$zIh(g*)?^fTxI3h;;n($D*5>VPq2zz&6hS<O*&vH^
z3iiTt;%p!=|NIEtzyI}f3X8q{pX;Sdy!0wBeZH6G%|gnu!Y6V~^NBiTS@Zr<0Nd}P
zR3RuU`KBVu&I)e;QZ8BH%qC4=oJxSQ+*7h;W`#FqmSXw3R3h|W@1^yv2mS5FHFA6Y
z?>E>Dkd@oT-_mw*w>00brVQUrO(j6jpL2PsSI$rTQ<gRFZ4S4;A{jA<`aJYk+hdeI
zHN4HD0*`DSZeDrYOG{wM!++KSyk*V9TRyuDjMB@K@0p_Q3xciiqtP!9Z%^(CQ_<~R
z9&Ym9<kGx-;~dPlx-@S^@`8Bsx98(wx+wWu+ib}^%!2qZ)-<+c9%ckQ5vHPBqP(Ca
zc+#bLX6B(*pLXd;|NP+dF3nq)JbWMh%k$Eu!Pi}ym(x7F0ea4*i^BBk;O|^IYQKxZ
zxi-w=Ekhpq>p!}3-d^OPzy7mJN9Ak7iT%uq$}bN1@`T2bArJl4=3hnWOM)|8c@)pO
z<lk<L((8lOuAG<j@MxtjgsDrQcR|7+?d9wVlAGarl-v;PIX*v!7wY6y%U!Bc*C+p?
z#48amKX&19mz*%UCD`UJGtmVmy0qY5#2a2tw%LWm;Hn@ZTs#ac3zvr|E4oxf%!@>l
zczM{?<}M83ZD2+zk3?h{tBvpo;h4AR#w^WPD?a5Ba|FnbN6bD*=5~CfA+z6*m%4o|
zXFeRbi(>Lh`~xE|b^GOtKJ2qRfAg^uj-(qMzaDEE^X>7Id=>IS|Ha}DPWpqB{$ToZ
z1j=V;hmkFYFizwn49vXt@=+-^#kpAW&&EG6@>176Tyg%6Juc+q<mLIug^W<cvV3&n
zb>OhRV2<W5p$~Ws)~Au#Ffj5`*XH!2k3B->qtdKb9`nJB8PyBtCiC?v7tT}W7((Ox
zN5(+oJVfJ+ICG+7mf?;Ibu(Q1@H3GNSKm0<#Rd#A;`j%~HneR+f441NZQC-k+qRPI
z&gp95I^jlgCjNo7U@>kN-b?25FRTZPalh~&IUE1LhOror2#*U-3LhoAhME;VAso&p
zaz5dFBFAym&$cZU4(Ai`K*6e*?>L-K<T#v9<T#v9<T#v9<hWC|?Iyd+a5$gH@d3#X
z=M$lS(!%*fj>Gvxj>Gvxj;Fb;;~BE+Na1`U$KiY;$NVh8e8TxeE<c=4gnmm4=My<j
z(BE-5pU81IpU81IpU82m_=od}c+$hd`9zMx`9zKf=<hh3Pvkh9Ps9!j3+EF#o}j<u
za6Xaaa6Xaaa6S<)YBcman?o1QCvy4Wd?Lr;d?KFQuy8(+<8VHa<8VHa<8VF^FQTwU
z>N^hS6FCm&6Y&Ivh4YCVhx3UXhx3Ve@q~r*i5!RXi5!nmpMwW1oKNI9oKNI9oKM6-
z2o}yKavaVlavaVl%8z_FerGt23y1TGPLF)T`9zMx`9zMx`9vIaVc~ot$KiY;$8FT)
zfC}pr4(AiO{BS-I2O(HEpU81IpU81IpNIoBESyi|_y{!}Pm}q<7%ZGm<T#v9<T#v9
z#DNwT&L?sl&L?sl&L?t%b~(m|495xKa6Zw?BAswPk>hYak>hYa5k3Q?h4YCVhx3UX
z_fqrak<Wl|IG@PnN2M?PZyYW-?Zaydz00w<(}2kU%@Z1{Nlt_*{M~T$3;Hq5?OCR2
zH++TVrU93v-sO%H%!KU~Jr4DzcN<vat3uihSD=*Mt&S7Sg!Mp=-5`MlO_bDoGg$R%
zTp3oOS*#BrMNWjdIKL!54!aiL09f^ET^UxPncfGGQoUi(;}B|kLtxdb3sqA8u#EO;
zEM&G7Z6UwIC}VrQkl)kr@%NjqouBjk8k{~>p;>)@ij?X#A-yVcndkQ-q_kZ|&@N@j
zOJLzJXYG;&G1cpFK3Iij`~4$Qsy8co9PUi-<(}RI%Jzgx(Lbig?`^1F9OItF2Tba%
z^YnPlPp7xW)2kId4u2LOzsH0Bljr3jB+|8CwWrr9dhGwEcZa8U6zM9Io6(Q9-P0Qq
zJr0Ma*X8N)`tOFkP{;Hh^7N*mXXhpTO|Re6tAgGYp;GjZ>Aly}n}c38ToPC~JenTA
zvw{DU?Y9?t?$UwW$d7A&&x6|}n1Cg4owE4iNSof5JiUJCvE0n!v%fE!a0T_ESA;y%
z;|~|$|73iJq33Sr!Yxhj`*0#B!d!fZ33@ip79-E}e(CA)p2yvqg<G25F;A~U^v)H%
zfA#cu-{fv7=IL>M4P2A;IEu8p&6(%Nc{A$Ad#rTFgY#k3kM~^eQaw+Pb6?c2WC6cR
zJ-;gWrK`tPo?kuuio!ic|5*FI#`EidU%GL!!SmxioV&G~SC7|we!cLsTTeRLe)*kA
zt?z*a^xp3I@m?^U-upejQTVyr!FlohmFLI%#&mw4^ZaJum#&?^?)kBT>HPk|^W#0I
zdqkKQ-!GjX$7I@B@Z-IO8QYA@@8GBB*Ddg?Fem53WDeq{zu7+cl~@96E6ai(ih_hI
z>%w_d>C$#@!}IiXPwz9>h;zNoOfT2d8-*VI5^&@=$bC_dZ3Wk)-Hk>$OEOH4Yg9RD
zJ?I3yH{O7pQY_TV#lkT{HV+awxa&;>Wrkb!xF1iBNA^FzC;LCYCtHsGp=N!B{flhp
zB>mEzlb0Z0&&gd#r#mP8KK}&#HexZe{c^2+eg^4AEF7QtJhD)qufc|<0k<S?*>nG0
zI{ER1`urtjW$x^F;kl1f+!0Q^s0~Zd4v6r-VMf&IJ^#7C6V7Ux@l_1lm2FR3sK4;|
z($B`Bh5UHGz+?GBe!Q=w-V61=bKvu0`k%&zO~TJ<))JhtoYuT$PxF6duI!rfOWb7H
z7w#{|cv4A!xi0)^ws5!q*Zi||ZS2VU;fxq(PR1TP@8UDp;20GRlw=O@mp2PIXRzTx
z{4(SI54oRbEPDKH%#5RkxmdX7F=IbqdWBn)nZI`bht}uit$qA$>+^CO9$KH5#XZF~
zV%dsiEv16kch0+bg}>iI_>{u86zlMJAq$ZRf|a7rdt+RZ!~ODpl>6ku*EYts=029o
zK5!?=+7%6SI{BJVK73x{y%ZPji;J=4v#!R;HGhxv@Y=Os`or(Gt=oWmgo_6%vIera
z7ySNaMi7hy!Lv&oJdB$N%fsNv-{XV_*U3q;d~P}q3!i(|x-~hR2mHb8=lwM2#;w@%
zjw;r0$3Vqm>^ZFA;!}d_7F}_Y+y6<Dc$g!Alr0bk_x(yN?CRIMH97jN)zf23?p%W3
z1y0=jSmTZH``%r71ESde3Py3`K*b`9;^C#3=j&p?V3A}rLy{NRe;M}0d${wlRJ%1f
z-2dSR!}h*x!~FJM>e?3btg*LfzhLYw$?V*lpM{R!=G108uXF3D&1H`IFEjs;bxlUm
zKx3r!!_32<is&1eGey^(dc{j@R`xeC#~-iANTrPWFEqL^hF{hwdh(%%v9Akb-UMvq
z&6^u<`)&Gf+AqHxGZF;<W%d0=<}b7UkbO(W4|!@}$LC$K^O^BK{I27Ul|c|6A1H}o
zfI{OH;HPz~Gp;z*e#4r-nLaO#2fTS{TmUsa^-M{|#%FR<0?+c0bZo*-qs}q^>jvSy
z5c?s|i+Z;vH)HwlxL3elc?(7J*Btt23$59;Y5tm*Y8v&zX81EqZS#3C%zc^vLTtAR
za1G67U-GdC$2@#I;<^Zn`($bU<9-PWV2p=;R)35IA#?C$J}(_yGoM2`>&rARVKnBG
z%|8yNF+Yxl`9)aH!9rs`+59<_(3o##bz$1r;^3M_e=_5tzP)N;KH2i!rxT$++45I{
zY3cU+V%o&EwHVkY>0)4hx)_+RF_5jT&IQvL8`;|Y#kQ5k&;3v*4~w-qk0XuwWXrcc
z&3v-O<Hu?7oC6;k{mtxnF>TB~%sA{EqCa`D%Xgm+g*s&G!@RW9=ufu%GO*Q)!;0ne
zQ7r=t{VTChzX;1lEaqPYKH25-QcZiI_}T8<-q!Tz<=x_E3^eAG`Pz#9yd|J9pKSRx
zV2g(_SpHvtE&c|u#lKbjo4^+TU0~V^#a{v+?$6frXI(6QwkM7GWR4f~_uJF*uSS{0
zSuOsXCBF`A@$(}tt1s(i@$UfBxL-5tGfW%*NBfV(xe6K<C+lnZmq<QuVJv?Gn8tX>
z7QbI#i~j~X!(J%<P4Hp;x#sy+gypqZXxx@;``QM!n0c(1VWIy$SZL|?^?$oQ?u5hk
z;o9oX^N4N2cB{ZbW8KMo9nF0IxLE$pC^MaU@!u)=&EPl|>U3eDQJ-wb;$2`qA~1iS
zV;+lMEZi6Q!&qqaF$??ci=EMb-?rPT@%Vl9_O@4FQ{_#^PnA{OzH|GYw#~OcU{lKN
zCv;OT8(Vg5d;P*5*W8u-=~Zvr8(Z;fuM6mIy8W&#{x9LWU2fXFJ<UefHC@8$Jij8F
zo3|`ju=bL5>C2*AP9LB5WrNftd>2dI{jJ+E%Mss;faCK@=e4c-CEHZHrJ6mQrjCMF
z-`<2xBqA$d7D}FXFrKIRJP%L7KUU8Z@Evq}Ig<0YlLGahcYNn>F|SCs(c?aU6D^sy
zMXEb^8>9-%e|{&i-1$93a_4ssE0E(ee}@bFoxuO&-yr6v$0^I2_h~T)2)liWe6qq}
zMg2KUr0n^>8GLT45R^6VQyZpv=}Ou2=ku>l6@s2WU*B#|BDd$y$LA$5Wm(DLHp<Hi
zE=v`Hvcg-dR905<&rg_tB2@^=n)k+=X%5XP`_G@h&)cb#J^%Y4yriZqE1bouY2MPO
zEGxWZYnrzsDa%UU_D6YH^JXWozE`E3L0RE#Kq@N>Z)~hZcq793`uVPyN1pTbtp}|P
z)A8i{;i$YQxd+~mb3XnpZhPKb=Ar*=cWJKpaM0?d-{7U+=F+^u%)?CJ_j=_Ay!2CE
z`e~Qmfps2kiNEQU|G-QC)Jy-?rFnyuhqp`_)<8%z{+O4x`T5+8<>$C^-ZbT*|CV|F
z`Z*!}E9d!FhQCXT?C_>55B;0J!%5@CJ}*cFL7L0X{0qwbt4OL$E)1#6)L`%O!hsyj
zHO5Nrj)(zL5Tl~S;f8Uz!8?_J|GWgYNToS^Mq_!jS(34pGB!#k!)-X6yG<N&ixhH$
zlutNH-?^m)Hz&c4lv9`u6>JKBONDDTG|c8ohs--NXEx`T$qe3!!?Lm1cLI1LmT?ht
zqtBf)$|B~!Hh(tscf(@ne{tj!qmO)ulkt)$KlFFQWaz(M{O#_P+p;skLVq`GhW>n#
zf`$5gGIf^miU^(;zl$yOcl)JuhSTKukYP`kWYuwXe_p*@%%P5p=g;c6b_;b}n}qSW
z`i45LF3;0(Lugp93!*xPI#)y->Lel#bv8sC>Np>cvKh{YI-I-C2mM9l<@g7di6tNZ
z#F>C)Fas9u*KxRC$Kie*hx>IL?$>d+U&n>eGR?Sfu`nMHILCu8e;6P6WmvQ8kl7Sr
z%x3^#l;-zBR)#6)vk(T?B!@A({4i$6Va$%hm>q{PI}T%Z92d=E;S%9e;WFWJVanxm
zC$KR7C8;@cHm^U7ANjN}e#c?_j>GsJhw(cO<98g!?>G)E(+}f!`C<Hy!}uMC@jDLV
zcg#D2eD`*41sMnGYOJYge4%iKFi$h{3EKhNvfFd$VSW|XyaS{@+kkA}*E!GSvpvX5
z-MPuroBnJY@=^xw%)X;QE#t5~*|}h0dpZu=({b3Ij$aPH{4+!M@Y|gH{>@G#8MpB@
z!u7(p3G+0ge*@M$F61VxIV4e^F_P^&MpwFg#!Fu6#?>2KK4T}_cZPt;??8n0g+48;
zuj8=3j>Gyo4(scf=UYAxEG#^ZIN+>DcpM#9A<gd?F~3&$W?^d5rw(g2ADMLzj~DbA
zV|ct+X&8rH?w9eBm%1_bT9?n*$x9iCGy6_PSYPPV!umQ6>+3kIuj8=3j=9R`0fB}6
z8E+$A1?H0kf3uq$#_TwZ({b1ij>G;8=I|T#=l_Sj_m7XNI`{o&CLy9TND?BVP&+e;
zki-NgL&O0=ClMjqM8gkhv?v*VqX9yQ7HYHsEQJ~?Ajd;n+7o}=Q%*|{sGJ^8%jroX
zrL+w#pgqN2u!tPBEw=Gjix%~MK5MUM=9x_b_Iv-h-+Qj>m7Voo&wkdkpY?OEy=V3w
za21$+nD*%-*>BG~#a2##$^NVH55e>Y=+k%8AI2N8`6thanDW9tgDJ0NQ(nuayp~OQ
zE#HPbd04h{Jz1}KFqw^yK=!ks2*!Wt-wqC9qYjTxma$n#IdpD993ex8evzd=oBjix
zNs!Srb?7hI&w?UUVWXVBlcla`m-go(W}l}H%S85Hi+>2FT)C=TmQA@>2!u1r1)bX=
z4`R!MPO@C1AV4tXf=;qr&`Fldjz?22=p@Spon*OeA2#KJJXtQ=)}~y@n=BV}dM(!=
zRW8e>T%UIQJfmFDNtO#b$#Stl5KOtClPni>lI1FQbWFLRlPni>lI5~v(3A`EWVvi#
zHRVFyWVxW@F4u4zCNJn5>q;^dHY1*>c)DWR5}hw8eo!%&1+>ZXlKofU9|F3I$-545
zzU7UGuOSDWvXlK2@DIWGA9Tt~_Q&xL;SOxnXL-qf4t9hk*eGWi$zrFOatJpg{vtW(
zd{{#ko519ARP<Y(sbYHwn{iF!2t2mPDH0x{80hh`Qy>^StPBK`mx>5R-=4>VNXzq2
zg=9{I2oY>v%tZ`raxW_qA&$*^8Oa%^@*Gkv(%vBc*&sd`|E&+^xYmaP=*cr!=2$#Y
zAg~*W4^?FA!*sIsp`L7gXdt7HF|5Gm4dNfd1K8wxcZ1@sinl4=MYikJ4#nMy4=X;Q
zxJU76#r?f0n_PE`{h;C!#WBTvenj-mGou+Wj9{J_WoJQHNFB?~idz-8Dc+*^NyX-w
zQESIMGirGsb$D_^ctP<o#U~Y?Qk;ppl)UDdQEO+IlAC8nt-M^x<BH8QqgKZ}GirIR
z(lO7BT6qiQS&q-<nbGqc-b}gWcE#qIQ7bpkj9TXN6QXaP8MX2wN^YJRwQ@esAo{pD
zm1I7@AlKSM$aZa6px8V!YUSpcQOo9;QOo9;QOorzZ-e3$iut^O9Lqd2YV(?BMlG9X
zMlG9XMlE-!yxn9jY7qF{e|gsSgktl|sNc~s&x~3&&x~5;HJs!PDmKrIS{?JusAcoa
zsAcoasAcoasAcoasO4s5vsJNqW|Wf<f_Y}tuKmn2qn6Dxqn6Dxqn6Dxqn2NwP0Pm=
zn`cI?+&nXC**r69**r69**r69**r69**r69IgY+8$1=~1Ug-F5o*A`kIrGe@W%JCa
zW%JCaW%JCaW%JCa<#yV)Y@Qjl%;yb6zDMx^#YYssuJ|3r{NzvUn0L@;JN^%$9BVlS
z^A38;<{k8w%{%BVn|IJ#Ht(RfT(9hychFn;3d*sjVleNZw`|@)Z`r(q-m-ZIy=C(b
zddnTkj(G>Yl^>=YYa0gh4tmSx9rTvXJLoN&chFll@1VCF#GD~^N)*S)_FO+vajoK+
ziWe$wR@|z%P4O1RPb%K2c(>wxieFHCOz}y@rxa&m@gZf&CST;#+sFMMgd$ES=0jxW
zDaVFkmkh#Ou8`w)&vdLWINU#jjrqBcX|t|Cj3zW8hW}!N0^zGH$0<apSN1UFCGE`u
zYyW6pYygwYYZJ=j*ccj=Jq($oy;WdsFOIYwHlUQf7Rzx85mvxn1To8t>QCDH23Xsx
zMY=b8kJ>zO#0=Y%J)REeJL~UXv1xntNcU#%X~=bX4=a0|s>R+Ru(sFOhrRtSd;PI)
zjX=ioa=H|IC&AiYE7CZ0GEk4<HEi0y80>MKNqd|I#a=%c)AqJtUvKuPr0umTdz_ZU
z-eoR(JNvMAiOb$TWslQ`*c<1vw-5V<VUs{ThAUn6va!zQTAJnMkQ95LaoIb8eL7&b
z2~(^d#{xrNdY^?JhCP=;CiJD3=;gTVClcr%1J}LeI1>nSQ4SgByma6`ruiF&_)CuS
z9x(5*NDzBpaM^2w5w<Vuh4m=*%$gZ#EbmMhhJ1yV8Hqi<r=J|B5Mdqctw2nByi^f;
z&p;1<N&mRc4<Ri<?D6?!ZI3so3ZO)LL2P2L8+!Ol+T%4rZ{__7<l0^V>`8gU%AQ%z
zBQ53KjC?VqCC~-~-_x({jfcH$kkh{cY~088xDbY*n)HwUUXHW`v3EZ7w7nC`zu{08
zd-B|``1ej9{_)yE+dHlNWBZ9c{%)l9uLNmc_e-E2!woKbPok4Zd0F3LZ=SV>$OK-G
zu%0D|y?U3uYFyh^L5cNOf=%q*Z|%u>i`Ox{&mckUt#sMj4140=NGOZFzqj@fnUIMA
z+M9oyT=vGJ6N`VGf5qO@)}Ht`4EE+*+l<7&@44(f0DIzJRN4EPwTH+AUdQz2-;Z7P
zN^lQA{FAi;`yZc2*X_&epQ+Y1Bk}LIE_=<eC;pAGdbIafYY&kLy!PqMKR$0v+i^$D
zGc1_$F9w;^Umo&n|9H)Gx6Q*y{2K^8ZEtQ6*JIev{xZ($(Z6Dsz1BYLUGB0sK9sUI
zUfGMg?C~0>H~+47+2ecH#J_8ly<1)Oc<u58_DhiR@_JX7_ayA`ehSMQ$Hsjuuett3
z?8C;8hmP3Wd2oTt-aGlJ^I#?NiM<x+u|3$w8F+1SwS(qA_i_6Y^tj%Va2NF0t`exj
z@b}i9lR{acS0@R?qPGcpy1Z2d&OI!acM>-7?@5=vzrx<I{wafE?;l+Dx?zucw8wEG
z_P9oYYBF4mMbP(@K<qJ=I;QfTT+|JWRD%n#(Oxz-t{GK!&pWsm$=@E9AlS4#p&ykD
zp6l7#@>p4UEXZ)~XC>R7aGc;gK<~ck`Fi?GDUAG+fB!esKxO{_4PJiY<KJ2X;X@ym
zdGPBh&NI5X=Gk2PyEDPA;O=NR9NK<78rVE|kS|&ijz0I{pY!`iOA0W3ba*`Bl2BWv
zg8^T-dNcktgu)F4{Arrp&TJY>d!Dh#`$on?nSnup%+ky)-VOO{j+H+W937lI$T#V7
zPhe1KW^4W${I*GL`6H1?^W<FL-jIj;g7~GfaFu81VgI|ctGx3E54&RIh->dYc5_GN
zo)4q#ABFe%93Lj}MC2KYorz<=?C^Kj1g?mcp6BeF;p-R3orG_nPN>ZAbe9M6DzEbl
z4gVzi$77>9{Lyg}0+|rhT!<eZDwP6F;&}znit-^+6LUTd@3=~y6THg(^k#17247-m
zSK`t`iA#<rhP;)yxaiGjBIkyKQxmx#*hd=Q@I5+vVBx{fgo|D-sf@jRRn+&|)4{5j
zD-+qT?eZN@WQRl9&hd}>2Ime4<c1T2@N{Cyb<spNTucl)>J0>b+F5ll8p=6P8gx`+
z2gj9Gb;e_NM=L$CgG2L+OXHDu!Bq#ZC@402D$Jg%v8S@qGdq-h`+%yKCk!Zj)5*Vm
z^?qMvXwcxzS%bfqr5;qh)bq2;$JJD3dXQ=8=%L*#cpzhHC^wM%T0R~hM^ja{d;c=t
zSK02Fy!udK=g@Fb=U;aF*8cjVXlT&({Oz}kv4C$c&X0Rhk$Chqi{~g5%CndDd^oEH
ze7?}ouF$22LYEv54S6ecac*ZLI*;jx!*d4?+xF#67X@rbLmLKWJASV<&60e48u}gQ
zzxmUbUp)A`&i9@wnliTRhKgH5D-&<g;Xp>@x?oS`nyH~dwfSo%`+Qm7^(5<hzwgnh
z#g0u>`|+aEfRlK`*ZtPu`--F#^!+K%;=qC1gQ%{aYlBGxANaOD-gaNIK?Z+oxICL$
zI&jjH=#veLygkEnVxbYwT&DHzFAzQSvn-q)aq=$lc7!{6-pZ*8y<ZUS`mnC-vriAz
zd43eqc^>jC3>B6I=XWg1@sAn1?9Pwg`sIgJp%J@=4SvXz^5?_LQh8dkT0K=|u_<*G
z3v=$|S4%r^ZqA8zeOOgdx9qk8jEqW8R)%L`#kk?<ag`qbNB+@0qsn^1{6V5XKl}#K
z^=n2v@Y|03j-lb2z=Q!)Lz%(LTOB({Us#xM7<IBq`+eEP;sfer7ToR_-VyHlD4g($
z{*kmgygyI$S?|+4RXKqSN3$uEw=n1Sfjn3^l;g;X%C<+_mX;25Qu?@eWQ(1`vPl)5
zLT^zSegLc=di0Gq&(8EzRTNLJ?B|J3id0^Y8KExp*{8E=G8X167=1KlFW`$+gfU@^
z$DtPosw##~uMBy^q0C6MHR-_zzTIJc+-uI4<D$Iz<~XzadB)v@@gxTuI(jcUKl&yc
z+4qzD-{|~b?I-y$Mh0QvwCu$qaW58ktPkEJV?4l9I&iPw3<SJ$z=^pGg*txx3;QtG
zsE6<2mvOwo7mm07Z|-~f@WIzRPd$~}8BfmB>pI)&h7SqQkW-I%mVR|;(E5tiq3rc#
z>)u=+TKDq$oOK7++a@yu5YwRfRW{D`di>>#4c$<7YXypzIU%#ItTwu)E>v6aNF*G@
z%s%NFPhrLIT;JM!Pb?>#;elxF)t+#M7qUrLdjesY_LOE;g(g3pJ+!her}*+Hp3!dq
zXvCo3m1YK>7%|$ncQkrLak+nVG{ZCFnLu%QUD?=vu~0C-BP-%*IenlzQk8S;oz`f(
zCp^%WrX!p^^pD5F*>&FFEy1Y?kKPw74F(T1V}=V12#kEuTNoN~&A&z4{o#<!+w$Ro
zmm*Z^Xbxns@iXm?U<qZhin^R|KU*yn1)HmK>b$p=SCx&;4E`|^3)SX#1V?6Pab3=_
z?wnh$%5u&vSD}3<zbXs$&bXKMY4;^A?n(?kl(^`4BJVAn3GlG|4R7Asx#+Q#Pq7cx
zWHfSm8)B!oDVW~uG*-0g(c^<Y@L_h|*b~kf@gv{f8qcwjL8poL<2*B{=0X`;v5n&<
zjD5LoRqaUp9$C@GrqCse``sR>@r6SdIQm5gw?_xh%$6y#@Zj3G=f?3<Gdx2l-dGy;
zd4iWmFjCmbGXGNkU&z03W8tdenKix%fs~EMwl@vl8c5oBZ0#t|`&aVBRq6AL8;=&n
zkCow+HT0Ifu+wkh#sydYwymY3#JU_?)$?2qPDhwmyI<SgzoWDj#~qye(ZW@?dn-dj
zVow!zI=;?m%Bos5!CUyUlN@^bXZtGySZMI)(IU;`!j%JXKD#mO?5(+Qf}K5zkJi2U
zV!z<Xj=krjEn4_O3AWj!EF1Iug)ueB=P5jB8q8Dpm@jm3S7`8|&_%~Xd2fXV<#yKd
zH}j62zwDv&+GY$N9LRzZ=QuD^cktGny2ozyuGk2dc{SbP@vL>)9lvlGbjBm{{xtF8
zl;2gnSH|~1?9X)cj`|7%zm8@Gd?v$v-K$ftG3fTa80f!jU*hnT*DFqyIfl~4B<&o{
zbVlT{=$am9G;aFBeVL0hZ_kW&W|!I?yx(_Z>Va$f{bqEeEEIiiYj()ie6TCneY&zU
z8|OaNfx5eqHIkp~P~F|xWx;T#UC8YB%^!wEOEN9TC=Kj&>a&-=zSEZ&)Ro9Rl*qx7
z=)E`jUWgl39qso)*2;~J_Z?Am_5R7}WbGKw<VSs3SE*Cp>Hz^?(ZCUx4XPP{_jA~h
zu-`Xh_4$)Lo;Lz~iAm#UgN>7e@I6^R?mzFZH3w>*iBAk+T`ayr?#r6sl?i#cZ(5BP
z>(vXLCc)ltCTb<NDy4tg7Z{W*^2uo7#;v)x`)URT)}%5`%J8HMBzH0&UKV24o_2mn
zzB9%b8q^iaJrv409?CxTW^QM#(`WEL8vb77@4WkcM>7T=?^oHrMFw`uTj7RqAoEZ|
zu(Epdq3&#_%_j^<j;hnMo4Olkch^ttuC45jN4q28Zrh@7V09xkC~Kk83)gx%D6-Io
z&M#5E?zKyPXWiCv!l@j)Ji}Vfm&oW!_|Sz0AF_QuToRt2du6!0(NPU|*9+7N#04S(
z)~WxmxooeL^4M{Nm+&MnS>V4Kdms41?e>sZ8@_e^@vdz4o!if=Id6h(|L)3w>C0U^
zHg%8h{&d%lX-5L+JgMbZ*weLR<B{syFRU3D{bhE#e8Z9PjyyG@+H$*gZ0J6cdaVou
z|NOpmoMb$}sgXY4E#sOAcz#CzXlrt^ndu|-?xD1KqR5=P-{^NVYo&LX&(X(uV)jr6
zQQm<ZyKn8-bmY@jp;%6`4-F1OxN*kKd5<n0^lGUuYqIAbYkX^O^voDFsKnYi>T8=F
z?#eF8LI1%B&3S9bnj@p6S8c_wffj{e7ncVl&aQ#nqR^31g?621G%AuB6;`9-$gJB3
z@U1S9XjiSYZCmbJJ2o7dRhPpZ@n~0l+K%pzY67twIWl#>3L^n)q*3cWc;x09?1*;7
z(@WZR1dGsU$g6c98oW5OFx1wRY~{j=w%OwS_V3B@cs}sl9;ot0_ax7y-J90>P=EKc
zOo%sh|EbW<$FU1Xj6NUdn}E;myYI-Tq6=$$v9hE?EWpF!$kq~}(t%m2_YDm^W2#MG
zv*EXRD{h$bM!)@8N6&NS*~a8q0t>XsXbUXmDzKEp>9cMMreCacaD~3Nk_$L2t|x!X
zw--z73ny=4JU`1fsnRoij4!L$6CRO2ywbOKgh%>Q(XzIwXyOD4G<C<CTN8!LoX*u2
z#i_L@QI|M!eO1MTf#Hz7fFC>+)6K?kA`5%^1qO-w@Z8Msjtr~6EHEf8KR0ajAF}$m
z*0tt``y72q*DY(CSIQ5WJ8%`0z$}kzx+3p=0~QBvzp!dbtfFU>9sK)!!JGR<yBhE-
ztQSQte`K<6JZ?%X&X@MYRPE<{xE2dMM0o9&6WjTFud}|Jw%3cJVCeDPPwpi++QNPR
z-~&wKZ)D#3=AxJPpBMHv7aeq3r6;=PfUKmmT1>0pbdEM@lopw^f-SQ59;e=Kd39>m
z<lKw17T`0XslG`e&+ys4y>mQ=cHF;qK72W}pddUVG-LLV*vlseNr7-DCom{ly?OA|
zix1QUal&`%h~xhFf>59`+>npkKhaRZSnqv-*`Z-m+c(@cGguisFd;cxw!C#990^|A
zuX4YswfN<0u=sDQ47c|~=0^wQ1_r*j>QG52Tv8BDBnLsXBsg|TQAIeEUsM(jg^NPr
zP^c&;910eBn?j$S9lEUUU}a}88p;+&kNTpaVgCHUpy1nUdU~1*-wY=LzYhDbxW8(k
zZ|w-rqi>vFxN7jG^J6d1c%omlB!pkh<;|3V?;XtIjdHBvimyRQ-Vb9DiIpoXC)*so
zyXfUuXW>Do?6H^4k6L^2W4f_}!O<OK4-WkZ&X2hEha8o$my0rDZzhL*<&OJQRlpm^
zM!Fb1;m{6LAL;{lMGozVV*;QkZg#8*@7O%zQ<w3sT7Ggo4_M0=%uU0nW;6*sX+Uo`
zPt1HC$Xc{&(XvH}MN<}4EGk<R3JhPA6Bx6|dtX1S_cG8}j!*rufZ#=-lc)dsRqL0n
z4&|;-tPbU@pTbMOij`+%uCdd3FL~D|)=ybqvA%45C@^AWPT;DQ-utpz7xsOuO`$<w
zOKb||er?L8P|nvXHifdkR<`oodEI3jyeLOX=5o%IYx|ghDVg%_;*~jRzOiqkPNhhw
zkDcl3(4vh;`F^rh`?FR)7WUQ_@w$r_w;M4dCI=)YLr#+zqZp9&G9a_A<$zo}!Bfh<
z(t#zYuW;3CkNdK4vHSRIVaDNKy!-2?eS62@wrc+H@SInpS^wGPSzCxP8|D4ctl_Y$
zdIAT^vZ6#dbZOC)aOe^anIRl97jwuA=8(CFLuTm0r?|dAUkr!rI{}aS9(^k_5QeR~
zRZ|-Z!l9v<@d67UGeelKvr7(uqrN`Ja0aqJ`jF>PNrCCBano1Fxce$Epr-L$$G)0n
z>i51$&h^t^oX;q~Z<5o8&s@-&d&eu61<qTUSUF`SI^oI?`cvWRgdIzA<3Z`Mw@$&0
ziVEDQD8r44(7Mj`$Ral^B!|5(eTMCeS9${@?4Wqc+|@|Cf6eQVqnWqne2|sA3OQ!4
zq3&RtA24lhPm7OCo4l!Z^59#--PvLBxF}ROAQrkRT7}zW_S8P3DYGtg>i`+wxV#(q
z>u4DkCiar$WYdcS_x3mSXU{3PcjeTlb56N$5*#)adFK6SwT{IV0j{6k;Ca2@;(i^o
zABkMPW<=Iqf!xLY;!_`~t!+Lqd=2Ki1-bPLF1kICdwW)okv3Xs?ShMHC|$9t(a2Y9
zls)4YTr}3~dCcy4O7;{lxM)OS=Ymaz>;ukuQQcFA5NAd93#T7&E(_rL%YzDYnxOk}
zbjD=Obaz#)I(AJkc~#Q=bk$?Ajp1&4VSr?3?5S{f+%}(U^_$!2zJKCe4Bz_lqRy4}
zw3@mk&h=%DF{8LX{j|C^%2AwEhI=cQaE%i&N(Z9+yrQ;%^)~{mp%RaCamDkLzNYT(
zGVhAC4UcQ=hOOV@efZ?{-hN-(@xXvdxWhew^Lt<bhgN5H_sPo8fLLd^)6SvH*%Z2T
zcIXn^?!iG&M@gG)!@73#lVs9xGAouTS*-K5nNA;CYwI2dg0#1r7|=7<Lzq27>o(%<
z->TKpoBJ<w?lEj?->@O4!<WeKN`wz3LdO%qw-TQYCoYX9E~!im{h%K|xX9!9m>Rki
zGi6V5>GJQaN2k38`$nw}4ShA{+xtV$d9V8>?e;XaduDgWr*=kALVb-M><Z2}gwyoU
zaHnnS{a6895*gKRTsRmC1;g#(#E`$f5_#pBV<$r0N91zpC|=EpkrEiN7bWW2v1Ud~
zR=C|0PUPXf&j7h^jQ4r2jt)Rov<CBo;Tk+$XKqRHj!_Wzqo}Ix6&z`}Z{Y0C+Nq&S
zDm&vi!%MZ}e!zB=EU&u~ccWg-`{s-`re^Reu-}ZfEX<LA^HGy6iMDU+`C>42*z~&>
z_PFR5uU_<x?gl!6i^+alYcO(>OOv+6vUWPMJ#gM?^rU_9srw?8`-0JZ*{y}CUWUDm
z3xc>!f|E>TS0k>V!d<mad*Mx|C($s0L8?Ax1iY1<k!ZVDd23|xXlEqZ1yMTzFPg71
zbZK~x9qA}l2|7pRkI~Zc@Q;&H_WVoJ#?X-x_*=QJHrg2s?@M_)-gsEg<8)am`$;tp
zbZO;tjrx8R<VONDyC;(L9kTAza3K2Qxb_|G*6zje!VAMm_rslb!bx_&q?KgW?yYb~
z>S=p-GEo|s#LGU;d095jw6UH8eWCoWQ20<NbUYM%EA(j$udnCu{?5N-zCHTAm*zfj
z>wW8=x%<W+{lll0*8gDr)!VAyxOn@Q){OqzMK_*alR56$$DiBw)Q3xttoff~2R3iJ
z<GQW)-nb(3%VQ?IKVspb;K(mm?)dag)B0_#&)Gft-k&|Sd*k4B*MDWw1-qL@wcIp%
z@2|E!@!-Gy?#R!J=Ui9z_P&~TN97J&v!rh1@1Ja6zajp!8&{3J@%x8AxbTB_o^LPt
z!%wdXRL=d)?q3ytf6BAJEFZdb^_ZV{Gmm&bj9xivbnzYkaPMy}`;R|A_M>Zm79Moo
zOYO5O{_>qwU7e@@{iVnMa%A+7HD4LI<K4HPK6LYq_guUE+0`F>c=5pJpZZJdd)t3e
zvGR+B{kkTtxMS1bHRjLy<-_;>?3yR8u4$?NAFqyn<>mjw?^<QkF_=%85f3pb=j*k^
zR#!UDrXw!7*paVCmD~NI&o05huYWO=IFb2k53$y!3vDd+CEv%5-N$q1%eMAKFKE-E
z*Q(O!>?W{m!mKA@)|If<Y3)PKV~Re@C#>^oW?hO-xngaHev1z4R+#lGtaVt=A}>^|
z{n7gWJKUF_ec5E&h;KS?P|0=PRwV~|GFc!5es!Ny4`T+_seGM349=ktfpQ6wcPs?V
z%b5GAUxCeh#D(}qYz)2ST?#q#GUhUtI!)O46>Z8lU}K=1%)UhXTWw7K5jN^lrvsar
zQW5h6FY<j#{tG2PpydAv79U;&;~RA*{~r)D(7uG;${xZ_`g5CAqCS~zMERZA7Fs@p
zn1MQE)-QEl!N&Ha`~)^BZ;#^B;CyV<m!D0eeh?YyKjrygu~Pt$I^nk)eArL@60qox
z0^`rfd0rFwXeBQPn@bMpjioXI?U3=ULUY`km7Mz-q^>yjd2BsjlJTjv<1=Cg+GP36
z$JmHVu`y6CL2S;4fHoO3P=`Dk8|&d~*ys}F{8~jJHp;uOv5b`e7+V=O%KwawfpRkE
z5XxC^43v}UALTVlPOi7|?<qN1?DJ>F7-)w)88Pi#?!!L>%E>ZzMk+a(<0Opjn@Uc;
z#LB;~<m3@nepJcH(jQ&{(<L7F1ekRa#`c<$^RZgd|05WGM!!eN`SofB+969nk*{Y{
zep>1Ka3E%(JQFPTFHrJ;lIMaMs81IA7lXxrKF%w4<R_S@PZs@rrC*@rMPLT%lVv=P
zQ*xt#f718()eDw^vG~BTE^Ws)VW3SipNbD-i(zA+oXmbsJC)cND3>6|x)}oMFqUK0
zf;oO@bD@pNU%|#eJ7j)cnsWAY2Fl3^Y_vHX1{qUc2xc8JJyOXzCrI7$rxit?kI0Ms
z8YPb_Iqyq|eifMWY8cyXU<Mvnf|U205HJs82I`Rch!pcajg5hF@+fSSzl@E6a<Ytz
z_bEi6oXm9s^#>~-$QN2U=gjGrS128_l=prxeWcA+C10!L>y-SfO1?qK9|bee4q5u@
zH^A(Elz$7%W6|e!FwgbmU0??4NRT>YzhoZ9RHM$>`sc;iPn!{J4Adt}{~SjlLT|^q
z9C99uF#~nTJT`4|9_2cO%swx2&VLNO*_;A7Z8GMgcFa2$8_Pg$R{Q`MPZSyXKOmO!
zwu7a=={^Io2~t<Hk>ar!GteLMI&5KVzsJTvIa&J2DX^UT_$e@LP$wHK{e=BW<U^GF
zG9?d!#m*Qo1MNr<KbJv3TZ|c~LzZKG9?a~NufWDN9R2?iHiq78vM<plV}{;z*ap;L
zT#b!3-D6YMD*uFi487U83Ub<EEPk>-u#eGZB{up&o`G$M<t2!vf3hq&R{khrImi7w
zn1RP7OPxFimSgP!OWt3B8G7@ReT;rGW}psP{JfMxgx>OU?ZLc^<+$ZwDGTeb2ph{N
zkM7V8`BPTD2{8lZ<nypm|7+O9=GVdWgYsS27^qJc{U3rwe>Yg{zX+DO@hz~7FMa|l
za`sR0nSD~)<wmfKLC)c#zZ}eRo3dDarq_cRC?`w1JgoFLf;rc*EStf(mj4mVz`W#s
zh^g~kupEo)EAe43So+CPFaz_F<+!haxr_1>0O=3!Qiwpg1Q~anUwAym4AddBPAK1k
zP1@pVu#Dw>N`73)Pl0d27RJVPBLi)c#m{MA?xK9UlC#cvOv?EfuISHJ^0`WWr;;})
zIllnHKs#jCE$x0D%w3f8e8>8sT(={VCP@9vL5ezzCGT9YwBtQ?zp)7(g)NNj+t@^Z
z8<_hk--&I4<u?%1F6FgQ&bQ3|mH}p-d%%;e{NKU&Gx8q+WX{p;OJ-jBd<rbbH3FNL
z%(|rxZ^JXDUVkeOgD<2IfpRi!Ql0~ru~VdU$kJY;z~W~_$;T*tvh*dsdWV6>k|6c3
z=N#_qO^541nqbV(n-1HBI*b{5)A=}dBFIZSj2U{fa|PtoVJ!7f0+u;;449#}ykCZ#
zc^OOIbzoV0Zv-<iFL?^KFt+2^uC*LOMrkkiH8NC8US8`-KPd%En_ka@S{<^qsXVsN
z<5nyAR51Oe{C{^W!-TQJaeWb(<>F)Z474vn`o;(dcx=WDz3G%eP94S!z3CJ}P94S!
zz3HrjoH~pds6&?e`6`(EDc_*vk19FmQqljGlD8}QKZ4mVw8Qm=wBvTLtSx!&W1x-%
zsgs8xpdXA`b$^RLP&fMYP5gY4LIm0&i~KuaDKC8!InNOc)F;b&vP1DNz}eWs*j~aW
z<>GuO%zHt?{<HLf&CsJCjO9G_&tL}nK$dgsGhnHcT}u9MU<T@wrSH*CvH3c<02_Vg
z2iFYLCrjCL!BQuAO3qJ8M9$Ybh<+H%Ks#hPzw3KYMgjk%eR-`-TZ|c)SAyuQhJZSZ
zi?M~Vv5gq0PnJ4)3QRXBXM4$<@GoGQb9f(e95&kF`CaOS<-O3#gW!PW60j)~(&b>u
zy96xPr(Xd}-YsC68y^RAe&n$ZgD<oEXRw@ed7k3>ggV0%^IRkHiC{Uu+y<7s4NATm
zEOq`hu*`u^fyE9V|Ccr7VX%~u_mreuybmM&c_bLSO!@h`HEHWHN*+`4Ym_{$<dc+~
zuV)iGH-Q;gzhv=wzLFaS{4@RGEWc|bzbi9!d4j(~bKSyubM89xhhVVxx`ug)C3iQv
z_F+eDV(yv3n#q&OdX=6jME+SfS6pA~+JhI(JH}_tTjAOT`7KL&J**M;ZOz%;n?3wO
z%#1|C-M#!c&UH%{Hzu0qO<Xj8e(e;OBeP6()iy1iotWJ)ueNE?;$95!R{-GgXXdRu
zvm_{FYPZWc_VJzkPS!K`nM3!r6Y}eq%xPNL*vHQgVgIDNm&|Eiv~<Zd{Ot6Z)|G;5
zC-$JA_u$uuCeAZQxZd47w&l{4ZdlT=Xh|=XbA~lXvDcb9L)Yb5Z^!M+(6njQvu4a|
zS~P#<Sv*TAxsF6n?w;MSXpXJqzN$d$xJ+1QwZ_?eowjJfl3p!LYDhFU&s*ZSgFe=)
z()BAEmo_!`y7$Z;+^ZXBs-1bDn#5hn-pU{R>Eq|0P<if|Mt&X$yV9o_vxBvroMS|y
zCKx5MPKm@dwHUFjcuYFUc|g?lq>?7nGm0|enocB(Yc7!ty-g%$U*EHcWKGQxE~inL
z)IME!>^Nic5Nl`79I^*Bede^GcJ?x7^s-m`!M01A2$DlZWlYyd8<6MFI<q>?IH2~%
zwtbpIy_!gk{Jy+NY3Kv+=z2)^T3W53Gh6TU?mnGU^MR_OJ|+XD;hqU(*O}w{%tN24
z<MLil0QTp-8kT;3Uem1EOYdHSMZ%n=ix<yZf_Y&DW-PptWzmxPORb3&%_FfANhKPa
zmNv=~ruR6*yj>=>56_vU5}*w8aZ*Z@VJ?$(dRi)B^m)rF6*4@ZO(j4X$zN!4#2KE?
zx%S`gO3!ko6Rz|eS9+c+y}*@T<VxS=N-uV$m%7r+T<PVm^xdxX=UwTQuJpaG^nI@M
z7hUO9uJjsL`b(}fZ-1mhhG%^$0m|?^=t@82N<ZvMZ*-*}aiwu}p+bgP!lwio$*(3k
zvJA5v*Za8~PlXI~Iiu6OY)FL+bLpegynIN740E}n)4Uu>g$#3Pqtm<$NQDe@iKf%M
z>`H}Cegp5CRAqoNJaJdL(v_a*N>6g7t6b?DT<IHK>CLY6-?`GfZIlWbxDBs+D0_=P
zwcA{L>K;Vqg{=gpOC*7q>CvvVE&=!7?AotqMDDM5?bkCD_v;yjX+6T3-sH;vZCCmS
zuJk@v`k*U)*p>dREB&e~{U=vCQ&lki8{kUwhK>a8|CB2ob)_fTG|QcfU-Y}hra6*x
z@#{WwZ2F%}dXa~Z?@6Hj`)&GH;9SpLo`+ofdDBD!^`Ee5-kizxEcX11Yd=3ckU;&P
zxYECHrGMp0pR{RySdxp6X8-EipUJx(Hqd^qE6p1<61ac3O|u{7qPJAoG;hM^dOq)&
zWz(ZfdZnj1ZU4QVHk*!^{r7pEuxZ{r%Ed2X?6PUz9M1Ku@$9qdGL!z2hwouzD8!bF
z+wJ@U5Cd<n=Hh(Q&)!hs&Bt7vZ!WTF-ki(zJmlex9tPfs%f;>1i8jp}F}b)kj~7NH
z1Ix?z5lUcsjw^kqEA5%Iv}w+~+vYVbb$*9$@w~;$=QZ<}{HESCdDi54OXfA<I^6se
zp$GfsG_I6i7fk=fTl-sn$Y*}7Z%%VfV)<RyFY`E1J>9}hOPe9YZ}Kj0PAqA**DH44
zw0R9TVClBFan{{Smg8b{-rQNU7cH5!oWE`iVe`^7IYo<b-(%L|yBnGpF%_M+qS0hu
ze)nvq6SJ2ynzOjkM7X)sL};3a3p0HL3Xx^jT*87mCPF4B-N-vGvlcC%<p3_|uqR!}
z3Q1ieaZ#HlU`kymA^Ut*`4?E_*rhL(un(1wVwqyFIE$CgrIPEa33@C#T|w!o;}E07
zT$6Iu)~tqkOROQe!m`RvG3Q|U+>GjOUTzy>^7QMIZFjxR+3Q7=<6UpNY)zbbxzt;h
zlyd5_$6gpY>M5~!qpxCmlck$9motv3Gp=DAaq7Ya=`*iHthqCH@Yw3Q1Z~hTXEAGc
z(UN<lZJZ{WvlPR}3EnAAoQcRg)e6belzh6w{VBi2VgC2daM<LvCrquwRiL-d(cv5*
z_IXYa=3XxiAQ(HAneNlRJ(jU=eKz*(v9x`z6y;c46$%Fx7bxcZC^}q22uBo`lWjf3
z6pts{x{8ynZxa<)k*)vLN?xm&CZzsZByT_bLzsz8Y}PBDt9YT}2C~iDsN~IxS14{#
z4D@*I9L*+?-+nRjTlwF%mu1uLw>fgtF7}eqw2Ni#?Xyj7e=~Wl&nB;}!#w7-^0T%n
zD-6N3DJu-Yw5j#81Zl6jeD%_C1XITI9p-=U9S$40y1ez)D|y0UQ})>o8~^7xZ2X_=
zu<?JM!^VHhlz1<9<mOm*ondU!7=p1`Z_un|z4IM5Hm!YQ(_Tgo!*1_FM<+<Oi`4@1
zosPVaY%i-#omhV&lxyGgJW%iCHNIIkzFB=!UY)nW(dU1!U2m8&E_LL_j%8!Vvaw^?
zl+m&&qh(V@d#oVsTQ+61Y|3c4uQHaayfMYbPd%sAV<&>~bD6`&&nAbBpO%fEa~-+y
z)A}5Qs82s_KW8rKdxotK#-C<NoDajK4;X)}j`7Fp7=J7qf2?oDAIm}5^4flD>djun
zn0mX1M{=&Cyq|YCf=K)?S8VFd`ahm>Yd=n2j(-Rfv3XY*H1A0kJJpoiyxc2u<5|mV
z`?D$U7aW_WymK8k<+bf@%4_WhX@8KTW6Ep$BqeFbwR5}apY}v)>iJ$LuQ@J1!9_5~
zZE@Hf*Uo|Fxb`+t5W8j0F~_y@p{Zv(7nM*)`*V?FlmGQ^y!_2<>)+I;_1~21JjcE%
zmo1|ym-c~$ut9z=j>$CcWu7$l?QxBLJ%8E@dE<{|qi@;hTQ>e!Hpi{!e>+#(Ind;_
zZ1P$*c?UT9rj2ZWIHPY^IW@iO9eu-g9yWf~J92X@JNC`7^thYu=$K<!AI!0=52im@
zogh?Y{F?q?bqXoB>#-8D?Y9wfJ^mq-V-t>%?VLYeah%+Se+Uz?d9BY?WP9tdnrz2-
zE%~eXhd>vF>&RArCi!9fL#W3lJeO?iaG~M`#f^%a6|W$3CqfH0?-GN!KZS8M+~F)T
z+JaTYA(w~#S%G+<;ylY^5r4{Z5#oF@FNhJyepR=$!@3-ajXG>+vftJ@{m+9Vk0E9i
zkiUiahn9~Zeopbv6+f?-?aREyi0KNs1MxV^al{iW??cQqbtWOc&NAh6i}EJK>~`b>
zi06|F@ehIQpJvc}sh&D7BDoqHby!BSpN)*L4jXk?mcO&S6*0?6`3A(#kde2)Wxt&p
zjSn!$WB!sl;H%M2$1ML2F~9sHa(-b(m~Z3|=9g!L`EZJ``J%G5c^Pf8K@rG)d)+Y{
zOnurOZJB*wjAc&6*I1s2crqDwkj1dyj^CTD4!=Ce`lSxbOP2CJZRG*PWIqQ7!n4@u
z!wJOyVVPy>vdl95gbbV6h{@8&{$O=_5dYcoX~f)U^AKWwk(<o>GJMM(nM*i6q(J5u
zj`)xQnfGcqR(LEkCcttmo=*6??yR$*Vu*}<2x2q7Ajk)s@x@MS*$?{+mtxC<oJq3C
z=TM%7FM*=pJgV5#iIu;t<fac;`Hl1$%r8WL$1?5wPsL$h%KjCWCnEm3l0Rel2Z(>8
z<i`}BQ2YnQZ!12f_#?&V!6zvre>X&!V?}tV;-KQ;idn7Hk036!%!m0*AHD(t1hVw=
ztHIQ#@1{RPhxJdEK0L|l@FBm?kfFmqOctGKR%bq94rAKn!+#tn)Mwu&OP^`Ba`s!Y
z^!XObk@xF}@3*`j@ftGhu<wz@4);-?4;1n=Lml=vvgkZvb$*QaA1yzH_`78253?-#
z+((;y81eg7Cy1CVI=`lz$3^@b%m0P=w`ABXuq^uANBvB+)$gqirar@>bAj!X#fW*&
zocfm_9z=%C66ljfpZlo8hamYN26fo(WYOUmro0?-vdlSmQjWYeh+C{q3_4`d;e%<+
zJ05bf%<UT}N8axt-emcki2t4p{W$c=;sf_lpATj7ONrE(2pzKMJZt4ukdvifbx@AH
zFCp%-ydN>|xzkQH^vPm}`>4+cJr7x(TIi5P=eU(mhny_uHGVOYHtQfK`!QcJd`LNL
zng?*vC&(8d&Ll&BCUnSRpZlnD5#oVXrye?F(cwPo@C%QZTAjJjA&br=t5b`(#_~wS
zOf&Coh^Ld`!$RaGOWqY$-T*mS%F;?X@_rvNzqCny2=SN6u+s>Ave@B1>J-4wO;(5F
zl`J~Dtxgx>|FFylj+tiO{fK`;hW!=DOP0LcM;$&;d&uf=4j_vT=Z?JdoQDDjTjsoV
zrDE(hI-F0=w|og=rt>&(5XgQUhhY>p$~o7O{qTXI8e1MFx2cG~Y?)u!@3Q=J#QE$G
z(4qVa#iJE-y&^i-DK4~jxE@4x7@b1wk60dq*v!?i&-u#C&)^EMnV-Qt?{oan{*8zy
zTaH1_K27;T#B(gyBEHjdBjUxD<IrDexeClVH;*R`1hW5DgU%cXIqS;IfmXgBX&&n<
zi2sue9V89=Zv!Cw2^-~XL$d#K_=n)b@hE4TkVS5MKm)czwgda}z`GE?WSR26SpE>P
znH!-q1oFGFQJ*^ZDqf@bLB)?K-l7<889QtT(=M>N0{huEd2BcYvYbOryFjNEI&2U6
zz&fw7%(>H?ACZ@JNS67H)j@sEsk6z@VI7iXURq=2tV6Pl<p(K8UalD*vivCQY$C%B
z>y|9zi1kSQZzBE)89I5E#pW-q&ijZDTK*Pnn)Zc0&#h#!$u^+Pml5;DV&nkgEHd<Y
zZY7I8+le|{5A)#~@?gY#xdiot&?n1!;7ZD&!#2H!44ne#ko}x^5oTI>p=If}^Q|1i
z+(Y);`ys5yybGMR9c-CxZQ31jvYAi7tV0~$=qKlsQ4k<-pP!9|Fald1<ZNHEpP3NC
z*z)|&ed0mn2&K*!;r(|wY_2Pzb2*YM1NF-hqo_uoHpzZ_uY>!j!}Il4G79trVsk8T
zJD7*bE5knovcI0><e~l)a1}P{&_3Cpz&`};qt0B!tYYf)x9n%fMBqN^G$U>xLkCI2
zeoj0H+((@U5Vw$_!#X4TX#j!ysIwk%8yPxzmi_Yp2%E7{&b~($IjbXYfaA-T$x-}6
zcnurnrx5$u2f&=O&0Jx5sFJfesl)RLO^|urW6m#N&cUo}%GrO-c!y#pWMm$LVInr_
z1d;xXWmea8GW1!8WIrnk!PG7E>1Q)G>Tnm?UypwXrrxZMsUPUD4$1!c)Ufqqb-sZ#
z?c^aQOFchExz+iO)nR>-{R{99;c0B5vzrV%!w{4G3-J$O4>r;HIT<=Z#AN>>{6jd1
zO>}-``S*y;+8Fu;mi>1E5PGoDPN8N0U6eX6VW7Okvb1{!>X&l%YqH3fAf0!iv&Jy>
zX?dWPFGGAWnFAbwEOV@BU&z^}WT}7C*4EBc$eFi4VzTJ)R42#fkfsjXku1KksVHaL
zkwtzU<>mN?K=wBnbk4<4Zby=~^1z(8O<CA6E&F{Avn{DJ1@UEM=&&qg|5E%z7=ev)
z`cD>l#L9UbvdG6;In0_DH;KH`%Gt-rA~$^=_UQ{*<kP`CF8dN$%FgMS@*rZe$W2{A
z&VHinip8LQA!4%VudwnG#AK1LvT~M*Eb^~dIjfy4@=aDALrfMq_40C@d0--$Cx3(=
zV5595;ts{RWazN|$#Sm0)av{@;$kv%*cN2zOQtPglRj|Xp?%iz1jVNQA)f)+jg-R<
z+m7sChJOgP*qE0(+{hdsv&qnBo09!a_=m6%o9IxF{3XO+AVWXTvgo%`Zgr?feiZS8
zWatmEEc4GsrL)EAus@KcpR`+f5HVTme;b%K*&oOv|7Xf^+&ze&CPSytvaB~S<$3bZ
z2!jy!v&^!aad#EKvYd-e{X?0%ST%Xz7Q_!*{uW}ElXCJ?mOBtXtGE&K5_L8sUaPoG
z@e`JJBHpI>H<n*Td`$6B+K=HM0$KW1KA6Wk3f<vk=&<jR{muA?z_CFc_GOlhT#YzR
zhJJs`a!#2<xz(W_nPs`zGQYbv)p8x;TP$-8&NTJ!K>Rt&)Mr}kaEZX<vfq-WES&nO
zb2nnvJ9!i0Rx<S2c4R5nTFRmGb;N8B@-D=WlcCRkOBQ|8m!Pv7vJPz2e-ZI7$j~2R
zS^D`4N{4#Xe+%(zWazUGlSTgx%B>Fd$h^<`J{kH!#AI1Vd9Y7(%>7vCUj~_3t3ba1
zx@12q1i{?%u{zXa-Z6-I&xrQf|H=M)jJmm26dmf3Z$x~p)n~sT`#<mKU$1niM}5=o
zmU$m_IvK~}SRu=JH0yBabFE!(b=cp?qQiY+^G>S+Qy#L6+54@0Jmh4l+XpCzeZB~U
zK9T<svAK4GkvR0p{^bCKcB{ktR2*Z}-;4N%Wav+X4%xrLsCzn<&OWPCg<WLvpWp4I
zofC-7{UzAp_|W&4Rw12-j>k2vsYCD=pkK?pmOra_mf{79mnv>n%r>T-k%+IbT!a0U
zmg)2Lmf1c`Q~xH!JTH?eXWB60DVEuWGlUV}YI!c?GcC_XY}Vee(*QZsw6hTLJj*$d
zo3RY}GRT%FIh!Ysiwgv@jQxATwDSPs2g%UMv@GLyqt)4hm}8#$Pa}SU4E_F=Wghz{
zrL)WOKEyvDL!a{xS=O!{l*1-<erEYN;^)cG=lnzVe*ymxUc^Ry>YT8A3i0pB(8n(4
z9`9TLLJv0TQ|Em$bcR@#K4$KXKqq+}4IR!iS*TMPBjz(2=rlpbYa7}LLWk@h1VD&U
z4xJT<E6LC)fSfGr#(JdlF2X;b(-vgDnB++-|1M&4E`xj*^8J8zz+H&nvV02h2bP&P
z1Dn|4afJCjWpWI0iQ>_UqxQHl#8+D83sI^pC;Kq$@F8{6hr!da-}GTC|E$&DiTF0l
zYyz|9gw6^u)AZ*~#0xC5eVC@a5%FTnte^WW_Xn@BybbY}$>Z=3fh_&`@4&Rfm%f;D
z6Lc~mBg;K@_A}<~kC^OViGK+Hg^hW6J~8JMFzfas%AwDGOZIcnAVgUIkY`)=Utq+}
z{DZuld(8X;o&la_+v{D#O!HW5$ImG?b2#Kbg3R1EgMD--!~Pb>{@1AwIr}hK?)&|#
zwQ~<*bFUsc?8D|>{e4c}=WX5~l4Q9*^OBVpKu(r>gTJ@(LdeOY&(GWGKVO7%85zgo
zd5tXnoNJ-HtMLzk?1w(XNNjoI4LbK&tUOFP7u^WtH2rIgI88qvqP%MzIa&1SYu-@j
z9<y10g6W&F9|s_4`wt+Uhl(mj`M#=n1j`P2DPl90!JK=mtekwaVsn16I_CUh*_>Z2
zkGA$PEjaf!A?Nx31}o=UuiA1o?OVPD@l+)@W32)L1hSle6JYwxv1P^@nCBhdCZK#N
z;s(n+?=)HF*u2{^&pYhm)IW~cj6v`^@G2|kIe}^Fu+Gf616+W-TPUw^#vNJ4%ONZ8
zkC^N~5C0H;gN=4r&!@@A8$e8!v1!&|(Bb_{a}U$%n=uH!6Y_D`n3v;`EdB6O+N{Js
z1hOCc4D9Q9*BLY{a&#9@-b6=E7WtPb4>~U(G3B-Vh?0Lp@e_*8Sb#q3jBQUl8xW6I
z%&ts1>#T}=J^mq(<ywhzE_K=we~t{DOv`ewGC_IJ@zcz!&|#gErJpog9iFT2B}0dG
zP8K_>C=WVz+Q=bioo~u(*_7AvV@l`Sigzf6s<Feems@6euTp%YWzN|(icNopfhQqj
z|E51=(?7x6!K<vCyw>v5h<91;K>P#pB>Y1l`~3zz9f)Z27l`+fp~Jc*iw^fu=Ox64
z$<Sfll0}F6sKax}Yh>uKZpor!&M(k84cVWq4*M-xbhr-4!$h?k@lM6xSA4$L(YYM)
zK*bj;{<Pv!o0s!Y#4^`B90oiV=OMUjI1h3&FF~H1m%x-ywK{c(Z?QZK@`aX{Aim3T
z81feKWc))Q`|C;eUNmfO2Ae(x9o9Kn)|1>v-~Ji#qn6p8|3HR5>z^$8-=-Y;|Av@#
zM`pY2B}1QWK^A?}rqFpEvSZk&!?qy%2jCw9_t6g9?N4Or<XM(A<S8p3f|x9FFUn8-
zVUUqUo=g2I{6ir7*Bdl1&dMur*4QjF`Ckz8J2d24#G@5ot@t{{pHY0JwR1J%m}S1;
z=Nd8_8G)R3UmeHd%YMvw<Z-dT1{-~dL(VjL2I6U!`LdsdWZ29^O!n8~9|EsQsJ|NV
z7s$}*Z&~i4nfU}d+aWjY3mvwXX<we`5WbC#c33Ce$U)TW9y0XVc4YbPM7PypoAi*O
z!?q(!AK*UP$%UN@*j~^X0vTEQ0QbqUhA94&<sU(xeo&_b@o>dVQ@#bUIZwep`-3@8
zO$Q*DH3oE+KxaPnp%a9hEPiqy?R*9CYBF??G%S8{pB!t0;=i+8j+lN>=W)d5yCRmE
zru+wpze9%oLf9wE_bqoSon2O^1Uh87R$_kIIgI##)rmldEd7D|sPkvUf3!N~&>@Qs
z_fd!Ie_jvJANF6ee1^h()G;s9vO43T!ZoVsn0?UU^-H1Ei9?6%Zv!B3AMH#;Jl^U|
zgq$q>ll!Q{?}1FUI#tji`yZkeXCHO=vaY#Sry6py+#}*X>a0fm1*=mF9kTzcwBqce
z4qxuI!RoN9kVS|4sKb|jZL>Oc&>@RI+(#Y03~aa6nF$@T|6u?E_fh9C;saKv9&)ni
za36I}Ab!p2%!LkF=CmFwUkEu_<nLK|1LS0p^M&(l(?-b2BIkETC~t<GEb<)6;RC<J
zGuY~^fDYMDBM96_9ll^J-|DnLPWCS`D(0VexWoMsc}F;$O)hkp<KJ84aFAT=Fn4>e
za5zF{=SN__^p+a*#K|Kat|E_exR%UJ2y7>BnL$rIIqL92GEdM5jo7>#6bLM*mlHWc
zD>m;KlC!4tash>~0h^bOAZ)?r<zf?|9h-L?$+@5J<%s}cCpIq!3&OM5y!QI5gUk~G
z!ai)?YYm$3D0|}$AEvy*;bY`VhhHaO=Wq{sqQj@iSZA7maqZ<o1ED_|=SPNYGAj&W
z2pN4qg0xov0%@-y<U&USO`dG82-&t5izn?x)6!lXOVVETWZPcsqtae0$TWuV05)l_
z4P@J1TgkS)wvlan?IPRu>LA<p>L%OvGIbb(0O15SX)jZ6w!KbMZrjV$m2EGs!=$}<
z-jVj=xklP6MvlV(!bEa~!?k4FUc3&J_F71`?bS@S?bS-Q?bSxM?X`t$+v`cPZLghV
zYz(^<?^FDO;$w<Wk}*dxoKl<#naHyh4^zzfT%L0*R~%Pdt+-Ax=V!^=sJKP(I>nn6
zw=3SR_*un!6dzE0MDgq7OsDMcDE4He<oxcb=<qw2!u-CVFxPg%;}vs#Ci3Zu>lHUB
zUZMB_#TyiFRlH5{F2x;+yA>Z+d_r-L;?s)zqi)21en(!OAq^@nQ5;h|QE{!}nTi*Z
zvz+>GR@|z%P4O1RPb%K2c(>wxieFHCOz}y@rxa)QOZk?qc$nfs#pR0QimMgZDW0pi
zQE`jnb&5ADZdbfr@w1BeC_bS0h~n23zoXcLHj#D-C?2A?KygIzc*RwUrz@^k+@N@c
z;s+FOP`p*~HpROXcPQ>wd|2@b@_A0*>rs4KaewR=9ezJoIH<TpaZK?<#kJ)A&aq}H
zUZ}WPajW7s#ak3Vsd%U2-HP`qenIgu#U~Y?Qk)5Y#pi6r!xR@PE>|2UpYN2nT5+A?
zxr!SVw<unxc(dYm#oHA>t9Xy%1B#C*eqHf9iur{|@jsw=h~fgp5yj&bS1F#ZxL$FC
z;uVS?AYb6r;ReN96>n3#OL2$dZpDWcpHSRGw)f>uEAEfui=5vl6%HycQ5;h|k<7&-
zLapMNiWe$wR@|z%P4O1RPb%I?9^f2nx8i+@Ur>BZ@kzy}6lbD7#AdeQVTubCmn)7d
zu2x(}zR>Y=uHr_;EsEDE-mJJ?@pke+$L6z&_b5I<&USQ;D1Ke>JBoP|Nc01Whmdm|
zI|Yg(ipMLiQaoL8z2XMND-=JVc!T1tinl4=rMQF4n|uh}iVrJ3p}0r!Y4RW^Z-4YD
zVSe9JIH<TpaZK?<#kGoODqg6#S#hi4HpN>MKdE@9;@yh(DSkomF~uhppHiHOek$e7
zRy<5`q2hAIamCe&>lDvb+^D!k@jAtu6}KziuJ~ESdlVla=Q(Y9MDgp2-%-pjp^AP$
z@esuYiX)20E3Q&JU2(nQ2E{8BKcIMn;;o9eDc+^HLvgp_!-`KR?jc{~)X!<f{V`{V
zoZr0_4k|8D98)||ajoK+iWe$wR@|z%P4O1RPb%K2c(>wxieFHCOz}y@rxa&mo|E!s
zD;}n}P;t59xZ-NXb&BUIZX^$O>c2(tI>npG7dtxbinl9%mdu+p2zwMCP<(`ZiKFwn
z;&&AD0}}70j!r=F5XA-Lp^i>O@p#2mil-~CCl7P-HYi@9_yNTm6mM0$P4O<p9g4dZ
zA69%qagXBDiu>a{Ab#>Yal%2xC5mH;Cn~O0JX7&P#m$Oa6}OQ;<<!*{#ZM~UNxsa{
z*{yh=;upxDc65#@KB@Q=Iq2wQV!jm4Ry<5`q2hAIamCe&>lDvb+^D!k@jAtu6}OW^
zj-T5VKdX3;;sc70D1Ke>JBmG+3&nmw@esuYiX)20E3Q&JU2(nQ2E{8BKcIL6IqZ~o
ztKw~ncPZ{r+^zVq;uDH{6rWbyA9Io%H&1a;af#xX;)#lD70*<>P;s;3R&u^m-ZsTs
z6hBEWaCCMm-mQ3_;ujPjQ+!hKDaDzXYsG%H;$eyl6_+cHE3Q^tr+BX7M#U|P*D2nt
zxLxsf#m_3<qxgX0BZ^;F{ElLN7%OEDC?2A?KygIzc*RwUrz@^k+@N@c;s+FOP`p*~
zHpRQhmplF8<NoLA3%9&^yUT=f{KqZ8WDp($iPnoDjoSsuAbMqxkmGhw&lKl#?QbBB
z+skGjE-%dYIkdevWRyz~do>Vfd;O<+JOz-^9_8GaZvi%KuNrAoM>0^4VKz2$92-Lk
z>{TJAJ=THP<JT9py}3yDR^AmhPaH8rGwkuWv`2lhw+XE6H6Y!JO#<~89>PYBV`FH8
zy;fwTJzSb6?QI8Zdnb|Z&A)HkJaNPff$1s#0!WL0KLKld?;wrSK{AMcU65%13Sf^P
z579qdJ|ykE1lIQWIZ^~N31aU>2(-O=*xLXZ?O`dJwD&$(+vDd<y_NS}n<tK#p$GP)
zJ#vxeu~=??UrF1G_hFCU!O;Hoza?dl^&|GmT=uGvw#z$cIeLuwS(&yMggv-u%8RKt
zY0rFKhO~^!xyV<Jv;^8<_>9Y5Gwf}Job|_Yi+@ef!(Y-KKS!hg62#tOm%Z#6srKb^
zSnTon3~g__&F8kq&+eEfZg*6}9_yd}v3|tf_gwb)c^><f1o3a1%U&Jq?Sc~Rarr0q
ze(JKv&-hBjnAKx)kIP=*v(D$<v=_uC_Fi?_8{%{JLB#~|?`4<02VhUi8-}LX%R+vr
zCfkFbDb_ls((Li`N9Kv!eH&n}2TcD8u!+49E_?jGN1@Hbh<XfRm%Y}yRC$MEzu24T
zvd7OJBgTUBPwZXmvUdvhHb8~`@%UnIzRMmzn-m+gD4cNFTX$=!{)&~ohh6se^<nQT
zE_<7mJ@yCj?}sjX-F?{OJ5`t`j*X#R*&B(p*n7!kkDtFv8JSP`MVGzp${y=m>}B#Z
zNu*^yc%ct_eBTuF#IZ3vtL#OQ7JGabi?+w_+K5lgC(O@ywY@#c9_J&mXFlgeTKwZ@
z%)QMo*SYK+fIW_L_Lnir-XfQOJ$?8$*JUqoTdKdrl)VRC_V`)1lo4u4UhA?qMA;js
z?Co^fJJpB1@4D<2D0?io)Zc!Wz0<IlO~-5yU-!A}MPQHpg!RX-&xpOZT=w`GesAsZ
zhRa?(>`8mXmAz~j*8L@jd_nA&ApY@vZsfS#u@&~}!St^Z8~1TOyb7T0#jPLMWdijW
zq5yK7353(C{w5;LeYE#EfVMXg_F5sAKs|;T0CJoOg#Mp{9x~FuN!YlL_L>0N-X7S~
zf%_O%SUuU@m)`x*<9g*>dh2>QE^bRD19qFR20)HGNzb~OsddR`AmcukqaC2j!S6rZ
zX!9_l9>X^P<Tw)u?XcH?nDruSaN7Gfm%Rd{{{XoJ+F;lPAjg?N2;A;5-&Li(o3U{p
z?fo2}{p0rx_>7AL>M`sEkmF1sl-%Jw?@4>O#7NqE$z`t|6H+NN*dX>^blE#HE7eb@
zL6>^;ug7JNpTm!nMznf}Jb!T68($A0bm<?KWJ!DH@jC|2F8s%5Gx)5r(vb6y$7S$A
zj~r(LVf_45dteEWwD)P3y=+`0+}2C|UFx#84fa~0NB=MdC+&@P*=xXOV*H-11o3aA
z%U<C^=liC#_c?6TWBr-$ejr9wn844C##v@0_9naRwcVL2FS<_B-h7vT{48m5FZL2H
zd#7Np9(wc-O`WuNpUWOUQ+gWvC5V43T=weja-OB2y#zKX@7G-R_<7HmUh0qEWnrE;
zHiqd9nD2d#e{+x)d*=HrNK5_kbC54FgAL-}GcJ2`m!#Ik^PnsCUVt9m5qm>$lIiWd
z@JpAyAxl&93$L}s-Wx7^{4C_3tZ$6OKYq`K9H$T=0(-nRVErw^Cib%6nD*~5?EQ)v
zY!G|=ZjQFMyV3dHAMK%OlJ<fwdpj|iUMj|{9+N{|_Et2d&Z~>99{ckIm%VP-d$*VN
zjk)Y?gFSv9jQ*kMN&i0QvbP8KpZOjI2~yq}E_)~M!7~fCzbsSs?snO$y$E9vdJ@E5
zqs!iwm3ZdF+FP#dZFbq)da=hdT8vpeCLea$Yi&vOm%FVV>+c6Hd%Q1qH4WGx{{4%~
z-WFx=^U$Rp?Y-i%$9r|7tSv@j?<JSLoys1Hp0t;7UV8uIy}aK1`_N@?pR#wavNzmi
zkN5W?bj$|vF9bbu+{%wBd%PDV<*jnr<NZIbn<a?7>s<Cu!5)vx{`W;}VsEa?-Z9ww
zVlVw~mdjotoH_<Q+FPaUt#;X~$6y<Q{Sw5#`&{<=!zmov*js~G{Cmu0ZyoHFi7~6k
z<W`rxptAQRtH=KGoXg&B*z4^&`A05$F=g+|%HC0zy%VtaL+qCz<vr}OR||Wmp~U)I
zk4?(^k;`8DP&`A>OMATUvRB=Tdylp~9#r-&#iEnh(Opg0KFoQ~vrU@gk}rZDeTXxG
z(1Avk_I(Ix@$VX!z1KhG{HB-5WcA2nUH011sM5X<TRpbNESJ6hxQWBx1d|~3cbm)J
zv#`hSkFx$YViW(CTYEC)HHNU06<~wd`?A%OvDg?+ALq=%Z3FaB)yeQ(=*5z$l<CK<
zJ=ygN^n&WRg5QK5eTZAdVQ75b>tZ<`#U|z0;j))efHq+T+93A6<FeQN6-STuwqO%`
zI87z5J!s;&@whjDyb{D7W1k2Sw_J~Z=R5ZlrvPa$+YzPNYq<&6Osd_)-l#}0EtFkZ
ze%0tmStL3-7%YoK%GCccW6FcUF=NMA{rU^OczyLGuU9OwuJ15yg2S7@d!%%N_aQin
z&u1^6eBE{9f`xOMmM&l3ymV<p=}nV^sl<{6rDY?d(UFnTv1O$T%I01*=F0L|QSi!<
z5Si0S5Qb>A&iw2yehv*kyL-#D>t|I|PP@7Kmg(2es=i_R^;0XVr%i}lP*Hiqgfc9*
zJtLQ|T-=<PjkvkVi5Cj-M}yOT+`HEw_JxhJg^aXPv&g!Im{t`JLudZ}DhA5m5HRJK
zBg&lN)Njgwv`EP6$<h1L8v#9bwR7o}SbH)iY42)m5_nv0S7Os+lIyA7#-zK?e;az0
z*d$0f80#86iF7?S`pi1$tIt;>qu792lIJwuy=d;prK6<df70iB`7vu&*jd6Secq`Y
z_AhS#fA90l@dK5kqp42+NuU3u&-Zmc`0p~$H{La8`BkYdAN-`xf70jwyZ8CI3sr~5
z0_T%H|4E<!@80L<&zrThk-s0l2*3A@?*B=j|D@0VcklB}iyG%GRu{47>hsYtk*IU4
z=iK*g-l@k04Q>WFby$e+Z4LE&ZRP6Q9{a<KOOEUw`tVI3O#7!-AAG#F;9$+nx36hj
z{JVP=e*rl@37^!!CpGX%4g5b@1K#}W7p(v8{y%+q<Of^snI6sVdHK+De@jJF<&G;K
zn>+cLtXO#H=;&<UfF8Viu5+g^F{mq%dnl1}Jdyq0oBMr*(V|tc>ajUhGjFIUY$yuF
zTE;Gm<;3$NRiR)(B-S=A9C)T`Rj{BH_oO;-*L7L(+kqzvE1c9DzN(y_f=F;=B(@cb
zuT(87F0gu`;^(24<D`nb2S!DzyfnBSdT&>SM6Y;cQCZ-LQodLc)<5vY$|9wa;HXG!
zH}sw>9_h%dyu~M=HNZ(7h1RkBNU$^#>xR}e?6pTN9#!PUQOoR6%VOTh$VgQgk9!1~
zYl=rXdx}4RwF@17!x!`Rz#7VM5<1I^`I1=pQdL&`0&MZq2&7C2V%}hWBz78Fk6^DH
zvyT!)OR^*3)@ZvwIMUXgQ;GwnLC0jO7}1g(*nIxulp|V_3)NT7UXW<XASk`9OA>9r
zAROX-#k8_SOY)#Nhc#q<blRh5l=U&yAkmVGpt?N0MS3mEVCX&a@yc>BRQqfc)OB!F
zHroX?UR-(*AOA1^P1q>{tG{T9ZXWiTDZ%_~r<b8$#L9~E19K$98Re>)!d_8^9LQ-3
zS3EMXM%3wkQ3Cd-ILAXLfoh~G5iBqsZH0X=>_0CV(DUey^gJ&$l|!c4ibn;WN$R85
zm^R6B4uFb=_olDXA$CRh^T>g)Z5JLb-65x2Cs=@yC;+OGPN%BK?NJP>5tcgJ>BhTp
zgi+D<f!ZUKAR+#^DhM3~4y79492L~&R8X`%khFiU8p0Sr4ZWSzH{&YhPkQ|vaq35u
z&rv;`bxiG~>fhy!t9GI#=*93RSzf3Aq`Yy}4#pd5=Xr7G9Nh;~gY7@hNe=hS)$&d(
z5h*ZpX3%s!PKfM475Fx%9R$TM>Go=QyUH8qtQa&M8q)+lf_gmJhsugy2|S^uftGg;
zaPkhC4q=MSaTS=Ok1@*3&vxc5n$q(2F{hUXO?z+xW;LlCXbQ~yGP{1@LrKa|67dVI
z%-V^zU#Rm;p=YVl<8q9BdkXWMukxVAc;@KKGgHUx-~&{iv--wUnCT>M>l|nE%ycU_
z7I;PFIEP<mG8+|GqjIEsRg_58m@|vmv1A%k+CFwxzfL+8me!K71kc>b`YLOA=NMXL
zl+(M+1Xz_|9rsK3ET8k*v61$C@CKR_Cw#Vj&`dk%_@>UD)44G7@;oeO^`q<qQ=~WZ
zw2jegrf2q>WcMuo5M5x3*EvO%Nq0^<m}fflG<BTfH;}<=GkA|-*2MYQ%${h;;?lIS
zg2O$J`8IiCE1GfuD+A7krWojz#vv9X=@8llHI^)UQCUx^ouErG;iBYF$WLo~r&W@5
zOrLl@a!xTAk=UOfVE0NL1Ae7yD$Ogdy^K?@s4}13Cz)1wi1eP)hfk<f<I^J_*C&j3
z<I@^_gtOKYmJOz!c!-bT6X!YOQd+6cQcI_;N7J-@<B`lku7<;GVjP;2R%SDvq?V5Q
z&~m|2r`>QS;Ot|DtZuioK3+5hvoDq^7#L=OfF6G4T-w{JGaF}RbG9!Hq?KTbSwDNd
zsTG^_B+fdfhMrR;cCVvb-iBSwxy~v9t;W@a(nk$o#+CA7UVq0fhd8X+^UjzFi+`Io
zLmT@egLX9I9N_Xk-^|W-jm@(F?86^(E;H+0Q>V|QwZU0^LOUCu*lf~|`t->xY~j?J
zH2WBRXYndIn?J9PaMpS<tGY9$zq2^yEGqtnnlk4kc0S$KXZ4BW$GD_RaTb>_WuTs3
z(M3LcHJO<&*?7_tXZPu(^@+_PInLq}Mrdyx3hVLYklvW=P+ZnJr!Usi9CZZvWX@j6
zUj7))Lm{4rDuM;USPn-X$LT6NxWzME<C=aVSGl(LGJ`Xo%u<P3W=N&xgpjko@_L;?
zo0C4M*nvYh)FaBpv`Pp$gVq^T7=oySXOwO%2X0lQ>Oc*u3R4GMTIJvXy5(cWr{r~7
zk@X1~%s}66eR^9R$M{rX%b<NSEf1%(@;RL1`q20^O&!4TDcLINE;&ufdRnfs^y!nC
zI$aCUbJY`<ldLD*8_(erMu};=XFirsThAO*=kf`Q1LM;x>Hz0xI}UW#({n0IpY<dY
z;vA)nw&RM>&e25`T;5=0WOGi(h-K5JbyoU=HI(X1T;Jr#`i2Xl5VAavL!`z;McVo%
z#8p?wS#_B+eT7{RCCA=be8K=SKIx9(Za3wTSwGPsT|qJ9Pih&c9Wq@H3i;_h<18K>
z>7$m^nKegwWX>0+j@XY}b<~$nIA<82(n{U8Pv%ZQvYJxIaL)s2ZgJh%driq2z9_w-
zxNc-c(W%ri`u2+RfN?6V|DDw*F3IWB+q%c5^`;Me=uJWA77>PARfT)*<Dd)a9$poS
zqi<vKGku(sALju!hV;MUKk2r^MMx;ldxOr|!qhFVDfM-z)1wMQUT4w|IoDNK>4fC`
zLcd(Cmo||XEi>1<^eb4kjO#Fz#?)3?*-dT9tjWngR>A9PoGzT(rDse~I78vuLe65G
z`gz3%&&-(*qlvd`)A~BDUDN8T<?REw+Q)be(m9-F%>pLco~3FGj;fWU@r&nJ>lfw`
zQ^#rTZdx%}W9fc5YeQDqD>z89Z=KUK-hmlqhI%s3Sv@oN2aIda>*Kgu)9oAjz3FDt
zbe?ng#&soJV{xRHrF+KqH|rAAnQ4D#p5XL*7T;LYPJ6Qb+w6d3hU8I}q5tQo{*S(S
z0KLnsW6-GP_PJTcELXYGMnDBd06z@i2yl7;F6U5~wDMz^vY+L6%?S9whbsuVc9Qev
z+c-d~T`+TKzuxfSjN_a~oSX1wYT+TIB({cA_y5_0o%4wEApl%jqxDB}p_KB-j78_%
zhPuM&!qw0-TECS3NRPzLUY0fK(QfFMrnR5rkBltb$k+bJGAX_P8jr#uuh&*mnoG{a
zGBR!TT6|WY(B6NGPh97sj^^kxpRJCZ<$`m`m~6MRd&FK|ns%;rYAGDbbjo~2H91}B
zk&o{aP6=qZ=aAuJ`h+<SKAqW<`u2&pP19GnxU%lMFF7+JJ~(juWbW<zoPx7I*-?Zk
z6jMlGO|VoxZ{bySg`<ZL-*W7H3q7n-1Jjb9^YGqSj#bOSLe2CzGf${b$wKL$lHnB3
zrChi9JO(R8Cp%9pW|kl5q(AWC9LMvh^BLZAoD-crPJ7Gx5Tyu7Da@y7)8z9dv*-+2
z=hDi6;U9P<I7-UeYaz_%X>*dFEA?K6ldLqJ;LceFbVGcSmR1I|#j(^4%v34NdM_|1
zy)Akz2Tpr|Y3C|O8<gHoFGq5zY;PzzA8S7UaSGymCiqNxNm6sUZVfZx1fJ=wIbzjS
ziE-sPH_WVh4DmH%t78pS8$lnvH#62!<pmvmu^~3TYRb6ssvLY^+)^~&7aG(R$~_dy
zIUdSB^=58o?SP)`m1TIqFUo(0rjlm!UsE7stZ!`Y*l=mafF4hH$29!s=gbGrf9j`?
zy}0prtKM67)b~Ng8<~TrW(9Hs88sO_m1~aWubI61j`03qk#}v5r*J@ZMsRe8^fP=U
zJ)kBqVPKuNm_Ip)&npWD6qghY==i9$<BuKl4-HOMYITOJh628#0W<FSYrwbGM<4i^
z8sq*??R)I-#@AP!T9(@xp<}t7$If5&)5MEYepm5c*?!;A47ijzA+sa8=0L$Ck#KNw
zu5Z#6p5xuYXo;sZV2>Uc8XX%b9vR)y8m;sc2F9-$@yxL5fx(+Q0vXcU?*&8~o&=!t
zKyV^<CqMZu9Cjd_Q#34Cb9t;JK6>ZalHkIMaCKd<_TAalw+0LEo?3ldxcYOEx{7G^
z%t-v*snxefVs}?o-w~~z)lp(^y$_rC^YKz%Ioe)Z&Sm=&ho`(=ajGo0Gl+8jA9x}T
zjs)#9XL(?TY$r;-6pj1YFbvcYrk*gKRZTL`lUd0Bjx9d0MP0^WY`NGN`a6;NFZwY&
zR7yR@487^_AvNkS=JBb+!?75&Uy6;Px4hiPyjq8RGdAXJ!N$P6<ScBIug1oFls|xt
zWuTl7f->}Wtoe{L597tysQ)}R@%aU?*m)JqVC<abDaEFF4T+Hri<<Er*M^bPn-WWw
z&tKZK*pn1}eh!|5T+}=j-wCXl>lvA*j(v{&md3e>=6QYXowR64qQNurjOQVZElNjL
z%$-|3Z^?q@h1P@-DrZufy}4twd-o-MmvyAq=P;d;!57qp^#X~;rlpNeJ@)ZG!{ble
zlkvaUdmHemuIpTQG$RRYkI)Z7#)jB41BMX+Jb%*6IAAj)X%HzmvP@)=f<gR>M*IY1
z2PY)OhG4f*9D*I&O}UBexGqg;a2zM~ZAl|!M<t15V?q-r6%AlFAq_Z~>n5~?_<P?o
zd!1Q28UgL?*Y-Y-*Q2fT?)R+yzxUev>~rQESBb-4>hPC4{CMeulHtF7lV46|m4^Sm
zlN~B2o*^BFk6K=pI|<~m-Xxi$Jbc-&5|67&`KXVVG$`@7t{XBeISi!+*zGIu^7!kF
zKD%;-tK3y>{5(*fdLs14jE7ye!Zp_VKCC|P+O(mwBeQnPs+F#x&F^gUb!*qV)~#B%
zV&i>O%y!Len}glFsuPj=;OuWWC>&JS`i+ulrjX*9PYIh)7(b`B`8f*LE8M8?e1)47
zUZ`-Z!iyDNrtnII+ZFCmc%#BBzvO?5!Zb_5Z&R3NN%)5p?oxP{!jCHagu;6i?pF9|
zh4(7FPvK`3eqP}h6h5GEkHRl0d`RJbg%2xyRN>bY9#r_a!fz;iO5xKApH=v6h0iN|
zL17LqsdHW}3FbRg1#>wfxJ=<ng~uz*ZzYSqPhl>hg%2t`UEz?zF@^aKRtY;x;W-M|
zE6jJIivE0s`8$5$7b@JUu=UMAGai>Iex<_g3U?^HQDMF#L(<x!@K%MlDZE4BhZOEo
zc$dPDD*S}Pdlc?g_-TdrD!fnOXBB>4;TIG>pm2}EFDZOT;eLe=D|}Sp*AyO9__)Gv
zD11uc(+Zze_-%#HD||s=u5YA`3Kbr$uvcNeH%s&@73Moyh3ETK1^X19tZ-1_=?aGw
zjwzf_c$UI*6s}jeQQ`RtHz~YO;Z}tgE4)nMl?t~j+@bJBg*z4AqVQIQw<)|s;fECN
zQh1lbk1G6x!h00%R`_X!_bR+k;b#?oUf~xMKA>=q!Y?U&Na22k4=a3B;nx%%RQR~U
zZzz09;nNDARrqa%&ntXEVg5Eo`f8!VqZPKk$!Y9inc^!Iw!YPAbS5g^r|@Kjg9=Yq
zIHYh);e^7o6rQ7Sy~2$O&sVrf;e`sfD!f?XWeTrUxLx56g*PhPsqhwsw<^3%;T;M;
zq;QwQyA*y@;U^T{qj0yvPb<7v;e84}tMKy*zo75|g?ki!N#R2Z_bYr@;iC$_rtqM`
z#}$4<;Zq8qR`{&KZ!3IW;R_1$g)4UdSJ?U%tLe{P#ar*DHN5qWR)fbYorwzj6z2O&
zC9R;s);C>EJR!x$6iz5SOW`>R^PPVZf1|?l6>d^^p~9^STi=W|`B|p;l?t~j+@bJB
zg*z3t-d$_r+^YC(3hz+(A%(jX-lg!P3O}Ln9)-IVep=zZ3hz_+S%sfh_yvUzDBPp)
zO9~%SxL@JJ3LjPYHH8NiKCbW^3ZGK=w8Cc<ep})53SUr|drs143Kbr$uvcO0+q|Y7
zD-}OpVe6Z{MhBM~u7XPb&%WD8zVS60{sPQH6fax>)?^}rkxly>T*LIuHbEJ6Ogv0R
z;vY|J_UX7|QHl7e%elMKY+<~JJQFjWa|%xdC;TFXKcnzLh5uRMsd!nG9aiB_EBtMR
z-%|J{6jH+euEL*F_(g?(WiSq|0JdEimiU7T?^O6N75;_7*W<-v683i#{)EDRq3|(<
z$6zx?!rrRzW`)0`@GA<xV=&u4jDL)Wc!|Qh75<LG=M<ibEieiDA%!1Q_^%Z{qww{3
zXRd_(fWr4H{8fctS9k)p+8CDos#)Qk3O}dt&lSENfh6o)g+H$FR~7z=!lf8n5;m>y
zdWFBN@DCOCU`$BZsKFdJs}+7+;lEY*Hwsr{8<Fua>>`E#P~mSW{HDTw1d_1L3U62V
z8w$U!@U_@Jl(6#*=2-u@!e3MPb%n=atC3-;KTqM0EBsZ3Pbypmdm~}ruka@neoo=n
z6}}D$+F=#`n86c~pTAJ}n8GF4++<kl%vN~4!cQvvs>1xHpoEPmyh7p6E8M5>ZxpV^
zOZp_94=Fqgc_Qz_k@y<)Gs^qn$WJy{_?3na;z%s~Cc{t1ky!XH!-sGr7XAx{kKsrx
z{Bwp+;7BZdkKvg|V&Q*c_&GQd3xCS+^*9m>&ztHjS0gxL;rSRN`T5|9g`Z;hCh)|<
z#|*y^JhAY%8@?4hvG9uxzZg8R@LLSO3_P*$4;r3zOf39UhHnQ?EIjvonEwv&#KM2y
z@EgGs3;!d-cY-Gto_jBhXA5{@;az6V-3p#q_=$$!2AWv-_Zof&cw*t}4gU~$V&U&J
zJo^Z-@aqk~3p}y#TMhpxcw*rnH~bUeiG}~N;rD<i7XC%UcY`Mu{s)GC8a%P^ydG!$
z>;+FOya(4K<oAIm7Jic9p9N1WeAMvIgC`b#q2XTuPb~a$!yf=oEIh9_nQjkwV&NY(
z{7c}8g@4}ghrkmH&+9(M(+{3l_@5d6FnD6&-!}YF@WjGb6=vgk4Lq^%lMO!zo>=&L
z!ygAvEc`;lzX6_D_<Ie13Oup!I}CpsJhAZ482&7HV&R`R{M+D(h5v!!&x0ox{&mA&
z08cDD*W0W&7sd*)@D;Ka1y3w|%<!YZ6APa<ycayN@XHNf2A){>O@`;1m{|Bn4L=?{
zvG7kBej<2c;SU+!2cB5?qlTXho>=(vh7W=#7Jd}!fb}pPJhAZ84IcteEc`8or|l#b
z{%*r3z!MAKVfb0#iG|;7_&MN-h3__eJ$Pc_`wZU*o>=&!hMy0fSonW6d=q$L;YXV_
z|3dJ@!cRARD|lkzZ!tV=Ke6z48-5vhV&OXszY;vL@VgA(4xU)}FB-lBJhAXE8Ga*p
zV&RV%z7ssL@V_=Z=OSX^3rA<$cPn^e;inmX8+c;j-)Hz8;E9D_X84D|6AQo5@Lk}E
zg@4@eyTB6*|7F8J3Z7W_Lxz6>JhAXc4ZjCGvG8vjz8gHT@P+2u>S^%A!Uqk%7d)}>
zal`KePb~b04F4>6V&U5j|2%kN;kyj~0(fHKzhL+S;E9DlVE7*J#KM2y@GpTU7XD4c
z9|BJ-`~}1JgC`c=XRZ?ugC`b#rs0o*Cl<cR@UMX<7JjMW2f-5y|A66-gC`b#m*L+4
zPb~a%hCc<KSoj{pp9W7X{7J)~1y3yeS;M~#o>=%wb3J<=JhAWr!(RYTEPTD;xh5hO
zexczD!4nI=#qguS6AQn?@Lur5!ar^JGVsL0KWF$#@WjF&HT-z+#KNC6JlAN%!WVk8
z<Jt$FSojLVPX<pce68Vw;E9D#8-6-?V&Rt?J_Mdv_)Uh7fhQLJ3BxDA6AS;0;b(y-
z7XEvNp97v)_#YacYfNI{&l|oGJhAYj&3?js@WjGTH+&O#V&QKw{6g@=!Y?&^D|lkz
zKWzBL;E9FrGW;^|#KP|}{7Ue|!uJ@y9Xzq{FB`rCJhAZS48IXPvGBh&d?$Ef;cqm1
zBU``|3xBiWxz;8Yexc#FfhQJzx#4$!Cl-FE;U5A|Ec|Z6cY!As{_BR{1)f;=7Y+X?
zcw*sC8U6|I#KNC9{2uVc!u!mAPB(aB;X{Uh8a%P^t%lzVo>=%bhTjLCSolvH{#o$E
z!ar{K=fM*T|Cfe;0X(tre{1*y;E9DlZTKGW#KQlZ;a>tzEc}gS+3|h|JhAZaHGDsK
zV&Uf-{xEoA;TIeJD0pJww;BF5@WjGDZ1_R&#KM2w@W;Uu3;%7yzX6_D_@5g76nJ9c
ze`Wa7;E9E=H2Y>}!4nG~F#Ox#iG`nQ`19b2g}>AA7r+w>zuE9ETmumczuoYK;E9Fb
zYxvRNiG}}5!+XIK3;*|qF9T03{Lc+v37%N^(G}VD9S@#Z_$tFs1Wzn{!tg%u#KJck
zelmDs;X4c;1Wzpd#|%FmJhAY53?BkdEc{mt9|KP;e81rn;E9F*iQ#8~Cl>yK;pc!S
z7XBKuS6L69SooQSZv;;){4B%I2Tv^g-G*-hPb_?g;TM7@7JirETfq|x|0TmO22U(}
zui=-0Cl>y&;a7qu7XEF+w}U4Z-cy-v_YUyH!cQ^$M)1VK#|+;Io>=%+!*2mkEc|N2
zZv{^*{6mJ{2A){>#|^&&JhAY9W%!4{6AORH@Lk}Eg+FEZUEqm@KX3R)!4nHV(d-pJ
z0iIa+pyBs`Cl>y8!*_!x7Jjkep9W7X{5Hey1y3yeF2nBwPb~a54gV~7V&Pvh{PW<6
zg+FEZ7r+w>|7*h^08cFZ^=5y&2RyOxLBqcUo>=(X4SxtcvG9ux-w&Qx_-%$i44zo{
zhYf!eJhAZ48~!!$#KQL)eh@sd@TUxa96Yh`zc&0E;E9EwX!hh!fhQJzn&D4_Cl<cR
z@Mpmj3xBua-v&=C`~!wR51v@~U538^o>=%749^>o#KQL(z7RaI@TUwv8a%P^=MC=#
zPb~Zm<Fn(s3_P*$(+pn;o>=%M!;c3~Ed1Sup9r2<_-%&wfhQJzm*FRaCl>xW!w10=
z3(s#&S^GcWiG@FD_z-wv;m;aA2A){>3Ulux0iIZRpW$bLCl)?!_&MN-g>N!^J$Pc_
zI}P6mo>=(phMy0fSomiQ-vpjm_~#A35InK)KQw$Rcw*t-F#KZh#KIR}pRKoL;E9E=
zH2g~N#KI>G-wvKw_>AE@z!MAKZupJhiG}~D;XA<-3;zYfZvjs%{9eOv1y3w|zu~um
zCl>xEhTj36SojNue+WFW@Yk4oQeEJQg`a8oUEqm@pJn(*!4nI=%<xZuCl-FA;rD<i
z7QV~y-QbCZf5PxjgC`dL>xSP8o>=&A8-5>nV&Pvi{IlSRh5wo1p9fDY{BI5a0(fHK
z$4t!jlLO$1g%29O2RyOxwT6EQJhAXihCc+JSop<;?*~sT{1(F>22U*f4#OV>Pb~Z%
z!@mZeSop6Peh@sd@V$mV4xU)}BZhwiJhAYn4SxzevG5lRe;Pco@Z<5lLE5FW;E9Ew
zZ1}gq6AM4b@aMr33qRlR7r+w>ztZr028USq&4%Ya0b=1lZFoMLLoECs8=lYU5DWiJ
z!}FOPV&Pvhd?k2d;eTp)KFdQa{4Wj9=X!{R$K{Nx68pRq9*9vy>lqGWY>DF6I9VRs
zCDt!}$m0^rl1j{nL7-`Hl?d30<9!A{h$B8*Y4OBZu3C62jsb&r;8;t{gdoJ%U_D1^
zgd@-V5MP6J59LE}lGZX}=-|&qd<_c(`8_!D%ro&d*terFe+)YV$HT;^k00UaGk6M)
zlMFtJ<4j`ghf;_oo(wR<uEw#M7&^=+@imygDU0FAGjGI_w@rp;-iSs2n}%oI5{rJX
z;aM%jQV-uVJf=?<@ii6rXQTjqp2D;X&|VbATR;NBFa@Su^ou_8B>I+)(VwjJL&T;&
zXDQsM@Ir-`5u0}DP<V^NJBZPjD7)YU?@@TK!p|$*L(IyD^uq~$P2o2bKCAErg-4@I
z61GxdpTg6L(e9Ll!u1L_DZE(Wc7?MsT>ifgDhTE>&1wDa&1ceQXj5!_5h07`kc4zk
z!$0i%OvHiVsmHdB8o$K15OJ|ziAa1O0HM=uhaUTni0Hi^1o0emqC1)WZZOj&PseoE
z!Rh$6AU^7dNPO)ebbN;qANvw@nP-XbQ@}dDM-iVEo}+vkj@Wc9>z*ii5z+e`2zK?$
z>HRTuoaw4zXXTG^KL)4EG5MBkJ+K_uez(i<EU=DmFUlc5JH{zHzCSm34oOG|@y&;!
zVtm-Xwd4B^u#WFIbZF~Dq@H^~==^P6lC`mn58cL&?;n75d}Wh!KR3oHJAXemcn(R(
zONftSl<{%?U|Q@4{{pAu+l%;q22O-}l(*rC=fF|6+>P}Uj*O4<h{VTdbr@d=j`HwL
z`M&{rEtHHIwDi6Uy@Z9b{}>0Q+QgUjA?_(Imrp!6ir!=Zoxi4~xqeUcFZru=#OFtR
zof3(PFYJhK8{(rL%X^)Qk98@16wvkgsV>)TdEz5wOfJ=2M}sccHjtS5?e^e!<`kgg
zTL`<sF)bode{@5~>UC|M_Sd{F_kEXWI2!R;a{2GOEHnczW+fU#d8;J(A;+#j5Z@v2
zTHhkr<8E}%{c_o3V+(>2U$i^O_eb!IxQc^kuL^r<m3uI-@n(avlCu^1{SC+5XFLN%
z7mKSl6$T6MdT#Wh!odEm8Fc+cg$s(j9{ZIat8XlwSU7u(ygPx<3<&m3@0oV1cy?k<
zgLg*!k9d~?J0C?1HvQ6&<OEYk-g$s>SsjK)3fqL3VFPei!%@hKNLUU?b~YXvH+3rE
zB<y%#3VCAT*|{m?iG}w8Q}U(7c$pTDlzciE+m;TGlAkHSemIt8uHqYknJ4ng;3$l9
z85|8ec`ni@R$5p3UW7HPI+x<r2rHMaT)W18J%GG40Y5cgwPoXmO`S{EuE(nb_{xDH
zpMB1~ynxYIF)UrN;U4PdIprjWB`dEq&}sf>zR`d-L^lNe(qXby=drAR7W2Qyg`03n
zF8>aLBBjmn(owUtXNYy@dFlLeo|ZEw9;<P+ztSES%y|XMBO!d2|7vTE#SrXz6)4X%
zdW<l&+YDxRsX+M_7(Wj@ztG`_iMNI4J8hpCy3V$@{Vqr6;+qR@pSyJKs`dQr+^TfP
zh7}*?>kL$To3|OP+qkrI!=|>CYqz)n?^(Zj?V9zgRxVw>cKy=LYd^M%Waow<d^S_^
z`x5#JIL;v)uJXGOw!ZvsgY$fWGT~fHOKVkP?6UqCmY742^D;3_fQ3y{6U%ifhas=q
zR^V8#FqRoM&&xyVEW;67OBUv^znR!%fSC7#C^c}@Z^ZFdV(7qYVYvo<zu{RvV!8IZ
z%kV5K@inTva(!Uci4+_<!dvxYc$QzTr6wyJQh1ia%&X|LKNX<fD9hjkcPP9?;T;O^
zQh1NTdli0O;T~cS{z3ZT1iz;68^o+Y$XPhS7ZkqYYb+Cwb&X}Pb&X{()3_4xL5Wj<
zG(!wnM<LjG{nUd#$admdj^U|C|7_!z_!97Q?21Ty<ca5)6a9#fZOZsqjS`>LhVV;#
zY+o%*o5DR0V$%dxpCvCMddont-(61c_n^ZtI^C<`7m;$T0-?)sLDdV>k#c+rSjWe5
z`QSt(zHK0Me4~+p$>3NoOkd*r0<ey+6aGp#5sB~fAas0u#&kS5#>e)O_?`#W@jV2;
zOzVJ_9*_GCo<k3$9`WtPk@0cHlK2h*Gd{K{<zM06XQAvro}+sej&@9>1|<822z4m0
z!wIH;9Xz^U$vIw+>GGad<>hik@^=<k!T`EH0T1^jL<Ig4gpRKenWY}f%lel1oYx%#
zusgh#6Os6MG$zS9#rupKL9$Jx{#Y*Obw>jI>Om_+_MgOu@5HxlT9^A${N=7YYLm6r
zRfo@a`Rfj=K9Ikdm1GckLS_Cpy#4GFE6QOD!@R3DRd4y=@U@k0A=(PD7TM6l-xr0(
z`F99yDccXVX-T$zjRyy5Tff1Q`bc_Hp+{SDIlbv7J{gmYFW;EtysyXP2Ke)hNoSw`
zQ|P7PM5G)%>KZ)_|1vn{nRUQ1l&{avM?i@KDmGrVV#U(c8*|^yzFeQL35Bk>&kr&o
zRHXFzQU7gyzI}7&rp~tIc`knbBYm9365;+D>-BQ|kL^pn%k?YT!Yk>26HR=V>wh;v
z?@Icg&KrWb*#9B~Mx^hoSl6~9*IVBG#`=Gx|GaA>vz>~4itc~9ja;`fqPx8BayIha
zb%8M&>hNx#&sN6&D}5g8f`3<^4~L`Sq_qow`L%H94^azhT@Wn@v0C1hcWdC?8hEz`
z-mQUmYvA1)c((@Lt%3gsY5*VA2xPxkfoCAT>-Y8gs-7zhxF?TVJ~}X+H;;O7TiZMN
z+U28ye4H)oi^Dg|_RWQl+f&(dcfrR8+2HfK1M?@34j=McPgLMO=fSh?Hc$4PdCX$y
z_dBW!E_&vbXTOwjHnP3h?`o2dWfaeJ1-i?!VUM}10@qCB8+nk(8F&A=s&8E_k5&Zs
zZ||Gt@{U?JYRRYtqkIvc{SA)+_nxP^K4E*S{$Z4S2V{n~_y*jm>TN8aT`KVmxcmDj
z7A6WrhyL7?9bN9N7erGuy4DNY_Zj<~cPBP)@T^B4cSV^u?jP}3fUkb+1fJm?_UVwJ
z-wrv0Z-)#NUMx!N2zE~WdMLPZLfyQso+v(06j;ZrZ&blxFIvd=j_=(3$$b1IFvIZX
z<0LK42Tg`N+j7Q@`Yv8le7t#kXv!l^0pFSmci$A(Yo1`q)Ef%XgbODBq9jl<8D9*I
zhUUCj))Vl78r4zZ9k-z5cV-7~&F0~vJA(!<y|$y=d((oF$iV2p%);!MY45~4%DkUi
zQ1boRftkz_ay;#wxgBK_ix!l82;3;)?&>I;4lXiK8GKl{stpBplLhvFF2lW3)F%^j
z4=>j)ciV*Cw(F0yU3ao={JFMkkD=l|{rZA2vrSJ%E1q01rYx*`MN5Cd+1ql&6nDvj
zk|F(|0~Oj|(Yyb_`IBatcxHIr{t3PQ>yP-aJLw;P&VOyi!Hp$nuer17PG8f~qB$Fi
z)_m&j`8UOHy1TVvO3_kp(V~h)>Eh9@XDY`x-LtFdqus~Xlz#-z8n0=uTJz}Woy91V
zE55gK!Uu<*eW<wQg$w%<iz=FGb~WAEeY~MOj31E4l4(A;gi7GQ7V|7qVE;l6WAvS#
ztKRzVi66iEi-Z62H9og=v2aoOK=FMA*->>kvi-OWshug;+%LKNQuZ@S3%p+YJ2x%v
zvcN!Nbt*70zS<uc2v&y!0||Vfode6=7*6=*Q&I!&mLuNN>0rU?iZb>-`Lx-98+|>v
zpwX?V)AL2IG{~pedR(rYo}&8uBi#i7f03wMm>(?P*Xs>bmzeO0@?82DTTDk&>}KAI
z>XHLpk{wA-KKm}gF$#;=p^CBb&VH5cU)#~YFf!jdbmFyFPaQn}wTgptP`g9wwz~YH
zXHmggf3{v*%bOzG&q~eqz3B=T%-!wAF=wU(9piw*r+|*<J_R&k?t4aw$*B5mLhK0b
z#Ot;#J3QNGKWGM9wp-h>8)_vCY}t=o=~v3;g_~dTElRbVbfI(GAA^H=?;lKr8_NSP
z8C!}GaXOJ|_7?=c<CEI%--k9!*}ncp|4=*Fm`a3an9)tU$n#47bYp5x%r|GU9pB)-
z1RB!>!1zM=0v#UXZH#>VbHF|54bJH5T~GoY^A$ekalsgrLzSO#+Fp*?F+=l+I7_5X
zB#%SmLw(wo1*u*-KBPai{x7HB7|vG*X7Xblgoo6@KGdi=DY=y%3;({^CCZm=54&zo
zcLhtHskkOMJLn#D@+y3ossN^u_OW7h#TZyqzdgRQF{xVUZw$lIIa|^mm`JyDSRI;g
zxiOauN|9^Zk9NBm?N*9%+1!=s49x}N+0fPNs2}EZ%q4Ql^Ch|S`Qnh0Ncp?g3EKCt
zea_6+EoQ!M$v0m+tb)VlR+lFWU~|K3{r9DmZD=j9moht-!x+yl!~!Q2>RdMY5udMf
z?pSx<-39z6*ph<Ze7-nX-rQDDU68XFf~?6JwnLfmp|;~rDG6=I2MS~zbo^G`*I_$8
zX^)+%_uL`%0NYVl(0^_LjBKR0Oe`l1eE(<+@baudXgN13Q4o32m%Jl1$&B!--r~d^
zX_%0g4AJsjQEPegcghysVZ}7V*zvBX(2wuPMswi-J5@fGjfo()e#*5>d#csn7}geS
z=k*1y7H>N8N?9_Te#JNM4lK(`o%XG@Jn)^IeY-F;bFhIei$}K>1V2@Eaulpyb@^<2
zEMX0pO86yb**-pGEzobB*ZmuIMyiJT&hY4$g*rZ-S7VtY+tf(D&{(;kF_a}{?o54I
zxnt@hh9C6O3St$lYa?F{^Nk#TZZyIAmJGF)STjZZZrglXYo;Ofh7b|I$5ycHtKaqx
z*M}`}%mG<j;#al=HW>Zb?zq`FZEtoC(6y6q&hU?{e|kPT`Sv|0)BYlKZ&iA$PYkK$
zI~-P%ZK_(qv3_*cIIXJcLBo2~7>Csz-sVHDQXD-Fv8(<yyuV()p8L`3l--9doe8@>
z#?kYxNC)$S>aA8zwVyWI_S-gF^*qdNAK={f`}yX!#xVMzYNsJ{sEj#@KWAO`*>)fH
zZWI=MEm#5aaD}#h$oD4C*w?GdB)f~(xOxYC_}Zg<QStQh+{(KDsYtggFktLc%LC)R
zW9^SD-fgcJFS^C%SDU3f<_mQ}JaO*0(M>mr0lsal^eEW<%mRDOm?*Hn^}gr1U_n<p
zYf7rVU8eO@xNc}3C|iVeAqJs0t5faoKf*z2m!aAp^!GoNo87DZt^WS+G#2FMWlLko
z3LvYa$F|W?t2+}9lQwoZs{_kvuT63~(zmm@$yHsoZ7IZFwia})l9^|pJ>r6XYrWr+
zUGHyK>;0hLc_nWBE~K~3J<Du047m55oK@&G>$L3Ln#LDA`^%)#_C)q{2==;*aj|c$
z$7XoB9&@X$5L`>}Hzy`y`!^@n9t@H(e4yX-l0d&{=`K5Z6<Ni>ZSJ-kd)sa}()ON{
zZ4=M6O{hMIj``}M6UU10d&?|B4mPPvzv6k;5~TgrW!54DpCrvLLUz`35rS2~yn=b<
z^ZfI|^HTHfnAetW8)a|447jVBKM*<Slg7H}?mAg@;C3nXjMB`k0`cJ7xvE(U#EWxy
zq!DA@bg@8N8GcbCzN*vj7Z~uD^-U{q1^lMeWw&)#dj`|?>HXUg)a!|~Rb;LznDCCZ
z&w<T{XFl6+2MM%Qv^2ZY`?sgt%9{OUE#t1r^_2@pBK`_742Wsaz1&|B=_?DoEY;ms
zhAgxkDN2KX$rpIp<O90Jd~mYaUjZBMwdWGXkwzTNeP!ew@eDR2x#kyr3rc!s4T($2
zllGSlE^NR5@Dg9zKL+ddfWIO;1`#jvJ~%E|(0>1tlExFWrC+p_EeBtfhey8mEzgv@
z0x$ojEYKZ!`FvTld&~XnN|uy1dS-irCW66}6W&Dc^nMZQy=~>a{)+P_y#MFtUp|Bs
zd;R4Z)V&2FsD=Mi6+D>D&NYER+gR@yZ)Liz>SSB_#WCr&alLKV4vaa{R(Y%t=F>ZK
zr`zSdp}E`D+*aQ7&%SGp4IW$WAG^BPU3`~ocCo}W;12l5T9Hj0=y`9^+5U3ht-dPH
z#cOW&j`bF;E1I)nyRYVvHJ%CW_c!}18&5?1CH7hq`D)o+-goMqh`)S7G}2Zc=`KwB
z%jZOUTw~|B0#9NaY)ZYmZ}6RF|G3rT+E2c6zHDYUB9M|Z{E@4{1>Nnhvdw#QZQkO(
zy6nyFz)V-#U&3bZ%{9BXsJU%iUnSm)k<HR<`!l?Q=?QOUQ1mgV$|G%6$4W1H554-#
z?LS091Em*Bj`*uunu`L+MgZ-w++W#xqVd&)+rB!68k(|d=jmSmwMYDw-kF&)#AVg4
zw<6FsZYLg0mQ(z;gN=(7_81!NmOamQ+dL-l@^8I2_+Ed6^>cH0PN2tkbJ5g?@5w}6
zgEQLiZ#{?(<+aT_*7axKDWALHj@9ppqYFzHY)OxTeM5)0*N`nIizEF$^!7lXsh^ey
zioGSgV%l<l`@z-|3%uy>xp+4fO?Y#ssi5Arv4>v$@xdehacI8ySKY<O-a!TQ`p3R@
zu&*TB=KzcGP@d4(HOpbn(?-1*8#RK_YupRm7%5G4+uPq-HtCV6g{6)6&n^l0&4dEQ
zh~H<I$y);JUp52X!WRg*vVD8Pv1dN>%LB9QY@;=cueKHkqxl~T1*ErsdolNM(bHXh
zOdmQ3&7<3YW3T^)BmVcC^iMqJpRl`o+ZW2sejL67?H&C<n@MLhJ`l|hClA?68gM6J
zWf!F`7N6{G3^r$TgkA26QLQ((-xyqsCBU`V5V=Ea)*1I;Ab4X|?IJ$;9`yVsauudB
zZ>g1^ll!-xzI8#V*Ar~Z>WHoO-Q3gIHZ3OJGwxvOU)+hs;-4{Qr&Y+|`(DHLRk5*{
zhLJp2R(%5Bp-xrbQQcPkk?Q-aKUe)^^}*^_z0K8Mt6Epl|9oU%JjSRuQe8ru;x7xd
zm3Mvh7bh&+J>cmZ?OJS`w2G=Dr9q7KisbTH&qod>f(x>l$2z~mJ8I(^-;z-Qe|fss
zhig+g(|<a+M5>{`w-3-%LGS+Uyf6%&2&QwoxM&QX2n6h1#q2KQE2bCodLnqDHPBuW
zT*3;+sKJ%xK%<0DEV0*8RoE8ymuF9)BL`kI8M3g6Zt&KC->hxX@v53l`v*%_M<!x;
z4!+3UOl$WM{pwD3DfTZELGBCW+hOKj!|=914X4{GMsAD%8skjabW_u3+*J>hRX-^e
zhq2KW@$y~->P*OsZf<yQ?;o61IHV<p)#-(yb?U?Z;sNj2fU46$*5;<}0vL>DG@rkW
zSMyS<&~MpVh)#m8k*&_t>BvA3TJ{Fz;B%3IghfcjMmPw2_XjhqGaeDr0>KleNoEw;
z@g<hXN_UUm<?*o6EgORMGWUA()pmA`HuQ#-#eLWR<MMppbl+V)yTrC2gC`>cW%deg
z&>b1@*~>U<oV9QX_gZ=O=GcE?ym#t&*SWo(KGx5KXz0#ep%3yd!X5Z|T0^j~<*DC#
zD}Pp8;4Pdpr_(zwKE;iR`>sN)3}K(V9@O&C5RH{nD=VGRv=_GAd$GTE>p6s(fge_*
z9QHlFDeekiWS4JJ_wh)%A9pSy!AYoVu7ih^8J!^8ZhJ6m?CR<5K0ci{I;KquRzQ90
zIeVph>9{>osl$K2?K|SDdcbURVhhdNH_FvBYgbRS`}ic2QlRT8?zNbFq$l(bJ%29X
zYWens{{36eW%~^8KjHp>;|JVU8}8}NM)KIE0!QIJ#W=%$H>CU{>yI6-udY3Dr?g;E
z`P%S(elD686rIJ~SH7&~kvUP{U1Qxln_b?q3yL<@ZAaT;nP2k=_8RZ1bZ2gN;cVZ0
z>n!F<>-=&*17;P98>z4}<C+jT<N0(Tbn?r`U-u6bW%wI_AKl>Y3p;8K*MFtKNVdo=
zPhCB<+OUaRE(W;e$mpRb(|)WI+%nr?RWbB*<B7zp!R036ilU(>VGkny(%`1-=?ekp
z*$P<V-~-vSgXy7XgS`>|*m%V_XB!_u8-MGqee0ZkaA%(TLu`L^%&#4K^0m*My8k@p
z^pG{DW3K;h+mG+~Me1L|yl-3OE{0|GI;t$Vd(V-c`MY}RyN}1pQ@o>>`0|e)xdvAb
zX1>^yxBq?i-}ZdgnK$%C^e1$D=El(*IahSM+pg_xt2)v)?qpl#xwf%q+~_t37rlDj
zlbE#&s>`eW)nPMxWA64&N`3^r#(lhQ``Jm`=LCE$n?}v>@Lp9buO87sT3^L3HZK()
zSvhxiTcFzvTr5>~7ge`;W08Zw;O*IJAK-Q2x9q)7?6s7;+MjHFwejHWQv1Sbz#V)t
ztG;i6y$bR2hA8L6LjH%9&(4c@2Q<n_OMPvxzY0splm5zc{;?GYm!axWR#o@3&1Z1y
zH+$*ZW8Y}oy^$O5xbcRfNI_Q3-Mu{M4fOu@*Ma51iP_9l9VrS<e{7TcnLyE$!1$e`
zcrS7Kl2Td-+q^&aoC`DfbX?yvvvVT*AC2$6DlvURG&wzkH7lO0n4Za&V<&&p!)D6f
zTWqlcIB&{dS^k@b=f7d@?zG8&+J0i=z{%iyvPC)28=Rl02rdX#Onu}Q76Fs3TzB^2
zN0i7{F@ImjV|I<(Vy$tx=FP52T8tTT=9qPE?N|J`ob6vA%|4j6H@Etq^G@u;HA(h<
zJuaE_%*62OUiBGw5_=67iw26TjueVjIOg8h9K4&Wv2~@bcVG#elDuQJwp@Bl*KSlT
zmMd09d-qo-?v^t%ynWfSIhVBAyf5%zD=wSwoJ}4+W(GWbj$ni_b7ywU9Io4bJUeF6
zSK0gA*!c2FR$87LEo<G2?kYSa^W?uQ=N<NgQg8hyx$F%Fayy!X(}N2VPqs!I4<_8Q
z^yjX>w=nUfL<|3Pt|YrU<my^R)Sl1E$_FdTJnNm|qsVGcuUQ@s-IL0$clIq`yu+?B
zZ}BIJoBI>#{$Qkke4yW~llyo7c(HAjFmQE?Tk&sw!;V4fylZ!3Boy-{BldF*cHhEY
zSRl|lK3hkD{-6N<)Vl}0R+1gExi)-_TzxRoRyOagV?}FE+&7Z(8=L&d0yhj@-S%bK
zhCGK`vNV1h9eZRiy0}Nyi_4i(-s3;$!t)`pAKwhP`+8h5?xx^g-nZ@DT&}rqu5Obp
z-HYzQimHE@DQ${sD*kKqQ|Sq~Kll5&YmL8|E_&ET{F=+VgGScAHfq6Oc~T}|TwUSP
z;_#$$thA?oW7NlQ@=Z!%eUI5PaZow~2F_DTskF&A*}L5r?UC~>gEt1cTeDfIKG+iA
zz-rlZ!`3$vO9Fngafe%io8HrZQi_AUw*HeDTz<NN%ply}zXz8+QlhSY7`@*8NnZDr
z_1)#-b_%!HCSXUYY`z=$i3fg~?d)lPMZz6?OF{<rKR9*b(c-tTpHnvBg9tU>eb-a&
zzD7Lq(OSWQkyCA{C=VV)XF)AAo(Mh}33%*_G%PV&BBc@kn7}00>2o&S?Dqz~WBODC
z_(jvLS`P-Wv2FFRo&2FFqisaAOE6tEMsSHL`^u<@-mB7BYdo2V<i>5w1EX7CrDo!U
zeWe4<z^E)c8&@ah;*sHtmXuPLcQJG9^1{YfapTawO?06-8+J(Ar`?T6MyK3=5{o8J
z{{vMQPSfzA#_dM1K{KvK?{P^9Y^!llZVpJIVn=jeyuDEM#W9#PTKcd*#kqpNqvSC=
zm&ksJ%q80~m!OyL<kf9vq|2?L^Fg&A^MSR(JvPd0Vf(QNQTNd^@58)2yAaQ=WEUqJ
zWf!|R&Jnt^#x?gbcX4g*xj~G=K#6o(T;iUq`l46L!`$8M3eK1kDVmaww?sx^&tit$
zJ|D7TX?d#X6Q%3MU_UmTNCo`vY(GH{d#s|+o35V0Nfygqdp?vDq+Y8&>#_%T*PC+I
z44XND{f|!Fb9HdWgh2HS%wAVxP!a6pZ%R?W*0W+fX4e!gW=*jj!wV&F%yPTCckL?g
zakowCZ3`S}^Pg<<ool-hTey+7amNbJ6fJM7xHxL$U4uK5U*lr1**_L05xc2PS*!R!
zDr*%FTUK#NvHbwU&I0S+fvaHd<5&|F%qt2^HFW@6*muztEL|Nb!?kA2XBWTa+-))^
zVsusQp3VKA^5k-9BN&IlG;CSbJ+q|0qLi6)tP9yNXo<WpyIu4FF&Qw4Sm6gf`*tJO
z!J>Un1y3X**m2IDU+tch^^X((L@s>rcwdHldpu_M6&}n$!6I5Z3bB!7E^-2Gm4|1-
z%vMhQdf~@kKmK~kdNRn)4$SKVhu?$&uKf8o%EY$XXZug*idNNs4y{L<StTiL*XJv<
z=V37`^Paypdmfhb+Pvq-_aDJT%=pJ=ZNc`_UUuka|M;~3S`;AQuaYY3Kj}rUxULV|
zw21GzK0HE%&FAZS_ix7?*ri#mV{Sq66iV(1w%uL~aO_(j8&k|mL%6}|X{Ip7vcjgS
zQ8)9O{nvt}5ye@1ACEltfP^<q#kCHeZy36VH;``+Z@^rLFa(|v2)tre4D?4{E(^S3
zjC|IQ^TyB*xG}umn!4wDv+=hSOU+TZ5X06nUjo>}#}n;c!R$#sgAnlN;y)cZI14!s
z+H>9D{NRZ#Z?#vn1{jfyZ^Ywmd<*?Mkb9n$T-skn(thp|Gs64=bYHu1`kTEKu=>@W
z#8O%FMQ$##ub}KoZ1!JQRfBCw)20DG-=u^B*d?(u4Is8Y;=i_Qvwd#`oi=yN6fxzr
z%DPs_<7u+VhGBW&A7xbH>JBfKgk8#*c_3rvfsA#7y^ojB+cR04rSG}&YHm`mKXAnF
zKk4_K^WO-QmEAb6IH>nJ+{y5~@<sl&1!v4$a27K`IWFNs0UsA*jn+(%y_soG1DSeG
z1AS?G6^2`v%gbZ{9;5xgP%76G$Y0-Wu8Fw2D~yHBj!<ysl;-lEEidYNZYN%fIAwWY
z%BEGt6I|Hlp6PWb3aULzN)~u?55rw_KeoHbyS#elC&siF;0Y!?VI;9$bPJN!ton@0
zzF_Fun!CQdt-xC{P~zQ$BuZ)K&+VUsaZHYL#FwrP&cqxsb4DrdNTL(ZBza@4dMI??
zX*;D-Ov{`!VCQf^Yw$SaS@hDK;AWIMcQm*TAJPuEt}gP9UEb|lQtZ2P`|;XGnxein
z*if43TJyBK_-2=VU#seYYet=M^Qrxp%c={SU-m63&(5Z(40SQna^$K&sVmZZ!CQr?
zVWBV7@<>ySuetZPO_@jHg+)^$?%w^KSX^Vz;nxA+=4*~kc<1n|ss2F>F1?R{Ck;z}
za$9cJ?ce7en|m(nK);Mb(U5c2)QU>s9KimYt(z9i0jw$9voQO^&YBrgFUQ;io;h#$
zaL4np3bTf*a`Sf#o&}zs^drY7anEFG;f?VdCmx=$>+q58<1@^@qx)>29L-o7*k8Nz
zHkY^1JGLkGh;I@*HP<g+;`+rIq`Dwj+E{QlhWnpMfBd=8Nrc{7j2B6G(}CM@3)Eak
z;G#Tzb^1x{L}U$t^oB%%Z&J^++2XA($9$RgyYPV5gqc}QE0A>0-u^PXPc|0#CJzZZ
z7)TUMn6$t%yJVUP+vuNHdSHeG4wmC4npLl6{lYB~%Wu{%ne3hj_uzx&!|Pb>58xgd
zo~yL$6zf1!t5xwE#|GyIRZSM(jzor5W@fhatov+N(7QU~?!!^GdeWuA`KR2$(zCak
z`n)PzpL}`Ok^b@a(5x=+?GJu8W!FV@*jte(kKgJJbh~_^PH#nHc<!wQUN>4A?bp(L
zwKv^b5NOD?2dvKnSE=?0;;whkEwiMmj=5VZ3bDiFZ7rB^lWqrd%@qt=>hhfRG28;2
zFf*$^&FBaH)ujjaNyE-4DbB9VGkjMT`*yYsu6DG+R@DYGN*qhb>^@2VJ=qMwNCfsb
z%Vqme+fa=sM$Q!J$3!CI#MWAC?E{sPGuj^PPv?H4V^``iKG&|UeFw`W3`&!6^&gq-
zZNy`yX59c2{ukJNHmgkd2K19g#y|AD7ta)#3boFA@jTNN`v=b~@a7(nI_BPqHP29H
za9waZZmVD&<vi0rpdO`K?LN^zkg&^!UlSdZT*y^I*9Jj*a(29=*qTV0F6$6iQze$&
zE^&?=+HL1P)<yRSJ6MtGk5s)=9_S8b8=3vIJhxYYYQj8eKjB1sSdV$q-o(LLE6`@D
z5RGR)Tvs*Aev~Y*zd93ld9B^8o9){${q_^UXWad720wsbTQ$pIID-rAM1{SKo8oq#
z+&?u-nU!3Y8XOaRvK7zbBm#0Bd&WIDGx%hC1e*ha+@=TE+j0F7D8rR@MIvBdfH0kG
zsU_uH0rqv-Z88QkCpSo8yjcFB>zHcTt{G$U?Me^X-@J%h=En*brLxzuSic;W)k~(<
zHTNIf_%C_jwqUq<VEm#2{_v)}c_6XK&(X2~OAUGc4eP{{SLdeAC54zdXBS;+;(T+$
zJA+$~pGY;Pa!=Y}{fl48un&31U<SoAoiduZQeH6TpKg<R5`NC8e(56zIz&@6<ecOX
zYeGz>sJ7vAspARy{QHh--7$c=v-Se~7e`e+H!2V?L%wPgetGzsd*98$gH`EKW)~c{
zyKrreyA1Z`U{`wQjVPge&&!E|suzob-YJnKRKmP9CeUw|@_1%FQC_v8DCn<hE~Lu5
z_E)VZvfTEzV=-Pz$MV3e;@D#B>Yc`}-f8UWo#-FX>a%XmWKdsLAm<3R_WQl#yrb8R
z4z1cgr}dF#AM`!=`SISH7M0H{_=IQO=p~~UjGjF@Tis|N#3+xBU~Kc5l54$Jedemr
zgWKoa_sF)7`W}Bg=)LwcS2aDjecQIqW%oU@abxG>PrT>x$FKKJy|4TeSM8SPPmnFf
zWnHEXk2ClO<qzHefapqsL;5lH>F;1a9w@#z%3C<kdX5kaZ}Y3N-5;F$p5T&E%QC)1
z%APuZc*ND3f}ym3(1ROIUJj-i%tjAPWhtI*F*d{-O?n3_8t-7!$R1p__>Nv<_K3Zs
zvT@k^)vDiI#F~NE4fdE*yGO;dtZN4Ahg-a}<;T?o?`(~A!&dRSp~k*$z)C8&Zv<n7
z-<#Uo`n1ClJ(t;~wtl0ferIv)DjDAx8B<_FF%_B13k<F!{IRKhRR`kqk}<Grei>c3
zR_q9tbS)2#>3Xgh_MiI{R^I}UXk?A6o^?KBpYvY!8sHMYM^)=E)M*%FF}1cFcb=^u
zvhi9h_v@D8?5>>iTI|21POV3VRh{C2^Zy}rny2roeu}j%u5T|E;WtAVPrT>QGvxZV
zFN(g(jWcV{&E9dtnxEGRGhNtm!?l;a_CkMMKJ@p|7xnL>Gt*p4+~`|j8FJ`bC#9bx
zN~eAu*I8Tp`>RW_La{6Jw0#$%u^>@sbWXPxR2S*r1&IFeo|wBPK<~fgHNnvRf#G(O
z&rO@n8GFo=n>w-`$o{T;k^fk6wsz57?O$u|-pWm6F$1P<AK5T>cgH{>b}^(x_6>VH
zJafwj7r3!6Wmet8@7ABhlLU8PI52bQ-Fok}*c0MjfIY|dVIe_V%++GfCU-iE?CMGf
z)ABWg-woi3(R$V(_ngf$6+`dYRpEKeqP_~(&|ed`e{;?5+ODHbt9CW5?mj-HeA?9D
zQ`LogJWUO|n(!#XWIl>8ZE|pTwWsN(T}{p1$8VCSa7xZPf0^7~+*16nxD+ryLq`7Z
zY^ZArha=5+aK}}jj@Ly}=}c{;AzIT=Tbl^QYts#>`ba2|#_3C)w_dGTTa#?aB+{u+
zESe10HZ;^XB$DB9JQPVstXCQijXz!+Nz`Xjb+t9M;X1yG&XtTM;*n@FnXF0GG&CUX
znwm_qE|Li)6RuPuS=UgL%0MGl7fMB<4WWimCKHe2#h46hl_Qd{%8|)Ry*Um$Q2#PI
zb<}A{#B1Wox^OrYPiA7#`uap9mP|(LB6ST7H4XJq6;DIRNW3N$4b_L!$xt+r3Wu$7
zg=@peX-y=NP9&4*NPVa-lBf;E>ryq5x|(#NmhseOYEpHHXtE}q$~2_I(YjEiJ{3tu
z>gyZo<Eey|mQ}{ukS^n}vI!A4K;=<R4LcfLtIXlLWIWxFsjG>lnQpok*~%o6nMAlg
zRv$~%*VWY4WKywgxunqQ7|z7%5}9Nqo<arHrBLcfO&pnsrIKjR+C-uuQxlIy60zFa
zSZy+qtWDHK6X|pkB~EAR5>`KnL{sP+H8s(2Z6X<q*ViQL>*|tW+-r_RYr@fZJXKed
zNk=VRt4@;H{yVH-Ly3l=-c05S>c$zys-xOiBpj*<CmU*#b%{_zJd{br8<MGXJQ9gT
zL$M?pFj3#oP*)d@)uxka4lU_#&Mah-$$E^LXf0Lipqq}>M<R)+6(*cW)TfX@Ius2h
zLz&t*swe_)ESkcpP$(12WJ0M7x@9I44u!4yh~sT=>10g?by=T^Cu*ZO5pJljO=H;9
z*Q4q)Nz@;xI7VAIY>gXa`-=LMYGw^DSw2%>XFW<iG_Y>cu~1DYm8c2Tg<|O_3{XuB
zUzR~f3&mpTP&!^8Pot3OR3sisN0YHAdI1WU=A&&R)+-YT*QO#3p>!e>iZ+BXd?U$N
zO-)@5Y+SV7N;eK0QkO>Mq+{t!JQIzCqsdS@8B2wtb>aGGO>JESwlNY#l8I1#Erv7b
zh*jQneKcMhO(fDa8Q3gjrY;hx&otE5)yJZ+0U`XwWAWNpELLBW2q%*$T`1lVwesB5
zJa0h*3|$Lil5r{(B1g@mscq3b%b@)dmPgHx5I)<N)1h!}T{K-^mkDFAh3iqynpiRt
zj>T&*e8Z_^eL9j!N8<IUka#><8&04Cld%Yl@a5CT5W&DmW@_q_p?Elxt`EZ=zz8Hm
z$@-8rr@)58GDPd@>r#mXa#B|pjlv|xBI$<uOfpnc7ezZH&~NLbnMgd7M!lzDDw3&G
z${N4%`i68vq9N9h45e!7Qw_BZ=u9z~)@X<m5z3N|)+WM<x&|bS-jk`TOUKipNG6=J
z`X22Ey4sNbZz?-%SGoh}de)frA^!hh99Ema<km)O>JzC{G?k1t#M99Rl)I)T4uhG1
znW(KnGu5U;b#*n-H0(k&UDpt;i#DK<BDEModGdj39x4b@n@Oc$Bf{}yLn4-mrjvCk
zOtwfmQd48~@!E74&7O%ggd=saNGy)I9ibX(YNM%GEQIEWhobTNL^y&rh(=SeM=1=T
z7;>IWppRJdS}cQ3A8CkW8p5e~CYerPVuuAw#p^<uWJ9<%!n{XOv~)CF(@@t?mrmEl
zLbZt~#(YgUW6d*cqiEvFY}C+F4)fV|$kC*B{ph+I7W&GF%cWtpF)Az^;k<#B3~D5X
zmTd^tV7V2|BqH_UWEc}}vaYrv(~t<qV1z=^a4eKaWNJd;D3&GGvMHKOpp!%zpk5z=
z{j5tg)YnHFVBZ?9WNsT)nmSmt7}^tSoj4XA85piq2*W>?NQY9GHP}4iWNiwAv?h{_
zTWgY3DuIPe1j7|dHPLtii<i21xB<pAl&X)%Y8zlT(wNTEsdzFCGnmZ8W8sESB2p8B
z9mXt=u^6eTM{6TaSfW%-tfm1)jKph0m{Qpum>n_9xq^t)M(S#5O&XGkG*%f{AEBdV
z5*Zk-bbTa|Ou=r|H6-g(QM?!xwi(vHE)+`DhL9`dB#zolVqFu90@o!&4XIE=ja66d
zV>OYmWe2cY`|lRle}5k8Tv+1N!1U1OH(*_u3bV#j5p;@lZK5U?YG_Ddks6QGq_M2U
z@P!RYq+?j)LLUnf3~wy$lUUP+8|tt?!jKNvV#yn#4aZ6+6N+QtN9!|*M6^Cq7ma1m
zZDJVo^;iqlgrXU)?EmlUAypGj)F$GIC>BqdWNmFajyWI{jwLejP!e-S2$`wD(hIXv
zvMz>R4hxh?qYGnAiis$cbk(7>7@Y_iiiI%K)S>@jn5AoLF^SitW3dQEDppfiJk($*
zfNq2_oJeJA5hPY0txu=WEz>m(@i>Naye1h*z#7)qg|SG+$}NSpVl;{|hBZf`rZ$Dx
z(6!?*3ej*~q@f1u6Ijx47#9Z^AXw8SQ!x0UPz>Weg>^8dVp!>PJ=PdlIK^T~T(clg
znDpW)&bSy!QC!SLu&{@viQwuAwH!gg>M-_jof3{_QuVmf3rB0Bb@5OFi>7#_E<$UQ
zZou-pHkqjp*J3edecOZgqA1);oeno2t^=+MZZ8~#_hP>Z$9=9cINrxP1a}nfJREP~
z&4F79_YjpJ4AT!sZzY@;ZXY}^z`X%ihW*c3aP4r9!ciFJ1vrKoZ;m}U*U$4FTywy+
z!|j1P3`b%9N8>!h@Lm4=UI{<m;Du|1+X2@D$8SLMdnFVeUWH>Ayl~F?)<Y-AZE!t2
zS&Z_)ZG-E9qc9zQ+m~T{aJWrv{qq7e!95E18r(!EE~7GphcPA$FKSESo(B0W9KSKV
z1#S>-4l49%Rw{(aAAw^!X*kyRXgthO3HJotL{wxq++;lGu@{cQFh77}7|J`4EV{D)
z@4dg!H3_Ob25_9Vv+?EGo`O;4SV-QV;|u6#*?44~^H}`f@evlJ&AvrJ^IBpp$bpzY
z3i}bosh7yot~bnazNx%+<7d57Bwq1%TWpSJ`6&|LtgP1#$9_+dqr@ji$*1!u`c7Wb
z6JE+EerGtzx1<-$X2;H-gp>24zsKl_{!7L$_3JbKkU35_M~P>#@y|C$iAT;$I^uU8
zo$V#*%2CpFhLd=m<zjp?J{U$Y;}gs<f?2PEM+(a}7o9g0W?vG%UGdDD@H!8g?;b&i
z?Ji+;y0a9o<77V&eT}t_#=7hyVI9v%Iy#?PN7tw3M~YL|iOy$Gl}qzFPR;9h_NcHr
zo|hD_`-4yMA%&+atkYVo`1uO!w6wm?o90KtBlSa_XN`59M~YMDVWc`lQ7-w(S)QlJ
zr)Aj(Fzwm%u{Ec_&$*eH{a0{C;f27Q%c!#m&U$tc$K`Mo=1)Y@8VkY=$0H@5P78SI
z@JOK!F)w(S)*rxetdRdhIMxYye$P(uR}}s$;A%MPybdQ}-vH)vf&4$gx#1Y+X*l7}
zDgJH6^ILQj>Jv*na3YuZ3CiJT{CvEPLVXdblivZswB<-0e%F*sCWdW-<64ARzGs>*
zo)FG69v-E<Y!?dkiLZrYJR9LE4c?*f6AJGGt}r@(gCpZ+JUwtyKYhRy^2Ac!ACZLQ
z%V#Zk#>Jx#j`?Bxa!EzJ49*8fybX?$FCIU5#=|3pI>gt(G3+gHtV8mAEKTZj4)8cQ
z>U<E6wvKom9EJMC(x#h8LdX*f|54xq!*9WnW0vu3g`-fPnEGzG`{5|$MWhcr41zj5
zQm8{*2FEzR2q*dcCNPCM#G=Fc7yLtD9~{H}8jeDJVvarXS0VF~|EmEc|NJ@aRHK6z
z4_U&n#M18X1Li66vlO2OW;w{$EB^gdhL9(w4)egdSNitvDjl4%MC#{W_!x#q3gaOb
zoA75OA>@f^(-{AE;G|Ff5Lo*2DPXZ_zXq0i<C7JF`AE3nDZmnz55e;~gz>j1oz=iH
zraq?hyOjP{l>T2S{5_>VsPz9;@m^Gbq&p2*^26&g;Xec{<>IxP<bR9ecPjodVCfHk
z228Q)5Lo*8R~1hzW$Xo(v<?GHTE`VWt8{*=_%RraqJIOh#2Hb1TJbH4U#<9$DgF-?
z{({0^QTl%aEVl9Iz^GoUyr+PrZ@&qQtXlk8#s6CI=N123U<&JvSnAD#0VVMl0!u#}
z$AJc+zKHbmFMwd$JW{AbEd6|dB!oP%wB2#w7PtUhEfP%{ya8D9un_={;afVN0hauH
z5m@5+8nD#QPk^P3{z+l>N#U<nZF;@J?4P1@3$XN)M#Z-(?Ch%&_93P71hDjzeTqMz
zF!vrrhy75-$T?u2DSHLlNchRXGIrSCB;96UiHH47^tUMe#}vO;@qNHSlNS4u#L2!P
zcntc0;2RX42`qIrOY!p+UaWA3!dn&Y0+x8bp!lyS{8zwI#+McU4~jphcsDw>=vM(t
z{--Eht8hl?e+XFm*g9Ye`!F%R0k}<yCziB!0!vvQ1(yE#Eu~K^<M%~ibWtn*mlXd!
zU~~hE=eMFo{|GRJ`5~s4`S}rm#Pb@kjF(?f0YZHd8NW>+m<EqhKg)nA)L#adfn)s7
zz){E(hv3L_o?;y2UxS+rNB#nw#OX!Gq)*<UFds%1o^!F_g$i??5`K%qe+Vq`e*yTt
zCf)A<Q<xuOskiR~^A!1h#UBBd{2x_3?FohY#MEKAIN!+{;Fn4Vr!0}Wt%HwYc%&NR
zsfUyHng>iFPb~cHBq8L9u`Oq%tJlV$ERnR>_m~!s6owTMomvpo;gOP0=X2nx!y|<{
z#Iip53t%bBSAnH(bNwtl`@j^q0NiikD2#_#%E%w9z`R&I*D%)uQ{M+1GnjpV-wh_u
zd4c(2JRbp;w%!9QdE?%%^gXtbtUupYm}?To!8j`!A%uS7n{XtbR6McdVWHxQd9yJ9
z_Xmn6mNGu9cw%YCKLVa)!g4N<x$mEqKJmRq=fkKd6v4`82e6cD2P@F<#4_GL56o{I
z2jKKRHnH^Ep8`vq$AKkpzf}Bb#s5a}TuX>P*9;WaA@Nl>GF|SEQ^*rbe~2iaxC-Z~
z&%N|H20sKWdHVxkxd!Y8mb(2DU<%_Wo`fUgIiz@E$>$G%CC;OY|Ec1SEB=>?Kdt!R
zDE>S!(`UNO*kpqz14~=fFvAe)5#NL(^*O&#$P<f=TBdkn;a3B@jefi0*DHP_Fq+1S
ze>1R@m-ilo|ES`(089Lz1eW->0n0V%9|2RCPZ6;vY!`;%k&;h`*Q?awkwP6}MjL?p
z5S*mD7<iiDcj74X?;inE7?xP(f<Gq-$(L>;c*e^kg*wDCM>8!7dE#5)m>;fPrR^BM
z)FJm4B+p+1mOOtQm~~74H{oPH>I0U1(jE$b3Ru=}w0k$h&vbdMDrM&nu_fJQ0MbUB
z2PNHh#jmF_gk>R?d~OEjDe|2FGS)b6Qpk%)oBl2crokhHI>b^I?lVaJd=gm7^)Rrs
z*OS0vXPyQ2!?BF7!qpngr}>!;#?N0rNEvx8FJ<J<zl7(tE$f;3*BQ(>Cj!sFk$4_3
zg*wC%mTwH;De_H<=e00}Jh9YIhvF>-{FC~*l6jVMIm^H!#mWzkG6uPKD|YEFDnO_s
zB5D0+#e>_1R(|Bjv}mVg-n<D|@)H7<{=@l=<zU^$;VAj?Nqy?^NTCjK5RPHlKGGIZ
zU{)`6IM2g`S~>|FDf!}O9E_hw3U!EC1|HuFN68oVCh!c)BZWG|y1c^kNRj$y+ziVj
zMbedhzv)>zZ@NC5V^|(34C{lFu}^y={cRyI+lJ|ItV#XQE=j#D2c|F{Vi|**NkYhr
zNd6~*U>@X19hP1CVGvl-r5&RD{}~VM1@j|ErnL?3Ww-#`?I^g^3GelfGyHw55D4{&
zrA~eyn5V3G6u%Rg>5%910;2ygl_BJbr4GNOcuN8Qqz*X`GA<q|3`-n_W1im+CwX25
zEP1{Mm_mJG$-~EinH>48aFU1508_||NFF{1f_dPPLLFk6Fa8=>;yeH>Y4rkAs81~X
zA(9aC#KN;3m=5{FaMDkH04(tz1(x#u6EKDPB9iC3K`<^JDbyjBu${m%em?<Bp$@Uk
zHJ=5Rbaw$uUwvHhPXJ5)zX&Y(?^gUXir=evUcXS7F0rKB156<=BIWuh2&TcK<ZTPE
z<l&R%Ji~5N{7%I`r1*yw&oW9pk176AWt2QW2YpJuJO{xu&pcA7Lo8{{Bncr;Ox*w+
z=YkT0c|U?e9TBOM1t1uPM+$X_CH^~sd7k_S;iO-+0?RsK4Y1T_JFt}NW5ASr>0S$-
z@$yK?r_%+VIy_3>dkVM=E&#`RlYG7aEVjKDnDJ8Q$8Z$JPb~UB1(rM?SNzX_Dby!+
z!!e#yaFqsMz>$(K&(vWU9x3^B;^3*nBZWG|k~iI6#AD!?hu?vt<cpK#Wt==x^69WY
zP=`kfb%=}L7(d&Mk}oXh7>4Ch=HFX@Df#rj37-0Lqz>DNa~RV)21g-J%(Vr1t{YPZ
z-vK<;VD24Js87rz^|t{t9r_;tX8)xBQ@|`6b#?<w86O9xP@h=J@|5C<MgLEMIj$Jb
z-zgnp_HXhZK!W(Q;=BXkFAYB$nPCv7brrCT9WTHVqqCMIggV612Q~mp*o}(67g*Bb
z{;=qOQt{gqzf<uKDgI%_?@~PXnJLT<vBb~k>L}!irGB1NJh6<^zf`;x5dXyHJOIox
z@JL~t#L^a@0j_}y!1cm$3=s2vw;PW71*jYuYvWi^5c0$_H*v30^nJimmMMx4Dt@No
zxwk3$yvHH&Boxojs#2IPvDiIcr%=d?NZFqT!MJ#=g$uy_1Ww`~1pa{G--~z{72}x>
zAo+;^i+)V;w<vy=;?uxv4#v}9Fw<=Wz5z#KUZ37-@YBE)>J#%woqfO(&whiMkLQ4;
z>@NXR7=~EFa?e)6zG5)La{pGsz5z^O7-9)~+UV2&D}x#K9I%8fBmtogv4rKGA=E5?
z2{7|ORX$@n8OH!zj0A*Xh$SrVbyDaj78|tzSmN9WENh#O0^`rpzYl<G%>dkP;PD23
zMPc64l)3B(u$1Ku#lNj^Au=!emB0}bX9if>aV4<CLt7!~a=ZtP{x=o>GVqgz-%zN^
z1uXsTUSMRyD%Tdpe^T+=6u%Rg!g?c?czB<PLY`Ro-M|w6ql)LfB;ofc{wZJz;~}O_
z0PbmEu|K@uM4^s|jKO<BFbt0r>JZD^^vA%`zI%Yhp8N?gh5E$rfn&P8a2bQSA0qmE
z4oBjt0AP8U?s$?A#zV}kG9K=S$Th_br9(W~=x|P?Ff6gu;a$KyMZQ(>cLOs`^2-$e
zf4d(g`Q$uHVf-Re&pSXcZ63XFEaNUX>63ebr9X3RAnTky;2Ytn|BrAK#!oEe{UtDy
zCVyJ-=YXZWZ!7*^fhp7{mUyg43{Nb4u__m_l$XD1r!XE7DKFQ@Oq)jvb%@2TJ_5|(
z<R6859FArD&$RPW_Ie~FWqCia@beYl%*;TTA7Uxv3dLIr_$Ot2A28$M5vIcm%krh*
zSeD<1leF#!4jTT?aFjmq4d90jUx&1q9P@Ccd6xKjk4eh-Az<MbD}K4+S1SJZ6yKrv
zO~4f9hgj-lyW%Yc{F6FiA7<J-QW%z4u1BsX2_Y{cVOe(!%Oiz4#4^`>gd~JKvE=6g
zU>PsFfSFzZu3O<}74A{^u)@a`J_|e+j`8pwAB)U%3jrjp3ScQ0?G^J*9j>)RXF9Ot
zhwBi*?0ePFW&HO5Qy7+5+VSJSJVk!1;vXOhAx~U{Bjb4xn5W2dzewumk4Qqui%6Z{
z4TAaRkwP8f7#!o=4M!nQJQ0rkSK(xC?E#j$`hmhf1LnGv`m{4LAMv_I>>k&gQV;*t
z_FVF_;}Z3AKl07`;Zepc*W@?Av0Q%+$Kb4=eQ;7Ie*-LS{W7rh2d-)5I?mazq}{Jp
z`5_jb^+sV@#KQBQ0);%Wv^(E0LLo0A?ap>#xp<`H)42mYb$Db{)M<tz$FeVk^BLTU
z<0OM=%SHbQV9Dnfff<(Zbi)b%46yKf70*5<{IiPxrs6qQN<6G{3gagh{w0zS^2EY_
z4_NH>fWa)+VK~{(;ob;^VMU}4Lm-$x9x2oz7MpMjNl3o1w}EF^9;L44088F7z*6=`
zV2P9UPstbO1n>;QBPE}XZc|ySw?bF)un2e>TmWu69EI@^v#!YRgp>ODJTN6+T36D?
zxYlHzd89BNVzK$0D=FlOZ-iqW4#CM-`w6h@Z~Pos%5n-=>hn!tY3sKPW;}1hiT&Xx
zNGME;Si(*MmN+LXei|_IPJP;W(T^zJc})scOP|-LVz+Mt#-GK{0VoG%-n2c0*AnS_
z@75c}&VQiZK8adnoAF3t+Yz(A>AK;{41N|z_F?k08`9r?2rPZ(9bjoY0_g)>Co>(!
z&+8!J$0*)u!$qIhL88yKgz!GaPXVSdeq!k}am8B-_$PhlO2*@r=rkfu=7~oN^FT~{
z7l3;J?k0o(6h~%>I(y-yTvuw_rOs)qDU3%%%0*7<i0A01D}-ZyIB!$(g{2K-SRN_)
zbjE?F4v*AhoLmP{^68VKzMSKcZZaIhPKT3zH3wMA*bGdeF7fqnjHd&RLY`Rc#z#m(
z$cspw(Ene8XKuc4U1!^J*UZhGo3h7tL7P@}w9V{T+qr5}TgS|$A6>C@)ru8MSKPDd
z-c?IiZ(6m=HFJo<m7ZU>ap}gkO>OHg6})3Z+sdU#__9j*BU!U*{n8KTKec&PXSN9W
zPp@6Kal@w0rJLG5x^&~FwfDAlI!nna*tluK@2y(Vxfb=Xa(TznjT_dk?{q}xP-|Pc
zazwRtZ5thdO--&}g-kH+rR|qd$bWj}DwDU7!mqohW8H?8OIK~lA3l3J|GCZWZJSoD
zT)KJHicP3c*7xT7*00E~yRPlStCnuOXZi4itp3!#YQ=}G%Kq@G`xsOHNbJJoKfPkZ
z#{2Ttu=Gmyx;*V<POsg(^xn3PwdivzN2rW7(r+%Uvc7Gdv&WbubOia!kki<__G27k
z8`dGQ%jqJ=S=B2^Iv4SkXrn%?O#FLvt)ad7@|n)YykVsB4eMX|V;rhBQb!)5l|Q2F
zI72sR>s-2a{pz*r*LL3L&{UoEp5^ST8#b+6waKAm8e6*jCC)O2kuq!rheH0~%-o1U
zc`|>nkxlmIwQJTdZExG$K4Pr4M*gVpUA1ZL>iaGoh0@6%i7~y|mKd>SS8cHj^p$CC
z!5g~rCuX9d!ia@NZ@7fXSYg?%ksB#Hkz6`~oX#b4IZ`)~y2wscOE;|V7@^0A;yued
z)~?{>cFE+-#5b~@w3JErQayRNYW}1*ZC={BVJW)Vh^ILvUrGgGd4AIfwnt6uBUPtS
zxo16l`>GKPZ!VtvIb}9zW%Hk<iMMQC=c+9jrYqYz+gvl3Z$_R;%rw?x(<-b|OavA`
z;@V4x8n!SSa?-Kt8gkBB(K(k~`89N|?1?S6*wTTVD=mF4SBs8imZjuaJUQ1``E;BM
zEL$hHy3*+nUs~loo2Rt)I>cU7>5$G9)$nt9q8u_kIoDD{Vi>lNvd*fB2_urDF}I4+
z!R@T)$-}VqlMcATv3Szw@~oWn>D-zox3Y4cSIZ0MscfIN7YX@K=N2`WQOvhgx?Gf3
zkhx)tr2KKpYHG*|>C&pX<&oAK)?f0p=TIHn;*A(ho+vJ{B(kDW-ER1LNGIf23=KOq
zWd6u^Hc#e;u7PwQwE)sIt<ma^wly+6=yPgiq-jnAjx|l*(|NL|7CX7+g$}F~@&q^L
z(YeUc5y+HoT_5IFOL<h(B4~uO`LpO){^+pIwU0h$@;-FoGlD{%qMLH%?Xgnk;p-h8
zzi2rZJNa}>Ot}@2R+3i8x6HY;UY>F}7dScsoEx^f(dV5@8+}gAq<QPioOdj0^2d-T
z+u5azR+k0N(iLqTa>1YPe4fbc)z794T={UvDLgY~6b(nKg0aeBnpGkJJIJkujd(-h
zrf}Xfc+KhvXYi8TJZG@RUAGEvLA*DAba=CLo<Ph3UQ<2NncC1uXCjG_&V;SlR%}?e
zZWZ^CwsfvqzqxHDu0S`KYQd@yJ8(G<_MSG%Ug1bbkNq~3tcJ(+*&(VP`w4zI|A^zf
z+!d1Zyd#(skM-*}?f>JP2gu|4Uk?A59R4RA{x3WHf8y|S7dj^%>rRsP^Db^qJg&dU
zd4N2w{SN=v9R9C6{NHf+`4ntUJg)zp^8k5Vf9>#p%i;gF!++4>f6?Lpj>G@A4*z!@
z{_i{dyc?PmkL#732gqan0xm~+thXv^|KH_2mi~_%em;Gk6OZffa~>d%{X}$@_PBoP
zIDf+7f8F8#M~DCC4*xG4em+5!6OZdm&I9Ce{mS8g%i;e&4*x$p{J(Md|Ha||H;4bC
z!_T`+Iq_Ie{Axd+B*=-!RpjvVSBg3DSZ^TG{%aiP`5Bd*cwD6pf4RfY58&p+V?BAS
z{qm$(mh)J@eAMT!cZBEDG&%8DPt<7tjgIqvhd<!(^A2uKJTBhF&56f#lfy4}*Rnbu
zmpn-!em=F56OXIf;UD5f|KXkIoS=Pj9w3i>_bE%GeH`bnark++J11zLoCnBb-3`o9
z9_#5G?H`x(So+sG{MR}B6C8d%?U@sgbyr^d{W%Yi$9gg(N1?uR9_##6ho5&>bK<do
z8JXog)-N&j`I~bdAdmH{wjAZLo+i-#nw-bdk30NHhyQ&J|7?f<Hitju@Ygx~4G#ZY
zhku^K|2q!<0*C(t4*wkv|D6v12Oa*q9R5WP|L;2dOC0{C4u6}&zrx{P<?yd@_}4o8
zA9ncHIs6+Oez`N6r9H0Aj`R08{2z7r?{oM+?(l!Y;s1Sy|9*#myTkt}hyOu`{|_Ag
zPdofw4*zEyem<F!6O12+pHHjg#N(RDpODzX=O6gIkqG_e;=z&rDu<u<wncbek0APW
z52ycjQO1$}7KdNAIL~i#oZo8vqj7`0+;wAt)ad=-D_no<dd#8!zl@*n0IP6)$@(pp
zs4#v$FD63&cf^Au{d~qqg#Hua!IAz`4*#zl{`1DqcNkURR|a|pWq6sveu;*taD92m
zjKcGLrbvW-K1)jBNUgvV_#beb=X(Gse9oZ4^{1{i#$Rjs|IGC<<L7%ZD)1EJryb$t
zx5SKt>Ge3yf6w7RYW$o@DzJV&={WxzhoA2+qh#~<4c7$YrzNVuuf}E!@&9kvt;Qd>
z&i}Qm+4vKd|68s##{XW+|7{n4e?ketRk#kiK5hJb_M*b|qD$VnN6S!w);?s;!)ulI
z6^H-tjh{13h3ju!|2D+`UDtJHif6r5xW4a78b3#71>P9fV*C>S6660T>-;M&{yv4$
z16P6dHGiW*c@C}u>+3HYKWCl_*WbCmZT#8#{;}&7<G)~?|9jU-<A>KO&#(SJ_TC4)
zj;dVy-n$JYumgs&!KzV1i5M|Js1YIt*_2R%M63`oVue6c3>avIh!J}<K*XpOtMq8a
z9t}`6YSpS0d$elAid8H2VAZNsbF@dR_PkcC*rQe7`?uzKlBYxZdfx9k-}ipkd!2P<
z_Vb%(?zv~pnzd$T|BcOO?fv7z-)#P(r2lDw-$kQje*ao{qRr1%Znl2C^_e!$XMASs
z+XrXbJl}1bUHE0;BAds9{_@h?{8hR6Yi)jEYOh}vZpkfwtIhM>mDz>g6z;KkzGE?4
z_vagO`Uh>EJI&d;U+1^fD2vnl?+TCR^nbDW+tc#j7iu*QD17E-cHs|&lWd;PPR}m<
zvB2-EQTVLz?81K(F0gs-3}+YqTzI+7XYKo!0>5EH`KhMa`nKM!HcyWBdArSL?O7~-
z#OC?j&uo3-oZnKTaOX8!_wzrt`F~9FhZp~3^Jws^<%3l!+4hepo^11chH!SFRDAA1
z^G6jI+WeVm`QwUL9kl*2#hVYBKeqTbo9A;_vvq&}ew$~TZ2v<xUz3(UzW8aIKRnGp
zp}587`P|g(!V`--Y@RFiY`*QI_XrmEFS+W*!u416_b**sNH3}?nO>>Y`yvC^BDryi
zKG@?gMqPRJwKq&AZ@jAa+QH;<{W3y&9anELU2^dSS6;B>27Lx;V99(LzmkRe*h*o+
z(i;~qxqQiuOAC{)8QD8hQ|~-Us+lC1_Cq^b&O0Ai-t;O}9p@VcUa|E0B{#lSb?tri
z;w35h>VAUWWJ=0cUrp$}_U0?+<*ldQhvLPq-fLf>x9S%!eYIZOp_05Ar8Rj!B{^Mt
z!_Dl8RXe^Zb^Vg-sd#>gCnn#@(YsKlnR@F<?qM%v^XjzKkmIGhD{okOqYl-zw_G)F
z?b37@?DIa86+hUSipK+&z00Yj-gJ$5Uu&|8o(OL-S(T^WSF*%GZzfsp;CGNhGQBes
z<|p4PdQ9%1H;5jy^x$`e^qOS9K7*ui!{V#-f}c9$W7e4RJ5(LQTSAXnJNG`&A(!*!
zkGesq!NG6p@Ft(FeDDIj4m@4nlheMhV=GL)RTJm!{TUtVYZ!93FywN}ecs=evBf@y
zZGhSvFt#wAAdC-st3?}1Lq?|uy$-Co8*l1MBW~I?3YQKny>W^DY2lUam!5m&rTPSc
zd4{)Gc!T4y*+To0#Y=mqTh(9rpL}!0R`$0RCi5I0ojwj;oZfJGY${Y@@~st9O}(FD
z39Ep=iSpQNZj-iu*=J+;G~&UV_fK@BPl)6eO}$N$TM*tGIe7c-X8l47&tJTFVe+|X
z$!oJl^$K`PPQ8cXOQzlsG53St1+nDRTOSA4f%i+M4r=~Qj>l-T@jNw_)7u(h6KO=J
zH#BldudTmzp{t!f4}DJx>GR3Xe1_MVYp65VR%g~KhWpauy=1b_IXfqx`?7rUS(|b4
zu{`$(MdLZ}2Qm%U=Hdr4u7^LAaRY31ZVb%5wEHv%78Z(QJX+n%llh|Ew{ZLAoa$`(
zRA=K<XX8|7-D`R&emJA#^MQ<$kJUN(d?d>!pO5;Q+U~l*y8odhpO0mneAZ^1e60S-
z$F`N~WBJFlAs=p6sn_J~*#O(Rjj*+6Q{dEwmTw7pVZo1Ys;3?IRL^*<jZ;0X{*O7<
zrb)+oJ<e87<5W-MRL@Ulnp97ojHongDt<a)`kr9X@;nzSZpiX&upNsE{FyA@9=HQG
zeP`f>u&vt_^xd#+cM)vc?Sajw7q)f#VB2ng&@2m@fuI=-n&m+=6g0!IwaEx<byyMd
zD?@%2Y;{`=->(OiHJW^1Mq%?=3!DE~$ghKKU)ICsN$~u}klz&Y;~~Epwl>@X+jh6Y
z=D#iIx5L&acLd%ETVI+8Ec}0`uUg&e@wemK0JGC7jhZ~)6u3EX3vBz+8n_L%eW?U)
zhd-eQl@3is8eXMSlk>vBU9cUyZrIv(5o~SV6Y{+w-xu=zA-^o-2VnCb4Eg0jKNRxA
zAwLrGD?)x{$ghH}omayf^q{gvlk+HS?Y|Z_{aDbf3mTftHP|_C4Ejxh$6@o|44eO!
zpxGKU+k$30Z0)=Qw)Wo{@)IGyE97^F{2tiad2h(?3;O*be<0-fvXgJO3N|0U1LpY}
z*!GL>fO*@NL!R$|d7gK}TwfpZ4Y2Jm??|~nukO0OIq3N=qI<T&b}r(zL?0KG!0oV&
zi;lqB-9qtmJlb{Bu6Na%FB;bbu7&NIRSrA{j@KjOdh&EGl?F|&X$;&1+wpCNKd%Rs
z7ERvft+3q#w87R^m5^@_`3~4TJ41e9$alfEkKOP+dQe%U$+-u%ed!G>oNR|G_zPsR
z?{E43rgpP+SytS{V^-Wht!vv&ZEpOSb>scvmotx~H~*v`%kt?MSw0=32eN!RM&@6q
zl<!wPY;|jZP16|iO|bQobd1(3p^}b~aXLoEZCY0RN|F>Rf!hOjz_zVU*v`)j1E*tT
z`E-mvtA#3yH2L+S2i~j)m0nHm(+699`U5WuJP`DQu=y_!`61YRh69fTUIE*>E8&0E
zgUTvR#V;i+tPZ>ej(uZ1)9~oWq6!`-WBuyEjB6CUztzH)FT-EUG;?6vE*T%Q$#Yhw
zsV2WR<K($1<K$`kn>>w^r;V37)*a9E^{{QL0gnC0xGChD;hB0+Y0-30JH&o&^-1+K
zPW80<|39jyU5`>djT@<hajK`)E!ETZE7jAuHDBl0&em3`osCodjkW6JwvxuSn>5Br
zvyR8C9P}K=@@d_zu8?QUfAbLeL+Sq|)2BK-e28_o{cq-}pi1&IuF-taxHfR=W0p^S
z%$W5L+OO}E$;u)7vyG{=t=XA2ZOe{n+LmcpTC}!elf@mG{xNyeq<#58&}_^&t!tdt
zwZ5A2<C!L{`=g9g-D00PHp}zqZ{DVL<8xRW7irzGOrQ44#zNY!!?S#9L-S1I^e0)q
zUctv*1037o$C-vlKewbhtPS~zz&5Uv#yIVxajK_nm$eRRXWN&gkNaiyN&98{7>`%l
zFVm#`vVE_||KHe(-DAY(=D*1DO$y#;n&F8o-xBhzux+;uw)U*R);{g9-G_9*w!fW$
z7Y6QvtsT1IujoN#ktV;->47cZ8@MlUKfFN?D$6vvegL-m48m5Q<?t`{pfaS%kM%J8
zb3LexX!86D*w$SM&(wp;Dow6g9hha_o>hUXgQf;vs|S@@O~qXa)B9S*Uu8Upylpof
zQ{#H__hp)fz+?{UOV-cRc4J>MPTMt~GV6}vko{&+(fUu?uAO`9wal*tX}i|18p&I~
zYJ#m_HN&>8mcXrn+X7c$Ym;_(lO9w$G&y&|b`QJ|{)!${x->a=!|TafUo!5|yx-II
z!j|s~+#h%uJgx_o0Zq<>@R!MEzX|U5Hba{Cdz)d{`rZg^ZMXuq^V`b6t6)36s{^kI
zJQ|p0a{U-=$8lX?cF*%00&fgV6MKIi4|(C_v8xJP9W*tt-P_j&F2j5DpfX2O@z)8{
zZ%KHa>&e^xHo#W@#=uR1n*$3E?&mayN~)Xn!&EopR5!afOLepDrn(u|X??E`UI$%U
z<25dhqqy%6vR3xK^g;KTzs>T=-}LoL`F&~H_pfD|wC|>m`_9sX#<guL?XPj#-#D&q
zTWNpIKke_K>SLNzAJfERk?OEFt7l@{Ruy$KPW7?lnCfH4CAGihQ+<q6ee89E)IP@b
zc-q)W^|9x(sXq34LTaB4)Wlw=HEz+oUkh4c^JxqD3T!^@u#L@*z@4!5jfH``V5@(3
zVBust{4d)i_8Gh9DF>g_Cgz{oWERf$+Vxn*sZBnZacUE*e`*usW-Ts0l4(+#oRo2D
z6E>)l+GJ+N6$Rhl)FxJk)F#F#54s0iOUA~X-H)Z?9><+=+D99MX&<K<clGk}I;4Fx
z4cjR0<1s4-jfFpExoU-?ajJtcON)<Yn*Sx6e--)znLc?IGftkikEuV~ekIR8XPU(S
zRpY{rZ|Vca_1b{n8^rcWeZbl(^#MCxsSm_s_g_^v+xJvA<Nr_UwuctB`=tjnPW{Tx
zU8!GLKGn_g^^#84uTr~N`^0v`xp)MRSviQ;Wx3Q(;&a2QtfSOu@j-g~ibB%Qvd)CY
ze2x^CXJnsmq+h|*{doArdQgE&c6^^IMsu<veE<#Kuxm~sFAZaT9xM%g8FtNc$xE|9
zu>wm&-C@^UNM4#Q#fxESs3Yu}S>!L%g9==do^q+CvMM%1yL?CBiNL=M%q7S53|;2~
zfuCmlOht|znq7*g!Y|Q-3S7E3Vfw9gG<!6g_E#FsCU(tvnn%MfoNvsj;Q6rhv>RNq
ze$s1s+6peM)q_gECVbwac!Tk46>oy&L%YH5!!q=LQhYru4SgAQ4PI#OR(vNc4SgIg
z*|=jFnvW>5+i2)NaOs13P+=JwUZPwNOH*%Lvg^hD<V~~5G!2TdAM4GQr|n_Se}lZ%
z-LCi$EdM5B-xrplDX2f}Fio=}?3xbphh_iU^a;i<P&^s#)`JRM8cUeopLP9wrO>bm
z*!P{|T2{w=nd0Y-w<vxk@KcN%6i+Z7S7bj~mwKjtB7Uj(V)B3rTvDAWYy<r=#XeXX
z>I1umWoU*Km&4Lj8@q;OXjUt(G!6X?b`8tWtW#VI%cs`ZH7rB(pyH=YLmz`nGxeZC
zUnyUnFmcH~Z_q&g@a+E;oNAgXMcDh^8K$9)&w=H`zQEqE(wLGDn$&L6urI0I=$I<$
z7)jG3PHkx1t9d-xFSztkJ*cGPr44bM)47h7RL;~?R$iy6^nX*zmcN?3amh5-E8>g(
zM#bZd2NhEvQ2uOji{&ed%)9?3#%S3dd5-5>VO=}kr^sz9O#A=d_-OTiE(7FYKJN~9
zD)L^HGr#%hd_mww^Wivf9z^qOEoUC4zNZ`Wepfn1i<D4-{Tpy;yeQ8xP2=TbD6;3;
zzTH=9zATM)tpNMEE}he~t#<j}j7H4<-eP>G;_a~3<ygZ$9^Yko+8*}4#QONqR`(j;
zulP||KJ;7IeZFY<If}6Rus%NDQ+x>4x^>2-j|)^-hKBb4p)tQd{4?W66@LS3-Fjo+
z?q4n6pa}bR@xt@@iu_(S>vF8%(metdzWqnO$=LIJi;sM>^04Rmb_;oqDeU>w{zs}G
z>EL}(%gW9(GG4Fv(ZIVj)?LH@i*^2e;6DeZQ@G|N^QX?wFy?>Rr~anxPWCtPUggg~
z^Kw0?z<!;rh{@C6V9)DPk+yZSqK10nC5l(V($n`~zecc(y7514uQLsO40g@1<>_Ov
z_uCcZweE)%>7(#_6z_tyE&3SjJ}g7S|5bmVY3OgTYd&q7uPSbW<x^)|S}#yx89v`r
zOnp+CdSlnH49#xE30Rs2W7n_@&7+F{!!-0UxMa_rS%!vlOzNxh;n=0V%86ekoqwd^
zH?)t|#J1>raETpKVHrLrDe~K_XgJnz$$VIbhVvHhzoTiD1}<&D#m;Hc@I9S$PLrlh
zd3f>~!Mdio7?!3Y4P5$+K!x?uT%&k}Y1);CUBfaoeCOx7z&FD3?2sPzx}ihALUGtM
zozlRrVHui_DBfk7h0?%Yf4)26ntM&tB@OI#V|_HAQ~Z=^x}|}=%~^)#8;TE@M#Dd`
zw>itu>{R5tNbFaSG_cp1WoZ7S_;b_rN&|bHe-$*3n5It}*z3&t`0)R9syLr$Tm90&
zzAcuaIa%>o(=3w)_H8{OXy%$`KpNP$#rpX0KX+P8Gbj!0+hQ4-%N5Tv&2njA-`0ge
z!*{2s^N=*KZ;SQu=~L`6&9F4Ek0X|$8C2x|{opeq4eZB)WoYhDe7$Kn$H4BxGBoc}
zywfx*rGedtWoRByyxW-XZQW!1aYfGQuK66S`mB-<?Crz)XtpWxJuft?rGZQL3shK!
zW<qg?Y1SwYdp~3un!Sp<O*1MD>~&@tn!hSOYMQmuz`pM+LvyswpR+VkpD}4*_hA{D
zrzjq8nsw5^e!N(QW}f2Qz$e4<TrWNB?SKybe8sa&!|4ciPnMzK`)UgUUkuB0qx7(Q
zqC<a;;uWUZBn|AIEJJgP;&p*<gylIdJ?x(7(7#3THq&gD2KHmYGBkH9zSA^Yq=CH+
zS%&5#iuamkt2D6Jjb&)QsQB@~_rt2&HtAun+qmVoD-W0M5vXjj{0?K!KSW;sI}{%_
z%}#0H(tWI%EkjdPrSq3*CX|O=^KQ+TOS&&ROy|MC{hW&|f1Q@W{Gartfj?)=y5oVr
z7WmtNw+C*rZOv0W&G-viKHs=Q@qFXW$}>+LE>^rK<e4Ymt(fj-t`HdeJx{OZ%gU=6
zvgbATq9_zzr-^m%R(!qjn-y<|rLQ*jwqhCjt*XzRrm0bcT{C9+T1D9Jg%~re`z=K-
z=kOO4KMQMHWn=eY8JdT+tp`jqM-g@nUT7v1=^yyi8GAou8JcA}p1(9ry&~-A@P8+7
znm@tvX;6eq8}&f3{(uk9Y0xw(4Z9EDJ$4`NtI=?rVb}0^LNsS6o@$zAX<*mzc|!L|
z&(Y-5A`R^QzhdjQDi3>pfvvkx@%g4{lLq#7V;TOJD|VTtA`R@CbZ?{Wwkr>pJ|R$H
z|5<mHj>|t7zfCdS&q&`PO}d}qfUB?!{reQ(1xwSZJnZ+GEJO22#WB+?lm>PU%g~%P
zL+8rC>ApptUDCsTElBq*(*IDohtW&ZEe-7FF_z)^YsH_LW|1_opAT7vhI^BA-y)wL
zY0`a*-IuZq4d1<<p^0rV=3w_>8JZ_5&NfY-G_co)WoWoJnQNMUX<+wB_bt-U4)aX2
zOd8mIScXrBV#PEA(!kz6EJM?+xX?6%(!lP+GBkaPJ*HVM4ea${8Ja=GWu_UD26i8o
zp&3yeGR?3wu=}tK&1%J!rWuh2b|03ZS*N(xG%KWm-G^mpHYsi}%}Qxt_hA{Dt%{pX
zvq~D+&l@a5GoiRG@D5nVceV7eU%$|ye?;-urdcBm>>8G#nXT&&-*d-jR2taFKJSgY
z=15qYwbH;|H`Yhfpjc;`F==4m7R%7gSA3>v)=2~VwoVV4vrNOVg?(GBkIyBF&o|8m
zX<*l|3=Q`q>AuA{-M6Uz8>LV8Ev%@L?pvhcf6MZJXW7S1%EMlNmf`s>#W$E{TpHNx
z|Hh!X(=?l<fxT|5kI$ImsA;xH1N*jEhUP)VPnc$_G_Y^$GeN^W4Rzio4eZ-ueSH3h
z;?}_5gQedtJ?wq;CqeTI)9jE2_P&Z2o_|$*)HFM#f!&8?XpXMZy{;y<H6ab`J}g7?
z6vg9Bvr8J-eOQL(RK=5E`RtYkb|03ZX;W-5%^qoBKew<9O{ZeJY4%D3yAR9IEK=+;
z%|2;huMf-6^egt7X1_GB`>+hna>W7D9FPWfAC{q6p*U<BuII4(unf)Jiu|uo_Pt6P
z*!PQNXg;FI{{%%-Ee-5GEJMTZD}2f{HPXP|PgsWLA;m8Seh`*tt@N<>Pju+{?S=1|
zrYsHYo-9N2h~m!z{~DI(9O+^AM2CKcuH%0)O`SBbd$J78@rtto9}Ua1UV7L)(V^!z
z9-d;F25DeF7A!-<?>?Mr8t#c;Z$p-$S)lkl(=<r~d)-)u=5od72fhSW-I}F`y>95x
z-=TPg@%4&JjBixr{@yjOhvmb)80<c*kB0l76{g|74EE=|@3K6vhr@nv_CCvVzXp4L
zEqQr<Tye}a?b5)d`_!3LScYbY;-^g0Ar0&rJ*_H~YqHmBSk3u6fz$nxX|`y6*YN+6
zoxdM=uC3ds_%!3MYI!rv3#BS>>2nFQ*JI`1quDl1Xw;<=`|IKJ$xE|P@%g5yHg*lm
zygunQTlr{}0_>Wr(I{W52>bJ$e#@5?Vb9+|UM9STou12x|55yQ^75Hu?Cr@i^jo#R
zJV!!PrwF?yy&kK4y>f7AtsYeVSrhAWK2OhO#9tMEiM;d;#_q#1^xL(q^gL7=+8lPx
z&(SE~qzL<X`3-rk%XyD;C>o9lT>88oRQ{?74d)`xYiL@OgZ=z=G<j*BqIkS%TBU(Y
z9}%c9=Fu>|7`OOvoM9j1^Gq{e@hsC+q=DUs{*4dMIXX?#E)DEHmzjp=AH43$wmPJN
zec$^`GpLxJn@H0s4eUO*nC2~tx53iTzhL)SVVb)Y-)WjIX<+YfYb@WbJUlsmEx$<l
zwIRQby!P>a#r3A?kp}i-$}%)RRQ#N2dZmF~Q_+0+sI1Nl0$&vPNVrE2DzNwY*<#kE
zZRy`=s*Fo?OqC{0<Qapo_hDX}VBHH9=_@d=H_#{0tJ;aZo`;jaN)IY<X;Z@VtBd8w
zW$&Hp6jmrRSXE$e!?Kt>b%Q<sWXn@G*z+fnH_xY=hWfx>pY$4qP7b&097*>r8*dN%
zXX6HG3bem8)r$SbJl8yCMwY)^@eJbyiZ2TJ^t!9oeUEbdCKf($y5~3Uo0;YLjj3CW
z->LX5<JsEz^g5OF@a~Y`7nnxEAI%YgPctrPU*2dus+jIoq~9R^YS3&8yfg6b!21Hv
zlP}xl+WQh?+LqsFA`dSP{K~-mZj)=$b=LH+3;EORSUg)X^*w30ZeL*e7brg8xJP;B
z@w`-VVaUG%UaSWd*vG<BG5S8O`x;mp?Ox*2mjx<s(1hk4inkh5_jK)$o_+{>AG-^U
z^7K8}KP&QH^78q(;y)R)-}l1OYf<)@nfnAPyp%wmz7Llk(1Qx6Z+vE{ACAM)Fpgm#
z3lEZ)W>Eg$gr%udguR|WvV6TF>|^s6<h3r>hhM{5x53!`84qZ7D1S68O{1~<@cUqB
zxIUa{%-A^@mY(wp?Dq-Hrg@bjzm<iiSsK`1^QoAIYs5vSX^{qY%}Y$fwicU)^AqeE
z{@*kHT&LjDR|G1<<W*<R<>|dPX)4O6_u5Ru@6MsY{}Zq@?b5*Rlg``9cPO9E+xG}m
zzJgxs?o|8^EKR5Ku)m)6Q`78I{EcZAN&~y*kEW^7`DCUhe7dB8UGq5d+SYRvn@rO!
z4P5%HK!w+c&~zzw7?%}aZoF-#?xSG&b1j4Y_0RX3hSyF;jX$V(pYco$q>sQ_w@2&3
zrOg7BubPJQ;rERHp!f?|`d(>Z-<RK-rbeERo0--5IK}k3hwA@kEuUlgVa1c+#o6bc
zU_b7sk(Yi#@f>(@c0UNarh~jRdlWB+7wg_Z^?_aU8p{tT4|_fTfxOoJM@7!#aKGaF
zjrS|w4=>i()Vi=AiwDR{f2a0^-_C?NZ#Nl#KyjXNhvGS~e3nZFdmYX<%@##|D-a*f
z`4=0%S@AMh>kesM*!L?vzm|Txa($*5mIijs4dkVnP`m|}&xkazYlcj-NAcaJSs@MV
z`}<F(*{}Fn<1Z+F&X|2YM*GjUxE4PN*0xs42QG0#t#Y#ER~eVSl+xMrMCn&+_Ic<n
z&$SBAXDeQ4JfwIrEd3hkVLwlD?^N#1JmJ!K#+N9RXJ?-cc}d`R8RJt2FVTYv?B~V?
zG3)aAjx%9tw7ZGj{~Xi2Sn)j5aIJw$oZwYns0p7%idP!np_s0B^5hznu6K4{m#%lp
zYxfJV`@CLE9m<Mu>1%pWN%u?2&oTBkJYVzWW3zj|ml_W#jv0Sik?R~9-u7L@`AU4V
zVmc=qzcS>xKX=U;wr-Dd&oSm)da*J4dj))r9#mkzrl)<EKhFagV`ykwxHL--Dnpvs
z7SG$>2}?uU!hWxtp5IBcPPzA)hW3R0IDU}4H0&c2{Gj3&VR_Qdu#XFtq1mCh4VH#B
zhh4)mG`kfiU}@$U`|}Q#q2V6juco1Y!QOvLw5QgsCnxq}m)?`ox_oBu@us0a!hU@}
z(ejPT!=69Q@=eOap2v&&@LcUI(=<y1`{z8*3z`L{X^{r@v39X(ZcyYJkLQ45w{&GS
z)D?<V<i&N0X&;S`4f*7+e7ADc2|avi;56=(zfie0{OLF<u=k~QG3zdr<|0@c`V#DY
zpvyEbQ|y7Ip)bL%=_4<n>lK;c*DKx(OHaRoy??R{4dd?)SQ`2g?ENH-O=<2?ZnbGN
zo7goh!)LwXm}%%su=gdFq2a3pTVQRAz65(;Vi_9R{D-EgSA_lb@Ch**?hStf%ZGji
zyXJSMsg>q{X&Mz_*UZo|e4e1l>kjzP-(c@c=^j#f`dGS$v~zol>06YCz0apUDNkNM
zc%ErmrGdTg9j^IupB_|TUw47He0+AFM!Uc~|7G9G*Xlt9_BKCR?D~1IH1rwRHEi28
z6<C^TMc6fIyN?gs6;E#WItf+Mc0ZJH+OFx-cBPrzu4&SCO;gcoWoah2YZ}%mtCN(7
zOs~{~%9AvaKSHtI_-Tr1yUKGcn9%TiO}8<H@)NS(`8^u$*MrK5nw*b=r8z}0`G^k_
zGf$r5D7!+LL8J0iP30$M`#lR*p8CS2t$I*lETNgJnCg53*=)Y7#M8w`YAP$wx^U^6
zdQhp=gogb}+vOsulD4aZPd;r|`DwQ+4ckqxQRtx}euk#<GCinp{G7XCX?hjYwc9w=
zLA*$Lo&J)ZZNVi5qDpFKX`UxOLld4HN4WH`9#q;i;oqhBBI9~R=E+~Js3tCyU!@0?
zdQIi0WY6O`1~B`3I4liyfJ@u-pmLNZ*C(GFQ#$iegEeY4`G_Zdq?y*o^smFSK0DvO
z9ll8qD(f^ke?9Q-z<kZgHR<|g>z*6(FAcmjF!v>FcctR;z_$l}Yhd;b{i%x2G=8m?
zSBx3E+^3-#Ql5FZQ!(`c%U@;rS18gC(2PjWJWRL0&Y1j=@g0h{8*|OP8`l2Pwr~kh
z8P$Xjn$N=0&`)63e1Uv@ruiN$4Pyv)%}(<5ndbMfH1t#0HUB}rKGV$B_Rw(tfL$|(
zylI+E!#IOob4JiyWZbKGmGO}D%;R&X;_;d<pOCdJW3N1*2bC60&Mywk>CE$VS=Qxx
zI~e#F<5w%D@hi>q#m}`oJRjD!Xll6heLbjjXu`8c@#V&h59Y})SG*HeWohG$fxi^^
ztARN^xt`(Ye6H~(#mkK!P)ysEKfIVcJE8*ny-jKdX|^c$8ck@}7ufGZ-auZOcPQR!
z%=YPj=;=$aUqjbep8f-uX6r%agPPFOXJEgMr*SR+?aHk;P1)EzUq=2!eYQyP7ULns
z6~>=bTow4ef$t0a(ZCJHs};{Q9#uRm@O<Mj#S7q@^`HX#_2LC$>h^KPON^=Ki;b^P
z>^4?cN#9|?hjym@OFQ(SqSI^g8B)C6c%>rilvP>wBb^(Klg9Y1L33B&)DEUmNIrv#
zX@8X%5~uw&PWvk!QNBY{nU0_W`~F@mrasgy?XNUd#;!^GE6r-<uQvUt;tjC$)yAbC
z2voQ>l=aZ8_{_j1<3`1!VJfcz`)g2X>}%aqm3xvVG}H%njfUK$KjXH1Qg%!h2JSWH
zm^|LNPq7YutsYchzn|CcB_EFe8L%{L7cPzKLFIXxd|Rn)rD5OU(vS3@(xC|r{bdm>
z4PyuP`_CiE)A3c{(y<A%?+~eRc58O0rn2$R1E=$Y@;^{6_2JhEjCt-vxl~hGdFl_B
zKBfnimuhlP`Z1bnMcB_F*O+EPF`Y}Lq5iPH?w!W0>cDs%)`U;3v7cwsSeE8q<?l8P
z=K;8MxE@qkMtwe|_z_q>bBw)BScYb!A`|?8;wD)7I^)t$1S*>~k*_!Q^U^oSYu#Tc
zJ_JkCVC?55s#RXD2Nk&V<Am9D=j7~O;4G!e#zz^SNo3+gLDb~$yGfez91GZAi(qWv
zbGG7<@ay%U0+%MBtdyIw`?4c6TRtWG9B~>uoXAzu*tsX;)X$Y?TX4zp_2RPf)rzp^
z({)h!8s%Vb!%vIL8i4%Ylph9ubur8Ho@)ABs5EaBud@8zis`j<<!5N!heN(|Mz${b
z!!+Svqj-%m+v0Uq-|kI;Ul;iHz;6wFSK#*qeqZ1PwlCKz_cG(F6w_ExefVq|^VH!L
zioM3<uX9$s-k8s?>C~U}bQ=xz#6!w+ILkwNP=WniIxNQjEsAe49+5tcm!a&~!9E^W
znP#Ol?}eq|IKr;EkGwn?A0IG&m-HWjhqB`fdp}R(NcmdjU?11xVtnZKj4}9IieH0=
zG#R@O%h0URwjMUk97WhQyDZN*h5h`nhrHH3TYcpBrm0tiOaG<^m303v4X-Vv*R_VS
zF`Hi3Vn<b;s%7qzUPCa?GszES&spFS17C&hp?{w0oL;{g%3h0ry*<-Csx&WBj>+{e
zgQahl4_ulMs4NbeYm5gKuY-rO`&QWfZ!!&IhY5c^gYXtu`c`?ueq30F=3d1O#_v|#
z3`^f8J?!VzZ=2>ris`*4t^04{pIQD0?fY+Gty|H$u%GMxXd1>Q??s_$mj?FFbsR@t
zo@kz8%=_dg!qRt05BquMG|P7?4}1Q(mS3nm?D++j?@}K2^HQ(nyOoFiy}5q!R-ZxB
zERqKH&&CV|&7G#{kp_03cLmK_)AULMyJlU`e9km|(!j2HAZWg6nto|u|BTspf@Z=r
z%cOzbXLrz~&ln74_m8k2i$4WTLC3?}f%7c<T^-N#{+iYult1k4oZeqko^uym`lUeS
z1Y5UBF}?3LR4C{#v5)Ih(I`2rJY4#@K;;bb+Aia(6&}j&KVe_DV)+%)!(N~CKArR{
zm52S>eKC4@zEts2SQ^fYuzRu$%{_`&m}a#!uxq$vmQO1bc>Umjag~_ovz~ua;1dHs
zGw`zlKR0lbdCpVRW|C*UmY;8Yks@P*Z8a*-Jp3ZXi$k7y@-I<j48S~}z8t<)4=S*q
zPp%fDX_bcS7MdzW*fmQ{bDLs%ZX!Lem8R>L^juS5Z!3-~o^Mlplko$JT(`&<weI_1
zty`lA`@PKvO+(w>Z<<;~xU@?TDqqrs51NNy`EY%KOTW^C$_`EB=NNlGnXr7FBJ6oi
z@pwL>xChp{^~SzmEc5L?YMKT`*fob2GtF^|-$&D|bATF@V+MC9o)$P=Yb<|G$lqi9
z3B?Z^e@gMo#@|-_y79w`|7y(nIDMB^o{xz6za?z<D8(a;YZXs7Zdc?p0chZKJ`^t(
z4_F@V*FN~Z+!XkAfo~7Y`^v6=d*Jl`ul#9~_lJDytI97^j^|yhOJBRecu@J&_mqE)
zaswgHJbG@SZ!sQ{{x+Bg6@uSKjfm0TsrXjoJEUJ}yjC&YFKH#Ev-_oE1uFMw^8HGE
zRT}y~?BnGVrdgqtKMzYoKZjkj*)%&9zizxr`qZDLuT?Jf=lcXIKh=Z}{T%k|JGVR3
zXN}hVt!e1<u-`BJ(KPhEzZo})XK7+x-Wz!wEPuuY?C-zOkI}R#ru!vn>ZO5Q^EA_(
zugEsgzf<vru=EYm!+vjeg=x6oxxqAz(!eFVH%qU<n$PP^kLL>0bH0TA-i&2zcdg>P
zOrzQCdt~<tRNilzPbo5?->i5)ta`Rc1N$-hl4%}RWJ147@q4iJt<uA;|EXynQDj12
zHACkISo${UVb}l7G_}$&p>I)~3*V;eoAj`s8&4)LO`9TP6<(&8KC5$EcCQ8d>k^ls
zQNBYyu;;HOuXSIm$k>M8srVN7w(PZ2*zbQ>hKA4V+za29eVz{X`wf<%c|bAU+epKh
ze$2g%G!IMj4fN7<O9T7+Tr9(9m*P(Nw(Ru}*flIevrlmkd|RQ=BOln`$7C6rDqX`5
zn5I`6*nL=rrmV>QC_a7Cz^-8#ng+%6T`Fn%rAgnVS}#y(G|d7<?p^R%raW94N1=OB
z)ATAXG7aZ2*flI;TQ@7-V46W`VE_Cf%h24Zc!z10O9T67X;_BlUd6jjGb9b{pOax3
zn)?+$Zkl0fV81_P8JdR_`AjPNH6jh{WB;o`^RQ`FNCW$8RzI=)O66hC|I+fSl!yIV
zyqCPT`*@wx9yQHsX<*m<&GKuMhdp1db*Sg4^04QRvHV))Vb4F2ytXx0u@2U{W75E-
z`vfXaGflJN$);JSJnWihndWT8GflHz8rU@z({w1#H_ZlVVAot^ning+&@>yRfnD<w
z%WqO1_IuqP^4gbs6?;uHE)DGK-lX~R>FQ%T_t2*BZ1KH;kLJ9jJn!$P^S|-QmS^3I
z19t^Z&vVT`J-0P}WzZ}Oe6np<)z04Mm7eF#70WMBJkOZVY%ovVIu$Pr`HSJ(^`HX#
zIrcI!`W~(OGFTclM`G73HqFh7ON{%ZzYdnZS`qd(WW15DQH1^VI>rY1T1D9NE6J-4
zT-xq3rr*9R<e5kFfa3d&t5t{3!tyLD!lgZWQ2CN3^c*8zGeI*)5ib2&4=Ot~k*_oM
zKEKQI^@_0PSq)F_XZONdx53!=on>gahySx_8WmyJunZ0F?>*J{6h-bc$lsut?t8`a
z#oSx4ttNTE?!z+l1B&T0JkrolVAuRi^W}LuM#}9DobH7zpYDH*{}MDa@wfbmmglw1
zlZ^jOk$E(yDN;X}L!eM759>h%_It}#F`9jf&ow?*@p;C7QhW)lb*qg1`hKNp3aZ!Z
zjM)UQ0pbb2#h5<zZsRe<QCNa%W517L8S8QmS#O#eW7n_@&4Y?xG)=9sUr$+vhI__u
zn1((Hd;fXZ@{|4W9wk(MsENAK4`J8SF6B4sLFE!n<!9-hLH+}<<=IcqH)@&lX@OH;
zvUSf1`Sd$=mQVMh#*a5o?t!0Z+p1E8{W#W>m!3YW-A>H=GS3d2j+Zn`l)KvU^k3##
zm*+8k#_h_F7_U-H<6Zm6@q+zawAM78(yxQ1;dsG*KG|S-juGsi+x&{<%ZjjnZu6Vu
zRUgh3-!l!z2re;DRDQ0BZE=iX-&Pt&%GWCg`?mfnM&F<a`?lyGzAdgRXd1N~_H9uQ
zG?ysWo2E$`*vECN=F2VF*k2yFg5L7!_!_6<Yy6U+xiau80xu2BKH&L0#is}EFy?x4
zkuk?HU2CN8Qtm~T=XhOayht&<Uxr5cE6CrW2Nl@+Sg)AvE|O-z_*TXAnu+vP#@^;>
zyem(ifjxhp7@rR-rZF!5jQI1G@0I@+SnJZ4VDE3+Ow%vT4%5)DVDAIJw0v0+_G6v;
zhPK5R`IBkrSFj)J^m>T4OTU8M^LR1!saGC$&!><#&vd^b4aWy|Pqv5VMnzt?!lzLh
z*!#~>nlEdx9;<kmG5d8mOarUHrM(HWbM+b7Yv(s8RW>f*FQ)(U8AO=#2HSScVBj|d
z9u9mwo+H_|U~m7Y*tT9R?TM!0xWle_rfKM(rx-7nKAo53S*;xG``(F0d5$&g*OxBx
zs{gALFEhSM@nx{|v=8h)EJJ^rwsnnZ%8IaS@JbrRTVVOn2Vno+=xyZXvr<uulZO5P
zyM|?GMip1XT3B!F&qqedOS4{a43>tz0sD73S%zj@aU(2Eqp^QCoMmXXDQ<zKX)^ZL
z*ja{VLU9KyO|!9UScYb=;%-<Pb<4!AVHq0w&wkUiD#E^BM`{`CwkZeux~#*x^tUu#
z#8u)3^3qqNhkd`$p>I=6uQN;2E)DF@*Pde<#u+;For>vROZpD!Vb^yA&Bd@Z^eNb{
z<Cj@}q4KcjIj`Y=jbe{!=!3BLAC{pRQM}GH-O|9WN&WLoJ*QUg?OIkgPW3V7JnQ-N
z9K`bJIf!w34q|+&`S4tWV^)5%9#mi-cN`BqyQMh~mWHtjyCz*1q~W~&0yJXwFWt{b
zU#%SM`?45~@{CQ`&xcDbU#kfFXF^_0UY_q%e2wv~im!v^Q#N*gmZ9%c9dueunmLNF
zYwor@V-WV&3GXGZbw957L0JCv#{POE%g~G~ZiJ;_48s1Kv|qD)qay5m>09Kr?spV_
z2y0!&9qgJ3^3wc5kqQ2j;v=y1&Bi4XDl9`&tNpFkgoa}Xmrg>FEko1Dawg+?)3-_k
zmuO6tlP%BjhyD5WJj+*<hrOStYmht{H)%|%4vah4+dPdgX>L$%fhOw7Sc6?Nrunie
zLmL;+i03G#YpC&2A%AROjsg0U6`yX*xq^A}v|GA%h>ui$9{IQEK?N=;N4ZQBdHOl*
z*ADtOKD6_o@vVxfA1V*O$?|Vge24Km#Wk=z84Iv~rYQ9#t@}mg?l%qN0`})7EMvP5
zDLx3xhcN=XhGl4WDsG3R;ZVZ<{Doy`IFC-i(#%nW{W$Kne4Qff`Ms8}SA;#k-}1CQ
z?D@mVzf}(^aA{w{?7s1=?7Fi`sj~5V1K$_;qk%si`166k9QbR2pJ2RN@u~0%J*dEb
z|M@gAbr@A-9Kx3<(pO;mW2^Cc#Raf@=o@h9k9tt))P%lEkqI79>^9!0_;O>8=PP0P
z&>vv;N%s<3cbjrIqcKi>OuSjSA<J_vxf7O8jj{Wre*Rot_gKy(W}lu8(>Yb((xVBp
z&&Ic9_xPOK%f@M4aYebbuDC;dvT5KmU@D>lyXVp3G8Zcq*z+$Im!Fs2gAEzqp_n|C
zzg?W_FXlOfcDqnssRtF<`%*=W&x;f<f~DcOz@-CvP<fdq^0YJTWBe7Cr`=#5kE#9T
zNqufHO|7wywZq9XxK-fNpA%;PSE7=g13#!#*?5=nKE>Yzexk;qYtnhx^iL1@^c>&v
z={de}I>#EHRLFdq6rW-IWO-<D@?W5sj;RvdD>2V@I~6Z9CVw&fPCcl=eto}8jGlX|
z)SlAN&Z#}QV5%(Egyv?&CB{5Qxek_|_J{pEKWus0ANF(X3i6fkd*I^tD0dfm`EV>?
z_hA`&zR&bNSQ`2)?3zzlevTsS*XYlZuVnYX<FMAPQ-oc!g?uHuK0gdgQ?Cg7`|Lj?
zU&&tY`ib#w#h)4fPVrG#>oyqsdGfE8Z&ZXm&vgsWqZQLNUF&ju(>47*feOpeR20*F
zvNX-g!@ln~X})}J=#$2~EI-*Nm4{QGG)?N0#;H#lr#@+%`lNB{lg4Q*i>Xf<%i_sC
zDW2?;;>kWKp6rvBPkoXDuJV{ZDa~Y`l%`6W$Mi{QZdN|^N%3T#lz!Sisr<BkQtN(L
zK6h%OJtzC5^wai9X(s!mG}HD;<tO{(2V|_0`lQyS-;HZ3OEcLgO~W$kK)<6OqNz7N
zs8346F-?6^yjz_5q<FGVYTar3r1Fi@Kc-J=-N`;F&9r?|n#n#XO}<aQPQK;&*}W*I
zY3KA>wB<QZdp_OcSw4Nf$oRydN&QXv$^IrTXt}DAd@fLIH)aemkN*o4pC9tflfP7P
zp)vP+m%*#_paT23@d`0|?orb@P#XFn>>94`XkM>)y)k3!Mp*i4McBve9hRpb!v20o
z>U;88ubhT@TDR8NUkAIJyfmYVOfdQ}SlcQa`)f@sL-Rew4W^+_!tVJ+^3rTpWODsO
zusrFXuzT*Xe7z#<=d=ki`UXYV^S>Z3|GkR8hNYqJ!QLh;LvxbaZJ%lAd$4P`7MK4~
z4=Ql!h=hsD@0w!IpRZI|4>u@spHY5yrg=@^w*_7cOaFPrj|Tp9VCs#A_CDK~Hm(Ft
z{Y~4dQV#a-F!rKRzFHA3aS>3tP7|KDDZatDLy>v%8x`LNYhC&b?E5Gzlow>4v*6Wa
z?E9gIW&W&Fmf>-VkAtP5Zg6Q<ra6qfZWg)}kAXP>s+_6GIo(TGKHcjYqhsBE#W}{8
zC_c%U<H&@jqL|u2Ogk_YX(Scu>0BGQ92kGs&@Y|q12@3zh)SC#*Hi+x2d1rE(;0YS
zVC-De4RZofS*FSJ1AzwvFAqEvcsTG#;1w_psIpd*`;P@)7nuI%nhk+B2Hq5S9Db1=
zRCZ|cb$14y2)rxs?!bEj?+v^Urtws2)V<uF^Q<$kQ8;sMb*>A{In?vqLpbvqNAZQ3
zKi478w+HSB%xizHSs1u0aChKE@Wq+`K*$dUULJTT@NnRfz$*f;gt-u@jD`HV!0Q8V
z2)r@yroiKYH^X#fD@C4=sZ?t!a&c3s)l_^*!Zc=!bZV7)O+`+YDvg?omnTfu-6A(%
zDy^D|ixQ^sT;yb+(xIt%MZ$D#E%N4}3f9FQNUs}eDqaO;?;94c&Ul$Zk&CLzpr&GP
z!om=|B;yhInv7S%ugG{c+?Vkvd~L>KFeg`)^_q%Ys8u#<D)uKVjKf^CRkmm<a<Nd^
zrm46zVKzpnpvr`%;;W$SeyhlZU1hJP;!O$D>m)@^1{99Pt23;IZ_YT4h1X=9`ae6Z
zQjg}f88^bWWZVpMW2Mpxb5c>M!2ghO2mJbs7s6ajRJ!4zgz0tL;;k9?k-shDW$^78
z55mJ455aHDcm%#9<CXB6GF}aHa8yR&H)lKsza``K@LMz92(QR^9OfddvIV{~<8AQU
zGu{EO%y<HRN5;EhZj@B^!gpo7A6}JlVTRc58LDBsPpE};J*CWn=|n2^aJa7d*s0Mn
zA3Jkk8#@hfw;oiQHTl?SgKg||z&3WeU>iF<u#FwMqmLcBf{z^zL$OB>Dl~zQoi*^)
zWV3q_A3GZ~?_*~iwz0Dnwz0DVwz0Dd?$d)x>ccj64rt!TPBramV<(-rsjNypc^f-T
zu#KHo*v3veCojwN3(4EqN#|G_JALGB?4<Lpjh!L#Hg?ka)5gwf@-}wX!Zesl>SH!`
z(z(&bPU=@ScDAEmp6MrG8#{Yo8#}50*x0F}KMZC1)MswZxQ_g788^Z<cKB?okDUr^
zW2Y0gvC|FP*y)9B>@0(A>@0_E?2N!Rc2>bFvh9w-Hg?v*Hg-0`Hg-0{bR3m!u#KIa
zu#KJFu#Fu)Q#v_zW{Pd>@Oe=mJA4<$#}1zv^|8|o+t_J?)ut4_tK!@hxChquDE)y4
z0}lsY8F)?LvA`Pwj|bigYohE3yesftxGK{e2+U_JJzox7AGj%SYvA_43j_1JbMDy}
zcp&glU_NK>`qhEg23{X{Q{XLu`JFrWnSc+=_IFQUexJ_sRa)*`8@MiTBRnhfX$f2j
z+!?q#aBtvcftLp!3CwSf`?f{{uM4~}@aDkV;KQ?e?hL#;@V>wW?UU<k0?&b~GoOaQ
z&4JqjcLeSV+!MGz@L=HKz$*i<2|N~fL*VhiTLbS1ybC@e+n2q84+O4Oo4JPnPwQMC
zxG8XJ;P$`^11}2P7kD7>P~a7TR|j4jczxhafwu(S9(W?~p1}J9SLrwxkIdSqHgH|w
z#=tFsD}g%$cL(kbye#nYz$1ZI1s)B&F7U>{n*(nPyfg6b!21I8!&koVHG$^@ZV22Q
zxGiu;;I6<uf%^jw1|AN)GVq$fV}UmW9uK@V@Q%Q{0`CocAaJ#gzqbSbOU=1Ha8uyc
z!0mw-23{1nFYrL%p};EwuMWI6@cO`;0&fYtJ@7=}J#Z=O=lcU!Dd+jxz;%He1GfaO
z1nvyn9k@5}vcSs&j|5&7cr@_3z#9W^4!kY!&cM3^?+eTeQoipsf#(En2;3aFEpSKR
zuE0Hk`vVUK9uB-R@S4D5fj0ym54<(-j=;MD?+tt)aP?7B?ZEHfdz;h;ZVKEQxIOT~
zz>5O+1s(`I6nI78)q&RrULSZ<;4Oi-2c8JLC-DBjRYy<lZ*AbZz>R@h0#^ce2JQ~r
z8+cjZ<$*^6uL?XGcpa=`M%fs6bKq@(cLv@acwb;%Aa>81z;gmO1a1!87PupDSKyw&
z{ecGq4+mZucunB3z#9UO2i_WZN8nw7_Xa)?xVl#Dpguw2ca)v$12+Y34cs1hVc<o9
z`vMQZItG-Xz$*f;hE+ex+Q91rZ-O;ZwglcDcp~tg!21JN9W&)q8@MiTW8jv+mB5{W
zy94(IUKV(H;E}+q0*?k>7kFdf&4ITC-Whmz;C+D$v#0jGCh(lV4S|~jw*~G9+!eSd
zaDU*zz{7!823`|*EbxZF<AJvZ-Vu0L;Jtwl1g<`IsvY=!V((Y=ftv!i25t|$Fz}+l
zeSrr84+UNkcy-{lf!7D#6nIPE?SUr(?+Ls=a8-F~e`^ER1#S%761Wn$GjMm{-oVQO
zFAqEtcvaxh!0Q5U47@q;w!k|B?}pXyDf<HRhN0(cVD$;goWKo%n*+B6?g-o!xF>Lb
z;K9Jdu#N|1W#Bb|#{zE%JRW#!;2nW?1>PI@K;Y`*r|Q6O7<+x{12+Y34cs1hVc<o9
z`vMOH9tyl7@an*81FsLf3D&WsYze$Q@I>G}f%gZldi<16ZQ#1Vje%PNR|0ni?hf1=
zcv;}(fky(b3OpKkUEqy@HwWGpcqgo5OxYcHUtr!CE2=FhHG$^@ZV22QxGiu8EMH1j
z;GV$!fd>N*2VMzlqO1u#7I;J8@xWUH?+Cmr@Lu={ng4;n)yjFE->7!358M>EHE?_2
zh42$I|3!iO0uKZp3cLb-Qnv2uz-t4q54<Vx7Pu~3cYEN8z<UDk4_u}C7N4B0TN}78
zaAV+>z?HzAfx83u23{6;dEgQFDOnv>1s)B&F7U>{n*(oypPKpX47@w=zQBBd!}T?R
z=fL%uPeb75z-@s$0(S-O3EUreFz|5Tm4Vj;9t*r7@Oa>@@CjL+cLd%QcyHhXfveSb
zeBE;3`oK+rTLZTTUI@?4>aZwqU*LhjLxEQWULAOC;Prtw1>O>Pd*F${djjtdT&2EW
zJTa?tZQ#1Vje%PNR|0ni?hf1=cv;}(fky(b3OpKkUEqy@HwWGpcqiPD?bq(W`vMm<
z=3G+~cuwGkz|Dc%0(S)N3fvR8Kk#7S;lL~5r)70s6L>7}hQQ;2w+7x3cvs-P@JX5f
zfxy)|XL!CGxIS=G;MTzHffoi|6u1w5dbZtxz(avoz>S$^b>Ovu*9YDdcuU~zfhPj*
z3A{gWRsGa<YXjE>ZVcQKxB@?;kV<FZ?!dk9$w^XJ7I=B!k-)10j|N^Bcq9DGLModB
zZwtH=Zc38E?!fy37j(XKO-<lA@G0544S|~jw*~HiPtEjQfqMe?2ObPO9C&5mHG#(h
zZwNddcx&Jtfp-Po8~8xrYMrya{`@w)bA8~Zz^#GX11}7`C~#lkfxtt7R|H-icx~YI
zfj0%-5_o&yiNJdT?+;w1bHDFzZQ#1Vje%PNR|0ni?hf1wpO*EFWr3Fm9tpfE@Mz$5
zfj0);9C%ycoq=};-WRx_>x0*=Ch(lV4S|~jw*~G9+!eS7ZqD|-Kk#7S;lL{cuL(RB
zcthavz*__F2)rxs-oOU}SL>SN_2hT!o$CWP1#S)89(ZBkMS=SQ4+I_xydv=Gz-t4q
z54<VxmcZKsPXyi*cz@t3T@QVKYXjE>ZVcQKxDvQCaChL|z{>(J4?GfhRp8OU>jG~K
zygBf;z&iu)4!kcgUkLPluL(RSa6{ncz-@s$0(S-O3EUreFz|5Tm4Vj;9t*r7@Oa>@
zfp-Mn1)rXc!M%YG1g_S7himwaeCPVWO@Uhjw+CJrcv0ZKzypDY0<Q?XI`G=S>jQ5J
zye07Vz!QP@1l}LGO7}0mzqNtu0yhS330w)>3D3*gxjS%g;AMfA2ObH$D)4CFb%8eq
z-W+&a;GKbY2i_OBp!+hfb4}nmfg1uh2X2F(mF;gw;I6<uf%^jw1|AN)GVq$fV}UmW
z9uK@V@Q%Q{0`CocAaJ$rC4FDYf$QOxY#*Bfw+3zxyfE;hz<q%S0uKdV5qNdrwSm_M
z-V}IC;O&7Y0`CdDKX8@qk$oR)1J?y^4BP@gJ8P3l;LgC^fqMflgU`s;T^@KO@T$P0
zf!77z7<hBwZGm?N-W_;fV7}Pt^{ELwCvZdH=D=-%I|6qF?g`u<crfsA;FW>b1Re{#
zA@F$Mt$}w0-UXkTwfWw_2Le~?xr=M~4Rz=Gz)gW$1GfiW7<f_OzQ6;4hXSt%ygKmO
z!0Q8V3cMxo_P`T?_XOS_xJvit#n!BSY6I5=ZVcQKxDvQCaChL|z{>(J4?GfhRp8OU
z>jG~KygBf;z&qjRWc#%{@V>x&puc!lrl|=$CvZdH=D=-%I|6qF?g`u<crfsA;FW>b
z1Re{#A@F$Mt$}w0-W7On-~)lHb${gTkbW1_+N7TRbF=no3fvmFJ@CT7i{Q3w-M+vB
zfrkRG2)sJ*+Q94Kvop_4fwu(S4nHr`Oa$H&cz@t3-Lts9HgH|w#=tFsEATnlwmJiM
z2kwO{nPyqw<$*^6uL?XGcwOL)fj0-<7I<gi-GTQ7=Ep_6ZZ(1D1a1i29JnoTN8ql&
zJ%RfJ4+b6%yfW|__}r}B#sY5$JRW#!;2nW?1>PI@K;UZK<M_7tO+M%Pz)gW$1GfiW
z7<f_OzQ6;4hXSt%ygKmO!0Q8V3cMxoc6ff)ZWDp`1l}LGO7}9ZuMJ!mxG```;7Z`m
zz}<m+11}4_Jn%^1Re?tXuM4~}@aDkV;PbM5-x+v!;C*m=rs2nKoNEHlfzQu04S|~j
zw*~G9+!eSdaDU*zz{7!823`|*3|^4cXG7rez*__F2)qlvAX|5D-~)lHb$?Xs$Ta+}
zm~(yLrogT6g_*uR@WQ~00`~<T2s{*cMc~ze*9Kl6coTe4R);NcXU5y%7i2sEU!3tC
z_=OqohZkmCrF$R$u5>MYNtUmJFU`0S?#lQ-`&chwQPV72K|`)kHYQXV>ut!y6`Nl-
zo_(kNbgj(#=xQ`^DvW*{F82^lGM8NP6-|`g<JtQ7&D6a6T_uiwG#_>J;@*pth<^LV
zv)@0%?=V|N{f0C}Kjy17d2zqjDG~ivemVP10sIcPW%zwSQ}i3r{2WbQ+;3Eg=r<-m
z+6KQPY#DxE)fD|kH9y_)7*{^}?Uf&GieJf=;Wwcv`fadf3aNPgex$kR*Yv>D@i@ws
z;rBO9(Ql*X)$JyW`~69o=+`R0G3BV=<7^pz{N7LW+pF9zO<vq@u0+vqLVkSL5Wiz2
zW*L4L=luAdWv3=D?suVb(Qkzsp6}q{cdW$j$8W{5x{r@~Y5LsEbj&Wx`7Qf;_Wfx5
zjx!zgduz^bM1HjxSn>MZk@Fk-M)tj4{2ni@*Kb|UZ?*i~154)*<@|QYkNV)JkC{yR
zeKY6B_Zz3H--9{7U7>z{uE0NipH<P@Z=L)`HSfji_sg7L`J3vy%2B^3OYHkw(lJ+R
z(yvns+yhVNS<=B3k}CVQPVKMWR-N>Fdd`pUM%JY@vIqB@oAcuzE_O*m{Z0sem*)KX
zWiZ|NxH#w6B|je@CkDTPoFCt_WSo2P`Yp}*9grVmo%%gZ5go^4b<S@>3*1ACC;6_N
z-};B9+D|V@Px^f}=eJ8{Y{!dxe=6s<Nq!9yQ9r%ZIqCQPoZsF<`0>AM@UCd0Oawo@
zY&PllXwL6|R$@Ib&cDm~RegJEe@~GZ9s8BObFAq7nTv~iC_Tx?+BmF`RH+Sqr)l2(
zo-3W2VA7B8xmL4+756?P=T|2`t~0cso+eKE@&EOrU(F%>`2I8A6-|_u;HRe?lYab9
z*XUP1gx}3Mzs}&NTiHp!59R#${_b@B<=&iMulyS1!~W{FXwq+c&X4Z^PuG6m&iRdm
z`tkCMACDP=xWCPZ@cT>7Z#4KlH~5{J^J|sgbmy06NJkwinkXCP=jRt*N?;l7l)kU6
z=>4zj5cT7K)kMFVZBzY)mjc}HO@g?;i{wYY@`8?Xn*gpbqtYP14n>Z~xr!{KejgV^
zzkx&4@54F2{!qX3f?xWcxaNI-`9Ah^{pH&^zhU_`Xg%t8e(?Kau6}%{d%FJeNX~C8
z)Q_hrTAb=}g4U1wyHfMDTIK~Eg?<iKm{A#*U$Y|h<0*>!Ey($e+Ip-*aldnOetYFd
zyWq#u4fjjmYuCKD-&(ELsCh5$cV*7+fcyp}!tVu&?)OIN;{I;6_40m0IlqB_nX2Cl
zgWr8QKfW73-SK!|&TmM5e*Sw=@Egzh?XdOo_4|CzZ*{02Pp5o;f0*;zsrgzrGaa+v
z&H1gBpC8{Bn~vj?zSpnl$77GyTcdd|ems7g^V=>z?qxY1FOk^mcf5?^@fgwkbjSA?
z<yog<8yfr0)bV|3@OyU7Z@uO>+d2fVAHOjW{pz>tK6^%1zn2BSm*)KVUVY0ne*7Lm
z^y~lL)bqEO2ftf#eq-{hpT_UiIlt=f7YaSn(SBDdvMr9sXwHxC=yTk>`2M~(=hr8{
zl@j51m7@DSnDgU1{7r6VI%dC|^V=`KVde2#Y&z=q%bZ_>28Y*4izoSKIltvQrpDWn
z;K%=-)+Q$VAHNx}2qP=*Jxe;cV)+sIm9--Edxdf=qkhlG`3=jj)7BxlUqjAs%@4BY
zdH7vxI{Z3ve*9KIBSu!-@4TGf&=05j^DCwG`t|4h_RG&buylS!&Tqf`s1NnKKKQ*Y
z=XXGU)141Sa(-2Mg6-#nrNM7q&X3<W@H$C0$sfx3waCxw_p0Fc-JD<TA^f)G{3^lk
zrr>uV=T|<2-yd^+ox$(b!H@o{CY|hm{DwnW^Im-4pK8acVhg(E$MYVJ$7>YPvHvg3
z`86G)e$UVOtqS#fZSZ?d&X3=cnC^UaW6p0>ew@dt-|K?kyK;WLhwytx&aZ9fl;1xD
zzkkm8t(M<(=c^4lza8@P^VJ)I-;SK$mP54PcXEDxKc4D;w+6pI=luA+3qPikP4c5T
zzk%R)d+@8*`mw)k)BJSf?Mb$s3L8-wlAn*aH)`JdOC{$wp?OthvUpveoAX;QKfm92
zQ}DYY=eOI|b3^xgY0hs;*xxq?zngP@do&*lZ9!RXx|!K*;ZVBUq+|d7p6*T4Y*&|*
z$>RI*{+w=~=C7VqO&#C6m1mubE!(dB9Tzh`-mb_p#_tz$e%(iAufJ(gD!$!~Ilomu
znK~Ztkkb8rnDgtG-!a~3ro;HVIlp!C<2Tc&-(A7)(VX8<DZ78bgW~o3UCwV}V(R(Z
zKbnsHoum3t9dFwS`RUR>S={ef>EMbjY5CVe`kg!K_ip8Uf1jQ6+o+8U**XOGYtH#~
z{cP&>q4$`M`n@3M$8Tudijfuf>&W?4|9t9v^<HVce%I#w_&p5%XOI{7>&^MCl^?%J
z$Nv6P@VhhT$8SI!=O(7Z`^`DO>R;%8mS`a0_x|AbshnT)vHG9xy7%_t)*s9H?fM^u
z0>5Q~-#x+adpW<lC+L4MNaMx*{w3$P{?FO(!Qppb@cUKHulh;ZZ%F6;cIEs={x<b`
z;s=7?;p%Tx$NOKe{HDA9&XA6}Ry0wXwU(d%KBRe;(O*u?`SG1Oy=6C9e1D&k^Xrh`
zpj7PdhZWuL+??Nf`MqbF<I$G$8<!uyd4=CcgWt<@ew`;|ub+Dby?*=_5L~eZ`}AXz
zzP}$+&g*w`&aYQ~Y|o4Py(;Hdb40OlKqBh*2}SpNf6lLVZuWoi@_u*c{Hpbjh4`ID
z{5~1{zL4`<bE1CJP#P~@KYp7CuGoUXn&RYm`?PXizn|p%_zeDZ{pANaznw=<wclrg
z-=A`Rb@F?O)q&vk`$NuepZvVPd^Y$!UY(HL^Zv}|_NVikEnVE-{>M%E{d4epR?cs$
z{La*JFJ8Y>bAG$z*C7$d<MWE%ewXC@_#A($o0*Q;7v%h!YN!0ZU^+<(H|G4><o8Sr
zta$yd&-o3=uT2{2_a#NI-`jG2ee#>`esUz|w?6oNIry#1`K^{;lhuvj_4`oHZ%^?1
zO7Qz`&X4aA@chJ!`)$klH6Bx(d_U!@68rxCE$7$z^z8o)=l%Ya^V=prKfYfJekbdC
z7W-e{A^e^u9d)SKhUVy>r?}tOgWsh&zt!@4KO3;(`+ITDuSb4<|ME>~eScq{^J{%Z
zq3||0Gaa+9&H1g;ll=|K(_g-2IyFh*gE_w~^82;&Uc7$y<or60E2jUUg5S3#_WFGz
z=f~&9$KA|y%zicJH*oya`BX2BP5S+N&X3P=e+mODUccQrzh#dvruUtx-*=?-`W<!j
z!N-@+SfA}?ren5RI@YN$qtZ2}nEnp|e&5x+`=#II()=t$Dt+?1CByXS^*b%+H!eRv
z9^aSJ{VvPZZ<qWYKaJmua()9(m^wfIAo#s1=XXGUT(`V<{rYo$E95t%ePw@tB(c};
z?K!{wr%ZqScuUT&M*o1tufKZgFzNS^oL|kU+3Vf;`h6hh*C4+hiKyRCgJ1exGR^z(
z=$7Af?f0de-*BkkzXrb_NvBOr`Yn^+Y|VS|_WNGWZ;kwFB%*#lSM>J#W6p0_erLIv
z>6m>a=Qk$5e&zA|H`C#NwC<N<{l?|@*_m2k#p`#3ba2J;<+@^l-)qJ1m&$qlPRaQV
z&eQ+1VFOm&uQBJhM<3|$^VP4Ub-xR9ep{YZD16RMOow%Q&aeJy#R9)cO8tHl{I1LS
z4eR3j#%b!eB<Hu`lw$gwYW)5^_>JWJYIHDk>X<BE)!TD^!_CD4zXgupZ-d`QbAAoa
z)$700_<b<vSD9BV@Y~<`{Vw=Dl=B<WMgR6`{Jx&^Thvl4RLt-9!EaB_uSTC)e&Xcb
zX2*@$U*`PQoKc*7{pAnA?<l=^Lv?(-HOlWj)6|dOx}z;CnkZZ4$7fO4-#=>J`%7ca
zZ}T~N9eo<V6LWrj`lng^-Z*~$5&Y8c<Z0gP*Kuz486~As@#A|=&Trw_#q@sz@cXlr
zUcV)|`YoG3{rRsa=Qrn^sq^1og5T{qzhU`tKJ()BdwtHYS$_P!J@xyW#9qJm=lpul
zoBsTAcg}BhW$O4A<>`K3&H0VW?-H+^ZI{{coZlAtbtzB%W(L1s<^1-^?@1U~@%`PE
z^Q${|s{IZNen%g3aQ~}qFBEuv#*6zMAst+?1ugO$7gN8(gWnlBzcKku_x$MeoZr4s
zKRq>^Y`>S~{5Hw&MOyB~>vvhsuV%i^f7YM*pJwPd-@hj3SG!<(zZ-LYqxy#l?sru1
zdw0&S_X0gXnx=m5%=xukP%QBO253J$Rhq2dr*nR5bW=QC`+Yp;w?ZG_^ZSEig5P&?
ze(Mk6_fXDnZSdp&z<K-qA?LSQe&6teq3FkBZ_aO%{B~(M`>R{uNx#{;8PM$H`DNvW
z*>Q49_d7~DxMB-NpFeef!1ab@9N+Z2kBWZ2S|h*1Z5@L9wdc0GR=T=rbm!!@yH4Bn
z=Z*Z&M&It0IlpoFy=of2%X5Ca<u@oD?V?+XNxuQ}n`a&^&)4%t-P3qsyOI}1OsB4t
zN>8`$y?sU*-{0GF+wHkX_kVW%cxu@0dvbn#muH_BHv37xPv>;Y4x#&2PB$o>Zc8SM
z*YB4(-OwR)Gmg#n+jnu~5ZkTG=~f=X?~I&o^&$MyZ)B?0zTMG7=&sB8jU7TaY`SJ^
ziH}LATb;?mv1NLjbg}>LmQJ^9lLZas{pOd=6$<q))BD6;StVU}w{*05#f0PffN-1j
zgC>bs#yDD+^XquI-VX>HcE1nh{0_WG_p#E^pHB^bIvq^D=fb9!>mu_Rt?R}8h@skr
zmJjQFI$g_jdsnze%c!4b(`Uq0?a8uPFIw^0059%${gUgK-uT*6m!4LimD8Wya^|y|
zPj8<0tor)Xo10G$k7u0GQeS_@bIvej&yjC9zjHyc=uWiZ6_f4AcG7*lD$$ZQ+Ne6I
z0vDWj-dXjHi*H<d(@g_Qm-e4>@dfo$GdH~Al+#b0H}BNuQ=W7BDX%!a_slb%-O~Du
z`e&c2RBHBmS+T+Hfh9NGbk&s?-f+#*!iz6G|H^acU;4t%7k8b1W#@%m=U;Me=cQ*i
zA9?Ql3(r3NNQqCq>9yAnTy?eLz>Qh#a~fDOI8ZpX_o{)b3a4Iu(@lj_7cag3`Xx6g
zH<-3?>a}d)@06Jb?KQ_S9wFxAkzn3Ob!I%XaM<73!oiEVpP>=_aAxg0rST(jg6Vwg
zhtfS=I?g$NPuFCAJ|^*-ZcIK~`8XzNz%Vo>TPxq^KP26JO<sIIh_OZYXud}ib*2pt
z)#p34qI*a-$=CKSxoWD%tB3!0pa1VZPX`Ib`_2C?eg3q0I+cg=_xk*^o10Dj_s{b?
zX*Zob{5*g7|FQG@f9-iabcggEDf-0UJLhsvL-+U2rMzbNpE>7p&yC;TJLl?cr~lMB
zH`Yz76gcP31FW!|a#P<`&-(9k<bU56{Ac>;|1IapzU!}A{J+!ZPd~l+S@Y6a^6#G`
zTN^Z}!a1@jeTyj#wg2Bg%>MG;BToPN3E!GA_u=B)8Re7aA9vE#bFZ0qT4&X~t;<f)
z2LTG>g~EdB!ol-Zxp_Trnz8lj2X+=~j-A(eT=nT&PMH1W+N1Vr@8>=6mrF*Ak1n2Z
z$!KBz1CQ3stU11N#$7L&S(^92AMQW#uz3&s{?QX3f71LXoOJc9YvvtMH{+<iO_~aY
zxu3Z7sJ-c-Za(u?&mSD~tr<VAI_bQ}owWG4Yo7Jwta=aX7TYSCZr4@g^dH2v`osP0
z)Mm#qUY|*yUlrvv^WUqEzj0R0?3$S`n7M8K?Gq>7e!*>5&E2V%IPT1M9_72gV*VX^
zwpKG^-p=B@ndOttJN~4_CtmZcwig_I_EF<a_1TtZmGr*7621<fnLcP<{X_LxAa#PQ
zR=bObsF$i#b#~SGyxX@m+|@j{{({*vW>pGV#V&Z~k-m}39yvPYbl6^a&DAp&oLD$%
z-i!sO7k)On_t$&QK6+Aib!q-+W!~ue=C+~93STz+$hxYanR~=k<rkb#c#Ox~!>93h
z_^`V6;PJDn;88p2F}ck>533uEu0N~IYqs-&rcj5iKbu<pj?_w9e@360sXpZg^pNew
z(L8=$asEAX=8al!(7~^nkr^G-2`2me@sAwl-G25-SJz!L?}W*!^4%M+<pQ3d_>4FB
zF(+O9#B1g~)zh<rp6{D_o()eO<84QL^6U5f;2poZ^*>(q?=!wN^TK0ZT0H)dCuIGv
z`<R9EZ|^QHR3Dr%V?l3W?$*E5lpno%#{AL3yseMc%&0l8`Du4uFyrXCTmNwX-0Hbo
ze}Dhn8Fwry%>4=DcE#1F=tD7#Rn4ox<{$UK{Bljzcw7C%sn$dPGUKv)%MU-a?19ns
z-*_ln>!kS?(QQtk+sx|JcQ#s!XU;pW`<Ua;uX(}DvkyCk7kg#7K=0EQI*P5w_%>uU
z_edQp+vHzn9RJASvl`<1)d#Kr<Z0HQb<p}(SIsKh`en9Xb<p~HfBxXj@0l0ZUNif_
zD!l>rjN+`Bg}U>eQ%r-b>9Cg;FFR*e+av5#ZD&<;`*_XF?&9ToFOPkynW1lIoV@7d
zv#*|6ShTsapn3lJg-d1@+IlPJH_tz>@T9qIzkm9te{#y>?$AY2<Cd>-q{#D8=4TXi
zlm&Na{*=d6e{#z`JKnMT*8Q)V{pIF#-b-h({{ydws5&*8C>}KsQ}LGw*aga*EKJ^h
zqF3Xj5}EZqkB2ip&UiUD2No8p8hOmVy1_`Y*>sBx<3CrEzl@+3Pwe>)%~Qz3)D3-?
zrX!5?3SBB_y!dv}vt8m7G_fwX)aq4<{T7*Z;dF=<`RF3+k*97N;YokCB85Ec`S~PO
z$iwclfTRj}FJ8B&D#130v>%#!O}<~x5L3v*o~NE(H;xHUP3CGkUlV1zZ9PYM)*<?~
z&axcq^3p!_fb|OMq-K#=@93udD?`3N<X;!^%f)H9DBh-tr%Tl5jmG$oX!7>=x7?<y
zGwnX(f3o-f@ljQ0{`kzDNdo5P*CfOr13EJa<PIi~Oh6_yktAT4fN3E@2(7G4AQ37c
zL|m|IKPA|vSYs>LR^8Iw5VvgivvjN0?ryiXO`?Lf;iFKi*phD{wu-GNu<h1v`SE$b
z@0{o6WEj+TcVGSf@p)c(a^Cm3&w0*sexG~pnHey{Rxsl}02cpu0?$?Qmo)iLfbllj
z*5@l6673U9yD9>vZOU<C!1j~&Enx9&CNL?LZ^e)^K0^|9i20_1cJy|IOPi$LOK`=w
z44DMuT41aq?6{Q(d7pA_xiO?owzsPkUWQQOvTP*oDowr`SmLt2r2X6pOyWHu@l9_h
zd_-lsOTkiZ?Z7Qc{#}IP=l6h%l>8V%673%Y`@yvH2e9a$0~Y;&R?ftt{~=(>V>Lif
z*;zp$i1vvy5Yql?O-?NG+khqA^}t@GzX@2<>H(I%yc3v2`@~Za(*C~y^A_d*3Lx$L
z`@mwqUz6|G<owBZ(f>cdB-$bNAf)|6nw(hlUjgPV>K_4+{{AL~Aj*ZL9+^k_#E@j`
zyvKfdXZyPNv~_DYw|B<ZO^e}qX<_?ajT<(!cgEs(tZ_{na~r$!Yd2FTNxo&(EtD?Z
zh;8@w)b|?JZiuf-eTzm@-)ZP<zl6D)+Bd^b*R+dv`)z+Iy;NT8d&=RP)_$VB{;nl=
zZIo2(o5{J<V~ok7enZcnF4r=ri?y8TVm({aw%oq1<EEQ#yk&m7UFJ>kt@QU2FEkPr
zg>0iLRbk>{W9RJ~6V2e#|2<<)r?F8Mj8XQu3X`s{NV?|GG)h>Fja~qGTvsPu2a>MY
z1xD%OcQ5QFqm=w^#bbAO{XU1gQS#VBq<+m|ev~}+G^by4$Qvb(-R<;i4qv0>ai)TV
z%wsPz^!p`tCl(2<Yp=EK0hWW25bs~BE*cQ}P#>HCNSx?>sE_&fRpKA@o0G0rBwcd?
zCw&R*!xHc=`wEi`1`;2pmTq;;fcADJUH?te^*7WtCp#bN`#VYZ`_(lk93Sd`DCzzy
zN!KGu*QeAq2RffC;5wglpXYf<9OQf)LeZg{R?k$u6BjqFiI2I6%)D;&nq!sL^+)?V
zBC@~25)Bf<js{_cSK3&ot`fZ;7l`U$#MLn(JD0Rzj|_NOdq?|bF=~$r$_j@*KpGi^
zw4tu-Oe97@7+JOPF4rZ-3zm~xby=2|{AL;_2Kfy%TW1pgC(2ZQ<IC3J>QIqeD|fMJ
z>s*;o;9`4>O<iAgb6a2eW9uu-cIQ?)9D&@boAI{z%#lTKK+`EE=0A`H79UDATu!WX
z0A21W{GT8<BZ2Jl;ffn%`-!vYB->A=WBaLeY(JF__1q==uk5H{(6&QIK<}AfrE^h!
zRXGF@->r1){HkG>Zb`m)Tk<s-n4j0jF&cX@DVSr3U@q{9X~U;*6yXGgV+dLO{H=Ks
zai*%T>A;k;%!o5p8<?Zy%r|kS@{@irttAM#z$q{i<-ys7nEtZJ1hXj+bL_M80$dMF
zUn%F<!*P<BKHG6IRm=ir)fOmh`>8NTe#!#~S&zi5N*>D~o`KNzhpTFZGgZF`;JN^E
z=9f5AO>2x#IrB@L$wC5M2QGl}4uq{5UZdfy8vc}qxzJ<WyAcKy{tQApEy!mB<Jh*V
zfDH;n%rk!^=7Djm5wg69Z$@a>JMcQ-n3B`CW@6aEEgMVywki2Igv3(6ol4H6iKTw;
zr#ubi2R{yJI2YF<4=BusEfyc;#R!86^MP!t!mLxf?$mT`w=vu&%>*+p?Od-g9}4Rf
z=KMHM;h!MnHT9bi+U*dS4}~q1!#?v)oEgGD5X(z^zKs|<EC*sKpG}(1CzKA$gjjU8
zQI51&CZ8pS9kx4SN$anboMQ=bW)c2@dchL+o5YBF1wvw}i*IW>-&Z;l5fY2eGn&qi
zluiI4v845LC1+g_XA*#Z2^Jqt5yJ-yA+gl^e`q@Al};%_V$ty;|6=DdV%RCiePT(A
zWkem;X^?g>NR%Lis*UMVA+cIK5of9~oc9Vc5@QAJ3g%ctybj??4UgBbPhsZE9`~Tn
z_QkRmJ699u;2(%Mlgc2wtwQcqIFlU|#4(8aY%|1}R0Pch(`GBe28CB6Y*d(jewY|>
z*_MbUt&b{sE<$2St3%1zeuyQlf2AA_Y(jYsYxrFa^HqxIL^b?T4aYUSM#G<1_!|hH
zRQRU|zpLS=HT)wD^Wm52QvW3l+vN{AAF?gwC&#vH74C<en<R`|h0rcf;HAKJ87lk{
zr9-(rzCr#R;(koY+Y#PE%)$f_XO`H|KATE8>vSvS>`<U>V5UpoIo1##L-<97*>@jO
znByF;snd(_s|xes{_hn29>RZ6n0537G15g88)vc;fu06a&h|hoV~gFFq0G34l@7B*
zEMv=0DTfX>OMap7IfQR2%(!QW5s~eOSkmPge9EtYj9A7K&NH;hxIU%BA|jUYgy)2*
z!_Amtg}IRvR+w=k#IPSgTw+NV$JlLoG33NDhTzz+lP=F8GOh(3Vi`kPl@2$1m<D~|
z#>rNNx!KcAjJPabVi`lesdRQCB)Kn3gfQW9XC^SBx!kM>5X;5Q!3h)qyVbZvpWNub
zq;jyEkratdnh=||9c7bw7MpflWwV-cWiv*sY;t^)HTg;nuhTHwu;_eR!w+b9w}!v2
z;U_iRui+tL1OGrrz=GMv1fSCISq+av`HBwLgM!&-1ea<!s^NJWX1$C4%^Kzy<@O*!
z&}I#9(=gkC=sc|9ztiwz8h%Q{97iNB$1b-wk=8K{zop@KHS9&1iGHqz`8h6;^9-}#
z85*wDFu!L_boiMH!Ti1q!TfFj!FOwT2QlVZ(ib({t6_exvgrJ)hM&>!iyA(v;S(DE
zjfSxi<k&PdY=57s@~4>c^n`Ea8s>Rzk;gQ=M8hkIF}IS|X?UxKKds>hG|bPHN!+h%
z_(=`-Yj{Y*M>Nduj}|+pG<=qr0|{sx+KXVW%>@TET&m%yhUaOR-%~7c?e7Ft_Sb0g
z%^KdO;T{b?tYLn)u-JS|!%u1WISs$0;bR(pOT+JKnBQ$H_H#AN@5U54zrR)R3=P+6
z_(l!4YS{j+OH~dVH95aCRBZD5J_UbK!@U~br{RCq@H52Y6ZOdNsT9obgcO{(`~Lp}
zP{Gh(KMPZP23So4ymX=1Y~tP^ajkuYb&SvDDhB3~lJR+u@#d&&)qQOJRQ6`8IJF2#
zZ)x_>OdWg6fOY?F#I>4sfJXgmR=AczP%a*(%MsE)6pLf;4q)Bh&A4Wsg(SZlAkgz$
z3wxZOXph}n^80yU-5%#Nu>t7ddljyw5OfswST3~3suX+nyoYNkzb^uFZWa>Tk3v9P
zt8Scty%;d<ahV|Y27z_|_Tif4A|&>>4%F?H7bISG(jJ!=V((R8-QH1L>%@B`KEDyO
zE=iZt`z7wNtGu7yJJ3l^cLiiZl8;|Opy#6>`H*@;6La#x^`mZ&>%s;xru2B34!Lgc
zW;`4$ft=+6(~dnW$=;`NeFN?biGO_YtJ`}F_Sj}<kI$04$97SZWN!%9UxHjn>~US9
z+pC3<Q&6Hkwi~h6l4Or_w7g)ZO|iE)$zJ*8iSJXTy{j~P8<OmC?uyWmBC)qN$===A
zpJV%@y@_D)?=wmEUWC0nl`RHhZ(EYReXz&%8}0F#SnTaivKPY*d10yBdnn0XKQhUA
zp7sKoJ$oI7Yw4FW0K_MV9ehxwD}5{qy$?}A5pLV<?qvYAOtA0V0llawDIH#(Q1;~3
zKVCxbHR#cwTBUe)(r7!K44IV6Z<Fl3274zsKq|s*n@%O!TZF=;9?PW!EcWt%rSCH0
zkI;C}ixFH4WQZo`&=8&}jzPd@YH6prz#I#8d;5^UL@|PU0`XE}<L#ZBony7{_ql`U
ztn11HHogCuTKl99oS1?1TrLasr`L=v{G<Qb=l+5&SAPH>4?MaH+32@3ga1Q^P5z1;
z?lgKD(EE*X6^T=OW8!r9xK#*s(<{o|@M2UO&-VsS^QEm%d!X%}+R68nq#L`6U4`S*
zL*reABWdQi{jBC?muLGsm`eJ`Z)#3+wfy9K&u9EQJ{RsZTrCfsf9mgTwPly*_&aRt
zO6%G4%Pt=ewOyU#T`iwI-?I$I{2E>UM|z%l#G7@>#Hm@~r<!*dPqlt>+<r9f`Cm4n
zH{a#oa+gsyF6)$kDH2}csYkNK=lxsSGF&bHao+S)**C=ie6;f&$9K}C7yhNIKOK35
zFQISNO1U8aVGs31muHAgKKb|Kj@c7Y5x%S)fV6E6#tnWxooWY--Jt~P>Feo{6O*P{
zW{yU(<5)&QO)F?ye)qqJLTrt&rQJ&SZl*P*)udhG{;~0!o{zt}_|3ZCR~$6Xd4|2^
zMS+B!lg81$baa47jteJ%ae_BT{MsGy4`mL&QR54lu9lH=I00B@cDwPf!A^bCbMYgK
zPt?7Ob`xN!{CUs*sg<uYB+4);A*VNzTqlPTpL!@5n<x`Z{rAIq+z+C!+h>Auj)lV=
zhb@LA>WM4_TngqePFx8liT}i6rwEvK7}9s@6oWb3F>V={lqxQl8H~%2J2BKJQzmv8
zQbvDBye7U3O!;+StPpM7h>%1bVu`yLSbXDhTH@Xe%%utKbb`|r-inaK_{1z{>f8+`
zQBExKZNMbTw}A~X^|x#I)4(L^2uT@oS<5&K#ZT5Vrw!WSa)QLT#2oG@4}wXQ6LY$u
zoLjdf%8A9#8VW&_6N|i#LJ;Lb;u}_Rwr>nc)FGBKyoN$hs<><e%ojsaDjhDpsKby%
z9b)F6d6@zxrHX4o&bSO&cGQ2bw#vGuK0{I}n^<+(It)pvbg%-kbr_OT>0GK`u&vWi
zPP|h7)xeV97%+)8iCNe5xd}|7oLJfb+cSxB;yf_zuL6@O7m_;VwT(aMxiubrnA>^R
z#?AJjjpV~*&ds^&+T$DU+?afS)h##PzUsE7J8=^0miDa|-^Hmc`{rDH;C#$^I4p(i
z^CFCy`c~bB)phIE-M-3>f3XS=b6nz<<I=^kmTtJz&GmQTWAGcm?|CvVWoadjp<SY=
z<cu0WWPkf@$|Fs9N4pfN2ptbcOH^)MRGe}nxh!>gs)CgJ$)zZA$A=_`FD^ejhE{m^
z;sAbcz{dFITh`mnVil^M!nHUP)ZE@N_x3yajRGmZTHsGTiRT%!+rYKB3^|GJ@n1hz
zS1kR^4n5A$CHAeP`<!k^$>U6M37N+}b)erbAH4wb*uP3OD*E%E>*LTfN*;S!)~{s>
zNysif_lO5_jXYzXx|v@Y+9m!BO`G?xa~4n3<T*S}phCnlVN%9xDN!y`cuudLHx%*y
z5`{mFkmvCJLS1vh<hi>w>Y9_F&lRv23lwp}<GHzRUVu1>`LHZ{(7sCiqy4X`>x92k
zT>qAIe<104zq;lG=EJo2<D~n?)HNqBAC_|`lkU6S2>~ZAAKF{4x~7!=@WFw^$-{^C
z$M-}+ykD7gZJ&wLCI&eocSFmfTiBI(!tTb~Z@qQxhFdxKXzDUmj4EgnH4Ne&5XU}S
zOPfM)t&MWH8XelUF21w<&i1*T?Kmo(82Z)iu_N62IHwI)hdS*yI>h~@9e-Z?x^^73
z*3)$*EZ@|=KE83y?VasQ;<wof`e>I>nct4%-D_9f)V^W0Yjn^<R@Sv|aPctV`i-hk
z<((!M0`6c!$O+rc8C=mA9c_q__n1^0gSBDB&6P69wjWMl+ddn-BKLGbu!9FsAvYVP
zBKOP$u<cxzz+8aHnGLpo!Q4aPz7><sQkX9B^(u8}gE&*=m!ksZ^ov;Dt#e;q?AU3s
z0fM;5<@;q)0L=4g>|b_Tz$_x(rVi60miO1TpPt0|E*1yRq)kKEpl}@FhZSbu=R*l~
zxM;H(m=6S;IVk5t0MjF8v9QR9DdROU$CNn=vrKqR`8I@&3g3)yxx$q3nmTI{b|}on
z9j__p!wQ*rJ3^Kn-*s`%iF<{_MF>g6RR|H-m<xX{HYuNokYz_q8Ows0Rb!XA8q$4~
zL%_1<!k<`1^8(%karEZd8;&hpj2GnNABb4a%uqxfmY;2hg{rWePq5QMhAhbKGRHsL
zcU;Sv9J~CL4)efs2-FV{Lm!tm&Q$H353&WyVdBi`_y@9m;9#n7rfUCoy{qYnI8*h7
z05H$;#Sq@0@DhXzH2e__({up~4Mdzd(}syUf}LtymVjw9im;p*`phqJCL0lm0d<-X
zG7fPwLc1*i7Xy>z3<LA;X2S<DaI1QxD{fU^0b*50EIT&~8^m<os;uafn~sBO!ERM1
z%)gt)6iK>p#YxvrOQlQyBwgFSN|$+&bZwg|U6!e&yOLO?yN+0;yOr3Df1po;1wWwS
z-5UP7hM&}MKe2&-pdql}BO3mNhEHkuEHU~ZX&ihJ%yCO_K*O9*MQ)$FP;u>Z7YZ-Z
zbZ*x08VzsO@HP$iX!yT;?n3!<OtblxhV63~O2>=xb9)oz@Mk@Dp?t8<T`1g3-#D0o
z{-kpk>4~`ZxeJBua~BF@;pv=7u+Lp^fC1U(E)=%UT_|jyyHJ?#W8C8s`u4dCg_mgZ
zl^V9sU5roY+vhG6w$EKCY@fT}zy{*GE4RY-xeJA#q?`jYs9(eOxeFz?&t0%XgY0t`
z3ft!{6h6zi3ft!{6y_Wv@_>fza~Dd-K6jz8eeObG``m@X_PGm%?Q<6jZ>CL7_@HgX
z9HjpU3P2Z4+1~JDv>9M!nwR$Y%P{$Dz&@-~iXrEG%J@jyj>kDww^xg6Rh2-a_M!^c
zQV4nx_Bfo;9*WYjw*pwV7gP5T*u->6tzhC>FzE#BF(0(YCNKW|6|ipaMs*K?O=9ma
zai!b)jb@KcR_r|ltlL|p?jf*A?CrvpZjY0Z_{Zid_MQON?Q#51RUh9-vS-3xF=Wgy
zo2}UU39xQ&rMic}ChC!11QXYSN#&Y<Y+hpT6tHe@wYrDECb9QxT<P|zHG3#Z$6oR~
z`ZemFZA`=INL05M)9i6-<vo^D@;mx<kfmyW$?xcwz@D@}PRU|VJ|HYZ+-BU<iDf~m
z10ZJGC0$AnUrlWL^L~1KM^Aftx@zfV+oyk|8=<6^%R1zPd1gCcek32aCE5Er?v;Us
z#9l{|y(6&4K1X|8Yl^)cN%oH5-lxGrV(*?LdjV7yb!l%RSnPc@$sXtXIx(j7c*(h(
zacX%1dKdQCM`%w!8}LMuy<S}NnMX+c<C${Z-i=rj7DI{l0$|=_yOMYQQXl<@r=}U)
zP3SRvF3H|T*kgR!3xUPn>(IlWQ@=yFn1X8|>XD8o*}EI|$|0vc`YHDKK3=!?8(gGn
zFTYQ+w-5HDy)b>TceOFr9?y!Z<u9~G^Lr)aj8jV?=n8Zm=|>i>#ol#E_G)o`r5z*j
zk9wqvBzydgG_f}o_r>0alkDA$Yd&uYiM_@odoj&kDU`+Dnk0KX$GS?4DLr1UO0u^S
z_PDlYeeju4>}`b}#~tbC$5cFsY!d(O|A2ab3q95^>z+h=sm`2y9dfm#vi1CMAZnw;
zKiVMuo3fX<a=C7T-Xgg`D0<(99(}D<_s$}}TY;J18DPopfh2p6!XD3l3W>eJBzv0+
z5_+`9XFIXSF<r`zHm0L6c@9`e>@n2D_T;w_5obdl0Mj0ZFuSkn_BLXjG+T_|zQDB`
zHn-o}-uZ#goK#d?7o8aifZqSi$<h0f3Y=iM@hN?an@=x)KDuz>0=Huv;&rmjx%uA+
zBn^aI3VdLac#M!L?xpUh(sdGL<52XTdeHf=-j{U#r$YKCK5AIY;Rj1uY<w{7_b-<Z
zYUd)oKicz)Ec`z~QVA?wx>W4|B;EL9FEJj!XFGY1`|lY~`SC$?{#cj)82#t*(DUc^
z;l2E&fB(OyKfMhg=ATaIKj6HQs(w?+{&Y|NU(ElB63DDHz5G7R1#O+_uG!7o(_Gsd
zT%9+#{PQv^XBD5Y&y4P?&#a%nz1Z}2dtK%PS3#|7>7He~(i%Oc4~JCeP5k!!ue~A1
zQ6=md#6i_al~LuZ3YB@XPThSt>y&*ClxI(^2o90fW4+do2Rb8MJ$i&RaUPU9`<}2O
zM~#N@u4r|6q}TK|di<eolz?eO%~_#0<)kN~o8gJ!Qq2TxXy4sAY@GC*^DcL<&AThu
zvuh&0)0FE|B;4~)6TPNKz8ACSoAwod;t2OFch7cStE;>*S3&)%=cIh|=0OABJ&Wb2
zY3}~KSUqSI4!T|}3nc8MW0PR_J7p>jo~V_$qTgN2wD+l^fkt1lhQv<C27;BhZ!lpQ
z#dVP_(X`wNoo<YBR`4mqiP3f`+Y*Dn#mdsa8Q+V(Gt;TdeGx0NdsoyvR_SObVoA*)
zEDdX?gs}%=?EX#Wl0{2T9h;fg8VTZr=)6VqdMz*ZrTmqFU|mb+g(goK4oaiCk&Y2p
z_3&4bK;&EHbAy5MV)YfPQ;X${v+{@EIc)i6h1_rb_}U*ItH}$Ms<`_?;c9E*s}pe)
zSZ`6$iL*lQ;P^9sq{(Q&o7WMxBl!km$L27;|26R~zb{7a=}&yi@2({WCM~ljM#@~X
zLWcf5zY%Y&CRz=1hO5=P9IbX?<-&QbS<6DF@GYb`jn0O=urg-O@AJm0TV6VEWra<v
zEL>_DynpxMZseLLq(}YO-G;stsxo4c{qQqwxz|sNzGX#cvQDAQ@E)<sh#GtIvs)u|
z=*e?Ym@#kR=JP{{#X>|rwi;`Et)W=tVb6~IM~sJy?)B}cd?a*l<Sx(J{N+WBmG%L8
zJHO_YuKZfpBYQF*nfSx<|J~mjS!2*>!=fd<nH{E=U#_|}&E=`xxNWEFs#@2)J+-kw
zV_NgGXEQrCHs-!u$juY9nKAXUH@~hv<eFbJK5?%bn>ekJMR%ZAqmXuF+?(c~w{XkC
zrE84xj{aMVPuk^_aTleK-CBGG;<e5xe>*??9_&~1-gFOp4tihD&o1*OETaqqD88ss
zUU}-++`Rc^nKfqO4*QGXmcg`%PfO!JX^dig<8?t`#)Gq`bsJ+E2?m^Ztm?qqy_#yi
z%UA0v+LIZIW(SIL!`c1v?b1?r`u9cmk3aqV@mCMMIq>_(6W?TgF75UFD{GY37$xRh
zCfyYW)hD~kRG)2mV%+YZH@UU%t`67r49Z=rZa;J7e0MZPpeN*BnYlmTHSvj8`tnD8
zt}$es8I|>HAC=18o-g1ez4Aapd<XA^3*$~dcl^kq69ex)?i;9e#&g!gL3}&6nbnZt
z@*kc$Em|GHF{^qs)h5%tM@H(Q&a$ki+4A(cvaCeob_!@rKiiwX%<@IEW>?SZyG-h+
zrP*s`O)U*)t*NO)TWnsrw6{OfzhLgl8NHdI{e~;%X-vxuMV>y3W_Y0QRJ111m!z*9
z2>r(H-BL5DzvCG#X}&MBc7__PTh5HPCWhTd%t-IVW24{8JhjGOX}Rf}YFI6u855s)
zqc8i^oPg5=S|aHv;p{}q`-V~2=S8nVbFq8X(}AM?Shbn{$@Fxr%<#U-s4Y+QrOG|!
zvjU5;cT|~M<y|<>-?8nk+*Whhl%MuIWL5iTR+)jNy?3Qa!pKe1sO%dU^I3^u%zKva
z^-!i+ByrA;2;%1^^xAo=K9q$vAM*r?17VM4`a@y!T(*BW^PShPdD+Pr(oFj7gsQuP
zo>{((M1F@t9P#z}c&icfY$>joUlNJgqkYM-P~Oye(aNbsrUy$3*BWoDaqG-0mtA+2
zzq0<Bv!TJWTZ(>VFC?(OxEq5U*BK1awe9qpJkd~V@v{8!9r>ZV&+wx&u8w>Y4Ow-l
z29HbnmOYyKWHdsa4a*oZ_C4C;*<IgSJY_<`>!AtO49h5~^v!xApNR-FQJd`#&Nyu}
zFc=tCbBdWSrFpb1R$YM&#Trx`3lRg!gxZ-8M%G~*9396U8;S3;KY@|QSsRpGKM@O^
zQ15fvaD<l8AJ`cPcpFA%1nD%6EzV6=el%-VU#3${El;Ginz5`#b4?ArnmyxKQQp*!
zX!X>}Onk{YKGw7~y>0*5ja_w%LhgWt>du^pzOymleR<w_t2$~1ih4QGcpD8&G@)fh
zzv1-c7$4h<#;mo%?y9_V-sg-Xo&(=N2RWEEY@Bez`4f58HU65aAbdPEUHVsN#*Q2-
z7|w~hw^mwtYa+2Zre}qxJKgnghLt`wJauy5=9xS3Vb4%**q-nfb}Za-py>E3yZxMl
ztn1;WW!PGAmusbHy;Agxg)^3WtsKlOqqFU2L%(qnPStO;_2N0B%6-y%#PggHDs~^}
z%kHlZ)E0}+kqqnl!ol>d+0SRU&WXAo#^QOs7e5~mP1`YkTV?;s%Kq}()4E))ZRo)U
zrmxV#M;0!9rTFI!X;4XVcj<xR*Q43us$JY$ihd&_hyAfEtOzdd=bFEX`Q+V@RTOrY
z{B7=;)rM13-F$f|O|-+vx7^`r_>`0>!)iD7Pk&E|^GgWHDY3t4b5}Ti&eOQqGQyjp
zaVtME-4%HnLt$np$W=%`zKpB$s-V673mmQ}^j#T?M`xH`d>Nw0)#_PpVC~{VsZ`z<
zYE55O{1($k-EG1NG~+JZxGxmVIaQhG$AiZkP|fQu;u<$x7sb!uJysR8JnUkj+}PsU
z(Dw33Zk5}b^IXu(!p}LFo`oYZV}(anuJ^5LHMdTjI@v5(7IB;2*|TQP3!9A-{lf>-
z%d(?6v&s&(*7+yHZs@UCFzSsJ^e@RPubx>xGf;cu%r(YV-|Xwm3Aa|d&9nvc7c8wZ
zmit=s{7aYTSvk?Xl1GjGuU?2%)IRu_e^qVEV<_eO?zP58uk4?j7bu;H@e`Kr``XsD
zhbK%eF$=cX4phN`w8jbkj<1eeaha8KDuP_z`sn`FcyuN#wLOMzi6Tm`!^?pia=Ajh
zuLEnu9RIxep%bl}q=DEg$7P}4SULVsYdoB`XtHXUp`fR**_Eh-njEJ-rWg}qam?jv
zSWM^oa-^I6!bqCRlj^ww^;~CpP7UVyha!6}94PWddM}g|nKe09MIx2%s4H4w<sazF
zsxgszLfCTHj8#1E#rPlW4q|SrI8qr4zW7qFl@+ZE6m4hqq1y7SIi`8iY{-Qlo`v;|
zZoB5x)5Fvo&50#5+@?9Z8dH9;IdMM9&zwEfKa>|h1q}rfZ6KWGe|zDu<wjjj`%VMq
z5UvjbLo?;>!r_*u&RapuVnNhdkahO63*vj!$py<w`98(SiB*i2Rq9e=f6)3K#)^tY
zw97EYw^-h(8F^e6sK>jO&hgL9iRSee^_p2Hv$}I#%&F;#1y^{S4?4z7<Z#0L2!C*8
z_ROE+bFC#cY_2m<c!9Fqu-RXk_ad6qj|2X<E%(BqXx^-8|FW?9RWp|7FHQ{6iHC`t
z`JpqCaJ0f1>ZTZZO*zpDxl=g!9}RZhzt_5f^T|2y35+KtS7*IhEMr9j*6f0(7`bmw
zZ^{`RNU(u`2eN$pBukj`(cxt5V!=1?fD!i(#;-aYzj7pg#hLi!OzfohTw18eh2Pe2
zCc_S+sORUXi>ySmI>$#dGpF$SD`aFW%Sp$fc{5{uM)N><{XifxkShz-mNOF~z3$L}
z4B5s6$80E`>x_+&U@q2Sp?F@6TfdKAX`wB(wnK!Lk*xZG+(<A_IuT`kCes`%Ys+l7
z3g1Ey8sO=7jDJ&nQ<~hGUyK(TUq4VD83^dMMl#GarqJtlrWvZ@mu?^qV2PnRFNC3>
z4-UigmIu9|U|wb@6!*c4m+yG@NSRd{D8r9tm=gm}-_zf}dDhkWk%4k&-D+j`7-eR7
z+U}ehx3mT;2ePd2bSXH;bEoV=1LcXlgo3&D*kM1LmgN{h|6uT{!@(;@f>)dgUhW&%
zn02bvc<O6YCPZJK>^IZW(N<isNbTI-HQqXYtl90~;;-Z!VP@21EGv3#(e$*BHZKYW
z%?Txc&$hp4(dM!==XnB8@WxYTrub_1h9XXVnfdEI6Q4~_cg3n}8}N8L-!l<Y1+33{
z(&O(i^ZiRpCckF-*eQIf?>fKcvc}ju<tj5D(~a#^tL@a6OpL%qCuN1l<)#&h85yf*
zUc1_?4|L?#c090h$#yfesJVYp$96!1mhFq?ZLbaW2PSXFTS_Efi-m{%*=lZZA=|VO
zq_{tfT`!Io+M1kuQ4^nbY6Th1@}K=(Uk;ufoJRPT@%t>RCNRWjP4xs}s%K5E%mQKa
zqD8o~77UE8O|?#_tw6{4bJ8gPaUeG+9mSU>>0u$Qp8oJe={#-X!4&HWJd9?izMJkv
z?kli3$ddb`j{5A+StpO3!Nv-!Aew{uzAw{h{4HlPY%6)z^k_x6$eMGa(lm$72JBv`
z*#aY|e8_xinOX2k#Hh#c`I4GlvipbaX?Qr`A6ke}6Ej5VvkRxan(ZIz=917}*B<mN
z4Ed{LdGkw8aV|wd9_Lf#sn&<u8i;jR`x~v?p1_g<O}igUp1KuT=<`9ZQ<(?x<2&9d
z*W{qooG0po##<vzS?GsqbUSDq9jVE7qHxU4(yp;N(D|QIqS%QW`v{KqW&b9a{aagj
z4v3VhHJM|tr88|umSy7Exw^H6zn#^Pjvbuzg&n6#@&edx!%Tzi3wy6+<A-jr%#z~c
zJ@=Tta2ncXD2%2U%^LeW@L4<$l!nVfy{VsV4jR~aD^s(1xO(>>_W@tU4lPPw+sb_<
zbUMY38{4PK52uExnwyXA8g0(@CWk6IY;s^zB31hyZNg`_n<jo3$f}4Mq26uCtC?oz
z2WH+=-oLrYZQkRw|DlNGZs|NXTG9<@D)!^9-FUTrJnX44oM;D)vk}&&srFS*8ZQqz
z+c#y|-DxhkBJRqbitV<V8xvh)G~aK!`D;_PFR5;6dNA_NzR^r;p2yA6rvCXwr|_Fx
zs>O}nNYQ*uJQYMej-M??+6pW!lFHF>2-7?EyxXj@NYE&G5baOOfopU;A!w~t?w~D>
z&4O!J?*k9y^&9b`!FcF!JU9{$oQYp^62J9@eF)E9U#3-Q85wPtVXe#UR(q88b@+_^
z`&^v^i`oWiFP_Vv2<s`goGHdki7cqxqjw!H;&keaRxO7^nD(5R3<`rmGe0!2DA7TA
z9Waeh{7U>t93!gs)nfQD#qITBHJA?<NBA`y@hdQ4QTK{S@QRN7y!wIK+zRbcFmy#^
zpw=<4>vF4WuP@troH@*~qosQ=U@0@0w-aWXyN_RRA?b1_W_>{@SYRi8c_L{h$)p)K
zgrt2r^#hAg3~C+FvOO;{u*ey$T1IlM0YtY>Gvz!x7VFG*p#j;(ul(6|rucT)MWfo)
z6k{^iFmOcdK7mC|Eli7GUt7a;43~)&%jobtav9uV)+Ju#GOKHMBoe&RUm1yCiSY#c
z;rqXP0lzVZw4EhHOWU{;)AoB{ZV@U_;&x_)f`wCjZ(;?H8!y&q<?F+bj)kP+It(la
zovSyeH{{_9Nz!xiZ+|xa;nl`L15FsROv<pgh3j#=&fqoPZ{gbOy89?9<?f?se!S*C
zX*y1mNwN4Ds7<sUCw<I>D44qs8^NN%VCZl#I1&t;30{Nd|JQk(^LO?3+WnwpFh1pQ
zeDX-V_)NSg(Ic%QH2CyCxGYcM;p>xH{b*mUui?^mMaIVYsG*Iaft3jd&KXZ_|I-}K
zX*kB2+gX^iBUEs4szxSWms@W3QOw{OZR1B@iJ0i3{%9TEE<`s)JsGQT3#}7m8pulb
zSJ0UC4%l3p)B)?SWh+och;-_w@_J(;N4ySq2W%VC7kweSFJ`H}m>4dQ8tSVoXNnJf
z0^J37?e3Cc=Gfy%PRBI?yZPoiZR^Y=G%2m$)K5aI9ql)L6WP`!(a=Qp-^@h+z0Ax(
z6H%70nR1Phj?dh_oYZfduSDnE>oY?^Kl`mds?kl{ornP;6ugFa$HAgqW(hx6vgoA`
z_$Jg3Y}EYhEQk!O9QE@s7V;Y%KkM_^+cOireXO4y@bi@mWBd5bq(0u4V;9m&C-ISN
z6cQ3}`u9`K`)6I$=R<e~g3qIUz7u1`Ms2KUc_P#5YU%s6-r)~l#uXtVYW@Apc)Wgf
z+Vd3S7&>LLj&B^s0Y|69I98MGTy<ZG?%Qw$I&S*q?7rO-*pUl(jkA=v=D2{31zh7a
zT&jTqGL8#)QvscHTgS_5jthLo!F_o2Ck_mbpH2hE3dOD7>2bU$84ON29GpB7EItz~
z!Z48-FPt?G-e=hl#8%N1UlWH2ugsbwnf5CUOr3T!LZ6(3Cr0P#sAojq*W-9M<{F*t
z?!yiIH)g>wW<8!5pU$N@qtIJzV@HgkK|I<!>w?h|y7=wz|D0WI9UiW$+SC}2IwN>^
zaZ4oIs(aV?z1zaBPv!+P>tI&HRM(3$>S~AFwZraMoi*dwJ9)nfSw>(u(EoIx<z`pQ
z*^Ga#xx3EgT8zO3J6VZQN#DpjRiD?^>n@pLwDr1Hu6kfWJ$@k<SKP4a`1sP=rhc<<
zK30F}i-!7F-rRpMZP<&qI{s$t<jmww&b+d;8gKJK{5t3>yv`i@;k<+1;k1^g&JC^m
zkD8ZJCpgbg@vGOu*_jt!p8i`a-ebIKL^tjB$T%O}BuGMQ@x{*oy+-`<!Fb`}_=J&o
z!I^meIV`#wyO!@P{P%(>`FL77`h>N!ryfb|413me6~3NdlP=o;`xkLN;>-jcz6xvS
z?q+LF%&_X@!80=yD9%-JyRm?7N{`k#@oVw&r6wn~GukDh^lCf_cJ1CCb)I>`11-&2
zR!-P$O%De#2TNWc51Cd@W++@|ZwXFx^)IQbz21!)i_O7XqVS%n#i*{KK>05Nrss_Z
zjaRB?HD#G;X!ysjS1XzD<CN6!$A$V`u0UyjJ!+_$&xGaI_t(ztKWLof$pU<X+uFyi
zuAc3964*04wC3@($RHE8>R#UdE{exD*yf6MX(it!UP@>Ubf>W+;S`L4OyGaF+hq-)
z60HFvc==$k@NjU#NU-2cFyA+@lKUBt8S(tVxbJX0ZzP`k`_tjYRXZ)?6!NtRk7~gT
zd+%Jm6mRLgJk;lkZJOU_G%Rxkoo)24!uko=46j%oUmonPazz)ndNL<R@hZh#W5j~x
ztNXVu-a6~9x{XtMH_q){xwPMZ$Cj@di|!2IZG*qEydrp4-j+x4T871or)WIEFN{=S
zAM(sIXJcM%D{^Y7S#ZGKs($-d^G<pX8vfy?9LwFBx2){osp`B?ulqnH9-v%-X%B3z
zn0>&Uw58f@W<}$(LsN&#vQC<@V8$<|)CPmCc&UW<GNva`A1J>`RngQT)At7SjoHIL
z4V^T%2BTf&^Ls0>9eh1rnDs~Uj=eSW*xW#41@_OwaeVz<ur;`K6Y|mh^aX3@8Y8+G
zd(ol1*v_yQ?-Pt2U6@(6)%V&PIcmRrVda+4uQ`CrOW#|uO};bHCR)38f2K^e57Zfk
z`oRVRJK<~<tVJW3KN$2K4(5#nbKgDf8(4%z+}QUX6;*YOn+~Q~1<SDCo#srIExYpg
zT#1pzJGJQf#RvM_;l-%L*2T;E40M9gN{knFW}8{B22W<~54xh*S<ei$2AB1@SD*?P
zp$aRkS%E3N(Yjb=?G3%r4AvdqHY`h29M-f8o0q4mGkf=g!;D>L!-ju|b+$EcOX)!?
z7>n0Ndf~#0+@b3KaNdj6Gmn+dEPp9*(r69Bd~j>fT8#a-hM!%CZff;}J<&?jShIL*
zoK4%cu^yXjiK8mFhE8J=lXB(jhfS(n<Gb5O%N5b?9)#kh-Z1dlKB+%o|GWzuMvLwD
z4A@Rq&v7kA-t)+ARlFhUI#Cgezc??ianpinN6@P9#wUL4#=OS51sKMg@Wv<MiM9_k
z<Jen|)nNm!KDRNu|7m+GXeeOKiPp_VjBs6S)54dmik}{~;@I7YpEU4O#%Kbt8<^H>
zzlW$xSX^(!vZl_%1|{A_q|IK6efol1?d~yi_Piesn)xMY&YlHxgB)>k!&&|F^7^q+
z{|q+j7Y;`k&zkm+SZ27QSwAeoXf!LaLsdP15ehE`v-+P=Zs9G(zH_lSs^Ra9{m)#G
z{9`0lB_ZLZ+GyhU;5{(|?;iY>&3i7)nw%Hu{nY%T(Q_~85;Cu$NXNXF_YEY^8{s`w
zI~xa<cZK#`SQeUW?Lph#X?aT?b(eYU7eKz&uGm0yr?n?hNc$^Mc%$C77^c+~c1QO_
zJynmRy==luASiocUC~YWN$1AJ^VvaSd#o9;O~+>B*%cB$QZaiNO4#H(XX1(OM3%kF
zS7+BnJdw=QX=cG2cHz%J(HF4j)jJZq=qv4_e>&j5VAa`$Km9wgP5)UO?ZO!Od{%6e
ze_rDzYg6>`S$#(L&n`IYn@G@fuwKro#&OwW^TtB0MT?g7n_jbUQNx3^FK&(*Ydjxc
z()_Hu6Gc`sVg6osQ+nGT*Ze7$HL2AEx`e=}`Fehu>Fq|THDxv0buoI@Ona}yJ;sB0
zEfOhqW=eZCmMza~!-l;Yb9&6Mvkb!FnxwZo?04F_>5t#P%&iMxgW4&p|DpX$o{2a)
zx(ka_H;Kw0HmvNup)0Wj37t9?$(vo1St+k)c5}UtO$NEfR^Oz|;ck2yy~cEw#`yVh
z=YZ4{Bdf_Ay&T%^ALbFM7csAmSs0^!d;{Bz_%(y^s}IK~jl?IOiTlIHs~&IM*&NSZ
zJAg4h;T(QVeb<6ekRQD5ce(a%FD{*1@@Pq<x2NRMaAeP5$)ndszIJ)Zqh%HNLXM*8
zW@oqygSpErs_NqT8*@fu7d9wd<_*ic(y?YYTh?}Q@HN|@2b1PKRb8>Jy{kRu(&b%k
zFXXP>W9^Lk%6JQ@oiutz3UlVlqN^;sA=4f0!dbx6<|H2B8{Ts;>(xU?x=!repX2H;
z&5K?=b$TM^zQacjVdV3;`pfb}<{v&#_Kx)H!WU{r&36CR<;VQ(npEow?I|gJl5t}L
zZ#{!WqfD@PjBlRRx-*(~swmGNs^4>=q<BuK_rk2cx;WnLAL_=lm^FYe<kg~}M5+!o
zpb#_}%#1|p@clK1;M-z+cg-PW)wW>gTaAg(+Fl+Vc&jqHQ@Slgho`mfiS4X$TgMZ5
zgs86!OL4RgEnaDCPjqJ}IJ$q>cI`wncA7_;hxYvNh3Ajgm{JBXuq$k)h2jMV)3AO!
z6Zeh8^G}>Ua{S$$4fct8Jl3k+6KpER>S}VZ<=z&|>Q8s!+CTJ0>F{8%0E>z<LElI)
z-(U9p>4V0r$GHLv;>2rde<-j2Xx>kM-jo&HBbCtNyE;~fY-KgW4!-qw*Cg6`;W?zb
z=5Z^XFZ>Fyoqn8qdii)27(R_RfP?V~fx$q1Fh6r%eLVl@OU=Q8jx-~Eh6_=y3rxmh
z3`&_xo8tu&2SafzJALKXrs3ULB<_nH56lP@7M;bhpnQH2a_y>n0y7`H)pHHDBUGui
z3{Id+xxs+)$v2_l7Z?0PYr6Wc>t{0y?TMbodxWaf2MVW{#f``JAHAT(-tMzA<ZeC0
z{1`s}5LU~kxu)yZ(j(Ssto)kXv*$QzHRp~^t1rhaTzlL!pFiDj0NXEv@w~y{1nYSH
z;Ca4ot}VK!KA2ZKr=k|eZsw%T+TMzt0rY)0oJ}->mNS`S4c2F_Ien@lZ|!NTtEA<c
zCQMaM+9Ts*b&=rs(TqmMuX)_xvG#GhCmP|$qmLuC`9*)*IxzHXB2#M)v9f&`cq8j1
znT`+QI+c!n1%CC6ex2t!avXaMId-t0`<C6@w?wnRegsCYOYcwMev17GX|DUZXhVMv
zOy8EsyMOqNvbT4C!Rg0lH`Zq(Soe10dyunH3uUGeyk;<X_2J;8k>JELLI1AaZAtqP
z+!L@o7<gZd<jEjAG{|F}qg#pE>lf|)!?02QnzJqV)}Zv1(bqBuIfL=!k<&W`rFgH<
zx6$5D{mNkcuMfu`8Hqo9CjL+;et#r>Z+*O{IsW;!_~&GY?ES~!P<#glVY4WLa6HD~
zdW0DmgPRfJ979VRLTuf)Q4h=Bd!Sbz+_87H*F+!M;cOJQL_X9O+>zPQ7QYXJV_~i9
z%$|cehl4x#q7tL+)L^0-_SFybi376fj?91I!1Q+<LuFa%KgD-~44GGRh<$s{8>K%8
z_2o+ZVT@yuQ1Ej{2P46rvGUIH3Jjm|&vmE6e55aTc10-IlSmb@c1^3p&RYC)^*p`M
z6AIq%+&NR)|3cmm2XJmj&MGjGYtO{*KNGxfB!1sX<8ZKtLo?@5srHuolKQ^f1$Ee)
z!_?Xw{2cr9;1vJcznk{znc)2+!TbC#44Y@-_nirTj$@oFvy3C$K_t{<VvLvkwA2^d
zcHmQ)*`EU&MQo`rBI(c}^$rd0JQ2cHqJAB03*MU;0eA7$#(f+DcZT9$Kr;x%A2?{#
z2X}J(+xeEaIk=1CU$u)dH~`|f4OBP+?h5rz48?awf)B_L_&|N|K8}H}{ULb_oE$l1
zNTX`$%onHOl*;^eU;4-e)EioXGZaRG_hT%K#P2^)7%_|M<M%bZigC-On`+BRVTv!O
zp=X*fc5CSis4WbQ^@ohv70yoWF7x7eeVJw<+n+fYzkmPtFASnMg7=M%j{S2g`qj|5
zqWg-mUW~igT4zRE@P3SrZ79;<j*^yQIDndSJQz&7IL=|O8qwQ=U%0h&cO>|Er`E9h
zhI1fz`*Ilvwek4Jc@x*^yiVgaHh*z#@Y>C5UOMryTY)w>Y$RG&0~)!5(VvL#L;tkH
z&}e^g+B7>I`dlC=<KcxjroUa5Wdy%682szQ!AC}d51$D>w5xBUjCtA``6R}@gWg5I
z4TOsMk|TYdi#xIg&LcYJTSjuwv(P`(S^}%FLFZ;!Ha5{^JUeL=j*P}D%T7nH#SE#|
z4#URo`q6l5Ff7a3U*cMkgJG8EiR`ym7wee&uXah@bohK`p&h|_Iofc!bM&+235-Z;
zO2jrw)ZCk&8Lh_4oY%(V05)GWqU6o|Df#Z*q4maCGpH!+oF&Q7RI!zubP^%O^L^Of
zH(B0gMGE_TR>gCM<(WEU6&&a@YfN#yCE~+!`T#ae=DLE;uGiwi`rKGW)Z1ETrA;jg
z$G3Lfg_E8qv(iJ__K6W_4*U=9pDcd={gXKMPtv)662tz9RoU8w;b!aNHSwA>v})JJ
zn|fQ*mfNR#Z!J1q)rH9yg{dU-ag0LkqikKg`#@PnVtmH_6y8%FZs2B0I`m~XCG{TF
zMbGa$tM>5u-7;dH1rfC);4k?*ygjbR0nXxF`}rM@5sAe1Pj^~rOMRxb6MMdR<ey!P
ztr2(Q<5i2XVX&#&k4?!yF_w{GJgZw>FCOlV?y)MPUA6z-ADG^2{`Wn!k9}6pi0up&
zds=+&N<aEzp4XF}rEw-*KeN%&mYrEGX3^#jJW+sG9XZY#?i{AWOjN@PlVVYXwEi;x
zP>t#6^_TLAv?<FuYXcSEI6Ic}o&=(ibRH1Vl?K!B!9z6wbQsuX*U~V&=o@MrIA@&o
zF|O#IGv4xX(8TTmo??}Ob681f=Y=|q;}X3rC)Hkn+RI3M1_8OB6}e0%c|0fzG_$cd
z!Usg=ir}qCv>Ino)dxgy$SUy}5&zqJKmUp|y5PW!eHuqTrNA-4IscY;!z9j~^&wws
zi^M+DBV(VrKaFp%KETRw%zHELm{<k)I9}pR`sg0*naixQ4j(=-7%sCP{#CJ^#4n)W
zgNbG01J=Yr*H*I?pWU;vI(*((+Whakk3P}iGZ)Ua(gJVyzv;nr<61cPO?(uPpJ>G1
z18kP^<9iF+t+Zn!{l~tLw$R=Yd^?v)4LJ0lz6}%b7t$815B1=afAbc0;KLfBU+l-Y
zYlOXJ9(>RzvL$rpJ<Cw5vy=D*6y#IRd5z|?*|bVKeC3w;dMMqhwv0C-%yX&TR8%?J
zdB$fsr0HOuDspYjV$mSiHL=o`)!v1xqMq4rAM2U9upSdtIkJL+N@rGPN6UL=CglX5
zjQeGD(yYETf9PI(WGRY6l~q~Xfid%|@M*7({G5gLoNCHZezfDoF=zrU_mM&Ome6T&
zDY*r$Ff6069v{W!`p92d^62>3OdKr5=Nr8jteHJ+IGYyZ!ol?NBY!vLm8E6;qM&xs
z4EjE^7g-6_&Z{eY_I%c<GMq4FdrTfP`K}BfUNb_gU3jJHbW_gvb6lg{za^4`^I}d<
z#rA*?Ju@_*=2c#s&Q*B8KD`@=1Z0}S{q5tONgP*w<C+I@n{se^!buX+C(`)}JvT8t
z7w$^a4ivxD+<@<ws>h<kIna;8XMLLfzQg`u7R99KK<McUuY|I3V97Do5;?0G!-uqd
zVZ2vYDLIZy@5Fm+ls6`#)bF*>9#>#SaV7kePgiMuox6;9Zui)a5g23wrM-CCc22?_
zZL{1%+vx)4JIr$aA#4{N==%w3Kj}=_MehuT@f$#_uCO<=h<noCGVpmx)5NNh%Lk-0
zn#xc!T48o~K+OMtT+OQP-!hnP)lKomCBv+dG+6Dzq7`<cU1(UNFPE|BS<jLmZ5}wa
z8M5knMyxJOmR-@V-xWP)`a&C=`4ne_@QUeh1A94KbA7P+JCV8N1A6xMFF^JhuuXVz
z{@U#Pp~_YH4f8CHWH6Fzbz$+^Q0@5CV&Dvws`0TyZud;*aDSk(E)Xa#^x+)!>`2vV
zc?1d{FEqxX2=G}#l>kc2$bh4V_7}Qhr=!QMfkbP7e0y4bFeehs&XtWA$k2z2q_8`D
zIJP&sXVPI5)DHwkr#X~u8{Qv>tV1Z<L)M|+h5m+31^K-DEivI_#5!Ks=}x4KGRLy%
zFqT;;bBGdq9I5v6wY5IZ5iCCEO?<i=FE1naoJxGY8{I$Zvhd2n#6j=yVw7~8Ht|{`
zeqwRx|D2EPIghrtzZ{z>iPVRU!okd@Y*W3GvZpZTqyE^cZE`-&3O_AZBnv;$)sF++
zp(a=6w5eqgd|W)<Gt-=bY?=k-GXnSkZESH(mQ|N9j|w|eh}ZV2^kD-hV6ZO78P-rx
zoh5?KNMV^*)5*rM&ce{|=$1(LH3>rBOJ{lUr8Y)pt~Cu8MrP!bPNevZP}2LmgP4n=
z#?X&zyw2>^umGLM9C}(lf7t*_c-}Fj-dc9yp~<N{w2Ki80pWN!C<^Bc=We*`WX|vU
z+$W8_S6kS08gufz1t+ffxd|KtaHc@Eyzy^bgV*JFWpQjyzux?Cs=VtBUpx^f(yzy<
zPfy3dI;KJTGWAO&gU0EU@!5#up=}PCbM77OwCY+yf3PQA)he;m6+#xvB!f<5Zopmi
z;yLMEjs3Z5oCVytEMOl79PKnXCyx>_oymiX)-)^~Rr}~LCMTTJ7LR9lHSyCePF<bj
zSt!v`ON4XA(TJ_38OGeW!KuJe_j8h;0LPsB;S6w2mCNtlp%>0qzsCL&c15yXrH4x%
z9PfV{ojT9%Q${#X{Kh_otF-=ip{s*<XJ9M{g$#EfP|y)di#&4-O{vCPUcR}TEy{~A
zACLI9+7F@TD#_2_FgWKx->-hRuL#@fPR`HPqduIHd8^I;c73+1W%KWQo{>}&?cd7k
z>BHv@Q7=p()#omg+W$GDv5P}>N6{qNXN^wBH>#NEz&Ad)AcRjAbcH<)lUye~k*CjB
zkIag!elBO|ZZj0?3VYFit?5&IX=WBvGbd?FjgS`~pu=WKGgb&=TK(wf`_uUj!aw|+
zyQRlDv+f_Zx?bg03eL!JD<x$EL$r(L)T*v?-pDiOtA8=;Nn?Mp>pA17S#3nSLUS<)
zgyy>UqmbE$o&MBPpJ4?%eA%Ukl~Oo}bzj$!E;D;SKl_vL+j(-ru+%55ALn&hXHmnd
zn_7fg!|3OKJCTpGHQ82|8@o0fdmwj`!;tizSt_rHRL+=r-K=O;UH#m7H#E$TH7;0q
zW7CH}vS@MhO-q)xENfl<(ZHoB-nMFWd&jM7)_(l9b?Z0WzHw9M9h>j`%Pm{)`oy(7
z{!HRyJGXGL72@JN%<WC=^1AZCICkj5Kx}_s<~0Z>gTvr!!Hho>%<q=ucR9}m&j&Yx
zKLWl9yc`?{w}Wp5-v(X}-UR*>_#W`R;QPQ|0zU-)D)>?G--Eva{ucP#;2(eoz|VpY
zfPW1BIrug3FTrnu-vOTn{{ieqxpLcqLk4H63E(Tie(+>)C3qIN3e4ZvT?k$b{up=#
zI1auQd^`9~@Lz#H1?F$l-Vf$3!z18F!CwP^6Z|;%U%=l54}hNs9|XSu{xSIH;5Wd(
z2LC(wci?m2@u-AM@FZ{%xC~qgt^$7uTnAnVUJPCaUJkwm+zws~z74zu+y%Y|{8=!+
zFZ4n1m%w|#UjzRm_*>xbfu9Ax0Dc8L41Nv#2KXKDZ^6F@yFF+Z;C%2Ta2R|ocqVuj
z_(R|t@O<!6@N)3Sz_)<cgExWi0B-@`2mS*1A@CmXKY+gh{ucN<-~-?vfe(RS0skEQ
zOYmv%Z^3^6p95!LE*}rh0bdFBgC~Paz-8b$;JM%%z>VOKfR}<-fLDRnf<FcB0^bLI
z5d2l}qu_r4KMwvLcmR9=d=UHs_$T1w;9rB!fiHkPY48P{3C;sg0ACLFgG<0+@O1EE
z@G|fUa65PlxC{IR@Pptlfgb_?E%@)j{|NpD_*>u~fS(8d2>b&05cntHpMl>1|2y~(
z;EZ&%b#NZ|a_}|aBJj1~>EIf09e6&t5!?j635;ymgl1?Hs@*2JMv;%XPQL$V`h8Jx
zTf%k9P5bRNu*lypOxB;M>_k;4@kLMW=O*1x*5gb;l6Z2R9EzRNgt{xBLcZ)J$^F*E
zrIRnQE9oYOl8)#l`yEjB<i5n0coOmi8A<fSugwXu>q!-gzW6Jlq+6==0xA@_gknGW
zTI?jp>rr+jp7^;=$!k?8_9PU!=wB+7@|dUW$hD*=_T;{$^kOP3R-x!gI#PbLCtXa(
z^k3vmOR%o<$Kp%bp>JY8s$t!}9#_|Ay+~YLU&ne}Q`5hcT-VXDo>r-5C!k@LtN5eq
zw`%fB`KHS+g>`>)|1VW0x^KF^ZeO>lW40B^iyl|c<7Q3gNe%0E^m5R#?sKUYH=to%
zN5{H9my+vgUCL&UmX>Z)&-*$}r&hyyx;oZ%bUPme>-92EOG}sQe(LG!`j!?qrr}}@
z>v478^!kOm^Lx=5z?^m&vR%**GEU>TLf{~nM46EMZY|pb<1!>shnUNI#+9$ar<|C}
zf66T|iE?6=1LdV)66M4qFQ*Vhxsdok9s0nKluCzfhB^#M)FBr8EGJT`xGV?8WjG#8
zKgpz2`q&V$^%;_=L(E^qVY~oX%9&-$M<B|hV6k5ZOiE>c3giZuq1c?E;d%`((lCE2
zQ}ovXOC5a@Sp4~4z_d+&wt@W$e+8lF>;|Ua)cKw!|2}Y7$=}fACx9!IoR3Ii=PCex
z)jsVk0v3PxXhcet_o<N6KZaOc+HuPfO1V`5lTyWHUKp1li8{o1<6_&Hj8NJG^Fc~w
zrv!4^VMt1)qqhO+M|`Z6yt8fdcpLLx2PV-DF;?5Qya6GJa$-I<Q=gB%q*UpaK~CQo
zvQ4M5Pv69j__G8uK7vzz2Uz5rfyJM@H2EihnGW^u21~#GEHEjRZ}gvW7?P+%Or{-t
zAERTFV;Cuw9X>M94ny&i^~Ujyb{JRcF#t?m%E_cuHZ91h$B>jtN3VBDm-?(%+J3Kk
zVIQY`h7y<lvh7jM_#~!FENx>Ju;_Dqkh)s{oB^ipVlXL{&#Y70mykL^a3Pp+lkJx&
zc{@T9^@%?OrhYG2>gyZ8q*UofAZNM^Nz@^hvRVNw`Qo_5en|UlV<hSmOW)ZAEIxl7
zSlaeez~ayIz$C^c&H>Zr5ip5zA(=a9hki07QHOXkm~pGXVqfo%5Zfen>TpFn3`w*@
zEIuy-mi)E?bMB%2HDD6;iD`rUaj^8MJAp~m5t4KR5Ky0?1*XjySjy*SV76Pz?*WSs
zp9Zd0@_vL;RxbdPQl(W4In!b&zD)-fn;eH{fSJ~6u-N2yLP}+me$pmGFPL%JFJwFq
z0+Uk3l{U>#d<Xzbn_=CN7?)V=*H8$eoLJ;_6oM!x7WoYnf+!~zc_W1&%7vs}Sntf2
zgw$caq~0xH66M5Fo|V9o7nY@zgYGlLHc48v!L%5PZziy`J(ekn_lZSk3WXrbiA6q@
zLJ;M|BA-Sfh;m|)C--ss!gT1r;Ol@%j4LGmM<JjdLn(*3N-32-+b#7OlBh#0?QJ22
zpj2@KkTWjBN#GDzFI!^i`)$A^+9BrrME$$L;^%wKceG=G8Iov+m~#N_&}YH=+(BHd
zbhaRr_OKP0ZHRFn0JDyXcY~P@?f(r}>itPzDU+vxNvX<&YZ1n0C~@n7Nz^AU0*Aou
zU=roTSA!|%*kXVw{|s3C{3@{cPv59R{a&#6_Dx_?D&MY!oN*+iP8nFzWnGK?8-b-x
z*8-DL+2lAyn+#>F(EBp6l*28+Vt*wt#~S+oDX_@50ki*5z86ely2PUYEU?U>j5rzB
z)aR=L67`9L2q|v>7Mtrd9pZ^fhd+I105k6AfNxN8z7D{jEq@UpP04?v$zKL$T&8sd
zSn7hW4@jxXjbjtzFeFijSk@{rVCffZ!!$*mCEy^KX>l$S`CkIdyuTAz=2^BA(f@&_
z-w#Z?w381bVuwHNOTQ>D1eUz$Ws6%j$(W<Jd3h$9t#s%!vDDpiV9D2N;4qkJ-47;F
zpLiyi@<A|(a$*Ba`7>bg?Z?0*>IjK%ms)2^z0Xq-7?-#hO#5rVq*OLJuF(&MB<c|R
zz>ND5u$1Q_V6L|)9|4o7Pb_)79Lnrt)Y+z$|8`)p`9)3sWnd|{9{}Uew%HFL?ekep
z&exWPvd^C~EKv9;Fez0YS+<NLA$9mnDP<l2mb4}V(-d{s&tx2CnRvj=S1s79uwLd6
z*(CKvTTGWBi8hJFCdc{9z_i%_CQ*kt4NQ6RI7WMve;7Po;bjO(j4LEQ&_3fZBvFT0
z#<2h}iShtg^2N48qMTUd7KI?ng(R&@wIzvLry`_^%f3cG8In@zu#HiNVF1i>SPGVU
zTn$W06_;&{aT$_Q>CAzgIt--^)B;ZeGp!Y1k^cp7u99y+C}Y%L0h3bMw;-o|hSCO-
z(~`b?Gj#OzIolp>c7y2)`RicG`@aB_s3RoxG8F=*%aCa^ZZnwk9PxHA+XQhBSZsa;
zn3T#U+k^pTDEl+47b&0XfSDd`t^|wyj{}ovlUT-tyMbja{ZrOX`H0W7xK<?5KC#rx
z4HSY><s||+^TLos9b)l^?V6M-F4r@R%aBAJVhc=vYQf?|6EKN7#A3gdLQpFEoNs79
zc@C2Hqd(&lGcD?~eUehyWP7F#LlSj}Io^f9bHSukaj%D*aT$`RLoDkhjz!W2m@k$E
zZEgfhIeZeBl*+z7|B4P}G9Fd{i+$D++YRmi6PQGs#L_+wQwXA*SnRw4EWW)1%yEZy
z&Vgl4$zwtw#wBJ*9qv_<cug#EOMnd}4+GN&>Njcn#NtCUu#CfNfTiDU0Tv(b1IC}7
zRu6#qz&TXpUjkqqFfAVU5Ffa%D^l`zfhE7WP{5^aD-T%uPB9}YIkD7fjV33SabvwE
zCzgD5YI0(c^Qef}Cl)z>%2wpWBJa}V#3ILmN=Khq<o5wfzIrtIPEDVf`V@UxlM{=b
zuK<gk-I{!lrcW$(_G)rsvBP68VrQQwe_Yci=4A-XBQosg#3z9z?%Tllv*o7%q|Kyr
zQUI|{2+5fLWe6CDA&EM~>@y+ob6^tX#NzWo3PF?;OIoi1Gdap%2a7)^fYZUW`8If-
z!Vx+TqCRmDA>-Tx%v+Q%0g!Z;QwXA*Sla3)VBVs<6F}143`~ERF8fPR;fH}amQns~
zV40h^ZY0qTv84MWVBVs92tdZ<SAdxo<*xz<5z^*=0+T2w7CRS!d5dyJ6#uUP7CTod
z9D>S3VDbMN;2>m_*8+?GD}crS4ZtMYCzf>Y0G4z&12^G*2s{8xqCW8qgp~7$mDFh_
z9FVvsFz=J60YlA>TMk^N<ST$lv`H*Jv}tl;k>3g|_Sa}~9?>Gv4zcKWYI0(c^B9-d
z*{aDusp%7o{&r1HEb`9+i=7>s{C-WJSoC*ka$=G5C>e?V6N`MeCMOm-kDZaIPfR(>
zcdsTV7X5z&7C-lC^2arOV$uI+O-?NG?*faRr!@J1CLaW*FRb@xfNxYd*9!om&%|PL
z0<hRD1eUm0086`?225gHAsLsrCS)9jB<c{0{prBGPdVp$`bFmRy`;MYSmw%AntU~|
z*jWoqq8(z<-%24Um2djm<}&Co-56Nna&1HU?~bcK*NA<}ioo=t6>KTI4WX<zKCj{3
zz*%7G{{xsrKZ(bKDSrYi&n$z$GVlKcm_&VI15ACck!1Wi0W9@<9+<k+Nk^rK4xjx=
zyeA~}UJL>4GL*8N2J8dVPAypKw+=WAru^ezNp~Bt=yU-~+y^!J7lE$^GcNN>qCdn}
zfhivXlPD*qjLi9qZISp2BqZg@{US+s3V@^=)$jsf@pC1x#9a?eVp_z~J~@|>C?^&<
z=Q7@+e5)q^B!wW#iAA6LDkRE@#RtxVB+7-PF1UU(zzkU*%rE;CiTcEKV9LJ)rYXw5
z43@pGZ)^A^U}=*hz_LE{A)>4eSe`fF9&PfNGl@2dFGol@=XBnp{7wMz?GXw=loLzd
z|3;G&i=0QJF_hW*dw~sL+W$JRw0RztCefyll#c}g<1nlQGw#R0B<d53oPCf)IkA+_
zH-Hy|8JGQq_Nc=QN`FayzL5OR)O;hBe9hM6#3G*q%v-cy3&6CPZauJ!U5lvzvVBNE
z=bX<BTr&<s5_O2B9#;cPejfssygULN05h%cfMxCU46wBSL%>odr-11O?VkoO1T$_m
zgi<dbc@IA?wf{Lm*{MNDN|nbl$musjX>aqCjQR~=88?_;66M5F4qv1YL^-jn(;f$w
zygvmjW7jW%r-PZt0_3YeVe38e$h7DuLun^<z$B(iEaT5jz%)hq60p=Y=R^|aLejQt
zA)tMRG7c{QmblA-NvYy;Y-C)9oRdP}?O?If11xslYww78pdE(de?72_A&Y>eZ7<by
zT7WGu)BRsyNp}aZv^S1dq*VU1-!ff>lJ3pG8DQE>UQ3AlHcfw>rhkVf->k|1N|SSc
zLhRh5$v+J&KJNsc45knN3?|WkVtEFCfkF`F#D!q$vyG7`C$_+pXEB2y%8Ba{QqKM*
zdFR<Gc~0T}gUHuv@-7NNv_s60cJ9^W#N5ZE{5efdyiCdYj3Z+*KA~j4cc=cxfEk5$
zZw6*Nru;Er=|`^u-=O4I(+G(A#L{Q0H92tr_i5*5O-_8Bl5;%|v$mZt0v9X!ziRS-
z174uyUhn8SDhpVA&IT4AN`a;Qe@N4*29~zH09ew!QImfZn8bV$OPh&na$=FM(d5Kw
zh{yb{*W|<^@6_bPBHscmdD*JTKdI>xi~e>^PAu}z0*jp;n*4rEpIG#FX>wwbKLjjx
z9@gYv)#QHz%raztdx51*ejQlG;cqD&-upIiK<V@2G$hK2CEcHDa$;1yZGTvk6N~<c
zCMTAD^q-oX>5ydX)#o7bGn!Db{ZY`-za9eSlc9`tF<==tI5v`)7a>WD{fKcHlBh$>
zkmbg4kHl+Yk*}r@#A{-abKE2GnpotUDFpGFSmYe{NW3P_1v6dF5yc8WhEVF7bEwQ~
zPXp6;#(fqn{p&Sg(f<W7%Y`;W5Q=^=Fy}?ext3-<(#|J<tCaj(nm+f4ZdY>dd6p`?
z2za5w$@_t{P5wS~#Qp$qiISfHhFLq^H-Tkrw5Y7)#Ii2p$Jj(p+=7b`_^ZIu-ug5h
zVwo4->lt5c@_AqE@Z-HACl)zB0w+EXX>xunPV|XI|7A^1Eb^ZLi=CsI{J5r1Ec&l&
za$=GHT9Xq?`{Bp&#Qs@e=|}u{p2)`mi#%VG7XVB9oCqxWB9?T6z!I0^xd|oKMHE=<
zR{_g<m1DTf#cjYOrXeK#u^9q11^c}l?@@;`KbZE{gT?*^;9@1;g^)yjVv+wdg&@j_
z*+*#qB`}F{Vp;3{8d%noXMsu7A(p(m=>UjwVwr2k0ZV@Uz*M6Szf4%<(=~ZHFnwXZ
zBET{y)&Y|kS4hf-;~?WOoCapx4ls%O#52H@|23FIIkEJk?*L2R$<h4D1r|SxfSC^C
z^0{8hvk{m?IkA+<hc!8|$lq%pn^9=zqX0~cKHm&1KHN?P5Osv49P~Lt>TaG=qCT<s
zyhf7~2f<A1UQJFc&nbI>rEPP(oe8G?>tGpU`Q-uyO3r6?QYt@VkTY)#Nz@^J7)+bT
zz`RfS2w3{>8DLopu_4L4b{Vj=lPljN-2md#E<+OS2f#8XviwMt6IX)i&q}c9tOq7h
zM@Y*5ItXZ=A&EM~SAc2f!(g$)=Lk|NI~L@$!*D8?aoOKV)F+lQX#=J%bykC=9PR*S
zQBZ#~SkmnRCQ(it1T$_Qm_#|T)M-C3iSmB1<mCvk*!(3hi8?}3CKdz+n4ydzoJ%Kz
zneJbJNsLP@^WbMF1W`^b`u`hvJeYC61(rNM2`uy4L0}T&5{v%J6oM!xmb|<TEP43@
zFo`-sk{6EW%nL(Fm+_>`C#rk&%>t8Xhgj^h-%J2gX91W*9b($1{6-D4&5)=gB>wyW
z0>)t|{`3PEfobP8Fo|)ArF=MUi$CKL(Ti*9^I1>Iif7&gUjr=qrNB&+Hm51fxE!~o
z@6Q7!rSh5M65}%@rP3*coH`OxhjkSMGcC3sCP6vhd0qyloa3ALxfqy~%Ko*G(>_D7
zQwl8Qa|1AmafzpcX`lUwL^*Lam~yT~CEf1<lc+<S2Byv+m_#|T$PWOE56=P1IR7(X
z67_|o-lsuefF-0(IavH}1QwfYS98Ji;eIfQ`oxk}FYr__b$$pYQHQt%OnCqXeF}44
zCQ*l&zEEcda8Ti;nhvq#m-8BlafwBK3$RDY+knO9YG7$s+|wp8u8@?;hag}ahE$^t
z>n9ARZ|&fK!k<A%q7E_pEp_&QNt6>?V9K8di%phEk&>T8NTNP*08IVl{S(O}_q0jW
zCl)#1eef3LoHs>2i9!(N#4I1$4`^~?k#l`QqCT<6`QCv<IkAkxvoyJ_fPYe+9ES}s
zL#i>Z1(vaH7BKBo&OUe>n7(}tEbZ|7z%q{<1r|HQz<x0G-vyT`%r%w7y&jmhsnY-~
zYY*;4OS@&;AW=_9{NDrt{bxv`4zUHM%}2muXCJWS>$||DR5qDs+GNP2sS^cD-1(Y3
z1}u481x%toF+=*mG7~%NfHRc*4o%K+M&^rqfmt7n%P~jNO&<TVl+HnfV*mdD(|5*w
z5iD_k4osp?LQ;mTSH@vTq7E^~ZrWK4CQ(j&8JO~qfhFCWfu;X$)a0xSX&YYvW;(R9
z6D;%cKLC>`CzgKkPZWYECl-I6r4U59kmRKj0;a)G+U<3~^q1TUmh!&^Sp10ti=UqY
zmV9jkrY*+(7Fgs@0*jyD0VdHOV)2vZPfFz{<>Ir0r`>Va`pxk+*R(q}cP7F$f;!vR
z#iy-XyScqHzHZw3jkk1kwzs>cB}-SWYmawcEMB`|?dDt7-??t{+KcaX+}^pW{S)n-
zx4U%nt8Tw@!{%Gs)^5Jz;uv>s_`jUJ4}4rzwf;RrqDCf445I{$Fkpm;5hFy15MY1+
z5hFy58nDuorjTN2V;eAF#mJ3Vv1-Mt6)U%3FIKHuwQALhy;8AyqgJU}wQ9hs6{}XQ
zQl(yh&$ISgnJ1^IulL=bo>||$&f07LJ^SqQrzeZ&U%O!50Cq2!y?Fl3GnC`nMGIed
zaKgC@hi{sm%g~(bhYz+}w0ID0kgXfE0|#rbUpO%P)EV>x^KYC{KeBN4wDQjxnLWI4
zhDr|2oZAgUGkRS#Z_dCpzXum|&eh08I&dyJ@%lN}9&Csm2P+rP8#!1xe=&P#_Kf?i
z{+T3;XCu!!1KHLx_2L_5X!3(?ubHzLBMBv6xM1Ykh1btpbkpob^9F91JHr_GH%tZ=
z9WwQd<w2#UwPDJ7HrnCT*UTQu)E1@G{nHX6V<f`Zxnbyr>D?lwM!VjCu8=-MGFN5?
zC)DhVgNtzLywTwq)Lt?a`w$Lsw9d|URHa6zzUJVZnBvrf)pqR9e3aU*bWmpNgL!0N
z{(@^~u2be1Iylda!R(=V3l26y>t~cPxaKdo@!*}PeA3TeJT%kfa;QWYNHaRa*q%|(
z1Lw3%!H_rAGnO|UJ+IBqx>gt4XFWOp+Uy*2h;+zm@j=f1l^-NP4hI()${Fid8F@1$
zsvOpH=M2rAy<p*@>*oy3zj@Bc{Dm`gA;&f{na#=`TmsMO5CgnY4l_9D@U=R71_%3|
zdB^ldADn;fAo^|QmS?XV$^cE8N_TL+JkIAYn4z-hv>BTl!|$MR1OFI(GpXm|q&u{D
zhM9PH(fsS@&AxvA(9k^0nR9UFJ-BS_iR=(XRw*f_I}G9Zi|1cGG{amyWn*x#>*@Pv
z&l^41WYL@j11YbA_gy=8hH?$fz5ZZJJCQEJ+%sbiP#<E!F|yDTjm#TG?+nZtnUg!^
z>cw%;QG3eO3(&1M&ReuN8o;!Rc_tWM_&T)f!fR%aybkLi(_b(+Z|-X@zhOZy8vbST
zMn*6jPV<JA<^1VYuq05)vMf}(CJWs`3$oZDt1+9BLx0eEEOty=%*Zq!`(-5-Dw**^
zmDYdLb4+Wqu$VVGcQ8{|S*C@RtkFWnQ8~3h3ngdMgOu5`#<Znbq?C18sCXzJ<m^x@
zvPfjhvFQ~?_f-~TVOLp=iDv3B3mv9~OygisO<$XZsa0K#ZKA8Jw9GD@9Hy3Jkv3x$
z=Sx|$Oq;hN+5gx6>@qCURn}mkLE*LNXfdD0QC(Srg}Ls`q|2<pruBrB*Uk+GC!I+R
zoh(<P2)h0Xofj*!_=>$8PBC4DZYo8lC^qymy6l20d}LQ!p+9)36?-xVL?)liURh*C
z`pOB(G%;MJt(3y{;I-BCJ(<j>t*XLu+L9`i9PhE7Qr)yBuAI0liyt$t?67XBoXl-+
zI!vaPOW{7_!>ndX&I5jG=@f~f$+TN#l+Q54Wvm`@#T2e*ST4mbA7C?$>#4DqE)}L0
zN|w~>HhnP^E@#kAZ_VuTr{a)}HRIl?rpOM5Y0IK0!L&8elu{N%q0`k+=%z1)LYo#M
zGpvKcKo>!wn_9hKEKXYi9b}-(pP6@7);_WSpoLHDsH}QIQ(5wa=AiY?)DEtJbg>gV
zrdB$O7IKxtTSd=5rOo@pH0Y$ov$1aHZG>bqG;+N!1MRL-Xcyd^J7w;|>#v{31?}j_
zyakKroHBpGHCO@Jbc`hvu6-+!;YAC1XYXHxD*GyS#h@zp$w~xNmHSjC{^?Adx78}4
zYU)+Tq^rtptn36;<-VASZ_31ZYq}Efhj%LxP}S7qnxw9>&n#3-s&WrhB4)oe6Xzp?
zN~p^HPbC7Xvd5AYRh7M#sqybtB4+<!CjR|Q{D+zNk23L}Wa7L9UkO$ARdS6#REdD9
zrXD3Gb=B0XqY?jg#{M^%_-`|DJ}#+*D*Fn$#{XD}fU0tT&cy$ci9ec&|1A@LEEE4n
zCjQS%JkR^NQ=uwXm5Dzt6MsS`&c~{iP?alW;_-+m*;Lur-qk){?~naQX3{@36XzqO
zN~oIpZ^n_HuijKbl|4?<I3Mv=LRIegOgtVfC7Y_LPs~J||9!a<s&dcH#GjLiKQ|NS
zD?pV{m3w|Bep)8}f=oOfWhEa~_Jw@)cUH#!>`a{h4WbgNa_42@7i8iWX5trT;(QIL
z5~}P={ThEsX8&cGc>I@(l%~r5>#L@Z$E&gbm6`NcWa6*N#Q9%mDxoUJ$FG%8Wq(OP
z<8w3n=Vjv8X5#ZR@#`{iesZW1s_efvX?)sl9RGY|Qwde}h(+UkbW;gc_UeMh`Dm&V
z@YjSZ5m1%AR#Z_{+3PhLe@Z1{_D5#od_-3XRa37wBpr^&%1%&~JsPa2a6DEbw*R<H
z{P;}#nVC3W>#Bq*`y7MDn=27el|AmSsH&zuk(+c?_G*FdZ>>Z?Ra2k42>Z6oem+{O
zgsQ1eYb0IO)FZ`+cT|i)Ra2i7iv8zi_Lnp9^D^=CGjYBeQVCU4pUg?Rs;O7eB7RB5
z7*u7i<Wy8u_9~agdnysLkJq)5x@ziG>WK5Tib|-m$B!DnvJwGRO}%oR)KycjO+~yv
zf&W(7r{yZDDtk3d<JVLopsK0QJSBCN{nyEgNtL~}t?>nw2&l?F(NR%V<rY;UwtplO
zzcCXZ&BSlc#Fu2^w`AgDnfR@l_;@CMTPD6V6TdwZUzUl#BNJbqiQkclugJvTn~AT?
z#P7_+S7qXNW#X$d@q04yHJSLmnfTgF{G*xp$1-ugGEoUtxdqcE>?->UG`fE{v)}$g
zoEcQ(w;t>Nr@492;-9vM?o{ysdp-VS!-<S|sDpftGmrdwTo1$yGzU4=<9a}60NTIE
z?O$m2U$hsSTxGL;zek>J`#0rcg!6@q`rLi?F+!TW%;KBv@Bc8)K>zPH!r!rhtjG1k
z2Rz<r@h$fEfv8ILc_0@p$eFnwpV8RBoe0VQH*%X&)LyKp$MwS&k5e!|zT6Rk@gGD4
zlJQB8e;l$N){l66hsD2>+vo9%EdJfxlf8#-u=s=a(L0)a$Kv0gdg*Af#ebNK71;3>
z|B?MiOrW)MeeNf@SP`9V`+u6_3(yRwW2?vYMyyyau=qo{t9(CgSbqMeGKLpptH<@n
zjUG?!`%C+~M%;hD?f-Rdsqg2NWj+3~(z`r9-{QZ`t@Jpe=KpSw{~EF$uWx-Rv;V6e
z=SxZTxIX!z#~(C*f6VRj_@KrAY=0k#zWFh^`rKb~fAamEw*S#w^<mtb{!?3h?r*uG
z$5a15mV1`R&x1`pJ|)Dzqr~uJZ1uT+<}UR3fW`B9{wEWLG+wLn{QF7_ug6xOdt83V
z<Da+q6Y@8Boa3@S_r(0I9#8FA$nyg@3>RXn$17|rJ)ZjSi2Q$fywCPOCBMPrS6TeX
z{MS96`tzyzpLzTZw*RR7FFpSFD*8V<zt7|R;6pwB!c`UY3_KIm<ND-D9)G39kINr5
zEq;9dc#j`t?fuOB$sVT<j-NJ<vtR3TC*{xgI9Jy7xIW?Eeq!LtyFT}v{8b)L^?h!B
zp2wSQ|MT+vn@|jMvDM@H<YtdwVe!-Q;~r1#`-1$tJ^mise@1?T$N8VU>T!L-4`wj5
zW2?`dmEZ31ms|Yo{BJzY7uxG_H2vA*{Es5_Ib5$mGVn^J9=`>T^FIjG=Pt-U)8l-h
zus(NT{&bIDk2Ll8Zwlvm{8bizasI^~|E0xWlJE8SV-~+G|7wq4YVnum`5y-vj>1--
zdwKq~9%s3pk{inN?^QAU1Y12m%kwUe^CixD{Kc|+!yfzDUtjY08Mgn``EPifFZtEu
z`ed8OzhwUA<bRk+|4WZkJSBHs{tq7ix!KRn|HI>aNvu9MFVDY!#jp)qJ^yOjj1Ts3
z&&;0YLE0lc`#~f<yz{;O3f1-VuE%}a98IU*ow|s0CEucAqRPuth#mZd4oZ70hns&x
zLks7oBzQFndV3H@7xwfGV9(tk?O|Jz1G(9Jmb-ZVX#m{sOmKq}Y<Le855z#c`JO2I
zw7?&(!N#7bF;#ku20HlJ8I*ir1`)3<B@B&a#zvVv`vxx>4CEOYVpf)%-LU3!taR@l
zkGQalaa84op#jt>9#hDj^>hn7hgT82xn|gh45r>Df=fQTN|{plJ@j}=mC=~tv^Roa
zAX%il^7Iz(|A3*i$4$WWj0uprRZqWcRcoE8eW5*-P<dDs5qmm|h&~oVG}C`fn^D;V
zAgIy%Q*G#vdZ5+kJ5y15@h3STe|!UCS8;H$FQ>XBbr>GDOn-`CFIY_NqeGZj+^Wte
zHc*0Huy{~RH3yz&aR0x2@dO6bo}E<EPjyYjpQ)19q)erW#~~G8nTk{%cubYPqCzTm
zIA8rBrk6cP_A~>K9$^6Dxdo8N;XrQs&3CA$9!I374F_rXh~af}XJ3Bl#j`J-w*W7E
zj?6nB<Nh_)Y?Zexkd99nAoy5e_UySMHx195Jv_2#_G~L-dIW&o@{ED8%7X>O;%S0S
zk-7W>N%A+(3DiUW8wohI2G<DlE=%Y+#|LwbAKXCRf*%B~m4i#<uj2=y30vs7UJ8AS
zaI4txS|DtAehuyrE|WdqPSJM>cMJCj_mVwrpXg@^_X`gQ4+;Zw`TyZ>`cF91+IAx8
z`J3k=+(Z7`392FT-wQ2R9vK9i4Nq_g)-TT1FMh#Lhkf}Unu)!ro!^nz`bGVFTJ!07
zna?fB-hBQjvHA4Av%dDU=F|1o*ItGalI6dj(l(L3Jk8|oN#8>D^0bn<5J%9yW<396
z{(5_ATX`9*%$~26*=?-MJ5yRKvzOtZc2J+%4nIw4&F2j5#=ZH;WMgfptbW`-E%Up?
z-uuPUx{cMv^ZLK)&Ht~(|72qGxjV7d#o5}&^R@QblWeSg{NmF3)XP)C?wB{4$dmX%
zXvUUzpH}AInmUb7_iy>SPs`VRTE0F`EZ@nL*78-K+CJ__`^9{ETJz~?=`H_%XcMz{
zKUSA*)cCRHeQNn`O?u1s7l|$3iNsbHXR8Yrtq3J-d1q@wA7jnbJGYP@!Vf|#w)`Iq
z({b^e#O>7kanT`MCi`*JDcnW&<Fs42N4Qtm>h9%-I+yq3%k<h8eoUE-w~yKUm6{Y{
zUR9qp*p+`Y?XM+!*{nTxC%v_&>#aSV4=Te9<AELynXk8-<@>jkm*x9w$#*ib<?H3K
zew?8Uw9M~G_QnSiTRFESw)%Qnv-yYEczOP%4KKP7)W*t>YbgdRzxwx^Nmhn`CL8|d
zwQPHn{ve+|e$1zjH|-1axmD779aDKyfh?`-Ev>V)rynoYp1(?dN)R#5o5-$j7H$!n
zR?)YS{dlqC!jG2@u`dgE3U`qo#t%X_w!GK3hwOfO$&>g&=))Gr*DSKPdB5<0@SyOJ
z@USp2m-qHOsBPW9wXJiVq}6`0wsjk8Tjvt(^Qm8~ZMQ*zU~TJcZR^~MeR=OAYg=b)
zTkjWZTW_l}?Y*t6ZQaJ&*4f(Dxrg?i*4oz7THCsfwXJhM?Y)1kZQb75*4f(Dd05Ib
zB0MU*gzWu3M)vZIi+(BDeJ&$U;s;?lwip8|$llH?g;xo$7G5K~R(PH8dST#HIjhNs
zrGBg-%PS1i<~lF4*?7O#(%#DnoIW>t-4A7N`U6bm|55%>=W(Am8elgquWgppZg1uN
z9-;ZvdH4ybUUf|Cc@@c9Qd;xLFOMKJV#|9ON@QP4G?Bdw&1A2y<)!P8J=lq0dAT3U
z%h~dBpO)7H$^PH=<7v&0r?tNGdYK>3%lgIH%A@O|L$#;Bief(fH56lhH3Px?dtU#)
z{JS6XDX+CeznI=1E?8dw&KR4JHq?H1KUVi&CmZXF$;8%%yAxYq=oogNRvur6Sb20^
z;d7Vy=Z#N<L;2^v{O|bd*BZZ1Y(D><*xJ+Aw^p`2NpEHI@|2*8wrV2#7-$xK3)$<^
zD%>Xa?c{y<LFmAi|BGR+Ox~Zklk9!nMSe;e1Ks2!68Dh39eT;$Uw!0l_(7P3Enl1L
z`^nxf1EL=k9uk{j(T|9Jl<Z@83EAsACOj^@l<aK<oLV1NllM}SLd*%K_cpJ=u4(JZ
z-O09&dL1)QO?9-i{1OmCEp6P7*>5p*8Yj*Tv~fR;!X>iXG?D$au4Xd7@`=zw_BL-N
zZ==?)bG^;m5sx<SAiK{p+54`O?Dk#4-DK~t9?@H0yWaZR`@;I#>(Wnq=K<kCVc=AG
zs>#)<UNvH4ZRlmTHgumw+W7U(zidOdZxWx@hJS<t!P<~tFhQ_3{Ig-YCi+uiYeWAc
zgSDaCTRH!o`TtP!HXpbkn4beFFRSnWVcxcO^EJQu@oQf5qjR8t?a10quZ#UYOe3<-
z`<z@N`?=oQ&DS&5Za!wL-FBujTf6zWzKv;jC%v`XLy4{3yf3WG?#Ifk*S~(PYJKhP
zMh`J=Ev=7LOY1(ZzJ4s|I5B&@uJkWun7#YgybiMG*T)bJWzT*2x%^Eb)_&$k`$he@
z-ts**`L}-Y^Oue1Ey<tt3m;q}l(2>WCh|l0L9l*#da|*8@&0PXzOb==aeM0*Z#V6i
zGVNUt%;nGFZwmQR@^AH$S3sxfJzwjWSEh8<ZeACwulKvv_vOjP>Z|!`UjL3y_isMk
zkNKQP{;du7BrZYZy)Uc{{dHAq!=ELaf7ym!=6~6Sdam(&t=+zn{9F5YzO^im+gtm1
z8LTd@x4Q7_lL%H9*Ow5Fd*fCY&DZBf%h%cR^|5F99%>x=n6!L-Oj^Fqmantr>uhZ}
zi9#V*8~S;{#^LUyw{htHtqnb`jl-WNn=(X<!%kuDopwFT7cLO2UXzCDINh7r+SBJi
zYfsl(y<Bhg@-b6FvdEVn@+Zld=fiyj%S-1gXUog)`B+{)&sbh=!}PHpuzvCOH=lm2
zS-*IB%%>g~UWR`=Z7OnFZ@3?(<??~`=0;}zPb43fK5_^&ZiX~_=-HpF7j2#adAu{r
z%fOFbvb+T{o|hjD`6TD3LLNaLzz+hs;A7SFk5BJ5&~Fj^Oh_w_>&*|Cc|OZ+>LE`i
z&%+M_x!}*6ZUz^hkjwR;ZYzbqD7;IUr}MC9xydI&mdMxO2cd+m;Kwib(S~FB6f$hs
zPUNuRKH8iQ$+1lvwlg_wI;m$lAul1rhV4lXo6D((%~g<nWZ1Bs$zjt^J#2;`vD<9e
zSLCqaKHA&@IZVb*j!kl53w{trvC(D>k{fvy<Tx4j953XsUq-##+~GDQNOIxp_(5QL
z+S~`ZnhZZp&f#Y*^=`AyZ8-MG;b(*ETOi4y-%LHy?uPs-8U9<H!~ZwMhD!n3uz$$m
zhqs}rZ-*p@{%5XdzmY@#2=&PK7>u1gZc~ONN51>0cbolW`0s=yho2nB9`s$%kwed0
z64ZA?O%6RTEvWB-o*a6f(wG;=Jf~OM^umT5<vCGoPIj9<*pS1|sji;|JvsDey1pNJ
za_G-@{Q&gj&|l*ELFmb$x8u4d^^qOd;FDof<aRB7D6tj%StrLF_0^E%IL4n$J)I*o
zU@O9L2@=zjG3N=!sed};<H_^!gFr4!7~0yYh)L@VM9;xS?t;8P*vbh#=bSp%p9gsi
z`8xa{kPF{2O!>n8B1B(^jXql-&3|orPm%ps1hbuootHq~C~S3y%?NbIxt?>|NzTuO
zw6=pyJNS9jzXm@D<N^mc!V9o5FZzFpGs}OKGlq)2t414+nZv0^r8#dikXgT@oDsE9
zL?@v8(%e3jbe0x+mfhx3aP%GROVC??U7zfmAc|;Iwzsu8xEaj0E5e3p$%XIX2f@b4
zQ_>u1Z31qAzK#39Wyr@lUjm7yH$C%2_POE${2-7EeqMe)m}yUdJl~n^Y3+|rUkx_@
z&R5e0%zm@;7x;MUxGlsFCARSYY{p?jpQn&v!+Mbm+wg;MCN}EXp5)M%srP&@Cc_5Z
zlp_~7Q6anx8}(>9<H8TA#UK2^#<cSwZz02m<suh$;0IwPHtHLkqn)2e{gLT|hF1#P
z_;mdPqUTtl{i%=~D@8UA0y*l!_6?slhGD~YAV*tSJ44TQAjjOrHi@)nJ9GTnIDtLe
z#Ky^w00@_2qdjddC&Q-BIp!kkN9frm<S6HLv`5;TAQzBf!}cLZ+SgMLn>!$HCBuf}
zg&h5|%=INma^d^<L3l4V+H>raqrX;B51(rx?;*p6#{#*q9X|*k#YTOLbM)7G>XCL6
z<mcR`)w%E>0O3AtOv`p9M_n-Vb44@)`;Pe)UyC0Ea^c5@Y23nw^BL3A9{<w1a8a^3
zhk6Wzmq7M9_d|00QO|be+(90Me3~=cfpc^bemEY;F?ZQ<<!R}cX*qZGJNH43k>P9&
z<a@}A@q=LXg1!W{xeI#wCr4k~niDpgp<|meZH;sEqm4b-bU}Zv+tfNoIWMH%{czqP
z&w_jz89wWr3p)V_S6~bKell#>p5z!0Y$Muy4)R{-ambH|ej^!aIX=lT9;_~?DEk3T
zmMemrAREae_(32?`A-1TW&rX;GHlpZ<Ty4@cRkyOT=*$|5IV3$+E+Mp?9C#>58H|y
zWy2{sS44q}kla_i0Y3=j=$CphZCEd}xe<WCG8d0dW0mD2b4)(LnR5f{Nj=Aj%`;&3
z563t4CCDSmn4DOTX9=_1p|^7fY*>aTyS@#QaoRLP+BxWT0O!J_VLC5E&oZ8jE%a7q
z3~;vL<FOUN^vO7xbv@jfePa1S&wjA+45mLT1Nam$gr#NutRF`K2$mMiJjv0ImKJ*E
zNscjaEVzgUZii%>7IAR!n0^}hCj20f3%d+cU%;jVQI?4|Q}x}EY}iJ{n-iZ&MkX(Z
zob7xaq}2=h5*S0!?CFObWkWWWb_pcY(+~Ta>B(0^VyIbK){7kD&DsPV#j(&s8}I_i
ztH`g%4}ztI{@vhlY@vTY8Txx6t!!Y9m*={kbw7;^KP)pj%4}^2`wh@BKl*tYB&S#M
za!77ubVoYI!FPezQ4gQ23pwg?F7>6<ewUHiAPB5K^{meIWY>?8OX(xdcRH_z#PBtJ
z3*<A&uxI(nQGQ#ul+ya=6xx7Uw%N|-Loz?==Rv;R`OT1bkl~Z%Cr9~hJRFY?Iz!h*
z8|R~)*{;@KZvZ$Kex2CXB+#>*<icdqzW{=Mx*=JnB5as1xv(2Q2))>-uXPT+9q+f$
z!q*bW{FUHY*ot8GTR#~#%y+Ic{j-T_!&^yKci7PXhg|<4<O$eEn_fu%PiOKH$OUA#
zf3xfFfShpN0r@@Q<J~9AYjYaX);ULivF+%eX>ClxrU;#l$vpssv#`--8*Hv{ei7si
z&i#<<$w<q&fn0b5KM0$#G40nNzwgZB;xXqOeAZ*54Igdrkr;Ul`_FT}2$KK9oO<5A
z8*?6lWc{hX9db1pWoSfNa*UskxXq^_*SSpzHsrXc^m*4eK~FAB0ua7TJ^cRw@&UJL
zhMqiaJm4VUJ)s`#D}sLvIY53Reh?O6qyF=db}n}PCf9!#^6O;R+cmrUe1_YwPoOeC
zWSc)>&oM?W{1!h5XJBJqU6ALJVZ*UUj()$8diQ^;+i)C`qwkiv&AT9NPJ{hj;4iqI
zr&pGnel|n?%y}2&L(V*genmzZIQGcVFMD0j@kWldu8j@Yb1adgFY;`E<i-1shm&E$
zz9vUsSl!WyIBe5>tuX+??bwRYzX$Rw&RZalb#8%#>s)c{5OW&R(*9z%VSAFJtzJew
zY<PUkb{>F45lw$4<old?+^-^!rDLBQZSrB)*Fln_?jNTf{=W+OIr11b=cv1lCD^bo
z5V_*BQhCl3KFXP6*y{c!fOE{5Hm;zrhTg{2BrVeY7y9f3+nfL!wgWlJVC?{XEp+72
zv;M^s(-`b_-kQ(Zmtm;y25-Vfrv9tKHvXaC44w562PpzM+Q-g2u<3!0^{1b+A-TRO
z!k%>@$6E1R>S4p<nDwCz>q3q-kM$$;tP8oY6+Z~`uthoT91R=x7rF2Y{2+{A3!9tC
zuwj3Z<37@DuID%>hyG62b8M3fKgSQkhp^G-dr{_(k>RrhNe-J0)Vs}B$gpXGB*)sD
z)d-sh-KH6m95y?}=GSh+b|n`c!Vkjlu+a}6H9ks4UagSi!XNO%fPIk{Uk{>98`R{&
zZ_Fb70a7oso%>+Zj$P!qmgE;+!p|A*rvo<Ruz8W#ywdq$*u2L1R>%=D{Fk98$8|2x
zuk=3#NxR5vDH--07v!*C?lvnRSGr9XY{+qqe7Ebnp(ls_qps&zC5QequJ47O9D0tw
z;z_B@94p2Dzz@O+*r?|*dYE$=vRe2F&Zt^i^TWObwqqRp6!00?=!eIP`NUv22W-dA
zH~`@SY(?lVg=9U0?Rv-cPZB+k2ijZ&Y1abq!*bcRzytt+<B2wGA6t)s*{95#dQ3Ix
z8Vv{c(O{Of_-6bdSbd={fq7gN!A+2~BOea=eDZDhL15lRRGM`(ehal;wxt!0>vwAh
z6p-b54z?m}n2sFhQ1cI)mqTY|hE0ugT#r8)@#0(YgFueC#rhF?`Xm?riXQ~lzj#WT
zORf|?l6*UU5Xf<l%j)a)HlM?WKFKkkG=rIzWg{1OfFkf%WnN`S9+R}Gb&j#e{-d7#
zNsjsaQtFZRD#**puwg%tBkeV=XZ^^bw>n}megkw&Uwj*W5XP_-p??RY)eFq>9!EWF
zSTAz4KgS2{*Ftg((S~&-$9ee`)Wc>L<m;TvkasxW2DzGyw5&Th&c#PjzYISJ<Y;p{
zAEEKM%f<<SWg|zMTYEy!@{nVWvbrPft<ar|tq5kDb&+9T>s<I70HFsPZD`*|hE1Jw
zoUi+-cbjY7hJ8UUOyUROdTe21?EpXQ7jpFJ8{Ot)$Z;}k8l9u>PNg0L|1!uj`R({Y
zuzaCk1b!+u+B88voeUec4>|hoc<N!Z1oEZMr$hES_e0VbZLWi4+ZK^Is+r~r@R?w?
zMUevrfn3;QXmz7~JEBZO=6JzS$Q4gZbK4Q*cj5<uTsUBu%I`K-e%MTve_OJ7CPer-
zi3}U|H96YK+5w%<_0c7?0bj=b<mLE5AQ%2&nC3UwyaZ8XZ#K-A9OLJO)WfC>$+?Wo
zemtKHpDY78%5VntFGy`{$E<Tb_3y$D0y)ZX3^?qq&0)hbkPAP-4+6&rZP@<LBg2OI
zk|W=9Twe=G=J}q1a|rG0oWtJo#Q-=FdMn!<0O!KD5@TA=6=B2UuayiNmW^EaCw>sv
z)<sl$7_!%ybI;Sr@5T=TIr^I8JM66=VMCwRk9z?KR!8_`J*;0~!}^k={ADoxu%9n>
z=J9H64tur(Io1z0??GP&9XZxQgJ71k2uTkAR(A|$ba%S1?))*@gE@r0<NQNN-d~`e
z&vNZu1?MK$e*!j_IA0EF>m1nJ3Ffy=n3l|Ie)78xL%U!ru0TSBCy}AQ8}fMPHpnxb
zFN3_!`7@9Ug-3*M623+FKZKVGzeD)l!u*~H%fr0x68@0zTH#L!KjOR>l4Fa0S|FR8
zPlaT=Q_nGvZZ`fs>|abqn{dpK;~L?mZbP4aZo@G{j%$#9>fw`R<{U>q94F)gFLn_Y
zVGEm^$*|#=A%~w^#pZ2pQ-mak4TjW|pAWcA10*@FS?v14%kvqx;qgH({0ct^U%<xl
zT#qt;#rb=XUw7u%`?2#MAeoG1E;+|_!5-@2XA%7Da~rldIr93u+q@1oJiKYoSIQsn
zW0J3@9`F1*$WzG3s~NWB@YCitOW?=eNq`@IA@O|IbNs*Dc@UCcE2JNe0dkaip4+?$
ze(YWxY+7MMj=b#p0{(A<%}s8<43gIsEdP5TKj{2y$a~4~(*{4}xVBp7Hs6Q*yxSmo
zx;Mp!MX-BQP%cAWTivDudUBNc+tkBmKjhEcrVJZ$*zj9Jw0ST5{K0KHVM7j^zqrjR
z*!<o3Dc~nyV_MD!hdXmFdKww^>T)hT3_xgfn|mRj<2K#UlVc8izT2#WJj1yO@**;P
z_Q0MTW$SjEPeJy&O)qT7g-HOym2Pu3<kfD|2R%9F<j=Z(7WCwpd-=z-nQuSz<k0h*
zMAQ#JPY(Sy*K__RhyF*dAA+77`iEUV3_UsYcFf|0-+;;GYuHx=bB_O}@TBu@$mg+N
zVDnkX9%tS+eTA@%Ti9@%-tT&j5gR|ylefG6RLDo24@0>Q2tSo&hCTc9HO@Ce4hvhm
z!RGENoG-DNJ>+wo%aB((^Ls_Jg$IPM6J97hBFyh4(LepXQFvVVcHwsluMmE}@Lj?m
z5?(9(3E|HOZxp^y_(|wXmXm#2FKp)>=%0yxEP0>SVL#Wbw0|1-O!9m1gFudRO&J_M
zFDJtW=IL5&D*)k2Y_xeVq^&(*Q{x=t?ONJEUkgbNJ;x>Wb&%xH-{krtBsuiAy1oID
z9C|x9!4J<Vc5dQH17Q_5`Y$=hxo-{iC^P$Xo!c})lH<I#L2SO@%qnko=F-vDMey@`
z@OIbpyu{@!{qxx2MyAbgonMW7|4c^Nnjy)N?_+Mmvhly5(53}Ca@f>T51+Itx=kz7
z(dHKbghsKkwHf@hK~D~w7O^>l3>!?j>E4&0m(O;atC80Q&b^Q?cD@4Ao}r*TJXg+f
z{US(v#svKcm>bK?`&e%zBQKs)$T2_LvnSXLBCmJ4O&K=in3H*)qo3<xbC=t6!iF5@
z$~A7Y2sU=ULtb65A&1SU-DVUvb{>RJ-m|^W^%IbGj)Q(X_`9xuHRd6n<5>P~_#}tV
zU2gLR_<Y2f=d?dL^X3xgJC^@A$QtKkAnTkt@7cKwHf8Wh)FZDR<VB9QdM@>_xfOZY
zxePYFupviV@tj1PrLeJc9Bg=QvU8mGubtyy^LE(SISw{FPuV%nZR{Ken>%1L+kGy8
zyvBJ1l5;fkS^{ZnZ}5*$?^~&d&wltM7ajs2*xDO5{|%k3w_!5?Jvqw%ex`-Z`;hM%
zGHeE6Lk^pdy3H!se9mo#U_%a@O>XlS$Zxt0=Nod^*tr#X-3vcIahnm?ki+I7>S41E
zHhbJ=6gK3r`IFmx3O0{A^St>_w_gH#a^YbB!sB2^pPz#~l8iczK~IjpKH6<IL7w0?
z<FFxzpJunIg*?M;mcoV{Wjot#z6yDf+bn|(xiASp=ysb{$X>Tu4m~;6GY`0a1@z>Y
zhri?cmC%zzzr*#MkIA8b$n~qCCx`wK*RO$|9D06BknOV;dUEIwxPBe<<j_B^I@zy>
zo*ep<5HI3HcN%1iFpn|nUjx}Me2wst&I6DQ&hsIk?tC)j3C_=lWFGX%W0Uh;kta$7
za`fH#;IO%b3>y?Ty?cKc1`mRrXQ8igE>tDGmEnD6V&#c@iN``!JS)w6Cz4@9pX3-1
zr?|~Ikf)PjL;vJBSC(C03rUVPw0zmo2;^z`qH<l(S-!BD%J(<4_WKO5naUS7Gv*6@
zHeX&d7tc=5_xi~1r^ocid&$h}UTn1CdY0FaWL`fWMTQOYBFDX&<EV!Xum3J{rf*yG
zK>vO4%Uw^tnhZZI8#(R?-%LI1#~_zFzXKA@YWh`>A9wyV<d>bl3TbO^r2Pn(Yl|qe
ztub8xbJxEBa+mXN$VZ(27n17?maWb??m6#weG!rz$8rvJrhNl+<mg{ynJc1$#-V$I
zFz15Mf6|%P>)&ub2lgk>C(@n_d7U%;EEKl&fcw8$^tLu|{W0$IdhCCOa}(qV&gVhe
z7=t~>a;xjP_BexlCw>sfv39x$Og+a5xo{YM5W2Ck%x{9Udo1AVz(cMdh0oWKk(T3!
z9QRI{hG{t;-cE)M#|F9J-+aKKYc}k6jsx1TkH|3&*H8~XZ$Mrf+=l%{j^k^S+wfT;
z`=0jfb6Z=2PlVq38vfa**4H&qB5-^&-$v&cxAoK`Z3ASBb30_&c>?wqI`iIMw{t(F
zT@S)%2{z;yZ&%U=diEDN#@p4dZ-$;6;|)_)uJ{4`AXxjKi+irve+S}4@cod-F)eJ^
zcjg~@UU!;L*T0rF(6bHsJe#~0@&m%Fg^zdt96NSifFJfRIi4vz*KO#B#~yv21=;TW
ze(2GBRyOuKIi45Tc!T|2u$krdb0BRjv7F$yxPBSry=0VuV}l%hw4Qp{e-_fN*})uB
z-*)|W$e%ht3~BQKY}ltfRnRBL5;=VGzgW{J`~O^L_VfA9y|8Ed(&p8WY*X?LkhhZI
zlVgk={eHXK+za^*x8Zmr$2(D-h!<Dk2cZvJv7EEN)Wd5x@|PgLPKFKp`Z01D>EYwa
z^a(y1@>FM**REfnCwGYcC{N4rb{rW#*}vrIU%M7Ar?hRf0lyH^`V`Fao`;S47r^($
zWcXoUlcTTg+yR?2VKbLD;6cc7=eI)MMMhfoFFE>RE%oJee)zKUJ0O4U{5wdS=ga9_
z$F`t-4w7v_<~__~$?(s<CP%+;UZ71GlJhcc*mvaU7p_-|=cW7l^T{8?55fv;)bECT
zknDPviF*4S1pI{F=4aTj@5nK~HM>3ghhvNOHIU?JhpXIX0Md>H*sz`TSlHk;Ux56I
z^A^Yn=kG#VTcK<?wWawG{J&t9m1X`T_!#FB<TISxpg)0(eA!3jXhWMDp)W#DjybK(
z?b)8>nA4gNFP@*yOSWzVvki`RJ^5HN2Lb}Q@I*L3I2jxDY(sLvA9S5Z{RP-yHpiKB
z|GS*IKDm$lpZGy|1~%GX1ZnLL=6u#F`m@NeXI|vO;i(LlxSoAPj(+T+-plY>=NlpK
zA;S;*iyVErj(XUC3i9*Ln;?JayaIC4`InG?aQ+MApPUCE_mknD{X&j@sYY?BXTOl6
zUus>?ej!J{oP&6=Gkx>l>H>ZRbk;uL^T5w>8@7|J;a%TO{c8LmkfW_oJ=0f1k_-O*
ziWgIlw7rnWknhG10y)~V1TJ2f+Stkf8~Py^IN>3%9JDDzS{Y!&ez7w6GaU>s^UwAt
zM}2J$WQQP-V=ZB00|R3jbSGdd!iM>hr@e0gJ@aa#{>S)1=)hJ)+FK#J$gp9)<S4VX
zt=sguO&uh8+B*hrbFJI3AIXJD{2*M9E%JID8F@88lBd0606#od#@(jTIoiSc{o=GX
zznnJUG01xIhwy_yj=Db`Og-C#9Pi%P`2uOrhwgN@Vf&Ed9T;mL*su*yEc3(mA;<l<
zZtA@}uW}o<54rFdeh}th3!7`nD9?=T13$N5KaWG&uzkqUK1-<gyx3>tS3q7$UXzX~
z>mzjFQt0}rcODcT79JHI6aI|zE;QVP^AQ-v4?FXi<`hH!w7Hm!GB9+zp6i8v*TW=d
z&&Xg;{Y|c~f&Lb<>)+&h`ngT?Z*@J}|7))Q4W!*?L)!BW!<fWIKW~McMMinp&QGsO
z`t{JgQ1}XG{{02J=a00s`K;@YL7@-FMxVSN-|oB`@?zmv3ST8WPxw0Fg~B7kHw*J`
z7%*SvH7<O+@H>T92;V8Z-uZsW?>V!-_%{sbpZsItp9`1Jc5FkALvpN<nyE+H@5A;K
zGHiI9lH<7JJVTpVkX(n62O!UN9)iSFX!;RIn`2?aG5%85k3-(>{4U5<WaL$Hj=2{q
z^Yb~#d!1RQkCCyn36dOZq#wAx8Il}+c2bWraN2*wZCW77G5>Jf)8?0ukCNfP)j4eb
z;Wj@-84iOl+OR#yQHG<ahacV>C^_@mi=POgeLM8z!ae}P^W0`Fe4gXXW2MuX$H(Q)
z^C9ip3Vu3}mR#V87-0czpf5WY_EU>_#?#XO3b*Nmo*eD7N^I_S=Ci>Mli?H9F)nZs
zi||Re;TZm++jK)uE^snI_^Q}UxDDr9a?G*Y#pY*j(+eAN+~fL{*gWPoeXt?NeS<2_
z2`D7Xb0QgKo&_6nfr|@-7PskuO^0(gnDYzMo&ag@s~~MZ?8$Miyuod*g#Ebl95Cl2
zrsbTp(V5S9zwCTJ<Ys3+Z+yg=bJ1hY$3lM?=OyGjfPBeO<{IkZpMMvn!TEadsm`+?
z%VeY-L|SsB<$YtOT?Bi(R}3Bn_q)CWase4>dCZcdz9Vk)2H4xPRHVHX{At%e8T=Jb
z%X1Dn^8K3IEQQVYo!<_&`^oTA4Yqs8Yw+9&Y3&}eucP+5{T;B$V`KSOLLTM(MeJ{M
zZh?HZ^IedqlGmjFA4iUL<~^=og1pFaEPvGXW6+aB&%YT%KjYAoL(h4Z<@qe+1I`aa
zev`Z=otMc|^8nHp{|i3|wyxu(f?(^q7o~OnNr=-1$)>$~W@{c!cnG%U*^-#^b@7sP
zJT{VH!?fg>pHFms4J0|%JT{*rE!SD6yG^ZgtV7DKuY)8<-7lj4!)cvqb2ujTH$is=
z_0DsI?fTU9uND1G!XJ13735~;??FyF^Vqa&XXMLZ_m|-FY#h#ZKLL8yeFSlq;e(Lt
zogad<cf+7>!g2N`9&66Obp9>mvpC*d-|75O$p3U+1G&-pcaZi>ANJ(?MZZ<}+rkeD
z+jACA`!mu1LU_0Ee&^#+NggvSCz<aD1RpK@0%xvY*zfEw_AfccMho@u!#Vc(&YUOD
za2|j>+nIC11<pK9F=Q<*kE3ztWsvVABQK5_a$LW>hkE42e&qR^HbqEs*lco}U69`-
z!-iv=9Al4Tf_}aRxq}QFj(2j{{GNK)d<ycfWZ0CPBd`CZ9yXje?3xtZgmJ>DhxSd_
zPcGOE6MugaHf-}2w`qnAxlqIpLL2pNbCKJyjmdHTx>Rgl<u<LbA;<Y^uGrX`8Rcn%
z4LRo3akt?!w3W^^C>zH;%WyN~17xIaM_O{s=RD`qhTq=W>CAbQ#|ia(2KopYX*-aX
z9PRcew_!W{-EGRSA;)?AFh8cOt(<!xpYP1)-fhl&7J9WakIlu-s~}%bMj1NcpB#06
zliO@U+V?pBH<<5Gvi!e+e1MF!n4*m%?S$L#S?Hwm1eot}GVOmu{x2D6yOEY0?N$vt
z+I$z%&cEOvfX{RNJ&@gGr0qdka^!ot+w6qA#+m298=OA~IYvfW9*^Y6_cpir737`H
zzlHp;^Tm+s$w=FWwB$J7**O&YS<sW?7&#IBNBe&0$)SIq>j$7GhyGmG4?<54y<H!n
z9bO3CW!P6lqw!wvb;33$xZbWeoxdwKe{<$NZ#y<&L*_m4@M*`Lr#;&3kAvj#Pn%ZQ
z9`Ae-WRo-Jn3KtC@q<8)@yuf{{GUmN4XTpft>VOha6UHLTn>3L88$V}(GKi0>T4m%
z;h*i!v<o1wCc}nvBRSG8a(xk!9RH8+X6ljl4#+o>k+#7((!Ry@Yy)!WKR`V%J`g@c
zM%t2d*nG_OY$tN)H@dzVl3e&Beh}`%#`0{3{2wxWwm27_mh$?6>)Ed4!k_VjuoD~8
z{uc6KGSap=7ybl5uzS?7IRM^=jrMuC<v1Yo(b(gi8zJk-@Y4=ka)CbxC%V4FIm&h(
z;>C~9!teRNB;CJ!AL2#u*C8Jy!-iv^mVTgrI;35@fu9S$$n~=z?cFNq$-J(kJ^2;F
zPj~+>f{txU8<zQbWaL%j9M3pj;5PJgmh*X#T&poH&mo;;q^*S{$2B{e$!vOI!!bwu
z5y<7vJP&`AjI<nw<hb{{fqK|~0rDHpcS5oYspm0j=Tq=CV73eOb&zZq^0Od${L_CC
zHsrYXd#2l533-m&G{A-&>*VtgFJ79?$@83l2zi_HHz92fVZjleg^l)X18ZCGbHN;c
zp|>`KJ^Peg;G}|Z5w;@qY=3fG|5_V*8EkC8hV4v_wz?Zk|Mx<!bLM(u!uhR`KXLvQ
z<S(2DA$ODElkHEA_OUS!J=={Ob2yI&+Ow_5ah$TAMIN{a7h)@70)7?bPn~&K9Ycl<
z>rRgU<5Qv@_Pn=u5*apZ2Xg!$d}~A4bU}Bf+przTac;7?5jHva>2Vv@i(KG>9ia~!
z^P-K-fyj$>v^ntm0EETZSO(UST=)@w5MGZh(%wdfO(P^Z?%TgZY*xBW36dP|&#VTA
zpAVDarwNiA@AiD$ZP;!b$gpX4j<wAuw_#oGcbgVSa(tudf5hfNw_#h7<2^AO8{Q@y
z1I()pk{s7xd#QJuN8P3!l3aKQKL~aY3O1Zm?H&~TbU4R2IRfz_2PuMGZ=!Sh!6#!Y
zf-i@xcP>F5MTR}c3_0q4g6nG_$?^YKPjfxT208x!_zS7`yqE`>W44bB|8>qW{>{%z
z(|ztEX~PadAjkRiXmHVOc<!eS%Sn#4mW^lFoDSV{+=gW)N1L#Xn3iQG$NKyt*RyQo
zuxB?EQHdRp!_K3Sw>WQwv}>GC01*BY8|^nj;?T_%UH@g*)86U=n`W@p1vXQ4`8JdY
zHotkk)?Z-!OV?<yXT8qAR^UTXgp08;FV>43ZF?p4NXTPuw(|fa<J7+il5z3~<QJXq
zf&8ZPX2@-1_-Ff&!$0Sp;>*&z3~ZO;C-H-DD>mxygj_~;{d(8`4AT6=hWw!Dt$m=M
zY9FMXv3+3kd!)1W0bd1vp8Me#<Tzj%sK0;=KWsO0p)s`^cAK8<Mvi)2M?Dmr4^}z9
z8S-xDk3w2o!RA}whg{FK&#%bHi)}>?pHHN|H~oK8>t8U--cCIm27&dYO*iBb&W(`P
zCeS|#e5~u)KBqcg0%_+0*l-=OiTao0yU3{Kr1LK!pN%;6Tr)qDdY-%x$T1&28%!Iv
zWsCDEus@9qdzO(L=M=Ve_&ncj*v{l=XO@pPynlnCW`5Y_<nUu-)ouFShHXeL9E*eq
zi?Fc_Mdx_dc{BA$%jM{p+cZFuV-8tLz1zH(3_omJa>3WkcexFp5!~xGB}j6#&pPVi
zhi$uo3_nef<d~mrY{2Fh(0$!)*k9xV7f=Y_!A3vKi{plV*xuyGYp2*e;(P$|&t%xQ
zI!C^LbDPbOTtm~Q%{gqIK)vV7H5_d?2FWq+**!PtJD?|r{&=@9Lr)I<;fNPMjUNPZ
z;T*&C-Mm*OKkSd<XOjMOGW4C0Y&+_!oeLZ!2q$9;n^T<6ggn=o{@A9)zBK3ASY;<5
z*f@lKEBLk8Xv01nA-j$Bk=uO5ZD_wmxa52yq#ZA?=Ui^(haZ-i9R0=iVqQEJFL7qM
zY|O*H#<_sHGr-jBneVHezY2LZ8TPf#F@~>m8`_VNVZ&pD9Ovt$)Wb2Slsm|<DLNO>
z?+kZh3mY5rZok&`BarM)rfqPJzP5Ag6={y*_$z)EKL{6LD?&ej?z>&s#y|ADKC|as
zVBRyk99!7GQkd62p|>`NJ?A9$0rfA(evSj?%l0Qn`<JPQ4cq=QXO@x8P5T<>Xn$*S
z*t5*m=HNlt%%eS+*DTiNNXxz;M_&xP4b$F8hD{wLIc#omo3}&WN`?*lf*kGnPS>-Y
z$#I|d1Jt7ot06gdnYPh6uKRFGHXB}VZFHLwBsu2Z&0zXrn{Ok-PZK1$@JuKXc3=ye
zU1ZoaLy`+W!w<q9Y++;b4{SKL$<h9Qa~oba+qx7st<c%C(T4yCyq>2Y+SHR_(*`{`
z#^*6^!!mQ~k9?b*zX|)($w=Go9PMfENkY$KksSJqJ?+(ymw4JTY{+pPN?*k*({m5&
zFEI18V+8ym?0>**sDDJ5*HlbPJs*Dt7lo}}Zo{Qp*sv{v*(Jg3C-TXVCpq(c!FH#f
zb?kD!6!OK+Y|9?<=kS9-jxo~*W?Ehj+nNwI)zFdS`~R<@4fH%-$T3b9Q;)Q7hP=U<
z^|+Y~dmba?XwN&{=5EMOl3`Ql9OLTqZo@wPf-~FWJ~HfiypY4^gRXCYBo|JAF@jxN
zp=`ec{}da`$+mo$3_m<}$l>P?Zo^}JKN&V9=V*ujr5=7bciDJ`4g18#GY0~K^$`}r
zFNF=qanbol&b&8rlrxX1W67*E0y*ycv5%SdOh`N5!G`@p4x4jm13mkN9BZde>OJ3X
zw_#t9!=~45cpuC99e&ss*6+T)x{fx`v(3q|?i!&U{%?ZhM*c6zaWd@L7vxxvEu$Vb
zyvK8=+pzt~VRMhz&=>9RgZvB`K1<GF|0U|(=VoWN?YGIWZ-OL;{SVxRW#BrDHf(=#
zVG=(GzrjYI?EgQJVbkIq_hJ6&`c_DCT&LSQ%F9!WJeZdKPmXr8du7nKLr;#f*)i^E
zPhwgy$1K<7^uyzt9M{zCZo|5i-KGp1a?EeM&&aeK3*^u*K)g6By(4Vr(~VFdkmLUm
z+nOIX>!3RgTM;(Z&IL9y!dckp=lzi9lVQVgNRIaGq8>I}bJ=)<O|5fbF8~3%r~F()
zh7HFdIqomr?0Swva-_YLdN0E=w`qVRN7@g#z7dif?Xbr6B}j7U*=I#81UewucI1yj
zzJ&Y*{2=sWqn>lcpflTb*!e#oN64^eyKQp)Hpp)ZA4!G{+l?IeQcBdr|A~;+M_`U+
zTWf*a!FKE;E!)$M{qF)0F2TmMLy%WG&xO3j`K^$*IkSw6(|$dqtq<Xo?N5$xPpxzt
zmVY%FHtY*>+;g~>dibHu$DP^#^h^C_$PHwqWgn5FzF(!@)1E=TDy6$rxX&58()*==
zcZ03p-QLRJ{4q&;wDXye$CAH@9|Ur&ug(KA-;Y3E<or^|mpNmYr8ObavQMwZ7IUeM
z0i^u|bT?z8fA%Rku6=B*!scDj-R3szJ93P@_fQWT9xr#2;fH-e4x3i$F-d<3l4T;Z
z9hQiGj7$RrYk#-L>1rzNG0r8(XE?J@PH;XQ@+>m^u)gG|ueB9?qAOEdf!RMiN6?;i
zCr8~EQ4gCj$Q#M9Vcp45FRMFj=0LZ~ZCH1*ze=C(p&>2D-bbnD#e|1^e-N&92NJU!
zc^;$)^p(HH(8gc>+QcR5*?|bn*z)rYZJnBDB@o)N<+<=dC}Yd>;6muamcQQ6)>L^;
z0tjr2{6a&UEAqpMnN6OZi$GPL4TCU>Ex*{%+9*Ggcq#Q<SRpLOmS=+@ti+aoouM6r
zc{)H?i!FbXq4j(I=ENJRe|_T3WDXXDt=RH!Ftp<~e@o&W)W0$DBzY|HZt|NF?<I3k
zBkaeP=cLDw$G`D}HRLxZ=KX{`2Rj1Sn)$aRE|FPL1g@3yoRAQBzRTa9nCH9v+Y<8}
zm*+u`&_#ZG;vVul68DjL@r2M%X5%3Yl6e3k43jy@A&ioF5Fw0_S0r9a=D<W)PJVCV
zmE`v&UQJ$^crE$;iPw{P;38}!e<1N@G6yxnR`LfEZzJE8cnA4E6Hk&?C*DoIJMmuf
zJ&E^|Ka@Ck7<f%$ey<?^Uy19;_a<&2e>ic8%z=Z@Oy&fL&`Rb(hR{ytgo;omuS?uT
z=46k+cRTW&01^7gT;L=0lh-F6B!4RLF!|GoN6DW_JVxe3gs_zS*~H7qpG&-wjI|BJ
zYBC2n!dfyXC4}|lFDBkd#=H?B<_FF}F+VhreST;n`~1*K9>fnq2ez0Wy2w61^pbsk
z=qLO9KoRr9DB0%+9v(42aA?N-z+n;d1G^;V2R28{51Yv&_(7P!7W2anvd<5@$UZ;p
zB{Oq`1K47IsNtCL`GMD@F+Y^ZOU&HfYl``yoqC@iI>|mi^pMArJ@3`T{4hwqHR(sl
zK0l0+*#HR3$UZ-;B>ViZhV1i$9Y;%({U+*tez0T5=ZEdo`}|<X%d%v@hkBnM>=^O+
zp_=2t=Z88nI{~4Q?DIo2+2;qorxf#pjsF$NzMFcVA8gF~{4hYh&kr`vS0?)<)cgEk
zW83G471aCuVB?ts0bw2WK0nwP_W5B8^*%prBd<2|+)nb{iFcFlNxY97^FtMQP14tr
zeSYA(Off$+k$rw>C37$$@crPJAG*jsKk!}Rm>>Gd>yrHt+2@B*vd<6WWS<|Flh-Hv
zRb-zZ){=dG*g*FAVKbQr1i}Q_=Z76+pC5LSeSYBkPBA|mAp88l_vB)J;5%?JKa|KA
zHw=6)Fqr=zB)C(!M|c()ZOy><vxE8nK7z-DmkINo=CD~K%>UC7`c1-Hg|`b&l2K2F
zJ;M8is~-m&#2M;@8-<&N+l0$xYz*DPeZm96!{o;&`z69lg;xl#7G5X3QFx2+Hu4ja
z|DD3Sh4%^PP?oT-6>bo25^fdl5bhH0748=v5*`&E7hW#BN_egC2I0-Z6Xcpy_Z`B!
zg!c*`5UxR+<)4_+@^3!|mxNn{+l4!Yd&q|;KeL1fg-6JRWHTnbOn9a68sYWAn}oLt
zZx@~v-b1cU`R*64Mw^AcPPkFHS-4HOEZi;JCp;iLEWAW`DfvmMY%7FU3$GL2D7-~@
z8~Mq}&radp!uy2z$8p2HR=7d9iF`!z*(%&2+(oWSHoe0A!b8HN!sFzpq_oS0R|&5b
z-XOeLctUuG@GjxK!UxFpDc>55+2EpZNw`J0UAR-YM|hU-pzsL!$dvDx@G{|*!fS-r
z3vUwMD!g5IQh1N>e&K2yi&36B;YM;Xm9ts6O}H%FE!-zOKz?fSGc3GBc&YFT;nl+H
zgf|Lr5#A=ell-)l?{49J!o2YiHnqYH!cD@h!X3h0<fBqvy~6#%L&BrN<HE~@SCJc%
z&$YrEgf|OM2=5>tozm_S-Ya}SxCV1i*z<3+2A70egxiHXg?of&2@eX7kdH}a8xvk8
zyi$0L@Ot4*!dr#63r~`tp7PowykEE)^JUo72{#Hi3%3cEg}a6Oga?F&g_j5~6<#5{
zn%tPmzfO3g@D|~1WZu9-*eSeQc%Lv|Bntal^06sxgK(2@t8j;KmvFCezwnUoDEYXQ
z*SPR<;Z?$Gg*OOq7M>8^A-qd?ukZok8l1bLJp3EN!6kAjm9s^-UAR-YM|hU-pzw(B
znD8>;mBMR;*9&hVAD_y$Rd~Dbr0^c${le8a_lBQ3@(Iajqj0lun{ZjUTewenKzLYq
ziSSb46~e29*9mVF-XgqBc&G4g;eEn<$u;U*E8HO5B-|?8A>2iNW@@)y;eO#E;Zfmn
z;pM`sgx3mh5Z)|2A-qF)m+)TU1Hv^}k3{+Tw}10ZsV*hq7U6c`PT?NmS;B+DBf?|C
z%Y;`7uMu8PepV{mCgH8Z+l42E_XzJ7uErWCe`4}kC)_C9EZins7VZ}A6CMyA7G5H}
zRCtB(YT<Rl8-=$BZxh}ryqkPds^dOk{!x?A*9tcXHwm{2cL;Y0_X_uun^V3+!lT0D
z!pntM39l92AiP<4LU@PpF7mTe8TJYv5U#;GF>LsEl7maaEyC@>ox(ljlT%)^ga?I3
zgvW%Jk)M;&t`uG)yq?^WY&HpR72Ym9DZGdL+>~~|a5dJgp|2yKl584<n}yqi%fj8l
zeZm96!{p~B|4W3I3a=1eExb;6qwp5tZNfW+cavLFzWapv@GtbW!VSVr!mYv`<mV@!
zUBbP>{lY`Sqr&6D%Y|17uNB@vJ~idLS$INthwv`py}}2CYjCZQKP~y>-?a`d3AYHh
z3wM&+QraHjS;B+DBf?|C%Y;`7uOYu6`Cl)*NqDR9cHv3kJ;M9RrzfA)xE2Yn6K)i4
z7H%V-k<ylhyM_CN2ZV=(mk2KvUO{e8{#OgH6W%DiMR=R=PT}3c`-J&ntjMcYxIwr{
zxK+4AxJ$TKxL<fkcvN^?c)9Q@;kCjWgf|OM2=5TyCA?SofN%}2v7#OLcgurI!Y#t>
z!kxlB!n1@2g-3+PgqI1g6ka2|UU-x6R^jc!lfrw1_X}6!dNJx-C)_C9EZins7VZ}A
z6CMyA7G5H}RCtB(YT<Rl8-=$BZxh~0eqlO}b_?$l=1V_eQ!Csc+$7v8+#%d0+$-EK
zJS03SJTAOkc$M&4;SIu@g(rk}2=5Z!D||q>2G`=z4*VPP!6o4q;dbFp;U3{x!h^yi
z!eheAgjWi$5neC6NqDR9cHv3kJ;M8it4o#o)(JNXHw(83mxa59`-BIChlQ62FBM)P
zyjpmj@J8V+!rO#*3hx%)C!E9mgXrs8;RfL*;a1@e;V$7`;eO#E;Zfmn;pM`sgx3mh
z5Z)|2A-qF)m+)TU1Hv`9=Mn8t6fOz32)7G&3ik-l5*`#DA)lGEFebcAc%|?f;q}6s
zgtrQB7oHT}BfMX@8uu-tJay!=QrQ}Xn}yqi%fj8{j+C}fctChqc!}^*^4Tfv3gOkl
z>x4H7ZxP-myi<6$@IGO_7#{i73O5Kh3AYM&2zLqh3ik^Sk<UqW92FiHUM{>!c&+dT
z;myJm!aIa_3GWp?AY6lcDp5B6E%)G(aEoxeaHnvO@GRj$;Su36;bp=rh1UqL7v3bi
zRd~Dbr0^c${p52~UsU7XPjH=Zqj0lun{ZjUTewenKzLYqiSSb46~e29*9mVF-XgqB
zc&G4g;eEpVk3&)STHywAIkiudaI0{KaF=keaKG@7@Tl;(@N(f*!fS;$2yYgi5Z)oY
zOL(vF0pS|lqspI`>dU_|9$XS`5pEam6z&n8B|IoRB0MI%On9a68sYWi^HVuD32znN
zE<7o`hkQXwyI;5(_r^kBC)_C9EZins7VZ}A6CMyA7G5H}RCoosGnI3-@H*j*!dry5
z3GWo%ExeC>Ve-%aJQrLm+#uW}+)BPErR@;z67Ci57akHGC10HUj0-OpUM0L%c!Tg}
z;R)d#!n=g`lDksA2ZU>I-!b$>;gWERaJz7)aF6gT;X&aM;W6Q5!YhT>2(K63B)nC4
zyYQs&9^w7M)wrJ;b*~d{6mAx76D|vP3-<{R2oDP{5nd|1LU^_CI^m7NTZFd>?-brG
zyib@PUx~Wc3O5Kh3AYM&2zLqh3ik^S36Bbo3ojR5CA?O6gYahI3E>^WyM*@&9}up=
zJ@06TqHsyLMYvtKQ@BTXmhhnPi13*3GU1iNYlPPeZxY@ryj^%wc#rUY;cDEEkGj_h
zHwrfkw+WYpyM_CN2ZV>oFG};z65*x7D}+~*FG=?6gf|Lr5#A=ell<b8cDL|8VgARS
zu&EVp5N;A~748u367Ci57akHG6&@E}F1$*3t?&ln&B7DHJA`)$?-f2ET!ZHr(GEr7
zl5mS~yKtv)kMJzvLE#bMG2vyxD}~nxuNU4Vyj6I+@TBk_;r+tZc$N}%uM=(*ZWeA6
zE(>=H_X!UO4+}35UMjpoc(w34;f=yugtrOr6y7boPniFqH|kz1+#uW}+$!85+$G#A
z+%G&t?oP+!sPMS(a^Y3NYlSxmZx)^q-XXk8c(3pQ;Tk-@in0}jOTsO}?ZTbHJ;Jku
z2Zcw3$Ap)WUy|BqrSKZz^}?Hkw+e3;o)q3AykEE)&(<Q}I^jm)X5lvBvT(O>pYVY2
zu<#P$rNS%7m!@`DExb;6qwp5tZNfW+cMI<m<_CHruUg>-;U?i$;STa;shnNHy~6#%
zL&BrN<HE~@R|&5b-azh2`EC}T5Z)oYOL(vF0pS`v&kUbM@=KHdl5mS~yKtv)kMJz=
z<;l;W@QCo3@G{|*!fS-r3vUwMD!g5IQh1N>e&K37YmIW&2{#HilV6tV(k5IM?iTJ7
z9uOWDULw3yc!lt4;dR0rg|`TA6W%GjTX-M2H`RrIpe49gxIwr{xK+4AxJ$TKxL<fk
zcvN_t{PI+u<-)6k*9vbC-Yh&JyhC`G@Lu5q!Zo-bA7$X*@(nHtw+OeBUy;h(DcmDG
zi~P!DGblVFJSMzMc%|?f;q}6s$bHHGR^jc!lfrw1_X}6!et-C>6K)i47H$(R3wI0m
z2@ePl3ojvGk;=bRc!lt4;dR0rg|`TA6W%GjTX>%^{}XSNp;ov-xJkHGxI?&0xL3Ge
zcu06ucwBfn`O4HLtAy7IZxG%rJR!V8c$e^A;RC`oc=i(c@^2RhmxNn{+l4!YdxU2R
z4+@V6j|ndmUMajrc)jo@;jO~kg(u0cO6|Evc)xHpp2>twop7UYvv8YmS-4xcPk2Ch
zSa^x>QsEWCtI4xc`PT_=6y74dO?ap9ZsC38S0|tRU}A8saD#A@aI0{KaF=keaKG@7
z@Tl;(@N(f*!fS;$2yYgi5Z)oYi+ok8?_S{p!ZqcJO;NZc+#=jA+$r26JWF^`ctm(i
zc$x4@;WfhR$+L47HVJPP-Yz^TyhnJya5bKLgwHzRM&V}RHsP{xw{RbMPR_yr`Rc^O
z<hhCe-QN-n^VlBm32^C>t9GUce!6p+N`(FQr|-(#fW%BsyIO3gV^e=v4o&$0PBCr~
z7?-I;sNPcXSH(Cs`r{>=`opwp-&=yP5ar`-cXHXZ_`lZh$8RUFe2?>e^fw=y`df>5
z4Ymm3ZvYDQ*ZZ|xt^qpwdxGzyzc*r2f9ri8goW_;0mRg91LCodhQaT3E>npxgnXF~
z^F17rc8uSLP5o{3eGnGH-xm-gmraZBuZTbT34hzc>Ti?p^JG)y`;P0&zGGbcJ=yos
z?=P{bzs<f6!a|hq0Agyl1@W2s<5B3f9?K=)r}#eR%kM9$zX{(5VIlJ6w;a{qD)DzD
zEV+;Vnlt{kLDz^aLipo%<<#F=_~T^&`|YWa;jf(Ww+H)pj6?{3XJz~yfIp5^`a23T
z{Pku0HF>(Mzn5kFt$Cm_u8tOeV;O&}|4jYy`i#Hz;xFb3w%>a*{#p^Asr}xS@wW;7
zx{#jreTJ0p6B&Qqh}U6%glNByWc*cs9pBl35&azp8SVGoj6Z%?C4A6l@I=O68~m|;
z^mn}YdkAs-o0?Di5eXkqPx0R~b_0md)XsnL^kpVSC?nsPhnf(lZ<gbT!=~pugmlzL
zh%y`wJ961~^ohR{p$mUa8GoaPDBp1zf5YOhS^SkV{y5HND&JWde@n&R$>Q&o8Gp+T
z;qUT{zt!TeMf@$u_~SQnW-8zOjK7WI?-cR(=8V5J@Hf*q9n1LJ27fV5DWgB`%=p^?
ze=L85=wJSQF701_cr4~2+?t;9_tlKQN%$*;Gq+=ue@j#S^@_hXw_`i~GUG3YILB#(
zDBonp-&*+VfDw-)t{rG+?T$qNR8z-M1JcdZevf7R?Sj8(KhCS+@2MGo{N_*}_D6{F
z)xnNj_8rA<;J8FVSiUo%3xChb_=|q@WM)UcFk?54d~3o8GV(2F@@@QPY6s?v%c-e+
zugdsa=JgMk;m^JS1m)v>$MQqiy(i<3-$x1`Od9;jjNMAu&2)V5?>90{nTZjaQI94_
z*5iCg?qj;G8GmcwZ>DzP-+5Gj-S8LlU#Ix{dBz{V=QPuK=EoU-1MnBe$3^0gnWD&3
z?Y9;FW*mPRe;cK~UE+^_Lsk9lfWH#<M_?Tp>H*|3BM3X;uOE`_cL^l-vHkcrR@L8r
z_?xNyo}2O4@jsPu)h+&Bl<}AIdcnj3^JU=on8;;D5W2+QrHFGM%Qpbf@>Rnh^$}>t
zFdINFGlI|ye@&3AZx1B*G2I&h>W|0iO#W_$9n+MtF^q~o-YyS+t1|u?;jd^Z(huzz
z-UlF;89`VDe=%Qi+;AVu@nwLPuND4g>W_^Xe>>nW#`7!0-@_Sy?eIst2+Wt^rx|~H
z;g92v?Z^3zb}Zkc8Gk+SHv)Zx@b{;TzxE0A1ANinl`sx}#m7yr?-uym5YF6=(Ia5T
zG-XB*mVOJz<zdO+EX2d#^E3WNv16wGZOQmsgA0--_+j~Y8zTI@DC2J&J7zk5J2U>a
z!e5*}`o-UzjK39!@HZ>tZ@>7vTKwIV@yG9w%`{()Wc)R6tBk(^@wYtVZ!`S0V1EQe
zExaw`Zvg(rv4`z<4J7T@?jO$h<M+)<&_@V=_hkI-hQAnpgD?(%_h<aoB0f`n@5}gW
z{cfec*NMMf8GrnS+D!g_p7A#Xe^I_6@%LE9AIC*aRMzbn{cFbG2KbBPcY)in{pxVy
zMUzgQKluH&naWpy9owjkjbTE{H;j0+UrWZ{;33L)QpR8LdzJDn5`X7q{PEjybu55~
z=wE(^P0QB;f32|Lc;WmJ<+~!|Zw&rQ?u#P)@%wG+Zx;OZV?X`f=yq(s8#Dg+t-6`o
z@3k3!o8XW0GX0H;zyHek+XR2hus=eSZ*|6B-Gk}dne=xvjHAByXZ-OSbu*2Z`!fDk
zZLjpl67ly?#$ONO#VDNHF}gG3Zv*^wK+p2s;&yDm>L*Mee*;K21bu|4?>{sC_QGE~
ze9_++jHABCW&CYJx^g&kJ4TOz9n+K<L1_L#F1Hzy{%(Z~fA)<##Noz59n#Izzo%vV
z?S{Xo?>JJ1zpFCk<M;Gt@^?kXU(*jO^TBQ6?~NIMU5J;hr0IwGGTfZ;Hw1qhpl5xT
zLPq)Cm+`k0@tOMfj*P$3j>_?NyZEzj^&uYZx9Sl7K9=#<1Aoze9RE>1`^KO6qyL%8
zcYns;GAZ9X#NW?hhbEXR-<Cu8`*FtKCh@mi{QWiKZ-=LYiG}EoKW6;xfj=G(?2kJj
zqrOMrVAb;NM7qx8YMQ^pVaGIO-?tzBCcyN!0y6xamho5ebe_!Y$fsodZTV59eD4*1
zmt_1kA&!4jf%!6AnDMs_{u-cX`Bp+k`4(jSwIDvz@i9N+Z#Vq)y1zTc-#aq?x)ATg
z{s>XNw`Tlx{J7G7t6&`E`&7o?GQ^w1ncFeS?=&(^nGuAVpQL%7^}P%6@b|5ZzYU0Y
zS&H-%<=dL^HwJ&`Vr#$Ekm2v)jK2ejHzim08~%Qp@z=LA&ATk$J>u`tjK9(oXYP+b
zW&CY{zvz!O;_pbLM;24Z8^0ep)A9Rc=vme>Him|uR_23y5$8T0FVD;P>p`63Dniuv
z<cz;w`0IiZ>$?^*{9TaoH;A|fmYv~6ZimYW3x~4140dQ5UZ(y_yDMhM_jpf35%u7A
zHOXZv5muodaU6Xd@u<hbjK5`wb3GIx{9Tvvw?W$ZlQ0f{Z^`)E<ms~hKAf@JjQC9b
zdyl6tyMw*RH|D=jOTJ&s_}h;736ZJWG5XnzzXR|W>%R?dNB`f-_}h>8d34|*+GT6T
zU(3%b<N0&2jdpn`<FDgz{Jn}8ByLC7J2U>q;E&(7=J?wv{{Eiv$8TT0kPbXV`Tmme
z*Z6Q{Jbw|kQNDVVhsBBWFTaQR>~Q9Gj6Ml=OjBkAVF3Q3{Wc*U{+^TZSA#}9$x@`B
zDBp=0e=FcG#_4_H@5LE^{I;gQVrLG+-$faJ>)>w)7Hq%G;_s@AKYmy9E#@ixgug2?
z{u+K!d2aPp@%P${zuG6wJpT=4{B4H6Cir3bwury+jK601J0TU#exrPE%=p^{e;w}c
z0rB_ljK6O9Yo5X1y%{@xe{-gGzB`j|X;&rRZ%Dph$oS*8H(xqKz8f<BX2D<d8*Twj
zjjM@_KYn-f<1_gCddA;Y_&WeQw)3~d-$NOH6Y#fV27fy<{<i!Q-$;iq`ok@esq+0b
z<8RFo>F?Zx%jma1X8f)Hb*24q$voxn={OFN#nf@R2mWpdXKu&n(_ly6WkwM8z~49|
z%ZE$8DSxMA{0-El@-q!Xl<(OYf5W>mKYM+@?{+w3au;O$@q3Sp>BvL)J166B{5R?E
z^RRrl#F#4I+>F1q@OOMTb2~<_%J?fiQkjRa#GCSWL&o0({Jn?{JVg2UtzmN6^*!(x
z>k=%Xru@Av<B#8dJloSygumM|{?@?XDE70yIOR<F`(VajAN-w8M;^l8%8b9p-&XE3
z{2aElV}E=q<B#8nyuf`?gg<^CnOvq4VF~<oL9%=gL59EkGyb;2-;0^RL-@Nd<8O=j
z!<01T&%U#ac${ZSN6tL&{xIXOc28wI<ItP(w-<IO@|3@|@OMAr5u$v*&G=gme-kib
zeQ~Hv`Kv}Fs=pyDO1Qp>5dQv|@i*&t>HI=}7}`_*?Ay?YM|~Ud^2Gdb=5~x8iG1n1
z%m_l`@6+FHqQBoF&V4Y+ot!D(QuzBd3+y4v_pFS+b@0c(S3-X%>Xg6BGXD6@y=Tqf
z?~;taO?xZ%k^Uh57H0gd#L1lVPlPDnbs2wMf5Q3~`LcX}gmKjOEg649N9S^b;mqwA
zy*1;n=g*b)15WvSf5sob|F(06`mV_Mn}m~&s#Lzeh`*0z{H@2!BAqOdhp6wp8GntB
zR?ct0sq$^j_}d46uMB5y$LReTe@o$HIrMD5zquVua=*y<>u#L+y#KR|zlQyl^U-7C
z@1Gfe{65)v*dHP4`}d5$UiiaMu=4!_GWz$}Crv-zHo_lH!BZjp9Su8j+4l^=AF?oi
z|AY*GFUa`gx6TGU4Mq5C&G;LIzkcjz`{l8PzZYlxwLD|yb@4?Re>>nW*2PugZ+6BX
zzkT+47R*DG@5+q78g%L|*sy$$6Mt{W_}dPDpATn{;cqnKZx8&fb$|T(qfy`g$KIR3
zRZ;!_|93$|xhfzosoA|(R8+tVqT+tJBI1s?gsH(rP+UP4#j?UB)3U-PGqXZ7v$9;W
zveZH|Q^Ud~b1gDcGc~o%O!NPG%{>PW6Xy5#|9`&!@BjaObaXhc^Pcy-=ggV&JTrIh
z+?fTsc=H>3-hC-U%6NSKI<-^GSbV+w{Ggf=?=@Y#VBD-!*?Bgf+pfl2gHD%+*xX*e
z!%x<4n=T%o@zq1rftjq|W?ek%jq>B0yjPC>=Sy8YKI^MXCGkph@zN1*0{mD%zN1;z
z@1ibVl(q8vGS2DZ9YVa>BA&kzuPR_bvF!L!fOz+#ER)<`6a1*1Vn*W4^8H&|iPuyY
z@3OV>^8>3cp5d?Z_N$}B>#2(uX)_oe5_MoE>*vzNi$lC4n9ugBr^Fkki?<2!yfN;|
zB;yU%#j|1%;JbPl?=B@?wl3b*AY8MQK@e2RNxFD}gshq;9^bc1KlYa=b@BL|6!ue@
zWIR5jpV}#A1lBZ`op10x*D~HpT|7Sjq_Xk;1zo&S#FKp7qr`hp7jNrr;%(H$OGGD@
z@oY*wejY-xtp5eJ^z1LOS!M0_sV-g#;-zCj?hkn{Dci497mv>g;k{`x$@V+0ix&kb
z_&zko<N1kfKkfYlSXiE4@%a{8Dv9@#F5VhIAwR$Iy~#3O4Sc@h;xZnexiGMjcs}ss
zGEPiPi|ZJ*?O^>{DDhh9;vH&jFbt?9UNc?15I`aCQ)s2c>!ynr6khpw)lnC3dVOQr
z=b2C?-auWvRK(*wvNFm2(N`C*1o7nk=&hA_<8<-nM;HvFWH971UYagmAYN!M`(L;c
zZ@MntWyBj+NxZ4Lc=MHbZIpNmbn*JOxy|uS7tafWfIL5KtHgUl7w;V6JyS{jR_o$f
z8X3zzPq$a%eWi=X-+W(}ji$8U0bM*R1{J>Jiv6#H67Q-m-t-QY-=BR^7w-gayzY$k
zF<vJnUJYC?K(UMu{=RZZCELq)WT<@92ek71w2KliR2R?E5${K?WP5{k@zx+7-@C^8
zbyMQ?(8c3#sG?b6kz{D6E?yBJD-`1k{prW?YPc>Qe@~QANxY%Dc*$W#1MiV#{kkjh
z9@fPRipF^{=F24OH%%AM3pbjFz>o2IV3PG)u8Y^%<vIT8<2|d3=Ky59XO!`JD)Bbx
z;w5(Xyfa%LZ>=s~A|R9Jlf9I9pX%c6M!exN7;?G2J9P03kw)$P&8%M^CEf{Lyr3A*
zZ!=^_8Sg7yyyb{zMI6TKr^LIgi)X>fBtP%SB;)<4i?_9H`TpQ|PCxb+?fodo<?+KO
z)?nx_gK@slw{-E&wKJBTPx5#p<2CTF$Xg=faom+j#;XHAYNwbn7=wyDUJg>?b<)LK
z-qZ8@3w^wHx_CP=sMLoO+i!>xZ-6e|Cd3;kgCUpo>#d7-0`ZbXynB^++B;uhFKfRz
zgW)*JGRb)3b@4iPG#YXchxHq##CuX#ztf19hxszeczmaf+J5UX=<%JXj5l0~_ogo1
zh~5SR$8VWrJYKg{<IV4CH1J)pj5kt=w@VjqaUXnMtt8%dUA!V^`FNG2#5<ykcdf7I
zeee4E9n{53#vmp6a4Yf7>*8(dXE1ytgCUpO`@Jq+K00YW;&6LMDe=s>eu!e({#^_>
zKB*+$U%GgP*z)?NDe)TV;*A(!(B4NbL(2NqgP*!TtQhp<_3SZ9yigG@LIenj_uMC{
z#$)}Xg`Zi>m<vC-E}Ep~dw<mRM#dS-u3L;#);mzdLl@D~e8ejYqR26NKU}1CYD;+j
z$n|CmKZlrC48Kl_AGd+ibok-4p)6I!!91$0<ndwgDG^W3>IT0eSy>nvi)kMG)a`X*
zd#y0AA7o<UJdTsk>*C$Qho0%tjNnN!-V$BB<i1ADkMXjUc<3%=-<>nUgU=ZZtFWw0
zG9GiK+6L=dYzO?NV8+Lo$NKqU!biUf@k&3$cP#jPDU*zsotZRtQchS#YpW-Pw~cJy
z#u4s_Xk)d8I~?K4-*)XHt=4uO+6m9(>W}p38*4PmNNmIV%i59a;rTx+fm1-FVAKht
zV$bf~J6eNBWo2Y%=VW9|2<_j~T3(nmCNw-OA|lKY+95o2On7Shc5Nf0T3FkL!K5|2
z6@eHvF(++OwmYfUq|q6MA%l7(MY{$K=sRR^kEFi62KPva?mMW9qk6QfSC{bWa1P6!
zHZjMYf;=b7lc!6Sla`lb2upS6xD8<`+1ZA$Q5h2_rcHt^Pg_ISSgzp?$y{NpxykAt
zVp&q=31rsxQh89b_KVo^@|{#eIIt1qF~-xr<x9yuViSIH?YHx54nH4Eck&An@g$Rs
zR~eISVON=C16IbQzR$l3KNlvM<aRJuTl50T$(UGYw!!WCJW#8!XJow8Y<GEwM{oYO
z&;Q%!Z^y>}mOeiwEh!^2Ez6xVHe*sYdjG$D{@*_TzrD|APEAd5XQ!pg!TwHtK0LB*
zc!YL#bLVp#K4X#xOivpI8=6+Qy9x9DP5+S=2-sdyZNr`wM;H7s<B!QF&Aq~h`H!_t
zGg@j}s`RT;(tTEn&6wPFk+Y5U-r6Sb<~-aN84Nc~_ClVlLtZr1J>}D-mZz}KH2-Sd
zhkZiv-2>-^TD+||l??A!qf0Gm+h;1?5$CU#Eq8n4WV-l5qOGF6xVU1u;mKfQ^U%YW
zyIEzdwKb&*wame}w|(89T|CFKubZ_CH89M<6l(F=uzSUk1?Og5n;fv+QR6af0ow~q
z?uI+u4Gy^PI_0i^)m_i-_V2LW<qjCOf9#cM-&)L;0GG|*88ItydwlCE)+W}WD;q@E
z?sl}UvgFwYLsJ^W?O(FEL4vLEnL1vU0K2=f-Nvt2ir6royv2+qr|Orr(MeO?l=|gu
zRM!+x_hP+Je#?kO&`3#!s0GWLB+lq(>{6>F)atSCGYyUKPy9CSN=4h%S}t3o<z5N4
zyU~Us1YBp<<id&}tA?fV4qM}0RSllFa@L6e)v-9D;iXT*PV6%!uGl&xYDQ=k&$=&~
zqPEAaa5gFGSF?*T!RFr*7gJf+;05RHEfz$rC~Z^JVMW}G($ht;2E(}-mH>;npE+?u
zylYWulUdEZ`gf@r-&Aad-R)<$1uS0~wLfkH0w&HVZCm8B`E?9WumzNdjerG_<2E>A
zih6Cp_j!r?hiwSn-eN^Wp`pWqxb2Di?>im5;Ot7%u1&YfH*@|(xm7npq86O3-NwFd
z`YzmegMQ%6&n3)x4$Iuz5IkcSPGr$Hw66=<K|(F4eyGJ{Yq-PK;DGI}Q?~k7ZS?}S
zXQG#ATv&YOMK9g|T=+EGSpQ+hhrA}5NBZ>hiLhBb&Ed1b)1v~muQ$1C?{EhkaQmNf
z`~7jH#lQ~klU~C%j9oEpvZpguL1!xQbfuYf6KsL#R!c_L9U4*hOg%4qp|QneyRD8V
zsON8s1xv05hKSw-##RQ}SMV}0cEU|l-Tr~oPg~5MB6j|PS|e-3xg%_KLd!U`)b21N
zwARg<7fo|o8{$?(ZIGnE-EOhe*gYc_En|r&u@{xt{S78(k#&JR+F%LnVw9ff8z)!y
zJB|ecs;RsVwfn>^=;iL>Ww-GH32M|Lx}T{_tzcf3L<u}&AH=!UWiDX8jJwZt!X6i0
z?%(iag01Skq5CeZ4IUU3jczc|WeY?<aJd5$XEYo#Omwdz*DSUh`<H3g-dmwHFV>Q@
z&7UM=Z>=Sp03$***#WTsW4#SpKZxaL8T5fze%@j3=>WBN*a8mN{7>2Zu3ZV(9*_OM
zaD}zNzsTh7xx*cMz}@4NJLampyWQO`!rjT`ZkyolaMC-=-QKfv+hOOrY;B#M{kx+>
zge{Ik#p(`2vpQh^S^{0}_I4YudZT&viJiJ+V+XrCq9{aga?!NJ-rnwxv=^3v<EZOu
zXD@Vm7PGsfP6XI(j=Cvrg#jHIzYPoVvY27^*!pUPC{N*hXlYlgea9_N$@<sK2wU6b
zZO%98Qq$KiY+*C)?k?WA;N<0Ucd^^LT({fZZLWt!*t)cAVt03b*UoPgP-nZl<Ann*
zn`3^CGe}m?7F9QZUlejS+VO3)XMnq-#T?=8HV0;OC6~LK-PZ9uVutst8DZ;<g2&%t
zIpywpvBn(jGi-z{eDA?7HA4kcE?b9|L3WeD-p|mm`1g>~Q?{;j?{Lc21^#=#vD?Cr
z9l(}I{|H+r)K&PO4LNzr*5PDL?>s}6t$m6uBEjZx**ZtqI+iv6Nz;-YjVu<syX{q5
z)EsX_jIc$>VAw>t@*Ty-vmxIeu(h=pu4-xX)cZmLw<AiioLK29T-6}PQoF2OPMFZe
z4y;?a3mxphx&>%l=1<n$=BF$cn_#e1omh2b)qYhY3TJl=w-+v!>lnJD#!U-0a_<g|
zy%u%GRUcR3?B3B4g{vwqaJ8zvaJJQ!@2MlUFQsbpw;DG@(AhHRNt4SK*(zLa=B_%1
zvn#QeBdy(wFu<1eK{#EHENN4O)pv}juy|}W11qBh<XFn><M9^TC${rxrNWB)k|&K=
z+x3rk8R5Hdj>%xLxNL2Dt~Jfsb_>mKx8Wk7hmC%w2%E!h!<QXe$FjBCi|*47Kozwq
zig3p%ZRoPatqwHBK6=Y;>o$KQcJcgCp<+m6PfZQ=k};yzp7O}h8h;-XytVU&S+QpJ
zV$@HJ2{lZ%o;z%@2W&k~*<!BRx??z4=FgLdfbFH#CgZpeK6k}D+uQ~7{O8V?={9)c
z```@23a9^pOK{i=!I+q0JXzT_Fj-!%v(q2-))IZB#*Qu1s-4SM=EDG9V&!gVj;ze-
zi(`x-1(Ow%9n(xqyhuv@7$)g67n&DiX<vqkS6HcE$7B=wGvw007}{Id4<I*T;<^rD
zlJ;YY{RFgjW{8~MPRKZ=(7Z~<bzQ;4#5gj^?HULJ*TFm*6a5!rVxm7azx|?}b#5i}
zm&orD`Vw*``cpT-M1Ox&hIf=v_h-eB=tJ#7PJ01#ZJ}RQe5i4wnC7z{x~9+{LfeG?
z1{(jhn57W1ea=9eg#DaizoghNEB4=@nOHY!xgY<8<}BK8K*;ze1efu>AY}Vjg_iz4
z&@xU9IwLU-bzS6kOidI!idvHUh3(AQ%$c~XOwy+i2Kq2(qE8_vxxY3;%lf<z9fXPN
zJ&B2T+EdqtgY@A^PlT|?LWc>>Zx@>i{T!W<xGrkhCNDvAmR1MFz8ac!q<xKIe@n4*
z|H?S;D)!Bao%@}Maj5GcXZ;T<b`-TF+lN<$xo+lk)9Qe{2PQ6i5fc;b)Y2XSXIbY+
zXkW~ue>cS*4K3SbG&K7F<BWw475+=0nP{hOiJWnY6gzdWu(Pi+(VrS$G->`_SQ#YR
zsbyPrhvp)*$0+vR(D<*}`$7al+c726h(v$tN08J0jbf*keZZd^g+zbq0Oa&<0xj1Y
z1TE{+5}KjtAEMYJ6niAJ?1zcaO!TK_94^l%V=>WA&Gx5#EOaz-)`3r_YAy6p#h+T%
zM?Oi4aY_~Y8E9G0bI|y&#rzRMZr2598Rse;kQj$r+OH{gYH9yVu~TzhtTPW>lKr~S
zOpGa$?6*x|;4;jaG@pO?Dk>{&f;()&*c@D>oe&n25#Oi#pzw$|cXqlVtir6RqmtrX
zePUw6lhX2TH|sX`h)V3*YCI7u52!d8!v6MsnN~GgE32|*ucW>e?V?f@jIyR>Mx_?z
z)vRppZN9?uv>~dA78WZ+Au}r@)3bMO_t#wEDJ<+|<flBDEBxx0^Vv7blUW<b)pCRK
z0@UBXI~3hcc<H|zG*|d$jmz_!-tuJDI8)0!{+1_mg<mId`C8>Oq0AMYLcsFfy7`TD
zWvfP;H1f=dBb7`n^ZQDfSZ*#0$XVuhEHbf-Tj<IX%RS3V9{)k2%p-3A{w3??=jzJS
zbme?e=21BSwS8Qac@zr3{#z`{%((tS3XxcTOBRr`yj54;qbrx_$~@bXiOZjn1>`LM
zq$~d+${cM1(4Y8GR3`dcb>-%|a%){#z5j~K^L{d!SRSe?tM~J8{&?N|d|i2wD0Acs
zFrdF<2;e|Acv@y!_l!wX(z0?46WtRgWQ>w?dQAeAqqEY|q+v)VzLPI2#g3iio*-w%
z3b*n>P=xQ9mJ>5}Oj>r%ps^36877XMWSE#Xaa86sF6ePCQxRIQiSAL_in%=WptPJm
zX__}nN)1r*)F3Y-D<yZdTvn?{Qc`Z}*eTg#+Zd9PCT661M6OU=v2Nfhud55&Ki*T-
zw29eiXcFFvfp$QimF7-O%AJ%wcFd%-)T9({N@kKfH8m-fV$_5*cb0TdnwUEwXRMgd
zOkFG~TWgBUq@0WjcC8_lntArVQGm;XnvthwNIYs8#gJy9u1Bk<pBj0Jip0f?{1|~m
zle9OY7IrJO82W;!MI1;&h4peFByGK-4%&J}9oYZmvf6q@9sagnVYkv>)InRXum>x4
zjz2~*%sHsV5ErS~qZE5*YOyU&YIR$b!S27bU1A%x?Xn>llD1visfK7zaSEZer_fgT
z8M#47+IEThYuhF2uWgs`*S1UeYum-sUL<Y1nt8OgU1D3DFjd$tRtm`rlTqDA;-ihW
zkJN1uTH6*8lTB}ArI5635!#BfQ5+PsZ4p}A77<6=77<6=7NNCm5plF_;X+8-wg~M+
z*(k=O80r@IgA|9!$kTkJzL<>ssDu=c$;i`Eq`{bsTp>~-CS$lJ4I`+9e=;>sw~<mY
z8F3FiQ#vLiD~L1!lk8WS)S}Kg)WRoE(bK8Ldh-=Mn_BGaxzu7`&sTg3s73oMR`gOu
zLmG_yD1&rACVpx>g`DxJ*COAo*uPNpSBgHNXf`XCWz%u<sEd)a99R{9kf?nFHK`rv
zY4<{r$9!M0uU*hw_7L)()bQ~U+E<JN1B6csa$fbIKkG7-8vYiceMLKr6Lvr3)V}rc
z2Pq2^mz|0H0ctGE>QVcOaf9tlpJm7wQp1OfQ_DD<N1xY`ucU@gBcWv+o;T2k@!l0a
zR-t_xKp<_!M4wXRMbwBBB(&U?r)f8No-zKT&^56P?=z=89(keA{8Y~02TT9&6#b*3
ze^&H0Mf38!T$Wc!q~>$WrDoTsE`=}e2czaE->!=8E;O&$^b(r;Z7?-=E)uou8zZ1;
zXWyXqWn&_xVq*N?5J%gm@ZsXxJ{A2(+o$m1)t;&JhXeZqwd_Cq)XX@%LN!xpZr@|n
z@Mk}vmTkUR_;CNeL=7MI6KdH9UZou|cx8j%H_(Uugj)J+QGB)w{U!3f)bQtKQcM2>
zw2PR>g^v|Ewd_~l(Jp*`qedL|8EP5lhVbFlJYIRGPcUrMGEQ~c5r;nPPt=#-!*Bkm
z`y+2ijb+I<wXYb9+6X&`ENWjdF5OQ%mSsQW6&5ZV2_I^?EboJ*PXY4Bg-;ZGsAU{p
zMWPSec8k#DZwEDEb{1N4v|IQbKwd0-obaKR`;_w-lUMl;3(YHgta@NI{6V7jZKz4Z
z3&;Y|A(P<yj?l-D`*B&=oyd8Gh`I>*az(SBN&6d$ep}Jnc8O(qSfW3#&b1SoOm|Q;
zx0yaM$a_*(#~&nW$x%OO+To_XyG3#|gmxI$Am)9-2hFHyIS!`?AMU$!;X{t7rB9~t
z;r`KB!@9_h#+nTRNn;J`%7@PrD6>9fhuYVUKS--F(N12deZ_f;HfCbk94uQRe8>p3
z^f^pBd`=?g{-Ayz`8Psy*)!CLZ$(b+8-zbd?BDdK&vk0}a2B=fpFWsJdoXO&vQOeC
zdYYXqP|Nz*X-CXh<iWzn0Uv6)UWeinC49&QwXZlg>n?nFJYXzY&q<1&EOa53eSjME
zBs<i;%^;B2?p&5U%@#iFJJgZ|jXU^|ucw5M6F$_^XBEnP&NMsId7-Z&=jTgl?<_Ry
zJ4)zBkuMVZ9pu}DUSY;>pM*ApyN;L`X8>}iqI)WOq|m%_$ltfnzddwKOj27F-CWVF
z6+J}gWaPtz=9S6ALUS8WDEd1^^J=5q-k%ixtD^r@w8kvz$*Y<!(Qc*CJro@$bUboi
z-w5=@A0%qY@^EO{Q8n#1Xp&_&?TF7A<Aje7a%$gJ_=BV!6XC<UKZr8pkY#Gg@@(4S
z!>gu`3m-q^)Y4~>@L7X=snEQd`aCsal51+&XVwWjxu*6dEJ#~1(Vr|+OZ#47w<4$Z
zZH_-k8sn(jMd+_FaoHfDrH^)8gHI&-R8{sX_>fs@S$}P;h7Yg&YsWQcE40Qk{L5Ib
zhXs+EFb;fpWw;qNe8@7j+(uq6p`H9v%Wct)Yp|0?YF}0ci99eSzhziS4IlDIEq%xd
zeRw?4j#Kb)!iU-y6Vox_Ll%CbhEELa)V|^~4!L5SbFkH<hEE)PsC~s}A07kg!*3<5
z!ly5MsC~mAkeUgf7~~PchkcdWx3%VCh!Q^hwt@^ZCa?VS-7sA5V7O8HvH_8@ggsGc
zU-8*0Pb|xC6P^%0Bj7_V>$5=k@SBU5g-<eksC^?KkX{o${1#)Q@JWT8+P977V)#J#
z@EeV7Li5{`PpMJobhuIba_1r)7WN53%VPnT;r8+ymP^7X6F$_kKk#M*#>|18TE?s|
z?0K+LOFN&}L;vZpQ_FViDeU>MQ%ie4+EE9NW1|#3TIgidC4(9<$vU+>#yukJb77~J
z+x5J#&xf5_u4@(TSQq==t3nr{kG(1MR^%HM{Vp}uTYxy!lAVu)&mQC-3!laCp_V?y
z!iV3&d@g*J!iQS=)I~Yaf<H*qzAZJW{V`VcXdh%o{z3A?WEAIk^{K1Viaw9Yh<Y*w
zV={`EEXz1F$vE1wA`ZtR8HZh5#v$7>P8>DbiHST&ovi2yie{gXKHO(gvmK>guIM$2
z-lXUvMHegjh@wv``m&;LD4OR#a=kn+k=ja){>2ocXr9kVdyJyv6+J@H>5Aq#nOrts
z(eo9(RMD#x&2v_{>{dnZR`el7mn!;#qOU2MpAThBK8s9hzCS~1{w7`ONJTpp&GAwC
zBq};p(fsYR^qH>cxr$z_=t4#FT|08w&D7w8X{Vw~6wUJ}qnF3$oT7hGG`<Kb^RXzJ
z<CR>NW3kkH--^^6yQGd&^k7BvJWTpbP;{Q6XDhlu(aRORM$wxTU8HD^Cvsg!6n$FJ
zmlb`38e<)k586p;o>NP0Rdk4=qZA#Z=y*ksP;|PYa}=Gg==q9Xs_0dUUa#n_ir%g0
zLy9g{G~X>Ex9ggsz0d~I?x*NRispMiq)()xor>nWH>6LZqEi*k_g_e#>587K=*5aI
zRP<U!Z&vh9MVBc0grd(W`WHp>wg6cli=z1q4`~llv_sK+XNUCRdnu&myEmjxR`di#
z=P7!&q6-wgT+wS3y@?tVQ<0*J744aO=f76CU?^lWXeknZd3=-!-9$?b@t4}El?;Z<
zI6(3k)&vum=R6)iJBhN4Hv;7tOft!M?O;&jrQ@0`k6(-jEX(2zg;wiVDCQy4l8nb|
zj%vKf2A=vb9(H$Gyh+e%yj3X2V3JA38w-OP&xv@lemw2qJZ|qCOlrJyDD${2lZ-b5
z1~r}q4a(yb>&Md!8ShnSH6B09%NUqdrdJB>q!FpKQTg`rG)KlOf>z_rWkE@@xC=IF
zwmsAB{MZIQnC|3v7(V*-UV%*}xlQ|FpmvHG7qA^X#<N{`E+@Bx*K^c(Ja#t0B$JHy
z0}N`s<+#w7jLI@zfSAYq=8a%#yh1G03U--fJe~)s@ov~W*RmKd5EJJy9<Q0I@rp6y
zAPpkPcy(b@;|1E`AnM2STN%%xi&qGs<XuS&DdV-$$7_oI2Vd3?h?d3UHD3HL<9svD
zi|Heij3=Lw;}kR2qfr=#zCfTXUaE-4^I@jrh)4Ei;<`9Z#2;~*uFc}}prfRd@L};0
z5l_zQ4?h{3HpXJ&^)I#kcB6iAu(N)=rYqY|JC{URriT&l2--y^8SgP&Jiic+ALCgu
z$$0+IW=t{-MQ3_O27ysZ=1R9TT&V5oe?hRz{=$Au=GAz8ab1Gfl4X)IJ8i<~9Nhcx
zU;V9PTZhByNq7FO;|Z<|mEf4qQNJpC$N#`h<YC$W+2=NBn<M^Uw`==G?t0I*mV3x{
z=KiIY`{Z_hynLjNf4B3)Fs8+meVBfg@c~>b@R5OXWqhc0gNt_8thgM)Vp;!lr}0<d
zq6;9q({E!VBHKqrYVLRLFP8^nMM{6^TmHoITLy#YzgC(5-ar5Gby>XTm<><ZV=<DO
zA_{LcfB9;|nAI^?Ev6cm@e`$gm}i<}FxYokwPk+O+zkQSi>h7O^X<|7KWzVF!$s3g
zuLJhZCHtfInS4Xv%`)w(Zgk-nA7-N~+Tb#q?9oQM+3bpjFuTlN3Fa!UXfK!9J0ZG?
z-CWfb?QM^)>N5Kzn5(&>eO%`13DMQ;W?xryb$hh0{bNgn+2S%8Bcd%4CX*|=hTUY2
zh^}dmt`%%VZz<yQ9)tOnAC-TwO(<J%xJSj+j50bR9UY>h8prul_(z4s*(hvLT^)8u
z3*i?PZEa$0VO(k~h|0AY4AwS<apt-H`HtL(gGLmh%#IjGo-H#fC*q(9<wSFQj3Yff
z*@3dzGe6Q1*VozIksp<-&CgU89pXrq3$8I24sjGHi?wwmj)))R$kY~#GA9@2t~_S6
zzFxSddSM$!!J3?v$4s)6Ux<=fmex#wLvnhqb#!66cR@k!!lOp(bA?N*6^wS|&&`>6
z#AKaYIM*kCv?DV!C+jP-wRvH%$=b}3K0P_bv7^}Pd$R7fn$A3JW2Y9*ts0-1oAs5^
zI<+vbYUW&rBM-}%Jf)?MWKRUT<<E2ESu*n+(~R+XxtKq<s-wb!$rToKR$Q<V7xZ_C
z1(Pc*=&Z0{e8mMrxS&mLtkaq6I%KrQ6vlZuM?2yZa}vHZS%(zHRdL2T9G<3aQW#~z
zP7dyDZGv4qXC7#B2Io#jM?PT6v=?qRtuPo0kNd^v=gvH0&YW8q?6Uw@_w0VwZ4O6p
z4m^TQGYp1&7+N`!*XL|JZp_?LxY5_J-tO3J!Jih!_|3T+kDFjU;#+vq&rzCt>T7f6
zrNYfM3%2;JKj}!`oP&9ree+S;=5Ute95`vrJXv_4hM{DO<47a?dEehrAw;r1gtJ13
zcwLAPhG3JV95!XL3ly&Q(;CK{$%ZLd>{qaiZIj7{$)D|q9jCR8F|$o!gxTPj>xk-%
zKl4QY|7VIKjE0B-h6tlEVt_HiXo?tMiZGfZ2AEyODhWofgaKX&MsL@EDlTKygaHs$
zUB+q&MxTTMJ_*L^t^w6tM&E=15Wd#LX!`(*)%k0}fEw1|T-Sh__5rnguI&Ey$o_NN
zui*#3&Kj31j4k_2z1((tXR9r`#lV{uUpqz@?<)VX(dDxyw;NpSHXds*rr6yEyG@QX
zm5eV(EEr!-I-(lM(IrHVE}fOp#TtsSCC-R07>*M@dtss}FFezlYd>H_0a!M5q}!6U
ze(V@hm{=v=?nv~H&j-Y2hX%3TF?T@zOvk+F_~2YDvD@TS7A|&V2Irt(W5!%lez7Cj
zijvtAIK;6#sc45ISzGLgDPCFZq{FE!cG8ilEEeiGl2LNNk(rn4m|A$QYH~7qnb9%2
zFxcCANdV`m=p~2Knd3TSc0?8io2_AvbB~msa$Nnw8a&V!KQ*p<wPsYbLvD1OsZ?2g
zjH5)Z9t|+qQ6yI%XL9y%1lO_#0kR^k-f^bHXtm}sj?xN?mQ-By9xm!%A{H&Gu+H@8
z<O++HR$R0-7qyk1%XM5TjH_8vk_&1bCkumXSYsSTyK{D&Fgc0~gDohDMvmZ-0pm<J
z&p0!OHyokY;Aqm_>e<^Zn<SVF`DsRMyCw}y{jEc}?b;7(^X>lF`9<+L_YF#@V&HzS
zg+JKv#N7J^rBpHGk2X5vAu-c1#6NztqcqXunvW8~B<GA9mEvtk9^y#92Y-h7my|D9
zRAE79g#}BM1zU4LZuI%@QfhLI*zRKo6KaSxV!QW#oM16{)`;ERyA8*WA&#hS_%rMu
z#}B*B>}e1TAovY^j5dVCXhTShHiX2O`$T#Mk#u)LtTv2vH*y&1ZgO?U@S+VPvDz>a
zs|_Qu)m^dLFcPZ`BeB{r5?j+As~<*ij&iwL_}ZDvn>6xDD7<zbZ)?Dwv6%3%0(^0c
z-*Q*5&H?J{2Kj^sZ1=<YP{rqVm@azVtTNWP&*Yle#c7WoZ?{kEET4^l-x1f4y3x$$
zFPdVT7)F0?+SS9*>_b!RHA83(i+5r~lquesI|JXJA2Q{~6y|wF<8U<9FLRM2p63PT
ze4b#?*2d2<%@Oa&Q4Q@K@o_xfVL_J{TpV<a<*~1gqk}6hfLTJEomq;bt)oL$!_lLc
znC6VcIh)^{(py>$@)Dv<nenUv4wd;lA`HZhb}@c9U(rr!JT;&VHHdU%I&-kLIInW2
z#N320jaV?EiUB7=9K_mr&WU=ZL<PXoD=W&*Y-Ush&#e}s4s%R%Ive6#tk+6Mdq;<j
z_8s-TPkQQ;n3Y$dMV4wU(!tO1?Em8yndxbfg`O5!85h9{Y-~8X*_5=UE}VMcv?hOQ
z;hL&!#om6-*BsjUiy5}1nyr_gbD6^t=V^e+cx)nCsh2o(Vz;pCV>@@`C1fHy5S7Bs
zJw*_%;vCs~&n?_1(=5OgJH=oR?Oba2x0qw`8M<gtVS1G!7xw(LDr3DG4k{Xgazj@U
z`vNVkJeF4FmQEf^r*cc5HufDinzwn|QfJo)!;WIVIE!b1@f<`_Oa>cHTSph>c{}B3
zje!BfwswA)Jk{Y$&+!c6n%U$rkMWG(Mu*n9Fpyidv#MA}FH2k_Cr>Uo>|=@lVB|(|
zA^%O0L*hFBXCg;(Kl9AKiRYxbMdyT1jM$;g-!aW8RGyKt3quKq4gEuKw6SMvMApvB
zmIfA|7ko08Eh?C1UAXgH!Q+dj`j|%Vw1rgd**?gX(#4q-J$`Cd3U55Z=;V2Z${=rk
zKId~)U{!}Dj%g;h7*fl}DvWa@z51EERPh86GqgHXYFC~~bklUwe9<d@a5SDW<JHCM
zGM=Lnw8&w%_FNd#^ToE_{#gHx!fSiKXyjG?5Q%=4E*AM95ZEnp_&c!A@6_jhiALY1
zEsR5RZ(yXwgCo`r5+kd=i7Jk<EsPh<z5G3uNH-=&%qkVtNDub!88ANH8rgH<L{t+n
z?O5THZrr=8QLTQpqWtAU7x*{_`GN32;k97nu><{TVPvl9X%gtNYF@vT?tgvsSpP&D
zDry`0{dH87*Us7A`gYe>dVWGgN-RGD!x@JO11C$M#e1Z;b?_`l?4tM>>zKu1IALwJ
zvX<p^&wzl@3+pv9wJ?Wz*SOqhW(zYH4MCZ?1-TYR#L}L9u*ZFL;1AJ%gx@snGoSQ|
zKP~o4NyMxo(I8EFzEppgkD*_UqR!UKt*xHz!*GDs_q{Z9(qFn}pS;_BWZ=2zYdEl3
zd2Ws8EBrUFBca;3FCFb(iTcR-@{2Qm{_4-^-*uSzeCu0}MLyL%X6M&Gd^Y&O#SyD_
zH0g4w?=!xx>mT>`30pBb_-N3^DZ^Lxn)t;2rdij1OP!OxwC<r*BZ^0+y}NKiW?cNu
zi|-%1zfSDEuRi(0?1Ce280K$1SpE0YiB&eg-NU;ir18^xyVWvnU$@O{to``-jtl&w
z2aGv!{@JTve13V;nd~KNbL?l|Z2Rb`KiZ#bl>5!3o>v-7zPrUI^D^E`srh>S4;$VX
z+O^NF1JkU_ju-uvx9`4R?m4-p&D^S=hHnV)8`eDkLQ?X;M_#+@o!&J<zklGRMSGV2
zR9M=n-&-wzUBCOsEuCi#dd^+1mDj@`Og-G}+p&S8hS)3*#lQN?z(Hxz4}ZL>UV|m~
zH}Ck__%}LT>G8rnZzNt{yU6@qpCQ*B*54*hd2_*(;<-)xntr|U)%OFw`mE(A`7v#q
zJ^gaZJH77P@b#F6A2eNB^L&qQi~bsE%5D8|z~#O(UVb+A$z6XO9Dg?HY4bD77uNal
zfr%d-8<y})=&TP99kk^nwisL5D`xker^e0Ok()Q|sb9u-O?>X;<oBDuJK)<7>%BSm
z^60hJJ)1gy{!sni-;A0W-r)P>HUppS@yMW*(y6H%X1_IlOQXUWe=Tn1^G9NOT;^Rj
zdp!Nvgs&IBckRK1CI_?MIA!XSb??*neAn`gA)~7X|G3e-<DJ&a9{gm^D?aTHUVSXs
zvGJ9UntU+MY#K4M?!{J(zIc4$rfIKUzFPI?6{p7b-}lS0v@bub;(bp_<o?J1TD|jy
zL1B@FLw;Tv@$KVPa)117Rfh|+d|&@5+3Ee#<ogHuP1^Ry<F>9{yiYE9t4i0CvD?n{
zd*{i)3#yFVIXUByx7V#Y@yS7dF1_p7AGRGX?(Up7^~IxOwz<x&pZmnTs!_x5I(z)m
z?rA-%PhasvE!Xrtjb~p2)`nSg@~g#NY!$IK)4y^5totVXd8_8lp;3?4YW(F}U7B|Y
zZI^nqR(0Fz5$XE}4}ZR6Si7JNW2#$foxOL_fhCtVy}01{h66q+%3o<c;U3#(>V0(^
z1T?Dt!J<>&w=68`UTW`rcfE!IzBQ`VeDl*MuD-wK-O$~yH4c3At}FNUt(v=T%gN_1
z-AsPu<(HZnf8Y9R)`(9!jgE<Y_|M@}T6BNn#I7cvrQf*t?x-uLH}5?W{*~XOqg+n=
zv$d`MyJkNW)cetEUA7$XkND%Qi7Q%s+Nbr4cmM3zc;Z6BoEjzHZJ#=!?%S=Ndq4BF
z>v4<y?WsTX+&TZong-o27aj?DXy{J`ZS0@+@AcUB{ZU8%TDf<AJKsY~znJms>fo;*
zc%|7>?;Tt9(VN{)ztAzH#=^Y#=ZllZrNllwct`Cge>=DNNWuNTcL@7+-N!RO%pdvE
z^hG6OUkm**<L!W^UvzqI?e13}s_!>x)beu=Zs~NqT3)k#ztkT#$@t!~3u~4Qn3Xo^
znKKWcx%Ilw7h7#-&ei$p=<{bk_`F?4??csII)8Zj`WEXpt_lxt(ygUq@hiKEMz3t!
zerx}n)q7{&SYJ|5TIa~CZF(>Dy7K$63(+;>_dU}3w*~c{Jlt<ezx6+LAKdTt;%~f`
zoc`{e{Vz70JFf5MdqTE9GB7RH>-_yMjBGpKn4R<3^{{B)KkvJH%-abEjxTI8)bEGd
zJr7Tu@BV7p1C|x-p9;J-Y+mQuKVEA7+UITexZk_@eWPzXZ|M2Jux}15@0NXa$h6M`
z>wnb#)9my6ejhaa^_xk78C|}ab37(*#?R~acHNo&en@0cRFd=M9a$gWUDwj|)Yd0@
zbq<bxrpB$w#x)(je%s=+{Pd<H1>1+Fx@Uj(VCK6KU*?RM5a+sga|!T|2mXVA|Hr_8
z3Gn|6_+J73Zvg*Az<&tv{|)#r0RByZ{|(^(74Xjo{!at{Uci40@Lvl2zXkp#;2!||
zUk3iWfd5(G{|xZ|5%?bi{-MDCAn<Pi{9}OsIN+ZL{Ko_TlfeI7;9n2;j|TpmfPa19
zKNI*T1OFbtzZCe-2L6qJ|6<^u2>kB?{*M9w_ke#B;C~AE-wXU(0{^PO-wgbh0smKk
z|5f0>5%_-q{6_%)R=|HD@V^ZFR{;Ng!2e6&e-H3~9QeNg{0o791n|!V{vCk->%iX|
z_zwjBe*ph3!2d1a9}E270sd8he+KZs1^k16|Fgiq82C>G{@Z~6T;LxC{Eq|wp1}VH
z;J=6b1OHjTKMwe>1^)ek|DV8rDDZC#{F?*+RN!v|{`-M{N8rB!_}2pd2Y~;Jz<&Vn
zUkUuj0{^<ezdG>$9{6_${&xd^U*P{H@P8lp?*{&l0{_0ie+%%x3H)CI{#$|nC%``v
z_)h`;CxCxC@E-;I_X2-E;O_+fR^a~-@V^H9{ek~P;NJ)M{|x*u0RIx;KLPkZ2mG%C
ze>?Es3H%!X|0BTvC*c1n@ZS#n{{sH)fd3c3KN$Eo1OBUk|7qY~1Nc7={8NDc4&Z+d
z_}>rwe+B*@0{`j2|25$MHt_ER{9gtBlYsw&z`q*s{{{FPf&Uudp9cIN2L3+4{|xXy
z3j99@{)d47Vc@?G_=f|32k<Wf{_TPPYT&;f_}2mcy@CJlz`rK&Zw>sP1pfVi|6t(%
z4e<XC_%{Upn}Po$z~2k_j|BeNz&{N5-v|5?fPWj{UmN((2mTKL|EGZeJm7x`__qcA
z7lD6g;6DubcLV;@fd5Cp|2*&?4*Uaw{~X{y1Ne6Z{vp6W3HWCLe+%$`0{BM*|H;7r
zYv8{e_!j_wH}KB{{yD(k1^izH{%OE}74W|w_>TwvJ%E2A@HYeh>%e~^@Sg(w`vU*3
zfd6N}KL+@}4E*l{{tbbDP2gVy{Bwc-W#IoT@c#q&CjtNE!2bc@KMeTK0{%AOKNk4!
z2LAJa|1{v=75GmE{sVyjo4|i9@b3uxdjtP);NJ%LKLY%x0{^#we<AR11^m;2|4raO
z0r+17{s)1-3HUz^{NDin!N7k9@P82a`vCvPfd4DNe;n|i3H%!Y|4qRED)2uA{C@%d
z9|Hdr;Qtr!9|Zh|0RL}+|Bt}`0`UI{_`d}F{eb`Dz~3AAR{{Rpfd7-ge<bif1pMm&
z|388M55T`W@P85byMX@_z<)UKzXbfN1OHmUpI?<5fd3ree-Zd+0{<-Fe+&3W0sk+7
ze+S@y6!@<O{)2&k81Nqh{LcdaCBT0H@c#t(TY-Nc;NJlFe*pYj0{>FrUk~`#0REo>
z|24q>HQ;|2@UIH|PXhmB;NJ}R{|fv&0sn`Ae+%Hh3;5pv{#Sti3E=-I@V5hhf8ZYk
z{JQ}E2;jd0__qfB4&a{v{J#VKb%Fo;z&{T7rvm@^z`q;t4*~uKz`sB6-w*s(0)JoN
zKLhxG4g8-1{vQGV7l8jl;9m^<V}XBd;J+F8{|@}u0snm9zX<q;0{;Nu{~Yjt2>6cz
z{#$^59`LUZ{NDrq%YgqR;C}}Ae*yf@0srTLe>>n`4fsz7{u_aR6X3rX_>TtuTY>*x
z;9mm#j{yIr!2cNVj|cw00sq6me?9Q;2mHN&|2x2cF7Uqx_zwjB=YfA);GYBhqk;e3
z!2ba79}4_?0)IE~w*db@;NKbeHwXTEfdBWve*^IU2KZ+K|IdMcd*Hth_`eSPGl2hb
z;Qur5-wFI9fxi>@e+>Ma0{>pX{~6$K1paRW|I@&KJMf<k{NDxsBY^+C!2cKE9}WEL
z0srQ}{|(^(0`R{M{J#VK4&Xlp_!k3z6Y&2Y__qZ9ZGnFZ@ZSLZKLGycf&X8?zcujh
z3;bh&|3TpYH1J;t{3inc1mOQ6@XrDMrNDm=@ZSOap921g!2f;V|1I#J3;eCX|8wB~
z4e)OO{09R6LBKy1_>TwvGl0Jj@Q(xjJ%In$!2dzupAG!`0RMY{{}AB+Bk+F*_<sWY
z+XMe#;QtZuHv|8=!2b*2KMnX-1^#1!|1scS1^7n-|JA@h4EX;H{2vGYzXAVQz&{!I
zPX_*zfWHm+p9KD0f&UrcKN$G$1peN@KOXom1^(NBzZ3W$1^(xN|2*J-7x3Q={HFtd
z7x14={(*l!@NWhD{ek~|z`rK&e-!w?1^h#Se=XoY0{9OH{_TK&b>M$5@V^B7p9lU$
z!2bmBp9=f~fd3-kUkLo|z`r5zuLk^|0RHa+|Hi=o3h>Vb{?7sbM}WT(_-6tC(ZK&t
z;NKniHv#?^f&XdX9}fIS0sm)#|1RL)8~ASl{(k`f7Qp{S;J*?0&jJ41f&bgUKNI*b
z2L3+){~N&nGVp&0__qQ6y?}od@ZSsk4*~yQf&T-*|2^RUCh+eF{PTc+67YW*_&*8!
zj{yG;!2e_5KN9$t0RJz6e^cPU7Wmf({>y=XC*a=<_zwgA%Ygp?;QtKpzXkla0{=R|
z|19v&0RArl|MkFs74Yu{{9gh7D}jH1;6D@i7XbfPfxj2<zX1IA0sjTSzaQ}b3HZMb
z{Fea#{lI@5@DBn0X~6$};6ESuKL-4Lf&Uobe;oMx0sq6m|103X0{CA8{<VSsYrx+P
z{2KxPp1}VA@V^TD1A+gi!2fsPe-rq30sb+-e;x2o2mV38|7GBRH}F3N{5u2x8o+-I
z@V5Z}O~8LB@c#_>M*#l`z<={AqektTJ$?GM=cZ1*^yGsN{#N7a)mz)fk3YO2BjfAA
zpM0_)-r-0#8;z#d#*F#=p;oPi-u2gCXH&lV>YX!hywPvjlqnZ_?A`nH3o~cl<J_}n
z-eV6vbiK~?>p%TCY}m#<J$pXod-?L87v6j`dd#6iZ{J+GGU@!fbv-^>zP!ort5ywK
zl9hFOcu~>wJKlRQx6#d;-@dhIQI~Pen)SV}UAqa<-MT$&`u+D`2NW028W9<p{>v+`
z42=B#`~5ywuKclR^5j$5M~=KPC_Fr+Tb(*BEnZ$e37>xYOj?sBvG;%c@e9HA>pNB~
zS<=2%l`7TWS+=ZowW?KXwhIUddOknDVV6^<zG?R3kNd_pZ{C03#*L4>l$(3LVYO-j
zFV32EcTPx1VpxL)k)aJ6w%a&q(uqs=-M8t_!ouOdB_yos*QwJK_u<3ueg5{_4?WnT
zMMBr_zB@U&b?f_|ojtquuY(4yPT#+uKY=xbT)enF*=lv(bK}N$yEkl@c5(RdcRw6A
z?ojM!pFMf>!w<*w>ChqT>)yQ=AL`q8>AA$j^}WCN;?eOXC0knl^wTHbzyA7wx_|z8
z@ssY|=X}+#-?AZX+KgWO=%fB$^yu-p-yeVc;B7K_&3NRIzb?ne7shn%ocF;?FE#yc
z&6++x4;;Aiua{pQS>$x)KmPR7Ro+~<u-n!bUa-YQMP+*Z`s<Z%wr(A@{oQw`<{mq?
zZj{aDa`^dK8{E3}ea)YLzB%#0fsgv`+czW7VyWM@cI{@ZFI@Qe+oYrqS3dh}+v1p*
zxgF}&3%hsc&P7*WeRasphabMtvrCr;)~2TJK09*c2d(b9E8>~#>@$VQ$wf<N%(!d+
zfB`Q)a^l3xqwV&Xhg-HB{6;}Rr&)97`tFU5o!{cprB4rT-aNi@U|{gHufKlv)cyBw
zz1!Ef?v&%l-|SRcdVFX^L~8$z9djC2uO4{3SFeTDy}d0Hf`Z~sj~KCe<c=LLO*(jR
z+fQrPc3+*6vUAOX1szsB^GtaA)29zUF>Tt_h_h$E?7n;V6T{lKpY-0uiO1$Y`J^%R
z%P%(^=-+>N>1(g`+B9Lpk?TW;uC4mZFF!XufBuVgX=!_(df<Uyet7Gxp7niv{J#9)
zgN(U(d6zSqHtn4i7B(WNQKP6Ut5@Iq>84HD19$Cuw#m73pG`k`a>eqToO8B&?&*56
zPoE_xwrz9IdE$v0k3Rl*t%A(VQdifm(|5k}&g9oek1jqE7gtclZ1y((_S^3PHET9{
z+3ntu)VA%oKkmKvt&;cOAG=`AoO+4dw?EhX?z=m_|Kf|yqrUz2Xzgp)etdiB(pGK!
z{q0-Ejy;fh^yq8zo_eb4tBV)6dH4C}L+y<lcV76|V|A=Q{II9j=bt}zYsiq-^MZrp
zANb~*SDv0f-+XPwiedTl=2fd#qeg>cAAOV-e&)<qyIii>o72-vK8}u_x&FE5T1*WM
zz0bc^t;V0NU;p5Z!GqTv-m+z4$GUYxfd4DNe>U)c4){L_{A&RJZNPs6@E;8P<AJ{!
z_`e4H9|Hb&0sj=>e+Kw31O7dL{|mt13H%=e{&j%=kHCKq@b?A&7l8j5;C~bNp9lUQ
z0sr5D{}SLo9Qf}5{*8eDTfl!D@V^iEM+1Ko@E-vDM*#m{fPW<L_W}NkfPXgd9|Zin
z0e=hdPXPXD!2f>W9}N6g0RLLR{~h384fwYM{?7ydF2KJT@E;5O_W}QxfPX{a|03|u
z0sdjYKNR?H1pb$R|DVABH{jn7_`8As=fM9#;NKPaPX_+a0{>rue>(XG{vp6W8Tj7=
z{C5NYi@^Uw;2#V8j{^Tb!2fIDe+c-W1OB~%|9Ifv68L`){Obb$Pk{edz<&tvUkv=e
z0RDc!-y8VP0RESOe+=;d0Qi3g{C@`ie*ym@;Qu)Ae-rp`1^#is-wXJE1N^rG|6Jfd
z3ivyKe*@rO6ZlUA{(XUeAn<Ps{96P6Z-M_x;9m^<I{^QCf&W$DKNI-(1paG*|5@PQ
z3iv+*{0o8qQsBQI_&);tM+5(df&Ux8e-`lH3;bIE|AWB4Gw`1V{7(V@yMg}{;NJ=O
z4+Z}Hfq!G*e;oK%2mTX)|7qYq68KL7{yzc#)xduZ@LvV|+XMe6fPVz=?+*Nj0sr@a
z|9s$|3j7ZM|5D(;3HV<J{#Aj0Q{cZ2_&){we*pgVf&Z7le=hLP0RCCPKM43=0sfx?
z|AD~23Gkl|{FeiN8}L5~{7(S?Il%u>;9mgzUBG`Q@P8fn9|8VVfWHy=2LS(<fqxS4
z{{#4!0RIKRKN0vh2mbE^|0v*J8~DEs{M!KkEx<n$_|F6WuLA#ffxjL2F9iNp;NJ`Q
z-va)5!2bc@|1|Kw2K@7Ze?8!T4ETow|6Ra;Gw}Zy_^${4Q-Qxf@c#_>-vIuHfqzHf
zKMMFy2mVum|AWB)D)1i<{4;?6C&1qU{EfhW4DfFS{Qm;}UjhF&fd3TWzZdw=1pa$~
z|3kq4I`AI`{Cfib%fSCl;C~4CuLS<<fd6vfzY6$g0skW4{~qwa3H%oU|7O6y9q{i4
z{C@}j#lSxj_`d@DzX$$Tfd6FRe+2l41OGa}-wXJE3jCV@|Br!xec-<Y_*Vh`%Yc7X
z;2!||^MU^<;Qu4=Zw~x70{>j#Uk&)r0{$VuzX9-X2>d4j|NDS{A@ENC{+)pTVc`EZ
z@NWV9zXSfQf&XmaKM45m*ZAKaauN7jf&UHQzXA9U2ma%L|7XDeL*U;5`1c0>eSv=>
z@c#n%mjM5tfdA{j|4-oG9r*VH{%wH&qrkrh@c#q&n}Gi#z&{@NcLx410sl3?e<1LG
z8TdPa|I@&KA@F|z_(uW%UxEKt;Quc0KL-45z~2w}-va(W1OEfSe;@F-0RP&+{{rw&
z0{+he{}|w35BTo{{;vZ6hk<_=;GYWoM*{!5fPXgdPX_)ofd2sCe**a1fqzTjUjY2)
z0{>Xxe+l?+2L6G-|7+lXKk)Yj{>OoTDe#W~{vCmTb>QC%_<IBYAmBd&`0oJz2Z8@u
z;GY8g7Xbfffd6UWKMnYw1^&B%e|z9R5%@m|{J#YL{ek~$z<&bp9}4_`0siNKe;V+A
z0QkQJ{C$A`2f#lM_%{XqVZgr;@Lvu5Hv#`$!2cZZKMDMEfd4(fzYp-=2K=7@{*MFy
zOyJ)Y_`d`EM+5&j;BN;0zXAW6z~2r0+XDZ4f&cr!e-7~94*c&1{x1UmZ-M_c;J+03
z`vd>6!2c-le+u|72L8_j|Hi=oG2s6L@c$h64*~wc!2cWIKOgw70RHoUe+}UO5%50)
z{9V959r#BB|L1^zDDbZZ{MQ5j!N7kD@UIK}M*;uoz<(<6e-QXz1^(lKe+KaX1o%6E
zzY+M40sgIk|6joWE8zbI@Sg(w_X7W!z<&?$e+c+r2mZr=e^20l8Th{m{0{;DmB4=;
z@Lvx6R{{Sl;9ms%-vj<Pf&U`l-wgP-1ODBB|L?%R82Cp5|5t$j_rU)O@ShC)j{yI0
z;9m#$djbDXfqxU=|1t2d5B!$^|0=+L8St+P`~!f0KJY&U{C@=g&4K?$;GYZps{#L6
zz&`}|Hvs+(f&V1ne;@EK1pW!YzZ3934E)~){w;w2cfh|j@ShF*2LXSLf8c)+_*;Sh
z4dA~4_zwsE<ADEX!2d(w-vRjd2L644e<JYz0{E8z|DS;W>%jj{;NKni_XGZIfd8Yw
zzX$OD1NfVO|0BRZ9{6_#{x1RlHNbx$@P8TjJAwbxz<(j|e*ySM0smit|5o7tF7Q7F
z{B6MB5BT2#{yzi%1HgYD@V5Z}+Q9z;@J|B%&jSA#;9n2;?*#s@0{@4Be;44N3j9X`
z|GR*HHt<gd{xg980N{TD_}hVhOW<Ds{O1DySm1vN_-_XOfx!Q3;D0~x_XYmPfqyCR
zj{yE1fq!-2-wXJA1OFi4KLYsg0R9Jo|61Um0{j;M|7U>zY2ZH%_@4#-yMcdu;6D-g
zKMDN51pfVj|7*a10`MOS{C@%d=YfA3@P7dKzXkk#fd2=;KM(jf1^!{czY*|X4g5C&
z|6RcU9PmF0{BwZ+J;1*Y@ZSdfp8)=k1OH6m-xc`31N=t=|2W`p2L8VR|C+$x4gA{z
z|9gS|`@nw=@ZS#n?*{%a0{?G;|25#h6!`lC|FOXTDDZy@_%8<j&jbI)!2dDe{{!&<
z9QY3b{=vZi8{j`5_^$x|^MHR1;QtZuKLh+-z&{=MM+5)ofPX0PuLb<q1OLIme+%&E
z&)aZQhJini;?Ju1GaCLB%8JQ}DIXJl6=`VqKk*wRtd~F0VUj=DVf~o+(=8^}ndx>p
ze+J0JZDP{<F+R7SiR+M>>yeu4lA6o^pJ=XM`m+vF-!2YZ%3h$s+kCiRm@~0X)Y|Po
z$i-7MG&?nKf3joZ{$i4CMJ*qc{{Lo7+>)!+hd=RTs;oX6v4Px1nbT(z415$Dx1}E%
zsupr;{&b(IvN#`N8T>aeXQB@^f0}5A=A!{*oSy#>hi%6YGG`n<buSPT<Ah^kqMe%U
zPJ1UzOqJE`GuRoEIrl$(iZMNniOUX$QQG-<j&Fp$6Bd&8&d~VPqUO)X{YZN}^gv->
z0nNnt)O^gC9l8~^SNexQbAQm@^&i@S^ASSx!>_=#oZBelbcXg8b{BH`a=kH_q`kLd
z?+Y#4YA7^QWo^Z6WGv=PmHE_%oj%N&{_pzmX-kYFbH?Eq!2N2+<i<pPsV8D$q7Sv)
z#%vmqXs2e|GUlV0m@2DV6zue2&O{$-whPzw6eiB6y#SM3*Am6PRI$IP*bAZM{@n=8
zR9PMPQ&+BoITL-T<=9e_Mx@G?<#KYmolmgvVa~)j)XeRe*v?EWQ%k$PO;{)TM`L25
zAGNG!ER9IC%OuA-xnG$x(TAGHJjP^SmFs2yWMY|Gws``LNVHS4ZMp5Kn3!mn>3@2?
ztcR>arTV}6LJT}NJvuGB$D~nN(=z1?9OTO~Jo94GZa)u?cJDRx?=QbVM9)Lt`(}*7
z1Lptso{h5k|1c|NY*yN+%4;NQ`wt$X&i~-iJ!RBCZ8T>8({}e5mGVzZV|Llne3ynH
z3{Ty68^Thuv&9x`Z`g>>N{da)8I?Xbtx{`h<<>~mT-olEZ|^`Wm(`;Dbt0Z6)E%ez
z|9!9hZRX$C?pdfpTPsUdwzHJkmF+2I_TP3>#d){gKJEPj+FMn^JR7XNRKU{_l@NHf
z0bWg@y)58w^ZvGvmF3hOoRz_y8#XwVJ4Whq$$jgwW{t|2^dEkU3V#mHU%Hnkv-T7Q
zwQMafK;hTVx^j@N+)P&v)|Ff8$|1V49D+S&{3t~?KSEcQr~T5uoo>E7Ovw2ibo1ru
zn4I55H@};%?9`Rz;l^V&8(g~iMqQbA;+LoY{Ci}0>RO)6+Nr);mZwV|n^}9;mpWfO
zU{jdP+I#5K`Fx5<c`}!Mgz(tRhVJDvq0HK$v)p9Xp028vduk_&(&7gpYsftlU}$Ez
zN6tjf`DzbiIaD{lt0?m%DFE*U>m$mH8-OQ?-Y?4awQ`stt3uhKJrjr~o|pyTeO=Fr
z`OLUJo<uQi#1w#!o$Is`p53XH+ZjF(Wgh$kaJu%1DDwm)08ffOEXq7F2*AgIvlYtd
zf39gcX$fg~A4_)Hy%|}lZM4^-cn*3vT#C1+Aj`(vNp!y1e1%B)@lh>^5!Pd>IIMbX
z6~|JKO&LJT-?D=E$^p*fDBswEdGbv#kjell)?0q$D>KMZn9U&HZ^Cw#??K=PDyg~8
zq}HC%A%+tx?E*E9NYaO+kJKD#q;@D8(qQCDki0M%MF->woAkFR`XB4YosOi{O`vW?
zS;qOV)Q!s<#jvQ=N9o`d+J|SSNLu@d`fKeYmeuMYhEps2jIHSHN%EPQELG54p-A!>
zXe=5dJw~lQ!bfW#u`bO=tuxQMku)E%tOaGcU7RQ1*`aAMth4z7u^+iPeC`l6m*c2L
z&9IzD%@2v1KmL^YLznqOm-$1N`D4GZUcQV2O`or+#nAT|*Dv%s#>Vy@#r*fEg?)$6
zY>I<IGv;ZbS%-$0xU3C%W1)GGVh%Opupd#&XQCDeJGX^e+LsAC_bs)wuM&3dXKHCL
z7IrIgYWZB^Pq<xJKQEeS&u&E>g6M-bkjrY%*@itBc4}!ag=U>YV5gS$^TO_com$$p
z_GE>T_#CZ3p|`Mo(BN#(Vrtk?CC`Nu*qcCGG0}$?V&+oAhiywO<1ZF=wllS~b8MzR
z+m>3|*9be?mRj0B7j{;U+81?V()s}Ezzaj17?bTx?ThVXTF-5V-72(<`GK&rZK<Vw
zr?3aZPA%<U2s_)BTH0BsKyS~5O=2uHs-<aOe9#zy4=+4%n*(_T28mie-?$kx?QCai
z`Fv^ZT?689o=hKT`s4`hgZxpU+0HKr&DguCvGV@NzY=z2hEqZ_&Tm39j`rMd#Alp)
z*dL%7Cy^R)N}$IGJEZnpZdso>!p=C)3e7m{gl3%YgywpGSNwgr@5FkesIjhO%<n7o
zbI4y5x(*iBo=pvZrgvzEW}gYhJTBWBc@WC9bN^7wc6JCm`w6vtCUz9<Shg#2p3_hl
zBWIa926?p5yr{=A?Y)ur6q*;~J`(y9<U54s#lG&`UikCbZ?Qttu5kxDbyrN<x{yZ;
z-54>s{j~GqV11OSX>Ta>3fS$`*j_8vNiCmUuWc80$^h7Tmdy8kQ1?`{)>mQg3>({p
zK6d0hr=yNR9wc;M<U9-na^OUw_C<Y|(8Udb41h!}?b;a5&QBXB)Q?HCH!jz{tO!yo
zOne@7Hu7;oPeGok=%zyR;$5)NZsgj&6DOn8@_FFe_QK9pQ_DIGf)0coo9TI9KnMg<
z8Yb3(eWWdQ4bQu7o)G$F<ck#jyrQ+Xf`0*QErfk3^43BZBG>9;g+S8kBi5_c$Lgsk
zwQQ5o(1EbCp44)?vV<K~)y|P+Kc7Q8>cIWa6j;-9K~OtJ`+53u9onJUe#D8|ft<UF
zn#*eY!rybTtQYOj9Fy3Gq}KKY?0sR=_62kdbUXUk@CS)nKBJ!VxGcv@Eq;I!AG$2Q
z&{}-xviQ(t@!3(4wD=Jot;L5A<1@+kd9m$`^)-_=uE}@X(InqVXQdW>o7-X({h93|
z-yOzwF^Yccq!#@xj@pVpNb#7AV%rm`MLjuB)`$B{)<>&@I4%Uy&K-iJtyk2Ce9HQ0
z>k>>2rd`x0nOf9m0<{%?kn%9e`pl*l^(mk>;t$etOj55=^d?0YDY{tEM-+XU+Jrwy
zmoZ6wL(x81r?m4tQEIEALlmt&3mwN@Chb}1LTk@L7n<X;QRs9<=TLijmd#hR_WVj=
z*PewgwDv4?p|xkB3%!-gR`JByt>{CFE>-jeMQhJO7t4B~ZHycsk^B_hNYTNHj#RW$
z(L6rNIEmC%Juy=iovG;Qik_?J#fmOe^jbx4R`gCqmniy#qR%P%7e(V@Ls>m7)IOd%
z*H?6qqP1tC3m@%S=t9RSK7$pVtmp}f&QtVkYJL-eq&*8=Xzf|(La(6@Ka3!4Qgo4`
zc}{Nh_4pi7^l3$F&q62YNZPZ|h4w+8lJ7O(`M%UvMe}?@+IgNWwe~D@5l4F#y3pFQ
z(1lK?KgNHi97X3VdcLBUDq4FMx>#0w7P`>dv(Sa!t@s~Obg7~*P~*76bWPD-;6U27
zXQ2xp?OEtTYtKUG!3rso{z5wytvw6f&*P&#3ti|``UtH(3tedKS?EG*&q5b^vEpB-
zXzf|(!bf`+y3jinAMIJ_IF>PK&q5bkdltITztCT3o)}53JqumfwP&FV9i;eZ&q5b=
z?OEtT$I%DJIHtjhPFA$`EOg<cJqumv*@}<$EOcSlo`o*-8pUUmqKl|&d)BKx3!Nw4
zNPO<EyzX(Dx~|9mU;S%^BZf=uyphX9iiw&D-A7A26jD32lEF~q@*LZE9?s=Cj|gbT
zO5~`DmeTRpAv7}?uf5Pt8j+&9d(PV!4;Yul(~jXN%Xmwn#ZUxQ9*^g2YW;R2UVYdY
z58a?FUKX^vy@e<TVUkJKZz2q8yi&xAgN^Yx+;bkccOfP<-cB(OnU-X{Cs9)41;==n
zXFLvloX2=?Vp8Mn7W0s4Nyb})k{T~kiN~Q)#`_#vjaMw@A=8qKw+AIPo>Pg(p-0BM
z46Vj15%Z8~NyhsTB{g1OB_4+q87~0A)Od$5kL@6nj8_9rYP>|m3xX5dk7#lpm*a!!
z)Oe+^iQxmv<HwxmIBLA<h{t})c*IP`)6R2Hmi>?0&v`OQ-A5O1E#k30jK}kR881Uu
zzhA^WWLlE(#_8g1R^s7OQ(3%ux_H+_9GPLZmYx=VWQ*x`ethmX`MQ(eOO>owoGxqe
z<#sHCAGK4n;@S?jL$-4x*f@{v^o}kb&rK_f$MZrp-Y-f#o{GzOyherpW&6#6f*4|9
z_4qO0rHdETqkP=33P0BGlrA36h2@P@n60gs`AJ>8&WOi8#C~8GevJ30E*_76@`ftR
zE{pe@F5diD&v`iG1qnaK3p7>S-g6jKI>9az+l8qX{HUEQAeG=la58enYlca-Un^a_
zpz63zB7+D&WZFB{)OZdIl1?nkc)`Mt^^4QROU3!dP}pUXp}WIRjhBf)6X3*nEirK(
z<0b3jZACnBc*I<fAM@e5cqb4@9v4D{ALBi&i&uhp^pi=}Z<;RNFG{>HILrFIpo@3z
zHu09~;#vBX*N>dYcw2Sxc+vk+SvldyBCo@987B)!L5Np?ob4BZNya;(i#HeXHe$X^
z^kd@ndo|uB#4CcG@p!Hv<7uBYP?qClXFtz(elTfC#`{SZFQ;$$ILT`XGF}x7K<N5q
z@%kbj7A;FMUPGN<Jp6!2S(1Kr;YaNhbMmoX2Q;^%117m%zL!&7?^47|70WP_@$jU;
z3h~w>UNYu09=Vh82I=D6xJ|tNx_Ey5%HwrW;*AsWWLqTj;KvG!B<nXt@5jLp>y}CS
z&CvVVEBBkP_d{nQ-!jQ~&j~-aEz?~1spAl<%4sG1#K&g389s(zl%_m?<R)pK0Tuh7
z@Jm+8(r+E&u?|i#FB9!o0L}e@A-HURY!~$tZieA)aIHjkS{P-#t-5%;m`^{(!;o1P
zkIfI)vec&|-T|r@WIX0_pV7H~SI>7Oz^QCp<L=?Ppt87OcXY*LwT#y~(qUE8o!*7;
z@4GY5uuAfUW?RZ#&#_ERvYjPfa-ZDJkLP6SdDHFuc+SJvk`MY-#z#}wRX#FMu8a@H
zl68Z;?YlFw+>=r>CYHZG<4*l0vTbCfr+?k~-5H5&OjN?N&B3_#-i%ebZCdWK)U$X$
z>Fs!ImUGOa$L9DB3*e(M`7F+|XKZTEF`a(KQl(#&__kJTWf9u9>^aSN_US~gk!FjR
zGqSRI)6XOnvXv_?Q~5Jg_t=j5^QoJb+7_>oUe-agiXs=qH^HM&8<q6K+b;}7Az}@9
zuBgQma~HM@b@d6~Z9C%cd33ZvtFMJ;t>r5%j?lJ9+qVCKSI?l9a#X%u&K}F8&c`Nb
ziMBgwE?=1s1ISxwNd`wg=Je$<JhQ?HuXaW(E~aaCYH8<zh)LFwTE=V$&6v!Y{_pyz
zb-P_0o>g*P^6av*b&+8DFqhlND<L@P)3%XE4W`PL4TPP`GH0sHha&-f<cL5YYVIRD
zCIZN$E&G3PdopiKN|-c8+;^(nn=ED|rRCjrUjK|qqvXxCe_v9YTj}Bn{d*?$Oq-OJ
z<<3cSO~@EE{_kt3;DY<T4BFkMx4F|dsp3Y+J4yf1T3#`oySh=8&HDR-73!*Nj$FFJ
zd~I7Q+%L@g!L&UvDr4frv`M&~IWH$|Qnov6?4;2dqGj@O!qC9wh0LssOwazl{a>?s
zvIjSFg-^dM%l_txVb*TvFOO%g@ac#C;)^lia_4(v<+vc@t4AruBj@GGT-LWeHgnle
zDr8yqaarb7sq$pjSX0Zq%2b}r25Wf%%51Rd%H*g#nepjbZUIM`0Q}?UL?%x;u&hNm
ziUgqjT55AWBSiq(kLT@7q(1=O30leXhv$03bmcLk%smr;I|3dQWo~%@?~=k@fwEhd
zOLocflBWaf%EF~WSJb+yxKA=8J84W>PLk&wfx#+xveUvQd#a~WM%g$h{+Bcx4M{ty
z@FYki`F$&kJbLoTz)_Q$M*~gsq*!Qqzm{gN{&zb~d}lWkwe<Ifmhal8mUf;~@!p|s
z$XP9Fj@-f2qKi@ciu&W@hi2z?Q2UB);b_e7`kAPG6<l~P2W?F9`!9~v@_R1!1^Imz
zw_kqWWTjT>AiukTxhxL*q>Q62E4Dp|cF|#Zt|{Yi+hm+LYOx;&D>_-x6BM1N=-G-c
zQ1o(Y9;%SmV3K;1qKl}-a8Ru1BZ@vv%|=GLj7jPniq^i%7Q+bpi~Nq*s%T#4mEYBB
z-(_>>BWd4d3$0z_6<Yf)TWIaOY_a2V7)R)QMbD?^&P39_%NAPuE?a0`vy?vCciF=3
zS?bPzt#CmIgQ!;7br-p$XeMo3qIQZIepnB?Kyyr7p7U7d^$s;&l$eK1OEO+0N@~1D
zN<8j98ISjksPWjxWDLkM9WS(#Mx<aR9(SXRmkq7PbBcM$v?OCsLW$a`S@HQpiN{?f
z<1L0(<Hev1*RmwzJq?Q*&j}|o#rES6B;&mYt;Xvs<{{IPjJFXbHD01pKVmB59fDTl
zv7OY!c}&MJQOhIg?fgpN!|l71-+B1x*Q*`{<#v1zKXp4&m3HwH^VqNc(#6X`Sqz&{
zo*2yk5ZcKC(sU(W0LrpmG^SCO{k{OYvUs(y5o-MwEAaxAc%kr9w|6b(@z^bs+}>ba
zytPU^e!VK|7pIH26Z7P!1jdx{cn>1AlSZVSN<8*28E>>M9>>GpTtFll&#jAh0`cPD
z!+y%cj*Q29L-D_?{en<nd&nf?&CtaQLT8u#z7d>dyjOJbIG&2bjTTbIE7Zm7jCkxH
zte^TF&ATF=LtEN&uVyEqnPIjzeFQ<CWqKIpC|N*GKc@W<QnSqXGB(R{UNHpg>ZB1V
z4)v4m$Nn$3_iOmcW$1SXh24rl%A*i!yaL3dAGbG1iKo9-_!a;?D}%sKO6Dd^GA+g6
zcp1iE7-at=cUVms<Mf@2Mw&w*l8iSxEonl=)Fhnjd9MH5>Do`b4(+U-bmwb7Ja)1Y
zk=i<gQ76#)KX9?*A3pT*lURk%j+K7Yl8tto++4PIJPzgxdx%XSM_W0cJ)%76Kkt;!
zsa$cKW7Ep9&(pr;zH;B%gr8jd?flpmF-(-z@^*e9BA(=iew8uV7Iu}%+g+d3_xV?`
zoC}joayyu-ef|Q<$(UGYwgFqSvOeDz3(6R9DbuNG*=@?NcHa42!T<JowqC{bZ=d(H
z2m2SN|F8G?%!~=s!rM67%6|XvIA6&nwTfN*Z>4|xyr)V2|I+8Pvod9O*G^gf?eqWk
z`Ty<bHrbg;?yQM9>A4eAw7&mupZ~Yd|F7@!W5-N#=j3LkiP8Q}eLma~8R5A@=FXpC
zFYrUZ@)@?N_MPhAP7VIs4ca{fydU8Q<37Hh^-C*`!bJwd5|?qLiSIg<Hz2GIFt?~-
zF?nu4IA{F7+B+ZksH!vXXOajgLrFr!D5=g20VXkoVF-1=s7Z`CYHayejg?jc0b?8G
z@3wTywjhXX%WgqwOIzB4vX!-L1!Y^eWo?4INNLc3v_*?HAhl=_1JV{L%KQ7B`#dvG
zCIhkWyZd%O?}zir&H3KneeQG5Irp4%@7%fPjJ$&2y@N0~ujhvGKdR2_(JN!p>>Hm9
z4bAeLEa{aITJwz?pS)CsG1+{HVLLu_A?m^Fy?du2@jgTIg~xt=;HBMfw7k2ixN29{
zP2=9X;H@67^sEl@2U{<==7Pp?_`%kWLHym=+w(GeRAu<{uDPH+x+oHvJ9E&(fxz6`
z`(-Y<CWG55+_ovf9PEM3mAZNRRop!0BN^B9(5(IXk<2mW8R06)`N2Me3w!ln=KoRc
z)k`Ay8Si4>*Q37K!JK=2pX?hScTJ!6GAX0z6DzOEJJ>oU=9}K{qV2`V%YZR_Ucz{A
z#;>o-ez$%MM%LGdg3KxkwYaMPLp}Zeuh;sJuDbeoRogXzgtuLpp(j=jDLnA?BfjUp
z*AG8AJ5E!y?2)Zc4A}0=z<>Dj`@>aR?)MxH_4mL-E|lRIe(%JXpIsUEkeHugxz5kI
zp(hq$|Dpa~$95dpxBGC*$xV4JmF_plH)huN+ghKur#|;!ea^ebir0=>c+-kq7u>Vy
zt)AX5<<_kjoA_bayv*(8EZl6bWM>w!;BV}gIc9jqjo3EKZ5toV#~vv7@xhD7s>Sva
zT8t^q7<)q?8q5y`dwJRT{Uez@24{qV7kR7iWqv($VR2P>;q+*B=!FnSPR%Qs{rB{|
zw=XKDKei&g*0bJ~dAho8;q;L?<6Cn0OT0;ae`_dsad9q^a)<99KGe9WuIko4v4zR)
zTkh2#6h=AXp(4wP&$k%!IRj&UN5GiRI(oQz>y=?<u;12T-kxCY!C=nGV|guOT{)WH
zJ1!26^1YJ%)&=kN*wr(>+pE6#aozSr<t=j+RLW3m=a>@K&h6ohaL?l0+aJnAePR`F
zY)PrbV~U(zC}Z+R0-+#3DK_KzWbTkhGq+!n5e|CmU(dwv7Z2`#VgK8D{%Fj=?RdQ7
z&-{9xZ(d8|flvBTR3FmpyNY~hOulSC(AZL!X8YIC1Ni-!OD<x8^guzKt(>SM1<oM#
z2dnd1{>r-6BbK(VmAkqY&DhuT#_wcqkDjB>4Rv*{RO(!Kp;tCT{>_!L)FITkty1GI
zK#dF4XPYWFrI%K@L=8oqdnA3GJ5m}7_Ad^0t$5L3FH`gWNsE4{e@Smwo@l@<x329M
zDmu*W>fYbr@h46&Q_G++pWHKO%%^7zx=uS+GZ0(mcGWF&|8zR!#CutMYRKM=F~7JD
zVbQlBG+mGq_Vh`6#tgI}bK$-LEDY2GSok!N`fw}^)XA=gMSK+&rja_oAy6GJ+q&aW
zuf*bdXvF&M3Uv+oj@j2BFl~$(XhUW%PW_u$`0WwXvk{A?xf#qr`(`YfhV5YPM}3FU
zp9eEgCo`tqudpz1oy>2>c&x)%`0WgtnGFaBm~jN!ll8cRjZW4wyb8=swC6WDwC8cJ
z1v92zDLRkEZbWr{^QHbjYIJ@Zp!#h_uQU3mj6PX(`kfAD;Bm=JC-u)69jh+rIa-S~
z+A!w14`JDdWtcE$R^jgS$?Kb@jXx02{ix>{y}!{5jDES%14d_gs-G~JS0<+6N-+MM
zf4+gB$Bj}HoqREv_BR@x+Zod3k!DQuBUpG`?z;|)`uPvAyJ{ldiiLspWVPQ0R{NL0
zT5sO~Gti!_X?`25$L%ospTP7<`;$iJx4^1%NA=SKta|FXV7bvxE^M?6`R#9CXdx^E
z!3?y~pyjh30{t>(o2Pv{mXX32n|;Zeo&jKPqR&F3hrpUneq*ZkB}PBjIaPbMDF*r{
zYrd`qa})InfZA76M4(RAb9B4WGtTifmwT<yyofnLKQYxzn~fRmW;CRESu<gSx#-MH
zo$0*XHf{Dj(?1`tpVQd&ea(a$&*&Tm`r>Cde$?!oFMi^kw8Vi^^QdoMCJZ`fu*>Ey
zxjT!6WUb3qO|Z$=S#ACs<|$<xPKN*bcRi&F$|1Ub*U3BcWccrYms9Uyyklm$HwEqS
z`IbR4WMu?gi&KTA#hyij_JCaH9Rc6<{D^Ku%<W@R*6U=QSEoF@RWT!F`{I=KZ=|e$
zH)Z{al=UB_tp8Njd8OdHrh3;vnd##l0t0(WzI*z%x9a|LyDb2&^PL$6_AY!km2Y^m
z@}ix5?4}y7d3{Er0Z~e<XlsHtZR*s!=G=2PmcMteiH@IBFY{-*4#n<e8X06cTFpIo
zPn+X)KH}}OuBW-HkzLKb^-XwDmB)tP2@`7Xk{*WheBL`VV>;fR?vyauEbcpP>eNK#
zP)PWF-hq-wU?$V<=*r8N?;>{>sPisR@$ps=fp>?#0*CIO&d1<%c_)-TypLb-Bk;W#
zom+_KMdv!=VRUXGy3@IZfQdOCy7-i4;d};Z>D3LNoNMRvQcwTDJ_maC&S#Ow{D0Pb
zeULQp5{+Qfz`I+{uf{;`E#*ub-U&nyGbyxTzRA6Li9{&IqBi{0!LiW%RKWL#$=4$;
zGhA+%?>49ndoeQ41J9BA;im<10I^FaI0oh^=exZO<la&TTsmP>2`!9;HcT_QH#3Cr
z5SIKbZ;rqJ6mCR5pEdjo!!HW&L;PXbabMnXvb`&p3)2tpGN_ZUH++lX35M@9Jk{_}
zIqnF=JO}j2yP4~SZ$iwzk$NR`u9H88xYp=Xgc}i06OO~4>$JZQ@n?)an|vYuA&`6b
zcj)HRqWu@K`UNaxe(G32hCR!ftnXhhp$;3C!#@gt4e>JJI_O^&W}nJWb+q4z_;E6P
z;`BMzcfg+#8``p;rhPNwp9t?jOkdR5FaL%NKWsx}eP{eN>adxNG#nOYKYfx6d)7m8
zZ&qZ4ENr7aZFx6M4kNx$IDj~hjD6XB$i3xKSRgk1#KJpS?mHbZ?__DuYDw-bbC_jQ
zM`5x~@m+c4eujAmt-7m+V$U?GKFqLdgS5f1*gk2~3)^didF{PXn4ikHPMfiaZ#DXK
z;U>iQ2s3|Nr#<V-45Pbx!bXfh*1EJ1O#25BFBWDQewhq=Y;vr1$+cOC%%7_#;I*)M
zRP0$#$a;Q%Kpi$L*QdpXb%5MEh<^ypSZKrZyiIr?;x;nUz&b$I@e16g_8nrwb4~6o
zeLH>8hMzD`i%kJyvYubwe{ddIe&YI>F#FKg4IeT5j^V!;c6AbdxUZ`x!X;u8LG1bv
z=x=~4MIVFsdSRxW>r78A;+u><R`@o=6NH(+M&U%ifqmI_xK2NF5zi8){`X`&S7sn<
z9k?G%`=y8<5N4fpbpZA##!hu$x!5qj>_@ooBZyZCvpl~oycO{};r~GF`VIJGJt6lV
zh<^xMu+R@}w+X+5_(d}8S!c+-i|`L&KNi~4_P4@Jk8Arqys-_gy$icJWrc^pj$>SE
z5WBW1Jksbf!`B&h?HBfm_6z1G>Kdj2d^2L#e!=`i&2{QLhpzpKK3?=X#2**tCvA7`
zV3Rm^V748u(+|(v=Y*-dbH~C#AnQ5hxupF+BmRmo+k!iHu+N4@)^_dA9qgI!?}`0-
z#E+9<&+|prcKsxE*z?nSGZ{8a23gzn4(hOBKiw+aj(8s##yP^;uDMO^-xr&F#N^%~
z{6lbkK78`&z(rW-rvN%x+coWcxJP1Ox^>(MkEdggxQ~t*3XoC97{XX|%n;Yr5A&ve
z+`hP8Ft9qRp9op}RFJt7LL7_Ue@-+!*>IELdE`v|Ls*POndeJ+wc+)KHyds?+-i8A
z;X{Ty44*d4zCe%5Hm2j2c%4vYT~uZrQf3=d<~@q?B*Tq{=NevMc$wi<hSwS1Xn2d^
z9ftQBZZ~|y@JYkjI1id;H(zEJ3I@T=mnrP#%M>m*_LYX+e3@e7=F1drFg9+!OwrwZ
znZj<qOyQNrevM%_U#8f&`7+tS5w_7r*v*$I?B>f9cJpNlpD^}(T&Mf`4ZHa=#oo=A
zDeUIU6n67v3cL9-g(n(6lMOc+cJpP5y_+vn*v*$I?B>fv|Igs&%M{*BKf=w1TMfJU
zGR4NtmnrP#%M^C=WeU6bGKG0hq5cDg-F%s1<L1j0cJpNlyZJJO-F%tCZoW+6xyI)L
z!*0Gzv2pWd3cL9-h24Ca!fw7y^pgy3zD(i0^eNnK*v*$Ix|=UkI2-=d-p!XOx|=Uk
z*v*$ITyE?u4ZHa=#m3E-DcoRe+<cj$yZJJO-F%tCD~<gc!*0GzvGH=<{r><=(9|<@
zw{kGA7aCAJE)2kba-~~Cf1c-Ea|U9a`*Rz+`WjhRf4l~y^LHI|>u<90hiaPeH$BB4
z{TE`<KpzbCSggN!@W<;6(}yBT_~U(m&F^Har}MW&_Nhe7&}#hgvdUvIzZ<YvfAg`<
zYpe!M-(wJL`U3ru&oX!!Re!v{v;LN0Jze^qPw_Vv{xrY5{HniWDgJn!w1LNB_%jwV
z%bwwEcJE;u&u4db`i+~`1NyrLiv}&1OdQmf%R1yE4kMm7mZRn)3_GSz{T&ALzEXqw
z<L6K7?+E<y*z|`}nDEEvr`BINR`eT2`c!|s$Flxb=4WK^nnQoUgui=I{P9}EV`xx+
z4JrQ0@vNvF8vXIn2JKj{9!&9fA`3QY{N118kH2BT>pT7N9!>rIAjMw+8ijtN1T$yH
z`1>jT4qt|Cl3!rL-*)jA;Z6uMaAL0Z(EZ0|SH3R*<TljlkHapOV#n13;!igngq`}P
zMt=<Z0rq?xLF3T+!bcpM-=iu1@{kD5A*@0Dy^-Rt9M4#2$MOqcQGdB$oPtEyiIena
zbpln9F^Ve@wtXnW%~4ncMe7UeHQT)PSA+xbvyTSFsrC0xYihcuUSDqS?tRDe<CnAq
zlkxen99~(lPH`ED#kNU4BTLsNQ|mmhVbxePXdPv2>--U{PsY*<3;S!fp>%b=7CWjB
zm?YT!7An4{{_F>Q$M<}lXX$kg=j*&z9;{zn{-@V@Z!E`0%Fp-n-Y@u`ADgXX>67hR
z`^r+O(|UhYj`ei+UjNhU{Jjl{A*um}?(S`dN2Af0v+RB>M^hMuf*UNB4WDQZ%P7t8
z4ZPv*fBeC&x8L9YlU1Lc7|oft?$f`%?Z?j@{>{ul(b4Dsv*n4t^Z!_~{lOdijft%H
zeQnHp`&KQu=ZQbpd}Y&}XU;tH>q-9@%3c1Mhi9#N@1L*#{P%;sHs3U5(B*%se5$f}
z+$TOY`0?j{^u{N1hW%<neof}W*Vpdb@s}5W|N5>2!C&>f>e&bT{PM(G`JcGqf;V3K
z*OQOFefp)$8FzoVw&b6xN1Zye@K3WI4Ap<<UVrR&@728d%({Pl;niCv-}2Kx&D`>{
zXSRRw+u>6~*1q{b<n6r|e0XX0sJ6W?{qCE;dHv-4N3NK5+lFm5q2d$YI8$={V*^+I
zVAPt2Pd|Idozos_^?&srPP~0)_a_%W@UbthpV9t$>HGQD`yO4J+v}tEe{sT}M;;&j
zpFiF6>yi~OF8PBin)Cnuk4qq)H@bXO-i=T7h=m4>h)&_urTjiKI;EfcpYQ%(?Ed%n
zXN}4nl{X5*aQbxQwU{vpyE3DpexXo)v2Rc5#Rp6Kw-1fPeSxB!Kv|?@V60+vD7vO+
z6+Y{R(E6MC-9*VdZ382LVL5@Jk&>g~+LELGXM^}Ix6IpK@^;+UQ4|T3<phc%C9i}h
zmAq2ekJ~xv4fZd2wS8D5Ff=DHECN>pV@;z&g;T4N{!4}y``XHqNjMXpUvkDjhaUJf
zk)$9pG?{{B-K1c3H!0ZAZ3?z@lY-W6Qn0_96ddU`1*gxQf>3FWBq30?K+1VoajrWP
zvE0Bw?_7jRb5jx$&n?+oX-`MAG%qzRZ?Qt;vO?f|pTYS)<DX#8M#=jfW$t{IMPj))
zpQ}fQ{0~=|^Es^8hjSf3eHh02aHQlF|7+Y|>O<UDvbPQO1@#H_<!HE~<Y?jb+^+SB
z$B+4#2Y38sXFon%6~*?S`}m>Kyp#l>7QQGIdLR=pKV1U67U2@mdiDgcLPtw;&z*vB
zQ%V9-OJGa71SCs<=h{03fnj>Cljp#d!K7|dupuP{sYP%)T?$wPtN=U#?gUA5lnUUr
z<}En#Q|ZpWJN1EA7DU(N;N%8|O3D*?N6E8#9xY@`PgY_*`C9YR9oS`gz8ttRq-CP@
zjz>m@3$s|Mq|zla%oDy}j@qflNp8Ku=224%+skjox$=t>?T(r@x8c?44$ITbyt0y=
zHLs^5A(Uh9Dm)BNms?lGQ_7h&vltx#+8MJvDYc-{5geNTUd+dSwJhMB=nAA^Dhn-f
zqT{)h>~{mWG|*uTJ*WRsBtx$aB`9;WR+e1=2V#HVHHUX>T6w;Tb34$gksx=hqo`Cz
z3tg`wt)A)WoEr9k=S~f-B;BRP^$tvorZ`<%a7F7TExaBuEv8PS6piagU1~a=qLjjM
zon<%4ab0^i>6zbc+29J(ZP~Eb=q53!mtD%HC|cU@)H}zU`bA6gO9qCT@<XK;-y8}x
zT^uUyAM=d{^~VU|O*_`^TXA^d$ys?V5#FYFV}zGI8J%*8&t28GL&K;xomw5+%{|I1
zneSm7a{oO&Fk~|8)~t@|MePF@-FW}>U*KjT+^6E5Ay3`1gzr3t`_yIyMl=uokmqw(
zX1LF-{%iWy`AP<PO1Mu+X>p(CGYguJHc#Kvzinv1(`&PI>>Y;o_POm-fAMGbaKn<9
z@VOGwwS@oYr(`3qrTxNLKd*mj+#6Nz4&RmeN|rY+wmG_}t%$>sIj*%N;}=I_i2>7L
z|A6Qye@R*Ni3QQ>jIh6A(U7MKYx@R1*6h#H{^#9<HPYgT&Ei0f*&Hqm+&U;$S~+6l
zsM5AjZgF9tu_{zs6Bzr)DYZ8Q!hbiuc1)=D#z<XNv^E~8{NwoAn<BBltFFB{T6>F*
zZ7$4?w$^HfRdhL=&}-I?`hDXLSDhT5*An1~a$~`lJvsl7pKn+-yNTWGc}m#an}wO{
zF-v~n`bCpRK3q8>aQnk~)oUhSlR1>Hi(p58=60_v%{gA4SwCQF{bjq7`!>tImt5oX
zc56M3@#ezfATu~%Yw)tXmYF#C-)4+s4szmxJa*(0Mh4aO8#C24?&X;|J7mub@S#jQ
zW%^R4KV@rUnZDHqn4#m6=!ePFI0WW5Q4E?Mvf3AcY0sD;oy|gsv|-GU&IVt6IUB}I
z7j5_r#6?(`27X(@kZ#`*(CJ@e+VE)t-{$4Mi?J|JC-=ZY{mWRmAN6HeRDTG}K%LC|
z({3FW2I?BL92y|dhH(=X`ftO+KzlO%P(O%;A)O!QnSK~E(B^}d1NYNK_hrnW>AVt5
z8^&7Bd_tq;{1Griy0n!;=e~?}UzRh!846+HQ+a-yOTHcpgY$Ea@n1S<%S{n}Ys1Kt
zQCJf(yZ4;wGiKkLqGR9#=M={d$+_*-6}CbD_{;`O)!%hDY#MXVef3RUw}`{88?eju
zGiH81?FNh~@kUQ^;8dsi8j};|S2Z-$PP^~!xjF{Tjj_`7i&v+m=2iz|b;+u3NX@6w
zZ6;Mt<WL0`1_z^*B@^qFp2@GVO=LFh^G?snUp?)AR;Sr#S(`5Qs*e26>NMLex62E|
ziS2ybBN@7mtGXh&5%fXk(6>8u|J_8kHHUxpBgv4}sV(vNY-`Do<-S3;>-ZAZgs#7d
zkZZQmAN!SL$jTU;Tmfad8C{c77M?HKkd;x==}N$!pRJgIy>1@LTT7fhU>;^Ownw0S
z2^I}p$5SL14&r|vMzq*>DY(7H+bsUCa6L68_AYrD!HiGHcJ@Yj=uf7}I(wBoUTbF0
znA<ewo_W(6IOfSTk4|m>-h1xL;E*dcT~GJgg#3I!a!1`N!?Luwd;4gecU_*&`=5>O
zPuaa|$(Icf{6^<k0JX_CTwu7+aKJFXTi1QvyCmYj)aVhzd>=&Z-MgG(Ut#o0!!?HE
zhTV6ZvafshQ+T4WsWUvu@MOach8qnx8J=l)uHkux=Nn#Nc(LK7hL;&$Zg{2PRfbm^
zUSoKj;q`_$7~W`jv*D)=Z!z3#c$?uJhFcA{8QyDnpW*$6+YKKweAw_2!ySfC7(QwE
zv|-k79~-Cy9rMTDPsjZ6YVYIi0D>P2@5D7IJNtmAcCi<oeT4eq-H-Y&Alo#Uu3v3n
zlHnW3|K4}`ItG!waz4^S-wZmg!s+Pnm@cN7I@85oRmU-~KjVAr4CAnnX+KMt_A7*G
z_LMM>^`bEI@s2R_;l?Dvn0M=L90NE2{y5S||3%=x6ApvFCR_^sv2X;;`apZ$mAx;_
zJFy_jiFyUNO1KhSFI)p&C>#f`6|M!h2#*CH5S|Fm#JQ!<I&esM61ZA;GI*+R19*{e
zBluC_Ch#`lnc&|E&jnwALZ$zC;6cLk!PUYGz;_8R27gg_Dfm0W%fLSsUJl+Tyb}B;
z;Z@*%cyEfwS`8j9yaxO+;dS69;q~Az3vU2FCcF{6U3fG2b>XMMJy5aee+&3Z;b!oy
z!rQ>Jg?E6zA>0c758*cOZ-n=P&j{}W55!9`^uHf`gK#_e9^pgae-=IreoFWV_?N;R
z;6DqW01xQp`8)}}PWUvK*I^zj1NDonV^D4rJsUb%_0Njl3p!c#uZ!-7PF9`eMgKX_
z$*MD-)Y)#ys-G0S06JN9uG78{F<JG|q6ZL@RsV$OMTp6&|Gns8#AMaKC3-1hvg+*T
zdE5wMvg)sjUXGZodX}`Q7&Nl#gGH}^PF8)4=#|jPs!tca20B^wC8EcnlU4t|=(W(v
zs&5y4EOfH!uZunrI$8Ce(q`+RlT{xg`XuON)o&DiGIX-)jiNU|C#$|x^hW4p)z^#O
z1f8rpf4h|BKNC7x^*2SI3!SX`MbZz<gHBexMD+R4$*S`=uIYaPbh7FVqA!L{R(-MP
zOQDlhe^m5k(8;Pdi@qE>S@l;%UkRP8`d>s}1)Z!q-;-rJS3@VOewFBJpp#XfDEd0+
zWYuSjz8*SR^{<M)0XkWAzRS<!ZiG%&y;bzh(8;PF5&dcCWYzuBzioj|Ry`tmGjy`*
z<3-;Fovivi(RV;6tG-(FR_J8apAo$cI$8C0(f2|ptDY@==050T)x)CihfY@g7SY?G
zlU1J~`XT6K)gKo9Fm$r&Pm6v8I$8CXMel%4R{gZ-C!mv64`@FRoveC|_W97ss^_r3
zMLpwVbDS>6`H1;RR)24d+#7uaLj+4c3?D+gQ21+zA2jU7ufv9VKhYN>4hb(qtYdKJ
zgRiA7AC1X6zI?3cNS+(Bsbj~dP=|l++bA~3lH=a!3m9f&p-)s@Z@fP8&A@%QFQ0Dh
zBIDfiJ}w|U81X>iHpHdmzW9eg*71=wVD8(1*rgLTiF5`aB76c1_hs71nzk9DGi~JF
z0sKRF5)18fgw_6MqVv3vwH%%ky#O&;&rvRQ)QQA71#@41_Rptt1hUQ_5C(J1{V>G+
zg_+j?na&UbSoFBV!5j-7L(GqnWR@qN#^m$n8iCxK1&J^Si`rjFh7HS#+-aOB6NSL?
z((#&1uKrdW^QpfT7a*go7?^&a<SRm!G&6lZNe?hF9+c&-{+-W0-0IzztAFQ5{8wO`
z`j3;v|3tF*pG=lI)?|2|;l+lRlci0qHoV^OX0p`hX2Y$9_mNqc2#2sJcNjixxEIo>
zHu+?<1%`m(Qo}LBHHOC;o@BVu@La<S3@<ax>zohmh+&;!UT;+AHA9*GzB2o6<#saa
zIRpDp<&%cp_))QO<41+v_)%6m1UG(E*o_|*uEe?0@yc%eC<jg;xbdUHZv3dQ8$T-S
z#*eZSMR4Osh28j3;WhLx?8c7@yYZvKo`>%L^P@Aeop@SV4$d*VNp;DHrr6ccM(QL{
z?buh7E3q(ayBPmaFR9a<+t{XV#$u0KgN^C~n-YA3a3w{AZD@qtUyq~yrbDy-;_#O)
zAN8=a>1%_(i1=gGQhy6m{PElsLerpWoe#nK<3m!mb*7KiLH&IjY|}UQEcxZ<A?t4<
z{Aqr9YSo`>?^u`SkTLHp{+>wjH`(~3U-h>OY}3bjDAgHTJUhlage$p%&;)-dLYH4&
zmet=Ou=TeX{%qhjhBvX0rR&N#n;rWorl&i*Q{qp{h5k&p?$QU7j6Y&wS}U<IEH>rB
z`w-1XUnI`vV-@@rxjnppv}52r2G-wl_|tmDCZPT}9?tsP0)P6ADE+8E&f01HHNzhV
zV6k5DTCM(EpNn<PZzZma`YkEsgufA~{zA$0(Y5*;my*88@VAbRB+!nbHpO2D{Ix=7
z`q-zaztk~?*{E~}v0a1uYe@08WuW(2pZ+ksE#YrLO8O4NU%LE$A;sUyqGWz~zoF?{
zk>amcpHAJHvtwExOR@9A?jzhFLG$rQ%5k@u<D!TX$NkR~e>L!Ty*d*+u0EaO?*#m5
z{{l?-+b#ZB=NKM@zpFiT|FPNCyO#lSDRcT(*u_%pxazKpMn46+O0!OX48I33@0DCZ
zh~oxsGUB0F!dSSC{mi?t(|xd-F&dr4woH;2bQ?dTSbyu`k9PD|f<^uDwo3Z~dU!tv
z=Pivt`ZcoqkTDiQ8Fb!{(jRv1GPZFn8tokD8Z>?QI%wu+rp_5Y{QNktDRbtWWjatT
zw6nzBf0t^{EYCB~QZk(XJwmT69z#@}ES5z3O0DxpU^5vDub+C4ldjIQPuF@5(*#ey
zXXc!{=3=JH4_N0%Mj`<(bU)^0KM#b{&HGOF7(JQ7zrhPyWpf(m%$+^AeoC5Yd(*z>
z;L`iS{_&$K%T=$@US5;?YMHZ7BWvwHn;ozJ_Fm|0cD!GuKfNZ<F5NW&U2Lao!VIjZ
zyC&GQ!6bwAkDm)PXg*M0GiOhmGw1xc!1Ln*yQ|Bks5~E}j*f(#y>B^N9ZkJ2_<z+$
zPHTvc965ZHR{3tn1)d-Ot-VGvK7U`}l?B@am;dQ?erjVq{t{LGe4U?h{<r+jb}#b(
zOFuuyR(Raxb~pYz8XXlacQ?b`-wUrChemJig-77dEp_~N$ALZ1e)IG9e`4()Ub=7p
zmH}V=Rm+r}UaxWf|M?O)UjqL>mB8?`jLUcWC3bW^=Qiv*u0OA3L1z6GTk9|1Q~%+E
z^@Ydl2Nc&I4E5U@$`6GuE*>7Mj}GiVsw!T8yy%k1o=DsNoVFJu;qv0$80tHrU4NXi
zWGD_dde6(hEqqOfeZ7|%A0F5iX?{MZd0Ql0AFdA7=a;nlC+P67l2Y!nHD0xI8+MX`
zb;VVIw<GOu<+Q)eUB(wL#OU)0>anDZdmM}pfAdh`Yl#tdNMcpsMM+q^KHhNCikrJ8
zEmU%*@U`aB0PdKYGcsODN!#q=158@SFxl><EflZ9fYPeM*Am%$D>JYw()>bB^DZXu
z{^DcYD-_K3yy{-VvDa|qiQfv~VDDuHo{xm9nz!aOKOc$J#~zN>=ZwaF;o-Vl6~~QY
zeu8m@uO)v8Fz`YoJe)hdz?~i)mFxBy*Lj~ZCQlu?)P=`!pIzMNsZpEUK2@FfK|zFq
z7kFCn@Xl#_c2o;@F$KZ2ZQZ$x`$#s6t75}h;J;-}K!NYAuFqwOCr*>pg;xt-OZY)$
zs0tj4v>(Z7Kg6Ot7^=^6r?!uz&7N9yR6Gu4(7cN!fL)G<>ie;{6DOl{1rkTaYh&Y>
zxL3WzRTt&lG`wr#Ty4-g_f}?nZD6mfKznhZ5QaWhv2yGAle!%r_wwFk?Jk~$f@?-i
zz^TP9dBx*OTBB<&NYqMA+}fSne(o~`fsv!LnvX|1-plDY9*J#=53d{;i7mwVX@9@?
zZVZo>)3O!=ZzqI(QaHm{??WYJ#lh&B%M*vd>E4ea(QSKk+V)3cE%7S4TH#z(2lJD@
zTuTiH#g}(-;<H}fyQe-Mbw`fzN@n2wNI2MWJg4LRNHmxmA4hKo#9ObVw^=1;kk3$%
zU-hGMm$<YYKXsZFBvVrFLn}cNnzykcMuU0rwRCpOIg77I`dXN#(QV!NJY9+V;vo8i
zxDS;k8bkrXO*EL}`8kmEvw~GA(YU3Xc=N4f6GYd;vI@5Cjl_n>XE8M#vyL)9mh^JK
zopkAl^rZWE(i5(WeJCX)j_0l_zL0)4!B2FJuNuipoV{Z_dx?I|E1`Js)Ctqi1yMv{
zU-Q;TY+QT={j|9BR0n+tH=+6*mQSJ@di^EJ)peL!-*Ztw;b8m0NNjEV036}mIZyFT
z2}i}7(v?r#$8J=;BWL>~;oP=8k=X9|G3O`G^V5>_)4~!;wm+##!A|WW$a>^s0nI|0
zI7j{9$Q4m;!d0j~H(eR!b}FM>mQj#pv@pI2p3v>^oK*+&jGw$TWfb>yDk2|?D3?XF
zBHltjRpO_g@zXDD83j9)QIKWiV;LR5k3`ecIOho$y2QC3p0<o~JC#wcv^BH|WQKm$
zdVZ>seyY-ykFQhtu$hH(Q9fuB)xm!Bv)l7CF6jsTQkOau4|Xaawz05}<s<#kEYHi@
zq?fg>v-V4ym(Du(%|qyq5;Z87r4wZ7NME!NZgAdhzvlWP?RZTaqaX3^+E_RjH7L;y
zt?<$_E14ejLTOtV{phVkqKPGXpaY(tg-JiI2htp9pPjpN8~t=?VcG?y>B(FVq&d+0
z6f`hfKFJp5bwTNRvb22=8kjAgWDD!u1=+qVZ4cyHSEBi{Pt^96(g!8Gvh;mWO8d&i
z96Pbx$ZrGan|L+a6F6sIggzwEp=uTI`jF%eQ)y1ekw7fB{k5F-gMs+&*s(|vt|)Bx
z{(kXJJreH^JKsbg6|U7L>(kI2O!=`Zz{~a4KztSo-nnD*Ptz~4z35dy?om-A&{ZZY
zL>cq@YQVerBD?48pStGP-F_ra1g>$VIq_iSeq^}qMHXLtMXUuW#4Qu^i>95Zu)GI?
zzr=l&mY=&!Y5hYB!U^$3-VVfr?T1)`=j^Xgf{A+yt-5I1=Gu^pX|<5yUC1!6>01Nm
z?6=aCUuu7Y@(V`Z55#jjPT)QWzs`QH{);VLdmg!#ruKuS%<hq7cDw1vq@H!kY@$l;
z%0%fk|27cw$;oJmRq<r7*Wk(MlQ<daKLf=()n&|$<0{MhfsWJ6Dy|!`adfxBxr=w#
zry-}dPxJ9i_#$ti=)5y~&c2Opqf=f(C9U?8QxG{t#d{lh^;#OLT5LB{cg#y26Djv}
zY45S(sr3XWA~&)hCqnvxzp|%Gt;Q%ipQ$JIo(uf|6Dg@n+uyl6F5Apdc0pT<O}CeF
z3n%?vvYnl!BXAv`X=nep_h7Cfqx^EE{Qht6#k8UMyoUBc?#YsUfi$*GH)Z(HF*K)r
zS0EN_e%AG-3uBvDVTR*exH9Z=Z`P#@JKvn;27ZfAYn^V*oS!azUZR0&pVzsa`2weL
zGsOGObKRTqvrB3QPrYyM@X`9;@;-2!vyVf|O6DthJJjhSfqd=na%)x{ydYU?$ECej
z^csP*+vMF)=bN+Y;6+J4__WwHU#_j|g$&OiG+XB83~gw4(#!61+~XxLef#mj|J-+G
z={_T*Hf(%q_HJC|vtimhvrc*P8sN?s%+r`;rvBPHGuLe;>H+#_mn->b_<`@skSX-d
ziF%1sCD}SxKgFw~-mfI{l;%8{&WV?u&i7=fe~IIEx{RssM4ryxBL!Le^uXGvygcdk
zws=z_OK0zieC`uQ*E}VA-WFEAP52PsZU4h7mR{@AHmh0ukkP^q84Gdc!Y7{L?w&sN
zGhw<qxXFG7^B&60;)lx>aUUI3iKAr4Q@nyXOH>p6c+lc*2K7_MLgcOe?bKeUI+&Gc
zSY4Y{C_c-3M40f6ZWZ}j$b6mkBOy<hKI)UxmG*fn`yB6?LYGg2Y0gx9A+w`?<Mq*^
zemkGt+R!grl>hRJdm8eiMHgf8wT6pBMg315Ki<$kRCLLk2M;z}k{P^WYw+?t!4Dq{
z79I}{cxcUnZ{>2zE}hpaI;Ft7HgAV!=k-cA|Jp-6JI}v1J30T_?MwIq<_DaAZRZ&`
z{o26V?3iz;Oe+SGx|uQ;+jmcWz`5Amd~s=J68msrO>}FmP9auUbB#~yu0L~$mubvS
zmz<Zb)0}Q^CFgW&Pt55yGUFHfyUgh})XwQvqI0?p^-A|$|E+zm>7zLWN$cq}!&_pW
z$lC0rZI|iZB8`~YttR58d&A6bnC>lFdt;!kDpVT}xar<72OOq*3)S9|Jj|ZfTI4%%
ze8<u<G$nfe)6V}kAD@u<76YCn>f~+R%=^}G?s?zjyNonv>)i9cu`+8N{u{hlh$^0s
zg@M0=#-MMrs?K-$7{XqZ*sgZEo%SeE7u;{E3DZt>Ys39ir*CCzZ`s<@waymC_pbR4
zHDd-%4_R&aJ}GT94uN&tMLPRiF?f*nj2Y6|a2y707&Gm(Vg4?{LjU^Sf4Y4~U_1BK
zm^OT$=1wf!cR3aY>f|0+sB`=c_oKcFi|XG6Gf*cpZ?xNpg@L*TEt63YXv3I+He^2*
z9*bj}7}D)K8#?!8{Et{@{}(J;4yVCP19dh_hID@Tt|<L5W=Lnl?Yf-J=1Q?)tZCpo
z9eOTwEJQm0<+3kh-IwQr&4KCXyQUak(6vlHz>IO6^=U$5eaftCsZ*$#N#SINv=hd`
z(b*=9!zMRx)cE?(r5p<*0(4{7E$Nfz?P6wEGwFjboouR%ldhd*Ho4A@-Rx{>Czwku
z37yBSOEKt%)G{!7N&%#9Ntr(`kwR<Nb(%RG&lH5QO_V~~*RTH%r<p^YyBIYs8UFj{
zl^d8m7%0n)a862H=V=QkH#&Q1+@fZ=mYOu_IyQnmRx<q8&pXFnCmFiV+s7U{891+;
z4Owm^cT&l6BjxRSnd>7|;q`>?&oi*U=e%<qug1W>m-EUEc5B{0+S?;?9pAAg0@tf$
zjs0&PMxT$9b@rp2ckYw2&WQF6vd%s<4<r8h?lA-V%siaWzjtfic(6RA<^fsv{NsFf
znWqkwo*j_a4@j3|=Bcax{M>2dr+s$X>^akJpE0{(ju<A|pY3uw&tnJ2YAo~EY5Vf_
z(MIL+<>LSW1fDVF0>f_nfY=0#USycHRrhu8_=$bQ=&s)voqfI9R~W7|Tw^$HxYqDk
z!xIhH8J=W#vSFT2O+%yMCc`rg&ow;H@O;Ay3@<jk)bKLH%MGtIyvp!u!)pw$GrZpL
z2E!W-Z#Mk2;Vp)n4R15N!*HwNHp6=j?=!sLaJ%6{h7TJ)Vz|Tb3BxB1pEk@+L(eJS
zW>I!?7!<+~fghk$&oRt55>)3$TjfH-0mDUx!-h)@^YOL%DL3rK>q>emj9zKD#&Fzl
zt>LkTCmOCZ?B-gKV@)=CgW*QQO@?P0o@;oX;rWIa7+!36so`aYmm6Mbc$MMRhSwNg
zXL!Bg4Td)w-fZ}3!&?kD8{TGkhv8PkZHD(6-e-8f;daA^3?DXp#Bhh<6NXP3K5dv6
zBdu@QhI<+I8+LPANZrUcdVyg#*M-;wj9z5e&4D2{rACh!c5`EhP0Z*OhAR!%80I_<
znlCq(hWOzaUezZWt}{Hz@MOach8qnx8J=mFb2aF(<{6%Ec!A-?hL;*%W_Y>bm4;Ut
zUTt`d;dO@B8{S}eqv6elpEkV3aI@iUhIbflHQZ)+ui<@$_Zx0Ee8})&!$%Bv7(QY6
zq~X(s`C(GeQMTb;hW&<f4CfmzFkEOjV7SO|*l?-gh~aX>F~b#xD-G8ejvKBuJl60;
z!*zxy8J=vo!EmGDCc`rg&ow;H@O;Ay3@<jk)bKLHydLufMGZPXYc}-&{vq_j;tM)-
z&rEcFqa5lu_Zrm3?#pdz<MblW`kX$+CZGGtaSO;uHv_vK)dOVyL*Q<m^1=x#B=`bK
zuo>d9OV7Zh&N=fK_{ojT?Ucw&FF$dSsWCldmVvWJIgoFp&W9)n{5+z(!SF%D{ZaO6
zQ)_sUVK=|5`22&>ufQ>N-wB2vH2hP;Y|Cmt5M`;%x~ja+aEIYa6o%S-#qf*5EGswP
zA<{{na)D=0e%$aohOb7!(I;(|7=GUHB^Yd~Hg_5RzTu;W%W<OAe!k&thW!^NZ6+FC
zZTOJkGCW*UpI;JYeP}g&IX)cIhWZS{KQr7H^+jzyW%!4NPaD1k{?vYz;lqZn!u%a-
zv&8UT!$bNeZ9ZrCIl}``dDYKn3_m4|WM!N-e0{EGPyH)~_ZluhgP~8_++}#Z;iHDj
z@qk(F=No?3a4&QUYBSdGw+z2#_)0uxQu`T(e{A@a;p>oA+9RtO<lb_hGhTGK&LFEk
zTXgmZWYr%Oox77&UnhD1F<JGWh+c%4toqBMhY^!iKPq}DVzTOdcEa>WppjJ{EP6R~
zvg$RW$Dor{zf<%I=w#J7pAY?4LMN-v&k@vXpp#X9Li9Lvvg*9Ir+qDSvg)siJ{CGz
z^*@U~5jt7*OQcV$gHBfcO3^1lC#!yo=#!z7RliI02Iyqfza)Aibh7HaS7iE|pp#X9
zO7xk~$*S}IjrMb)lU3(^7xj72$*TWF^!d=qst=Gpc>#2?>b%dPpT*G0s*e?YDRi>x
zyx*YxGU#O0|5^0q(8;Q=7JVgjvg%KXz6v^7^_N9o4V|p|VbRw>C#%kj0MoM$I$8Cw
z=<6YqRga0j0XkXrTG2N`C#ybJ^v%%8sxK1#Y3O9tzajb-=w#Kmh~5mHtokoR-v*tm
zx|=f?`Pu>9%^6$>K**HqV5_j&=ZM}0oviv`(f2|pt6nSmKImlCKOy>l=w#Jrh~5sJ
ztop;EAA(L+{Sna*Lno{LwCG2mlU3g@dIxl}>VFXZ1az|Mym{hzKM9?zdXea-A(K@f
zA$kV-0J7?F(X*kGRi7bxFX&{|zbLvNI$8CHMbCjwR{h7K=R+r}zFqVJ=w#L1Jn_g^
zA#}3pZq9h<0qA7a`^r5`5p=TZMWTnHlU0w4UJ9M8`t71epp#W^61^NcS@q?j$Dor{
z|E}m2(8;R1dFzq>O6X+O_lbQCbh7HNiyntgR{bxc^PZQi`sKa6`Y;wcS@lxUCqgHy
zUM+eZbh7HxMV|zntomHhCqpNz{$<e{pp#Yqq3Dg!$*OM=y$L#5^*y4`gicodPomF-
zPF6iz?lb2>C#!y$=<}hIRlipB1<=W=*NVOvI$8B8qA!I`R(*-+%b=50Un%->=w#I&
z7kwpkvg*%^z6v^7_5Gr+hE7)fxae!3lU2V&?xoj3C#ybK^!3oms$VVo2Iyqf8%5s;
zovixjMBfaZtokz1pN39W{YRp2flgL^o9NBZ$*R9B`Znlf)qBeQ{|@M6)%%Oy3Z1O_
zm7=#nC#!zD=zF1)Rli&GebC9Oe?j#9(8;PlCVD$`vg$t;{Sb7r>aC(5hE7)fr07SW
zlU48O_u6j<bh7G&qMv|HRy{8IN$6zNZxj7Abh7H75j_L<L}b-hiJlFetorvw?**N#
z`cFmoLno{Ly68F3$*P|aJs&z*^^4FK^7>T(oveDf=!MY9s$Va906JOqI?;=ulU2W8
z^e}X?>dQqhg-%xe`=UpnlU3g%dO38m>g}S(pp#WUA$kRLvg!f(Tv-X7toks~YoL==
zuMs^Covivy(QBcTRsW*sW1*8(e^~U1(8;PlBYGWlvg)m(Pl8TX{h;WRp_5hbE1!iM
zpp#X<Li9%HWYx<>Z-P!%eX{5?p_5ggA^KeCWYrgoJ`Xxs^^Ky>hfY@gXQD5FPF8)d
z=!>C~RnN-t>gQ7EWYznLz6?59^|0v6p_5ggAo@z^WYwpNz6v^7^?9PNhE7)f+oG?5
zPFDQ~qOXHaR=rvD_0Y+x9};~7bh7FvMBfOVta>kbF0mOpS@lxUpN39W{c6#-Kqsp{
zR`h1*WYy=2z70BA^+lrZfKFC@mFTU|$*OM=y$w29^;XgMLMN;KThaGHC##;B=biWc
z(8;Rjh~5sJtomTl4?!oZ9vA&Ebh7HVi+%(;S@kB-JD`(QUoQFy=w#K`h<*|}S@q4L
zpN39WeV^zV`0Pkl{dLi^p_5fVEqX8LWYsU%XG+k?s+WqM1D&k;^`i4T3bN|cMK6F(
zR(-DMh0w{WKPY+tI$8A}h+YJptolzy4?`!b-X=P~>maLsTy#DIAgj)oOY+f=^E(i-
z>itEJK_{y|TJ#F&WYy!MS3)PNK1uW%=w#Iwi5`beR{bH-`CSTG^~Xf#vkJ26zYv|@
zv5-~&jp%%aO;)`_^hwaks^`nIzRA$Zst**s0XkXrnCOkr$*SKeI=`zStA4lWGoh1J
z|B~qZ4u`DzqoU7)PFDR1(dR=atG-qA1<=W=zb^V>=w#K8i@p>(S@oWH-<S1)-vyCX
zN0)i_-<HAkk^#53iQiO-fce`jd>8khgx4Z|*zmUvqe?pa<%mPVe0DTccq!s*$+(6w
zkoEUQ#)7Hi@rw7`G64WWJr<^c`+k}X8+^oa+&c(Bn2UuvZrvQ~@3eeTbmp7f8~qIf
zed%w`@SR%zZcGK@0%5*C?9$I2h4olvSm$rHFrDPy0sKSYGY<a7%NfK0;lYRp3iDY<
zDH;7Z16k8k1LnT75xa7LO`;r%AR>GU3-@K-$(o)<(V2I0r@X^Hk$3U)WwA%Ialgu~
zeqIorWk6OxuZmuXn5_11iXK2r)^a#5IuA$I-{-lAI{Ih^vi_z}7|h?I8HN~D)iKK^
zKxTzP2w+kF!@>Nm$Qa_wghwL2g3L@Ikb4ht=>67>*k1{WHY{7R{vHl3eJnr(mah+O
zhk<3Mzdyrr@u7|}1hDwH5rOIVp_~~aSbUO4rq3touOv&_fQe)Aka{fVU)mtcPLJh$
z%CT5S^;mJT9BU$3jy0Jq$7&+`@DE`g7Uji;my@MktTw#f@Mgo!Wb`Wxtyq-z89qd2
zAtQ8PQDz%Z?uB$I=Nk@?(cT$K4aW@E7#?eQlHo?fa}6&ryv*<_!+cJmzhlE^4a$68
zpv=$w%KY4}+)hSYX5i;%Wqt-$&PI7F=NK+D9450eB9t4hG+ax@a~6g=!wrUKlG)%8
z<{MsWc%@<9yQ@9#zkO&s47`U{=6$d-?`4&FKdQ`oN@dSO_x}gL1jXdObEkDV7OBcy
zb?ufh`v7alwy<34B)3b|bA2qik|M$~bjS-(7Th1nb9QWlH({~<_Q99>z@`M(2v<@>
z@WT=Jr$5?r;rcWz*57{kOP7zyu;V_JSQrZ6h;5wya7jw|TL8BHI^a*L2DW&1jK3gU
z$rXf&aKwIv{%Ei1`wrOpI|+YbXc}n8unLP!UlSa$AE7^1DfRbbu=N+f2K9kW34T(z
zk|M$(IMVWCtp3`-)?d+C{QW}qsYJ}sVf?WxRex`Qtv`O(l&<^^$v%~c8BW8WmLI!d
z^+#vcUxXV>;5LRHVu#{&;cRw(*fBlb+3|f6`exl=puZ9i-G5C+E{w>PvMoQFtXH^A
zOyr|D#or|CB$pJor}`^O@i!L!^t|zXecEyT+7y2?u|db4(V_YqmEvy_{57MXS+6+m
zK>bZf@z;zC{^fKeLH&I+#b4nq-nE$i*r%w!rWAke@V8N&i5*w(PVrX@e}|ycA749C
ze~VN6Eyuxbz;+FqzAvTti`3%t6^!VQ_bTe|yD9$m!5_cp*P#Bsnc{CA`~{%VUl5D>
z`*&#gOVpRcg~>5$^r`-MjU!i5L|AoevfdBGy87Fm;*W*FepG|{<8x_y+-%tKK3jv@
z{W|5i8*$tSjF=DJJL_?er}(RYzjWpNR*JuN_?syH*uSa29!NCP$73-pgukmjbpN@H
zOJCT@rQGRTU>9@b{i6*-Q2cpocs2z)o?i`W$Ll-OP$?VAKkB_>!2FhC(e#z2_^Uvr
z=d%?J>aRG(-x~O%9sQMIQGdB$?OW(062x!QrtwF=M$Tx&$zKiu&C|V?M}O=GdCOt_
zogCzSCWP#Qrf=@_dy^BF2fClf`TTtST7t>={Cxe%I>ma$&w92^&cJ%QHkn%IAA?;r
z77bcQQ|tT@7)-{(>#^R0rK|I`*in7JG{JKk>!Tw-lC1XK&0RjceE3IVXd8h*_j8xG
z4aI@b@OWR$JGN^wMrYjp`h}l<;D>krboM*<RgC`Q$NuF@<3BWRS>pxY{=rL&uDEnp
z`<=9W|IC@|-o<hZO9vKe=fi(p2~>wJ9bF!sa_Nmv^@@fri$3d%PPr^G55v!cyE3;N
zFU|I6p}I7?3v{tRn2}Lj$bY5$SHXX^{5OgJn)q+NKQq)+5Nf(K)O6W)B-PCUvLl$+
zlGCRnuVr~={eZ3Ym+h&)^k99#@%l?J;Z|rZ>mUwLe60WdpY&&q59W+PU1=YfTXI7@
zyCis1=7163U-Y&=v+mfGV9s{--(#!Sd?h-0#F|*vsO$kD|2sn-JyQ6geaDvYo+P8K
zY)$cs7W~Nj^KGqb3j2jh#r=Dkg(JeeW5uBY!y++%WOP*|6u~uT^tEjx)||{b6)Ik+
z`}yanDRvvE?Cmy!yTulk479t(R}^OtI9hT1_o2+~ub%N=aL0-z<v7;iSv#uyQxkLc
zyprjEN+-w&yn>mtE=_C-42_f=4Ua2sIa%KkjYKMPBG*MmAC0eQFV7u^Bn}E^V)L=l
z(QsDD(U>n<-z&N%GZf_02;>KTUkoplywPv}#3mdjo_o`Qx`ma4FniaiO_5Me<;a{!
zG%$K-Z20JFNA1S^!fX9gL%}`?S5Jj^CtMXioLE5u&tM|eib&n=2t1TWMxP0<7!YkA
zkz0iX79Gxf^Gw~b(IXFMz4^9(U?_M|!rzPGwMl<d%?c*-Sz9?UP<J3OD5r9SBx=)}
z@065<>U&4m^hnIL<;qQ_#`4N7u?giCZz(CN+dZ}-61grXQV|&)im$k`9LZw2-EcVj
z%~1T<=yD|M;2SOef#FRiUBYl#I8`@brEV=|Hyad)FANmrFsm%Ax&wz>-uzvx1+(JR
z`;oT9G)FFNyxV2Ha_2O$iRZL6zPqD561mnDSZm#it4C^q?aO?*l?Aph>*f7OSBvLj
z7f+>dpq1%Lu3#>(7M9oAWO<dw7QQ@U)B(&QzR*84d?4ZDDP{V2II&V1iSI5cYQHX0
zcYql~6+>a&k|?Yl**jff?a11>mFF;h^+K8!Ch}X?5?jc!+GNXW?aq(ivHOl$C8fn{
zi--HC4wY%gk+)>sa_Q2FR*Je6J`lJT$%~ZdM6N~Ms#|eqqNq^$UEM-az3>6+R+x1w
z8mMcD49Y>}_s-%g;Y~Y_zgz$E{yp`Xwtg{TI%OgX4DB*mzmT-D_yN=}oJG_xRC^TJ
zXA(uG^=n5~^T7pZlZm;Vcp`Oz9_O=vViQ*D*0zmA1&b8rw0TKut!sJn<9BSjW8BW?
zf1c}~I(AUNE8@3UW?D~=@?7dl8D^g<8R)84-KNMNb2?5$PK9DCzHohe4XggmBiW_J
zj@^9y$?Q|d{R6e%fx{P-14r3cB>SMFk>;U+_*$IG=3SiTZ)aKE!c!whVN&9Eec=^f
z2^FuXI38PZRVcH^&)@f7fbO_Qc1HW4+>+t3tdha;O#I3~=75iX|A9ZmkF72rn(bx4
zpE-v2=AkDRjlrkw%*^0`t-;Io1TQ@pEI1y#B(G&AuM2LjrI%K`vGCnl#lBavc4hb9
z(-(6?WnYus7F`sH%xx}ObX8_%kBSU`UUSjI!0n?m!oGuB1EEks#XCcu${Z8RxH0cj
zwON4?&6>IQGGo5bzyeN`6ewHZCB`Ww!$MOFPQB96+B|(v1al*ONM}RSS<&Ci+<&k(
zOV|ALGqnI0C4XOh0`vFXj_hRk{n00y(M_w>7(8#R?dxV`lFs1ND_dKeZ|&QDZ6MJh
zsPTK5t<j3(&qa4_@!#slJW8@h*tc~`!O*^Ac%O*t=9mj4#*s7m*)R0Oe3aqPzP&KN
z)V>vm7oMEu%`%nO(sAMNp9f#ceZv>n8rZWn(ErKa(NKYx<xpwCfM~R-phPB=!g|G`
zAy1XoekkzKW`9;<lBk1C1-E`EIj57B;%(8Myq;sH#eo{wmkd?6mj-Sf6fM21a>T}H
z(`9X;TwL?*L{ruN#_|4ps%z`2{huCRdq>p&nd;h4L~HM?_BV|8Ppht-RPCQWzV?$*
z|J~KKpNiJrr3YM+xM$dxd)O!U4ancJC!<pac*o`m=sdSrM`pd;rs#Z9Qm4|)2=(F8
z>}xV}g3`XQ(#`x`QntG?UvYDHRh9>uql?<S$-5pZ)np&3h9|$SIhHG`YBpmoTi%>$
zf8|_Qxz%fC+PSdQtLG8V!Sr`M(&YSu&xM6&DZ{>8y`tu-Sugyh`QQKLH~;>|om+1k
zbu9PT9qaDD?xA0Ps_+M^9`Cu&cjuzKXC4?{^z1+QKR)-9&&+;*)2j;}>#_gabB}$y
zrRAP)A6jzbGjDJIPD|g`wf>?RrEd&<eDU0y_y6n0NiQ#b_p{^2UAyYu?Zema7?QQ|
zxi8)Evv+#8Z@+QHW4|0Xb!U&ei;MFgxah}2V!;7rr|&JjwO^mugo$%5n)cI+KK<FU
zpKo3GK<Vs<)*k-ZBezVyZ2ioy+_Lr2aZS%%dibH;MLoXxs|QAY=)}x5pU&yuvhLDe
zO;=rB`?>g#f8VmP{3(CosGA?(_tB5-Tz%&|Gs+r|-v8CPGp7E_y!?4P7Wc}0ZrQ0b
z&n*8#)7W)?e)QdEj?bI5{crI*qo~$JSQz+mj)9MV81Mwl1wP7P(3l_h82C|-L3NFF
zdl9yw@wh<W%Ji?yV<>a~bWDG$^O(vX#2)5}DZ%))0xt_1hrs+Al|j=?*6FhFB-7b5
z<}qngi^Y$H`_^G$NVo5m(0MGzx^F3%U&C_WF<7{r`^K@TJ_XE=8`P&^`3e@=cVJQb
z<KWkjdFsDpe~mzU@*u?2Pl46`G`NT8nFIvdlbL_o7Z@F@E@(Nd#~OVxX5hYLxOMu!
zA!eXXrcR$vV$n2g2J>52u0MxG%VY=mW-PSNgQ)iWnp4w!nb8Z49s)D)xMV%<5HL4U
z4+GRs8ASx@<Xpr&?sZ1TstcO;DOh8g7~hA5_H9@g=!eYnMg2uAeT3T)GtfqZ`qXk@
z%tO<Lb&_8b(T_g1?`~h1ruENPGBU9+W}qLk*4rB>BBb+wD|GJ5n1MEA&Er^bZ!Aow
zdtQP#ogaSHK|hQc(%EpkE@!i`?MQ8?X<6|R7ehM#<<RM$v6eIKH7|S=rswOdWpa)w
z-)2v1sxQ--(qwiqJkLs*bS*LA8E0kdy4e%c&hqAMa+55j_{7{v$>W`E<~STHty^#6
zC2UPh-{j3*ra9@n{ai=xy3I?nnLn+IQ=RbXTyx2#oj5L;VL7aun(Zv5>$asSTBF-?
z)mh$>$4C~cZabT|&c&6Sj<556=RTVE8{cI~S81oE!znW*+u47jSZB{@sGnP3c1uRt
zf9W)JXf(V;B|}!?_Q2D!65W=r2a?91EZ1curL4qlho^Nv@0|Vimi~A-O@=J@EskC1
zTT;o8<-X~$>m!mYpswE?u$xGREO&Xa>-Nby_vbe~$&i(pCC<~bTvuba%L`H>Wx30d
z-OkHHGIT#rU_sItl$Ds3&Xcp`Nw^wixo-z_jrR6iN3O?Qr>Pb>0NcrO-R6Mn{61O(
z*Y!e1jq4$T1g;nB3SzF0mUZrzhx&1gtg|FIkDXp{*jeY{HuYZFPCXCb?$4KXUUc$M
zKfWyMya?o>eyoypUIg+ohGl$T);)j2GcsiEx_j%Jnr2MpEP1oX+%s=lL&kKr$8P4s
z>)dxFnzD4kiS<OM+gafxc}Wj4Wgh$J<g9tx{1ZEBo6iU!AHJZM8J45IhsT==pA<T4
zhi{-~<8Hcz14ef@?4pN_&X%V8Mhv?PtJw2msx}pdD-G8ejvKBuJl60;!*zxy8J=vo
z!EmGDCc`rg&ow;HFzb=#Wr5+vhL;*%W_Y>bm4;UtUTt`d;dO@B8{S}eqv6elpEkV3
zaI@iUhIbflHQZ)+ui<@$_Zx0Ee8})&auNPX@D1`H8<B6Y$GylyJob~bJkBBWjtwCn
zi*f;3_AMmKz5%lA%R{OSFtM*YuC$SJ9#?GKamBwouK0I8*`Y}A(Xq1F+dOiUzN6`M
zv2kgTytuqupJDZwk{7<HfZ+V_E*OD+_+g3Zy_hVWGOyP9jyS)g(s#j&gn3N%ztmaY
zbWNroUKz>EcTAY&9Va85A4ANm9k~`UOr3o|Sl@eQHu6z!{P1zT@NJ0i5<Y<V(_|(9
zVI>xQU;Gha=I;ezrui*0d_H>t-pgRVu`hSuXLttErTT@iRbFkl9EGU*3x+=pzpC#c
zW1rU%|5-S@2i{vZ%rc@q%Z=PSgntMDEZmnLzL|e=DdIX|mgVQj*q8f}^&RU)qO;7&
zs{c^*0AjN0KM|ehmaO_~)N$N55Wg-w4e?*dI4;i*S?zmD88V$@)!p1ou#Z3|tIl`M
z=%*YyS@pX_k3lD^exK+S(8;RvT`u~mgicodanWm_lU4t*=qy9B>PJOqog}M%O7yYN
z$*T91dNL6@S@jX3^IVZtzfSZ?(8;QQRP@Qv$*M0Ay#YE|^@l`ngicodd!jc%C#(K~
z=rf^{RsW6XbD@(}e^c~%(8;P_j=I2do)4X@dWq-@pp#X<O7z9h$*NBgeJOOZ>i3Dh
z3_4l$FNnSzI$8B6MPCV>tok#euYyii{THIIhE7)fl;~@qlU2tzMJ~VVpp#YaC;EEm
zWYupLeFJo|>bHr$5jt7*siJR&PFDS4(VvD+R{eXTZ-Gu${fDAALno{Ld(pQ+C#(LB
z=sTd3RnKI<g!9`9oveD9=xxx+s*e_ZFLbi%H;TRwI$8BEiM}5?S@o}o-VU9t`nN<s
z1f8t<bJTI3b|Ky=%!iunXQ}f+rkf`P%!ib3Q%AlI!-m|u2!QY}Sn`qoA0d9+@Dql&
z3I7o>zs;w81o0(?uQ1H_ch%-f!~6_Fo!8ny!n_2Bh52AIBFs-x?ivbvKA5Z&eGKC3
zh52BT>-5QbIF`&Ok_hD9JP1Mq7V0o_+<P$9jEv7?;lBTd_<k~MdI{@z9)A9z?ng}4
zaY_$S$G)t$Y-6-R@jBKqNY99#kC?1_o9G3I$(o+mL@z{4)-?P<^Z;VArr{mxNW&?_
ze-_?>nCsNbP(J*TXQr(P8d;CEi#DhSFCxZf$4m=9_vyGPvZgsIHd7E^CpI{QH?LU`
zfbdZ)+?QoY*7Wm!g*wZStm&UbUD9x$*su)AdjIoP(OHIM_4%CWEJL#T<o+CA$F#$>
zWA1wqnH3O$tYhI|ni$7L?#)agu>R#EBNd2w3^MOQLS)_~B9JvbWnk*uovh`2Gj-hP
zjYW*tbRFM{*!k%X5bn*yB80K1eS{1f`XuYIm?r8hXR;ovMs$`lS@Y=f&H_PjdFMe8
z+_7NH^fD=&gOcqrKxU>90$9}la4^St#t>g7JQA_HH@*}g+?x&&24PWq`pt(8^Fr>;
ze-eCsJz#!(Jb?&|e5{xVOp1;@3y|eJGW|ZDTm+VnPtFU|=aaInBun1oWXac9vZNW9
z82`qy(=@o_N*ao&qYg8;V@VoV{+b5oU(zs<x};$;S<=u%mNd*GOBxoF(LNcLV^Lmh
zc)j7x<V^fSXvU)4YIvXFLxwxZxGpf9#-hyEhLqVyD+dgh8jcyRG3>_3iT_DPZ!|pD
z@B+ij46ic0&afLJC;qokXQe{eVR*0McEd*upET^o$cY~}Mo!p`krQ@f<b=yn_Ilh(
z!)}b6*tjur!fuS5up1*M?8e9myD@UYD~-=JhTRxBv2kPMq~CC3<b>TAIbk<OPS}l+
z6Fxzo!Wk$_Wj~o6Awq%SBEu2G6^1!3U&k3vG(6cb$GH1?dHy+0U72Iel{vOfnV&b6
z*OU378DX>GX2Y$9Ij&Ca4;kioHXU<#+HfzFtLnUd>UhF{;Znn#E6~Rd1EI$7Si>CS
zq&AI)=aSKvGAuB>%<wA1>kMx+%y|R#S*7Q#`~Lx$pz3GHX?CAIi_C6t>B0c~Cs(>P
zT))v*F}qh|;r`sl^-;2}{_3!P1d9gsR}R7YD}X=NbNa(+NciLaHht_{!q7CRzX=em
zzYRz*`&9a4)#f&)Zw?mguL&!K&@`yO`yg0<MKEGNPJcaR8~yzg7VB>*R@4VJC3vZD
zB}IgJ@W=h>kJVVyw*hSZu@6k=?=jh@5;4PK<F7Z?)!$CA^|u@=(&V^X!uS6YuB3>t
z9R3OrGkvU@>hDdk^~ZiW2bu;=>+c|tD`mra_~W&b{&<O3e|#=t{jJA}`rxk0ykE8c
z_L=<hvaJ3Fruf@%7Jrwg_&a3$@p7*I_%Z|j677T6n{?$jI>ldyDL>u@sJ}Z>{5?(Q
zCg>`k^N`sV7|v!l4Mt2)cXl(xpSDZ-lUow!pXp=xG<0$$R}gyPMpf%6@AEVti&Oly
zVV!MNgZleYiobmL<2?=Q0g5Q$?^`MUczxBEXy{Y@eJ#b`I{2H6Owk{|=hF23D8*kT
z3W?`ZgZkr}xa3ONkX?lNG@#L60E_y29vc1<^<V)SZ9CRAsK1}X$oe}y2+vYsM1LVH
z>hE_c{wCvQoaxt~{@PRg?H!zKM@2AJf4t}Gls@>A+fwIJ{hdznmpvre&fz-Y&)w@_
zUF*wA_`AV*^8Tqm&W%j2lx>CZ7Y8%HVJw=yQ7P%$4}W*cK8(~K@1?B22KZZy?ete7
zcC3#RQvAix>B((1wkG}Y`Jwf9*yOiV?C9_A6n|sk4^kp%`WB?vO@tjk_h?YNFQgoo
zg`xf5Fc{O0$NgrCzh&^3uAF&owE2j@pI(pnSxo(H6n}_Z*b9HIV#vCt?<Zo%G%@T&
zVpzr+SeLjw3%i~wBJL}n`Bb6}!!O03w}$6ju(SPv+VOtW=3_DPu^2n?*dM{7`8b&3
z?|bmKLlX}>_4i7Ozh1?j9sR|OKVBoWj|67ijn8j?z`h#PA7dkDOl0Sc9V-w8u`mfa
zSa{90{w5aS**P=~>aTI?@MtVKBrnk2n7s4jP_+b;ao2ZA>>1*DuxEnnrlP=2>boXM
z&*^CZWS&3m`*^QvgPvQ~2eKahY<B2!I$fjBX2<@B{<KZfE?t{se`DL^46L)RYtZzi
l*7?U^P_0IY)sC?((IZ%&jHMSAmciNTd@XiVA23Vs{|0?Peb4{^

diff --git a/components/ssl/wolfssl/lib/libwolfssl_debug.a b/components/ssl/wolfssl/lib/libwolfssl_debug.a
deleted file mode 100644
index 713d419c66b2c800157bd42259e2fc0acf7b8d94..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2127680
zcmeFa4}4VTc_w-!VFw%8225O%sL4Slwr~VULSWfd5=o;Gk}V`z5=3!HMx&XLG+{I&
zW=0^gY>R8w<?fHPByoG)mhF`jx9i)o4QaVuwxumjsW0gzUFv$fBqc3v*<9MC4efPr
zX-n4kdA>jAyywh}05?gyz5af@`kwE7-|zkY|2g0J&akFEo=;4F=<bbf&^2#veRNan
z=Es_wUAIYz<X_j_)Y|rFo8ph(?KpSrahyZfOX+J%9p`O&yAIy&18?_%xBI}`ec<gr
z@OB?~yAQnG2j1=jZ})+J27Tb(zNOAT8U5FT&b@EbKZ`oJ|5N*&w?x1Ex^w@xiB>H=
z=PXLUd&pS@dS`1xDaAXScfL*kZ0lh4?_G1s(YvazIsas|q0V{N?Na81^R90ry}RSI
z<I&G9IPaG9>ua5N|NoHce)z1jDE(5MQ+GS`)g?~d+w@(lgZKX25vPRy+cD?8w?XfF
zqUcnlU9Hah!t~+|=Y5svk04uw-1d{sA~cdJM$)s>sr<-nDp7C{d@{AKFp^HDoRMNK
zpJK@APUX{kG~5>7mD(0B6cHhn$ft_V-dtvKWTZb986AsF=2Iz;kxlLOa6phQ#0shW
zo>blw7gEJoJ{3>KCX)f)-h8^43NwYy6yhaR?qivB!Ou&GA4|=9W_?j1z$;A0^Qok<
z78HpDlf{fLV*n*7#%5EZEQ-ri0^F^s;_$#$FGU0gCq9u%6i3pZ^lOY&SYEO%I@&wf
zT|tN_+v4+sbH&-Ypgr0u<uVmC^R{$0nn<8|V<VsR@>PlN#~Cif%f>0?tH$#zqc(PV
z0k*XlK$_jDJ$*jIBv#5qdCD?-Q}J2PTp^Y9P32RGJ-(zEFZz`|g(gbn^Etm4k`vFQ
z^2OLRI#Vvc&x^S?p4A;R$O)D(Iy|fm#tOxJIy>d*h6S;#CwelKn(fTz;}~Oh9Q9xf
zg;><;jc1eSqq|bWsX}fppGXB`EFxxgZZD)FnRF^!9GSz2@}pMbqo%jT6J<s?1QFEG
zws<x^B|5#}G5=m+1b-m4SB}G=q+EpU*-S2;jCA_BjqVtVv61wUpV*g;&-h7En9ipC
zNnjQoK{f;HfunUQpPQSF&7=wi6u~#Xh{*5#J5u>VI_I~a9xq`oDk;o@qGfev*!}m7
zq^Gi|K~`v|{@b;0fCcJIqR?K2^vNPIBbZhL^{83SP(Ft~QRteRoGjli(QJGolZp)Y
zd!|Jbbf*i8NRjjO<i4Ak9*m3(En>TpSm%q<kz#x{6KFBNr<n|vRZA4}89!mvM}U!-
zP9=85X0d=_^v8Ck{82r&x#_W3GL25)cbd6EDwaU9>B)3L&K4nltaD_bIglnAcywkq
z8i{rHMnf}dd46<cq;GIQ_2(J2o(A$ZQdS(xq_R`R=|IBlw|i6rdF(PQWRJ}qnTQnq
zwb1nINM~fii_0+=n8y4Ol1WeG<N1BTQD#R~0i6#cBbJDx!ecWz>>uomW>w0q)XZu*
zzPF0b70@GM*<5xalS}w3h`08Zm+xtbCDeR}abBFxc?-gxmQ6u{7)q3B?XpZ;oDvgO
z5KH8;SuE+{u<B2iiHzyJPnnDb1fe_xWY$<Lo=Bu-{RFeAsa!EFyDgf%x6qx-rbG)z
zGO2iW&R;MmGjoM$<Vv-l-`Z@MVtOW(oAVQ}Eou3fyhe09y}EE7GYl_}Q?O%<b9WgQ
zGZ`zk9Y(2fgV@*2*)SYMkLYA>CZ5j50&4(`C2}*fd7UXQ4>sSkg<ZD!6Y)%DA})Fq
z<1QwbHcV?&v{6aUx?mdEU1y8w;y!FNvVQG`rGe~o0;(K!aVfK|#<iX&ViOe?iGH=>
zhG+Uv^u#nPUK@!`=JGRfzYI)@nGthnNpePINKeV!O@=d6#>nj^D)qgJyh+X|uAHl&
zG+<Li3M>qaGCb0`m{?Yn%yYP6!&#TQUS7<W2@`z*)#{IBwo2)CDxOSYzncL~<?x_2
zJ>y3h#O8?)b)_npiZRbkdP(YGQP2-Udh#!XpJ_O>cF(2pw=g|dOy>6b8>mG@+A;>T
zp2#De!Dl@C%*jzxLB(1~rY7Ta8M{ozX5+<azo?9lU4dF&Vu7q1iLc7c>M0jnd^yeH
ziI!W>*d+cIrc>T>qaKPGt2i?o%NOEU9m~u*C6&T_Gx6MP5lgC{zAaBVegd<4z9a_I
z&Wq<)hWCoFO^Lk_Wy14*s9{mJr6RR)8W|lNj;aEx7MRQDF{cIAx>y;#;1gFRg;)~H
zn!n8nsj(1dCQJAmm#)6S*kpJnAybuE9VD13E6~VFBQ}xFc?H*o3I%^psdWn2e~9xA
zGE+H!ASfl|tRy0MqQ<Gl3Y$sI#FFu1Jdo@xR^k9dt<4_Cw!iJqv++V<FU~9`IOXO8
z)+(w7j4>l6#%``rnj9a#y7uA8ax{mD$Fq=~o58}9*yVR&HU>G|)Rhc|;<P#hO8eu7
z>S>fPJZ$(#&CCb86FFw-&Es)7H{)f55;I8zC8@ZVTR?WJ!1LX<?#;2l6BrrWXHnJu
zKq0FqosIkbWu&(=7>kThEV4>sHJ3zdE)%c0G-Au<EhSOOD@~N#V7m6HT0aSud8*#l
z9V_me^$W}hGs(?f<uZ(;3IBP>FpyM02X@#kOKcfFXV7x`@*I(tjrxq=OUR9<3bE#v
zHVlSDz=+~MhR1<2eAY!dzOqyF4~9JZv{Qz!?3CftPD)Hs(oQ)(?S%QN=c*%4w2T-T
zw3W&xV%fQj-|@(d^bPe!hgD6N)Toegy^v1<Dym8+(BDHAu~3GeK|>lGv6Zxx`9SML
z^x<uV2+?dJzi+l!k|Dttk4Z7+q#K9Q<)R3FIEtv0a90zezzKG!%z>v}CG#q>Brzok
z4NE^t>Bux?U0e`O#gw)*k`#m^iNcoI42dEO=|=|pd(=iucRE!OmM3DAR*>IG*<mI#
z@hN|e5D__F=$%bPm5Ktp1kPd;D^HbZp8ML+$q(5>PewngMovj<n@OkKs4=3FD4wx!
zukr*eI(LQTa;TJ&x;F<;T)d28__ME<N?AI6s1g`#$|UBKrr7jM+@B?fo{WrajtzA^
z+1=9;>)qBFiD7N>Cv)`{C_0Z9K3L-Vc6b&?QW%&eTxPCY9jTR!TAv;6c{~a&QQx7?
zv`X08O4%4%v}n9C1COT4u(g>o0zU&4g*S;?W>~5kQ+!!BYz(iyx#iJAA-L%wKcAY(
z?Ma0mN`^ZJx)p2AA6kls?h&xco(o03v+y<9km25L!s?+hH6Pr*s;qftOCD)BN!T+@
zc6)n*WRHC8U=7R^jKuXXz@%nbCe7N-tlCG$r{!xVn}RuPQrpTLI`F)|>7a#0#M%NL
zb=8`z&N%~*5`j%A9#*qr%Y;V4+quwwwKPJoPMHqhBFfVguZq<}QDD+hoPo}5(HIW=
z0?8{$vL)?B23AjJ9z$s`y(}sO4O|SIt9jCNLA;vqxCIQMcyUfVJo+Mx;&=wTl$i<f
zTEY`2!^}OQ4Y<<G=89b@95ng$Y1y5Vn1Q@P;ABk+0*_H1Gv^<9TAr$`J@L$(Z`q2<
zb7yn2!I#`tJ<t$fZjBB^hdcXY<x>bqQ8!)*RQA<Tojex`9gp#dDK^;kL^Lv5l9_<z
zlHAIea#ccxr6^o~Ru+kl#$eOSZ75ox4pd3lq1c~f*HgwuMu+<bw#JIN*!Iz$Hs2uh
z%_(|lGNYxENyU!Ud<xIM{+wp#nLvJMAl$j|LSr#rY&v{zz#ekwU2B2wQoX!0fkZ&T
z6PcYAH3GxRX0(!AnN(?crhHb=REUp$k(-H?%^=o^KqmB15_dJcmMhGuD+)n%PJ(KG
zVNd0}ta<U$g~A*rt<qGONpG$QJ_oAEYOqj=vvO==Uu*y`0PG5(G{{dEu=S`YRTY8L
z9=yKGlvSdFHo<ei{@@EWuMCUH@U*g>?~a36quux%UN#}|eNU$Lg|kk%snIf0RdgJn
z;q_V~Hz!^S1S=+;O=96KS2M~$bYOJ&qiT5y90tiDCx^Y{2L_82@Nu0loxRdZAy&+?
z{EEqkUtsFzfMlwW$fwn5r)LiJ)ofQ|kIDDH*e>UBu0AJT`tndsPE6`7jz?@>L~?LC
z7%!x@v<8@5^Mj8Ndf$Y*O)3AFTJhApJekh;4IdfYHWd3LrV-Di;^f0BYQXsKr9$ui
z)CpyBAFey#MK#jJ;Zo^|7xQU#v|{*7OlqJ)i}@V-QdmiKC(MI*pRZ4L)n?M{{=8Bs
zt^UEmC%4;2C4Z5XveFun(&;$fD<;$BqXz0x#nK1Ltg1{dw@bXBOt&P1n-#lz2^`y!
z$w!&ymH^wZbhUZ~G~A)CC?_+IE%ITvnd&`DIR(|GI2$h~3k)V<R1PD-F71OMq21O7
z-&_bKPA-@g%=}U=ODs=Xp0J77lvT(YMU_fJS@;n_Srz>&m=)YUQL|G97al@SPb#97
za}!!gu8jxn`tKrGm3+1c%Ee}h`->tbTK`E$rJTSE8oPQ2;@b`0aCFDulhJPOWP`SC
zo{fSh3`Y!ZDAgp|H!vFAinBUd_W?m^&8t;J?WqTXTWS?=v=5tqY^p*R&;mA5QZJ7I
z0Ze;>Q0HK(;Rim!3%}?|C;dAnAxmtZ;PWec5xME?WUh3+;v>>lY&(aeog;$-UjFno
zJ+(CHvSQ8<H}15UtBR?Lpjf@UD=Qg_ZsRj#X+D_4@M|~LK$xc<gDY^+b?~HaFKGnc
z>=koGY*#7>RiDlj)J8frF*g;9=l#ot=w|8wPOU_#y#E@Dxx)oj#$tKr3fzhNy<QkC
zCoYYhPA(Ri($F)0Gaj+a@$?A9W4G!WNT?}RoWT3z^b}r1Yi4Kv)<N}xr^!>&eQaoZ
z7mnyOQ)A92P23X1{c*|6&+6L+*sD3|mZE&TQF*exjxT1D(|&t<bx9lIDv4RLMHQHO
z*Bcnl3Zkd0brGv{Jox_Bwv~>fCj@qIrOuSYhcL{9nM`q|1+TEZ0ig4bvxv|YAderu
zjN}Q-3+$<!e=ABIdGcY3O~WfpvGP(A)$gYMH0znS78X^SPK%!CN1ecZn6d(O)-oyI
zba;_w@U$Urae91nz~ncWCqY}uvk3CJmSc3}@q%96ZQ;XrsH($*Nsd99U{l%W(F%9q
zsIthx)FL7?j&rl|-E+7Gl%K?G$>Suuy$j3;ozW4#8RF5fR|fLTVRC@SS->76bEw#d
zE$UNd51_*`yrr`70&(y*tvr8nLcI(NWlQbbaqd|3U!$ufY5QnIEoB(Q;!#M6%mGK=
z)6s6F5?CTJz&H|ZDG&^<x?Ue(+0+OZJ9o7XnTsq~k@05GGZctt4qJto8&om*dC|Bf
zEyuUd{meo5AT%uVjM>@JZt^1jYN(%BQsM|iak#|}K7}i``KUrZ$0&Yk%HIepMkMr#
zP%$U?mfy>iV$Bv(bIBa`pQVzVcsbcMpynC5*)goZzSQsn?FwEv95SQV-LMk&!(LWl
z1Lw%0AV$5v8`2uFnK}Q3Dp;xq@kCWd<x(CjFEkZXPGI2SX3!_)s;pTdYf#FGrx57K
zO&Wp|*_Mg4|1?TY8Z4iK8^pW76O$)&c+){<+O$)cjnom7!(A$Kgn%tsI1ZC(B88-Q
zN<%P_oAsv<glS`ME+5DQ`+S&(Steu{1qM?lo+(VHCj;5ZmvA_Zhi%KpJ7fuk#iTNm
zLc>ez=ouw3kq3DIh{$H1ml4&>P>hS^0(!KT&SK#%_?-sV0E2y)4B3eTdvWaHyTtg0
z>I4q-`5F^F(Mz8uf^Q(~JIwOjKnG#u**Takow37j7y}8Kjg?&*Jee0Myw0eE%=P>5
zx<uI&w#0d!d0>%|%@US*DN(><#IQ1Xo)WV&0!Hv<8>5CEAgQ=R9f*{wn))eMqOGZH
zrx>&9y(v3G;Du!`-m^yJpkQM5RWkUp1R;@E5YKX8bSZ8yExx%WM;cXXp(km@3zk)}
z!jJOI5JziLy__t)eWG3`V~98NimR7h#<DM(n`7M-CHPW;J9)cQGa5ci8|@s8mgB|x
zqyBK<l^$HfiKYEdyBHk@h^d)m^OmN70n~QMU=TMQ(t8%U&r&KJ9EuKbMGq`AmN|pN
zwwym{@mW%@wY=+xIvVmWJo`CRwZLk|GmIXLa;v2)NsHBIOW}x|VeNpd6mbzbqnEWS
z$7H!Q<ArRqIyRNUp+OvI;2aivw!qAZQfN_fPMkfMvZ)f3E&0~rK^#BIl@L)hGf@2=
zm!`^QOh@9L4rgRI<q5w6@hq^r-%OrNP026Z0&%g{iPw?Q$PnuyhV7xKCe4#?#9%_#
zk6aEsCi4`ZoW$E?tglD_Hx04Rif!%jH!hy8+`4$oPz~y&!ZpZ?FF~Fi#{sSy*{n#h
zd|IAYMtc(5rY8b<x7M2-XakdD;F~ApnAr%`f?-u|I$fYL8$hoHu;|Ct0TVZx{thJ?
z!Soax>DwAAxyKIXgv!|F23HxS3vOspVHJ4hy^3M!<t3HiB+RFX#p0B%X3*|chZJ+6
zFWda72bB+_Wo8~<g|kyx6|b>MZfvS14_!u7JicJzv5%eBS*G$cpOvVg|D<^I<PzPF
z&rtBqx$I@$;}51uIn$YweDzMqOP1BoWJ`=&LFr5^lJ(4Z6@W1qTIF<CEt5~x`SmH4
ztpwArjk0H5X_jV$J5=8Jz#R<zh9>w1f_sdSR8fDrjZH|zf5Hi{#b<t7rMlqzrr5Pg
z3@N5i*Ji?8--zBsm6$Q?5<{hY-_(fu7+-&WTw*XFEHPV2YK-GE^-y6$0)8zTOwvXP
zCRK*(TPjx-h)`N&)M;71Zz`Hilw^mzlH7!tzJ=~osRi;%EQFY9#HrWHfhE9a%jwbQ
z%H@WW491SSnQJy(eFHs%-VmT1lPB+KiFMPrrQc^)NL~xeXF|)&yVQ!W%hj<T-?@7k
z@{{&tTzHD&k{I44#c&b3B{%U2IX?-uXN^3lwaDnfyOq72@{&B;EcBh1XNyN=>V%M|
zI)SSdHsyl<@IzK1+am9a+q{H%EJ`LA6WJ|^8h$w7UTcqjja=qiozP_j)Peji)~{st
z4Rz_kD<+OHd~wPBB_*o-K{t*gV&Tukc)rfxo`~_CqxrBoa5v6YdYLtnB9+C^T}Q!3
z_rs$;E@gNnFcC@xjKyjTzeuaZi_hZKg#1FNTvo^{QDk2Ud;_m;KOmdIJ2&L=O{<r6
zGWLdlHo+Q0Ee3y2fr4^8W{G=>S@A^#b-5KT$rTH)AChp%E%>CyI5YUc3mik`@PbF&
zBk;0>mm-L-hDAPwqjB*eKXtN{_>Y4gD^OtScnp8_W~v^W^OQ=3Sz#xvEQxh)AM>P4
z5!K<Jmr6qct!(hOL>Mv1QC%O8a^gIkTPVerSyjhKw|aOUw8zYuwm>n<jEA5?`F))%
zVI>=0Ro;q;;9e?_g+L9ez7XKBZ?GfcD?PLx?x*_GT-WxV*ftbbt{#?$2V(!SlVt|h
zAhu3`!IWepsGcUSOqp=3%qN7LCzwfe|3KzxpBJqIOezO1&Zsws{@1SoS)i(dy_Q2X
z_yud3Y0^uX+C22Y1m^KPeSLq3Giq?M3MzQ<RDY#G%z~v;q?87xJ|$o+hbK=ZP|J-z
zrt%Up8CLUm$vYNZ7&RO71#l{n^gp|_5$&D&&`$|a%>3tNdt2t-Fq4}b`@=nftl<NC
zK8yx<Fx!MYso!Dn1gd~~$(zoJ`7PZN*DtlrB@!=!zc>ZoXZn+nU5J9W0}}p&gi14o
zpI68PySd^cm(8(UqTnAth%BnBpZ;{JB>v?b6;<C3^|Gr}<a-3{0PGh;=9X}|cX-Hy
zI;bfGKMJ=+n<<p}yj0Bx<pkwo1zxF!V+MrY@gGhf#rqIzG@hBw;*2g=%=s-KYAoS@
z0j#F(VtlFv*8sfwQA|@2YPy!2PJgmzmkiyl3<?9o$rs^8gFfra;G_Ly;O0}hB~iYI
zsoZ0qC115F9y5VWVc-i|Pf)-!rus;LyJx3sE}cn^W(wZ#R`uetpvT3*i2jbAzcx48
zKeDIU@lZ_S7O$RgT!5dbgGHPr*dMI3A^RY%Y-9?7pRX&&v-&gKec-pncuM6r-d6mk
z3XZNu<tMQt`1KzY2JAjupvXJOv;UEmDgbWE@%OjPJrdi9Wkjk(nvXtSIZ{X{qTwUe
z%F#kX5iR)JH#!I6*K=%^%BeM*VhL+4WlL(gLeYG%UCwMkB%<(MFn=DVY!V@%h!*<k
zonRY;gic=p1;*dbVt)!x4!ZO$Va6thZ(KP2Z_~dsWP^OVRx3$ye%SnATMv(o`N!~8
zRQ&;LLGdl74UP40GAf(uciT8faD35;AMDTx>tA!D0>{|^e?E*UcmXT%xQ;oups$Z3
z9PJ4{&H*UKfr5i$CLWj2H`?Tg(-}%QgyabxXTH9I**^~L!r1U?$^87BDiJD8|I8$Q
z6i6?~Dwly70ap#ETaJe~O5gle9*fOPbn+bxfnh}FaekJ?W&Qr#UbMt0-u>ns)}#Jq
z#Nqf}5mK;^S8JS+Y3#LkX{9dxdpVk=#Fm46muuc&L97OUT{D~1QE^veEB2YvScFGU
zoqMqA@~7BF_#-OY;>E;txB8(Y)wWtCQ)Hmvs8BC91zLvpiD)_e@K$m(#}1$?Jv}wV
z^Q`WiH>aWs@E&<6o-{40rs4>0Jh4__R)x1=8^TW<m}AP!@1c#Tn}ljivCX*2!)CsK
z-~9^QBS(`*`O}Ic`iBrPW9t5_^BoMTf(BT9=Ce}ut9a`37sl(uPY!wsPhq7==&x|H
zkn!14eV<xcfw8?*R5$FwCo-z$kXxO-e*T8&P&%<IJkHqv(Cc@l`fy3r(KQ+5;a%_$
zeoZQ++rkSeeN~656Y6ACrFzW~s^MYt97}d5e~i-pvfmI6h1n8V+;W|>_@O*~yRe%l
z1iIbD6Pq%s7J=Rr288Y^Xm7PNNAM*=CRI$0s7X{SbmwG9_l$@#pz2EZ0~N;D^2QV@
z)K3%>g=))CflMzWS0>?yr9su<b&9Ot3>S0^AG|l@O-htp=Sk<;{N&+qYBsaa8BQfq
z*Z`>N@NFwa{{ETQF_2~aSSqyfDy>|0RY{eVu5`{AbpUBo8Nst3*n6BPZV@J}0(T4$
zC?zHE)Xmh!GyA?l718c4I87>UK-cKuhcCtXtYUtIzhNV}C<;vmRTZ;D)w9|Y_|o3D
zTf*<pO-*5%5NFTbyn9SuOkBhk%$^>{ZrrzxZ1pgnpnIajUJxg<BGe!4+!6I<!^61t
z%gB3iDTNaVc3la)4N}Q+Az%;#VV9a+2GoxXf`N;n0S1PjAGUeITm|F(eFL~)kU$gi
zi)mjAtO$QW$>YeBDN(<bkzj+F?C2kzO_(`Qet(S|>F-d~>4F!U<ob_v)ESdfV2H~U
zhqan}5Dvc2^1?{hCTKL!&>@cf#wEeu304I$^DoSXf}N>CWFmoSgSSLKg5Un)iU~E%
z$I2h#>qQGnCJJ>uo>3<+!g#cW9OzH$xXbbaL?fKwvWb+$MhS&f-1L;1m!Z6EpPjTA
z6W`YHHwUOgZ!n$Y9NveeG*!eSjs8Vt9h8{cC2)~F>}ve^N>7^3Xl^tgPvV2Y9Dm;+
zt4=bI=Q8Xdk9iI#F#%*`Xjh`pCQJ@aP8LwEfGW3ErY0l$a}=99`^HjdPHj<jwu1t0
zTTFR^0=*@&I|OzvR^`atL=mvyh!+D<-gizEG1aN2;Ks;wmmTp;ItjKC=|WLz%15qR
z*0hAd&O!uVTx65+ywc+s(VtZUc?|*VH9h%>A{csqphVbmp;@sqr4tzEz|naht0wGr
zOivSa1`cKc?orJL=&B7Oqmh`}<KZJrwb!(APM>7x>Qy@%Rb!q3DzMh1g2qER<ZRy{
zEONig2-rwcwFHiG|Hcydy%%*A!A7Z=;^1xL08wS;xA6n|Iy(Ee{H{kQs((&P?P>9V
zYjTFe0gP1cbIAkN8CGy8H3LhS7?P=cPcEmvj>qWN13Hyt!$HnS0p3tt-BnEB_jB^2
zIT(rJg@zw;z!}Y%)FehpWRMe?7v^B|J7-=kwy+5{VtLkVP^+3G@KE7J)tdTONFw-o
zU0&HpPnj)GRB%`(#Pi;$>l$P+)JEACkcCP>F4&sevtqEKQk+oGnDtA-4(F%}V{wO5
z8GPljM{rc-s$W+33K_^(C9dikoXR+2*?XNRe!v4?xu}bBUD2(5173&{*2K^-evw6s
zydY(~`r?ahNJ$2?NEnSumP!**g`AdDkTTwr5T?B#W$LVlzc8(H<OL~<M2ANWU&A;*
z#pUlcu{yhSNRQ@VC|XDa8L@%fKt{2ex5)SinfN$t%k-q@@r(tO*NDGPH=NqTJGmdh
z)^Agb6XF!8tfS!*VJ{+ZNU@Yt0BbClr`>`xpUY3+EWam*-)MiDSHCe^;jBGd<hC3C
z$AE*UFJ~q`?<6+06mu=DPNI2BF&EcCcrC5P9C8;|GW>1cLJZDCF_(4{*u55ZZ5{PM
z)S!OL>c<UAtrgvEz(B6(;gM9vaDljr;{PDPe9dc@2{mW(Tnkx7O{r;u9T9z!BLxar
zauHCS)2Jh8e-VfOlYzDYW*4TXU3Sbfg5ACm+Z(A`8;?T#@jMg2j7q#Mx!ERzCoci<
z!rX?ePt$rHF$<>8peas|TFj7|4E!LFnF(!X!ReXHCe#B5^bs^u2l^_vH+qjiQx!yF
z)z*`diC8v@ugoU}{jd~B!Drj}YAQ0BF2@U+<nm;+u*omt+gERDHEb-j*jRB<veknp
zs|hY*D7d*Q?@gjYKy|K#s0I^R)jO`?ZqvIhh5WW2R$<-RQ+R;K8ynnK)<1XPg&iV(
zqM*f01K(&Me|*MwQVD#~sa~jpt+9R&pd>hD=S2g|#<Ao?M&CpY3wW<XT~Sqn8UDu+
z+7#bLDM1YHf<i3INT!TcUk6t%dEFnIK@&+cY{-jY8N9`9GGHR$!c35X8(?_lfuFrp
z-_h!<uvYZV)DSa^#lqT_N~OF4PL%LI2fqt~^LLZBj4`i;<qi6g%gd2lWqNTb=D#?9
zWw^9VI(E*_Swa7QECq}?6dms<Y^<QbulE4oD(eOf-~ZIftJD2iejy~nyUaHTL6%iX
zW1<mF&7c*bSK8l^&~YctM5eka#von<;^z=Vel5>hz>LdZWeBMWu2oFWsPUl7hJBvp
zn{iT!KmXX4O(9jXM3#8<kT;gCRzm&P38)gwFe!(l>HL(j@0Zr*O;3pUhy_PBrrxbc
zO=}qX>dA(+W(6jWkk}e9l3=5i3T;aHg8DcfyGN5W7_b^*7SdDX=(7jr!x*HdUm(Mr
z%R)WNFYk1#`?{9Hk>lejb;pGtZsJ1$9fj#hC5}lm5cooA1o6A}skcq)^A7SDmA*f>
zGUTtL2yiO4YFq#<#$vA~YxBQ0ZN+L1Z5)X)9d*E^p5guPSaeVvffS1QVh;ZkgZj3<
zkWv$9KNkCKxP?4#Y6z*QAdim{%9aY+Kqt>Ou|e>d%%K<Xj8T1i)(_6?L)zF(<@I^y
z@LX0swWf+ioJtiO%%f^V!dHV2KCi9it$<(l71Ipix5N@D^<5ry_<KA2)=gQk4GKn9
zHw#qMl@O(h58U8;Q8RIT(EvsYZyD(0o3shzC+Tx(!0msaBt9n52z@J%2(G5j;@vQG
z@Qs^}HJ35E>ZXj;rdoVLX>;9}iBFNkJD1vvDFc{{7{++EU-luSa^MtVfLH`I;0KZ>
zJjwfUz%w|In9AWT$vzzIC+BcbQ;C_(3k_oliBMn1WCmJr^DfL`7?B}G{mkLNp9m#^
z?BhkcR`M_aOG9=GW(EaJGDyQyLmTTl@MOw3Ym`9E;A*tlfcmTo0rV90eVs`o)JlvS
zV)1>uvW>4wZRO#sKNLwPL=-DzaG6LYWd*1xqk>j2h)uIe8&U03*qs+4RirdJxF>@_
zs;ICh1ru21NbO08yh_lGAljBQ5Pr)a|9J!6{Hxz7pgt>>*=Bh}e6MzWdx|BSR_DeT
z5Vk@EnNCmfM}cf<n0ueaa-o^I1QG7eoBBbW=|<)5O;v9KLpD=TotODdI+-GF9IEYV
zF|OD;z$J}b+6!_xQ-P_rnx4v3LRrrwW>f}Zs2<f3)i~rap@{?FO%C|gd?mnSrG7-U
z+021Dz&T9+wyHw<U|2D%nqW}{N3bI}2*VGpTCC=45$I0m)pc6MGS2}4o_XE~@NnEK
z9vK4Xza}NSVnAjW3_vUpNMA1wI>E$5&`>lnAs%pOWtcz3qNja8Q%)lo$nosgm#VN)
z!T*qlgBkrbsCs^+UVw>*c=DJ(lL#Mg)X^U@YIEuF^y8F$OboGU$Ya@LOLVQkW*N_=
zCbvNT`ip?K{IaA7GX~ja@debMf+{Z8UF-*~RXpMvt3bY01eDcby(zLm5sQ#)lL(+q
z1h6y_^$X+bQ3YZI0!bkpO3iXaf?%06DfE*?NTiIAP2AbI(Y-CVxy`DN-;H<o_}7Au
zBXgO3&6}DwZ^&)Dn=jDRlQ`}|<_pCji`Tr#!Je=H-<oopH@7~zsde*X&CRac+|(rh
zZrRf6x-Csx9&1tB<9GjHw7;jSs>-ph%K5nCha4x_3rUURv?_%LXN$ARs@}F=hZrts
zEvOMho9&=(&=6=R=w@yn3NIU_3-FgRvmJ(UfWFMV;lpbMd#Jp~S9%-WRt;dv<oI_d
zagQUFbkkWEvpHta0<3g(IZh-Jak}AXG)f1*M>)sYs-4qo9CiAv1BNAcD4&{4&$}tU
z9c^?c;!Hx_SFx8E)SaP*b*{bx=HhYEjc47t>|9}vM>=jn{c0(Wy$f@*e2zpW^-T&b
zX=Hx&Jq2aSjbKWdj^DaIj^vr|TeVMJ95?Mr^J)UN@h(oIhd(+r>S6$w$hxBe*~(YW
z-}S{WzxdTp|JgHtxBKhWe^K+5CEvOuy<%Tg{T)jmnyBvSa*lqh;hr78=+wVhhi-n_
zaq4HBhI=0P%<`@m>uPH>>*yag+<Wdbp2oU+8}5Ce`aY@fmEKp{s_NHs5W&RZ*Vd@<
zL~CDoqGywH^mmkeLwWfJoQ4&XD<41l?<N+U;e`W3I}dcd&uKZ=;n~~qi%TE4_m0{J
zh8K=Jy;I4?8}8Lfo%*5Y-s3n&XKL@1!h5uEN6Q^Ye`I2zDqz%R;>N@SA9Ly#s_M7h
zari^EE9(dDI6PBZU7vZRKJ$U2KSI<{pILY35|-iFo@!JyeaES-Ui!teFJAccm1nN+
zUinJXJ=dI-uUxyUx%S|rC#qj<bUHDuY+7imS*UUP?{DdHYFG9=;xwaU*ElUTRp{O=
zT~*+{pS<B3u&ai_tEukls%q(~u3h=+dyV$6((bCM9)_f*rmL&ErK<+=2attPMAk*D
zUHRNfr#30W_d2yj8NS=8Jt)I>I<?QsaJ93>vsS&ddF3n1QKr=_FK7#hbL?)=GoVj{
zUIcv+q{{u}HD6uvmFkB2-ukaEsja@V#%XJ8yZ@0*wRa3hocGlK*ZOZZG`6j5$mrZ&
z?drjrU^JF=c^VBX4|i#ew#M4(b@wlAKD*|^3Y`-#ov&2a*MGicVcdOi`Q(@0wZ2wI
zcxdIlYi#!Gf1&odKXU3XRu5NywtnH<!#}oMieBZsU%znr;dfR)x0_n^)z8;|>2KYp
zV&i4D-L$j52KCZZztB*<Pz{Bu+C)p&samw+uhn*Ub^Utn!LF{~Xz4oLSkuz=O5?LF
zU0<pN`pvrP`kh~^-}wjiJ1;)>{h?@UMYOs|xo8&=^VMy)9<7n7F-b;z?!$h>Rb3{V
zEnUCCe4TDw(uHgy&tLL0$w)01tGn*+tzGG^b?ZlZU)|uFP$fk!f4%lu8rigXS=~^?
z2Lll+m$ql+?L-Wgx5n?QXzU(blKw)+6VciSYO6n3-Ld7f+iF_A(E9l1riVWJ@WJYy
ztxjFb!#`Ht6GeJ#?DmmIKU4kc8t36n?`Zsg9$k6=tB*VFzxn9Oj`rUpf1UFxI(x9y
z*?g!8)I;UsJhwg+soRTGzN4@WdR+F!Ko6^!R-gv%Tp5m6F}Yy8C4riI^_@EX`s(A8
zEsrB3_0?ZIHPO}hc@BV9w<SZ+l3Dr7^$$ztFL%8cBg%cyt<QYEw)#2DjcUl(R=-*W
z^c-wrcEs4#BljmTLSF;jgUNF-`VWYA8MK(rVzTj28hic`wwTWM!rsbPF5R{J%ki&1
z^_A+b7tcKL+CvXUAKLT-58Yq=YKN%EMsGe^*|Ol)e{PA}cmR=4W50rVuCb>6b88=I
z)QtLb{k1h%3f6d&l^=P9(kzL)#KvtoH(FcW^Pb9a7fJW6q=&pB$%)3#&mY}?xvy$G
zwQBgq6Ho8lW|q}gQNQ(H7+JdeZ2ZDgD_?Q3T%f+hKI1FZkFEHNCH1eNSN+;U^^c)@
z{dM&#??|rPc3=IAXKbOqexK?u_k2(G-HN;IzOfZw+g$%8SJ&6yf4v92>7M$!udS=P
zbZyDeoKoto(n=j#siEqTuh-VQf4Tf<HXvq?KqF8*T=xebtvdRnI*B_N8@qw0>wSfz
z1C*UJmKToL{FPhhPv7-dU;g8-{_dZ>@^@eSdNs<|QvFK(_kQh>2V1`P4<32&TK$TD
zXxUa%|E2dfb$!00dre<+{lY4pj{7HW{X)0Fe+|6P;4c9m(Rkg8`UR8kb!+Mul7@@T
zLhX_dF1gh5?6tL@ZK`*-ex|v0<p-CXZh5w;sW`S`XzgcRx48AQbz494F7n6L3~5P~
zl~iwCIdb?%4rkY!9n;|-J)B#ApSFJZ@ZpSINE=ohp0KO%*qXyX^T5AxhTd-)qoL}7
zA9~<{*B;QZxDR^TX;@=&_|&-{YN)b!?5Q0;b6?x~_9gW%{^}!}Y&x~oe-{6{-QTMI
za_8Bno?GX<=bInAuc1>%dEm9XJ@w%=OaA=*CXL@|8e8AEq~*m=Hf=rt{v#fLNb{e5
zeDheR<(|9R^`CdQb=I$ObnLHGpF7qTx4HUCbzOH`e0a?}>VK<A%g>$b?{3>|OYoKI
zi?ydeyrN-6Q_BIL_pN)!nm_V|>N{V5^UF_NiC^D+wv%JpaWt;~h1b?SHTKlG|5Dr9
zw&MJHQ%~!j67}rYvaDmX&p{2R*59FX(@=HvhYWhEbidi~)Y88?`^Oi4_sT2Rzqs<1
z4z=GrULC*xOYxPj#aH}EeEHw~)wi(!YN%fq_xsyxn2c=SLm&HGMBD$1YQK+l`hDyv
z-N(+iJbT*ou{!o8^f~siPTP~-vGp@crk~pS<2{Ezb$DjInG9qXlHIJK)9+4gPd#w|
z>IV|5*PG`Fbf8y1j^Sy#z`EV&K~L!%uG>Afd&eEi8#eaF+g94HS$k*tnXi8O!tO7>
z*wf;)J+t2QwsW7m@aeNJvL$xEx)J>M{N}dW4_4WJP7^KlRi`%`(3Z#IzrFpVyW2K4
zqH8|=$fhC7pWa>nsyhZY`r6~0AK749Vt3b<I?nyt2k)(4V_NC!)#v_0+ox?lzs^4O
z>9H55<DW1+vmxH~rB&yCt!2&Kwp?GYzWAx$jbqQ8-n^pz#p91W_(<!oZt`VcerEca
zZ)~aV`M=)$>TZ^!0kvSq%evj7g1z43_pP?h!wFlNV^7JEI=%bck6SCR-r-o-u=_de
zXut66ohTjs>NWR&Y0b*l)~xuGHOsI6)yh|f^c;@on3np_|KACoj$r=msWRiqJ{4?@
zL>_k=68T&K{}E~~vwmQ!>j$z^>zg;Uv}|Zv|5)?-spjOPTQ;}0t#dbT0L!UGx-N+6
zkKuv^{!1@)Lvs5_G}hTQGT6U;G>V(YxcJ=JKk~t*yF0u3KG=LWl;QLl5}vD62xm9O
zZ!<p6g6R0nLbqRgo^SPOhw0OGfGnomV%oHrb}goDi)p_cmUf`xENS3h$Jq?RwnF*K
z;n#zBrm@1{9q=uG64*8T=it-PF0l(@+@A%}kxxt>=`84b4gPQNnMdk;1N3eXb;ztU
zm=FAS8O%;>^Ror`9>eFvfq%*l7qB~lt3giy)2ID@!>9dWD#MXaOdZlF@O|*9lMp%x
zDrf78^-O)+mb636u0THH(~(cS3Pe7iQ|ZVjW_iiyvnw6>#4d>ZSrD^9{%#QKpZsS)
zbmS9T{-?==BcIsvUnCQbd}7Q0BAIaH6I=c(WWte8jP1NC$M3<XBi}k(Ck$Ks05J1O
zpN{&(Ye4m&M?qB}^4mb<k)8%EGdKmGu3TCh!KZ!tbkrfnA&au}1boWL?*}~sqWwJ}
zI`WB`59)DmPe(qn<#WGJM?UdmAnJ4PO-DX456Z|N7kpx?&u0ue>JwW&pF8NtC;mS8
zw8Q;99r?tzPu2-O@rNO=2YtWb6SE!3-v!JhXeR^AF;4!Az;xsjTmJ6@Q$+p+0M<i2
z=sxTztexe+mcLc)HMBl4^U3%-fUTV|;E1vFQ^3~FQQ$ia|3zRrl^?<XS-~f^`achB
z?HmKPeda$3eQnY2lMLJb83AVg=vzD8!0LGu{zpM{%n$KHAlAbVf~@`lV5|RQz;x6n
zw)(#cZ1qn8^X&rdd{gkR0kiLt|2`;NeHY+f!{>5ONBh><ve>>#-^S&bdM}7JcYx>^
zm$({4{+RKJKM8uD3I7EAH3t6*e9mjsc@4C};6H^=S1vz{!!+oRf*6;ZdOGS8KLDTn
zwZQK;xKHR1Ck+1>u&sw*0d@`lYryLau0et|z_foSaNO{xfT5=N)4*I8>Oomx{8Ri{
z!QVrs;S<~P{;=R{4Zklv0|v$PdqDM|{}W`>Jqv8h`-i|Th&ulRM8`Z6+j{2X3my5y
z6Y!}&4{Yn<IpDR1|8v0482o{1064}aw(Db?;1k<=_z*Bf)b9YW`P@M!9QoGS{$|%Q
z`gGJGwrQ;)6Hdk5P}n!a*Z3QF*GT!(7Ugl@enSRd!sX+c4ffT_hA>yZC2@j$b%zNO
z{r!JP7<}tdD&#91^|^A;rur^Hz1|7(@gW1Qp_UP-k4Flbz;6%)qf#R%R{u%mh9tlA
z+%QonAagkeSUb%dT1{T56si!*3e<*)i}D88O1EqcSu5hDkV(=vRVuTwLiMKExH2K@
zMlnljOmQn$mnRO^75>kT8T`(IvjP8OEjHpC()?mqS1{@a9mfygy6~*-bQS*AsGjW$
zYn<=#13)#-yFy{^Bz#w+cC0eY+0u9Fz}FAL-h(1U`<&%`SK~bF2Y_nSOy;v{oDcW`
zCC4Bat_Crrt5GYX&#7_V;Rk?f)DGHb)u<IyhB<nDSEE*P8RksryBg<yKLAvtW&od6
zqgF;4UhfB#{)SMPE1>Uc@ODX-nEM$y7ctDehII_T+Xmn>%r)3LhPn1y$MEAe0H5K(
zP?&3%b(DY11h~goiPbV=h43l=0Tbq0y%O#JZ$omft8{+~T8aMfc@=UTt}QFkAAZ4v
z>CxVQ3Wd*v!oM2|e?1ib^HBKzHDS)rE78B+Au5>Z;Zqjg<aF>GRt5cGnRx^5ebsBe
z=LK6&*HlgLKMDxl?SYkD&LnS?;Kw%fucw42Wqq9|_*uGox2`5;`=PJ-;Mkv;#ms^<
z#qAtI+=DUqSps)qyvsbew&M$UokxAFQZh%Afp66VbCIe!9_P?40aft<7LI+g>b(l8
zvjfX#eOf-(#ws&iaE-5W@du92x0de`^A8-?^(r<JTm#5r-YK!TNnk*yikX5_c{BM`
zc{7;j8aDqbZ-%e(X0Xbe!76VCyCSa2o8hax)k6rU@@BBgo58J+RT<nSa67S!KgLx(
zsDa8q6EV)_xujfXdaG0}RTeYlsyv(NR^{2%##NpTR(Up9<=J3rR?LIZQF-7-6i(Hx
z!K!Xu#a4T}D#KTGYcR!C`~#=*Y4|Fi2AAa1@KrtyR&`sg?eMRyb5(Dq{#Ac4SmoJZ
zm1l!ho()!ZOg~q4WS=)!*)dqzF<99#ShWQU2dBzzu#0e&!SpOvWjB0Pc7s(LkpZX5
zZkCjieuep&t^;K2p<Ccyf%}QgQZz(tmZ4FhGe*qB;dX+mniX`$iFvR9mjv1TPYaw8
zcvj$|!1DqFdUMMXfmPexN}Zd!dP{X~>Xu%WsasX&ra!1UH+5T5=SHW4aSbl1b5qZ%
z&P_e5Iyd^N&P_e5Iyd#K>fCIH#%bS_F)8pZ*EtUm;8dL(%y5<294sN`VFKJ<&?>Vn
zdX~6apAY`8g8zBJ{}X{bFh^SbtpX1U%&|Zn7N5%lG2g;6OdN&JJq+<?_-q&Ehj}Dk
zX8Hr4`>E57xF0q;>@UR2%-Td-)R~0eXYdaA1H`adYp}J+`lmk6OvjDRa`?p7CT&sY
zIruqZ*jZ)pGPB;z37t<Goz?J(m$~=@$N04Kv+#eE7<O1U#MTbaRIJWV8XXrtv9<Fu
z`LOd1_&;y(S@^#}44dpW#LL#;58Q8osLwNB>Jjs-`D?_`Z-7s1^)HccbeIOQ1O2}x
zhCbVb*y?|ad}E(_HZEUyQJ-C%*y_LA=rBLb2laX0O(JIBAQAKIn?%g>YnXFZ-HShP
ztol_oj&lxvJu&#~GwkA)zs2yE!rvzN9FNpzf0z;cg5k3daGz`KJZt!D_a71b&l*14
z`lki|^M=p%{RP4QCBt{&|GMD6V)$%3F8NHCWxd;A%J&c>&ulN^Wh^wD>Q~^iU5G9J
z$APKO`X{#hpEZ2WbHtYa%ZA?upV;!x7=Al^V%rY^ohsy$j`eOa>)K-0uf?oWi&>8r
zv+gWreOc@Zd_V9i%wrG2XTFI!))^*#06xpV>OTB|BVI-!TnmUgPs3*%VwSPr;8FMk
z#E8ps5HDMcKX5K+6*CT}?B9v@M45ShO+NLv5*z+5!)G1*oZ<8Q`i})x{U7?|f2>N!
zCH`@N|Fgh%Lq_}5;Tbv8t%bdJ89wtfW-!mDdHzRz;-5B{XVbqYa4o{rA-`K-#-V){
zdBpH(KV$f8w>g8^ZqFFZcKejUF7OM)u+O+ZE%4_Bepz6?ccK19_}@c}46q4^mzg~+
zmjSEupwZ!2Ahvyy?MfZC?T3hAhwVmebq2|Y&UX022D5Gx2B+aq8qE4$&U%BLCh&-@
zomTQ;=W+Ot8qE4^H@FM_hXwx$gNNX6Gnnrl7^WS*&)9A--(h^r;1}Uf7|ga!8O-++
zPk@*=jtOF$w~vz#n|${$W$=se|CPaf$MA0r=6eOYD(KU(Pg|_Uvf;DOSw52VF#Ck%
ztFdhK)mS#z6*_EJtIzhcnC)aS>)K+L&0@B%#hi~U?hv?J;9h~*C#?REz@q|>3A|I_
zae<QpPYaw8cvj$|!1Ds{7x;j{2L(PP@L_?E2>iUjF9>{8;01wS68L3-j|qHS;1dF$
z6u1s}l{qf!AYSS?Pr=_|FmIQ9lo&co;Iq8c`4s%m7)%|t=P`C@pE_TLPqJ~Z8b0?L
zYR>?j2N8F<;WHhzMu1OyTn}i6d3=|_F7(x&0ck;`upKWOj7~TF$BCg+Yw)sl0B}!&
z$Y+|wmcP^RSHUN?Hq}~ygbskW2gJCm4YqNA*zlQ8V#{YcQs0G7Y;FE~@?rB7{9h!7
z&RT<Q+}||(2KdC5f6nk5;S*b%e?UHLUW5M)V%Tgl*v3_RKk!?@S9?EGCwy;1{WkE4
zmtk(Aqu#2!bX|@ZJO*F21^DbE^@h*5%+o3^0&v83@1fcP`i!gUA3E$ys{UyJZXCq4
zJ_&!87&<79!q(0Y8l9hj|D#5y)?lln_HVHBE8rhDI?D~VI+QW3*Wj}bnHJlf*y=1}
zo!pIQFVqFD>?nK<zJoCNE8r&$rVig-Tm6E-st(zy;fU=sO9${O@L3PUmfvsqEIYB~
zv+k&03!m8X6Nb++5?g-O@L4Wm%l|jzBmb;}pA`7t34B7}|7bAZgQ|K%+*iS4-=!Vm
z)5OTzYJ=^*i!$o4p3e%*dZs?d3$fLw9`*ka{_6r?AcnpRpV;bO0;c|-!~YY3FB3zb
zV~W`7Uo|>^5C1O(euEhL4e*Jr{tctU_4-YNXMwBPAE4g|9<kM5Zum{$6EC9z+-mZX
zPrg4^^B&^1f=|3`y;5-=vO2KeN(`Mgh=^^URL|q!w}Vf-tVYM(ZsPJ?@}!B|0THo{
z`vZpG4L-5uKX3TG;1gT^Pm+&3AA|pr(dmZ{@iI=daFkK!SK$Am(HR1tco{c=aAypE
z)L?7>x5-D`ufgYC5|(!iI>gIZfpC;j=P%)Z!|3b;pLkibQgQy;=v;^YHwN>4{Qam4
z#$5}a`$F0uM-<{^kLb9RQD+1E2BVXNh}gC%Wz=bd-(qy8p+jtSD5DPdifZ48v@*~k
zwmRKLryo8)d}4lPp+jtS28_-a{9&V0gbuOQdD`gkeg96QGY=hNt8)h7Rm*T+1iXJR
z_$=#$^#lIz!&l`sI-6<7;O`Td<8#$2{DC93a|p)?`AgsvTYjtIFNIHR`5!j?TKL44
z|AgT$hfi$zaq^L$XW*+f*Wi7E{{se}g-<=|b5HWDz-nDaKJibl%WDDPs7HNo9WnT`
z<U@Hid}3Rl)T92-!2c<M|2Jajvu=p3zFOa*|3&crcj_4Y^Tg11;S*c^Um_nm>_@+B
za0l?O5<{QaCbs&&ZTPHvVmr^M`4e_HfBwGF;S@w{=b207L+5gp<NSAG*ynH~wqsMx
zZ{W9rr{*^^&+rB-<8qJS5<`b`6tRuV%i!d<gHLSvy@uZbKC$J0-0-`>C${`F`ACcR
zNM?;rFLa3Q{6iUao`bLEH>ArsO3iO({yAde4uMZ>?f;aC`*ZL=XLLrPLu}_C%4q*p
z_`hy+I7boN`A5xT&^Zs@SEvL0KcI8LVAk_RV&rWn_{7UT002iB^*O&?F*@Vm6Wg|?
zj5?g()LaKUN$3z;9m=RvjXraO7&_C?A+|b8%(%W6{!(J-aE>CjI(#msojUjr7#+@0
z#8&6MMu+!x>WxkjI>gIxCPTO0@HsCLTRyg!&MHg-?}oqBU}QtR-Cy-i0E3rp(wH*x
zm(ZsSd9$wS9*t<H>RydGk5t{KF~@Kf8E`JBiiyKDfU2<HqiX_H-LIhP$5l)Ot^-tM
z^24xA3t9KlQua++9G^BVWz(d^F<{f`B{pe|5}UNfiA`E;k1Es`9qZ2Gg90BB_^7}y
z3w%Q0(*mCp_=3Qf1->Tm4S|=UFWLO85}0G(@_F8Caht&10uKqiQ{ZWVivk}I_^`k)
z5Sw}FC4r9%d`jT60>3WsC4sLB%rRx{bL?2mF=8>tiN#z`E#{e$#hk}2=Gt#D*LaJQ
z0&{<9`TGSvB=GYBF9>{$n1coGB(WKfX9PYk@I`^I2>gb?4(iz2;d!IQtBLQ_X{{Bw
zN#J&Ydj%d9cwAtfPg<Mv0v{Ckh`>A-v-&)TwD^R;rv*MI@CAV{3w%xB8v-vyy;}RL
z1a<{(6u3>`Zh?mc-YM|3z(s)%2z*%J7X*Gu;Nt?H68NmZuM2!h;Hv^(7kCN!kuCdj
zf$Icr5V%#~4uSiL-=X`=7%?YrxTL_d0`C|2kigFiyddx~flms2M&R=TUljO?z;6i5
z%cnM<wF0jecr7u`6X==*ZWp*$;8B6c1<nXOFYrNuj|hBJ;FkqHL43E)&uM|r34B4|
z%K~2$_=dns(Qek}DuG>r8wG9?xLe>Mfp-c#EpSob0|Flw_yvJqA~t)2;{u-&_^iOM
z3w%l7s{&sacnSKcwZB~8I)NJmZWXvg;C_L}1WpP(EAW1S4+;D{F*hS{3j!Y#_@uyR
z1lF-`{?~;HmOyrY<y!HVWF4jl<=%t8#2qSxy?s62R{&F&@hM|gx0tZCH;r%y$U1AU
z84PLfGVGlOkM=Mfd-eu^W&U197{&CQwbuuZwD;13`uUFbFw8xByMU#=;|RBbth4qe
z!I1V&!QMgeXb)Y+vv&ws+Pi`<_k-41d(VO)?RBhmoD<;D9;Xz_Sbv`bNqcJ%;2zXE
zYmeu6(%u`e*9#u)afn!ZJj;{z+7Z|fo^{sV{{e=y*ZzLT;r@*FxCOWNeh*mMJ6XZr
z?}Y3ff5^AT?X<P`Hz9l6Q<ZC9?pJ00);9R<%Wb%|cOUX2^Vbf0(oshDPNT=ZMpsGi
zJ<wx*Zl>oNdo9YEw#R2%>zF?VTaBI_AKcF*LVAp|5j<Jmc9fU<KDGznv)c0V9uK2i
zd$s87Y$NNaN7ogycjXcM)DU>I_b!mNr}pXy+iJT6dutK4&f5D($X>BgKWEaOoh#U%
z3(&(qFMmsr(Udg?-`dND>|KIAJ{!><-zD4peJW&+YpMOd3TmFcLm_)(>+!s8>hFER
z-oH2YY<bsWJv~K3#@YPwynwjF@H?82H)C%Ncs75(Y3$kdxCDC}z_ZTU<Jp3=S479D
zGxi=7_INhR=+@qHRO+8vV@8j`{}Qry1QmA!eAXX^vX{SahU~ood-gjbs3|@Ae;%@T
zcr)q+8K%95jUL<g4&+(pZ$AdN{Z0pB&mKFJEN}1QcvoiZtrPavhU~qL!M%otjH3;@
z_l4|T`j9{WeE@RmF@HSgWd6`x%KZ)OeV@VfC?j=4kMp{9O*lJ{>jHJ?ST>6po`zm8
zfpJ#$R49K9I1tT1hxNA+Wb>B@**gw<=Q-gRXYGAFWbb*{qaN+qwUp)MTxjPinmB;L
zm_c0YtUdaI?Oeqm>p(;_vp3$B19NSX_8Qk<d|M-sSy(7!<j*1A^!E_k9&Kydyv2pP
z`R^ef*ohSlnP6FYvUArxcbZcn#rU@WVfC{v>FnCe{_|$da<#T6fscZYgU*01fUbhP
z${@apYloa`fponH^W0<%#Cdoe#PgC2h->jd5a;aYLEkOMGnem#<C)EA5YKCPrg{Oy
zbD3LlHtx0Ch*Qq)5)6RVau9@+dWCEn_z>s?(941!ilWYAc=mD`#PgLU=(oHd$g`7H
z5YI<;g1%jjXDJ6j&x5#^I0d?yI}aV6g<LnfwU~@tPDnR#t<dQY=_Ny9Y2rXgb_C%!
z%o(oKBj#El9nU(fJ0UR7H~uk>XCl@yFP9L$L0*UDYJWBMJ<>Iq@VN2A;Ugjaqaw`n
z3hPb@Oy0Rrm}eE%T@{!-?wzEoGvP+#^Bf{6ba=M#ya>y<3fpxC6aC3DdgsBrQid<>
zTwg@KS}v#}Qj_7g8^721qsAXMe#ZFo#y@EMBgPjdE5f5j_htBYF1N~O%J3+=Sb=Zj
z-LC)Uo4Bt7n>Ro_W8nRrMo>41X99;oe2%{ax(=$vqFV=Q;^O;H;M$PxC}<XR2y_f|
z0rUoFwK;G4Ze**?q}6NuoyIT1KWy-=<l`lydlLRR&_&Qy!@HIEQl}PM5!O!w{5Rix
z^N+gW!@1+|4}f0K{BNGq{N<P7-_W>fH8vIPpq+MeAr1cv#|Kg7qoC9(UC^t*{NA7y
zv=ej~v;evlci!k-Gyd`lYf2?sO-6sn__M};!T6_*f5rHf?2vEouoE|!_k_e90*?!P
zz~C2*f6Vx2gw6$nufykk;c~83@cV%?B77Y9ya@BoA6>ukbx8kBmf;n_V_UU6Xf$D~
z5BMPXr$H&h&%u8K;U9*-8qY1QpfS+v2+zYm4EhEzpJ~p4-T=M^zn1Su*J6Hy-w(PQ
zcozNv&;!5=@Xvs*g8pZ8OHCi|Fn+iUtlJ+$IqAlr^PhmH;r|x=!|;!Rei!&W{H5>2
z@3I)(zlYzB@ICLxx&i-t;U9#*4*pU2kHJ3$KMMaM{9*Xl;eQPN>Icv#K}F!5@c%XZ
z1MvSB_%Fd{eV>E>FU?&kQ>Gh+x10xQ#@Y466+9~o``yqPGkO{0A2R+C_$NSTKo<-z
z9RGI0HXX)MX<!p$?XM1RXl}!ByNKIQEanSqCL?tA10MmsBzRU&`ZB*~Z=x&XRl=8P
zg9nrqT%D1%8h=#i&Ki6~@QxXL*7%o%O#WCy9WSp4*N*T`P%*?8Djqx-(m5`|uM2!#
zU`B4>!Krb*0#6If^Bn7r3Vcdn%C8`N15{gwsTQ=DYZdZ-fu{w2-r!Rq|Dx65AuZfm
z<0s)`fAmez|KL99fZ=Pc;NJzvPAdIBQc<k*0(jR%yoUE$3FbkAM~y!&WEq2>H~vZE
zUo!qu9snD+8n{)2GXftF_^`l74Svb^Cyjs3_*abohVdO&C)Qy6UgK+S>EAKP=PT$O
z1^+|^+3SKY@qOb*oEwnUt#LfpAaJ|Dy#kL4JT7oX;CX=$3VcN1qXHij*vm{Aa4MvC
z7GZflbRJ=z16g+wVV);hcLia(>&7QuUeCY2b49pGU~2IFrgY<>@O&tIBoux*6h0ja
zUkHV-g~Cg*SE8#kz7CcD+az>)4c=+|BK*Uk=S_IQ_{WWZ8vc3E6%)2EdzPC$him*M
z<Co9DcaGa`(j7PcA^2Ppj+*dG@Q;B`fKG!hg5HX|ULhXq&$`vvD_PehFnRr<FnQBu
zc;uIJ2P^0v75tL|zb^1Kfy1_IAM!b_z&_VUts!~02#*;&5C4eZFNDH4zVO^h$k<kF
zqw^*X+i5X(;Vs0uhBzGioFC+zP&S>1eQuq=jRN1YEtqN-@rDGR7TBh^U+@kKY~>4r
zcT(W<0$bfng7*e6e+Q4{XWnmG2iA!2TM^&7e&A^lCjXELzxn3hVvYU>F6nPted!;E
z-f5-VsGcD^ymJ;8YE8~l2ww@=mhnsQI?Y*S{0`&K8vmH_sdY}^rH^1Q0t&m15N`}&
zuBR`A_~CdqeA4K>F7){>z4ilEBj`7Pe_Wsc1O<zP+KsK9!e&w6BLW{c_^k0S8UMQR
zmp29za!t71_@g0tP#e$XMt;Qj$Kc;?dBQf&!^UM}Ps*;B;YoS8EK){Xw_bDF;3q-*
zK`(($g3f|2g06y`4LHLC^@C<Xhe0PnS3#>cVoZakK}SF*K>t$R1yi=#Ce#N=x-k{T
z0R-GE@I2@M=n&`#h;9M?JBF%iUN+&g#=m5I>bxN^!`3Zrwn+Q3Pc1jHCiwlJouFC6
z3&yG(I%M=0jDOnrmn+!05#rai1Z{VV@U*}O1zr%?#y(w!cS-U#VV(j>*KWe&A^v<Q
z{JaRC5LnteXZTl)zoZp&6=*qV6=*eREvOO1wrz#q4(bJsg1Dyagm3rON#JSFENC8d
z0Q8-9hfEqLjDJp~c|qW71~1*LbJS}5oyI?C{L{v_KYZT3#V^5Ofqkw<ry;ulx=}&L
zeN@XiPf@20;ahcM(4D;v{l)AaGIkb>f95vrUXuE4I;A%FqXsXQwv^2q{o}^JV*J&Q
zX{{mSA2j|+<6kwtv_<Sb9_IMr4#?D8QAX#W;hix4W#cdXJ{`Zw_@nSw`zD<t!iSAa
zu)l5agt7g)NaM1=OWILp5M3MmQ4LG}_8Oge<6DKpCcI$$6UM)0{Du!|&2i%&HU0(T
zulkUd4;lZU@lPB74dbu<u+|$h{$b;vGX7QLH*{#dY2z;#|AO&Xb!vIP@edmRwDE5k
zzoSd*9W?$)<6kp=V?@i7#y<-Ggu#?t176jQc@NYM`c63e4yPaXZ5!Hj#>?=EhIgbw
zevaKleirgej2p#12vo_nK}NkH>fA(E+L$&r7mR<__}7h3-MStfqs{oE#wT|g_<#r>
zH~2LCD}ujztF{sT+hq9N735NX96G%&=2Q3wK`(%gfsTW|o9?Vh@1pU`<^7t-(~@4D
zyVb^TG=4bG?cn!=W-G|U`U}wGy`|Ie7rVQ}c$cAbyZ4E%BM$Eq(be{04*?nn-OLrC
z^WD5Fby(!-CEybx%)Gvi@Z}J1$rF062$yAb1%4y=<y^Pm?-Y2};Ddtqg2BfG?-cNP
z&?UhOr*i|c<xhsWI@|<)Z%9@|_@LpjZypWF%Ui0<{dU^pUAyC<{E&Ap#Jhwr*X%do
z*Y;x$0^P1_LLA!efPb^`F$A6Q3VKCj=Mem`TLA9_=xiC;Rr0p^F&coGpLY18g70et
zQPJohDx>?tBC=yfcDhWw^NYxs`XwX3ZsKx|TQz_a9?<Q$A?UNL<?@g;GS<WVE!cfQ
z=o|w+1G*-7%vbFo)_qVrs2{WwbgORmHgu)UgNXM$=oIM6ZQ58mBrW-PE%>8CmH|E>
z!dCMI@Ln#%KON$oNBAm;He{RDJ%wjOP&;TG^zCp5VMm@J)8-4{od7X?rg<6k259y0
zt*6)y-LTyu@Hoe1;2#Ci{wequKyS&7Ab+4nP&;T8bh|EtIEO&TLFYi1KySreLp+vk
z2_6jELALH>`;CD=OBv`W=)2)gAf0eK*mTc8#ynque}(zkj(G#r1o}?7e%P**pPi5~
zKlAWy9li{F4s@&T8g!TJKwkwlfZ9N}>w4cp9HudToALIS(SIJimq8~%JnuORpXWWV
z!{@t%OXP!YfR=vbc1w2a`m2TQCSbm|?1n!o_|n=m`1?UeKu1BxL1#dVxz~mKD)5rA
zQtj1(*9tr?!bgD5i0~W0OFxQdJdkv)2=|xaPlLBwDjK{W{39UiP63|>u^kqBuXPDJ
ze7{Cl?%mpwr?u=>{;mz_wj<23VaG+Ui@E@B9&`lsGU%VPJBj>Vka_(6V7Lz9c2GYk
z3A&lv51pez?;P+I5oY|=JMsJjl5_Al!bd=7K>rwb9r0Ix%(u`lu+J@z#-Te8ItW?-
z9Rr;N-L5->IF~`JujL=dItc0jje&N8-m1$W?m-d%Wr0rvUlQR}G0d@`u*-mVSny8)
zUl3vHFBwOkL3Cr|$}9WlFk}m$)1XVB<#E(K=w_}TI^&=Npasxr&_&SA+-2z80M$*P
zKZ0)NlF&H<V*c0;i@CGVyJU3Lk4HkeF0ojQ%Ca`Z8w$lOhQc!T;YDOtZ($LglaQSQ
zU0g)R+PMmy+N2HLo?nM}O`s&`2<Qyx5@=QG_UybB?M9?AR3@E_;2i>f8FYGFxA*Hp
zRxZu!W#r2zu|ENggN}f1)t!d!1<(yp(-h)^=$?mv8gvnK1GIcv^S_gS*CLH}P?Cf>
z=pg(B&|7im-(ozbb>%I@y@5DfPi@{;rx(w4E94oWvjEKaXW(A~^}1MR;Q!CE9xwld
zU)~1bZqQCp5p)oAJMJj-kAu$MV!X@HW8GbcziQX5J-0PMuLCp=`cAlc*gXQ`yYH9a
zp8;J0@k8-CP%Ee(lmxx)zH>FOpY_~~wt&BIle#`}8@kN#dFWpSt)97g{=1>WKDrbB
zt@gY9&}H7go9>87^JVyFK{r6Fv){QKG=*&UhQi|r+q(g`lZ)p=b{O}R;a!A(y^Q=;
z?XS*hO@8Cw1k5{0|5!H)I~mXc&=JtBxR;=J0(2I1@fPFI?ltPpVy*-=f^Nlil+oKM
zc(Vc@1b#t;t^E_=ofZ6R2G{M@8m-13GCsLQ;P4nY0^V_<a~XI^-ll@~0PYvz{lG7X
zFf~sjd@;nkZo<n8zO5#K`wdRQpBMb20-p%U&I;KjgO?U@rU0_816cO)Q6ozV9qRJ#
z$$W@sZAkwpbWVa^2VK4eea5{Gz2$Shl_rCC!ru=%0eao=d@Ubcg>2~_ybJE~c@nik
zMmGjOV=%)9Lt*l)dqL<~9{pn#_>`T6>@sM{UWRVpF}`)Ju+e)PcJ@Q}5a<Z#=xxNa
z>D|nK2{vWjokaM2nRKpzcLQ{@JC%#2S2vG$DWFDB2WSYi6EqJx3_1cj0Xhe|0J;LY
z2D%Qa+lMg-Y6lI0lAr^i1<)zbdC(i6x=&&s1nLJ(gNmR-prfFZpz|Pg-|8Lcd%#yg
zZ;<z|Fz<rKK(nCzpd+B8pyQx(pz9$17}`=$8)yhL1}cJ%f=+@?fzE>7c5m0f+ci+R
z23{9q<SOuze~qyVY6LCjx*=D0N^hc9$wmh8j(}de&G=`ae+9&6Xr5^=`GHC)yfr@O
zq}8z53YrGZf1B+umaC&k>(nizch%@ozmns6#dV5vHP@_vj9dDHdTpwMA9np^cwwE)
zO>_=Ge&i-Pw0R6Vi>-U7Zo$Smp>q-Vx(J8!T`7D6apYQENsoN@0I1#9z$4{d<@T(t
z(4*@;fOSnFqycQ*!2=dy%ou#y_!o_T-T14Xag=K{{;2UY#y@C$t%bGQgii?mdEhG|
zY;~<)_d|LOx8b+y%kKwn#YP*_?FJ2j#z09>1~d-}f19wFy#vsvJ8AsajlcX^&Bw>j
zUe9PUJT1YV#)Nkoe;WQF&;sZs!#f85WrJ<JZ>N94*nZvk*Wj-{sPoYTzYWv@x)nEO
z^osELUN-CwmEm_)<7z@xOLdjAX~j^)ZK<w4uxUldCbz!2#(mJe=i16wu2sits_-y|
zv;AMv{?g`^uPndknp0o@d3Vhn_gu@@k8FF#b2ZNFrqfSM48Pd^^p2LO^PcXum5;9d
z?@+^UG=Ad2W%c-<D;|F6J+*g0aj56?6Om=zT}zy;pSkBf+aG@aU$_sQzUSKhzt;3n
z*NTTG?wo9SM_u(j*BU{!pt>%aat5~d_uFzscMQd*QpMOz62Gq+Pr8$H*+em&%ewLW
z)Z9!e%g3s_Mn?K$gF~@SM6)<DIQV2=G!`9;^mYzxjk=G!h%>RzO{ON}bD5%Z*GC5X
zdrZ86!5Gk<7AWn_WhQ~$WG+>3v$>*Mn46u=<%_OT5NRRKX#dEb=GZ1beUH~thSyxm
zV;OCJO&(wk|Ier{4p@=FZ9~J+k&(W^fydoMZe}*0Dim0HW{u%=CY5y4I71oe>sHKk
z)-A>-^jnRMk%14=-o_E*M?UCm><5jEYW^Vb;C78uGx2n$Gnr%x;B4%MGUIOV>n7M(
zNafS<%)s2tL@E!4si;^!6;H;}*<vc6jb|FxIU~KDq?XNFP>$ZtO>M2p-`tEk*`D2%
z&F#&);Jd|rv+C{1w(iXV{&c*cPW_|v+GI~Yl^WaJ^ceFp3G61~8J1bqLDo&~%f@HY
z2{$+KiBzK4sH%W!=`7xr*v9P3ri<>@Ol~5cafb)Cx|1kr3jHa{Y(vu>NfrCD$@HFd
zaxR|fGljwbF`9MR72Q-mpW~4Psyo1#nT;iKv->=`v^QLcdxr9bxVtO0FA$f!tm10x
z45vcjWGFlv3hxeulS6`m{L*IfsZ!pYV4>*I$WRU~=w;V2j6i-<iG({#HFwM_uh08v
z8Q#+#Po?o>YM-A1e%~meG7+fXbaqcXlTNycx%{4#n@-{p*6Pj9O?c)!UOv6YW7_`M
z)i)UH>Kut~X;od*iRSYd%xvU|cp<f=6%#-rmrU8d5fl1*^Xa1MlN^7M(Xkji60)Gi
zV>Y!{`I1+_yrla7WKzi(Rz_lAn0VwdM4Oz)h;3fCri$C*^MiB6*}39K`jaZH-gq`y
zn2zsCc|$ytDyH0hDNJ-CULX>x)-52uJ2O`(x)UjvUAe$nfHPj3o6Eb2;=H>zjwx*}
zlW}fAA3rtg>of1FTo~Ur53{M%E(E<W>p_MKscayePbKzHZtKC0DQl1IKpE|@?!tWA
zI4Upktgd)d$9owz3PYI`+F4E8nSE~DotT@POy%84)PYLUEfhKAo#^mzOfh1HA<_)X
zVwhjik6^-BE9P=;VH(Rqqg%{lL5dgUd=rbL@@Uv>d@7aiVHdJx5&QvkC$*l<%oS7f
zn8DMceTClkY$g{^Mmp7rrCkdX>DlR2eu7h<>NB0uk@d|jZR;al5l7+2T0D%2*uzR^
zblBH1Sm{_k>_j77o{q)TA!hy0qHS4VuUr@_7~|X0*&V4omnTt|i|{>VtU4T^aW~TG
zyuYc1!```TD4s81p2xT&+qo;!=?;%{s!2ojb<=^!k47S;{DGX$OH8K{yD$x8Q(QM_
z4))^Nhl_4JnRGEMU?e@MMqE5m#2SFE17($uZtMi8IUUEG#94f<fQEGwXyf!`8cmPR
zmY&M8KJMzwu>0=Qy2a@<4eK=t>8K)3#j#j3&)ZbH_ver=yBs-pvA0molwFnE@{;Jq
zVBB@r;FE5Mhx$`x8c3nS5;?42^F`I;kq)~L%ds_|+e_1<GqY}F8o6-0)X1Q0D4$Dk
zUjZ?@o|c2}x+3gOq^HoK-Qsi{8!0dDM^f$-_9Cp>say`p!$6~3!1yRa$Bh?VbQU+q
zH?Fj&hY?a&3DIX>Oj@~Y0b4pW2zEE<;3Yae7$${jC{)O>?T=jVnI89x<VEuPW{a-o
zl1F43prH3tT37HBxjD79R5nyA=?3%oHZ86b=%cX|dadOtJEm3bHq+=iN``=K_0CKt
zmvDVXqdSu-PNO0x(HGEi=*F}0LSb(%kGe(2oQR{xU{PWDhOhv#|9SJdnwMsvh4~6&
zV%EsnYlX;(a5%8F*;uOg#*1_Ll(#4AR!bzJsQ&JCPmX;z6W@oHK?XSGnbv0Rr%|ub
zNcRZ(J8W?{xVcH(Wl_9PLd<)#yJhp{=Eq7T1L#bZ;;_%yF&CH%MB$`Pxp|@Tw7|+R
z)>Ym5W1`a?if(f!v1!CUcse(e+W1Kff~il;WvAo0jj6)y#^}gUTg#R$vEk9dk=RK0
zlUT+kF_Yx-l&)vLz=FEb`h|RABY(?1fpjoL)o3^Uq0!x&E>5H6a#P%hV_{I~Zg56Y
z@qA)hjcPqOm|ag^#!eO;r^E`L$8%<5kwpW}VeYz#U5r^X+Bh&d19|fW8AX@ttseh+
z^A_pc;0~(ct7m}0C%tjOwlV8sG|TNtWLQ1t*>NM}-Fp9`70Sr5cBCiwnJKJ{T-zUv
zj0_>aW#q=bRwyI)<Bt^Mvl(>fo7(XejXigyh+Qie%tSGtQPrNFna!m5)XJf4^X2Pt
zl2}|f#%G~eGCh?l6m9(2Tp<;cz1Nl}#E*534B#mgpFwe(h#@Q|h>bLWzLpnunH{Lb
z_NdDC@>`ZSk}9(KA`_9KTEAKBOnM?8&+o(Ip`MS)vo_7d8%xBoILBtVCHKl>b@V<5
zW{{_CshM0J8#*;zayK_JhuwO?PNQC2=2ynEb&)J)3TgvB$8|22&1EMr@$T~CRggEV
zbFqqdNAVOM=^TxAs{x3}>$~yvkF7vzgWrxZWrG=5ER9n6?WCdmiYe5dmRKT_MsJFl
zHG`)D!7j!*dr!-zpdJ@1!`Bf}2DS~h4p}@!bDQoMjAa}v%;Rona!)*)z=)sB=Vq`7
z@Hs>60Te4f#XgNLl~sF<P+U&waT6cQTMjGDWL`%paFJ2bLUAJfebIr@SZ}nyAI}AV
z$Wk~@TG+X@vu|KAS!_5u#IFQObb9)RM@F?Y);%~7b&!!Fj#<!+{dFLeFBwN++BNZ1
zQ>Y~~HJ{)D!42dh@kgSO!GUf+zMrmZN8F<EM|=B*8QrF@l5}<FcMG#AE-#Cv-!r&<
zc(m7xKZ#+=-Bp=51AQaC(QaKyr8adrWJN-!7tgUH>N&QXd&9^Cx8K-CqdxS)WA^X%
zOej!KE}p;!hwa!5_j#N|p?+@O=L34C&&T44L~2%daYtkQT=+P;A<gOyNj|lEE}dsx
zY**Xjp(oYAH!5OZRo(_ST)qjbbK677<j=&rrC}6E%k7LrqC=xG*=bcrNBc<I?nrca
zM|3za+5+-Oba>Q^!ZQ5P&e84I_2@wwkUtsysCNQeG5&D$sdBPFo^-AQwr%0c^uD0p
zXkX;XsLg(`+^#+xjz#*0dQpBm&jjLobr>83<#g1542=WZzXSTZd)xkv=LbAOr7_Q<
zUF>>=^|ZIZp%a<#coFQivU9WMEJAG*sjePxVn(PQ5?}{sOC$Q(CZgsgurMYI)9B{<
z1lers)w7M|>B9(b!_Q|Wp2GFuVThYQ-TiSuHxn<Ky{KM)VA~|-s!gB>7t?&A%gynD
zWkiiIb5I?(R=A*OGxp@#Pfur6CFk1=8NeP?J!<RoLat*xXER0e^2K?FkHtx3pUb3Y
z6Z%||t-h##n_bwjb?I$4{y+BK2fV85x)VM3NV;G+lF${%I0*aRBmP{GD=dz1BoT1X
z75alMfsjC!Q#<k%l0Xyj#}YVp1~)MzYSP@aF(jl(m5c<QOlO{A$9C$znc`HEQ`ycZ
zTCDatu?MD(lIg@LxDLs5nml8_-`fAqKIa|@+;-mg=6l2UU3AXgYp=cb+H0@9_S$Rj
zW3)3*r3B$NHJLKt6L$iDUaZU6B8g87%+kSX_{adZc~ze>*F<OcA$Z>pb_$11;6BGD
z=8je6h-Pg=fX(01ZaO^paXI13B_qqHGIQnWWqCitG~>%nPuZY6;y2;#>qhJPjy%%2
zAAVx$FVPoz9+DNUWS{DJdbzpsWd9Jo<l7L&X{Yo^sC>+(Vy)4{JZNIAfb}2QsUl0c
zj}72sz9uRB3XiWIOzh|=URx*ZP{@($6QYUe)+~rjx&(|^yJP9DK<33WU%l6>lk(@Q
z&ztYcrZ=50A0%HW4{LA@Eni*e`8pqh=-&Znv}Z#PvcVmmY}lZi{O?hQhGfWv!(@wh
zSugd0?lhI@aKLp!p7Gmv2!8(k2jEeac{}0IBw5Xb!8!qo18xl1SX>wJQH(VK1`{oR
z#U@;o^c>M8aS|Og-e5=I|H1u7k91?}%gv|yB#bcPYisyYN8yk#G`{A5@va@ILb1Uq
z$Hn2)k^Oup)4MQ`bW#yMH^C9kryw!E(5ekPetn;$&fvoyz9M~{MrGZWVO)z=GHr;=
z^-<bJ0I%4tgWGm$H?`@|VcN+Zl<kd*cWmvFUxL*7z@el2_D5@4wzFw%5S~GreD)3;
zV*YT+AEHCzl4*M}R}QFDu5$=(K;Nsuv*ZI?SGVon*;>cCg|YnTzyK5)8_x5=2}{;(
zUjQx!gT6U@1iPDa)Jf!V!@qNH7s(RsiS)YafxQzD-(wOwh@9cB+;MrJf`NdUP6$bh
zsH=}c()ly`PCO5G4q~ayeU6mZbEsFfK~_c3IxebS-|HecV(NjO1D)NeBPpO}^&CFR
z_j_5L{rpAtA>okX%$%UzU<_&40gho_IN&EwD4eTOr7QXfFD?Gb5uheHz;oyHC-(Oo
zB=KVoPHqtq5cUt@E>JjVkBHhMJ71J#&O4|z8Z#^l9PjRl!4?=8NIe3rf&HSrNB982
zh61dGUhF}`dn$JQXm0FDJrWhHWa<UGOI>~am{*Bs*e~xSA2K~lepA|>!{7-7fu7+f
zPf_1tpIyPyvxK2%4Q7J`Liz>?#GVBZp0WMIp~SO9CHDFiI)nD8nzwbb?R|Pa(0vC>
z!=5JdJy9B-fe-xVu%r$YyfDRqf|9xCNQ0woSiKyDg(yA{T&icV6Z>2cl)ahh)o_>u
zq*LR9(ixs31HpI#(ixtBbi&hvAuan$(FuBj(g_cx6C6`Sa=)*yo9#!4B|a=!SldV4
z{Y8TBIk>k|s9RQE@KZ69V6-$+leDDp&{oUp<5C7UGWL!Q1AnQHXkakB*k@#Xraec(
z$==Z({hiuD@1NM)S<^Gv)^h~b4xC-?c$Dee+x27@ANWRljyit*o$%8;3nJi5@wS66
z>!|H85<2^P4(=oMI~NS8g}LDvPZ%GVP@=t2vEPdQilotnwUUf!(fgV6lC>FIEWWxK
zPV7~~Co!nmBdm{D-rV$HkA`-&SSNYvbKA_u${cyLyX55qt4|H<fIO}YbbNIO84XgE
zc*^K`<a^P}3EBh8aelEZwx>qCXdyoW^&+F%GyawQ5}Z&P49ZiEae|jqxTv=gAk%pm
zRv)xA#Dd8g%kSpQm5yt_TUFu4V53fuaI%eU*!by@0ZiN5jhfcljf7w2Q@9ZiZ$d7w
zcN=r*^D!sks2(?+v4hdrhW%y^$;-Ag|2$7|%eYW(nhvSg>-IarQc0c?XZ7(?UKmc7
z3rX$s*CR`~>AcH*@2p|6&5g}9wS=n;#wg;txRJx>OCE{W)16>DqO>)3pj+)k%knfY
zbK8&4%zF9&_7EQG@!Pq~kHWHO(#Fme_j!W`QI^|Otu;Hg(F%dl;<cs84v}^+InSBR
zj{p&F^HTr-92|!bl>$M+t`&4B-&@9JazDq%D2|G~VzoXd5#>80K3b?kW=z4h2%yJ9
zw=|O8FFaK)jV~7Dl-iHjhK$-IdIA?~B=`YnD}mfCKDuRR1OsQ_-aa^p9ZC?+OflD-
zBKeT0Ja!n?PZYJG=OMI8*=QcV=s?69hMpl{_Gtz&^VZ2tTG=g#jT+FM06M+(P`omp
zQN{+a^}>#t<~kl>2YZl0wRjY)BvZk3!Y9a^soKf%x}83~9+pP!I*4w-s`rTSEqU-!
ze%~P5)6Ga9gc4w30WLokPFUbr8N$w>V9<bk#HwV_f|ZR34f4{BF_G+nBSq^sRu9r^
z$TkKdvG>OZG~Okxa5*thVqGUUg);I)az^^$Lx<&bqUSZ#?Wk+5Y3kHb&Y6$)t2{;s
zb4cl44@`XcM}1DZg*+rtvH0<%?M&WPSG!x`Lc2V41ktMcg1T4qJs&T7F<RMxk>W+w
zcJeC3`U5n<50*>~Lc`W#1%6}zPA#@2EY?7@DpM5m*jj}6&|cjUwhCh9Yx<8wcOV3f
z`9i3jz=;iexLEo2GQHOvMKr_qgT1uN$JQ(|4W=MV!h73M7QD;DSO`k=FB^hgNBd9>
z)6ud$ZFMaa(kNfq=0qLc!3SJ~b`J~C67_B0(YQUieRs5G2VztaQ+!Z`Pm9QIZ1SL7
z9c6W6J?2M14b*wG6W-^!@Cav^hNA@o1+hGH6#&m<;~9@?m?1bPc*~*wzP*n`n^TA9
z1Th4R)~j<@&gI4J#<?JAtGgaTMKMBi!R$fo7K@bc>Aqd=dAP9P8rmxRmBmFcschTb
zx_w7O=aEC5dv@1X1?gPT%W~n&LXe>#$sK^+f(@XeT48^%7|lN2ZzVPsynZWEdvbOr
zxn+U;^6&Z${C&M+9Od!q%8xBoSjGAccdW1EJ|)71cxCP=;x_vrMJ5nlIUjiQdAeAG
zF%1n7lf2Q^dpI-0LZlSmxUyr!^ARKW3#2|I6PbLN%2x;)XfHuKDq+YN>xU6XB6Sgb
zGAgzLsskaCT-7Qa(?=8WfUHi@s`Axb!PoJU9+uBEDG^QfKxfw@oj9ogy6R{jgfA({
zyzZqfCgPc=ES2b^g`-<8BcF8uJh}+Q?03PucnF5$A$Mq#e;ugWq2+q&q4HQ6GR5Mj
zk@8Z|a^zKh1lj|w%P2d@`-|uL+Q|3=gAj2tGPuxFUh%IF`srcSLV4Z;f#IHzkIb^z
zmu<b5$(8iGNf><y(h?~soh_!cHtS_*y-UH5dcW!Uq=JKR&PRt_r0;;4LwK>rVASL6
zXiMAO6ie7xM-TYNp2c7B4oLXf>e}M)3s49Pdxq~tJ%0pG<kzCSDE;n!n4NLKEXDs~
z(Mk`{u<Wm(o!kEuDu%@(f|5Ir21Ik|<IL4g+{ZacUQghaykNf0PJSK%$)0rZth2X2
zwT~R!p8DDPV-S-&ypuFyyh{)-EFBx_{3OD!G9f)U8QcJl31lM7gkze;J%Th({Drq{
z>%A?zxjPz%b;#}7$t)CXlZpMsjN0caPrQ*hIHI{Q_;^?A(xBt$MiAY=A&k4Z(RlgF
z6h#wGmhFL~5sJ3EZy<wsx8KMt<2t*Gxz(92u9xT6YQ*_9#8n@nJrZv28};mL5`{%U
zu`mVAL#_ylJC9Y{82*;KYuh$Bova3LS)KzU>%pV&Q_x@%e1$)SmEqlh1#4h>CVWe>
zj#};FVeIhjnTT+1g;RrJ0z{j7vOX<O7kin{$DIa5sumN7(59K355TMZp7Z1>hopef
z>V-MWG$#eTac@Rut%@H3<!JHse#^niASXfQkPP4px9ZtKhA+7fA|^PaWM;ee($O_x
zwb0Jxb;`(vR%>1R&btu^hJ{aNiTU^-3I-JN(B`j)E#5K<dHRxsg0DyU*+fll*<7@H
zI~Ip9Ffn+@&BrHy#HQ2O!XdLkoRC1I9-V7|V&(28pz!jVA=<uUcU=RbguuH@lIDS@
zah%a55}xY^?-;@?&u2*4PHLh^^ux2D7YU~g6_R@zQyFV!nbC(enNoaidppUW(tvQO
z*1DRuortU4K~v4a=m3Q?64x;2lcgm#w^#?Uy;w;@D%Fo6&g?+Ja%{DM?{ZC0L)lt=
z92}Z>uLoT5hiyuGvkVqDAdOmWvXym^?@-fsd|V=gpZr;>&GYmLF;4C$%XU#8$TYI+
zxsOq%_~gX}z(~Pa02$y#yWMlw%ju-DM-Cl<G5h|?NkTD(2n9C*dIos7zt>n0pu9d=
zjv9y<X)?Kq=SK%2askRDuq-j`pISDv-oEYtCf#7Y*Dp)VY2!z#X@qQmw=$qhr2M&k
z;wvLPoYyVO1|=F<-g%@88|i)f5P=d<$kRSnrlzT3C);B#4*>VlC+pzap=D1J8zupT
zGV9==G{u#ZZJWwe>z*>iJL<2){9qB5L>aYs;QO2-ENV!4pEA{;w;fDyh2}bfDXM$_
ze8V-MEZMz8pcWY??9>2}@|G8bcgpd@_t64pI!_xlrOVuZFihDRI-o*Nx#0TdnDKo2
zMV95td~i@i@MLs`t7pAqU6q5Io+ADO3I@`u%87^}cH%FyQ|B)$>g)_IJbzhHud5jY
zESKx?O4dI=lKJV_-xr`7gXKx_452H*#jaP5osj9JSh-AAU#IK=cy8dIec$ECCPd6`
zKuN(D5xWM_!w8{G0CDab!8trYOSxyI-fTmdc$<i#=b>~o&3J4FViheCF!2neI(ft(
zdD9`rZ0#hMO!UrueHiP^)lGvCr*vA?UIEJ{I7u(XCy4D@Pny{3^`tSwNo?&x$0@%e
zIjmWAwE0gNKKxWpZXHv$r*3q=te+8=h|Xoki29h%TZ9=PY?$pd%XWM6WD`8~A)dus
zANQfl7WC2einaAg9LEt`h&}8?UUw7+)Kcig%#I`uqJ-OKu2aaFf%)Lz5q^GJw=_Is
zh}qD4cGog{oE69rOT{nRun;>S+do>jjTI4&C<!CQinP6uR@Hugp59N~jlz!BDtMMg
z$2*0G6Z--5Hu%Wkk)8w5Ug`Pf4C3dxJ$J9L@;oSy9TMG5fikd_dDI-jihF2hf#M)x
zOs5{g3ZLK5auaqj*ikXw3kW=egMC|TvVlcBX2Q$1v-)az<PPmOd(yie!Lc|#UJ!SK
z>rOfwV1Ew4B2JRegm_WMg=t&Qz}-xUkGj5laeT-y_K8AK+_518c7zamP6a1`4;x86
z8xV?fkZ#sc&_22jAEIN)hIS3h!9&;?((gS;?qF)g6SpGL$f>W|Dbkok$hITR|L(_w
zcjzV-5=b|>P^(x-j*eG@k^4)@?F~Ej;P|fspX1(`I&otSe2n^aGBQ~nU1a_p1|zOn
zkpLnMUE-!>rbTh-3e20sk96|eSY+Rz&bnHyY?LLii(Mo-)ibzzg)BIJR88D%1AjdH
z4%nnbxz@pyETi*=FL`|95PXL}#_enV9)<CSWL2XlA1cTHPVh*c6CP877Ndqb0Ni=t
zC<IFDe`Y(;_BhG7mQHIhF)A|CF_G)AeS@8!#G=Uqhcu2<!%1o63e(HNG2nUcI_Pw<
zyA4=;8ZHx(i*Ym-4hf7pY_a!r!*}Oq>G+WDbRlFM_YSdZQM@HIdDQ4Skb?c%MU8T4
z6M7m<lbIQs*F!hf`aI4s<E|}Wh4X`=LEyE-$#fyheFqU`ffR~{$F&LUu7Q56&#5Cw
z5TK%Ids#MLZ{z-+hj|;xe=hXMHh%p82T$(s9Lr#K0B1}fzHW+T1gmKr2h~R-#~7gP
zW8dXY8V`wHx^IDKC%u!=01cL=9|pT!++8Hy62yPpm_h3Y@-Y!N#N8RP-<jh{=LP0*
z&I^HG^&8K~>@<xI$QqzHzXwv?eGg-$i3@>TA;Fm8Fj57I$SMh;;p)fUe=iwbXg|hS
zr-Kb_rX@6(0STj}k?AJ+M$fXC-bSQ*WDVm8s^~xu1~{Ly=zcDm73gN2M@S#-WA}Cu
zEgVoQA$vG5kLFrd!c!mV4Mw9zH~0cEM0+`p@O*t9k*SKl_uyuh{*e^7R|S66hbl9(
z8+HD;V7rssK$4zEv}5}gaWoiM_wbAAIzcmJ-3^~jv5f@D8N{pl-kD541XL&@2Z-ba
z_S*O)s?|$rs6f#n-X(`HRbbN5<V?pEFqxvb3rzhi5Xi~alP__3+^^7_N%$p29_KF+
z)rFua3gm>Y4q&l_r!z}Bs3%<<rJ(s6WXTXsrRLoDPytABBe-Ve<6r=;t;5Az{NR8K
zCls-42i1*>%n-z(Omk2D-n^)8mZ>OJ(v!p_Nh^CFOhtuFHy^%?IO9xu0@^B!K3x`B
zIqm|I>m6^s-n_tuNV=iyDTH?3@{({5AANPmxrky*^%&l{=$6e2!YT3s>4t2uB_Jj=
zcI6@O40fu68IyG^28G9zVjjiWR<S?^Av})^C{k=R&8lqd_Aw)!-7~1uB<*k(2@WmQ
zrNwj5Bv1O1CMnr-u=$%)AMeq|CA(@w$h0);B(xewY+UGd5#Okf<b1XX7rjvUJd3x%
z+6Xr{;Lu96oZxu7RNNV+J-5+3kFRoi#CZh~Z_*=7Pfy>IO++|%)9qOl<Pb-YF9jNu
zvQZ7^O>f^ma2jWd1NUArCTV!6?!jc9z|{j$T4zvuFivQZ(&k1tig^cPh!Ux8o&Q9S
z8=)VNCj^h=j>^lRb{z-b(Nn$&Iprd*agc?o@mT68V-?j;4G`lZP)Ca$LOCov^ol$=
z9JKgtPMJ=Z&^Is~*bwyK@#X~%h56uB{d3pna#g_$rW$$<)-bzz0R4dlA`@*XC~WS6
zsB7<7WVm()@-eZgY(*c%l(Us3O*r5$^_BOW5nE6(8$i;c$}o%3?RS<g@PIzLR}m8q
zk!cu=Segk)UQrLuK1KKAxFYo_Kl8+2@vPEmJhO753?>s&4y+jNOhmjoPKOB`9@>Zo
zW;OX}6G8V!={%Uig!_4cBgzsH!zTuw2cHmJ86U=W190;s#ozYQc``wT`>fCy7-Os|
zcnoPF07U`Y7wuwoigtPGqLm~&b>z}chIBVO1A%)D#W^Sbjw=WP&N(q1kBT>t<^qip
zztaCexS<pGkp&n70+!njH&9?6_`2H8dG}g6z3Arz_t1~q6yYqbGX{F(Rcg5VYa_+p
z^0-3c?Zf<4ids<l&ZfE@fjFe`AbCb-=5Xy)CpiUW+Cbmoo&((*K12#Wqx~u~lew}y
zwHxPgn3)2dER;A+Ckh|qjdm8T?;-bymaJ2U3C!QwQn!P)jf7i5m80!m?vlf7<2|WP
z=h685xcd-%VD4Oqxq%cR_lvp71dp`chgy0L)IF@FcQn^E*S6fNQdHZSP>5YMZtr1O
zYwgzZ_u+{1VXS=Jnb!43aB1Oq7@XS|IQK?^$Cjq#%YkH&h2WjD$vz<Cl-<({AZDqG
zI3w6G%wOcUas%6-RdAhrUrRFDj1k)@n<D#4j6=6UoF|!^78!MOzb0$=JbBlnNjG~$
zU-E0Ij?it<nLPKvLpI1GcK|jQ(J{9yxU_QD+}*C9PZsjEfq0b~Jh*|y1A>e>`K5p|
zhoe!x!Kv7I$A>Dbs%w(9+v@5yJS0OcI}z5>*?p8;SH|kW=oT4=wt8^WqMP~-LQJ--
z#)+$*hxyYYDt}W4;8qXv=X<s1kGjtRZ4o8~6I0n1qM@O6C*tX70)W#6<Iy`9P#>!H
z-BB$$rpY(Eo0<!EfQyvb<{*H^L)o2p;G;$H)TM)Y@q*L+lxc0`ZSeU<Roi?$Dat9i
z=Y>5$89kX%7Z%qP49D)u7W)?0hmp&6Wr7CxgN8H%C-sw??`KIczV05}X6eSbE55Kv
zpXJ>c9xfluo$9w?JUBU=G#6E41KXltnOl>;sS>&zFkgCSpX1&cA%v3BJYE*eck&AL
zz;#G~JO?Bx6WSpBG(KJW6)jPrf8Za-b<})M0Bdr0QuCLgqe1~`9{L4NY~=;x)Y{i0
zHa%!-RIRhz#$>KHQNOP(LI;tP$<szRT_?_^UCS4{I&7X}dcf^K(gieB+}#rIo)6@P
z>p+slR4>e11STJX7{KPmMp|b>{b7w?*M-$d%`C@uEcAX9_>is_bor-d=Le<63&>NQ
zoxz(-UB=r=A&fpPn^87Xmyx}}QWdQ9wfJC}Z7%v#to3_wQ2`zCGt|4-e3Q5+R+{3H
ztGM?D@yzTRN)~^}Zr|lsE$KWZdRQ$I2l`T^Nj)dsiadw$kdqOBN0uQek~4XRtjvv{
zan`Ltj3M7n-TT1DCIt<j$KRWo?zY`OD|qBh(ys=H#ycS!Sep&_`dN+<_}){rmxED4
z*O6qD_2%m$jc+#W723%Mq$ttp#Ja7sZF_^T>fL%|Iv1|MblHvk5@~YZ@Pljf)&qRr
za(ql>$ck3K7oJ~48wlTx*kkTk^3p5PeFHHVhG|?Tl|d6qa2cj4U}Y*DLL6Yuz+iY%
z2y^Ye`1?lE9<-YeSZ)(jt2^m?E^t#Yfu+j5byFV`?-gl~lWur^23T9=9M97RJ!xJ%
zphq~_=1BK(nVl7_<F5N4j;c0rtgIC-k)nNiULV|wI0T4LI#=Sl;Xc_*H$Br@nEUwJ
zS!{p3xSz*OZ&RK_js8X!#)$6(C|gzVbw4i1>c-L!9#_}z%k=}dDc!{{^e9Z*7QTRk
zFwALJzK<fR58X1f#@4G5{H=v+OSs7gz4pPjp#2r_73rYTw=P#ak@Jnurv&@Rx5DS^
z;Ec02SP)}WXnQ-@1gqzxqL~MVC_w}*nvcNUUz2sQWj#nGo5hP$VuT-8G^T|C!-e3A
zkm4cjrO*Y1$R&8Ur{DnAqiHBl*6GVKRQNB}H6I5_puKMI-Z{bfdJ44rtux7IaXyG0
zcBA&`rh;(A8T{-p+vgxS@-%7(-*M)hv6a@*GzE&U?(ok;XnAzbJo+#N@9C$@*>TgT
z+E2hRVLp9on!)oZ(w3?uPdQ5#ca(}VPi``!U8Dk#;t%P@M$pIZG!;2w7mwOXb_j|q
z=205;k*=laUG$miQOP@5UX3`Emw7banQa7HQ~E9I*nW{}E1cd?hth1JcJM=AY-W+k
z5)bw@dU#OT{zJG(1luuGfb&Du$!#JjVp28~d45@v<(NIj0?A$aS(+*-d5CQ+goMz|
zD)=x5S#VLhD1;oxdvN>-*HA+Ra$hkIK@|J?kPKeRTS${DcHmWBi9!9aM~hRV&J=1u
z@t2JQc3zenq_Qn;I+*MB2iKLEKx7?fIG-}X__<ovb3J5pVY5m*OXt=}p%CnRFEePl
z+#T*u?L~A3ZDG;<0xX;9%)!G5TVRKwGjiR2z^SiJ_{bex%)oHg96_AoVPZ4;C=thr
z?KAo;hK$3J^ix@sbB;XBFTtj<&Et3EP9GodwC5h($u4FP`+L|XI>ZJYJIpWf$@8@I
zmj!O95dpnOY2x^sRIDtGO@J<-h6_h`SvmamVnaDf^I=o49*hzn1yj&HrMhC0d6I{N
z*sIXf1`j&4{oqL>eo-QqO$=VP+d(%$AjlJ$5OEJY^-aHvm&=)~us<_ALDcWUp>wFh
zOeyrzCALwR49GTMo|TtKirXgLGOkRzXTk;fihdV{7Q|dI6>j~$741?I5B>5C9~*}f
zD6=IJC##QNg6#2QdvFE=WgwL}5d_vLFH`m4p^XA9GXsIE8`wEG`o>u&9sLx?=y?BA
zD$PB({FND~z=92Bgu~&SEiU8Ja7g)cCw0{qEC3S@24>TevO&M8KA>`p`{E#=Y?qb}
zMTT`4E(Fl)6J-MPs4U5bJX|Po>S>KN?exXW&TTcjYp}e*HLEgc83*U!7{RbmG*Y?L
zVI0vBcX>*DL3C4E04$exiXXquH&57kd9;?_E+OX~c7r!{gq#)u#-{{H3zef2xWprR
z{)GH+nRusa)yK?`rp-MdnGJF}b`9g!orQGV*#6mxs};nT=VTm&EGj%5f<b(q$5t`-
zRSBJnceouXB$;T`aTCwTsy=*Vz}T^qXrL=PWY8Waj{5CQbz%k-<y?Nk>b?=4QXi_j
zWcgN|p)(Ux$l(-y1|fkn=son+4#cZa3PPRe#wNOr`QScu0ch9edYpE|)-%4AMw@@q
zUTmJ@juE}hY!ii6EK~<@)=BGuCi*CKFWDM2TErdef;>O(Sij=)NoXE9b@3mDruJPM
zCKr^0%}wS^mQ$a0mQ<(fAi?_jM<l5}bL}NMi_cWD%A<7>BZS&Ux(v9mq8HN05BWoX
zXsjoGvhO!CD+yCHoh#tx6TS*dUEg+Z+irZ6N)1e%UdRq@{gKQw31KW#*YnV~Bsr>}
zGG+8HS=X?AN7P`?z{CF5?bsHT&)E6V%N`UXKu=@iO?*%jZ5=oS(dqB$rQqPG956b(
zOylE(tt;q)j3~a?iROslBh<gUbx$4s81*$xZS){<uqgsF2;Hn#i!(#w3oe^zlM3Ik
zif)6Rq8E-|j!`N_A6wx!lMx*K!z!H;Hbqf(b@w7)nTM$iKXLAcIT@@V{%gYuAHfnk
z*r_OBSlu0smp{Dv;ZoGSNCMGc!i{eoZW4cqPA_e|9_7Ch#x4~lZvl5|)yUh-8LhId
z1jBUM082LLo&L4cHw)mn)8Qz62SyaXgN?&`>7el@#yfNwO>mxeP+@ja8@`^b=e6-W
zZzxg0i?k?TU9o$z=-w;p7otP{)3UV&Vr>IBtZgasg)gm{3CW#qoMvUCs)dlZEh1S2
zK=69X?xuC6tXus>TUHNZ7c?427b1|ebP?O}RQd9u`B3*!+*?ikD3d&YkzNixvq>?*
zo4ZMT@X|{sZRZ?>@x=+vEDFuY@;60EK6Q-2ysNAA_c<$b_-Gf=&24>lEt3Zq!64f}
z%ZU-J{ql^xzW!pk@E?t)hbr7F!mx#G$UOQh@}(4j@6qk-lM%grJp+IRD>}q@=<w4k
z%F=yu?4~6yJbLK>{)0%e<%!1~)DE2(_PnicfG&7LrJg)d8O|ekF39t@N205(*~EB5
z|H(9BoYv<`Pm%wK(DNHxT>ZsjoZYi=d|t{pfWg;h?8Xju+C`rym<A>Fidn{o*MF8y
z=t<(W)Ss>|k0vSIVx>Cxce|;>NDakM&Yholz3hA{kPrdT{d3^O_|s6Uy2Y-9?k6Vs
z65D!m=}2=XSyNO6O{eN&9FXJFox)tA1-1z4>FH)S>}lQ<&P&AfM0X!TxFz#f$T>H~
zKUYSq<W;flLxNE>>vOu+CO(d(e+oxZrOk$!>5!V@r3Ys&eBALO>!P`onKO*<yf56j
z9j6QNVT5ivV#pW+vqybY!^KZH$RHw{68HB5AH|k=^TjrvY9qmuFzNn3eA`ug8k)yi
z=roddh3cUNi2Pyzy%S#g_y+ZpgeMNU7u9vLbCYEA$$YOovJq3Wr^9Pkk&P^a;$%5W
z6W0hRTy&=iTg&y3v(3HZRj0=b<I=%uCZt$6=?g1apPnyFeN`{ZBPPm4m)1U($JWR^
z%2B69UV}i@W}I!s5>~F|=!yjFjnI|ms!mx}-gV4BTjI?pyaP;2WTt;2ARW6a?gt8d
zb>U+;v>E8BANb25Z0wY`P8(}8U+eEb1bdvl*ES*!t+T$VrlAw2?LFI@w$;|OZfj#U
ztN(I4t?oW2#jlnS*YZ$3P-_Qz;3ax!1AVV$?_oR+;L&I)!xR2eT1C}Hk%lLcc89Y;
zq~Qr^qHp<nN-~rUo<aA65sX0nw6iM5$C(BSlsAU66AO{|ftSEF+)6G|{f7_YwA7&^
zhXy&1InVc|031Kcl{sCCCuNw;J>n|P7F@`=8v;vsg%;I!M%Gh0i~*wrfA7QZgCE{}
zC;j!{V)GbDnY_(!u6#aXGRxwS50A3L=VyAlX$+tWL!Pk%y`5AAn~XrwhU(R9z2lVg
zzZr01u9WrkIr#7ZoiW#BN9J*vgumZ^w=XqEtrRfd?5s7CJ9jqK)$A}N8oFnev(Yei
z*6yxz-|)___!WO~S3z5C>vmj>*NS%G^4hxA9W_nVM%=r^{?_5lF>WHpCr1rqGZ7oz
zu;EVR(><xO4v}6#>Ed~#_Iw9Dx7F?1Q@5j*t(n^DcEhd!+U>Oxg~9r}CW!?lyNcD=
z{h<viuYLQrx}Cd0ok-bUbBD?kC;1JZX<;<9*0eNg_}jO)ZFjNb{5QW~*~PPCJ3c+w
zhSeOepSQ!QCfbwDEea095T+%W{_LAX?1~kD@Vi>)NO$H)-_Xfj)jB422W)3%3Hr|K
zLz&<PPtPpC>15^!mVywNXk!ojJG7>xTisfPE5hJ#+;*A|ki*RfA$f59I(bvBUnhsV
zfjYs*>(?si1MKx{c46nMUG~+D*X_KIx*b}>&)IQ89<E!pfV+_<3t5`CT36n#TQk1#
zEg5tJwJX^98clkHjlYb_=agd_o0+mZr>u%`oJla@$&^P|PBJNS^MbH()@<-FTh)Q#
zJU6}|8IpB*Wrpz0B_~>55P7nk-WzUzW)P=(ZysD|ln0ya7ads}H`b!N`{Z}N0`yY`
zkf(orxxCNjuY<#QNcUm!^}R1w_T_xFNSOI*kuZWyzFOQqzJ5JE8S!D_^{DRf<p#>k
zTrl%B$0tJ>D1zn52No<@J|HFMu8jF1GW7;|XQd2!n!z$WGQ~l~_}975GZ;U;nw@3v
zbkUnS4&QtwvN(SK{NyXAW0U=uNs%innJshkbX);?g4Hb2gV6Z;mlLY`D}X4K7l2LW
z=|rJlGy9FaKXvNE<~-kn&;#J<M^BC%(>kGEfPjAW0C@V>lOuWTwM%>;!Ts$6;(e^<
z2~TcN|9b$yKM6B8hg=xJdJhWG|8p`)<j;rRCnp~C!8*VT;=;^Ri(h_xC<5e&+r#u}
zYnlrK<j4cyks~dK%Ye=vEmQK}s~bE3yu9GNmc#qaD?eIxu<U36vV10Hx4-A2nwRy>
zAsM*U{GsIp&K*Jdo}SbJgggb2?aIL%gew`C6T76(ohS6Vc^~V@YiVN{-(6uJ)M!Ht
zS&*D$0x5YC%?N<t{XTzP9LCd_08FAkrEwJiA!T9y+N50g)<^T;o4a)qm)DLBKozW?
z0sy5<&R3_9o$EDI>Z9v2)+>vdL@9Z@PK^rgIyEY|c^a81qX;?c8^j0S19h0n^yn{@
zDrHA+fSVa0e=3vb2|`t>?02u;(z1i~mIfeY)sI>Be=w!8UZ2j&z^inY$`O4Wh*soz
zdQBC?7#I0|QiJuBR#5fx9GF#p24>mEjNID(KH8dP8qA}YJQ+$Cc~g1+W#ZxKoG@<*
zDJ$Mo*<YEMWS>ZV5?s!kD$5AH;medV5Ja8K^A(YO6hxlP3qmLJJm^%v1YlEn0oYWY
z2U}2IdaV{dW<3Z!06bqH_2kID(h2nf1oX29falMHTdrY(L44yp7>M`ThG<Z(?9aJd
z;L6I}9CBfT>frstT`lwE&xhV8Cmt4xJn75{szK@yz|2#NUw*u`1j$k6TooWonLvJB
z5dgvELhqGKAP(bcP$m%S;&6g50T5gU#9T5rSg@?kgKr*G0+(0+1fWuI*J~wjgCk`;
z2$htf`I+j@H`l9D;+wOXN}jG$qk_9mjS6ng8iQoioe%?LQ)PN|oJy6lqc_0K43IyS
z>5(~=D)od{*0k(k8PfoytO^#W9NGWDl*)R2!(Wwl^Zj@^&po<Jl@fWLUQ?N_9QjcO
z>np9G>gPEytNaYivi}<qIE!1SK91|9#k!mK#~kUHWBfUipZ;{wW`DBVCU1@+^@ftc
zv*v9Z4Mdz&lpW}%?Rxoqhk8b{XwM$EljBowW%NmQ1NRxxGp<1A>D7*#j%S&Upa7Ll
z&oZ6L(kI;|o}Rt9-<a^DtV+kTOsBFe9WWGWP*w*bKm$E87?3FL|6+H7-P3nuKXyFP
zmi;OH8Sv^==CM=EtgZV~BA+LTNJjb&UYk7gMSIs#M9m^-jqUZbcYOMn9SFh>IeXtb
zz~XRt9(|paz62!l=sSku{20r}?P_$mMI`a^ABP+8C|z48%Jd!F-$z&frVg^RkgObH
z?%BZx9gZDz!u5TKz)B$&iZ<*yJ#MfrqU>=uW?v8Gkyn#{J(fPar@z<Mh~QQZgL-+n
zM~ueQK=&tbHkP$l;-Gxc!@uqd;$`|E-{jMp%<=8z)_q1gk--l4a&F)P_ydOyQt%-9
z5s_5%0F>BL=Apl+#$dN04?Mzv=(8aGh`r?{P=+q^+BwiNaOfeN9qwVthX(eg4)%SL
z?QKgqJuTJ02m9YVr{@3;SmLTY#D%fghnD2s+v*>341A;wr@**e)ov_<EF=EKO+(y)
z|Gk1_n*d=7r4AF_?7f<Fqx%lwQ}5O<*H*M+(3RUGadX5p5D%F9_CN8zxeFV{63~*u
zZyA0c!0$HvR^dmnD-?)QfghS@&^H_Dy99JsQ!{=PQ*jS|jmhm<aVPg}$26Q5E|gb{
zyj@#hn<0Dh!n#$9ZQg*~w+$mbYh_iN)sbqu+HsOgoMb`n+t!yWziWnDj2gq(S}{_U
zHIijG_UWYEusthjpKi5l9lL(h9o4HGyV2?T>QIvBHoLh^Ja-3j!yo3kEpF~kp1X_6
zR`A?5H@B7N?xwN{p4;x`?%}!jP}x;H_g*)*gXeyf%C6+O_qn;h#dGhcvdehxU2g7n
zo_jZy&EvV9Ztll;?gLad%yYZk+!W8n71mz`qZ+f)pRvBby%3Bv`49b3h#%?do%qrB
zFu#D`zsK)I{QfI`Ss}xS;b&#nXBl_3w&obUU&&grD);Rb+bUPRRhC74Rge6&ORW_Z
z$t<IN+k1rFup+r{M<(9BX~Sg7j7~;lh5?{)R#&|Vya0W1=}lj#h!?io?;&^LhL>WI
zi6w;2VCB}7<gTe$+FQ8NNdj5@Lc=OyPg6ODRl(D;0ILw&Pqi)Fz%j7$FUMXhxMZHs
z`geQt6bv4s)6sp$7OIrWe)su@TKb=8&;L$){-Fl{qW-MGTu4NzH9soww8#1>gm>x>
zJi<Hr&C1A{wH1r*J5hPkoH}hxec5nEM=K+_&Y90wM$GWzhLxOp!f1*Noi*$;BjGcK
zb7rVA@~_rbR61uYlo?uUtgTq;oLNZEG2|{LL{X!@5YM@IuBXI2JcMHg#K*wf?^j0Z
z)>cHEGoPdUe~lE>RWcQ(yvHje)s@bA=gi5<$nr4tlYM5W{xgPg?CR8UJb%9aF_w0+
z{!{Gl@7F)d{(cE~2=?)M(&hG<h4r7n|BI)N;(x0iTZ{OcTTij1_L)4~-s7AJ6HOn(
z!)Gf`W|w8ve;ieW{}r153^Jzf#luu(q`(1(D0^rxvg<MB8}{f_{R4(Q`KQjv-nA7=
zG>vDEd=}-7T^*vZa(m?Qp?0IGwSEsCzcST^|36*divRy;ss;alwSFi5|I$=5{y$mY
zWH=*7DkF=Xk)x=5XbTCnJ#wVJo@lB=Cb(hNR~t>w4AmG-zr@Q>rO|Y<{!XLmL}kQA
z2R02-!3tw4i{&qKM!pKVn<j_uAi6giO~=Dfj7?XEK(BM=%Y>oSD9f5EGkR^aK5ndW
z7WJaP*8zGeZdeZb)fxR`!fE5-<;utsl8ci$Wm)J)YU6ES#LMAZLEH0{kwebt1;(bS
zTPSb2J19Uu6gAQcjV7}`!ubEWdeY(cnQ%SHgFX68y@l4Em|BGYkJjG==<q^TCTuhf
z)aTH9Hpag_WCHk)!y(4q=jB*ij#v8lZv^QNLSQ~9{<h-p8T|eXzw`LLj$a<~@4)Z3
z@GHje5v2A1|K#@>wDU`%t!L17YIpDZX!~iv4&pbgmHBP$`Jc<j-vutFH_NiqU*4SU
zyikgSanj3~IyL)SOA|@E?XLUck$cXVTPMfu(eibx)|HJnMeRw8m$S>-eqh@N+R7|k
zZ)lkwg&3K*aMRN-kG}T!n~(ka!SiNy>_^G;mb=RsVAZj7$=wy3?5eSJ$%pChMgG@G
zEa4eWqOhnIwnNq?+esA3v|CtO9;FqhOMVLloy2YFTIYqla{JS*i90T?h9oCnh>vd@
zY20}Cw!7>V6;xf;Jtc3husOx0p`ytxmRXuuyK<KmDNV#MR81pkhB`tHlz?d_>q54f
z<<yyWT~>T^ubJQ2R292>H7`wLq{?b+T368#l4(}5bo0-e*1a`^@nPk~j}_TD@x%(d
zG*K1$c?mQD=D^mhP%?=Jvo#rVva*s%(@AFC{Z_oc*Id$gtSZ(K`njk8ss;Fu5q_EU
zW`F$Hy0_wEMYGu+yscTl7;1(6lVv7>H)($Ot@v=S8EG6NjBl*|w1?&~56<EE7;s)J
zGQG40;+!U&7d<$KI3F&qt7wfGs-`!m;}_SxWha&twR+Lc!-98u&4OfNiOvHsxynMC
zhv0XBmT(sqMZCC!NVXFZhPE&OZJ~~Kwm$-tgtw^Zj2G|RG~0<~z2?$nqNpmSx4xe7
z1j*hCmH{_aa7)oi(SO!YAr)E&{T*_bgU89lEjqmt-z{Ez%YlmU-O=8aGgV}GL}E^w
z->tIj^U-m8q_iL&nLQsLe`}=iPQv>eA$ReDUq^m+=g<Fs#U&arxj?_R?5v$AE;=rW
z-pz=XLit;uU<ISOIEdzAFU>1}iD<rUULM@a@ZA=K?=~;KTY(DVYo)u=NiO8^P^tB1
zv1MWq+E1NW`1DJoKYILUkNx9=k%@9LHX{>n-1Okfsn>SBS@Y`+=gmu5SF*3=VCeJ0
zR>aEQl0EL6xUlL}xgBjdS<$e*YD?aDBFgjc&u=y_Y>Ac$r3XVd>O@uPR}&%3=UJ$?
zjoG~P7bkbEg%7@z`q8eR)%+uLYZOGJlYFhi>4D9hKA!l#MV7a#fR#;4G+L45h_Q8J
zR3q$zs@BV0$&oK_$+bs*x-P*{sI1|L{nY6pMi3cyc%eRx=*n5tbKWd+7Fgd!Nyi4o
z98XbeI61P|m)4b&nKqEkidLDj<he5<L2+(u#s_jaVx62?fT;rO7})!;@@))v%b79_
zYhWm3SjUN0Hj!v{wVBGo0%Il>;uKyolOtIWNB(x+Z12i0%jGZ6C3jlg$dd0x$!zw1
zp-l88Xw>u1IcO*^8n#gLMy>3{8LJ5fbCWfcV@$#>$M~K+Gs^mS^2`~c(?T!%*8rfE
z<8$X!kL+E`+WJ#L%O&$UXTP;^i=}9|IQv|)V|8mOV*@JFGHHFZaeT8Ydssi4VJwiW
zB=N3`XmZl|rTLtKqV<M-(0KJEu^ZVY7XzPIVr+QkX+AbELx%3I*%B%Xb5y;N75fYN
z^6$@U&fQ|gML$5IX~2<e`39W8c|N;YfR<X*C(Fb$kzrB^J~){ycA2?FuVz12zo={K
z*Vfv7e-fL@H@Zx#XbOt}!L6a2Aj|TlK1|u^Z>a=Gx_V9@_cYjR+nhHQL&rAT*0JGM
zC9T7or6f})D=_L}A&g?&AZyY#F1!8q>N74liE=R@US|9*<|5)P|5^c!Z&g7$5ig#e
zRj)9`$!1S~Q3`Q-QqNmpVAv-FFFjeje|3RW`sB@!*6wuTN5j+SU7YWRw*qHejQ=%}
zTrCR=BIo>)cyY)upr)>vYa&au+$jtf>P`EA9Zw9;IOj!Q`EX#d6Csez!^fTT<s6k4
z1WTQG6Xk9V$_+0!;`bGu3_0gpg0ivHiT4kmbk08@b6sb^v3IAi&WRr*+=peh-arUA
zh--?M<?*5Xvyiv1pmm_|V^T|icbj$I(LyY4fi_GK0qCzzfwp3zZHdg)XuFDq7-n#y
zEwC_+TF|z{qr63*UXQLY7LN%dZk`@6c+Jzg6b;=Bs;kWEmE|R0f-~_ArvNQnS5n$c
z#7asvHeIb>3{pySc`r9g2)!+kdua30+)RqK`S*O*rR?n?)WtE}A8NL?<jPU!7v^|~
z&!K$&^ysN;=9R4N1^0$7(Mp-);<NbM&WShpERNOpZJ>Eec1NhiIZ<AI1hacIdZgjh
zp@x(FaWP+D25b$-|9(MN(fzs2R#ib+9!GZinUIxNzrZkj$<U>F=#^vdVyqo|cTHaI
z&vKjdT#Yz<QMRQlZwm7TYyqfe{7+@Bq70<Wrz-h+?B$p~K94DtWVu>GQ$w=MYXxtH
zF1h;b+!e))^XBkXSPx1lub8h!LRFU}b(S?m<2G-L+ku`XoE!u~)^ys=L2hQQN8fPL
zw$C~v4@4`LSf;hKeANkX9)=G%LFSK3zef)ar)T>2+N0@piP9#kP_@O1fLN5&rdp-f
zyyeGc`n&DXFQNQ>p7I#uehi8RK90)&${pgv)2>MNMhd}0)!ZON8ZBIQE}8uA+Oho8
z#i8-(FTIf{SXUNz=V1Rj8MYw$KT8h0bn7rI+4?MHk+Ht=*+kl$eZ?&QWt3N08WVpD
zESQgPI42h09=$ypy*(#d5^bN%v8*Y0hsHO5>5Y<ts@S@cIA(cC^9uWaoT+WjuL{W_
z@cR13g2fvv#}=)a-Fz0VSfb*J30=PfqI_Yd{Pp)%Ovek>CZ4h)WP&hR2QvIUHkXW(
zyq3QZy^=k4Tvp5fu5e_n&8ExzGA^ZpUGvCf(_~_AJqF}Ex^1LSyy-5;V>Ff{9pcAk
za^I$3+KzY0v>5HB5dEVhsTdte;oJ6%&9O22qUo4lwXUu$B%R6Wr*WQxGUQ~JV{D3W
zaj9i9idcipq;jG&QE)*OK0Rj2nf~-~^F`anIw1ySTTmS;{=@<6{;cLKnNL;@lnD?&
z+3nShkRhX@puBv8m18Z9?mkhzGiPgEbb4F))>TEnGE`ku8hYtp*Ou2lyR{<bv_|94
zIIXwS1S6(BJ~nR<7um%2jLFf}#*(e@sYpz0T-+cYFHN@*P3v7uVyxaEt_+%5Tuf@L
zl08J0u3}8a8t}sn>$kQh{zJpEd~2yQvJfg@9IKV%cK`nYg|DV8m<Bhr7Gy@5lwhTM
zXgv7oSf-=*nIx{>e3Oh4C@rl8AU6HqlOrLkmeXpFWP?~MXFh!C<MvFR)3uTIaUdE@
z?$fPKSDTiQhAyX^^j_z$^6Zk07&)^9h_OQ>s3d-hk08(d%v&|z8vFK!^&9O(Z)xai
ze{XZ1w!FS%#zS_0?-tkkD9a_=0`w{Mn>mMS`tU~U?xDJS0_yI0Uv;M)+lCTh>=W{Z
zIpw^mPbq)9GCnruB)XKi*@-UaNjUXaI#2#b_W!@HJb8=NMM?x~7qxbWKb|y^qfLE~
z0c|~b1$$rDvM;&5jC0?PUwY@6=6u*Bw}zO_e%_oOfHuM0KegC+b-;8+412v$`}X9!
z&)Lg)Zau~_92qA5gSCSFK2l{qCx)kP+IPE_eZ{RizVcj>YWCFoU&^d7>UCJXatX-l
zU50v*i`G)#PEnoI+Kftx152%(13A&|Q{{Ch8p6x%nNV`_;a2-r+rI7Itd3Qsh4GE|
zme_kS=LPRag7x;3&#yg|4W9#XIK!6m?O!tZ|2Pl4+;@!086bUmizT%*I1QSSrFR?p
zZNyC7Jeew*NiCaAExiK$bKccIO;=xhCKq}|*q_*^ah3M)Wh}%+#^PyM%pv8@_`!Kh
z$W4YByLmEJG!t7k8(SKgcz}=N8EEEYq|q5Q$~Q)x)<&c<`5ZGHWMqBS`eo&pi;^>D
z>(WN&$@j|dSmNw%v<i9W2_+6!62pOMjpLwQU!f=%uJkh;9&QLc@cB+mB<Y!?xy34>
za!GjHRk`_aj+sgOZ0pDaTkDqeem|5hnf?s4&gl0y*`VDS{VDrPsGxhEk@L0~bDE7h
ze7W(Q^{g`5?CBOxWV&C@%^CgA`!gnc(;j(%7dda9n@o;8Al-Bd)o@b5N}Mp+vaz}L
zY5TtQ#gq1Zx4(7{a`4`JJ{iC~Z3+8O@L16QS^+e=LORwoGu<NP>EbN4N7f@#A<E1e
zAX$Tt&sUE}M<}!t7}jCqN5vAyili%Y>EmCR{zt1lpO!XP@?SBGsT^g?0M3#Um~Q>T
zrI%K=C*BPhsH`ojHb_lr*8kgY(){4E?i<&3BCfig<nzN;A(PJ!YxA9yPiN%QLgwAc
zQS}wgF{)+L@2E$bq{tYCi)MOri0NOwW9BG-SubCY@+f}hYtpf+AvhOtX0U_wo!*La
z=s??i`X5^JX>5vcAZRuWvnT%(h6YBA<=~f8<Bq4JEg&z7Uk!ex_?6)Y9N?FjL+5GR
zR51Y8lohVoQrx>zY#rG5{U}U##_`tTZ78fgXSr&Ol)PnhCC(-j6%VY-d0=zS106XJ
zJeu>sXP17y=8+Be#;OZSLk~QX^S}ey)-os2FP%;>-`IRVmoMKcw6e>x$4gFJ*mx>h
z5p6itsMO;%a~8u$sLpqi<9|8wl0~*=@iu3AqZ|b3laq-^``EiQkl?zL;4~pwY+sYy
zyk4)VXC5Sem1XhfUo+43YgJyJl~uAD6<z5hRXO~wtP8WCbkLf<s@#5|ebmy>m8_y<
z*q&^$r8m6&OpcX*DSv3OQ57n`edHx`Dx0-0Dv?i{mn>8V3l}Si@#LusC8rvWUtIAX
z_;%)hz|WCoVOoT9r1JRl@dDnAvRsWGpRpC07{BQkFaP+pSKgfX_0y%H>VoYx*K%HR
zM?*YR)D^e??JADxl38TN;WGi#<JQk@?6t<EsH}J^o>+V5&#W^XvMSW^Y-6HI&7vKl
z=6tJ7cG4A7m9x)`uPZB!6?KN=k5Y(91d%L=FWJ!;vX{c+T@a0KIDOo3%0kiTuhu@h
zRh654avy>q@UJRl7v3%a2aKwf3~spw*9*<+(s}VO>`OWE;|;UR8f(@pb={v<{_K-~
zICZme`C~l4>(+S9n#e8oCDV=^T|4Uo9LhB={$5o~`OYU*eO5k3%=Eieq4={QrZKLW
z(<d>VBHb`%pL~UP+#AUgZ<m~CIBtfkjQFFax5djUBMaiWr5}l}EX@Z2w!Lsc*CM;@
zmeQSe*>d|(4$)!$%-*>uc`0Z6uJ~u7tF!H$i{sCi9*UnY{gnNe8%sApC}SqC6OZRN
z+J714Z&kbECqB`&kT(TXfL6OR8>Yq~_yFw#%S)dxJs;n|VM{kOhLYcJ*&Zv)<_VVv
zs*tp`WTeV;4n=-##$!A^9%{9hjID00sY=8xET%BO058vL3{`!%ET2EmK6P59yCdd+
zlmwM0g;gbJ-mHtaT9GMcMpIW}emsF$4bHb;y!7KAz4Eh(e|$PJv6b0FUoulGCQ~1n
zN!>D=T7ETkbLoVWD!7t;?_+(V1F0oj7I2bEe^E7Rzwm#Prnx^m+IFG^-{78jVB@K^
zS*`<()Z1A^&{>6_8~rpiQ3*B@&H8T`c5LO3?Eh9~hKG#{>&NZM6?Q83IeVp|I{u2N
z<HtqzDyz^*(Y$VDCsUEuiQ;>Itl+HtUq5|5|INo|V=IU5fu=7_?SK5jhsI0Sf9|o~
z<sT>wJ({=w7p)V^8%K}F3SN(Moaar%8dmR$Kh|rnMv0p8wrFx<sWY*p3ovUq%&WFB
z`P9eaHC4Od|J_x!t9t$AM8_|Zu|@X8a*5@l*|>|)R>f1cExN4TS{P5o?Z&6qZTv98
z0CFq;*yY9KQ^z3h`+xkor+@cD97p`=4_}R^8tp2x<Hu^#8O7J#Uix%={kltCvEp=n
zRTw0MKR4RjQ4*i%m~FYY##*{{Px;n8OPq=2abaqnH?4e(4*aujQzY6WXVxXGLfSCh
zjca;OyuI;6WsbW)Q=e-XuUf7O>54_t-}>B-)BDR7a`IrRQILB~%47WTwcj?w-=dgB
z4p8-UQSHKHY)R3PY&-k;^htXJp{zWs;}?yiRZk<KE4E~vU@A5xXL63mme}!)jZato
zI4(w+6>*SO`+Rr_Dr=lLcVzPWOQl`M(a5*+=Ecd5iTIwzr=3`y;(3^S?A$A61+{_u
z;Z97^WP)Lf|IOHn$=C;GVz<o3mS2tC9GN&w27uR2LnFtd1}bTf<nSgHnIR<dXZxw*
zsTDeJ(pR;-(^E_5$phP6p8Cp#kq5hDJZi+VR@nHX*@~{m#^WowWS0LVsw&3=6*ezl
z4KcO3CbCxLX@2vfZ-k4U4@>O<zT9FMMY&<P`FOGO=9u%wj;L~#zk1S@6WJSZoMvkc
zc~q$-tsbm%v%v5vm-pOolU^UjbGeXEw*RNi)NPZgTW3-$XH&&jQ!B2RPHI^)RoI#;
z=t@PdEwHSYAA9+6sfX;;(k=ONUbj<4FF$R^qAy0WomgSD*%~WYy!tuE4F8u9O&R62
zQ8s6sYB0_4e-7CrY1!VQu7{E%X-P`@_w4m|m0I@tyGx6q7J7?f_QWcv6A0MS)`@5`
z2AM6iW6OByOJ+UzXU7UlUvU6jvL0$>qBT~SoY?40lq;~)2<Od(1kOBlBtB8~3WoJ7
zVIY7+=2pE@ooHVPYL^1FJrR|7r)L_0a#{Q_Iapd_(V{wRkJ&xO>1NZ8#fE2JF6fFy
z`$CWAL-^6$WULS+BtPI*J^k$kcEVoJb;OPptce`7N5sm{PAx(B)PAe|Z{1#;d8(y8
z-{>f|vhT~XV@t-v#wGLgq#1wAsyvX}8e2lTO7_2<DuhWMTf%9bi4{(vDKk%<z-Uen
zmY0Y&xa-STFBz(3Wx3%mgj!>f-aU6*JQ!1>N;aHU3@1VzZ+VnmH2ytaRsFG$fwsOA
z9{w{s{~W2E@pZTJtoUR0p>k}t?L0SBWEA~&j{O&cy!d0KJEjWIN0Hvh1}gVGD))W8
z+y*N5y`hE1@VoY32<lPn_rfsK6ye8?Pu+*AoLFRWt+mWD513nfPBe!hBhJ*d^3^aR
z&H9Ip_~Y#ZdG^R3aH1HaTavLNC$^NQTr%6QE`pGZ#vkjjlQC%Wxa{Ec8F+vmx2(xj
z0k-PWe`EiRIT>j&rVGZ$H$c-(-g+B<R*Wxw`o%L8nZhy8Jh?CZH`I`q;!oR$Dlq!s
zl>BWZ>{u0ly7bB6r|jEl4{Gg+;w?0yqa{o1LuajG)P`nS764H%Myo}WZh@+#9@rU8
zkb!hhnb3&oN5lC9i_%~~`*VoA>EL8gle?07liQzJ6x7`Is|$wn(MCJ6iyNPIDl&y7
z{H@TvWVGT{5m5@YAF1>-wwIVS{3+-5v#c>uYK$WrU!P+PuTSP}N|@1AQG3TG<OnVt
z5?si#P#5~)aWM{yRb6Oj(Pxd8)j|&1b3a5aoGPQ9EvtW(1gU*8p)7iEt?1-N(7>A?
ze+(m;#tMcUPq8qZ#N(^2t}a!H&>KZRDOaQB*kt$xBmI|>%$qR35u@wT3&q1o#>AA@
zFtAirC>cP#2^|pcp}_dalC>2%Ypzzp9CyC`t4;PlIQOUm>Gxz2;@MCE#H8rfY%r@>
zFbk_v7x-^<U^q*L4{DJ0`nq83Ht@+_^MZZog{p@TX}$JTxu-1R4iL%vJv7%YdBHxo
zx@wRCEe1Y&L{tq7@rQVve0_|?$s<5~lVRoDI~or+7Tp_qG^cAKfic5b3k`K9cZ_)T
zJF{z<C?U?BWCy$aRZp)iF~j9<Q>;Ra5X7bz-MTpb)>pgCsSiTd5EbBokNe?EVS8@L
z24n5jFYrqF|8{Ee7zy9+{KR(t#&imI@$Hz?B}V0$lwzM%G4o_ELL!Rp%&B_ot3PRT
zAlz(QiotF7!R2X{XTeKsScQo4u?i{9sW6P)cf4cMrLZ33m5pz!f@FgQ^;V?+-p+q%
z`lKU<e|?sbe$vicHQnlP$yf3Q9;bU{AXB<|YBh~-nDS<``F8E8@sd+(KVweC3@~-U
zY}g8uYB#K+<n0yPpB}jV?BR7ehd1XO?#Ma(#hk-mS^Bk_&kIk*;YV`drntR7ej8^H
zwm}PwW6vOP2|5&O0kVCt?ts&sRv(KHk`}&+9*58_Jcp5eY!WRa7&zT0(Xz5!lKO}l
zyKORd>r8CrY^?ZdY{kiuPk$ZfqI~}2tEs|kX7yuOsyt3h6<00NgbdfbS$`{V!R9Y5
zuqT$3h8});|7geK<2%OVkNv=rORY=ht9Ew0=39}qR(Kb43Be+hrjqI`^?(UOJ*$T>
z_AJy3bksz=X5I9EOPq*LXz?7(?_QRx`>C(S3Yn`~_{22-?Q}m)iXq0oR^_kDgiDW+
z^LsZK&tX}FfY@vOj+rW)Ohsl=1+%Fozy8G~#EV?ZZcQyjiInSgS4s_WATtZGOp0vV
z|Gb3=l}EE%CziOT))jMj09-^h<4_*MVQCkX<%MrC;x!%5>&61sogL3(A0$sgS$WfM
z-Jgp+j4YXQ#kDLXR@Zo#eiz)LwJX{2WqCv3Ls^~~E1Zl)W?}`iu_gcbi^xO^^W$am
z<o)rkJ&<=i9>LYzH;Qu}I9EWh_rf;_80~YVlRy6Czb*e#!8m&6nXqk_cMLNghj<@2
zPyBS#2FcA!W_nWYEWvYy0f=4CoGm#rE&Ysq!ZyW1ghg#=4prIG3OR4eTp4eGioaf<
zd0lA@qWRNl-zy+~_=0m{T*MFGY?rNkG#gv@`OSH5MKrcEynCA8mGHX!aJ_XW8q8I8
zVr6AyRh8LjV@MZ3HZe2g9xyH8gYAvv!u(;25B$$7^7>5G{wSw@j(VbHS=9y3#FA=(
z9qS^5RB)E}MixRI<+@UacxW-4<>kLRm%R8B$6VE0QBifKy)dL|q47*UVtkP0SIHMH
zZ{7N<#D8tLV<|SJn41Q&-WG;+5}5)Bo~4KoIBoqQo}s1XNb!d%p9@*pTelve$cCRb
zt*YFZZ_i{ot#DsrG@zXFb&GLvKX%y0{u-)2+#HV9o@n{dsjU^!eWzmk5+$3nUOXE*
zpVe$RlcmzeV=FjgvoBDGODpdAhHqWqrG5M8q;LPdD4o6FK)z#DTM>AnkIj(1*;GA!
zg;H!vndK=rA6P_5NjQj*U&)Fbdxj#Vj`O71{+M^==vf2vdJ#jcm|Jui6&E;(v)Ft>
zJ@%9DQAPb{FXmF(s6lB@eTt{ud|)vpo`E$S1xO_?_wDykz5Rqpd^7E-UbWe?FOarg
zJLVZ8M!GfrOgiFp(do`i9|M=6H4((htF<rFGi={W-z%T~2G|4BOt5D$-t3Vme<i;_
z#+ggf6`U(BOYX~#PhTFeM|bmjOQ)w@rv;P%lf~rdZn*|-&aIl3+64aarO}P2%A-g4
zIMOQ&<^@U@%jj8Ax-82>s3-?rHlPiP#Mzs#x(8GBU1<jI+q+6%w7mtW1|ggbUbUVu
z@eHQ7CR1U=f^bG?v+Qs`PqKHxA+8#aa8t}uv<JbXE|u(QB_(j$p)<PrW;&xIXn!*(
zjrvW)TJ%m8R%>V@B(?J7I;&7tWA}Hhi7e9$6izqdDPMy+LM}zV{9o2mGF`~8%z|`)
z2iSmW&E!h^$v*;A0D|z#q;C?jqM2;1GRRG0|HUrnqG@M+eT8k;eqC`E7M!78;J*&S
z`CY<^vgX&VvumF<hyDY3x#SL=R?Tp0*NCBvF4d+ds4!NfNw-$C<;AXS>l;|QSdSvu
zSwr$_Ybc0@Q-*bN?Kf~#=<JKL5eYusYCTE{*05GG`o8i*`@2*ZPF(ACJ+ZILtUu1E
zK<{cf0Il^TB+goU*JdRoe(-pXHXU-Ah6<gL93Pq&XFsSTNd`2j{$oBIVIPi6QUb6{
z;R_F{|ETSQI+p9wu*FjtQDJkHZVjrt%vbj*z4X+=>vwDYN-kJmu}-Xg_5zWQxJ<W$
z8ZQn%QFWPuzp{;2aoIwDmuf1;N*)9q`X<*-Jn<*93uIG0VX|-{XeBV&V@f3*=vBJE
zh6JsLxPBeK@8b98_*qyNx8QdgzrV(>8oro4_zAr?7MVmCNpWLS7VW6t*N771hJgg<
zsXr^<xCALm)k?jExgjQ93?6-ErWVYl(9UtZnF@`T39z_btv08gdO3!fq{yx#O@xS1
z(nMtlm~vxDNEa0a^llg%2}~I&s=@B))@&eJn^nv;P|$b}|Hf$F2&ZK^LR!qrj$8W4
z7lL)x)D>)`@`k3*C~#V3CN?k}tt!!;6URmL;k<h94@vL+p~7?ndT;7Q!by7X4~w%%
z@BP^vdT$Pu^?&lhr%7ot*@p6Q36SzSr;Z8#5z|;uP;Mcn{z^PW1A1=gYm9DdZ${Bo
zdbbY;jp?D^<z-L&Q_A8p1scOp13r>hf1=CQsSeVI;eJ;5Y)0YhxA%Tt@3a1*UGcEx
zQ9=Vja|>=$VC8M|wDnhOpZyDJ!V4Z$Ncbx~L2pXnoENTUZTZPug#z23U}b)(mtp-)
zjUYpS4-v@A9P(C7<wYY%-iotyRP*Z6aPIYWDO}8I^dO)TB$44O4YtQX-7fgr>Gush
z&xrS2=uS%8j=!J9ZxX+2_%%Y8-izPw;Wvq2E?|Ui_1IA004bakh*$x}aRXZ#(5%O<
z@pP!O-pQNXEKitgkiE*|lds^+PE6|J^szTDzINGrBt!0S37TNHDsViE(;i*X%mS6>
z-3JU)ND&8n$y~e{(A6d@LgyA~J<L+@H^ds$Tf9j<7tzkO8!M2G;EhA!JeGp8pUMwo
zZ5+XThX271Oa!tcXq}RNro9Bgg}-vT_Ngea^rTF)-L)m?^u)g4PJ^0D2#P3m>xx_P
z*%!M^TuLH)!kpTTXs+TUr>k^Vb7+ehui<Z2g-A`sL+RO=Y$6u$jhrVuTX&<GLp4S`
zH9lDY=pRg4B{D|pn)x$p@msHc)3R<2!`ysseZ)nVRsG-;UD{++rQRqR;l}7o_R9t1
z7k)K9{@=$pe`maQ<ieKkT&VccI9#<GM`{e?u97d<r4KqUwA@wFxT~tho-E>|v?p^E
zUY_zGdS&x>-l!<}LED7`-+8;Y;Pv|PZ3SEFM(%28T=n|YI5u<seB=i&R&Cz2vGN($
zNjbF09UfTuE2N9xo4(V!6`i#Bt#93C)}O~ULw3p)o%n-8G|eI(HbF)#haQ)-t2zZo
z!S)BKd#ZNXC1)$)0B<*bI7^+g;A&pHBz^Mg=+}R9wI0LEFs_bVj_>--)#gwl>+Rd4
zylJv~C?MU_2jNDS;C8#<LfLoTwhLaj$DM)+e0p@+DpAKXub3}ci>F^5v#jEJFy44B
zK^-U1XI0m*ei8huc%!xe-SBor!Rr;{B?aqfi)CHO7o6&vME2VsiQ1FG{n&mytZ;Bl
zDb)wHZyYJOaQ}DS-c#`UXU7{0zL<Si!(H`_tA4j~(}$drEb0O}naWFbJlL3WV%c^q
zhrh#waGOPrV>qf6@Zz`9n-@<L-;2L>E9;jmNAsh`YiNjh_P%|+qx6-w;!9tqtp=%&
zhQObUH85WzUdn<oRyo@WHJvnnJp6s<1#G39lkt(>zR4BMYs{@$NewR1&u{fcijs-5
zGz4IW_Me4HQ2s1^neXaWk54Xr8O|`Z_3zTF-vOoh3CUj);3w3M^FQ#dTe}<n%{u*r
z#x-;JnJvmYye5*by1>dO_UFIzDV4GX`>tY_HM;dz$@@mIM?IR9Y=Mqu0Z<rTt|9LY
zV?;ZZUy$x-p}_*hMMLEqY^Z$0=twk&oRO$K`t_*1P-KpA5f9aW#TA%#bCotOK=LO0
zXXc7Kt4-ivaJAx%JE1d1xWtp<fxNH6`EB&fCc7hnn`uV>wET`w+mm7+u^zH%%vXj=
z<Zjxm3M3OxY`rV{jrHGo!!G!_{l-;&kZ$_OFHp^U$<7T`i9|M9wywhdOEI_*Z9s9g
z|H<B2&V_C9Dx6#_{>j>kxTwC32B{!<wLN*5k?fo~w`udA+95VYB@_GRt$6!KI9%!N
zjiJlm)rLG!tt+XDtf;7t#LZqP7FiL?pxYzbv$1|tjtz4tZrH^mMUyuvkvLvFvP*EP
z;O8Z8bjfxPj5icKntfOOU3JHIJD*&G_|cErS4We-c_&#svL#>Xcl34fh};~K{ftFP
z(F<<RhH;r32pVrK_-I>W&Wi57oUO?bOdB(8*|TjqRm(vBvfedukeh>jJnA>}!tBT!
zJ6L=E>PzEg=xf#@EUcVXU>76yq7x4dVW*FdKEg+5LTXQAkl}ynY@Yi*4}}DgFVHFO
z7}E!kSx@)i*@@Ney&-b1>l*w>Yvdh4SMaiW_+)dwiV3n4Yu3Gmsb~i*2sWOce1%qL
z8Qy$mlPOy4r&|5KPOlHOA2A3`e=yU(RyV%XnDoG&OAo-^vaID3(SiQ6GyNlop%y!n
z`?a0PJ{Ciboyh|^S^%{teA?A*9{g!Z3k#5!8tsN?8U1I|qR$CqRf+Vo_Q==Pm1tAF
zwAX~qtHY<`iS!wJa=A~JYkmYdhp2v;K0pqEC*Z$JjywjPIr4<mnUfbol(ov|@|c5X
zW0&KJv8&Txw6Jve8r1Dg!1w7bxve8#`>0R_Or22nEyDg3ri(t=C>~RMH;Zt)mfiB_
zQAKTU@ltDn)qcOlwiLy=b+~G*1&<Uw67pwc3>CkQuMT<Uq-po;0S<o^V0?s_66610
zGN&gMA;`bUkWrW~KhHL|LUI7H$>VwX1{2#CHBR%tHrL!}JITk2ldx#(bzADepE>u2
z`w9>^7AC6Q<C}geuY-egyy%~WgIW{5J|)6lvP9UO(jyuV=V~L{c69Iac%N;=_F^f5
z|18l;>1*<1QT80ae^Utw*T33cXrZ;bakG=izK-1__JVL87OPF|Orc+&p9DU3WK;QO
zbURG0MAh0j^L(vuez;M5^YUHx>2)|iSD%Xg_UReLMRL5ZFl_VOm}y_kv(4%D;~_T_
zF@T8>8>OVI&e_)Up7rj?g=pf_ZvOMO^}V85z4-S%`QKxUVy^MH)>M6~>)ElmaIa3$
z9O^mOuKQ|vy&3y_ig=N4B1Bcmv|iroa`&!;OnB$1Zzruy&Qt7YR?{Z$ycr08p6s|t
zV}iM!TO0Kfs-6D(c&yj@1L1UjY>xMnJ?`#)dFTFPGqN4S$z<epC-R>+ZDgk9#3mc7
zMK~UgUCn)aZ1NB6v6qjJ{^{?2{_|O%vz^gTZmO!zsj}_Sk0NAt!Dh2GJ7JcFt3svh
zXe%p2<suW}+=50C+W@8=uinY+kc(8&4+m@D6F#ScAMny)FR6(-6CE=4VYmyW&^Orr
zb^m9Z$1*0ujagX}arY{DR5=eOPt!S5ej~!E1>`NELumAaoTz=^%sF^WiNw%i<3daJ
zcj`i|oR&RHw(g1I;OLem<vTZ&ZyYcGNX~c#$!~P^5?s%QZEH{GfbV81i#hHUO7)O#
zvJ(Z&h(u6<^uEp2@52cge1H$Jv1Rucgz+S0U7AF5*aGQya4Cjeo=g;MwXylG)hP=q
zofKt}1ByiL&Jzp?cXxYkcy-5#2Oj74N6YDitl+&WPva*;jTXhvHOOdxoFF<E&$auT
zX8K!n3KX9-DNApT7YE3_=Z*}(q;CLb7%-Ys)I+c04&n?h2GFGP@j#oU>IPFrGm{7X
ziVX#>`TkgaDueK}`SECbP?TSBo&1u_d=FpZ7t>~-o(=M|Zho_PrfCb;FFz^}6Pw}@
z&1+u2?B+M830{bVAKs%wGlXGbydPIPom2fGMRpEZe{J*2Wt@=`(927u+THR#nNJtb
z^xv&@t7=yO++7+R-9>R1lnRMBJ>M;!gJL5oNbBB-zE>XkF=@kv>ih$2+N-MD;j^N%
zEil~ESdE7Gq<Xycek<FVh)T~CZcsRbSU_QVpEob}S2cIsPcAaV%x{SQxHM)RFGWbu
z!>{b0NXBllW9r;g(H9M6_xx=!e8pgKnH3ZTNmGf6FVe=Fq#-?^XeNG$iCXd<4)!i%
z++_DBkjTh+9Lwxdy1bpi>3(_UcvCSUuiB>l)Yi4dF;$0l1L64i1Dr3~4N(%m=r@Y9
zD(c3`H(#JtwPQc=J9}|7(cE`3SK$U178;4H7oX+vSD5o0Hv$Wbz65ben^@63|04B#
z^!oLHMw+t7*}?vbdIS1n+TmuCZ~muwF2m;3R~(*lnd92yZ*<ow(@D1DBDf+)o#M;?
zg7mpUEO>k!zHudxVc&c7n#(UuWk}ii|1gg<pYauQ0=J-qjsMwqG?1Lmri|#U>t}cc
zcS9^t8>jk>57S9I*MQrL-TN?oEoe?sgIhf)CB*tyC98+`mk-^AsX-NnpT@S9dt@lX
z2274dEfsL>f@bPMdo&tiivPSRuM^hH1Xq5BT@}ph=cR_AFLZ5{(cZY(-YTXRG$1b3
z^Z$nX7vPIeF6<{ihGW2|)>hPE=94jZg7;H-;$esa1bE-Up(Q$Tft!{s)3kj_t%Dl?
zxemW>@oU9jeD*=T{}!I_#4n?Ng~YRTk6oCaK6ce^%7sBehtitd?P*u`AUK@R^f3)q
zNp*(b>RR@_I6rErV$;*=5!3H4jf-D&aLf0|duvb8!jGed&;1JMHfDLwH*spu?r*dE
zJM4ZlIa*BjMomXK=$c!X7F}5=?{*f3QM<N4q;}x4&|@bkuGvQLZfT+z%_}XAhyKB~
z5F{H(#*D2cC(zold?X;HD7yDlM?o>$>y-6e!H69C9>!N5Y*yS}(NWNnJoPs2uP~Qy
z$x+k*>iE<j1BmQ~Jlo1$V=pUuUXrH_u=e8%+_u`8^c^p?Kw|)fIEAKD_!(@NxCFLG
z)^OTdV<Ac0l9oH7I*7fBh;o(|l`Zn~%yjo|aAwcXGc5k+plR&)b(#{{Tk`J`J|S?!
z_1WTp%ER!WdU?0f!@HsxS4_(C>Je82S_hUEeKG8(waeZ7w+1v?BfkF4BT*R%sUF5j
zOz<xUJ=}9DIkJQ{vnBs90k!{LglarqRP=3LBkm%1`%JI%cxIiV&st-~Kdi==U8vd?
zCRN@#m;3AdCc?^d5hGi;w5U0wownA_lNojDeX<z0n-<bt7pEY|!=G}Ssdosq@vUsC
z4|hgJioTJZ9La`ylIw|gW?ZSfirPpGkQ~CkM6@wXW$eRG!6JYw9Or;=U<`eVyFv4?
z;lblsu-x)H+XHmW<~Tc28DOt^Y^ZeqYfwV&oTl5Fnw>&rJo^Zcv25>M^=892wasfY
zyb-De9qo*~S9#LCDFO>H#Kq#fX3x^ci!`mRm;$B_+uY@@#0H<h!PUIXmG7o4b>%p)
z45@v8nFR*zswi=TZp?DAfVQxa*1E@>!d|)}41D)(ryFmgibL9u-sSHsp5;%b>3@HS
z{LFqE!!2Uy=yC7})7l3#2I1p6*ab?Mh%`$OVTfc9u`$KR)x-dtoACpS={`Th5$}|y
zr&r>g)oqDDAAPQB&bdFFkv^|1_;*?SY(icB@;TSss21x6$}?ZDJ=)EAbKcZ~$|S=y
zBTn&k_@wGS3FaQWbGe4IEOs=C@1N<uG~&a71-wGVAJ4u(b%^dmycDMS4O`F;@OyV#
zZ>GVqB^y^$;}&Y%M$PY`E;R8Cs|FnRy~k+yrim+E6lKr=`D?#n*6+q%b=$WhkqgaH
z?Q0a#OXK*KhGkuDwG$n^k!WMFGundChnSeg<Hc3^a31I5Z)jbGlOiM?#rK@tmK@!D
zSCf0xqv#AxycfGLRrhx^0@xmHk^2geDO_7F@pOdN?YTE(L%a63#fwV|5T7EZ{L<Lp
zq5)B(svz2S9B19sIg+B8n;MHdVq5ndzqg>}()dS-;CA}h%<s&ay-TBHS#-oh9R(kC
zv|8i&RRx>u(tJcBF`_zRi&sZi9WTY#Y}Vc3g^Mw`kP*)Z4ix#;$`9hp1n!B;NO%D`
zZik>V@n;Gllk6`B2-j_yDl<SPajuN|O$#P4r&hV$gvN9s9HXthbzv#&lkh6iZ`Qe!
z@#5YHM4&nkml`;Uw$m?!*F=s=Y3nFv-LNHB?Ozog&jC|`V5$&27e#SxJbL$B*VWOM
z-@F6glh6U@P23RNY`V^<m#JJ1wG9&k3^+6tEu>~*xWj1mjXW_9+_m=bGq!0BKchrX
zcU4Gr613ja{T%-b;}}jlX6|t9bF~Yc7k+KwK;fb|9VH}wddL27l8^gg=ecB#J^AZ@
za26Ny5EZ(OnK-R{Zs0N2q5|A}F1Zlk&pEmE=oEVj$(UoPlT-oLC+PuRfcKihm2Pdc
z5vo=VufCB!bL>~;8_OwS2_?)|Zg?{NLZeN$dJ-&c%HVC3qTcu$YagRq^Eqnk+u>p<
zaeCYW^DQ&iA8(_7@s(&Ok_%lM3v_e&efVJBVu=ZBEn`h`$(pX^z0QYZ;t<RkA=}`M
zd~`;m@)0X-TJYeGTFGbW{ABH?b<_>&bOk^5%;lfN)S_pSGk(mZFpX>{iL*&KTD0J0
zyjR<7JgIqATLjAaQtoSM)6Z)OomSm`VsjR*8@j4$N4#)kP1nNW5_}C3&KJ5qlnlSH
zb`Zy%*0t*0wglp`2v-xgAw8&E`E%_+n&NQCHhh1Wt_`n0)v_(R@5>7s9elwxDF=Zs
z?wNMzuZ16}Nze3ViNLunCIlP-+Y|UNiLXr6Ac!FUKpsAykhR59SB*@&e#{$)5B0{T
zkjV%8(fUbcq+)HwO^a=-WbLzy>TxCx-)h`|t9%q!ixCXCeADK?6AL1UFrD{Q*?158
z-gUE1+mZ^f$Fzks;$fCciX40%l2f!8s+*Cten`9CqB#5SHru1i<@|~+)&ig*FCa*#
z?>h8cFXrOo>>EdFhPmk2mqK*DWx1TU*`;0lV@G22aTx4yxiA!S>4iB%cxrVR9$Oj?
zQQvsJ(4cHt-`@JXK3amsQQ)GkkYa`l?~ebBG4)R<r`c`fbBEoA>sIWu_pDt?>k!62
z6$n0Nb2i`tAY&X?x}5a9wja;7c4A;zhZuz)aqnurVjlY`)}(56ft@28w_4`8(|7x9
z&djCIeFJv$azuzP#c_r<e4zn1;1m!;%NnL9x8yvqMmSyU0}V(TOK!<m7#An8=Yn9r
zt$R<5-*IAJR-RMVP;KGXKafMqJ=|@O5sBsV6;+2W;ag}|H0#@E^qgGQaO(#!lJjxQ
zS=o0(6rCyW=x7UAe`@^2If?%{b%=P6H$zdjqpqKc=kw2+WYL<gRlSa*n>85z3k`1q
zW+86^Sm(2PG<lZ$JKB7ymu6DH)T`Rwk$Ob4y9Shm-%#0ByW!$zTW3ODIm=r|?z!i*
zSf&lzu=!xCbHSuu_Zk;so^b0`wfarllb*P^DSbTq_mXA%|7CEY@2+HR{p+a0CcEwf
zYr4vMovm9edB5AaFTyQ?&kI4-yNP38EKX7)9qD&dhrb9f4N}puU<qb%X2ytl*}Fxa
z**A(3y=Q1`sQ0HP-<R0kGWQnr#m+BKWwm(%1l++DsT#LqXObgyPRC71a-AYwsa-dr
zSsSd{YKn+Pvo}~3)gdSuG;4#kw;F3TvBymJ>n=F<Q+bg=`(!o-DlNnWrpr!a44*X;
zZx_#iNAfutpBT2QHdHhISU@gsmXr`Q3anvu@v3{lAs4eu)xvqHco1UhQX0BU7JYd|
z$K7d9!jZM=g_SvcQ<m&=`YGAQtqNBcI(Bdz6Hf7Cv03{SyY@5=^5aaaUHetL_7CjZ
zW6tOpR?W4BT^q7%0fMi+j-7NyE^o3q-Bp|Ik<YCw;V+lWcOpm_ZITI>lQU<FU%x0>
z)i{j3Cc#*1CGnDOKg9oKxm<Gij=A!CTrw3Wimv3@Wl!AGrTN5)>l5(Rlu?V;o@k&e
zWhHL=z#Qipht`P#bWz5Evkh1Ab!xW`d`H5@=W(b*i#cAzi9!A<Pj1Hw*ZrKpdGpmX
z`k_y|tc$n**gNn-(v)<zVPKKf3Nox>GL8X&&8@#JHYZ2S-r{AF%r%iks(r`a(SiwB
z3;`@Gwl3v2O!z)nQ;mzN{r9-wevg@`9?#R8SoHsJ_b%XZRrkH<o;?rQ)*d}Z_Sm42
zJ+ov>d&J0=w+tFN5=diPl8ppNfRGbA^^B?Fv@#7Qy@ej})sIH!oR3KpWa8wulT;Sq
zbG}vyiOK0Xy;T}nqzX=?geW}*bERCO^f-`fa~zSTKoP#bwbx#2uRSxuK%d|B_l>n5
zYp=(D{nvl}-^=iC?=+KybZuvf9?lgwamSX--rsW@*93m$_}XZJnES<gm5eBe4WY9$
zVWs<B+rIt=s)iubR*3s-=chq*I9YaX3hz}vB5q!+cWG)?{TtfXN4os4+!{volknl3
zoKt5ze`*pqi~Kv=(NaRj>vD5Cfr<X`J|B|qZV8?rRO2OPTLh2z_7?#ZB9bXv6G7Ln
zR1c$}Gq&P=d|KBEQgM)A$?=Bw`D3Cv3AH9{KNY0c?JBYtq&?W`>wJiXD`1$VI^pz2
z@*_xJCUYJ_ZcCpfPljq@&Uxl?vU#?by%M=xYwH@b;4tHs{D85YuSVP^Y1wG;fLH9A
z-mD$__VhG|H^fSErTEPHNa5=s|9;-gFD`@n-2uV6O~rpcSKd=ya^_;j-SR7YLk6qB
z635g0<LW~qXWA7t7$`udEpg%t%ewW-W~;B4ZP^sPOVEV^@J?W#7J9n$0`I8Ud#q&r
z=^yZI-=w2j`djBQC^0`+@_FYc?q*F`%h+0D(wt>tB(^q#bHmFsm3n>LZ48t<bmx+g
z4SJXReR^;*wqfFV4<)6Vgnf(#W%)%hzRTgKm&12$(EW+nnsyROf5nKc=7Yu=)0BUq
z<2BC>WJ0N6K;DaXSSm~F6vW|hd&NfG-w|pjn~aga*xn?j2TDiEOwj~{cLM|teqLsF
zL|YC!Q6_|xWSKywOUIFqxYV5{2+loQ0LcT#<?K<?T)}yFx`YDSR#xPn6O^l4t{js;
zbHILw9%>)fE+TIej%ueCuVO`;WVj=Ryg>Pae3VcODTaB%I*x6RhZ+O%SR>ANw?7tb
zJN6)^8yXwc$xES(5f3zm;-oPKb1Q2GixDG(y;)077NQUKnG4xGgC*x=?Sb_Bmud^A
zsj=Y&<K)DatrKJdNBvcwcvY-e9QDvL8E(jU^or&C_|IOigRU>RBV0Zi?|Q!0=TlzA
zakmr2ifwn%{TRQ025gY>Yw}8e0KKK}1>>2s)cLxk>kABUkLP(Zgiym*v9?_dxD>F}
zA(7^Wx1jrfO<w8`6zUbCScTM%jP`aLVW+?L3%7Ye$^tysU!>VHr6|wG%Ime&FIFNy
z9r&5R#HJJN$A58OXq6tq5`NDZV;SGsnvfJwlB`Zo`kMEE=aBPP_E%J~Y?X)2e3hD5
z++(vMT_uGKFpXwJ)WpN-SsWu(q_>L9@-MXpKfB^pfAEi12>MR5mH9MpM{To3lNo&%
zY9)!j&pYY6kTF2tIaAE}VN2hXzRW2<#bfl(FZwn_xo3*5lzFx++v4mOONR<8OCU2z
zw3fB0wF1BNkkCKV`N!LWR6xA7@lD=)g$_aD$j845JO#T;5tZSI{jH2iKk3H_92O=m
zheg&N0#!M&&y>mxCq@o%R*X#VBm+1LjdZq{+_6mU9JKfU4>XLf*YV-!2{f?(9ME;}
zPD`dwf|&2%Gq<NV4=%#8X3=%v^Xwk5L!AogbdgS6xJjpnbb3jrk8~E0&K0C{CFxv6
zItyoK{)&toeDSR6(_E-9JU^oQN1*cBQv1bJf}zB`I@crG;<!xtHJ6fp00qM}o+#q;
zKNFqNQqg(C--5J|5Y4(;knzbDdV%P_rqzCTLG{((Vr`JD%G|1}=_7*+(IPNy*q2dP
zE$Uj>vKFN`Si1+(s`t>YvCc^C|4Px<vo`fxqZPbe2oi%ou0v!>SBritIb5dS%048A
zOJ6M-`y)9=LRH{KyIyPciu$$Q*Z*Payrcg(qJ2wkLF!{<OJ%Uf%f=o-e^~>|_Var%
zc0A5HiZ7!TWJ`5)DNlFXz6KbG4gmsxM%$}S^^q+bgT!jD^7`$4P3i36&26O3>3N$Q
z8kQULeU3Kv^Hfjz*6^0=xA6sx=?lD(Fl{87w~@9-vc~kg<~0AF*^YkwcK(BDC^8X?
zY>CizYVx=98(HnZH&Fs5d=Bsr18h%qV}P5ahUXHZoS1vHZ9m#QW{q#;OEuTts=$HY
z`6kWR>S(B~*>OA6Xf{iN#Fx31Y>E8^@lkBYPKmyRtE6r$gX14TKfcJ}Oz8M;%G(XB
z7DvN~sdS8gt$gQ`{D+{uDRI2>%Xi=j1#~o;$y>S`lAT8VV_&xI7gd3qMLE7JO0e}o
zK69Dk5mQ*wWGdhsun*>ub$*R^Ux04&dcQm0N15z8{^N)ECcBP*&in6!2=0WcsTKVK
zr=>iCztqR-{kBn$@?a^HdepJs8rwnC`P;buD?EF@^(<HJ&ryfDPe(X4rVJd{_kq8d
zJ}ch9u#0dtbY=p!aLHZPQQqMjoWZfNPvZM(w@0g_OpzN2K*F2of!_2^l8o3H*D(*b
z*$N$Lwwa!q=D*%=RKc`Pv~N_AO;yIKelt%7WqK$w({7r7F*NfpdQATc#tGN7diu=#
zn=9XCH0Y&>cJe4GHMA!Xwwcx2ys|aqxSj8(++`9|f(zE(C)SAs3~JNP?Gs;M7|nz<
z7>omDh0lg#F5s|*t&@LX>vR}Q$8q%U0DCz-YT7NnU6oS%k0Sxpx5nUbaTqzfsW{Gx
zu>S#D_!R=MSliTT&xgkj*joLLaBPBa+i_cWl2^|l%Mj2>AzgYsbW&%&vy4v4A)h&O
zj-#`7?0&#6I)TpC3IcTnhg;DuqvwDlq?;-sJ0nzXL3-m0V{q?}<swgAX7xowy`!%5
zpb#^p>e{Fa=i*bBsm~@Wj3WZwTxX&mhTEQ6PACQiqMCj<8asbD*GV%MFVf>A_Amf;
z`lY-8Lz{WN=_IjW9$b}RJEJa9!`5B@D=da!{BS9hY5-eFDEz|pBf1-G<zj3HiM7>S
zn~b$%$1?AB)4M&0O*HS4^e)x5j@@<AyDpgU&3AXwySv~9Vczx7J9_qnd3P_p>up=b
z?)vE6UU1&#yZh<g18tJK>)@g<pah$#*BkVGFHlE&==(M{7nR2tuxHdWfi;B=`*W;j
z9@E<e)0-G$VGLl&vuE7`IPS!c#!DQ)?*aS<@%tuzNTaEI$-1WZALMri<*oV2@{1V1
zVoV<m^)whw60j$0YbVZohE^%`V%h`$YI^Yl54Lf7@m&wrCcXHM2b+d<{--oLw*I)D
z2P0MP#1APom2KAFo2<X|*@yXoSNfpi`5qt73?I)A`FNh^<N2F^2jh|H6!fUI6W{mH
zC3Iaqs{CE&WNef95puB!oRg_yzO_0T>b%Z3(z?BZbt`4O4F1GRHbVxuG2NvzC5CEj
zj`9_;usJ+Mhj0ZtM7nIQ((_fZY-+W@E0rg(cTC*2b)uf;FvtvN9->MYuCYJwzf#<W
zYRr#i3@gf~@48<9e$Uyz8oPgyf0h1OdKobzY0T5E>%d&-UQDka*?l9J_L10*py460
zoo50GkeGo-s+w1XhN~-zr@*94#@c?KsfSS#K1$S8_z@8BLQ?&;_2oYReY5wb!FPOa
z*ge4_pe#V0Ws5ZTUg5Xo^mB0F9EoKmJ+RlP7;#ADFi#&xsJCT^kTFxNYpL$cn68}(
zXh>ppL@2LpZIfWQczapA9BVOcoX<MeUeH6TZ@B^+o#-V3uW&}@w(u*)2^{$gzN~$C
zd;3_SP#jK9x=zihdaaZqO=GP@Ycr!1f7#u6*bV?&urk^D&8!$*X{^W#LH7oUPs_7b
z^VkKXyq-+Q!!%*=r?-X>P}}|#uHXhe8~fYZ6Ajz8w<=0Y{YczB;-)brjip0=>u;g;
zcct~W!20X8{_^q|C3|94I#E@&A-$ujeib$cT3-ZQ9Q(`fUF_a0J)XY1>R@3T5RsN?
zMHr6}c)99lf&Mqvnh&gxY0gY`&pvK7^TYggRUnogt|G-%iPf|Uip<fi;LK^!t@xDP
zvro4IgUx$RRA4U^&iRF#YicJ)l*xqcW)gmV;x$*zl@1pw<7`vhRajZG8Kvw8;rfY2
zSIz6X<?z;loVE5#tF*wFxGVeyA`-gjLFD3L;TA`g;cI3IIHFkSlmETctNaDxk@u?L
z>Yd^D(TCRes=^$_dl!gr74NUT{rV(~tERF#Cm(GK=I;0L`xJg1_}yh)_gQ}r;O`;)
z%r&r#|F`)L6YR1$ZHH{)uv5W~7bodTxb4=*4g4j$D|LexXKjdja6!E|ojFsoa-BSs
z`=0wci+a)n`sEj9!?OcLlumJ;$k}Jn1*PBZAx}YEtVKc!XBkQmBzalX|3RPgS}d4~
zdfwOb{PLfu!|n@}E%DeP|E3dB@)%)~x6nz?xN(f1ODpU0;_RV`o9Wp@_noXQ*&244
zvk99?O4p`G`HA3BEwg}?=I0sLkWW>z&7QFKsuPSk2%HNu`QG9SsBIQD50~h#!~d+!
zuQa=aKoxhT%Pu)(JFn6OH!0RHQ2xVFi_wuA6XSZV^@`aVk>iVhAX<h<8@3P@(%`K8
z{6=Kk_DB8AE<q>yT<JBJ0yl_4TtpwIVUT{vF<n~N2#d2RFGzXJc+reml<!6S3@^?@
zF+hoYS@t>KKgF4!^PU;+Cx3J#84&HWou%)mcZt1aSZ&Xg7|+~o7g2|L6#b_za}r6i
z%s3YoZhX;SURYF`Rk>`tVw~H^`)ZyQTB83bxUlL~06cp7r5{DlO`*6fK+kG!{T!>l
zEsR$<{gLo=TuZQa;y}(-7mm1WE<q~4n$wD?Hg`Ojwhyk5%7AC;INfZ~cKviT)OT)g
z43^~A&!1yF>?;-zt4>|K=A$}_wjlnCp2P1!64?+<lF0gKH_kPWwvtFFx)q1p?v3c@
z;PwA_)O93Ma_E<R#}YUtHd4mHG^6(YD6`A%17?Y`4PXWoCEp3vPWq6wejWNT@Dxqi
zJcZzuDeoiZBDf!RW!Q>?f8-&XD}wOa#_H@a;sUla>N`DnLywu$T|7gYwgz@n7q{}w
zsBp)GA01^X0hxSUWmU*E_>L|9a{ROS<IEA=$QY8L(w@b9yq?WdW(dQGXb9S%K(q<I
zFklWc`}B~Vvx1c{!K&GcK@*lav^x_Dovro<n&G?QV&Cx@p`l4OHK+Xbd(mqF>$kR2
zea98gyzRp^_Rd?{YoUuxz?*&1!Du>~iH_-=a|_yWYb>2|T0^KG0M^ARAO?@o%XaZ$
z`xtoOCaVVM#wHP`lh_Z*i`BUdzdddsMG_BAvSFq-ap>utHpiQPP8hw#JdPQ0b!^9>
zva#NHVC*5IvSREZ<hZOfDwPA=ReuT!RQT-xSHz%fKOWg9Cc@V%ov;tL2WHfGBK_QM
zcRbNihExkU{`a6u^i|Z)YtP;rKYY8+HJViq<|vk6GlBpuBes*vL+1zJ*gTkR=(cba
zMUUvm3sNif0X{GJ=R)ALWVPq51!ui_MX0j+$(wHCYi3}2mQ!E|EX5!?dc{p7I%sHN
zW|i#>>jU&0EG0frUe6bMIq4hdsGv?$%{7}??NYxvyJPEW^7_SR#l&CwxU5q}NSvW5
z3C(p=to>_}|F1d({V?^PWUZ#b(z7+`kgX#BbliE*In1FM$i-(J4QQdTJ$A}}i2h8E
ziOV6JZ8EUlK~T&#v*g%`@B!nQOarmKhV!iBtZ&H3!{0R?MN8r75nUTG?QT$?;=xn}
z{l6__Uf*b5-(X&w_C9Q8w2W!(Yb!IaOU*K-#Sd9x=#9@b_(8ouugy>`xY5vS^Gt*x
zQwsA*N4%IWK6oz?@l8N8s?)sQ@67usL+hY=Mfw*a&U@BLWBISwCVfx!j63k#jUUxv
z-isg2U6aJ`6Zr8usGj!I(mj9vVgFK@=)->dPx<cX2W%IptEAuKn_;{YbPH4OG8sZn
zXKX|ew2IOPQBI0&#D-1bPGWyvMGE=@t295|11o6zTCFh$oyOOz>Q^L2-fb_t33`6>
z$v3LXR%ObnDx0h73qUMzWJ-~u-3qMLiV!`&FmgYX{;XhPWU0NZJTY>u{iH{`1MCZ4
zVxz_Xbi?1=hDJW#AGn*u#zH%)>zjdHbp}(Mz&W&5(New`B08sP6s>0nXM+#7>57K4
z&Jo%EB%GKKUmV=AqUt#n@daS}#qcnu^%xO5jcA2w3j9KwOEE7_A=^iNliX0kSBC1R
z5XzZ?-Ca9^2p{dZ4<j0$($E@~p>`Gn(k6ZI#+-!$P;LiiT+NsQn>tAcbes-|7$f&L
ztY7=e>z@ykuU|Dvx4-`KPksvR1a;$~?@i`NIMV{om+_myk6QZv5`PckFMXEp_Z*%-
zZ@oimBD2hFR@oPEe-G-Q_0hjHx|{x`8&WlX)S$8zzgzI5&p(1+3x2!s+k@Yo_$^PH
z&Df*a<jU}5SfaYYft8e-8^xy+XlY>d#UmvQ1^N-*j>Puc5<9-}-^H_f^Vvo``!C{I
zrTJ_%p1qhVG3}Y(fQuV0s0-{jQkd~r{ec?qfhO;PKJS4?y$3$C`aicmVx5P6;1TbE
z10EcS9vcumCA!1lEgeRjyJl#TUaK59&-dP2M4sJIGtaL5nR7pm@b#F*m*jblyt%2r
zq)aXq>@jc4!yUX|p6~yCm;aaM`?7o;1bjYdyUW#c{rRJlMsvabcU%a&zv##HzyJ3=
zfB#(l&jm=}+}G7)*<>;>n?x$elDB?o>X3?F>$Zyq5NbrTpKPXvf}cw&Bjlml54}VQ
z_hY)Erj2;(r81d^#ldHa-g$Y_Jioy_@c^0o-FECpKeYA<r?LbGYxT_~Mig>xwacVp
zQYJHSSS?CNE1Z_QxoqBd`L4aKi4j-Jy>%`3mKf(&lUO19t}0OC(85e%w|R44`gim#
z>El#xH`z7(A8-9gJ&*T`9&;#EeVdfbZ5>-OJLARrF;=U-?@dDY7<Leoe(Y_7pXBzD
zYqV#5$FA}-lJwS^YYWpNoTG0JZXm^6Z#<XM_jMH;krl%G+J^=pB_HGP>^qkJUzs&L
zE3OsWW!iWGYNTv35}1vYE<{S+{AJ+WT_*k?$JyJ*8y7hl6YIdCE6EJRFMszS%R;P?
z7Z0w|PGDY#K=UY;amounB6<YUPEHWh$8m2YcJjI@z3kyPoL*8{f!dmA(&dPty(}k~
z?N9<;+E?r|;IL;SLQI7BG9iIWID)tOm#mlh)I0jy?6EClffDfwdI=3<RT8HUX(G_`
zKXguXK1&m4wCspTNyO5_(r3<5S$iKH(?3hwLCyOC+Lm-R%qqBK>uRXtGfP&L=L*c&
z+z&%u8r&%K$YTjHPHL!PZ#n-f=c{(Aaio|Adfv^Fd$(%_`3D{;6}2%XEG0aag|b`=
z@bp;-Yl2a|{p5=FVK0d&?ZXm2t(7CoMn!etEA`U3QDk25V+~r?%rQf}_xTj(JE`wT
zB{K5n_9nh^c{l<;h|0Nle9%2Fi?%z~YI-cT5twH6)?S_1>u^voUz<}Pv81q`h0va)
z$0h8XXt~qd{+U-%%3^6Kec(Sz7v%3Pe3ayp_nF_HCYO+i257>_h3vBj1b|&8E$7g2
z!b}trz;M17kF)qP@tt5CoZsO+yyzE1G4m+VMy_O&Y#DEDrT!jvx#KRgw+I%P^s>wJ
zS-jP85)uwmg<hss(<&g!P#Hw?XO7#xXc@_jP(=5MA_}DShzzl2F+I(%hA7P~s?G8A
zz!>t_p|bYrB{TE?-sC4Ad_>->siPrG;#S-rHrI!sNHyL0Xx6!;$T~Om0L?nrc39E7
z+lSRD<og^+vw_Yy{rdbvhiP7XuDLU&*EP0w{t7Zi#Byk)j(wkqw+ezFCBz6e1^HOv
zOZ_pWXZq0I$Bmd*SaJ|_Rwdbeg6T4;Jk$|-QS@|tU*k7e&!CF?MtIZl_~|+_fqh!t
zd#vMF3r2PNqgz;kjw1cop2Y4Vt>MsveMx(nhZn>0**L)gJMS9$b+hv7zN@bzSrMzG
zW;2w6E_NO7j=JZLNBCA2Y+A+pH(xwd4GW4ZZhh6){i>JKhnme`G!kybaJv#_%%I-=
zs$@Dh?dtnoHFw1K>5sE^5JW3kX@YmyyJx&xcaKwnaRSHq7Q<m}7715Y(*K7F%xfP-
zKnV1RiGT*cPx%^@17^)5WI8XKfHh?90b*FVcwU_z7xxgYl@JmFhzBwQX0G`VGi@-l
zM(&!l7P)gR@|B-0TV*|G`bN?8*cielXE;a1|Ju5H@Jk`5c36mjtY5S~Q5(0UARfix
zyGk_=V#&{?MEUVr-XiRot1RV?u=AxSIW~Zk1l%tIEasZFGz&R0EY<xWvyrHtZE-ed
z6tFpGoEE(r_>attE_3c-$+HOyj0#l8(?$u4uEhhQN7CBsUth{?$fyf+h%%0pOv)Kd
z1b;P~r0H`+$I`Kvnx<#OE%=@_IKP;Wwn~x#VA?2FjG2<#W2~Q9?^fVl__6%&(5Et^
zvy}BH3s%?b57I2^T1Q1U6eim~-?C%mm2IWlZ;n6PNDkpCeS~90ahm8RJrE57LKTgw
z9x{k~+)ZYzlqnKU1DqvDx|nwWs}$YePeR5_hdl~;mZtC(joK^CGMJgT&-h_^UyZ$#
zk>UF8RP%Cheb?6@!}W?<C1c0CLtCKTsU=kbb?T;NVf?PI3h(N^pAY`;`jD4$rUkLp
zeB8wmPUi;SomvYDV$9q{rY#xFF|Y3;wSqBofJ|Gkln<!Iw=~q$nE4c$&Ii(WeH0f-
zXB7Kheq5B`#W9YSWEdjBHIJMj`>iA9eLaEYW-|`6waB@&JnZlqOA55?om}$x*K5bY
zk5kDhmmjw&#BfjxfI)|Jg6;gO#RaSF(t?D}b%oMb(Xk=Eo}+Yn!661yvXPUt*ue`i
z$o?Dk!?ckLRK$g@UbgaLVq1;6GoxCW9$-kDUO0zk5VHs~_5$jFPR~~0=)(5^38#>+
zBj$R~xDj*iv+PXiY3w<(tW|T(s}ziOOBTM!?Tq7#NpOq{`F$iE_$+;wLA-Is;PFA$
z*Jz5;@T^9$&T`uw)AZ07ycf=t73#2e7c8ulz76yT{65QJGp9O%^A0;+W&r&;lKE=9
zBJ&&@e`dHp5Q5_Y_7yKRXj=wudT;fS?=y}uX5|1(W1Nz%1s|_crXRH+TmZ7jE**3l
zkmpFvh=<ug7VbJcU8gUzYGzcNkhoz85Yvjs<^Z7u^ZZEma_mTilfJPHoaVqrOyjgv
z4A0DY#qy4D+pkla&E{!DbwY4)$h+W2!3In|S5WudvlGunMClh^*qE-EoOZ!Oj&*Dv
z@!~7k<rP(M3!J$RwO6bVTYvDcg$_m2e07izx9A%jVK`CO&`ROnnI1)}K+f5y%SV&R
zYh`9;F$GWIO5s9GZI>nvK9=SH8CtO4`;jMP!VF|q3S%|33D{lA=wa#!cxpj3*uv?p
z&9dM-;09wJbyqsYd1X6dK0DV7Sj?=1_6`_QAK*k%=}Ef&$#5)p!0}y3WDMkhW22J3
zP2bSFNa12VRHKo+aEx#`Mu4Rj93w%a;QUq!6ZWwKkci{~Bob8tnu*i|=}`t!EKmoC
z<E8y&CGo9rxy^>OzJb-7Nkl~dXp$fF94|1HAwBY8VGTN*Mr4~yTBF!BeM;y%4Nv*)
z=4i%O)(OGLn{*^?=m96(+I;8{D=Ndmq-ofFIjs=;;T6m<R)XZt$eko1mIn&c%{Y%}
zdeQEQ-&aY;%sKY`F2G&5L0^#hegDupW%|~aTvI_vn9~caPtl_3VbkbJMJa%;qN8Z~
zJ5ueiKgMnM$=+d?c-LPMAe%XQ_$i*7c~<<v%eLp8NqJ~03yW}Aq7$dzl;52ViyG6l
zdWB={`bq`tAfGSD=m?Xj5)TOfH3=1LN`^Vo{YWlj9x5XQr2O<gTkq!JEqp7Kcu2J6
zoW>8(hQlw_M~S`Q(VTT+9-NM7x%-`?E{Lvt)Mt8RJ{_}yt%GieHgjOsC15TtB${pE
zA|=DfxMD-yoS#YQ3%HYXxr~ujXk`MVSAGS0Y2&Ta6BfC!wWpd@?rM~t&0vaH73QAp
z*lZZah&jvgGfIzjgwpp1yWrL26mGHZc)W(AV-(4=xL(0eP~9};0wg{Dvh`#BG%svK
zdB&dGgy_G6$H?LZKxc3yhnjc);p9ScP84<K_W3ek@>Ke>dPO>s-W*>){WE#ad}2+#
zAGkPjeJ(luth4X|@-mSW3c<+&2Ahmct<Vo$og22hQ?$Qm3Uq(JrmdesY0OO#q}$9F
zx?Ii00zuB&<>BU?et=_(tpU+puzE?QhG<P{_D)LY*}`o)4`7^aYL+z@5b!Y<u6%O=
z)(@j_$?oBHz3*eqtToq+C4V}m0RA7k3n{r=fW!n%V4SmVpr88S>qfwZRcr4#vQ1wU
z5*Kzku{TjaSI6p@8(?+LsB=Vo2<CAE_)T*THq22kHCCv9!@Ydwu+D=@?^kT__iwmO
zdIv8>oa_M+mb-or{<vYdQmP0lCswD)sG3qO<{Q+`K|5Y;eG~gD4Hm#!fo?fVxCv%_
zdL~0yMS6yNT>>pK`k?jH8lS$;y6?39Hd%jT*58oz*XkDUo{gan`is7tk6`nQaL|yE
zFR==6K<k2digAU2$gxTG4yr17{|(OD=gMR3r52QJ6Wy39YO?!bYZdX0N4c1xifrBX
zNoT?x-z=@%_sC*>3}9&$^#wIg-(ccgNqm6MP<j!u3gSJcWhKHc$holSdP&5(?hmch
zk724%#$2RGh95ZBlI>@0SH+nmi{42x<Jch4^tmG(*s`+5L<v2^T1PufG_&L;Q`QDI
zrP>N-Jyew{FpnaD3mKnnFueL8Oh$%t9m45~)hi9c7QH!dL;ZQhAb1zk!!MB1JfGz|
z!?*DpyU)#d4_vaLntr!xeNfbiA?^YYqsO8@ngTQv(PN>}=#MBwjti?q7DyTen-G0m
zh*;pjg2NWx24Q07qr(MgwS)Gaj{bBCICC0q4L_x-U&<OpPoob%)gPa>N2{L(Xb%Ci
zqOCY0_(#zQjta)k`ta$#$2-p90J(_esW78nlJbCD+F)}oChgGlpMs0$GQ?qib!v__
z>oQ3sL{!NU6~eSh_w%1I?2x0Vzy5C574Lxy$ha?~LI3QnaZN9?uwgyC3J=Bl?xuz=
z(SAy0XVQb~5*^8=LmattWH~9G^NQNoy*oK0XOPYKt19fAZkS>4_FC~<4`PCGaVIAD
z!S_J<p|$q>wo3D1PQ_MC!-LV%w_K0<`&v7aG?8w^%b<vPSZ|+ie<tJ?!vbB9a{6Eq
zWu08HEKG?FQwC1+oR1AyT)FU6EqH=s6AeQR0eMc={$xRt?&S{N<ceuamrl~k%2imP
zXJGnk|B5|0O`D1;>HlrFsZCM8WdQiHAs+IT>)<c6AtY0RS4{?I9Bc`T;IUcp6(VHH
zsI}B(VyRYexOl%x<J-85Juf28K!zk44c~c{OBKc7J49U+r)OY=$mV7o<IjmA2S1aU
zo)nb;A1eiKhCr%ei#Kx!h}uv<(KAsO?<KOStJLIaEjF1~(SZDXcn%_CDm<X**0qp0
zLn2emLv-zZCf|5Wy3GAUMAt9;L`I9D3adBRDdph-_nR$nR|V`P#1}2b52nKU)M@J-
z^5F&2JHow#O;=T5B_En5vN@u^IeL4?S_VBSo%epyCFQ|qG9~QN+?NA~p*4GO2%4$K
zMiNcan<Gn)?K`AY{iKGBj#RJr_TRAzx<+#PE75NBQa}WY<KxhkjQ;1w?kPpt_nE!j
z?*nJmDKOR`=@yWpt=#knD{Lx2MlIMxBhw4PzZS8|AVE77y|p*svRijIZf#6X6$_=B
z#Al$8bI<VZ-MTl4J>#{l*fWymp0Sn2awGmMsc#Jq`}(>&O2O(!80eQA=hJIA4+Q^6
zq-1RL;jM=<eXZ1sg_pe~i|85^(Opru7J~Y+s~EA;*1pl_ddsVY%zZ)Alaf~G0gmPI
zNcv!{o3-EXpnYx9`9V_tWw1zDWRUUy+PdRO3yLcq<a}qA|H6!UUc$ULIBdHgb-8Ze
z$`S5N;7+}wDphzUbt{?t-+w_i!Q^S?s<LcOr)JfM_k)@gb>Jh`X9y}XYP3;3w~rD}
z;09%|@>#=k{2!yIfxq9_du+z{$m5tqR<pq0p2!NgP|$=4GR)Ps+XW54YP6{zn%-$s
zzbmTjOJMJ#Sdt&1{foLDemr%qWWT@T8<^bFtm#XEO`;p=M{RZQS5}GeS$vPM5dHB(
z!}~Ra{%a&+>5MN0Hs<|ybAkMANQt*L3>%<uVrQ4ge(<w);(*}0BFz%a$<o0_wib76
zJ;x@Do$Jpr4Z`NYa#ZA-3gFIiI5KPFNa9==!PA1TI}^BzqKS4U)ncMa)s!EJLCk}}
z8T@QKIo9lAkCwp`%z(K%mcbKgkEOcj-KM{q4c<=3O{!$u#iW!g=^uy!xL<4TsH%9x
zQQfg^s6&2%ONTP%W@(@FL-|B|+jjCK`SuZ0UY$*PAux$nVP9%WFCfx!6zN9bg9^5O
zK-xec?^h{8ma#V$JP#{+Qx`(nx%F*cHLVCPb8Bz&D0(cuucHicvX*rY@4qUVopQqu
z*!gvE#$K*NkR|Z_fb)CakLhOazF?|PE#+yh9F!hUoTg`RSfrh)xANJDX50&vI};;{
zP+Rqq6=tZz>Z-(=subxr9<lu$D83+4O87qjnH~3?#mG5fOn-{Ze2T$>jC{STxTYyw
zdz9Z_jd^OCYHHc-!r`4JhOWk`Po!%#(bkYIr2eI{i-mz)OU$KqOE1^uHhzpipmqCx
z_r8-w%^p@8K18&dQnh1E)j`r<zZp7j@dl<~_*P5zfU@JBk{zzz;PM*FpCznK*qzM;
zF%1z;4HKus_5m^^)}CHKK0;!VN}NxXQSH}G5sypL=6E3cvk~wP44<z1eCdRmynQmc
zXEwQe2Kko^(%yT*gM2Cp_c~+bzJ@2ZK)ALA=)fklWUXpsKo5nRPSj0&nm>U|gy<oa
zMh~gb-qSf#rEklzhl;OpMwV3%RuxLp-QxDi$e!8AZglI9OR4W<mYz|-BU@uW+(>HM
z$Us|XQCAW5gE)<2A=pT9Kl1gu=A-2FK5=q~jaRH)CwG;_+g`yLW%D*Mly%?!seLeo
z?<7ejc(}ms+ct0+oCT1rB?da!2DhjCmwBI}?-6pf-1iCkUdkH>(@7Kb$u#>FG6x`O
zT(#$*=mkBRh%ZX`UL7yI`WxX_?g$&PHbKZQoE2mbr`RZ+{w_aVQWETNX!O@{R?q2u
z9GY4MND^}9otpKDmUt_2i@n4<8*6*vg->IJ&n8yWFs3!;+?)=fzG-XGVs1|F!~MwD
zdHtrGVv&+eVxDS=VA{dzXJ`Ac*t`nZbh0Eep<8{emFo#5UyA)WnaQ5>?3JE{W0L+|
zo@*82<5-s%v|Ql@!zG>r_d!#59KC~UU%s7eY<8%V+mO6NVzTUUIK(Fv`rGlJh;Cqt
zsuD$2snz{PIZm;{VYNdm6a;|dqRpqo%qKp;R(ycH5|CcbHX-S~Y;B%I>e)KYQgK#w
zdaLIAQyz;-fuZHpOqT1J&W~9lrS)#=$g>Z`(?xf&hmIQBy8bdti*RutRVA)N#&3Fj
zJ0r1@xq|gid@U{nB{t_qJQf$u_YObtu_k)3{6h6fTXBRF(Xr)9AB&DSb$_D7Sf^Eo
z?FU9qugEhmk_AnIQJx%Q)EC)yT?$A(`UOh*C*V_O!Y-3{Ku6(lN{{Po=Ihr<1+8{O
zU&Y0Hz-0OzQHmZ?SVD=qN$ji@Jr-cJjW6&cj@#+kPy#DGMpsaX?#fnzI0tTI;TX;(
z9UK0OL;*dDG%zLU#BfM3Wg$d=On%sLFO=e9UCQQQeE2+a3A#*Rfln8*`1t6uugtiN
z{9jEkphFboRI7yZ<Fhf;>O<ajCOV4opj^%#o`;8Td~kPiZ|jn8zCbH_&GlO8YmwKs
z+MozD7g4>y!il=q!_#+|%9;iHZIO>A1^s^OW00EJ@R4?QI80T4i=q^VOjSS=&wNNK
z%AbeH2$?L29%B_myL%_?sqh_vh2<E$tSt?BwDdyCCZKwE@c51Fv#C!gH2*GK=y#m#
zYrX5Xt#_IE92-1);|~URcpr5g_Vy*a+_!JlyV(ab@Yu9-==XI8e^-QZUD0r=`}3t&
zr%OphWu<GTbxVq^iIK^VM*S3Hu1=P68DD;X6Cv>1x5RoJC)yL?v<!+&JHLr5I9U`N
zwp2O3IA(e6Ay=QjOO2QEK1ThQ0*3fH-fheOHf7aa!NjUyz%p$^IKaQY?(}c+xHRg`
z!!1U-zudASMT@0_5rR!VJ{P{A(&0~h2exvH5_f<J<0<B(IZgi#*OZM7h;IRsjJVU*
zQykW4j0NC{D@dMs#Y)b%N%-v8OYyB9%EIfc^SW}%n>sKDEnt4@QY3cHKI#{M#{LEa
zXN*IQvuDwmB!{7ltXK?)kM)?#qyucP;v9AEn$78REN6_OPH{o4L)QKv**e3L_?RAt
z_;>`z6~UFlx#_nVLa$2CqqIyLIX3U(qA^WfGIN~N`r(;}LD5yI70Wsje*uRLIC!ug
zajmZ`5fkUvg%`rXQG2xp4?FCDkcxms)-tg*6dar6)md9);*zXo&vNiH;VXJBF1Y9d
z9Fz0|RJWB#x`a%G<9R*%Jrj4IcxBtkyPgZTgYe#Fq5r&k>Uc4=boZ6^?{dG43*B{f
zv9$aeM}Mjo_fz?jFBrXu%h%!BiE=|P+TO$;Tu@!XeT9Oh2Fz|!Q12$9uh#?ABUED^
zp{uMj=m}jm29833&OuAy@74Lz@_AYqvoWD4XrN<#O_Of<fYa*7y&Qhn#8zYFxC#yG
zfwVnFRORZ9((-#gx-WcS+k=YoTc1ezl+-R|PiJ^zYfUv?lbuRo{e}7^NLV!ec^iUO
z%zX&`w2h!SytJhYr#{I7?9-QJy8yKf_h_XFt)$srV_dyEuS(9(k^+tUkuLk*T4pnj
z?*;XtYsp@F(psUsqUdLO42va2eR7%|zHmiw+6POamCOxuaLPXPNZ(OO-}_5o)3p%T
zp(H9oPViTo^-$cHKFFr3S)G1PG>h-cgi;!dM7CEH`E30X{7~hnf*~Iog`Pvy6Ay{Y
zD~MZOR#tJ$4WoM!-)GkchY_C=M{dLFlZEjLJycz`60!glQ79sse5DOj%Qh`~VDCup
zgN{k-GP@pr5RjABu7%qx+*ic`Z$@H;kyvRYRvC%H^N?yOj@RA&`MP^YUfEUJjr<(D
zI##!5${N+W9iOk;HuB1j(mlK4-)tm4uToy0RnXJB?VX%HJNWk;T78}U2=STP1&0?P
z3|831LeEy$Z-+o%M@DoN$&kp%r;sh5jEqdJ!v7O+MIa-ufHNhh70d)V-2#D#oIcv-
zR><heDNFxEMvmIO{ViYwCP$%vvwuB!w%z*u4*t?#i}mZoUzlc;`>lIg2Yp7rX~9pv
z@54PWYwcq^-rG!6EK3oH_l>#Qhiw_f#C6X9z=9*$5H*VHaerOq=aI|?;XnXPO=ZXv
zPw};%v3Vc<Xb63woCI6nJQ{@Zy3!iIf;B#qCr-l-8b^%#pGtjH+bU2m*7Ic|@Y!D2
zazSb>Rni%05kg;}#hZ1Dj~naJ5boXVow(&>V&r>!$c#5Ub+T?cd|$}s5Ewl**VKE*
zdC-_wn*CDrDSPb>7xXo?uW{On{YaVxrcLBAz+NxI+z*%&t+ZG2pRh@sO$vs<yUFJT
zXjG4qZ_izRonZS3C0yo4mE#i&BS2`U*fLq6Xw%#gG183WI0eLqtN@H;Bq*2vp)`F7
zC)|p!0Vn9WCK4z3(Te4Ib3*{JIdwb2kY*5@10Q{E)0C$d#zKY%_H5aBU<>b<K`1D2
zfNL@9db~ndRdQyO;%1iJgxV*N)AX3!Ulte4?XP8|)(sO@JI*F-Y7ZcW9+C7?KZ~Ze
z(SB+UeAQTAoEsI@)hRIR7wj+SDxiK&C9D+0w1pM%;+(Z-?1``f(Z}az^Sn=#M8dql
ze|miGkhYdu#9STC@uvTDjBrQV=;K^lD;m@vpF`pc(j{dhaqMlhoAB(<Cm~2Qht9O5
zbIY0MLORdBhV}0Ft&%S(Y$G%;1nYNZp*+FXXv-}py4;0Et+%e~L<<Su7g$y6qqt_O
zw|Iz*MPhRK_wmc%9ged)VH*U+XV;uk*>XTsi-w{x#2}K+lIqY3!T;G*+|r*o))LNE
zh8@VN)6Rey%WB1Hm9OD^yRg~!EL})&%uA*>T6MwJ#AO|fq*J(<-7tjk%6(%!rt-|1
zb`;o$T?y`H3rNh^U$&CffyaZ(woPTPc{Rdkph;!lAm%64By#Xy)Tlyk@bADmik^)n
z__)N!CSNM)W=z7seIA&^XO5Tqy5!1Bl=~Oe1qZPzcq20^RMk3;R)?JyS{&BPdG&%6
zOK^KD#9<eIbIS0rOAKXJ*nXp((^BNI50;HCf86@!VpHa8=Zms9Y^DdMS}f2xPGz}W
z-m$My>jHW5zUr^+VW@vKapEo<WO2MjbYqm$EA(RFOohhBhBn|QjD3NXyx8<w>@^w>
z4d*y;`INPox^|7Xon_Zzak3FUe>PQj@@P9i(=|7%pEtYDS|K3r2~h!miMhN*+4qP1
z8{P6%<@HBH`M-%u?Yz|Vs^!rdy_NFYB7Qh;oCRc5&R!y5yC+YFaJWtmr|B^gUL)Z%
z5(P5X$;KIt<?o|8lManO*T-QYN}3K<ivx~BWlCH<U#7W-K(w5!>Y>#gYTxSnPOWS7
z^x2#(_@+HOz}#-i&)h!sj}oEDrDJ?D>_S$Vta!j2TI&I=9hUdRDd=!14|To0bIJ!^
zxS5SywwIf9mzxzV<xOsXGwEzf`yO;h%rN&Mf~)$Z{ZPepgK}{ULNvd4$H9WdfiMtj
z@4%^7J+3@Oz?(1<Wbr0h`#t<8AIBL};zNKE+r7k%0+f#ZUG-5uoWfESAMthV5H!`P
zcA?aPCgQBMyJr@}XSjf)lg(JcN%Pp0TUo+MI8o}{{7bt2qsM|<3MrTHsr$m8Y7a|%
zLT_T_qb_Xmea-MydYp4Pa>^Dz{3bYjU^|p`x25p?;tWSsV2$V#9|{7wR#4~b8H<Wm
z1<FJjK~1GIhdEP$O&U2h(5mLwkHJ&QqSQ9eSWA<0VqA1y{P|c4@MMxt+>+YZdIfy8
z=D%pqE<E7;;1yq)JyACwp5C8sA~CmwJ8*zpXL4W?wp;y>`5L4lhn`C>im!jT>97la
zVa4$>1nr@B6OK3}l=CRhyQHMN=(`32o#nyhkaOluAFW`SFP(Va+&wg{cg#XnV8en(
z*SM+(u~nAR2<a9=ePta1xG-5VOD2%6)%};nUJI08fiAzj_*PM7|9QAoa7|F&eM;Ud
zY`ljf{y7KAuhF2WnYj5x$GMhGG@)6qs=+nkasW18LtRHk?yD|S+hPiH@?hYJ9>dwb
zQ@WBk2aM#Cd<j``Ho>agK1Z;dxp)r#-qZ@HDv)(T)dN*2(}(vaWEf`kahJ47pAl=1
zyC1&$u)ptIhwwK-m?3sX<6Ir*86YyHaHvtcuJ#?l)_qLyyzoM>)I9(SvYb*t0VqBb
z*Qn0SM|EaXPKRKDe^weeSyrVp7+mzxUb8XZG^zXfbxjO+72<AMx{etme^C9bSF0bQ
ztDv%`GU^(;RWHgc#{C@?eXFULj)h`9SluqHhIo<gLNWYL5liJez2&OokWq5xF3YqU
zP={`(GtfR9WwW>M2qq7d$T@lObG>hPqVxo!9q1&|^_TUh%Jg&ZjOuq=^Gn|~K@!~9
zK3t`ryByFT($%=?lu2~;c5;=Jn)P6#%f<z0P$@1Pht}#?!&z6<57Ad3g%*NbPaCFA
z@*CR&+o#~-MGw~G2oX>%gh-v+C}RW|!AUpHN$|Hp@v51^L&rn$W1RjVV&W{&g^z-x
zCcHO6m`p)ci@AAWGdLX(r|&31lKdPkgmCDlmy!9U%|gRw5h!R6c_11}`!9mpz`IbH
z@H!M}aSC2XZ@Konx{Bh>AZiw(Ohz~r=W%0Ms$Sp-bakSXxS&#b{(TRK^ucV4O>#_;
zWLr$JK0;_c5~f<&MbS8ieYS0p^OCodSAaan*!Lvqb?i?^EZd^Rcm5077Ju{K+_w0M
ze^uM!5ivnd+adt&FBd|B!?tL%EX&vyGlP7xkw_a(K1J{yhH25HfFHoN7z$K}f+12J
zD(D|rsii=yLxiu*km=K6v7R)CpGY`t;(mHmY~75Aa=e#hv?W=(WQ-o=A}pt5JM<I&
z3JB`Jf-TlzWU!<%YLoU0&|!~>DEw8Jj7(0J2;BkPnC%6NeFw3ch^E*7lp*>IWL8zw
zGyYk7*P4P%0h1Kj-j(nui3F74bR_QYR=%beeUC(oGSKs}I;4CWwoocIdj}r^Ux>P&
z+3ao5zmoX%IU$MCQQ2|==pl?JTABW3-q%w-K6Z(4k45CQz&OOa3ukSPEciK3@EH#W
z2<ky9ayL$JG)@jKPLR6r7H_rN_ZEa}Xw%1peH!Ipm(I?G0?F5k!OR_;gC0|D!8~-y
zbQ={A&5U(qGWVN}S5iHqF>|f1IgH~YrvpK^T?{079i~|6-vFm^urL<C1>{8_vGm}=
zqN{&{J?~IgnMWEhprGgIKSzBTKTr;P3UYMm*&c3^J{)r+x*h!N8Zu&STi_1^Yi#X{
zQF|j9{Y>>qA63FkVNWJ-j#8nus=a}AgQ^pPO#$8ypxhoMQG0_?Ywe{d7;Pf8q3Ada
z0R5>u$cPI*R@S%s@a;4vhTY=Zk0>~dr77OY9#jQ3@JL3qxvx5-PSuGKW9Qrg_928N
zYjTKmB4~oDuvItW9y^Tbzl9=)*Y88jQ(qI<0IT{7lCIm96?x<=>Khy?f<lY;r82@d
zLg{>C{+gEdVgB?%06tNIB}zF!U>Mjw>a#WkKRMikJlSV1atyP1Es0(XpHbjcOZA%M
z={IjAyH(@qU)@;0*PVF!>Ww=;>FGIFLjI>0DPM+-RAJ++=voSe`w#ijRp^i}flqdJ
zc!E38D!E@t;ZyqV7Top2ct?fJ2|Ko@lE(J*;QM>~ymy((@D#qs2M27OxQ&cjQQM1x
z`Cd{9>PBkQ%PE{8^|TJ@?)M)`J-zX_4)#1<_tCo(PsjG`uze1x=1U<@Z%dpjso7|j
z|NT$X!uQj{_n<J8!+R2T`3nIYVJJoj`u>-g5;Q@6?0tSVm?mVzLLd`19iFJCcfrd5
zgv84B$(#^Z$px=IJbv7SW!$a1h1ZRyTEL2W+I-4OF?vRMkAik4AdU&^@r=JW_AV?}
zUovy*%T~wyx*%Ul5&fQ5aolwot8ssEM<}jgnCup@TQCiY+bdur#b@Fvr@uaWCYjKd
zBS*pVMSCzQm`vUBZ`4!^1EM|#JwQje03`sNzx5Kba*T|rtXn>x0!YARB*E?-aOixu
z?LIsf-D~!vwUT>}_CN^RWC5-!@Sx}%@4nRq-6HK8@cQbF^>KI9&3YjBiOt~$>XYGG
zw#Q9BPgw{MOaw%~EL4cPdlMef0~=>75N6icK+Nv&a4@x#0SId%;6iTj5f{5>{l{dF
z#)k!<=w#n@b6DI<`HC?s){-Mt76^l??ISHd5wmCa(?b2sM%~hxh{?uM7wFErY2o^7
zp0-PLDRMky{ndy0gr^w1&IZrkB0?bz5D0U+dKWxaHFlFdAQ(WnsMnh1>R`a0Xse4+
zi+1T}gQJ$~9N_jH^n*1AdwyygVyvHz*Hp3oQuaQ`#@siVcsjmkhw=0aD7^g^{VXd1
z{ZgRJ>Y47=4mJi7=q5<t<VFjQ(R~(W)4h~HuhW6*-rfZpxY;nW>4Aj;)oaRfaDW_C
ztcGM5m=qK+;Lz)-WWDq~1~Ik7_*<{GrsKKzv+QA2;CCW?U$MX^)(@RSlLAM5gwfXw
zXe|4V5-jWl9Uc&NF*N?l+6C-&9t@PTcRn}+i1q+ubSS*>sPztikejxJp@BIM4PREL
z?gXul^E0%9$9-0x?1{BNhZW3vRK0o);c&OmFjb|Pcxd8|?q==LA(*oyp+w5!cxhxE
z10b97HcWZlEk_Bl+|z<;!TXr8H4-SzWs76p>^YM<X+hAQG`<8Pd~U!=3j_;Q3Ix+B
zHXHxbYg7h|%EHF809AOC1yAv<H66MS`!$LC0CSMqj!7K$>eJ6gcWCRu9bgS`*#-BQ
z2x|2N6Y$5STqTpA$G!p%q2*U$(Uvomjpx+JQg62*Kx7kCj>1Q&OnfgS2~A6XoLZ#X
zOdWQXiC@-L(Hz_#vJY$iiG6_HL0jW8H))}3F#U!ccEw<qwb^9nqk(=;ujo&0ft9+8
zGl^A!CT&xq)@{^!1SqNkwfr@>&K33ovY%4k&(!5`fI0lkvV08l$qh~aj^u`tT)AO*
z<OMUvt9~+R%qF)kB<mKFTbAJ4H*e=jpmGo8C%1T!4=+6_PzrGQnDVLyf|9J_+OOW8
zmHYiP_12fRZxunUy*(@Vdp4;MMiK=iQbm$_v`J|GA#$9xAwRTJNknuW`cB1^^oGgb
z0edTp8FKk}mW(0K?N+X*<NW}uY<D_+WM~uQ51&rOG^_Jmc<Y@k;NOV85Bp{#RTmA;
z`Z(>s$R9-Qu9oaa<towdFsmUt=olxC&~nH|H%KsWi_lLC|I|qRWW<<_Y+Z=dEk?Fr
z`lML6oHZlaJfhu8@T8dcYT9|1J%fQ)Ce3-B4yUK>r>d_{xtP4Y+f=w)134o*^F#76
zp80fxq`QC&bi0!Np<XPxNC+iIFj1nrqOH|ml}thwYme`mm3Vh!2tNGt6BnEE!_)`&
zmv~VZ@`HS|p21M>Ml5=W#Jj7@nsBBd7U^<$;oGEOUzTLgeKvf3>&@@%d6Dh-FmrV@
z88Kn266Xb@&n5Y21-vKV5I+}hqMG-<WcAJ7co9{>XNu3`gbOYsLKA^vkP)*(^%b1)
zLY@lOdiXgK>41^C2Z4?_M`^amNZm|h9_cwSMTFp5GY`h1W$v}h+#;31wOyvyF4G{D
z!L?oHKD$g@DuZjgOdl<SHa}{YZIsI5+Ah1-F0)-KgKN9Y$Lum6k;>rOF0;=r(<GI_
zH7k>AGuA|Oqb=Ly*t-S3lcz2-q{6|qDK5%kf<Wp6=Sr;nPah<nU~mDtfsUA7TfN#B
z-Z(*hE~u9+YlK$Iy=sNtChD4TYpbavVR+k#TJOY0YBIZTxEd!tGz$-J?uP<j6(OPH
z++o|&VEUqQKa!(ra>HbD{cN&gAsJdsmQ&NyjOS4=(+|8Lbd<xtN%aGu@9>gCE(Oy|
zuCIOg-u=FPZWzKQ3X~=F)DgN)lB==bQo^~KL{|3))@cpM_u%T#>^uc&!+d>aLkKdl
zu!x{E<$-AK2fCL+Fo~>IBO4|o>t`bs3z5)bq<nbfs6@x8UsPt8kPzbdrVlg(EID`C
zxrB=aoMgouE+$5favu{ieSi#5vnroVtUZUmkDhgN#k1G-$x?w2yrQwhVoEsrp_YzP
z?$rZe46ILomD);&EHe+9$hDtH{6Ut^6h~S&xvQU5VJm}`i~9!;E|SA-WOGPY5w?vY
z<ZuVV$+ttBNe=I}p6@ZA-;U?o%;!n#dCGi#5YIQ8&pWN>UFP#U@LV^a-)TL+%Y5FA
z=fr%DQ?|`^?>3*`gXbah`MuWjUi0~VcpfyL_gT;Pn$JIq=OyOzk6F+6na}s*`6~1I
z$F1kTVLm^A=QK|>IefqM`~l1BJa}Xkp2P_`t?>Z;;Or`x(rT5@$4YBz3HcvYfj_`y
z)U`Nz;O)h?mll6$=ZM1810AiMXJK<_adaZ?di#yHmma%@6oo}X+y#lQMFpw95Se1*
zE^_dj!C_BFQG7GQ0NUKVQTt83sF2iDn*QjR_{0AL$gGr4gMZevOZ(_??EU-J3FHBq
z1J`Nt0N^?;6Uf1fZFon+x9DF3__znZ6n^v!)?xhq3_tpA5`SN|uIc>;`H>G;{)5!L
zh(0;i5X--@xAc>dM-UfC)sHZNaM#w~7W^GjW@}XUG!bL2->^pt9xB~aJ{?>5?&v~n
zu{zW|F-=$F_a+ZT`bu%8i)I_@$9iD5-HMzEg1O)v1Iz$UJA4k@bNq6t7M8|9qAh@H
z0=se%)xA#`rLFL!-xhZ_WQuUJecSV8uhzd=iTagt68l;8lXF_pQc>)UhGD<>6#Cy5
zWv-Z}%n|a%nSe{XE%P<bO2!_lezr*ZU<h0dO()9vk!b1V!>k`U=b_XnhT6hT#qMgM
z{V@D3gA3ux64KRje&(%tkln5onU6m<BY19X61D<9MOs(<$yUC9lurVtrH^%gZxd@R
z?%LkexJ3LdYZu%d6_@Yf=}n^*;8QJ85@@}WHj1;%E5m3M_&xaJIzrp;SbA(L;XLv(
z?l;Vq%!#s)=_LBd?JhQa;M2`^r8Apdnu>i1El&q}mu%JxovH>d_HXzty@Do8H&mtS
zpgbi=_u01u7fu%&=qbb9S9<C<-A#)>C*HzahwyDDMhsf8lh45wWOQk<`=HWX9^{!%
z!-<~#EmR(x=P)Tx6yDnKP0tm&%nM(agZ_UpjS1-lI_1GZ$G*%qWxG8r9S%u{pw)(a
z#xzTTHIVe8{Rzt-Mt2eH)@+=PPl3_=vy2wniE@0bCMSxD<h_`0#DR1Fru~e0-giGO
zy#UQMEE^?fr-d#Z8xB3{F;4iz_4auBusv3E;8+H(`y-ogG)8?5fi=eHXBviYGPLd1
zA@um$R)FK+w*&PzhDqmk>`r80lS$%DZibS0lc(d+DT4?Q%)^taLvSn%Cq5tENsq^A
zH7QKlcTbjtjn9WGM_!?HMz5qsrE-#0%H2Sw9I+7Qm?f`LKBG35W7%tGkj^jaB2q%v
z@h1K9rNGuh@AS=4TE)HB<>)2Y8DZ6m&vAM|*9qL?p(^6MCE6DVC@v(w5c$1$%xHip
zZV>_0ZNchdX?T*J!yroFT<Y1*r?UBFYraud6wEZuYe-)Zt8kfA92e2cSd*F`F)R|d
zZMDPBGLjn#ju)Q#Ec}WdCX*{)9CZ+on{eFqi^gi(Xq7%fPQO|cgH(wR9tqCEZ)^t)
zPqBv^z8o}Szz#C-1c`N#fng0PTfPX?p-1yf)Q`k>nD1t14o%?1>%%Az8b$$ak_?=r
z{N$II`7G8}{bhs9A=A$Gv7eEV3pJHyh3&LLvnUe9e9<h=`oZ;6makFHcm<Heg#f$>
z5Aj%BP;|EC9`RUQhzS+*M)y(idcPkGfHt`3GUwvLs3P7l6qaQlYcA*ISW+RM@I*(I
z@y_<LBB~?d>$goxtqQ*iil2GwcC>5`DGLWdWOR3VVz+x4m|X9@07X{4xee!sRhQqE
zROOko)`X}=T!;p(`Xn0Qtci^_yB_hmz2+QqH#aurqZ^&p^rGZxMtNCeylCp(_bwBp
ztSQXxLr&ae6CIVKFOHa(%$OdUJB#M}6JC7~JC)Mk6VN*|hJGA#%vfpLuFmFInny=n
z<Co!x5FEBRIUfSMc)ir0ufJzgN9Wi*@jpCMR;)kKKvs2p8j^WUC0ytg{fThpL^kv2
z?025L8j@~}%8=Zr8UCt6mGDz(bXCW&B|%cRIH)V?cgdl+D_HM4-`b^d{&nK@i8JeW
zaSn0GaSk3lK}xah$6YwLxZajr4s#pETZdo!mhMld-cogc{9BCy{m}^=#P}!}VYj^K
zKnX#;v$RbPf9M%A?$Aau?m=+X@?uhlbTI7}b8*FyW&j*>rJ@g9KEj6?9dP7Zq_N-^
z$KzW1VAKsy<nhLUt-Clyy!!adw>Gvmj7IeVAlU?xHp{v1K+`lNLu_<>uMg0umS0c-
z2j%ra#OM#!n&&Kn6f84Vi_SQ3J;zVtX5dR=@@*+r%$R)F3>L$_f1g9wIiw<8DRogr
zdkiZ%RWsLw4N2}Q$=4h99_NvR!FPNVO?w_V<u5=EKv}uoc7t+p@WK^&D$O$p2W;d1
zOBi{6xUB-zfrRPCOkB%6$zc!wTe_^AxNdPTj&+qA3*zu836vPm+%1g~I&X6ne&WYi
zFpz1YcR83;WPZax9kVMjb~v_5KaA5;@JI-W{Q>{Q&huR?4qeR;U&p$~`C(cU@>zk=
z8I$F1Gko0~l%T!uxz9Kzcxt5*?;3M=9Mn(3l|}0~ab~sFcd~s`f&S24WTFkze-h*)
zr*{%BL-|qaNoGR{Nhe@?s-#IL!u8?yvSRy{isZp2y{by=*E@r=-sx{4DteeIkHKOF
zr4y9ls9s%*BfaCD`bl8^NxidUIDVwzi4y8Egq!2^1_?PDkDG6fH#||!-ZUP^BC#fa
zZ~<B?)9aTrNSt*Ao?5<2^KPW|WVkh>o(U8pO^qOB*ab|xA!7&ejU>li0WI0>5<{Dz
zr((j~bGblo>g~BkSu%6129W-t4dFYthIdZ9aNE`w%;Y^6{#HppNmn=LXEPctcXuH&
zzhyn!;d~aO<?8)3`>b8^=OF?Kd|rJ%HpQ4hnlNZ$$H~Dr!u54<-fQrvZS&W1L^K-)
zueHuQWQyRoyaG=tP<j}AqR8yyp>B+PF;-_HxP{Ql;Rjm7^6+8$+g0Cr^Qch76=sH6
z2^e=wKQhO{<WPRKRlr%=bKq;;N_l$$>FIZzYZ9LJbWJ915S05;AR<a*Z{4O;rBvT$
znZEe8D6B*9%uK98c2IY%Wz)w9gMYA+?^;00jdVSi|0Fc};%LLgZZdNz^hDfMvxR+r
z`S?rSFK;O%5XiOJ>XTb;dR<%nvN%TrK@_lp0|l?pgPpGUwbj26@2UcSW<9gjcr&Wr
znpV%NnIH1@A-S6HqN+BVKLEh8b~(BpCEq(r|F6h-0`^}g_n(B<>{}ate2=u$T-f#F
z%B9U}Tbx3@D&ec@+22-Y%i2roG&J?3i!wEJh=Jl5ekM?dz#JC?+s}zsxVffT^CWgC
zl<BfAp~``xnH8A|)7>0;4XKXl6s=clD?>g_yQ)G_6(DWbBwC(P!&|n3VSpR0R`&Cl
zis<|XwGg=tq-EYF<(Y<216|-^Mz*ed`1AqOj(p!_vUfIl??UpP#pK;2xzk8?B$B&(
zl6z9gPPXIrM0Uapu_w|2V}qHvSsi*2A~akSBfFV<Vozib-cdtDnd+NWkQ{&L1*QFz
z+V%pPC#~0JBReT2`zE%H60Y(H5?5m68b}sjgETeo|9vJ@08uHq%LgSrtkk;_kzM_(
z+d&OLlL`t4e?NjOIEl$O99#ac#g;$(^7kU9)|X8GqjnEktBJ5lfSJRSNbc%EZEJ#L
z`YK6wk?CKucO-fHTmbw5ZLiBn-cFkqg+qx**I#WVk=t2WBXT<)v{W7i?2+umtd9mj
zQ5TVgWE;&9Mmu^YM6Tc07t80++b2=Y%T}jdO4ab7_5}LP^*?iyi%Dn^S>wSJ+*VM0
zA<{;YZJ5^^m6z{KB-_ikkw_aWas~d`o|`%W)vM$vd$bs7r#-`<iWie@06D_>B9@yR
zC5h_PkFVhj0SutchjCyV_lOp(iGTrV*QE+?&xq2K++{>|Ri99YqI71HEePNF(Bn;v
ztdxctJnJzcE!&&R>uuh8oZQq&yW7Ia6fR$$olUk}Db6#Hp?M61&z|Tn!JG$zm^I8D
zIcEjKrxSDnE%aK~6Y2VsO=fCC318@-G1mUFV9$>bh=acIe#ywRiPjqFXjFS5ZHdV4
zy&e+T^O}lo8j;SZdtpQY>=%+in%mP)q(9xVG0Y|frPH6WGr)}%jora(M}LPf5h_+P
z{)b=y(hc=7OmMq~%>UKMeUp*i*~q;Mk$V;+cViu!hB(19eK0<Ty81I#@Dt!;j{CsJ
z4Crab$3PU&)A3Bhs1M>6-2={)sSSZW9fRPcE(J=1J3QFW(r3!NwQh7xskIm#>wDBv
z8%@Utaom!gITNU)Wx>&KN9@4`?4VFwx$)l=pi)b>mMrc@+6%5j&4=rtZIvkHC1*SX
zU`c5*r?sXYmFA<goT;qs8heklUq`#IAZLjq;`I6Mi>*WL7;12zMmLQkD)wKDt5m;S
zkgB}B8+w#tq0cv-xuqenIl?U!gG&^G`O2)4%IK|^QzYUV3sm{7lPROEy^=;|a7l+5
z4PImThb)AyhO?D=E5oVqLfBdIO{^Sf5`luAQ~O;kw$(N<%&Tv@UTw|9D9h2~H&3Op
zcC2}oJxydi9W%=s73of7d;IYn>FaiWMR8zo>G>w+eT0yY7p#yEwe8t!U<hm<Sxj@z
zzCV2WE^|M+dotNGo9tdl-nE##lg_$;PPY7qIMcIk?e9QCB!)>H`kLF^X!!n1!%_d-
z%{LipEzm@bLy&bt8z~X8hJGfH++Wm+hh>Dj;);uKB5a(q<9p5oZi$&RV&qFGvK@Bx
zs5@E~t&G-3cSP@w9*jPeI89v=_w2IU?hmX0(!;^<3AZ9TF||tx{h`zcblBHQm-{7B
z-{bnPhrRE&KNJ~<3?(sAlm!wPV(B(qq7|FQk&!Q@;O}4cHZext+1{2&cJ!zU+Au~y
zygFQ_kgkEAb&y?d?H<V+zWf?GRY<CzS#fpC=Z%q%S3mhI5p^w&yz}<2MMXmQfp+ht
zwG<05ii;e0mIzjT39}TWl)Pwaw>1AnG+%b;DJQJjZgz{-kdBS@AB$axAAsjjty`0)
znc_r^zzNNR1HsvMOKNDfqx!(~24BR@xmfgPlUo`49KUxqgR*UF<+3-rY5qjZ?wQ?z
zDZkr9JsEd>w<;lX`?t`M_Onr0oC)mnCeD?F9^!RX1;XYNV`QBeyCc3bM)wZV`Wph+
zU8;<`wBAYvNzwe7z~JJHk<-w6_T+@rj-7_sOwJ%TlQXBfm{V$G7C_$S0CIU7UI4Z~
zPyxa7!cvTN@;y}<dxnp?OTBtqSoHT&fX>agrP5P>txE8YIonW&{+mi_O^ea6>iap4
zy!lK6c%R2zu}?etqWZo-LrRjn1n49ckMEDr(Vp5HFd4>a&-QJE$5u&s(8PCB$L(ZJ
z7ZR=r-v~s3q2G5cj(iF8^7b3(LZj=2Bc(}2=~mccJjjPlendNzDCGA}r1OjFruxyj
z(EX?is}h8VJBst~MZt0S-k2od*SyM_E%>U(tt8y89;EPdtBHimNZ`C|lH5)AX3P#i
zvRl+Zl6&xU0xcywdh-o!YKO}J0pT<hxCoZMNxA$R;E^svZs>UX?|X_l(HVIs1>g6o
zqpZrd8Z;OD+zRatlzn?6d)RxtfDZ#8!{FZjd){{^IBrNqI@0~MpdDuScn7AinVLj4
z3p9~kC|^@0=oZQ93-sHd#2s%hvfgStvI=PTfQDk2+l`!x%L&H3NE_JmiEpbz6Cj=)
zB9IA$bo{Il*$pR^H^}5Q*4wdRX^aVs@mFHeIR~lwE+bULB3YOMIpMN^x$kG_J0Sh*
zT^_A1mFz(Cm`&Ewk~(KZa`Ev3{C7LR7_&lHY@!i#_1AZM^kNJN14Z9zcG7(#va6Nu
z8wXK0`$k+)LJ;ZT+bXEJO$bE~hyE{kM+*8V9#1`^#3&ZqAFIBvD>xplcD*RmyI2De
zh_A#Ib=!`Lr5K#F!)Sb?m_CjJ9C1+fhg@rRoY>T3_EJmH&D0t`Zwp5=0#w#RtP#0S
zk0M9HX%D)!Cjk(#GMVF|n|Ky1tKeFkp$91;Pqqy;Dwj84cHaKga_h!NW0e){4S_Sx
zHG}%!UR-9)INH8@jcB_k|C(t_z1NxngP(WJa2PGWWZLMGX<LMJ3la0%s_(gL!5@0C
zK7MGekMRX*eWWlRLBE{KW1Sce&@tF!9p&VM1_rRT6LbR~5_FO2#~ucgoJ)7}1FKL}
z4lg<TT9x=Y4^DV@;O~m5wI(kU#3{73zqg=5%|vP=!Lx;=wkFt97^9`7eU19an5==Q
z9*mntKcOrerG9mY?#s)z-GdQ|uNHskA|nU?!B~N2KxC?K8#k-KxKk8(jOb}Q_&5_I
zUUSKpWZ`nwo_;CdLEz`#p*yudUr?tyaS;yA;`sDv@JJvrvN>xkZOA!BcUaLYiq0Kv
zYo#aqepdbLx*P_@cQa#JQ9TB=o$%?(?zV%u?1^;r{EZ8+L3e<q)wlegqFu8APE*bV
zevfnI4!-1@j(IB$7JJ2VLM%J}jom38IFZgjb|(iU#CM6VW$}Fg-qaHmcwbE25&J`_
zxibN{yKMN6se*1rq1%^0$os_*#D!xlmjYhY`3F>ZW-|vS_9>}iFnhjFD5Bfpo^UH8
z+MHNXPVu4T>ZXweq;?HS?x6MDYwZotHV>~(m|Gv>gNu2~mjeFahB5(%-E>iOsPVw=
zRub?uc9U-S1)?ovl>&pR%+0*Kh0mtNkyv!p7shKPR4JIp-Xq@k=wngvhlOH%zL?#r
zP8z$TN!|(-a7^46yoL`m#oyAs-Q<d_K2SQvBs&Jx@_7>3QT<hQ=ttM=P3ug>W@98k
zW-JO7T!aZh?r7H9ITKi&g$}#1mXIW&2x(2BV8>xgMM!8v?-3VPgzyC1!v_iXP@5D{
zy-*SKLimPCk<|7;mGXE-i_p}ZcTYxoW+UATk-HWncS53OF51v*yf42ExJp*E2X1_x
zK&LF3MxYaPm^rfTr<TtBy=8SjP=Nsws;wZz9NW%*IY5;x7fUZjE^fWpda--9bsdvo
zOClDJL&sOab)r~zLeT?+lj}7VNT#AYaIOx42a^7Xog;M98+P$rd%z~;w`;9FZi8*e
z62g9p##h^V6K&&T;*1sN^FNoKOY2YD`2FQx{J+u*sfC@k@CpqeR)VCel41`fTgOta
zKMovvEq@#;|KjL4B*y0_Q{PCjCJ-%!FNFjT++*~J+bTU&N@JsGSPTOPGHfowRAHB;
z=1=wt8s`P?!==c`iE}ZGn49n;UXhbi`eOWDuHS?@v&am$;$#9b91rl9->s;S8lk!p
z>YPoUIYB$DQZ&eM&d%`>j<&*{*}XUU$p;@fCMt`!@|;%L0hrik5UKVSJ8_8jDNIHd
zCQF1WZ(hxxL$Zqcc#51Z@UxKfSRCe5ks}huaw8^_!7bV;Wr4~)TLEQhqGRQ?ChA4X
zK9O?oBOU{1T^>91U|+JM8~ILKS&4apwE4Yyb79qu{7=XBKAuXhI+C;kdgoyj*um-p
ztQI1?$BUQ+^k~U{YD)=Bz8XIQWr-RQhCZSM)57M3qHPTb5+m*=SS)D<u#x*&jU?%l
zyiI61TBGKl@gqV@`NjUdt*3S&riO!TMm{xMPmcGnT3{eg(r;H$XPe~9ggt$!_0;EJ
zQ@TH%<XxlMzCWW22!;ESw!ZyRMT;2LSbFRo-rV9dgPJzA!d?`M&-7^2a*6MOhxjwt
zhPKR$Q=fwvon|c~E}qz{BhzHpcLMcM3Ju7ij#GE~5FZ2^tren&Q?!fX#~Ro7o!;wu
zv`F*yeWT-X+j6+1%08Yx8mp$nH`jGdoLODb*G;^D?V9aP{1h4a{BwIj*%3Ik#Ujn!
zLZsx)U)s6uBsxO<Ev{I(bfTrvh=9^`m+tc20R8oYk0mt(3xir&Sa~Yoh9cUH)7c|w
zBSbKtS}NVyp`|^$U450`7p~m8OFBmU_6P%9x)X=rs8K|uik5U&KKs78f58_APN3W;
zJ#&PrMb<sv6RcGx4_nL1)a-*)Wc%j5-!WoqVq^Rp#~4$pUK&>$w?g%;rQs>oLB7A0
z???ZHf#s}6X60D&eiBhWlrgoF!a!F=L%PhQq;}j_nL6|UHMjZ>3+^xaAjhs~GJ4Dy
zaVH{P@*S1I8>!Ze$=m8~Y28kuF7^ngH@md}f;r82vdr%yKCCs~%?Y9APK>z1+fJg%
zxs#?|T?i^<^6&BGYU|~*9S<Tew0IeR5GEt(^$EwxVFXTF;#2r|1nLr4pLcE93RfMP
zB+7GJm)G78<H_(2TGyJEn`u8fj#WQ#!(F?=(iU4t?CScG<@fGAHuqcyG*EWnc-&P-
zP=`I36U@$P?eS#tAM6_DKKxkb>N_4J-zn`oR`WNAQHa%S{KrYGe3<(6)=Vlh${?QY
z3&C)<R$Fd;nz%3djZR+{iv^Aa^tc1lfuXP;X~5NJCYo-ehj!A7=%7BpeGl<uAPT>{
z>arW7?zq-5zPk+jt76kS)4fRc*pz&u9K2mxyEx}uVJ3gc^EQtq=(@aqN*>u~ndPsh
z)CbcLcmb@78M@v(>(wi&#|zF^AQ~4dGhX}M`n7%j^nVL?VlugclfI>_bA4UxsD<VW
zrOieBe6OfKbN02`zKXl(Hy^e33iBJzQ&`kOxKwd|c}5*mbv1ofsO<nlNHEb@G=$`I
zoXATKvnCvJ^0@opCTQB5k+M{4&LpVUE6-@8PxJY~tMMLvV9bE~AJV!s1j_jvI&*aQ
zk?)ZU=r|iI?UPOAmzlpDo3NC|)>omVUnfOP{bXhQ2YgUzL>J-7s`!jp(njp7V{Q`r
zT6LM09_DS6fv=I+SJ@pIQOLko7Y4pMi-($Cu%M;CViYx1ReG>g8^_n;{>!MficlB3
z=rkkI0_c{E0veCNOES{J>XgtPCnt4!Y@ca@Q!+Z6XmYh?$p`c#PWWX$peL(6bsQy;
zN<4u!S(SW<V6i+(e4r6L6Siom8?kjcyrm`lXJ<3A@7e!S$I@wypeqZV%@?P61!7nn
zm*{ycS7`Ja@cR{>nxS{pGKugy#}_Xixp-EHz3{D-^CjS1ddV#pJXjHT!bRsPGW)Qe
zv%qS%FZGyW(@TO&K`t%rnqxt0h*Wpj!e<bbLXtMEkZ5nTHF#tt&aS-?Ct0y!KqOEL
zL@F@25)z*X*p7y#CxbD;-%XV&i%(sqTP^$43_`Z9)BEXRc$A+AM74`CUOVvJHLsb8
zx?tb7;MW^?lfUP@u<1{LQDqyN9lnp0;zT%Nuq~GoAIr~4mM!5Y(d-gy0fXxC@k2X!
zjPVuqRF9X9gXT%}nD2{BH%x1r0Y5kX|A?(s^+6CSvb86u^mDeJ=2GYeh)NLl#W7!|
z;~c%uCkF9(mS$PnC)lSr)?Fpq7j1%Nt~q=BX7V!;2Qq6<H!w?uo`1B#%vmWyFY>gh
zXT@!Ey@Py4PPz+ClEX?mMrjur`5Hsn0FB(Y)?8MfIFHL)cJ>>{_?|H#6t!99&hN6G
z=jIE*LC3XjME1|PU--_6@N~E#<S{*6$TK~TF6V(mx|76A+%@+WYiPXOb$qpl3z1<O
zQAw5X#R8z<rXqzzEnkQ8Je`7CcVopA<qh(GFX0L8>sKjK<?Cx!xv#yCa_|$0J!y;_
zK(K57WFaTFL!de08vT-6vuMB6)_7W~V;%6;(Eb?f^NEIULh4fBY1rmN9TcGr?N9LH
zR}J4}A*b)7f9bL1`yu(B4nIu~Q>T&AH1oW`$o@{5EVPv>WJ`tSrGbfDATVi@m*34z
zQVE{l*{7tZGmiC))^Za}IcU`qywgQ57_EYi=N0ag2|w2O1H|p>hf@9)<!Hin>eCAH
zaK?t9b3lxJ^*8sE$)i=I?vmlH3fzi}omECjRe}cT6SsPlxU_9kbW*g9<@fB_fz-3g
z&Qe5CuxFdfcYXBk9<Orr-qP?U>)FQg@9e2J+zLG78(rq^gVsWESMPHkrsL#(55%`d
z(I5C8buF&j)~c<>7`7Xn2=W(o+pHHtk6S)nK0ie91ShjJG=J-AWhr(o6J#KZ41cm+
zTCp}H|1BCL!@vY7N(9EVRUrbUJ>ZKLL#tVh3ZupPzTof*o!~#*wO&z&ZV+dX%tOyz
zfTy+kJ{@XD9>emH*Y$mIwZrv`dhRhEt(XhgS{%JNItZGHBT8L0uj{STN3ezYFBU_K
z8ZQQ^B8cv2y+|&$qE=FU>*Hqe0M~Z0I8}D$c<%NEE>J%^onV<%G-N-v)(+}^o^TGa
zR_j%-*<>DYk?{J8I!pAiB{E|P@ZfTfe1EaaZ*1PkXN7FmYqpqN{97T6J_i2U=9RM&
zkXh|h{staskk9KX!!AXcpg{yefrj%tvAIm_I1#@2WJ`VczLQ2g)<N1&Zbdk+wKw7z
z-XpN}j4c|QBV$kY)J7AVYudkHogF-PWXh|A=Aene|G<OL99TBo0}n!T`FJjAymZ~n
zL&l`?w7g)D!M6R&>QJ5X{H^Vobv_@?ZRD}F)2WL<4|v)u&&PTP-X%|O<Rc0mUrB2D
zdbfIRt#|A09YW^3`tfRH(l0Vb|JFWRbl%*!{c~M-KHVYmRL?VP7P>Q=mmjxvq0!>8
z;a02#H|vLv{G~=>5YbFt>Ox8VD6=*6S+ivAtAv;#)EsO1zUV`>Iw`ELyK`&Z&WV;g
zy~wD)Cfs|X{WGtABH)&DY)g6+%FQAj$OAWmr40=wl<(D=zS&dMH~Ud<%l~mQ+<WrA
z0;(A-e5dZ(gtqt(qv}+X(p8Kz$}LXuZRYsgRg5jXBx0dWaIwIAzzZSqnDc(v=e%F=
zI`0j3Z&!H4<0vpbY2J$WFpFCKX;v>BS3#~q55ZS6^w5+K|A7Syoxs`*Q4L_|B*nXv
zCf@y63n*nRIQ<dPDV24`|Ht0j!0A<0XZyntKw$VZP#}PlA%TGmF@yjC0Vg4WfC0j%
z5y51VOdt}HkOTz98Wj)`D=L1YMMR|)Eq=73QcD$Ewc1+${#$BMX{)Waw6&Jk>RVdh
z>zbS!7LVtN!-x9zZSP-J)_v}?_S$Rjv(G-~nVC$c@8d6bShLThV<&xS$02^}NpH`&
zxBk;(|9w;EhV}T~M{XY4lYjGk|JM9g)0uPk{_5&`TmCiMPrW}q_TA^F-f?bN{ngc<
z>z>E>u}|gva~NKX`RWU+@DFD-&*1(8`tM(sXX(wm^Dk(cErm&9XFbus+TUG%>htIw
zR}BnJdgN2FcNAYudSv?;SUu^6uYPs)zTA_&zR)=TNu5txKm87I!@~nZ&v?~e?=moS
z=!MI6?wk9_E%N9;0&HH)=6>iuPw~H;+xmj7htGZGsoR|Sp&y=i=At8C$yT-JSv@m9
z^b>w>#=d`Z(BV5A*8JulUQ{Rd^!U2k`ONu8zW2Z>CV(CAk;l&?Pw8#1=@~rZ!ewU+
z?!P(WKYBO&gGZ))HD6KXCw?FE?tSf5e7~fRN5<yR3wD{~|1q1x!I4QnxRx_MyZ)nh
z@C<&wfV=GGf94lD&dIeo=oxzq&e`+K=IZcdx~Qk;8@q6QzOhT+M8=f31NlP!;+{!|
z9?VzJ`Tq3m{bx*>OlOBoVKEQP>6tNO7C-aG_haU4HMn#CtjWjB;`u*wPH%tztR`gZ
zzIpuHgGW9l@qWQC1$_QD{$hmcwz_Zn;LeBqBVVcE+s`}sE<oxgAODk5&!btk>YMWD
zxA+bm=)Lyv9{yA1k!b@5kNn+npS|IA{4DWYM$7~cj-2R^3HaOQ_(g8tdhD1dGUkso
z|LZz2(=z12Gqzjyyvckusdr%a-lMk~IHUKw)34o;k9V7M-rW0`Ia#^;8I!(IztOjH
z_u)z3n8a61xW6B+#qh)JyHke0jwlm4d*`Fxu>05lzsE*h`?Q{$8AJXl*`puu7ztN0
zH%`X~*Ov9YaG<aGzhWNyZ=XB<@AVswoi@a^E-&2Wnf;hgz<XY@!(a1dl|TL-FWA2`
zurqVCc}l430KWb-^!dIAhlU0=Yn|Umo76KjCC{gQUvbd8cICG>J@QcF>l07!*?0Xx
z@0z{uEBG}l`}Phj+-lm;%$<6Vop;p7cAIv=9G>INvyFF+r}cCwJmI|GQp_WRxo@}J
z{ms7Te%1fj-$}7&-)>A350TgMQDNe;zTO?r<oC91_s;DW-So<(C%y446Sg{TyS{Du
zCeE1u#--1l^W3Y4?&hn+n=YI+^Q1kW-nZ?k+xq?ZQ_kn*_rc31&9moO(-uE>%7dP|
zmhZ=J+c)tK_%<a+JRX+a@{>M)<=U7(Wq@taFZW!+C$l}j{Itb8?RmEUoi{(AGPiH5
zFY%uf%$(oDzu~$0aDHTJ+6kvD^#6O9-!ti)Nrzv{GUAKXeOsM$z<2l($#D~QoOjAO
zY<>K@r1|_0;5(kvgnwz`-yZPyJC07;+<16+>DcLOC-gMRRsU;v{*1XN_MCV4c`N_+
z>ED~Z(;<f+?LV`~-uY9XOZ^(vBNKhY^uhhV^qEHvS(m%@e5042!urgj%~#^)ThaKZ
z`aNHndCTmr88^RschZ;6-SCr11Ajm#eTVk-z2~6!{MF$8kF*&3B3pX@scTn0|2^jS
z60mXmyU%wV7@L>!DRpce@A(71G{Jurzvt$n5|gpbIBe$OvyM3OsM$x)nR~*#`6u3X
zbx+Uj*qzv2*u9we8vcIl``E+Sgll*w!S=-lv02zKwh&v4osX@?uEMUv-iqCZ-GSYW
zeF?iCdk}jVdm4p3TFc0?<ts*4o-(qg=fu%vJ*SSW@0qi1J^sp`Q!ZPBt?rp~*@Zo4
zjjroCefh?o)7D<zGjDWx&qQ*>hT!uWJ0Bn02#?(WkKG23-3|XX*7quE!WLtju-mY&
zU=L&c*D+S?3hZX=UhMnW#8)#9*lO%1><;Yn*!|c;*sj<2^i08qvGcKw*p1j7*uB^T
z*u&Va{0QX&Of1D;jopsji+vaCyMcMf7GmqL8?ldJ_hCQ6_I)jVU`w&9u{*FYVc*6c
z#&-QR+GE4m+1NVl2J9B>ZtOnnL2Sb77%MglTZFB~uEuV|?!_L!dTt~JI~H4tU5(v>
z-HUw}oA7$Zj4i-cVAo-HU|+%>#QOLpaZ|8)*b3|_>}Kq4>^|&A*j{g>2JCEXBX%Qp
zC-yb$``E;r=pQ>D+l1YYeIENhw%40DhpoVF!0yEE!+PFK-Pi(b9d;9TC-x=m+gQ(A
zm`7|Db~d&Vy8*ic`x5qTtmm!dz-D8Mu`95fusg8NWA|eZVY|MKF=E5m`PfG6M(hsk
zUhDzvVQkm8_w)>53$UfwChQjMZtQ;SVQjB=Fdl3vb`^FDb}#k-)^jucV8hr7>^kgr
z>`T}~*u-~IE4CEdgx!vP1$zkF_g!2A>>}(&>@Ms+tmoHRE7(HpBJ67HX6!EPYuJNW
z-!0UQ&BIn;S7SG0cVYKo-^X@+H}?~^u-FQC>?(NdCV1=)c<f$yux9O&k#*}<uUbB`
zan;&2OV+JlyK(LEwX1uUjjUL*e02TBRVzI;x@5z~k&TyaSh9X}!@9L=HjMUMwr2h4
z^0gPPS@q)46-(BPTrx^Ra;+a-GkW3LjjP78*+&vCxqNi}26|9iF}i&HmFqSx8C}1A
z?fT8fYgddua@ezK_3F_JM^-OcH?p3@8%K?)wOqF5;x%huwB|9|=oRZ$tsh<S7;XLN
z<!diSyKK#d%hs)1yM803mOPzfwElX!=c17{D>hs-a`EVrl_RTGU$)*cQv2FV)-eqZ
zrs&Sb`V~voGR&2$*S=^hccWc0vb={HsBm<-C0s(|kqb$-eD&H5qf6E>T`R97b<b8<
zA3smNEA}7<`{M7$4>tb%Sw?NfqV;Q+ljnqsMpmtvd)dmBPST6ku3mZ8SqqnpEMGpl
zZsViJ%h#@1L)Sesw&Ok|mwp(3EPi3*7vmRjyrS{z@K<nrRpYP2U(NANjlTtdBgc2(
z@51iIg4D6$qRTd}@IrxMY_SA<h1gqqdwSmGfWg-|zK&x}>3)u14c9#WF2}EfYaTzu
z@zda%#}nSeyume(CvtoZT;osA6pned88eTEIJR$X0>{qBN8p;r&I>PAW9G5*!sB(!
zw#Cn;{VVaB#|t=S3m!9%7jrxxuX((JW4B7p<Bc3|!fPI1&GF0en#XVD_;$SJ@$DSD
zP3HXF9P>yRGtYm8W48A(^Z2_QbNR=N(t9S{#`?o+9#7=>Ie6PV4IAY6Wc=ya_SkHW
z7vk-62W$byC*d`ZmvX#7y*a*uW7}$;zmemu@!D?KZ5&U)YaZXp@iutP<GVPvZq4J*
zb8MZO$6w>vIyH~K&9VJx9{-5r9r2pSeedO(;x&(_aC{RNUNdGE$6Veq+Zlf>$F2*_
z<3${&evg-O{B9a(eH^dj__yJj$D26*0$lU>MvgbEU4HQ>7h%KbM(JAb$F=K5*Q{8z
zzGwBS4I4+fD^{&tzHxOEcp-74>n~q+WwV!ZEL*i^<=P(jMQb-~tmkYs7HPZWhmWjS
zv3{)0%JrioE2w3qo#L|xEL*ikxhH#s<8-f?fOoI)8r*{qq~0ISjrWD|-Ver~jo${p
z6mPrLc>av-8(u5-3)hqT#3MNAgcFYGA6&kE?S>5-*REZC=xHbQKYFm{!b1<6K6B>u
z8HXNy*r695w&JKGkC-+4;Qk|~BaKaMKY1)^F%!69WXZ`+&pBt!UovOzS*I^N=j{1Q
z7M^_e{4?h)JnOg_JItAT@^Oc`Mu6pr1)JSi`BH}=cHQhAiF5gj=!uKJY4hoxiH(n*
zc$c1-z1cm|&tP+$dg9Y=ujYL6CVpL`&uV<~CT`zGPoB<Wm!*hLT>6iX9-sJ(FZJbo
z+I91ZOP=`X@!j;!yot~FQdc*h`RN}U{iD~rQ(xVjPk%WdpZrsrxYQA!`tNMcU)T5r
z9X@$xH@Dcr=6w2%pV39n`EEY*l6pFQ+NF*hclxx8-kCS!j!#_XEA7)y{ISirbKKc3
z`syYw`4X3Pzq*;9#f?vYS)Vx`Y|bxge1GGUFFx_zjyv_lXZ%A=-W=zAr_cC0^`CW|
zc0)}+-QrW{czyC^-a6~=mM8UeJ0CrDcIJ&9pZF*0b6vAuQeS-M`c1z%A0Pea<ulKz
zGxO5vGY_dF=R1$1KT$u_v7XXz{5{S29LMLrOTU@F_|zGnxcJ1S|IAC`yZN;1=F=|g
zA^k;9{n6udepWNy_@U-F=R1A3^SQpA@#())?~I?<(QnSDea5$_iHqLNclMY0&iH3^
z<Vk$)o1D+Qr=P@i`ke3P6W^IH@u@35dVJ<5<A~4s&iu(Uqj|0*F7ulB<VjueiH}cw
z@+K}mdg9XV*p7LQp6i)*@oC@bQ+IsM=Qw$jCq8i*XX4`TZ0gH6qQ|FweDo*kJNwCT
zeEP}!Wd0U*na9p?b&flAcFt3d({JLQDxdo(e!O{8fBcGO+?kibj(JGjc=P|i9+&yZ
zyk)$(-tk#q@tN1z9rK&^@wpB;j*p)HqvtsN4mJ6+?yhT&r!+o!(mp=xd`1(OJhPhP
z)V;1FPx_5do=%^B<I``q<J6n=opCN|`j1b)@$)+BPy0@vd^4K(&hwqe3p?V{F7;=;
z$2M`9uN>!m`pt2C@~msxcaA5=i<<KpXZ%|meL~|?|Hh8v#K))K#HYUWmwc%+de&9i
zPigv@)%fUXm*eD*&-qTD^Mg&k{>Be=<WGI~G<w>_&*-8r?a-5VL8CA3INw=+>P<hH
zm()AEX&;|D($B)?eA;FHGmkk=zKk>N)9+PHp45{%(_ixEy4=`NSI(!O949_`(%(Hz
z`=>QNbqzPiiBJ2bjecG8o|O9I(>}*(x2|cI^Epl(@u@fCPF<ZoaWk5{nXg41{p5VE
zTYTE5pZMfSJ)QmLIPuAo_)eem@ty6HCwkgP?>z2|%lYVOmw6s+=3`dlJL7Y{zd4^g
ziR-L8^ON;F+_X!-Gn(V2jZdDmo0s^ez_c4`^x?+mIxTIEb6@l~$EkBlbG)$esVnC*
z52+)1@(ecZa-6t~JN2cW)S0-9D|r*&>2v;x`t+Cf$)CD2?!;x>iI1N8bACZH{={|j
z=`VRY<2H85b8Ls6`AVMDVZLTd8T%T1xaZrr?W5PW3yWT3y5+g4#Cy$?v&PpvGfIqW
zqAh-~=(V=WYfk4Rd1?(c&$<#btMFPwZR>hS&e~Tu-Rqn9%4^$Nf8{l%@|vg4XB}^i
zuQ|uVYunma<u#`A@x*kiq2{UcS;sgYUawbwng80hTg>VbU+b*#mDik8O4~Y?%Io~x
zS>mrNd_fmp`||r3Syu~7e66|i8RLkl@#Eq38r5-i<27d;OVzvanzP1qtD(+$<+W|S
zjx~R+t#ZGIk~yz>x12S`@2jM3?YFkAd(P@|y%rZ<>#X;C)dx%bqQd(Nul-hD^NdID
z7E|-o`5!7ZRK3P`<8?l}#XMfU<{T=ujVDhX`;+0d-+E2E&ChuHs^c0@e2uAN?^Z*N
zsl4X-dGNZ1>wQ$mTY0zrq1IgEE3YyCH}JYP>e%Zw>c;D}sAH+|-Siss^WZ~W?z>uZ
z<@c2Ms#jk3%vy83zLnRpS6<szUfb6C>oux*#=~pQ@$j0n-WRpb8dK+|##CP8XO(%b
ze5mL(z8fD;d|l7o^3?jf#dOOvuS?A}zUHs<xu~?QG2`Lg>a6Re&i{-qebqd5Ppk2D
z&D7dz+itwZkB8Sh-TJM0>KH4pF_qWrRp+Ym8sDv++Lzyh%sW_ZTh~C%Q~Ro8ti0x_
zyymGj)V7t^nA*1HJhsc)s4;cj)|{2s{M~q+lgev+)oTs4ugYuNI=8iL<#(3x*14)N
zmDl{0*O;FN?^avYE3dWH>s7Ds!ZP-5HFulCZgXDqbh~y{uQk`Uzery9y2_tS4RwAh
zUs2|~UZcUH*M4i;s{apX!oV+U9_n?e*R<AC*Lmgr)SYKU<%30^U3ksejn}m_o|syH
zjjwvGd8pJ=@7e2$KBe&S)KmAC8KrIQYgW<goUAK)?W@*YdF`tkuX!r3^D`d3&O_Z#
z>fA0W^;ceNu6$mJA1b`&@5XDtGahH#nsZ^7wl!y+pE}RSmbUdeR=vj8nyX%U?Q31h
z-)-KizNp04xvl)IC1yh5bxt;R(QBT{Yt1!J9dE6(_FKnZW9mIv^G_+Y%__Xc)SOkX
z^;BNtyYU)7So-ZRe5ml+ZyoPFC8p-Ae8xCpmUfA$H7qDGiwm!P)jF$Q=b`HL8r6B2
zUGi66$5LxsSmJBWx_;`lu6pga&TY+KYrd-VRmWAwUhAy&)HQZv$y3Kz<7;hIuX$=;
zwa$A={-+gQ$2eT{ny2PpT4MaUh&-3;{8V1^SH0$3S8~?)s@JhpUgx3Cc^zXnUfa$n
zHPq|4sOYt}8egwh<u!k;t@7Ge9ap!St6uZezG|LsyvA4FEr0E+#?<^ZrkmcaZH=!n
zHD{gw!E#+@72YjRjqfk<wXfQ?+nm(vRrihIlC#!4qv%TuuYJ{=^GZw~1J3<ba}Jf5
z;lk_MTUzwGNA(xIj(tke7ZzT}SmW!psAH)ywXeaFv+A{No%1^0I<7kQ+P2PNt)b@W
z#%uh~gV#E1{#s9+lRD?MZJqO)r^eLzsqqWS{MWYQ;kC}%SGTqs$I;iZU1I8WtbNt7
z(6nd5pnv!D^ke>WT)nWSATg5=jM0m>7&T*ZF5dX$X^T<Y6C1$x$3$CO|LL{)^}-nW
zuVA(v#Du!s@v3`0g}OZY3`L+Gq|TiX>`O0<k*95E4bk^77#J^)zPBQ1>&t6oUwUDT
z+<ywK-kCG{KAaQA%cDO-5va?fPf-Nw^5_RE0(E)x>54#I9{q4dpe~Q@9wXG{(T`IE
z>hkDw6@j`u`bmmFT^@ZQ+`U}=)S{mW7wYoFKUWc`%cGyK2-M~31K0>A)a8j^sR-1A
ztP_vJJ@55OTzrjjeH*i-b-sHO6K`$q>!K~^)6vbT7sklb*I|l4T^`+EuOQUr(JxU1
z>hkEXQ3UGp=)a)|)aB9tP!Xuhqkl&csLP{o?ZpM^^5~O`E+6E)<2||P^4x2u7F{0w
zjH1(g47qk5gy*{Jh4skY!@U-r_x|>cUhhYwF(jwI=D?cumSIlo+66PG*DJc$IyJkO
z3*&?2v_Esk8{>1&y~CXDb*b$LxM<7c-fJGcFh=gLIxtT^Ce-_}=!d{<r*2=4!T4um
zqOC9YBiraRpVJCIs_+vEcYP-Q`GsFt_=dt?2HzR8p4Vcctsdvsdg?sOy$0%zOJt1d
z<{ZX^`Y`7DP@j(pb-BOBLj5_IP?u-!E>i^Ra`$@Uug7{Z^&2psyXx=9vQBP?yGN*h
z5=;Eu@bvo`c;Y_`w@%|ej|ub36aUBX<oQa`|E%cu75$q<f1v1pTlDW1{hx~d{i6R6
zF04nMdLC8;>hkFR4${;)0Uq7oof*Ba=)1#(dE~ji2NqqP>o~3G^4w$o2f4yL^2Ga}
zOQ+w3@YHi=iI=C}l|`2uZ~Oe70`tq0|5AAJZz%Cs!iDkjT;E?Ux;*)>F1kGW^+lIQ
zzp?1@=x;8%Jo?Q=mq)*~=<+<<K2~(O@dMZ=i!RT&ey`|q?{Vkl%SD&()aYL?y4*d=
z_<t<AJbUJU6kVSA@3j$dp5@WEgWE*iUmq2Hr=sr+Po4Y1h4J#NhZ#keC(jW@muDTG
z4o|;}O8hw`UY_}Ue$nMV!<1GRU7mg~ExO$L2e6mH)9)sD;{DZF!g0x?Uk~?``VElO
z^M<1PYm}nDz34X={Z_azkKA~r+lwwwo(~mWo_anCPyHV&`X@@fJn^3{x;*-4;mLDv
z(Z5jQ<*DaS;GVMnKZW=nFo1mxzFour(g0vgkZ1j|2;rU!&-&3P&z3%;?MIy5==(8i
z=zKr--cdgV6K(Zm9qNTK@*ObSPQldVK10K2!ShaHzdK^aEGYUJML)mjqeWi_PtGgg
z!ehB>+nle)gu47RO#RQXTsxm-dA9y*(I0}(!;H`G)-jLVcO&)F;EqB58hCQvP-5Kc
z67#JR^8kFWrtOd5>Fd~DL||X?#GDQHy~@7cSYqUUwp70Zep18#6;9f*JP(zaomhBB
zHZdo_6EhE<JQu)ojaI^i^~lf0+t(+HF3%YM4W67of+y#0ywIlKli-P208h*a{8yU%
zSHOk+%JZIcebL7P_$&9q3OGaU(F@zka}T}{?s@gqMPCmW>hi3gS1JPaAbqJNmwo_q
z?Tfbf?6>;dr(Rpp7Jn+bdG*2=dB$=UJagzZiGChj7%$Jge4!#}>uVFbed&cUo3QM4
z*T99kJo@#DKwTdFb&5b;9{naope~R8HbtN=kNz%2pf1l|@f(UjJ;-&r7{RgVGe2JI
ziI~@D6DDlC2}@tsz=gUz^Z6Qh^7tMe{S9#YG2XF6e>+^L%k%keOEu@6L@#U`WL)lD
z_NN!d$n$w&IXrc)fM;B*;KF!$^fih=U7q?k!uznymFMNxVZvj1^1N0NsLONj)NAK?
zk+IByI~ILvp4({lH4n?Yxz2_8gXHN)Fppjs(~o7HOoNNIw(dE$)eB?f*=KB<+J@kn
zli6@#ygcJQSrMqq^FH}JMW8OvyuCmXsLQv<9Q&5;(`Rztn)Rt|2HdvlM>pI&b1`B5
zAoF$*g7JD`jNJXpwufOtU7kJUcty~bb6<3G>UYM>a|otpeCHe{=0wg3W8`@jk0=6l
zd1|QZ*7G9c>Q;j>=CL00Thn|@sLS`qtl9gB$JUs>5`O@u{%TAZFVA)SHF(<I0T;%|
zqkmBmsLTD@hdIB833Ykmx8vgG`aTU3z4Nnb_OxRR2IdJK&zx9~b8>Ri*gW#|>zYhG
z7Zv?lxG-Lxd*`i+;EC4by<<JcU|A;%;KH18*QIlKB_`D66EO9cVyXWf@YH`ZJTbSx
zQ}ajQ!aPCd(DxSW(F<ebS(7Iyg0{APO~<zS)Nna`Ps}=Rz=Un(Sy!)D1nP2QwU1)S
z^D+3gjs8izFkT-09=K4y2TT6X!G*efH_ZHhh6(i`^ROR6FQ(7h^E!yO`1$C@>r?ZI
zjb>j9u<VnI;le!f?EkJk(UyNQy7~2~=LooHi}&5qczx>G3%(6zJ&sGXwVjD>TfHzw
zp7l8l7eA}5IgFWwrR`j}Xlr{Ex^3c(ai4dO8o-Xl^1M3<F52=8p_@l9jFD&T^*YM4
zwvUI4ww(K*n^P~0k*A)i@XYgpaAUPWY<p|~tNn5~hO9ToX1qRmj)NbA+4e<6zXERG
z>TkeoXFWGzxfkAEboYVXG2=gkiMBC53*B7$)L=bXpU;7dwzk$|TfHzwzBgvShhw6x
z?GEU+)eB?f*}GgjqOGklw$+O#8sof~M=#7HPYty;&x>3;*OhJcqOFGU#EfSw)5&jN
z`aHW`SI*G@=I7>IyJ2`AroIppZMAtXnX}$g@~ov(;lj4^+>eXkS^v+6i?;mz=;qgF
zEp@)vWu4ULGT~#$Joj_-v+}s#Io>)J4#)6#^86y}nNM|&OMd`n{TE@v`IP5ctbrS=
zzOLv#XN9^v^L&jWP!BQ>K0nO0rRRwIzA^eqn6=gQz~LB@)AeS&Uf8eP^>5qVFws_z
z`=o94!Wenly2eFY+wIV8tIzs3&imGW-T#D|JomNlCZa8;b8b$(Fh-th(K*KC^f@ou
zaxOtPr#^Kqg(v4qxaVzq5oWE{|6)x1qH@;xOuuTm7Io~N7g+-*z#W4=W1I(1+j@`7
zGxpO<yn9RH&nf!3aC18+zB^_ASq>L%^W$^WHhN)<JnzizU8(bYc={cI3*+U{JFn5!
zoU@*bF=4#iwXS{@CfaKA{l?n#!WemKdoDb+Io{0G3*fdhekqn3oQK4(fTxDb;G(UD
zL3DHJvxbM@qAlJr8Lt<{$a5_YRRm9U+k?nyzxs^Pn)B>C5-!^Moq=v!ecJlm^!-Nt
z5=^wUbq<Y*AAoP^>sJRi@p|tW<Ly_p<=+F{{CZ)GJnOB#Q+ZzGUUPr2ZM<#$e2{(5
zbtKyQ&3N>}7<u~L(%$%FYTlJTtXZG+X3d!^pEJ2e`xgCxqECUR?I2vVjnVtXzVyNv
zdD?F2y{>KFFo($e`z$nneJ0AYZ@bS6`;~i-82>^{wAJif7^4?$F>SS}Wq&vUo;jQc
z&pmP`T(sqMt=Ml}GxCAPhVjC-!;Sac0!*mO_rugjG1rs)a!eQ#WDc)K=*9G+Ev6sc
z7`<qV`DLx=x-VIywR!J*|2Xz%W1_9*+BVl~kXS#f+jbZeZEc@{Zh!i;?T5Rz)u&*>
zw({K9)+W^Di9b{ksLP`trU=yK(T`9B>hk1225$fA?yu43z=gUzdFCqu^&o4*<M29H
z$#4DcMFZIJSoC4I?<ndEF=2jrbf2d}U7mO53l)L7-0NrF_hF)~PVYBkI`6w&$Mc)>
zwtWG%Q*-QlLayCvc;@O-xG-Ms^Tx4Ujfu7zW};hzUKk^H-?Z&Hm{6Ceuk#dvx_mdx
zcxw}FeI0^sUwUDTd<V?7voN79Pfo9O_J?Kgd|tZ}E{vC_wqI2Q>hk1yogz>VvQB0r
zSerg`>pRu8n6>>Lwl!wk&tOwA^}oXs|6Ta@js7qA{)X>n0I;px^=I4qb!oZJE%kFt
zygb)&Rng@c@0y~^t+N;NXQFZ)Z-V=5F#qjv*R=d0xUe?4Yg&Dw34pphYjOpA0h%#>
zKV29j&vWD>a8IfGGbGVJsR-2Nxh{WH^sxZ`%60MC<7vIHt^6cx0DBuI)a8>g^-p4A
ztS|gDO#M5UP?vih&F{~}osBo<1!Yd;M>YDJ;0HGRQ}C>ZPs7b&+k4>Y>mT6!8SCpo
zi03tb-ibeB`mPZ7LG}4?-$&&yf%9i9=A}j7($D9lFXz^_1K8b=JX5~f=#Jf=tI2iw
zI$WsBT~|uq;;-a<0G>QQ^dvAo$n|pX@N~Q}-pl)71K4Sp=hYWs(O+0}_q6EO7X3Q-
zWXwFjfr+*n&O)~jed_nxI?w8_#)NI<Q!sOW5EJV1%)>_%fx2AX_>W`Be;3?mf%*Rs
z6K%D54;rHvZ84{!8>2q~v#%SmgBsr1ultGde}xHi%6)%R|7R>~^#^d*nED{a58}<g
z2<|nLzXC4IBR>YOemC4x>c0yaYV_|Z0(E&m-uUf%`3tDa^R=KUaGR)4g=ata=XrKQ
z8^BJ63uENj1J5tIJp0l{c-p?a#K?Ci#{lNf0;S)Z;Ca9G=jHe_*4J&2i<<a8Ck<GG
z-2KY9{faI>0BryphUb0Yba--}0rwgi^J2I#r`%_saaR{z?s(PT0#D6vg*#X3zg6@*
z;aRJ{4L_ap_BFwmC179j)Nm-=_djD6mKb^N@n!JL&$<#L-;Q?H@FF<fZ5|8UeNX+p
zC0@P)&Azs`NMJp3Kg+4_U39sJ>iZX6uGWhU!@YkzKD)%o&8>buJbTFHaNBwA3V5D7
zuZ9bCdE(zwbb0FhC_LBVWAN>1XJ5Yy*K6N`XHNbao_XGi%{KEe>c$J~S3U!8+cy<m
zKCjXLqUiF$M&HT{0n8)M_1XoVI(LOr##sJ6O1wP!K1G*De+E2x`inlb#LE+ZNYUld
zp9xPM|7*+WN0fMZ^ka%H&$T|S=<<yBe0cVj7s1n)|DA3xW7l2`&pYH>8r^w&8+>*%
zKYt1r>hjd{XC?kVxR=B0_06I`Q1rir3-id0w}uCcE;qmWzZ6}b_<w_EEI(@E?e{<6
zwln`v8r|aw3P2}Mo*jxV&$xCex;*tvEV|r1*8D?7=Wq;p?jO#PG5XXz3w|axfL)6T
zQ^@zg)Zc+6{$}`rjs6+DFkYU0={`l!lrqLsgZFPQ7H^F2)P0zJ4Pv6L?f&StjW?zr
zOIx3HqOI*E=(g1hW8`^eZGsE+O_;T4w-$acTo@zw+8OgjOsLCq?fwLwdHV`H^Z6aP
zFh2NY&rhyLytR$@x};6~<7t~`rCzkn$#`N;plvUv&z!qAXFnN%3-ileLteX=VTs=a
z&wI!l;G(Ub1?cvr7skl*%zB<8P!Do_PeHJ)UKk_Kn(@6L^(-p-IdEaTJnvD<6v0!`
zSKf=3Y);vl(|h0g^?8Q+&LSVcya#hnJsX~}48wE3oCp`zEYH}V15f-y_zsvk&&5RB
z7=7+okKT1+yze;4V?D`#7+jb~9^H3s(U#w_nO~o^@ho`q9}7>OIdEYfdGyZl?#Mao
zJOdML{Z2r)U%hCHnTc+UKDD{#^UOUHo@+4*&o#OTp7nDXT(sps0^R)jJl{`-XPqpD
z?}0fM_fli!Yq8|N3NG66XTQ*APNt4Ux5sbKIs1sWFWZT>{Km$*#q8b0=y^<!)!&a7
zZ8@#aochdz&(Mswt^wpR<laAqBirh8?;Hou*cZU9V*ne$gf+;Me~lt&tIc(6{w=NN
zDNT$%{XP>e+H%(MI`7st-C)obKc2n1)|nc%G;fpX%W>&b!y$0dRzuwro=nWiG`3&8
zurK*GnDcNNmiuBEe6Z24$J@^M8!+eB_)lS5Vd{5deVF>^F`+Ks6I1^tmOKx@vo?MV
z7sktTP4_c7P?!7sHqX&Tm#6;Yi!L{h@ym)X_x@DB3Z8m?wc+ZU;FmTr{{k1*AkX#s
z-*ER$<2(O7U}BCZx%Y!Her?TE=D7-<82??K_nR@D|K9ERM*p|c_DAr%1MJ~V2h1tY
zc#kf++&$g=mla)}b@gg^K5xFQ#K^PvzQ5@5Jo`Rabb0RU`friwdJNe&JP7xB#*lvM
zXCQMQ9c3_Zj6vFt=iYSe=GQ0ZNll`*oS757Xp5PHZccr!>0Ef$q4|A=4PaMd!aVZa
zBiF#EV#fR?CXA8iez^xO)bGKvX1)MV+kb*vi!tBFa&JC^!ctp5B>fI40^{ZBYc4!_
z=E3*oytQ3W;^kRmFE6@$xQYM$qRV|YnCIW&p0eMEA-Q*sqSNTJ;n6n~-LJFdKKd|R
zm`9%c|4`x|gy$aLwyaNi>OTZ-s<C;1`|dJ;y|l#3b8mjQ=<?+MBY5(B8J_(AQsU*g
z2mLyjuwQxB+Z=fA!81yXJon%dc;;#;JnQ-55<ixlzjBXw9PTs5TJ^#j<bKw6>~jl0
z4=#)elE<}Y9=$L|p89>i5^Zhkv(g;K%*G~T*6=)RQo}dmGxk@&Q|H^^!nX2lFx&n*
zmif5_9{s&=VZ1!^cBdj}tJB(I-C}HKj6UyLzC#H$d1~0we$p*Z#^SstkMF0#HbJh-
z3lXd*-k8-`?&WLXLR~)4*!%J6>vnkFu|EZO85{p;?AI{cEHoIX%d@vEF1kGL@GmU7
z+#1cZ8vaOaCFUA<#_R7r5cVbC4R70b6rIB{WFC&;$UgL`-~D3-X4^|JVNSX0RsB}X
zcIvlbnTL-T{S)x(G2>652FozsJu~b7>{6TDc`$G1@0U<B&qc&!9^6ZXIpvv$Yl|+A
z-uZ8wGe7Sv@nZ@3EAw*z+`jdO+1C^-_l3_8p&q2|(FnHH3uEMmVvc1cCe-EDY5c`l
z`f^RG8NUWgzgNOVTfYaP+eV)}gYdj>Y-!IKY1-<A`J-9Ga%?&#e?2CQk>@?<E%5aF
z)}p@)E{vCF{(nmms0W$DGY}k$UKk@k53`03V4he1Aa*;ZehvjZzu|YnU)Au=XQ+F+
z@yke(^*;)K1{$vCYW~Vv^?OpnzT{a~Z!5Yy`n!rQ&;0m3EMXpb?)~2>`d9#eWghB%
zYM5<(PM&}bU@yZm=bPYp-}71s<Adb%8DTEHXp8AbH%6beHw`Y@;?G1kUZ402;G!+Q
zAN?1VKQ-8AuF+IQU~Tf$?EWX(YTh5+n)SjMd2&9Hy`rD?nFr`tPBm*9z~*D3t)4-2
z+v<fea@VkJPr|Y`7Qj>Isc>PuJo|(9mQW9}W@aPUmtGhnPn}!3*6tg&jkm4y?A%%B
zX_!!#ABCx3gNesek9(hOm)H=rwe{Yy9=&*?F<u+<=tWzeyt{7c-DW)XjHfR@7g&!z
z*WJA$*Y{+&Xsh$t=(g3T?J(T;vjOaMOgz<X$1|?+%;7%NX8n3$o${=QIq-hWv5a6-
z8-6Wb7%$I0@OnkiHeT;9`_gBw`r&!U8-k0rwtJ)7R=*u)J^h$?D&n*M>qT2m-(##{
zyzesyHu3t*&tY)UmcL$$#5>=jExyi4V${;sIz?OC@r<{|<a+t+n}9k0`(mOkzwdd@
zl|F6VyV7<RT-a6~z3!8q7uidf!Of}99=Hjf@xBHw+UnU2-L`sRj6D6;&pz_#&ZlV0
zX}(yum?=$+UYJLI3^sth026Kbz4qp>Ye1g+WlL+x_cYtao8S9uXUu->U$pgmFuHB^
z!Wenl9;FD{+Scp-WMa0bu{G$0eaUlO+?z#P4H>gObLH0tvQFmM5VW;@GWXOktL@|6
zH}+%f&aGaw&BGwNF?!J!GoCz8RgC+N_2^v(1K4CtwAJQ0<Mq2>#&78z_3_4g@0q{e
zgYvvH91j<5wfStdtzNXn)V;S`Or6`T?ZL5(?KvNByw6$d)Nh4Zr<QxrdrP#{|76-a
zclN8_y2(EWe<(J9t-(AezXKE2AkWvFKcfiRYO{Xx>qT2k-Fvg%rf&{!jrZ$0=G14d
zeE&*Y=U%k+Rp+W(%zRFmU%w4DfSrN~bIP*@&QSzyeGQ?TN1y$?J`3d5V}9q{G01C9
zd1^QhF6>L58b%et|E)Dxzw@9MZFP<(W-@KfqZj6pXC9nq(U#x!Y+JoBMxOo3&mf|$
z?Lp|a)o<0r4B~gf2CySA(bo3AV$BCI7RRd>ZR0u|-59-Si<yRQj9#?G{8yZxJs6AQ
z(q}znFC0Lt@6~e0tv-wikB2e$DfJ7m-5TzGE86C2fAn5VFN~4<*}y!VdrN9s#5pnE
zoSUQBvj;b`wtk;T%y`ySeV??CwwkA)I}iHY`@Rc{w)om_uGe_mI=A+v@57wuW?EYN
z`k(k;?))6g_3?V?bFE!dz8k35{YoDF*yg<J=lG(Z1Q+V^#CuPfPu;I4NB8UcLR}tx
zg(6Uw=UIP+B2W)<-+3JFySV-7MO*v;x-okD)o*F<eZ23e-QL6fEM{N67j2DM+o@Q_
zI0E<CY0P!ltcKr>_uf?h7MAPv0K6Ad|7$EU+ZX`MFZZ3nm>r5PPuo7Y_oFfXdnG@Y
z%3lEQZ@51%l>G08Pil1ky;9<T0QcR(w)>kLScBYsNBz{I%ai9Kc=Gst7WdKt>~6So
zCI3Bmo(1>A6TdqFiJt*a{Na$qFM|92VV-N?>Gu{mf5!Cp6#dhM{{@_(jg95&aQ=+V
z-8Uq_G0LMqP;|M6_WL)G<oR~d|E}oYh39(xBV3qY9{mSJmq+jXy~ol2qr}Ve4BdIc
zSo*R2o7toH(UbYQLAS4|<~`8&N#VGH+`q1QF74Rb&u4+Tjb{8j%+I0Dr~5|c^L+Tz
z8+|Qa7%%U~%=x;;tG^!0_w3#S7wYnU%=phXUj1`e;{O~j)aB~Ne-9Jt^3?xtia=ey
zD`tG>@7UZ2Z9sES!1y5Z<8iq6ntAk@2j|x7u09hJ=8;D~N)f2bqr0~Yb-B9r%)x}Z
zJo<@>Kwa)ThW(y_3H2Z~dmQe*XS`mt#gAt{KaRHM(Tlb`<B6F{Tl47izO<#U&$y=<
zuNQ6o=DDU9#>l<(1~Bgl(bjf6W51HN)}YVc`(AkV#=nGTZQKvv6SLnRU|uu1zfXR0
z!=Gm`upap!-k6scUG91HSHr!2^7=Cv@@*UaJ#hYvwYjb6zX|Vc^gD|F5rZ3Dp7r)|
zxToy<E{JXI_ml8l8vX?XfH6VV+X)D^(I=1lN%q5Y;KH_YudDg5#)P`O4^zJp6YBEJ
z|J{l}U7mUPj3Q8%XIy^>Pd%S6`j_FtczNQ#stDBOy_ofU4a+?I4O|!#WFB18wyA4d
zp8P&1g>B`@>0F8b$+>wRGM~G1=zQuYU|tLFGd1VR`#5v!`-o7NCw{UbXq(%*4|L0u
zHFf|wvX-X6-D|AJ=YnX<?{mjm^}-l=`s)1NX!NND1LNiCYq}z6>uXnZ`_c<z<Z0`B
zhiGeSjBVo`m;1D6i}(3!e7y0sUk=BR>-c19t82id)}xkpfPT18@5kEa5P1x#$F*Vo
zdeJsUueULs*FE_Uwjr>sJkPaRil8m0YtfwgJTH7t$hw*h&z`>!F3clO{^u$Jb$LJL
z{J#iGo-5#qe<fVB)#E;FJ$lg=V|~WxlixZs5B1$Z9(^ucm{Xp5PE`bLeLb1?+iuru
z2l^Vo>b)b+`tf~CSdTpQ&rt;Ga_e^<>UH683|Uv*YVf|YhPqeCQ^T|1ncF8@!+6$q
zw|&XB*6C+H(RPje9PK>lQ}ZA^^X9nBp`DH;W)VE^10!(Jmfv>fk2hutwnw8KjTh>2
zy|HsJ;j!FjfcgtC^QkYzGUsdH(bpCISK+DoWpM9D<KBn~^8~r>_G64*q^8u|dGF->
z@L2TbczJ5Rpy=|{d@($=tuFeDi~bULYJMGDwAK6^bZd?`#(UE-XlpUgt6z#mcOFv1
zP4GM)-wsdw&G6Lxn{d%q!!&f;=tWyhxAnFY@zzw|smvjAU7k$av&my^dSPwytn=r=
zGY{v%kH@U%t(Y)g?);eNU6@dpC(nD}o>zY_=4Wk>@4}oHbN&q`jFG49cNKxUJfGA5
zT@k1UnUe(w=GO~j<hhQg!Bda-tj}6&ScVDXgP&*4<LJaX^um7S*+Z;TsLP`-Q3UGp
zT`=okgNe5K>pILe9U?Yu-Jiu%-Sz--I!1l^b+7C8yvTK*NsO=_dE&QJr|0ZTpT2z7
z_-^L>Z0Wi7WZDjs+kW-JnuoFMjpx8q&$&gvxajV68M}LtFpoU?<%&RE9{nZo<i84@
zYx)|vFh0n7J{-ZC^`b4tc{ir>S~#ZzSY2=O9UJ{hyfCMHF=qUqVnSV>`u|K3sLP}O
zB|PK0A8sw?`6iaWz6Te!mG6cb^S?2nE>F&%z>`xFz4Pnd$+M@yz&t_ba1w$w=|x*i
zKe{pc?J#R|&lYX*<9WAnU71ra+VXfl_VbR})byp_A9IXbdKP5<ZzIkcjej4O=iNu)
zqHSE$&~2kn9`~`sF!T5>A#5w}$JAen33Yj{`zsWIx;$(9)9~I#zXzW^<SX#>>l*IE
z%>NB+?}q;npZIMJ2IiM%j88B6SO9-zUA0|bwbZ;%)4-fT+8&5t-TL&krF;BWns~iv
z%Q>EywwgC*d~{sy`_`r(#GJRfC(AR&GvLB{<k{1f!bMx1HUBe-G5=Xuu2<)~4X4KP
z_@0ye7b$|a{1ecvUoYBXjz%{|pRpVd7sku8cb%*V+VadtH;-Pl#aOp7`t<bzxG-Km
z3md@RfF<TF@XU$tZ_(cg7q*q}hS~N*m}sk^&Us?glJj6iU|V^{Ze5}+XMJbr7BiU>
zj$NOzSgYTM*1MMWYxpX>urGOP>wJD~%{kj%iV5T8nTJ;>g0`Aph2D$lQ_pqq+&jNs
z^jqM@YPVwBV*}U+u(Z7cZk@(_7!&p@w;uJ+V4|&_iRi}YMO(}ux-oiTj6Cyms3K68
zNAG+e$TdCAU|@WZeaUNKUwUDTd@pPOI|37JZReodR-dnRJO`e+db0b*sZD;pum*WP
zFLdr9(fv$hUB;h}WzSy?7j0vihHe|ZFh-uaouLTS<<aZ>$alh=x4D>T>uYax`_c<z
z<U3-v^*$ACZGFbrwmxg*X*(4zp6a%Tk<)(l!u;~Alam#Jy4*S(OXt0u`SIOYwAJZ*
zn0@K9mImSO@9INX@*E8p=8@;Rbnfkme~!VRt>60In11&qb~@%*PQiq2<;nS6MevKt
zIhnqk2feUg`7makBbaEbr@jwt)x_+HKNYj>a!j<fJrv!3^}-l=*4}LR?wENx=PK9b
zbk3#UMev=P_zUo&tzYjA`_&6$<mq=y_sdDd*;em!#J1Mfk6GsnvC)SA2|l%b1)gWb
z-@()N@8LUR=KK*R%qe$_>i>ZWb-B+4``X#$Kt0GlT<6wU&AAe7@$S*~rBBWK!%x6$
zJA#R}w(eiH)eB?fna^h_g0{B*9rl5?XS7=8c1!pBRN|alz3a?tu@)1~r#znp-UQFJ
zdoz3o%=lX{*Pi_2SYqyiyY|%o02AhvyHE9Ef8BWXZ)1AnA1wSKxbU2OGG@#kb_CSr
z7vR;`!}DytqQuBkPv`G;a8K#QZYE}OljnC!Tlv9_{<m;r?f1Lz<oscYmnUZ*!IPV|
zhuRR>Rz8Ryz|JYUJUN#aUGDy)w2r@$^YtZ0o;vgU;qA+xVN1?0!Yx(Z-^rhx_ra6%
z$8cecJUIv0SUjaZ1)iKU;mPUGyr~;E2hN|d_<4}@bq2g2eE_@E0ANn}A$aw7z?1W4
zc>4OyqJN;#?dub8y?H(b&$HtzaG@^OoBuxeBjYVGKZZXtULNAfIR%~?X2Mh3;f-$G
z9JsI#dFJ8tqRXRSP;`0p`um0C(XTA=^60NBx;*-uiZ1t==h(kobh+0>{p&@S`;1Wk
z7Chs9py=Nz@$x)7epqyxk0H+v55n`z(hKJ;NX*j_oLhZraDUURZ4le8;m^d2wmim~
zM=y+#J6HNA@_ca*G^bveQ||DS8`@fr?PA?x{ETEwy!mHg+24+7&a3-1r|5HwKCkGf
z6y47|eb@lD7!&3RGXJgtYtV})8gn3R&7&9Qk>@$?vs$#}e=?sV4j`xf>a%{Pz_Yf!
z*M<GcQ;+j3+UoK8no}>@V$5Ys&2Oy8+}5?N-j-)Cbo1y%Ta4o|M(=yo05%sB#>+Ea
z-z_r_3yOX!To^A;{F!ibtDlW!%`Alr^&sQ22HWT}pIe%TTEDr>sg@dQTX}MB=^EwU
z&<k_Q{oFKwor4K=xob?_cb<&*Qn+)W{^_FM1Ghf)Z)3td^5pk>1VTN?{7go$54|u(
zp7H*o?~x<v+j{iEdgOVI%u@vF^60J&p)QZU6fV@4V$s*Yg}OZYRf<4e9{qYnpe~R8
zRz;vLkN!SIpe~R8F-4#*SNGa|1{3P?qcG>;$JnlzG245y0Au8N#_dz|u>k(c_4PP>
z8r+<EVIKMRn0j5q^61CGh4J#}Cn^GUdGym2fx0~UVnv`X&l>Z6S*Xji{$HdB)Ps!0
z<M97i$F(10^t$MU^B~^~b3Gh^iMIK14sEL!#>oBrZ`;E$@l>}RBB%Z8U6$rQ6!ZCF
zzr&bNAIAL5to{<L7gK*JHUU$AIp$|H`8zSuR`V~b-zPKAj@>cqGgrPl?T9(v&gbLq
zjeZ_J@y~~6Z&?Kw&W}9z*BV8jE|0zeo;(}j)?&YxW7%`AZFJjSS9JF}p&sOZ>^3JE
z*VLv#TiXLUXC3;)Z|QyP=q6q-+Hy`tH>X}0BTs(Uj%aIp9J+1w#yLMvcAj@>^1Ko+
z+WPfAwO_q3MxL6dD1xWD?Jzm*S1-&z+<5f`m{6DN)fZvHV|nz>JwN(VVuZ&_8*iSA
zFrhBjtFOa^$8!Aub_M2nk6(=K*&N@97wYoF*L5pbxBV@c@c5R-tKW_Zb$Rx&Pr-BV
z+})hFo_jH2ygbk7|6dWP%k}2}1|~d~>&^2WOn5B!+N=L3W;=BYNc__*26!yj8@FrG
z<%!>`=<>w(7hUexr|kEACIiOFGp>&peJp^#vJZG1zAM~Ny)cj5cY^_}u5%8@khbIb
zY`zCA%&!;bm+Q^HU*S{X>32F@7#E~p+n7@?o@h)zZOx<4{W}dV+H$syWpnhS^JzPC
zroCRvbF&XFa$cTsjb}ces+jSN<*ADC-gHj%;)#ykIW&)6wB^|b-59-iqA|96qSw)P
z1>5R#KX!h0-j;I%*jbpjw*8%rMfY7I{htr_UBdVmVxnzahoIX=FN~4r{lt2b=M=aw
zMxOoi0(k0q0o;7{yA;bkaxq-A)!;j&ZS=wz`CgcL=3~i!B0TqnHKb0*>${5azVit4
z$h|++-;D`%xz}6$eV9;}NB;mk{oVo3v)<>0Fh0orIE>JX>2n>=fD7a0dG~m!B2bqf
zfLYHim^svM#qzwc-{`*!cfT|KAF$N<AUt_?L5%M6!Z|hmI7MK7x#KnO+@i}}XX^gn
zwZeFL=I8Bj&#U`Aj){1W{hh`_J;?lwXMb?K=BdvS`Ht8CHU$%H`A5)gs~5(|GscyQ
zKwX}(Tnx8t_0>hcwCL;M=C%gkv3=&rug0=A-Ut_MwY9DD&C!qU=LaF!hd%WT!uv4$
znuYDu@Hu#4U-Hb)LPgM4!!&gB>xD7$%)<;tpe|2e$0>rgoZgS-)Qh&5@jQdPH_X#{
zzofQvO%BX2kM8HD%$57VZkTg*2`1X=@w|QMGjCoW(H6fay7BrQFx&MPehB;-nEJ_>
zXv<@cShtvZjWVtwf-~O3YzWLRkA9>gP?tx47Cd>}&!f+Q3*+T^k8)oXZS{}mIzCk~
z*-zq~TjyW2)i$2J<*BOesmgOOV{tv`h2xTEO?tnJw(+`NZM&s)`|Ktr-aKCG+#_eg
zU2o29=ksW%M!y~}+G=o*um*kJ6OM-q<K=mNJr|yJxEP*z_u=%l0WRA5daCC9smfEo
zHj?W#b#wWx_50j%uJpn&$}<l$6+zqB2hnY-&wX0=0pu~{Icpup*LvjJHoDhb*q1zd
z%_)z56kHfDk6xb(^5`ePh4J#}Co2MVd33+FEY#)E&rt;G^62jQLR}txL=mXVqhF{9
z)aB7HfoDywDf&jZFkYT`zb+xv<<U36h59Be`n7POE{}eLB2bq{e}f`Wmq+jXT8C@K
z>-#=T7%%U`)IWj=^&o4*<8a><jn|8|_yf_6i8p2t%eo!!bH{yr09%9!^T?yGPz37o
zZ7}0kVM1N5ZarQvp)OB+-9zNtV#Z&I3FGDN1LnUG6YBEBzgZEe%cI|{2-M~2_uYy>
zU7pV`pHKwq^3?xnMW8N^{#iw!E|30sMW8N^{$)j=E|30IMW8N^{^yE7U7qLWgNi_1
zp6mO+6@j{Zcg%V7_iG7txzA?xfuhUP??FYEM;|J>Jo;fpmq$Oc=<?{#D!M%SaM9(_
z=NDZb{gk51qn}=MdGyZzCn)o_j2N3ZKg&z}MT$UOZXW0DlA_C#-=94b#>;#0+D7>P
zc-y|A#K`k`<lRLlYz(>g&*muH6XD($=GP1R4HDyCZ;U?o?-_-U7Vf=vG-jQ3Uy|p!
z|9f!J*4IAh_N5ob$j9@{J(xJ#>V<9P>9_7(o);P8c;;a|G24^V8uY>%<P$LG#9Bn#
z*vFIqzjI9XF1`4#Fo*vYYj*v{y3O-;O^n`c$7`Wwo%?Pg{wrLg|IYVRKi9}>tru<A
zYYw_GdSQ$_&w_K{c@8dzZ-p7-d)-WI0PB3e%CqcaoD;^&{rZLR|BNNi_u<+9|GnrB
z!}C1dir~ceLi#ypo&iN*e!16LeZ2o4vClc<Uq@S0nde4G*7;5FNlnael^DM+n%aIF
zE^I4zPcY{fi_YN~@;u7BeZ7z5>37#A-kkF2UK61nB&T!Ui|K_i@;o2?Y-ma9LzuDF
zIUVyECO--jZTbCLnQipK7<p=Qjfl3kk7vA_vygXiGkY@6+!>^>X1z5yM!#+*tW&->
zrtUfyZS_A@d5$5!_2{>5`trTY&*#>#2Fvw&30$<*^Hk-TMSkniXMTp^!hVM_zZPoD
z5-jUyDLnJ$J7L~YuY-%Wnirv)N1wjVhYRE7e$FyxBPP`4{n!9@6DHK<so{h0>^Xk~
z7i~5CBA?g&)Zke3xxWsEi?-VGnN%-~k>~!Z_nqfO?h)6Led&d5<@;gITR$e$`?2Jl
z0vB!dm@oG8j<Fv5(u=lwp3MBXPRy?t=9lNWv!!`>GHsvC-sN-0n)RY>PWsV}(Tld2
z@x1@^)AncOncBqYeJ>oqhA`3A@3YX&so$!JalcL56N)|$J{dFTC??D)-v(2EAtu!2
zUKjOOV#$9s+&;ByvE49Z-hzp?I-ibiyk4}$ycFFSy)Z_;05kvRFrhB@d7=Klu+;WL
zct57TC*nyBzrX-sTls9fF@As6Q|fPq`1LRK?R)tPsLQ=C)ORVmJo+9*mq(ujPyT)3
zndiwRULO6xqRXRCgD1~W(GM&7OgMkW>YN41JJQLDz_A3`(+)uJv_AR0PqU}ZfeYKp
z^V~d55wzvZ^F=S(V#f1~7*EWp<hOpkXzS}xbYt|w7`fvdz<fUy>he6}*1|I<>)^Sk
zUR3le;5%XFxdsz$H5`p@4f^Et{bFCtw&!BPw(?x}=PLqr`5{<mU-p~$>*2z9dEOb`
zrU=?<vj%I^`+jMD`w_;=Ct=3S$Ar2(^^Yh5b$Rs8dwEyRng6wzc%t>3PFw4_(j>q<
z^1U(hzX22K^2wO`N3qQR$Kbm+`XAuM6RoG){A4XHCwKZ?0iTLl&#N(Ezw*r6dliAY
zJon>g;JuB0Z_)n>E{vBa{y*V~w}9yTSqv~<J`ry{^=rr+j-hR@@PuuH#GHy?e|lkz
zd>hRCXJSHK9{ss+OHyBqW!+u~7r*Sj7EpuZ(&rxOyl4A4=NK=?gf+|ae0-H6XdBDV
zJO42KTE9N^Z)p$j_FTyIs_)qHyyMM+i?%WTJaSH^FUO@9_A5`F2Py(}dGyZD>8bxH
zgF##U2cg@SK5KOlo}7omg>B{0XDR}9dHOm|5w!K?oZ46CJSXRL8v@(P^#j<EnDAJh
z_-DaW^RY#r0~f~2Q`<sCpdREN_r1&7^uic<`Z_`psLP}Kyc6p3=>DulY8x*4e7G=P
zp7>J~fx3Jr%(1(N2=yQ}yRTZaKI^~p8JDql*6(|a`Q68a`Q^ULsxQSvTfeRY`_*TR
zUN4Vr>oYz2`S6T!1TM@ekG@h7sLP{Y3{RfbMZXj-jF)FGdW9lrtGOTDn)RYBrjBbK
zF^<LjsbM{Q+eY^tDbM}u;KH2pJu%z93lr+{?J@QDW660td}^bA883{N&&G`3#$cc>
z&;0CAbb0bT6YeSFXFz)K+Dv%n>I4ITF+tYVVF<?SGY^+FLB`9s!>sKpEc0*!To@zI
zJlv`X)a99n55QCB9dP$DbAA;Q#>;oW)bGcHx;)R*e}E^?gK%Rtf6vUm4L_ueSDra^
zuC^w|oX$_?@VRjQjOmLZy>RV3c;@h81AuLV%wZpb@%r4G`!qqu%X6=}?u5F0C(Qcm
z-ooJ+epY__G>_xX{JTF3b$RCB{Zpt1$zRt%>UU4eT+N01%&^W?m@tn#Yh#@vP?u-C
zuY_lAuZHJZyc#Zym*@TMor*wRK8V@x=P;ozPo6I-0(E(=*I&ZZuj|LT(!PmhE&U^0
z*fz+VIH$(zGbir1YQ_&?c~_qgPhTg(55NYn&bdl$FXo(R>(^(VedvWT@=2IE&%lJb
zJUN#sg0`IAYv$AoW8}#>M-iyYvnEed1Z_F3#hiL!j68GVddr*~3(uTC2QJ!j_M@9q
zFMd``uFLez;bZagjO*m0%e@b+aXFUSR>1R_;^lB*zw)fHYZZaIJoEELMbK8~Ai87G
zr_Ro6n&<Lq#0c}qGglWVf+w0k^U%3wl7Hz~_V)bU)_>~pUPyk|zpzeu=I2aB&{n_q
zkMpC?{J00I8Sk3e6Z3l2Jo3~(0vB!hr=XilpZxBJ!g#swN#?&0%X+v7o;__XJbU1J
zxUt$zSoXtD!PE9`xP2P)X)JYq87|uD>_@kaK6Orq3*+UP=g#$<c|O-*@KopDpPY`R
zbAEEaTw|xee&yR>#$S&Kb$RN1iy~;N(=j>^deIi+oExJTZ86?s#&q6msqI;u%k^@N
zWh~Ew3v<d{|Bl7?pTu7dcfG3LiV5T8$^U+M;%_hd2jRkadE!5!2-M}-&p)dO)Pp>m
zW+3!p`sZWT^BPRF#Xl3>_;_Ou!v-<ic8=Z8!0NBXgz@q|O#N+`P?u*czV`}s`A(Se
zzWWLFAY(ZWp%>E&W8{86(YEJfLS3G|Miha%d`Haq)tG4Os~_FI^r9`seZd&LFh-vI
zopnZEU@&OQX<g>j3uEMId#EB%m*>3uQ}%=t;8|Dm;M-&7I29ANk!OC+R0QgB`?7`$
zFrgmgTGTz$bH=D8=fR3VU7q^4^fi;CiL+n5u&q4x&s7BKa_{W{Y!xQd<&IhXgP2g4
zC(rM|dmH^O{GOQce~h^o$R{v?*^~X9=b6um5ZfB#_gqrLaRvbUlIL1H2kt5Lg^={M
zOcAIDnOi^K*@s>jBhNl_wjxlMr>|v-KwX||aUnc4TvYT+;KF#h@%FnO6YBEpGp|$x
z>OpEg9Kp8w^yRhQ4jaJSOFeH}?+e$8`Uob}<$GZ2mt)f#ej7eD{5D(|FVB10pD2RI
zQ(NY9(dMROZRMHI7ZhEd`CMLfdFJh+qRUhBl|^spBj0DQ*E;>4SmNcoV$R9ASmtms
zJZtY|@U1b&{t7Jn;k)6v7PrFvdY^gz0u#o|cgNKK0ZaUY@O&=&30xQ-<hpwudog|L
zpV<T%FHem13w8N4%zj^v33d72nEKl>p)Sw3KA{NI<(dCaD*|=7^KWfiS{ny9F?wNJ
z`Cgbc%)x}Zd@`oK3^TX-3hY-f^_O7LUkcAy-V9Gn-ItKZkojE5k?r-F&-2D2HuojZ
zzO<_7a%-{erA3z~kLzSB%(zXBH~u<IsLOL*J_^se`W?9U^8ohum@r<RacyOCpe`T6
z8-Hlg<=Z#9Kc8>^#?OXNZ}gS$^t%c^*yyi^3*+U<<G(c)>hkO%oj+f91m~^iJ0)J8
z`T1A4r_A#ZB=`G|6@j`u_w^1I57dKPN9V-TdeIg$AKe(eFh*{T>Ye+xb*f*E3FGCd
z)3qnm<<U36ZKwW<h7aJc#&VCp1ul#UGM1AOY_Au_$oIj_;~toK^In+R=&vri@Al7b
z^e+_si*TO}=IQ);rhB7$=d)E!TSBMlcPS*}9aRL@DUbfbqRXSNg?q~Qbw$5S5va?v
zuC6coSO9-zt`@+1F}-27b*`*e{bDToYIv^ci{Zj}d1~vtXQN+3O!D}326NlTby%+H
zJK(~cLFybtu#G<J|HvlDczK>XozJ5@cRJr6a=*W=<dJ8cxSxo&dTeVw`qXm_To^CU
zo_wYvP?ztIIrep!P?z^(>NjFSU7qL2Z^1K%cfu!Q#{VfMjF<0(secm_>Otnyw!N5s
zN6dJ~BHH4;7mU|uubT@`U#Az{G5Vfo&i7%$obs%P55O~)JK)))eits<YH%K`A>J74
z&paOuPfq7Q&mGru^izudJh(8Ae0$8Amtmr<2HRVMK4X6_To^CU7&|}TC4QB`pe?`m
zg8B8LE#@3_WAwrpdHOw15va?fFM;RUImUxA^SlPj{M-QF9UH*jg^9Kr+(T{KxtC_n
zH`oxgwVjS`TfHzwJ`=OwrI=7(iuGgan=qli3G2tyZ^4B6Em-cy55a}H+;w35zhN2g
zkKoRO`ea35ynGE_{dMrf`?K+xPk%m57%z|B`FxN5>%`b(tWJp6*!&+=1nNQVQ=c`x
zm|nES9D;6)UKk@E#LVygDAeVt$F-Vz7Q=Jxe2$B@zPzvOOTTp!v!%~R{lr+q%Q0b2
z`SzIl^_WnXM}H$cwcP~IHN6!sjF+e84=aMUn*H3=i|Mo1`AiUP@%y10uNTJ1Q`>=X
z&#Mm>{V=#tmrulun~w?gAlG*`f-(ACu>ouWCXAP7->CPy=SA}L!_A`?ZGH8l|E!p4
zO^jZcN1pk2j}_|j%;!8s(AICwnQOYG=Vo$_ciz%(=NzW5lL^RY=TU<}Tb=#rKWlyt
zXky~cGZo9;HQr~zHnj0tk6^+)@;*%c5=^w!IR)K1^}-l=u93BPUfs_?(dQQ3>*e~i
zFYkTP*4M@8=F(?ASHn~PrEp<edGyYA{;c6w8VuU{avtqVFWO?<GmX)UwwU?o#^^Kl
zvl`8K?<3zA2e8**8JEw#yeodR=pTa*V#eQ(3G>KL!|coN#S3-0v6^2)Oa4<K#;d=h
z=>EQ`lhDlbH}LGM{y!S-t?CE(7cjs4SiI5_{vvElUkZ0WR9{<k|1XSf&<3!}JPFJr
zS66y*(d8a$SMk>#_yMf`KN=j4A^VT#jn@nF%X2RustDABr=qRb(SG&9{PG<z`ya;k
zX}Iq~!Wenp!>@p+&MmD^^VyePJf1Q36K`9+Xq$&YbYt{cx1HlUf^+uYc|UH~=o|3n
zF#ly(KW6-!u&k3e!=KscpDX$wz`ah!|7+17f@l5w7%t2&kN%&EKwWMP=CRW}qj#|Y
zU`&uT;I*)gUbMxWf^Lldbj<v3!-VnjT<gyJH+6o(U|_slZ=T=BgvWB{UA^;NG4uQr
z&N&?8B|h(suRo(JPrrWcNEk1V?(cT+l=`tnpQ8xW<%vJB=<?k-Z@>PWj~J_GGkxUU
zz&))O(;H^YAodc>w(r42TU+C7tFLQP&3K==UNiHYi$(XD68&<xFkYVboNEhzGh7%W
zpM;t7!<bN)=lcE;Jp1Gy!w<%c_j(EAgRHS55v)%yjFCSbv#sw5LS3FYch45;@;u9)
zuL#=unu=~;deIg$o;806ZOx+>=8;dvtob=uuIWO!*I3<sKo~F2wRpWEXsgF|_N5ob
z$g?+YX%F9<INR#8PCD1y?wm8<F_<vFd|S-6!<bMX#-g7H7wYopj#sG5qx%_0sLP|*
z_Z)fj7r=$_^5`oRfx0~U3l)L7JnLkwB2bt2VUElDOsEH0lOBf;!j0Ew4zp%$>%Hdu
z4q#_sLS61VpSsVltcR=NyEVG|zc4;XzrG{duRi_GZ8YP3SIoNdxnr#QC0Oo-7sHRj
ztl`6$Fh-vF`5i@|E>CTLs0h@9)aID&PoLUOY=VrJ`}H9E9mRyY{6I|oHJCZnUyJ2l
z_yAnA^=muZ=!G%z>`T6vWuA|RdvAE&`H8+7p0QsF7v_=gh#7wsCfaInP4{B@jQzYu
zGyZ%m*QN8iPvxBXe*+V3`4^y@U!VNvHk$F?Bgy}=qQ4yO=N$9jhwa;N-xCgRxW5xA
z^DqdpALD&D-lO5qHUPBM*6q5R$9QW_ZQg6?YaKju?)#50UcL)v4c-@`tzXaEhyGcO
zzW^`V;(Z1fuNQ4GGtiCE=YDbh2;=3yg4yTUm{6Bzj4x3HZTWM};*Igz<(jUvAyAj6
zhWd=~yvThw5pK<T(bn(t(2dbg!L0wKSgysd!gH<P2p8s&=Ni3L5va?fzf%#Y%cI|_
z2-M}#-w#i}x5IO-KMohh2N~mO2-dF`#>i9ia(HsCfTyojaACYW`Wi)`F1H5rJ13&8
zhUw_W=!G%zS=a!!3=`_|=x<g8>hi4BKUD<ka&u_^ie)Sh!QD62k5L51%QJ5$7kw;%
zzcO#WfAnH{VO#n3m^lx}(wFtR?$w<`VZ1#1@GBI7dXT;jK(H^pXp3?0HAcTPW?#-n
zYVfmi?xW6Yn&)Y~M)KSv*TY3yzdrBmS1;OPy3JMYm(yrx4%;rmCS%tBM4lIqch97o
zv3}R$kHGBrHcVKLJlFJtia=dHA2a?3Sn79OWgpv-$<O@vL5$U=D+2S#qc4I_MDut>
ziIIDM^<sW+-BY%GA!I+i@vkcSb@1GeuQeDLFVB5_YthF7_$%wJ+Z-Ba9`Bp1rAy$Z
zQeRW_H^GIvd{@jm--`)#`O`7=yD*_1q#noU*!Ahl`zATvD>U=?K9F_Wxku%`zJeHG
zU-HbAYhI|!qrXBCsLP|j3Z8ndgYSk}!`m=ne2}p$M(D-#LzwYbW5RfO>hu|r{5Qd!
zbK8EZ=y$_ix9b0b3G>LUQ~igSP?x9ve}^ak!$sdp5g0E|{I*4xM|YhI<K^jh*P_d#
z?@@HQ*U>ts7M;T}WZq8a$QZq0_T^qN6&t`V!-TqAufC=0n0bCZal$r1`t|#T_8V`^
z2(}Mq{+D2>=PLNLMt^_NZ--BA^e^DEPQDHo=9H(N?<oRx`C*tf>|;kjU7q=T2Hf-N
zli`DSkL&YGp7_(?!g#r{1DN|yYIw3gr;&T}#icL07(?dvIF9UFzcXeH&%tbBZNBqo
zpV?6Kjqu5s@$N0cczNdbeTqOmNWc9E_Ny0dG4s)l(Wkbv8qN4~up=>Rcny}CZ-A%f
zj~4x7@IlP@`!Qi2`DvJa{UW}8Za?-r6>?0|uU|hG>T=hB(wd^nT|WcZ26)E1vC(lo
zR~G$=eEob1In1LM)+0~92P*<~d35)Fp)Swo%A*y5dXP1+ErNaNg)#C8*Z{TzCfeFQ
z9o@EiVT^ox%(nYtqOGm(WVVer#`WKi+4cfVsLLIv`n8x)mq-6Cc&^2r@T~vehYRE7
z*{}W*o_N<@=J2oJ!gzV|_--TAgUsQx5gdy?IfvmVVb=UAOxRYQ_sm=1Lj4vj>#cJv
zsqMFk5ys1-e^L>s%cK7uJoVgD^v}VC@$$rfQ4y%iGj``ns0SJQFoI*(XMgZM-WoIh
z3~YDIdGLMPSoKk?A5*^u6YBEhc_Tda``pjGb-sU2<eYha|NpS}9^iHqW&Hmkz&VEw
zS9&vq-a>i+Y01q^A?1eLBy<k9oFo@+<Cc(6q)Sr~5D*ao5$U}tN)ZJWkR~7^2qGd<
zR1i><@_)ax^PV&F-JLndpa19i|DNaX<ZjOUdFS1C%I?n2?#}MWf>0};YO{|BTg!rV
zksk!j+a4lAe+85hpofg(3i>Bx(Y!q=@-9~YnWKlnXyIY9@UsB*!{?XPt)DJ9mw<F3
zuPnbv_b5jX8G86%Dl&dyzf5G*KkSbcS^kXvI1$v(Nl;onWYvGk(L+}K*&-tf{=Y1O
z_AM`lQUdfEbl<?XN1pJDeH-~XTo&EFJtFJ5<GYUjHjxqF6EfN_toxQM@CW@nvfy4D
z^gBu(RF5&bXfL2Y%gGyL=&;=2=pkzx@~oqWJm1=H59bn)F61NR7k<tc8LL45b&>TN
z_BN5_&*<+EVL;>&vTQ3GMeVl}S?#A{V@ZG?$S2A#>>qaYkkM8`zk)Q*=r=<?P~^?5
zyj0|2BE!!zk<mWF=2J(H4T`n{c6W-b`{5t3p(S8l$P48cHoM8mKy4O_todIeGTM3A
z93`?I<EMxW9sHao@*(m&LYCi)tbW!iRQ;?i@_`bMbvi}H^)u`*7a0M5AnP{$#L+`W
zwz2Lo7)rnoWYrf$);t%j9{$&G^lOR?AJDHY^7>ZZMq~v0V`Sa8cNW4r_(gyX<PBwk
zpC(xlpohGrEYL5J1@#8`C|M9-19=@;pg&m_1n4#Vf1NJc*kQ8Z7a=QeXaiw`U#;^|
zB9E5^<tod9fOR2jJs&Hw+8-zK%Cf-zBv}w(4_WnJf>HwXkk^m}_BdZ4WaVui(Iap8
zT~ij=&yfX(80^tT=|0>pGHjtoK8MQ!`_p7WfF82?`G4~~HA(y;ZTuo2Ey#KtT?(ZH
z=ppO5?^cmFl?D0yr7Q@rfvoyJLn#4z$f!@G^%q$XpogsXtF8cTqKB;Zcy^B{*yDP(
zNq*sHfumn2^5;Z{{NP@V`aDf!1gr~L^;bB0$hu8$a`cdKd?Bre9lf9ldW_VwukI;p
zzz=>AkRQmOmj!t~L>43g{h_jGJ>xh<fF815-<>4#cCujIYh^)z4dkt4fgamJeLgPo
zW>(MVHLa6XoH9aI{nm~ivg#*^j3}f#S%gij|3jga06k<JcPRUS$oPeRNMzk!xNo+K
z=#b}gMMi)PWb6abU+Cx|tDeU)tz+$PbnHcCf^IKdV;~>+ML=4R<+Nqe!f}QGy#`%Z
z_euRl-s~wN(;hyMmj1%tO;^wa_5Z)TCH0~8rN95Hw`4!6wZG|pslT=CwSM*YfAw5n
zJ!^gG@Bd%x&FzEX$VGi<&^B#rQ4Es>zj}`d{WOFu`w60lJ$?~j16j|}jUuCYhklAI
z>&b%pN538+%jY!F!zX?bU;`P)3D(6uPXy>8Yd-gfQbLwby^e6xg{<e_<3-lIod+ip
z;0Lm%dy&XmmTx%vOGQS2J>-pKK|b%21tBXx^=yl6WL?w)ezlCFMMlW-Ial<s$1ehG
zAZz{?Kq&!w$a?-=1f_&5pJPN1pZG<94P@<W?F*#@=pn1V4N3{nLstDUP)dLvvg%RK
z2+%`T{dG`EfF82yAB0i@^pI8m0+bS<hphVdpp*bTWYu#&R`nyCJ_+OoS!b9m;~YI?
z?WgVM=pmmawj*Tut;mQ%x-W`=Z2>>Ohf)IckaeH=m!pTQ+wL=w5e0iVP(LffnFQz|
zW1B*?zM~g3L632O%D8U;Q~av`Jw(=W;TX|-DcJuJkQQXk+qa;U06k>YUjd~A=ppO=
zb{muupx2=J*;W+D4}LX2+lj3GRc=r8K1rL{AiyVN?UOGRS<AxLV%tmH2wCox1p(_q
zMxPS;M`h7GJSOtaR{xRw;`oIP#w_W!LmwLfejux#W=9Ws2Z_hJ%N@O-30e>JT&EyE
z!(_p)whz0Ctm#g*@yO3~S+pL?A|pT#S?ll=k&z|nPnBg$S&+}GWl{Y#BIm9CCizAB
zu)jqX)w}H;<n?8N9qJGP_K-E7dYmFH_c#?aLF;69A^5>B0{lSMYn+85uW0qyZ&g1e
zG6L)&tNvUlB|r}u`9vO2UIgeh{NI#^C6X!B1AY;ZPsp18FG48+ddPY_^7dUz;!s{3
z7YMM|pykDN7Sh5mLYB=2qK6HBbw5Ens{0SOEyE=a=^i2rLY7ag3!nH!$g-Ivdf4Ds
z)154`_C1;%y`CG9?mSua8unn35wiRb7d`yr7a_~WEqlmjJ&AxH{32xeL0beH{32x8
z>?C^F;1>Zlkaatvo)NOv-A?pa7r%PkO%NFY_K>w5<9b6|JVKVEWzl+GCbG6C7l^EN
z{vDB#4t#!Bma(#6-CxV1>pm~C?vpQxi~xJcs(%$q3D84U|9^#20`wYmUqw5HwDF6O
zWiwp#u)#0F|EbNMvM&7K7a_~f9-@a0ei2{;S-00rk+n`{iL7Nr+l7$jv!4B}o_eUq
zrk=EhOFnDW=g!s!zX)078ZP=;ezvwY_(jO_Q%|1Jmq1$j3qPC5f<E2|S$2_SMOmO9
zBMWSyA1BM&R-Pii2w8c6t*)as(CIlkRu68wr~AfMvhM1#z{e<A5Rfip94|;~yetUN
zL)PPn&y}j@=h2!s?2`yt<qG9Z*G0W)o{=}yFY*kZs>gl~-_XyO1py3M%i`|;kTuVT
ziHrby$eL~^loGP?jQf_TAN(R@*<gLxxPBn-C=2rWby>9jFBcgBelC{<Z7J48UkCwu
z$l4Fbb9RKRbZ3hm>*5yyHjr^_BHbfp(R%9=S=;SnL`MC>hOdv-w)%VISKISniL8E}
z5n20bFNlnQbRld1{4FRYWaW8*=#gjqBESanDzYFyyp7hddXxnr%V#~uEY43zm(N+)
zu1I%=ELz5WMc&Tp`{fq_=|a{zIU7m|&_mXJ>}ya;fF82yFMv`4^pI8mO(-Qm4_V6_
z>qG7)b|?#e5wI@gb!9<Wun*|AK3HUJi%_@PM)irT_NR)h_5T%-5#STD=JPx#B|r~Z
z^LZJR5}?<h=hM*fu0FT7D_~v7tI2}=kCO!<%V%gi>OMa|S=Foy89w0C?JGh?{!xdW
zvLIxowY%tHqrb4h`FCSk;B%oY2+%{;x?LhN;<4a5etj!nF24w{zg!lrhpR+JfF82y
z`Pfwb%`lb#d&q0ag0$|F1p#^ux-GUA#V}d$tJ`jjHOjKz!rJ2(0XC5J7{|Ks2R*je
zHnJcO2g$Oom3tidWRbNVz9BN!gZ<^QXt}Nu83A#S^;ko>w2Z$L838sLw2X^Hfjr?C
z0XC2|&qs@_$2j_*n(px;BfuWA>XByz=pn2AbSNc24_WheA(RrJ*PwYDEehlfzX-5_
zJY1F$vg{`d0`!oz4$DwVfFAM=vcUcvS@gKZ@rdIe`bTBaGCn4<=J_d+5#R^1>YsyB
z0`!nI-8Z3>06pZbWr2TwKC6D#L!uI34_WmXLyG`CWYuFlEux?wF2XwU3;&~`lmNX3
zt-~*fVwf!WMaZ&g6g_P4tNzi~!oCMR_D=+?3t9Ku6Gc}0lSGC+@^g`+$9}8%ztqux
zTV&K5{NE-E0{lbPeHhyX0eZ-q?z<xE{(}st|CNy$39yHZ_8k8Co2zQSkz)^8>vIQ3
zFRPoN_1P~3pZG;UT9DCSMA<KtMcd>nL`HxOWIey!EHZpRf2%C0cdYxqEa($MUdPD;
zWc9hJqlb*Lz}FTcZ)w+^BC?*N@$UJGqDNW>i40r#KSX4$&yz*gJUk>a0_-90B)_nK
z*U>}P^78zB1#6Ev`w-v<vX*@ZM-N%`yNay!k9qfy9M;`eWcf3Bm?eVdxnJZZR{sJF
zB)}fBZr_(h)^qe5B5U2QEES^T3bqni^^-)_@^*_nTKtWW<=Y}7z&~X5f2GKp&+j_=
zYaM&YYJZc+k`3eM7LoHJ!~b25J!IYgpK$bIW`gdAy9>dW{vvO&^Q@k~+Qm-u+##~&
z;Run@Cq#Zul0|J!7FoCHnIdl?3v8~F1p(<o)-qz>)^%@j^mmGk0DH)4e-D%rpogq_
z^x@Ud1CIV7kr7}IS=)hUpp*c;2Cb`^qCj2YSAEVBS@*X?MMl87kk^(4W$cy(A<O5s
zqK8lYg$?>+yUK!fTV>I-+C&~M3-l-3U&!B;MeFu@k+Heq=O$T(%L1FnWzl2*HzMz1
z^+j>6?d|3wYo14ntj9j?hs&SwIa!2Zc3rd&<E<RKAC7ZB*5N(?+B@V8=Qsr988WsV
z?Efl@ru#RMSGW3)<re|=kY~#Rd%OdJ06k<Jo6s*2S^ad1fNh3!?-aRY<#k~w0qa86
zJZ$9XA)}pvYFqhFeQqc6NunDe%e9XFI+1s@`ez;eb0RMnz5L{wWn-zIxgsyN_IG0=
zN<e-fPnX{jvV7*)<HoM$b7hecU=O)Le&K%uk=6f(BJV6Z_-S(VQ$=pI_E(FH_2B1P
zkv0F%h>QR|<SpbEem-#YkejW3ieyavOci;7)n6hqiUvR57I}=-KPfT-^pLeL^qQlG
zjN=69t|kqR`d>rj7OOv8WG!#2$P=voBFFw>k#T;7pIzj@*~-c-BCF2@B9F5A(?mu<
z-XL!&zgYJgk+JVV{y=0+_d}6!Ou^UcSV;nYAkUOv==T>{?GF(70MWtEEsp+Hk<l(g
z|CXbFTV&mi8{xzxK~y=&_=W#196e<Cz|ttP*8fzIb$eal*h5CW!Ox>2;}?E^DYDjE
z`>NIacZfXK+TS5E0_-8<m_@n|IC{vcf6UQCMw^55UKUyF=M|B$8$ka@#~w1yRnTvN
z#!Uj!h1@8=NVh}eX;!{oWcY#p7RMg)KB9x4zlp5rzAN&!qJ#a0lHs$he5J@*hu;$!
zHdyzUBI~-3i>&R>J0c?>Z;;^+_G_(?{6fEu$UDj};`R_(^EpXm^*LGO^CceZJ}WW;
z)`g7wb<qD!Wc)(^p2*rKSxXu&&2xjuyGcCKnu!KY0_-90B)?eyXpuGDWg?#{I@o{g
z*hALsvcg&tDFJ>Ut3L1OA#1r-6IuPQ?&#NX>>;b4^&LHA^|Oh{>St3&zlCEDS^aF|
z=pn109UVPn)sJ%Ykk!w4M-N%;cX#xV)qZbB4;gigWs=An$}j5nK*vVV1nqlF5rRE_
z5m3*N)&C4AB|r~Z^D_rZ3D85vZiBRNZwdi=4Vso7`}jqG4P@=dE{0M9^pN!!`6`qW
zpogq!T>_<qth9b6dXx*lx*dNmGR|Mf=L@nRWUaf8=&>$-5n!{AECpGx?lf5tpofgU
z4ea-qMbkpNyS*&1KS>q@*h5C!0{y+RAV3dU?O%sd0`!oz&fkJk0`!pObYuLyE58WP
zLst6_p_BkUWbIEDkVy&9YtU^pSrjM>ei2{;S@ZlwC?!A-S-0KIB4a)1Z<S>SSw_h6
zTUoSy_?^hJtsd{-AY|nMZ7h7@7iO@*KB+!?L`Hxf@^-QytqWyAfFANHvcS(}vZ$ZS
zMb^H-(;_3l9`ZJ_z|TKrQTvZX-o@%Mt^)z~kWruTzni0ntlMR8kr4&^eXJh#Q$^M~
zL4Q*H<2@_{*hALsc)X*BjCGOE6Gh(J%J*A6)_qXqW~*NZ2}*!ogKq1cMS*Di$|}ZY
zr2K9r3;fTM1p(_q#wil|LuAo?^)!(;wfZaM7a=Px_(WRxT}>AFLAf<u^ojJi-cw|R
zEI*+<Zz=Zhxt}bWw_`-syt(^^s7=s%xKRjs!>^v#9uXPmS@`_3Eb0gMZM1IZi>%uk
z_b!H8`(s2_dyI8gKe#SX{Zk^ZZ|(mivizCyz9E8MAN||We=M@@4=W(E)*iCz^Nt>}
z>Q@t4{jV<ada~{aS+)=vA*-Gdk7)gc4Ypl_)lHCJ1n41eCkt#3lLhNRf4D4b$^tzf
zv$_x9dIbUY8g#pCEDHF-ukIV$TB9s`Tr<KRzuH#s5wYLV+T&O22mKV?E|W!8KQlx|
zK)R5}$%1knFAD<nkhRWFhEf9bkk^t0_UFoikd=Sz8^dJ5FUkyix1I$}(E8az2=@3z
zTLk+tvgmP&vLg=qLuJu2VjH3Bh;@&UMUS1Yh>Vbxx9vm^d;B862D0uCyNj&*?QD^?
z?@<<6%RVUbMzSD3NDJpp$d}5Z+xI$=5#V2gmUpQrkO%xCzy|UvvcS&?vS=Ak6j`^$
zX(A)Q9<ru&9+VQY(n38VE&OW!Cy9)ZWsfq$9=`~%fsA@a-VT&Sw-M?b0XC2|pS>b$
z{`*8mKH<~d#{^B#I>9|L*x*;!Mcrc`Lb}*b5wh~UlIXE6ei5>4+<H(O=&)bH{}L!A
zU|q=2!RJ}BAV3dU&#kwJtnJT3A|t>CvewUYP)dMagO(Tj8T{iH0XC55%YwAODhmSi
zkfFnZbP=G3taW}TloFtatonPPlmI<s)!#3&*7F079{ERrJ>+`If_x2=MSrm_+F0G+
z#)^ypy#}p^okf9l@rwW($ZN|2e|yS;khSh+qQ|=UMaZ(*T=cNPub$(OH*L?c4<KZ%
zi}nQT;uj&y#`Pbvarf>2#%32;8Tr940`db{%Mz=rjl~Y@;uityLe}%w)=)~wDkF|P
ztm__wkTu=OA|qt2>*iVaw^3rN>+WUN%wG4u$@71+Zs>ffbv04)tYz6%WYsrD%7QYZ
z4)Lq|A=;i5WkJ2|Cd*o~jF4rzENU}HWCYki*0j(LBV^S%`e{fDznahCBI~+4ij0u8
zF8Ul;7rzLwfsE~hybZ{rJ_kkC_GG!p2(X8|zAUgmM;3&vv~bOdwD7Awr;EIvELitY
zSrD);<aK3%{wP@xpogsb)1Z_9J!I8i45b9<A?x}51}G&!4;k$U{Qp801n42}E(`Q4
zN+va*D~W*f8uWN>hyZ)YS|{r}ddRBZL}Wz49?urFjm0+{5TMtf?PTcug|-EGKwl04
z>q4F`3-ss8f&e{aP3t>QN`M|R+A-KaAPWNY56Gf<en?~l=pn2A5hx`<4_Wn3h^%FN
zQe;i{_aY;}UW1kqx?!?t9DcFjypFt~4}t(4WYw<?r376Mvie+AWcb7{0&E~_zYcy8
zves=9J=Vo90&E~_8TW-!0`!ozjIn!1M~EGK;uityLRO!>B5S?%Ir<@y5nvBl?T>*{
z0`!no&wWUwiL#z7i?%b^9}uvv2CX-=O;`uN2(W>y#}4)}%_qvP{%47db_!{IQx*iQ
z3t9KoTSeA&ZxdP9y+dTQr&#xGSrD);WG&abP)dLvvg$vCQUdglRsU}&B|r~Z^(F&W
z4|yGtk*<3z3!0#HvWXD#ieCiy)SxzK&tZdKEhF|*J-(0z0@j7B`|vhUO33nwb_qW5
zivSzQkIDicZ^(iGJ!CE8J5Wl19<u7+gHi(YkX8Q=C?!A-S@j=7DFJ%Os$T&GlmI<s
z)#n{OWYy!_fQW+q>LP3`zsUbKB5VCmbZjucq^`TC$Ou>$GVD<&_<kJ%^cr+qV1I)R
zei5>4wh}#T@QZllXD3+@z>u|_-wjF$S$^tCYq+e7wD5}nKf`5F|2vC}kmY~4=yhG3
z*OAY?WkK;_zmF_hS4|=#Ko42{&x2AzmjCTU5C8bp^C0`tKFLh6(R62ttnJCcA|qt^
z-&*wWk6#4XKweoElw}855TJ*w`dy%u06k>w!|V>FgsimOZK`?0HHhYUoXF}wwoS`o
zhdkpK0ck--ezBY`i~2l6WaJO_cRTv;i;T3OzgHFn_<`Il3-lNVwTk@0=U9=UgUxu6
zXInkS4k17f89rf;@4jju@+^_J5FOUPUStH=Lst7+96jWXBp!Z#;pidjb@v}d#`b{C
zTH+YK;S={`wVuaADZ%7fWIdLrI(o>OhnXTHIoM;Yk?Qwz>>;aup`(Ya{ueuXq>rG-
zKH3&U;}-#GLDv0eYbYf^uR+&EonT%3BESZ+u8VRbWUY(7GS<bfmJ#PoJ$CjG8Tl9?
z%R*TY;0N-mvOs^hEbCi&sr(|q2J()wz~%~B5TJ+LAPe-j%cAMxe5%)34~mQcd&qiR
zJO!l$=rw3P;CLP;3x3t-AtJ9X3({I53j)@KtZ8wc_1@$0FqQy&$f`dTN(s<I#xMMT
zSr!B^WUZeIp_BkU<n?8N{SC5cTlWKz5nuyZ_oe%wlmI<s-ItyaS<8t2s&4Dwii`kz
z$T&_>C$GtZ06paOWI-N2l0~mO)__9^uz{@Y_D+r-GW=m(j49G|-DfcpWrA)O9Gh4N
zzgp)wMiGz}WX;1~BEuH?ee5sNnl1|h^pLgQ7C<QhddS%CVc#PQ0`!n||8ch|;t@2T
zSZ|mt_(j0FkhQJDzKp7XekWP9>=Q*sfL??8bkDQ8F8cE7a|^pd*1CvNKmU_$Mg6Z%
zDi!g+eIu!g|Lf~v<iPUo!Pd6i$brHB<adcm{pGIKkzJjG<^I;Lk<(iTmb7#(?kV@@
zMtTuP_jWC6X_-}Onm4aBuzaAjXsD;1OlJ4?3@&LI<TV$U2TMJz-Q~&4XZ7+b6|W2D
zmSET2K|Wi`gR?t(7MA-5I(vJjm%I8hGgcaqb$j~;#b$sU^mcZP>FH#*^U4E*z5V5u
z@&NqODvLV1x+V`TT14u3<+h>Du8yfgU0rjeIFmZqsTQWc+}cs<?2!uXY3(8>GkQ7)
z)o$KEE5%ML4^AnU`x<-umS<<Jy|ZsgxqtrhzA~-ZomI;A?owZ8`;n#Y^5Bx*P;Q%S
z)i04P-`TUMmmF(mVK$|6vD6zGm^~)59?MJn8clvDclEX(Nvkz2OX_E8f4O|X_))u2
zv?e=m(wr$JR2s$0eleq`qjPCz$53n6jO@A=8>!-OWK-kZUfE1BgPG;!foRR(<QdJS
z$&*@|CX6d#yHhqZtd8!NLoHy|IRAjsBB_u-bWi!{KulyM92#biTolS2EKIISQIlXK
z4%}qNEOm9J_7ANBvMQCA1<F!2<YU=&HL#?$zuaNdjTs`_+PbL&InJ8fjwrVewsam7
zs%){D-MXxKXs~anhFMJ;Y*yJBr6Fr-Z<k%F)N)Lq?Dbhy{mK4ahre1@v0bvST;@Yp
zYcaCF50raCds~0GeQBWd*z)E6{$4(VXo5J_a1M$jtR}G{9o^cK91?+SnE03joC8fh
zOL7kF>{%S}!)7Hu(P+8Q22SelZ(T0?G4HA~<$N%`wWmY&_an=4+UgzZZ!d@TcR0#2
zW~U1V%8gx}<(|QoA!&?4-WtpOatQRaE-v@OaiElr)tvIt;ltXutL<z-PgieiN8_YW
z?)1Esv^;Ig(ZvXOg=uH{9HQ0VCp&9+D^?FS+Y1RKk{r5m8);MG2I3^!U{V)$`sJBj
zGx6FuiE?Fhlb55TLNU^BNm<YB@0FcuKz57%#wD$tq5U-DJgjwyT9VUKWb-Emlo^{a
zdRwWEosBaY$~35?UENQcdRp7M%8m18Q92o>Q#uFgwv}ztxoG)+mWk%ZmbrE3qCVrK
zbg*q1Z0+lc?6cJxvBj)orS`#o?yXj;O*UR6x_wDmdYOIwol9E>%cUdB%LC;`Kd;o0
z)rr)Eh6c)|cFBC_qRw{l74Sn=rAaMwMh8so(L2Apuc@&#WqMQO)Z5h3GNXA;av9P(
zAidK_N#J%s&Q?p!juA+^rhy#oXcZgV8V5t2p{~xh{?`8GvF1zjGLUq_OYN<)JxblZ
z9ii&e6>9g{P=eZ49fMs1rrL%EWS1=U^!Bu6bog}>8*4bO$9n0QQoA`(MXzC&jv4El
z1)CvQCRamsm}GC(RASj?rS{&Q9_eAmW6jQ<Z6ZaN=2&*Hnnm}_qUG`|vy&~gwzrr2
zLfP&qFYX=e3?G@YM^7J^(%VyRlv@p%_YWGo%B?*^eH1IFD|^A4^h<)#6rnrSV%eYU
z{!bQ?qwGs*T@|}x_Nr=OTwqJgm_p9wTpD+tw2U3S-EvYjH$ljOCV@<}_jdR7XI@CF
zl^(c#14ruq-rm~P)z+H2y4E$|w|;Bazui^p^k1Jfwi0sF*&$ue&cWp+x#1An)7Ump
zamX@G2lcxBPi)~EeNfxVm)f#=DO%G`_jZ=)x5j%5<hmWbE}KAUQEz{DYp7ndz|L8+
zM#gLn%}q|vxLk}E#M-+F{CC-N*A8q(Y!)}cXbxdqZ)tqnNa~KmNOuD6=Cw?!-`Fjb
zTMzM#%+=wp87PCjT$1j@fNbK>MHBX(S{GKW9UUcURb*M*EBC6FbcdWZ%Y_pz$I~lF
zA3#ojd;_&|s7NNz;>v&0>Y3ikK=?ikvJAtchC1c{fh9wO9lb|~u2AYWRIj#o(Ksn~
z>k5U$3TTt+T0y;cloz!Qb!j)T)Ym$=BvhHmd2;HNn+o9*EX-=uf#x*(ez?C8LU+ww
zt9ChK_XqB-s~xh{AG|?`*rS87T3I+$r0jBAKCp|M%ZHZv&GVY7TVtrdU(O|wZd55_
zt=K)Lka?*?dPPg>%Nfd>Tp5(wL;WD!s9F?niD6=@4tI?8<PbShjD4xCGjt0-NpfHy
zbd{H^KOpz&%b~LmOv=5X1KT*j4jNBFEP^`&T;MS4E_atYS_k<7iSBPO>l+#fZ4X2*
z>I%o}E~m$5U+ciY(Q-4n4Sk9JNV>rl13L!pJWXCMx7g<QN~;_&!ZyYQ6E2==^tT3=
zm|OX&=UG}WaMdXViT4U|V-l4dI}Q+Udv*PC`?0q>ka?#~R6DxcSZ)mzTq1CoWITb>
z;>?~hKI`F+8@-@UHdm;{!1_}=(@){lLCf?>G5?5;`iDUc|D$UpFuG<6qiZEGX8eR2
ziNK;(L0}Uri{5Wd?%&kB-#U9rX)yhmQY#+Lx;w@P_9?{5{qE2`9UCnfj;t@~<6y0k
z2Wu6%IgG@tRrv9nW0ZP=?H0MUJWv`vW>;xwVh_TN)oya<qox(MS#2wmV(PJcDql#k
zrj<#trWH~w2Ty&dEiGehE2J2=GEI<q&@6jpuxUi9<(~FZk37GR>^F@w=1y;#XZD>M
zdxc|(E>ilYhFimpCV!C|=*XVqQEsA^y2?F^gIx}?N5fy=Iwm8r3NQxsIcw@^?_b_0
zPta4(=iRb9R>8YdC6s4MxgK|pRotCZo$*80F^oJ&H#J__j5U%rcF`uc>aJF+YwPbn
zF^lKU)?h7%u36lntw3|zx0KOC-M@L(RC5uP99$Xqrq#mPtuw6Ly~?J!sH=5x=$Z=7
z=FV(7&>YP*wybUAYahwhu!g%zvhh8yVus_lf1p(^5j!H!A}a;zNRE`)V}XjTG<rBl
zW43c=Hnxl}&7C}R%G5EX>9Z#_mZWDBI{mib5>1Ei%vcy`N?I^LCmG@sv_Te=F-0|6
zkg8F9Kg8qF8m<<aCpHly8MS1eQI-1SR%N_tOEOkRvWa2M#H%$@v+Y2lHI0%4gJyD}
zR`Sa`6zfh`b5~d5ZkdBwK(kQwTeC?r4-bu1cu&9%9M~&y<&)gch+X@@s=wUbyR;m=
z7h}ez$?+OU%cK*CtK$|9T7*awh<ZcECt`yBZyhE`NH2uV)n)6F@IW@b0Jcv|%*Cb*
z`z$XD-7$dox{bXHQ@JD86S}a2p^VFlUcsiF#qKDeqGYU7zk3@xu<^_-qDcF1;^$17
z-BgkXVUa=@yN)rPfn+4c+`I}zo3)Ya9;tk}SvwdR08_E;97v7*&~s|VW<VO2*1@6p
zZ8#(>w+A{~yQD+i-If}>k@DIRH;LZ|FnR0g9h_X2XCt9~LX9RZlG9G0(&XWjF^k+g
zs+jchLrN`^T9{3|w6$v}lp{5)$EL5hFE;d3T}5^~F`3phr)l1#S*3b%=Gn?N4AhvZ
zF7p)3eUuS>K7;2crRK@|HZ{(#Q6w)9HEO{18tzm{CAfz1?W~rKP4i2VdY}f#Wn>GO
zy26oxBQkton`B$&&zmu4T4}Jiv|#?!T|-HWFFTGPdL}YQWBkboOyUQb3^l1*&^<h9
ziz|_(CGnxVdP_dJjvT-U!$9$nr*_XgU}*dLu#dEI#+^wu;HGL&pBrN(yKrxJsg7bu
zZy}Poq;(1o;I8aC14CwDa?BOZ!Fc9Yc@z~WZpCNkz`&54*=pqu)l+HwV|UJsW7Ec9
z6`cG_ZOcn@Qo|#(!8G=;>Ku^Ef;w%@#*!x=G7zk*j#XfuxW`krS+QFum3pb)Qf{p*
z7?6RmwQ9O`NZz!NOfQ$a{qgEBm7Q$snzp8@<uR9x18eUc3J#g@H%n(vM|oKt6=$3`
z&6z*%K+{=_Jp6Fmt#AwMT1DDQ*9<plF?uvmyRNBpC+o1Pvk=i6Y_`qmC=ayvcbZp=
z0tw5O9Iaj4fC)xl%B6k3j2;*Y4ze`Qw1Q_L#17!GSRe`W$g9-WI#8Z4E@Fc2c<h#m
zxu%g4m&>6??2XN{=a!C<^FbgL6W`wzI#f)wX}zk$ouVV$q-y14x?Dzs%NSG1m^|&N
z^?b`+BUvr}Jj}J1?LFAvD+gM96?3e~`Ba7ln=6KT-Ul%2%xZ3)xj^oJOZ(l?8S19G
zmUu6#PE&btEmZBDV>)6N6MC%?d3p>J+$S16CSqg_lFby@L9ET($xWz*fRU*Ide$Eq
zneLdIeM^QC)OH+cog9DRcF8fSbyzv3X!zx9Y0vYubBVKk<Svxs8J2bB7KXJ7@9f*L
zJjzgebK2;V5!2CoJSLxNjZ4=0tdnfSa^PHOpszeA=gH9hV3UXT?!HQ=bFee@dW7~_
z^nz<%)57MNO;d1{8_R{3%$f&G*=g*;(46&V%$eUbO&&*uH>+n>YonS@hq-E>6T4_P
zKIhMn8yIqV5`D$VOI>O<P;SpmG7&JNeHpoxE==TP?pW|RpU#fZka|i5hi>d<APyGT
z;N93-X9e7HnkE;M^O`2LG|vf?vb75XolKu6saqNR5qyU%F-9lEZitw%88}vl-Q1?x
zxZ_u=G$?g^5E<$}Zjsz<t;a?VFuCcf1I#nt<kll|uy;_d2<kGG<IOyFGF_H(e`sJ7
ziXrbX;0gs*I5dC@_)sH)TB+MO?YXm~e#dEBl%~bLs3I8|E%#q(FUzn<n#I%|T5}vo
z21k_!+hi<e=VBS~NzRPPq*>FN&3K_vS+OXgF`K(!vOH?bGD%`^niz#naBHX`g{!_~
zl(JlJk*CfvgYKOjiZxr=9;k!Tz;`SO?cA090jW7d?rk45xN+>Blsv#ppA4Kv#oR2D
zZf9%O=LmEs);%-v7dsCm?T?I>jlP&sv5LQTQZchbO&9kDzY9<?)f-Ut*jl&MgEQ10
zO?m$hR$0;+JUFXv+vMefI?T-I<3-^iAr*(+auX%|rmWfZWE-JF(K}Q-UD<)c_so$d
zda=?7^|zLivER7)O8dO-N-)RHtWQ~LzW+6;sRbip@K8A55*GFmbHoBIp*~zrAF!G|
z_=2TAvW{EINFVhXNm<4`)nm1&%?w0}7S&vJ%S+sYp+T*t@3LTiqv;Px^Ax=OVhrsa
z?HLC(O))D(dSu#;W82yNCQxLy445U??&UI{5_C(Lcw8gK?gSbm`!$I0<)pDHFOH_v
z7#$R4JhWkGY^*eW1LdKPUb$XM+u2buQ_B5v|19dGH#p#H@*FcXB;32U29fJ8YZ2Mb
zViAu`C*R_J-K5EWDTT@?HueK1F$1ZaaI}0EA`q#&jO0D(!Np4;7qgT*$ALVdjz&s5
z7rJhc<Ynzr_fTlWo*0;OC!Vy16G7K9YZr1dX-vW=3`wVRpma>Q3z-;1b0H3TgZDdR
z{qW_JM7H&eX$!uWkN8e82;H*lZk6svTeNf-yB)4Tdl<%zq<oSF+WN2~oCw4yY#`5;
z!sU>1cBEb%bv9zVd^aiV8fhQh+aD<=TH?5coW!Eplg%V1;XHK7H<lJfir-%&9^Ha?
z4#T(9r1oSJ$r-G>EQee;k2vDuX-Fx<&j2ME+an1lVR}`At-&sh_&_c?d+@|EbYRPS
zc(H~R(dm{|_ZIJtgxuwr9J*SEn>HE5fl+zV$^^;;tBi4vni>W;nW295*hCIgB-1w}
z*{Rk2sU#Th=NW(Yvkme7Ud3VD%yn2h>BVxn-;ewG(kBe>lJMzTMmNFYp131C-wZfF
z5nCiWHU<rOiQbZglZEE7KrJ_RJJznxY2}_t!SjY0tck-ZGNN&McWXO7DHka>2DOSs
z2_JI{4xT~TbeJrRgN+CoW~7@Qc(^F?nogyVkp|w_#3})!S`i=4ws8@?Ep04f8`c=0
z#}t1X04JIbGnBE`8w*LRfjd32>t$3VZfBsnjh(n1U7Av-oqP`^eZR(Su;iO%^C!)3
ziX>_+O0$|mttVddke5nIouN;DA@A~dwcOn?dIH~Hax)|QU5&QWKCi{G(7CkkcPDC@
zHqULEgF24%f7PU0o)`u{aEV*4$yF8JY?N(TeT6(!!Djo|yJkt7AHH->HfCbHxW6~p
zNwRk63fVhtk&oQCPV2UY>pF5!M}zL<wRNCpw0UeDuB*At@~lKgamn?0q;n!Z6T^<7
z;KK?hUE4-S>wVh1W_g|)?!1e;#3Zr{Rcugubrd#nD7_mzNt6*(@u5c*?`U@ZGwY7>
z;_#Q>JipSh4xc!Z4{es@A#`v9non_-!h_}{v1H4I`*al(l(Th_oKa+?K(Ay>PAzi(
zpfqi2=sL5qX8208ViMibNfzT<8ZV^8EVMO`*qGKHn?HC8R*OJ=>%;tAlM_eyo$<=K
z1*u6tqIPo;-99KgJk`0|Ce>N<4n$?!$n{ODc~XZPHo^W*qnsj3Ei<M?w?f4zRvtK#
z+f%VlrST&+(Ox4qN0X))*ksre?i&@cZU{zu)bFoWr&l~pH;+n&qF;Bbp5kP8lH_Zi
z;i@a(oLI*Sm7TH1TfJuI$55#B<1y`1poZ!>3#*+u0n5#_z{bIK0Y3X9cO%2cq&{%N
zC0zKFVu#0=(PDwru)84hH8Q1Ul@I>}+&P&KSX3(B^f1LfWS8_=YSx5lezKky>gJIn
z8cl_D6iCf@sZ}^r>1K>$q&=+~g^%{CP52CeJsKw;)R*m#&X_Z`Igo!?OUr<_ZGxxH
zYO2W)&AJManATI2#L|wct38I-)T4Pcg~6zSVpX$Tu|#`6n0f%M8(T*3l;pkbF}-a^
zgbyCaD3C5J#Ko9!La~<`r%wuhPXN~x^hu^j9#E8l&`kzpa-b*Ui}Y?~pcLU3*|jFR
zVrfVv)Nm2MN<~LBIc3R%yBZ(9p%KKA`|x)Ut2+md6EmhcP?b7X%6PBwZiw+(?^j6W
z7IG>6y(jZ_nSA%Ugi&pFWM||(F5Nw9p73C3iX9!)<XEArWX5p^>c~2)Wd@Jfpz*;}
z^;xv`$>@skhk0rj4;D3?;F)aXbF*fsvs6p$6$RK}lwqLa5Pfv~yU&^lc`GpXd1#o`
zwwT>CyIBU<<Mql&j;vMe)8j}EHHaQlU+_B|u#yYmT9t?`p4^m>_qk&CSKzN(zCSL{
zZhB=1PjK8a?6Bdapzv+pChadDHI$w;LYq6R(F42C&7X=vq~2gtqiQ43)y@ct7f1%@
zYEvB40GgY6?Mjmt91yTYwq;v}9)P<^Mm+S?+Fg)LEt^=pX<X(0PjKJ^`pCv8Tz%$o
z%m3L3idf31BD(|2W~tf!`sV0ChkB24L$bQLBYkyuuLwHRecj!lbzOXTD`bwZb6r;|
zBC@lX<1!MDqZUnzeB({ZFE0Uy`WTZJOf5-s6?wv@7IHH%^kR>iL^`$Dc_Y!tZ+Nf6
z%HdwHjV;yu;2ln{s1#`=BUOi7;=7pv6EiBX^2S~%@~VcvmqyweoCjjxip=Q71TqIt
zb_iv_qT<U8l{T;D$GQQ&dBCS>Gmy0OOKNptT-!+Z!<b>Gh<A02ndw+2PhkQXv{hnG
zxHU#-$s+>oWnuhjxxFLwZ9;XbADD=K@fpUbq5kkrt|mvvO>m*9(}+ZhD_<eTy|ajg
zWM`C)H4K=U>P@=iOL~J70(FjQO-A(EmmC7ls@-9KG-T+sX%a8X2e-Ro4TrIkqKq!}
zwhx4E3p?d7uh542ZpO}gSxE+Fn|E#lWil&-hqBl`X>@Y4ejxT~THWco2Woyh(zNZh
z&9Xd}TKjouxSn~~Ys9qjpiG|j1)or9@~vHcJ@SmIcd$3Qp_9F=J@lPW)9)B;T|7qK
zv<PeqV`AUNH+_xpJ&0;A2FGOd?NQ$}(qdH&WfV&CRIE!rhTIW(HK}t<dp!q^*~#QW
zH$7Ngx1F&-QRGTL@)gdC8SZnNFN5HAO>SiJ)t97fZ3D8Ipcpw@t`qi`hb~j)wRsFD
zu+?tj%v^Ee1h>14V#dG}d6!~N?_f*&VBhTOlocjYzJ=w^9A|W9d(W+0MHwB6g8>D2
zJRuuJ66{5$FxBDck>lL-wct2C(Ikd;ootIrGH7hk-A(oNj0H`AXml8IP;uH=y@PBb
zQTKQ&-<=xKW+W@h%Z3=tk|$i=o9@OSIVAALkPIEyz1~|Dw<qDh@~uh}+Y+2=v9hwc
zi{QV^W8(Zt7HtW9rLmLwtJ2dhni!gM(OL&4Tr{y-sphIoE>7Ip7L9>h^OHLl&#An?
zmx`5fu<l+mEi?<GSuvRpWq$SBrbg?{znIu%O}=PiH0Qb*@P@B5^J2;-dFtcl&>Tlz
z$HA;5pYlq+GnqPUbeQi{>7?RtcAaT<%!q7Mnj0xQ#f;EAizZDmkm{R}QU4N?J;S1|
z*M!3%Yfa4&dg$r76}|d#Ox$Z&&jzOy=NiI`t6m;>>X5lSU`#%W?ADQHcR&s)vo}`0
zZteL*baIUrj?a$4v6`NS$8%05)pJ<DN>8e(=*)Q)Q&!pe#MC~vVb?mT%=UwCYh}eD
z<4K&EF2+kq4#atLre#&N#56k-IC^VgbI0OmH_e~kJcUg%Q_q?J(n|~J@C=cj0Wu>8
zLdMjOo>?6xRZnuf$$?Xy$tuHB)FgPIICDLEKAoFqo?dc2rMz^8c8k3@o84%<)LyOl
z>E%}KoqO(`2_`+gGrOdxcdwJZh{dx1xv&3vk!W3T$`4h5#s_N@-ji2&m&nYhy_IKX
zUMf5vWjZqGA03(Girjlm+w;ISm1!tFE6g*gb5N#_1)Mj+vC%myy;R^QYl6yjir9Y^
zWKL7*IjqA(_OjWn?Je@f)XJL)o(rTTHjVOzot^D6tHp7mQHUBQbL5s$Wo(Y0S~VFl
zs^NyGYVka2_aQkmcpqd>**VwrUY!5r!iz$+;FM(s^U3|M0et@`^R!W)m2D8Jvw3Hg
zJ!uDJ0JU>D;^j&<lpjm|_EfyLwz&7#HnCZAYnlk`6*|<Rs_<sjOdNDnr_?lxz<in}
zPS1?o(^5U^33tN+yH679)?L;dnr<!{@!gck?%Y*gKAat!XU`1TrKZjd8A@gIyqO`>
z>fDxY*(#M%J!+f@Eo)d-UAFksWrp(LxQ?yiJeu@9$+ii_B^PCKe}SgR^c<KAZSRhx
z7o9x>A!cH36J*wsWK|A^jA=1FclDSArp@&IWE%N*P`nki@mXqipsW%MNYfOKm5gJ*
zc4yX1`G?IU%v0#anEUkZDK)dn%b1qa^P>3=zLTA4U89eWBG)i6-R;F<mpQqnmuRJD
zUeh!%38(8VH7RCx^OZIICc8<d=gipTsWdWd@Tm)D)=fG&_>peHx}H0clp7zIjMFz6
zYp)IEWGP<(#QXahIYcS!ygI>>`k#8BLU^Bna5Erh4S#Y@FH-h)nwis!Zq#>HJgu2S
zNwPbD({bj3fPK<`G~zkX;~>LCPOdG9<3=;Xt6NvqI9IDD1MJ^6Pj0l7&^mOrx)L&)
zv64ocmAyGWO*!PntBB8}QBTkA=~V#|cD^%`l{c-W@JyX4k9C^5p6y;oAGXW%T!$$(
zLTJ)W&nFv(DgbA<x*XPRh{BuZJULJJldXAqboxLTa@sg4(p@5_?$nI_q>g?HvKlhp
zE@ve>xpgc**1CF|xejC3^?#8och#(IRevd9Syu^s!%(7*D?Bs_nR&xHf*l|(g<I;#
zW{j<tm7(leIa7N^^g0itXk}c1EHodd=ceAtIK7pU<{>l_XNGBD8cxp=4PNGCot~Ap
zOw}O~U2=ycs}6Ak2G(duYFn#cozcJ^`|i}6UOwPe2Kc0=uE{bAo&oJ=kAgRu<hC)c
zz-81&Pp7<KYoDEs)RT|q86yY!WfGWLO*G9O;bm28D&r{)Cs)HHdF>`*gbiJt^wY})
zqN+1~dQqA|G*>cwrTRVpl$AMiMy<>RllS1g@@Yr7&)S<ZRtetz3)y-@qP=X>8YqF?
z0V}hidG@%0NV9;Z;!Rx!rT|SFJHw$;kut`!GBal?Ql4zMGk>PytJ8j_qL9OwXNk^!
zV1VM|0L17j=NWk_0p~ORsW^9@PcKrBDs2gZlYG{<R@Tm>`*JFY|Hzmp9rf~qyL|2p
zqFyAvT7wT92OB0tW=t#UIpH})y+~}@^n{|G3GOdrBL)v6MA{yuP7#{E-wPw#x(AJ_
zGl{wxNKYf`#>y89yg5Wuao!96saW?dJ1-Jbe}-=1Auj9|u`##ajG>$+O&6Muj(NsZ
zijh1cI+|@51pVvn=;Z!Y{C2dw&F{Rz=M@5OsxyP8qMT_#v*N1n@T6kxmn&lFS`(bA
zvkqWn&6)%r8#@;M*a|)M!XP~fXezHdJ7#rm&rB0+j~XWa+@G0VMtc)~W}29UDkG>e
zP5dc8vrQzS>P()QCP*k^Vj2lE!-xCb47x#rI?gssB`Ke%apwa~#k=2>i0l-Ong3Q*
z+M&sO=om!K9beKdjocz7V>Hxttl&<Ml2LDsZhRp3>12YA(xxe&_A`F5DsfD*@2LeQ
z4^5>tr8>W8#F4WFB8RzS6&fr;TS&fWmHF7vm{s<RSjLP|xP`7diZ;@=I_tKH<j7WN
z)Rk)!aplx!{94SZ)oeqZO4NGfYS(DT51Y8HwUaL#V(#1-sr}2bO)j45v98BPyRwzp
zK~qWNCPDbg5z1;_iie}v?rKkOHCi!i6?0TcEpiA|Y*4Yd?yVFr-94<7pd&r=X{s`e
zV`<x+X-`u&sIcT=O6XK?yvT`URB4HfEX}gQtNOudQ@s?k=S=lYGA2y*3{VBhP{3GY
zS+$59Z200s%*jIY*ezrs!wl`dMl+-avRf;)B+KzMtA&rZe@H8Ck))Gtlm0B(kUJl0
zq<q=_aO<j?^H|EhWxPSnngi9#8ool7wZGy@Eoqp7*J?1)H&f(O_;SMXJex71xXm?`
zdC6&_<;bG7;1rF8oti*a^_-%HDlLu|W3}e?r~gJz$}DrBbL>VLYFt08j0Py<5tW_?
zwD}F4C*TS_&QQGGCWyr&3wj&D3?g-BVf9L@xv@{P(o?W{*6^EU=@}(1<vy_KH=A#w
zJ6~J#OuegpcZ$}O70=I_GC*R<lXkpZAG`qsv%t)(o=bD@Ep$#Yk>-sre@@o42YDSh
z>)63t!f=umXPhIO8B?*Q6M&&J4{NqT<yDJldU97KH3Mt5zv>r8((y~f!>vroc;eNx
z2eEKxUG)s~I}V|Hc$N6d)MuHin{DULlaOgu(||rCk?AC~4@pkF2}@&%d4|<DaJ=+P
z<tFci*7a1-yecGL|DbtQJ)fM%Sb1H4fo__(bFCuVP|f_gR5@>I6)QsJXp*;yO4Xy0
zE;0jFUV<jI%!yV#Gc=Jp$wlxH4vyN`=|tPu{<1tH<P)HtXF_`xoJWpAXY$po=D>+|
z=4SPZhy?tZR=pWbYuIKbYOi(RIGI<}^PvS!S*3gSCTqdl4%Jw9(gH6nGLfDJ&DWZ?
z<}W6C7D=0zJvO(p*JVu8>N&v~)m&nju`TkwnXEdjcuP;v>N%^}Rn7{*+o#6Vw3Vn9
zc)_=qs#CLO9YqoIbT;5IV;a{izX8*1pJpp&PWKve9bO}y0&D}b!)6<&riRTnlRIwi
zys+6unUlh1o7&xKrZanN+R$vT^mMQRLsRthT(AM_%!yz<TendSoHbmNP?P7{;GR6j
zJZBvvuAMa0wM;@!5nVUli@RRgY;%>K^Og3&pq=MUYMv*C_2M&Uh4n1(e6%_-c`C}C
z4>lDkkColYU{mop>jm#UCD(cK#zbWrSZ{q3ZF(-wcPu;$o+UONS)C#_9cNn3(EPBT
zIZ6?q95!f<XQMTTTBz^9w6LCY)Aq_~JT@n6dIg>kHfRy8Z<Drlh4)FF8DoPEL)*^y
zN=8*+Lv;1_9$9%^-*cuP{>eHh^?E5Z9s%+8Q<v2bS9soStT&fzmVrN!tY_hrM6bck
zK(DL}JGN%`t37@s)U-LC0*#tu;T(pctebtjyr^}kOD=?Ea`VhvFOEyJ_;S+sXP6B+
zN4<0go^3fkVOF~^uu5trmR#jtPr5T`QgjZX;D*xqR#WrNrW01v)TFc7rb+6-gsY>C
zuvwh1G^D*bmuk4aaA&4X8_P#UD?Rj(SG`nD&q<s1r=|8Mr1k9BUGRF=oIKN0(R$82
zo9K~&-7~pyA+O|DXTeK*%bbBWZKfHkewH<CBWc&MWs$?k?M5d$`R-YDpQz3{>*awC
zB<wlCJFqy0V30N6tmhPW;!=~%dKS@{W~oaPwaxGvn3C4BG#AtMrms71EhQZ?^L*i}
zSaN@~<_SA8UJ=_Z5}n)`uW5iWSJlZXL+?dICaLv`Wg3xW>e-HR+t6a?^Etj<_Dr^(
z4aygsnbxy(QcZ5=%kEzJ4xwk6_F0{j)-z1IBtyF2?o3^4{A5HYjb`N=p2o}^Ns_6I
zNo%X|sTpglQ7Dh`;eAf88Xuag)>!EC064L)^2r6D+n{96QfpR50rl9<o}#vDhWUz-
zi1XfveW@t(+%FBe@y?UeR*RLiP^Jed-Cl2ITCZfjCwoFL7HDnE`ba5x**r5Z$hJL!
z%f|+#%i>m#R$x*OJg2RflZr{?rLBrhdN$jruaYyBZMI=>9@}hly?a<~7cxhBRPyUg
zO&f6NO<x<Z;kj$G&Af?gvrX)yugvXP$+NV3fs-{%&}Ei3q(5W6+Ke>0ovMCbEM<)S
zN$;(uX12|=uJ7qteO9(P?d@xokJ!pFzerBYc&?=*^h3>cdWu~ytLgc5Q_*NobqE7B
zGI|t+XVy)5OHZqtGD**=n>NXsP}j3EH!R%QbiG*9N6eZ^H*FP}N7pl!1}pG%MPl6c
zODnCiKcj+88_RD1dlqudBSS3dfwgC0pO&YLaB=LM)UujETm#oI(HrT=Y2*ntn`Nb@
zr%t^vY@Cy2mE8HMP9p5pwu!`TgW%10V`0B?RGmIJ?W8()a5}D0-$hMd9~$@WRIcf@
zGo}nSMt0bn%+MisSA!+*t4<c|xwf-f1}=eZZ0I`LMu)D7BsvmBNw&Bj<ZAM#1~xes
zgY0>MtFcl6fi>m3L0K_+@JLRRUUDSA)wzJV0%iC^R=tZ;iIKBM=7)Z4Y;|HL_G%7t
zXZ~M~M}IxI$B1_mU!5D5SC?0}oN0eEVykohW<^#eZsf?o)v9F3o9dTW^XB>WB6*Tu
zFH+n(llO8|dU{{BkXrEP_GJUKrqzjkIo6ximm{m+0_7NIx<`&edd?)Z9F68O5-o!W
ztJC=My51bV9O+Hq%aPvfy&Q=iQY1?f9XL3o?&V^`owS!-<M4^N_NMFQb#X3}+6ts?
z&UDU1y}UM3_Gjt!EHJZBsHs34wQbtWc=wXr$$3-G(=+p?Oo9WMbWChb17||sly^Hr
zpzWz;)gnf>xdT$OY)}{Wf>LgBm~pFFW))Wv8`o7NS1@zuV3g)JD@8U7+2Fx+#08?W
zRz-nYBrZ7K5$T6-$YS+{=6Orhf!#(mD$Sc_*W1o!Qdb-ap#iZp!LGM5@`&-$so8Zi
ztt1gNdV#7`U)G9iG(CECku#~TmtLhvp(fTC1k0PAOE>L3JR;Wk4sJ0M8+k;4N<j0T
zjCOb51M>0!GjrI<nZlhsH`_=Yx-;iSjFOqjxa!f1M~eQOxhXg433EM@)NHw4Ed29S
zxhVtL)ne_LeQ=GPnP<LDxw5uVJN=}0sFBxrZ*E*KrRr=4cnMgJ_v&XJGAlVYE3W6*
zP9Y~-c9b_EZI%&w6Waa;F1B5F^_jw{I}>hJ!fq2BDK1>`w6N?hnJbegz|FRDX1`?v
zOuJ{QgQpy3L!S3GJ3h2yNOdL->M2@$y4&o8(L|)?x(%Cp6W!ADiAr8gv*XT)8}{c;
zhf7w;Ot*4-AbW%JM7XqeY8Kq=cw{v?1#b3gfy*qZ0Xr3IW!B{E^&^{`roHvo*Ty=u
zzG=yEFDAR2qS0A3ssjyDQ{86g0EzhX-1>G&`xEH6+C~CC<N<um-7he`Ehm_m$z?!#
zZd)?VnAkR85iCG@O4|$%JfE#+f(qx!XFUU)$lP~+f?WaJLaWnLv=<qez}CxD^*kiQ
zQL-kZ4Oru>l`(a#XI<%w#9lr(`!J?eNZ<9Utnbfh>!pFZs(JQQBbqqYbA&GUES}2N
zv#8ui^yabkOfn|1_2RLQAh)rMs1482<vDV48?8BM55v7cZ?f4y6JweYcgk8X8}`7r
z^_G<rvwpNFxXzc4q|3`ra^}KkZ-PUW(0yx>+kEZqawku&TksLf^j_mx3}#;5O>>=O
zn^e=nAr?!?#AiE6(uo*UQ%SDpV(D0mSV~coYFaHaKSo(T@P{u$$5Qm{V(HdlXj7LP
zt>OA4n<eG;BZJvfN5O2x4XR1isCaP`tyS5?wM?pM$-Vekfe;-lPdL7s#FTP02}H+|
z2*;b&&kVs1bylhtfwOGYAaEBLCnIUG0`o|FEsq%&Lz75*2Gzt;Ge}46YUVvWcXYt7
zc}DC^98KNqYDU?xmOpg1s<S?O);d|TOiCPR*d2?kRus{gk2&C9KIW78B|^~$zD0vw
zls+R!j~DR})jXcYleXmLnsn=~*{;kqohr6B&2%ajWvb3Gor=aJ)|CmSQ?dT+(y8dk
z-5Xr)Elq|<yYotWE~-01^=$;nZgo=WfHjU7cSdQ?OdbbU{l?ykGgftdt~))Ew3i}A
z%wR^1z%0_9t?m@@n;)<;h4ki+PC2qBxC(J6kM`{9u|aa!UXh`Ybwtx#&sn($y|jT$
z##YCH68hje;^g+HH%YXYHVm8@qEm4+J#;GG%yS%>KLP%0M5kwkPNkADC3MOL)r8BC
z>U_{C6PX_?T2t7L$y0lp2|DE|YZ~a3k*S;D9MCCqZvyD-*sP`*HH-yqWhg!rSMAP+
zUQob^)wII69z>&%l|;(OneI7N5ZO+dL#$jUS&5iEH8=%~)<V=E7-?ENxu02?+}X=D
zt{06(;1vz?pe{A7v**H?@MxZ3f~X3+A7)MH?0NQWgV(-+shm@;D%(2V2D=-p_64_R
zogQ+k4?Ml1gmwXU?q)Cd*aL6?qYX$+-0WMXW^K-lcBX93j1P5uk&#dwG8ov4%>JGI
z_MeTa@o7?==}`FU1kHZ7ZMN_kk&Lbu)(*W2Wk$SKKRO&T^R{2Gu|PW=e7`)Sw~)0X
zzy}^S$+<Zzy5gmd?`rtAS>DW{j})Z`5baI4hM|+Wv8mBtFgE7eDtWq>l_^_#(-De|
zh@;`w&Wz07&Y|w~qc`bU74;y6B`U+2i#g>9@y<ldsrZapm{T_X6wIk;NrLBJ_H0ZY
zCjD1u@@3B?F!Qo!Q|)W|gL*U1VA@mk-#%#1ye(z&mztm1OWT-8Ilal5(-uh~y_uQQ
zM%8z7j6-i)=CpNSERtM2=x5{X=OlvfO4+K&n!DLcPOB_q;%3jzH0<eFn?0K>U!jr7
z>@Q?jd2;Jc)|{DYdZuR2%-J6+(=>Yqrib9q(VULYo}f8xXF4M|3d1jXS351R3pH0&
ztKhuMUh08KnLQg*72b@@>1gChE|5d>pXs3?Px-yMnC-n38E9u_{oQKxt`jGWx6P-G
zlPZ==(YA6IBF9b0jYQE$%J4_w31cSaM#>z{BbP}>SH38<OmyQX%AF19Fs>v~jU8pp
z+6R|e)tKF+V+<>4v1O&vW5;=@e%pF5M02ar6LuXxHZc$vf)jV!RdSik*W4}dNG@p^
z>=*TfU7;>_wQ5}Rg86e7%rD7qAhBa7N+Ncpo?cucc6BB%wa8O^nK8V*w+pYRz;c3=
z(^|H*$`}8f5AE1DpQKyWCzIQlkCT}-s=kNh!lb=-aS!I>HY1)ZUdL3tO8V8eKICn%
zipi*oNhMEqyQ<0fYSHc3r0QIb$jSI>-X&hX9!k;GjCOW)l^3^m$=kvGGMltag<MIZ
zno+mtLp?|K^d4Qw>-cJ3T`L)p+bQ?Q)z`Rcc3rFf^3vWT9jj`lhk6Ev`uckN2PM{B
z!)}^!)%>S7joEnPs=1eH&T>)B_>$J14*59rk>%2&*3Pb>{>t_oTg^6VvAa(;IF7EA
zT{Yv_>ir$1UfEuYx_Xb+3c#-I>`T@P4~uPy##Zw?B)1m&<c^gT-A<iYF{<Xdy{lLD
zJNbAPz8GMAjFIf(aKhwJvJ;FND~F3YP*pL;9&ZVc-)*8jo|Gr(g{sYJYgcFMKxwc|
z4*PKvM|&%e8$U)0T}@3`N&v<+Z{l#=_|aaDgsTN8l@<-jCzMNDjUKzJQ#)1lIN6OW
zmFB9^F1W|HlgqK=CssE_b)B)}cB6IBF+<yw+#576%qF?VIQ(f{y=|>sX8K?hXmJ&7
zy;M%<2ey=2nj2>}%`eTbWYvponveMAxgi6bDyPht7g&APjF$OLa{`ewnj7cOil#1a
z__j37TR8bZ(=E=<q1YgH#+<3mfpo-TdUMPCT3(QocslW#kYpxJnKCbuk*V{VCQS)s
zaw;k^5ZBl|XAV9ZmR$jpXUqvXoz&RaWVf7iI_Z}Cf^Bj!h+U&oW{m5Xvl*U9fg8;y
zn;P+UU82y}&$@@?be*VL?963VBRr$W3t9Mrc~j%$#7vd=#ClpeX4kY5t2fS{mtH-s
zl+{y8v-)KD_$LbDrrwxRVs$9pqtMPSSgD%!-XXbh=#(2r*1YnfM(A@Rr8VuA8}7N0
z@)}CdK&#Z`qF(E8+2F{o%2)IS<Q&+Ss}WYry}Yt(vSRKP;#Z0PK>SDIKN0_#_)X%s
ziT^_USK@bx|4#e?@jr+^BK|k=C&Zr-uaNiaYenLfi3`N55U)nO2Ju?N>kxmAcs=3`
zh&LkMgm^RJ&l7J!ye0A0#M=^YPrM`X&cwSAk0u^VJf3(W@ovOlAl{RBZ{kVBjl@mF
z(}-sf&m^8jJe#<gct7HK#4W@Ni1#NxkoaKYLy1eot;FrbW#Yxeoy12HcN6y#A4NPs
zJVbmn@p9s0iH|2ff%qiiQ;1I^KAreX;<JgrLVOPKxy0uaUqE~j@x{cK5MN4s8Sxdw
zR}x=Ed^Pd4#McwwNPIK#t;Dwz-${Ho@ehc9NPI8x{lq^e{t59z#6Khc1@WWAza)Nw
z_$lIF5kE`(YvSJ!|CabA;+KhkPy7es*N9&yeuMZ;;<t(4A^t1zyTpGd{($%&#2*p=
zoA?vr&xltjP=A4VW#R(yD#WW1uR**P@jAqxBVLbq1LBQ{HzwYccyr?6#3P8eBHo60
zJK`OPcOo81Jc@V>@i^iM#JdvjPP_;4Uc~zlPbQv1Je7Dl@xH{fi02T`C7wq-pLikh
z0mKIpA3}T>@!`a6#2v(oh?fu_LEJ^$L)=H)PdrGxlz18Oa^ho&k0(BX_$1;}h)*Lv
zo%l@Rvx&b#d=Bxs#OD)VKztGL#l)8oUrKx#@fE~Z5?@7pHSx8?*Aw4Jd^7Q_#J3UO
zL3|hS_lfTz{t@wg#19ZZNc>achlzhq{0Q-5#E%m{N&GbNGsMpkKTrGu@r%U2BYuVW
zRpQr(UnhQp_)X%siT^_UH{$n*-zWZ%_@Bi8BL0~8Q{r6F?+*+kUWqtQTqItVcy;16
ziPt7>AYPYvec}y?HzwYccyr?6#3P8eBHo60JK`OPcOo81Jc@V>@i^iM#JdvjPP_;4
zUc~zlPbO|8ZX%vWJcD>9@oeH|;{Ax{5zi-HNPGbCLBxj;A4YsQaT{?5@gm|S#77W!
z5%&=H5%&`h5-%lQMtltMal~IFK7sfo;**I_AwHG(OT=dopGEv-;;#~ajrcs`uM=NL
zd=c@*#Fr3XN_-jd6~tE(UqyU1@wLR)6W>UDGx4p&w-et<d^hnAh<`|YFY*1vKPLVO
z@k7KvBmM>Pqr|@?euDTZ;$IOzOZ;o%-w^+n_$A_(iGNT0D)DQ?uM@vP{3h|+#D5|F
zEAhL;e<%Kc_#ea{5&xU`6XMT^S6IdGPpnA1GI4=;72?&1*C1Ytcpc);5wAzQ0r5t}
zn-FhC{CVOnh_@u(ns{5{?TL3J-kEq8;?cxoiN_O9B;Jkq3&eX8?@c_3xRJPtcpC8x
z;+e#=iRTc{C7wq-pLikh0mKIpA3}T>@!`a6#2v(oh?fv|5+6z2P25X-6mdWCAn{V-
zWyHr2A4mK};uDEaCO(z;OT=dopGEv-;;#~ajrcs`uM=NL{0-u75`T;M+r*a>e~0+H
z#NQ*nhWI+-8;EZrzJ>TU;yZ}%BK|({J;XmEzK{3;;s=R;O8hYK&xs!)evJ5W;wOop
zCVqzaIpXJue?$CR;+KeDCjLF~ABg`*{3qf+6Te0L4)I@!-zEM#@dw2JApVH>-^8B~
ze@48*s?<LqUYWQ+ybAGZ#A^_*MZ6C2=ZM!M-hg;R;*E$mCf<a2Gvdz^Z$Z2z@z%uK
z5^qnuBk|6}yAY2i9!or)cp~v`#9tuZlX!39NyLrBO~liPXAsXMo=x0LydQB3@dD!g
zi4P<`nD|iQ5^*bWJ8_wKF>xpHk;L7^y~IZm4-gL#A5FZR_*mlOiBBLtiTD)a(}+(e
zK9l%t;;#^&Lwqjr`NS6xUqpN{@g>BU5?@Aq1@V={R}o)Ld@b?y#5WS(OnfWx?ZkHy
z-%b1j;vW*<OME}^kBNUm{1EZah<`!+DDf|epCEpU_*cZw691a`H^jdseu?;H;@=bh
zf%uQae<J=f@ms|25dW3<UE;qJe?a^X;*W^`P5cS*XT&S4M*Rcgm5B?)s}Qe7yaw@F
z#On}$j(9!d4Tv`)-h_BF;?EOrLA)jL*2LQqZ%@1<@y^7%5RWDvOFW)<BJpm-Um)I-
zcyHoK#EryF#M6jp5YHr@P25bpA8`xu0^<FN4<tUA_)y{!aVv2<ahZ5AaVPPS#NEWb
z#77Yi5DyU_O}w1=SmNV}Par;t_!Q#Ph)*XzllW}nuMnR@d@k|%#1{}>M0_#vCB&B!
zUq*Zd@s-3^5noMwE%EilHxl1Wd@J$o#CH<kP5cAm9}?e7d_VC6#19hxl=xxdpA$bq
z{21}$#7`1GP5cb;bHvXRzd-yV@$ZOVA%2zkHR9Ka-ynXI_-*395dV$%J>vI?KP3Jq
z@xO>aCjOK-x4M7+A4a?qah|wHyejeP#A_0-P251dF7f)r8xn6!yeaYK#KVb45N}1i
z4e@rwI}q<gJd$`6@fhN9#1n{jCElHQ58}Ou_aUB4JcW2F@pR&SiDweeCT=F)kGO?+
z0rCFC2NEAld?;~=xRtn_xJ<m5xRdxu;%?$z;-iQMh=+)eCSFc_Eb;NgClH@Rd<yYt
z#HSOVNqjc(SBTFcK9~4>;tPl`BEFdT65>mVFC)H!_)6ldh_5EThWI+->xpk5zLEGQ
z;+u(YA-<LPHsaff?<Bs9_-^9w6aRqt9^xMo|A_cr;`@m2Cw_qV$HWg3|AhFb#19ca
zO#CzApA-Lr_z~hqi60~WCGiu)PZB>x{50{eh@T;TmiRg1=ZSwq{9ED|iC-fA9r4S=
zuMq#9_*LRR5WhzJN8;Cs|3v%-@t=v`Bz}wdZQ^%`|4RHf;&+MPBmO(_`@|m*e@Off
z;(ro<MEoz}e-nR9{3-Eg#4EVn%iN0c&kZZ)yw__b)*CJ>>^;sB_PVdaYq;)&*CJkr
z_;bYT5pO`e5%DI(n-PDWcnjh!iMJ-+mUw&O9f@})-i3HH@mS*V#1n~kBmM&Mp2T|-
zPa<w4ZX%vWJcD>9@oeH|;{Ax{5zi-HNPGbCLBxj;A4YsQaT{?5@gm|S#77W!5%&=L
zp8!}f*H7_-#7l{n5ich`miRd0FA|?fd@}K=#9tylgZM1sFB5;2_-n-H5r3WdLgH@_
zf0OuI#NQ^qocKG$-zEMY@ioNP5#K<36Y(v?w-Mh#d>8TeiSHr)5%GP*4-h{{{8QqG
ziGNP~2=QaYj}t#h{50`1#Lp2wPy7P$i^RVpeuel|;@5~@Cw_zYP2#tS|3dsX;`fN(
zC;pK5pTz$n{+Rev;+)qZSTQ$@cqQUIaglgc;?;@QBwm}ifp}fw^@%qm-k5k(;?0SN
z6OSO?ig+91?TB|E-idf5@hIXk#N&u35bsL7JMkXGdlBzLJehb3@l@jJ#QPG@BA!D$
zmv|oWeBy<~2M`}bd<gMj#D^2N5qA(TB3?p#1aTK}4{;xHKk*>(QsQOA#}FS!{6*pu
ziBBdzmH0H`(}~X{KAZR}#ODy7OME`@1;iH-Urc-n@ukF<5nn-kCGl0nR})`Ld_D1v
z#5WV)N_;!<oy2z&|A6?1#P<^4PyA!zpAbJp{4?TT5I;)%OX4SppCbMh@w3FgCjJfa
zZ;4+bewq09#D5_EBk`Yz|4jTA@jJwSC4QIq@5CPv|AY7=;(rr=Li`!=3d7tEg4`b<
zUYWQ+ybAGZ#A^_*MZ6C2=ZM!M-hg-`;!TJ*BmO+`7Q|Z;Z%w={@%F?!67NjB3-M^;
zvBcwvClc>Q`~~7YiT5U+MBGT+L_Cdn2JuYd*~HDn`w_PgFCgBZ_(0-=i4P?%5w{Yz
z6PJk>6L%6HN!(4`OMDdZ0Pzs<(ZtJ%k0m~y_yppUh)*FtjrerpGl|b8{xb1biN8jC
z9`V<SFC_j3@i&RTMf`2z%Za~3{9WSj5nn@m9q|psHxb`Ld>io{#CH*YpZFf)9}(Y2
z`~dNT#6Kl|nE2<!j}Sjb{5bKG#7`4HL;M`^^TaO@zexN$;#Y`YC4P<gb>cUO-z0vU
z_%FnNBYuzgec}&^|4IBW;*W_xC6-(EPLTTn#48c!iHpRm60c6YCh^+D4aDmbuTQ)o
z@y5iP5^qjCoOlHBR>a#7Z%4cX@lM1eiANESAs$COfp}Nq-HG=g-ivr2;>pBQh^G=y
zC*GHM7V#Y7xy18`=Myg^K7jZj;zNiJBR-tCjktq&5%Ch@BZ#|*dx-mp`-umMml7`{
zK8E->;x7`PNPIH!sl;C*K7;ry;x7|_mH2DK=MjIM_(I}u5Py^STg2ZczMS|w#NQ?U
z9`QBA*Ad@9d=v34#J3UOL3|hS_lfTz{t@wg#19ZZNc>achlzhq{0Q-5#E%m{N&GbN
zGsMpkKTrGu@r%U2BYuVWRpQr(UnhQp_)X%siT^_UH{$n*-zWZ%_@Bi8BL0~8Q{vo8
z&gnlV=YQgri1Wln;#G-PCtj0yZQ=&vb&1y}-jH}>;!TM+Cmv2bf_N+9ZHTuc-hp^0
z;*rFoh{q6*Bc4FKEAj5cdl2tMybtkY;wi*aiKi3qOFWBs4)I*#dBpRH7ZM*pd=T*=
z#D@_dPTWS^LA;1~3GorcUBo@aeZ>95gTzaTmk}RBd>ru?iBBXxnfO%VFA<+Xd=~MS
ziN8wxHRAJ#zfOE1@i&OSN&GG1Zxdfm{2k)&5`T~Q8sh7SZy>&j_!i>Zi0>f2i}?G*
z_YnVx_&(wXh#w^WDe=R^KPP^K_%Y(giJv5Xn)n&w=ZK#teu4N!;@=U!Li{T6Ys9Y;
zzd`&a@!Q0IA^scjd&KV(e@OgK;(rl;O#CUaKLAk9|K5PW6>}>Q=ZTBNs}iqHye9G5
z#0|vj60c9ZA@Rn<n-XtMJe+t0@m9p!5N}7k1MyD8BZ)^5k0BmMJb`#u;@ye&Al{33
zAL7ZxQ;4S$Pbc1&coy*-;<?20i02b8BtC%nAmT%a4<kODxQ)1jcoFdu;v<N=h<k|p
zi2I2LiI);DBR+=sIN~o7pGbT%@u|dLB0huoEaEQ{f0g)a#OD!zo%llHZxDZz_*=x^
zCcd2bJH+25{vPo)#McquKztMNEyTAG-$8sA@%M@EA^s8ZeZ&tCKS=yj;)jWUPW%Y*
zW5kaWKS}&F@iWBF5kF7-0`ZH)FA@Ka*dNfoVr~U*fV-R@iC0>~eW1R!Tui$o<iYL;
zcJS8D1vhvnVt0f%;&-KZcSJSf52g4ciTjC9Aa+OS!k;_h7JMn$-%0F_0EN9fq7(cQ
z*}Eem5&s#*yCVb<zlBr5V0XkFcs#}LN!&#2j!47$?g%ijJ3<S53azgrmN2rvAvZez
z9g4rn@?sM|Hh&MrKS=zDWxNT{kQ<-Z5iXk<o|xAWCi@uPEw3XwCL8`jzQI1x!N~oF
z+@5(I(Xf}{z4Pt}0hDLD^8^U2Pt23@Ov*2%_=_yxWc)Seuc!FiE#u9AhFnwLeZmL-
zZ;}09En`1#$W6=Z6R9-~&&aQ4?@*zm+K`)>-@@Zr`H7ZSHSx3aQ!V2_Zpby~5Ak@v
z{8DfIdHM4#&ocHcdA&n>u;B%H_YNrX|Ae*2n-C4T{qt{GPU`!>{ED_mox~rU|GecS
z{?PnH%cq(3OZg_tf;sq~V>#LWt@(p3<IReOTzh_r<#h~~^UEzK^|d(vRm<y}_|E*5
zmf^c0cVzx<%f}e*&g&Ij!oB&YZ2amb{;2%RmfH;v<lnW7cB&z_JinT4F?Tk6Y<@G3
zkI#>?Ji)}Dke^{$(3JN8%iSjar2K$oycyJxJ0-6@j8TS9%U?|E>lt}t6MuUCCpLa_
z!)NASC3~H5FsYxj^XuisP(rf)SMobs-cEE4xpVT9Ehqcex%opa?`h)C&ktFK57e<c
zqZs%+8-Ikz4Y>>QH;}!~aJ8<9zbOBtjh|=u;=InNwAAn=`Be)dNH|NDhTNt3O)L*L
zd|7@+%SrjJ$nR@8Dc_a(vSqv()R4O>uQQ_TWBBU4&N$L!_}ct6*8Y2jZ_NMDvY;vN
zL&Q%JzeKDvMx1K=-JEx4bU=N5V(oF>YRKK1U$H2HgmYwR$lab_%krbrZZzcX%&%t|
zHdx=C@c``3U;uV!6ac$30)X8w_=DXq?t|Sg;Dg;S+JlEEKkgUg5$}HS9jsq)zgFai
z+z;~Z7uFGfllAvA6aT}!`^9m@>leb4{pa4iezAKeS+5~?fBr4XkNd@HtiQ@C@}CXh
zjfveaDkI+gqA_?svOk>oXyQ|d&mq2q*!@B)()$U;yI&MV{QEY3JCPf5Kgq9y16M-Q
zUOklG#qu9T*O2>JzS%NtuzsuMWc^>{Pw>`%H2-Zc{+Icmdi+FQzc_|B7aMX<<^O5p
z6aH0x726>^&%{5Q-_o+6Nq-mO$(9c^_P@?AwA^O+H~AjRCBwhX>lc3(8h$CSU&xtY
z_~pEQaR&XyhTQM-`UMs=>kYX-<X1w&FJVZQhTLoUO)MX0`1QPgF=K1PZ{!<oJhIV{
zdo#bkWt`R<a&PDREe|*RPF}xIFv;*=^ZG`9kKuRo?i=6O9{R>~lK;Qw^$lOVS=o^L
zAiuipfsZu&kNi%SlluNBKgDvA-oNvQTNZOu-@TT1FzbJkKh<(_JbjkG(Bl;fH(SP&
z)rQ=Ph5Ie5zsHDwL;Ppr4~g?Qk=uasZ%RCdxRH3SWxP4skSi3*mXrEerEt9EX(oQP
z!o`-8@~%<1&GM15Lp0>pD*V_ovV{D+Nc=YOu(e>B1lVs#ybE!o<%7hwA@{k$0?SGN
zXT3tF<y%br28HFc{@Iq3{cWSdcPuC6*|>0*<@L<^n-(6oj5h-sa+?=kwk*-6d~aF4
z)Wi=jd}w(Wv;K&}swk8Mym{G>+p4gh<s`q`6t=f~vx(oXu%~5=)N9D?P?&D{A``z;
zq0RD!hDR2TvAm<<QH5_?KGg7-!hK%+xWcPm{Di_VbPOeolBFTHYhk$MB>%e?cC(zE
z-}fjSY&og_y$Z`MC+Y1|_=e@vjK9f+?^{mVn<<6YEH|3?sf9v=2oe&WUfAAplHR_B
z11%@pXI9~4&wftf3eSFS;eN|A#AicpUg0^*&4%X}-t%~2VI6cFB_!z`P}tLQlHNgu
zHp}OVO+)UG!ZDV2GJII!YnF!_KD=<f$8CjYEhooQN8tm@N&PM=tc!#sjFzP#x1_L(
z<*f}LQJ7<SE5ludqbw)>dI}d>-qghR6>hPN>;8sZf8ocL&o(?*c)_xu*?(WRjQb1?
zxuu2AEGNguvchm22oesHMf&fB@s^YP9$T1gd3O_ke4%W4qTv$?Cs<C(ds5*Xk54IF
zW*N;|L+-S~J(iR9_w>TEmXq?IS@^``vkRM}<0>JE|4O0Ba#DZi6ppZ*To0dHIKgsq
zzCOQjg%^K8;dYNNDm>)z#f29vZy{+m<Sr?^X*oH5E-ifO@nwZ|u%RR**V9)NcCfsy
z=o)fY7QSE^KhnQ0%(k55@9M%bkFPC!(=twz4Y}(JKl1p-!k;WZXyR`!d}>+HZ0`m%
z95$dS_`GFlzQy0Ih0&Hr8osSChwKlroYdzXg&xc3hBxHyDtyWE0>j@ge2dn<k@x}2
zWn+I&;RTO>RCwR=$|nB4!e<^oP-w6>$dcpn!NQi7#oUy4q~$%#`adm9qWC$M$D8<v
z3x`vDm*vF&&kM&>{27)L|Bn<dq4;YoC;lHR+(YpXTi(*7|9Ihf%VP~cS$NxW(!M`k
z_{?&WpJxi6!-bj+*q&QhPV)0yVIsv(vz+AT`NAO-f28Fe@zs!fp>T%fxrSdXe9Llj
zz5Khv4IaNzxYy%X3r|{3%J*8~4a-UYN#+N%pX5l|hc^lvc>HEzXUoa)@OGie<G&OR
z_4sdvA&=iHe8uDU3s-skVc}kn|5<p}<9`+2@%ZDy%4ldMER&@n_i14Z%h)X&a>I%f
zEGOG*rQ$rxN&fT2qb#o}2V6t0SUkfrd}8}uKzxPeq<vep_!G-JoAg#M{@L;f)Bjkr
z__5{vOngIeV;raw(5yG))-R5+oaA@I;%v)%n)r>2Wsf&4o@jZLiQl|<iREN_4KLnp
zIcdK~6n|wo@xN8^9m}%1Dc^^d@#bGcZkys-*pVdsL6(NxcExQiPcghhaUYL&DjwqT
z$l{R4ql)KRPTJ=&#oH|>^);^el;xy-n^63tWgJ%0|0#ZAc{Rhk7dQXB2okVu8ghFS
zCs|JH_bMJ_IXU0#Q#{^s(w<H(e%<movwmaoCd;Q7ZYuu5vY<)hS>jiS-y;6Va<V<9
z71tRKPr2M|SsLW-#16wjxm;5InZ@Se26MCIry)1H*zIw1@odXU{`V_>$1<u#`cuVw
zEw>t;UwqNBpvnL1md_V%$So{>YWW<)2Nc)EhLLccEDgDXiaT0Pj+aA<O_r1P>9FEK
z9v@yj$})Uln;cJkw&gbCzoYm)j~5kxVmWEwmK0yK`~_owMDgz)cNJG3ArUqpy^Sp=
z_19ON=y88>q2;s1wjnoI?6I7*=Sz!cTE>?N8gk2u7g|OV@PDOcG&>EsV~Rhtob(rt
zD?UT^Z&*&Y*B6T)TVBtse?oB$G`tdq$<mNJskn{DCl`13_>|&8%eNc*Q;Qvz;RE^W
zw){Dh|1TB4NbzS_Ml;`#JEM4w<)r*)74Nl-Zb?J#%f+WX{%Y}0mXrK{t+?t|VkqHo
zSsLW-*Upxg82);3mgS`U7Z$rLC;k76il<v{GWHi2FSUG=;Y*75T27A7ON%d9Mm8F9
zmlfZ(e6ryyig_I95+0OA`ftSzEJKI-+1_%}-d<JQ-SVEs{_5fZmXrPa+G3C8!%h74
z#WO8;8NRW2jpfOPZ!X?z8QGHlTJdSi_>uda#Xoy|XYn)3$C~)Ni|cM9f`pl}$o<3O
zc9!=y{KI0S$M+TwwA^aq?=SXSZa4hn;^~$THT;v}RhE<dJyiU$<u%Rz^0VUWmYa?J
zFN&X8PW(Sw9F84b!vDkG`@q?CPV3`mu3*j|nvT%84Lt~rD<w@+4T4EB(@b=djAU9V
z;bby1$&5}i)0s(|5E=wUP!vH?S5Xv2FGW$5TNFhvMekMAy}cAgQEvTw*Ym7rpR@Ma
zv!^Fo_jkX)-#wpCa-Ox`^{#iV^{)5Ne)ryId^~=weYt42{~PW7qTT*)wvUT;`@h}(
z3ekAdsiW{O?H7smeEVMem7;yV{6YKoMSFYy+Wsri_ca?j3O{VW7Zz^&`1tuz`_ZB|
z8?U4A<Mzjhz9;FM+E=IOe{X+=Xun>%xqY8#@2{V=zfrX3-!1JQ5^d(2{$I9#L-Zp_
z|Em4RqVGrg*X@52?d$Dt+aCl$eUOhQh~8@0&cE89(p3J8Ci)D~`06P9p?#ldx9^Yb
zZx;O*mj74#Wuo1`KevBVwEOp$_Fs$sd-i`@@qXC&+2?Hg*HO4<@%R*7ES@IX$H#q&
zdqn&EaYXU_6n$jzgQDL`efKMVJw@NYcuPwDsA35VjeQQ;zmCEKi^qv}dyg)z7w!H$
zsJLD9<0yYj@f^{MNk61`f#?^JepvA`(VqVgFMcgWA6vXx^v5lsItq_0-UEv4<NJx@
zit|N#zCNb-7}1Y58M|Lxe6r{Vkv^gL)D(SUal2?V(@{97xKFgtr;jV1C%VG&Cluc!
z+S_|#@e?Wf$;Gdv=#|A^igtagiyhcl*vIMa;<6OIrg*w&&)2oZb3~&K^7HMYz5P>)
zpAzl)zpnT_(LTP`7k{6k`-(>(F!rg~Kii)aj}!fD(*4CJi9Un$X~j*VKSg?T@!6t{
zq&<6@=$AIpuNQqO^ZDt;_cxV)s)@cvw8v*l@h74^Kb}>bgNevKud{z0g{{S^Xt>!?
z*j8LFx|j4&af4`IPqr7wM0>nOimwsv@f<CFRP;{PKcn~!(XM}I@n@pfvV6RFuO$ZT
z<MZ8_#fOW2it+3`srV$(u7A4ttQ37#@%brwPw@?+aV%o{nc~Mpdp!0PuTRN8zxewU
zy}#IjfoLCZ?}f$3r04_1b)tQKdP#A+X!q~j;(pODHys^?mlxkA8an6Nzl%jrvHW21
zs;2U9iT3tiRs4C1KCd`uDKsVay|#F4iax)%UbN3IZzzt7##cw-Q1O+bp|+#&=Hf-7
zKSKI~;ul2we&oX9k458`XF3Z1SiD2D+xPC`{V`G6=d<>&qi}KYk)pl*_Z6Qg`mrp(
zq_|16*Z*K~Iz?Yve2wV)Q2ryu52ng5EB<qe{#fzfQ}pG<d!l3P<N7~Yd{~OUqPQ|e
zf2Me9ioUXVW{UoN@g<@?f37ONAyxjR;`>wd)y2=J=&uyNm!hvJ{-<cy_x0jEPmK0n
zTYN-{{#LOwMPFBZdW!x|@hs6key%URLbT6M-z&Z=CI5rsr&IL57Qd6Ce^~r&ivCgY
zNOYWiJf1%(o|vM4T6}tn{*U5BivG{y%Tn~ui|<O&zbJk>MgOY!UC~u*v!n3q;;%&G
zxucH4Z;NwJf;Gwc!taVpMdQo%55-eO-<R|sixZ+T_BsmxReXhL&#ylhuM~YM%l}fm
zPPCC6uQ#X4+e&vdmCs!c$wI;Ri}xrkPSN))^@u*#WbA%dX{+e3k}j6^h`vARa_M!V
zk0O1a(z{di5v9+G#x|#;aAfHxqD!RjSNe@;pYQKqx(7BA_VN5Us&q_>o?m)Gihf|}
z>7spp|NGLUXxD#q>E)tb|AR{JPSMAdJ}cVe`;gN2MIUW8bQB&|x<z!A^utT{c)S7o
zxWC7ijuu@tp6ypki$!A_&{23)X{Bf**+0Fa-^lXgO0}l)Y0>v%`D042YAQd}L|@WG
ze^T^%)<2<iO;h;|qUW>x#L}-sdw-r(x(7D;_Hp`grK3czGhRpG38iC2Lk2mztchMB
z`o)xgV(FBo@@I<n`Fc%hO7srOuPwc>N&aQ2@>5EOn#$iU`lYPDuJn<n@=vGAH<Yez
zD*wJ{kJnR6ziKM~lW0tX9feJ$BUTvD2mUV<?d7MImN%83EE>bmo^LCiF534er<cxX
zlAjjs`<Z8yULyKwtpCi?>zm{+5WSV<wbBQh%0DOig)AQ^eY>grX3<ra50?HUdNt>-
z;Zg~P+UE??J4z1`jkM_~jFwIk4H?9vTQtIE&&QQEH<b^H{sqf-mUcIlzex0RSUz5Q
zt>|r}&n*3;Xz#D7(#J%f!t&jvuZXUaKD%^-=+}|nTl%GFBWdp)P4vB=gc5)5x1;df
z(gQ_<2mc->daL1%!t+WeHkChF^hTDSQ`*#2zD4u^%U@7Bqp5sS^w(JaqSDKn%HJmX
zG?u@(^pU3WPl@*V<)x*si9VY0FDu<B8kg}Mg;$h*C;AJdUs<X=*?>Oq_W`0`Vc4GE
zD;+EP{iI)0I;ly%Tl5&qUsu}NRKBB$o)BH7{Oe2SitZu(#?qTaKa=#EN*@yK<Lxb_
zFN)sA{CsQaM$snD{`!Mxzy5rCX>KP<?736>*HL&!X>lhg|G?j_PRD!g%g(P#&lLR^
z((fwm6>TK-zqE;dgJ{?Pp3+B}%C8jtfdcfuxAZ;HC0p?9er4$wP4b16CTO3d>|aOW
z1EnKHd;fl@bgbx?)Bg{b9xobo;Lj<d-@^JIEe(qPDCvJHJzw;{k^Xq;HBI&3EZWzz
zPn0ed{b|a7s`R-g`D>c!?>5mt6+O!O_V+qh8L*G9cb_ZG7d>UXj=~p9j~4yWHqifE
z>J*JS@b4+2pFsI9mujMYJ^5;BO7w?W{<YFeM0@^!qx2Th-7NoR>Eoh(fA#IsH$_)j
z{x7AUr|9pN+E-hFeY)&lN8x*=1)^Qw4@%2K53~GVOKU_|N&m3)Owl_@|EP4P=*^^m
zQhKfE7m@yH=|iF)PWnGeSBduc{b%V1qF?iOu;=Hczlb(*#_RqtR3F4|VH3Sn^l?_!
zQTRpasVVwbr87joh~>X7y*yR^+tT|)S6TkM(icP@!T$S0>4&1NnD+ce^n)q?$I=l9
zoPC}~`Tr{YgJ|$z?~_Eo({M-O&!v9Re<1yr(qxnTi$p(z<!$9dq90EB9_0^;_V({t
z{+j65u>9WTTSa?3isiW{TY-I^YyUb5<?>?DuP1#(d5vhuz}{0u|1-;vERQyozd*Fl
zr}rzrzN!2JqW7`>{mY*h{a(^Xm47Mv$&A+n%lBAg1^S@<Bb(@BL?5uSj>6I9WliPX
zqJ6%7Q27~6<zu2fp2w8;i}rXtr2GcaK7JooexK-hZ13UaPl^6G>0`^^5p5*n_0uN$
z_oAOi`A3%ThlRmDYw7Q!%8wBJLgRH5jw`Pb{V>vxDG!SF^Nr)nFA@zMh|k+apG5f+
z${!Q$@jkJ9jp%=5dnc8D+*JSfqAzFt$CdAkgCc#Pf1&6%8Mgg%`SDHVy`mpZ{ZA}E
zTeRojlgs;?<X_!HUnm;CRNPTmS-wK_yV>6A^1n36|3Y+?<=y4EPcdL0pD)&wPY?|r
z>|Z4smqB*Fw7gk#iS#MuG0_W1uPeV;^lwOSD8F6w4@f_?e7R^NssEZL`bVNaNBK?V
z+ndVoi;bRr@XN#<g;UFq5DgyeT_O4r?I?d*`Ke9igH805XwRS1%Lh~RGs^E4?fLu6
z@+U>V&f4lI)XLY1c6$fPzZCr?+BaBk!$#gdUVpeeUo?KXxTCP6{20-Yf&C|ozOP~1
zUzdkP-<$Lq<^7^dq<5ANrR2xUm!{;;EPpvAKUMx=N`80wcPaU^%X8P6V*9xMz2!xs
z-Ja)`J4L%a&npk4<j*OelahZy`K>AW7nMJjqF-FTE>-`f<)5YMzpPxqM&CZ(-Yd#S
zi+1~7Sw2Cu+xP17DJl8alm}DtuPg6K$-ln*%9Q*Y%kN6bzp4Dml>A%D-w=&sVS8Vs
z{O_V+Bl_>RqL;Az?d9SIl=uhb4-kF2VcUO}7mI!x>35cUo8-5N{us;ORo)}|F{Iy9
ze!XZvAAN86!=ksd{Qc$cihcn110N{=R`f?${^9Zi`V81-FZ1!E<>N$y2YXLyqMt0<
z^ZB33n?(C~|9E*vll+-Y^b174$8_8M)$*&F$}dQjf2#ccrt&L9`}q5G`FhcFsPD7o
z--zBq`pWV>pK8E9z8-wOJYO_;bHNww>)BQ1lbXs`i>{h%N8wB5(?lOd`s(ttMf-Wl
zSIW;9{YaKyQ+}i9Cy@Sn`IDl5Mf%$EcSQUC<6Gt1L|0jUUHN_+4cMn@|2hiaDIY8P
ziKMSD_lP!<{+uq_^XvQNY0+-)4dsKPy}f@czc)qSSpIxU{>SC-i>|W0o65fweH`h3
zFW+O60sB<#Uq|8Q@=>CFfAzESV$t6IE#)VQ#<tJy-<CItc73;&heTr<?I`@FyjS!n
z>D$V$6@5R_zc0UA^cke@D1Sz@xA*^)zb)GHtx)-m=(kh;?<$pk1NK>F|2hhDDoaFr
zd-tlW7X2BPw^vRT{Wa2+%68FjAbsD;^F$xd@ie#cM$z8?9hH9){SPdkSNW1?ya#E|
zpH+S!`a0^HU-_kIAD;^<1zecugZwRuKK%&Pe{f|%Q~AT2=;NB`<xTV{qJ2D6D_cds
z#oFp9JhZY$^!G_Gth`0^z3I;*Dp!bxiLmc#(T`&JqRK6z-@*EeD-|4M*vIqv(Ur%D
z_INI-oFW?U-F6g~Rt7}xwK^SzWtAz>$C7?*<+Y+$kX~MSx9Hc9ethLqq903oMde!2
zuO$7X%8x`FN&9bUqW{oD|3&osSiiG!#M4mI-b1s09fehuV??hc-Bo$4Xy4DCTv;!A
z8OwVrgQ9&tdrD=G=<l%nl*;)jdR^s1qEBG?hRWwedpw_7`B%{oV)>@ZuSG8<eQKox
z7n=6*`SEF$M~e3O;q=NH(MOp~N8uTjtttAMmA#_9y;|k9qJ8`iR6Zzr73&XHzAE}j
zq=zd%OUdu3{3S(?R_0+Mv(IY#XXlBP<3#)XwzINQ^rKilUU|CcSCc-oGAY_f_UC@l
z$1xwLDsK|~Bg*fte5y(QbE1*U9fh+iKNkH^(t9g^67A#Vxs@ZIZUy%7e0yHyQKFAz
zd*@Wvi$2<9?0K_FP4pv3zo>GKXuL;n&-+&{5DlHM;gh1hKVDk-uIR_H{>v)2rpjMY
zITD81$LH5qRvs-H)3}}IRk}svtE2Fm%7Ey{lYU+0Y|*a&^_7F7@k{L;g*R5-E86?}
zO_eW+UdZ}ysr*RvH%Y&>axW~*_IVurdwb;=(LNsDQ8_{MNhV|GZ<Sur4<T)TpSD)p
zy>onMYV?G{(>C;;ylGQ!t$Tfc_r^N4Zqu5=&f%Sd6MG9g2gb(62MgOLhldMikB@DK
z@S5T2bpv}g4iAn`4s9BJ&Tzrt@aS2?T?5ktbsfFkD^Kf&mZ{<C!r6nh-toaR*6p4i
z-UH&)T@7+-dUDs`&WVD3j}7l)BmKRb&N{v}I5s-GYr3{`czR@f2(@|!rbevouF)OC
zQ`2l%OcbsgIuYf7D~G36ZyW61H8{C<f^9paYdA8x2e+jqjFCv3Y~F4@amnMLZ0)Ym
z>5aQ~6n0M3Mh)V7aNGhjJUCc0*QOu?JUUf7YhY}2s5UyZr?6^ZYWT6sYNl^|XgHy)
zIiqUp$JdXgS@poK?%!Nvq+tLey?WZhrKs;3KDz*8j9*ZBy^NI-L9=9Pc=D{_$$GKb
zS(_Xl7^-czI7%IOXHSk!4>vP|%np+o9Gw^$o~(_HPE8jq_^U~-AJ{oO)kJ!SNPAPw
z8oE7Ow9C|3RHuh0cMXiqATWib*o8EVm8V7qCWnV)n8iO&@4&8s!p>38C<GHW1?PsQ
z#~PJEpgU_5!y#_uqFRb;QP{YCO}$+sH*9<M@SrkM)}SkAE?L*z-?O1Br_id{(Auzj
zdSZ84A9OXit9Fl$4XqoVni|;A7?x;qlhq&H)jc?P%JAOWrsvd+%;PueY@8aHu}+rH
ztSM|7-ZjJlpTyr{bVj{BWLurE#=C~kTH9c#)hyGzoRQfxJTOsLH)So?iOJ!?v+Bgu
z^uTl@9y_e#h9@V-8{+_+fwAGq>Dq{;^Y~;Vug)H@nI>g4IqquWVfV(3uCQilIcjr)
zIo6E^HaVFmS8L?pDZ|4PD<>xh_BK)vV_B>K6J4m#Gq7vOlKzb0jl)ypyC(;2=q1Id
zF+*_<JE?{EpE@<XniK4%-8Km{H0JTGYt{`6Zn8NP^LaYUS6fKe*>Kwt#!leD8lSR8
zckCLT>>t=RX1z3617Ax*qOYN7{qWhGHGBr1O{`%}qxPx0#>NMRR<CUM)qPqYX8@ni
zw(Z5-Q?H3a&hCk06P9D>;e<xSrYw7QOpfoKuqBBjuc3UFqQ(e2ZFq8Obi9!ZmOVCB
zo4FR}W|j#itaX+JTpbH_R69Q4rM^UXm#!Q`M(^FksB=NLW!ChsUg`g@+KYL-uyV)(
zRhY1hp59)td1uh(SE}*lYY07A=o^@{gaJasQi%=>Fv_E-%hI85cxV4OfVI16_{`nI
zy9TXA>?yz;JYnhd_|j$dFk^iqu^LM^*WP*=0%>a?l0wU1YI#&~p>J~B2FTQ^-P^Y#
z8wYESY;H62xFI-s+=kH8hbPDD%ezl~zBRG=u5WVmESpHY3KnqFVr*>}l8pyE^vMzB
z+ya>O%2}I%XVL<xDeRb3W4q}nc-Z>Ktv$8Ww|m>zD5h{Pl1^0KVL3QHYSW*$2y$?@
zt@YGudx!Czw*RQ_!ED0Xu(8&=c71mvij6VSy$b_z^~T<r3cE(9W+}CF9NoTGF|Mb^
z#^JGnY1;?Rq|Y1Mu-eYL>SL;5idxGnZdBehJuoqr8kjRG$%qZw=CaYSWm1YUI5IqV
zM$JY5y1jOW^#e0(bVuJAtG6N6t0B<n(7GmU5^F=;kJfp+r-o~TX4UBS(ZRSJHSudJ
zH?2RuUP-e=|IUf-)wQmk?xwYSW`6gkO=~x-XHM)Kn6h0IO;5tRX~yE3?Xh=E+cr6w
zaW%1>#U8D*F`+fFY!<@!U%f4EN@e%zm57s6V&+Y)lZ|<DY;@b?z~tWaTnim&Z_0+P
z&5yOg0qc*NU7&<Sl1SW)!X9o$d$Bc58i%4NmGJ9Zx!qHiKDAxrySCXJ)Y!1pH-Iyj
zpS864a>SiIYv~E;f;c^`)0Im@)URbYo|~D82N{h?fn9d&+GX3!`s}x9)FOm!n2*EZ
zArii*_YB(<o6Ln9hbPANdSS>*)O2B+Xu9{<tiQ`PljJs}e4sm*0v>WQPPP?uYQ&mN
zVk`rh{Rz_o=NBXO>$ryFse-1Uq{<RywSmFGVO-L=jv6v&?Ucr4-x-z>G;9;Eemn$C
z{@BDYy?ZK1&Eoq;ELWCVP!UvijqhqC=C0u#<I|&Yn41wjQ;-QGV)fYYz^>iCgY}gy
za&T?3eQfvCNHPK%;|19~J-Tyve0SRE$mhb!k>kBt=p8@XHj4dLO{*>o>p{bsp`m83
z*`k~-hU%m^i8IA;MY*;MyM^W|K79_2?;IH2RZH!wplon_=fq@FBgv4Tm^vdFK7)49
zux%iWNYtIJJnB%k<m$*PM=a2Wjig=Eqtkosx?oo$(#@sy5Ta>J=lNA<FGYRMl0L=O
zwrR7Hq_vGdZKr#=i`7D#bVqY_8@d*FS5n(PKDl$C;X`6-SdlW#$(zRdmM0OF9B!jg
zz8=WtHL)oWD9*PkU7FGvDy5cLRN1&`<!r^R`q*sxjQ;5|#QJl}CYr{$Mz3TqQ3i&F
z?DBNX{_PmIlbMm7jS3s=f&}wKR>YPvn|HU@-G^$7U;EF-9+y(zaVE*d^6A={yGKo6
zYGn8H(D>PnixSkzDRRxG)X(Ksuk=HqBr9PaL@;V{L=p`{!`laTk0m>d+Qh*0NW)ds
zw=Ec#XKj{cx=I?NFxHm@yCUZ#+}McM17gQvwouv8PxEq>STk)$dXrNF7OWX&piF=g
z7sn^2ZL`v_CDAq$f6(Ut$y##>te*@AQlQTcbkY(s()=5rY%DuTV>1+SOS-9l!^ZAL
zZ|t6&#7Qco>tUHeE`3;%Cr}%*CAhJHY!ZVLn$-pyTf$XqH`KN_&njTjXP!c8`by<0
zC2HG7?Mh84;EJZE8k>2SnX<iHIF|r(c)T$vC}fspDjF|D9AZc^JGHJ2;V?TkJ7Fty
ziorFz&Plo?$?b`Osj0K=lyVzZipi9=T+x&=7?M$T=MvfGaJaE*ubuJKFEMo`J3O>@
z*Y@!>em>u~>XfdNj}N=B+OFL@ZIv24qmkq2EpV`dZj6>eo;u=aKWurXM|j|jOI39p
zD%<gRqn`LURfDg}zQJ1G?y)f*tF70yH#SR?bxy+^)Y8g6X-8z^JL_$sL~~HOWO$%{
z=4TL@nmUqM*L9)}9dzt8bYfj6%1)iIj<jLO+YJdJKTvL4VjN_%SXiZ-dRC@1ZyIT2
z7s?W47R-@>ga~!(nyoma`S|oniRnAOuCSrw_{6*hYw3xPZMMo-b(c*MBocFIn=ukP
zttVP&LTMwD(>K3Xp5gRuT~}>-??hvULxr6o`k?I$v~k5OMl=^J(}Ura(Iq}sg1UP_
z9yeE#L=Ehnjr0X~V0fx_{L<w%s0UNh<Uh_X5oh2dfHU!_XS#7VUDppiGw`Wr20ru*
zhp9H|nTZcQ&3q0QUQ1iggdq!Ec3@{S!B}I$1#|V<zMk%ljC3ZVp$zL@a@~XN0jsi|
zwd@Dps@pU?ZF?gO8oNzr#M;wRu?^~MSI~TX(PRwfm^>-An^sL$UIk5(ZmCio%>{m(
zEm5Qs#!QvKZ>|#DYtF$?#B;)!pP?*uP?C-?8mrm))LFRIo2pLFo5pdYZg%X->DddK
zeUsbSO0l51Qt)hsEg)_5<O`+AU2N55L=s-8k&RR%jgdLq#|CyZR+mr_Gm7uwaz%0r
zlEr?)w(jxZ66&#=Z#q2$yYH0l(>b;>-L6@zKCbMZ_|AbroJ1#!jv!Wv2DCBnR7hi~
z$}~}Lyg41~1qc=P%QJaIp&>tLPoMJD9kU6Ahx?g{1JUrKyHu`HrOi-FY9r=ry{PY$
z)tgSNao4i6*0XNq>Kc|kgu!`r!A;mXckl6=%wclDRHIwZfeSPJ0fX!)<~c9e%{hyE
zAQ|z~c%tfT@27~Zb<TRBN4(h?b$L<Ln5j3zV1}w0*sdliaMKbhqc%rJG$^<33<IAb
zBtOOw-G`oIGW!-PF~l~9KJwBRC)hMj4(}YtosZ<oFUymXjVsr8QOr*Ml39>E%eXoN
zwJ{h>5chT)lE{eqfRjeiyjmaLlfG7<xjdxBrBPjf{X!DQi7Rmvx?Y5(F*&Wr;L1Dk
zOU+-XgmpW`#AGug6Ka!-32w{>M&cd%WRlXsANT3wHaPY)jD&_+id};pJ8&<NJ$6X#
z^6lUtoS~w~ZaXFy0HNohi~Y_D=`f=Vk7dkwuZ0(-si}>e^()tP*X(FE)jUgvmW~!y
z+haYpGTBAPQ2%(U@2s?zVz3S@*kvKIESOH6de%!vr|iaRl5utJlnqNeg$|eVjUt;f
z2F7sZwGB5f6^eTCP&2dn`h}9a#-~>e+c98cGo7$kZns&muGY>yS&+K0tux2N0~Zox
z`0OF4-3`r&_{`ji@d<yPDe)u`Pj!tk*L1J%-ng>2HggN9Qj1O91Del+)Oc#wbcl!p
zz}kjYPw8IWpD`w-Ib&_C8COFyI2JX>FDYBy-Cr}Eb!(fdrD8x&nC_NONX8^$RJN&q
z<J$FWYSZJjQ~OU|UN6ItOzyd87F5PSQ+>ioR3)Q#a@bBJ8WUeK^Q7#7g68D1n|HJE
zY9q}Lc_qhAzRjM(LkV@;(SY5#_H(K9)?B+dNTh~UVrX7DRi;%nSZP&Fe9H^Faqb4L
zNp36R*@$F=&}_CXJ2Y+W)XM4JVY~P0Pb}IdyK!GWWxJ2SaFJQ>@TuK=cr0xnW>ap5
zlB3qT0rh&LQ&YQb_RF>c-|ACL`a+nMImRG_>AkjXZ*9HZ)k$)M65x;GQY^QW@v~z)
zyTd&;qYwmK1rB$6)AyX~KFn5TmvN`29&fAH8rW?Qgj(Z!Z3ES8I-U23&QMC%?IhIh
zKo5@Z4tILeff?O3WQ+Ptk)Z;6R(9j*T<21!dU2%2*&^~&V=NZnyaG?R)H@;;+Blz)
zpWA%%J$}E;85*7%oE+t`bzPms>-c0@uQTx&hVAa{fuGv$@Yn=SN8^0PLsguW)+>Tz
z$Gii0_%+4EOqISu@;#Y7Or}SEv7I50)A{yMJRzpZZ1sk9eYNM<?33o$)52*62TbE;
zW77?19yJf`wdca@Q4ed^&hfHmk+3t7alx7H2_zC0(CNu>%cW)^rjt#d_KXa-C#k0)
z>PGv1bzsUKdGJk+o+?cIrk36f8%{Yjxl(Mb-LWhiu~<4{4@KKW=FC-7ab_*QbAV8e
zjgOz9d)DZj(WOJ_Jy5bKN}bPxi7T_?mpa?7#++hq*C`(dgIMV#P>+h_y@xQLo@_a?
z+P2I7m`7bjBA_HuwZ2u|m^ka&f=|ibm^bQX5@7zseR-&y8n}TUhiqVH^S!As*^8%d
zeFY&*WHtk7b(qOq_%j-hGed2Z<(P(|Ja16ee5pgNA(zvp*wbU23CC;=Y`P9)#iShj
z<h*iMp4QvAfrU`wf+$@c_H)<*P1~g2xME|=_DVs0gORGA>_InnpSIzY?k;S$)4CIz
zB~UMHu9)8Qa>8C~uTiYAgV7lKR6#cKT(P+AU+=sAO~baONIj!P4gG8F+QoK&nk3c?
zPvZ%XP3b3(Q*Gg;iexTH6<Cw?f~KT_HO&{af#(+tjn2Wl4oMSDn$U0QYj$K8xTAK{
zDLZFkHe6#n=8fGeH*Hv7*XoaJb9r>nZC(n`<$5tzHU%bK%w6$}C4JrNa6z240~R*l
zsYL{udA!We;aW=B=|u8uQ0g}E^!T)GnQ{uzw!Mge{nya&w%t2w1CxzMkS+Z%5BqA!
zr&q&fU$x-x?kVfRFdBl=nTp|Cy7uT$V<=@SqZD=|yK$2^9?zW4!1Ix5X9!FUYiLPr
zdYe6%FuKE@aB$|z-Zl1wDvIhto@0HduCh~5XF8@7wj~3N@e1Q7{IN~jFBV3ZPRA=V
z+LUA+?(z?fH2S+9OXvvCC~4aeLZG<&CJM7f$aJo~wo|a@UgN_6Nnd##pD2*v6i3UR
z%Z)~0geF;gR?41@s1E?Q-wsx0c=nCYdFTo-uR?9dINqL0_EH>!rY*T{oVipFRW#DH
zG5yx<Ni@tVG%^}8u~BuKJ!my!0S}J0$J<TyN;~a}C%mUn=j*hr5zBgs^;JAZ0Uv9;
zjgCos+Jg^Gr5=g!ip|3zjzLJEtCCCUoJUn5GRrC3EJYfL;}Zk+?4hOhcAG76HkNEL
zQ!~QK?oGHo7v6HyZJMr8do8AsLXgv$JT_Ezn@u-hW{|^xPfqADq>{ve4wNNl`^{x`
zOEIaJs$;i4XXbC;#ygjZ`N~gTWB8j0^_Fpdb87!;E`T=J!(|&+HJ#zCeR_8nMN&(w
z4MdFCM3<52RlA-m@QpJ;xXMVz3d(Fnx7)aNMX7o^hz`ZrEQblPUJd)*nfS?M3Ja9a
z^*YUE^@3zpO*V<E8>^;YT@8m*9&)hVPoEf&t=9nKH5d8AI~o%Q8LN}~xxOpMYmrH0
zS-uTVnIOgN{WyEU&EEB~tE^SHkV?x<ObzcI8n^u|#O-C&<PK$cSwor37bTB>EN;5S
z=fT<9#5nFs57ryn6#ZSbo_EmVMog^Ko>{z9&KQrhEf{u+Iyn3sEVdwcLoG?v^}fmT
z^B%krYS+dwH%*Ig5t^&nmLA&hl?2aZ?HC_ie5JWIT}`0GzNTj=-MM>=^>&Xn6*A9p
z*v-Z)ubPa*9>qJrl<(e!6C-=6a+^I!ntlY!{DdT?YZK(LiBrK$d&G`GO0(29HsUF#
zOnN+Aq9IVWQ-$)dVKwfyT}#az6xg;mS{Nf_5=*yHh_mX9V)k;x85x`LTu@Y`oNQ*B
zvF1CbJ{S_H;49__6M{ejL#Z8$!a}?fY>DhQ7-GXi;UXKcz{|y<Iy9bbFIq<)rio^r
zP0VN})U@~+6IM+Q42|ybeq}UCN71pVk<smR!1AfKG}YK-z08JbQyG?18e(dJQx%PY
z#_<)bvJl!NZtwltX|a_$j?5ryDP30&oKj@&#S>=>omS`A8t3WhfpD|U<e+MFmu<JE
zI5-T(v188%r-wQioJaIBINuhlH<G%tvP50A9<RFD!7;q!3{V$^B73omZx-6fOz~5L
zu70n4W-bR~5+*2};QL~Yb(XKI`AcM)M-lC$MqRts`Fa6W=_M$w^PJ4<Z^T*h^49%K
z%IXy~K}KcuhU%}=(;k}1<<KUdlodO)cJSF8v}RA#;r-Wi=+Q)!OsT+xrdE9M*p#{L
zhWZez*F$6=mcDTfvE+=RZt`h7-AmPUR<^EsXQlwz8oAO(i7f{qz4<%?a@QXjP)Kom
z95*Q$j-eA1XwP~CXwP~$rAqKAd29r$R8!xDqPjEn)(7KUL@w>2RWK%917%S?D>NPY
zke3b-Sr{nIPl{od8{z{4*{9O@P>4;9$K!GSx*7G%wyMY1x^heG9XniH#sOik&iAjh
zAHtl0SL^LwU+3ddKYKi{HrjaW9Ie{9`tZ)7;~%@EE~vO?MsRq($)?k$lX_H=K(=s0
zU-x>9mehtKVd{4}67zAq;oCYq%WN^~tH0BV?6J3UZIZIL>g|s5$>Za^E6mikn<oCc
zt_j%-y8YuO*&U`122NMvKIy~@0gtN}^G)eSG`u1fGn?`2uURJM#)`9)qxy_`)3bo@
z$#&X=QJ+7O!O$>cU~1R#yeAQD?Au@`c)pSI#iemO&tJ2R4@a)9x%klTuy2tkbTkCW
z_242Ry-PIlH5)hB0e{^4)S0QCu5+P#M(bS@8nKgOw>Ncru&x0k>(0uDhIhpMZmO<r
zN9;KQTi>|nO7AARSNCBbjQa)1G`zHITi0=Wg@K;i1!Ut^L?UaKMTzX_&RkiAJ8tRC
zD(?e$G_ZZUJyv2HC^OF<BC>0X+M1IaN1%0CZJBW$P%}JTZ`+8t5vW&S-?%FVvpwi0
zcxSoT(C}DR3{Ul?d(=idC$bcm9CTussS{p3SCbnj%UuCqkr=Gm=&iqR-#^}uj={N<
z9XJME^+^(K*d&fIQrBxf!_1}_i<O^N9)TIIcj_^;9o_(sei3%AV8{$liRQBUV6_>%
zwrTB}rl_q>*l8=lwTnt$(7hXgYrFv#{bzlXY^>=p#i@)m0^Oaos8{v7SKB+<Fm1GP
z{fnr^hvL#}9L@t8S}ccbxx>?-yln6X6lc|$-ISQN9!vF|b~xm3tZS^<GxGRxoGJcJ
zN9^{-ieSlN#>53d0dI(4(MXF7*1GwlGFlyyE=n>u^SnJXHqMrbB<>F5yf~Tq5t^p;
zNy?Lw<i`*Sw*3pgj4-)LKcwKhLR+dRXscFTH+F8l_6DW#7>ckjwxMFX*?6W<KTfgz
z8ixd34h^QHb-$5!$+@EXZBAcRZPKaVr<8<zLOQ|Qx=%?Ml7g^It4eU9?pS>c+q~Db
z1@ZwLy$((5R6S`_qg}#v?VMa1hNNbawY%`}TudxnyWu%JdkW5PcBgN!Vi&u~ekX_7
zWBc9kj!=pne(B1B*boo=hANDQj3P3FxT|UAHk9~&J)=hKjG`>Rp~|-4HtPJxaWV>1
zg&DPZrBZIm-Q;Xj0e+bx-DFZF-P8=+hNhW9VHL72TTEx<H&ofhR>mCgGS)OP8yaj}
zW;B48(a^-?0Ok`qTu)E7?F(4z;}88bWUzSPie(m&xF^HhXoJmPVe#8KYuBH=0R!C}
z!Bw%pP1iSoQ-x%Jp_Z*Qc-A&dOARCZQKHoH-&`0Mx#luG#*+J_5{_i}xKrJrhK70>
zR`u!dps(Fpuh~mLOUJi88^e6V=+MdbbllpZf^GKrTY!mkL9nhLJgc}A3N2T3Bim=%
zzH$3eo4p&tBU{N6`{)N72XR*MSI-b$74p5M#+3-trRf#yx)HdEz?~`1yHh*h#N?^Q
zH9uHWyO!d$rvRgm@CU`_kN?n{#Uhp?SYv60=02-LvF1x$Y~#=JXM|>WqqgZuGqWMy
z(P?xeax&e;cGlS_&OFn~qU`V8B!=2yWUcwdZa$xFKkin;LmuIIY%X%f@5WD{`Ma80
zYLd>GVUK|#+T8TieBfKg+wq(|f>)2SDr5^#3vq0IWFe0?FkxrW@x|VmOaU(=h@49O
zW)PosGc(gqSb~dZUFxQTadz{si6zQx;Y|O`7z$?M!6fX-Cc+DVki~^o#ws}P*Z%e-
zbkk|R)!}t9_J9)u;i<5?Np}0$>idPAegGv&4#@06N#m5G&Pq89nL2~J3Es`O-EQMe
zZcL4A1*RY?>lHF3wUwuCu9u=k3rFL2Zxl~S?MnZ8A1XShh7;iUN*o7;ojcf}?bI%Q
zZ}(rGv>(z~V?U8Hy2BR{zpBvX?4HLx_Jn$S*sD@Ybdg8Ht=_iu=95svDfOX+Cyt}W
zxlFzBwD8QE=@_MyJ`LGac`GXX`HUIuts91rGoMl%<QJ0JUeLEvdl8~Bcdk11<k~uO
zJuZ3)&klYXkH;p=)Y6IO$QV0&6ld?_wi2%z9oMhZ0^;49x-GCHb{DFr8g{xi!*2^<
zCV~q#!0PIf*6~tMiV5M=gO+>>r129Osj_rmrp5&(f%IekGtA8OmLZMPLYpG%yt;he
zOEqbMdOc<~6xuusZ_=}KEKN<WEI^c-r)L&$h4b^>dP6dpD@5i#xI4r79uM;j4-Pec
zk0Gg;yc5>+dqXIO{gbi36Xw~?OzhZ_pWIBDW;aK1e39ar+9hUF`bU)Lps%tc<MtC$
ztFcS(F_hYjjxHVW$CdQhU|nxxF-$+HGF2Ez{aj+Q{H34Y8f@HHrX9ofyG&#0GZga8
z^5bjcgHw$ovS2n}FKCPvmNcIGV^x0xp>8xq;>}Fkh$JuJ>IIgWp1m*|coaFMUz71U
z7M+!xxSHwqc1CI+mpHz2D*h0KrZUbiGZoBKEA>E4bInv?{iNLv`ok^TMCriT#4bDA
z9-kg>EKMPvgN>hi;Ic41uw$t`1Xhn8nF<q^g18xOEF_3a(>;T9VQK(2itNUupOKH*
zp~(=2R=wrXrS?b=p0R1pLRxQ|!T10Tc`(9uuBl(ns25Dxr8(bj!$kysrMysRv)?Jl
z2fxSP_L+MT<G;3lvOm~hAM!7AY=3g7(DqTs72uCJ#_zVbec16l;7c9P2mX-b1;8J4
zTm}AsWBiVK+a-<{0l(kzV&L~VUIP4H$M`z}Z5KOU4*VX+D}dkaxDyzEP{%%9_OGo-
z$p6~TaTyS8_YM4yIiLQjF8vjzzn=~95ufr`X8D=Al4q=h87pDNN|><{uEI`X#!8s6
zQoD?mFk>amSP3&$!i<%0C-e(5R>D1jZ?MpIfBdg}5YG6hx{z!8T!=};vVYb%OXhBk
zm2@&zpLg3BE7`_a2{Ts0jFoU_@Qbk$pRp3|4KjTJ_XoT=;4J}f4R|Qvk$}eno(On4
z;5`BF3wVFP2Le7f;DZ652mFQ5kFoDG7MKH9xl9G}UvxYd_)DSgKL`AYFxIYiKJ_Su
z)br&a|Aip`dB-mAnDU=?%yzGEJP$T}%JF>Quei<y0apWF81SNi7YA&xJ|5=;OnVd`
z+S5u79|>)RLdKr2x}B}qv&8Br<Ci%sAECGHnh?X-cfzyUEE^a@>CD7X<GqTuBtx6O
z7TQIjeHg2+2mUu4ldm-ha&6ZJ{x==d&TlzpY`^W8@_BwKKPi8m%QH8W&-5$KR~LDn
z(4KcW&cx?mf}U76&j#@``JlSd2FCU~uAli3WBXm_Gq!i7UD?BSh1sq!+ZC>&FNE2y
z@FMVK!{UIMhmSCZeU{n3L}od#_$vaxGw{0tzbEi}1HUiu`vZS-;BN{1t${xj_#=To
z7WfA1{>}+FlLLwab4i%-RK78uiVx!{->c9mKI18VCZ6Imo|3n!t=V?{y&%fJqm%Sq
zrmtluZIk}0)oJ^l*QIUZ(>DBPpH})Ba!I?H7{>AV{a|OFkCJEnwO&`C{|BM&4UXxf
z)(*zMl{M?%ye@UdbxM88cB9R*f&G4CX!l2s+3pN_7>DSK<n!9i$hV@i6`7lYzdv=%
z{<_&Q+x^eL|9Rm5N8ryO&sb@_pkKcT^1ljtBt!XIolkl7T_%5G-12->e^HO**+<GN
z=7#nsv+Dn2u;;&m{nF3)<mKw!#gG1KAhnz)4}^FANsYm%vlW?wJKS=+_c%=Xync*!
zMxAAKfVr0ISG4&~<Po8n^kn#IHZu>*&9Ns>{s=F~<fQnVH)8(J3;K@=STHj`Jje^!
zUk`T7w({mc>B;yN=Qr)uId-aEA+xS6kRrtMn1BT{c50tbJ7qKNjQjj|ggw|*IeV};
z#`E^5;&Y9Q`{8Jtt|=G?@oAf`FKC<izP`9UjDz^ThC06*@@gUQXPv(&@D~Gr#`#ME
ze;Kf@UzP{{3SeE!bOwGGu&!%*fFI@t^#<G*aDTv?1Ktww)_{is9tqgsT^l=^CmGug
zX!B2MJSw*A7xgv!C9f|2FseR>t!J?}#{NCdG5hz?j=g_<EvQ->ZI6+0!1nh6@nN3F
zYuMvmhBn9CK3sX}q<-mSOr(>1nM1xX+ZE2_u=trA7Qbr#Br#kV@S=bh2b{@a>B;1<
z`mPgoHP3VbpXe2OfFJ9)7x*N{%;DvZnZwe<92RB{3vWeT;h}&>0v-ci;yNb+e;W94
z&ff#9IeA~e`+?Pu2Y}T_=K`x=4g$-D^MD`kI?oUML%>gP{sq9At1k>P7XhzunTrGe
z65zZw)Wr+!kP)r~JU3wGykzDFK676DD)~+<1eRZm0$vQPK3x*{%YdKgb(aG_$?*!{
zCp+#0R-C(lrN0Nb(`9;tOds$v=l26EKAVA6cT2!qffd`Kz#j>C3|M+5fMwe>ux#5C
zWcCG_{XymcaNe5xC7<&%{i1WQOuu~5<!9{|&5i7rRUVT}zf_%{=@;?YFNz!cMfuzb
zU&Lp>#CgnB`n;Ftmt-=2iBG>|{{pnN(hI7gUHYXwr(cR~Cf~ZeF7r(`)31N^d7FNT
z-wFNFL%-rUS}o%sBRD7E*mu#dS^G$OXumM~LYOuS(@tU9DNH+sduWdn92fU;+y}nK
zAjgIFZ=1o_7~BG^F}M|2c|HWJJRbo*)Bdv$$AxrG7@gz;$Hf|NcMteIj`sm8w)+D<
z0IczKF0lIIVBntztZ{vQ;2#S3f`Bg!_@aO>2A0j20Izl1E(Lyy<I8|gaeO(j?70HC
z*ZEfh%a^NwrSodwbuM!a@OsDB0&j499k6s>58UVc8-S(rMquf@30U$s18eQO1^B66
z_tqeD8?e@n+kvI?jv!O8^VCG=oPgT{t^jXz{c{6<UcmE#H@VCL;C{!|AhR&wMFB4c
zmYqw0W#=;BxQ}v`KA#9z;LF>54x9@t{=9(a2fQHQYQPHvUIeT-F9tr@l`a83)$y_*
zvpnDx0e1%66>v|$2J1G@0oGi1xcqk1Rh}>=8q17{#uQ_s*fJ){AI3zu3O%R0kBo`>
zg)xyH#zcA!*Uq~vuYSqsiG2COcn-KPjE{U_eB>kJBR=D^&E**%@iT3ykErt@DD_X0
zd$AuWqx^x?Var6nH23D|xx4tZd8NmpWt|ddUB!oSR!%a`@`Z8My2Ch6&fXSv=E>x>
z8{;M!_RHbQ=joAO8Gm&>NPqXV;MdtfW^cfeFLtz_vAuBiz28FQ+ndmXI+K?k&RxQs
zyM#G+33pkYBv*R^?hCj-;4J}f4R|Erv4E!o-V^ZtfDZ(GZomhDm1E}tKhKRmA6WDA
zp@1&{e!k0G2&_K6DBz2MRreC$b6oz?z`rcWUk<$AWv&P^R|0#t6s`hRTUQ5sO~BUz
zzrgie2P_+|4>C6dd?WA+UH&Fu$=@7gZVC8S;1{|4Z9)F_Aah5++z%XZdF}_KKeHc@
zU)&G8*yXt&kUaMTlHq<pnEL_6jr#$~XZ8b<=YHTQ*U$Zc_TkI1H;{~(UufIsGQ@&&
zqF=y~f4JlK+^qg~=zP0(b|vVa7x03Bs{t<xcyYkXfZuNa*=L3QOKk26xHsVbfVTuZ
z6!2KU(*f@Zcz?j>2F&p#*Uu09Ljhj^tTA{Yu=?~OV2#s@1OF0W^<8Fsy}}#2Jjh%T
z@Rh*Qe-*IC_0>V<nt(aJB!3<F%DwA>#lIoQ-w1rrZMZ4O+#F<X0oIu1_>!L6g3Rr}
zuXH_k081vb-+q<LaC}LI`)$RC<LlKfGwb*|&t*8iq$jiAmhaqeONQf1ZE<`Fb9`wY
zSb?!7`OYxzx_~wIdxA`Fkm&<fyZu3CbCB5*@K#`r_aR`7_mLoD;jE8~Ilys0_HvIy
z1$@m3bAjXayNmdBgzB0|T4y}3&>0JLsxEcvOlDrFJ0Dm&7Xa&=qzbIqE(F#&$s*tf
zyVAu0F9AN^`OAP+*I?RC+0zcb?8(@9xzAA<J3r}s+9^HNpr3Y%PdkNar+lQHx<5-h
zA8HEhv)ukA&xo!7mi?W;ib+@C_W(;zZ{YU<>rA^p@HYd$$qm{P_*(-W3U~xK?`%qO
zV+<9OObq3FCWhi?VyHMUhI&?(F;pBFL&YHzL&-3P@;wtn`JRd41I$tTWMU|tjA33J
z;y8M<95Y?X8pQa>9>zyH=R!vIFg^%|K1tm<MknKfdM?Q7r;ON?5oTMmjcpzB0=6YR
z9CxyZeIZ;$yUHu}Mcy@3D>)Fyk@}bIs(&->s()j<%mLZJ91vy>2rq-piYIeGzAy(Q
z(+L^b&;=|TdVnR*9LVeI7-z*c)2F(|XPkAPl>Tb(M1N(EHCxXU_M>zjE}#9Lcjj{^
zI`2x|JUgi~KBJ<zMIT$1ISZ{63XF5!nLz9pVamt+SO2nKj&Ysrmu|0+$-@QCXCA)K
z@gl3%rgLv-$Q`Gx*eu%^hdjUTip+-;h}rDCyW0Io3vJz9GSTLb<+Lj{V=K&j5axUs
z^Ff&Tu)>8h`5->?LGsK8@n_A4hpOS(`eJ1ZGM~(mkv(}f{LT0?w9DAaOpZ0>Fk|~g
zFJNqSwqHd|bcWB^>Y9kLok2h65b0-I($BW;M4tH|`8aRq#fS3uL#cme8t*7MY`*4}
zzpAc$XB^~9%X;4Gd)F9;OkL@ZGPB0&f);eXr3INcw;*%4{{ByskLM@KRmN85y3FS)
zdZbWbKHub>!LjpG#~eF(_Yv~??q)BD^B&r0`?$wEgQX{qwM;(TlGRC@b<Iede<4L^
zE9#W*)S0&zx)T}N9CfO%sq?ov?M9j3wIK6{7G(a|g3N!lAoJ%IWNvRk=1(oi+|h!}
z-yxFzN%dWf;hYv^?iFO-<oU+D())nyFYS{#7W6zJb9IL24`EST-n)ddje1m<dh(u8
zR2XPOtb6ZZvt(u+3wM{iY@m;^-57Jt6|>4{o?#sBljBR&srRHZI^#2(F+K}(@+ZDK
z){6Y+vU5Id&eMP8Van?n(M<p5>DRNPEz9ef(w61*tZB>gdIq&+dE7v-59QTGjHmj7
zV__~zwZ0tbm~(Z9W3Dd`a9lOHwxb*`1fK7B5%6K`wM;xc|I411`SJy=Cvy?~Qhw4e
z$#4x)9?~!I>6h}Y8uZXF$<Qz1#gI||E(!9>fYp!71Ahgu`l~bWy8`YBxEEM)=mS<f
z`vcw#tnt1DSo7G{ATtE~U__=+7y&-U@ffh=CxE4Y8d&msg8aT9zaLog2Y@AiZr~pT
zR$J!<{`tUa_fX(p04zNh2APY3%*8?Gk|1+wkhv_#Tpnbu2r>ric`^t1?#egZD6r35
z=#2R$JU{Rk1Y8YxA+YRO1gtnO4tPnx%Yd)-XYG~)>z&ONL8cQ}?{9Vi>;26hVC}DZ
zfz?)D!2JOmtoy~dJv7WGvbh482SL(5Z4YWspz#A%Ok(^|dY5G4{yExnbPMe+a2eVk
z_s^}^e3ZM$x{4=r;9<_62fxH;4lMSzm;;ij1{vmn<QIW2{RY$VmygiahCtefHb^IJ
zxTo`@4d5jCnTh|S-M0UBnN-fW&9vdfU{Az(`4jstPiBSdWUQX#n6Y}YW5%k}G5c$!
zWA>Mxx12RTPjvZAF6G&yyv@^@;Y$x%N#+W+rSW^0<+V4a{-?Mvv+9&Rv_Y8h6lOey
z8BgUc<0+e~@I^S2|KcwWGD`wBn9gUlMf-*Sud+??VcfJ<GHz|&7mS<uRrvlJcam`v
ze-ZetTo10x>EAfF+!dL;zL1^F6XA@%J;C3nI;OuH9n;^{ju*k-R_uI=uURIZ&Y9?M
zD>ApaW6UdEQ`47wxIMG#KlLzWHoH9M>Q?IF0Req-=lND-ejj|)nE-vfXAAZ}BS$7L
zAH=7AVdjJSh54^}Ad~;fpG^L1Ugf-@{8?ggX;c0z16FL813$}cUIDCip%b{3H6`yX
zEBY&6m@@<37X6i9)>Jwt#izW^tSGNDCB{eRFpQ6WXM^z>nLYm08RPtqe(lT{ioXc<
z$Y#b+_ArLecKwW@o?~GQb-u?K>OJC4=#fkp@D8ur11z1rz=!)h$(_W_RL&UB3_p&2
z?YlBEY73Spd%28E>}#EWGR~^YzLSsayS$u<_IRj#U#A$(+OBNKv@3hquIypX$R6g5
z?5V;>$ul1$zX*KEGav56{*0Z`FDTY0HAlr5s$Ke`=M5M`>7g$g<Md^QzGHt$o_Zut
zJtui%)N{IH>XA$wM^&@6?K$2VjLF%K852Fz&X~lxVz0}<&6JO_Cy$R>Nt|bunZe&V
zs2k&aCo*~Z?=oL8q%Z16>WuMGUq_n{w_WO&PWErquRfxF@hLBUM*gp~hdN`9J<%00
z$8`UfIi`2MVy-gB6sxK^pS*v>98*p%0$(!BG0p8uz*kN#1D0RQft8b-hvj=G__D`f
zIw$2jeTm~vb?J-v^d-i5hPYABEAhXsNuwU|GkWAB`z!ApyOq3>{!G8mU=Qp|jm?*a
zGY$F0JP~FbglWGp`&5{HDqIcv*{9;OPleg1!t7IF_Ng%YRG57#+!^$D1>6&GZ@_&4
z_XoTgSUJ1}SaIG8{A%yVAz<ae2=Hs2KNk2CL4G>$_XPQUz`DlV4}6~MIRGsE=K`z0
z4g#yK^McIzz_RU7;9n5rFAV&PfF*x%;9mkP{g(#*WkLS(z`r8MUm5sU0ZaeYfqxCK
z^j{nJ*9Ck%u<G6r_%{Np?oEMzbHKL%tM09Ve;css-X8dO1YEFmPhvhNU_LvY%maZx
zH()+HEg9TeNc8aC1obJ7L=!%romQVN0$;ZA*=b=jEj=EkKf_o4w+CM;z<NGpZs5nd
zl+Rm#qfTM!6sAt$dC)(Dp4ir$9GO=5v{S#`l&6z2Z^i$bW8dbO@;?v1q4dtcm;JQi
zUCzh<$$O^s_ubB?Oq_4?t|?}S1M8|S>KD$$Q*{~7B$r^%#csm_VDYQKvS(r7FADs{
zz*=jT1es;P+6yfQ&Rbvde97a#%@Wx@86PDd^N>DjA3Gm5$R7HbckOdw&@Y{gVV?Xy
z9;Uo>(*8W1e+wDKfxajXj8!W(+?Bd{`eUxfI4k#Bu?=~U+DpW^DR1fTo#Y<-LOD$N
zR`yySM=k&4+MqQz>ZD(?jrn<ZT`$CV=8b*v*{(3hg)qm3aMfH({NmUbe^KBs4tPnx
z9Q%^z*cV;_nUDB*=?wB+0rv#l8*pF1{lJ=gHv{Y0<}JXA`PRT63j7h^H+kQU1(}H;
zGadMQ0)JoN?+^R~fq!n`9}N8S0{{HLKNR>E1pbAAe^KCH9Qc<6zQID<TNG$u!8yQr
zYkD64ke^K<N;9pw)cM91WHcU4&0Vu6&(6OE|7)Hbv)cRy_nk7Y4|u=VWqjf~o;SwT
zM~t&@1+h}x<^s#ddB8Wg(EPw(0GxO3k*8mL>KCSdwVToZ9rvpm+Fb}Ndlm)$V&Lz(
z{1V{n9WM(q%Y%%;bZ$hOWe;Pbb%Zu+jML^4G!zQ7Su%`?`l4!OsXfg1-5%O38QL88
zFp{Co>POlvnHA6}nNDE!Zx`?nTz^lHF_`u-Z(Q67ADWZjv0+T&I<DW7VNBwhyTAj=
zoQ&(5{38D$E<^p2r~V(hFM0M;{xo%1vyXXWGp~PTPt19?8|}O)*dyC$zs_N3&&ynf
z_RC-DjJ|I^Oq=t3`Jcd#@rnB!`J3r?xlX?FjdA-;h+FK7-#VXp^*hHLYj@Y2rWjJ^
zA6$PX-wrp<cQTGL`t#)Tay8GMR^-q3^@8z#U06e3>zH}_8pq7r^Bgn&uXfB>y~;7?
zx>q``nqzGT9WMlah2urQFL%5c_+^fl0H5oabKOfFbFO=dW6pIicH9a11CG0ZU*xz4
z_=S#pfnVUb4_Gnj2mXcc{Wb^w7GTAHD{x+HW3K)sCr@JhZ}qkqPw^Q~@fpwkZYSd@
z{fwt<s0Mo&&pg}m_|ay)w?cdV%69|JoO(Q&KY8u`FW=vb|KB+Le<KcYTx(2m9Od<I
zlo!s-1Jc8JKzcY2Xiu1#2lSpJ=K<}nIIrp+)8a5!a9-8=$az(JGtR53%XwAnY-gy;
zc~x~euXefvy^s-~^Xdxcb6%AVoL42oc~$$Ot*9IKKZ*(G5XHen(sPSsFw-XUbBsCX
z(j|>QG?mQr)Y(eir7hHz9=0nx*{=GFeWyJS`|iQMF2uf@)vy0f{c4N$=jEQB8IJZ>
z5q~{D%-p*xIWHR+H`&0rNhjMq#$(8K#b>+M`uX-E*dso3Ue7--34G?f^3d4nyvnox
zaQU*I`5E`U@^RMOR^2??sPo|{_0QqtHfp5g^V*V~Y)ih!@s-h|zt=-~{k@*dxOhq!
zQ<BMyN9keRyqwg$#N5!|0Ag<Ry8bGBl+DZywYv!XIM19C?1}vneHYHyBR+FgnDz+M
z9>tdS$Y$Cj+h~t+V=-*gIU#dZ?{YF%CBHn_zXDkHcLGbME6DT!uXi7Nfz?(Y@CN7i
z1FP<4V8v$(a6GG&{X;>1B*>2e%l?T_cRJubz<u8CK47)AA6PaV2z-O-T#Y#v`$f4l
zH^{SJ6o2-M^s`?!x(!vxi*GR9*7JSu-9DR4Ufnz4Q|Hs%2Ikdf$FyHDq5Uye<?oze
zC-uZQs9ow&e^HP4jDz@$gZNeGR9g#y|K9$y&m#NRroVy3{5;L=L|JMMkqsGp#HT%K
zD`U^;t}|oL41Z&b_S_X4WY4U*(fN09uTZsrNp3JE;?oBC!kCD^B*+`gkB|N)6#G5K
zC)y^={!$KS;`4Nm8*P(4v~8u^Pus+&ZL)J&t9HtUmhF^0?G&ztIM7b<GcmjqJC{R`
z>|YV=?+pB|!0!qC-oWn*{Qkh-9Qa!Te{0|m1^!6jj|INLbid25cJN!tTgfx#&kS>d
z_!<3*C-uj=wZp8d9AmrE!!bMHdN^L<nXTHL6a1wOd3pw0(DS_Pd`o*YKhU1xpeHY$
zvVr#OaQRH!qReQHOkT{zr~a|KP<K41ZtPRxOuxtm_KSSvTyduB%*+*eafoe6XC~%T
zu9Iy^hHd4=KkA$zAJ`Xpd%x(f)_V54__RToHpm|Ot97l4oD}AqqjhZ&_`-{URd)%n
z_K?efwTE0DWH{$24xNF|IY)cT9`L2VH(-N>w*SBRt3Jxi4>8At*}r>Q7z?rPb6lQv
z#b=!J+7+L<Eu6_K>0w^w?UA$}W?t=c8<<zB%e>Nj#k>-qc{S<snY_|C>O`I>fBq_8
z)K+Gk{;l^{YB%-;ZP5NLj?<R?%G0U&|8CW}-TS3wowAL&B;2xJG51tA(_b%gdopu)
zoYPd7xp%<jnR|zuKhl%wyO$hhOyc;;(|PXSK<CT<209Ps=xk*UkNvCli~TD;b4-~1
zD_pe%O4cLJEwO*q@9bZ#Q<=F%^2?#;Rc=4mEb%+R*E+>DOL@XIOEM;s-n+`S_P~!h
zpUIi?a^faEnYBQC>J+9<?HT@C#zou*YMyL44yv1p!{Np=`Yuf0rJp&IH;1b&=8V>n
z%z7j~bLRElN6XNss>__o+snoH^ty5EFXaz?S6$jHOq+$7=fYLAE1a=eeCD|@Z9W=3
zqQ7B%xbs_#t$d-K8dJ1WaiE>zSFODyKD1NqGPbgZb{_J0(oX4NY$eaw=Gh!$`)1d}
z*y=iqvDGy%ZGMZ(AQri2FS3DpglCnP4U|6?lKQO@)n&W-+e|3SZ8z$9tJ_KYqn-`w
zjAlJC4sQ!S9`1ZA^|V=YFZ);g%zP_8`&XF#E6o0t{h9tf7SYh}Z%c;rt$gpavg8`1
z3t01Z53uBW1MUmBANU;}hs}Y%CE%^Vn$L%Tm1848W-MTXt@Yi7*}j{#u42Xf5oW&&
zvoC}*eW5s1VVf}f;#jn(vq$mS7m97BFD`PMIo2f4z7Xy-U5S3^Z7GM}`9B~IvY$B_
z<DmFt;_#lFIK-U1*kzcL@w!#|nUk%Y^Qcc}?RSl9_Pg|R48}QD<AVJj{oU_&vftn5
zIOFeXKj+N!yZmCm=gqyczdhu`U*(I|<tp^Ze)@8b+nnjUxURj?WtN4y^yR(IXAZx?
zaVKO{*I;Ys3G%V!@hJH!^lSd4FXGb|VfKqK`$d?(2-6qkK;C#{9x84<X!ltA&py5O
zFNtR#u&&WKH!6QNgD<=VSbe<}SUQJ*m184;KNj!=@CQ83(}BMSSmR}1;O__4z2gJG
z%C~cYWy8UM&jXe{=Lc-C&~}NpORTuf0bjTsIIgYw4UM_rKNz+2yL=yXJ@buD+Co{P
zC!<sPD?x@j#h(}W)G7V~@MTXGIOe?iVo~5P1{Qxw;4cGKtd;{S4w*cWOjnTa0sgT2
z+Y2lk`hrY<z?*^f_Y{~XlHVF+h5{Y|mdse-PXuf*Keny(*QNgh`b$1$`s-MDS14rq
zOX~>xOYzV2mvo~3UCKS_VeSbt_jE6^3jN|Q1pX(FXT}%Z2g&#%dHNzf^hNTW(3!X2
zmV7&8;&UDPJsFO*%iSKze8Mru+9w^)MP1Dy9Bab#H$Ip0ahGpJr>RWGTzN<vq?0!2
z_mODBIlhLn?x(yh;@Ix9ph535KFKllNS=B$FVPqM)*1C^-k|+?_Q*EsQM;MC(nDW_
zX@fB93eyH*##5O2BV4rxlKf=;h`%WC7YDoqSpB{%;7tDLcZWKIOc${DJ%QgF_<e!j
zAMoaYw*V{0wgPYTz8C^lzl;DYo?`(|0L%XAAioD#I`;+n{Q(~U{%pt%#cB@u{>&9D
zY5Po$jN~aJoasB+#=a9~-wCtt^t((|v?ad5dOy;hR@#yb+Y-*SCH=9jg=kA-VG*!o
zm?y$9PfR3jn`9UV^;bqF+An#=s)$;;HZM7jvC8O)V@-R=j7(lzYWHrHS6lQ&`sZ2$
zNepN8CE9s+>4~w8_UPF{+7sttwVTPY8T8B=w`jjG;~*U4kjY8SAyvd}hTk{)tJ;<Q
zv$iXljQ;pr-}?Pz_OE_3In%$ocSgTtKgYHB8NbBmSd)Cl2HD0jrM)6$wCBvoE6$W}
zr7t8yn}un!Fl`p*{Gf41n`Im4hj01Z80Uv&W?b8`u<$U>k)*T7>a=~^b@l>_-v_KX
z^aDT6*Z0jqW=oLS3amH}1w0b)Silp&itRM8+T8=JcJ~FmANV@A^8m2q&kZsM13oX{
z^8-E<@CCrK;X+{PyeP<A46MD`CBPcXmj?OEg8bzHUlFju^c=3fZU<j|T>+L2cdNYG
zqJH7Iq1}0*-TA;eA6NkVJdb%b$S^-2X$<=;vVV!qi-F_Wg4&t`{@=pi!#&qM-1}&<
znf~UD$9PSu^MPd{Cd&g}5pXAPye9pD$GIoS^ahzeV4V;22mWT@RX#Si0N-8t^KWhs
z^RwRr!TgcG%pZ*l=1<<UL-Mf-+a$wy>iHt(k7P`wo+p`{QD0<oSbW+b%p6vKF^5m|
z0@@%<8(!l+(gyLF!?I@y?2!!nR5I*S$*@l)(+PRWbOHY@{F0CKOSp=*<S+eF4$v=+
zQ~D)7{X(IA=$H8P>qj0F`Xzp+$+hVjQTio*5BSQxUSRQ=t3Px-{oo55%<tb;=0M4`
zLr*KQZAGVINS*O{TGeHqE9aSG^6@VF65D-`k6-3?Y`2xRqRrAtn^l)K>#T$0LVV`W
ze|jHP5l``%KY8aB(Pm-V9NQIUyTY0AsJ1fgDkt%k*u%V4{xENU?lvzAG6wVW>h7}h
z7v64We90Huspq9>r}(t9mHf}MQ~AJnN+;u~oMb=7cxq0jof^xTc(yWj4%Z&pKzr1W
z)zC+@=lLE(+9Ui|^__D5Zq2b@yKU?{jSKdjFz3eKxD4k;jge0HDBK0C9Owa7Obq7d
z=L~Zc$M0?4R;I4x+oALKF2gaXeHZHrGd{x1nY@0FI`#JusZ;V9oxk&Tsq-g}+3%=i
zpQ`=Kou6Y{+RtR#dV}kv{eK8;<=L-XWlUn;sx8_d=WvY?+OK<^wEuQ*i}tJU;&?Z=
z3T=OM8Dh0H2mEM*>e4U$ZVYX>Blsm5+VE%R(}q6<8)P$WkZl}0@jOBDv_bNWgXC#L
zl+Uv{#!Z+u3unff__SGZt|AW6X8A~)74yZAfl>BZV*e6(jy1_I2VecZ0$6oBf%SJh
zyMWbJ53uU?0;_Hxu<G^$Yd+izto_UuVAb6Uthz(M(mxVp#)8ZQu<qMV2bn!V#$Y`+
z*hh*R`zWs6F<1YR&6A9tIF2+PGcvI)VT3-()lC0NCv#FUVgCwOQ5T(QpM~}>i5pmL
z_wXMlS{(QW>uu5ZXtU-e+9OPR4tI>pFV>ZQ=BoNG<4fLs_Bn1peUVJ`WeI$d4E;LX
zYfsrp+k|PGu1OhZ@v9+jjI;Q(O_;U`(>D3O40Y9C%LC>(dZaPz(`o+_nJ(Zsj&u#%
z8)W(d?g!Rdxf%H09=FUmx~KDpLfsKyJ%=_H_!Gd2?R1dY6J+)Unf<_<eT*Ck_*`JE
zDF=b?N-in3nf_9o*<W#72(!NwXZDx)?60E7g#9Ic>@PF9(5AS}0hW*L0at*_u4gWA
z%t_hIx^b-O=UQ3!g?_EUy1JK5AN33Xb5i$|>0`;;s-mrS$Mi9_dtc|XU0vhTX7Sms
z_-ywGmp7H^`9bp`>&kxCmHn)%d&jg{zR+f^akN>!&}Kc)K%4L7?Xq9)<9IP_kS|Ms
z^Zo{tVoTeEX`3)@6Q*slpSG#5GdZI?p>2|(Z5_cj@y)b!tfD=Vp*^k0w_?9!XumM+
z7p?|-GWN>`#y0P~TD~ub9?7o&*0Y_Rz?zr3f=mza{XIUtf!_zL@!k*ozvtD3OAv><
z>%2PV)dM{KranI>TgkD!F>)+4&+y)~#y-c0a)UW0+c<u8FJqb2Px6X6rrcnT9qzgy
zJ2}Q>8^^fX<rq2IW5O{a+p4f(f%7wCL^ja=!?j1TZF$alidUdL56-bizR(^$56O7O
zepkD5;FoY_K8&$a92l#3%_Tl#CEsbAa+R@qqp$Dm>lmvCx&5?F*NN<F$*`}re~x|K
z37e~4H#488ZZBlwwS&$!`@vTnHUmq3OOQ8Mk4cPACGa!-r5G}Qgc%dzYN*SYh|ib^
zv%eJc*k6pvL)~A-<YA5(6X8zi*E70|iTb4n{1_AAzQAWp#Ai%Ymod?Axo?HM{tnI%
zu>R)A2(aQg2CTm)G6AgLahe9!-yhi%<o5;n{lJnx0Ic7`JQrBD9Sr!qfX@&35U^~x
z0Qf+={a+|tX#WyBF9KFu7Xz!UOMunZr2$_S@Z|wt5%84(Uj?ifULE+?0IRKQ1OGZ;
z#rb+*#rXzc#rZ~H#rY;+#q;LCzXe#n-wG^WZUa`kw*$-fJA!<{es(aC=ihhG*$Dr>
zgXAlakskhi2kGbEcR1u@oPXaza}@u+gT{Upb!9*QzJqk~?>k5*|GtCHI+g@`mH}(7
zSRVAO0G6IkVCm@smYyD9+1U#$8~T9t?ovOn&LTDgOXn6~>D&q|okPIVIRd=i2k;oM
z>P`Tw?liFK?g3WaeZaD3Kd{d04g|h+(TsBuvO1Z!D*?|1)*LbqSo-G!t1lJ=eic};
zT^RU_fHfx@thY5M;Qw|TWM|9v$als>zGq_c2%k$C6X~zQNBMrY#zgZxZBQSvUt}k3
zP%hC1t#KI}B)=GTYF%3bEWW|~{!+WlnHZl#K7MJN_7${EV}!OH#(5@fQ_N|b@_!j@
zOU5#=_$z?bRwr;g8&n*6z}Fb*1(rR1z?yISfu(aZu=XKafVG#{8f1om7kLhh1pXMX
z+A>&|Ayz-OJQiZV3p2Lr3&vJ`QAJye-JV(dT|P3liUVUSJ<Fjd##Zs^4E!!&#fPy~
ze=)YI%h;;FGO<-W8C%J3h0cF)`x#sD8C%)L*otrB>0DJz+QIK}Jr!WhnX}5vN6J6N
z>t^H?f9jV#loy_hwse-ly4vfquk}n6>#hs>*SJ#3NS<{shh)Kj%QV_AJ2UdKjr<sg
zz7U5`xK7&nNyls}*1g@&g=nYv^ih~~rGK7PZbLHKhdHS@FejB8RVz#KWFfHZUljO@
zfmPRFq3xaiyFK(J#!b)c(VnNeU$keVW7@MJ#5VdRowNESdFqjm8NW8UP!)E{Hu@#|
z>DQ@l1O3w9%vu6@$t(+XIo1@b72xal#yf$<?*cx}b@l-3?_2c-8H0tk{v6-s*Q~zB
zK9!vr-%oe_RkZbV#~I%h6Z$UuY1_Wgr>)qN*B4v7-ORlAUtS?&&!3%7d*m1Uq7%{3
zb1%`(=iW_rJ}bx0Io@u@&U-mOW9P~oI~AWf=0mb)gJklz7c0Q}ja-hA=wqxq!&$3U
z&7W5X-LH&{bkYXp5^WfEdD@`(b9~`HeUiN>eaX|Kx~P(p&*RI6jQpMOX@4u@DEcTH
z=;M9lRI{Cj>(~EV@)Ozq%EU0wwhwwi?CVV3y!byS{8n3@%-$Ac^6KW<d?)$Cd^qbc
zbG{XwdvbK<)jeGM4_7`fZsIcz50_Hp_VaV>kL{l0GMoqE^ADPfI1gw)kXdUaQ$<_a
z|HL^nlUK1_VYVyGoRlwYSGHx^l|5`%eZh8R|039<wRkbGWR?Ku&9Tuo*+AR!`Z|vv
z^|a!n^kjTgJn5tSZ6&s}S@tuYIx}QEV_Prue&-r3Y~e}I+tQQaM;}{>)t$)G&KHMV
zeTiePHF^D|cA4}401NfEFCXFa4|P7sF@5iI8T_AGo1&gL78G;pd8yk&J&$zE{)&5k
z`AD0izrwTji^gdt2h?9x*c@{}_vx7DvVnQ7>zXBym(9xpUJiT^5i1n9kIl0`#^h!0
zFY2V?7JZC4pcpc48jp<I5zwG(5cLalPyJrCvNp*u&y@r8Q8_>#@5;E-wF&KcMd-))
zUQ(P}^t;xyM>4cWGPFnY3}Y@k8FT4p%vF~$mwYGum3$Yl<a>Z6-y3ir@b~@ZdOxuG
zZgap}0yfxMf3*_N*uSszxUqj#m+{OSr!i0R#=;NWFY1v_j)fbX&pZ*o3cuo55TE^$
zH|IYJ(a?3oqkT?bzdYD6`{k)F(`jExY{ALR`RI!<V<Jpngz1YgeG#q({me1(>5DLP
zOqe+)ye!nEFXGb|;m#n#921{8Cd?cYW{wH>hq{{s-V*TEfQJGe33x2viGZgA-V^Y?
zfcFP{AmDQYJ{a(M0iPf6p@1(4_`-lM3i#rHFA4b4fG-R9@_?@h_{xB<3i#@PuL=0t
zfUgVq`haf;_{M;53i#%LZvoc$y%qRXK7MZt_;%nIwA=rM!X3aGQw7|oko+9r*LYpt
zGtwCX?-@yk_l(YQJ-la>jOCz*_l%^c3Vw1v6J&VLNIH4XNb<aA^jf!p_l(5nJtOgX
z&qz8ugHGNvdcWJodq%R2_l(pQ?-{+$_4A&Q^zfdMWO&a=cq{b3&vo*i(H_UVXCxWk
zGtykmdq&d9dq$GU+%uB={$M}v8A<-!z&{B52XFVhfX@e(kB5NO?ghZob78<20ZY%t
z0bc?vJ(mJY&t<^Ub2+g7PWKhSio=yb<|<(Mbv3Z`ToYuj4KmjSe0`9)A>bQ<5BYtK
zn}B8K&A__HaZBLe3aon&w*l)n?rsk<cLbS&9kV7mKL=Pgw*$-f3b1s}1=cz^5BR>G
zOY?zMcLA`Tud4zlYZ<WYUj!_ji-FH{AC~|t=a&J0#@EN?z|y}0ShnHu%_Qbsz|z?R
zEIWIFrL!;KeqfEM&A{rrEx>AbE3n!f0#>^t!18enSbj|a%Z6!S`MxK}><cpcfpy+~
z09bK27g#nQ1eOiw0n3K-fo1a{V6}Te;9nT{7Xhp8#lY))A-n`w_opre);*)kfc5;_
z<-oG%3SilDC9rf}1+2PP11tX5087ucz>3LrLH>H+^F5bt2>cs?<>O7jvf*Z6_0cWB
zvgcM{*>fAP?71CSdhP&D_Hwp8N_5T%xE)xzQ2|z4bAi>?JYcmoA6RWI09ISofENPG
z{zbsjvlv)<mH<o7vVfNZE5}v@`Obj5faO;Yu-fVcmM?vQ-yis!fo0DYVA-=Z;2~h?
z9|`hfL1qG2?M?%$-914bNAQXM{lHpZ4ghOjJvYc41XeuH1D2iV2bn`b=7NAP3^Er5
zd@-=>yaZS}FAXx60c$<IJn*jo)*5;xu=HF7EIn5T`D=ic^Vb4D-`BG1faTZqz|wOA
z@T+|++z2e4Hvy|(ZU$D}TYy#f)_`vVR{U=d@^=7BKW^+L`sV;ke|x~#Go`K(;<dBn
zGcwv^!_%a0CE&Th(lZZOxji5F_a2`Gz{<BOu;Q=~SnVzXR$YVjw#@uG&e))KX+s&c
z^jmY%NgIS|gK*X4l6EsTNM>=6SrYKFfR_inB4C4cn_ISDzB7hz(pn5XIuoP)%DpQ1
z`ppX3FB!&Axs<VAeA<7waaIm6&cd`)@n@X%j27*be%h&LYiXzKk9|!$b^o1lZsj>!
z$#)_S(%A*9c6)&3Z!fUq`+${){Xu3k@F9=+mLPAiwSLTtPdpQrotgOP?2GY{&5V!a
z86Ww@_~_gq_9OF9byvV<`Pd08{fv)f7$50me8gvb#AkeD1LGq;<0JX4(62qu5bzT{
z5F@~n9|P8ynh5-9VCmTtu)+M8E8i-Rd8|!-_L&R(DDS&@z-o6s@CvtwG1nL|w!K&D
z@^gTd8|14W$ro;ij4<1cbB=6ayYZ}5Hn3gUP=%goLo01bhCXV}WLv`YQGYv+ZK=Q5
zmd>LVqFu$Gd386;Z=FGBSHR3G^{KJzaceoAiW_~D9{MPLMyL9MeECispOaaP9@K9G
zYV5Ed<Fhepi+1MOueO*EKlW=G>Uo#v68lJXGxopJW!Oh~`eVMm+vTbMJwd;0p#GTW
z*LY>>|C-~f`P_Dq*JTa}BNj<MXZl4k%;dRZ#dakV`-Sc1>A&9XVcgyu{EB_|IqxId
zBN@s^d!(On*8G<7CH7ICJu%Lbr@tQvan|`j#$VYJ`>~36${xm9v04Pap1)lTta}qn
z0)H9s;o7NwXB_l*mT9N<1MHV*r}$O0rQD;PaZYF@Cu6K+LneO|+f4rG835YZ%2<}3
zjQ*H2Q6~2LN4+1--E^Ms@%4gvbtif<b^kAur;qzQK<tZ`D_G4jxf8#r=PfyP#g6f0
zTQNWN?g0B;?+$o=dLMBd=^cSg%%lFZz3(!4r5vVyVd@vAPK^cT(igp5+PoM4>ppDE
z|A=GVIOpg(mpV09P^a!`(oSK@d^xl$os?00IF=P3`m)rWr!OZsj<Kqm-KnuGor}Pa
z>zaHtc6uzt*b37gVcH{1dxU9^FzpepLVuhC<NZhB#gGx^94Ndj@RtX?BH+$|yMVu*
zGsX{hZn+bA_T9C9p2_}=IUwID6X&0AxIE+e?HoJv#@$(-=jP(!_t$Q(J8OTb-755d
z$8B2(to<bON4doQQheB7$}9Gl&M4Sl8f)w?jh#;D6rcSi+!Oe{z>@C^{Qkh-42)#7
z&ldZa=-e9c5U})&1pZjyPXuf*9oxLV$m6TunGeG3Yhjq1?5{F?A)OpMiftA0iaGm2
zeD;N6&c0CYErGn^pXrM`$!Dutw{1?q^hLJO7wMrdSBLxEUv_-BdMJ-z*asTs{j=vP
zaM|u*;B#O52R`fqF6*53p5PnvDEoe(Fzltg6;=&n#LY8|nBh+!0V8Hr;Un!EpLy2c
z{p}mA1LM(3+GGDghHcq_UzcI{J`aa~_CXzBw2MDG4U9M)BMjMv!f^AE!k8}~EsQ=t
zLAYw)7(38|dQTLF{i}pw{~BTR`8r|r`9@*rc$zTAAI1oDcG~xVu!XK*$K-{1W<1LA
zX@ev7L0N*qN-%RkGRy&C_?F1Pw*<qt1XlxwZwY@<!0;{M!?y&(w*<qt1jDxkKfv(3
zFMGcjEX*@wJM0@K&ijh<8FTC06_#7Q;0r%H;By0hcfeN#{NsQNrYq6&;D8xh(~tI<
zKZe&@`AW&Gvu}LbjE@gvE{r+}pD`DoF&Adcg&A{U#$31>^f2b)(>8lf>3&v@*?yj3
z<T+?y*o)6RYY<}ywgIC}*aHk6j#lS=)$<=^!1!QH&NGE*lR0mE$a8EOh7RDe<`#|@
zlV5DSN7z5qg&(xXIuU*TAn=8c4H$Li;Q-z~jI+rg7ufHHtA=T(VaPtl{y`r00GGp@
zHt%b$hx3VH$UGGChM|x7V;J^7UVQY)$-;=iMq%{HvxMObbIj^i4WA`G;)5=kXO1EU
z^w(q-2`9EOK30fFfF2HclYuY5i44l1=Op_+9@u1-2q!WqgUo9C=G<a3%Y+jdltE^L
zeXj*J8N?qrkwF<`o?+jo0-FrRB5)#uGRW+(?*U+w=@d?6PzISP``!s`GF`%n49XyL
zj(zWyOpkCP!x(<u`;Pf$9kJh%oIV=HeaKa)D~$RHo)rFqeZMr|ivs?5z@HU{&MyZ1
z)quYp@DBq1Nx(l3__qQ7G2p)hd~cgC5}S_*_+bGr3V2n(YXaU7@H2odZpib|z~2?{
zSph#c;1>k^(tuwX@aqD8Q^0Qz_`|}VwC|4xKAyoy{QXM6-wpU@!hg2!KL!3@0-j_2
zl;|l1{J?;Z3wUY3y#a3wcyqv`0q+X<Okj&G=8b)U|H6P@8t|(Feq+FI5BOaHzdvBy
z(@%W-SiqkO829lLnJ)#5d-n<d-pV(OC$0-NUf>7!PKLXUkDoe%Jm#N=31iH0-ZuV=
zO`dbC;ZEb9D48eNH|7!4#n@age1&~KRrsKNKTY_V_Wg9>JM0@Y>h8AhLE%yR-Y$Hr
zeUAxaOpgoy-oEz;Ki|HeD?G<?<ORYQ_XmV4#(%Z&_4fT*;fwA2knr2=`z^u;&6jrw
zUv1y-7rxoPKPY^oeP1Sgt$p9$+JG-d+xL9o^Gy%;55|9l@g6PyGW$MW_yUtTNx0X(
zpD5gI-<yTU?E789c)scV!Wd^C6vne5pBKh+OkWiKpz*&U{4e(XE#b?Ik7t%(^WPc%
zq3|#48_z6(kFoe4!k;jiUkSGx{+%$!>5)c5{wRD4f5yHS2tU-mj}gZ6CZHj|#J(Rc
z{3!cgB#e1@x$u+h`w7Bdwr~72D(aqU-)n^X?E6{5-?Z-`;W7K32DUL<u|5J$))ylS
zZKekw%#{ho*iJC&Bp7>w1fyDl=Ld{ELBg*FyfENJ0WS_1>v~dmS-{H!#(JE{bOziN
za8JO!0rv&mAMoaYw*<U3;Guv=0v-!^BH-zO_XNBz;Qav~2>9H94+eZ*z~={iDBueM
zzA)g60=_ulO9H+$;L8HOJm4z=zViRj^*(T)PIdnOeKY=EgTdv$^udiAgTcha#Epre
z!C){L8Vn|(siYw>Ax)B|QY6Wi%C@#_`7ZTUthCuyrPx-bcD7_yzNOZdO7(j_-{*bq
zJ&pVKdCX_d^Yi+=&ilNtbIx_H>vMhn+zmh2@Iwth-0&j}Ki2T$4L{NF%7&k8`00k9
zY53WOpKJK}hF@sd*En@9xo%coyJ6SOs!wUSZ`if2dbVzO(C|pZp3hYO)P|=u?D|+e
zGaB|aUe(7Mp4IT|hFwpqe{RF`8g`AXo&^mrY<N+_iyL-bu636*d||^&8@{yRWes1|
z@bZSQZFoh)*Ef7)!#6j4Ys0rSe0#%pG<;{ncQt%Z!}m6Pf5Q(p{7}Pj?!gPUo_XhM
z!~R>V^MAfh%xhfnnrpM6p##z5oFDcapJJ%zzn4(%BKsk%<Sy%mXY=y9(sPI&zK-(h
z<abeiQvP<S>wc%leaQVq_FQ5Oa@I2mewmCuoAT7u*G6|-)a~Oqzr{Zp{fX3nL+NqR
zI8)I5=|KHQQpWKJ-F{e+`fZf=%IMgJo=trXQr(KX`qt=UGKS+R&rJ5u8!eIX4Dj5Y
zx}R~go76|p{VbVv*I~n6%3XaFeU^-V66Kqc-$Kbtve3Qm73YL_M&LLPgr~y0r)N6l
zzR8Z)Sn_PjS0#H6I4^kt<*Sp=qFkK3gz}Ba@1%6h%xx*<3Yna3SMKuK>5b}o$oZqm
z&r!x}H}uEhZ>m#wT5_E;KTh5J<*GlgPTivz$B`V<8I*g-#F@eKa`ne+G4z?}a@AdD
zjPo(dc%22iA77!4e+<7|{U1zy7P?$@_gUjSPZ_V3;Fa)q)rn(2%hmr(>T}TLs{c`)
zy7N{W8rq4wJd<*7nK*Ot%hey}ROpVIT=f(6Q}+(a%aY$ud5w&JK7P6SZ%N&8m#h9+
zb>ghY+<YSWIm(~Q#94@6uKvHIz6f2e`jnj8r&4Y&Q`b2qSI_S0nMJu@dd|ZmSI^O@
zFF}{9zEGV!zexG1^jwHXuAckSb2jBylQ(2e{<};*OYzIq|Ks%dxz1mv=Tba!^{h^P
z>n=l=tL}Ai^EsVzCmGLGc;xEYOC8T_$^&FP%kjw7b6o1zqRUl3Q=Pi!Q=ZlEIWlqF
z|Ku*;f7yh`{dY*5+i?w_E_1QXzB;Gjc<q)t%|u<o#oAY|8Sa+;MU?Kh#&Nu6$h5U~
za`)hxP+l`fpPbx%wdg1CSpO7Cxy#RDITwxTYe{cC3!O37ka<DOCCYML@zJtfosaW<
znQis>;a_g<^OcW~w=UP)=Qey|!?Bj)ITCF|oj7j0+~s>Nag4*`ez#A0%uTLi<T28^
zZm-<sdo;d=HwRx^$8q-GN}k)P!?qPMVPhVix^b+d$G)<!<(~4bG6&yVDX(bQ*VR?O
zw&C|S{K1CfHFd^WC-r5No65B1T#&nbkC@Gf_;06-KEb0VS5M3hVqSxG0C(dIlB;Ky
zIv!v5$GG6Jzvb#VAwAbqo+0BIO|G8B>G=?49H;P1O|G7c)8jRSI4AjT>HoddVf+8!
zWc&ZvWcxpkiFoY)Xp6~mGkigM#>XP{7>nfPdXnS%M)D1fZX4!cKg*qyoSVmZb^BJX
z+p?WHan7UMNyals?()6k*iZ2+LyvO+Joc?z<Gcbkj^j96#xt5+Jx8VITFMjCGc~z-
zPEF7F7!k+ucf9Ir`4|`U>1cAT8{<L_H=(&Q^e)E9-NR+A*k0Wa@^g#pTCn3a#$A1F
z$~d1HaLxtCT8D05F67=1ihg#(uWi`v*W>s&Un@JV#&_K1+P5+P2b^!B?dWrOd|s~G
zWgi*G{@Xoy5oN5C_#JDx`VUBt*VYb^@z{=B`!Mze^Z}Y&>n?z8%lYW`%NJ65H;&^j
zci$-ed5QX<%#CHq@1~3#SVU*RFIE3u>2tXo@E^AwxcBLqF5_`5<nEg#{(k8>n3COl
zsAt0RudLhOFEL}?{#NmCoSp&YW-=aQ%Juzd*PniS&W9<Tqq6(x%Njnk;pi(o3(-zV
zU3RY2IOZU4K^Zx~j!BF!>=>GN|AW=}KeyqLlJg#^o2T4;yXgC?Q`hx-Os1}F%H4O0
zXHM$QPq}-v=&|Nd_cXLvhyB6|H}mL6c)ddDe$}JfuJvW(%k>z&k$U>0KVj>|cH!46
zcaN2JV;j@Iqjm8(=jD1Xv3Ke{rCjG^yng&)$#Vleu(@%l4mLMJ5A{qO>+PI6McFS>
zUr!z0lQQxrj(N&m{;dl489lCfEEy5sJms2C#Q9OlC$<+hpI9f^pfh2|xJNg)L*&$t
zOWk%IgR0wxeoODQt(cS4wH?=I{ZlDp-@$KR#lDm8b^4qh+n*-mahv2W|90Cx>Ua*N
zjJbrz_;PJG);jb7n%w>Sn*5*F^Qn6}9P=NKeJ|I#(Levu^bb7VKXlTr!+E?ww|@@i
z-lu-NjBfudZ1lIJZr@zp=(nV9Km2W@-<!JI{<TK`LF#VrQ;q)n)CZK4$gk$JxlBH8
z<Mxei9_pi%a^3bAFSccTykO5+V!ZIzv8(=Ax6vIRxub8rxz?G(D=A~G!=onGx<}|i
zcdX@FH}-Mro{cs?Ju{PQ-SgG)Tu1qa^o%9fI7`*>yp!@WnYLyn*ElQEa|h)I(la}`
z#`$pL`J432p_FT!&!p$;l%JPrYi@Fl^M%H9UwY<I$~Dfz>G>JucVyz&2Xc+`xH{XV
z=SMQ01<5teFVeF%WBzP<7E;PJ&TrL;qvr*gIEyId8fRUe)8qR-8_0MT^SoT+Y|?mq
z-$>7Sc;p%<_NkT4J_V2OQ%u5l<9Gk<(buLtR8IY*)F)G#U)5uL@lQd!veA8P9QP@?
zuK6*yiMcgetVQtn+{V8-`is^gJcpz2#od_JmFu?8P*2YR=^0SUb=zYt!m}7{E_dUM
zB-c2uKgQ9sAU!+`u5r#y&()N#OV8Bg8s|-oC)OO=nuaFVI58Ig*^C7|J{CK3Z2)iV
zv*>HX?!$fRaej;LSiDvpwvR7rJdUNh{eNSl>r=O%<-Zyi;*XCDJU%Y?)!T82^9nrX
z7~_IxklcN5O(>6FcxJ<K4v)t^muo*Pgx#*UQl25>vCrjB;I^2%o{K3jknz~(a*cDj
zI-Xl8uafcD=W-pFYt-@FOu0hF<9aC9IB{;^#T9Ng-@}fJ=L9_+;#}J(^|h009}ZG?
zT;wi)%V<Y+>h43it4vJ$UasxN`Oi;EyKm6LlkcZ|XTz?uRlhU&Ym|34{H2B;XgKyY
z;=3(!%{j)Awmd(LafI)J594lIU!**u;iF~Zxb1Sijv8|k|NUsO@4(K-bGYlbPvkCt
z2kCruJl9gjaRHBgB6s;6v=~P`UJtM@^xsB#i;Um7E!S%rKBwoal()-xoab^qKU_!M
zFH&=JK36tB+5VAh|HN2NEw2w^jPSVaa`&S$&$olEYdyJMBZ__er=>0P=wag@EbmtK
zi|E_*#CZ$)$vkgg=(jDo=Ci3fp81qp$#`s6u4A#iI-Wx*>5lLiL+)0VoMS#`4*R9Y
z{*=4_ES@7%H+Q*iSM=diWxJxSWb^3Z3HxyOp`mSgK61w6c16zF){a@%7;<e39O{{*
z=CGdpU!~oVhGPy-D|0yd4UajzsNe87$9KxQ<{;O$BL34&{N#ww3ID!$BR=|s@$tBx
zM0`A}#*ex`EAjR9Br}t8V;S9;avkd})bYHWGUh5CW5zoCWErC!(qkODIO5oca`)5X
zVaXfn8F0ruJjtE<&r3dX_jK`_gZg+rKP!6VL*1!7zqKCN*FmvgutB46><h^;Pv9NV
zqpe>wZT+Ie+|W39wxo=9vu?!4Zw_+zU&U`<^ek4(DKAXEgz`PfAEmsZ;n;uufdp=H
z-A3E%(Ty*6xs5a*@vo<Rm5j$em+N(v*iXsfX0+4NW1q`i{+`~s>Ufq?UX$!`Z-&f)
z-~h^)5AaMl^89~Ip1&&F8+oFS=b6{dMvQ}QZgTf*@iWCkHy^pKjWHI!IlwK(i^*)i
z#=J`1Iz4P#a-D~f8-8<%@x^1i?OMmfp`MLfSK!v~U#^n{|EjbbIXqi9+J$XvSN#W;
z*SOB79^Lr%OVuMcbjugzM%^)Vw@1G*B2WDGapak=ZRzfa-&4x<`hSeYuS;&T^o*7B
z#8{t`V}9Z>XSw!I>=$?rL)(UXkH`Gw?)PO}M%2ej%vc{_*Hq_$ez!^P{#g72_1~0y
zrpgDE<A&>??DH>4cAU4D@td1m&npJ%|J}qnxb#)Tfqg#Wz~gc7PZ-BHfw@IKhcx-X
z1N4XkkH^73VVwVI;>>FDfyd*(<8kn>8Yk9`-<CKh(srMGmi)@H-@UfsH#Y3p>o=xc
z$1&DP>Mll$ZG@M=d+CGuSJnjTI=-<c46g;{dmreI<H_9XF=Zia-HRwA=iil_BL{fZ
z9Gt5?y7A@C$;B<^-t(pIrabOp>&i9%*r%9;=DS~dj3d`L;7~ui>_fqamuq;zOm_X=
zd)WQnThE3%E4|BZ<0kU&OFqXmyg;5)UYDHNaLhOS<}BBocT3MgO2^x}iz%6o5#L<o
zZm9J0ywuG>uKgVO{GrJwIr3pgb1p<a$&nA93G>0T5P#$YkLQDbJfGE@e9%|Thw4N9
zQA3gS2J#<EZi9x$<fF^E+@THA1>^d$4LcsjF=x5<VQdR=W}(IT70j@fH37dlZ?8Y!
zyW9h|-MN$;qJmGLWXT?HH~RC1l5@-@%;)p`d_BphHGF2n_E+^pZp2x&pIsaEI6g7w
z;nU$=)bX3M++{!SrH;pAsCU_RqTle_|8m!rabfeq<G9DR{HbiqKI%-^vngXPC7;sh
z3mcC7sk>_agY?)RJIZ*>S*~+6&b5f|IZK?kzzgA++xX2n=62@Ht`)g0qV&0*!5^jU
z<Ug1EV;?`R9P`&t-Q46lAGTD-W4}h-zch8(=#ljI=o8k(W8L+PgF}yX`s2&7+MLwA
zO-Xj!<(fmRQTX-7aT&kcBzIHF7{#~@mpHqj_e?_P!=5s_&qV*j#+PgS0jyu|PBI?j
z%iRVg{`Az%ORmSnn9tePSbBO&xz>&OLrmM0>v<G7)N{buka7)~3E**KgNC=4S1a2k
zcYVpnZRq_VM&A09%G`{)CztcGhzXmIwfafLFL#@jI9BhOu;vgk*JxtWf%dDn{?t4-
zOtv3l&Y&AV#twE&Vr@z0;ZV=cy(Z;4@|q=n%t_csavh7P`|8rivHsvOFS&b3$$11e
zj`iejo1(}5o^@k?!DC)>ea#+oc&(BHr=deV>?00QL;b??zPIzHa%>|WbC7GEo9RI}
z2f4mpj(uuji4*%W9&?C&IX|<p2am05zscR8<o`1Dh2>l><`o|2j9llN`?z)OXSv(D
z)b;<~A6nxkcP}k^^s^td;}$W`DCd@AJnoZY&fw7{*KLe_3ePLhY_G>-Kgjj-A=|0r
znME1>kH<D+z0L88^%mWJkn86|qTO}>cYo|*Z!zv?me)77-NOe{de@`N^C$I%lrd+}
zZC9@OM{el0E7#XtF*nfd|Ck$JcXsA`9K;-hqpx6(EipInI~H<{!)_n>*dOv=y*EwW
zv(V1a1J9<6{jn?C81oADQJjy#wQqaaZQ0hku=z*d!gbE5o6n5&m_zgx`T#yO^%2TA
z7NC#9^HQHm$&wNAr%^_pc&5YWq;Bjb$ulY6lsraxS@JAO^EMy1QSP=cb8pks=TOR3
zHz)mbDdnoiJV7_dm?s%$jK})tQ_9tURO$;T<*NHw|3XT+>gT4uh*GZl($p7I%2kiG
zV)7)ET<c&TId*l9`CNZ?SwDm6JolS8-mO>aZmtLR(TGe#_Os)vZlB3DX7n2#j|H(W
z;Bh|08kny=cjvKnttWR*d~VV1`c1p=c)PD@u4|!B*e;$?;zYZ6R&Ceysz<k7xwhM@
zZ&2C=hk82L^~^S8=a0u2**@?#>>zNnR%QK_ZM(AVRgP_(Qre2Xg?(h){=D*isr{3k
z%ZE37e8cnQth*@n4^!Hf`h@*M{PA(YvugkNoH>k9PEDRe8U2QCn=#L+YdbN|r<VO?
zjK{WXU&`HXMYq1X+bVav7yXpfx2BZqG2;EH4=Cksk0$>4Wvz;RA704wi@Epk8!0bn
zc#urm<-F7nktTPm1(x?R(0yia?)A73=cvSdJzA_kc<fKP%ipCr2DV*J56XM@@GSTY
zb^Mc)>+vG`kOW=(kJSUaf1lX!#_~obPr2r~ReBu%?b4%5t~rmY6Z2%sSpSJ*&T`Fp
z4AwK7GLAv8V|au*esh*<&O52UuB^3tCR_KS<Ykm^X*l)~{1>BbslIX97P;m*P{-pM
zyuXY`mt6BaNF9$kx}M6eIh>XS+sEwc!Mjkh84<_rm23WSp2LTHjqm>4FDYX<CZp?L
zn(VgUne5!YSH}Nq%Ewc8Za>-RPp9tO9vUt&ozLsb)O|hW&Z!U3<2#9|`&|fg7(qX-
z@t>W10p)8O{nyFAqkK;G!^_+bU#+y|_aWxU=%eWI{Rns}ye#!;@OzW(&zqBHz<(=~
zo8O;^&yy$L-RLo<#GHvg#x&RS?RacmKgVv{<}gMn*K<qT)^iu0Lu5R&DCO>DWgkB>
zJ??+8kKmb|-0f35XXrtnLn(Lp8&HG}eJ-Wk%_#nupZJ|ea$RSZ!{+1ou1J1>@`K4w
zQ{I+*C*|KK>;Jq=%=yVR<~P#geEGLz{XdZLyT8lT|BKWYQp#1gj=62fI6vR;pBi30
z=fEN~xz@Fgb@!u;&)X!wq|yESMD<LS$!#%l<Qm8NdQPAmOV4?D<ZfE&+d~`AtI|W2
zA-Tq}zH$8C{DSmch)3>TUg9iDkNeA8ldq&)mh4=9XR_bZx+(c~%131KUrJ25zCQg?
z>X)L+RexHYeB6iDC9ZXs;gQGJ+tjZ@-%33{Prj`>b=}Y6yB^ea9>sS(@^j+{q{p0(
zmhoJRN3MNxO6n`n<!-;y59g$QJ-S@|OH#iPUGDNX-!4)oANTJ|(sMH&xxQw+GWA>0
z<r?!{sXNEzE`MkB`qXbnm#e>gzkbrt9q4ksh8EwoCx<Vh#eTiXBpl^hLH~Nb4}>23
zAiB@Q{)PT=*n5w@Hs#$iy1zH@<K&r)(b0|<p2=vZ$ap?Lc~A2Fl<_@lJX7$*_~LP_
zex(P!M|W&%K2v1$&Cz2_;jQ7N>2VFbv*Gxy0Ai|tD|NT)-y43S;q8cJ`~juhtyRW%
z3^oVXws?($XC%4yv*#0f7Ezv_{C#4_@eZ9sVfju0yb|4cum3}o@w$eXqscYq)q2pU
zQp$BrzD}LGj}hmS>6u0;*ScRz&rd18FB4~aa+kkX{Im3IM1TJ|Ju@if?trrG@i{=+
z@-tkUa<^T_cOVmUCSJMAzmYoHc=k!p7#_Lq%hor}{giW(Poq3mCgv>sa^03#XV7P(
z%iUPXZE5=FpvyIW{6+`yoo_ejfxk={zYjp1x%lO7dWrKDJ?Qh$<+@Kjp-x@DL-ynJ
z%*P|w+<Z=tbJOoV8fO6>xq9MzXL#1Z6TjV&ygHBdFT^j`eShQBolA0!<C<n$&i!qY
zzldi<CeGsI>Yth(kKOURAJly-9KR<3zY;!B4|UI@u3WeMxYSu9hU7ZFu?AAted^rw
zT!=@m{eQVS9@mzu)8l-XYy4QRX!la|Sg&&a+?;id|LLr|43Avn-<O_mP=2N1ugS!`
z3cp<Ya}6H%n@-~Yd`%7eXnXGJu48-1Z{WL%l<p_$u3ZNvyGF%piu5>#^z@XcByUc6
zj+`F*w0hp0?0R)&<5`}%`P`6fOmnjCAi2Iyk8@+<8#~VH@QfsP2bcM59dmFyc9ijq
zCfB*KZ|YMi<$66ZuIEtK?K?O<(~@i5<5D-iT<e~sp1H+(NV~2la;@t+Xg;nRay>@B
zNu9d($0ahJvE*9!rqpLq%JubvW7BVD59V*>!9H@^)a}dIUU)JbWB11L*)WRm7{fKT
zNB9WkJ5zToKALRZPs>^Nvkl+X@WwK2IUnRYcH5?B9%aluJkAHXJE)A^&W$JLB%T49
zT>D`^J?M_RT#xBv>g47*?;**bqns_{cMiyPzc3H|_fVcJ<FU`=daOA^9gqESu8ha|
zAa}D$&P&ws*l+O~6VLSIn)79P(47x*_ro>$zkGg9-T81W_v(KiTw~rK;~ArrYyKZg
z-T5HbelV+k^D-ag?vRpaj1d#fbLt=IfuE#&CiywaH}YJ+MX7tajK|~D7aD#lc~d4<
zyuQP4jWt&*e)Tv%p{{&r>bFsz)bM2uuW0zA$<|$G^%C=4lv^h6NI6}mT`WU$QeQy%
zn$(@EZ%*C1Z)^Da<d0C^k^Br@G|Wc0y<GMg+EymM`^7%VJ$!h2&Y(O$`BKUY8~#}G
zUx@idnK<qXKS_4ZugRipTW;f~$pgx*8s1f=?g0P3$s_PF>A8z?LF%LE=O#Oc-<X~+
zQC{8fJJaJFz9Cuvt&Qi-hHb+foX?LYJBOc0&oI+?9(O&?;WK2m%hU3!8vT8Z?#mMW
zWBC0#O7;5@sH*?D(fx>q`YimD<&3{k!@jjvb>E(;yj{aPHSFcT>hWinEBms%vVVF_
zUO;(a@&=68^~wH3_BWFq$449fLBl_3_-76Ovf<|%{zJpV#5D)wuhsD6hBs{3>q_?3
zY)ZMF!^irMJ_k+i)}#?`ujFoguVEaUJfHIT<Zoj;EBUpQi<A9%|G0id%(-ZB{ptY*
zja#gN#9WCd);&D)&|}@p_v5bOvF)y)e1Gyily}JZ%|Wi`>i4VT{|)7%GM)v=^<4dX
z>G@B}=aXIQCb?eWUx+5xbGgat#MHA{dKTf4>$#Ta_If<8k8^w2-*wnMbvb^2kNEbD
z+;Q&b&F8H9P0F~Qki4ML&ycBm9)7tVcj6iv{x6{|N&gj;7s>dS;Fs(1Vnupft3Q^W
z3-QR^VP&lEOnoW3+|4d}od0KT52fc)JaRqOxD9U0<CNb?&oVr6_4u5gpHaqj4DxiG
z<2pvZPLJ0Mcy?fokJq`duM6VZApYg}<+@#eGA8=9=yE-Oj@JU{&L6qHmWkgDBjy6M
zUAUW%*BbXoo=LfnOx^3LE7zF%^n09&Yan=T#1q#*GXGbn$8+{GlHW$@br0)aNEyEq
zNZp&ME7$n?YW#Rzfag{`?dyUY^q}8{F4wwW%DSHK-=F-6Nqkm5`A&{w|0+}WcIwJ?
zE<Ki>rx@-ZrpJ9t?hY?=;HT-ikvPw%=T1CwcSQ00IX#o{cz0V~Lb<a{yLaK2yZoD#
zd!}cMa^LjagGa98>vP6AhSIz2aooFn3FV^Xt0=FNY3p9%$laWh+pX#OH05pSxgU>Q
z=cmsZ^Z!uZlY9ex_+^=x58{_=zkMw|zov;t((@1=xy!%3_}%opoj889-8c{9k-MWx
zZhkD-c9-DcBdx)HEX21N^gn`M?(%OeZljKWH_DOpJcdWE{kCU%=1_Xq?>UKg*>jR}
zlP{sXT&AtZi6eLUHwu@h=X%QP((?o!x%QjS8S{BI=ceRK;Ey(Zd-78B&&ag3k~nhh
z&%4tzX>HcE^gM}2uG{sk)SpI|>vi()r~VAO+#N$h+*YcS+d7<&Je8hj(d8QRSE)aT
zF4yaj&#O~+UGn*JdY;E4*KIeho-HUhOx}jlb2arb%F%{*m)Z6gh$Gh=W~ayVwO1w2
zqdY3v^RknYJ?DD0Oq?OsJh{d>D?Ljoy_<vQc-PAKJ-*4+|GxBmoYH&s-!0=`8^2ur
z#?td+%5Nllj^|@_`8N%(ljmt0P)<(%0Odx>n^SI*?0MWSGVOZomAhlhIPR4mKU(&(
z<g+OEYxwYF&o_^1_?YBPsC%MJ{3*nj>vkE-{I|q&Zt@b!^OFbY7bkn(dRfD7OWpy`
zJ7nVb#FuOQkEXsky4)RyncF8)-x^)+<`w-j>g3~B?LObIr%>viBY!n{7pnNR0o(O_
zM6T^xU%zi{_;n`Px21lb>^ZexX;Ala{eR2E86l2b<4oc?b<c6+s(aY8u1lFO(JT8{
z_T1P_t^8`4I8%uu*L`hqdfq^JUV5hCk?X$ZbH;IPxjOk;%6BIFTlVis{t)Fq%d|C}
zIC6c@Jw6Y%CHoGyY215GNWCVoP)7HeGm{Bfeq$DWGVH0Fo+*@<B=?k8%Eb9w%Bxe~
zobo-%TT|XB<GGXa=F|t29v6){LV2Hz=RwNtQXfsOeSTExQz_-{P&SU+3EZt~?6~Fz
zn~Ue=#&=ug?)c)rF!kw_a*hAi)Mrr2RgY^v#F>dES3RypppT)+RgddJ=(Et|s@vD*
zX}h0Get`0B8UO6$>R(5FD@Ub#uCIS{`Cg0Tq3$zsy^gezIv)Ex>TX@?Zl%7oTu+L+
z=o8k(Gr$}3<RztUT-&+0d`CR`2VQ~apNyIM*BXAf;TT8a7)h>q?y3jfIVRWR;NI%Q
ze2~&Hke5*&A>%i9xxV%}Rvpjzlqbq~oS$+%KRi_(&(|r>kn!}%b^oHvLf@QHuE*Bp
zsoS4&)!lw$evI-anV5s*F8^-PZK;n?%5{H_Ie>o@O|E%<9yaEeDDRf>OiiwN`kbCe
zC}Vs*A>y_f_nw{7af|Uq_ZhkNdCUzw<8#9wJLDE~<1NkHK%cNKo&o-7chIzZY11zH
zgmv+Zx9bHYZjmz+YCLE33G3pqE{9fr$EMVE-pD?Z>;4j+?Hdogs%Ol)%gXO{oz^fZ
zj_VsHV=McDCz#1~4mdVFy3fen>1Azk-!}d%%9z7=%u%j$U=D0u$49PnCg$_9=J!MJ
zOyPOgw^}#$M|9_~+?~;^Y3R=33mg9?aKA&z|CRFF%08q|-Dl)FPj*YsY{~;=JmxQV
z+wvc`^|<#tmY9dhSCoA&wktWdCE0DzZw<M&wO!VApB_z~OL>5d-*)A?&d*XO=JAv<
zMmse*a3HeH$RXK2>hb83Yr8x87?15nTX-gH3y=B4TpcZKZExMH%KPCn8$P7r*$o?4
z{}|=E$x|seNIujud1uNkW!kbexz6qB>cnyTqVC&Ez3{`v+(r+)C#CbP=OAb<v5m=*
zXL6Swx5Ir*|3Q@Qlk%aIBgy7AP2Sne3fF5v8>{b9^i7j}B-cKV_{+<6vWO4w#q-{K
zcowC1*>UtPpJnNN*AhR*0``$y<G)1DJIi}VgXEV{dRIT3(z`sL(z|><Wz6TPCBE~s
zhkYd1__1Brlrcdb>fcq?LVcCjkbQB=ZS7<q$u-XUsjJEL{hipxcbE66VtjWmaW>Kq
z`$(>F+-Lji%I|^gkn9|Zx_gwm&WRrO(Z2F~%K6=C4M%)D=JTTX_)kZVzJ+JQvCrb4
zoLrCHyYSffub|vR#$*4<bq*h#y4xz(-;MNKPQTkEcb@Qai*cD&wk5^|_E9@7F|W|g
zU#@k{ulHgAw>ZYZK3a!+|K2jMH;~b-EB{sBrYH6(JjRpjw#2^UkBM@N9AF<graf#-
zxyFp~eP0=`E%YSEzJTBOa*ZEzY3~x>SUv0`xq4#1n_fJT59}kkj!Vp2bnCrnf4rXS
zeCV-_c*eJJ_tO8n@?4K@f6JX0F}Ot^zO1wx{S5m^{;TapkKEPYT<XSp^#R^TLR0B|
z6Dhg7xOhU}x6!k1Y~zfg$9@g_Xa@Hlwyph>&BgVrzmd;BuAbNJ@whD)rN_FQPDNeE
z=h9^BzC+HspH1EQc~9yqDesku>G*$D#=nyC>vHDyjpPC4Bgw}9ft>MwnfeIjI>Y~4
zH?G4IXB6GvL^7szx0JK)4yjK?_p>zW%P9A6_^9-_y~iX^gXbk1^VR9MuP#nD&U@1{
z9naq-&w%euo(caj+4w7y$KanN8~>Mb<{a;hvMsaF{d|ktH5=YG**GJ~bKsqljT4_&
z$v7`deJ=W8$@Ad2=1ffE`1up#&xg-%;>2geGR~!`FTnHe<c07jl8tkF@*?=}lFcVR
zOO|o``yaNo7(K2z!{@<2Y2rMUyafGcO`PZCj1$+Hse2)wc%K(u3U9>N=y^Hi4l=sA
zjV50T@0x6G`^XtH-V4UR4E>z+Tm`?O@%VnQF};1T(La>>a`d={oH66NadNDC)V&tZ
zi`G3npCZP9=gj9Q%AI8VE0Vjny4UA92A;#=1GwwCKDoYrKSmwT8I-S0w%yBR{5%z0
z{qIT7N=jqtxjDJJthD<Pbt*nY`LX1CDL*IUzcsn8z4xVl8>L+JM^nF@Qm#2XtxkOR
z^<O00uYZ(@e+Q-9U0(9>dZqrCP;MmSxs&JR8q;f1>UW{bHHSUbsrz!uvGm-7NA8xD
z_=l(G49XMJ<Mzrm{-X3Oqdd3a*U7YdKYqDmJG{LqJ(p2loqPc0^)mhk@yIpLkEG}0
zl(#1TJ+VF`<996N>c21bhtcJ#e_fsJ{R8E<((?!&xqDmL-gplVk84kSPJ{T5;gRe1
zK9_YLN0)2-HFH0G0$r~92I|C&&j_byC7xc-6{X#mq{p=?-gl$jC-KO&-5Gk&og;FM
ze?;ofpvzVF@A}y8+bK^@&$D>s?#j~cndxzDTaupV@W{2@_&gr%K94Tf_$$)?0=iuF
z8&e;mZ{+T(($?RolaK44e@n@2asJA+t$S1Vy1HCrelvBCb#m3eo4VJl<?ijJt^ZJ`
zt>-D9Nl%YQu5JA>b+0+gHD<gwM{ZtomaD!QY|aC8x$Ywab=q>h-90@cc;wpFLFw6q
z(%;56j{Blq<DZzGH&LG6@VPR6uL;Z5zcfAXq`a)*D`os%AC~L)rsKUo^y%pF-e3M6
z!p-TQfiBnh4C~M^+vUyGzVg})Pi}Zh!+pb>H@tPjgN8>M9&LDMxW9?Mq;zEEsg&{h
z?&W5cukS7`;~wY3`xV_hd)P;E-7a(M_b(pvmwhDH^Wlh(ZoL=1e!RJSH_-EN>sn8)
z-*GcPb^AlE=fjcz%+jvhEiXCmrvDX1pO);Sy_3x$j&Zk?_a_fa-FDAPrYN5+A&%|F
z@ea0boX2L}xAWMx?1K*`Q^e=U)g3D~FFe-$l$>?%O5HL1QtHoA{!8iu%I_yr4E->9
zgmPuFG2^(FF*jz;+3qO1`<rdeqI4fqxBqr-^xacOE`Rq8kA3Ex)^Gd+(|-n?cx>v^
z(a&${E=it&9-rCEx*n72_FkW!nRx!bse5Pg82aavZTHJ^Zr8u0J_|km?i=yF{XF&A
zuzw$}=KOq9carN8{yBKIPqyxk$#dbIlWljpob8UKJ`X)UYmx27XD#6Q=w~%`W6jUH
zaej+u0iKVf2OPRJc_IAqrf#g^SvSsUsk;bId_N-F^*ao1%VPBS>;!DiPpfC$IHyHF
z4}EplB6L6Fu&JDJwn$!rXX|9+>?CKL15>{ceQxqn_%+Gk(0R$1!mmp<j-QjLao(Q#
zGIT%VSaXQaNRZD}=pS$Dex|AWh18ehc_{T4D1Vqb^3clUYvG?Ho5L^V+?Gj97u#Kd
z?j?Bndf3Zn)pJPdlhKcA^kY)L5q&|U$8|;GFGSmv=Zxc866+Z8Z%(e~*rVw=m~tN(
z&#lSzxOPP9w^7RVb^S@|#P@ac1u}JSPp)<2H8q}R(J$8nyFOi+{Ao)2(Ykje*ERg3
zsozN{*O>bB-$f~R?^=uh^ZcCn_rrH{*K<#DjrkRIJg#S7OE$NMW&HOhSN~5^zn@aB
zIsCUeaa_lqm#O<8rCeV}4CnstF@4Qs*St+-{14%kYg^l=ZZ2}w_f7o~bh+j*N1Ys8
z|Bg;}Uc~En;y;F8uIDg|)AKe;KNn{XkK>VR%y*{eRLUFD^8_Bb=JV0iSE9?EZ$NXq
zU7dXXiSi%Q^CY@l<3F7G)97-I`ETmfeSz}(>3If^T+iF%8bW%WO^;(I*Z6DYTJ#*c
zT;os4wa9boP1EC8$=$n4{x5Aj@x2)O=LI}+jekhi9imOS#-EdQFQkmWlS|!6c;xQ7
z691IOvslLCIj~&gd+x118C|aNm#eew|3LY!hU5Gk{}lXje(sz9+&<KJJ}Kkz+*qz{
z#d$co=f>@M_*b*8=h0u!x*oUXZbgazXyaL#9_O}P<Nq#o&y(f4Ekmo9ZJA2BwoDG5
zC(CuNZrFHUnx3h6<QhLd-%g*biFR;$rs0umTgRpDxr1EwQ&RVQSgx;M7O4~St(0*+
zgxqH0k!!ol^`MWT%QfbT)Lj$g`Z~qe_Az#ppG?neJaUbBZ|ZZ<<r?#=>g4ll%5SA-
zE*`n|)#Hulsr1alBiH!9PtP|f*J6z@|M__2+SUf@wB_3td}L&tx0CTNz%N(7m*e#x
zL>Zs|Pv*2Z{0s5R^|i^NsV_p8>vu8crM?(luJN76!^HH4JkD!3Jh|a14fhRi-tg89
z4;mh6c(mcE4Nq%$dc!jsp4sqN!yVio;8x`Iu3O9NhFLtW`ufSb<a(Tq>*Tj`UVs+I
zapKqqa(7MHALAN0o`cc$<8Dm*M(*-;(_yLGPjc=54b=}Uxos!^O}+=4y3g33f0YlO
z9nj39A1ieu4(ucQS>5M%N;aQ(z4Nj1n!|q6qd%_WCC7P1);%jd=6qqYG2fMJUN^`Y
z^X7(;#`WlbVmcS(x-DCz=O)VNTRi3-eVgA6cRP)5zK(%850dL#ouiJ&+!x4rMw07y
z(9THDt(1#pJfq3=x5DB)ia2iTo73YQl&j~h>Ugf8^llvIrri0(3vSD~>-hxbbuymm
z$u(yl4)wQ{_q$e0wr{=lRJ6}Sht)SzcW37o+X(yU9Pa%m`AjAI?|Cx1{>UG8+|8|e
zu1SyaX+HGxsQY)RJEr%f{$}*Aq^|#`$&TadJZD>uS6ml`)m@j>2XI{5Bsb%@wyKYy
zA1|YyPU$+RK8k)$>gHn|b+_e;)ZNB+G#vXT9>++o^U5}i?|g~*55Jvyj+46Q+OaRd
z*Py$f+Lq7D^|y{^r|#Iv-FE!PZ7z5H&PloZ@|ygg-_awc<M3+kdS)iqaerOvW0dk=
zeZP{rZ%4a?yLD$J*Shad-CX3F=SS6Tmu<N{`OB1_k%==WxyJcJ>gF!j--j8>zI9CE
zoSC}wcwVk`C+k6<k1lt9(2?6K)X8BE<ss>Dp31duoF`LvA-Y`k`27L&Md)(X&omA(
zz2@z<$#0;1U9#JHiA>$a$#s9<m&g65%4Zp3EDoN8LafxUqu%*4y3bsdyf$U@Cv`n0
zQiR9-=q?$->lxopUH>nVr%*=U5>tIAbA#QdV!z0`o};L{zZ@f{?s<c{`&4W@x;e!4
z6Lj;8>nG^ue`VH{mpA-Ue8${?(kUzZy2Hovu9Tz6SEKt_{S}nc8h({by8}wO&i~_5
zAEA`%{6AHlIQHuqGIec7u4B3+b@y4h&i{+lse3K?#F|N6bCK&jzbQTT$!*DBp!~Fq
z-~CjsZT&cP_fxsf^QYBm%l`gldfZRtTKBos$0+4G&qt_ZUB_@2nRaLKyj<(<m-=jU
zx$|NGx5H9*f0V2L#MI}a%T<rplC*U;n%iu<7f{A`uVDKiUQ3e0yyQCn*Wq#R1q^Nj
z?)~lMyXMYgb)S*zn(1dw^o&q$DdSl?xw~mCDCfzn5;Lw>{B61Ra5B&J=st6%ociL1
zrzD?E8OMD*FNe2Rr><?ub&PgaPtWe@F<-g%kM*r<Y`KonE7hrc9_3Loo<6yA=i+96
z)jZdeUs<-x?eCdHyHG~X=sqLYzH&JAj8bkR<1v4^ySen$ChDGObBp~2_R(qF`@bvw
zbe4>6-Rn}nmGb(AKishEg?{@%uKC3EZDPI`ZJHkVM#{aDPp5Q#Ti5N7yBkZMv(z)6
zBhq7E$#q-iHl7pGWBYO)ix_v}+=8|^J$AKRJ#S2XKq=S#`s&n2DCPQjwnNkpD}5N_
zcn9n8YI(kj?laLAY#**jzkIul|9g}VHu~=x_Sj^6{Yx5lJ+1nu8h$9*{(r2|cO|Eq
zXIv|$-K)^N-l1-v$F<_rFHYTd_33e2-YesA8$a0ahZ~Of_|g;e5VoJU;BMXP@%mWa
zjxvq~u-7E^P^T@&SFY=M94pZsQ@O6^2f@bi^}(Ss9%IXOOk+PnAE3!~J&!eky0_5o
zMd-%)d&-Z=_(ziKSU;NjD5YHWF8g_^8eH{w&w`kqOU8KxF{j~)^NN336UuW)^y$fU
zeehUlK6g@nxM3fwJ0|xgKR|h3ve)&$+VH>1#GgTYx%SDr_|#{j%QffCQXfN?YyZc!
zFZ{F6<=X$F`pL(6w7ZOFHXgaQH9tM({Eqa@!6VmWL41~mIJco~$aDQ{XIps<Ec+<t
z00XofzLa~P>|D{~T$SsZ6YDb`w=w1wp2^8Iw*#$%=Wxn{8jk%Mzx#z;KUe=MJ?OS0
z*Wc8gpStr?uJ0knnnV0$Xy<abuJco_eZGdeKZ?LDwgL8$T(@OCxIdzJ%t`i<Ts^U`
zeYPA+!~d$r4^Qa7lWUN~a6EcEwkg-|0Yx0Y9LX)(g(r;j4^6vAHhy?QKOdGEZx_$1
z?XE+6y>Do6dx`w{@;Yg|h8;^iy5!mqah`yGfEIlMdtMnak1jE{;&FdhIp5G%Ib!0O
zFeZMFpAi!tfun!smY9*}|0&l2qOZ_>=0#(KXMny7_a2YiF4w=C6EVF|&&|C1e`L*|
zoYn9V4M$t}Cv1zlv+>6H5_}}={4?e#<z6y%%|Wg?Y^Hu}$sw*C-CfR8A`ZIG$hFT0
z`ti8V#J+~dm~wX!|8X-9W7@}Z{j7eRha6Yh8t8$2w5xniS)0dFH)iaEsc)XTG3A<%
z<7C}wl-tY1w4da<@B5s(`?B15AmX+UcXi{*-7Cv^$N}oa^f>RDpvS(HYs|T+4=CmO
zJLd~w{Uele_vsSzg49PT<@%d8(f?lT<QDz^g%U6NAKhnO)c<&9phy4Xv9H?xk2!;G
zU&(*f|HqfM+~ywkkzD(8_tcFk|5e=+n!50Wb<roRdty@;UbSwF5xR9_jPiSY_Fg}~
z)Rnu>mi~;nbW#%&UNvTH3;KlloZQrfSFIcQps$)w?6aqox{g7AfBC$|6dB!T<l3LH
zU*qxE6#F0^W5z!Cxw0*B9Q4gwZu<IvD%WqFuRXfY$Temh@9>PF#T>?C%$UP%%u}0~
z4>U2+Cya?_JSLu1V@98!R$|8dfqm4@pXfLARr@W*@ztenjN?C+ZSSbxFD!cO3tuhA
z{n6BY=CEXAo|Ej{zEVzqtog9}%KGVX9OSys#=4E?AhaFyB**$g4)(EJ{n5ARZeR56
z%#!o0tb00T>}z;jA7Wp-znt%#pa*?GDcA4xEmEi5t0~Ww@r)$bb}vfZK9FnO*v8ZC
zkzCvVxvX>cMUU<?a-Am|spA<?ZYtxk59MyVvMp<<pHX7^oa`gH#)<w!SBw5UsML-5
z`L%MsA92oX;=mKeK_8Fv#U{=}O`Jtd9C$oV_HFEgXBAKEcd(Dz{Vulm>&>zI?8XmI
z=>OMpo)GcRY5een{)fwai*Z?8{L$_=%J)lRT+n^yMdO0U*GbWDuPJrymmc<!T;~Hg
z)PJk&XTgt@HBw&>Pp6Fi=-d+LNOjmp$0Zx@q-1k>bFzIF<BQ+%jPbp%%;DHyzFp?&
z4*HX0e@TvG5Ov*0;u!SRGNuRXM|Z!F>+gHaR;TV6l#66MgXH=<8yBQLLMhkJs9dN{
z-DQ-Q$kZK8{;R(FPI+yyt{&KRE5`J-_DJc+9`@0;-22B$KkX)?+gFDr+gJ9Hx~2EJ
zU&L5b*F57q6OVl;*L-4J&MWQuTo3zbJNe(rxmol-y6v|8AL}8yImk6;j0<%gli05F
zOZ=U9+<&)>L*$I^GcU>+&s6j{cfw=4a<?)6af_H2l$bm6xc~R!kC^Ba#>C@sX#@SQ
zD|KW2fqf*`ehbf%#sjbF!9LV~znsfEhx#9sH8{o#-UV$${q-e|T+hK`e|$sHV~n0?
z_D6J|u}^D0ktZJa$Ef?prtS}$y66+u#WP;_!lv$zn!4x{*2QDp=<_#~y3x<Dk6tu(
z|54VQST`;z{+K_oj~vS$w)9@NG3Mc$i$CTe?4zg)>wVGOLtl07MY~IzcH!}M;Z@rW
z|HX|T9{0l&`Y&nx@VFmd)gR;amf|<p9`;c?zOlVOE&Kh3dM+*g&|x3RwXZyf=$|TU
zL-^m?_~8lt|5f}kj+Yhx?#6k#T>FeMMfaI@Om|4no|IAd@=`ba@T&gk&t=79U-Yn#
z<eGo%UvDd(nA@<A+I=w2-+obEbBF(m#t%>Ef2Q~e#ot{mZ3h3c@HF)+OPu}XUzPX$
z{<h&*Pw?oH>-Cf9EBptc?X4e=+a%X@FV<vq$5yW26`c?3x6kBmz<=BpayN$yD9@Jh
zIL>nS<XZe+p3`$9yn?$P`$q15T0B0d=Qhe)WIV1(a=l*Ub9(Nej5&E#>4#XmU>})x
z54&A*9j};&=<&Sz)1}>*hrcfCd|W%l<2K5*Phvj2y|m?X{cp<oT^##hV|(kbE}ob(
z?<hQ~4*MwjJazlFe=e^NrN?@%AvNbXHsLqtI5s^~a*jNy`%3hf+wc+auH0?Q9Oat-
zKB=3hTtAC)VCs&A-2J~2f2#WOlK;N)|CG-l9NX}T4V$x`<0<2~37-sapStmOPTr4l
z51IJ3AlE!+s#Dkb>GtTcPvm-iFLHZlliP2b+>#@=<j4&k&kY{W4Ia-89?y;V6Xu3z
zJU2Y6=0=)B{WT@G;CB^{xq5BkZS?%Uc};=tGn2X3ad(`0bmPn2e>ZcLx*nfn&3t!>
zxr@F(WWUPjJ`;8GJadq`G3D-mO3YX*sJk0ltc}-|m?J#y|Jb}QhVC=Yt(xbSdeDt2
zcfTt!2kO)vrHpNVPl*}Z{z9|u=sxqJZATy9_TM+#PTlcsUr}Plw*RTwc66V4(YB+H
zZ~GscZKv+|w!gQ;9I^hNn{7w;nHOz4`uMj0so8ewj&J+>N=&!0hkf*-?L{BoUVqe%
zTa54fOWl|cu#aA}UFhT6^@mb7#_{@6H`XiIM=#1BeLVjcO5GT*50ttwUaJkqejNFu
z`^<~-M<36BHL1*pp1R}X^}!M|#%uNAvIgMm(S7Dc+l4;9U6V@8n5)zsAFmrq%n|EP
z8vft+aM69{Mca#Rq?oH~mY9RAJ4(5Md}E2}alBt+IIfeuEO|dl?|O8-BK7%{##A4V
zpMO_9az?k$<ofpkr|KvE49dNdH>Hf%bok9ZUejfqqx7KLPjZbjPn|fYQl6YVMj6}k
zp^~TTdk=ftO6CJTuC=kY!-v4Jy?D%DuKV}^wyych^*x%%AKg6Vnon#CG3}=VxZ9TV
zD2|~wl^oVrhkaywvZeRhZp?pl+m$<iY?xcb`EU~l9*+Z07zcgAI5#(O;PE){gmKVU
zjT6V0k2G;$AGwWnTf%co<AGQ8#JHf_u3XQ%eB6Ju)Qvc>kK`KPIiV-K>JO~R|9Sn2
z4{eRWu`lB>f4N&vcZt*ATH+6Q+^;tr^EB20*t#)ZcyzVf6>}clNOI>uaf>nfn-VkX
z!amxXd!HP+!j|6aw)pb6Uw=5f?hpFSS?)&48Wr(B*2IU$<0nUac*6J_H1Y9F82{r<
ze0V&5a>R!xj6bD`k7vU8w>9zM@%YIRAD%G&hE04t6UP5U6CWOrpB(Yw3FGqtPsb|y
zAJ2sGKiR~G$KxkQe0ak68#nRsOc?)DO?-GfesaWzCyd`W@$pO;|Mn(6JRUze;=>ch
z-=v9;XTtb@+r)>*<0nUac*6LbHu3SS8b8*7PnY<yU&B6{#=YNcI6i0k@`h(Md}PBO
zx2pg2h8M}iG`HA)VRLBr{aCMPOK%+0@pvqdyD8Sp*E{I0Pw^VlABN|40C(eiT#~zu
zihfw?&ON#FN9MU5%U%B<x!bJhr=&hYDR-L}{hZWCDdqb50vsA9XK#}lwpP{M&dP32
zWw)WSc~>^q%7cc@sp_#_{hcjlf5JYp-5$2|Ue~}_d+#WI^XXw9$<-6b>n(@l8fW<b
zzVX8o`nMX6*Jp7)@R{O|*J!YhcDF6Qe8it|FYl3|n^%lW>Pz*Yo6GWK`{@Z8&-baz
zX<xA4(OfH;!%+E6d+OSkqw27^+>vZw#^-R*2XK6k3?6~ETCK!1w*zJLQS>7kJw6+Q
zJ{3K_^98$4d_Dcs;U|)3z+=QR&P+JI-wKbx|B(7DIDU&8eKs7wt)2bgcGkX%@1mx@
zveBPx_~#A(s^RAv{zJpDf6?w7+Li0LZwuS*o|JKJiDzzdo##HM$9+B4f#i6-kAEI|
zyx!0EdX7u~>6GWnc;+Y9^N=O!am?SC%xP!&o+<tXXqR)Z=Yele&$@WtCF5C0Dc3yj
zP$##0DZR@pDZeA*UzFT!vo@69g~#(__*w4yombDx_!m>k-Ajvqi07(@Lw>OHF227&
z-M@ifs!rYWs3+I_cTi8yuIaH4<eL9c={b$kyM8~f9iQJO=7sp>n*UqU;~aT+vN?QE
z#=jK5T=TyrJ<g-slJBLA&nVK?k<8`Kt5f$<>dH0$`1?5NiO;j)S%ych`Ty9ucz#3a
zUEYS6{?>{yufi|a{MT1ckADYEkMlvUG2^?O*=~F`63?}G<hormGmiNmEaO>$N3L<^
zrpNu*zjtQ4_ffuD#(zD2xo&TK2R}WpP0x*Z<Qnr@bv%AX(Yx$-F+VR8^Je^V-Cm#5
z^ECbcK(gycd}kAVZ}dmise3DR<(kj;(y!+~(sLUgx#kn!%_ok(FXi2~rcuUs@QHal
ze!1r3b9(&!{u#-xTl**b9s0v$>bh^qHJ>9JPkc`k&z*SM?`d9?9>1?2-`S_FTj3kj
z@!y4CuKD<!`TU0R_GH(~ze|3e@*idD-a}ov<`dt+r0$>4{wY1K0dno1IIewm5^A1{
z@}o?yg_F7W=sqLYwK0x~c(y=`Yan-)x?AhtrW`A$$ml*J*Sc}8i)Vng3HSaVO5N$n
zK8p2|MPg(2l{k;W<4QAMPwI=(Z(grUww-HbJinv7wc(G;#OW#TZ}i6+eyZW0$@n*?
zd@gnK;j&=pZY!5U#`9TQ#y>!}jy#fFw>^&g<mR@<u>+n3$MpgHqset#j^MG|vVd}~
zjAv?c^_-R-`{VRvbAN-3e_C?&za>5IrMx;l<|B8HtjYiRo6pppk=%W|=%3`VF=tZB
zHRfm4$@8m}UzG8TC3oK`b-$Uq+begE7X3%5&!&{?_2*|&pF=6vwj5X6vcF$Qk9{Lo
zPnTmcPYtd*4~K@S>uplQ&aJ9XZrJ%$^}b=px9VFrJZN~NVaK)lr#9@^RNXPCY`<5w
zuPeuX`Z+T%*Jpd!M|*JZw;hgiC*xF(bCT3O|F8NX4ZFR@u@B@rS7RTi?m=j=&*Jg<
zxIXX_fZI0QjcJbFhGB2fx5?4B$=0u)=-bqzZ<C{MlcR5w2Tk4R+tk-W?>}GqMDAW<
zi<I2^yNWJXJ=UE6Q*_(vVIRqL+Z``;BgubN_aB?O@Pu{ISFP(d_IH=M>n8h1uGf*G
z&vzP*_nJ0Kk8$Lh+e=foFXe749hBVrdrJJ6C!B!oh_-&}J|ovSF{b#f9b>w6iDRGl
zS$81gu`Rj2KM3+W$;0uUL$v#a(r(+&v2K5{=#T5?gzg#26PO~hzscb_T;-dRzess&
z!*LFVU;VR<epkaI8UG__`zIen8FQYxp40i*wtS5>D_Pyg>gF5kE$r(g*OZ?8-2%Dx
z+sW#97E*dGSpFRTGm|f-yg;U|Jt}t&Ah%1o>;DAh+Zw)3#&18%bq)M<dVWLsk1`(j
z8@bz_|G3@D-I(^z1IbTNen-adypwCpKcwz_m%FKD+~c(*aa>n@y<tqp$YY*yoELI!
zcZ>Ac?rzC%queXm-=KI|@=27lW#SBoBiDT5`$6cAp<H#_HivsC-zVc4#Ut1L^l|@x
z9ij4B&wlD~{65UF>d9|w_}vYEq2c=)ez4)MH~g)Jw@bGD9g-b~U1jnyBe~8QugRFt
zEXr7uVaF=w9()!2s`U8&>HOq}C{Ia#jB=q&{I!!i8{+l`?&{7TxsK6N_3VeMlUGo_
zKlvM!x5(6WUdi1W{KxH++^y@}iQ_vS=aO8<$T`&CTawsKW+LoMxmUv*CQqY`H3yIH
z^LTz~U2Ds=uXak^ZIrv+r97wlQq$J%O<T#)7Chb-Jl+;{Cu|FS!nVHLw6#amR&ulj
zkGBPnw?*9v+d`kPt^1m`rZsIPM_cfCTkv>W)Sa*`^i|ukANxIr<5=e~%O1+tO5TWa
zgGS#{W{37TGH5vJqL0_TzvOS6F3%0tOaBOE#KiA>*`(3q7`OLu#CCn@VaGi7ujDn=
z|Ea{6YkcRr{sHCs$&qie`(@-Xo!5PE<P1-NV|yQHa(-EvV>~s~vuJtz^w#e)9I+$L
zzD*o>JkD4Cf8wwJ4v4XuabR=s_}D*K`~!Kv;aDf^-^y|9Mjt_o?ZR&jx$YxzE`euf
zwAcsnxCL@OMo0gAwX`)Iz2AR0emmjthUYbWVe%!EF<#WQwp`ndwurMWTI|1gY&Z7b
znWYcS$+l)t?k?jo7r8s2czjOJ9LoKZPo#|FHTqKc5OwO>&vJKQse4rF_JQ1u75${t
z%~9?SD*B?-onLbO+m|sG|6KYf`g~?{zJ%^G>+8?Yb;R0*ZdAE@MTsBtHtP=1dpvHh
zT*o5j&(}&@F&6x&!z`ZPk9(gSuX&RrAJ~41JmFWs_C-$|Bgr*4w^`kc<a$22jXHG?
zri?LtsN@hiA5dPWM{e){k8`xgqbufXZhPeLFQu-&{=o9OVAo{F$MNm)=!#<;9`zX0
z<k&8FCc1sA-<;cij%~p+g6>jcTgKi~#&6%s^)+4O_Vp&Wv69;^`eAd}O~#|kKCOD>
zmY&EB9?uQ`gt_4v&kZ*Aw2W_Va?LIJ{NUku&(=CUUyRltx&3R&*?mC$Sjt!r;Zb;t
z)b+=B;kSldKO5k<_UPs*cSlJ1oi*ajg=4!OE^WEb^stZOb;PXUp=;oM)Zxo1qfe3#
zQpa!9Q_`b<p^WbKzE;jSOH!Xg`IbgEu72CMj_f$gbq>eeBhCm~^aCEZRj&QHGi+N6
zDW@ho*W&yN-F#y`fz4%>9^wp=Yn<a!w=KDz&zzaM{V!Ml8&kJUx$0M>K8;eYdi41>
z>}A^b4*Mwj{FTFTttHk0*nV=~?vux4{Py|Dsb5WbYU=jc;zmC&b^H9yjUN3^obf(~
zC+u_D-Hv+E=Xh4_bC1X7X8SR3VfUffAK@`L)-l*z4&iS8gXG#L&Tn=5T&{h-Fm?M}
zuKw4hZlB9lzbtk8T(0_h>fbDV9(lq(nyr55aQybn(dn^oqu)}G@x?zGeMRHHp<(;i
z_?F)5y!AZ8_}5cTlkwQ+a=iu{`xl-g(GE_JV<C6LW|P00L0$WQ9`{-|<^XkHk9Ib9
z;}4R%-*_g&-vi~YZr{qaZuAv(Z$@*!)nh-)U4H&8`t4h#-`uVq_EEcyTc&QNa(86O
zc|-L_N?qITd0}VY$J!3tmVKc|mt6a8o79aY|5eOyH!%-yV#4Dw@k|&Kebt!G@BTX_
z=3dD@a=lR3e~f%Yxz>6@!yicgIpv2NzO~_%4ga*^=r>{x(BfDIe*%tepk3#iT*u4f
zoH;oD`^tD62f2D;t-#~FI5a)>t6V*E)bZR%xlksK^G)t%yS3#vg4CUFOSpH(6g}n=
zb#Fntg1eqUa(8U;ELX>4pWL2&59McN{3FTTA;tfH)AJL`2huZ|T*v*p>3Nzm)}lwt
zc)e2nRl~7PzpCNrTRggAPUgAF9_g7)8DmY|x$uGN_{~V}$lqJE^;px^oTjbhXbaDT
zZQ&Vj3m$I^|Eg`pzVL6Qt^H`bKXQ2JbjsMS<OPi$x#72lT=$*r)8ky&G5ILUI6e~R
z)o^S(b<IKUo-1p`A#jiG+>^WfEUR-)-T5YWt6P(6KHU57mYhfBqssYM?ECOkv`y2a
zORjmwen(v+$=&fy%ztlU9^J%*$7AA|Fedt{F$cu&=a%<YT!Sjdd`R6o>LZk~U9jg@
zk^kc*pU8iH$<uv9zx`*O9*-`$ZcFsT_e$Lvdide7m}@e+&p7V2PhyPl%tVVZ!eeVO
zMzrNEVt&7gd2ACCeZrV{#$)1HHD+w@4@%5fLyqG;blN(Wd!M|x;R_m$<70YaeMpXe
zBc@SbH12rD(Bt?Bp8$_?x2^LiV_c|fo^towGC#epq389Kvt&HZRk_R0P9LF;=OW6J
zWjxMXxm&}Cx$fb)6psFUqHKHYgRqa<aT)j+-P&?@N{JKa;Xf>ONA$oxiv0PJ96xt6
zJ#}ludWFZFk5Ap);yfAu+hFtVlfRk#Bg#h`e!StQl7B(@yJXvaq2aiGoB3?5P7ZFL
zT<2cwk9eGGabAaK^W=IS73&hZ_2ha?8H3H)c@gUso<VZ;9Fv}lDPvsl*k>^=Utbf-
zaUsqh;H$Ws=V)?$-FmG$o+19dKRr_^<$9d@P<nnwd7Dg}Y033C_389{oAPt%ajfJn
z_wjqwY3sX`UzUk8Be^@R%z+2f^91EX$&S}b8UM`WdVRxjGUgiO|Eu(jQOfn2z#8g5
zn#BM4`83!^wphn&eOQm0T)#IIb^oK(jbj8{>-Mnz7sWw$PDY&5eU{kXPb}vrTgrHx
zt8$$W(bmc)Pq?;KJ+XiNXOj=?qd4b*Z7t57P92Wx%D3{kPwtX$p*${m8KrZkr>;56
z^}9Leq;8&am)~1?ojNgZqg*Oe*X@(L)yno>rk?G-BR!i_%H3mSe#U&GuJb?U+u~9;
z^89hx#@H^{N2A>P(}v@3hQykHZjHm$Ve_ApY|cj~n_Fxnb=PK|EKJ>eVq3DUOVrbI
zdGb}1kv|^ue78Dm-A^UkZp?r50sQx=+iskXWzOGFPmXzue+2FM^i!1Iq|F>+PU3O9
zV=m=+SIi|mYqBj{S{I&5Igs&Ju5-pUNY7g-_fL=euiTwm`h1o;o>M80m5DPwx&8+D
zYtnNC<r~s7Be{P6Zbf>2NO@Cw+-K!(^|kmve?N`3?uS3m-L}S(Yg=DY$K!hPSh6wy
zy<s2g`7Py-W#YIUa(7PIuBX-0^UL(irj%>{{4sUsj$F58J@r=)$941#<eyC9|Gahw
z`)DKXbq#S&^b5<i&DfWpEPgZTVIRr0-SGUh@xT*$o@zYss-9RA{;POmUszPmtB<nX
z<d`#fbjda6ZPGJBxo5Kd;MiOD7|H`=>YBS;uO~#iPnUM*>N#sTu3eqbaI}kOyxshK
z=1bEv-Y#|Lp+&p!N$|mXsB61&ZP)#<|5<5wr(_?++&-tA3&k3OC;HpE`90H(_2YRt
z<rc|qQ{;nxa&jG`IKM@AJ(26&*c&znw@<Fei+IoF=Owq853rBq+UEnfM>jXQ6S%og
zs+)sc_l1c0ixSg)sfT@ZShCemkzZ4;y}T)PJ<F2yTra05_RZwTlbE&}dFB|!+`w}h
z`gU1Y-c`nLpUAauqfhWVcJ{Ar-AEbd==kj`x%TZ5deCiCu6=u4>W;Hq`*u<414_BJ
zd!9ONy^k{1CHN!oQgz~wB-eJYOnsD6uI*l%`cz7}w!4n{Gn4o~KMQnj^IlT&<n-v0
z>sY%!^mxo6)@pcXIAZ?45;N+;tJbx@dUVH5?hL|hWA6PgOWhcw^M>PEX&e*LedcUE
zslT@23mT677ms7RsXBFSORjwt`xm-7%Juh7_k#612jsfF`>7N2HIy+|;W_Y_I)1l9
zuIHb#)$y2@KKb>OC(8Jp8*<(EqfdTSwmm$skFL^xe!0eebMnV1Z%_U_<!2h+Os1~e
zE7$xT8{^zc8U2aJZI^4#`@(wepd6F&*bj2I?^^ty=N{<hdo=g%q@u^`6zVQVJDIz6
z-A1{_KSMpYWpR4k7vwI_kz$@xcYr2$m$)T4=d<pmJU0FarQE%_c&<%-lv3{YFS)%>
zox1kh2W9F`O|IwCKBwm&D6Q2$TgF1}E-vw7ZvVRIJLq{`bFCmb`Zjs89{kpj>sV}*
zb<H!z3;%AgePPVKD5I_4l(u63S~47K`L=pekNEI}@$tU|?@0RH0=cdUv5)+Bi9cJ<
z>ziY1a?D9Qy5yRF%q2W?(Dux_$52jBK8P}oS=6;%xz6)w_qoz;tdnmj*P7;9H~GYd
zBM1Bw=79f5yi?OZk8<zi1(XNK)HMgW<`CyU|5I`p)$_*kc?rj$vSU!$eW1s04Y~G1
ztS!{_Sh1BJcp9bsF29U2#__kMt?*yid@dT@XI?Zn@OTW5y1y%RW1hUJeAg_-9eu*O
zc$_a$_xYyoMNM7w3G3pq?(W?CH<$OnVjO>8;vCxOvG%4X<}K`67xNQ#Uc^{X*V=Mj
z2jUot=Ww(bBRu0{l*i~1p6i#E^Z$L4$0#Eobh+cM$9OTXV8=7YBJ0L+<PRl(x$f_=
zjd*N-1MdAFi^nyqzqq`fJuKOI9{VgFU2>fRj<<gM;NWEEb;Nw3iFrvA6CRI=XTq3x
z#$&?9jBWf=i5c7Vmh#>0*hkQPMy|QVx`F3dw3z3x^Lna2{PwwA`{WhscpSsA<k^(o
z)s17`)}5SO>)I#%rR9CS*uUTt&|)n9TymD{S{>^r9{X<>>*CQR*O>dM<8i-<++f>}
ze#US9a*Y|eWxI3HjcJ~8jTz(emy%Dk`_?j7W31uvZA^~s!fy?^_HE>k$8m{y4$pw&
zoDg;`i9BK3kNq(|L6qktmo@7Ey7A4m#*cRKxDLd=KfDH%*E264j_-bbl*c`~bsv_|
zzeD+C@-vkGll&LTKQtV3gSz&iT-zO_XMDTxm{;t-ukdJ?=fIhR`;R$Hp_J=yGai?^
z^HJ^&EOk#(&$^4!<31<X_4&N?JWu)h<UdiqS*9)b3%RZ*m#Y)==akE3JcHzV-f~0g
zBb0JIZ~2HibswSpm`vT#<Qo6e>9KF`OwZKhdfxKI)TdF(^}OYNb>dt1L7Di|lk2>F
zEOqCPT+ds+uTEXZ@kcUsXC~MA{HxT*DCOG!o2ai==1j~_coJI7!)3$qUSI5|uyZx$
zTe9O}UFU{e&zT46cy^}TUdH3xkZV3}zaEbjv2Np;l3e4s4b?Ly<8hwIHBRKVddc7U
z*}tu<b;jz^-4?mdTh|CZ^C-8I@tD8dy<5sP5YJw)<EO{`<=SrKhR5|a_GQ?8VHS7&
zwkg+`K3Cg4Dm`wCTw~h5{S~F%IA%>M+a=dIwsCr<QO5S-aU13Oz0NphUD+I$*C=t~
zxSV<%my_L3diVm$I4;BE$7Sjo-?>q9h~qMz@#8WcdoK3t_PBgib6keU@WgRBIkpiV
zKQ6<gc;Z+9+u!zYzh=o_u6-5Th{rbLc=z^ljEMOF+ut!i*D7^me&+Z_Ogy#~a{!Oq
z7<1q&YeM;c86L;T^Rpfvqufu%@Ak@de8<$YUB_LIb4IQ?$Jni1@>!$@w%u5lU}L^d
z{p#T%FK6AAd@Fp9jK`Q?Y4ra{eunbb$(-&E{YB208}YctJW)n>esT&Jy74*13Ek~w
zXvg(WrEYFtOx@gm(s-UukA3{#jUIn1A#>PewGz|1@%KI1M%z7J9glNxVS3cxlDh3)
z*VMhc@x*sIsXM^)wMPF*Q}?$`-S|70+3v{drQH$g?jfh{cRS5z6#alkkH2@B+j2qb
zZp)30=jN>Iy!}+8$9E^G>pmOboy@lUTavcx-=F+R)^&S-o4WB|%Dv_`A`@pio;@0U
z@6>0YAJFIrrS4iar_qm2eGL8NMn5(6S?G%!{k5sjM!%@hFHU_9`c;koj@0L(zpv3h
zkor9I&n7z$zn&hqm$%zvdu84t9p@i69BVlJFrT_|UE5<Fqd$2|x?InMci{P*xZ7_F
zlIuFQhdQ2>_)kk-M0t9$`Mx39{qIdOaTX?b?{T#FTc_NO^FhihWIV=^>#^*b)E86A
z-TO*i>%{m{{$H88=Ox#=|B{|>Q9hjP{`#GU|1J3$%I_sVN%@>i%q7V+=NHnm331~6
zTs#+|$+g{eVe2kMmut@Zr+z8ATt6dvs5<@N`oqUHqV6(0a<`&v@4Uuya(b@9BiDA%
zNPRiFT-R7G9Y)M+(dC+t?b)u|%FB=NtVpgg-<clQs`oVfzT}%Jy}P~FQ&+Bibz6GA
zMEU9T+=xf6@jsXP&FFH??H8%viY{0G@72lK_3tkYua@i8WJ>Sma~pN#nopme-6*$A
z&+T~R8h^Xg??9JpKJj}R#Jm$-uKu(2laFiaYm%2xdN+r=@XIxarRnkS9bJ|l_Yt|q
zygK!J(dC-MeW~A%E?56I)ycuN`P<2lQ+hXt2l2}_hn4C1J>^sBc?geOWBxLA_Zzw9
z;CJwi`3SmP{rjZ;7`j|_zjtqLuJK1CA4BQgIFI9(Yi=i{=k=7QrRNDea*cU*>MPOZ
zn%hTHcmI{E|1+sSjV@Q+@8?IqP0H`xlc&d&e@^`oN*|l2>w{eLT$vvKzVTD(c@~dc
z<Nq>s_b<8TxfAUf^Lcc+`u9ow1$4RUvr->ozROiVHuXv9a@7~69`9K<`UR;^#xGa@
zrKwLrm#cnF>OHz#^&3;)99^!u=O6YbA0Zz4WO}y7BiD88j`aBU<>%5fz$4c<Urc=j
zU9Ric1F4Uq%e6nhmHJe4x$1P|&@lOULmua~8=l<ol!p6;H*a|Bh6fFgG(6hy)P|=u
zJiXx=4bN<Ntl?P=&u(~5!*d&+*YNy?7c{)E;YAHEZuq>0mo$7~!%G{!wBcn9U)AvP
zhOcdSMZ?!Od}G5mH+*Zuw>5lw!*?`%XTx_jd{4voHhh1>4>tTz!w)z7NW+gc{CLAp
zG`zCmCmVjc;b$6tw&CX*e!k%s8g{)HpZ^WJE>zvMptAdaW%v2Y?&p==pDVlHR(4;l
z?EYEVeX{bjhNm|?qv4qik2O52;n@w(X?SkKo-fsQ=Qq5d;e`z^YIt$O=QX^f;R_pH
z+VG_fFKhU!hL<;dZNt98?bj)<bJtFuL@C#`(W`v@y2Ud^<^*k&@};Tkk2vT(yl(2o
zkZYWHEkK;fXz^O$t>yaR*7`H%b}}B@k!#(!#+6?}-b@c{yOF~+<vr`TCIfpd$Tswt
zgIr&CY^0878f9FQfo;cI|E}SZuROWrFg4ld<2A^;hvPlc>8TrkUpe)esoUm(jXtZ<
z4{P)}sk<%fC)<Z|%{lTUzA?7f16yy$WOMQQox1IN>(?ve6}*1o=)(;PN1PR99L=>y
zHwU@48-0bxcB1Z-QaAelz0G@1=o8k(WA0IR!%}y^<DL`wT`42~<j4WfgmLhU;E#4;
zw>A0%zx^+Fzbe;)qOFZeTM-jpHKzUBqgz+*J|bmIbn8XTTZ(Sve&Z5T?tW3)ifdwh
z(dF*r#UJB-!*F~SV3u{0k7)SlhUdwf{BIon2cyNlhHn0H_lXie_9Hy@Nn9UG-j>JK
zolP09qv0drsj1seTsJ1Bk>Wbxab+Kj>xAfTyWD-UwB@t?rX{!7uVM3v{rZ8@4>3<}
zEZ0{zPrtS0dM!Q1WwR0|^88RU2a;pF@EBkIt9gjW?TvAVoda<#aq|*0wh^{&?2k7M
z$8XfdzJ_i-$8zseKV3$*o%0&~&PI>d`04-8^gLymo){mv=4npG-;XlZ3gYXP>pB+e
z1G;@9cej^*o&{U?c*>Y3c(zWibx+iTKA@EAwUJk=Q}^|hi)1|Zm0auIl=>*8T<d;J
zox1l^ej?dE__RzM`&F*jML(bVG)lR~|61zPDdqaU&!ef&pp@%%?;ohs?vs=;H?}C_
z81wnVWnGFjD%o-B@l2wWYoEv5!{eNa^#R@yj+k4Pn4#a?tXJq0#=+zK3jbE6uIp3}
z>pw{TNcoM9*ng8xZS>bRd~w6?X!rvSf4t#;X!tIfcAXvfrQQvf&wQ$TTa(A;qi){n
z_KjToX9smWZiizp8~bh<zjIiw<M@C&o^^=%?d0E6J}%>TKFjs9RV&r;>-o8i$GI)n
zIq>JyozHUpyb3rpOkHpGZ)LZ+vfESHTq~PLW!tN48<htQk2GvQRL|6gozqpH-tdfu
z-Dm$lw$2Cc@3G$h+udUM3~PO2F?`L98@Cx2!*JuqjbUbHSlk$f#V~7Wu^0^tX-SCD
z(vl=mDoOft966<Os?%{we@;i|IOUY&lvBUg^L@SE_wO?I9*?j0^L~9_*ZaDz_jP^#
zeE;0H^z>ESU-3Z2(<`1)@vMsHR2-j)OepKyk=}}_&93kr<$E=ISA0;#^pzgYBgrRL
zd@Ahx)Dx!OaPFD7zNjz8wFMqAdwd=&KWhTNW*z0>A7dS9j&(HCCUyEsj&-yr*3lg6
zXzo=0?uug_?dh%b$rZ;s+7s(&j&(HmRsQ~pV;$|GwmIe*6~{W-6Kl6cwRU3a5o>p6
zwRYxMJ2UxPbF7^?*3KMj=ls;L6%V_1@(-<@cxdh9XC3D0@tU=hhkuN9q&e2kOq<kW
z?X1VznPctDv3BN8)wa9hSUY=qD?QfEdaRu}*3KMjXYQ-o_E#KhXAiZ_@yFU(kF_($
z^<vAicAP)kk5}K#vrZjaF?E9Tc!_I}{2VLH5fAl)v(Ax!tCByiFKf#6Xe<2IBfogq
z{PHs{UaR0IKm3~fohtt)s{Ga?zj)aE@(<;gXWjg7q2H}b{vF`E%l|`UUvt0W67%~M
zuYm23^NE;#<8_~ZH-vpcp7$!oyu^LtZLRZqZZ}wM84sM-9oCVy^fj;IGb`pZa@sO)
zIIl-nS!XZ9S;Ls)#A=TEK$Uy9n4@@Tj^d#?+8=Wi4?9Qshvq2mQ_h&9cxaAlJM0|Y
zSIp5Ib2P^s)ppo9N?&)5u@AQ?bBuksw%RAwW1onb3;ddWF8|Ozk!RR_(p~a%%(kB@
zzh^=1;Kho^S9}sIKYhi#?1}p*^TNs>d(8P`kI8ebo{#!VXFRXlWAdz!9(zoDwzx+R
z#zXxkn>nw%-8`TeujAxl%rmVoQal+}U(^Q9d#CqUr{-|(tEl<5Rn70I?nR{!TW5Kw
z^ZMl6uC(32j30i@y2!)aITz)<J?-01m;2!kEDvLb^FBPrwtdMT>n<L4JolFOOrp->
z?UZA4JzDb?6?b6eVLWiYcAyP@>b)Z@4}HSvY0!Jhc(#N;Q~v))8(C*;aL%1;5PtfC
zn=eAXA6DC~#c$T5-J#@+J$7GN)7WF?*kk6%DL;KhPM@!K;%9l-Ka<Ry8>YbW(=(i(
zvBr5re)iabc*N5c`zt;KR$J--XC02R&R&9ZO=qJk&mzUSu-Y<4IL~jfraPAT#(I6W
z`d*^+Vb@olw<$-o-KlDOf7Mp{ux;g`Z5%tj<@;=X`neVJ?_l_I<?jd$z|yJJk(EBf
zI(3NqAN%K6rw;Fctq)pf?q^i`eCy*C-&yIgzUr52&c&5}2`rs?eZcx^#T#Ic|HIZl
zqj<CRj^f8)jR$=-?EIgo^tIN>|FHFcR(!;|!icZK%JZL!{{$;fx8e^foi>^Or<MM1
z)_W9xS?T|7y;t$C*2j+&=#le!BdmV6RUB=d{kvhMkF`EkI^RD?Ke=)|TU2_-`egZ!
zGxv#g8V!HH_`l2pVm=oq568v%<{9FT!y4OK#fkbEW{%sM@0QN}06J@XrI~uKFtdi&
zm|3^ao2mUn=5H#-dl$+>EuXYb{a!RPr$3sh-=ECX>=iS0+FlRlGD{lV`2EA(t<RAT
zH~+n!NXNT%j$Js<8z)*Hln$r=T<i0s!|CV!fBKy-9d154TBJHyUtrEWdfO%Z)D6x&
zIt7HjNIIPUN3AcB4yXTn)|X0$)BiK;%cR5Uf6@AK>2Ui0Zk=_5(?6Cypn0v74yS)B
z>#Q%F{@tywk`AZ;K<n%QIQ_?3zfC%v{?n|lmJX+Xk@Ypw;q+f&eXVpj{j03sD;-Y1
zejG7U`;C92DrVJEA5-zzirb3ES3IHOPQ~37Zzyg*U;VvGF}dR&W9K)D3OBc+_%oeJ
zMQ3cSnDN4S&l7ETDIV@U+K0;D>O_Ixs<;6x4{hOW8~2~`Y#}XP2Z^^8N88CI=SKRu
z6=%ON{l^%5T@L@Qm0vvM7q9D&I_y^b%)b@mhx5K7uA2{!9MO>$`FAgVa<$^jpL3C{
zzeTLy*-!tJ$}e8mA35J%dBnqd_NYAKVLf|R9`UfAsg*}OtY@#vBVO0TS*zW<c;M!r
zn62xxPt{huZd-iqwBiZgx8iS?x*d+^AFAISGso)%Gy5FRk%|-H{YoCVSyslgqdlC5
zCz+=y#`Qve#s=p-)!z2ZRXh-uhfHwZQ^h^x{-v)NgP1(q<A0+3?LqozrPKD%N<Xn;
zj$b?+-*E1?&Fo?9aV*HgeuQ(6#b*lAX&0X<JX?;_J@qqVp#Qzh)G}Vb$j^BK&OC8%
zDV=%5y`_H_l6sMc*EDgT>3PMN`^wy7Y+~jfb^gbZ@w=)q2I*P1*7{s>N@u<o!Pehz
zojKlK=^w9nZN+h}P#(qtXWck=kaK6n*bnkB-`EfSeml=G2IdPlKVp==UsYS~yJHW?
z(=lhQc#izkGv4!;r`z1P{>R(HTu(4BRy+lkzsH<8&$8aD2sb}2<9R2#`npr`Qdn&#
zo132$&vJY2R=mcZDdx<7qxGqZaOS@mUHR`-?7#<<HI4Tn&9OJ0)OY7b`tOZMXRR;6
zZ~bHD9(f)%?<;=3;xYOeKl<Kg?s4`vlV2a@4&~HGl|#G@dDJg6hI6fBjg+%b+P->_
z{}{zsBl+25aK7$77LRoH7@XJT)2y?X;AR8;NB_>zgPiYGybxAf_7a>qFSpKKg7cii
zdl0n!u;y`t`9Sd+Sa~{%aGrBm1N>iAd;pfG+uZ!Lto1jn_b9^I*LTp>_8G<Rn_p1m
zXY`*b{sdOeUUR;#{H1mF6`Xz19zS~t&T+nkuAJQ8zHIIizY5DgRT0ko>*+c4Y0}`#
z&v$#!`=rBpUY&xj{OplE&3DOj2`qoVx%t;pljZiXf3C4-Kpr^zVpq2Zmc30Yc$6ZX
zdnsP$9#lMWt$(U|ohu#xn94s++{(l2+>PP>(w1{&`%mTd_~{kTulT%*IWJ_}$f-Q^
z1?Sk<bL2c#aSQXAiXHO;#qG=&D((&|5A%cb_wx2Z_t*yPVNP(?f3|gw5xALBt|{-f
z-YUYm|1U#V&gF_x!|#^Q<u^n($F))%*EIBlORdP&Oep!|Is3P?hdRKym%7pQ!r~ys
z{VL{gZ4W6q;oPfHPx*Uz-X3yBzgw4nIc~{`Cw$@q#J$$1C{BWvf3!KryoYsa2sb~+
z;lC$;Xc<rBe7bxGDXu$a>f6f0c;H;?P0;1xy``v$m}7Gyy8QG2H?zz5>7^YgeeoPj
zPB_p1+;g{w6%Vz8@x;0PhvoVn=SK4!Jm%PY@{<qFamE_S!}*pP;b*^0h2^IvaIQrk
zx;%3g<NPcS^N#bgugkHHhnI1_ZXKT~-^+^il85ob&951m_ufC3YeDQiF|~|3A5n5f
zoxMgeFL^rhM4ja!C!D{t88w$@M`_)9wDQm!++1DyjeQ~y>mU2X%$nh+4sh;ae62iv
zihINIFfKSfJ?K9!`#f@*<G40Qoy~D9n3*YU8CM*S;$6j26EXeA@hF}qrbhVL^D*D)
zrB<=W=2Uy^$f7grR!ptn++)%2QI$tLtmo*;BVN~|l=?f3<$HrXmmK+LRBgrUwhhlQ
zl}9|RXJ+LQ59>L$@`#7^%&I)%bv<!T{zW;KV{ac<{IA>F^6a3w#-5aiJn(DYlmBIP
zUKO)X<NRih^V{r_KhAIdT}XVb+r}{~5BcHTZw;Q~OI!9t`>XQa>?IX%WDjlOJP$;_
zY8(3k{ST1;&WZAH@3f5`<eaJ41Iy2G0q6N4ju&~@hjBiUhvNcn{#bIx{j+rXgquGV
zoogOBsTrKtve@Ty%Df`KnDNJT@Yf^b^QFURE1gWUVC(dO&N$(mFXsY0<cssUnBy;w
zP5BvfTyuR+i*ubkbEHq#gPi1p^Vpedo$<rXpUb>XL-%-?MSDV-3(vyL1<pL-IkEDH
zhxMFPdBj7W`u&r+l}Eg;C(bADC?4kAit)f%t2np(w(QmLpIrRRvlZjt8vf7n9#Q0x
z&YWJCN1kr!@fnjmtP7lTk3D=!$shMfV)Dnn6_c~xw{cwPjprWe9X(ok$O*qD=inRT
zZ##rv%pTcRk5<e-+P5!^9PueduG#4HHL21$|DuzBN~OnZWa-Rx?@Henmd-xutMs^b
zOQ(LZuiS6!Vd)d3v#)YI@%mJHM;gao>c_#-sVDm~^^>eKr;{uFRO`Kp^D6x;>ys7F
zsr2)#GuI0$eUbI4itnoQIL~N2oO?K5<an0B()$#zfIZ)<toJKkUFj>W4=7$=={H)Z
zHXp9^o2^rWk5~HL)`#|w#=vn|?;qZCU_9iw)&4<q?jQX)Vx&C$BUdu}BY8~4?1R)<
z`{eNzv&N}+D(<eB^-B+HmdrXOvo^_7D`pK+@2i+vr%rv7scG_zif2_!ebYl7lLsrF
zSMmIc7gW5kV)jzzSyJ)RikDTqyy6uVudMinidR*9bH%q+yt?8w6|b%M-iq(9_`!-F
zuK1CPAFKGA6+cn&Qx!j5@iP_wq~d2Qey-wQSNwd%FI4<u#V=L-O2w~MJVIMP*JxD5
zqbnX$@z{!aPaxa!*<$j9iaQl|SIqlR>F=$0a>cyQke;a(Ppi1E;{J*UDxO~PjEZMf
zJg4Hh6%STCuj2U?FQ|B7#fvIlQt{G?msPyH;uRIItoVkCS5<s-#kW<wy5cnzudVpr
zitn%Z!HOTQ_>qbqtN5E0KT+{h6+d0^GZp`&;%6&<uHrXo-?pcgYx)@TC`CB$XIkr{
ziRgca{MzcY(ssOlZpE~X``+K{|M{YR;{H&~z2a0n<|EBFDV}P+NbyWF*QIkSURd$s
zia${ChbsPP#kW^{AFOdQgRfX$q;Wo0@wX~|vf}Sm%z1{n(Dt|HcZxZ0ke~Yfx$?Y8
z&*2}ZxG5~pSUuluojf~KJgMT{E1p_0?<waP4y^dlil<k6OvSTckMopDKcnJvDn7sB
z_rq$-Ubx=+Dn;gl&R&3X|HS>U=H4TXdsjRY%z4ic_mJ}JAwBLP#nZ(7_{B364>$8Z
z+-&na#S_fjf5p9={I`kYUQT?r_;P#hR9s=cK{4)s<oS#E)7DwT=ggdwer0Bze`997
zeh+Id9Yr|jGD6QW<}pMw^*$b!zgu27{qM4e&jI*1Qf>Liv6ReyO=fQ;Q|DyXBbhZw
zrq;=wiWx`htW9!n#gi+ZQZdJJ`dO#szKZ)R9;kSF#jI<#omKIiisx25Sn<4y=U2R-
z;)NA2s(4AoODkSh@$!mSRJ^j{8!F~Z*q&a_hojA-6yaR!jnU^7&u8I3l;1-cXB|JB
z#}4a==K;kIthVHXo44pc`nQ7~czFG^TgCBuO8PO<4zUjNz<-9~i52rRI>#5sQu5uf
z`W>SPH@lSg$KHf~Mwv^zF8E{heNO4jg*G{tn4>(KNsHITXO_0xk>{oIe$iN1I&I->
z8|M&tm@BQ?vr5~jvv}P)hi87}5wGh}ni1`v%m2?b{AX8w@w)!-oKtzk!+OrGJmO(J
z3o4IzSkF5vk9b(md6h>ztmpj7BOcbXu=0q9^;}SS#KU?ntUTgjJr`9T@vxpnl}9|R
z=i<sE9@ewC@`#7^ysPqvhxII}JmO(J@2))JVLg{r9`U-K*pp3H9OF3K_f&rIy8iGi
ztvupkJ@2hN;$c0PRvz)Np35qacv#P}$|D}u^S;U>9@cYt<q;3-xuWujhxIJ4JmO(J
zS5_YJu%4@mXCu}{oF16-P@L!eUgDeW;rs{Z`TuR`?=N}c-dIc??vLB?T_e7zOMkpi
zC7pbOmA(RY+ql=YKhDq6>FaZq{}+}2g-U<LJW752t>U;>ah|R8T#iToo9Ey@#eFJX
zX<nsxubJ^bP%-x&jG1#eoagh&?)Lyi?)mU={{m;N4zbQP5YEs2k3!ensnbmJJjFS%
z^3V^QdCo+a|0czF&rP0=xjCd<%a-Y9JXa}RVdiz=wXpo%ig14Z8?Py(_eg{Dv*tBo
z@;s>cDOjFfbB^Z`>(l_w_w9dVeTpKSpFuy1uADC_{u)-!spcHdAMANm@nv(D#=n6c
z_@_yO^K*xB=*l@!aZ`Kx<biXXJcnm5#qG@dDfYt3*)Knw<L7%V=mXN>rmxiYc<a-p
z!|6ZM`V8rC{(aX))@MnFv$pYF2#tsRc9lJ>Gn_eZvOZTjoS$jlj;^-67GG_CNRij?
zjCoLgI6oWGkNQ39t~jPfna3)|J<p1A{Kjh;{Q<L%boN0jo}|ce*vdmYIQM+q|H#9B
z*aVMwOT~_vw)|^1?~3n-22Uts2;QPA`j2zV)nyFqp;k;^d%;_FmA`3ieKb*z97BAL
zBM<F%<~cEYBhE$2!+7D`0|(-f&fMW<G8OP=sn=9v5D$$(Uq)sR&~Gb!*fGd6GzRg|
z7~~&z4AO_juv;~TYs(m@X)9(7d%~TrxQ9L6dX51P`RkhOU_bZEyVy@(aMq#UI_=>6
zj51ztD(84<aI+;n`8^GfA<jSYOpp#|&REBl)%e9j<KMa(zx1K;i-#S*{6piHXV~#e
zA9noGhaJDi5aX9;-SNLwb7?<N#y`c(_~UiQ#IAT9ajbR5KNq&X&^mLWZ}Ko^IQJ^Y
z1AcPvYVK2v^_8Ewz*$e8!#}8a1S}8v;N}PG>A!yM<1x(E&v=*@oO$M3?<m5}4@=wg
z(B1YTSZ%u%;cOe%_v=bcX5bN1lM~==y5f8v`K42n3o3mDES;Ks(E4W-*I1`Mj1>=a
zhqG2uALXademv$wD?ZZ9I>fpt5A}g_{DWfhlN)ZfVw8SgPB|Be&(#A@$DC~!qsy~O
zaTzR6x4C(`)bJ{Fd6*a1Q#?K9%yXOdUPZY1erbCby4!xzp2>=Ew*7+jDT;7j7g&+@
z`m!#}2p**fXWQ`HP<h0|dOlcr#Or$E8gXOs#IY*I1Lu0hwP5>l?cnurD-UCV^V}lT
z@AP$zD6<#u&=tR<5U;hxZ?GS|gIWLDNyQ&y_)r<cCg{6##d~it9_ho5M;`WXv|UxT
zom{n*K5ScgXv@EL*K(aAL;K;9Cu%NUw^ke3!}D;nt^T8b(e|d&Hay~N+luk?$a=n6
zjL!Vv*R1JBsxgQ&PqvM|Zm#+gr>7MU_2ut2L|@W}?dzje9x-|1JSiqmM~~JzKf~my
z=kgZxJ-Xua_Bc1n!?7Rd#=}`1Uw>~Y`Qw@;CdX7g+C97C@0|Bl+z-pczvIpHdm1eN
z0>!f`US^Kt6;@luz<DR@#yJ8V4bFSZZgk~buDCrc4`YX$e=fT@?mgt0CXHhiKVv-1
ze1_uDu-cLvZl;&H$Lk~c`Rx5fdphP^cjiM*&PfYl<zZZK;~MfD9_ARY3*_lB=Y1ff
zZEr1ggPSAD7`8yat?1{QM=3_0y>!j$(rY5?tjpuD^=GY9|G00re$dF0lRBRWTj#Sa
z`Xc|0m42Uf>d#xoc&PJw>O0%U-{W<jah0xH;USN10f$(p*CE!aXNYxL8RCxmpfA=1
z&i(LqboI55V(dflo766@J7TUgGwj(|dR&8~b8Vbm>2Xgb{ZwfuTYszk^I-McQG|29
z#ahe%UTGKVfv4M?`{8oytS_AB*j3hh72*8dv^CZzE5gmM*Vljj_n_3*x5S^-gTC0m
zaQ5{Ox;(mdkN;l=9_sOBJpO*#(|Dw_|KZ$M|AMZzFDw2WmZ#60`TreV9^IamzcnOJ
zzqJ3<BlG_akMsdWxH+oq+j!llwwq|b#A|$crt5h)YqF=9wyYK099`P>p{wmX6c4dy
zmOOBdZMr?%X>2p?nIjLJW1DAvu5>tmA7P>OLFsU=Z@lhPzr3Ei%$|Ajz}fGW=<@Wc
z-)rodFAtpk-eR5o0_R%aZGEA1ILGr1>x-nrsq?ui^;sevZf2DFJcq6^yrB3SdzQ)r
z=NNbn59fzJ*t1L?IOp=JJ-f;CH+z=L17{v~WBajk{uyf?r5N`H(mCgJ(D&|&?~SwX
z@sCm5-AudvV0$*O-YUX*T*viGo^ENI*)!gpW8TR+=LEQ!S!xpZrD}VCv_0(Un6oXj
zXm2lbiEF)>xiANGB9GVj?<oH8h|~WX&+5t}Uf0u*|IVskF`l>&@wJ{>wEK09I8c!}
z!&4QRCvE8;ZjLYW?Y2&x;bu<Jd(qW)isB?#ZK*$;Yf9eiYnnau52uH0?OkQeTbUX2
zj`03nasAoLI%7Mk(%JXvSyVA&B`1+b)-dKSJ@yy+<K@~Nb5~zn!zb!NTfA_#-NiaJ
zgR?EK*BHYwiZMsEC11?ZHK*2imM9(q%hNGu9cYhEjp2rksedQxf!<?oepJRhh_0Lq
z73ab7^qQO5WsPE<A1}3y{Vb-ov2Xjj;`gryXe*uC#`Vkk9CYzJ6c^Y-EibpeQt|y2
zzXetv`h>G?jGH`rE5<&NhuX$Iaebn0@^H<J<5wQ)3^yl~xkTOM;aYlx9`r?>;p{8w
zAiX0EZhl;9b&i-ZT&Z|IEKj#N+g@zXHHw$m!`R`h=Z5HON<HZtrk>mfwg+@YZDK!2
zr=GFy)}yx4so}|$KgJ`Sx<$YC$J$A!R&buXHgQ|}-^|Rh6334G)D6ygMa`w-kD99v
z{F|Z&V?J1MZ&;p=Iolp?om#<-+s;5&+fx-;Gul!sINP3Sy;l*=whPeJcIe(lZ6{0P
zJ}28ooj+04Sv*wd1H0mTE-^3Z)cIU;imB~l*q-Iqso(XL{t4^U_Wnx8M;>YjzozEO
zIaG7;P|f8>uWKIbE6<J6<NZ2$I_BoYvY*e^&y4fkis!-dP-i&n@E+^b7H(8G{=H8R
z+LAwxLA9mMaJF4#&x4A$!SYNt=UUuVdDhy)zJN1Nti|2cT8M|%;-K<=d+d4XtVQg3
z>&KB(I_okBTaS53r^Z)R`bS{ttV@i|e&&GAx_k|`{zL23|7Vr{qV<mAUn_m%ktGjx
z-VAmg#zB7S4CmbASd(XH-Ni%eE<ZJ|*FE;6^vTlUtTQ#Guc2d29yE@->?@8n=~JcE
z$J$J{ou@blmS>td+n#05I~C6{Z=v~dOyTcSgmXMg&^4Z`6)%P5={IN2>#Pqb!r68e
zy4rFK-2$uabaS@-wDlQ^aJKy%y4rqI@r$t9&N64)C#^GAINLsruC~8W{1L3SbIsZI
zKdcWb!rAt}(baZ@YVt=|ZK)@mZP#NzNS`ka&bDLF)s}jWvuA-kaJJ=$Za-O$5%xMf
zN)b*^Yn@{R&TGn>`FU+=yT6&X?1A>+uDJdmT`~1aJ#wn;P)=V@cd+M3#a=V}D2`M4
z85i8VgOU6FZS_UX<M@?_;{eX_$2dP#jZ-`{&O@qknq!>i7^nQhj#HkYaf*k=DgV$o
zPpQT!&(JvKS$CXqZ+}l2=YYoFiWz5Ie-AD9VDqgjl)qhIeY|zX3FrAgj%#_y7xgh8
zj9<)kkNXh%V$5*XEv^O987JJFTIMoOOk1v3=fd((CpbR?jk$cfnu~a7E(6tE?74_M
z)?+Txhn<T&Lvu05T*O0jQQKkXB7JBsr&n`P+o8G0v+i8hXKeSDxzHYFF7dvTd2*%q
zRlI?jxxiW5sLx?tBl@Imss}k4Go1I06VdJIv4{TQ=8Q7_SYLbgu!r%(d7R>GKU2ov
zfe-JB*M-|vOy78z7o7WNoITx&F;2DJK^*sQ@-r{EIjfAP5x4hMeH~HtW!}gh`hv5s
zIM(E$uh;|Pp}v%JsIRk2U;MZIZ0T!DczXHFcbkf%Zq{Rt@(<0?=bV_MJX@>XCT>e@
zVvf>##nIROr7y<U9$8*L?pX0I6-Qt458Id8GOp-Lyt6p^l7DE93(6cj&bganjNx--
z46$}cmCtQ=!eidue30VQiubEH#-=>Oj!k*kJ25sf*XtOYcn2{xqA&Jc?0NA4;tkOs
zC}U$j?a^IvZDriaoVSz7n;hpQ`wy-3IM$Stal(1*#MtDg{}`M2?cxb~kaKUvj=4`U
zjw9uvws3QPscq~H`45&B>nJ{49CP`6nM>ppGluQ;XlIn~y2QN9aqW|b{IpL`j9)tS
ze%<)hmfSIZG5vEt*2<5!zBh}p$-^Aki+DIz;5_c4w$eFn;O2rd$9=_&=San<vpn<*
zXFcN@ExjWR&YW)%w-1&&#2Ah#HD_<3Q<FKcbk5&#y)d6%>GLZ-ui{uo<)LnHjwfoa
zJnXSJuH~VIaGo1u|I0I18vB4ToT@m*e5T?)u-Z~jxVfm*g#C(tf#M;sJk%4;F-%97
z=K{qUusqZj&hsjjX&)-};XDRY6XpXGdF1&m?n9(A7dZQh`F^3ajr!;hzwI{Cf4f*Z
zIj+>BmHt`98)50>xwX>QRJ_(6h4Q*Xe(LZfy7F*u_-9x;bMMm6sjpvgubJ`0{*<3O
z)cdo?IXUhp!}2gEINxiEwUFMC7Hi@6uV(6J`n^!`IP<BBC&BV}oAbRUp2I&`<6({Q
z&_A3Wa^YE`xY)cx@jbBoz2>a{HP#s~oS%!`fUZ2ZD}KaGU0DP4H);%Dgq4$h2j}Nv
zU$y6-6d#A>nQG2{e{X%7BAom4Pw2|ecf|f;PoE;3Z8y?$c*ZNny}k1H>-o61_h)K6
zhi9VV1X!K{dEl%S&*5Qxx3h=652vT2pW82%{Ta2LrF&*Qzts9@#j9cIpI5xeI{WjE
zN~d<|xz`?rcuhtAvEuKcE6)_=kI!GkuSk2|IvjJ6pMASMW41r`s(F@m#u@hm@{gAv
z&Kj~0XuGQ->&F<_w{Y&;{jGNt;nZiNtL?>#Cz#JrJOx%B_AQ(><T?CvG@f(p=~0B!
zLoPhjmG@TQm5P_a%E@@)9RGFJ*|%`++g0dldza#^X6nt_pzo+LJOV2xbA@x?#$J`@
z2h#q*9`-Gq{XT;(&$Eg@GQXf0dsTYuP3o`w(|BH-dpq8{kSES3_VmdUpLzLyY!7sK
z`V{xJhrJEw=fymS=WxY-dj{lzvz|PMhdpqVJ=5iZ(=$dtw-1+d_@=P_hpM|PZe@Lx
z;*OP$6A$e+Fmnyx7*?Lq=B(8OdpI{vw1>8EdU%eu?0>jfQm#`mwl7s<n_ccX*;}o2
z#<mM=J;o-c9U0K+KgK5iuw#>sA767x={Lryw!2A-dmech8=PZq#qF2N*f@S*#uMv(
zd{_K`hT|MAoqpq7ZT+42&CAT!DqdCb^|0D9wp*+}rTA&<j3@T0^Tb{?|HS^EDaM*A
z595V%{IR~$IVZq*T*rKs=UHj7?qcQ_brv5e=9pn@)C|s?{nk5*aDGNP(|Wfe+$=41
zo`bHOXDglzD`$^6bMhRXg^CxNmn$xU<?l7;ebG{Tu2%ej`D2PV!tzfxXa2jaGY`1A
zu#9ajy88W=;(f5%avp%Q?Sts@JgN9)SRU3N&U+-*3=eDZ16ZCua~^{mqJO3AC29(f
zQjE2j(-oh4>}j37#2U2LkG0M|i9KeW{Xrfgj~w$R=<?7H$1O|^V?W5>n$yp7<YAw{
zS!e1++d~xhhUFnAoNbS=-cf|}Go545)t0r5>xkO2H{fg=`$789e(>jFQL9Hvt$3~#
zQ!CC{?Fn7+eWJKOmrkvYs`RLdbZS-CWLtaoP}~WYhv(rO&py_v51ey30A2kuCu%`k
zY6WN881q-ln0c-hGv>H1pIAN<kMT=q%=_W79%Gii?wDg8<=IZ&&GE~F7tVfTF47ru
z%*F4S#Q92X89Q^PE#rc-Ek{B7Xc;r@Va6Q$<fL*Q*x5Q`o(fxMtoVsMGUqsZCMw2x
zNgl>rpO@GNw53nDIkOy(aV}DRj<3n~FlIROGurlRWy~9y88hQUC-O-Do2@fO_%-@t
zB~J&Bm^@L>cXY+??8bhOPQF-o>v0b+ot%SuwAL@J_=<|7w(?U4IL8pjrrLI-ZOL=u
zNs6&&<i`uAKlYDwY63S`l)CLDrtM*hv9ILeIEAzA5qP9`6ydxU9E+~D^AzX6@~|dw
zwmrvsk0RVGFa0h=SKId~#(7(Om3T3_^7NYX92jfy^-^<kwPI=>^E$bFm$=V5HIFe{
zj~dEP&0kkTdB_(vG<Wcsw>7i(V||r}wSaSuQ}IYAH{4uR<{0%<9?mfb*)!gpZDU@K
zSMw4N&Fhr%J+x>moq5Ii%6iO8`mpnoXJ}sL4r4IKyu?HEQl53^6?<4Z{lLwNGB3^x
z<T*w$_O?9C3(k4PIqe%|UhJn<%)H{7HP{t@YdNl2(wSFWv#iHnm(IN4%(;oUm4|$>
z|HT~lan6w+Z``Z+J~{45q%(fFxu%T&?PBsAtQglOc^H3vZHjgIW*I+wu@y7^81t!J
z@!3|tb;f@*Y(3UR{$bZe9`eP0Gk4q;y}RP=DvtA;{G8unUdqpWV_u#w&oNH=hntmU
zzENAXohj{5dzderwS6o4x5^x23}WULeVx`d;!*qYFs~W*Glt{M^g9oh|6Pg;DqaMu
zE&twcW(=P(v!)Nj?u+N}cNF0qXVgs|#>jO7|89!0ujEIE(?11|bdCi$&s|X~wS7d|
z{`OFRIA15SKgd5{@o-pqCYv*VoX_Rq9Co5T^aH1dT99Xz;$^V%Of@&xl{LDu@?2vN
zV}vsg?a6by;?1z~^qKQ@AJ5@gt9TbIPro_OrT5swn%-~EfI0h${r~N<UL8E*QHpU6
zJiRN<uW^2mK3aO52duaDvrpj6xfwsp(@~6d6c1gql!v|ax@(qna>O<3hEl7zW~uFA
z()ZJYv9U+s>?_9q57qd^L*t)U-ZzNxOCK7)^?1KRI^&;5e(RT49DCS$%vXNKAM^F^
z)y90~=}3?HiihSaKi=2PS2}Zf-8EWmhvq8}$4fomIR8lRNQZNu$FZrl^QFzzqm`%I
zoV7a7dXFNU*XTv)YRle?>#~^rcnP}laJ;~|uc&tWM5#G7g{e85@9}PA9SzRc3(@u;
zOWW{>X}c+YG5*LYW?kx>vDVV5Kb-T5`b($IaO!Unw@;S7dd&0{_Y!B7--qS+Y{k^L
z50;-kXT$bHJ*6|AxQDTRwf&6ej>^BL;y4EF|7@klHBLDhGn{o}z3F!k#n?;ouutHu
zVO%fdnI<icQ+a4t->Wbm^03F_zCxakIqSnd!^8RGC|I6ubG~kkV?>_C(oeC6TEdy<
z40L(cDxL!?4|@jAJeOLZtOz$Bev|&|_d3*;>%&StXgkH6`ENv*=K;l!*u%QPnV+?3
zzf;zFV>4?FXKmx!H@|$xFZPU>@kGtlmUV}l>FevizDCQ#T%zXk&<~u)!fs;vWe>nP
zp1rNJzHsUXT4zn+)DO2#|8VLvt#=gR)K9d|dcmomW}P*HQ;&7gIGIbmE*IKQ9pGkj
z{YU?n=+U}XOJTKTUErL1gZ@;h`POD?P9N>rT_aX2?hngDZD+&Q&$UiHuc`E#D!#Si
zI9DhSb&m6i&%JTpkWQW9JRff5w!11)BgR0@;oMho9*|DW<2?NMdLqAfr*X3PW4+|*
zn6vGGer7HoRg7at9&*E3pE!1;vlejH_H;4hp-ymfb2%2yMpw=cD4qw)!@9uP?;>=0
zIEG@4<Y8Ul>^F`zd2W|>xgO-1YEDlaBmY#^ZWlb}*th3&#kgYp=9BT5$Jx(X!+CsB
zUp#Xaqvp!Vx<}1#DRbP>9zKuV4VH&J0OxmRqUO?BYdF8h6?K-*T1TC4EjefDXZk%=
zkr}n$E%VyQ%s3ebI*~`#Gp;Gp8AE+dA#?k^k|*XOCQsCAL09bSsFj)a_{j}tO`=xv
zFyGj#V&=+Wh9587a5JlaaU9u$goir7IcC-yojSnH5#@XpV|coZIrjfM%WHwCxtKb|
zYa)4=OP?OC^}{PZy5gvVJV#24J)^eF5zaZryyTfEjbn+NJ1a)r<Y!!P^RcpCQA2qc
zOB{pZeldHrm7n>-IbWVbXTETAbeV6Qf4*Pl8+ALc`i_k`#xJJ-*bnlLGUxa=(a)`P
z<^?ymmvP2i)OH7HTj2RYY0GsM#=i%AzFzx}^tnz<El;wCxu02iuC>k_SDBetoa>a6
zW9S}q<@vhe=PP~~mWO}eGBd`%nmdZ|nYBFdSdEE1{9e^AuypDWpCx(B@%Q?q_edYG
zpSjQ;f3G5(YZ2E$wcSe^ZOG3tItiA4vN`?i8$4$#&a`KWIrsdW$`j`q<zfBd%oEoO
z>C>daxtA7;>9<c2&h!6e=<0X6=5jeK4|@mB*L^GO`HbRqusj3i?DwPgP<zg&c&3}v
z^9_5xtN4UHGtB9E+8#awe9@j+ig0sh*>A7dGfJMn*+XsM%)@iJrhG2Wc;@PPI6d)s
zx8^=kT6{(<&!9Z<dAC0k=Q;B5S#f;cEzdl8>d(95b7XngBYaLtU-RXGv#<F4QThVu
zaO#}X+8>s^8t0saUGe|?JO*97NRj#D;dnfy(ium3&Z+qPipQHzQ`{0(p3&w!u4AvN
zFUHLIh@4XuIsd}+e;};39H(%zx~#<jx;z&u9uLbi)|_*U^WHOMj@#l9GndKm1zjT^
zQ=~umAjM;0c^K!()*n-RCoG*Y#CbqWU!SzzDn0-^=R?-1!DeR818|P5gD(FR#ffIF
zK|QeYcg*QO1YQ1972{eUPq#Ub(;1a#HY^YM;LOAQ40^93oX2S#zsk=sy3ii#1ZUeD
ztTSe~SyR^HW^}b(qj)>4{L~fBwmgT2+Qj)&9?lhTdLG6jy-yKNJ@)E9mvv-J?S<w3
zC(d1B_TUV3d05|*>_H!__>79jn_1^AVYOx5;oP6G7Rt|jV}FY2XFomgvmfB*<E0M$
z=<>{0jJ+h!SaZ%L_T-PsT&PhiX3Xrr_M)y4zf&Br&Uhk^^><jO-wVv-UkcmvA?xhP
z+bjJ$)|vN@D*fly70P#4oG13J#<uRhjXKD~*yA`g$2mmIKHWzT=G8Ih++z>RGe`On
z_H>)m6Kf~W<<bZ3VIAP~P+#)1hvD4+=b^jpB6}t)!rAs(>#Ql<e6p<F2hr8`F2$Q*
z<!6p?wq0YLeGBKY^9AdDig2^G<a|s_o_<9*-y3`aU48wFBG)851Lo|D=kUCs_)B}H
zoAW;Wt>`~4dx<*2qZH%*ZBaSDkr#cmV(ca9cZx5v&R)6{w!YFj`|2Z=9&>cguULOf
zk^Mw|_8XkX&X(x%Gp>nd_6zsP`0>IyU)BSi{RZcK0<|X3mlXGh<>{F7KH*?=d1fod
zzLJN2;mki5kMtfzxLH=#=v?c)ig0sJ(c}11&i6@MY!7=0&YV|RXS{H8P?!Ge@0h9W
zE#m9-pkMY9oNd=wXMS+*jW{=|?W5A}v!~Den%9OuDeJyD9`Pu}?cj^c>-ycTv+ny<
zI(rB|>mJv1`{UXzopoPg|4oYHVCk$coa@W_(bo=&vDWgS!8u2sqwNGmINu-J6<uu)
zP}~ESr(@2x2U%ww;pVckE{CD3?L5V!VYOvV;cOfC1JYSjINxKT4Sv=UZaz|SE<jh#
z_bOfp%fp(&nKRZ}I_nr~{i)LSYW!+Tt*(RRVNK!YrsBETdY>Yk<9QqUzm&C$brG{(
zG5*C}BmO$luT8|uq@Rahyizgtr~G5YOReL-vhu_^O&-?t6X;^r@qT;o|3}5Yw}*B7
zoAm?aY4o5i>&X2v+!1eX?iTL|Yi#)AZ;zX&+9OMRr;xU+*Xi~@pm>Enz0$9%^p8}0
zZ^b{hpLP7Db>{N#)>*q3EB)n)V-6Yv>j>w5jy<U{vkq~cG9RX&nb(PmvES5onmP9d
z&*532IA}gw@pLn5wFp+*K6AFc9$js}ptuT_r{A2O+pG^L!g;;B3*Bwk+QazaZ2PeF
z8H#XzPvddxvlQVx-#&@1oG+<nPunv`5l+uf?D<c{pPK(y{<xRW_~%N4^L+J!JtO7$
z11!&=BAnxV18XFm;}Xtud;AT2jb~?R8`(2o9yr^+4P74g+Lrb#kOxlBLH69Q$m?hN
zS||_Pe5M?yv+X%s@g#d#H#qYwu;&)VOYB)951iNiW%hhf@hW?k$^&Pf)z+6uhx2ca
zJ&3NkJgWGxJ<H{R^BTc(c=&%iJZ{eldEl)1llDBL_+5Ke$^)l|=g7lx^HY0nkO$6j
zK5w1938%h+er|tSu0e2fZ>iw~^nWe-f$);9_&z)93Nshh56>vYxDT;T9n-_PI62Of
z@+_9N6}sAvHs|rXll3u*aB~t4{|!Lrk86$iVCj45kz?E6%(#w#m4B?c;ew`r$LN9o
za>bKjd0KOGUzt1i59s3+;jGmb=+Bm##J#bYxyO0t-TI7Pbv@1=Mm-2yXOGer{i;e|
zW1abayV9St&iK1nJLee>D-UDdyVB$RCFzWLZl#}A@mUqe{&&s`E4`!k<Y)ciT$icn
z@*k$SA1qJDob`#COYfEr=XoaXSJif&v^jdvw#S@p&$QmF2xr^4R;uka(qfOP?PPPd
zeYbvQY=fG|rLa6x6yZEZZne%l;N0hTqO0wbit#>x+D<cP{?FL+u;K%-JbmWO&vWEC
zLt}W<o_<9*JwLWSpa?ggEBo!=(AD;hYWpjDrYpiZhTq!rlH%`RjbVm4^Ya{e&QYGf
z*fUEJPEWjVDG&Q4-nUd9)&y>LU0<a4X2s;e6ZZ!4%#{x3c(%5O^LhMEggk@tz}Xki
zk!PV|yssq>dm!G|`o?;q@?I8mnQzYghq&zw#lvBF7RUo<ex4)$#fr1+;W&fS6X&si
zE5|J7i}sRo4@Q6R3Ptj^@{Ce^SEVnlnDa&Y<2<Iemq?5AnA(mu=kYQLzw|MRaGuB5
zmzgKdUCP5T#h%Nt#rak`<BEF~<>5R4=Xos7GxA&|?KC~;t2H<Gmwk1<_3?^u)^=0$
zpOu>Qn3;RL)_6~O|7WUo=5-KkJ&tj;WnQP)!`RNLJl9%hJls!b+mBjjJe!$WA2{pQ
zL04altGnXu%$)mof;EPYIp-DE1+_gydYqr-AqSiuYEAxkDjo&PLtk)uW?S!7g!4Xa
zF1p)B&DD0YG&tKv&84%>QFDJ5vrIqJ7j=d6*k6IJoYdwzSRVEQoH=i^-lqtsz9IV0
z%Q`Yvn04F}UfMO{hl>5yS;wO*eV%pJky_xtTyeQ|*7O6`S1W!TR(|~V!ty_^_+2x7
z(FPCe4(B*GL6@H~#=4ugtn`T$$6DL7qxHQNcY&3k{R3xy>V-Z*5zfE+bRfF&%v3xS
zmZxLRwkKNeR)m{}%CU1Ay4o&OJPTG^_6eMAFR{+N;KqM@;c|4fy+QH)u-Z;GXWN^t
zvrpjccQv}&-miE!thVeKINN^NI&+1y-)~y)Q-m9TZp*ceoZnYucI|Uz&#;#8C`CB)
zk3)ZN`Tg|G?P34G`F8@N=9iYwpr_+8$379?CvB~Dcr*AHrC+!?hK%JNgSO0X2R&fc
zjhe!&U97wKUU3}b%EOr9=Haqlhlt5fR=D|6(K&w6nIGJIx#+Q`(#J}RHU0W}BA@@I
zvxm7B<o*0rV)C%};MCc3?PcX}ZN=Ekj3M<HgY}KAZ%yR!%Tg1#`C=JcJSYF&(z@}8
z4_DmYe1hU6SZ%2ToORgGI(2}v4o6w14sg~Xu3x_@W0-|!Sy$W_(?@d5QTp-HCZfwv
zzi^(nV~wQKZycMhCwrGXj6d$r<zWnPb5Pj>1NO{SjB(1ty2Lm&cmA<D?XSx?;pQu)
zR_u@V@~${vGQMPTC9kM>6Z2_`F&DMvS{m1se=qsrT#I-=L7o$(#a!fJ?r?K*89#Gt
zrSlWq>{s;IW73&#>@kly&bP|BQu<;&Xv=)zyiZtWoqYi}`<9%se|}TOIViooqATu~
z<CvAs*x+23*fa9XlQs>%JY<4%56`g9IN{WpGk(SfXHDY$>i;NX=-?64Z`5$P-g_VE
zYmjvMI?x{SA8jV*J7D?mQ)E5J!+g&-bF9VdM|&=}K0)z%b4T%Gusy3`<>^-Zv~|Yw
zRqH*9FI9TH&)_k~eXQE{>iLywLr&V>SaH0UW&O5FXRP!)SrN{2X<XyvpCoM?d#0Gv
z!_PT>j(PI1zu@#7YMph1n<qI6{P%U0e^4C9g4*_(vn_j%oc)S$wvBzLw#%els0W?_
zbGCiI_34UmwvBrOwOuXkMm=cD-hs1iTnnVnk_M;#Wij*RHN<1EJaZJ`^gLyKt|FY*
zi)YZ)_6D{6l|6%sa5IzL=Km+7Jg<m<rw94xne*6;&-bOzmk#HikJmoZ7f6Rw?-tYV
zhZT2(<yj~XoMVpHIMNqMkJmUp5A0|E66tWxr5{~6Z&93Q&r*5d?02#CWzyl)FSov2
zI^2A%oDWx^D<|(o#c}$4IZnsR*NR6e!g+q!&N`KYn@3BYH>3ZywB>k%X}djqRXHE_
zTBmKld5mHl<My!j>2K}f*oU)jo7uCYVqA~Z7th1#;W_fK$9I9{VIFXL;+|hR<Bfa%
zIb}Z_fM0FrC>{#S(=lh;nD2j<`Nq7&%s1|(-(Ox6?MqwfWIfi*d{2h$Io&#QytLBe
zII`!4N?&C^^Sz_e`I)|A-NZT09qeH&Q3rXLZ(WBzJkmRgaJG%>l=N<Cah>w@YlePi
z{HH3$y^1_N=4{Jzc<xd>6PAZM!Ra|4U7q(T#`#2ijrd~g%=II%+D<lSTXtRhU#0%k
z6sG=gdd8uzD8H{1*Kv7R3pkJK2G0v6PwcC!%kNWfgD#$?$hkN<uJ7{G*GA}Ka>Chf
ztcBWcA#GDUV(P=s_!%SIyor|n?uT^t0KR5}qE8XyCm)>oW6%G08S}w-t||9RaomXq
zq)kMZhjGGr{Kj!1&s1r#AI!ViPtS0EhD9&!?@C`WUokoHp%Z!J*y6a5&K%*?BhT-v
zJmR4|;$ibhUpG&z`->${%vVgF9zEI*l)on*_Z8B~xksgwtCddVkz<Q}qPBZUdmA1x
zIik+;vo7_yCH8}K)&<TyF}DAy#wH#b+jV6x^~&E$XKZn<upVQRKJ3`!;o2T!6O$vx
zCjYu)i#3(b*y>|E*5wanY%vBgV|%+E?e*nccW}kDZ{=Z}aLzH#C-M*NA9)ya-51Z1
z^DxEzVR;xQod1uQnbye-=XHt^wtp<+jQu7a+9zVh!z0HN^ODXO>irgL@lweXa}krL
zqeuI}a(^4wCh6pheIh1L)IrRcXI1`qjpMd)4mZ=Lm7jj#99!%wdA5}n=K*;*Kf~$i
z71Nfz4CnpQZs=-zykcCZ<ms5xbAUZ_72{kjPq#TeGweB4G0t^=DmB>}{l@bBUfQ(M
zsZZ=5=|_vFSf@U*j@J9FGuK!nwWU^Y&MW5Y{IPGv^b_~DVsc0Q)t0)!*>+Dc<Dph?
z>W5mVR&eT!qkXx|EAC;$%w@85#(#tv?|k?}<?k<@SMfy^ZwxCB^MbRlIOj-b%y9k<
zjUF+6#tdiuC!wpa1&T2*d1x2&`p$YHzh5f7W6ri5KeW9-F^(5`s9_v0ZX5ehI(@>~
zcAl8FixuNo_;aaG)JjZ!;G9?N)m7ECQl8OzKCYF1@14=MuarD+e&!PE_`gLz7>}6z
zvG;D$-wWz0pNpZB^D=wre+6vMC#_TS`z!rh)~WfwRC@f)VdbRe@mkDz4jWl=@_8=r
z_0umoZ??{OK5w11c&^gN=(+TFVCUT5dPn}bm9Ae281h_L@w+OHYp%w?+QE4(=AMlF
z)GUrK^Fh{+QyhTRw#S_7b&~a7MY#C^tL*O{D387(8{h3F|4Qkx&y{DgIrFeT$j|Wz
z=X=*n(cSiPd!{PF+4ef?(-h(SUfgZg`xN2aCu`7^^FhUXVD;N?&YbaDPdf94n;({W
zJ&s>(pH+MUmS?&-+dgd%>&yGgcxEWV`T5R^_8h4-|5L@IydP#sgPXmSME}NkZ}7Tp
zoIP`-!`bg<_UP+C<^PkSe&@;)e>2L*PQ2EWJ}5n2>-qSd=A84S!+AcLX??zQIQ96f
zR(Tdkhf_b-{)N)vtocRgs@rXfOYB)B51iwFpFP(oF1KfiJaE=6-rrCjYJ0u?@QwB_
zl^;(3TI<WC!_6~g9q&h1p5G{b!Jg&vz&W1yo`XD3NPFC#74pEDpXbQ)1I4H8VV}e4
ziSIdh%<<hJGv9MyZ`>e1oc`z0<@tl+3-+v%2TspR_WVup<%(Z{mGfr#;q-T@M(7*|
zaIVV+=;~`5#f|M*Ef1V^c&k0sc{6)BhTzP<ll8UI;e5Y+PwV$ehx7hwUv%|5sCb|~
z_saukzXSHnRGe-P$1I%v@*H^>+iZItmIqD`ec;i@jw9yT^N2ifdg9vjmvZfB^;|0+
zrMMORk#f&4#`<VQIM1JP&5~!Lv`y{dc{t}1`Tttw7Z2sXxymnn*!=Pg<(FsO{2S8m
zt0jMrnf$xMA1(J7)2);L_)0&+IyuLhi9B+S+oCJa9*Xh0MtxByIOjOko<2ohCorDz
z=KRj#fz~G|!p(cj@fi1w%73CX?)hljF=zg{*1HwqW(WO8|4!2*=Qtl$TWSDj+lAJ9
z72zCDtjqsZ>mnXnms_fJkxt#HQPw2ZU7n$Jk%#B&btiNCw~~J&Gx^DdPUMj}<8_2|
z^3<;*Sc~@WWo$iW+Qs_b))jyEKJG2$q3tYtXcyOL>8#g$bonn)jGCA)Mwf?wOU<m^
zjj;27+B$3Zc%}cl^^W3;mHu+Yf35f}u=-*h;hcNipQ|tC7w=J+x5jVY);zQil?VUp
z_M!A%>Fmio*Y%0X^O9oR+sHH7oZt65%$@~`N5S$;G3Q>2*I&v*&EmdS9{P#<-p9(l
zH1(ygn-t?dQ=Vz&%yXqZ|EqWnEKi>~&r5e$?^lGIe=Wz$T6E?Aw&H!T+76gA|AY4Y
zP4Ub2OgCqK+LPyL#V75VVb1US@f@C?Dn4V+EOX|0*7_VpxZy;uf4|g&wj*>cdLGs|
z=PJTEPIg@zpOpD^oOtLM5s%jMJaV7JF(RFPULPaWy1iZRJE^bx&0kUcLdB1oUr~I?
zjQ>^h4&u0<A6eFMl77yd@x5Z_pIYhhKDqVyo~Jpk1<J!*;+*iavUcoCa_*+Mi+NY&
z<L6d><_b5n*4KZ1E|q@|d1Bv+IbR;D2Y%`R=RS|)T^{b^=Gik=5zg!KdDdG+IRBP)
z>{aC)FAdJWj~#neIX^0Gg&vIm0Oh|9mVbgGocrNcd%mu?#{8gSoI}+1OXBaLt8K@e
zWB8f%Zbdl9@N0CnW$pgM%=fKcfR(355zaBNmiXCwaeeG6Yq~jp@hC<5Xz%EX`=!a&
zssF)dYI}y68b%$|mb&pXd8ief`*Ra?<zzft!tzibxOsb7)7`Ci6yenOvCg>Q=7VL=
z3|J>8oc^QG)feZa*bnNf*PL}Y36FH<2WQUt)~6`KnUnoM&UY(b1gq^-bLM=H^=XQ5
z=3HUDPZ7?Xu}@s*xTYv)zn+IPXB^jWC~MRsy%n=YQLELuR~HXhAFUYkwLafE>lI_R
zzQQ`|^C8&!$E~xD_f`7WtdswVN`KlqYyGcg)|B>)vt!OZuo*wAuO7wN1Lp9Vx3!1b
za{VF?>t0{W_OWM<;{NuK6VCge*sIEk=Lmb)18|;WPePYxvEnJP`eHx84GHxx_PIUh
z>SsLc4LI{GMVIF)#Y<s%7(d+nqU=?k!^8RbT38<T37mOuw%(@*=l?V7PIR^XoZ{WE
z+OkjJZ2NiZ1B!57YaT&Y+wUqq4y)~SbGH4V^%;tA^Yb$1pIM)!2&W$BjZy1K@q7E?
zp*?wL`F+eo^jvE`qGI-3EB|OkIQK@ZyZn1d+sPjGEu7=r8(p5m6b~>TrO0U8H<t0x
z24*~P<{yWCSM?s6JdA<!QXXq>#Is(>vyquR_|S<wGG`o{(&?wZ=Eiu|FL~m45R+$n
zJ=!(pd#VFw?w5{(<stV%>njvvFIkUyiHY^R;#iX&b=7luy^CW_eeEc1D?P}M7tVUl
zMVIFy#VgIz6=VFP%lIR|nDIxRPgM8+(iw9-o~W}t6Q#$sULKyW@BbtJn@aw->A6-+
z{%-j0^84d)4<McV@m`$uxYnBwtNii$$a>V%9LKo%)XINW#S1ECtc-`qBiB0Sr96z6
zJ;OMA6k~nmr~Yu(w%49>6!|w&e*Q7fWagGkU&-W3rvAy}E2gj1I~7yI)EQqg<4K-e
z@sx@=XQgLa#eEg`S3FSh^onOxJgee470<1Bu;O_Y&#!nv#muYSpzNRB;kD)58+$`K
zHRimKI(^|Et$4nfdM|_BHukod+;J`vQ;#?osV!?#pNn{ooU9L=-&5^FSKDJ04}s+w
zZ_d3DdrvxR2sgjwi12rJ)poh~LOp2PF=yLLtamHI`MuD$qBo@`tSL+#_J=>!6~AW|
z$BT68@D6*Z!~Du~fpz8^_XF}X$NMVJ=PPDz^hM;6$IB#p7|X8ae#Jdu`I$SM^Ewn=
z<9w$gdkIg+oSs?MnLC`<=o8W1b`Vxu))CIO<i$hH7QyoLn)AALxpj^YxcRTLE-TR0
z_H&A>&0kQw8&)3X2xnih7Gug<OvNK+En<J(Q+@~ec<ZdiX|VNkt+OtdnOTb%gFV+<
zZxy5d%D-;?cg7<>{qI)s+s%h4#(k99vKDZTKk6^NBMol;yVQZ2lk*J4sJT3>1)Oc?
z+w%d%^I&;;%;{Ndo%+N1|My&quKcu(wNTrkwRo)5^F}<<sX3f$#|YaEi-)?v)I5&s
zPnT<4TvMb|^S$v{Kh}O~9^<zj<2UmhIav!h_xU(<c_u1yjl)C#aL$(+p|eJCUZa^m
zZTC}*HIj$5fU|Av8R;EqaK2WJV_7=+;JnY|yhF|finC#Ps6U)J=c3EQu|5dP!&u<F
z7m7W+QK{#2JYwn@`}W?lhflRmJufzoQCtSw6Z=zbsT-Vii~T7Nxnu5T_9bo6V~%3R
z8`pQ`p|)_&<rFdg<%;uQdFTgD&jRbz7S8j=h3Ia(#GZ~KoNZTF?^cAHOWA3D4^Vwk
z+Z**rJ?>{VE_EA_-ik*l#vc1j`TwWHxmWsV>8t^sF^WrJd)8Q|Zr`jpeuqnb>d-y%
z|NEI6d6+w#b>0<SIT_2I703R!9@hx-!S>8iJOWlu^1)e?xTli;ebNT?z|%3OXTEjn
z24~IVm~z`i_Vg&i+4ef?y^3)2Kc(h3p{s3==KWcFI6uI74gI1$KT&)d*4U<))ALh%
zUQ&F)o~h>M52de{txr>g^E&%?>wSuF>g!i)F&0+8{dykG^V|5!v!y+(3!HO*vwm*J
zmi@z+;8BVk`|W+z-;OrN9yYi3k0$Dodte8*CEuiqV{fP}`X1I9Ph1z&FMG1SF7O=V
zVNb%%OQlvvp)1cq#kjW-b3WkN_RVE3<bs(CoMRh@{@L<(r8Y5hE*%fc&s^Z<<<b}X
z37s5perC~Yow32Gv-bF@2b_A$#r?+k<)I%q&w(-ian<<6!;b&{@?F*#zqm&^V*K(C
zjeo}aQvDq#dzfb{4|9RDUtY7JGZ#3=yqk6A0ylpuHHl+ce)@!)Ulsj8F?l$C;f9X%
zFXrwsPuI_QI*M?Pp+SF3nS12_T=^SH$Do@xvWJ?$xu%Q{4|{VnSb3-eobR8<+~t`p
zE!I@rE8b2I{0tS&@x<Ka;k96#$HcS5aqbe&7x(LtV~hJq<)MaferIxa<%#o{+n$Ur
zKVyfRKbIPkH|Mgz9_kF|*rHZ#sa4cgOikjP|3Der9NJ2!4yVJ`qlVI%Z(YOKOVSxX
zoc9b{x-I#lZt^f@IPVRn;*ric;rx3_+-K15nToMD<Qdu<uax=5IbV85p4Xl8rPB{}
z%kvexx_xVzJKX$l$+I!~CPj}m5>t~)&>!rI@0i?B@rNtErQ$m(UQ_WnSUIUDoa156
z<o}T3R<JzO7H*zpgnl1Jo}0x}^uR-%;pWvce$M;kIYBXMB@cCu<H+}-N8yo9pK$Yk
zrETmnwf&eh+T)?laPybqITc-=yA)XuJRNhc^?B&>T&l>igopaWjo0gP>phBaewW}H
zbhTZp7;E}aSKN;eqMM^%^SPBCdr$g2Y4KWEe72ZA+D*%v!a0}8=*|=Ml!vvBdOlwK
zQBQfOQ|v=?T-W3uEgjBz%@orYYX|4N8ualcXU9xmJHcNlpYKe!PR>&*eVKJ~vOm)Q
z73=JQ?^gQ1S!dl}tn|3=(im9xJxBikJR8~1TElrhjC#u7k@mV{S!13geH%TP7wZe>
ze%{SG^@j5p-`jexBAn-T_9uB*6FB$M;ppn?G)3;8@vuH{_7(T`(x*y;^BfraL^^8-
z=NQftlc!G+ZoXBHuf^8;72zBM`<OA@q<96awgcuI!?o5~Lpa9}=LGp@NP}|>YsBQ4
zr3mNipwC;MqX_4F>0d(E7{0IgD6F<~%{hi|TOU+}a|}PUK2H(OdHpN8a=xVa9ITx4
z&6)Fg>kAa&%o*QLlYgN!IR75kMDMG;732Gp@+^`E&Ybc0X{9fb4rk6dM&7obRKGtd
z9wpvhkM@h@Gc5K8%zAQ7ZRHuQNWGFzh3!AT(%IX1IF8`l=dJazMD)LxbKPeAtUTPy
z#5q}Qc|Oj`K9>&ILv3UK$Uj9)hIX?u7y5&l3;ddXr8EBM*Y`ym^7H1UZM@zT)0X|+
zeyJ<oUpc@Y+8$>n_aJOf%w27n*Cmx6^OR1XaE>R=nQBX)%$YnKJCkAg$D4B<_qT_+
z_uIoc1WwO%>m5ZnUr)t(Qu%2cYp49(=4{Iv({GO=+`M4}{nvjhLv7zHzEBT5z2<Bi
z^`B7HUpz`4YLxRGN82x#^VlY^Jk%4;d)F<k(+*CZv1VJwM_XzM=lvCDm3E6V2I>Mc
zhS<+vDevvXno6hNBk)*{dpzm%8|N$QRDeA61;1u4(pgjHmB)DOVYOvFV-L&2I@Wu5
zl71#9V}$cq-UD52XDIFi%hNGuoe#23J>X_kStHuuryg+TjI~zI3#6TF4{HZ!&RBP~
zoh&WZ-8mU|yJdAOh^bqQ;gPQR4(XBhP`5Y_$TL>F0NtMD_E4)2n904$Odalo<$qA|
zo{B#MD<}VcZSE-k9+rQ`$nyFc4>cLBpHq+5(bB2OPL<AgJMdG7Q>`yhJhNiHH=E<<
zJGIH1)34f6D>(N9KjWFI_;&MvVyvV5Q_NZO*n9GG&X|E;9@@g`nPYvLBAlOD$2z+0
zJbU^S;cUx#le1qD&i(mrbhTZfIW4t^al-jMuFLINqxgPUd8V5)|Bd#rJ|D4%vBT+M
zE$QnV_4RFgW+}q?Ud>bX%#-I?dzdTStY7x_FYS3r@jqaVXRbN>;yLs|MYwrmY5OX=
z#xO?tyY#?Ao#1R6-&vAAUpk!sPlUJPS6jZv6z`|W!@jQnCek)|q%V{X=kXZdcapwH
zI-EK8!mpg{+x=mAmdFF=c=%2g`cmm|<~-K=GU;$Lr(8Ervc6n8ocej_>T8MOh4!qF
z2hP{mJcs84ic9TTDG!|I)wk*AcB^s>PBo8GjPt-(yW($X#eSA&wDeQ#8KZa(Y)|YZ
zdB#eM{bT*3_P2_6RsIRq$1B2ltnFeCW7)OhIDabVA=2WwQ(v@$v$luX&pG}mSe}kK
zJ+rNME5do)%|%y!+MWihZI3zIUS_>l5pLd8_TiQ2YRl`_YhbmVY|gfE9Le(u>9^T4
z#hjkFzC79$V?Gm)n0yyk9QPj9V?1W|NBZAlX76oc=6c&Pb6wg7?v!<h^O)Mn9_|Nr
zvxofv=iZxUo&5l(9yM1^_6FQEr9QL7jO}d2sK1zcpJ<(PQk?hHmi-ggFJGtPzDs`g
zcFb$*GUoTu_G?`uHXT|1<~hvYLw&f?e^>DzD}JTozg7GOwa=V!t#SShD}7wWQCp3N
z`oOt|cXrPIQQX};M{z%Mzv2PrmlY3(m4|x5`ZzKE&D4Jx4{hVVRQ#$qjzRgUGu&L>
zrT_YSO7fg5p05XOM{2z1nb{+YVYQ{saQ=<BrRegnCqK1@S1HCdUHpjn7Id}cScda&
zm#s#ZhxfT3faMvl2<P7}`-b%iig2?**&E+MS6j}<&)U;bgqzXD^Be2kig2DYr=ves
z-gmvw%)X7|LOS!^*gAWRHEJi8;=;{FCI3Y0qZHx%z9q*ne%1v}|1|5=A5Q<F=<0Wd
z;%qbHiG3~|J`-IzsXyFoT*j~fT^^40*yr1nan42mx<1QOeU?<r+O+a8<~5c6V>8#F
z-<bJ*JB}0bpiijykcy9}c&?d#PpkN>ild$y1NDh|eyxl-&LQfH^Y<i=VNmU+m`_#Q
z-+Zv*f#x&hIRaKrY76JF5c^*_*GfABk9eu#IcD_O=W0uB;rxBKODoS66@M0%pZyHy
zarBTqUr~J6%ze(I=ASBl)BKN$--DHhJrC#mR6j%4IDf17EA!UM^LtqS35swYM}M-1
z_W<JjBTq*foPW!dV=UJ(-V>0gTb_7NV7;=J;ynTNdz8FW@XOO958P~6Jn`LZ>Alk7
zJf>#Z&whuSf%QfH+auj&efQPRt(d(x06*Rp_lCz<AFUW`BoFJju=2!xf^^pC#!9Dl
z<YX=2*PKh0pFVfPV}5(Zdz+^#_QA?S4mhu^N29ClBE?y-Jk%dfPaJE~JJR61H#kk4
zZRf-CP;)rj#yLlNk2JU$SL%GFn6@8Qyatwsn#0-ljp*B!+HPc~w$u@w$Rqu4woYx~
z)VD|9uH-q`Or9C=H>=<Cm4|#WW-)nIRGv@5(pjVXEB#y6S)+fc^ti{CpPI*>bYGlz
z==W^J_&s0eyxIEFF8`jdbk^dzN*|-=ats~VIrq2Tk$-NbpIh<5iWgVBquP*@wS%*6
zv7eQnn#Fm^d=P%|af$=5+V+^U?Mc>IQ}{K%=c~5osekT!$g@&0&QZ!U*_?S6<B>i^
z5zf806y0qvw`Zy%oNceOK1~tM|IgR0*83FUe4V%kT{$0Aya!gl{pQU1W$VlvZr-|q
z{_F1#tL?MmC-k80baS?S8eJaN_lNe(P=xb!$BXt1{hqJ<@F@0xa&lb4ulYS+d3KZ*
z_h9nOkq6Fx<9$?l7O7u;x0gI~<$2xj`AQ#@z8h`7Q;wHu_Ro_Jr#{pAeCcrNaeY*t
z1=8Wv`Q2XnT__#SnqP#jvE8N^ugm0FBoCb9f1f?PClT*a$g@NqIP1339%_4i#W%w8
zvtQu!ueH8RI{cd7^VN8MBQ1W<S8bQe^Sa;jmFEe09(SG<^1zv&=a|<I6rZw(eGaGR
z8G9IW{GPA;@K5c(L4G*>&)fe8#TV>ZB@djQm+bkQV*H-3a>B2mYc4m-52wFN{h{9`
z9nN*x09|djRgB;Bm1ng)ulqe;k9jla;TVE5|4!D|N{92ai9M~~D;>^zgMHDJ^AyDc
z?YUnbIQPSVJ^U{3bbB~v;p~^^$U{A6+w-tIaC+zi&n1ed+w+J#aC+XPpWE%rv9LA#
zt@642b`{5co%J#Hk5Ytl%&q;C6yv=G`MbpvtnZ-6zxLaDt)Vy;{s-OvE56ap{V!*m
zwx^5-ZZ;|BpSbqzQ1o6rV#Y8PexfVxv*KDWeYCU_E1hErKjV%2K>Ophxpc;IZ{?5s
zJ$b$%?I)EU_jPU?^Htl3^5lIB^JF|+TXuov8E?*7^`Xo24#j?09_j?=-+7phZqH16
zI*M@SImJ44hV#BRt~JWpBMr_yAJ-b?yh_@8^q^mA31`lg)+Z~%`F9>xp{woJ6>ovn
zc8WRMu11&VS;aN5Jgg6#`;D67Vb4Eh{)OVxu>8}^>5tb$JC=3d6_0q7BEI$?yCTQA
z)>-%EmHx4c@2&WOioaO#BNabh@jq0|>m9~0MiI_+pI{I3nrQA*+zyt1tU1@0<Am||
zDN;u~>?Jts*>9cw12>zOV_`bF+CHQhdtPnnAI`Nt-X5;ugRndub2FjjnUAhK+?&Uq
zk*C|7V_0O*V~X!Gb3eEgmY+Qa=X%|QuAHkCdB9I9u7Tz6HK#w$6+4yn?ZYD;r5LXV
zpDh0m>p^t!1&T2Sd06Yqt+Sq2!qQon8!G({>(u|AN{{uDpPIwDj<I&?t4~_2op~Sq
z%oxz)zEOOP_#kxUVU6Id8_(fCLov=p^3V_59KOE(>%YAty<={+EbGENX}d}>>Mv$~
zm!Qkf8o}Au3hS%|oO-N<{L~!I{~y+EV)FAo|6Q;=lg-(dI<~!KU1Gl9DSwmdG<5NG
zBmMugGe1@7ubLOg6R#1Jhc)FrciN(JuSI^=G483X^O_;^$9vt*ANNt_xQ{YlTKTW2
zctyn<GamKDoZwt*u08a1fxMgB!#;uYINHV@`rOeT_6(fY`aSIFQ;dD9zSs|N<~deO
zU+f27SHMe^Gxmo3Lwn;JrRH%?liraR&ijW;-S%lkj$7u%et`4;pLIRD^53cWK{NN5
zu^;4TpTvG}U!TMyoqYl~Ta<ms{vZ#1#W_<R_6eNdse8np#}&V3zDj+46PAC9BAmzj
zGxq#c@yF(s^8X5!pX&vj-yirdd;Ul9_vR7u^D|>(FTD(_?KDL=`&v)Wq4!CHn@*Y6
z7<9Gecg)Ax(=QL4`+vMW6BQ@eGawI~`Ma%8mk#H5Fm|^-Lpq$lj~Sm6sbAg`i_eKP
zwpsGjpA#KSTX}fD?r>P1Ir6~S?@a4+rNh~8oTGLw`)7@wYsI4!KMOyl_i1&oJ#S`y
zTad^89@w7uo7X6Qs?vX8KKTtJM*K6Zwn{l-Ojlu!ukB#vIYgeg2bO27^c$?-tEjKu
z4)yg6EDy(2x7yIQPw^l#V_pEeuWwZPE7s|EQ%w{PeO&}A4{iTi@uD{t567ndT>g-U
zKb=Nfj=^~<U$&hOOYcZuW_^X?nDvY2{}flj@^s7du}Xj1dXMzKSZ6$cuXvPx&b~IN
zct5ovC&we4=PS-9_>WO!Pr!qUXPLQ%zt_A*@%D=EG;{2J5>|eWWjOczgVv`g!p+2T
zynF*)ef_uMFJZOiIE9;SiicwdonsJAJ&q%_-C0`4o<4ct{QqXY9bKMNwVwOf(=QL4
z=g&A6<hfVcarO@?9$)c^u*NW;ws0OV^X*|j$8|(`IQK3_m!IPoPJg_<mgi<^H`>Fo
z45x?Z81r3<x7jmG9ymSphlkhoKe2~(gL7WLw$8B(H}ka-^zV<>2hGi%+Bo{x<>O_Z
zxjCWe8=$MN9TemBtmZXep8ECdc(+|39d7n1ZR345`4>uun|GBlOtOEGbhx>s=u^<u
zm%d^;VsCqv$OGqII>`D`>2UUSg!N_8;q2=~>&vCX&DEu^i_q2AdlfIP_+7BZyh46B
zYkrkI_bRTa_!?OLmGZ;s*PoG!{HqmjvF8SP;PmhuW4K3gjXkU6fzv~OcvdNX(Vm;-
zfphLUt;ZN{lMXk_%N)OtuC|;re{9ccdEl()&#iM@!&$fASzjw1&bqCyT;zPS;+raN
zVAbJX`QaS@X7+IIolx<Xu>AMS52wG^o+*lx?BSdNr-$bl!+wfW?Ri)pI6d@-r$_N{
z^GwC*u=;&OemMO+hkvf(Y<nJ)2Tl*yCp=uE&NhE=lz#u${%^_;=P`JxJ>OQm+Pq5f
z+KR7(HJ&Hb7S6tIwda1tJM4K%9yr(HVSBo?++VThX?ftx^BwEYNQd)0@SOFZNQd)0
z@S^o+rNen1co|)DAF28N)t=|%fpafyr01B+ucgCzT({_IyF_s_Sf1zQfwS#4)?bhg
z=ic5GU2Uf+?q2a8u=2bpKb-SD$et4v54GnddEl(uY1Utn4(FbKkM&oj!#Rel(KQCv
z`dWKNXb-^I??>$!t+lwro>B6^`TGm^*~1%CU$$qoJaCTT2lhO#_+xvxuY_~_FWR$_
z`ud|ie2xd_c*gnOqm>RfH}j61YL2eCT&eqwDfWz)2hP`z)9krGp4s+re+uVofeY;U
zmEybX;o1x5nqFnSTRNO`yd7O*cu4W%_HdsF=Nuok-Yfn8v3JMub&hxZ{~ImBDGSaB
zD-NQ9BC8_k2&#f0D1ss=f{w5vt0E|Zj*POP2#TP{C_3xN%qFvr&N|Di+cN96va&L>
zZtJ%1`*nRjpL{P{|M>m!`~CMj4{<&F$>+N6>%Q*mzR!Kmedin;_wfImxaxAw!`D(W
z2WpgqW8L}KapL0?$ML#DA2FQja{k3f1d>y$92|Wv=y$}&D~_Yjy0n?<?yZuyHOZ+{
z4vsz_=<x}P<LL9r#J$g_dQQD^aP;|nk2ffeqd(I<&Urg7G}v?N?ZnmQT`KQ%|3bgI
z536sJl#k>7`MI7`p`2dNX;Kc3b?o<?->Q7Wb0#YX$2z|6@n*$wtmAOCOMf_bT?eZV
zQ<Q^a9Y=ed^Cnz4QvcIq3~|-%R#}TxcdBx5^o>7tBj;R|$9qnza&YwRD;}SwIF7!}
zBCfieQ{Un_ZOXyXw{LiShT=HJ|8<YID~=2PH+Mhv_)Nud<QKI*#a%TpdTj01ZfURa
ze{A;^@8xk#;b8}2k5BUWNR{b*GmmfP@d}kV&fB*nuAE&|Zi}^CmXD)9{Em2~N*w#|
z9>i7mV3qq|<&1Ji-SoOZ@si>=_9I>=P`5?p30OH*?x@@B@oJSgUe{BHx))LMvs*S+
z^3Yhlk&Tt&Lu2LfG**fajg`mKSSh~7u~N>^SSe?XW2N{S$4YgF#!5MB94p03TBrXR
zE7ctuE9I<ltQ244Sg9^!r71S7SYu;_V_Ou6f6?OGxEaGSc(L8*c1Gs2JcsdY%i`(%
zAJ4xwi*M-pj5Chyo3@?uXDF7&TzwcCbN{~eH2;-Tqa4<meo_xdJ7b9}hkm8^8I;5L
z<HBfr4S0a(T&?mbtQ^K4$2g?-zSPe3ilz6ylv8qlX6`A@^4T8IhgO+38Gju4={@AJ
zHnw%-$c$~;FLZLvYu;w!GTZ1ftQ^Mn8jq86oyQr&&McnZLsou;VvlEW){S-;D;)cK
z+Q+r5I>koohvnilZtnD+s?0um5IJgx@x-yd{EoVec^WI_upAu6<nzf<yrdGxdt9t1
zb!V%b=4Sn-W92ipIF{AnamE%$JiTYAeCBC-&+x#tB)^wc?LR3$s2|#_aYx-R5Z~Rl
z%kFNrOL~9fEnNdD^J_`&*U54JA@iTyD^;$mI^;Z{lJl*|KPK}vneWT|MCPq%Q+;C&
z;MjIwB(C-kP`M{o4)X!WdL8C*<^zs%wnpNr`<}|vu<9~5aJ;wAwj}36mFHpQu-$Q-
zGqie~ZH?n^Ez@y8byq5Oz2}tN@ml5<;>x*K<!xB)v#oJF&!+9AINKV>d&~1=>V8w@
z^H@1-cO1`0FA-PHk5#^cl~d!6_J8W}aVl}_`{~{x)m>lP;n$v1s}e`uk3BwKC5|!q
zkH_m&;y7Pg+qY?j$}eE`XM%o@V_)FjJNnF=8SOds%E57-!1*h68x+Se=A4^G-TgeL
zQ8_rqe4^(ZuQI()rFJGM2giD)_oftYQarsk^<CR9IQOD`u6v~G9m<)k931a~r}wFp
zbDd(-$yZLZa&WYNv&W|>jtkZ6OM3sGxavNo@=nibQ5;9zhde%2aU5fkp3BBrKhtxW
zx0#N&dsuuo)hWvC*ZW|-q02tU7!haxI?>}Clg{+`NR=0Ooc!B8UZL`lEdF}t<?d6I
zzm9%lS-eLdPTR=)kjC6i9s0xm$oXjG-;(+E%w3t;52?$3isM+pISTD?EFX)N!|!n%
zD-Q8^NhL0fvF&mMan(IV<*`_G*-vrQZ6>Z9#_epZoN9OE@H=v@R(VP0^c<&r_Fo*^
znmpQJpT#lHZzQgEm@l2~$5h^lmCwG6W4ZTvoc$L^`{}r${PBvV<HjpCPhKKl?Z2Ti
z9XFIy=Z?B>lcPBMFOK69#|P?upz`<b?bXk8tWbWvV(D1n=QIECob{CRZ>${lYaGi;
z*CiEap5i!0eO_i+m#EwVD~Ej<N8Oz~&c2LeKOIY4bq`dzr{_#o4vxBqc)VG0T-eFy
z194w&dM?v)*_UzD<+U9BX;B=<w%~OdarR#v`K$wNvaes|?oi1O@i{7a6n~~;vT<1P
zZGC@zSZ_d<hX=BpUt~G&WI4aga+YQ}zshoco#p6_%%NosW;wsja^B5yewTS!mjC-K
z{|{NtAG4h0S<ZV|&ih%;pR$}4S<VMp&WD!6yEMf;ZEkZc!yE%~93M9IIAe$l^)|{J
zBZ_}sE1esbu<B9|$Lrj5?A^=Sr&dv>eH`s?;&Ix?@qCodyH?uwTW#$*w2upiSsyka
zUTf`FyJ>%S{E>ZDLtSQ$%jB~x9CL4b&)HMu&R97t3r9|RUQnA86sz|f+Q9L5DEzMY
zu`Tz|%xSC?=h!)#IB)E@<NEuq9;g2}?#WEcRX%;jg(Ga;>tvSIpz?V97yGW{Tix9%
zXJ@`U^N#M@RC0`?ZkNjaGau>ZdGB=h6)IctKGuI+IE1Zi_x;iiIsD*zRbG#k&wAll
z-!%6=vH7zhIWpsv=7T%Uy?t$2Y3?mx6zutn{LykrKSkxxK90FpAU@ve;+R*d{l8k>
zEj)+1IQo`eV}8l%rsud%?Yq*BA>W<qDrcy!|NTgb9L4D=E;QQqswS?wjVjamhH{u=
zxbQ7oue2=`XI|mLixy|zP?y)8ssH;~-*zA_(}$GvH~T#K(}=s%bErGb4fms2&dZs9
zp83z2(`y#5%RR}_KKCDlk94oQmR`qU^^G+c@c4Twf9?LA$`x2SjKkkNPTkd+*V4af
zpLm)N%4dAieDE>f#{0>5RJl3lP0wGd`&;=S+EiW6op6B@Aw3QyuAG0UJkh;WCFic>
zlZN9saJk2st2mzDd43|lq&SXvkH_g3j(PYjaV>Y4{(I4Lm?JpqGDhSuZhvqet&)Ee
zUt4wmjJ4b`s*9ta`sc7R+Sh~m5oUXY8TT+_8fJ{btbdqw4wo{sZV_i4!t^OzlX+a`
z+RV)P$gj&hA#;7^hRltbCuMHRJUMf7<|&z5GEdFint590w#+j!w`ZQ2xg+ze%$=EM
zXYR^8Cv$h^xtV)1&&%AKd4A>vnHOg6%UmlL|DJtb+5UF?Ii0whK9lp1%DXb(m$};g
z4VCHnPIX7P<N59|auhFDiQ_v5*}k;T^U?9{@hVStGd64^>W*|5j<#bj+laaksJzB=
zD%^!*EQf7D-J(idILhLi6R)%Nt-}AXzvE8l35wJII*%WvauQaY{-@)x^3T?Od7a1U
zTPODT(;lZkFJ|$6H^<}jdeHM5)E0HQXJiyPS{8lAaZWXsxN;__tan$dJlcJR$`i2a
zR=VT3!SAShsmk*`hqiIy*md=P|IAO%A&-2v|8%T2OYYdFY0N#R!*du*9Lv4i<Mb03
zj<fN9khtnDQaKl^{W0#st>u#6_pY4p$j|79oEmquKS*3Te^>cOtekP~=;vQN&V0vl
z9A1ktSN?d#aN)1E+>Je6r#O!M^j?jYRjt@)a^#~_rq^6*hwYMHa~*H%IM#CxP??^y
zlvA%9T=<$T>r`?SZ%`b^ve+WU18jcc!X#_+^TfF@s7Km=<q<OP%@$YN-x{Pjpg2oN
z+uh^so^!p*v@a`%d7H-HbDr>=->G~y^AFu`sAO)@2j(`8`B_a|?d+m*cQ<|9!_B&<
z_nB3fxs78x@;mB2uX2+6ER`o=<+B_d`DqR-J~W3<wDC#rIjEf;<)%3-_sW;+hxTWx
zyalUn$z3?f>fT9QIq#^PgOyX|j^)1San=>b9D9|x>N1~~VAW+l<JhKY+Z|-vi{BOH
za+Q1Gf7!m4#zAqm%duIU<0JVz&T%vT7h|t`wZ~Q1I(q!;Sv+k!wZr)5+m7|5ePXyU
z*~Vli;%a9fmAhf(Fy=VMq|W0dmALRvW~_hCyz0{T!}UX5+Qv~g9ZMBwJaK`Gzk0Ck
zS?(n&&%?@L%y87b%;OvraG{RT^w%k>%X%}{sXNa7nQbv4+ZOWBw)l6pEfgQx79LOA
zLUA5xTgXG(!gJEL@SHT?Jf60N$J4fu*SIYdAKDhDX4^vT3~dYLtZ`c?UQ*xc^ivpN
zV=_@Ls_xLXP|g~+h2lfoVjZiSwuR~rZ42eBaa$-pv@H&>y6H8e>JDuS<^1=yVC;$q
z+jypB{U`f7Aa^@C?oB*@gi0L8pRGL3l5t_Y&80MN)jr!X&D;Ggo{mdu^Ge0j@l!eU
z1;;!&N@lq&Dvxu|RGD7qPP9I={fcG7)3u{*u;TQs*5mBQhh%a3K@R=I(f?}VYG=I4
zBi+n_w5&sHS*fl}`+42e2gPX<7tXXflg75*>h8|(Wa{pRhYwGGv(=C}jjeKMCm-9*
zJ*QFSmRbHzSo!n?7tXTf)_Bf=D)+?7p)WZ0--#ZlzqkPOSX)2EL#@vny6JOTH^nLW
ziE-P=bLaz(_ES5DSv#q&9PNB2=kP2?9?E&y;-91a2J^;la&Yv4WfzaIoE>rb@N_Pm
z>MBk?j{MJi&KQ+x-YSParg`hn^=aE3X>C@MFVjxij=FJjncP6!J<WZG%KP1Ks$AkG
z|DDXg$(**k+NTfyv)$GHfZ`l$SQdTR-p%&h8LKX1fMaaa{8v76W`ECNop6CS`Sdtg
zKeS2CvF^Dl(=k?Y*5y=>x2b&8{VSEd?srwDZGDuDRhlz0W5xOuWlDZx{L`FKoId~0
zoN3J3k%!um*VvBYYi#G}tQ~o%9eIuIDE{B=r1wIPv37P~U1Zu}95L<SSg$mf6sMgu
zms)LqtRjDd;pzHM+GmwRy|mBvS^H^O$C~#hf5YMFIK=U&s5r~5&*G^MivM>X(%ewp
z2IZz@$+VH?t@7y`E<9z&;WRfCr@b^cygzB1PO|>6jG`Q480(vIj<cM!-Q~zB%GBfM
zGx^77`SMV{yvF<!vOdU>|Cu(MvNq+&Da!xdW}177uW?(SXzir2m1zgZveG`NIBnv>
zrM7+3IGmLAK_2RZyv9B#{@;B_&o$g^s0Y6*%Cv){51V?NHgTaX>%(NL%kPSE^dXK3
zX^x#@IXt%&D~G4^-|evC<d4bXX&e-%y?h)}A5?do;w8@?t8z3}KK;e9T=G~J&s}L9
zPqjW2iOVc^YrOgJbY7I!U2&G1uX{TFD`#89HzQv;{2s@$Qv0V_`z3O813S-yyJV)X
z5#K9w+Sfck^+E0Y_xPtiD5pmC(m2R_$Y1bws#Nkr`<yGL=OejJPJL_6`u2t4!<rQz
zqo1O?KJ(F;kI#H^=G0HMxyF8~%}L5lV<pqCEvTz}#ugX0x8p!MzA1<G;)nk5JixkP
zo(Ix#Np6t$^EhUWil^Ip@&Ce=HYZa*&#?H}<ZL-SJ#XBbxf?5o{y&k$c^)KAKXKtI
zYjbnYVZNmOQEfgYr#UQF%V|7Sm$AX|8SiNxDyLhqv@UMu2g_oP<2e81wGw@vt+Ej-
zhdGPmJ?AFk$~jjhV?+-77LGYN&ExbJNBc8~tL{vdS7OyIx#OD4O~kzq4|xvT5l8!J
ztj@G?PRDbZ@jQ%t{c*-pm8W3E8PAq1KF8yX)uUN_aps?APIF%EFjhE@OX)mB%le{X
zyL$c-mE*ATi|*Kt<2~mHm1+Ey!?>mK@3VC|%5$cxJQgcwlsm>h%`q)^s^ZO_Q*y`n
zv=Ubi?WA#5JB%TYxxqFd=N*+_bHAwaHmrQ+6)yPuOLr4j{^Kg|$I4-@;aF}japlm?
zD_A)-?wAAVm^{VS_YiVqw%sv!Ydb!qb#ycC<gguajQ{qY&%B%9K2Bwt1IlOn;^<p?
z&N|DMOIt;m<>JUm=g((b4(nf($=MxmGd#Udv#-agH!+J(@i@!9FpGC&PUGzDq;YnC
zBg@$sYq_i|j`dB?U&_B(v8~9FJ5{FFfHLQ<qdmT-$}~UK4)YMlI@Wp)W3wMt4sGMe
zX&|mPIR+n@xe+U$If-MRJ;~!Gl{n_=8N}7j#VXIis$1obWzFy$=2w~<=h*nC{<~S9
z;<k2NIsz-sc4^AuX<3T1T`ut)d{dTlYi7omcGzAx#yQO^EsNu2+OL(v?{WN{X4;pP
zLtof`=^IY-*?qXjnV*am%VJyLSodb)%5PPf#z#493tYHnef{6R4^cT^lNm?yXR5p$
zE1zwFBmZjR%DGKtdj4&(@hlPFZg`ptX`Z-Q|DtjjPaNaG+#{dum7Y&!p4&Gdey+7y
z?WS(pNA!owtZ#ZAcb`a(n{lKr+Xct6(wHk}Xx=J^zWmR;RnBC^C+LSZC#gI%b2`^O
z&-yloxJ=*n!rKo|_j9J>syjU|yC2MQ9?d*2Guw|g=|7JCGcL5xyx0vZhyLT(*6Ddl
zIo*n-{>u-`Y0k*(YiU1HUB)KuN7vaLXx6`J|8bRPx?5CU>Sm5#o4M2dw8{-Jf1u+o
zTyJe|N__P2^xArBtQ^J)$FX`7;!~~eR(OZu!?shI)=_>;PUGfIZ7QF3aEuRisLT4M
zIU{r2O4~(dUDI}SH+VjAwlRHR%yD5S{ZEfHR?5FXK21Ngj~N&88Gl^RI`ZIm<Xofj
zE173t<um5EpmPr%<dNT{@`lXpSLCz(aiLNF(}O(nUs8FGyIbV~H}P+~$Ejp_#V^~~
zo{9B`pY(T{`$m=1GhdZ?X6Cew)DB~gW6aZequOj!ENx%qFotRS`nlx}`ZvqHLM6jW
ze;79$$MCVlmBV=Ki<Lv)ap4A=O9v2F&e<vt!^&ZNaA8Nw;kXd%c%GYaor;xT>5k`=
z&lA7E#wX1m_pZcu)N7(Le;-wG*8RvVeuCF!eb30^voiO)SEzi$J)rWZng8e}XQY-F
z%T3qpybqgY@llysANoI1C64Wq_9NBhym7SWFrGM`Uzi^(i{t1%SnV*LI9_Yi5m(Mx
zDkoy)upAu6oOB#k4&yP29GUyW)4rqpQHtTnr!Cqksl+h{zD!(oxhFIobCgr17>>_-
zO#6{?7AcnIs?5EjX|5{2T5%lP_fDBMf1+|OR?ZlA+za=(=e(`*1^4?ZU%|?+amPIT
zwZ|Dh9PwquwJi46kFo03x(l<ICAwcoKjaKkpZUQhl_Rk7$19AZ|7m_+xQ?QJjZz-r
zj&030Eh^3uaN$PV7t%i4YIW<#*?IUd?%z-IR_304_DSL$DrdWi-<_G`J2~{X-~E=#
zbgkLjq1~dEMc>%=<kQZkxv8rh`njooqW|d}O!>^!wBN}^)#Kl^vzJQ78gH&R^Ak@{
z`6c&#DkoyK&%S`;HBs7UmCqbJ)pOVvaJ){LLR>jrD$mDir|2$xPSE2b{g89D%3H8<
z*cWgd&mZ(Sa~>D`xwVJ5>OQ0Ld91o6ceKBdxN?4^asVr*${o+AfAXA<RPsYU+vOiv
z`PC|MJhztXcf^_VIQGE{$=8PpT&r>#zR2bY<4F7wmGj)ss(cqKhwZx|Z7PT35ZeQD
zAHgJd?OK{YSov)0S3JI(;vc#{Rk^YLO<m%fXWk+6MEA=oufyKv&prMdl^bgah_l`A
z!D{ncD!Vg3lKF|u&t^{VU8wH<YKQ%hcJ9;fk8_`_vdKMHasExt=_=E_l8N(g;^(ML
z^Gbe9@#)0XPv#zu`-R$xD~Ds%%~(0iJzTii_T}4&E9YXB<lzTYa&Ck_QJJ1o<ZsI9
zIYsR-KXEMU13B{l=H5u#Vz_=-F7p=0F*!XSsZF+T6*=+*mAhf(mz0kSAK3g!_uDIn
z&zL=o9Qh-alik;-O!vksev*8L$3L&_ct2K~%y}Gre%N!quX3K}Fwb%H^BK<>rFP!*
z9OgWZ_ZEKcIXfxmUC-gzj$?oMx5vjRj${1SQ61K0q{{W&tP^vWICFkq_W>&RbL%#E
z`%F>gTr6Mc@xxT!gtfl4S{9D=?erYx_8iY)KH^xHxt{Zm%BMZ2PB}Q%<u#8_P#nj)
zyh&XB(Vrm<d&}LRlI0Pn&$=}~d2P*GZq1~h^=b!4KXp68P)@n>s9U9SGpzgu<>Scb
zls9s83Y&a@%JjJ<%5PLYF1%xNX`d`-g8R!VTisWvyg2h^SnW(wJ2;+0+dXHN%4;%T
zkCo3pjU%5t`pIXE@Yy5yd6l<e<xf^Vj{J@E@8ZSQXXYH{ILY%?ahKu4UQ>B&=4SUy
zl~-nd)J^`p%sgjAJ1=BjnE92=96RU($6g%IvpaeYb1A*HQqD+sJTGwUV_BRNF>i3M
z%0t}8t31g)MI}GvoTu^}_j4-K^NZrFBgZUqUR3#2_cbc{9dTZR+~w|5nVy3b|Gu2Y
z_A55F>A7AWp*VA~xa;s?%_>uW+-cpFv&MB-&MC?tOI_u#?zr$ZJI3xqTsaLY>#%Y-
zR^u3-V?54saO`WF5uaxLtirnuA2w0PhqT=lr_bp*LUGppGS4TT)?GRDxrexNexdSv
z*yH<gTvD84?-m}X|M)Z8S2-UmmbS0Fhs-)smw0+@C7&UuZL0QJM_l-&^`HHaeEP}u
zrVp$yj&V5O<2=9M!cwa{jkwpH?m44W;;1{*bDmPkwkIE_=RS8jztVC`il_6dSFHW?
z+^3wmiqFvxeXDXu`_B+p4r7@17v)sD<M`R<Id7=^0anf!ceF!&+F{)O;5jw!!p?#o
z{Ei&Xt^Srdo!hI;aU|(?1<flS>3mH2TPe1IeyEGnd9w0(F2Du7zs-Z+k;8W1F7s&j
zt}4g44^+7)Ry*wDxNvl8#y-PM?VPL_pKn5&91qgpY052%o#t_T239+D%E580+g$%H
zUSe}~Z#VPs2sd*n%?;%+XVQGA89wZNIn4*fnKL)(hjy47f5ggJt#XC?fY15&z$&Mt
z*xx-~T+9E)P;s_9ul;C;?aTf~JLEKYoNaoR$LFfN(&KE$*W7HQjZ}xaoQH1erVr`7
zRPD1}s<Jre5G<E*KHXg>-{_toKa%CA=UKH+o9|}%`tzRDPQCKi(<Z0Q2KgX2`(guD
zT@E7CJU&VBbRMgGa^`0_A9_xc;;TKrw(72>AKIZ0>9eQY2WIhOu-crgy3^gw@;&Y;
z@?5OCgF0-!?C}=Gf0D%qJw8?OkF)r{JU&D5wb!;~waVpg=1aldCLe%(S@j-oSNux%
zOu5T*9#Z*jk9R2kV~^9%-@1RM!^mGeXO?ox^>5mLP9>M{V_CYSl*XY`Iaj&KpY1v1
zKj87%ito3s<#);HGkLtvtsbX8*I<u7@9{Z`f1JhFE4Q3Q>NB5X#kS~H&LoesF6VlD
zuHqND8N+FA#*mK`q%LFlB=+S#>+yEQmuK-!*ZaRYTe<mKsGYIeVcqLIzFg&PZu-NY
z0h7a6J?kdF-*d?Sna3HcX4Q%QT!B@$NAY&|Jo#F8ul&s{|2uBRr_XcdE9Zw<&Kn+I
zp!iac@6UecX8y1CoQ2A%C|DmDx2>?o>Nu5qc)U;XY3^6$Cq0LD`aRyS_)_;G`2){6
za-_ykKdj?o#jkfSk-M>$wOr-vncwl8I_13YahCO0j}Iumo-UBkCXbO=?G#mR<Z<n0
z>EGlmmG|=;+Bwp5#w&ildr*GMb5?Jt?d9=hihtno2NnOj$7d-%QvYVTohs|y)IA()
zxyzMvnw$J-o<sf>9%nwh=dP3g?m6`H-<gN&-z<xGdFBl>Z<4t(^H!O+%Uqp#m&{``
z@0EFc=27Y^>$pNCj&rat5?4R>QaR3Drh4hTTKOv#!-ZQk0rfaoKja^-vfjOp@{hsF
z|3oE@{3g%gTr$1?pt>WK-%MQjt5o8`)#duXU#Cz`n|y(O$XV@<^PH<Z&Up%sWnD*H
zb>CNco9B#B4laD%`hSndIj_O-w*!xRe5B$y+GKx@HkW!1?-%02Rn}+b965~DUp$BR
z199{@y<eeqsZ>0@U*Y4qp8ieU&#7eDnDc@3Ub@WRP;N_Hb$R~^$GYt7@sdg$>#~o>
zt5o7xmpbBVlk<*)+{3l3W3bw<R*54&op&k!RK++Ci@x1}mCtz`j{eN?c#TS2xXs4=
zG2&|HIhE;s5BXeqF>$rS-;?5K=UtE2s>IRGpFBQZC64v|hsRkz9Q_~0xr&y>c&7J5
zv@Fg`ap4Kub{l$5wMyQLp+EJ?!LjXj^El^dININXxZ3A^6y8t48)<H*_fphOqw;a#
zb{mI7$Wfg49dY#kSdTN_INCpvxY|5T<z)A!YX5Akb|xzyNB&gL8G7GFbw??Gn&&qw
z9~U0Cb-&8vQxwOAHjCflan7r8v_G4;+I(E)H{86(bC-J?E$cq4zD-qK9OvQGq3+u%
zpYohm<=_~H7d<{raU9F-Bkpy-=k8beefMZB_jRo0wy7?T<+42L4yxq6Cvs*e2S?5y
zJ>IT3j^*lO9a3HWx&1JGTtf2BTGl_Y+L@_*9QkE_?z*nZ5pK?bH^j>CP(F_QqUY$g
zKzk2L{Um=hapliaJ}&&twu|1@NquNkncizsPN#Bk<kV$36R~n;D+kAXZt{4S;yA|t
zY>%_=;^^m8;_4gkU0vv=pVP70?^ZsJ{Pry8R?nHM931_;!*gCx`Jm_YC<jMQPnPqP
z=gd<Mj&*t2<GqUGSeG|EK3{PheOp4@$N3%4S)d$T=&^BL=JAD!<Jd3$;_*JkakTk&
z;%c)}W5VkeyuQkH-8GssBeBNnRn^5Y_ozeuM3tjFr(ZcZ)@3J;FH#)Ga%+ft-SnBd
za;;)}czh2ncOR_fE>>L}%Vl}gZB%)f=PXeUj+_%bKA<>`<(@)Zb<b4U?A}MqI@f)n
z%Bk*=8q$m1d~Wb1Zq9|T!s^>nwU49y>pX|g<?V0}D*tw@{6Xd8_*}L0nZ4@IV~XA9
zIm?uTW1hU=@#Tu+_`J365LewLDqr!O70SU;_eUOIsW^_$9Q(P)KT#YP4%Z7KJ$^-8
zZT?l|?>uLfa&WY{!sDwI$I<2{{#uXcE*#H^+j)G1;yC8UZXPdJ9LE^$L0o;9sB&M=
z;aUKWWgYAB3dM1}H#o)PJa6Loe%teit4%)l_fpTPR1S{*JmPVlKXH5q?$aJGDURbh
z$O7VObFs?wS;5-Ayl;^{E7<S<e9i0f9F3#@Z+m=<;<#{;UbN}4jJVp|Krc7m%e<Dq
z{;g3yj<F?={JT_c<~ie(g9|U|e|l_5+;hfy4$t{G)_p&Zk5?SWwwOR%bx&7$n0u1S
zBeB-EPWgCfzw`J6#rd;`SYKUkPx<wV<Jexec${k@IM(ZFk2flgBmSDlCn=8O{ED|z
z>E~}%{@Tr0E^~9q?2lM|Zc<$weO~D~yJ;6#?KzyY;26WT{Cxv*Hp6PCSvfeya66Ar
zQ5?q@?nqpHqi*_~VVPsXSkG@!K92duR~L|foXP_{hw~#G`ygMlL?2oe$1%=L#8tOh
z<=LJyO*uH`?FF85ok~8Vn0DHfgQNW!9-pB&j`nZ%c)Q{_J{u=}cCp%-sd)PAVxP}^
zo-+OEQTejh?NAPmZQAegS&HKr&$m6^sW^`DTuNMReyZ{}?)Oyw4yzBdm5*cluJCx5
z;yBiY`n1Evfb=~ksyjzHIO-19?`X4IaU69w@%UWDarA9-;%akim80Bj>m9J#=}|r|
z9HE8iu}hY7py$j}4vx=wtoNKIl}CC`uX1pFp5e(JpRYKM?@Q%n9?M;zIF2#rBNB)&
zR2;{c-{bK<#c{0H1H`pn-&Fai=e(*M9DR7n<Nb=`*vDV<_#(w|^zEk}U#vKe`MH$1
zmbF6VyPmT|IXITZX(jz1P#hO#YmoK$7jf0yT!+)O{C%*c%E3{$KwLR&mkQ4rR1S{q
zzK!QhRJo7mEK?4SF+AMk%N56QtT>vu+W)c2vpr{pa&V0E#U5X&IF4~{Bd)r4sJzm1
zK2Z*i{@>s^^naG;tWpk+{y*sP)r#ZT7O!}Gn5I3Bb$Qq0ocrU5|HI>4bH;JJ<!k2Y
zXHn%w?lflZDJuCYKDN<F)x|MB+h#d?dQOFMaE#A^9_Muij`87R=2$N6AL%*zv#jJ8
zpA$TX@!_Kx=mX#Tfn$8m@tliPp6@v&<>1KSb`a`TDUM@Icu7oLw?_`c(dYX;&TAbU
zeSVm@`aECd6P}}gCP$xN@c1~zam2sp@mj@k9G`#c@$rh|Sk^CytMT8fT<-o*<)7TW
zdav}O%zw+gmcOT3r#5l4Sx#JSZb;1igvw2^#$kf;am=y(JYKIjj&W=7c!T0N=28=J
zwLeAW>F#Y*UXIm%qw;aIbCbs>DUPF^+da<fLLA%WL67sjDmd1whq#u@m^|zLmdfYd
zALu>cg_&Q;{03Ivn$;$bHkWwLJ1T$f<~`?kvGS)VAIDgI;_(*6arAjLarLcIb=TDo
zb$Km|V_6#zSI#CXE8Hw=ELMK2@^OsY{vMyEIF50fL|pBBq-CDuIc>_p(VufXK0|RF
zefTnQ)n&OCdrrG@aJ*MD!{aj*$MKr<W{-C$j-$=56IYv$sGRMl{kyT&YnJkH?5E_B
z|AxvZJf~ARIQsvB$7d^!V_DxJ?sfazEbCRQWpybZ$Ff)k`2#B7@|-!!!IASDk9RAM
zV_Cl^uDZ;tmF@%e9{)eEmNi%TIP!=2wSe&|*Ku>rVN0z19_8cMzN0-pPjMXUzPrbJ
z701#3-o(`(`Y^$B<|_xsdyL0=e1YOP>Yhkkbx%_{+0FHcGqC!$Q299CKb+?AKE-kL
z`5KSEsyL25-|F#x#c?e64&qwwJu180EcXHTqblcSasEwz7O5Q^=NM0CIWKw6V&&k%
zl{$&g<5kb$`pj!?mbD10%_YjmvE4uRoQ;*Uj(*4)P!5ju-OS@l6~~2JbpY05OX6Cu
zHkG42XHYpf#$<PoFH;=HnCwklb-5Na-c3Ib#OlLx<>Tn*1s-3aIF7#E<nfh?<A~qw
z@lO=Taol*AxR(2b${sgkz`uz<r}Am6KCDt*9DU$-<or?POP;e@IXK4T)hy>t&*8m0
z9AolpkB?9s$CxZ5uJ##+4?U+`IXH4Y@f@ymsoTSfm+A$d9tYqr+Gk2k%zSv}3aorJ
zneOR{Yf{^L&IFY^yAM^lCssZ)3r8Qu6W6kiRGIp4nf0NXxJ>)I<FWR)f$5r*;<Pix
z<L9bu$BOIlVfXfUe(I;<l>B_ApUR;xsh`Rzy5k%p^-b|g#c|<N+b<53>CZVT(|uOT
z8Rd@Wwe!hQyrdGx_Dc6+DPE-*j&Vr$#;eU+6uVYG)MX5C^k);|Z8km!yBVK!uZ!aJ
z?skvkSMlz4kN2h?XMAvsLt1y`a4m6Ha^!xMY0T9oV}?2J;gPN_D$ZEt*B04+^o_B?
zv0f*6obkaCKilIal{n%Tdz|sX5l`0*)jngAUpKtj^T(*fk>BO<8kIQWb3M-WQXKJK
zkJqZi5nt$Wwm*(|x>xY4wk^`Vg5!p#``RXuFHcr^2v*Jrm6NjgS3Iu5?#WdCD*53o
z{v!7HfXCUUzsuswGk=)*FPYg+^nvY;W4rI@IlHN3>{!+xRB{g=u2Z>>yGi9?SnV($
zaLmcH9TlhTv>orV<M{>TtDUP=UW%1d>5jh%;&;SHsl@TzbR%)q{gcYOv2sf8!jknQ
z-Or#Oa=xRo2P>z_9qm8mIUlKf#&eiIIF7^L^EhLGWBdMyxZ3}j$~UpvXD;EW%kRkf
zROK(Ra>lu1e6}P$-R23u!_0@YAMK&@+cLjyt~lHGa&kO=tLL-r=4J73dz@{N=7#5&
zJkGYjv8{LVIOC7wyYR*mS6z;0+(SU$*cLeYf0V~dDskan8~=3NQ$AykW80<qpf;~m
z?0o&uCS#7H%{2cNXUuVYru|Hre8w3Uern5_MO<xuQ{`<~IgBNaHoJ%`=RuWouyShM
zvAyPce7s5=%cWiN>r~=cmv0eQo4;215?0OxcP#f+&v`>-zvtAuW4Vhx-k=i4a+i6$
zQ6-M&j`xXcxqnspXRPH;az~r%Xx<QSQXCh$Y`?4U_+-U#EGx~u%WWRk>379Fb$vl)
z+D3ANa&I8+Ik$Tb<C?}(IfL?Z#69OttoUk`^fg?d56T&#*!I}lug>D>-cgT_&vMee
z4IWSTi>e*=i}Za5inl9wy65BcdC|%lsT{8Pu`I3={RS&uq4?JN!R!|}{#I)T;>zb(
zmG%+kRJvmhq<us=6BJMTh;l}`V-7Hmv5skfQBFy*w7>Y@lb+x?r>Nw4F!K2~=KI6X
zz^YrN634bq`-^hEs#rRf%8ca<&u9O_(dX-kE9Xv?H(|BOzJ{aEbBQa5ZTAFLPK`V6
zTYlDa-cq^1bC^ds+UX;%cDQHu6|8n@-O>L6kB?W0W1bHZ_ddLjRkuzhj=yvKn7DGf
zRsP#uu618aKjgDra4d`8k<WZie><ie_D39jE_zO#O74FqpL=z-z{+Po#nC4B=MZN<
z#nBGSpl+MWbRUj#*iX}aIDQZLNuI-8ZN|!JQVx!G&i0%uRG#NKla+&`57cK_%<Y>z
zr&&2Tu0iy8e2U_@@TGMnozD<g-B(mT?>Q}s<LE=WKiS()f79fC+w-R?AII|}*L|Zu
z?|M$Fa&WXsU&;AcCD&zH_i4((v0nU+9ImB)>N#!7!I6`mLuc5rYbX7#xR?FiYueXj
z#+?2Yl`}$RI*xgM$>SVDa6BiDCa$`>s!ZoO${*=2s6RaF^h3@iDi3!bqmtzjXB)9C
z!|b#4fnyFX?7Y7I@1MWw?OdpTlT%cQW2`Roc%@1lpS^hnan)s?zB=<wSnZ5biQ}AS
z4Dnj~oVw59D{S0w;U4SH=RJr0eJgjBN`A;^3~@Ynr18Hp8~?qBr!hXAe8tJ1;f`@8
z&Ulve^O-SM-Jvm84r9gme`d^;bDm;{>Zd3lt@4P>=~$||j3JJ{$3M+;s5=EKhw;QQ
z&S{<~&bZ+i=Zj^QHC<&o#=5T}uKbcp9OInM8Ms+nj}P=ylo^LFm6;ibbpOBNjKjA)
zP7e1s6!+1+jw-pg0B^XK{S9Dvxc(h3&%BfB6KC7);%48eb5B%xkh@Iv_&50tD${t%
z#E&GdzA^qdUZ1A<tT<zfBc9F^6lXkf;Yd3-yHchd#uLYL&~3!EtS42@!OAJQ<L`I)
z9XYS7d;u$`${oiUen-xGDwlXpwL5b79XV@j9MbcJ+8Lu5j-2$F2Fl@hT+$EAVhnNQ
z>_uETlT;q)IpdUrBPSitl`~zjDV|fS92`0Pj&|-;d9CM+R}PLGen$@XRd#z$opNyG
z@H=vTqVgrrnV=jTIsA?sj<x9+E3c#NoBsA$9w~G03+r32x;T!jY{6o?&0)4TW`1&x
zRNU7-!)N!*CueTP%4eRZx#9WDb>fu##J;~VapkamH^a(d?%~)s)A^Wk_Eap*bGccr
z(+_p&|AAO_=`W6TX(X<k3sjzomBU=c(f$U+ueSAN*_idk(a%kZkJslssN~tRc#Y-b
znA@qHFWKL_F&B&b+20<fea+2rB;x59;&Jv9;vCnvaWhvrCK5kXWg2st^<&-?ueCnl
zc&<<Tuj2GS?Z0E#5`Ley;{1#473XqkOw{HzinZ#8HrYNn+D!9d|KaJllGahCzv+2I
zW<1k&oN4{RG5*`iMX#H-qjKmQj+_EH*IC_@aGf3JH}p99IJQNalggpbo0B6mW>s#+
zV@LN`m5d|pv+lU?t}Tmwn7ZUMx5#1Lae<4IdhD+sa@tfL<UUX3A?{OE9-hV1_$&W-
z#TtpLP394f^`#DNo~^POD~EN$ku#OJa#-#KSUHR{E<9v?<9FmR4l}TF*e*EQ*@*b{
zw!ZuhGoIUH{o(VyDmy&R_;k4$hcwR0r~f#{pM8M3)hg35K{@;$$3DgH$k|8bE}6$+
z<+Cohu!ud#&$X0)gq+6QoyJ-D^c@#|Z24(yl`~DT<MhL_&QjTwIn5>2Eh&Zzb8XyO
z$Wfg6f+L>JsnpKb6l>QHZDP)`!u%UEZk?I$$jrJGZ?G|Mb~EPb_1b}Uj>I-9y4il=
zG}fwHt{9GE%NNK|ob7^RTcl%!+G$s8C;gB^JskTl=Sj5BdN41^VSC|dKg~(yT&h?)
zCMbvXz_Cr!@mz7X1&(psQZ9Db`le%o%=)Ht%K_V7>D*Fr)(aONvu#n5smprdSg+B<
z53=*s!|;Ucv*X-pA91I-EuW{{G$(Jg{-iniU6$%|UUB-y{Et5DB1ijsV&zZ+$N22$
zIY+2G5G#j1;~0mdh^r4Lsyq!Vhi!r5wQV}q-DG`Z8x#+==RS^aMaAhGj&Vrqr8xb;
zv8*bYx@oTAo2|{XEo9o+jrbwDw^Jqi2JTgPgL{_BSKP0uOwYfn%d*n*@5|Qaw&W<z
z`r^Wqw(WKzt~S4~l6{#R))&Wp*W-!%av3XfSZ^F-o3^j#G<pu}g(IhlxN=%lrv2LU
z(>SY5#wLyP_pHwslCOA4C64jG+~bTNj(y~6;%f6ImA7Hlt#%jqLq<Iw)erG8?)Z$O
zCyA>r&o$3@PK`V2zUXnr2FG?x$LCqrXWA{wY`eX1y?t)O&6(4(Jf4>2ej&?QnE92=
zj63bKHaO;3dahJE`zV&?jB?o4IQIShW$LnhaiQJD<PhSj+pBUCRt|0Bcu#&ZapgRx
zGHoyAuzl0^^7li|@f^m6V-W4IO>wj{gSgtcMdelQK9$#E<(J&?+&A0fY-=3n#&d|P
zogS4BV%4p7M_qnL4s$!5|9s815$jfz*+yIALx-nhE#pO;QNb~`8+#6YNc)#^_<h>H
z`mD{h$<a-|Lv6~mllHH}?7TOf`*9<%9{i4c+QG4`O+C&w!Ug|~dd9J+b~w&$i&dBP
zz_ERqujK5hGOh2ewyd;XGJVU}YXkB-Ehim=WO7(Gar%Wn)3*kF&VXY46lKOFt^3!r
z^^$4lf7VNJVrjjeU0?FLw^`kE{FI|^Q6@icCoSvtY*}*TM?X^ze_-u(i}HWxq;<c;
za>gjHc(m>NY26hkKVSD9Jcs=$jqROQH_eA*>|8pHv*Ogv$2rX(<!qsNTJATj?iXqE
zSo<5#v|Ppid%4?t&bX-CmGybj@br2j)m40rb(K@2x~b21Wqm#_>$Bo(?6Y#{bE<oH
zR`>X<uHtK~tDK>__gLL(*5w2{MzKEOG;YdSV>`;PRc?Atl-X8k{wtq(k>)=)aqF?G
zeu|3I9xmKu@zno0)`zqYHrf3Thm-G4eNfIC`=Fd7m7Dq??=7eOT4rny@^<P~re)o0
z%S!v~iS~K;seQ%Q*uHW~s+;zG<*;69AGyc+pUxZavo_N_lxb(Ieu^gzPtSp^nJ>+p
z_EY84CXRii%5(Nmnbt))^byDLq)sj>&iulKy{tcs1#yl)xNxGyClObFrm38amBVob
z7hbXb{cMjjHn_ka1n4nUKh*uI%Jh7Czpd{C;wRhZ-JRqfRpzg!6u(5VYdn6V$~)cn
zs(j4NbL_XU+GN~*;PI{0&d)r~_<Wdon107{*HM|SHOS;|;&IINU2-sELHlVt%Q4P7
z5?2n#jWKRMCvBX2AC-H#H&y&gZst;&pQ<}gPUrvfb#fYK`4ssC{m}khD)~3QNM*B|
zG3NZAIO8_oJwkp7tIup-9M7#wJ<dAeh=1yFwkeKyx!R)rA1ap4Jthwy_Le+RKSjA$
z<t=XF_q(4``JF8OO6J!xFUnkUk5;*zyH91cn|*@g1<U=u$~2zx>v9^;?sX({oR=P}
zf0Msh<r!Ex%oAMrzRlZd9%r85!dH>MW>?*>%U9}$b~;q1IjMG-4>-<AzTr6!s!ZEL
z`G?9pil^xFe^jz;OkMVl;;F;a@qmA0w#$b20b3Uw?QiNi^!h-2n!P`KNal^*2dhla
zUk_S4IL0KM7pd-HitR+ca_AS1^YC+sH`{v`Q!`(j`LfJ2GP4fFhithx?x#)5Rh(tv
zcnva+d@budmHWC|Ri<@RKI4Ytvsmdj`5YgPa$lozQs&9-=_*gdYKJk#(au@K)lR$0
z^xSd!@YLQ!;__OW`)QlXa};Av6Q8fLAJ4UQOvf4bd!9qx4>SKI^Qz4M%Dk<+TIKfc
z6)O2R%iUGw&hC#?*0>u~a;%|0j4dwkVJCXj>4&<E8F_e5mB(P^GqyP9#!1AL!!e)*
zD~EBz@f>lf$17Cgc#cSOKy{x{>{@c<yH(zb)edt37x<$wJs4AR7|%zrayb6r!tR#y
zyvIkW#POW6khtppKxH3R-I6=@7k)?1KUMw+E2qjG>-$sB;W^<Q&tbfAy!K=tEIz!B
z{_n5-{rJGYi)Y$?O}{bYpPtiYw&xbar`UD>6Y(R~4s#uoKi$o?xXI0!-|c3cA9pi`
z-*&Ui*WHZI@3EG}wXFBuJiq-p^Cy}Ap84OIhpP_lP&Xa_-QzsIzsh|wf6?pirE;8m
zw0^&zdxFXX+_j1yhPCb`l{k($X+Kq*ZIt%Y*KMrQeyTn!SNuZ#P?v3l<8vc97SQJp
zR9=OZGsYb`*LlvzDw&7mun*zLxr4ac`J2l7v2s`^961jYSI%mcy;wQ5?#M~=Ryk!_
z-#*V7uM$Vj4~Q#=^N__@?bNBnk@Gfj<&0DgbCMj!6BpiCU;o#&d;O5Z_S#K9cuU3B
zCjO|6A#)2e-*B7<rq?VzmXpqB^dSTsXDY~7oO~STJev|%4r80<yv+7W%X%zZmb}Jg
zJ#IPluh?SyNLrTSYh0FcO3K}g{3om~<5)b`?%O;t^A_%s%F*sRl{;b8rF~pjyq^B=
z$4|9$u)L>!$YE@7%*l<2&$H#GWu0fQ7wU<-*(b@NeH>$z`lB4$-<sda)hf5e%4b=)
z@TT==tjF2+ae+UO(jz@5s&0c!X7NeuPip6Uy9am&;%>H0n6}8LZ#eq4vFB{BGL5b3
zGB#<u$h*mDK0IZ0(|#@UNXNISw%yY>%lv*5{S^75XFX1Ev)nWAmxrgnU;c{6S@)S9
zzeVMIchg$_z2VA#S+VaDSDW;G(9L|QVV*1J0+st><q*Hh<Fqp~b5G_c-Os3e0jn<C
z?FSy`+WyZx&K&1jZ1jI@=7TcVXFf7>`kWbG_q6Y5SsbfzY>V`qt{je|?0YP0qT1Nq
z-Jz1>3;is)3vb)psPlN0N*vey8$8Z@!|{AKiMZN7OXW#eZH{rrG2wiV*QmttJUHFs
zY-=2UXVFPqZQiN!b~pDo@o(Y_RNjZREY<_Z>x;R>mGd2ykGZc=-FaB~?Cbb5&*_TS
zDfR>6x7au=l4<8Hm2bNFte^q+PHL0aV6-_wF&uSy?L^&eRc`I3Zn|ec`Sr@jk>Bh&
zXRACj%V#dq&K@c+a&vFkC7Cb7YO_IY;#e=ni@Hy!yv=hOm4josU7o{zVfVTl)X#3L
zHrci~+MMq>d~W5BJf}%HxWLY$N4gI|%l*A#?|9B+#c?cmkT~n5cK+l!&C0=%^HG-b
zPxlX1{@cC2>aL|9+QB2R`aDJL;OO&a9&b?`NBdh7_dZm)YgATe-U+MCsj7>k&Gea3
zs(Z9zdwc%zD${3iE5B9wIP%jmw%3kh>DYKd_MVvHBa}Z<Ke7L&W2tgD-lw|Xw7O}3
z*N69Tyd=M<_!{dfXLJ4jbL2c@b<^=&CZFemV(akqcOlG0a>`X6o5j;{)pNe?IV>~n
zcOHMp<81m~?D6>?FRJ928}YPWT2`fEIM$bclk<woD)*i$dH$ep9N%ypPxu}A?92PO
zn^mUsL*<v;ag3U%f0KW_%EPg8SPqUhPx5%RN*u?iGl;A1r7F{LOm)Y&<2k*}b6D?L
z?gv!fiIrdDj^kU8$H%F}5r4tswJLG+Ep5kVZ96uRbCJD=z%dt}r!s9Xk5A8XuFia8
z=5$<DKHKwok8h`aE4>y_{FjO?^7vaS2eO>sx;ZyqUv=n1N#&02T~(%Stv)l~{%2b&
ze~far@^%=fz1(cmw7rzWm>=r#D^wooo~iO^cZ<r?-HiQIH^-bbSJe*vNpn@6r})#J
z^DUM9(Er6M)9Y^eCHWJN^P1*U_cE2NC;5Diayr+YZ`*}AT9jGew69%k*RS^_?&iD=
zAEELX_lYXgyz(6OCE6)hiDMtxl(=$O&K7R=iF6*Q{E_aMGh;mG0+pNx&?fESLcjGn
zjk(%9PBHpK`}HbMcGsyq6RR%!GA{hk>Zaq;b7p>5lv(%GpRd?Ce>HJ8{Ue9<!m(ay
zo+xKq#WwRCeve~as)#EmtrMPR$HukYl`1#H&s%?Rd<VKXtZZHWZ|{|b=|`C5g&CtT
z>lJ1hVYWfIl$m};oOKV=?{H1#ahYo~kI!6}c|zv;%ng|vGf&FglzDRI=FC$vw`880
zxi#~&%x#&)q4gb+`TrktMrPQsX8pu`_<w86XJl=*XP%k4BlE1xotbB6?#etTb9d&s
znR_zN%iNoJe&z+47iR9u{A%X@%!@KF&ODHLY39Mq%Q7#|ydv|;%%5alm3ejMVR}A@
zZOZkMFz<JTdCw(Wk(s|ki8$AZ!n}?M^Sl$T%3Ph9=hVpI^=z2;*}}YE79O9uF7t%U
z^_d$oH)fucxheDH%*~mnWNyhkHFIm`X_?zH&&b@Kd1mI0%(F6gW}cn7EAyPp-I?cR
z?#Vnab8qJPnHOYUn7J?WtC{;VFUq_)^ODR1nU`iB%)Bh~^2{qTugv^O=2e+jXC9{4
zJ29_#{T1eK7Q(#m5w6Hw%v_myROV7<Uav(vyj}~B$;@lHh>y!$n|XZZy37+Y^FB<p
z!)xPkW9CVjd7mh9CTDKWJSB5W=Bb%mGf&IhmU%|z_RKRgcVwQGxij<Z%w3u1WbV#9
zH*-(sd6|1N&(FLd^TN!1nP1J^pLtQ{#hI669>}~j^I+y>nU`l?k$Gk2PcpB{ygKu+
z;s1BLkH}n}d1U5_%*D)=nMY+VWv<Fxoq0^=n#|)e*Jd7{xi0gB%=MWYGB;+{Z9_wI
zUbndnS(mGa+?-jL6Nch?JATM|+jq!%$vtG9?hm;w^Nh^xnP+D1$UG}^XXe?NyE4zo
z+?{!D=AO*+GWTYlpLs#%g_-*@znZx}^P<d)GcU<Jka=n5!OY7t>l9{aY)51+&pa}7
zMdo7W%FLrOi~patU&`9A%3Pg!Oy-)*<1*J~9-p}`^MuUxnHw@UW}cL}Df8sa`Pk;;
zmiIaDPrj_YovB%yGcwQ0JSX$K%nLIw%Dgo5ip;AskIc>iMr9t8d3@%E%#$-u%{(LX
ztju#V&&#|p^P<d4Gq1?JI`hcv7(OcVn9SodH)Niid1~evnP+95lX+g|g_##+UYdDD
z=6pXLnQe=FfBb)vGb*c_?>l3%c)pK}&*J&MpzyG=*K|<PBONz5Xz7uT6+bkm<HPIb
zl73hABXinMIk4%G_RSxg)BebZzUxt^pRza2X}{y(r$^e?eqv7h*IVXh{jTh%<`&EW
zQjb>rGjkh$+uV+SZtlPwMD^&zzc6><cg)@Rm*yVKfmV-R{44VU{A+U`{*AdGb1>Fp
zG5)Q20KaP<#J@8y#~iTrSc!jcUWNZ)9>#qBqq!U}H&@{I%$4|ka|!>+T#Z+lYw!o=
zTKu884*%I)k5`%-@kiz+{IR(i|Ha&bKQXuBzna_dr{;G2H**JGW$wg(H+SKGn7i>m
z%{_RvxflP-ya4~(+=u^T?#Jn!N{v4*V^7ih+juSWARcaBj`>hEJyv4A96*m%cpdYw
zv~QZrF(0s|M+IKbT#45=mvF&cjrlSGJ!<d<=32a=xekBMT#qZvjd&w-6W-X|j5jg2
zV7_=wk5>G7a~s~&+>SRhcVNEIK#xwmxw#8(VeZCXF!x}-=s=HNyrp>o-pbsEw>J0V
zl6f)S#yo(xH4ozL%*%0=c_rT7yb6yt57VYC+reCptIZX7M{_0Six>1L;hoLZc#OFQ
z?_#dSyPE6pZsvN-mp16ph`(rV!eh<Nm@jkCqXmyMw_?87L60`Pr@0;PW$wUy0fZi%
zcyDtT=F1=S=*Ih+d+>O3FaDBw0p8Ethxa%4<2v(Ve1LfXA7~!L2bq`S3FejfVDl<G
z(ai2tc8Hm&Usi8snwA}EW=fUu#T0t5`O6MBv#H7&%nWPU5oU&<>_{`+Ej!9g(`Aij
zin624P52mdGd|Ybf+v|<@p0xhe7w0GpJ495G^R%<KGEETPcnDolg&MNvbh(ZVqSnx
zHTU7u%>9@S>aiG~ZXUpAm<REh=H+;bc_lu}yb7Of=4Pp~bIg3FVOfj00-tNH#OIky
z_<VCUo@%baUpCj`3(R$xF9gwp??WtWH8<jm%uSdt3DKh&f5qH_r<q&vCFVAKskt3r
zX70dk=1%-oa~Ga&?#7p!d+-c%FTTRO0AFeD!+bf39{sr8ycl0?9>CX_2l2J$<#?uf
zCBDwQ3SVy?rpr!cH<-(Dhq(gZXs*OJnM?R)b2Xl2uEAe3*Wz2ub@*0uJ?=C&;;);V
z@NMR1e7m^?&o;N>JIrnPPIEi{hPeZGnLF`a<}Q4<xf|bO?!j}+z4%`90(_sj58rR@
z$KB?|_yO|(e$YIKA2Kh;bImL9!{$}^5i>Wwmpy7O$35l>{Fu2CKW;AJC(PA&p1B4;
zX|Bajnd|V==6c*~<~ujbzG>$BCd!^MH{)l`EqK0}@8v9e&fJEdH@D*#%pG`vxf6fO
z+=X8>cjIrHd+<VYFaC~s0e;EchhH}L<396Z{9W?^e#Jb9zh_>KUp249-#4$qKQMFB
zU-p{09QT_m@DI(E_;qs$|Hxd87ny7DkIl9C4RalS)6923lr1(l;-8rLPKdI%%+2_x
z<`%rf+=_o@Zo_Yz+wsrM9eBXpiGN}4!ta>7@h{Cic&WJ;|H`}o|JvM#e`D^)gXYEf
zx8?!-u6Ypu&b%BiGq1$IH?P8fFmsbo*&og2c)6MHaVUGwT#4T|m++s=)p&)u27h3#
z#UGmM@Sn}~c%``!e`IdLADf%;U(7A|6LTy6tC{b2DErjhj{j!vz^lxi`0wT}{10<C
z{-?PIuQvDMf0-BHf1CU8f6V=Om=4~0EXHN#0lb!Z5Dzym$0N)uF<&68$11#zdD!~$
zx@Nw=wyfM-f!8xv;`PlX%oh&pQH@8MYw!l<TD+mT4u8(f_db+Wm>cm%<|e$cxf%1t
zQ+l-EqM1JrF8jQ>4R300$D5fuaHY8uZ*K0wTbR4?7tB3)l(`pgX<mT0GWX%F&HcD!
zUW~Uf58!RhgLpgha$IFziMKbe!lTW@3i1wSzN4Y6+RS(CmhEV+#5<WwcxQ7p9%HV-
zyO?Y7uI4(-7jx-Rk88}0_={$~yP<5Xxf$<nZo%Wst(Y(M(xVOUX>P}RnLBW;xfAbg
z?!x<+yD?t^rbiDRZ|=okGB3dUnfvhm=6+mfUW^Yg58wmMgZLoxay-Gj5+7_{g(sT1
zp{MK+b2+Xz^IZ&Ohno5RhO)!VC49KK8aJ40@Db)(e5AP!A7!q`jpjytw7Cf%V{XQL
z8JZp~c#^plA7^gE$D7;n3FZ#mWbVW#n!E5x=5Bnlxd%@+_u^B`3-GDtK75+FA2*v9
z<I~Lp_zd$PKGVD$Pcg5=XPH;wv(4OyR(6iL9JiP&@VVwn%$L9EQNrh&tMOEG4gRvZ
z7GGel!xx(CajUrzUu15=7n_^$SIjMVnz<EUVs68in%nVZ<__Fu?!;d;cj4*gZhX19
z2hT9~;w#Jx@RjC1e3iK$x0@H^tIY%W8uK8&*1R0gG_S<hnOEWK&D?xec7wSbcbF^i
zjpj;xlevU%Hdo_W<{JDpb1lBbT!(Kp^PSgao#saTb#oKG&D@M{H@D!~=2m=%neSI9
zyVKl`zhUmcUFJ@Fm$?hyZSKbRn0xRXb1%Nvya3;4?!)(+`*F8<F@C^2fFCpu;)l%3
z@m%vt{IGcye#Fd;&Sj69`JV2w9&-hL%*=OlmpyJS;U~;|A9vY2GvD!9_N2KMKV`1N
zPn+v;uelL_)7*rgF*oC9%`JGoxfMTWZo|);+wlwL4!pqJiN9s;!Y`V;@wd%Ac%iu$
zf5*H4zhv&iFPr;upLsF<u6Y2zVjjfbGcU)lnpfiQn^)l<n0ceW>@{;a?l)K9ADS!i
z>*f;vk+~W#GS}cAn``kK<~sbQxgIYzH{zd|oA6uaX8cog3tnPw#XmE*;kV80_~+&h
zJYep`zc6><cg)@Rm*yV4)ZB}IWnO@PZSKRrG56y^^J4s4^8kL=Jcxg1UXGWUSK{BB
zSK&XH`4EJ%Kbp(&a&rZK&s>S$H<$3A%++{>xdwk=uEigk>+qk=^?0SZ5r1TE!XKNP
z@n6g>_!Dz0{;RnSe`;>We=~RBRpw6ocXJp1hq)X7)7*nsn|txU%nR_p&3*Vk=6*a(
zZyxBe7?+s`@LJ|UJlwn-k1(&qYnxZ$b<Eu0Ube2e9G9Cb@OtJ-yuP`F3+8G((p-Z#
zFxTP@&2{*5=6YOVZp0gzoAAcwX1s~H1sBb&`19sAys5bzZ)WbmmF7;oxw#8(VeZCX
zF!$h5=3cy|c>&(a+=sU|_v4azG2X^JfVVXd;_b}Kag})`-rl?lk2dp%f@M3H%W<{2
z0`F+9#5<WwcxQ7p9%HV-yO?Y7uI4(to4Fp>m>cmI%}sc$xf$<nZo%Wst#}V}8{X60
zj`uQm;97Gh-rL-T_c3?lea$_1ytx;D$-DsXXYRxMoBMH{c`-h~Jb({058{K&%kc#B
zN_?<+6`pA3j|0jMF_+_da|J%sT!{}em+;}{YTRJ1!AF>D@sZ{_e3ZE!H<}yq(dH(6
zjJX*fYi_}l%&qu1a~nS1+>TE$ci<*-CqB{Kg-<ef<CD!jc(S<{pJHBsPc`@9)6D(2
z*}NE^ZXUpAm<REh=H+;bc_lu}yb7Of<^vYX&M}wc7IOtY*IbFuGnerB=4w3ET!X)C
zuEiIa>+pr<dfaMm#21;H@Wtk4{1tNxo@Q>vmzdk|rRH{gnYjbEnLF`U&0To9xf@?@
z?!hz6z4!|A0(_;p4_{^O$L;3D_-gY2zQ#O=uQe~nGtDdUb>>z0dNY4~TXuuF9Cw&2
z@Qvn5e3Q9^Z#GxsS>_u2HFGV##axGPHP_=#b0hw`xe4E9ZpOEpTkvdiE55_rhVL}D
z<8PQdaF@9g-(~K?cbmKMJ?0)f$J~qWH7~&Tnfvhl=6>95UW^|w58wyQgZLryay-|(
z5<hHSg&#5V$3kU~n#*yIxdK0CuEdX<OZW+MHJ)d#!B3iN@l)nH{It0q_nI5=H_c7>
z8FMp!*4%>Un_Ka7<~IDinRAi2e?~9sb^ff2t9n#ozkj9*`~5RD*zcc7_vHBfGxfy%
z{+UVG@1JSLe*er=%!OY)+OXe0GZXv$Go9G)pP7UG{+S-^_s`77e*a7#_WNfRVJ;@?
zk?v{n`)8IB_xop7V!wZ8HTL^w%DJb)@1H4RzkjBL{r;ITm<!Z;)MCGXW&-y6XBx5J
zKQkHo{WC4t@1L25{r;JD?Dx;i!d&#$qYL}}GwGgxzkep(XX5wIq<hc&{+V=diQhky
z?#cK2X9j7<@1IHcp>ZKyk8}@--#;^g`x*THnF{Rp&y2!;|4cRZ`)9^szkj9<`~5Qw
zn2YmzG-1DgW(xNEXIin}KQjaS{WBfd@1L2C{r;J5?Dx;4`__ipd+F&Ok1}(*XL~Jk
zy02rnIo-oH!kq5qSlgWLsb0rCOx-P8*E|xJn=A2p<|@3txds=^<MBvyJ>I}P32$g_
z#-B4!#TDi@ypee(-q_rUH!;t_MRO1Sym>y})ZB+RGqWqk{WI(aasLccFz%mW^T+)&
z41L@`!)nL<Gb}RhpDE$3t^F~WfF8AY8}kIbt+^3zXP%6!%q@6(^E5o#+>UoJ&%)K_
zF1(|8F5b!9i+472=`rq~>BqZRd<ovwJcxHQbEzrrpW!l3+&?oyFVEusnF_qS<&VPS
z%++`g^EkYxxeo7TZomwT9!+>}^Ax;~xfSngo`J`kJMfpxv+;iBZoI#lw~FHa8Q!Le
z`)7EIB<`Q#?TNU5hPMXd{uy4D$Ne+BBp$kdMo$BA|IA2SZ_BF0hnlPKVdffqxS3P`
zxPOMz?zn%3Q{K3LhSSZse}+@NxPOMzthj%MQ=GVehSQ6<e}<>_xPOMH)wq9#r?j|#
zrVpQB{aJ*Y%mesD^D=yrc_lvCyc#n}^(g0>@+sybKGj^pr<up#W^*k*-8=!GVQ$1{
znkVBa<`#UGc^W?3+>XyN&%*2|dUWA)&2#a2=5(F?eDgx$Q_bnx`j^d1h+kk%*V8XF
zuOQxPPS?;cGLPVT?#1Q`{1x*k%+9JuHNM0=4qs}n!<U&GaGSXaf7Lt%PdB&X%gr<J
z408v*!aN&aX-?O>uQJag&H+P@bdCFJ^Q*+KF{kU=*P53SpJ`6lvad6LLi~F3Fs`NE
zU>=D(%$4{?a}~bHT!U{mkH;Le^r**QGf%>|n49sf=Bc>T+=jnyo{4WWcjDX4bMS0)
zy4HM$c|P$w&FT8`H_VHOcbU^Q<-5$wh~I5a*OBiruO>dnT+TJkd(B0BpSgtZH;=*H
z=34xKc>;dW+=w4CPsSX)^=QElo2TJN%<cG5^DNwB?!u3m`6`9De<oe$eZt}kiO(~q
zYr9XHmk@u-oUZ3SZC*i~ClEc-HQaBSM{qsy8FK}G);tQ&H&^55%;WI$<~sa>xdAUQ
zH{oxYr{EXOt@zvK8F-<&1AoUn8^2^u*IQpU&m-PvPS;q!YkrmZE9P`v^?T-}#9uY1
zYpLHi^Bwm?_s?)G?=_2$#Qo+<{6ljUe%)Mye`Fqy7n$qvkIj6SecV6OjNi2QRJ_>S
zhJRw7iQh7J;-8x5;3ejCt@CH*`NZEgr|X+PH!mVSU{2RGe_>um{2g<;j`>UTYT`@H
z<y=$ymAQz2Z7$*8n8)Bjb1nX@c>;dd+=zc?<~!Nr{+Sm1dyDhk>v8`~JN~1^XW`}M
zF8rQ(E`Hyft~370ypZ?`bGo+pfq4n>56$U%;-Aech_5uKYlt72M{qssV{--mi+L3O
z#9WR4Y95C_HP_+4nH%sba})l%c?$lAxfTD@JOi&bci?}SXXAgH)AhdpnCB56rjr*v
z(lx#^^Q*+yGN<c$!_7;Hb8@Fgx|X-LneQAQx_^diN$XmCBrZ2s;`Pi`cztsXE||yT
zk>+~5fq4?%(A<naXP$~V!PKJ-Z)Bc{H#T?TP0Vv}(VVWeecn8u_@?G`eQh)IBI1?i
zbWLq@^D^RFnA3H%FPK*o=OkB;a<1uYX)fZe%q6_Fc?>R@Yw<Sb33yv`Bi_zD8CRKG
z@b>0uc(l14?_i#VInmam3-4&2i+3`o>s&jV7ZM+1PS>_}F)ty$t2tfI+ReOzc#Sz-
z!}_9m1lLo>nk(?`=24iFeLbr29_Dd)PjemK%iMr#%}sc3^Ax;~xfSngo`J`kJMfpx
zv+;iBbiHYR^E~2p=5&qe0Q0NF4>YIiN(Y&j5}#mB*OCr4e?oksc^KC+4l$3!_2x=^
zsJRLsX0E}9o5y2b^ypEKk1$WdN1B`QQRb<*(cFfQHqXSzm^<;Y<~ewhIbG{H&OD#^
z@#b`W=LGX2;=J(EBVE%u(Y%cKN#=AN=VbG0;*-tgTvIs3T*RlEOZYVN7~E{G#iyGm
z;4{pP_)PO;JjL9C&oWQLXPevcIp$fo#oUF@HP6N8nbUQa^UVv1Pc^4&D_=G*A%1~5
zT~E2tyn=YEIbB1!$UK7g^Dj16;IEiR;c4b-e2IA+zSLZYFEcmbHggmHs(A{YZf?bw
zn`ht|<_>&?c{aY%oUV6VWu8a8-JGs*Ty1`p_%-HqUE^BwQsOhs=~~8h=1+)UZyv^b
z={J~1;tq2qzR_HTZ!*{5o6Y0#EOR~nnt2kw#oUZ<HBZHz<~ICw^Gtl3xf9=Ro`Ywb
z)3t^>%=3xgX-?M{zF}TOyvv-fDcogVM*MDbx{h#<c{TAl=5pTCzSmsD_nAxhe)AaI
zZLY-+m?z)|&5igW^JF~N+=3rAPs5Lx+wr63S-8jCg&#A|#gCiQ`}|Ls7ZRUmPVenM
zX<kD7DRX*1|7r6I;=Shd9{xAYBX~dj8FPBy{#o;=^!~Xyy;uL7d0cw`+??K@f5F^9
ze1SQ=C;u(;6yh(M)BEt>HqRiw(A<H)W1fv)GI!&b&GT@dc>(@EOx*#vy8nFt@qRxc
zgb+dqA%tw15JD`35JId?+uGKqO{Pto5DOuM5JCtc#M%}@EQAn32qA<_2;qOffA8P<
z-_MWBbv>^8dcEJD_vike-}jtz-{<<C538r*kEj>okE++=sd^{=nEELGxLO|cU;O-x
zT|Cq4F7YSSUhyZ@0r98QVewoY6MtHr6n{pY5r0;l7cbN$@#oZ4@#obI@fXx>@lxFr
ze^EUYe@Q(Ne_1^juhc8?SJYeaSJemc*VJe6T5Y?5;jgQm;%}%u;%}<`;*B~a{+2o_
z{<b<H{*F2=-l}ur@2ZR9@2M-|@2l(Low_Cdfx0XHp?V<xk$NoNt7qaLtC!-Rs5j!D
zs`ui9`Xv6D+G_lxeiuJK;}HK`ue-%ZwNLyDbx{0EbwvCtbzFQ>r^LTjXT`r!7sS6+
zm&IpwP5e7`Q~Y~%NBjqMUu-cR+8JvkzC=A0U#eb+ub^Iwt?Hflit3~IN^1EBO)q|a
z#xAz$b(i=mYOnaJ>VWua>abWIni?x6zPdUozJ@v@zNR`acBo6@YpJW^YpWaL>!{me
zr@AM;u6iiGo_Zp_zIrZ}2e-yriEp6Zif^bsh;O7mi`{CQ+whImPVr6D9`Q}pez8X#
z65mW672jN)5Z^+b7R$q9W97uRR2Rj!Qdh*cR@cQobxV93bys{_^+0?(^;qmz&&0P^
zFU5CIZ^U<0@5S-}+gK;@ozzz29}2(t`5A}!kM+7+98~+ncUA|*f1-|v@1l;2L+X_H
zuIjA#Zt8;g?&`8w9-<qoCccNdDZZz=BfgiqFOH~3;(M#7;`^u<;`^%C;;4EjzMuLi
zzQ0=jA=HbXpRtSOLB6qE;s>a`;s>e&;s>e2;<!2{ey}<zeuz3FeyBPxPN+-bhpDUL
zhpQXnN2uFkd6{6Wp7@dKq4-hiiTKg#xj3a>i65ihiXW>!h##jui_>bG@sEdI{QQhl
z`~<!35&xOmFV3h#;y+hM#ebnrh@YrVi?iyS_%GE(@n5Mc;>&-2rY_Fu^_KW=)Lrr4
zst4k~Q;)@Y^-TQt>ZSM})En`W)O&G3eG>np+Uha<Pilww$!fQ_sP>7Uq7I7xSsf8S
zRUH?X)G6`5sI%gKRTsohQ<ueMbxnNv&(Ac)|E||N;-{<o;);4CeujD~ex`aMewKPI
zuBvz9XRD9m=cwhEIbZzzj9pyQ>n`zg)n4)Q)B*AH)nRd69TUGmofN-Noe{rCofkLM
zCGm^ZRq;#I4e?9WZE;iG6TeJ76u(?O5x+t`7q`?a@hjC^@vGDa@vGHmaa(P>x#7!y
ze#R+&tzP$tU#IqqJL-`5_3Ehj4eEsWjq0?xtImnvq%MlztgeVJ|M{7^xTn`!;<u{1
z;<u>>;<u~E;=Xz&eusJ~ey4gPewTVL9;i>^cdM<pF#I01L;PN~TRc?z#P3rF#qU=~
z#FtnuTX8rAXT_IlrT~}Wn)nKuX~G@2FV;t)mJvLK7w{V1iS^4U%MrGC&Fgm91$*HD
z9EM|XQmnVfl7aJZ39iBoxDEH<Av_Tq@AG8M;T61v5AYeb-O}viggvky4#8140jJ>{
zT!brd9d5y0cmR*#8N7ry@E$(F)?1lpcffAg2M6H@9EVeI7B0YLvGER4R!wZYpOe*u
zJ8)lYyt|S$f~W98Y`oWzwT5@_5w_gg$Q$oPWZ7XC?1ckx7>>b7I0NV55?qBFa2xKy
zLwEwu;T61v5AYeb`ON#^ggvky4#82e@lHinLTtQOkd=mWa1pM+b+`q0#m2LHSp#?s
z&)_Azf%ou9Y&-{-Wxb7Q2keG@a1f4&jpxX+;&2Mi!Uebt*Wf1Hf%{_P8Lq4mJcSqV
z8s5Q2Sbn+1MNd2Ig1vA64vURvsj^~l63)PRxCB?>2Hb{w@DQHBb9e=B;RAezZMQSe
z;)Ff09}dA$I02{O99)Dea2;;JU3dVG;TgPyH}D=l!B)R{b_eW+eQ*$tz;QSQXW;@|
zhHG#W?!bL`1W(}wyoPu15td(6e(^DEhh4B24!~hJ1}EVRoQF$r6>h+7xCam62|R~a
z@D@J6XV`WJ^FBCX5A26Sa1>6!X*dTL;R;-bTW}X1z+-p@FX0WmhflEej^^1Nup9Ql
zK{x`(;S`*O3vd~(!A-aW_u&ydg%|J|-oZy${^862|M3sIU@shi!*C2v!WlRZm*6Vg
zfZK2n9>NoN4zJ*?*m&0^>j0m{#ycTdwmX@2!XDT!Hr}1c3c*o00jJ>{TofDc9%NPE
zI^2T0@BkjeGk6Ja;5~eTt$$?B<AB|;4-Uc+I1Z=aEL?!ga1Cz49k>sV;3>R-*YFNL
z!t#p=Fa9j-unYFW0XPiD;3S-Z^Kc2S!VS0$_uwHsf#>iF-ogj?4BLXneK6h$$#TLT
z*bj%`D4c-Pa1Jhtjdw7zDsUZc!CkTOu0qxT9>X(uDK?((%i6$u_yk+;Y~~%X8}`9L
zI3hNlr^|}NDL4xk;4)l;n{Ws2!y|YKFW@!2gO9NMg4m1s?PBAZxGWd!g#&OHj=@Pd
z1LxrqT!kBO8}7kFcp^5QWy_kwD|jpR7y)A);4^Hyi<xo49@r0u;3%Ac({K(h!WFm<
zx8N>35F5{JWsTt(yo5LK9zKbUXP~mIA=3`n4g27r*m#C0D+0&i6r6<%a2c+_O}GR1
z;SoHA7w{V1iH+xdvW~FjuI6<+?1H^;Kx{lalNE+za1zeIdAI~u#l|x!Sq-=i_uwHs
zf#>iF-ogj?4BPHz%wRkZlI4UwupbV=Q8)po;T&9qD{vid!CiO&kKq}-gg5XWKEc+z
zn`d{xZn5#4NR|%{!Vx$Qr{FAHfXi?VZo(b7FE*at$Qr>@cmc2B9ejl47nxr4w8Jjg
z3kTpZ9D|c^Mr=H1k(Gx_a20OAZL#s3LRJqR!V`E7ui!0wfX}e)9_C(7*aQ3F5FCXQ
za2n2ujpq)sif{$4!!5D#{kg0zJb=gW3|_(;cn_b%#`nOotoJnSfZec9Y<%A+D+ov6
zIGlpBV&i))Sp~QZ*Wf1H5gXsD$m+u*cnUAzwb=MtU)Byj!j^lP89VHPy<+2QWmy3@
z49DOkoPqOjNo;%#Dys@N;5OWYhwucR!z;1zb)Kv(e1OleEn?=Kum|?TAvg*r;I!EI
z8cS9#V!8-d;5ytA8(*Wy>PAct;4wUdmtx~{ysS;c^d3IJ)_a>7huHYMD9a7|;Go#}
z{2?m>$KjON_<L4X7B0YLxCS@H#@|h{I&dEziH-k;WliA)ycQcD>#}z65w_gN$QU07
zvh1)6_QC-;49DQ4IC5D_O9sxvCAbPV;5OWYhhpOlvL^5xUcp=V0H4Li|7F?kYuX8W
zU_Ts!qhjO#vJ!9_&cQ{v0@uY+?bCw0@BkjeGk7V!pZ3|nd-w!fjXf{&4%iL*;2<1<
z<Kp}4z9~2h7sP+6nKE31n{Y=Q(|jKu!Bcnvuf-40+8um^EyjJi$k<_*_<>sMg#&OH
zj=@Pd1LwsL(w-%_3OC?3+=GYkL>$+ib9e=B;RAezZN{J5MIWd5!P?UU`{58Ag%fZZ
z&WRtQJ&SM!uEQ<3D}Jcf4&X67gO~6I-oq!@YJ5Ci^mo8+*arv237sbb$Ke#5g$r;Q
zuE9;X1NY$(JcSqHhv{r<cn2S0`K9X@c{}Way>I{y!!bB1ez?w%f%9+)u8JR_`3BsE
zd+-pRh?817hga|xKEP-3Bem9M{5^4DC+va!a7g?pt&PG7I1T6EqWIBTTY>9v3+{?j
znjgSpcm^-UkJ0=F-oq!@YWzKSk#~q6tF>;}2M6H@92Y-MYg2F*F2H5DCQfT@6Yju$
zcmz+ykJs7-yoPu15w;kAA79kkVHfO$1L7y>UST)}C*cg77yp^omf$Mf5N9;ghI{Z3
zp1^Z>1#iWFu00R%8MYapLoWFX%{XBX?1w{e6i&ct@e{RY4lcqKxDL1AE<Aw8@C;sx
zv%2pF-oq#HUuwo`e6G8&19pr5N;5t<2uI*JoD%=F)@I=XT!w3KQ=HS<4%~-F@DyH%
z|3+)q@D4u07UOgBMcyv{Tdj4$UN``U;TW8RGjJX*!Bw~cx8WW<geUMEUcp=VApSc&
z<5`?n+l;R-F6@LoupbV=Q8)po;T&9qD{vidiT_?_>%s$g4A0;tyn*-d3AP$v%UtZ`
zfZgJM&>4Ji5RSlcI0a|n0$he`;wR}|O}GR1;SoHA7w{V1!AIC)e64h`uN`*5UU5NZ
z3&3GG1}EVRoQF$r6>h+7xCam62|R~a@D@J6XV_+Zy>@X%C+va!a0rgV2{;Ys;38as
z>u?M1!UK3L{zv_DnZZkV1MlGzY&E|2yy)YA-LMZ1!Vx$Qr{FAHfXi?VZo(b750Bs}
zynxs64nD#b<7?-Ov)f@8?1ckx7>>b7I0NU!|D=CjCAbPV;5OWYhwucR!z*|TAH+}A
z8P2fH_&(s`x)b)memDe2;RKw9b8r!^z;$s^XKTS-cp!d?X2$RgUcwuA51(MG@qNri
zPY3LVeQ*$tz;QSQXW;@|hHG#W?!bL`1W(}wyoPu15w;lLhh3cA4!dA49Du`c3{Jus
zI1iWLD%^nEa1S2B6L=1<;4OTB&#=w-{_^5JIAIU$heL1_PQYn62N&TAT!&k57aqW4
zcm^-w4ZMd>u+{ip`Qq#j*bV#OARK|?a0<@C1-J~?;3nLG`|t>!!V7o}@8BbBF}~No
zIJ+Ho!Cp83hv68Ugfnm+F2Pl}0k`2EJcK9k9A3d&_yC__oAKP@;yyTG5A26Sa1>6!
zX*dTL;R;-bTW}X1z+-p@FX0WmhflE8c<yp>b_eW+eQ*$tz;QSQXT|@lpR)>Z8Lq)i
zxC8g$5j=$#@EYEUpQ<w)VT<wH=;FE^cEMh8Noxae7>>b7I3xZSt<A$FxC%GmHr#`U
z@C2U2D|ibZ;4^G9o@rh3uR5m__P~BP1V_bB)7k`_hI4Qcu87N8TZdb47aqW4@xN*9
z3|_(;cn_b%|E{%G<C)xr9k5&cbj|qSARG}_G!utYa277WWw-`6;SSsvKSTE#!Bcnv
zui>5enOb{<EgAE=9d^N9H~@#?7@QP8%W~Puz<Ia?SK$WShI`_w<+3$|C-59z!CUwM
zpJAKveDtEf6ZXJ<I3#|y<+2rp6L1>N!9}<N*Ws4<IoiJq58yF8gO~6I-oq!@YCQM7
z*vldQ58c-d`{1CsrkMyFhf{DCF2H5D1~<je)&3p050Bs}ynxs64nB&Xr~NHYG;N1n
zuvh$i%?IEx9D|eMy5=)*9xjPrpqVP%fZK3S{6ftS;R!s4SMXN+BCS2ZXV_*uFTcn*
zVGrzwLvU2w(EbTH4d=u!)=Uwuz;(DKeu?J0@BkjeGx19`zl1mNUfk5o3AP&V0WPjP
zV7K^Xn)ks$I0DDTFV}nu&cX%pD>PGvYj9KC(o6^L!y|YKFW@!2gO9Mqc)xM6mmPM&
zUN``U;TW8RGjJX*!Bw~cx8WW<geUMEUcp=V0H0yoUz_*A3435a9D<{80#3s@xCmF^
zI^2T0@BkjeGk6Ja;5~eTt;V~ii;n>Z>=wWB@{fP<tJFa_0>|MLoE5)XYYT80u8G^4
zX~G@250AvJ(fkx%z-#eqHM4_{u*G;+c9F5eF4zkP;4mD6lW+#k!zH*1H{dqhgNN`0
zp2I763m@P!Y%|{bUEBvJ?1BAo2#&%DI1T6EB3yy%a0~9j19%M2;3d3)_wWg}8t(%y
z&hCKSun!Kx5jYN~;4EB#%WzHny30TQ#T|7A?!zN^3NPTb`1O~6{KH4sV!Z#n$k<_*
z_zha?g#&OHj=@Pd1LxrqT!kBO8}7kFcp`qI&N+uy@K)T_%mF^bHsf9EMaBtxV88fH
z+9w1@;RKw9b8u1oX6;jf>u?M1!UK2=&)_Azf%otUwi@qvFXnN;ZrBG0;RqauQ*ah8
zz-94U^gh(!CftGh@Ccs53wRCh;3I5#k~xDNcEMga0EgiioP;xQ9xlOExB<7tJ-t6Y
zcnDA6IlL0TRcp8K0Y1Yv<NfwU-U)kPKOBOia6<ex-8T*A;38as>*BX-Z42(g19%M2
z;3d3)_wWg}8t;%V_I1E+abM^0!9h3z$Ke#5g$r;QuE9;X1NY$(JcSqV8s5Q2*kZho
zy*Q&CcEMipJM=yT;4mD6lW+#k!zJ-MwPzJ>z-{rnG}D8J@C2TV2by2OTlfH<#qZX<
z?a8K{um|>w-=p~u9EB5bTKrzk=ink-f$MM!?!p7{P<xKy8N7ry@E$(FR^y%XCGXRo
z4%iL*;2<0kzh7(Pa0<@C1-J~?;3nLG`{Mu9y+-g9UchU3Cmw0-5w<+Vyl#hGuon)%
zVex-y&lsG9GjJX*iT_(`t8fEui~mP6J$MLD#AD6O;T60Ue?T(__zc^O_cND#P%}>0
z1N+4v(o6`B!U^$2Gif*n7vTzA7k^l5TW}X1z+-qO{)pBt;SIcpPq6i=M(szn)&aX=
zpLnX7ARK|?;*V)21!v&`T!w3K6Yju$cqIO~?lpxM@EYF1NAdq^t^6Y13)^8A>=n;6
zAArMf3{Hwaq4^A)hfCs5YNiS|;5OV7e@gR1cmmJim3XfCEqs8_u+4Z!cgd$U?}R<D
z9}dA$@n^I)0jJ@d__LZR!WFm<x8SaLp|t~e4A0;tyn*-dN&GqOX*J&aUDyG;VILe6
ze_m@Na2!s-S-1d~;hOjh+Or9F;J$dNnGrmN7w{V1iNC0|N7(W-^ST{&!Cvu~v^D^T
z;TW8RGvY66Z5}ScRk#7S#Vf7t!9#c={)%Si@Cx3Fzp9x7e1>htJJ^ei6ZVL|rnP=J
z1V`ZnoEEROHU}5s3S5U<;;(CM7aqW4cm^-U-_Y6(yoXP))p&<|k#~r{skLs{2M6JZ
zc%%6^oPx9BZ)v6gm*JZD+nQ;@9k?(4j%G&i6kdq8npwj;_$dCaW-P`#@C(~v7wi>(
zPxApd49DQ4`1_jAz<Ia?SH(NcH{dqhgNN`$`~$6>!z*|z{-I_L@ENu}-N^h%Gfvn8
z`{9syulXpPfYWeJ{A0}*;R;-bTX0wW6RjP<V|WHH;f?sGTDyl&u(e`l9IzYq!9h48
zK3FbWaX1BM#XqxLwhC|=uE9<5|5+|u9k>sV;3>Qi|J-ufTEjc|C_Y{mu~?pA+77#5
zFC2iw;$LW=7@UMNa2_tfRk#7S;T}AMC*oh~40Ct|Z{Y)chHcL@`#50_?1w{eRQxNQ
zApxi1ocN@fB3yy%;$Lf~1$W^AJceiD-)QX;-oShK1Y4hF)c#g$9k3hr!9h48K5K0p
zPQh8Y0GGwT)7l!`ggbB_9*KXiwNrQjui+hh6#qeMEmhNY*d;dpC(8>5;IR1eUw#mS
zlW<0SsrJdkCAbPV;I{Y*THAw%@C2U2E3s8;x9|Zz!?tIed8hb_TI+%Ra0rgV2{;Ys
z;38as>*6cvzAd;558yF8gO~6|d}ZyqhflEeIY!2&83*i!ed4QVCJ0C1xcI7?Nx@mT
zAikPr%5V*CitU=|z<qcGPsLZ)`~qIXJNO7&{==xfhSu6)7wm-t;%jO?49DOkoDn-T
zpNC6u6>f;HrTI48gNN`$d~MCo;T61v58~@+{tVk{=5;6R5j!>SheL1_PKd9o`81q^
zi*QAJJ<ZqQ7Tkpg;_GXE4A0;tyn*-d3AR4h?CF5run!Kx5jYN~;4EB#%VL+Fr6#_C
zx(RpSzW9ck8NpL{0k6e3()<oS!j|Wm8N1l6c^B-318^9Q!AUp+=iw4ug&S}i?!iNN
z0?*+UyoC?&8MZy&Ji8P2z<xLcN8tpVhI4QcuE2G;1$W^AJceiR65haj_yk+)=Gh&v
z8}`9LI0DDv6r6<%a2c+_O}GR1;SoHA7vdZ1$M727!AIEg0yA$H-{kU-f7lBL;4mB$
z-&AXpa0br9CAbPV;5OWYhwucR!z*|TAK)`=d!aeM6ZXJ<I0Q%G1e}I*VvpXRqWEU&
z3S5U<a2FoHV|WHH;SIcpPq6hx<~$DA4g175*O`OjTc{&&98QV7n#sZixGcV<W@>N~
z?uc)tnLa#%r{Y^{W&y9^9efn~G;e8`w!<#*Z8YPB18^9Q!AbFLwKfCi;ga}vnyJDK
zxDEH<Av}TS@Cx3-2lx!zUTn_eggvky4#8140jJ>{T!brd9d5y0v0v}i03O3LcnNRd
zJ$!<#FERT&U^nc8gKz|n!znlm7vM5ngPU*%?u&1)_hAH2;RU>gckmImywvD<2kmKx
zU9cApz+pHBC&hQvo*6g~m*6VgfZK3S9MGOacmmJi6}*KH@L7B(?P+V8cETRm4~O6=
zoPg8fKhpj=xCmF^I^2T0@Bki*|5*Fa;3d3)_wWg}zRc|7fZec99Mrvna0HISDL5;>
zv(^^iGF*e3;y=-R2kyfocq+b&<`?i9-oZ!M@^Yg#q_uX~1$*HD9EM|XQhZnKnSt|g
zNqjfWRN)5PhI{Z3p1^bQ-L>Zm-ogj?4BK8|);eJi?1w{e6i&ctaaiZc!9}<tzK3S&
za0~9j19%M2;3d3)_u_l%UMJYvGOs&eH|!JNOKXF01dhWgI13lxGF*e3a0l*-BRazf
zp27=w4e#J1Y<Z>G(+;~}FB}lxTW1KvF*qr{k7hD(9xlOExFNo;*0$juJcK9k9A3d&
z_#lpI|1)fRm3iF>dtg5tf}?N(PQy942v^`b+=9E}`{~RBcnr_rCA@+6@CmlQ+U)Ou
z-LMZ1!Vx$Qr^NTynX_;KF2gmr33uQ=Jc6h20$z*%RA<=1N7&LfGBM5AVHfO$18`XU
z0IiL|NjL-N;ga})T3dx1a2xKyLwEwu;T61v5AYeby~do!3435a9D<{8Li`{-R~pX2
zMYsaj;TGH#$F=7G9>X(u32)#%d=fucds<&>+5x*^9~^`ua2!s-S@A=3uL4|#Yj6|p
zh##u8eRu><;RU=FC$x44A7RVu%#0m&!Cp83hvAs`VY*im&cJ!N1Xslm*V+c$hI{Z3
zo`@fzwR3m{Z{Y)chHV|Qj}!L5emDe2;RKw9b8u0d)R`-A9d3yqshKW3fXDC*UcwuA
z51(M`>&?9!up9QlK{x`(;S`*O3vd~(!A-aW_u-NFQI}X`P2mN+7C%}uJNO7&-e6|z
z;*{oHuon)9AETKt9D|eM$7&`6=i!q0ahj>Z4Y(~%Yo-Se;feV1nwi5ZcncrkGi-aK
z*~bZcV88eYx>pE}!U;GH=ink-f$MM!?!p6j4A0;tyn*-d3AT34b2-F+re}1+J~#+R
z;J7%WwJA6Y7vQq^&oy6zn{Y?`7n<qABX}x)qGlHG8s3SsnmNLjH<{P%unYFW0XPiD
z#DA&%lW+#k!zH*1H{dqh6aSU=AHoxOF8*uHtl%wtfX}e)&1S7roYOuY*bj%qf1{Zw
zoPg7C4lcqKxDL1AE<Aw8;=k1yX7Cc;z<c-vTi;^#afts;d%9sC92Dm@6M^G!3eLg>
zxD40eCftGh@CcrY|6b==z-xF1A7M++thK`~*b4{XFdT!E;(yS2GH@O)iJzpID%^nE
za1S2B6L=1<;H|izdmZ32Y<sJjal#()KWeQX4#8140jJ>{T!bs)f71SSxCM9N0X&9h
z@Dkp@d-0QXuM=#2n|a*<yI~(3gd=bqPKk@UR~9b7Ww-`6#ZS@N4%~-F@DyH%|5<C-
z@D4u0mbaUEyZEVE>w>*-01m@3I0<LqJX{i&bgwGhfZK2n9>NoN4zJ)Xd=USO?t6x9
zee=2#_P~BP1V_dHsy!2M8qUE*xB}PVmiTGfvkMR4F+78p;<DCm;5~eTt?w}N4)MQf
ztsC~iK{x`(;S`*O3vd~(iT_>qZNeS650Buf_~}}^fY<O2KEjrFnzeS=1$*HD9EM|X
z63)PRaYg4W!Bw~cx5dxUd=DPN6L=1<#Lv{)Eqs8_u<c!D-YI^T)_Pz+9D<{80#3s@
zxCmFoRo$x&x8N>3fXDC*UcwuA51+)()_tu5(+=1T`{1DXIa(Wm<8TVj!Uebt*Wf1H
zf&1_Xp27=w4e#J1Y<ahN7CY>My>I{y!!bAsXW%?sf~#-?Zo@rz2v6WSyn?sz0Y1aF
z_n7y=3435a9D<{80#3s@xCmF^I^2T0@BkjeGk6Ja;5~eTt?xC@?ttB}4-Uc+I1Z=a
zEL?!ga1Cz49k>sV;3>R-*YFNL!j_?Vc025Xy>I{y!!bAsXW%?sf~#-?Zo@tCf9T&i
zLvc+#f#>i_{9Mg!;RAezZSOPlPS_)Up7!y>Avg*r;53|ri{j^N&k9_JTW}X1i0fKA
zhG+0n`~uBv;5~eTt?xJU4%iL*;2<1<<8Vs+LY*NC7vQq^MVhI>O}Ha&Xr>R3;3>R-
z*Wwpz?G8S|mj5&}cGx9;iPn1I033#6a1zeIdGSlNX9=#t4RKR5ZMX*y#V^y$1fIhy
z@yj){g%9vq{0hz3My8#x2lm4uI0`4=G@OHra0RZ5TRKk*?!p6jEPkctXYdl<z<c-v
zTmQ@K;}E|}d%9sC9E2lq98SSmxB!>o8r+0Ca9{jtooxh9;RU>gckmIm{I}7wtv&6q
z3--bRI4pjR*2dr@oPqOj39iBoxDEH<Av}TS@Cx3-2lx!z{>MCv6ZXJ<I0Q%G1e}I*
za1pM+b@6NUezwG~Q+MG3JceiR65haj_yk+W=3Wli4g26A9D(C-3eJi<dX|Ft_3AQQ
zgPU*%?!zN^3NPR_yn~Oh<pbtCcGv}b;Q$;Kzd_Fu6TeZNgfnm+F2PlCS8E$^8}7kF
zcp`q2*3RJ-yoC?&S^Q?LwSCaE6ZXJ<I0Q%G1e}I*a8djg-M0eQ;TGJ52k;o4!Ap1p
z@5Mdc_XJx%WL|f`ZrCS&tJVhL2poq~a277WWw-`6;SSt~NAMJ0z-xF1A7RVHIM>_s
zTz1$6d*J{a7QbC<V{j7Az<F_B^Ch?nH^lGIOdIaOLwEwu#qZSG6}*KH@ENv!*sOKJ
z9@r0u;Hdarmsn&a;53|ri*Q9exa6|hI^2T0@Bki*-+jqtwKI4LZ{R(Af~_Ah`#4}X
z?1O`F1dhWgI13lxGF*e3a0l+gBX|lg;5EF1kFe#V=GpDA3--bRI1I<&B%Fcsa0#x$
z4Y&>W;2}JL=kN;N!Uy;a+or~Sc+Vx5eJnY}?^SzXKOBOia6&xP+BBSli{kfbrUKXD
z7Tkpg@ED$n->*HF@CM$C|5Gz3*!nT^x<fqDj2rgBK{z7*FU`l{6r2_Rw`K}(8Lq)i
zxFh}_t?k1jcq$%iW&y9^o%jQqIl`8Yo7e5)4{F8*d*OiiLz)T0F*qrnXeI;a;ga~n
znyJDKxGnyOW_s`to`^rHnK`_Ix8kX04)7Va{jZVvm}Z=?2lk6Uu9*-Vg%fZZ&WZn5
zYm0CNuEQ<33lHEiJcF0;Mm*Df_wWg}&diJhcEdh62uI*JoPx9BPv{H<xD40eCftGh
z@Ccs53wRCh;3I7LggKiXcEMgaApWGDB@D;lB%Fcsa0#x$4Y&>W;2}JL=kN;N!Uy;a
z+dgTY%L#j6KOBOia6<eky+3I<2N%V2%~aqz+=9FCK>TT~9m6wt32)#%e1ff?GJ85;
zH|&Fha0HHvKclmy;4EAae^xVPxCS@j4%~-F@DyH%7utUf@8BbBnVWe#?1H`G&uPy9
z9EM}!&ub<LXW+c}3z{jxRk#7S;T}AMC-59ziI=+97Cyjd*!F27|3%F^VGrzwLvR#M
zh`*$L(r^wgiodLx3S5U<a2FoHV|WHH;SIcpPq6hf<~$DZN@sJ!J~$};ie@5k98QV9
zs+lZYfXm{qX{H7@;SSsvuQfk{r|?4jb<M2d9efmjLo=4onzq9(@i#T&g#&O{ywOYy
zPQn@Sw=|Q7OK=r#z-{rjwYCQj;feS=nwi5ZcncrkGi+O!eVnjIyw(1GI0Q%G1e}I*
za1pM+b@6v~uNK^e2jcH(W(?2ZrTF`r*}!}FB;IMp`Z?1M*e(8nW_)lEj=*v84>g~H
zvv2_}!!_}bw6+O%;66MO?=?S#7w{V1!AIEgd9#llcEMga0EgiioP;xQ9xlOExB<7}
z9z296@El&jTlfH<VcQqX`{0B<upbV=Q8)po;T&9qD{vid!CiO&kKq}-6#rO1Ha6m)
zsQ2&*wl0m#Pc`F!-LMZ1!Vx$Qr{FAHfXi?VZo(b750Bs}ynxs64nD$`FPdk!!!Fnh
z2jDOqgOhLu&ch|R3OC?3+=GYk1fIhycncrkGi>{kc^{mx2lm4uI0`4=G@OHra0RZz
zEw~F0;4wUdm+%JO!zbAKW%KL~*bV#OARK|?a0<@C1-J~?;3nLG`|t>!!V7pUKInhf
zJNPL6nO?W7Oxt0X`2RHHg#&OHj=@Pd1LxrqTowOZ_iDgxxCam6iTJ3sb9e=B;RAdY
z|3YhRUoq{3J>p+##t(<!sQ6c!Nx*412N&Ur_@uRUxCM8`zt+qE9>X*7Z#1)nH}GEk
zTg{wc>sQU|4)IwtZrBG0#lO=`1dhWg@$WU0g$r<5{0Gg{;3nJ=TQ0rqxpW^M!Bg=i
znpwbWcqhJ8Ge_9+HS@Y%d<D(8U@sgHTQw7gV{lS@Ma^X3JX{iANi$Wr0k_3h)=Uo`
z!V|GgGjn(aZ^c*9%mF^bwzZMDs%D(92lk7vrkM~Ng%fZZ&WY_>TZAicU3_)TwBRm0
z5MM(xV|WHH#n;r#2HwLbu|qS~ubXzjZt=A=<AZ~6M0{<{#Nia26<<d)1-J~?#7@mL
z;SSsvUsp3DcnUAX*VD`z-oZ!l^)+MphG{$O61z0xg#&OHj=@Pd1LxrqT!kBO8}7kF
zcmmJi6}*KH@ENv!(>$*e_P~BP1V`ZnoQ8975w5^>@eTBzx8N>3fXDC*Ucwvk4YlVU
zKEc+FnQ_2w*arvUi1<d@KMtqhEL?!gVz<`T;3nLG`|wD7W38RS3wRCh;G_5^T5I{1
zX*=wKy>I{yi*KrZVsH}9z<Ia?SH&Lf(}3G>4<5o3crLz~_F2JO_yC__+qcbHr}*aD
z#{>J}5FCXQa2n3RMYtlq#ibTmb+`q0;Q>5`XYdl<z<c-vTfbw>;Jx&+862=1_K9z)
znIIg2<KkOsCIx5Vg80^&DZ@3m33tRk&G+FEJcSqVT6`O=-N8rLvNbby*adsxfcUoB
zGYrSzr1*B4$-sHIB=&2j3OC@k`1YFV!9#c=zJq4w@Cx3-2ly<$qt@EKYuX8WU_TrZ
z2edW{C*U-kgNx!jX>A3r!!5WA55#|@wPSb&FU5bXnGL*$PvW3vtlu;3fZgIdYsLo$
z;fVN8G!utYa276z@1prKT!Wi%2kyfocnUAzHN1n5u;u&aJa*V64(Xg;H~@#mchyV`
zPQn>D50~I7+<@C~4<5o3cn+`NEqs8_ux)3a#R+?0KOBOiZ~{)lIk*T{;5yubyYN7K
zH@)X$cm^-w4ZMd>u=NK<&%0|+2keG@;;?3da0HHv@1dC#oP`VGdupZ(*Wjl3UYhB^
zeRu><;RU>gckmIm{LtLX4!gt=oxuwS;4mD6lW+#k!zH*1H{dqhgNNdK>ueKv4zJ)X
ze1Ole?MG%$C+va!a0rfy@1yf1;53|ri*N<5!!5WA58yF8gO}p_>O32G51(M`-po5-
zH|&Fha0HISDL4xk;4)l;n{Ws2!y|YKFW|K}s`p_BA7RUnjm-TtV~1U^7Y@K-I0h%-
z44fC=U-v4(Rk#7S;T}AMC-59ziT_mh+QJ9;4BLKU=AEzy_QN4@O#4US1e}I*a1pM+
zb+{#dfcEdg19%M2#1GW`65haj_yk*jYSubnxA;NY(+3CP2poq~a276z<Jz+f*Wf1H
zf&1_Xp27=wEq<`>wS$ka<zQy)unYFW0XPiD#1GNEl5hsj!zH*1H{dqhgNN`0p2I76
zD}JcXc7V^Y?Pq4j3435a9D<{80#3s@xCmF^I@}T`bmlHRfXDC*UcwuA51(M`|CxI^
z#1GSb-LMZ1!Vx$Qr{FAHfXi?VZo(b750Buf_~AP90$#&A@gp>Ige^ZeuiIf4?1ckx
z7>>b7I0NV55?qBFa2xKyLwEwu;T61v58|ZWhcj$Dn%AAM2lm4uI0`4=G@OHra0RZz
zEw~F0;4wUdm+%JO!zbAK3-jy_*bV#Op!kt`4<m3KPQh8Y0GHt!+!Q}b`*+|zJc6h2
z0$#&A_$Yp~_P6}fv>kTAUN``U;TW8RGjJX*!Bw~cx8WW<geUMEUcp=V0H0youZ;VU
z(tF~BJ+L1R!BIE?r{Nr2ge&65=)QHh1$W^AJceiRQv6u$xq<ia3AUchyaRT_KJnwU
zXAq9SaX1BM;R0M1r?qDdZo(b$<2BQVNAMJ0z-xF1A7RU{&Hi@S1$*HD9EM}!C+M6>
zI0NV55?qBFa2xK4|4jQ2;R!s4SMU}-z-QR@8>4?l`#WI|?1w{e6i&ctI4Ayd?O%i|
za2;;JU3dVG;hFd^wEq&`z<c-vTYqcTI$$^KgM)Acj>9Q93m3#s)H%y=4Q|36xDSuu
zDZCJ8wf`F4!AIC~HuHAa1$*HD9EM|X63)PRxFr5dowEuz;I{a$G}D8J@I?IAnwi5Z
zcncrkGi>{v*~bZcU_Ts!qi_OF!#TJJSKvC_g1h3Jo^b$=;TgOX|BdE1@E$(F*58|X
z2keG@a1f5baX1BM;ez;Yb+$5GgPU*%?!zN^3NPTb`0sSD9eji>e=st6&DdcV?1ckx
z7>>b7@!xCD44j8ca20OAZMX*y;R!s4SMU}-z-RG4=$tm=r>rjQggvky4#814A%2qf
zOv5?22v^`b+=9FC03O3LcnNRdJ$!<#mzXm<U^nc8gKz|n!zpn=??V<Yz-71wH{lN4
zhez-fUchU32OnX}rRJP=@jvR!F4zkP;4mD6lW+#k!zH*1H{dqh6aSOWHiRee9A3d&
z_yC__+ZD|IPS^wc;Sd}ZKUrr>z-c%K7vTzAhg)zL9>8OG1~1_ayoXP))oRRN)cGB-
z8}`9LI0DDv6r6<%a2c+_O}GR1;SoF)KSk$Xz-xF1A7RTC&00I`g1vA64#P1xDgI}j
zCj;l<5?qBFa2xKyLwEwu;T61v5AYebUCEr;3435a9D<{80#3s@xCmF^I^2T0@Bkje
zGk6Ja;5~eTtyebB?ttCmr|O@h4-Uc+aY-|AI0a|n0$he`a1-vpeRu><;RU>gcjAB1
zIghZ#W?r|$F4zkP;4mD6lW+#k!zH*1H{dqhgNN`0p2I763m@P!Y`cniADrTU)qCZE
z{cs45!U;GH=ink-f$MM!?!p6jEPk5KIfIw*2HwLb*m_m7j{|nYJ~#+R;JCP~^Q7P`
zT!71P4Q|36xDSuuDZGH!@D4u0maCaF+r|H;^SfX#9Du{(f7g5rPQn>D50~I7+<@C~
z4<5o3@zZsNIlO|m@Bu!<HoMu!3435a9D<|biq4RL({K(h!WFm<x8Sb$8QOmUkKvj4
znVMO`8+Z?&VC&V*S_kZgeQ*$tz;W@jbcPh1g$r;Qu8FH!+k`uCA0EL|cmc2B9eji>
z*D&|B!!Fnh2jDOqgOhLu&ch|R3OC?3+=GYWXY0M1z;k#devW3g@Bu!<wriSsC+va!
za0rfy|3mjmz-c%K7vTzAhg)zL9>8OG1~1_ayoXQXn$B!>n0CN!*e8Cj=7Vqqj>9Q9
z3m4!rT!Wk9=jmP@xDSuuDZGH!;^%9h9eji>*D^A7&DdcV>=nO2GXXdZ$KWKKf%9-l
z{6g(ng&S}i?!iNN0?)-S(w-}L3m@P!Y`eBu>x4bxhW7NsAvh|2v1Sr*8qUE*xB}PV
z7Tkpg@ED$nU!pTC;SIcpPq6hmW~~Eu!#+4DeyQ#if#Yxr&cX$_4A<Z$+z~f*uRc72
zr{b4sW&y9^o%rRNIl>mFdEE}XU@shi!*C2v!WlRZm*6VgfZK2n9>NoN4zJ)Xe1Ole
z?YicDaKawg4~O6=oPg8fSLi*@!9}<N*Ws49rL|pn0FU7rycEAuYd7#7KEc-OnRy57
zhJA1lj)-5Sd&S`toP`T;S^R3Pt-(#WBW`P^50Bs}ynxs64nD$`>zn=UunYFW0XPiD
z;3S-Z^Kc2S!VS1BevO{J2M^(i__dmu!z*|TAK)`=bD4ddum|?TAvg*r;53|ri*N<5
z!!5WA58yF8gO~6I-oq#H>-4@^Z(!O1yI~(36nC^X0>|MLoP`T;8Lq)ixC8g$5j=$#
z@EYF1N7!;h<1DY&v)Ex5?1ckx7>>b7I0NU!Z_vF;a20Nd->8{3+=GYWu4X3i9A3d&
z_yC__+l|bgPS_)UlkVk*LvR#Mz-jTDwKfMA;R;-bTW}X1z+-p@FX0WmhflE8ZO-X{
z-LMZ1!Vx$Qr{FAHfXi?VZi?Tc_pKxDsr&E<p27=w4e#J1Y`L-7-wwOPZ`FOhZ~zX&
zF*pfl;5=M{t8fEu!##K?ew)rVf#>iF-ogj?4BKvE_H@D?*e`y&?i+%mZ~{)lIk*T{
z;5yubyYN8V*BQp}3|_(;cn_ao>rKs`4)Hs*zZ>?!K{x`(;S`*O3vd~(!A-aW_r>qj
z*+%dbUchU32OnXJ$Lwi`U9eaDF5Nc(hv68U6c03?f%9-l{BF%u;Rf7>d+-pRz;k#d
zevkIw!Uy;a+iqs&ov;V?i{Gm~LvR#Mh=-a<!#TJJSKvC_g1hhl9>X(u32)#%e1fev
zH)nQ;->37tVILfXBXAr}!CANfm*E=R6u)0*=)iq=1W(}wyoPu15w_gI+{+HTU@shi
z!*ERepE`3A&cJ!N1Xtk(+=hGbP(0GTCh#0yiT_J8TlfH<VVl>?J7Ev(heL1_PKf_o
z_f5k&xG4S~%~aqz+=9FC03O3LcnNRBW8G^HpJ3}P&5Q$f!#+3&N8mV|g0pY|F2gmr
z33uQ=Jc6h20$#&A_y}8WWuDy*yI`;Q19}ewa2SrkNjL-N;SyYh8*m%$!9(!}b)E@4
zhga|xKEP+#c5Abz6ZXJ<I0Q%G1e}I*a1pMEKcr`=!!5WA58yF8gO~6I-oq!@>N96>
zz;4(F2jK`Dhf{DCF2H5D1~=gj+=oZviQcy<ynxs64nD$`+n9aqunYFW0r7`*-!L45
zlW+#k!zH*1H{dqhgNN`0p2I763m@P!Y`d*_E+_1P{cs45!U;GH=ink-f$QRr=)G;h
zU3dVG;TgPyH}D=l!PeUu`+ijSb--@eC!T612uI*JoPx7(0WQNexCwXQK0Jb_@B&`L
zJNO7&{N}mrunYFW0XPiD;3S-Z^Kc2S!VS1B{+QnL9z296@El&jTlfH<VcYGEy*{pc
zIbjd%heL2w{J&b8fYWdeF2WV@Ol#|K3+}=Lcnr_rCA@+6@Cmlw!JNSXyI~(3gd=cV
z{0Tiv3eLg>xD40eCftGh@Ccs53wRCh;3I6gqdBu3cEMga0Egk2_>+3}B%Fcsa0#x$
z4Y&>W;2}JL=kN;N!UyrEbj~wu3z*lPum|?TAvg*r;53|ri*N<5!!5WA58yF8gO~6I
z-oq!@dMESj4%iL*;2<1<<8TVjisyRI3vd~(!A-aW_u&ydg%|J|-oZ!M@<--ucGv}b
z;Q$<lV{j7Az<Ia?SK$WShI{Z3p1^Z>1#jU4e1>g*Y~BYa?1BAo2#&%DI1T6EB3yy%
za0~9j19%M2;3d3)_wWg}2F<fOU^nc8gK$LrY5mxa!znlm7vM5ngPU*%?!zPTXLR2w
zynxs64nD$`JDYv%unYFW0r6*b-!L45lj4PDGH@O)!Bw~cx8WW<geUMEUcp=VApV@r
zc7|<#VqSN`9@r0u;3%Ac({K(h!WFm<x5S^<IlJ%x9>X(u32)#%e1ffaG52!7ZrBG0
z;RqauQ*ah8z-71wH{lN4hez-fUchVd7xW(P;3I4a8JVSK?63>=!T~r8$KWKKf%9+)
zuEGtt4fo(7Jb~x%3f{s8_zc_bYTgGY?1BAo2#&%DI1T6EB3yy%;xFo-MGNl219%M2
z#9z|dCA@+6@Jak-&0Ftg+5x*^pLnJDARK|?a0<?fzoNATxD40erueIx@4$U{1W(0Z
z)BFNn!#ns0TkdYuuC>+<yI?OI5Px0sVK@dS;f(kjn$N=}xC%Gmw)mS`+k=Pj1fGjG
znqR?N_yC{9-_pD-Y}yHXU_TrZe_Ly#Z~{)lIq`QiUxX`g9d3!Yn(x8`cnr_P-_`sQ
z-oShK1Y7T6)P7HE9k3hr!9nr&H6MZFa0<?fcbYH2Ww-`6;g0wRTHA+5@DyH%f2jF2
zyn~Oh<(@|VN1C_8F4zkP;IMeFwJ|seXW+c}$C@v}Rk#7S#Xr$}4<5o3cn+_`Kh@eT
ze1Om5gJx{^GVO#tuwVQ$&4=J9oPg7C4lcqK@&9ShI^2T0@BkjeGk7Wfx%S+^d-w!f
zBWB(KyI~(3gd=bqPQh96QRgYZWw<8(g=U&?2kyfo@h>$$g%|J|-oZ!Ma&NPbUHmKU
z>4Lp*01m@3I0<LqJY0gSa070`J$MLD;5od4x9|Zz!?ydFXLrIL*bj%`D4c-Pa1JiQ
z6}S$!;4VCX$M6hZ!W;2P|4jGdU#m~B^}gnH2keG@a1f5baX1BM;R0M1|3>Gj!A-aW
z_u&ydg%|J|-oZ!M5;bSA!!Fnh2jDOqgOhLu&ch|RD*mnBhX&k+d*ZWZhVTTQ!z*|T
zAK)`=yPw(L3435a9D<{80#3s@xCmF^I@}WfPS4wg2k;o4!Ap1p@8J_{y}!Aa19ppl
zuQT}IARK|?a0<@C1-J~?;3nJ=|3PQy!y|YKFW@!2gO9M~PtE>zvE>Sv{T>h(?1cm3
zOEeRPV{j7Az<Ia?SH+iV&j#Fvd*Ul-W(ZH<IlO|m@Bu!<wwTf1s{Ng?2lk7vsF@HP
zg%jc{X(kQl;G+1-nyJ8bxFxn}rV9_?F+78p;;U%w2HwLb*!lo7?||K~4-Uc+I1Z=a
zEL?!ga1Cz49k>sV#8=fbPT>W-7GF&>JNO7&9%y9jnz6$!*ekxeW&&^+j)||KnIxQn
z^Kc2S!VS1BzNYr<!9#c=c4%e}ui&ltTADe)XV~^2BXe!dIAIU$7hgv+Avg*r#7@nm
z;T&8PUsp2~xDL0(*V9ZF9>8Pq^))ktm+(gH(##${!PdB$almfa2M6JZ_y*cP4yWKO
zT!72s8)|J0Zo(b750Bs}ynxs64nD$`2b(k4VVC$uI-3^`z+pHBC*cg7hf8o3ZoqB0
z2M^&1JQurl<`uk!58@kZ<_y~&VqSN`9@r0u;3%Ac({N6F6WzB6SKvC_g1hhl9>X(u
z32)#%e1feHHD`0cZt+cZW*;1cBXAr}!CAN<_Gr&CT!Wk9n`x#4_u&ydg%|J|-oZ!M
zk}&tO!!Fnh2jDOqgOhMZd~-cZ9xlOExB<7}9z296@El&jTlfH<VcWxuId7qJI$;m&
zheL1_PQYogS9|8*B3yy%a0~9j19%M2#JAMFmhcAN!zbAKaI@9{yI~(3gd=bqPQh8Y
z0GHt!+!WtR&(eYW@CcrYZ>{+SyoPu15w<+SthK`~*b4{XFdT!Ea0br9C9zLuuEGtt
z4fo(7Jb~x%3f{s8_zc^U<~&aEZFDvd?1w{e6i&ctI0qNu3S5U<a2FoHV|WHH;SIcp
zPq6io=6M~k8}`9LI0DDvl=!xK53_IqE{kucnHt=LJ8&N!!Bcnvui+hhge{LUXRyOA
z*b4{XFdT!Ea0br9CAbPV;5OV7`}JN8;R!s4SMU}-z-QR@XtTc)_P~BP1V`ZnoQ897
z5w5^>xCM9N0X&9h@Dkp@d-w!fQ|8$nup9QlK{x`(;S`*O3vd~(!A-aW_u&ydg%|J|
z-oZ!M@)+~%cGv}b;ehz|`f(VBV{j7Az<Ia?SK$WShI{Z3p1^Z>1#jU4e1>h0HP7XQ
zJ+L1R!BIE?r^R>BdzFKWa0RZzEw~F0#CO!5V|WHH;SIcpPq6iIW={v~hJA1lj=*s^
z1!v&`T!w3KQykDUcHlldf~W8TUc)>12wT$TUUt|8d*J{ahGTFN&cJ!N1Xtk(+=hGb
z5T3wucm;3a1AK;Uk2mjw6ZXJ<I0Q%G1e}I*a1pM+b+`q0;Q>5`XYdl<z<c-vTc2Q_
z-2uB{9~^`ua2!s-S-1d~;oARW?0(?to$vqgpSR`x4k5%sEQAn3XoQ0hLI@!=LI|-~
ztdYrt5JHH(5eu<KBNl5ki!~aJwl!<ktobyWwF$BB<Jq}h=X#vS?RDLLzt>I9<DBz4
z_v`iVy3Tb@r}L)VNqIHpKFWiXM<|a|o}xTUd4Y25jIi$+l(Q-4Q7)uhLb;4`CFL5*
z^^}_^w^Ht)+)cTc@&M&w%43u#DbG-zr@TZty(S!oEXui*3n&*;E~Q*Sxtekv<wnXa
zl-ntHQSPDKPkD&)DCG&t)0F2ZFH%nXR@nDU$~lztDHl<WQ!b}mMY)!81LbDQZInAH
zucq8bd64o5<#EbWlxHa~P>!7$_C14gHsw6Zg_KJumr<^yTtm5@auelN${m!uDfdzy
zpgc@@jPj)A-4f5CGnD5kFHufEE3BVIIhS$)<zmXEmUmBVtAcVh<vPlZlv^mbQ|_YN
zL%HAb9>Mt!<x$ELl&2}rSuRREc9C*gZFqYo<s8cSl#3|GDVI~OqFhV4fpRnDHp-op
zS5xkzJV<$j@;K!w%CnaDO!R$$a_sEz_6*9|l=CPTQZAufM!Ax54dr^vdnMY?M7fo6
z2jy<cy_5$i4^tkaJV|+m@;v1w%IW8XZOfvZOSyn@G38Rq6_l$f*HLby+(NmXau?+u
z%KemwD34N}u)KF-oTn+zQC_5+c5YZdlX4E_e9A?X<CcpP+bXAAMY)!81LbDQZI-{8
za5^ckrrbw)kn#xSamrJc_eq$ulou$+>cTo1l(Q-4Q7)uhLb;4`CFL5*^^}_^w^Ht)
z+)cTc@&M&w%43u#DbG-zx4ds+OqM98pBLVqMLCyp0p()KrIafuS5vN|+-SKZ(S{bv
z?UcJH_gLO9QNN$^5am(I6PEW+)Ssq2M|qKQ+WBGqOv*Ww^C=fmj#DnDTt&Io@&SqV
zG*E7)+(x<6ay(IgHRV3agOo=ok5itaJWF|ja_j<Z>%hdeGAL(L&ZAsNxrA~V<x0vm
zl<O%sQEs(-P@)YTl)EYSQXZf@OnHp*B;^^(^Og@zY-@>fdVP3%7Uf*arHT3ll#3~s
zQm&v}O}UP8Bjpy#?UcJLAClN^59NN!LzG7;Pgp)Q@z`m~bCee?AC{<-c43$^Dd$km
zr(8riPPv?N73EsW4V0THw^=Srw5OBuYRY|-2PuzG9;ZA-d6x15<=92xb~7kvQ_iDY
zNV$Y^8RbgLhbQ_{L%E)E6XjOQ9hQ$sJhq#1FXaKs!<5G?ADMXUB;^^(^OnmKb(Scn
zUmV_^MLCypf#stTk1eKLO1Z-F(TO_Ml<O!rT0SOGr-gDm<u1z=i8?)$`za4uJ~mNj
zl=1}SY07hy7cC!`cx+ljm@_HoP|l}ZWcm2SW8;*|DOXXhrQBe-GV$1E%59W8DX*s7
zXZeK0V+SdZP#&i|MS0fpiHXN9P>x*^-kw1@n{uAzlM;_Dq+CL|jB+LA8p`#Qn=Dr)
z%vQ=Bl)EYSQXZf@OnHp*B;^^)CnvTwPkD)Q`lVr=EXui-Pf0wsfO0YAQpy#St0~t}
zZlv5ox!v-qiEVXJ?xEaId5H2T<q68ul;<cfQcnAJxZO<3Ih6A$7g3H=E~i{Yxt4MR
z<z~ullshS}rrbw)&~kNRtVSr0Q=XzcOL>8EtTA*lC}&g7qg+V2gmM|>O3F2q>nS%;
zZl&Box!dw-i9YsH9-ur-d5rQT<r&KJmQPQZOO(?u3vbV&oJ+aD@)?Q87E>;zTtT^-
zavkMH$}N^_5@tK)F3LTW`za4m9;G}%d7APZ<weSAmxpc0q?|)J-}1K-?JS}kr(90C
zigGRG2FlHp+bDNZUQM}=@*w3A%Hx!$D9=(}pd9;7*sl!A*_87r7g8><d}d-y$|zS-
zuCaVpqE0>KCd#dpJ1BQk?xj3nxi(=AQy!x{NqL6yJmn?I=}n=TMLCyp0p()KrIafu
zS5vN|+(@~Fay#WN$~~0(DGyN|r944-n)00GvlHXCNIC6_@b*m0=OpUnP|l}ZL^)2m
zoN|@ra}!Q2<p#>lmg^FA+9-EYUQM}=@}TAO5|16BJWhFv@+{>A%CRd$Cxddf<?|DM
z9_2#HC6vo3S5mH_Tu-^l@&yUMm2wB=Zpyus2Ph9y9-}--dB$>mVq5c+mnf%yH>{II
zIhS&Q<qH!|G38Rq6_l$f*HLby+(NmXau?+u%KemwD34N}pgc`^j`AYqwC1p1nUr%V
z=Tk1C9H(4Pxr%Zv<p#>ll-nqGQeI8DkMbbp5z6C~rzp=_z9=zw3zTEu3vbV$oJ~2;
z^2LeA7E&&uTt>N)a*gGN#AE9zH&Je-+(EgUaxdip%EOe$C{I$Jp*&A{iE{c?VLP)Z
z=Ta`Pd`YnWDVI{Npj=J4j&dXA7Rv3EyD0Zi?x#FNd6e=5<!Q=ulou(dT^;r-lX4E_
ze9A?X<CM!OS5dB|+(5aRavSAN%Bv~&Q68i`V)@d<yo^(xqC87^fpV-Rd~62gY|43*
z3n`aSE~8vYxrTDR<!>k2*+jXOatGyZ%Dt2aC=Xk1OqgSoCn?WRo~OKI`Le`g)2~6k
zJdv|3e<zW1EjJ}{f#oX_x!CfRiCk*=yNO(3xjB)mEq^bO>nvZD$c>h-PUIHLEs5N2
z`I<!Tvi$u-?y-DrBKKQvP2?fV*Cq0(<sT&SgyriKdD?PYBF|aAA(0m?-<Zg0-$%YF
zkuxo~CvuMEn-e+T@-2y6Wck)aj$7_X<Z{cmC32PJ+Y`Cg@*RoXV7W7qn=Rj&$ZeMI
zO5{$<cPH{{%Uy}wXZfB)9<+RKB9B<UFOkPBcPH|c<@*zP*75_1ykPl<i5$BYd37RZ
zSbi{(vn@ZA$a$6@PUJ$%J&9am`H@5}v;1fxS6cp2BG*{%P2_sZk0o-G<;N4b)$$XG
z++n#dk-IHFnaI7CpGxEb%Rf%!VaxrAJZAYPi9Bif=|rBf{7fRxTOLT{CCfie<n&hL
zXA?Qg@^gutYk4q{3oJjM$i<dlNaRw>KTG5a%R`A=ZTZDSuCx47A~#z8c_O!19!}(T
z%fCqEF3T?`a*yR#61m^<NFone{$(PMT7ET=m;ZqK|HuDwQD+5yRt9y8aG4%tyGRT2
z=0T1J*E82y8OugqwQl0^RxblT-^34lCAeOOA6J}b+p!!E?#PEXiEN(rz<Jfk?6n5>
z;bOTs?<8DfFP5=#xjp8s8Qf>>`!;^qYYXnf#d2}pMYzUZ26?N3`^>u)KkT*RdM18c
zao&x%fxT>ag}BYyw^neUdHwiduN&8W^YKLRm^d!2l)-cJu@0`=w#<7AKkW73dO3bv
zaqasJZs7LSz;p9~CMLaqA+tA+>%RWZiC4UC*x&WZTLp|gyW-k}YRSAtaC_WtM5%*k
z{j>4g0GIX{yPhXrT7>rv@fyk7h`fEpOULz2-0zBO>t5ouz#GDC*1nBV*|o1)yl!02
za#&E$uAU@b$@(i}wlA6Y^`M^hw?(}E;BmNXxw!V>rOt92;=%1r@Z9)qirZZK9uRK;
z*M0MQk9e){3gKA$+_A#^pNltw>sHSd*S;6T8-Uk=O6F~WOV_?h@fL8s*kM6EyZW|x
zrI{;Zy|~@HZv^$Meg71%0AI7=+Jw84c~-nRcy9c*B5!Rx9#xaa(?VR&Hz+91UNhKE
zJh*)kUK6slZyQ{?{_ZAT6|Vb^2d>@DYuF$>9&AhAapKiPct_!OYlHLJ$lIR0dhzOT
z-M3!O6>l{>w_bK2&;EIB9=|4Bx8s^CZv5<@iRbo>!z)828^4`!>Bi6g**x|-aNW1R
z**~|)UiOCJ{<brD_BHkF*+0SPn_v5<6xgeT=jL};^6abQ*c-$32Hfw88CLA8_ShSP
zSAhpwe|N+EcAu@sweaN0UJ0(-bFC}ROT+E#<z%gl*>jC~d*IS}JBnv7<9++vw&D%K
z>kYg;$va#;J1z9hN2z!<8;A3;H+lA!1oziYyK->9E3UuxHXir48(t+US%2-E#r4-t
zzuB9_b>DinQ+)R3;kos^FL`!q$=)ok``Txxuk7V+60Ya{$a_<~G(5=HzSqU8gXh|J
z0C^vZmj%z(kt^0FD}NKO3tk>>xA8j=msZanmw~|j&Bb+}w+gr0W8(O+GDP0NxNi5^
z<90=0uK?G5{oN6_+hgMRu`*5lJp|Y7KJ&^E*ek(x-|_S?+-{GF<Ht(o*TduKVYqJh
znRh7yd!@MU^De~g_Lw++tmKn-IIi1$=G}+Dp0(H4-@9<TJtmGHD{**kevia;yU)BA
z5!kE7b)Pqg+wC!N{8(uq?<ici`^@_QfxUWMx7%H@dRG2|U^#AAP*%gs!=<g4V{mEr
z+2g)KV6O?+?LJpr-Wn(IT(22-_?{QGKs|d*JOD<pU3cDe9B#AwY`cex*NHoP<5DVK
zEIS-$JAOFtLh*WVhi@I!iB|~E`eEa8B6)X<*B9a4E?yaVRph-W-av#mC|(VDr;zt|
z@rEM2_r+@>ubMoZE~m`z2t40>q@y10O3rTwJh$#oCvOMwCh#ENI?WSr7+xM6n~xgu
zO2wOw@D31fhP*S$J43uVc)tFgB3}BYVSj7MyHdQR2=6lSipe{NygS9qz&!fKuS2{#
zczJMa{OZX2sd(A&eEsbgubtX=K6#Vk<wtmLi#J4GJ$Xyw6~puGzn_XX2hZ)l?mYt=
zryRUVz{jh2g!gsS!&D{LbJ}L1*Ff#tPrR~-{uYau1JCUrmy%a2UKKpwdC3{#mBVxA
zO^xK;EM6l#>z6Aow~4nJo{g8Sm&<W!_3Zj%;x$Eh??}Doh<d-3?e@`jub}OIC0<K}
zmxsl{^V^DgS#Vr&{rv{&S&j#H3}U<P`KTGUx&9s@UKhOF;4yaLyhFrWfLDY2ZTzkZ
z>e={RD&Am3KQ0una`SLLTFARwyrGEx-Y#AZJlEgvllQWC;}QLRQM_(=HE^uIt>pbv
zym@%_xZf2wezW2&!7If?n)d@#cJq;eH|2PKtFhnXp~>RBRj6k<9^4b(BHVx5aGUdX
z6t5PZZ@p|QUKKnye(pU)o8RNaYl`rW60eiIc52_{;<dwbeYCE*e2IAD@T@&Hez%Z!
zw|MqEk!Mg)oOio;Q}Arw%<I6V)iZxkya9N==Z|N^E88+W{@qUAgm@zn-kahzk=IGy
ztauaftlh4-{{B_GUU)Vx*5A8u>H53I+NtYr8eYG{f_irKOYz3wrLB?hx`KMvj!net
zz;Vvjrz@^~8=#)$cyPyf?#ftKuz%c(+g$th6fYY)M_KR~yKr8icy(Kc?<;qcS0P?a
zgm<KP@ohry0rD;puNR(c6SuEkyzIPiJ+CJ3R`L4a725$KD9*l7ygYdJu^XG;hfvpz
z-xK1^U>?gI7Syw=kBZl^ec0cgpq|a|n0PksXkxOs_Weq{y8Q5X^(bn)_I)Z|afJ7Y
zcrE1hlD7?hDZ$6nI38!`C9b&kZHao8<G~$W@a#BX<M%i&UHgs|uOXs+<>KYzg@HR?
z>m%=b;x$EhP2$DLdy2fr#cPT19ucpKJlo%0f8P_YEyDY~cn#z|P2NUWG&~<25#D;J
z$Mexf-T-;Kh}RY2?I7N2@}4E{DDhUq%fbDwSevYri8lzZ61UrW8N{U<zstlMf`^-u
z#d!_lW$YLppI;#FZt+GVyxYYqByWhk7sZ>1@CL=JB=05iX2qL^=Q|$!RlFv6ZvPl2
zZ$peHua{YPZp=_Enb$=<yFG3<qIAH+CYI;pWn8-XI6%C)i1zIxUN^OGguGhu79zYe
z#2X;*Rr0PAZz;lS5pRsVQSy4lOT&I@<Kl`N%ZJ6AftQC$ww_<dr5nFri<b${H@~ln
zm%dXtzhmSriI)w}x4(TVUM@Vhzr8`;cI&0Cm!gRNZiRZ*r#ODBG{STJ9mjRo-*WNd
z@G_Slk@%n0vvQbtUGNHVyN%ylxOCo?;#EX=mx(t@-UNBQ;?=<O&Bw#yEy8pA+dJgF
zAzmH4EZpyk>+fsgWfp|57ba2J^><OcW_Z5!_iypa;pM@x@%saLo8y=Gd^~7_=h|d#
zba@lhvmCb@Q5xX6<G~cJ+kJL@U-8-_yuHM0ChtA+&J?c$UWqk0D6V~{iPvWR4bIo5
zQP;JvMZ7UI+8IW={9W<-b`AUcK6wv|HxAFYULFu{5T08vGvvJ{-XuKVdKnRK99{_=
zo8J$}`?q*=5&iv0yo|!Izq90RhMkqy%RD^%`Ejzi@!J^nEXRX;vf;G`^YI~Wv-|MS
z*xuq*W8M1tySsSZdxZU+Bkv^f8sPcn<2dmq;ko(vh`cMrYl2sd`(1JUZ4_@FUN0)y
ze9Yt0_4jV^`r*|(EU0H!Zx^qtD13k8lc1iB-?QT7U>>Us2#RapPsE$rb7jmv17q!5
zKwa0qH^pm&XWMbbd9RB%vsZY0`7bIv?_c8C{%7Otiu2~gOW!-3-$hh*-rD$(5U;<k
zi1w|CdiI!ju%S|TdC1n^&vEIz0`Yp_<p+<k3#(^kd-3YvHQ{#imT>93qs1G8S7AU<
zoOif*)9~g|$Gop_>AZ8r%fUG129{ko?@aN=i^KQVY`~m%t9T{weEY|Z;uU@~+&|oB
zxNKegRJ_s%uV1_}^4w>;%=^1|<?wv#?|t!V;N{`*HhwFqzZ-9ux?ZXx+LwuXHb!y$
zSZSs9*?!{2?=bOdBHDM5c-_>#waL3oy!wdtHHbG%?aLtVLGkRk<eT4a@g~VzkGxUw
znj`xAig@$X-%Ror#cPZ3{w-eCKH>asNM0U3<cF)t&uMkS!+*(Q^Je86sK@hL46hKk
z+j_|&?^yAAfE6qYiT^pTT)aAXt%0`*c~^@!9?`xl#hat{Ws~>3c+>EF`^SKIIs1m=
zw;6dKif6}RpZ7QM;^gI!w;7(iaWy#~ixJ+&sK@hBOWu~`Rf(4t?DuX;+<Y7_UK>2?
zhs|#;dAEv}4$s%$8^!CS_H9kxka$@U-gDv&l9xx`ta!N*-e1L=B5ynL*2RZbaWy#~
z_I&5-Z#wGne8ft^^^#BC-r^NUc)N?2N8XO))rwad;hiB~8F>ZdJs@5MJhw({&A5Dz
zc=hnydfA1%--=fWufU+7IB!h6CU~u=W9zSwyidhziRkYq;w@2scPDT2O;YE#J;K`r
z^{lP&pxwFqh4WiPUa5Fp5#9mfm6GQ^Lv7>PEM5;h-}BLT#H)j6=ZQ9c_Wr!J-Mq)e
z>x=Ln5wC^3eaL%PynzVsE%Ca@v)7}pefFVlTutt8LlNE=;`NiaKY2TgHxl9HqaM%i
zD0y-6P8V-1!aG^KY4Q#t?>6x!;Q98CcJUVB)nJ@#e(m?RZu|zti{U)L_j=(O@v8O@
zpU)2^?~meT!^2Zjve<U5ydz#4d1d6SKx1$<IluYvY+btIye07l;pL%{_4f$!wimAm
zo^Suy8uiSM2OFA#XX9dCIeEv3R}$eJA>IOcN0WD<c%>0uop>4e02OXpZl8U=+1hU7
zbdz}H@Z6Z;?qvRfczN*b@z&qt$Qux^BBFgi7O#-nS4rN7;#Ea>e-p2ayc5aW6n~U~
ztI73J6X9i{9?x$Lc~#^cEnZ!Ocer>><efs^HR9Rp4BvWg7Ow+dUN9fk<n@Tx49~Z}
z{ZPCCc!hy?I(ZY~wMVq?P4Q-^eKq7Qh}RY2eJoyjJnZk8<YjG^I=?*;-ukG=^IJe(
zEqQy3*ALHkJlI{l3V2wO%liku4t9B4HjgKWHyGhnh*w8m9eLjoZ#crcRJ<1Q@RgOx
z_H~J8uQz@Dy+gb%^6dRb8(Zt|&&3;$@LmwFpFDh(UebF{yvYdf_u`F`*FfG^;!Q_*
zpNTh39=`4?*}lE;M_RZV!^cXN%WQ<VJL>WJTO_ZMymQ5yhnE}Jc43B<GsVk1Fnm70
zoV<4NGVwYRFI|$wdDn~A0MEUj-9+AV;@RteXBg`8)8h5PbI%`FlJ~B7`4Qe*;ti75
zOx~B`6~N0$_BL$aqIe_lDpAj#->xEWD?Auilk-~!&v$&zK|Skx96wgF4+@W0E#w_8
zUS)(=DqabB-zTqLyqbvdyH4uWM$~JO?bcwsZr-k=?LI1AT|_?~6tAB8aXopz6t6MD
z8y2sFyc@{-K)jX+?=RvFkarV#EAhvZxSCuC?GfGz)Z=w9N#4!mZ7W_^gqJJc5_z|h
zcc^$h5#E8~<sKZa)7!{9N4)+B?_1)Pl6MDrKM-#y!n;PiI`Zx$uUEX$2=8I>+R3|{
zyw}8=i10?l>nG3sEwAk_|0mvbg!h4X6Xe}T?OT7#)b%$P;jN8&y#5x+yPv$>#ao1D
z=P$0f<M__v<&=hhPxnLeP7^N^PcpvenJV#W;gw*ccHDiCysO2_1LixAy;8i@@Z5Rq
z!{psBUQvYCCEhrBkB~PcUTK8)oOrQA!uI`$yg!Lo3D0*PHYr{qJa^vt7<pgAA7|rg
z@_1DZ&-c9bm3U?F@`Cwzg1jBXtBdGw9_sP>tEc`xN#4=oHAS@VaPhjSeLp7eQt?_N
z+IOLN!_>Z?kk=(%XM}f$c=O~vL*7f`^+b5ji<f(7xL$rr-i&wy5#FE0t03<=^488x
zT`waM-kPY#^V>q+^W+tZHxc3OBwjyxKO^r%@n#~tW5t^$??v*O#aoE*z9U}dVc~q(
zcQV*m*nahpcxib5*mu0TU%WVZzaVc^yexPH*p4f<T`RBTrp`wLyjI+9$J1BH`vmoH
zHF-RU!}A>v{wdx9yu85sC3zcfmFktl^Bu1;QP0{M$B&ilvhaBIEAkEyuQI~hN4!Gv
zUL&twylQyE%PmO!&yC-?;+4URuaOwPUz2y6csY3g*w^27@!F0E`}-U6ej#37gf}GK
zYVzJB??2)dz^n4~cV4_fc=r2sTQ9#QZ<DQ4=eHG}Z#{2-dOW|wM~3@{`|c21X9tPb
z3D3=eHPhw&#G8j_kGJ;yj@nlzURQ*7mUv6#y-VJ0;&sFG?H}#prI&~M$M4B|PQ2a-
z?`iQ0$onIC)8Y-l^UcQ}#jAi<7>wVa$Xjch)cGBW@X}C^=eLEtKa;nIcoXp4obvqc
zB3?f{H@|-&?^N+7;T0GZ6lb3(-VnT2)UoyQSMt6uUK)Ns;5*;_o_O)2!t>p~k=H9;
z4m{s_d04zQczHql{!ZST;@R($eBSHg^^x}v@;(!<D8gG1Z=AgUBQF<?#?|ooBf{Gp
z_0mu;jvp%v<o%PpBg89*XODBm<wH=<ay+;r`{;1Jd`#ZusK@QAi102EFOR%`k=G?&
zWrTN!c!lKso4l9AtBUZR7q5i8|B&}L@v7nZ*2}bbW$<v*^8WEDdFyVQI(~KVa)U9q
zi?kr8qn_n>aJ?R04YKWTpOLqhcx~`}$E)4M8-wSLS6`4<EnZhde@_x`iTe8`dDn{9
z1JCz-ewBE+$Ar)4|0C~N@%keA`xEhs;ko{<SR*mEHjnR%Hx%LhNxVApzDC}9+ojI$
zSj70Pg?c={UGUs`ao@FN?b}zpNq9xL-4(Z9_7ZOhUN<V)dRay7`<8eaI5_*fYVoQn
zLT@edt`jc~ufR19m#%#+;w`{y4cfO3d5?=%56`#1JtAJyvElfwOWs@JHAQ&85wDxP
z^~w8>c&!oMym-UpZ9v{;+o!IVj)?Kw81-x{<M^>M1J8}$M&unV-cUsQ_7|`2xN!V7
zCa+$+(FpHc@!HAzI(c`CHvtbX36sUGm)phbhv(kE+LXMP#G8$1-}B<lQTsM0@2}!5
zM0oFsmw9|Rep`^Yc7E#o#_;=A-|=rv)Z_Urf`?5n@4w$5Z%^^k;raHDLh;I}eOr-N
zBcA<!-shbvUITgCkax3qx$u1R+a_KoJU74FlJ|^wMG@_LO1yDu-}dB9i5G`gnp}P1
z@#<ai7T}Eq^RWYYpNiKS(Y{Z_8?Fr3%TDBNu|w*5>4+G=Y}DiRG6T<z-_GQfif5l&
zNcZ&j0P%892-n}P<eep6AG}<Tce;4R@Lc=sJ0h*^w$82=Zwy|A$GcLzMtB3LXU}hY
zkoSOiIr#muufO+*mw#f|-#y9ug?M=p-jH~4^7bZgM!bRu@6X~@k@rpVR_&O&UWy{T
zHBgV&O9OfPl2<HV2|VBNU=Q)y;N=DLu^)NoiB}fk)r!|g-T~y@C0->wJ5IV{eYA3$
zc;oQOaJ#LS1Ihcjc=hmn=g%*Qmwi%rK6x;Ce-*D8o}G8P;@bC~cxCW9P|4bN2zeXq
zlsdnC@O<kz1NC@*C*is0kHg3-5pMvVZ+`a{ZyuhT-^0nP7H=3{j_WKgU4Ks!FRLp2
z9Key}wTd?tF@9HzR|l^(7(e%2u-31K#mfjjkKmf<+V_BXbMWl(HXp}O`(73=6P|BA
zUKDQ;o|}(j$@@sWY<Rx;_=k9zCx`QKJb4=yq^_5|2yb1~v%bfJfhZ#H1oHM3uQ0;f
zOS~%bP9m>Pypo9VJ4?J~cy9boChsQkN+Y}<h}TKpspLH+UU`J~n0S5Uokrf<;#Ed?
zZ-_TS-WlY5Dqc0bj9?D!!mZ~|#G8Vbhx=_ke~Y}$c1~R{b?}_Q-o~iM>m_zdxPP2Q
zUWs`15&hj;ybO45e$OWFZ1EZ+yc+TH$UB$38^mjd=R4lFidO>9j^j3d=aJVho_!9?
z=RF}_J$V<9_qKT55&eBbyl(36h2;HDyq*Z}bMXeqyO_Kkc1c|?eeg<cp#;UPojlaz
z^)d!;7<Fv?E+Ma4ym@%G4qS2GN#eDi8a|(Yo4jkqOUILu&$~*z3Gyx@?`iRJ;rWjD
zPl}gQ9j@o^kT)q_K0M$4`?h#R@bWMyHhx!-x5loi^HBuPjhT(1%U_CD1<$r?-gn8{
zNxWiszV*Bv>X{wKkCj?@ZvXfmc_)Zh2G9OZ$Q9SV3h_GO**{TZ?Yo-1X7QTvxgOtq
zd`G;zns7d@A@5P~THyI!uRbVV3A_??!rFH&d2fi<3C}mbuZh=0?YoY=e~Gsmo^L(R
ziPr(IENI{L<ZXmWvf*DDOu!&KHwSi;%j=;Y&+jBWw_a`_uTZ?92=7FxH;j6|c{^6N
zJ455rPTRdsywM1+MZ6{QZXxd}@y6l#=It@@vc47Wm-b!#HfHv?3Gt@jW!eA-#f|fu
z;uXWgP0Q=*cJlrs-W)t<80qr7cy;jHymgYd`EIG}U_Qdz1oh00+eT0t$-9fZa`6@-
z`g@poE!5vG@-7iC4WFO#%}2d>{qWp*#J%Koh?fb^xBhMtZ<M@l@`l9AhG)kESKNF&
zC*CwX_rApg<jsgz8PUE!i`RK(*x%LUt-pKf{8mSJYoi{|Zy$LNk++|CweWIXXL0HJ
zTP)rPyc*nZ$4UFQC#;^$<Avh2!pp?%t~jqwyu7o*{o_&c?h&su!s`^Tl05sjH(dM1
z#Os0QTYtY2uN7V%I$`~NoV+FR`Xjtg#p@-nkG$>nNS$B%oTRUPTcMuyDIN^$7<o^T
zceHq;@O;mMhl@84&pi+Jlh-WXRD|~(@d|1~?`iUS#hZ`l@5AEN!E^I5K;DFSOA+mR
zQ@nO+-?QYcS(G{-nfN@Q@AzWBY~%SDh3Ae}gX9&7mkrOif9xvWG(0>7EU&*8$U8;6
z{0Q#^@iNa2y&>|h5w94YZ~Zlk7l-HO<0bO?#4Cm8JJ0!%c(w4{dCo9-Z;4k8&o>{x
z5w8!Pn~#^t`%Jvr2ya2W5%NaJ+j`H`^->S7KiEg@!q$kDEl`iw%M`p!ICgw_mAoUx
z%gGH5bDVdmcys55=Lhz01zA0t$BV?v&GnDpdEza?bL00qd3T7HAK~31US?hB*}pa9
z+V>Oj3gP+IU!QpS@bb_<8^1Tm`>l8-5#E@1<>ZZ%w;*0wM1MaPuYvme7J1owrLLEX
z2yY|QvoVU}$4VP{6Xfk9URADte)kk_HF@ulcZzs55#9;n4U#uW-WB52MR<+kjg$8W
z@}3Z{A;No9yjk+5$orFcO%dLtc(L=s_52=r>+YR8zbz47I_mNKW|KEfUR=C3c=k9~
zT;5l_LU^_x+5Yi9d5z+==la*n#p0Dv`)0^{K)g<Pu1(fPm+uj;lG^tHd9R7r72%DD
zS3}+`dGq3R!}A?q{!hGmczI~Qjo*jltzVovzrFDAU$VIVu8n$@<H0>0@M@6Fn<H;`
z@kVp~uRnGcZyw%2;C)2iN#dn#<^O)~<HYMZe`RbY@aD<;u6Pyje9ym^i`RBRxPN>?
z-fHoxBE0*=TTR{qd2fnW11}r>aK+8X>*5W<bLSiXCGRuwnj+e_AYQCK?C&CZ-}q+g
zdTD{@JOA4Z^?1Ex!*l0<pOaTAUI#qidOkqBGI)6y6kC5w<XtRYcSL{B7q6cB`xSXV
z6t4$fmYWP*y7{<QyjFPb^@sgKyjIWp^_qBt5$zihZ<yM*26>-|HyqKve~LFr?Q{Qz
zp|vk(pVaxCfam&%yOa6rsAspw?M9TW3&Z2{N^0N1;!Q^McYpD6;n}*k`AsM967i-Z
zyn6A9$y=MeABr~{;oU1<1$i0d{ZhR72ya-tI`Y;d??2)#MtJk$wUC!d-d6jj&TnjM
z|M4#e^>}`}$lH*-BgIRP@D3HPpS&#cE*CE|!n;JgQSvq+?;-KBBfR^?n<g)tyw}9b
zjqpaqTO@BY^8O`WKD?aeJu2}(x9`n~mw8e6IfWeZw!lGW1s>|&M=y==vQdxcx0bvu
z$vaHEnuz`$B;FuAxBupncaeB?5#D*?jgz-Ed3TD}5aD%*H%p#<PqmGO9sgbxuPMU&
zg?O=x!~SkZ-WTGvM0o!dFPpr4@^;)Wb$;96`JR8bMLnM1LU``^cSrJ06t647J660J
z@(RfNu6VuhY7<L&`Ty1?E0>Gc0nffi(2n=Jkk>0-#y0-*gNMZ%Y6#B{3d#GOc-ips
z6HQwFziZ#Pc+>EjP{Z1{J9%G<7l-FNpIj8L>XLB16p@#=f9m{}!Sl`UH&Bn~w*j7;
z-@V8?RJ^K)_8lnRYHD9Gd3EB|M0jV3H%Q(-<h6@e7vWtm-Z**oZ!_Ci*#7%7@fsq$
zXT_T(Z-4SW5U(l1`-^z7OT+n%leg{xsq@<s;iaP<&u=z)2a&grcx@5hp5hgfS4!Tw
z;&nuLXNp%w-l62(AzoL6cZ+y6<du>4bMaP3crS?8MBWkP{Y5<cyFTCkJ0)HRdFAA-
z6HlGr{s?a+>hb*cl6N$DyNEX!;q4&aFnJZ^m5VnV;T<O4Bzeb?cd>Y*5#IUY&68J2
zUZ;5D5#FuhrGGoz-%cd&dGRJAyaDlY$*UsoUGb(Pytl+FChrvTRvehRUS=b_CGjfA
zt0u2dy!i-kC)DHhS4ZCI<W-5c7~vf+UJH3O<h6)rFXDas+jqt5BJWJ{9v3e?!h1x#
ze)4L`8y7D#!uz#&qvV}K-lyVaM|huzH%(q0d0QWpx?XZ4ye&{KEf&5$UnK8*@{SfS
zKf*g)yv)XMf3ts=&$eaHzb)bwMtI*9FQ2@N$a_Y-;t204@#5q)koT^5@d)oN@v6wX
zl)SIRD~s?x6R&~1M)L9xPMzP12yYwIOQZR1BkywZjux*f!aH2N)#Npice!{q@O<Z|
zmxwnA&z+xMNnW>j4e)BwFIUonaJP7~@Z9T#X7YY5-UK|~@#R(VvMvwT^Ht<6i8lq$
z_x|6f;uXNdOS<LP3oYbrS(-Y(^AX;rsF#Mv$AkXYk@tP_;^L*@?}2lJ$Jm7#R`wOI
z2VM<sx7RbR<ee{GUW9kHcxm4Wy&sU*DPAeOd}~lp(t^ud#jAzqUT?LL_kwu!@QNLV
zOXvMmyeW9SxZnDFBYD%}^}zG3mp_Wv+7zyrcJkIbBz1oKBD^%zv$n?ZW2KwCTgcl{
zynzUBTk!_S>mcuV@rK~paoZJZla-^z8-tgJ+im=AC+}MEM&bF!?<(=;sePT~Jt^LJ
zgx4!x`W4}P+(q7mc$4sa{e4rsTzIa(UF0o@Hv`Xi{QFqEQh4t8cQ1LH9-6vd7U22D
zFAMc}y);sPyU9C1yrqct?IT`0weJD)P8Tm@JOA<TWbuaJx#Qnz@~#mt7hb{gic9>@
zt-ogR7U8u9>+d1*9ult{o-<5z`F`=5uMB@*(L>(r;#I(FOEhiy|IYiRcx~{yRwVY1
zN6Gs@yh(U@9`7&W<u-@^es?c<D-TOuFH7)z>v;w0SzF`5w%Xy@c5VNCoV@MDOUK`j
z`_|vq;`PIG@9*}Jcer?&5nicyqvSnB-UZ@i!?W$W;^yNV@uuOGp_28tpS&ByD}-nJ
zr7O;B6)*pL;om_%P2Qv8)xh(u=Lf|bgx89VTKfjbdtJPCc=+g6vbgsBQoNF@!tcR&
zmc0KHZy28M`SJttCgJr4?HeR-Z44@wdGhxQi|`tftqb?JHBryn8V~Mkxq4-+BG^A(
zAa8r|>hk^Td28{;Tf+4`MBb6&HNx|quN^Ah0z7xTdWpO`@$CBneBN2&6<!m1!{l8j
zUN=17dTtS~9v*I5UN0|`_o#RS5#EF14UjiN-mk<Pi|}3+Z;8BD$@@^e8F;?q)!)P`
z{eC#VqvWl7c<TC_kMPn_kJn!vd9RbVt9VQB(t|Z?7jA#sQM`6|?)W!GUWIsRJNWy1
zq<B5lzBkBg5HAy+uYDJYH%jdrC$B?1`@RO>eB317G_~(7@}3kg4_=;U{CdSpyEc4&
zn;`Eu;+4V6@pz-+HNdMxJv*MhL*75dtA*z~Uz-(g1fDxzn<Q`DBU0C2BfJVv`_fU5
z*WUuX`JjD&Aa5t}Mk2iJ#G7diy(#i4#LL>zf4n+Uyou|=<JEiQHHw!X;ax0V<_|(|
zn!G#3D}h()8NUwk%HfR#<M%#!KNYV9p6~g$U%c$=!{^@_^4=1!51w!R{YJcQcy9fD
zK;FD~qY>W!i8oK)EO{FqnY#XFBD{4`kJn#mTiCu2$tw~swv&JV*j2nPcy9lgBd=1t
zOn6q$6>F1~W5gSU*MZw@|NV%(M)BhCeDiU!cvUxq{hcSTQ#|{g2%mSWczxu3Lf(LQ
zO%dLY#f#k-wr_#Fcf{+A@O~>^C3*iP@89C}!z*8&fyDpZe0(HcFT9yxJ{HN##)J9%
zZwa1n{5C>8UVrU3h5h}UynV#WF7U6HJ;j@b=hn*-d8de11~0?Y-xI`ZXb;afz9R3t
z;#I=)ov&RkUMIY=VEk+#Y%DVH^MH8u@Jc-GyGOh!cmsjA26?ZD*9*^ge*cnq9XE&P
z_i5z4FWxjfU;F+fUhyqq`&N<{J1TX(<m~Jpzc0j_gXhLCoxB~yD}tBl8NWQ#!^4uV
zKZ<S*k5_AxcZ_(Y@O<-ogm|^^T>CP}yGXq12=6@c`p8?4yxYZVgqPvz@6F;Zz{?BP
zOD1{Giq`_K!Q=fzyzGwf_1lKz{aL(uc)r(1e-N+kw($HQi@cRbr>>VYd_O>`r+q6>
z4-ZSuZx6h&pud}tS14W?JYV~E60hO*uzlI&og|)pPeg^MeaDH{2X8)T-)7`pBVHf8
zQjgaxUiTege{;xtLcIA1?@{sUIzw+u^4=1!2!GGt<!Rq<#4EaUWo$Hfy`M|of_P)W
z_X9W*RhP@h;w{}3zF)UBc^e&*x?aZN`JRu~Lp`(O2|kv7cldmiN8aAz+4mPT29L1|
z*S_7wtA=O)4xgRBY)4*|cr}Io_8l+YU{~0_eDbamuNhvcr+rt5mvK)xzdMrmBk_hK
zyobb_B(H$HQSs97cj3O{)hpul+#4RRb|G(0yi9n$`Te_iqwp#*E;b*9<gHVYx?T$4
zWqQVMCF<c}$@P+RU-<m7J9$OomB8~IUv?F*9G*R|TKkH~J59U_c-9VAT&@zY4W5m&
zd3%v}t$3C2e9v!JiPs6wJ--!`_oR6CJqN!2_KG(}{oRMW--_1)ug!H9m#)8K;$?S-
z@3)tb_b>6%@ptRK^*1M8|NY_m+n>CwV^h~l7Q8%9`_@N2Yim5XZvtLDvdu@FyuHM;
z?<FV-9%C0~SlLay_yghly9beXl6dtI{XI^+DR_C<j<v6pyeq|Pg6CT=mx&kqVYprn
zC9g-kj)?aCP`omDu6<?XjfvL{FLQas68}Th<?<`>>fsgQ9_#NB<SmHT7vX&@UN?E=
z<bC6~)b%n1&o_RXp`NuhzTDbaY>dY5Xz~seZz94g5ie_XI3E?{oh#m4gm<QR)#M#V
zUYmGn_+A3vd|WGD4?H&?mE`q_mjy3B7$dtt)#dUd@h0Fk;U1gc6Ulo+yb^f131a#G
z&U;O~@&{MOYEZ+xD)PP*uNq!~$6FMy4_<5FokCvz@u};j4W93KwGHZ7TjRmD3Lgsh
zk81Lc6t5GWJ<b)E4;8Nxo^99qdpday;&s6rb{H<5cY$~{@ZxJEyc+Tz60ZseKi_(}
zU%b^l;d(ifyf?+Gi|}3-Z=AeZ@;()>37)M}S6qKT5ij;g_<qDW<mFYS&Tnr-`@VsC
zX2*jKb-;7`M;&>`i8mPG9VOl{dFPXNg?OXzYJxV{g|*2_qj>Z1a)a~Tdh#9?FCX6{
z;G5qE#LN6q*x!rDdqccpc)tDZHSyx`TG4J>&kf{#Dqbx-JI`?iRhP>r;*G$Y#69L+
zO5Wxtq|UE>uR~Q}*oE^pK|RZHyAh?kH~e>(8p%6MyfplszHj^v60hg6aQrSO?|kvH
z;Q5X(XNxxhFAwds{x*?!i+H&a?Ylv|MQY!b<o!&%LU_LC%V)*Qe>{ACYbI|_yt0V)
z{aw5Ucy52YioDHEOr75<cv;IcnD`&6E|-l_&vHC*HMSa_JHKxsuT;Exc)sVi1H_wx
z=bqobPu_*%b;2tS+F%#1eRbkhJ`ukE*Gk^4;*CXkH;T7J-Vez8iFj%FUIH6uS6uu0
z#Ovt`kEd<qO^8<n&v!g{Q@o-l!{fn?<gIs7>ipKgD|d~<rEA|>sAoAI+&2hs2HEzH
zcJg);uMeJYy%dPo{ZzPKZXvHyykU60*T2VzHwh1iu;uo3kk=&M6ui8kPj-Q-%jMhR
z75q4SJ##yG_ljqW&)2>?#p{CS+Sf_mOXB6g^X(tci#G?)?H_lMH!WT%Jl99-sLOv8
zueLutAL=6Sf8v$F^R2(n#cP1qitX8YxtF~Bs?_z@2+w!C-v;%pt#SNVS%Bw`SKZ_t
zFJ3FW=EOsm|8Itsqs7bn$;z1hJM`AR2gqv_FNW_C$W9Q;|99TS;&nY89-mi}_po@`
z@O;ll4~RDnFArO^_B}-2Z^X-k=R3ZPikJ3Gczo$0?+fuN;raI8|BBZM&mHd{B`^2n
z)cLK0SL7ML%~1~zOU~~&yzZdCz2udO*A1`3;~gMg{lLmte=xs~lUFBR0lr6|*yEig
zUe2@O^G6?fw}@8@&o_QIh&KYyjo(w`JuO}nJm2x)N%3OOg~x+_^4=3~bwvAqFJ2Qo
z*S@F8TjP|}`5l1go8K?R8-VBLcYwSC@n+%q*7NqLhleHCOT}Qgo}VS}c=59FJp!4Y
z`8`^^X?V6>+usJsYZWga-mu5JTD;8X!`Fi^koQyZX5poKyngX2einZIYKXkwi#HDs
zcPER>6XMmuv*VEU_a*XTr>4&D0=#%q3+*q&YlJr(c*Er7i&un2<(uDaP|w;L$B&hw
zp>Td*Chr*WYT^0T-x1=Cz;o+wguF)ay5Q9;w;=I9Ym=3W#jANSd_DLodH0I92(Jyt
zAy=Gtr+6(dtz15@viTS#??v%i@ORg~=ifo`GF}Ove_tnWM!dcV@6Y0OkT*tNMs@0X
znGF6eT>HBU^{nsl;Et@3aQ(eO-Y()zMYL}R@p9p{!nW}nC+|e@?C;Ed>*ZMSdf;^j
z-dp5dC0+@<hM-S&fvU^p3i0B<41b?ILEaC=>kIzwI$)CCz2bGe8jjyP<c)~eAJM*_
zi`Na$eO`Hzynl$78}}biXT+QPRd_u819|J6mbzXFBfPax4-ZSOmz>ein<8&_@#64&
z&%Zm1R}QZPzO9${$U9NIN_f8WwPVF=gO?Y0)8w^^R|C&?yuVt!K6u%I_da>O;?+fX
z4~sWK-VAwfi`Nk0y&>Kdc^{DXrFc#7eDkp=-U2)~AG74`c6#c1X@}=~{wP2_JS@3h
z3SSGKKRzVyRPl!3**LpmhLsb=8-`bg+iktfk=HKXMBM-Ri0j2me?9zs#7E@)M7+EM
z!()oI%eAjhyhV8K`Fx(dx5dkc=NrE_#7p~iIDVgy_aE`>@8x~x&-3DS!s`vjZ-Knb
zGg9ZbBf?t;^{nr4{8%X&3%&o6x3hSo@O<kpU%VN3Zv8EicanHh@O;OE<HXDTO?W)`
zoV+ISW+S|Bi&skC5_$KCw*b$#o;$^>gXh-sSLFRnyo`hV$NOi+>xXCS%Jz@gnu)ox
zaheh@2cGZv_pW%;@Z9ll4f4JcFE7ITOuR+%(#XrLNnL*h5#Hvghhd7v@na?Pjj(+y
z$vdnj)hmMMTQ3Kp9((!l^5EL|rIXhrUL2lpJ%3xga(He%uT9=V;#I=S#CBb=Hd(p9
zCbfNS@Z9`nkoN}atw8;i__0zO;k{Oq>J5^&9(iA&9(#=u-haiLB`=e_ExwiNwML9z
zHtO+wWWO1X--hIsi`Nz59VT8Sd0FILCSD&r-~Q1cUI#q4e{4eDec}zk^R2(T#OsCU
z)?YSxuZlMu;r&9qG4eJe@1Nq0Mf7)8ym{(x4tX1$nL57{@O<leJ=Ej*O&<@}^Oof8
zDc%e`-}n`ZR}9aMUoLr7;?2YJweNWGs;PZjlXs<fv4j2XyG*=xYF{3C_luVS&$s@%
z#OsIW*57vI4T+Zp&)47Q#2cml=94!qUS5RvNAVWP+mXEgiB}ZS-_OO%|83ac0`j&#
zD|P*q!1Jw_El`iwUmTuWFT0R;xOipo>~XHRTq<5IJln24e-x5;fq3Qc@*Rdt=ba;7
z1H7id+nv1I#A}3C<nh|Yn}ydMctzw5iq{Lzw_ctRul22P|J{qc_rx27=UdOe7jFQb
zThGPht*A|%-(h&Z@mmsa44xameaPEIyjgg;p7GlO^=xk9!F{D~hrd56A@4--(o6mQ
zJyyIfc&@+ulh-C*COqGKTq|Bbyh60q)?b{w$HdEp=R1Gt5pNovJAXNdyw}7lg6Esx
z5%F>+!v2<$Hz!^RJR28R(t_}J@rvM;;Xdo{q2#S|cItYmgqPzmTsm(h>RFBl_cg<-
zL^iLCyh8CB;JL@xL!Gyic;oPfald&-kXI#MKRn;@>Ui-weit6E%E@aLZwQ{P16N%8
zt`=_qUI!{!`;I2>Ve#hR)i?~7&U-+-(s#o5V=KseRlM>;{OkD_;?=$zuIJ;(`@4A6
z@O<m#eepWsx%E;>-a6-`u9rr5=yI~S{;otl%kkizDR^VZHhw3Px085-@G=~N`YvuK
zUhgF47Yo6>D)P$38^PZV`_{{0;*HIO>*W;kE*5VbUO~_&yKwD0U%YvEt+?OXS54lX
z;w{088x$1hb%@vaw{ZVBoxE4YE5YBX7CQ`=&ijRUMIVIkN7Rt_AMxz(i)%dIym(Xa
z+~>{CByan3Q`gG`yk?KLHR@Sg<H3DPe-D4(T}$4f;#J`9B6EYs*oEuwf#Nm%BmBJR
zIpj5p*8tCVe7;z`ad__esE)ix#A||==V{++@n+%Gqn@po^T~Ttyl!~q9`AMWDnATA
z|58uhzr~w{=R4kiBwq3Vg~$7g$lItcb$-*(IN$iKhk87}?eN_AHINq<F9V*NQ|q?N
z`-;~CFC!SgOUXM^yi9n$^MljG>xbvg4;sn4PQ2WR{<erWP5r%`yk7D0;pJLKgW~%8
zuy~8`YEZ}4OA~p&60ZzizQb_oyqCqRnhVeWt|aeo;x$CHZ(6)@c&>fT<bCbD)b-K<
z&o>`miC6f~a6YagFJHXX@O<ZM+n}EHJ&qqMHSpZ|S_^qci#Gr-Bk_>s|GV)!T)b|0
zd8lFY@qO|x5pNit@AzCV-Y~r0z-uM%KJgae6?ocrmw0s_h0jMnAa6uG`@3A<eEeLz
zIe2dWXd`b%ydrqEpS$A5@6Y1pd>qcljpVI&e(HKDhnMa!Tsm(p)UzB9?yG|5jxX)x
z6^d60&o{q2iPr$n&F?MbogrRLgm;Q~o#b_p*D79pgm<-ggXG;#UcY!v5##rScvCcf
zo#eeMUQ2}cmUs)~-9_G4;<ZJ1pNW?-AI@(VdD~u)x?VaWyj;}d^^!;4z2qGuURQ*7
zgm@+7b(43cc&j74%fzcB?*a0DBwlZX_mFt?<gF&}b@BQmykCmfO5Q`{{ZqU_c)sJy
zta#n<-0`J{ysY}v`5ldD-}<P>^E*cEdz8Gr#2bg_J09#N-V8i<Jm@9wH1Ve3<p#$j
zyRbG{sS+>!U*YrR<K$f{-V!|D`Px<D)xmSG&-=)GT)b@j9k*{j9uaQ{o|})S$oqqM
z`N7|XCwdw7_jlsW!OK7;d%o-^FLq(-{1(9T9q+#oZxNn5-ak#=w&E2<^fwpvc)etP
z683k1yraY`g;(G@i%U1ZW#Yx*H3j{Bmb|OPYls-XE5sXw=f-c4y!*v#gjeQiUzd0z
z@Fs)yy+Gcmcth}f^YMy!-Tw~fV~D(ei#HPCeI(uhc`uQ-*+r@AWh}zm81;C5$H*Hd
z?{M)ZBD_-ZX2^S)yhib+;Mu&n;?~Q>;w_OkLf$>%&BF8Tzn$V`Erjd&Rq|dDZxNnv
zeqR!=6rS7PM#=lTcrpClzt4MLylV1ZCvWYGQ|C7wUZWd4T)OdF6ZLq08{xU{dl(~c
zPw|@J`Px?~-uQpQ{=Pw8jd-mQ-l^ivk~dD?4dS)Kv)3uExc;_^7yEDc{XTDzHzb~Y
z|AVi;&xtnx&&}@yd4Cme9G=y4#kKD}@y6hlp^_c%-yv_!hSd3;h38w(_Mt_d->gr=
z^*l*lfq0AXT$`+oE^jYhDLi*P{R4TG;w{1BvLd*0N>J}>!S$$mHK=Ff|Nm9*Y|nOc
z1KTcKKdzB_ITf+k=AL@ZsK?`1LE|?~{k>hhVtBsw@?)tNN4+gQ+kG7Mc)Kmwu3J}s
zrR}~VUJblLkN1*zUDS`ik@v269q=~wcyEa}3NH`!Y@Pm{ynhDX?t#$<@BT+Z(E4a=
zVZ|k>>$&{Du^8SeO%|(XWl6R>hwaYbcH8cUwB4-&Z;j<g;k$_8#e-}Y&dWhP%W=CA
zWqdJwzj%(k{iS^i@O<-IBlVV0&o{rP%62<G3-_asX}gW$<$UUYpXOrmy2<+&dAEsI
z2=7?8Got@)T-wF!h1ZSyZJhs2-s6Gi#<_LT|GwEH;+1|Lp4a_{ykAQD`rvJ56B88I
zzG3l(;N_u?weM5%J`isdp6y4jIPWjwO_TQ-d9h1V*XcC8JspNi=Y1hw+85#LlrPBJ
zQoQWXVzC1}-lnK$c09PR7G6EF_4iBi_7krP-p#>d?83FLSiEs~Ls$pq{g1qp#hZoq
zM>pBzRf^aCCHlKE;jO@>ZP%VB>I2UaBTM*>5YPHMSG>8et%}+2Gpv1IBkvk%U&mJw
z$8qs0)>@TZFKd!_pLl)njzGIzapQNFc#ZJve8bweio73-w+Qb>hoHWTkBiq2&))wv
zZ!PkEBVOy*R>ZD#jU#VVyn^*t#fEXedFzn(k$CB8D`IPVynl!{2hTn4uS;IWw^R3z
zEO@^CZ58TS-{Zly7UAU~Tl>~0Z+r0y;Ne#+$>PRuYw>b2S0&#E-hjMA#Os9jSW*k;
zBQD+uyp~}9*oeGS#fz`$_f8bAbi-B2e^+5+@-7r_4&Fwd_SK0uwb82N`N7x8yI#E5
z$`!E(Jl^-kTYy&=^mkM8o)B*}yyHFIqvBO>yej#=%I4&~Cf)+Pojl%%c>VC)dGQwH
zO^cVi%D-OzDBdExd2H9#-#5tnT)Z}T2YK4}AMs{43D@6N<ZXf%VRpE~P0M8r-u^+h
z3%8y(Kt0|+I=;Rt`8kSh$lF7_jPw;TyhKbE=j|e1ZuY9=@13_LuTs2bc>8#c&&P-t
z-xTwUlXDxt?a8}Hyur0rc)w@yJn=enR>j(b^|u3g?c!Cey(0E>vbW**T`yklmf`-k
z6M4PjrLD8VK5CgPZu}k=Z}1zdlJ86HOx~}>D}(n=QVZMns(6LD;r_NOc^`|Ho3SFc
zo5%Z5ysoWQCC?9bBX6C{QrBN4Jm2wjCF=3|OWS%?@_nv7$lF@HA$Y#?p)JIlg6Ga(
z_9Sl~@fP51;py+5;+1U^J|FE(-bvzRt-B)moMWt;-{Zuqgja+6Z9RXJyvxO_gy%aR
zTq528dHa%gmv~+94zq>@#kKD?@v`#5^|v2+{o+l-^BrHF5U(9x4Yq0hJ%GHo#mimK
zzy973Zw{WD-vi0}OuR~XPr1(G()D*iysB-(^Ou9k%f38yJ*Ta|B6g(5+X(e|J!fwh
zj^82V?Jr&hygfYLH^u9KSA%*seut4)C0;AM^*rA3;?2Wz=U0c5cY%1F@Z6Xg>+<zd
zuPdTnuhi>CJ>U7?!_vMbYTr@RzL&-8g@@DFWO40#QM~l+!~Pya-h1NpM|fXJy}^k7
zZugzk^)iHd<;m8C<F^&+@p{QZ``qi_<Eec|h?kzZ!v3^ASzLb)5w9O!2Wr`RIf1+j
z#H)pOcv1`7caC`R{P29}B=T+-uOFW8_;Ry&ZRDLy-cQ9_jA&oKc;n=qO5T)sr5pI$
z_pW%^JB0l`jlBPf*ADMG&-i^VUJbl~U_Q<uFS{vqy<~0Ze}3Bt^-|W$j^XRUZ;@9h
zUOBv@Jnh>_yb5^keD^H!%Ear2w}HnySiCNH?)Y*xd9~v8!}A@l&JeGMymQHG6>k{c
zCZ6_PEnYvo>|j35Bd<riNqCta?}y@zl6L`luZTAb?@EvNl6ceb-2QtZd4CkIb|b&{
zj(80_h2F*F{ad_gcs6gYxZ}%5;>8NW`Mrd^j4M*t^Blah9EMBhtwKFs&l&LC{_$<{
zb`Y;3YlZi7s(IoK!yCi)?D%&Xd54QP1`nqK$>Q2qDqj1}Vf(&A-udE{ZoI<#d*`#o
zi|-PS-xcKDDqaJ;os+E#$L~h*%Hg^9hrUZ*pLnYyydR0zM&9?xdtJP7czb!;_e=3c
z;MJg>&BxW`eI#D`CM)ct2Fc>);~(PX?HbO<HRNSs=i=ADP4G5KYT@{;k9xfRCgHi`
z)wSg9E?zslLXWqzcr);<p7r-S@+!m|g14E+J5s!?!ti)?J$YA(HwkY`k9V1P1@K(^
zZXmBmyhV7v<LM8@tA^*s?<VqoEneo={r!DaygKUd&E$O~UIDy(Pk;X*UJE?8f80vm
zdf!c5FO~3o=cj9-9<P@n>hEpj6^T~^Z$D4_b`@_FUMuR^dbxwVlf+vM?|hGUoOtEC
zg|DaYB(GV#jO-QO&*gqcyu97R^>;UU4~Ulw?>JBU?h&s9o;%;YhrCzCYlMeW?__bu
zgI|a@32z>?Z2ayc?<4W%;N6(i!sEd|#2ejXRq}h^?k8{U=G67lwCRdiuE$#w^?1EB
z?HRuR{6q4#6|W1PZ-2`buN$7*-yS6I81eeyZRTm;5#sfd_b_>vi8lt%_xqy;@dn`G
zlwo;39wF~u@iI2^zh82vcm;cf-jB%pnRw;!4)OH&S@C+{x#Qns<o!PI)(DJFcv&8A
zLc9rhB|(3mAn&ul!%fSj7v7^mwhOnO7sSildsVDBcz^Oq^1lAP)b&@f`HJP^h9jM~
zA?oq^D=S_V8%8DDKYmPJp?DMU@R84Cao$eirGGPg{{0Dg2Z|TZSrNN6sfGP55pM|I
zFzQ+Ro*}PFym5HHc9Vnpu6@Ug*SycFnEm~Vc|RrZJn_1}u_E?gk5?<++ySd%)7Y4K
z&yjbXc%57Oe?QYA-dHKTV1Az`?|$*(+pLKF$}@gl;`JT6Dwc_USo?lP-p|BK&-1V6
zXT=*T3y=3NlJ|~yIq(YTg9>gwek<Mtyji@^v-bU*ypP2zD_F7oKCtVu^F9=B=%n!Y
z{0s8dy()G8$lck0evpoOX2*jK)t?;hzps$Dr+8)X3S8rG>DpH)UN3pSB=2<b8sYuT
z<DD$t47{FTz5I&28^o*L#oymn@!C!e`}-PsPm9+I&)454#Ty~-*W^u!*B{Zocg2fU
zhwb|fdFx)CI=_<<UOMXW{FadSCV2;l7u$73?CYNS*hjo3czLL2>-o3jog`j%gm;{H
z-Q>MZ-nYdogm=5AeHV#049}ep{f@jY@kZdC?D6gpum800_p9%c_ndgSg)3rbdc3E_
zOFKP0-~By#e-N(~-WeY6cjC3dt4BSXk3W*PMoa2?nSpnr$NN&e1$Z5S_b2jp5U*r6
z|Lfm8)Z_KndPcZj{!CuEc#ZImjfKS>Uk($m7oO|yU&y;eyis`0FxBOUq}~|n`Q8V)
zAN9B&SvBG7c>F2#@_iX_N5m`L-Tyw#&&6vb4}Yqh^xhY57~ZzAu(*EwNxTVo?!0c6
zyfv;#T?e!9)(N@fxO^#I+PA{zLHy}%vVA$?Ex@DGh@^Lr)LTToT+ep*Lp>hn9BkLU
zANx<*?wR6c@3A6wpvOB+yjpnf{Pbh;I>f7ncag`tNxaqY#!%1pw||lMoOomK_VRd7
zi&uYU*uH<0_XqLPidMvS^?1J%uNPiT(7ykWx90a#*Fh1yT|8b4^>{wg&kDUy$tx7E
z7M}0<V<++I;N=DF`;5Hf#cPIlpr?IDi`Nd%z25qQyeq{UhPR`~yG*>a+Hn1SN#4EU
z&B61%KDtx9a(LN6fB#3`bK=GJ^m|W>S4-ZCRpEa5NAa@Yz3{cL!|u58j(E-1-?b9!
z`D^6;H}KX7h;h6qD+syde*Q1<MlKAW-_|5=qia*w-x9pNJ>Gh#$Lp``qVTx3io89<
zEBdB?{p})N6Fj&6@KM0!ZP{`BMDfbu9p-7@vEp^ZbL(#%^1dftCp_PJX%a8%;&8pJ
zOWuRx^}@TrO)A>yVz+n&@QQH2x8v3N<ozu0-27(kzry>yDbI>mb7gq^+km`xrF~WK
zPVtQ2TjCXbH+(+~AB{`S$AWkR@b>h0AB#5%&mHeKCU2wG)b%$9uixXXhk7=a@!-C+
z=2gkh@8Y9k$@c9aUiSh1=fNYT-fGnIt%E~lyTjiL*TH7A-Sfp8fVZ)yA7_g<NnQ?l
zH;Xq0@4giwm=?q~@#f(bel4-C@DZ@&xI89a-GM7&_j|k^@p7*L5_tH?R?_>qc<BfG
zp9f!1uQfbx-<rJl#4Cn(McCct?b_Afi`NKm61Uralt<ozcmwdf>r}k*>%#WoBOl5B
zZgicjQ+Pl2v~NAsOT+E);J(%HN-@sXK71q~>Fq9FH!3~rc6vP43@bZ}H}iw=bBFkq
zY|<+eukx@JvAYw*^8cN8uz1BchOf);E6SvIp?Guf?D^6a=hcaqe^YoI$FJCuUWa&T
zW&Y2--XvZ*Ja_(#Ur8jrpNm%r?=;sqT)OtXAYL;(cOHwk=#$=u;&nu{?{DIbQ2UC=
z+w=#i>t!gSeOahyZH)(QU!eBkE!<@LO2x}L-2Z#O1H>z757#r^a!q;{idPQLcOF|O
zUI%%2OEc-+CSEhVLxMipg`1Cd@n*;?A@3#eM&S9Lx1JZT_~!6DXMghkE?({t{`K;{
zcth~&(SF;1<K%5{ed_$Sz{Ao=7T4bl)Z_WhzhzY{D>xn;L|%z_=|}qCXV_c3l3T;}
zm6G>u@#^3moNQe<9~X(&3(q}I<1O6e{5~jNUxe2!-VAwo%Qfk}A>KSZ-+FmXyxfkk
zeMgYDR$J<P6qoy-&(lzk=c5{)dmT_t-hSeh!}E<_v3QNtzN5)ISG*2*zW$ymUO#yi
z<aLNQ3D5VrxtqkBgI9@lVC(rf@}3qi@2C~_C)vs3*7K9%#cvC}O7ea$USoteAzmkW
zCzAKI8&c<Y1fFmFz7lU1o?FjV<n1F~#?k)uvM1{Cdda&zTra1PcfNSJ@NP?vUc#`e
zXNy+?uOK)c;4RYR{&BN-1MqyW^V-C#yCa+ryk(g5o)T{wUaqHokBK(~uMG8Uz2L2^
zq&Fd6>=?iIrg&+cp@+9blHOYQB{+s5`FA3@@O<xEq@f<qM>)K_pnbLE6^U02&-eVc
zt9T9Y-1){i<ee^F9X#LPC7dkYYVzvHYZb2>-nO3kxLUk%^3EskDe*?&*|@l3V`k+s
z@nUy|`$s)_Q{v6S^UcS*;+4R2^MRM($@$H=DRqABALYqOG->(&u6?Ue&vHDtuLhpI
z4`A!BfxO+s%Yj!MJjO1ZS0G+JJa@dml)R(FtAvM}lEryt;<ds{5BA?i@-7i?8s4T!
zEo@)Cc<pzE?Yo@34)K=Y(aVKoe}|-={ju}up6xy-+wH-2n^4cj`3l<Zlz27peCz&Q
z@pA4C-=D-w|KvLOpLm_{_VKjubMcztx#ums#7%lzx2LYFad^J>ueLxvURUGr-1EZK
z<Q*nn`f>i_#zEp`bcO5QUNYOZGVpVzc*POkY2p=<cP)9}6R!>)rYu?9I&BiK5?%&s
z+5F-qX|jC}i`NA2z@(O_XICE(uLhnwPF_#mYvK*T%ky|6;&s4t^Kk=tOX5vOc%O<l
zMjl>LCHtFybLx6YJKo>EZBUQbOZq)w`|y$=>7628K0M!X`~>kz;kog{DRR=gQM?Lx
zTX@FrI`JCG!zoYFdtAH*c=;ah5%GH9x#xYH0wle6#p{Y_-&^9%QTuSnOnM9A4Mun$
zi<fh6IDXiblimimq|WbTgqMMOJiq1Sp{Yr4H}MwXZRHui0`Z#3yN|qb@p3Btuj3CB
zuaCU@$-6+j@(Ax7@utZ8A$d25*9>oePk&p*%RndH{`(+#Pl`7LZ+nl|D_$8qJ8szV
z>S6L;6K@8d@4RG0yn6B;A@2k6mf-pJkH3i50nhEfKO!&Z*3|WvcY@#hI_mNI8z%2D
z@(vfT9A1WJ{7S`}hiCO{{GK51a`CDnyi3GeBJWA^`oyb+_p+ybKN2s!J3MdtF?p|v
zmw%%F^8z18y#mzR#k1YN$aXWa^VA39@-%ICy^hp*tA^)0?yiM;Ja5hL+&Uc~Zzu7Z
z;o<INF~iDs;;n|~=IvSXjux*K-U$g}`Tx#4T)aMb!>D2FV353v#hZe6w#PePy!r>i
z-wVA!UZ;4aC;7cw#Y@M*r#ooh5P8pw*9UJ+Px}VM>w)LS?<Mly6mKBHdtJPK@`lO#
zr+7o~3Owzb6>kWhJCA*tytVLV0l)s8g=fc8SKR!jp`PV<a7X6q&>JCdd-3wB{J;O$
zTD)5FUL~(oylQy9{vIISAbF$Y)ri*y&)45m#mm5xiyOb!$-7Ftk%<0YAzlr6W8~c@
z-V(fR++^U=&BtBh4Zw5HgKv;GC|>T#{=c(+M!b3Q#>snEyh?aGdD{1ucm)rI?R$&7
z|A^ND&o{sG;?==(^D#kQ7Cscn>$wk}Z+_QDJzmd4<h?`Qp5o2I^Zh=rP`pf>Jh=8v
zl6Qi5xu^I)XH+3xExa*|vmH<WK;HMn>ws6`nU5y%3VXuO^-Yo2E#5S|Ej`}d;tj)d
z=k4#2_ndgKQ~lo4;-%wc$$8V{y)9mDg!hJc73957-oM0)!}INLbK-Tu%M0dXhP<ph
zQrBNCyd6E`w?68ntUq{e|NVfxy~XQ*x2wn7UA#qjH9`Ak$vauR;Rvr%ysAgT_52}u
zSBf_e&vzbsnRtEhT>Iw8yI;I)d`YU$>k=;mC&SMBh`eF(;t}4@#H%N7p1i+`R~O;E
zC*Bx&pOCk*Gj+XmM0hJukJn2<Z`j`j@^%n!Fv80dubsUAl2<O?bcA=9cyr_}l6SFq
z>8JVU_k8in@#4hI@8{&*E?!}Tce8kX<Smi+Q}L?c+53~O*c@2t7cb-S@b8qqB5x}2
z+<T_u5$$_dyi&Y)a_@`U7hu|UGw`$KovG_(5uUxT?22n&4E1=u48bczC42r@gS>6U
z%RJrxe4Z=b9C>Nvm5Wyb&$s^`CSFco*uItIT`pcNy!DcuO!U$Eeu;SH@OoD!`kPK(
zmw1h5`rn7UL%apNXmiKswaNRXcwO*zc9Vfi*VJM03ZDtR4D$Xf-YC4S?Sv*M&ij{m
z_3#?7$ZUSsBQNW&#Cmb-Z|*Gr-x;otdc0nyej2`h%OtNT@G!K?rJ&aTIsIM5>&A=9
zZal);w;_3_N&8yh<p;K1xc*j&SNvSKe`Jx@ChhBmm*w%U6|Wzj?MK$WO~`vfydikL
z{q0flM#;-2@3-Pjz}wH$zA^Ep;kos<8F>rhWu5K!J{B(rFUp;lL*8b0rygG_;n{J+
z6*nInqaLr9DtI-hWaGCbd2#Vt;rY&A_7!gsUVY%@l6S6n1MslPWO3~~Q@p(A!`J6q
zlXr`FBk+9ldxLm|@Z5UIBkvjUrr^Ei*?*rBuMA#ou>WpH-n-)Up1UIU*JN+Q{o^h1
z`hFIEk7ho3pNrRC=l`7Vf5a<zF`SPb$=k9kb-j#7c$=agua_?J?C&P+K6`#UM7*r?
z{Oya2mxec8+<MuCyz|7XituX1Yap+XybkfY;cexakDJ7sg6E!pcPH;f@rL2;?C}Q0
z%lLV?zZH@9fq3)qyzftnS5Mwv<gIy6>ip)O@Be*r4E1<^$KbjC7L%7RUJ1N)JpJ89
zyd`+HKJ56i4|$d1mBGvOc*lsBJ{)=_<b7Yfs)+u6PrNL6uD|<}_o#S{@O;0gdr-Vm
zc-cXJ<K(?5UN<~<%(HI0{4c4u8uf}i<1#1Pt;TlUesnNxcawWl*TDq5YdziusK@JI
z6kaZle>QK2kXIsJ)dl|Ng}ud_{YBWm!^k^Byf%18dD?f1c$F`QpW8f~ylcgqgy-8Y
zuM%$(o_k(BlDuccORx8TAKp{qWxW!fHyuUZlz5d9-n-)UlXnbxvHMczcQrh>mTVYZ
z-dgJQpq}sjp)F94*FibnBzF7nakSks@kZc%%QJ5Wi&q7&3H5AURg!n9c=;Euh~cGp
zvbcU+DBd`{#$cVENZy^|4Z*{&c9O+;9paVZO>E~?k@u{4<rl4pJ)YFUasG*TgTD%2
zU!FqVq<D+)eDBA;E#CZSxK69d`%=8Ti~a9+E{a$1TKN9Z>EvyJlYR_q^7D1o5neXx
z@p@??uZFw>#Os9jg=hTs5pM!se=xsil6SUv9S#1!+pZC>_1EEXsFu8&#9N5)ejwgF
zdFPP#jCfU-_}?#nO1x_PQegn&V*5uOdGCrh3U6P}_`M}w=5NCJJ)gYK#7n!>?=6T|
zOI|&BTil<zUg8m6HtO+u8HDGK2N#idh<MHL%02y!i&uzWqErUs*FfHd;*Calb>g*>
zcPV*yi<k9n|L6a17jF{YQqaCe@?H>cHM~7M{r#zU6K{scgUiXA7H<OHCbmNd#U20t
zC|)LhX;c-wo@pX)QM@@EBsX^$E}i#p@#^qPqY~V2>-kFZHh&;>y`*2}|D4ArsK@K2
z2cA36X(n$U@e1L&Hd!-WK3VD&q29(;At<h1rEE9z?eO;oSJQSI#4CsQ|JXbG_$aEg
z@6T=$2xP$|MvQ{Gy95XjAPEtIh8jYEph0<w5H(5`hz1Q1A!^iEgQOZYRzOtLs6kOt
z(V|jI>q`StiW+RBR8d1sDb}c{Dbk89+UIx8oU?Q7<=M)8KY!fM{d{^pnLWQbbIo_I
z^ExwUW;c4yhLD<fr?8tI#qLRAR}#gpUD%bv?ggC*cHB2%M?U1MZ8^xt0cfg^29}Rc
z1kZOhes|E&UJeLeDjwoBs`hd-<HbE3S-<{k%)jGh!H)aaf`@qedZUr?G6gRWJX8M|
zE_fTk)7SU6G2V2+s|N2xRYnx)dOJt(I>1X)<=4b`)q>X;g?EMES?{{MpEBM`!D|7}
z)J|^~yfnsJ$#|~{-WKr6DWfXr{Qgq#ionz3^J>OBD0r#09;;Hr5NqDYg4fD;YZx!7
zC9=KLgQppU)jChuHNb8v8K|J`#<oPZtK7Zr_4vK)xbtAguXEbLo1|fgHSc1<+XJ3H
z&)mm&D+Dj~TJ!I>|5)(S-*e}E9$>s@1#c&KIhGr=e@_bD20U!m{yoTe?+D&e@CLfL
zaDLwwyrbahar|M%`%3Wq*LmotC&EGd_XX@o=c_HbAGqhib&Qv~F0ww>gSSoXLy_hk
z4?E7w!Nc$-R3wdSk1}44;8k94o>v|vc&+=~`}oHgZ@S>sfj8dZ-#LP}7d(C5dV=w;
z6}*?hJKeym5xl}by7Nd+GT!}ycNn~K1MhCZTMwS@=T9?UtKgN?dF*^>q^^&b1aH8H
z?)~{QjQ6SFwSrfmVTd*FBf)C{PnX}%7_avuk?ke+2J>^FIN0&_;_GzV^K*<hOz_gd
zGtK)961*bDdx7za1#fy3-W0)WV7#9*-Xg)P1@C%8`Be&DD|ijCqyF&=#=ArC4uf}&
zf!8Q_g@1DE<Cl!LQSkDA?6Kw;cuxr4Ch+ul^%CRl7QD4lc)J8I7B7ov-YbmvmEd)Q
z7c%(wh2WKfhg%`L{C>@NCq5e4{z`5%|6X`9?0EY-4BiIC+sb%j1#b&@7aRP`7QE&^
zyZ!ey#w!=R)OvIOxJd9)@N$eE?|;L1w+LPyczr#tgS!9TBzV)o%ketp_glvMh2Rx0
zH-C@xdBJPI%Qmg5{9b3g4+O6nJX8I?BY1@$yYFee$#^~2N7k=(lleZ`3p-xFiCyk{
zP`em!nBe7sXX?L$1g{jl29@96G2RTp+X9}c{}u~g2Y7lseVg&F5xm$H=Ki}>@QOZh
z+w<=k?;*h}1Mly#-)}GX30^mNxxJnC@(0G-rg&&db|`7|SSt<f?-jvI$ICXGa9kSy
z-etTl#naEl58P_L5BRg-?LFdNx4*}D$2}I=UXFridT!bqc5uhacd}s}1+M{`{QH3M
zas)5qHgo$MC3yAUxYq~!7_UU|D#7cke4vPYqHvzzb%N(ZI{Eh@<6S9uwczQxA&%y)
z5_Wa4D<uOJv|W=p?m-;46*hF-{p`4#1aA*`aT<nL^PU#Gjd%%3=i>n5{Z8;YqVV1j
zye*9P7sfjzcn84CGWhqo;B5y_kGoxrck1Jj?JD(l^L5Edu%o=^>tp@X<$cO{g@Tt4
zUXI=eu`a)}1TPOfJ#HLiym^9G1D<9OR_i;2T`lZ}8jjm2j=KTJ)#vjs*>Rs1y!GH6
zZ{R&Hct^oYg&no4zcSuig0}@cveQB5<8{GH!OLix_Z8zE6})!v$~6qJ=6x-A8Q`^H
zJNfrF#yj<i$aav4n;uj7odi2#=VPI81iT`|#QU1@&JesZ@J#LCbivF2)~%0k7;nDd
ztpx91wg=9K&hI6Hw+6hO7{|%Ke==U9<lSNJM=J!c>|d^b-!k4N!P^erAcKET3*IL1
zbie!;<9#4_2f;hpa6WoR@D759S1#=QdU`o^MdMQZ2B&`Y7#e@4$0{@U7Xv$9za^gd
z@bARLFy2_j>!BD6z`Mr4%ND#!Z+!SUL>%Ll3;#O6GmYaH3EqI1`0)4Mdoteb!oM7x
z%uW8?EO=?Lu7AB4?<L{iM(|Ajy(oBl!HZY*k-&JL3;$wQneWfL1g|qL-tOnrp8GJ~
z$xlZ1-#qY4^Oz^Vj@NH~50`fw<4q8}>L|QC!E0f>B*wc`@YaKeDgAKJ{Wm0dR?qnG
zyz=pkw@UB|SDSfFf_H%NPGG!W3ElzlOy&1;!P^<{mfwkt_h-RNz03UnSN|w@>Al?k
zb`s+y;h`{ff8F0UfoB?De6Zv7o7X!&Jihd2yzzp!7d+E-M6Te~f>#bdsQsP7c;$lU
zTjR0Dg=^RGiB>NXyuIM9RJ_v|uR-vNz{@c3ZWO%Ag!u6JJivGx1+NCY6$aiDg7-3b
z-O9g#jQ2aiI|5#sf%k^sZS=YIF^KWL61)L-n|WUdUKisHVZ4)`j%+Xa;Qc}m{_s=x
zw-ng%_L9~o-b#;i>USvPouzmhapYd}d%0%_UU71Kc>ZrV<6S2F^RG3(M>bFJwu7gi
zyNqDGTLdo;JkxWRn*{GLcvNrHo<}j>lY&<Qp6R{0^@5jryxab=7;n4aHGp@Dp}qWC
z@T$Pm`5n!8e-ga)QFtAK*UWgQGoEK-WP8~T-f)9|M+L8q@y0S<Q1H6JGd*WI1$Mms
z9R*L<$2i8DAb9cjnZJLYCwTsp`0#z%nT$7I@KV4twU<i-F9SU7-+0EW7rcxpyz2#T
zI^&(ic+G-W7=?GQ;MFkR1jc()@XEk5)yEFOTg!M88Sfv0R}+QzH^F<E@g_0ekY^&>
zUsDub5O%!1bTZx)#+xH}>%lYKzs(f9*c0Nz_ghmLuTk)}fM;qiD+F%<c)Gou!+1{#
zUORY{FCDc0y|CK@I}Fd^pzYog$IZuaeXyc&?Ob-;e+phl6yDzjubA<sGu~;>M%LQ_
z@aVWYX#Y-z9qD|vp_K7vGG3A3b%S@gh9TCxiGsHPyk=~t{FX4@0>LZ0-~4}^<_aEt
z>Eo#4&1Sp?!P^PmO9uaL6uhJ0?NRpurHuEu;59se-<_rlJr#6**9l%bzC_Z2lQHG@
zLdN^8;N?7M?&sSCZ)1PAot81)CxTZDUYd3evG(tP;I)IN?`tn%yc2#F*<Px_yUV~!
zgdMT-)ixi#l%nsW${8<D@M0e_zn42!@KR23uVd#i-dw@U0k7EL--Uu#10HVG?D|;1
zc*_N^9z4@?-8#V=aB6&bKI~G)TQ7L6;ORObH?`g)?6$+sG+zBq9Jdk2O;h<;$d2pT
z6j^T_;4Pv9s-Ta1RPZ)}r_1FE#!DBx;)l)kHV}5i&R54NIn8ZXix}@*!K(vrs@jJl
z?cY?vTM1qpwo^Y^!g$q!w-Y>cw{XzB`-NQ_?9L8bxyQX*9JdT#Vp<71I_^?-+*buJ
zwZ&X-zZATK;H4>E4dZ<xc$ran2LvxM;PS3!yp-o6+d)wj-f^(w^_IhUwTw4b@XEpK
zXDGjH!7Bw%&x>Bic=H6W7Ch5+&c%XP&HSrlygLPNWt9BhCU|QY@5hX{MesI6;k_Vu
zTNtmN@jev1)+oI91+RngZeqNi&qvnp-Y7gT?0EfJLASj$FkYtMb%SS`2OchXY2X#9
z_Ixwrl?YziI`g=3p5Rr1SFU)CjCZZzm4J7fq5aheUK@CO74J62dqnU$!CPkFJt%nV
z2fE`>6XU%ucqNaR$Aj&HSDoh8$4?pWbHS^M!s`;eHH^2C@seJMY%dK_cs|(i_OgZX
zRx{pNg4Y~{cZT3~Fy0!*yHfBrgJ+sIs}ekGkbB>K592*3cpczn8|rth;AMhWuG-65
z#@iuyiI1A+;kF9iO7Qe^tNR(ROYjQ8Lsf<Y)d7V+3*G_n^40ZZGvg(1cIsE3`;LHj
zz;J!q2X?%E)6(OujcOk0A;$ZW;^}$Jj>pXJ362xI_7U!RzlHHC1<!iiW1-81gU;`K
z!Smrup(QcS`S%gVyF>AGe%C+YvDSoXP9ABsQSi#M;=}(3W<BF=Ry>{G+zsab`!m5C
zFxu_Ek2Bt0!J7`=uMPhFUhwk4)7Lp081HMrOMKGYKMo0=FUPHqrx>r_&m+f!T=2#i
z{7ZrzZ!blRw~_J23SKpMrt8>j!D|374acSHt7jQ+zTh=R;awtl8yIgB<J~TJE#Tph
z;h@{!&4Skk9^EICf6p`C3xc;Pihs`v-d^V4X2yG0@ODPw?H0VFjQ1krd0vdH-_9t!
zqk`u@-K~!;j5l2Hjzr-Nh8=G&g^c$r#w!uL#HY;d<vhWwWW1Ld?*_q3kHV`Jye7tb
zmGPPdFFy+JUcuYMc&&{0n&6d2;k_z&dl+vU<NaCis=+%U+?w6-?~j6agz>gB-gko6
z7{$MD1aH6?x4rCOyi<P>+5TFh@J@mqZ!h_bx0CVm1#e3f-kE~8fbrg7ym^Ax9))+Y
z;59N{8{^#|cwOL`>Z4ZhHZtB@jJIC!tf$TW<6*&TXS{aCYZtuKD7-fX?=a)-X1u=%
zUS<?tx8S9Yb=%7x#yfdSWP2%!!aD(WyuIWx-aCw!CwS%H>1ze*CVIRt6Lt$=N8`N?
z+HQ_GZaI#t&kOId<1QDx>L~fB6TB*xj}I7cz2G%Q;XN#PD;aMe<Lwl@mMFZ}1aC9r
zeaLv-g103K?=!*M%Xoicypw(z*$&#H@KRvM+rd%B`!nMe30_we-bBIk<Hs-3&<N<f
z{}JQW3ZAvm+%K02ULoUs%y{<+UTPHH8o{e%yiXYK6~W7l!rLNvO^o*$;~fyZqA0u%
z1#c7Mea?72e-&B3<xzNE*zx+^!+2jZUWVY+g6G$r7qRZYLj>;#czWLAuZ(w|;H?Gk
z4a0rP*@Blp4)dq#KIJRMyI$}XJZt{`(ba<2g&#LbRqgL@jJHAXYQY<8$nT?qXN`C7
zYrkf^cLZ+}czq4Lw*{{pJU#w>!+1vpuNAyR1Mh3Wt75!=GF}i5ZK(M5eOWtrrt9`o
zV8`1_E#rO5c=H6W6TI^c{#`714d6Avj>dz3G2U{)%l(;|S0{M!KXQ4V-j457o-Km6
z61?jT{yiXgP2jaE|6&;Lw}R)xLn{++o8T3n<?`Yf?+d|e1h3KH-zS3S!;j&lpdzXK
zdNN+p%aQe)_?*Xj)4=n=j@Pe$LcE1n6>MHF#>)}B4)9FZVWR|ZOMyGyCotZHf_E6a
z6Ak{IFL)h{*N5?H1<&`qnYT>vtck9F$1&bRf|mx~P=kN>30@j_di+abyf+1JI(XO|
z4thM@A$V2b>G9xr#`{R{%D_tt)7<g7Q}Ak8eotV$qk>ltp6R;o)K?<gRYMfJd|}rZ
z#jZlwHNj4o1!YI;Mq#%ScBb-M0Xy0!pLRxQX64tP<@ag9YX;9$evb>@2JrI0rT%sb
z<Lwr_)+oGPf_H%NPGh{k3*G_nOyl!k1<zmTwwD0o4R|%O-VTG;-!38NLznZ3u;b;I
z0iMq9K*k#<c!@8VuMctruM#}nKL#=0MS_<Jo@qRoEqI&2qk5zI7{Yiz7QCV;{#`40
zdzgPi8Sj3<s{}8@P=0p{-hfH&bL`=a_bb6$1Kzy`-p>WE5xhz@K969$y@Hpq+5EoG
z?**@WvU@!=it)Y`ynOJcvH?N2mm`7~KPBF($407;EXM1HNm_or(e$FnI@gfjB-rux
z*LaRQZ#$atMhjjCcywK-gZ6Kv;FT1+&oxeGycvRb7(CPYtyu6Hz)QnHDZgVGuUhbY
zzcBNz5WEeHH;(b{6udO>rs>Qg*7?0n@Y=w`)V1y3nT+?8;MIWl69ext!K<GZZ{a7e
zZQgjs+b(!V!Mo4E`?cV8oEuO7g3#uj#dseH-r6l5>kb32Q}8mTyZvJV<HfW_w!idW
zdaNA=-gknxW=4GY_YWpA-f4o@4PF*Ca20fYoZK4Op8d1XUex`}B*q&DJKjIiUNS!y
z$`QQ6+3xr}h4C&Fydv-}v)rKlJ74hX!P@{cYR^*{uLgG9zfDniO9U@{j>|iT@qQ|J
zsV{r1TX0+*w12m@MwVYYcx^Bu|E4kCM%Z!xTB7it5WMD6mv<iHy&-t%ub9WH-w0mi
z1@86z495FZ@M^)!vD~2Z`;p+K<Hzl)U`F|!#dy89M&@^86kZ(ch@Fpx!WzaqpYetY
zUMF~_``<Ldvo3P|o5Ofh1TXbf^Lt+ff>#Az1N@}?Uch(@1g{jlVmn99hc3Ulg4YdR
zv*KOEc*_NEJ$Q2rygI>a!jA*CDc;45_kiFX1+Uz|yGQU!FLvMSo6C4x1h4GZ=HGvL
zLGa2ii4Xt2Xo&ItAb6eN`3?TH3ts(P_j+wU;~f$_s}=v3+v5UteS9u>JHczgbp+LK
z1>^PE7TKN)x8glj11}zSyggUWbKe8KjPXVZ-llEl|8F`>@Cqy3_Og)irVHLd@XmCz
z8$SP@BY2&RcLn1u7QFP=Jl5w1-a^5vyENV^_B!Rai1BV0ywvR;>pBDPX2IK886W<?
z*Gm}hF~M5{-aG@ZMeq(UbgwtAWV}|vI|82R`tK#d+i<zdTgG@F3SQA~%)ig@zTlNz
z;qtCxyzc~W4S0S-e!mgC#45LcT*G+%UyE$do58!w!0QJ)-kwXrt3kV`{&6ki<qBTW
z4)gDqj267MMeciA*E8Pvg0}&@a)W=<1#kUgmv;l>Efu`@-+HW>2HqmUt6SopFK=YL
zRf1OrUdX^}61+V8IAu5NsQi{Q-qV8D3f?XQ?{UG)xH8^K^g6s1jJHehR_^pzvkknR
zf|s|<&F@bb@1WpyfoHlO{8;dgf~VWdEsWP|du02of8Bh)9}7F){;IEXuP1M1ydi?u
z4Bik!euILy5j=hUay#Qq5xni-A#344K2azTywt1Xt%It6+`)JY1+Nhg7jAbD_NV48
z5WLu0xBTv8yq^eO%9|bwU;PRP&8ru@+H2kSpjI(ni{Q0_N9Ce}<~<;IIoG@W?JmaK
zA$S>W=J9H);Q8?5o_hY}ZpQmW@QT4BI~`(`I3Rc>;OYCzdl@h8H<9gc4R{x87-G${
zU`IM%ZHvFb?Z5Xi-eAEy44&!wIUsmPz|-yT0mhpmc<H-venY#`LHk!Acnf}v`GXi|
zJa~}t771R{TjuZARtnyl<?i>pA7;E&f|vL^kM%q49AfQXli=0f6d(S*hjom%MesVo
zyVk&aLGbb$-0R&(8Lva|%G%ApNAa%U`F`SFzdXixF}NA0;@8ik%HB5T_dCHWy(Qi{
zqQ-+K7;l*1W$gA?&lvJM2zI>vO~2JGzb6^*T*2!AuQ$#MI_UbCDtM{4V?4k{Iv+jF
zc#8zDYma%pvr_Q(-09BOJ;Qjn3ZC@`^ZBDe@D75PqRQ`QjQ5n_tp)EkL;rY8@T^rB
z4^;nnj`4O1UfR1J`icE;(B=1<;B8*x`u76keI|IV;Ng|taL~NJ2;R=S-TM7G<0btz
zvi;TU^;mxl)7<{%gB`K+)wY%Q#)p4@?H7zUO7KeFGtU<f6TI#Bx#ROM8E?Aa)q{tr
z|8UUxJxB0-_q+F(FEL(~;N`z>zP`Uq@KPRduU}qayw!rY9=wHN@7(gcL-6*1r{|k~
z&3Ib`FYyEOeD({1SJ&+JkFAXNf#9Wq_mIKAcLZ+@c=~$sHOBMqjBGF4!CPkFeJgkk
z54!UkzhS(Af|uKY_H5{Hr^1f6zxanxeyYFymhtih@8CZ3{py*5w`rYw{r5WKl?z__
zAI<ZL7YW`$@O1gT$#^#k-b(QB6`gR<?fE*v>v#mu7u0yQi}4;5yuuI7*QaX*uWY^B
z-+sq<uLxchc$323x$Sw2;H?KwUk|;_cn1V;GkB)=BR&+o(#PEEm)|p9uh%2npRdz=
z{TB;6-d?tYSA=}f`REUfH&XC2qVR?ap6_v&_b%hj7QABc3Jv8qL-0z#)AM!jG2T^z
zw-P*4eN+oxH{*T4cxwf3FL)IO|LzjJrYGF-Y9HghD0umQGS|m*f|s+wEx!*L?_I$w
z2XB$VzukgY2cABk|B3PbE_m(Wl^S?|6}**Cy7wP{X1w4Vk?k*izxjIi6xi|hSNW7X
zKlu^koh^79!5d`oZ<63OKJAv@$BcKm;OznLcmuCO@Y=!C?}vTDcuj)W1>P#d_1`Um
z*9Bf)52wF<#&|CYUfoCL@A17TcxlhO@0)$jcpnMg#wff_!E0c=FBz{lUKXO$4_voH
z2Y4%#rbv&^aj@g{djPy#H9r59@p1&O{4eJGjuN~9o8A0=#dvcCZzXtsgMSwaULAOP
z{QDc@tq{CT;2lQ=pn}ftj|Fc#c=~q;zGl3q1h4gD^Z$i<Oz>KM;rjOt<Lwr_PVnX!
z{M#jXUEmEsJEigdpNw}z@Nz%#SdZ$=BG&o+O7LQT6>qIq_4_U3orH%X<W9J~fcLe5
zmjXN9UN*cGZ>>@O{fqGm1aHr$9_u0lZ@l2;z3P6i+>_uO%ZL5u30~%B=JDlX!D|Cg
zx0e{kTOoL*;GJsl@5h3d@@tnD$9T^OUM+a547?43R|Z}y?5KWwGTsM*=R0WbZ|?}+
zfL6D^^<umpyCUm154`IQ{&`@>>$eU(ef^ifcq0@~520JYt2Xe`1+QwW`@TRQ#+xnt
zOaI(M|MEE;bbFp5crR~r&zHwBUY+2zf`?1_aL~MK1h4%y_kDpR#(O~U8ow~lC*C7?
zWxsLfCy!^mUkP5$mmaGw?48?xe=d0KJKXX+f$`oKyiMReY2f`q@ccX7@%}`{OL{A^
zy_9u(tg{T`l@E5jy_CN0eh>E~#>*1C=D&LE=fv7YT^|{OxAskU{;EIY%@92QA@lrX
zvEVIebNkyVjJH(q>cKOOSBnHMZI}ByJEt+;D#7aj&(z<V1keAL`#dkec+U%7=~w3a
z)n^2+_;;><0~zma!D|CAMOOx5T_0_NSJduaUkzfs&jqg&yk8i2U4mB*UXwZ>4Pm_F
zF<HvbM{5sztQ!oxzOdu%@8H{Rdl|}jX9`~G-|#-1p*@cgye+%k_kD&l-UWiU;P2+=
z`z3<c@dwwx5sdc}!RrEVpdr8Yg16xv_kMpA<82f?-`D2fg?K{n4uDsv>LZKs-W9yH
z;Egr-w_EVi_qy{XqZ#iT!D|Q4H2xhHyp7=L_svdcyp!7_+e<Mfl^-$G?+LKu?d9lu
zm|sHzoqxwN-kE~e{f)=kV#x0p!HfN)+n&cU-X(&!;UDJr>n;$yl^?qITW2!fje=MB
zPh1Zf@_U`&ZR&KNhmL2w4T4v7)O`K&sNl8kckeIHV!YP{&-xbcGZ_5aE_iGI>|Re!
zV7zX@tNYGlJ#MIv&jc^yFYfz}6B#e%?a20$_Am4O$8oUZ?WOT!_xf)V;}r;AA$X?y
z%khHO4xYZhoWgk3g16V>HU1v$6@usc!kurL%6O{;FU9LMzJK2&c(vg9P|nmp&SAVw
zg69WsfT2E~7Q6=VG8Jzc<Lwc=Jn#+~c)t_8&EV<hN9Qr#H-eWL<F!68@D2;!#_o6v
zQ%QDyXE5F=yCd6+FV<^qHSkhl$J<NOA@}<@vl#Cz!D|QaK12UFL-5iLyU%CNXS{iW
zSJlI74UTsmB%df;EO>jr#`Om3mg;v7<J}~9Yx;VP|G(@8!HbRS6@DM-0>*n>@KTR6
z^VSJoW)GKl5#zlnc+KFMu3vTtUKxI5UC$3)%y^#)-X`!&@B4ftcs1aasrE9L@s9g_
zWP2&ZODLxH(i?WXy|l;o3V(kq#CSP^7oX&{b{N{rD8Z}j-OFlK&ll!1-b}%3Pd1m|
zG{H;n>y}>y<JAb>0q~wN__svx^1*9U{$0j+_Xysa6tD67m#YNNm)t8nUM*z2R>4~j
zUQee>*q^$8yd-$3jCTd&{YCILf`{pkaL~Lz30@lGEn>W0dm`J*mMHm+g&l7%nT)rD
z@iGK&XO#R75xhLcyOQyy3toGa{GKCtMU1zM@vaoSjwt!961)<|yNdBv3*Nyf`MpE%
z${Ft(#@ixzhoj{81;MLgylWZn1HrRSFt_J-1h1Cyu4laO1TPUhQ+xhK@EREJ2F4rq
zhsgGq3ZAJw4}u+Ue=8a9M#h^Zcxh4cd#>O$Gv0E>s}sDODEYlc@HQ~s3dU;@yu2v9
z2Lx|3<Nbv3UKhN=DCM_Z@LCz~7RLKj@TNy8zmEj3jqz?}yo7fm>$f~getW=<*Y94&
zyPff}1g|nmelrB`0OQ@kcqM{Y6D7ar30^nj-N|^@2wp>!{4N!|ql~wT@$MJArYQNn
zTkzuXPe1ha^IeShE5TbECBHuxycEW}oAKTkybV$E`v<}EGv2+7_pRV<ijv<Wf|tQ~
z_c7in??$%2m!sr26?VM+<ucv_j5l8J+Q1tXKKnWhTFn)_Lh#CwPS?8+GTvOlI|?4%
zr|3XFQMgd>)-&G2j8`vs8U4K01rEag)V%8jFE*uD_;+>JG2S}CYXonOf!8c}Yrw08
z9p(2?#%mM2PVind@O~?JKK#>}&5HLJ<9#l8Yfm)SN0;EWf>*A1PcYsIdn4P+PVlk}
z{w2bWw-<lEUg7UMKgoD`f_D_WOAWlSf>#EfexKoK##<zK3sSuniZC2>{Z<Oz5%AL0
z^Rj0cZ;j$<MBT|=YkQdHw&yzq&yRnyqrXq`Gsb&G_?O?`Yy2I}ErM5tf3kBF$EEi2
z9OHc^c!$Be)^L6Q7s0C>&@23Xp%)mh&wG*eTYZZ8{v#fCynf^HPj*t3e?Mou48dyv
z?~tMVh6tV?JbcyA&hIZ6?;OFaJ=JSHVc<;`ybgb_@O<_!8E?Me`A;+RE)l%Spv!xS
z@oo^jo#5SN@UK?z4&$Ey>Hhl)<2@{RWqz++?i#7v^LAlZ4!bgKgjn1CS{!#nTCebX
z+^y`m`vvc1@CF)q`vfm#klW9<F`o5)WV`AF&-5JUpMp0XJY6o^8SgZ~%L{ldzrnwg
zVaMBP?BHJE=gvDAZ@l1@fp?;Tmn(S1;HANi`sGf>D-*mL@J=xB<_KOj<GsOn*9%?~
zctZ`ms|9Zj<Fzr~!-BU3yfY2F`vq?ccqJ;oZ!z93!8;7zmj>QW!SfAq=aJeO@37z<
z2zrh00emTVx#@2G?q<AGFv&>6qJEDecA&Yvq{5E3mwLwA!+28!FD(kMK=5`l-aCwU
zso)iYH{MWwA;C+;KhvsG^|6=nRtsJOco!IWcL-h`cq<j}ea71&c%9&x`o{}`=Nsns
zj}FHBK=6)$XL`@$9l^^4PtQ~Tk?~?WBI`Fb&CL5w@X8sllktWKUM_g1{03pi+sjIp
z-~Ehtw%|<%&u^%YNrJZ-JpG=`0mfS>c-7#IFz^-#-cj)KRQ>*i@op8omMH!;2wpD!
z`I`2xi}5xHUMqN}_YNNwyn68Rlz*Qx-cG^m0?$+*uL<7E;OX)CAmbenJZq5G_#W+t
zg4YRNgYxeS#*5n*+5QT_Gu4L$JKkOvWVqMa-HaCyyc+P%G1Tt>!P^dAv-0l{<4q8}
zR`3=YczJ?Xj(>)SOGo?sc9`)h1TSN-*Z3Z2x!~oFbgvWt&Ug)imk%C(G9(<R%qZL_
zc+<hFRM&||81D(evxa!B&m4sPsd<kG-j-4Bb>}}A?@hrw2;LP2-VVX5!9VM(g&kcV
z9A&&O1g{h~AEx&FiQpXsFHP~jW4yljQVl=9RfA``F75?8-u@D^dxhWorwI|-M)M-M
zf|okfYdwr~9d!AP7QB_CdxhTv@G{=Tg0}^{91TOPd8LBand4q>#4=u!;2i|d)Shn<
zyqweB{?UW+o)Wy$VP5N1gMW_+UORaDz3_O(`>o)m4)+@WpTjo6J21u_|9Ugt$AVW3
z-Y$cG`vuQG)_o4<W4xFTBiqY>46k*Mf%l!@)#dgI{|-i9#v3Gfo53^vZjT>!y!|!f
zpE0(m`|d=>J6rI&MwqWpCkb9&o?Cv&jJHhi(nfl%Vboz%(Cu%r;MIbs-}6mjygLPN
z`Y5mUJ3KGbLGx}Cyfr_<yg-~Y9`s|pp9!9SwAb3BVTd*FDZ%TU=+<v4<Lwf>!{9A4
z@OBDb-lSgE2H4Sfbu#09A$SXN%<~MN2;Kqkx>WrRV7!FR$oAKHI<8NTa~;(A?EyQ|
z`D#;J5w3Rwj(?{z-cZ=_@h@+Z`TjBucAS@cxqCkMGu~9eTMOO;$_I+He}%B)yqCfA
z!x1XKAmdfRj{BE0*-N*?;h=e!bw=_!u5jlW(irc4*l}Ls6g+351Qj&z?#@VFCH}dY
zp643OcspRnd8tKSYq){8Rq$3W>18#l`b}rNzX@L9RIi0c<KdwF>lVD!r8xg$BbDDU
z#!LEBq<^L7c&&9|np+<}*bzHlZQFCTdw-e1czJ?%6uj{U-dMr2@K46{{qIP|yIk<{
zF!^U1Pb&nk1U!BI$Yi`#g0}}e+){^wF25$htGu?CwO!RmHsd`nct_4f{|(dJ@_R<`
zGU|GT-!so)yx$34&3Rtq?^e7acmr;5@88BS-Zz5R3|^kWzr%u83|<=SsJ-MeUh4kH
z_OcheRR-Siu;cBe8oV~eJA?6Z1+Qwl*ZBWuMhjlvkKOD0JjN>(y!GJSVeoI3;5CD%
z-)s31<JAaW&J3^hl!3QI@Q&QrEBrer`HXj`;B|tx+Q7R_@T!)(?WKV6o)Wy8nO<vx
zf%ll;mEGi)Um@eQ3Emd)ZZPnED|j!1*9JRkFOwPXOTo*XWxhWBRPY*CxZ^<)<MsY?
zWc#ZEPxo1JQ|n>Et{QfDbQccVZV>EvJMF-6_5Aob?6@-ouc*Y#D;B)9Kj{_z{?RnX
zyGHQ*=X<TuVej00EET-GTikj(kMY(BUI}=naraKaYX(oxOU+=smjrJOc&8Zrdr|N*
z8r^YY7UR7yc$>k?Ht_x+c+<ht^C0IlUXKHj?Vt<1fd-xjcD#Pqf=A;YwbMC_mo9j|
z+2(n!fr7UOJUwrA0praOybSP6_o2mt7kjH)eit#`Rf1O-g;y<j>5O+V<J~8CW#F0G
z%NoHe22YpYT*iAv@S4Fh%}Z?&yhg?gG2Q{e+YVlVp?*IUyzPuPpYePjMYfmtIbQ2W
z23}9t#UedlZ@bOSZw2Fx5xgSsO!>_cygbIcjPYg*UUd}S48f~qyoHQ+wcxD<Z=%i<
zV#*_hD+O;ecnwIW{&5B4-7k0@;F;#V?-sn=+ueEeMU3}L!OJbhb+PS{^P&CQEO_g|
z)7Obh7;m58EdcLM18=Y39RaUf<@ZX)v;Gp<UJipd!s7z9fBzJ`t|s^Vv5fK31TXDE
zuZ2slaL~NdU`IM%ZCU@*Ug7U2U&VMc1TX#~ukrtD6boL*o$fs0HH>$I;H82W414Fc
zms-I)44xhju4TLy!OH{hA_MOM!OL9fp5Lx#ylsNF7Ch5+=PQD@5<FeMH!$AEf|pT-
z`zS;G?ialJRqnjSjf{7~$C2$N|6;H4_v#a2$LqKGF1J3GGhUY9m4P?dP<|PLw;8-N
z*irvo!FXkY*8twRhWySEyuIMnc^%$Q7_UL__FQ5<zuhQ!CHJ`g-NJYq1@9nu;|%$I
zLhx$A)7J;LGG4pjrO!3{_om>rGXHL8yrY7b58eoae_spU0q}JHxP$T1x+2?4HFz@(
zywhOE+l&8Rci#I>#+xj7+rcySw+Vu`7Ce3Zw~Fx=37)^)Yn@^6uTt>R*Sh2VU5xir
z!7BsLRKK?h-Wu@q_0`>s_pIQp1@AJnQyr+xC_E{6+rit3jnqHxWxRI;&zf&OpT8}5
zO%J;DdmrO{CwS@LQNPqd`}d9D?PR<M7%%OU$o5hU9=^&G4w`ow>`3RUEwK+Fzv$<b
z-v=45MDY9zP#=cz;5@-=d)WQH#>0$PD|lrU=KIEFg12Cu`~KBB#=BSWI=~wn&aHbs
zS}l0xkGTEgQO0{o@KP?typMtRqTuZXPq)9v7_U?Dbd$>kFVVm|D(s42S7)&MS{yh2
zQFs1e13PZYr%pSFQH<?Tj++L%c-UyWJ+RYlgm%?B_ZaQYIYzrn40e7xpbGl9iwt%t
z+6b|>t25Z?ZDg+XPmj^=LD*3<*Y!r_LiMYI=KWIG#bR*j)`baUZMPYAr1KS^4*yJg
zBc2~pe|v$|+it--e7V<tuTSk3<{cGwzAMb{GmQK!G9MYROV%*N+P|5?E+2MD2D__-
zT}c$XwZg6vc6|-JEyAuAb|{i?(EhzE>>6Qb%Ev#2T{G-V?Imz9vRpPrv6~|7wnwpB
zB<%LWj^4-ALFeOMVb={i(|GVpVP{o&E%taOTyO6SyF}QT%H=y@mj=6j+BwA9zrmkJ
zmP;P&O#T%KyW%MREfjWTushyx+@A`&YS{HL*gXR~K3>(sPWw*gTEC)rx+_MrdrR;d
zz+<PkFz=7YX!n&mt{yjtmu|?%7qBB=^VPQWP44~7E}ydvk(Ka8WPUeB@vr|e+6_NO
zyR(kb?mXD>agzKq)$gUkt`&Bs_I!h|Yloew{oN<*I$>9-%90}84%WbqmvbY^*$;<l
z+<k|Y^K*h%w8%XE?Gkonu<O>9&5pZM9CyQWy~4kz`W`#(C$Qt~xwzWgo{t*rXg?iv
zeiOcotPkS#)JBN4UAnL<fn9>ZZmO^=hn?xTmkGPdD93FOcGa+>cCLf=?{Q&Q2fM!7
z2(h+%L)bM%;T;rqYoqWIyCchQLlj=Nu-gnfQ~AvjcCAr(R|&f|*!3{vca^Z)6UFWs
zVb=jWQ@y<@><+*#&T!nn2)l!@GqtPuzebkdVc7W%ycpO~9p<ZT9WS`|`=7J^aU$$^
z|46yg+&_jG>@p3<%{AERwnXMypJT9FsZS=%?qY+TW^mrpW3;>F810&m(eAlpwA*ov
zb{`z0UH38C#T`1f`aKPH{5(VLU^*4B3cAcsh8^jAy<xLE&v2Brt88)H1yS17#ACEO
zU-_ro9P!T7J|HIFX}JV;yx%+wyIf&MtJR99H@yqHdiG$5SQM^+9nWtS@|!=<Ilp;v
zj-zcfzTO~sb8f}^O%0mj_(r^1!Q1$5FWZjJm$8hO1Y6b}tl@oQt(&p04w_6cJ3ZpN
zBym>vGpKX0Uc~@M{v~4Rg@yChKO1LVQHDenG;i7Bg_mAhv2^5;QGPpQot`sxbk6DH
zva<aCtjtXQIc7|b-#=#D7{}0G-uuQ$#gjcAO`<$sV%Ld22K{~#Igw*0q{AmTIA!9*
zGyLiEmo8bhtY*oQsuAZ-@w+RFFB_3HGCO-@=7@1wBQDEYFm}x8Ik`jqr;kLEUF?3K
zh+0}xv3OZ%?$pJXF0sy^HEHgIf?4MkpI<U*Zt>KTNi!!D&l;cEdqTm~@malLJaXB!
zi)upi5Z5eq;!3S*Dr#%2kqbgKA#3EkWy`FQ^Or1IRIwOowe}H4E~F#;K!}ORHD#IC
z5Uul?pmnMxH^fAoA>8z6sy{YRA?Wj&Q@*aXu91MU(?^eHHw1S4oDj_}L-BN<Bs)`|
zJRRx0Pf`Jz`lM|0Pr$AKiw-&;6!Q{2i1l(T<TI5)v^HOi9W?`HVLg9oRk*!VWByN@
z|4*C$|GmvGnZK->H~Rmy`Tw-}|KHnuP1Q2q<bQCSA3Y`~%elJw;cJ`Lr8uFmYnx3G
z|22rtHvb9#DS_{o0H4F=TV-F=+xR^hrIqUqDy|mm^<rJGuGK=so5i|b_4U{hYh8ZR
z<u$8&T9;q7w5L^lZRXM<tN*2A$8`1SwyfsgX9w>a7n>ctzyGY6^X?y)QV_g<?B>Bp
z>_0kt-hF+#vx5)N=4RU5Oq-j>ZtjUh+WbJD?&PhTyrJW_g_3uNlJ<uZzxnIXD|f|A
z4P215aK^QvV2dBuZLOB|tv4+F`~AUnsZR1fuP@mbJ3h8Mdqrp3U711ul-1rT4-Rj-
zvuVi)`Z0d&+4R$<#UuJUy5AkA^xJpJh(69*@MkM_TxA6VDT9;a1{b8>jNg-tyCBIo
zX5sRiW32%NLz8@yE?ADAyvyjZFv&M>=<?j85k6<np&q6uG!>M3`k#M+r_z&f>B3b7
zfqvP66ZA25d1rf*OS6gsxy#+8w%tXc+!^g7RNi)Z+uFL%^0W1RdA%p+TGNip4Y)ha
z-qyP)lpTm;X0wxf!w;1k9O;o>>8t!dYNaB%I5u<UipmM)X)A`r4akTY(Zg|knm0G8
z^vcSt%juU}Q8<(P&`~0i(zE^%9GWGLeN$|NE6K6_znC0j`Qk3fx?uS?fg?$uBz+!N
z>ACDxZ;##oIuhtg!f%FC)B_j)c8rNHJH|L^$2dC0+IKjpYAYkAbEGPk>~*PnJFCrb
zT{b_Xw~p}jz=c0*b28l<P;6NveBQwE+XBhE14;V>iAVmLymdMn>*|*Fl}WAM(CBTU
z?A@WP{h`c5p;5um@a)jwg3!>Jp&|1^!<L59`VaC4CImx+g6pj8z@V|udv9K7%?zAA
zeNO$%P<pVXehyMDwSq03^8$k}gRZb(=@h7c8yct5`_N`Pon&ghN`9`IY-{$4cGYB0
z@Fm+#I5V>bt=R9cnR1tRO7gg-rlu<0;+pPgTBP&a^s|0<THT}k4!U38<bIbV>lTjO
z-&|xB1P1%UMT(W|7Ast=1%W}?fuWik3=HvS#?A~3$~?VwTHL(A&@;y9!xRM4vIE0{
zTN9n*6a-Gs4&=<-nm8|zrkhVNFm`AlJ1}Nkk}r9vXK5gP-qu90runi1gLRDtLup4>
z&kT&cATTd51|2EL4f~Lx>YOm_@OEC}?>^6u)L?+Vq(lAJEd#d%!oB<Dk>T9~X+3(Q
z_Umqrr%!5nc1&}wD3u;)dUgyd`h1!<FnU`cdv_pfe<1TvU=&)${Yf;Op^dcKZDiE8
z(8%4P5&J_KheE^Q+vhRg#?A~4+SM}{$nLidpIO7+MO%3H`8XVH$3SaZ&+$E2VP$0p
zGErD>sE+1K&JK)ze4@wa^=H=142&-L%@Lp1cS8Q46&SSo%|v604TeT%2TmUsm>I~q
zASoCaJ=AkUA61^mjqeMWo$}~`2_3S_BD(<G7@CAbWrxs02X+3)AGY%bMr{j>+#MLP
zKag=KFdW%(GPt^BrJcWl+d{$Jp}_u-|4`_(U??>^bkgU@;K|?i+`ZMG;cG4Smyhx5
zwtzK^P{FPFjt^)xLuUj7gNIHC1_lky!ZC*iioHXV-t+k04O#Hy<Y|4g11ALoYMAy0
z25t)kcLxId1O7vS)8NAYd%h%Z?d)~s>!Dq-zSyarsYwOFM^8K)pEyDFvhlujn%`>0
zZxZLF(`$-Q@mKB)C2#ek)g*82?v*ujw`XQt%HT<HgDVmy$6Aif4*Q`ejBlpaH!D6X
zd21q_^I%`F+fxvmGPp2q@PZ$*U)|DT*V&M5p~1UDgZ78g4uuAO?#&LJ65Q?C=1pnM
zP;Lf819Z>+);r!eLixPUJG&tE;^PWhHl2MgPwfcK3=Ak}>5fco`@A4<%6MO5KtcC0
z(uh9Zz>sZ$!Mg*4_6O1q1qQ-3U6-3|ABS%X4ci?Wx<8bDC^RG(>Yp776ogLN7dJ1I
z3TK1fl)(jYgXi_W`Bt1_;Vw>088O+R0s8|3I(N0cSzHi0G1zuOc1th6zr-oR?6z|<
z#{`Crrrf^vk6`Fzw5<0BCIq+Pee}SIt=n5$yGw#C*K`M4u}lA;Kcn71I1mh-+Df0N
zZEMR<%<{L6ps(zr8nU;>wr8mND~=5Y`e$#ecDBsE>7-ywcXpuvuz|slzaTKc7vpRw
z2%P+Q$}r!a>_95)mGSfaf`OA;3X%%8e`PmxmEJUOa*5?be$WAYF~L9}jA+@DbSRXv
zqY!=fH0<i6f9uT-oElyWhWh#X_84p-WCv38xaJ>~h%-Vkbb?50t?_MpH;9oo_5Fbb
z_-S4m=TII~p6L_ZMLrFq)XA8mj?HeV4+c(fj#&3q>uZ^<tu?K|L|mxkkIuw7C-W?S
zW-u{t*~gD2XTP=cjI3$i>=+D@{hU2+pYUl;aH7@!i~jra4t*T-PTu>k;@I2K=XFtd
zd+@bjoG*4>V8GIV|E55{$vr4DXV1Ak>+FF+Jg&-348~dhf&SnmtAF8TX&<3z`xh33
zPDT-A2TmFLh<C>?{*@iTpr+V#)k59I8yLPVFl={V=>9<Zp}>&UEt{M+r~2%BGd`K{
zP1Zgy4bjf^V0-v_FxlH9Xia(8J2_~jAD1zD$Y}45fK@b}M#`3h!_=6%%UduaCi|_#
zU`wMvt=`GEzs<cOdwFJXADZr~zLXbddJ9^t>}~ewojGVle$bEFX?~<=Jcj6X#Ttm6
zGrTvWX&0adG75$s*RgSg52b;;;A)y8bv~NqWbxTn8cg=i=$dc@BLod87*p!KXuhFS
zcZW{d9~y8d)PI+EU(DyRpe--h>K~S+JNoSB<9vl#xa3ji(YAs=*~1M!b2EbLUZVD#
za%8zS&+hPK$Glq9yse|}%#551W=x$hE^BDuo21~@w4ol~*Ngh*#T5ine6Q)D-y1k>
zTj12)fm6^!4+Z+KZmHL0-|fo|PQcYna6(LWk|)z&lbKsnKRO8~G<%Rk)nS}-Y=S>*
z6V1Y|<GQX}vwZQl1{zo0n$)=brjQz4<FC}?Z)>l=zW%58-u`6kH_z?zVw~CS-5MP5
zzJFhRaKH!e@9y50#IC>kE$xw>k-hGvGqT4`$X<6Hq8W$QUD$o7K0J)-GMb4p8kBQE
z*3`hbB%F?qtDKP+S2SUKA6?Y@ylvZjIph24vfbxx4quOq=+gr)@Z)j}<uIa8{9kwe
zY46)zTaP@Kyfxpx&iHTSD?PY--AnK9&P^USAvZW~#{P8|e!BnAy6gUNNFP6%-;4T|
z&M2CY7o+R6ZJyr4<d?V~+vOd%eCn!i<BGjb$JpoXmmHs)k<oV=TKt8>Mr&wp1|?iK
zZ1kt}HH}u)`uqdygQ4ExtJTlF`pDYX$ad&lMcmML(Qzp0b-An3mpiOo-sWlgK)Bw=
zg}!s0kLLk~>-^@`_NnI8!NFdG3y!}uxu-9?Pq(k2Pj}s+KHcbiSefVaG5ega$B$j;
zUf;%H1c{p#*Iuw9bI@Jr-g8!$`n(tbgA+Z$i4ZZtiLt?nalwf_f)jfNC&mXS_6kny
z9h{gDoambtGrouR@=$U7ZVVcIHU*1&1^YY~EbjeMUZ?-ClO3N|4{hJ;_p8^H+vm|a
z+d{K<htA(0DmfIIwF~EZoEoQn9`|jJe%?Ow0;Sb+{GI3eagUUlr3S2EN8f^APHwY4
z>Cb+?w=U~_IM0;o6%_o;n61;i<NL5P{OoN#a6Ni_L7+5$;9YfJb>qZvR@_+cz-=)0
zZT<B83+K*TmwI`q|M>-hY1x5deT;qH9X<=E#&xM@WVvZ=hsd?SG|u0Ja~j)C8>5$?
zL})<t2Ig!F%-$V1e}AClP+%5{!5L>tif3J&HFtj1LOhI{yQre3a>;_Z6}6V-q?@+r
zZP|vs^fm{CBZoOU#o=bFL+S0yDwbYdvD9?@?{CrjWY0Biv-|zFP!C-3>!uyBpGcv{
zG!Jl+f-~@yBVAu3eBldC`?}Gm`eFE55^ebZX&$b1Uk~i^hI6Si)|BlVon7FK&)OMK
zCk%7`{-^i<H|1Mps4t8b#Teznm4-HE&e#7g?iCf+`YURyLyMO!T(TH>S`=DVQ?b;)
ztYZGsiW;mtZQXzA!o>@hRaPvpoF410Pb@yS<bUFsKU}NALZQTo!mm9higkLOgMxmY
zOUDD8<nYg^>HTy%J$9y$;zZ$x`kJThG%sD*N&6pK*F1f^A6ow*p4?sqztEuVP{K6j
zSEonQ<cqeUe3~?sgHA7Gnlrf#<x|^}uUhkTeq6pU_kqe=?;DNtUrp!7jpom>r2kis
z8_gbBv|?4mqFX_l3Z<9=l?CaOumrK3iiHBD>!9}yAc6L!m;%|5rk@_5ed#OPw4HQ5
z778X#3DU`q;tVWgUyp?X+1F#CGNkk-EEFi6G`;Rg>GxuxK<T6@otTecp+M=R)3K2K
z8(8Qoa-`|xO6`g?{R|D=iIS!}Zwj<8=}Qq)dOb@gO|P?1`b#XGv@VCeES<DH-3WX9
zmv+0Y5x<kAf6UUmSUUb|X4t-)rQ^TTh0~8f>#~aVTK3n-$+s!c*ktFW2wLY6zkp+x
z6ZtTmrQ;j?cA#|9^s~J|Ecm8`9VlG~-5#Dr0&S*Pmu;6aB74&Rz(Sn;<O~9(lh*!F
zeks`YEd2{;VpBThUEAY75r)$#?>Zg-fi0X)LZ{R1fab(Q=yo2UL<HjNpz}qqA<<@v
zDUc26bSyzE<ydGuAzg=Mh|-TDh8wp1dc?X+@N05*FdgeQY@uUOOyR$4L;aRG6zg`V
zU%N6fX{;c7iYbr{X?i7)@<j{^lulZw52i!}N+(UP&JiaQ3x)sbW6|XY`9pCs7RpOK
z7V?ucm2;}nk07RC@;Mvn#G#l1*^s7~I8?V3Xq|LB7E13;4FG}CNz>R$>GTXsx4m>`
zLz=eJayB$QilBX`LDMU8lztPmSEV;VQ$11oT4)MnPdXnlrSFA4OX(A_qh{h){Oz9+
zAshTcM3{MjvO#3woA&lsl!DMpDFK1_I_N%9iv-$C@lY&ezYYrpvL~(c{x~HfP&#Qn
zhCfG%2$W8`2NvS|0t>QWr*A>5(_e+AW0HL<7M;EWTBq-X*7g2AGzGHPLHj=e3A7Kz
z6v&436fERJBNqCq7U_quP%v=<NGA@(6#lz5r(s{>P)xzZ8HjYUp_qcn=02p84aF45
zhO{oLhoL<xy#;X+mLL{h7g)7}E~{fX?mX;4$EEl<EX2GL3k8#(PavJ_Dc1gMfYyHM
za|`Xe2@8F_iR@p)LczqOa~9c9Oo41j$6_IWsQ*!*bkaIqj&-`-(moW(p0u_fOo<34
zAAXE<@<GRBQ;$Wr$<@#lO#42MblR6<3S>h%4GSHgej-a>xBLYfZ*$w}Um>Rb$o_9w
zVz7|?5iGh5(*!UD({ZzqPWw}=`(_?A1(Ut$+~HWGjM5$TzlBNtmhw)qKF1Anvhd%|
z`~Mc^7?pR5b-hpczs&pp7A9p=x78oi|K_^^ODn2EBdZo-x+7FIvU+Z1Xj!E-G9q!o
zlIb%ii?r{j%q^@~y720XlB#9rR9uU%7(^iEP77T@o2J?GDzltvl}M90OX0(;Ni)Qr
zMT<i7=N7@K^Q-awg^FlfCofzas+t+P#<cystB^TDm^M0Cd-u5$ON2$iRST;Y!0n>Y
z;swhpkp%-q+W_Ir4Mk?_nk7}2&YD&HZ%gOjm7L!HhYRqBEi`Kpax%9fR6Q5dUb3dN
z&8&(V$~a1Y>f*%}OGUw89(ishwuxlgIm(pw_e;fK7!_xj36BO8rcsfG3G`@4VHy?b
zPT)r)sd@Nlo3q#){14eg^+M0?(}RR)5N#9H;Cqw%(MS=7QE^${e_9X?C`_Xw4G$oq
zA%&?m@_XNhvIi?l9eG(r&D`20y1m;;Qz~jOE=^sGxnSo@Q?7NycxfB+!O~7}M@oCu
zI1o5nqIY0>yBHwtH1p^fxk(I-?nXH-x?7BcqP<y<cBT<A!oVF4?PNP|^svh*{E^}H
zx!+I8R&{RgsK+DI7-<_s-JtjUfnxoE&6={vFlI(Lh*m<iQF3jyK1oGvHjk&a2^&n8
z(0BCc3w&84b7UzP#!I)0hmU2jGK0i885Je$%rG%RMuiDGGfWPnB5x66sMz-X0W^w%
z`N(=${5SspyQ4>pg;5z1R%SoM7#I~L?94DR`bC8aJHVXQh>L`|RiSwmRpAup>6l2Y
zsamE6`LG=&IZw*MNqW`z1ypDJ#vqK#QS3n%rdX+7x};iN(?^YBtaBr_#YB9|n{Fs)
zitQz0eYRLH73&v@^)j)3iC8Ze>+{6=0<nInSg#c8my7i)#CnxjUnJHezup@Yp4xEC
zVytDt{wlG4jaa`{tY0tIZxHJ=o#2KTdrE<?-{h`9#n`_R>n6p}E2b>O*wb5XLQHu2
z*-48DKX%dUKXr|vV(ecfbdzEtekGl@uW>ip_V<YOwPO8#vED4!9}?>=V*L@Z{-{`A
zFV-Iu>yL|dk65QE6*tK5V#nBzc=&djN^nDreS6K<Y3jxeF%iGYL*<v`ZiI@7_;nvz
z*Hc`MSxm&QSJQSq)up%h7d$=XrMK&8N4-u{7;cCOPdPeiF%iF}Ovj@~Aa00>_%DsL
zeYm?3DkkFBIca^A*iO?&ZitEa^>wm8-Q5Tk6Y=YVv_4L3*N;M+<d}$G(<b|~guR{y
z(e@L?_DN!$rj6YYV@-8epkgBaiy5sKi|y0II!%kZA;#L^u0X|DPm1-Y?MYOfNRxy#
zp`!z>^A<zv1N273w9ads)<=l#yaZ`G&mpbzGXSmg5uesWSahIuKEl#EA0cU-k9f5H
z6D&H=`f9y`nAZ6SK<m$m?XQXTy<+{KSf|NT9f)VYi>4B2{dkYw>Ky+xv92HTkQLd}
zOXfPz`Wa%qP_5HLi)1`{zEEth6zf-u^;^WcemF!UXEJ`J>q)WwIkg_Jw_hH9nC+}z
zVf|KZr;#BUugUygtq-)<7g?XEbt>m%Yl%e<rFEeEdA!b=V}GTEe}Qa=EAg3(^JSJ=
zr+P`YuCgCkI~GoP(SvFVgRvx|b<9)iRPV|7FD}=qb+V!3Em!L_(Vc8vZ`~%gKdjbi
zVmleF>sMm?PO<*3TBphGWSnomjM)DsyvdIZ2+sBfYp_~(_%~Y<BepkM7prxeTu#RM
z_R5IuP1a2j+ka}Ujo7}@dOBkJYHMr6_BGZXwLZb--(!6lv3;%8GnTw{9&#mH_giUd
z-SNNK`ccI8hpdYtwzpW;+__gRSa|iag`-I=TC#xDqEJ=UlKIx9ODig@YcSDh&v)VK
zQ)%3_VK!5*sVPXc&AzX;7A;(CEvi^FzdCF+nOKvTES+C*Va3uVv~d~UA)7xsyJks<
zNV6(KE(j~xr;mwP58tmlw%E*5Xa*9unuQB5t5{YuYvFZ{+fHHuvT_Aao4QzK#hpJT
z=dtEEuUE+9`8CLFamgeI%+g*l=}IN0lqfL^cL3(we_*C9IGt{QK~`DRYg3m^s41?%
zw6Akxnyoe?SK2}|;gU0fire4C^A}ZH;W+|VVYVQgIu|VC<Z9%Mz^s}jODpUtX>Dz~
z<2R*g`$ZAA{_w7<VsZG;lnZ^^uXm95`t!5KP~C^`^R*rJofev}X2U7baPv;LYje&k
zo=kJdlg`Dj{#aD0v^LFtUD$TSupdhocko1X4<<IUE#h81ayPM&?dIOSy9ZG>&29p}
zPyc=@qwza(*HEW2!-%`;NM9p1v0cR7bL389Bil{fCr9okHrfLgK0M`)q9I9ZdN8Rq
zy#VD2IX3pWM`;?{bb2c3OB@@z_VLVhw4d}mN2igV?`V3C=~>|D4AK>j&SdF1Oy@Ei
zItO^vEonaK%kY6vh(+rn(uz-4gPK2`bR|9zO0akq+R`dzx{T>^(kj1%)0z-kLx#&L
zmg#t=?J_J!0>Zy7Lv<{>43+j{ACJ1lPGdTqw930(hDzIIsI*;%O50_q&RcdFDxFUp
z4?YkIvFLmiF>RNj^2aVirD-4SgPnJEEIaRtZ|9vhs^C!<zu&W0``Y$#+8X?kjy`64
zFSA!u5w<^UTEbJsY}m!JXE94>(-NL)mQEL02sU%6qivtnG=*KiO51&;#<8*c2%Ea_
zT<xUW`7-!vGkZBUHdD0$o2k-mrqXtsQ8s?;=1~{@X-uaxok6-59|)OPJZjp+ZZk^T
zZAS6!Hq+ZSxAMuJ-2{2m6pNjgI>*K?A2rot=Y`#Lc<6u#w!OMNwe7Q<bld(qN85R?
zceI^%#kBLz+er_{hCcP!W%HH2%~v)y|7OSD=JWR4lX29(Hb<q~9CpJLaV*~cd3(N%
z9ZNCoyeR+eyl@}rAPDwx?{GAIdYT+<r_Xb=?a%Fww)1tTqwRdD@zy>TZA7q-wZPGK
zn^D@2Bt1^1k*;)X=+kquqwV9CJK8?(Do5MLUG8Z6xa<bfv(ibY&tu};6os?qzsOk;
zg~O)HBK%Q#vGc`!UK{1O+@AY(|1sEeADW}smpkdlT+VbeszOA*%ALgTaiW!Ti-I6J
zCQh_+e#GH;5z&j_G;2l+Y29s8urWYsv_Ss|@o1*0tEAvOf`36}-KzAxh^e?K{VBu`
zGkqf1lztTP4NAX=c#G1nBmRTZWYfX)0j3W!P2U{U%tH8~{W*te{ENkKx}W^X#s`8Q
zOF}t55Qbx+bm~K-b^2J9PW3}tr_)mdI#vnd8A{h9rgcg$M@;iVT3<*SeCms&6GHev
zD91uJRfy*?O_xw)PyLm&wkJEXrx)Al6iAw0X0IU)`xL~awfzcZ(}b9YRI+~r@w231
zPvZ^g1a*D*E0s=T59tJTt+<WSvF{s*_malGex(!UK_GNuAsc!b|1;9Cp|Of|!hC!n
ze1*lfLA@O%4V!etq!Sk41A)GzKsMACeWYQNfppRd6}E}Jjcn-42YzLfiA|(6C!Nw^
zLoWr7RyH}XA+2rBR5qQ63zSVRY)I>4(aXui=|WttbUotBNW-^0*pp76ibA+XrROW1
zpw2b7sq{jmlh*0YD!mBlq_uDBDILe9F9AHQY>Ht+TKo2bvN?kIO{L#P{Fc)6We)m+
z0Qor``;tzmgg~G#1yFj4(g_RgWb1g9UW!%HI{j3YUWRniIz5fj;V1sZy8XYViCGSt
zbg~ISAka3l$wiz^8a7njq_qugBOCe>MxL@ES4nG|kFcH+i*=;YmrAt$i0RLm{)*{;
zG95#F#i1E>(lpOYbx(RfY^Nwa4e{AZQyZA2^aY6RJ`Q`TBPy2^8Xyr!CzO-2?Ee!$
z=`gdkPG5#~N{>fOTBp;c7^V9Vlh)~XQ#v5jUpFxQw9;LO?S2g#>bsj%I_b@%!KCqo
zv@TD(zr%h9(q1MTrCUkEJ_RvpZBKS&vj_1`rr#nB`&7iFwLRI9J+;qwm9|j!9i(AD
z05NH8|D{UzBPN}2IX)1+!$S6HO6zocd_a0S((Um<^|c{59@*2lL0b2<F)E$L3eq~=
z?&Gk}K{{!jzF65)yC9u__DR9+<H*-$q}{7*@{mqi+q6)+vUyh7<imz^0u~CiKiRyB
z*gg-!heD*2)@4H5$Yv+vZKPpS1RK)YhPIK-Zp3ZMhQ<og+J?4~4fXqXlnspuq_vIR
z7jOYUb=!g^Md>u9*CQUKG?mF&q^ZylNb7PVE~Vpe_PC?dFQRlX%MmYAx(@OEq+uVg
zv@XMKDxLZQ=>!5Ilw(ODXAx|FplK6neXJirlMOLR>-5DcotUH(;17jzEGc71DJHa$
ziF6|q>5`cYRtk(yMNEAog)SlxNYfZbA&7<2=~$!_uD}OE1{O-EW0BVBNtBNJzQKr3
zR(dGnflMbTor1Wp(x*^N3soG&SQ4siX@Aj)(#Z$1OHlXS_OW`iV?l?HrL=u4=<u<i
z!^axu@a<z!VI$bvkRCqP5+~jE{|r|rR6BYkq7<Z)J?Vriopds#bSfXx2}_;y0!oKd
zw;{IMAvRLIkWQdRhfs=zY{;ccNy8>lX>CK>$fh1~Eos<LK1e6j-~*un3#F$jop2SU
zs`i6}(ie=V%2S}JfApk&2Tfl#8l*Ix-=--2XT&!ueLv#6nWk%S+LxXm;op3RIaD8%
zj#H}BW}xAcbDmNUFK1yr;c9#!v|vd=I+Z7B-L5vObSh8MI{jBF9a!g@5N(e_D;AxX
z-;)ND%8;}kpJ{9-o8HLB$I6DvkaU9Le6DP$O#Y>8s60t)n>bYt^kuSsq;aeP*iKp>
zYoto|Bb{`@H4q4SDm_hUojy~grz4%TPQO&8XCR$)0#!Id4W%P54Tx`1dM#pmoQFS|
zupymrt!?g%)v(`-G<)oYO%67Z);9Ka3vB3`r3(x3=?id&NW(rC_M~+=98oq@R&*XE
z8#?chPC&n-KwtdS^+IihG<^XMzkFruBE*xFP6v;kHxefw`;tze4vp{-mXtouwZ@}N
zKdbbch&MC+64S3S9aNgid63f2A*OZWQ=cBL^cKX_jwzk;PD4EDR>TFQ?aVql;d&$>
z%*I0L)SgKv)ZqhR9u`Wc_DnkA27Dk?Vj<=_#581(rYde!`f<c}k;c9#I$J0F7y{ub
zEM&hEG5MV`-r=M8Y>mi1*QE4y&f^nQI{9XgZ?GpO>4fX>fnfJv*wgVxV<9H>Bhm@=
z_&}gxl$gYuNg6iPk4Wo$-K5e}5tG*EwSJUNCqM+!2|a9S-GeCQc;|kwnd!l#X|O^d
zols6n<rnt%L7$C<Y$#u(wGVcAB0U~yr1h~Vt8}c}5ZivjhRVVA^JWMH+D0}lh<{2N
zHdGFz_4SFJmwY53*m>#c=wXObsBjQSYk%yrLOS_rmzA<F#d^vKPP-^04IA>Abiz;Y
zfv_G+3J$Uf@zYHACtZLK1k$>E?D~cM2BeL~LN;_<()!w?P^HtcNb7XlAJ|iwkWQe&
zK$wSxI8+X#b-q@rbZP^nbzQHebmg;Mr`R_YX{2=-LRu*&I_F{XgEWf5es6|!5E@O*
zPCp4Tb+Z&eRv=DOx*qXt(i8E4Kste72+OcgI^~^o!X5ZP_!*WI0RMuxTj?W+14{o5
zv0ZLdFiIyhIhqcWf^=e%PN2d-n2Lp%#5tEVY{(7L3Af_|;UX-QPGw6v;ZA%YEXG3V
zRJNq`9L3d?uKXkf>E{tYK^pc{=A;t{i0~2?N~dxrt?%Doqjc>14&t{+!)Ace+J?62
zWBpOt_z{!V_xN2ZJq<BwegA$urBA{KLIM`ju}UYDLm>3SLg`c{q!U)*1A+WV>F<2;
z@l?{Vq3n=OSdI^b;aDi0%7=8qYJ4D27fP9IOIs&U14OX>nc`^MA84aLNH_X(3iAgx
zVSjFNn6^JiH~LfL*z`n{u*T80Kh!`FY=5AQ{vh4x&uPpb*o6IA;V^A~kZ$znY{$m-
z=N?D*LX>ijqlrbD{2{IDh1wRSlRu<&*`7@6=qS`zh?!E14+NXP*3mY9nxkz#w2_bW
zFkh9G%^%44)PWFe{{4=&`R6&>=0h9#NDuQ>-fjLM#-HwRY(5Q62zGtVaC8Eq6li08
zA>CMCLvT-z{p|J(8}jjc?HTFD`l6Eqg6+>kj<)@o<!IX<Xrn(!H~KS_`2(A<KfFC7
z-RMt=b6ne>7Us|S%pYi@KS($FGo1MYo3KB;JtN)d&ur$;BaWs|Pqw4!c%IRYru{uR
zj;1lubGoDbq^W`s(y@5P+R}Nxnd@kZJmValPx=f;7m+^G(bGxiIl7cIu7xO+WAXfm
zlyi;e!Sw@$YAl|7QqFarXM&^a5qSz6-AH<(qgRqHbo5%%7y~J^VDYGNZv*Km_(0f%
z#X}AvY{BB0YD=q?v>FF?l19I#(2m7ZY)gAC-J|+!C#9=?*F{?OwQkbW@qusziwAAk
z4jyRLZsSR#Em24$t=dm2Y1AnNKWSBuw65!p+JUaSRMM*M(nzbi%OtJpj*4E_9c9~-
ziw^`kq^`Si(yH#NNUOT5C9UeNfwZc-m84bO(Qu&aZUgCjd?0MbqU)}ew5q!{(yH$E
zl2&zhfV8SRy9`y`9i?<tcXqi^CJ^X(gRVQftW@1)P`awST+*uU3Q4QFn@(EQT^VUr
zca@}7-O>G{uDg2Ds_vRdtGZiDTGbuR|LeNjL|WC|%cQYT*va%BraPHF$TZzQdc4lQ
zv52)!WO@M8G>5Nka+uC19pi9{nWkrfI(-4t__v(l^g5;+nO?(m3)35!-oo^DrrVkB
zV7iOx!%SQ7UHeJzvud5nbQ;r{Oy@CO#B>SM<xE#GUCVR>)AYYSwGYiqZ(w>e)2&Rm
zF};`R15DHZh}Zn1OvlF}9Sa4T8`j#-bOzJ8Ocydeo#`^BE19lgx}NDKrq?pPp6N|Y
zzs&SbruQ)2NjlES*FmO_Fdd8S+9r|d0ZgYeox^lK)5WBFIL9hwdI8hbr0HaiP{(v5
z(`!h_J2ov$Z)AE4)7weYMHxan(;ZBAF@2b6`n4IouaD_erqh_tB;DINRvyzuOqVcS
z&U6*iwM;iKy^`r>(saRvuz~5#Ot&)K#`IpM50Ivl8$vhJN12XCooJgBru|H3FrCYE
zA=A^DE@Qfq=^Cc%nQmfwEz|3n-o*6FOz&iR57V7YA7uIn)3Io4o<2_bBr-jK>2#)Z
zn9gUqnCVic7cgDTbRE-;Os`?Oh3Sn<Z(({n>AsHt?M!zt-Np1_rs)@N^u9jQ$2pu-
zrqh_tB%SEk<S|{ubP4Gs$EKX=DyC~mCp$I`Os{0Rne_3F%?76NuXe-ftxUHuy_e|&
zOm~w`ahOM$jz^!?=_#a7aBTccXE2@1bRp?}j{S6|%b2cYx`yd`rkj{vOB!=f6xK7n
ziRqV_-pTYHraPHF$n+7WV=>0)V<j>@fHYkQBcwB(!*o8=#Y~ry#+(m@1x!~nUB`4I
z(`%S+VR|FeTbSO?bUSIx=TPWix{K+<Ow-MuXMkhxV>*@TG}4%pp^(XR9@9lkmyo6#
zZiI5CtC+4Ojd>Lc4NR|Ox|!(>r2Q~P*vxb*(`}>!j?G@C4=~-$H2q(0PtdWa{|l`(
z&FgFJCq2-y$zVE{=|ZNblTLH&%b2cYx`y;1$EKd?CZ^Xiy`J=7$9@yjFEhQ9^bp5p
z57V7YA7uIn>2$|F7GtN@iA)b5J=C#DXF7-Je5Q*@4|D8GnO?wjHR<7wO&!yXOs`?O
zg>;5vzme%JOm8PW!m(*5J<`z~q(?cri*%-=50lPv^s#>WVTfBMx?HkD4nC`trU;jl
zcA&0DI^SMH-=Bc_eeC!w)@gs*hGu6!&*Homq^a9ID3?brbKZsm=N&oX;qpDqn+nZ&
zhq10sQ&29iQ0aV1L|8x3d0t68To#6T7eRAgELKcBx)tUA?O{AzVuX42{XW)p`O!VL
ziMLGfV&O2A0r`j1RhahxH1{tJD^#vJkWUou!NUE^0WS?{#KSNc<~<M1d6`(jWkNV;
z-ZMzyyi)M!6hS<6sW7h{n)7JBz{Gn~?URp~LN(*jr3f91^3{!n^YXExhHY$d>?r<B
z>3mv2XatYi75PV(B$`M67LoI4t^%gvKz0;pUW9Z$tsr#3s0}gk=+cC?k$<BEuLbL-
z`W+^C8z#B+OP3s)H%stn-oupNa|LfNcsjpy`Jj1A1&`i`qHQ{8y-4sfCOi3~{L<-M
z^X?J6cC4ppn6jhQRf3lbULMkkr^gB^zvl(-fZ7k6?4bR7M(}Ewe{_o0{&fgm7uM-G
zI%wXzf>#e-8jQ$4Iz4M1y)TNtaQ{7w6;pkDBY5k<)AbQxyr4IdNApgm{z2cFCLi*#
zP&fjf?r(Hj*8UX<UMkkr>CN7c>?lkWyu>NaTrlOAPRW`#SMc(&ZmQo41+Ni2UB7fX
z);xQD3+p|wP@wmAv`@6I^$Nk;4j$DT`A4T>&3hJhygq2Y&E(&cg4fRcqtmeFy(f58
zYCo9RLHoBy@O(wCe{>4gJep(T{?WXj$-kq5mkORPKRR`5UWVW`MDcG3>}a2SEEGzZ
ze{{;%JbR7~>$*OueoX!2Ji#jmFAe)qeT-(jtA&3whe^lML2LTXJL!D2p@I2FQ|z>j
z{J2~2)<*G<<_kG*CG(FSt7zUY1#f*6|7dQJ^ENa8=y8nZy)SqhqWJd*!E0syoymCL
z3Et)?{(U2O2bh2K2toUI8U$~DG+%6Le<#C^_Q}UWp&LBi{^+rh<`oHETNM8$3SI^-
z%yj>qz<7%VkLImS{w)-|T=2Ai6B+M5!8;Jezcqqa!~DakGo0V8g4Y$rKbnKZpOue=
zLOt^jLrs`x&%I(@_cz_|X&(y2pzyKaz0CZB4D*hQi>zP!V%R1)A5`}gPEdAeHcki&
zXI0zvhh039!kfb)(r%F9xawBdHq`m>!;Y8BPB^d6Tj#=(wo$vt6+AzVn~!uIG;g%v
zb%K`$BN~UMW6``>f>#cn{s$Js)Vy;AFZOJ_*NBb8qsLL2S0Q+9SP!5r=%9J!f>(=7
z(y@tGf<^PL7QF7B&O0uWcctL%o#DJsMLd1aLFM-o!K3-V+cXTZ_OD*>>XAwEi+H8V
zj(86XURf_Q?|#AC!*~}m-me9(3p^V4bkP3&O7PNWx&D>GSeM`L1uqTrSeY88>}d5Z
z!K(wW3h9*JOR#9(7lKz3h4+czbunH!<I#J5eB5mS?-6X*LFcyz>`3RU4JD|IHfZv1
z9v1E2Ai<+~IQ>r<Xjjei3!eXc%cAFk#9P34g@V_No3{4}q=M$1C3pwsSoU*s;$4bG
z`&S`&wSC=xmOx0&D;K=j3*7cx$#`{wmx`Of0D)A{ye46n7sc)&VOI`2HSJ~-HSg!b
zt{!#+^+6G9yG^hoov*fSL_YMmwn*7gKYB;-)`Rz)+J_>|dt30fgSQ#mshpQ6JK}vQ
zc%`_xH2L?b;MJltYX7ceynYyWcss2FkGAWe{Y!!!&+kg`^tiDM#<Y$6J6-U)!Fx@^
zlpU>R3f=+m_9C6~dleSVn=N>olbm;OVPXgE-weTf`6Bmz`Wjej-c^Fv0p4oGqDb?q
z1@9nuxFoXuyH?pze(mQ|h*8{js7}VaqWWZt6wSL!@NzJiO@|%j_j+YVyeE`@+0Yc~
zkGHH{j<i3CNBEaSKBlKQ*F)M=ANNIZ+=h$Y`@A2+nC$4de-gYV@bDK7n%5zCN5RwW
zsvg#wXFp5Bx-OTNDE|FR@KP`+*J3{^mzx+b1Lrf|PCKIbHw1R%Lq3-O!`}D6MRi^I
zzj@4z{~ih>q6ui;Tu=raaC~4uqlpZNn1I5dNQ_p8e?lGpI6$JUZV^+Gwse0+)1-e$
z7BQQ2w?q@0O|xCo4kV>X7k3Tmrlt$6A=xI)&vXq<+jJZ2?|bh1GjB#o((Pw=``b_F
z!{Oa`|D1d7x#ymH?z#89N53B6)9Je#_d0#$QTQ%RK_BhqnejbhqOaS8Z+{d%H=H=v
z;$M3dzT}-@`tCL1dpHW;THwn-y8a`Y==YT<d^x~ZjCkVT=K*?qpN+y7n1VjqPc*mp
zfQh~y6TVlY@O4f>-w&hk-EX4rFHQLVBMRTZ6!iTn3g4KCz9S}leBToHy8MNvpl>eh
z5OaIqGtozSLFeB}<TK0P#VP2^iNd#fSGa%gH{shFg^vy+=ObPJQN8r@Md91LD?C1Q
zpDvBxgHiYjf$v)KNBgbj_KpCbK0dw-JbHWkqVQEsLEqP+@V#N8@2e(!FGS(%or1pS
zqVR3^hw1Az;d>_v-xE{NM|P&Uz3srK>z9X3_~yYrGxzU%Q_vTOd}e$XP4xAd@U77B
z!Sv$4>GRcR2((*{gTm{h@-3JmAKybpejT3+`7pH_Kcb0#Em8RLrpVV7m9H52bR2|7
z58tQd^H3yyCCF#C+lglcUqwEsa^rUo^5q$KY96{B(D3O=-$gzbA<%w$@G;~w^VwRB
z=dqDUdhKrjltyy@_fh!XBw>b)rT=t%PetJi)u{Oh-!}j{K9~bS3_$<AnTF?VQC9!y
z_~@$l1*HvO!d{Dfrx3;z!SPZ5K>Q-`U4+x3LuW41bbO7?__PYXypq+jOs3!R6*;-t
zIV)B!UyiWHWBz~RjXAQM?a90G#yrZoYvyOxl@wVlIwr#T2?H;x5Z<H1XlPUp-M}0C
zS+UC?Jryy<JU;wymk}gFp>Xjd-9NxXk^f#W-Hsvr0U#NqtOnEq?ge}u@H~J}UBGoZ
z)eh!(aNQ2Lo9<=cr|VigOONaO06K@511O;m>BPDmS2_zwEqn&o3p^|ebY_o`(|asS
z0098`cRGPBgzE*s|KyL(*wMMUC(x$txSD@--tFW59zk9@??z|aE&wh8Xo8Ca$N&$3
z)^*zfbjFO<P_#bk1?*DQMI4<O`>+0;`){b@zq$?4_}?NPLVjgHG8A1Ipc7D32wB7R
z!+u}?i1ZID`@bP=#MFNBbA8xP0)O>iswu3;{UO)YC{O3_?*1e3eEnmVr}KADz%TQk
z{av_5J#=0#`bX#Xte9A2np{5QS9p!|l551#Ilbr~`TL@O4cCaHJY-W|>qqDL$c_w6
zk*<}YX_96KneNAsHyQKjmET;U-(|q>0RIm7J>aL5=MVj@HqGDHDof{J=ts4X-;d7d
zQPl@<J@OG{)slbQ|Gtk=$1@)z&mTv{pH}G+Q+wYsh5xjuG*N?b@8)CQDy*JD2kb)p
zktx!?K1Dp8Z#4fd(mffzrr)*Vl97kbB1ZpO5y!_Cji{djzI)|Lbe=!e`%ci_1E6!q
z7I|ta2d>fXsdE1idFfo_0{FlGvp+ibsQ>7!<30eLVWjhlPXW#W-T-_6SO8t)0Tcsv
z0qE@CBY+U#Jm3;wI@T}b?{)#!0=5J80qzGp0eAs$0q_C91zwO3xE;_7I0G01&>^Q}
zKn|b;upJNpbOP=N3;;ra9|GP2SmC!!2CN3`0(1iI2Mhq72aEyepi?SfHJ}Vo3pfC{
zA20wo12_k`2$0}>kO4V>5<mms0D$~}=Kya3B=}I00p#1-1t1^N*8%4M<PUKH$d6GA
zH~{DagaGdYlCf@F3kU%22RskB2%zWk-GC}UJK)QJGk`Y$bZ{vd-~ki@Isv_aX8`X5
z7F>@tD_|GkUO)&yhm$;jT0k!#1h@!DO-3Dn9>6nz9|GP3eArK-gGnFpOF*6+K%SO&
zEv~hI20*J8_Yo*QGPxaidj0@h1IYXQ$H;#PdEV#wrVDY4z-s_4JKVS~UjE@^S!8uw
zck(hHo|jUOAYb3d%uD$PkoWmNAU~D)(BE20oi0$DKkP^L;CWu}H4M2AD>y~k2U;5z
z6@#-kK-K{{fX#qTz*B$`!21BQs1^Wn040E0Ko4L5a30V}i)|<71N^1pDp(MMYXjh3
zy2lXvI<7R2oWu1ZU^?URfBt9UKwcD2igCX$Dvq-EMa7+ox~DuN*NCI|3y6OYKx66n
zE{Z|-rl4N|0l>Wg>Z32?`V4?{+z77k0sgoD7NmkNfMP&9;0OS}PX7PD>E9XD`9r`(
zfORo+AD|Gh9q`Be+EM;)0NFePe<ZGtOUE;)=MAchRMryAb$~Je*@{;_bLC0{!kvIG
z1IU^86s~Uo64IbB0RP!v1Iiu&&^qkn;&=-ApQk!y*eJNthrG$C{kY}L`P?Y0`_9bq
z6kdxo>Vqm=+X4UEe)pnHeShNZdP<}3`Tqhs&jIIK0BbsIFF+Z9#%?>VfBt<m2kwpH
z)BU)oar_Lf$r-Ru03YXffaepr?&(4J<LVw7|D=CtUx9Sc8I&cxFvjt%6+XZ<VJYTC
z0O^NaxE=ufsr{Y+P0s^90PGS(!R02^CJJS^-V3nED#cGAJOa1~ux5f!fI`4_zyUxn
zfcXCut}g&C0O$pMGGHxW7vTTL-#*Yywr|fLLI2mavgdInd+MB`a^fxAPtOMLab2(s
za~#q<xK;svgZKtq=j1>q;MxN?1Nb4}BH&N$x4?t-Ghi2h+E{#(N?{M~$$|6)uH{<X
zA42<il)K1r{2`@~cP;peauTfr5zfK2<RjLE$ob#$s{$Q&1Bg!#uF|WNgs&m|6ynbT
zE+PCrrD?LF=lVmhY*b|8f!IroosgZj*h@Z9Sn}EFz5;=X7FH<4UIM};bEW$1c-%<}
zE3_alLJl56T8ec^L453`JVkkKvr@e@xj?CQqZHjY;NBgh-Y;QNz1PN$Ka4a<jJ>qI
zEB2C<AlY}=<;{mZMaRkt<=yu;dD#hH->$Xm;_9Ez^^RJ+*5`I7Eby|y-3eRSXbcl)
z?sjZ(74AN|+D<MRFAF6m*mw&rCyrWOg%_1!hcNcMTC%6McycUtcn<Q7ieBpnXCCpg
z?-ZfOt!FlGh#?x-sS5l%`8+k!eBoj9zvn0$|Ht$8zO1mXth6fZt4S5U>aVU$@UpMw
zKD7jqN!d#ES7I+I>}!<VOUb>I+?)H<G(=MJ*J3X@1~1Imd+&V%RbQTdG`(`5vH$$+
z{*2teaen>K-^A~?9JDvtc34Ye)`*$Yu~X443hb1Rf8rC@>3bc6GSSO%d~w>q{C(4o
zrrka;BY1vxFm08&bf-&3@ghuJDA&#ZYo(P@ixTr}eadWxfOtkans#g&@q>ed=)2Tl
zeR{<mpKR-zW(iIcy7Dbc>l>}Dt?gZXzrW|f+kzI$(NmVMJ}4zgGru_V$QO=1G`;Io
z%;)bpIJ5K9$L{)E_P6icZ~bJAViz8pJN>4b-77Ly<*u}%o20pl_e+v!pN76;C!ev~
z`1RZN80~6N;~j%>;P=oa=~!BJ3Pjz*`dnfk*wFV3;`?60zy8@28l`_P<KM~S6gQpt
z0#_e@$1<iN0cClZTy1nut`P>HY1vniFXQ{?avMIhC^t6CHFd#uxu(I7U|lfS5=0hZ
zT|vP|=E3&|RUFMNRKBiePhBmQy}hL)C~w##`|4`$lxy%U%4&bj9=WkiZte&K+;VFG
zUrwx(>HCq8Px`u}T+`Uv03z!4wabL7nnx0OLP2B-K1|uz)X~JN6}<jhxd9(%#NBS$
zAK2Xje1#pYfyNqtd!1ZdhmT<T>h^Zvlag|<uBNW>PLLN)F9<Z&HMjFz;bc>KMP2aD
zy5Q95Jf*TO*jT^+s#?r+RMfS#HMTTwZUlQwghbF<fW|l0t8^Qr3L9HwGZEEw_4w$c
zOnLDR(H7a<fQU3x8^d@j{O$hsjy6+MIgW4!*@Q!*rGgg`Ow_3{vcDcDWHjO+1?%=f
zdYX6FMYKsJ-IQvsdWyDPRmRjGCMrIH-$uU`wlvq7Y9*eby@=V{(HK-^Rg2S^ukpad
zcEW*nAzx%uG!%%xifEmaYJ!U3nth^5kBLIHUx`LjXQ;U%c&m1OBte>htF&HAHn_Z-
z%9wbof2A}`%2hE2MZBlgVHru2DItu<;13@zyhHS+nev<D*+k$JRSGq{C30<JZF5>X
z^hk59s=_c_F&G75OY@%Qmb;qeCX77)?mD@Be=Bt%;@dh}TU(%KP=M<dxvitIz0NJG
z%^|UZT(rqhet%GYe5q8vb9olb(vMvS;l~$M3pyaI8){d{8=CL*2O4Wh=Q=4(?Q~Uw
zDu_tRPuDiNwS^y03+rlwZYXvt3oe5%4gNdpWFBLr7Z$IJO6M^~y4G$}c^+e=w?Q8?
z)^PTi@|a>Vx9B`9tGF$yE*@i~Z`|zL5=kqMG16(0s%YHZ45bxB<4yHNrQrKU!Irxk
zn|I4C9qp|h7&;yG^>x9Sc&=KN6MuVqT~lj2<!En_Yg(F{>uTENyBgaYAVQQC(|`=w
zAuWwQA?+bYmhsor)U{4oL@1>Ghcwr=HQ=MVZn<qwW2@{d)^TFmYpMoLK0^{u@SR&D
zO`mXenZ=yh60DUslgQGiVJUB6T}^O5>TeCU><;>yFbD27I$zJTu6gP_dYUTpn1(UM
zV)pH51udl=m~~Zba!a#Zu(=8r0lu$Hb1PStrT%7&p`g66?k=Leprs?ghn+faw{(Da
zO@xEeP&imu4;E8wEe%01+~Y=&NUq21FY|9wUzL|A^2qz^+T9?|$iu%0JcZ0}BxJ3A
zu%nKqqE>%f8%A|wGYuYJo1Y|yuIeyCoEp$m&<DC`Y2pG(Tjc7--N?%Aqi{OJL7g2S
z9&)|EF~BDdU_!U>y1-u8OEopTPF#&TDXzhfiAMVvGVbY%%+PSCUzM|_Mi>X+O-*<n
zh7RFTWw*(g@6l0QAX|ftcal{D{SaN&oW#HRO$b{8&~feir~_&tK6Onb<meod_L@4i
zi?ZYjjDng5PCz@Y=A-+UdQ|OAy^o74_?Nb!hDz(2T7vs^LCg;Z{rjULHGLJ4(YJAZ
zR7vm<an#p3E-(n@T(HhxyB{)N2L<2Gbz)(Q$~B}L7Dq)xu(5d$Z*kP<2ak=k#%8l(
z(CyO-K68AyeOd^!iI_;U4DpA`c)5b9t97N5%8^^@<!VTLE!kFn%CsK(Xam)#W<)kJ
zf+3z<=QP*th8BfxR@DOX>-sB_O6WYQJ8TXL1!Q99-w6@)R|o3oljt9bS}jBD$q%$|
z#9(PdeKQ)H@yYnc+75p}k2aK3VM`O%0hCj2@<TRADfk00%c-m;{xnvA20HobyfrON
zO(;UyjlnWwlgcGk5U8APUFhRdu7}cTYXFP5KBP*?um`ne0a})n)Bz=QM4$yNscUZO
z*xkSfN2|Yf8NO2vTKM<YOVtUVXfxl-cP*o}#HQxJeyF0lHkuuq>$ti=CoNN_4V2l`
z(%R;h@A6}$pvUhDVzwp4f*v-Dmb&&JIWSqInx%~M<WtxfM3dUTG+ox|qApZJ&!Rh^
zgHa_0w;bf6Bxr)w#0MG5axFx|p#@#vL=4hdW~6};dOFT0_=8wug}DjItfPh9T|r`@
zYC$d2bc=2uwbntCMq5=>rmhiFk}<&<_LPcUZ4U@)!%B{?>FV~iVul5OYazg-(ZNqF
z@3;+C8@5ffexyv)ct{RbhG0#*zikirsM>Hu8yG~xfab-9S~Nnfx3&W#e>c}|m>g;D
z4%XdSQwwP&`?(%i0~(hj@<aX6WJ>ul7lHd4OVLg)6U2nHHm+y+Jt#+(u<}JdjcvN_
zE-Y3jA{ttev<2JzysX?pQ>{?rC&^QXmD&E}X=puE9oZl<5UZIu;du7AqY>I%w`OSy
z;wF)92RG0{7ia^RE}Cd^;{DjxQT<7>bNEQqF`|tv&6#|8O}tZkj7xkQ?=0$vYFaXJ
zJr?fqfPX(kgE~^x%6z6aI;_4i*hXu4t&h~q5Ln(Atqs?#mya;jT;tXOa2U<d=Vf)!
zXjlwcH;sdcsWW<<RQt&+AmP;Kd(_d|29JYk8#dNra%pTgrZJwT^)Kc{V@l%jG&~J=
zhDH$?t$f^??`wnAx`oEmHJQ`IQQ&bjE0a;DmD^p{-rm?$*HT~W-w&;Bv={M>ln^vU
zqAmU!l3;V(HS$IDN1(2GH!NNqF=P=Y8U|G@#GA%F8b@-d$_^O|HGvjr5cE0LRO+Cj
zbg~P{H^dh%+)R~Wq?okcRe7#THgJ?ty_n1iFX1HPi0=8sp^7+<U$>7IZILOIABz_m
zCN~VMaEXnOQNLV}FIVrE(fL@dz~FCd4`LQEcwM}CbD7M!jd_V|tW5<KWz>uUUkL<!
zFVS<A{i`vKXXS=5v`vfZ@S<W-Q3Azj3PRO@ffi`sS~b1}#ty3EHn`R!n;W<?f~5xI
z0P?D9C0-v_L|c3%petOzrXlq>UtL>k3nr2vCdrmP9j%-tu<!l*xWlY~yY~vQjA@Wz
zJYn`z{U3boQh*YTb@DpR`N!ib$a6-fq8h8&a%I}uQ_m`BQ#*7sYSvVgTh+dthqtZE
z=ko>l3=;|VlOJuzFd|ci#-*wUx#urzTdU5x@K_6Cu@Y=XH^bt@`~bZ~-9(N(-iY;e
z&2>SVRHNFlk>+?V&?X&0D=(60tp)Y!G;g%0zz@=Zy$u~yCpYkEQ&ZVSo-NHZvUWGa
zrofEU0t107*=wga`S)Q#<KHb~0BV(zh;PBzs%_leh*>JU)F1^5q0nj5^X-AX+pIE*
zoAFWEgmrM6>UmY&wM<iQ{tk3^barmT$_2XJtM#B)HDP@;C2B3veG)$KcQ^EaDw%4c
z=GBxnx8`Q7o=V8F(3udGu15=e%)^+5@-f!l)H|{^omUk2K%Y7fs>`M@r8*MbdPFy=
zPA@RHrAh7S2<MXK*U^d6WRIKCBzyXdstT`)J?y6|#)2NpH>e~%pI(1iu%*4FrX@h4
z#OF9NDpfYC{w29$;|8r#-d?UsYoR4ENCNw5=7mCP#&|`$HKe3(I?#FOf3@*&w2;3T
zeIFhNWb$hTD1TH|olH|MRgZDJ8ou!Sr8x|=`eDRSRkR9*@qx9q7H|0P<c(y~Z@|g{
z-gVMYaMsr~^XBV(iEzxwMg9(~8}u~dCU=h*+@z`k{viBwdY*`J1qG-wIdW|2dRcea
zs)n~*s#^XADnXZBt}nGrdOfO6ZE04w8OYu@mTt!0h`|WxSDI@gn1i@Vt?NlOx5*u?
zuwtPMRKGZ%R8@~S%__Q-7)BUh8}elY=XV4XXdT=LPary)mhXJotxwt*=U8>1no=xE
zAS&AUXzG9lg4I^nOv}Prvf-e=I?!9|N-K0B0m;T(!1a4;3j~;!Md(OvI)Foi%z?1k
zr%P0wIx%eJ_F66G7FB7s!Fqyll2OYiFD;u8&c~xo+0=4+KAJQ2e#9)zCjnz9sTQ!N
z=827@#>kJiU)T%{P5O>IS5&)|ierjzld+ZteV8KPuJiMi9u^OpBapkG!3QdTbtADq
zrA^pqjq2U!xG{!kfrftc2Rfj%^|7uJs77iQBL-JZM}Q=Obh0)&_zH%I$Ea$#3;hFv
zuC85QgAr|Qbv0PqV3rK~w?JH@>LDij;cg7$C)CDlNM;YMSXBLwyu>GNBbml4mUx_-
z8q;7eslI0#X|*Z`b>Hb-jZg(tLv0KE&XBV(<utdD@vN!?R0ZE4HzT4rM0+q?;iKKW
z2YhwyL4C^%{>K2JAk2-s8}0({;3(CnCS%@LB_^M*?BIbUQ%)0FeQfyjE+giIRg>1E
zv@TcIlN?jn^&)KCw2}M7$rsPJ1WFn~OPKMxtmc=L2!-p4^0$<17Pf9GDS}^iXK8-b
z&WbG?Hm}=Ru?<ZmuK`qA3-^<*D<Hj5$Q|<J_%3WQNjnh>3xjwT;p@|8ZS!&ydIm!T
z-O@&mP_?5V8mb?b_YBkv*)x&pZZdn}^6sETH|Lvv)%<xn|A>b5TsScp5uRZ-`*FXl
zp{1#A*{9I$yFb~{+~99n20L@vx{9(q<;EL#`ZjN>*jZ6{+fH~Eu_S2;Qfemoq}$p8
z%k*noux6R@Og)@6utl+1sIr^tCtr#_r_;ST9OY**ICm{>a$cFH%NDRE*jP*RE$>Eh
zB4X~Y!CXPpGNIsW_7a%pl!;75Ed6W99D(|7Y)1aY9)(=n!i+Mk75o?paAc@C&>}c3
zv~1KS$Tu%a8{NcFtU^@N-(Sno``ci2P=A>6Qbyi^)WsOPE!;B^U92Eq$X9V-VZ&`5
zqh8)-DjbmlO34vI>UTeeEOZX_Z4q}~)BM1z+#gv6dL_th6S({6^#_nP6DN2*JegRh
zaS1q$`Xi&cOi`4IBfny!T$b;vSVxN7yQQdToljop^KJ57O;Z$}8HSyz^=6&y*FB){
z)scEKBz*>q6+?GiD?4`z(O#p*blx6nq&^GLEZ;$UhNL&iL@!iLblQpHor+QZVdbHC
zxTT=tfR5JCRH#n;e3Lm2-i6b(2`Vc6TK?5&Uo6n5HZ>VvL_Va?Y`gG2&<&WVv<<tP
zTeuI67OUEVlNQa8CfIkHjG)D|bw>3>=rG*-bn`pEwN;&lHS61NnkIBF5!Qa;Y}|pa
z4oWw9t{Q6^TW~gk`+9B>V25zmh`Qv7+^;HZ(dH0MgGSJ#+Id9hReRkUhm943rfR`4
zXhN=!+_dS3gDSV^a~~!xK5k8UkOj66t#inIKs?d#XkJrow<5ggq;mtBae!GMES+4A
z$d=tx2j{1@KTTZ--zjke>p(KiXeu>)hTJyQO)~0Z+OEQ$l3a(wGw=|>-$?>MDy0d&
z28@d!n%f>w{W`%q)oRp?M)YokuaVjk!Ao_(BaSp92~evsnpMfr{pCEKPw={!RYO%0
z6;OzJRt*oe@T2kQqI@kpWnovWZmyA9*L4@KAe=>?U$2Tb?0n8<(}2-*Aa8IOk6R`T
zS|{Jt65ONB+fms-ht7j&ynG(xQmI;@eEk-=w+VJd=fYfJDx+zU4!%7|<`NmDYCmc&
z7u^~%eAH@QvOA5en9H!oO1rbzOoo_fW@!|L85&|NEKnM(R?l5sGxH1`8HoyJ7uZI3
z(piY;c$j8)E}tqsYq=of7ln!!$-+6$8JqabsF_*n1WWd`tmSaag<6YLW%UvHm;Yh;
zBXiGKN9!TCHd$XylHUHQ&ztBwnW`*k{R&q!P2_y-rZ!ePg#eae{HVFq68N^Xc3wpH
z0c<Gb8UwZz-!6t%vxa(uv@a0yp?=pg=pxlYK{gl92fGd40c;hA^SNbmwo&1h`g(2O
zT$MuZ0|YH$DZS0K6HD`=?pD8A*QppH^K(4m*|(A#vcO+(jX26{=0IdvPm9E_+SXz1
z2z$I(=BH3}y+9KNKhRQGtlC^{n$B0zN21fld?Y^V8`2HN{sPy*(W77IcO=46+F;d~
zs{6cj=Pm3cZ4qy{MTPu`gDhIIAM&SpjA+rT=_qt6U;XnPXFqm3?=rISD0l|4Fk;j*
z8OE9pCjd147xp29@#_WoHa6`~s>%hZz=Nq}-K@d*9AnaGx_*N{Om&OVHlXQzP5@0a
zYc3<d>a+<{sqsLS!LTgzsg>*sIe=vy^%dti1Rk<l5Y88l|5Tu{Ix+=y(wP^SMA$x7
z7yZzmQw|u^q2^cTVcJ4B<u&VbGAi?NYL(NbEok9`@bAM240bfrx>~opigjOPY1{72
z+**kCWg2}L_OH>-sbTNvQe<E<@~J+naCxGZ_F-uqhJ8KA4c8R9;X%#Pq8e!95$#n6
z3!LS&4~Y$4Q?;5wXf8m#K^`a_e+`!hgB-%IMd|oqn$nt$RFYbU=I)^Wyedt#ICPJQ
zIo(WzIo`YgFfg0&YUTF8w$g3Ih<Z)sr;3-`)RVLk>1KL3+o(Mo(R@C#skK-!wl~mW
zhjuf)#>T&i#t4pG9shA?58G<`S+uZB=$)@xs#v!K{i?x_zPu_I<|;$VG<kLLC(<J0
z)i}yIg<n`-tNZF&G4kLG!f7Ma$CvV)p*U(s(xTZU&@I}!L6>!PLMg?u2t9`HQS*b~
zG&1Nwfx21U)J6*&>~Y8i#rYf8uagTlloex*T2V%RoKj<f0<BC|bw?{Xd$Ei++!!)p
zpz?k!g$naG=Tl$OeSXP0-)2~-rL>)-v5_kzwSJsaX|5%wt+qvske<m65}UA!h3!>~
zEbvLu*`gWYyRc&e@f^R3lcVQLDa4bVsmTMFN2j1j6u~(}Mjs~hsp~m9cEmde3t-h5
zN3y6LG=!&z+zB7n4MMn2`C!)c328N5$*Up^@`P=5L2_4<$w9rT?(p#=A<#pb{^M&{
z3<`MIr~_zUx|Tb*=pZL;MUc(`t|%L!kYX#i_9`aTq}@lH+u>!@&0F31YZ}hl83dw}
zaI5*MdHcc1iccZlWUB~}2Thhgy4{#RsWY_04{%lUso2aTGDT$nZq*GX;EtA_<O5X8
zKvIZJL>nIwtJG8+2~ZXK*8Gi|cW(8;JE<N!Yipq0CNfNfGCw>XSS_l4`W7&r&uvs8
z^|YqIF*<-de_h3LB`>q07!nPoy%V<1&aE3Z7w<&EPNeKC@D}XksXVW;;>IcRBE_7S
zY_WBjz?NyQL9K(QeMn6aWsMrAEE`d?S{DDKYNocS_42eS+Za{esC~-v5w)B7i3ITX
z!+1(Lz#XlQDe@y)=PTt<>5Jqm#fRyess~m4QSH<EUQG+*n3_jn8enMaeG3^OsfeTl
z>DT14S{I(fnz0;@#NG2ovp2<(*Y4}LZ=IXv>;LT5W1HxyH%FPk;_*7x2f73$)gsI9
zrG4`@s96i%3PcZB?H-N;b9u&cEn`r~OW^rjrhN6ocK+HGwH%($iop|l!?=^gBKkLd
zIe#LHo;d?OFFIe1|GDL?_)g5Y)pdGg)IfA#vfF`YQqNSCl*X=^ohgOv!YfB(?ofVR
zk%K&PcAqN-4{;rsw9gO}_X&zhky+rxfyrTOR75vX|LpYTFF4P~zhzM?--f270yY5l
z015&88Mqhyua^Hj|F_G>K@py38xjYZ_-wsHnOr!wW=<x(`aXoGV<!zV*~!n@@l2qQ
zH1eA>ma}tM=84}_U-us)b{oDQ!QzG%j%U&*_)sR12}2{(zyF=t=AtS?_P*dhU;bA9
z`(TWWht4=(mauvCUaM3+93vP7R0eu=25S5}E3OXao)){`r;IvZ1m@l|tvb#q%1(9^
z(Mux~_a4c?Ikg9!@*k8<s!5BPW6o&*70-9zsGJ=qF+FqlzoR&^Cm&9WiNyPJ6>lI&
z`MZq#uT$==)#mng6#axKaEp4Tq90SH-PMux{|m3b#K<*#j@SHHRD1qWt(QHbcKsga
zKB4sOl2hX9hZdlg<hyh4HWT^<`*%^G^0ZrPvsm<Gn6>QW7mB_`w0tXymeZUT;w*{R
zp2sHQO|1Gt(cc24@cjv~`>!H#Jwmv?ABF3$B5@HX#o?n71?>+|!5>9(ZTJXr&7eUN
zyL%|tn^F9@N9Bi+@39FF8?!L+yKLwKS#Ez?u`%}}^Q&hW4KT|V7+}XP8>d<vZWh#%
z_1;-|ZYAa`JtriqUBt7l!_;0WVQ9>vNY5>qJ8g->x+G}ndBea786~^HxF@`RL;&$`
zs?EIXD7u4inH%<4wb)%AQMAZM1*Zig<)bvR7zwaATo_T%P6HZ6=LaL}yg9ng+@M&L
zYc6_M(F!V<8#K#KhuwpMURBSe##NpceC|E)yLnc~N?;G9&XW^Y|J?lVzmb6WH~-Bn
z^Is@(3Lm5(1udQS%ZQZW>*<+N&*r$?FF77~&rC$OJpme{-)iO##_Mczo;&TcNS$`i
zAjLWz|L8$j+}r5hO7}7R-a_{jA`PgiUjFPVv4}S7jsvJ)-$VXu!8=HM*dhq@4av)Z
z$MFpC&j9AUPOYpD>E`(ViSRbi!gZssFSOMm4i^Z%=RPRg)gJ8o#_n&4-K&KiB$2ze
z^i|pVY(k}VPWM5fK1VD%C@iTJi}Hl-1489fu|)?c(tdy<?b(9;)54Neao8i+KP4>5
z5xcVl`+kZkatro-6l2d2Fn}menqa?^0^N%Rdj};Ir3m(Rp2sQJ+l0zDrVR&$%Dbm^
z2YJ2tUmLLV@bF%QcXjU-Dj%^GQCPI&f6m6?R-rz%xSRfai|D^-$N!ughg*dDLQgmS
z7mM&eA=Qrmsf#dx>kAij({5{hVcc+2SZ*LiUl5X4Y&{z5)Teex$~}Vb)Y@%6X@O)v
zXfNA$Y{#_Vshm#*TN{pT?G}r6@&aP_C-BVl-(jk;XAwSqs!6;*5mI-jkXTFCb|Eo`
zu0bI&fv&AW;v4gDZ59%rqHBOi?cM@$9Bu@?qJ1+(3|AncyG}^_VFJa`oxNH}yr1r%
z1CaI!;OBScly(Pdp}X!fO4}+VzBd=wEhs;i%5S1PK9rwJ9Nb9t43|<|shJVo8wANw
zRE&T2^%x(H?sareFC(xQ;NNgQ#jT~dTPW^kid#)_H&NUwid#u>xfFLJ#jT*Y9EwvY
zZaKwyC~g_WWm24*;+9fe2F1B3E{)=rP~2jQOQASMaZZYpLHO_@Y9}5z$9*#XL31F_
zb^Lw--6zsLUSfds1iE+7eLTO9qx;!(AItA0x}Qn+Gx$AJhXW=X?qRc_JXD8c7`ook
z4b9;o&Ee234nf!fi6Z~h2Y@(?b%M<#Wu|+IBXzkhDvn-Nb4yg5j^pE8&!a5CPc#VO
zN<g}cfDRQL0(>5D4A2Yc2Yemy6d<~enHv2RFPg&9`Tl%=HShkXc=9&-k>HXB`n^ui
zsMgPPCAbdr6u~j{uO7bEb<annN0+f_c%$S0*!!=U=x8&A3Gd6={o$zi*R*?T<EH^%
zh)VxsY5K1!|E(xGzZZ4?Usdmi;U)f?`{2X!UMub2QJ&y88eA)nIZm(dQRFAk)AV@#
zs;BE$Zr}7ME^p<ic}j!wcb!)HMspoEre)7o`ku*kEL8el%5@|U&k~gW>A8+9rGIv=
zW3JNoa_-TEMK&Rs%*JHjFm!)%5N2a?7nzO8N4qt%F<CK`zrNm#an0@N@9~1#5GDsP
zJ=tVfhV!&V<T-H7JW+UD?uat(k5y)MM48psERzzE$L&gvxKDO{7>;u@o_z86tM~o<
z&~Nv?BaX+=i;dPSrZu!jzGQXkHk518$dGXZdwYxUV`V7DnlyfHv~x7p%Cb(#9;@OP
z9t(<-eOO1WiOrN$2KIIt<wkyL1TovgJeLwo`NH^t?ZL_LN&<OTB5&$cdGCqLiycWR
z$CUT9Q7Q2LXwqyKcEc1YG-W+%WOZ30+k2fLZ8l|$!1-7tPM9LK;j9B*1E-Rux^d#L
zD9SzRFyhg^uqE>33&+pj_tv5J@!}$n?kiE)i67M@S24F$>ASc}VaLBJFYdH(@$5MY
z;|W1^2^2PD9D@=4y3&GvogcJH<3-53Ln@&%!ljY;P^kS!tAEY1oOza2EW@oLy(~KQ
zeox$KOWZD;bBE+Bo!%^G&;3f4oH<9$#%3SsnPgeAGW$Lc3mF5(!8RW0IdE<yG_>(P
zJB>27@xIAsnb(n#!kSaiUaVbD9iD!zwl>8KIJ{m#`4@{f<_WJCZ(e#*@rugg6Z3yL
z^Co4N{GM93K4>+c)>*4$-C)@e5AWan_om0?%WAGQlFOooZd>h&*Gj@0rTU?c9`_uH
z4~hQUhWxjV`ZrAYizof-&x(qFt=E6cJGP*I_2{T&GIo%~4l(~4#aW_@H1prg`UK`*
z$^5IBb2ZDq$oekEu})>kazQ81+xN!xh2}D`-&x`iyK~@pnC)dbihBkd)TpfNT2wkm
zao%i1oE5#!H4qXbLLQN&yOq8-RxOW+${}%xh$@|}IByB(am$syd21|2MCC-nrA_ij
zRaH92R73_2(V;lkhLIeNH^LCUTR|spQeH3X>y(|EU{)&eYNPr(!5NkHM!WhtuV-qM
zsbvw7-o6+#&a=D|IF0hitTxabNA%4A!RESs(?4e2;6~hXIie2W8?sV+`#Lk6Dv_05
zs~J7yHx?e(f3{0#`pJJTnu(!A*Xi2Tu3fDZi<JhY0TIt6I&T|t-a6{sFySnobgqX8
zeid(nGx>_g#k1BW$ELY`X>%8$noO%o0vji($$Ll_!EX3Mrc6Ukrz&WoI3KV3L-@RP
zul4gOx83_W>pi&%iYO@Sgf;dgtsk^8iD^tN5uWE_dQK<$1eFR*hLS6JfaUc(RzntP
z2#zYrdEhjBlB~puY3G`gW`r(EkDvAW+iX%4e(PL&bLi4CZ48WytnbR3%=&W+R0e|S
z7D<BV8^1iK-saHFq2l;eIZBM+xy9pQaq_r)?p%A)h|7}ZKA#yItxn)0IU@R#hWyu$
z`mdYtFPQYtPk(adeH#wl{+jagm9^O+*L}0RRZnItp2e6b$f=?9;|+&)c|!*#J(HeG
zSC(J;W!zfkk(Vu(Q{&PHXDvy8SH3Y$@yCt)vUu=PYA9n#)w}ZIxb&CM70KR)Lun7p
z%^SRw5=t(}Sfa8f{iR_jTkD3GiVsOKnVKRhiWl+*^%jkbdB^o|)ssK?o>vmyUM^?G
zp~le|;T)4$fsphIXiGtw-Ee64N&DOX?7A<_{cPT$Rac7dTfgirpEIuadqwb*-ReS*
zelk@~i_36QYcP9{$Vr8?&Xr1~hL`reTXpE(*S4m<VxJA`hsaG#lO!yY^Im&9WmFWB
z3yNR5HA|&i#W3zU2MoV}<Vw;z())*gll5|@Bs!CZoY#*!ubXf#m~_r}47Tz)3h(FB
z_Z7~Hm#yQrckDFZOfGa;rOg@HnKl)%Yt9`kea@QMH)U$F6Kmma*eBAC%~E1T9)2=y
zZoTU0&h46~jEPFj*M6NXIraI-?%?mK^C)rocnING0?+Z)Ul)X(zF76o56)F$h2(0W
zH3~-hg1>EtuYfHg_hedj8pCiNx+rC*ebelReG#4lVQ5Um1XglT9UmvZG5zYj4ACD`
zJ!+}8pQ*2x7@Mayjf_mAZg%p8@VE-ic=yHEUVZ83gTH<99dTv;WvG^2YMF5{@w8NY
z^BN3=iy5hE+*xsC2qwxLeV65|IJP=3Yqgaf|A&n1bD7%ck%#1wvDH?zCY*0%1e(pr
zaaOF9?Cd98i9BqM?YA1}Ol2oHGE=^hk!0%{iz&xIUViva5A|m1p-jmR#dqp3$!?}J
z{oNN{JO9#KgYQ4-7+g#04r4RIKDiuY;(|9TMpmGdFUqN%Iv2)RUY57d!<((w0p47^
ziq0`}tHGDb4{Um~!{sWcXf<kx;$d{F%{`&x>uJ(MXz5ip%@d-3?vURx>W`oB$NlzQ
z^!Xv`^ID_NC$&Dm_dn6+?z^MtHMbspUUJPopSX6Pb7YZyUKr8m7nyUqG8Ct`_N=If
zrs{XmId{nE7<I-^IOE=b*D+Y8^}T6dbUfxA>zOWSi#Mw!T@^xYl0}Pc&o^Ipmd*|v
z(__qhhnd1O)9E{(BwG<<jAYB;wk})uehk^ViXVTZY`LQPDmjw710N|{QKJZRv`P11
z7MrWe6qLSG*O%<%u&#R4J%bmWXYmHxvL5deN0NP}z@&21o-}fEPbn)Y)B8e7QA)~+
zs5_(>giOm%6<;argKDpkr0CX&QC;L1KZ~{HW$W#hccwMQ@0gZct30P!HV0=n#P5hL
zos(y|LtB1aJ%&v43+$tqcWjrf-oC`!veot;oZU2MhlDk!bcZ&vL~Ci7DfAB4C+f3j
zV$Yk2PmcH?iTe9n^)yLM`?V7Bc2{njv2p=BjP=SaX0iO*J2PU<#SJF(g$Jh<yaJXi
z^xjtDmNzECmI|K(@E&iMVpQ6HE=i7b_lsl7@%NMfV<oF^)0pszVlj1MP5Nqf>Ve@T
zm`0s!`whuMY`g3h+4f@TC@aaM8L9)hS>Oi#UuLt#dPjmHtx6W<Y#Dpp*~m>Byd|p+
zOt3(OK5o;`REp+mzEXr~3usDT9n%o2R-}1sX=C@S=n_rlp5z*d@HvdI5p8Z_Bbuei
zMiSIEyXZr}Arh(dGt6Dq!=#v%4g}O#c<IkG20rsVu7F<2s{vP_Qu#e|Cnb&wCX18>
zl1!$qX1A)m9v!k8>TDqB)W?M4j$tQj(vH=H+!~FE2W+~$+vnn)?Xy_AyT>cdrrAqc
z6vpuv1`a*D&dJ2>76V%me3?eZC<a0-s^==z^AvBn;=P@}I~Zg5MJHw|WBf9=W<)Ue
zT%)0g)H!k07^E?s4BvpD^6bDQE1AwpX0Vc(tYj7|kxT`84@26eb-n_Rw8B@gTv}3H
zp!f>1r2-n_F#}H}RjjJ^9{1c@FRc$22}^6X`EK1J%@3{<ZmRfXHDX;|MZz}UZP~Z3
z3l<8B4{x`o@nMWlrCc~@Eh~F(*Awp@jdyg#Ck(|WdOYp**)zNr%gEi*%x;*IGpVlY
zF%}gJrtBG#og(cNnK;sKFm8C4I%vx(Pt2DV77xA?v-X|C7uL3i)*Q>VS|pn!Npp{^
zKAd~ERZ5_;*0XjgMp{_5=9s6feXD(raw?>Ft?o9(Ym-uV>!es|QRh#No$GABN4oy)
z=R%?PR*g=a3Qd$+mFGl{=e-{cjrOICmRS4ljqBZ)WKLh2&6B0ak&2|lot^Kk8X7$n
z!Yxnwe3#TaRBY|r64(3Lt5Z9>I+II~JXP9iN~_b#NwHz1tH-8H8JRL=JEe3aRiGDE
zbx9KLIEmYQU46^C)>*;01y58R+d6Z>=hZCzr$YTkp4I!1MZt!oZOsf-m~>UDx=i#r
z<kk4IB3>c>k1So1VqZ;u)$Q#YTNBHUOR~FDE$8j)q=>h4pOUwq?)w|`d)8l^;bwsc
z@Q(DrgF|E1(ZDLxFb>xPqu60{IeNNWvAX=T%z~cN`VDknQ-LJWdiaPtJ|mN{XL>~~
z^i)r^o-JwQ(d|DWa`YL(v^tK^8Dx)`rEsQ@Pa{KZ)I?yB6vK|6*BgPGN1r#EJX*rN
zz{Vjgj(5l}Vr(Z);(g|eP}0b(xEGnrGWUWov23JWt&h1A^ae1uY|;hJaCEAvoSP+f
zg>@ry&+iGM9u-$u2}IaOXR!v^P=47qZf8zMPcTnh>3@q2qsg;>?sw`M(}jgi)qtWa
zy*#Nar79iA+V=UIVt33bF2`Cx3QZTziguf@FHr4_uc8UP+?B6ZeO7!lIp)P!Nm>(L
z$X#Pm5JeaD#AO?E#`pAts&bbjJs*mKW{v#x@(9vyk0kB(bj!Z{hVmVARAZ47){V8C
zfYma5TeEeYeOCM^dZKK1vSEm(#zV}Rh)F9y*D(vE9e1(x`!v$-OFwRqCOKe}SkEbk
zFQp#yFnK-Pe<=d%7v4M__HDCM2kbWp#NTZL%*@|yXvBRD$9;owrdDA8!sndl9gH(K
z;?d-^yhFLYae4VY-z+|4cvN~O3_^xZHg(fX7Ri4*m`RSJYZ~cMeX%m1x7)veFLTEA
zbWwktXM_NwKe8{jM>b=7y5(T3+81FVL0?qurJgVgh|T4HQH&z-TI)uWZ6B81FkSw)
z9GtFb@x5cfYi92qQ;9F+w_)#pN_?TSqG%hp!cw)Xw2=(^At>dVpp>Ua4zDc(J~Mq=
z(&O{WSJD8RvtxE?tiiistFUixLqL`7F#A4KkguX^LwT64qeRzvM-d4FIx~`}%7K0}
zQI$&nrB$oboh##C)hIKD{y3e>+PAm5|I#NpapA!~E{;6J+-F9DqbHw+6ypDySVJ=5
zwToQTI0mm8b1M&RxR2-^hgqJUZxp35v$bbb8H_UwugXa)j~(bTqDWP3O^;{JdFhs*
zGlA4q>1>0Wd^{z9z4u{d3l4+?=&%T0UTbie?492(S5NjDRH3b7F{2JE=clXmyvW?o
z_KcDqP|;r&i@@hOMCRt+i7<16DVv)_(54;*o+gZoc8n6On*(ZDaPpvQBQ`}(v%s^F
zOpNkMVZFn)jGRzd)yOf%wvW)qL-3&r9njT={{{2755%01cUi~nUUxRm`lTISeo&M%
zY^|$ptyQ+xFWOqal<<}O&n>?l9iMJ#-EZ^tSrm7GxiuS|&gtPu;R$(_P2O&k_u1qx
z+T_Iv=_s<_d3*dyi!^`7G!$?ptL;$TdufL^S02QPO-~PVi6dcUg)fKD!5){SX6_ks
z>a!3I>&!wu%M-l<W5U>^k$@r?7o^MVF?6^GCG~?n+#RECrKvUr47oF-9#6s(1@S(1
zLOJzUo)vLxvt_0FgjYZ1h)pD{)IEiA_<s&%PzizzbMLyowli#BI#Z3csa0}#`-HVQ
zG8BKvQ2aQ1n`v2p)VBU%vFK?bFP2G<^i;btE18g(mD%%4qbaUfwU*mH(0AEPdYqPk
ze*@OIldwL~(_f6ulf2{D|9B!J)f*!yF&5fB!^T;1F&mFjd{*X8VNK66_hQ!c9COFB
zrhW$7qv>y%o3W<d%<WA7BE(S?WjWyqCElBPf}Q#+IG{0Ov8EGwk`fc+@mR~U<MRb!
zEz_czwAu@oec@MJ7iDH^RV=>D6KDhc;aahao^0E$Y)d)bG@+NtyXeWWtu^9&vJdDl
zdYraSzSK3BU19SW`8XMh^koon;NJ{n%$>%X`k33rnvS#N8`SgqY;ze)mi2Hslk!;M
zBcRZYNjM%99tfH%Sz`@l#|M68pad;>)+5>R)u%qQ%S7`^YiD+R@Z^<NQ`{<RE8-rH
zh`Y(U3vu6wh`TxAQg-}-2hBxqw4qj(P%LkW^K6lQn~PCxuI&lLo%*Rp9goYiffS97
z&Bd+~*5q+*XH7Y-9@ey+NvW*#1=j#;%C7v54YJfbQI+ZKJEZhIvT8N!`%1=QRf=4h
zaA{y&sCci-8|iu3dwjENp_)PqecVbhdIZKj&h}#?C)Z&(n=w^s<4AGeu<}{OEw4PQ
zjA3K8P#G7!1s4=4Z*<(Els*bQiZKDd6CZ=9fe(>rrKH)}@Ej;-9JF=GR9f;t^1T@;
z#?A2({RRgYylOO5zxn8czCIvaJ=MAzWydwoLi*}ThsCMu4Y;9;5<n9ge8yNLSFH~3
zT3*!ob+O+ZeXkxprkJ8ZoyOg;Ma_Lg;b%R_O3a52icx7V9^cT*Mz*uSb&`(-l9iEt
zN&si=Q?PnCk*qHz4*bd&sPP4AmCOndrc~#!<2@Pf^b&Ub2rk<hc0#Bhzod8{P`qDN
zykAqi4=UcHinmwsJ_N^{QbM1>QUZ>lK)jMU$FtJ9wjjRRQA|4QMy}y}#lFBNe1V<5
zz%F0Fuf(=1-q*bNf3}$QpV7%+u^p_$6=vvDdP3#H*mJn3Hi!kpDE<!9b4lRuMZL}J
z_+~w?rE((d4nbcGFBM8>pIajvb2RqFhnLWSe6RQfJ0)fm!u8u{S(|eBl43EAq?29=
zoM3KyWtUy*(sA3PapQ0(9B*9z;naW^VJjQ}ir21qr(v(iI~R?`UZ2b=ijDqv+f{Vq
zqG__pjKwsf^Fdvi>RvEoy?9nU&k`?Nd!NI>jN@NjwTAX>+!|>Z7vi_kCdDhc7WNG3
za_n-Gv&-cUJI^RasTP#u7hPIe91{vlJwGHAwT}yb51by7t;r_W9t*8Iyx#71Nn0Ih
zv~Rq5{oGmIF@j1(kwpu*Boj)rKPbYMq4Ph$%$F?}jM?kxr<q$=?}&4T$J5$j+z3k^
znvQMig)@fdW4!l$8HUaFuEe9-USGPD=(8<(XqvkscVQxqZ7JA$O36{OG`GTKvTv@6
z8~FE93EuwMD)pIj?9)k+blbUFvEjcDO~d6d`UVN8F>{XYpwOQ#GRERrk+JliiEzVN
zAe{v=n0sl@q_LES`yjBC1>D||)rvdL+~4~A-Y5F!5BU>E{qrXL36uW0Wbkcxsq9yB
zm><|9grN1RE7SBt>G!!_IxoKJe|0bQzZg>TQ{hF=UyLVJ>Z|F%#FDN(OT1#y!@|?c
zwkd<Ib6K5ggI)fmEZv{C*Q113d_qQc?kzVdeOlVM=yK=zR}PlOuDaRR_myo-E8_m~
zC@K7LG^7+WUqasCD&UY}yYGRi{mk$K$oA_^I6H4i%1rnF_-1ULFUc0Wn=DJ$+?1I<
znC@Sdh3#S$SNdxYRBwZ6Sv;7On(n`q@~#{_HyT<s{-f`T!?hTTp|Mo&Sd6<u=hL`2
zP;LJUY~o@|;d1X$cZD&gVH~Jjx!hCQ-GO-|mTX|xYidn9MBvIBbophy>6QHzE`QbF
zHqcH5;X%J_-%2{=*UQA=A^}|bv9>!M$s{?uGZ)0&B22}oGX3z0>)M<;zxSLHx-A<>
zaFRVqS?SLphAdI&35cYWrP(V7wJ3u}{WDDrQpyv~u~0@z8p<!h12mzroU1t0y#msz
zvZ%|<yD*3B@JbPfU^OzQCjFd8N_>I~6sdJridO1ie@04}NyD+!&Gv;B{O?Y(@IJo|
z*+)<I56|b<<HO`lCRv!vuYJRG5Nh<~=PNH4XsqsqoI*H%9gKb2D-M4`Si)xF2?PxA
zF42BFEN(nhMS&{+?XQ)|@8#`X`7W$z9Ql&v_tFR1qf+tU`qN_fPYrc>MyYx&?_JO0
z&{9Tx`B%X^n5qmeF4H?(?LubJ=F#-m#=PAxV_aKOmpG<Lg&STYg)DvP_SanMV1Rp;
z`ey`UAR7{6$N>u}@o~HdhQBAc1}BHs>ZUOUeBzL2GLTW_cF)0ypyS&-E41On-04+r
ziu%;575|})CBzjED$Z%1n>*RiT96RJglb8}_x|Rt&?R?V{26AeQ`jTX6@6f7V%Jiv
zD<RSuiaR}=v2rq#x5&0cNf?GAbALNAn9k+k;#jcz5wv$K2A^mgIc-0|`vVJ$(NmwU
zd?<r@B?bCK@0D5Tm7*N<%Jgmz?~`SEpCI70RpO9Ze4O6q^zuYsDxH3^qZw)&s=?Pp
z`;r@PEn=9X<Ku#s#ftmetZxj41y*NpG3Ax(Bl-b6kX9ZK#R>zj|E*g~l)jn9nAYU=
zB95>S8lQV<wc8zZ53;@=0+S_-1Z7WHsqA7?*%;E1Gih%GvZu9mJc)2-N43>{BeivS
zIkgpoQkB191mfc~;U__vUXL-lRKQ~<I_-(RX_(yAHeVJKs}m;NOBJ_!<)9&HJH+C_
zHM0#DnGzq5L&9(6_x@hd%aw}Zr(nnEF*Eop$gahOgp#g3Ejq6UE)T2E+r`Jby=ikr
zSV6A*#EDpUq2gYu($O=7hi1@VwJ^H(afzB-K+{ExPIym{xgQRX>k1_1`HNp#X_abV
z@eMEL^*%G4!ms^&?j1dOeE0?}ejzI8D@w-yXYkw%(fG{p0+OYo`8<rrX83h3T`_l}
z`}jRQ)=T#|3WNLSae^BEahi?7be4_M?AjH}Ys7O_@T+=jazellqc_L6#){7QL(are
z=e!AL!lZMqV{n(cUxYnGNmLo6Z5JCh6+J6W_A}N9{l30?^?9ypHMv2_z|xe4UP*6I
zOA6cNoY#DfZhj)#unTB!a9q4&%eLnxp8s8y0=yEfKQz2mYt)EvMcRtImuX4iiZD#n
zrw$F5zrHTf_8*`7;I=o=kWr%jV>PDws>Te1)7Nf`zHjI>>@v5kNamxsY-Aq`$h7Fd
znOjzJgq7Sk<(g%JUC&sO{EHCGzgW-cVVtb{S+hkF)4o_?RB&P0@(a-V%WP?}4#j;P
zwqi?XXJlh(qjn{8U#CbNrlY{7MGw{Aj$LZ9w~{6T*GF2^)HfzSiaaE%7{fzE?`|lA
z2dm><0X03mI~+cH7|yv^H~o~pGwgVHp9Y3McG<imhH~PXPC8+f91};q7n#)F(<RL{
zBBdkPTQQ0#?#G$?WZGQK+GXy?Rf;CZVxW9Yif<I7efC7@Wv&rT2GYc)ncn{QxsueY
zm?-^#xmV~!Gk2~L3@;O-tzBbH4Ud?fUB}lG&_m%~j~Hi6q$V0_D9l6ZrSN_>{B^&n
zp2laRXD=S*J&<~J55W2jXe+G8ufTsqD=haT_e{(P^HAfn!9<NW7d77K)WU$8D4ZF#
zl!$x%@2@TCH1ieAGVqwVMwG8Gv5xL@qlC@GGbv&ndvc^m!EnQj!z%k{IQ4O*xSiO2
zQ~S4D#ycBE;0ZyVs_i)1$lu%0Wj*j*uA?C>W!iyn<~o+(X~qLD=Q?H{cs=*%UUu^D
zhm-Lb_zB?S&)A<}sAmDHiH;-vj7VqN3Da8Z<iR4+&t5mnDD(!HoDyOIr`PSQZ2t|l
zjWOv+FVi`PCqT&u1N^#XQdcoFzD(!s@a_jIozKMc040=D8tI`qPJJ9e8v6d}_bx26
zc{bVBGC46~?OxHnNLY3AO3RD!p_ERQA?9ZVPT6|4zYxzxewlHlceavw9n0hjLZ2>K
zY&)J8$h=O8H7f~x8oRW;=fKd&FNaDypt{kj(vHcd>s%Jrl#H9Eq=}~MyGaQ~KQIu{
zCR&zFsyggS=(iT;PQJuKmtGEC+GLY&v3YXj$`jLnwotUE2tVqN$Fc7VH-{Y%4@^#T
zSsryjrzQ2kMS5N79FL+kk9eFk8MvOSyX()D${E>)*ewyul#|cqI(%uFTNU^9s}v=0
zy*wUzGy5fI#>%5slK@>0tSZ0opazbOqmQ1^&W%5#o*Rdc%Fg3QV02LWvt%madav4-
zSDh=w9Qw*H&5o6dZcN%<mf~a1vcgdAQ`$P>m40GfH!)Vlq@D0azt5AVHBFQ24zJyM
zY}Xd~u6bg2rts)o(e4uP)OS)4>!5N$=vpkuRh>SYrK~KWexAsNWVx(8am94^qr1Pf
z1sD(7XJtP+H#upyZ<?^ph0mbFk6iB%eczMI%G%xiY4gSp+DBfOY~7-eHt%Nl&vrYu
zd7rm1tB}!9ZMW>&l~A9^k;?6rqnGX2#>X&`+kIAH+r8D(wR9EP)}yJ9&W%YboRyt9
z4P*|#as^n%lwN$59F5by$8EmyZ*!aE9%qwdHdu^q=_z@kw;R>rB*|=PZs_J?F3U=>
z8@*%XIKLX(*lvBln4Y!Cv!usJi^z8oE1+@5Vn${k`27n~<-i9?zrYc>xffE7MIT=a
z+XQ6U7`S^@ztB584VA;aVX6|FQEu02RaQp2fO+-rjc0pI2l|cql5mz<wEUw6c6RbR
zINa^B)H@cH#&Y3ZpynA<BJz+}a2|;2%%UChxJqBd7@OG_^gWFtuZ3k@x4vJrdo8ZN
zOu}XY9DsuIPmL_|PPHxs$mqXfL{O%EEb9jYLpU#@oN&=ftN#uCOa{yPN3C4b-}m%;
zv;I-Z`hglTG;SXacnJIP##J|C3rNf7UasQTBY;1U&3<BaInH1cW=wg+irkN#Gb%ue
zw$@X|r?Hxxp3}-tti>sLv@#B1u#L|etzHUeUVkUb^*wEr%ldlyLM3a#K!G>wIy{`P
zo+S_Uy%NgQbOgANk@<rmsEQH+<BU`<D}4or%(A|x;(gRHFFmtVRI;9DXSKs{JRdTq
zXHvfJhx4tWe8cRlM~yP_t#QpB=yEL@7*gX|(}IDcd4HiaU7xo|X}Yd>QJyy3fik`b
zugHj58Be}4x+NUSsl$pN{WbrLgJszUhOpql!FL^3LT`2PCzLF57=R6~Pq3zWu4dMh
zXeT$@;dJbsEW)0alJzh<tDQ_4Q&{FgZ`Q*~Rxd0MwH$Jznw9achgs8n<tMh{!|c>|
z>EVgPEOS2e_zNd12c}^LaV6I~T3uK%CW~r8c~Xw@<JzCV&O`bQc@}*qApMrHE~h>r
zCtgW6=9E*1?SC!gSynFd6v#N(r?ub~dYp}91KV!%S&J~)G#^8$<bB^yY_8ABIaY7%
z!2=W8CRgb}_7hPN-%^?uGe-y8QIhvrPrB8+aNB{`@zxU@om6&gL!o8XODz7t57!pN
z$%V3a$2OLAk~O8UtW&Hh4aphS3rakmgi$xnc5DL@kL?_Gf7-Q8Gb%AK(9g0Sf7G#9
zC6hI!_IkZpk1JUNT13|4tjSe`8<p)pu>s9Z*4C7GkfS_)#Y~UWwu{Akzkvr?!Za?n
zma+JJ?9-Xz+}5>M#W9;ljnf;01~99v#5<vUO)bc_#bw9K@*CuQC;Goj^oIuMB`7pp
zn&e)eH!GxMeOHUf3bCei5;s*4yx{iTveSA5yKf7(u~VPXHn_l@yFDvx*jMwOykcU{
z;J|5?HI!Jbi3MwN68<42Yf#5O#F{cVe$F2if0`8zAm9&78t9eO>7E;DQ_XworzZSo
z5>Mkv)n^lZ+Gad!VrRhrXO%2%-w27UX(<EQU2>YO5Bvq&Pkoozo}zN#JFLk~{lf*F
zWjzNQ#TDPpx4-NdZs@lPJGCG5T{REDWpCeMmp32w6dfxoly~3nEEc_~mAez{`FK&+
zH`AY^+uM8Iqq~>WU#BUJ@Tn6Ua7NfW>R$8h@r{<t(+u5g>^B#s39dli_OuhUvyvxy
z*b{hU>-CjY4;4G|M13C~k8Vj`ekvG`ZYkrlm6RMdYE`Ol$xCLBykUC0q;k^cimf_b
z9FG$_$!J|j5Z)0lR=<$U#=xnx>Y1!RlrchV!2>fRIj&edcX?XPN6e7KvzRw~VqT2t
z-IR`ZjA8bqcB%HwsRKpu;?Is|RzzEI&SyD2Rn!>2-^rg8uuK0mOqIDeI(41!qebK^
zdTY+xnTq@2l^Fe1@o9f27G(-9=hy@$)zwwYFBlKan&-)Lcqxg?k}>|{U;KOyEOOSj
zi@#xO1-WVN_j<o1rFsM3klyfmANc<3<v#b{_WZTC&w^bwn1LZ1e?ADuZ6AacTk>T*
z5J;scuarQgsQmY9lBm>Yr34hhav`dW6k{|2^SnrgAvF!>!lGG%{*T^^pqIF97(7dd
zj9x0Wt+DGnC+V+sWjaDTL#{!23l{V^O7>F2;H)ipcycffr<wVQIPBcQ^XH8n3_HB?
zUV}8i_&V@Q8PAW&?Q%}OhsDVX|G%96&%!gpJq|q3crDM))%2m`260^OCG0{^@E6Tt
ztFL<rEqs1cW2;UcL)T08UA3WEOR5Glus;H?<C`@L4$_e)G5nNVr5ENIj8fr3VQ9l^
zvr>O_n)DO|D}>^X^mnCLa10aPyIpQa)obV0g=WEpOszgRrzv)a6+T_^O`*}3#nRcX
z!K&A`DQqxKEnhigcfETF^ADcpoQoITec%I<3qRycJ7_!b>m9L?#j6H?yuv8_!DMBN
zRf-vp;q~L$d2*vaThC^(<ng?hU?_^P@!!tONU3@$-G;Rpj9YpZ6t5!SSFSH2o(;X)
zTNbfi_q>cl;&@PIofk%f>G7yahpl+EayE|KSgC5e<O%r$pRrOIn4t7j2G^CAPUmIy
zRpS^#S^Wm1xEu6gL`J+%@aktNxiS6H?Ss31CI|hqN1Y3eK1u9NrD1^C_aT@c`RV?2
zoQh0;@{Wxg%B6~xdsiMxduTpXmTisgl5)7(DeYQJ$0PA3E4)N%U<XoScEnur9ix<#
z!}4M|*AedTQRt0U(8mWFc8MOsc?1?Sn4X`JnqIENJX=4vP)QzJ`7Rf+ISubN9{(iH
z+$D><Pm4vL5M1SWL>rHAD$Y50XPnBZbbn8E!@Kg55cAtze#MEc1m?F@X3le!S36_V
zo(`YY9EGkb7tS9ah}BmF=}#s)=Hkqjh<#}l+qhWC_&bGS^A5Snv5|+J5~bX+Lvp<)
zuWi?@7T56sZ{FTjx2$|A@5z<#CTms;Wd2>(ODdkcy{_Zf=h=(HYJ;x58OzjI*WR~T
zI(8NL{=h>GuX%^x#v)E!Bd%R>xHLv_CVLhiOS2|a9WOp~>qd-g$slTUx+a{C>s<MH
zdoxlbdf#2fPCNvhRG7rDU9kR}mk2SO@i@Xpa=e7yfU)2LF4~cY4tWj3VfL+?h;Tlf
z#>Eess7L{d;EB{*s-25`@s3i%pTy4uqQgkv6YuaWYAmsd9Lpxpu`Vkk3rC$c3{^vF
zGh-o%m?*CG(5W^q2E$Su_G6jf1c!X^lPbrTVny%m8_vzq_Mf}IhdKQCZ&xwp_?5J8
zirwGkZ>nQ`F0oG(oPyB(Ed95i;o)!d@Za<Bw|Mwz9)604zsbY=U5hYVsq9G}|2PkS
zgNOf?hriClkMZzd^Y9})+|R?ud6>Uv(f%+G_wx9!@$gr8_{%)}01tnOhmY|vf5~F^
z5gz_OJpPM3+{444=i$%s@I5@-&BJ%|@L?W4#KWCD{1-fYkcU6b!=K{eeLQ>@4|niz
zI}ZnWcrOpP@NhE^2Y7f74>$5~0}t2pa2*fV@NhK`@8aQ|JiLR4xAX8e9=@H2xAJf$
z4{zq-3LY-!;W8fH$it;Pd>aqn%EQGxyq<^G@i2d>Vz-xv^LhL&JbW_`ujb*Kcz7ib
z=kf53JiLO3vw2wIVGj>4<KavmcJpus52y2R8V@hw;Zz<@;bA8a%RIb@hZpj25)WU`
z!wYzLJ`d01;RGIb@Nhg2&*9<OJS_3>EFPZ0!_#@#&cikyj^SZd<^>9epWlne1T_m_
z1N=RP?Kc4{0O`2@GhEGsD{$DQfHw;P^8vrb{VxIU0Nw<=2KZONzX1Lju-_sGFXH+f
z;90=808awG0r+dcUje=XI0pD4;2yvsz^4HnfEGX_pa!r5uoX}axDBula0_51ARCYg
zNCP+lNq~8PIRNU%8Mwv(=-rp}UZ-~f{}=FYfS&?h1-uM63!wbutr!IS1K{rfrvQHg
zI01MF@F3tm0KKQ{vw+V4s9c+NZNhaozz?_sum!LQa07t6q;mnZ>9!NHb~|7L!Ucde
zfLy?G0Bx_*D%vcE({OJA{0?P)1)vxD(z|<K2aE$K?~ibO3Gj~qOaa1o0gnM52OI}{
z4e%wv{{egsa2Rk9a2H@NU=N@UPyr|ftOw)+ZUQU=eltCP4*!`Sf0lti%fSB+GC(?!
z^rTKJ>0Hgm_B<!!CWO<S)-|HOqzLaQbEAQdbqLaF{yejO4q86f?zzy8*Z4?6X!Vf`
zDe>@sU~MH%|IyKf5fL-qJSv4oj$FXwn<*}Ot8>zbT49>|dmnPXLdQQ$`)LsfQNyB$
z2-Fa3)Zie$c({t^on-TvPl~8(hD2t;w*VCJekLAM$)R;I(c>75<L&+U`AmCI<9rWF
zMfeV$ceBSu5Rdhq@m7tCN<KDa-SI#0U0A{2do*3yBwSb=pOMPM8F?1G8wd^tGq;|`
zVkydN<QVJ}{WlEx7mfNCPWY22{YlK9p!gl*nhO*p@Z-Kdr=v_cd`{cji3Lwo5~WzY
z?i}yONjyDY%0UMj&%!58CQ9vy(3irAUc3#N`R6kKJm!yQ{<zgA^rXw;$Z0*ihIX59
z;&Qb^#eY`BiL2O5nzkWfs~u^*mRTb|8032?*cx-0J9c#fc%$XSI@>#4amFWQV>!=`
zFU{=_(>$Dqjv~^uyggo}FH}S>BCpfobH;B=#i{V6TYUa_RVKJxD&h=09?FxLb1vRG
ziP$)&Cixc?#X0ZdF%!;#YIykkal<npNpB8_-T!h0-W_S4&p+4ak1L{A41)#S!-=!3
z{&^rW>8F*ae&Kb-C8k<^&V+q`tvDU*W&W;+GSEbnZN>xelFjR!r#R;_r^cXBXWTH*
zErifY3uy_xP+dYh@fsG<dBc!%5nL}5&g4mF($T(7{xY!$-zmu(PE$FQaXhyXf+NoB
z^|8!=%J1H4*Fr?m3clR6P>Fqk9vAWYup_PaSI<y5M>lLl^)3bZ(K|TAfR4(yuzaD^
zlC=B>x|d=h-Z9{f@hKJ|H^Ekacu9Riiq~Sn8^h}hvwWi#pRIgr&SFjqYE`Qowqrex
zGxISaJhn#H@9_BYr6Wo1H<d3(Nj2#v)3cW8`Im8Secbkz)v3#^OS+(hlCpE36^CyZ
zlDr$FjAe=_;PnI-QbVg)8ltxds|q)iZ;)L1Dlg7V=9OPap(Cr$(rdTZSc=QnF6&g&
z@+2GtmXPX=7jC5tMYjs8ZqZ9JywXd8vqs{TE~QHGmhCkb!)qhqShs|eQ%XD(VA`_<
zMK|N|HqeKxYdlMrN9FS(pJi3y`Ze=#l3N0D+~QCb8~Q!oLIU?3d5E)c7*eS0`dwZ=
zOYz`6`V7yJd95zZk<@$C-~--Cl6u1QrHk4VRAl+UX_q(<R8mYy#rdrE1Vqi1kJnAA
zC1`U1*=tTnF?w5jjv`;`!)kjYeAgHXbf^Jm5OCpp+H_UVGCV_~!{hn?tDgBZo&6$t
zJqvlg6%TJ%x80(|Saa_WBwc))DWWxL%eI}&W=%WhUnA)PdS=pSYu>^iJm;0H498Es
z$KHNjnT<z3?$`636+duzZ?GuGJ@8)9>H_K}Q!0WRR4@>*ld~}U;D0x9c@{)ch(2$%
zlKVCBwn>b~wK;vB?7mfsWb+j)Oe&OKUVq~M!s}VRQ>hN0b9|9r?V(mD#o**@gXDch
z3|jB^R2;dmF1{RZZd>QI&RG9oM)fPA&wk9?7g|4Wktf@jFO%=i6ZLn(kXB5_@K4H4
zOL^LbHz!oH<G+V1?~$||Q3>oa&&f1F@iPLCPdmz<Kl8aq>u)?gY6;GIvelDwV0!0W
zaiP27Kh<`6))P;7a<C7#D!20sacl3553=v=w;U9!hktj+md|Hr&J4`}2f}9pOk<AR
zzw~@_V?G<jG3M)fPghxe-}{}b7jN#HCf&KM!rM2G^rfV>9Vf$B%)?0xy9%t};irAG
z4W>_?+%lXhxMG)j^YYhce+EbJV>6cdL}5d$=SnA=gOk>uxNO5?OAN34Up&ivX39Xp
zvV=;n#ke)+k?de`KA#Sd%fh=o>?!Q+$CH@uhci<0^3$@V^jL`LBp%2|HoD^3lE{aX
z5pB|~XGICe4Zfj2&AO2Mn1^v*7rQ+Jb>=-HI|&k{zKn;rqV|HqhvRxqBMTG1JkljK
zLH?wsB0(rQYkp3uvU<h@9XxYp{9=ccT!^Cjo<Cl>Y71k+7C*-{a1^spejI$a&U8Gu
zo4g*6<luDz{1Ic76XW75K4F;70jr16uj}>k4xEpDliA6Irv5{%=U69>p5aX2T@#Yw
zqwPjf*hJdtB>kPWPnh3%M$h43)50d5rOfV9r>>*%ke7j{vI|cH-l<DVWq-Wh(t}cR
z(GGfeB-Yq=Q8~_c>1_FMxAG2F1{1=_PRCM{X$vTM_iasRw72ihHM5QMaq)p_lBDmy
zev@9K-ivooKOI9a^1h|c>W~uLaA{-Tj*@<f$L{Fq6u#Hjr*0LdQNru!+m9;45Bx{+
zxHgi<KOP+o81K8pqv)c+Ea)oq8L7{Z`I+?aJJlk_rl}Z8h44kEE?4q|!?NcWMd+`M
z=tP{-s+^erHM~y=?`g#Tn$CzG$K*e4S~JJQtIE-N{Jf(RQ(QjYv-QI@hS*_pD42oP
zSBuBIr`FzDr0(jhRcJHfRL-g!u^oYD?Y24~kl0ZO)hjbfM9d$BGfBW5Rrze)Oub&r
zNXf<d|B%BRn$_k?_Byz_R;u#<b+OtC-iCkWZTOBW|7}G-M2^#2`T<S6m1g3fF8{n-
z9~<xB{V_9(%d7J5SfS!jhl45`crnFnobbZiOVl(xHSm|hg)B{9zp}|f-=VNk4g-JX
zX`9xK)!I;*Q<aaGkwy07rOD1oZLEZ!pBRUw>(qrmGnTAG{tX*DCP$nXK+jyQaU$#-
z^<4vuJ(63Uq?243oHH~gdXtL}wBeY7vb`AZ$|kX`;{-u!OAec8m*_PzM`umCo&Pa8
zksmjjA3qw{H4*UFXGLh%us95Kp?jf~2Jjk8O^s}omS9Ac+-=@p+A#++DU{M?DMjDo
zx??A^#Ia2_W{GF(EYiXMN87o8M^&Bce=;ONakvGH7osLRkj%h@%WxZzC>bzBZjzue
z-bs*)idxXN+M_L?rZ?;<cxkO@Nu=6~#e!Bnmf8?BZ9U*6_E`0Rt*LFTMNds_>jmon
z{q5P`%p#7SbDrn?zb7l}op*ohTi3nz+H0@9_U%8-@7w;<mxxUA)W`VkKUhV)<p{MM
zts>4G*R`4F;+gZHZ|{6qS*6!UY#!!q`Nrt-hrQx>drXVPrVV8<oqzfS)&Ee+J^uW(
z3Hm*BgBH==^Tn1UwHnS=N){D+#nGFKyN{l+KGQndkI7VEEN@S5@wj6wyQ;v#3qoF7
zaE*zT?Q74zC=$&p4j-L1f}SQ1XWXc((BL#x!>vg)X!crSSf)F>=-2LR8K>o5?FsML
z`xkrOaj_aLJgcjj)1DWrsjInncu}-09XeW8S2I^<f&%^WU!zyVzO9OSAX*l?D0+SD
z3(-NbXQB&ZKYQs)UFgaeZAiohD}P?w_|X%m4US&1XFYEqSH(`!@VoA=Y$B2;T5|Sy
zT3dBe-Obg5y|TQH{Ltp`<^yHch9eQR;ZSH#N$0jl5`)Up-%?vx7QN!$q9eSrpd{+b
zHe76b14i>~je53hcJ86%dycD{kk}H=++HTq`w3{(&E@xWUfxm_=~DlzbHpD{%J;{U
z>2u~IyNmW|2kHHdR4RF1b6zIx@l?9__J;T9!!hBW{p|C)aC3Zic66XUO!~#*+Ier#
z=7;s(W<gk|)cD{Lq1FnjN4s}~_pCQGZAdS?riS}>S@({Z{p{?a_9nDm+nk~2z$f#H
zVe8z`zfY*sv+8t^X#8Yt<dB?Dqj~Lz!nLP`>SoOJc$x5|u)gnAX2q=0essQnQ*>|T
zJp)RLyvrZy-S+j?o;=rdS6S$*A2mHgHx9`%-SC{crY;hlKhyisw4$T{3xeWxHPa_)
zJUfVcFYU9OrlVno+S$lQycI30Jmu9$dpgN=Wy$#5iPPfI2}-Hgc_=m^I$yg{%+DlN
z<KkZ32JmbEQ21|o(Fu(`e~r$Mov$ib<!l%2eJ3b}Sc#UEsr+?W-K^bvHT1fn_6G`&
z9iA)T-xv7b!PoJ7@}lSSCSHryIUP*RTYb59gwqO`%x%G;aAW)O=+He07Uq=NswF3O
zeTXeGxOS1AaCxy++8bg~Q;j})aMpNCX>SG%I5M{04DV@of9+csE%Caw@@Y<wv%m1D
z(7qG>J|t3>skl;ok8e<amF%kVi614J^AnNM%6kgD&OFjIR7=ETWleWQ&eRk6B5zl)
z0nMTC?cwv1HFd+1{i0g!6r4pFo6&*V!ENMMC)fh3ilUR=4C{6)qo4}NU~fx>8q59L
zya#4i-aX2z+WPCB>@p4Za2Qr6-E=n_>~=UvZ(wJ3$T}3(CMDPH@!q>mTh;_Cznn6R
zp0C0?KYISXUbyv#A2PBS+<3+rRHY^eHv7N*S}OD(s^+B!-}$HKDDG_W9ts~!WYVuw
z^72Qb8@{0}6SY>&|E}Zwvc~@!@a}cBqcvZkt;c&b4Aj=+EGpWvLAPRB4Y43R{<Isa
z^HW=HoO{O1Q8#F5$^Gjy7UNrWg$i!}O4i7_W4M+V<uaNjT5I@7^ybak`^)Ht(rNiA
zKhpFXNyV$%-E0uY7V%^{v*?B|wuBoWsHS8l9#%57KM(0(&k0&_M@O74BCRc)x@mx8
ztggiSRY8(WFzD?m>eI|x_2S59m(KNjq@OJ>I!1@Jn}<I>KFa%*zI*!VvwOn5+rHo{
zbW{`_m8kkuU@I{^C57Ri{;boId$+Aqa-J`!^CKKNWO;Aj2>DRz7cV|l@uU=wG&)NX
z&+Go~fCiNZ)?`YsciZP{{jNm^6a5ZE8Y*wdo-aB`u^iKTdCN!Yr0WN&T;~Gt#hz0V
zRik#^pb_Gx&B4AB2il!@9@pfXhMeAUo);{0*B1=k<I$4nnnZiy)J=R0G0}e0RINi>
zso__wELHVb<*mbcGiia|b<I>66|3s<!Us0DxV%o9NPcS8fmYRfBz&+ZTGCV`6FMKm
zd4Bsom<YPE1Bx@4!}Bhms`Wl4oYH9}4tbX+Tl3YoeV<{C@9UWS=Ni8~Bpq{cc!*!q
z;jU^eV}2|hR0&87TNIi&bo}@UQ@wEER5zb1Y9|Jn+Esb$FkY)#5MSIUPr6wjK%Pcr
z_{9Ex<Y_=UPud$hovB?;rg}Z;sDB=yO`kG*vwD|L-qWB27tYkx<0HA7QXAweJzi5r
z4-S?U#jY_WSNw9XYL}Cz`XEp3ZW~#iK6O4kl0u!8Id!hv;O!ZFDC|W_DUN<yD<3?<
z+oGL~xGt*y%4}dG6-IT(cx{)Kj$8Y8&zW`DqBY?y`^M?Goh$u`V==dW{j7)3i@8;I
zC*!*Di3bORUM-%ikM+~|QI{f>TJN^!s|S}^uU{R>lx+45JhS-G5q|o4@*h+ZUr~W=
z)d1%=nv`0i_Lq6bgYWh7p2wTodoUBt1;O@)=_1@8)?I+!^qha&VfPq)r?1@ki}zM*
zt}VaQyX*D*Hzw)>G2M*w8#}W@q=?g3^8HxeS@Zi4eJ}VZ72H2sj`mL2r-A=+Z>Z&O
zPq(Vwe+^B0BuhV}59aRaP$}yF3kR}om8rt~(1s09y_L*MTwd9Ed33ba-)3hL4*UKM
z-%u{?EcLd8y!lOD<ebBHto}tU-~Q8q%zc8YQ4?iNT573<hW`C+v1UukGsm^AEKd{M
zwYuLLn11q;exlQ-yl4KZRJ(j=d1I!?8&B10PrLEbu9WGyqsmhz$AoA{l{Xamg%;dS
zdfR@^*ebQ<;_MAotG~pzP_@Rr%qQ2+AuaEn`9$fW|Hvlc;RQ|6hz48{ZS-#YLPR4P
zM(Rs9^SsKtQmHMgHIB}_;-0<BP<kWYIL&ocR*#BB65AflWJ`5Xm|m0msNWay+tSzP
zwKKJ!Eg#trW!kQpua!D2Q+JFk{&e<3(bSt(S9;C;)5SD3Jkp8$yWXl6XPQnicZ5RM
z9cuk&o^Ava{cewJojPemM&B*pZhd?AZ+hvZeeL+vkg2y0`(y8rj9&M)`wHKZt;E*!
z!DIf|J6zKq{d=-~fVb_wuK&t=F&;f(-wv-m7-+>#(B?cv#hX5zYS&#^Ix+t2#m_2I
zMSpK7tSCB-2aXjj$5pI9S<8F9c-z7CPOJ~MKC71x+YW3xjQe*Pa)_^}oV99Mq@J(w
zuW|pUC^bgF>ByFA%ZF1#etg4Qhv$XZIA(Wf`TB6-XG5*5UDma$Epks{)e!AmV@*;I
z#Tv9N--ITw?x1!|u}hNZo=c;_a#ziL6<r#uS8SQ@p;!JeTPEGxR@83Mjm3<9(>zty
zA6rfh_TbR7ic_l+yW(}bN=L3${Hmk$4jhT0#oC0Ta#(Shb%5R5I&1$`D&0EAZ_d+7
z)@I%RMC;k2Bil>rAp1V+7N#iv+L(#<KC#m3Em7WT3SZPQ?fLp#Hh$edjb|qq)`~kR
zcsthIGIaPQuX<b7YL#zSEEHXxe7m%~<5D&s(X#Pqd_iH;F75o`bq0fjm2W3son8@Z
zj>gk32_4%KZ+kaBzaZ6i{M<7V&m61SzQT}hpySboqY^XTnL4Q@`JDDTNyl0D+?aQw
z@w$fWnT6iy532`fR5+Yy(+i<v#-+pPmA=JeJiR{@D=%#K%VmyVK0mHK&G#Rzot4+U
z?ZK{^Jk8xae$I1#8`xd!6(-_8_1Z449Ci-X9bcTT?o3BUeJ{vW-v`#OJb1}-Rh-4D
zCr+bbnaitN*UM{1<!Psh)icXGMo?O<$LEbGk7*yC>66*~r#^i*D!y1vLa&TX^Zfla
z8&i7oL$|-X_q9xqd*Oq7vSZ}#ZQrh?d9oAEnR<~s`xdtnyFSI^A?8upE~v#lCN8l>
z+jbplte&~@xoE9MRoWq_KH9u;S7}Ai-WofrgOlV?<NoTdGiZVSW=U$B+5>1NZKG~i
z=H{BslwOTBHw+!F0^PFqY_*MPp_QvIQROcw?>N`b?^Iex0r|}~j#rb<(KvK}{M_7$
z42+I#dV7)oFj0}{y;$uLv~t(z3calmt6wycr-|B|CaOu5f5z6Oi>G0LpT)lA@|5zP
zvs}Ux{s-mq)3ILs@o35^82ir9fle!yE;jFYRI8BX{kV3U;^Q2=pZ{Io_p!E*l)t6+
zKK=hn<Mr%E<KL`hdL5O~-x~@liUze#rqih{(=II4t%=Yz+M8fPEU#r(sV4ul?Q3&%
zmzGp#nquii1&J*`oSusGixkhCa?9B_gbOP}v5mDAiZ2m=Jl$M2gp&tV0MYn0MPKzI
zgWuCbiI!c%n`G+T%;vYcDRo<o($||h)T;f%;*SSGbt>=yvRK}j&t^hr(xD-{-!c!R
z&187;scX_9=KPd%b-HSgHy;Ph9a$#(g{gG*kJ3GBMa!ov)-Tg1k(F8XUg|GuHut9V
z6j{4^_1iJ^)}s<(ZGENl;K9maN0eFbr{ry<SJRPHct>hhC>c)<la4nlPdhaKj!umZ
zZ;Y2dIcJ1p>-7A~qA2uKV1CE9%cytP{pBz3=xvz6=>Y0W%14h=+b(}M9vzq5rG)KL
z|CQ~%l;^{{uZO~2qeF?Z$VdC9rd?x#o>Z-UvFwh-u7B~TdEBf`A3kBP8t1apqq$vw
z@T`q%rVWbh*2558JwDqqH8~@(dv;c_R?|By|JR@~-8LC_&_=mepj|4DfCu&5D^sG%
z@vsdo$?|mm{T=i&J07qI;-hcPFn0dvIOWZLspg0?PEo(ew5g3#nq#YVN%g#%Xmpph
zZ(H}$Mhz=xZMMX3-l46?S~qJitC+hR**cZjI^8X5d#4RODg@mzZfN1TTTFTKC%gw}
zzgj)3t%*g~B{%9y==WBI8`N7Jn;F6RR&<m#0$NI-9;NH1kj5nX7<sFJzfsiAhD?cQ
z4kH+1n!kCymlvx@WSe0kFT0DQ@>xzJ*A7$(J-r}}#a{MKA~iJ9k{4T(7wx+%)Vk@X
zn0*Z!ys)BJUR3x}y#_4>A?<D#kH^57_c}C?NhkIG_DoV`{39Dht<!tonKM)8;lSZa
zR6<|;OQ*4$Es{uMD*K$Vc>NKXA)4N8DsCS_ev1yvZ^mSATxVA_-CQmRr{eMKD{isX
z$$IVi^lr`O4|P3Dt7rw%AUnH)J)a)w^81NLf>Ys<op;;wB<+$EPbKRsZ#i1M!J6a@
z?e(;KcG}LqBHhq;Z+nD6v^;Cek0>`eH+)*BQ+J*Fuv&E=^~vO}m|iAJpHOOB^yxZb
zI8P2gUmgwOc;E*2eA)0re?}!}A!_3O4u@8gxz8Bqx%PXjdA9F)?6VvVH}<*%*WHD6
zx_(D~@po@cj=^UtJN#BJs9~@_60Oe54nz-jXBvhLNN?|qbgK4CY)+%y9V4zNj4Qs2
zLQMCm03KM}vqu|2X{W|aT`Mt(&O@5_%fCE-{IVNLPrG4eg_?)<oz!6Iw+l-%ilyD9
zjfuic^iBeGE0vjN)jLf+868XF;R7f)eaj1Vziw)zlj};3PZ6p=I_&wZo{0avMWX~=
zJR-6BE`K;*pNY38p4a$Rw%EOGH+OB;yKCK@<@#jZ%iZ(#TV1NhIWcc@(PbVx@zv1o
zl&u;XEq=6SLqZSK_J;2~l)eAd^WA4^vybi?+so`pyB_WGIo?4E-N7JDTUY)lvGB-5
zcza^ufJDiQiSu9b&&zKeDEi4OaXpZ?F?(an3EE(fC-iOSmfAbE(Ry#;n9V!7brl>K
zVYA;E-qZ24>F$A%?!9ppReW!><mFSmqToCnvp-pq8Wx&2F|*ZUiH^P8J)-L6Q?%M{
z7VnL&xGFMc|LC!a2lngTeqGG@!G)cT*LwTEd`dcoF;!l3ex~M&dkQpRUzAteSrDxm
zt&JT9rnTl(`}7!3-BIS+c$r9T{$Nj`zq&utuS<3O@`ckqzKi2&*yrh;xrrn8`wyt+
zl)u)M7kaU#Rn7Conrty^O;-2b4_>OtOa<vXCTj-N)tnckQ1z2pp|G;%0(~w+eNb@5
zYS#U7n@`a*=-LzfXVA|2g~o<LdWQ$yB?q_p?-wi2{z3(RMUJiI(Cf4%ebyPg->b*d
z+4$Ub27{HKk9!*J%t`GHYcXAe_x<8e>nqNQEkhJ-cV2opwEfpRvK@i9?Xkk8DxAvd
zaN!uIO~>zf<gi=u$6B@1B;EcUl|Rkiq9}Ch;?RKwWj4ABy32_~z|{Y$d(=>A0NXVS
zzWfBff0eFW>sL)hx7OP=JYHTkJflKLT^F}A`LVp(NwRni3b$uW=((RJjB7QC5pOSE
zf0RG|+rE6_ut(M$9tdOpIlX<kr@QC&`_`0XBFh*Hl1zF6-J+Ouf8A2vSNHHt`nN|x
zkj55mz~BD!rB3wQ9`nambfu9yrtUa4V@yS;i<$FW`>>r}f;HZJ&xby#r!E=y+BS_Y
zPduO3-R}<V{$3u^rt%e&!rEt1Tgz+j*sjWuzwkHD?<N|Hj%<AMi1<62bIP1=R9b0f
z<yUcgLFUN8o~HN=?Ug)Gy@5Vp8H_#sd4|kF5cLb!^{TY~_`CkrK$WS;Rf+kx75cBT
zr6cyX`HS~5*>ua-!a0+BhxNbyYxDKz)V!OY2_E;7HB%Ge+8aXekJaN(ZDW+E33)Yn
zW1dN7zIxf1Ds8HY=Rb9d*Y>$g+Mn@~Rh`e2j~=TV1Fh#xr5=k``O9A)ix<rK@o||5
z{H@q&sE@HM@`_OC{?`&ulsDB({c*T(WvJtnwGD0G%I;OmzU^N4vC(_n#~^=+cbu$b
z>UGtw3qm7iJT+FU<i^COpP~xVG<d_TTT-)bJ$e4=Y^tkXs#tBL>Yf#Ub=$}Q9(d|W
z+5V|T$7=$2#hUENU=a<`19$DjTOTX<i`Sv`1}c+SdSxzO&-0%`Z{M@DRf{D0siq>s
zif`#Z#%rpnoV@C?33bggZHw3Q_Wb2whc~p}`@Kyy|CqceGPrec=;2h|ya`W@P1oO;
zxE8(!c-|f@ah*3y>T|qN4MW2vSI;@RVEP{V)W}I16YE`VufCrSH@1Het^Z|Mqafyw
zPY5Mz^c~##_wr>P-NF0xOls?WErV1X?DYKu+lNjw!aAWfv7hOVH*C_JbW?q@Kx421
z>umchxT0Sm9_~%>m2e+?blpktO}w6FeLh6<=-uI4dcwD6s$T88v?E_%am_qe-Ml7q
za9_5INS~wr+vEC>yZc50{qA9F>fU>MZ#ZLuYr$^!THx$8!7(*D_Z~<4Q^(r;u18av
zWB%UIzoKY}o-i?|IY|?Yt!1Iw>D<l~cP~?D#^IgIG+8-Kd5>>tObyJ$tJ}2Nf6Mb}
zXGWfRtOqsr>nQGS@h5N(74L3|riy!8(vu_WkF<F#J56;5&~u4y?vn?zOyP+dSLtT#
z?8a_g>vS&c-n^zKzN`4ei-LQq@I}#u`_^~;i{cOUD6*$7^b>oic*lj&g~dG=7N2ra
zj(A#@>IDlY8a;#1jV}Eo&jf5Tc3?BbrXG5;?m1$s6-9^MjHxePf9~t?=!yHfGj}4f
z6QglG4l7=BPO4p}RdDICvR&kt?eNx5DT&PAR)<u)T}wl?tGLDg$h>F!IUh4^ke-cg
z)$5S&#$VSv`CI1qZ)rRJ(kmObtW7<0Y+}nD!Tb2Ji<oCT%A4^{rEdB49ZKEYep3mw
zY0sFR46Ie}QFuyTGOlf=b{`w9Pv<Qf*LHYb(SY=?F>eL)o54`fpWl3|dQfJJl#KVb
z9bdQj{fT3O6PS2|`Ay}a!8TO(Z`B)WCur;%t5LdNkEc_91u1{pPq}U|wJ}HRLMP?5
z$L8^*XVy2pxHg6hrflETN0Hb5aYwjtm}XIaYjd&D8r^-@B;y+AD>v!XCu{UHt7gnt
z?USI&TNjO|+WvWZdfxKjj?}Kw5fg2^uHDPqTUBT7)aJhRsa++>dRJ*fL)W|9d}%)9
zRN95E^3Hrw!sd&{>HLXStZ&v7A@#V%c39RFS4mU-jC`kUkJ9r}XCmzAb2JggWL9ZY
z&4{zIdZ~TR^eHjxL_XAYG(&Tp4;$8`;=9s)l7H?5vueIEKT6kBI>^2qIZYO-;L`b<
zKrHGho&3d=zazDuUspw_R_U&2DXdt3eV1mbqVd;@H0TajCD*C(vwrD8&EGQlu3K0=
zp;{e{R}b=v@`GB@tQB)h(fGUG`~TExGHYzfcn@vqjfvU0^6X3$jp>bGqAcB*=#vw9
zCECb?sE9^AKXtQr6ltGD+BJ6Q85Ep^-T<v{QW7F#YxyU(A^fw{lke(H8@A1u!b;UA
zKNw$egBHQ;NiAPCKqYD`VP0JQ@+)`l*ECReacru4Z*6z;k;#qOT59x8beG4L<ZFM7
zV35CAUz)meqBk@+k0OtghP&%D1re?JZDwEk)uZ2X)~{~v?0NcwKegFySgg6Y_ZanA
zHRnxC7bLk{tXyjGw54IEci7!TTT^r0#_XEbH^b3pTXiSB=E||h{Ar_#F;d`a?GGz$
z`v)~%Fx2l~GmDg0ZfvSK?B+rHlSVh{HNIeV>rt7po$jyGt8bn??S@3#oaxo$N8P{%
zqKV9Boi~J;olRe>bT6Q4dqQK2v|kzcYGOWL9{6Q}e^TJH*Yy+n4lZHSdtE=_KbPir
zaiB9CUvrH5RJ`wNwTko~)N^9|AJ_7}AioC$znNgUTMugWUn2{`EcUPY_$qXW!{%3V
z%||BOeM^G-IA&Tt;rrKn!&(Rt{zXMmVMSuFW_fgZo#;=h6c+k8UElsitW}MY3exj&
zjSJFGt8>qBs=U(SDCk@letq*n+mqfCS<3n#J!Jeq(~PyT?QR?Q+BbO3M<usg`_lD!
z$Fyu4$1>MO?Y5_>uT1?*t6{39eDo|e9;BhTbE4Vs>W|mtm?W`ll5q-=nB)yTzPNKj
zWRrU8nmavxxkA(D>bUixjvyb}!#_1XJK^cYhb-Tu9nZX)DXj$|eO*L9G`TvZHXNG2
zbn2#jeYdz~ip6k$yYBGyE?QY(B5#Tp4z6|)Pc!uJiEw7$d**S1$vk}qAc#6|%JQOx
z@f05o(WRs<V>Q(ik7<t4w~?{hXQEMoq8pRVr4!dGhiQAYM=Afy*GDxWna~VnCYpHM
zVjzSz)V2VWG*=tVcj-ebx0GIUP~jB1A+9?{9>#3>?vhpROsZcv$uAw$OmhtnEc87B
zeU+eT<CwG7<V{&w((*!HOJV({_=G#kzO0SoT6RUx&F&G!{Mdrbe*C_LiPM@>e$=;?
zdnIS83hOq`4Z5M|#xb5uD}tux%)Jm*Q~%<@X#Kw4*RwrXeR1dT<i;@*7Yu69M+xi$
z49Y`Ge6*5frI?6Mn5K0evAnvrL|OKhk!0;xr<Cs7b-`IPBsKK-<i_cfG+*_Oz6_Br
z+n%Avt6O^OCvW}9Y0BxobXTS?U0oa=n5!>!y5F5Ctqd<?p*Zi3tlZVKI@Mn5EdN(;
zy4vYYS67Zb_D|c@Yp6Hfp6zqB^O34r-D$N3ukKvT%I!J2)9u;r)HyfwK3(^=-8>kS
z*QzdoZpc4}@HIUx{!vAvU(S*ro9)frANgHK&Icxk-5<O67V)k3^%Ts%lKjknMjgl0
zp8RxIRJ6QkVDB@()w3y`vi_W7yx+8%JAdO8=7yr~XU?b|nCT*7^^H49oax4q*?D<g
znA6jZ`Z&9{P|M6T7jex`{#jRZdUNWDGL08(gRRCj$3-Jiy_X$YKGD-{`tn4HotOKH
z{D}$g>GE`&P+2VG(;xW?p1osls%cm_rYT<6oOoJO9pAFXt8sF-hL*ZN*AnEU0uf}Q
z_w-R|TXi+5g=3f-`4(h6O*Yjeo{W1>R_PXeU$`OvmWEj&sIi(1$k*0?>d<wIJ*fA|
zahgzkV81sj#0+h;rngfBgLB<7WZ!@)?#xd-^TD*5s(xwXdKV@2@e_uF4}Xm-yPW=o
z>+@PmR9Va!>P@dq*=rBSpefpWD|*GN&wDF6$u#)8P48hi?|Nn5Uy0QxvvbtZdR-%<
z^@VDP!E9mQPkHK|b#0$_&)tTl$Z}qvwsVEjgZsDj0(CHmYbmH$KS+~zWp;7v>TiSK
z?DGWn7IW6EThM_O>jzY%!d)-sY2?gx_3?dc{EheB)dw3|3VT)R{`0G_7Bn2_iR9~n
zvo$PDANaehJv;e^)ZSI;HO2nxdb&8L4sucrY`pmzyDp|<=Gl2vy?wZAMM&`%j?dFI
zP7j6?;X8_Vf0~=NU|bv9p1vz<-JUllF>U)#x?g(RZ5A66-rm~S+sU`HiD~RyoxK{X
z7knbQJ>6uY+x3!gawF^dGxutA)Ul0f@7q&P{F7)WH`Q31@6rt)sfwgx+r2g|(Fz8t
z8gv$2oZ6KvO_Zv<(zYAdERAk|@zv4$U)rwIV9On)wgJ4|nYDf~?~VOqs$$!Jvj3&G
zo#8}6L*|$Iq<>j9{p!gR+55R5v3kUlPHAc8ae_Mc5o1+=HE;CjdcQCf-Kd2a8s?7H
zXY{xi@PEEuQ~K80Op*`NO5`P_R`;r&s%uD_v0L~Q)t<Wy8qQJ~RBLZPD}v55quXD9
zRSOlj_m&;0D{$iu&2!jTXU$@(p;(({Nowci1y{C)iXwdisJXR{8}jC%Ii8z!o+)GL
zMO(A8&&nDb7H98NZ(rZQq>a01Yjx&y(4sBv!L8Au%;%W&=+^swX5M+wrL{w5Kh|dG
z@JC(QiTLhq%WGqKFK!>RU;7fO4Om_`cw_YI#qGLJaw|Q3pEUTeR@+h=)VglZRb8pm
zbsIr{le;RZS#4F3Df~p)aCMm3T6gQSp)B8;v_?>`rUNz~X=&V<@@t~5M*A+DJ3A3>
z$c))IIlN|7rB=V{o;nyGY72{f?X|CHpK6~~{T&fWiR5NL?}loFi>GJCo=cw=niXo9
z%r!<Imzq8~%{A3GG!M^QLgogu+zdS4pQt2wPtHv1`Sz6@J}@<2Unowqx<_)yzTxqD
z7dKq@oW?|sO5>&p(YDyG*Gs%tl<tP*MJ<_*erK-+t7%iZglvjyoT+l`k=~#ne~eT|
zt32(QH>1yZ%tkf6t76fOiL!iu<QmMWq&tzu1${nEwS4_W+BjIRmG^6?IHsUt>Nq`v
zY0?-qCj03EZHZ5~M4tfGP<7XM&b!gh^oE8u3}{itenWi1Ij9}3)Htx5epSsRn3Jf`
z5=hUfn*J4urrOWxB-XfdwZ@&hipQRqd4n^yy14TM6})1$%1Mtq{i0vvw}eDy+_@{c
zI#Y@o!D-~B)>OlI+@_Y=wCG7MRBhMWbK8?|YlQuF<3N86(X34RQl0O!i$`@qdTycf
z-Kv80?84ba!=p84Zwj}bsTU<9PbA8MkwvzvEN&@yefzw(dYXr1My%_KyNhTziQNV1
zDs}JlTgrwst*d)GJM7fpbe&bB6xUUbJ>gGpGj!DG)KSxSE?e}CEy;dOlla5aU`(*`
z?O=GCDF+H)7dhR6lts0uGV=y_c2tnQr(ddZgC4GHp7<n<OCPG$^erP(eU*xF>fOP;
z`a|h^b@AzY^}GG=vNFsqVw9`*O89EkVE*%AJL&oN>hk@2b@{qi*D>9zKX80-uYN=N
zUft&B4<8O|7;L>j#@AhW&TUgPUUBxJ(0#}F-<6ixh(izFi`$Rr-xBUp<2#|a_Xs^`
z_<2hrGPsaghzlbA^V{ILa$?(2`tHk^JslnIFgA!NY~_sq9P^=u%KRRzJx_{4m8bq*
zTTCe5TF39aapi}doDG}So$-<%8bhbP!TuEadLY4G6?o}63M~@oyO`X0wzoe&=|zU~
z%q??AzOOx#IrrI_2KS?tqeM{^FNu%NuN+o=pr7D<E!j2Lee|j8;^zxd>RFXB>TPS`
z!=NE8DG266Ug*h=;COsD#2IJX@cuxjjQ??I=FuO&4u251J2C(E!{<Zn>!_RBe)RRB
z9pUE7I-4);ZoZ_ad1Y_&iZ}J%M5?)^p}9Gl?=>&UBrmQ#Z=3bRud6}R150LBt+l6q
zrCv>$zBK1u_)_N+;qj$cFHaoh<&{00D)6@S)1k!Jdt^hCCwtmcujHljw>RXK&6zx|
zc>NH+E8d>c=OOf#(J5N>e@LKkhCXXpmL?0Q1*E<c_sH*tWRjxirM2vBD8+=nM9@!<
zZx1_II7J5!q%!(J5;Bj6uee81GYaybffqT?z%8v_T4k72cn0nb&)6blx#&Vod@WBn
z(TZ26yS-)XJ*lx1my9l0GNWKgQ^At!3zpn8{L3}h`X7V$nnO#jEm*Q7KXP<p>?&_;
zp3>Q&wqwx-&&_9sys_=YI|e6S(Yi@JH$V1~HQBciEdh~Xn!$<mE0hVHBmL5ax!kKz
z(EHYuX40Fnoz9X*%1WgE2l_>0r2p%dQGNAulvO6sK7C`L{pS}uc~^bBq*SC{38(V!
zn6o203gTIMcW7t7Pb`&Ko>M5%6VqkVG*%CetF=JJ1}Y6@OS~t&&L_)9SM};%_L-FT
zOu1U59?#VNDAY7|!QhVSwYu9Z%?yCY>WbQ%dhGo@Rs^Lgf=oWCztDycGrxIW`Cam$
zwjI}|Mh!Ck<8bSpnt$`2s!FG6jNY_dGJae~=g^@~c_X}(RP@~FR;^@?|6J=1Zw)Po
zykG6@sz_@;^`XX>^+h9|dH+yia7f8t6xXZD=|HVt4IQ|}iF-ipmqR1wKeaaz3GLB>
z;D#;x&%Pxua!hr2Z@%AK@!g@L%C#3v<5h<&J45z#Z+JLkLtC+j^ws41GKAXg=JlJG
zXMSgbsT8{Ug)+RiZ9w6rA*HY7ml`lFDLvT1d44LNh_$O~al@c7A1dMhcqm*rS-U`=
z->|E6`s7Th?4eZRT8R00I(u6C5Dj&yQ~bMb<Mb@N?cBrl<B7H=Jy)7O$==_b7f%e`
zId4|O(8uSD`gFt4pGJN)=eC83wnjf#seLu(vOV6=pNvVQhVGm?@(dMhykF&m*=MV9
z$~rZ)h&D66VV7skMq!@n)Kz5kZg1%0ipHLfKdzsRoqzL`?XcQ{s=qa=HNQ)g&6(wE
zRT|#1kUn$buNktUqXGTAr7E?{)4L48t>4~oV|$?#z3}bJ+l#6rnR3<sBh0JQezLmm
zx}k`Ft)|^^t;W{?%J&NcpZQ;S=C1JNg~DZ*b(US)U3N)N*~;Fs73#wMEzJ6^mz&mn
zDF2e0YwO?4u3C+1SB~kPR$}Ub=F9#&4*jm%FiRhQkljc>jm=hPS5#^7Rd=?DR1GYA
zPV)!;z^A)uaKn@TNbg#t3Fww&^SO&lF0Rg8e>DC{gufB#)$Hr$S2BeW*?RbTm#=p1
zR9-Td#pRuqseS4@Zrk@-#aQS0KJU{7*FwEdr?1HRJJ-zF6pQp!-p!u*Uih}ZC$iUB
z_gyCiXuU_}#!F^wIHL;M*Hdw#YrSupz7e{Ati`vXsN%%p<lwrRX!G<$W^~8oYNDL&
zLVoXmu%c(x{kCmLNsFGgwq8c5mA<tlIw-v@dY<3GudHvX(WWTPW?T=CE)HeOx9>si
zi;*e0j~w%N@=lxm$gwj%Aza-j9IN?+W7D(8REk<w<iGD3)Jpn8tb^5fG~uWjNY;F1
zlAftvt>DtsPWC{g|3?d?urzzTZ@#opAX5Xy>kE>Ki!G@9mOMHX8(iq`<oz*a;>?2e
zwaa)gliKcWdk+ru#;FhJUpXwAp_Q#;dW&a_blXbzwk3YAtReW4J^Rz&z3gXo>&z|d
zykU2=r&^V?Ry9SvzW9;-v2N9|-8#Xak^i7vQfc})S1!H&a(|ZIdGbd{mp!yy{d<Dn
z>}B0&j(S?noB8KtCnW3Q2XDQm{_?ze_1rLJ3V2^<Lmn?DG^D<9P5sI|j#<{!Y!@ic
zPj}7JiRi_TPYxR2+tD<saq<AOqubz&Aw8|??7uRvEEHPd49~i^t<n%r!Jj#}V#jIz
zByu88`_BD28J|}Xo0yDGt5@ziLLpXEX(2^e+YAm$>^`_)@XDI$jO%nL8h<Yp9W;8J
zmN~@+soTD$UP<ngQ2%~v+ta$m^6#q(PYOk6kG^un<TXwCX;Y;(P|(xKS?_zXS<ylI
zKS)o|Q!5iIZkeh_8hJ@APRhH!u%+u@L-@}N^5$jk1^BppG;Fty$+&JF`z7PCiK^x9
zEg^Spc^C0-dsIuD53hP>{rKK+%4=c5^z!h`Ww#{SW@(2xZ3I<WI9#8?tQ>x{vXIWV
z7jLO8$cqfxKS);b{BCX2!)wB=z3%52R5xn0kw|8O?e^a4mbR^zu4-tzZ_)W{Q+rnF
z19xsc?U=@?t>LRaR;rML6D8f*I=|gZ>S$t%Drr+se8gcVqi*ZyS+8$wIl>8Zdsxpk
z@9E#0{s`oV(Gwd=x))?lkp2F9&fVL7al2+h`BLgIe*#$VNDuHz_UV(7nvPnP*{<pS
zPJJ8ltDYFmFJwx>dHvPaqIuhXQTVvp6-g~nQk722L$PK+(#c#?utwk9jq9mhUQ7Em
zDv<DfsgmyTQ{88RFC@bMT|8S=sa{F9w@P3BP;?qnUoXJNr#EGS`kA_~M9*8pg=gv8
zas5kXO)aXeZ3&euomw=o<SO`7NZ(k&7NtJYi?2%8^S*|L`0*d9CEC`uM~fE}*ZLot
zNUNr=%J&yF_+J<HIzLEmp2mKH%S+E%o7%z`lrr@^<EjkYutt6JF@Ftrt=5&_N@;Vj
zpWfz##sn&KfAV64s<pJd!#lrQ`PI6&Z1%SOKzSkQBlw7*{~T1eOV_#mWaIkc<P7D_
zHofRyqc4Og-68oFt412$k%e=!Rr`^A7kmAk>Q?X$-a{{(<@DVx@#7n`XPw`!vxb*z
zmz7DO+t&<?*6eBT-uAujRV@lPS$j!MoVw{meIMO1>uvjG+OmMY<>|L0?htiCjL@e_
zS?O94Vn@=F?x{QGmSxV!pw_dcSiGq#dz7$uPfZM9(5VJI>_aEbde^;B3of$CGDU=i
z1KgXE=L?Sv`Qt*~XVH831)(mcGJamGuAk-nK2~SYXGcNJu;_S+29T_!`-U9fqi9wZ
zUzBtDp7gsbdL6x?Ih&M3yhWc=t-M7KF7>LpdY$y!BBgXrbEYS%^8MavXg2Bbmagft
z@1K0>!C$!6%i6Ol(Z{S*>ROCqgsi_%ROnQL64ybSYDsMS-qcOm(Y;oBdZEO&J*+A(
z)jOg0aHpJqO*RGFuFCaNytY*E$Kc)ZXz^X|{(4*9{y}`)v(hGVqj~zAu@{d%OZ`N>
zc%}asuTspO9xm&fBK<Pw%wgAc+rQCvUHC|uW>S`&t<=^^ch%~l@S*GkPh;;u=jrZi
z*}DqonQ(DKK_rzf7fnyM3`h(rNDV5~#@2~J{ZnUXl3JTwhrKiO?X2tz5|LU>k{z~f
z<>AjekE62sKJVmBH+OE+-_nxTATmWjAIJDl&pTh%IbUYg*k>7V`hG=okF?mnB~{f=
z7Ax<`tLn$z=Ue*hjc_R2^?KvB`dcne^TyfYn`69_UR<7Nh~F9+mff!*-1@taH*Wl4
z-^0|slAcCrt=nZ@?78IXlP6AVt6P2lR&U&-okgNIHa$1`taF~zq;y-PCALfN0YoNF
zdrrIBwN2Y~`o_~&GdB=fc8)gHj&0-|i!7bCOGh_)<5q6y;bnTg-Co`iTjvh~>z+G(
zow8(2N-Kj3&S`G_p3<Z~J*6P~+LNp6cFiqs+NglrJ9i(foROzjjP^zD_SevCkFHDC
z?%wcu-H{8`UIwRsZ)n$pKt&O`;LU-Nh#F16$C?{^qKR>(-ncT2yXzH0V^{-M#TLJQ
zaOB}8Wu#+9sjXDa+S}6^ncY->-ej{At=G4)YO2H0wsd@sW_x6kMtwniCofE{^L8If
z>^ao5y7>3~qxExBr`J^HFB(<)$>A=0E4ePQ`~7L_I`_PvwcY6DtG2YHFKqVfHs1f5
zY9^W8gQHb_ou8p&E*PwP%ZTNLarB${d;7)KDJ4hC&dRfQoUFW-j_OD!MSK2@8?Qmz
zxRu&7ZemmY8^NO_y~XsFNbY~VD_7R78?W!;tsB2bAFYe@ThOm*<D%3p9pyJv=AW8e
zeQtSb+{)^RUgS@k+$(EJ8zxtaTo7^XK84k%uo+#~;i*Mr^I6<k*!lDazpOcI4;Ssl
znA944ef>FePHDT%mdJt#6_buoXN|tD?3~P(M=nsWm8`e&(%7@+-lC)2jW=(<>j>{R
z!MXcw?I*15Xq)PTwF*Hks<r5xy|PTF)n|K-G+SCemM(&IDuSlwMdi2532QU&4;gqK
zJv?#cN>ziuO^fWO$5po_o6GF#7j4$Oy5_&NuA$k#76s>gt_3rF??swVuSsY-X2oNd
z8Jjq8HpZ|HMi-9O^L1G$D{jfYz-kA%h@|p!UqrZI6fU$2#*N{^dAeYJ%%ws*2zJLc
zi9dGq{%j6we%<cu)A7J!e+<#8rTvkC(dL&uoqlEcm3M^;C$dMsQ>ne3&O3t}Qc9yn
z74|q+L!$n@C;IEA^lHA=O?~$AK~41wGM}IG$4Hv+xqU}}Jw{?UT$V9SZd>wOwuI_!
zo91-0=~*?ldzDhJE9ai6n`-S6S)I=ANA<Pk&=H|G_UjqM9No3=$&NXy*k&dDCAn=K
zeQsKG)o56@blD}JSvI@*>gLemWmjD61M#!3tXZ{e&DHW}t-55{6<5z&cI|1`EM3`r
z#foL2MQg5Hy6mc}8kT)()wNuC;tAce%7w=1Hc$S=V2#Uel)qW7L;JIJ$bS*63;03#
z!zT*sW%wEL&jf4I>^k`y<U+ckykGuKuwKmAC;uI}j!KPzCMhntj`C1wiTvxpQ}u0*
z|D{a%U&`z=<}94kFgvukp|N4s{Do(R=FFNky)?RX&6QVOb@i23uBuu%r!@QHiWOB8
z#wHSD$5&08P_<&h#Z#wDo|KH0P97^N#3Q{@IaPG1>FQ-yT-AKh=~pbjGIZAB(=Mt>
zEk0xZS!bSh(frfTJguQ-{^IKK18P#IS5IJ0QNk1=!d6ts@U)lt&6Fd;16!oj|F3P_
z1K+}%Z@l@W4cVIZGVxhF7S8mp4)j=JjPyNjb}c+p1&D>W-^nyh&HG}<jkn+CTRdjp
z{E<QUXy8u@{EthY*|XzTt`^?XZT`pccHDfkW4@)!;+fqiU8TYAC4p~tEPZCje(wzQ
ztQ^d4U*GhNKQjnt{G{NwrLQFT-8Vjq$I@lK>1_?dSv^>MrG5Cm;bsTNEj>qQc!roA
zi`Raep7G{ed`;=#nf5h4_-*;J@Yc?(K9hmoqQE!aelx9ySUi?*``tHR>=laKnD#=J
zuB(IJ=3Bh;1K!fPFZgZw+Zy~nKk#SvNsrm_I~D1a2FER*2ZC^x4%0XL-wckg3Vis$
zgx|LqCZC3nbujgl;ROtrI=rjn+IO+5<6`Q~Y;JY18`e#m%e!GIce6v?8U8qZHw~_R
z%GJWU_FbMbHXWCD^<5p8cd?r`H$5&M>BJRv@FWNSPx9-=>*~98?b>(C#Kr#;9arDQ
zZd@*Q^XR5+_Q&M0)Zv#n*p180uN#-k?{vbtb>XJr<FIST)j89#>FP{!csIW#4*zlK
zbkpYM(Zz1qt&UB%ExG9|{TQ8(vpL(*ck@NRZs&p<mz!pncf-0mE_Tz|^fB>{cX+o9
zUHk62>9*UX6Lyh<T^*O_8ew^K)8>}B%YR%Ma_ulXH#+gUdA!=;UF@cLzN6#jeV@a-
z<+;`2&v)=lCp~WZ-MC1wrMc9>ZrL7iY`S@I?YQarrlY^g!GfWDDnUY<VaR}wm=FHn
z=xDWtZ^wL3zlUN(lFKILK)m<}I$(Ul9xKOjFbm|6Tz25lvt#%;(m~i`<S17-Y#OgS
zAzv&UKP<nzWra<A3rl;aY_Zul&BoInkz6)U5syvt(U~d7GDd7R$|3Mz$_{>ooTXu<
zFs~rOe?|^L9~_p0zeWxYyjBk3_gXnt_`u&Jhrol4|B5hn;5Rt@Mu)#8;L)RfA?Sn6
z&Rviac(C#9kP>(>Ja+DrL*T*2-w!E)2b-PkkP>*X@ee~v;7zPf%R~?tK7tPT1UXO6
z>IFPg4#{O_ym;*3Bj|t&<p?`Pj^pr2Ie#gO{FEG$%jOvIgu%DEjtiSj-R=8ASg_fo
zZ$NU{JXSn5@ey>u)>ca(CGcS5ONEhKHqR1|P5gm!o?MF@9Qqf_S(-0(_*D+S#^LFA
zO`iqWX6HI#>|y^#IV4wlhKVN(K7tO|+E3rS8&91h=!1<XKE&cS-t8;E##2WK`e1l$
zOprt1!KP2!K;TWRee&DzBw_M}Z~c{??q$m7G-3KR;yPc>bS@LN_CuLlUqRU-#0$1`
zenHsu*E;-7!U+0cwp=8xugM{~(y!ShKYjRSbEI&o9ARh6A%q2!2J(2i90Cs>DhGeA
z90CtEo;)J(;C^!GUm<60@?V4zbWE&l`E8g_ZWGpg^sD9i%XxC7^QZuyA>Z<~NSMAJ
zor~p)0!%-QU<XW^(fOhrk}Ew!#FGYm1Rb!|-HDJAc(B!l+a@`VSiU%)v59YKrkx)h
z@bn=Z$0luz_(*5pI--rCcb=Ttp}k=T{nc`2=PF^-?|U6F{Wj?!#0$3cJPav;2U~i&
zASLi%)BjIlOV2)G(?8(wZ#w#6DO)<(O=6smk$&DpHlBwKlo5P`Fhaawi+6=Ehu~KV
zP#@^?7>0HT|7Bsz@7*X%;K62xWlbD{e@K9H20Oool)!^c|A51Ttz8{*c(CagDO39M
z?F<(fDUAK3a3sL9QIHT9*!qyg!kC3WQ`qvj#?c2`AM#mY4xxXo0R68gw?Ww2@VA8Z
z=j&`1u(*EU@IMr`^mhtdc|Ivz7TElQFhX2l)Bix&(tJ?Z%JU={Aqe_q!lpk(Sbsi0
zO~CA*3mNcW)4x*K?5q~%y5h-wS=hpUUl<`S@bU7|dBWkrBLe<6!j|UW3R{2jj-wB@
zvg((g)z25U@;_1-AzrZYgB%`g{4imQceukJ=jek?|3rre8(%JLc1AjU%+Uv%{#b_x
zTfaKZ;r)#0pY>z>HauFGI>1NBFPQNI{CGJ89!$BxpDKsIgH8W5NC`aH^v{Hpz=P>;
zv2%eO0uMHRIiv(0Z2Xmw5_quj*FZ|(!N#wHl)!_Hr!Pg|!N%VLDS-zYzZp^j54QZa
zLrUPm#(x)50uQEtAiodEA@E@1JA@JV4mq>aC5*s>O}`sb0uMI*7a=9^VB=qbl)!_{
z&Kr;tc(CdJ1yTYJHvNN;5_qubb1gvN!N&9LEb<M{E>^}5arD8~r=95VVC(lLI6Qc|
z?0IsRIXu{pU;I@L4>sQ4mQ2U_4L1G;M;~nbR~;T~{4EX-HvUeB2Xj7>|9c%CY~!v+
z93D(Lp#P-9gN=XQ;lakg>hNIW|I6XQmd<}TJlOOLh+Kjmc({D1;~XB0z9(1d@L>8S
zsJO#}t-qQeOw`y<1U#x!`6qz~o1GaB4>mhB4i7f{T89T4KhNR8#xHVsu<>U(JlObi
z9Ug4_MGg-({$hs*8-IzzgN?t!;lajV<?vwRuW@)VyeD_P!-GwKy~Be||BDU}Hhsn$
z2=xLsext*K&Ccx(4>tWf9Ug4_7KaBL{~d=1oBi)QJlOOfaCors4>>&8?EIU<gH8W&
zhX)(a(s_h(02}`chX)(K*WtnNo?N%XgN^^Su$>n#I{bb|A8h(P4i7f|kHTi>b%%e`
z(FdD;ufv0l|A(;IdDr0&Ir?DJ4?E*4u<`wc&CU@HKhV(!n|_hQgN;8%*z6qZ@FzI>
zVAJ;;9&CK2u-S<^e3hdQHhq0<#TUQ7a`>sjW{1}zOuyRE2OFPqc(Czv93E`^e1``!
z4)Ns9a`<%0vSYa)sXlC6$1%fp?Z&r$n{hNkzQ8uFo&+g@2QyYD-qYm}c(A2&A*2Kz
zZ2V$jE1xqR{v2TheX!|YC~W!{1-!E3&jZNw^)C*1(sK!<1Uuj(<>1%IA@C+v4#$bW
zCcfzt2Km3%A0nIBj>%bE%nu;{U0nZHVa?7o#c63s`6<Yq2F6sB4?aRV!6kC!rBROg
z5%BeLR$reN9ux52bNKH&{C_z73l5)$5eadDDKG4^$s7U?Hv4BeJeW3$KJx<z`e18U
zUvqe{-Q$1T;r)R6XYGVMhUM^4!)8>@Y*q;)@L((3DUcF)6SGMfViO-h2i#wd^q0$V
z9DbDCI5~LE9jiy$e?`D^&w`*2wt34oNC`Z+NDey>$|3M3mbSPE;>Nf1ObnEA>7N+r
z<J;U0bA3oI{W=vQ_VM-S>zpp|jxcGf=AeYIVD1s%X9=4=b1BBp71p1xKi}aS9G*EA
z(`THfKVScRhi`!lc(CcOba=4wjK}DHN$2VSd%{->7t05KMHtCd4#$e;Fg}6~*yb)M
zbIUL7+W0es5%j_I;n;ESo%Pcft5ez#I`{}-!2{$xIocPJE1g^m2#X(;Lq8>F?R=gv
zk}K>4@r1=k&;eV#v=b}CQ-qUp*#C?ilFR0$;<1U3paZt@xd~DN4<06m&2P#f@L<Xp
z{@>-Soc9RZHSuL(>mUB?=o}EHEC^djKnXU%c7Cz0(QF<k5YchcJPJ~RKA7_yJDdv$
zJoqH}@XUoG@FrHL^yApXr`@1mFUNTZzEY0hg#DCUnH>B^IRqYTeZ_YnCGg<Ea_B!I
zXLcSHwlx2z!|xNe=K_BcMz906GWh^f0&ik@q3*(R_!bxaq1D|dwa-)#7T@x6j<D4o
zZNvJ^&k57c$QOAr{ujbl?_7_}4)faxX$IT5|5ss4C;gViRRAf;mB(7~<PqP>q)FJq
zULssAN80X{v$Q=dY-xK!*vkKp!pMIYm*s{2!Q#3?*zA8^*ve$5!*ecJI$sesJAV^K
zh!<>SLj78q92B;(;?PehlabP+Ow7k-g&cho<v`!Uargyt^cC=n<gC4YQol!86CU64
z^8c&M-8QV~{4~Q^8y*WO$yHy&#gk5a1RXGr{6^&vcyNIne3hKlBW(vk2Mmu*$_;@x
zvGb1W6gv2Jtv?}9%B4Ri(8ot|>C}kFCO(o&hcZD2-`Wg$&6o4!j+H|Q3pSoU0m)_4
z&5P;4Sy=jPgs@=aPlS}@vPqjKo%ohc(qrZCmKE5_aHKGj%Vw^2lGaw5qG>c=9`WKM
z*a1_fl+Vp_WdYtMA6;~QBzK$~I=_@da-|_Ao-p|1<<O_kj0AX@e1x!I)45IfC^_`E
z$RWAx&lZn;d;}dZ=PZ1^oRw#T@MJk`e$nB-Bz&YC`Wxj4i_YD0NUnIT&Eq4vbT~J#
ziI3#c;ao-Mlg?S%B06rH1W%A7ot$^pPRJvYD=w~W*m19MU<*4*7$Gc}ykWm@*_!_8
zI)<PRHht<Bfd|Lsuyd0f0uQ!!buXj@9z0qO{b%JkXTWdC(VoFaszPnt5*4N_;Aacl
zc<Dk1U*q6S!e-}(!gh^&R@mx&zk}ZpMo629ojd1?2+QGHTU`+-<<g%R=;LD+9m;vC
z9O=JI4#^dk{1O*Ff)03^9AUZEAi2VRO*~=oY3JyFLk`KMKT16M_y{^+i|ay22|U=!
zpD~Z&+l7(;&c2mHg>=pSMZ&~S*k-vZInqq}kz6*%izf`e+2s5%n|;UdV{{Cg^fL%H
z!Nzw850*pc89B2_n<O6iZn+@=?vW3Vo!8{J9-#BS9Fi-|mEsA5Z}y|Y)*dJa<Ch2@
zCx^{z<*c0D^o#bz+ULjFw=!v#w%KnHw)5h8VY7dSZ!vfJV>(9q@y!nBF8v+pbk7Aa
zbp!uNZO=_JwkbF4&y*wVC2|Nnc%&Ts&2k7l*v4;P7q-0IFN~mLVr4Z`1o7cpzq(o&
zK_ATdMqJorJORE(4#{Qn<MP6Fov<|oln@pim4hc=R-Uw5s~7rA%S)Ruk}KY!;=^+I
z2s+?=IqV-Throl4r+p#tVB=4Kl;n!*4DrNeK05VsGv$bDqnw>bTZAoNq~FTn--Hpu
zf~_xoLfFDSFKl6dC0r<n{g>qs!h#Fr;C~}$`o9%6{`bNN`e5txdm$z8Cb`<ikvfR|
z(*q^+!2{&r7t0~J>`W0KmczGvohEE;i9X!w`YK^d|JA~i6%hO1lV2ns{1ai**(p3S
z;D0NOkOpuj?+*WaNB>Ap776-bE8D@sW`Bso7YkzweV&O}dPWN)x$-_!JYn#2m7!=~
ztjuYb=;PD=Jh_A%QDA?v9BmH%Mme+T_5-4QF`Hp!2AlY1hx_Q5IP8oivl8rs&zBGX
z6^92iK8An6;lYH1e?{2Z)t?<59rDG}Lw^{S!>0`q_F6e4R~bgdqmPfE1Gc<RfRw<4
zhs$A;HfA~tg%Na2EIrdjVBdUnX2{w3I7gW5z}LxHJ8^A-tqoryjGzy;^l*Ja;K9~z
z+aM+IV6%T8qy!!ePda}nhrokP|3P6(=R*$vm@tAq*z9x&Bk&z^L**#9=j0H06Dupm
zrKADhuJx0IkC7wnJUJv+*q!1Di;tiKw)Auga~z&NusQh6JRSlMCLZ+W2y+OYIX(Ip
zj(uL(+W9)+E^)rT{$=!q%L0AY0~mj)@U%ex9$^IgVAAQy(H9}`VB>iXZgzM!X#B&%
z`t$W4b$Fh48{gsZT@KGPZnN{W!$0frFE~8Uvda~hyb$XN@kuAoj<1mK$z7(xv2?By
zwsZDchyR>#exUz(;XMJK3n{@S*xJl_!e;Y)VLNwLIQ&Xs@<N)f5Js>AE|(9#(c!_C
z_iqSS={V_sLO2rOXN4`^=Y*pH|DG^{eK75nu*c}4VEV@jpB(Uu9sW#Vi}ze%1Uq0A
zg`ds~giD37dA*|pwy-w{mjyao9Ubrm0iTDm1p8nM+h4%ad4$6c5~iHcA0lkmAWxXI
z!H*Iyl~3AE6Gq^{{Dhw;V0IP=TfP<vmj*hY61H=^)zSZwu>Sn;Uvv1c2R!y~cld8Q
z{M`<}#o_N2Mo1@^pV+zI;lcbQ-8%#<{SO5^`j4R?!48<8=yf<en4jo(37DN<IQ-KN
z|E$Bm;P5X7JmFt)_}@DEe{lHM9sRe25z-0fCwAU(c(C#B3s^c2I()c)md_V9{Q(Xi
zarh#KA0F_Y;yqs2+S>?WYY!(1)4!wBAdHY^6T2>OjU#>dNG=`5E$En!PQ4s)VgF1y
z>x-I&kz97r!wx=z4%o()OCcryU0BQSS<<yMFc!5mEW?N-mz^5%qyZnvr87!AI{0VH
zk;m)g%>I{!kz8Th#1j_Z^7SJJ|4jHAIc!eN(?3ZrJHy3e2j9jg<Ajl1`YG|~<ByT^
z<Sv&R5@5zHHwBpSB$CUHJ5Hc%(J7O&e)v>jg2T_08!1Oz7t0~=V2k%^NC`aH`n^`+
zaKL}b;lCwp@!loOcpCdV<V^n|VasFR`zAY&{vaKMc)?uP2>-Sm0&imHLWu};@DX&t
zoIa$XT+Z@NzKIK-IfT*x&y|l57F;2R&Zp$4OYn_y#(!TJK_6`Qn4ORkc(9e*uOKDx
zCYFB2`C&PHvqN2=OT4S(81I4^Pom4QopP3!PKSTO;h%E&Jr3XP@TAS`yzKD%9KOfl
zUvv03gb~sMw(-dakdj>aW$a2G@U33Rx1BE&g%QGn3*<bxq#ObdwtI~lNJ*}^-1EY8
z;G%Natc8>i7HsWvHKYU{OrL`O?Q+)6?+`vd;JFvD_GWd2e&0H>H2=GfS>CCad^z-=
zl|zUZ3?G(r+Yi|EUlc~r2OCe_A@E@1e=Cf@|5ncU*Mt#x6KkKGKcu1Wd1QUXBptK7
zaKAiKj=Y>BhhP&Nk%M0*cS3;I%SUp>iw^PPBj|vwJz$ID@Wfdr2X~qr0uQ$SzX4K`
zE3OLh*uqE90b5??LQ3GlmIkh^miI-%7S{#BNUpfPCZ4$PSICj(zsb@5z$eQf#|c|4
zOgi9~3R~M-E<7sWS+{RIYrql#-yw`(2W;*0=fWI<|AoUp<M2GE;J%D_k0db?^ud<*
zLBcU{==5FRZfRpZ5<*z8<z>CYgX22x$!&9Zu<8Fw_y>W`7nE5`|61Y41OAl!Y`M)8
zzA)hLcK9vAUkLb<lo7L2Ds1g}JQ<XbW^kc=(l$ky<iRH${uGCwDNLV_UV|`#zKNYv
zWg^hQM<4t2b(S8^DT2dO4+wU^%7V{V%SUqAzfL^%@vRKog{_@@N7&+hMA+heRCs_K
z@pj66Tz_R{(k&h0Ar16P#&aD(;O&}%P5L4mU;SAa$(8<*;<0N!I^?5H4m;diBk<tq
za`4}kvw9>i2s&VFSsLs-{gXJ;e@_@eA8dK~P}s@`VC7Z>DM8=F>UV<((vLq}j(E4o
zA-VMFH_^vO&;i@^Xo;|;p;@>@4*l!p5cI)w<cRADIRqX|yMaF>hrol6lY=jI@&dN<
zDHrAt`XdD>6XIpfDn5KX;IWf%_(_ibbYW|I^l4!9X9`>SoGFZ8)5Oa2JQ2i)j~Y7X
z%N;9+ovY;#c(B?3tgz`{Ba997KPP8-{Gu?DE8dmj34>4jBP{*4<z=HV^#tD~R~q0y
z$hY=3z{wZb?2LDKa9t3V=g3@Ru-PeW<<oZ_cxIqetOS+^c$zRmUciO&vBPH!hz@>c
zz{?Bq4iN$mrq6-m9U^@A1p-!{yhCJV&e~BM?_G<s1br}LJ5TQG4zHiSSe;ht7l-i?
z!kU;4V?uQBE&a58Yqx#R7xIh#$#Mub!N%7>O5nl9bKW5EVB;4+O5nl9FNT!BgN;82
zQUVV){vt>TJlObUkP>*X@s~kL;K9cC9hVwUJ4et58{fBoF#ZOVCFp~V|1zWm9&G%-
zLQ3Gl#@_}hfd?CZC!_=(Y<wG}1RiYseUK7(u<<{Hl)!_HXS|KTgN^?;NC`aH_@6;a
z;K9Z}2`PaG8~^W+5_quj&p}Gy!N&g@QUVV)em|rH9&G&YASLi%<GCIo@L=Qr3sM3P
zHvVsr5_qujA3#dr!N%w1!KQhz@%<ehZ2Uln2OB@k;lakUHrVWgjX%lZ!N&J})?oY?
zM;~l_-}hvVcjsil#&fN)^ni_@<?vwRS+{TcVB^nlc(Cz(-`6nyJVzgFe6z!YjbGvL
zVB;@$c(CzTIXu|-YaJeJ{1+S^Z2V0Q4>q2A3M&V&@f#f;Z2UJI9&G$w4i7f|9)|}T
z|2>BX8~=dAgN^^O!-I|giNk}9-{tUN<A3h(VB_~XJlOc>9Ug4_OAZe<{x=Q}Hvabx
z4>tbK4i7f|ZHEUN{||=;8-K{*!N&J<uFGKK``+srKiJU+8-KLJgN+~I@L=Q193E^u
z?^auT0~=rE@L=O7Iy~6;T;m^98UL7lu<4)X@L=QnzE5p@y`v8{{%nT_8-IbrgN<M6
z@L=OFad@!tS2{e{_)j}L*!X{Oc(C#793E^u??hYqfQ`S|;lak=;_zVO?{Ijq@!xiM
zu<^Y6Z1IAP|AE7Ujo<F@VB;Tgc(Cz5b$GDxyB!{E{4X6IZ2U704>tZk93E`^e>yza
z_*WesZ2TV`9&G%Z4i7f|uMQ73{ym2W8~>rhgN-lfmo0y=@kcp4*!ZCi4>q3nm#rSb
z#`k@H+4yotA8dTg;lc2p+&G5^Ge<#|*oOyUoMU454*WJeN*H~7B$s}Hcy#cQTsryU
z(ZNS@>F^8}9ee~G@Hjb7?ld_B9(=qUynBzJpT1c7U7Oe@Ecan%lY17rdiXlI5pvjE
zDu=+Em`!xBg>PZGw>naeu%qOV|Ld@&vPr!77H^sGDRRW?mIL^NfWJ;Yk}ExwBR2b%
z?PPJ-<bL1Eg!>c(JK$0|bbc&nbJV+p5p=*)<k0zt9Pz-vCpRqk9mx}rz=LPVN1t^v
zR=+Kd4)~}*r|%fgc;*2RY=ZHzxmMWHuwIxv!}lG-6a@Sp#}3%|=NukvJo5}@|3zUd
zx4%02GVP1CrP=yL7<`1Zf{&3SZRg1m9R7T{!E*4I$r-;&I2!P`%C~lSm#~%LBf_Tt
zsPJex?DWVX*f+7XQO999{4sLqcgP{=cgUSA2mgT_0uQ$SC(p?{c$$u3lX<OD`Gh^!
z(E;1M%@x8{4vevFzVS9kA8c{mDa;|#u-W0;g^3e>tHXca;qQ0&9S+Zaac2K9VFWv1
z<}<PDwiEsI#meyW`h|}9gk38~J;ML190CuvxF~Z39&G%b!XyKJvz*!afiMDZVrk&q
zBrbde9q@^Ao*Zof$rbi!@r1=k&;ip%344wl0uQ$O`joJ>!)t|+T=ubT?&EZrKSBo|
z$z_Lr10DQQIZuxB1wkJ?Ne=$&aw7x$ko*Y&{=IwzeXy1JpM|jv|E3(5PVD?eZfJnr
zb}q^nEB~qbMR@bE!+Bt3wMh6lIc#1choA$tzNPQH{Yo7}{{=bHgZ@i$C&>}lyK*Ds
z&>5x%V{K-*0LS6`&R2`_?cgJp{t{ur;F}$;EoaGLXN?>}8o<lt;9ry*65!Y6Bj|vw
z{39|rP`}YXPMGwAlfw8o`UK141p$U%B5dWqS{T8;iKRa-A}oiGpaVAh3xzKZe(#Wv
zpaZsRD|L;)gD;h{v<dn==`0c^u2sUN^3mBKZ2j=P!d4~^3nSPBTU~SC%^~=m0@mJs
z=I|ZDv`^ydLRo@7m@<L?wZrSDFIFa#^$Q(*gs@<%i<GdPFP{;%>-hb`2>Rfea-Q4)
zx$*!HR=h-w&JY1Rk7#dJkJPp0i~Zy2$FMU-7$K~Qr8z1hEQgPv13pTQuoLA74o}*T
zmV-ZC4uJ<-IaBWlJed5We}fzX501*g)5n^9@_v25$DA~SE#6Zc9?bcJ9omWE&j^Rb
z5f@_>OWXCrmai`fFABmku0R(%zZFLK4Yv012Vt}MdcdRqmc#$W;r}j-U<YjNr$0s{
z@FrFloG%>4CpbFG<mjj1pO-`6!Nqc<;ZJf1Jb11g{6rbCwlPK6__Y|9pbxgT)avMe
z+2Q}y(Fc!LIMS2r+#z1h7mj0}XZmLUX@`H-;a_lg>caGSr@-u3U0|QOK(G&v%SW$B
z|Ex@+5E692)&{DC2@XG2I3eGYTO!Oo4EP#h1Rd~j`S9$?W?`9su<Ogc!e<0Je-lOs
z3y#Q#%A+DA@L(Hb@Q%qCah}}C!e)PlFyY`&5w^573R^$VI&B1-VCw_F;_%=LbR1iM
z6gK;>3l9>9{l7c<;L`&B<ot9v>{km<2zb_PV-NmQ!es%^nr%32-XUz~+E!tNV_?dP
z@P8Gy^t>ZHQXFAfn{DTNm4j2l9LHTOY+;uP#{&Lq!eocIHVWH#;Jd=sKRh99VV@MX
zeEnS*AuO2dF>wu3gS38oj<AKT6SiyX3Wr}QJUa-RYYj6tKWPnfSjS1jPT5HXcK#`h
zz=KH}daT#A^ppr&dQNuu8N!T{i1#XozgpPNm#+w0yc>jx4*gBSR-U&BpBnJL61MvN
zjW9ymzysuC>rcW~kN*_rJjLc{DO$WUg-z!yVY9geV-h?tJT@<Lc(A2&wZnr+GjUxl
z%(xKzLq|tHeX+imABG!*i3=YIg8A5V7{j1rJ~}hyGI<e3;Lnn?b8{J_1RhM2BW;X*
z5O}chR|*pk{AxLClV1}?;K5~b*m*z>fj6-<SBStCK7tOIYdm4kkwf6YmWB%<CGcPy
z&s+v6$raZO@x+C1W9GAkt*tf*TbZmBMz906I<@N_{HNp?2a?Y9atOSM<&p5ji*NeO
zx4@x)ot)Xnj`24-{8t=)gRt4TTNud|@8#mLg^!>ErhGlQTjVV7w+dUCP+yjY?ZQ@%
z-NFcVz~yq-`J0@jr@suE%_9Vk40MJ<N(c+K>(?lU2OB?4*wS#a@L+}G_gqIGZ0+F;
zVGdz`k;9(_DS-!*UfgGeIRwvm4Eyk36eb>c#v68>>U({+zI3#dO+PMR^_YN^U<Yh{
z;~ByhFKb1t|6k?kgSn@InoXx6!4BB$&lTo4Jo`f$-{A0PIz0QXBj|%oe~GZAr&*Zu
z8N1z%KKRUlugK5F8x^+uos`4R7A}>(CwH;1T?cO#wz$3~{G-5T-}QlJllPk}kLL@U
z&Fh3m1@_y75%LALeBCE(adDkBew(n_{E@>yER0|WZ2CJL9&CK4u-W0-ZTwS?KA2)e
zZ?ABvd{6F8M+eM!4E{Zb2Xl=eY(mEIN!ui0`Z|8s2q)ze_F57kK?ginK03RFtsI^Z
zMh*TcfCPOoHsB99JlM|Pzd1a3q;v^$oUWm!;|Y%o_<CXe`8rJi32}k#db(7YIN_HG
zub0p7KRP_uYb(P8!lgP+yb%SO65y1u*_ka&Qqh^~@bd#6y#|Lr)6qZI;m>#Y7GcsL
zFSJbm>|9<iY~^q-2PJ{$W9$FzoWe)Y0o!%C6;c8ZwlOe$GW|7qVcyBgjk%P@fbTnJ
zZf%J<RRo)0nih7h61Kd2Mws$|rw^PI;QNJ73-H^*^8;LsvILu8E9Y6lQuFyw+NaU3
zt$o)#TX|mV*aw^aFF5wsI()0J<>ku(_LL6piLeR&p0L%?USWjvgU$Z)!j^v4Q5*lV
zu>O4geGcE_@UJ=i8^V^JH-#-<14LHHjwd%B1qo>|v3A0>K*9WLf?bcs=(nXUE_|gN
zcKXf_TbkQ-%+m0k0Hgn1Ij;9$uBT>mhJdxVzSq`ppg&(aLj%mb9Fi;jrQ!*LkDya3
zN1V8n90Cs>B?rGk4zutp<#d|+Jb5*qu@?Ov`q#@@dKhOe4fwa^TU{SbKnXU%v*Z)D
z$>G7o4c~X(;KYFEejmXOnDZzs_d8(@!M`Q|haJWVj3dFPKuXX7Ge&~qx^M0Ca$&na
zqTPBrj_bS5pZe9|&_n!_U=vI^Kt1X3`squqc4cEc?!5?t9j-H0ZWjn6@Ze+RJh@NH
zA@Ja+9Q<8!2t2r44!%PUf$xyBd){9QTe&gDvGLvk;mLA@Et3Lm9lSu;?giEgTfN*Z
z9M*B{ZxOb1J}QjBgQ+j<{M6yW#&<eA*xJ}L4zJ+8Sb3hSU&M`%5EuAlIr!V;5O}cl
zd*2bZKAf=+f)3cu_n!$9HGGHM(Q>5!Kjel5_;vXRIwqF3jUq?`zS-F%oRGuL6LPfy
z9v}sDvBNc`Ea0nzM+LY+7(oYY<#x8igR68L`!_l~*y`>PVGd!3da?Rq&JBUL`8U$U
z{2Kxfre5Ito_Dle;ypnJZQM9jnBas>3Ks@CoP+xF`I!#Sx^C+;PY<vsz4^jcFXss(
z*fg;+Um$|R_y{^+E2{=b2|U<rHbY8s*-VPZCjMwSPp(A{4*iSeB69HbjR-v0&Z!%P
ztsHI=wzl*wVY9Q@(eK+Pt<U_cW9J>=iXi;)GH&H|f^fBX(!;zrLVCcIKk+Sbc(9ev
zGKU8nf2qTRQ?h}5#wSGqeq0#a#ML2eWy|@iKcA;vO%C)6q-=bl@T1}h&)ydZcEI#y
zQ0FOwrhmRL{UrQahhHbGKcBx*pj6nC+X^YcCfLTwKXiC7y0~YAEv{#UX9RpCUqFH#
zFxP9+aJ(?4;7<@v$;Zw`!W@Th4s`g<y;!+?biOETaeYbH(#CwL@tcINl`dhAQl%Il
z5w`2j2~?KEPlGV&LBCYku4|_XTiBVx`t#Fp8bCr=aHV|Gw#wnb{DfaEV0P9B6A$ic
zVLSJkYo#AX|ChoD_Q5md!yl;zd3t~wXq*ysz}Ckub9nGb9VhIUh3%gGJHl3;?A2g>
z`}4w<&R+@Z&rj#e0%2j|+86NH>~Z+l9R3Z5=Uz;Iej0im-u7g`&i`gl2K3pJ0U<qL
z?32DB4iC0?i-kFk{;>|vo(#s9I(&u0M;(5w!;cSm!cTGdq@#a|!_Rc|YaPDM(O>BB
ziyZw%hvz=j@^zswLcYLO4i`H-*!W9@Ex)TAevQL3k8SopCv4~G^};789>RZ1c$|Ds
z?w7&{X)v+t3u7nr@vU8P{j~N*8#JDF%DIV6`aA@iU`_}4>2e4>7(3WMO%BPG2Ig4N
z!9P<DJ3HhoUq2RJ81Vf_j08JiuHEPlad_~6faf}5{d3=WyhVY|7U|fz`Jgaq!Tyhh
zZLIjJ@B@K9?^RU=n02i;2DnBEo)_Q^Bwm6Yu-X5%uuS><7GXR0pAe?*$jht32w}li
z*L|O78UL1aEX{v$^m(>r{JR0q?|(XcC_mfw3WX8k1xw9O58o)Xa+vJsfbF@)Jcq{y
zVr{Hkn0WCm?<0k+?j{H$#0$3T?<`@{pDk>0oh$qWIZy5-Iji46C`+&dK2JV6mk663
zuJy|Tp6fVyM88{@cu6PsT&3~}n=b+%S0Owkz*B?~!h)^+pDe84K0ia)&g+z;54LOE
zVu!~bV&zsZ%wc?lxWG0xy8u!G54Q5TO4!nHwXogSY!b#E`nSs2{Tl7s%7OC^9Z&8d
zxhVmDLq0-SFgmyca!cgU=U%=kz*~ha4c`%1As+pR{@oeq+$Ri&P3BV0md|fLG4kNS
zl$9sfcm1>V8&^ul;`)?ui*&Kmcb=Jk4gL-3fUy}?yL~*s9Znkt+d2EZu-X5Wu+{ZT
z!Z!tBFBJKW0RIgI3F!yZR}im9W01gu=gR+oyuA;cRaLqFe}*BY4(2o-jgs_;lTJp6
zG8!7y00Ry=;sm3Tp)<qGz@Wp-I5Q|385$`mB_?&L$WX~hxkbiJGAc?cD!P$!i(6Dw
zlvGq!UgLVHzMs#tKI@!k)|@f#@AdtC*K77!@8{Xide+~)_CD+Ey@&cPFk|Yw!DmYU
zL2x|oz6y?I_!`*C4m+OHry-`yb7GtLz2Ioi-#Sl}{^MX&-}1U2%zT-4BRDVK39b?!
z0>^W~U%(73Cz;h`+9OU+Mv=_#-@)`xdwxXyG2o~lB|ZJT)afgn{v@X#BR$if;`DiE
ze}>anJN*PO10!-QPmR-)qy9ptCr5p))03%Z`DcP-z3QEQw$nFCPrJ*(42;OpKi7vD
z7{#?>+H<Wq`fr#0IOwl&`Y!2d*9VS$y;My5W#D*Re;Ul7$T-eFlOfShjA_Gjdb~!x
z9LzvHInIp>sYIZj9QD^zi9kI$`r*99Ks`CmOaDqG0`=tB&YuIvvCTOu>K_Bg`hH2w
z`tHD1`0fT~pwAd$eOWiwH^#K#_oNBf=;s=2+)sTMwm65Zbo$%Cv0nFs8E8+Y4{kfL
z@p~5e32gEB`U#kU_T+ec{ensa>d7OpG3`NYG3_70477<M)~f>wreVzMJf>ZaZJL<#
zANMou4s5age+-U#mZusU)4qs}k3f6!>4>SXc6xHm>&;;9qJ1qOCwsngpj(`-mBqUA
zzWUgw-v*y6`=j7^-aiM0e3kUG!T7VhxE31wh|kM2ungolSMzxs?xMa78O3u=B{=GH
z;G3|29JcqfFbK3K$M*j)m^#|r2j-MW-UN<*9s<8w`t<vFJVp+{hJn7waV#BmdU71k
z*^$Mz<@fiwNXPv6JsnMCep<lSfmt5DH!}9`VK4*pBFFF4{65Y=J(<TBeZI`;$t(l)
zdGIvE^uGYiqB1S-Q;Pj^E10&_uLRR4?eB2<)lUBbr(f&zA94EiPJh4CZ*=;HoPM*@
zKjQRT!6%_CET8|46{3ZB9K8t=Z5T7KF67g(u`aFH7^o-nT8;WgurVF=oUh^-{<YH|
z0-ueI_Af`r#l9N@i1W`(DiP?19LE6fJ&4Cz7dW2lZvn?^n6+RArX`<(m}TN~3fx6K
zzx!~!QSaBN$x)v^8yofhK2LJgpH628^iPiZH#<E!>it?M`3$6^=`Hv;4e>Z^_k&}Z
z9{}f}LuCIu6_MrjI22Q)=P}N}GLU0lC%a>c9QEn{-;CGWb+Czj(FbO7`dlg=2VMq_
zbI5za@wn#vz(9L)9RKO}L7LIe1J0gYDgD1WJyaIr_@of|GBB&nn1T6{W4><(b3gT0
zVSA(Gk0_>oJ+=mHEYBfq4Ahf(yioslY|#%ph5jiY1CDy$s}u80zoRXZ{ZiO4&_9{=
zWqRH-!(G&`0>pF2dMXj9k0I7Qp1&D0(1sl6<f&95P*3JGI1bwkZ1Fgn4`vp$Vf*kn
zVtIP8v8`y&YmzzQe;|(bguL{5a6BH*qX7balIepRf8*dT>gNGsoA7r-=1Kim!SQ(K
zn)6xEG3|3;2HKG0czX#Fa;Q*$9Jm@W?au=<P*0`}_33XJP?-&X*Qk+AA2{~=D)4Kh
z=d-}Ej^6;|&(iJ!Op?w2IQ`$iabBu$<Cz@or-NBFmXpWb>*ePiPQM(?{o}B$1T#=3
zzY;OB$=nNOO#KG%<%nsYu8qXDJr;u@<~s@;$J<yA5(N4oNBh@0J(<Oz{|Vrj??k7c
z1dje|z&Q1o-34F<`X|#5(@$}Fay*XGd!k~#7r`d_ua`aj%yxdr)Q!W|2tH1Hm9v4$
zLOiA@MCKgG^o*;q(GS~|WnlT=hArxE0W(lfJ|7$HAH~K%JvsL8AHdPipTK8hqkSHg
zierq&PAu~@aO{h>f*I&DhFE5fRhF4C18vB+VWa=gV2k-a0*>>~PH-L@Z4P3K#~tS}
z`lBDNH^zDIBv%G9&jqwQ)9E2vh-G^TB-+H7dGVaXP^vDopr<`!2HKEg`&>;W0`=ta
z*y!^PYz)+s<9X_%U>1*h&iV10_LEM(2^_B*9|tpk+J7BeyvF_sn1Ooo8Q7RF*J-2w
zkpSwrok1l6?a6U$j|azj^=5E2_S61BFu#kEdA~%Qhff|+^gkB-a@kCB`WkTbe<66g
zY@P)(ungpJh`I59UNBHkZbD2w-yzSoCi7ez=i9G4doqt}+I-vT$?<qkum9ut`GK=1
z$NBcK)5EQWIDSrpGy)srmDrf?C$KTF{N%H+QU5(`XgbsHLCkd2KY{IBG5d&tY00le
zOq;X8w5R?YaJ%#$boS&|NdIZ4C&#+;I+KBZ$njYFy3?BhK4Kjy|3Bvm{WmTdXkCz*
z&_B=@;?78Y9bK&xx)u*~^tE<PnBLjZcJ1_~eb;x)YR^m<w5zeNr>&#Ezp<mEZ+b`H
zfLUJLabse2Lr>SjxpN!lbhLFWzP=;bIk&ZY@xYBCkHx*69eqt5%LWpg`quu=sa=bD
zntGaU?0p^wm-H`ECTT&Zo9j6p*DYP#*U_K2pW87|x_UGFIy&n5ukD!Hw<t}+UDK8>
z?rKM#!|a~hHf+kdZPyQ%sC0Ihcl0e@c;nm-bVA?UrRbQX3Uzbqo2?D!qB|D%bPwsN
zi~4$QxOC}2@6v&3OBXKe=u6U1ZEr`*_4KvZceJ(-*?UDFa-2Kktw|#EX>;e2*0w}F
zr(<b<$Iwx5QO7`iYj^wH&em%?O6I~Q<$#K#sYDB1(%OG*V{3c+;_gLBrrdMMkfI>Z
z=c!g*M_b>Gy#sYUiLcPFb>|JEZst%A9a73-ZvE6!>Y0nX7x#B|qyy9PLXzQ~&gd>(
zO6ill(2>vI$}pJO*SaY5Ksu_K+6F+nV-^llcK7swWl4t8&gtmyS=!gu!A?vps4AV7
zd%}@fD!;I2Zf{3hsl9d-l-e=xyondgZe3EU6vOOd<+!Uvxl5?$^taAkyr?@dhPLF8
z2+Cp8U<eL%gq}^5Guqlp<OyxbJZat8+Sk!O7X!Q_olLR!5*&g<575}h!?r9taqi;w
zv}G}UTK6{1OG?e|<zVc$LmqSZkeQcR{&Nd>FX4G=UtjBu=>TAsLu)p*tE;DNs9MG|
zmbG=Zb}ve+Ro4@yTcjJtqM_#o4Ev_VONLCCJYj{|c24UJN!g40O6-``jTt)8&+Y76
z+<ooyOy0r3l9rs@**pLI_)Kyg)Oj&=+T3$Hy4ypRLnbz!aE31uCT81N*E-OeWNfFg
zsn@qI?rL4o)iHPRO=-tm(mK%AS=Y0qb#Zrz<J^+Z?CG1@HNd@TiG%m&*;n7wZwb><
z_4M9|gSDr<qrIu8#H?Tk&*DXm*G|U;)$?5=HMaKkr!}hU8RqPOv4v9|&Uht{^Pn7h
z*0Xa8Pf{FeLs}r5-Ef)EI%LSRJDG0r!o_W^IO7kr4lGR@P#1H}Gv>@`?(1mn@9A#t
z=<Dn0YsR(X(9<&Jh8f&Dx71Dyf-uLI>Zn0GXLaLJw7az{Y1+Xyt=;KRie+8YG0@y*
zSAfmk7!%ElOS>D^e5mI_&Nf-j?CV)lVkq*u(sFHB+@BuQjf>l^W%poO=ap?zvAQ1D
z4ZLdY7~)`h&yrru@g*ngFq#V20kgUn4$WX{7dkr0*81P(!cguKyN4O5$;c^PWEz#q
zwyr0P<ms(lT?<;<u1&H{zGS2Wa!^|(N$Yy1_V#vhFyorI#9X5*z#*yXJ8;G*U5P>2
zl{`XV(Y3gvdtmqz#~>di5A873H1;jN9>?L(GnX~DWnv{w%5QTV-13V+x(lPGs{@C&
zeUm7aIG*-O?Nc{d#y0R0@5N#bUw0fi#cE;nmzdy_!Bnz=Xfu2zihGAIh@D1C)q=-O
zS4UG<KhAnfm-KSzB=w9vT&j)gdJ4xKz8aSJzB<?-@vN~vr=zzk{T8inwk1Y!v9?yA
zx}I*FVB)v;IH{rCFKJyCz775JHcyJh974te_U*jgPTLFmaV%0XVOGDsji9YAMQce}
zH_+8TyJui-+d%InICILW?F<7v%zj=EKd>CC$6Q*scu{d0G$(9bPNIVxw6&qC#Y4sn
zp~2VJS@<T^u>?n^w?|eyX{XoHmQ4H7YkS)lW=P~dV_EO4%e_Z*FsF|&YzI#wA?48Z
zl)fIeXu8r8lsK=RGoi+3kW7enxF;1>uWQUGv2rQ7FVy#W)?&<njXh)`CQUkY6-F7m
zrJkWSp=nAj)5OLpwJ+qIuHTrJ7qH3VO+g>7fd;MI6!s;{Hcs!?Y>Mi^3pS<?T|acS
z#&!<7RAYOGS*Njm_;y}mHN$o#D>SC#WxrdVF<r7YV>%ohg(+*$!i?=@GY+#VWBZ3L
z$rRMZE7O?IaK+boxUdpq_Mwvs%P@m<Lzhd6yNe4jMO|{)QruB;>BV+yMjKovDgDtn
z?23zdDY@Jd_Y7WZG3~7WriQuR{jC0}0}Z&&9)SM(bDGb6o_&+z#H+=cOF9NRd*Xsq
z@IGW2$JF-qeE=tiA!|6cn?pb*E{8Ay#;dV{VF@+A8wIsr%qbR#>zVySFNPC?K^2F`
zWHF~ufKqyvz<p^OWb6G7UZ*j$l9RvY_CYH_(Hdhpafw0WHC&!4E+AR5l4l><4PC~G
z_Jh}OOdC)2)0^fs&+6AzR^zoeb^7e>n<`gwtl3NMDX#IDUpTPtFD&qwcF+O=d#~_K
z({?i(PAfwfe+s+d)MrnJgBEoP*(4{oWI4y1B`Y<yD_+qKy%e<FLsxN3%^IakILQuQ
zc$)jg8#5ht<;LwDx<(RqmR_^5eL5a}_JcYj9>;@@O<uw!OEu=K^g2!0HFS~2^kEI9
z#0rh=ExkNbOgMCHrnoOzv?=aLR%ODDVU}cUr;YMK>oKNIE}i^hjO`z?5@XuZ%P_Vp
z%mm4quJi(o*_T*-F+ID-ediza#nKGo!TtQ}E`u-e{>dVZGA^+~V|#F25N2&H&y-NQ
zFA_udCW|&D42tV2wlh|7(ep3YJil$?vrq|}?vjNX^Hge;#&(omqOo0rzQC8d#4oWp
zV+rG|h>88$4!162J4-Ix*dAO(G-6?-!>>#Z-jVvk%7<IvF<TpAom}Y--RkEL?kjbT
zlnl!fRi(v{tcF?9v0@~LV4S2ha);S#DF?N>Fa2=KJRw#1m2a@UeM2izn?YF&JqY6$
z|6xuggHnf?VNkZVeq3Dr@cXQxhpgyW1xhUE1pTmUIclw;>m#-!6fCS!`SlOmSuDpe
zb;JQxtO2fL(kUPrF+*E{2E&xBxNDfqhpgFHnR%H}dcj5w5$ft!YqX>Ay=U-JjmF~O
zl^VB{QzEtROO0W_h%<O}`#t7M-_zaNj;V|7;TCr6#|7IR=Sy@+simEQ3wK`e#iV!T
z7*-mZn-?zaZfkC?I;UpR<a1y;RDC{w6d$5K=e+YvsLwlR^6N{eYtFfVYTjWYPi@7e
zdCmsGedE+Re%C1o#qwZL>6}S*JvVeO>chPX1)F|b(kzH=b}(fowDl|rOFqj6I=cH?
zCoC>5hGXFht7J&QvOwtV>){Qs&lk!wd|g8^lxI#!<Wm#*v_w8Vkzbw2@m9K!M|p;?
zOD=};!t0;oe!g;~7|QK7CNJ|=reY|!*9d!=w;L8idEsBs2VJ?nX58<;FtO)rkcy!^
z^QJ_uO=RBESPbQvx<sCt$n}Z*mPF=bnZ;0^nVraui5y?c64I1s_?S*HlxHqaWZtq|
z4CRGabOc>_W`45&>O^iy<OPY`p2!OmxigXZh;K2J+iTRl+@0+2P2|2r9!TWt6M0!8
z-;~J96Zz&uUXjSRCi2QezAce?TYNE;XYNSkI}`bRiF{Wg-<`-GNaXk^NyxK2^Pyz_
zx<vj+BF9_zWBPlO{TmYb{zTrG$h<AI7|Ju768WJ--kiwsHpN(;Ey;d9B2x_InXQTZ
z`9$89$d4uR_C)@2BJW7#uO;%%ME*u1?@HuvC-Uw@{`W-QlgLjb^4>)LK_c%<<R2yS
z{zU$1A|FWPUnKIuME-RmA4=rkCi3A#{zD=^oydPq<YyB3*+f2)$j>G6(M0}xBHKN-
zg#lNd8NqvQ3!&UzNl*}R(>h-@R1D>rQHlKGM9wBM9}g*p^33sx{IWzoA(2l^<d-M%
zD-xNvYZn8q7ZUl@M9wGjxJ0f>WWJ`M7|QK+_+I8~b&H`qGd_{|n*3rY&rD3@`1;*o
zQ=Z|i<;75LuY>S1AFU~d@(gc3FNX3AUlUObxIRea+C-j~$b2nkF_ahnt#r_pXX=yv
zZ%JgnimVuLeUQj}jJ6ocGjkHTDUmNv<avpFWg^c{<f{|8C6N~-a(f~#Oytf)z9x~o
z61h8(dlUJ(MCM~r#ZaE<Pvn6_UYf`^B=WLEj;}5ad6Z{vO7_1akq1pDm>=}yfQndd
zx8eKp^0ByLD7V*jd6|!c6hpZ^dgEn2ep3wP_E?FR`KVVhl-pw}UgqN(#ZYdK4|ti6
zofHG+i=qH3x5t)?s&ab_!po-@1+#y3BA=PauSsM+{!k3%_BszQpIsC{<@O4jq6*(9
zih}JwFOm7^Q!$j=D>J?PhN1u}x5r+Js&e}m1zw(76wH2lBF{+VixN3LRut6b_DZ9o
zNqON_gmM3+#hsw?!s}|{{<+Ei%M$sDMCRjT#ZYdq@$vFiMFCV^_?Lx2U0!$$JIZZ|
zeMcfMO60|fd~G5xN#veHzAlmb6M1PO-;l^RCh|KH`JIW(S0NQcdFGa)04mSCJCWa$
z$hRl*dlUK2M1Ef)-<8OBC-Oas{J}*2mqh+>B7ZcIKbFWJPvrX&`GG|KL?VAOkw2Bl
z4=3`!Ch}(z`Ll`qxkUcAM1C}pzmUjZOyn;m@>df1tBL%0B7Z%RznRG2O62b(@^=&Y
zdx`x0M1C@n|09uqn8^Q`$UjcxpCt0n68Yze{L4iCRU$u?$iGSC-zD<z6Zwyc{HH|z
zOCtYQBL6j!|2vWYCz1b_$p1*>vNEs0`9G24>sx|VdFI$;|BDkjo5;r{^6`oMvP3>1
zkxxwIlM;DMBEK?`Pfp~qiM%|y9(rdY-<-%RMtBE&pz}D_fRtaJ$YT?k4_C%O`*Wgz
zm@*$)je+u;qkx$5%tXE<kryO#Zz8`lk^Kx#|7(-|_b0NS!D#Pi9LnEF?Dr<JKcZ;w
zj{wRU*T9rVC9>~v?)NLgl;c1216q64B<cCm`50(FBavq(a#JFAB(h%-q`!A0`&TFO
z#}fGyk~vN)@!IN#CG({#m6_Yh;tEie$*an~tNkaNd`FpIAz}W%N&NpsGH2?_%$;Tb
zNcQt3doeJ5{6@S1T$y=ang0gL{r(#zW&aJ0vj2ud`MvUgFSs&uSJ?-X{O(U=z91q7
zrvI{Ja%JZ3vTsX%qsbpA`$1y=bIE++KqX#Z^C!uCNW2p3kH?k+5V+D)nORrHmp3si
z!d992NZF~9uQhpn*?7scVHsvfo@e{-Et@U*UrgRmc12>}F8M>Y|Nb&Q6dnWp-I~aE
zCo*69!tj1<mH2nUpGx+BHIes8e$MP4Ec>-&UP)DAz4P~pJzr`V1Ixn~I5Y6dsxtFX
zSyi$>zI=i<w7*3AL;W|GU6$Bio5;&0Z#Ms*F1sz+e{UjxR`LU8zoqP}$^M@uGXGf~
z!+qE)@yeoqB>P|bBHL{rEdLpae1YUwS^BMIO_Kj?^5@IiB+oT@TUoE<v(T=U_&3e(
zkc{2dK73JC49t%&sA8CftrGukmH!kd2JVml0O)<-%FLI`;!CDz!~H*&{qJo2?kM|Z
zlKxMUZ?yDZD?6I(KZb7)K$wlKGPASnrIL9iR*8R4`Etn@o4l*+Ovw-}|JNq+)I`2K
zk*`kV>m>7KDV6wF*6&RA-zvG)_Wyg?nq>b5$!)fOPuatgJ4}9}?B66$HF<9tUx>}X
z^IRof;m?;}GrZo~Z(rH(BvZ%seKwI_dMx*Z!2PF6J{w$_`BB-Kl6hfJnb}{)mqau0
zyjF=<Ph6a&zfv;Ki<S5{s(gua4D`>JH#3CtA1r%Mvi}~*2Vql*fAjHx<S@Vew(PT#
zud@Az%f1r#V;ofCU$TB*GV@@5`x5!*lEeJ^blLBd{eMg3<N0O=1^RoH<VtIgXUh0e
zO@<BFD)H}LCnxrN`6a{c*edZ_qIt>wg^A36S{MWKdynKbnCB}qN6S8t?Ej?XGhthq
z`Fq)yBwt|1Yi7hx68k?&ezn<;9PxL_Xg;JrX2fwX1|V=+sl@tuUUIX^FCKBe<S;(7
zBkCmwf5(kjJV-u%#BGw7Tl$xc_?Tpf)<2(+%=36<=7bTSOZGpO$X}KG3-fp4i0>!+
z4@l;9Xl3T)5r38(=8IR2IOZkHIlR21GIQ#PoMc{SR%Y@e#!03P+y6Yt{3X6JQ#E3y
z<m*g6W5nFVzB!Svk^DomuO4xWWM0QrX3iRMr)2(v%1ZoO+Vx5L2NL<=ME-0de>0K)
zGm-z8$p0gm*S(ckzdtU^nuoypS0(Zr61hS0RaT$c5mzPqmq_M6&Z)%J)jK8gMS7K)
zx)FCsK7_m~v0i^~l74d{KPvg{=C6Ll*Cn@F`nQbup=7@3y%PUg<o8MX_%@*#W<Ptx
ziSg}1kXhfeBwvgJpc4N=s8%vxPF;!h{zl1sS!`vdX~aUw-!p%gkGM|qA5ES&;yscf
zn*TMDdETqU)#bgC`NFBn%z_aQOMa`h&%zOpCh5N=nRk9v;`N<Bk<6$vbIpinCG#aY
zm6@&)$LI^(*UcX5`Bz-pFq1cEUo!WiOmp+nB|Yu^izj6k;&$r7t{JnNX3WVf=~&XX
zq&Kq!&sp}gnbdn@rtO^b2YOmFZIjMrH0Yk9HoZXLhPGzjxOhqXdCeWmGLS%*_2QAG
z4hgt*5D({u9lRBpXm{Xtwkic~cr2!XP)I>m3dXqI9`}C5^g)t~j<&XDs}!7*7o$kr
z)pl;pK+mLeGfW;HE3-RkGi|sls{h)Hngk6^GtfF}9JE9~Zi|m5GYU4D)`6aL&S(Bp
zJNl<DXw#D^s@rtja!f>_4ef4TJSkYXb+V8yJ}6?%dTvc7Jl8SgVU9#GDPyh1z6{T9
z%viFZgAe`Ki*roiU0Ve!zK#P~TIVdq{a%Ic<1Js8;8xg09euMqZeT0v0giZYxV3p`
zvA$BNY=0aKd~~9DZquc6W~c+g3w@eRKYQvWQZtRRVW}E=+OEAMl&Y=yvhG15O~XEx
zJ=~AlZ#@_}w4@cIXcC?uu{Ij=&`42h%~N;`gf0p~tkKlDv(IV1blO{HOm7NRVrp7h
z846IiA3Z)864T?BJE_zKl=x5uAMA+7W5bN8m(R#xk8Xk-oLIMEh8|S%pqtg*wHS|Z
z20_`-4WBF->;sx&{<<wwBUVn3jE|oTP6mxjwsZlWkdEV(51p_ME`d}^!6UC97R{Y_
z;vs{5Ln~KMx+K@z3ycbhZ~ztGPm<*2b~y+Arf%*JuQWjx@c|eN6qacbZW`}d+@2I1
zbIC;=-OkMt+;`o4ZO4r^r)U_LcwWW^6Z<nfBvTOiWQ=<pCYGEY7Gj)b@UUig8|DZO
zy7cK66cp7y_q_89gSv!;<z!YYq4JH#_?+%V)H1yul)=LkZ5>y3^!1pMGiTx97+OJ5
zcp?UGlAs^9)#4?+J$(bs%Pu&7lC?uyGap~Um=2HF+AX~>rIJZ7Ho`Nx-FP2FUq{A2
zF*AU-pJZrQd{(AVPfhs6y=EAmk}2_M%+S}E@Q4~TVZk-4g?1?P^JU##J*_t3_oKG`
z1^u*HmxeB30yrAnCDCg?dec1@6OY_!m(84s^JV&M49*%$dhiCb5)Z&MH@6MoY2@bK
zfxhPEO!^E=ND$vTVp8FW7M@6O%(^#=U=Ve6bcdd-!@Ff{6zEwNvaC7BXY2_U(j45x
zI>6VfP3^*KIofaJQH-?iftK_smgzm+{R6Gt1A3E0CVgrJjg9j>MnxP47`=lfjOC~p
z^jr&4&Y68tGmbpGKyIL88m>03wT5<gBJ1Y*cmxgiSPNVs3;zxg9DZKJ-f+qYPpJ$R
zZ6ps;6&^|%tmRW9u_%j%d;DZr1Ewzc8~mV&O$fN=8vK+Av~8VzoGtK|Ngp&R*cMNB
zg&WoFIgfC;F<3YF5s`vq_HkIFkuROo+%RkQjL;jM?qLuf2ZhTRlz<15z3d6D^isLB
z3*++>Od1{m8S?Z-FWw0=urPy{8sQyFeHr+gK9y4nPD_n;-a$5DI7_SZP@IA=&zG>{
z9M;bl0}XxfL%s_y&L}#kt5nT%2rd%wav5Fe2J@m_oH2363pui`{&9jq4`=X5O5d)5
z0~kjot`Ti^3Q|D5Un)G75YD3hp^RcqFfYvFs2^+Jv8*tIbL15ZjKe;*U1+6H?&h}E
zuC}!QbmnG8{(+35>@#+cUU1;0&s(4nag@Y|WJ1LTJq+QWbBIS%cgLchfyMkTQOvmb
zxI?sp|H02VSo2`s)4Pf+u|3VeuVtCCms%9~_`qEMC=+vuBr?BVm0f}_QwaRN7@6yR
zk-0D0n;*W_6T#b49%SS5(vLJl^3r$N=gmuHGyi;JD#G*DMfqCU#O7bj7uv>h@;98w
zdB@d`$2+cZ%-{WD+9{6f95*;_bll{aze_|v^BuQ4?sVMic)&5&qoSXcj#oKe?Rbsj
zb&l6N-auCSZ*;uL@n*+c9B*~J&GB}}I~?zHyvy-!$9o*_b-d5<e#ZwKA9Q@k@nOeL
zJATIT5ywXz^S95~J|i9TH_)gb?YP2m&M{nO%Es{XpNwtURKPCwb&jk);_k>}9RmyY
zBUAmQD2PH?2{!xxkNQ!}%cs>bXg<YeBOXnA@sK)7Z*>$~9mRQ<w#sp}<MECsI<9d%
z*>RoYdU9iEs|K>#ypgP%2%4OJp5yt>rp4*o9d|mLE~oExJm74WIsJ0SE1b<rr(flG
zwX<2{^lKfjb2jUpeuHCRri=@F3bF4-Qa>l?N0HT5qseoFzJlz>hWp{ZjENA;&t=Y!
znET3ftCiVor6#;|y6o~`Z+Xe5<#l?n$ssD^e`P=zL!KAd#*#Si^i__l9gio!Eu@|3
z^fitrJD%d~YspuJv~}dS2d*d258U9m(Q%XGd5-6kxoC~hf-U-Kciic?i!A$I^3@?N
zFjLkX*xI%wFuSCzHL$hq0%zamSbb_~+g)1U*SaagY!<q-ivpXz)1~Eqc|@>$uL*2@
zDtqpWW6x~<$sA&R?dJ`R$twD}Hu$%`*0>!{z1aF%Y<(@Zz83rPSY5hYUA)b3V_3(I
z)n$pRug0g1VeybLtTCBqnKjO>Ub44(iLG8@tC!MRy)-_pUcT@CZ<SejSzoA}R%Vsw
zdCTmNJC)PQ{J$+{w`*G+ch<IIYg@6EQ^$*yQ^%~8Q#RJNVryHmwXM=xId!ZJY1^Jq
z9vd@sfMCZRZ;nwIcHZ-2=7rQt<*|CHE_vh;=Z)vBm(p6jRF@&`uj9+=qMNR)E`I!b
z8|lr)-DFqBA0`#b#sx5+lcE-79!~H5UmyIK{~H3^@g<uIxGU3~V`JdPU}IxIWwW-r
zDd_XG_jS?Ov$BaTujMW;vE?PUyx!^Zx;e1r^)8o}d|JPV*#dFivwT$-%U5i5ye0Ut
zd{t)4S2w>|9p%&Vz18I_d&^h$)y((Z!N$h9(%N|NZE{<%v9gJ+Y_hkq`MRk6htx|x
zE$yn{(`;mK{>5hF{m8%Bh=-J6we#uQQ2AOp<<r{mj$m(XD7Nz4>FO&Ul9wL?Dv$XQ
z59tf(^T;4xFIivQHMGoDM_r>@zIO*3EB^-qTlw#K0ck(z(thX#r1kCQ$DYbFWbCPI
zR$uwIv8U@vtFIq>FQm*Lc4hv^3n;U1tMxAJ$NraTKkm|Q_+O^I-=%%vf0<VI_E`Vw
z##C$P2ZJ9QS1+X9Hn}o<%9Y`v7vN{Oet)m?BewFWPp#h{4mQ^B())h5dTkCi82%;a
zI&W{s#b<(jHSIO;jVH_hM6%|$8uFH4KbfrSz$s)M@3mxK23>F1v8HpM9czySKUQWP
zvq(C)%%2T5X7A6}Dx3A4^0l_|-&1sswzk?D{8$-SX#~qxePMpY*3M!}E6yWLtfRHt
z`+`qvH?@Pc+sdG~cDp^WwVTRs?WXb%X*b!_F)!KFlRq8&G>~P}=xmzEpAR<koPIv}
zb3qR*^p~}R+T7Y!Y;CeF*jt<Ue(~RN^u5NXHUDZW^RM!ojqf{sKQjONPGo)e1y@ex
zJEWZ6#^>edC4C>Ux@>oKQ6E`ex+li^`mtbRea)NL5c1f{bc|P#zZ7h$$?|V~E&tZn
z@^5`D|JK*?Z+$KQwa$N?^IuQy4|!Q%;~pLc>uVMqp$S_ogY~uA*7{myXrYa`-Ek-R
z%fWvaS!sL8UkUmFr(Z^vpXKDW!Da<neX){!U(l~|`qgCBWer(*ttIOo)OF+?A?<py
z+H(V0=e3PwjfYK6znL78X10*;3Bpz~|KlOTHf&{Ilo9!Bj^_s+Nxi;9jUubeqscq}
zAKLrz?2jFP3=U_bKC&`<`}epyJ{s8Ss5UYCZwGw^>#MXm$79HvhsQd7o~*f|iu|46
zr<$y>F`m3D=qHlD8MubLJMd)3Q^-nN>$uKwJz3>!aNJ0KfA9&+l&uJC{rj!JR(Ib%
zDx29zZ#Js$^R|!L)7nR6w)PR{Sq8DSkJ#ErZDsAFe64+a*?eD%tvq7uFO3uHFR_(p
zPpGezM|vxd+8;$5e4dq0tGnziFCDW(^3r&-yoM|D_g$Mm5!igbjJXf~EzHWVGIQUc
z?`SHImF+a{4WVpr@JVTq{cv@WAFIoM{QsPGaVVqJw?w|azkK;kuj?yo+y4yZw0=~Z
z=UHF%i;XMkZCoksc-knfjVsyIxU`eW(%W$-u66o4vgYJ^r*CljMyGEgt8DX}e!kPU
zIDI?$N1=|LPTxhApI)-saKP!8IsJ07#^DOG>avn7KdYR6wbQS0`n68K&gs`X{RXE8
zX3BJb`AD+6w>mz!X8Iq8I*y{vPXdo7|1>bL<QT4?zA@P3$T}yEA*)TslJ9YTs-Zxz
zd|wlopM#E(1Hs<PBR^K2p9j6=E4H-140`i<(53AUY-xYx(!MU_Yh|7o*!<|&G(Y}0
z6`LQ`*UF%>nV;Fg|B$+?fAh$o?5SW=Mb;V@n<I|l@nnq+7AtZM`RgI=Wb(QAK$wCp
zwrwq$4<#xLYEPBf+SB*N3#qSctiEEauh{A<w!RkUQI1#!tFQD{U$NC!Z1ojeeZ^K^
zvDH^x>-^U_u6NwvxY2Qw<9UwfJ8p5@?zq!&m*ZZ?1CEzDUha5><CTtAIbQ8}jpMbB
z*EwGAc!T4OjyE~p?0Adgt&X=j-tKsZ<DHIoIo|DfkK?_L_c`A0_<-Ysjt@CL?D%QN
z&p1Bf_^9Iy4yQOiM>-zmc(mgR$2rGi9FKLJcU<MT+VObD6CKw$p6qyv<66gcj_Vya
zIOY@(>)Yg*UoE1ZUpXSTIBs{`>A1^ruj2v7%N#Fvyu$HH$EzH#cD%;%TF2`guXnt`
z@kYm+9B+2K#qn0h+Z=Cqyu<NM$GaTwcD%>&UdQ_!?{|E_@j=Ij93OW4wBu(SA8~xt
zaR$!|m0gbm0%0Wix7evr_M5;XA;<MJ?kfA73>=%y?_FBW&!(6CDB63QKREk8I+neq
z)%BsJ{Y$VJo%->4iOpVY_VQW5w9@Ask8wQKah|L)SCMtDuO_QJ;~h^V|5qqy4O!)%
zOy<Brm_p`2L#V|T{nU}=zn=VTuxW7I=(vf@14W^1Ah5Mte_(3|t<TUb*4=D;TQvrI
zYb&L-w$eJ1wbfsPjkT5Z)>h&?{XZORhO|{s+dsCC*DB9jo>RG3>z`^9D-Q=U!jSUF
zhWq09v^xGi*jqcO&CN!2_w8VHm)`Oc`>~Oy|1I=@XAZHI@nAx*@t`u;co0vdjo8M+
z--5l3hk)U?VC7|HklxDhWDu;rx>mIE$i~|L*FnfLFO|p2_B|O<zYQM<R^LYhTbuZN
zecd%4EMHC%2$rwPWBE=Be)5RQ&JJw(syx;vWg)G#iOObeqOw_=+~dlrGFUmqR?gwZ
zr;=JZRW>W<d7(U3&VJWEO@XbPa|2sBrMGg*r<GIJ?N(0NPiB2p$0=ler>iCF`n-;;
z`qq<G-v;tMAp@(I>S+Bgn<4$K@>so;uhmQAA@B0CddZJ(L-Vh?n18Xgo62wgr8oc5
zn}4zS?{w`ZwsuqdSi8M1*jT&q<c47Frend{P3vH_*caQ-+D&;`yNRvc%EMTquR-$|
zU&?`CbyRy=9mQ5hvDHy*brk23KKiseN^fIBZ1oaby~I{8vDHgl>wH?hq_=vB8=cKO
z$1RTA9d|nJbv)pBnd9Y-S2$it)-kn;tbSijR-dkM`n68Kj;wpb)|1tz8=QV4`9-0>
zHj(wp+s$OzZy_t+t>kWeAZ)`{)*i;pcCz$4$QAfN*oiIr+2wdQS!*?W$QqM-oy|V-
zv7v1Ho&JF1gN_f8*)Rx)vBk1IO;%l=A*-B6oc^fe460P7F+7s2w4)r4c3k1?b7UPy
zW1P)c$9cz9j;kGyC#wt-$v?mcLXESTOxD`t6sNBx>vy6$vVJG3C+ii)4P^BxhgWQW
zPOoKpt?@jv>OP+=pDkqhWcQc7B=ix7WAxcYR-g8g^=jk+vV1NhtG|{z{R%QRhLvQ^
z!>h=AF$KbEvgVvMWdFO2j@gm0i^t9=GB2DFMw8`}a-2`hUTMu<<urTs1&4Ln|Khm`
z^YdEfqI`#&8`%j6W*;z=)93p_(&~60QfB$gA&(bSceR7n_p?^Ca4jeO82S;9b)0ux
z<+$4Mc*heR*EpW+cnVqVQ%hFA)RA?aR`2u;WVKbJ(>FPuN7neCPv+o7Xu%f!w>$21
z+(p*0&`Z{9z6Z!Uc9uE&<z!uZuW<U6j#rVj-ng19`!!@8M{CJEKoQoFRp#|%={JyN
zzmcqRZX&-ljQ`DK9gkbcYR|2Xw~>{0J6Xs34zhl~-bq$DcafFvZnAvtA<NHRvi$5L
z%g=uDx=^nJ<c)z3lD`o6kkcP_`lrdt>lw1jaD=QjIqEnAchP1fIk>m?=9TI7?4zmw
zMc7e6z9(>wye;q;@^EvGpF_l>Sq5>1<1u87?Xl$k;6G2+_rWT%+PRvn`i>{R2p<R&
zvBk7CWZ6t6%Vvtx*OJ$Uyy~33o_t@>H;`4HMzW5VCTBm7EdTS#`YpbNyd(H&CvOkj
zN!ITUU1ZJSy-q(s4(6F<WVQctvX1K&<o^rppQ9i3i}i)r`a*4(r;Wz2^@a4-7drN>
zFQm7=&^$1tFEpO5FXXe9{*~7HLdU7~h4j`JI%cgeq_@6s|3)CzWh8wLH}*8%tnTt-
zbyr_o-PQhi`gt-4R(E}0v$|`(vbxU=Hdc4B)m_KnWcrcb>MngP_5C5O)m?h4yV&Y3
zwz{iqR(FlbdCvcQvc7+{kTu5I$@<>cNj@4Jb&<apxR-p7G9arBpSL|_W9=!<yR_DB
z(p$TUt*yk?R$^-_v9*=BmOlMB5nEe{t*yk?R$^-_v9*=h+DhEw{99W|Z*3*Ewh~)g
ziIEidjPX-z7b^28$gvG8$U63|t#mApp+1ifgt6Glj)eBllQm|n4fXFZtPM{J=d$s%
zQ5mc~#nztk1Cv4-UPwP$dHkHLf6I}lA738jW#y6ndCQ|Y-1=8+{VT4ee+|7laxT=d
zp8QY7q;KcZv{(79&GmeowYkb{bri$A&^|-_s2|PGaPx-zSl?+*%hTs4LuIV*q_?(`
z-r7pXul1eS`cBt2)>fKltgW<8TTB0Hb89O<Zzyd8ZT!3;`zGpj9-l{+&-u>2g)IAa
z@+(7MbUN-Le>Bvwm#piS0kY=#Wlq1`=~s|dwv~=ok(KXivdX!Jtg*3{{A3W;ku@i;
zC(Gvsvixi$EA1w-+Ih3H+2U-rk~M#BBWwQLPS*UngRJ>;Ct367F0!tpc9ZW38Sf#h
zE_=yi@qw@p+o1FK*wD`07w3(Ujz^I-4o8z!uL`o-BuCcu+Zgi0!H8Lw>0jjJ$rT~5
zDze(7nyl-Y@#OxHb|RStL8!qNZ6=e|&Qr*;uO;hRsE({_p?b3VsDZ4sjZWW0zBlAM
zkGv-Ed}q@_R@!#5%HQeqUF3fWX?w{UCj;c54%b&oyWFK+;cQltH6B)xH6B)zH6GTG
zH6GTIH6GTH?+KZ$C-X(I2pg~s>UYgEY~pwx8AX<UG}+H-Du0gpCxc*p?bnkvZ{%sy
zA8e|~YPV{~;~iUH%cjQZt*@1@^|jiq*4fmN)mHUnwN(RIZDoC}wrZkYZDoCZk20X%
zw~2U2n@C^b?5$0tw>A-vrH$G!Pu9F`Z6dZd5nG#R-nKT;ylriwIde#xJQ>PgOaJN%
zYZHxmYZJAtwTar$+C+1#wTb*&o2W_V)2IBmkma+TET5g^SKtGo3tQCpl9ks0S$QoZ
zYkpWx*8H%7th%ox>pFiGS=aWf$!e=L&VDUf*YNAex;|e|);0VFveIrO_lHVuBCEce
z$*S)bvg);!tom*vEA4jjNPHmdz*d$cX$@9&-vv3Q-R*df<Gp0v*S(LdwEM}ruloR5
z`5tsOhsc`u4wE(SJx$iJ@C;dfcZ96@?I>CEo_$YOzV<y`^&N$_iF2BLPnVwx>NVbS
zWVPWKviyuC%TJ!H<FtybvQ?9HoQ@~!IGsq=aau#Z2OkKN$$a@d!W8mw-$`}cje=d-
zt!5t9_r%o1<K1j@%#L>Y3dii)vT@=3HHNIQG}dw6aTPfq?5mxAJX!PPM6#~2Ysk9B
z1{TWpyya1u^UmJ#mEQ6dTV7(zOFYG;t#e%OxWRFw<9UwfJ8p5@>A1^rFIjywKvsJ$
zbG+Q~3dbuQuX4PatY@#*IQ?43>m09lyutBCvixi!YYcC8yv5mXb-azN?-$#h{SIfd
z)A26HyB+UwyqDY`#{WLD{O@;s!0|!HhsbK%!(`RvY4T}dd_F_g@pXi(aeLJ1frT+S
z((x$A6^_R^9_zS@{0V#@RAY<B;CROq9oIOX?0AafTE}&c>m4^bZgM=&@qEWEj@un~
zI_@HC4EK^x#0SCvw%F#&$ePoZJN*i>zK^eT`c+Q9+UeIg{aUAA=k)8zp-aQ{-Z#RS
z+34&ykw1VBgw5DuIk%8UQ=7?b#TND3$oe;!+ns&~`4)U2?8FxBcag88Hj~+nE$a7>
z@1i!7*^4de_mS_RHj~+pE$R=DL-8{Qo&J#H!{na@qo<wz8S?3&A&!vc=cu!>^Bo%!
z!OnL&M(lj|!JxPEo%9v(5zA)hySSD@{jQLKo$quU(L)^Dqa3q|<Cv)+pMejA9JVrc
z6v7y6Q9qWfGUUlRw^osLELW42cD&P1bov^y&bgDxzMQ)6WhC|6@PRO-%$tJV%B*vT
zm04`%d?eW95yiS&*<@p76I<EDRyMJfO<e2z)H`l)+~~N;@jS=#$!fzE@<Mzdv|}qf
z%P`YPmcEOuG1E&vA=nI%?+(0-tluS<ljVN}S-+93B+Jh#@^$z?SdA^(uOZ8Rt<$d~
z4}`?)$q(WKVFR|9mR%m_mQ7^MKby(QcZ;*%O4dC~+sJ3*17SP1=yL~I|8!?3S!LVh
zY<81x#|Oe5Y|&;fS?#cotTOC(`U8#+IzHqWSQtMe9glK6+HsEjX?!4z!4}6}-f=Zq
zbM<(#$~n<-4O#zSXfnAf%pp_AYKK~~($+bycQy@V9h;40%@0jvf81%D52>TdX?0W^
zRxs_8L9qJj+S}?Yo3XUf{E#Qd>uqwp-X_QEZF0QcCdcb-@;@o3Z+|PB>SAS6`K@f4
zC#`I1w><q<hqkREZx0o)K2lw*k5pglBX$k~qd2atj~)*RtdFh>T<dJCk7Q$gBpd4^
z<z;;&n<kfb9$EVNj$6p%@PW{dEtbENJU2M)a{6AUA0R8=Wn{I<a<ckv1zCPplGTr^
z$m++{WcA$|vifc<`JeRNDB7sMD#)L~2ZHsH^m)k9#`;3~iPWpi)))SGk>2`3<*B8;
zjvea@vGs-QtuMrlwAa|MzR(!3zEC?@U&w!p^KX42|JE1s$)9y|_)rxxxsl=dMbm@F
zU_V3dMd7?>dT>F1jI#%ihV2_@kM~jV(q*pre#9&T^`AuCFJ?b8Z|YYd=3_|Y%Mn+J
zYZ3EQME!dZPZG1ACyVK4x_BL8wj1p~hWM>w+R!icynX#@G23H-m^Qp6i#D4PQzq-S
zlS~c+<TUEIf!~DK$|L6EVL3cE$2Ks%7%oiDG4fLJWW?2EJX^;p>ukqn5B+%P%pS}~
zx6s6y9L}v{5Wh^!vC02olN+7MybJLn$32d3aEvZAd-e&JL7BD-G5>cEc>wV&@nwi-
zi<cutRWrFS-~++@;GF>DgNU`M03#7arhR0%F0dV6vS)in8`do{>lQihm}4XAYrwh3
z@PSZ^EeFT9Bj&L{J<HPR^sFcKESI&3>{+*%_EyJMU)bCP-3ijqK+GjD+S6aPm}NOf
zyaMs-$;gZKCTDfr*_cFHmho-00ds6yKf)fOakRI7gr4n0j(T3!<i3axggmw!1_j6O
z1!U-1_nA)LAU*4Jh0|XpJ<HkY^j2T^WP7t;=#yn5$1+%bmGAkq5d*Q_$j?xY$jm!3
z^NUQsk;j8`+wp-g8CwnoS%%ok4{itBIEM}E*zas!DQ-l}a?=m<Bxm)krOhYs!|`s%
z9c)+@a;(>z!OXV~@kQcx#Pmx&c^(;QS$1+(*S$8k$cA>b=bUp58TRZ)a?Fc|K@Q41
zV*1K`2_Fb2V~ct_)?mXWKGuhN+QPNjj}%9rZ2H`n@qutUHZpCjz8E+YAxx!SY;6l0
z`nGyW&+!y(-a&>9+lt3n)Zgp)ld@siKIin0JKilDw!=QB|Bd6n$Yu=Ue>gqYNLhxl
z&`l((oYSSxL(fZrsGlc&HT3OH&!r;zse=9n@p$mNoy}d+*FevoSEJ93(ocqdi_`Pf
z3G_J;dS2R+r-1i5o1aKu2R$E`ia!4+eJ%9QIXy2E>4*KppEIL9mma9EhkmlS5j<5k
zO^EBHZ-Ty2diHyd_#KD`9IqzBC;R_jq^JFQ>E}bg$>~2QeLM7Dar#}-w?O|xaVPkf
z&gQW6z0e<V`hQ5@1$_lBI9Q$m@L00?`b_DULqEysr%1mH`isRY!TjHzF>Q<VtDxuq
z^o;re>6vzgcm?>Q;?>|!I{SZ<ehu{eU!Kv=PU+V|zel_dyx-aIe|xfCE1>_A(?28q
zdgytuMxVzx&N{Aee3Ijn9p@dN;rO+VIc+g7&KY*S0cKh9(sTTuK}MN3h~qqC*9oxa
z*tk?S8^zIvZA$-a!<%KZNgQpMhBlu^{E%!mi=)lAWV0Xf_hhq09BrPK4cD%omCaVf
z<Y@B>9be}mKF#r&WYlpRY{}7{b}ZXSwAmZQoNsEyFNS_58ELm8EjgyWOg5c}-!7XS
zupvhqE@#j`m)38R%}&^mqYd}bhI7(t@k^2K2gt~G7wpN={yy1kMa-W|X|o$P<Y>d!
z2GJ+yDt`4P^E<$I$gtl7dvdh@k!%hlJ|LUDupvhqE~A(q#C(K<e)hqJ9BuNl;T(0g
zm~+^9V$NG{AR{gNnjF(!B>e&C$x(j=^(g;Ui21*b$*(|N+Qj_-#@C8(M0|^wbKXkF
zw>!Q=%=zywGRkuh`I2M4AD8|R^yH}DLOsgB{}1?i*&K!qIof<*Hk>2(icdkAe?&%J
z9LwZr{~OsHMf^wEJOdkYw0Vi<6V9E-iTS^PPawnR5!jQXeU)tZe>M5PaA|WCHsol-
z|DDXba89ikzXm?}Ka^>oLI0DZ{Z+EL4sn}ocs!D$%}ug-FXFqz4<Y`5<8_YjB_pp<
z@I#J%n1*FLfOxZ*bMPaMw~>*S>(=C$_S>>y+V47kk_`I_*ps6@?U>gD)cvor$-#yk
zZO|Hp^+uQ#c$DMOjw>AJ9FK84)^Xl(mE&s1;~h_QT;q7M<0+179oIRociiB((Q%XG
zd5-5hZgJf1xYKc$<6g%Dj+Z%J?s$dcm5x_AUhQ~|<F$_0IbQF0gX4{kH#y$yc#Gq$
zj<-49?s$jeosM@o-tBmg<GqgeIo|L1RB-Mq_&|6aw%p5cuEYE>MSL!Jn)vnLw~BdP
zd8K$JxJ`U9nEgdRyvAHAz6^Y`nDeoHUw}<Bm~Bq`cJPPAi@_fk<G*=kJ|XT0e^&fX
zFuxixE$8XS#hk<KdI0(lf&WALkAi<J-T;0|{1Eu};?IEpTl@vEeb;~={{Q+H;n-$g
zkAsgB^V*j40^4vT(w!_l=fBgX9|ipcr*DydH1xerzs&Ip$EzH#alFp)1CDu)XE|90
zJEx2HI6Ys<6m59^j{J<{5vW_#^OlRquOOqo6)1m|)4#^?1jjXwFL3-O$I~6xJHEv6
z9LIKkSH0#teXHYzj_q78`(CGC>i8zd?{aL{14{c|r+>fWdmOKG{4vM(JN~5O&5l3o
z*sc?l?-!kZhhtt(#D4j<<L^1PYYF+WYYFksoXtVUzjbWa6|#TE>7R4_562@h=3;qX
z;`n&STw{(luXKE>W4jJfzGpf8*^X-*U+DPFj_VxHa?E3rW#IQ4`@RD{1!EtP>0gD|
z){day@oj5FvY9BG^AS%Hk4GC&rcchDw&o`LH%m|dGsG7ot`|>1TFOkz`E|CK_Dy2W
zwO2U(RpK_pEl$5s%sF_m)AxuuANM&u&zsDbbF;1IsLZ!W&v}~XP1>+LcZfM>zt8FK
z5p(|jkkhYse81yO;!h)fSiB7FKsn~c^CS5&#E*(^g$?Csv%~Q>#5^C`cSEGT8}^i=
z{S%IPPK^4WiVq_Gx%d-EOF7#7*74I~evh=ZDde>k_LQUjQO6_Dc2WNl$0v|6m*!wg
zj@ONO*_?y;4B3o<4LRD(k`33l8pPj48Tcp*^ST0YllTefuN3qAbCsBLxvhP{ejm7B
z`k#Q`A^ru}*1=$N2z;mXzX#tV{xkTaVt&`WS9}Ee2gREae@gr}=qa<Dk0Abxcm$47
zTQ`G#6!<aecOd?fnBQaU`zdTH!Ti2TKmU%{zN>=AK>wuluLAQib=vGl%v*TL<Dmb!
zxEg#=%vTsaC4L?BwiXBbbHRU=elqwuF~8&fP5egaUj&){r-4U_dD|^-v8DbZ=qZzP
zh<O_>xdHmIWQ>Qg=xcK9YlwyaC&lZG_`jt%k45J7L}Z?uBXev;<`|01JR;{ES2?bB
zJl-+qz?ini@npwS9M?LobIds~`e|_7=(x%8Jje4Lw>WNh-08T>aj)Y6$IBcqcf7*!
zO2?}luXen~@mk009Ito0!SP1Nn;dU;yv6ZW$J-olcf7;#PRF|(?{>V$@m|OK9Pf90
z!0|!Hha4Yv{Iug|93OFf)NuyKR~#o?JBZBh|B**K<~cj+`JFuS7{_BBbH0r>RgSA2
zk9R!LagF22j;A=TbzJAT-f@HDM#r4PW7+08p6|HDal7MA$6bzl9S=BO=6Jc|6^>Ur
zUgdbT<28=gI$q~^z2gmzH#*+rc(dazj<-7A=6Ji~9gcT8-sO0=<2{b|I^O4azvBar
z4>~^N_^{)r9Y5pvh~uM<d5(!=V5DQ7U!s1r;|j+-$3&Ykj(L8G`n+R)r;GY($Gpak
z`iYKf98Y%4>)L2v>$uKwz2gSQTsw$qn;g$`Jl}DP<95fLj=LQ5J7Dxb;CPwi<&IZ4
zUg>z1<JFGWI9}^`o#XY6H#pwtc$4GJj<-18>Uf*u?T&Xi-syOk<K2$;INs}cpX2?G
z4>&&P_>kknj-Ph?jN>DYk2=oa+9>uHzhg$`HDct^j=A0)_58jWnb(Dp`5R*7ykma%
zjCx)dMjr2YqGNs!jW)b4jLhF3BiB0Schab@cg*X*sBd)K<anOr`Hov0w>$21+~v5}
z@qpuHj+Z-L;drIvRgPCXUgLPJ<8_YLJKo@UqvK7EH#^?qc&p=Wj<-AB;drOxU5<A<
z-s5<$<9&|zJ3ip}pyNZ14?BL^@iUH(I6mr_i;Hn=@OQ_^qa2TR%-@2e4S&OnJjU@@
z$NXJ5+VJ<G$kmR=JLY`=(Wb`nWXDq+*E+6qT<^HSaiilV$MYP|ciiH*-EpVmF2}u&
z2OKYRyxj2$$15GLa=hB{8pmrLuXDWK@dn2m9dB~H+3^;~TODt6yxs8*$2%SGa=hE|
z9>;qf?{mE0@d3vN9UpRh*zwbjpK*M|@lnUTxiF5mk&Z_>9__foG4EH6X~#Go>p1VY
z%5k;h@s1}tu5mos@f63kj_VxPJ8p2?=(x%8Jje4Lw>WNh-08T>aj)Y6$IBcqcf7*!
zO2?z|9WA#59|%~&$mCvu^(4gSh}#j{J%`XYgKeEtHjT2O{pF6|?zq*lt!*kTiePy$
z{}+q7UVA)wNBAv<9M?}yr5<VDhIpK~2644`7UBtFuD`xs%r(?EiklEm7qebjGBSnR
zjNP*b#?Qf_3||F^vs|D<F#D68J-A^1H8ZiagY3sTdvL-2@uBu`m&w8AHHf)>O@1|E
zt2^v*I2jM}55q$F!3F<2VT@pHsPdbC*cAMO3;tnW(*G&WKe*uk>%;hmO~F67;2-v>
z|JTAr4mKAcw%;zn=Yh|r9`>WevA)(0TqH&qk1YqLPwQ*!<agF~>6x}i%rSNoSvISs
zuR#1!aSri=WZ7^XhW^JO{-zk+k+Jn>*&LKUkJ#3bVP6IQJN2?T9%Z5*j?=MXmi<h!
zY$i)T5&Db79NT<MBHFY`KN<QS@f7e<aV^-^dy!Wi_%@f;)_awg9Xqh8hYdN~2tx$>
zeFQcag01~w(;$w=pdIh9;jum+8|y_KIm^idVF5Ol`DVn6$gtsYM~;4$P%oQ4*~~*s
zjy5Z$r*CrfZ@*t4?L*MrC7Tv;OuLSH+1x9ecEsdpvqkz&#N_Dz^VB2l4-kKmjPiGh
zW7?h0=G(IAMNE!1`=uX1OpgA4K|TDJq1m63%`(K~nD%LB^Q>%^BPK_iW7Y2~pd&~B
z_PaLxp9Ni|Y}kI}nD&*_%jQ(stbz?W+Dw$5#|k<6Kc9M}<$Z8(kj)y{kYn09XY&@>
ztc49Z+PqzQ_7yq$Z>1jod4JqO*{p{RIi_7E8@@jJX4!0j4LRCWLC)pFSU$_~C~-An
zO!t}GH}Qc$&hm#BggiE;<($O1HFsLLPa7&@&RcIL@4^Sd?bv9;@o3`>ypcNT$0D}5
z4tmaqHeVs_NO6`2I>Iz;^f^i#>rziW(%y&oVlj`YE5z-HuO=hyXmNIK@VQ7fod4`t
zgC8=-CG9K3agKc#^{}}E@v&q~65|n{;`j{mxA1{L&NhX-D#5wagY6hH4+sQumX$()
zJJYl7<m_c3E%Tr~&B#%2?fD%j5MB(^9GGcmkgLM|&euy%n?F073r7@fY8_wX_)^Dq
zPl9~%zLw~}!?E3mARGJb80BG^$=S=1IfC^I^y~|AY#-|j=-KAvEZT~p7aQ}s9&x{z
zzYX3>hCRm-Im;ge5msS~WxIzA8@4eyJ1^L5l%8Xc9QBV%pGQoNdUh54pcr8ulb;_;
zUyYa??GI89<2Ryh4$Fr9M$W!1l;O{^se{emWit^mIr_2lBl4|*jvVziFF`*UdYhM2
zo@&@I-v;>PZ>ucx6xfhszOR=}6Kw4MUf9&ahMeV(s0eIIrmYiaISC<LMLqlvAg%qb
z3Y&W9$=UhA#^xO88=$v2M|%4$75YZ#$<h8{`h=dxEII1GBK<t*$x+WWZI)p^%3!~N
zBJF(Gkh3fxg8c>xn+33WiuSN+fu0=w*zcRrw?j{k`s0y?_MOm^qkata@Y#v@blG&l
zh8**?dxT(f9dx|6jD9$N$=Rzz*?5hZ!$fx}V)i$A4q~=fWV_ymp5xZ$4KT-m&B?m~
z;%sy9c^2dx^dk|Ivn@e?zVxFIle0X5Ak4%@`_ba;f}kHqJti%VXDb63S%-YT3lL{{
z!G(~;mOC@-H+%3&&{a_X@AyC<$N7`T8||kd&Wl+u9_qAb`N`S#;NQv*`!_+yu}&M-
zg&ciOpdJOLt=WKEz^73EJ$xXLvmL=FufJ)}?{F*!ZI~}P%M&TW0&KKlzKh66^j^fb
zI{u*er-*lnS>;1w-gjS)jcIv(aiW-~(Q%G#u7(XC*Rr`0d<}eb%g=id^PH61gAW99
zb`gvbcuu9B<tJx5gMPjAqY#s`i-UfX^z3(X_L`ulYnJmzh<_+vhxmXPLnZTT@i9ok
z`q2I`bgvTEBR-c5XBE(sV>wwj+P@lc8~uDA9|&F8au~4N5ciUyXI-urv;3?-^(^!I
z$+EXPLeIQD;q+EV=yT9*m7e9a>s9E-fOk_5=6KvkhELj99mTYxp5MQ0e8N62j@J)7
zuhCBxVse%fA%cx7q<t%RHnv!1>tE<u*B0r?3(4?PEsobVH_GO2#5VSjmb{93*pC-S
zd+uXiY=aLw{x})-6A_c6{ln7p7$isim#K%J-yr^$ct2tuPV_Tb9PO>GUaRkMw0Qy_
z2&1v(pl3VVJO(}cmz?biZFMSbpdW>p9DQCz{ge1WcnBMrX@5&b#h*p|wBwV=u%RDv
zyl&*NPy62^MwQHl<sxU7gfg5<J#5%-7n0$pLLASz)~B#}8}yB`;TR)F8}6f@YY;CW
z!w=hr9BsIdHaw2|$gpAikmEU;`)I?t#rhgHd2zhXS>tT(CBuf}kR0=RP&V5TZz02`
zS{!Y-k9qAvyn_rIh{n-|`)Kn6#GK=3Gf^DNyia<LC33u$U>%tD8N|OJBkg2yoWtKj
z{a$<^*ti9=uXEhMqr|aKSqJJzBPPdwWSMfW3+J~t$)*A^Io4&SY~~?uB*PE$Ax9hT
zqo2iyTgb2(BaZduKHBU?e7$VgkL1`#H&ZX0)w0PWCda(iQV$#U)xBioRk9yp^Lgz5
zv}{;!a`eM}^s^K3b~5~o7soPxLwdFoIrb6jz_dR=yoZdmHR9Mut<?VqJ`k)7VD{0U
zvE?R&>((QVUrB}y`;Hv@Zk%lX3o(+J&1iA9I~<Sa%Z7br{Rlr5;&?sAeax5hL=zb{
zIdQbHIRrM{&@Yq?`;i=NxQ~9=SJ#u_r_hhOp0s|1&9AYaeMg(TI9?mCrCv7o%ZB|(
zj(I&K8}`puGW@U~$<fC84u04t>`U5=7e^cJV_rW+%s!(H`;;87MGr_{gP0tzKUoK+
zJ&O3ZWTc%ej(vR^^=F5&)r%Vuzf61y;*-Q@AU>JQ%n`_0F2W&T>Nh`3%W}|$V}_h%
zr4TN}#=K}VjSL%(8FCioWU%>x7bXZcKY-~c#|=z-avWo9Q|d<}CdYBbHp<~+CSn^`
zu&EHow&gzB%tPErh7Em_qYd}brZ7LihU2P*HX1WFKfs24bv-uvDU2(9pR#c!o7J+(
zBPPeZ)>03f2NB;(h98bAa<t(-+I$}Ir^&Eky~)vr`)I>4Wn&CB<HfPe-=GcjFbng8
zzO%3nOpC4w^8;*Z#Bt29{<(9oc8l1?!#)7QXl&F|S4oDReMiprhH-L=^z27+yaurG
zc5e8M;uW;{PkbQoJ4p`uI>a`9z;6ayUSRguOJ##;E&O%^J==tRKtC)4Ip&2SXnK}`
zoJE-#j>VRn<i6MZ$kaA&ve$+3=V|lfpeJX?1xA*pXI|ti{4j7n%<VS}bEE9pAJo&H
z9PN*x{(NkRj~BDOP5=5(Hq(R6H*F?|>nW4PFP5HZ%^rIE%n`mf{RDt83tR5OFh&-V
zp=Wuz#B3j4LsHN7=5=GVKS}xu#N_yWgzZUtmY<xxF|^xx)FZD3#BU(OhGiqiepyOA
zY~F`>Eg3fKH*)r-;AcJcu-St6ell$G;^=1q^>Dl#@p0l45nDU_6d;b{`DDnne+}YS
zi8=1<dKLC;6T4o$G?an;m4lw`L(VRDb%dU6#rj75o4~YZTalxFru1wpa`v6U&s^$J
zp0^>MPexj{6*<d=7KCfCQ9o9keOJ);QIE7YAs&!TUL5OtGxf0PK)h1?LBzL<*C4)w
z4F6T)nD%7qe})f)sn~K;!uOQf;wHq+WZ1CX%)e|_NzZmWLCm%yXKxARw__jnb<mw6
z8@3xc_U~EL%jZPduno!CcLYB;gbFsOs+FfO-qeqFu7RI9*nfp=#)`AI20vF(4;z-<
z#ue(77sv8gUqH{cBF8dVUqD|C9XZQ~4-l4Ni{-bzfDOkHIkxkiw1J*=BFDUJt~&q)
z0y%qI@cD9Z?m%dBa@6Oke^VIS_T3gXY=3ghi+R(g2Jr;)fiQ;2(Z=%qITQ$%uht)|
zziLDOa9<A0Hatbl>j(2cHLTlks?CWJ8DEUpjs+;lOq2TsJ`gU)M*E+X>3cDl<MaXP
zHz6J;=6u7prakLoV*t#tgf28a=RD>?8y;VcWaKqc9NW2BHq7@r@%4z`DSi*)d&CbS
zenh+n@sr{|Am+xrxMn{Z8@U=WH!^=CvfqioJOy*3p1<vIBYyxfH}bzC=6%BCJ&1ou
zM)}#N<m@VZAY`%SriD4f`u&%t4*jman?xJvS$A@r!>3D6pX8|LSj<7e<Hh`gTfi04
zv)_3f(uRBz`5-<J$Z;&43Z~5j#HWcl_nuCMJ<CIm_SSc>XJ6Sk5!cgRY{xRvvdrX|
zmSv?4$HSFm*l^AvXIF=|I)VCM;RC_yP#4CCl@ofF$F5JHr_SmHJ@c}9T@w6ML8c%2
zC&zYU-qf?5$k{uBJ-WyAY%_AyTiebEYhZR<{~9|H?6|%&q&)+24tkc2oR!|rzesxl
zbat$Xt*>FvGFxA34z#v~o@FM-a}$zfa`@n}co7*kEI&E6E&GEuJdWm)VZ*wRqs@Hk
zVbhNIYBFp%50j(KBI;qo<7~0xYss)@pOB;dfNWMEzQHlid9=?XCP({sQxE^|N4$y*
z8}<)5dsk@Ban#QY^CZV&?kRjAyd4|${fL*7rGKULuSRV18}#f8a=e$|^|E1I?HmLf
zwm&(0cgWZ32tC{1>c|5ff%!3C*5h4d*s%S{S^lVkU}e52<Y{F%Wa@Cu06ot+)>hK9
z-E+{Nf!M|g^ei(umia>2v?6{J88)ND*$;+%?R*D4%WUVn4+XvT1@tT@IhONv;9Pz9
zz1Q00H&7s0+k#n!Mc8Qb6ygtvKZ$q;88)L3?<T|M3B-G)N0j*)S!u0Jz#RKl7o=r5
z$+3=?%KkFMHb21rAb6hitdosZq-9-ftm+u=kqxhxtdC&BF;9+t`f=Jo&-Nx~)jq6G
zEdOTl4#b~zyp4>s9P{M(Tl|-0vj_3xWZ2}z@tpNT>8lWvWBXIi&2r=9w@@J1u?c-I
z_#N1C(lc+`S0lD@0zLa^$T)#b3-mTlU^7ab{cso$osj91?N82rB<PtR{ojcAW-@Hp
z&g4O5ev2#f@30f$YHT^^uSd*dAt$|+8Tvw*p)Xlx*epOgD>G~gWnLf3)-9hbGdcUQ
zpl5!}m*@Xm$w<pGlVh2AT;(nf*K8BXhw*{Xj*WV@v0Xn%Z)Jx5Ea)fE26~p69LK7a
z6E-|Prpbn7CTBk$%4XvbX-7k6<8VXJuYgRSEGIdZvx@qLa9@WVo4<zwVIel^S0KJa
zyaurykFv2c!{#;6TOFZinaQ!toZskYG2%CqVZ$<$v-gLxEt7sUVsiEYS7xMrA9U}b
z4VY!%@kT!t;#il{sQ&{#5UlSm!85*KODnzA7tC^!V>xYX!@d?eo0nk2a+0&h;sfE0
z*mAI88E^_Q=6MQ3!SZGK$=OeY^4oC)KP)FX`(V(o0<)Z)E6B0@Cs6-Kd>~jkXNP{V
zeg{v7-uea1bHVM{qP<;*AT8@<*CCA|FY6=N7y1Z16*lK9E$c|mZVLAG)WhZ)#At5w
z&w7!wp9(g8(z9OV>_b7%GBGXN`)0>Beo!{nmmKR`PMb@^^%ToNJ`wS8;#VNHGBk$s
z?cLNrjSqy6Vaq}P6yk@;(6jEJclw>u)At^yx4BVi_dESB9B0Kmw^$p({;lAd)FUsp
z2|4@TQ1|PluRu(W`dg_-+8-gdaR@#DzEgVE=`Qhoh}V+gpKV2s^Z5hPk3me%@}>!d
zPhq3~FChLj8EIKwa!k9Odf2c%z9#+^;%|~+pBG2_*HZr{d?1{Ijm);S;{wd~w03xF
z=pXAl@GR(GO?z-HVs1>!wjyUYhcaJ8{h#rH(2k8v|GnfnSTn@H_?`6hokcR*(9fyj
z3h*Q`+v*}Q+lR}nv}Zf;*)jV37GggCPksvVFB~6({9?YN9rGPxQC|gL<g*Z;DSk2b
zzfR0!Xrg1z+qAEMjm?4J8PM4rD4r&pF|gr2+RsD$7V@7%zmQ|UV7KX67IOA8s3^jG
zY_zWy$Mus1)WdK9@gmub7e}AVrDxg6ajoMPwa)>>w~If8cpVve)xegV-4e?1ux$8z
z-XpS^3>$L%-TZOsr$A4R--(`}9_9QMV!kJi{%c`Fj$_7-$GJgYiG8`h-~)jif6qD<
zOg+aEIsW#+I#bWFM9w}E%FH_C;FINH|IvnHj2yo&oKF2S_&_)tTdqm>-ikS29Z!Z0
z^Cf3L8~k%DQqO$J@pp<m_3(2Z;xovwVZP+pFE(bN=Qt<FwrT{^K8Khbe{;N?`le7e
z>ucCBPjdXNYKgP4`5882p(AIxkbv+qY`On34C{4Z*6YL4vo2^RvtgP4LB0&XNg=r%
zo3Lk@Ukf?v?RbQqW#*C`{j+ShJDXk7vpjZxmwcWCnf7_a<k$|@KG5@6u=aT$93XrR
z8|`^4kmK0fBR%_{oLw30e=Pk(#N;dsh46E1EdK<EPm$rX1~EDI<I}Qv5p157&1A&n
z*pDy4KBnauBggWeAbl<L<mhuO^~!ggZ0cY`jy}(qz8-pV_S5)4m_j|$PDA`=G5h5j
z@edI9kWron*pp+vw!Vb4cR+WuY#L!hj`@CB`X=bf+0Wwx;TzN=E&YFo4FB_>C&#q=
zq@NExIr}+$AlSM7a<_H_W?!6wEyspLAjf_@7o3C5G{o!=GTZiiGVD24$?^EL^Av1w
zSrXn&1RIWFwq3Nj63nz5&*bd3P__lsBkeVa+sUx05XZE3zPlov8z<04e4?21`YRp3
zO3d*&PJ9kx%DKPd1A!dx@#8+~Sub+Dm+u1Vk=Injb}YbVlsJ~n&f`a*M0h>696E)^
z1jiHklZY=Cv#%G5A47bT`2C3Q6*KKd#}7H);`mX=Uvg~qMZWhzXY~cM@2uU9ggTPr
znBhK_vmP<)NuG_EWhMVBVocwe9MZDx<T#$+PCab4BEDM8?;vgBcOvd1BQ5)#9PgjJ
zO?vh<Io>D9wxG`)h(AO|+MGE1g)nC5EBCfAW?w2k2{C=;{u>_%<k&~2foadNZ08#A
zc<>q2!=C+4j`r3j(6heenD5Ep+;jLq_yV@vm6*>);2v7>DaVF6gnF{AGmC9bmVF)4
zM4N?<H;C!;L8s^Q`_cY$j_uuU@^9yT@pqifla7ywJ5k|ITo2LbW5?iHT6{C&i?EOS
zZp8D%e}GN9_!;oE;_DE<U(9C>zbn2H{H*wY7(=Gds}S?~#K>1TzDYa-{_hiC0{*-B
z1n@{~OiRu>K2^*%pC&#TTrX}!{BCD+r{jAZf7I~<jz8u2Gmam1{3XYaJN}O2CmsLT
z@h=_!&heid|JCt793P8%vQ1d`;~l@;ai07fM{PJ}$mo_Z=j%J{rI6_dr<kxt2j)+N
zl&Rl|7>A`Xk99ltq2GrwWyd~vJM@ca^ISM~$nm~S&IR;Cn|I5G$1yp(Jsj5`k)Fpc
zIi8Q0H`9I_@i)b*&<0P6{}b^K#A~4cHTgMgh{;)=01^Ixjegd_hWFZ%`5O^`D<W@z
z{&+F(ryWCvpD{>B&OU|@ggo`Ie+y!}1_RfF&!ryrV_`$izS_*~S|QrAxoMNfE^=HG
zSRj2B^yKW9@PWXej+pjAl#TsC=H(MFt;i3c{rR&BeR94h$2R8@4{f-lz-19**z+qQ
z?KuaMWBc!vej@bb*#3v8ho3(n{+*cb5&5h5Z-{xHKW(-_{}OEU&-s=d+rN@}*z7=D
zE#~_^Un}N2Ma~h|Bev&g;Ab-YkYoE#lT8=m+2U&u^SKM=%Q>4I+rM2lwCD2`w5f#+
zIkx|8($_&xj_tpidX$;(HQ~HW=CO8I%=gjRyDp*sFYuqG=iEq{_T`vYX%{&Inap|E
zz88b}otWQssb^aI-vnU3N6y}33Eqq`VDGVfE}XB)*?u%U!g)&Dg}7Ec6Y+HMR;0a@
zjI<4~CugxSTrGX0ILiYEVIlR%m*<5ZG2genO8kDrcZzqwKi}6u|4m3sj^pql+3?*P
z|0>=E`$x&J=e$CW*A+Wtvj;X$$Ywrl$Z<^mTKX2~$x;8D^zG1-qy9x`Q`Y58h+jfR
zzMZfkXL+HGP$`=+h))#nLmBM<Ai%y0Hsn~&D%l)>%_K5xdSOG(ekJ&PgKRivri$N!
zxK2DD@g?Fz@N>DCV_<<}$}B(q+$z2s@q5H~B3>otd6qKm{{=DaBJ-URWS*}-BHn=b
zV`8R#K)e(2!(`NJ0QDlrx_?eKM^WZ4%VrsD$g$18DVy&j{<fI!QTQzxK9|FuoLw8*
zitlz{+5Q{xF|eb}3fPe2HQ3qGuY{hQy)UGlCjBbt$<dzmp-;A3xA>iiuM^*ZnC~&5
z4X+a@li!V)c9HoW12V5qZWFIY{9ZBBt`l!W{82HlW$qQz=0Wmv;XXuiJbpLJ=GCxy
zL^f+s7jkU#$7C}Sb=f7GwXh-cdWhkN(ytR|cZBviptNPM`;~YU__wlO4|{Sv7d$Kd
z2I$H0cd?_?qa7-cme*nAS0R2m8THx-dvd&%=04i6?q`W7B7U8CH0pA$nExZ~LNfep
zf**3sw^lav!;L=Kr_E&8Z-zZN8>*Y>kWDY*(_u%OEwCZSwebnkZ-t(meI)?leCfA|
zvtJBOq0Z#~hZf=9#q8IDp7UuA6BOsY6U1*tOn14X_&^}X`$g?LBlH;Nb{}uN&wLVO
z+K)m^j$`8j>g9i?Y(^s{XL+JVV1Bu)!u>n8M)!Z%dIR`9>v{iwtCi`VOnueV)VG?N
znwpGuGWn`iJDQpdlVR1WVJDMS!?0?nh8-rO$>>XyVJABb!>}|p48smP48t(mVF<(U
ze?C9g`<?gsKYmx;dq3~j{rbGG&;7YR*Y){a*L~gh_is(^uF=ixJmdACyIwihJ27<E
zE9ZL8QYWYHtDVDA*7eH&XT3}SXXy0-J7;Wl_&X4s@4eLl{r_19^#5la$Z7so2R#4(
zI`nw0&x>R%?R*e6zntf}kA?eQ(p@`mb;IMj<m{_s^$h9Ss$ZVf`5za&ka&uW=b>#E
zpHrV1o@qp{C+ji4oX5i#sLvWQ<WgdrKjZPe$XSPxaNp3b4s!3`J8pdm-SxJ<^r=oi
zKK!mr&c52}$%+QhTANeWb;-T2bY<Ii4^OK<9@i;nea?pa@c2F^%Xr+*a(bqQK8h&k
zwb^#=Kv}v_cfTKHM+axwD|v3texjV$g{}{M3{mcRp^N2a9{Sx@avta3q0YMAM|`)8
zXIya43!f~jc<5P6{IHD2_K<t`cb-qG<M{%yo#W$~5Zv3+dA_Iz-S(4HZ|5WElhEX>
z+XJxv0iv8bUAgJDrJVX9tj0PVMjRnib_%b{*>3GSk9Z!7c4T;LdpSMFhdvEm?!AS7
zSVr*ZyNn01?Joy(dfQ(Xb?o(&KJ;Nkx%cHxcl%lPL}I^;$G#`$dhJ7fmv`quEzg1f
z%$eKbnD9K52aoIO=aG3%)q`$+Is4Ta>f}G0I1uc0_j3!|UoGo<m9x)Z9G**v(`7u?
zSI+g$Qz!rHh^-&uv8`G^{8aZ|Zqb8opO<sny*G5*NlyLl(EEvU>i32|hA5~0jnM7q
za`yl2>eOu~@q03Lu%F9W|J~|%_7Z<3;~5{E9zR3r8`iy-qvhG%_iIlI-ECn%R{tXL
z(%_xMR|dPD);{EM8{Jg&H_M^lR`feVce{MF=sODkv~cUI)ZsX^!_>*?_LB41K1Mz2
zd2)E%UUGV#61v+<?rrVfdmA??`yRCC>4`k;SPk=kcYOm`0$&-P`NWq8?<5WeuOr?i
zQ&0PVoOSq;I(Y_&TZ4a2+$Q7i56)xJW7Mx;o<sCC`848F<%7EVpC7up9Y@rM5kDBZ
zZS1kkvU+S6*}AoT5VoD{L+WFQ9@pe&63>#!>GqZLy*wv$w~w52)E9^DHj>lN+ip4S
zOIHQYBl>V%i;1t7S(kN`bKJZ|9nbB=TMI9j@w-js?Av#Q=flK7*^50apOV>tdx)(~
zg6}W-Hwu5Z@Q(`rqHsG#k!J(i6GK0PI3aiw(dVvrD)Ahd`V0&1eY2~ZpX=+{LcB28
zHk)3!wJl}c7Oic+)s=mX9(1>b+<O%Nuq@(X&TYh-gWb>G7`%&kTku?>`+)vm5!-%B
zPPe0++p+Dl=zVB%?nl<C?_phie65d-d?s;x;U^b9DA;Y+lPPPP$hofL)XDQC;usl^
z>ydlD$YS5sW1nruu{qtob%Ofvu0E~J(WjtYtqw0FzCHNk#771{n%Isrc-$5~*Kcm?
zD!Z*u4|ct6e?+%$4}|_MqWh2jmk}=so<*c9H~l=KuVsDOaTUMyxh{0K-7UfYL0lHB
z_k+QHMzc0}JJIsy{0z~$%GRy*dH5LkOQG8z?hoEcJY4pIC`&(&K0eSnk=Xh+OjEbd
z)b+T%+A$N|_i+Rd_2I#}9Y?F<al6@GdhDxmdTa}I`<vYR@2(D0)hX-oxb=V7_PaE6
z**fX5e|f35&j}REQ8E>K8u8e|tuNuR{%41NKGAhs*80m?xAwls^H{W#!ejmA^gJna
z%gI^)e^ICGxkT$ByZ$5PI9Y9dmBHj<wAPo<t($e~3%#{NaO<mhtf$=Ly}Pu&ipTBM
z-a8)aDQ7*$!sdJ?vDF#R|Fh0`rr|kDKOXmKIrB`UiTmc#e#BY9FC#7qzLn@DY(0Kv
zy{WL%=+qBBpkx28#f0EV#1{m6f6A+5C%-K1?<<k>oP#*#7rosZ6Z*mfyPW?{{H#n_
z+w&X2w%bpGN5FpywjJ8_I`W)Lfp_z;o*y8NW_|MGh))Q%4o@ol)WZGb((kr7A=uyk
ze0=a}#BsqB(Vs3;Pup3}dw$#o>Z6Eq?|-^>X!`>B--6bTX?Wbv<QzAzhb`Mrlyi(;
z1Y0-DE|Kw!3C^;2gl>P4vp#D>x9)P*XQMhf|3LhPOwRGane%(0Paw)!pP#Eo+24f6
zV}qP!9a_ve2~AGDod;3&X=t7cnMXcR#y@~xPXGC#PezyXdY7m1mc5dANqDB<k+W>O
zuY;UZ(c66;@wwHtQP$I|8>6h-O3t!g;xzw8;)-BTOK+FSIUT>8ZE|OLoThpkhn^XD
z<jiSTFsJ*@4-5aa@Xuw+&ZMlI`F|6hhg0^C;hBX;&iqHk{xut2?tPCJS^Cvk?-@it
zzcK$DbUDjDFFf0bFAnw|w5w$N6mOjMnHQcLiPwc^9v(T5Id2MmKDwM`Z&fGZ-Nf6%
zvjC5rW#1E?0rs``hi4%kIp>Xjc4gfbq09MRd=KXLcd?%Du>$tkGPCeYWXdk4tekag
zpR?m%gf=fc?sIbHKXO=?(__x)!u}0cb1ua%XU>ztGeA5oJj?LNne)2vc<g#@;n&OL
zT#jGPoVSE$koeZ{tiU5@&hLcBW1zp`Y&*z53ja#{a_00mob~kMY1j5y?;svIbGC8n
z5naFXSknjdayK92q~2pi8!O@CV2`JLu;XewMsdJf4X;y&HxM@m?;y5g5xV@{qPKOS
zpNe)$=v#<wUWe}S$N7Xgw-G%i%L|E)oqdOPb(VWOI(}8?)?e;@ztdl>PFd@4vrO6H
z!Mz`Jp0|W&J@K~S4-oH`@s9}Zxudguo`*TVNc16lOg&D1MfX{7dyjsg&GHg;*t#*a
zH_w5*)Y=f;`g|hvUlM)K`d#k>!G!J}Jn~z1zk2ZKV7E_ePs)xA&int{91{N-=x$fb
z{+T#A*tTqQ9`qsPpBg%Et-F3m&c5LMT;N5;bD4~16j9E7{|(`>ZI=i89&Zm`P5esH
zw+6etel3&J_b2CP2V>Mnc5N&7Y;2Yn@=&*(<(>mR%Pl<mIG`;hwm!xL-gap9hli4?
zZI?%NIbWk6{RZMa!Fv8u_;8-<86fr-KB@3&h0iE_LgcY}ZJ#2~CU{)v_Wg5%FC{uR
z?W1nKFS)mqWGpjyWF6)NzmDiO({I0$b6eaUy8TM-{kY4sPMtc8;pv9paj<n#{~NLO
zLvq@$<ShH!@Jzt}`(Wn)&J!$q1hLign(q7<X-Hr2{KAI^&m<lzdjU4M=b*~+I38K{
zbQzCrBKLN6o;HUkzqto^=&>E-{A}esbvz4*7t45T6S?=ZE>D}|q5FR2-V^wTWj2qj
zL+dkm`q1Rwc>ZB&+t&`l()vGaJ>SfukAu^+1BMLwtBh{lT3dzw1d8c7o%rqG9}%BI
znJnuZJ^7r%-nWtZ#d6f4jp^iEh}QZWy6;!c<3sCvcwUX?S=J4<PhD2{ieUd9tgq>L
z8*yRb8)fp_ZgTd$)#2Go{CMzv#EpgT4IUu>HkmxOt=zkiMqt^&!}b20XfF9Y{QH7E
z{rtO3*-=C}>%b7${NsrpKJ<*{bveh)cHa>>{TsH&ho>Kp-1`Opu$-)p$L%;JJY&%1
z-to=S?l01_0PV%$8Ouv@&U-y)vktbsoa6GM(Ctog>K|4o=NE}y3b*V8JaX?#{KMj{
z4_P<oxUyaPC&8W%{yz8!>hB}{Z9YlPiR5YX$<tfPA<xx=K8dGt9)~ZFvU7-6hi3qf
z+&j7}`!GUZA1h?B&&lo!a`wG;j*mVZP0svozrJhP7nrY|EPKL1?lw1&S*&Y%+P;r&
zp0kSn3>n>ZPA+;I@6he5j(?e_^?!8x-n61WM@F|^&nx;1Lbor?Ec#1A?<ZbX^tK<7
z$38Qs=<RrdZa-<q@Oba-n2BybnP2?Z%jou#HfDw2F+knEu}BX6rqFG(n~VO&(A~aE
zi~iQo2Z*;8{T-p(mMe<>?$D<Y-&^$eg+7(Is^}jK-8TMk(f>2_>BO}~|9I##h@UL_
zr$e{xHx&H~q0b_IvFKk4eKv7((Z3qH+vMv-|7PfOiQ9_)-O%R|zgP4hgzmQ5S@fTV
zzJTcQE4PdDA-C5;;+~@aCiF$b-xd82p)V%xD|#DK$g>2k9Rp*#J9ja^+jf{7dK-7p
zm!Th0bWaKNFGp|3$?$UsXu8|naXs@qCiIo)ql<oQ=!59(SQ>dA7rK36Z1JBG`fBu3
zi~hvW*PuJk$n~~474@`_oLO||AJ%^z`asdo34J~Kc}4%%(Cs@@i+)k)8__Q=`g23y
zgg&F_FAUv2)sFe`elHDu3;OKhzbf>t=xr<r|G$N9Uz=C_uL^xT`gKKrb?7_L7Z&{u
zq3=Y$vFQIE`Y!Y(MSpYXyV2iL^tXj>-&|hw+d|)q-maxY{ofP%gXn|Be`o0S*}IDV
zq0slEuPORRLmxu?SkXTbx_x<l(Y;m3?LM6N`J&$wy5s+*qTe67ef%p$|61q_N$q!M
zvcG*hbms_;qp7!RL9Exl@9Ajj&fBa{Ke3I!(LRpH>SKtz<<K7p-F@QMMgMK+<A@Iy
z{ZFBfC;p}Ae+%7x#ql!pA1JfliRcFx-Rn^5lh8*Lz5Ql5y8F;!MSpboC!>!l`q80J
zK|iMG$A#{`HKyn%g+2}a<f1<z^y%p1i~gk0-RIhTINHtmsP&(T-sZ-kKRxtW=x3Ka
z=Y~ETz0H}!e?jPT&@U|hXNNu)eR|QKAG-VKB}IQx==0HM6}`=usOJLoD~tZp@GnI7
zKIz<EuLyk+`ZYzrHuS~l3yS{Q(3haUzUViEz7&0N(cAZ4sn0U>c6~3};XlH^9DP~w
zzdiI7=<h80yFy=yzOv|dgg%JguKPv)4}`u7eRc7-&k?B4YV^B{{$Jr=gTAilp9*~~
z`e%y%xzN|4Z!G$~p|3~3ujpS6eFOTIqJJawjp*Mh`hSPM34MFf+db;ke>3_Ii~i&A
zZ$aNx^k0O&75!I5_iwb@pSPj!E&A_6-;VyrqW?Mc9q9Xu{*Taiq94E<I{Vc@GWmC*
z4==j+q^s{nKeXtN3VjcHU(t^YeJ}b^MfY#Fo999F{-U1{`abj%i~jh~_oI(1`e~sL
z<1qF}9@c*}@i3YE!+3vk?^hIL8N)-5=L#nUo7-h5x{JAzhZi1Ecx2(e!lMdXkId6w
z*gB*>w(z*Z;|otHJhAYk!UKgT7oJjhYT;>xrx%`4cxK^Qg=ZI@Q+RISd4=Z}UQl>p
z;YEcP7hY0$Y2jssmls}9cxB<i!mA3eF1)7j+QRD!uP?lz@W#TM3U4mFrSR6m+X`<l
zyrb~W!n+FZF1)Ak-og(S-dA{k;UVlE*(Zk;9$t7v;gN;=3Xdv0x^REtF@?t#9#?pL
z;R%H&7M@gipz!3vQwmQlJgxBb!ZQlbEIh05?80*j&n-N!@chCH3NI|YsPN*#OA0S7
zysYr@!Yc}|EIe3vRpHfz*A!k`cwOQ3g*O!5Sa?(6&4srV-dcED;q8TY6y8~QSK-}-
z_Y~e+_`$;a3hyuM9QdLBUwC+7=e_9}S-7vTbKUfeF5F+(`E7c}79LmFIc<6-6rNbv
zd2D(H3QsQV+%-K@3r{QTd^J5Y3ePM&tMKf?a|+KbJg@Nl!V3y7EWD`j;=)S`FD<;R
z@bbbd3a>0YSa?<8)rHp-UR!uw;q`?#6y8{PQ{l~pw-nx5cw6D^g?AL*S$J3B-G%oQ
z-dp&=!utyEFFb@fQ1*dgg`NAQ?sp)Q{Y{@_=X=Tij!*LF!p`whA5(a2Vdr(}8DDrp
z;faMO6&@%&x$u<2QwvWkJiYLY!rniS^_f+8cHudN=N9(<fh;?}@Pfh%3ok0XxbTv~
zOA9Y6yu9#=!Yd087G70&b>TII*A`w^czxjwg*O)7RCsgYErquh-d1>f;T?r{7T#5O
zci}yS_ZEJz@V>(P3p?r0?KQ0M@WLYsk1X6**zcxh9`6-N?k_y1@YurR3Xd;5q431Q
zlL`+Mo?LiJ;i-kE6`o$$-;~HY&n!Hv@a)2K3ePP(ukifB3kokRyr}Tv!b=J-ExfGo
z^1>?$uPi)Rcva!mh1V2bTX<dJ^@TSS-dK23;mw7&6y92RTjA}6cNE@Pcvs=wh4&QR
zTlm4k`wH(bJmjE%Zuen@hZi1Ecw}LJKP3B%-ycr)p3G$LF-jg&cx>Tug}oOu{Syj%
zFJ|hK3J(;XTzE?1sfGQWlg#6Ht&?XIo>_QS;n{`f6rNjnUSYq#ocR|NURZch;l+iQ
z6kb|*S>fe{R}@}Zc(CxQ!mA6fDZIAuy29%VZz#O6@TS6>3vVgBweYsW+Y9d~ytDAG
z!n+IaDZIDvgN64M-d}jg!T;Pw!wUNy?A&%E3Xd$@S9nz6(S`d9k10I1@VLU`3r{FK
zvGAnA1BE9So>F*fVZWoD?`wMD8HHySo>h2u;W>rp7WRAHnSXxa1%($DUQ~E-;U$Ha
z7G73(dEpg>R~8;DysGf(!fOhzExfMq`obFuZ!Em2@aDo>3U4jEt?>53I|}bCysPl;
z!g~tuE&O2NeTDZI9`dk%ZZChoAh+G{!u}RO>LUyLy8x+=Dm=Qdzj2hFF@?t#9#?pL
z;R%H&7M@gipz!3vQwmQlJgxBb!ZQlbEIh05?80*j&n-N!@chCH3NI|YsPN*#OA0S7
zysYr@!Yc}|EIe3vRpHfz*A!k`cwOQ3g*O!5Sa?(6&4srV-dcED;q8TY6y8~QSK-}-
z_Y~e+_`$;a3hys`2-iaUykUVw?)|dkcHa>?Q>E^{BQK1_(syLXhx5FTn`_P|j+RGt
zy0-%+pB<iyiDQD#B|f>Z<@LKRx%a<ao_4Ph`K?P^*K50bk&e;NjTQP&D?C}o<NZhN
zek5<cU^$V8`V^w~wkAJQ#xtBK=X$4wXB5##-@@*@X&g2h`(E4UEJt<u+vhBPD9zIR
z++<`On;(A2e{}KxrsK!r>wA6oy|I(z(Vc!~;hEw2H)3lCJid21zvptg9(3P}-1~i(
zXQDd!z2E9m8PAB|e7{$P=Qv_(pT~A(+qUB-O>Y-(+XCJ7zF0r(x^9*6tRQ|qcsBm~
zWjwCyf#8uuugU8-r}tRv=_B$LyQUvX93w~BcJB&oyFM#)+w&#ie-p9YA3{#~+M>U%
zu-9gDy<aZ;^}_8QhN#<7QMZ1goNYBh9glsuZ6oS7COGe<w4dqm9*Wiv@r*^2bGx+r
z;_!HF_;USt#u4T8yi^^}H}S9un`b;x?)?Fg<z^mw-a&kmOdjhfXWzIzbo+vw_gJnD
zeG*arKi{Py=O@s<6`q0MtlRh0@mxkVb_csXe=So7_eD9|<nN(RA<Df!cJ&`dFwY2L
zyJrcW0uQK@XDVJf{q5c)Jl+R%fgX4PvE74&-+fn3|BUc>kB|LQzx}1%Uj*NSe`)Bi
zfo~1oPHgwgkaIe^oPSg489eV>)P3iEM&UWZ-XFIv_}fJLN8d3d2=2}A_+<4(-F=tm
z$#~qq<h&o-_pirefc4WeJUD+Rt=&6~XF2*?^uX(h-hZ5YTkv~`_5t-R#5)UrzVO!I
zxx^!7Z&+jboO}cK6!3Iku=mil?Th|7SgU^D%kyRQtBJRSj@-2~y8adF!FLq?VBvPZ
zQ+PgA^rNf;>#|Mcyl=K0OYu7vwRVQzLAkT^!}iZ-1g}JI?M$8#XmYmy#o=-PdSURT
z#1{vzqHNpllpTpC=kLoc49|^3x>{TB8vJda#ovb}_x^;)vXX~&dq44xU_XPpOU6Hn
zC};l9gva)8$6Lz&70v#qe{^vAe-eH@ZNJ065q95my_XOVD}1C(o_;)X{@np~iRSm%
ze7uauJ}&3}{`By;-P^r|H*|gA8g=|*@yk6PF7CtD!Taw#j_VnRF6TYZPv?1GKLQKG
z`H(&u);3!tqubw>%AvQhDR@QEj}7)7-tob1-!}G<$G#-@G_pL6hdCD!&zAAnPvm^R
zFA3c~Aouol^=xBn)Zta(al6a8-ERur?JH-_hpQtTO>FZ7*!3Q!zPRg;C&<Tj>l!HR
z97vD-^pMbPA34XeQ`GS|7Pa>te1SSSZ3j8Wg%_&hc{K55!SjeMKOOlz*!uMaKT)<*
zu(bIDY#rLzcT4vj1w!+<u4TdIxFgv1{7A6v_Q_z|>eIpY^9{lM#GlBKe|O>5hUk;f
zo}x~D#sv5FclCT`_-7KQg=cJVZkNl#^E2WN!PfolGC9Wur+;O5))C(yp7Fuy`C{l3
zh;r|5U46EMK9MNr{?f+fc#l8O1OG3vZPOFFvgYbr(!Gx<GP>=5W$5#WFE8v^rQg#5
zbLk&W9Le+4ZFl)!h$jZyPLm5ymnrLZl(Wv4gvWVJYeVu}4PU2@e`Ijai5Sa59=Trk
zRXu$~IloKt-q5X=oa<VpPX7NPt|`1(CeLW1-1~XAuC2xMqu_nS-^uv<gR`Hs<0tw1
zD1HbJJ@zHJ_YMAGc?^%fH+J9II#wRjwddSm!jM<Uc&;U0Bja%!*|*d^g?WPc(QVJE
z!NcL_%XnrP!*3ryUdC^G$~h*U8oFM&H{<~Rjqf~0o=H5ntnDf1wm4foJZ(GTu?^+?
zo5e2;kME-$pYiku_f7*?Zs3u5-Yw&?-Q?UBcZTOhysr-h?<U?Y;~yK`8`{;sjf2$9
zw)$H5w-bLItUi>7>vgPSXlXo=c)Co^ad_q2zGsI%9$n6DdQs>T(B&MP9_hNgd7tI+
z@|(Ig{%Ekrs<uy|+o#&LgYTor4d$e*+ui$8GSA0lJl;#PzVL>^_ZB|Pb&<!uA?J2K
zDs=mgoO7Fgb@Kb(eLwOi$=CV-d?DI7>g2R9$+>_1t9p2z6CV4OoPDN^7kI4i)#0&U
z$-O7@56em(=J^=$1BE{;vtIj{oOQk@JbQ^-WIX-Bz3HroWhW1H`<0yE5p#c5xBtlL
zKagVTwu7ASv7M7rH|Ir%hsXXP=Xc_cR>!lENH=PEY)d)UI}rLrbUFLE=Q)<O+82h$
zwwLp}|GuVYF7fj44B(OTdu=ZbkNu?0ukbI0Z&v4hO~x;0-(I1P=Pu%V!!resoc;VG
zp-)AZv!9>N^S(EC-(@*dK9Lt${w>%({2>|7SBN`hJoZWVy)4_>Gx8jv2ewNb9sUu)
zS)b#=GnyQ>qkfM`=gZ``f6CeSo~0i7TmOU|$F2(9G3PZhW$m|eZudp%_}37Z6mD}8
z{G-t1+>Yz?pxamF9GiUq=JEK`##VR_+RxST_Xp>8IT)Y1{Z`KR{y6<hyZzGsmwaCE
zG~xw?uaHk70m~vD`kjuhF1%h2536jR@x-SF+vn%Vc-*G13VjLD;Z5Cb`h(ET|I@+`
z6#jkT!=nyki5`oroBNCXUiP^1j9`yHzBhG`OV2HQiA)_v5arw-FAL93{By!%-;mQY
zFFZF9uL<6b|9Y96_6Irl!J9*OyUUs9E$Y;54RKlU?Zo9WdF&5z=2@wZe=qB5eF;xL
zTI)*=CM+HYEo&c;^KS-yA#~eKPW|iZ<Qz)z*2jXk7kyXoFNqHneXq>A#u4Q_UNMDj
zIUi4K<0CoGf+wrvACFh={RjWBv||^#+p!(Hws(3vc2U;8G@FO@TtK`s*uL~~nX(fp
zE9ZPzpZ?bo+xZ~;PI#F*e*24@za6?l9nbrTE5kE@N6z+N6`nQ3yTUUWkDMM~Gmrgk
zZFr{Ok<;UAdj3dk*N9->@_p*mZ7P1b=a-6D><4{g5m;Uj>^}8h!NZC72ah0bmH&fz
zE=Ah00-ld)y!m0fO4}CX9Eo?nI&8nSy|V00!IpJAP?sH#<)0JpE&5jrf4lJa3%7kd
z@;r{WXC8lp|K!4RW$NSp(!P&_XC$6Qq1zsB48OYf0qXBZ|6S4l5W4%q--|w!GWy4&
z9}{e!^luWVkAo-5toJP9^}!2?w*-4nnfH(Bx8L3qY(MlqE6e)(^uI5BIM4Ol_a@5W
zd0OZL=obY~hF@Mh^Fp73{=U%fB6{D8IqfsQ2%ZM-4bRyJF_++>XFB>*f@i@08axx8
z5j+dNRHkm;<M4*iXQRKl=-wk?&N=A!gl^yPz6JHU=)VY_2md}i{<iwVc<7mrK3Qg6
zFC)$_-2OHV`WMjJ-=+!vRCv^XBa>$VdHx!@pOuZ`Va~IN6ARA^ww|{HuOPm)@J5-O
z3(4u{Xy*Ab@o37ZFG7EjjD8t$POv$zE_|Jg-{n{y^5Wo}SDzI65~7^rf~Pv>w_mku
zAn?n{ceXltmJ;PWhPU|%9*+&r(*wT}zwNGn8BxyswwE5~oUU8Xa-y6$Zwt?Rh>l76
zH{-uk#=n9n_b%_=<GS#ChWM%At-N$k@cqP1!5-_{+=e_W(d0aCe?L5qHNOkqNBl$Z
zBFg?<rtBb5&N{R?A@zJCp7VL=S;gye?;s8UEYDWQ^AzIq!m}D(?)k+{mg_@b6P$Hx
z-_@n8<K&0Kvo<)}_G9XJoImUi{xz}9XVCpSBYQ(1%j*6vQ%~DZ?s;;<VpYszzv>0I
z?}^Iz*W>Afdk%~&&kTJ-aOSx<%FZIr2+u}5a&IKS;%lyJ0kM5wGPr$5l6AS=<ZK6h
z`u#5B>k8i_<KK*5PJjE(BYuy&?f1&yyLjDu$j#$%dc929EtHk>H`z9Z$9DL7c(&q^
zbH4H2(6^z>x!(32Kyq$JmwON6AC~qVK-TNnu`kN*K$o-ZFkZ7hJJIFTEn}S>7am>M
zzdNfwiFlk$*<F;Cv+U&1ccaTacVw2S>XdyRaa!RSGI{pkk#k$WGCYn;^Mg;N?v799
zv90_YHnL;X+kzdBZj;Hmmz;9e?NgyYh%RUU`GPum{z%*u9`{E%%YHLF-c$UeVAu61
z9+q`{J3?l?`zb4D+2cbWLN}Ik&NC4DFmyTn?QhDE)A8`)@C?Tzr{`6nd%h^A-u`wB
zbr^{*=epjmpPcU^zBAZ1^d49ByNUjd7}@b<ZSXgVpOMMgM^3rt!HwnK;`w2)_mg@L
zs(Ix0_hKkJiX!dr#rOd=i?8W%?EYKuDEQ$qhRTN(J|@`T?>sr!vh6oKBhSC6vo6nn
z<!qCS!hZ$vxrJXS<L}2Wr(d6Sb8gW7)(reMxcyC;&~Ma3*)f!rv+TRn!*fS?unm#Z
z^WpG(iTKIzjKd@6_WEXcoJ)MS@DGChyDmSHN$#9i?tKSf`B``@+x|ujo(a6v{zgo+
zfBV~f=o8W9{LR~8F~_j%Au^sxc;u}AQQ_$)w!aa>`~5q7Lg<eto)~Oj8Xr7`c$Q4g
z0dmUucfl?U&m7|O!sGm1?me!(tu}wMZM_%o`tVG_Blm`P$Gz97<MF<{_O}9A*Hk=m
zj$g~e<2`ySWjxdH$a%bV?qwe9?|pj7Uk~=ayl)o$yE1t^pObqJ@9Oi*@Hmh29=y!+
zI~o5B{BpMKL99>DXyRcqo|$;$Y^&qLGl_U|cxK^|v#p#LnrA6-YIqz*<=!D(-7XH#
zJBXKsXAT}Y+v?@vnNNI8c;@1fv#p$8=KC5f{DHzBk$ErkC@c3I@L4`rJokpjb2T~J
z<m=(_Ua)Tld+hpY@Gpr!EBw3QzY~YybG-}5Dd%|fNOjuhWa6m8$H@2>;+L}y`t%PF
zpImsdjDHb+xkq$)W_X@Ue06vh^O~I32^WXH1YPc()RldcI_p|ad`ozi;*s<G`kkRK
zLznY!$CzO#WnDO|KEzla;t_?N9;Lsp@T1{AFK)0*EIcaM+;YzIPYm7l$h~3R_I+yT
zu2atUeuDbRUH;}-He|>k+QsVdtB98szN+xt!f%ktV|}=E*vbwP`-2CFt!{W8s#_cb
zPuGKP-Q+y>o~KS7yp}dK_zGgXwub&P*z0MQ9U0u~0W7n4SoW2~g~46}yHUn(8_U_R
z+VwH~o_`#v=ajBZTKl}M%h%3#f?ud7xNRfY_jgp3wH@Tle`@Hyce!^8|FE3J!#ti(
zO%8rB@j{t8*d}teN!#uYQY_PX^xfKRBikkU<%N%y@mn7``^j<PnL`{a<FRgX?mMl{
z<e!9gh8}nx@$BFk#0zA~T2DFa`I6AxE^_LvZJ*H9ztuDNdi`(jJ}+&3DfpJ6x3<Oq
zP}@3Ku=Mk=tlPQO8ISKp&hxd_&UhB1J(EWt9_uV;-CBF1TW2}j;S$*VbBLD*FC|_r
z<F_x#xlgq=Keemd6g{wYZr9Ub>ozlV>(JT?-Syh1`<8d-`U}Ei{$)iU4Bfu4rs($;
z{Trd*%F2dO6?1yM{LsQj$gFoX-gX@|*30hkkp7hLd+niJZ^z${zn$~q_p`yN;gK&c
z?D*k&zj6@mUiiB*dB%{ZU89Tjw%;8>AB%p{0bN<wds^WE8P7O8Q;XitCCT$O*7b}7
zyR!26!REQB@be45sPMfq`NxyL{nmZdt^K|<`ULb7*qFJEo*q1#_@-dj+y2I4_}g#V
zN1o^Nnq?Of+ut;V_4|FF%=wYRA20mr!e1zSe_`jA=Gk;G=TU`E<GH%uZ@8}T#=`d(
zZu2Glj_GZV6#N*T+ddO%hv&-Zdx*0Nd+&GZPp92w+yDH+7ZrYf;g=NlI+W{jIfjSq
zu}IG2*tzQD|2JYg7U3BP&SURodeA2m<-A|zT6N0ue|HZ6o+-gu_7*+pQ;BjOD{fb(
z;C~UlZk2qejDH$Y&ODzA&$o!5DZH`peKKXI6Xh)Xo$&mD_<b3V$6h(-hrdv#KF)o9
z6CRH-a$aZqYj_?-lm0z;IPB*!mVGAC=Q1C~w&P#weW82E^)o{2FpC^=)|2U1EBjm`
zhsEZZjYm$8pUqfy4!WGW#}3zJKbaGJHSy)aUZ?lD9_Ns+4EFk)&(&W~d~L9QQ{Ct4
z9(!&GzLfp@Hkmrir4Dk==kExQb+|h`^YF;MM^FKlPZrN-!!sXU&U20SIR)!A&$jUU
z`Nj9b?{Qtu_x_vkoX#r#8axhe*X5|^Li}>x8#xO0ed%w%&xU6a9yxP9Ej-hR=g4>#
z<B`+Te(MZ<3A&uWi+h>=sDJw{GWZ6x*N5))q$M(Cmr_>Fy1h3%tBCIl_L|dw27jEm
zHh4Pv7i97{zR7tm<L@C@hfDDI8wh%M+BolpXuoZRz5-p&ets;he<iw{{_&v?qRY9i
zx#}eMZzEq@xPAUYo>lne>?dyxkK6aXGM?3V<ldoFmgTPSnDg%NtU;IaoNHt8+!vm;
zc;wth-w)4^i9ZaU%6i*pJ=FQnXkIU~{?pM9qTkDoDTfA+CAPoCj4mIgPMz1WE;-kA
ziaMUj#0lY9k4Mh;J}ErD_h$w>_Dz$?xdFeN=f9VRNB?!<*@#EZzYo4JJTvjMzo9@K
z^xqb`e^>eT;P>&qR>`bu6M5w9dtMW>{u_y(3-;R4SA)HV_Vr-DJL`A1&9j+2a`uP)
z;W+@$KZ4u!A)cH6DB_X98;I>QFLc}d384=VPnXHRh5T~1vw!o(JTr+?!?P8Sob5b4
zJhsDS!Oj`x$mHCHU(R-Zb$Il@B|O{l$l1=z!?THKU9E%u9|rFt{y5lqg3tB*FR^{T
z2LBoMxw@aT`5j*Q)%e@zZtw*7Fdo)(2X&BpD>$&RoTQG&zg^t^mNEPl_-Ua(gZM(3
zvODq1y;WV=mxaCyUCzJrczfu((dG27Rwuvj<zwO5gGbJ?zNW`^_(AYbi93Ux+xT41
z9^%h~|3LJ)`W1NE=Y#MJ_#dHredrJ#dYm^M5v=ZYCEw#->LX|0czSrAO}rpH58{!t
ze=ZDtAG(~!w~wo{u1^y`8GHrr>kBgL+K*pO|F=RPLi5U*-}h`D+vKm|@f<?VbE2WV
zre_54P?`MB9pv64yJO%H;W5t>3ZEh4AAw)){RCjSI`ok|mGgXRfjaBDk+?8C&PU|@
zTet064LL`l%XuB9or|3o`B_KbJG%MaO@;qk#>1}OeNO}?#gG#yral6GiA-7N8f{Jz
zJg?|pd&)e!gGW;KOvf+$7ZKa}OYr$ce?jn4;&p`=7QU(Q8kxHFk^d{9?<H<6+&-&f
zUFtt7x}Q&3ANBTIl;m+~b8L82aL%!(^4xWeCdzq#<HhRac_ndru;<Fp5B?hYFOw<T
zPn7d}K=aipdoyui;ibWB?rvU<=T3Mqbnm}dEt7K$QO@K4=fks!cu%mu&vbwA*N9&U
z-i7|{VEduRN^_1S%DF%OB=m7axySL&<ySoPj}Oi^aewxGnez|9&ad0t8~+3}IrAUP
zYv!4VCTIR5)yZ=;u|N1a;)yc;N%-Z=<J?_+0A21a=O31KK29F{?F>EeWyCf&hS$J1
zsZ(|`emQe`*j1l`F8AKYKP;9pkNv03fnodYrqJcD$dt9e$k{$y!!r}lcfvCbkDTW+
zKMIeZo&GHNx5Niza@yDAtmmIXpMfrC8y-k`{WH<!9>-;u_SrW2tl-{83bBmV&wFw1
zd|dEk;)yc;*?8pqPNMT~^*QKr{ym+E>g1V9bf1@Pljq3z=i-<18uG00yqb7L@FL>X
zGX8n^<;*`nJl>bIB0TO-avq=CJe>7@2(A6bEO{2-k@L8^-?DfPVg5LbhwE}*l=D2d
zFZ4y|avoPl`+R)YZtgRE@8tdR^!(6=5nmcSoY?kj{3GBM>fyhm@NOB;NTU0X+y{>f
z9tBU7b6th?savnd1dk&gE0afE&OX!bd%^z!v`OLV56(H5`$MkF>xAYRLzFX5yLN|e
z8_0Q{col5f)kL?qWv!2#W!+}#<B4*fKfXqtvhK%k3|>imtBij_aOU}V=o5)@&TYP~
zP9C?*j_~+i<$RAnE1n0!GeDFx{{gl$>$N@PJjXdiJ@P*?JX7$<S+*U=C_5Eh&T}6>
z(y*+bY0~Xlevbokmi798>z$4+_Z~%uW$}9>eYY|1Ci>`mA}_K$DR>z1=`x;AQe<|p
zZQQm6x_p@VVe92J3;9ywhG6e2{C@Dyi8~8F)qMy5I`hlaVK_NGPnJi(gTdgC_M6!F
ztxx+M?BK(A%{=|YlVr-;|K%Ki?H_v1CO$>R(-)j=W!tH{kH~qveV#gH=MY~QJdb!?
z@au>-$&?)(oX3#X_bB@obT0ijPk(UUyWaL?Jif1wgvV_n=l3SIsN?x9@jEi>8XKI~
z99sX3Jgpz%8HcC!!{^ZOEPv!-o=5Z4vC=%Yjhu7WV?v*RF6Ugg^)dYJBdw1`&MErI
z>DYLAu-m#_gTn9rB4-}QVAnf<E@wOYIi-1iNL(Dei})59|784f=D9O;_ZK<!c25`n
zspxX*+x3&*q3TyM9=Efc+iP!l&SG1%>qvN}<B@Z0ZDS&N?#AQC&*qtdN6t2E;~n};
z^funvAS|cqr>x^!8~gCgLT_W=MV+UOeR!tfY4ck=?tgNA2jp3i$3D}>KK%a%zbbUc
z%9~}%+Hd9j-oZOVpNlT%_YUq1-M%g77-v80JH4x$eWH&J>pZ0$AJB)PT^ODbMCY&R
zxia*T#A}Lvedz9kZQmi!D7ft}u=~;NdRW&U;-HM)Ph1nM=W}v+?hW02XIs&~AG+_O
zUDqYgIQS2t4=0Y~{g~f<fx~5E->b(~b=NgBcp}{THoA3oewm)P22VnNw@lq^s}F^4
zJA9((pDFx>!jHmdS=alx;C~^WBD3Cs;5>Huntr#5>&`YgTgLCcBd7m@@VtolY#Gm#
z;PhM`o@<G19)f3TaC&^rb-jn!##}tpg45$`dNva8l<`atPLHqY*-pGq#xo;0J-(Lj
z>xbc)NtDyGFFb!Iw)2G*-FN9cf3WQ5h;7V;kAoi(y4>zZWxcZ~D`!q_@o#0HMQqpP
zDJwro9l!ggoc`yi<5@&}LE(1(i+>J&IsG?>XOOtG@U1fbx%lPu-xZ!O64!)h9v(S8
zXYjnwO0hg&eizqfh;0mlIb00+&!VrD@w+c?DEh|G-AA?rk02f@lgEAi#Nctn#|Qs6
zvCR+hJQ+T{=x55T%Y8x4Ir)G(e#@RyxE)*Yd#sRiUhTFw&nTkY>*pVq%XpY)Bhj|j
zGdeiGr+>9N9^d!t!_yy}$M9R!@w|h$R3?wd7P<H61Nb+NQFxpK-@!xA*x=p~ou|z$
z(QThLx3u%H+{;7%_~6`j-woa4kDPTrQhh>Kc0sV)>n-x_-MP|dLw9?%{*QkI{4k28
zXOxU?`;Q5>Z5@8}*k`8~z9INt;<{juTVD%yX!~}s=W9EQ{&=2eohQgq&o=i9KBwqM
zQ4jrYQ#t2vw!39dCbl^q>^OOrI)1mW+&dhRWipRk*TpiPexjV)_gZ!GxKF%R#^ZYA
z+!ns3XA_al+}Q2BGI)U1t(Gb4c9%2%SHts7;@5-!760#oN6=3D3VX~lkNrf>Iy^Gk
z(_@eGHtQoFE#tTU$mwtAcX*udKUELxJZf_A#YDTH`tynH7zKO%U{>f`i7%7MZ$Fgt
z8d004;n%ZRPw<<=KM}v2{@X&Igf6H4LG>v6(ctyO`-07F-_r9p;sb@-yo<UGkh9IZ
zc+F)b?W_N>#A9VV_651u$3HCNLZ1?x^PIMSJ-JKdd+vjW5!*Zm9uBv2*mrl=>Mqg~
zd{p?|*W~QCZcFpHugN`E!g4wf%RY;EhK$F3P|of6G<7@|6VI0MxL?TWIb8iIU7hU*
zvUPrmOeejBm;78m`G(-R=x>(s`@U`qebK}C%(3Wgj3AHt-tbt~^F4EVZQed4tG}qQ
z*T_=8s_<unZ#a-KrSJi67xFAd|7_uQUp@MZS=Z}$P0wuW8GI>k_``*_qzC=sJer@_
z?mwYyKRmPOi-R9~5XaKO!+CDmexjdOB~J=IpLllRmj+)$ygGP3@xI`%5-&Qq%X1a+
zvcj*I*%tO6e>2l{+2-wD+~6M-{TGGX=O*F#Q_<UJD4{=$T$%F`g%2-$bm0>UpHlcq
zg`ZmZoWkuhmssy}ivGgFmlnRN@GA;mU-%|D`uP#jKi#L~|Ff^LUXMS|(*yrI@dd%N
zi8F)e5q++Q|A$-^?7s4{;0KAX3icl9g~2=ECBYsq+xSb}+<)cVH`{!G<ZIDZ>Br;#
zE2pQ;4e;zD=LS8npNZWQ{2=`0;44_ycVzO6CdzpY>WAU6&+HCQKT+;^pk?_p5A%C0
zZ`Y&X$HHxH0PkmA?K}t`MxICWnto0pyX)uhNc48y2_6NX8lHYwpZ>A1V~_P5!#d@x
z=Xv3=o^8H?XDl8$>*;aCJbKz#gU4g1oaf+e+`%&*PaAjOHN3veviQg2m(%|qbvzUC
z-xVH@@p9ht@Uie5%(3Sa!5fK=NtSiI^SOK<(fN@4dHg<?J)V6zcqYdo?@_Tn_DMOf
z)%+wpzQ=Y=fU?eyo*2iy0d%iHSauR+<@|j==Mb*T>*CJ0<SF=P$oL2F%Q+9ZGW5yl
za$XO)F7zqra<;=Qp-)AZ)4wA0Y3Oq1|7hsb(dGO+akn~k`!(@_;AzzJFEaI<fnUz|
zbx<6){d{Y9u%89D?{MLtiC@n8jM0NW3ti6ooU6`y9Y-#d@yx~}_l{zPEPi(@J#z}b
zD*SWs$mxG=@tD`LZo78`zni!s*n2sAu4fgo-QNQLC+u_et;7!okHEi4rk-<IuiSe#
z9fW01=pL`+{9OL8q0dK`^Lq7R<TC$biD$^<T!2T;vgd}!dR`cwg?Qx5<7@dIuMK`J
zaY3+SqR;g#A-+D?vGj&uJ-(*rR-)hGl1HGg2%bwD4hG*vyffJEXtaA#sQ)7BCg*nl
zwjT7w=yK}2LSKR|XMbq-qTpYOE@%I=e)%3x4IUt#5qvIjcJN%{mBEhbi)3;xBd6T!
zHrJ4w!{a?8w}xjq9yzb~-X0$N&qu?v0*{>6dp{ALFB3l>9-6LkzTa)352DNYet#PJ
zDs(yP_Dgk=Je=eF@4~YhkDSNJzl7&?)a^igzQ;9q<jj9W=xfpC%s*P4{1+3wf5o!v
z@W}bwDeXH`c+Nu`2+w*va(<TgOm#e05HAVO20U_J|8)M8+iqU)8;Li`tal@R`Jro`
z>g4<Y(eFm-*@Q>V>z|(vkK5(*;n|Ew&igUEC)hlGkLqT8=GlTr&hv<6>UeG^E)UOE
zJaYEEyF%ZFF84+QEO&>#Jvcur?BjVK7t+oo_6JWQw(|&dxt&J@KRi5MdpR_C6tP`b
z#4`pyN&Sqj<H|ihyjAnzNhHfh<@XL5@+F@j$wv_%QFv<bEaKYW9~0l`F$(|ti7N|#
zS|&fcVs}3t9_Q)1!XrOWxZS50o_5>|J`kVz_4nkc^XZ{`%sbNhqYo#_Iahp!I%Ur%
zP7Z!D{%JD)5kxurcAHP)e=*u+;Taj6`*oW)MtwX6na8%2^ZuM=>fw23@F$3z<~6_D
zNY3Bhe4jf0AJZOpg~zTU_m1wi*JncSC(1off?2-EBiCg=mfLrJW$HGD_#+;<@9z%J
zUe?vFlj9kSCg=SC`@(Y|+xH+I<{U{pEZDv=TBhtcymEfNb9{KF5l;`#cs#P(&*i+(
zCj{quFA04jx}3+N%hjoa^R;Wj<Gvv0dKZLekhml~19;@TpTX-A*4e%w=lu*H4t)x`
zoX6faKXkjG-4mXvc;u|x_d~ZI$yxT->Xbc<&D5@Au-@r-+I5Wg@*<0u7xg@wI7P-Y
z16}Sd>pZ@u$NvA);AO-%ufsnRf1B4$@BDAlgFXvg&U(H*$~s@WJ@|9PK^gyS{Brh_
z)#2GkKWTq=7|$F$a^`IJN}<n1mwPrUi|fcbx8HlA{vHSpCYS4)$5T1S!J|W;k1pr_
zc$_+ApFuo1JPYv1S<lnMb1?az8lHuC<g90#AF|#>=xu)3Rda~<Rhxe)@#-kM7>}G|
z*@EyaBKkWK)_(~eImfca;Ta?@56@COa*kylAG1w966_rC^D;R-X2>~~weRo8cK=Rz
zmgA9gEIX9<Y}pm)a*j>MhrSYB?mZS@IXU#f;2d`z$@9K{=^CY9=A`yS;;F$;A`S$*
zk8GClldf$m{ZFR&l|1C@h@K<KXVVw{EaM-Jf2@5Y*7YPAkM|BuEd2DshsC-^5am3!
zAFWQ=F~s(H1pGwUy0)Cei)7X{GC2FybHj59@g?Eu3(n*GRpEIGb$LyAMiJ%gx3`Ap
zP~P92;TcVo^BnL);qg7T>j2dAf6zW1y8L;WdiDqBF>RB2_`e<=->;l~dspaViE`?H
z4SgI@PTga->l%+Hr+!-K6VT<<XQ)#LuP3zgbjnV|)6Ub;Ty6}{w}?w+Jd@Dn+)tN>
zXA<q;X^)-(JaVq<Q=v~rmvbL%pP5nz&$-+AIA!gJa_)oed>qd%w02C!GZjxeCVvT$
z#p8JE8`R-f!NcIc%lN0^k#ip$#cTRcBpxH<nT|)!eejgfXQ0cu589vl&LkPjh4LWR
zHHpub(T5T3f2m&)y8Fny(7m5`e(3i9w}$>J;+kMRzX;w#e4p=SkaJJw_^Yg2@ZW+@
z#eb;B6Z8r2ESdVakIW6-obCI4=)RBk{XYEa?fU}onebNLgn9ml*v>WJ$;_FL<)JRW
zH28V=+k6|{>tJnO4X=6_^F|)}&A(n|z3yv!i~fhg-d~;m11Xc-D|~q2_B&CL|AeBS
zQuv95+kMyJe_GMcDSScU=M;WH;r1Q9$a7WEUs3oqGVj-=&0}GYA$1-*h3CG<XA|3J
z`tXZj`=Vw0gY$ah<?4f7-<c!h8AFuQbA9MziE`>UsSh%C5pOR1#$fy4(%|2-9c~N$
z81elw>lzoF*8@Kso^`~}1lw2dmGOHllJnZ&57Y;{dqVWd_Km*<J1=eLDd-=7eXi%>
z#DjxBM1S|W`Xh-Wg557h1)H;9rVbNGDd%;nQ^Mo*&UXEiJo|XRPY=JxKsm>hbHhKC
z=-k(w9s}hZQ`)hVJg)cU;Tgaq=a}+_&?lqIIiGCDOma>^ugA=fhkq)%oX6YGst+Qv
zuKUB|@lDR_U0(~&a6CK1W1o_<9UchJZ;5SAOU{w_{}FzVdvdmeKk4OqM-bcRbkun!
z9y!~g9ar(#4()R~JhSk~`F_tc5Bh9$Imd|Cggysd?mY%zd2i@*gVW#UuH^BU+UBko
zQ(2ZT=pXEUOXDk1c0RhC?XxvJ{nYcv!9x!0ez(fHEx`W^{U7OadLOnq$KwB;jAtPp
zInU$%5+1+r)~<ize-!NXP|MCE_RExAL|Hlaqp{(!-OdQlVmxx*Py6)ZnH-)ac;viq
zc53mo?{p7#-|4$N{7do6c}#di=*!UMtWW#iA7!o2ZQ)stN6vd+?@$lVs_?A9Bj<gp
zcZa?bUCw)7H>y+Cwz@AoJpDi4`)l9zqpen<%Q<)26=i=#d@#zc#v^B6{Y!Wb7{+mf
zhi$$FkDPtA&9Mi&_jrDI*5Z+~?_C}GI&?Yv-i@KJN0+m1?RqIWH=?Z!&jvhlo+E!O
z^o{6puMc4PtomR#=57w&Mr^-lMg2G7k@Gn4^Y9F?jeaNN*^EcddbZC%(YK(>skhHV
z(YK<@sh<p6hZhsa%Xqfok$a!-_J#Ice)R3=a@J?Ee#%avKF^7=JMhT8FLY)7Z7V(Y
ztCt0P+@2?sb0>Z|+w;2c_`UzvhG!QZIoEqrc&3rl>$K+CjYrPw1Md%g54xP!2kurM
z<lbH4+VJefBj@~cQ|J$(%Xu8zs!mzoOZ(0s?7V1C=zk#oCir;tBY9Z2edLkzI>4mR
z_oK_bxQ1Y^%>UeAzY91c*tyo_!B-Qn4E`eVn&5X3+ix9EH@{oDP@Osq;eR>XaB=u&
z<9Ta%hT)O3Z+tTJ;plQ+6ZmTAj>B@ckM+y?9~$$z6N&9JYwGjR_W|L#thZkebsI?@
zImb<ZOG>>DUCw>n&koK1CgP;<IR4A|z9xs~TJm2Q9<OQ1`MzErdOy0H=O)*xlizFU
z?Xzs^Fb0pDedC7kyq|chjAtw!Ij;|R9oan2hd&&=iTHUL|2X_|o|}9xJpRqVo#7de
zN6vGT*YSQV%k42k<UBW768c1Rxp&Nvwk!*M61tq%2M*`ezNaFxc&)kbeck;d&k3GE
zygYag@m0YaiS3*P|8ls^17UTKq2`f4Rrm;*b#Zw5KcD*_8y@dfIX-wS@o~ZHh$jbs
zjyOK}O5)ivIeAOneKj`%ENw0wb$B7qt<Ranb}tR=_2Ad5Q+7mfFUsDc9%bJZd>wIB
zu-69qWgC-aT(Ix!4Eg=t`TDfbt=r6CJy*%$xi)m`a6{4G9{NZkr>PJ5zgPH2g-6NM
zr;jN2jz55Z<NJ)PYZ80{4?Vsv=N#Z%bv!o{rv%R>KC5u+50o8^CTCfFmUUi#P4G{M
z3uOHL!Rdcf=wpa-um1r4jo<bm5C0Eo*VQR&ACR-`-LN@rZ#l2S*gvv8+qD;xY(i_-
zUhvyr<h<we{_uZ`xJAY@Avo{(w0?b0>$dNlV7J{zgGUfQE8odIl^o++9{g^v?L}|f
z2;J@SfI4jZ|2Ek6Z1-}I$IHAPTlMt&da$0y$>BLAbn8gfAJWeW-FAC(ux<6W;NkF^
zVB5qY*_>O5n+ktFJhsU%f~`Z3O=aCC!AA!BUc6UNT~E8d2Tz7CP>=R$-|a=WecJc?
zLjP5i9YFtm@D#XxFAq=Oft&;KF#lBaN6P57d7HbUPeXrm(LWIEe6xL4g=adRd)46?
z@RsoS+5NWAXQKb0=xv^fe-^r*saSS4?C(uj2g~jc-99p$=UKOz!G8X6uT0swczzlB
zuZeALMxK5=hw{j>r^xsx;-4N24tYuO%rE*IihfJsw-&yw@EwIeSh#(bO?_<JlUSd1
zm`9ZJ+U)7-c&u9+FW|-aJ)WvxL9`u{uMS>Fe0A^|qR;jC8P1a6w-DPsjiJ9Sbgx4!
z57z&lU~EGMi+)$I`P;SG$m4U@wUPKSnfEn6IFBt~R>$LU>>J@(5S$)g({m7Y_(^zt
zA98wpO^<T`=P9mhk+1vQn|4`zP0s+aU4Ou{7+p?}uj%oa&^}YcV>`*|Y1d}am!iwP
zH}Vh5a)M=VC;G9CypnzEJ%#TI{vz>1!CxVMR3_&#^2oU^um757KXH5EAIkXMK63gG
za9_s%MB?zmhsyX@;Fr^XMtG(Xy^d^I`D_{gO8j#ApBJ7v#F^n4#3QH2*Ydr;Gd!#C
z$k|pO41G1aoO8l<|0;DDdLYL}J+Rjg?hjr{pZ~5*-Rxg-mi=SsYtiMbkGag_G0o4&
zEV~YmoStLV@8oz-JU)0i>uR5o;a`uxeMa_j8k^<p@Ju0|8@v+#1;NiIUKqRzz1@pT
zo(+_hv(DFt$NO{JXJL0TR^V^<>%t#KzmbP^-bh(F>)h_4!t*Y)cAo(JKKSE2d@pYy
zej(WVrtT@+&i%=`iJWrg)Mwe9M6VGfe^<u88NZx<eR@0||D^CQWc*w3%jy3|=v&d{
z)Q=k0<>@DS50*JSJ|8cWXB&Pw&ripO=TUgZ2S0`Qq+pN#12Sc|Q&!IV=bslI$BGvO
z|BW~+_)6mC!RDDKlV=Bc<jmvs2lbuka_YCLQ-90e9=wORTE@Q%znuQ{>fzrQ?C%BL
zC*$9ZU(U8_*Co*RpttK1&*}Q)5Y}fN-^YaDD~M;w`1j(Md&jYJu$&hj$DNCU^|#*%
z#Qz{3InQz0bp!N$=yJ{>ueU7vesnqgUPkOYtE<~n<yCA4Vw=;VQ_b%0!=m4HVE26?
z{ln4Qd@uBNE`vS-{i{6mj3oY44v%f5-bb_^@+c##PtW6J^wH>T&K6}~9eO{yhjKk*
z;C4KR$HMLSjDIrqY}bd;$DuoiGr#&bqU?C|-9>*O^a<#GHkST}$>f=c-e2?+LZ5`*
zj>(a~&GGOLpwB4&7lwZ_`kR8M!0p(Je=2-O@!uJqY3Lh^esAd0(f1eqAED1cAI1C3
z`nP)w$UhT(LeVG6=(Er-3Z4zWB0LL-ZQh7y4*EMow-2=A81GjeEV|pwoO6kC&Wqal
zDSq4h33_0UhffJUi)dR|c3yDr(Ey9@U;m}VHjlzHKREZbtHQH{c%zJGL2zC-SQegj
z#CHBjPI-ko{)NGrv(1;#7op4fy}ZxC)@L{IzQUUee_f{RVxpWm+xaQF^^`MbJNF@{
z*Jt*kn_vEO;eW`KT}qTQXPZZ%`~KQI>OeXI%hC2{@;E2*x=iwkg}t_7&gJ;!%*myb
zrrS1h*3(?(nM-_Tcvj+(J^yiOp8?@{E}9=Xq<>cU2l2?g`}l|DrQxw3y(0Jq;!VNs
z>o*76XWN{OI<t!IUZ$8geoznkYIM1GtJ%307y6pue2?v%4*yzoxi>;L<7xQq8*=)0
zhQ1zM?s<~O(mop^&xYXiI~TM*8`0(74FJm_6jR?6oc{LN5W4+H?p>n0`wU+Hmf-Za
z?;E0TMVEVCaAIk5LiBCH>36<pp6%#z&z*qf#i8#APXD~nccRPoEtl)mY5W_Ai-SF$
z-4g6E_CI9SwF|$TIqwR6H@ckq`q1~F%e^0UE4wdr_X#=u+d_X3UG8}>X8B3z`+~F1
zyVa?)b$c+_&!hend?)$=JgoD6%F4N}k)aQvN^;Mgh2@yghoQ^q9~b&?bh-DA&fo6Q
zBL4{Vc8^x{TkB-qJl?j?r-CnzJYMgWGye<2@9$7v86L+^Irmd@nbUhz+Z;9crto`g
zk$al~7U!V8_t89+b8g^kLn-Srj7ReD!tOSyk1X6*cvRuhh5HMSDLl6DxWeNLPbfUG
z@T9^6g(nxDQg~|NX@#d3o>ACgsqg7syIm|ZIJ}vsdXoP=JhoXoXUA`wd9I$GpB45#
zCG`d5Igm$s?7zv^1nYUN9CcV+JhrpC+eFUsw_lz7FCv~M<8fQby%YI|rCqPU^IZ6u
zJoLB?<=!g(VQJ$mo<mvZ0-oz}J#yw*q>jh^Wl8W#qSr6<yZz<t&v&Tf-%V_DNId<)
z`8max!s9;mEg6sfMb2}y--kYyC}*7yqm22N5c_4y+Nb0!+r~RQ*P=}ik9|$fJhRmC
z%pqPD9{Zr2pLe`I^oi(l?nkHayl<fE182w|<QPonaNZ-IOMG^C+;;mzw=bM-PCPS+
z-fL(cw;iFe+vuENw?!MHdC_)m?<Lmtp78XeuP$Xj5^Q_k9c<YRa+KX3x^4TX&=+%@
zXmevcvcK`7e<Jaz!Tv7nSu*vp&94l$Z9f%k8@4%ZtgGEO>ziZQ7kP$|zum`$PRb#V
z;JNGi7oN1^GrDblnmTNooE|(0esZwyYaq(n{_WU{e*nE5GoubSgl7t#o1?5b+dcpI
zC&Noi&Ucrbp9_5op6>@wh1-4p<ab-|3w;_qjCEu?50}Y59sMz(>mMEZ40vqupHg^y
zVb8HMr)`wnev3Zd<K&`WQ22P(q5n+R75oh1sWNq&8Jzp?1>v#(UKnhBX9dqAUL{jj
zP3~REKP>I@rl`+ip6i)SlzW~uuq@?aeSELC2mdGW{WAVJ!I|^J;julw5T3b2Ip+iI
zctTG1sjr7${!aL<v)ntJe^_?#$Ts{*@DThD%G6;#QSNzBmZcrT$?yL9a2}TJC$?iz
z@bT)DU4UQCze_SU{MKh;coyQ3A8PZ^7olIE{x|+%xiWOyPtN!2eBC;1C3=iYzE!3U
zOYqCRSDK}}Hmc_yw88MW9ptP-JHMvvGW2%;Rn(z<K7zg+T~7Zm%|p)L5cdST|M^_~
zFT@9fJ!Z7|Gx{Uop*-|>ylLm=u>1YU&^_iHA+z2UtXJ;MCmGA=@I0A#a(Gsv%RP?g
zE|xdH=OE7r&mg*-^?z1)t|871&ni4}o?~7g`f7AJ&tYGuPW~mt8w>w?u*agMGWB0W
zSvj}et>O7E;_Zdk1#c#PMyBjq%F0>iABMgTUG5FxAC_I})W`LDkCyE5watOavmQ^I
z13N)rIfQn}_BmX}vjJVsbsZo2Ms&G1qFYzHHXCg_F+7{_$k}ht4}CMboH^TEmvwDH
zmwUGWESKvi=Szug4h&D?z4%<+W82li3yH4}cKhBclXEM1<gCNp;aNxguiy*G^O<0e
z%^PLPZlkQ6_54=o+tKCRcH7mdkH>KD(Xy<^5;@EMDm;z}e+|!0JaT%xH_EcR(B;&R
z4ShGdoH|d33}wA8$Pe-G!XpZgEZkRkRN*7xzGrm%)cL{YevZrsN@w%ZRiV3{*N6UF
zqK8Gxx=xP^vg>T~Vc2!H&!k}2xlT{yyjMmaO>Cb-!Tqq;Pcmow><N7g+Ro6;*{-WZ
zo-?SQewU+o$YX<Zo_wM@e#g4W!7m`T`7r)*!P(B2hR63kJJ|R8G8zB);PhV;`UIlf
zJF(kG7O1mc+w8T$w&zVUc_tF&-k8q6G(4`Wjfr?B1!sTu&}L5O)N5os1HoCJ&#2?s
zNNm@&VAp$J=<*hsvbKkuWq%s_6r!B#eNde|HxU06yr0;{MDk1x&bhbyivE7$3Bit=
zZ5%|GPgAGtG|I|(-rDBv=+n{Lb*i`XBFiIr^jUe9woRE7I0tX-03X3i+j*{Mm?oa5
zztsoND73@XgAWV8eOt~xW52ZQ2%?<({_*OReLS(9bK$Yiw{xy<lbEHQb47mJ(LDBB
zIq&ak`xm<Vg`D~Am*)Q%@x?M8*DvRJ)0OIYyoS*BH9Y-ja^A<)&cE=`)b0B_<{1;5
z=QX}&o=wDdUk9GC!FeCoJ>jw4z7o8P_(K{0xZoTs{}{Uah@AIswSI!%eMHW4D0_b2
zIS4EV$sb`{GWwX@>F3F8WRJTSh3@u!VbO01UQ1k2cvazz!Cxl&Fu&Wq9dpRPnEb8J
zz<sQ`^;>uxJc^21hck)e3;#kU&j^aPdpYn}&qwpne-!aj8IS$sQ^DYnFNR0|{e`y_
z{&wLbDPtbnM$W!^f;#K^65ckShyNALwpM==@hq9L_BT1NDNR+!WB<BX#$$hz^O$h8
zI-ZrpR|T&oemvNDcbjihwm-NxmWE;3$-}ZI(uO||9tQs@ct3GC&t31B;QXC!`<%Lc
zQqFzk7<F>GUB-uJ93DCEbDkKUuh1q_f}Jy780>lci)HfLSLL1!#xf^#pUS!3tJPVr
zWfz2JA|APSFaNMC34Ky<@0Fe2=H#qv0KLu0J9)?o{p7rhI4I+pj7QF#9}CX}>c25O
zQ}D={-}@LWI~85dI(u$l{vQ&zhi4idIrINI^y%nwmTmKP%G&3hVw!&jC}-K>>ft#o
zJTtM#={dG|+FYGHv+%UJ`tblu`>c&TH{fm8x`W&ORQPA(k+W}HZcg+$=yHxbZ&j!4
zw}|fz&s;ommTmVrP<9@=oMpcg{`u%~w!;o}a(W%N&9UJ>qWvoT3-HUizqIQcct+v>
zdw3S&k@FaSFt3?&E3w_*MST|Gk+VMI^`I|Cm-E<uraEQ+mH4#6=g9b%;Ft3_uTQ_<
zwY@laF0swA@h`<M=P|t97lGg7q4R8WF2f_|@qD>Dp4*AH1v_7RPw*#*A1d7D+vHh}
zN6zE_IG*?UWg`}kS@JOAWx>OVR|JnBy1n&`BrXc>BeuCHx_;N8$77viV*1}NbCJQ%
zj=a{OKAPCZKDZy=q8^^1_>w)=$P<XqmSbJhgU3+r`N7uhnqcd8L-8*T9*cfU@wekc
zthXHp$Zy+xL{I2z3%Aer(T~IPcpiGrA+|XQWyc3+pFBek`UIk!bJVA)N7;d3+oz4W
z=v&dIs#Dfuot!zRhwiaX&c5*?b;^E#_;Q)D1Hn0;yj~s8>xi!jcD*+Rzma%z(c65O
zJd@Gn%(GSx`V^v^bz84a{%;XKFXOT9a(ce6j_1e39|qq|9eyF>pGK5(ENgQcbl+>6
z+r)ftzkc!zqwFJj$WJ6X=9y;(ugkgr+K2RfoXC`@d1m5~vkfl@&pU{hgl85WIp6!-
z@Yrtc`VTqfH>tDU+4$x3->#0w{?)D<!?w?z;dkGXvwe6vWauOPH_kVMNANuLk%isg
zQg^>fcHc<0-zSeRY`;w1{**jW*lnD;+cMehk!)Kh&nj$Nq&~Osyuu3#FDwiW8Tx7e
zWv;?w=w}+XW6)3!9xUy>Z|Jz6F!XaBxA$wOV`=Z#3zjSsc?{hsaqXJN(0ior9AW4e
zJDx@udT+<=eQoM^mb#NJmN`6z-q)~=XG8DrxV@Ln9WNpb{c^`kWGC`0%Xkd^YQr{X
z9=fIDLG`b7yjpg0$Fi2k&~G$s*OG>A?Rca5H#>HfL+w;7zC85X4cmFy&}|*>RR8ae
zcgx@Dc(453j`zviJ03!x9Qr>U50}5!@krU7m}Qi_qvL-02OW=<-MLwu9}fLd#}nn9
z9S_Jq?s$s)la8m!KkayiysP6`^3OV+BmcbPd9nu#mIbnJj%AVj%Z``Gzv_6I{6NPm
z<UJh^%KzK(YWde4ua$q(@p{<?W7#Ns(ST*M{JV~~%D?Y;yZm6sJLNxgyj%8Q#<Exb
zQ^)&cH-gIn@Si($zBlwQ9ebU2=wCbb{AlR@j{D`mb?j-t(7$)=dDGB;bnLa+q5S7E
zAUoKyOpy=hc$$1*$1`LPuq?CWgF2ogAKdXg`C%O|kcW4?NcMs~%M$sJj+e<X$y*_h
z==4GP5go6V5AArZ>;ax-y*#qxjq;;9-Yg&1@mAT34J_N`zK(awkM4N4d_>24<s&=Z
zCy(lQ$bs-<I`%uZLyzj%Yvn_|A&AAf=1@QAXX%$8+p*uV9ePa1&LM{$+wnxXzvBV<
zxQ@N2cIfdPPm@pRc!oTt<5}|KI-VmtxUtNWPwIGqJhtOS^5Z*RBA?vxGWnE_SIADX
zSO(=Mbi7(Vwd1w27m8Tc%i}xVC_CV?Y?e>&c&q%Rj<?GWyevCqFF>*EmY>q`UfBzZ
zEc@h%9XlZ%%5P=3c)fV&nH`UmpW5*#c~Zyy^3yu@bG@Nwb?j$XL;0NAWuiRL@qqk{
zj;F{@1X#R|KlGfAXULN~o+UHB=aOU72!tG)M#(WYjgez)8ZXD#G)a!JX^I?UQyWh=
zBCyQjkz-REH@~RL@r_50O^fACsxhX-*tC-8IX119V{BR{Z{{DCjXZK}a`?%y$wPmR
zO}k`YWNBkWj7=VHa%^%}&#}qfEXO9hc#chWuN<4)v^h4}tT{GKlVfa}DaY6}M~<;+
zzH9|q7RfO-EtO+zS|P{Sv`XI5`Pa%ZHf@k&Y}zcx*tAXF+4*<MKkj&s{F9FN$v^Gb
z&(3me8Y#!v<n@jmo5sp9HhCQ($EE=}#-^!qj7>A-7@KCxd%AValVfaJD96~eM2@j(
zxg29tJC?@Sv_?I~rgr>{v1yZfj7{yB8Do>@-8nY3<7A9Y5329$>NCXsG{&Y8a*R!*
z<QSXA$aWT%@p6n!ljInirpPfiO_%x4WtJRcljqDiHZ722Z1Oxg$EIa+j7=-$7@OL0
zEXF23i^{QSqa0(?7CFYIcD#zQX_xwlu0HJ;6=TzW^%$GlaVf^8zG3JwHnn3>j7{Uz
zV{B^2pBS6`TrJ0@cFc*f$$Rv3Y?>p-*fd`r)zxQ_9Anc`ImV_Ha*R!@<QSXQ$}u)=
zkYjAxEXUa7_y33Xclme9F*bQ0e~wN2<QSWV9R$bNG*XVSX|x<;(^xsiChyPBv1ve#
zv1zItW77;d#-`b_2M?Bca*R#>UEUm<mdG(S`Q4Qqn+D|=oBVD`j!o<37@Ic9F*f=A
z`W%~f$T2qUmSb#sQ1$@kaxffY(+D}nrcrW?O=IL3o5ssAHu=5#9Gj-dF*Z$?2fF;T
z<QSXg$}u)AkYj9GEXUZiOpdW>r5x2<U3gvLjWYYQ%a+313-6NY>n?i>?=L+3VgK~>
z$@CAG{=(x5`<vS7@%!@0{?>EyOqsTJnN!%``AvOM;iZLF6!tst>0c{TZ<h^)Hy7Sk
zcxPe%K5v%ww|kO@4TpK|;&0g`k1p(QxTNmyWF-$2_V0_QKBMsL!t)CIcX-q9_wJLI
z7alCUrttd0n+k6&yrb~$!VeZ6^6-DIcSPY)g~t>gUwBgCDTSvOo>h2m;RS^k%hbtb
zS>ct1R~KGacw^x$G7p#Sg?AO+TX=ur;fMUQY+vDinTN}`!V?QmE<CO9%))aD&zE~$
z&P9cn7G6<!RpGUTHx%A1kLYs#f5hDnd?i(V|NqG!Ft8U0;Q~>j+zmkjW|!=Gfq+3T
zOBR9#2oNAjaPP7=OBV0$#@)LbHQFE%gG7yxVw6;aq#89!#E8+RHPWcz+h8N68f)k`
z($vN_YD&{KZDaj?J~MOfymEFT_1o|7@jZ{dJI|Rp^PY2N=FXk_H?!~pybQ0w`O+4%
zY$03%m&0*50oTEe>QlV-q~KP#9qxjA;Q@FU9)l<08F(IEf>&XE<I%J;0vE$&>QlYG
zRH_R-SHrb%1Du4@a2wnS_rU$|5IhP`z|-&?yr@3iYx4@c4j0J2GIgSG46cBy;2O9d
zZh~9j4BP>CtBbsL_NmYCJP41#<M0$b3opRS@EV*i`_`<h5H3+iy*8A?aX10j!HsYV
zZdIS@Wwygza4$Rn55r^dBs>Gp!%OfgtRD(7?TNs}a2Z?)SHrb%1Du4@a2wnS_rU$|
z5IhP`z|-&?ya=zr>u`bGr_FYV!ZEl4u7YdedbkO0firLi+zt1^gYXDE4o|_e@B+LH
zufh3pZZLf>giGLZI1VS^I=B%|!L4vR+y(c-1Mo0B22a8>@I1T(ufqDFCDZo^Tnv}N
zm2fp&3pc<?I1RVKop2A_4-dhk@B};!&%ulE3cL;%$hp>RhbSC_E8r^iS>Ac9Mt!#D
zdbkO0firLi+zt1^gYXDE4o|_e@B+LHufh3pjyLTugiGLZI1VS^I=B%|!L4vR+y(c-
z1Mo0B22a8>@I1T(ufmQz7MZ?B;9|H8u7s=MTDSpD!fCh-?u2{bes~BTg(u)?cn)5K
zSKxKHK#paz9ingyu7IoH8n_;Af?MDW+yQsPeefVW0*}K}@GQIlFT-nazT9_B-wWXq
zxEzkd3Ahe!gi~-U+zxlaz3>1$43EK+@C-Z;FTty@zVU4O9)XMDGPn}1hHK#lI0>iW
zHn<b+f&1Yhcod$1r{Otx5nh4U;ewY3+aU_a;0m}3u7T^}Cb$L8z#VWm+y@WBBk(vp
z1<%3@@G`sx=f5K8dm&r`m&0*50oTEea0+gP+u<&_7ao9z;W2m;o`L7#C3qEf&I$S+
zfs5fXxDu|0YvBes38&#UxD)Py`{5yY6rO;m;W>B_UV+!)f|6i6MBx}*0aw8_a6Q}v
zx4;>=1MY_V;6Zo<9*3vkS$F|nhS%WyR|b7ARLglmO9@=AmivsBIGlj%;6^wFx5Djk
z7u*XEz{BtuJPFUh^Y9Y93Ola~`W1nT;WD^VE%zTS)o?A`04LRQoM}nJZEz>tqn3T6
zr5_%GN8t&0S}lFkG6yfhEATp8aIP#X<65F{46cBy;2OAIEjKMqa0{G)JK%1(4<3X^
z;Bj~go`o0SWq1wFj|FWmgiGLZI1VS^I=E3SH!Z1H;8wUD?t**a0eD!w)p5%hJPFUh
z^Y9Y93OkZ#G9z#?Tn1Od)o`u4)NxA#oP^VGoBBMjeka@m_rpW#GOzw9JONL`bMPX(
z0<Xgb(sq*{g=269Tm{#_^>7p10%zb3xEt<+2jLO*`QCOIho|6KcmZC9*Wi5F4<@q^
zE>XYQTUR+8hZAre+^D|5TQ&u^!tHPu+^a74mK}hH;W2m;o`L7#CG~|~<|^#SF=eJl
z;9|H8u7s=MTDSpD!fCh-?u2{bes~BTg(u)?cn)5KSJW4I+hH9pkYmbBkHRsy0<MB<
z;Ci?TZh<p!2iy(!!GrJ!Jg$C?*Ow`H7G8jt;Wc%Iw`{%~<Hm(>30w}x;RIX<H^M2n
z6>f*S;9ht@z0GUqFgylN!ZYwZyacbpj@(C0enh?9TURk$23Nw>a4p;bC*d^Q26w_e
za6dc*kE$>B+BpGF!*lQ=yaKPo1#-SInNfA6mmh;G;3~KVu7{i87B~ZUsCRhl>W2H^
zL3jinSMT(eoq}iK1$Y@=gY)IQXmSeS61W_Wt6%G_Hv!kdjc`gG_v*L8?Qoa+60c4#
zJOB@?FZJq-!ISU|JP$9ytFZo&fSk*`%m`czm%){AHCzifsH?opB%FrZ;7+&)?uUoe
zmwTC`@B}=qzQU_B2QR`a@H$)|=TWn46pq0a>eqSsRd5Yl4>!Rra0c#xyVccRejhvt
zkHF*b6g&$rz{~I&oG*_9Iahk?Erd(pa`o%II&nAw*Qwv&)oFxNaH~4u)oF*j;9htD
z9)`!%S9v*;@C-Z;FTty@{_v>DiNM8h8C(fh!?kb&oP^VG8{7%^!2R$LJPJ?1)9@U;
z2(Q5FaDhDT<?QmdXB3XX6>ydMYOj6`Tn{(FEpSF%<1O0(cf)<~AUvYp?JYYFPr<YB
zg8CY-{xZA<=gVWMsZ$7-z~yipPN=W-^6TJ6I0d)D?Qj>|tFHAj2jF3N44#B%;CXln
zUWN5bWoBIwxEL;jE8%LmR(+k<<_0(kr{OlZ6Yhcg;UV=Kz5G#l0-lEF;6-=^UWW_h
z8YJgUUVapg!4+^7Tm#p`P3k%?vjxt;9dI|?2M@v{@HjjL&#JHY*1G^N!)tK9Ttk`q
zg>VU6uD-#`jKc}I4sL`~a4Xyncfq~zfci#ny~FSrJPFUh^Y9Y93hN(8Hu({Cy|=Dn
zxD2j@tKnL>0ZzhcxDD=vd*FU}2p)we;AwacUW8ZFH+g+rhYRHT)J%`UF}MP*Qs3<5
z)WG#{6Wju4;10MO?t=&65qKP)f@k3cco|-U^X0nR^ra9kfy?2z`WCP63Ahe!gj4DU
zuYN1s4tK%5@BlmvkEw6<GAH2~cphGYS7H6Jb(0f;i{Uc360U}8)wg-=X@HY(8g5hH
z?$z&vd*FU}2p)we;AwbH-RR{n!YlAPTp-VZO#LVvgDc=FxCX9=o8T5W19!mPa34Gf
zkHF*b6g&$rz{~I&oG;JSa^CE1t3tR0E{EfALj4wR**drpPQk5kJKP2L!UOOyJO)p~
zGw?jT1h2x5Jf}46kHE!n8C(fh!?kb&oP^VG8{7%^!2R$LJPJ?1)9@U;2(Q5FaDhB;
zHrpWz$KVRM3a)|c;U>5R&cGdTH{1sg!XxlFJO$6f3-B_$2ItFjdeiqpxCAbT<8T75
zgB#%#+zPkDU2rcv01v}s@FY9~&%;abDy%;cX!;(3i{Uc360U}8;RZMfr{OlZ6Yhcg
z;URbwo`9#}Id~CXf!E;zdHus|hbSC_E8r@)2Cj#j;1)Oocfj3nA3O+;z~k@~JPR+t
z%kUbUFR$yEz8AtJ>N~u1dpR736Y3`a{0}$6DYzAGhr85wdO5xD06Ywj!ISE@ddtqh
z^Y9Y93On+8m032T-s9yI!)0)#I_cG^hHK#lI0>iKd%b1b;7+&)?uUoqQT1J3&ICLS
z&%ul8eO~<)cpWZC1a+ct46ab89Jf@#HE=!L1h>E$xC8En``|%%1RjT{;8}P9UWV7;
ze0d$w^s5jqfy>p+j$7hz0<MD_;S}5ox5Hg<FFXJb!(;FyJOj_eOX~ez`&VISS1>&S
z7sF+6C0q^H!VPc|PQz_*C)@+~!$a^WJONL`bLzXj{w~5R@H$)|uVtG0Q8)%yz*TUK
zy2V>pJ=_Ghz!|s$?uPr|L3jinho|6KcmZC9*Wi44E!MQZ5H5ks;W(Ut>)=K>1-HWO
zaF_akw+(yY0eBc5gD2q`cphGYS7H4T?wotP^+w=gxD2j@tKnL>0Zzhc_1nC4wZWZm
z58MwA!K3g5JPpsO)84uk;T3otE|AyAP5mewgDc=FxCX9=o8T5W19!mPa34GfkHF*b
z6g&$rz{~I&oG-86o4yyqC2%<$hZAre+z6-OR=6GRf_vcsco-goC*c`*UVYFz2A1Ge
zSbzA?)QP~wa2Z?)SE~<s`L%EZoP^VG8{7%^!2R$LJPJ?1)9@U;2(Q5F>cd|93*@~E
z<0u@1E8r@)2Cj#j;1)Oocfj3nA3O+;z~kyxul-Z-EW7|OtKaU`UxV}C7)&pOOW<-i
z4kzF`xDiglt#CWs1^2=O@Gv|EPr@_sJiG+2!j8P>W41{|eZ<>7#c&y130K3la08r#
z({LNysXpqhw+HTrhu~3o0-lEF;6-=^UWW_heJaz2C>(<;;3~KVu7{i87B~ZUz};{k
zJP41#<M0$b3oocM-nLza*Wi44uPo=7SEmpzfy?1IoPg`#MmPnx!tHPu+zSuD!|)h9
z3D3au@DjWV>mO$_eUHG!a2Z?)SHrb%1Du4@a2wnS_rU$|5IhP`z|-&?ya=zr>u`a*
z$7r@g6pq0aa1~qw*TYS43!H&F;BL4N9)w5Wad--zg%{vucn!{%_dHGC3*i#D9FD^Y
zxDIZFQ*bNX4tK%5@BlmvkHM4h3_K4n!K<+Tfj!gr2wV)8!If||TnjhANjMF+!JTjq
z+z$`IqwoYg4bQ=g@Cv*R7sz|LW;;aT7+e8Y!8LF_+yuA48Mp)PhWp?_cmy7Yr{Gz5
z0bYjJ;Cy*6*Yv#*E`iJ8IGlj%;6^wFx5Djk7u*XEz{BtuJPFUh^Y9Y93hR%No4!Zj
zVz>;hgsb6NxB*VWX}AsUgnQtAcnBVaC*Wy#4qk*;;B~m*)?hnC;TT*2SHU%KJ=_Gh
zz!|s$?uPr|L3jinho|6KcmZC9*Wmoyg1#5RC2%<$hZAre+z6-OR=6GRf_vcsco-go
zC*c`*9$tc1VdwUs?-95dE`uxKYPc3|fRk_<Zi74F9=IPKf=A&Acp9FA7vU9n9WH1L
zwnG$-!4+^7Tm#p`O>hgGfji)CxDOtLN8oXI3Z8`*;AMCX&VO^z_d>V?E{EfALj4Z!
zxkH`$ot_)v6x^zA^Xjz2U2w1ZU0$65co-g2zuT)b3D3au@DjWVJ8ubcBI@^enZ<A!
zTnSghwQvKRRJVJXX}AsUgnQtA^?SW#hu~3o0-lEF)bI0_U4&QQb+|y@=QQ=Ba15?c
z|ACiT1=qm!a1-1DXW$OF8}5S#;SqQoo`PrL1$Y@=gY)J6Thp&XxCAbT<8T75gB#%#
z+zPkDU2rcv01vA>yzM^*Pr@_sJiG+2!urS0O=bixhRfhexEiii-|Mxl0ZzhcxDD=v
zd*FU}2p)we;AwacUW8ZRb-3WILHna{46cBy;2O9dZh~9j4BP>CtKaW!!#;Qr9)ZW<
zDR>rMfS2JlIDb#D-a_?#UK>i_aySkr;5v1uw`?Pvf?MHsxC`!u2jF4#2fX|-coLpb
z-|y9#hnL`0^#{E=PBL%=E{4nCO1K)Xg&W``oQB)rPPj+i<+!CE9)d^V33wWwgBRfy
zcpWa-8>}}9$KVRM3a)|c)ekssX@Xne4BP>C!+r1|JOYoyQ}8Uj058L9aQ<CEn+w$+
z^4eblm&0*50oTEea0+gP+u<&_7ao9z;W2m;o`L7#C3qEf_67Zoz{PNx`ay4-RKnG8
zE!+Sn;WXR^cfvhzKRg7F!V~Z`Jg4sV+Pny_!0T{9DyScYV{ipr1=qm!a1-1DXW$OF
z8}5S#;SqQoo`PrL1$Y@=gY%n%z8AtJa5)@@6L1~e2&dE^_Vz_9+zxlaz3>1$43EK+
z@C-Z;FTty@vp;BC1TKcl;7Yg}u7w-mB%FrZ;7+&)?uUoqQFsELhUef#cm-aE3+@iK
zLllm|6>t??1J}b%a0{G)JK%1(4<3X^;Bj~go`o0SWq1wFZwdNd2$#U+a2!s+b#Nn`
zf?MHsxC`!u2jF3N44#B%;CXlnUWJ_lLEj^AF<b^$!qsps+yE!xG~5Pv!aZ<5JOq!z
z6Yw-V2QR`a@H$*@Pp}=La15@1tKb^A9&UnL;0)XWcf)<~AUpz(!&C4qyrBMwckW$Q
zf7J6Dod339dZD_<t5X7(!*MtP*TIc&3T}nl;V!rr9)O48F?dq_F|W-t@I1T(ufk3`
zST+I|!)0)#`XO&!)o?A`04L!z+y-~TJ#arfq<+|2?<hP0Ps4NYBD?~x!vzO}{3sk#
z_j>ECfUDpdxE^kTTi^`b0e8cF@E|+_kHb^&EW7|O!)tK<p`ee2a0y%v$KeEA2RFhg
zxD{@PyWn1U03L?N;7ND}o`;v<RoFQk^gRL>!)0(KTn*R44R8`p!)<UU+ynQ+L+~g(
z0Z+qo@FKhdufqkc!FGtkF}MP*f@|P<xCw57GjIpo4fnx=@CZB(Pr<YB0=x{b!TE0w
z`d$c^z~yipPQZ0=Bb<U;;dZzS?u7^7VR#IlglFJ+cnMyGog+ctBXBWX23Nw>a4p;b
zC*d^Q26w_ea6dex{zL!#4^P0;@Ep7dufXeY!O<W;3di6IxC*X;>)|H21<t@7a5vls
z55gnxI6MW<!VB;+yawlIg1#5RC2%<$hZAre+z6-OR=6GRf_vcsco-goC*c|OBi?Z`
z4==&1uyZV^AAyVEGPn}1hHK#lI0>iWHn<b+QGeWPe?L3~kHQo1G&~0{!YlAPTp;gZ
zn)OEE7+e8Y!8LF_+yuA48Mp)PhWp?_cmy7Yr{Gz50bYjJ;Cy+{*7Us)E`iI{ecpbF
z!wI+!ZiG{CE8Gru!M*SRJPeP)lkf~Y4==&1u>K)l)2|3z441)`a5Y>DH^50a4Y#R3
z;cd@OxCicshu~3o0-lEF;6-=^UWW_b6|^U+{-oEo7+e8Y!8LF_+yuA48Mp)PhWp?_
zcmy7Yr{Gz50bYjJ;QV(7{Vjw`;Bq()C*V4`5l+Faa68<ke$?CMz3>1$43EK+@C-b!
z?)Ng6;8oapPf#ZU7sF+6C0q^H!VPc|PQz_*C)@+~!$a^WJONL`bMPX(0<Xgb?ZI}4
z!ZEl4u7YdedbkO0firLi+zt1^gYXDE4o|_e@B+LHufh564f<XPm%!z498SP>a3h?8
zTj6%N3+{yn;9+<So`h%Md3Xt4g`M{WeUHG!a2Z?)SHrb%1Du4@a2wnS_rU$|5IhP`
zz|-&?ya=zr>u|vz1lu7B$KVRM3a)|c;U>5R&cGdTH{1sg!XxlFJO$6f3-B_$2IqGK
zeJ_Md;Bq()C*V4`5l+Faa68-u_re44FgylN!ZYwZyrljk$1SU{b8j#`0vE$&a3x#~
z*TM~O5>Bf><+Y&=?u2{bes~BTg(u)?cn)5KSKxKH;Qc|{qHqkZfUDpdxE^kTTi^`b
z0e8cF@E|+_kHb^&EW7|O!)tK<eL>#~;S#tUj>8GKPW@?b|2D!YxD{@PyWn1U03L?N
z;7ND}o`;v<RoLka+8lw4;WD@qu7+#j1~>_);WoHaJ>YG(9=IPKf=A&Acp9FA7vU9n
z9WMAl(1s`+gDc=FxCX9=o8T5W19!mPa34GfkHF*b6g&$rz{~I&oPU4N_d>V?E{EfA
z0<MD_;S}5ox5Hg<FFXJb!(;FyJOj_eOYkb}d@$&H1TKcl;7Yg}u7w-mB%FrZ;7+&)
z?uUoqQFsELhUef#cm-aE3%Y{s5QSrK1zZK!!1Ztw+yZCd4!9fcg9qUecpRRBXW<2S
z8D4|)ACSI3=AC~E;S#tUj>8GK4sL`~a4Xyncfq~z06Ywj!ISU|JP$9ytLo2q{dGPR
zI06^LWpE{24cEdAa1u_#ZEz>t1NXy2@F+Y1PpcpI`ZWhH!YlAPT<~D9Y!r^c6>t??
z1J}b%a0{G)JK%1(4<3X^;Bj~go`o0SWq1wF?+*H22$#U+a2!s+b#Nn`f?MHsxC`!u
z2jF3N44#B%;CXlnUWJ_x2Yrvg#c&y130K3la08r#({LNy3HQML@DMx-Pr%dg9J~mx
z!0T|qM}qATRS$aiqZnKPSHU%KJ=_Ghz!|s$?uPr|L3jinho|6KcmZC9*Wmn*2K_CB
zOW<-i4kzF`xDiglt#CWs1^2=O@Gv|EPr@_sJiG+2!cI@n_Xu1Jm%){AHCzifz)3g_
zx51ro58MwA!K3Ow_Kwd9^=Ca#!*lQ=yaKPo1s@A?qHqkZfUDpdxE^kTTi^`b0e8cF
z@E|+_kE=iD^?eGSg%{vucn!{fD99;<OW<-i4kzF`xDiglt#CWs1^2=O@Gv|EPr@_s
zJiG+2!p_4%-y?7_Tn1Od)o?A`04L!z+y-~TJ#arf1dqZK@H9LJFTyMEI$Y2jY=<Zu
zgDc=FxCX9=o8T5W19!mPa34GfkHF*b6g&$rz{~I&od1VG-wV}4-hHY>{dv#ja2!s+
zb#Nn`f?MHsxC`!u2jF3N44#B%)L-!0JP$9ytFZG(P(K0}!)0(KTn*R44R8`ptH0>A
ztqtykd*FWcuvdQw9)&01X?PA^gje8oxZvZ#x}tClu7IoH8n_;Af?MDW+yQsPeefVW
z0*}K}@GQIlFT-naeqYe{LbwDjhvRSpu7exl6x<58!(DJMJOB@?zvLYcWAG$A1JA=t
z@G9(lBFK!u#c&y130K3la08r#({LNy3HPYK?Der<{e*w~t4BPKs=wlSLj9!YY4uk<
z&#6Z}FRH)hc}4w{=XLehJr{gZJm&eo`+rO-=E&_te}T9R^L^{U_#EE}ohYUK<Xk5r
z!~1f*<+YxUzfNw<tCI0zxtU_}E|m%Dgg>K8@@mDJmnTD$w^z)(dKr((%@mW@Boml7
zBY9;qP4iCh=V|-o?ZORtDH#uI-@E)}5;D}XiuS!s#&unq_Zhjdee#yHQy@1}w4N4y
z+e)2~o0jS=x$b(keJ9Dd$@`X=d7Uy|tP}iV^1dnK%xjRmdCAheE&e=h-=f@@*DoV6
znP!T~``<Ewd6lQ;I!T$Pd8hdEG%rV%XWqDsg!OmbUnU_#Ej^N_+gbBYlcBCl^Il=)
zP0F}wlg!TgOn-VpCrTNTJY8P%PM4v{yTr<y+9a>i${R)A8OUp}@}^}xtiLx}c@yaG
znaDeA<;`xAcaN1fhrF|q_kfi*FXOshOflQC)5=?syfUez+wbKvG}~{`%3G50K@;ZJ
z)6q{`dC}8y9qo(enRA7<L-(ir%bs7lWxi>X<`{p=%3CT7_U|kGdYbolR$h<fg`E!;
zth`mptCr=pedi)CU&h(K!A;utTPv^f^q_rPkymQv4as=e{&=Ooo`fu`rCRdJWT@>s
zPlmc(bh*o|yipm?$aGW8_KRD2Ny%%HHf!GbQrYCyTY2SjvMn@Wemxz1la)7Kl&gPc
z(9OHRucz(1+sdnwJkutbo%LN--m>KB^4h)&{dzjyW#v^%o=!K#Wb1P3gg;|V^2)?I
z{WUVwdAi&et-M;v3%mb**2*h6BRF4eL*93+yn4wCJN_oDytw3<<L_eR{nW}!NuJg-
z#q{?_R$i;*^++Y{?+zK7{{Fj_H?Ya}Teb3>Xt4cWi@eiidEP&UH)&r)rfVA#a??^K
zd80Da_FW=F(>^`kn71V3dW~R;>F;?~-kjtONhQs@Ook@!jaFVvW`u3O-Bw=5nL+z5
zN8Vm5uSxR4j=v@=FMd|A{q!2hwC}xEUW?2K>u;Nt*C=_WzgHsf(^lTVChhyAmFJut
zwC@eb`?{4kyh+}ZR$dwMu0r0kR^FK8$-itdp0e_4B~Q1r?%%6rsP%OGS61G*%m};x
z{=&*@kUVp}u^V|?WO*Kclbht7DAVO%_IOSs?^@)QS$WekUMBNR(F`r;3e*W5k<ux7
zX&GvNualw9)Be6*!1k@kc)3hBMeAv~T%b<qh?Et{Ym=eoy-9{TPxF!j<`v7ua9pOF
zqV=@gAy6lDL`q9>uG23=&AVQPI#2W7Enr@q<b^$c9JBKBUmiSu+=#qhE3ZlNbX}$x
zf7Hs0OP;nz+jo-;wVsYYDPa4OlBd&6F?nCI@)D9)CY3br78z<iUG6Ug%u8>Q_gyP5
zg}hsl_j4<+ZIkWyGb^tP+wXSd<;e1EUzd#Qac_#mxMkhS8<RZqc=Tqeq4l)CdVDZ%
zK*qz4zcXaIE|ZX(mQ~3!$KM??Zt^a+@}^`w?D6s<D=+<upnZ2DZ?}~<ze!%g${Rx7
z9^~C=<*mqgSbrO>yhX_~{oRYacUgJG^29o<zZom9>71ay`;hk$E3aacya%kjKIAnc
z?{O<Hu}R*ith`y|-Hp6&Sa}Vb<c(T+g(X3M4<PRcR$hzbg&oh+R$iUt)k==uf8U0@
zUt4({o8<k2mDh{BgUBn8<$3?;lkqZ{Z;BrGTJmH%?;rD$mzL?;zQZy!_mA_fym1*1
zJD<j^yjpnzq4!tKdpq)Uf3khkGF~I|O)>3zot4)hd7V;8^Nz~UwC~MUUZK4B5!OE4
z@48GvZd&FfuTqAZcT9#R?>$ytO!8tf-xRH<<sDXD!K;GTBi<?VP2L|_c?ro&YJgu%
zp6(}g!k^wEdFx_rpLwlEx93-_yaCAzyZ?UK%1fOa9MA8O9MeAC{@fp<lBer2#kB8x
zR^EW*l}ROS-+N_f@?Nm=CL}NH{_(t(Hz|4M{_zLM`*$mEZj<({T6vLJ(7t<-ceX6g
z{w~V+xXd@j^tVW+s}uf=O38~$U$wvY$u!g7%dNbD0&kwbm|IUBxAIc*MBLmzK7hPi
zth_<V3p<`~u<}|Z&m7MmMBZU5Z*-Hqd#t<x<UN4AE-P<xlf3(^ycy&@h&(-hxj$wl
zFYNex)XH<t3-<4ak@syYZ()=6jazwTl4rKxN0Ik4D{n>e8f3mH=6IR6@){)1+<!kN
zmCf;@PY&4Mnv=r&`=3@`eOb`ohmm)dl~*r$anm@zo{pX_^>{pIB(Gnl>+$@Dem&jp
zue0(xC9h1Tn_~KVsg+lFesKQ#xKuX%z0JxSlDrZV=GW8Fo2<N6$<ytu?fZmZPurKV
z@+KuO?EG@r%A1tDT0iem<bBl2o0q(><L^UOUgXum{`e#0jaYe0l4rJ=RLlB{R$is#
z>3X%lpGMyIt-NK)3p?LGW93y#UbUb181jB;<vAyZ=Pg-zZOD5Zc_&GGcsxfXFKmD0
z``aNQ%W4^wyjmG*fB#s9=6E^Z%BzsPL0!NvW?ROrymiUb*ZMW@b5hsj?Y8n}Bu~1Q
zEhaBv<&BjG&(A-PyggRloaBX_pWkBT%}Aa(zkCsS@3-=nBrle2U2wd-*UED)47T5w
zkoTySSFk0#zmHgXwUVd%O}F0@$oqzsS15U5$KR-xmy|qn{Cx#^Kd|!3BroiEnYQx!
z(ciBk@7GpdwdB>vd{fN+{Rb;=QSzpxlJ@s&GBn4_$+G=<Ja<T5*!kcDsi(^%<fdih
zqTqb+bs0B#+pWBA$t#d`nqt~_p_Ml)dHUQ;+xHFRHCcJRr-bj{+pWCi%3%Ng3G&`$
z<@HORX_L0mIAi7I?+DIUe~P?Eth|9u+V?RluTb*L@%Js{ebdStlDx3}@ii;2T=L2!
zN4MX%k@weD-smR%{VOZ44*mUe<een@lgG>0CVBZ%Pq$@4Zdw|V_Z=D6dD^eIl{YSV
zVds~Nt-O@vne)r{koRUQZ(8yiWxgq9|29~8y^>cT9n<aij8r!5J7(pTof^JBTCKeP
zox%S23*<d)<yA_a_QMp@zK>XW6Oz{>m9%}&%Fwj$DJw52d12QZU$OG)UmIL+{3Y_9
zv+~+E>F={v-k{`_`R)4w@>Z?9F3HpLq$#GqzqazGB+vBshf>+}_hdO}c>GODUbzYL
z>*?qTQcssj=!ld?c`}ofp>DswlA+1F(8^nuyegS*ifLb&l{Y4NLsCieek?<iS7YUs
zo#r_8Cd{v=qi?YCl9%K<D>7a4e&W}YD$W5bFC%$j{Y_bU^_K?y{VDS9wetEmX<xgQ
zHzIj+e*2zB-hh?2EP1`UgZyH)-=kJu*JZg*MrLY%|F_gN+wWUeUdQR-=YwxrdF!tW
z&Idn3-cPN(9?8@5t|_K{KeF;Fs)Or|zm>|SegA3Y4Q<lCf3@;5l2<7?+TXuJ-sy6F
z;_*Btd12QZ5viwbNXSjgpyZkBjlY+1)4uIi-t;E@z0k^AK!1OMym~8dQSwSc_V1gl
zyz(n$`{jB4{YT^-vGSZV<h>V}Z;JLq%RwuzHIeId$a;1A{Zi(e{_6Drw_m5^g`Mv|
zYUQn56`b#Xjl8c~dGnH&(FXa&wC~GS-rBBQr`~VhKS^EFz8_e5^|Eur^7L^^mr3~R
zsjbO%D*U{EM&7cOHz|2x=c~WB@-n-F=fD4gyi?_T$L+T+d3AmpbYS{>lGJ1S3a<&S
zC;tt37g>3=XNEr>op0sMOJ0NI=>Gk8<h{|#OG)0m%s0ifZ?~0Kd2O!y*#*t}PpPc+
z<SywPvhosV1%1>^lXt+%8@n#J{`-wzPxC%z<<&^upa%KH<aJwllajaW@891_UDLj=
zS$Rv6*JQ%{dOA8{<&DS(M52D4ekRQ1{m{y*Ia`h~-Qj*Q?fbr!H(8hKO!)WTJmmeG
zmDedJ(?Sy_LzDNSmDedBbTQ|@6OdOZj~Ch;x%78SujGXt&s(IPW+%LA&Zy+|i*^6L
z40$`PylKgESKu#a+PBThtG_AN>6I+aI|+F=*m*B^oR~J)%Dc|WTf9a3>u<j;$UAK1
zEx#iCdgvZ2FM4}$y>SZix~;tOa~x;cG){)5zaO;n#wE}6_cY{v&dQ6Hgr848W98Mq
zCD;9Iqi(;`k@syYFD-dt`*+;Ri{BCS_YCCyjg>bjd8UurZQ~Q<pp?b3$JLP3>(dH;
zG4=G|RVV!E^Riy^y2@Et?|D{U;+2m3{*k{}cD=8%^7`%!9%uA(qq;6VZ(L&K4ND%2
zwq48X{CaXIxn;9@S4lm6o#&<MT@$iiUCtD<UGA{zjY|8%>a|(*#-*NIB4mrnJ1X_K
zod@0;oKMficImP5W+YGUBH3c{9<=g?B~S0_di-rg-jJ2IEO{4X(}LsWaVu{UdFLVT
zPp!P@tHQ6>#;m+~<eiVaA6R+ilJ`_d`=+hDRmq$4`+EWMes1M0NM0f&?`Kxt^q%1P
z+l9!>k)0`{+51uKT*uiJlDBT<tw>&_)YJX(8sxpw%1cRJbx2;Z)Z_6IO9pw{kaxM2
zHz0Yjki58+S1)<yc)1vPw^(@-lGhoMcY~GJB6(@4r~Tc5yrWiLjWq7kki0`y-YnYp
zTI4<G=gDf^(jE(cK6t;Cw=8*WvV^uzKa;K7R?kBNe%?;8mcf{OhCc4n{ZH#jb!XJC
zXC9|(Z*`oH1l8O;9eu)DZ)$JwzEBm``(rC_PV(LplJ}gIm%J-@+`j^O|K#VH?b2{t
z`2BL(%3GH_J^pmNR3q<{qK(IWi{yPUq<sZakH=}%zTkQM>yfwJ%3G1Vu=CJ`R$h53
zxGqj0uhz=bzpbjDK{LhhYAdf@^4jFJVeRiO<lW=vWw+lQj<aCGWN7l5t-RHPxz2zr
zq<J;S`-s&({riTung=K3Jz(Yaw#wta-@a>*H)OT1dyjlJ`GlZ>rhSiFdDZXEb^7Go
zr0uIk-lWyOXtU!S3F5N-{g#zC`=Q`?ek1b!+RD?vJyaT!_g7Zl%!9#stqyrFT6y|+
zio)`KY2`Wcfqrw|y#aZr%JWzm&7Q~gZyN0kY2QgwPq$^lpI0e)NwID}eSWL+^t|zE
zD=&Y4c-~ekuLpTIBkxKpuS)WE$$CsN`?t!<TammTsif^|K;ErZUc2P!cO*<PdG%Ia
z$A{&4x6IVM+mLs}%G1B&6LuayXypxmEO;HM5qUjUUW4R))ih3qrhN}ud8?AQF7vg0
zZ$aL$l~-`Uab6pe_c<$X<)PqsX+qxjtUUd@Jg*DMd)ms2Jsg~`-io}RT6y}ndgQK@
zEvCOevhp&LH!9~1?Qar!zqa!7<-zyPY+A7W{=v#C|9J5DaToIP<aG}j&E7v!l6P@P
z-hWwnlagodZz<$$weor;?@b|jB~nlOp77_bN?xZ}`@0``S6O)rlJ^dO86BAIS8e6B
z^#%9e7UVTrd5s6<yCb>*{9^KMvGV35&%DlMz7rLZW!`4xO&s!Gcd_&KTY2T548Et7
zM*Hr!^2QH`?~i+}y!A(e<L?mi9<}n8B~M?6Fvaxu5i760KX{#{6?sosd8@6C^Y<o9
zh9>U|R$ld|avl9nm+s#q$osyPr+;TcpGTWw@}9Bs7Cs%cFN3@ntUUc24Pp0>=dHZy
z$Aa_eJCOIER-XP%hOqwrtCiREnV`RI$a{snj;Gx-*OOHl$JuT=D?`)YGo_w7Vdf16
z`}f_*yV%NWk-Y28GBPxI7g>1?lGiEob$_%YZ<m#)e;YxbI%bQ>yVA;=le{uN?|sNi
zT6uGlcWpK;Xx|-H-n!(O^GgTv-fiW@jycX%A$iBFyox^#^4^cU9xE>;c_krv4_bLm
zl4qVrbt3OEE3ZTH<f&-3nC;hZ<z<j}Kl1+6${Ub8-Oi?%yfG`U8~yD<-mH~3DS7hJ
zS+<zGUs?4Qq~0^xTETw%h1An!68^k#S?{7)kE;i<-V@H+c-#-mNqoRxMh9lSj?`n`
zz-NQ+4}KVVWmca4y@XGN<eh8ft$!|fKjovyyVS~Cmb}7{yz8xc>r(H^kb1S&dfPuA
zJP&;c>rGjC`gah*&Ify}yj96F$Dh9MsM|~*kN&{Q)4!8&b4dH%ZRJJ25Zr$sLEeCs
zHz9fdAoEQz`|VLHuTt{#ysXDTAM&2E^7ME3?>1pFG<jdK@&@G#lnpXp^FE2Z?^}6M
zc{2UBki2KCyfw+2^Yi+V_j4<+L-HC!@_uIJ%?t;RAD=?re^`0?Tlyal$@>>8FZrcl
z`wbxP)U!9<k6POu=aG=SlcXN+N3&lJzGwIu<ZZR`3f>$3`bLSB*Y!m3I<-Eoo8#|N
zE3Z%T{v)J)JFL9Qk>Gy$S>)Yl<@LVL`y8u@G{?&ut-O)11pOUC-d-zDe~0}OCQODV
zugS_wJsISE0eMHQJpJwTkB8(Pvhs?*8f?E|<lS%OB|98vI3(|0D{n&brlp?VKfa8-
zN3Fcby^iyENZun>UiYZH59a5MAnz$FZ$$DQ3(5P6l~?z*;Ps&=kvDDSHM~FkdgFUm
zUiDMK`Dzq-FIssS$$K%ReZREwl9Ff6S5F}?QoQm0)^eZsy*v|Xj+d87J$1sLG5hu4
z`NtUY%B;L`$-79N=b2*i&b9L5W5M?lzKOgmtUUc~;_FP93{Bo8R$j|DgU6$B<h|L-
zi+|A3pS8>ulh<J7ElA#q)Y9Yc&yd$<<xNW7KgxVlOx{r|Z{|;O9eGL2&6_~pgI3<i
z1K#&$?7aJ}yu_ac$Me(3d(6tK_>kk=V8Uc*+ShO8Io}GNPfsFm)XHm@ydQ+*Jz?eb
zOP)FYzKgsmE3f{+@aNNiZsiqzJJ`Qd$opF>uV3<Rep%2!)8D_b^138XFEDif{x9U^
z%KO4HnteXA@=*Be&%d$ro(-;Frjhq@D=+_H$JrY+FS|dYQcv5O@aGLkUZ+^w_kHB;
zwDMXcZ=b)64orWyS$SpO54PV7@@lO-{hd5{NikbY-qluKzvP+rJ%_wIt-N?|`16@Y
zD=+q!!Ru?Y$a{~K*Cu&#7s(dWzIRx8Es|&2_ao%>S$X>Vc9+R~Q%v5&R^GDYrDR{|
z{+L7FsFkO``xf?k(-T%+{d2+j^skZkJu6Rt7cMuXeNS6?Ba&xckC;c^FRZ-Qk2}sk
zna;}4^moz9YnTo4{swtD@+Ph}$2{Lp^*PRLNZz`YxAs@L?)wV5{T7f{V&zqRBK-BH
zv!$N4HQ}$T`p3CWi{xnD3&@LGdGSw%AAc8Hd4qGo@v?}#o2|Sy$y*HR@AXz*`A>rW
z{v3G+t-Pj39q0Wac`a66`mclY{SxvXu<{lpFYNhIr<GUn)8Kkdpa1B#)#qEEvGU^m
z;jcISk(D<qc@wg{?vG{U{fU*=D|t7cAQk;$j=!g@yxw^^AIL$bdA~y5oRzoqSorhR
zA6j|yF9h!ot|0H%R$lpM<ni1zPKKs^|6t`6|84L&trwAZ+BqBVAJNAhr%2|TV)9Ow
zdg_Efqhc{Qo>!4~zLi%#82&m#%*yNiyP&`SioArCHzj!uA?<sel{X`K=J9+DdAC}5
zC7%s{f3@DqtNHuj`szQB*J|YrN?wl~1E!em_ckjpz9gSRk?T%9Ue=M<W#z>`AO3#r
zeO6xLAA{}pU&#BsmDePBmxo;M4qAEbl2_|rZ#dFM?T6mqX8k<V#lB&gh!5zP{{E$v
zH~DX}gj|DYe{+$SBQN$zbF=5?zESUYs$`N|Oy0VkcUoTd^~rqXonz%qNFMIK+55*?
zQctrJ-fEmx$<zL6`%Xk&rIj}&d8SResPPR}y=kc@Zxv^Ysdt^VUZ*fG`}vKNu-?N~
zUd7kKubb|%^3symCTrDxY(ZYPmDeMA=Vx0N^y7n8-lF80*MUz#-k6m)wn^Sst-PrG
zkd(<g4S5Sz-h$+{hqUjfR$h(d_4xfg9eKI(qB)PNrl%a|pLK#?%>MX|l{YJSW&Zv0
z4CI|-<<*bL<G2Zvp~*W->Zud{ytQav_Ia87)Ra3<kF!gyy!ba9N3X+8F?l<zyrnbq
zvY#(L8+o@`dCs56Z=RVj8JfJCti0CZpndYwE!p-Rw(^E0@1l^rd#t?V%k#3Yi=KnL
zZYyt2^4=Aa_dzSKP4dkCm7kKxw(ql6Uc<PYS3>f>Wz}nxdSUO+eA8NQ!7GA(#IW8u
zD{n~h^mEUqnC<*SD=#K_=JBW$dH-nT4gab9?q5jW&#k=PbMl;Ssi*hzGUUBX-t5rD
z<x<2gGk+$(3lfr-EA@Ds#$K71{apB~k$0|@S2H2sI||8rg_RdMH_wrWIJbTBmE7!p
zyUNNddD{D&p5I)zp1Rt~TiqILzl)G}o0V7l=kmF1nQw~OA2(TfE%L*1=5yv1$U9=?
z)qlrvz7+EKcF@WzzaY=4J<aRycI17;&&xLH`{CaMdcewSy;Sm~6S{vZkvD9$uUPWJ
zuAe_=<&8;R($Cw8yzf|fX~}!SY&;p7?KffN6<?N@{oH>Xc`sObC4U+Ie!%lqUWNQ%
zWWV1&`N~)Jc=;DAuS@dYAJV=RD{o5jCj7iA<ehfz#`{NPCj5P?lcgT-A6;_MwCLwu
zfxPWj-mv6-HspA@(8^0+A@|=?y!|U*fy(yxdMmHtC$j%TuGea<ytQld9Q|!7Jzidq
zytI|qIWNzTLhiqJTY2@@=Q-_?qj?GBby<0f&pXa{WWFipc)8EYo4zqG`}w9_$a~z%
z8(wgnzYJ;Lr>wlSTk^7>&#6J)pICYAFF4MUX`BpA`<}A$hHuZy{%);&B`CW;{@Th*
z{jK~)p3FDJ<o%VE*YRe#zsY{n?N^Juf41@_{x1CWwO?6z3-Uvga!Kjty%BkZv5m)b
z+0W&D;*i%9w@5v0YeH^Xdhe9;^A<0!4tYCb8}n9v={URHCA|Mke=DRO^V$yt*ReMs
z?<Om+>R0mmsR@xt!#XQ(N%A7{Ag0@|9(hNsyiR#@;TD;1ipe`D_1M1E!+B1Fzdvq9
z-iM{09&YCGa&A@LzX`ejc3F9~NAsL%xscQLH6ZWHR$kX{<am~RQ%w6lAKTczXh)t?
zB@NNM+mJUY_1M0~|8ksPn=l!gyl+`~b@%4EuUlzeBl7;%%B%gYyq+xQ4O2|s-$*@f
zzl!^$zbAR^dkgZ`r5@WCl@B+4E#!RlZ&uz~cb-!s+gaP!guGX5_3~trTc!(gLcfQ0
zrqpBmqJJ1X9?4e}+<AJPeTAQA_HVg-$x7dEHpTS!5-YF#k-Y5hP$iMqVC7Aooa5YS
zLL}7iMk}wWFVAW9`+FDi(te)lZ<%~4s>C!7d3RfR(*trm%Y5B_DdgR6wJ#xgH{}F@
zrhWHXd9lax9C-`f&D)Q>KeF<A3v(R(-iIkBug}VxemppzwjgiZ${Uvto9TWs#pHe6
z${YCO;ClQX<SkfvQ<AqFa{T?&${UlsB{}YO`=ychpH|+e{NVg|a!l)j{rj(0-oO{-
z`o%xL975j7r5lgu_OrwLyVa`KCH3U)mMvzxR9W?Ur5;XK!SQF+>z8`bY+BHd{Z_pZ
zsVA2u*<#lFeyiSu)a%UF3i947^>mqpKd<_UyzK8=9Lx3Q>Hhw>l~+@o<GwE7FP81c
zpj9ukNxiRF^#-LL9tN{{Q&zoUsb~7A>o)$eRc~aIdO!E;Rr(Ddm3pr;osgj(I(qxH
z)MI;oE%mCbdODhOo>$+@y5QwGj{a7(DdtdImppFgnh`nv{Kw1p<p$gNR4ebJuax89
zlO`=#*GW>3c?(a;`BduZ{i6eUr^}*pm}kr5U(a#QmSs&b?bD$wmM!D*rqM{Le5Xk!
zUN19sU4?SfW1M;E-{d%_;Q%yw?>wB|f8g-;!xzWAvg4BYWv`82a`}!OvDl8vO8$T8
zrSVwo^2;u*@@ghe{)63h*W~1wB<=HC-F;#j*CWrZwGnZ5Lb?2|xF;ReW3|kke*AxR
zzhhoX=IQHjU2@asH6wDHl-sP_exI@`mE|EYn<IyfoAXi`r>w~9_}^a1-K$@so{;Zq
z<reHH`gWmCc6J>&d~@@@<^%6&cAVR9th?rxTk2wW9XNa>6+3h|6Fb_Rkva`62ad*e
zU3X(F^RCwBnE2SCw;ekC&O@<_MMsadwjMr`X_ii6`F9>M%bzUQj0f*(PR0Dy#F~#B
zIef%9>Gs3N(y7>8>BIZprtLrJ>cfW)HSfzDID9B}q}f~VNw>(%=1lCsp^PkatW{US
zdVBBkR(#U6&4-$g>`nX8{`!u1-HPoCg7>8lAC(NRJ-0L;N|_~O{a$-^W!vMgdw2bH
z^}D5gvi(ll@yynroc@cPXLBom7)vb1wz~J23HeS;#h0d^%Z|0bc;cz@J(S$)oqxU_
ziCz{j@izK!(e<ZZd5To^Mt@!uZGZ8*c@7r4MqcH7p<u_<*16M{a?Jj5*IQcp<=dWP
z)%#C!ZqBW~`8(^8vu?js9))$U{-`vk{l#nC`wv3Rp7z@xdphRTzB1wsb$uJw^~~0m
z6K*bT-gcs&`kaqvbF-<DCokwfB|Fys!u@ADr2{P&^q(3`d+vU@L+`Ict*1|nNUgVT
zSn|meU$&uF+W6^*f|MtN*8QIC-=A&&`@`FRTCkQEPSg{b+XJ-sx%;<B2T<+lYxJDG
ze;Re3yg!%i4_fOu-B0hl>)c(r$0BD`#$!8o9n(9TPK)WZ^MYxY?>c4W@|#at=`Jl7
zMRMJGrR6fk^Uk}P-TUdzyY|cQ+N-a=B38cd$l;?$GlvhSx7~1UEEqX-_qH9|ckbL?
zx$W{D+wR_xy6n<R;#C*MF4-=V+;dk<+Mgr0#!T~}qkH#UcWD1%=hj<x@40H%EjQNP
z+OT_1-E|GSZ@#MTmMbeyzG~NXSMHGeu9kdn;Kcl4)E}B_jf6FB9?Nt&U7wbi+>CX3
zW6dy5z?`mmrjF3bFW3LQ#}s{BF^?^#Jvz_SIn$r7LoH!-E|%$<p+jAd)~S@6uBKFO
zjdIhX)75hKcBk)`p%$I4)(oxRA~${5QXi9>7Oi87Y1_+Xf-a*&Em}vdH(hq8-1IJ?
z(=U;mJVke>CuFF{qSm=qZd$_fx5{+Q*P)iMI(mJgb<A~&)=}#|()=6cX0}Pa*uAUB
zaIf67XnnP*&;F{-wz^NO>(TljkehBF9e+q}`na#_dQ@&&!rG~Q(E2*m5>|(OG3&Zg
z>YBFQ<Sywgt2TYPOKj@P!&r8@-4~Pd0CIe0k2g8(xmjjdD&s}}7whYNO51AglVRK8
zzf<Q#KSzgJG)Jw=YMcGLe&}}opDZg+v)uOUP)k_*L+flm`mTeSy>~g=k7kZ|!xp0>
z&FQ_{(+A`tVQ+f7UL49r%$~ZvM>D(KOO5Rt=Hr6rxEXp$;B1_#ao63rM=oC8Va;)`
zBFwc@=t3cJ?n2)5Omkbt*`C^)+3Re->*!HuyH42NaAfbHqv^ew=9`-{$BrDj`f#e*
zU#~kmtapbsLpRHg?QzyUuBUE-Ohvo0p&R??P7diHtJ^8)n!CZXb#-rC-O#w_mgdZL
zH)2DER|qyvc31if?oC~tY4bOe*$(ck+mFb;cjq0y;%mK?`pa%IKM2^+rtEsJN$<Ve
z?4aY<?9bhI_~60jL$XWT+=tig2lV09J1%6u%HbJ|v>rL!>K*=@{-2jUYj{=i^he52
z@|-g<rjHY6S>wglxO@l*MP6~km@Y4GnxN!4F^uVaJu3u7-Wd-@M0w7ut?>)2@p5bY
zB5S<D8sBD(=UC(Jm2P%g-iA+hXnXV#GAMZ)UP00M`e+)IybZ5(=={@ynWDT6-$2rF
zee?)Q-iB`q>3qGK2#WVf2afODa809+7v?n{ecUOM{i%;Prs#a`0Uh6NX39{<&9#6|
z)^T&)qSK4yo%o~-P0{&B{1JUjEs|fjd7qgnL!IB{kL%-dksL37=#P8#U$x=823r4%
z{(OCWERy5rYyP-C{uN2<|6;><ne#J$Tpx3a<oNm54dWL$ksNP=J{A?p)!5bz;}>N=
z`>Kx@MNWltgFoLJm*Z#89(mq)=rEt;`p;4K?7l%Rb<H!@J=foItz+)k@<eyfzRZ#I
zo>qA@IB@9h4Kt23?@ei(dzRu7@6>aUTh*LN)9*acx<{UbzQcRIX&xzbA*td9xK)no
zgHCYrG@%>Mn8!`s(17fTN>75O>c&%}nY!V8xM5=UBxt5)Q@s=1hRJSaZ@RaSa$??4
z|IhL7nz~<&^>N-<Uq{LD4`w}Xa?X?gr0DUU<DXXa?3HuAPW8S6YU=2?$vH0H&vEnp
z(+~6AWiQnKz3ZGD|9H{yO*8$zxS77)Oy6#seY<V;t!LL9|CAR~=gNOlw0ov6I@?&!
ze#Vt>9Ik?^VWE?w0aDy;^8ZJ_UgPDv{qp+~lS!t{|C4^{^<>n)NLFvrU@7{D7xf?Z
zw))ooX;-6y78%|O>-kRW>#?>E)Af;2r|UjcZ}E>kd0W-Z(e176*E+gy)mzS!|D@<P
z*L7*O`@Bf%=ss6((TY;8lAG4qFT*#grB1Q$E&efF@7K{b-{IHMZK*cv(nqAIhD&kV
zEGM#rSRYBEzAsTr9a){*Po1vM7xj6TPS?JxO{Tluq>e79&DA=(9n@R=`-nagn|!yw
zQb)Ig+T`dtIC`f1Cq=!*zaQyt)9KnCwf@ea7I)ifC#2{jc~q=*-29h$&->i%CeyXe
zby~-tev4mU+xb>ZzuTX#Z99VL$NcHiY^MX$Kj=@_ec^5&S(k2ecl(qJr06ob-Vex7
zzJ}(uGv-@AGpR)n7j3_8Gqu?!?sk)9^;oF%>u9Xn)Oo#5mpb(_tWir&g>O?w=V_h2
zGQ7>NqZw*bC#BP+j`sB)wdBNon>ua&blt{kGhO?p%RVH-52<BYJ%6Z8os)ICZU8Cj
zE!s#a?*8?^pLg8;)eS4f-M`{|v93ER7cw0(yjm^Ob^qR=_NO=a({=yu!SuWR>4h?M
z_pe{y-M^Bf`^w#qV)^IoNB_L!?nl4AyC0>3?rZgi{V3C8GVQqiD9h?=1-jj}&1JsL
z_DSe;siUtOT%(pcy06uyj?U9My030mOC8;eYEwt&X`SqTlsdZ3dr+rM>&SH7ziP9r
z(9ys3q1#7GR8AOK%ZAZ&r<SN(x*F%`PLrbhAV<ziT6CEl-C$B=HBQc%F5T^tBgcjo
z?OTp+JSp0~9IfaVld1d9WV$(irfxfv=`QPM>M>_BYt?>cgE~k4laiF1aT;z@`}fCA
zxCic6=gWUmhU8{E3Qxe(@Ep7dufXfDz7J#aqiQ+FYKg%Wa1~qw*TYS43#^|N&GC0=
z2iy(!spUSdMZZgBJOYoyQ}8Uj058L9aK7vZlV1pz!1_5)Q%64&Xq-^%!6-#PYh<jS
zOEK2ZFyzR6L`y5IpFuOzyWn1U0M^einEGSzBs>Gp!%J#C5lUHwoxEVWerLnfDOT$P
zxD@@&xUqg-&shI%wXyy#d5+$Jr08dnjFWI$eTrA74eo?{)Ou2sqMtc19)k6^tIYHX
zcv|g0&7Ff6;T3otE|B|KPNBD6z4kGV!TK9!`rDmas^A*foBPuL$E1oJg4y$0Tr4r!
zVtkH2J>k!3koD_kzC>=iyw=n4gxr`{CF3!<nPT$vv0a_;XCx&rDb_sM9ND}#i<#Fb
z<NoPT6tq>(b<CTPJUuUJo}NNX`woklmzHt=ZX*iv^l^iE>ylS2(=<;{2PW?UG4nDq
zo{*a<T2D)-+?c1=<r6YZ^Ykuh@&?7s8<p{}_I=u4CLu#Dvyx}pr*{{V_h(|}jmx<1
z6H~OFmT$;SosgTBWy#ZXy|z#9Dkkp-V&<*NIE&8H@?*KFbzf@Ptlsl7Py6>$^<I!V
z_Ih(=nkl9q`WVN0Yf|A%Q%Q!Vo<8QVzrFr*3+=ByoSXj2M?>7aoia^}zA5}_U4dV;
zo{nzw>zV5V{XFzBQ%Qzqz2#Dm>($@()5k(xuRffc^<Hh|jY!_LGT#)F_j)U@Kk9uJ
zLi6-^FnPCGd25ol)r9%=bW}gb#`aa6>0PI2p1#s)@(x;gC9(q_)d0Vk_UYp-^I9ZN
zA3HU#L~bVU16JOc<ZU%!emx!Su=0xKTB=f}Yu>BmX7c*2ym`sf`>H9XeIK{-Y9&vv
z3p6h#H<R}jD^EW!BzKW)F?qvQ-ni@pbDk_ko_;@G{$<a*?VIF1Yvt*0C78T2<o(LZ
z>ybRuCT*m#e*cZ@?cJoFe*c5@`lO!!u&r^~yz`}=W+!x_lv%W|T*h^twpTw-&Ah=)
z@^)K!3&^_&dHVTD=8Z_6f2k<7g7)cWt5|PrlX{Q&_4HWM@~2WyAEQjs4846p>iL(0
z?yNPbS7j>sb#!#x&oi?srEy{P<R?@%Y`<mcZ-XqP$Dg)E;@$1{jFs0SdG$KeFWNRO
zdJU$N6FMR#AunQRJ<Zc|n8}lev+Oxn=#0sOko;UgwwOE}VzSdMJ2NTwrAuXcOm3Q2
zC^vl!lgZhle=BIe36ZIWne@>euMIw87JI4Bm|c4Lr7^F(^k>ZUnqM0ccUw^|ZIZL`
z|AUWq{EoL&^?k4nZ%&53yOrIF;mFHwO>chQhCQU4fO|s6buR_QeorTu6E3~>(@kq0
z+q~@?)HVBdt6$HoeY1KONIgF0Z&t6u&olQ)trvEm)MK0XNxjAkyRX^D{O6?JF1eXv
z`k_M}^UE@xl$*9$x4~w|e4Q+4GNfA8>BD#5EpK>akNTH7=66(8U9!_X=wJGnAG|_V
zgkwIr;g>+Q72!quqW9aV+~kxKTJ-Um#q0-8Q`g%QFrM_?<`26uZ!;$S8D<%~-iS3}
z)*64Q(WF$!mmQ_oV*1*^?^BX5QTe6j>*8%8>)dR)&8BOP``Nv#<hxJ#XQiBpeD^!`
z+wvrQLXK7clc+l!=fXViBX3URjIHv+1i9{5B+s?`8Mq*)yYtH2i2gJM66D-|!>x67
zvcB^xcecf3D2JxgE;xUmW8M{u?bgqd%0V7G|7dnvUGv^|c#|sRv#0v8i`e-oS$@~v
zRP4G#2QsnikIDH^UaydkqsCIrcOAPsc2K9p_U}EAmd}&ka5(0E(&VUoQZ@GWW6j5!
z<ukAP(G&R$Y^vG)Ang9b#}1{o$29T4p;U9*8zkPj_0ZnC(#^5VVfheWvwY;k`!uSz
z(0*B3?vKvyn{U4HX3gE3(l;YxhnnB%Rgk6p`>VIgty|s89{*iBKkD$leaDU*X--x6
z<5#*Jd+9o{^npXoSDc@U?UxQ-A)CtYkK0adhFP_C(A`e%CW`Gp(ky*1`u0HX-m{<H
zd)9M%&wOET^q0BM=aoL@T=ryc?75ii&GOu{UfeSMec9t?7k>9OPUNA|o192Q|1^yA
z<MHB&ik@>y|JUnx<vCLAqOIPZzF$rT?u?7J%2b(mb6(D_U4q=3cjfHN%iFapcjvCW
zbEYFNe(%X|%8KN>g*$U|c3rijG&gtWRXa<sdTk`~UAX}G@%Yx#>DOMgb>j6M60&o0
zp|Ud5^mmtiEqB+zb_w=Y=EeN*${f?klH4CZS+MijmDu(Uxu(h8diK*>&w6g_nJ;XO
z7JWPEAD`N9NvO)}fB4SatK>>%puTWx%nOvHQctq1yNI`)q*`r$fA7IOcZsIFZ8_Qc
zJMH@N8DzJ*d;I5mbIm=-zn^V29q4``%hD$vxkergB6+g#<@v#X{-Q<So;m3&&ph^%
zkNx7_e}DV)xxdN#W&WFUvI}>=n5E{tQg+afextLea&N24&(6!D^ohiYQOBJh$^Guj
zocZqTtSm~OxaCBB_CHl}PU(+J=eyrfI^A^PY2DlZqT<3+%X7MKF0H7j%DGVQ`Z?}>
zytLvq1z(wZZ0=)A_pZIY=-ZX2toWY?*3V<>@%3!bknZP##h!TN{vvHkRqkyM2R*|4
z#Ql1&>3)6bpEq52YWKFkIPbz!x~ogitGF=o^m(tT^3Frq>f0h4Kb^f{yZt8j@|<7h
zKYv2$z-W%!=4W$nD+<<G`ow+Tbsv{@4UFy_@Vh0+<+-J4XJLEHTc+-xFL*p>Ti$1j
zBG>0$d1~o&#GAbBlwfvl<#{o0{wcE2yy-8dUsIk_ny!fCme$=-TKC1Rn!8@=4*HMC
zz^gVsyv+}c<lZkYmdK1}a)bXOxz`jp&lFu)VJ4O5PU|uBjGT$TE8kSgy<av}B-h#z
zGR?ZbKb!k}{x46E1#{f((Eph%?~Gg}k7U^+{2F<pUi#S87ga>gjO1OP7u)^tw)|a>
zUHitm#3c`3kax+CDx8Ul<a<v&c#5^$ou^)(bLA<fFUbF{Twqvrv+EX==XQUla7V1v
zZ2s{3u=_cGeA>M`X#a^XclJjL+$1@$b^Dd)epmi0+A<x<kDL*^`r(N;?3j4%MCBV!
zxU6$&__?am?(=Gkt~<j$C0zE<%W6wSyY}fhtt#)bhfb_55?z<qy(`DvQj+HZA0&5=
z^QZUfZt~`JKbfU`qTX*qt}|6+Qnp2I%l)n7UYKY8E8VBnyu}f%kIUKbgk&q6^<+?4
z?(gR8lD)q@A2j9JT%2Q`miwA)e#!YsP{Z6~yl)tozC5=#C%d}mb8&xtPBKpRx^$vs
zZQ7^o(%Vk)?vY-8jvR~sFP=xqTJ<tji+KWL56%2?uUhtPJAJs*V&<DmS@Tq*%$x1L
zM69g#$7BA`%-73fE#?wA=8k!}?q-p3ZPQCx+hOWxTaC4yVP<`8yQ!n?H`X>9Yx~0-
z!*tfyewq5(H)Gb9$=Q!z>r0~glt_nKSKFr<`YuPQ+|HAm7M*U2`8dA5G@#4sP)k@H
zebCZ6{yROPb^bd!`Vy+<=un>$YTNXYRZG}<b$e=k9cs}!YJK$5W%XkQI$x(J<fc!B
zb^0B0Guxp_e6>GaUzRu12gJJXwEno<wEgPu$W0%z)c+zkEn#ibI=OPwp_c#CI=}BW
zIak)D>(!y@OH8cCiMF{)Zd$_HbFoa<WzA6Q$m!BOK6KdzxoOeqYTeFS|E+S<qSMv-
zQnS`?lbg=h>F<`Cz9Xm8yX1DF?~lk(j~ku-3AvelG%D7j%bH@2$=ApP&DEh6t)q^~
zO>^EPH=VE3ua}!SmbA@gy>G$vy<%NXZ}-VfOW1n#B{<F1p`3}`I{Na3-Zypno8_kG
z1kE`BzYBgqtS`T5oo~s_?4t>BRBoCxD>p6L2DNTao&GDiY0>Fwx#D(n{#k}5XH|T<
zKm7!qC?%{f`cjN$>d-8!=b^1~)3)6yH$4v2`n2EF`LNiWH~Pif<fe6=k(-vVb;V@5
zu1kknv`$QJTjZw8>b^7i6=I#Q)8lf}qT}kVa?|Oz%FS$Nd1mEY=ug*UNlRE8HoISF
zU2R*rE+|FE)q33Px^$mv(dnj`<IwDP9hzfI`=TYR{sl5!*QG<#UtO0u=Jh<J<)xN2
zbu>roYCCmbnM^(Bn0>cLtR*Z{r<=a~Uj7}gk#6`}i9V-3dNjR9pR*tTWf1)egnXQ~
z&U=CFYWWt+aSLme8hvd+UxM3n;|(ue<(g}(I_9&@`f28kD=>3*-FnS6^0DXenchdD
z!{^oQzUsE!n=Pj=QMezW-ni^L_wDgJtS_Qi3(L&<=H|D#FO%F5e90yIEgqSDES>%x
zv#&~}Hk)gD>%Mj(UuwL;Zn>=d=H`Qk-_g8Tf>gLV-MsfmcD{W3W8)sn_D$;@I@Wsp
z{9u3AHt!9YFRhc0hifbL9L>n9Ki)T6HoWM*@#`uZ4=?+hD)zCpVSdPgwb}gaQRP-J
zo6<X^Hv6WLskPzo+ORy2tqn7HU~QP;?Y!Vnc4vkjQf5xr@synxaxj^BAxDxs%k=8F
z!^kWcehitp;RleJYj)R$qsPn)J#@^><BuEn`(J7A+_Kw!O;NtZCSNJrF4OkxKX%Cd
zR=qbxHeg!57`MlL-OjBeQ{2}G4_OnN^##m5E$*SKS?=qed)(JOo$aCT26^|8|D*3Z
zU8LvaY>{6F%UW^#cWcb0rdLf~!?Ws}hf_0OFI|F?C%@{zlIL8`QCXi}Dg-5O!(SEB
z_PimODav!Mvc}EBn>RUc!>?v({cElI*IDCwSr?SN4Zl*U%ikEx6y>>}N)0B-3!}k^
zJO37IyuljR%Z#Apxt~1dxIWwl<@opQ^ztky|M$OprI&d@dFk)M$%i9Q^4w3z2NUw#
z%Mgy6r(WK)JohOD=Wh*0M0we#k*5Cn)_lEO2})k}lFOTx=U&Ef{_VktNPfM~8aJ0_
z-sC)aTE{)27l?YXujM4U>35;@LQ9KYcoxYw#mqg%n_uaEZdvDR&x_>#V~&`AamO!l
z_UcT(X#N4;no}hApLhD>I?(wY3Mt<F%d>x%*~@>OGa&Qw{oCozi@*JXSc^VME0X)y
zH{3DrKh2Yu)!Z^F{};*q?Z^JO4s`yaHLgz#wCIzXBDp{6`(|47i9wM(?TuoC>GJ1T
z<E7TP{{3-Nw0@;Eu7AH;%QJE-lKXe9Kdu+%MRNbX!ynf@S0sN0=8!+G7tKZTw5`J*
zmr=JrANI%f%uyuwck_2*^`f>&@9(Y0GTC>mHeO4bFJ^6ckPn$CkL>0lO&?Z`{Ri!%
zt@5^5W`B0F_lSM;kTuzRyf(`Q57P25;yz+X8?%>2?q#2h>d<=&O-438O1qW!y)8TU
z)<gOxTXuBgHK0`9@K}9tZ(4q?#W~n~@TmMwjeG$*-F!&L_O-stao>sB*i83AP%`X?
zZJA_0R=dq|uf)yeolLn#-rUNz%zB8H*~dLD>#lXo=jrv>&%wixneNs(Q~&o$PKe!Q
zalDv1?sWf-uTOf+XT;@Y;jH!8HPfSTvD(kn7k_g6hrAeEhB`uL)Ae4dbG^_1m`ol2
zAJu1n^;H2W$MrYiPIf<cl%pMz;`Y}+{k#3$<xO|{i-&prTOeAF%k-B$ZW|`t>h22{
zW_!AsHQsc08~XV%nUv$(-G;lpI^~$IS2#KT^h#K3ZrV1#kH@vmZ-d)kf4%Il+ctk)
zF?(J9@#AiXm+RWSC(!158t%Fh?qqM<`t{v)`R#GnRqNF`ZaZA(O?S7$8$G+*!N0_D
zw}U_3-46crxKuUUuu5I$Evx@;x_$h%9k+ehX8-=>w%Olq$F<o%p4~S4cH8V<wz+Ng
zx3k-3zmD5xe>=Nv{_h;aJl+ysAKhcvZ`*PE)ZY%=r@wQX_?hlD@z>?%>jseG=KJe%
zw~5~`H{V}ZOzN3qRhQXx`}>!r?z(Q$n*ROK&(!fvm-UZ5cUiwZZae*D-FEuh_IKta
zbgq9cVt;>+?RkPMAN4Pwv<-UgpxfhQ-`W;^v0Cfo``&_cdsHh+(HFp?uXO2IKlm%f
z&DU4yq_~+fLG#>o$#l(Bo9|L;Tr?*CNqM#0)LKVhxYO_TEy_?&-|7w->I=bIr$B~{
zYMK5%8SYcZylwLV-@2ZDwbc2Z49ETH**?m2UH?|Uj;^cBcU*>gJ)@a=?5Itf6JpJ5
zlA&H(Y8}l{Z}A^%-mlZ8PC|wQzP}^Gr+jN$zNL;ij{I|NmeuPnU3Nf*GwPVvF12aH
zoKBZI+UB3BuaN(w=;<J;9g=dI+|>Cp+@h9^ruTL2k51QZsNUk=$4mX`dYr1wy4*~i
zAVr_8M8(<6laMLXLo;Q%oq2-hoTrKYaUusx_BfI0n$P3JtzYI=_l_m8*3s>*-xbv3
zMVlCv>Dq=1eCv8Ed~2T0(>i(#sJHBr|D>EMH_eI3P~TwFI=XGtTm1X!nL7P^`A<qr
zZfb3Vn=dQ+W3e7LI$g7?eQO(b`<8+Gj5g}mZ}6vU+wM@ybUmJvYRS=d9`G##_xlWH
z*-!j`?7a<mRn?jIea=aUXbuoU#0atOa|m*R0YXF#HfRVj1`P@!Vo=l^AdqNC(hxLQ
z+Tp8|woHp3ufw#|qN3$#nfg(tLtEM=l%Z(j6nLnEQ<wqDW2u8JGPI&%`~LrH-}gCp
z4#7ItHP8FJ@Ab~Qva){r-uJrqy*~EZYwxqqI!5l=6#7hEn^sWUe;=RvtRGf4ZL-eD
zS}u34L5IGusMKG9^d>U&Jz>?a5;>~Kt=*q_GXQ}f8Zqx9NavA}Hzurkn?+uTl&pDK
zX6B_09-F)tDI=Np9_xi!?u}&FFA`Qeu77eML2!Ko%r>GQIRgTLhmi7I&Vjr?(rbiq
z2*14~Zx!XDzd&@T|DZ4u*EY1nwqrYGN}Y51#k@QYheGObKUwR6ep6=}((B03VY`u4
z$JIaNEC*T3$UMx;_F^R8jg*lbN7_P0UQbx_x<0^@17RFu4m$oHkxnK<&bo5_3e56u
z5;^PVo5C#b4zlF!5;=ALQJ8sO6=vD@kwyQY$f<K!m^#M||2tXqPZ?$%(NCs~nN|3Q
z;2~1~TBInp(_y`lwLaZ-1bIEk$eA*Ks|M3%K2mb#t@wxF>J~O<gBfX`=c4P|(2ogc
z-UdK$eFO4BVYRau+swNZDI@s{NLP`e&%QubJ5Ny#odZap6YfI#Ei&{c2y3}sq#XLc
zL%L0LN`y06AcSLx)H#FHjbn5k!9&aev)$QW$^DTsKfi0u<Gb=g9tJO`9LzqzGEiqD
z(yxe|dAUs;2IoIG2h8@OoGGK8FQ1?sc1n?sAVY_3N7gbHi`+v>)@xQR<;eTjNbeH9
z7wH3J*kPNJRlif@*yVr!{1yO$8-JuMYzyXPJCfChCq>ToBCE}Bh<pN4vYu<My<l@Y
zWG{<OiLhQ<FQ&Wz|Clm@*%q8y<)D&3ht$;x<o&_)n{swJ`bT}XiyOlsr~NxcPW}50
zHwaU|)$lT5B+eFX!jxleqipIx=pp6QlREU5to7qj4juYcCCoaZuaxsRcL>u*H(o(b
zzg&BPJHU*p{}36+%0)`n{`^-WXFnlpowLk2qwx>HUB|(!PwM61;xHYlM~0lbBgv4{
z&+Co6RG4)&Ss3oQr`u{jQ{*{F$y!%1=WKdNhmvtD`cKxnqKiB(`!ef`I`omOWu#Bk
zi6Om}3>{Bc%S-=quEswE9)ryCW(c#4<V;pP0=lEqVLo!^4E#fIV*(nP=gV+J+F^Og
z>NCrjLkAJuvA{eQ^Kf05>yXk{>hQQ@gpv63E6BsbT34=qkeB(~aiNoX+#>9wP1ZA6
z%kKQ)K@glj;DkR=u7MoGWgrJ~`U4YgjTpA=O-5cJOy8yoBk_GkUiyQfGts`zXV|B0
z=QDKZo2@IhE7zmB0qF!Xbm${l+t>9m=&(%HqQgEw)-nPEK^jJ28G=+mpie;#5(u;#
z<RFURAqKA``E?rfNd7T`5uZzt1UXqoC_@Z#fI+B246-p1rXvP<av;<p26-Vxs7DO4
z;0TR~!I;B98yV**LnmU89UNgfVi0|aVJ%{ijexKoF^D?Rpk-tmXc=9(q>OY+%UDE~
zGO`YX9{wRX|D}wz*w!-ElckK!WGSQbQ_8rSaw((pP0F~Daw+2$vXpTfS<2W&mNNE`
zrHlv3QpV%tApRkoLR3CyxIgx*ocHC*9y!FE=);EHx*H;|pghgj;dk(q`4+V@zXu#l
z_jNi9FE_l7+|So>>uv~dHgbM<Sao)gFY@*G7(QV5h~bll|4Y~15FgyS8^Y(UyV2kG
z)2+K9{IS>FxWv!v*4+?x>uw0UbvK0Fx*Hsv5Zt;O!fxFSVYlvvZ~*NV6n5)w@FYNR
z>uw0=Q%BgXyCGa^<R5$84aw`)-4I@F?6`F|M846;-MSkhck6Bp@crzfj<8#IL)fjm
zA$;8ExOF!~e$L3<x*H<TK|fWSo?*A{1_xsVx9*0pTX#d4-?h~>LFO3d_r+D-VR*UW
zb%yzUYt`p>rIq<TXXPD+_ZU84_=w??hWWkaATPoQ={V1nvkd1Mjv1a{xXf_1Vg62<
z+MG|$@{iSKc$wj~hMzFJ$?#Ug+YRqByw~s{!~7kZASXu%XAE<KqH_KgmU6D)e8WYC
zOUanGFz|P&m1_;x8*V0ZVu;Xbc(vj6hWT3~s=tMd>ovnR!(E1Z3?DRn-0&&G=g6FV
zA@s+%rJtSg*`9t*;gNYUL?|R*?sExwn9m>gzXwGO!K`u@Cg8seg>D;N(gjXA$YpK|
z^A}ui>B4=8%+Gxs3OK*9_IN#38^8o#D_lk)LLuxiKkZ=%NZ8}Oo3&Ra`;fSxw(GEE
z{VOr{(6tiwmV>Rm3fYIm1-18SY*~91#vZCUVQ(|o+N;8LU-kEm6noQQPwVeuWADc)
z_NHSyhNwaP`#uELzed>WgpBpaO9%I{K7WO1{iBYY_8?!6>FdH}+(0-2dqqfTk3+E9
zdlzi&t;Kd<_D)NlGNcSyUeX?iIJGwf#;m;!*w<J64TO>{ZyD@q{c#9Ud)K7c+k}02
zh#IKJFgC?ro##K_VR<<ms697#!nU3tJHR|gG^oAXQtWN@{O2CD$J1HuwWj!Y3j6XA
zHK@G@QtVYl{O6;z$9rtG_vI9OoG0>})1dagkYaBe>~YRYdmKL0-qsX*EPr42zL{dL
zF`BfeV+H%)Ybo|PpY$Ntp#E{LNG_8dc_RXWdNBRtlwbY(U5Y*Wn~(h()ZTAX>@9=6
zW+>4fx^}`Ie~TNciT2%#4H?oQ_4Sxu0zK>B3D{%3&|U;l{Tr8J?>OwSpK4J5xR#5x
zm!I$7uh1S$C+yvkV(%R6d1_4bxXHC#ti5K~tB0KSMj~<_+oL(fULLk>fO!|%MK4XZ
zFQnHAJ)W<BNpEEz$7MM+&_9OHK+l$=2j$Ru9*zB4j=xQ@SB7nlqZ-uS6DjukqcT_z
ztd~MWwfFrLd%SPZ={Rkwy=^J>_?d&+8*A*nkz$Yc9)0<DAjO_%>~Z{6|K3lr$8`hc
zR+#Q3{QE<Sy+YX2ah%T})SkPqz&2$JtC8>X+W6R}9ydKSEK?o-!r1W#Y-^w%1Adm<
z<tcMp_$(C1<=DY`)@wcM2|xea%O2;s^iPA@yEet%)~k}^GoQ;*kM{6$xV`Lg9^99`
z+f(fEVNEUa)4z#`YOguP9_Pt@)$_s>d$q8q_54X=?+YpRR>NKi_G{4c@_vh4COcNc
z-fA%Yn}n$TJ)2^02kdbi*P!;EO0m};lL+3k)80*pYVRj0_S(?UtJIk2aq|Z$_O{}=
zhbQ(XiyqtKS1I<+z@C0#iFVY#*Hi5E;N(t6AEbX%M346Vm}2i7CSR{Wu0id+lVWdg
zA->=w{@n~^Ew8(e#J2Y5Js7;ctj0u-n}d*ndCItfFb5~M_UBu$t@ermI84G`9ZvGu
z%pie!3}XP~GHxJj9p^vyVR@$_av#g<?p2Yhf7@X1YHVvzd;Be7Yi}buUo(_w?>0oW
zw+LYUI|6&GUk%h_;Jq-pj2j63$NSIZXm1)K_tC#E0<67!Jma_@at+jD_#A*-#tnoG
zuy-6O?cIUMeYEH9qmiQdTv!cz+^0eL`v7~LS$hG!pMOlf!yi-c^vBfehx72`_%{@K
ztUn#2SPqUC8n}<~O6Z}hC&EvmXU7fdFpL*_{#GFH0rWQL22#~4gdU2LXpdzW_>W_o
z?ZN)aeQb{#Q|vvCi(rLuMD0yXu~&bMuSa|L7<-(XYuf??|D27_OpsTD+G840AyN;M
zCO*et-_q+x78u>Pm%Vxn&fird*r&*Mf*T&fZ`8;NPk(8Br~h8l43(D>{(DU`ze3oj
z7}*caso*{{?dzOO?epJ6zH&qj+DDn%K7SJ1^@totIR5jT?5odLBcs}YN`e<OwJlC8
zXy)PfVgJH!#a>%f1TBWYyr$V99tbD$1g3Z*aS=WIKeCQr;-}E~C9z&#A?)*;TF&2(
z_mA^^)~jB7{jw(WYMrxv$vUoGNRRjF_L^`Zy*#m}*97YIbxjxv`N!#h);DBv@9F3~
zpW9lF#f|Z6#}_Ai%wOs+|2;;s_Iii^9wYtwV4q_AfBP8O_Taq5|Cv62ZPB&Y7k|t#
za`Qi+0?ZgWJLS8DtSL-u+&r!x=`zIsr^99(a2KK*&;N@LehT*Z{PE+4!W3QJU;Xb0
z^(l6FUwEOg4f|L}JxEVb&t9M}l&KH-1mvqgtViTCGCqguLOg|-k3PcRL10*pbOYjc
z#Jz|o5c#=hK4KMOGa^5C+>ZGF_i!9_aPEIYJ$Q0IQflr?{!8l`lYn~I?m*;cs{G9K
zAYx*o@n3qd|2Fpj^%^ki&u!hmrx+{!#RimQPaL4D-evZ@nRhaF#k%&PHN56_;Yrsb
zT{h9K5r^MD^jhaW&@ivVYr^uT{sOM3oI6_@I@=&^nD2GO7jnVX>9<XpIlkDdz<MbN
zm0ZA8Wp|X{dh?Xp8@!uupHee>dhN{>Ud80v$#}|e0X^=;zPs96v2-fUKit&O=*?@z
zTC^=4YP4f%TZ6L`sB~U&UD$>2R{U7pfR$xi<~8sbz4p&<TG+6-!yUVqd~v)PQpvq2
z-svrAX`09NXcsp<!bN9Wy~X?jEi&HOvUo{bTWdQD-xy!q=q*`{Rc(9a^$&7>*1&BI
zOTFpwrgqP*aEs?+Ska_?sn@i4@sbAb;l_p*e{EZ?8GF~1`?V|`?Mvo$1ZvxtQjT)+
z+qzy0*61)wek-wD`d#Mv#Z6-2{<%%93ICQD_aAC#U)<E%5(%K4XT}#aOp!Wv-%X~i
zsS8_L-TJ>vS{`g^eYnNr;u&7N!^5v|daVnzw$bX|+$9SZG_>>h_|~%P4EMLi+ZQ)z
zopLeXX_KdTtt}o7+q7UQ?WgF<9*=7TYvJM6ViwvrhCCGw^V*lTb+9f(N8O%^-w^h=
z5yyJGbR}@J>!nmJLY22;ed3OWg$?a~kGi?V8A3DqcA$TIYoZ6S7i!-}PWCN16Pzdh
z62Ux%`h$Y`CrF_eZ(fLM>u6l$Rx`#;WgAyM#%aRm=F?Ft#(8&~3za|$$Zk`P6G3`S
zqAh1Owzn>s56h_vS}_gn9lbJ&d>-X<VbGmLc&>V<G;d$~S;py07B|vouBYrWqmo-?
z@n$_%O|@4(`4(5=rKqgLN#gSRqr*%z9d`AtCU)2lT_fUTUwi@8RDWsE6-6tkqP3*~
zCt9zHzEB+}R%sRoq%H%g^3=*^xiG|}^u>ApDTIAer{nB+A$y&(%%AN4?r06Mg7an6
z>&w=I=oEVV)|S3?*j7yon&!FXvc*^G%DCgs^W>0Ywb45k>pIp88*n<s-5H19Tc6*$
z$n!@_thLbnVkkajXFPj<eDJY&)_d<1Jo<Lp)D<80i=`I~4u=XNdFB4)<+aez{Uh=!
z!fF2IqCt5hrv+~tKZY-5bm85RW5G$ubx>oE7Duskwde1PzR;1e0;{?g6vhS*FP=Df
z^w{E1Ai8POs3F55?v4@ps~#;$*A;H5za(()pf62M+CLn6GdnBxXh}$w#tg`4hRxz<
zzI1)|;NoZ2U;kJ<VXX4fK!Wv<(NN&3@(Ukt_QyEh^gt|9zz1*ew;=COsJG9nGO7Yq
zk&?kT@TY&E5gS~xf=j#?3_hDzS6$wng~AN-cO4GBUL34?v^c+a9hET8<k2GvChs1D
zg@+5q*H!-<Rd8yY)FZNmf+=-yb)aN&Z2YKavwJ(!u{$645rZ46rInHgPH87wp}YC8
zDxeL1e)+NjCBcd1b%Uqh-c>UGhU332zWb($p|}3mZwHrzCuSFfW2M8R1*I&)_0NPV
zfAQy%M_(CIwW1^)1xg<?U=6;D`NFDDWXR4)_WsD=W09=0?__sR=R)Gy-CY;I^UBdT
z_Wic|y_X7Rp#M#F{V&MM`_kk|!6Uj}^lRt^0}@R;CcNf>K;BBN)1i-DmbcpW&)X(r
z_2WcdZ>RVA%3vb%&?_$0`4a5Zq3R39#DeIaK`eOgI?Lrr-5+JEF8XHWG}l)q1-0+f
zt3g9Q%u*fLs|f6gyfR7qYQcb^*_V_AZ>YZIC!yV=0@K3UM@lBef}=<9prgmSV-8Fl
zb0<!M=y?ZvK6?oaPfHlSV(7|#&hSll8>`c3wICQCGV$JbU(RJux_8jeQIG2Ilf{A9
z_=0<5!IH@ZX|Wk^M8n|>JXGBI!m3K%k}$<Bs7q0~4t7-U_)KiTy16?4-1>I1v>Et7
z25nn;QD96sBZJ(*<<|pT(-?IT#J@^X|9AErJ-F{g_t}@SyUWn<k3F+#{ot-p{F^)D
z&+m^vcPzg7bo|-Fq2l<)^7uE}<6j?Ip0g)9bXiU~JDff#y*;wAt#}odu3s7X`ttn8
zJ+I@IA)(6Zz%ALK-M0pYUv(-vxcKS7sPB$VRAKam8I@Im;rT1Ovx*M}Z(S9>__3<o
zM?SZ*e_-^8t1DKP=MH~(H$L&YXxc>!uRl0^LQQv8^q0X~=Z5>$ROVh?Q67KlhG<QB
zZmbY>&=m;09hwzNb|0+hUWv<Yz~A>_$h)auIJ-Qu<=qMBweZaw;mz8Aaa~?xb?2Pe
zfP(Si;)2L;2cM1y$|Fw|Kb;GgZYYU9lk3Hn`xc&DdC{`tB?F?}S^oB{l^ORADt{&y
zf?LZc$sqe$sONNf<Qv72jR`%7dWs`oH`@u^T8et-vuFB>W^pOoh1+-p;Zn5ApitzS
zJ0s8Uk34rQviWr6Sv1R62b=S9$9}XzUi#3*>7Av8{U6?*?4w-PegIxST^ejxzn?4*
zRh5>66Ha8HL-Ba*PfSrd2kZ-eFW~uq<l;}g5`SaHZzsPu{;}uE&?#0vH(}V?g8m<-
zMV~7g7M&U@ey(KLHM7%JK36(yZBzfl7e%o@8Vl_Sg$M2)fhA1`ROJ;H2C^caUwh$x
z)A~*7r@t&PD?4Laa3u__UE9An7Ko0MR$GugHKHvT3%f&<q~V0fbB9^mzo385Kg9}*
zaj0u3M_-8*7K~M^8xyO`XRuOL{C0Rx;jBY{L@~ZPxc{g2#1GCmG5IWh^uyyC{`PkV
z(%$a(VMfp6r*{{>mmYoLy4|&ScRjkhc+_`8mH1_dxzTC;9-I_@*)Pw7JBLTZX}fWp
zSMQyS7icQV(*xx<2Zl$7UxVLm*nIuA-@H1h{Dn>BQy?mce7o?6J)_5j=M|R+UY!(v
z#y2s#hbGpf_i5pY-WCSmQ}`e)Oo4^2Nz3)JMH2<VX@e#We07X(^wnQrr1|ryo~~Dd
zJA2N(I!QI(4vj9HHmELm_oUIH`PT2>Dl8fN)~}E3>?-g1U~2Hz4<`-M;izD6U2ycs
zX#-zPXvYSR{@u==cX@2-`UOE)95`u^+QXptyQ;`r$FVMc;^de%@ScQ)SI4elKU<c%
zdcWLPM>olNhVy4<L^}c2{SO85()AkRujX#na(^WP^_LUsYw(h2Nhp?Bi9S}i1ATJc
zP8}m-h2gY`p;#d_ddsq7g{p(Wxo};xj_1kM>U;N<(A#Mrria6?1Ya5aN+faoaQ39|
z-r`lKcCISw@n(g?_YS;`gZu!$ZFp5mo~js`N8>yh$jhl}JURE`SmdhW!3l%W7Z$Ja
zc!Kt}^yIOOSg>yJ=sWo{1c}+mYoXWoC#PAkpN;9*Z(g3<J1?}%sEMlq2PD{czi2SX
z_w@B+XsM12%n4tZiB{v4qW6zqK$dtO@>=N7{x$pr>|kLmoV*?->+rP!vkL!YAAun6
z`cQoM&iJtX@yn0Jb5F-F!;e=yI(0=&Jgcd@Jw7-b-WgApgtdCAcvaP-Wq!TxXyw(X
zu6w$>_|!xOPuGi2#t(wH_^jEEpG<+m3RTETDD3_&6)IoGq|GmB!8_r!s_uzUp4hKA
zlDBSVIITRAH!;0r+}2;0T)8Mz_h{9Wk|BB)y%yTIGSN1Z!U>GNaCPN3g0U-S9ZP!6
zvGuFL6QOXw*-y`YY4*|g_I)^T&At2;i-LH`9nojjkHW>WJgI+hP%MslM||`cor{Oo
zTo<Ujsk}R<xI0&S$ZMe|_uo}BF6}(&&RKOg{d{t7&0}}Q#;<Enc-e=o?Apeg@<!gq
ze0#^pQ2pe}K=hd}6-R=jhGd=Hm&lFjPvy*D?4~{Ou4q>@&ezAfFzbG4$Nut2Ka30h
zcHKLe_Rfg$M<B5meeGDl*vOdTm;c~P8N(rm$u&0ynXXz>8cZCikD92=44&`(n`p^M
zP;1T2)<PL+eJDOzQ_0*}y=$lD=2%=N_rF0syUI&c0_yphDcC<A)3))6Ix?*gEsqT@
z{=0_JBfd8`RQaO-W*$Y+O|j6XP_jkUvt)a2@1s3YiZy=>l&px32%J0?jYz##ttdzz
z`tsFPGfLt`TDM=CTr#6>MNBk`BUzj(mc-#<JmVW5aoF8Y^>NrIU%oCj!*8XxLqoH#
z>V2d*+p##(FELklqsG~NLw`I$NB4}qxcbf*wY5@*%4j_MP!uZv8cF2hymdEb*GF#j
zqLFO>XhT1dyn8qn$@b?TfLCTzt%#-fJoDT1*o+#KtsiDY>ss_^TF~9|Kcb)+5A;>g
z_E=x%%iK|YwQ9{((Py4589eIoc%nC+*NVGq`Zx;v;+F!d>-WVqxAvj<`e}50+<dzi
z)cqPkH=8kfM9FweG<M&F+wib2#{K<cgZP6wfoOFwS`A2xR;Nd+`$elWqSY5gtNTZ*
zFOF7U60OeEmMjP#%0>%p4QrdA0WuZ@dbMqAMnN8a;pkYhfJa}6R^t85pw{s#M=LXv
zwTuaCLKQb7NydaVu@M_z5+C*KY;?p+<-D$P>8drAvRxtD<-Cc>nCwe4@bJzJ1G`Hl
zy+P6vm#*4<oxA6`HV~W41B5Cs{d37n>wdcKS^f34aQf7j&R&`DqweY9cg}u#cbadd
za+IVa110-nLt@2MPmkIb+Wpj@K1}0zv@zP5Ha9Z3uDd*vRkA{-i&0z!UdCgLNFJUQ
zgxBC}<Ryb*!Jr$@u$>K)m4opwBa6PT8OZGc+{TM~*uI3@7jqleRcvQ)yC1jH@ei{Z
z$byt{@6hIScKUVu6Q3D`Lv<?(`o&&KUPqHh*L%5{m3`bZghP?xJ0rvPM=n1W$vw^A
z_i7t(>M+`fpJ`4)hG#MFe*y7_i0jJzAGgCb%KdKGI?R#=obrGCF1z<{r=5-u`4B&D
z^>)9*8B6zthj1Q$WXdY<+Q-YT@$MQDT5}72EN@!BQ&U!zm37o#`#A0f@5%{fR0O!M
zJWw3D{I17&ne*$f;OM%Z*udz{4+>U<>%P#v8~1vlg6`r-?(3`4qniTJcxJ)ViMH%K
zI=4H&raM;NU056$kQkYt+!>BNT@dVisqxXeebWXMcYABQzbJQvheH`dlASUd$-OGt
zFFa&74j!Hv-m)^D8#`JMe{V)KGQ40iZ^8>AD<ipI7(6l99vL<_a(PX+7waBfU9wNd
z`NJXH2aNi9IJV-RXu&|<6JUb*<Q3^d=cJc(AN%PCZ&gnk5DrP%R*b%H^xM-0+*5kD
zcr#`o`vB(w893dUCff}U%aDyi`x{WFBSW(JQ*M1c1DyEuhxl!;rkCEn2(!+~(a5C*
z<D-$w3L??S(1O9yNKQczcgtPX7-ui`{VCq`>J7!=oT6Qi<4*Yca0usI&%ebcM|WOY
zFaRZ~<ooN$_j)u9w>Ee5d+;W6YqK9ewT1hVJ8)GSeNAy%ptvG1{4nlqdcx0+`tEOb
zXYy|7Kb0jmSu1I1%|(4V|Cxb}FQEW<I`y<p&E5`Stc<M~`b@f?cg#TiHebQyX`zx8
zua5IYu@yRNk4+x^cJlt^wGi$+ZW=9Gua3n`7FE3p=iHcqeLe8%qtAyX9%Zke8y|4^
zqKMv(=sfVl5aw?fAvlHmRAAQD^t{sr1K*2R9i56x*YMfWx6rRA4#p#&Wbg9Iz2evO
z`u)On*W=Rv#X!lx*a}?3*}XD8k8A3{@UKT*6RKPWk2hiP52t^-bc|F%!8_kBpW6M#
ziudAmM`zn^eEy;E^KEk5@%qX@v45=AKoyQv*FE~$;-6++zb#bRAm=4!0MX0ei{tE=
zQ5+dQQT#8D<W3zN&Mrv$kNdp=v3-8syJw$6Zyc&uXgpB73-dvkzq|B@QD3L3d-R05
zcSiqm_<!6`iY|kj;luBjh9C2Hj{fuL!>*sbU!B^|{v2L~epa<&(!lrSTrx9(70kHz
z_g&F{`k<hD^f|P;6trMpN%!ax(+0d%I$Cm7?Ys5xv448^t<r=__vo?H2H>Vu6yWUP
z;bSWC5rIGF%^UUjgFPF+efSNw#u_}wC>i+eF}N;gc-k7}xBx#`ni!29JU#r_v;igi
z)X(=neCzPuJG!QJpWb!u{lsB$_dRaf0M?8i_$?fEjk(HVAlQ8oj<HO}ie)lZtimh^
z&+SlS+}YPy@z^H+ncb+J@vHX7M;?pkpN@}+#&e6~m$Um0Z;xNGGctOAWE=*(qY>@N
z%Z~4z<VCwZzbV#bXAF~J?8DHZl?i$A3#$@2FoFz8^r^$4ji>cwNN7(QV3c=X6pBU)
z-^}he153Qb3$My6f3xtStHRl?d{-5gE+`!wE{?{B;b#Ds{h<aa-}6l5KhHKg%75VA
zAsabR8R3!05sh44Fuo>|I~!wQVZq><$gtVyslyiytm!TZr{lVyMqUd=H@!N#6c-o_
zhxz!0ynfe*B8j`^r2EPHIh6HaFm@D!{!zbzUJIQpR&$9Ay=!O9&!HN)Xa7gJ<t|r=
zBYVfZ*Y}4Kn+dz?mL)!@nUs890H3}a3=|xl6!u+uJ5+Ua(g5vGokt(}?9!vSZ!5sH
zp^)`*IqM}?>SgYxKuveiv<%cr;&}eW?TV|<E0;aKZPJX#gRyQs_{r?^@(tZOSLdC0
zZo}`bUC^J-ql?0HXrO5(Z@>5Y+_Z#yeN{(t6zJX8nu7)1L)V$lZX#D-l|B2-XvS5c
zTujCSHP{|Gd%?BCF>FWU!_j&0ffSqryUw?Ju<d-wqnuYnl#4e_zM1f)FvLgdy3JlW
zHxjFfTv6UVp?FguQ5HA;Mn2l^CuuiQF!XdfPSkgHMhezs1se0}!sXqi;WTx`8S*~T
z(3*l^AofnlK3r1v?JNw<+W5hqefJa=Bu4F%&wNDoh>j09-!6kgfmfcsr=}+U2`yEu
zIPwYg<@LuxNlVFhU37P%{ZMD=!FzV1Y_p>Mb`K52_Td3S!PAYOs2f<`9ZNo<#JO-R
za>csOChi_T+UD;AqkB$_tqcZ^#jiL9+b!=ScTLX+HSs(=f|QGFG=2ph=fG)wN*Rq@
zF}kO{=YysD+=aTYb0wTn(_L6!>6xyH5d`zVya^wxyym$O&e`1oeHapr=bc>nu`J+s
zP`9HmV3JxBDV&XY-sJ@m4s@934a3ZL-=YEVkma&t-0RWwKI^Uq_cIMzALlhrFK2gu
z70+{$wXUB#V(@#$nC1;qIr>HyW>fOK(6;p#0tHtlKb1cCQVdQmk2dQJChz3_WF368
zZ|H*$p$lTrjO6*ptIMnEo-{D_k~ea>FEG9g{c`eGY{U52GrEayy~4@Ep+j@~aC8m7
z#FTgYw1N6?`HgT%UhE~DHUnba1(P^*P1CszOqBOwV)yNVWJzP;f-Bw#$MTT<rGiNq
zab91-A*Ns&x+uqsMd{JV7(6D(_#|%ea}%yb&$GK`d?5L$=^NvsPd`;KrY16G_Pybi
z1=IX|1y>yEBj1QX7{5xMXp4=>$LQxD18+Q+<W*G{hA_M9F6F&XBv-ZYtfxGf7`qbo
zaD^_IB*!0c=={s!8jOU~!o}UCz7FQx=*Jnn!yA{dF=o(iT)jhUQ1#(ZC^Bki<f{FV
zk;fwWrz0aUk>RIYqt{fed3QiCd<hoQN^;O}n)1a%aVXKbDENQki!Uq(BExDwaqCSJ
zi)0&*30&|b)$b;$oZmBHD0Bb)@1_uIQ8tE{pCs(n>ozBb2t2;1Iv<qh7&(1WIghLC
z8Kz$<w>tDs<z<HXv4P6zt1|snw#Tiva`>(~5GQ^ZFB{BaF=gN}$o&376!8{B2Ff+)
zkLo=D0rN6tpbnWnFz;6p87L>`BU1ijL<Y*qT&joigNO{2lZz24zeF6ToUC@n8ade$
z{o9S4Tqg1_8#$TtU)uj$BPY9i6UcWOIr(zY{}q_K=+7YlzVhkpa19O4O(@R>vmI%F
zESQ0E@{LF-=Nc3Yl#}t`%gI+7IrlSYo%0z2cQa*RUUC&;6!CM243v|{AX5G^A_L`Q
z+-N!ZFOf1(PR0$plMiPB5hy3~ol)B19Fw~!Ukk_(IqQ>tQNG^DpEPo=o2U9ufwiul
z2Gcg<Pr>+ec6I?&|5XY_PR1iOr~eBuck#G;0jmExSp7K&=CNo$we8dn?>ZQ0hph59
zjhxJBEA6~%<k)mU+h_r{cx<K&v`O|5nRg8$1LfpWM9Oy}G9Tr;5HCff{0+oK!nm}#
z??O^O%kToQ=4}LLh<=Naw;B0EM&4=UpEdI3M!p8j;CvPx`oKP*{g!RYKphQQC!-*s
ze@q#uL-r79hvN*hQ(lFr{@)JPa!oh#SzzryvxRAgV=!(%oXrNL41M`C8FJcXs>dw{
zHzLx`w-6bam#pXhPr=Mb`9C6Z4JU3NK+Hj8-V=xn)X|{z;6XrrrVP~a5Jw;~?-WG!
zrvh9q^3*=_?;`&cl@Vx%%(0txRv9@qT~HsmKZMAXfqBW=->#<+p)ddWdK~jIRX=mV
zye85H$7byhTm$V|k>k~E7y7b!C-%@LQ?<$V9f?SrpGMTS{w$dOQU3Rc475qU3X$?(
zA*%krg6S*ee?VlQK3V(N2Vgz!IdBM(`hP-X`;z&<i=i+7dF^H%O{v3n(Cb<ucpxI}
zuud5Ivhxh&w8L})BK2QKWS~A-``B9)B2Z4&aVfPdk6<6|@O;<n)c*jh{tryK$dg6?
z12A{dKG#~(bE+R5M4+6^l=cT0Ia%eG8aeqh(52`xBPZV`cKG=T1M`!4-JxhI8dR^>
z`kgWAkQa;2&%o;Q9x(d@^ZpLZKz*`@G>SMdJ=sqNgSDT;zzozUUy77=_?Zp^<>cK+
zDNn=2f+^)(|3d3(AUF;gkJSohpbmK?Qp&lWBm?DS?Qi_-h=Fo4&o3T>pC>U;PF6WT
zV`8A3tn#0M6LkV+S$N#TMxV@ll>aXyC#(EzBPXl;4@OQ_`G-bM=D9}y(+CLEBddNU
zSpDQ$mnzRO`ec>o897<y`9@Awd7+V$xykYt8#$SCHu`xxSkJY&Mu)66A24#V%G-^c
zJX&mW%}hP-{tm3={SH{${YPL1+9I<W>E})(C#(EtV70Ty$X_%1WYynq<YblqGg$3#
zeNL4hHu_|hA2V{Y%6|h^J130%ZKF?C{nJKHR{6U|PF6YB1!Z9UkX0VM$cdetta857
z%RqfH+m`joHAQ*dB75NB!k+}I|D|9ajymOF=A|931Eca=jl9~(YrqWDC+jt_(a4<w
z{^@m@+se$R$D^Fvj9RV%6e3WjLG#i#=4Hx29WsY6mgN#ehQ9LRYZWdpQwHjgXCg9h
zHzEV&WIacI3D$b!b?R0`>U$8XJOUUi@;i)tI#}zIb6WaN`*lWspOM!aIp@6$)F*5G
zJZSV6fq4m_Kb!-r&#S=<%&S4`Z~+ALLsRNBB7OpqcGe&=P)^qV^E8DBl#{iOeV;-E
z%E@s=+8JhiAWszeOfYv*pZEG1BEOqL1j@<uk#^>QhX}VC9f(}ea(xL~%)^vww6hNJ
zUPRjYEn>a!R4Ay<t$+z4=RE=g^O9F1W!?}B(>CSl0KL{+4puwEz<dlCMO+GIpgvj0
zz_mtB*0O&Y%w5!9Z{$xJ`356@%E&i?wGTXN<j)!T7O?h>9bg6?OM})S@5Q*ADFb!L
zV-TZ=Uqxh~oXl%6<<A@DJvePpXB*-`MC$BBWT2ePl=4>*L$ck2^h!j^{~b~5_9R&K
z&wv@YO>RJ>{%q5B<YJM33C#MTKJVqVjot?1&&huW_$$$0L}w7FPfnB_%w3dk1U!H=
zis(MH5jpt^k&ghYeXa+feP$w^L7*M7*3T_qwa+<W0rt~=yODPo{gp<}wFN6h|5YRB
z+U%UW)6O9<1CLAAdyOF&Jk?LGop%fNQ~w??vrzv&aFxiP2QyGk*179TMoylJ{j~GG
zk&}6upghO{4S{yZn~+lew2_n5PxpO#?595YA<^f2hJkW&1yb61%*e^pME-B!5SaQ$
z!FP+C*GH940#6qCXX!8k^~qNurTxuDPA(Gp0V5}uh&)UK2u#R@NNJ}8to1(;toJg_
zR77Ax_K;G49a#1M8m#^2Yg9yFLS{9xJe!Q1%=<UWUp8_w^=bbfz-oUxSjYLjMjvV}
z=(xd+kIiEjFJ06TpBos9-#GTu#DY)l4bAbf%}pKnI%D%#evO*nHVusJCGP!Q=stEf
zEo`a4*Pv7Oq<)q2{zdV57gUjNK=(c{{lS-sr{FuA)lK-0dhfmG+2^-4@5k3PFQ|tv
z>t1jlk9Gde<X6Ve-&ctof6+DnOWGH5e6jnw^8NVY>iOpVFW=tpe+`x@A6Yc{-s}DP
zZQBbS(Ki<ud)`7{uEi;}y`YufZfCC<KX!t6=v4ab5s5v$yMq&-*H+2Ckg~s5M{xW4
z?gc5?q?%H?K#Eeb{Zn?B#@9XPwY=`=quF(rG?{JlcE1Xf<+nRi^5HkZs~X~MwxW~y
zP~{iid0szCvD{}TO3~@N2c;-!_mN^HmSnhJzYC7<ikHV1-hao`3KYXHds68mck)!a
za8})0i&ZYhU%)&U4)AyNxoVw%N}z*dxRW}@Mq7Jpn?JN(@PC?n5}Dkc=B`L~dsK1*
zl;&m<Nl{v_)n>V$Gn`~d3ye!{fYSJV1QXKS6)Gu6b5BC;Hm}&pkmhFocKegb4NzL*
z6CYok=2kCGs-(FqvE81M+yJGyUs_Fy(%cNjZgVD*3~BC(oZYTYZh+F<Od%;s3*4UE
zaQp8_+2++U8PZ_EhBS9&O-j;wt?<X=U7XwrO6#>MIkyL-?C0G?GNidDFLs-EOUaPt
zW}bGNPXm)7&3yu3w|U2x3~9Yq$EH7=p(jIHAd=hwrMX!|Qk3RC0kGTClN(NdM#^?g
z%66@rkEoFISxnm!f!nr*xXpVV4czv011Y!1rflDkvduZ92I}9Y8%Vi*SITxgWqVP|
z_NP;}*Qabho3i~v%Jz>^wtt?oeK2MFc*-{Kr8Ln04|D@5xAijsin;BXF3s(tl<gZ*
zw#!qtZ<lS31lbrbcn{CeikOY@g3mA*c-(Bv@R!OqWjr1~i`BsGCuE!Ll#TIZvuyL3
zQ#Mx8+?JyM!<23PjFmQNkDrxl;Py$`W<Sct`12>(=JTX%j6YeNFiW8R6)D^NO$ZI#
zUzW1X-x|=s{r9A7H_A5W*x9&q(&q=vL;cUE=<8<;x<BBi3|s)IbzWdm!=l9v9b7Z$
z4!1Pa)cJwC?x?PuIkWoy>YFFex;e2mZRRc1s%~gm*wM&r^V*iWrG|8IChVMyrE*{Z
zG_w(FDq(>hE{bwT(|ky(u(}erm}0ZSE!{K|>oJ*iQ>K^SR#AC>L#NZjG;3-LE_ciW
z#tZ}3VBNa24bwZ9mHR52TH?*Ri<2DZ-=ekv4PX|IrJv^WDjeV{GH&8qgL{XLriYw`
zDUA*D9-Q9Z^bjoa5Hw&j;mFBSFKR_5NM>rWlhYhd(UM!PlCfzfV_LB{-(HKAwNMGu
zmd^4QZDKwimQK3cg`^#S(uH|!b3=<RPb90~1ZrDr+vD?_I<V|hyqWdZOK@|`JmU|1
zc9XEAWi|@uY>)s^a?X6PF{Ql$HNgpC39IAI7IP5Vge5G+)Z8==je~8jnWGM2SFbYl
zx)GplHb_m&LTO_b8C%>@bNemu!YxhHP>zoIAbTtBEoC}^M*#`ut)<GHj`Vk@BkXj9
z!_*h%`Jv2lKgb6^2)u6%@@5)=pM3-;I1G5?Ykkfq%efvSU+2qtZ?5tpvP@}cLgl=#
zSN&4MWri!rV!w(kb~xiu`E;`QTx;ZYWF7=z4q}iGP!Z}8HSc_~$QzBk*>D?K%HBbi
zvUeJtWn}STxsd}Cb^DQRAwIaakUGp^-V3#bTyQ<=h`wtJ=^N*@g~-oq3z56FkYl;F
zka{aK_FY>@{kygheb*ME@7hA9r>-r;ejV)y120@BQkF1v=m^4jbu!79=OPK-=yM+V
zCZ9cWna{3HCj0E_q}=C1B*7^@^S}0g*GA$)f6Dn#2f_Kn3XsrC|7Kt4^ecUK`nULe
zp8u>o1n0lhiSu9N+!wrz|NYNpf>cCs_GK#W><c^l!miJh`1;Pi$en$D@PgnW24zC#
z>PO@;%0=JRkI0LR{sgkffxYWZ`h)Y+wxf(8=jq#emUG;dOX|dxOW2i5*w)*5Hvh9@
zo!p8zn{p1ix)R?!mT@|d;=jM5=bEc4(RX!~=Igk+lDw|2M2AhHc}vOcXcF|iaD7k8
z$X&hq*nhTMqVLKj?8+tV8T+me@F6IIE0^fFatXU~3A=I$yK)J;atW8gmik{|xXN&~
zVOFu~*OH}O>c}(k4`B{sP;Ol6$x_er$ucH48hNwfHnNOe9b{>jPO^+w%Z&bVqqCaK
zLL;n2)Z?xrOP^m)W@R8eff!^V5H=vH{zk)_$l}jt!&}JW+g8IblEsH@WGVZ0ve?-{
z7Js_P;?FMfo%n~a2T}9(kR|V4vgAELmb?eav+xh$5Tf?gBV^G(ZsaG(lJ}&MpE7)g
zEdHM*ix20>QuYAG11&GVtf2b+$)eA%UMXi8ogA|GmTNeVEaw;R&(zO+viK7-Txgj0
zZ>lrFa0yv#mKu2(8TVEU733K{R~h|k!_$opHT7IbH{73G$Gvhr5}&iM9h~jNfgCbF
zkU_{rRG;(6_fRV1{~Vw5k@OnRhx&4N+)I6S#~ti*nEDsG?r5D;NA%rsrG7lhrEj?7
ziabWST#pLL7rMS&j-3e39~ozyKeisEeq259gKGp=5BK@({1Leak@gekkI0=r;+ykF
zd@G{9lzjqO%EBbk2gssdMwYTvkR@-Gkyjh}bh6m2HS#*6&t}s$b!{Z|a9*8=-1QA%
zS0}=`v?J{5M8;c>@_PJ3aCJfl5nP?beRg#s<E^WcyL`E;lW9J?IuZR+h;)1|BTIX^
zIuU(WC!+7_B-^*+>O^#0orsRB6Y;^-iS)gC+86!#WYKRVi+(d%?6(>H4x`^mmOikI
zEP0ocrF~bErG3|u<+0&9viPu`EIvFz7MmN$Vsj%|{NF^Dyqn3AcMDnaZY9gHUNrjK
zjQ)0`zr%1BS&qBQ$oG(?U3!dsFIoIKKo)-vlKbNy!XZTU?Fd=)kCR3J1X=V?lBF!C
zjQ$y;f0itDa?a?x>w?&K*9Ecft_$M7yDrGF+;u^Y<*p0D?z$j$+;u_hxa)%Cb=L*a
zch?1BcU_RY?z$j(-E~3whPy6E-*DFjX)kwO5IgR=AndLSV$)q0#HPD0NPE==lXX%@
zmb`Ne*OSH0d~zI>htNnCADYRMx6N>e;ZCyHSw@cgc9xUHpVefsvz9FFwa&=b8-9W;
zHaC#tzRiu~Ykb~B7CW2CVt<R_tz@zDB028o-9|3)dAs2qWU<p_co$iYwTCP=d&qI$
z&R(+kc7QDU2g#y;h#dFzkB~+GI9c>hkVXF_IqvJ9B8&bRvgn^Bi~c!s+}G!e2f?{M
z^F1m(XZw>yKTH;VK6ll7*c_viYjpU#wR&97=;Rxn7+LDJ(8veDl^pmNMVcvGiZoZ)
zLpqGie+W!6r7f6;d9#u76E`x8UtqY9j7;fB$(omX)aS8y+Ea(8Em?I~9XZ4C4`Cr<
z4(`!f;XB_`qMSDW#>jtYm}4MyX!DmMAB*E16nPlw?}f9F;tP)n`&S#j%`o4iQXifa
zo&kS;V&v>ss`Cf3_|G;~`PGJ-437|ha*&cUr7vAgIm+G)T~}|g$@U><O5ZD|4&-@A
z$(a-I51|T?c^^PJoeUjMI8(*}POT`<M@r6w-wewTnfI$mSCXL<6V8;e`pY6`+mbc!
zGa@fSO3suy|F<ZI%^xHEE*UoIDp~XXlyc~>tzHpk+x>zJ{Su^P_2E|{XI~<#{3PYD
za|!aE7M(JrWYzhT$SaVN)dw!G#$&Pm$m&1e<D^acGeUH#p+nZZ#Uf{YleHcBnGy5y
zv!Qa)sf7+%^VW*I4svoP3yZ+_KIzXK;Y_*DdYE$9{4&y&qEinYvf6xJ<ntjXYu@ir
zj=VdO{)6Z=LWit*cZ&|kNPZuWJ~TsztU4SUDQ|<EtbLDTBklA1k{l1I(*Yf__C1b)
zly^c-R+}8_D0h93a&~qEzGF(8{H|qGbe2O-*1UI$4nJe!Z&FjA-~Aj1y_`J!L%0Ev
z@A}bSmPh3)jeLX1p%!?-$oCr#vs|#*AF^CBlzH7-ZTL%uA2<9p!@RDkKR+|fYnjUb
zr(rkFi2wg;<i9qYPe0*X7%5rXy^wO`<zrY@D|NDj^}OJtSjuydlC}Q%NR)Yb?Y&)e
za*>jCEUFhdvIoeStZalPMCSb*(pEAQJYhZV63U^&&nq7hoqVKZy)OJ;qVqD+uaRMg
z;}TizJWV<5@cRF}=&;;mwetg!bBrSEIlhx}<mGkaAB9=puaa>rj#p&0^DB|_R3&R&
z{hD&vS&O`H37<mxw(xq$&yZoW6e(HHcP=}|yu*<WB15MP`^j2HH~v6g0l6E0WQ@I9
z^0FUJkh~nn$m(0E=xjhbMfho?d>5R@s)jyU{h1>=ok$-Po$1gaXMPfZ!0#y1XX^0S
zWR4qd`~e>Ye@o=skZv{X#v&ZI7Iw&5x74GZH<4~9L#GZpWYyvAYt9w;hcFK@2haRj
z=c|Ojh}2zcpaWBZpBSBav?=<oT*8Zu{L_Y48TQ0ZBV;3m+rVYQ{3v0HFzbZdJQnMg
zj}pj~v&`f*Nbe@YPmU*KZEKc+It!3)AwwrDoLLG$coC60yO4g544o`twZnas=O86#
zPQpKg1BlG~2GV~MUJl<f5UI~|oSb<h0KtuW&}Tgl6&*B<<4g`12ziu?j_Z@K<3Uc&
zECV21BRZ8xZzMw}A98Z$WTz6~KHA~;M{XxWhvz#vv)tF=`|gzU94BY8;t}qr9C_Cu
zWf^il;l%D3{La}NY*tV%%-cWZnTGi&kaC_!Zk`Ng{~suFKEAtDm~-LbWE?A9SnGeR
z$l1Q+O!&qy0a1_3DrR1`FFBJAA~-o5*$4hKV$PM6`oDde1NnErU5I41C;J(7=mR<P
zX8c2NeGGE?;QCml69?*%Fz-JiZ6`yAK9DnS!9RpfMAi8$89MA^WG&-YMdw>cU7v&w
z`x`lv6^P*ar}+5;Y|{?ghpgxI&qU6CMb^A5KYd`+qsap~C`bp|w@jGh0gII5;U9t<
z2cYw};I)X9vrbyrHze;6%E8#>pUYs*yJI5f*yh>@3fSd1lP56(+n#yZOb?Sizuw5I
z^EJw$vj(XvFLYRMuDoKWhdPk6uE;v}9v3<5hpaaLD00>hIrCQhLvV9f&o7IcyRuUw
z<g>h<e}0iw|2mPgtYo$C&O7KALQYowI?*qJoSZ547l@qoL{@#4Cnth`2x#U&&c%M;
zzl01q+k&jurfkuPBE5_Z9o9Kn``A??Xa6MY+{2xl%!uHQ3&RV*IAkCP%sO=EEOdBW
zvf5-lQYRnjC&<v@amkq|4}&`{bU1E|Mx_1?NLfc@mYwG{^U^o6_U9WZhtBOt%Y>_t
zmXo2+{y<j!>6Ami4rvV;IxG`eb?66mSjKuXbXZ2R>bS9J1Oy1TAm)Hsc4re6_9t+&
z$XVV_vdF(Fa+c*~BY#cg^!cEXpEi8fu&YlTm;Sr@yaRy1M+rREACQ)kp+o=4I$y1z
z96Ga*-b#i}p0KvveIoaek~3L(2=fuOEKS0nMe63Cu*0?{tDQB}fjowktUj!xT<T<_
z=oBI)XQtsF!e&J3{5{fdkzuDuSndCV=$u2kQ*_v8$a<_-DTkeZMY@*^J0-$u=S`89
zA|+?0;~&CFMD=q384WiMDa<*h&qIYhq^xV|kcW|3AqZscKOUGmqmgnqb$B?k>d-EA
zvXPD?^B=+vL^Aa`hLhRH{wEm@)?yt0mB^7j@Eap{{RcYj88{BkKjvkB<99yE>`UJk
zW;xtFEcE&P-`|To5Aw5Qk%vM)w<EnonEJd&Rh>)8u<s%7S43V6ANGr!<>vYY)L}oF
zf%a$Kef>}#GUTj}T_UIbe>cpwqCV%fBZZ5R-XKgnT!Vmi*ngfCW<TMp)aobKBcKlZ
zMzfKx7CHOIqauG2=_X;?=eh&TTLvBeR;&8Ybq6S~fPA}=bKL>Tt03QH<a<P34f(%_
zoON|fm}P&<@M**E8|DkmTCV<v2OGZJaKvzd;c<qilSlgVwEIQQzO>Njv>N`F;U5_O
ziQ!#_Up4#-!v_rii(!86PRn@Q@LPs|Z}^Pi_YD8Za2o1YZI%f0oVv;IEr#zf%)ZO|
zsYOc8lreb{<>;UMj{Kd%_aLnk=6B?|O`SMWH}--le@NuZkS-PGcjviH{gp`n%E(uf
z;R9`xGdbx-;9QOR&mi3_{5n#14TAn0VXiH~z<Ct)sq+&ubn1n5%yi=_<ntjX>ocf>
zVCH=bDaTyqZ4}nLTmh3h9EbV~bDS7RhJG{j$*S+>TF@U2*(lNHnku{pr+yps$@<K}
z-H$_`>q5ADaOiYE$K8WZ1R&Iiot@CRPwaF;PS$&HHwS|qt{3s3=s$#%_oX~8+kvcp
zE*JT7$jN#Q;(Z;<%k?GxMs(OdWPQH(b<yFPGtUeE0O@zgIM!O|ll54;M7|Dkvd;J1
zGcFv9Ys(xEo%PTm>m2x)$e)0moXJj$@D}CBdk*Po(b)hwS&z%lO6bo<$jK__GeqW{
zfONd@T$J}lGW0h=pR8?EDLU0irwZ?f{$0ZNBE4IfYlbW&!w&l|S?%yM3?7$jaV!&^
zEzlur{jU}suFJviTGP%}=#W)sv*;Xy&JRTAMd*;VjdqF-*X!sJ=5_2B!W_SkkYRrt
z@{+ZF&WO(YNZ%FadNS#9joS`=vX(0>*SKt?gM_&r$YsL(PIn#|$J&9sWbFf2i4NDL
zDH5G7=#aG!+$i#0kdrexI3e66@;$=p|AUmHo<D`OMVRZ`d|LE-pifr+SBcJP_`Fth
z_CklOey$gtKfumcMdtu?$m-`-k#k%jXU+m3Y@;0haQ&k13-kK;V>0UG5Ol~or{ee6
zsn2=BFGS}Ebja$@LDAvbNBmAZ^|>a`F*0l(hdx<t{!!#7ASbKO=O{;Bu9Xx*WZsj|
zA#2`YltYK>CNYvZZz&{0{}lAes$VAZGmw+DU1}*u-n)_BC7gyjpHGIJv(P7NyEKaq
z*NS;Wbk0GCtmnc?(c!u=>qRGkF@UV+!UoaddtIA^IfvqR_<7uP=)3RpUkBp|KM<WR
zq(2ho`bDpbKCc60^>e@I97Os{VXjN_YvJD_eN&jvdj5lq<MLS=S?zovI$UF_KO%Lq
zphMO=97;LrFc0bF%CLDQc_bqA$=XjwiB3LrYD6a&I%L(kTXeXF)qTQTPiY=`B#s4r
zvbOI-BKIICYhPMPIedEp>E}g<*F&=U|Gda!kdsyZvd9Y|C#(F&A}@lRtn#0WoYzva
z%6~~Y`zQRr4v}1nbfWNM7|(7L=9&p*hAYS;F|USAvX*zI$a$?M>#-i89QKzZ{fsdC
z=NjRSNS`FbW*PF5Gtn;?z9BkXC+cO<seleSbB3?OF@pBF*3ckf59wgxVN4lezY2ND
z>T^_d3X$d;zKRU}YUq<yzewcMAt$R3^dtx$7|=Zv+~086aF*d5!@xk!AoOJdLJkyB
z)WCz}!Tz(x<>agI58=m%lyh#?O@^Gu-!JmRNUy*?>Tq7e@+i+Ve2-!G%wO~yjr?k{
zIUcEdh65ee!(@@)g0w=I&%L<KV@*SPtC3F^=CJRcAw#Dg`rM}fEIT=~4*w9`{24ke
z;3bH(*^P7+8TzbOvi7&Hikx*!&g26~giVNA_V1CAmvv9hyc_=zb|F%pE37tOqa4S5
z9cc!9rB0r3CMWv{gDHnj1SunV0aBjZWZst-labehJ~?v^bE4ivo-eG=2IpZr2M-PA
zV81Ibm~;QNl#jwcgr^Xxvk$2&7ns-XA5sn-_J_-8U+l2Wl<zWpqv*5#$(it(VFn`g
z??PHDOn<mdc_UKSKfzCfAEq3~WxJ5|dFj_Eht3+L-y%bYZA4a`f1(^Z-$&}6fk20C
zMAmWmSE5r3AO1{+4%>^YKD+l-V2AG`@cKcUcO!M56+)kF=RPYO4?u`g2XaqX$7<f6
zFfZGRV=i^rMr0im+<Oa<#~>%`^IkXBKwbzrS=;nVZ0ArJVJ%|L5PW8Z@wSroh23Xr
z;71`_PC4}1j(;{fLpkRZ{f7+myP?$Y5B<*>`IihoZuo14HyMu7H`rl2lJ#5|EpoOU
zS<llF%Ha?D&L@TW&VuV#kgtP`=P+%uP05+};va(RGtl`A_z^@c*LvY6kv=ZG7B-(D
z!w%b>oOvJqA^bBU<!oQF+UGb(o4-Z+Yr}5}v;NNrzmN1?VXn2sZQAsZlC>X(q%Af;
zXRNdl`vzH$>pnZcae1FQQS@2I?z24D#Gn6Jp7g^SvBN$?*1ps#@*>E|dcHhPIqZKH
z=|<6+03EXS;b%l=E7IphhiygHKHMepQpm}A-2EaigPg2=_}3z@fSj!U{D;V^ASbK7
zdzJ`4**AF~OP_}!{e*Bn(unYLNO{l6I<JNuvf8f@`E<z1TE@FYUJE%{_4!U1?bJa|
zR)5@mCFC4_-F@YC0E97!IR*Z?cE50cqz{nMX@7tX_G9W${x?RxN#scU_hF#l1O5r+
z;P;UJ%rN)SP8jJ4k<<P=M&~xxryOe*S$z16k*_uKe=~A-?=SlIvmV6G17wl^jp4IK
zCoL_h;|cTr^g7|MAgwUWeYDRpp;hE8%U>BCu2HMUeM9(43~E`3DxXG%9k>^$GjjKg
zSA71C$OrVpd1`e2BzzI%k0a6!M1iNslJ}Q}-JDi*Zp%pOe8un~!|wT^*!lEDN&TmV
zzlC(4FxS_*7?H;%4=3YT9Ivi5@+QMyFuXx{Gt#dMvp!!iyv;Dj1={DhN7iSRZtR8J
zgN&S6kADaii1ckL(n?{j@x^W0$wx}gtj0eCHwS?JBJeCk>coUI;{b%Yh?Ex!>+?f?
zendI_B4^%(e+UmF(uc1i{WKXm6NEE4X+&6!NIAzVvL5RzBIkHT)?<C0a@c$xDI@tL
z(*Gg64e3_lok+P&oij-PLAVF$FUUA<nXq2_{#oR#KeGCHMC4US$?9jGoR8Izkux!u
zVBq~2kIQ#4-24H@nhv>}KS<f9NZwk=$!ha<k#kHVYuVkq9I(SNjjY$Hh1AEfzKqm8
z^Mp=4bja#|2X!Ey4>?(nwOr(lkdyUT+eF?BIa$l~Bg%2C-y!{}=(ItHtjFpRc?aZV
zJ(j!HAn#$w{#kT7p+nZ|)G?7SgPg4XoEG_V$jN&B3doqozC+gW{~D36g_xX)>k)%{
zwh14&uHzKZSqC{;{pa&d*428*$?AU%<;ctDobH(?be@0?S^b|&9mqF8PFDZjGf&7j
zLQdAUdzkvL$>*A%CPQZvbja$@YLRb-oUHzQk#gka8hu|8oh{HIt3N*#`BuouS`R&x
zBQMvhbf4?txGzG7tjGP8<lP22S&w^E@}5Ncrs!;k4q1=OeYF2aq^Cq@2Xx4)^MS~_
zASY{G^_Oc0-&-9>hHtx|L)N_RnJVmeKsJmz;C!T42y<P{QNpW{juz&1teOm)dtj5S
z=YEao%t1O!bb6pe*5lqM^1YCgwXPP5`~c)+t*fU*eh_kUCfbVOo0P-n9;DwA=JV0-
zkm1`Q=#cfe-xK)}$jN%#pNRZ8<YYardtM6r(R6&KEIKEkLslP7Q4SqGU;Pi^50So0
zh7Tv9PgWoPEb>#3lhud*$WQ$<kdxI1Ui)dE&t={7Qs|t84q5wuk?3%JQ9etheks!H
z$k0CreX{y+qsRjo1IX&bEh0~coUA@f7kPik$=cS7MIMHntaY-Ka`?dKpv#2UAYD#|
zKUvTxt3TXF{q;z{C^|XNA*;?~BIol)vikfrk@LDiR-eC3Ic)NKFFzF>4?1M^^A*u~
zAL%cI{{`s*GW_H-39|aYeYANT>A#9j3_4`hc~j(tkdxKV-;2Bma<cl#c^GYSt=G%Q
zIPL`Kkac{HiJZ?8$vQr}=c~{!g`BM8QWN!I^J%2+Gkq|ht+r7P{W9p2)o1q%7COrz
zdqi~jtc9#P?s+WoRzXhIa(zkkt05<Axt<g`pQDg<TypOWz)mgXWbMQ5{Q>yEHEF-Y
zykNdN;GX3|pU=wNvs}3cbng{FXD4)aP#-#TphH%l-8%-5*F#QLpI;OG`H+*<XFf!v
zokqyXTA%J+0vwCac==f|eH)52iwyl{=#%xh+(#V`=`hi0gAQ4BMu^TBq@zTq13F~Y
z87J~i$jRz|iO82hPFDY?h<rKZWUX`e4g>tT8?su_Sq&Ys9&3)s*FsL#c9~B(@;-)i
zf$*o0K1fE{*Fm4Gb~;378PbPDXFYVts`FWqKLI&e%k_DYZ-AVv<=P<fjgXV|J-sa=
z-vl{XeSVR0_<R(pdmawn0sbE4@Od-z$?A`LHv>AaK=xD7*#aH1>ik^fTOlW_&j&>Q
zBIIQC`Av~;gPg4Q;QaiFK5U1atnz@|6Y)8Hhzy+_&>^c2?ioJ(<g@vKqSFN(vg!;M
z`7X%GS|=kYM_#VUJW6!-K!>blanJ2>+#bl?bNe{X1B5A}zZY_{*8hDXKL9ydkF|hu
z9E<BbKOi~>p+nYVEf)D9$jMr7D@A?;a<U%lZz+dOt`Yrr!rw*uqVOin3BE^$|HqM+
ztp5C1bPgchDLN;hLsox&F7lI*lhvPtB0mK=S^fE)$j?Ad)?@vVa`?%$soxi!v(O>y
zvC^=Qex8Gztj8K6a?ZiYnREU6znpT|<hs_M5S?`Bko8)8mB{-;PS#_M6L}bNvL35i
z<os?ZITPa`LoMYvRx{GOMJES3WVJa@<a`f;tTtOjo(DNu>*OKIVUz1@KO#CFbjWIR
zmB{lUC#%iJL>_~jtmn%&MP3LwS@l_l;4uF8pFIVK`<#U&nCEjY`3j#s@+W+bk@?^m
zp$IYP;U7W?Vld(`P)3gWTtyz?^K^2)&voRHKG&14^0|>b%I7vR4~Wo-7({>2p#Fy`
z7yq5l;y(|g{yRU#|5D1uf9IPA0YWXJ`d?2L|C`C;zw<%-Uro9Azn(1qZzPNVTgc-7
zHnRBNMMl47;Jjb?pyA_&PZ>T(#yppyKWr%H81@Vo8ZI$hVR*XXIffezcNku7c%9)5
zhI#!^-#G3obG%mGW0>Qk%8wZ4Sfg@|5z0Kbm3e+D^Sn~#`Jl{azshBXs}0u~o^QB~
zobJ~-pYbZMHT;C(O@_A`-fno8;k||r89rh7jNt&<UwsH0&Na+?RMp|TJ<6qqs|?o~
zt~cClxYIE2b=4-{)luGPc#C1)bE;04VcwUjobT8uA2-bVN0py5%zHqU^WKv8F$|tz
zz9*yd62ldSdB3JQa||~c?l8>zGSy#anD4!)e6!&f4ev0#$1v}qH183^Ck>x9oQ|@p
zewJarr=oJ+2L&;IVwhmK%y6~gI>Yk~^FB!JEHk{;FyBE@olS;$&!TePkLX%Yyw_0P
zYxt1i6Nb+i=6#3e<$FTPxrXx%7m@q>^-yZK$}s2os#9;c*>I=f)rQv_-e{QfZMC_L
ze6jCCm*F162Mr%Le2RRDpZA<$&UIDJ`L42OnD3*goS!==^Bv+KzpQ{T-S8a4jfOi6
zFE_l-@CL)2gQ|VbKb3bF-eZ{aPSrVL_@v>phSSlWL0<e3vJB@Ljv1a{xXdu;b^5+d
zo#FY0+YB!=yw>m&hB?nxn_CU@`Kiix8RlBdDnDfSgyA!W`6VmW4;#)koNu_uaH-)c
z!?lL%4L2L^G`!mIdczwHZ!x^haF^j8!v_r?H+;(QIm7*NPG~*wyIIPf;X=bDhARwD
zH$2C1qu~z2%MGtHyut8h!!H`%VR(<>1BQ<nK56)@;dGq4THY+fd4^+#Cm1d>Ty40{
z@O;B<hL;&$YxoJnn+$I?yxs6F!+Q-MGJL}D8N>XbTgx6coNGAWaFO9s!&QcB4c8lP
zHr#1=wc+)KHyYkzc$?ua!##!%8a{6Ll;LxR`wvLg1K(TJI`Iq_8ZI$hVR*XXIffez
zcNku7c%9)5hBq62(eMt#dkh~ie8lic!)Fbr4@{Of%W$6InBfVA%M4eO5gF>pgM6NE
zxXth~!)pycLC*5?ZZf>p@OHzy4DTfm_VXSxe8TV<!~Bsy)ejraHJop_$Z)CQD#Nvg
z>kT&>?lipG@Or}=4R0~L&2X3D9>WL8^11eL!>0_NGu$8bt@?bwRoOFKXt>01h2iOj
z=NN7@++ldR;dO>L7~X97MY4P@yu<Jw!v_o>F?`bSS;Oh*FKRQ(aGv3q;R%Mz3|AYj
zGd$mLo8e`K*BXAp@Fv4s4R1HR%kW;qhYX)Ee1?qYV=kbND2EN_8qPOdWVqCDmEl^$
z^@f`bcN$)8c)j6`hPN2rX1L36kKu!cj~hN^_?+SX=u=t`d=F09GhAr6#Bhb->4xVR
zZZzCsc)8(qhBp}AZ1_dPI}GnJe8BJ#!zT@&HJpyVpykanoM$*@c!J?F!_|iC49_>*
zW_X$5wT7QCyvguZ!`lt-GQ8LDA;TvOpD`S`G+Fkr;atP{hKmfB8m=;2Yq;KUv*Av|
zs|~L=ywUI$!`lpZ8SXKB(C~4?rwpGn+<$1Y9&!wOh6~Ba!%#v-WT+rt=JRwiA08vj
zAz$wE$Nld?5sxPMSi*$~_>XB?BH*!&3w%sXE^}LfK>f@>ARl}eBJ*<}^Ib37YOf62
zs}VI&kD(ZmT!zT78us`+miF+NEMcz}Z2jAX?Ky}V)ZQHsSbJG_;xh@chsQ4odo5sV
z&%;KM8WTNkHVKz;10jEw|E?4L!>xS6-lJe^kI$oVsY?X)ZyhAoziqI`<I)~(3lsKU
z1Y3Lc*zh3Jp!U8EfwgxW_Ua*{J=|_2?EMqi+FOo|638^Dy;mTx_9|d#3uLs1scXXC
zAHmk%c5L)j-ghKV8B&ImFr?+hG$>&&8~Lq0K3C6kIsAX>AAbYO`j=Pdf9^s5aCuGG
z8<%2_pB0w*rrdwE$L};)du_1S1r6H6P@S;HcaQOxI6wIL6&`0Kg4*Nv7OcIZ+5UU3
zw8vAJ`*?mdrP$-=TeUoZ1hqFm#a<Qc@%b_BU52RkKA&Q5Ido!bO!T<9GR0oSz5eG?
zw8tSs?R_i79-o7=-886w&!yPg0ekDAM0+|`u)O<H?D08yJ>(kHUQdd>>iYuj_tj{R
zALXfk@1@w|bMYe7p$4^gCdFPeUS#KUPuk;0Xlic=@<KJyzKuF?i9zmTxLow$z6%%9
zyApcrAAd=&ppWC;BDR@mIoRLGWfUTuYVhBWWI6H?wHzg4kK-x>-;ub&l!baMi~Gz7
zsqWf~Mp}uy8mPx`OUiNAE%4tB<8enJ>Twsyan&C0#opCQ6Fnq>c#6G458(55R1)nK
zh#vdPXHx8Oj{j62_BvDSZNtFM&&+7=YGd!~DfUic4vH#F1TF7|6nlr-lH<V`WAFPZ
z_G&R$oJd$pw%fK8dmBHMydI4+_70@jE5%%CRUhU3MT)%_+x_=kSl;o*-g_zbIA6KG
z5C8a?9LruN`)WJzP5_wpu0hoH<@faIj<)Yv*lWeM2CcsV(6jcsU{9~V*FstC6{gs0
z9P0nRVXD1RDfSL5@z>~~e=LvMyE(;P=Vf?*T#bnyH_KA&^*o#$|0aqa`(J&Ey=}0^
z&k{6fdGATFSJ8?0gK(j|3yPmaRR6ek0P7Fc?Lr;~pIl)kYVV;Gd%0`;b#!QNlIYRD
z4JrOjfIVKHHK@JEQ|#5l9`n=QO^E8>->2BCfIU2_O$4>~Vv4<HV{fvtw?D<+bl6+n
zM}K}T#a<`u@iTJzH^taHonr5RhyK@xy|+{BwXH>ah`pPQy`d-&vu7YOR7CL}mNpKy
zwY*&8fLw;iQ1L~KyEq2@<2cQItj|vZti8ZUtjEO*fCTC>@cmqJ88;A){59-hETX-s
zh}=heH2~UEm-b@t;e1X5^%x#b(K~bjy(d!iPFz6m<rKX$(Ce!oyq==RFF|wussX!Q
zct`Yf?r<^mcwT5=85#L*t~tE|70@eDCDGw#xSy}DyOu$3xo#k(Ee5`COCQR(fv{{-
zavZP0HutffxgLV%!Diqb>~Sp8p!;%C?3F(4>#^N<Z=&`%2SxWtg!wn)y>jH$p!S$*
z+j8I9TQPq@XT<a~F^*?}S*O<C_UU*J%4Ae~^Om$f)KGlwwc{s_Z5`)%-uP=LTz}1k
zYbTB$4=yUQ|F64lg6CZ~@j7TR)L-&fH&<5%gKCNOabK@G;k^u<n1F<{%8Pl{+%jd#
z4PI<sd+XxG9j&d+V{X62OK!9*95a4waq-xqF%!p+SvY?F_19fHp`^gOb}U4$+C3Pe
z)w+&`mc?=WD&~ULz@0O1zJGH0%sZ;@tiAdE>Z$mN(8<*^Cly^XxqRxR@$7?R7cX7Z
z5ub~+quoy%mH1QVfwBC>`@q<_ix&sR_W3K~u<=nLtyig8WK+?|c>Zryv(=L!^|z~&
zd-^8Mk68&i2Kn`y)YTS=h@SR?3+Zt_X6Kw2(km2udQMWWuXB>uYkN-edf(SMncC;S
z3B7Ve4O$MSwnk54yB?7~vkq9Bef9ZjWK<haNpM4ZduzMj-Ca-qOMSk$cw%vp)BMYQ
ze$Smakm>We?(WUMCuJSfB6cA1UAgUudl1v%WFcZ1BJbsz5uZThz41Xrz6Z*=X%!;h
z$6AfJ8IkW)9Y^GQP-Td1i0cryBJM@xyF*#19Ny#9B6cEfMC?N3cNF*@4d0n5LFD@{
zorrvwh3~5HT@+SsK4KLj?^pP)2jAs5f*3{v#}Mlfmm~5$2fovA1o0dq-$f`voP)R=
zk?#m>LF9V?yuKYr?2kc;pU?C2_vMJ25qBW&MLdI;hm*Gqu^DkA;&#Nnh^G*9aZxKo
zoP)R=aSI|pOFfI|VSwi6n~jK1AoBA^-lv>E<mZMl#A?Jg#7&4@h=&mS55!o7Sc}Nd
zx;7*3K;-9A{M?D3EAca=`H1Tfw<7X$n=m>bKWnK&T#dLDk)LCnLo7lk=RHUx;&Q|;
z#N&wRxOVe7eI4R5L_Q-wgve*v)rg&le2%;qkzeG^N325ZK;-k*Er?x+e13Wy@f>2_
zrO-8@wXLD0sb!(p9&ef7y2zW~@KDpd2G8~W0Dh`?{)P5E+ywoH7h_z;FBE%C_~l{A
z1lzs$E%bkQ7(b(|8oiIjqj(RuE@__c&E;<ss}|04>{zq}!*8JnH{0=>(y*~0-qhSM
zKTzAWsG)U9@}Lj5HZPdse7Pf`I=!LA`5&{^$9WC$h4H4Ag5+_Md6S1}Y3=Y(H7>tj
z8~Cnb+x^LcdW$>wBiWF-0yv$dtf8~5V^QmT{}>{sZb$3=ot>RlT<Fb<w~XrW=C!sw
z#9z@yfZpOIbNf<)xT8Hj4_eTP&+lbl4MFVNShS?MFB=edG_^G^bvCe(;-;EWH4pp6
zUhncG6m@@7%R?8ig*{@1e$QLfX8occ-Xjg|tzLV>V)$0*vF=fU4f8tC&<Jej)&(AZ
z7QMB7sh>44E8gA|pWEEv*Db9#Eof>$7h39p7BsXsv~+kKjcl7h&CJQ(!|ko;<$ee2
zSlZU$Eog1`xMRVRmU--0I1V@GE@5W>An0~WI@)k>OhUZH{7rWcnVMQuG`DGCp!`3n
zk00^w;5jt~ZSA?Abgz&SVT~TUZ~BtC_!V#uKN8;e{tEOy@1b~e6MmvRsnXlV%q8w;
z=e?HrB0Z;j9b@X^#Y<3FvpbQ0ZhSG0j!ubL5YCnkZ^~q^qkV~*N$6p2gjp8qZ*juS
zz~q^?d;Dc}meZXVg{U;=s$Y3*Q|h3<GiRz!%aTQN8~$(hz6LO=>dyDh<b&8uLNdgF
zCe}L_B$Jpx7*GO2n@mDJB!Q3wj0%-WG9l4?nM?#)T={Bhx7jTsQePL_fV6eHv?y!4
zzFoVUL^s7YY>~PayRahbv)H1G)b{CHk@x$Zd(O<sBp~g3yM1rh11IM<zxzM`d%nN!
zz2|gGnRUUCiFAfXS=S@F#E6V~?m-$wDrQ7L<doFYX{SW1tTLKVlL$*F5DqJgUq^3S
zo8awosDj8#EUI?+8_?(>d9-NSrK}aDmf`A*+^x6co{rA-9cE8&yUEMqIwBy`GuLcD
zTi4V2*&r^ByN2<%D9%E@A&8P2yu3`HIm85H7<yXQbp%4a-QgRxx1uD68e33T5I!Lj
zLR+e0r~)cDRumZ?yVT3v6cx0ivv*yKDKbII;9g1%3Qlutce`k<ar1Ck)b-wup5Csm
z&TiCjvn9~eV#-^oFi#}MY!+gS*Rr~rl_KMtf{mR`;oy%eXZ5pg%3oj>cejRG8v|$$
zRdF?uE=Wft0&BD=oZ{YrHY6QVEI6iC7{-#~V!QB~f$nv^?QC7_%w~wR(!|Drc}RJL
zbB@SZhMWm?2{|#p5=CQqMTw~;%>?r76IGKH4hrs98nknnS%djW7duG=*jU-oD$=Jb
z(9^TNv%5*OWo)=$mUW_<O1i7N^S;(5_(22O+as!<QPdVPm$B)<MKrbTxtiyqCAE2F
z#Z_ieZ>R-{fy5QPGs+cuaQ4yAPnqJ6lIhvl(P&nT89x*w{OAjMbUMt*&bTBPX2y8d
zcqwU*BhXN;>k!!%F2g1o^v*`JCD_(wm(LEg@{m%^KVr)UaC|u~uBoJ;Dx;T_xl(=0
zi)*Vdr;z0xx~i8{ndRuu5WXdxorv*~7==WJM}q6Z5CDx*E_%$Kp1``GEU9h5j&-3H
z<csP98rcVR2k-3-_Jqtp2rXFyMq81Fyn1PI?ezI}G#8p$!@**TD$|R4Jyr&x6pag;
z#O`2YYga2PN^@s#2irU;8y;l!nCk-_p&oSJXr4p^!!ZSVSusFEnXag=WzUYfh*Hhm
zT8{#1XR9ce#gXnwWp<4{j$J1D5VOo4d!mlZVWX|HiaN`yii*uD^c(GHliAHyiu95C
zYkC4^wVjTVF^uK*XuwWKv$LaZquCRb;}s4kI#Ct6S$m|9iVm}wQLE?(1=pbk+GyI<
zL&Qr47<I&4D!PWEj-K`KUdPNBFITdpcJ7r3idbENLXLH=K+Gtq@t0kRppZj;U~tph
z+1q1BLyIWl$>!opZfVqsVVhYS>g;CeW!@BHAg4OZ=<6uX;Vd$kscio+JnV_g7G(R~
zV|I0NAb|^Zo2yC%=7Vgo?W+OKXPP;n(8g8b`ic$gE>>*hxR4`KOk@x~RrI8e?$-Ml
zRJQr8J)-2=LmykLwx&ALezUNPW*Q?^RZG!Es|E;F#-Kc!U)&6%B@A(8I~%?yuXF6c
z+leX}slK8=Lyc6UK&E3w6B}!clu;vCE5m`8Z48_9PEk}ZBQ0equ~M`zV^xLQmrL9@
z5_UP>z2r@$WaLI7hT$+TVQ0=h>k<O0o#R;BPP(93-HB0kYow8j%>CGnw4$5%Y|t!4
z{}moGArHc1D3J%@Qo+6$jXwt99L3(JW+dVEO$9XKpMwQ^degzlOVjMYeYh1N^SWFO
zgf1b%XmX5b>&-QTt)jshGdpR+@Px{Wk-H(xmPF@&g`R4#&dTnfmE$6G1tJ(~U;v%W
zcT5Ai0-+XDHiCABFa+YpD#jDa3W;tM^#I1fT0e_1N@Os258}AKJJ5yZejN*9OM66T
zNl>gdAaHCo!;%%N%%)D{C_4$!`{<KL=C8d*(byIYbo6$GdjhOegs+K)iY-8KN%;hA
zlq?U-BU~>QV;pUM##V%bT$TrsIHEHUs|Ru>iS!WToN-0NsE`vQF$Sm!_H>~<1-sF8
zxAutnQxB%WEW0AQy`r{-$FMyJkMhr62aQCRY<)!M#0Vjkj3pc`nCp?47;ASotq-72
z5^2)O&WhzulIsH~%ILaLnlb+B?Cow8<+8fA*347gBW}`zK{DGmW;^F*jIJ2Ohw}{Q
zHHZSvArxBDCNsd0VI)aWc0CN1CL;&&C>Rh9inceXide9NWf&_#_Fx8aE^h5YN6Te-
z>W5!@4XS5MvkbYY{Kb9q7?tWkYxnwAq*u|p?qE=i2}P$H&gCe7ONvVn;*az-?tYgo
zN+`h`8edU=SX*9{cSW85_&6i%<x3{GOE|6whZx6W4%Df}@N7EJL3E<EYsQ!>JdVGd
zj2KU#?lPJ3Ze!|laMs#`7P?W5dst5pM6C|V(z+BLRVBjpqSCvHD$C3sECz<VcC8H0
z#v<ixyZqw&|F+f!6q@kzqxj7MfS5qo9f;sq#Ky2<{v+F=)(%q+P6g3qPixg&SZKkL
zfLxX^e0!4@TE2ll&-zPe>2rLdmTwJsodZt8gXiSuKK}D@8vK_n2U-=tUXTv#afIhf
zsjz(hGzr!TdjZd*-h=%$?Ax$!!txo_tFS+Z{YO}S^Z#Sm5!fMEzCZC-u!ms316u<7
z1nk#f{~PQsSnjvSz4$&4yBYR#u-vctUf4ERo_&&u`*S})?j2YUTMN4kmglH^8g?P<
zO|X35kLRP$g!RB?!cK+dp1N+>1lSnZ4-rScFZeF(zru1a*#7~03ih91UxwxTiG26)
zhp@x2+`Ey_?fw$>yRiFVzYhCV*hgS@!1lpzf!zeV9=02n`<ipliALDZz;aJZJ_}q9
z%XmGG@Z1W#1eVVUZ-M2$$a7%%>@W+Ka+k7S!gUMwI@oEjQ(%)}uY%?C$BSs2xi9l?
zV9&w+3ib`y*I-Y;{tWgQ>=D?*u+PE%E$n}XeH!*4?6+aR0XqQuXRy0rAA;?N{Q|5W
zwypSme-yU?zd7#VdVMP_*A?!9y#tnyRjXl_!j{4o!7hTG59@=?gZ08rhvjxB9;C%J
zaNR@auA1|LC;vGUksQSH!q~;mJeQ3V<{b98hf<Qx{UKgTK-l;!mj;hQh2d|6Oc-(s
zlZa*HU>GNQqf0|M;y76Ha;q1?6DywSLPL3C#Y?q<CssVulZNudif3BWkSA6=^MQsu
zvErFWG~|gDUqljyJh9@Lw>0F570-O9Ay2G$mI)g2#ENHmp&?JKc$Os^^2CZ~Iin#@
ztaz3|8uG-7XZfTdPpo*BT^jPlif6f|Ay2G$mU$ZT#ENI#pdnAJ_^l*i$P+7`^^1l)
zvEo_xXvh;Qp7oN3Jh9?gXKBb2E1vb4hCH$22Y_kF55Ow^8^AQ=i51T_f`&Y?;@N)C
zkSA6=+ZGz~#ESp#Bw@%CE1qo<4S8b4KSvUVJh9>rlY}8pta!F_G~|gD&o+>TJh9^0
zKGKjURy^BI8uG-7e~lyzd1A%CK@x^MvEtbt(~u`tJlkp-^2CZ~J5EEMSn+J*X~+{R
zp6x#kd1A%0Z=fMhta$btG~|gD&pw5QJh9^0-_VdJRy_M68uG-7XFo+lo>=kh!)VA8
zE1vxy4S8b4vu~s!Ppo+Mn>6H!70*7EhCH$2+27KTCssWBVjA+qif2DfL!Mai?89lu
z6DywmJPmnb#d8cmL!Mai93Rk-CssVi4m9M670+=64S8b4bId_Qo>=i5kI;}ORy@Zl
zG~|gD&v6V5d1A$Lj6*}7Sn(YH(2yrqJjX^f<cSr}@e2)kV#RYjMMIug@f>T>kSA6=
z$6++&i51T=8Vz}3#dG{dL!Mai9RJdgCssVid^F^V70>Y?4S8b4bF4^1o>=i5N79fd
zR{XHW6D$6Q8c(eFQH>{7Jjbmx)K9E<j%jJg6DywMT^jPlia(|C#ER!QnTGPjisu-b
zhCH$2IliVLPpo*3y=ll3E1u(W8uG-7=a`*_Jh9?Ao~I#Ctay&~X~+{Ro^t^j^2Cbg
z{D6i$vEn&@pdnAJc+M?o$P+7`^9~yF#ER#fgoZq^;yGWTAy2G$&ShxG6Dywc92)Y(
zisu}NhCH$2IX|KyPpo*(#c0SAE1q*I8uG-7=X{HXJh9?A7o#Chta#4TXvh;Qo^v=F
z^2Cbg{Emh^vEn)ZqajbMc+L%J$P+7`^F|u-#ER#fl7>97;yK@>Ay2IM%^FXvc+OL4
zC{L_-&S7cD6DywcTN?7jis#&yhCH$2IWMLmPpo*(nQ6!qE1vU58uG-7=RBK+Jh9?A
z52qndta#4RX~+{Rp7VDa^2Cbg+@6L!vEn)Jry)<Qc&-W1kSA6=*9&OK6D$6x#uF=^
z>kKrMCssVyAZW-FE1v5UG~|gD|GLH#E1v5bG?XV+Jl8yE$P+7`>mfAci51Va5*qTv
zisw2C4S8b4bB%?DJh9@r{z5~ZSn*t&p&?JKc&^*fkSA6=*K}ye6DvLgm`y8r&g02j
zu$*VpkSA91JZqJPyfSJI%ijv$0L-Y;r4jO%d11dh*cO=8)`~UkK-;YKjdzs=Lt^>3
zR=lfa%!<A~=Hj@w{kuE)>JGmPm@{jh^h}{kYL*@@bz|js%w4fI%?A<2Eb)F)U=|)g
zcglO=PKZn72Oh|E+39epzcFJ{l&_lOMQP2%jQQG!*ORoX{4G03$&UXvfjJm4F-Cmk
z2T+VLDeCv+sNX43zf+@rPYH*BWyFo}PmvNV18#(u<w_Z$ZG3Wr(bE_i*wNUvQF?O7
zD8}Nq!Yo$`yEIJwiciz<G!18J*wpY04SO}5tKobN&(m;$hPf`H!ceH;5)GGYxKhK_
z8m`lDy@pq7c&&!Ho}upBqTx0TcWF4JVXjpuzne6?S;N~k{Gf*WHM~Q^yEOc$hWBWA
zK*Rer{Dg)NX!uDDKds?sH2kcF2Q~b>h7W6aRKrI#{E~)`YxsnQPigpd4WH5QSq-1l
z@Vgp*Ps1N*n3YTA3+L+!CurEE;S>$0X_#|y<u_BqriN!|*sEdAvz6a`4bRhXfrb}p
zxKP6-8ZOsxrG~3DT&LlB4X@VlS`9a8m~&qh<~9v?X*i_e4I1XWR{7nm;q4lJP{aKi
z-l5@L8h%v6do(<t;r$wZLc<3%{G^7T*6=eLepbVS8h&2Ghc!H^;iDRUNyEoAd_u#g
zH2k`T&uI9phR<pET@Amd;SV&-!Gy|-SPgS-r+Al!Q#72W;b|J?yiNHvH9SMZUJd7J
zm~%4acb<j|G`vW|g&Ho=aJhynHC(OXIt|xrc(sPtYPd<mEgI%L$sxyYXj;O11jZ7l
zkips>EWd4~ET2CR)9{%CaRS`w61(7fC8l>iPoPX1Ts}h}o(7lC4Tv-0E|S=UTO{!e
zxO^r+8S3M60ODM@)e`5!<$6E)d2qSLPh0?(>-xmh-6U}#T&~}fFM-Q7d*X7qT&E|l
zgu6jv-iPb)<m=#WmAD=**WJmlhTAXkTDV+aC(nCwO`W&}F4xhC+u#mJ+y(a=5{KY&
zjhr&PKi9>HH^F^c;>~cm{!M;6T&{T&KM40Zi5Zr|67PV^^=!)Qg3C2*;z!|f-I{n0
z+!GQHz<o{P{cyP^O_?X)avhrZ0NisDKM9xX&Ey$It}zoo1DET{#LvQwMV%!c1m^lN
z@$<l3GbUzuxlT;XFi(?s6qxJ5<c|V#4Vd^PV6OWT9|z8rnDOBHF8NcyT+=0f9hmF5
z#AkpDB|Zzx^;+_b6W3^o-v#EnEb)85brOF7%=K6D23)SW5;J~WXC+R6+aj?GF4t4Z
zr@-YJDsdWIuA34wuA3yzgu6vz6E4?8DKi5u*FlNBaCb<|cyqmzd_G*RaT3pi%XLlS
z0=WAnUIdrxm*klST(cxDfy;GD;&QmpNL&e*>yhNE;c^X<nCZcFN8)<8qY|%%%k@R_
zYvFQDk+=yi*Aa=CHm4+RgUj_o@?CJbMo1ij%XLBG4RGI;nCZmzKk}R5a?Ou;J6x{w
z5kCmb_Mf;PnCp4OOf#<G5$^)#x*hSOz-;r0_W*k&9suT=9C@Z6*Wrkt0A@Q+d;pm1
zZNyIkbB&GoX<)9a5i>2>wi7=K%=I(kL13<#5kC*ibu!|^z--TnnXX(9BR&euH8A3r
zfVu8Pd>okVGVuvuu5S@Djk%^p{5mk#v53zAZ<hEhFxRWdp9AI^6*1GB>r%w;0dp;i
z_yb_BKM@;nx#mP13zzFm#7z4qBzD2&dJ=i|y<9^gX5Y(oBVzWw&q~aE;QA1G6E4?;
zh-bj%IuNlJ?oo+z;c~r)JoAKWJjCpKxvoRZzV~&B7s2KF4f#U2T(co&{&1a!xE$_#
z5?8|IdJOq$xLkuFX5Y(o7h>iW*II~I19N?acr7s3REV2^xsF2I0?f4&;#eeO0xZ*m
zeQct{l%;Wir=gs}lvmiL;S>$0X?U83Gc{~#c!q|(8qU>lzJ}*%xIn{;G+e0R5)GGY
zxKhK_8m`lDy@pq7c&&z;G~A-$HVt=aIHchX8s4Pg%^KdW;RiL`ui+gU-lgG3HM~c|
z0~+41;U_eFK*LXJ_-PG4qv2;YJgDL4HGEjZqZ&S{;g>XgT*D_cd`iQwYxs<Y&uaLb
zhTqljdm8>g!v@+KRnB8IoS<QshEp`0rr~KC&eX7};TanCYB*QJ`5K<5;Q|dW(r}@M
zOEg@r;YtlxYq(Cs^%`ES;k6oW(r}B0+ceyz;gE(mXn2!`H*0vih9A^$zlL{cc$bDB
z)$kq-4`_J5hM&;z0S!N?;ionHjE0}p@SujD*YIHtk81d+hF{X~aSfl)@F@+yuHiEp
zKC9t#8h%&9?`il04I60t!{uMY2^wbqs$|%|D$M>wVfL>Ivwv0C)G+&3#j}4^nEk85
z>|YgT|Ee(iSB2TXD$M>>VfL>Ivwu~X{j0+4UlnHmsxbRkh1tI<%>Gqj_OA-Fe^t0m
z!(AE<X?TN%H)(jYhPP|@K@In7c!!2}Y4}kM@6qsphWBgu6KDg|<T5;QA_oRA>9FKu
zB~DBsYa4YAQUZReGl+Oa@h**@MvVK>%z#xmU&D(uT(03d4X@R3n}#=Nc)NyoXn2o?
zpU|-0uMKLv-cRZMk>2m<{fpj@BxrRiO~a;!b2VI`;Svp3Yk0MWTQnTf@MaD7Yxq$O
z>+PQ2zUl3l-d^eLlHUI4?Tp@@#A@X#MZ=jI*6X`oul4$?*HgVd>h(^qUwS>#>x*75
z^zwf|3(qqeeqO^zHGD$DXEgk-hVk$!T(&trSLJ+~hQ--&@I#ZY@ryJp&W@8Z;_Nty
z*J?6t8s4B`adw=P-=Xn)G%U`JlQQD$IEe=}nNbaMA5;|=adw=P=l)NM|3Jgy>^Lct
zhQ>q5m>SO2F!zsAG9?<W*04A`PU;kA$4MO0WHxKKU&D`Tc)y09)UY@^PU;kA$4UH>
zCUZ)|XEpquhPmgJii<cqPU_)4Sc(^C$4P#k#usY1Qp4OkOZjcmusAzT>e;06;_Nud
z@6z}I4Ij`j_v2FfpVzQBJ5K81eqBmNoE<0mcQu}ma+Qor!{Y2XDbM}BlnnP3RCtkw
zxgVI~>omMp!)+QCXU9qX+(TLU<$huc@6qrR8s>guN@h^QqZ$@x$4ULKYy3G4f1u$6
zJi=Bw#o2Mvuc`658Wv~ANtqIj7iY&wUYs2#af>D+&W@A(W{vOHusAzT%Iw#8adw>K
z#o2KZbDuR8esOl3<WFh*Sq+P`<D^V11_a7)iiWvgo8raUaZ-Ms#usW>oE;}+#MyBY
zH)%3m8s4N~adw=P=e}_2z5^N-XU9nyadw=<&ucQ=M^5=Yp<!`$oRoi8<N2zDk{4&k
zNf~i=oWwIU8SYJ|<i*)>QbwE|C$Ts?PU5wiyf`~f^5X0`iMMMqJ2WiLj*~Lt>^O<V
z*>MsNYVzXjILV8%<0O7vlR2khadw=P5ogCqEY6OT*u>yc#aEmiCwXypoW$bnIElsC
zaT1HO<0KYm$4M;Cj+1z^reB;LCwXypoW$bnIElsCaT1HO<0KYm$4M;Cj+6M5reB;L
zCwXypoW$bnIElsCaT1HO<0KYm$4M;Cj+3|$i*YJ_#MyC@7iY&wEY6OTSezXvu{b+U
zVsUny#NzBYi3c?O;_Nudi?ib-7H7vvEY6OTSezXvu{b+UVsUny#N0tug<qT<CwXyp
zoWwIUnS2e4v*V-;_f}MT#MyC@U#s!r>^RAbv*RS*uF34susAzT$~>X*;_Nud4{E$P
zJ5KWA>^O;E*JRFVSezXvWw-~V3colzPV%P4=W1A-9VcbP*>Mt!v*RQdXU9q0qWKkP
z$4P#(#`kMjoE;}+#MyBYi?ib-7H7vvd|2}<&W@A(DUCm?VR3exlo4mgNi5EelQ<J|
zN|h#F4Rb$C#f!7!q<p2ui?ib-FV2pWSezXvG56C{dLGp9E)9#b<D~onjTdLfNnV^C
zC$Ts?PGauSsh(M%A;y@G=3Nbov*RRhU;XI6CPXkj<IqW%dHBnDjWSAI1_<Ipd0}8S
zo)4f8<{X{=c@4!;T-Wt+o{ugnY?QuR!07tU-E2Q2r#=kj!}{uhb$y&S>4w*6J_Ack
zzciPUYr-{#=cD9WAwzw9eosSvbFQ{A|1#{n&S&LxRr;Npif3p_Id~Oct`X?*O~A_l
z96K?-=*GhF{VFi^sc0r3;h#`Hq#PXM5s3@=17_2w@C--l<1-cBi}}H4=X&^_ye{%C
zDlUb?$8`uje4$dz55X~fsA^$-{{T#Vyhihn(8s(~hSzBMtR2A#n-sh_Q4s!R%kbx$
zu#{J(9C9h@2V8aSbznVw`w_lr;21u>fvMvATVUk}(5Qz#m-Y&$y7rFrQ%E70XQ7XB
z)W`QVl|Jg$veRhFv!C;W7Dnl#t7VhXG|PVejp87lb5S4T#k|(_g;0-jz$v5jHM9lp
z3HlnsyEuQ;9?l={Tdq<t;*Nh8SkEEmgPs%o&0LC@kM}LN)8boj{E=h{*RSX@e-<)p
zVcEX2J-k$zuY^Zc&LI}YJzaNgD7g8qo9D?=|8be0;Kh0-*k#PeW!_F4mM_|yVD)~e
z6Tc_whoam0|EMzG-lR&qDa^-Z{^K&wF}QA2TbT=zSdG0XH__PZ|MfDDk6W;_7B@b-
zvNKs0EST@JYsW{QPqE*FL_xQ1r=i!d#A$Zm{v8d+*}Px<ztcV3Lr1TA>V>_pJoM(4
z_wUViEJ&@G^HyA|=fWhH+ZDSww%$?g+g6`iJ>%hg%Pia3?s6}VJ>}b$pC9U)@vv!z
z${r4s?fi_jHxp%N&@fIq)3?TLdfhj`vV`A9oM-pB($`Eb_bg7%OH$nE>H0b4sRfP*
zqtJmQh4Nf|afWrUHXa>4oKlXitb^MylFoA_Jau^Q@rTZAdGB8LP(F5`85@Vx1s=xX
zLi|RD9<H6S(cy}(cT`Ot7cNghstUsqr$T%36v}hOI~kBZglBw6@J{5=;8pLu@Y*Xc
zzB%;%Q%9T&iYo3s8P~dEV?d^75z_OhotkcE{B)yi5C3{A%XT{ZEaUuWOU-Cn)#QTJ
z=VqIBa;-Wv$-DadTmLB6Y5#u9nZ9$9x3VCxAT`_Jn(FF9>aJLvbZVBAKk4j0o&I55
z9$yAV4&)`pryJfy&DNCrC%06tNiM&)peQfKzIM|2>~}Re7ZbYg6Z{*0mB8rStb?0I
z@EAn69MK}`Bk*mA_$MX2bNIF6FP<5C?<x0CA##H8f6^J4G8}Lp3#6V7q`d!*NP{gX
zQ)AQMlq^v_Wtr>Wt1P>I10%UnMH1!6Kgk+x$-cKfaC_?ec08SkXY$cJ8PB&E&->%T
z`H~!;X2)~Gy@+R0`IbmL-*P@1$-m@y5yL(VBoWb(c>XOFMQvnU{F0rXDZ?K3F;D7g
zPs)4mxQD7m9MQ%UvxUL-eAuh;9_~^+Ti>fwHbB^qPwv3j#62Cy%W-Qxwb?(CZbF$T
zUEEMr+fC9icJ5ufBX!UjxNSJF>R4dq=|J82K<!EAkr;oVvL;Z~5Lk9$l1DV{gND((
zd~#*D7@e^Cw&LAMb<H~XxxURv6VDyZ4OVt)t~1-w?OE2~sjBf*R=E}@se*FES-O~k
z^+B-K<7&99XrIsUd+wOI-#L<PWaOT+Qhj@ktjF{F|0rBst%EB@8jOtT4MQmlSGnRF
zmKe9Lsfjc2GiT<Fb8GxYM#%_f&oNaoKb&zqW4a$=b*@<d664073K_rOaJjQ52uG4{
zC?yi+nb#M&EL+UARgW3PEYF>Gg~%B#jW_x`l(#WyvjFciXQsa$PKP|#i0B7qE_e3L
zG(_8C4W-z6(CnSJJgfIKxZ-O(cjm?}PS!5PqdK|L$Ma{;`rxIp#&f&hQ@=Pi%7-xl
z-+v+!R<uj0*nlxJ?Cr#dd9G6S9ub)_@j)n5JVl$vnqA5^&FQ&q*t6=GXXR;6-FZ(f
z3fNau|6tpEaT$gt+D)@*@mYwvj<gqsvJ+wYQ9Np77}Jybq?*kdyBfM&Ua?>wgQelr
zlQ<rh{Nu3HM}9x7;=c_{9pn#a{2^c(^2D4LP|tI)G~|_0;o&DZ)J0c?=Uyp9d17_n
z^}s4T8-SJmF9Op{q@PQD)K8a&GQ?h3hV2KiG~|iZz4R~>EB*yw8p;zZ{wKgHY)3Wz
zWnkW)^2as)pEdrJ#=oKQXMkg18O~q9D*b1HRopKC(@?)MDsArv!F$uCp$xGXmO8%y
zOGBPm#pN%6)x9p4ze@fY$kR{{vEu(0SjBx%<3}|9FtCc_kAc;FM}e<~WjJ4hrJ;Uh
zR2)AIg7=`S{1yUZHB$IpuJP5tGbMi?T;7*DH^O>hd9S^&G~|hIfF;i`(~u`NVadM%
zOGBQx4VHWj0|P^z_!_uQ*n5C^iF_M?8!qMl2v~(@3ox5r^4|l-e<A;U0M>ExKLWl^
z;$Hw$H+8-V%q3XL@byqtPWV|14P}Uxj0wz3<ShUd&Rc-tUGR&5xr|LYevYE}TY=*x
zU(Jg!)I&TCt_9no@s~SmF?wr;qF_&PLt}|Oz_<-NSaU2gZUYBfYKc7`x}=nSR1*|P
zb>sDfC8VnH65;XCtnvFqaMua7xx;0`JyvAGKr4}Oc*cf!+~r7cFSA!gB<TM)H=BqN
zEAz-<X=27ad0=5?(T<oHQFQg+d|D7OF{1g`f3uiH%=q<Ybnu!PzxM>67DUYWy)Rsm
zi$LS|!eCX1m>A>Q$Pb_xaT0xmia~W$A$|_D8|kBKNC9U?#6@b|81=g#>UTxd@4Bep
zx69vOgzJVzc9zQUep}^_3vk`|w_9C=%j@jamErI2${(-6btAuq<!@GEH}Z$iuau$u
z3H1Xmf1io^eLm_phvv#q-oQj-!V1G9*E$>JWuDI<Ar5w6I}q(n5~bMH-Du{Yus~ET
zi{>dfuCDn5J;6CQ--W7&?dK^`?O$3_I%kZms(82>u3on-uPm*tt-Nc=GMqANs9#mJ
zWnmpYfiNkW<Fl0-rJdMn{|<4m7?Q)m)*U7m*1_Hnh7GDiRuz_52S-UTOg{%(Sr~eA
zXoc;H^x)Yj&1Lnlhk+5{kzo_z!E-?x5gvJ8p@+Q+%w@wP{R%zOuh1i_m(ZifMOJeW
z28o4ViG^Q@g<p>r1{r21lf$z4OycP_Hi>0;W)RE!dWlKE<iaYPPb_8T5lfw{w~Ajx
zEc33ASms@chRca%`d1RmJgp{{`s;{qz#o`;SjDd<miJw&@m~ez`|3}_9ndh>;uU{T
z!;BaC$KZ1CM7$raU&9P%ntT92oG8<i;iUWlxC|R*VkJ(LabHUwGJguUjTkZs5+}+u
z2}zkgxPK&NToNbBG<i_+%v<6_W+n{vQa>jeJBgv6!6QzTY1l#DiL(OWihD`SGLXi=
zz!0l=G0Q2>c2uMfWEd}E6|Z?xrU7mtF=VKUSjDTHJoMZFw}u!3j2CgD%y;G^dB%%a
z#fy6BcLUsJV#qLF#427Qz8EdO4eqZgBk`byM>IUD;h$>wpEUe08a|_8K3}K)e7Jag
zFYpiG@;CXL;m(!#Ik*K9e+up`5_6)olvsAj#EG(PSs`VP!d)ftakzI9L!RkRtn#Rl
zJnnl6?&pXhgCr6-QP$;c<RSA2+|NtQIQ=m(<e3-5Dm}kK9`fIX`%PlVFkgrhWt+xp
zlsOCc5HVz!FT_d@%NgI9{|C7HH2j2yMIDqf-_!WN(eQH`KCIzc5`P2k9ElIWWghUp
z49hJNKLfXr_!Ia8QwXclupF53gK!&(A%mX+t2DfaJjnauwoA;gbQ429L1Gp62c*ny
zxPK~Tn9jtB*WwQhuTkeH+^-Tt57U`g>6t-35r1G7!SWj>PBaRM!84qdlCJ^ZBQYma
zU(>KiL-?i4zexU<aK%0i;3?1Va;TGW;deQ_7v(>v;X@L0!o~0QD8q@>Cm^TfuhVcY
zF?2HS1scx<ekEU};Vgy?@=OQfL=XPJh`NS*6$1NUDZ}zctnzUodB{}5EhdJ{G>H=}
z0GL`>%4~#t4>4re<`E}O#~+wYu$0*gSL6|7Oo>%_*e_+i4fk6Tb7IRfN55~t73CRt
z5csdjLl5(lSmiJCfbt`7uZMricqLAxFpSu%12W8`GAWY_o><B7-qgc9TqR}lAw#V0
zb(iGXW)rJ4p<epsM7u*`PFj125gxW-#7Yn4DE|ex+a=~?`OCzRXE`NSeZ*I!49m<O
zi8*=yHZkN2Ay2IO3$afI_!98Mil=|xm*wpz5_5uof*A7UkSA7s%Da+h{UBC-DE(6p
zC;nm&4B!M{CoJ`_{1B`7PLX^ac;ZAk4!MRr{Bl8n@h4_^pGgco^^hl4dS*+0HF#o`
z{-2WkTJXe59zPAoB>uJQq=OX`hIPY%_Lhd_+ktk2#)Ng?zRD=Stb59@ke7a0yp&&-
z73G)t=Rg|KFijO^{1slS;WiC#(C~H*@6hlb4L_mbr!_pN;Zb6w3(av@g<se3ISqfH
z;Vb@rF$SJs#P^F5i|-dD7T+&Qyc%hv-k%lUFG@b7@tZZ=uVL~1qLdfkFG?)FUzGS+
zO<sJzDEXH({*;E#YFK=~DCJ|3W-6R18qU<PmpImr`#cR7YPeFv;`>D@-=y(f8s4Pg
z2Q|D)!vh-T`>-ku;`>FZ|9Oo+s^JqFKBM7xHH-y`uuk#)BI+iM_<m7h@%^I2;`>F3
z#rKO6i|-dDuA@$g*J@aNzbJX}{i4L;`$dVx_lpvX?-wN&-!Dr1w5D@V!{YlzDI>mL
zlvsSfD6#l{QDX7^qQv6+MTt4qP~kT<EWTfqGUEG1iN*Je5{vH_B^KW=N-Vx#lsKg6
z+^k{o{i2i+-!DomzF(ABe7`8M_<m7hJJ&w?uL%)U1F-;0Y4&k!>y$xogvr2P;zIEY
z{ZXpj#+mp{|GdWbvQ++7!KlRViS!kL*Y&-w=|dKV^@%nTzm>kGOXyn{r7zbV316J1
zkK;%^zMJqn4OSV3iRO#2diX-n$M)TXW!J)MjPH}Mx<0no45Kni-(P^x^*srFx$tO$
zXSbsC{XMX*?_K=X4X@Gs7?zl6MRO^+7jcc<-$%*)6J(<A`y4oBR6Je=p~vF{<~3>X
zXo63c*O)FJ!s_~-!4IaXGD_e3Aas4_kQwZ&OxP58jru(Buj?y8n{@%aGD=@2gmis}
zv5vsL!-OD`Je<yj;P5|Ou1b(Vui>{cN+0)c)Ag;zdII}56M`%^yvFd|0S^De-zs=<
zAv(Ui&T%4LRi2-QTnpl&4E52pLWsDKKVbHw60v<Ufw`o?YrOAfsV^UxCKH8|b2nvp
zFWN8Sj~o(-OSj=iffAB3{P|~6pStvA$a&QdxYR|n8$b`=KxU+VsJ4RPdm>8TUqK(g
ztyV_qdpt_t3FxDo2|-TrReaG*gv&CZ@c?e}lv0A<3ewe*)yPNTTnoYjo>Ot^WBFp;
zQ*{H-*a6a|l;F35crUs!{8F@OnjgO-`tduW^H^XsqsmGyIAT>NDK}A_ya~KsCp+<b
zqB<E}=D!6wKddt9zI636e-^*j!m|BmdvmEWUkQ&&2gJfS(A_xZ#psXA{KsYfKYf|+
z=?H)Cg=YRE+j*aF-rNN@Q}UzVi>`}BPlNw<8hVXCb3Pibt`{#}yq<N>_|aGOrb1A^
z?;i{qE^7*LwGwtUYzu4~?C)Z_AiM+izyzLN0{1}_&++a@nMIe8VLR0XyWui2dvNW*
zWv=V@{{V6><N)XO`LKns9E)-8&AIg-+KeI$oU?xbJ3}9&Tq0l`!>)zxg57lm^3iJc
z!;jMO?C;@U*LU>)(7)34dX%0*b>R=}zK3unutS}|WL|>jdI8fn+7yDXhur|XL&|Vo
z|2*soSYgnKU%YtX;>8EhQe6D-A_uP*Fa8_w|GfAvWTs(~d-39{7fax_3H*1s_Q1tG
z0{`np!^C(R_zz{?`wzHxteRB)p(6SJ*nPR@(hOMcvBbTVxTn%bnL5a<hHZjvf#n`c
zAz1FOv>BHBDeZ?HgnbE?16a;ExqlJc&~muklb{~<V`Hbl2ALMzk7*a|9$4<dbO82g
zSnj*@JnSg!ORy(kUx(%XO8=220d33-*mBqq>~`1z*ncmB2Ff1u{CnL%>gC=}S7JsX
zcM3L^ivk~;{}d@O19{1Pwf=uF)d=TW*sd!K?`Ftxe=qLqbrIeDlUL~PO4H&Q=z9tF
z9IOk^N@u{9z&62dhusf52zvsS`(N?d?IPH<ux+p#V0BZ7ADnA!2haVf`lGJvvLA*2
zPyBwA?n_<Yf$%c!(ea%Dt^{@uu0IRQeX`zz{l9I}T*w1hngY1oBkM{{z4Y4x_jmPs
zrT6%K<u?2d@%Vl3F_FIk-1nJ3(7h)LkK&FZOs8PEpBVQJ`(4dE_$i0w9%1auw!`I~
zU;n?D{|x;v_fn%d3YYt&CE)qP4A@0{4gvcgVK(4C+z0JR*yFJ8!DdcITLrrob~EgM
zgxT|Z-sdp<skz3b!dV}4V{qNPw2UQp)Zla2=9QCg^;@yV=;_v&q;vQtn}0g_F|u{A
zLwu9$s`cSZ*chMR;j&27$J_${GvL3wdy>&S_4*rE-s<<q8qH~$chvafus-Cvy6}dF
zsSY}XzL2d?IMRQn@}D&|>_6>}8Y|Aw!ZF5Q_rcF?jCIvj#P#3o+U{>QX1Y_FYuv75
zSr4b-Tj4mDQ{3-!41cqIKVT$6e@V?iLQRuVvv=gSok=c#c1-`%na=E3dcdd2N#}%5
zybD#AzcQt|WN`Etb_Q4&yt~0)YGkY|MMoZ2cEj7ZPN%Z&y(8;)UhUeM9qTcS>=-DE
zgR1z*y>Y+#n)2G)X8cjvBk?W%4aMuSHk3Uwd4s>Dc->bL8myS^=`riFTFV}}+NP2>
z_*&+!`^uyit9!b0T~=M$BN_IEH2Xr*2CHTIy065yxHn8$m$jhmk%jgC^5U{b=GXhm
z=axM(uih%3UiQeGdUyGhvPWilodq#j({E&OT<!@h`DhC{Jm(!cch#J#n8nV#Sgi03
zqVmmg52Zl5#9wS!#UkgcoGyPK)=lQ%_$1%axv54>VPXD5qjM9jRr@}K690GJyVdVX
zcg3uUDO|O!Dz4@`@7_^Uee<@$x#sBOzVG~cq4is9QeM0a7J`AaawWK?R)1kz;(cBB
znOzUWb!{+L{UV8E{)UIUx<ZNDH*YsLe>rZ|&s?jXaBYn-a(}V@QRhg$v2MS!G~Y<v
z`hBmnbhgp#uIY|5a!+S{#pQDL#TyyxGptg?BQLIdz}V?DX1;=?eRExw!{t2Njn_dl
ztc>+Mu?z3m#<-k2CkX-T%({Jv&95Y6%-{4s&8+;KlHYnOrPh+QC4;xlt%~nUHZppA
zF$VJ9>s;8-5bs#KHmx~5uHiWo#iTtZ<MX~aW1(d^9j2Mq>~{K|Gw1J~o>;QE-t3xh
zzL7S>OhNsaAQ!;7hfZB}?+bxfR=ipC{+tWWw_?)WlU6+!x5#NNH(b~Cr5na#SNP-h
zqs!+UEg3AlE6x?`nqn3|TwP-J@A~<t{lodluwzFY{fEp&Th&+CZ#lo8o9uc#&t>QB
z5oe#%aJiU5L&$=pRjdEk&o8=o8y0r#laX-m;lS|~XNulKAuvTg^&zb?toesN>313p
z&;Qyr%{6Jwq_y?i+T&`T|83Qz>hf)crRMrw|3u+uA8(!#Zw;gL;NAJ@vDPqDG|z>L
z4K<pJ;bJ?7=32Pe@}Rj9?pnA#aJ%euDQ*ci-c#J$eP7V*=nR?7oxL4R%&YQ1PYZr^
zo3*X$Is&2I?x5Kc=rMacdV0IMI=e%`CNs3LD`-@AcQ)qL5uu=(^KzFgE3Ub{x^4-_
zn<Yz@=2h^ZXK@Yh5`)88)s?}Hb)gosA<$&Db~FVynAi)UwWF&yM7goo+d4benQcOT
z%(eRhZM{J=xS=r^Z0a!^dYhYr-4Qu)Dzf}(u1Bczq2ClS^|yxPDcR6h6bc2~yBHOz
zp*x5$wFSD@L0hOLAcG~ZB0l0%DSVl=vL~<(5w?HV_BPxNuA)i)#&=b%jm3fD&JLW&
z9B9R%*H<+MTH6+i2-hxIu@XtNL~)H_DUtk$S8J2$U%tF@NzpQ?ueiIdq_u~Mb5&hS
z5cv>*ZSTaN;+jg6m%3XUdPCe%qPi2eGrJMY?xvnxgga!e4<dQnHk!RXK}0ENHn(>7
zgg^ynsqh!Ig_Z@{gLuLGDnFuM8@#tS*wM)Rl;Oq=B58ZoawzR=HmiaN0$#Shs=7B6
zYDF%stf@dMhdRwRgh<?)<*By^*PzO{3b!$NAG5ue*Ab0|p3b)3P>?=xUEg@4gK{ih
zxn|EjtzBJ8hn<dk85EMLfY|v_)GNNCMSiI8w{-TlA&+rOQ>8yjBJRmk$QPQ+tLrM3
zFDt4vaiV&=nV&0iB5)t_EYQ#vgrwAiGtq+`JxpgFm>x+Ib-ibT`|uuirpiD{U3R|r
zHj2Wh2aMqoUj+t`GQsZd&Tf@YOuR^;LUu)T_w+V|_&p#D&w}63)z;eB8d??XW@vGi
zV{x&$yrN`G1&7@7hP#7}p^7GNHvI9rs3B%4A|4cNKqNiwT5SJbvVk8b$||7BXs{c%
zmC3`PO^_xX=92olCCh4&*0tg5QK=K=CrV4xJ11M|UGBeiNpYQ7QKH?evAZ?Y+8Agv
z8#+7Nf`JYt%Z6roaov(Sv$n3LVp*9{tOQw9Ohg8H%+?+|-|<D}dPILE>Pvf|vAfe$
zUpN+3RxZEouHu@Cy1QzZ(nB-amJVcKL?4?1B<Uqo8pTMZ)@B3|SzFzSJlcpROqD6t
zmPp&WF&LU<i0Tq)A$qW5j0l`vquDqY7nzMviWINtXlZR|4Vi(CjaQ<Y<)o->T_<V@
z-qk<?bp?8Q)}z@lds;usf>gVtxY~Eq%{3T*2t2o7p1?@>yE=P1d>yS#Mpt)hdk{kR
zL8vF#*aewx%Fixdwiu2vyH>izi;dZpu(fqIzZ`h^N*nhCyITWo%X-@zg56*cF43GY
ztwehPJ$2n1*}`;ov5`amc6A4vTQ|&_g(l1>L$XC(5b12%EkmI3o*uI&7&2SXv<JI$
z&5*6DN40WAwae^gDb(3%HngtOTO3{!Y9_cgJJ^nTQq<Jc9qj2rxM#1dC}D(Vmmsn*
za-SfxtF;Xw420}P+HTdv^}6B^QqOK|?&xjn1$ira99}C8HVC&W&@J4eF59gNY!tt5
z?X~4@?QOHK_pTFeZLmwY%TWXkm}Q;!2^aNNxHtHk%p3B3O$)<+%p01_vZ^}B+I=R9
zV|SoYWB@x0v~w&AE7^#f46fPK%C0up5kj7g3H!=$e1h1;0R1Q9WTJ?U^M)}yZdp;a
z#AI{MmZpRi!oQ?+dCd~Dk>io@6?v_w6rUQ8y`<8Yg&5VjrJZrGH%LGuiAog`&6>fz
znWo>Qc4snuqLPoPXDaUNf*rx`fQWl{prfg?-Rudpi7|<27nuaC8|?h36fZ)FucCtp
zy!efF1h+)_t<_4js9UW~8|;1;VYDyWn$R$b@+-=ExhSCGH{-;njb&RkDQpYiU2wRQ
zkw@cSQdY6dEM8JmS5aC~TvWG2u=cej%g~@lU%@Cn;;;Uu`~@6C*q)$U0Q!r%qWM`;
zY*yD)tir9#rAuy?KEwVdygKHdHMK?K6@>jycy)~b>XrV=isFgxJ?_d_f6;*s-*bF)
z^fU?&XUB(HORvjF6)maFo8v3UE5=Mg;03-gM$;*9F47)LFa`%D)xq|<&XOQ{{W0M$
zxoo;kcopBuaop39g;71m*=F^UD%lEB_p;7NlaD^LtpP118%kb7xkeF-ghccY7#g7g
z#o%)tdK<gXfP`7sX^PNNhS$|tjCBJ|cvuOqv#YXa4XVyzSiVj+_#C8k^){eaH19!=
zEW05iT=!Tuc%duM%ESrt^r!L5P-iGwf(8S$Y}fRgG>XX%#yd!ZkV)@S*0ftLJ8o1-
z9xWKQ6G1DEiZA*f#C~N*U3Z`fgAMjZXmr@pAbw-^jtg(@CdVjjB5u0RXY!t7njd7k
z-S)2U4v3Mih|PL5X`-2#j&?@2&35a?c8C#U8gzDGINu(gp^?L&ueEujHfzJUMs{BY
z`?IBpSCg2>*rQ7(7X7Jft?iuM$!ka)O((r_P>xBU*aOdCI%6jYHm<y9dmz-<Vq)%q
z{Up@TRg67ln3`HeVH9FUb)dTk6R+w3CIe7xTy@_Zj9r>cBoT|rn88?Nl+<GsHFRPE
zf@y}lDTURTsz*&#5$KvuBs7LcA|bm1NKLzBnx8WB8K;RZ<)hTC>tF&0;8n;dLWy%i
zic+pAq%J!jgl~JQta`S{H8GBejOD^T9O@x-^EOZ$i57#6F&!qwYHrF*?BRwXVph&#
zE4sD<Ss2jou#4cd9qUV2+i=A!a8x-QVtr}158uCyKJF2(&JJ?1@pB3Hy2WaPTi@rB
z>mc_2mgjui<j#(6=g3Oq@B?LgI{NtDyybGuw62=zFKc$+8INbt$G;XIXSC$jXO`y`
zEOuG;{Z<`vA5U6!|A!+<#_{j!*WL2EGu6Hx2Zgg<D9<gkl6|=jYZkwXL-^8tDTiIF
za^FAPx$4AKE_XaeRN}sgGySV(x}ANdfsHMXe{IiW+%j+^cHI3hIHCSeKEx`{@$c^W
zfosZwqEZz|UtWwg;Iwa(?SNSOha-55fnXfo)9n*snLf3EUuhs5dwj06iaEFe?lUJo
z#(<_dSjYj1?NtxE`eLwx<IGOYo|Em!F1p~%_N;3A4HjgloSVL_z%zeqK5@CD5WkA%
zZ}o~_sr)r(zSDF$ODDm1d^~mZ;TFzP+`t)+cU15jA#%B+cjb&)vpN#<7It<W%r))6
zo^)b+$H_Uf>|a069lx$5)*WB)ypnp->0;oI<_>tB{eIg+#^^Wu-%6Ns*mFEpEJh*(
zQDtMninrptG1)~o9{br%n{qzwx}m1nxW_mDQ|n!>7aS>b%)%KmB&CSMk35#s81+GG
z<*%D7Q-1y`mb|Krf}&e~>T)A95XX@i<L96LQ4!X%(KTX`a5UqjYsxn(9j+McO6wnR
z{9>`wKVXz?d!>9uL2Sm{g%`18_DbxH7PNCSQ|8&hP;?R@%-TM<N1PXsM#p0_^0FOA
zr*B4x?6{iNz&T&4*R{~Mz;)wEuOsK8HCbLNaOF(TcD<53es5Z=*^0D_KQgIdpKD!O
zP1((<4g2EOrOj*Dm#{8v*35UCN79UjeP3LcW;N{l^18G+4f`Hkx2vcs&c5lYt+Bp+
zUtExs8MD9@KiN?92kzC|Ko&1>ja(HbPYnC^er-WgE<{UXxdLjduntZWCBqq=PbzFN
zN8<MUrYffTCYcjz5fV$ya@XF8{cCHXcABNvC91{glg>r{pY3y+$4sTo{Pf_lBQt*X
zxN~H>;o3h3hg0O*;Zp*xcPAoufi!bB+oIuOo0AK=CdTl`IBNWcFUINjJA8g;__{fJ
zFwws_Is9AQ;}ZT{&P$a04Kc2SFUDqk;S1lJtfl9sc)W!CSw33X{1wN`SH*PgX!`1g
z_22X8BBhg!Ki;|XDr58d)E(>1$3Btqph(0?iGRN8_7C^W{Nt>w?<J3sk1@U&^UbO8
z8)Ne(m0}b(NiOf(>;A5EI{_p)rj8v!`&&`OeTFYg^2TKN=6}x_Khs#?$jL>~o#}Iq
z%rKS~Eq16R*gc$3kov}yvGJLS<#I<x!@3`g4U=i)RHCZ6u68BdpYZ649lZ}1)^A(?
z`P$!Zum3{YH4Ckr(Ztajm*Lu4Xbl?fLgR+L*cJK<JBt(NE=X-n_7?T~^I{5$vSXg@
z^kaeCSt{DhgPTe@X0;Bsm!d0ReJqU^ZU;)O{Toez;929NE9;oLdQ#NY;Q?bf5GnBY
zyV_lACW|=B^83S`IjFCT@m#?F&rV-mZ+U9-jP#t7R+3}0m3sQ0o#tHA_nBVoI*t3{
zj!`>IvrQ9a{fN^w37fZCU#oKX_JtPuEQ>E@58~Yjf4QS#wJ&#%mHSxETwmMNoEcWz
zV|J;sd(5bIk$d!36kR}`**)h`-?l-yC-R+M7xHlaojG}@oyG!}^$%|%O@C|Eu9;Nj
z7+hqAw?N*#HP-8}hJT$oH*0Qb|MjPr8%Xa4uPf(dLD4HQ-WC0RucKf^c1(c_QAg{9
z<WE4Na?@ito6y11T^En;h-n><n83X!I=NNcUs-V^_GH|e`106{?O(Y0hA%qA1I78f
zJnfU1(snxR-s<qCW+xRm&{)}dxd~kpv?F2J?uv&NGC@SY;+h&&u4S9_rsFN=$(SRt
z?Qv^jt73er??s#oT;H5>qc<sM8Or6^rf*Kq&akqRysktm+x1Pig$r+6$;M{OvHOq%
zcO2of&I$WT*&3d4MEWh<TitK$BeqByyjk=Xa_%G^OrrBn^{6KHo0&`2xI}?Vw&Qce
zxqD{}(tVcIK2(tEYah-mDSLPdpWa#f26OUkA?&;xXZZIG-dbh<?sJHYKt8C}C{lK`
zu;ts*k@i8h!$+LQtj8uOoV&YYP%MvHgXPGx3P&F*7k(#ND4}^ViN00Nixruw=q_*-
zps<LtJ7SlMs65m5H)jrAh)#)Diq<48EkeH@ehl{V=}65)j+9<&cvI8;@l{C>Qcu5*
zICUwpo3Y`4HO?HwKqd9?_O@T=kEWQT<_p_Vq>JVsx}how?U_t!lsVt4POJFL`B&o#
zzMShcr<>VdMq&TRw&Tb|;eRV>O_F~omSK~R;&%H}86~X&J(Pl+UF453d;<gX)10Ly
z1|r#xasGyrHL+c{*)k$+!rjttXHr<EZ~iWpW$1~L@h74LbsmIZrN8sLsLBouf(lXz
zP+}zVI(~5|M+R!|{9V^8O^Y3ooB1YrvG2Z#Ax!|S{VxuArTo76yRMr^{!lFCc^^ub
zcvNY}coXkjFfZ-)JS5xmP*i&!nz%iWYF)?lWhb2rR*WlC-WAzJYn*y}{<6~%4h_Q5
z$31j>uf~;ct8|((%<OF=e+dG!myG9La4clAkLDrO8rYgO#o3o*)E9k;*(v)5z2s5X
zw~RB6Q=^04)E^DMkeVq6{pPT_YD_ua*7ul!J;gJ<9&1=Oe%XsobcaLr?6a!;@VJ1T
zM!BaV_m_*2U4sbMBCjWBI$zf?ykF0Dz3_D}jvX-P4la<XUAi5KyRG!|h=Mh+1z|4z
zs4#!_3d7vRIms1<Ie5u1A4HfBMu+(}5$1XZxeq}eDT&nj%cu8JJ?!<KU*1r#A`64W
zd^Fr>9&;A|axU_3(f+b2iMj8VJ?zMf%dl><eo^!HAKtcaYR;^j#TWwm24>IS^@*H3
zpVMg#%+4A!wz;cxF29AcQ~ro^^mI6jn8sK{!;2|Mkqpb0$X>K+U!-iMS4L(^%t!N*
zX)<9xx{)TEN~f@{Z0k#9kqqDb@@W!}`dNT7VvY_Lr2go+7jW2vH}#vC!`_OQ0HS(m
zZGOiV?Jcy(sNYr~5{t3TS5$c~%`nOx88fmSw^mxQ#>~@6;UJ<7O*6*&eZ#Gf4_W`w
zD&<-oe}@*TV~~B^)pj5ElA2K>6FI=}?|bRiWp)aW@7uIK#U9JDcO5A-)+GN}Yj&f<
zeG5mdz6Gf{x#yh_{Zi4=IpL=64R@q(W;-PoZ_XW^m$=yF#ys)+)A5>#iTUD@59~Lg
zw&8q}bZ5eCo!8rnRNalf=O@D@>4Gz=Jt&=Ocs+IutxkvD5-iV~EP0%sk%SUdkea_}
zvrTzD*|U!=cNG+2iah!K81Edry=A-3;^`Fav~%Ry@!5_s$+$Ud)Trd-WR8N-m4(yg
z<%UTf)rzyN%P^3F$U&yym_F_ew?01zm7?%k0|QxKkMsXSZXZs~7}zUtexG>LMnx}#
z#fh3(UoS{ysgMy2_aHy>?Ho6>7GuEs<Lyz`B6%=Lc#fludFI&K)R@P&@4@+QPuBEg
z-@b(T?is#)uKDiieODQnD$jS{;M@1*`R)V^{aD?S&WS%`uudB-F}K{e{w6bH)!kdS
zCK%1$j2oNnx9+Y^zq`STH?m_l#&~1-9vWVClYe^f;>?)zzkr%o;i&!}=J51L9nZ+k
z`c(FhX8SM#M%q1m^^K!1B;gDe2aeN_C4zOs<t%Vy$A|&)rs$bRON?vM#@HJXzJiRt
zyYV)Y(L8hRA8&0)Fn+trcQ<CGSC1s(BfHHjQ$Nd#)vL_gW7`ul)+hF@y6;0f*ldDi
zxLKxD9Kv%NzRPqHGsq*c-q>shJK6Ba?Slr@N1olu6MOPMwK+Wd=pR<stb^U99FLSc
z7S3D18I*N!=lD9#wZ*vG9k<82e#80cbH)lhwU|3l5Ho;b)ZVYncY8(NePZ>t`EF<F
z-xwoKrX$X{*_s{O_g50v06#4;-tX&s3K@=qU}nv=3&Jg;AQbieg<TNRL_xTA<XaIh
zBl|VHSHoYExH~&`<j*9=tw$ckz+zwgd^dD`9w8gqrTKYC^Yf>MnghM;oQ{w?L{A_8
zMMUn<eD}4!y(0*xh^TX9o2Fy4hVR$#XANukZ+rudS%2vqS<m<R@+~a84X9M{Wyi*M
zOL5{(4Yx^*;K#RWe6xldHM~~CYcza^hHukw9mc)AOp6tgWI8Paxf5hxr6m2xp9-V$
z*W}6~f_)`M<>T|+w`a|rT#2k+kTus|*@HUU_bDNJyKmqt^WBM+|3du>46JxX)Q#K}
zQ8VJx@N5m|YB*cNGc`ONS-Oki@<@_p>63=*r}KCA+Jz1T<|)3t-<$8A>f8ImeD`&}
zy?f{Hye)in#2xWEGFiheq{9#9yK&Ub(fK>GBJ%N4rU7Y%O7GkEC-ZkE*q4!fUWZy)
zHw<pmdOPe7U|)y*H&_#1<~i(r4qu1+J}mbu+yVQ2*t4+TfK7#5C$3Tczk=nSlV6wd
zy-m7He~0)#2iZp0hc!Rk-;`<hR~q;GrsZEiM|gb3b%TPKjN-DJrdK!?`Y@_(ZuGFh
zh0q}O9@;0?PP`5-)nN4m?KY?CaJxjKs;{1?^{AKvJg-?38&NX4RZiKUgN<-_twkGS
zan0;V?CnKw#beMB87E=z;98Sh<ybmLwd`*>SJhz3n3I<s@H)Qfj>}$wt{?psTrTe5
z3a3`(F1GuaKcd%9#Asqw&4*Y6nw)7B6lG1B^Q9sy*RUgaz=xsFin523@IHm*iMPpq
zeLUV)3NkNw<l@C~W8B|ktaCcP^g21L2@imF@5GDX*`D?!SMQg!vE}Zqabhqz(NJi&
zKbBLPuTQfELIs|zhf}<%R>yZR!WkXzIDnk`1QJ5cl7Hs=Q!F>}Jh70-!4Ptg7}25|
z-Mx<;L%b#Og=096>OVMw6XBF=9ns^_0*=3DS#8f^8rt@Qc%OlYeS@VzEsppOw$0z^
z9J$fh-H_-_Wy{;1H8+JVZ*kV#6>NFEICxGpz4wWxHvvuW&W$73U(9#H>5n<<a$`bm
z6`zg2MiG`x;HgDe#xG@3l+0EslPHNyPRpUCZ;~XiOd|-49PImui8~~$+`rAh%GBR_
z9X~td?E5jty_Z`rxZrdpzv(z;eS6sY^Kh!+n8M^i9JF_OTmIYTs?U5{Wvv*9J)SjX
z>>Or_gKIuf<K!`OeXMVYRhh^V(92s3!goWymO344l0~x1HKXW!`d_Ryp7vx{P%m{S
z$F6!M_2F%7F`sf8&F-wK<jDP^CF9>f8+A1FO3{d@k40ne4(Vg;ZXBXr$xG_{xxr-$
zIh=_9u0EWwUXAl^{i_CN-}j7~SL3Rj@Me~n1x5L0>^UC`qB$c4lcVg<<5)s%SpV{&
ztiEp>!t+-eoTYzmd$#t4J*W8CvP3-lJPykfe&qA=@br<#Z13N~z4u7(`@`OiDDPwL
zeg68shiuP3#JzWn3;3yV0mrSw&yZerW|r=@y=URxTW#+yzl!$JF}}S;>Dqb#qT~>X
zY8_k~&-EF@PL_yrUwU7st$ZrN)*+Q!O8Jvf%J=LHs|*9`#{0KQx0*@4yftOyPB9#^
zgAo5I`#$S&pW9>t4s2F88W?jUhH^|A3@45(wY`4<X>hCbzBioyJH~mBOzB=eKdJB2
zw&$|bDO#`>mKGw^^AVl}R9OCb*H#sr!OQA%_RX^O{S1EdxRPfVL@wop^~a+##1jq+
zkJDGE7MBex`y;MTI!ix!v0z2|bCZ~U7)0@8M{KtTw+mxA)Y6e@0#6nAYJt-P<}yte
zr?|qMEVv|rc_?ORghxhpmGV%`(8wf#d2VEAgne`uS}<ZR-FKBTG*MlbIE;#W9R63Z
zk0Xx~Wn3o#GtON0xzf0Q0rFph{6*=P{z@gjRqDM`T@%Uu3_7CLoB6E&_M#(VEMyHB
zR#T+qT;t+sC_LrGbCh;heNk0%WQ4T)nA4m3!$Vi+<l#|kb4^l}D{}3GpTi(~{R<_8
zLmN@RqRYpabp$>ayb$|VT>4x*PJ)j?j0>G&Shm=uhGo0E6J2hr)52iQb#$?*))IC%
zd}2-VV5JGl`bmoPyY;FFXG(53A;RUWduUvt<ouH&a@9&-e1u!8^u<NEE~O9O`t?mg
zov4lH{-lV1e2R3F@$23`)~tKu`8he=tE4+gy7sfld*hK^;ySd_jUEb&9Y1mH@MP?T
zIQxkz1_0`m*)DG~AFJqH?`~gwbf3SwAr7Ob8>%Mj&wlufRXj&;Zb%jnozz32tua)n
zudVIg>crSR+3OK)M6G<L&1WENAH+CNm4R^sK{1|R<FFG?P6fmB2E2EJF=5tqGx;cV
zu_Ig_`Hay~h1H{li&fFU6Kpm_wed(V{lT5krQYk(_2bF@r1nW>a9jRu53gNmu74z@
zKIXQ0Q&dn8Y@yCh|Jv{*)jhPs8ORt8Tzf2V&FR3j^MR?HRQLl^Y67VZ0XM?CC3|o7
zYuWF-{F_L1Lb&=48pfI!|B%-=WU4UlK9<=&Ir9ep&<vgQWqP;d<aG~!m}ub`)uCMf
z&^!*`CdvMH_xWqRPc=8pTQfOIneW<joo3BIVwAeA*I4^@6+FaeDa}T-r#G<H&}ew~
zp4pP~Hm~Jt0YM@=r&Y#yhwx0I?=C|fo@@nD(hp57A1c_Azj(8qZC?Dqv$8GJPyh|#
zeA<2JYVVd`9J<zSBrG=t7HPNG?MvhJ^!CX$1GvOwi1<D4j-1(>zR%4_-`PIdwIo`u
zJJl8I8=B{R$PUcz^C{=<GVQbpD??oTDdl@Bon`x+Ba4lKEejWi*ZRDBBca!Ghw)Eh
zR^ZLRqBrLhJhi}6u$PBVZ+NlgwfZ5yC&lN%&|->xTYR?YHC)L!`gs^-{)RBbA=e5w
z$D3gsioZ_7*J>D>0V_4}X%dg5M!3m<!w0v;;{|8}_R+SRAl-NamrL1>;41oP+hsW>
zVR=&0Yh+Q1oRE9sZ24ZFCt=~@aEkdo?t;ClprUu@`M4Rwo@<YJt~u?QcHT49J%leJ
z*{4L;ha*m3AjKa@t<h^kdrY{Tt9HbB9TGS9(&c<#hUH0YZkS)=NwITNo626>;7JJ=
z^$0&4F6$%BI5;@kA4+>EOZ)LHIVZ(cQQT#C-g53fG*uS&_|Jrk`vqrugDC9_7exxY
zIel~X7NLQ~J#v3Piu=zFW!TN8HAP5>@~+~1XbJ_=5qj5e>~b9O+#N3OI0f9Y%R2>S
zfmaV^P`<~O_wJPOF-2sCReA5bh2?!wIA>LP_in)x5aa+~l{)Q=pEp5*?e@EvN2~y^
zjH>`ulYJhy<w>=Z<t?5D?Mk|kbQ&Gr42hbt&Zs!-3?(7PrV@=@qY$1Uk?Xr!5%G9-
z=z_9sBPqfSjU-DKFJ18_DEGLEv8e%<k6&z;<(|J;?&*qh576JKMhpGzs#uS{U5>iH
zaFI&dGkf!J^7;5u9yM;_d!)A)U5MW}?hPiCuUqgyuFA346;AHmzGU%Q)89Hv3k=Z^
z&a_&iWzM@W=hghwxV)}k`1mMTj;|(<xxT8~#n-XcBzKjWcri-FXO%P2R;-BKhcLKF
zDKd4{&V+s}3s{}%ovA#&rKaALit>Ie&hJU-pMjT}VhdLEHx{@So-AMSN^Ch^mEp=4
z2R58*;FSpW^il7)@tp{;Bb+g8673OX<hVwS2k!ldF`*cvI*!D1WK%fL#LHr8XwzGk
z{#k#UwRWay7r<5iNmY|E0t{EE{_`qd`J4tHs2j$y(G-<5>8FjbBp%x!4tP41tgar|
zr~E30I_$Aot&Bshio?$6!I>P_9*M1r!;_z)+gIEks0mEEE%U~jq0E|q(LI#bFf^@3
z9h!ck0b}cX@zQR<E62U@EVM{i>U9s{!*u)%zl(gtITB|acX=177m@qhR9KHBt*ZP`
zd)0NEpUmIE&zp{uToSPpSG=_vF4C(k<3-d?zR4QqM%|=bBYZDraM6yzxdW%Br$QiS
zdS+~arBd;PHJH0&aCqQUu6@nx#^VGdV|1(!uQMz6uc0d;d{TRrGm<x>`w%R1^hs~#
z2ntiiD1YTXdB(Xa`2wb(;)QJaYMXm#z!{i297sPFxcYP;?R;R$5$A#zM;oojy*VEs
zk*)o)IUj`M=zVc?*f-j`;5GkfdBv7^=(hH@=HzC-Rx>*9_APjC%$NJM`KXh{PP{UP
zH^ngRY4C=9`*Xj>7b6#0x$?!xmn|dymPiU7%YDq+7s@$XlZ#g<7bojtrE{J5>Cb(P
zwW@r}(Yb>^m#<{>yGv)`8ZP7%S2$W;Y)((~=k76QY_{4C``TW>VDp{qE$<KYB{~e~
z#WI|xcWY$$8GViY;J?v_f5>&}Q)W0U{q8=uvmy7f8}Gxl^>|kKE?$@0bGMK0d&M~X
zMJc|b)WZDG>bf!vCf68#N9xQHXZ)SUEjRnx9{a5SSgf)1zV5ci7W&TPZPTFysCI~X
z+{-m=2>Slb;r0B=^6fRsw-nAD%z8X2oOrG&TtA3uUYuS3V)NBg5JyCsFOp8PJWi|a
zn)8({AX<j9Z^l~#rSD*7Jkw~dN&#0sl-&d_M9yP0x09<M%6<ggH^^lg&G(ao-w|*x
zlbdQZ|H%~F@4HwXY)Szs=4#E4xrKKt=msC0LLR-%p{&Q!gbJ(qYVghJ<T=l1UXyC8
zQ9<Yf>6+|Hb2-;I&(%GgKV#c%&Z7F)TDIK%kE-`UNuI1~gW@p${HgsKV!0=0ZjC4T
z=nb3gl*8LndD&ZhxsUO+DZHB)|B#WpzwF`3-HufMKwsI^Bv)+3-ahP?0cQmFPOI4K
z+Ew=Ob;ue%l-zY)!JLIRC(ad*Toycp^`oa)XCVDh#Zzd$(6K+X;3>-Zo^v1%zf=^?
zv)#usj)|N)Iq3CdeMify>zP-R>-VPjy12HQob{c=a7LaVaGZF+_4*v_RrOkpC!u<#
zj7Q6sUp2R~4iyYpjnm+*@f!7F65f+vHD=9uTj{-cM<x3@?aidcC$@%fk^Td>N<Rzz
zf3pMcm*v&u?m;3gyva_rg2j=y%noEHy>j5hPa?@Hvf~Doyh!@F3$~O$m7a#k+{waO
zzonXm^Aq74x~^Zf{1Yt?%}k$^xic$03vZ6N>JY&(dbZqoOhzt)k;{xvH_BhD-*U$c
z2%`4Xp!WCyoHck?KPJZSccM<UY+3p;0$u)&^}Ja>RBa6`a9huN;TCun_%cc=-th--
z!lM*z-IM)ijw2G4me+nhQ$-}IoN%!&6n{OZ#M?@*gAn~@NcS4(c+Bg-1NOdmK74Pe
z;I;BCx7sh|9bewRX6c&Sx3Db5w{G!1(BH7sveU?Wu)pCJt9(mNNyQfLtHkwNa#o^Y
zoSo9Yb*a_hNidr?BadfK;WgWjH9MWx{J2)KxdPX&>2LT|*k5M<);sAhr@0}JV9mas
z*KB|O**Be-fn@~Wu=gC^l$g78?!uKB76aw1-%@7%;`S}&TQX+YQO};7?pu)lo!Ele
z8FLrRMtaw%ZzF2Nw-NrBm>NGml88|g*zCK!lTls@K3%?i;Z4?XtgQx{C4KtL@|?H(
zScQ|l52R!LV>TY`%`TYy%efwL{-fXNz!y9<PN%=v;djQ=6a&P_Kzw=W+qTxu@&^{)
zbjp(D{>@JB1HU}&J(zBd)#i6XkHcSV_?^xgXe)L~J%4wL)bsW7gSwutdk;d-t5>Y&
zUzMJpl)tL$`HA<{U!F#mrSBUXpc*HFa>?jfovA8*7yYwS7T)wr*+IQ|5xS^wN_2W%
zDuz~P+AVKev(fwP@y&MoXHU^Wce>LJO;neje(ZM(-&7es-|VaXv(v}uyc+7L^O|(G
z)ajl4A~N~)#Yrj};RdDi+F#k}@0&f%Kl_?7dZt0eFHgIYUfA0=4TZ!y;ys5KQ+(;Z
zIJ=;DC;!sAOm$!S_L~oRC%5danYrim5%b*J0|lQPhKkXF@<j`8s(<JXnW8NZwSMx<
zqPySDIBCtkDJ$>M!+WjSna`eAw_w2QCJOj<cdCGA_-AKEa_Dqt1{5&<*I!Be&2aob
z>7RZ5nD~DZDo_R|BMqF^GQ+zi`+AoXm6UDECam?@Z48#pL|enU>hw$<_M{*4Tz%S;
zcHT3^J%qiK!fSinM+#pQ;LD2qbD`W4SBx6PW_D+NJriFt*frw&H3`<Y+Ok)RcS*l>
zG<$V?s)0`(W?}ec3q0xL3&iI1fus0BZ8g47TkTCkz12lbYXJXGjlGUF&17qoM_mo#
zz2w!_6T7g4wc2Lo8nU+%FHcvJ`f;u;NBkuXFV(OLKfXhZ+M&ul^rSN|WjNqI7D&Yc
z5#CkBIyc`{O{y81=O0SJdzs<6NV;>H_r;u1pUYUiFKdd{?K=BzN0Q>3K<^gUU!v(Q
zU8z6JG*l55eUtjkBEIMn{4JN@Z@L6O`x1QiCHU!=;IF#`KlKuP>LvKZOYm_M^Jv^(
zL@6qG2w9x!Ey5Dsik3kAy+wG8{|_H5&9n2?<recUQEsOUd)&u7si!?D?jdXhhBDm*
zy9ss|>;c&4VNbxm3+sXc_C{PGs)KEVogmNiPlYh9*_-`T_7DUH`Ho-Bke8!&RdmeL
z=BnYyxIG>xhj{nq<g#)8`+vmdb<V}k!kf3@tDwLCY5vS@c#j}`Uz|tH(Y$-Ho&#wt
z7Uv$ydN|JYN%m!%KE&eLVwW`}ORD@OpMDfPH8?#r-#2)wIMq9pGsB#<bx>3%%-t~C
zMG3q*^2UHGIi72iSamn24`w^^9Cjo|kA*|vO76o_z=`{PL$Xsn;McEBGM3J<{p@k;
zJjS7)EQRJza`h!T<)hN^{dd%x-r1>H4=34UAr6h7$0#`RYvg?HW8Jx5O9_}Fg)uY3
zd&l8<&hBB<zHARZLoUi*ksZjs7i;zpl{*SjzvQvQH~IsN=FXiTJm2>BrF;$`fBbOI
zXR4BX4sTd&c=UpG@NTRJ;8_>s#COQn!B#yM@4aJ}Ag$dy;>`aS6JIM~VTJ+oZ4Q4-
zxBI-aDml^;?ykX7*9bE4*ulHOPf^8Wx6^TAG1}g-ZEh>lFtR(ITYRk^UN<=6+~fRy
z@zpLh&fqt3d@xf>^=Q92Zx)|}iE!f8TgUw|c*J8T$8I;GrawDrkHa(&vk1o;M-?j#
z%JQfmU(_K4VL|BC)*nvdEAj_^=t~$b#&;Na1cvow+h3K_I=Go{#8mMDzIs@LK6K$c
zdk4qC{D*u?@QG1k$*MYiVMFP5HDL&qG1u0VVX1edwX}YJ4j<1P@Ok|Qy3g!W?*<)l
zdaJ6E3wHi!w(a#tvpC&na)>5?OD|DPIN~zqJ*@NAW5@P|etyi(#>GjIEF4b$-|W48
zd{xz%Hheykpm6v|#3M?;b9MqbCxifpuLJ`oClCSzBni-<sGLAB(GVaBiVj)=N^Paq
zfWufzoj|SAX=y3c@#))#c9LkR<q3{59me{@j;4;a4)`eTGp}Q%KG(JPy7yUGIiY>u
znfI^vxqn$%*L|&feeAW@UVE*z*WRbT;F+2(U%W4y&m(0y;9&2_$WD7dZGp3&He<HO
zex(xY0mF2|HJ3(6-DFJl;F5``3++Ac`_}k=B*>W#=j0{+xnplaW`Wu9Zv;xKb|Dq#
za1Q#?t%4U7?oCtKpt%jmr!`%w<4xbueq1}tM}4BI@|OX;EK~5??Dzj?Ki}o#!%EH{
zoM)A*?6p?TE1dN(S<`c$^EMA&55s<T`(5y~KyG}w=Zt^XOz*jC_!7H%FKE7RytS*(
zdv2d6e>rY)3q4bE2CQRgb&vO?yrsWaM|#F5_q~h0eO0lpU2K8=<)h`uaH72j>piCn
zi@bR`V@}^J)_q4#7uxM#y%+x#v&dT8O?%THm>FB>89z(jlo=miT6Gp>M1yl*|F_$E
zN!k$Y5yx+TtTa_yMOew$q2u8dSd0&>-Vg0}VXwk|`U;#`oRF?ve0LX@$Ly)9yG>pJ
z>e}1vN2Ho#T`R2+>U8|9sp?|Y3<s=jU&LO1?2oMGZh(X*Z|sy!V~4xX$&Om_zCYrr
zDQ`lvc@z5XU(8!DebS!AyT=4Zvk#nR_kq*)qHuv}TmzT05H0KL4a;o`A2JAPt@<L)
z5Z+~)_O%(6)%m$jn?2)O?)#d%7n8dVPOE$L=~vKAmvv9w<rr?7Hi8eSWw>MGY37PD
z>%x3Sg@>5MZ*%NfpU7-YWc7zJl(iC9MUT71tnVqP>B;4Tr|<+TobBXyaCdH`6VJn4
zD|VnqJXJpI!8x_h6Z~?{g`<(flYPFuU-tAp6nQ(=Tgn=*e0%AF%Hy#Y@eIvLCpywP
zHfQgX7|3QH$eZcQco<*t#e5_XIqZaA_T6UPb2A^#M0*19x*ls0I>!J$UQrXCxYAt$
z&ngP+cI>Uh#9(|v;9<OD8&<cli@rmb!cyl}cw+DfXaC*kct=&-%Y~oU_If?>@Wdsr
z1s=yUkizd+l_T?>&#HSZxc&O6>I)1U*Wcs8^AWWN6Lwa#<E<5;Sa_oB&5Crq53X)x
zJRFMkxNnZ)@wd+#c`cZAt&?fwqYP~9j&yuzbz8lEh<@~mdYG2~S>;DXJ)fwtNzq52
z%q;Gar@ohc=dH@uf(tWC<vSVda~5OarKo4#q}!~bksJlz?5XVGVo6=kttGgVSmmCj
zC6TwCT#G)!c(14Oc+uNZ@s$|lIPqqBmiAS?9Se_<&X#6^>w5D4iC;naj~PXs#o=h?
z&%HYi*M~!I-4Q~K=}*1z_U;jH^3f8G_{1<(&4Inxf|U#^dTrkZS%JX5L~g>`#OJ&0
zSFr@ndrt)(r@;RU^*m*#dY-bUVmMA3H;V9l4D+BaGl=)7`~OaKWKJ0Gs;Qq}4VZuY
z$48g#?<TBGsHZCW$7?F?$Ah7FYkV2^d#od>9pHIn|Aghf*b(=Rf#c5d1}99A{uJ*m
zKY&8WnqIWJ?^5u=@e<0iwt6b7k%0Aznp<7;o$K}Pd(eG;!2N6E+zJ|ny$bnNOFHL!
z-IE{Ph6}wAO|2~No8z^Jk?P=n)yh~ub)KR`@Wp`DrDk@~!{>XGPy8yYgSpqZNwQp3
zy!3Ko;o;ViN1QVkJ$_qRz;A`GQffzCXVJEKld$rYJAZWD@qD#*SacjKhn<xj^A;|_
zRATAuc_s4}RF=(sHcu;CUG=^OxtJn{gJ-c$&r6WyEcBqk9nMz+kjjqRX4HhQUO7#5
zY>~tJdL3K#AGlf*mD}cf>k_vr`$z&svZ7`9g3U-bjk2YE7}Qj|gPK>8$6Z$)Y)D%<
zN!>NESB6`WYPpAi?atYY<UC8wz=tVVFBxoexWTim+~>FF6xR}WRyb`eIZ98CZ;dt<
zt>(8mtiztD>XFcj_K$rGW8UNo@@IVe`h!2dM%oF=RgKmcjE%~UJ4cT`z!!WoQw&gy
zj3xNev`>1ZGro7TZb)8a!7nG*)&qF2#v|!m^qoJl@ADr{Qxy<=5Z{rObFrslmgn|B
zAeVddkFdINhN6k(_^wVwl{~r)>&XR0+wyaYsw)$6mx^{&CgzW-tCj}Qn8360O-%`Y
zRj97|Zq-a06L<I7=dSv+FxyU_Lf?xu^oyg<jIIpNA6e&yA)mg+vO|-TJ2R38cl66r
zX4DhcclWR#z&Qfi>&K<9`hh(|o}>L;T~B0o`x1G*iOFXZlll|6ml8P_eN+AO)6S&J
z9x3cAPhXxM>scb5;Td24G%JxE>$%;jn>TTHh9ak6c>uO=6gpvV6f7S-ANO-di-oh_
z$nk~qdc%{?h9~uhb1#K+P==>7?RN-2^d;2lsbh@?W*B!Q$M9;*_*<_t<J;F;@=`!W
z_-*qq0|TD)@gA?f1;KTtGZ^z<#NGX9Yy6wJ5-HGYRW)8}KGfg*%-QC@-ihTu>)ChQ
z?aStXU(H?4_=1<xBU!;-kGpFIQ^#yPeLW)2QlXbb)}4$O9gQE!SbWX(@gt8cK9J)a
zQ)JyCb&JlxWKB3N<~qbqPQK8ECi6XUm321VvaT9dKf)>)=Vl)%*pzj3Bp_*6=dp|Z
zuKGaa(7x7K0pAEh^Nk$Um6O5Um>Nq^pB7{loJN?Nv~@lWhpH3Lz9aW}cY<h_Q5%n6
z_7!KonYPyJ3{Y?@dDZ!v3!X8~!KkGu^M!J}n(o0n$APR$?+dwn|2WjXrZ%v~3iOV|
zJ7W=d?F-lSXy*XN_vcS5_%*%~P_Rb}eP8u{?^}Uv-d!s*V=rCCARr@zM_Oq0;}@Qu
zzm)IHV|sDW|JjAy(|k*3`t*(C`|up^^zC=Au1WW-T)A=O=XT#Z^NIU1M{KI_dN!v8
zt_%3r{QKqc&8N@ci#`m$Z}$T;?|#WH#5;I!lgzisJGbOfc8j>^YK=MLpjTL(b6KT2
z@<XlY#(l+E#j)aeaZPc3ace9-A{HMWtIrzL=Go#cD_zcU@>zeRd0+i})pJF5CUJ5P
zfHoyT{@QtpW)^$#^_EfS;3Ju#KXye%pW>X?(`#i(ic<q?F8wh&di)1?HdOe_K~o~n
z(SO|cPW)IG<|=_%cm@*4MV$xI#&29&8^~*2<e9SS?hS$KS}Q!a&crb6rd+;zTkGr*
zGwu!C>$_yzMf<x=XgB`l{#WCBN=w_9ly&FqS?sg=e;WC1VD5Fpt?<~;2fJ?jpx=J6
z(`gzQIiJEkAS{<t0AJv%+*X=%psozl9KPFF;+cEMhi~A`y>WC=ARZpOw9x9En)ib&
zyj59*j|xT5V)ho{wqKJNd)w4#8OGJ_4@;c!-4-k6un0x^Fn*vWJa%Qyo>FT}v}0}-
zUrI?=&9jC_o{r+(S`)~{8(pFKyR5JZ%<ua-_HyLESlMy(rEc<SB$D69dqp&X5`B1c
z$eqI={B&<o0t?sGr{_zjn!gUSp_gzs-*&4z^O-+VdgP1va$QlG%zEB0IA!0bYuUxv
z?UD;SJNFXrOtln+cJaiZJ*>q&OI}<1HgDIR&XtU<Hh3!OUdy{Zk=GXQ_nqoMs$Eu@
zC)VS0$8HCGIaZl>iWU9n<>iq8=22F!8U<hU1$!sV_eIoV&t+e{CzQWH?qe85Uh)JN
zWXn<GzJ}3f2X8lHirx<Xnp;`18m8L&8LSk|$;%!cY`H!ep<=Tq()l$@HH}2(c`NwJ
zbrOslV?_hoxOMDs9D6kv!WL@;c|RC6e%3M-XM8X2oi*Xi@w0Do8Ek4h9glUv+DSM6
zQxpU?pUh5{<<S1*JsS4Gvua$6W2p4J-ucGAU?dS3i3NXd)(ZyIha4~aFyqM2!S_0P
z##eqMBZ)IU?BKg~DyJ*?)36~gkyZIx-m{@(26b--Cyih(F?R%6d#cdGTkrTtk5fo&
z$Lk5!^~fmW^k>+*h2crhCu-PXg~xnyDVb#DM;K4KftY#aRK6X2DgD*unA~O7gaaYj
zf?yw<T41okS$O<{>a4{#-tZsabYLBG&kxs#aO`|lWDm!Xz})y%>x?1Qo~dvaI$WNQ
za8~MhigpjjoB3&H)Ymo97G>Mlmc>Vhof_{M(TATAc`iHM8tDmUefG0&de5W>EIgHh
zjxS)HJK-C#`e)ztt^8?d{DSdnb~!#a<<h)D``a@dHh-c9DY$sXFOVy1{3Si;G*>im
z4ECiocu8<z|H`jpE%CmYzW(1sVYhFxC+&6KmC5qox_H8R><6^+{(h8e#&PvE*qgn4
zBsTN8>n)!isT^70TYN;f;~E@x;VqCg!N^GG`-}3fg}W!s-aGbs=X)I=Z*z8#x#J^z
zD@!e0Vu?mux2(aM;n$-j*!g4g?z&|x&E714nRFF*4E2Q&$qnrFak2AA*RAW~M|Lf(
z(t^(I=10hI_VFKA7%}UTpF^|Pi1`~X#v1i6GqE!Mk7|g1us^v2!(LGJ#{0&Z>-b0b
z9ywZ6Hy-44CHM0kw1y=+OYAQ>XnD?d;bWw7mJeF#ZoKS;vA$VWU!{`@ZYE<xv-ZT#
zr-x={);$cX&?NgMz=tI+c7<O`-h4R2!i8SJ_O9P~IgZorz0Ug?YrVls8G#dvV}(pN
z*ZHUc7Fsh;UG2%<P@IX&Cc7q@S&`u>s4dRio8}1|K^UJa;G2S{;NeB%ORtQTF;X;e
zbocVnGP;cfei<vuERJKZW>&0sY_adR79K~~%@+maHM?if4ZRk8mFA`aM>L&bbKvH~
zErfH|^RZxD|FZ9BL8Js@(V_zB-Z7R9L<{n=he>6D7^zhY;=5yhZOk)>%U+a+&1aMB
z4`rxtKVT_^yD*~uV6Oe`0DS5PBMX-s#xR@PR}N@x@C0)+TrO$H^X}LsxwJvt$y}FG
zIUHT+GUyLd|3VT=WS7c=SBP15&)1cU!Y5avaSWqQJKm$jmUe>a^TXAT!MSzMv7vK^
z=8L}S%ZZJF=keG??oQ{eKu&Q9zMEQAv~JCwbbxjEo{??h-m}kV**1G<^JzIv_Kt8&
z+*D4`qQFk&d=4!*;KkvqKKxjXc4|>R?LB+U3A}-8>|JoRdm6p#V+U5w4B-uwjCG#8
zCw&#`JTGS~y|B*jF2pSNvGi(?fGJn~wb=ZO2i)uYp~7yjeSHrw3Hru9*87_h->F-$
zYvrnvZ_Isi*w<`*Ilg=B+0^SD-}m#(b^h*@k?~TIJ-+LXA9xj`&E39=xaXgdR@{Rx
z=vI__UM=j7mc_bOYWcdg77f3g**zbhD_iHAd&HM9&lCTLaZC8qWPyl!v>EIj*_e6v
zG~Q;$70r-q^^9*#Zy<8#czziG^OYI+6w>+jb$;3K>l~aK=S0J-y2kMOoCBCB-8CNz
z5p#F@_D=GQ$F{cV@$MyeTK~}K6fW3$Rc!R5cu_qkWZm-Ue7u3>@I~I>%wbXNsK915
z-h=Ue3D4U&^t^b6%fTVnA9p(Ik2}@+<4(2yxYJmFly8>qtZ=?rx)U9gz3#vyD%iE}
zJe6D<GFRURJ->~X6>qzowl;z9f8q-c#hDmXR(#%rr{LbLc_F9xYkU@-7CIQKM)ea5
zS{((;I9b8V?y4il9uJ}{@veu8+>hD?0=>&0ig!)MYuE0rw0Fg1Y1N^ryU^Bp{oK(S
zD+~3;J^1NB*D$}3gf|2Z%avW9msogwdPG~-3r-Bm7!!58E_vnQd6Zf!k5=O>rcF)5
zr>$`o>k=zx9mw<Fw0Oc*Zd*!@#qcCG{8)9-HfavAV{<r<sqjRq^ZU5;bgCRj$=_1L
z9B0-6obAO~*?LmJhek@iJkR(xLNy*8ba2J0GLiRucJRx|joQHlBXrxT7)9b{IohdU
z?HKD4c*AQ_cN8T%eM_=zc*7oJ_J@W^8d%HD_OOhYu*|AU%>8C&@Q>~?G20$Gw94xF
zqhysbdDQlrT6KO7o(9v-e#YpmLGru~Lw}HghQ{Mj^O_2-bE}(KZK{cl-A6u{QQzfp
zjwX4JG3K8aeZ^&1v*>8*#5){#!!Vk8**|YVaUwb+EaM3_NICn_ZEJjZI}&Y7o!m3n
zJ>WbE>z;jJ#PZTf2k@bQHP{H|McbOYpCdN=Qx?(8y&rvM|0dzw{edJ|apAK;cE1rj
zEpkOa$iDM#nXF@X;8OY6D`yMmI9!zQ+WliRylKL9m`mDQD?-z{F_O74^t%Hw?7Z55
z=5XjNzCe;FE$@Cz^-~Aq<BO`T9BWwr@W5zXzk$(v*~V_HEGx=P9%f%Zme-G5TU1tT
zvA<Z4@j<4OAJ#(?b5AIRFa!He`uynOs`t%&%j%BiM8cuIZY%(m{VYc<0F5XJ6@)_5
z($Rp|oE=lwiQQBIcb)xB-@&Xgk&gF#kKIv;cVVos&&lZEC45Yj)s>ZQSK1BdKmR|<
ziV7p@RA4Xrsac+AAqG1|p1#l9hQ3oXJSaxa>;ArrTIH?Gn2z78R>|Tn(>gp-U563+
zI&_rXBRwd<evS|DsQ5ts|47`9SDK3otwPn74)*(^g;*ahnvr(^eaqORxC!IiWoV&+
zxtmAc9;hrV8WpK_iX7d>x{Pj14nixap8Qm9agl8mBR!FASd_B+Q0JS_PXC%Q%;EU;
zUQXz7eQ^-C$8PtCle*nw-t=h4?u4{^jQK<M8mrOn@$9_gGWMP|b>b8BWk0WWD+k{V
z31E`-Veg*leWAYWyzh;6gKz=jv*lQt-RB$}D(>vCc-KA|c)~Cmh;&A?t)4Ma?}Gup
zvpO~~wx~m{9`xY*l4J98XFP7we5MttuCx{}7*pgf{Y9!@w=n2+jm{pcwR+SNiapq7
z{p?9q4H$zM$BXN{b4kbL^fxmG9WQ5Eu|0Sb!9L_Q1)jWPnQopu<`7OHHq>(v^XjSt
zu`_>|o_pYPzH26bd5mtxEm0o($oV!gjvO0=!dJWZ6RdFP`?=(JZ^rRPI=uFU8>xPI
z!14C##~T>pIJL3XMc?$_VISB?{b^l%r2Vu`D@O8B(82Q~<T2fwzP_`;xVxmV=M-)R
ze9EUiq|@R}y!!ouD0)Sw*f^_ypYG;)*%#bBj1SWImFGtsi)i&51$>ewPXnTfqOvz|
zKjLFF+$?gHRax>02cE8!EzQB&Sq`q3fbR`_Wc_sEUi;JCye#a?06Y8wr|fa)o(vzJ
zQJr#lbJ&5lu*;XYu{SaCY+^!xBKuNe{6)N%IyRoT&KW%8<a2e;UEf-WU$n3$XZbP~
zdZwl!<uS1?+?IbZ-g<8L?*f6#`~?F1!m0F(Z>nD89?Ln3F(qBm9~{lHYcJXE55~M>
z3c7yjd*d_ySVVVVB)WyO$M)>I94idD8}iVm@!~KRi6*(j;WzPo1^whMCv7}`nQA4j
z&A&O82-bwJ!yQ(Sj;4xF@^d99<gPTL4fagJ(aBm6cHrW&%<!NvANz10JAtrQWqs$9
zH(9t}4@ff{<WL{=?e2&2g>UQ)Pdpo*&>zme6du37YnS~LN6kw%`vcd`_pO&#@sjsl
zt({^$2hRiXjRI^NLwA#g6CksfrHlVEZAmrGWXa6pYCd?ADwHL^u-ujLkPFukJ{44i
zfdj_UGq1(-CU@*pfdK-_j9SLc%4iV-=HpTCWqdE;V!B)7QTLt~4JR{qub)bMMCSC1
zr!9V%7Qf&zYhIDpeQ|(Wj84aQ{!XGDyyV4tuJ?2~D0PoI*y}lM@q-vnV;%IMU_jZp
zHhz)ca<IoGxBK;h$iW!CtR5=BmvQIDX7C#w$z#Vi7!;v~a_7!s0cN#5R;TZbp;ohs
zP&=zDc!8M<0)zTbdz~J?V&bj{t1tCqaJm=IcIKzmRby!j+mo<5hfywH3)}5kj63o!
zyakIlz_fQ$57y%YvpAOIw>(Zvbl!1&0AD)BI~&-u9k71-DR#MH?LAa+U}{?Yr=OJ0
z!KgWX@^)WEoBg3%{YBPTc2y2W3HUle##Y>(%AKnPJrQ0U@7n8V(K0+go;F?vOuUcY
zgI9OLYqu2zmZ#(E5vsEA{wq#x6hA-kn;$ICpNf|ku+J**$z{d(0Eu%P?y&v2teZEF
z%AREJZ;}~X;?q`Hk&AYmyX3>U>xds)wIp#0FXgAN?O2<@K!Id5!4rW?prhtk``QF=
z>ZB_ZYu-ucTf)Ej!5wz)`0)dLXZFdp{3dU*%AU(w#k<TvGMZSkKkdD+)%D14tYtW=
zQS;`@JVK7DvJ4BgfwYTh7;w<Th7$NS$5yXRfWxoqq+ww$N{lrphO?2_7CYA_B8l@^
zJ31PxZ^y$3_W^n|k?gfA%Yqw|S5hRgmmd|X)z^vJ?R8>#KX|Bbrpr47{Pr)~D4%0T
z5~*&01J)WYI^T}7S6b1hxGgl}E7-R?OzpK?=7}e8N}qCC1@2w3F|KB}k?*=22axgJ
z-8g!;6N*-!+wbKMdN`4Tx4U}>BGnl?U}%NYRBNj~7f(JF!A1u8&_eLR;nF=I4q71B
zdNIFH{R6%>c!aA^PAa_c@$*o))5^NqMc;)ZMP-u0`B<bZ);q>JGsdy+JAs|vKD_My
zs69r6FXvxkBnzLsonv>$5>_(4P)hIAB8<fFg;M;_D91NC@!eNnMX9F>OOD(bhq|kC
zazou^jjU3)J#6f|6#TM#Ni&_9?kW`O4c~Q4*4uzO$WKuRyE*!Ha#>cEJl>1GPy6La
z#K%H_Z}UjhQUISvD|6yp^!2@x4Da&=CMLs#PZme730#~gy1iD-ofNDCd*Ku}684fG
zz5Mp;uf5mv@$sylQa;Y~?C*Nj-bXRBHxWCVn9-k@ekn1H_qTW=Qj>_D$+$dB?s6DZ
zuXo271)e2=`NNilo${(L*Qq|FZ#M=`(Ev`Q_H0v3BY`#j=}|BCEQ}UvVC)P1n3_cK
zurnG9M<Ugc6HXTAe7>+-r7Bxqo0xYD<_kP)>b))vGj$!-@?L@GH8Xp|v9sYB{o(1C
z!qZR%&H!NWI13N&VhL;sxQxw}*R&?a_J?!quCEiXKD-uv+e#$o7S6`Wi+IW5HY<9#
zzGs&Gxtr;+aM%im)FJdIi;69C6`y#54~{Jw9XV|EHee~O;w=w948uvYV{aX6!wbT^
zVc~NDHDN3H=q2lBt4r<avJzI%H{01SImwB4#&@*UO{6|-1vkwM9-Ju~X0aA=o^1h-
z=Fl|oywKv;O&%{gY`u7W?8O`K+Qn4t?~Qx3&&otQ>ki*qv-a@#-sPiWVN0IlMh;`Y
z<l)n=)QygZb7MUbX_*IoGxGb24tLM&j=lJY;={N#spZgUXVKw#)@?JF2j<O}N4}9x
z+QweIP<$9Wm)=2--{TyGV;p;NEUmHB<*<(Vypr)bQ6wCQ<LUhPzEcPbWYj0J&SbQP
zC)fAjO^FhIz6Z}q!>VUF*qaym2rtXv1!g?`#Ph@$p2w<@uf0ZfEgs|rcZY+$Zrj?E
zu^->$y@<6hY$8H6t}oy7*6ahNGee)d=IWx(*o&pbofTeBQRn-={%t4qsl}uBK7uQ*
zv*@+_oDr&9!D#n<j7j%q2eT$P$AAm8;xDlGk;TC~qi%Vuux$QIj5&7}4^pp9Zn+Cf
zqo_w(?~V%wub1<QLp*gCI==82y!i2&{Z&>snapUXY(Yg+zF^gav-UlbOq6XS<J$Ey
z)@8X?qrFATnAnWS@n{%jTbo%QzP8D`qo+QcYwsGhuw-C`uW^nAdmne>u5qp0QrvP5
z%4$sTg;BwGM@g}<cXyuWz0UV9*!7;=xP!;X`~Gs@c6Wnc-RPpjIO*lf7B2p~YfzG4
z#t2D*Yqn9eQ>P?O6V3l19=<vjzILTF7_Dr{5hiwJkGjomf|!`upA*EJ&geXM;`xGe
z&(7kyT_#ua_wo_(o(%i<Qk-YRtSe`&V-MDnc@EI=hR0N-tGL+2Hj0<m)KTbpk?2s9
zj{RM4+5PX_-o%`<iP`;$S(g$sISzO;ttOFQpD1WeU?XhwIJQMwi5sm%7}t9}p5XU{
z?ET!uR=CJHd@ReyFu09(dF;;OCUh1x;S!k?mTCRPO~L(TPJgjLq8>fro;NFeQ_xrH
z1YnBd!4xKzn1tgBq{ZQLE`>hhrkcd0z-}v1a{f?j_~!ba_L`oZ@tz&{9)KDLOwPhy
zw+mSMx-sf)4Nt5OPrx`~RIF#~fQt?`eV@8p(yc^pUoWm@=9r6W>piyT!n(mJSYb8a
z#@i6s%*Q($4*r5S(y^)jdb@5S7OJPWG1j}$3eS^cT=VHwm7ODIA-7P@m{4vv{#%JW
ztLw8^c>Y`~Es(`~1Fn#g{7K9Di#jH6$g@*fANY0Tu#<+Bn2f$Wzi^plB_b?jG?tix
zCk}xFu|&w~&9o9ztgyAr!q*-W(VFm-{7E*64{=Sm!fsuorjgLzG!&a3$BOnRrt~Kw
z{fWu_iM%xz&~_tJeusz8;p})gPgWN2BZcAY8t9YqKPx((9P7V)9Fwu*`Tr0PXP5SM
zTj4w`Q=YyY3+K9{+gLd7&^Hh{zW_6l<Tb&>ORZg~KKpX-nU2f7BZ^y9HlEAkvo7J`
z_2K!bi+K2^Sa_-xE^uoxJ1f#Lx&CIB!U{(m8VZX6B9tVo#E3XH(uXH&*@m#wI463%
z!t(s7_|vUj(c>xO&n!NUy2bEd=_C}PSB+PbMVOK-0?QQGuj>K+5TSePIsP>in<bG}
z>!f1ufKt2q9VQ+wiG^=U#zW2Ail|mNzs?sA&yV#K$i44fw)-_DSFthHGifUv)eB&!
zt?mtyHagU>R!Nq<9ovq2wH~#y6Aj5NL#I=fP8RB&4mJmDR7KsP^3V9t4h~_}Jlnls
zaGMT3>~U8LYQmEaee=*ixm_*#IezAF4;M^;z4(V~g8T62_J-%24bScm&$<+zi7rdV
zO9R$K&e-3)96Z0q?jFvsKeT7p=#ZS*^{IT$uF-$vT`qkp+>38r>J!p~v8#>mMGbf6
z+98}rtkakH@(%d+-ss^(R-covxrBl1{4^`<b?Pu$b}%c$`O=i0{2F{SoSy?79a_*W
zb-O0Z{VWuoA7b=)%6_b)_Lj@LW6pQFc)xJ^e0g_l6$S+mEKHcA?Lli2+)IJyhj@1L
z<}jz;y4~G1SeN*3DeLVAcD<cI7&`j(cBMM2f2v-;Ylk1j-RN38kHoKNgk|Uu+4(|^
zuVVjzcddVUv_Or5qS?WC4tj%~b?g(ot$n%meW7?bnC#Orx9hdAb7Ln4=y_lFotlK#
zDjvz3;LE_~SRV!rGAF(0i>|{*q*c9_1Se($>oY2wi`*qgBovzn3*4vYo=A>&`|<R(
z)l=75xh~d&$0tsFybO25Jp#-(<Kb&L{wVM}!N|A(Up2>+aSy)!==ce{IMJ$gyHyd^
z9qniKlHkGm;Gj(O=>>M~+v(kc^xUlbk2SCPAS)1y^1Xq;C|1FQnLPfl-}UJELq$6-
zG<Mc?JXVE6ij;I;<-s@PuJP2ZQ-tJ<cNIL3o;>t=Wp>>mt8YwEpZyKS&c+Tz!;+^H
zFWs|aU47q}x<i%O4lS|Iy@FQtWZp#n7AU^Z=)tSt+#1>6h4X;Y+^)`s1yxl(X1Km#
zb^GE4SK}v^on-Q!xu&jQ-@h*R;RQ<f%GbW%-+!zDY2pZjBh#c)!xJ8iYpW(_6=>Db
za0;s}qcGpJ>x#ECL_NhhAI}9mgw9W%T)X7S{m~d5ao>OKUR*r9!qDZ|KA*mGmNxMH
zX?Zild1w7^VEc2p(>S8fA;T2c75B`qJsfPEjD6=3w6^Q#r@51m4!qB0b^R4S&yw?k
z#p@vh>2O--9vr`aQ#JR*vUtH&@8;^yNZKkok#8K|%vu<4{@V~HIL+U-n!h7S<AL%C
zlz%<1iHEq8Dljrqg-;#rMWnz;zTSE*K9PW(U)r~|4#sYj=+VxDt=UD*5&YtUFJqg>
z-VT3V{|%AAp&FdNpx+xm(v5dxQQB@isOntPdV}*!=Pf+b`3L)%4)#_|@dPgA{k3mz
z6!FtANU1Nf)5)vPiXHjIyb>A9#LlN#8xWLcSw(%9VtthZ1Cmu?TLgEf$Ihq6a;{pu
z;g+~>MDWS9-)tCb`GyC5$+aHqSQa)jgVf%lC%2Hl4G{Ccmp5~4GF9*kP$j?Y_+{td
zW5|d)$B>c7V`#OCf{U*jQHUQDM1LN-dCydT?3K&Ye}5qKS!nT%6?oY<Qc_t}H@9)v
zj_Y<8T=&$vZ#DmI_^X*;^oAC8=g-vNi->j}sz)>A2V~paqC`3?vT=I)Zrrq@5V>KQ
z7d7Hk@%diY$~ra=Yk``&@YE=5@4ay8<WxNLu%CU_Vm=V*;B!Dc=ftaRofR2K*E-gS
zWzt9|@2Qba+*2bRXcv*r)N6qQ_Srdwxa>Q4B;#zs_0LV1F@CB;VJGsDbUYX-80Y9#
z!S(shX3+lTaX3$vdz{~U*l<-5y6Q*r4$OQnaB{`#*(Yz83p(mO>Eri5ocQ*SmEa}m
zsiP}~dE5o0srIINaCkH|nwJQUW$?Z`d!Ir;O*qxV5{FB75_h@5&olA-miG;Qw;*uM
za^G9!d$7Z#6uS?4M_Ywyyi$6`$?^{#sAEI7lO%dIYgF%HJShsuT_D}w`Js--*^B+4
zyOxKiY}4^B7N*;Y`Xd>5w18(yco^y=cG2F7J#lpK$5%`3;7MFA&eQprwuJ=0UOAdC
zx=!?9!KOOz2RCS8VY$I_Fn~FvnU%XQz%JOy2i<%Er!a*~uHOB8GzMH~H0&1HpQ66^
zvOnd30%iK_vlNYH!1}TMjHB#ga_un^z_`-l*ZuO{LK?%XEc_NPUN*)91J~kX^Hb$9
zpKUX<vh2f|-Jhsd=zckq>x<kAi~r_`2j39E@vv{-2p@l*M*JHFzZpLFV70^NJbDLw
zY@6{EArM;|Z21h*jlgH&P9pFS+(O`7xDw#8a32GohkF=qBU}LPLtKNufcqg_{@%*H
z|My65I`3eDak+Y?WO&olhxxBo{#D9PQ@&sMKIMB?Pne|QT$Q$ZLP+81zSR>ZdKk8P
z!W_8Ka3Q!+a5>7xi?}yJ&xE_iGo>TV%cs;+I?~7Nt-RU8^Sgd;rMJPK=EWxxT#O-&
zi#fg&n|uwUskuDU!STH^AI(}FCvW%;m*)4`VVEmP7^=?2Oka4mI|uu&R(bM5@k|-z
z_hIXugr%=;xu<2zeJ!5a%Cgw(Irl9pUszj)VCt@-!fF^oo?!XH*|zUlTwXpe6xq<a
zrLC=f%a-P;D;9^6O3PhSXB5U_h0~`N&zO4GjE!^W%$`*g4b3hD<>BcI!Le9%?F}t$
zi946HY}(>kUAyScvUu$+RjXGmy0dD@szo(rRkib{4=;-^nLh)~g2Kb24CRk;g6%vA
z`E@J`n<~YOCp?#oC@dSL)c&80FY!z};s0D;;+yulD!&5dcPU>krBbC!xEWuLQ_3&(
za8kuH?Rm?jNIdc1acGZ}6QfjHM3;1=-b5FFqq1M6{E*>GJky`0?6^)rk$k`9sP@)y
zLODM1C12B*^o18)(iL9nN%TM0mvnZh@@-YV9Jkb`<SXflF5$T<o>{-9F7?x>?4{fx
zLoZdj)Q{vR`HNqo?4%r3N|)mhyPb*`UE)c3#Gh{1N%^FmNqI_@-BZdJ{iM>5DqrF~
ztn_B(oAn~)DpKLO$|tXyl6}qpDa`VU4a+K+^&^;dDR`*#bsLsd?DaHDHC|6&Pjjfa
zy3KzE>*)`bPOetY0u6U*nCD%Nu~fsl{ZQ%a$FA3pelFN9B>kb%VOtR!Jxv|IquJ=k
z9vOny^U}|$&g*!imd+{-hlap<nnU4PT3q&va*TSJzopq!X;`mM9qVNt3hU+3ZFF8Q
zgKndrJDvZ}U_GxL+A(g`uwLi-dDqLVmqF)s`&=zey`AWBhvN0~)u^ST*GXsyzEtD&
z^QD(lFN2Otw7B}Q=<PwTD?RQ`Ew0Y%Y3j$N<LN`h)sI)dHud8w)#5&-VVysz@kceR
zr}?nPH*0vPbEF?*k!GK(VL(q>g#Yo;4mb|Y=~H+<i0vg~_+dB-d1B!w12Z0ZCM7(l
z2o&-nk{5rvfN|(kQrS!aPaFE|4`@>WC+Xwqh%Mxag`Wc~<>7G)KOdNqDlgUv<Itzj
zhFIc8NkYgI3ttE<d9jTMKO2~mDlfJf#-Wd2+wfR$IdF1}|6k?HvPfCkW|;4vd#=-z
z{UrF5RL8|>E7PY>p$##w1?I(RB85CLX1q4fFiNU4$Af2@^re1=YLhUrMcP;<G{&Vb
z^~}0u-prHj0l$u7<8|;kT_wL4j>7T~%dvlnB!oP%@Q;&(kS7)%J2Gq`Pb~aFhqmpB
zg@0P(iG_bg<B5eoqVdGSKd14;!hc)iiG}~3#uE#FLgN*5`wI5GJ~;Xm9;1lVKhHaD
z=u=YJaCwC`^yU20j;~`{a1-DdPRw&fNtF(-N!pp$sT_;m7ZD4u_aUHdk@ByB#x&_u
zm@hHQ%JSR}CuP0^c$DIs;Y&ZTO~dyBQ<x61r1Ky!mz~J(g5x#Ae7_8r3&*^U!%=8M
z%<F-C9~^}|aULA`-@!@Qeh)0i`!O(u_Qb+}N)kezSa>@T#S;t9C)pI*6ARCcUKH}g
z!t;3+g}jK=a~K4Vmp;vC!((8-Pk%Wa-U6^OuhT4rTi{b@Pb_ub1}y2c1B<<RU9(SM
zzF&o-q$(TF3vK92nmndlIF>B}$8h3&I7+H?hJ&Y___X15L7#EiA5*9k3!hCALY-K6
z=1-wcEPMe;2z6rNXOV<ZCl<bhB!oJ#91FhT<>FFc3T;H>-0A%QkB7&?@<`j}Ii#eD
zTL_-{iBB8eL*-oG3@mkC3e59M`$cdR+7rvQupXE~em$JnHvm(}6N~*WU`f9Nn6DHu
z{il@AV_`qc>yh|x;Kcr0z|yXM1WaN2#3SIC&QIYe<cWD+na(faG8Fz7_!Qa@OWgNK
zLdX*b;TV?%khpx#!F*`LYi%NY>XTVW2zg>T7hDUckS7*?mc|oH`rM6_4qN7XGce5<
zw-i9y$3r9`<cVp|GVB3n5c!8S{);3b<cY=pag8Sy{s1t8X#b?*S)Q+I{L{e9lkO0(
zw4d()Qy5o7+AZ(>w5Lx=WuuSN#D?4iIF?~5Nl2==H-TsR^jQqr@cNQ#q!L)hB)0*J
z%{pMI^8_%3af$6$-r(<mlXM;imV2e%j}gmx{A*xIzYAE}?FnE?s`7shJj+j?lFB9m
zo;LI;v?1m_nDtW)M<Guv<=jLPLY`RK_D+%z^2Bl;9|M;1?*nF@O#g8>UN6M@u|u^*
z&h<2Cj6+}2VLv0+^_AKHkB4#T{~a9jdJ~Sqa*9Y^H-ex&eaR~X%y@KhI11wu%ehzu
zEcUB`rH!=$Q)o{t=lvm)5c0$_mi_`sNUE~2|M9`mr=+r}1y39LQXZB~&e7e#6vic<
z182c?!SUK4{yyArh1nl6J=&jylQ!9_@h@roX^rpG__G@S3ypt6<Iih+zsA3#@$Umu
zSRUd`IF|VjaFkSaawm8m1AVEJ^@?NMdN^sT+kh#l(kTMZbm+_ZDg&mZvS+%qr!VK7
z;~c45_5;#}9|5K?9b&0x^V$)9KWvyb?Vr@_pVs(88h=FNp9Ri>v*2EUqogYTJn+mz
zeA<-2Ng3k66!OHvSCWK~CmsdIyw<=`$cxBz$2QHp=u=YJtO8FP`V`s_OMknTB!oP%
z@OO}ekS7*?1F*D*jT+yi@pl6=PnN$KPR`f;z?4+w91osx=u=YJ@SZ^%`V`s_OI@)H
z6!OGUw_AXv%v*t39;Wjk93@p=EXSWJ&rD@QU(%lioCjyYv24Px1D0~KekiH(tpLw_
z=~HM!JPD3z-UBCTvToyw{~mk_?TMKN?b$EMb^7<flvMei2G2P3DYPM$YxW<3CEs5F
zOWm?BnhwXjhQpvxVeZhmM&V_^61NIK;?@8&Pv*5s<8RgYbsAr<@f$V%ZjEo&_*RW?
z*Z2oCey7Io2Bxq)#L`c4JVr@XZ#*|V2JvZA2`6>Vu>|K)<Zp#zKghabUqm5K9DyVM
zBRC3q;sQAG@4`{Y6HkL9&y774^28bNeQ^8$JALwet0k&<ZdIX>Cyu~pIxQMcEctSr
zNufQl<ok1tCzgEw0hmFwe-$7GpXKoJAA~${HhktgQR9iF&CCFnK4%W_L}kAUSn75I
zu;jH7SgzU6Yy2)?X_Marrmzgeax8CZJh2?huYo1~cNA|S?)$)UPA>vW-3CcQm_Bhn
zeA<_4JXBkx5067b683e>0LCRJ^<(zKA%ro_hu|o*Czk%<8^BDD{5Rpo!O{N5a1`<)
zQidBqFb;hRZHPl~j5`mGLY`RK#wK7M8hQ4&a$b0kmNAmqFUfJ4{mf*<VO}4?QJ5yN
z^rhF~M98_|t~xnK6G=j7PkcRm9?M*fhiZ!)Zv`~k(5EmiG0!8*umz6M$!~=Vz>(hx
zM<Guv{G%ix<cXyo{)!}oJn>XG=F71kg}jKAjrBtt`jk{Q($48qQrYmlGadRA+7L_G
zSg&%75n#F2SVju%iG`Qzm^|-s!WRQm$P){{09ew$S@A5-LO2TTiN$^iNeFonsgno@
z#-&f84Y9<%Qklh`<rn+8Bq2;kMDkh;f_c%G@>c?14QIh|PDf!};w(7w8{jCZ(wqdI
zY0{_AhFJQ#B4C-*l><w@L)8!KN{(d(Fw<t5D>a_;DGGUF+SBe<I7+H=N?P<Ov>}$V
zttAN|Pt0qd$G#43q{2<`DXG$*2%cr2PoWL*b#UZo!%@f+%k@=85<;GsJnfgmQOFaE
zy;)AV7W8=vv0MwgfGJF87o4QC512xpSoo(%LdX*f|13!ed1B$ePZC0&Soo8`a<17w
z%XR%aFopKSV*d_F2zg?uw?B}CkS7kqv3~f{5rsUlq{ElODCCKS=Q<dLJh7zD@f(Fa
zG3}ZD=QN&J_zfCQEc_OYCl>xMG@e-aFK9fm@cMX+Sa^PQp2Bhx3$L$<5exs{G<#y<
zU(|SF;W@UUFn!`{;j<pz(RgCv|3l-6$13}gj09mi#N*(Tnxyf>L2wq_O~6cw_9eh9
z5BW-93VCATIYy$8Cl-Fa#uE$QtntLc@6dQ+@}wTtcw(`CLgR_09=@sZ#F;9c7c`z&
z`iEa=Jh7zzmc|nce?jAkr9RWxK|xp##9}`NSn4wqnEe2g2mwn!9|fi`u87<tN<j!_
znBXE{rbC~?xWpW*Sa1vA7*4(vPIz-1G74d|Uj;`=RR-Qam==90b0IJ#mHjgCw5Kn}
zUIjc1j(OF>F`RK%!}0z{{t%q>livZBxJQBIo^l+R!nnjzpWVQeROR6~lKGiq%Z=ce
z?=x@|#wDgt{yDhe3Y+~Z>yv5f>odes&+Kn0Op93fUSP%}{}P<s)6W4@$cxCij)Pzv
z`V`s_OI=lygpenm182c~0Z!`hQD7MZd`;t7=b3P{|1KPb=@1M56JVd>yEXnbU<&Pt
z#lD{;ggmkEzat4DPfVWarm>I^^2E|6vw+E2a5n(UxyS{UW1k63p`D1-TMY=NPoF{?
z;#@eUc`qD=JaGt){6RPhdEyWp`4`|Q<cag($iE54Vvzq8Told+Hw>ike161m+Vd+E
z6zashuE@{Uc;f37ze3}Q=YwbZk7+zH$G+tGDjbFB6N~*Y213Xai#=ZIv4uSGBKV{p
z!#{RS<R1rSA8WyVgMkq8#0%k*`VIbxJ?E{w2U&1`1ZI(F{~0j*MtGhPTE9mu<yorn
z#8Un*Xgslu8J+=VdQ86ycrJVk?w>V#VxD)}{Q+3Y^C>Xn(LOCLIsP0CEH-0+nHO#H
zG(G|>*L5K<(`H)JHGU2-g*>tJ8zmY~Ea}8Go>=TFHJ(`PS7<!3*ss!fVzIv!SjxFh
z<LfnhVo9e_<B27m7L6ws`*w{d7W)S@o>=U6X*{vm+wVN7dLtJ5eVRS7*zebPVzGZp
z<B7%o8I32FKI)jp^Sn`{Khg2sP*{)j<(}9EEN!M8Sn_%Rm`#yw;6a7imUh8OKlT-1
z3T;Fr-}4}t7kvtCh$a1gV1|=_N8{hu_zN0;37A5AVoB#?k`VI5!v7Ii(&qsRp8+g9
z`#0f7X*~Nk;e#44>naw~=30uR6VmMYY+ZQH9kO6c`+2|=mQzIPY9|QBp`Q&$`={V2
zv?rGG@Ln(JcWL}{z!cgOi#^976!OHvp8%Hg`*#X6-yg!s`TZF%B~_VatWKYj%BC1R
z%SxX@8)7K~`%YF1`BFH}qiN4E7$sGje@?!<$1xrHl70kO^5r;?;Y@!zoZO@Ju@-1s
z<Q&}ujdAEpnkB%y;Vd|gH})&M5(aV}x!&HQ_&0#d6`sJvAS?qhkDcj6G@e-anZT0o
zERDZe<4ZMunZ{RXJYP4Lbm}zTTq~A*w`lfTfmvP)&Yb&*{T|p*Xh$seye~_>`!xPZ
z&7N574{1EH@Xu;Iv7FOy12c$rM>YP0#y_v|KLVEa|6^dDR}1cAU<%VA4#FotipCJ~
zBGNXV2El0bIrgIcbR4X-0Y1}_Ht-|hT4iI-bEO?#$HXAai&*%u#uE!a1z75~K;!vb
zfWmZ$#h&eiLY`Ror5aB>4B-}BwZ;>R{cXUK?>b<nXTfa*rcfsqzFFgmg>Tn*V&Qjc
zJh7bX-M|c@-NPFHC5_*w@%uHNZA{X6TI1Qqgg*i-ZG-c1j*Tt2SAeBGyaP;O8APN#
zJPCrq^doSLdlK#jh0np~c#?d-@`*W*5T5rSxu*E6O6r;GR8me0*oSy51LqgQ=WBd{
z#>X_C>sMm0-<ybqF9oJBePZGHTukz<)Oe2bg=Zfq_G^HpKG!PD<6Q?V_nLcvDXHr7
zR`5)hzNB+I@B}!f^8g%$afx%`$Y1GR$@FOdEjTIX_kbn+;|epK=i#KBF9K6im9rc?
z(-ogKoR=_7rc((g<F0C8N~&~5foD4ODYPM;499e4!BPIJ<K`nx=1cz?IOfH94A(J;
z<8TaTz6;@|!I3w|kT)p)arhM46Nlkwe+-VNn>^Pjq@U~qrldNq5P0TIpF*1u+>LNd
z(;Q1wDSjXPI~D#n_>%7hV9A%`z%MGBP8vX%KC!g1?`b?SkDcXtQ{#!pf@66;(s*Lw
z(-{fE^ofPPUgL>n-dYIEAlgp{kp9P<|Bger1$T#LzaCi9XTQoKF`ezeau0eLc%+K^
zPrww~5VH)V-q(0yxi5UA@x;<TuS0{Eyv6}bn-B9sfG~Yxjs-2aTQ#0|JUAx3U18ch
z0nBzu{3FetxIppmYCLhd;-hKFcEWk+7{%8CQ&=8iS<`q><B2N~&U}9g%yQBGXTa<e
zsGrm9iP`?ie+Vpfds(v~mOjUii%aS%4VXOR4hNRJ0veyC@naQl!Tttd3d=^E1E2Bd
zYdo<W`*Pp_!Wnn1h8uu+T;$t<rTiTl|AfYWUE_~x{Qm{avM`+<U<!3&nYW(Rc;W_x
z(|#^0LF%Lkc%|YW1+G;1RSl0rgJgfoxJ|&fDEvd<RSE}?xx`%sEN%EUU>|JYd2Yu)
z=_^hGOTGa#;7XOwDqxw@Z333Kjld|9U4|Bo->UKVYWxn3e+ZbuG7vLO9?LFZxqhG2
zY!GCNj5mgwn=n15v(PcO(<eTr_}^)~g6_J(5)dp0eG1bemcD%hu$-ff!0dl$zY~r^
zdt%|ABncr;Ec{WD5c0&rzeEy3o>=(vBq8L9h5tQC2zg@R11uzjJhAW`FHy)73tyt~
z#KN!Acw*t3HJ+IFA=U$*qoE73)93wyoCWuNU}^t7z!a82M9wL7!Ha<zpFX3|z7mdk
zG0iW)3I8Z?iQ>&VlzaL=Yxb`Lhn4+*X#6L@?1!1Yxrd6!PTqWXfR{6Qjx#ANC$Zei
z7Hhn1fPZp~?8AL<^eK!>{5d$Lxd)EX$v+H7j_x@)3VC8F!*_tip6yEb<G>W!6Z0G~
zo#)}Cetrf_p^b=?lXdHZqc7=mjC4I5(^&(@aK^2JlRn`NjbE?vn}8{_Czif<J4r~Y
zGH^`7Jm^zsLo9ja0880&fdg<X+jKZesx(=Crb&Mo9PLAJlvMU1@U*8-p-l*m-4x?S
z;V7x%%Ke?blrtMx+SM#ZgfK4gBsiwI7LM|#(j3ZW4gy$a@tIB$oYdO_6;8esPWt&8
zU`ncd?*q>?>C3U~0A8o~U%;ON$MSy$CpH9<?|;RbB+GE6HA(4<qR3a;d;zeux0_fn
zNUCF$@eF<G6J`U;{InF9k}7T?c$SSmg*L=;AE^YE{!l-^#8N-JC$o5ryB<!?ODixX
zRlaQN%=b!dUT=p(rSo59qt~IF3tqEq_iP)*EC3|cu}lWfW1&w;Wy8LbHuNXLG0mlL
z6xtI@AIR~M)F;O{!mrkN_G2M9rgJYGh3OD8jC>!Q^zCm0Q&N>}J$ROlK7}^x;ckRu
zI-iG=^6Ub>9*+E1;V85xz8{V}pRrQN6H9+}y~Yzuzp+5$i8+p8I@~kEAg1#uK!xI8
zAqgQ*%zFv#@AoC`9{`rN@t439+7nB={hDTPt}ihP?Vr``zYQ$>QH{US8m8Ev)a-jn
zLYO|WoZp`T%kgsFC*|b27R5eZ&Hf)X`(J4GZvf-Zwm+}&{Tk2pF-hN?KL!!kVurjB
zAk0@p?z4A+KoTDDY10J9Yld<6!coW*^ExO00vv@rG5dG&AHY$_6N^3jObU5o_T98U
zsPV+SpOOE2U<T2?8z2q75AG%4YWTFdmIQ=0#8MCAfhBIX##_Mnv+Z*=K40StfLUD@
z+%#ZGhid|ozPa8j=iS^NCH8T|rLdgD<VjU(Jh9lX(0F2A`=t2nfWmY{<UI0PV=#RR
zZHO)9?tw4I(hMy1{FfSk5I6$II6r}-FdgDHIPx=)h@`_Y=go@WMiN4MVmX%kfEh%7
z2Y}SAxz|qYJ7^4{J+aj7USJ*{dG;Y<|F~vPEdAs+G#*iGk-B;e8q=arVVWXhGY$l8
z=u5xHew32RJ`A4r^kpuu--|)pBI%bxqdk2Y8}NQXNtHhDHMFNc2F`+G`qKB-0`rg=
zcNN@NINCSD@!Fw1&->L1Z--AwmDeKhj7wjRg=4c(a7<@Coba20r@)ba3Qp2L3`|Lt
zKF69&pMC(2aZBMAEBpocax9Mm%keUO3ezNJT`;cM7hR|LGw><2C!P(*e0@lqKKV3Y
zX-mU3o^x2?dG8bZvA{Ae;xlLp(-D#L8v(&M^rihwQ%0%mc`j*BKMZHVU8y~=UDBRD
zg=rEGhhtniUTfspMpzDV%i$=g${=lqK7}^Kaxa)c5<;Fh9gb<vfup2Kb0K&i9DQl$
zW?N-^rt>8@3ezFxd1u_G;W!VZ%{e#<ZHU<}X%oS@xCuUOxYw7bhBg}k<UHODOk46?
zLlC}|#t`zv<Y~wLib9?^2%qWeeGXJx<h*|!8spNZFfK9ci*a9pqmU;K!IA#}PR`dy
zz#%yDnOYf$S1LZC@x;=`8a1AHy|RB<<B2(sV*2KDZK)G;-COu7A0k0meq!NkfEh%7
z6#$RLf-|3kOPjf!#t_;QOFHKBaj|dG?1{zRd~PoMy|7^vrq5^S!aoEo_1vMb1)GO~
z+181l0;Vvoh@4;cbquCYp$)N=b2_l}fyElX09e}3D&Sl==CuQkVwV%XTx+~9Q^*rb
z`M*XILY|m?5zF&kI0|_YDf0>tw4qO-4RHjHWw;lPLZ0|~IPzbCW3wUu1e}!NAh6US
z=L>SK4*|<H{vBWn<BCXmIKN<d=u>DzEa`KeLLpBq{39eG<cWoU3|Pv!4|pUT%g?e=
zQk9_xJj+0zLK|W^mX}CE$P?3+X`X@`q3~<)DXG$rfM*=~6xtB;Iwe01jzXST_&FpY
z<cWo!PZC0&Sa|lU6!OHvF9Vi3sZu=4&%T#Jdt$jKK1vcoo|tvZaz3tn@@xar-i`oM
z$cxDNr7k!G%yj6}u?(eflvHuA0Z)7Sl>Z7FrpI)yg_HW>dVq{QBEV8t92biXuVt~}
z{fEMIi0Lz3*16cM1eSEFfhC<f&1R!!)1cWjYc}i?BpqHClFlw*X?tw*6qbWnZ1w|-
z4evV?+7L@0b%Z2@JaHPF1@{~rg*>tF-zEtmPb~cRNJ7XH3x9$nggmkEFOY<gCl>xk
zBq8L9h5rdj2ze1{SJVZ^fqiiFDYPfffwSOP&lK{+<mkQtC-wX&FxxzNwt4B_Iu$1W
zB%IXkUjtK8m5pin;OH})ae3{WRJaP6W-5F;FxwMtzRJQt7>8KO!*_@nM7~SopCbt&
zPb}w`&qOHXi6x!m8c!@d-#KCs?SH88KLO@(knh&`QyR~)grvhY9I<~@<IidQ>l*(n
zjekqy-_`i{H2wpP{}5RE>fZt5&o1Zh0i-;ikW@Ue@OB{;Pb_=}3$J)$IY;_FF~=g=
z_Ub_}n)s}%jc^@s7TmwWu^8mvg`*w$N{~MI<d*^$DE?j=L&y^ge?;Sn%Mos;ukrs1
zEOR115@!(8Ndpcm`$^0cLY`QT-Q3$Id<-^>Li<^o{XCKo^2E~it~8#Mbj-C5;a394
zIjsd2eznHe0rTEq!QDdx2+JTMeFEoz45m*>W%Cet+K5k^U2u~A0bmMwV&R_yW<2uW
z()j<b@jnKZ_VWrbh4#cV;Vd{WPEd}*xjb1A+7L^9@;L&7$aBA07(U}J(|GnL!fyta
z@h97ljK>}UUZUdiIvua@Z-FUHpIDCZQ(%cZ0tZVo+5~{B;j;`Jw+qkxFf#AnuJJMs
zr#;8vGB$ezn8GxPrLGQYJTdEm)PHu3SK8GvBqnA4KCra&7nliz<sp{(|L>YT*M5cX
z(d>zt4k@nvGB2ic8kl1a^8dnr5b`4bPueQ)5ln)<oR?+5ax7KApM$gDzM=8Y0&`t}
zJnuggmVubhO30ssW7_0jhYP}y{{W7Xs?4R}8Hc`<=N4c&_8Q<^IHq$i9Br8n$2L>o
z$p5+J%vbjB!l$Gv&u!qD2Ym`{h`Elyy#5uALY`Re;~$cQkSCV*@bAD<=8rZ0kH8e#
z6H9yW<3z~0NCS{`xTZv*J+au224)cXF#uWcnIHF>Qpk%)J1GT08~PO5l)}k1TMH~{
za*nwW&VqXijzW84o?oW(Jva(^;!-%;>*t+#vf{b+MWH=$A$;1$fteopg}`#`ysrt*
zKI(d9-vCUZy@(tm`z6MqPf2An13Yc$Q)ojh<>YlB`K|?)cHRcetZCm4C*^zqm_nYI
z=fZ;92S-U&hDX6O5Biek7lGOSC9Yf-Ujs);mChaDnU46hSq~>=+XT#T@{JnbqVZcb
zp4S?M_QcY!a;!@sFCumR3<%~yU+xjV0hZ%>4|p>ik88Dd?ug}HbBD$g3x5|dgP3n4
zKtQF_uJPM}(-eO{@J5BrJ)fN8unh0OhQc(7h5t8T29du2AbEXE5<;F>c#exG<cTF6
z-tVLz8wGq5!Y#NZz!cgO%Q?CQSn}l<M))<FJ+biXG@e-adSC`I{f!!bx5hVXe5=ND
z->Ia-XQueG)7h!<yEXn{jsKFy@6-7Gz!a8;nD;UZ?r$_6sx8u%Hb7%AeW??k&nO(@
zei@F!G>K=yk?(;M`(9x7W#r90QF4sjtM5ZN)0qIw^F{j*u;jIb2|{Q?%(#qm3owJo
zuT(tat|18_Pb_`)ZNLm7&%N}*CrCob6LVdL=|7|K#ChPD{!f7!M0?Jmc#kAM4w0mf
z;&?l(c#eT7v?rGGuhn>BsgpZ_CH?ilQqBg=o><c1_*v}PuB5McP_wrSfPZp+rJoX?
zWm^x&^KHSs2q$U21T6i)8Q=+Uw0R$nSupMeI4S=nU<!HSad5QP@1am_k@B=cV_Nhn
zj7yvg$G8XKDCCJ(!;$|tI4LK~z;N=v*ZBVh{4>R$gt6HF7+{U!uR-R*j|C1Zel{?L
z=@O5DZ^11B7JII-M-<-zOrbsT3iuWr$DCsSW8fu<=g&k^XiwY>pZ2X9PrOj^FK9gR
zV#Qz9cw#vh{<LJieD_)S;lL<{oo_(nvw$fq53#hp>wu;F<1~JPW=|~X=V<o18lMj=
z`4(t=Oyg&1{5)U^%R?;bmuft*@D;$4{*~ULmgB00y&M<cp%#8EFopRNvwC@6_&#+|
z;a1HClr7Spk3eHN=u?;uF?|b;>u(h5#KNBdW?t0)4lV*m`#0fo751XQGFCLla*|Fq
z4+=t^m}&apZUmkTpJ^@vrWtK202of5YZ~<F?go~8_2*^8bCk_Xz!auKJQqIW{sGvh
z_{+c#E4~BdG=({Lt5o=78bg>4F^}1T`zI9s9))?XvlZsKn5}RpFoki6r9J!=FpEc?
z?}p3y{kmpPEc_9TCzihJM;ec$Y>{*QE;JUMK81M^OBvWNQOKM9B;%21e<k*x01N-A
z#{0DTOam5s_N!ta(0KECx7gnR8);+aJy*uM(_lkk*+k@c4}f5P^l3($C*k(Pk)N!^
zCFXt$3y$rLLVIGlj?DYAl(QZ-a$FmMg=d?jFdgDD__X61DTBx#1rYlaz>?1MzyW37
z4Llr}WjhT_VO(O~>lx=GjVB%pj`ryYWDxDS#+ak{C?i406U$mkDX`S7InEpgTMLfQ
zSSgH4ya+z2L-;3gzXL4!9tD>B5$`Yfv*Z2*faRoqmj573lUUmMKLblTuLDb6{R$X=
zw*6Zg|E|Wrr+C_Zpz$9nO#Tx7$$95Dkti$!vE*gG_ayv8*f0&+hcx@iS~|pHU!d{C
z*CL(;SElh$ZIL!iMQ}MV^P?|yvJf~Qj_H_lG~u5{7=`5|mbUaPu%z=%;MH(Uhu3wf
z!hCO3=Fzpl#fsm@h!CbpEbXmJ<B6qT;yOQt_QX;rKLLIi9P^F)lJ&U|SlR&RJ|Sh(
z1WaK%#M0h&Xgsm3x9kCC*0eY0AfRlX^AXAGE1LZi8vmETVoxmgPXjZE>9hUIaUCHE
zAx|v!oXbdgzNPWs)$EDI{)EO8Q?=lp2atO!*8nNZOGMgC4G0F)p9#mfkHArAPt4{=
z{!uszd15)1$4NrS6HD35epUFd(ilQ}V&P@pPreH-3y%4ofTNHXk@8FbK%ese)}{k-
zSr7CnOow<n9LsPVjzXST+Wcvf5c0%fINF=z`KgNM{$%{w_Pl>_j>CMXXnX;%)NKry
z;Y@#)#`C%pz64m#(apg4v+YX(q;Ac7mb8sJ8Y_DTCHs?AAeaaJ8E_WdBXAU!hgiz_
z7)c0uVmWtTCkY`hBIl0!|G`eJ{GWRG|5-g0w%xzEJyGu|Y-?|I{6;~o4b6$d=BD<B
z)<kpR;)eFJ=DW76iFpbK@Cy^|4OI<oZL1m+Egsi8et&zz%GQPrO>IqEKo5wqJkh?P
zF`j5^SdrM=V1#{cOY6p&u~l1Y+gqDj?lJ<)8yhy<Q@*|RUNcttmX=LTt(%!1Ac~)8
zYH4pXV%IjbFKoK2p{?EED_R>GR&Cx|)0RjPqqcENYx|NGGY%?aRnwrtS0>sTE4H-O
zHr>^dXy4vymhzVEtt%64ZTI02%TeD0>g2u+cP?t#(0c#Y_J)o8E%vglTN_$78b-*q
zs-fks_QpFKb_^9{@OG8Oo7z*>=fZ{!TQ)W<Yq)=PTjDOWw8(6z13?hay8WB+0}lfs
zWwk3R8xk8ET2mI%4K>Q?L`+%Hw`^!fQBt)Br~I|s>+i-fEJ;yYwGG?0H?(Xp53RO+
zOKStpH)0vZa8g9uY}!zsNH(RER^_eD3!4VDCMSim=5{tlvq7oA?d^@J3hW+EJ6dGQ
zEU(<adB)TMr>uKi07j~e(R5de%MbyJc5H2K+R)U#rlB>(H4KBnC+n7`jTNn1Hm5oh
zIPbUA-`%jGeNbTSJxyDO2tp=9gd{66MI&?q7wu>tqGdbb<qfSk#`cC59-VojkTW~G
zL50O-igvTIwdr28e<bfDWz_1bEvs4+8=KmZZlZZfOLJ38!{GCg!strL{D}mNs3<0m
zVC6j<+KRNI+_Gs?+n^>epd9FejFfPI?38dRpr*{`qiSP&JsOHz8G}oj(yS(NpOIBc
zGsA{`^$^z<gV>VM9q{@w&*&}jrFXWq#9EqCbQ38q0JMzO#0I;YGm3zUW!ImwLt2w)
zZrX^J!QOFjwA8E}r>WiSiJViI;wIw+4AK841IyaV6V14VBwACXfu6v*kr;&pKg0!x
zkW@EbR0dA`;8bwA5AGh2hQlvkIXK2p_b5b?PHk|cp>GX#G_$>eT(a5e)dr^}{oUXY
zyC+y^@ak@z`ocg)>?Y*GFrp%K(S{8}h2j(<ZQPfKy8AlkxO`Rlog8o6vcxRek`~<V
zWe8H<ZjKZf>~vcj*##P9<5hHp$P6AjvJ<j$3%Y~*2bXJk;vPHchSnkSyh6aLM18Y)
zMWG(bTN`kttz1@KTQs;CB0Rpmsd*#n+U}gpZ0#n}+LUNsv3+y>puEwtYa6Z<%F1&F
zI>zBRwXkZ-;1ZQJH*eXna8OoGrJBV<@rSTS$dFN1Hf%=8opM!d*@B_FQ949cP1hM{
z!un5GtW31FrKo!x$Eq#JZjsr*kb{I7DZ_fzmchr52t$XU7KaYxIT#{Tzy6SAZPNoO
zj=>oN4pAlvbS~7C#nvz5RH@hl%|+$qcP^|gyAzj{Q6ElA89JQj3LV9jM;kD*2l+`e
zBNrGr-Spr~a&?O~JQ#fQzha;&ob++du^3sScjUax?NE$hyJhhl)?lL9-ZW@h=Y|{c
zoUG9@Qq{RCms@Fno{imy7}=oKI5J=_>nUt+*ntZLH}{06u)a-37i8_3aqWr~+nbvm
zvqJPNxY0R;J<Aib_?9ir4V)$qU~#8xxT~RcE^dK(h<#Rh?@39z^Kd(Dd#JZEA!8fK
zZ@`4zCOK|cZ1<Y2&V)T#5(XtF^0qY&M7zZn83jx=$G4*`X~P+3-iyl7@b%)Sn)=&O
zQqKFGGGKnNsAc0Vo2oF5E^kC<q$h}TgzMB9Yi!}!;WEaI!dbe_pk)I)UDY;uh5->v
zUo&uWHWmzQl0EOh)dI0KmI`bd#nXmgHZ{Z|fgP4=g}@GAqaJd3KyotI1_ttjYQ!9I
z+2+n=j7v*j5|D(<>sWZU9Bm#ZG_C=2C16mHUMf`9fN`T3YfVr$cZzDx{w0zzXte3U
z^M0Fl5*ljKubB*-@oNFbltd3P=K5NYny3suq$@N@RFNE5a-L<UX@?BxKgbN2+>71v
z`v=bHg_jX<>d+yYcXF6-Cu1%Fv^p21NlTVE-^PT)4oR^lATd&zJ14LVRc*FHCj^tZ
zR4v*G<oyQ*1J?mmv9Dku<*_FR1NvQDs~mi|Hy|ew{WK4lbDIkUcETwvhD^X{2m_+(
zkx(u)i7PG&49+__D6qqDEQ6N=>=1R-1BU}f(NfwZ7XpS(M?Va9z^Se`^1O14`M;g$
zpvk|@qBa;oPaF-wnD&e1pgF&4B1mLVkR2z*T7aa*{!-5sX&9>jwxx5z%=?GKrs{H&
zAt@*ScAB`O519E2nd-8Ftv=_M(&JLn3-1hejBdas-KoB0l=7|vbLrNMq=)GH?Fa*U
zJ21xFUUHOf%}Ck4aAodn+p0V4z$v|?!b@5jw~>-Q3($jbK9FRJnY^8*bG8Og<L$s9
z=J0Nq)2HYYcsq#KfP0fpPW|1mA)-07Id8XP4VtvOX)zync4@HsblncZ*-3fVK_#S|
z!`qP%m~sLyDW;g8+d;UTt`Ib6-fqWnsz9H#+q5wQSJ%A3+Lo;P<Q&naQ2tbwpi>)T
zCX1q{n7gZN5phTp$#B3Z5vdJskI83D`ov!1;}8bU>dgQ>L1XGIrbE!^H--pFF^#v=
z(yzIJb9l)L7D!f~;+Y}l>|Mh3i*``_A?EFNT&JZBp0w);U*X=5lbCwCF7a{Fa7f9y
zy3G$UQMbcV&eA0{{V<)9>nCuC`MGLuLxkE%yHj&x>OL?~&kF~R!VGb?SWLIl2AvKk
zs&1f9*X=A(YrK~`b9H-8s}90h^Us|-r+B(5jS5(_V&R=DSI6&MwrK6ZfcT=tOID-~
zVjM2ztgKnGCRL==VT`q?e8@;CgX}mfoJd0zanX?B_OYRiL&aqI2Zu3M%@vL=br@sS
z&7NL-XL(Iksyay>##rTxYF4F+p?GKJu(iISEe0#m?%B90hS`M6H0<E$9nH#~u->wv
zZ7Xj~LtAh-)z+Tayme@kMVk{%%`026c)Fo|XsdE{W5+gyD;PC5;jtNKCPUlcUUhFn
z>y>TFTJARzkRfp8eQftepxvR`%kU{8s%cVrVo6)u_J&p?DpTWnh(YUhJh1kcv@|x=
zH?<GW$UP?m?UQ9QvQRU5gJr$2KOC5d%=HXfP0$Tis>-0%gkNVjHrC>FHaBpa#+_~L
z8y8mI+18kd&7Ol+cjuoroMD>X*P7T`hW0yqjviUDGl~Z^WMN}Px@~>)Jx&7U^&1BB
zNFp^KD>C?d8tz}TVPjiDPXiq8pE}dlbXTo?y!Q<<c7kRM6@Wv$FJ)pgQqapc&NkV`
z&4~?8)_QpwvGnS&1Fj!M&lp4^VTW^80-Nqy-EvRMmit<qX`Yb!Ar1;rM>vRA2RMkg
zk8dEW4$mPsY}vfoesXRvF(e9`u(?NddRRKf=BlK!wRH>MSiOSyJtNgNNyo_V;p@^#
z@w-2hDdBu&At`?Q^<-TS8sXy%om)eb;&*?t+Tr~6CrkD4kYOJ-^c+K<WaxQ@9yN4s
zPfd#7{RF(j`8|b3_;f?(HrAy0?X9f3KF0_zGIVZtO^V;cEw4%Odlncvx4tIDZ@&_*
z>kEx=zBZH;zy0cvt}ivhs|<aGq4PD)r1(8GhQ7+s<yB87j^88Oaz($@uwQ5BcNqG5
zL+2|fN%7mCA=LFvMmS%MPKw`tJw?}>jqnyj-)iWshTd-I_Zs>RLw~@~cN+RbhQ7<t
zcN_Y{hQ8O(A2swZ89HBSNQ&S61f#?GJx>_n`wjg`LqBNfPZ|2thJMJ<pE2|<LqB5Z
z&l>u3hW;%>|F)qYHT3Tp`u7d}grPrg=r0)h4-NfChJMn}e`4s}hTd!FFB$qNLx0)O
z`6^XX{GL8Tf5p&WHT1KF{tH7tXXvjR`WuFR-q3$#=x-T%zoEZl=<gc(dxrkLp<gic
z4-EZ7L%(F`zc=)MH}sDU{S!m~)X@KE==OUH?g{gIe0-0=6~Fy?1y{w(6MXe8DSppY
zhCbZT1BTAeG9(4#0YlF+biSIM6u&2E=;I9i21Cy_^ofQZGIYz(a}9m6p+^io-_Q#T
zz0lC78+y#pXBqk&LoYIPe$p!`xc?ja0z)q~^thq(^|7S*?Vl3Y^-3drsi9XH`U*o|
zY3MbEzRJ+$(;QA2aQ`>LZ#DFFhJJ^kuQ&91L*HQN8x6g|&^H<SU54Ih=<*t#9M9cG
zI6w7}6u+n0&^H@;i=l5Z^sR=z&Cpv7z0J_u4Sl<z-)rdi89HAnOp4$B$p~G4zzF{f
zL*HrW^2rM)4Zr6hBmDD*zRS=%41Kqu^R>sM`0ZC8b^Q?|e6OK@!O$Ny^e-Cvmkj+e
zL*HlUUpDl|4V|xHCI#ayL+>>70k;SA_k3M0DSrDkIbG*#ZAroXAgKWP?N?-zl;3_8
zTh~V=72BS#Hz&n!zaFRS^7^8~;eL<|1oGRj$tEek{dpE$=cfdcg85-m0rGo7hHe>p
zuAxsh^oXJJ)#0T0?axB$dSOxl^1DCB<IsLj%m|-l==>x@QvCMMdFcAQqymKdfuS!j
z^io5Q8#-T;P73Y^Nd*Y=K|^0^=v9Wk!q8V5dX1s;70aaf?a#UBdR<Zh^4mX&o22~q
z&raz&KZlbPzh`|?0rGq54Sl1bZ!+{oL%-Y5n+?6i&<8HC_}$OrIA(tP^JmE@e)kjL
z622oD2;_Hv`d7kt8sQHa`YuD?ZRmW(JSl$nXJ#DE@4osh`j?W%Kz{erY!d#s5&nds
z?>F=(4gH{@KV|6h%DzMUJ%^0&XAHf|(2p4Uvxfehp?}NJzisG84gGtD{(VC~Vd&2r
z`U{5sLqq?Op`SGLpBQ?#q4yg4ONM^R&|fz6(}vz>=&u<1tA>8o(0^g*=M4RILx022
z&l~!$4E-%b?>F>!4E<e0f6vh0H}ngJ{(+%?Xy}&={r86c?}q-dp?_lNpBnlf4c#+f
z0D$?Rp{E&ohM`|&=)(<tgrNrveZNmHkl%B_(4RE)g98dU29fz83lZx40D%bg98us?
zj~V&`LtkX*Rfb+|=yisEyP@lM2<G2rgm)PF7Y+RhL)UvmrYAkz7l5<yv-E$f?8n-A
z-1`Hi)1!Tl()r=eEPOtXAAA#GxLk4Bz*(M6-e0Rg$G*`kEu0@X%fkBS|5D-nC{z}H
zu0>AJt+u|^J4&7LCR=ay%7+3Ojrs8dMIzK=hJKUMqZpcIdD^}5!G=|^&BD*UtWx3K
zw!YK5Ug=-4^}XJ^l|B!C7JibdL+L-W!@uN}6-B4M_IYImZ<!tbxR)Q16Jhy&s&vQx
z3GY8DeICNHJo~+}!ZXS)?~`7y)`A&-q|)DkpM{@Q%U1e5NGHqll$Rf&qr3>0<$2mG
zGibKEEYBgY%t&Y1`ZHdc(K&jTSD(=^KbcXmC(iO5@g7v^L$&Mw8KwWu4u8)3Z6o}+
z(tGUkearjzM)=E0=a1QD;j>KtWQ4zA=x-~1x}Dz%?**lYZ2fufACw-o^%uNjQIC|h
za9Q{S4nH15aoXdLy!lEe$Kx$F^c9Al7!d!Ick=-KW$(@b`f2YTr57XZEUa&SMd_1m
z{T1)ml>WA@zv}&_(lPjf{aNqxq9dH;`?;Z?SGx0Ykk`HcQ|bJ;QkLfpuQv@q3FD77
zbW7=l2+Q)E_s&%MEw=tEZ@JR9+xlBxegsd1>D3#0i_#AxEX&jHeMsq(?eqJN_i?39
zv%}y0->kh4m|azQzCAOHka|Xl@hA}@9$<hGQj8EWV#E;wj4(ok2mvA)AwZA-5e5tr
zAwYx_QcN*o#E2=RnhGK+Vnjq#R4S<;BBD~INQEj@M6^^Xe$V~x=M8U?(#u}oZ(rH-
z-upSv`m@(sd+k4G&!qb!-fqf!tb4V$-x{C)vil})?-kpRcYn>>mq&iT?*6{F^>MV%
zuf6^0@ITr8thcX=?Wel8<S(~q`JUEs`ZKZlAH81_+kfod(Vq{-_Oso)d0U&2|7*R?
zA9@+5zvJ@e4YqrFhP};|(l|X2J<i+wM-t=o{PS#YZ>@1UuIq(8OTDd+BmXPC&6AvQ
z`ZMgSH~Rc@nLhH{vgbB$^M}XB>G|llH}d~rqwRm+ApN+W-+P-Yi*a4;p5D!=N%IHl
z#_9QK+uJ)tdynrK@b(F@y-g4QxjajAJWc2s_V!X~<GQx%d8fBO8rz+oGrZlLZ+7Te
z>}~!))3~nwo{xH)JQ-hWz0H%Gaa}w2+_ll?KiX*fp^dg5-)MVt{+gN>^55FqTzQP^
z8tCcY=<_|j%^!0d*R^ZUG;i|<|HgGq>^a=q{6V~NUAy<3yixk|H`-pd(e@`d+P-C@
z?K{2AADbGd|C-^)8-4!JM%#~j`*Yg2ab0`${K4DJ`DRMb3&u1%-)!&Qv#qyhM*XMu
z?CEX(z|gp^eR|&HZ4RRs>raIpyutRgo})I{KA`8s4Yr4R&e~x6pq>jh*dFfrzy{lg
z^sL%odwS33H`qR`=k^V@XY|~?!S)e74{oqMv*%YEY#-h8^ak6rdbaqhrahYdJGN)+
z2HSexJA3x=qvy;&VfOsdGiJ}$)>(5-KKsm*_k>P8eGa7e`A#_g_}M3&Fgp8mz1MT(
zp~D9pe)#b0w;q0A*QqC*di<&LBg{Xi>qNa&+jab&dyJm`&aUG|Pd}NIdb=Xt@)PPs
zj)HnaBewLbT&Eqc#ESX__^wk=J`FtW_;-$W=`F$Meo1Qm#`+5Ef5?pe55u(nW%N_u
z$*=5IiC<|5N93k=&Eho=DbKy%%*Xj>W5m1~f9m|%C+qjFiTdTcIkV5wU!BnF({pAY
zr`kz8UcVN2MwecF@!!u-vihqr+FbvFJ|8uInnEqW8?x))oAmpg8~g&ubH82kKgeAh
zXzZDq|J2j<dzc%1K&z|N=lRW%4XpgSh}`?}lCj>}>Qa^J?~Ay``5t{!Vaoj<Kj1e*
z{>Klxcz-(I>WU3IVf`<DFt*M-L4W_J{Mtv101Yg?$F}|#JhZd2(VOKrIL<t6zW(yi
z=!sn${Qkx$f9&U^QzNKKPU41H|GOB?Cv0x?3mAI+-M@7qTHllEcXj(5y>X^t5M!eb
zi`i%LE6ehXp1$F5Q5NgRC)t%hj}sq_b}6j?T?p~|Uw{z%w;ne7RR>!6kOQ?_dZS;p
z-&bS)6n2i5JYm6n{RyPm3tqoh9Jm|*MnkjD_174ra2(Fi9H18o^=jiNSs|&}c&~Yr
zUvAj=PZH3*I<lHSqQtK;C_P&9ws%%6CI{qZ7&X5P(eQJ>%20lPA#>F)Ej)+KZz`x^
zo;!S1*hasTAf>c~#s`1>W%lW(%{zyt-r#o)w2K>TH}z?LuVDQz12mOZHBLX{_!Evk
z;f&MSrS+eBXZd9U;s5Z)ztl}$^WRu&-t9m29LBv?aw@O(^T)ULn(W_Bsh@SNe?#Av
zrv6y=J?q31PdGydwIq&dSFU+kTc7Kb^@+8)!8`p-Q_mgr%`fB2)AZ;19CGuySN7%E
zzx<_)#<|JM`Ar?`8~IMR@ysZhemwcq7}42}dJWQ3(8e$3%g@mCuw$Cm43e2JohNUS
zVSaKvf3a+~N<h%qP$O{!WIE+R(VM*8ztJoGve#yKu20I|aC~|<o~yG3?EvRj{a)wE
zC!W)s5wZ$8Jf+Q^%kQ}7d3bpLHy^Qo*QRgytN#1Fndx%BH}88+oc7jx$WB$%?yc`l
zYP`M!o=<Jw<5!ks7iaHyb=|M!Z}=uYpR9kuzWHeVCZFYd^vy@P6`#}><^6G$qRf0H
z-i78SpRIrKz4>hYCZDZ;y}kKt{U)Eqi|maa7#B|6|I}PR@w404PQfSZf>I0DRrwHw
zORsJoRA}jg^Wh4tn<<v?&ucv4=YP8L(!FH^;W3Bjw34TFuI<y$wQjdP<j~#Xr^`CM
z<Uhagy9=MuaFlB%{RVYDv++cIMjMWO<bOTU67{M3a(2m+|2<txq+QT3+Z*KX_6d(U
z@;68R=Gb57Ii7sXJd^A8{&tGqU-W^ZPb~VRqE9Y71?GQq(J~cwS#1AB^>>@p_KEt}
zwtDYh&?e_Lo@kT*A<s?fv#{|;dv3?4&C*@jdGbkjt-}sBqwn}U?7oOGQ_I?^@kc$~
z7qRaiGkm&1p6~k$_Pve=mlb(BZEepO4}L}z<H2p!p<F8K<$3$g`A7Yo|0ZR*-J&dW
zlx6OyjBay`J#&n`+V8au&42Ouw?FD&jyjm54&IljgZHJ@A;!P!Hi<gBZZZDPYx*U|
zzx5dZ)(4A!8tl1c2zI{@!_I$t@y~#r&&;CFD*8y#=fKW?F6{j070-OwWsMenLE(k4
z%Ux9T#YJCI^rf)NT?V_{<;AlCcDXByF8s^p2lv-l{O+$d?EV@LyZt8=?!YcL`q!T5
zU)MAGw;p#ctCzIqF@^gIM}3~}_;R_M)W`l!>f<(#`naBxD9id}*!mRMZ9WzDz6jUX
z`7f^jU(%l5mk#;64x7}UzryXM`}yX^2OC4w?I#UK+xjclXxkq(dbI5W4M$)9uwi~?
zzeGN+f8=vvnJ1~Bmhim4%<~sF9A#Zn{CxS8et$(AdH$f$!+&4HQMY>=j=J$6Sxbz=
zdm4^@zq{d%LicwYrds)h*#Nw*(I>(lZ_)2}HG1^BzY>pr_qA5^yX!ni+HW-eY4Fz@
z9)iEt@GyLP!_(ofHar97LA92dTD!jz7;n9F-`em9`j;D?1K-l{T=+{3&x6-CJRkmI
z!=v!c4KIMd(C|X|riK^6{*rMq{JBP70)MvQrSOdnFM~hR@N)QuhF8Em^w+XdYxkXj
zU8~@4H@q7DR>N!HZ#H~Ad`H6+)BXL1sbaUUMcKU^|9qNrOYq;6vE+X2#bX`=d#v`s
z_K$^^G-=zguTjUtKGuZm^NBp`nD=}Vd72~7OG}<UemBXd*3D&Yl8^PMoAdl%^KqV$
zk2&gNj(p6qkLC$wA3N|ql+x8Ts5RSgTH)cs(+kfkJh$*X*zGnS_I{1RZl483kMZgD
zTvYVMu=OQHUkbZ@mKA+D>}#zRMUV06>%dh-Uk$%XKeWX7+_mBB6}sQh@Qv_p4c`QN
zU)C1B6`t65ZZG;Bh3|xS)(<V~v}Qi{z<hbA<vy+5Qv<smfL+#u@a~QNP|;Dczk1>4
z8>?=sv3Q<4bk?_Rr1gA02G8Qg)K@stT5lJ9eBlX&JB9lT3!lH-%SyR?fvY9Tb>Few
z{kPBUKyuW7S<ydGxcWW*!|%3@{jJBf>k#F>fD)Vk^d-k(?5{nszfRkcuiN#E{q?oP
z0D8Utxu~hzBy{s+*m+KYotB}H`XKD@)~3NOYY2A!!$qGCFK^140s9(eX5m?|+ie7{
z?dJMKTe%(n*S2yy#Mp4%qOH6y(N?Z!hqAoy(N^YYE0@dRl<g30Wj)%;?GSC{vZAe=
z{~&2S&qQ0f9ipw=4$)TTXe+mal5RLYy<f5K9+Pogc!-U~?|azTcl%@C**Pt-?`F2U
zeT~!$`x+_o_cc=FZ%^cJJ@U6d^0yxOn<M`#o61H0A9h74%ljL;IsDJ3*W<+;^)yF4
z%~4Nt)bpcFxlzxRl;U>q9M#cw_s1F!O_MxOcp~iQ8<UDI+;HCezt+wEsGB+3(A+8c
zN8PMP-ON!pbJWco<I_B)<TJJKVBu+nhYAnFo};E0o&kFt&Mf*Y*kf-5_I=hIcu~{N
zb7AK>54L|k>}#Y^`1#J!?u$iue5@^otuHD1QrP({gI(_O!YhiOA(F@Ys^VE)^fg7l
z9`?As5q5oUD!jJ%Z!P-mMZcrycfy{p*1;>AcDtu|?koBOMSrm94;B59qCZyj$BX_%
z(Vr^%(?x%#=)47*`^y`j$-Lc}b?z(r*uw3?<BNYn(L06vi)Wzds!mt;$0ca#h5ej%
zOyR!5W8v}op{1=g87X-};ZEWH!om%YeO|QF66N~1i*n6Tt~tszN4e%G*W6KFc}*4N
zS|2F-#KMybPcA&A@KpHfrmY5H9}Cl9A3H;^$MA5`rx$%j(PtKYR?$a_KBwq&i$1UD
z^NT)O^aVv<SoB3jUtIJhMPFL<Wkp|J^c6*4S@cy!Uk(3#({94`{nA@_OyR!5V+*$n
zkB6^q@|*y>Uplb+rN8h1Od>54wI)x3?Vk*<Zt|Q`^r`R*^+U^`*7Q$<{oTz_(S=>z
z+w*h7?@D4HuPN=|c{|$S@Wvk=GfM7bu=5P|{zh6F%uDy0lK($893GEJY<a#2-PdDL
zuCITh{Rf&1qy3#{w7>5`qWxdec%uECwnP4&d;8&9Zmrv=O5Lt&IO;H~$usJ3ec6|q
z_Wuui9*BK^QBziwyQC>A%Jq1NeRmtizJI#$#J+pKV&Bc3vcIwKJx%`n%(*DabseHy
zbCm0Aswmgj>QS!i6Xp87v?%v;O?^7#U)%hqMyCsNtWJb|o{ceYjxq1{j4|(hnTmgF
z{m?R~HPcRm-3~+WvZkzI*mam*{4-$ZKNEKS>E;|8BSoJB`#OIv?0U{CJiqX0Vd45Z
zL_7PJ0-~LrPqee^8SQL6+S&eSXY0|<<_`IL-}_<f(az>*XXn33JKGcO?7oY3K317&
z8PuBjM?2de?QD*AHb*<VzoMPZ(a!d4($4loJDZ=covBmyX|(4Tn!f&v+ml~L(DJ{w
zXC1e$^Cs=-wu<(2TTNEJ*;dh>-j`@k^B^8`w5R!hZBN%hNxQmV%1_VXu0!m*$3ToF
z=NV(k9An8$`tG$&yG0v*so~Il-Bmd}w-k@-6S_I-@Ri0Bb+8_FxUJEn4s~CiFQ1Q;
ze9V#0RV5$u|JskYHvZU`cQqV!-U`Lnb*GfFtVda9d^z5NpRdlYPwcxn@~Qj#^-`ZY
z=hwN{^J?T%=iWP-w9$s1yJFux24YU|d7(p{-Pir_4Nck@!`3IFd(2FNmzBEt7>Ty>
zu@L?1cP*lB-)j7IAERzQ9yjS1=hLAqw@K8^`x13CN8Nl(Mctg|<dQayFXt1-m)mC$
zkN0a@@edUqhTRU+3(qJ#v-tnl`KtD>>mTjr{G;8hN4r^9_W$?uug6BTGmWPu+Sz)H
zftr84mNQ3v_H5EdeeNv%{(NK7di1q9>hPW>pH1rE>$i?R&U1bA^&yQv`kKbp5`Aqw
z`r7+4S)b*1DACu)guQt$#U7OI_cnU8c^#{D9$VM!V|Z$ReW&dEU4_ptdDdgo9PRde
zZDKvz#2o!%?oelQw23*|#2js6jy5qzo0y|b%+xmXjD55oeQl09f2`TZ=tpz(qxmn+
z$9Zlt9{j#j?EAe<S+VcdJJi#9?7Q{Yck8k5)??qT$G&@P$G+dw<Uf@>?H?@pPlN3r
zf~l;R4chANCZA|4kDq8ObL^wXOth8X^@@Eo$3FUAyQ4DlzB~4D+osUiN9Pm!XpVh!
z+So^P?4v!gkLE%0zptrt?4$MANAoZq^Yp?qV7JN4qR)bz=Sb1#6rKw^?YyE3^&M+d
zpJ0!TUi9Z1htD^DtVi3LqixNdl4rE7^=Mmjw5>VX*5}Y@TlaOet;bcgt>=?L@^|}3
z+tT@3qHVv|>|?a8(?;9cA8l)Yw5{isXxkq)X-AY-eh(6D>vE%QJ>H^iKiK%^<A0#x
zQP}g?0@(d4?CQS1@dSI{H);QE_|)%e+Cz1-kJ_-?D%#(5i}rWjI(R&<M*F+mXn)ry
z+TUp>;rEz{_O~AGU+3HBtF!e!^7+5k*=0qYUC*eq^{BJ!wn?39-MsJ7p8v1z-9Fv)
zSJch<N8LWx=utOc|3uyFkM^wn{$e$ZmZ;lxP1-Tq&g<1^H`h7(`ek8no{{=`Df-&^
zM_=31As@F-)Xls}yV+09-6!(1S+c*PZuK6`?H_eJDcwq2pS_r4U%X%8H^;uX&M|K5
zJ+hgcH+ZJBxU`RX6Hon~+TSlkx$dJV*Bs@#FQN_IKGB9w+o2AZHswYe`q@;pp*<7v
zY)4JH;x7PYo5%6;^CoQ^FD`4Ud>b75&v)#&o}1L)`9%Hyt;s*?Z$0X7?ogIJQU9+r
z{;0n_QGauc&!vqg>hHde`mbp8sQ)h-9wdMBG}!qM6&{A2|MbE$VDID1!n2BJ1b(zB
zYfjPU7M=$`+<4~0uJb7Ddz=OEZH;Fk>^v92k2U&Y_}?2|0(-7r3OnsG*!!})uyFnS
z)?0W?;l9FSVfRZLcAG~(y8h9RZqE*$Uo~~>hrPc8@VrK!2s`a0*ma&<^yo+H(U11a
z@_(<t$8FT#9QF4(DC+O$jh#}5sK3jN`kz<o?`More|w_-Zu6+W@5Q42K4u5W-_I4N
z!JlsO9D<iMJPdn&o?i4B@Gl$BO!%7(&w^d<2<&>!Df(R4{&_{854--OMPC5>S>;05
zc`hoR#f6u^er~z6=*wW|zr5%x3a>1@s_^Q<YhbtM^|0IX#^SjNc6+Xc-JU|}{Pg+D
zV_=N7^F6>m*kfQU?EP)S?(6Ze_hka?Ht)dhmwwpoJOI}*V|@}jg=?9tHQ(i%0=ulK
zu%D$2!rrfGu=jlk_BGNl?Dn5t{4-!btC<Nq?X2P%DV{mSGq-r=6`o)Gqs70VcoxF0
z|Dxhq414@9fxTZ#Vb^n6@h^v+&x)e2Ecz<gbKq*&{j#R8aKm%-`<i2C40?SZ#^=zn
z=$^0Iu+N+0;omfAg&WRAA42(m{2i|6sD9;}V`%_>IVJg-hR4_>ZKr24{6tgFDX_<F
zj4PiX2a7%puH(vi#<=o)J{`}mn>=Tfv@;9GxcY7589{%t;W@DLoD1LF=rOKNYj{4o
z>p2R$9~Tro#?|i{|048T8y0TZ7xfr7_Z3g{ul49(bM&uyLh*MBM_>F?Q*QKy>pT&U
zIr`#_60}5LT-NxbFFGMN&zD9UeNa;O?;DQ3_(Q`(=*~0x!W?~J-lQ*<H~B|j*fT;t
z?5LLL3+vGrW<KkFswuY@c7Kh5JvO2Ztw$SLkF=xwY?kiIZqLZm$5iC$d?HWJW09xR
zQr#Q_(J!7qqhIRWYwj=p0oeN${Zi*%`zIH_@Gl!bJ|3f<&OhquYwW0}^{A)knGX58
zuW5(2nwihHG;goS?F~A050BmfrtaYpzeY^{{B0t}QF!#DKRsez0}hXPl9;dO+d8jN
zUsf1Dw+HZgzZgFYf4hbL;SoGcJ?TQ2dh#kjTh|6miBV@UkDf?_&eX&<%va3e{}+K4
zUTbd4NS>-<S6dalSW(tsZZl(lrC%y$8xM7k{W4Pz^vf0b4CZj-73btV3h!;cLJ=RH
zS&GvNA6)pb!bh2}R3r^)uTnhTe6`}c%-1Ns+x!W|1?EpF@~D@zHz-Ei{#0OYNoR>R
z(E-6DlxWYNh1|5W^jBz;&)Q->k9Jlgze>CVy7;dZ4~Nx|)a7V1^*z(PNb$Yq#fsDk
z|Ko}`!w>0)mVeTU{$0fw1LCK|yI6l(ao57p=JHID_FC)DD6&mH`zXG_%==%1<^vS>
zGxtho8~;khL(Io2o@kz@c(VBjMYi#?ztR3qdx`bGRb)KjIa`tK%zs&7%0s6eRu}$;
zd7a`<%>Sy$ihqpiOd9yJirc~ZUT>k|Dduw&=NBG@$w13RTJbMYe6jgrq8V?rx%`X~
zxb-d-s%20sY2T{I3eQrU0n5)gfm^3Eem=u<nj&KYPoFvSq^@`vQ!H&w9-Aw&!UKvs
znW+y;TNS5&d(7m?iXQu6o}kEz-ml0CPgG=uCo8hTQx(U<59^1PICjL83%7huk+rL>
zi4E_|%;X)%i2QlHv^+oWhDR0qm?CAsBZ~W)Id0xzUZHrLnd9btMPF@RspkEnnZx$$
z<{v3OXx>|%N6n1?&9qW3`i_NnE&Q6oQ_Y7ca>^ks<t{3GabYey(zC4am4!R5&(4ZF
znmIMo$E3YVaZmH0;$G$p6kl(qeGY|xt{+<9mW~CMw`(OI9);1S@cxRY!}8OQaQe?e
zm*;Qfr>)@=6ytahQ`QI2m6kq*TfT<m5*$BmLcQThiXS%*O25v0i{cGtj^EFk>BF1M
z^vkVg`tfd9<ub0}tTUfc);AUZ)lC2X0hV8fOmO=74F4~sx6C^$jx+zY;?}Uz$`+ja
z_zHU_D>4qqXN^2Zn=e<KYhJE+w)rYWj*a#s`k@7GaR6zd@6qWCxaI4*7oqE5dZpq^
z&76a{g=_zterSPPzNW&5pZ%Qz>qGi_rup59%;V_rmF8;|R~CM``6G%unO7;s`Q;Y^
zbIX5k;mz76&ml$1gE^+zhG!|pxlg=6e4h2iimZ6vsTlR=05!MHP@`$tTWec7?E|MC
zbyH;*N;?FP_;SVL3!hUMU;8or(6U5p`e`rtL`6+u!2^ntg5RbXb&~+^V121#%wyJH
zW1W0nXQs@lu*#+WaO=!wzhbUaTIzhbJ!8zR(Z+KWx;=C4Vf@3bvl`E7#dE$r>=T^x
zZOrZ4G<_K3N<0ZK>%Z#<QEQ6<t7U>#bm|PZ{QVc>6P<d(Eq^D=xu?wmr6u-7Oxmck
z7=P4FO#Q#86+iWiHrI(_otWbSow~qTZnU{P1JZW2htJ{k?1e55ZTxyOdF}@*Pxb@O
z<LhAS9Yr|vnQ6UW5l;Vzb?N}8KiXgU)5dW6-y^16+8Iv&hpkUmgj4^d^(l&Q%YUQe
zGuGKJIQ_I;`&as*g?(%5$0Ef&Vd=F0n_%mVUHC}FI7Z~5UrsNca|_2fk-sA?`bd8I
z4$g5!Taf20#TZXw&N<N+@>54R{V|^9VeFHJv}Y)e6z2G${)_=Q(~jE1{ILc6xPEAX
zTkmbg?KE-wKTx~6rfY3)*IXMO152k(PAd8r3xBonw+nNw$$WlT_-BP5EzBH^e@DfR
z`Bp{7Dmv}-*XBDEqpego`XbuO_p?*&VGO_7JVWt7Sbq8f&i09MtNh<3?O1zge>gpH
z?Ih2A(iUl@J`XBhWL~BCG4mseYs@z)vf|f}Zsx{c3$)DA+J0qojWz+6PCLV`g-yTg
zZk>IETgr!Jvery{fO$kw(^FUbH~OIkPJc(-)(?)63*qgXV`WL<4;1G3O3%j&Gk2lC
zUorYZyj1)~>&q1nf}hY2EpW^IGF?pCm5N83S1Z25e4OGO^J$9n%?lJ?2Wv7rSn*AT
z<Gg7-jy3UAef|o2_En5J|5jkmF+Wk;<T<3c1^lFbXn|YOS>o95Z|>EO(01D#$Ax*M
z=p1+HiN5%q1TE1Q3~VhOt?7w#vGQSjzS=s+dYlubA1mI+`W!{}pR|nCE#as1Lkrw;
z{#%RNzen{oj2eKpjJlcUX}fKXddlA`E$Zp9*Rh9t*4<!v7>96+ifh?ZYvwb}Oxr|X
z%g?a}=iELbCZDm2aGtMYU;ZFLOWl`A+HMatZ4k$)c($}{(f?CFw7@Mtv(oSi|18Bp
zGslW91-jZ#>xY&YOJeqSKdtRoHOFX-L+R|}+@fDsm}8TC*e`g4<5W8PwL7}&L)qki
zfa2b;JZ*E%EkpL)sCbw?<ISzj1X_;PN<Q@42&{Z4AI^L@Ch^>$csVRj$J}CPwJg_~
z`x|ZYUm<sW8-3TVt{*GjQ}~VD(&Zuf5G)V(M28kWvheJ}Cl%(>JkxSXlze{SXj_#<
z`)|^=(rNQe+E(=$Rvs}Y$V2<X+5Ry<$TLHpXj}12eg1Z>xxaB-C@uX0=X^z5<C&$j
z=a}zPycCw7K7!M~3|;;?@_)?y9Yy*BKl=oy|0Z<#c@*%V`Gw*~3p2z?+fjrw?SG>y
zEtk7}THz^*asOrB1zl<T<%KgX_i6Y!%(+*Dd9`B@mVZEgILFn?DeI5=p(TzT@%m#&
zlfi2=MrY`=ws;ruMX)^dW1Lg$iQ`B*{rE-uN&C<CqyN0<abM{?$5S`w^E%l1?^pB~
zd(NN7M(Mx6e)9it(RqC#>%6Y$KeC^(^gA>A^5^2&wx>zEry~CoAN67Uj96#C_#fra
zDVP79E$hSo+>!cqMd$DTXMG+j`lE&a16H1ly)9G*%(!|9?Dk<By`u<kFh@yeJZy3t
zDeaK-y|t2-F#zWnn1?P8*PN%Dxu<_GEdNABILFu`bosAPycm{ek~#DIxb?}3aLeDV
ztU*`WTNLBiQQ9fyO#2Ny(x)oInf5MprTvBCJ+M53=1hA(x;!sc{eNuFG(|X{2|R9{
zHi7f})$thMxko(vQa<;HcSl!Q!}7w}4wKR4IY2RvHF>7X1802>$0MC%2+n<B-XZO2
zipSZ*+y!Uam`jy*mUKAN#=NSuS4m^OCjSw6;7rTc#^le}f;@l0Ge;gc+hLXUxzgcm
zhwq~+Eyv3JX2#}&u=1HFKb&R#()xVqaJJ7A=*p)@Y5!o)s623{eF<Y;o|h}W%=|Bk
zyO{S<oM?WHBF7~D?G#^c<`_Mo@Y~G%A0bD=s`CPs3un3fkCo^PrNh~_{7;hPzew>+
zdltz9XIlO@L((pm4rf~amqF6rpveC(f@g_5aHd^p5C8AUHTEo(2hM)E$@((saQ4d+
z)|X3%GtXzOuaFLB`}ca@c$wl0Vby1)JaDGv|C6E4uU4FBK3bkQFZ@ZMC9VU-z2Z0*
zPi(HK80&56V-$~pt;ZZ9y-(V?MPF5T0xZv1ML6d%ovuP}E5doMpM<Xb_f_P6khJ5?
zxi4?EhwJLY?ICYCJ#jstv>j=iTn{M!^Q1Eml7GKB(=J7q=N}YlYdizy?4wUvm#quV
zYv8TXbyKyS#=e@ntNo0AXo+*K^a1HdY8#z)J|4CnbE$ON`MRQi8J6Cs7}t3A|FG!)
zQT%O{k#*SCOu0MQPhY^<=Ik5(y%jm9P!|0X=NErxafo&L0?x5F16^rPR%ASpc7i$E
z^GtgdC@wK`y>prQ2E{93rR|urZY$B1Kb~t~dFU@V^S{wL`vK>1x)xn&zoU2?thDqO
zoN3otXWYS=_6O)n`-I|;VWpjH&a@Aq%fofeBlb*Dg!35xPwP_^;T%65r6KM5bC7r&
zeICan7lvA1r?o9+oa_hh-qrO5#SvIK<76Ie{T%a$72`faIvi~-f1h}{J>)Y1mOj>;
z$EK2nzJ3hU`yhRIgFa`hke2ZPXPX>poxI^3C+|R4+WCqx=9RW%&a^R3<XI^Fe69GY
zdyEtL>32B&tHjiSeurCXLzWx0lJ)?_t>9<%LkpbG1hy2n|BSlfz3NM~-PVme^B?6U
zQ%1W>ou-9i;4zAf37EEhy_xnTJvwbT%}hUT1}lH^+uTeWk{+G>#+k`)TQhlVZ>D_m
zYVXnH6Z;}YCogpUYsOM{Q|G9|p3U{iA$ZI&2IL_>ILAQ0J#SNdwRuQ!A6S0&9d2>c
zp(W-PRsQW_K5L69bDa4tii~gc>58v3bG*b@lD?DpVD#5E*Fr}Wj(YYqWko%ypq41t
z{++emmWO?TTkmiD6Vc^4N|EyLP)E3RapQ^ol83h0*B<%=Ze7xNUV^?^!?bT(C#W|o
zDp}~18~I4@sH6D|KV=;RTYsx{@{fJAep>Oouka#R`7o~jrszwpw-rBB^cB{}EB<}a
zS6iq3K3()UUX*`F+LwyH4wg<+|Dfm(SRYXQ*P{Q%`b5R2i$1oy$!C(Zm&4xQ3D(v1
zT{{(>a~0)IksjYc+dpW1s`P`+gJPZwWS&P_pC)~z=*L?hlFq$)`s0~~${Lo=*Ey-j
zcihq$t8wk^IxrNd+YIT;ivNSwXG&jL^p9JgC4EiNud_ZP{idRS(fS<ew-@~z*5^u(
z`&`%O0qgUm|7-F8hxPf=<C@(5?w+RpqtagpTi>DZ6f^&u`BYf@yFmW^i)YCCLg{fG
z?tJ1tTK+}S-%<Q=Pc411bpBWPESLZBo&1+bKdb1JjlNX+1w~(MeVKIrcks;TBi5Ho
zzozK?|9<4NLi*>6&i~_wzEb-4ihiH<RnoaX$^7G9UjEh6|Gnr>+rLISe>*e%aZN7&
z_0nHd^sQm(H==9B&%83$%)GI^nR#LtGjq&DGjmVO$!>GT7WphvoNa!$;t6Kze2STJ
z>3jUN?R(9%&+X<16u)I&r}$51>h=p*^}k6G&UauQFP<muS*r-=`TALVIPQBrRyo#r
zUPgVGCthTxthm>f&T${lFvaNi+QZoYLGeFoX6(nks{Mbm&e(sp__uODG6u()cT(j4
zx}!df<!#K2-&dL$`*GhY599H#t#hpGVdfZmt(iK1(9AfEdq&solg0BTGh>kdcal0V
z?!IXzpWm1nU%xLp?`Go1!_qBg>D8J%rf^?j#$I~bg~u13P`FdLzwkieiG?Q>o?LiJ
z;i-iO3r{ONRCu`X^ujX=&n(O_lKVJPcuwKDh36HXUwE|eg2D?6FDksa@RGty3ok3Y
zyzq*`D+{kGyt?q3!q*qRvG7fW*A~9D@a=`~D12w(b%pOKd|%-Q3O`u*p~8<8eys50
zg`X(=RN<!!KU26%$9VQN^Gx!X!rXtR&b*V%y>l}6b;-<G$(_Reg_+CJGqLcb!jlV6
zDLl3CVBu+nhYAlDo?e)1p{&Eq!m|pG6rNLfZsB=_=NBF=yrA&H!ix$oF1)1h(!$FM
zFE6~J@XErg3a>7_rttNJZ!COM;kAWtEqr_7I||=fcwOPR{-4s-#XZg&w6@Lr6@IZ<
zA2s)Mf<f^P=)KC!ocGHE=<*z(82247XgqL>7ZkO;Tx(l5iQG5Eed6YgK7_8DsuLBb
z7iJD=%hRj4#`<R!Zz#MSEYBE4IPV81S?^PXvkvSJWsy(puXtEI&-&XH-($XB@qAeM
zk2SX#6k6V|m3;8T{l1v`G9Th^oAX`7tI+NLxIN<);k@36_SvGz|8;oOIX5bP)XcNA
zxDS#Jf4=B(A7uTjMV|mGPudX9_SxM!?FQ%btI6of=M#$2K1$nXP7mV-&&`TQ!}8ER
zaO={h{v+t}+^TpsEDvo0=a^ZDE)R3|h32ajFD)GXE{~e7d6#lblmDK0#O&9b;Hi54
zp^pwRZzEo8<~zL==HDsu{1ZR=mkWQl@XrcAQCN=>)~DSDU3H)h;q1p<t<!FBw%a6h
zmAkJZmpi1T-QY}njCI-y&i0&xuC(t`Jju*HvYq?RH8lLN;;4Cv;yLEq6&ISnr+9&x
zF?Fe#LwlKdrQ(OowABQy<iCUBE6s1y=P_>oN`jUcGh+JXP_6AZ>RFdIqR!H3t22v!
z2`rtq`e4yNX`S}@e9`Z=PW$}0=>KJ%V~Tyqa^w13b!bc51zlxLkY|tL+0S}M`myGI
zG3ONg1L7t2@1=eDN9z-%f7|-L(jT)<Klk=DbvQ(NT%RkS$<n!ACr{>~{p_KAj<>Gn
zZNA@;XHXp9;fkk;`A#SIYnAyprM=y0hvd22JS={|Oxj26r!4*tck<!?692P3)8!en
zS)=z#kMCbp?hNS%T7R$fxv=z^(idC5SUUgjI{GZ>{GaPt&$ZS^q~B-#3i%(kK1VwL
zr#flpil4TJI`nBJAO27EelzvotuX(edY1M2!fz_Pf8m1*zpe0*g=ZH&q3|h%-(C1U
zh2K~BqQZYu_ydJMRQRKX8KbnxJViL??YNItn+(W1h(~;wBIjNF^UXP*9BZBV0M5C0
z4!Y7ZAIBV`v<u9c_B=e&7b?Ozk1a-5+Oeub%p3A7k_KnmtMN$33uoHZ=t_ID;-_GF
zmY6f`9oCmB!Z`=7Ls#0LD&7k#?J{$w{Wp8Y>R9}>J<Ap0e6Q&b_GtR;dd8j=ig4x=
zbDi>EDGknd&p5|Whu13Z3d^%f9yrs+y}vxnD}#8%&uCo7ckbe&q#a>>Qm?KtVC6&G
zz^zvawD35Xv>XdubHZ0D#<M%|ROz>&EA1Nj;nuE^wCfK0Nqe`MXAk$9hor}I2Bp1T
zN#K^wvn)J!$a4G4Ja35S4=Q(t((a9}v^UBRw|0x9U4!;h?!jiBw;f`hB|Y9zQ9hST
zI~!g3+@$1iw&D5K*Gh*||FHF2rNga>O}QUKSDuu+#?1HK@ve*XxzhjH`Y#plg;nnD
zN)BiKKe2v?bU5`Vt=}mfZtX1463^3IZja|N#wna>$9hiV`|fyWM*dONXCM3Tksofo
zk{tCtg#GNxq2{+M9%f!7{aje}zfXR+H8qlUU0@Gsmzq~8UIEMhfNXHqjn8PePbgk%
zUaGWr!SX*SKit~A$^U!ykpF|`hZTQjULpNSSZN<p5;)6x)*jNnOe^J1P<*-hO8K`l
zU#-Z}Ee{Ku$zuxl6&_o-U3h%q357d_`wI^gW_V?}lL}8RJf$$*kp98K(+Uq29xgn+
z@QlJU3(qP%Qg}|`xrOHyo?m#h@Pfh%3ok0XxbTv~OA9Y6yu9#=!Yd1}D!jVzn!?u?
zzOnF4h1V9oweanQ?<jm{;dO=YDSThy2MRw}_@Tm&6n?Dm<At9n{8Ztm3qMo1OLKCL
zC9Y|cId3KR73Q3mI@i0&;|p^xOTAN=^IGZyg(nuCRCsdXDTSvN=G>QgPAfcAc)0NN
z!ZQlbEIh05NZ~n!=N9G~KI<^Q@Mz%$g%=iHRCsaWC54w3-d=szexU>{^I_eXE>eu=
z3Fdxud3qJ$ysq2R`WQtxua{nruC$|yagC?6edfF_8n)+sirkOkf0yD>g^z=kcB~@I
z?^3eN)tdGE5j?2tYkl^!!jBgIP2t}c{!?Ln-LgI(%E>%mQh3|KI~IPa^Wiv)`)gM;
z?yvn`N5`H=6uInZ%R_s@`ThQD&<C6MDEEcsp>5$7ovCF=D;~b{IRci4wuRF(3w^Np
zewa4JLmR^BiN2PnOWAUrjHj&#r)M$xpzg8cxdN7Fyds>Q73hP__e!6D<(Z%er{{X~
z!R8&FTVQ!Qig0>v7vt%utazp&4`U5Z5Az$I0eRvc|IJ-pYo&b@-F$7~e=Pi&!sLse
zy2lvqQ-<aZ#;`oAq{kSRhyH@IzhVr_!@eG^wJi_*1-CA1@*F{zhc<}55HA#;i7r2V
z2e&wAw49?A{}&W5hUKB};Jlt+iY^cPz6Hz!19R(d8{P|jzvg~xYT>QS6t^wBW#fl4
z?T+>gDsl;hhkb`z%bqK%z14Hv`ar|cw);2j8spr|*lLRh6kl$hq_`bCwn+<T9VVi`
zxY4J;YWP3)_`5>!?c#VYVV<OIJm~R#x|#10Q;+Y>t&bEvz8|+9-;bLY6;C|Ju>N;N
zkMG2-|9#QpJ4frEDf$-+$9IeJuwUFhQBV3R?w7Uiv^kvDqWU=6gfRx^SRF=}@CxN~
zj6IAiILF~T?HQ2gTzeQ-aO(y7q2&Ut<TF{Gi_Nzweh^lD=tDTm{Rq1JgYtjMp7Dxs
zmV2W;!}2g*@ssD5%`>In2`hi*4LI|Uc|d-Sd!GG~c8>gy!18w#;XE!LN0*0twcnZl
zOYslp1=9ZnD=p&`&UX=eHPlFZkvtp{co?g2zE2p>;-oV+;nqd^q2;gfEA3LHjc0UX
zt_$M3b@PFEl$J3MXWF+q?Q*3(%sfx=cv$|)^26DlC)=}9{?qK?_<(a?&bDW@Jm;E!
ztjLr^o{TX#^ZYw|u9yF#_6*7cw>B4O`FneAlIKQyrb&mh{ny%ayF6bte^c@6=C4R!
z2dfT4N(*P(K4P7*3}>E?qpJ<cbDUPvPL~I6E!T%yzJV^!I>m3<GebI@?}+jlp8FN=
zv1g_{aC-O*5BJ9p+cQfZIOn~1H$Zh5kq+m)7w`ET==*rmnt8WAnPV?`&%$pkd|=^t
z{@{E#PBQH~3&(pt_Po33=M;|T682nD^bZt{XB75)yy$ysKilJ)c7}7zaQ>h^FOv6g
zdwLb&oKKFjXKQ(8o3Bzl4OX6G%z3<z+Oxg<7u&-;24}fT?U^Xgax-~;*u0nYPr%Bb
z`3=teueaxOig7)l`ZITZ16}^MBAjFIE_8VglILFY1ByQ|^Ni@nu+olKg!34D*q&MP
z{K_8YH#o<<zH*DS9cggR34Q1)m$^<uEqIb*yw@ikj=4zXGLLOC7s)eEY4>p2Va5Gm
z`I*z;Y|ppYGb;Zf_Dqxq&V4z;9-iwTW4=Z46j*sOr@@)$yX{#lf6PDfOqK`E`Q!q7
zmddjXmWO!^&h}qn&l-6?ZvF?wYs}1<*TYK7oCasxGVjoacPZX!X3qQ}EdQYVa6Vi9
z7kmCeo*u1unBU->XQ&5xeopavdzi=IoJ05w&#j6#+cPW=oE|>I^IgT5uT&OuTFh58
zfR^#pN11c)_{zf3@77;k^w$-RXSw!7znc#(o_MZneL&?=7T0%i%_g28Z+xH24UiT%
zk0Ty$;qTW+v=MxeqIM~GqVz+}w<;b3D<9?uIP-ZYy3%rAeu_O~6ydxcez!fGOV2hh
zR6NH#DE$I6^TB1X%IY(>^f}AlX{9XM^BPzl<_9=`_kT_CeBK`B1UT#bC3}XH&$sO1
z*oRvjj9S)drL5`l+-<&Jk+}o?VZ|q5)qyzy&a_XX%fs{bXU)Chm@A}@6(5PNFSKt`
zd{5zz7QVLdb%l2^uTtFAyhd?PxUJ01`CfO-^D67J(xb2Cp&#LVubaN7KJQRG1eRxv
zIp6C(&N}@9XZ~~1mG-@gab8eb`UTFki^SwfU%*-J#prH_OJRBF3pmqWVV!n{Qy)ZE
z#nq%;FEi`*B<9C9zwl^oUD+_lM*8=L<)Izm)`uHU3;p2cz4&qFZHTNdYdmny1M!*s
z{nEJi!9$*KdUi&aXG=6#lL=bnFJ7Pj*3Xl_JnQq9=YPy!9`cWOWi|28ceG<$+@~00
zh6zc_M6Kxb5&I64ryk#Qwe>PB$EZT+?CZ&e=fnE&tBU6r{W9yHQ(SGG@~^j!pU)@@
zow8y26wc>S(T37H(xMGN*3_B(r`%l?_kiU=gIo4YL6?WQZ6++wfH^(K+B2#cV^98R
z;$`Ua(>8Ga{hXE7Cn>_24|5J>-Kcnr`Etcqz=t&N8tnw@gx^t|YJFJocvw31zsO8I
zAA^;48{NzO**f*PTup$!=&zdJOC>G!xz75Hia&&<vv8k)|2;jrR<YhI{nthRvvtNv
zoGa~riPDfypY)f(*5kTY`dI0^6`gA@{EU<RiXPXx(&_7Cihi2?^m|<EI{$m^Vc#D$
zb8r3Y!tw5|{JU(Xv7wc^!Nai1nyfsJv_4Dm<f5NrW{g~Crcb^ID<9f+UD1DD^f#*U
zGXJ;3@_$?LXzPQ@hj$dv?^lfP-&LP!(!XAG(vZ)P^zU1z+&`Mx_b#njpDhY+Re0;d
zdz;^^c$@hrig%muSNt8Ua#<#C-sHcx;#*+pD!%K(X2!$M%#4A7EgBE~evX;GzSB(q
zZlgrxL)*@T)eg5Qo?(5O^zWMo@oS&)GX{=_-TtQ(KC|$-g=3zVzoWDRTFHlF3eION
z92?|0sCbxprsCVpbCutSd8y)wu=1I1&V1s$EPaM_IIm~khhO<$q`1gDUwK{(%THNw
z=5w|6S&DF8hpa|dKA%$jq<Mkz`7*40Mik-vo!PIU%l|FKZ<rZB@mxjvL(=|$uC#N^
ztwl}0KZ7n0&w+ci;+ZQA&U)$+HuQPY;jE{o#YnrI;<n~Kjj3H><uhM?INx=gWDoBu
z>|v&!aZRf_a6QX4ANApH93N$#t;n?<`VVy6A7`GcctX)HgjMdS%7yd#e~CSRr^qRR
zd~Q&@7M6d3{BZ6s^Cq5uQT&2=og&-lzg1*~U!eN1!Y@~3g?VPl3Ll_2WFApuMdx`W
z&!pfx6)%TXpM|OqoadUWtS^!d=Y7yM))z~M(;xRB%4dmmIQ>7wud;aG;34yG75~#b
zelsP|if4Ppy<p|Tu>fa#PPOO1do@>>k5-I#1LR*OKb-A(tUa%i|3vdyit}Lkm&*^Q
zpU<enGR1hOOP&?-z_~9U$0L2EbU5#4*PtuyEs8hTvq~N~^Z&Z_)zaZi`yF(p{e|M)
z_N<Wy&a^+Ur&r_i$M#$=51iL^@xFoTcBAxo-{5o&7A=3J{U?9gVOv<9o20|JU-2%P
zJWoj58;_WGV+LXQ*UArPefSIy{<oTEDjsI${jcL;rM*>Y;VkPr)^C>%XP%E(ze75l
z{#SCoP+2=E?qGggp2_AnD(+`~tKy;NqZE%ZpP)F`JgWE}^972F&C3)&X#SYuD)aS<
zpD}+)@mBM_ik#1=+t(C-25W!sRNdh0-$(5^Pjk*M%~Lklb*5JQ>*R-9E1Uk>+4?=w
z;cSPg=qhW8;v9SKlLyYU3#~sO9nQ3uqATq^ir3ropgeG<y~FxL(&0>dFS^o>*E#kn
zdmfPo&a{0#|2`%i&a~U2EA7dO``JU^!I^fJ^(UmmnRXt!(ymp!+@7c8fivx=tUoOs
z&a_`fSK7WY`nyK<JR=XBX`i*;rDlgS?N&-d+8K&F!s;XLm*Mp6W}WjFoOvE#y-zxv
z{u9uZ=dFr2*u#A{oSv`Q^A5#-GWTiBJP4}}x)lvh|0C8pAHrFOXRY(R1y27~$}9Fu
zaYtBrcI1K6vzv9E!@!y60oDhk!|9)*Hf`&{%-<-!x$p#d8=1AhEgrUM>DP*Xnj-g3
zcyy>Y?}wk!cqZ91RZ+L8;n8jc=ikvi&3d0Aocc2BV-?}nc>U1w39XdXHmAPUIyN}<
zJFHW8IQ4t1cNF2&AGF@D2&euAbS_e~8~{&mzTcP$OK0C>U&QQVJcE*lXPFn<!#>8d
zChKwiCjVIJ|A@!>&Gxg8Un}}|t+S6mD*7+1vyZ<m`m@$Mih6x*ef~Udpw8^$_C?>_
z`hfJ;7ySV16Q#ec=<#m3@|h$(zI$^0&$fTE^cChQ;x$go_0i7SrVdjT;nvj>wNOU3
zEotDlDDDHxKWNT#O<ae|LqEiIxR`6R6YZa-2<NrUnbwCC;T-?xSszw}(;v?tRIajZ
z{`Q5>#aG%tLlI8@wbrQ*ocZ5ieU>7e{<tPr{v*=jn%wz+OWW-497Q<&-?u(j5zhR7
zYJHv}oc>=~pRWj~Kd$GM|EM%L{hQH8(icdB)4!$lh0@{l%NqVg(&6;)Y<;nGIQ@HC
zUm_h&|3222N{7=Q&!v^|GU;&okFbBabU6LTTVEj^PXB4vS4xM|f3Eda(&6;4vc6h6
z-1>X{@Y2m-(9)|lc}(HH!ea}!3y&{6p>U^gf8l|`6AQ<@#0f&nG_7qN5R<ieGAx}s
zF1CKD;@8YSR{SSe9_oIdb<)O|k<Na^IB}j^=rjE6Q{2;8kMAI)vwv~#W<9=xFmFfx
z^041<>sn=|<<(lzX#+Utfhp)pJEXV|EKkRr$9^2+^4uYPo<05M^u)77d6r1O!XDZZ
z&bfV+b=nn9J&r-8eL&het<+(XIrIOy^~s8GYjv|<|BkM-e^mT6thDSCoN4(C508}N
zxtu&xrNONi>W7vW=rcULN1)f;BA-F&aOT6~UGkqM9nSw#<`w8l%f0dr_RyYirhS#R
z+lM#b;Vd%$ts-+5`b~;!3dcNVeOv3a+aWLonp@ik#xsu0=X6PUdKKY3*3Lp#o{JSJ
z8~%hM^D6!^=GHY${v5-2u2;O;%y$s+eZ&mi--z{bS6e(+@tDHL7k(wYU6UuA&n0%U
zXQtxr_E2ZIMaEj_Z}R7v@By&$p`LJhhSB92Q9RUqqT)8NPFA}pb_)NMnP<H%bH5_T
zTbqN-oX5_V=v??|fwRrq;`R~EyHxSqSYHb5AZ;8vCwy}rYva-7=_m$k#}5&|23>rx
z;$AQVM@!U4I>&4r*V1X9IIjC}_<Bzs+6k$>W0MwcaUq~(Pp$2vbq}E!^O*U?)~6`G
z)I6vd<BbbibL$@)-c8$W>C^$vaW#sr&gVPFX9{no?bKU^^_AOtopV`wsCqK(*xpHk
z7C6VufEW+g@O#7ZP#-wI`yND>hb|j3FHoed(KS?>_g%%Wk|)Nh@?l)T`Ca76_OoB7
z!Sc|qaEpp)S*R7AzJjyOKZLIQ?^EO$!_zkB`?uHI)1~}BXU}*=xb+hK(6Ux5`EcKK
z7p#034{+A=d-hPz`|ar{!g){qQ*`CSJ=CMH@?p%w*^e;>W;MqRWwg1V&;sXv#XKg@
zYo*0_ct`Vl(mD*f+G5&IAFpTjxy={mM6In)H5}tv`ug#FU8C=ePx<VwI2o3Qet}zL
ztYsgqc<9^x%||H?!}8NdaO?UePfg9?A5nZ6%uSg&_lq=b27?xO1AW)$(RbTa-&$$g
z$2G@z9ADyBNQ-+nI>?;)ho6&<7C7|-#qBxG^)~yG9Q$H@F8c0G+B5CBS8-eOL5k7N
z@=p}^qs!lGZoNpLCF&;6bn(7gDU1F*7M7p(hx2#XnOpIkt#}G74{ZkL`R={eIWFLw
zLoT<@Sb$rfZtB0%I^!SCF}cS21VuRYFIw*?!l{1+U3FWh_$^p<>o>Q01X^O;a?zya
zZCcynUPTS5uJ#Ff_glV&=EaIv7X4{he%fR!Ws&~4*Hc>NoHrDGapAiPpRF=7?G=Sr
z6pnYmT%S)CJ>F%t{>7qyweTH<?<ySc-8pSMXEy(=c;fpz>l}ydFZ~PW_q?1-(CJ?|
z-#2>;y3&3~`5j^&QJewGPrt)CPL4yDf3BiJ@Jgj+8=dzjV~mMEA}y|M#Ak`mu!nbl
z*v7v|@iJItF_z%g7W$#(V_NZCtGLR{yOh_#@-xQZ*5}kwTJG11pKI`+!18ny;ha|=
zL6?W;_rHea=~skXH#PbE!5%$6YTkX7XF%GY@SNIsdKJj$>&j;fSRRg9IG<NDZQ<d*
zjVS}>`v|T(@lTQ;PXE5vCrgKOZi#z3`KL&ad%Dy0p_X~}Pc^rgkhF}VtE?r8=a|2%
zau?b^C=Z<FF1J2SI-JM&HP(lu!}&gEe2=603`>WzZP(&gx!+a1)qJ1I{W>f^^A()s
zK48yJ6@OxWQ2r-j`5AX`wnMKzL!T)f&T%ppUFGuqd3>KPenk9Abopn=59gc{-=|9-
zkq&1*Gwh!u9nN>yW}z$3_bSdd^A73pu<~K-!?|Cl*u(chr`a=49ymSZMV^Zl&$DN~
zJaBq0wr82*rS^=<1E+_&wl%>|mv&L%&lmnx;kbUY|AVx%Ir>X{hqQ5&Wqo|%Xiw|A
z6n$dhct_WsDMf!%;r$CATsW>(l=juCFUJyfc&R>rjrnzo92@8pq{sE-Bvn{TTu+|Y
z@V@r+%flFL%hRg}w>W8NVQi5P*NjJ+*$>7F{xOPhw(}|0`xN0E^Kl+mJ{L=iIZZrC
z`Na8D`7qzc`E-6$x68Fn{%u7#>l5cJrM+1i^Cop$t#~yoKXW6T_4x$4JbS4u=0H3X
z6yfxI)p|z}&g1%Sbfsm^<N5>s7sVgK%BSC)`TWeDsVeJXdzcU5^gLnD?b^+lKa~%C
z2xnV8YmaUT<9Dbi_l4q^OXZ&=8O}WW#CY~qx#M7Y=zlmpF~>@0ZiMq(@H+daN{3rq
z5NSEo`k*=6<P>z3b*18IX6DW_VdXzfemKiL*Piz)o^KEHB%Gd0?BP4=OYLC{!s%IQ
zeY$iw=O`|PDVK2yr_L#gdUBlJY!CAxoO!OZ&iI8h?L*c_q{FE{VSSEtIQ6H|RaTGc
z|BOA%b#Ru&JdEcM#TUY=^E`Rr^c<k=_DTA_Lg`4Kd`00e7uF?Uc%~>uUpQ@?*USs-
zAx{qb%=4ncmlfvNXun2+7C6TwW1Y0`)<?`cczPA#7B4AiVcx;RwNgAw5mWv?=<<(I
zgmZrnMwe#~dFWR>%o}i)OP}GPt&TP`re?$Pk5z;-&-vDwH{ceDv@Fm{KFlBIn%}Q@
zKCFDkn=>Ci!+(Lwy3`)p15VEh>m5Zn>%2-#+S?SbF@IX|ld#I7E#b_E&+u~{@;Q43
z6yfyTX?>z1oX79|)+Z^#dHg<Zop}Jx<M$csQxxGG!!d8DZd0Yjym7iJqorSgIuDxD
zKWKfLbU5{4bnVM=iienIDjo(apCS3-+%G;$|15ik<$=>fUU)87Jkg%%^1$hNrMBC9
zNYDbeUK$v4B|2l3Hp+Gz6r+z(gtL7Pwce))=YGwyK2{M<{aw}>Z*c0Hqwm?&2X3ux
zn0(Qx58V1vqmM(^NtSUK_t(m7d-2xjlN%45-=DI3ZJl5T6(_*F)MQT2-qtA#Zr##&
zXuI}2y)U5nS7vR-GeGq1#8C(FHhj*ySCbabHt(Rzv%BIB=3N#0VfiT+PCxCBf39N8
z72+A<H(IAYgRs)B@0YJM<uY!v&Ij4krwC{M<V9Ng2yWfhq>a8)S>%7LJ?saZX`>xZ
zZI0vU3-R{)oc?H=w}m-LYJoHDj$%CQ-#}s70zd5lr~kF~?5`Moq_psx(B)^};nqi*
zvJOO-=P<=#SRVErPEYK+JR{PM){2LAfLm8J`5cEXkN$P(a0(CY0H<d@x(o{y<C@KU
zHoEepJ>cAz3()2HTgAnNFM;J}Y{Kck!g@y$Zr$3{Ez+LWeBbdQJmRYq<N93usQ5e9
zzpwab^VUip_m%R%TWKXN+;0zUzl)jcrrphx72jYURNT+pCr_M<l@Cn2x2FiS!1;fj
z$GDPC|H7@U^g~Oup>+BY&i_CCy<+mA@8I;)cGUTUip$Jx6}Q^FLh+O4e^zAw@!zcY
zB&<BgnlsO5>{+6?1^oJ^{&1eBUW9&nGiFKOR%Pkmaq!-aAI`qp#vYD!`V|lR4yPyD
zT=~$(aV*F~JHR={CW$F)Z$<imd}tFmJ$!~|n&LjNJY&sSR?LC#Zmu<$^V{M*6yvyi
zLsS1a?zoxO!e@APQjC5Vv%fD!KcjhuDhz&&Vvm_)gnG26Hu+44&uqT$onf7JxWxJy
zvPB=s^MJGwZKwaF!kl7LKdUfphfdymnJNE3SaqO1;e5t&q;=X5&SzOVJw!g*&E`43
z@|>e`*e3t?D2|%vNoO1VQpLsQs}w(A=D57Vyg>fdu<Ap<z%4GewcMeVeC}7g3zmmA
zg!382W7cVZIM2&Zqbn`<C|z1f%lLxxSu4jjdPg#x=iG_b`=!IJ8}viVKGqq7aQY9j
zK2bWH*8nrEPm&Jj^Bmfutp?*+MC_OOS4H2Fw9-3@$C~k<VCJ#dH;c}_V&)mYr{Fx_
zQuIR$$FmoEjxPF0;S&qbD|}|*a|^Sd)Pb?Kr+HAHPcd`+#qlB!?-Cz`{zmPD7C5i5
z<G66$=19lWs|e?uGY?&!VdbN44iDoQ&i_;XLhFoYxb>~3EXE~idEOawrkM7KF{!c`
zhj7jhpRj+flHUl+(^iD@p5@E-d{^-{GruG94Oo80C!BfSYn?F(=YIVJUG@2`BF_lm
zcPO8SVdc|NgfpKwf64P=)opXFco?^E9wXzeGj8G3ceT#Ah4Y$UheYHvNjjYSI1OE8
zy;Jc3^K``+|0;K~{4xILOVo0>J#$q5BVc(L3vkvy?lGlLl@8~zf2sY0(&0R&R->y9
zcPf6;{8`28VC6GSemL|0ygfWW<Pw>*^ToH?KO{e#{=2OYONa9q|Ecxq(&5y9V||8n
zIQ2iGtE^s?^{hQJ<$<%TK7B@=XGw=MZ9D^1+6B^fv1ddcI6XY`BL52%;~Ajx;rM_v
zfBL(9R`a)K6oQv2#yFR7wRnYfcn34{Gv_waG6q;-?#1IgBHm3L_vT`bYwp$YEKoee
zOq;OJ?R~V<<{W#vTnN2a5zhTuXq{sjPJbM;%7<eaPXBmu`%O*$T<gN*c`$r-^Ih3V
z*2y#G3hPUY=Yxf}wV$%!JP+<+4{i8bGtUkgyOhO#?+dFAW6gPPjdqaUmJa9d(jJT7
z^`ZY@{cHXXkNoW4yR>FL(LT~ANQ?G4z1ertv~}XW+<NkbMPE{Q8+fou3+MX-9ed7E
zjQy2|_Jq?j#h&vO4~6BSZQ<6Q`l03RTB*bP6{$ZS+B5crgICLZt$65%t>HH}`WwuY
z8~r7n{Ap`E<nviG?R*=&p!q)YYlXM8hc<^>DvO2f^hY}=Pue-!!QVH<zDuW_W8ZnW
zr6u;=WijrlPe&2XK03&HzardXU}%}HHOoB`R@wnYxW&PuWkf5U6BVP~<e6yBe4^c4
zhv;{CCdmV59Ttnpf3hN+e=j}GWzyLXxOI$vXt_Zv<<fpP!SYNsXP&p%bBE$9;C-7m
zp?+-*81{qiPu{!mn+p#Wjy7>x#tLaU7B4IOQu7kU=r4JO#k0^=hhB4@L+7B&vrIAC
zP#(q)oX<3bUET7qkUkk-GUF_HY+=Sv>f;MDR#NX2?k_x0n08BlOWZ!UnOC+d{1S6V
zG4_4Grp@8jx`ubQ=QWDV%WZksCpgaqo1=3A*8;b`^BlMLe~w#sHB39SImv6;+Dx8t
ze<YpHqbxD)6#Xuyo#MC<(@t@(A*P)U*GitW6T=SfD8~FOrkyw!pwmujj$qm;<}vA$
z#Bt3gW^6CFhw<D4pQm?$6klNG8ZX9=bjoGLbB*Gw%;d?6&M`67JWY`m{Zoo>GtX3H
zMd!FV!8}iq75#IH3@><*A}f5e;$`M56j{-4QDo^Bv-E0BW`B}t>txzGImV>Z($=Z7
zzsa4#{e@}k^w8GHv`I2;olILN(^koYg{KuBDm+|xdg1NG?E{<f7U%IrP2Z9aI_+^B
zY(2(|blPTd(W7nciM|#u(dTiD$WQyh`Frl{FL~~($bM!12f^}>RfN+&-5&aUmYFd)
z50;;PfYW~l`l9CdE$E)iKlX8`+27bNG5h#&JYx3i$7brRQ-0{w=Suhjjq{%7JFMhu
zi@v5Xx3B5BsqmKzf1@x{K>EL5_$P&bUiepqpD6sFh5x(oW~z7QzXSVtLGxT^Co_*L
z2h6)G#ylg>D(SC7SNqV;aBG1?Eiq1{Gxp)uy^TIBCjU=pGp<#{T$>zb{W|GK!%E9|
zfiuq-W70d);LP(>F?n*|5&bJ(Anh#cYo))>%-FlI@cYfT%M)W&X_ra+FuKa>H)kDI
zTc<tXtixJ#rM*q@%jP?kC)?<ED1Oa+k94-tzoYnV^8?cFg;nlEML5fS$oeEjILqa}
zlzjeE@hS5|%BM#w`An7u=k@s*^b4B*!-0EGJRE0mi;8LKpkL5@7s@M!@T(Q$IgI!z
zvA*&NeOU2zu<~K<fwRtWe=2=YI-GT$iT?uKM=P?z$19GQxmV*dnmnf|Eu8g_=V=#6
z)R?`*o*`|*Ee=L4A3&F9b9rWKyR8oA-k<B3_FMF!mWN^MoNklPEd24p4;QBF^zTr3
zpzx~;zpijR7rL;iPdpbg$9o{=>BYaj>$!_!zj-Hp&T+`T^eV!wyH!Cg^mo>6Z&;o&
zif~?!?Q73O<#V7t%xQ3X;@G^fdBzjxS@C4~kFcMnhVy#n6zj|baO>=*KIdC!9)MH7
z)H=sFoWFOo#(GB)PW^T<`$8MQt!?!~%bi-;-(M(lEWtleyc?E(z?}8uGdz21Uw&*4
z#~PfT$E<U#!C8kVt<%PE>Mf5Ap0&htLgl{=8msES@dao8@tHjR(zdgQV+T&p?$!sT
z!>#-DLrWZMN~^~U&EJX?Gq&S-j+kaYN-O)wv&q@8>cDXXXa0PKXHaS1WzUd2aC$DZ
z=NiTLoBvMnGFW*sm&57jGxFqpk2ojFGhH4yJ!_nHhIBZO>o_MWEzgAF8IjV?ln2hV
zTq0BMEa`Bz38xmy{WrxQn5U}_KZfNWksr={eq#^Mf}S+LT^#2}`RB+Fr$657kUm#>
zyw|~mq-CtqQ0_KFR(a-0hu5cN`=G}ELUD@|xRyAF9^7yoJ7SLIcWZ5n$0&0D2y<-4
zwfExY`@}`o@my@?c)ZNaF}Mu2KjuB<gXbgma6DdZ<`}#dwttOvJX}vxhmPXs&HajN
zVf(*oeL(Rp>+948zqU?3+iO?xa}L?Lu%`IX@qZomzTask?JtVwSJv5=XUrVGTzio}
z`S4C7`QV9X>C$<2cZNOih2~2XKWHZHiozc+{K>-C7yf+VwS{jhd`ID!w^g@Es$0z4
z3$+tkVy>3X+!AxO=ktBF&3;{}JPwBCnW6~i`Se74zM^=Vd6D8pX8Qk1GktrV89yue
ze^>GAu<~avg7Y~;T$4y2lor<{?`i7%Q*Gm)rU>Wxm${fcyJdU4@MiRvbmqO7CzW<c
zpTn*1=?7kW=!*&FT^09$<sX&@&VAq89<D=ptV#YWmG%%={^|0=IakNEhdex1I>sL6
zA~@^MwFvp(Ik_;0Jvwvj`DW(D51Lo2+_+{?xigg~ocHygw1=_tMOYr@F}U?Z{m}9i
zdv28Ho96E--evxGMYgE}d_SywMwAxLzbpHoJzTT=%zU%*Bn@ewQv7w{-<ofg=MQF%
ztv{Okr2iRKS#wktoMU54eTF_)I-J)Jyo*d(UsH_hBJumhldK=BxDTwf^OP2D(U4lE
z*>koc@70kH$1L9oCBF+++WGRstp}R43$2ezhx3^X$2n=gqj;G;3*><}n5!8`T4JuI
zQMGKZwf)wHIX2*4MaFJh6Yx(I<C%l>G2*y)5ci2!X~lD=;+G2F3d_SB^?mE)({G(Q
z9L{Im+*^?k<-gv{vG68X`7lqy*)MVZCVhf5IQ!*DG5I{8I2)FyW6o!Bi>y;V+;TfC
zL08)4ikHJmJ7CT><TE_06|b^qqB-lf#va<>Gxjha!g)Oq=M?2XSsI*a<NP9hiZnQ%
zk3}DGplcb_+7|aJ(njq|nl?Vk`WVGCiyr+Y|N8!t|4w}#{bi2+l864HUC4jqK8iV9
z{y}~IMm*xf6!(MWr;p&=mv^Gevp{i9;djCE(|2(Cms;;A!r3p;=E`S%n=37Kr2R8(
zw7ER%+gzRjeZEPXOP?rxlQx%5AJsOWsqOX>{my}!{bBQ?ivLmc-xdB-;Vz}gv|AMJ
zD?HBrClqPB_M!UFoa4EpZSr|qaW`0=UUR-%zNbC(NgPM=j4|i9js8+T&r07HzdVcw
zILkT+U7lkUht0jJ62}*Q#s-{u9&ep-0%v_rL03LJpEw;>TJ{glwDIgho);?r^Xy?f
z!1>*)4ztMT-xL`S<kK-{onve$pRvkkl|76NIN!~<(fWWQoZmZt%R1u$&T_d{p#Bdi
z#<hXUon+4XM|=KF^F8Er{NiPbA2NSb@jA1TH-B3|9{9yt@&C2ro6P737N$;k_E3Da
znP&{IHNQb|ikT_>E#^VRnecRp=GKb?yG9hy89#9Ay2dlt`WQtx+cxG9)nSFSh4%EB
zv#%GU%ftS%|L_b&w&5ETuZ30aSaa)T0xdUdMQ8lL`Ca@S*2gQt*)KmrSDwFCjN?&h
z88dL^`3F4GJBo15x0`EM(fg&rsqbigKsuZ{eM4DXukB?IeFA4$TWY)gHVInb)`@}5
zvy01`zIuzK_F;{Oc4<q0pW^(&?<u^qc~tRL=GQ3F-{jM4&UYjZu;(bnVSDIDIOoQ9
zqO08ZD#qNaeCWrRdruN*dB4{7(&jj$-P?yZb%yhIgm<t`9pKa_TBlq%$5qTl%7?Px
z)DIR@mYTQujz%8F#^HEA-IU9GLLC?zaE`Z=(Un&Jn)^q2sN>ni6Jyn$WAN(>oCS)J
zr}>nk$2hmXBl?V{4sd=49ep9sh_sk*#T+a9XvI&P!1@33OhcE4erC?ZL;Jw#c{{p1
z)cq0oa$S4$=$xwJ;d2z@8s0po=<hBZ&jIA&cd7o>I{aAS-xu!IXXKA3?kml_Bb9X+
zE_`_5qYB6G$|)^%KB?%Z7k*FS^9x^6_ydIp+zz`d?q=qlvOzQBeLwSb=`sFQhhb@N
zDf$uc+qKhL;Oxg)V)pR}rDf>jq3_`QKa5VbXO=u?m>EBD&QjVr(qo<%UoCxwJ#fr>
z(&x$ZNp$5;zr*==AU};R&!{|KFn?Kbt(oik+hC>bQ-pI){+2z9<ymJB#}1sH`|Np4
z@qY7C`F{c{PmU=#&t*?pAFl}K9LTw!dMZitezN#j@hj0KGWWu{Upt}8GgomBdph#K
z`8O8gepa5dq{aQL^68fc&cCs60BPl6{GV(77sYs9C;bue2dqD?conRC7&~y*XO%rq
zD}KhFiSoetw;JMJReAQReZFcx_jx>jBhN|l!`UWV>oe*$QL!JEXR<tS>*q3R;WIpY
zDaQSvJX55@+2&L1;djmBK2e^j^2B}O{3f3fZMQ$5XCCrgS~$jr^&g-g(fG$H;O{7o
zFC6V@Ki3MGr>4&J9M28xp^ww^(Zcck%AOygt6Yv9j>GhGTqSe-Bp+9JZs8rgU-aEh
z<`eY!?q=GS^B?)VQ)R|Ih|1-df^*F8YtLKc8G_~E*n!hC-JUs$hnaOr(ENU={2WI|
zYRx{Hi${7}5pMASR?B>?)JIcyGbe~Sr^k6*evTtJ^Wii6`l#zdSirFZr{@am9Yr|H
z;vR>zUsqfOD=o(h+~R?XmNi=Od{*%~Se^lM=Few%W+}<d_HZn~>G_WJ81v{$oBZ!Z
zS6ar^1NP7_a9(5l(mLZDZmnq2K8fzMPus&dhg-jBJkQ$mQf-dWO8p0=!Rgr&UHQC1
zaR+;*$pdFQ@Enb_L(<{YV=hu!=AOy+49f%OzQ?>I57*c+FDW0!OUz3?9^?Eg&%5L~
ziG0M&^Jl~I&yXL^@phg)oIfwJXQn)GdM>l)YQ?`bbB?_NR-UuuhqIomtdB^CTaW68
zmNn?A&$kr0go3}I81tU;Va&(8=Y8QbJR>UW7FZs}IGkmD*ZMr^aO+|H&~iVz((a+O
z@hnbhIVRv750BxIJ}Mo~ccGssX`ixZfjn^j-V@K}NV`xvocq|T@+fz_;#gRoMe@Kc
z3em!6cz7l^!Jfs^;T8`FwJ=wwC+2G9vqU<a&(kJ5?NaG*)@`cOPE(9|TWOccQ|E0y
zBY&Rl4Z-p(mj}+aJx1GYCFFW`1U|B<+x6yN#oJ+do>II6mS>D&oX5p|;z!Z#`Ay-;
zX68t)z41J*I0!54SaZ%Zhgfeb!g=h^Kv&uk#p7Y69dFLQj%#V@%xQ2QcX3^<w49^P
z(@NTox%I1Ne`#OzenmLPSj>k?%YI*L&w#l#uSxrl=<@ut;%DrcXwJHQ(fTAsIQ#M2
z)@dg={dZfRq6nw|0d$qceD+gVb!HxeGi|gvCsHlZR$}_`bgk{b)7-0#OJM2r;|Ghr
z&U&BXV@3b1`M(wU?vQ-$P>k{KJUI^0-=Mg!nX*nPyb@NqW67uJn{C#l#Xk*}hcR$^
z(LZ1KkA>N}+^;PPZ&kQmc$>nV!n+iHb>Y_)j{h^l`@3J!4=y~t@DYV${A<4$w{Sjl
zev_E`@2|M8`M<S)N5k?np5gpkIwR=vpP_gnEKkRrV}Q@_aB61$f-h7&-`uNuEjC}N
z7}s^mr{A3U#MoBa$EC;EmWS~V=ec98nEd;c=htC*82@not(!Qf%kz6_jAuL?3viYd
zV_Tka$|vR)@p$n=_A{>GoV#AaI8;7Uq`~>le4Kx!b6mvv_jG-zWncRT&G~n1hR{_O
zV=wM=m3Epua6Shh3(6Xj4(IPQEwMf<9nNQcoJa9bmky`@e(N)&!>wQHhn6^hxeia-
zGgCU;;!7$me?ph1-J|dPw8F1YoqNsw;w@m6J4=2z+ln;!xwqz=1iw}>zW0%TM1DB?
z^hkTS=AUJrsQlwzTWKeY<62s2=O`_lWnF|{`dsO7)_<w<;s2WCeuFwNA6yB`KTm!*
z^NH_;rO%fR=Qvq|UupUK`q!BU#W%w8kID~cK71F2zCb#he~0IX);T`l-1mpjmH*~C
z2LH{>|FiID;a|bZbCJ@*S=Rr@-u-~bRn~dKpQLG<(gD&EAkYZY5=si8OiL&Mf=o*&
z0VBo|Ag~dpC2a=`C6oZ68zex4EM_4<z<^N$MvNLIXw-;-9ZJN&W;I}RqZ>71R<mqY
zqehKxl;`_B=e}pYy`9<J_r0$7daviXo?D0WnR|Zoo%{TmbIzQknR!#gzw7@eQ`3SP
z+SY93z6;N7ML%u-{*U*44S3!C=<~j#0p`B&-KM?`^|Z~o*z~ufpSH`VlKprtzbj{l
z_(~eD+ktx8=3HlLF2k628CSu3O?@ZoX<P4o=MM5ejJ_sQPv1==zYF!Wt#36ok7N3v
z_+c9L-KeK+J--iv<NqqApEkZ4<M|wo`X1ENwtmp`_oAP+`vHFM1MB<HPutJV6YNL+
z6sF#HK%k}{HToS8)8@GY=%?*|!250p)DNQH`)-JK|Gmj|nR~T=oc$z?6Nes*`7_3G
zOuhXl`f2alJDiWFAIJAK%xf6lJ__bO$vY>9`4TUinj^3sdHV;v7TbdK|Bl-m>hHyP
zZ{he+lZ~2(Fb+GO4)IgsPl_+ZbNJjKrnEioyodeBe+JXt#-GE~JMTh$j<J0o@qNhp
zN09BEccCU1eY8C;+;3`l{plk#YVwTj_RQ^-Ii1M)sHw@vl(ySIoc*Zz5vFg_$O#$S
zee4ALO%3bl3@pFj(x@-Ml(ze;MX6yO>vJ((Mx(wEkJEO3k2E!0kG!#->v0Q>`XbcR
zHow%=Y{!&!tmkLC_lkGXcy1WarB`x=qOp$kf5!BF<A*SP(wOIF&(e5qG3sgicN%%f
zVSfqwX}d1CZ84Mk&Jc~7Qq<7)-vWEri_jlIKW*O^-tYgQzYP7feXm^)GxHuyz3Z{4
zDMt-$e-7^L&(U9je%kI2z5O|!%kOOYipg2P^dD%{SE8P_V;D32Rp_Vfzjyw*>90mV
zZO8VG>90XQZF6$Wdnby1+UBe`{k7<)ZO%5+A45NFb1paib?B#U|MjN79{se<zuojV
zpr5w+-u@Hw+lYSJ<~(KUo6t|&b>w|-4(glH?|pBMIsfs#9|!#{=%?-Z&lq#ea`wI-
z2j;nuw{L`bZ1whscy246tNX*>n=!PZpSJU|63^i}YDYh9=jBAx&-XNK$Gq9}ccP!R
z^%tA|F7(s3{yO$!Y)zQ%H8tI+q3vhqda1eH)byZ+w)>5{P0hzKy~p?&Oz)>L{$AA6
zw*F_hpNkJnA-r$?P5dkIAH?s7y`R6E=X(1J<74@LG%hgpr($}F@y{{k=V#VLFg@RR
z7E|75|8`6-G-ki|Ir<s|8{3~d@V&wMc}%aPQG?m@{|3}ue!aJEN6jMoZ#FgA#`e3?
zZeu@cxEu}`H)DF2aTfX?Fy{41@AC!fgXs76;dtF3`n`SlgZ}G&+|)DEJ8q&T2Ys~t
ztnD2`k;DD)ORPstE~d1-mOjjWGqyKPO&+H7%3t}fHDPLa9q$gBC;MpJzG*HKZ@s{r
zcm7N^7aQ$wu%9@GMnA{z9j{G4P7A!6IHuQ0y?2ey)O^xBm-E#tHP49$ObzGjTc&>$
z(_b1#FosOrI39YvxWbs@tTN{Q*!$d#F>^V1`&&Hsi|F@0gPXCv!g|!?qvkv2xy%_C
z|BLu%V()y|<ap=6$YDEz`v>&%JlFf4N8>fpf0B5ExCqbZb2npphVd#qzRkECQ+{S<
z4Zr)0_i1kX-nokD-(~t^n0nhb`a`Jaeb(>8)H{bU{kNEYZWj&4+~0fKIp!;bKH7eM
zzt_~XV)|j@H?eHEFXQs$dz!ZA3Ek|+YfYf$1sXMln9?hc!++2Y;>H>-|50OZzuz(D
z@t@bTSi{fC-u4W0+j)!q$mH^)?d$%^^oKE}ZT}zGkLT9lxqmX|HRdI_F{c=P^h#bd
zMO(>!)N^cnAJXeFJ)TB=32JD2{&t4xFGW9XugRayemwUgOucg<JU4<G+CKL()}X%(
z{j@zU>^J@8=%?+x9AG~(`!H=bH5I6#?X|vEQ^WChn3_t|&@1^SL+dg%d@nykV+>X3
zr|sCjX8NnqPuqSz$1b1m7%#(Xeb1Qh*&iDJ8q+_~$ge>Ty^@`1*{EaA228#4F4RQP
z@11w?LjW4HSW}7Vc4O`XyuW{f{wbJ$M}svlVd|Za!Th@rdrUu<LmiF$T4d68c{Z4u
z8BFgsHGJRDE5GWGfxmCceC}f&6nD_btV2C*|1I`Yrlt?mPnw!~)X;Vra^J*Ej?Mes
zZ{#$fhPKDzxT%@L^i>))ji{k*&L2#F6Z+|uzxBr)!26l`MVRt)KA+o+8ruF%E!+)c
zpoT3AH|uP1P|SV0t%<<7xUk0Uleb*HxzN00F3db{pM#nKjEl!X)^}n0v@wr+-p@u+
z&)4MPnK^vTzoX4_A2I!W{f|rkXH9=D`n{jCnEGNa6XfKf{{q_dd*|@z&qu$vZJ2&;
zE36Np|2C;_7C#_v6F(~csMuTYCcj7eKPP@p%-tf#*@C{c#)Fu@LK<T$z?5G38amO!
zxUs$r({qg@n0n_<=;wCo9V75uK99EB%#|>o`)N%1o}{^b?xIm&WNhp2GyQx`dL>^3
z?IXDHxldt=%MG5np1Db}za3-v8jZ|iOlkXF6)&0^ZW{+p4fm_`$`Jm8_Bw9Nc^oxw
z82>Y-<HmeHP8xH+{!=l}DfwLXd&dQgq14!ZFYO;p%`?bZfyK)DBQfPU9Q_ie-gOMv
zJ6Dqa0^@Tr-AE%pf;@WV@9-bA2>bC|ZsQlzsNwpeSN<OVLA%oQmmAw<&d<Vj3?CHV
zB5p8l!}Ngk^H{*wsz4@fGaoiJ-I#jE1=Lic#yc+DgibW?Gqss_9%GnOg?`%R{1f|8
z^Ic5Gj2p2Gz5PG>{{?*$(*ILqzR$d40cy(Nb+|E~#}|4fHypH6*>7q#8S|X(Y#R04
zW@$SfX0e{fgzd&0&kh>(QPk5ba{;t!squ~-sHsIiZ8N>&1^Q#?_l_54`5Z9M{Q{;<
z#$UqpUex7&)c+ZpcaCK2y+@4Or3S-I)PGETB>e#_Ff@AQyzgUS<}>?U#yc=wN25N=
z*dEvT`HJ<enDYFRHQC1Y9OEie^AM)qegO4c1yR%gB&J+0d@lFNw9T($KkB<N-A|(?
z$JpjCXaBYS`014m_z#-b&kqpBw%@ykhMft|m%fO{a*e+w_TKMN|G6{Le+;^8eW94=
zW47NrA2XSy((ir7G5y^4vAzh8pG)JlxNK?r87;zoQ_s((tl_ey?egI{I%|rN!|j_j
zT!ys0F0{w=bGgxWIq-a)&%Fmz?_3?`cyDJva=01O_B;U}1-<?}Olf=l?Gx<BbDzib
zY2yfTo~4nKk11_)zHDl^-{tj6J~xi(3pDCO#<u?3>_^Qkrr!P;=KA?Q`%zzDZ0mnw
z`U^3o?R)JV)6Zp3+wm{QSebu3riU4G+c<(oei*g1&1W6!xo<wf)D)wJwlzoNe(p|m
zplvYb`t^>L=;wO$-phDXJ_NV2#+b{O&*gfg?dPNQrlty0&I4<>PH8)j=bC=5JKFy4
zT!j6|=lj~*X7F5Q)AqU7vIhNJU$ni}!S^Gd%Y94(jhc|LJ;vc~AY(QEi}P*VtT{ew
zzMgeR%=KjZxvZ_h|NZ?V&V^YfKlbe{6K<Gj-ZGi;=q=NXpZfNe$y>g?W%4uMC75JP
z`;O56>bso&x$jE)7rv|M8Q)Qw7u(QcxMjTU(K{#0_;=rp?4R}BO#g@PR{EE|+i9Nc
zpmpMwG3U|SM`!%ncQ5;Y<GY{!t?xm4-glh-o$nF)_rAyIKlq-Y7kp3AfAl>=|H(IB
zKI1=qvovGTcK~m{j6eI%rvKtQhvp6dEstg)T8Pf@&3$`DrtdJ#5AJ9sbe8W3z0`L(
zz07wd&7BHbHO&`Ci_$y+M2pef*`U?aycmGiNC$m4(}(+RrMVMAYo~bviPlNy`0l28
zB8k>ZulC(fALV<H&h;IqkM=!6^WcUyM)O1zZGz78Jw+eqdxqwY5N(cL<9mV5_Z`TD
z-{qU1!85pnM9ZQ1gB`RyI^;V<uk~F>uk#(IdEpSPgyxPHEkd8{yPW356SPYD6yH1t
z%P906r8oGF(Wm;Zr%&_UNb{hK)=Z!7yOriiH(EQ*13p?O9roQ#Z}QzsZ}#0!pXqy$
z=D`{*PM_s_gx=zNjOIxM+5}zVdy3{oQ?wcST;Fr_dA=8D9>m#}z~}qUrr+(GKa0t@
zz&Ee=Wkh_3=&imBX`Zm4h3N}@m(XRtBQy_`Xyx>F-<32!e4tg+<-VizCB9?yrM~Ow
z_xNt4D||Q8@AchEU*@}=exL77y3%(y{eIuQ^bX(sG(Q}n4boM<<Mb82M`(UXLK~y6
z@;yOU`<|llvkbNw`WoMJG_HHFEzmW-c|w<g^HsKN`dZ&Pv^g*3@8x7f{r(WW(>xc?
z$uP$bo(E)@V@DosjvWQ`6#j!2#?2l(O6j-Q>t8d;_?d5>H`rrGls3nXI@%mN8fkOv
zXrZ~IMQg{+9y_{dbL{Z;^XAwwz<zV=h|}iSF-n_b#{_MT9n&;--e}%F+#EZ&`?kl9
zY%C6Y?BH(89y_?pu*VL*UG1@hZxws&;AU!%9o$6hv4g9}9y?;RId(MA=Gf6pn`1{C
zZH^tCv^jS4(D)x)KW&a3L$o<|jL_!TF-~XUKWJ05Id;s_=Gd`7n`1{7-^*M8XgRbw
zcI4CM*ilHEV+XHC*<(k9Hph+%+8jHoX>;tTrE~oJdfFU2_<7SFJ6dUT?C7Am641J7
zbL{A&&9TGVznNplF#GfTdT*a*jvbTiH^&ZdKW2^{^X$*}>jQirnPW$gHph-U+8jFy
z=#XC@rp>W~zw={{9p$t+c2v;?etncS$BsJM96K6mbL?oL3;p_b+8jH&XmjlF_A}<#
zF~ELqjA-7z#T+|E*>8>=-u}cKJNWZod+hM`A?Dbz$bNI|@b(+#*umeuw8su_Utx|N
z{CzTe>?onlv7?OU8v>2LOKFcC{F$^pcEo6N>}a4%{rYCw96Q=*bL`;nj@V-de=o-#
zJNjvJ>=>fWv15cb$BuEDZ%VW&+8jG(X>;sYpv|!(Ybjjr*XPjY*pW}0V@Dxvjvd8x
zg<l_`&9S3`Hph-?+8jG-X>;tTr_HgWi8jZMR@xjpI_N4tzneD4jy~EPI|gZU>=>r2
z{rWN596KgybL^O*&9P&i=FW+28ElRnLE0QU@@RAHD4?T$eV8`Kj#Aphl#8pxQE{EP
zQQRVK7k7z!X}oXQ2E=jkD2;8JZ9+UPo)a&MvvCo}J~vk!5*LX}Xlz4lW#US4jW{N5
z5I2k4#GT?E8taU$Upyop5s!<f#IxcBaaMLRKS!KTV;Qj(ii^b&afP^ATq~{@H_;de
zTdTN3+%4`C4~mDyV>E7Tlj0fiyqI4IWb1=8Zftqt0&!SeDlQjSiKF5=aih3J+%E1C
z_lgI^aq*~lLOd;=6EBLh4@=H_t~ewv5|@a}#FgS2ag4@|twG!@ZlhQFHJ#!faX-xy
zRkR`Th<IE)C7u;8(1-guS$IwB9C5z5P+TmIh%4wL{LE@`t+-y?ByJUVh`Yso;z9AS
zcuYJgo)OQBdGXJVIVjE(7l^~+QgOMsN*oo}i5tZ&;&ySDxK}(t^M?s&aq*~lLOd;=
z6EBLhu`SrlTyaQTBrXw`i7V+Ge{414n7BdQEN&Bb(yRQO9&x{TNIW7Q7f*?2#S7vr
zY_s;Ya>V)KLUFM;BCZfui)+R8^ilqNHHllr9pY|rAD!zzcThYm9urTBXT<Yj{!q$h
z2E}>e0&!SeDlQjSiKF5=aih3J+%E1C_lgI^aq*~lLOd;=6EBLhvCZ1$kSh*}i^L`3
zGI6E2MjR72h?~W2;!bgoxL-UZ9ubd=r^K`31#uSMXLjCm#QEYvnm=qoD;7t@74$KF
zO|`gITrX}Cx6;S@&+QO*i~Gcb;$iWacv3tgo)`1W&+O|4#d+caaadd`E~k0X2(3yS
z71z<`_vISJE#h`@m$+9vAdZVi#S`Lb@tk;3oQ-{w9a}Daygx4?agn%0Tqdrh*Z9w^
z5y!+0;$}MEuWu7~ihIQU;vw;fcw9Uso)s^Mv#?LKW5^Nb)9>=fRwynON9Ys$nhJ5X
zxK>;*ZW6bOJH*}MKJlP<SUe`46wip~#r)C*JN}?JPh21li%Z4j;wt(?f0;zZb>c>G
zi@06fMTh*HUh#l9E*_=V`t=jyY4MzRQJjtamVIunI3z9-mx#;6mEsz4Oxz%D7Prys
z{PA~+d&K?XA@PWKTs$S76)(^y`LC6Q{jPP6IG--?YYN51;)u9HTrI8@*NdCPt>O-G
zx42I{C?2Ly_QyFUo)pi}>;0N}F@G>@`-9><ae+82E)|!HtLRhw*NTek#Eo>JU(+IP
z7k7z!#RKBFc$D7YXHJNx#dG3CaW;-i_PM#@khn-(A}*s(^<TGATqBN&8^q1xHgTu8
zN8B$S5|4<-#Z%&0@q#!D$2vRy9C5z5P+TmIh%3a^;#zUNxQRZ^Uv9194so}*Pdq3d
z7LSQ1#WUi0F~2y?jv*+{6BmfX;!<(BxJn!q*NGd&E#h`@m$+9vAdZVi#S`Lb@tk;3
zoQ-o3yBu=GA#stoL|i7W6xWDj;s$ZExJ}$C?h*Hkhv*`I`xz0Bi>Ji1;stRQ&T(u`
zjyPXjC@vO9=+pf%REVp^wc>hlleksfA?_CUi3i2Q;xX~0ct$)g=9iz_@dw3u;sSA)
z-ssP7skmHRC60>g#Es$>al5!n+$$as$Hk-c8UENN#M9zAI_%dhinDRPX8UvLO@2*C
zTqG_Lmx(LIHR71KLEJ2E6L*Sx#QowS@rZa_JVkHz=VeyBAkGRUYjVW-;zDt;I3li~
z&kT62T3jox7dMGp#U0{qx;WsqKJlP<SUe`46wip~#Q~fz+x(z7Ph21li%Z4j^jQI~
zRf(hGI&q`8Mcgj#68F+u{QLoNTs$hC5KoKe#Ear=oOj#&TyaQTBrXw`i7Ul5;+VKW
z+$?SrcZz$&{o*0<h<IE)C7u;8h_moHz|MP)IA2^SE*3|`72;}ft+-y?ByJUVh`Yso
z;z9AScuYJgo)OQB`Af}q-h<*iae+82E)|!HtHe=pow!llB5oIViF?HZ;<$KJJRzPI
z&xses+4%fqmqV^NBrXz{h|9#4;u>*G+#qfiw~0H&J>q`xka$EqE}jz4iWkIL_*`h`
zJx81`E)*AwBjO5iwYXMXPoM4Y$C|{gbcx^JA?_CUi3i2Q;xX~0ct$)=pX0w4|Ixm6
zP@E?&pwIQ|!{SnLxwuLk71xOy#Vz7?ahJGPJV2l4k0&l36;Ft##dG3CaW+1S+ss^X
zNL(Z?5toT8#WmuXxPdP9$KNb&6L*Sx#QowS@rZa_JSCnLFNm{n&A^T)N1QJ%6c>vl
z;tFxKxK>;*ZW6bOJH*}MKKgurxebbk#be@0@r-z09Kdx8n;8`6i3`MGajCdmTqTZ*
z>%@)X7IC|{OWZ3S5XZ%%;tBDzcuu@1&c<~JyBu=GA#stoL|i7W6xWDj;s$ZExJ}$C
z?h*Hkhr}b|aq*ORR=gn2!e?kZ?>XXpaiO?a91&NDtHrhAdU2DuRoo%&7Wat<#lzw;
z@uYZ0JTDI5v%8)5pg2!lAP$R5#pU8Eaa3F<ZWOnO+r?etUh#l9E*=$6h^NJK;zj!1
z{{AEzpXoC$@SQ6TiHpP~;xciixJDckH_#FPwVK6k;!bgoxL-UZ9ubd=r^K`31#uRx
z8QAgUi1WpT;$m?`Tp_L&*NW@KP2yH@hq#;G>MyH4@t}BEJSLtL&xq&6{Dpp-9~9?_
z3&de@skmHRMQ`)R92M7z8|e%Enig@pxJ%qC9uUXHqjZ^{IU$}F&(Rn8HH+eGT<@{{
zx#EzxNL(T=qqqB+mEsz4Oxz%D7PpBz#XaJF@sM~#JT9IR&x#ksS-3uA$Dbq47Z-|)
z#Sw9ZxLRB*t`|3nTg4sXZgHP@P&_Oi6Hkg~#Pec)DT|%=pg2!lAP$R5#pU8Eag@H;
z-!|&Rjp7z@ySPi-D;^NX#iQa0@w9kOyeQ7bH8wlWTyaQTBrXw`i7Ul5;+VKW+$?Sr
zcZz$&{o*0<h<IE)C7u;8h_i6r&dz&|IA2^SE*3|`72;}ft+<{p_qT^8ajUpP+%4`C
z4~mDyW8z8ijCfugz%@lXo}f5STp$jMOU32lDsfa?CvFtCh}*?o;$HE9I8I;UFV9i&
zgm_v!Cteh1<C=uc$rXphMdA{1nYdD1BaYFR`r~X6H;dcEo#GyGKm8s*XGlCE9v4rE
zXXy(6xeMYfTz9ekIpTbAA^l$exy9m$xI$blt`*mdo5Zc+4so}*Pdq3drZ4lyHYT1F
z&xq&6{L)bS+@Ls5Tp$jMOU32lDsfa?CvFtCh}*?o;$HE9I4&L)Pl%_*bK*sDHm+~k
z<&Y~5iHpP~;xciixJDckH;9|XZQ@RGkGNkvBpwlui>Ji1;stRQuBF*|&k^T~3&q9a
zh`2&rEv^;Ui<`u);tp}QxKBJN9u|*@C&e@3c`^Tpl%4mWI8R(44vS00<>D%FR9q)+
z6t{@m#a-fF@qjok9u-fBr^R#PMR7K+tJ&p{D-MZ^#3kY~aizFM91}N)o5gM7PH~U8
zUpyop5s!<f==b^i##!-#I1ASRY)y_hUtB0IrYrr-h`2&rEv^;Ui<`u);tp}QxKBJN
z9u|*@C&e@3c`?5n+RjT*oF^_2hsCAha&eV7Dy|bZid)3(;x2Kocz}Mtzx?C$4&S5V
z3GuXePP{12jwEw(#UXK#xI|ngt`ygZW8wyJv$##%Dej>!4|uI#JR}|wkBg_ov*HDD
z7Ot<@{2Xz<xKLayj)*Jhs({z3#kJykag(@J+#&83_lXC^!{Rae3V#ff;u-P0n17tt
z)(6FT;sW|gKQk;Y6_<;v=&SttsJKqtC~gtA)7AcSyTrZX0dZVBDxMHe(^vbMbK*sD
zHm*fwT;tc|ibLWeaf!H0Tq&-h|HjXZi5tYt;x=)oxJTSC9ukj;$Hi0PS@D863)jr-
zICI4L;zDt;I6~L>^H?FS7T1dF#ZB}F{O7icJH*}MKJlP<SUe`46wip~>1+Mh<sYQB
z4vO>W>-?GmaadeRNBx>|ag{hq@APZx#Es$>dY50*F76WdiU-7T`g;Glqv8qiG+pc0
z%!wDp*|>gbYjVXQagn%0Tqdp**N9`{25~dJ+aFt-xKrFC?iUY<N5tdeDe<g$L7au_
zb9M|l;(T$TxL6z!SBR^{wc>hlleksfA?_CUi3i2Q;xX~0ct$)g<{vw@^BxrEi3`MG
zajCdmTqTZ*>%@)X7IC|{OWZ3Sp!fLOOk6xFo)Axq=fsQRY+OUKnYrSSxJX<gE)!RZ
zYs4{egSc7TChipXi2KDu;t}z<cuG7gUJz&Dx|E&w9C5z5P+TmIh%3a^;#zUNxQX8D
zug6w#hqznZCms|Ji^s&1;u-P0n13kKjv*+{6BmfX;!<(BxJn!q*NGd&E#h`@m$;XX
z`O9iR92bw$H~2LZ;%V`mc#*!*ug}JHLF-&`NL)mJ(628Mmx(LIHFTX{9}_o-o5gM7
zPH~U8Upyopp>OhEYg{}fo)s^Mvv6J0J~v04FD|6_`T51-h`2&rEv^;Ui<`u);tp}Q
zxKBJN9u|*@C&e@3c`^SmtDUbPeX~E0dEx?bSX@fi`}O7GDsfa?N8jStH;P-t?cy$R
zuXsQlr}z7rqv8qiw0KUuD9*+;5}T7t-|A<E#6{u~ahbSMTqBN&8^q1xHgTu8N8B$S
z5|4<-#Z%&0@q#!D*K#r%{Q1oh=Zg!)#o~y#LR>Ab71xWK#I52EakscnJSZL(kBKM6
zGvax10M}9Mya&a3;sSA4Tq-UXSBazII&q`8Mcgj#68DM+#BuScctSi)-{!C1Iq{-6
z8`qF*O|Cd3E)tiB%fyx98gWeAAZ`}7i96}r{W155`^7`z5%IWqN<1rG5NF}ql6|cl
zalW{azQZ3+u{a{G5Lb(9#r5JQajUpP+%4{-8~rg1iigEx;z{w0cwWpeL$H}a`c6MT
zPh21li%Z4j;wo`eTqkZ6w}{)tUE*HxfH*E56;Ft##dG3CaW<}*WgPJ5J(vDl-yw04
zxI|n=H~ICI;u>*`zRRy^5I2k4=nwfdo#GyGzj#PIA|4k{iD$(N;w)U-v#*;Y&KDPo
zi^UOfg}7Q=E3OweiCe`T;%;%Dcu+hn9urTBXT<a30IpNoc@K*7#0BE8xKvy&t`bMZ
zb@bi-`fa3}eYc3)#a-fF@qjok9u-fBr^R#PMR7K+xn|tsk0)0g5*LX}#AV`2ag8`8
zZV)$%+r*vX9&x{TNIW7Q7f*?2#S7vrTpPCYo+Hi|7mAC;5pjjMT3jox7dMGp#U0{q
zai4flJS-j)Pl{*6^Yp#`y5<+vTL;B?;sSA4Tq-UXSBazII&q`8Mcgj#68DM+#BuSc
zctSiao)a&MvvHl?E{9xkNL(Z?5toT8#WmuXxIx@3Zlmw>*Gs3kN8C@h_%%b~5%IWq
zN<1rG5NF}~z0J%K=Zg!)#o~y#LR>Ab71xWK#I52EakscnJSZL(kBKM6Gvax106%}Q
z^BxrEi3`MGajCdmTqTZ*>%@)X7IC|{OWZ3S5XZ%%;tBDzcuu@1&c@F}>~hEzhr~tV
z68gjbc338^6xY!A`!z9fgSc7TChipXi2KDu;t}z<cuG7=Kj4pNL7au3^Vt3zalW`v
zTr7@=E5y~}T5-L&iEj1B(<<%|cZ>VPgW_TFn0Qh=Bc2xrqRBA?#d+caaadd`E*Dpc
zqx9beyjCY}6t{@m#a-fF@qjok9u-fBr^R#PMR7KMMrX&FD-MZ^#3kY~`oVzLD#bP8
z82u5yra{~+ZWDKkd&K?XA@PWKTs$S7rQ7^5EQqu4vq#&XBhD8Wii_#L_j4lR3URf#
zR$MP`61R#w#NFaP@gV(>KZarPn0Qh=Bc2xru21F!#d+caaadd`E*DpcqvASoqqs%f
zF76WdiU-7T@u+x0JT0CRFN(AA^I^L@bHyQXk+?)$Cax6Mh-2agakIEh+$ru6_lt+b
zBjR!Klz3LWAkM<ipEDlzx1}6$zPM0aERKjP#MR<jalN=n+$!!6cZ>VPgW_TFn0Qh=
zBc2!Yi~8)m2gP~f0&!SeDlQjSiKF5=aih3J+%E1C_lgI^aq*~lLOe~k`|Ed3yeQ7z
zo2<zdhr~tV5^<ThQd}dBi5uug{P8r4+r*vX9&x{TNIW7Q7f*?2#S7vr{9MtFCr6ww
zE)*AwBjO5iwYXMXFK!aIiaW&J;y&@9cvw6po)piB=fwg1ywuKnP@E?&5QoL3;&O47
zI4Z6aH;P-t?cy$RuXsQl7mtc3#M9zA@uD~zKL@tUAy*s{7l}*6W%Q%|_FO5h5y!+0
z;%0H1xKrFC?iUY<N5tdeDe<g$L7au3Y1{GVi1WpT;$m?`Tp_L&*NW@KP2yH@hqznZ
zCms|Ji^s&1;u-P0m|ym8=RGLS6BmfX^ke?IE)|!HtHe=pow!llB5oIViF?HZ;<$KJ
zJRzPI&xses**7KUD_0z%JN)@A5|@a}#FgS2aZKDGZWgzRJH<WXe({iaL_98@63>bk
z#98~2^Oz&f7Z-|)#Sw9ZxLRB*t`|3nTg4sXZgHP@P&_Oi6Hkg~#Pj07&B=KWiu1$;
z;;^_>TrRE>N5ysGMsbU{UEC$^6%UBx;!*L0c$$9P--hStCwwo8v+I-nx#EzxNL(T=
z6IY6B#4&M$xLMpL?iBZk`^7`z5%IWqN<1rG5NF+zocA1YzPM0aERKjP#MR<jalN=n
z+$!!6cZ>VPgW_TFn0Qh=Bc2!Y%g*ig5ESQ$3+Rvf+e}zoDlQjSiKF5=aih3J+%E1C
z_lgI^aq*~lLOe}(n(be_D9*kWHBb6Ax#Ezxh<?hiDG`^6E5$Y9n7BdQEN&BbihIQU
z;vw;fcw9Uso)s^Mvl^1~l_Sm<7mAC;5&C2PGN}+(i)+R8;wEvcxI^4cclr5!^v8V<
z(x31>On=h%7~SoAl78Cv4E>DndHPen1Gm9FzJv6qedp27`Yxb9<2y|E`YxqE>${x(
zobM|7^S+~WpYJ;Q3%(oaFZynwpYz>L_xtXmpZDEMf64a%{bk>AdcgN6{T1I6^jCdP
z(_iyFM-Td5q`&Sv`*!#R-?{WRe23^E-$nF`zDwwre3#Mx;JcEJ`>vs1_8p@S`fi|K
z@!d=h`);GZ>ARDD)prm5E#Lk0i0>i#HQyuj>%Pb7fAl>?kNTda|H=0P{cYb_cfjBA
zokNfL&Zpn-T}Z#_yO{p2?+88ayMq3n?`rz{zH8}!_FYd;_->+q;JcOnq3;g*Uwn7d
zlfM6_{|%uq1Gi=73B{OZ8FOO2#yG-Gw6fbX0zpil%=DknI^HkAP4jr)W`GHwX&hlE
zTBYPI!F`)|8LWAw<}pmXX0!1T?U1?%?%T&$XpPHRo+Io;tC82`GO(|EKdi4?hWk0V
z*=F<ZK?fZ%55$mH0CTxyW6H<4T(}F-yeiX=iPvl%cT<|zCV7XM$C$^rndU`tKMyzC
zY~I(<p?UqtD@Py4#~eP!=}&RfyhhyT_-(U!+`Kez0eO5~<{e=kW8NQe)4XQ$7$#n`
zdGolZc{z6^w<|7hKE}MG5T<!8<}pmXX7i3fk>=$~-fC3Zywjb$Ry>w!e)(0qnpcQC
zJHNS-ccGKlj>q`8ZFYR`cJd;~<2KFZcMPU>e7l^y9z4e7V4Kb3*Rj$O^FR~w3Sj1O
zoP3PW`;e2@kG=?Qw%NQpoxE=3#Zkn(<1w{)pK|i%@EBjuHk<beCokHV-2U=WZ1Y}n
z^7s|gHiMbgUw86)k;nPt_)d_#?>l)x+)uSW-f;2;kZ0FNNb-K`<b`lQ)%y6QlQ)OF
z0yDmKlIMMQHtyT~F2ADL&Lg@LUWxf)e}tWAxmZDVewoY1c>griAtI3%PLsFZ$qPx|
zdda)U$tzBi7jg26B(G5Nu6OcE(&Sz1<dsO?sgn00Cy!qdooe~r>ExA3UXkQI;p9cq
z<UQi#RZ8AQ$@{XC$FG=9wf%k3$*V!0-TuOo_lA>Koo0NaPF|;sZ?ok6yOYPScuuwa
ze(vP;NM5nzEyY0_5sB?DiaXpsZA)aMj*gfI`jJ-$^ZmO8Q$FTx&rV(o^0>Zivw7>C
zy!-<hfff`ouLM(@cd?V#kGyUhX6kr%o0Hd#yeZT&?_5*I@zpwcm3W-%%Qic{>zusi
zri?&4ikQdsY{z%6lh=&LBR0&`@$OwtUd~;~{qws`9mn?xCohh?RLk#4CvOaScKJml
z@1T=6i#$7zC`<T7C$9<z9*&3eyG`<b;^fVx$@`&`7nQs+$(wib=8>1`c=RhLuMT<T
zW_;Tv?{Lf<R(oQ54&r&758Ld#X9IM^JTQQ~0+{p5Tt3F<Z3Hwg4|zH0w~cjd8vr`O
zJ7^Qg<95ZoOEKkR%)1cKyh7v+q2D&vvAr9hBfNu_eRoEn7+K7#z<oZ(yuSf7Z`v#;
zJmfXjv0Vw!5#B*7y(hVTd9KdKnAZqs-b|XjTb;ae$*YvS$DF)b<mKaW+xWU{4>@^N
z$g4s>=XVFDtmF8;;N)>VrrKV5oxEP;+3kh7Ht%&OFO(+ln@--G<XtIwZ##J<xIc}@
zZNpu!{VPC6{JVjYdou$0m{-nkHTw7%=lAfXhpvx&+)s5p%0|EDRbj_#k4M)?-pNj0
z825R+w~ZNWAt$dLd5!4j_-Zh<<Ga+!tH%9Q<GaYo%l>e3eAi0e%}!pOc^*o<X2*A<
zlUIg3E-#KRim4snBTimD?q_>R{(o#<o0C_GJZ@La+a-DZPF|yVo{hA5pLg<NGQL{L
z8+G!U(&T;1$!n0jJ(BkaC$Aaz`Fgh5@%_fhYepW=WjVhw6tj-Y^BA1y>i%FF&*S^Y
zHk-E!b#%l$(06}EU=d~>KjYiHGo8E=+z*-OaANZ|I(fYhWO(b9d3C0a<GaSmt4@=5
zg_D=vn#|iLdG|PZjkup`duej=V#u@GOTFZM+R1B9lh^I!HA~)p$%{LAt!eVU;pBBn
zUW4TQ#K~*N{bD?Bn_VA2bn^O<*M%akkJ~Y|>vzG)8^(QZSGL)_-#U2}e~0rI92=O&
z{fx~!V)>!l-yH6z+Fz|eKc5pZFErMc++Q7#yh0~04=cCVJckoIzLT81^1sgrESUF4
zljM~-d2!@bq{zF#$%{Ok;T;z^zaNsk>zusc3jcj*BklOEaq<e<ljkqZl6RYvmzO55
z-pMPMyn7|@VJEKud3H=3qxFMMULErIe&zhONM5g#SC}U6Q%+u^<lQfM-*obd(&WXR
zycWr8mAqLeFN{2_;zYCa`wJ(pUGg53yevFf_opRk#`lhs*Clyvl6QiWSDI#g$Dxj6
zjo`-Ci#)r(dI<OV7}w8PPF@-E3ej(yo!_vN7e^l7w_LyNnA*HcoxHj<^Lvq#SMo@5
zdwEpyb~$<V$jh;VGj+WC0Vl5vd13T(d>y8a^V{U)HK!Th9Zp_@jPD7_`>2!Gk|ys_
zC$CxZIwkLUC$BY4UZ0cKCV5Xu-nX5+wlsOKIeDFu$Nj!tzdv*G+SBCy*vadWyiZ8p
zpPjspG<ge7UccmZOWv_~zP{f&ala6c+h(`t)#h~~=7AyP+3oom^x646!^w-|KI?3=
zd8ayg#gAqLV&?eKgJPRk;pCMZ76|bC!8V(Bv6I*JSVo}I<UNaGn|Gs=*NePV=WDy2
zyxETA`C6~!aeLF{w}`wvJ2+FvyZ1SHGmj@fZ+*_x@%{E$Cogwp>iubtlNWv>xxea@
zyw{w(eB{|>hO&f*oxF17aXj1~d{OddoV-w)@%_xntCI2cOWrapFI|3x$V;{SGEm2H
zM{r}SLtZ(i9N(8Pwd?m}Coh7$0zSbsJMSSUZvc69sA1j!rZ(?FC$AQHxi-wy@$S2w
zywFFJpWnV}>bN|2I(d!Avtwe8b&Zo(gFL%F1|{!+lh>4He78AyF&W<rlJ}UC*Pdp4
z4>@@~GQJ_nd)~?GKwdE(x6RIPpOe>*JbV895{m8mc*DsXL0-&;nL6Gbb@D1YGXlIe
z&-EKObzGjmcJjjLOm)1Rb@E!COdc-}O5Twek8aNq<c09KZFYVSGs`t%9vDDg6z2Gb
zF}3r1x|0`8Gd{j=_?!rCY`IS*$M-7k+q_Ghyn5tC_yp5f$5!U#l_8Js3yyCDQ=50a
zlh=<t{6Eob-nCBN0`dw_#k|)swRs1eydi{TC(`^n-o4Gq%l}w%|2Ham+<tX^3?t8u
zi8<CEaq^0h$NAv+zAbs5bMi*g<bB%7i%8y><h|nLjUulUkK1O)_mY!WfjqlD-bAro
ze!p<?vJX$aKYh!|3v?y-r{j{h0^`x;7eZcz9h|A--7K>lBD{lEj=X71x%|G5sU6?x
zPF@}IQXS6=oxGxtCy(b7l6Q%dH;FvE%utqanUmM_iRAkIq2yif<V_*3i9x2>>}#F8
zR^&BcL2-U3QETV-fRk5qL~=}ww0XBVd5fP+j_=2k*Wu(vk(X+FdDzLz?oMtmQ<C?*
zlh=j3l>28VZwPr^$l?6HC3)X*^2XBSz3${yKb_2*mb_m(d09uM{(01_lQ)mNb~C=8
zOWqM!pSnF4BhRh_lqI~vY)27xqP0AeTpu&IZ`bc8C$9u~sg55-PF_3m!pPzBdt36V
zoV;@6<>PVN>{#FD<i(L!g(Bw7Vrs{CtCLrYJS?h2vw8cRyj=VuL;<Rp_e)G|-eXQ)
zJ@O)nwB+)8$jK`~UL1AIo5R%R4LW)K$m>jz_hlz<0eK_l{q`Hl`+<{Jj+GHfkvHz-
z#Xp@K-@N3_J9(|h8%mM)D<`k{+2qfoelK}P;r*c7U)icapf5$<5vb!bikQa+dNTr9
zSaw`~3+S`UFYM&aAurYTa+;Gj__^fv@+Zlwa`J+!{p(R?7~bpB?{o5kpU(*3lA<@h
zMajF>$!kYmoeeW}yt~iI>+H)2@OKM1zke}x+-@Ip@)nVo%K+23T-Y9R@+QBKJRj!@
zu*>iBPF~JY{$qYh($6}1d0$NK4>Bch#L3G|llO{~S0H&=k~iz*<sq-c4h~a0zrS$u
z!pQ5z<6M5rByTm|U$`4sW-=;~S76ME%{v@*bcCH~6UgIwV_vr8o#Ny*AWs`#i|uq%
zhfCOAOILR$>Uh5Q-_@O;;&o3q*__z<;Qm<WqwKlle(i9XkIS6A9?S<8X`<OY?mu<;
z4WRD)L{;*2uXA2ECa;?#uY17Bn@8SRDe`V}^4cVCwd8d;c|~}0q{@5P$?Hd+Js#ys
z-e;Y>TI8LaVthSL-js~*7|Dw}d2PsBmm=>QPF_}ja(sD`H}2&1BX4bryze-9#mLJ;
z9k=J>CGX#yym91xDMjA2lUIQ}?)R9NFL_xwUf^!x{nmPP>htk;oV@bqljA!<@{V=#
zx{=5IqHT6NJ<F-<L*0qC2vb`ZMxDMtqIlgf9_M_lmDjz@$s0x9rWARXIC<?dA16s(
z%*o>~i3Yi#Ota&=-pT7lUNh=AzLO>I9w#q&ENW~RrZ%t1$t(PFMqm_=Gw&41`<Rp0
zi@Z})<UQf!%_FbC<ZY0=uRD3;$cv=N8*uXS29nnWPLsUXOx|Xbk&BI)?*-d9zbFs<
z$a&qFQ}8>Lwg^+ZTqc~?ZN%$V;c+gPjq<v`b@Flx0|6ZR6V2xR(#ab|9)EX<d11*r
z8s{r~x;-AnH>BR5=Ae$*5%Ws%uO+wB&60PjlgE{o>bP*SlQ)OFQe<;{#gezx$qOSd
z)&8K=$txO6e%{(5dDTuHznA?gGf$k@<#)N0H-)^g86U4>v5xQi4?20JSh=aT`#nxx
z&exN_&v35fJ>cX`ATQPN?OrFZ^o8VhS}J+nPF`LSwn>cJHaou`bMm^7*MJ<Zk9SMn
zK__nkc@NkyOl{taPF~JXa{nBWydOGw&DdD5%TF|$_dO>s_+oPZyiM|c<>YlB?>`f1
z$??7I<P{*#{``aIy>|Vs!1*oiCf*<I8v}t`QsiZ!j?amh$J$;>u8-}KcaoErbw(ht
zHAUVDPTnl?3Q))OQ7(DsIeF#C<MnRa?DE^<<mLQB^8InC<n3_sxY1u}!!WgZ?{)Hq
zkr&0|9AAax-Q?s|BQMqZjX8M*@#OlwO!7YL<njBw?@TeiW+$%{d0l3Fm6G?AlQ)Ar
z{+lG*?EF6N<W0!<c1YfUlb5v#zgug=FtvHlIeBx)8^GgSepQn99Vf2^d8x+tx|7%Q
za&q}yDS1D4^16|CV~X+p)X5t{Ubz`xwdDQT$qQ}{1k69f^HS~nE;xBv2Qvb>$l?56
zBY7d5f8%cA{Wgj`{3tQeY~C8w(Gl}V-YXe_LS!+oM)J;a@}k9fj{R_h=i0ntCol3%
zEI%9+nRl(^UGC&{pB)IiXvV;a&AZIWtNzF2_0y>2?Q`;?_;7i4iut|4$?F}>2t>^M
z?vlI*oV?C+{GVsoA=>fX>*URRJ2}2u$?J9U_<gGRHcaOCQ%+vVSaSQ@BY6j%yhh}u
z+MZu@@+u{d`)SSxkH6ziUI+3nNin|fIC(MT+0W-UO5WQ}9>2R4t2oi@^7~gOFXxTq
z{<%)_GO@G6-Ng2scV2*h?k&-5-k+VkV&v7Kire2l$qPAo{QlN!5^2fpZw>009Wjq}
zBhS8n>m~1OCvO6IH>Akh?BvZL&+bq6OWq|;UKvj6Hl%pJl{tAWZ(@Cz_Z!bU?E1ad
z<Y6&*t^R^Q0IM$1?DD(X$t(InMu5Ld%jI{w<lW|sFS0fD?;q4Vd0jtF9^V=z?_npe
z19><_NHjaX2c5h{<Q1Tb<2xXEpK<brkrz*-CD-pWPG0CI$^B`Q<h|tN@p}%xpCa$;
zPG0d;Mj(V7j_*T~H{s;*`vuR$<F?uP{jQT&_0x<%r^#!Uyx%!_?PY<$b2bE_mUB+t
z>{}Uu>TG{}_e$Q;_*~54VAx)ZU}w<I4%2L24(jNL=`Z{Dj6gp+IKM5Dcecs1pO5(6
zP7j;saANZ|J9+cJN?y;tU-BxPJbpLRxhckXv6DA2m;C+CR>|Av<aJd90^dq8z8jpp
zzTaec*AY3t4@zFUlgIB3!lF+!JHH=s@&<mJ+~2oJ-g8b~Bl0lIiDvUY=j4qdFN!LT
z?;*+iM<<WpJCtgCuR3`}^U3jXd*JKx_%ZF|O&|}u{6w?k`-ziRhCI7JeN^&-xQ>Fm
ziT!=<Ww?%+V*j@sb<B>KS879^-Tpcxuh7Zk_rOeJnb>B>caoD=`bQkk@gSGq6Oy;h
z$;+<7XIKu{G@Ez6lh^j=<iG#m`<QiHetVoeey_wUHVjjnx6{e%eJA<zg{LI%K_{=|
z%0K|KoM<-h!%p5T-tm|fZ+^QZ@AFPx8}f=1Y02?D>*Pf;G85b1CnWC`Coi5R?<FU%
zTk^Uk?<Y<kzZYUO#rS^c<OMP_6W8IMk-XnIdHik${*Iz;cKOXYdCf~OzgVH%UV0=i
z``AOb=c=87z;A6BrZ#U0>gb4hZ0g9&#PQ=<$ve@>E8i6e;G;#N*}UVOyuhl=0RJr&
z$JZ-)B_<EuUJKTy{`vHoPG0uWnTelI<419c?fG(Ne5J^{IK}ubbMiWo7r`JnzCOwO
zpp)0KJN5o~kCQiXY-ZxR=ocmLLrz}B9{es&V(BH<$DK}IPhMu?e79fn9(VGFk%y1K
ziDuVFyOUROTxMeb_a({uypuPNyig)7IlgC|ybk0QppMILK=Qun<niyKZb*?Ack%|2
z$N6C1S0(S?oV*C~u1=9R?c~iM&+cCaCGRgzUKjFGeV+NFlUI6tX5!}`FG$|exQ>jw
ziQ~s0@^+*cUk>WHZX)KfD&$3B&Mz*tCAQ}cPF^q;2%N_kFwL&t0w-?(c_XM}-b<2q
zo|DJFIU2EHnA*H8PF@rK@t|EFamlN6@>-F%KSkbqoV-5d4WN$WJ1BX3ojm@1(Nx>>
zE+;SguH^a{mb|;2JpTRBRO|PElh-JDuS(t%PF{JMyhoh8cFE&<;d18jx8KRDO_TR|
zC$CrXUYERsPF^$ea0wyN?D~Dt$%`Y;u3uc5NR00XP9FbW>iR@la(fwf^5$fGxHOT-
zn{)D}k@wRSdH?R@WuK7gT^Hi^GA4OTk301JHu6D)r8r*;ppNq%F|Sp7VrGE<)|Gkq
z=$aVciEiFLeBMWmZFcz`@8mTXWCnWhAoIp0?_4LZ=ob9VA3ScG%{$A<E7*`3D8+m*
z@B5N>g_AdiH`_;S7^XI_(#eY!C6AXAl6R|<$G<n1>gSyMoV+>Y;nILNz8^|nyOY<1
zyi}j3KjP#Sot`{?OiEs#lh=p5_obNM&p3IN$g|_aNA<+|{g#urh`dzC--AwG8}f3I
z!}T#Gc|UXV8X5wDr&EmY$4*}N#^m|mTaxz|Cy#$aZap5i&92`+I(eaR^8GO_dB+`p
z==&pbdmw-xF(jJJ%S9a>F^@EDO0JKeOWqkyUOn<st&dZkyl&*#{r!yOUF77&k%y0P
ziDt(aaq_A*C(mErmb|Ew$G^q4C6ShVfBcP;*M+<S)N%dJN?xOrSB^Y>p0&-6?^Y)-
zjy(JOX1|oY$DO>1M*O}WUeh+4*Y4yE<Bv1M@F2&BO9_eX`Abe-{omqm7}zjOZQd80
zyrOe56Te@KO9_d*e{%9dP5AkAio6jgFXvpG-y?_Po0q&9CvOyaPo~KGnUj}yUS=SU
zI_CXe@-lGn#@)pERSZ9zc_T&MqLVj)Jf1f*Z$a|%oV?Nx1p?2c$U6#kT$T~@SnK)8
z@%>5iicB6}#%oi^OLhKoij!CV?&SV?QS!Dq<IA}_IR?IfUBBl$c@xNs;&IOJUnK7e
zC$AEDM={7Wn^)=Nm0XZKzX~9ebv%EmbMk7_<n49xDkTpeg%f%AI(d!Ad&v$CQ#-!9
zoV*zF8Ze)nU%v0`_&#Ow(B-v~=G51VKjGv}Mlut>kF-qkUUkOThP+Su(cXXU_+EDM
zCbnjJzqiZrWlP?_I(bF+1OoWzm}oX{%E=qqmKm5Z=Ld&L-m?5d-ydc7;rdXDybRPa
zJ7Qj`dpnLt=-~K*l6Rt$*Z*ORFEP60`Z(Un3%w_~y&NHVTb#TR<oyJX+h*r?lap71
zybg1|#=nuqI&OcLI(faVsmFJblQ)V#%!E@+Z+=%x-cBbkj=W#m!C`90SL5VOBahcz
zxcqV@?{A&F{=W+Zex4%lb|<fOM{;{UM)IC;@;V>H@BiU-ZL{Nh#K~K{9Ot{p;rMVV
zA+h|v;^YnCWO8?kynZJy@5<!y4IecVdEasJ3jRLz=dIVBy!`6q`rtV2`u&xY7eQW|
zomoun{J!nv6(i4{Z{VXtBJap|9s2$lMc&6!<Q;}OW=G6pGsv5Ox%@(scbbzIdnonq
z)2w&$;#ViH=d6>wawl&Nd7r`Kw%Pf;(8-HkgY#27$noK$NMe3(bn-eM!S6Gq$lLAY
zHC>w-m^AOV^^(`><mGh)0*9s8UhZ@9s%ta7&qW*`f6mYO;QP1R$t!pq*AMJW;&IE5
zIeA5U@cvlt&+n;{H{|4X;$-6m8zOmMbMm@x$_&hy`Nc<@#Q47N<W+qF=g%qT_YEhn
z_15J4;#5D8_Xj7h1qY9<*pJ(0hx!{QujV$qKbHCPi&OnX-ccv`+cUbnHu6mBpQjvw
zI%Y@wvOvS%CO;qHR5g*e$>iasyf%rvZ{cy<?D&eDynf{6nB~X6BgQ(e-^-l5o=>O#
z{l80`ym)i+^VSy0yWYvGem3>|UhCwI-;><Glt|uPPF`J_yhbN)R`PJ_o0#8EIC;&;
zt4^`KJn7_R-J2P}Tf}?+mP+2sPTs_40)da)m4T^UA45)FtR;EAfm6Z6_$Evqy1drd
zo7^VYVe`K0<W+w-dHpmZdB1k@29akoG;h|)>q8#55AF|eDw7!BVJ9BCJrAYHTZ%fq
zPJ}OlHYj;zl6SI`7f+KHa`J{H52r?n@m=8L4X4RF*U1}`ymHC=8z*lhP2QDG-lXJR
zDtQe~-e{V<o1MHF$*YjOhn>8!G<gp?dGnHYndE)J$s13T*X!g3?oVznIMqt5kAHIV
zCeq}MIC(+I!>Lvx?-x$qWSYFUoV+~AtCGAWp+mRlsWf?iaq<cz52sp*@x9B*n@*FL
zhdO<Kge4EBGKsu%oV=MddBsj%spR3*BawHxlQ)|t?=mN^T=Hrp?`9`&E=}HzPF|Jd
z;Z!Cuz7IQj^J(&$oxG^zMJ2D($y-3)ia@g2ec`iCUDjt)*9|&#IjGA{#(DF>yFYa5
z^3v4(*{KVqsXJ-yq1$O;n!0kQE}W*W&Z#R&Q`hd)MNns#8Rygb3r<~Gn!MMYx{5S;
zKX>XX)8s8(cj$7dMxC6lCB~QU)YYV^+v3zk)6~7ssjE#>x5ufArK!8ysjEv<_qbD6
zpQi5fPF(})Qf;RPow}wpc@s`ubDFweIdv^*>Xx2#=z42Kojs@3?P{Y_*N(asEHKS(
ze^)qlU1{n*=+yP5sk_Ii8%R_4QKv4RrtUeXZZu8Zx173(G<835>ZVbLk6Vdmm&<RR
zy4f^&OA8KN9}B2UwY`L#y1?gBzwS9sT{h}gBu1CqZ|rdDa?{k^;M9fE)ZOjW6`?NG
zd_3;d6{pGTbLt|f!^fyZ%QAY|sVh(Oy5BQ(OU&~s)6~7~)K#PI@WiVomtWS&{(7@{
zG1MKFqAuU5Ye3z~6m`W;T{G%ZEx${hy4Eyx*O@wdjlCUp=gI44z`Vs!r`zv8qOQcL
z<J|)$&pxySKl~`PD*>I%V!I7>?2hmbS{=?0O0k3C=a~-N_!vLmJmBP=_8fk{2tPxz
z&F0<f<n^{?dUecuLh@GOiFREu<Dc=v!FD{?Hk-#Oo|b5_3j986C=hrGoj2e?jxPr{
zzGpPA@TQEw8hInxyuG`xtGoG*>u%b8)5e?62!%qM&MH3p%;K}o*|Z4`hxNZ(wiJg#
zTh7^nDz@lhcVASoJtM;=aT#8lSdMsk@9)fU5XHQMzn-^(d+LiXyztym;r07(zV+6I
zn{Tc={j!Tg$vgY@p1x`0=FJ<!r=PRw^u3#E&)#xYamj|zSsT&iE%p$C_=439yZ7C?
z^SVp+?YTK{#pM@Ww{_d)@2j|?>Z0o^E~&a`$JUC=&krBAb=xK9Z#oRc8*jbyriPun
zFm2fHPh(aMyBiw<8*6tq><nz&b?dExjo06N(@negp|8<<g^f4x75<yH<dC`Ma@RG)
z`?@B0Up72sFF9n-@ZY=`9>$LhyjQfxJ%9NopJ&&|T2p6VJzd=?sN;L}zpE=UdG<ZY
zyj1VWv(T^aNiM)t?@4!?{|xH3;bxni4^DN7&f<O)H;$RhAl){Px5goB#^&wcxog)A
z4gU7dE&2a$^Z$37Pxs#VKV_T0{^r^n_U-+jZ}XcropbhPzB&E}`}sQVK(O=hmti4(
z4~0wZ|9!)cd;$^k^r)Gpn_P73^*if#hj!hzXV32ap__I#hHz8~-Fnkbe4+HVowcED
zJ8#{M<5t;jEP&l1?&yo80{ff)qGs0(d%eeZ@2d^nyeCw5!@k|28}=O<$#JcId2Yp~
z*VcA!ZCyIL_ZIv+g|jy=3G7*2T=b<=jw&sE^OU2GT>sed!R7z7{Ke(L)n8b?Js1cs
z59Z^}<}U=7;g}peHW+*{h<nTLUy6qkb+|HyJHa)0WaWeFPWfui=nvL<d$c%yHuzlA
z_TvMShqYa@rf?a4aJ#1P!LrR|f$h10wsX!ayni)2ii@t?bzz|EywgffEht^TYg^#F
z!gI?iPD0uJhXuMyz3wfx`$BZTnic3;?sYG--AAE&!_r`8_NI}wt6$DJe9oKS?#!LX
z9^84%n>&wwYiI6nb{@6i<#V3D<dHuw{f}kACFg7nu8y4aSSZx6;pyO++t#jJH=Kz*
zFUCBzZq??47lgNL-E+e7@R{xRbAP;NV@7bvsV8mt^)Yv^D?GCL*H>-MeD%CQ?2#*%
ztqU%{^Nl<2Ieq!|a{`6;tl3ub@~J1`CmPlFoOW{T<x968%nF>k{=6%$z6V#C!(+Me
z(^tjEw}yTcipPtmMps4FZ;c-eMIu#~{4{oC<I{I$?C%cjcsXa=+7;o=TTeg2AJ3KB
zR>Y1he0oDhaJm23*!iKvWA`qP9a-}9If=*OrOC$*E{z>o{`4h@$4Y)WwJ~HeGqb9n
z-|@{qU;X_0jT>Wctl4wJ8_{s_>`8ri3da#V7B5x)Nbpnkh1&LSUxJ^^Z+K(FJtfb7
z^~}ue!|w!-3TAyEEB1W!^2b8Ok6m?N=CYzd<2`FGE_wL?m%yI&E2>|<^rAPj0^70e
z93GD6#*0>s4Q~yNhQ`K<r+&1`yb@=s{1KVo$z3wL<&T^nOpJPQSIP5xPFf>#g@+Hf
zLtMs#Z0yMDr?0ldFa554Y;wmT^Obxccyw^dO-n+%@7wn6zeLV@Z10j|{1?A#sj~p8
zx0d|+s-uoy`R-tDa9Q;BP`Kf-`fx*N`(u$v!``DZ_ja6k^^vpd3Llv~xbC?v+c}hV
z&t1Nq$9ztCUa;=DJzNr*nQM<dxb~Pg*B<@W+T7o)J!<vK(ZlCfzdW|$`PZKQ!6W~6
z&mV93QP$O~w!LyeWc$|0h4D3Ik+Sy4wyo7mFaApA{kI2#SubYYe{*0>!=*cREDfAi
zdtm>)%LC^P-?(f4vcP-FUf;EAS>Twj9AEl_j~<&9Jc6%x0({J};EE^tU8KR|p3Ddy
zU-a3lzMc_0th>7*cwEtQ5Bx($a7BB2L;L4KlRtd4JL8$|Q}1{o^U>}A`cV7aUOdj)
z(G^{XtxdkM_bjWzOa+3+KiYlZs&j1IZ@LdWaDn6nk9(&3z#Zo%;_&!hJnrYUy?sbt
z1i!2P&F|qS#MfMnS-W@Sdk;Q&?}`9t<?#LAV*i0V_b>OhrsbTcBX_;Z&KqyQEMwL%
zlx0&_tZMGqT6uLS-ny#((XGvY7iw;9=)PlB^o~${eZ!iMy>Qcx?Sav2pZfT{mjq7x
zSarsgzgxcM>rZ`r|0RL_uPh$3ciE*o?p+#qbYv=cd~oSaOWSX}@8ipMjr=xx&3%X*
zJ$g^)MW<Elf8{^9HZR?L?~=gEJJys1j|ndM_>%f39@{Z8Rk`K9kKQ*O{O;MEhqc{d
zDsC)W-+6@2Cbo_9mw)xb%=;gD=Y9<O#TA{azP=)u31dUaetzWXiAQGcS-55O%VF%r
zynS|Xng6EE-n5##Hoxzf6n*$G7Kr17Gg0^2rXQ^Rw^bNo_FdVb+wY6S9;@FIdf=GM
z?PmlYcs%pfGXi^#IxDvHfn&lCtUi5RW?<dHG3*aZuRrC>nXjJ8zYlckN$B0&{m$8s
zX5L>ISXUMZuHLZp^lUtR`SqF0)(0AwhIek=`?bth3j)Cvf4}0@V*+a$ALJ&u>(#Mn
zwBf-1(^|2{_J3;(OTYBSz31L~$GMG9W0l?brDcHw2M#U|?0PQa#?J>&2p)dd;oTp)
z?+eRsY`W?2`hE9x?+N|$6IVV}8~?_t_&<gYZVzmJ<u7kPdF7HnJ&Aq%t4Df^YS|H3
zdRS!3g5Gow{}eUfW6OBH&HiQl@BLX`A3rnjF)ScXM>b8Yomu5AO>8#K;(6lg2af)m
z#-(%DuUfNb@7dLNWxvW-@MbI8u{9bke&)6Cm%7jS%r`QhdF|{+Uk#Uj?4#eveDu|`
z*X%to@XUJxH`bnZ$D`W=Yg*4Pd40_(2O5G)Hec)=n|M&dhz_6g{$q^fKt|@0tfkAA
zXRmn2Z-=c69)84;=1z)<|9D{QwhPNH+J15QC6~UZ;=Px>uk!snF0Z=c%B!lczGmmH
z>uY!K*&Dmz#t+urwD0EnTlU}DaNF&7G~Rh2ylFE&Hg7q*<ebyacsHUi@b8>^Ug`Pf
zg_5K3UnXbO>Z5XxKIYiG<NSi-*W|zJgcCz+*PT>w^7>N>H=KG}(diq{VDA4PpP8}r
zxN_L+$332wvDpu=>85-hHwQL8*P73_=5zm_80CSiLjE@pI2t$Z_Bq9GQv}xGwi!1z
zZlW|Vd9mgK-1s`|kKo3B*1s1wHulrD{~C6pv7Zj%#`*)ev9X`#l@#{hhnvlBfxWj1
zrugk1ud$xy$6?k#jvE{M=@4%0{|atw?5A-?=k<?b%Eo>=7dO^V;bzDDA21thY_rSi
zQgmeEW~Z#Fz-=jR%y~a<YmM<Q4!p)1dI~qz?BEQdv7cUsDf{{B5A36(aFKDF)YIEd
z|C{hyWBe;(Z(Mx-?_fK>{1wG*riMRWW;Sp2u(w-+KLq3d-fK4lc09OJm*{Vm{)eQ$
zUHW<Xjg4cVd3POdoq%1=ee6VIjcs<>VmIzRhf_Az&>L`Lj=L?{@yGBO8|!Ji9&dw#
zxbeC7;AY3b?Zoy!4cl$07sejjtN$9N+!ZtP1>Ed*I1JnTH(>rsF!QIS|JSh1T!3xn
za;z8p-^=8$fUk%7+>Pu+<7?4JW6J&u;Y`zi5zO~K`)`AJnTY1EYUBUjbDsxJGyVLh
zA*+pl$pSRy)4bfwT>Q)F#B=$p+3aH`f34cSAD6NdjnAcRrv24h_S<IHBbPIu#wpwX
zmo*<iK3|JdHog{}ha3C34Y0AF-h<mZ-2MeO%%;~riK*S@--7u()^nZO{<o!n*7URP
zH_|_E`kDVH>0dPctmh{;Hs;edpW6c)`)T&G{s@>;_UA}FPpWKx9&FzWJh5V9y=`{A
z6rh98u~XKp$Ib35&WE{eti!F`Oz9hOv#(VL+kM?FFdK7d+mC;llBjQ#{<~ndRAXbm
z9cRM-#dYTWyX$stth=FM_x_!A8!z-PS_C#8(pz@3f34!Wi}vwah4ZL+%)gG2`mz7&
zdH!Q~-T&&T*Ijn=WpybEHf_1izV2ULFW-MNuc`3L`lgM==D93#X430QJ%`>ysb)_f
zIAq@b`hnz({q<uySBXbumb{gq4<ug8pS9TTMmzUrW_Nkll$<iZ(^jVZF@nFov23s*
zm_>y<_4{wG=O&cCE%A0^$;X!*@-I8M<L53o*_IsgoBVwIxa5P-l0*KbEbqU|c^tpA
zByEXz*iLpV37nL?11<61qRFl$hx{d6K5pLSrsS`G9>TX`vMuorM|z*T_hiH8!{i-k
ziFb%gb}jJ^VR}C&dB>|?<=p3PCE1n)PD$Q@mK^fUPrQHXA#=oZ9%OCfeeR^#c;H!$
zdnfyMy@SkZtdBDfxxXe*cF6sACI0p$caW>`FE@9a$GKBl&Gm8B`zp3yetE@p@4fuu
zz;)N%R(r$kx886jE?4q$r+vGcduB^L<R0HKhjjRF6Luxv8|I#QzBhslv*@#MFGF_T
z8T_G?Y5X@RY+eob#Aw`!W*GBi#+u8@ng?KO9uTd)4-V$JA?fFV!PXRti^O1JoPRZD
z4g}2`kC_*5JZ4_J@fdsK(Rt+AmT4L3%(E~wZX3B~1381nywqY^D!x>FmH2}+p3AY{
zVfv>rZ8o05^dsU&#a|M?Cgv*S7`WHqjeakt#~bs+m3sj8Z^m?;aRk#n#s@IHLA;N~
zIJutbm1bG7jyVru+GN~<DetrYaZEp9{1r@jWB(|oywOvbUQA;-zaP_^jrjrOeYmkd
ziYdMd)bm4_&KdIq1%8Fy>*tC6ed3RZ9}{z)bC1A((CC$Bd)^B3wJI>>&5q{^<7Q;k
z81KULI%9rlsx{^ZlY=z!voNJsqK|C^H#;vsrcuM?N!yxfsri$s31Ujy8t$BI4o|$8
z!|j^3HThD*eGKclJU5Gr#r#_<%;9^2wmI*Wnrn=?E<RwqANBi;`S18{F+Lgde77+_
zBz}oTKHq1w%^x&1Z(=%XYPdRRTf@gVey;298}maY|NSsCL#U^1{W8?CzX1KT?dS8E
z!?B%cYPesaZB4PM;fGWHzBhA<P(#}q{@yWj_@VViG5#rv*Ut~3`;ECx-fqkfp&OCK
zfA7QX*V_-k+@`qyXMY{0y)-|ip$*{1{%kyVfkr>>2C_Ksrhg@ker`+rTjSQJnVK-B
zCDI=;{anvqFn$43{3$!{x!m6V-SqQye{akWVws#5^ST8b4}2=7JfhP4P{w@?&H5e2
z*I;_BaSYRX<J&N8GQJ1X2aLH49yWd)(=OwuG3_yC&9lZYVETC)%Yp9&+U}$Nf&CcI
zFs7r%Z(#b*#$2x6`w=zM@T}?oHKy~%togk$KM?&Vjo0G)g|@HtE<DE9+KB09V}4k!
zGv<foJB;}ux5fCEnDXyS@VUL1ep>opGv){CZyQfy`i7YI`CR6_MPqDyuhDjF-aZpG
zT%Wu^!}?9AS&myS7aAJ965BSL*S{+1L;6?$b$<k1x#k}wbA9JxgIt5x;XZ=qGXJR5
zOi0a7#J>>#O8f`$JL09B7xP-)d%^f9>F2Uw%?X(D&_z#T%KLNyrfZF-G39;se*n`B
z;v(_6#t}@<H|DnU9^?08dYLh|BW5x4dQ79ni<riY_hI@$V}2Na#F*P#hj9-4l5rl)
zWy(yxkJi#Sm9EAVtKV}Srd(C*zXj8L<3>!+Hs;v38JA<q=d<3PHD}<s&xV%?WMF^D
z#?2*zFM`Hpn_;$}5WNcjK`X>9!)zyETK>Vh%?z^NWO_L!lgr;`de1ePrIN|9+RQ2%
z`yRF^Zq}TCYtFNEi@06fCGHguh~wf>@r0P$kbSK=G1s^4=X$ly6^Fz{V(!CjeVMpY
zTqBN&d2F`NZKln8yiMFG?h*Hkhr}b|aq*ORR=gn2!n(3!$Px435ZnGjF^|i(KO(LW
z^WVqVnp!cB)3(1!+$!!6cZ>VPgW_TFn0S)T!b(P)5zmY90W(n(6z7Qx#9=Z2wvf#)
z7gvd+;yQ7oxJBG9?h^Nk2gGslsF;7(z>aNNJSSchXJa|p`v1k=+rU><U1{U@-h6<)
z7f3D<QBcplL`X0|2nYc|Zvup9LBofLR!af|5)CAV*n-8D4@;ra7L;-9lsZBCc5KHM
zwYJk~nGT_r+BUREovHT47Od5_qch0V);gm9=UHd1d-pxLQ9JGY`+tA`cfq;)*=s+0
z?X^G7KKq=U4<3sQdk(H}aJ7SHJGjBYH#oS(!CemC<lvnSzSqHgCsbH3TRiOG0}g(I
zxX|zGryP93!7mZ>Kni)y!TGRldOm*}=Hv?DyR8hDIe4;zQx2Zz;H3^;>0rK(*=%lf
z@OB6D9Sz3mcJM<E{<?!7ckodM^VxH=!{@RM|JK30nr!-*gZZ4a=}R44>0sWg9mcVV
zQt#l!4sLXCn}gRo_znl}a`0XU^S#(s)?*Gn=-^%lKTWLH1fD03`hK1w=7H{y5D#2T
zmvZ5q*(PIiO<*XAa4kcek{FKB!$P4_;BnZPpJ~iDMdNTqB!yodS53^`L?~Q)6|l$S
zBkf_=P1}>>E#hXc1DI<I6SH?U6t2Aku*bZ#har)+$NX-6cWN2}5wpkjk!!E$9KU|F
z$K8x+tS|Gs_E-nA0hq=gQ=Fm_GSacfVP^LJ9@w?FN7E39nC;IaMw}9DC{*Uy<8Uy0
zy}+)$do@k7rTzP^>QkC9*|9fB(^%hMU~}zp9pehqD8I%=%)X@b$NLYYaY}k8-fzL7
zy((-J+S@G1|6zTZE^8fxHeNg^U-l{TYwec@z1w~%)R$`=_Ai%@)_y#%!2h&8t|54=
zHZgm=CgR$=1B*-^muc^8Y-Vptz#iv$`=cUln!Skudwh=)*ABD?SJU=*-3tHH{yl|?
zmmqFp_O1-r;|U2|6nng?Z~n<z4smP0U-e^eMZn&0$DYj<94~hS{ClGxd%T82A5z#T
zm5#mh5jX$t57;Zh&S-!9V?L|zX9M=?VQ&+3Y`+T~d*2M$tHxlworYA*-q!;5_`JBy
zF9~qXzaObR8zNtay{TqQd5oS6@J@l3VuFg5%X4V_51GA6Oco7BLTEf*Ga|22(>8&3
zsl#I$w-WF;f0=v}ylRUeB!@Cu?fEgB$M?fafJYxvN*w8B+NBISYnMp@dl%#Q#j#*w
z<&F>7>+pOY`;FIs%pOnEY|a1-je%kY@|u`EhK@S45<7P#6yu?{aash7>Sfv6gPnFA
zbS7qRP3yW9nY-WL`I(PtQ>N;JPVfAj(?&XkN==qR%W$rIc_{Q&=q>y=H~NM{Q(kg2
z?p(|BL%H{`2K`Z6l&Y`6QMNK!v?*CUGS4gZP=|w<A^n>VVJYjL)-#c5;nZ_Au~=b2
z=tM>F*q>L2$BruF<pJa=A2g!(#ThRKZhpLWWh_*Z3U%&_4cx{t<t?b$_`B4q%1~jd
zp<y?Z*6r)K)g#!lFV)akQP_A*(a!IrQjMYfRHe5&mREOH2zT)zsi9%<#y{-3rZRMP
zDzs!@s<9C^Ja4ymkq1y&xqDO6>zL%Bnk*BUJ9cZCrxq3aWe!V)uGxnquVXjM1ZUIk
z>@wj-)xKB+WqM6DZkYwC#)jQ26E-I8tGvV`Nbc)MdYhz7y)XZn;>sUu8y<;_8|1gl
z%oy)zf7)(U%+aR5V4D_(j#`^m$1|-u?R>WDF9PivE5vQdCzcdn-+BF_r3KpuG%T&W
zZor6DbEo`9?=7ud=%udl8X8KDzls}=eMfNDD)=k5;MUFop~jZV<#R(LuBpQ!rC{zQ
zzs&S`A;woM@1Pf|stwJ|ACZjCTJnoG(XO9}#3DCFQ110DxKH`|6}UyTadl;5(i?Hj
z+>21|n6HG#<$;HAW<(JBJN0VqtdLia`y9i`SrMc{=lxa`q2#PE6<+<V<d7Mbgh+B0
z?bKo)TwGim32&NRoSNe$Bau|nD`yI>5xspHawH>RjOXN{knnMxd{c86wnDRu8y9=E
zkq9UavtcwZZ4|f7;^x^wrz(>Nqe*W<0e-wL<VM_y!QWBY>4;~gS5_U2MPenDrCU9(
z(KiuF>+W`Rm0h^+ymE3S_CK$bcM69>o04I#Y$9~tsI<=f0pTz3L?fKyL7Kvem4f4t
zh{Y`=4<jv|W|(}#<mST6WOuockN!=UW99v^oN~3pkdn&|7d9-*Zd)LScnr2AwiGr>
zuDrZf$h;PkQ-tjjY|J|c8-;pe9#E*agU0_`Hvg1%xLAFjjgXSdXP!K<9T-x`A?6~K
z^|h0+TzQ$sye@~B3u5NQ;Yoyfi8;o|=Y?WQE}NLYgu{?yjU0|UF4}36eo=De<w2hI
z8B)k0wz_!0lw5h;cAyQGWecfy;?qC!-Et8XvHb$;7x9fDC6`Sbiwr5bIIIi(d%JeX
zwO`O4#r%0UoOk0h>rH<cQgZoB9XXa}A^GMHuh)~K*X`3>morE?3@QJUcKG)O`lEk$
z$XV9A;k=tRd^a3k528PMUC8(6-QG!9yP>OjVe<!?JJ&T|+upfyQdRKoz3g;6-=1~L
zVIcbyyMfPcR1BoA>qA)I-iaqKL*se-T-Iasaz9;Xdskas>-y%EK4CoKof>y;y32Mk
zT?PM+yzE5tKihiRD^vT0WUB*JdE3NHJ;mbE_D(i#R^e9hOg-w_J6AMc-`v@rbrWR!
z+I3w`YrAH(ujy#&w0k<m>YCQIE)!3#YAdanRMpj9g{~0ViiuOY+VOG%Kf<JRq-t_k
zJDW?Anw&hq6Q^YKY0mPl_ExjhHNR=y&2twAqI0t1^RkoYEzVA!b4wQcs`jpcW>GWl
zCiNYc;t;=ruU1giqUJ6!`DeaY(k5B#Q;>JQ7tkgG<CpkAfAjbOc1QB$>PtqECwEP`
zaXV=Gx;*&{vYYN@B0zcR3D#Hly_a%yfL|7fmj~iJ+s;T{)>qA0UPUGmC{M1eWK?;w
zAadgqG7;fd2I3O~@v1<4QXoD#5a+@yBY9bG^{0PRGl@WXSyw$6w}q=u`}5yhY71?%
zZwD!hPxFEP=4E}Qj{dn<a~PkQ_LzscI2NkB?o09GLu8r7ID0mZ#VeP+loYl&{@HaO
zE?MKaYG}(qKRzsdoypHXJhU7<3VCsi*IOm#FYn@5<b7D<T)xFIUO%dFE=A%YFa2Fb
zPvXh+d(pX!isP>d4<Mv)nH0xe0e>g4P>6@Wc&IG2U*p^}<EYiwH169UoBmEOmo9OP
z*Y9Y$AFl}gK;yo>adJ-sRY`1djMtxNy5D{i<h~86xa5fA%GxhAojn)Fg7rT%?x$DD
zeN$BV>66kAJ#c1-<Ejqt8KL;`OG4*p-1lcnD3KMPntnirhji(!%z-d-2n-yMFi8hA
z>q6;lI9jDM0tbkFH9UZ&k6L=D${e3&1rAC)67le32Od4-NVF-mLJu?k0meVH;1~YN
z;bes!NDRyg`3MIO1E#{^!B_c*3Lo<zkw!c`tmx7MgX|AsXSxcHmu`?B!(5^pW<uDR
ze!@D{@D!lLW2%2zNX&eksfjsmh@)B-XMFy>nZ=b7C-4Iyj;ap~$l(~}{#$}V#v!a#
zd^17{^>+G6JO?`A7dm|4G#@z42PU60PzeV+gxGu#KcR;ka+J!_qf%^&(b!5x;Riw-
z)%Ib)`-13ygcv(7_eXBTa8=SuFo>rBOMQVkn-3-jm^1%SVm1tfII3+<9yxY2EJ3AN
zuQ>I<^cmF)m7qere9DcOa|ng^64M6?@3Ax-_NejuEUf)PyJ2k~{%s_z_4SC=H^5NX
z!w-aQXnBRNc}carmBgBN2C?qr^$uR_;6`FLB%}?S;q?x_gP7;PkX_ge?{)Bl#QFGv
zJciBiK?nCb_-O|}Ppl1f%E50qSpLqY9J!}Rv4{Fu-U<iHJw@y&2>;Gz_cO>nMXHy3
ziWJM=p%lwKMT$2$d3O@)Ik?<Yr1*1=UhXNv_@u}^MT(ywN3q;fr1*rRe~DNJlH60I
zSnerO%)bX3XQYGWo+6A}%4F&lryMNz6scbBDN-!=6e;d-_#272(?jH*BE|f>py|6E
zEcX;CNA4-&fQ86CMT(D-ulTrw<(?wd|CV|l)F>EthUK0j)yq9aishan?%WW$r%18f
zQ>0k#DN-!=6!9PmX{3F{a!-+Bxu=LbC`9flQY`lrDVBSRcrb;?Jw=M;o+8BuX`hn^
zMD8h4EcX;CmV1gg2|?tZBE@n~kz%>0sKn=R{thel94z+~o$Yhvo+8C^PmyA|r-&0U
zMD8h4EcX;C?xIajsE|z#mV1g+FZUF25`xG*MT+H~BE@n~5hrSh+*73ZDcV$gg7`e2
zBli?3mV1g6%RNP$Xd!Y>kz%>0NU_{gq?7h!%nkM|Ps+h^Ptp0l9l57SvD{OnSnesp
z-)<>#PmyA|r%3T0+T<T~A>9s^dx})=r@r&A2MTt3Ii`?38Jq3~jE2xWBCIBHN@AhV
zdW;M57-xQ_xpAGoB;9O)lD2oL;uMvTI~;qQ>doFVVAsFdi0jk^l(Bcc;uMvTU9iVt
zkiv#0O56JguxoFgrXdh9UvEQ<I3-%_UygsAcFn(TVAo!QrXdh9d!IqfwfC4~k5jAJ
zdl=ZYw^*!Xewar28a86K6{SDk0i?0L-ig-(PO#iu?fhhbcZ1qTAY%1>0WsI!O2o^3
zN*3=VVs5(}M7vZ%m%_$r&e|mp#$0>5l!HLT%6$_t*WM||9;Z9AcVWQZQKYRCOa719
zI}be9o`-qQ`~yte3*P6#V}34s!TVeq9DAJp%s)OKg#YRN^6QA?YQK8uUH>*Y_Bj5{
z-c12}&m%q?=_ce+ngjM8cI<IFG<(|v_IUi)=}+vKy{!RzCt%O^OY+U$-hjQ?u*dUi
z6SMc%0ei2(UOh-DY@8m=-j@UR?tnc#bb#ga7=9sOFNNcj`R6H*^V+uq_V&Ua(@o4j
z`?hdO6P7ymlF*rd{01lfr~CH+?CEk&a+<woKq5|w7SH#<p3SqR(3!oL1NOM)(IuPY
zG<&}a*xTsX8|~QpeZU^qO}eDWvd8C=Kuy=<dBk;@lf{b%cwA%U>JL6M=Gx<$OApmq
z_QnNxW&QA`1$eW;%T<p#0p3#Zl2W4oW9_#fz}pC3u6go?0FP@pUD{>U<K_Tw4|ulp
zB+<&{vzTtXe6AmR9}n=j7R+Uj?>%<yJr15O2ebV9LV(A0V=mq|1H6~O%hk?52=G|J
zT)dwJcwBSpDMFTiFDs98GUWpBxVA819l8AuJa_-P4!mk3DTmR4@SA*--Qbm31fiwn
zfrq3}O4GJuKboO&Tib9yJv(6UACZaodz+ZOqJX`}VUN5Nh@1ym7VWXEKuyanXp{>a
zh1p|>DyL-^1_9T`HPBRGqrD<*oFkm<p%glIsu@9=!KQWkqHE8W|NHLW|NHLW$rvB5
z*jVBCBDQ^!yj=U_CD6P3WIN)y_Q~Lw|2yz%v6)!84BavR65@^6I6w1zq`xsg4;jq{
zXldNEZo^vl=Erv$^Osas>fZ6r_dXtHLD=#9HY`Isz{9`59Z}=g{dwQ%&T5(PQViRb
zZBOZMys&@Cvw5gL9@h)(%Xi{&T}gZIH2y9E=iQ7y*EeL5ztdC^s4$(<(zLGSkGWTN
z;w97gX#mJOkCzG-=!}=E<Y`zb_Rsdi<3Z`Ww8lP~jcw_><hOvg5!<eJ$$vXqv?})0
z)W^ax-hmmrd(5QsCZeyC-DQz(yfJkDaNc`(!xp^Na^HRWYRlyPJE-(vlyzjtzUO#i
ze1wL?)K~4hZ)!YVb^ng3@uC~HPL1cWq*yJs<=CodDir(im`Njo<&FfW0^ACO@=nc>
zi1^PB(>6D*v2kb@%yq5ldHKh%g)C#3QwCO~tX;BulbW9==H<MLYcg&L-3*(abv2w0
z`Tp$#RaM_U^Sc#OYOvOr)Los|jlZn#AC7mIhC`u)q0r$03h;_;*{i6-B#Y`5g26C-
zvn|iR#$e<5Q<a9qazF8B^ZUHkw01d4UNxIFT-9A&h?1p-g@Z!#3ud0B<)7t5ws9tL
z()#g(WnYes$Dyk<B=+A^dv<KVngMvfa_ZW<8?W&`_*XL)!i(n1=*2bN)dl9owkYlw
zRv$3wq%oQyjr%FT5@m5MI2K#IhQw0-fi2SB(`&NZJF3l$`?XP;UoJ38OJff1MTcQ0
z*ygm&cAlak@fB-ZyXLRF#9P(W+J+m6LcrH_;FV*|X^rUWTGuwUnTmN9wKQ2Y1l%VN
zbh+|WT{0z|jrkDI&g$#3vS!~q{&M6@UTsq-+1=<@_}R#?BuCi6Q0Pcx=luz5h`J%6
z`9o$7w)@eMb|{m^@lhSlqz&7`9m2O_+P&u+8W%epMq_TR!=DsmfqT-ko)t*@w$eBC
zKj+)HjBj|u3Vhp!8uf7wy4?PC{D0HGBaxT$&g5SgepWkl%*@q?de8iB<4x!sueZA_
zhKU=M9gf#E*N0~gv3H~w;@VwS94F9OaV#+0`0+z!;o3t*83UN8_`ZKMioeqY-ep}4
zHTO@>7fUrHZo&4KSc{=lE>S7LkcR|He<7zFN-*S7h(deP3~z&J+c@tAvn=EHhixea
zs)*g)%F|BtxtxA7Ok&f&++|-*DMJE;{*cFzf;mz!4@%VYkjjvH9_m<M#(8L`P)}@p
z512x|hmHCqwu`V)s3$f)r&tR0CRP{54VxbfDdZE=AKJG|S=1AoUjO<dd}7llfGN4k
zeK&1ldCdp5NiH9#&*cO4t`Ef4R-=I_^o`is{N1*d>p#n(oj5jYbM_;JdScVtn5LfC
z{0aJL{#*nOg?tn1FUAe?ut`4{QphJR#74dT^-c7|Hio(6p^#5(`buD{7pE1|^HeyD
zjr<wdXg`Uq7Mt;B1HVW0T*6S^$$z#x^IJ$hmp$e`eV|ZJ%*%r0bE!n3p4jyBfXyHJ
zVEXp~oBuZeoBzul{z_o;e=RWOo%}BYhvivFKI>xsvpp%)6LY>GKiHn8pNll}v)<t^
za`cOV&42z0(dx^3ng6SRDJ<8-#th?z|Jd<kewM?A`N{g4{t`#erJd<(fGPBc*!&OH
z*Zf~dGUT27uLg(pXGkHRnEO}~8{5j-X9+OtOFjFS`zP^7u~C?p*nGQ_N(lAD#n{N-
zi;a@YxBqE>tj%|#eDmkC;?4gV{@{#7`h%g>h5I$zoc$E+NB;SN`rtS*{k2FlJ4=C0
zzuM8a0DIVIXFE0u`;OT9`jfysm7{*QV)peOY_v)I05%FaCbA#B+b1|axMEp7F1O5W
z?z;Ml*@4G1GHJ70S2wTgTGV=*JwjklXk;k0ZS5;=?w`SPqTJ^F^PAjha-P#qQfG4x
zXK;GP>h#Tm^QL|iaFUff&DZjAfvks1G7nv7^%rmGXvSTwcn-$uD32Iq8Yk1X`U>Y<
zNtWm8)|KcE$0JLi3MqX$qmRu#jDUq;U-dB%B)IvVp3KhYB)I&n{>{#jmE`7e`#n30
zo063yGaLdL{Dl5q6ON9^9y4Y%d%!r_?9pNgPIqOO-_IvK|NHOa=G_As$;-N1fD?u-
zuY69POfxQ@(?&-A_~$)%Xw699=Q+k_5`ps4r&7K;PnJv>N?zb<cHieOZ2GnQ(=(ZY
zay{SR67tf^GRt4%CL{l>K%7%|M*jTIb8z{Wk-pCd@erDkKmJ|o!!wzI`o4R8P9VK5
z5a(enBYB}K<X}b(7fyVBqePQA68QXvji`jgy>yTJ>B;mX&pd(P^BLD^{;MQDHvMjK
zs(CWgL7>9;hb)4S@f{lHf{D*x{I$jzF#U6Z_#=UMkH%LajAK0hFp&P!K>US3{8f!}
zK^Vu?!mu-BSbi)Jx92sOjp-L@Iu~tmEW0ZMeE09h<j)GE^Ijzi7g=%qReMoZ{PIwf
z#<@6%b7`C7FqM4(Ld-epWYU}iNk*ADIH*o0eqe@}Oj#TuW>5!W+B83O+6OItHI+%=
zXHpPJU;DIt{@m|pOJfjSj7;e$=j1w0|C&W1b7UYhWH>U7^W&ZEE3)2jzbcbKD89SM
zYcUDgDG<A_UNBd4Dt6yEqjq06Pp-ogd;%A7;YuIJh`AzFv3sqBKgm}Lf3lB-&odpB
z@L(SZf2xm#uhXgUrx_b%aiBqj&oe=Y@Mri~_%nUX->^<o!dEPO#lqJ!Vw$!(a_$JH
z@B`sY71p}&<jC|MvHD!<=*x)Jw+dnmZIeIRA8qG8{%Cvl@kiUOk3ZTzf3iQ?*M0oa
zKJDX=_FW%;w2%7u!<!-@(qBx3NPk`C;~0W)t&gR@^sp%YC`bBBIkdy)H+V6ofcP9g
zZ-f{>o*xZ`senkiiltn|Qm$etSFx0<Sjtr_?V#9$U9&Ikp!z)Md7l$6(9u8Q^AU2F
zAU+$R_)NnPX5+I_35mfb6Ct3cvG}Zd@maC>tXO<jEIun1pA~zK%~A);*j5g^$9&*0
zH9XnDq?WLP5b=LN=DtyTwnhAho+AD$7XKBC|BA(b#p1tW@n5kATV`MUSH1YJSo~Kk
z{wo&$6>}9-qD$Ek#OSEG2x-&sI0sidnA3`Jq#clV26VhoL;Y-oTm{oU+kiN#bL<$^
zvptBTbP&Q5e)8Ei#8KTJ0n^Xv(3U;3Bkjq-1(EhtEbXaS+Eej`;FYkV5W2!=&{iX)
z--fSn@KOgab1-*f@^3)Mej#3okQcUSpFR>tbzbFeOg;T2w&&xxcA=iW6Gz=+2N!w}
zsjp(GuVSgMVyUlUsjp)0ZzXgPBK?RCXFa4J70*VT&)HGm;NWW=Oq=8^M#$kp%(_c|
z!9IPI{?g+Grz)09e~F_k5OO6p>ghXi)IIjWCPnJ2Sn8`->Z@4lt61u*m_Z3E4PiI)
z{r2xgINHJDv+Bi9#nKLnWjq7(&?e&<xE`2enD*%-ar9FBK*nODp8gU?XW$1S;{kg5
zF5_XQsO86=lal(vK1J%QSn8`->Z@4ltGEJrO6UlLL#HH;??@n|uhi4_0@ZV!-mH3-
zvqklvK)Bt(JcKYW%O{RrjvvT{*l7Qw2$RI%&@W=!ucaNpVRuhZ4*eyLrtkx~3>)(f
zS8V%89reh&1R?v391In~miKzqdkBf6I^LF3kG!m73o-JRDz>~GsxL!GY<<V}V%|Fu
z-bRePY**qa2LMFcnGFDub{^`qGxX_phCbcS(5KrO`cERSw6kJqXK-@1GdSsX1}ELl
zmEwXw-oQz>GdMZh8TxcPPxkXlJ0owpox#c3&d__vBJIqAAkxmrn{H=ta<(({>2}tA
zLE0I4cfyXeGdMZh*<(rC&Zrdg)nhC1oOXsj-OkXb+Zp<FJ1drU1}A4bgOhG&aMJCp
z#~m5Z;H29b97Ow$XXw-ItaG@uGsx+71}A4bLy!M{JL`NX?TozXb_OA5J42stXPsN5
zosl=)&fo;wS?0q83WdmcKHI;bJsa^7#fu%h(!p#m<8YrbEbR=N`Op#DbM%=0gtHyt
zD8;)GUPcT)`;IuuAIMeMsAqo>M{Dr|c|SJl*+;}t9!Mc<BkECQ!Dgq6dacVxl*2wE
zHk*K<FgO(YZJ0h8rXPk`wqcfMn05^Vrl0o|J4}Q~UR^5+|2$vsAqewe1u4T8<{*Jo
zVhgkJAl2By7YGcch_UZb>am4A{6HG8h0zWs_ROjHuRch*>O(2{>VuS}K5%z6AH=@;
z!0}){G!m;1ZNwgaAnUQ24|foUsnzG)74Jpd^bb1tG2#e*AP2D-?sf3f4u0OjryTr-
zg9oBav%~Ww!=8gH99->SKJ#XLdCol#h9UBtI|mD-g&f6Q4&LP8oesX&!Jl)mJm;=<
z<T-c6PmojKm-Uo`PdNA`2fyave6*$ImFL{m&PYcu&$+99vZGHqSe|oNjy&hCc%{RU
z=iF7lk@`a4XL-(jfRFc3uejU6@|?Ts<vDl7k2@TB&RzA#9lbo~u6jO$W%hBwHI4bq
zm0j~0PJEW{PpO0DId|2|bMA`eId{eKoV(&iCvTgB*E^WcNLg9(oV(_g=iC*`bMA`e
zId{beoxHuo@9}-+^Gf!vfae`7&$&l^jy&hCSe|oN%yVwb>p57Sb61W$=dM_ub5|_S
zxht0E+!f1n?uxq{o0}Xg&$)9Fg2;33x>lFx+!f1n?uz9(cg6CYyW*#4Q}GE0%X99k
zm*?CS=VLq?U!HSUy*%fxSe|oNEYG<sPC0qyIrqW7|MHx>uDw^1qgbAES1ixDE0*Wn
z70Yw(io2b>@|?Ts`HYm=eB8lD9emuuzjE+z9n8O8n;rRfMv?Eod^-bcU5b1=L$Q22
zL$Q22L$Q22L$Q22LvbVRE0%9(D3)($D3)($D3)($D3)($D3)($U`<GoZ)YezNc)QA
z+Zl@G+Zl@G+Zl@G+Zl@aUUJJj5Oag!5(j$@u5fTQF%RsJ*$!@S@C^=bad4M|H#vBx
zgYR|l=N$a7gAX|P31VHJJmugM4t~kOuQ@n>U?y*ogGV~J%)yf#oO19y2QPK-N(Xm1
zc%y^2J9v+SyNQSS?fh<kJrHqt<IonFj9*LxX)(-Y3~@?RHerp!>1Q4`=4Tq?vd%$h
z_Np}vfr#0gikNF}r(+LOaN6E7VAns|HyeOye7)inm5_TKd)S53_BI2%_EL!JZVZ&M
zw^4D5O33G6kLx+s7sDZK?=!%zy#~Z{*}F&cq!3b`a_sT&WbOA4z^=VU#B<quRP&?|
zQu5J3<{u9oX73oVYp(<GT=tG=o)kjLWXB$-Z?pFjuxoD<;w;z1`sPI_h*O%d683fh
zv;8<No4o=UbL~Bhv|RQ`a_#-ru~+QayC7iiL_hY<4cNP5WX3;EdFJ2rfW0EbK}`#J
zluH8kc-@L?d)AjzjoEu|z#iAhu2^(|^0+Th`r};-9(H>!%|!a+@$aUzZTls8y2Oxt
zRu8VjiBqD*S{(I=0ka+$vgvy8+a#_%uJL(ZZ({at3)t&|J)SSo9^28{Mb_|$W4S59
zrzpx4GcbF12kh;HJ)R%Y9#7@W-dDiG|8#wKB9cJd#O(1M5X31>$cK?qVA}JrnY~`{
z@IP&j=N7r@`(5Z=du6a^^-VhVUQ&Bj-{XjLt~8+y%8LPeDcE}udiqB{&A-7g1Zvtp
z{+;R~#7)fJS<n-wG~ri{f1{x@d-m=G&_!kd<noW_I<7rl&@}(pe`b&0^mYB~LY&tj
zOvs~L5wQ25V~_1^_L|im0ui3qu$@iJUSq&sgXf>$v;8WtnY|CIJ=;HcKE!JvCT4F#
zz}~%HroQ7rHhX`q_7I57!w#Cuzq<nVQi+UzoCnR`qiWCmTM2us)HVb2?@IxD+hNc8
zqsp=OeYJ-`gy%!K{QFM8US%@lpRE;Qu<*RvGyixVwNPy{F#moYu(uxe%)cqhqrLx9
zdk92$4wcJ4zO#Y0Q$7vfs>t|P4IR^HZwUP1_+uMTc<%Lp59OCUrjJsd)#JBF*c;$6
z%J(TSPl^#p%P9Z4#XR6ku`!M1P7B!Eg~iBcp*JCqGC5%HXlcgYOr)E=s{{6Uj*-jW
zl>vLzqcip{ckHzU>>Y)@2k4NB`L`lquX_xRJ7_T0w+5T}_aU`s{l@isuH)qg0`?xn
zWMRk4S&qFs)t;>hcEKLo*Mxn>Z4Y=zO3M!rVgH+uL;1Yg^J6$}4$OW&*?9ZFW1Uh;
zd;|X70nGZ&#b)*WO2FRxVDBMpCT8!;0ehRueID&yfz9l3Edy#=20(GZQJ6i3*2W}1
zUgD4G`M@wO_KFa4ZRuo}zpJ;J5u_RHT-W42mhQdNdkiK|n^IlvQQrBv^p-F9PH?{9
zQT@KqXR==aB>H#%;{~Yoh;PF7P(c5ej`qTVmvT6fk47)EhR>1y-%-`WUfZA9=6}bJ
zKP6A?s6Qq5pPu)Q|HIqwPj7+$SqsTyZ%)LWDPQs5l@OPAB<Od<yhGlBs$??p&~sI>
zJ;R1Zsw$FI-+uFVqXt%0l%iJ-hC<1T#LikD#v;jid+^hiNVb*oQ)BU-A{tw`uBoAE
zrPtiq+1^><wXXd@Q(NmwudR9Q>aG^n?3%SVuWkR}T5tZ`I<E_lHB9$bv^1}{*;{^V
zYuie%y`!rYZ|?^0>Y6zXUJGup6qeV~zHVLX^0p1$+V(DQ-K`xR?VVlC;CFg$yff14
zYWLRhwn{%=hk2kD+P&qitG!iVFI-gP-Q2vvTgOLDq>K!AP4l{SO{<$>tKDmBU%NW=
z!S=RQix$oEu36W*cC}=+94n#7)P+V_X+EaGI-(7(S(~F3;J})ut}e+N<Sa*iH@%;-
zZ(TbM4*SKY+mhw`1^ON!zO3$=t7a{};_9os`3=kFENxgk|LWPx=1lk2G_Psz+%RE9
z``T4#k&e#x<!#Mt=yTR{>gC~=^FEOu8yd?Wmw#_~*Ql*0Cg1H%^5zbW)Qt<phK|eM
zG-@lpG1f5o?#jxpx$#Kh*bvgTm4z@M>O&)*j=s9QKD=sJMe>J{G5=hYkR#kd44?f|
z>pYZo;_8F7kH1;f{no{tfss(iqvVM3K`zhPPyFa$w0C~&;_7h&eC`{kWAVDY(Ab%^
zd7<9Pv69+Zp%KaNR{i^l2?wK9(`Ux=p_o4y9|;_10~KtRy{O;k%i}$}B26O>HJx{?
z>D=d<hM#Uar~H+wrs6A}T-X#pqmRPB9Jy!tkg_M=n=C(BQCod-YE|ULN4@%!wM|7Y
zJ{EbdsVJG?RSDDu?;MB^ip7&nL-AC5#jL8PBDmBv^x1GM_Pw6^C#w?0N5^?Swff2F
z<LY}-)wfpFhN_<&F>36%ROPF{^-o@0I#yC@B;``1)YgWUCyH(yRDW{jpt4u|{10t8
z5~)oL9k!=%*p~{O7ZRKo`u;`J=hx<kkZHuE5xuN<EN@{V9*e&?3a?{9*VT51e?KEq
z+Z~#_<ycwIh-7)s?+-+_{p78x#L$OEJ#?cPi$xA&EqWO1WxV2`kn1D9Q{*u1Me6ty
zNsKs@IPX~E+~*R*Pbbca_jF(qkojbEe8|WLKX%vIF`Y2B6@+5TeZOHNkr@-2_maeW
z4xaVO_f9_Z<ga`F@JRWBX*E|&ye_e!=`<aW<yFq|PStK*m>AkHYU|ucr0|hYy3LP7
z?m2d`ZyU|O{NiyjKk{;<_w=wcW34u<!#{-9#BLmfRy%dMm(G7C@=!AE(azh`9W?B|
zG4_swaYO1J42@`O4WAlaT%8#6mC-r*Z<ZP#<E@bAEJYRJgUN%ZP8ZiFUN21^dUI*b
zwU3tO%=@i`oA(o;mPA>Nx9VVPadgVGTW)&m^pD=GPmFnN<gibKGXA}JK_<_}!cC$2
zn(75hC$<#d#76)y7|V*Q4!v1Fap^7Bmts$;4Hf2vS|&~(jS*QJioO+{bZWxHQ%QbE
zFjjzX2hQ0#=8m5q9CdI+a(-;)poNJ%@1jk<9mEHhHTn2VWba*W8(naY`G7WB2DcB6
zKA1f8R<bE<{Nwk#{12BHpZ&2YR9_s+^O>EAl9u8dhp@0@qS)7!*F03UvwhqUKjzwb
zf05ZKtEsEOVy?UfAMPx`h`;jc<@urdiDMVn7KBoDm9=v)Lo7{P`)J|(yq4nClb+4k
zi$$s@CNY7`K+$Vr^%F-du1$oKiM-0HO=%C#L=Gg~axXi}%0+!gNjb|4LesCp{$_=Z
zm~<FB2gWRWJM!I8KXvnevcU3V9~#ORUmPyRK7}ce?ZNA^3<rhA4LOX9gB(Zi5#6Ff
zp3;Dhk9HyrJ0p2{p|Tq8kMM>2<G@#*IQjIGzv_AIk$6vv$K!a<!;z+;hnnKYnu;+^
z{o$1(k!hQ+*!^t5nE}Z}$;*X1Ye&c9+loW=yQ??bZbM%Z=^ZpNqP!-V7+yXxnK-9B
zkxUFLFHR=TE)U;6WX)jAM{d5X{d#I7G4xO(ek@V^T%zc;SK>VlzCZ3hUOX*<eY^%u
zl|M6o>BNSrtxFRPrFT~*Jsef)W}$AQ<2<fZ7bo*VbMGoh=7lk@WPIB{_3(65JBhlF
z%d1b!eY9vq)zadz7vW2t$?mttl>B;JUhIJ}UwKb`@z}}HNmY5Foj-OnZ@V}I_9gWb
zr{ynAco!YqHYT+3jibGlWyQZa9m`7&;h7osqJznz5&wQ7SyUayL9nVRRMj0yr+MQ%
z?`Rih*w~=h_-DfK;j(X5bw@Fs_<1+JdGu$MBpvMH6dX<#Xo6QkU3E=;aWY@`6so+g
zrN#B(D=%3(aaw`*@0Hbw)To2r_@Y8s<5<Yizul3ha}G5PJJxjeb4?|uaiqaZT&{TK
zx}Mg38y?{poS)ahX>+(vn+q^)>hxH?`JU&7o{3=g-+d}sJmy=G!}CKY#(TcwM{pb)
zI)AY3o7KCg&zyF0>E?#<_zr3L?#{%yYYJ|R&5tA#@A3KNPd-#N?1my6LuF5HONFkS
zu`n+*V)m8el97;iQ6=^?4$}PJPyQwHx9l$4Jobk9k(sfKjeQSw4%-_`+t{~lLg@8N
zcwj__PM?AP!$(SSNE~s^Vc02X*}eLbpYPmwutHs~-hArY#W>tyEz$epfq@6dZ9=)j
z;%~KVzA;>z7+(EIS&#4QlFq{V%`?MgC;jM%H@<(QHim@_KZ{z~H9c872*=ASlYZ*_
z!83LC8T;(gSDq>G#veR<7WYHG0E&HrFWmYekB`_V>ms4DC#AzeW&0wDa}Fhj9ZQ`3
zT%zQ3Vraalk>AQade$S~+xN`wUvK`yEk`2H=DnPMX28z6(ZdGS#dLIF|IgY7i_444
zPL_w)KiSfQ33BkvLDoju$I_{Rw<B@?KXKMA-)nki!LMunFp=*^I+E{K>)A+I>?c+E
zvB)+$eS7bg%<Fi1BhSPJ-tt7#(+hr8^BTU&?8!0R*>7p**?fPmJyEswl)uN`b=&Rv
zYw~Z*uj(lprz84E<oLp)mlynWQsu-%)wlN+CA6o!LtgJ2wLL{R2s;C=w-;F}N2Lc~
zZ*S2=FWI9Dt0R$BBe94|$E^&!9m;S29Q#I}xevR>X3Tws8+QBNAFRTzF)%&lY?~6A
zdrzcrs&k0lGAI@)A2Q~Gq4NjfZC1MH9EmL1au&wf%Q3#Btm9g*W3C6^)AeKefd86*
zbpBUTvlA0BIi=fUNu+RQ*bV@rBa7yTv7R36cL{PO^U*4piPQWyBC(<AD!)`!wtH{<
z#>o63v8|a*Sl?zVEO$EJIDR}^#wd;#euxq|cKey5@xHn5C7vn%b(o`b*mDK7-S^r=
zu<>-VEg8!{*5=jD+jFe9$nW!+gVKB98w)#oJC^r0F6?cn?M+qnRwjG3M_<Ou!CKJP
zWa9>7?t~+U-+IgcVD+!UawaKj$c@kY4Wn<agD%pPcc>|X;WO+QuY4XvB`T7u;+G_Q
zJ2cwcXrRGB%0Q(7b?CpFOGl*DMfV{rWYed?+56p@NU~dt#QOB~S<f9R;<&kS!2AI-
zweNdtV=|5p?Z2ycM(>4(_Afdf!@$Wb^^&1O`*$CocjMssL#lpMl&#-&e1@;j>`go4
zhxYI4J)U_18x&uD-3CoM9OSpi-u~Wa7MKM%pI~h4?DVtA)Y0GiU5@Q97d%_IAv`kT
z^KndBKEj8+Rk0z+ej3$%t3FX(Y;CzSetQ4zB_Aod=d(j!7#BG_H}v`Wk-GPWmMj}u
zp+=sK>|CBaR8(HP4F}ywdGYD}TaRC!ZjZhAUU+!|W-&1maUPDv%M-^Zl<A6c=V|C`
zz}O~?n!`e<Ilk=1L3}M)W!0eu*O^_%KZV0KQ&Lrj8q=eESQ5VP>V0c|48ChC()Ulo
zPE74|xOVP5e)W7LR2@oX+t{f#bY`KAPYk;~zbt`w;-za<R<m=t`Tx+DtUOr|-WaP7
zS3RCS?)I`;r}uwYjz9G9Kgx72sUAFL(phz^v!>mCd_wu)`B(v`9b)01GN<=e7#cUE
zF!PSPA$_J<j0xx1a3+HDwgoR294UNufIr7}q>m6-)4dnHfu&vzmU=kUE?t1B7i%6|
zJvdw!;+k(xXzqQH!*fDqgXiAGa8+TXt}Zls3a>FF$BY_X8#z2CWaFv)mYoaHnN6tB
z!u?yXYbv|NA6z@Da2PIcTH17cPJPYHA<2YZI~cYQQ_b#VQz23cVndBSI-Z~0pQrp=
zVnb7<y0Z%Z6UxVVx0)Xv@%a{Cddtq{alDBF(@|N|k_cATMOYsX!kOma`UTZBcJ^{4
z;$2-(b*K#=YCpU3qPyot<|p^>8nbs`!q(cje6nVg_3pSBUTrB;BmaKDDRO{@I+q{T
zx%_Y#rD9*=`v-%|fAr0+z_pDtvf#MxmDZC-1|-8><xl#(bgF9WQCoQz-Y&g_Lp%DY
z!+NN21AA!O2mOAy=7oiYbK~a};yT!>g^{{MX!P>P;T54{`#)R<Rp{92(&U)LlI6pz
zPrfwNs)VbBv7uG-_6*x{&e8cE4*q_dVGj&Fw>lB4O}34~CB~{m>9p|evE_-83%hq+
ze}h-+9i5q;JvW{{nymCLFQ`2t&6v7qD^3=6)+W0PkolgO@z{_*Y(7?zNLG|4o6<W)
zRfRWg0ncJa@hm3EvzP?WV!ZNjXX3);i3^rKS=-}PC5p_^XCqaKk<n4Hq27OPJ$0(9
z?3H9w>?g?x7XDL*L~xdH&&y|(Z60>lS=A?(JWx<ok*KUX$O}C~{_vz+%EJ0@>}9CQ
z>q#s?vFe58Qxmib813aJt9#0x^y^-IvNBn;DH-<4CRRV`O*%O3$q{eC`7xJ&lY43P
z$@0AFSJKl!?f%=HrhqrTjcheW!m<5mKC}l;5|8aqVSPYVst#;|t;zj+#+-ivFW!zy
z@A~5gfyO~5N8>sSra}E&+rhpbD{S4|dP{3l>w?yr)`_i&*yz^c*p$}r?FCr><)OoT
zzXsx@k0+rrKg0&^*u3MGEs6M!rY(u$9SgQ3igwg&=#zQA&hk0(?r7SvU`Nf4i8~Up
zF&m0wQ#XWfFWl79e_3}WhJL!~u0;IP3+_r3f4b(bMA4@wZg}Us!MY7=Ew-8koRfMz
zG{vu(<J~zMinDy<_(s!OmCzm!XP=Xo?|zo=-Q0YnaKpZ2xS^cqZ9E~~jaf3iQy#9B
zof7*gcFM-|PI<ZPlrux)I9?87Ng65J{NnwQ!b?N3`(I2lO#blIpFA4DiE^@H)ac}j
z7pe;X^-u^W)uB~Yk-CdQg`;5?L&0Wy?ku;IHzgD2l`lvp&dq)D-<cTE@(9-)7>~)s
zS$@&aM(#PCA4|g4(#;FoN|U&9fc>~-pX|nb8EkqdcsA1Sew>Hw_k1FBtfEu~a!Lm4
z6dA1M;kZHDcmgIDL=fot*X?!w`PVQU<JjJ}>mcrX5kk(tHrx^$u%T(gf(;mi8xj~#
zWm}qbe;SC3CzUd8ah~S$I9eBMe`QC__LDm%Zhvw|VtdaHWZ9v|R?DH+(fimwXG1tP
zMt2I|c;FoHWt>l4SA3>0eO7Wp&#B(e!{t%wb3Ihvy=d-T4ReQGlk6=@n#bjdvO(2}
zsa5s3Os6g_>BKdS>(b|mINclald6fCh1N@*&kQ*{kj+@9#}!;VlW{8Z1=|k}OG5@v
zDznZhafX2Nsh4@IFIZD>aQWSp7i}F=cylbirXaQO?uLf0qocQC&RZRCTz&S9vG|RJ
zr$pPK+J&pnzM9(gn>$3mez&EhR-ZjnQub-eBbHLJ`t0(up4E3<4CiqwZbL!BLcb1j
zt(rrG3ztP0Nm%yucB0ArPUt-(BR4(!^&YC<eBv@MeWud;X#KwG-N{}(VL-H}`jKRB
zO1m(yDvtLAufg~y$k&~0?b)D**UV`${#-Ie_T<Lw!|S#x?#YD{aed}ou6-(nbhL_p
zV`(U58;+5`zxXFyJYKoy*{l&3``Y<9?{3@sCH}1-eGZ5hFh3XLBp(}uM!_$4ub!gb
zmueG(s(X?>I*&4EXX3o&iF0wu2!+fXl(D&U<e~iq7EK#YXT^f0Q2L<XbIrb&LNFKN
z`UGas#P;1ginnjxVk3IsE&g?fySjJnDn1x#8g-~Cd8{e%T$6XY>B3~wc~wp4);5he
zQ@}s2lyDzem^cr!<*D=%=AYP(et!*%OxThb@j`Xv@HayPeif-Z5bEp>E$>M!?5Xsd
zF@4_d9rBhO!{K^FvPb*+2v!2;R!%6Gp7at4FWH@J8vb9usQkrOPCTFJJ#ME_&qjLh
z$KDbfbQlBe(EhDUHWntkL&>HRxl*H7kB&rM+EO(L4YbJ{<t69iE4Ol4i&vdIT+<>o
z?FW0|_94rA8Wtwbt?fzSNN>%KYXlFWW+lC~xT5t!$!C}BWNZn~4hxp-EW|wdN0*xJ
zNtC+t)JMEbvDsHNv|Nmf7ta1nZyTM!NoK*``Pg&POO%~!Yz=k%q1b>e7)ej07Cuo~
z`-E5ZMA4?Q%qT-@2mS(it%n0m?V%2wTO|)Q`2BSxf>GJy#fCcVu_P9*?WwHl4m;k8
zE>+c2nI3{@omd#%SDQF5`MB=us8t09N9}j8!=#emNozUs&&%3}j#t3n+9w*Sdc5Ql
z8Bb@3hm9=fkZL(j=AoeTYQNp#UZaBkc#LKruT1+6UGE!kpz1p**LU<=cNpa*Tasz_
zlRY}&q=#SHN;+%rUbtiJ^iXd)GA`E7^~gnfJX}=ANidQabtsWMmPkC8@J=T##P0Ps
z#k?;6)%^dQ^oO6VyyLptcYNj6E5G%(=eIY0W5=Zr&U^Wshd#P>(x=b9@{O(e)4zWI
zw;z1u&GzG4|M#>ZT@Sv0*4__Yxjz46Q)a$CrsbG7{$sWKFT83|!QRH=1Cu`V{YMV$
z9=3hX$Lrp6pmV~;t0o=(mj@rX^B;bF{0C!K%$oS0Pt1RHLVU>9wM)nU=5yUUcBQ_5
z<>qNue(mWqgU|f-$K4hG_PxtuwJU#m;9ttVw&3eOnmnR?%arei^N)w$th!{vq_OY+
z+YkNpf`9(qzHeRr{p8RAKkHsz^ZPGuKGgHZKmF|f-yfeeeCx-@?|=0_A3b*Ul^?kL
zp|5W_^X552e*DPqH~rzEAJ%O6NLj(5y7lkB>#sUSE&I`@KJ@*|9=LS=#>W5k!lYlE
z{0qNFoR^X*c6+6T_)Cn)y&9UnRO6Kaz1gwb{U&RAiH7+a&d{(Tpl{H)*|pH}z1uKY
zUNB#gmSa3G;KwE>j=?U%x*29W<ifOTdbXKimtX4WS-)Hyw=A}$aoC=Q>APXp&oJB8
zFx%I#%V}`*t`9DD`F{%T&(HpB7CFATc|Aw(=H2Az0Ymv^{LQ?Fnt#fmuuX}XH;Jtn
z8-;ok%R3DUF5?+8o%|YXaw!DimDnh`^4<hJ^IAww8#dO3b~a&SI`vzyQO`IZ4>CQ+
z4#!Lq+r!u><P*oRQGY-~;-6u&yeEJQu~Gj5HlBVn@2?e8{}ML&Q!m2*!bTy-Bv(5m
zkjT8(D~Wt!_80Z6Z;N6+azr7Am~BnYFR*buQvW<QtIH_|zX3c78~OJ6Rq{P#WL>Bq
z1#EUo0j$1bfg?yKzXI6!6M*qw^gPCyev+e~3@l4W@TQRrp&epAQO9zxcJzpfSX;5b
zST;in^AhtB8}S(-g?iSHj~G$UTiz+uo0!d2P|zkr3OU5Q{h4|9VWUt_JP{l9Y;)$L
z{wZwuE4Ao(wVy&g@nnSL*E)J)`bT}UqbF`u{dXKav6cHfM^8Lg`7`MZgyj<3ek5xH
z)f2Y^v)r#beByIe|3gPlJVy1eI(lLo5B3NF%Y6fS>-V>S=_>V98ov;jrl{v99!)=(
z8L7iYY~y4ou-Peb_~!weoso_nw-KcErH+0qFopJs&He;nv(HEA&7Ua_pV;`9I{X=q
zzQ*Ab+y02ZkBdk<_%J<xmLbkMFr<(}Z1cucVDqgSnDHbw_92CQVm!Sgc0P%aLcNKN
z^Vv|aEQV%(5wO``3~Y704wyna#N5YN?k(7CF4_!ic6I?%$R{>VH!y|zZfu<EY3CVi
z6zYkau+cX@2FQ^58NhMXUj<B|-o)y~$1<459?u|$n70<PtVgj?s3)F)jrx<=DAW_5
zi;eo%u~Dce=GuVzVU7>PgH_MDk!?rLdWS=7W9h@d5v0@RCP%-`(QkM3pLF!Q9Q{4O
z6xt!S{`w3shZ*(v0kbUn(+ymr_%UD#IVRSI=R?6f3@PLg+Z-|)*!(X8wmIQyU<&!f
zBe0Rj;}j)VSr<W14nqn##5R^VU*=;=V&j-MJ?A+}E}ILWr%i@7=dT2|aoFYHJAmmY
z?f)${HVbWbW8-+E-W@ZDidb7MM~r1Lq%be>c5F#(zrjYKp4i68YruAl<8gsD$l=+l
zjT4S5(+_v_eB9Rb9<bS&0!*PD6Z4b%D)TU;kV9-`eUM5B^~7AaC9$!6D7kEMEYT)I
zN-hrjfE<SNu+b*>M+*7GwkG)km5^L^IM>k*LspX<j)(VPqs>}u^n-W_Hk+f?0-vM$
zk0LBqd=Ek!xBmo8p-p0IlWzlCS&su--hTn6<nohajD9ktkV9;Ko<}7lSKdj`GcQ95
zImFh#R{)n|V;wuOQOF_26Q!cxg^)r$@c?Y(|1~zN%e}z#gL-#t6C3{@fhn{@d_Fev
z{}r3ffv16O|0;lSn=?5+t^GMBjdKOCwc+&+e;sfHwpiA!z&5US08^+Zwto4P!`}_e
zxsJZ=0gfyFJTQfMi3<>t^Y_43)|Y_I=fl7@PM!s(FfXx{`wL(uQO_GytS+xo38CJ^
z_B-xBEYIDKh^>ynzOcT20vzk3=YUQB8t?*atP9)I>ia%mx<McKIJx<}9N6l+($U}K
z=-V7UZ}c#Jm!sz+<)+{0=(hk<SS~T!nY@nyGl_a0%h*=bf0{}N^(NL<E1)2Uq2*l(
zY<2vArZew)Y!k30vHcx3<39+@bm||*HdFD-2x*u429QT7=Ge;vW}XiK&sF_D0pq{u
zzXiZ~hrYReP0YO1zXojOiUK;uiP;zA@G?9@>IbSm3CzdH&4*&e)bnw28=rhMoWi`s
z*1wY+J+bMhIeKCnKUX_?F^C^)f6g^bW=IkLeVFF(Jct~Ilw2J43poraxj65}P9^fv
z4ns;VI~PMw4nym&3SgUWrvOuO<^34+%*)X7ZU?q?&Te1|^Ag*B_Z%=E=S^Zu=olal
zo)<$Ud3la(<76DL&5d(dsB(y{@9cFIEO(xxUkFTpsbB2qIhUIL-R}D^A$B+q*xHz{
zmoUALGGk*56fA=wg+7?r_?ZX=ISeVeIAze2!;q4TvmJVJ7*fa~w)Ww94b!RTG0yb&
zIC{>jroYe8cRTve1KWPbwFhw$+e6rFo%u~*3d=IF`hE%u`oWM*_vi4(>h&P(ng3q~
zrqDjI=^q2Oa=!{}YqmqcMc7!EV-9`}*y{C)gK5O{L*8Z#>_Hy-$Iy;VLEr2+`xS7^
zH~MLMt|cg}3$cy89|D`rUjdh5qyM~1jzT`M)jbYOU#Kr}^yfMHk&Zs;=((TTvHntE
z3hkI!|Jr#pLrN~r7U<~*!?D<s*f@SD<P%%n9|2}@)IW;N<^=Yg%{ku!o{o)nc&xWJ
zVSNXy-UE&)t^lSz@+SjZ-nGECPWw2p<-Hf!=EnPhIX^P*)4;Zd{2j0zb9tO9QO-yQ
zS2}n$upM8n2e!Ozj(!WUwfU!kZ4P_{*zEJQ7q(V>8rbUiJh0V^uYj<zJsucIQvcw!
z8q-&UV`Jtrho5rvb&j5|Ni_adz!bJGvH85p(F*}TGG^Z98)^1^Gdu>$Z<@{GGq8O>
zDu&cqZOu(<Z|w-AApy^q_EqAk+KD-}eU-?+jE}PhQt;ss-}tiT^?@Yl<tfvC)csqN
zTsiIGYhz2A+HTG9p|x4<YdV@bn`gJKTGg;1P~tLat_D23+Jwhf8#-Ip<S@W5#K7bC
zHgD)#GAfx#4j4xozt`et?VBb=_m>F$oV6=DH+1y#DLbUs-MV%KpK)HaVeN{()*V71
z5h<wX2k>F=+09bIoM888&t;LWSliaRHb>+1vE~zVwp1T(z_VQC_GbuBQ!iW6+}XNn
z!`pb4Aq7gJC$}zdYh9s@++P#8oPY^+)@8h%uZvn&ugz(pt_=@zH?Q^G!5GU)nzNpd
zspm}XJA!k%(U;b@p!rQVr$;Nl7T3?G1krfGnZ~{?hosCj)8B{e*!bxwM{+{r%r}lo
zeKbvArg2JTN_v_xx;w{Y>D&p%F%p<vEK6W&u?)H96-n!VQn9R=DI?%C2301_tvnL?
z%q3>6??hrLXxF~8h?AIO3dxb``oX@-nitZ0j*~H)k+pxm1FLUy^eNEw=Itj8r>x9G
z(4RLMhFbtjclYp|wRH(@=C_?80?s+pgOk$F+~6>R6N4r7-QD{(ZC_5ndv`w2Per!1
zf3Uf8+4A;V*J91EqJ7Pp=Czn6)?)(08;4rgu4-2k>$}EdVUmg9{SY0tqUk5hldo80
z67eirCIXZvm;N)VJb9bD8()}-2!C-Pz9bM|8i-#Xh~E&1zdsOf48)fQ;=II^k-YSu
zetjJtpwA=%<)#0eVd-sw^tFL_c8lhvFWp-Ht^of7f%y7B{I)=RV<7(FKzvgmz9kUn
z<;aZWg|=lPKzZrYa9^Dl`gkCHXCVH`KzvsqepevAClJTkha-8i#Lp=5<j+BFoXho$
z<jHc~jq`LTBe)+n69LMTQ=^P3FMa9W*X7CSjGNBWm5k)csgE1yX+lQw<P^@0^Rz4@
z|Nr~G>Woa~f%4>w85vbxD3yswdTk&+I}oo6#Onj`D+2K=1M$BK#P12j|2h!=w4B77
zk|(3Q;lzY-ZYIQTk25~X5)m?99f<Sdq6yR88Itk$St3HlR|MkjjKuU?1L>Os@!f&=
zeStVH=9tjlVT&MS{HZ|v*+BgHK>XhV@za6$e+A<Fqo@hX<89t1jPrts3FGB~_+^1O
z{{TSY%ooRe-=uNw*>TMG?HcDr!8qpo+XMM|L51=!*y6a=%>JlB9n1e*fWKek=Lvsp
zs3(yAy+HiOf%s1Y@soi#|M)<mA8{OC21NWgf9X$AAbvq0&iBchkYA;7{vjZauNKYM
zI4|1A@u!!YH9kS&w}m!krEd(~tMN)n|8Qu(#-~VpQ|O?^c`-STUU*95yl@=H@#o((
zUMBJFq1QFei?MMWe~R@23@=v3@pYht#(6O>j;|(7*ElcS#c_$aLF2q|6A#@LdcVez
zEbY@Ah_?sgd~c=++b2}l-npXr`sU8|kbKAW+N<Z)ab-Gx(cBPTxV5gii(iOcc-7ox
zbDP&Tcj6pgK5@&m6&)Mw>$BNkUe|BLBA<Nubw$_wrgb;Zxh3R-d5aZX)!qdqz74;w
zt7&bQp4@2KqUN?Mu+Cf4vFz5h>u@65ymHy{*0syz)n`z4wP)$cYsEE_WovG2>uP1J
zs(F2fWM6mda>kpMuVb)cO@{=yFx5%W*^IL|w*)GYW!XxC)hi@GCO_W6t2N77*Ddn_
z&i;^+tz?5_&ZoEn&QdVuoK+z^-kY|f`8GB`lHBtuq@nRqEvW{pv!;C|Nr6)=@K|-a
zg4&bgBL;Ze8iPP<EyEk_)R3KyDcP^)3aque(A-_?v@_-|o|EpoIhr%)8JF)}t|V=V
zzUNlCvSi4ab0j^B^6441d6RWUq&8h$wn;hn@mYONczku{EC=zvr!8u(Zvy>sPGZpb
zZ7bHWb@4Vq>l?p|R<vXH@g=OM5&4LQ7pan1_f^sBfs+?-!`Jv6uKvQR=e``)(+$r3
z;cI;kf5Up(A$G3w^<qakVn<I!#E$wPcKY*&e+hty9mTFcOw00L>mq!`!dKs<T=h-L
zRm>HrwF%cAVfE7^*1DHEoH7SjIGjpHKiR=tub3UK=B%uggJ(Oq-of*TwGA5_Ot-8r
zSUt0OgM%B1wT>$teT#$Jh_$afi1qZK%i*kd@J0u3a_}9*ns>XS-|6684&LKn!2bI&
zpQ-*IH>?ed5DyO!wfr%}^wjh_9@t=z7&haJ9bFujP_J0V0~-=D5?lC2fg#Vq)bu;%
z-F-*fM9Ol<yy~Sa)k|55r7RtXr7TNN(`D?bpB2<E!;eb8b?0BpAbsktr+QL%Z6ET&
zjr{d*Bn&tCn7`rWK4zDMSNM1!@k$?y{bnCaeOLKd?63B*)K@Vz;nBWcY+^k^5u5z$
zEJSQ-xni@$*NaWHFE(3!y|m#?KK2lVZ}zdYVVjSo4cGX%f*kdy(!or%{X%?GAH+As
z;+y6b-`sjRmo>r>TGRHt#m8btvDi^8b`(n;6-ylzOC7Z=59Z8&siW$pj*9!M<76jq
zwS%R;?i}vccO8fj@w3av;-_NqQ~O2yRG&Ri`}I@DJgtQr`Rj|#UE+^k=8<-5@zbT<
z)KBq8IpU9E@kf0Ve-wK#VdGZX?SsBeX}9%0mUi3V<4W?iJtsR@+D-kRLA}~f5#Nd*
z$ZTxk+XVXGZB#q+sCVn`9*f=f*Sbi3weC`19or?ev(dNTr~S1o&nZjl%S;fd?_wWI
zeRZr-lhyuu3>rxNhkU;HbGwhlA3d=bfAq4N_;Z8Lk@o+Hk39r7cZokb$BI8Xr}gn?
zn4g!w?l+|VXsrE`Pdn<r)Qdk5sh8GK>gBe{`96og_KnUyxRILd`BUs`xnkd)SE(?*
zV&N+mzGCr5G4o{2$t~3A{Ha*-Dwe#wvjHM~q+>(+NU`*hV)DXw^4FKJ&d<_rIwy#q
zIwwe3?*6#M&nIQ64^o!;AZ01X12wE184t=Sqh8mp6~wx~R1&KXlO0@5tjB^G4o(q&
z5<igH*uv^_Ju&Y{g3QAfUN6x9rs^&qFQ#7cQex%bK)l=MG&*=Cv9=+rWVp@29S-ht
zFpCd&;s>%3TbM)$r-qU-0_BDa-o(R0BoE=d@v#OWZ%Q)EHYc8jkVBTZ9N{QpHY$WT
z>a;C6Y|HW3$YDPdN43ql>?olT2&-2D!b=Fb3laAq{1~xv?p8fHUsC)ng#X*o|H8qg
zipL^kRcZ4C!s&`r2xlt(HA2S8sY5tRG4-qx^;;0KzlhoPTtd+|ME&mwvtuEg`l%nN
zII8QnJE#ZwUW6Z4PE2uB^FE;ZB80?I9nW8&9(h^!uPQ!(koBkjVT3;>M!D=O;;7EC
z3`%gm!^7y06!Tim3B|ug$eXpup`O?C4D&52hIzA-;YtVdCUetYK$~oE2yv7R1{sZw
z9NM0wm}6;*VlGWDQ#>2tTw>Tk)dWX%9=KXLyorp%njE$>vDNoc)w6Ahqq^?>I`#13
zd4&J0m~}d&n05LtF>JE^iEXU@n{rMe{GH-A5OSl<V+eT@K5-Nw-<C*x6ZCw*gqSyo
z@mebJG=|(z7W<3X$~v3zLjML{&%vXJFUAi9CWJE_;d>M_UG`aU*lxs85+UbdV_vou
zvFW8>pl4eV+c;bSTrvRrL7wi96;MF#!)AKf2cc(KGOm=*@l*mm%VJv?|8fT}SIisU
z4>|h(bntY{AC`BP;u{e1yHKY8f#PEbPdob89LxtHjh~157>+u)$ie40_(BJdad3r$
zCpnlmyqSI8@Maj@EVvTkIK_N$Q}zY4RSY^}+g~nK4t<yX0vwJ>V%rz$l*7sVy~N;f
zED;-Lk#bfc<TONo_@F0u3Gz99h;8hxQ~gMU#J2Bn`NF*W5N;wyUQe-&nQhdA!$a7e
z#Nd=FHv3E?hYywBqnt8?#K!rea-Kr?Ffr`lzhEotYs%?C_)X=oZHdhe(^wWCR6VSm
z$q0#!^MZ1?kG`awYJ|jA)@kLOLHK)OI5R`B*<l*X;=`{I*diwd9kFqe)Pqxt@FK+%
z5nfCT{%r7xjn6dl`QWU~vEbB$Lu{ORns*-b#5M<R(Y(zF_b8_U9Ae{it9~)`#CEKC
zkb0E+9fV(0{8fbfI|}_=3O=#<z%=stAn!Mna|1ZU#yP6`M(BxceDcOu=H*SV{5uQr
zFA@Hn7-g*lpV;g$jU3)^`Wxl6fJ1DY*HzyJJ+U2s`Je}Fc0f-YEd+oJqaHT-p!RUZ
zNrZC4E%;sF5Sx9bk<SM~#t?(E9vouhFpV5OtjxdXkh2jSV&lADIV}kJZ9nq)P&nhn
zod|goFY|6fUSi9;OZ9g^Pi%GJ-+q{v4~zee;{S#4Z;4@NJNU$AhiT;V;ps0bXD2ws
z#(7FPKSlTx#e7JeapwIcLVn|p_IDvKvE^kNIW_Dr<?I26*f<v<UNX>sc$)hsG3OiZ
zhb5dWA#K=9-%bpDK0;6RWeAgsnNQZ7;J}o><|G+%DK_SfDYkulmFkNS5=Y@Pr4t+Z
zC5nwdn|c-k;eJ(e79L8$SX-j_eF!%bgTtafp?Y#Y>)?M?{Bwj;k!E&SA7U1P!?WNS
zNUu~p1tE_Y<UE5=>IF={YE-`%;ap-EVLK3;|2I+(J};+8+X8cmCG$V<W?-ILlfyo}
zgBW($Zp3Ei%c^I)5l2~Z$oH|4&vqj={YmO!vm4=Wh`|}IILb)_l81UyKT>g&&O(N%
z-cxM)zd^j@J^mcFU-4rIf9B|A-UjDQ=!Vh`@Nk5;D(3w6AqQ`D@SP66+rjrb7(+yC
zvQMOsV1GT**-s@C@B<;X<GUQw!Px}PmC)0l288n!^P#;(#K_C>Lu_*<o0$Av;4D`T
z`<K|}x~-~be-YdKAjf6o<+@nLB=9}3bC>ejkHofbvK?6#$Lx2B;Sc+i*lhlYdT?Gx
z_@v_dU{l66`0QU|v&lXn|0F_Q10aqeEF=b>{Z4Fr_7gc=^CuK@EKDE<-vgi6)+(1!
z4?g>p_a2Z_3J!7f{QwX?s6{>ZGh!Q`t5jbBJ#kd89i4}GNz{L^ew1SNgY2j5aL7Dt
z<WPS#G4$*^S<gd%KJYoz12Z4v<go9Equ4Jf7h|KIeMfBjTAk{P5E4gGN6JEM<g;Ih
zjW6>djIgYs<V?g5ggDwrq&|SdIhec>;K>NF`w5@^6Gxly17R9DoMZPA5Ax4br7YlX
z=-^7IqzXR};wT3ugn7tcfUuqz9NH(2uD}n3Y2>U#$mxKbfr_J4LKu+Kg|Lkn9JnMn
z+6(|;8aa0$+(--#+l@HN2_C{Ua&{oxNeoVj;^=As$R2Fea|{!kp2MPKu<y&qh$rC(
z@*+0sUqdM8KER_ej%3bJJc46PF@~VvOAw+M!8}J~oSaJ$O1lAbKahC?W#vOp%rYpm
zv61f~{$9mw_Qk~Dvki%(s4qp@7JT~Ig^e7xA+hzBw3~9IeZXNG5=UF`1KESk>iZdD
za7qvoTRZP_IA2r_+mkrjiXX_M*v!rWV%QmpkT`l1ejtxyGtLi)!SN6hM{mXtMCKp$
z`Ckwx|2GJEd?mkBakLEpata&uWs0L~sP*SE>MImmzss=+dX8&i)2~ImWQc$5N7_>{
z0@2@sQ1<=F0E%s{mi~pFeM)TYFMX|c7D8VF4*QYVI6QZ=ayhk;6GKRBzHzuy&%Prz
z{Q&AY&>+N7Rstf&(_(*LrmYfS&i_&u9>f$!BR*zdlCuEe1;pU6F2vDW@B<lxje7b|
zY<jjM^(=?j^t?7iJ$)uNeXZ(C5E7eS#yt4+h1m3qfoX?hiP-9Xqv}0`#HN?F0-xi=
zZL4;~X@}#4*!b&J&v8O*`pv3morq2Uan++c<Qkyq?^1m=LSoaCR}%N<f!V}U@dNn=
zHtG)}Jm_Gkgv0hHwl#wszo7Uh=*B9CeL-wvN%{gD`oMXI_SwcW9W3n+{SxS|q#pjT
z?}(%8@B?YU#=PWkBj(UrP7FT#lsMXjA4m%}<H&vl{zsv^je77)6dQjN^~xcS_#T9J
z5`#ZnvCTib9nQVV;dmgnanh}N4<WI&|AWA^$?-sJ`Y%(Davw+dC^0x?if!G(skUUO
zf4nVF%(}~d$3|8hZ4~GqH&NLsh{|{a-T?dwY$d>Z5$<vDe#Pw5uQ|8_^Ah<y*Wc#g
zoeq9L@xut^d>?#bIR^)R0r-S+h)2*qcSH!WjVoCTfzKCpjE0^Zjy>Y&2k-;ozCnL5
zZTjnB;46SHqaOT$itU&(n|kGtXLXsUm@gx_TJbdq7b@mjo^kTuhj6K4@)<Wfjl?LI
z<CfU!(n3A*b|T!Mco)JC6NAsbBer_oK|S~!N9-G7j)iVw@DcULlD5O=sfY3(5wg#S
z{}tg6h`}GO*v9#j4u?GQPa}MR7<`UlV&lI=y>iGSE<oL1CkEd`NNnq<5Ymi89`OYT
zWvv2!DY(SZ4+21V->-4VBc6hAEHU^T|HRStLJw6s9P-G&0->zQ!RNS;HTedgKilDu
zM?S~!Rf?}ixR@AuE0KlR_D5OIgU>a4qjDyLLu?$Tna!J&Qw<KW?Xw?N{S4@dt!?k1
z9`^ad8~Q~2d4zHf2!B%G6Gv|afOIQ|FS+4<MgC!g-y{Z~W1Kk3Ne<HEaGp?3J@mxp
z{|}Y(Ji=qj;XXlZ{%=OS<ZORUn<8gA6p*FF(0?4^G6%1AaJz#)=-`hySlU7Du)k?@
zJi?0=vmfLb0X_YnqxzN5Gfw_h2ziVqrk-))#R$2EAZ~+xiQ*d&UZ=PVddA7&F+|qk
zz#E}wocb1o&5DbmzgaPtB5NHz4_9oTe1ya{4}3^D+`sQ624|pR+xO*|g0i^p{|!07
z-1i?K2A^{avCU~;pk6tTDSiUsH;BRK+(K;Y*n`xAPtNxhKZo$g#NcB%`G4cv2mpBo
z8~NlsulO~Dzaa*HxMDjdo^m*^D`zA^VjFJ}v>k1x&&^@SLwX_fHs0iKTj20|bCP^;
zO2HwH(n*M1*8*odbTi2T=Kej482mDDi0!<!LG_#;h;5zOh<M2`{6zFR6)^wC{5jSC
zJ;Dy=h5j*w-%xxA;c3OMAv~j)dGoN5Pt0-*k5zmrLV4K&IK)#NeU+BWIph+>yzX1C
zI6cmhmoEpBaSogw=c>O}`41z!UhztVH!5C_ka7BU6T;Ps*@ui%-+_>)F2rmfIc5P5
z1m3Fp2N8aZ_)`2ph;7XO6)^Mi1xWW1gOiVt*#2I?u}J+ugv3$qD3D)bW8Rk$awBGY
zzC{c^_XXnU?f8LIvi+eiQXGwnI&`J>3;UcK?JPmKNb#!(8K<88_&x`7o~Qm>2<3Vm
z>~r`LN7)#Vzaa;D?hC|rz40HYN8S%0{H}7iFAzsR!kpOGRPQOa>q0+MeJS+Bc1`j(
zsxO0{*!bt5U04=h3MGF>fIl4P#5T^kb}E^H9|&<2e9CxiB{K#3*JM<mr2aBrPn^ZS
zyf1$g`6*vdY<&7!f{IT-SfE&ZBd);@#I=71;w9(%$NWz^cns?fJzus|tC;h7y@RiI
z@U;$>V-xa{FUKauTszVx4xRoQ5_k?cvOWandT^d{=0Pv(L+G!8ZlR->eXSM>2(cZn
zn}BJb`<Co$z+7Lns=ggzn_?d0Iu&!@yj3xeWgk-f96}B|+T4zCvtk}M7^j|XCdU`x
zQsljtdiciuj@b5>W2zsBkT^;J`6)KqVLQJ;jJz>~#I|qBnhhLYH<fFr%9ni*_$KJ5
zV`E<KkHj_(&!f#*_<;~d!KZMnm&_I@*z_Z)=K&u=Z2FG^mn8g`@ko6Y-|gr><KPDz
zEc*iZY%}&f?d(Fx-NP`4I5FF-p12M_5aMVfkw52>(+&JSY~-+=iK9*UfiNKFA%rro
zf-_LDjgv0r@Ob_qVsO~z#AatR^=fA)aWWM82ZT~z#h-EXQeV~c7-sxO91L@!XWb_&
zW__nR_)5jy2<JO^rQ!z>%CQ4w5zF`l{xY!mtazL9zlxB4)1N~K4-n7A4}>_%ibI%2
z4##FMF*s~nV&ljd2Io2Gjw^?4OKcpb(atLf|BV=SSOl?gm_|-0tmif0aNNG`aHI_}
zvC+qev6U$PnuE_me(E__4RP=}4!+RA<1{blp-RPE7tK=4c?d&6Y?eST^AhZ*=Otk3
z7b<5dLe5R}VI=e|iq|5%Suy8?jl}i%fe_oZnmd4*cMrmy#Ne>aiEYivG;-L#_b7f0
z;olO2KTxsp|4upoh>&f^ygx*Em>7Ka1+np&M$WGgo*)K?eL)-@j2{To$l<!+KZwC8
zQEcnX*Hk|oA+hPhs6Y85p(8eZoP0JgggAPqz!3Mzl8gLxIO|NzF??~JkNF&;+^YjU
zF<%}|4l(a@GW=c#U!ry{MOdwv_a5+YTf!X<LY#FS9yWO&knE4Nk964|fm6^k&a##u
zT%?#UzG@*xCiWw-_4O^v*@EykVsHj3wrg%OpTOor&`bY<!~P<+HJ<b@IBXMc^ua^B
zK28ii`;OS|1L;)``{WccIP5!O8v{(EojB~ghy4Z4aOj9_3^2{g8t&lp6@LqS`aw<w
z!qE<9ocena%5e(zIUeLV#Ri1P8UviQ;H)Aa91nV8^OI?`^Kpb*h`}iZhuHjNnw7Q7
z!GEQAGD7-6&ix2K>tM#I{|3S@62pEO>=WBPu@5_($COh64zZn2F+c4*jqs>)D#0PP
z@xU~4euwbil`|O}V&gE4oPiM}V52`Azr^-87p9RT_qix%1}Jha)Jn3Zfx~m4GUcS8
zCysuS3_U*rhcBX=p`6*!6WjP?8q2yK;X>uqgF_ts6s`Da<nTV1mCBh1J+WO=lKWx6
z*#g~d%4q<HIJ%2g{50C(i|*t;8Pt6-^m3n!a+pRAUx4=@F*r-XAvS;H<#^zH2f72w
zxd9yF=xzWA(`e^ugh!Rr2tBcJm`2X?2wzmrN^pp6PCKP~?)Su||AXq=peHtc1oH)b
z?tq@y^m0!l^j**so1V{X(+9r5Zx}H+>%k$8b^<_{Mh;)LH%d7hp(l>AAeHbKA8-x|
zbC5%du!YM7%Kjf7>tm1li+xOLm;)YCi7m{7Dum-QJYHZZMLfaB^~5AX8nA^Y3Y2~d
zSNXV+dLEP^E!e``5g;Ad!koMztY>(Nz|baQE}9_Qv4vSUWEZwD7nqQHv4y7#40RK8
z@`pV5|FHKq;89)Yz3<HE18k2#5?CgI#503zkEkT(OPU!M9L;Dn$f<CIAc~w~o8iM2
ztuPoXDQU?mHk9}@YD#RH__Vr>?C_+VQ(A~kTi;W9Dr7>*sgz*MX>qPdWz0><Eu=Cg
z4QV01|Nq|W-Sf^M!0GApG`H95(P)1Azt?{E`h3^gYwwxC%gqjgZ~!m&VhdfbkU0n-
z4CCeIgcRWzUhWnW+5=whl!dNS<h0Eb<W`%{k=bz&Ch>B&S!j)kZcZ*3(68M~Y@AMR
zx4DvR#>6>f)UO1oFE0eCuQ_B>U$taYUm>!oFJ@Khi>HzLVqcQ_T17VX#WpJSwS{cz
zYX{lX*DkWDuR*e@uf1ebUkAyizJ|%BzDCIj{6nzH(A3viY)gGv<!0*Z3UyOoR#}<)
z;yg_1i{p;e7snc@uLL>8Gr_NsO?`EeO?~k?Q0l9fZ0f6@Z0c(p+0@qn+0@tbWK&;z
z$fmvyknv(Tr1+TPlZq!4pC`jdFkDt#3QhD%#q$)?pSw%#V`GY26n7}@QB40V$8J)*
zRq->5cPk!Jyif5fijOEhu6SJWImMUAWp-X%C3*HLo}-x0*GhcO?S%PEq%h}a!YdT7
zQrxF_i{c%McPSoJyjSr-#lwn66`xXkR`I0bD~hM1ZYBNvyoj)mTyB?Dz2b!8jN(qk
zD;4)D?k7*PZEjOMp!j*kdlVl~d`R&z#U~X{C_b<Fvf@&-1xZh(;(3aLierjf6n7}@
zQM^|1CdFG7KcjfJ;vvQR6u+YQh~ndl#}%Jbd`U4s+$DMUDxRabR&hx2BE{{BS14Yk
zxKHsG#XA)5Qaq@5ui}G>hZT=1KBf4q;z{y!yX{?3JRR*(bUu$P>{DE?IH5SBxKr^;
z@-6ncdKLF8-llj!@$-uJC_bS0km6&CPb!{Jd|vTo#ib|@NoS?vd5VLIW8_=ye6=X<
zP~4+<t>R6Jw<>-{@ovRKiuWmgMez~E#}$t&KBxGSVt%u?<i)Faj^bLyA;pUnw<}(u
zc$MNl#aqa?*=4vx@h-)KiuWo$sCZcMsNz$K&yqR0Lzq;2Me%ghr^Mm2vBEyZ^@<bZ
z3fpEzai`*yihC9JE8eDfK=Jd6_mItc(E-JW6dzN3Qt^c1^NKGkE=4_v{Yu626bBW@
z6t^huAkVbRq(|{u#hVmwRs4+N-HM0EmA1`&ieFKDgj{9EIj(qI@j1np6mt<sj`fnc
zV1_V9ajoKz;zf$v6|YddN^zg!EsA$2-lcd@@m|FT$+PTq4l5p2d`j_I#gpXO_OVwK
zPe)r8ozMIV`xMtJPAJYO?o_-|aj)Wj#oH7QD1Kh?9>oU~A5wfw@kzxKiq9*)thf|?
zOY&Q(c%I^*;+WzV#T|-!6t7jhN%2<2&nVulcu4U+#jhwnLcZOu)8mTA6`xalNiiQ<
zm1Dh%=P0gK98$bUal7IbidQM_Q@lm-4#m3^4=UcP_@Lrp#iNQ(DL$)sl3ZijzvAie
zF`~~_>{DE?IH5SBxKr^;#l4FA6>n2Kp!j*kdlVl~d`R&z#U~X{C_b<Fvf@(sPRV<v
z;(3aLierjf6n7}@QM^|1Ch{G2`EOPHjN;v7F2EoRDc+~}74iq{I7bv8S3FMUjah_q
ziZ3bV4HEZUJC0ZJ9L2Tdd3KzT;zf$v6|Yddifrx+_bJ|@c!%O$iU$?%ReVtKu;Nk0
zrxc%6JgNAK;^`PqB%ORFSJ<bxUU5QkMscU&m5O^6_bc9}c!2z2yPTg_yhrf?@||{^
zLyC_nK1uf3aV8X>SA3c5x8syzJQS`}JWp{@aZGWG;ts_<iq|UMq<E|1XB6*NJVXxI
z>D;II6~#vsA6GoC_?+TPiuvIyvF}wpM{%v<km5y(+ZC@+yh?GO;w_4IDBeY$Z|8SV
z@m|FT6%Q*OReVbES;dozuPC05F+tAD=Z}Pait8086lWB7Dqg9$S8>1MZRA=zzXOV&
zSG<ROmmTMT;zNp$DL$!qLh*UUmlc=7AB+7;#q$&g6~`2}DDF_)qj;_2O^UZFen#<b
z#Y2ksDSk!q5yi(9k1IZ>_>yAYjFG&170*#zt2m^1k>Ym6D-^F%+^2Yp;vI^2DIQe3
zSMfpe-FAC;um3s3Vac1zT~>(UKb8QUAlwW^$4g)v%LPu5cws2y7PIHd3j4k`?^$4Z
z+1iK83+s6fZLb9ylJ5kuw-k!DH~ZuE^GUQvoiEyZ3@>f32isHGTMb>?TdC}^48-1N
zi|lQ}Hl{{SU_6E`cxiikU@ruX>0|kby=TEXecQ18JYEvS-fuzB_D;ec?_tm$F3lZ#
z`@q^B?_Eum-#;j_H~5Ks`LWz2eScMCF9dtF&?HFuMj+_)orS$VXiOh29~^t%1?%*!
zzy`}jg4lZlg0|P$W8YJxJ(f53F`ax)N!#0jjj8hcLvu_E-WeufuO08ShiQ#tkIyS<
zdxO}Rsy*`=44uB<gZ6o855uKnkKZ|>?eX5!JnWYs`Q^PbZLbCP&_%5D!Sy=!tovoy
zmVP;m<JdPPh`nDZvbP)dm^QvxK8(lm+l+YlbL?Hh2GcJ=>}@Er7y6|A%pmP?$}INy
zc@AxFIy$%5piN=kyCb(yMCgM(rib?C;U)I?c@J&R3ww*OUxL`%TV!tw>>WfT+T#>a
z?0vJyUOVj7i!l?An@5W5)&HX1r)kfJm)QGWk-h%w<oC@YdwXC{@*7b0%5glRI`y#y
z+nv~!Ao=C}M{<kVaRBxv!AxH*UXs3hitHW3_Ei0i&r552Lo4(BjYEgn%M{tWd>wlq
zDY6%OC~q&Q>^)j!FNk|=JeLIFT#>zD*pu>GfXI@*-!8Jp@0Ai8v?=_XMfOIOJ+=q2
z_vc0Sct2BYXnTKJWbc%+*Qo4$x5!@XI`-ZuvUgV5WBp0`N^!hyFMLjJs`R~EWN%X0
zizs__MfP~lb}D<k$4k8hFNQ119{rJ|&$`cxZShwvIBqKc(pqG1`onqu!a0W6TaS1;
zzr1%mRr=Nz*~`G5w3mdk_xU1wJ=d|fv&dejvUjhtcc94L%Inzs!y<btmAysE-dK^n
zRoJe?ehHHIV@39QVUO*E{@^~mr2H-x+1rHesp{iGk-g_(kLjYl7G<vzhIM`Hz;Qn8
zmmul84M1)&J5IvhDlqM(@!~$#PaL4_?J?=VE-Nq|Lj*u>;RZtNk$nATu+4q6_lp2+
zkIw~cgD!#b7`g%E7H%N4z}_|-$n<6L;y&8j4AAz1+@S*ZF>EpMa5^hoFW!GbJkBp}
z7VnuU&WmL!CrC231IR6A&+w}JyyO?4aUb(B1km|dgzb+)m%w-ozXu?<a0B7gs{Fi8
z=HRq<5Rqt)zJ!74{Szq+Y|{oekC}LmKLGp-bP0^d@G5}Z!VQE>4$q^(0PCX@FYe=c
zzXPCMv9}2KY57?g35>_^zX0SGZXoPiZGVoG_PX%mKH9qg(DnvUIrKjg7?0r`fZW0j
zgq3UU??0iv6?kzU?Y#@o_IU5LODfyM!<*}$5s$~Ta06jtEy@|0qP=dsxR3T~_$&h6
zCBMAy^aX57U_6E@#MAaVemOrM!qnHX*H~na_l+KyqWtQL>~V6>IULi6sg`3eU1X2<
zO%6_BZ*h^mferR^skFCJ+55#Jd;72k|4Y~}LGs&OWN&g~KEH4^PWnDoWN!|f=@Kz!
z;&GGDo#^u0vnlVdR+)ILkAWh4t6=XX=n^D-pDVIg`h@+tBIXxO(MjLlB76KEkmf1M
z@2f@j_yH<Di$;5EmA$_zve!{<w^Ky1f~0Sx$X;cCzWg3VOvYn=-zu_q9QLLfKfYUJ
z?+EPix`XNK#Y^m6DYD14=l_cR5+r>;DzY~Yd(!^c9>m`5=ol<6=^wkWZu`H)n2E>D
zN<`o>E!;rp{j~jjAk&AY?busbWUm*Q{U8r8LDILN$X@N1{P_Dg;!65DitO!xy&q0d
zze|ejt$;l~H^%g#DLVFksmR{e8vA#%O!BOF<aI^%p5Kbk3YqqTrsLSNo-M*QqFaIM
zS|39^36kGmFS6JF>+p%j9;(K%_tm2G^`h{iV$8(j=I<BTTlsXpy`X9wd*3XwHwb$_
zPXi`M`i>OY>sR(rl#acNMfOg?-a;{E;&Jmrk-Y(B?^jJc_K#|eKf3)*pF4H>DiDup
zZNZCSkFtlVanjdRWG@4IA?pbHpX4`GWbcr&_n(x#PZZhfhrQ-0>~$5{I|+L{FWcWX
zym(&b_sJrA`(TgXZy-U^_jr-L((M@I5Rdj?+OhY=B75~8!e`3Fn2E<tKKn)6E!;pj
zyCdITfQ~)u`7dmv`mC@5_P7=)LDKh!MfR>Jdpi-C@tEHeMd^D6_JU%}#N*~zk-gc!
zkx$<<CLZls&zRv|(suy%{v6v9Bz=EhWUn6ft{@W2?>F(1^v%HhLbt!Z58I!|E4FtF
z;_;Xkvm=O1_M7?`fF}0pitKI0y|ka7qJC?O><xY{U%#B6h`psn_FnP1TrlYb#$#wN
zvbXg==gV&w_KUs8i|n29;d4q;%&*oL+1m|!e9n~R_pGw_w6W)b#?VrWe^cc5OD3N5
z#g@AY`#BHc>nn(ds&m4xAzs4S%A5YWu_wD;Mm(Q7uOOf4W8Pa##LFmLKI6`Od>Jn(
zm;X^@@AbP~u3`9c31aX6EV8#3h0A!f_h0Z5d%V_A#p-(QBltW&j+G$x_%3C~eJk6M
z4?H*be}KF2qP<GIAQjl#x(uJ6RVNU83q!tw5N?Xaqp_xBIPCL<Lm~aYxjE+ZH7A=*
z{8hL9dRs@<?G{Tc>xc2m2d<?u5iv^&B2DOpOIlm+^##{#-uUE`{Tny-H9WAym*05&
zv4(JCB+?jaNQN683$KkgH^mZlzNSV<mV5BQ6s`7HzfFyw0mN@pe|&k{BdPTAk9B-}
zMcX4C_pfN{N_8w>9J)1?zJGD}Rzz-m@-rLybF1;*zuA8872+>zyBgQ#`g5+v)lWWo
zonOC(jT?oMf?PApx`w!|3Lb{8{Y_$Yl%FDC2(Zp5KFu!QyaA~LzlkSjzh1n15RXmm
zX7TEcJ?WFQ_w#s3;CcCK!b|r_Tq;c2CyU$sA0S>DFA0(lzUvY_kL^`>G0iN4>$Uj~
z94Iyr&EYkhKDB;r<Hm*3@ZWFqQ~csP3+x8r{WfnG4%-)BKkIG&N&GNtG?H)h@3;B)
z+x+#$ga0Uge$y|nc`}}F^1k=m{QGVGKYE*A+p8KpCOGf6`S;uWfAlv0=(<NXZd$iF
z*S{XWbC2f#ew%;4&HqPl^PAUiTDL)6#NMpUN18(sd#UH<>o%8G;erN>0d^S%@qE`@
z*MIrU)1Q3dAKrL;{LtLre&Fiz|N6bpzt~y(+R~Np+_!1N_dmUXOZ4xD_e<dY5_rD^
z{(o5l?)hzx{pUX%`^TS*|M%xVy&_UM`R0jNf0}}5uf8{ytX}eRc_J`38d>eBn8dx#
z!v{RMStGgX6S=B0xym2EJ?05U>Yhq;B&*t2-k%Eg)%g=!lTRe7TIPq^{l3~zV&L9@
z_vQAde6`!KCN+#z*C!Ud<NazdWp7>Zv{y~mhJ1~o#2_NR)&9hSS`*K|;B~~SvbXBo
z#}|g$-88rl@!o0oOS}b*bz$#U8~6p3uzuB(2!|R%zJ;O0A;f!iL8Gm=yBC~AtO|SU
zG-6H65BVBGiBZH_j=kor3l`S7an`UoYdGN!HHO;5JnuMSZeOs_-m~B;tj)0bf+yjg
zgf-;hJmNgLfL|tyw6up8oP;gjjlh<bgM`~RKa{wFSkGavobx(4h}2hx0^1@(xA_`P
z+1a@`-r%!M=Ccv0uY%3j-%CCs_0@>_){Qd~sh@>N@93OFhHee`xvp4{mq`6=L|nrX
zGHJByV{)NMW4=Nn^|vGHlZ7=hWnO9!@45Gumpc&kx|M>m_ARVry`aPwG`xn}xlev4
zU}u5FU$;zG58KQ#-~39um7!fE!VBhm*T@0a<g0xdTSXX0;7BWT3mU!KB|4K|mxKLf
z_W96A5H-}E^VM1@8iai}?7uDtpye?+((>GlsS;#W+k%DOm!0@%HCCOJ+b2LlBlT8W
zWrElgk)G#{2TZ;2Y=sH3n{|#EXha53luUHKh>BB`K-3U(U1>MtLpa02$k0rkBIF<^
z=_x88G!!H#Uja8MpaHvpB12xs{>@4VeE=o&juYSNSNZf5me06dJ`(vR#Y3-Sl}^6=
zi&9fmI+1#`Vx-2&uibv~sVOQQ^f#2w>yn(CG#|JI(|%r+BZ@uO)=P<8sMhkCKC9``
zA+iCb@YJX21Pi{a>uc*f?d}$OMW5B6;U<_OL~n80P<X*x-mfY*u=Ub$I&YuVAgnC2
zUwPN)b1by{v+=xj%eKBVVYgDBRUdS~EGBgXssf&0yz5mDauP;PBweUwmQG}7hCXH)
zQ<m>NMG0fuUdCf?QOBUfIC5MsWmXxpfmf(wZkRR>VOAq~M;~#clv&LR3G=?Cj<`v>
zEN8aRyImbon5w#5zQk-VV)~L*nNs(O8>Z{LU0?+@naFYEcFHTf_0j}tWue`=EC<-0
zV;Pqfrffd_+C-xn4=$iOG2pZAeU{rn!?()pRecmZFUMgS)lahxER)vEVH>^Ia?flx
zPV-#w6EuNkZhMFdOLKM-INNH_%hh=nT)+WtbAWpSUK8W9<vmf83mOXg3QqSr{H-&v
z)h#=YnE}0_l?}8?D?!YLlOWU!O3cZ7U3jv=IOqmAT;v=P<`>kxT`Nu*Gff<i>>&m{
z68q<S*}U@SK)UiJRgfyqy{tsNrSg2^G>Kc`DGFQ4b<%`FwbJz5drcGiyOpNx`V2QL
zCrlfxa^fl8Lz?L4tRxlW`Ua(R#iVGtwr{0Kd{9xv!JAkKT2qi`t3OF8o%W#Sd<}NJ
zVI-jUvAV3Tw}Liaw+!AFQx$X!Yl46leyuN^YSvkaQP~>p8@vTMSZ2+i-R}I1O<EGY
zj#WahsvH;3qqn{TyYRX8ECIE~*@TLZ5`f2*{KBtaGSeY;Yqq>=JmG@BEAY^k{YIbZ
z%@_lUQa|7F&Ss9yQ2_Rl9&0SK=DSvzzFbfTH%t@i*-8_uP1@0Q(_~F-k*Mtj_R;%p
zkSfQUzpl=3!*a4_b=SDR8zjn}RQwbrWsON}e7df0m?rigD@i&RH%Jm(2FmFzo#h)B
zljZrG%9EP7ahlGXG_gA5h#RB{J#?xDh55MCrN8JjC{Anb;fv+8Mx6m^vPLhbmA`;-
z$j@;o<*W52s@U_`PoFZKTT+H=T&tbPRjz5hJizWx)>MhHtS*)J34VKi<#yYhwyLmG
zu>t#Ws^?S^3ktz+cUrqsp$no6URH4vRY+DUUk0jErK~dG)T#<6&^4d1(&SvH)tNNm
z0IQ?#GiiE9oySU3%H%<($*OrIN=Lp)qBuXa(zINiz)q7>D}_n2tCHpPq&nofX|h~r
z(FF8n<;3YE%SpG!o1_W7#HzcO-&2|fukBMeOA{ssR+`>YC%8%7v7@t`UR8%&x17Ww
zu2GRucbpL#A6=K?^aeenl0F?hmQ`EOSeYKop;Tky{H99gH=Gdpamed9MZQm@3g$O{
z&bs{etjikdQ)WWs^t~IT2_48vlWrKr^`=r}&7YVcT|fydJ^5*%PLS2~5Mh2{%eX;`
z#;;RKYGkcaDYC{3tBlx=ipuDEX~LLcrKup-*H4qR65te5{v5@ApdeYCH%?trGKa4#
zEGW(!Sx`(={v6j&75#vfsDk!)!!&V9&NRKFTWmpVy6Qn|^4Uv7=yL6;V&BJ3=hrQ~
z-QR+?4d-XIaXLTx0ak{zzXkuO>kbzo{uZtc+M|V4w!Eg)*P(Wc3i{o))A!rgRha4c
zWqe_}ifXUGk=H$8UGFkozV;_L4?}LO(kjTiRa)XT>HHHZURPtdu$N1(aZnhcaBU%@
z7+pWF_>eMd<U?=ba&19d$F*xgd2M~?IIi~5Uwup*hFNO@6B#O3C5D8mnWU92j<F_P
z@FP|k7u35|i%y9ZrpulivdG@TNu0KI)0A-qW}(&9onvm8GHZRnO4{rCJVmuxoHn$3
ztC=m=$J``soL3@g%#O6O!j!T8t$7K`%&LFePtg6|AZ;vZyFOX}1Exdr0Ou@Ep#4{=
z_K&uC9IeZm$DmTJ<#THq^Q1bepa-PT19&rlJ-}`OxST^~3i6L`%63-ewtB!-53V5O
z+DXREcW{Dyy})zmbY1XZ#IeT_dlBApEj)$f#FTJ;{huw^9!Kn(07%ky9lwzirF@F4
zzG#naC@b_XTn)Xf<2Nup(ju|g%e*=%I)wNQ1@&jAM|u_(@^yM-npD_+trP|PZnr6<
zf+X3FrLkc4y5NRsLVf=<Y2rK=Wwb`;`9@`APZ#V<MyK9xoFcaJhJvxyE~S9K)XwuY
z#bh_7=iYmoFeISjUc~|LF-`DsNYk|~>H2BnvT5NA7gyHTZ%ejE#EpaEG+Ar=9y{Y~
zPo@{ag~Ek+xBD98ehaUvQ+7Pue5*447V$7k^)7er^Kfmf%0#QeM9pe(mY+~}$^3<P
z$uPuoDmQA~kHJjQKAZ!K<>hDE+gCjp<2a7m_wZh&Pqg>g^)2&5<ianxu<oWUm-|cB
zq|<K_SC9vEfA3qqg_74PGhy9NTjShUnmP~XS!f*KZkh))L)=L#$OGzPBENu{&xJML
z^R6kZiz)MgVb8n#X89OEq<0GQ;Y^jyf|7k(^Y!<V5&NFt%Y`|~`*K|ymc#MBJXLih
zI@)vh#xORlY<~go_a!?LeeGWaz5C;piLLE!(CIh&5{ufG-5YDK!VTlCb&EXyStI`H
z6aK0*{>sa5S0C=InB12R<Hsi>{AW=YX*K_C_Ld|)$?9aFp`>Ec71+NV|9PMJ_$^=m
z<_m9p@%vBx_=(e=t0fmoYr4w4)!ve&C6npx6Z5w(dHUhNn6J*gv&t2$=qT|;hozn2
zmUP8Z@8X#~?ge+*wH>TjP+wOu{O-2l9}GWwqQ)uIjuM#-c|CO%-4FkZ*R#{ZH1M7p
z-=}~5*bAq=c<!moPgEZcF=5q*CvJJ-o4GfZeLwZ%@R;Xx36fO0xO6zO{dnzjp@45m
zwI};?t}~;)NWH7UYtHVS8%cT>G)DGsi=<sa@1pJZygaXCrtf3J-V&+pAA2P>QsPCN
z9li{9J9mDA^Nt6q>gM^D-j%3ti5^JS`+8G>jvim<4_9|Q=nH<TtK*Y_j$aJ*q#_+F
zLoGk->Ub!W_*A;%;Yi0L!}VtAeO~6T7fF8QY)4H#pE#B~wd`E#a=7}i5BdCe_(U8M
z;xnH)n+;~DwBMXBPvd@83<Ki`GoJ7~#XwhSkpFF4{J<9D@;!hTzIVV1)6F~IBz^)P
zqGde3GfWkSA5vo+zVrNy!_zSvwBLXi!&Jv|ACJ{>$RERt$8N=ofya`|@uL1TUObNa
z4!oEL>R-Z(VXAXI3Z2LBeFI*M|2kfh=96Ht^F1(wW#<N;Qrx_*FW1<&z8}xH_BF29
zoO}GqM>lTX;Bus2S%XhPuJ7-{Gl5Ijx*7|jW1p>md=ozAxbAv;v+Ezv^|>0a`8=d$
zi)v$P?b?oYk3ZJmYfM<8N=!cHRLQYoPo0*+T_z!GHcs&jtDQ5X1!ZAUfsIX@H*T`a
z@jCxYT(=eMDREU4ZO<&)t}5Ebmt3fD?PuTQlaqF&Yd_z~29*yb1r3LfTHcc12`aI^
zaWXHJ@JoSJC~@ISC{!qM-J!O4{0E#a${p;6QUYxD)%cS64{!$pn{u_Q%2j7=+5Z@y
z@g#6NW;WPlt6j6K-;ve(U7I)d_hr{_S+~|zSpCIyzG402t_|xptl9J#MzouzUFT4r
zT-OhyKD^{NAZir{6<eQCGSw7PI@2k~CKNAH+@d(6xLt9F;!edY6!$1zsd$y*wTgQc
z_bJ|_nE99VZ&6IQB>FbRbW5T?qj*5^F2%bQKd*RD@sQ#@iuWqsr}%*4gNk2Kd`R)I
z;v<TWDIQgPT=7Z8rxcGXo=|*N@j1ok6;CR@r1-MpD~j2<q|AA>Bs^U)rz4_QDxR&F
z-yJJ)_?ybYKE<3uiyl;5uQ;SQrZ}N^k>VD`8O802I~4PC{E~(hihC5VRJ=;@TE+Z+
zF|pI9c#~p&M~1}NqIj#~ZHjj&en#<t;$4b&D}G+_pyDCLdlc_gyif4~#RnC?qWF;F
zVZ}!jA5%Q4__*SeiccvXS3IHktm1Qu&nuo(d`a<T#a9$_ej{~Ms(89$evhog;rC_<
z&sID~vGv=I#-IC?UaL5$xL$EcaZGVS@gl`7iZhDa6?Z7^RJ=lQkK&bzS1DerxL0wX
z;!TSA{kBq8TNH0qyiM^A#m^`nP`pd=ZpF_l9#lM}c#q<}iuWl#p!lHTR}>#oJgoSL
z;$w<O6(3i8Qt>Ip<BBH~pH+NL@p;9QiZ3a?toVvzel|wxs8sQE#nx|kn)Y0&^x2B%
zD4wU-r?^&eP%*!ESJJ@m%oXPM-3s%&YK8edv%)QkGm6_4cPQ>u%<qF0JNzzJVSW#*
z@G8Y?756IcQ_Sy3m1FxAZ&AEe@ixUf6hEVQK=CfcyA?mLcu?_>;ysG@D&D8~fZ~IS
zUr~HW@v!0}ijOHCReW6WNyVoWk1L)~d{*%}#pe}ID!!!nvf?X>`GqS|U!{ttEA}e3
zzQfk^1?#t54bM?=<|+0mu2mdVZ2k7Du@h2yOmRXnzkgNI+@hG@`6qh2;ts`~idQJ^
zQM^*|D#dFR_bTpFyh(At;w_4|D&D4ehvH`x4=CQHc(>x`6%Q&NQoKj;Ud8(qA5eTy
z@hgfCDIQjQMDa1jql%9!KB@SW;&H_jiq9%Or}(_$NyV2GUsilYG1r`=%~-$HYue#-
zrF#`uDxR%)j$-S#eT^MlYPj69`QQF-Bl$hJ>DYE-9Afa|<;I*$f-sWl{GQh}@y#+p
zCF2-7JdN0&LpJMlT(Ou9`;5!6d$w7^cok_T^E?+7-vdqb2NnO8;=_u6sQ4ayS(J0E
z;?FDoOT}+1z6+U@V}DWc7Zty%_#X}9%@x413y&p#T=7oDf2R2Ria&@i7L#LtLGfo5
z|B>R;if3RkMvlEt@so<bqWIg2-!;to591&0kRMX~tm1DdzNq*fEP=_fpH%!g#ec5&
zg5nR($RGPL#ZM{zW5sVNo{Ob6o|o;aOYu&{FDd?e#UI2$a_kbtzoz()6@N$ZO!O@|
zHm&$^#a~tYH;PNpC*;_uVfLFx6@OXrUn%~P;yNrN(hiS(Q1Ndn{tLxFQ0&J+a%`94
z?TY_I@mq@T!1AFSd%t1!^<Pu`b;WNfz8y=AJeKkASNv;=|5))E#WnCZa_mPHe^&8J
zir-TF0i4h|R`IVIo`>}Ok>b;eE3ml9V;N_$;>Q)gp!hY#{Cz?>Hllcq;@?qxRPm1#
z*WpY0#Lg!bFG8BA`|wV_4egBKqj*uTH7xpCqX+R$7JakP>+wz&eZc4;ypu)$U8BeF
zP8R(oqbKlA7Jb<0Oe0zJ?-;!W?_|->89jq{vgo|2&V02)Ba6<*7^!zaCyRc!(L14&
zMUNSM1$46L4;Z}%I$89UMqde?EczCsuYyh%{c}cV8IwhS(dfO<$)a=3hw1NwP8R*I
zjlKywS@gd(dOvis=v;fDoh{JGqPxtPyA?WF^m#_#2AM4S&l!CObh79fqdx<kEc$Yz
zvyG5Nf86N1pp!-4YV_UE$)bPR=+8qZi~d!k4?-u4{;JW3pp!*^-ROIulSSwCILl`*
zbh79rxE`Ut4?0=&`9?ngoh*9P=m(*bMPFg`SD=$cUv2b5(8;3ndXwiJhE5iJx6zM4
zCyRd2=*OUwMdx)N?TkVvi~c>MABRpB{gTm7LMMw}Q)=5e1)VH<t<lG!lSR)MeF8dJ
z^c6-w3!N<br;UCNI$87`Mn4aoEc(}sJ_(&H`az>#f=(9wb)#Q~P8R(wqhEne7M=5L
zmYWNGg)Dlt%tfJ-MUNSMI&`w={2c|_@j@qyzS`)O(8;22Hah3TWYKpUeGYW8=r0<5
z9(1zk$BgcSP8R*7(QBcTMZawHAat_m(~x$izaBbS^m?O*pp!+v*XZ<}WYHfsdICCG
z^gg36f=(9wS);c=CyPF0^bB;e=tqs-4xKFeNuzf_CyV~iM(>197Ja&z^RIwT7QNo+
zJ<!Rb-)nUGezNEf8+{dYvgmzAUkjZq`YxmQLMMy<`$q4BP8R)$(KkUSi_Y&gXMOcU
zCyV}1M(0>W7QJ-39e*oyvgiwpz70BA^q)8S4(MdjR~h{o=w#718GQgcS@bU(eHV1H
z=wCJZZs=suj~V@W=w#7P8hsEtS@cUrAA(L6z0_P=?SW1fJ!tg3(8;35jlK^$S@cgD
z{Qz{b=)Fci2%RkYfYD!pP8R)ljeZC^S@c6jABIjA{jZIF1Ugyt9~k`@bh7AIj6MpT
zEV|EJCmx4R7QNBvC!v!??=<=;=w#6!G5R=kvgl76eF8dJ^j$_j3!N<bOGZBjoh<sW
z(a%FCi+;xFlhDbcPa6Fabh7BP&GqbM=w#6YM!y1`EPBT1oD-2nUt#o8=w#8i7=1c)
zvgkXE?uAYkeUH&Ap_4^_$>_78lSMyi^f}PUqMtE3=V)ZnOTBi#_CY6$UTySR=w#8G
zjUI$f7CmkBdgx@)R~tP9oh<rhqsO3=MStGt3Fu_ezh?AB(8;3zPouX$CyV|!M&}%p
zEc#`mw?ik3KHaP*bU-JIUT^eH=w#9FHTnwZWYHfndJlB6=)Y|AmC(te4;XzFbh7A!
zMqdk^Ec&p~d!ds>|CZ7Fpp!+vX!K3c$)f+n=>5>iqTgxOMz%mFi@wn4oNJRsUt#oZ
z(8;2&Hu?_eWYKpT{Tb+F(VsQ?0CckGFB^Rqbh7BL8htl(vgqfG{ycQD=$DN?2%Rjt
z&#dPRK_`nIGWs6qWYK$!z85-K^v8_84?0=&&l~*!bh7AQHu^#6WYPc3=&wL0i~d(e
zKLnjD`gx-dLnn*=FGfECoh<sDm3DtW2AwSW&l!CbI$87%qaTM(7Ja4BPeLb)zRl>T
zpp!-ag3-sJlSO~o=o8S%qW`7Q&q61Q{&z+{2c0bXKN|f!bh7CDJuS|2CZUr>4;cLt
zbh7A6jD8t9S@h*bzXF{s`jbX?;Tni6`gWt2LMMy9*XYxslSThCqkEx~MgPByUJ0En
z`rjLUHgvM+)2r?L&Vf!Ay~gPCpp!*U7~Kb*EPA`qYoU`x?=yN3I$88zHF`aCvgm_G
z4?!o3{@;uqgH9HG)aVK5WYNE4^hMCgqF*t33v{yRx0$ud40N*SjYe;WP8NNU(L11%
zMSs}nozTgm_ZfW!bh7CD{V}$;9_VDzzhd;2(8;2Y7=0CVvgpT+z7{%J^h-wXg-#Z|
zWVU_YKIml8?>71-=w#7jM(>AC7QM&lTcDFgf7Iw(p_4^_#^~FilSTis(RV;6i~iq@
z{tR@o=*Nsc0G%xQIiv4_P8R*L(RV{9i$2e+6+aK1EPBxBgV4#MKVbAB=w#7X8hsCR
zvgq54z85-K^j${Z2c0bXpBnuDbh7A2jD8S0S@d&8e+4>O^nWt?A?Re$KWNsshoO^2
z4;uXlbh79V82uP@vgj*~J_?;I`Zl8<hfWs#3r0T)oh<r6qo0CK7JbC%<Iu^XpELRd
zbh7CGWc0Jp$)e9QYx3uylSN-(^z+ckqIVj75;|G*hmC#-I$89mjeZ$AS@c~-zXF{s
z`YT4~4M?)+M~z+zoh<q}qfduU7X7l(z0k>`e|V1FuPdRGMPFd_+0e<NcN%>Tbh79V
z8+{&hvgq54?t@MieV5T|p_4^_$>>4oWYPH>QuKTE(8;2oF?t9(S@cPx$Dor%uQvBS
z641$_`;5K_I$89z(OaOCMej6v20B^vextWTCyTz_=pE3>qJPckozTgmA2j+3=w#9V
z#^^oJ$)cY%`by|z(aS$*m)k1nWYK3EeJymd=n13uLMMx!HF_U(vgrK%Mb^tE=w#7<
z#pwOe$)f+R(YHV+i@w+BTcMLhA2s?m=w#8qWAq)+$)aB|`ZLhUqTgojNew_Ji{5DT
zUC_y*FEaXW=w#7X8U1<aWYISneGocX^Z}y}K_`p;ywUeSCyV~F(f2|pi~g5J-v^y6
z`YEFyfKC?udqzJ9oh<rKjQ$FAvgkAB+4Xn`I$89f(TAavMQ=9x5$I&mJB@w}I$89U
zMjwSv7JZA+k3%PmzQgDzp_4@)H2Nv%WYPbd(Z`{aMISNx1az|KCyag;I$8AdMn4Cg
zEcz9rpNCEseGYzK(VG85CyQQd^h?mmqPH0RGIX-&9Y((boh<rVqw^UYvgl75o%aOD
zqJQ4#d^U$H`tKQ?&*_jw|5Ky$nH{p|M~prjI$89;GdiE;A&dSGM(1-qWYKXs<C=|i
zUIxCAkwxnn4l<TR@o5}e$8w4FNgwLC#InL{jE6zc0=#D9z<#`c#_;Fxj-QFObTX!^
z7H`FS!0-;dH<NiH1oCZ|&oQ*)MV;v(--dY)!zb~QbFCsH4*p!^+n6DQU&4zz(@ee%
z>vjxGACGOo`*AYL<8SfqGkiDR=NmqW_eL_-Lm9|oCky7WkK(<Hj5tgu`8JH-3@h=X
z&a{ywZJUkGw2>wLpBkNIOP2T}MrW~*r5ygJ(J_3w$hTGFp9yaGd<LG|jrwAsT{i^;
z9^*Fo;<m(Rnk2pz$HcEy@k3-&o{JQ>D_)^^71`8FpW-cwcaYJR7<S<$Jg9iD;)9BZ
z$t-+?QM`mtDL$)sQt=hV(~&1RcD7=l;(9Xbogtw(qqtM?O2xg3Z3{R5??V(E<}%f3
zeeTU?&d;Mww(*MyHn&hj7+QdTSofKSHy+P;tlOyB7JDmTi|tB+*!vg+ecoQgWBZXH
z@jeQH++ubNCGFo0=6R{}#q(~!OWWH5dyFGN?Day>_Kw3I+Y;k4&0_C2z}nt!*wcag
z7(R~|*)%Qdo+xz*67P!;*wk+p@AnX=_`IsyS?QzgFX5&0QG2gl4$KFZ-<^CM0Bd`D
zkq`OUF?Koj{?Kp>MT8LSb-+>49+qz%d*1+SdlQI5UnfDzc^HCD-`0n0A4_{^HjcgT
zg0;QM+Wg0jvCB!{8-`mbA{>D|_EFm7_`!3r9sC$CZEr8^eGi%h#$&jI7r6y5hAj_c
z{)Bhh<2WMr_^b}?h45nd!d+AU2Iw7#WZa+?@0*C1u*m*L8w_>Ep1lRzce`9Z*}%KR
zs|D!vbv}}B_jLb~zUCr(e%R|5Bg$U5$lf;CV?5^f1IixDQralc^*i^tTpyXj9wp;)
z8O?Pv=yGj?h@s!95B6sc0ovXQ_zm`H31a$JHugQbA=mHxn%B*K-z6H3MtoMd`R}`|
zFdZ*uoivF2*2w7#-Uk9f{0@QF`YnP%PrGNyS1Z3X%N>mPqC-J`e+2i)tNQTdEnzRc
z@-R9!zS*F%VzOF)f5U0dg_5zdtK~JDOM|7Kcxn2BrGfohvuOGcmM$&xmN;Me@#vj1
z=anv=A>W<AX9k3Q^}`G9lZ~C2)8IQJekQ(4fsKzr95%P5BB=>8j(q0<@?|v`zB8~+
z$UHWH*R6OlP?sRbvO}`5@tw9AXEt7P>>Mxyb+YJe+ziyoqWi!MQ=N-;c`m*)Oce)x
z+ls??NzdJ2KVHns5~a6;nI`J1@M56NRd~^{Q|Ba&!8+G_{a%E}*7ZMvuSQt=$lCRf
zIbRPTUz&iAny=fkY2)VpN7g@%uMXf>4ix<CbN<T<XvVVe$eN9xV%#Zq6^qxLR=(0e
zpYz}H8x80~bVYDm8jM|ZC6@QMng2^%xCy7i&A-E-OvUE$(ok)=q`<p#zchZ?PtTbT
zC06C??b%MZV9KkJA34HjZQp9mv3LZVUN!QwfEy<8Z1{<EE3mm#BY#WHHs82^MbS1~
zyc4*;-`O%<x47<|ZC6p_;x`vOu;h^?>mKLN&aF%LZCvxq{5k_w-{#v4Hf(yNf8*xd
z+Vxvpz)wB?<od@RU$^#=)$1RB<jM8Fx{hN1#sb|=lzhH~TW<Dq1a?>XTnKAlKDWVf
z-mP3X=h9MJv(a~1ems`UuE%kiOc!9WscN!Zr?MOJx@`^KGm0_IaCBZCGR`WzV`<4^
zcKd~7lK?XB2Qf6^#rW-bzmJSK*tA%#K|gAA=8r7bUY{^J^Gd!=<yWo`tTK^|BaY}+
z`52w~musn7#UaIu6f><7pY6$wa${J9mvEorEsA$2-lcd@@m|FT6%Uh3@DE`WFX2;)
z&yrby2$OgTUs3#?ud$3B>l(|jb&X}1=Xfu{he#X(q#9yiZ9=&C`e_(#koCm59FJ!_
zZZ9_5VlRPh_FV~Lk2<-<>==bT)+z0=7{#7dhu9W-tX~~?ZU(M-kWCd>ZI-$OiMI*@
z+uhCL{SxBv7=7Mbu`NOJu?~XH#}!pBJdfn#H^AB+^X0=!g4o*zLED>-1k^%fx$yjA
z?{~r4UO%>H<0V1t{SE|ekI$ISfku0*FR^zJtnEF6Z5h^qRy@A%H{8MvgbeKM#XIeB
z#1ebQz_iCYW%y^je%>PcANTR~8ea5c5}F{gZAf4ohPUt%=Jp0`=yoOhcs-``dtT+2
z(-leIBv_6Cx;~2yu1iP|{09iyUMUjGc+4-$TkI8IcZ|XB@LEoS*yFo#N!BjjXWRsl
zbt2`*d=+1JB+#xtXB}bx6MOib_}u0V`Cp2^*>y*Ave~-o@cC|j-C>mn(igK%8AO^;
znEwvnes+Ty<uwz-DQ9h}+@`{7=T^Fg=qtoq*hgRceNm{KpCZtgvi?w-R<O(0Y~W4m
z)^AwOe!Y12ARc|q&EnM?d(tOqZ>m1YabNezjo6;5PZqcNKR~=RUJ@i9eAgv<9^0$%
zVwzb7>_bzv`3@W?HW0<(b!*l<^5~}g?`Geu%{PTY@43y7^F$~}Y4g+m-P(Nbll`0f
zbE~Jg`1#kgab`;b*VkCCH*0^aU&gyxyP_|AFYRxhv3IlfcNgNlm-eUAhC^Ize-VNS
z(stHt$gRn@miK>S{a@35-uIDqqhg!l>u23ZZde=9P2P7iANl^gz&H){_I{hU3*-MQ
zZ65Q2pQ_D=!?8$nf>VQ=&xO~10i~ek1yOg1#qu)~YJX-@@_s_zFM;<<;6Hi^=<C6M
zO<w<Zk1sxFPqFa+wp9YX_&@Z1S^S%q!0^Ah#rF;Vtd+pcd=!41BVhmT1)in&rr$T>
zt9hw3;HjOqdU~MVjp-p8Nx)ls$LeW8J{D(h#j&->*;;}vE_2!YK7lPh5Qi<VC(uzl
zJ$%e>J(+>~rH3ayxe|Myd0eCLcR=dgS4-}%vVU=7GP1qP@9LBv-6(H#1%@i^V^4c(
z0=LcMH~Ziu7d)dEYyRR^c|;?yfBVq|F7LDr(;k|(beb>XbAAhC%rp4nz-OJ!n(t1N
z-xF!@mVX#`yhhrq7S9wrW1i8`d8G-r#Nl@S36TNM)+-WIVhlVkwC}f^ecqi|1i~{T
zN4dJnv~eAZ?{55h$WCyB_nMy|aozv;r*nPl*ZMMTtsSYZwnth&-qqdq$nws%*5y9?
z0Rfk*t+mzH`l-#IUgvv!W54fFJT|b_#Wh8Io4s$1t>-rAoj4b779+}r+%K<tWYecs
zySmqHUjOK4d~0%jee2fxer0`suW!@l^`FMgW#2Ea`%Jy>G5c2Y`o|yhA$s5XHNH)`
z&Heb^y2o>?`_}pTH~R2M!{*$Ye%Xzqa2i*q9T{7`Eek*6TW@E_?^@p0+8GW<y26N)
zNyl3wsdTnE(iUxMYi>@2;?3!{R3;KiSj(?B*l#uI=B8v@Hjz$+V$o!{xveeJmPm%f
z@lYfkv6jyYkB>J;5}9nOwYjM|+{$GSS2C7}N21AOvMJTn)`oL8HD!~nk!&cLaHSH-
z*0!cp7BOP2p;RQ=7HSJ+v++0<VR@{Tk4VDGN7fD*^M1`6<KHAsE90~!;!W{nYd9Q=
zC$q6=CX<N7lF4Xmq_wTBsVx&#cG^NF#G6vlP$ryChN6j7IBexB+#E(qn<9yHBAHA_
zGNIN;qB#_AO*KVYo6?D9+G));rCJlwWK%koZA*uvt)WOJ6-h=inYK(km9Wlb<*_-W
z^LS0(M2H(uX_Q^pyqmaIp2Mxlc)Bgy+7wIkyy<2nE1O7W6X8rO6H8@Uo0^-lshFKF
z$+UV8XJf62Y%&s0p@3Rb$aSPCjzq*#Nz`X^BGHy@ibo@fSaWl%IhjZ{Ct9P4bUKL~
zr?agItDQumDYT8Irf9f1k&MMNP037aYcd=O#UjzBa5NrIwKiqbQ7f)hCP};fUX!sx
zp{;N;n|%*uQ+$k7M$NHEIMftQwlyVN6QQ<vD4UA6B~$5mBod2;Vo6kBBGU$M5RNsc
zt)E_U+FNlFvdLryeJ0w>sI7>bj%6Z|M3mjp6;32FDV!i3iiVP*Y;zn%6v1XJn!>J7
zC>zUWL#Zs9Wi}fQg{|_4hm(<XvMGzQ%%tLp<|uZA+cM2*bel{DMW0Qg{2;~A+rnY1
z-yqrVsZFVB)@Y^mnv4|+#pNh_+nCREEYuWAC7MF5p;$T!2h<e9Q;cY6p;#;(O2;$t
zG%}e^MdG1!G#QJc6(ECY>sE>wn(95=oQkxC(ur&++7?FljU;1DO|4DvanX!*-Z*?n
zYZ`@<j-|8lY%~&%CPV3DEES5jhBMKo=GF*&V<d`GCPJBJbZ5vBE5GSXG~OIdB+^Y;
z_$(x*H4@2W+nQT5u_$~%2!HWdyg3$&WttM<WD>ax#oMA*nmfDhU)lyo*9}Y3Pm9y9
zbyT$zw9Y)}ZEZvA*E!y9%jr<Kxiy;3v}VKTY~c*@*%ZT%hQ;Dd=)U1pGLw#E(~)=v
z1rm=Zo5KkdU@{hg6TbQR(M8ZPlG&zAG87MI)0r^*0h~ZGl+1*zF$F#xo*~+rX-y>(
zNJ(pJGzym(i=^8!*<`4xHHvyjpxtJo*+@K_M!BcqDw3&G%Id%IOk27w(H3h<hEh$L
zR9kZ!8dD6eH5%eTguJAq&53ZLwGAgm>&dpZrsL^QBpXgyZIAu~O|78)o5Bt|g<b@@
zoHesNWcy!f!>SXw+~#OgCXq@-Q^{ysJRNOAzMGojaF_|WiRLC$Q*%1h+S(LN!!JbB
zt!>fPXd5ai(u^)NMLJN-g#m{&XHzNoh;TgFmWXAe>11mPgDp-SX=<|Ccyl_8YR^X6
z!jaZkBo@cmj-%R|nxm;$EQIQahobRJA{;>-M58JAqZB$&3@J}0&_=9rEtW;2kF-Uy
zZQ)crn@lG#u)~9;;;o@<vMt;kVcMg}S~?nTYHMw4O{be<q2@#seZDE2wZ<9NQ8e-1
zd{kjBui0|^P*IgS<)h2)nxo&FaI<q*b&LWFM>uX^CW8`*p=R4cO_**)vx!J1oD5^Y
zO|~|-W!n<r7@SZj8jgh$iEL9S9L2Q6nl?p~2{e*O8=_|-@Sm-TwoE442LIOfUdFa-
za?=Wr7DIhvt`o<^BMZls3ZeVQ66sJ1qXw%doNP{^lQu<?acfSJN+mFniJ-e8Qd2aZ
zz~rSh9&Up(4W%;iSaTcvMjFF;Iu%c*;Rci0cr4r&N<^As@WUA8(HA348Pqmx!V{&M
zVohzxVkF)i!jQ`P!03o>&KX3cInvrpZ_<`bq%q6D{0I##o5;d(r8AL4G6lcY+Lp|u
zqTz59z8T)XH55uUhmb0yB#zQdVqO!Af?JcJwp6IC$to+hv8G7a@&lNy{d))3zkeE9
zU6|rD!S&GRw_#qG3bVvh5j2W)bD}90YHLejk{XXRr7^8V_k|Bhq+^)lB0eT0=-!yx
zCo!iDx3yw|gf1O!#*{ZiAC8$$HWWw4k7lxoL^Km=jmENQHZgSi4CX>jp=g#f`~UrN
zNHv8M&53v-ipf(p+1#9tV+;s|V~K1$l*E`3LSmXQ^}?u>Y>lCn!vkg0Xu_D2Vjv17
zU9HG1dMAzy#X=ZqTG9T{&C<=y7{r^>u~-B>6|*T!9-1%}Kr=!gPNcHUI3$*dX3{A%
z%XCv)JdW-hZ%RfI@P?VzFeb^Exuq~yj7HJNFy}}#HK$+=O*;;!5Dm9R+L|ywfhP@z
zadChSf;n9>1&1FB#n9hVm<MAhhL=ufFvq~eDHcoOngwaXpchYZ#6?ev;$kj>i9I|`
z1Xoum<p?s?ioS>IlyEeg%HT>b9BqoW#zP5An&Oex2)#|Z4b$)DWHu9S#$>GUcQ`NL
zcR0sNua+ft1pDuaR{E{m*TcM!?k?wpAi=eBTkjtjj^fvU0~>g28~es1Shn!J>$})d
z%g=TM%`Zb2e|V$d^CA~KSbHdcsC=Spd+6@xIs?APsy#>VcAY8-R^0R9QY>dIt^IyQ
zprUr`JHBYB<<-jJfDh8NzH0C7ODle1aqvF-)K@*|=H8ii^i_H9T3Qhqn;vK^wf8J|
zH{Mt2{f(s+f4w-+$loAELKnQdq_1*b+0u$nLYpSqC;BSup+&}K2YJ`didVDI?JQpe
z_J1+U=aI0sz>|5d&DSnZZth6#gC}wyIFp-mF?Yvl6yWFIS~_E~S=GUc#+juvD#Ln(
zq<hpo`H{SEx2IxhMZua#U!VbB*)y{La~<;=jGYFr$3J((|G^Xf51jGOx#+*6`tT-x
z4hQQ=w=M5n?(2M{tYu@_W52PX<F5E!8+)qnF5BcSd$9V!^ie(^^R?NxcYbPD=dTP+
zJXZAtKF0f4Z_Q)7%dlJ$-#dHm#|w8oQ{H{<%IGP7zWP^WZ*e_X-PyFObNSFjTNP#!
z_<`Cqe&n@;1yha!LKCse$NqQ_+STwaZ-4X6H(vYx;U9mUpAWiP`e4;q`Dfhrs?+hv
z_6b>X+L>}K`HJUg%K0qNQm@zfJ=tzgWniqmE)^J?Q|Awi1?$3ru|(Z6YvIY$9!~h>
zC!5DS-6y=~(?R#6)s<F5^xM@r=D}J}aA~^-ZPSs?cSyXML4H~c)t-;1q|wpHkUQWn
zlPFg@f>rxQyn(t3b9|yIe|{7u&!Z(aJ#Teg#i0Q?x127x%(f|qW0k7RDoZ@z#<pg+
zx$P)ZtX#c)?9EfJojZK_>(z%_u!vYtwslokOCEHu_uJ*#Q`H&SJ}D)8^ark>d&#pN
zyyutkgif;);wN_}@;|vdcgcsQ$&y;lPZF}u#&xu}oVC8=i+#=qy0F&wtX}K;aI+kP
zwZ6Y~rN3Qyf4J-0z6Vp?XIyCT&X2BR`EztU5pJ&v95HK+=q2Y9sV=`e@C~1o_UJy;
zS<2ZOZTA<h6Sk)k;Re&=xo*h)D*pNQR7=d)QtQ|o-<LpTngh`1aJ*X|k3Kk~!Tc8Y
zm}lG@Y#10>T7fvmr!kF7XCNOc|Fr3BvLDYVOe1VoNSR0)3+<si9dCoP-q;?_Us(P(
zi{BoestnBHFv}oZPzL)@qGqS0R$45!_bskaTXuaoWpjQYSn;*$+k%UOo@r-pfp2ib
zUD791KUzHl9@g*lZ`+b8h0*pfykBumIvo?|oq0_eI`uR<x^yN|?QEmo7NXu}B43X7
z-r^Ld0(LeIj1-j*Q##`YDdql({QjwINKPdG0~>_)eZkph*0a0eQ!L*))p~Z3SKzw8
z^0{?YNjH3Mc)kBKDdih_+|E+}&ed?ni%W3>AQb9fRr{RJ*S}<z=jg+3{`U4m?jQY5
zd9bQ0=dN?-J%*4qfWvnvH(uyFmP=0PJ3i)?`vepB>9!8v@t>T&Q}dx^QV#GPt?to_
zOW|ZABbDMg;owK7qk~u34x#(vw1hkIsxP@LG~e{_nvwFvvNT-C5hHZJRMu0~^^M90
zmsyq?j2|C(5$)Lc-z!f$XXVGAF%abMFXU^cH`U{B4{Hy$^Mh_zw>KU6c4ac0{<iP_
zWw>oIv)I4&R0Y0~_itAU69*sIy>fbwJNO$lXQsjH)m1Ha`V#Juq!NBf8GGW=nFaHM
zQER_$-|#b1G*-_oIv(w^RNLe6sxPx=n-ZDoXv}6%8OjsWx+yO!bv*lZk01Ba3*s)5
zE)6>e`5a%b=lJuz3EsD&&|6|274dr<_i4?e3d#*fMEoUA1k1nroy}|Gvz!aZ0Na=N
zl`nx0Mmu&Iu5HuVw8sElI#Z1q{_Dp--+@NHeeg`$Uxwzba&NVXf>K^q<TY8Rsuqgo
zl*J`Zuc}(mH7#mJk=MPp&I|716}4DcSMBTC_ImSj9!0BDejmQH5q^C}QOkQzaWFop
z)@r3xZ_{Tx+m6pxEe~Vc$2hkA`cz|Edl+p{)l<P3Dt%7u=e^55$M3`6P2&U_GeEw*
zM_+&Zmal*Fg*U$V{ilBX1n1XsKUcYAPx)i6kul%m(&2jJ5YMm9&#XsZj10K~W5z#q
zKRw4gtHEn`@uLqr^Tn$k@%eRT>W=Y3-7ucF<o4;EcZmc3$Si45@cY@N&YUsfo?K|+
z489a}52Wq$)cj?oj-SF<*ELr8Am)YWgeEO@{?QZclujP%{6YWdi}}&L&fnu7{YJYx
zKQ3D_3T6Oy9No7~95uT$c6e&zmFzh1oX*@NA4l4@otk{n)j6I*{AG`OV4aLS`<xyZ
z^jq`&?s99szg^AugZ|<>)z&rMNY1m!+=?Ib>^rll)NAHx_Sl*p^+iT2rO*Z=gMGqY
zPk9NiTrnSO@Nz!pQI85>&cN?>FovD)cCemNz-f#g7&WaVFluUXz%j3kRUh8w$=x}U
z`|yd}htA~YUChm`JB)_;+JkSNF8|EiW)gC^Q(gL%-)~JpdS6>*O+t>#BxGlXlMu`T
z?swl`b-(}q@cpU#m))OB=cYLiCyaS&x;_>;?32p6>KQmwbLaudb;Hc;BDZW{-^H3m
zOJx)L@X<l^dDFxKxk`L<g>2QF|EOTVUwL$a+ZFJeTvvW%sIFu@?d;ya9fx{LBDw19
zE$+GR@@fy|JM(M5J?b11$W?cDxzhW$r*oBE{>tv#Z^^fnD<>lUYH<v(H11jLuZ|q8
z417z9J6DM$be||oLqFmRe9NQ*am%aOS^U-T@m^;vp^Y?bbRDgvUSwyy3#aRP)wi@_
zcu|2Z$xqr}IliLzspAj%(*7BkuLu0qc0Yw(q<#GMpu6{}hbr3NTrBM(SGgK`%@jJ)
zy>E54$`$z5k17L0k#AkDj1FyiYD2|CGuulRdxOTn_?fvsK<o7WKBAB0sz&_Pm*4ch
z^Y>pphBJ=%tFkD23nD0mcWQ!%?d04R2;^pYXLx6)b2VpjRaa-EbGMJ=?iibKA~*YV
zDcq;Gai_=S{czWit1DO4`9t4rr^ipP_Ro5>+*AGu*Wz-qGv*2SXIaMPjSc@?+2m-I
z?>=8m$<^B)@Xqp<Z76G5v)$M9++!tkd!Op^&u)J+;;(S#nn+jovsFjWy&LgY&5cHK
zRgt06w7;q)I_#R&;tITg6|uWBo}=UMcKL6A^!DB}-@aVgI0OTda~^-<R%k&_?`y2{
zk$jzZdv2}#!BC*lmG)P#+DG!$?k(%e-F|d7zJJnA(qgYv-gtWM53<Pm3>4*wT+Qj3
zSG~tx``QD4gA<L-yjpR>U(?-H7C<rrsE5`5**$Nzzn1VgSI3Bks;t?0e#C#r3IA+w
zW402utkU&X2XeRX#0P+77k@+1;c~?#Mn=8a`&n;K&Io+#C*BYH-g=JZvoPEe81^kJ
zyXOm^%0^w|4ZTnG97cokI_@3w`pI{zmTX-1=!fEH!qNo0)6?MJ(BPdpWcQi!$fysk
zJ#f^NPxsU1-U?nZZF#EqaL=1dy=d=wyPM1A{$Qsmppo3HW3Rn&_=Nv<RA2m$J>{q0
zMFEWXXPr8Hw8Cz4K(2X;T#gT|Im~g|M7P$y45QU}mU_@rI$O8*zP)PxbN7_aY=3HT
zMZj+c6dV-s`<y&^E8zVr8_+C#fq=_y+jCEU?YI8n&>|<<sLk?Qt;xZ3{>MZC=ia})
zoY#eD>8_((dqW($9=v<}caHc!e8T^sGyZuO{d1ok+V;CueC!N<e&UuVywjh~ne$A4
zqWZ9}cr9tnlZ2OjFm<*3%t(8%%T5uV0;`_Zv#|Hh;7UvZ?!bb`GVxg#JmZ1jop!XV
zo<u5G@}tNt7|Oget@NDPzxDimOJ{mZf;l^m_-fz6;r85um~39~1XDluBv#6H!;GC)
zCa+!hx@N5v6Q4Ak<l)M?H@%*^RNb<=T-_6OPt|>~?uEL;b+385>b_pHp?dUSWNZ%l
zs5eqqL7(EU4CJZ?{`mWETE2U%<mhzQO2?&D*PNIcL|?B?u3mI7aySuOY9}7^{66or
zO^^8=nilX^rAK_YHkCc2=YtPPF^rBJ1)3rl*}t6^hQT+3>3m#VGzQ-c1e{exdzJCq
zrWNygBKT%cptm~s5DOf=23MA2?Q(qLA!jaCgQaqRmAwNEIq<4Ukj2K__<aGtncJe_
z)pVKq4^})HnTPH<{wh~9t<^`gtL1D`Y+uNNJU2Jhsx#ZuwRM3KPUotxUl{>Z#)Zmy
zQ_>eaHBVR8y&wgLzA+H-@>xBUnTS_CTm;`fI=-m1peC*<(<_B#>cjftA@8h!D${Y6
z=H?+c97Y$a&tJ)_c_~%I@7`L9MuMhc7w7qOWGskS&I0B5OOdgJB}l<W*a=7W2eT|Q
zzT-#>f^V8CX()5-B_5KQ?x0@fQS0aSTJKb)ZO_pPALz8SZ~EV;8pAysdulc8EaX00
zx46RbAme8uW0lSfZrl?Y^EuNvtDkjq3U{i?et7iX(C%_=cZ0`Ua+KvWHyT>LEA(;R
zMp%ZgfoThtcE9)&@9giDyS=3?E&blx<9B;7aDSo{Geh_%ZwX4d@QC)=_spJMY^Jxg
z`_orPo3~!XF%9?vGvvd02KH`GwJ);EH-Bg%Qsu|3i%4*O)}99!<Qa{?uD3yq8oP!^
zh9>HHr(?nVU^Sv|z39wzZ*03n3U#XQNvn}wj}<g8$CTkkyN07f6Z6fP0s}8{t;M9H
zYwoDt@0-8vV!+kC|H}ABkPSP|){7W{&~b56-YF>h$~5*<%;g71?8sl*>@F&Zl5*_f
z@%iV3Zy0~pwei(;D4r^IKUlRs{24zdP)o}uF%DL(YI?3E>ifhj&(1EFch=IfO|9Ee
z&zSNzJ%@G2Pt5jYA8=vs(GF`b#!YMgYCjLOBb2u@!p^K~ZsbDA=L4ZLU!8c%KUS9I
zgI9n1Vb9TUQ7PhDaAq)KXSw^uTXhjGn2!bBDsjf$C#DzfO#3ls@W{xA8Ajpm_BRu+
z1y>ux)n$b{;Tt0UnZeEW?kj=fz18r_!KdxL<LSb^!I6l6R=oQ5!unn?{{*W0FW%m_
zp}0NnoZ?;)?@ywUe*M@Br@naZsmmDOL)Q3?asQjSH<o=r_2V$_@77!_hnMvh6<P4v
z!4tzByM{AE6S1lkZ|^0(`nS*BhN}oOb_`D47JvO;M!)UPx5aFk>zbt6&8xU!Rv#Yn
z<n9>B)tt!PekM2jVs6$251P;62VeWZ3mD1Wbyao#y0971F`j$pC!av;@l3RCpPawF
zCE)AcJguRG_pf?*MTv&e^BPvRxrY7R+9l8C0z;-VWBT%JSzXQ>iyRIHAFzvmjMs{P
z;jD*Z{iVv)`$Era?S~i7bS|dGJi!<2==+vBGZXL5aw|VaOWA4Q`R%b1zrSSlKac;8
z5q}M)m1q33FZyRyA6|tju;*S<2lUq$aEtgFpS_8T@wgd>tVl-IEqQiz&>I-}$v*{F
z2j|&|sX0*=tpCzx&({KFcL(O|oW}c$^$*RY*Kl0^mtJyVRIkT1KNH&$*}psf>@A7<
zxzS{O7Cr}`MX1l(`Phl&2j*m_eZR5WI-tAAjTGFwzi#?FuT6j3l4sK<{b}b@4u{SJ
zKV)a+&`7W&Q5{?wtiI>Ddzl3cz;Zcr6klM3bd~eFZTN1_d%HR0V!ONCo~LvhcT}8W
z<M%i|vi{vt?c-@@!E5v-@4Tb9PO<On<1$K*Ry<zaOS#}lV*TN2*;skaiBj<nr#<_+
zf)8_swqa(^GE9q8l6K7CR!fT+cos#ADU6lSk^Oavhh<NL_o$t>;%Tn!vt?}eOYd4*
zfweocVo{vdYx~kz37<o_PG4GX_od^l+b8V4l)lAT6UQQ%SCZKM(sY>@U-i`B11B&1
zcs1|FAC~eQJ;Nz-FpyvU9Ip>9O}x+(Z9kmw$YlcW5O_-yFNj%e*K^i6&?i^o($fZi
zTV_d^eNHhqy0&*&<D1t^r3=@u?77jt)hl;kq0>&WxBRo^U89NgXfQH5CopQ})T7V7
zvC<hu(V=zeTK2b|bu7p@Iq+;do?Z7PBVK$_DjKNW&t=^#5Ez+bpD{2R6yVpd4WsqS
zX$uzOuANWU9ggHG?|=Jr+4?s>b3LaxEBVAy4;*0Y_EmO8Uc~KNI>k*z>uImLxSlqG
zOP`s19^kMG&zHcj{As{*bl4^R@owDr`%7o#m-F+5bvar7z3LgSuK8}G)G3Oo{Lj&T
z?L1k}0sMOYy5xV<OFS$&e%<BWLFemSM|GnUy&wZLuEcN|a(sRjX65(%$+Ta)%QruT
zYXOX=iNn$u(4k&bk!E)KYQ5Wi(P7!&J$`3ksK-u9-Qn&4J6!kRhqs<hJQVPoE`!^L
zn?E#qMzVu-xzRIOT&j9NrgLr|9mFM)<Y-_N&TwRZlGlipM?c}>(hHa4=3@1!vcrS)
z!~=h4H}<r@I^hYvEk_3Sf9{@nC(GZ)+E3-&kK?Eg&nI5=9Bs$rAwAXX82PB()m6d6
zXe=m&_BVqsL;@ww1s$fN-I19Q|BS$V*ZGT%+~xNMzG2!_1pKOLRy~IUSOm9P*iL?V
z6V0~6>_ZsF+9SA}l{IJ-#K<ja%tc;EMDqQ%`|0UDuQ6ugP3NizF$2?Vbuq4F%!MY8
zFMDVv<MNJYUR_<<{u*vFI=7UrblJxiocp||9jDP}9zBCeRmtenHCN8lA)>^cN^qbH
zSFWFONe&#Zaae97$VtVI45+sFK&fhrGdOr0#ab4}5I)kzcYBPHwG|m-wquMzE8l6B
z&8L3+s&JgB^JAQ_X27SXndNRjCMW8id-mrsUN0`ib1wFzWs|IUm&e&dcQ(0}e92SZ
zoc|0SdSReK8Z9n|FV_6NSMtNuEp!DN?v9k*osM@$reS@fL2k7d%w)P>Ec@)t4KuKI
z8&0GGevjQw(89h{UFuEOHE{67wAdLZ<qT4;HNWk0I`_a2WUuKqErI>J?-{%`*f2Lx
z*ML#&R&*-DPE0jezML{y@Ah1y+srk#qkAC-MWf%dL%ViW4SRC)M{<D^IsciQ?_%!G
zKyG#<cl+tm3uUWw)mNuoe}!Rr^6Q)=Vzm}75i75qwpScU+g|aw<rN<)cOG`wS#I5D
zD046QvZuVveScZt9#aPNg&ucs=A)6j{o>{5SfxZTg&c8qz{$O<R*<S{HZSH1QdMMi
zxpTh)PGdX`A6L_~NZK)SpM9HUBa05*7w@%~oIYk(5W3ol(ujX{uw>t}$W5?p-;2RF
z6On+Q-vT>~AI$K~x3_PX?RlIi;juwX#O-%`ZQ^rTM6iVJzEUhknTsPVqaSaC`<->q
z%cZ~e*2G&W>**pVIdHpAAO8Uy^Q^!BlS=Wq&fd}U(kuhHn$e4>Rr=BzIn#E%f0nf<
zMo&5mwLXFs9d+;>wj+jny~DJqg57gQPhfDS?KwxSJZwMjWh3wM&q@35K;i@b8Y!;P
zGu~N|+y{<gnHT0ha1@UqVe$F{I3e!fK4Ql@?GcivSn^N6J?llM$GZ3F8IqFm`ZUil
z!}83gm{BerUH&_u(y?N%vkpidYe=G-YU2C{&qoxl0gg?z1~_IeT6hGWF$jFy%p$lQ
z`Br7%+s5(R+t_cM|Ck3|?(KU9KWG*XAHlSA8ZO?j^vo~oALiqY&Z?rllg}^&{CWH5
zBZn6u<w0ls8}A6dx#jKN>Ye}%NuP%uZ~NP5-GTfwveeT48j8+yn`pWnZZut|az?wn
z)ffrtN)nIAJTS7b%(>cf3bD)oftn^PYnnR69U40WPEMRe1H}JF{C5mI>D-$^gU#P^
zg{6F~%7HcVc$+NJp-Ue6zokdwN)SH)0iTsMV*{Rh#nw^l_B=0{=&`c4AJg}2IXKK8
z@dr-${b&5Xi~c*|#_Wan>ce_{#FGr)U-h7Wz59Y0A0{z6RN-<j6!39^)^3ds_RUad
zXvk(bG#pJkGc(-!TwN)h?=;7RD>LQF0O>pW5!XE29Tvr6v!WDiyt}LFd#lR^UdrOf
z3+`SWxO?-uqaSo(nY_{KNx17u9;#UC%|A?c)$^ri%e<@W8b3Ru*NrEj@Pv|Bz3LH?
z+N}94mva#@ur+@zy3p;d7_0DZ#wljPNnG6Dg1+UgIF4mVj2mCME!c>0qp@Ko?`WbG
zH&VT`DgW%%zVptRW@4!3fC3-KTCuMM3qI>T6Yj;;Ftd0Sgx7Ng^?+;eGViR_L#~I)
zeap8`G(XoF^*x3~s7BXgdpzX}UCw>6n$@>WyWrW0+48q4>)c)6@;z8(kFY2Vb%E1;
z;+DWnS7hXhw+73YD}15u=Q^8wT_Zo~%sv+{ExSA78QI^D2{+a!{wV<Ny6yDbcaOi8
z8XZUH(rXTQ(yQV-AIXozqx-zG^3Qc08kK%1F=U@L+@etE|M3R@&l2JcraN2kEb%q#
zL#kX(d&Wvy&iZi2^h?!dURUGc_XLzIEg4QfH!+{<EBBP%8NYMh@rGT;PYg{om~~6f
zWS|PwI5V)nx%?w8Z>e|IaO^qXd^T#%X}-caP4OXh7+%}mlQG;sP5R?6O;6(Jt(efb
zyy?ILxP@x2EpP!JxHbI(RxNBtAgv+c_RSw&uvj+hsxVfj{VqHpHn-7^X&ofZb7ZvA
zX_M`4Uv0sm<AH>G?);@Ciz^nGW83}r&pcEi2M4QmVv@)bMe$niW*q`0Y;WVP5<CN@
z-BnYyJ++pAdu(_v(<xKT4Na-m#P6IH><H?T?1b^c!pzFE@<H#T5k52TEDNP8gB|BQ
z!I_iynex2FDo@k~e)Mg0j?*>kszyeG-%L4WQ5W`BC#vH2xxF4=sNY-N9$sRxuOHPn
z=<&<s2X#}<>k8CPk2}zouOE0L&n>Ecg1C!5eD5MDy3?NS>Qbyud3)S*@6z>RuFHa9
zE4n<leHynE=Qi5$7nt}#f8ESO^-|Fd6}Ta4wQDoKG=BM3<ChECdqvUo(q3B`{gj;$
zIE%pkF1e&H^bvJ<^5jC9GkrrYBe#pswdUc6W=o1t^IY4`e;0;RxTpDiyt)<{uaaXL
zDvq|fMo%pEw&QVCGk<_9|0Aqin;9s!#`F_QX1j2|7tbb{g0%K~@m$n<-X6cO)SG|M
z>NG#i;VM+dHw5c(d&X+zg?mQF)FWAsdfprzOE`JMw|1PCRLFdJV589BxU;XqT1MTT
z#d%qVxYDXX7iy>|>O$A96<_sSXJso=_e9ORRe_<9UBRfer>pX77$_o)mCjRA?6Db)
zmCoW0=39ZBDLz!3^MGE>BIj|m!2Y^y+~u`ay%w4$)-QNQou`PwKL~yd-)Pb$9pC~k
zz!TNZRPJt%=gj_lY{|^#Y-xN(@P!^c&yxtq_3Z`Ecw_K|-Ut>A0{O)ds1M+}Bv6Sf
z@ajasxh~^*>|D#4^BLGT;FS3cjGkOjEw{?NXf9L7;-4|qDt5to=vCZyKVAA@%D%?M
z9Ok$)gK2gx`7WKkq=CzY;jXbc54!o`ovN;}#DjkJl%<$%$TM`9E1tPEKYTt^iqUg%
z*^LIzAIyDseCx!UsrFR<X+6w=@ktwWY0Td-isHFY=}DX|FP-uKd_=~||Chb@kFTma
z^M6lBgy=~rrbnfg+K5q8MT``YT56*rMn#HBl`6`wL_q_j5EU)85h+qdOO-0MjDt!o
zwR|mYsbw7Mq!umLqQfX(hdNA~ufteI`F0qGu};T2_w!!+d2*f{PORU1?|kq5<E|I$
zJn!|a&wlpWYp=ccI(zREROYIBw2zU^ZLV~M*Le#yFHBEdbcE<4psyp0SNf{VZ*z1H
z@PPY~;Troq?`m?7;OIXNIQ)kLh7PsE{qXtv>pnaCtv|WpXNR9P!0wvsF`2%z>#0P~
zO~d79E&Z6bu;1zzMpqpE$UzM?$BnoGk*-|>hi<d!yxw~sedysc4{A92@QbUEoHy%l
z(pz2qdTvMd*B_AAFc_y>A#Bn({=Wdq**WzRol{jxhbK=tvO4uwf|A2i=S|)%Ijp97
zPIY7JZB3K!o%Xr9+rKfm=Gf04dS1nsD(6&RS$$#kr>nE>)(%o+fBnRkJ)-8|yAE!=
z{kEo??(Mv>?*985YL2+;;EA{2*4f!H?WTL%+dJ-G_0jw9KeFcdn-2Zb!T0z(EYGI>
za7p^Ac3{kguO7PW*2S*%74{m(y03o`<M{dhe;iO#bzXWGQIl``W!gQLo%_+_uN*LK
zT;1q1doG_ZznGhRrcQ-DKMK-=sTv(jC((*7oj*S~`l6oGf6XU8S+i?I^F{0$yEoU<
z*pgpwWcRTLWI=lFV~26`N6j1f?$C40g}X}q$E5EK>BnC@2|HTfD6(I3=v>8jhf{mL
zJ20E-xu2wy)tiU^S<mf$jp_a);&rTNtJD46@LP?a9_+`rZhai9Q>ZRO_7y`1*Ngl?
zr=D+ia_qfwpw4SY`_ZNEi){@bSU#g+;PM~#*WluQMH*WI599OP@V@j<d+KU5Oqq=J
zXDs!3zpiwcYOIBMnELY+9fxPmK2%Su(+}bJE>`??O#kdoUFmnR|1JHQUO5i^sTbD&
zztEp0L$>#PN%LBLxBcTm`n{2kBW{&-_4;o6>?brv^;<OcvW95S9k~9D4A7;+bKHSD
zxp?1G<8(&vzdiQH__xQ#oshe-pT^WFeqGa;dez6r=no$MBYnqOv~AnRKd4zrPe<<U
zc`DIdF}lh$dnZ?X{Gj-o0@oin0ym%3Q&&@d4ti<H_0+Br2Ylz^8eunPdX9B`$M=2w
zXMeNp^GE-E|Eza4RKqVl$JO^b1N3z7xVqfA_uTS))w2ipT#<Vo^Xv7S(?54%KYd{u
zdaT_MUOl4p4TL@YE}ihsws(&%ehuj8&o!g>WB!^Wbf1X(13lN=(sOf37vz?o)o_;o
z4}@0?)wjp=u0rvhokweXKhry0?{*&aY_0z0S+5^4KXJ`Hqn7WO*t%lk)oZ$sJM@I(
z8y^06)#}QL=d75hR~hPgmEnZ?hI>9<Iq}#P6E9xVeXPIH^MQS(zj~h4|I+?{(AR;U
z$9d`hSmAoOQ+c;C)4h7-vC1vVoysJ>3qGMtagZ|C(lsiqSKh9?UwN>uRb!N=DU(=c
zo3g6X{|!T*E>YbI<;}`_l==Ulo0QwQ04uS~CS{fxY<89E)++B*uF;LDCgl!g{!euh
z?XOlWmf`<Y;Qx)`{}bP>T&I9jlvgS5P#&c7DM^_AuN{`rAM8v2=f-%|O;%o|yi<9w
zz6eiNUd0z;CDz0LvCJ}c%D8vxW4CgHD%+GdDDPJu%>x%DVQ!!;(<uI+@*>qOQ{JmQ
zQ60Had9ZHAE#iip5^Z}?nf08dOn-N)Zm)8?I&r`9LfylAN4b-YRbrW!lv#%KpGq0M
zzt0nIt;!uEDR!vr2}_$__;h8(0JBy2k1qNvD6?%?`W)N;|Be3)N9)$B;wjm1u>Y$h
z>o+PGM<mxV4oRaklg2$b-a2oV`RR9($My1><SqKyev-!<lNEcG^Yyv)cy8%OQmOU!
zmim2t-X7mR*ZF$9>^k>1WUK3GpX<Cmu3v3B*YB|MNV9cj8%z8iXNvj9oAo$e@9Xh$
zsrBu5zpvM=uh;9{miCAHiRZ@$K4;=N(<W!)ILBq_NB6VOop%RjEV+MH@W=SE4bi_Q
z=%a@H?lI$f#{_@W$96`Jn#ha;kKY%^e&|aR+Znej_Ger+wk`VOvQg6z+Syn8qd&%3
z9hQx8b_9PM4|T!c7&vO;x~2rp_`q>pQ6JkD{e5xl|EP)Wi5%M;^^yD9FHxgSdC&j)
zmwJ-_7r%@FUG{pe$LX4)GM6iu@#{P;@FX$UGBlr8<}wP;P$n@xJo&mlBu77GEUBF4
zQu)zfNoe3tC=>sy%8Y&dcPO)8@bmu)IzJZpN%6;((fot5FS}c;sYCL=F3UQJxmVf!
zZwCMV;OGAYB%z1BAGnZveBe-(Suc+-Na#IzpPVQM>voIgBrCJ*WM$?e@HNV$a&Z_x
z#KHRZvR_E(;UkoZ)2>`FUJ`g!;PqlX1WWp-WQk3jE@khZXT>D^uy60*;#4Zv&QbCc
z3tOj5d)U94S|y$)TW8!UODY%VIQfa=7EOclhn0zWrZNdXtSM>okCi>lm_G3~Un?e|
zhrO?E#i@iJ?ypSz+m$Pn@h?+$|J`B|e%OzT`*AAa_vB*$9otg6tdHjhRmZW<dY@1x
z5eIh7vw>e0*D0faOPPco=Geo3uo~~}KSaPe1ph$s@y7aLYDz2%`!;?`Ocj3qB)I#}
z68AGd-%H$oK4SC3Xjm85ULV_61Pxk}_s<Ptmcf!(FYM=p@8VR#4|7f<{xizHe_s~+
zc-|u(sEp<<W$#1ohdJ}e-}yMPFUv~~d=FvSOM~WWu^&@62mSJ(e=O*q4E$Ws?+W@q
z1b>Y>z}I_%*xSSRIQL&J_U)P__VzCf{-wcxpV-I4cg3XChhjgcJs$k9Z{yQqU)OfA
zud6%ozMy$G_y_7>bp26ck2xav&kFuaga7K_zd88t2>d|c$AbPTv7Z}%D^~ZW?cF2x
zvHCl)nwtFkg8!}He>?c!6_e;U*!!(g2b9OJ68ktji~~&xy(b^%T*Fv5mV^fOasE6`
zCH%1OyKeEN%0rb$X{Dbuo+tJ;v<vi_Mbg|Q_Vzp|_BcNfd;h#5_I>nvV8*2T4+;D9
z$iR$G*PJf)anc<8lLMEIRbO^l(5w>sI9VV3+@Em$wxD4g`Z4mRxX!k{R{O~P^<qDE
z7;hfuVzIA_@#gx4L4RNHuM7TX#SOMD#*)WmY&Z|p7;ru+@NlvB)tKNPA9zaOw!n)5
zFBf~92ZH~xz)y;O8(#?iUkCr2!QW2<+x3Twz5T}p9u-(Gee~!r7yB5SBPKD1VTwbQ
z=LbLR>sl)IZCNSy@%huBhyD2dxmZIq#orSA&xth*lAr&x+x0JsNwf#1NPGTP;Bj_}
z{doB&1WM>V`SCkZ4%UJ7{+T8wp`WHaPMP?RDwFWTjmr4BP7wqDPUU)K{O>4x%o;V!
z$K+9gdC=^BuEoxi0&|^m|H8m`h&}!TV&<c)_ZcyX_Q2k6zZ6r2e_QasDE9X62!75d
zB=j&E;&Z+8Ilvo1qpFm=Z_ieVWw6MIGgjI6*Lh+Re%SpJa4O-4b!#rIm$@Gazb9W8
zV~=%VN#!)7<VS-gmD7A(el%DT8rbJ2|4r=M^0?T?HuGoqGX{=R9;*DVGKn~_ZzC@w
z>GYEP%wdicqpuT>G-eF&|2O03x<I>#^98Z*>(yd!+a|G(J@%2$KhynVi^H6R7{n|P
zP>C{ptStUd20!d=m=ydle~5di@>hc&_HDd7_+j6V-xMEX%W^I7Yu~>GJ$!>{u2V;8
zb5c9Gm+jlNgbp-6?8o~z#Qa~=LzTA&4eaCgH)4<3E%vs(5&V0D|M$VqT*CFt8A$XY
ze6TF*<z6}oKkVaSMDW9hs~&x`xXE~#*xUA1v45{wBlf=iwwOeG_!wE@Yz=<c+xe2%
zW9|t4-vobm@V^oKdxQV?!T+|H^|M|YR&QJ{_I+_G4OT)2A1jNV>kA1#?B}Ry!4JFt
zYH>f)&kFvz!QU>{u1WD1h<$rIg8#<gUnutYw}?G{r})Db=bK^@?eyg59QF&#U`gdP
zpOYUAmV^c->`>*)m3_Ta#3z`4sjOdrzbPiMEbP~U@8MJ`x87#?iHjwnf&CiIx=8rp
zGn8o$b64MY#P>er-h#LJ2V!sYkHqvj<tLQ=di1Q=+sXOR{d>edf8)G&vdXNN@2bA-
zylC(1ohI;o#C6cuJ1h9-B35EsU~lIFF;)0G1b(b>-6Y}n<oomrIamjlga-C)nIrc8
zxkc>Tb+_2}*F$1I&ukDMt;{z5jq)gC-qfHO#OKWx-$uU6`!)^=e!kn%&*(pFOw1wT
zlVsuZ#3VGZ$K=-_RN<c({CpQC;fK9{+JZj`^x^&Uey+1z%h?7jDYZw|k4^5~`g!Rx
z1WIT;`MUm}ilaw}sXcC47w2ieZXPT4_B4up{BV6^JLucflu6~<i5?x6ga&R<W?A-+
z?~6}}>0UHk=XDBAn$fbPa`A~ld@KnK%r;<8R3?>M_E`B@7E3|{$L)1LmgN0UY?j56
ze7%Q=@eRYNRBpX`$t*34_3f<_`?1gYhVv$II3N0P)G8(s6ZU?)PV8~o#C{BZNlYr&
zhGXQX{ch2)?LH10#Ec2rz<G%DUm1t<1?_Rmx;m9#P^JwNw1IvM@_xW!=D&#zS3(ba
zpL|(NRf-e*OU0}Q|FYn}8?h38*!%F$gFgxM;bVa7AhEC{mW5AIrp@Oo`+l4*_Wk$;
zF$q2F=f)*CmGHxUUcC>e5`ItKhOf&(8?YoauwO6!Qp_gc->mHY^R$?RA9nv%oJ#m%
z_p={Z5B}}SK2BZ|d;A?@-$$>DN$5R!o3E0CSXdGo*q7}P`|%scFzkKuHL<UEh1kdH
z{lULV?CpP0?CoC@{Er6zy5Q&g3yHSDzTPe|soZwmC_n4KdfOI?y$!cmJ<E0m|I*-J
z7W{VyKilYW7!STJ@3oEI<{wH=D%a))`H6)kp@Dr}!*MF%htUpIZdCq&@uy`;XgvA8
zzEBR9!IIFx9{&<C_4qm0`M8=a_IbiJV(-scV&ATt#iVlUJxPAzVoBvR%jHLd^|AM`
zc#!f?W%|wAxk>Ej_NT>uT>nZ;B0lW;--x}<-NFBwn1mi?{j6(`GV=%c9c5CvHltw~
zEUBF4H2KkBNoZhiTijppKxNi@fikIFOtzPpSW-F72joYCC82>2QYJq8jZ|(~t}!f&
z_3Q8HVp2K%6Y`^Xi-vu~HH>xry)p?u%-jM$^TsocFA^Vb%)KKLdKinoQ_OlOFBUUC
zDSt)GwxPL4?Av(1n1mkoZFxBOVb_00%yC7W{~k0j;~W2HwL<+%F)tGQ#QfE242!U?
zgT;RA)CjIL&1{@XXkZ@$^TfVvd+^^N_H}W8*!8yre`oM74gO`pe|PY&2!8G}lV}g@
z@mB{w?EUjl@WXzb{v`NQKz;Z*XR(-Vz>-)O?EB&_G4t1<%1<kE48T0^?x&2tLY?Es
z+F^8*5`NgPP28(=eVy31<+$K)2>#*0&%I68^Nhpej1K-Y#3a@W`+1M=DJ1-!eA}Ot
zgIHJ+8hEtwP~|t3eO>#-pEdv4ib+`XrO!HDKVAZF^TlHKb1%;Qmy6jo#Np32!mM|i
z_$cFB#Ag_97L(A!SoB-O9_JUvtgrOhqFiYi?&<lmyT$H@iNmtL6?-54d(gnXY=wkq
zDOU=7+5Tc*miJ9bXkcHqPE1(JM~i*gdU3scLzQ`EL_!1mvJ-<J_Vd+kVvor?tUk}V
zQ>=e!`MU(nJBKPiDjsb7RN$AzeqDP_?A!8o@N+(K&EUWd;t>|}a<T76&JP}k=as(R
zhs6!1e=hi66+dMD+p5BLiGBRsAy$*pcJbWD{r8AT^cU>@RlyIt|3R_GSrhz^2LHO?
ze?0g%1pgCa66=M18+pb=!tcqC!5idY-B=PD*so3B68k<~E%x)tx5Xs%@JE%0DnG3}
z&Y1flu8;5Gz-&9~<?VM8abQ1}azEry`G|Rv7#SMQOUIa>Ya$6h?EQI}m@52}ga0Zq
z>%>1T`2X+TkMeeMoh1?9llSuyIaoKgMw#teq3ru;o!H0oCb7?Ro)z=m8~r~jlZX%d
z_P!xz)%f=Y|C?eGe%SSI<5a>AyZ>FW_YVQx-#=^@?Asgnofb{Wx0m@bv9Ki81^c=5
zUa_}%rTBhjw(&$c-9Jp=Z5Sc;wv7z_(}RCZ@Shd@rPm0pCbj4MppVxn*tc=I*!39|
zuic-LgEnDxx=1nEzB85CmM<%Nn{O5S{B51s$G}E0^HlV|RQ5P8h`(a~OVkFMK_8Z0
zzdZgF3B0dnh~3{3{MQCQ_Xb@*Klr)7>i(O>B-RUipWGSzNuUqk?~GyAjU}-x?B7R@
z#HobelP^o(u`HH^2KMXA7jP=!hrK<E#eTf35VO9a%4-5|2;3ETd*JTC`@|noCJxW|
z*ksmQCGd6Ciha8{U(t3nM+FUI*xSSSbY_0?acPNvy_m$Zu=oEL#Z=*66#R>ED&dC@
zk|oaV!4G@?tO|a~Qu02(N+sHjB@q)IsZ7j!lu7tuzt{S>xK<fWm$LWOOMzb#7nITb
zLD}cSgVY{B?=k1}e)!*gKKJ%4d5`|NRqdvKuzt)kCqGJ=?fRZFi_<^rmAy}%68pa9
zSoSfqOYG+X#ubTWVc+k(A4tLvyZ?h?s_@f??&p~T2|w)n{rKQd0)6;?XTPvrSQ5*6
za?M3@purLf&Be<2*!D@vb;cdCeqH8V?)p_?Z|8$zmL<*_W%oZScK^EIXN<XjL-0Q#
zCJ_hrIGb@Q;fLM-wAkZp3I6BAe!hL)c&O}lWxt=py%7>IJ$e5$%0XN#2@UM$gwt^<
zm0R{R^0O?~`>ILoZ5}7~HaCksCjCz;7xN?XvkaD0P80X3&(9}k@}!4PR355)o3gio
zYY}~gf0?rP5Br)_Ze8zZjNPDRSqGLx9N5qK-^HnfAO4s!ZP=>p$J#4mzrXQYvG?a5
zvG?ci#J;cp#h5tzmHqs~pQ9zQF4&hnM(i=`gZ~6EZAV`^SCK3EnYVZxzAw8U_Vf0q
zgC9OrBHA_~_|t;=@Ui#*_nYp8g#LNI{dSA`kbQ<FvF~8|o4iJOknsjt#xQ=)8$RA%
z7W<g_Pch9P4&eKmc{1z4&-Wnr4-Ed&bGYjV2R(BM_typgabgnjVIMQ61%DFg!^h0~
zIUe7SW`bhUCM=0Iz|4b(Dt}ek+w*|f+rL_Tj53<PQl_aa+okON^Q_qQTgBez9OESP
zo_xFT`7+c|CRZu5F0R|8a?5fKWLYe!oaQk3(O~_YIYdk<r^i>WJ@xX_o?*&9uA0QY
zjTehaEDs;4Oq@1l5`Ngv8(+YwRIUy9y?_2odH8~x=5$P-ksH3CV}535In8fvn?Ag4
zc1P>{>21TO-Z*n=>&%%`XI?-5hSsT9&u?wb4eup*zx8w4r?yX@KYh-7E#5Y7ddpO;
z_)m(;2f3zo?$qnbS1oAm$Tp#T_3SzA^X7L<oj?7?sqOP;-!Q$SbSvqC_WAR!ZJpUM
zTm8^7qit&YyxDU*O2U=Mrnj{8DVsCBy<}nQ$+@j+1hJ>i`V)fk)h(^ow!W61bA8*K
zc`Z|07nWZ>t1e%+VAk~ctu0d*w9cHb4yC^r+%$J)dF`C(*R@V<zkbGnD@x;OR_n~`
zQfFV+dJ~b#2kF_E^3^lvwck{>hkaBs>dNdVtDe1J>J8J|W^2r~^wAmD__%p*$=vC4
zN=J;XA_geG4MoL***9~D&6}f@{VA<loJrr$s*8c&k6Qha8u7oPO^5b^Ki%jo^1Qyb
z?||`DK4NcKUjw<9s(hgAIMXng-Z6Fd+^c8Lo!xO$i82h<>t`@l=gn_vonIodo$W*Z
zJ!*;2SA)~y5|m$@#`U=<mE{-f`;@(4_BC^-&YHepR-aLO6y-zT&^mwi)i=F&h@dGS
z#7@20p6Ih@TNkDi^!rmS{N$)llwX;JLD1($Yc#yaDPv|jZ}q*CvJ1(3ub`-T&sO#|
zOuR3$3)R$lbKCkDF)qA*M%(O}T-@Gsb#~$FTjzVq*85%~`9Nv;RnK2AwPW5?4YNM0
zxg@`rM9We?zmIcIxUl!tohG?{E~CA*j}vb(PWhJ749>FUYdOWIb6!X5LLH_p(>tc;
zhR;}_Hscs>XOH=<nx$BP<nMFt6_+|-V%DoN%(~{WTBdua3?CWSVr$Rhl+M6<1xr&v
z6lE5VbFa8i>BKA66+5+L)|EshbE(oPS2<1Te5*%OoNUGQA2`!0TU%ypd!{8lbF8>z
z=>+S*x-ubqU9C!|R=pw|Ft19r;X0)Ql!LQ4sfvsDG`&n44wz2G1!tDbrD9!~iBzmE
zPH~D8t<w51+bFHdhGx&4p?r05j`Jsk<z`NQD&+fU+yQf@@-cmK)oa4^-qPZ1De4Xw
zFJ<;;Z%xk$u+K1MLcGTeDTN8c?!f6$Tv5r~=zywTmy>d}Wg6FeN)#6g^P%YGY;<+o
z^lSWT5$nQ4DZ05TluU8TR+njBnEMoG8*$+vD6_bo9!uvuF@Rs;)7Qn~<f)7#%!&G_
zE#JhF*-%`zbSf0<tnIz$L463yY`Se%*%9m8eBksa#&=ce+^3wzA{8e{QRI7}+^pxl
zb!E1zbiNY<sP2HtPOLAT>BPElB`w=$R$ns5DIcLsv$L5^l>2;V>dfhF{{6pPeVJfA
zlc97QX?`{>;WVOyljE}J(20**4eh6nIA#7RWote$dSo9pBTgMvrbctzIjti;@yQ#?
zhZ`}XuW+Y)azvSMH13p9jeXUO7~NORDJj~_d2{Bpat~=?N9)`L(}(LD=sfE%%?fn~
zu2|5$r*`fKzE`U3`D-YdsxtSrUh>MGH~78&-je!nl$7r)Df3jYm@0ez>O$tL%yFl<
zm@0ETIV`5ibeBGsA1)R|mASPg<wr}(>q^Rxm6X?)lpilC^JJiyD%0E7vAnTZ5LKq9
zltou%diyt)pDY%Vo~M_^RGE9KSP)gFJLW}~{=4;JA=UG=qL?bvUkHljt;K?<GRKq9
zVyaAkkusKFC>BJO=?Q7kRhj-0V=V6|7LuMPCdE{l+gU7#Dsz5!KXX^+c9qosx}@A)
zQhv3hyt}0QT1k0NN%{4X^4^m2?@G%1O3H7Rl=qjE-zq7;T~hu-N%@_U^1CJF^ys9=
zSDEW)Pkl01WqM1cr&|5X)2L#qOi!d@`H+(Onvyb4t%|8Ky?qeNya`iGmAOJm+22se
zG?h7?a1~Q!?#PnzM@q^cEh&Gjq<nNqd1y(QC%DB_nf`ifEFW7^?@!k<O=ZsCr0_Ct
ztrSyb?&BrpUPbjkPo9gZGCjeGWq<mV`6|;}ld(QuEQl(5ezo9wp2inbWqSG+%e<Xa
zOqJ<LRxI-dS}|4j{7NkIRrb75;AP(SET+ozR6drEE*3<U>8W4QRhix{jpgHug{0@{
zYB5#z{4z50RrdT+#>*!c#iGjetG1%6GQCX@%cm9#Nq<^N`I9AOo@^FVWqJ!gmU)Y#
zm@0E;77L=v^p`V=uFBjw#X_n-x1@YtN%?}3@`WYk&z6)gDk)!5QvO^?`LdGo=S#|0
zl$80!Mln_9rWOmL%G~sl^30NQYf1T<lJe}5@^vNUIVI(JC1rmynz<`;3rgy*FDc(x
zQogCA{Kb;;mrBZCE-BwyQogOE{FRdO?ImTNpchkR?#^OCRGEGSR&-V7?kW~iJ#VHI
zla8N~GH<ICQ>EUjj*da9;(a4elzE=-iSprIkfqGCZBLZr5kxtTaLT+d;ED3(UXZ0c
zqof@75cRi|)GxDgbwAqrv5K!-`F`12%_ko&(SO&<{7tZ0%_pBOsgE-v*7r9h^>Ic)
z{r@bfk23)3|D&Xy_ee?nO`}@1E?(i#^Ugbozspmr`Ru7-2T^}UNx9j|9J#gnt497e
z{fL2nhSe8R{kj}~Q-L%}xi<G$ZmE^|I~lcllkt8lqha~)m6W%YlwU3>cU$?06#wzu
z?@H?Vy^1H|A8zHWeNW_$xAJAGtJQqj|CUWwelmBy)t{E?H|MUh^5|54D!0JOC#G^&
zj^Cz`8kK9cx9_*|uvFfX`>~ZdvTHS8-eF}G)As*eN%^-{=E_s6x6uaJB|a-Zmpj(V
z{3g3r^XYS}d|%SPkegv;kMF;IV<uXw`SoI}?@HwtbNpRB(hrqub31b1xALb``Q_X%
zt$b1{zmoeqE325=|4&wCW?8HG^*bf?2kST>W&Qu_+=s2qm8Uk>ooldiwm)CZjkI!Y
zs^6VE$I7Rt@@u(^tjurUYW0iJRx7JIwP!&|`HLlGese?OUHsbI>$#OB_20HKzip}2
zuO9x=%KQeSHut-n|K^1ljIVC1=Qj(rxqUhQ<_(GW`)l><h(Q|np3om*W!`nK)mwrm
zSouiR)#@)-Hd%R9s((8-(aO9_T&uU8r(2nsW37HA%ipUZW&QhZ?hY&eMn3gn#kZ`C
zhV_5f%2|K*tKjdckuFxQ)%^bNt^AQx?qBhHE8m~W)fI*Q0!zd@!OGeC52+YyW!^EY
z&DB(Vu2*?r#kE%EeX?53_rKU{`PzyVy~>4(?^yX2t*cgVA^(MyX#(s2nU!l&{osn{
ztvn!=kF0pr%0p85BNcC2nJalMXGc9WnAz4keSU7v^tQHnGjr)KtDNc9tsazg%tkW5
zRWJVd-KnWFX3y<$&Y#{gdtr()r#*MsXUC7b<dX4IFTCVjT<IpS9$#HN;oPa`w$9c2
zN*%3dX(iWDsaITb<L1qu*?M{F{CT;a`%Ct;tN2(-QWcV*><d1s=dlPO7kojRLFBm|
z*UX#KI{zlMyXE?st;u<P8%9r{lJfc)n3mZ$OdU}gy7-WaJ7F!euhC=une(pKeIOdi
zlPWFA!<H0j_S_rT5^HvRVl}6A4h=7@aYxT{9zCKmP4T&uqKB<enCsJ8gOB@qQ|Hc`
zuiZBL=II@?=cQd@?*{cWymw?89(Q8)L{v^appAZCs;7zW2+yCa$;F3G=IHgL$$Y&Z
zF9m0MY!k{o50Vb>^?G`AKyB|wMtX$WruUU(=FXh1TYwsv2P{#H*H;_D^P&TmE_q1Q
zXFX4bGz>xudOz{u37{?9yFxdK%lX||_Mwk0(DNL}55{vQOgiUcU(#P;;bDSy{M8(Q
zH*)~SrFnb8%Kii=6upW=G<#NKmFd)B-0P`~R+J7Poj7y{S*7_4W~Jk=>=L<4I_Ax9
zJ?HGRr;fek%&C{?-2;mmp2pDp1HHMituyDflv~sv67)QWv4#C9M30}nrIShT>hx^p
zKv!r)&r=vv6(7Br!y4evTMqP=tkSkGd#i@`7<;eY-vvqUmXuT#pQw~ngvTho*YDBn
z5uYm0nK^S}igQ8hO<AXU1H31Tk6XN^`0T`@_kLhv&f-&&-fiH~N^z%_J`XuSn;qT7
zBRf3-39CrQcY5|w;`G+~Qx07RNfi%emg$RgbzrWq?&rGeEX-AeIc&wlc(Qk-ol~4g
zGJlG*Hsch>{LCLJj0eNt&NN)ND;~|b4*pKY^{}<MAu#i9kJA`fn5(e4OxnhEc(Qk#
zE9^^KYMZT#x(b^sB)xIk7UQHhPTOLfwng((PZf`4l;YTSr8u@NDbDvYO^UPLmsA`6
zTUgfGpO&@uQ|n){Q+#`*kTh$vW#e|G_|}Hh&POxN0e$}c%wH$t{a+8;vJJ5H|FFQR
z&&@wF_=Pzi52>9tPEtGL*f37*wDun`HcXSo#t(>`%hf4Y7^ij`r*`t?Mk%%PM;WJf
zZp=8f)BJqTtN3x|9|PMyYJ#80{9^+*!=@h}cp_}eP73<Tu&s9rZ0nr{TbvfymYoIL
zdfS4gJ!m?DW?|4Q3YyNKSpr+1EQ75L%Y%PK@UMieZL8p)=tF6>vTw^8*y5~(E&jUT
zUk}^1Y=A8$-QoUC!M{29yMliUY<;*Dw)Jj<E&leP-vQg0+!=TmY-6cAu<*ZTtXkXZ
zh;RG19{vk`C^aa%e^}tgz$0PXmeGO7z_u+-fycshwo<dQA0y)fPYgT>wtY7lw!WPL
zTc1x0{+8gM75r_%-yZxOu*F{({ELFVGx(PT|FYm;9{ekUe<f`Fyb884wmR?{*!q7h
zZ2EOUvp#6(KG)C%&YOaMbKox6;%|X1{??$`7Bt&~W(Uklly)k6|L=m$-yQtBgMUx(
z?}e?O_XYp{pnp5~-wA%60{VKZV2i`=&D_tEJl`&UZ|42X6FT?vG|v6}j@|ur!Cw#C
zcJcJf<8vq3^^HM4GVo~F&PDtN-j9o>z++)MF1VNJtj*0;{3V|@SF!6|waOL7HGv1g
zcFigT9t_9pk#QY<2A5L3vTGUw4}<OaYJ?d?N+XrM&qu>HHy8t3Uo{2)*x+x5E#~;(
zpBVg;VB5yY@I(4gnxgDH4YqA*2`udChbq`!AxQnUmfGxhalS0&il6eCC6Aw$we_ZD
zjZ>f7dRfBzJn5g#VkEt3lHTTTX&;$C?W3P(`m~QM{t#lCrVh5Y)x)M~2>!H>Y@DQh
zWb=x&kBrkkGEVzwivlP$DOVVe4crXdy3#({Acs=gN5*L%8K-@;Dbu8VWY>#na#cK&
z`CDMq&w{NzZGqbZcLe=H*y1k={!ZB9ED5|U@N(FeT>(F-52cmL6<v`24^L(1)v)zH
zbrnD3GfTcNs#J7;HT;XLz6Q4OHYoTD@YYN-81BlL&tBtaK;};|*Jhkz+89VNZF^Hp
z;}p}5mm$QoHrK&j`cSG@_I=tAcv#>@xKbZVBb9sggPmK_wp)8rJB?F2t^NO(+WDQd
z+N_<%sh!5Doz}M0&aO<K+G#vmu3l|6KT01bsr}Y(sr|-DW9v#9<D@Z88vDM}7pG;P
zr#4Hyz8`IKui6v8H}$2D-=|*8mQDTqQpTyD*Yy$eZ~hnkG+ZfduW?$Jaaxyg8hgfR
z>>0CsukDKM-$|{Vdt;m9xEhdYQXA|TOl|m3=1*;~F_79|8fq)7Z)r-!uQL4se$%A*
z+_1Og^V_tnox7;&^LXEtEtuNYl`)^azQ6xE^QU#uSWA6=7q)&#G2`{Z`Xp^H!IV;;
zTg-I4cPDqQPR5VldN}qE4_qwyIVx@MTK7u-YG6D6CyjC17UR^;?x456O?umwq>tNW
z?MeI5wlVI<v|Xl2+hyBcr`1&aHd|Lc9KYl5$^66c+qxQI+m?~RKN`06j)AQ|n_%mo
zv9Qf&nqk}C@qs4>o&<O6Lus<IUr(pNoAKsy)0Exc5_neNHrT!kv<H6&Z0%VHTYDD4
z|D+G4PG#TMOW=Rhhte`-_b-QS*%ff5K9p7}yJl5j>byUz0@G!#uYuR<Lurt5#cK)E
zv%ZQqG9HZI);lC{9c=r$KCrO&aTL!X+o<h*4oT}RWPVJ=x{T9$Z9Js)8rPwT>$UOF
zfZxX3F!($AP-;|m9tqnx91Ytz90Tvshf<TW_uJUO&4I@Uo(NkXPJ-=vIyvwZc(Xo~
zrYZM1mh4*AhQ_!Zwz)w^@GlI!C~znIGkqv6QFdMiKaDs0Tg-jVscfvSlFs{WHQc2S
zr8UaVY_^Y$b%ECh-Vk_W;7zdYN4mzjEAW=UTLW){EA^qYUD=nV?E9`NaCOksz;TXe
zT)=Oy%MOP3>O*OWvTtKu;Ck5F-w=3M;Ksnh-q$!fPbsy{#$jrk@gUXteot+)V=%R?
z%<)L9Uf1qzcr3mhJ1KtL_FrV06rT=OO7Z_C<FxIjuanE?$!Xh7pSIofaodT|>v|g7
zW9v=rF;3gNj-|494SYYQ_E;NIdu+XR(pA`cQ+rI4+GCp39@8AKFWzKLS@LyNspwn{
z+x|`MwEdOZY5vr2#;KilA0xHXxQ;k>Or>^iltU@C)9%}(cG|TgwbOW{bbd`44O^Ts
z!QTX1oU!nC^r6(O>^vT}F*7mnB-q+NIk2#&AKtT1;#k_nQnv46pBSe;8IWn}Wc)gw
z`ox|Qq&~6sr#>-GeX>7WHucHz8K*uuEaTKCl^Hk5`1Yngu{NYWF-F;IF1Hqs9WVBb
zBklKiJQ^3I^J6pZ_cF(09UAkeZ8VlUSMe5~S?V?K{rAjQEmL8f+F(p=#oL+YJ=x+{
zp?^2ir<fHPr<k^lX*}C@rI>%rG>PrJk>VJqIM#<Lj`drLWB$}X#;Jd7|E4iuT&ETI
z93%Em1AgnPVX(zXW58JM_cuP@PupzUQ`?N|h;Q?s|FX8(wI=o3FW4eGcD81m`px{Q
zZRW32wfD~fZL|J~{YJEk@KS6qj^AMqLTTeaepj`hV5D}g%QR{K#+U=LfmNmI3U1<B
z^6L>&{(ryE%Mu4>n+}IRrw=7KZ~OgYVl*envW;kn4ZG$f{L+k;9RW*IZS0y)nP!}9
z6D$p57Iw{f_!Vc8>;zaE+6cR*KmJSgp#<lpCtadkP{a5Y%hJHzfqxtLp9B9s@H>Hz
zH9k?c!FadqaQHHPD8c!M6Q=iIX~SL>)AmZEVq({vtuh)m;T+@rvggCn({FIz#!rj+
z=_@$DRv$`j%EY-tcCPVFvI}6vq2FMSLmm1*$ld}=!`OjcLo758$le1>!`O%Oc05vt
z<}q0|8x7+J&OfRTCF;;TDZ2rdrp`G39f8sl%C6ZAOH(fk`@Y^{e)=AE|8w{ie~0V~
zu$CQW?At;e8lG?LG)<!{>>Ao#n5++_w0||AD1KO(cOMzoY5dDcC^)}PA4+Ne%Fq6S
z^Y-26Ofkz6=VDmEzJtAg*!P72+5aW?m&RLVe;)WK<9gYnjk{!1JGCs^lE#vlV|jvd
z0Z@YTY6IyCW!BX$I}4VEZGl}w9hxPwi(qN0ja@?>npLtZOv84;uAvUidfBzG;tVo&
z4RvUqmHnY<7>97aQXfibzg%AAJOfIpUb&!#jglP>OH*a+<C8ix^zmm*!?wUa_R?`@
zn$&NK!?vV;vw2<GN777_KlPz;i^{B*?Sk`ckkT>Ag@d!dTR#$JA*C~v@w00_3!6X1
z)CcXq#x(Th^+A)4Q!R^sNzmLGn065VR@uXhm&qP!e79_aF=O*n#$#pEShcpL?G>Y?
zt;D=m_9|HI)aEDl@t@joNG|uF{69h?W}p76@xTh5pOx{${0&ohye!Z1oIexz+`y^L
z(zBmA|Dxyj3zT8{_!MKF2d4c#MGhr6FCXbF<%0b5Gn{{1A4<*2-iGU7Y1l^C&#~!T
zs&$Q3tQ$<v_TFqv-`)mmS;i0S$M}8bXaB%HK3Sgi(pTyHDSkryJ^YHpu>gCVr_4WC
z7WOzSPn?%!Ux2mj5aYbvqo58A{r`$FztViw_$}EtU@co`?CX8k{PnW1ua{WFJYSYy
zY_cr-3eG<yP~w-E_=g$0f2jEz<%iwRFOAT%Pht0`{?BV1Y3Dtvx`K1Rj5o-BFYxZl
zqK5yw*Y*Dz_&)+OC|q-##iz|5H{K&{8gE)}&v+B>lYbPNEA^oS`}Ms^jGyrayI+^6
zw5}Uub^1u$DmxXHp0Nk}wTU{~#{VyTt!Wrzuxpl>pD_mexLuB4%YIjuF$#ZE_Fh=)
zVvNBahdMO;ANLQMhVcfw=0~P^Ms_o-I75u{KM*KUN1T^s)0mW|&e%27q1hwb4NFsR
z>>BFOye0cP(=f*1JQoTj>d<hGNn=%U*mr5H(paT*{*i`X4i8jjU5q_AzcEQt9dVA6
zkH3?PhJ6j^Ee>^PIB)TO0-Dj%!1*6%and<WnoH$N=QL@?s0!}6?y#(BCcx4(NdxDf
z$l|a(nyY26GR;_3!LFeW4ga6QwSniuirFkZ>}^Abe!1)t(~Oq}b`5oC9+SP-G!vzP
zz5U+|nukp@NgCMO#`45@Quc?YnJf+LeNG*k=VYHYjSm0B-sjYz*(JNfG}EMkz0K62
z`Gf2~n5IP<*xUS1LGz|*W=R8kn^~SX{D0_GoKMt;ZPLKLF6z*nAp0THv`Yi~x;`8<
zLrv2m4eaY;dE$(b9ch|{(!jnh>d;&+d$ws7Ndx=3&I_80P17k2?CWBA;>?nrW*W{D
zupdX%p;;)~ZklD%z`if2L$g%&7SnK!fjtg&Xzr7}+cYbrfjtg&Xr7jR!1%ke4;eo$
z%Q@XOPr}+4D-{R!{$Y7E+hw<!W|cH>{wD$@>d<t{?ljG6`C%W2)S=lYyT>$Zq=CK7
z)S-D-_AS$_l?L{0rw+|Poj?04)8=*3z#fM>G)KuEZkqMdz`nnzLo-5lXy6lI#oQo0
z?EQca{aLc7n`Walu*akh&84#A0#ASybCdM2$3%zzYT2tyvsoJ0V^W9aX4z{4&xaMW
zOM2L2qC<a&>|)bwkp}jCK^>Y0WbZM}R%u}GL+a2xCi}2ywn+nf+o(hHl<ebypMcf2
z?b5^Ewl4GUkRQ%JBv9IF{+-6|e*wSZ@05MfG`pmM^N+A(R)?mlO6M=rbjuIB=6;n6
zHJX<lr1N0lHqJ%nzgBfH|7ZQYz)u>pY**l41pe#5I|2{0b&Zfc+4!fbKg+mT_8j9a
z@>8Y_6J#$4e#-bK%cl9vRRUw5^R%d3kYC-9eOG!IMK1S6WtM$F_7>x>%H9S`Uv2Dt
zMIHKWYR}!KQ8BS=)|r2hEbMb3jv1EawUG3EQ~XmgrwP_oF!ngqp?^{9dfGIDWntG4
z3r)8y<AXRujC~wZho)Wo^S7p{lZE{p{y*`X<`1yq)XT#8zt9KC#shKqPJ^aFZrJ1S
zf1!CC=GAD1Ndvov_bt(kk{xcEMrmNz@V=$TN%I-S87U3y<G;z49W6iX{&BYKMA`FA
zGe#QN`;9u{UoJbzG)>aLu1Rwnt#_>aaGo8g#P+l7O6`{~8Q&$F<}=baOOxg^HW#H1
z{e!ai!P1PE2KIR-b!dJdyUsKdrGZ^T9h%eo>0B8&&07?6lJu}&3(~wr`d8$85xq1V
zBe0*xs3Yd<vagzEiZrmF52-`L+$7Cg6la<=Y2IS<QtHqgqPF!@W?dX}u*abe&5^RT
zrkN!T?Cqfr4Re#BrfHJ~_Bd(YA`Sg8!ZhvDz#fM>;xx-PnWjS;*!zb%G?Qf~nr5Li
zu*abe%`DkzrdcEn?Cqfr%|h9B({xG$dmQS}ER*dt%@S!~k3$`rRkABgvrHP;<4}iY
zz3f`kESCoMIMkupEW6P(E2M!v4s~d@$!;;tN@-v}Z%~J(TXuWkov`-rD(PXrexXDE
zrtIscSuG9h8tTy0>iY8^rdcBm?8iRO@Lh8VtaYuG2KKhGJeqphA*NX;4eaZp4$WDz
zCz@uxG_bGhl%P4?G#uuzuZ!i0bFu9Crr9VB>>BFOFds?t7UMK;QTsPZpXM$09WBjU
zq~ZVZ<o^I>8#hY>d;6&)=6$kXHcgi_u($s!L36ihwnzhe+gP4B>txrMW~(%?uZub~
z&&u+*7--KnX<%R1kAsFe4VvxJz`ib)C(iF=w*`I~mVSryu#eSW2hD4y*(nX|W0hFM
zd{_1@)9jK4_Bhm`8Ca#ct}^TDmIn4X)S)>__HfhemIn4X)S($JdmOAdd!&Iq4s~e8
z$c{A4UTI)Iw@`;>yzE%h?2`ueIMkt;B0I@6`=x=sJ=CFTlWj50+tR=uhdMNiWIIgr
zjx?~xp$^S**(IjodJcOW>d-tO%m4GrwpU35`*u-><}ulaO~a!-*yB)#=1JKfnx;k?
z*vAQVXkL(gD)6(g);mag*vBV2^uLyU*)#=dV2?>1nm1)%4g5N+n1iK<JtjKz{d67w
zgK36H1A9#B&>Sw?Kkz_UG3%s<JtjKz$H^XLntEwq-xt)O86`X1G|Y)$??dX)jFUaX
zG{dBUy=~N?xm@=Az!$@6Tch-_w+$WorLtEU&yj64o-fP%-Zi(tio;wC_Bbq$hWXEO
z(=acC{X6e{=I4Gm>~pgR&Ch%dcK=%Ziut(gI@64m2F^dC!K_3bnw_#gG)=QKuxs?S
zDp&YGcCUuToL>r@=1Zp8s^wkt*Ma{w@K9T}LH1bVXH?$^bE8xV&i`e??0&4`Pg8M>
zG8zr3#C|{gEd0_;ls(@x)yA%&&fAvm*(#1UKL@*J1{(PX$-@49r_KBYS=jwc@oT-@
z!%p92#NQBq4Zq?HHunCc4*fQ5FW-^S43ULh!xRvIoh+PRs}Ci<Hn1$`^YmRt{EYao
z@JnBB>~W|=zeDRv-$SLL&tcd60~+~<$-;iTyn$cKa^B+{iiUjx=Qry^>0M<soQpWG
zp&2P3?B}<E_@y~Y_HfgTmIls$PoTsxkA~xm<CZw=XV{PN5vDmy_H@%UNdtQv#y4^J
z&N1FJW2J#T&ZVZ|`v>=3Sy!_(uy6Y;(=3!t-%X?$FAeN*ZZ^#wvWsD97+<i*S#FvK
zWbZM}BxztDZ>!BeS$??Z_%;6&`PT;jdi>hPCuBF6W|}mx?^Ei~ydwLgX<DR#UDKp;
zVPMwgae>o)0P`P$f0{m&U?20fVwR<E8Q*BCjPp+klo(I=IR;@L!`z!-+4E!>EARwa
z#svBrV{hjG{L}TJ1m_v}N(U<!bda7Tn}<1Am0<6~f*3z-gWdm8^V2ri{m0<9n8%xj
z_Q2kryYU~Y`x!b%J{EXK;QuhLmnKL5OJ6P9X3TfZL;Gd^%VkFykCVM9_|tt?E&EOR
z?leD~=KSWLRhh;4E7@C(?~#4pxK<mV?o&w*?+O0>f$1dLiH5)R<$SVnPTTSo<2ABr
zt|I+L@iRfQJ@Br;djjtdJVJ3<7uVj)jOp7e1J4Y6UEub>={l=8Ec?aaPxry(KUKRT
zjXg2f?Q?A(T_}6L@ih4<)1FIYIi6ws*T6INp#=M}Fi(tTmNYlQ(rEJ%=bsiReOVdJ
z*JW=trtRt4AwA;|_Az!Z8u=M}u)lxuE&Ph}xa^-9v)vEF(rf5u@9I1vP)hg2<Y(-|
z`Jdy><+!X8r@zKw7c33OG3>{}v-qW1sQABxr5Pd%dprNm{B^RhADge?*Rot6UWc`8
zy|KsVctEpL{(-PG4aOdazr}`z>jQtG7v|VG0hXTg3heWQM$>#jmcL7ercoN$@A)*D
zhHJzHrWq*>?3&9=!@6dghVv8b8vgHX;&YvX^IHT;OYp0moXgX*HffsVPtV#+!{7Y#
zZTUVd%~)w*kCV>Z@;A$$&f5<Olzwi@?vi~8mS(*Cu-{MnjcNAFzF`{1GVGe)o2EwR
zlS*acOp*q6%?I&oTlm|G!%Q<-8aTg6pu{~QG?QeTjSI3@8gH-EJPKBPu4S;_|NNF|
zxOcL~_)*zMj4P{jj)k@CG%X9~pAjfMV;atfFB|`x>}#;}Ez-cgE&ptq8pZrzW!C1y
zWYc{Qwg0QCA8h_5vd6(Qvv;Xr-|r{mm%dx}Gw{r8J_x&}8NW1pWiN+kYVM%+z^=K`
z{2lVc-p()K*RtP`<vb3z$^N<V+p<r<Gj(igS=jf*)A*&oTie3lErmI64>SI@><Hs#
z+0Vd=vq&=7+i;F)w#r^$%sGF8@mFOpg|%#_mW6%0()VkvcZYnlOtVB9*fn$UOVcfT
zGpsnvq=8-2X_~#V_nT(9G_Y^)pP7cg)%X+RpUOUI%(fn??PpzFi$4NuT`Lp^&Oa$o
z;%_(NUum50!fW3X<zHp&ey&x-JXQ8Q<4)NLu=J~?hy6Us+^Nu_4<$JNvxM0@gdfV@
z4Y^FNg7JOE#2Es&>O%?kb7Q?2J@0p%21}#OP3-YMW17#&o^2YgHE{kH`cV3;GI6HJ
zY6_cpscgF5DJIvTbiK2AUAo@MKS+Mq<J=;q4Fy>^zf~VfX}%=?U}NvYb5t%!%-rwu
z#+|b3jDIA{bq)=$PfX!_CB8v6os*5P3x4M3t{G*^PLuDG#?7*<4-MOU6@0ZmlwiN6
zr)`&p?*SZRXy{uwKR_Q!oyx@Fd)qy*H1sX(bKUg)PMY=dJ!l&G6ZZZ1D1K?!Ml$@Y
z>{GB}($BCT7u2EIDZ3q(M#aRgp$^R+*=|^x!N&f*gE}<K0p2wY;|uojlcztmY#lza
z@4NI&O3U)j-Vvr@Ji>l`KgRqG^26>w+5E%ghuu#s+QWCX(@oPT4ealZo*gvfOfym%
z*pIadrkN|tHJ+FqvXiAN9G30pD*WOhvS}NQKNS2azWkHrqfO}HO9H3kPX6=c8$)~s
zjuPx+X{?xKCrWbxEDd7`_AxNYG*`$@gQa0C!LFHwUvcKhlHprqZ-Av|T){p*sYAo@
zw-lC!u>|`#p$^SMva4We)Ln^PLmiq8vg=I4Sb}{lQHSPlWVgbK!&riSEK!GsK7YkD
zb+WME5APPEVQ%;atT>D-*fsxRnnBXMW10q8*fsrBN1PAKa^HbCj5pZFQkp}`&lpQ{
z$S#4>NYgW}U?1~oOe!Y#56&>nXlY;{djnK1%+iMv?8}Z57mmp0Y4i)s_g}WHFk2r=
zu=n{1V%Lv=rD4p#u3_D-X@aGxmW5rD)~lU0UcR(manE|Ml~XCL_d6M<^_o7dSDK#n
znkKE+G)-EpAWhGDO~W#U533zm@^$)9`iL_AgJtWCkCjd9m7je<MsupHrZKs~k=gss
z1K~D(C>^8htX+~cC&{Kb(jO$I%(Co9H8)q7qYtHzDHqfbw!1$pKkbF{&+9{pV+qYr
z+0^E_c(Zar9eKR?5aojWEDPti=|gFdG8(okt(S|WQd+NWHsDX|mA~wIrD45ke;t+W
z&yTBIXxE1l`_K6@W8%z!rKhP3LFW$|x60PSio^bb^DpW{DfPLQJwrT784Y~^=U>u?
z(iml8eoppc<2qT&_}Mj=!&-KbvA<8Q-I*(VK_5zW$^~^sgDm?ArcVaI(y%RXo)d=B
z2b5i(;>=I(EKXgBBkqYKP1!i6|Dr+^j?T`>UxOFuLutLT^ZyZePvC<pikftdvt`c=
z{?7-V7nr#V>s=wcDDZ88?+i>Ip&u@LqVY|tZ!+fiW-f=OQ+~?uc-b^g%s<`y*T}XQ
zFO!}!dJc_igTK>wsqAgWTvs1}wY~H$oClQFC=&<GPhe>nW3X#}8Z<APhA{@aW>?Vs
zt7#ZZuxtK3Xlk`S*2OsncFkb?M`!J6G!4fh?3z(QbAfS->~!N!=_wQEZrQ_CF6h9d
zZ#g~-9r{q>{NkLB1@q4|KV8Hz$+EZ0-fVuE+^w+r4>evQn~rz+&li8n{P0<@;?uWq
zey2W^nw5z&UG^$tjup!IIrOfEwJd!O`>}a9ew|R+51Ru2Rp4g=|1$9Qz-Jn7mQCjY
z#e7<PrTO91C)W#%eU8NCfi`TFy%Cm%euI5J^JV<fd|fv6o0#=8M$ywJuwRQ;o1g84
z^B>ZO(xb}g8CS5+2iD_P%pI~DU}*}*9`g$P^?FB1Htk1or+B&fe;~Uu@V5d#68L+8
z6(Yr4C3~9j8rjnWpJlvG_FVV|eJH_x-MLUq+a8xq=VvkP{G9n27n6-O4AO65h*M>p
z|CK<Au|k|q+1rd)$g)g9Cs?*4oj;9}#`w;lxi@g?2h%8YinCBQZLj>D;<UZSX?w-X
z<Zo6kFc6er-`)vg+C$sY_DWM_?3%Q_($KdvOut4p9gosi8|PmUC`p<t9G6`WPYj$l
zZjc=a(|9G=?`5U)gO(jG-$#_u&>q+|N8`8n9M6U0vwbo#aEtMEvPT%tk{tryqz@(7
zzZcYtiNpRM1xv$vVV`@Sf#24Z`c@jY9nSC4hf=dL8pg{MSQ?HUINzlYr4J|<82Czq
zlwsBd=YOpaCEA9c_;8+sNa<zef=+CEWOoJrhrsC^BF(SlI~P9#O$p|E8tD>c{Hz!D
z-+X-@zr|1IKxt?L?B|)QP17yQG=ey6BkcFs**xNKOfP|@Vf$b|7p3D}nuq0kz%*<o
zoM)v<)Dh>0vX8-vGuYVsggP{vWXbT;vYTP)=|4E%tq-Lw%J}Py{oM5&el7c&><h3o
z^~Qeg8i0S1K9u16ZxUwLFAer46;D?#7^i(LJ`Eq4lL=PYpYfeQS^g?n*zbEZ;@7gD
zmOTW%MITCV{?&x(qi|9-rVduApabV*S&pd!CwnD0|4_p0SdgD}aa_2+PK=&zhuyF4
zNPhM&?0xtn{94f?mG(W<_<D^m{5-!+@1TnLzhYLJ{{h)_-(LQHTK2`@AKx!q7XLxY
z#Ho?J+L(2557*bbAn+Fh-xm1J!1o6JX5a?{kF)LK{|UOnc)Dyl7StZzgQH9vu90mq
z#(%A|>>Oj>mAk>1VWZPQTDDVuc4wheA4;&FZ<mOPe~0Yt#>=En$4h6n?_fV3SDI#p
zG~a@yVL!sIc?7>=a(sN-_&(_$gFCb17xr<UjwAU8$p`y!-6bZ@-^+50!OzS70`62c
z_Bhm`S*>-wXqv&YuxoakpW_tv^TS^JTK3Z#BmZieI$1dXTYV^{?-9~)A0ypE>&%YX
zbPtUURr;9fJWje_VKGm`-<f^)f%AKkJgpD?8EW&{rWvLx*!wfhb)~sTKC<ii|G<dZ
zC_U`Q>CB+H+IXStwXpOfrH4KK0@HBpkcrRx4tK!PkCq<x{X!j@hh;Y!-!HobmVS)%
zu%B1|+BDyhP0zWs>_3WMHUGid_J4-8Y?GFS{ap8Z({OCoaLh_GRvOsfAvp}cVxl?9
zm}m0Gz|uEM5BquMWb==gA9nwz%s)|n*!|<oKS_Q#-z`vTG5=&^e-7A&-`ca#G*hI3
z{XLw{pt;*L)1-kt&V50{yUlD%i!`un)(6d#rkN!T?3$;8=9i{vlLq$p*<K2oZqu|&
z1ACl3L6hER=*;Gru<wgM1Wiu+!~22rEd1ZKKhv{3ExS<hVejYkEKh#UU2y)N1WHHS
zvcqK4GrrDTPX7}7aXlQ3oJ-_~^ZzJN8fD9Je2q5EGWlU&w#od<<%hjJ>6u_>HeZGP
z+C2fiw&nA(m%!3+UW7d+b!Z-vy~;GJq=8+-C9}||-~Fpk-Z8Ec^S#*p9|?R+;1dIX
zBJigI53`sfWYv@uvrhHr7+)aEvBA0;<fjZ@Bs(GaDdWFPmSX_sd->(?t@==c{d_V*
zjApbnT({6v$-=IgXPU*b>HCZH+?P$)FX^l0hrO@Zuf)7d_IBf^Ww~zQuh6m&!dkXQ
z7WTQ#qo$#6pD@iJSvb!GOzE$biG$_^SaAxnaQ+Q_DD70nKiJsENw@ij$inU?G%??l
z-3x2kI%D51>U_O#nWkPAb`5_*2+d)#_oAWGl-4W5^zBdJQ*`}Q;hzIHv8?>lWYgbs
zF#c@tUl#Z;jDI2fGvnuEe`UN|_J0`vR`xC9%6@tdW!zt!&dFNW(c+IP(}sH4bBrg;
zUKlu?52fLE9_cqA#+}+8->%yOe=YDg0)H#;BZ0pc_(y@$c-Fdj2mCtgw=c-fHRgSA
z%CzA|*^c0+jGt-t&BpggzZljBV;J_i7Uv!Gcgx;syh{2N#!t%L2Wuh5Fzoky9yb3V
zS=hgiq&byhvh4Rw!?=Zg+0Eu>+`@hgK7(J&u2CCaG7V!GcFiu+?3eu?#_Oa{V_WU4
zlMnW>`g=6;*UQ2_XZRz2t!smp9l$t|ra?Z~=U^YiFAZb$2;;G`M;Y@>?|4|t4%4!*
zKR-IjG?QdcGmQ?J>^-9I2$Y!H5&ueA)&V~zdkw6ZBc*|TzL)O(N^^^ROHDIc8aQwB
zy}R*SocjW=HT@XrVW01@KJ=SqA2&^tG_d#iPfWvcM@GL(_61n&94kHS`oA^JZ)M5o
z|6TSCSo&t^Vb||B4aX@N{b1Qc;KkYfQrPwB_w~|n{F2f0-cWi6a&h*~9qi}ZGfXp4
zmg5}#64@#6;_Mm%`~8rs%|BV~gx&uo{95)d*%ii*%037$&hB%-KBuA%{Zq0}z>Bq?
z6%+P340UK;mVE(UoXx3V*HDM%HQ8Uoi?io5us^4x4$a%L`{2dd^Ay-M)S;=?H9yB3
zK$><T?9XATL&JP$kZCx_z#fM>G!3$KrdcQr>>BFOFt2Ge%_3=F*Nia@?=+>~YN<V)
z(!hS-DZTroI1A-#M=#A1X<*k-$GYy2U2Gc8ZLq&TNgbMpWgjrja%o_H7l=AEybtxb
zX*d_c{+<tYXr7aO+B7Srfql+N9hz5VUoy=qX<$D;{3>W(GtFvg;Cz=r=}q&mF?N6Y
z8#U^OwerLHhXhJhRoQw^lsyENW}W=7Yd&OtuGO&nhnRnZ{IL6vHUCEWVfPQmuWcM9
z+i03i(!hT1{iJEe%AR4G&C<ZGIoCA&U%nTZrb`;wHIq!kdtvFFF>TitY0^7mj|h~e
znr61_Ojw$&^1~kII`eOnANKik2Y&Xu>_XFQmj?D_7pPp&#FcX}`x53ImWKlm<UA%n
z?<W)jpJ2?g69RK>@R;elv&B!}myNFrn)bja*m@gfPcr7ac$4us*|Uv#=Y%rr8ZUcZ
z@K1nm(}xo5=h#cd=(#SXdqL8uI}*EQrfF`FZ8he7r)y#9t7T#DLymv^HL|eZ1LRo6
zKS&mK{|fwS1DCcm&lGcvq&bQCDWiE>_Ro!Z_v0t9VisiK{O|Okl;+javyWa>8O>l>
zIKNjPO1qTt4>9&JzuWwEvatJK$FG=g$?k)-Y`w8>J9TLIUhp5LX^@3oLme9C8tJ}`
zc)0jf^Usy#I}Dn$WXHf-*D%F^Jq~qfI%Ly3NYXG)VAs5=a^Vx&NAm3noaXB0|F_^z
zZ8m=;@r{o$4fjWnGyX?e%4klOrF}5nt7hd2OZ1@x`&@Li7|olqpE5pE_6*~<WiNxZ
zY?ZNJ-=~@;r*?hOm{o9Jk(lru#*C@^jn~PpfhDLm_IVU_EW1f|gK27vT|*t3XJwx<
z%^+jHo>GUVzuNYkX&95RkDnLKKUfxa|10Ka9K!CWUkYE*htkE$g^{v~-vOJS?Q}oi
zrJYX>oaUvr>}P`i+`tzGKEh%SlkZ4d7yAPC{aA-zF-J->!kFhlrv^^@OPW^sW|*Jx
zOPOW)-ZRUX`Svp7m9pu0*EX`hU_TeFHO=|buZN{!f5Cn}*=T<D5$x}s{@nZpS=iq@
z{U!d9*}39n)3A@={J-c!=^vC?7yAhIb*1A-{yO<!U)Q^0^!2i^uZ!{F>q_@qq-jt+
z?Cav3g=V5`9W2c-X<$FDN2^>=XD^a(QQ*z+Qhg|GRdx-roG%MJH89^nTr)55je*%7
zG-t>jAGq0=Ys&@3T=&v-NBT+fU1a_#@?YvKo1Vu>(<1*>_|<;K8|>q)1-~?H(sUT#
zDx2=fNY6Ndz5mm(FF#`gcK;({;;fVXzVSxcCyif_P1g=B%lLu)`|M6M@)u-bACukq
z6_fMu9#|U25A5UQ_vUB(z&;-S6Tg;a{2!vsvUT#oJ|4JE;HU3lk9nN=8{~&Q=5YKL
zGrfzbWf?!|{a72%tPjo2vdyqGjncqA#y+5OVU*^NvIiN{Cj($QTM5p;nJ_z_pQhhO
zD8^j53dT9&iy7k|Hs;(i-xxj530(i>z)J!jPRwQ5x?u1BqikI~mpjHZj33xFCz^(F
zo90n!564bAcPVDI{IGBPc=Yl!eqg@_F^*~H7i7~I7Ec#nfnR$12lhDBp<k?ZU2Pi1
z59}IZC5`OOu;MU&VE=9GV*HA;LRQsD!&rh{Lmiqmva4WK)*1VEmNodL*&w?PmWFW!
z`|nk$L(?U@36`e8*nj^{9h&X3TVZJ!W3b=brw&cG>`qvkMq}4dhi0Gb9$1=@#;&0b
z4ddr+(~OpdeY?`Jqh-g)myVqu3zS%fWf^aW8&}EJ!_qfN1N(NNLqA3~-QSjGtTeEH
zr~9O7xIcsr{dn0lACtaWdf4^p_%h7|^wKb<V87O1YW|7x!|vx?N&Ks2r<sN^2>bY<
z4$bYd*P3RsG_Y&Z_*AFy-QsJiD;THt7<0aMfBK$c{`5V?IDJns9&T~?KEggLd{rMx
zupf8q4`TA&<ZM_Pj!oD#>3Sgz=lcuMh}pi2Vd<-7Vc(XS=I7Xi{d_pj{DWj+e_!Q#
z{EB&x?2X2^%BDG_;unlPK6U74sSP?UrZx<gg<bQ2`8ft*znAzhel7dB?4z*a*BSdg
zN$Sva$!>zB;TVMd@9zG>{0*|OkEQ4FYuT4%UxBqO#~tjNZv4``CQF9@Ap0gPeWP)H
zzd(sPG=sFg)yinthj9LQ6j>db2I|Sib*5J_o1Yw(<k{~o6^H$Q0&yxc{|M7JsR;Wx
zPv3VGgySY1Q(Bhe4)#7z$Cos7<r}9=J2}>1*Q`^y@X4(Ib7;haW%~!N3H+hJ>;v>C
z$g<fm-+?H@^jo@ih!2*31pYhpp#<mUBc<zt{ETzhuN{nU;?U0vjc=7r<4}J1cJtpQ
z`*q{>va4am<XC|HU8XdawCq#zJz*M-3)sKEP{(>-kbM?b9F7s#HPoTmCA$NbhT{VE
z?>N+<;XK+6OEXv&_WiiW{6l16_wO@*oh<DBx6M!A!|oq||4w}<!TGlmX7kBUW!IgR
zautlf75I_B-wXVsz<&`q&G#(MFM|KW#;asM1~1o#672KRW5u*#jV#9@e6cKJ1!g>s
zHr^mR4ptn-2AuzQeJG7rMn6fG40p&*HfDcbX}nqXI#_WS53t8ca|tcGUA`O87=O`t
zi)^Pc=aRc&#i=p&IBA@Z(RGh{vY2f;9%gVV!FhI?lB#osPiJ%gvjeAP<!_QNEh}yo
zpI{nz6ih>uV2?RaT;O7*1iSxp;=*ULIasIhGT9VU{;!Br`^EI%>1bByLkae=)FdX(
zMY0#b(y(9P{JZ*4x?CAQ{S5mtevSF*H`tHI)c=Y}du}$(AY(t)2H@x5R)X_?Oql(j
z9cN~LEBaBn3dXyQ_shN!_(&axu1V)%(;pxF={|t@)BPpm^u56NIEy(<_T$DMRg5NM
z#%bE8(lb}0%zDSmo@b1I0(_4?lwiNUUn)k=-0BKg8u}S_%}moUW?PN9K3oe+PyfSy
zo?l{q`XBal>~j2C*LP*_HvXpUy|Ci2FJO;D9eS=m51NKC3%lm~<{vBz`!)I}__gd-
z*)CY|hZwttIyA4yzG#{{V}HI+9UAuUuZ{P}zH0n0vTwnPUvKQ^Nrox@23gqsRoWh6
z4wOyTbZOYX>6*?7Qi(b=JfBSSWN8}Zhke@@s9ZQJj7j6&=I<Gk^22FNnkJ1&<1{9X
z)0i|)W70T{N#k@Zi)l|fmc>0|Qrt5p#XVzE+%qQ4pT;CRT<L%@DNWCql%`6W1IDB@
zJ!4YbGbW|4mi~Y-DSz29sbzb{q_}5HN?&$NO4BnYr71fm<?k7j-)0N#ez=xp+;u4z
zr0E%xrlF2~+A}7lsgv(T<z8b_nw~K!-lO_gm07lDOlsM(V^aPGX%85aTDE6QN>g@B
zO4BnYr70bg=~|`}5_8daXpeEaUv12J+Wl#cXa4kFlkqV@lg69;J>yNx{P9eSf3ECU
zV~!!p#J^DX{NSgI{}S1W#?1H9IdG*MO0b{zt`ehXjye;ThH(hHhU+_;TV&@Lb8O9r
zrLUHS{g_>9e#Rl}&qUJsP;oZMr$aq0JIL7Yk3E22nl-Xy82vg}>na%gy(a3=yezxX
zG>l2uV?Kpnnk}+q*S`QOCgT(Km^;m1Cky*Ity_$~UKV!$Yxos^pX}?fG>kpi`-D0)
z$En};n})FmyM}9V;T!r;g7b$YOkB9H$nH;bhH=^XVXCSN_h*_f2fovoeM)sf`d`X&
zD7t=g@c%q8+kk$!?1{!*vQ5US%C5_TtzydP;fb(TSZ(aT-)u8KV*}3f#YicQB`y0^
z@ls{tOpv7vua><VR?I=heqZzn^A}`c?;l~VpaX?A^oLjB$v8hCTQBV>oR|HdMIVHv
zp|9XP2b$7B$^{){lVlHtIe99brtGW`J$z+gVOo}L9c+BD>_?1;$&!iRB->(4o5>Zd
zT#0r%v;EF&vorCX8Pm>nff>6MY>3hrW!E$X9viqh@c6*&UtgAR&XZwIK1%J%?(Yb^
zFz}+loq?AGUKV&cOb05hRrdJn0<RCeA@Ih)n*whR+y!5x52c;T9)DNh?!dbP?+Ls&
z@V>zNVLDHV`v4xFbF?$}H=H>yI}ZuW`Pco-Kb*NHReUy!-xT~~12+dAA9!M5?!|e`
z$$_~aSiym*)Dip(11}2P8F)$HWr3FmUIB9vQ(71N>jQ5HyfN^mz?%bi1>OQPkS$g4
zWlpJDx#H4<>HJc0S;m9$PtLdw{(Qy_@Z}jd!c5$hMk`lLNtll33Qh(}&B_&AY?avk
z6`Zh@2wgD^(mhAzis?}HT(V+D#_ci{Gc#TYw`AN2w`RNyzB=O-@HH8)f@fvC2A-Yq
zI{4a*H^A3rya{g0xC`cjue4RUVs66p-M(U8#yj!TK&5WwiZ4LfT&;qWy3#)7iUkSN
zJ(dbi1|;^y^%+*fH)NcSg&Q+Y<DZRIszY;A#trbz88^aA%9KXKoK%#W;4fv|3^RdI
znh0}|RGJKTCQSEyD{jqr7XHN<x5Kw(yb$K(q|^z2CF5oA(u`NYw`aTxX6Goafw`b5
zt%L8#cmvFZT4@u!JmW6-u8g<BTmY4}!(YpIC(I64>W06b@gDe|jQ7Es$CBQLS7w~+
zC${-UHGE&@9|Y?<OXB^=3I>r<9c<S=%6{zBz;^5mhV9s?hbQYpsZrUFoiVT-JI$~i
zJCk5LcBa90>@Xbt*kLI6vBPetn5GXUy1<W})$k0w*}Tz@osBB{vC{?Hv9k@fV`nF9
z$IfnemOhly7`9{Q9hLpqsir^e*h%MY8mm-?-;SMOupK+2VLNuxIk`R4PsDG>PCCch
zu`>(59XsiKYsXF}emi#3`O}V_Rru}LSqsx)N@<MQv6Ie?cI>2aWyj7A^oufmH*Ckw
zUf7PEG=A*ZsbV~IX8JT{Zq0ZI{>2$Lz;^76gzeaAg6-HD58JWBd$WG*w7_=kw8M7n
zEQ0OW;hlLuc2>g6v-Pfl?bzYBLVoOQg6-JZ0yA)ww!?Pp?1Jss*#q0Lvmf?jr&4Uk
z4!^(hV~2NE{n+9EAn;?S5w>H8_fdHVi_{!=Qs8N@)<<d!%sZ&==WqWxuL#WV0NuYX
z@W#Mhfw#fRq@96x2i^x)Wtw*aSIg)ALg2c<{7paCj1J8En(m(%nD;N;&)?#6=KV?M
z&cOUu!TtQMz<F)p4S_cY-WqsE;BL5ow!QpaKj*gtR~=OJ4+=aaa05Ibi!(BCQ{eG|
zCkJi`+#YyQ;AMgNo9w=>HG$U$-V}IC;O%gA*3Mml_XOS_m@ibWuL(RDJ~)e0AGk5_
zn83|}Ck37sxGnI)z)J$J2)sJ*y1*L)cLm-ScxT|<@FCf@><j!(;A-t#*YN)dJJ$ss
z7I<{vv4JNBo)UOg;EuqZftLqf6?kpn4S_cY-WqsE;O@YC1HT=(O5>#>pY_k6z(WEz
z1Rfc<De(BflLNN|ZV$XD@Up-w1Fs3ZKJcc%TLNznyesgY!21L9hrxW?YXT1rTpzeG
z@R-2OfhPr?7Pu|&!oW)cuL!(4@VdYo19t`97I<gi-GTQ7ekX9Xjt}n#{y$#ly1>H%
zj}AOG@WjAV0?!KE5x6t(^1!PCuMNB*@aDi<1Mdjj9e6KXla2GY16OJ6yMIvNA%PnL
zj||)tczoc=fm;H%2VN9-S>Tm{*92Z4cvIjlfwu?V6?jkJ{eih5<=b8pcyQqQz>R^&
z1a1yIDe$zwZGjgCUJ`gk;MIZG1>P9AEAY0!I|J_yyf5%OfvZ1I><9iI1Mic%z{3KM
z4m>vS#K2Pm&kEcTxHItbz^ekU4ZI=n=D=G6?+Dx-cyHjh16K_!ZttMLLjpGh9vQeP
z@c6)!1GfZj54<SwvcM|?uL-;!R=Y`?0&fYtJ@Br;djjtd%nf3XSrd40;QGLgfyV@H
z4m>IFw7_kF7Y1GuctzmVf!77z7`Q9&w!k|B?+&~#@H>I42dN*_FC_jy3g^1O!vc>E
zJT~yez*7Rx3fuu}-K5UI%LA{1l}T#@ZwR~@J~Y#84ZI_8ci_E&-ws@*7#?R(;30t<
z0*?&b6nK2#$$?t}w+CJncv;|;f!73HA9z#XErGWO-W7OH;QfL5qny6&HGu~Qt`FQ8
zcue5tz>@+`3)~iXVc;c!R|Nh)+4~;osE+&G-McFxtScm~gp4gY-dzb;VF{#_Fbk3F
zm5{|^AQ2dZ+~S%QAd3bYfpLvn-YH;5A+g*7b{mqatsvBK-=i&dY3shyzLiWcPDO(W
zv2hBGtk4+eK_V0Ck`~PSzI$ix{&W$s)7PH9^G@gJYQCBI%{RaKKX>ljyS)OxB=8}D
zQvwePd|Kdh0*?rMRp6|GbUE<b<ho3P0#^te6Szs>7J*j?+$r!Tfwv0WBk&%9_X~Vb
z;KKqR6Zn+CLjqqA_=>>(!gPM~1TGOcB5<w1ae)^K+$Qj9fx86WBJd7@Ul6!Y-~$4`
zD)143PY8TQ;Pb?&Z<@;jdnTs+O=6S_%_M=#1g;XePT+*VO9fsj@H&Av3;YZ*bfVcQ
zaIe5G34BQ4l)!@mpBDI>z#{@*6*#LXtwW)}L4hj-jtSf(aErhz1nv}glfYXA?h$y8
z!21P0DDYuo<bmdxz^4Qr68M6^R|NLon&!z9xJ2NHz_kL$1zsp{o4~6D?h<&5z&iwf
zLEt`t4+#9Kz()i=A@CVu<df#Sz?TK)!)!0yG^W6l1TGV}O5i$y6U4Y^mI}O5;B^9T
z7Wf%~cM{)b^YjY*lE8-qP6<3H@M(e12|Pl4yUl-9;4Gx6{rN3$je`PL2pki*N#GXZ
zVw-=3z?}kb5_qe?J;Wt;+&u#C7x<vShXp=He1{$Pl)ys*Ul90;z<!j6_fvM<Jb_CD
zjtE>Ua9rSp0=EggTHr2$w+Ot0_)c4g7X<DT_<+E#3VcN16U0HA=ZwJT1->jW4{&IC
zQ{YL&A)BX6;3|RZ1WpLNRN$2YuM>E)z|RQ0Q{Y~KUlRC`z$t+TiNm(erv*MI@QA=y
z1<pdd({cGNd5wbtR|p&vxJlp^;!<0O6#{n(yh-4#0`~~KN8tSe9~Ahoz{dnWCGe2I
z7X-c{upj-#TW0H=Cvb_t5rJz3jtjg{;5LC*3*05}7J+vN{DQ!J0v{0gRe_HPd_v$e
z#FOoOofr7Bz#jB_En^BiN#HVps|2nSI3e&-fmaH=PT<V~KO^u?;wiSyy#l`^@F9Uy
z0uKs&THtd6j}T9_`L7C`g|SEb^V|O#2L-MWI3{qDz%2r=5V(^#VyC-F;H?7p5SQCB
zdj#Gu@IiqO3w%uAQvweOd_mwV0{esMbn^r*5jY}nt-x{OX&%cg6u3>`)x>vMBAzaR
zw+OsL;1>k$6Zn9@uM$^yEOSKQ69S(huCzov=LNnjum@wjmN5mML_FP&TPARoz;yyA
zh-cXHO9fsj@H&Av3;c}0I|c3)_$7f437ismP~g)7pA&dQ;Hv^>VcyXC^ZWf82L-MW
zI3{qDz%2r=5V%v|O#*KfxJTeU0`C|2pumR(J|^%ffrkXXAn+A|{g|(Ge)9w_5jY}n
zt-x`C7Yf`a@M_{JyKQs{yhY$00>2<|pTGwMepTQj0-q50jKJpwzAUf@^Pbkt6nK)r
zWdc_TTqkfs;H3huB(ApezE0rH0zV`0PJw#`eo5d%0;dEX6!^5j=L8-R_^QBJm?yQK
z{Kmh=L4hj-jtSf(aErhz1nv}glfYXA?h$y8!21P0DDYu{j|qHA;30u82z*6gKjvGV
z-#md!1da$?D{x%kg#xz;yjtKcfwu^}L*N$#?i2Wcz^@8?MBozwpAq=Hz?TK)%Y-`b
zrofW~E)%#);5va50xuPKrNHY1-YoDl0`C;KSKyZfJ|u8T;6Z^;3w(|^YWKkrfv*aj
zg|&&6DHJ#;aD~7zftv(w5qO2bodRzXc&orY0`C!czrY6tJ}mGtflmoMB=7}+uL$hN
znoH+BPv8=PBLde792a;YagANhZ33?rxJ%$I0`Cy`1%dknJ|OU`0v{3hgurJ6J}>ZP
zf%&ql*4Y$zlE7sGR|#B4Tx;hyA@EXxR|>pN;LQR*Bk)dvdj)<;;6nnZ1RfOlw7};C
z9ufGez*$(I>b&rGBs2~Z&$RPcA#hCKCV^W7ULkO&z?%f#DsYd$dj#Gu@IiqO3w%uA
zQvweOd_mwV0{gL!)_KemxJ2NHz_rA8+hr0Lc%i^;0<RXhi+GkDcZ<L~1b#u_K7kJi
z{Hnl51U@0~8G+9Wd|6<=6sq+x1)d~unZQ*7*9n{uc&WfE1zsocW`Um(c&EU<0>32i
zA%Rl@4+?x*;B&+=yUa%fzAA7Q?sc>be-}mLpuiOZ#{_N?xJBR<0(T0$N#Lyl_Xxa4
z;Qaz06!@^f#{@nl@Q}b41im7$ANOtE*>?Hl30xv@MBrM1;{q=fxJ}^I0(S|#Mc^F*
zzaVg*zy}0=Rp286pAh&A@f<r}=LNnjFc0*5KW)pH0#6dSOyDYk>jX{+yj0+o0<RNz
zv%t>?yi?#_fnO5%kiaQ{2L(PY@Hv4;1imV87Vc4WIq=)A8V8B%?DDA)I3{qDz%2r=
zAg;ILb_%>n;H?7p2)sw&{Q@5(zQ^V~EbuXbPZ8g1%M1y8LEtL_`>{6E@_7Q62pkc(
zR^T{s+)ituz-<DrCT_50x&+=L@D71r5V%j^0|LJ)@DYJe2z*B1^8#NMm>(w5x|sq`
z61Ys@DuL?+P6)hI;FSWe6L_=0&j`Fz;9lZJyWCz9_>jOUfd>UXE$}&kM+Ckqa2D2a
zIxT)PQsbb&6#~ZuZW6df;1vRQ3cN|+tpfK5yhq^u0v{Cku)xOzK1Dp&F1I0pF9>`^
zU_aJ(T0T$U5`iNE*9sgLc%i^;0<RXhOW-X6?-2L}f%^nLAn>aK9})Njag&|*GXkF%
z_%iW*whTX%qp>OQB;saUrcB@}f$IcL2)tC_l>)C5c(cII2)t9^UV&dCo@eWGNZ^#f
zg94ux_#AP<jyodoRe`gxCiTv@W%vy|je`PL2pl86-<EF@xJBR<0(T0$N#Lyl_Xxa4
z;Qaz06!<Xl0$Yb;#0zbFig=NYhloF8;|s)}wec0=790DqHq`G*=MgWl{Y!`+uyKTV
zsf|DB{~!dtxH44)bU9C<!nFJf<1wU#<I3GNV87E|jmV5oITIJB5Xr|X)f|8h=5$T}
zI4+t4;A4F9`Cx0lB(UUT@li)@H1`U4NWNFW*9$-LWvDRnZ^b3~=+48Xjpq9`cu2mb
zui5Wal5d;}Bi|q3l6*Vio`g#q&DRGH$@dKSST^JvufoXp4P27%CAi0`j}-hR-yrx{
zrsT_3VdNXaCHW4+O@D2)et!=S$(MD+!)<4aFGqzj-gR7(?-<-@c8<|}{{kP$R{=ie
zh5F^HF!J$RL6VP-bMV(j^M&Cr`A&h4?;4UXAHobH-)G>)pVOYt!Lg7Y%4oj%@RNL7
zUq`xVc;qX9tmb<HZbsMrgYOo0YBD89XP1j__21g>N0V=&lB0gly7=~hZ>;v$?c(bl
zOt-&V1>XS|AKyXLd4!mQzwY821RwRGemG|0<o9n~d<Sl#-%%IeX`!DUE68uX&k9?Y
z-(m3e!L5zf^*t9~)^W65_))(*Agt>n8+8sZhmY?sY7TO0oC!JNI6Yy`|6Mx2c&zI1
zO?C0DM5GcchW$_Tg<X7?!M7A5)Gs9X9&qt(0l`@P<1;S4#JAG@qg3#1a`7DkAN#pB
zTEF!!z7g;pf)Mqa44ZPSk3BBF5d>%s1UvY77vKI9>GGSZ<jD6IF22hkqrWzq`xO`8
zLGYD9i27lx)6ws37as@jvG`89_)ZBvY@0cJAG-KV@M)c>qsAY&_^ycjVhhIMv)(y|
zTeoMvi>f&!UxDg}aeBh|-%OX^47zbKU!R5?iooG31YZ{1+Gy^(U3_`q<2=Li!)>C&
z$KM2$e0)E4EIz*fOzt=?nuy@TEr-L$-=UR!WjEpb6&GJz@L?(I@O|CIR{_4U=C^$=
zzBcgb`3=h=hwqe&FMbpKzUAV3LFmVAC0!o|fXr{=CVbaid<O*Irv=}17henb#u{JB
zAx9nJxM+@mPmeF$o?sZ;i}k)XY~B9WfiDkkZ74^x+{HKPWP1MKwu9#5@7>A#@_pyA
z)-T&#d<pO+z{B>}Ao%{+#mD!g$7+9n=;GT6KHZ+@3O?&SakzDUd%-u>c<?P3-%H>t
zQ~KQ}`2N|Y-%B^q?~;peQ0O;L@P!axmfu0R$EpwZLr^;Pdk%b6N<ZGxFpT+XcJZa)
z9xJ~MF22HVr}N9(4b5l0*ABNXzd^){z^x7CXdZU)#lW{2{;Xf#rf9y;Lr&(G@2P7J
z@@Tx(#di>V%m?{CEBL<V;=2O(SncKaTzrSYr`yY7!N>BF`Z42LCx|)tuUvemgnkbQ
zzVEvD{NNj_e!t`58v>uM-(`Z&daoaDT_1%2y>M%zb^Wo6FYgq-&y0+*{FXzQaxBjx
z#FzO!2=`d^n-71+iQ}R<_nmb8J_xtwo9W`?JNii4F<L)<V?gq)cniO=VA%ToqTqYb
z#dl!b*!OSz9)aXLeL8*r_K@KFRTtk7_=1jhHV2(gxcD}`<MFJ7Kg;i7*gC&`E<QFs
z)|)muzrW++I|aU-5F%d^w&pwP;;RB*ttL})boRUWR)060-&IPE_4}TSkMHSgoyeo{
zu#3-w8#>+J)(Ad+yB;b#?XMGjD@de_=F5Z}aa{SE;Nv%UnBPa>$1w7jyZHE?|3Vdq
zmgXyS@deM=_j%-7tK`U+aPj5g<~TwkWi;Ph7oY!Zx;=jmvRc1&F1{G}GzTd)e#FJM
z1$?^v9u<7gx%l{ffw9Je9WK5d;M3#5dcnv3AnRk{P4xS^i|<vT-v+_=9T#8AP54f@
z_>Ks^#|7V27azZypvw$m4*q8s-wDC@gy1Vf`;hr<179JDl+oOGLXJ4D{Lg@|4w&ub
zN!Scy{e0HN$L}|24g@>+eiz@Qe@NHwQ%a6}PrCTJz&BR^-RR;g10Tn6>i27c@3&oi
z`)|Ux%f*)xeE&`G{iTbK-;fw<ygKCKTk*a0c=hXo@3f1L-<TMy{J!nty8u4jKeh?J
ze|7PhH{tux#dk&UJuUcx$e(O4dEn!`uZ`BV7;?mM72qFAuTMV@KZa4?xQj0WKB(dt
z&G%^+-@>8vdgBX_)_lL@;;Xtzejjx4tp=Yizb^{DUvcr(f=?Qj1<e*E=d+!jo5^j5
z9P{^aa$guDT}&yC(dF{{F1b4B*X~HA+s;=Z$2f5n)-~kuq=4B!eiODXzrS|z^?|Pd
z;o9hQUv=?Sy_>F&T@coM-*xdF0$;u^G$lvw@3{C9;Nv&bsNeH~?*qjbWh9tm*+?tb
z#{AE8NuPmqXzMZ?#QRH+z^#qWhX-=RaTT!T`{{Y>x8bMrG1bLaTkP??t>Vzqd|?;g
zW$*=|2=lQ=@LAt~fm`cmmUui{;nqg;-Rt5j{Kxb@(pMp@^|QVk1GnbmdqH2;WJ-?C
z<u1Ns;2VKI_2YP{`8K=qTXqM&&&~o>M(g*ui|^GR;5)vm-hL0Vn(udAd|N+-eOOJR
z<VekL*w8yp2TaNP_+1oq80yytx9012@$u~Y`x%U38%@pc-AKMGA9y_c<_Y=sK~(eo
zql@pEi2eK7Za#h+NAex{$o_5|`SuGw>svW+>-y-LX8+cno9`zszFx!Y?90C>_=?cZ
zS^S!h=k~^$r}Nn#AQ#6))8z9y_hm1^t@9go@eP3wkM<lxIhslr-wN<;hClQB-(hRM
z78l>7yYQX;G3sN1i|-Wp_-!om9T0r$Tzovgax22M(fU2&;>$AA`Tb)EYyCd&;^VoO
z|Dnm09GzQTd_nMCg+KK>sN^_L{IQE~b2Wbdloh0m*6$Bpd?h(v55MO~zE>ct^&52Y
z`D^g)!!h_?ck%V)dY%4uNbp^B@pWO*G*)}zH;$-792d<<e!Ber9B!@Ocx0OD==S#v
z_?9z*GCIG0$Vt8|{Gf$yFRwyY^G$K_ow*5L$i=r+@cmE0*XZKod4pM6IVDGDy^HS(
z_!97EeH>PD5b-2keCxm$gTFR9zbjmPas1$c=KC86>-=tW@$CoSU7AeE(YeLNw*!22
z@TYz$*qYD!&J*0aK6r)!P1-S9zc0J^jtIU1NNc{oa_Psxpu%CZ<>>r#7awmzwSGqg
zpY{DHxV3&2;N!Yk8?E2>Tzqxl8-x(^dla_TZ$i%K_ICh$Gc=i!qjNmu7$;5#OxDD7
zeH?>Z^UZegow*5Lt&6Wk@O@M8wY&ICG``<whfzl7_aPVG9`NaP4)d+`d(Opo0FCdr
zHJOs5bBBv>5I<6S8vZOlJQ8#G{>;VKG~51-26E77{rIgc;y68F_D}L!ztcj#6L4$&
z-f{6&&9U336-mhv^SfG-@5F8C@f2IG4&PN5-w60PK5C=&`)3#5Ab#}b9E7OfDcD*+
z>pNU<>-M+*)9Cw}Ov%xC>x9wz9mJ26tb;%K-coXCqMo^sgO|g14t&1~w>Db8dt7`a
zC0^&bAL~Wyx5mY{5}l}0lPNhmSGxF4fKT_g?<zU!x7EeB6GB%>pp4e<*Iaz&9bW5O
z-pubA$ZGw5&&Ah+!W(P;_==0K2S3a?2|VQc2f_E3F1|kSEl|4A()t~8@$CoSN`#Yd
zNXaq3-*)j`0N+^agTHg}`R`2YH!S#m=;HI=gWqC8xHek9e{}JcfRFl6zjLs4`DNms
z1YS;inFKyGX~$?je$$IMu0kT<TL(<OAHddpcewbLg6}W%O{9_|1;4>2`Cb4Y_l(JR
zUhrApVS`)u53|w!Hat0Kw0^T(eCzNdE_%HBp^{_%+g$psn2Yg8lL)>CTzq{IuZQ0m
zrG6I#-%~EW3QVe>XMrlCsW-X!c7TZAvnJn<AWJ#w_hlE~q4{VpWAN>E@wL@@J^W@k
z`9=ia|8(&U-j6lI7<_-`;w!w{>)|)T$#+Tcopte5Ews<3K*TaSzx+lWaoqOyRN<rQ
z`hM#&{B(Z*)x~#sk^LL;Dw<QjAG-Knzz>0O9YOs*6nrIlqucXo@bP==+Gzc5g`Cvy
z2>AF-Zt`6be6w79U7y8o$&JAmb@8pd2kk|b-@gdH2V8uYTkNw;Zv8&v;!8AmJ^T(l
z_2YP{%g_4W9^ATrlq?y0{9Eth%bS}XUp^9iyIuNKfe%}3j?v}!oQp34K7I$E`f)(f
z`u(wsFYke|$Cp2J@$JNi_p3lfKHO?LeAf5>;IH$$5PVS4F<QTGx%g7xTM8-i`30Z#
ztw8u|zCQ3_%fvC7?<X$4!u!(Y$Dc>i`Mo25bo)CDzArm$wj7<4AjddyI$$cmmx4|G
zvIO6KF21G6#8~rN+{Jf6=y!|Y`(+njC-`{wO&guxH7-7Xv)A*2YR|aUbn@Hn;(K-3
z*nHbue0vgUz6pZwMHgSza@-${q2FE?U&R8ihrdg}^2-x^11`RJ+t}sz*Dk(i7NzSK
zw_Z+uhh2P2Z^C!h#n&tN_&iLv7k^-Md+7up*Gt;y`nc}mI|RNUc$nWJ!54DzH9ct0
zD{j6L$jSD13XOpC5Bac^cJ!-p@wI>tk8B*H^?Sf2*9N%~N6O}-^E0k=hmdX^{FyF)
zcTbngV=lf;;M*_;-&z-6$!F8|@mMlCd^;2$nuul2gD*=v;G^^Lw2SWr@U2wy0+uKa
z-&b6GBfn^$7gqER-=DhVuG~cKxJ!-?SFzl1jMncxmt59O<ctElUFj_5K~8LQIr^2j
z<R;yO?{1e|@FslLH!`8MPB(HBxnFkiRoz7H870TLfMzD-a7*JDREf2IeGYQ6U3Nh(
z=1AExbpF2L(?KsmE~1r%C;4c;3OSZ}oDP`FOVCbLJE#!t;DC$o#4q7_fJj*Leci=Z
z)r$2g<k;?~3qEvn=a~!B^<(n*GsM+K^U)S+dk$lhli$ycB497Vs5_k28F8rXn00@J
zJc@$Se2=bqbp6Jsrmvq7v`zKQ+F3QVGiO&<2ZPmBRr3Gcch?4kchA0CNv^!**Y8`{
z?Dc9Umf<fs<;a9v7z8D1EiEF@3A63IxpU_PBda#9fBf-H>({TV{LH*y+VR*UmDSUu
z(dku{v#To~sa`$n?wPf*^5D$r@Un)fAgIXNwrR~{k0&3V|5(R*&$0*Zd$^(TfzK{n
zw)DP-7tUXL-;#!f57bxP($F}+zWNpjPk;QWM>i$gVQ<=K+npM1TC;hRXZq^orle<j
z`{R#$rmtH6=%Z^MgWqN=h3RXV!p9ijs9ZD4vWDoEH9@!T)i$wjR1f`_#1LGJi-n-q
zE_V5*<LMd+DLI|`&E%#+j$_Wp$yF#m-6zR6R-eRH->5#x0u)`tDJ^%K|2pIvacQIT
zL0gvS1-Mt@qRuRXo3;6ch^RRr=HRuf*Cf*|9_{?U+WddDc{UJXbi4WgrOnTXVkj5p
z<J$bpswyS@@#Fj%mKz2SJ<gB&PaEg|eaCgt9ISVw*d{)1%;lIyxsMx5xfl3J#@rIc
z_i<zHWXOr>-E*@sSL%i+9*((D0%df&f4nnU^Iv1+f2|8XNgMtDWsK~6G`Z^MY4g?9
zRW(s-l>GQHGFFBTCdSAL>n$eT>;B)i1N|f8tKSG6H^L{qVWV(L<HRZL;g0Bxh5qPZ
zS0#6aQg{&|%QM>Tce$}2VGOnpobj3k(S;MUs*i;N{dqYf$a-|(+LAu+hpUVweV)dF
z4^5w06u<lV<-Y9bz(4(YX-0J5Cm)vHI;HWpDeajZ(eWil&PW9=k0<;m59Ewk|4JI^
zR(igZf803hpE5Uh%BqPSHQWq<dPi{+tQ57D>+s_C9XU>}Yoa!%^R+$>&--35`7Zj4
zHfEXu)3?ZXqVegW(x>NbPlnH+Bqq+<oujkg)7Xu>HPeWm@kV`xQ|1;;SykFmQ@3bB
zeNL((Xs4Wsvkdgmad>8WlpE~>`e4V+R?ODwy!R%0K_!2^KNWrYMA`FI;o!W0ks0^c
zip|@7i%z8V(ge#7)%MwrcB8q}GbL&?S9^y0Mt*pqeu5*`p553NkM<p`s@v))+#0y0
z#4lvR<I~DFhdeiMgvX7+aWbQ%NpKAN1xKF4;iP%tB$`p*!8vtWvoiw~LWjZObo6ek
zxCV#WrhI5qx<YSSZmi9ssJC(Nq-dXN4XAw6u!%-B0;kOvUCPkSJ}{-dq$3(~ROP!j
zTFYkMplF9K@cb$5w|7ME)ZUpwp6{D#e<qx+;}hdweq--DyWZdS(+wAm<G%U%4|<C(
z-DbDHw)~dHr`x<OXoH5)yxJ2Uyk-`D*lslTd7^_Knua;CYVz~*j0xevfBN%qR(S9y
ze;zivS9rqzz<%4)UOB;Th;XC88Yd1k7MlK4U2tf+YN6MR)_sL1|E_DG@8CE8&W<&u
zaRHl6h|MN*p=Y5H^UjJ+Y|AgY&s^lI&#1(CA*=iI;c&tm%hzduDtrs-N+o&CD7rK*
zvrNX%8WsPJG2&;Air?<fEL8CenZAEi{2X`k7oswDZ{VmO54Os^nLba++}U2MlT~Cq
z=xx0>v+fe}l(*1d)s!-QZQfs~wDV*dcspa-ifQ%jKF^9H@#d<=`#ej0p1RfX`>Gn}
zdWyq!KbiWc|4^CRjY$&ymalSHHt$F2Haw_h05mU8Wp38X$M&Ayb$;8G4T1hDYuvL&
zvHyhq5U69~qR}=wqGj|J0kc3e$+n!MJCsM^SVm&T*Z$<tm^>PjOXDhm0X_Z*|J$!_
zuqP>}wL~T+e;AkEMnH*MSo<g7rlCJEb))=JTsV<y;fG+;P(~Y_F6Egn?b~oME|=73
zRTkDuWX2`7su(s-<yi6PPu<YNEqOfcw+#J>wSS}SZRtR)d76d4f=-#-2@mQ<o8?E&
zATFJ+a$p+z6Kj9!$$0c<o$%HqjO#vJH1yX-m&0s$Fb-{<7LNtck8$g8Q4iu@#HD4h
zn`(Wgf&QNp{_BMQuL=Jxz*cvGy&V^Cm#EL@6(-LPT)O;!3z%jsomuV%F4}Fl7<VTw
zt=lf(xyt{P@c#}lPAOROICW+j@)PTJRSHaQ`cDR?p5%`JYu#o7(~PBC8T=WaHVtKn
zaZ1DDk?jgzmeF-F6)wi5%_JB%f(xq%D{c*JtsA%87*5^T-fmZTIcy!5WuxP+68@`!
zbzIh$Za+@|(=bdMt($BoyhUZY%W&y(TLavx{QnBJ*7L7{OO^i+Y#Q<p;VQ;Oo`1!q
z<*xy2`JgCgVlDq^V4cT0fRN&Oh@LRyCmsiz{HujOvG)HQuuk_;V84>z0IbvM0oHwa
z7cdR^iKoCO|6c$zi2knv=yv`$z?wfL{ErI%W5WOMfN97>tlQq3!k<|4zYWYF%AW?%
z{r!D<!q8tEU60Hob)rpU$^4A{@{McOC8w`jyJ^kF<htnz+%GLy^VIyu9$T|9k$k+<
zGksJrcIVe_qKwP`$yE>2cUc#<-PepA*1Yzy<hrqgNIG^%^Tstdp?hG>Cg|yze#36R
zr7wMNmKQ5bDg40NUtQDq)Y7NAbShS$JC`!Xs4U6=nLp_-GAF%7&ZM`@*7PUWuj_c=
zfrSsxTVs{^qU2`kdy@wmc10oEs7h6saCB{4-(@$0oB#KXI(5cISvX4A=P7czC%N1l
zn$iZVv9tro=lPV&9dx<b#nR@+XD{p~Y2$vj;<LKD4Cio{Ha=^Jlx`05Y2&k|IqBw*
zmo`4D+etTvue9+wQ-SU0vz8e$e5%!nwGY`jS!hEy2P19hzDqfpVFyqjoB(Jz(Faf;
z^DLMBkMc`g?uT4%PT(}Zg)4w1;8T_h&tNf-1TeL9D>p6j?RL3;&*lCj<>q7;Kz;wE
zD?Fv#oNxlD|3O#y+b;L8%RQpp9Owd`pywl3c!nAPImiV#M59A5T0K+sPB<RuOpbCy
zXWpH5bF30wKi%IEk^L1+BqRinfMB6ZjCIOo_kK7K)xn4>F(NxoGFT%69@aj-W|Jnh
zMg_&fp%0KGX-E#`vNB<hf*@Jd^_1r(;{}V(tGX=9OaE>gCkFldX_m|#{BKVj`gg`G
z8LkeM@rrWSoR-XOwg4B~qd29!>gJZb(#MilnC;H1WH<tORX1a>)|n%V#z7%dM$CUO
z5nNh_3W2MLl?<TAJB9yk<7Ffmt9-cPhOzXVW@AfFC1dHSWGp?E3?;o&ZF!4F4TBaB
z6@mGg`BgGE<X4qL5b?cAhS|`0q*^*(4A%LY49xRM_rsnkFvk$>pQ|uA0t&}qPgFPo
zo7G>)hwd=M*{Z%~0Mnm&CC*lD;9lj=d=qD@>4ADM-KDU(z$rBB^5E=3Onq5o8nY=7
zbL_M70^A5pUFpxUhvOtMb++PSs+a}Lsx4I5(o<oM{PYjPW<3(KDtRn}xE8jh4_DO+
zXRCe@gu4*_%r9}an${Sf{>(3NHVX;nZd`>B-T}K!;7)-z3;gQ>bD_t$TVMwj{yc0e
zE%@^WZaV$hpkRozQMNS91LM}gW_b~>fNj+~@H*gx@~3V~h{1y(3+wuASN>VBiFN&M
zRQ^nwSl91!^v|%*u)Qg89`w@wL4|p<#p0uX8SIe4ydj&WFzeK+J2hQfZ4BWwR(nQV
z^4tSAd3aOUpfKmhCWXHPn{LW1f^D@!VBQqA(jWZHJ8^ax|6o{NTIbIZLx$x*tjlME
zkoi?5!!jY(GF$17w0N%X3&h}IyCc?VeO38$EFsP=#Xp!nTsrQb5F_p+*u=Un{!GaH
zjgl#WO{`^(2${cCGC|nHI<4<1f7S(YHUZ2(;?g>d5JQIuY+_yS9}1a|luQL|VlBgS
zx|)Y)Sjkg`aAKVn%ZM_p(-3(uNKAzdQ43S0B4V|8BF<K0IKv9Z*<%HHHRf1DybktC
zfyWCRP?-6$#y!ZheX*=H&!>oU@ehVLo5C<wTZO-0;cRwL7>+@dXPY6;rXb8*T;yzn
z-K_9x*z*;po}VE`T(%`*oz^cX|2){lI;{@n&-O#C(|VQuP+$Yf^Q^#E1m>d@EfW*?
z7X(fU+$r#HDEvpT4=Maz*ncJPYXbkRz`Xfox|Ba9uvPx>=S_A*>B+I}E`?L@=Ozi`
z&W3H3C-5?0s|*$XtdgO>HNL_B7~=k-@?Qh{VPY003~}~U3tI1v(w}v@nf~lhFk5jk
zUFy!UhIk0}3ktLEepz9Tb97Ut5BBdW%$xiD3ja0iKUA1?^a?T3MHCBXvlGF*hKv4e
z55#(GvHCKE8TX`;VRnf1*z#TaLx!6r=M=sM`+bEO_YyH8vi%V2bbSb;|0MVk>+yv1
z3^^H>=cy^fA|lq~$?Zypn=xeyb0eo*VaDb8M#c>yF0oFxQTdm_pIDC}_tRgc%X5f~
z8-Wb59z)uc3^#k22IaYNvRPqn_H+{?E{m5~k0F1eWOl)(@!n$FpzwIJZH#ChFDn9u
z<>KYw1QW#NRpSzM;yYF}Rk*y2q>Sbyh32$)6eshnIjy*gvyT3XGeN94Ilk#N`AUJ;
z3CuREWu6gur@*}eza;P>fl~qx5*zpja~hY%Y-1Xa2z*uGER?U7;d)SG_8E;U1da*Z
zBrxk;%dZfaW0cp21YtG_yj5Vf11+;h;Qaz06qxU0X?cz#8guOO`t7ua1im2f6@mRI
zGcBJdFyGJ8{yf91ajn2{ffowQcO|qu-^<dN@BC}b@3LvUgBbHH%?kqe3C!;*YnfLC
zJ|ZyRdDAjy1U@hDWr48~<j9)>Ti;Vv`jpW>)7FjOS=N~6wKYx%yj0+o#F$%Y)(N~>
z;AaHhDKOs`({cIzWQ`9AoDz6Y;L`&0`_Ve?h`?8gIgr3)p}lC#wYkPYfhz=#3EU)b
zi@?@5K^1?e@ZTixR)Kp2-XrjSfe#9NSm0v<pAvXT;0pp@5!jD<*7@akb2a9-F*S||
zTq|%~;DrLW32c4qQk6rO@aH#8HUAEQUl6!Y-~$4`D)15F@pe6)5crJ1cIe0d4?+Y(
zgLN-V=~`TB8lcmIVzUhQ28rXA3+tGG$5RH(B_-oCjPdSOZq<D(`LX!ss5o)hG#3OP
znyJIL99ZhN5N<W?0HyU?qHvs^FnPF{u7XYdP%IAL<G_+{1>DTDHafqL!9(UZ4nEFL
z<YV{N`TY%G$;bIja{xN{iwei-33CQ~EEn>zDm9-q@4>Ch?*(Aa&Dv=0ufc;jt^&@3
zF9A$GE)z800I<~W0NgAWZ8RU(fs(JP(0<rSJ}xgb-#fsP?+o11FpP%xZ^W!inw!b}
zBf{8KK2Gk(ka4H`5d5^!`S>9`WIj^Jhpsm?F()5fKT1BX3!62WlA|*d{*rG6ZVr~h
zpXCB-hcDvddj{_N5U!2Zj}Lw&-$C%P&5)1xk_=<JsCV%V!u?zD*GBVkT_XA7AQ^!W
z`PgnWA6^d{m0!-$`T;XJHQ!<vU)8PnjwWQuce~(w%*DsKD@r0|G~Zem-xlo8vHg*+
z1eezD^De#<;Cn)G(b9ZdU3>??$MqZecu%bPdR=@81n38rlJCndz7#Uad7gYh!Dp?*
z;MV=J7C`F+ZwDV&>FPcfgWRVnpbUbodUy*!EfcJe#~~NfLQ00t^NLRg{g0c-eIIhv
zC$0pq-jQynli{b!<)2)9-v{4$4v@+q*fJw7z7`ZN<ybCLacRDMVBL2a@o&+1Khh*{
zYe*Z-$T5Ssrx=0<@2Pb=%>(9GDEST`ff7xEFb(lgqHF!eP0q2}k9+T6_T9C$LCbvn
znc9VHm{6h?md6vp9wzVdZ9^T$GP=HXSd#|I-U554%kO77`50yH#;3YASr33PmTcU(
zek0y!Ta(<h_OVBT>()Q=2<=Coz=K=zq~+(XTa$e3i7xmpVqkDpa^1RMdvew1f*nsh
zwrbPb^^XM~TfZrY2R_q-a~a0xJ8L#s!gJfn#b-i6J90;I?YcFq$z{FI7hGeh@#NY~
zok{=%>sLXi^_VcNvyB5uBjoX<f}U{LbCnP^mKy#4xY4uE3F!8D%mTPlLC<WX8H1l$
zX^Ml37N;E?F**XpPCTzgYx=9LsPlb{YGhUG^Nzo3;ACUQqZvEfpN>y{dTOSzyUbHG
zJ~KStQ#71mW*uddUw-R^;ts~k{N)FhWO!P?^HI;|i+6mfe52uM{qjeLzix>wzcshG
zqZ`s%>Kh*|zjZvsc5fW-Y5l@SJ<D<AalWVcD?LZP;?Ef|ae`Q1hnMUy4!8ZctfT1Y
z^M2ce+&oY5lTR6ySve!c%aHIxzD6Wl_EGVZ?c+SHAAV%|W?O-p0I6E}PvW;;GK+r2
zlgdOMas1CIgz%rlRhCf<<vzyKad@uU<Zeg`A!g4K)8JHwV}rl#lrFf9qz@Gq?(^G%
z!GU1!B^w?{*In-leWKJfo6%=Ox;jNoS$anJWd)=sD#G&L@)I<M8-nb-nHh^R>N9Q<
zJ~V#A8_9PTzu)lF>f^>W-&ucEY0&1mXq?%XiNPY8>%nPhoOaIDI`&432eZ$<S04zQ
zp4Q=OD6UGg+lzlFa45FnSn~AZ^9@(fQi3e4|D1D@9ARkkY|B}4b6BO(wwBXwx2^6n
ztf>?QV;OR4%%z0Jj5`))8e{q2OrB|Kc|hkpA*U}6@p>Ag95I)VVO;m&qM<*r_UF=_
zM(2fCpChUOCMRtg$`Es!Am>b6G-Ji(@{Dn5W45v68Haw9FH<)C-2At|kN$V#!phph
z^I_94E-`J&EXKw1pqqKoaaRCyNk^HDxH1*C#%o~86SJHtvjrCo{fV{zR$v<XZ^dQc
zqWpG&p8=+!j5fLqc{{*3w6&flFxv@vSpPJPOU$8>{vlj6^e3K#i~f2tq(8CNvmTg+
z{>0k9fu1n**GB7x)vu)+Z5qlD>oSkf6K1TqYy->}ZJM!UxMZb_wkg9rGXKoW&*JAJ
z6UL>j%Z=@s=`k+z#WE#ch>K<{9oPoQLz`wS8LVP08QL^s$zVli$<U@5OQsb5OpCVG
zxeS<nfO=AYT`zUOx*QU~G~^^^8z9djTr~72)@?)fSz@fxEdEunX(+Fau4}q2{7KIN
zrq?vqDV5Qu0Mmhb!Q%>F_3*;=t3GEfV;;sD>4s3T=D8t^=~*#vjK-jb$5uCR-E$KW
z9*((5kfYL##LFJLS>U5j;j;pd;Tr3t;d*{#fL|b}o?fd+?X!HN7m#)qT_K}O&JJAl
zFu!52{&S<aEYHW+bh$hoh0_JBNp2`z9pEln=|5Jv>Tq|VYJW!umu@!}rxin#CBDnR
z&oXo+H$D6)SIQ5s!lxYQxfWHtWKGB1^-u7F4P$<}!7k2!!$C*isNEdiX6P<&cNgEN
zQ+N#5-Cc*@X#@4&=M2+2oLxU{#ySU>4kdrNbi&O$vb6DeD$@=ipLH4{?d7w6^-H>=
zX@@1xVJK~G{ALA*l(hNxKS#--DQ$e#)FRz_>aqQ9JZFjx5Mg}Qli#$5Z`AG~%V%af
z5Xgt=Lze&t$^hzHFZw7*%zX=O=$@e+u<5?X<-T9JnNk4lWrZsow_=ug2LA(SKU`$c
zaKZ}U^wf6CWlw$qw4dF|&5135siSXH_+-x?DK{<Z^S_jvlU@M30jHFk7Q_GE<sMRQ
zPJjWlw~Maue^GAsgaF##I9*_HlaJqVqG3-6pgm4=g>&zYhLcYKrPu5VU*vL&n`Mqh
zp5>oi*vuo&_k9N6cySIe-q+glFh>HOe_UwaZjX{)^uRnpq=(Y9u<%hMD#Cy`j9OA+
za)Mh7m~b&AdkWdS_=z=7teMLje>JJ7;L(HSqt=bMr$e2~OplhoV#RM-vu+Iz#mjU(
zHuD2(9!++2uHU$3Y4UTHfE+k&k$G!y5P$8e2i82c+LInXk(G689`o?n=c8R#`RixH
zTwr)rnR6kaF&7(Nu0mi~uU<7&adG11Dg}m%Oz&h1TK{g!sdy|-Zb&JkpMT$=gXHAh
zfR-1-o7VG&xT-^1X;s(}E&UazrGJ&}e}n#FIP}))RFTKK1?H*@#!7d#jahCyA3(#!
zFfqfKJTb%B|9S3k9_%^FAC`UIPWf~6qs)D<+5Z@q`5@NkGq@n8KmM%6u|7Y+BBnp{
zN372`a1W52RGURZ8RnZfTa`%${ngM*USjGW68@Zdc;0b3>>P!eKP$hGXC8^Qo*W;@
zL;Z>MSsBiVe1^#~usDIqi5q^)KMDIY3NMAt>Zd&OWnI9Vfq9ca|1Ge~6lOKmC`>=P
zDboo1UWKVM-SpoId%nUPmmgG^esoi2E$j}3IVaFf|BbMD5pRcWwE+|)XJpP1JeQ_t
zcVadbh+6*juvsqjXMIjln0_n^`m^j|c?tvg2SbbJ+vv|(kpAT34J`fX$9kndbs^UE
z3+O3i<-l-;<QW&%18;~5S*S3?*{Xk8bqX2kX4MzTVQO&|j<@Hg7%}{*gOwLxrc0cy
z`XHlGp0ZZD@L)KxKD)ztLUV?RA;UIEto4rwnF=LCwTZK<@DGOj_KeGX6YIFx&hr$q
z1HlkyM=fZVn_4cg46~Uz7^}UJMB!{UBA6g9o<U5&zE9z$usOfepZK!^Gs!|Wd>G<v
z76OdbHXvUI%%PBR8N_T*p5;lL%?1O*<SDZVHscU4fo-*6;4)wuFAEKZb>J0!*^Bl-
z!z_7K8we7!0AX0RURD$g)AdqW80zFz<r60+0Sxo+Rr#V@r^|ZP=~`*2bg7?C*Wy>{
zGA}w^i&Le`a@6UrBv$FJBUb5dCN}U7<{4ZX?-aOK;FknGBydXLL1K(=G^cTCd`{pI
zfv*aj<%PT-9x&GVB!z>*-#VY9{H^mz3R~xs6t>PMDZE0&?G)HLpQL2A3V-W-lJd9C
zCn;>5Pg2-=E~fBd5%-wD|JUb}IB3CG=aUq+&L=5ci+a;%fZ_sM=aZC-bv{X9KKs=2
z*7+pmZ=Fw4_!FN`!Z=A|oljEu2>BJZ&L=5soljEOI-kVB1LiX26~+yNgRS#PS+<OI
zK1pHge3HV}`6Pw;+)|$}vCb!9oTRbNCn>y=G74MglN7ejCn;>5Pg2-ApTxlohR=At
z3R~xs6t>PMaj=I;QAT0we3HV}`6PB|80&nJ!q)jDg|9L$#vdB%e3HVP54C?#VC#I6
zlCjPwDQuljQrJ45q_A~9Nnz`JlERw==T?EO^GQm^I-kUW9L74IlxyQp`acLkbO~z{
zm~m=xl@KU{WGz#S|HN_2g}TGI%khhA8^&iCi;MHU<ZFRD50^HYF9r|E_Y(N3;72|b
zx5M`ku;g0_x2hH(TaI>{!f`raPJ^!uHu>0fw0^$^Ecw={Fj$t+`uz%AQopO<W4h#H
zm(YA)29|tXDh!roG~aHxBwrTh49&+Tt@&O7mVBGw9;-h7$i>ICkgg9lZO!)`7vD}5
z2Fo&9zY}mt{W^tyY-*Zs1X$|#f(nCW8O`^<;gWot1RtBI=5wES*`vZNGJ*M!Q1WdR
ze5e|SF9JEKALm9j3|W*~zfu=p5BMfQg7wR#gVs;KY_En#>wLOJr2a82ng*3F+b+$1
z+j9PExp@H8=i}rSD!!;<Am5)lY_@*nT&d)=er<3samms7i|}Wj;&j05M}AYVnO`n7
zbbf!;#diSinF!a0ax_o4_*SFP*q6ws#|pM@o@2qEGrpXI;~BWM(R{mId?&zn8bajb
zx>@T-eI#Ee=BNfursU}Sx{L3n!gT-OI$!hkyZCsvH$nnsw0>Me5XY7ORq!Q%sb2_}
z<~!r!I|V*9Wmz#bA3t6o`I@jU)#E{_;M3<~bo~z9M86x(#elC0Jk)Qp;LAaLB<<8k
z78>G0xV6#xWkF8rw-tOT2$7F#d4^HnN*5pJbhW%is4Yi3;^K=#NcXpLB}cydTzp&$
zh$Xm{F8SgvzBa*km*9KI#kT`|Y){(g{Bj*8^V=o(Dj}@%`=pDH>y1^KOv%xSvl^rL
zc7Ts#5zCLajGFHYkdxzqi2#OaqjB#il>1|)AM2ime7r~0hIP;DFCeFvb_|;bxfp>m
zl%aV;@!2kq=hq?Eq8+fc9M_iAHLk+Sa6h#fnEB=S!7$eETQ0tDA%JJ8wb6WUy7+p*
zM>+D%!ln5*_M-|M^Xuqr-$Pt&G#_o@?O6$B`Vf(26T(HlJY4Lnl8>HCH3`BrT>IFj
zHIJ;>_=(SXRaf5~n`wPK@#D{Vop}zaK#5wU$I<9XFYko@^UU?@*SV$S7`oklPT;>I
z&}qQ_xmLA09#t7D?#;r-l6A7f#-Ys5l!MIwZMaV7Kgy<lT1SCJ4nJASn&Xp6e|))o
zQl1;+es0ZgVE8W&R|zazwoL6fxB`A&CnmR_*-m~&_|J@|^!Ow)Kd;I^kNg|BIr`7m
z;b-Yf{r;af|MoV(rPIIJeDn$Dm9gq~EWdxVBL5ZfKcob*YfL}CL3@Au#!SzgCEGJR
z+nYTb@ADKlW!KCqJ8zvyKG2xmIB$EI>F@S?%!!`DxM$hk<-0TH`^*3iLpPQD*}Ok^
zPak{McFzC~L`P>EvjelkmA;&jEhlqEtn<V?+Z>7Z?CWX7dM$+ouTfs-oNC5%E&W~T
z1FuA)XN>0Yo>*N~w9oX<_Z5e`Q3R$DGiQb0*C&P%-7GIDuMiaA5Z}u^Yh3hQ^FQca
zoBvd(XLkv{Bh2+F67Koq62Ixw-=gjL6U&8Pre;{g+q0c+<;oxB3Q1SbMg6r~oQ!Ym
z#&Xm&dw)Z-9yf{xJSQrHHcuvQl6rq!snR%Z^oDg@E#F<nv=6AFfy6$ygpQqgJ0$ZD
z4A{)ajRQAuX~~G!mg&YQ7YQ9UoEYsl<JK`E`L-;Mir?^^+H^fdBhlX7F>|QKk+x&$
znt@$WE?*1qB#hq6*-KlNjSS7qZ;OWTVoFm>Q(wf7{j1`dV5p&W<Ml<pN*u^Xbt4^|
zbGI3PEgFpeY1Q0Nu&PXb)_7W(errJK!|!}Y0<*&23*Wx$+e7vF;R+S^K)AdvQu0m-
zj+Dz56)Tw){xLrGj2}ERn(_2_nC(b^_1ob*i*GL5U)DYmeL7`-S$p@=*Y8*!DT!8k
zW`zy;ZSAN(Q6H-Vo#AQoKZsVlpk_f+Th8+ENG8&@8}fphggI}YKT+3u>Z3?bxf!V}
zufQRHgl{=%H*%>*Z#()@c(##<9)+G65BiJA7+79<DQARxe%Up%jhOLb!GyMG1A6jY
z6lTI-wCSTk#9|>LADfNNKwCHw-Q(L)@D*cE=@$b#YQ7TwV)QBB+JXm5=hs-TURe1x
zZ}SwyJzv?I{gsk$R{i%>TeQ<4X>-fczU&Uu&kq`J&hYr+U0Zi~ZjXDK_Qn&z`58;T
zaW%W6YkuBaMSOt>J!n+DyjalC81~F79dCzq<G!*j+VVJhH416RxG!cDH!XN_!Lm-H
zsw4GC*+r|I#yv$}_&ri~3EpeP`yo!fyzf2hJMRBM!Gucn4g|_Dh(;4Ls%l1t=H}0<
z%&s@>G}&J?ZXL)dc}+L|i$)sbEAxfH+UMs??>0s?5)3#$j?@Kz)F(s>Jb}2UbZ>Sz
zHX&G=S3V)7zv#{vDA<PNH`-I<KX~Kaciw!z|EDk8Uyr|*@q>cf>Xp_QCGNdNcUQdd
zFxgY7`fTefS-sy|<Q3nGFK_4>(4morqs*1_y>^U1ujsH!^Jsym<dwJg6{K~pH}p7@
z_UqZ6_SK<1zlk?8lm^<yyDQhPXMJ$&-P3QL@4xbLpg-=6=kMg>oA~%5zM0cJ&QpAH
z+Vogm)aQvdqNy%2&8PK9J-D$lCuX+3cC9kURX|RCvY)+Jusjlo<;<y@weJ>PN3Bcz
zk(_B2<vE@8Y>P`)F6&E0Q}@qZS=*N#K5BRpzWEv1;pl5u(F|YTHxjG2`;zW!uZJ&N
zy<69ee$QysJaG{%X<i^ZUaJP{)=T3fCFS1JX0)$lDE%$;Y4yc55ifO94XbtIxRO`i
z+c#n4-k{S2TBDgL;R$xj`y-=hpC7#n&Bf|fuLVm}i8?d$zh!1(Wrk;8M!d@IOEr6|
zW(5~x@2DnkwtqoWamUuD^4iShQ@-2t<w#xe%-LpeS>IC`I$`9-H7W=CN4;}%7V};t
z@Plx+S*qh)9oC5N-^kjz&=}4^n@{+HWx;Y^#4HY%o7W~3pUwX95AJ-+$=HqW;HbJg
z?wb|h(LeP3!7xXBR<SPU%|^oaWLfpRsnLWr+D{z{=TB>j)l4fjeOOX>I{j_NBQtMX
ze)sLgHH}BEh6k=bS^7h3A%XS977TJ+XV6C1w$fYVi-p_DmKTigC<t%4#8<RD9R(&D
zvg%OHK9BBO)@T~gqY?6KM2tb>z}I?wy^U>UQzjPvAUrWr8!@KV1ZKTbz(n-LM6Jtu
zG0SPAc+Kjpnp4aIU7Baw6Lr<tOs+@8u@EtkOpMQbKDrL$;286X{TmYJG4eQTgQ@qF
zV4)N4J0^xBw2V}6S1{;r=CWsWr*ZUQpNSO2a%SzzcB-lMm5eqsku%@ytcO-}YKKbm
zr**{YrqyKQhYj%h+~&;oqgT7OHME4i!3e55y9s@#E9if#>7z(p%nX+Haia0hH!#tJ
zmzQ4V^yH9hP3+no)rZQxv-7X{j~S<Zum2G`$nl)B#(6K4Kc64Dv$%eC2s)0;(EV%U
zxE;BXP<d|5ySXNk-x*EZYx*AYb!U3^jEiJWE1xzwxMJomym%STE4L=R1sw~Xe7*GD
zw|k2@2Sx6ImJ!2}N_spiwba|C=N8mH=#S)LW=YSsUkG1z5+1AHi1p$%W48CA|FrLz
z5iaw-zHdURE*LM<I!DJv?kO6`+&tlp32pbrynC>Ce$<bj?1*LT7{9e9wX!BvwLW8;
z$FmhZ*ueA^UhtI#%ib>gUULRS#t2>Zdf5+R6SS&UaX(plS&tmnk5FJmaAQ9g`r7l!
zm2jlA+&lI6^DeD6oSN$9Lr&d9JB)&ew|qL@wlnpxiq|(iKc$cJ>m%-z*x$t5Ri3=&
zo4+_>ly8V7BL&eJp6F{B3bVr@u0m4y0N%#iL)P{$aCvo6;I>3ER%`n40aBl*&G(>z
zwMzh{QuA!MEpvI<1*VU>+kjJa##0D*HXO?xsmU+KjmLWs&F?Pd8n?V5R$Uc6I6D;a
zv5STC5{u*E?N!md+1|*#$3kWfenQ3cEf`K15Bc=U_1Sf8=H`-Vlg+~AQLpKrGiy#$
zxjDb2`0Vk_$_cUDS(V4z8j2@_H+(P=iun_TsipZ<bu+7G2IC87b{d-lbM7`LK2qZ~
zGwz>v|FYS}gMqgE;$;u!M{;BNQ@>^$edl_jI{y5@;#Kk1gDB-^zZe-GyDc?0KUgsn
z<0qJ&{e#UJdnQhsY8F0eDKHxfWXzvf-0{0v58V>U9f=~Bk9_TDTQW8iOzj8JEm1_7
z4R|<kUmkCDp6$RIF}JvBUif_52Hilc#pLqv<w$OExGh<p(K1;z%y7t8w8UdqLVd1N
zA5)Bpi6rK7H7sUweL39Ceqp$#a#uZ9qn;ZgzLA0a;=$<N>#vsvqJ7t=mYVgsk!m}Y
z?wBW59VvKyUrxP=)NRk!lV+m&4L`>JP<IG(TlMLhMCin+zDQ22Ay~Sd)rV@!kKAjT
z7tQ88=;2$?INxj4oVt6Mw$Ln@TI)5<Idz!w%gmB_C_i(~U}`Wwhzc4E+HIgbr}#$;
z&PKeb%jtjFj5&nsgW%vy9lGFb>*0?gA<SYS)LDpi_V?Gd?lC79EGwn^6eBlLoi3}f
zONsqK^gWCf)$`FV%Q3zs@<(d(xh_z*cdZ-8AG<e}pDOJ$b1vp|=Xsb@)0YT6<a1t_
zO_<2x#CcKv$kCjc-#uv-POWEitwrGlEAz_DR89T~G^uX~i+>dHE*OmE&zk-h3+mo6
z6Zyqu_7H6~iA3(a@FksatlAmsrWpB)a%0sxq-fy7W~=Uh*1Cc7$u<9Zj3-k+mGgd?
z9xIx$X4iO%k@x<LMY-vL1RDsrAuGVoAeGZUJ)DewVK>mf(?}K%ByT^Nylpr+=~D7m
zCU(((EhAj&!SC5PlVOKZ+VefsMULI9t{GH2x9FZpdStB3&HN>JjeB(5lK!g3{$R8}
zPcKwkFHMa0dBgpB$TlWAwBcl)Gd4y;d02;qllk>t8IE5@B9~g*AwuhLPGf&wG?cG9
z5&ia=Omnnfdv^2f`0_`%KhIWrN?^(&uh5I}!s8qJtD^lu$u&IA%wP(AUT2!2D1KcE
z-a#xeROf|fI23@w(7g3|e>jw%9S$c0(BiGfubi%oR0J#WLp5ee@U^E?sZFy!RS@m3
za@MVp2|Y%oSw6itx8AE;LnIe|Ips5S!8w{cWf$(RvhxxS<ym8gb#GdkYlMmiLbsm`
z-8LMWbSZRepua0;q|G?|2U8}-elWS%%*f<J%tSOkx3AORz}M%!#ZMO3aE>s?)sI_V
z`u&y}8NaZkB@{9zPW?LDeoM=y$_(dz0(bDn;Y(8j^)H5_PJNjLkNQf!k(ud9)Ww@|
zdpplpf~f-Rvkv)+JIsROWm6}A-wd!*1XSO3R-m26i&Jhl3ozYSO0`)^{g#Olxb&i4
z;c>Yci6)G3t7qP|+H4GV<i$I7u3Wm^47V&vwRCI;Bxv2<(zHDuP6a1#4+d8v`8XCH
z*1P-M;6k>^5u$gh9J^i|FT|Rhdr>8?Ikkd}<`iH3=Y6@jcW@fv1>>hVk^0~u?={sO
zgsJW|xiSlun;5*^{mS|+ws-P_>9wiogkl9cN}r2H)whFrA>B~|89F^Iq}AOY?kJtR
zP28AbJ%O9i31f$5`jPu;EDmyXcv{hb^}fD)><rDXjuggnG2idYb{c={rEwNZeq=_h
zy1X=U@A(?jJZm;%_e#wc7(w;N3Z_+>g>OfVMhu^))a)`Lb=I1O&jyPJ7hu%H3{mlo
z1=HV|P(0YpC84#hJ?>i&F0M=D&#M^WT#AHz&esXXS|5rv5bH30S(Mu=SW=*Ar?BK{
zcqj*bKIC^Q^EiI+%0K1KT$Gw~M}6G5FuW)S{ZNf=$Bi??^%I;Z9J6zT8=C_g|3#N5
zcH&0gf}?$@y5~9&YqAQpCUf{&H)ia}iI})|u4}93@6|PDVh1O4LC46{{2+GQFw<cB
z!rE);`t*Gfb86YUJx`l~@(i@ia5<V{ENArnz!z{oP*GkP?i>5w=D2~4w@Njem)G?U
za3Am;?9ih0#a8ay;Sa{xabx>b`Qg+MQ*-l~-Rb6RZE~oh!zKqdCB|ys=_Y)2yJ_Ob
zxFXdtd@5rr@@i(71;Lq5SEV*B@|sUO?SC*D@wRTfmM&?|IaW`z8n5WbXMOdC6YaQh
zHOksF)xPRQ<E;T_`=)Y2cZLV5Xm$0Tilw&d!*<t5=lgvxf8i~DN_9)qhmm*ALNjAY
z6E{Z}rRJ56;CJv;i*w%-I%AD}R}k|#dbS!F4`FHHDn~~lOz+t9ZjV$(L&ntS(f)Kf
zaE*>T1kqY`2-@Q4EO>VJ?cAB4GLoeO$?(Z!XgC?Xl)UpI+9mcOd@lyFBQ+6YT>C9p
z>vFr*8l?jr0psWa&&K|i_Wt;dbNMUfGUe7wWtb_E1(kdBu9KylPMy)J^<)^+o->m{
zU?5}`g!^0U4oY{>G{VW-@WYIZsM=SnQH&|>#Q;`=1yFIApL<D8!h}WHNzu@xj)MHg
z{&-%sxD^afiuT7Hg59@9w!Ijb5P6w7%(bFr;^R1)2J^N}v!wgo>-g|Vf0Yxnu`nDe
zw35EnPMS$FX~qpB=|FB{e+!C1tpi%O=STZnoYAUvI4{zV=#dYYa=sOdb!Ms1jBMkV
zH7%YgfgM)SsCG5Qn9MZ{6w$n|U{MnXwe~pB-poT-_KGDvJP+Rjb(nP>FM3O4TW>TP
zx~;e-n!F9;3HHN}{?+x&GN$b;AzItB&QCw;16>O$P{-XkE*vVF5_lggcm$lN7v&qk
z5B-I8#dR214mz&)XEf(~jvJYI_;+*y{^8NaaRW^le%bWH-WJ?hbdRGO&$r<Ad$ycG
zrEEEa=0`XG>89f}nK2eW{c*eXIO$_1M8Rx1X@p7#LgAC4&~PYtDRd{A|5x)l=kM<8
zv--i*f#j5v$;rdXvP;QQyGKS!(cm-x)f4d*oxI1@>eGF-v7SrYhsJfyLk)F>`&Zfu
zTr&=D|F<ce+dRaX+gX^iBUE#7szxTdt0G?ZQOw}u+Q+9KiJ0i3#jyrFU5IUn`Npk6
z5LzdUiBCEi-M@pzEIZ(m3Reegyo;?s6(Q1ToJMz-og=!-yMq>o?u&u2)faPAU$ln{
zq=x#c%$*WIpFnp(sMTG@nYq?DlG|}-&}zPUPTRV42bz@VH;s3o)u#K+z7n=|ooKj(
z{Wsh0zqgpVXd;UF&M9{qnPE@&Tdsb)<TiB97XxNERLp)WM>VR6&=L#?;n1B7%>tuU
zX11OyS@gOO1SU52cL_Z=7DoG5ru96Dg?yKzXJY|-d$!%%N9)-EJ>R}Qx{uFv_3?eV
zRw1o)5+9y`LP7#g|319r=&T$1d>HpY&^g`bH)5>l5@SW{E7_54t^5AB?C>XV;ffFu
zMSs6E9*<w0_B_QHLZ@`g1hOy=I5Hi^Q2hkQ)qNYfZ}TK{+{|0qeY+>JBNx(*v(RvJ
zT)@Tx+&B$4*1!Nijth8F0hvro#!olL1>WNz92)%_2L?w^r-5UI;#JS|I9^O02u(Q|
znmimTyA&$LFkz1u&YB0$v#cB9Na>WoA`TILJ!=kUTaPp_bz02`eew?6F*<igJ;QQe
zkK^4aH#*yvlg<1$YQZpSJ#LRr*D{<@=tBGG5o2%wxAxAuAYDQ?J{|s#;}z@h@`l+P
z<|kv$2wuLpH98^EaK-qkH-cTC?CWOE@to#qo)fhV@j-9=tT)jRsU7-p{tv?uBX~BL
zdM((x!qa+n+@IHPX|TQnRf(M}dsLDec_WSa?S0;<wMKiNXXUD$_ct!FT->nf_~m8s
zMJcmr9#(&uErY3*D^kZZ&ie6Gr+5i=a%OTTr>Qcd-oNBHev$WWy0Ztr*>v20Hly|M
zwZU~C*1v^1!Fh)2AAY}lLiY8yX8cnm*<-w8#5VN$^f({eppmvCi*LLK=rfYH4kU|C
zCMOOj3oj)Lu3^zNf7^q*ihfc!r2uzJXI_cy>S;t$yUKl?+lqcrP@k!{0gkqCJ>tv+
z9f9h|uHGe)dlN>aLEm_0hl6E#DsDFx(2Fu-4Nm+x9=_D)CU(WPX|K#W+zD>$-5zu9
zdCL1+m*hlp%e|2q<sr<$Ixp}Kn~~h?aCw8ZC0OD~Ep3S3<3)`n?!{B0^1ai_P+fz;
zs(%cczW1It-maUqD96k|!ymdwtz^nyrcXV8&@1Kf1S?XFsG&OE6IR`miqB0QH!kvI
z0lopa_T|X7p6$33*gGfO`SMz1kO@Z`-r9Zz#S<84_r$h|lHaDa)OMu5JA)kwr(g_Z
z0{^?co=86`G16~@ZXE~}oeWJJ4i#Ps6$JWMazEpskt`TU22LjPhm(0f{h)mD>|GIK
z1o_&4TeZ+QYwuh=6mQ*lYj~e0v0>gmqj|X}<ZPpFD{7pG&G706lMjZvXM19c+kDxR
zV|bL}tv3>(s@18@i#N}Ds-bI2U)S8emCI7ak3abbM#~dHJZ&hhsj3b=mH*_|@K}b$
zi@Rvt!7qr;#y;ewBUclCu@yP3!Yq8<+N%E151TIfj~m5j7v)C0ZTZV9kB`*lhx@#*
z*Wd=q6P&(tbM>6p%{!i~^O`xa<ec!dvz0j)%|vM2xhe5bs0|O5@Lb091sj7^52z}d
zHfRRkgS;{4?03T#&CQ|MwyJr3)z}Wc2M^3r(fpwcGl%8|=T~F@ygZ4|EQZ=bn>QdI
z-LGAb?CLaPi?J6S&QI(r_v3kjv11!%maUC_)<%xnFJDmeWcYt`0M`$FAHg>HF1t;%
zZR`DfrD`9jGYs_u%?5VD*(z9zMyOyQ6gU~m9}eYR`5@5Wf<@fu=N{Fw8|H5~o)IZr
zj{WWoXR>VFozMG9j4b|XrEe^LeV?~{F)Fcb@$!8JIzhS;lSLaRm^tr+F6JB!d1BaE
z&knbRmhbaEgeq)76;?-P1*i1I8WJ_}`}$(zSa*2Zu-vXVtZ5f4d2p;cvvxl?%vg1H
z)+ioioo&v4vf_9olt{*-eNf>9cc@aI$v;sybEslw)v4e`qb&sb(B@ENG4|h@|NeSx
zLz}PM7ppOi&c&OPY}%f#Mr^Y2LBxWZN5UUq64T|%#}6A+xh8wpq{|i2whTb<W=|M+
zZ|~|4*gxNf4Wq@@a|UcDtNXZCBmWI#cXqNl<~d)TNS<iQpTFV$>8H`E@WdxMv@m~u
z!~Gb>7vYJIt%=wNsvWv;umKxzjd}AYq+YYOf(C<;dt(iA5Tm>yv0=ffNcDG5Mv~aw
zNM1DX^WkU$;0;divz|jV*o==FiJWOo*r3F-h>SVQuuot3h}Au2&T0DQfLSmV&DnSV
z+z>~cyz-n>Q+^5?^+&K#zu;_a@vQ0p1Ir9gEa#i07>#DxJ5+W37@_cBFei0HsfDK$
z2d*WOsD}N<(IeM&{xOoOlF;_e+NiZxa@?0N@a&<uX35^`vnJ<9`+j|1Y5Lp?x`dwB
zP^6=t%Ln@1^G5mJ*}LZVKe#Qt_xkei<j7vM?OhT7)USCfebxh@K-;!Ne{5G|uU$w-
zYfyM;ZCed9vaQ@3+Z*%Eei`j$10DiF*q7KA+kl@@pTBq>J4j-0q&Bf(s5alKkmTv=
zIcFh+O}=X;?&!|vSi5`;R$V0RWTs6w3*WN}zZOMb$f8%zNUWl-v5Nk+VDa@xgH`x5
z{xY%QU&><JFh;(Slh{z)G=D>6L+s^Q`;6|tzwWGWq9N14vYf{n$MqhYKM`&#ZCRQ!
z{bo^1^Yif&n-WH+@0XV@`G$8Rifrn{c`tewWw!72%$st{BDI=8m(Va~{-7Yk^mn7w
z7Uj&h>LPvCOgvZO9^-L57KxTQGo`f}o1pL4&KlNg%;_;_on;UX*SMbUu-}Pw)6c(u
znb#1+2DMXG|3UkgJQHy-y$g#|H+JQpH6jyU4Bv(&NO)u@nm?yLyGB2r>E(JKn+)2G
zt-d?5&vxU@_IlG<8efQF(W<IqijlL(Ogjg+7oX)3sS}vjMlFm{KY{+OM)J;q<fl$1
z?-)*&TuK&~zdQTo`MZ`R^VarbjJK7$W)$tdKOEu<x+#z6#qDJkbEkf7YP7Fs>etGn
zdk3a|?XKt_+&cAZmDPA5uylsGv3wf_bB|d%dmGQ+n6>k_VS~bB-uK|POsv_>*0tL>
z_?qpI1Eu-&>}`o{FRu2P%O2d;{;j;Vdn3DIfl3A;wTnj2a8d4Dz38f((46g!ZNpi>
z56nAwgzxO$<2moVd3xLVT}N|0sfzsAr>4!YV;(qp`b~^{K2NGLU;7oGeZBI>x?dN4
zt3FNJ{ZF1^%-^0n;-2u{sTGG9H_?CL2o{Zcg2iq8l38uLVi_Z)`NiSJz1OFf-5c(^
zK5Jh?63_PE?8d!Vq`xD8J6R_RN@Vt%%_s!n2b$q%1HQrYCUjej@9(^ctXd3KzSWor
zsqIy<{tGp+UAo)C>*Vydy@_4*-pIRl9^tjG5=(Kk4iT>+u{X9W97^vWw%=7^CO+Vi
z=E1$+{MH-q)|<KvK(M>q%m^n7k7r>0b}1PcP8OX1;Pks!b~Rfk>Tz4Ec2BUWm}sca
z#g=<}C?}QafxCF{y^6B~p+YPwE`<Wap@QPdH$FISyz?$sU?H4%tw@FQQ)lwO`@Kau
zvAwzyS_7X-G$30!OTdG#OYgpeJl{HoR6AdeWb%PuA-2=s<(^&v9tD<vfG2<h$%(;%
zU}LBtyQwi*aOTvKP+>=gky-0Ol)HnIu^59;_Od0(!jge-63fm&)m<5Qb{0(r67L3U
zgGHrRaV)5SAKZ?wdOA4s`A2+rVmm^WTI;|>s+1QBDxCroo6lV@9_-wfx;w>Y7Tz2C
z0M8L-fAD(I6tispyGPGl7qPbotPFYE-ei7^K=B|}%cj}6?U9Ppkq@x)TjZT{uanl2
zywPdx%QcJEzH6Fqe9-(lwqFL4`2(Sek#`#hKH}r%c<IxPq5Sy0)o~oVxi@3h_BQMc
zpznL3tlbD&FJ+G=Y|QTbV5B2|?FW%<Q(Ny`gsI9&dw6`JAsQN=&S-Re=gY+%YhSi{
zqEY^G>}8}juk`oZ`Uk&ZXR7l}R(4<<p2#{$X5vL$r_!;nfLDS?x$`}z-^Ct7u4NtN
zzGXM}EzvBnAAynU=KB)}A7g()H`k+Fw4px-XKc0eUVQew${+RqrqhqjZmiFSvF`20
z_p~RV7Aj36bmu_mQzt`r42McCg^G9gZFTKOa8DrO!@zqYny<&u!2urYOm8KM$1n03
ziBa`^XIt>XfbJ>j$1=w`gYo2%(>pa9<GI4VE^9yacLtJQJ(>K<aB|P3<d?(A=c36k
zHYR(PB!8nl`6azW_VHtIIJpCZuvr>~Jsx9lBkXY)gO|X@IfmAD*x0&nryQ2OPeZOT
zwByCqeiMCYhqF=K8vS&8Xh(KOd-7Qfjzw|LrM<^<Plk5zK_y1pX(78B4m6(S9S8ho
zIDW;~U!U<~ho~|q^Sk&Sz@Ygl4zWMl`(DNW3h&F)@y}u$i-tpAIx`Rr^^Er4SXGVT
zGx??NOwdR7<;|%MhkEQ(5o`DK2JEaQztqUn3q9e`b56*miqyCAzuAv-JNm2w6S?bB
z^0`Z)XNQx|UNlaIdN?$59@W*}+BmgwU*7!<*qg)Dx+L@^_UC~q#XtJz>F-<$JvSVB
zw)k6T%}dE=FNMCuF%BOO;|O;g2`w@)#_RmFHkMgD(5cc)<$|M>E%gMF4!^0Mp+TKj
z!q`fb?ofN^i}nb(n~yf0<q)_locv8RgK%=^aicM`i{sy}3;rdc-5mewJdD8s5XWsG
z!Vz$HxUVFf+!YP&)I;FT#?Z4I1Hb>T?lEw3^i4xIs@9DKT4^YyGQT~LIeZ=UhF0JV
zh0)M+7z?Ax=Uy+0nq`g2XPe)_xaE;l?YU!6@!>S&OcP{}RD27yg`u(WO=C{Avs1g<
zyfNOsY_o{%&m2fTcl2+r51=?g&!$Jm)V<XyH8eidJ!!NSSvRt69M>Lt4x?i`iZrxi
zYHJx3K+QQC3}oCG=cHea=<T83e59f`8u|^V*0B4Ab0B#7atjBw@%YDi6Yfm9Gw8<V
zFWd&*Ub^XY;$yc0ZSbsNx2|S1atEV75kHImY1!d)e{tG0J01F5Fr>%B>+j9@QDu%1
z`kjH$S5Jn%G921-DfH#t`?~a)C)UUpG437rxBOEuT*ikSnN1$<$Qn40=+L(g=b~q!
zf2g$tR$~KBVC4jCqU-VOqER%Qj#oJ$6TKEQq*^<iHF_J<@zh{gnR9fi=b>B-vpi2^
zJ-xb7#yt8dkFJ}JK)@`rA~+96n{RcFezv}X5lKyn*hYz&FBW9S>hLh<`{Qu{n~xe%
z@@B!50&j2lQDZa>DhfMiE<ZF?Y$dx+B8+i=UvBN2Jh&|qE!r1|R39@UzG;Jz!q@ki
z^`=(6H5$Nj`gLrW%=LtvU9ZJOjd_Xcn7^$dk}<8cJh^$>Q#k2)F()%Dwoi=UlHh;f
z{>kEx-#<xW|0I+9CkgDIL~7c$VYu16xHDOwfmZG5dZ4c@<3a0G?<1uj%-)8{7lo;O
z=HVEH+DF;ExcBwSarXF({V6=BJlV|6luXF$-ITHSsBXA_-!*$L@82Uv!gqgE?FbZ4
z-H)fojX1zrmS^3+<2J%h?C1=qm9{o!M|NS)7q|R#%CI%!o&WOe#n>>|&|Qp8$zU0l
zk>$8ok8C?}vM;tbQWM)2|4Ax1qtE>JyJ;VNuRboZD_rJl4P4Rv=;yg#cil^0^B<FE
zHd@;!WY=k0w7J(`Da50WTxSh;4bx#Zs^KA%-dYg8jkgpJ)|-x8s)Bc<i*lT^HV_G9
zS+ShwB=8!}<N*;WG?0N857hwhe~5b*I6J57|Noqsgm4BijtB`(Cc%UxB0>hiBqAb$
zh#)lNHWLZCNhXA<CTXf@RNY!sech_s(rW2NtHfP3t$WeZ#{I5n`_+D3`un`sv(`C#
z&Ybx5`+NOgum5_@I_tC7^Vw_fXYc*&XFr#7W_F!!vnOTLb<?ro^S~!{A2*UWxS!O$
z-N>Y=y9c_8^#Gq}C6&A{G`sGF$Ub<pTK59{UPksE1nvEZVH?LuUKff18#dMANM8^+
zARKQGYZ<9`QT+=dddVvLj!2((Z}{5N<=I6q%-GvF>35&1-bsndecY)1^6PSYrzhsV
zh6lRy^y)uY8FqSZ#vPO9qP~uoy^~(KNBhCX&4Xt*>KlUt2iwKJH`_b<4?Fr|;^3%*
z*2MjC%NnNWyL-)>%x>&9uKPiE=AZk??8b&e4ruOPdUwqm^*Y_;4mscreHD;zH0s`i
zVh-Z#dxx|)cVGA7nspa+Kg8|`zS|ShSiSVW!E&8|FX(=Rf2l{eQ^y=KTVK{_diep(
zyLAJ*4X)Q0eTJRZ^ucGgVbW*s=s)RbKjS^G%6?92XdX1XacFbHt4$j;k8G}cZ5aDJ
z$cBoyv+c9K%Mn9I=c)d=Wt-46+UtGC4LZ85+aa@B>i2$k-ReCK8Lbo5Q0<BuY6Es<
z@0Ovf_o&(veKYQrmTgB|+r3ZIx%$ddi(abSYZLCkG;Fb#zU?)8i_H!h&8cRn+K)Kh
z^cplE+52Jl<WFmQKdMwcf{w3iuIn{gU&Up8)MxjduG?tb9(u7<-*4>p@8&&L&(ynV
z<5)N}bmJ?3M{Yj2`-U$UTPF^u?t5IVU1@3^Gpg79pKkKrV7+0=IjVZj<XM@%yjIuL
zmeV8E@?pyPe*awM@IQLkW_n+&e5C63K%<V#rn~*TO1hz(8hE$8y;~Yqiqo97uiU77
z5?AWl9+U3wdFW<(d!k&Vyg%81N9aAX>ABZM-IEuJ-<~v9zehG&i;nUO{d)QA+Jt}8
z<9(i|DYk97yXoG4Ki#ycURWvzJ9^m1Nicm$t8t*7t9wc1ipSBZ=hkX(orr2b*V1@A
zUT2hCR?ql$Rj2E}cj|TBUT>EXnq*3YuGZCd`AxXzW;W;7uA~Y&-{~yZXRU4*J$UU?
z>iw#B%DOx=cwYZYitZZNt<ax)(zn*>`;rX}T2-=qP&t)S)=ttW-1O{Hg#R<ESwH-b
zzGs8xQ9Cxyh#jU!x-04mEm{?)WrYS-<>9jKd5)&#E5k!?Z8kNJTK!`43Y{!hw5<5B
z|3eLpO$*BBQ@takM@)~8<tSIxa{t-+JKMQq?@o8`f$`eCvARvzb^m7C{;A8o{hsGt
zoY=u(J)2i(@j7;7xlTvd=^ZNX@y=83*?W{<?l0{=s#F@#t5NS!?>%g<_u~?1;0wL#
zdZ-EXT|zHFEmpUoD*D(1y>jE;Z+W5l?rb#3zq0%2ewz*Jw`tF~5hI_D;r`Lsvm5o=
zUge(2?7HIUyGxbRoZ5D#o*y?gKc=>QtogAIo33K0Xg|+<J3^Fqr1^zji}P8@YI7}{
z9@jEUZ7x@KkE7Q8{A8`K_Xv*oq+9mwZausl_NDi-?|19)Z^<?5kwt@E^d5MGT6zXC
z^;l!Z>qj*G{?lRCe5$ecz);;x$x45|uGc+<LpN>kM^bhQD}U8rw`vb9f1OqJY|aha
zME}oijb7+(Iy6@pvh(0!`nvdx)q6Ay*KRfxhYm043$){o*mslWQCWC(*ayAz*xp-T
zG4uwE*5!JKwW*)KOC-*Vy#{wnIGgIV&R$I)QmydbbZ8(QdmGSRJk-|A%v!T9r<qy%
zNhNB0N2u!g-S2cRYN=cM#J=6iXRop2b?`K-y*IvpIaZN$y;B$ccJxKMXexJ}#>I=8
z0tU_)*e?j5)RngmT=C9kA6}b(r|yRBnsw8u)0^i<>y0bEH=)-6%BMg^-bSx&ugB$j
zWU+4lHR<rvTjeWWYn+kg8MY?PGkSv!G_iIXkd1{jsbVxZ%WeGeuyPG8oOZ6f?YYIx
zqmFL+$WFRGDs`u;NxL{WcCeh88*p77JXbxdvF}yuUBE@hl<Z}|%0Z*|<kcb#<&y`C
z*6vz5`uLb#w?kIBWbyd%MThe3mU3Tx!n;tx@+HD2b<YhmRuWj}#s%dLtW<xq>MOub
z@BQ$c=@W04f90DV`E=w<94`ZN!#2$gdVHsgH|q1Q4(iSAn5rANdDL6?DRP5Gf7rBL
zKRq+38{gDamoJryvzxjPyKkL_(!Sk>4(&Lb5!Fp|zAo{N_ONKVownGJX>k7suYL2w
zoBHdvdU?-39<BZ;x6Io!`@B1P)7;S=|5|-tl$wqI=1o>#tM41CUnrs0_b#i(|0i_^
zuVAX4-GAG-&)Tx9eo>`C2k?Z8$2aMl1uF*DkKH!+PW`ZZKOOnvh+%CHZMOEzhNf{V
z26of&+q~<JjolkIp|pl=lch#eH+_LlH%lgIh0tl#SH9oB0nZ@%JpWMs=+)(S*84o)
zyy97IrRW_wZl%;5V9M6zoVwSFPr41e@6(YlkGQSwfdRRP>Yi&DS=X|n=>SavO$X#3
zP$P2;myf5TM{n5NZ+7FRgC2L%z<yfyt$1cd!=?}L-Jh)9<trymOV`He*ZaEkSxa5>
zsGa+(*EIX}c{kgSkN4fQc|~4#ZJ2xHFBhjN=`(j}=x)PyAHK()BU<(vHTr-t2aY{x
z+`;1ynQ-V~hfh3W(vg#oI{KI?#~xQ&pUjv!tF3+ZiF4+jbn?9U3l=UqW$}`ZrKg^@
z?DR8s;q_;P%XV(z>Q+dO^DwtJb(h!vahhH`%xNOF-^<)yb_eM|=`K?8^Sh4xej>m5
ze1P;I>A}*&rAJDSmClg1OHY)ZES)bsMfyeQm!#)Pzbd^{`c3J#rPoQnE4^8ItMsSR
zyQFtZ@0UI(eM0&d=}XdAq;E+7Dt%x2ku<M%<+cM;24|`*rCUq;NOzF#E*&A=OUnPW
zK16zil;6ocUOGd1qI98jsr2*GFG~4;(C16J%W%2$I_Y<$Ka&1f`g7^8q<2eyBmJH9
z5$O}szerz`z9s#e^h4<<(v8#!1?jfZ{!)HZb$97r(tV_(q=!h4kRBsFRys}EE}bhq
zS<3H{u8@97`W5N<(u<{+O0SWANBRTlt<qmh@0UIzeOmgw^d;$Q(!WaoA^n#$U$1c?
z-9oypbf9z>=^oM%(tV`+N)M7AB|TR9Iq5X%eCa9DCDPNRUzJ`U{igI9>Gz~JOK+9l
zE`3n?Tj^ucr=@?9z9M~J`VZ+x(odut>Ri5&bTjGJ(mv81q&rCmOZS%^AU#leu=H^0
zQPSh3v!rvS{D$cY=~tx}OTR6>PWnCRkEOqs-YtDl`a3DVQTmkh1?gMTPo)2r)^}H3
zqy_2b(k-Q1N&855k`9#aDm_AajP!VEyYw{a3h4#Xi=~%JFPHw8^t;j@NN<+jD!ohk
z8|iPQk4PVrJ|+E=^fl?<q#sE)+(2Vpy18^K>Gsn8(p{vxO81qHk{%>ISbC`RNU3(i
zM8nWT-EI<THF>9W_4fat{!eXGJM28KraiqD4*&nnR`dIMoEEo{KX|ddXVvy<9%l+9
z@<qDZMw~$zJy&we!(Jq|Psx(y{ff9zZnceaf>&MdlE;hfkw5Z<<qa|<cu}v8%$>W<
zZSbSMVWZqZ&MUbMf7pm$osKxw`Br<J$QSjT=l)i=5ie}`gTFo-?J>sVL^{fgc(J|N
zdE?v;a2vcRC)$sAafqdu`iGyg0;in+EnZ(7>K5@^5}d|Q^QL_ICGw{H6sLI`68`%9
zDJR8gS%Z=|r3BNiQJ<7QCGoGXZmEBLIIT}w|Mj&=TDO#+#!q9Wn6VQ3lIBhKu_NK!
zmf$o_+72mB>pUpQTS{=sNpV`A_4(7X))#YiQdSx>-S>G3r!~Q8xhYOLX`KHAr~NV}
zDJ%7-^-Rl6`OQh*aS0xf;52Vqx3qsnFaNLc4TU-FVi_0I1LbG&o231u2)>Z`-^Ppw
z@?sG<;LWAvji18D4`%s~zgddl2h$Gt2T2k9;P4N{DZw8Sb$~-1ut+TqV+IZufdh{C
zv=dS*FYQ2H>_$@Ri6XW5x*=kGECL72f6*adNgC};+j0qnzeO7HM+qaf;_oPbofI1}
zhbMS+f+r?ezxq+;&l8S5`hsxO=PY4jQ=jG1K90X78=NbJsW+ToC;mHy2fF{Y#Q(bR
zZtmw2DdKD+u&4Vc3P*joG(u|a`_A%HKde@lR)?Xo(QbPQBen9fFXY7{aKL)vVsUnm
zjq$*KAhqJ`BtLPmNG(n}2I4s4vNraevCZpkwBaZzLL9JG+vXoDi{J-y*$kgcU!+#K
zgXO1gSjKd%_|z@pM13a9$0a!aCDQPB2uFQRPyA;HQx5zyrEy$;MHs17H|kFwECL6N
z5=XzsSdPgYhSZ9~B?ED=QBV4f`HeW_jeaZ%!^MvxwPH5Q4-bpf;-vi^<-(_5iTzpq
z!ZA*KY~-cBj6MA1M<^E@V`GGH@R=W?@5T#nD20236sc8b`jq%#;q;U0zlB)d>iC1*
z-!6;52k#@LtgEHbUpEUQwaOhPKjmT(IN)fj<Ar0tn3p&XiO(2A;Dh7Xxkxzbe4}uT
z?K^~{KEDx0$P3;~O3Y`Z2>y^bcMykqVi7pt9i-&lOB(Uh<56yth%-tl;$RWtfTPaG
z2*>_T5$4=O{5ettKA0HjNzyo`mI@<qLZaM~9PqKtQeuviM*B<^X58Zck~HeDN_eFE
z*T_a&JtB<MDr<oJl!cAD?J68GnTLl<DXUEyF_}-0S~007F|pmG<mI@C`MjSnQY&wa
zX>8P?BphRgzC*|hj`;iHl;8)4e-us$esK5?#3{iK4*$V8CHO<4U+8!CD=ZxLEBd`z
z7{L#Y_S{`K_Jy{Lc1Y_iw@H*m49dbr-5P{r?9rwO+rh!v5vK${IQ%=~l;8)4e+W(q
zesK7!k8$ckIn+P!p27%uL!$mIa=^nzI~?GoT71SWd@KS79OLZ}oRV63OY)N!yREcI
znzk)Cj{TX!2ywuipWvS<je368`HnbsQY=CoFy{c`Q0KtuxdS}FIj70ScvvRP7$Wc2
zrSviQN-5<K|0-$p`)$I}Cie;>wc3QW2>G#*ceF49AKYKsByE=>_`%yr@iVv7N%4PK
z8uk3PaMYi=!GV9ZH0t&vVWd{wc9EYvVc`sxM!EEL#GfD>eL7bdsTGrXikR4#E7D^b
z9PKboIO0ziX0D<BUzCP_xiH5M{u`tS<${BMzi^yG$+&~k@Oe~#zz6q}#XnX!V$MrA
z;J(f|N4QRyyypoY=zbmt=+FF*3Uqh>Q;Gi%!sMl_XN03Kczl4=YB%O4@?a4-;8?4S
z6OQA8F-#~plcoKnl*PF${HF@XdH+J;IL|Upf`3=SUn5Lh;%uQH5vM3Xz3}%Ej(thn
zR+~&>&Pm67Ttn^c9O?{?zB^Vp_Nz^Jpp>%Cmm=`Ndr0x$BSr9o>!kSalSbX15JupH
zMBUc6&WwH^;~B^c9v~(D94S&OCi5Egz#?$KjZ*R+E{*n_D9m~b|BF%tJ~;MqE0H<I
z;4Dwtf2DB5yd?2|Lpa*)E@Ayy%rycrKJQQbJhrU!`20)dqGSI3AyR7}X<PDyg~K&v
zw0TK5%GyDgP;fZTVjiYV>ZR;gtF)Wrw9Vx*iT)xM<zf+Hf+HsL{KisZj+G*Cz}=<z
ztLHJ|;Xh2ek>g`z5%Pva9f(gJECL4{^H@n3!C#Wbeld0s{NV66<CNeJiL%x=mLl&c
z&rmBb#~Ss-BDFY-F*w+gly*2u8vWQNjMU1@7$Ywhsm0k}emK||1Fgc_N-67jY4}eN
z?&<yovN1<}UKptrzgd3bV`B_dmlenIRB_VvIb)BQXG^IIdZRS<{pZ36oRH|3o#mih
zEM=2-l9cltc%_sv0bVVQnBNjcYQ<zs)Jd^%e};aE_SsXI@`yQI8u3pOMu-WHIpIv<
zm`nd()=pa}KV`92M2HWLemM}Qq}IL+lb?OTB5=S_AI3FOD=+IA@?sG<;AScHX_ZDD
z4i!e=fFu4CoRV7cIo}Y!`WzJFC%wi8Qx<&2CsHdW;~5SXfdgi~Ymy!yMQY{UPk!=Z
z5jfyjFEJOz7+}9>3t}#kMmu~#7^xLMJ^uy=U(AQQ2}gYTh;c*wA4(Bof@6F>j#Gjk
z9C4l&j=KF-n0bddpGf1JvN;7w$P328;a(*|8XS3d60URqKw;_t|ImaFjyg;dj(K>F
za2$812}d2iDy%;%Yqdbsfpcj1FBPB<D2vxUq7JO<`n&(1!m+<SMNraWZ7v+g&HysH
z9~^zUZ{i2XyfHuVgJZw=7qk%v9DZIE2|qaeXC{7d_*W!;aQO8?WjPKw{9hH0{aT&)
zFHHDg__)52_`wn9Tfz~Ce}5bPYZ5*<;@pt<!NKRXmx#l^cMkuL6F!(^layCvIL^WE
z2uI#`h4p9t_XJ|hY`{rD!k7q&IsY4SkOzyv0dveWNgt9T_`y-P-{F+t2S-^i2~!;Y
zSEW&(*M&Eb67yZ@7{|k?yaYbDpDcNf6lN3t$pTUCu{b68!7)}(5oQzq#R5@ohcNY_
zT#lE1jxQ5tF2ny*;W#(3ZbXO!j&gr1%qIM61!7KqT9~r%KP%i%mYDw|jNk`HoPP_m
z2|pR5{=J1G&NhylMCmIW_1|8&pM3aRg`@t*3rGDI2qVM?N4ZOcqudVRL$$q0dbcnF
zA3R(ZKd)FtpB7Ys$lD;yc65laXqI=V@L=~JFN_cq9CetP_`%^nQ8?nyN&LK`g%AfE
z{KbhM9DZKoia5&>{}&QIIQT0QKREnf5so<LB>wXgJ~;RnC4O-Dd6f*I{^0OmnfSrs
z=e08gJ{Ujkdqd&}2mc4cQO}za|Bn+sIQTzH{NV8aN;u-&k@)XU{Pze`7yA7^;R%j=
zb`y|LXK=*aQaEDv5{|sRg=1U|5k|-x67v#kLh@h{IN*rCt1#Q~bFQaeDA)H<?quOO
zSI$cOZNd>}t}sFzaPXJml+>zQy0+O^9LgOhjl8UFkpHjqrq?wQA76hdb(kV;cD!6R
z)*D|-@Rh=wNa24^icnARMpFDgk;XO4J;HI`e@YmE53ZBKXN?r|&+Ed`zn==jg|mS=
zB{*FBBWw$aejgwQak0_1LxdZp#A%gA|BezKD8+x0G|F8r9Gn%xk@w=ne~IvRQu4CD
z2=xJPBgMZ~ir@$1Lpgsj7Qww$P_!rai=x~e1)|)R1dkVvdQKOPyz_+-$^ysu<Xnc}
z2Zx_?8JqAgOZ;EJDZvj8KKE4+{NShq=RpL2Nc08kw>l}7{$PJOrV#kxQBwSuN(qJk
z8`8M<_0t4DDI8<+Md4T<HY#JR4QS5;wT+m(=8O;%yp=3|&gpEzzf>UVb~#Q7esJvj
zRf!)QeqN2%RA&4egzJQff1_}Wd0v%9h#3;?(<}#hu)9mi`#C8B9~^#;K?FZI+UI8B
zBc$Zzcp)Afb}){Y>g$Wx-#wDLfn&e+PW<5T?=Q?I;<pM=7Uhl>j=Ady2okG92FvgH
z3|E>wSOg9@`ms$o_V=5@u`ibkm!y<+yEN8L_X)@Ne@r;q<UL`kLHzfnhe*jgQqJg?
z!#|^*>%0HCrN`M<7OAz5gXO2**cfkP+y{TGH0BNV7r_sXcDMwm1V1>|X+IW@eZNCE
z=B`(Sca^e_MeSG7ar0;FBV|!fY>bmp!U*MpWBxf(m{9m9OQWwjCnESmVr;j{L40h?
z!{db`@3F#2t-Q>Q<i&DMYLc#$Mx52c5$Ch+9kCC@!AAW@3&$KXQ8>o-Q3>a0;btl2
zo+XWP&k>IC#(ag;sz1jq<zl1UslppdiCMjt2>;0me_q00lK49k|K}4w_a`FGmlFRf
z;i&V4!aGQ*!_TA$^#{i__#-$a_`$uT@EKzWesHrC|0e991V4DREPjr!*mvHoit7~a
zKZJj7;$MMNLL4xbIOisQF!wR>Ka}{v$GD$soS2jK4JCW-4*zq)WFhWUVa753TZH2{
zdRF*A_islK34CxIvm+BfxTNjGnVR^)d%B<Xyuw<XON0lw{}+k>m%`)S->q9^9kq#Y
z)Ol0ksKX%P82|euoRPvYw#N%cxf2rqal#1u1&%Q@Bk_a7KPT~nyDK02J3sM*!@oH3
zgTsHCaO}&n#Q%ka4-Wpy#19VtSA-+ZIf?)Lgbxn>MTs9A{%;CLoXZmbw-f(W!n7g#
zd$n+k$s2`Z9=_E%Z2PHj$@zSp2Eh-Ga{rk4!RmU8|9s*H2mi&y502yLe-c0CATjr*
z=b)%(OGdH!I4tw`lY{-l##}c}IOYxJMudF{iLyA3$cshbfU&e2^BzJP9R4<(64K!C
zGw&g!!Qt<~DIpCGKl2_!8r)M#xtt>gIKD+T`kHfSoY(FZrtajuUmC~POTxi_S(tVq
zW|N%3A0W(m5kG5b`jI$i2=C?oTN6I_h!(n^d!B<FPZU1HarON`VxxD86Y=jB-pT#1
z3oERZ`-X7Ljm?nV4~}&aUt<eD_-G}Xq~8{f@pf&(0mpgav##+YCfEBBhp+dB9~^$Z
z0vB~&oA~)!T=2oc|3l&jhyPE)5$CzY|3bnC2mjT?4-WrZi60!}hp*#B{Evm>IO6Mh
z;qM_F{w)%JQ8>nDU*Xs<aFp9mIPx-|H;6=Ev<OH1y@X@E${Zf&;+et-WrW1>I7to-
z1$*wsHaPhDNQpmR8u1qh4{-lQvIu-|_<x2|f*;H=Li{JC2!3#^b>9+>_2kFG2pn+i
zd!7nN@Pp%A(?dA+w~sJ1IQ*D!_;*eGLxrge`!!5B&WWRh5%Pva`!ElZ2RlSc-q}(F
zK6tnk{}oaMKRAw~+lAxU*(|9~PvNL%e__fYFW2?ao(Bsf_`%U8hb4Y+_&@7DHd%;s
zoB(A}=c&R`hlLO%a6+OT(sM-g-54jq2S=UfBz|x|DP^6T_`z|Va)WS;ZRXoOr0`#r
z#vIF!3l!bYH9JzPp5x?a->?WA@MThBu9LDI|BKQ%em@Y7wGaa-&TAVB$2i&gGs-O~
zKXI`L@k`P;C(?che(>&6>N8y$ocY2CoRDb$J>?)i7J&oqEhWxj(ul)#1X3$bv;4%t
z?kpuQ$2$Ta9BndF7%rSPX|%%<VVVMdhcwDvA&lS$_mh(MS}B4b9DTY*7{R|r8vF8$
zaKwB?7=aTKZPF}9ofI2$2<Orrq?CJt6d^A-&VygZDZvj8{`ZA9l9KmUY3$=|!f{^v
zoiIXPaPa?tQ-U8H`|_@E?8`^O2%M1E7v^*J1smm(FWS7XZ=-I_QiM3*h|h7er4-J1
zDFO#fZ2S`v%$PyoghYMrl7l?hsLvYV{!-$+Bt^&zj`m^Rj{0n*jNO!m&$V8(74N(S
z-d;HPgM=xQm_r<smw7vm{V~EwtvWL=kspiH;`EXqPFOhfRX-_ZF@7ilKhHcjmf~lA
zi+Ua*jMR$1i~PjLMw~&y(LM(XBjg3|DkVP05rQ8)Qi`9oXq5YFVFV7iyA;knQUpIZ
z{0|C89Uc;ndHzqr2>g)f_aSoBNyEY!DvkOdEF3WzR|iO`!}(GKJ~+y{T6kwEoQI_d
z9PrUn{3Qi!bj*1ffdi&4aE1%_b9_|70muGwUPH(W4*xXadiT#1j+kx2F|N3$jgU7a
z+GHO&$b*FjhyEETrEcxglH)JSB5=SQw{WhJBKX10QvAP>MoikIzx&^jMc{)=Qux*P
zPhuarr;We|ho5I3Y{JiZGyL1)l;8)`KEy92esK6%pCItT;pe#nf*&07@QB231bsw%
zG7r~DvCzodERDHtgfQ{(a}1s=rEcGm#yGrFIL;%_2}hjgh5Jb1|5G~HF>9*GyPq(z
z;fxiIwFmd2W85+}5O^U`|5N0k{#XPKxLHcf%cT+LCgIqxUkM|%VzSS~#8Nbz7HQ-?
zDDjUIj(waZjKBwDsRL~mapnnc=>8>%pLr(E7v~DoALM1uiE^vw|4p3pJK2c;dtvHM
z-bba8_b<W-bqa|#q+iK{Mc{y$yNPpz6u}SPSc?C1(kOSTa2&sj5<h(rW8(s0$|25$
z(l{@FPZ+@uj^pBoI3@VOQJ?#9O7MrozU(dsWng36?kP-t(J9hs|7pTepBchY&o2tc
zek~U!7I|-#hW|F<sORm%2=xI+J!yZWRz2}Yoy&O0lGEpR%$S)QvZP~iX6FQ2+&*u{
zka=@E+8585H)Q^zX|or%x95gbduPpSpRu^Bd+vg{9n<D7o!2q9>$ceo7td-xqkZwh
zTpE7X!les3rp=t&v7~E`r3;qKJ#j&Mn>H_)wq))ZHR^HV;)SPm%{Xh}qSHH<GH=HG
zMO}G|m&{QcRPUR-ZC$<d7q(3sR>R*m_tcvHj)l`Y)qh6Ev_%VR?Bu-Kr7fLTGwR~@
z8Eu{7cCF})nJOjez**|V`7=)JO4Np~&L!;~U7d56&_mN|ZnOQb%Ccmd%AC<w-CE{e
zvb08%cjeBWu|y+DHD9=(<HUvY+ZUfcZE<_s(pfdez<)q#TfE-fHS43D>ePl=(bLop
z!%m(yuWD~q%XE9Ej4D`}G<KHGTiUr>l3J@>m#Qn0K2tV#Ru4|O>5Hya7}maQQ4P1(
zOx0dbKpm~qsynK(N5f9;S`s;ib#>dZU;8MvP1!+Ny+4{q+U71evGzVy9YbBqtRhUC
z*S?@DNv&VyjKMW`!Kqz0YUeZmv?cRuO)l%pq=8g3n8tQZKL^h4RTWd&xNFuoJ9<v3
zo^@?sY@7Au+!L$knDyjSQA@f6`>Z(1pc1-PSk9XJR~dP=GF1-iSu^I%nzmr!;`uY?
z%{^mA$J~WAx{$H0LZ-2^U2EVat!IE&>S2T~hp+9k7tl3!?G2q9ea_qy=cwOmw>-VF
zK7yJwt6kS}InL)UsIjx^w3^MW;n!u{D85EtE%z*)bmuLpF%vIZJa>NkwE1)A&1=`3
zIYVdOu63g)s)wkG%Cc&@(-5A!WbVv)HRkFv$3WN6owrYGU)Ghfc*cUZtgNovPMlSv
zUh`(n@5;0j>0-@2HA|3tJqwPGg`TOSeVKZvZAQn8+>n_|;-JGjWaa{O>#6OFmqY`Y
zcL`^LMGH?;yDpqPt>ZMUgUo-xoc38KPg=TQvKs!#_KptChMl6RWtl&H7c7fh$+9e5
z>6$EjT^3}qAz6*tlpOvp>#^9-X)%*b^RYcyiG?ef@xzs^|2mhLt<8ebzHHW<s(nqC
zX~9a?XyIa1mKSK@WH#;MtUhaWTAD@9WL*|64&^Sv*0&;yOtu{Byu<3g%7QF-mDO0{
zDIaFx)3i|4I2u%)*JeSrT~En2(N$Jj#>-9)<t16<tzyObGFh{9nztg`|80BqGA!~{
z)?ndL<<qLG#e5pq?j}pHpr;$F@>Q+CI`u?SUpqH+&05PXU$R_@Dx~YL@OibW7GJTI
z;S|$V_{uq|s$xU0%2&PMiWt?at?+kUYQ>hS1EQ*&s;$W)EAm%PNal&*(rKj>+^%b@
z&RePq@3g84W~U`pI2rG;o=Sb4nz(Y}t}K3xT-jjVQaPF1*6c7TFP9>GRSaX*%FY2_
zUOGi)d8*p2GRkWV@no#7cf}N;Yb=*ylMk?3<GMWdvP*^XLdmk)zI9#<MaUZ7&aGL!
z{HX+_v1)EDH%0Yu=(H?~8gyC{m7U3gD17N^D14olLgCF8A~n`QK}Z)t;VZ9RG!{Fp
zfVvRU<xlO6m9<Z7@3QcT4V6_-cq&Vt@N`-4lsB*jN*6n^p}f*rypUB6w~BTfGTi&a
zJnEz+)3k2qHbTak*D>Fhfp%9ZybI3A4VkrY{`__pw97i$7c7}EWbT65S^?Q~tR<7K
zeJhDYix+Zd?=z&{eigeysL%bVk`SuT{kSUqld3eg)hbe7e$_Ga)#rXu*(g+>`(;)7
zj;b`brYoX<yjw{K)t4XFWbS(VnS~0aKKDQ+Vf=@x(mXP#NPX_Nm4r~eJ(jGv>g~16
zH2qj5Vf-hm(oa>TpRP(jTb2G(RhnDy6{)vhB~Q~YR1!k<<wuE`yT1JDXry1O;=fUq
zeyb|Y<C2Qh+pnOf>GvxMq59n4s?z_cN`F|D{#RA{qpI{LRq20MrSsg+ElYi_zAD|l
zD!pM<n#ZaYsm~Rv((#BW<J8-)y{G(my+5{ZQI&tosx*&~DpFtmnsMak)tidc+vB7(
z%_H85)aUwDrQ^|3#;Gs=#7w05`f^3;a|5f=yHuqISEYFcs3P^b-Kx^NSEcu;O2?zD
zEJnTkLVg-=pDO;oRcXEkQIY!GsH*e<Rp|q((g#(gc@3x{_4Z5sY5LHr?T1&T<0}_g
zo_hQ0YnneEug3Ocs`4LOmHu2+ny=1Oq&~;v*NW8Je-cR3v#PeYSEWy^O3$rIpH!9R
zCx<FhZ(nap)15Z!_~(&LMe6MlOPc1<O-1VM)rB<8qp6DMzX?|oLiP4qQN>knuh*pM
z%_|AxZ&8)z5nV;<%da<NJ{^yhjY9SIXt3ha@mNXN_U)_E{i@RatJ1vIRgrr8IfgXd
zTuBJk+vEO<tG@gbxtXutUM)zs53MAG>dQZO5&Yp*+j+EBk^1saYh=Fq@*~AakF1b|
z>dQYV6x;W&+TL1~9#xedU6tn5kc!loe=;ZY)t6sIi}d&kS*YG#$*H*N?NzQcJ+YE7
ze!Q-gx$DcXQb(HCDk@TMj~~<Yag~HnefgE^%w1o8Z7R~!GvJ@~_S13|SG~O&mZoP{
z5<>OmpLxpM_4d`t3Z>p&+fLI9DhZ)_`-zT<t3J25lCbR^Rq0c!(#xvSXH=!ntV*9%
zm0n(zURjl1Rh2%wDt%5>`n;<2>Z<hDs?uMtN?%l!zN9MsjjHrzRp~3L(pOfcuc}I4
zU6sDJDt&!b`i83XjaBLISEYYYmFAU+iqz*8begd1?LW|@+ZR=BxBn1lgl_t5)cU`d
z(~Fk=i9K}3#RK+6{mX_ONx1Zs-Ni9Sext4jVg{O_k{WeAkj?<`4|e`u#{Z?g*yJvo
z?WcQUpl!b+7bBb(E*f)p+K&-JInvT=?En9eMu>m0A^jg4*+yMIe9O~)Eq$N;e;{1h
z{ydP27G!2_)X!+##zsjN|2MfivZTFO(WvW(`#g=IJYMbyA^nF)$dX>?>6>L6#eUP%
z&sh4A+}}Mt*3ysVHuWA_YUwBJNAI9KV(F*KFC8th^wYUmf%UWWv-U+yL2Kv6+@Er>
zBHGusKcC|TXk<@mqpmk%#d3h9U&x){+u=}uzEp-BB5l<5$Elvq+V>Uvzea4o*S5cw
zJIA+kW!b3ztaPEL=UV!$+-06t(&As^>DOc%_4?MYs<z+bX<kZd)b+{Jo_@mOy`Ov8
z({n8SH~arc#OBB38gu{1ec;>2*!B-|-RjtyeW|T6_pe;h(^>z2l-t46qr_>{PYLmV
zl#orOjk$m44)k=JrSo~dWP)VlwLZ`PS3*87ZOnDg&-3)pExloWsizs2jk%5TD?OdH
zXCcoI;2;M|8}$m?WuDIZZ?pV&JUzv>Z=S!+(<fMZi~NJ0&iZr9{GUDj1>3$={uNJe
zP*41=^MCg=Klsq7|8P|=Kf;-yQP(G%c={MiZ=c_)Q@UTipQpF7_U@nG+0(>e{0#Rr
z{o0t@DL>lNtgIV#eZv2KLRfh>=61=S;OT6C2j|;8-E7-;&GSE@kXh13U7wuc>0>Ru
zdw!Ltv-aI1f3c@8we2JFw|SZ`c{S?#gdfa6TBMD+eezFw`Y229n}5U8ywKjLqv>y+
z=8GbYIbE;FB3!97>a*Z!z97(;J0RcR)4WjFm^(1Pr>EyDPouu3Fv`=Pv-BbPLp=S8
zr4P+d_Vh=VK0JTCrw_CA5qZ8ih-@Wo%pH|K#naSl^W3~V|E~)9leAGk%X6Wpd5N=8
z|FP_b;A=bm^(#-0u<gg^f8%Lh@@v%f$)leBmBpKpf4VCFE1t$|o;xZ3S5N=N__Ok#
zc$$~Q8guP={{I#7sI-y)npX3{p6;31(>z&wgl8X0WDoCrtG_}uzkR;$)8?R--<=u@
zI*zxf$W(cGN~x|-=;XA=a=Q69Z{EULSr)w-CBHq0BZNJD6R_uQvi7hovu(L)Jj-1&
zcXt8Z@65nbN8)e~R1d_2xcQ!;>Zb+%a7`S0qDHRlF`7`<XJ>Nqz)U7yTgqT~tS}m7
z+O(x!H4&0$U`knCa(2U-=UCajdp+XPCeqrKrSsafPw|){xwD?#0?+AH1aGby+f+dL
zZ6bx_*;Q63#_yrWQ>rSD5j(vRBtlX|c2}Ng@&1pnoc6d$Fnh)%P<5-GxU{OZPI+5+
zhXE=Niy~o9XO&1F3n^LEf8?!l*#jWC)%)c(^hZ7Nrq6fENuv0Z93g*vBScp*xaiAr
zmt-BLhb^6-BG?NS<!uBM#nQIxJh72e*bUW_qud;Np27CdeDOqtPR~v%`O95XiD#}X
zYUa#p6OThGv8r~Y^1!29`-)4s=x|>B0A??Hfb408K=uejAf8(YavZkhI^TSkyZksJ
zd)m;&!y|^%W=)%P*g?|{YG0riK0De+Yuuk~%~pBKLiu>YAj4yYY13wPoW7`i+M<rd
z)23M+vqu2hoIGP7Re7+WR6I?vDKeLTAhUetnLu6gzsUeoYv3LU<}OS4nd1Yq#t+;Z
ze4joftd#?ozz^y}GC&%B)=S|Zl;EKWhiif0aDELuGQq82FLzAhAD7?>37(kX$zabr
zCGk&9@bm<?C3sGP1#|h|@|k@Jr&HUm&HQ}kS%kaff1iPFGWo~DE1Wzs2y7fqa1!em
z$JQ@?!O&CN@=qJZUewM%lVR(ZG`{Dxm|m8}yf5Qh%x5!fF}?4suRX8Dbiehr*P*0r
z`KPkH1HfLNX7H1le-PN~GZf51T$1)R>HHu0^!7~K%Ijct_HwPx&apZ_m*urOdmXy8
zLmD$}hv&1r7PCgXu{FOg<5(M}IE~}+Vdh^>_}(v;*EzN?Ue^ECZ}DGC;;+lF#e6-(
zwl9vYeY{+2pSLrPwU1w1TAzA-O4=Or#sKg-eMp+6d5>vze#_k1`1JTzuE(@;J*JiG
z<HX8cm*ur`)0k=dc$~CfET-qRn4Xtt`Ts?m7~kXAzC4P@k2UX8EBB$yZ{@y}VJmlS
zhHYOQ+rF@9m6W7;$JT~E#+vav9t3_tACjTc{9g@b$Hf~NZo%)z#mEG=g8eueli+b+
zKTankcw&MlC)oDg>o0dM@5h(<)4uRy$~fLW#`$kNnZ&%B#_XX@`46-04PdXEwdd=Z
z-`dmt)}D^L)S<?BAi{df^>(vz|CN<x<-V4byDr04uGh!<u|^$W=HJfvhCj}*)$`E|
z+x~i9<9w2Eygr}F;i5~Da;*NkmO`xlX?(w#WOev=#^E!c*6qE_-zBDxAB*YZE$s`7
z`B0MA_c5zaRw2vle#`6F+S890YtL7+I3<}F=L5j*Z%*)_gflep4+s14V#kFaFC!Cv
zYl6olcpUgeeMlxq^S-|m!5(Kac%42ZQ>1ZxO$B?KPfu`Lg6AZ7UV;}TSTL9O_UzKO
z9^cy5anB@g+Ar3&&at+2T!Np^`o-GzQ8^^mwvMfB9S_yEy!Vl{tz&Cj?-y%ZZ>v`L
z-d5JO&at+2Y;Eg!B7DzlZR>fhZJlFn>v%eR?_X<M=Udx4wzhS=D5+0Jf|n)uOtAO+
za<JEDRpLJf>@in^*Xcv@b!m)&OTgaFmnHbh1Ye!t>l1uqf^SOjEeRGZ*RvbAF6+l0
z;N%sCPIH~t**M<s4e-65f}Q6^-}m+L&HpjE{EPDIJCFOk(ObMuWj$(H?e<pQ?-5$e
zbROO?+pnJF^|FfK`?9<ilV2W@^p)nl4kfU!B?f@K4$WZSUn?tJhrF$g5-ZE&SXqv(
zERShrJ&^JL<2atz;&@)`JKryh<7HXDIJWwv>!S6wr@x9~G5s|Z!~AN7#NvBd|4;Ef
zj>Sw~Yl(g_zdu~Cvi_4Xwl-<QwBJ3B?fYvP$NFMjhOG@>&#?7HI)*)_)yLN%R-bfT
z;d7V8=f<aGeev0re}_-M)_6C=7W02HZ0+gmTdUjKncwQ>^(n~}Z8ZSwW1u<l4+8tX
z3{CLxgx>=GyFMf%rTKpt%(a65nc*>D@9S~k&9gBu0lZm;CxX2lCWF1drhp&Shh(ZW
z-;nXAgS}tc691e8&r3Lq5`RbHUk3Iud?wiUcX@(WCHNe$x0PUdeb^2B9-d5MPB6c>
zc@J&sw4QuD<Mza#j+rg9eYCv%5|E?;j>j?nedf-_iR0dIJWk&Pm%z>$0QT3qn!)_a
zr(_V=+k7baQM`Vg>uuhmbhP<Mu*Yl#d*6)#JAYh)CxE@bCMJICYxi4UdtX>z`@T$v
z@3<|&a}q3Au1_~`w`{+9Bpho)ud}tG$1K9}>z&VRL+1}jVp<!%FNeh1kY6y7SR4M$
zV0KOPL58gj{TCUm4V`cG{7>fp_08KnaFJM?kF&CDfBzTrwzZqD`7MrL^IDvA4)k9;
zvUW?ai~T-KUlpJCIk^P(bG@~juV<{?e9Tz8J(tzl+Re}P!^!)4=C^ixA;Z>g-WOJ9
zk7IRCuYdho)%x1ojR-MrEw7JN%j+?1fBjfU$BFUN>q`Hn4C8zJw5%?Cetk@`K0e#>
zv-r#;)_xWz?Uyu;`>ovVviR07e*UuYd|wvN`h^FVl9Dvy4*<WQ4~g|lpNwPu;{7#L
z+k#{L;(Y5DZ@08xTH(82Fqhwt&rI^AEWYhm@(O4tzn5$Ma!i)b+RgXH_SgH}_V=ia
zWBZ$yo0j#T#Ps+U)8kmowOM>?!?!bBlF55tSR4B5s@8^o&N!dhhF<5-Y{T?i<K<er
z{U(cV?c?P(P#@=8`*<B}U)*o|!mm$CY+u}8QabL9+rFgb`rK&cI<|6s>{+?%8;3q7
zty~|IR<2_!*RhrB*xGQNDkZTt^z(v^!`CyvjYE%bZRmMz96q0MT4iD!j!7_EJ6+H6
z!iB{4Yn{RDIDId})}B5GT6?<R_RIaYUp{6^$`<7kA-_{H=6Sd;v9i+n%CVK@_k64@
zpJ%Kr=a4_v1J*Cz{ua}ZHR~6zkHt)n3$Md}oHwg-w%+hK<YoE5exqQ@-w0fn{m7x9
z;bvLm%TIr@UvRdS?dO>KBK+tj^(}z)ynJifO&o72yBWAm9};lE$Ex`^$lh%rZc(_u
ztkuW;7Dt#ecW_Rl?9SkJeMrCsf8KP4aB;(2Zld<>vIPG!!7nG6(|PczH+V<c5_q;g
zBqeFVk6*UIVJr^;i$gnsgTppBqh%S}aA;?6aK_-Lp0eY?;?SPp;7r0V&Iz(pz~a!(
z;NVQhFU~w!Z8i>l1r83|;G8A92&|2aO>p5peMpu`;VhR$!B@(z0*lXh0SA9Ie&<}|
zoRTcK@Sr{<<cD*o?A2h!8Q?hL+=$;fH#vu~2aY(mxqpx>IQ(nyEAQ*F_kb0DsN;zL
zaKd3J0EhkoM;vZL<8P4#hyTy+r{BQge-ppT-9}^QZRfPgf}`BO<9E(K!HPdd794SM
zj6M0s$p;QUw<PdSkQ*F+E-mm+lph>^PHB|Im}h#0Gg%yP)Mv+pv$J!ihy#u|!`wer
zesK8rcK>ww!Qmh6{x<o+;UDk*Ir4+UZ^w0ytdH!t7T#H$B6^}eu+oA*>txK~?<Nb5
zV|-Km1ef%d78ST8tLe!w^8{)9ePlNP&(((nTv%(+)=ouDS|gO)PYNC<dq9G%p7Jy2
z^mP9y*=@il=|ci8JYp~_SNyR`?j<GWAX$swkiDl!{}qL4=S7aslsz@Uw(sI}$hW=w
zncH@9JXqG+PMj9uUGbl+4+*%y0GI3`r7Yqf>X`bU;8;V&-c^IcnAsS=cA9w`0keNw
zIabo7s7_G#Wpn$y%x8J!r|veF3P<0;FUfEHH9zAIkSVHBX>V(D;bvjlt|$(9!G*{5
zA+d3?c{WE{n+Ok*e>mHOTV=aD9xtn=H$P>n_*`*;J|y6RpO<$NCU2AMXvegtwZA(3
zYGI4-cqSZS`pwQ?!u{}}3-y7OM*M-K#UbVpusG}&xbUbxBzsHo)1Kh)x8nD54+4v$
zZpwiROjMF1rTEo!h6_*Q)j#}^lDA#<EU-A#3tV_cACk+Y_<K8!cHR~L7TFIP9+zMn
zpYDGk@iSK750hoA6loj@IQE71jhHru#i1R*(N@;Z^3x9Bn7e3`$h)s&#;=VN@o5tq
zC(jB<4wJ%%GYKqCPscGASwG58n}DO9C&5?V(`6Tc#i4z`k@xfX#koj!C0HEB3pn~^
zwfjr5;KEb-kbFZ5pRo^){<;#sV%{iwEm$0m1#sa>eMr79#Xrb#^w%x;mG=(WpE+l!
z<H8dHk~^j3rCq_XFB<x}q8fp|qrBoN`jCJNe>9klTXC4r$PZtC*}8CX#@P?Q2Ew7T
zlO0c&W&Gi%U70(;b7XrtrX850i;BZ|0LR>A$Cc+LE_s=|raPV@yBw@w*UMfCUZM|)
z?U(!|VVk?;Cq6j(+SZ)ntdWm4C2tSM(T_Iv#2F|5{?2J|9Q8a9zsF(T0Z)}Z60Dd#
z9T%PxkQ^%w{&cW7v?n;m18oH7XR<dqUM2gz#QzJh@-jZbF&=DRw4?Ncnk-io9w6Hn
z+@TK%IO^Xd45v+YN3b}w6*!K~J>5_HfD6y-Lo!ktd5?C?*qaJg9NG#Tb<-(1S5$?I
zvTQ3Z)rSNe{n985hy60nsR9z}T--VvtJDw7nB34Ya|8Q{pK)UIj4=Jf_{Lw7-2$x1
ziT&6i!PGnacJ2^|I&A9x;j*ORG|SpK=rjSxg>?qA^RoQZac61xt<D<YwBZKQqA)Q@
zgW1=O9n&XPuKe_ajb~xvSsjFj2+LSr_RsopnSjLd3R5OH`qA>rPnqBt1KSA~)xa&X
zv}sWX2gh_T@ag)HfD11h%=$u{kxEi0IOY9)CgadX#WOOzH&}%nB|FXWNwT(I@|T1)
z1dUG|aMVr3Sl%;b$xj^mn*89IvKnfZm;D0Ac(XQ9M==&A!Vz8|djk0L`jA*&`7ah;
zB@O@OVEJ#5wYmv2UIx3Lecv6dIMf*&b+$GX|2Fw3k2pulGQEPoE{lTI9oaE1e3kG`
z_!X0V0mr`VkH3_)-{D{yM8f{#XLsg<-M<`M%6`Q83ddK=YWSLekZgaj_|zX9^|y6P
zDO>*xfg?=ara2xhOL_R)WzTo~W!a0sib?&!QGXi`{q%#*@{NPzcx%VBtM%6x1RNJ$
z%do9U<foqC!n(}AhYWEh$Wo`GIFt)6ysi()WGVgz$Kki*{VW*1mQdlx2v3z3h3U8H
zU~wpSmSf`6#BjKkWcw}-@vn3L6S7U(24}J?-*g6_DZ2pd{4cxzBH6W$pOJk$!TmfY
z^|d)od3!pJ{-W)OPhK07;uPhxG5NNDWFIM<N5whT@xii79Z#3N1+2Wx4dB9?`jD)V
zlJ|buryO%!eB?N%n2l06Jlf!q7<jq1k8(U#mT#Ej=l0!l$Ma;_fBfgkUJX_q`YJCt
z#?SYh^Ap*doKq499QTxd?*0MtgA3~fB)`V5_<xXnz&XwGgFB4}9R%DHny76>;Xlf@
zfxoB^$zmz~pUc|0*!_37|1sGI!S1(fc8|HObLbPfEDqS_Pw^RJ;KEz_kc^O0);QVy
z!QwFXz|rpq;`jI~ox?Z;N8hb>&V{lzr-^@+@a^vB^h&*nvqtvMj$f92!7<0st6<fE
zu?LQRdC&cfH*l<VZET3oSOQ01<Y|AE#r?;P!Q#-@;OGn6cXgr;+w8v9askPC(xUvA
z%HHMpKH2RY50X{rTygn&<}~Gne~@!%PjIx=k@&^o_?YInO;%Mj|K76Sbj)#oC3tyu
z?1Q6CzU%&;vf$YFoAE3DJ+eOoFPA!weYdeB4*MdLEAEihXH<f>a?BXEeP1EqIOa?n
zSMqn0-^SHC7}@<7VvZ5EIYAuS0UUL(c96e8K5+Qi|Kg6>7@Xkvp?uDM83z9Z;X9;Y
z{P!f-#=rb)<g-3vkV?SOK6c&_XQF)UKXLYzWqnf=pM3$xT5*5;;&2?ZKXBL=aIAT(
zALVCXz=enOA!(OJJ?$JV4*dl#yrd6Fhcq~6fW@J|z;PexZ1*$H!QsEc{fupJ;V=4-
zTqh;wH&o{zfEBYO3l7e0_?>eXSeyZ};8=UJ8^L+PInA=*;5?UbUULrZ3NE~$56L@H
z;_#^PL$JykDhn?BRUe49MOnNa1ZTM1;KCcm$o>JT*V)c};<RWJIIbo6g_npk!sCn-
z2OOM(6V5S?UliwL$17z!z>420KRB*)IlmHrxh%XW>m0E7j0<q^zwVq%WG{2hIB~#n
zjeL#!C&&*D|M%U`SOtgwR`*Yq9~^$hUva0b&Wx4fm-HcNlH%tWt#jNe+bzKxI@Ydb
zYku)d!gh=cZ!SDSN*s<Ci>bk|pRgS}s{|wmNQ?3xCd+;Xw(A}DZ<6>q9^j0XwQB*z
zp<Z?^uvS3Ac!ERw*m_KuKBa8@nrgCZG#%Vq3scwPm-QjB{guBY%yCr|9v}-3ys_+V
z;Is81q3oh|nte3<6}(=zb1FEl->n@~LF%=Ov?vbwz;O<>_~INTpVe8M9**OBd{d>1
z=juZOj=9D9QGQ~A3;(ST3Hx6hlFcQ@C3p+)dHRrm;~tmouk&p_7l)YOm`|F8$xGe9
z1rAUN$0}vD%5qG?X>c54kN(3?e}ZE^KMcR}o*+93EDrquj=Zzo&;EhKZ~Lgl_)_`E
zU;L^*B+I2m`M)M>`z1_$x5qCI`vs2nXMDiFQI;_ThkXRcdHHDk;!Kr2&2g*jMUKyw
zy&9~%>^nHl#arQDtq%z}+T6}ZYCJaCI1!+3;AnGePx+}2IOZtZcja9v-~Q5~Fl{yt
zEPjLI!oLJ06QywAPXUY5({Y@yr{j0diO!)fz=d`Ckj$3`$J#-0=ofJG=@*@|v+OFc
zIDH*Q-wngBfq%GcEBJhUNUU7>7YlDGg)>054_F-92ONFZ55G8P${yi(Pua<ir^^xx
z&PlSgZBd15H?z4ycyD3aqR4=efD3OMw0(o$q9l31j28`sTyghoZrcoefj%VQ!p8=)
z`a8$!FHX7sk7k_yG7)DdusHNJINHkEL7mU~XgnO@!`Tl0x;`Y}!Y2l^`AwWdl~nP@
zp<Hl`pS|#l(<;kc2BsfJgB6oHfTIp0@b8heu^qFH8}VPL4+%Kxu#Ir=t<A-u4&cI{
z^dVt<z@hzj1&c$u;3#)L_czFbIo~79A@F-T4!)JE0kEU|R=0};92b6<VNL6~qBtCX
zL&4%uH*n$K`jF7pMeXz=*~yNXdwPK{)`tWfea-j|zV)Lx#I$~VPe5Y(sF>`B^@}*{
zFF5MoDoh;u`5?y}uh!<`(+=QRKiIq{e^2?qu@;&mOg)RT;D~SguEDJC&hD!_{sDYp
zhR`F9pO)qR0)C$5+Peyl2e|)-;*57ZN!Hdm;#?ujZ<~-8%r!sw!aB8!w0Ma!N;Uz@
ze~oNE$HQg!c6_+(Nse!oU6|mG1fQPZvl9HJ1fP@OuO;~61oL|$)Q7UJO7L|FzA?c+
zOz@kI-;-r*5oeI>0LQ~*X?OgLd3Celcf~&htTtiHfa4nB2<H%UigOq<;J5~vj$bjU
zGjkkq7$@KY7rT<h(%_r{7KbqdjyNk5&R3mNlm!PzL#iC-Th8e%3yy0RyT0)H-0B>T
z4{+gCeMoMXQlI&%^IeV~mwnJNWABfS|0+v1>RfUh*9C9mSDeL)^LOXa-ry+ff1Gog
zI2_*ad8K><ACtVE+RyQ6vO~Zst65xd#2N0KGZn|)Nl+YqA#t?(8UIH)o+Hbz6%vOr
z0FFAhJ7<OB*u6M$hKd7@vh4ao@y{0Lbmy;@<+_6UUn=`;#{*?=04vUL#R12))lJTM
zO7`c@QTFWK6b&n}dsA|*R#^`@XQce#sPpgfi}O#}KRc&Y9B^>>tsywyP@KOyXN)-D
z;QYfmSBmpLjyD(HP)c6rgN+?C7xe;bzs5N(yeJ^)>zo^8cX7@H`N1&<?&h4EWJfq2
zAUhVUm=nbZN8Khk=f|>>oikY+aABQ*<T&T-D?8IUQ{)H7ocvSwPn91Wb1(l)n{ubi
z4-P-SNrb;mesK67bwBerIQ-ALf1do{@W1H(Me>8gZ^x`o_`Nl`+^=m#VdnUU6THsx
z>$1DjFXH@EcA{hMn;xBD8@J*xPVaR;W5mXf{NN|uKTP&R$91aL#|hq&I*U(#p6vKk
z*+mJqb`$5CdYvz&#+Tj2ajWccj`_W!X$fvi@JR_?nBa~C^Lt6eC(aiWyeh%xCHR5_
zUy|U<6MR*IuS@Wa3I1V%Z%yzo5`1TZH&I_wPx`bm!FJw}zrXsi<bB#x+gY>1?<Kr9
z_)>jHz;Ui=6^@vbz~YFWU5h;=AURG7=Nq!N_7JCs;}~xz!jZp0794)YCH|hW;P9XB
z{-P{6{43qxTNWICJ2xo~=M+0Pang`nDJ6c%ah&_E$FDlmr#CrgfGjx9Yquqw+a0sZ
zYaFw5v~`i<yes^q`#CSMoFzWT4hn|zmgD19?%%+wTeB=U%KgYW)Qzv8z!@YTI5-XX
z6%$U;IYY?@=OqD2--KgpGsPJ$KR7sp63z&)IGS>^dtZKD-q$%ZRn`HHC(9n<_*hwc
zhNAj#uAJfi#j^H{N&XIDlsa=C>x*EO#W@8W^RqpB5@(Ley1+TD;(%jL<~&E7`QlvV
zoH62n<6L>Ya~6wZ=R1`(P8@J>e&U>E;@EjmF}Y`Zr~B8++Br`CCxst#|M8lKILA@{
z35p4hm@hl$3yS%sW6o(GIOgUO^BwiyUbcthZDe~oX5O=NnK-S&JK<MZ6IB*C+G;R<
zaaO7<JC}(wSsZY*73U;4=ZItHIB_^P**VVp*UoX`oG*@@<HX@SW#>5O*f~y|i^Q4c
zF&D_rcHAM$98Fng%G%mn_*w1uO8kmBT`|Fh7X&1>_7>-E`E0!{PMiGTsQ=~U73Z5O
z_j<56bHo7$=ljmNQk<VTXP!9V;N0Pyf5<-U9OfHvaO~WwvTjhEKRKsE9B^=6z%R~C
z;=JvgW#WK?^MP}IEY63HIdA^k`Dcm`F1#op=`J2Ie<r&HSo^qKesJ{l*3P*@w#hlG
z!~sW~X6H1>j&RO7;(()W`#R?y*|E-9Ee^P_PCzojIYVV9JLl{2gJV7Ofcr0z9~|@W
zBksRUesK7oaX<4hIQ%cT|7!Wc;eXTp*UJwMKffhN``jo$IQ$>G|0emt;qTrp<KH4b
zIQ%;)UDSzgciBM+<`~0&vh4H(&ra|bj@x8=JDw}s$MMdxO^$byr3_+nY%<>!IZ;Z$
z(RZVTgEJm1j;fozdtax)BeC<W{5>2O>NCI9;hRRW`oz7&?c^%%lg)cOg2f>wIL5;e
z=j<oDCs-WfgX3J;>iz~<aI~S7OGit<oyyhDjg!yH6{lS88?gO8gE-}K#i?1Y{MF@h
z&0O3!d%iaXd^r)bf8GnGtQ(|oSkH0|3Fi87E3i0}1&(_)+v699>%YSt6Wi82@;@bf
zl>5Om!HPrOz;RFb4E*9Rmp#Yv*JRbK=D$+*X2(B~{k7wJWNq!Oyx$XMZ4q_0HHQ2D
z;{H8kUv~Vu?3<21m1Uhl-FiBXd(QuKe^C}3$8t{l48OO0;OJi!nJcP;R>}8;1Tz<e
z|3{9wUjL2b{lsq~rt<DAdy-?~EKIPi2R!~6iQm=+?%&2^&e!&B9S@Lgay&}b#+dkw
z<)Q9p?J)v;g+3(USUZgs#?Lqb7wYsOnINUkD`f2+i||Rp^W48oF;4?4FXIOs_fE+}
zUgpE|z~V4Azy<%!2OYY`q2Cz?aOfj&jKk~kE6x{G)@{zAzrb;P-QgUbCDQls>2q6K
z3hyYt^|j*Dr`Fd!<diVJDYviV7`Ki1mAAL-Ajd7Tt&Z1<f1qRT?M-kzUDmD#6|*D`
zIL6y?aO9`Iz%kxty1!X|aEv!iRk`A~^dYhK-(UA!wf!Qci^BKHZckou=sSxqKi8cW
z)BUHwk)Jl?c{cb)*>5HI>IC=m_>3JpFDMTE3yx<BgPlVhjy+=TBirKma{1MKRyX<`
z9M21EyorC6I8&WJL)OL;^%VY!`&Y}}09G9s8{p`pTkwnjQ(3!a7iLWT-u+L?KJWNN
zS(^vMp-(wg5R<V4j+lJKnwa$e{*LMA(T*pJPy50-UY0fmFO^*hR!qhiIQsoO=iDIs
zHRmwi!0}Gh7^RC>>O(R`T5QePf9m1d4g4$F2f^ad*B^mfm0vM7C8qG!vcnuxU%P&h
zA3QSgZ{>LzZ`*?vll}!q|Jt>1YnFF79O1oWtxtui?<gt$Jrw&Ou;S3y;OJ{RcZjpM
zIJ4jg&yii__*~hmz{*Sif}<~P#NV2oAAarlYqGC7en-~k`PS@QM_a(p$<h{J?qO~R
zR($#z9R0$)0H;-!c^M9U2abMWy;2;N-PfNB{<c0Omq_uyF8c)7{nQD+{Tzhigx}_8
zap*g6%x}%kr+*k*@O#LDqa99gPMfS93*yku>9KH|b8eTt%kh1(YaKr(Yi*^v>C~3Z
zhr*u<Q&;NzzVJ4VOS0QK9xi_qSmn}3;Alge8|5#`4~{u)xbtaGaLj1~lrE0W&P%p#
z6s8Tfc0YJKFatpXE^MR#lAWdaX+v<qA9Rhve}Gi98IGCzFLccM<WBH^=|i%u6#iIQ
zYky(pv!RK9AF%k81ukry)nUB*=_7FT<3#*khf^G%Dtj$hap*5_^yy9b#s9JF&mG?(
z`?TXrWY;-<MfR_b{~`N<<2KoUf)$^B0Y|@dQ+4svFW~5x2KUo1;OLkAlrE0Re)He<
zMfhm>tbK$>3Gd<@+R4`N?r*_=wLT=^Xe;fW`Mb%23;z2Rhu~M<$+FvkuhEAD9PL>W
zE*_Y*vDHBw;(!ZGcoOOXr&ZSKAP)Uvb?|388eSHk_6NuQ+8juSNWig{u(6?mv0A<+
zX;B=?1$TPiKz_;^j{lGPkc^ZTm3O7=IIuXB3ywNl+d5~8b9%~xJH2DzoD-cxKY|PE
z^dXrqjj~PytE}F#;7;!tC=SQUD(Ccd9PMEJeo(eHp9DvExoji&I(<mMvG09^@zW;Y
zc=yK67s@+YzCE2o`+(ye7;7JKXaiNt;?O?exc@c*zt`t;&Y^w4g^%<hnIR3%iD1>I
zX8S14S=!EV2#59oNBf+K-^-%Uz(>m-2EIN!rmT<Df#=9K9lzr_30{=oWeHxM;9DKP
ztcF|bcry*-7aem<GsO@e&Ou<+0h!=_)(g|!FG|jyk%^E0bocj=|17ZkSGb=zXD9x1
z-B0`9@BTMr?LM3Gj;hm`loID$*{NXFhj#8$pZRZ*Z?6O&>zMz)VE6o$7tT-Jzl|!r
zv6PtHk8g2&wd_F&J|@8@B)C1nCnb1cf;$p?MuPbt29!%#s}g)(f-gw$B?-PF!M8ZR
zSN3to^cVlbfcW4)CipK2E~)KkL&hOE)=16xmG>!ehk(W5I0eUX$2<dPsx0d;aGUJ@
zj_1j0Dl~tGtj)3FFvgE?|0>z@9A7AVC0J#Z9LL-%m&N&+><y0Dryqc|aeyp1)<}PF
zf3qw&;yj06bzs_m(>a4=!7=|Z?%}*5`yp8IhdK_<C(e0Zb*NJ;IJ5^i>aZ1l#o^vS
z$uZYn{6q-+7Wu)2zY9oqb<T~7xu0W>l`)PvJ|;PyD{I$QiZfDq!39plk_B+&Z*^Sw
zCtl4no|pKSIA@If;Ao#K6V5e`c{cc6uwrU=3>R3$N`B-V#_%tlGeLfEfyqR2Pr_O2
z9Ohea%&|`<oIg8fvN+(l$MtH$`N%m_!~w^BgL>u!Rg(Jb2v(h^iUTgNxR4BT&PZ`a
zI-VfR{6gL)S$khad8dmHj&tQw=Nu>gD#tT~nUBcJob(IFJmdYf<9lV-IOcidn~s@_
zK61RB{B_JrDz{DLf}_qo@GCz57p1r3`NG2-PnB&2EAJfT1xH@)8<Tgj_;#;Yc$x5Y
z_m7la09Ia(S#a!chjYFlzCBA--j%{XasQ^mcX?jUIp8Swe&?Jc&Qp%h7q<J!iqlQl
z?jc{V=T6FN_mF)Z^`7%D5+^UE{+G#a<@lG{-q-OU*@2F)k{t%VKKp(gIM$ihy8ld-
z1&(9+`|e*ZKREpS&luvYk{=v?=2`0VQ`rX`zbN}K`1<U;3@*<D%3u7BJ|woTV^WdW
zy6)g?oxhXPaFngnyJxoMVZxKxn&-X@GhY|SXUAh-usGxe$Napb`+LZOW6fjpx$?5k
z+S54=j$<9t>i(Xx;Mn)E_`jR2Gi?snq`pGFWAQtlkzl(%b^j@e|MUdk?D$pLHI5&b
zUFVo%)2^LWE@JnW6mwr4&UQaRe)hdXY3lH8*;^dHAZzc2$v;5H*{?X(9KYiDE!iCy
zZ|)!C`1`W|<@kEpUpRh8)}HB$5570?Ka}9#C-{j3+jADr`{%^}Qi5Mk@IM{*(@t{C
zP){)L2L#?a!FxDn{X)OfU-U0H#>OE0io+bcn`7q55suqr_jSyiaDZcuQw>?m%W<^I
z@oL!%z$%L|1CHyLOYy5L`jPWDoT4l^ICnVbW!Z<p;xNX+G4>b}#JOMg8L&8vcW`jt
z#V^i}W&ay2PRVhU^(lUFm^bX2RCs{K2~!XJ0oo2O*bNhZe^MOUe2{aR#Q_(J`j8CA
z@0_vDp^d?D{yHq-e9k#T#R13pYgWRsHM8n7TpV!BtE-&DGqlSb_fXv!_tfDG*$2SN
z+oHVSn9n)q!r`~Ko^#AR%5j39XP|F_m3O4_f}`C&a1QP8Kh9|t2OQ_|IzOhYtsGC3
z-OVx2y@xyIS?Em19GgoVUn%=}u<9^I@xih0E1YwO@?PrrZeiY`r2cQnJ^)r;P0@xU
z?^@^ZEOedYwZgo|N#46<KLsoA1my)syLA%}&SSE6{uTa%@F@3RD?0(Kyc3ld9OX`O
z&U3P}9diy`>iFBT%fZUa@d%D`&vwqMvR62MOZK~t50bqFth`f{7aZq1JBP|YReo?B
zBRi`9;7^wy9R6M1-zGme{QJ9qj{M;8+x3y!VK4a(*S4Y>jeET(CD`T!_uKWR<Hr)t
zzZ`SV+m20fz}yp$n0DNG-mRU#y)4H+oT1|ObG(!60LRQRJA-f3hXfqsnPV^F?+q45
zyOO<I#l#>PErl~l_8_o0Jsd|n&}aA?WWf=ib|>!w*_mK*m>a>7cd`46vf%h0-x>Io
z_afOZf|a+o<H-9J_tOU8@P7+G7ax-Az{*>49GoAxpLPO={}=9WmIW8y*N5azDfM|$
z_P1cg9OSsrD=X^{?x$VBg}>=T@|={sZ^^z0R^H)`3m*tb>>jl^9}E9o3O}!~i~}%_
z#x`)=SGEzXI4$CW3w%g+bpJ@lQMXY_7rzI?@A)5^-M{>%(naA1WuE|x!x(5Fj{JRO
z?b=Ovu<%&-PnETItK<iBT?Ze0bb|YM{DbAAP2o`IUBN1=hvRt0v4?YrvybCZvaHp}
z%Q<8WSa};{!Ew#5W-`uXaTs&(J7mA^nDg-W!OF`x1joJK+whBjyX<cqUm;5u;^!E(
z^QrJ`VcG?MPg&Xpyn`&qKk<v=faBip-p)Brc0cFz76%;b<WWi&56jNU?T(+8J=^ia
zvNnfMamfx+__Tqwt?*!B#$WiY4aKKV!38E2$yjMoe%c=#*T2?=UI!Z+;?U0EXsc_4
ziGPFaO^#V_taW^@?4KOJD*KY-IkK;V6_fS{NBh{Am!Eb6#~jY_0H3x3$8pMj7CCSw
z2TF^YfIlbuykiclZNTEN@8I~3PYJ*H+}qm;EDr4ej_=@G8;UbdzP+78JAmWdWOJi9
zImMai9QF%bV8Je#BBd-iHV3LK_R;3RrvxNRq|||Z1Q(vwhvf6p$a^+eoW8Q)xNrZp
zgmam5O0wX1f97i8i1S^r;tY@l$Gbf@JBN0=4J=Nx<5=6=;T-nmUgr#w1;=kR{Wjq|
z;T+l$9Pf$Q*zh)C3{ci^S#Vr`y@%g9A3CQ+7F>8i9}>F<B@T0{-Gfq`k&a`WY^HRP
zK`OE9O?A$6;hm*L;YqTMj!UvzfyHOcfMegA+}}eM9N%Nz-TjOWaD0D!FZ^B>Wq=v8
zQ^1Pf({YS{i*rPFpL+{9bch5T=hLl)i_YQP4~Ke!W36T5S)4uP+r>H5860gw8<Cef
zgJXR@*8S8C9DKT=sGWF5c9G*{vS&GdNY<`#ekdUMFDd+A$m-C|72W@9_rte+5vN($
z_C=iXzWiQJiOp|buJxC&{<3Q{@!78t(gF`fB?n0<i~Rye+a8Bs89C;rIc}3BjemtK
zX>f<^FCAYi`>^9RvX6olpY{PqeCD0vk=eTpv`g_v`jD)Y;=e+6HQ4>Pxc|?x7GE6j
z6N%s2NB(mAC~wX75$9dyv-S}_L3me>!x&^7PzU@6fE9;!0~h*c?WWD<r`^D@Unk+0
zgZbb}$6uDc#_{)Mt*ylQo$w3pXYKPUSY^>x;E1^q{>j<*O|5^0se2248b-o?!kHku
znd82))+X|ABD|gZX`f+^$IIHeKpfT)ci=xtzl*HhT<7=|*?~&qXU*InKPN8<IOfBF
z!f<HIL5_!rzdKlb>IjZ=3T+)RM>~gh21h$nKRDdK(NMEEv^hB9*jRPWbm!29;KFvw
zC|N9}4n@cDtn&=~%FA+expR8Uf@2Oj2fuT^0ahH^7F_T(^Ht8_8Nm(CDanGPeQv_9
zIJE6;V8t0A3y%5O#)ddA$@idh=r3@A1(f6wDRC%^aYG#18ysalmvG*6{ITrcz~T>e
z9OeGYIcsEDL&F*FI5->P_i|ao!C?%7W8SlSZt{<m9~}OE&To|;9R7`!F8)Lx5^!NZ
zgW2!q9h1eOKZ>_z{yo9+kCCPA@ON`uV30_5mIh~t<Gp3~cT7Cmv^XW3^K7ir2@)HJ
z@;@YeiWClg*a3Eq^^tS#at{3a5?pe;qpTe-;xm_9{S}8ggQLG_FUsOr9PgNV*_ao<
zhvS0w9TC;|lzY76dt_&V#cyyNWB4TJz+Vm)hhqdB=j(IuD=<^aMPPA?jtlB{<O*qU
zY|K0VM)!Bf(w*e(?Kt|{&aKC0a}?vR_)~pI#!8Fwx2gNiOR$Z9`MEx`=Ul?vGn*t0
z{xJ#W`X~I>=HfFa(FgdC(ssrH<<kD(X#ZCH;?VYoJEo2_H~b!sqy4ST#i!2J=E8Ht
zX@@V&HH)>m^3oUJ=!-?pA@8YRaeB&vgL9U1&X-*Y7Kgq7M|)o2e%cuv_i4X{Uv;=z
zma$9TzK-L%Pp4$#aJ}^l=agi@G54+!CJt@>C|Gd@$bt*~<&-=l4bID8ahhepg+J><
z^0qWMHvfpj*ak=Y|I0aCH`}^YoT2jBv(Xm>BwWuE2TmhcoZ<3=V|;Go9O}%}ALTYX
zepviH!OGj>INH<Rla!xh5gh)5Jnu}|@t(I;9B^ER603Mz_T0nzOPDh47!kfs+aGWa
z{x=iMH5GaB^Y}AxF~PQ9&SB{m9NHo<T@sjn0`DxllVi>ov^#$Gah&7BWDjvnTTTT3
zOdk?(jF~CI<mGbM)`a48lMfuf|9>(Z`8i&|F;14?SKcqnE_KX)oB<Y}V+0)Sd4+SX
zk^K=^oSu$jT>acR^y%%6X^%U>;&Z%!BjywC?=1^1G>I&+Yb(|59pUGt)RVS+5v({I
zJK%`(SLbl7{}U`u$#Jy9r}!0zxy#10IP{5)X9j}A`bZ1mBgA1G7ac$An0q5zIp&z!
z4$MwVz;WM?J|^$pvUa``hkgMEXFoXd(=XsyJB`8b<xX%8eE|;6Wan@n%lch$=nLz2
zUtgUBM}FEI9P6$Q{EC0NEDHXP>?*MM^aVK9W2^Ct!#$oWoJ0GAgL7@dAr|~QWp4#5
zX325ze}&&;u5nD;{vIs;09kPG|KJ?zz&Z>L?GG-j(}&~@DKY8)55VFKavb+z{_Xyu
zvf#K*w{?`)r$J?qm;MJwyV<=m`CH@%N8Rig_q;oiSC}!&x|}#1*WkFOZgCF#((0U6
zalkRZai5XAj0JG`7bsnvn!O`z=hI)vApytth;7X;&Q0>|E-i}F&2fQ7mh2-X&gHVB
z!QwCu!O@=M@QcHm%f_2H4UP-%2}rcL9A`FI9L6Cy?k}C;e#Rj<@~*`1by)43-m>7x
z`z`nPl?6vTT<`vpEI9o1Sy2mtk+QTM`1`Vlf^XM{WV#eTbHyCTwCf_rUy|(ri%+}V
z;r>TuA5QQVU~y<SaNJ8N;aB_}Wv!2d8OyfT5^fQ;V_$h`PdoM>6OfFTl6Ri$agJxn
zp5^#l*|Qx}N7C?bk+t=qV$%NL`0c67oJ0Mu28%;qfa9LS4fquY&drYLf8yd_BYPWI
zdFdl??C(AJJ?{wc30c0w5<JDRHf8UZ3S2B~{qB6LgX140dAD}Fx9oP{U+O~wj`h_j
zVaokK?7a_I6jlHCzq_EKtcv(2QmWmR6bp4lG%TzI5wXw^(XcE*(XdcSv9PSr$f&3r
zi;RkDH7Y7AH7hFWMl+*sEHW!9EHW!9Eb_J@v;4h3Gv~nD`O@9<T)*#gJ=gVI-=nkh
zI%hufo-=38`^@a@GW!JPNs4D+K2tHenR!i!b>*1O$E3$nqYq%+XHa%6CefE;Dy-l8
z7=0Bn>ru8&#mKP})_w0DDMyU><$hu4$gvRCF<vRhApHvFQYT?)ht*VGC@cX;M*FLH
zoUS_79jw@e`6-I!n0OSA$NU^&=*a#G>-{y_3Ys{SW?O;f_{cdz;$`23^}a8ca>Nv3
zezh=SWZ#ALei{3Ym@Jf4s2JIIVf9sd^Bx-3mA?0+l*^k5mF$_C@Lo6DWT}T;Oo}90
z_C*F7{m*{6$u23E1Beuf$-dY?<2uzYJAo97$u1W@NIpz<F&9!YCi@ZtjcY2q3<5~f
z7WQQZ8e@e$&t%z*T@Egi6xpR=kP0x_R~Trtkv-q!VkwskE2L6Pc4;uAa!mGX3^Y7w
z7XhRyO!id<8pqv!t;y9=ex1p+!qQog>M+@_H_-5{{RWd8rTj*dn}rKaZV_H%a+|Pp
zYNU2db{X^}+3~-~#313DO_uu!cIoU$a;<5<#blST>?o34E8As2LXz{H{Wg>3d}qJi
zWI4y##q>zY!grXQDtxEO8N%}B2`N)p8V@N)SPY1iCoF>;Qh~6T2&quG%;aKW>6l2R
z!W&F37rxhIzi_$9Rl@g~yhT`yi&QQAfXTJO(y5W^gda4yLHHq)8-*V>xmnn6a*Oar
zliP$hncOb?h{-kwxYA^KUV;5llS70bGdWE7ag$xb(s7U?g=GLl@(PQ|kYa^pKt=Ki
zZ#FquSO$9}`EG|@20)|?VY$FZ$`syWa*ps;lk<ePnOq?JoXLg4G7upZ3qNmisqhOX
zmkZ<CMv`AxIyh35unbB_TZCUWxmp<GhE95XkTFP)4`IS;e25TM<AYZ?2QNr*nDqFN
zEUd<dbYV3<WD2YCL1ub<C=gcTgV;ll57IUD_#oXvj}LN4^!Omnp~r_>;e5Ox)nn4*
zL!+=79}Wtu@u5vvHjZ=*lO7*}q|d1FLEe+<@xdj$+6Xtk*QCdXSSeTIL!z)6A5w)2
z&3L(2qsNCF;k9OYzOWh}3WcQskV=Hr_)spa#)nE_H9i<VDmLS5q+E>;hIiEXuusa>
z_+a>@#Efs1ay32}9#P{%p!5edK7<I%K|l%@R^vmYuo@radrEqIF#3O)8J{BMYJ4#I
zyc!>}rCf~<Mn5k%<5x?$8Xt_lt;UBkDOclz(VwLwAZ?a%H9i=9Sd9<6q+E>;4Z?mS
z+}0$#(c~84O(q`^*5g9}xY8_l3ajx!zRRS?hX`RcK6r(tGa||NgZ223EUd-{`7W^@
zA2NkEoAJ5AYJ4aVR^vmFuo@pqg}0dT6~bzKs1jD=!**dcKGX_}A&}~Y)%egTtj33f
z!fJew?>p)7;h3-*ALM&-dVG-Y!0GY9C5(O}Nxm1TS^geGb0Tpn@myiFwIum|wr2Ue
z56y+dCB*WbW*t*WEPvCX%WH`1i1!gU3u8YewGy`z2X;dY@{&S`!-*q_V~Bmim?WhT
zXAox-=LvT=<5v?G6PFSDi8m8h6YnB!5bj~>HxaiGA0f7(E;`;x97Y^L>?MvPP9{z#
z&LqwyE+8%<E+wuYt|Hz}TuWRp9Axf$Bk@7vHsWK%L1;63Pjg-Q?MKZn;wa)+;zZ(9
z;a;ZBT;d$!eBod-rjWRVxSY6>cnfh2aUJnK;%4GjVW+v>cH%&^nJy0@4kwNzjv@9D
zrx0flXA|cUuO==Q?rqksjMz`SnYfyG7jc7dA5*7^xP|x#vHUo$j&~A=5l0C3H8s7&
zam2~OA!bZEaVBvtaRG6Wa6fb1QsN5YD&p<LwZ!$rjl>6u+lY?|hnm|BLZ8(<fY?PG
zMI1|<NSsPMmpF$wU%0=y-9q9L;&S3j;w{8A#C62`h?|L9iQ9<-;YD4a5aMv*0cJfT
ziDQU;#3{rX#M#0FO`SaA)x^cbWyF5s&BWEjyNDZzn}i3M+if8}LM%5Pbc~ZYj5vbW
zOB_d>EPRr=t#sl{;#}ea;v(Ww;tJs~Q?rVAJ8>;>J#nM($>zETiQ9;e5eH%H(ed&d
zt(slLQN*#tiNvYIbBS|^^MwbSbt@z;AucDbB;G<?LtIC^kGNTQh`Fs+;&$RdjF&nl
zggBfyk~oIgN1Q^OL7YvTN4%Q2n7EACFC1>xe=~74@h;*9VYz{a)I{7ue1urONTlPP
z!l#<+h7m^)dx_(SlZn%bGl_GF3xrQIw^c-3N?bu)MZBH3mbjj{k@z5S8}TvXAe_5&
zedITUHM@jeW<8^bV~G=qQ;Fvi=Md);7ZR5cmlIbKZy~M`cAIspBi={cOx#M`P8^7H
zuht0>_L!RC#F4}?#6IE_;tb+!;ymKj#KpvA#D3z<#MQ*Rh#QETh+Bw{5X+Zb_5M1E
z!-yk@y~J_E$-+a;c1tJDB+ex+ATA;<C9WW@BHm71OI%OfNPLjEjrbUG5Uxjb{pGiR
z?Gfg_xQL^OV~G=qQ;Fvi=Md);7ZR5cmlIbKZxKG-tXmCn9q~TmX5v=jcH%%><JgCp
znjysD#F4}?#6IE_;tb+!;ymKj#KpvA#D3z<#MQ*Rh#QETh+Bk*oBMc#Sbo$*mph5W
zh$D!-#Bs#Q#OcJD!ja~7bBPOxi-=2!D~PLzw-eVA*Aq7q9~2&8)}f8~7;zA;6LpOI
zPO@efaTIYZaUyZ5@EPW|<`U-+=Mxtamk6I}u3JuANxVfk%8aQYt|Q(@+)UgmJkngZ
zoj4HJt-3r!c$66vP8>-bL+m3?A<iJqCe9NcZR)QkE+#G`_7iU=t|s0^+(6t!+#>8X
zw|j(GKK#?=PU0})2x2dBobVV^GnqJ@IFmS+xPZ8bxRkhpxQckYaJ0GITH<=*M&g6S
zZN$fjgYaI#KGxKf-?i54B90=CB~BEMG1pBco=coVoKIXxTtZw<Tq!)x)Zao}LtIC^
zkGPq*mAGAayr~(8_ad4@h{K5^iDQJ%GS~GHrx0flXA|cUuO==gE)$M5_5H+~iK~fs
z5jPMw5w{Q@A(jVY>1{cQ!-yk@y~J_E$;9cznZ&uo1;j<frNkA)Rm9tgYl-WL8;K7R
zw-FyB4#ImZ-461*<(gf@QN*#tiNvYIbBS|^^N9<IONh&fD~Y!d*AUkc?;~y|ZY6Ff
z4#fLKy}u#E;lz=|F~mON6yglxY~noP)x^cbWyF5s&BWEjyNDZzn}jErK58L8LM&hU
z(J@ZqFyaVeFL4}kGI2U_CUGut0dWy=DRBjH74dfBTH<=*M&g6SZN$fjgYaHlw}bqK
zyk-}16mcwZB5^A5T;d$!eBwgl65?{=O5!cVHN<tq`-q!~TZ!9=16`f_8$ujT97!BQ
z>?2Mg&LGYv&Ldt;TufX>>?ht#Tur=-xPiEdxP|x#u?_bR^s#mlhY?2*dx_(SlZn%b
zGl_GF3y6z|ONlFptBAJ~*AmwgHxeHtZX-TM9E5uwx*Y}(yNIKRV~G=qQ;Fvi=Md)$
zpKUWzA#n+DIdLWN7UCM>I^uoA&BU$5?Zkn&Z=vfGB7BZnw{YS};uvBdaf)!9xo!q=
zHgO*DYT{zyiRQXx#D3z<#MQ*Rh#QETh+Bw{5X%?C^>&@aVZ;%{Ug9|7Wa4z<OyXSO
zbIpA$ATA;<C9WW@BHm71OI%OfNPLjEjrbUG5bmkyy2)?3YjzPw5yuiI5~mW+CC(wv
zCoUu|AucDbB;G<?LtIC^kGPq*mAGB_Jo8ut;@*$u5aMv+Na7e`A8`tC25~lV9`S18
zV&XDlKk;VbYT{kQ4a7~vEyPEN<qwDSzB`G-gnefFL=bz4<A{@q(}^>QbBPOxi-=2!
zD~PLzw-eVA*Aq7qA0%!gK1LjbdsOy#bARPG#x=W$qljaP6Nyua=Mv`-=Mxtamk^f|
zR}ya#PB80PLtIC^kGPq*Rd|xQZaZ-x?v3g45aMv+Na7e`A8`tC25~lV9`S18V&XF4
zM6;fL;?2a>#Jh+ah?|I8h>r+QHudF?=QKNs!-yk@y~0W6x^cwG#OcJD#JR);!c$D0
zBH~iw3gRl_?Zmaj^~8<D2Z`H+lg;fOBM!oSM_oRE*hL&g97~)?oJu^GIEOf&xRAJn
zxSY6>cnfh2aUJnK;%4Gj;&$Rd+)vf}9zq;W97!BQ>?2Mg&LGYv&Ldt;TufX>>?ht#
zTur=-xPiEdxP|x#u{?Z5@4J&Yj5vbWOB_d>Oq@=fNt{buKwLyzN?bu)MZBH3mbjj{
zk@z5S8}TvXAl&oT?J$7YMI1#OOPolYN<5c1hd7_Okhp}noVb#B3vmr`9q~TmX5v=j
zcH%(XkJtMiLL5#UNgPA$BTgaCAkHSv6P{|0KdXt0iOY!n!snaun~AH5cM&%bHwj;0
zuG>O<gjoKtN5?pc!-yk@y~J_E$;9cznZ&uo1;j<frNkA)Rm9tgYl-WL8;K7Rw-FyB
z4#MXcx*Y}(yNIKRV~G=qQ;Fvi=Md);7ZR5cmlIbKZy~NBt|Q(@+)Ug`+)f;b&r<Zh
zhY*JoM-s;n`-oGBGl;W^^N3dy7ZaBe`-wLbR}=3dZXj+VZXrHGEPv3e_uWYxMjS!x
zC5|IbCQc{LB+eC1G5uITTtr+-TtQq#yq&m~xSqI?_#kl`@iF2ce14_tHh|bg97P;U
zoJgEXJeN3!IG?zXxI}oG**@jOmBd?!Yl!QJ_YpS}w-UD#2ja6ez1<MvaN<bf7-AoB
z3ULN;HgO*DYT{zzGU4fFJNSt=6IT=OB5ojVB5ol*LM#vH(c5wohY?2*dx_(OFEs0!
zOq@=fNt{buKwLyzN?bu)MZ8@&)!c3^aXoP(@j>D?;$y@?_&if<4iKJU>br=eh+~Np
ziBpN^3a6PmImG$Ig~TPq<;0c5TZn6j>xlOeHxsuKw-X2AvsPWt5aMv+Na300zQhpw
zh*O9&h_i|Fh*uLA6PFSDi8m8h6YnB!AZ{XVAwD9UZtjcxK#OK4aTsv~v6ncGIGH$|
zIFmS+xPZ7wc$Qh8QsN5YD&p<LwZ!$rjl>6u+lY@52jPCau7muRuVxo<6mhKZY_raZ
z#Hqw{g)cH=a)|SZ3yDjJ%ZV$Aw-DC|XPEkR#QTVwiCc-=i34%JU+aVrhZ9E<#}NC7
zQ;0K&vx)PFR}0TE>t9S<M(iivOk7R8i@1TfiMWOM2(kPTudaiWIE*-g*h?HooJ^cf
zoJpKZTtHkzTq=CA*(MdlRm9tgYl-WL8;K7Rw-FyB4#H<Idb{%5#hP8jQN*#tiNvYI
zbBS|^^N9<IONh&fD~Y!d*AUkc?;~y&zQk<LR^oQzKzt^nV?v0-i6e<)h<(H<#2Lid
z#CgQ4iHnKLi2cHI&H8U9t|s0^+(6t!+(LXr_)=3-9+;@vNgPHTLF^@tBTgnxC(b0!
zB`zQ?A}%GaAg&_bPFzb|Puxg+Q1~))f7^(U5eNA?V+Ihrh@*&Oi4%!aiRTjM5a$yY
z5|<E{6IT*%5uRr=QVnq(@jl{a;#T5z;y`@vp*2H@!-*q_V~BmkDa0AVSvDhO3(q$>
zPk4dJ|EsSq1llomS1aJHi!D&G%rp;C?2|&I_Senl%B;l7vcAMQF^$K>dbk|w&;WKY
zZV?#llR~7xU7dOXlE)-^@|KPDFsvHSTf)ppx_)xoUD#)o;%}{?C(llh`gK#wL~k)B
z)~iB32$N1)FB=7{m;Q#$7KSp>>!Fs3-i?@8Z;M)nnUS>K1ITgQcI5Rk3Dmqnu}=z-
za<N_6j%>FV<`O6Q*D$eOwOWRmk+j}R$O-$5Qapc!^h8JN?E|x3jasHw>!{zms@$g*
z6p>yZwM=xs!o+&DY8hrm()Bxr9LMcKzN_Q$E6RC4N@=_O)H2zwJb#h(>eVvLjHI_K
z&vInF3exM3NLeO&krurMl!ar`N$bgT<yfx@dh#|vj@v-YwVuzS*NSE05uLQ&ITpQR
z(38F@dM9D7^)f7a5o$fF-b{;L<?haYbu#G{TJ&W9yE-1%S@gD$o*pZt{We(iyvTRe
ze(NoIHPB1O`m(>LQ2m~<=%pYZg5^5t_Itvj7x*Tgvx6YfI}LN)e(zcI<hd$ZLo_wl
zTl8X}C;KOQZqoY#dHnAfPcxCx8Yu4Iqn5aA<hyF;pVj(4SsBTP?dowT0(sGvdh~Ui
zxZPZ=C*?ZnI`l%Euum<>AiZHI(|QpWy@J1}-)R=TJkpCKJ)cES`dL@?JIA6|OnPUK
z-bEI@lE2VPv*`IrFN*Y*TJ+=@IbGFnu|=<%^hS~1%@(~%=ylak3oUvL(9``?=K6Tt
zZ_(QhJ*mG=`uNK4bMf(&2aoA-2)Cv?^mbbGnxW^?Vk%Cu@>`m$mri;yDo)zzD~p~D
zdFiJ*>H0NW^s1m2hamBhTsugd(eAhiKv9Q}!mwUf?f1Jy?;!Ma`^mVf^#)q><e5Vm
zSgw<<UkKuaeQLpgx8O@uMCx}o%Cz3;7Cn6&)oMnZ@MKF|5w;togD}_I^;xzX{<hf;
zvR%BL>e%jO7QGU+|5{S(8P5PhVRyBl^e^J>vFOS3k+g=as`*(<Tsh*p@`wC>qpahT
zm60N`9}$?#ek5Qn%VfPei(V!4x@s5sok!M7fu0`!5=rlKi=I5ssjKtMCl<YI=xKi>
zk)CW6RqklNI_P!T|15gdw7<!uC%>V}dX3O?VYyDSkCH+G!am6$H9;>Eb7{ZxF_&f1
ze)1cutk({`uG(*;MKA7Oo&73>^rl+$Y-+y{VkFtFBzYc_uun2b$)q<Od08g)%LZ`$
z0--16I!T<Qc>rObWRTLK7lFC#Zz|@pOxC**z<T1-uJo=&oUG%+B&mS(<aW8%tFY*W
zLvMhwhWR3KlI{fv`y_)@0X;olNxzY0Qjb>wTt6@Lx;h@!7QII3>Ha*M^bT0`VxcE-
zI>~k=?YHQ)K~MUfw4aP`5-0Wh)uNXQy?m7Gr1cJ4^kVCA9H1q77b95f4d`~_{_cX_
zb}gpjB-<BpvW`zONX2{LONXg97kRBW#-dk%1zjEAD2rYt-jGB<N9rfHA++99i(U~H
zbmiYfi(Vb{^!X!`^s+2^Wq+YJ*P_=>dh<zdl|@gUL)O)Jm2c6DZ0PKN*`!x$(W`}C
z6qf6RtdVZF=w(B%2uq~>7GW-N((aF2^yK+wE|lw}^)^}bTA-)<Uk-w`-s=`UC-PnG
z?`sx4?|Ys5dj;towCKq*)Vk99+@hBYJzc+C()-<_C;cKw@2rZG>@OC*?a<TyU8>@w
z{X%f!MU!@%KjissUDYobaneRUOp@xUetF32_KULU<@`nchFkOo?Cq@Ia?*>p=*hF=
zLZkvJ>EkQUVdMHmLC=dA=`S*V==#mE=oLcGrL<(G_2l_&tTz{WnOH7*SF1Q_zpE{J
z@~pb9+V3ihUJdkQTo%0o(tFgRR|CBgEZ0fb&u`HSdEb0?rs!RZV7<SuTlC}^bzSwB
z*DQJ!`#O)uYSR0{qL+&N09`p1C)p;8-gfB4p<L>BgNl>(3+!=X|I5aDxhU63@9%Mo
zUK{jcp(T2S2-f?1nnkYx>-n^pij(YM#K}57$sk33XtUK~E_!P**Lub??vRI!kwUOu
zSI2j(MXv>VdVh<srq;X6Qa^c~URQc^EP4?ib&dz?Nbg3AUNZ7Nqo(GIY**5?7QI~P
zZAZE6Z!zY&e)n4RijnW?_}*pFb2WDQ?KaXgp4ErEZoi7Z(0j_FmkK@Ie$xMS{fuY)
zk)G&xRlnCQdL>l9J4x?z#Gwf~>bL7J^gglZ)sS8(>HT8SYgFqY#7O#h{AAH<g`W69
zj>lb?>;3HuvvU2KuwJ4mb%I_m#K}57wX7X_^<dE}!(8i)wdlFjdTKQzPI#0>Z`a42
z_1i#t=Uen5kjMXyB-@oV*`n6~y)cwZ{mL=d^;>Gui$cCDe=N4>wLmXj>D^CycUtt4
zkx#^Oopk+fwdlot(%F6$2-fx6YSAk}K2nRRILXR$8f6`yWRQYBHOG0`--nRbdV4H-
z+mTN;)-Ydm{pu`wh0wzxHrmgRxz;;i(L08GgehgbYQ6myy^JPv+?D!mBE4TNdaj;b
zACJQpy<O1L$D@+;`eS`;qQh_U{K&5S+Xv-RS05%xVf#DBgU67UW#X677QIyDrC;f!
z_xB8oUOM!W5hVLtg}K(7WYNn(o|DvF(o_|Pw-ZMCtGEjhho+IYssAx<P8ZvCt94|i
z_d}kmDeRL%qzdeZ_R-VG>-|_}(JMh-u7`BedRJKVwo^Mli(svHi$$+St!LGH+!9xd
zd{@VJlUm=W1lq7&J^pQ@?Y?Z$+lRbIZ&bxe_IZomG3e>*zwIhc^!Hfw+L4bJ0hM&S
z)LHbRKI`nyFCbR8%NG{CxL)|Z3f)OmoJcoW^a`OT&$gESS510HEqe0o%LyW&lCIy+
z7QOHTo&EV`#OnHmqCQd`eg2i_VUEyZDo(P!5hv^TB!iR<J>7ma$ZNebEqXy{)ZxY&
z=8LZ1FpFLp^mIRcjr1<C=*hD+)mQ8cL9Lf$(c28YTtrCw)so(27Cm{c<}HSj`J(ma
zSoFfa?EKtnC+S^f(R23hdi=|^=+#0m0y<K^U8GlJ(Tjwh$E=$1s_S>7MeiW=;*{QQ
z(!1NDmjb=WF7zI=#L4qFyK3i+mhHL@c5e4A+U`phJ$d%#j4rmj-J&-adiuEG7EnjO
zs<-ILb2p#vLhntBULEv~Ax_$P59xhj(W{4EV;6c&7QJ0x;Th@B5<T1!>8Rf?7QM>8
z=I`8SNqyXYvgmF3rnCL<mbpW32z-c5bojCrdMmY<ij(Xh#EG^~GDxk^E5cmrhqrtk
zdZR3Q*&$~AWgSVnej_Y;c`X>9)&72<;$RuuB#WLr?{S3)sigJJwdfUnYyLiu)DLel
zI_kH;qE`hyw-!@zlD*8L=lZU59Kt1Dhu%tyUOn`tihxSGe)6ngVV^2bg`U1H!6j6O
z-t87WdG_N(wT{fR-a3n3CG-lgT=o~IoDRJQEqWQy8!tjCX}xlbUikN&_ZdD%ti;Lj
z*lN*}XGBg?S~Amm@_b}rpA;gkhF&t}Qok=S*Lts8^!7pT0$D*Nt@oNmZx`udNb1lt
zp0kX+KF_%NcRlWYWYKfBcJ^mjuS2g5aj0^KUKR9SM_wmgzwa%2rO>NKknAt4(xDfK
zMr6HQT$IT5jZRwcxJ7U7A@lqqdg$66dd9P%k=OehjxSFv)?zA7vi-4L(e_CODf|cX
zcbi1-d*o#qLTqPP>Q@ZCZ=}L1>H3{+(c26?`Mna+LsdKUF0|;$GxtvKLhpQwUQJu)
zeWV{rZ<$4}94B)be{|CIyTYQEd>Gfi*sj#?Cj{&Ly~U!Jd$P@zqs3I5WY=2sQvcoA
ze!vdB`z(6${I{kq_P5NU*9?)k0JDBSlipJny)F2%NTO6oCB46oS@gnx?L5B$JL*?w
z(K`aYi?o=ElkDpjy<&)zqFmbVHx-8v+m{x-l<=<4`=43#!rD8}N57Naaf_ZjpDZ5B
zb<+EL)S{OTJ#+=5et%%DkMF6yPxM<g^l%F9NLue?#0mS<l3eIv6NcV#%(dP)i=I5|
zEL*K3Gp*;f=oLUO6U(Lj?3lFP1s1)iQ@Xw`PO|7VLQh{82aw)8i=I6D>^iBKO1gd*
zTl9i(P!A$T>er3*uD9szgWii;40EklV9{%ZUX{|5-yhZcyWXN#a;o{;ms(Qm$@ABR
zeQH73(a!6Go}~ALMK2OxR_f|HTb|p_dR6Fj1<;oLmEZ8w^?TK#C(rnrtm+^$UB7CJ
zp6giW`AvUUPWsOW7Cm{^*TgRL8Z3G_(91=f)K7k+S=aB7MK9LX_4hJbEPDH(SETg%
zkzNm&0oji8M=A6!LtZDnzYfF+`_zJrKRS<Zf6_bMqSxl?`uf0S(X;*8*?t2_Z;C}P
z#%;4*uj(K(UB3j2UNZC=v0U2kB+{E>(c2Ea?ihD<(t7C@Jr@Q6`K=z&JDK!WSoCTl
zaL-bUKvd&Wi{1b+Sx-|>es5Req`%x@(Ua$-NI%s{>&Y|vg?(zlfIjw)>kavxYpu7*
zq9@Nk>1w=x(4yB2J?)RvNbg09Ud><VZL{cQpc897H|fdyA!IxH-+(jB<E3`1qy65r
z=ruqu2P?|)(BCDM_G`B2$#X*FyJ<S<_WRVL7YkF!@1cpFT%YLnGk%`{E9>hkdA`Lf
zUFiL2(W`<f^!qpY-DIuT8}F}Vb*(4QT$s^?UJ&AB9Umr1WdrTTen|aBklvXVy?vu?
zwhOz^8)ngqf+_U(6wV~Q^DKH1W4a!%&bH{S4zqW>pBYJdGc0=9(39`T>ZFfHibbyh
zdiwk5qe<@yi(W~z&9*>`VXpNSTJ#3s2kmwL8$)`lEqZOxo708fH5R=R(i=;9>n(aI
zWB=m(X3-18AfT^L$C2Js7QGhe-P1+=9<%5<!|fgKr_Un2k1TrfH{VBfqfz_qwdlDp
zsK{?zN&lNbdWS7~t0#2*{p>>)y(WC|Iu6?ty>m#fH|`f8+u;xS`^s5e?63Sr2Kyrn
zrq$P{6G?BRMbCLQejmAu{f)HfRY6aFcTMVd9_dZC=*izu#Y=@%($YSQUM)=KSL2Js
zOPq{Xmss@V?}?Ump*P#2mpRIAlkdn%{U(v#4HmtKcw84_xlX!%t1Nnf_@a3f;zVyU
zCSAV@i(XuUdH%EN-D}bF!esKDQPG=1dRr}e8I#Q4%(m)nw&-QRWcqq?D(Ssx(W`^r
zC0Yz~y}vsxdbSw5@%znEzY9pO$)XpLX#Q=6mehJ5S@bHP=Yo#tO(VTFi=Gn~lk$E?
zC$0CrMXzRD=kbv7T;im^7{8B#xjugcCE0A#wU{hdeB7efGTz>CJt^lKtv9&eiGIs~
zo{YOXX}y7n6ZWYE=@?Y>`En-donz6fm}36@g;j67MQ;}dl`sTJ`^_S~3oUxvp*KT|
zVXo_UzD2JIdYMY^BGNN{^9AJ{?U!t`eTuwJTJK7WUfkJsTRwE8esf6g4om$GLazYJ
zb<%qBn=;&fTQKO!Z=#CcC8YPXMQ`r;Hk*v!I%z$*Z^?Qk=h|)ZTd<;cDe3LD=#^c7
z_p4p#?Xc+8`Z~v}d8F59(Q8jJfA8H|zxOSAnHZ$BKe9;gJB!}-X*S#ES`2f&zh7DO
z3eiamp(Fddfb;@z{}9=Z<68!EywQc;pB6n^QfK`Zl3ut)Z|;RQ<M+t5q^{pdh~wko
z!l0+`XJ1ZwBb8pX5{ODQzbDFiQvY}r7oZjtBTjEiiZsjb{_u8VlI<P$Ev}&L&QN;j
zB1S5KUWW+b<<>adr1lwWm@j&}D^#3UEvrY|ITR=RAk%8Z;j*D4^}xwIwj*c8NcK*p
zrx%@vxLRFV6pEIlTM@_m>%;!KP$2yv50fmDaq<C+-f_I?SsgD5X3}~aEP9zKb|X&o
zmXjX3OUGyDqHx`PHd`gu)k*8goT_beZN`2e?rJP}9m}MCA(-&i?*zT(*YFt&-e2mZ
z^;YD~Tf8)X)UweoGmRM+bJp0HaTCUjak<8Lz5F_Ue2mLAe!_Sanc3^c$tg*8yH=7m
zysV=gWjm>|2ptTUfJl+36Gp`;lO~<*id?XK*@_kU%a-MioIb_XnOS=I$T6d$qepp1
zP8c)t@-f+GjUN{iJHj<?6pD;ycR@&0Gx8TMU6D0!>e5BaY_n!go)@1m^TL!_>67QB
zOiiDh7N0V6qPJIk!qkaldLek!id9SUv*u%-zucVXXv$w$kZ&86ot2+u8#RB$3frg!
z%a$xzxD;gt#ui2`mM#2E3OHe}WtaH~NnX3m6bdkoQm1Hu@fWe3`M;wf2#`k5=NPkn
zJJ-@j#I54=*8eJQIO2jZ{asv?($k(4y{<et4(04gX~3>LY3=imBQ61xPI^CN&Mn%C
zd?qHTv$Vlq^?6wBgd?N%vR7nvc6jvW|LODp)93%n8~?BL`O6p1Tb8$Qc~<`7WlL9}
z_y13y|DQhp|9YR#yC!>n){2GMda(byK0hXA+?Z(N>gMmSZR8n~a>6v*Fw%DV3EytQ
zvj0i{EiDkbqoL>4w>Eyf{@XRbU9~@8>X<qG7Q0v3o&BBNrgdwWbklsdJ#*aMzOk;0
z`a8N0m(zW%&Gv`G<Clwd;33DL13?q}nwdS0lEZ^;2pWmc9%R`_XLlDaCC5zbJ+ZGY
z+vBL;ncR=_&QrSMV!FOH!+m0Tef^2~A^Rik!$*GDcAiUXZSJFKq;nmvy*<y)+%4Bw
zo@Z~`jT+e2VH)WS+FG}<aed30_Nzj7czd^@EObYyBWuXctigM;PCk$ob~x)KPgcJP
zI})-&=e)Q0r&V7#1Dv4=?tZ@Ln=*E!j_&3f>YBZ2aJ2gr@91tD?j1aP{@~>IHk1uc
zbD#S4z(8lHC+k#?TRvi`m4-3rBi3v<5Z2K~`yGSkhjq5mAV=t+Lnn=tPZ_Za8fl&_
zc74Urj5X8j6Z<xdbeZLQ9J8bQWqgtR(}`t=`zE-<D+1Hpr=Sg$1VY#Lk(H@nd2i>b
zJKd-5?qM@^^`fRw4y=zJ^23{>n)Wy{HrC9FT{E(qx$Q%a*d56meM4)f^_gf-bN4#~
zH&dmqk?X(nj94GLv3YFmgpJ8-nh(|{*=#LqoT1KuX#p8qQxooP9(vR8!08kFq@J#J
z!;=-_afeoHihVD6D+DvvG>@xIaEF{dCe0n%DI1LvC?{|ACe}{fiqG>h-kY;Ea>s~`
z(SF;6^~pOj-n;l<<oa(mId*S9-npA4OY~kHi;7+UP5-f;XIJmW_ioS+y36|#naee-
z%)8qn*X+iHEc%A=aiMgOkxo>9q|@OZveP|yulwW!?y$q|lR|gop_drGa0cBPU;f^G
zV^+Br_nTwCK5$9Er9snzqTNojIfAyDJt}m^7Drb9omruKv-%y#3i<7)5i=%a?GK!@
zb@9ekSDBru8#+^i*_GA~N^=iDx7x61(Cp|zU!N4{@!LmS<#7)*Ma|a{>o*)85T$w(
zJho|oXQSK(#zFYQF=+aL)d!scW)=s3Z{JIMCuc>w2afFUp|k&lH6#1}(dUq3-Dq3#
z#@MaeDG2vCoxSVUB%x)T(G8y322Vem!&mEC?}@iL2TZi<Nc4^Uk4^g&D}?rBzs~jq
zC9j{FH8IfRmK!9f(TMnIj){FE<+dbp@H37<au%=Cisf2&kE6+x9N!r~WPh5w$3-Le
zv~G@^5gU(gFeAY|0R12#Ye2@DA+zSF?p2#`leC-kFURh;kB{tgsIPWg$x^Ld(^oeE
zMueWa1K{{4b+;M)AW7cKpbsR;`yH8^9iabCcj#VszXR@&_Mbv`q~iGBwb51Duhx+@
zWoK5>-mJ+7vJwwxP4Z-okIp(LA!}S()`b1tmuH=29^CObxC!oYKJ)nQoDl6!mZ9RY
z3A2|^!0~ksNXR<N<CeSLXr4Xlpl;YU!IKqT8>M`5$g#n5mM1I5<L@wzcTmE3kKbpm
z=E;g}3iY_XgXWJ@1?b55+pwrWX8?-LvJ@i|Yi7P1*?g|cv-7x_bN#tC+C8pf>~}*a
z_6hc=vQcY2SrfbChErfd)<lnc;!%$$YwXcc(e8<74E1Eiz2K2g6i{bR*4eFl6WrdC
zd|!mFo;!9>sC-Z;i_wnHp*=&h&UOYwXPvhW#pp^2S?77&XMYFHG1K})yU$0)jCVQ@
zWSx7c_d4S}Y_xmK+wV{8Gg5gf!9C%O2#>?&nPwYO|7%q90r$BQKH-3SBI4iv+~Xee
z$zJS<j*oVqgSx8tZ=&`ea8KCZr+a~Ix%;g7?&vhPH^Chj?LNDs`S&|E><o80Jz3)p
zyJOdNhhnrlT8m*9^~QJB+rNqWVy}Cg$6tAd+pKqMn(Rj`l{9Ti@K+8_boTFPmnH|g
z*xqOF+Kmpj_u2JmT$$f7=+zKfEh)|B?6IWBr9Gzgi1rtqJ;viN)7zN6v-clP?Bv@!
zG4?un!Qr3;f6@8z(f-O4S2*0m<1cc#3(Y!W|K|4?{>-UEAX=nF_d62YF=vj^ySaOy
z?VC+F$}z4<wHRPK`XGXi#x#tr#pchBK4JBwo;Ilr3CdV1`zPmH?4R1te^7-fe8U}f
zZ0+dlyX}a*Yn{X9bSAjRPTA~O_v&#pzsHT6fTlO5IilTOj~gF$7#+(!{%v%h@i0{F
z*xKl<WNO0%ck*Kc97#7H_qfk1*@i=0vS6ed5~ZhRj||irv6~N=II{PD9TU16*9|u%
z1xPPO{nVJy+u@$F)19=}J^6q;@vwUmhJ*Y2$;CtHj^>_M;k+=Wc;l_^;`O)oD_*lU
z%Vz2a;R?frp#KZE;BXWoF-b}^XC3#zbiTq;F7c?hkt9Yl4r~W=xvbw+j0gm(jc0*n
zWR<zZ;v8d}kI99}gJ~@$xk)N~3nm>?43?X*Qhq-sxx*^_Bqq1we_^iU>%rYs`CiN&
zm}Fb~FzND7sJsbmTp406pH66<X0Y5PlWqNkNs{R3r1xtE3S=8HkH;kOcVUtw@xt=y
zmy}DL&s6*Y<|ixu0dq+bFFX{J#P>sG<Qrwe)1_ia5+j^|xs;cJ`zwBgVubNUF(YOR
zxR2u3z;4B#gYn<cYzFA|`5Np{<t<eH1C_T?`7dBeQa53J9DfJPA}K!x(E1LDYyCig
zZvP%&9UlbNI=v+rNpyq<VeY{+l**Acl0Gid&aznMl4M<-bc`Pb5+id-6643Dk5@HV
z*XJd01SZ+;eoXRBd*S{F&@pn+6RpaVz@rq)r;Dd6zE6UYWLv_zO&$izBBKse{uo&5
zDCJdD{tT7N@zpvnP<b_#%W;<^I>G}nm-@d?<;WUIw~yQvmTk*i!i+j#J{gm&dkB*x
zDHqn|(FoRcjsXW_nZ%z*<?&$MCX2w*2SjHvc%+Ko0G1@>!e?MEI<-_T9I48suS$}5
zVSLbJ#7~sUAW6BfZmUUPSw+edsr-B}{u|{ffB|3+rc5bBl6c`8F_-essa#n1fqt@6
zND?m`in+uO1?%lbfOUP&0E?8wM^Sk+mB)Z}Kg<A2l6Ya!k@e-tSdye%SlVC87lY$5
zmpaJPsYWaQnBs+Xee{#0M5md`zXt1iwt(^9(EJ{t_p24Gbq-4alIRHQ@^&g0*5!Xv
zxv*?Y>MSQN?fpSuNusHf?zclxAnV9nk`ePCK8jktFgI&d?&5shq|F_bxGeR8Ni)Yp
zCugn5v5h)m(KQR^r6ydEm^5bI!h*kA^cUsPU6dP}F%`QOqyXEf|MGd6Q8g*;s>()r
z7xg`{Tvh6XLS562LaIe)HM?5+7a!r7ZHQ{3h1CX;$y>fG&pbMR^%`)(Q&^;ziGMm%
zzzKi#E6b&Cbfy4f9OwMt&J5_kes-w3or<!4HW+ZiCu_34eA3&Q0t}yVUe3RrDd2>^
zPLTEcb}j@3obVI^$)93beySz!GTf#M<;qA#DxD-RpI7Q6`QbW)x#Z<D7M&!Iuh4ZQ
z$xrFXnej7KUe3Is_?Kx}zS5FkWyu$+yquLoQQO;8Ud}?HIDTa+FEiP`UqB_vKch34
zOTNaEf6J0@u;k@xPbXRbYn{Pd@;_Sgzp1>8HlgTG@>WzQiFaA@!!7yImOOv|O4gU}
zlj$V+*_J$ipGTHoX<1%q$=|K=GV+Dm(BClx$Uv69DsSPWWlOJKxIEvsBr7*}*#f;}
z>QcCJ(ei~0b-}DWd?w$KOIo}%D_1W{QemBgppu`mFh6ne<qKEj&s==%LfewXOKnRQ
zE?JPbN>((3J1E)^TavZF*s!b*p1Cmpf`vx3<fsP7nKdX_wtW7|MS5MMBJ<|0%wBx;
zip67X^X4sCmTkgHMY3Vbz|~pT1nmEnW>pt1S+NjJB45QoJ7B(iVOI9Ml}lGFzI^Gz
z?0NHLSMug%WoOUJ7FdwGFl)IEpSNUXZvJAmTxPu5ycI@M<ju=pc0#$)5L7es=-ZWX
z<)mhpOEV-nYuVM1<`h0jO3i+1mrGP6S<NnQBaoy>mxl|ha+k0g`XYpt4$yYOc4Z|b
zW4o#j#&%U5r2px4jqR#B{Fm*ja+k!bIvCqk<&jh_<Bwepb6#OJ#Kll~ES1Lzt9|ha
z^S;nv_rJ7XY9EdLazhNs*e~N!L$#;6gfQAuu?ul_*&!rjzf}E={ZjQe_DjVZ`=#QI
z{gTUGBxApZnQZKr+7};+PS`K06jC52J0BzU*2XwSyf2E4eNmdy^meHflCdv}UC7(j
zNx|3`#m2rU9b;dVj<GL_jeSu%#=gi(NXEV>_91UqV^X5<2)rOAW3tO-K2i!MyS!CG
zO2uTC%TlCtOm^8IQU)gb7z1r{g;ji}uv~5<Wn;4AJM@xrFxjPoNV%AFzseI<b<P)7
zF$Kh{h1GToiHn5Qu`U)?$GU`KN`+PXlo6K`18sJBD}!_yCVAI*0CUk7-i&!2mA^~;
z5pff-G^?yDO((l2T#vcr2lT)Tl5p?<1C8^%lm{X!=lo!GtP{Yp?mo<?2qPv)aj+T(
zE>tn|F_*g@5-)X`EsS`l;$YPdSE%w3%!Px)@Pf1)ldQWI^J|5%u2fGrSdAOf&JuG!
z=64ArMphTrI<ib+p2U2UFk-?LYaO|6kQmW>LB+Tf2M-1y)nJmCX3T4ap%bB4@5?`=
z++jXr{CmZHu#SAsT*^~1_bZln<?{EzI{r)I?}`6S+)gaF=k>aBmqfEXw_LMyec@)r
z%J;#9<(==j#FG@u9h<3&<+!B_%fUqw)_r3xSjweu2nS1JB4uL|{a>JC98<)|>c%lu
z{l_?_h>^QJ*GN19q(2Dj{v+?2MMv&XtyL`hcZ)FMrJo4vHZM~#a(o{aMvU|mVciEF
zmvU&xoelZCL1Ltz2<w<vC}xM^4={gQ81b^3!a9Dhlq=0oRg4RBVcoC3lyVjGi!gMg
z&j@RsV=6}O=E<FBiHSs+u-54%<<OBB=}*ExAVxm<6P}Lw5Mit<{uT~aW6@YuE<=`Z
zuo{;xlX9#p{ZQ_($ht9z5!UO<_h2Qa6!Y6uOe|uAwT|3Hk{D^*R}_o?b_zo?PO<h;
zor>9udA*A9Ax2mqQ&}dOa+mKz#d2p)sy?76UXX-?hZtyk5VHa3kn<4xyy8zV50Q0I
z?!#Q}5DC{}UO_DVOqV}J{2Z~dUus=BElIrGog1%MJUxL}_E};QF`pvb3ol5*+DFsC
zQjRd=w_CK2W=S~;tDt$Yia|3PtjFQ`Dn^c7j*1Z<3G0|V6(h&T@EW!y-Z8x91|S(;
z!?p?$b35`<AMuWGum>+lk71H>@r!V<x^6MXOst!absJQSctlvod?@9J*^jv#58;<E
z|6H-G`?WCiU6>08N8klX`nSYO%u!*)$Rc6gKZCGL$|F%GtotPXM9(M}F9_@Uc%&Sf
zNtj2f7%yUk^>)1!6RTpx7sA2n+H8`Fk@JCQ>3S|DzDltl>s~92dWv_1gNFf-q}^p*
z@l%nCk-j6Wy<qqbG2*W~Rg4cY!aAlBd3nyXbf)hVAI4nXU+VHW#Zun|if_jJZpF`I
z{;J}Q0r=Y|#R2f$*_cG<Ld<={Q;08BEO!p&?^`7PEN~x8nq9=hiANL9Qk;qTC5q+F
z<cEr7ADf83B$m64dVhZ;{+al9V#Bkjr`**{Q0>+Xo=lvqI2CibzcC;fFG#}L%a?$q
z991*^22Fc8OUj`y3$9QxL6{2%pNSVF<D7^Xsrz-vi;j3%SbMoh$`K=XO>a{%A(#v6
zn7dU>73SrN<!<T&!q6073+q1ftST2@3kQo?kZLeVym(nym%pvbU6>085626V;c?XM
z5co4pvTlT89b=r=5EFww)kFFfV#Kq;y8gykjTpJ}Z=Bb_F0kQc#CLf4B&>)uRCEv{
zcZP=vBSyR|toKpwmq@wzS6J_hab82Y_)$1mDuX0`5KZ}%VUsXo#E-%{MtmYMay~K6
zQ;6{)MmQLgq)$|gc;QE3#3Z6zI9R>M5nqW;3(EQkBPJO!!oljjkDLP~Mn08rshAYR
z2nUY>APrM7iI_*L80o9R!J~~3TdazaPb<X3qA7R&<+ovEyXgoM4weQ)TCU176bGyK
zRt0KZ`845n6*Ctx!n!`|Rg8Rc@ra7aM2v87Gyv%d6(gTwY*R7WC>IVMYlPTdRx$F4
z#;c0u(~~!aQRf_l2?xu;Mfy;c=PK6c0$E4)S3Y6+LB-@DMp*X;`7(lN=A&F#Ylf-v
z0+b8ua(P~l#IHuVux__0s=N^8!n%B#l%ozZjx8Wwq&O3GStblk@w%`+$K9yPi%~AD
z_v-;wUV?IAy{$?q$F`*JJ+8PGee7w)HJEQBenA-9ErpJ-_Rc?5%v+ehu42j%BdlZU
zRg8QJ^NxxsM~twJ8HD@*Cti?*gU>L~c(L~|IS4bmydZ^Ova4&nFyUTOiaw9Yj(SRp
z#AH{RlGi#?q;-sSm5z)@T1UFL))8-Oon&FOlO*wj=1k&TV(Ak)Mvj?gX-CZ!#8t%G
ziED}Li5rOz61Nc_BbMtQy<NF3(d-gN|B@6%EY~x-Jdrq+crI}cv0Rhsbqk40h|7s9
ziRGGAuUkW0N4$@?nYfj>omk!<YE5|-nP&O@49)U4>6&AReZ(?8>X;1TY-0J_XC1Se
zxR|(%*iS6KwWHUq7KTqG?ILa<mg^{cpc&Ibe1sSu1a-tXiDkUf>&jTHS$=Otvy5Gu
zlZn%b<vL8q<PsMU7ZH~dR}fbbZzrxLmhnVytC9F1aU1b5VT^T>g3wNy<(gWvi#Uon
zmN=0(m3S_34skwlA#n+DIdLWN7UCM>I^uoA&BXHCB6`2ti38CFx;%t9oLGMML&wAr
z`-tVYH*`z}aW=91{)LWNO<YV|M(iivOk7R8i@1TfiMWOM2(f%EK-b4fEYI-J<q^bQ
zV)@Mu9V5R>p;>-=Lvto^E^z^I5pgMT1#uPec417CYKiNK&82_;>Ou&HLTLsg#o$%W
zk2;~77-<Mzg?&cOW^2O<QqEyRG0FO}OwOO@sJzyji+my`owVL~6tG?n?#aseOY~sN
z4!zl6uAg5m!^}upPwqLgUd&*#KB9-i-J!P>%zBl`Ct}h`>n%nB>-nIk>nE2TvP|}O
z9VXUmL0-<=I%&N%C}2G&8dT0xQa`!O(0Y%9Sx?@}YYi;w;7y8sQi#+X-nqYWnWOb;
z!K_y-8A>|48)d@M_LBZ8PTC*{)8EB?h#2d3e?pl~dY|4yfv`_4XvKcWIbPaDuI2Q8
z$o(AFlXK@#Ogd@3Z&AQ{6}ZutiOPyzs9Gk+tvke6&ySVPM7d5{Pp*Sl@0i=XmnC`w
zFv&8}lY6GDSC0knOMyySZxG5@Z-55@s(x~PtM$AVJwFVkzm+7CTJKD&-s$Lnh?V-m
zq8)m2j~D+td|r*~Vu{g7>*;6Y_|$?eXcW<rSXiJ#FI(x!^{}K*p(ozgNwy`^61=F(
zbYqb`4?0!{sTj%LsPy!r>4?+XQYKoG<o*}8Umfa~jB=@;+|$+VXIx7nuhR|CYec)~
zr1fsG=!Ha?aiZtKr1koN12E|{8=dJMErLRgGN*27Ywd6LzX+7;{v!QaJkNS5xGy31
zl6BI!Vqxy0e0=xefAw!2$9cUjGyVPFIyTA1Pzf3HWz_E>z2pDFm&ix0`0ssggRwj6
z1&7@@Hu}(;``Q_y+gXmUus$Y#6(_fkc>MdTI1FQkp6<gE*OfnD*Ax7)4Ee77!F5B3
z@vT{PJ4CV_{V!{w{1v$B0+{{X-^NCd8xw2xn7{8Y>2flr{xZ$@rA%Y<@^W1N?<n~j
z&~5WKVSl&ye|x)sC+G}Z7ht>HlZ27o5$!)d{E@>$5+6%E>~!>Q!=Ehuhh>g+Hk)Us
z%UI_ZBit6haK+@M3zo0S%XckYx?tJLrT8A`!fe;#CGr);h09%6E?gDm!ncH6i}PJ8
z^Kk!i;flnC{~Ph4J8FCW^wt+2zxVBq-?skYI25?o6W8!w{2qsA&+!+QJKaXlsKw_D
zz3jFG{IN-ZJs}?8@Wk6a0Rai|fPjR6z_fsF3Gsmm0o~K$yLke7B*b_3#P>)D2ucg+
znGhe85YQ_vzNaT3I3d25CqDRJL!$$n2@ZR7yffP2NQm$4aRfxi_wmH{jkKemVrwJp
zk@8`qP`^mGB6s8%lal+!+PyK}3GuO~CHE8P7dtxHE#Qtl&+GAyP;s&GuA#0G_Huh^
z>`J%I<{Ily4k+$d=v^88z8#s^0B@qVz?~PHAN{@q`HX<nL~qWROfT{Q=JFVCa*A(~
zw=j04u{@7fo#oBcD^>;gXL(C$wQ=5zxv4X~dB$q70h#`ln?A9-p7dAs@{jeFR^@N{
z#G!MAe&hmlt|}J+nK>(6i~Kp=OG{VY^|9S`pTE3k=^}4oasJvyhpX6M98|c-o0pfr
z{G$NZaDSx3HO!l{I&;2vXT2+U|DXr^_zH}jy~bbMBQ<a3@{jDUYy1U0@`}CQ0<7aO
zbLHMlQ$fNCZ}k>9^9sDH?5PDSvAnp4_k<NQPgv1+;)>z2Vn451G4q5KeJ8A#dg6*v
zvZ7n>tk1VHVV~WV=uZyxE%K&j<fnb$aLw{3ck?BAy=K!6^~XAJkR#(<Lve`L-Fn;?
zx$-I)X0Id9<F9sXwAuWhhNKp*T-z9sSL}}rT93Pmo)FioUT<VRA|f4YY_>uaoaxQn
zlE3X!d)_PlZNauJ9&fc1FC*-!)hoAs>Og5@uz!Duw{7L&&ja#~`>Xqwz7n!!zc;fw
zAIqwP3z2)(>ubp0yWgI--@muFt>G1KV>n)3>gPQ{BGW42J3%7VA`vAL(jfCcbmU0~
z@IMw}G)q99G)rk&Na_93GI`Q0g+(DaY(~r2^Tzt418m-6Z)_Z1ZdJYiKYJ+JZi}97
zi?-XNr`x0Lj_B!*XnR2P^ne6=w={cT+VsFQd-sIt-4g6Q(xwA?B-neV*@M!i2c_A2
zB~0&`U=L244hVK-#CxVYUA~{wruTM5u1uKT$1}Ze&`)(=G``oeqaA-}?Cafj!Wgs1
zF*VEMiF3K*N6h%c8SHssc`&?bH_X1SoBh9QjPbng{HsC6<5rvd&n?vG#3-}h8yl|2
zm?%BQ#L*bz8i^4m*^aI_1{a(je}<!AOrC3{XRjR@nDcaRjyu!n&E8r5jBcqOZ$`h=
zLRdM#YgpOiExxdDt@qaW)X0@sqt4-@mFvBEk@@J~SWxUJtoLTRkP9${qr7$VYIk}w
zjnx_*skGXDua8#S@6DstMtU2UHSG1~6|D4L<8SGanTg(J_b&2Bc6a@tY-d*V2d~eU
zpRg~$8{>}*aE<b|+}M1;d-z>f<cwhasq>)FzOnIMz0=8#X4-tBw?S_n4Uq1w)tgUt
z_$GTJ`??}vwpyd!$&QS8u6d%j`Gi#)PF(dgS+!q-TDA6sZRW&hp0H~3iK~v5Ro%@k
zE4@GXllwF@tb}{L`~8u<U5Vb>y8N9@4sX3b(utgE<Y+lRV6-{U9BtO&D#7feIIB!@
znaBH#p=l0V;X*t1-ay;w{amwU?~On0E%fxm;jc~2zj$U^H=7*!zIef|XRN$<=KOB9
z!bNspDi8~8v-+hj@-}Cfp@qmnCNuwv1@pVxGG}>nPQ%Nbehr-~)}FAU?}QbbX~og9
zqU`o}U(W9%Tg0A!@_t%xwMFdt+pniNZRQqnz|S8mBgrgp^ymP*rey_~`~07sg0TdD
z#-C`6CW*#ql4y)3i2)bHnBz%KR$7uVqD->Oh%(8MFbN}#F`^_HBTAAnq9pZ7NHRv0
zBx6KLGDei7KAt4&h=TXxJKB1V*}S%5Xn0_nzx`tQY6Y$qoDMuN0UsXY@5xUnU5C@e
zvonLngzgBzHQ0&I4#73gAKez)_c#)kO!Rr;uk?79#OdcV;BT3GYYtyK{2@ouP}`z+
z9J?pmhP~!UYPXH-?d+Zr9qUN-tz3i8@b@_i6a58&@wgpvO-SC|-c-3l2q=_G4JjKN
z;$7uU_2zTIS>DuSIrCw~gg}INB``_Of@8fC5|Tq@mX_?1*?jLf?}X(;7A@M~Sa&I|
z6GPTDA2(`HkQVF6OO+bnq**9uhZ*>?Ut$QZT#Snwvj$Rz8pL?>eEHZ~a$sjr#>%u0
z>{v0nn+=ylGLVfoua2h9j}1l1)a9`rnXQeDmaDA0P=|Gnb#b=j1gY01?^)gn+dMnN
zy6-pZld-(ugcd0`T4X|q_ul{CEwa{Zk-N+m*_0eD71%ap(Xgu*mM7pM1Q$4k*Z8Y?
zNGqNn;(NktT*(BWtlTJ@8sfX(>rFNr;3_=25v?>;oknq3r1N7xcNV1OVYWARzU=M+
zIAP9VT$gu$>o~rvGc44RbhXVhGOpRv&l!+}_wlte{W;xg6L92Lbz2-bWM=Iw<cB2G
zN?(wYGtH7SJ4?<nOU~&mxnQhk=ds~qpK}h}J=eCgJ|x*`4l(A5WWK}Zw%Kr1SkT?4
zM{EoY7`lxs#msBGzMOn>AUBE~X7T0b7;g6(oeP7x%ecNu@=kRohx_D0Lxz5=@!zN%
zo*eamNI5Dw?!QMlMvk*w;}112pGU-{y<x`z9sayyou8i5vKvE*3>(%5@fc%IP4x0z
zZO*~Ypa+BU?!UWqmFuouEv2{JeNB*K(JpsXk11zGB+Q@aTONPqHOuGAm!B{?na^>V
z*<J1t$g^Eg%EOY3X%0Q&c8*mT=PnJL7BI1!DWVn_b?CC3o{RK{V}HP*z|{13Jn1HI
zVqhDd<q~nX*W;RUSK^e1#&z$9?eFxrzx{4_VCRD@ra31%^}|R|?$pEI-aR1)-U-RD
z2cJH|K6~XcjI?-o#j`Wj$ZBn(6UW#Q_Co<v`<a!<v1dl#)U2wJ6WMP{=#{Cim??KH
zK{a8fog0I4>~HT5?>nt;Y(M?r2YIA~erveb-yUiIWbd@T7@7N+O#<$y=FuN=`W;=g
zxL<}F6?M=4>L@BI_wS{>t?h2DbV*wD{3LnXjbNN6Y%)0qIJ;lk-IacmH|g%wMAzkI
zqj2#$Y*Sz7!6~7ki|#rp+%Y0xWcS`};cG_($f{Au%iM{%A)~a6=P$gK_3?~v<9{3T
zhhtB`{=n3O>bNvS-&Cs_WayNK!*&PRruD9kbG40jnfr&~0IeVV!|bJhTAKZ;x~#?-
zE%EI*vAN_r8_#(7KfH~!o>zR}9sg+TKYfopwC3L*{l5Ck32Pr1ef*Y~J0~UX`s~|(
zrC(PT{n*Z-6Msm#Cph8g>(hfqZCn)jam2Q(FWEG8$?fl*zP$aH>~%TigZ5R<t-o~P
z3wPz_C8z#z=%r6C8<=#_<99q*RNDBIt)%AtUcVm9=vMvQ<n9eor~c#Z^ZGh=Jo{>Z
zz5i`jp1r<b{Dqe{eRuESci(B-{`HCtoAW*2JU#B_1HYZs629{DrBi+yeAOu<-nezy
zi}U+D8TQ(cW3$h_VE5ituKPc&{j*@t#YaxtUp2P4$D3oehK9@;Uf4P>bH<HNoc#Rx
zy+?j^?ZbD!Rq><0`J8FbobmIPy6<0!yJ_ZqStp$tc*D!rd^qfj#RC@1ayze2ef-Fb
znG54@c)jwZ!5c0ce)hkveCnK^CO>%EQyE7$-yQJf1+$KNUB4{3`swvo*B76j;`sU4
zM_*m|(Z9}kqcCyYuzx%<|M{sGZ~g4@Aupd^-sii?U)272sbl5n*F)P<);w}=(jB{h
zd;iLB=KUk!o{GB$et+$fe||D2?Vgc0y|(XtcYel*#m!R_>)yKaid%QCELe5tkt@&5
zxNrYeFAaa;!Y^Js>FMIOMVno3Z9n^+>%-3fe8Ji=gTKlgJLBHTH_n{jd`<S&qGzsr
zCEUN}&$2Uve#^*7&O7;!$^W<|_p`DW+pkL-`u>Wi4md7Ye$hWp`|^yZW-aOw`Te$l
zozIWH|GGEUJsNb@`-g9d^lp3fpF>~1BET_s?Vv+vhQE8;UE5bZ-gdahzc(IOJbllR
zPZoagTDR_}&5wESwm%=+_2A4=G5%Tq-W2`CZQWLW|4ZeB)|-N#{4vwl{o$)Fn-Q|~
z)!%M&pF6Sp{teG`J9mH5t6xuh{*LtZ-7ejA)v|rv1CI|(&5ZcH{N#JTef7ioNxoaJ
zdFbQIUrlJ)QhfWZJz_68`I}FFs9QCq*XoVm_Dxv*)~QA9u(j=`b%i~X51kpkIj`TT
z)0bbI`}^@ef6R`(x$mhTJTr0lgpuR3KknPh{n*@`_tGzU;OtT3Beq`N%h~svi|*dL
z;fL)Ht$$$1g>TdrZgMqcExzEIiw6x34e#~x-3Pup!(Th8*%NolNkc+|d-v?~^qaRI
zeyQq(k#$d;I^gD$f4V58$I544*?->;e`MbH$iu_zzt;S`eC`|PEJ}>I;rC0f9x>_m
zrrksTm2>RS3k!ZaSp9a>n2$nkUXbAP+}q#PZ+Fr45$E6BKJk^k{i1(+X3548Z(cC^
zp;P|t-PY8awyt->mpiV>9rWCp_q~+&#L?ukexB@ar|c>@RyFv%Hh*K(^|OC09qV~>
z`qW!?ychfNpPSw;86Ui_{M|J_KNk7fwT}+F^Tkgp|M~QJ2Om5;s`p(5sSni8yJCLQ
z4e2}k-|<UJbz|vezfKtS^Rut7eXa1)hgaX-u=t6QA1r$=^z?Vnxo>mb<JX6UEL~91
za@{NEeA=^M*q$R{bC%j)yuY>T{tItfxb&W{Z}|H7lR@v+xW8^0_~XY9eDm@<<CmSk
zujj+xeYkqdh-bG|ju|ubyfeIIkM6Erv}xQ~HPiDSdwcD%Ee)m30~;S7dwzM~PrrWB
z8s8^%&yAyhS%1<UA5Ob^+Lj+DrB8dZ{`0^M2fuv&y@!SrUy)LMTGWmkXDmz#{O+;`
zFCAB6Uy*;y(NXcizh8XH<<F(<{q(M}vqQe^Kjp(EC0QTcf30)lS$7U-pL1(m|L=bo
z{=_@u-pYFM&{yGK#BH5&?VQi|R-Cuu@T^tu3<&$@S#PfRZqKhXFM0Bhc>|VB{CwS~
zi3Mx^{p{Q4?#g*7DkdU!p6`*J%U?fbkn{8dHMdWVi;Tag_wlRjRTDmY&KXp3aC>9v
zj@j8+MgO`k?}g|O^5^CzCtOtB0Q;xH{xf0!*J1w+u>Zec|DRz0r(plPVgFgM|1Yrr
zdf5MT*#8*p{}Jq82>bs7_MZy-Uk>}1!~S2u{tnnb6!w1v_TLTre*^p91N(mu`+oxa
zkA(f-hy6#u{)w>v6|jE+?0+TfzaRF00ro!$_Fn}1Z-@QEVE?tSe<tid8TN06{fl7#
zaM-^L_RoO*Plo+(f&E{E{fEN-2Vnn;VE;2<{~oY^0PKH1?Efh2e;D@P2K&DZ`_F~_
z&xHN&g8kcI|BbN!9@zf_*#9)x|2EkFLD=69`$xn6D`Ec$u>X^=e|Ok_2JHVE>^~9q
ze+KqXg8iR|{ky^b%V7WGuzv*Xe=qD`5BpyO`@ahN7sLLsu>Ys9{}kB&TiE|C@jvW;
z6YQT1`)`K*r^Eig!~U~j|5IWA;jn);?C*yC--G?nhW)p~{(WKpy|Dj7u>Xay|0dXf
zG3-AG_U{Gze+Bzbg8ff{{exlur(yq>VE;PU|7O@f1@?ah_WuL+e;D?!f&Jfr{bOMN
zt6~2p*gpsMUjX~R4f}_{{yx~>1^ZtQ`?tgX{b2tku>S?H|G#1XR@lD*_Rod=?}Po1
z!u}rEe;4dO81`?3{eOi0--P{l!2W;2{^Mc)cVYiX*nb%8UkUpkg#CNN{tv+Z^I`v;
zuzw5ee;MrmGwlBw?7tfJe**S@4)#9>_J17qUkdwQ2mAMg{g1%@cG$lP_FoA5-vIju
z!Tw*v{vX5s@4){1VE+$c|7T(UF|fZE_OFHg&w~9QgZ;O_{sUqE^I`vAVgEj`|7h6%
z4%mMh?4J(%e-8V93HuL${i|XB8)5%I*#A=4e+BG63iiJk_D_TT$HM;oVgC}?|617p
zPT2oe*#8IEe;n+82=<SI{pY~`=fVD~VE=!@{@=m=m%#o5VE=Wn{~Fl;T-ZMf_MZp)
zFNgh|u>b9_e?07e73}{R>|X)<m%{#8uzw!xpAY*d!2XZJ{tIFMO4$E0*#An{e=_W!
z0s9BQ{zqZ|C9wb1uzw2d{}Jr}FW5g3_J0KSzZmu(0{i!Y{cB<Wm9T#s?0+xp{~PQ-
z5B9Hs{jY`n=fM6q!TxU8e=+P|2m9X&`>%ri&xQT3g8eUq{hx;YH^csC!~W;P{$pVO
zv9SM*u>Uo%|1+?^AND^J_RoR+|A75-VgGj6|9#ls0sH?0_J0cYkA(eq!v5F6{z0(+
zEwKNiu>TdX|615T9QNN1`yYn=55WFMVE@-(|M{^0pRoT-*nbx6{{`&-J?!5K`~L|0
zKMeba!2Y+v{@r2!Zm|EWu>T#f|D~}1KG=UC?EgFL|1Io43HE;o_D_KQZ-@Oaf&G7g
z{d>XwePMt3xZVc)uY>&$!Tx!$|8m&>IP4z_`+orYPk{YDhW#Id{nKIpQLz8zu>Uu(
z{|4B9J?#Gm?C*m8FM$0A!~QSB{%64c&9MJTuzzpZ|4rDx3if{j_CFc+?*aSohy62Q
z|6#EI&#?bFu>TFP{|MNBH|&25_Wud?Z-V`AhW$OTe?Qni0`{K>`$xn68)5&^u)i1f
zPlNrxg#8D>{x8A)$*_Mm>|X-=p9lL#!TzPN|8&^@J=lK}>>mvKuYvtPgZ=M>{r?I3
zKM4EZ1^d^-{z<TZf7rho_Wu?3e-`#Hg#GV^{YS$7p|Jmbu>bY2{{q<m71+N3_78*o
zUxfYdhy9nr{$IoX@525qu>S+F|9IHHC+xo(_TL8k4~6~9VE;w1e+}&aHtgR3`!~Y=
z<*@%JuzxD-{|oH@A?&{e_MZm(2g3f(!~Vsv|7o!Q4A}oW*nb@CpAY-T!~Unh{(E8n
z*|7f<*gp&Qcf$SyVE;JSe>m*_7VQ5O?7tQE{~Y#T0sFrL`=15-?}7cFg#DMn{-47B
z|Azf{!TvF@zYq3*9riyR_MZy--vj&GVgKh~|AVmq4%oj4_J0BPp9}k61p6O>{o`T(
zlVJbhu>VuA|AVmqQP}@W*xw8LUk&@$!~PD~|0~%44A_4h>^~p&-wOM`4Euiv`~M01
zkB0qIVE-i8|9#m1AF%&ju>TU+KMnSO4ffB6{hML`w_yLBu>YN~e+KOT672s4>|YG~
zyI}u!VE@ly|G}{T4A_4r?4J$$UkUrKf&GJE|76&IGVK2u?0+5XzXJBZ0QNr(_MZj&
ze-HaV5Bt9X`=15-N5cO9g#80x|3R?-yRiQ%*uMwtzZmxa1orO+`^UikkHP+<VE=!^
z{<p#Yzrg-C!Ty=B|5dR6QrO=O`|pSS&xQTJhW*oF|6Q<uci2A__AiJ1UxodBu>Z%f
ze+%q?E9`$V>|Y1_uZH~-VE-cVKkQ!!`=1H>_k;Z}hW-1%{x`$^&%pj8VgJ6c|6JJr
z64-w{?B5IazX<mK0rr0Y_OFHgn_&NIVE<6q|8Cgd5Bqyy{~@q{PuTx<*#8CC|5Vuj
zC)j@_?0+BZe<SQ~hy9ns{)=G$-(mkru>Vll{}Akd5cVGf`!9g~?}hz$!~W;P{;$CP
zzrp?^VE>0;|821UI@o^)?Ef6>p9lMw!T#UE{>NbdHrW4q*nceSKNa?mh5g@#{rAEC
zKg0gl!u~J9{!hdHXT$ylu>U;R{|4Cq4%ojD_MZUzzYhCf3i~&}{vW{pr^Ei6VgE4L
zzXJ9@2lgKZ`_F;>?}z;_g#GV<{g1=`HL(9c*#8^Ye;MrmFzmkt_OFEf&x8FRh5a|d
z{?lRqwXlCF?Eg6I9|-%m!v1?;|Mjr{G}!+~*#Ak`e*^6Q9_)Vw>>maDFNFOsgZ)cj
z|65@HVA%h1*#A@5KLqyw5cdBF_TLEmx5NJZVgDy!|18))9QL0A`|pMQ55xWgVE;E^
z|6gJMKVbifuzw=#|19jE1N%q7{*S=^r@;OPVE;JSzc=h(1^YW;|Lw5<Y}o%_uzxh{
zp9}j}Ke}MS?xNMJ+wZ&Pnjh}C?z&%kA3l8i)hn<3aO<*VpQXR?#`;vRH#5L)cRX?V
z<?md7=9#lk{`1do=703j^It#p)U^ArzPfet+i(Bl!L@5o^S$-ft+!l%{n3F(kN)`m
zoH^Uxnlk0i;I_8kTc3V9{_=hMp8I3drg`5z`|RX@R#XiAwX$;NhULo-UQ%28z|I$6
zTp9kyA74Ck_uUh(7&a{B;_>5i<Ig+q2FI_z{(ND5{Y`UYVsef=`sj?9ufBRO=%=54
zyZfrE4y<Twd}`*HG4szGIPeT-U|>+%n{VE;aOlva%U*x|!N{;M@5T)q&g$E(Td(Ku
zzkhVk9zFVu4-JiYps;Yr!~+LDANKwCdlnBLK7G%&Z8tu=a^-hJdiD%`=%$-a$&ZT4
z7&Uls%*Y`_#&27?wCRV7FW&yU-+#$3X=#<y&N=7mtPekY@tx<MyZ*WnBht?O^2_~K
zjUIj3y+uX+f1Ww>v7GnblRv|?MIAb{<NsstYv7}(uJ*GDUo}CJ5Rq!s-4JjS1B4JX
zAnFDptQwUsl`5755)2x?Q;RLH1x2Ka3QCn)YC)+|ODiZ<T2TX1q#86LDk^F~s%TLo
zqD4jhKhK?Wc271N;``b6|Nb~Ixz9Xv=FGi!?sMm3XYQ2w{h^Z%9eQWWnl;yac-du-
zK6&Mp+lM^&+%2y?`Q#Pn_3uCZt#i*^yuGw^$==bUSD*XB3pZR<U;lXS#~=Uo?+-qB
zVVAGI`tYxV2hV%;{PXX=sBhm1i*L9g?S-??zA5#KFWzsLnAm2{&wlnz<FH}NN(K&`
z`Iq1Pru#c9SDyFj@ZtA<bKiZJ*M>r~Z@TTawtu+&_OsUi`qzPQQPI>kpMCbp+w0el
z-|*<8KmO6{uRk<C5Ezu7n(9C9+i(AV^rxSGJ!#vvr%JbOos*H0(zRdb&OLhX+xPUY
zv16aS_pZD8)s>XY?|<yEy)N0b>5lymJaEx<*Is*Q=ox4HWK~7QmiI2d{4b|`|N8~M
zm@(tsWo2cxOXke^{)-o0c+byv?!0e8R#wTixw)f$zi{E{*Uz7y{Oph+3vxdC=$V(+
zt-ESqMn>?Ox88bS_YZ%#{)FV@E?2+t#ve{^Xn5n|f`W<*1`Mb<@u;IR-Z<x++mCA3
zE~Pp<JG^Jin01$L-1wWxFTM1{$E#KizJJ`fO)D2I>c8R_zvy$?o;@$!e9blc3*LM0
z<-uFF-28*nPMiGLq)D$YxaAgK#mg_R*>=GNOB;UoyK~l7SMT`p;)_?cKXBmF?jL;c
z!b6pn&))izpB#AqkAEE6wL^#0m;dsYDf4H}Y@E`)`?=G5^%|3%nOXG7{r6w;%-Xdx
zhHu_{SGT=;pPTjOo6DEh)a(tMbkdn`o_F4zJD+%>eBRABcf8@In>sC=I<;ZYnP<-0
z^rt^fdvL;px*g&0!nR3C?R=kq{?GKIkIuZWynN%>e*Lce;*v}LSpVlgPh2!_-m#-M
zZ20BLC!8?g&-dJOa?!3`uXR3n@E?yXS#nC>w6v_pCr;cp^|jZ2_w!qCZU4aH#eE<B
z)vtPHop|EF+i$$_82|h4|LvUTpTF_ji!OR_W-vJHCvU&~+uIf_NIJND`449Q{O8|0
zwqwWRUVrMT%0BPD`|9RFgXXTQs;YmwxcIu&zx-v+k9+pKG_6yo6Q5hX`lp9RjavE2
z<Bv}o(4|Wr<o{d9e=g+zOUVBg$iE}x{{-Z}2J#;T`45BqlOX@!LH_>+`F|hs9|!rr
z3;Ev-`JWB>{~GcSLH;*F{>MQ6|A74e2KgsL{`(;RD<J=`A^#5`|ED1Te?tCuLjIRQ
z{u?3xOvwL_kpGpC|D}+BG31{J`Ckb6kAeITK>mf0e+S6_4#<B7<UbPfKMV3tf&526
z{*{pb4<Y{`<i8y9?*#e(3G)9Q<bNvU|0~G<49LF+<UbMe-wOHv2J$~1^1lc2uYvq~
zLH<1<|A!&}k0AfAApg%H|MMaLa>)OA$p5F1|Cx~gG|2xh$p16Qzl!>Y{PQ6HGRXfV
z$bSpu{~_f6B;-E?@_!BTKM(SM3-aF%`R|4N&xQQ2g8XwK|Gz{2T_FFzLjJEp{ue?1
ziy{9PApcazza8X12l8)({7WGJzd-))K>nXX{@+0UwUGZ!kpCYb|Mif681ioe`M(YM
zZ-D%N1o@AL{PQ9I;~@W|A^%B`e<|dj0r~fX{Ch+GyCDC2A^$qazdz)E3FN;Y^1lx9
z9}4-eg8biu{7-@We*yU~gZ!63{x3rQKZE=yK>pW4{=bL(uZR4fh5U0M|Cb>Dfsp?-
zkpFJT{{+bYYRLa|$p2!<{{qPWM9BXQ$p0wFzZ&x21NmPL`A>%YKZgA8hx}JU{wpB=
z(;)wwA^!r%e=y|#1IYg|$bSLkUjg}VgZvvH|Fw|+mymyZ$iF+}{}AMVE9Cz^<lhzY
ze;M+h5BX1l{HH_y*^vJykpDA~|8U5^8{|I=@?Q%12O$49A^)9_|2)Y52FQOQ<Ua`V
z-vs$T2>I`T{M$nQKFB{E^1l!A9}D?^0r}TM{)-_0(UAYikpG_{|02l0GvxmW<lh(a
ze;o3k3i<yW@_zvGe-!f1g8XlX{QZ#sIgtOikpE1`|0j_DZIJ&#$bUBEe=OwxI^^F6
z^4|>kuY>%bhWuAU{y&EN(;)xnApb*<|0|IH0LXtl<Ub4Y|1sqMQ^<cm<bM_9KLzst
zE99RK`THRMD<J<<ApdV5|5qXZ-$VXaL;lY~{?|eNe}nx04f6jI^8W$kKNRwBg#7;i
z`EQ5(?}hvyg8Y|4{wpB=>5zXd<o_7t|25=)2jt%a@;?>wKMV5zC*)rT`4>X|zlHq&
z4*7oq`A>uVcR>DqApc_^|2B~SGmw8b$p2}`zboW_C*<E2^1mDMZx8vWL;kZN|J{)P
zKOp~;A^(RV{~tmA--G<Ghy3#(|KlM4<01dakpHES|1!vb1mu4@<o^of{|Mxt1NpxL
z`S*tW=R*D?A^#Vh{x{@(2>JUV|3i@f8p!`L$p1>n|2fG2NyxuH<bN*YUkdq;hWuZE
z{OckAk0JjDA^)!+|G|*|`H+8K$o~e&|7^(r3&=ka^8Xp+KMe982>Jg8@?Q!04~P8k
zgZx8~|80=}?U4VkA^#%C|1-#cJ>>r=<o`P4AAtN*A^&e7|4$+RZIJ&~$Ug=0?+p3x
zgZ#%r{&zwCC6NEIkpCvg{{hJVTFCzl$iD*ezZ~-aKIA_G@-Kt@=Rp1!LjF4;|18Kq
z7xG^S`Ok;^hd}-xLH_F?{|w0gEy(|ekbg4d{|4mW0Qna{{sSQYqagotApdrde>UVl
z2J+ts`M(7DuY&x?LH>&%|6f4<dm#U7ApiFu|1FUJX^{UU$p03||7FPk0?7Y&kbgDg
ze=+2L0P_C;@~?#ae**dc5%TW<`Tqs-p9%SQhx~g%{+W>f{gD4!$bU2BzZdd<6Y{Tt
z{7-`X&x8D*fc$TU{BMH%r$YW`LjHe({3k&EVaPuT^8Xz2KN|8chy43N{+B@he}??$
zLH-*c{}Ukpdm#T^kpDr*e+lHD2Ki5f{9l9oZ-x99L;k;l{7;1ZZ-o5chy0(1{4aw1
zgOLB*kpBY6e>vp;bI89V<o^`p|1RV|2=cFj{EH#~Uqb#pA^%R0|7ys86y*On<lhDI
z9}oG@g8Y9B`TrF1-w*j;1^G{b{QnC1=R^KJ$o~q+{}jmo8_54v$p80{|J9KHvylIF
zkpJHx|9^x0zl8jM0QnDv{2L+vKS2K5A^&?J|A!#|rI7y$$bUNIUkmv^2Kj#t`QHKg
z_kjFQh5XNg{Qn90*FpY;kpFKX|Gz{2pFsZ8ApaeZe;>&I7|6d3<o^uh-wpDA8uIT7
z`QHiow}t%ghWy(@{^^kaY{-8%<o^%I|76JjVaWeSkpK4}|LY<DJjnkz$p3iAe=_8M
zDdfKl@*e^DpAPxI0{K4z`R73X??C>&A^*9M|47K+=^yg{5c2m!{)Zs{HIV;hkpGpC
z|8tQ4laPOZ$p2i(zZCKx4f($S`PW1KA4C2RLjGSt{(~X^^CADfkpB&k|JjiL7m$A<
z<o`3se;DLH5c2;G<i8T~9}fB72l<B}|Jxw{+adp7L;gjO|7Vc@ddUA#$p3Z7KLGis
zLjK=E{+~kr+aUj~kber~-x>1X2l<bM{O^MNOCbMaA^%N~{{xW!wUGZAkbec_e>vp;
zeaL?X<X;B)&w>0eg#33x{#lTJF66%u@}Cd+4}ttYg8bJ({uz+}Taf<`A^&8^{|(5$
z0rD?^{0Bh(M?wDQK>qC@|7^&A4CKEN@_z~PUj_M(gZvjk{=b0y_dx#FK>qJR{#zjb
z(;)vzkpC@^|I3j71(5&mApdH}|6<7h0ObDx<X;K-{{-^?Bjn!!^8X9uKNIrr4*B<j
z{4*i{`yv0ekpE`Le=p?!CgfiO`JV*&p9lFr0r}qy`QHTjPlf!?g#7;m`A>lS!;pUx
z<o`M3e>CJ@4*B<k{4at0{|x!hgZwu@{wF~G_dx!;Ape7q{}RYQ4f3A|`M(DF-wOFJ
zhWvj8`JV{+-w64?5BWb2`CkP22O<BrA^!!C|8mIx=a7F#$p0zG|6Ry`5aeG4`4>a}
zzl8jILjIi~|J9KHD9HbD$e*v+;h~HKzM{ofyZ9<kDkeXs5T@Cf@MdPhssD=ips?M6
zm}vS65c5al>ti(LnbuOuR}pC}6D`({@mYQvx1pHZQOs>A=KB90%<Zc`^Psq;IB<!4
z#DkCdaKA96F;B$q@gJlzl857o`S?>7Chjkq))lc1*8V>k6A$IO{O~nXTD<(=ZADi`
zrmP$K;EltCg(x`7vYr(HBTu{%PUI_ON5+fE^|=~Tn#Q~vB-h=Hl*`F)0pO5e<VPGP
zChL^zXv%dtB47q4uG<F_jXW{;2l>-6(a5XmzIYA<V=~pU*8$&#iR)elQh5#?!eQQA
zOsu5*Kw!L4>39xBr2H`8;leKmrZEr1THaGoUiHrd=6=e;bmn2|fy)_=Dc(?bDa)vF
zsHb+q4?;>`Znp%J^5+`96j<wuZ`0A@)fLOgSWId0e7b_C4^!HI)Q2NMF^;B;laGn}
zH49TYrWC=GkkaTwtYw@*5=Newb<3DHV4}s#8~Y#nFs0FlnDxT#-inFK$uGpD+q%>6
zOALRH;g<pH{(Tsj7B3Hc4VT+sN}~_4_BltBgvDEz>*>^zPf&cA(in%BX%;5dGmZ1a
z%E#6T^F;q*Of>otYd(jNgppTM-RXX1N}~@kkA;lMwyN7@`=oK6SnGTQNf>!z)-B6k
zfr&<5?O(lJ=0o!k7k}4}bzn^Q=<A!!Kd}*gRWt4~3_E|$#Vswtfb^wP#$)jNX5Roo
zR2i_o<wYeEr&o^G&t2%JMVjRHFdp)H>0vwuj~g%Vtj5hA7E6q{i_acE?r>{kab#_N
z=OdvPz6emB&}-a`84}KY{bShl$|03C<Euth#$_wwvxT6iFkY`2HPid_;w-<uqTdr~
zwl~d!NTy=fu=~;YdppVQ#AXYdZ{1s|N!6RRq}p0q9B;>&wVUm=rpsC^pZipTts?jR
zgJu<nuP~s|y6+k^Th?rsn@!vOE&FCvMRY%n;-2(&ncLMKoIZZa<p0_azBK>-iF^D+
z`z*ZH?vG#syeb_t-z{dod(8aFG4nYw^E~B?T9W$?m7SNt7KKWRoML%IQbOOTGf+}O
zznJ;cV&?nD%nyi}*GmnLPI9AqM_rN<LeUwZq{yMiqmvQ_#Vj8jGw+L;=hOR9`>+50
zO{ZvZpd@#B5T%kLr&1o5<i1g6mvdx?s3p16Jv)C~bOtCXa@pb0N$xNjbxCrgz}k5|
zM5}+;okXffDgZAa)Hr{V%<zOW9beb6Er`ntWH}Sg+da;Co_NxDLY0oSFL86;No6|P
z-<2}o)h+LxaBY+MK5iU*Qap)ENBg@^mNQ}e2W9?Yr0HmnkIOtyn$i<aOV}*)JW)tT
z?p~C6)<inK46s|~c@mM1OW#kM%%6!tMK3HJGIC_;*z-pYO&D}dP34G6d}C%t<t0<5
zSM+tCdhrgHILyiyVUWzg7gu6@XYjKq(c`L}k-j$GvD4$4cDf#CdfMohV-VjQ7(GY*
z3JsR&*KGhzPb%Au9x)??cGs*D9n-E2G0)myyb$wAgW&%2<&pKq-Bs+zyy9$wgTx|F
zuBJZu1{WI4lTq~nY?_~A$ap7!`dyS1%xm7*PIO(DXUXSb^UMYVb9t6-!{u4l{VsXt
z`uZIYS8t|!)jD)}6WP1GNm*Rp<ZL;Uaab`hKPLUI2<Ls~thWi~S-F^w)5clfsUGR_
zBR&kF`E)+AUFXBIZ<zCubzR+x50~jTNgU=*gR%NDuzy)5j=e<8_1HrabJJW#%!^Uy
zk3SKA;D|qP#2+}~kNv`YB{L2%eb`@Ru<~F*Oc@|ALP7QtgJ+puX1)afncIZVJK&!p
z7XDemjQ@sU=4YQ^?l<liuA7H6ix}%N|HL{r_Cn#Y$X!6{c)fQE&ltqYuMpmklvw#c
z3ZIRXSov3kXIY7L{N@)}M&yk*aJHjvm^bE=Sl4|^cs4C!<@X9-2%cE^{lXW4Csy8%
z`3&BffbonY18rt7D*9bw@PG+#Fh7EyW*x$37kD@3F?iOqySW3N`Rs;?{;YFit<T$q
zXZ;gv9+nEv`X^TYe&JdF#LBN0p7l?xysJ-a*ALFsC-O?;IBLu@Z(ea?-ncJ_lTjBm
zj!R6Q`+`_wZWf;9B38a$c-B9$@~;ce`X^SNW#Bhk$Wwlbv6~&{%@U_I{9#?Pjxyww
zfmp}4?jbz)3$c!|?Y`S^JP24BrVL>E)ClH2x<N4a%dZ79_7-9|T!8dd;gPuGtH$|U
zc*fzl>Es#bB*Ba`nivlCz*h(l=*BqLIP-*OoVx@w&O?G3=N-Y!|38g?2ktxBZV@qp
zlwo<P;9nxWNANLN*^Topb@C_jz-(hdEaSSpk!E9_JogW=)^on_Y-7a9`~#zYxGv5v
z+|5ejI$+Kdmmn<`%$ty$Cx0%|p@Mny@F~H6MY>TiZ%z(odEw7-^o9r~@7geU;xjS1
zZ6Pfdd?I49{N#Bvvn%F_$saFxIruDMl-G}K66;v+u3WfFbRqb&m><C|&w^cB1s;gy
ztQY!ZA$9#Wa0zg>@TEw3ewjf>7;!T4LxU6(GT6vr#LBy4!HJG`$Ax5W5axJpL~t@!
zg7Nev11G(_VR)tBtC3DMxVvE9Yzzu6M|wK3AAexP$)`H#?IXXZ9hP15FcO&lECR8%
zlS=Z)1Di)b;-kIq2Hh<9KBRXT{40Z9UBQ1LxE$e^AmynB<19n!>OTM=Shwr)10K83
z%a7E_1k7iEXFiFwT+@Z8)`&IEJo4BU_dhKI2YKvD?^vJawdG^T1GE0vB@wf{uFnVN
zx^7>jdpGyap%3syNZFngyL|zkZNu#gV73`ny&K0;u#UmcWn8xxQWw9oi4Po!FWAKg
zj>HF!#P5b6Fm6l7(RcCT!}v5`S1)DV>9+w>iKQRrVjr|a^JDT!+h$qx+iR>BpR{4t
zi%;5Zh}e%murMZ{?9*Yy6cKDRCZFV!^O_&-GtH07gXAZhyyVAiSMoEEyy(kqOY$>{
zyyT~h*pEN3YD}7+nZ%Nxxx|v6g~UGmfi1<Pc%{K>4X!n~&fpye?;%E?L~F#P_>jRJ
zuubK8zNy%6aGt?#T=^tM#J(pl*o`YMnEkTyRR-4(xAoSYZLk{)RCqV8ykIx3ykIx3
zyx{d_-7UnT&Fuy^7`)G5H?F++w?W<Lx~T?d61VsA88o=i;E=&QKC1s{gDVW4O5DMV
zIm_Vr1}`>vnZc_JUT5$ogX<06Y4Bcy4;Y+)eWm$v<H}3kx*9&4n4J|Y-{64;hYcQO
zaGAkwTzQEz)9`Z*UTE-AVqVC=RvNt4;9BBj&&Q1`FL;OH_YhOuuttLq8Qh@_eB{QC
z8&_Vi-|#%2P@f`$-MI4N@5YrE?8cQBTxI;-xbni!CXeF+ZGpi{40hwni;o*uUa%Wi
zUho#<@5YrEzQOSO3_fUZ8|cZ0;}Ok`D=*lMD=*lMD=)av_=kv7y>;EV@`ByC@`5Yq
zgX0&?jVmwMjVmwMjVmvBvGHGKup3uieB8M5f;Sl-H?F+!Zd`f6Zd`dB<7fxyFPJAr
ziru*K!n<+h1!o%{H?F+!Zd`f6VdFE(;4)$y`)F=ldBJX6dBJmyj~iEBcsH)R;FZQ_
zt--YhyK&{kpJOQNeV#qUJh^~15_j?NA>yXDQ@sU;`Rm6rbffNkl5T~VcpOwivvS76
zC2`2jB_u2!?45s|hk35gWt5~lh9X5)oK3~wBEd{F-f4nEBw^Vl=o64K9%LMeHyYUH
zk3Q0+0Y&4D6dWQ6t3$l5NEr{!BNA^qu#LAG^VyixG=Gyo5Qk*J9>fa+Gae5iT*mU=
zj>*Q`F3XTO(|EUF&c@3-+gqRU*oA7mKLFc!Jnm}@zzAkN*my-IUa~A>{+`EV<L#7X
zNStZxzhTbCD>3odwQ(8aHDa>y8ZfUh03-Mxf<q)>!%RGOI~p$?!EC%eSjO$BY3z=0
zA`Z!dF^HE9%=%-Oz-3&IgLv9_%x@|tHI2t}9~*Br;^o7M@hCZs=gxmHukD$^H3sMi
zJ})NTYExcHRpU*8AO1(;wP_*Vl`-+wn|PGC#`}3pJf8Pi)7jg^kJ_TO<j1kqsjt@j
zek1X;UKmeKsa<@nqr1Tqha8K0CZ?V<!D%`E6caDIg?Kz)wDAs_csyO#c+bVe3t?Wm
zc9#?S(Kg4#3l53)8-6U;cyCI)0<Hubh54}_bbsjwD&Z6H(|TEpd3}hCj=Ei*yAp>;
z!a~?C&!gG?x?$4o^1HyGBkhI9F@1mxbR=F|_}O@CaRFQ<@w%IM{C0zlSB>+r(-}xi
z^LJuQyv%bF63XDi{GE(R^T%&Y+ITAwPao`pTO@z|V&ct0ybw6X%Q5lzJv$q3FV1@|
zW*{-m9|jO@Qr`6lR1F`-I|Y;GZ%RzO5IP?@q`HV2@5-2X!P00u=xO5J5)*F};_*16
zrtx_GPaKj3Arr4RIL)8C2Ee?wm+BVcJrEObw29Zp#Ct9#e{&J<2FU{x%^x35wE3Hg
zcnh(d_19PYQjoqE6E6jw>BHdFG~Vu*c>FkSEu0vyA0{nt5;_*Ue`^s>PHo{8&EGdM
z@oEu|`C&Xgci?<ROuTx;!>SR}{N={@ZHFHu7cuqg4nN|MEUCkG^MSeD0hqKLLt^4(
z;viHZ>oC!H#WC>?Azm4lGak>CG~T$Fc(YrGcX>>_F&9MRooV7-Bk{B@_V6IdiWk%T
z-4N@?P7-yarhe`^4rC-=7G~o3@tcO+OvDczW>AA6)p+ju5A&>BS_&GS?S~kH(;CE+
zOLn>?4255jL*5@P($lhCUGy{fmFWyp^?MS2%tJ_)tw;SW1m^x=d*Cv*tNNIDZzEm@
zlM#*gTui*u3q3!^<N2b-WA(!|V(+0b@%y!E8jq>g9hcQ&r!p_4z^7nhJXZVnFqzd8
z77oHP4T5C~dl%;Wt+n=DiX-1KLFE}s24-Dq|IF(nYg*4LFWo0C`SIM%o?o@($8#gb
zR(;Sfo<4YNH_b9(3g+YKgRwMkfGvK<WP17JiYb$#pE7B!y%hE<EcDt}>)$aM&B{b3
zyfO!I-0#7xv}j8Qr5u~m?v{4>H(npQ;*J~VCI29uLxgfn(#Tk&Zamjn@20dpzwNMo
zew4Bn^&1(l8e_mtYIAu~N}Et&yk)cA9kGnH+;pAzW6Az4@LC#2A5H0;(&q9u{*l+$
z7Tz(e8-|3<tUuphuq>fAPqu*ZRa3l}n^7|4wL_mRfgNey5ZVbYzbP3_Hd<HUO61D+
zFZc`)a>-tW)>6tAOS8*S1ZU)0!(2a}4+H2U!&C-)KBn~LIy|##izy3}+?aPfvGQC-
z(>xMuOkR;NCR5sf)W_znr8u3jfZJk9i?=N*m_AIkj64hA84$~HE+$&Mbu++oU8b~n
zKI{qTqdfwBh`Em#p8}-0b^jfYWAlNk5tFZw2W!of&$3`_<;)hBT`*<xczu|-`I>HN
z+|@^1Fm&wD%E^_}%WEnJRZkgzRr4)0alvzH3GQ*)7M^S#+q4k+sO(|cXvSjPZK2{V
zYQAEVyqe<Z+D(?bvNU-hn$NMhJurUCq)C;N@%Z-4n###D%6m<mJYkB|%*>izsNm=f
zKXv5o@0R~2*^@Z9B{jK9=DfByFGiAkeIXhzsmaw3{pCkCacTYeU+ot(zCB7Y9(5kI
zq)6NLxFmNbWS46j*X13f3xSfFTy1b37f8mMKaU(ROX*J?MJ)+;p|k|-WzzAF=Z`dR
zJ|j{i>_yU1f4Od{*HfgU{?3qjsy`jxBV?Wl&-H!~Gk=B5bI+vXiGrWXJWHO=ukqn&
zMs3zn$R-(`^BQo>ytp)Jims{3^PN*>jJ=|=W~_IPz+g>0*=WIOOZ76Pzjt!(J7HED
z%pFyD5+tU-C3BWXPaYZAYZCKl;4n{$1?w|mj>kQTSe_KWpH3rI|8~Io-E(5)c}~S=
zq0U0eY!S2P4iZZfBTkn5<Fd!`EC+G2l!d)9pBtbNCmXr&xf60U{e6x-wf<(twxGX_
zvHbcQn4j3>L4SV&9f`v>sd3!8Qub`}(qMV6sc~2~jT0u8Mn1~mGJ~rPo@wx0gBKdS
zl$eJq*h)-_*BV?)EZsq!!8;7zL(EEsHDXeH$Y9=^)ZeGsUKINc=KWy(&Di}G&Yce{
zF}%AMEWG<ITrlsm>F>lf2G2Hl0Wo(b%>5QFc!lBJZ{fnb-@*lZYqkE@4;O@Ma;+j&
z<5pJ8CQ2M~EczI1hfUyQOkAJKINx99rI_xzLStZ&^J7{lIK&xPrisVhr}6mQiOnC|
zSiE?{gbyL51x-924K&^iU>h$a%aAzJ*po3w9C9r3YvNIF8gDVMjaPzsxJFFl-3G?S
z3&Dw+V*RlT(s+*n+jyn242d(1_b}#cywN6ql&Qws4s7GGo~&^h?R8AVdL(VhuK_+R
zUu%9Jz$bRQ_9&?3_&fY;IVw!Oq{=e3t8ZfB)nHz_O&~7@(=P;vI0Kty;-zC=>&0mr
z^V&`q0>_Kj35BrvTWsQGn0P(mXUn?^%XsWo)A9ym;;l0A_>-*WFB}tZ6PD>!0%K}C
zKEp^HA_?1M;<0^cya_S!*dLzD6~r`Nc}%>Wh!=(r+bIt_8jsJG;(w(6_}dHXLrvq&
ziHVnu#;)x?6V4j%w=wb9pUUCJh17V<V&V-%Jhl(!4`(rvc#lfFe7Cmutmo;1nP9P-
zo&unr)vm>Sk<K8cAMHf|#hhn+jm>#oRtLbmhDgG~$e-39+rO6gE%@m=^m`XGTMVJ_
zH2@oLA>z@G<;^znV(%6H5dwWrgTPNA(?m>aOVBwsf((Mt_D9`eGZBr`cRng<9)Xy~
zn@~BnddiQ-;$+Xe|I^yNpHusv>i4Ymdp|sOG82Vvn?d9WYW)}7>^RItFR#R!Tsy|S
z)Y3|8Ax(<x9nT@D$sS@AXm6{_*&?DAd%Y7~5+AXjW7TTk=hbi2SNCl|{B-Lr`LQjc
zn~3DHCBHn0r@EnEJWcYqAFIih?oY<H`3JDxAWUjn4yLxv@56i<Cgz!Sz}k%0=1Z}n
z#(+x%S5(gE8@=1v`gfa;w0YKEQ#;b;z4~DL;`G10%}<?DeNCUf`TexrAL-}g+)``W
z#GB0>Y4cu{{QuJCXH1`}&E1`{9BK1M+Wi0ZbDJ4c$Cgi@R8#e%N#k7GKhoxpwE6$@
zZGPevlgn#<G`&)K`_|fgpFVm<-}*IdEiaDDHEa*}q-ONgfY(H^HU`9eOlxBo9A;kE
zIgCqW5%2xj=YAp!1hlr?`nzWn_?*N0zODTJ?aO`~-D?vP?i}R1Jdxj$)dw5yPfyC}
zn3Cu{*s#|pk2dhfpOISq7;J-M77g&9Gx_TB>WLNpvj-3MUsZXHe+F1=^sv4oW|U*h
zBkSJ8|KiH&6DM2~4LxJx75<uQrdIZ@uH>!W!}?a0&#1D_BSsecBboMlk^L1DCrqfE
zUWwnW1F`Y+7wML^-n3lauh&uErdxOQ-6Oq2mqBeF9Tb??DPhd?p${L`Gs&y<At?#i
zx`*+6$h-~-S<CLS%iA<vj$inrpK8Z*Cbi%D<ZruPd-44ZU#!`h*uVIk;a|7?u-%*O
z2L<>+;kIYAts0IG3O9D=ca1MePi%KyLQ47>Z5s-%&(E)!+Wii{zvhz8iSvdgaM=*I
zY+N7}YhZCm7jG`+;vu1gGuj1<y_~*!@6k5bL(WRjMzb~Xm2J@+_e_~rln^ZLk^a3d
z_oh5L=&W{qaPKcM$A`8yJ&-!dcX_Aq@cJ|S4ZWld7Cf~0wDetd<BEI}Iv=$;2W35e
z2=8+-?Sb^wv)X)7J_OIyl?Thcoa7XDxvqUm%AKV?WPEgaxcH2Yk!b#n{;Y=<pPaet
z&Vh-~{N`wUGkJJcfHJDZTU)y$1=#q|@$(QnC8er(eUF~)yyZPp+TjO7)b$YFb70y|
zQr>&uJnv6rJ#;;C(=(;RCtG&ycyaHBgKN?^gz)TA`i9ks<()T{r*A7y+g+ae#V0w-
zzfL-5(bl#T*IYBl`_l91MZ+Q=Hb&*2&dP7&)%?_K?wFyS6Nj9ZFf=`Jb3ZJ@qfH|M
z8CV5-W<=naVd^q3pDyis<JAj)K_DaYRpg>Mr^W1}+=SqAuWTPCzOviwqoe0_!_(Qt
z6V7UzwJ|HJyp8VUHxs*TYd7g=bP6d&i*((siHEW#oRvCaLn^w8j!|}J9dh-9w5&iz
zj&J6isx_mF&+m9fr|9xkx9F#`(I(on0^6ZNS&#ARGcnM4V<3H7AZ>Rb_24Jz8-}?$
zHQ(;e3G`3<u+7(Px1z0wU-X(fT6MIcv(C<FEA^=@c}O3&<juVkg6(sBm)xE>q_^{`
z+7Q#?hhQ`(_~o$0r+IZ&<U9Gkrft4^LNMSh%kkMZAN0*TF`+80N0$y=K5zHvknTf{
zLzBO=z&CS4)vn7so}bcqR!n=}Jr6%~z$M)`b63@d(QrAVlYYG031ZKkw<oeEX6Jx<
z!;Lo98-F8X%6olGkrxMIKgb@ZE%u+|wZ*U7$8C#e#%qi12C$()&O6!<{dHoyBIgsg
zNp3EnC+hnAwrG)Afev0Ro&1NU_1Dw3N84u{J+B9vV{p!df;L&tX8{#^0ni?AZy%>U
z-aC5EgnrFi<i5PDK$o0AR^XVNH01LKzJKfFHOqoP2h%RMns%x6i|U-$*3~r{C+pT~
zJzm@V7u@2;&SuX<<F7L`J?qmm6u)D=QD+G0?^+2`uA`XiDb_o_pc4Eo@LZ<P-to>b
zYlkTxPRPQfPr7LSKt=p{2blg$Y4joH-CV94z(gZY%;$E<Gd_(xG1nnqjEP2`SpA2Q
zgpnua(;xJ|6cdfSnwI4z5Q&(W(&$6XyYF20x0q<;iTQvB{U5>P!$h8Efb7x8ufxQ8
z=DPKmQUy04rP03ulRL5?eHRngBfl4u@*f$#QI^y1ASN39iM39?hs@}9*+pso2LfyT
zoCl2mZe89r=P#Aa=UBs+0W%NW)&yY9Tb1zipKSQ4hQHeIGY!vQ>om@6;W<AKn8vaY
zvn=E}3J#6Dn(nVVLC}XOjXuO$-Zj8nojiYi=dY9We*zQl-ezIikEyp{))kHZ#9IF+
z18bb1;d=oy9{uwTf2!g6tEk2~6PQMS;$x694<ikaS!Y_t+cC#&Fr{%_VlCqzNW#by
zvrRJQ<CtjVi5Y`D%g$f9iMM0ouZF~LVq!Mv{}v|oZvfVOeg>><xUI=Ev6hifQfZtN
z!}ASL#$<f{lCS>989vkSS-?E9(Z9Q3=9BfWZTK``8hzBX-tGp$?J=d%hgj?FPb6XF
ziBmAqe*>n|FmYSdR6oIdT7X7>V$FYF!xJmt-|)oBp9RcCj1w~a5MXYfeAw_8&>2Ra
z_!y+j+jzq#9Omav_jsv!AUARqR8lz|BjQe}i1W~H#78dgnm>{o@$fFC!noXO)#)$}
zdb!m~9CbVF1Hksu%$D&m0~be1)3m($%x+|Hv%<FEAti0LRP%3&*`m*X_4vHhZPc1S
z|7)LAq4L<yqL$R;$rvujU~tBokJl>AQ+%5L9?rAZsQvdp?|VXYV?asn$&)CR6d4WH
z<C1XhVN1Z;W3Qv8y&&g#Mv;!==c&37DVGn4nI91|Um^26!lk3We;TuVVa)t}G4l_`
z%xjNNn%mzPv-}yE=g}q|`}6gf<-28`y=pr4?^iL)*_*2|{_!%;o+zFDDwM~T4G~><
zP6_9{{v{%xCU<O9YH+I@KYr|tiC194JtI3PEtcUPk&N5z#>NH{31`#@TDDv=@rueB
z?w%C4#>iK@+el-p*hNh$uf~JUT!Oe9`qqo##<!g`HDLmtzHgFASuEk3ENY@<*%S&f
z+1pTb3(RiZ6<t;OL}ol=)bTyIz{f)Y%<+PG1n}{+4#uOEj(Np>q0dcc7#^_YI1<yv
zk%!(~9Fet)!-u_K+@x-cl#ZR{C*}iOuxv~^c2<zsk3TSXH6bzcG4BgF+Wl#<jFO*b
zWt9BbGP=A;9$emVCxhn4<dgR4@`mO~b9wvk$U}E8zRN=o5A*N;Xc<{hm@Q*E=J~ui
zjW}7_8|#f{VcaLIGWxKs5hr)SA6O11_2F41-@zV+l+{f<5-F>a;~dg@Vp9H0gNupb
z!}#YLo<{)s^Gu&v)c8D0CuZJwR3hefT%Hk!zQoD=17oonpY4S>S=w7)@>rMKFCvCd
zs$hK{zeISpDPmpsr{s^qAJ~nUIJVS$AFf7-!DBYzUc;{z%qtz9Nvr=m2LHq0&jf#o
zlvibp$#U_`kL&VGZ;W7Wmwl|pyvpDi2LIIH>kW4M1u<D4tW(A*!}7s`&q2y#75OUg
zoF~2zX{q7IDMnf;m{)vNf+r)r%J9>PQ7-Nm;$+eFO!2u1>9xf0;eH|3`d=VC_Y1MU
zSFxBp^7dP#Je%jbYzD--?gQlEvli)tg1KLKbws`q={mvnNS`G}9BP+1SxyyRA`gH1
zz9P5*DUX}v_abF1;)6&J5hIRYa59Ag;|*u}%tp#9bK(HfuEg-qh7WPFj6IkwKJ?|4
zC;izTas{)!6cS_IAl4;L_5;8Mh!3ymd8I+0Jn+O?KYT`$F?p3eN__I+L!2C76lwDm
zBJ2)K9B(;<<@XVT$LemZX5~+09Px4a7krB0d3B^dryJZ$;uj+ABbfD5BKTaSLj?!H
zbDnXAA$9!;F!?KlpM>;E!MrNxJpE@Nooe`5#3&1ON3890uK4gy!cD~RVH+maI$R=r
zDpF!?pUcQ&TMr|>pBU@14HN6SY?t(T0_ju4@aZa8+srfKQ-u6)7az7y;^c1l1KWv-
zad>6@mf-zJKOja-zhGXG)3{9ij{--ZY;eT-J`-cnhj%Bsh!5Ksv9^ut8HW`DyA2cH
zkz)P-h8R5C#)F1mCzx09PCMeC$oPUg7|iGQl|R<tlMK$4m~6K_1@kUMNbnG(u75*(
zp0{$IF-wuU{!MtcA@Ua^9Vs{i{#Ak_eHwgtcY^cuuR%IZF!`CpC_CE{v9_hz<l%oi
z(s{)2!GDLfJuDWUZHZXh(o*tR_YX+ju?8z<2-bBU5}(JBvdz(-_53HnY!_^2<hLVz
zo)~f1-iVXC;}7grO!T2|gJ2$`J|>1g+a7Up5Bz~0#6<rFq+bbU8@QRcBmThLv9djM
z3jP7ilV{s-`4m1E%Q)6IeW+E%yo08g{hi{$2A^keFUCilLZq$_0p?wr65-E9I#e+G
zA<ny)NY6L?2*IO~UL=@zZ`^)I%o=cRzXP*B<UHg21nG|jlfRA_<z;&y*7h)8e0aRN
zl^8y355&4p-F^qp_CT!dVFfU^#eM7a1)mJTy6&IFX9LowiQ&V2O{{&(bL0^xjC}48
zAMRgb?OPhi!-xI)9>E8ZHWDMIU$FKqT&Di6-+)gxIM;6wz}ztcF?lTG-95$$f+yC#
zg?>I(8jOj)AIZ9i_g<r)JSz~!So&Tg=QR!&Yn-mcM{%i_KYh<KAM+Y#ATjbr3uE#j
zf3#7U6qgxXZSYLuB>aKR#iV$l!Q7|HuQYhA!L<h08N9<_?iY>2{i67g!R%L+XTRoa
zgM~1^!FdMrc%wcg22-EPk1@E);2MKx8@#~aB?hlBc(uXn4c=n#c7q!X-e>SZgWDuV
z^X$e4ma@C?fd#wqfd#wqfdz-mx^8@6;obPaf-8)V8y{GBH$JdnH$JdnH$Jf7WoBJB
zHkj~kd|<(w=!0W1&5aK%*o_Y?*o_Y?*o_Y?7&o{g>$>rQg?Hlv3wGlJ3(hzGZhT<j
z-T1(QM;V_ogWdSR;^W2#7VO3c7VO5A670qY7VO4{!f}MQmN5m_8tldg7T%2yEZB_?
zEV$A5yYYdAcjE&K<~gs%_Z#fS2NoYUKCoanKCoanKCoanKCoanKCs{#6LYq~ZhT<z
zapMCEcH;vJcH;vJcH;vJcH;vJ-fm(x5Th@px$%JoyYYbqyYYbqyYYbqyYYbqyYYbq
z7h<1i%#guud|>f$;{ywJ;{ywJ;{ywJ;{ywJ;{yv`Y+^1m*o_Y?K5l$q!EStD!EStD
z!Ct9b|Lcbfx&!yi3%v_5@tC59Ds;wML&PCBhwFSCRC%1p#>DlxjK`1?nU~$+#s#3C
z8vSS-JAgQZiM9;!cpS;bgk~CvHv!n@ZxrU4M>UOC4#LLUi+DVSFdnKg5|8IzHr{;9
z=V4OQc=JHmcyo{Oj#Z4uD&{hlcNHcZZ!PBinA9}h10Za?4!D0*29EJ?%Ow(z*V8uM
zcFf1i-}ACg2q~=!@#Z3BJY2Fw;(Y>a<GC4dYFtM9CnjRny)#`9Gy65>**;qHYmfCA
zLfZjn&X8D4SQj*2-w=m51KWpkXglEf441K<yGgtPU|I<CJQr4@A7^=Ao~dq^$DB*m
z38`+k08Vzhg~xj5ZQ1bYEPmYX#WC^f5Rbn_sA;_6G4Zn5=ut_Gho%!L$IO^`6$rrJ
z8q_o%?^zLtWI;9r$YV0&A*+#icgDnH-@rOh(|C(w;)PC##^bF(`mwx!iHXNCwRvAn
zP2+KlTH=r_7=!yVA<3Wi6^!??#N)XmZ6q4c=^k`{8Jg2u_+z`STj5s}<Hy-XiKmM;
z!%t(AV=US~0Bru22BPf>S&fwU>zH_-BOb?ASJQYrXR`73ARhg);RqOsmj)cs2Jp6{
z(H2oJY8sEJp%ZqXvCjt49lW*|wtw~wHr{A7PTTG^-uUuKmDSY~%k{;c)}Hm&C%ygt
z)}Qqr#*H8oUcY<fePz^!vn03Ib&geJ8cvjM5m6_sTJ5X6`i;8lz72?<wu6@ZPKF<v
zZ=}7n<d-M$R5$dCr^$ZcttO{nKAt9H+dPkTgD|OSIhfiuzYp_en3!kQ0reHH&6i?D
zjRBVk9zXq>sWo^u<LdADe#4PA&)REhN8a7^>Vxfz)BpB1@4d%%YT=Q7-uqhnk#Q;X
zxE$5B_Lcuv`uRx}k=OJ6wARjT`V<rt6gkh<&uyxMs5f(N(;HV?zHVn<@$=tr{rH=m
ze_3+%sDjj)E3SO?;>VuZ`^Hp%_D9b@vEiXkvp&n+eB;p0L-JSpelg_h9ZP0UeCVGg
zH?O(u+i#zIb<EGR(iUEI$FwD1-#Yl3`vV=;o-?ldiJyla3Dpk2^oKnjeCE;jFHi0L
z%E*k8#5wOS-?8PZm)?7K>#o2n?N599#*Qx^_%P$rv)jJ^&hHN1_wk|E5~o~oQ)%uk
zgZh8@?VQi2-I!JW>q#j^fB(AVgC|$~?uEC`D?9J;&!?_`>dDR5{wnz8$;&^uA^+p;
zZBLlrrhonR*Z%&?H{Lxs>)w+pFJ85&BrE5@UEk&oexTdp-}hg3$DyZxa9QQ;bt$*~
z+kub2eev?SH(Yq_$|()+=6#bf*mvLZv<??sckRf3_S-+;iO09Sn!D(wdH;yEtRv_@
zQUl@i0fqh3hd$D-DC_vX1>-nuGk<?67}weT&2WE@aeup{B=t}1pWZ*KXHv(;^bO`+
zo~?-mS)H@8@Z!+6ykmCfb!q6CANKjPQ~ka2bGsD{9FSG8tbH+lv*8Z~wKz}n<$hY<
zE#Kce)!#Ee_oHBG?nfz42k`rNFK>D7$6;S%cD}z?sy{nF_s!s#+&42jb2)zy!uq*y
zHT2H+_e}No&PS+jMb!hcGRGH3<LCCw@zwW=X5ri5tlV!?W-vl;F9LIr-!qzn1+C;@
zX)8Hc)oKpbw~~XpR&ubjl^pDAH3x?dpM$KtRLO$B*KDch-Z^P*PZXv3yLtN}D=#f3
zBjL2%?IF863i8rp^YS4ZL>e0e_V>5g-`}Q;G<zfWo5o&lfA-2RO2htKIv^|Mj$*Sv
zd*}GDul;Bbz1bf2<-VEn4%e6V5ccJ6uSa`9dqR8pC^#_pqs+lvuI-82FY>VrZu<*b
z-abNQ7wtU!_OtTRV={o|^pZ5_Zp^@}cp2~%;WALyat7F-3-ZzqpMzj^Oa@|WV12v{
zL~DTi+S>*G-ny@&`@q$~m{xMIDkcZ9Rd6U?4p;?j0Nep?2Z<b|0eEU&k1anEZ|}QZ
z?|*Z4!Ln5BTz^l=d8F*9c{b0FGO6@vBi5a-Eic}NU6E(WhC^9eC))0~WfV9wiH%Ac
zU8KO=;X7rkO<J6k)~jr8HMX+7@(w&)d9kD2R^yg7xHR5oxtm#5HnJAWdMG~&^_X0o
zkPx@Du8GIgGh1d3Is)j7MIIAd(dY>F%=)^>$9}b!-`mjxk%#fDw8)MQr-j(>`f+Gr
zz#{aVDfb~8dThu=okOjxJ3ltW{=k#Nr#7$LUpZ-wP&G2-w)GJj)km4GR}s}SKTUJP
z9`NwF!I7l3+_>I>nb91_%L|TZt>lHr1LnoFiI}Q!{iw@LlU)>3Ij*y8B|ENbZzVso
zTCE!#VOp&l_8P5Z2JNz0-DDT!b^h|x{necd@-lL}WmRWn<sEZwR#x>fS$SQGd;@^G
zU=)KjTbA!ww0F+IY3UpCd76TEwDH}D1rHaD<3mO`FW3wY?|SNIC9vF_qr92;HO5N7
z`_On{HtGDN#zEINbi01&brYV$$wIK>z)w$p<h*&jc^&Lnn&j_WtFP~FO$@r%c}M$l
z`B)CN66~0pm(#KK+u5}r)lS&frM{=%<4cqDJyg6O-|^xfewC8gt_|}ukN1_B^6#ve
zVx(_q_};X?mA^Lp{o*hBY)yPK$$Ou-w&42uY`*f(_i%F)p4(Rx8Pp+|a(qGml-yng
z56vzZln_iAc>T$bWR`aFUs#)xr2Wqq5pU!r1wM2AC1!Cj(|>;VqP$Sw)&2A8v(j=h
z{Z++Tr6vAhpN%U$+aLVVh|(chr9<;a7Z;R<^FyDFC_N{?=tqM}&n+lDPe%#JY*SEI
zss&ckm2hN-X<N#74BuOPuuu91KX;Vur&)ValDw)CKP*q>@`%r*Bz(04UkLFJzP_yA
z9ihJdOYTS?w5;rmM17|}C2@1JeY`NS{P>OK$8C+STPy1xdxp>3Ufq6-i6K}5BnFP(
z7&tC{!&GeiU-Ry7DoWx^ZaeZ0BTe~CZ#HrtSC@AXo_;8vXNaMgeu}LR<0)@_EM{!=
zVPJh1k8zkyO|yX0G0`+X#Oj|7On;`dcs_GL(uXN6o)3TRq7PH%i#{2c_y7>|AP?xq
zUAHfmb6rijF7KdSh>7dY#Y7`d+zu1@n=o-b@(VC2e>*UZJTc2pzZIBh<khquDnQVO
zX*DLsug65AKQZHw-;IeDFAmGhI815u`L6ZA^>os8nbI_$rvTH3sn#>^&}coM3QUWa
zw?gn-m#MDHdgd<zS(tcNp1=AM55`1uaSrp&qrUFwK96vIMZcIg4@cq41~Vp1nLa6o
z$4fi>o&r{ge%C`oVHx;~rdHrHCCyjEq9GF}msdAmA_1E(z$$~MOuZ)V0=ygLy&}lB
z1DlLh8~s>FaYaRG<>V`B^u0^>BBADAqB<_NwED(jv!d#P*m4@)7E<X*36)@F@I|U#
z(ad_aXUc1QBZZB7ztaoy@BZXTlGD7`TKM-r|2`vrR5ljxeL=Gr+hco;8owW6t@Ym~
z+E{nQV?PqLq$XNo`Q)KSaY=H&cw2w`SZl2L_h8b@QpRJy61Aj+9?=<~qy+vV7quk!
z^rfB8ZE_@F&rcQ8*z5BBLU~Qc^?-bT&~AbLxpWreJnkYn+l{~J_!@|P=7P&hyu}j#
zB-c}uO2m|&5Qsc0!QLnx`=^o%VeD1Xxqqflsi__^ab{%&-`6wpXrlc|6DPaZ1tDFJ
z_cS4&PKmClOXZb9mAki&wt3g(>AQPv(ETZP&ut#(vge*(S3cGFxaT>=r>o)lJi7Y(
z4d#0p$_EX0&wolB{{F5$g$5TH%;&MyCuFdDUR2_Q4ex&A6rR7g>$;;19&NCDzEu3n
z3}0bzmBG~pPc^v4;F$)`GI+MZa}Azv@B)Ju8ob!xB?d1wc$vW~3|?vQDuY)Wyw>1#
z2Cp}`*5FMBZ!x&e;Ch3%8@$8dod!1;yvN|Z2JbVt(cl9HA2j%o!EE6^3RFzrEoJYg
z@0Rjtug@^25MzBc#m?XFvCaI2XCI+)c=n_5yAs<x@Zkk9_2I0qn@75B@j)9Hd*uw|
zhp}mVr-tTuVEQu8<e4w_s>I~jpYh!a+Hg$7^q(e}{)+_D?GeG;)=Pp}j!y-%9G#ID
zeP5%WU_bba1ZM;PNN^DN7lQME9}}Dp%=W-IJS+P~FwevSs3-CRfr|x)fXfA!0M8K|
z23{_>6nKN+VZgftj{;7_sUBmF2F?;Z26&L*GT`xoD}b*TTm^ie;A-Gaf~NxiU2qL>
zTU09J&jju+coy&=!LxzK3Z4smt>F2<zZSdz_;JAtfp-XA4E(v^CBU8Wm<+eI6u6Jz
zWxy8-UIAP!cqQ;nf>!}QAb2(KX2ENL-xa(Lm}90f{(9h31lIzeFL)F1birGI?-E=G
z{Aa=Sz;6iN4*ad)9l+i2Pz>Ym1U_4E1Moz_dw_2hychTp!TW$;7TgH@Pr(O(kMH2c
zJP3T2;6uPX4s%-xXkWzoPVU9Rw*gPA{MEvD08gy^ox-PpCsv;I#rUb<iIrzL$y2w)
z${!TID|lk%IZyvgq{Pa*cP+vD!4WHeDKP!BkrFHa6XAnMiIu-w_&lV<%CnzmoP4Cj
z%JX?b@`Xr=l}{2)6@epGzK8Gw!4oS#MEDSRV&x|YUjm+3`FX;J!4oTgzwo8tiIv|h
z{4nsu%D*f8DDcF}w-?Qh22ZT~$-<8TPpte<;mg1iD_<pi1$biR=L=s2o>=*n!dHVQ
zR{mMxr-CO|{sZA_z!NKfl=K5L!4oT=EBq|*#L5p9el~bw<@ww!_wQWr#LCYVem;0&
z<?j=I0eE8NYlUA3o>=*}gkKDvSoyDnUjm+3`L5FcECo-j{At2315d2{DB)LtCsuyC
z@GHR+D}S5ttH2X0&-VgY539iwD_<x4TJXfm?-PC<cw*&Kq<>ovo>=*O;cLMYD?dW`
zP2h=@pDFwn@Wje56}}EUvGPv}Uk{#G`3B*)gC|zLjr5s2z!NJU6n-aoV&%^hz5zV3
z@>7K01D;s<JA~g0o>=*H!tVo5to-Z3H-aZt{*dqoz!NL)*M1&6vGOI_=YuC!K9&6~
z+8J+~V|O{6fs|LWd^eCroQyt#mX9d|j<+M7Bls6cZ#4KegF6eJi!@8{0;D|!&q8`8
zv0NGx>%0HMgh%$=d*=G?<T&!k1J|t*9~8;qWb_5J>6jQ3P1hUu0Oh7}9j?o}TU&{-
z?|B~Q7u*ABH^KEt^N2g)4~$sfwJZVVx)n%WKH(F|rynHjQcPTzc_Y@mO%a}XBTn|?
z5A0z~^iLJ6{!a<d{X(qu@Qm<XkrL}ZN+XXp5!t7}T$iWC84M01*7wbWz#NyOH_|SG
zSyn$WgTefmbh~|kIi^7oQeGkwvp#t`p23rA7;!Qy64o7)`kz7!AJ!GIj<*09`Q9e$
z%g4%rF}wO6D9fqe$@CMWu4v4^Ps)`~EO}=Be3Bo)NPLFY_%5cj^KA0c4qY6HKajk{
z4--rLQN$9zj9A)OwZStDo@?+zV$sx6gI5~7mRQ<zt-*B$?;vJn!uDWN+-UG2gF7IP
z>XShXEztZ1=NVjNaEZag3?5@}mBBRz&o+30!933Spd;D}gL%ABp2rNu?DrM3?^fJE
zjCM|AAFBAE!R}pD@kvG9tB-pZm5mPO-bEGc-bEE0qCa1jfVp>31-o}q1-o}q1@pZi
z^>^>0vJ-{5cTokqcToi|qrYJHE~;SnE~;QJLhFCyJ@+ro*R3qgC7}Rws2+En%mpR<
zgM6r|ANy+JkSy4A3;^0CdAf5MHFYkgCh@RPV_;DPpDj2<61E8<<odcDjW+?DjTc6|
zc;zUEpUq!A;^j*`HZ6@eCng^ET_!j+&Fd@>HXd)1QtQkgn}f#t6|l`;O$+7a^^lD>
z3h}hO+_f6d=^gVThlH6e#Cs?vUYUu<xEgOOu+1Oap)_YK@%)%>5gg(StQzr9g|58p
z4mI8$U>k2P;#uP|+6S13rRz#)$&Y;$^V6E&ml99wh4D<c?(zqhgwHTBuOUpdxu#xt
z9-`&wgv{A;EJ3_%w}$tJel(8BV&g4DJZ)E$fX35z2Q`1|5l?>+WgLxnVobbR#N!KC
zY*+T3JJ;ue(|92qto2t?(2;l?L&N5;HY=JxhSvNIhadh&;*}xZ3I-C>{FTPUYec*{
z_%MI$Q#9Vhn0Rf_=yppiCK|6ICf@pP-nBmC@s}KpH#;WYUc`%6UXHEBbwZeEi?gHU
z<@tujTND$oL&qlFS|ooD#Q3Ga?^GAr`@?v&dt<h{$!r%@6xr?*G4V<eZ?KEt{n2>q
zV&WY@JndfqBk^98cx-dD8xikx54yit?Dp&H0CHG!{6_c{#rSd79TyG%CHz8Wp7Ch!
z0Why2&cMPrfh$AW6H^cqm$9Gu0)Dy<W)lXWv)GhK<e4txHHwY567lHAc)6G~9#5;Z
zFJOdkQnBCS#A94TyGIL#f#?OE=c9~=RhzxrI1Hkl0bWh>ho6I{UNwG3pFT(4^BOl}
zMhj!!YNfT1w*FhH-Lu@!+)GhA@@}J77Y`sA6s?wszGB<_KKPVj;_;KmiI&<t`*dyR
zaEssx6Q|A?TZ2(rzhj&4m!I$Vto3(Zc5*}5-GxliW3*=u{{;_d^_o#Nqh@+d`M5Yk
zRmXkK!R7b6{lOvB)ukSzy|PBv)jDUNMy##BB|jej?YU4(emq}gJUu4RFWxZ$U2KzM
z!W7KMJ0{q?!NrXc#_Iw#EeGmr>h#JPGmg9$c;vmn*4lC&8qarWqy6A#&s$n*qp{}&
z|5JTrWko^1etr6DlW+CCz$5Q}Yp)SakDM2HbwNFF`rqE>$5)l(f27GDY4cN#e8;q<
zbCLfm{rn8u;Bk`M+WX%H1^o*O-N|t4=faDJL-gicxG&D!V&DI6+_mlLUtV+FrOW^E
z+T@+<kH77e4db5mdW|E0kJP}C8u-6d1ASU}FW>RU+PCv@-!0C2{plNKCzhYIvHZks
z<tOYe&)i>rd`|i9tj-&=GP1Ic$>~#6UeK*e|Kf1@{_JD(x8>LGOs#(@KUkRaB3|_!
z*`ObI&FzWJ4cPYj+nMj^YhPa{hWq$8<<~x+TDvJfSRNddRi2Ssmoidc56jKtDjUPa
z&u+p>N8?ncHUZy<^naY+@L_7h$6RGZ&K$gbK2js*_Tn15!+k#3lle~M4LfA9*#DAb
zEL<M0IA_th&9j!3`)%eswRwJTGjGP^ZF<fwW-aoSRWEN@;bOc{TAcY#q?jKj`nTrS
zzK~kGmD#&4=M%0K`Sz@?)dy?!L7Dig0Lt`rqW}5)U~%on)Y|9si^_}cC@4=Ifc1iX
zyydxh#e8oR;}Z<ed?)%*O#ch{!9HB+1+H{o|1`JG@TTkZV)itU%Uy6d*V)Q-9_hcv
ztyA1|9aKbCpsmN{^l6&6r~7Z<DyAZsw~fzk<vML-o#LWCtnjzl5>VmW2bHI>#v{8)
z+QM6z??mFDF%<jv<Tva~ZP>%A+nrUO?sjcQ$(!A^8YpKt>Y#QjYXGb4&noZC>W=J;
zrVU5}<t#56&dj~#Wo}S*>N$OyXU??-ZF3(chL`)dy9Tr!8_L3~kHu`<y8onYhljtu
zJ=(f+rlI0$(Gsw0u}XT*@Z7qBWo;v^QZu*w*-d}*nTo)hqtj~l=Qn<x+PFWzXid0J
zs9S!~9K1iB(mDJhUXPY4UXB-UM+SXTIlbBLvvPao1PYd&7}*4N_fEVLUB5lGerJBs
zhHx=MEpnj-1u~+soKk}UiRJB_@U+*rZ!6D0+mUU&ndtu}KNx7-pW66MenB8DJe<*X
zNwf~pXw!1PMLF?3V4Ju7UmjuuNtE3Cpb})Eb`u+7K_ET6oWVYE!NQB8vF5}P-Nt91
zXDA7u6F`3u_My=f1W-W;QxHh?;_QmXS;VFk5w~;`AAA^<Ai5sbRiJ)*eo>$BH0Fly
ztfS69iALGwcDi&#y3>8!>5<SmKGYI2$9-2Ep2Ik65T{_7ZxFH-*?XUG??w7KxA*pk
z17996{agT56!g_@%r6=qUc@*XTz&=xe339&<*BTnNHg^MOVq3DFtxp>p@M>ehTZu^
z%fq`62>Z@O3a^O-%2^Yye!@O>qZ%D0+nFCstKXJi^kVoE7bo3|vmqL118XR%KWR#V
zCb|f)9r;*6(@-ZaP-g^kRg@M9l~tY=ua451)KMDiD8M?J6JCQz=ytfz1_jbhob)(#
z6!tZ#A|I<Lja9TLyn%6wB~E7(r*qso3N)#s0PD!dI@*N~u`|+e7YPTt$iD9rw~o@9
z)KQvf4Vpk<7-zW`r#Kp?I9~nun$!<v7ED9^Kof%kof+pvFV6629P~@g+E6&qq<*Ne
zppW$<{n0cp%JOKG<*u_%5zR|yo%X>V^hc2vl*ZZ#uy&*`nu9Rd@3voaeUWy&Mq`X4
z(VfPEX=p)_ZfKF0pJ~zjpcjg(FvihSiHO7^J<u*M&YWl**8^z@w9ig^b`#??Q<!!^
zae6Y>18E8LJOu)?^%GT?*9FDv$>R1w5SXo>sKT0dLAEc8+XFduMdZsqQS}wm2SvNG
z_<c}}zS1zpPElI^+kW&-JQ{8DAGR+-9}?+MwF!8ANc4m$FST)>zbLKYoz#Zi{_u-M
zpX6ubh(g_`bPhM^k$8UC^dthgaH@^Ar=F=8@?)!?hwF|0@HAAs3rG3K>6fS%JqpM<
zDp~}(%4mb=#qz%8_YS@&?qU0<=H+##ACVn_V_aTpI1t*20@uI9>I*L_+JGG5l!@hq
zv?C3c=Rk-TIj_?CbB8Hye^3y1h%f(Re>l*vhc$TE{t7i1Ij7L33u&8ULmGzFLV>rU
zz&xgJ^dGk0ic^2F{SE3bkpGQ8oYr^%=Ry9%_g_@H_B?VdjqL~XSloTl;<nO{Njqy&
z*hrJynuyw~ecNB;lbx}lsF*v0y#{wi$H>lze+?9F(v~qcj%zI6_!|$gs5ovE4QIGT
zE?l^^J`E+ceVUJZ!k7Ocs?OW9hwa;_jV5Ky%B{0kP63n@4ew)=)l(XpTG5Nl-6vk|
zm`OROi+he0j%_E{5o!55u_L4(_;>bnvCSA&=QHiZo^zoeU?wGZar--W#${!Ox(nD=
zY`VReQ#k4OqB?7#BXAv`(b<3Y9LzOj)L)v^-+%U8Ooit2g!Wy|$)bIMh^@&<87?|{
zrZ#N#7X@mccD?DGqBU$VeXuWF9X2~RYgUI%PtMZ(Z{upM$*Gx()2z>n2vqyLraJTa
z58-5p=beW;H{-QSYyrRg#+>0p{U3T49Ea`WpsZ-QqNhVm4iYHW&Ss}(g92@%t#)|a
zb45=CqTA@%P}7sML4l*9ad5TRyj)J}dLY9+2rZU5IfI5?j7E9!Fz0yDL*GtZ_#ghv
zEZ#Ljtgvy_?47vEwPD;dvnFNo1o-R==59>1Q2*XDGuLfJ+5!4#S1P$Q{LbfPC=~kU
zNV~+Yl42dMpW@L`&sU;linE_g=fuNK({nPkzsPo*9L6+uq)aXMNCCD!-LQ(vE0Z2?
zbJj$P)N)Vcb5|J6%M|T-H?Z-o!9{$l{SS{=daREtt7*K**uaa7IXH6Ril>h|r;oiR
zjMoO&*lRHFrrb1MTrLXx7^qkRMLV9HMJ!pQnds%g26r;3R~d6qwuX;md!0dnq=>MZ
z%PK28&AUYyiH&X*<(k8CwRlO$-KDqsWOv2A-^xD6yQk3XYB0{83eRD2G;X-OAiMLk
zPj9T~T#%jd`b*m?G77Sf!Qg8Z$7E%9`EvjMiY{5%$9}MTcg3-Zfs-}{PTUqaVRs;N
zf8hArm(9LAjYD?nxLyV0x_Zav&EQ%af9>}6O~+rG9vy$}l6iap^E-~e_UyNA__c1O
zZHjz7WmqvFX`3-)vEB3KcN~k&jTaYZB(W1ROA0oY>JVa?C1?1w?WQEo^9qg8>7wJ(
zH5t?G!|0f94UsY3`XxNKv)Pz#J?)roxjLp>Pp@{rNIAdL86CBRK%$-|BfLe%i7ags
z^=&rXTYeQrb}Pwu!@Xf-Hw^byP&(8<x;U#e?03VxVGKA7_m)+9UUW0t>Pk`W$o3r;
zWoS-x|HmEwZ5FPO`4j_glj{I|t&ICtarklH<hP7Cd+YGyzOgZD8~ztOScoQ`fr-X%
zs?qdmR^|CDA1&x5k>%>A%ju6Ab>_a$CYXN8TOY2cJYy@i{uWz*hSt%-_}n$0p=L_c
z{1B@TpP{CYrdh!H-bFnB^YQW^{h89@`S3jq`Y>hQ>BI6Jg^BU?x&L_U_Qi6pt0{f>
zJk4d8xb8wsH1fplFp=l`H(ZbW5=_e9156`N%(BsMH6|K)HLa8WAn3!CMjzr7OxzaV
zZKB0ncRF~k%k<}%=>HWat%pOv%maDKk`^xxpA}^srnGoIT&`0~KBtHeQ_TaP>Ck<l
z??S|jUnuJ`)pfZqC<o@B&zj=(g64Jd9Y&1fs81uS%40@liycDE3<@VJ#2qjWfm#|c
z4vXBlQ6tKK9J4LF5ugj3FNvQ$Zxu7Tn#mtx>0nd6IOtjnqscW5>_%scJHT9QP3Smo
z&8k5c#MXh~V=5qaNzC|hksMmT=EKZkd!{0cZ=@FDK7Rcl9A*w}?ijSRs3k>|;c-ck
zQO<P!_^2~bl6xB|O0_<&T(_vRTc1x`N3HodZNcb5pw^#>)T4yA+JFDJbL@4Z)_mMP
z_RvvFiX1gOF3G*gZI`nbiCPlg%#rTQkvyL8`FR@qdyYHD_tj|ZdpWLL4>#xip}!ud
z$Z#INu||yZgJh2VZ#v#SA1?FkM>+1?<ucEN{uMIMJ~SO~{PWpk8vD$2ys`chH|M<%
zmX6%qAoE^)?9XQ7)S=O{1M>O->2l0Cb%U;{sT@&xb>;LKm6uGJUNJ))Bl@#lPSbJh
z5LlgM96QyQw~mU+mCMH$1Yq1_in|)@-X9Pjzu~hDW^2`TxhECp8|?ahiNn5LeFhpF
zGPuOxu)(DU4>Nd_!J`cxV{n<l+@G3<Dub&Ho@#K7!7~k>W$<i+=NdfU-~|RRG<dPW
zOAKCW@G^r}7`)QpRR*s%c&)+f3|?<=t-+fN-ePc_!Sx1jH+YA^I}L6yc#pw*4c=#P
zqrnFZK4|bEgV|~5KIPLairp9nnQ(;h0!sN*gZV^)^1QTFoN2J%;B13~2Im>f+t(VW
z&|vqzuH<K+;X?+O7#udZ)Zk$Tk1}|)!EUSt*;bk1D-5nOxZ2>U2G<xo)8JVK&o+3j
z!SfAXVDLhN7aP39;H3sHGkAr;D-B*{@M?qC8obWn^#<1(yvg7#2G<!}Z}4`5cNo0W
z;0A;D7`)fueFirge8Av?1|Kq*2P187Z4B;UaEifhObcln8HVp_up8?_eEf#bHrS1U
zAwGGA&o|hOjUhfoh978f$lwx#IgW#t%Z;TWarh3e@}mqMZSWX_%M7kCxXR#agQptI
zu^Mz+GYy_)@N9$U8a&_N1qLrPc(K7t3|?yRGJ{tbywc!R2Cp`Ft-<RIUT<)%!J7=;
zVsM?o^#*S@c!$9|4Q?=akHLEl-e+*5!3PXJXz(F}c`>Q`sExrL3{EjP)!+<+yBeHn
zu;1WpgM$X=8Jur$p}|E44>UMraEZZTgG&t_X7DJ3M;koG;4*_N46ZV`+Tf`M*BCt0
z;8_OGHh8YV^9^2LFptN4KvB)dK^b6eF!}uW1M7gv7jV$sGtu#lQpscAtErD&m&?@0
z@!6jDVPlF<2G^DCb|pr>Y3zEG_Y?CEjH@*%3kR$a^Z6CQ=VTAN{B(=*95au`drib#
zPKucM<rNn(Ip&9$b>RF_55z;s^Ck+6*CUEo8NA!zE~tC;DK+?dgWdSD5|iJsR{xW*
zO~oS(zR}>v4W^dWzZ>dOG25!*6$UpN971KN&&>wEB$##O#ydnliO03|{D~hl_)~*V
zN5wHFedZbbyurufWmEMTYw-OBe`IhWc9i<hGI*20Dc_6wj52ts!Fvqug_~;{^JjwD
z9_kD}5f{hwAwR|7rws0d_M$#NH29AOA2Rqn#8dwz2JbcaG>qS&KJyITZt%&SqCP)1
z_!)zbN8{BvR~h_>U}P)dkimn~Jb&^x8@%1%t`H1k(r2u}D-Hh0;6mJBR{vQBKW%Ua
zbPDP-%;38Xe#hWbaGOc}rx^U0!CxAD7V=7e6g7c3S<Z7t2#?SS#L7<>p8Wx_@;3_4
z)rpl~A-o?cvGRWrJ{u{q@~;aYL`tmuN5bbJC03sIPMH6EaKy^@5WWyRvGOIt7l9{M
z{xabQf+tp<<M}Xt2t2X!ypAAW0-jj;hlCG<Csv;4_Vh0WPpteq!Vd#ato%QP9|fLR
z`D3L|8x5XV`BQ`+1D;s<^Mo%0Ppte{;VZxsEB`a$tH2X0&vQlQzZyKT@{b5V6+E%>
zJb$Bq4R~VZdEP~SCU|1yzY=~Hcw*&`mp*wmcw*&wp2IkE!4oS#O!)cWiIwO12K^U+
zCszJe;TM7@R(`4Qi@_5s|A_EQz!NL~y6{WE6Dz-0_+{XUmFGc#`B?#;SoxsvD?t-0
zUnKl0@WjfO3cngWvGO&-uLV!6{Pn`G15d2{UBa&iPptfU;cLMYEB~DEo4^w*@5T&9
zxwe3JV+Lmez!K#+SSMKhQ-!YwPpo_o;kSb)R=!mD9pH(Tzf}00;E9!=B76gQV&(4;
zeh+wJ<?j`KFL+|**9pH5JhAdSg>M8;to%QOKLDOsd7eCRzaIootbDfchd>i6-&gnq
z^Z~@mhlOtgo>=)Q!gl~qto*gYr+_C`{tn?&!4oV0nD80kiIv|hd{^+q%DZvmQLaqz
z#LBxd<H7sE6D!|I&SA2_6DyxBd=Nab@?qigz!NKfiSYU0iIuMwz7RaI@(YD80#B^`
zJ;DzJPprHfw;uTqfhSgehxnI(CszJl;ltpGmH$e3p7Rnbe_{u(Jq!a+tbCsEqrej@
zKS=n|;E9!=Ap98c#LCwQUk097`J05V08gy^ABC?1PptfU;j6(DE5A+nso;r~|6KSQ
z@Wjfuk@L)%;E9z#PWV~iiIqQ7_}Sozl`j>3E_h<)#|b|lJhAfggkJ!jSoy`mF9c7l
z{DZ<T22ZT~^TICyPpte-;g^CZR(`+m%fJ&Wf2^EKuK-W1d=KGQf+tq~bm3QlCsw{n
z_|@QvmH)BuYrzvMzd-nP;E9!gRQUDaiIv|Zd@Xol<zE+m6L@0f+spa?7VyN%cM-l0
zJhAep2wxALSouqY-wvKw`74Cq0iIa-p9;SdJhAc*2;TsnSoz0<-vgdl`8whEf+tq~
zpz!;^6D!|7#nW#icw*%<g+BnESoyH<2f-67f3fg~z!NKfmGB8TCn8pUiSTW}6Dxne
z@EyPtEC0CgDd35fe^>Za@Wjd=5IzGuvGPZuFXZv7D|lk%3x&@FPptf4;r-x=l^-p9
zHh5y?uM<89o>=*X!sme}R{nnB^T87<zfJf;@WjeD2ww!ASos6O4+KxFykD*>L*R*(
z?=5@@cw*&Cgb#x!R(`7RrQnH`zgGBR;E9#LL-<kPiIsm+_|f2rm9G<i40vMYcMD$z
zo>=)#axGi|o>=*lgs%cmtbC#H)!>PhFB5($cw*(J2wwx9Soyia&je4b{A%H6fhSh}
zDdA^>CsuyD@N>ZvE1#6=wa@wBiIwjx`~vXA$_IsC2%cE^k-{$qPptfS;g^6XR(_`N
zOTiN>|105_fhSh}_rk9LPpo{c@GHR+E5AqhRp5!0KOp>S@Wje@koyvA!4oT=C;U3_
z#LAy8{Ce=j$`2F17Cf=?HNtNKPptg)!fydjto#z;>%bE$zh3xy@Wjg33BMgYvGQ*V
zzXLq6@`>r*e%}e6Sou`p8^9AQ-$VF4;E9zF3%?gUvGSJ)zYjdI^3}pOf+tpfq3{R5
z6Dz+=_=Dhym0v6TA@Ib??+`u#*N()>zbkwj@Wjd=621d?V&zZNdrIJmmCqAC6+E%>
zgN5gB6vWC;5WXvTV&!Xu&je4b{Efo<!4oV0d*QRe6D$9?@Immz%GV3e-#Unu-!DAx
z0T3(Chf6ZhkMlPWV&%ICUj&|5`2oTY1W&AdSojclV&%sOUjm+3`Rj!bgC|!0cH#M3
z3bFDJ2+w;J#L7P>Jbz;$R{jm)c@LXd`9|T#fG1WyL+<sJfhShJoA4FjiIp!Bz6w0C
z@|OwE-)e}Jze4z_;E9$0nehA#hgkXhgr5nXSow#9p9P*+`HjNQ22ZT~yTZ=}PptfY
z;pc-VR=z!+_hozFZ$ZS$qswgh+cG#_(r|hk`KC%fFu%>hXK`;4yd3Er2LH-nG)d>b
z5NVcR-aG0kcs|lIiE#|05$pFxh5?hu?G^9aGJXJ9IVR?T>t0C=A6#NNoE!jv)nFoz
zQ#Xh8J1y4=&vFwdqragsmVR@F&(!j}F$0ly70l;{UH-YEVBJ<P%=4Qq%qMZOAAexH
z$H8yBe2dgCxChd1f_bkaj~M+pjac(j0?c)%BX#uvpGZAqgM|GM6W3+gi8Vh}!n5qe
zP09}cNZBRMP2vyPxUX_+oEL;=9T01rw}j6`O051L2=7Nqto5*8cy5kZzt3|NdGygV
zV*RF25SZVh>5UXk)nV3+pO_5_=EtP*`vCJ>kwr+46Wk9ef7;Aop<u+xCp+kU>qh)f
z0Yx9yEwO$Nho1WV8P=~4+M%)T^!qcc7a!Uf&5y~)g)rvdhkB;vWAaHEnLnT8KSV5f
z1B`5o`%Jgx;)@1Zce*VXQ?|u6s@n<^%eF=l%eKmhWn0z6KKy~r#H4tx!3&8+7fTIZ
zY4BQuYl+dX(CRQL-eK?_VpcM&5tCwSKye4;OL2z5eq!jImS=F0!6gO{GkA=_RR-4>
zJlo&}1}`y~_bK!{HoVuMnD+}5^O|2VuiF(j5JSr}UOy}5HL&6~sBguo24@-^BxYlT
z6&f5exRe<8S!kmTt}u8iF$D*kW$=817aPoTclGD_w-4H(@f=z)&w~~7Tvjp9M-}s&
zQn44I^}l=y9M$B0bEkJ9CTYr?b-HEBKEV1>3k#)9a=A1;*T)ivNWvDNL!OPg;QGj(
z^P>jO!DQp@KrD@cMG;&gI7AYbf<RoK@#xQq^Ocxvyq$;_uN-CY<2oTsw5|w5jWZq&
zNs)N7fo;4-#FM6hC7vJCp9&6f1~v+T*sm}i{WX8T2Db4IB3=-j8vSTXFxmW7BM|!$
z#$%Jxc#i?wcz!I<7+4g+4+{>FgzZ5ftv{w3uO9gSwRio&QB`R+>5dRh3rVCfkgU_`
zbR>x(Hl3hNjL=5J3<L~_R#;F80YN76OKOHK-I7SKtdXrD=vLv#uE~hXI*x+qj5R|s
z3AzxNpaF3=IxrOwoq&i5XbB9;o^$*AUSFDyajK?j|M9EbzUQ9z-E)7u`|f-F`n?-l
z&)<jMpCnHhF|Eha<5a48$AE1;{?-()|BgzYFk;$y=xP6P3RXRe*?IwPu#DSi1H=#A
zYpgFn5Byl4{`~kn3AH&kXw)l+K=Y~9NP`n`ShfubM#mK{6P<SC$LP&MCOM^;oT}%K
z(W`=<?l(TKPd}!|#^^1<27UL8f~q$rMsF7MTF}uPSA6e4_3n((YrzTs8VZT2-jo=<
ztVxk`G4(j7s9s%+UKjK>tC;vPIX_0P5_(6$Q;&}wsa`{j-dYrP8@8)y{T_|c3smC!
z6`ZKYYZcY|&ltT<=<#=cHPw42MsEf5yx^#pji7pOg2SIPUb?fQ@2F8z^>~gW4wHnf
zpBx?cIY_JC&KNy*2Io;V)#H6>yWAxB@j6>g{r)$m+|4LA04KJC*Unn*sTjR7=*8>j
z&tvqupf_FgIKQdh092awV_CF%=-m{7=9AkP2E$KI<%Zt|zmP$Z5BkuuMK6-Vy(#!{
z|Ej4U&+n{5ST>YQi9BP#_7);&{fc7r$}s48Z$(Y@@?-RxphrLI6(Oiz8nDhS)Cgqb
zf78a%qpn3KEWplR3j&9yc`lE7oCkTyVe6gAjeI8rZA|O8{Qd`{3zvKQU&r}}_4>63
zqjCT5rrCRf`-OWcYCrrRpGaT4gs42)E#~-UGIq?L05=<f=VQGFi#O&gkx|DvTpj$-
zf|}sy8=}L$zqQLpm5jO}gk!_&?SJj^j*%z`yPMa=ykfgKp)_Isr<X5W{p$QbEIYlZ
ztn{lpUU+ocps8yXT=wj*KV0>rVSBq~((~I37sj1M=tby3Aoqj)<9eXnH>|WIIA_@H
zTa$yn;lZ~PgL8&E>oDxj-s{?SsxZmp#&BsdC+K`nHr8s+;zuDr%J@;qk6HYv<HsW&
zm#;3vS2xU8H+(0mYSsX0%T8}iy|O30b*-x=b4Sha{WZgm)MT8hxf%;@`I<QfQ9yq0
z(8uoaxTj^OPQX~{%1JA@ts<!)`^T=#;ulwa;c->>&dE;Q$yuYSyy?l{?Bb@7drVTM
z&vSaj^Cz+fb@o2aYm$VHqNe=DR{WFqcRSjfvaa$Kiu^aOtl~Ugv7#vN^?{HlP<l(i
z7r;5EbZkd)(;4?UUw*yj^E{-k$d;oxlC7B8LiGhXcGil<{G`m2WvBk?bM5@g1<z$O
z8Xqq~S=~$9Zt>JQYxW#+dA8~T8Qw!!Icu1+$vZMoa58Ude(RZ<o?swQmKqorC_P!x
z*j17?6;;g5b76CDX)w=Sa59t_tVs?wxqR8Y8-eyf_x-$jX&ZHiI-5{TMcR)KSJ#Jg
zv3l2-EdgI@cywwY=q()?8dW-W%s#9y-0Z3KWnbw?ZOz-~NM$|cBv8Q%SV*-jP`xhz
zg_1z&g}lbhU{`V4EvTTs+jaaxb#LkDZujvoJUPDXD;&M|^O~c2wN?U)`80=fyw!)j
zxvAk|snnL^rwfXFH7UWS0nS=mrr%^~tVq8(o6v6+tp)z-eN|<Fz_`>vS)kNc(Rf`6
zs>Oc0tvl(sucEiK1l2lntksi~x5cWLU`S@w>INjLo3XlCuD7Dz>rZ7<*;&<xyIYTc
z5^BY&I5i&B%~|Hi)QwlW99L$aI-9sp+bj0<lmr4}O^3BtH{LW_JFL_7Q9C=V)BVvw
z)T=cjv6s72u(zG{iYBlYSS$OhIoe-^q56-C#~j8g;`N@|yu*&hR>jnK%1IOkD)trl
zyT%2o53^wyV(6?%PG_|x?J=Fz=H9b|`!N3SLY?ZJ_Exus>e*LY?7nK=bJvW0GnN(<
z<~Qe$^3;x$WyjIB=-4v#(t%cpv6Xk&I~LUol%xj6Vr*46&UCs8gWrrTbk%#`b8O{t
zYz4j5t%2NB4F1SoJe0R(&#ALDA06CZ<FdyWE2c{(qQh`pM#mSbR#b5q;|qHc;|s$c
zUG@{F%XECTxm%8`#4+it?Zh3a3-lPxq0S~GtD8GUV}J$xsU4B3wO6+uziY;p8B_PX
zyF1NOTb1jLbn)lxGaaWVxi2+Qgw>}Ca?J3m-V*pKwdc#gIbW#p;aj`LbLdYT%_%L^
zJMq>tN#{;^a&+E-;QNZbCplL{=b)2;mXY3yX6(wAy<FyRPf>OKxzS^=DDm0Eyv8Se
z`Hf|#LX9{2TmyE0>$wcm@qna+uH3YOQ6YE1wH2<?k}<B#yIx%VSw-)Ll95S~26$W(
zcx~=`ZPf&P+jhCKGk0VU-=96~NOs1l?5opTm+-t`)>`_o@mT%YrTK}6+<TLT?jMY`
zp^|P+>Ikk11eUk>SKa7x4Jb?Sq__B=0^C`eke7I5hu7!JC_6o3t7}3i;r8@<E8X7W
z7H!-&u27;cCxZ(md5cy?Dr1;}>wUEu=MMF>x7@!!fVGhZ>1t@YD*89BgGVaen(|Pm
zHUlRm&tQB5^9<gJ<|KGL!Pi<aO{>=g+;6NLY*uBG$>7|f9qlcX2X~G2Iun9Af8%No
zmYv!a+`G*)*@JbIBu8H2jyV}42T$O4H=H*oTqZF}cJaHP@3lwJha(3kV|}U4#_swv
zOCzgHrMLE6K5BRNhiS(Wy*s@7cX)@so)YwBM4Id?%*YG|>oN*tK`ErmR*l$NSUJc$
zrN!fR7Ku7imoa%zbWJDi#k+$8c|J#`2Jd+I7mQTdVcyBP!NTF;;?2Rj;T^s-ob&C4
zrpi4Frg<JHudFWjESy$3Bk1`_dF4L`D`%E_=1%j>E3ceY?zw+j<vl^q{PN0sgO&Gb
zfsZ@a44rA+iE`b5_N{q6I43hwHg~|qYm4=`YUDCS*OQVl6=y}Le=1D6*_E0t#}^X)
ztluSlyVrHdtlbqZ@wNn4bwn2LT34vmK2Z)OkERTkGpcfS!%VXxYo`63Yhk68H!ZQ(
z!cx_UBJP9f|MiH|^6$SE7Vf27|MT+3@i#7g?{6({zVPQakIme1_n6+a-WeMo8@KL*
zd$WGM{^fz4i8EKFZ(lvi|MtIn?pl7&_GRC0`OC_e1{{2LdGE8Wtq(kV^zqxbf3fpF
zS_ii`d;E(FkBxk}Vfn;^|FwD6M^Bvn>9nb1*FU&()TXu(?#;U%o$<%hDP22nZ+z*4
zskM6s%+JpsvigeOjR<9D7M*{vaPn1GhVGpH&=vFkaK*x(7VX|qzq)YQy5{ab{%X?w
z!#6E?a?+0Hr`GKn*1c|@f50>UvwHNPFPAheOdZ;~aaeNQjn`EEtYXBQ+cuYM^<<5i
z_;TlzJN9gtd3tftf|HN^V)^3Q7gh{e(bkac+O_7~h3#uUtE<}h_48-9pIWhW=l{q5
z8O5;nBhdJDj>g+RG~59*reBgZ=GQ$Mzv|JH*I2jvu?+{0F={KOzG9Z4nEB&j>M74M
z6@MRpxI0UN@n;2|7Buz&^Ji3=)|ptB%fg*Z<Ik97(x(!^gTTDi2();4uLIAr7;D}_
zVEzotyb}<(op~z|l%E64uN&m&Av}pd{~iSOKLz|T8c+TM&et&d6Xzl(e-2pv&jSw-
z-bDbTKQY@+{|t*q(wO$cCZwpvn8v)skTv{o5YxyLlc(nE2wI0XfcdK{)4LF~PuhSd
zBG5k_r26w`PObBBi_fxnA25yO5^K35fVqi$9)Ri;k%W;aPD9Lc$5}j*#<cBokYb$}
zFG8Sy2Lg>c#N1!x-$%Goa2H}4ebiJ_`++fwrVqy?e<q@i-nQ>AFI?m5^N|b}0%IC=
zh;`iFMiLfJe=>OHWlW<Fv9_@aI0b?AH1|so$J60Y9n@h=i|51b8v63Fk0bRVr+vl8
z8EEnJOTbf~vGz0lwJp3ot^2FbKKYI%-<Hj*t0~fz(qwfp+|P<xbj?}tjH|L;x;a9|
zUF9vZ$t<!IqlvYXqUH6qavaKvD;rsO30s}zn<8tMX-h8N{#_+sx-C*=YyGrKM0LTZ
z?^;VP?!s}=21~JKX|_Ik*KCW^wH9yptFH1EEhE~gx~(s@i@Phj9N)$HzPq%@|M)J7
zO2u844!g|i*^Bj^Ze6x`Zq4$VqDcuw|IlUXaM17+6*aeWc@W{;&a|azZ`2vcZKjMU
z<#sMRB3%FL&e^}-Qje$8sBxV(+uR9!N-An@^GlDNE{-OEF8%F*(?rx_e;aUL^lKOM
z^Ov5ext&$wBAnYyHTHISKuRdLIUU*Cd3uOi|LX+eM`6n@T{n=^VAR}Z^-()*|LVy0
zgv_L=9;pEKB+Inj0;c(Uv>MZTA|uDNk3fv+d`%!`x>VB4myYo<Nz&{Iu4AVs98T8h
zxJ-Rewv$iCultWknkSufjE|p7nkRvDjF0t_=1CwO<Ksn1NAyM|B*@xz57yMxEw1G%
zdCMj|uwvfag!_3s_Ol+|#dC*qD9aS=q@79kVup+4MHOVpJkHV4RrB=lcQWcRpWsD1
z60;+XVL$3~c)X}cluqa9NX&`&n2T<~UW+#u?84_+JdZTZ8?dlBv5G%Wrs`8>;jo3r
zTe!l)l@_kD@N^4TTX>d*XIpr#g%?=3&caJ9yxhVoEX;AFZCPpI1`9u7;WZXsYvHFY
zyxzhaEZk(_jTYWy;a4oY*}`vF_$>=>vv7-r-?4C;h1)IMVc`Q7?zHeh3wK%gsD-<U
z{rC_|%#DB~M2Xi%a5C|T2=)-WBRG|qS8T8$2#Pa^C2tn7<n<CuUKXi7fKFaht{fxZ
zS+4k)az)>iEBZ#06N*?Og%yjx-9~QGXEY5jKBf-R7SncHGfx#`+9Iboqr<CU7<Kq%
ziS_04O8UGw&(`{kIDezkXTkk~StjRS^6YO)6H|w0Mq;)*B$)kOL5zCdftY7I;!4DD
zHU3_~`rI>{F$Dd_FCVuGz8mp<f)68JNX!bro<`8;#eXH3?R!r!>-;$}G~d1q&t<UP
z$jj`V7G8{cDStV96>qR`2|7{v_bj{+y2|e-MxIX*e=Rs^0G?a7F#Cx9>^I^RA3k7S
z1m@+JZ?>Pf5OK9&_T|rrk(c?1^%?6`!n4nbm48)uFJfZle=j`uEwS<+lSjG75PvFo
z9^$_dqg?JEV)Y*=eaLzeD{t0jf`0%!vGRQ8j5;OYiIu-k_z-wv<rfKG2A)`XKFdX&
zFnD6+Ulx8mcw*&$Cp`O*SoxE}b4(H|e@^%+@WjdwlyNd0JhAe{!gF5{D?d*7S>TD4
zpCbHh@WjeLF8o~Z#LBM|egSx5<)0J24m`2)?+L#IJhAeB7JfN+V&#tuzXCk5^4DN2
zu%90RPpo`_@GHR+D}ST#4d98DpCkMe;E9!AB>Woi#L7P`{95qD%D*oB)8L7f-!A-m
z@WjghN%#%miIqPmd=q$L<?&0AY41kx#L8bK{3h_k%1;#j74XE$-!1%R@Wjg33jYRp
zV&$I_{w?st%0DOkHt@vCzbbqScw*)MD*QX(iIqPsd>eRT<z1YYuz%aZ6DwaNd<S@9
z<x7P>0G?R++lB80Pptf-!XE@rto)P0cY!BX{+GfZ1y8K}F7nt<dlByu%$u5=XUX$M
zrdcNim^UfEAdhx+!-qJ<4*+`sVF=p)Tf{G0_%#c^Bls)C{57Bc0mN5Z_(vAz^SkPE
zorU=wggno+xq^8L&J)ZVlL5i}CS}f{@aK)mu<#QQ-zu0lCYh!t$6*yQ??}RkQ&<RW
zE&_SD8Ju!0*@T3DL15nBAbyM(KFNaheI9=QA@4y<tnVqUBagfsw>-w^gYGq0-$B|g
z{1C*%%6AB#ftXn9^Re(*h>5ihp9$|pOssV{O&)bPhxlv3ZHSpBUxfbQKY3=|{NRYS
ztiANXICvj1HXF>k@Oz)WH$|*<4vNnl#N)&VMMTy$%Laf=L113?A+gq<*DK`Nhs0X{
zS>&Y-i^PY0NUYaCzYv~%NUWN>gl8WTt0wdF{W{hi(gri{6~r8XFk*cd4zA97T*N7C
z6pZ6<2pUp`m}L<28pKD;i$oZ))~5)VJhKyPKTjl&3%x4Dcud#e$%u{4PyoRxtSl@K
zLHz^7@S!HLmc=@eXFn5bS>uIgKND*kP21TaFw=Gx0yAa7ne}B=xCSMUM=voO4f7(X
z{wQF+=NUpgT<~bb=Gu4|fZ!Ag!g3MRpSnZf!?qBo@Ix$da0IYDiQIuOMu{AlFjht1
zJ@XRFeq{X<xpQIcpG4U&tY4z^ZJ1cvUO_DFsv?#;13K@&vG24Frd+9mpFGAe&6Fi|
zVE=0!jK0)iI(ezXY+|WH9kJA51+mnjff&apZ7qW04Hn*H;Wvm~_<*$_C~miKr-hGN
zxQ7_$1=@K8#e8f?G3RK-UJDmmIAr1R7B=t5iT*5$Utr<o7G7!LH5OiP;f)qH@5qV%
zHu4-)ur>=HuyB`!PgwYjh0Qy1qGR5X6Kvj*6Kvj*6I_D6*K)%aHt)!Zk9kK<uz5#L
zuz5#Luz5#Luz5#L@Y9xNlZDMYa^hp&k&}7Dydx*rydx*rydx*rydx+0OKJ*EKwm2M
z5OX4gWmwp6;edt9EX?=v^*zJs7M^WkzT=*l9MR`{>WcZUxnjOsr<mV26>lQumuA=-
z7H+X{yM_5)o%$cOFyCj>cMi{6I2rw_JkOu{KB3pbg%;*ofr*?jVB;-ZWnsSKq&^EQ
zyqp+wDQ%^N*I0PHg*RGwvxT{Cpx&#DsP+Hpg$ss$g6wAV-P3PngQT%cd=iIE3g>Uk
zRc!7}2+YrIOplSY>Qy6s0zpmnN<i3p8PMZ6ryh2LqsRPq{W!Pefm2hxJ3-ibub{%5
zQ>n+H&26mTLkPBB9THjK)KqT~2wTq&C(h&48z|eT_iqTc-V;cu1~xhP3Bh5Kuoci_
ze(G@;YyDmUw)Hp%#?yOA@`Mr78Z5mOq*ZSZu&uWi2|47L&C&jE!C{iHwb08z%=&R?
zs@`#6TaWW{DmXQ*>n9+H!?Ix$^mwkM9#8SA$NM6--X<hegIN{xdezqJwA#zlvg+l;
z=)Ka1-Ze3LM=d>`&Q*^OGvLoTK6t)~*MFrkdOcSE@iIX5X2j^dMRChC$@@ISJQiqu
z`OSk9>(ig#V$sv%l6rDUV)R)*+CuQeVJ2Y7xKPz`%IiFBM?;KW2hu!N)l~1%7`-9T
z<24P(0lLW1`(=zC&#(Fr4K-Eo-(&PPLT@%2MLqt`rS<!5j9wU>#C@rzdVCU>I4m2I
z{8&!|9QC{is`oB9{5j)bB@Wsyq}5b!H=Jy}^SQW}3McCM5LEAz7`@rJ7-#*}RIe*W
z@4&Uu<H!$Z)#EkaMfHQ8T$UP1)jJ=fmoy@JoI~2tGuJvu>v(w@dbb&+$cO52ZDiuG
zY|DaP1u)y2hoJQv6H~u~(3>fF7^xnwrEI;q&}+bU>J^9|$K#zbdLc}Da#@Y7Q9a&2
zwDr2J_7;jC_2$RuRY4DwV_LtJF@DqG$L~FA>i2L=x$F#`|E`BK{aEfZF?wsD7q6dr
zZnWDGfS#U@_+3o(Hj5r2V+WvT28N`ye!mw#)`@lim0=&NaV#;s4Znd(A|5Q?`IMp$
z?E}$^q;Q`Le)fEze!L#F+tGk_G$0epz5zkoaU@3XIq0=%<>9A#hhp@S^CN!L3t4(R
zN9Y_0m@psT-#$ZLHPvHm(FxNzc_U*PqHF|KAr*n=Y+G-72JW4MQ&YVKwWETe=qq{N
z{@%&^;XPFC!DxKxvn2K&;(oCA1k=_)flTbPCQ;@1C=)dIpU!=}R<%v{Eyn|~mfn{i
zrksn;(S7-GKBAr;lk|&sOme=lkIBVIbF8ar{bI-bOK>PxC&cQ<*zVC2NY6${MqnTG
OHRdakQ8nP^;Qs?+-=Cxa

diff --git a/components/ssl/wolfssl/source/cmake_compiling.c b/components/ssl/wolfssl/source/cmake_compiling.c
deleted file mode 100644
index b80224b1..00000000
--- a/components/ssl/wolfssl/source/cmake_compiling.c
+++ /dev/null
@@ -1 +0,0 @@
-// Just for passing cmake project compiling.
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/asn1.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/asn1.h
deleted file mode 100644
index 6d22c4b1..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/asn1.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/* asn1.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/* asn1.h for openssl */
-
-#ifndef WOLFSSL_ASN1_H_
-#define WOLFSSL_ASN1_H_
-
-#include <wolfssl/openssl/ssl.h>
-
-#define ASN1_STRING_new      wolfSSL_ASN1_STRING_type_new
-#define ASN1_STRING_type_new wolfSSL_ASN1_STRING_type_new
-#define ASN1_STRING_set      wolfSSL_ASN1_STRING_set
-#define ASN1_STRING_free     wolfSSL_ASN1_STRING_free
-
-#define V_ASN1_OCTET_STRING              0x04 /* tag for ASN1_OCTET_STRING */
-#define V_ASN1_NEG                       0x100
-#define V_ASN1_NEG_INTEGER               (2 | V_ASN1_NEG)
-#define V_ASN1_NEG_ENUMERATED            (10 | V_ASN1_NEG)
-
-/* Type for ASN1_print_ex */
-# define ASN1_STRFLGS_ESC_2253           1
-# define ASN1_STRFLGS_ESC_CTRL           2
-# define ASN1_STRFLGS_ESC_MSB            4
-# define ASN1_STRFLGS_ESC_QUOTE          8
-# define ASN1_STRFLGS_UTF8_CONVERT       0x10
-# define ASN1_STRFLGS_IGNORE_TYPE        0x20
-# define ASN1_STRFLGS_SHOW_TYPE          0x40
-# define ASN1_STRFLGS_DUMP_ALL           0x80
-# define ASN1_STRFLGS_DUMP_UNKNOWN       0x100
-# define ASN1_STRFLGS_DUMP_DER           0x200
-# define ASN1_STRFLGS_RFC2253            (ASN1_STRFLGS_ESC_2253 | \
-                                          ASN1_STRFLGS_ESC_CTRL | \
-                                          ASN1_STRFLGS_ESC_MSB | \
-                                          ASN1_STRFLGS_UTF8_CONVERT | \
-                                          ASN1_STRFLGS_DUMP_UNKNOWN | \
-                                          ASN1_STRFLGS_DUMP_DER)
-
-#define MBSTRING_UTF8                    0x1000
-
-#endif /* WOLFSSL_ASN1_H_ */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/bn.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/bn.h
deleted file mode 100644
index dc6f1271..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/bn.h
+++ /dev/null
@@ -1,181 +0,0 @@
-/* bn.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/* bn.h for openssl */
-
-/*!
-    \file wolfssl/openssl/bn.h
-    \brief bn.h for openssl
-*/
-
-
-#ifndef WOLFSSL_BN_H_
-#define WOLFSSL_BN_H_
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/integer.h>
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-typedef struct WOLFSSL_BIGNUM {
-    int   neg;              /* openssh deference */
-    void* internal;         /* our big num */
-} WOLFSSL_BIGNUM;
-
-
-#define WOLFSSL_BN_ULONG mp_digit
-
-typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX;
-typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB;
-
-WOLFSSL_API WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void);
-WOLFSSL_API void           wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX*);
-WOLFSSL_API void           wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX*);
-
-WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_new(void);
-WOLFSSL_API void           wolfSSL_BN_free(WOLFSSL_BIGNUM*);
-WOLFSSL_API void           wolfSSL_BN_clear_free(WOLFSSL_BIGNUM*);
-
-
-WOLFSSL_API int wolfSSL_BN_sub(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
-                             const WOLFSSL_BIGNUM*);
-WOLFSSL_API int wolfSSL_BN_mod(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
-                             const WOLFSSL_BIGNUM*, const WOLFSSL_BN_CTX*);
-WOLFSSL_API int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
-        const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API int wolfSSL_BN_mod_mul(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
-        const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void);
-
-
-WOLFSSL_API int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM*);
-WOLFSSL_API int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM*);
-
-WOLFSSL_API int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM*);
-WOLFSSL_API int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM*);
-WOLFSSL_API int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM*);
-
-WOLFSSL_API int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*);
-
-WOLFSSL_API int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM*, unsigned char*);
-WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char*, int len,
-                                WOLFSSL_BIGNUM* ret);
-
-WOLFSSL_API int wolfSSL_mask_bits(WOLFSSL_BIGNUM*, int n);
-
-WOLFSSL_API int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM*, int bits, int top,
-        int bottom);
-WOLFSSL_API int wolfSSL_BN_rand(WOLFSSL_BIGNUM*, int bits, int top, int bottom);
-WOLFSSL_API int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM*, int n);
-WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM**, const char* str);
-
-WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM*);
-WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM*,
-                                            const WOLFSSL_BIGNUM*);
-
-WOLFSSL_API int   wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM**, const char* str);
-WOLFSSL_API char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM*);
-
-WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
-WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
-WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM*, int);
-WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
-WOLFSSL_API unsigned long wolfSSL_BN_get_word(const WOLFSSL_BIGNUM*);
-
-WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
-                               WOLFSSL_BIGNUM*);
-WOLFSSL_API char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM*);
-WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int,
-                                       WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*);
-WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*,
-                                                 WOLFSSL_BN_ULONG);
-#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
-    WOLFSSL_API int wolfSSL_BN_print_fp(XFILE, const WOLFSSL_BIGNUM*);
-#endif
-WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
-WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
-                                        const WOLFSSL_BIGNUM*, WOLFSSL_BN_CTX *ctx);
-typedef WOLFSSL_BIGNUM BIGNUM;
-typedef WOLFSSL_BN_CTX BN_CTX;
-typedef WOLFSSL_BN_GENCB BN_GENCB;
-
-#define BN_CTX_new        wolfSSL_BN_CTX_new
-#define BN_CTX_init       wolfSSL_BN_CTX_init
-#define BN_CTX_free       wolfSSL_BN_CTX_free
-
-#define BN_new        wolfSSL_BN_new
-#define BN_free       wolfSSL_BN_free
-#define BN_clear_free wolfSSL_BN_clear_free
-
-#define BN_num_bytes wolfSSL_BN_num_bytes
-#define BN_num_bits  wolfSSL_BN_num_bits
-
-#define BN_is_zero  wolfSSL_BN_is_zero
-#define BN_is_one   wolfSSL_BN_is_one
-#define BN_is_odd   wolfSSL_BN_is_odd
-
-#define BN_cmp    wolfSSL_BN_cmp
-
-#define BN_bn2bin  wolfSSL_BN_bn2bin
-#define BN_bin2bn  wolfSSL_BN_bin2bn
-
-#define BN_mod       wolfSSL_BN_mod
-#define BN_mod_exp   wolfSSL_BN_mod_exp
-#define BN_mod_mul   wolfSSL_BN_mod_mul
-#define BN_sub       wolfSSL_BN_sub
-#define BN_value_one wolfSSL_BN_value_one
-
-#define BN_mask_bits wolfSSL_mask_bits
-
-#define BN_pseudo_rand wolfSSL_BN_pseudo_rand
-#define BN_rand        wolfSSL_BN_rand
-#define BN_is_bit_set  wolfSSL_BN_is_bit_set
-#define BN_hex2bn      wolfSSL_BN_hex2bn
-
-#define BN_dup  wolfSSL_BN_dup
-#define BN_copy wolfSSL_BN_copy
-
-#define BN_get_word wolfSSL_BN_get_word
-#define BN_set_word wolfSSL_BN_set_word
-
-#define BN_dec2bn wolfSSL_BN_dec2bn
-#define BN_bn2dec wolfSSL_BN_bn2dec
-#define BN_bn2hex wolfSSL_BN_bn2hex
-
-#define BN_lshift wolfSSL_BN_lshift
-#define BN_add_word wolfSSL_BN_add_word
-#define BN_add wolfSSL_BN_add
-#define BN_set_word wolfSSL_BN_set_word
-#define BN_set_bit wolfSSL_BN_set_bit
-
-
-#define BN_is_prime_ex wolfSSL_BN_is_prime_ex
-#define BN_print_fp wolfSSL_BN_print_fp
-#define BN_rshift wolfSSL_BN_rshift
-#define BN_mod_word wolfSSL_BN_mod_word
-
-#define BN_CTX_get wolfSSL_BN_CTX_get
-#define BN_CTX_start wolfSSL_BN_CTX_start
-
-#define BN_mod_inverse wolfSSL_BN_mod_inverse
-
-#ifdef __cplusplus
-    }  /* extern "C" */
-#endif
-
-
-#endif /* WOLFSSL__H_ */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/crypto.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/crypto.h
deleted file mode 100644
index 0f195b1c..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/crypto.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/* crypto.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/* crypto.h for openSSL */
-
-#ifndef WOLFSSL_CRYPTO_H_
-#define WOLFSSL_CRYPTO_H_
-
-#include <wolfssl/openssl/opensslv.h>
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef WOLFSSL_PREFIX
-#include "prefix_crypto.h"
-#endif
-
-
-WOLFSSL_API const char*   wolfSSLeay_version(int type);
-WOLFSSL_API unsigned long wolfSSLeay(void);
-
-#ifdef OPENSSL_EXTRA
-WOLFSSL_API void wolfSSL_OPENSSL_free(void*);
-WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a);
-#endif
-
-#define CRYPTO_THREADID void
-
-#define SSLeay_version wolfSSLeay_version
-#define SSLeay wolfSSLeay
-
-
-#define SSLEAY_VERSION 0x0090600fL
-#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
-#define CRYPTO_lock wc_LockMutex_ex
-
-/* this function was used to set the default malloc, free, and realloc */
-#define CRYPTO_malloc_init() /* CRYPTO_malloc_init is not needed */
-
-#define OPENSSL_free wolfSSL_OPENSSL_free
-#define OPENSSL_malloc wolfSSL_OPENSSL_malloc
-
-#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
-#define CRYPTO_set_mem_ex_functions      wolfSSL_CRYPTO_set_mem_ex_functions
-#define FIPS_mode                        wolfSSL_FIPS_mode
-#define FIPS_mode_set                    wolfSSL_FIPS_mode_set
-typedef struct CRYPTO_EX_DATA            CRYPTO_EX_DATA;
-typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int idx,
-        long argl, void* argp);
-#define CRYPTO_THREADID_set_callback wolfSSL_THREADID_set_callback
-#define CRYPTO_THREADID_set_numeric wolfSSL_THREADID_set_numeric
-
-#define CRYPTO_r_lock wc_LockMutex_ex
-#define CRYPTO_unlock wc_LockMutex_ex
-
-#define CRYPTO_THREAD_lock wc_LockMutex
-#define CRYPTO_THREAD_r_lock wc_LockMutex
-#define CRYPTO_THREAD_unlock wc_UnLockMutex
-
-#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
-
-#endif /* header */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/dsa.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/dsa.h
deleted file mode 100644
index 16fd2d33..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/dsa.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/* dsa.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/* dsa.h for openSSL */
-
-
-#ifndef WOLFSSL_DSA_H_
-#define WOLFSSL_DSA_H_
-
-#include <wolfssl/openssl/bn.h>
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-#ifndef WOLFSSL_DSA_TYPE_DEFINED /* guard on redeclaration */
-typedef struct WOLFSSL_DSA            WOLFSSL_DSA;
-#define WOLFSSL_DSA_TYPE_DEFINED
-#endif
-
-typedef WOLFSSL_DSA                   DSA;
-
-struct WOLFSSL_DSA {
-    WOLFSSL_BIGNUM* p;
-    WOLFSSL_BIGNUM* q;
-    WOLFSSL_BIGNUM* g;
-    WOLFSSL_BIGNUM* pub_key;      /* our y */
-    WOLFSSL_BIGNUM* priv_key;     /* our x */
-    void*          internal;     /* our Dsa Key */
-    char           inSet;        /* internal set from external ? */
-    char           exSet;        /* external set from internal ? */
-};
-
-
-WOLFSSL_API WOLFSSL_DSA* wolfSSL_DSA_new(void);
-WOLFSSL_API void wolfSSL_DSA_free(WOLFSSL_DSA*);
-
-WOLFSSL_API int wolfSSL_DSA_generate_key(WOLFSSL_DSA*);
-
-typedef void (*WOLFSSL_BN_CB)(int i, int j, void* exArg);
-WOLFSSL_API WOLFSSL_DSA* wolfSSL_DSA_generate_parameters(int bits,
-                   unsigned char* seed, int seedLen, int* counterRet,
-                   unsigned long* hRet, WOLFSSL_BN_CB cb, void* CBArg);
-WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA*, int bits,
-                   unsigned char* seed, int seedLen, int* counterRet,
-                   unsigned long* hRet, void* cb);
-
-WOLFSSL_API int wolfSSL_DSA_LoadDer(WOLFSSL_DSA*, const unsigned char*, int sz);
-
-WOLFSSL_API int wolfSSL_DSA_do_sign(const unsigned char* d,
-                                    unsigned char* sigRet, WOLFSSL_DSA* dsa);
-
-WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d,
-                                      unsigned char* sig,
-                                      WOLFSSL_DSA* dsa, int *dsacheck);
-
-#define DSA_new wolfSSL_DSA_new
-#define DSA_free wolfSSL_DSA_free
-
-#define DSA_generate_key           wolfSSL_DSA_generate_key
-#define DSA_generate_parameters    wolfSSL_DSA_generate_parameters
-#define DSA_generate_parameters_ex wolfSSL_DSA_generate_parameters_ex
-
-
-#ifdef __cplusplus
-    }  /* extern "C" */ 
-#endif
-
-#endif /* header */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ec.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ec.h
deleted file mode 100644
index e3497143..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ec.h
+++ /dev/null
@@ -1,225 +0,0 @@
-/* ec.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/* ec.h for openssl */
-
-#ifndef WOLFSSL_EC_H_
-#define WOLFSSL_EC_H_
-
-#include <wolfssl/openssl/bn.h>
-#include <wolfssl/wolfcrypt/ecc.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Map OpenSSL NID value */
-enum {
-    POINT_CONVERSION_COMPRESSED = 2,
-    POINT_CONVERSION_UNCOMPRESSED = 4,
-
-#ifdef HAVE_ECC
-    /* Use ecc_curve_type enum values for NID */
-    NID_X9_62_prime192v1 = ECC_SECP192R1,
-    NID_X9_62_prime256v1 = ECC_SECP256R1,
-    NID_secp112r1 = ECC_SECP112R1,
-    NID_secp112r2 = ECC_SECP112R2,
-    NID_secp128r1 = ECC_SECP128R1,
-    NID_secp128r2 = ECC_SECP128R2,
-    NID_secp160r1 = ECC_SECP160R1,
-    NID_secp160r2 = ECC_SECP160R2,
-    NID_secp224r1 = ECC_SECP224R1,
-    NID_secp384r1 = ECC_SECP384R1,
-    NID_secp521r1 = ECC_SECP521R1,
-    NID_secp160k1 = ECC_SECP160K1,
-    NID_secp192k1 = ECC_SECP192K1,
-    NID_secp224k1 = ECC_SECP224K1,
-    NID_secp256k1 = ECC_SECP256K1,
-    NID_brainpoolP160r1 = ECC_BRAINPOOLP160R1,
-    NID_brainpoolP192r1 = ECC_BRAINPOOLP192R1,
-    NID_brainpoolP224r1 = ECC_BRAINPOOLP224R1,
-    NID_brainpoolP256r1 = ECC_BRAINPOOLP256R1,
-    NID_brainpoolP320r1 = ECC_BRAINPOOLP320R1,
-    NID_brainpoolP384r1 = ECC_BRAINPOOLP384R1,
-    NID_brainpoolP512r1 = ECC_BRAINPOOLP512R1,
-#endif
-
-    OPENSSL_EC_NAMED_CURVE  = 0x001
-};
-
-#ifndef WOLFSSL_EC_TYPE_DEFINED /* guard on redeclaration */
-typedef struct WOLFSSL_EC_KEY         WOLFSSL_EC_KEY;
-typedef struct WOLFSSL_EC_POINT       WOLFSSL_EC_POINT;
-typedef struct WOLFSSL_EC_GROUP       WOLFSSL_EC_GROUP;
-#define WOLFSSL_EC_TYPE_DEFINED
-#endif
-
-typedef WOLFSSL_EC_KEY                EC_KEY;
-typedef WOLFSSL_EC_GROUP              EC_GROUP;
-typedef WOLFSSL_EC_POINT              EC_POINT;
-
-struct WOLFSSL_EC_POINT {
-    WOLFSSL_BIGNUM *X;
-    WOLFSSL_BIGNUM *Y;
-    WOLFSSL_BIGNUM *Z;
-
-    void*          internal;     /* our ECC point */
-    char           inSet;        /* internal set from external ? */
-    char           exSet;        /* external set from internal ? */
-};
-
-struct WOLFSSL_EC_GROUP {
-    int curve_idx; /* index of curve, used by WolfSSL as reference */
-    int curve_nid; /* NID of curve, used by OpenSSL/OpenSSH as reference */
-    int curve_oid; /* OID of curve, used by OpenSSL/OpenSSH as reference */
-};
-
-struct WOLFSSL_EC_KEY {
-    WOLFSSL_EC_GROUP *group;
-    WOLFSSL_EC_POINT *pub_key;
-    WOLFSSL_BIGNUM *priv_key;
-
-    void*          internal;     /* our ECC Key */
-    char           inSet;        /* internal set from external ? */
-    char           exSet;        /* external set from internal ? */
-};
-
-
-#define WOLFSSL_EC_KEY_LOAD_PRIVATE 1
-#define WOLFSSL_EC_KEY_LOAD_PUBLIC  2
-
-WOLFSSL_API
-int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *curve,
-                        const WOLFSSL_EC_POINT *p,
-                        unsigned char *out, unsigned int *len);
-WOLFSSL_API
-int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len,
-                        const WOLFSSL_EC_GROUP *curve, WOLFSSL_EC_POINT *p);
-WOLFSSL_API
-int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key,
-                           const unsigned char* der, int derSz);
-WOLFSSL_API
-int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key,
-                              const unsigned char* der, int derSz, int opt);
-WOLFSSL_API
-void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key);
-WOLFSSL_API
-WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key);
-WOLFSSL_API
-const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key);
-WOLFSSL_API
-int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key,
-                                   const WOLFSSL_BIGNUM *priv_key);
-WOLFSSL_API
-WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key);
-WOLFSSL_API
-WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid);
-WOLFSSL_API
-WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void);
-WOLFSSL_API
-int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group);
-WOLFSSL_API
-int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key);
-WOLFSSL_API
-void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag);
-WOLFSSL_API
-int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
-                                  const WOLFSSL_EC_POINT *pub);
-WOLFSSL_API
-void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag);
-WOLFSSL_API
-WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid);
-WOLFSSL_API
-int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
-                         WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API
-int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group);
-WOLFSSL_API
-int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group);
-WOLFSSL_API
-int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
-                               WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API
-void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group);
-WOLFSSL_API
-WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group);
-WOLFSSL_API
-int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
-                                                const WOLFSSL_EC_POINT *p,
-                                                WOLFSSL_BIGNUM *x,
-                                                WOLFSSL_BIGNUM *y,
-                                                WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API
-int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
-                         const WOLFSSL_BIGNUM *n,
-                         const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m,
-                         WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API
-void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point);
-WOLFSSL_API
-int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
-                         const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b,
-                         WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API
-void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *point);
-WOLFSSL_API
-int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group,
-                                    const WOLFSSL_EC_POINT *a);
-
-#ifndef HAVE_SELFTEST
-WOLFSSL_API
-char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
-                                 const WOLFSSL_EC_POINT* point, int form,
-                                 WOLFSSL_BN_CTX* ctx);
-#endif
-
-#define EC_KEY_new                      wolfSSL_EC_KEY_new
-#define EC_KEY_free                     wolfSSL_EC_KEY_free
-#define EC_KEY_get0_public_key          wolfSSL_EC_KEY_get0_public_key
-#define EC_KEY_get0_group               wolfSSL_EC_KEY_get0_group
-#define EC_KEY_set_private_key          wolfSSL_EC_KEY_set_private_key
-#define EC_KEY_get0_private_key         wolfSSL_EC_KEY_get0_private_key
-#define EC_KEY_new_by_curve_name        wolfSSL_EC_KEY_new_by_curve_name
-#define EC_KEY_set_group                wolfSSL_EC_KEY_set_group
-#define EC_KEY_generate_key             wolfSSL_EC_KEY_generate_key
-#define EC_KEY_set_asn1_flag            wolfSSL_EC_KEY_set_asn1_flag
-#define EC_KEY_set_public_key           wolfSSL_EC_KEY_set_public_key
-
-#define EC_GROUP_free                   wolfSSL_EC_GROUP_free
-#define EC_GROUP_set_asn1_flag          wolfSSL_EC_GROUP_set_asn1_flag
-#define EC_GROUP_new_by_curve_name      wolfSSL_EC_GROUP_new_by_curve_name
-#define EC_GROUP_cmp                    wolfSSL_EC_GROUP_cmp
-#define EC_GROUP_get_curve_name         wolfSSL_EC_GROUP_get_curve_name
-#define EC_GROUP_get_degree             wolfSSL_EC_GROUP_get_degree
-#define EC_GROUP_get_order              wolfSSL_EC_GROUP_get_order
-
-#define EC_POINT_new                    wolfSSL_EC_POINT_new
-#define EC_POINT_free                   wolfSSL_EC_POINT_free
-#define EC_POINT_get_affine_coordinates_GFp \
-                                     wolfSSL_EC_POINT_get_affine_coordinates_GFp
-#define EC_POINT_mul                    wolfSSL_EC_POINT_mul
-#define EC_POINT_clear_free             wolfSSL_EC_POINT_clear_free
-#define EC_POINT_cmp                    wolfSSL_EC_POINT_cmp
-#define EC_POINT_is_at_infinity         wolfSSL_EC_POINT_is_at_infinity
-
-#ifndef HAVE_SELFTEST
-    #define EC_POINT_point2hex          wolfSSL_EC_POINT_point2hex
-#endif
-
-#define EC_POINT_dump                   wolfSSL_EC_POINT_dump
-
-#ifdef __cplusplus
-}  /* extern "C" */
-#endif
-
-#endif /* header */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/evp.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/evp.h
deleted file mode 100644
index 67495173..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/evp.h
+++ /dev/null
@@ -1,612 +0,0 @@
-/* evp.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-
-
-/*!
-    \file wolfssl/openssl/evp.h
-    \brief evp.h defines mini evp openssl compatibility layer
- */
-
-
-#ifndef WOLFSSL_EVP_H_
-#define WOLFSSL_EVP_H_
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef WOLFSSL_PREFIX
-#include "prefix_evp.h"
-#endif
-
-#ifndef NO_MD4
-    #include <wolfssl/openssl/md4.h>
-#endif
-#ifndef NO_MD5
-    #include <wolfssl/openssl/md5.h>
-#endif
-#include <wolfssl/openssl/sha.h>
-#include <wolfssl/openssl/ripemd.h>
-#include <wolfssl/openssl/rsa.h>
-#include <wolfssl/openssl/dsa.h>
-#include <wolfssl/openssl/ec.h>
-
-#include <wolfssl/wolfcrypt/aes.h>
-#include <wolfssl/wolfcrypt/des3.h>
-#include <wolfssl/wolfcrypt/arc4.h>
-#include <wolfssl/wolfcrypt/hmac.h>
-#ifdef HAVE_IDEA
-    #include <wolfssl/wolfcrypt/idea.h>
-#endif
-#include <wolfssl/wolfcrypt/pwdbased.h>
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-typedef char WOLFSSL_EVP_CIPHER;
-#ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */
-typedef char   WOLFSSL_EVP_MD;
-typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY;
-#define WOLFSSL_EVP_TYPE_DEFINED
-#endif
-
-typedef WOLFSSL_EVP_PKEY       EVP_PKEY;
-typedef WOLFSSL_EVP_PKEY       PKCS8_PRIV_KEY_INFO;
-
-#ifndef NO_MD4
-    WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void);
-#endif
-#ifndef NO_MD5
-    WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void);
-#endif
-WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void);
-WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void);
-WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void);
-WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void);
-WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void);
-WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void);
-
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void);
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void);
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void);
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void);
-#if !defined(NO_AES) && defined(HAVE_AES_CBC)
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void);
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void);
-#endif
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void);
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void);
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void);
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ecb(void);
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void);
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void);
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void);
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void);
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_idea_cbc(void);
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void);
-
-
-typedef union {
-    #ifndef NO_MD4
-        WOLFSSL_MD4_CTX    md4;
-    #endif
-    #ifndef NO_MD5
-        WOLFSSL_MD5_CTX    md5;
-    #endif
-    WOLFSSL_SHA_CTX    sha;
-    #ifdef WOLFSSL_SHA224
-        WOLFSSL_SHA224_CTX sha224;
-    #endif
-    WOLFSSL_SHA256_CTX sha256;
-    #ifdef WOLFSSL_SHA384
-        WOLFSSL_SHA384_CTX sha384;
-    #endif
-    #ifdef WOLFSSL_SHA512
-        WOLFSSL_SHA512_CTX sha512;
-    #endif
-    #ifdef WOLFSSL_RIPEMD
-        WOLFSSL_RIPEMD_CTX ripemd;
-    #endif
-} WOLFSSL_Hasher;
-
-typedef struct WOLFSSL_EVP_PKEY_CTX WOLFSSL_EVP_PKEY_CTX;
-
-typedef struct WOLFSSL_EVP_MD_CTX {
-    union {
-        WOLFSSL_Hasher digest;
-        Hmac hmac;
-    } hash;
-    unsigned char macType;
-    WOLFSSL_EVP_PKEY_CTX *pctx;
-} WOLFSSL_EVP_MD_CTX;
-
-
-typedef union {
-#ifndef NO_AES
-    Aes  aes;
-#endif
-#ifndef NO_DES3
-    Des  des;
-    Des3 des3;
-#endif
-    Arc4 arc4;
-#ifdef HAVE_IDEA
-    Idea idea;
-#endif
-} WOLFSSL_Cipher;
-
-
-enum {
-    AES_128_CBC_TYPE  = 1,
-    AES_192_CBC_TYPE  = 2,
-    AES_256_CBC_TYPE  = 3,
-    AES_128_CTR_TYPE  = 4,
-    AES_192_CTR_TYPE  = 5,
-    AES_256_CTR_TYPE  = 6,
-    AES_128_ECB_TYPE  = 7,
-    AES_192_ECB_TYPE  = 8,
-    AES_256_ECB_TYPE  = 9,
-    DES_CBC_TYPE      = 10,
-    DES_ECB_TYPE      = 11,
-    DES_EDE3_CBC_TYPE = 12,
-    DES_EDE3_ECB_TYPE = 13,
-    ARC4_TYPE         = 14,
-    NULL_CIPHER_TYPE  = 15,
-    EVP_PKEY_RSA      = 16,
-    EVP_PKEY_DSA      = 17,
-    EVP_PKEY_EC       = 18,
-#ifdef HAVE_IDEA
-    IDEA_CBC_TYPE     = 19,
-#endif
-    NID_sha1          = 64,
-    NID_sha224        = 65,
-    NID_md2           = 77,
-    NID_md5           =  4,
-    NID_hmac          = 855,
-    EVP_PKEY_HMAC     = NID_hmac
-};
-
-enum {
-    NID_aes_128_cbc = 419,
-    NID_aes_192_cbc = 423,
-    NID_aes_256_cbc = 427,
-    NID_aes_128_ctr = 904,
-    NID_aes_192_ctr = 905,
-    NID_aes_256_ctr = 906,
-    NID_aes_128_ecb = 418,
-    NID_aes_192_ecb = 422,
-    NID_aes_256_ecb = 426,
-    NID_des_cbc     =  31,
-    NID_des_ecb     =  29,
-    NID_des_ede3_cbc=  44,
-    NID_des_ede3_ecb=  33,
-    NID_idea_cbc    =  34,
-};
-
-#define WOLFSSL_EVP_BUF_SIZE 16
-typedef struct WOLFSSL_EVP_CIPHER_CTX {
-    int            keyLen;         /* user may set for variable */
-    int            block_size;
-    unsigned long  flags;
-    unsigned char  enc;            /* if encrypt side, then true */
-    unsigned char  cipherType;
-#ifndef NO_AES
-    /* working iv pointer into cipher */
-    ALIGN16 unsigned char  iv[AES_BLOCK_SIZE];
-#elif !defined(NO_DES3)
-    /* working iv pointer into cipher */
-    ALIGN16 unsigned char  iv[DES_BLOCK_SIZE];
-#endif
-    WOLFSSL_Cipher  cipher;
-    ALIGN16 byte buf[WOLFSSL_EVP_BUF_SIZE];
-    int  bufUsed;
-    ALIGN16 byte lastBlock[WOLFSSL_EVP_BUF_SIZE];
-    int  lastUsed;
-} WOLFSSL_EVP_CIPHER_CTX;
-
-struct  WOLFSSL_EVP_PKEY_CTX {
-    WOLFSSL_EVP_PKEY *pkey;
-    int op; /* operation */
-    int padding;
-};
-
-typedef int WOLFSSL_ENGINE  ;
-typedef WOLFSSL_ENGINE ENGINE;
-typedef WOLFSSL_EVP_PKEY_CTX EVP_PKEY_CTX;
-
-#define EVP_PKEY_OP_ENCRYPT (1 << 6)
-#define EVP_PKEY_OP_DECRYPT (1 << 7)
-
-WOLFSSL_API void wolfSSL_EVP_init(void);
-WOLFSSL_API int  wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* md);
-WOLFSSL_API int  wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md);
-
-WOLFSSL_API WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new (void);
-WOLFSSL_API void                wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX* ctx);
-WOLFSSL_API void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx);
-WOLFSSL_API int  wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx);
-WOLFSSL_API int  wolfSSL_EVP_MD_CTX_copy(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in);
-WOLFSSL_API int  wolfSSL_EVP_MD_CTX_copy_ex(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in);
-WOLFSSL_API int  wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx);
-WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx);
-WOLFSSL_API const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name);
-WOLFSSL_API const WOLFSSL_EVP_MD     *wolfSSL_EVP_get_digestbyname(const char *name);
-
-WOLFSSL_API int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx,
-                                     const WOLFSSL_EVP_MD* type);
-WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
-                                     const WOLFSSL_EVP_MD* type,
-                                     WOLFSSL_ENGINE *impl);
-WOLFSSL_API int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data,
-                                       size_t sz);
-WOLFSSL_API int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
-                                      unsigned int* s);
-WOLFSSL_API int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx,
-                                            unsigned char* md, unsigned int* s);
-
-WOLFSSL_API int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx,
-                                           WOLFSSL_EVP_PKEY_CTX **pctx,
-                                           const WOLFSSL_EVP_MD *type,
-                                           WOLFSSL_ENGINE *e,
-                                           WOLFSSL_EVP_PKEY *pkey);
-WOLFSSL_API int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx,
-                                             const void *d, unsigned int cnt);
-WOLFSSL_API int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx,
-                                            unsigned char *sig, size_t *siglen);
-
-WOLFSSL_API int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx,
-                                             WOLFSSL_EVP_PKEY_CTX **pctx,
-                                             const WOLFSSL_EVP_MD *type,
-                                             WOLFSSL_ENGINE *e,
-                                             WOLFSSL_EVP_PKEY *pkey);
-WOLFSSL_API int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx,
-                                               const void *d, size_t cnt);
-WOLFSSL_API int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
-                                              const unsigned char *sig,
-                                              size_t siglen);
-
-
-WOLFSSL_API int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER*,
-                              const WOLFSSL_EVP_MD*, const unsigned char*,
-                              const unsigned char*, int, int, unsigned char*,
-                              unsigned char*);
-
-WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx);
-WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx);
-
-WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX*);
-WOLFSSL_API int  wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER*);
-WOLFSSL_API int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c);
-
-
-WOLFSSL_API int  wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
-                                    const WOLFSSL_EVP_CIPHER* type,
-                                    const unsigned char* key,
-                                    const unsigned char* iv,
-                                    int enc);
-WOLFSSL_API int  wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
-                                    const WOLFSSL_EVP_CIPHER* type,
-                                    WOLFSSL_ENGINE *impl,
-                                    const unsigned char* key,
-                                    const unsigned char* iv,
-                                    int enc);
-WOLFSSL_API int  wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
-                                    const WOLFSSL_EVP_CIPHER* type,
-                                    const unsigned char* key,
-                                    const unsigned char* iv);
-WOLFSSL_API int  wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
-                                    const WOLFSSL_EVP_CIPHER* type,
-                                    WOLFSSL_ENGINE *impl,
-                                    const unsigned char* key,
-                                    const unsigned char* iv);
-WOLFSSL_API int  wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
-                                    const WOLFSSL_EVP_CIPHER* type,
-                                    const unsigned char* key,
-                                    const unsigned char* iv);
-WOLFSSL_API int  wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
-                                    const WOLFSSL_EVP_CIPHER* type,
-                                    WOLFSSL_ENGINE *impl,
-                                    const unsigned char* key,
-                                    const unsigned char* iv);
-WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
-                                   unsigned char *out, int *outl,
-                                   const unsigned char *in, int inl);
-WOLFSSL_API int  wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
-                                   unsigned char *out, int *outl);
-WOLFSSL_API int  wolfSSL_EVP_CipherFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
-                                   unsigned char *out, int *outl, int enc);
-WOLFSSL_API int  wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
-                                   unsigned char *out, int *outl);
-WOLFSSL_API int  wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
-                                   unsigned char *out, int *outl);
-WOLFSSL_API int  wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
-                                   unsigned char *out, int *outl);
-WOLFSSL_API int  wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
-                                   unsigned char *out, int *outl);
-
-WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void);
-WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx);
-WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx);
-WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
-                                                     int keylen);
-WOLFSSL_API int  wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx,
-                          unsigned char* dst, unsigned char* src,
-                          unsigned int len);
-
-WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_get_cipherbynid(int);
-WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int);
-
-WOLFSSL_API int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey,
-                                            WOLFSSL_RSA* key);
-WOLFSSL_API int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey,
-                                               WOLFSSL_EC_KEY* key);
-WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*);
-WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*);
-WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key);
-WOLFSSL_API int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key);
-
-WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e,
-                                          const unsigned char* key, int keylen);
-WOLFSSL_API const unsigned char* wolfSSL_EVP_PKEY_get0_hmac(const WOLFSSL_EVP_PKEY* pkey,
-        size_t* len);
-WOLFSSL_API int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey);
-WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx);
-WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_ENGINE *e);
-WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, int padding);
-WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
-                     unsigned char *out, size_t *outlen,
-                     const unsigned char *in, size_t inlen);
-WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx);
-WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
-                     unsigned char *out, size_t *outlen,
-                     const unsigned char *in, size_t inlen);
-WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx);
-WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_EVP_PKEY_new(void);
-WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*);
-WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey);
-WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type);
-WOLFSSL_API int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey);
-WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey);
-WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
-                  unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey);
-WOLFSSL_API int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type);
-WOLFSSL_API int wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len);
-WOLFSSL_API int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
-        unsigned char* sig, unsigned int sig_len, WOLFSSL_EVP_PKEY *pkey);
-WOLFSSL_API int wolfSSL_EVP_VerifyInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type);
-WOLFSSL_API int wolfSSL_EVP_VerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len);
-
-
-/* these next ones don't need real OpenSSL type, for OpenSSH compat only */
-WOLFSSL_API void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx);
-WOLFSSL_API int   wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx);
-
-WOLFSSL_API void  wolfSSL_3des_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
-                                unsigned char* iv, int len);
-WOLFSSL_API void  wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
-                                unsigned char* iv, int len);
-
-WOLFSSL_API int  wolfSSL_StoreExternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx);
-WOLFSSL_API int  wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx);
-
-WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx);
-WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher);
-WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher);
-WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher);
-WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher);
-WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags);
-WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags);
-WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_CTX_mode(const WOLFSSL_EVP_CIPHER_CTX *ctx);
-WOLFSSL_API int  wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad);
-WOLFSSL_API int  wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest);
-WOLFSSL_API int  wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher);
-WOLFSSL_API void wolfSSL_EVP_cleanup(void);
-WOLFSSL_API int  wolfSSL_add_all_algorithms(void);
-WOLFSSL_API int  wolfSSL_OpenSSL_add_all_algorithms_noconf(void);
-
-WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char * pass, int passlen,
-                                               const unsigned char * salt,
-                                               int saltlen, int iter,
-                                               int keylen, unsigned char *out);
-
-#define EVP_CIPH_STREAM_CIPHER WOLFSSL_EVP_CIPH_STREAM_CIPHER
-#define EVP_CIPH_ECB_MODE WOLFSSL_EVP_CIPH_ECB_MODE
-#define EVP_CIPH_CBC_MODE WOLFSSL_EVP_CIPH_CBC_MODE
-#define EVP_CIPH_CFB_MODE WOLFSSL_EVP_CIPH_CFB_MODE
-#define EVP_CIPH_OFB_MODE WOLFSSL_EVP_CIPH_OFB_MODE
-#define EVP_CIPH_CTR_MODE WOLFSSL_EVP_CIPH_CTR_MODE
-#define EVP_CIPH_GCM_MODE WOLFSSL_EVP_CIPH_GCM_MODE
-#define EVP_CIPH_CCM_MODE WOLFSSL_EVP_CIPH_CCM_MODE
-
-#define WOLFSSL_EVP_CIPH_MODE           0x0007
-#define WOLFSSL_EVP_CIPH_STREAM_CIPHER      0x0
-#define WOLFSSL_EVP_CIPH_ECB_MODE           0x1
-#define WOLFSSL_EVP_CIPH_CBC_MODE           0x2
-#define WOLFSSL_EVP_CIPH_CFB_MODE           0x3
-#define WOLFSSL_EVP_CIPH_OFB_MODE           0x4
-#define WOLFSSL_EVP_CIPH_CTR_MODE           0x5
-#define WOLFSSL_EVP_CIPH_GCM_MODE           0x6
-#define WOLFSSL_EVP_CIPH_CCM_MODE           0x7
-#define WOLFSSL_EVP_CIPH_NO_PADDING       0x100
-#define WOLFSSL_EVP_CIPH_TYPE_INIT         0xff
-
-/* end OpenSSH compat */
-
-typedef WOLFSSL_EVP_MD         EVP_MD;
-typedef WOLFSSL_EVP_CIPHER     EVP_CIPHER;
-typedef WOLFSSL_EVP_MD_CTX     EVP_MD_CTX;
-typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
-
-#ifndef NO_MD4
-    #define EVP_md4       wolfSSL_EVP_md4
-#endif
-#ifndef NO_MD5
-    #define EVP_md5       wolfSSL_EVP_md5
-#endif
-#define EVP_sha1      wolfSSL_EVP_sha1
-#define EVP_dds1      wolfSSL_EVP_sha1
-#define EVP_sha224    wolfSSL_EVP_sha224
-#define EVP_sha256    wolfSSL_EVP_sha256
-#define EVP_sha384    wolfSSL_EVP_sha384
-#define EVP_sha512    wolfSSL_EVP_sha512
-#define EVP_ripemd160 wolfSSL_EVP_ripemd160
-
-#define EVP_aes_128_cbc  wolfSSL_EVP_aes_128_cbc
-#define EVP_aes_192_cbc  wolfSSL_EVP_aes_192_cbc
-#define EVP_aes_256_cbc  wolfSSL_EVP_aes_256_cbc
-#define EVP_aes_128_ecb  wolfSSL_EVP_aes_128_ecb
-#define EVP_aes_192_ecb  wolfSSL_EVP_aes_192_ecb
-#define EVP_aes_256_ecb  wolfSSL_EVP_aes_256_ecb
-#define EVP_aes_128_ctr  wolfSSL_EVP_aes_128_ctr
-#define EVP_aes_192_ctr  wolfSSL_EVP_aes_192_ctr
-#define EVP_aes_256_ctr  wolfSSL_EVP_aes_256_ctr
-#define EVP_des_cbc      wolfSSL_EVP_des_cbc
-#define EVP_des_ecb      wolfSSL_EVP_des_ecb
-#define EVP_des_ede3_cbc wolfSSL_EVP_des_ede3_cbc
-#define EVP_des_ede3_ecb wolfSSL_EVP_des_ede3_ecb
-#define EVP_rc4          wolfSSL_EVP_rc4
-#define EVP_idea_cbc     wolfSSL_EVP_idea_cbc
-#define EVP_enc_null     wolfSSL_EVP_enc_null
-
-#define EVP_MD_size        wolfSSL_EVP_MD_size
-#define EVP_MD_CTX_new     wolfSSL_EVP_MD_CTX_new
-#define EVP_MD_CTX_create  wolfSSL_EVP_MD_CTX_new
-#define EVP_MD_CTX_free    wolfSSL_EVP_MD_CTX_free
-#define EVP_MD_CTX_destroy wolfSSL_EVP_MD_CTX_free
-#define EVP_MD_CTX_init    wolfSSL_EVP_MD_CTX_init
-#define EVP_MD_CTX_cleanup wolfSSL_EVP_MD_CTX_cleanup
-#define EVP_MD_CTX_md      wolfSSL_EVP_MD_CTX_md
-#define EVP_MD_CTX_type    wolfSSL_EVP_MD_CTX_type
-#define EVP_MD_type        wolfSSL_EVP_MD_type
-
-#define EVP_DigestInit         wolfSSL_EVP_DigestInit
-#define EVP_DigestInit_ex      wolfSSL_EVP_DigestInit_ex
-#define EVP_DigestUpdate       wolfSSL_EVP_DigestUpdate
-#define EVP_DigestFinal        wolfSSL_EVP_DigestFinal
-#define EVP_DigestFinal_ex     wolfSSL_EVP_DigestFinal_ex
-#define EVP_DigestSignInit     wolfSSL_EVP_DigestSignInit
-#define EVP_DigestSignUpdate   wolfSSL_EVP_DigestSignUpdate
-#define EVP_DigestSignFinal    wolfSSL_EVP_DigestSignFinal
-#define EVP_DigestVerifyInit   wolfSSL_EVP_DigestVerifyInit
-#define EVP_DigestVerifyUpdate wolfSSL_EVP_DigestVerifyUpdate
-#define EVP_DigestVerifyFinal  wolfSSL_EVP_DigestVerifyFinal
-#define EVP_BytesToKey         wolfSSL_EVP_BytesToKey
-
-#define EVP_get_cipherbyname wolfSSL_EVP_get_cipherbyname
-#define EVP_get_digestbyname wolfSSL_EVP_get_digestbyname
-
-#define EVP_CIPHER_CTX_init           wolfSSL_EVP_CIPHER_CTX_init
-#define EVP_CIPHER_CTX_cleanup        wolfSSL_EVP_CIPHER_CTX_cleanup
-#define EVP_CIPHER_CTX_iv_length      wolfSSL_EVP_CIPHER_CTX_iv_length
-#define EVP_CIPHER_CTX_key_length     wolfSSL_EVP_CIPHER_CTX_key_length
-#define EVP_CIPHER_CTX_set_key_length wolfSSL_EVP_CIPHER_CTX_set_key_length
-#define EVP_CIPHER_CTX_mode           wolfSSL_EVP_CIPHER_CTX_mode
-
-#define EVP_CIPHER_iv_length          wolfSSL_EVP_CIPHER_iv_length
-#define EVP_CIPHER_key_length         wolfSSL_EVP_Cipher_key_length
-
-#define EVP_CipherInit                wolfSSL_EVP_CipherInit
-#define EVP_CipherInit_ex             wolfSSL_EVP_CipherInit_ex
-#define EVP_EncryptInit               wolfSSL_EVP_EncryptInit
-#define EVP_EncryptInit_ex            wolfSSL_EVP_EncryptInit_ex
-#define EVP_DecryptInit               wolfSSL_EVP_DecryptInit
-#define EVP_DecryptInit_ex            wolfSSL_EVP_DecryptInit_ex
-
-#define EVP_Cipher                    wolfSSL_EVP_Cipher
-#define EVP_CipherUpdate              wolfSSL_EVP_CipherUpdate
-#define EVP_EncryptUpdate             wolfSSL_EVP_CipherUpdate
-#define EVP_DecryptUpdate             wolfSSL_EVP_CipherUpdate
-#define EVP_CipherFinal               wolfSSL_EVP_CipherFinal
-#define EVP_CipherFinal_ex            wolfSSL_EVP_CipherFinal
-#define EVP_EncryptFinal              wolfSSL_EVP_CipherFinal
-#define EVP_EncryptFinal_ex           wolfSSL_EVP_CipherFinal
-#define EVP_DecryptFinal              wolfSSL_EVP_CipherFinal
-#define EVP_DecryptFinal_ex           wolfSSL_EVP_CipherFinal
-
-#define EVP_CIPHER_CTX_free           wolfSSL_EVP_CIPHER_CTX_free
-#define EVP_CIPHER_CTX_new            wolfSSL_EVP_CIPHER_CTX_new
-
-#define EVP_get_cipherbynid           wolfSSL_EVP_get_cipherbynid
-#define EVP_get_digestbynid           wolfSSL_EVP_get_digestbynid
-#define EVP_get_cipherbyname          wolfSSL_EVP_get_cipherbyname
-#define EVP_get_digestbyname          wolfSSL_EVP_get_digestbyname
-
-#define EVP_PKEY_asign_RSA             wolfSSL_EVP_PKEY_assign_RSA
-#define EVP_PKEY_asign_EC_KEY          wolfSSL_EVP_PKEY_assign_EC_KEY
-#define EVP_PKEY_get1_DSA              wolfSSL_EVP_PKEY_get1_DSA
-#define EVP_PKEY_get1_RSA              wolfSSL_EVP_PKEY_get1_RSA
-#define EVP_PKEY_get1_DSA              wolfSSL_EVP_PKEY_get1_DSA
-#define EVP_PKEY_set1_RSA              wolfSSL_EVP_PKEY_set1_RSA
-#define EVP_PKEY_get1_EC_KEY           wolfSSL_EVP_PKEY_get1_EC_KEY
-#define EVP_PKEY_get0_hmac             wolfSSL_EVP_PKEY_get0_hmac
-#define EVP_PKEY_new_mac_key           wolfSSL_EVP_PKEY_new_mac_key
-#define EVP_MD_CTX_copy                wolfSSL_EVP_MD_CTX_copy
-#define EVP_MD_CTX_copy_ex             wolfSSL_EVP_MD_CTX_copy_ex
-#define EVP_PKEY_bits                  wolfSSL_EVP_PKEY_bits
-#define EVP_PKEY_CTX_free              wolfSSL_EVP_PKEY_CTX_free
-#define EVP_PKEY_CTX_new               wolfSSL_EVP_PKEY_CTX_new
-#define EVP_PKEY_CTX_set_rsa_padding   wolfSSL_EVP_PKEY_CTX_set_rsa_padding
-#define EVP_PKEY_decrypt               wolfSSL_EVP_PKEY_decrypt
-#define EVP_PKEY_decrypt_init          wolfSSL_EVP_PKEY_decrypt_init
-#define EVP_PKEY_encrypt               wolfSSL_EVP_PKEY_encrypt
-#define EVP_PKEY_encrypt_init          wolfSSL_EVP_PKEY_encrypt_init
-#define EVP_PKEY_new                   wolfSSL_PKEY_new
-#define EVP_PKEY_free                  wolfSSL_EVP_PKEY_free
-#define EVP_PKEY_size                  wolfSSL_EVP_PKEY_size
-#define EVP_PKEY_type                  wolfSSL_EVP_PKEY_type
-#define EVP_PKEY_base_id               wolfSSL_EVP_PKEY_base_id
-#define EVP_PKEY_id                    wolfSSL_EVP_PKEY_id
-#define EVP_SignFinal                  wolfSSL_EVP_SignFinal
-#define EVP_SignInit                   wolfSSL_EVP_SignInit
-#define EVP_SignUpdate                 wolfSSL_EVP_SignUpdate
-#define EVP_VerifyFinal                wolfSSL_EVP_VerifyFinal
-#define EVP_VerifyInit                 wolfSSL_EVP_VerifyInit
-#define EVP_VerifyUpdate               wolfSSL_EVP_VerifyUpdate
-
-#define EVP_CIPHER_CTX_block_size  wolfSSL_EVP_CIPHER_CTX_block_size
-#define EVP_CIPHER_block_size      wolfSSL_EVP_CIPHER_block_size
-#define EVP_CIPHER_flags           wolfSSL_EVP_CIPHER_flags
-#define EVP_CIPHER_CTX_set_flags   wolfSSL_EVP_CIPHER_CTX_set_flags
-#define EVP_CIPHER_CTX_clear_flags wolfSSL_EVP_CIPHER_CTX_clear_flags
-#define EVP_CIPHER_CTX_set_padding wolfSSL_EVP_CIPHER_CTX_set_padding
-#define EVP_CIPHER_CTX_flags       wolfSSL_EVP_CIPHER_CTX_flags
-#define EVP_add_digest             wolfSSL_EVP_add_digest
-#define EVP_add_cipher             wolfSSL_EVP_add_cipher
-#define EVP_cleanup                wolfSSL_EVP_cleanup
-
-#define OpenSSL_add_all_digests()  wolfCrypt_Init()
-#define OpenSSL_add_all_ciphers()  wolfCrypt_Init()
-#define OpenSSL_add_all_algorithms wolfSSL_add_all_algorithms
-#define OpenSSL_add_all_algorithms_noconf wolfSSL_OpenSSL_add_all_algorithms_noconf
-#define wolfSSL_OPENSSL_add_all_algorithms_noconf wolfSSL_OpenSSL_add_all_algorithms_noconf
-
-#define PKCS5_PBKDF2_HMAC_SHA1     wolfSSL_PKCS5_PBKDF2_HMAC_SHA1
-
-#ifndef EVP_MAX_MD_SIZE
-    #define EVP_MAX_MD_SIZE   64     /* sha512 */
-#endif
-
-#ifndef EVP_MAX_BLOCK_LENGTH
-    #define EVP_MAX_BLOCK_LENGTH   32  /* 2 * blocklen(AES)? */
-    /* They define this as 32. Using the same value here. */
-#endif
-
-WOLFSSL_API void printPKEY(WOLFSSL_EVP_PKEY *k);
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-
-#endif /* WOLFSSL_EVP_H_ */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/hmac.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/hmac.h
deleted file mode 100644
index 31702f7c..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/hmac.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/* hmac.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-
-
-/*  hmac.h defines mini hamc openssl compatibility layer
- *
- */
-
-
-#ifndef WOLFSSL_HMAC_H_
-#define WOLFSSL_HMAC_H_
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef WOLFSSL_PREFIX
-#include "prefix_hmac.h"
-#endif
-
-#include <wolfssl/openssl/evp.h>
-#include <wolfssl/openssl/opensslv.h>
-#include <wolfssl/wolfcrypt/hmac.h>
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-WOLFSSL_API unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md,
-                               const void* key, int key_len,
-                               const unsigned char* d, int n, unsigned char* md,
-                               unsigned int* md_len);
-
-
-typedef struct WOLFSSL_HMAC_CTX {
-    Hmac hmac;
-    int  type;
-    word32  save_ipad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];  /* same block size all*/
-    word32  save_opad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];
-} WOLFSSL_HMAC_CTX;
-
-
-WOLFSSL_API int wolfSSL_HMAC_CTX_Init(WOLFSSL_HMAC_CTX* ctx);
-WOLFSSL_API int wolfSSL_HMAC_CTX_copy(WOLFSSL_HMAC_CTX* des,
-                                       WOLFSSL_HMAC_CTX* src);
-WOLFSSL_LOCAL int wolfSSL_HmacCopy(Hmac* des, Hmac* src);
-WOLFSSL_API int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key,
-                                 int keylen, const EVP_MD* type);
-WOLFSSL_API int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key,
-                             int keylen, const EVP_MD* type, WOLFSSL_ENGINE* e);
-WOLFSSL_API int wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx,
-                                   const unsigned char* data, int len);
-WOLFSSL_API int wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash,
-                                  unsigned int* len);
-WOLFSSL_API int wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx);
-
-typedef struct WOLFSSL_HMAC_CTX HMAC_CTX;
-
-#define HMAC(a,b,c,d,e,f,g) wolfSSL_HMAC((a),(b),(c),(d),(e),(f),(g))
-
-#define HMAC_CTX_init wolfSSL_HMAC_CTX_Init
-#define HMAC_CTX_copy wolfSSL_HMAC_CTX_copy
-#define HMAC_Init_ex  wolfSSL_HMAC_Init_ex
-#define HMAC_Init     wolfSSL_HMAC_Init
-#define HMAC_Update   wolfSSL_HMAC_Update
-#define HMAC_Final    wolfSSL_HMAC_Final
-#define HMAC_cleanup  wolfSSL_HMAC_cleanup
-
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-
-#endif /* WOLFSSL_HMAC_H_ */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/md5.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/md5.h
deleted file mode 100644
index 8eab49a1..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/md5.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/* md5.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/* md5.h for openssl */
-
-
-#ifndef WOLFSSL_MD5_H_
-#define WOLFSSL_MD5_H_
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_MD5
-
-#include <wolfssl/wolfcrypt/hash.h>
-
-#ifdef WOLFSSL_PREFIX
-#include "prefix_md5.h"
-#endif
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-typedef struct WOLFSSL_MD5_CTX {
-    void* holder[(112 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];   /* big enough to hold wolfcrypt md5, but check on init */
-} WOLFSSL_MD5_CTX;
-
-WOLFSSL_API int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX*);
-WOLFSSL_API int wolfSSL_MD5_Update(WOLFSSL_MD5_CTX*, const void*, unsigned long);
-WOLFSSL_API int wolfSSL_MD5_Final(unsigned char*, WOLFSSL_MD5_CTX*);
-
-
-typedef WOLFSSL_MD5_CTX MD5_CTX;
-
-#define MD5_Init wolfSSL_MD5_Init
-#define MD5_Update wolfSSL_MD5_Update
-#define MD5_Final wolfSSL_MD5_Final
-
-#ifdef OPENSSL_EXTRA_BSD
-    #define MD5Init wolfSSL_MD5_Init
-    #define MD5Update wolfSSL_MD5_Update
-    #define MD5Final wolfSSL_MD5_Final
-#endif
-
-#ifndef MD5
-#define MD5(d, n, md) wc_Md5Hash((d), (n), (md))
-#endif
-
-#define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE
-
-#ifdef __cplusplus
-    }  /* extern "C" */
-#endif
-
-#endif /* NO_MD5 */
-
-#endif /* WOLFSSL_MD5_H_ */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/opensslv.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/opensslv.h
deleted file mode 100644
index 9955bf38..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/opensslv.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/* opensslv.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/* opensslv.h compatibility */
-
-#ifndef WOLFSSL_OPENSSLV_H_
-#define WOLFSSL_OPENSSLV_H_
-
-
-/* api version compatibility */
-#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || \
-    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
-     /* version number can be increased for Lighty after compatibility for ECDH
-        is added */
-     #define OPENSSL_VERSION_NUMBER 0x10001000L
-#else
-     #define OPENSSL_VERSION_NUMBER 0x0090810fL
-#endif
-
-#define OPENSSL_VERSION_TEXT             LIBWOLFSSL_VERSION_STRING
-
-
-#endif /* header */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ripemd.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ripemd.h
deleted file mode 100644
index 22dfcc57..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ripemd.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/* ripemd.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/* ripemd.h for openssl */
-
-
-#ifndef WOLFSSL_RIPEMD_H_
-#define WOLFSSL_RIPEMD_H_
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-typedef struct WOLFSSL_RIPEMD_CTX {
-    int holder[32];   /* big enough to hold wolfcrypt, but check on init */
-} WOLFSSL_RIPEMD_CTX;
-
-WOLFSSL_API void wolfSSL_RIPEMD_Init(WOLFSSL_RIPEMD_CTX*);
-WOLFSSL_API void wolfSSL_RIPEMD_Update(WOLFSSL_RIPEMD_CTX*, const void*,
-                                     unsigned long);
-WOLFSSL_API void wolfSSL_RIPEMD_Final(unsigned char*, WOLFSSL_RIPEMD_CTX*);
-
-
-typedef WOLFSSL_RIPEMD_CTX RIPEMD_CTX;
-
-#define RIPEMD_Init   wolfSSL_RIPEMD_Init
-#define RIPEMD_Update wolfSSL_RIPEMD_Update
-#define RIPEMD_Final  wolfSSL_RIPEMD_Final
-
-
-#ifdef __cplusplus
-    }  /* extern "C" */ 
-#endif
-
-
-#endif /* WOLFSSL_MD5_H_ */
-
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/rsa.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/rsa.h
deleted file mode 100644
index 1b406e50..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/rsa.h
+++ /dev/null
@@ -1,113 +0,0 @@
-/* rsa.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/* rsa.h for openSSL */
-
-
-#ifndef WOLFSSL_RSA_H_
-#define WOLFSSL_RSA_H_
-
-#include <wolfssl/openssl/bn.h>
-
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-/* Padding types */
-#define RSA_PKCS1_PADDING      0
-#define RSA_PKCS1_OAEP_PADDING 1
-
-#ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
-typedef struct WOLFSSL_RSA            WOLFSSL_RSA;
-#define WOLFSSL_RSA_TYPE_DEFINED
-#endif
-
-typedef WOLFSSL_RSA                   RSA;
-
-struct WOLFSSL_RSA {
-#ifdef WC_RSA_BLINDING
-    WC_RNG* rng;              /* for PrivateDecrypt blinding */
-#endif
-	WOLFSSL_BIGNUM* n;
-	WOLFSSL_BIGNUM* e;
-	WOLFSSL_BIGNUM* d;
-	WOLFSSL_BIGNUM* p;
-	WOLFSSL_BIGNUM* q;
-	WOLFSSL_BIGNUM* dmp1;      /* dP */
-	WOLFSSL_BIGNUM* dmq1;      /* dQ */
-	WOLFSSL_BIGNUM* iqmp;      /* u */
-    void*          heap;
-    void*          internal;  /* our RSA */
-    char           inSet;     /* internal set from external ? */
-    char           exSet;     /* external set from internal ? */
-    char           ownRng;    /* flag for if the rng should be free'd */
-};
-
-
-WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new(void);
-WOLFSSL_API void        wolfSSL_RSA_free(WOLFSSL_RSA*);
-
-WOLFSSL_API int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA*, int bits, WOLFSSL_BIGNUM*,
-                                          void* cb);
-
-WOLFSSL_API int wolfSSL_RSA_blinding_on(WOLFSSL_RSA*, WOLFSSL_BN_CTX*);
-WOLFSSL_API int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr,
-	                               unsigned char* to, WOLFSSL_RSA*, int padding);
-WOLFSSL_API int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr,
-	                               unsigned char* to, WOLFSSL_RSA*, int padding);
-WOLFSSL_API int wolfSSL_RSA_private_encrypt(int len, unsigned char* in,
-                            unsigned char* out, WOLFSSL_RSA* rsa, int padding);
-
-WOLFSSL_API int wolfSSL_RSA_size(const WOLFSSL_RSA*);
-WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m,
-                               unsigned int mLen, unsigned char* sigRet,
-                               unsigned int* sigLen, WOLFSSL_RSA*);
-WOLFSSL_API int wolfSSL_RSA_sign_ex(int type, const unsigned char* m,
-                               unsigned int mLen, unsigned char* sigRet,
-                               unsigned int* sigLen, WOLFSSL_RSA*, int);
-WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m,
-                               unsigned int mLen, const unsigned char* sig,
-                               unsigned int sigLen, WOLFSSL_RSA*);
-WOLFSSL_API int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from,
-                                  unsigned char* to, WOLFSSL_RSA*, int padding);
-WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA*);
-WOLFSSL_API int wolfSSL_RSA_LoadDer(WOLFSSL_RSA*, const unsigned char*, int sz);
-WOLFSSL_API int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA*, const unsigned char*, int sz, int opt);
-
-#define WOLFSSL_RSA_LOAD_PRIVATE 1
-#define WOLFSSL_RSA_LOAD_PUBLIC  2
-#define WOLFSSL_RSA_F4           0x10001L
-
-#define RSA_new  wolfSSL_RSA_new
-#define RSA_free wolfSSL_RSA_free
-
-#define RSA_generate_key_ex wolfSSL_RSA_generate_key_ex
-
-#define RSA_blinding_on     wolfSSL_RSA_blinding_on
-#define RSA_public_encrypt  wolfSSL_RSA_public_encrypt
-#define RSA_private_decrypt wolfSSL_RSA_private_decrypt
-#define RSA_private_encrypt wolfSSL_RSA_private_encrypt
-
-#define RSA_size           wolfSSL_RSA_size
-#define RSA_sign           wolfSSL_RSA_sign
-#define RSA_verify          wolfSSL_RSA_verify
-#define RSA_public_decrypt wolfSSL_RSA_public_decrypt
-
-#define RSA_F4             WOLFSSL_RSA_F4
-
-#ifdef __cplusplus
-    }  /* extern "C" */
-#endif
-
-#endif /* header */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/sha.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/sha.h
deleted file mode 100644
index 63bd5e72..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/sha.h
+++ /dev/null
@@ -1,188 +0,0 @@
-/* sha.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/* sha.h for openssl */
-
-
-#ifndef WOLFSSL_SHA_H_
-#define WOLFSSL_SHA_H_
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef WOLFSSL_PREFIX
-#include "prefix_sha.h"
-#endif
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-typedef struct WOLFSSL_SHA_CTX {
-    /* big enough to hold wolfcrypt Sha, but check on init */
-    void* holder[(112 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
-} WOLFSSL_SHA_CTX;
-
-WOLFSSL_API int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX*);
-WOLFSSL_API int wolfSSL_SHA_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
-WOLFSSL_API int wolfSSL_SHA_Final(unsigned char*, WOLFSSL_SHA_CTX*);
-
-/* SHA1 points to above, shouldn't use SHA0 ever */
-WOLFSSL_API int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX*);
-WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long);
-WOLFSSL_API int wolfSSL_SHA1_Final(unsigned char*, WOLFSSL_SHA_CTX*);
-
-enum {
-    SHA_DIGEST_LENGTH = 20
-};
-
-
-typedef WOLFSSL_SHA_CTX SHA_CTX;
-
-#define SHA_Init wolfSSL_SHA_Init
-#define SHA_Update wolfSSL_SHA_Update
-#define SHA_Final wolfSSL_SHA_Final
-
-#define SHA1_Init wolfSSL_SHA1_Init
-#define SHA1_Update wolfSSL_SHA1_Update
-#define SHA1_Final wolfSSL_SHA1_Final
-
-
-#ifdef WOLFSSL_SHA224
-
-/* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha256
- * struct are 16 byte aligned. Any derefrence to those elements after casting to
- * Sha224, is expected to also be 16 byte aligned addresses.  */
-typedef struct WOLFSSL_SHA224_CTX {
-    /* big enough to hold wolfcrypt Sha224, but check on init */
-    ALIGN16 void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
-} WOLFSSL_SHA224_CTX;
-
-WOLFSSL_API int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX*);
-WOLFSSL_API int wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX*, const void*,
-	                                 unsigned long);
-WOLFSSL_API int wolfSSL_SHA224_Final(unsigned char*, WOLFSSL_SHA224_CTX*);
-
-enum {
-    SHA224_DIGEST_LENGTH = 28
-};
-
-
-typedef WOLFSSL_SHA224_CTX SHA224_CTX;
-
-#define SHA224_Init   wolfSSL_SHA224_Init
-#define SHA224_Update wolfSSL_SHA224_Update
-#define SHA224_Final  wolfSSL_SHA224_Final
-
-#endif /* WOLFSSL_SHA224 */
-
-
-/* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha256
- * struct are 16 byte aligned. Any derefrence to those elements after casting to
- * Sha256, is expected to also be 16 byte aligned addresses.  */
-typedef struct WOLFSSL_SHA256_CTX {
-    /* big enough to hold wolfcrypt Sha256, but check on init */
-    ALIGN16 void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
-} WOLFSSL_SHA256_CTX;
-
-WOLFSSL_API int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX*);
-WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX*, const void*,
-	                                 unsigned long);
-WOLFSSL_API int wolfSSL_SHA256_Final(unsigned char*, WOLFSSL_SHA256_CTX*);
-
-enum {
-    SHA256_DIGEST_LENGTH = 32
-};
-
-
-typedef WOLFSSL_SHA256_CTX SHA256_CTX;
-
-#define SHA256_Init   wolfSSL_SHA256_Init
-#define SHA256_Update wolfSSL_SHA256_Update
-#define SHA256_Final  wolfSSL_SHA256_Final
-#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-    /* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS
-     * build. */
-    #define SHA256 wolfSSL_SHA256
-#endif
-
-
-#ifdef WOLFSSL_SHA384
-
-typedef struct WOLFSSL_SHA384_CTX {
-    /* big enough to hold wolfCrypt Sha384, but check on init */
-    void* holder[(256 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
-} WOLFSSL_SHA384_CTX;
-
-WOLFSSL_API int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX*);
-WOLFSSL_API int wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX*, const void*,
-	                                 unsigned long);
-WOLFSSL_API int wolfSSL_SHA384_Final(unsigned char*, WOLFSSL_SHA384_CTX*);
-
-enum {
-    SHA384_DIGEST_LENGTH = 48
-};
-
-
-typedef WOLFSSL_SHA384_CTX SHA384_CTX;
-
-#define SHA384_Init   wolfSSL_SHA384_Init
-#define SHA384_Update wolfSSL_SHA384_Update
-#define SHA384_Final  wolfSSL_SHA384_Final
-#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-    /* SHA384 is only available in non-fips mode because of SHA384 enum in FIPS
-     * build. */
-    #define SHA384 wolfSSL_SHA384
-#endif
-#endif /* WOLFSSL_SHA384 */
-
-#ifdef WOLFSSL_SHA512
-
-typedef struct WOLFSSL_SHA512_CTX {
-    /* big enough to hold wolfCrypt Sha384, but check on init */
-    void* holder[(288 + WC_ASYNC_DEV_SIZE) / sizeof(void*)];
-} WOLFSSL_SHA512_CTX;
-
-WOLFSSL_API int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX*);
-WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX*, const void*,
-	                                 unsigned long);
-WOLFSSL_API int wolfSSL_SHA512_Final(unsigned char*, WOLFSSL_SHA512_CTX*);
-
-enum {
-    SHA512_DIGEST_LENGTH = 64
-};
-
-
-typedef WOLFSSL_SHA512_CTX SHA512_CTX;
-
-#define SHA512_Init   wolfSSL_SHA512_Init
-#define SHA512_Update wolfSSL_SHA512_Update
-#define SHA512_Final  wolfSSL_SHA512_Final
-#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-    /* SHA512 is only available in non-fips mode because of SHA512 enum in FIPS
-     * build. */
-    #define SHA512 wolfSSL_SHA512
-#endif
-#endif /* WOLFSSL_SHA512 */
-
-
-
-
-#ifdef __cplusplus
-    }  /* extern "C" */
-#endif
-
-
-#endif /* WOLFSSL_SHA_H_ */
-
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ssl.h b/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ssl.h
deleted file mode 100644
index 2fb088c8..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/openssl/ssl.h
+++ /dev/null
@@ -1,971 +0,0 @@
-/* ssl.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-
-
-/*  ssl.h defines wolfssl_openssl compatibility layer
- *
- */
-
-
-#ifndef WOLFSSL_OPENSSL_H_
-#define WOLFSSL_OPENSSL_H_
-
-/* wolfssl_openssl compatibility layer */
-#ifndef OPENSSL_EXTRA_SSL_GUARD
-#define OPENSSL_EXTRA_SSL_GUARD
-#include <wolfssl/ssl.h>
-#endif /* OPENSSL_EXTRA_SSL_GUARD */
-
-#include <wolfssl/openssl/evp.h>
-#ifdef OPENSSL_EXTRA
-#include <wolfssl/openssl/crypto.h>
-#endif
-
-#if defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY)
-#include <wolfssl/wolfcrypt/asn.h>
-#endif
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-#ifdef _WIN32
-    /* wincrypt.h clashes */
-    #undef X509_NAME
-#endif
-
-#ifdef WOLFSSL_UTASKER
-    /* tcpip.h clashes */
-    #undef ASN1_INTEGER
-#endif
-
-
-typedef WOLFSSL          SSL;
-typedef WOLFSSL_SESSION  SSL_SESSION;
-typedef WOLFSSL_METHOD   SSL_METHOD;
-typedef WOLFSSL_CTX      SSL_CTX;
-
-typedef WOLFSSL_X509       X509;
-typedef WOLFSSL_X509       X509_REQ;
-typedef WOLFSSL_X509_NAME  X509_NAME;
-typedef WOLFSSL_X509_CHAIN X509_CHAIN;
-
-typedef WOLFSSL_STACK      EXTENDED_KEY_USAGE;
-
-
-/* redeclare guard */
-#define WOLFSSL_TYPES_DEFINED
-
-typedef WOLFSSL_BIO            BIO;
-typedef WOLFSSL_BIO_METHOD     BIO_METHOD;
-typedef WOLFSSL_CIPHER         SSL_CIPHER;
-typedef WOLFSSL_X509_LOOKUP    X509_LOOKUP;
-typedef WOLFSSL_X509_LOOKUP_METHOD X509_LOOKUP_METHOD;
-typedef WOLFSSL_X509_CRL       X509_CRL;
-typedef WOLFSSL_X509_EXTENSION X509_EXTENSION;
-typedef WOLFSSL_ASN1_TIME      ASN1_TIME;
-typedef WOLFSSL_ASN1_INTEGER   ASN1_INTEGER;
-typedef WOLFSSL_ASN1_OBJECT    ASN1_OBJECT;
-typedef WOLFSSL_ASN1_STRING    ASN1_STRING;
-typedef WOLFSSL_dynlock_value  CRYPTO_dynlock_value;
-typedef WOLFSSL_BUF_MEM        BUF_MEM;
-
-/* GENERAL_NAME and BASIC_CONSTRAINTS structs may need implemented as
- * compatibility layer expands. For now treating them as an ASN1_OBJECT */
-typedef WOLFSSL_ASN1_OBJECT GENERAL_NAME;
-typedef WOLFSSL_ASN1_OBJECT BASIC_CONSTRAINTS;
-
-#define ASN1_UTCTIME         WOLFSSL_ASN1_TIME
-#define ASN1_GENERALIZEDTIME WOLFSSL_ASN1_TIME
-
-typedef WOLFSSL_COMP_METHOD    COMP_METHOD;
-typedef WOLFSSL_X509_REVOKED   X509_REVOKED;
-typedef WOLFSSL_X509_OBJECT    X509_OBJECT;
-typedef WOLFSSL_X509_STORE     X509_STORE;
-typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
-
-#define EVP_CIPHER_INFO        EncryptedInfo
-
-#define STACK_OF(x) WOLFSSL_STACK
-
-#define CRYPTO_free                     XFREE
-#define CRYPTO_malloc                   XMALLOC
-#define CRYPTO_EX_new                   WOLFSSL_CRYPTO_EX_new
-#define CRYPTO_EX_dup                   WOLFSSL_CRYPTO_EX_dup
-#define CRYPTO_EX_free                  WOLFSSL_CRYPTO_EX_free
-
-/* depreciated */
-#define CRYPTO_thread_id                wolfSSL_thread_id
-#define CRYPTO_set_id_callback          wolfSSL_set_id_callback
- 
-#define CRYPTO_LOCK             0x01
-#define CRYPTO_UNLOCK           0x02
-#define CRYPTO_READ             0x04
-#define CRYPTO_WRITE            0x08
-
-#define CRYPTO_set_locking_callback     wolfSSL_set_locking_callback
-#define CRYPTO_set_dynlock_create_callback  wolfSSL_set_dynlock_create_callback
-#define CRYPTO_set_dynlock_lock_callback wolfSSL_set_dynlock_lock_callback
-#define CRYPTO_set_dynlock_destroy_callback wolfSSL_set_dynlock_destroy_callback
-#define CRYPTO_num_locks                wolfSSL_num_locks
-#define CRYPTO_dynlock_value            WOLFSSL_dynlock_value
-
-#define CRYPTO_cleanup_all_ex_data      wolfSSL_cleanup_all_ex_data
-
-/* this function was used to set the default malloc, free, and realloc */
-#define CRYPTO_malloc_init() /* CRYPTO_malloc_init is not needed */
-
-#define SSL_get_client_random(ssl,out,outSz) \
-                                  wolfSSL_get_client_random((ssl),(out),(outSz))
-#define SSL_get_cipher_list(ctx,i)         wolfSSL_get_cipher_list_ex((ctx),(i))
-#define SSL_get_cipher_name(ctx)           wolfSSL_get_cipher((ctx))
-#define SSL_get_shared_ciphers(ctx,buf,len) \
-                                   wolfSSL_get_shared_ciphers((ctx),(buf),(len))
-
-/* at the moment only returns ok */
-#define SSL_get_verify_result           wolfSSL_get_verify_result
-#define SSL_get_verify_mode             wolfSSL_SSL_get_mode
-#define SSL_get_verify_depth            wolfSSL_get_verify_depth
-#define SSL_CTX_get_verify_mode         wolfSSL_CTX_get_verify_mode
-#define SSL_CTX_get_verify_depth        wolfSSL_CTX_get_verify_depth
-#define SSL_get_certificate             wolfSSL_get_certificate
-#define SSL_use_certificate             wolfSSL_use_certificate
-#define SSL_use_certificate_ASN1        wolfSSL_use_certificate_ASN1
-#define d2i_PKCS8_PRIV_KEY_INFO_bio     wolfSSL_d2i_PKCS8_PKEY_bio
-#define d2i_PKCS8PrivateKey_bio         wolfSSL_d2i_PKCS8PrivateKey_bio
-#define PKCS8_PRIV_KEY_INFO_free        wolfSSL_EVP_PKEY_free
-#define d2i_PKCS12_fp                   wolfSSL_d2i_PKCS12_fp
-
-#define d2i_PUBKEY                      wolfSSL_d2i_PUBKEY
-#define d2i_PUBKEY_bio                  wolfSSL_d2i_PUBKEY_bio
-#define d2i_PrivateKey                  wolfSSL_d2i_PrivateKey
-#define d2i_AutoPrivateKey              wolfSSL_d2i_AutoPrivateKey
-#define SSL_use_PrivateKey              wolfSSL_use_PrivateKey
-#define SSL_use_PrivateKey_ASN1         wolfSSL_use_PrivateKey_ASN1
-#define SSL_use_RSAPrivateKey_ASN1      wolfSSL_use_RSAPrivateKey_ASN1
-#define SSL_get_privatekey              wolfSSL_get_privatekey
-
-#define SSLv23_method                   wolfSSLv23_method
-#define SSLv23_client_method            wolfSSLv23_client_method
-#define SSLv2_client_method             wolfSSLv2_client_method
-#define SSLv2_server_method             wolfSSLv2_server_method
-#define SSLv3_server_method             wolfSSLv3_server_method
-#define SSLv3_client_method             wolfSSLv3_client_method
-#define TLSv1_method                    wolfTLSv1_method
-#define TLSv1_server_method             wolfTLSv1_server_method
-#define TLSv1_client_method             wolfTLSv1_client_method
-#define TLSv1_1_method                  wolfTLSv1_1_method
-#define TLSv1_1_server_method           wolfTLSv1_1_server_method
-#define TLSv1_1_client_method           wolfTLSv1_1_client_method
-#define TLSv1_2_method                  wolfTLSv1_2_method
-#define TLSv1_2_server_method           wolfTLSv1_2_server_method
-#define TLSv1_2_client_method           wolfTLSv1_2_client_method
-#define TLSv1_3_method                  wolfTLSv1_3_method
-#define TLSv1_3_server_method           wolfTLSv1_3_server_method
-#define TLSv1_3_client_method           wolfTLSv1_3_client_method
-
-#define X509_FILETYPE_ASN1 SSL_FILETYPE_ASN1
-
-#ifdef WOLFSSL_DTLS
-    #define DTLSv1_client_method        wolfDTLSv1_client_method
-    #define DTLSv1_server_method        wolfDTLSv1_server_method
-    #define DTLSv1_2_client_method      wolfDTLSv1_2_client_method
-    #define DTLSv1_2_server_method      wolfDTLSv1_2_server_method
-#endif
-
-
-#ifndef NO_FILESYSTEM
-    #define SSL_CTX_use_certificate_file      wolfSSL_CTX_use_certificate_file
-    #define SSL_CTX_use_PrivateKey_file       wolfSSL_CTX_use_PrivateKey_file
-    #define SSL_CTX_load_verify_locations     wolfSSL_CTX_load_verify_locations
-    #define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file
-    #define SSL_CTX_use_RSAPrivateKey_file    wolfSSL_CTX_use_RSAPrivateKey_file
-
-    #define SSL_use_certificate_file          wolfSSL_use_certificate_file
-    #define SSL_use_PrivateKey_file           wolfSSL_use_PrivateKey_file
-    #define SSL_use_certificate_chain_file    wolfSSL_use_certificate_chain_file
-    #define SSL_use_RSAPrivateKey_file        wolfSSL_use_RSAPrivateKey_file
-#endif
-
-#define SSL_CTX_new                     wolfSSL_CTX_new
-#define SSL_new                         wolfSSL_new
-#define SSL_set_fd                      wolfSSL_set_fd
-#define SSL_get_fd                      wolfSSL_get_fd
-#define SSL_connect                     wolfSSL_connect
-#define SSL_clear                       wolfSSL_clear
-#define SSL_state                       wolfSSL_state
-
-#define SSL_write                       wolfSSL_write
-#define SSL_read                        wolfSSL_read
-#define SSL_peek                        wolfSSL_peek
-#define SSL_accept                      wolfSSL_accept
-#define SSL_CTX_free                    wolfSSL_CTX_free
-#define SSL_free                        wolfSSL_free
-#define SSL_shutdown                    wolfSSL_shutdown
-
-#define SSL_CTX_set_quiet_shutdown      wolfSSL_CTX_set_quiet_shutdown
-#define SSL_set_quiet_shutdown          wolfSSL_set_quiet_shutdown
-#define SSL_get_error                   wolfSSL_get_error
-#define SSL_set_session                 wolfSSL_set_session
-#define SSL_get_session                 wolfSSL_get_session
-#define SSL_flush_sessions              wolfSSL_flush_sessions
-/* assume unlimited temporarily */
-#define SSL_CTX_get_session_cache_mode(ctx) 0
-
-#define SSL_CTX_set_verify              wolfSSL_CTX_set_verify
-#define SSL_set_verify                  wolfSSL_set_verify
-#define SSL_pending                     wolfSSL_pending
-#define SSL_load_error_strings          wolfSSL_load_error_strings
-#define SSL_library_init                wolfSSL_library_init
-#define SSL_CTX_set_session_cache_mode  wolfSSL_CTX_set_session_cache_mode
-#define SSL_CTX_set_cipher_list         wolfSSL_CTX_set_cipher_list
-#define SSL_set_cipher_list             wolfSSL_set_cipher_list
-
-#define SSL_set_ex_data                 wolfSSL_set_ex_data
-#define SSL_get_shutdown                wolfSSL_get_shutdown
-#define SSL_set_rfd                     wolfSSL_set_rfd
-#define SSL_set_wfd                     wolfSSL_set_wfd
-#define SSL_set_shutdown                wolfSSL_set_shutdown
-#define SSL_set_session_id_context      wolfSSL_set_session_id_context
-#define SSL_set_connect_state           wolfSSL_set_connect_state
-#define SSL_set_accept_state            wolfSSL_set_accept_state
-#define SSL_session_reused              wolfSSL_session_reused
-#define SSL_SESSION_free                wolfSSL_SESSION_free
-#define SSL_is_init_finished            wolfSSL_is_init_finished
- 
-#define SSL_get_version                 wolfSSL_get_version
-#define SSL_get_current_cipher          wolfSSL_get_current_cipher
-
-/* use wolfSSL_get_cipher_name for its return format */
-#define SSL_get_cipher                  wolfSSL_get_cipher_name
-#define SSL_CIPHER_description          wolfSSL_CIPHER_description
-#define SSL_CIPHER_get_name             wolfSSL_CIPHER_get_name
-#define SSL_get1_session                wolfSSL_get1_session
-
-#define SSL_get_keyblock_size           wolfSSL_get_keyblock_size
-#define SSL_get_keys                    wolfSSL_get_keys
-#define SSL_SESSION_get_master_key      wolfSSL_SESSION_get_master_key
-#define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length
-
-#define DSA_dup_DH                      wolfSSL_DSA_dup_DH
- 
-#define i2d_X509_bio                    wolfSSL_i2d_X509_bio
-#define d2i_X509_bio                    wolfSSL_d2i_X509_bio
-#define d2i_X509_fp                     wolfSSL_d2i_X509_fp
-#define i2d_X509                        wolfSSL_i2d_X509
-#define d2i_X509                        wolfSSL_d2i_X509
-#define PEM_read_bio_X509               wolfSSL_PEM_read_bio_X509
-#define PEM_read_bio_X509_AUX           wolfSSL_PEM_read_bio_X509_AUX
-#define PEM_read_X509                   wolfSSL_PEM_read_X509
-#define PEM_write_bio_X509              wolfSSL_PEM_write_bio_X509
-#define PEM_write_bio_X509_AUX          wolfSSL_PEM_write_bio_X509_AUX
-
-#define i2d_X509_REQ                    wolfSSL_i2d_X509_REQ
-#define X509_REQ_new                    wolfSSL_X509_REQ_new
-#define X509_REQ_free                   wolfSSL_X509_REQ_free
-#define X509_REQ_sign                   wolfSSL_X509_REQ_sign
-#define X509_REQ_set_subject_name       wolfSSL_X509_REQ_set_subject_name
-#define X509_REQ_set_pubkey             wolfSSL_X509_REQ_set_pubkey
-#define PEM_write_bio_X509_REQ          wolfSSL_PEM_write_bio_X509_REQ
-
-#define X509_new                        wolfSSL_X509_new
-#define X509_free                       wolfSSL_X509_free
-#define X509_load_certificate_file      wolfSSL_X509_load_certificate_file
-#define X509_digest                     wolfSSL_X509_digest
-#define X509_get_ext_d2i                wolfSSL_X509_get_ext_d2i
-#define X509_get_issuer_name            wolfSSL_X509_get_issuer_name
-#define X509_get_subject_name           wolfSSL_X509_get_subject_name
-#define X509_get_pubkey                 wolfSSL_X509_get_pubkey
-#define X509_get_notBefore(cert)      (ASN1_TIME*)wolfSSL_X509_notBefore((cert))
-#define X509_get_notAfter(cert)       (ASN1_TIME*)wolfSSL_X509_notAfter((cert))
-#define X509_get_serialNumber           wolfSSL_X509_get_serialNumber
-#define X509_get0_pubkey_bitstr         wolfSSL_X509_get0_pubkey_bitstr
-#define X509_get_ex_new_index           wolfSSL_X509_get_ex_new_index
-#define X509_get_ex_data                wolfSSL_X509_get_ex_data
-#define X509_set_ex_data                wolfSSL_X509_set_ex_data
-#define X509_get1_ocsp                  wolfSSL_X509_get1_ocsp
-#ifndef WOLFSSL_HAPROXY
-#define X509_get_version                wolfSSL_X509_get_version
-#endif
-#define X509_get_signature_nid          wolfSSL_X509_get_signature_nid
-#define X509_set_subject_name           wolfSSL_X509_set_subject_name
-#define X509_set_pubkey                 wolfSSL_X509_set_pubkey
-#define X509_print                      wolfSSL_X509_print
-#define X509_verify_cert_error_string   wolfSSL_X509_verify_cert_error_string
-#define X509_verify_cert                wolfSSL_X509_verify_cert
-#define X509_check_private_key          wolfSSL_X509_check_private_key
-#define X509_check_ca                   wolfSSL_X509_check_ca
-#define X509_check_host                 wolfSSL_X509_check_host
-#define X509_email_free                 wolfSSL_X509_email_free
-#define X509_check_issued               wolfSSL_X509_check_issued
-#define X509_dup                        wolfSSL_X509_dup
- 
-#define sk_X509_new                     wolfSSL_sk_X509_new
-#define sk_X509_num                     wolfSSL_sk_X509_num
-#define sk_X509_value                   wolfSSL_sk_X509_value
-#define sk_X509_push                    wolfSSL_sk_X509_push
-#define sk_X509_pop                     wolfSSL_sk_X509_pop
-#define sk_X509_pop_free                wolfSSL_sk_X509_pop_free
-#define sk_X509_free                    wolfSSL_sk_X509_free
-
-#define i2d_X509_NAME                   wolfSSL_i2d_X509_NAME
-#define X509_NAME_new                   wolfSSL_X509_NAME_new
-#define X509_NAME_free                  wolfSSL_X509_NAME_free
-#define X509_NAME_get_text_by_NID       wolfSSL_X509_NAME_get_text_by_NID
-#define X509_NAME_cmp                   wolfSSL_X509_NAME_cmp
-#define X509_NAME_ENTRY_free            wolfSSL_X509_NAME_ENTRY_free
-#define X509_NAME_ENTRY_create_by_NID   wolfSSL_X509_NAME_ENTRY_create_by_NID
-#define X509_NAME_add_entry             wolfSSL_X509_NAME_add_entry
-#define X509_NAME_add_entry_by_txt      wolfSSL_X509_NAME_add_entry_by_txt
-#define X509_NAME_oneline               wolfSSL_X509_NAME_oneline
-#define X509_NAME_get_index_by_NID      wolfSSL_X509_NAME_get_index_by_NID
-#define X509_NAME_print_ex              wolfSSL_X509_NAME_print_ex
-#define X509_NAME_digest                wolfSSL_X509_NAME_digest
-#define X509_cmp_current_time           wolfSSL_X509_cmp_current_time
-
-#define sk_X509_NAME_pop_free           wolfSSL_sk_X509_NAME_pop_free
-#define sk_X509_NAME_num                wolfSSL_sk_X509_NAME_num
-#define sk_X509_NAME_value              wolfSSL_sk_X509_NAME_value
-
-    typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
-
-#define X509_NAME_entry_count           wolfSSL_X509_NAME_entry_count
-#define X509_NAME_ENTRY_get_object      wolfSSL_X509_NAME_ENTRY_get_object
-#define X509_NAME_get_entry             wolfSSL_X509_NAME_get_entry
-#define X509_NAME_ENTRY_get_data        wolfSSL_X509_NAME_ENTRY_get_data
-#define X509_NAME_ENTRY_get_object      wolfSSL_X509_NAME_ENTRY_get_object
-
-#define X509_V_FLAG_CRL_CHECK     WOLFSSL_CRL_CHECK
-#define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL
-
-#define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME
-#define X509_V_FLAG_NO_CHECK_TIME  WOLFSSL_NO_CHECK_TIME
-#define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS
-
-#define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert
-#define X509_STORE_CTX_set_verify_cb    wolfSSL_X509_STORE_CTX_set_verify_cb
-#define X509_STORE_CTX_new              wolfSSL_X509_STORE_CTX_new
-#define X509_STORE_CTX_free             wolfSSL_X509_STORE_CTX_free
-#define X509_STORE_CTX_get_chain        wolfSSL_X509_STORE_CTX_get_chain
-#define X509_STORE_CTX_get_error        wolfSSL_X509_STORE_CTX_get_error
-#define X509_STORE_CTX_get_error_depth  wolfSSL_X509_STORE_CTX_get_error_depth
-#define X509_STORE_CTX_init             wolfSSL_X509_STORE_CTX_init
-#define X509_STORE_CTX_cleanup          wolfSSL_X509_STORE_CTX_cleanup
-#define X509_STORE_CTX_set_error        wolfSSL_X509_STORE_CTX_set_error
-#define X509_STORE_CTX_get_ex_data      wolfSSL_X509_STORE_CTX_get_ex_data
- 
-#define X509_STORE_new                  wolfSSL_X509_STORE_new
-#define X509_STORE_free                 wolfSSL_X509_STORE_free
-#define X509_STORE_add_lookup           wolfSSL_X509_STORE_add_lookup
-#define X509_STORE_add_cert             wolfSSL_X509_STORE_add_cert
-#define X509_STORE_add_crl              wolfSSL_X509_STORE_add_crl
-#define X509_STORE_set_flags            wolfSSL_X509_STORE_set_flags
-#define X509_STORE_get1_certs           wolfSSL_X509_STORE_get1_certs
-#define X509_STORE_get_by_subject       wolfSSL_X509_STORE_get_by_subject
-#define X509_STORE_CTX_get1_issuer      wolfSSL_X509_STORE_CTX_get1_issuer
-#define X509_STORE_CTX_set_time         wolfSSL_X509_STORE_CTX_set_time
-
-#define X509_LOOKUP_add_dir             wolfSSL_X509_LOOKUP_add_dir
-#define X509_LOOKUP_load_file           wolfSSL_X509_LOOKUP_load_file
-#define X509_LOOKUP_hash_dir            wolfSSL_X509_LOOKUP_hash_dir
-#define X509_LOOKUP_file                wolfSSL_X509_LOOKUP_file
- 
-#define d2i_X509_CRL                    wolfSSL_d2i_X509_CRL
-#define d2i_X509_CRL_fp                 wolfSSL_d2i_X509_CRL_fp
-#define PEM_read_X509_CRL               wolfSSL_PEM_read_X509_CRL
- 
-#define X509_CRL_free                   wolfSSL_X509_CRL_free
-#define X509_CRL_get_lastUpdate         wolfSSL_X509_CRL_get_lastUpdate
-#define X509_CRL_get_nextUpdate         wolfSSL_X509_CRL_get_nextUpdate
-#define X509_CRL_verify                 wolfSSL_X509_CRL_verify
-#define X509_CRL_get_REVOKED            wolfSSL_X509_CRL_get_REVOKED
-
-#define sk_X509_REVOKED_num             wolfSSL_sk_X509_REVOKED_num
-#define sk_X509_REVOKED_value           wolfSSL_sk_X509_REVOKED_value
-
-#define X509_OBJECT_free_contents       wolfSSL_X509_OBJECT_free_contents
-
-#define OCSP_parse_url                  wolfSSL_OCSP_parse_url
- 
-#define MD4_Init                        wolfSSL_MD4_Init
-#define MD4_Update                      wolfSSL_MD4_Update
-#define MD4_Final                       wolfSSL_MD4_Final
-
-#define BIO_new                         wolfSSL_BIO_new
-#define BIO_free                        wolfSSL_BIO_free
-#define BIO_free_all                    wolfSSL_BIO_free_all
-#define BIO_nread0                      wolfSSL_BIO_nread0
-#define BIO_nread                       wolfSSL_BIO_nread
-#define BIO_read                        wolfSSL_BIO_read
-#define BIO_nwrite0                     wolfSSL_BIO_nwrite0
-#define BIO_nwrite                      wolfSSL_BIO_nwrite
-#define BIO_write                       wolfSSL_BIO_write
-#define BIO_push                        wolfSSL_BIO_push
-#define BIO_pop                         wolfSSL_BIO_pop
-#define BIO_flush                       wolfSSL_BIO_flush
-#define BIO_pending                     wolfSSL_BIO_pending
-
-#define BIO_get_mem_data                wolfSSL_BIO_get_mem_data
-#define BIO_new_mem_buf                 wolfSSL_BIO_new_mem_buf
-
-#define BIO_f_buffer                    wolfSSL_BIO_f_buffer
-#define BIO_set_write_buffer_size       wolfSSL_BIO_set_write_buffer_size
-#define BIO_f_ssl                       wolfSSL_BIO_f_ssl
-#define BIO_new_socket                  wolfSSL_BIO_new_socket
-#define SSL_set_bio                     wolfSSL_set_bio
-#define BIO_eof                         wolfSSL_BIO_eof
-#define BIO_set_ss                      wolfSSL_BIO_set_ss
- 
-#define BIO_s_mem                       wolfSSL_BIO_s_mem
-#define BIO_f_base64                    wolfSSL_BIO_f_base64
-#define BIO_set_flags                   wolfSSL_BIO_set_flags
-
-#define SSLeay_add_ssl_algorithms       wolfSSL_add_all_algorithms
-#define SSLeay_add_all_algorithms       wolfSSL_add_all_algorithms
-
-#define RAND_screen                     wolfSSL_RAND_screen
-#define RAND_file_name                  wolfSSL_RAND_file_name
-#define RAND_write_file                 wolfSSL_RAND_write_file
-#define RAND_load_file                  wolfSSL_RAND_load_file
-#define RAND_egd                        wolfSSL_RAND_egd
-#define RAND_seed                       wolfSSL_RAND_seed
-#define RAND_cleanup                    wolfSSL_RAND_Cleanup
-#define RAND_add                        wolfSSL_RAND_add
-#define RAND_poll                       wolfSSL_RAND_poll
-#define RAND_status                     wolfSSL_RAND_status
-#define RAND_bytes                      wolfSSL_RAND_bytes
-#define RAND_pseudo_bytes               wolfSSL_RAND_pseudo_bytes
-
-#define COMP_zlib                       wolfSSL_COMP_zlib
-#define COMP_rle                        wolfSSL_COMP_rle
-#define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method
-
-#define SSL_get_ex_new_index            wolfSSL_get_ex_new_index
-
-
-typedef WOLFSSL_ASN1_BIT_STRING    ASN1_BIT_STRING;
-
-#define ASN1_TIME_adj                   wolfSSL_ASN1_TIME_adj
-#define ASN1_TIME_print                 wolfSSL_ASN1_TIME_print
-#define ASN1_TIME_to_generalizedtime    wolfSSL_ASN1_TIME_to_generalizedtime
-#define ASN1_GENERALIZEDTIME_print      wolfSSL_ASN1_GENERALIZEDTIME_print
-#define ASN1_GENERALIZEDTIME_free       wolfSSL_ASN1_GENERALIZEDTIME_free
-
-#define ASN1_tag2str                    wolfSSL_ASN1_tag2str
-
-#define i2a_ASN1_INTEGER                wolfSSL_i2a_ASN1_INTEGER
-#define i2c_ASN1_INTEGER                wolfSSL_i2c_ASN1_INTEGER
-#define ASN1_INTEGER_new                wolfSSL_ASN1_INTEGER_new
-#define ASN1_INTEGER_free               wolfSSL_ASN1_INTEGER_free
-#define ASN1_INTEGER_cmp                wolfSSL_ASN1_INTEGER_cmp
-#define ASN1_INTEGER_get                wolfSSL_ASN1_INTEGER_get
-#define ASN1_INTEGER_to_BN              wolfSSL_ASN1_INTEGER_to_BN
-
-#define ASN1_STRING_data                wolfSSL_ASN1_STRING_data
-#define ASN1_STRING_get0_data           wolfSSL_ASN1_STRING_data
-#define ASN1_STRING_length              wolfSSL_ASN1_STRING_length
-#define ASN1_STRING_to_UTF8             wolfSSL_ASN1_STRING_to_UTF8
-#define ASN1_STRING_print_ex            wolfSSL_ASN1_STRING_print_ex
-
-#define ASN1_UTCTIME_pr                 wolfSSL_ASN1_UTCTIME_pr
-
-#define ASN1_IA5STRING                  WOLFSSL_ASN1_STRING
-
-#define ASN1_OCTET_STRING               WOLFSSL_ASN1_STRING
-
-#define SSL_load_client_CA_file         wolfSSL_load_client_CA_file
-
-#define SSL_CTX_get_client_CA_list      wolfSSL_SSL_CTX_get_client_CA_list
-#define SSL_CTX_set_client_CA_list      wolfSSL_CTX_set_client_CA_list
-#define SSL_CTX_set_cert_store          wolfSSL_CTX_set_cert_store
-#define SSL_CTX_get_cert_store          wolfSSL_CTX_get_cert_store
-#define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx
-#define SSL_get_ex_data                 wolfSSL_get_ex_data
-
-#define SSL_CTX_set_default_passwd_cb_userdata wolfSSL_CTX_set_default_passwd_cb_userdata
-#define SSL_CTX_set_default_passwd_cb   wolfSSL_CTX_set_default_passwd_cb
-
-#define SSL_CTX_set_timeout(ctx, to)    \
-                                 wolfSSL_CTX_set_timeout(ctx, (unsigned int) to)
-#define SSL_CTX_set_info_callback       wolfSSL_CTX_set_info_callback
-#define SSL_CTX_set_alpn_protos         wolfSSL_CTX_set_alpn_protos
-
-#define SSL_alert_type_string           wolfSSL_alert_type_string
-#define SSL_alert_desc_string           wolfSSL_alert_desc_string
-#define SSL_state_string                wolfSSL_state_string
-
-#define RSA_free                        wolfSSL_RSA_free
-#define RSA_generate_key                wolfSSL_RSA_generate_key
-#define SSL_CTX_set_tmp_rsa_callback    wolfSSL_CTX_set_tmp_rsa_callback
- 
-#define PEM_def_callback                wolfSSL_PEM_def_callback
-
-#define SSL_CTX_sess_accept             wolfSSL_CTX_sess_accept
-#define SSL_CTX_sess_connect            wolfSSL_CTX_sess_connect
-#define SSL_CTX_sess_accept_good        wolfSSL_CTX_sess_accept_good
-#define SSL_CTX_sess_connect_good       wolfSSL_CTX_sess_connect_good
-#define SSL_CTX_sess_accept_renegotiate wolfSSL_CTX_sess_accept_renegotiate
-#define SSL_CTX_sess_connect_renegotiate wolfSSL_CTX_sess_connect_renegotiate
-#define SSL_CTX_sess_hits               wolfSSL_CTX_sess_hits
-#define SSL_CTX_sess_cb_hits            wolfSSL_CTX_sess_cb_hits
-#define SSL_CTX_sess_cache_full         wolfSSL_CTX_sess_cache_full
-#define SSL_CTX_sess_misses             wolfSSL_CTX_sess_misses
-#define SSL_CTX_sess_timeouts           wolfSSL_CTX_sess_timeouts
-#define SSL_CTX_sess_number             wolfSSL_CTX_sess_number
-#define SSL_CTX_sess_get_cache_size     wolfSSL_CTX_sess_get_cache_size
-
-
-#define SSL_DEFAULT_CIPHER_LIST WOLFSSL_DEFAULT_CIPHER_LIST
-
-#define SSL_CTX_set_psk_client_callback wolfSSL_CTX_set_psk_client_callback
-#define SSL_set_psk_client_callback     wolfSSL_set_psk_client_callback
-
-#define SSL_get_psk_identity_hint       wolfSSL_get_psk_identity_hint
-#define SSL_get_psk_identity            wolfSSL_get_psk_identity
-
-#define SSL_CTX_use_psk_identity_hint   wolfSSL_CTX_use_psk_identity_hint
-#define SSL_use_psk_identity_hint       wolfSSL_use_psk_identity_hint
-
-#define SSL_CTX_set_psk_server_callback wolfSSL_CTX_set_psk_server_callback
-#define SSL_set_psk_server_callback     wolfSSL_set_psk_server_callback
-
-/* system file ints for ERR_put_error */
-#define SYS_F_ACCEPT      WOLFSSL_SYS_ACCEPT
-#define SYS_F_BIND        WOLFSSL_SYS_BIND
-#define SYS_F_CONNECT     WOLFSSL_SYS_CONNECT
-#define SYS_F_FOPEN       WOLFSSL_SYS_FOPEN
-#define SYS_F_FREAD       WOLFSSL_SYS_FREAD
-#define SYS_F_GETADDRINFO WOLFSSL_SYS_GETADDRINFO
-#define SYS_F_GETSOCKOPT  WOLFSSL_SYS_GETSOCKOPT
-#define SYS_F_GETSOCKNAME WOLFSSL_SYS_GETSOCKNAME
-#define SYS_F_OPENDIR     WOLFSSL_SYS_OPENDIR
-#define SYS_F_SETSOCKOPT  WOLFSSL_SYS_SETSOCKOPT
-#define SYS_F_SOCKET      WOLFSSL_SYS_SOCKET
-#define SYS_F_GETHOSTBYNAME  WOLFSSL_SYS_GETHOSTBYNAME
-#define SYS_F_GETNAMEINFO    WOLFSSL_SYS_GETNAMEINFO
-#define SYS_F_GETSERVBYNAME  WOLFSSL_SYS_GETSERVBYNAME
-#define SYS_F_IOCTLSOCKET    WOLFSSL_SYS_IOCTLSOCKET
-#define SYS_F_LISTEN         WOLFSSL_SYS_LISTEN
-
-#define ERR_GET_REASON                  wolfSSL_ERR_GET_REASON
-
-#define ERR_put_error                   wolfSSL_ERR_put_error
-#define ERR_peek_error                  wolfSSL_ERR_peek_error
-#define ERR_peek_errors_fp              wolfSSL_ERR_peek_errors_fp
-#define ERR_peek_error_line_data        wolfSSL_ERR_peek_error_line_data
-#define ERR_peek_last_error             wolfSSL_ERR_peek_last_error
-#define ERR_peek_last_error_line        wolfSSL_ERR_peek_last_error_line
-#define ERR_get_error_line              wolfSSL_ERR_get_error_line
-#define ERR_get_error_line_data         wolfSSL_ERR_get_error_line_data
-#define ERR_get_error                   wolfSSL_ERR_get_error
-#define ERR_print_errors_fp(file)       wolfSSL_ERR_dump_errors_fp((file))
-#define ERR_clear_error                 wolfSSL_ERR_clear_error
-#define ERR_free_strings                wolfSSL_ERR_free_strings
-#define ERR_remove_state                wolfSSL_ERR_remove_state
-#define ERR_remove_thread_state         wolfSSL_ERR_remove_thread_state
-#define ERR_error_string                wolfSSL_ERR_error_string
-#define ERR_error_string_n              wolfSSL_ERR_error_string_n
-#define ERR_reason_error_string         wolfSSL_ERR_reason_error_string
-#define ERR_load_BIO_strings            wolfSSL_ERR_load_BIO_strings
-
-#define SSLv23_server_method            wolfSSLv23_server_method
-#define SSL_CTX_set_options             wolfSSL_CTX_set_options
-#define SSL_CTX_get_options             wolfSSL_CTX_get_options
-#define SSL_CTX_clear_options           wolfSSL_CTX_clear_options
-
-#define SSL_CTX_check_private_key       wolfSSL_CTX_check_private_key
-#define SSL_check_private_key           wolfSSL_check_private_key
-
-#define SSL_CTX_set_mode                wolfSSL_CTX_set_mode
-#define SSL_CTX_get_mode                wolfSSL_CTX_get_mode
-#define SSL_CTX_set_default_read_ahead  wolfSSL_CTX_set_default_read_ahead
-
-#define SSL_CTX_sess_set_cache_size     wolfSSL_CTX_sess_set_cache_size
-#define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths
-
-#define SSL_CTX_set_session_id_context  wolfSSL_CTX_set_session_id_context
-#define SSL_get_peer_certificate        wolfSSL_get_peer_certificate
-#define SSL_get_peer_cert_chain         wolfSSL_get_peer_cert_chain
-
-#define SSL_want_read                   wolfSSL_want_read
-#define SSL_want_write                  wolfSSL_want_write
-
-#define BIO_prf                         wolfSSL_BIO_prf
- 
-#define sk_num                          wolfSSL_sk_num
-#define sk_value                        wolfSSL_sk_value
-
-#define d2i_PKCS12_bio                  wolfSSL_d2i_PKCS12_bio
-#define d2i_PKCS12_fp                   wolfSSL_d2i_PKCS12_fp
-
-#define d2i_RSAPublicKey                wolfSSL_d2i_RSAPublicKey
-#define d2i_RSAPrivateKey               wolfSSL_d2i_RSAPrivateKey
-#define i2d_RSAPrivateKey               wolfSSL_i2d_RSAPrivateKey
-#define i2d_RSAPublicKey                wolfSSL_i2d_RSAPublicKey
-
-#define SSL_CTX_get_ex_data             wolfSSL_CTX_get_ex_data
-#define SSL_CTX_set_ex_data             wolfSSL_CTX_set_ex_data
-#define SSL_CTX_sess_set_get_cb         wolfSSL_CTX_sess_set_get_cb
-#define SSL_CTX_sess_set_new_cb         wolfSSL_CTX_sess_set_new_cb
-#define SSL_CTX_sess_set_remove_cb      wolfSSL_CTX_sess_set_remove_cb
-
-#define i2d_SSL_SESSION                 wolfSSL_i2d_SSL_SESSION
-#define d2i_SSL_SESSION                 wolfSSL_d2i_SSL_SESSION
-#define SSL_SESSION_set_timeout         wolfSSL_SSL_SESSION_set_timeout
-#define SSL_SESSION_get_timeout         wolfSSL_SESSION_get_timeout
-#define SSL_SESSION_get_time            wolfSSL_SESSION_get_time
-#define SSL_CTX_get_ex_new_index        wolfSSL_CTX_get_ex_new_index
-#define PEM_read                        wolfSSL_PEM_read
-#define PEM_write                       wolfSSL_PEM_write
-#define PEM_get_EVP_CIPHER_INFO         wolfSSL_PEM_get_EVP_CIPHER_INFO
-#define PEM_do_header                   wolfSSL_PEM_do_header
-
-/*#if OPENSSL_API_COMPAT < 0x10100000L*/
-#define CONF_modules_free()
-#define ENGINE_cleanup()
-#define HMAC_CTX_cleanup                wolfSSL_HMAC_cleanup
-#define SSL_CTX_need_tmp_RSA(ctx)       0
-#define SSL_CTX_set_tmp_rsa(ctx,rsa)    1
-#define SSL_need_tmp_RSA(ssl)           0
-#define SSL_set_tmp_rsa(ssl,rsa)        1
-/*#endif*/
-
-#define CONF_modules_unload(a)
-
-#define SSL_get_hit                     wolfSSL_session_reused
-
-/* yassl had set the default to be 500 */
-#define SSL_get_default_timeout(ctx)    500
-
-#define SSL_CTX_use_certificate         wolfSSL_CTX_use_certificate
-#define SSL_CTX_use_PrivateKey          wolfSSL_CTX_use_PrivateKey
-#define BIO_read_filename               wolfSSL_BIO_read_filename
-#define BIO_s_file                      wolfSSL_BIO_s_file
-#define SSL_CTX_set_verify_depth        wolfSSL_CTX_set_verify_depth
-#define SSL_set_verify_depth            wolfSSL_set_verify_depth
-#define SSL_get_app_data                wolfSSL_get_app_data
-#define SSL_set_app_data                wolfSSL_set_app_data
-#define SHA1                            wolfSSL_SHA1
-
-#define SSL_dup_CA_list                 wolfSSL_dup_CA_list
-
-enum {
-    GEN_DNS   = 0x02, /* ASN_DNS_TYPE */
-    GEN_EMAIL = 0x01, /* ASN_RFC822_TYPE */
-    GEN_URI   = 0x06  /* ASN_URI_TYPE */
-};
-
-#define PEM_read_bio_DHparams           wolfSSL_PEM_read_bio_DHparams
-#define PEM_read_bio_DSAparams          wolfSSL_PEM_read_bio_DSAparams
-
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)
-#define SSL_get_rbio                    wolfSSL_SSL_get_rbio
-#define SSL_get_wbio                    wolfSSL_SSL_get_wbio
-#define SSL_do_handshake                wolfSSL_SSL_do_handshake
-#define SSL_get_ciphers(x)              wolfSSL_get_ciphers_compat(x)
-#define SSL_SESSION_get_id              wolfSSL_SESSION_get_id
-#define SSL_get_cipher_bits(s,np)       \
-                          wolfSSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
-#define sk_SSL_CIPHER_num               wolfSSL_sk_SSL_CIPHER_num
-#define sk_SSL_COMP_zero                wolfSSL_sk_SSL_COMP_zero
-#define sk_SSL_CIPHER_value             wolfSSL_sk_SSL_CIPHER_value
-#endif /* OPENSSL_ALL || WOLFSSL_HAPROXY */
-
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
-#include <wolfssl/openssl/pem.h>
-
-typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES;
-#define SSL_CTRL_CHAIN       88
-#define BIO_CTRL_WPENDING    13
-#define GEN_IPADD            7
-#define ERR_LIB_SSL          20
-#define SSL_R_SHORT_READ     10
-#define ERR_R_PEM_LIB        9
-#define V_ASN1_IA5STRING     22
-#define SSL_CTRL_MODE        33       
-
-#define SSL_CTX_clear_chain_certs(ctx) SSL_CTX_set0_chain(ctx,NULL)
-#define d2i_RSAPrivateKey_bio           wolfSSL_d2i_RSAPrivateKey_bio
-#define SSL_CTX_use_RSAPrivateKey       wolfSSL_CTX_use_RSAPrivateKey
-#define d2i_PrivateKey_bio              wolfSSL_d2i_PrivateKey_bio
-#define BIO_new_bio_pair                wolfSSL_BIO_new_bio_pair
-#define SSL_get_verify_callback         wolfSSL_get_verify_callback
-#define GENERAL_NAMES_free(GENERAL_NAMES)NULL
-
-#define SSL_set_mode(ssl,op)         wolfSSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
-
-#define SSL_CTX_use_certificate_ASN1    wolfSSL_CTX_use_certificate_ASN1
-#define SSL_CTX_set0_chain(ctx,sk) \
-                             wolfSSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk))
-#define SSL_CTX_get_app_data(ctx)       wolfSSL_CTX_get_ex_data(ctx,0)
-#define SSL_CTX_set_app_data(ctx,arg)   wolfSSL_CTX_set_ex_data(ctx,0, \
-                                                                  (char *)(arg))
-#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
-
-#define SSL_CTX_set_tmp_dh              wolfSSL_CTX_set_tmp_dh
-
-#define BIO_new_file                    wolfSSL_BIO_new_file
-#define BIO_ctrl                        wolfSSL_BIO_ctrl
-#define BIO_ctrl_pending                wolfSSL_BIO_ctrl_pending
-#define BIO_wpending                    wolfSSL_BIO_wpending
-#define BIO_get_mem_ptr                 wolfSSL_BIO_get_mem_ptr
-#define BIO_int_ctrl                    wolfSSL_BIO_int_ctrl
-#define BIO_reset                       wolfSSL_BIO_reset
-#define BIO_s_file                      wolfSSL_BIO_s_file
-#define BIO_s_bio                       wolfSSL_BIO_s_bio
-#define BIO_s_socket                    wolfSSL_BIO_s_socket
-#define BIO_set_fd                      wolfSSL_BIO_set_fd
-#define BIO_ctrl_reset_read_request     wolfSSL_BIO_ctrl_reset_read_request
-
-#define BIO_set_write_buf_size          wolfSSL_BIO_set_write_buf_size
-#define BIO_make_bio_pair               wolfSSL_BIO_make_bio_pair
-
-#define BIO_set_fp                      wolfSSL_BIO_set_fp
-#define BIO_get_fp                      wolfSSL_BIO_get_fp
-#define BIO_seek                        wolfSSL_BIO_seek
-#define BIO_write_filename              wolfSSL_BIO_write_filename
-#define BIO_set_mem_eof_return          wolfSSL_BIO_set_mem_eof_return
-
-#define TLSEXT_STATUSTYPE_ocsp  1
-
-#define SSL_set_options                 wolfSSL_set_options
-#define SSL_get_options                 wolfSSL_get_options
-#define SSL_clear_options               wolfSSL_clear_options
-#define SSL_set_tmp_dh                  wolfSSL_set_tmp_dh
-#define SSL_clear_num_renegotiations    wolfSSL_clear_num_renegotiations
-#define SSL_total_renegotiations        wolfSSL_total_renegotiations
-#define SSL_set_tlsext_debug_arg        wolfSSL_set_tlsext_debug_arg
-#define SSL_set_tlsext_status_type      wolfSSL_set_tlsext_status_type
-#define SSL_set_tlsext_status_exts      wolfSSL_set_tlsext_status_exts
-#define SSL_get_tlsext_status_ids       wolfSSL_get_tlsext_status_ids
-#define SSL_set_tlsext_status_ids       wolfSSL_set_tlsext_status_ids
-#define SSL_get_tlsext_status_ocsp_res  wolfSSL_get_tlsext_status_ocsp_resp
-#define SSL_set_tlsext_status_ocsp_res  wolfSSL_set_tlsext_status_ocsp_resp
-#define SSL_set_tlsext_status_ocsp_resp  wolfSSL_set_tlsext_status_ocsp_resp
-#define SSL_get_tlsext_status_ocsp_resp  wolfSSL_get_tlsext_status_ocsp_resp
- 
-#define SSL_CTX_add_extra_chain_cert    wolfSSL_CTX_add_extra_chain_cert
-#define SSL_CTX_get_read_ahead          wolfSSL_CTX_get_read_ahead
-#define SSL_CTX_set_read_ahead          wolfSSL_CTX_set_read_ahead
-#define SSL_CTX_set_tlsext_status_arg   wolfSSL_CTX_set_tlsext_status_arg
-#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg \
-                            wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg
-#define SSL_get_server_random           wolfSSL_get_server_random
-
-#define SSL_get_tlsext_status_exts      wolfSSL_get_tlsext_status_exts
-
-#define BIO_C_SET_FILE_PTR                      106
-#define BIO_C_GET_FILE_PTR                      107
-#define BIO_C_SET_FILENAME                      108
-#define BIO_C_FILE_SEEK                         128
-#define BIO_C_SET_BUF_MEM_EOF_RETURN            130
-#define BIO_C_SET_WRITE_BUF_SIZE                136
-#define BIO_C_MAKE_BIO_PAIR                     138
-
-#define BIO_CTRL_RESET          1
-#define BIO_CTRL_INFO           3
-#define BIO_CTRL_FLUSH          11
-#define BIO_CLOSE               0x01
-#define BIO_FP_WRITE            0x04
-
-#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS         11
-#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS         12
-#define SSL_CTRL_SET_TMP_DH                       3
-#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG             57
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE       65
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS       66
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS       67
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS        68
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS        69
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP  70
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP  71
-
-#define SSL_CTRL_SET_TMP_DH                     3
-#define SSL_CTRL_EXTRA_CHAIN_CERT               14
-
-#define SSL_CTRL_SET_SESS_CACHE_SIZE            42
-#define SSL_CTRL_GET_READ_AHEAD                 40
-#define SSL_CTRL_SET_READ_AHEAD                 41
-
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB       63
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG   64
-
-#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS          82
-
-#define SSL_ctrl                        wolfSSL_ctrl
-#define SSL_CTX_ctrl                    wolfSSL_CTX_ctrl
-
-#define SSL3_RANDOM_SIZE                32 /* same as RAN_LEN in internal.h */
-#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) \
-                                                         || defined(OPENSSL_ALL)
-#include <wolfssl/openssl/asn1.h>
-
-#define SSL2_VERSION                     0x0002
-#define SSL3_VERSION                     0x0300
-#define TLS1_VERSION                     0x0301
-#define DTLS1_VERSION                    0xFEFF
-#define SSL23_ST_SR_CLNT_HELLO_A        (0x210|0x2000)
-#define SSL3_ST_SR_CLNT_HELLO_A         (0x110|0x2000)
-#define ASN1_STRFLGS_ESC_MSB             4
-
-#define SSL_MAX_MASTER_KEY_LENGTH       WOLFSSL_MAX_MASTER_KEY_LENGTH
-
-#define SSL_alert_desc_string_long      wolfSSL_alert_desc_string_long
-#define SSL_alert_type_string_long      wolfSSL_alert_type_string_long
-#define SSL_CIPHER_get_bits             wolfSSL_CIPHER_get_bits
-#define sk_GENERAL_NAME_num             wolfSSL_sk_GENERAL_NAME_num
-#define SSL_CTX_get_options             wolfSSL_CTX_get_options
-
-#define SSL_CTX_flush_sessions          wolfSSL_flush_sessions
-#define SSL_CTX_add_session             wolfSSL_CTX_add_session
-#define SSL_version                     wolfSSL_version
-#define SSL_get_state                   wolfSSL_get_state
-#define SSL_state_string_long           wolfSSL_state_string_long
-
-#define sk_GENERAL_NAME_value           wolfSSL_sk_GENERAL_NAME_value
-#define SSL_SESSION_get_ex_data         wolfSSL_SESSION_get_ex_data
-#define SSL_SESSION_set_ex_data         wolfSSL_SESSION_set_ex_data
-#define SSL_SESSION_get_ex_new_index    wolfSSL_SESSION_get_ex_new_index
-#define SSL_SESSION_get_id              wolfSSL_SESSION_get_id
-#define sk_GENERAL_NAME_pop_free        wolfSSL_sk_GENERAL_NAME_pop_free
-#define GENERAL_NAME_free               NULL
-
-#define SSL3_AL_FATAL                   2
-#define SSL_TLSEXT_ERR_OK               0
-#define SSL_TLSEXT_ERR_ALERT_FATAL      alert_fatal
-#define SSL_TLSEXT_ERR_NOACK            alert_warning
-#define TLSEXT_NAMETYPE_host_name       WOLFSSL_SNI_HOST_NAME
-
-#define SSL_set_tlsext_host_name        wolfSSL_set_tlsext_host_name
-#define SSL_get_servername              wolfSSL_get_servername
-#define SSL_set_SSL_CTX                 wolfSSL_set_SSL_CTX
-#define SSL_CTX_get_verify_callback     wolfSSL_CTX_get_verify_callback
-#define SSL_CTX_set_tlsext_servername_callback wolfSSL_CTX_set_tlsext_servername_callback
-#define SSL_CTX_set_tlsext_servername_arg wolfSSL_CTX_set_servername_arg
-
-#define PSK_MAX_PSK_LEN                 256
-#define PSK_MAX_IDENTITY_LEN            128
-#define SSL_CTX_clear_options           wolfSSL_CTX_clear_options
-
-
-#endif /* HAVE_STUNNEL || WOLFSSL_NGINX */
-#define SSL_CTX_get_default_passwd_cb   wolfSSL_CTX_get_default_passwd_cb
-#define SSL_CTX_get_default_passwd_cb_userdata wolfSSL_CTX_get_default_passwd_cb_userdata
-
-#define SSL_CTX_set_msg_callback        wolfSSL_CTX_set_msg_callback
-#define SSL_set_msg_callback            wolfSSL_set_msg_callback
-#define SSL_CTX_set_msg_callback_arg    wolfSSL_CTX_set_msg_callback_arg
-#define SSL_set_msg_callback_arg        wolfSSL_set_msg_callback_arg
-
-
-/* Nginx uses this to determine if reached end of certs in file.
- * PEM_read_bio_X509 is called and the return error is lost.
- * The error that needs to be detected is: SSL_NO_PEM_HEADER.
- */
-#define ERR_GET_LIB(l)  (int)((((unsigned long)l)>>24L)&0xffL)
-#define PEM_R_NO_START_LINE     108
-#define ERR_LIB_PEM             9
-#define ERR_LIB_X509            10
-
-#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
-    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \
-    defined(HAVE_LIGHTY)
-
-#include <wolfssl/error-ssl.h>
-
-#define OPENSSL_STRING    WOLFSSL_STRING
-
-#define TLSEXT_TYPE_application_layer_protocol_negotiation    16
-
-#define OPENSSL_NPN_UNSUPPORTED 0
-#define OPENSSL_NPN_NEGOTIATED  1
-#define OPENSSL_NPN_NO_OVERLAP  2
-
-/* Nginx checks these to see if the error was a handshake error. */
-#define SSL_R_BAD_CHANGE_CIPHER_SPEC               LENGTH_ERROR
-#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG            BUFFER_E
-#define SSL_R_DIGEST_CHECK_FAILED                  VERIFY_MAC_ERROR
-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST        SUITES_ERROR
-#define SSL_R_EXCESSIVE_MESSAGE_SIZE               BUFFER_ERROR
-#define SSL_R_LENGTH_MISMATCH                      LENGTH_ERROR
-#define SSL_R_NO_CIPHERS_SPECIFIED                 SUITES_ERROR
-#define SSL_R_NO_COMPRESSION_SPECIFIED             COMPRESSION_ERROR
-#define SSL_R_NO_SHARED_CIPHER                     MATCH_SUITE_ERROR
-#define SSL_R_RECORD_LENGTH_MISMATCH               HANDSHAKE_SIZE_ERROR
-#define SSL_R_UNEXPECTED_MESSAGE                   OUT_OF_ORDER_E
-#define SSL_R_UNEXPECTED_RECORD                    SANITY_MSG_E
-#define SSL_R_UNKNOWN_ALERT_TYPE                   BUFFER_ERROR
-#define SSL_R_UNKNOWN_PROTOCOL                     VERSION_ERROR
-#define SSL_R_WRONG_VERSION_NUMBER                 VERSION_ERROR
-#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC  ENCRYPT_ERROR
-#define SSL_R_HTTPS_PROXY_REQUEST                  PARSE_ERROR
-#define SSL_R_HTTP_REQUEST                         PARSE_ERROR
-#define SSL_R_UNSUPPORTED_PROTOCOL                 VERSION_ERROR
-
-
-#ifdef HAVE_SESSION_TICKET
-#define SSL_OP_NO_TICKET                  SSL_OP_NO_TICKET
-#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
-#endif
-
-#define OPENSSL_config	                wolfSSL_OPENSSL_config
-#define OPENSSL_memdup                  wolfSSL_OPENSSL_memdup
-#define SSL_CTX_get_timeout             wolfSSL_SSL_CTX_get_timeout
-#define SSL_CTX_set_tmp_ecdh            wolfSSL_SSL_CTX_set_tmp_ecdh
-#define SSL_CTX_remove_session          wolfSSL_SSL_CTX_remove_session
-#define SSL_get_rbio                    wolfSSL_SSL_get_rbio
-#define SSL_get_wbio                    wolfSSL_SSL_get_wbio
-#define SSL_do_handshake                wolfSSL_SSL_do_handshake
-#define SSL_in_init                     wolfSSL_SSL_in_init
-#define SSL_get0_session                wolfSSL_SSL_get0_session
-#define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb
-#define SSL_CTX_set_tlsext_status_cb    wolfSSL_CTX_set_tlsext_status_cb
-#define SSL_CTX_get_extra_chain_certs   wolfSSL_CTX_get_extra_chain_certs
-#define sk_OPENSSL_STRING_value         wolfSSL_sk_WOLFSSL_STRING_value
-#define SSL_get0_alpn_selected          wolfSSL_get0_alpn_selected
-#define SSL_select_next_proto           wolfSSL_select_next_proto
-#define SSL_CTX_set_alpn_select_cb      wolfSSL_CTX_set_alpn_select_cb
-#define SSL_CTX_set_next_protos_advertised_cb  wolfSSL_CTX_set_next_protos_advertised_cb
-#define SSL_CTX_set_next_proto_select_cb wolfSSL_CTX_set_next_proto_select_cb
-#define SSL_get0_next_proto_negotiated  wolfSSL_get0_next_proto_negotiated
-#define SSL_is_server                   wolfSSL_is_server
-#define SSL_CTX_set1_curves_list        wolfSSL_CTX_set1_curves_list
-
-#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || WOLFSSL_MYSQL_COMPATIBLE || 
-          OPENSSL_ALL || HAVE_LIGHTY */
-
-#ifdef OPENSSL_EXTRA
-#define SSL_CTX_add_client_CA           wolfSSL_CTX_add_client_CA
-#define SSL_CTX_set_srp_password        wolfSSL_CTX_set_srp_password
-#define SSL_CTX_set_srp_username        wolfSSL_CTX_set_srp_username
-#define SSL_get_SSL_CTX                 wolfSSL_get_SSL_CTX
-
-#define ERR_NUM_ERRORS                  16
-#define EVP_PKEY_RSA                    6 
-#define EVP_PKEY_RSA2                   19
-#define SN_pkcs9_emailAddress           "Email"
-#define LN_pkcs9_emailAddress           "emailAddress"
-#define NID_pkcs9_emailAddress          48
-#define OBJ_pkcs9_emailAddress          1L,2L,840L,113539L,1L,9L,1L
-
-#define SSL_get_rbio                    wolfSSL_SSL_get_rbio
-#define SSL_get_wbio                    wolfSSL_SSL_get_wbio
-#define SSL_do_handshake                wolfSSL_SSL_do_handshake
-#endif  /* OPENSSL_EXTRA */
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* wolfSSL_openssl_h__ */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/ssl.h b/components/ssl/wolfssl/wolfssl/wolfssl/ssl.h
deleted file mode 100644
index fffefc82..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/ssl.h
+++ /dev/null
@@ -1,3065 +0,0 @@
-/* ssl.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-/*!
-    \file ../wolfssl/ssl.h
-    \brief Header file containing key wolfSSL API
-*/
-
-/* wolfSSL API */
-
-#ifndef WOLFSSL_SSL_H
-#define WOLFSSL_SSL_H
-
-
-/* for users not using preprocessor flags*/
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/version.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/asn_public.h>
-
-#ifdef HAVE_WOLF_EVENT
-    #include <wolfssl/wolfcrypt/wolfevent.h>
-#endif
-
-#ifndef NO_FILESYSTEM
-    #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
-        #if MQX_USE_IO_OLD
-            #include <fio.h>
-        #else
-            #include <nio.h>
-        #endif
-    #endif
-#endif
-
-#ifdef WOLFSSL_PREFIX
-    #include "prefix_ssl.h"
-#endif
-
-#ifdef LIBWOLFSSL_VERSION_STRING
-    #define WOLFSSL_VERSION LIBWOLFSSL_VERSION_STRING
-#endif
-
-#ifdef _WIN32
-    /* wincrypt.h clashes */
-    #undef OCSP_REQUEST
-    #undef OCSP_RESPONSE
-#endif
-
-#ifdef OPENSSL_COEXIST
-    /* mode to allow wolfSSL and OpenSSL to exist together */
-    #ifdef TEST_OPENSSL_COEXIST
-        /*
-        ./configure --enable-opensslcoexist \
-            CFLAGS="-I/usr/local/opt/openssl/include -DTEST_OPENSSL_COEXIST" \
-            LDFLAGS="-L/usr/local/opt/openssl/lib -lcrypto"
-        */
-        #include <openssl/ssl.h>
-        #include <openssl/rand.h>
-        #include <openssl/err.h>
-        #include <openssl/ec.h>
-        #include <openssl/hmac.h>
-        #include <openssl/bn.h>
-    #endif
-
-    /* make sure old names are disabled */
-    #ifndef NO_OLD_SSL_NAMES
-        #define NO_OLD_SSL_NAMES
-    #endif
-    #ifndef NO_OLD_WC_NAMES
-        #define NO_OLD_WC_NAMES
-    #endif
-
-#elif (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
-    #include <wolfssl/openssl/bn.h>
-    #include <wolfssl/openssl/hmac.h>
-
-    /* We need the old SSL names */
-    #ifdef NO_OLD_SSL_NAMES
-        #undef NO_OLD_SSL_NAMES
-    #endif
-    #ifdef NO_OLD_WC_NAMES
-        #undef NO_OLD_WC_NAMES
-    #endif
-#endif
-
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-#ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED
-#define WOLFSSL_WOLFSSL_TYPE_DEFINED
-typedef struct WOLFSSL          WOLFSSL;
-#endif
-typedef struct WOLFSSL_SESSION  WOLFSSL_SESSION;
-typedef struct WOLFSSL_METHOD   WOLFSSL_METHOD;
-#ifndef WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
-#define WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED
-typedef struct WOLFSSL_CTX      WOLFSSL_CTX;
-#endif
-
-typedef struct WOLFSSL_STACK      WOLFSSL_STACK;
-typedef struct WOLFSSL_X509       WOLFSSL_X509;
-typedef struct WOLFSSL_X509_NAME  WOLFSSL_X509_NAME;
-typedef struct WOLFSSL_X509_NAME_ENTRY  WOLFSSL_X509_NAME_ENTRY;
-typedef struct WOLFSSL_X509_CHAIN WOLFSSL_X509_CHAIN;
-typedef struct WC_PKCS12          WOLFSSL_X509_PKCS12;
-
-typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER;
-typedef struct WOLFSSL_SOCKADDR     WOLFSSL_SOCKADDR;
-typedef struct WOLFSSL_CRL          WOLFSSL_CRL;
-
-typedef void  *WOLFSSL_X509_STORE_CTX_verify_cb; /* verify callback */
-
-/* redeclare guard */
-#define WOLFSSL_TYPES_DEFINED
-
-#include <wolfssl/wolfio.h>
-
-
-#ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
-typedef struct WOLFSSL_RSA            WOLFSSL_RSA;
-#define WOLFSSL_RSA_TYPE_DEFINED
-#endif
-
-#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */
-    typedef struct WC_RNG WC_RNG;
-    #define WC_RNG_TYPE_DEFINED
-#endif
-
-#ifndef WOLFSSL_DSA_TYPE_DEFINED /* guard on redeclaration */
-typedef struct WOLFSSL_DSA            WOLFSSL_DSA;
-#define WOLFSSL_DSA_TYPE_DEFINED
-#endif
-
-#ifndef WOLFSSL_EC_TYPE_DEFINED /* guard on redeclaration */
-typedef struct WOLFSSL_EC_KEY         WOLFSSL_EC_KEY;
-typedef struct WOLFSSL_EC_POINT       WOLFSSL_EC_POINT;
-typedef struct WOLFSSL_EC_GROUP       WOLFSSL_EC_GROUP;
-#define WOLFSSL_EC_TYPE_DEFINED
-#endif
-
-#ifndef WOLFSSL_ECDSA_TYPE_DEFINED /* guard on redeclaration */
-typedef struct WOLFSSL_ECDSA_SIG      WOLFSSL_ECDSA_SIG;
-#define WOLFSSL_ECDSA_TYPE_DEFINED
-#endif
-
-typedef struct WOLFSSL_CIPHER         WOLFSSL_CIPHER;
-typedef struct WOLFSSL_X509_LOOKUP    WOLFSSL_X509_LOOKUP;
-typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD;
-typedef struct WOLFSSL_CRL            WOLFSSL_X509_CRL;
-typedef struct WOLFSSL_X509_STORE     WOLFSSL_X509_STORE;
-typedef struct WOLFSSL_X509_VERIFY_PARAM  WOLFSSL_X509_VERIFY_PARAM;
-typedef struct WOLFSSL_BIO            WOLFSSL_BIO;
-typedef struct WOLFSSL_BIO_METHOD     WOLFSSL_BIO_METHOD;
-typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION;
-typedef struct WOLFSSL_ASN1_TIME      WOLFSSL_ASN1_TIME;
-typedef struct WOLFSSL_ASN1_INTEGER   WOLFSSL_ASN1_INTEGER;
-typedef struct WOLFSSL_ASN1_OBJECT    WOLFSSL_ASN1_OBJECT;
-
-typedef struct WOLFSSL_ASN1_STRING      WOLFSSL_ASN1_STRING;
-typedef struct WOLFSSL_dynlock_value    WOLFSSL_dynlock_value;
-typedef struct WOLFSSL_DH               WOLFSSL_DH;
-typedef struct WOLFSSL_ASN1_BIT_STRING  WOLFSSL_ASN1_BIT_STRING;
-
-#define WOLFSSL_ASN1_UTCTIME          WOLFSSL_ASN1_TIME
-#define WOLFSSL_ASN1_GENERALIZEDTIME  WOLFSSL_ASN1_TIME
-
-#define WOLFSSL_ASN1_INTEGER_MAX 20
-struct WOLFSSL_ASN1_INTEGER {
-    /* size can be increased set at 20 for tag, length then to hold at least 16
-     * byte type */
-    unsigned char  intData[WOLFSSL_ASN1_INTEGER_MAX];
-    /* ASN_INTEGER | LENGTH | hex of number */
-    unsigned char  negative;   /* negative number flag */
-
-    unsigned char* data;
-    unsigned int   dataMax;   /* max size of data buffer */
-    unsigned int   isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */
-};
-
-struct WOLFSSL_ASN1_TIME {
-    /* MAX_DATA_SIZE is 32 */
-    unsigned char data[32 + 2];
-    /* ASN_TIME | LENGTH | date bytes */
-};
-
-struct WOLFSSL_ASN1_STRING {
-    int length;
-    int type; /* type of string i.e. CTC_UTF8 */
-    char* data;
-    long flags;
-};
-
-#define WOLFSSL_MAX_SNAME 40
-struct WOLFSSL_ASN1_OBJECT {
-    void*  heap;
-    const unsigned char* obj;
-    /* sName is short name i.e sha256 rather than oid (null terminated) */
-    char   sName[WOLFSSL_MAX_SNAME];
-    int    type; /* oid */
-    int    grp;  /* type of OID, i.e. oidCertPolicyType */
-    int    nid;
-    unsigned int  objSz;
-    unsigned char dynamic; /* if 1 then obj was dynamiclly created, 0 otherwise */
-    #define WOLFSSL_ASN1_DYNAMIC 0x1
-    #define WOLFSSL_ASN1_DYNAMIC_DATA 0x2
-    struct d { /* derefrenced */
-        WOLFSSL_ASN1_STRING  ia5_internal;
-        WOLFSSL_ASN1_STRING* ia5; /* points to ia5_internal */
-        WOLFSSL_ASN1_STRING* dNSName;
-        WOLFSSL_ASN1_STRING* iPAddress;
-    } d;
-};
-
-struct WOLFSSL_EVP_PKEY {
-    void* heap;
-    int type;         /* openssh dereference */
-    int save_type;    /* openssh dereference */
-    int pkey_sz;
-    union {
-        char* ptr; /* der format of key / or raw for NTRU */
-    } pkey;
-    #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
-    #ifndef NO_RSA
-        WOLFSSL_RSA* rsa;
-        byte      ownRsa; /* if struct owns RSA and should free it */
-    #endif
-    #ifdef HAVE_ECC
-        WOLFSSL_EC_KEY* ecc;
-        byte      ownEcc; /* if struct owns ECC and should free it */
-    #endif
-    WC_RNG rng;
-    #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
-    #ifdef HAVE_ECC
-        int pkey_curve;
-    #endif
-};
-typedef struct WOLFSSL_EVP_PKEY WOLFSSL_PKCS8_PRIV_KEY_INFO;
-
-#ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */
-typedef struct WOLFSSL_EVP_PKEY     WOLFSSL_EVP_PKEY;
-typedef char   WOLFSSL_EVP_MD;
-#define WOLFSSL_EVP_TYPE_DEFINED
-#endif
-
-#define WOLFSSL_EVP_PKEY_DEFAULT EVP_PKEY_RSA /* default key type */
-
-
-enum BIO_TYPE {
-    WOLFSSL_BIO_BUFFER = 1,
-    WOLFSSL_BIO_SOCKET = 2,
-    WOLFSSL_BIO_SSL    = 3,
-    WOLFSSL_BIO_MEMORY = 4,
-    WOLFSSL_BIO_BIO    = 5,
-    WOLFSSL_BIO_FILE   = 6,
-    WOLFSSL_BIO_BASE64 = 7
-};
-
-enum BIO_FLAGS {
-    WOLFSSL_BIO_FLAG_BASE64_NO_NL = 0x01,
-    WOLFSSL_BIO_FLAG_READ         = 0x02,
-    WOLFSSL_BIO_FLAG_WRITE        = 0x04,
-    WOLFSSL_BIO_FLAG_IO_SPECIAL   = 0x08,
-    WOLFSSL_BIO_FLAG_RETRY        = 0x10
-};
-
-typedef struct WOLFSSL_BUF_MEM {
-    char*  data;   /* dereferenced */
-    size_t length; /* current length */
-    size_t max;    /* maximum length */
-} WOLFSSL_BUF_MEM;
-
-typedef struct WOLFSSL_COMP_METHOD {
-    int type;            /* stunnel dereference */
-} WOLFSSL_COMP_METHOD;
-
-struct WOLFSSL_X509_LOOKUP_METHOD {
-    int type;
-};
-
-struct WOLFSSL_X509_LOOKUP {
-    WOLFSSL_X509_STORE *store;
-};
-
-struct WOLFSSL_X509_STORE {
-    int                   cache;          /* stunnel dereference */
-    WOLFSSL_CERT_MANAGER* cm;
-    WOLFSSL_X509_LOOKUP   lookup;
-#ifdef OPENSSL_EXTRA
-    int                   isDynamic;
-#endif
-#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
-    WOLFSSL_X509_CRL *crl;
-#endif
-};
-
-#ifdef OPENSSL_EXTRA
-#define WOLFSSL_USE_CHECK_TIME 0x2
-#define WOLFSSL_NO_CHECK_TIME  0x200000
-#define WOLFSSL_NO_WILDCARDS   0x4
-struct WOLFSSL_X509_VERIFY_PARAM {
-    time_t  check_time;
-    unsigned long flags;
-};
-#endif
-
-typedef struct WOLFSSL_ALERT {
-    int code;
-    int level;
-} WOLFSSL_ALERT;
-
-typedef struct WOLFSSL_ALERT_HISTORY {
-    WOLFSSL_ALERT last_rx;
-    WOLFSSL_ALERT last_tx;
-} WOLFSSL_ALERT_HISTORY;
-
-typedef struct WOLFSSL_X509_REVOKED {
-    WOLFSSL_ASN1_INTEGER* serialNumber;          /* stunnel dereference */
-} WOLFSSL_X509_REVOKED;
-
-
-typedef struct WOLFSSL_X509_OBJECT {
-    union {
-        char* ptr;
-        WOLFSSL_X509 *x509;
-        WOLFSSL_X509_CRL* crl;           /* stunnel dereference */
-    } data;
-} WOLFSSL_X509_OBJECT;
-
-typedef struct WOLFSSL_BUFFER_INFO {
-    unsigned char* buffer;
-    unsigned int length;
-} WOLFSSL_BUFFER_INFO;
-
-typedef struct WOLFSSL_X509_STORE_CTX {
-    WOLFSSL_X509_STORE* store;    /* Store full of a CA cert chain */
-    WOLFSSL_X509* current_cert;   /* current X509 (OPENSSL_EXTRA) */
-#ifdef WOLFSSL_ASIO
-    WOLFSSL_X509* current_issuer; /* asio dereference */
-#endif
-    WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */
-    WOLFSSL_STACK* chain;
-#ifdef OPENSSL_EXTRA
-    WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
-#endif
-    char* domain;                /* subject CN domain name */
-    void* ex_data;               /* external data, for fortress build */
-    void* userCtx;               /* user ctx */
-    int   error;                 /* current error */
-    int   error_depth;           /* index of cert depth for this error */
-    int   discardSessionCerts;   /* so verify callback can flag for discard */
-    int   totalCerts;            /* number of peer cert buffers */
-    WOLFSSL_BUFFER_INFO* certs;  /* peer certs */
-    WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */
-} WOLFSSL_X509_STORE_CTX;
-
-typedef char* WOLFSSL_STRING;
-
-/* Valid Alert types from page 16/17
- * Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c
- */
-enum AlertDescription {
-    close_notify                    =   0,
-    unexpected_message              =  10,
-    bad_record_mac                  =  20,
-    record_overflow                 =  22,
-    decompression_failure           =  30,
-    handshake_failure               =  40,
-    no_certificate                  =  41,
-    bad_certificate                 =  42,
-    unsupported_certificate         =  43,
-    certificate_revoked             =  44,
-    certificate_expired             =  45,
-    certificate_unknown             =  46,
-    illegal_parameter               =  47,
-    decode_error                    =  50,
-    decrypt_error                   =  51,
-    #ifdef WOLFSSL_MYSQL_COMPATIBLE
-    /* catch name conflict for enum protocol with MYSQL build */
-    wc_protocol_version             =  70,
-    #else
-    protocol_version                =  70,
-    #endif
-    no_renegotiation                = 100,
-    unsupported_extension           = 110, /**< RFC 5246, section 7.2.2 */
-    unrecognized_name               = 112, /**< RFC 6066, section 3 */
-    bad_certificate_status_response = 113, /**< RFC 6066, section 8 */
-    unknown_psk_identity            = 115, /**< RFC 4279, section 2 */
-    no_application_protocol         = 120
-};
-
-
-enum AlertLevel {
-    alert_warning = 1,
-    alert_fatal   = 2
-};
-
-/* Maximum master key length (SECRET_LEN) */
-#define WOLFSSL_MAX_MASTER_KEY_LENGTH 48
-/* Maximum number of groups that can be set */
-#define WOLFSSL_MAX_GROUP_COUNT       10
-
-typedef WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap);
-
-/* CTX Method EX Constructor Functions */
-WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method_ex(void* heap);
-WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method_ex(void* heap);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method_ex(void* heap);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method_ex(void* heap);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method_ex(void* heap);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method_ex(void* heap);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method_ex(void* heap);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method_ex(void* heap);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method_ex(void* heap);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method_ex(void* heap);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method_ex(void* heap);
-#ifdef WOLFSSL_TLS13
-    WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_method_ex(void* heap);
-    WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method_ex(void* heap);
-    WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method_ex(void* heap);
-#endif
-
-WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method_ex(void* heap);
-WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method_ex(void* heap);
-WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_client_method_ex(void* heap);
-
-#ifdef WOLFSSL_DTLS
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method_ex(void* heap);
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method_ex(void* heap);
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method_ex(void* heap);
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method_ex(void* heap);
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method_ex(void* heap);
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method_ex(void* heap);
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method_ex(void* heap);
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method_ex(void* heap);
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method_ex(void* heap);
-#endif
-
-/* CTX Method Constructor Functions */
-WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_server_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void);
-WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void);
-#ifdef WOLFSSL_TLS13
-    WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_server_method(void);
-    WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_3_client_method(void);
-#endif
-
-#ifdef WOLFSSL_DTLS
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_method(void);
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_server_method(void);
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLS_client_method(void);
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_method(void);
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_client_method(void);
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_server_method(void);
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_method(void);
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_client_method(void);
-    WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void);
-#endif
-
-#ifdef HAVE_POLY1305
-    WOLFSSL_API int wolfSSL_use_old_poly(WOLFSSL*, int);
-#endif
-
-#ifdef WOLFSSL_SESSION_EXPORT
-#ifdef WOLFSSL_DTLS
-
-#ifndef WOLFSSL_DTLS_EXPORT_TYPES
-typedef int (*wc_dtls_export)(WOLFSSL* ssl,
-                   unsigned char* exportBuffer, unsigned int sz, void* userCtx);
-#define WOLFSSL_DTLS_EXPORT_TYPES
-#endif /* WOLFSSL_DTLS_EXPORT_TYPES */
-
-WOLFSSL_API int wolfSSL_dtls_import(WOLFSSL* ssl, unsigned char* buf,
-                                                               unsigned int sz);
-WOLFSSL_API int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx,
-                                                           wc_dtls_export func);
-WOLFSSL_API int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func);
-WOLFSSL_API int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf,
-                                                              unsigned int* sz);
-#endif /* WOLFSSL_DTLS */
-#endif /* WOLFSSL_SESSION_EXPORT */
-
-#ifdef WOLFSSL_STATIC_MEMORY
-#ifndef WOLFSSL_MEM_GUARD
-#define WOLFSSL_MEM_GUARD
-    typedef struct WOLFSSL_MEM_STATS      WOLFSSL_MEM_STATS;
-    typedef struct WOLFSSL_MEM_CONN_STATS WOLFSSL_MEM_CONN_STATS;
-#endif
-WOLFSSL_API int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx,
-                                            wolfSSL_method_func method,
-                                            unsigned char* buf, unsigned int sz,
-                                            int flag, int max);
-WOLFSSL_API int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx,
-                                                 WOLFSSL_MEM_STATS* mem_stats);
-WOLFSSL_API int wolfSSL_is_static_memory(WOLFSSL* ssl,
-                                            WOLFSSL_MEM_CONN_STATS* mem_stats);
-#endif
-
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
-
-WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int);
-WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int);
-
-#define WOLFSSL_LOAD_FLAG_NONE          0x00000000
-#define WOLFSSL_LOAD_FLAG_IGNORE_ERR    0x00000001
-#define WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY 0x00000002
-#define WOLFSSL_LOAD_FLAG_PEM_CA_ONLY   0x00000004
-WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*,
-                                                const char*, unsigned int);
-WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*,
-                                                const char*);
-#ifdef WOLFSSL_TRUST_PEER_CERT
-WOLFSSL_API int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX*, const char*, int);
-#endif
-WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *,
-                                                     const char *file);
-WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX *,
-                                                  const char *file, int format);
-WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int);
-
-WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl);
-WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx);
-WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
-WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, int);
-WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*, int);
-WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL*, const char *file);
-WOLFSSL_API int wolfSSL_use_certificate_chain_file_format(WOLFSSL*,
-                                                  const char *file, int format);
-WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int);
-
-#ifdef WOLFSSL_DER_LOAD
-    WOLFSSL_API int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX*,
-                                                    const char*, int);
-#endif
-
-#ifdef HAVE_NTRU
-    WOLFSSL_API int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX*, const char*);
-    /* load NTRU private key blob */
-#endif
-
-#endif /* !NO_FILESYSTEM && !NO_CERTS */
-
-WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*);
-WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
-WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_is_server(WOLFSSL*);
-WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*);
-WOLFSSL_API int  wolfSSL_set_fd (WOLFSSL*, int);
-WOLFSSL_API int  wolfSSL_set_write_fd (WOLFSSL*, int);
-WOLFSSL_API int  wolfSSL_set_read_fd (WOLFSSL*, int);
-WOLFSSL_API char* wolfSSL_get_cipher_list(int priority);
-WOLFSSL_API char* wolfSSL_get_cipher_list_ex(WOLFSSL* ssl, int priority);
-WOLFSSL_API int  wolfSSL_get_ciphers(char*, int);
-WOLFSSL_API const char* wolfSSL_get_cipher_name(WOLFSSL* ssl);
-WOLFSSL_API const char* wolfSSL_get_cipher_name_from_suite(const unsigned char,
-    const unsigned char);
-WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf,
-    int len);
-WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_get_fd(const WOLFSSL*);
-/* please see note at top of README if you get an error from connect */
-WOLFSSL_API int  wolfSSL_connect(WOLFSSL*);
-WOLFSSL_API int  wolfSSL_write(WOLFSSL*, const void*, int);
-WOLFSSL_API int  wolfSSL_read(WOLFSSL*, void*, int);
-WOLFSSL_API int  wolfSSL_peek(WOLFSSL*, void*, int);
-WOLFSSL_API int  wolfSSL_accept(WOLFSSL*);
-#ifdef WOLFSSL_TLS13
-WOLFSSL_API int  wolfSSL_send_hrr_cookie(WOLFSSL* ssl,
-    const unsigned char* secret, unsigned int secretSz);
-WOLFSSL_API int  wolfSSL_CTX_no_ticket_TLSv13(WOLFSSL_CTX* ctx);
-WOLFSSL_API int  wolfSSL_no_ticket_TLSv13(WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_CTX_no_dhe_psk(WOLFSSL_CTX* ctx);
-WOLFSSL_API int  wolfSSL_no_dhe_psk(WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_update_keys(WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_CTX_allow_post_handshake_auth(WOLFSSL_CTX* ctx);
-WOLFSSL_API int  wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_request_certificate(WOLFSSL* ssl);
-
-WOLFSSL_API int  wolfSSL_preferred_group(WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups,
-                                        int count);
-WOLFSSL_API int  wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count);
-
-WOLFSSL_API int  wolfSSL_connect_TLSv13(WOLFSSL*);
-WOLFSSL_API int  wolfSSL_accept_TLSv13(WOLFSSL*);
-
-#ifdef WOLFSSL_EARLY_DATA
-WOLFSSL_API int  wolfSSL_CTX_set_max_early_data(WOLFSSL_CTX* ctx,
-                                                unsigned int sz);
-WOLFSSL_API int  wolfSSL_set_max_early_data(WOLFSSL* ssl, unsigned int sz);
-WOLFSSL_API int  wolfSSL_write_early_data(WOLFSSL*, const void*, int, int*);
-WOLFSSL_API int  wolfSSL_read_early_data(WOLFSSL*, void*, int, int*);
-#endif
-#endif
-WOLFSSL_API void wolfSSL_CTX_free(WOLFSSL_CTX*);
-WOLFSSL_API void wolfSSL_free(WOLFSSL*);
-WOLFSSL_API int  wolfSSL_shutdown(WOLFSSL*);
-WOLFSSL_API int  wolfSSL_send(WOLFSSL*, const void*, int sz, int flags);
-WOLFSSL_API int  wolfSSL_recv(WOLFSSL*, void*, int sz, int flags);
-
-WOLFSSL_API void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX*, int);
-WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int);
-
-WOLFSSL_API int  wolfSSL_get_error(WOLFSSL*, int);
-WOLFSSL_API int  wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *);
-
-WOLFSSL_API int  wolfSSL_set_session(WOLFSSL*, WOLFSSL_SESSION*);
-WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION*, long);
-WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL*);
-WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long);
-WOLFSSL_API int  wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int);
-
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
-WOLFSSL_API int  wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO**, size_t,
-                     WOLFSSL_BIO**, size_t);
-
-WOLFSSL_API WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_RSA**);
-WOLFSSL_API int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX*,
-                                           int, const unsigned char*);
-WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX*, WOLFSSL_RSA*);
-WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_EVP_PKEY**);
-#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
-
-#ifdef SESSION_INDEX
-WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl);
-WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session);
-#endif /* SESSION_INDEX */
-
-#if defined(SESSION_INDEX) && defined(SESSION_CERTS)
-WOLFSSL_API
-    WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session);
-#endif /* SESSION_INDEX && SESSION_CERTS */
-
-typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);
-#ifdef OPENSSL_EXTRA
-typedef void (CallbackInfoState)(const WOLFSSL*, int, int);
-
-typedef struct WOLFSSL_CRYPTO_EX_DATA {
-    WOLFSSL_STACK* data;
-} WOLFSSL_CRYPTO_EX_DATA;
-
-typedef int  (WOLFSSL_CRYPTO_EX_new)(void* p, void* ptr,
-        WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg);
-typedef int  (WOLFSSL_CRYPTO_EX_dup)(WOLFSSL_CRYPTO_EX_DATA* out,
-        WOLFSSL_CRYPTO_EX_DATA* in, void* inPtr, int idx, long argV, void* arg);
-typedef void (WOLFSSL_CRYPTO_EX_free)(void* p, void* ptr,
-        WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg);
-
-WOLFSSL_API int  wolfSSL_get_ex_new_index(long argValue, void* arg,
-        WOLFSSL_CRYPTO_EX_new* a, WOLFSSL_CRYPTO_EX_dup* b,
-        WOLFSSL_CRYPTO_EX_free* c);
-#endif
-
-WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX*, int,
-                                      VerifyCallback verify_callback);
-WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback);
-WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*);
-
-WOLFSSL_API int  wolfSSL_pending(WOLFSSL*);
-
-WOLFSSL_API void wolfSSL_load_error_strings(void);
-WOLFSSL_API int  wolfSSL_library_init(void);
-WOLFSSL_API long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX*, long);
-
-#ifdef HAVE_SECRET_CALLBACK
-typedef int (*SessionSecretCb)(WOLFSSL* ssl,
-                                        void* secret, int* secretSz, void* ctx);
-WOLFSSL_API int  wolfSSL_set_session_secret_cb(WOLFSSL*, SessionSecretCb, void*);
-#endif /* HAVE_SECRET_CALLBACK */
-
-/* session cache persistence */
-WOLFSSL_API int  wolfSSL_save_session_cache(const char*);
-WOLFSSL_API int  wolfSSL_restore_session_cache(const char*);
-WOLFSSL_API int  wolfSSL_memsave_session_cache(void*, int);
-WOLFSSL_API int  wolfSSL_memrestore_session_cache(const void*, int);
-WOLFSSL_API int  wolfSSL_get_session_cache_memsize(void);
-
-/* certificate cache persistence, uses ctx since certs are per ctx */
-WOLFSSL_API int  wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX*, const char*);
-WOLFSSL_API int  wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX*, const char*);
-WOLFSSL_API int  wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX*, void*, int, int*);
-WOLFSSL_API int  wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX*, const void*, int);
-WOLFSSL_API int  wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX*);
-
-/* only supports full name from cipher_name[] delimited by : */
-WOLFSSL_API int  wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX*, const char*);
-WOLFSSL_API int  wolfSSL_set_cipher_list(WOLFSSL*, const char*);
-
-/* Nonblocking DTLS helper functions */
-WOLFSSL_API void wolfSSL_dtls_set_using_nonblock(WOLFSSL*, int);
-WOLFSSL_API int  wolfSSL_dtls_get_using_nonblock(WOLFSSL*);
-#define wolfSSL_set_using_nonblock wolfSSL_dtls_set_using_nonblock
-#define wolfSSL_get_using_nonblock wolfSSL_dtls_get_using_nonblock
-    /* The old names are deprecated. */
-WOLFSSL_API int  wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int);
-WOLFSSL_API int  wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int);
-WOLFSSL_API int  wolfSSL_dtls_got_timeout(WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_dtls(WOLFSSL* ssl);
-
-WOLFSSL_API int  wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int);
-WOLFSSL_API int  wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*);
-
-WOLFSSL_API int  wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX*);
-WOLFSSL_API int  wolfSSL_dtls_set_sctp(WOLFSSL*);
-WOLFSSL_API int  wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX*, unsigned short);
-WOLFSSL_API int  wolfSSL_dtls_set_mtu(WOLFSSL*, unsigned short);
-
-WOLFSSL_API int  wolfSSL_dtls_get_drop_stats(WOLFSSL*,
-                                             unsigned int*, unsigned int*);
-WOLFSSL_API int  wolfSSL_CTX_mcast_set_member_id(WOLFSSL_CTX*, unsigned short);
-WOLFSSL_API int  wolfSSL_set_secret(WOLFSSL*, unsigned short,
-                     const unsigned char*, unsigned int,
-                     const unsigned char*, const unsigned char*,
-                     const unsigned char*);
-WOLFSSL_API int  wolfSSL_mcast_read(WOLFSSL*, unsigned short*, void*, int);
-WOLFSSL_API int  wolfSSL_mcast_peer_add(WOLFSSL*, unsigned short, int);
-WOLFSSL_API int  wolfSSL_mcast_peer_known(WOLFSSL*, unsigned short);
-WOLFSSL_API int  wolfSSL_mcast_get_max_peers(void);
-typedef int (*CallbackMcastHighwater)(unsigned short peerId,
-                                      unsigned int maxSeq,
-                                      unsigned int curSeq, void* ctx);
-WOLFSSL_API int  wolfSSL_CTX_mcast_set_highwater_cb(WOLFSSL_CTX*,
-                                                    unsigned int,
-                                                    unsigned int,
-                                                    unsigned int,
-                                                    CallbackMcastHighwater);
-WOLFSSL_API int  wolfSSL_mcast_set_highwater_ctx(WOLFSSL*, void*);
-
-WOLFSSL_API int   wolfSSL_ERR_GET_REASON(unsigned long err);
-WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*);
-WOLFSSL_API void  wolfSSL_ERR_error_string_n(unsigned long e, char* buf,
-                                           unsigned long sz);
-WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long);
-
-/* extras */
-
-#ifndef WOLF_STACK_OF
-    #define WOLF_STACK_OF(x) WOLFSSL_STACK
-#endif
-#ifndef DECLARE_STACK_OF
-    #define DECLARE_STACK_OF(x) WOLF_STACK_OF(x);
-#endif
-
-WOLFSSL_API int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
-                                                            WOLFSSL_X509* x509);
-WOLFSSL_API WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk);
-WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk);
-WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_GENERAL_NAME_value(
-        WOLFSSL_STACK* sk, int i);
-WOLFSSL_API int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk);
-WOLFSSL_API void wolfSSL_sk_GENERAL_NAME_pop_free(WOLFSSL_STACK* sk,
-        void f (WOLFSSL_ASN1_OBJECT*));
-WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void);
-WOLFSSL_API void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj);
-WOLFSSL_API int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk,
-                                                      WOLFSSL_ASN1_OBJECT* obj);
-WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJCET_pop(
-                                            WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk);
-WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk);
-WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in);
-
-WOLFSSL_API int  wolfSSL_set_ex_data(WOLFSSL*, int, void*);
-WOLFSSL_API int  wolfSSL_get_shutdown(const WOLFSSL*);
-WOLFSSL_API int  wolfSSL_set_rfd(WOLFSSL*, int);
-WOLFSSL_API int  wolfSSL_set_wfd(WOLFSSL*, int);
-WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL*, int);
-WOLFSSL_API int  wolfSSL_set_session_id_context(WOLFSSL*, const unsigned char*,
-                                           unsigned int);
-WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL*);
-WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL*);
-WOLFSSL_API int  wolfSSL_session_reused(WOLFSSL*);
-WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session);
-WOLFSSL_API int  wolfSSL_is_init_finished(WOLFSSL*);
-
-WOLFSSL_API const char*  wolfSSL_get_version(WOLFSSL*);
-WOLFSSL_API int  wolfSSL_get_current_cipher_suite(WOLFSSL* ssl);
-WOLFSSL_API WOLFSSL_CIPHER*  wolfSSL_get_current_cipher(WOLFSSL*);
-WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER*, char*, int);
-WOLFSSL_API const char*  wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher);
-WOLFSSL_API const char*  wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session);
-WOLFSSL_API const char*  wolfSSL_get_cipher(WOLFSSL*);
-WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
-                           /* what's ref count */
-
-WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void);
-
-WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port,
-                                     char** path, int* ssl);
-
-WOLFSSL_API WOLFSSL_METHOD* wolfSSLv23_client_method(void);
-WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_client_method(void);
-WOLFSSL_API WOLFSSL_METHOD* wolfSSLv2_server_method(void);
-
-WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new(WOLFSSL_BIO_METHOD*);
-WOLFSSL_API int  wolfSSL_BIO_free(WOLFSSL_BIO*);
-WOLFSSL_API int  wolfSSL_BIO_free_all(WOLFSSL_BIO*);
-WOLFSSL_API int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz);
-WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_next(WOLFSSL_BIO* bio);
-WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_find_type(WOLFSSL_BIO* bio, int type);
-WOLFSSL_API int  wolfSSL_BIO_read(WOLFSSL_BIO*, void*, int);
-WOLFSSL_API int  wolfSSL_BIO_write(WOLFSSL_BIO*, const void*, int);
-WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO*, WOLFSSL_BIO* append);
-WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO*);
-WOLFSSL_API int  wolfSSL_BIO_flush(WOLFSSL_BIO*);
-WOLFSSL_API int  wolfSSL_BIO_pending(WOLFSSL_BIO*);
-
-WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void);
-WOLFSSL_API long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO*, long size);
-WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void);
-WOLFSSL_API WOLFSSL_BIO*        wolfSSL_BIO_new_socket(int sfd, int flag);
-WOLFSSL_API int         wolfSSL_BIO_eof(WOLFSSL_BIO*);
-
-WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void);
-WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void);
-WOLFSSL_API void wolfSSL_BIO_set_flags(WOLFSSL_BIO*, int);
-
-WOLFSSL_API int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio,void* p);
-WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len);
-
-
-WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag);
-WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag);
-WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr);
-
-#ifndef NO_FILESYSTEM
-WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void);
-#endif
-
-WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void);
-WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void);
-
-WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg);
-WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg);
-
-WOLFSSL_API int  wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size);
-WOLFSSL_API int  wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2);
-WOLFSSL_API int  wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b);
-WOLFSSL_API int  wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf);
-WOLFSSL_API int  wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num);
-WOLFSSL_API int  wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num);
-WOLFSSL_API int  wolfSSL_BIO_reset(WOLFSSL_BIO *bio);
-
-WOLFSSL_API int  wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs);
-WOLFSSL_API int  wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name);
-WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v);
-WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m);
-
-WOLFSSL_API void        wolfSSL_RAND_screen(void);
-WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long);
-WOLFSSL_API int         wolfSSL_RAND_write_file(const char*);
-WOLFSSL_API int         wolfSSL_RAND_load_file(const char*, long);
-WOLFSSL_API int         wolfSSL_RAND_egd(const char*);
-WOLFSSL_API int         wolfSSL_RAND_seed(const void*, int);
-WOLFSSL_API void        wolfSSL_RAND_Cleanup(void);
-WOLFSSL_API void        wolfSSL_RAND_add(const void*, int, double);
-WOLFSSL_API int         wolfSSL_RAND_poll(void);
-
-WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void);
-WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void);
-WOLFSSL_API int wolfSSL_COMP_add_compression_method(int, void*);
-
-WOLFSSL_API unsigned long wolfSSL_thread_id(void);
-WOLFSSL_API void wolfSSL_set_id_callback(unsigned long (*f)(void));
-WOLFSSL_API void wolfSSL_set_locking_callback(void (*f)(int, int, const char*,
-                                                      int));
-WOLFSSL_API void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)
-                                                   (const char*, int));
-WOLFSSL_API void wolfSSL_set_dynlock_lock_callback(void (*f)(int,
-                                      WOLFSSL_dynlock_value*, const char*, int));
-WOLFSSL_API void wolfSSL_set_dynlock_destroy_callback(void (*f)
-                                     (WOLFSSL_dynlock_value*, const char*, int));
-WOLFSSL_API int  wolfSSL_num_locks(void);
-
-WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
-                                                        WOLFSSL_X509_STORE_CTX*);
-WOLFSSL_API int   wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX*);
-WOLFSSL_API int   wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX*);
-
-WOLFSSL_API void  wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx,
-                                  WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
-WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n,
-                                                           unsigned char** out);
-WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
-WOLFSSL_API char*       wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, char*, int);
-WOLFSSL_API WOLFSSL_X509_NAME*  wolfSSL_X509_get_issuer_name(WOLFSSL_X509*);
-WOLFSSL_API WOLFSSL_X509_NAME*  wolfSSL_X509_get_subject_name(WOLFSSL_X509*);
-WOLFSSL_API int  wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int);
-WOLFSSL_API int  wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int);
-WOLFSSL_API int  wolfSSL_X509_get_isCA(WOLFSSL_X509*);
-WOLFSSL_API int  wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509*);
-WOLFSSL_API unsigned int wolfSSL_X509_get_pathLength(WOLFSSL_X509*);
-WOLFSSL_API unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509*);
-WOLFSSL_API unsigned char* wolfSSL_X509_get_authorityKeyID(
-                                            WOLFSSL_X509*, unsigned char*, int*);
-WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID(
-                                            WOLFSSL_X509*, unsigned char*, int*);
-
-WOLFSSL_API int wolfSSL_X509_set_subject_name(WOLFSSL_X509*,
-                                              WOLFSSL_X509_NAME*);
-WOLFSSL_API int wolfSSL_X509_set_pubkey(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*);
-
-WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*);
-WOLFSSL_API int wolfSSL_X509_NAME_get_text_by_NID(
-                                            WOLFSSL_X509_NAME*, int, char*, int);
-WOLFSSL_API int wolfSSL_X509_NAME_get_index_by_NID(
-                                           WOLFSSL_X509_NAME*, int, int);
-WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(WOLFSSL_X509_NAME_ENTRY*);
-
-WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void);
-WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type);
-WOLFSSL_API void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1);
-WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1,
-                                                  const void* data, int dataSz);
-WOLFSSL_API unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING*);
-WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING*);
-WOLFSSL_API int         wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX*);
-WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long);
-WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509*);
-WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509*, unsigned char*, int*);
-
-WOLFSSL_API int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP*,const char*,long);
-WOLFSSL_API int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP*, const char*,
-                                            long);
-WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_hash_dir(void);
-WOLFSSL_API WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void);
-
-WOLFSSL_API WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE*,
-                                                    WOLFSSL_X509_LOOKUP_METHOD*);
-WOLFSSL_API WOLFSSL_X509_STORE*  wolfSSL_X509_STORE_new(void);
-WOLFSSL_API void         wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE*);
-WOLFSSL_API int          wolfSSL_X509_STORE_add_cert(
-                                              WOLFSSL_X509_STORE*, WOLFSSL_X509*);
-WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(
-                                                   WOLFSSL_X509_STORE_CTX* ctx);
-WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store,
-                                                            unsigned long flag);
-WOLFSSL_API int          wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*);
-WOLFSSL_API int          wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX*,
-                                   int, WOLFSSL_X509_NAME*, WOLFSSL_X509_OBJECT*);
-WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void);
-WOLFSSL_API int  wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX*,
-                      WOLFSSL_X509_STORE*, WOLFSSL_X509*, WOLF_STACK_OF(WOLFSSL_X509)*);
-WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX*);
-WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX*);
-
-WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*);
-WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*);
-
-WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*);
-WOLFSSL_API int       wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*);
-WOLFSSL_API void      wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT*);
-WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(
-        WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey);
-WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
-                                         WOLFSSL_EVP_PKEY** out);
-WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key,
-        unsigned char** in, long inSz);
-WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type,
-        WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz);
-WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** key,
-        unsigned char** in, long inSz);
-WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new_ex(void* heap);
-WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(void);
-WOLFSSL_API int       wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*);
-WOLFSSL_API int       wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*);
-#ifdef OPENSSL_EXTRA
-WOLFSSL_API void      wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX*,
-                                                      unsigned long flags,
-                                                      time_t t);
-#endif
-WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL*);
-WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
-                                                      WOLFSSL_X509_REVOKED*,int);
-WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509*);
-WOLFSSL_API void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER*);
-WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void);
-
-WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_TIME*);
-
-WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t,
-                                                            char* buf, int len);
-WOLFSSL_API int  wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER*,
-                                       const WOLFSSL_ASN1_INTEGER*);
-WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER*);
-
-#ifdef OPENSSL_EXTRA
-WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai,
-                                       WOLFSSL_BIGNUM *bn);
-WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME*, time_t,
-                                                     int, long);
-#endif
-
-WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*);
-WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_SSL_CTX_get_client_CA_list(
-        const WOLFSSL_CTX *s);
-WOLFSSL_API void  wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*,
-                                               WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
-WOLFSSL_API void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX*, int);
-WOLFSSL_API int   wolfSSL_get_ex_data_X509_STORE_CTX_idx(void);
-WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error(
-                                           WOLFSSL_X509_STORE_CTX* ctx, int er);
-WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL*, int);
-
-WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*,
-                                                          void* userdata);
-WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*,
-                                                   pem_password_cb*);
-WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx);
-WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx);
-
-WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*,
-                          void (*)(const WOLFSSL* ssl, int type, int val));
-
-WOLFSSL_API unsigned long wolfSSL_ERR_peek_error(void);
-WOLFSSL_API int           wolfSSL_GET_REASON(int);
-
-WOLFSSL_API const char* wolfSSL_alert_type_string_long(int);
-WOLFSSL_API const char* wolfSSL_alert_desc_string_long(int);
-WOLFSSL_API const char* wolfSSL_state_string_long(const WOLFSSL*);
-
-WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long,
-                                               void(*)(int, int, void*), void*);
-WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r,
-                                            const unsigned char **pp, long len);
-WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA**,
-                                            const unsigned char**, long);
-WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp);
-WOLFSSL_API int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *r, unsigned char **pp);
-WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX *,
-                                           WOLFSSL_RSA *(*)(WOLFSSL *, int, int));
-
-WOLFSSL_API int wolfSSL_PEM_def_callback(char*, int num, int w, void* key);
-
-WOLFSSL_API long wolfSSL_CTX_sess_accept(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_connect(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_hits(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_misses(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX*);
-WOLFSSL_API long wolfSSL_CTX_sess_number(WOLFSSL_CTX*);
-
-WOLFSSL_API long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX*, WOLFSSL_X509*);
-WOLFSSL_API long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX*, long);
-WOLFSSL_API long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX*);
-
-WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX*);
-WOLFSSL_API int  wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX*);
-WOLFSSL_API int  wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX*, int v);
-WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX*, void* arg);
-WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(
-        WOLFSSL_CTX*, void* arg);
-WOLFSSL_API int  wolfSSL_CTX_add_client_CA(WOLFSSL_CTX*, WOLFSSL_X509*);
-WOLFSSL_API int  wolfSSL_CTX_set_srp_password(WOLFSSL_CTX*, char*);
-WOLFSSL_API int  wolfSSL_CTX_set_srp_username(WOLFSSL_CTX*, char*);
-
-WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op);
-WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s);
-WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s,  long op);
-WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s);
-WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s);
-WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh);
-WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg);
-WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type);
-WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg);
-WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg);
-WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg);
-WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp);
-WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len);
-
-WOLFSSL_API void wolfSSL_CONF_modules_unload(int all);
-WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg);
-WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl);
-
-#define WOLFSSL_DEFAULT_CIPHER_LIST ""   /* default all */
-
-enum {
-    WOLFSSL_OCSP_URL_OVERRIDE = 1,
-    WOLFSSL_OCSP_NO_NONCE     = 2,
-    WOLFSSL_OCSP_CHECKALL     = 4,
-
-    WOLFSSL_CRL_CHECKALL = 1,
-    WOLFSSL_CRL_CHECK    = 27,
-};
-
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
-/* seperated out from other enums because of size */
-enum {
-    SSL_OP_MICROSOFT_SESS_ID_BUG                  = 0x00000001,
-    SSL_OP_NETSCAPE_CHALLENGE_BUG                 = 0x00000002,
-    SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG       = 0x00000004,
-    SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG            = 0x00000008,
-    SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER             = 0x00000010,
-    SSL_OP_MSIE_SSLV2_RSA_PADDING                 = 0x00000020,
-    SSL_OP_SSLEAY_080_CLIENT_DH_BUG               = 0x00000040,
-    SSL_OP_TLS_D5_BUG                             = 0x00000080,
-    SSL_OP_TLS_BLOCK_PADDING_BUG                  = 0x00000100,
-    SSL_OP_TLS_ROLLBACK_BUG                       = 0x00000200,
-    SSL_OP_ALL                                    = 0x00000400,
-    SSL_OP_EPHEMERAL_RSA                          = 0x00000800,
-    SSL_OP_NO_SSLv3                               = 0x00001000,
-    SSL_OP_NO_TLSv1                               = 0x00002000,
-    SSL_OP_PKCS1_CHECK_1                          = 0x00004000,
-    SSL_OP_PKCS1_CHECK_2                          = 0x00008000,
-    SSL_OP_NETSCAPE_CA_DN_BUG                     = 0x00010000,
-    SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG        = 0x00020000,
-    SSL_OP_SINGLE_DH_USE                          = 0x00040000,
-    SSL_OP_NO_TICKET                              = 0x00080000,
-    SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS            = 0x00100000,
-    SSL_OP_NO_QUERY_MTU                           = 0x00200000,
-    SSL_OP_COOKIE_EXCHANGE                        = 0x00400000,
-    SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00800000,
-    SSL_OP_SINGLE_ECDH_USE                        = 0x01000000,
-    SSL_OP_CIPHER_SERVER_PREFERENCE               = 0x02000000,
-    SSL_OP_NO_TLSv1_1                             = 0x04000000,
-    SSL_OP_NO_TLSv1_2                             = 0x08000000,
-    SSL_OP_NO_COMPRESSION                         = 0x10000000,
-    SSL_OP_NO_TLSv1_3                             = 0x20000000,
-};
-
-enum {
-#ifdef HAVE_OCSP
-    /* OCSP Flags */
-    OCSP_NOCERTS     = 1,
-    OCSP_NOINTERN    = 2,
-    OCSP_NOSIGS      = 4,
-    OCSP_NOCHAIN     = 8,
-    OCSP_NOVERIFY    = 16,
-    OCSP_NOEXPLICIT  = 32,
-    OCSP_NOCASIGN    = 64,
-    OCSP_NODELEGATED = 128,
-    OCSP_NOCHECKS    = 256,
-    OCSP_TRUSTOTHER  = 512,
-    OCSP_RESPID_KEY  = 1024,
-    OCSP_NOTIME      = 2048,
-
-    /* OCSP Types */
-    OCSP_CERTID   = 2,
-    OCSP_REQUEST  = 4,
-    OCSP_RESPONSE = 8,
-    OCSP_BASICRESP = 16,
-#endif
-
-    ASN1_GENERALIZEDTIME = 4,
-    SSL_MAX_SSL_SESSION_ID_LENGTH = 32,
-
-    EVP_R_BAD_DECRYPT = 2,
-
-    SSL_ST_CONNECT = 0x1000,
-    SSL_ST_ACCEPT  = 0x2000,
-    SSL_ST_MASK    = 0x0FFF,
-
-    SSL_CB_LOOP = 0x01,
-    SSL_CB_EXIT = 0x02,
-    SSL_CB_READ = 0x04,
-    SSL_CB_WRITE = 0x08,
-    SSL_CB_HANDSHAKE_START = 0x10,
-    SSL_CB_HANDSHAKE_DONE = 0x20,
-    SSL_CB_ALERT = 0x4000,
-    SSL_CB_READ_ALERT = (SSL_CB_ALERT | SSL_CB_READ),
-    SSL_CB_WRITE_ALERT = (SSL_CB_ALERT | SSL_CB_WRITE),
-    SSL_CB_ACCEPT_LOOP = (SSL_ST_ACCEPT | SSL_CB_LOOP),
-    SSL_CB_ACCEPT_EXIT = (SSL_ST_ACCEPT | SSL_CB_EXIT),
-    SSL_CB_CONNECT_LOOP = (SSL_ST_CONNECT | SSL_CB_LOOP),
-    SSL_CB_CONNECT_EXIT = (SSL_ST_CONNECT | SSL_CB_EXIT),
-	SSL_CB_MODE_READ = 1,
-	SSL_CB_MODE_WRITE = 2,
-
-    SSL_MODE_ENABLE_PARTIAL_WRITE = 2,
-
-    BIO_FLAGS_BASE64_NO_NL = 1,
-    BIO_CLOSE   = 1,
-    BIO_NOCLOSE = 0,
-
-    X509_FILETYPE_PEM = 8,
-    X509_LU_X509      = 9,
-    X509_LU_CRL       = 12,
-
-    X509_V_OK                                    = 0,
-    X509_V_ERR_CRL_SIGNATURE_FAILURE             = 13,
-    X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD    = 14,
-    X509_V_ERR_CRL_HAS_EXPIRED                   = 15,
-    X509_V_ERR_CERT_REVOKED                      = 16,
-    X509_V_ERR_CERT_CHAIN_TOO_LONG               = 17,
-    X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT         = 18,
-    X509_V_ERR_CERT_NOT_YET_VALID                = 19,
-    X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD    = 20,
-    X509_V_ERR_CERT_HAS_EXPIRED                  = 21,
-    X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD     = 22,
-    X509_V_ERR_CERT_REJECTED                     = 23,
-    /* Required for Nginx  */
-    X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT       = 24,
-    X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN         = 25,
-    X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 26,
-    X509_V_ERR_CERT_UNTRUSTED                    = 27,
-    X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE   = 28,
-    X509_V_ERR_SUBJECT_ISSUER_MISMATCH           = 29,
-    /* additional X509_V_ERR_* enums not used in wolfSSL */
-    X509_V_ERR_UNABLE_TO_GET_CRL,
-    X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE,
-    X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE,
-    X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY,
-    X509_V_ERR_CERT_SIGNATURE_FAILURE,
-    X509_V_ERR_CRL_NOT_YET_VALID,
-    X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD,
-    X509_V_ERR_OUT_OF_MEM,
-    X509_V_ERR_INVALID_CA,
-    X509_V_ERR_PATH_LENGTH_EXCEEDED,
-    X509_V_ERR_INVALID_PURPOSE,
-    X509_V_ERR_AKID_SKID_MISMATCH,
-    X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH,
-    X509_V_ERR_KEYUSAGE_NO_CERTSIGN,
-    X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER,
-    X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION,
-    X509_V_ERR_KEYUSAGE_NO_CRL_SIGN,
-    X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION,
-    X509_V_ERR_INVALID_NON_CA,
-    X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED,
-    X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE,
-    X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED,
-    X509_V_ERR_INVALID_EXTENSION,
-    X509_V_ERR_INVALID_POLICY_EXTENSION,
-    X509_V_ERR_NO_EXPLICIT_POLICY,
-    X509_V_ERR_UNNESTED_RESOURCE,
-
-    X509_R_CERT_ALREADY_IN_HASH_TABLE,
-
-    XN_FLAG_SPC_EQ  = (1 << 23),
-    XN_FLAG_ONELINE = 0,
-    XN_FLAG_RFC2253 = 1,
-
-    CRYPTO_LOCK = 1,
-    CRYPTO_NUM_LOCKS = 10,
-
-    ASN1_STRFLGS_ESC_MSB = 4
-};
-#endif
-
-/* extras end */
-
-#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
-/* wolfSSL extension, provide last error from SSL_get_error
-   since not using thread storage error queue */
-#include <stdio.h>
-WOLFSSL_API void  wolfSSL_ERR_print_errors_fp(XFILE, int err);
-#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
-WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(XFILE fp);
-#endif
-#endif
-
-
-#ifndef NO_OLD_SSL_NAMES
-    #define SSL_ERROR_NONE WOLFSSL_ERROR_NONE
-    #define SSL_FAILURE WOLFSSL_FAILURE
-    #define SSL_SUCCESS WOLFSSL_SUCCESS
-    #define SSL_SHUTDOWN_NOT_DONE WOLFSSL_SHUTDOWN_NOT_DONE
-
-    #define SSL_ALPN_NOT_FOUND WOLFSSL_ALPN_NOT_FOUND
-    #define SSL_BAD_CERTTYPE WOLFSSL_BAD_CERTTYPE
-    #define SSL_BAD_STAT WOLFSSL_BAD_STAT
-    #define SSL_BAD_PATH WOLFSSL_BAD_PATH
-    #define SSL_BAD_FILETYPE WOLFSSL_BAD_FILETYPE
-    #define SSL_BAD_FILE WOLFSSL_BAD_FILE
-    #define SSL_NOT_IMPLEMENTED WOLFSSL_NOT_IMPLEMENTED
-    #define SSL_UNKNOWN WOLFSSL_UNKNOWN
-    #define SSL_FATAL_ERROR WOLFSSL_FATAL_ERROR
-
-    #define SSL_FILETYPE_ASN1 WOLFSSL_FILETYPE_ASN1
-    #define SSL_FILETYPE_PEM WOLFSSL_FILETYPE_PEM
-    #define SSL_FILETYPE_DEFAULT WOLFSSL_FILETYPE_DEFAULT
-    #define SSL_FILETYPE_RAW WOLFSSL_FILETYPE_RAW
-
-    #define SSL_VERIFY_NONE WOLFSSL_VERIFY_NONE
-    #define SSL_VERIFY_PEER WOLFSSL_VERIFY_PEER
-    #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT
-    #define SSL_VERIFY_CLIENT_ONCE WOLFSSL_VERIFY_CLIENT_ONCE
-    #define SSL_VERIFY_FAIL_EXCEPT_PSK WOLFSSL_VERIFY_FAIL_EXCEPT_PSK
-
-    #define SSL_SESS_CACHE_OFF WOLFSSL_SESS_CACHE_OFF
-    #define SSL_SESS_CACHE_CLIENT WOLFSSL_SESS_CACHE_CLIENT
-    #define SSL_SESS_CACHE_SERVER WOLFSSL_SESS_CACHE_SERVER
-    #define SSL_SESS_CACHE_BOTH WOLFSSL_SESS_CACHE_BOTH
-    #define SSL_SESS_CACHE_NO_AUTO_CLEAR WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR
-    #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP
-    #define SSL_SESS_CACHE_NO_INTERNAL_STORE WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE
-    #define SSL_SESS_CACHE_NO_INTERNAL WOLFSSL_SESS_CACHE_NO_INTERNAL
-
-    #define SSL_ERROR_WANT_READ WOLFSSL_ERROR_WANT_READ
-    #define SSL_ERROR_WANT_WRITE WOLFSSL_ERROR_WANT_WRITE
-    #define SSL_ERROR_WANT_CONNECT WOLFSSL_ERROR_WANT_CONNECT
-    #define SSL_ERROR_WANT_ACCEPT WOLFSSL_ERROR_WANT_ACCEPT
-    #define SSL_ERROR_SYSCALL WOLFSSL_ERROR_SYSCALL
-    #define SSL_ERROR_WANT_X509_LOOKUP WOLFSSL_ERROR_WANT_X509_LOOKUP
-    #define SSL_ERROR_ZERO_RETURN WOLFSSL_ERROR_ZERO_RETURN
-    #define SSL_ERROR_SSL WOLFSSL_ERROR_SSL
-
-    #define SSL_SENT_SHUTDOWN WOLFSSL_SENT_SHUTDOWN
-    #define SSL_RECEIVED_SHUTDOWN WOLFSSL_RECEIVED_SHUTDOWN
-    #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
-    #define SSL_OP_NO_SSLv2 WOLFSSL_OP_NO_SSLv2
-
-    #define SSL_R_SSL_HANDSHAKE_FAILURE WOLFSSL_R_SSL_HANDSHAKE_FAILURE
-    #define SSL_R_TLSV1_ALERT_UNKNOWN_CA WOLFSSL_R_TLSV1_ALERT_UNKNOWN_CA
-    #define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN WOLFSSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN
-    #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE WOLFSSL_R_SSLV3_ALERT_BAD_CERTIFICATE
-
-    #define PEM_BUFSIZE WOLF_PEM_BUFSIZE
-#endif
-
-enum { /* ssl Constants */
-    WOLFSSL_ERROR_NONE      =  0,   /* for most functions */
-    WOLFSSL_FAILURE         =  0,   /* for some functions */
-    WOLFSSL_SUCCESS         =  1,
-    WOLFSSL_SHUTDOWN_NOT_DONE =  2,  /* call wolfSSL_shutdown again to complete */
-
-    WOLFSSL_ALPN_NOT_FOUND  = -9,
-    WOLFSSL_BAD_CERTTYPE    = -8,
-    WOLFSSL_BAD_STAT        = -7,
-    WOLFSSL_BAD_PATH        = -6,
-    WOLFSSL_BAD_FILETYPE    = -5,
-    WOLFSSL_BAD_FILE        = -4,
-    WOLFSSL_NOT_IMPLEMENTED = -3,
-    WOLFSSL_UNKNOWN         = -2,
-    WOLFSSL_FATAL_ERROR     = -1,
-
-    WOLFSSL_FILETYPE_ASN1    = 2,
-    WOLFSSL_FILETYPE_PEM     = 1,
-    WOLFSSL_FILETYPE_DEFAULT = 2, /* ASN1 */
-    WOLFSSL_FILETYPE_RAW     = 3, /* NTRU raw key blob */
-
-    WOLFSSL_VERIFY_NONE                 = 0,
-    WOLFSSL_VERIFY_PEER                 = 1,
-    WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2,
-    WOLFSSL_VERIFY_CLIENT_ONCE          = 4,
-    WOLFSSL_VERIFY_FAIL_EXCEPT_PSK      = 8,
-
-    WOLFSSL_SESS_CACHE_OFF                = 0x0000,
-    WOLFSSL_SESS_CACHE_CLIENT             = 0x0001,
-    WOLFSSL_SESS_CACHE_SERVER             = 0x0002,
-    WOLFSSL_SESS_CACHE_BOTH               = 0x0003,
-    WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR      = 0x0008,
-    WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 0x0100,
-    WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE  = 0x0200,
-    WOLFSSL_SESS_CACHE_NO_INTERNAL        = 0x0300,
-
-    WOLFSSL_ERROR_WANT_READ        =  2,
-    WOLFSSL_ERROR_WANT_WRITE       =  3,
-    WOLFSSL_ERROR_WANT_CONNECT     =  7,
-    WOLFSSL_ERROR_WANT_ACCEPT      =  8,
-    WOLFSSL_ERROR_SYSCALL          =  5,
-    WOLFSSL_ERROR_WANT_X509_LOOKUP = 83,
-    WOLFSSL_ERROR_ZERO_RETURN      =  6,
-    WOLFSSL_ERROR_SSL              = 85,
-
-    WOLFSSL_SENT_SHUTDOWN     = 1,
-    WOLFSSL_RECEIVED_SHUTDOWN = 2,
-    WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4,
-    WOLFSSL_OP_NO_SSLv2       = 8,
-
-    WOLFSSL_R_SSL_HANDSHAKE_FAILURE           = 101,
-    WOLFSSL_R_TLSV1_ALERT_UNKNOWN_CA          = 102,
-    WOLFSSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103,
-    WOLFSSL_R_SSLV3_ALERT_BAD_CERTIFICATE     = 104,
-
-    WOLF_PEM_BUFSIZE = 1024
-};
-
-#ifndef NO_PSK
-    typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*,
-                                    unsigned int, unsigned char*, unsigned int);
-    WOLFSSL_API void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX*,
-                                                    wc_psk_client_callback);
-    WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL*,
-                                                    wc_psk_client_callback);
-#ifdef WOLFSSL_TLS13
-    typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*,
-               char*, unsigned int, unsigned char*, unsigned int, const char**);
-    WOLFSSL_API void wolfSSL_CTX_set_psk_client_tls13_callback(WOLFSSL_CTX*,
-                                                  wc_psk_client_tls13_callback);
-    WOLFSSL_API void wolfSSL_set_psk_client_tls13_callback(WOLFSSL*,
-                                                  wc_psk_client_tls13_callback);
-#endif
-
-    WOLFSSL_API const char* wolfSSL_get_psk_identity_hint(const WOLFSSL*);
-    WOLFSSL_API const char* wolfSSL_get_psk_identity(const WOLFSSL*);
-
-    WOLFSSL_API int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX*, const char*);
-    WOLFSSL_API int wolfSSL_use_psk_identity_hint(WOLFSSL*, const char*);
-
-    typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*,
-                          unsigned char*, unsigned int);
-    WOLFSSL_API void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX*,
-                                                    wc_psk_server_callback);
-    WOLFSSL_API void wolfSSL_set_psk_server_callback(WOLFSSL*,
-                                                    wc_psk_server_callback);
-#ifdef WOLFSSL_TLS13
-    typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*,
-                          unsigned char*, unsigned int, const char**);
-    WOLFSSL_API void wolfSSL_CTX_set_psk_server_tls13_callback(WOLFSSL_CTX*,
-                                                  wc_psk_server_tls13_callback);
-    WOLFSSL_API void wolfSSL_set_psk_server_tls13_callback(WOLFSSL*,
-                                                  wc_psk_server_tls13_callback);
-#endif
-
-    #define PSK_TYPES_DEFINED
-#endif /* NO_PSK */
-
-
-#ifdef HAVE_ANON
-    WOLFSSL_API int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX*);
-#endif /* HAVE_ANON */
-
-
-/* extra begins */
-#ifdef OPENSSL_EXTRA
-enum {  /* ERR Constants */
-    ERR_TXT_STRING = 1
-};
-
-/* bio misc */
-enum {
-    WOLFSSL_BIO_ERROR = -1,
-    WOLFSSL_BIO_UNSET = -2,
-    WOLFSSL_BIO_SIZE  = 17000 /* default BIO write size if not set */
-};
-#endif
-
-WOLFSSL_API void wolfSSL_ERR_put_error(int lib, int fun, int err,
-                                       const char* file, int line);
-WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line(const char**, int*);
-WOLFSSL_API unsigned long wolfSSL_ERR_get_error_line_data(const char**, int*,
-                                                 const char**, int *);
-
-WOLFSSL_API unsigned long wolfSSL_ERR_get_error(void);
-WOLFSSL_API void          wolfSSL_ERR_clear_error(void);
-
-
-WOLFSSL_API int  wolfSSL_RAND_status(void);
-WOLFSSL_API int  wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num);
-WOLFSSL_API int  wolfSSL_RAND_bytes(unsigned char* buf, int num);
-WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_server_method(void);
-WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long);
-WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
-WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long);
-
-#ifndef NO_CERTS
-  WOLFSSL_API int  wolfSSL_CTX_check_private_key(const WOLFSSL_CTX*);
-#endif /* !NO_CERTS */
-
-WOLFSSL_API void wolfSSL_ERR_free_strings(void);
-WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long);
-WOLFSSL_API int  wolfSSL_clear(WOLFSSL* ssl);
-WOLFSSL_API int  wolfSSL_state(WOLFSSL* ssl);
-
-WOLFSSL_API void wolfSSL_cleanup_all_ex_data(void);
-WOLFSSL_API long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode);
-WOLFSSL_API long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx);
-WOLFSSL_API void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m);
-WOLFSSL_API long wolfSSL_SSL_get_mode(WOLFSSL* ssl);
-
-
-WOLFSSL_API int  wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX*);
-WOLFSSL_API int  wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*,
-                                            const unsigned char*, unsigned int);
-WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl);
-WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*);
-
-WOLFSSL_API int wolfSSL_want_read(WOLFSSL*);
-WOLFSSL_API int wolfSSL_want_write(WOLFSSL*);
-
-WOLFSSL_API int wolfSSL_BIO_printf(WOLFSSL_BIO*, const char*, ...);
-WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*,
-                                         const WOLFSSL_ASN1_UTCTIME*);
-WOLFSSL_API int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO*,
-                                         const WOLFSSL_ASN1_GENERALIZEDTIME*);
-WOLFSSL_API void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_GENERALIZEDTIME*);
-WOLFSSL_API int   wolfSSL_sk_num(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*);
-WOLFSSL_API void* wolfSSL_sk_value(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*, int);
-
-/* stunnel 4.28 needs */
-WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int);
-WOLFSSL_API int   wolfSSL_CTX_set_ex_data(WOLFSSL_CTX*, int, void*);
-WOLFSSL_API void  wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX*,
-                       WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*));
-WOLFSSL_API void  wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX*,
-                                            int (*f)(WOLFSSL*, WOLFSSL_SESSION*));
-WOLFSSL_API void  wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX*,
-                                       void (*f)(WOLFSSL_CTX*, WOLFSSL_SESSION*));
-
-WOLFSSL_API int          wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION*,unsigned char**);
-WOLFSSL_API WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION**,
-                                                   const unsigned char**, long);
-
-WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION*);
-WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION*);
-WOLFSSL_API int  wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*);
-
-/* extra ends */
-
-
-/* wolfSSL extensions */
-
-/* call before SSL_connect, if verifying will add name check to
-   date check and signature check */
-WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn);
-
-/* need to call once to load library (session cache) */
-WOLFSSL_API int wolfSSL_Init(void);
-/* call when done to cleanup/free session cache mutex / resources  */
-WOLFSSL_API int wolfSSL_Cleanup(void);
-
-/* which library version do we have */
-WOLFSSL_API const char* wolfSSL_lib_version(void);
-/* which library version do we have in hex */
-WOLFSSL_API unsigned int wolfSSL_lib_version_hex(void);
-
-/* do accept or connect depedning on side */
-WOLFSSL_API int wolfSSL_negotiate(WOLFSSL* ssl);
-/* turn on wolfSSL data compression */
-WOLFSSL_API int wolfSSL_set_compression(WOLFSSL* ssl);
-
-WOLFSSL_API int wolfSSL_set_timeout(WOLFSSL*, unsigned int);
-WOLFSSL_API int wolfSSL_CTX_set_timeout(WOLFSSL_CTX*, unsigned int);
-
-/* get wolfSSL peer X509_CHAIN */
-WOLFSSL_API WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl);
-#ifdef WOLFSSL_ALT_CERT_CHAINS
-WOLFSSL_API int wolfSSL_is_peer_alt_cert_chain(const WOLFSSL* ssl);
-/* get wolfSSL alternate peer X509_CHAIN */
-WOLFSSL_API WOLFSSL_X509_CHAIN* wolfSSL_get_peer_alt_chain(WOLFSSL* ssl);
-#endif
-/* peer chain count */
-WOLFSSL_API int  wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain);
-/* index cert length */
-WOLFSSL_API int  wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN*, int idx);
-/* index cert */
-WOLFSSL_API unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN*, int idx);
-/* index cert in X509 */
-WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN*, int idx);
-/* free X509 */
-#define wolfSSL_FreeX509(x509) wolfSSL_X509_free((x509))
-WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*);
-/* get index cert in PEM */
-WOLFSSL_API int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN*, int idx,
-                                unsigned char* buf, int inLen, int* outLen);
-WOLFSSL_API const unsigned char* wolfSSL_get_sessionID(const WOLFSSL_SESSION* s);
-WOLFSSL_API int  wolfSSL_X509_get_serial_number(WOLFSSL_X509*,unsigned char*,int*);
-WOLFSSL_API char*  wolfSSL_X509_get_subjectCN(WOLFSSL_X509*);
-WOLFSSL_API const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509*, int*);
-WOLFSSL_API const unsigned char* wolfSSL_X509_notBefore(WOLFSSL_X509*);
-WOLFSSL_API const unsigned char* wolfSSL_X509_notAfter(WOLFSSL_X509*);
-WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*);
-
-WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*);
-
-WOLFSSL_API char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*);
-
-WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509,
-        const unsigned char** in, int len);
-WOLFSSL_API WOLFSSL_X509*
-    wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
-WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
-WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
-                                                   const unsigned char *in, int len);
-#ifndef NO_FILESYSTEM
-WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl);
-#endif
-WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl);
-
-#ifndef NO_FILESYSTEM
-    #ifndef NO_STDIO_FILESYSTEM
-    WOLFSSL_API WOLFSSL_X509*
-        wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file);
-    #endif
-WOLFSSL_API WOLFSSL_X509*
-    wolfSSL_X509_load_certificate_file(const char* fname, int format);
-#endif
-WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
-    const unsigned char* buf, int sz, int format);
-
-#ifdef WOLFSSL_SEP
-    WOLFSSL_API unsigned char*
-           wolfSSL_X509_get_device_type(WOLFSSL_X509*, unsigned char*, int*);
-    WOLFSSL_API unsigned char*
-           wolfSSL_X509_get_hw_type(WOLFSSL_X509*, unsigned char*, int*);
-    WOLFSSL_API unsigned char*
-           wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509*, unsigned char*, int*);
-#endif
-
-/* connect enough to get peer cert */
-WOLFSSL_API int  wolfSSL_connect_cert(WOLFSSL* ssl);
-
-
-
-/* PKCS12 compatibility */
-typedef struct WC_PKCS12 WC_PKCS12;
-WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio,
-                                       WC_PKCS12** pkcs12);
-#ifndef NO_FILESYSTEM
-WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp,
-                                       WOLFSSL_X509_PKCS12** pkcs12);
-#endif
-WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
-     WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert,
-     WOLF_STACK_OF(WOLFSSL_X509)** ca);
-WOLFSSL_API WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name,
-        WOLFSSL_EVP_PKEY* pkey, WOLFSSL_X509* cert,
-        WOLF_STACK_OF(WOLFSSL_X509)* ca,
-        int keyNID, int certNID, int itt, int macItt, int keytype);
-WOLFSSL_API void wolfSSL_PKCS12_PBE_add(void);
-
-
-
-#ifndef NO_DH
-/* server Diffie-Hellman parameters */
-WOLFSSL_API int  wolfSSL_SetTmpDH(WOLFSSL*, const unsigned char* p, int pSz,
-                                const unsigned char* g, int gSz);
-WOLFSSL_API int  wolfSSL_SetTmpDH_buffer(WOLFSSL*, const unsigned char* b, long sz,
-                                       int format);
-WOLFSSL_API int wolfSSL_SetEnableDhKeyTest(WOLFSSL*, int);
-#ifndef NO_FILESYSTEM
-    WOLFSSL_API int  wolfSSL_SetTmpDH_file(WOLFSSL*, const char* f, int format);
-#endif
-
-/* server ctx Diffie-Hellman parameters */
-WOLFSSL_API int  wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX*, const unsigned char* p,
-                                    int pSz, const unsigned char* g, int gSz);
-WOLFSSL_API int  wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX*, const unsigned char* b,
-                                           long sz, int format);
-
-#ifndef NO_FILESYSTEM
-    WOLFSSL_API int  wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX*, const char* f,
-                                             int format);
-#endif
-
-WOLFSSL_API int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX*, unsigned short);
-WOLFSSL_API int wolfSSL_SetMinDhKey_Sz(WOLFSSL*, unsigned short);
-WOLFSSL_API int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX*, unsigned short);
-WOLFSSL_API int wolfSSL_SetMaxDhKey_Sz(WOLFSSL*, unsigned short);
-WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL*);
-#endif /* NO_DH */
-
-#ifndef NO_RSA
-WOLFSSL_API int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX*, short);
-WOLFSSL_API int wolfSSL_SetMinRsaKey_Sz(WOLFSSL*, short);
-#endif /* NO_RSA */
-
-#ifdef HAVE_ECC
-WOLFSSL_API int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX*, short);
-WOLFSSL_API int wolfSSL_SetMinEccKey_Sz(WOLFSSL*, short);
-#endif /* NO_RSA */
-
-WOLFSSL_API int  wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, unsigned short);
-WOLFSSL_API int  wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, unsigned short);
-
-/* keyblock size in bytes or -1 */
-/* need to call wolfSSL_KeepArrays before handshake to save keys */
-WOLFSSL_API int wolfSSL_get_keyblock_size(WOLFSSL*);
-WOLFSSL_API int wolfSSL_get_keys(WOLFSSL*,unsigned char** ms, unsigned int* msLen,
-                                       unsigned char** sr, unsigned int* srLen,
-                                       unsigned char** cr, unsigned int* crLen);
-
-/* Computes EAP-TLS and EAP-TTLS keying material from the master_secret. */
-WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
-                                                             const char* label);
-
-
-#ifndef _WIN32
-    #ifndef NO_WRITEV
-        #ifdef __PPU
-            #include <sys/types.h>
-            #include <sys/socket.h>
-        #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM) && \
-              !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \
-              !defined(WOLFSSL_EMBOS) && !defined(WOLFSSL_FROSTED) && \
-              !defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI)
-            #include <sys/uio.h>
-        #endif
-        /* allow writev style writing */
-        WOLFSSL_API int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov,
-                                     int iovcnt);
-    #endif
-#endif
-
-
-#ifndef NO_CERTS
-    /* SSL_CTX versions */
-    WOLFSSL_API int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*);
-#ifdef WOLFSSL_TRUST_PEER_CERT
-    WOLFSSL_API int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX*);
-    WOLFSSL_API int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX*,
-                                               const unsigned char*, long, int);
-#endif
-    WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX*,
-                                               const unsigned char*, long, int);
-    WOLFSSL_API int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX*,
-                                               const unsigned char*, long, int);
-    WOLFSSL_API int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX*,
-                                               const unsigned char*, long, int);
-    WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX*,
-                                               const unsigned char*, long, int);
-    WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX*,
-                                               const unsigned char*, long, int);
-    WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX*,
-                                                    const unsigned char*, long);
-
-    /* SSL versions */
-    WOLFSSL_API int wolfSSL_use_certificate_buffer(WOLFSSL*, const unsigned char*,
-                                               long, int);
-    WOLFSSL_API int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der,
-                                                                     int derSz);
-    WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*,
-                                               long, int);
-    WOLFSSL_API int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL*,
-                                               const unsigned char*, long, int);
-    WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*,
-                                               const unsigned char*, long);
-    WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*);
-
-    #if defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
-        WOLFSSL_API WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl);
-    #endif
-#endif
-
-WOLFSSL_API int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*);
-WOLFSSL_API int wolfSSL_set_group_messages(WOLFSSL*);
-
-
-#ifdef HAVE_FUZZER
-enum fuzzer_type {
-    FUZZ_HMAC      = 0,
-    FUZZ_ENCRYPT   = 1,
-    FUZZ_SIGNATURE = 2,
-    FUZZ_HASH      = 3,
-    FUZZ_HEAD      = 4
-};
-
-typedef int (*CallbackFuzzer)(WOLFSSL* ssl, const unsigned char* buf, int sz,
-        int type, void* fuzzCtx);
-
-WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx);
-#endif
-
-
-WOLFSSL_API int   wolfSSL_DTLS_SetCookieSecret(WOLFSSL*,
-                                               const unsigned char*,
-                                               unsigned int);
-
-
-/* I/O Callback default errors */
-enum IOerrors {
-    WOLFSSL_CBIO_ERR_GENERAL    = -1,     /* general unexpected err */
-    WOLFSSL_CBIO_ERR_WANT_READ  = -2,     /* need to call read  again */
-    WOLFSSL_CBIO_ERR_WANT_WRITE = -2,     /* need to call write again */
-    WOLFSSL_CBIO_ERR_CONN_RST   = -3,     /* connection reset */
-    WOLFSSL_CBIO_ERR_ISR        = -4,     /* interrupt */
-    WOLFSSL_CBIO_ERR_CONN_CLOSE = -5,     /* connection closed or epipe */
-    WOLFSSL_CBIO_ERR_TIMEOUT    = -6      /* socket timeout */
-};
-
-
-/* CA cache callbacks */
-enum {
-    WOLFSSL_SSLV3    = 0,
-    WOLFSSL_TLSV1    = 1,
-    WOLFSSL_TLSV1_1  = 2,
-    WOLFSSL_TLSV1_2  = 3,
-    WOLFSSL_TLSV1_3  = 4,
-    WOLFSSL_USER_CA  = 1,          /* user added as trusted */
-    WOLFSSL_CHAIN_CA = 2           /* added to cache from trusted chain */
-};
-
-WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL*);
-
-WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version);
-WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version);
-WOLFSSL_API int wolfSSL_GetObjectSize(void);  /* object size based on build */
-WOLFSSL_API int wolfSSL_CTX_GetObjectSize(void);
-WOLFSSL_API int wolfSSL_METHOD_GetObjectSize(void);
-WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int);
-WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*);
-WOLFSSL_API int wolfSSL_GetVersion(WOLFSSL* ssl);
-WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
-
-/* moved to asn.c, old names kept for backwards compatability */
-#define wolfSSL_KeyPemToDer    wc_KeyPemToDer
-#define wolfSSL_CertPemToDer   wc_CertPemToDer
-#define wolfSSL_PemPubKeyToDer wc_PemPubKeyToDer
-#define wolfSSL_PubKeyPemToDer wc_PubKeyPemToDer
-#define wolfSSL_PemCertToDer   wc_PemCertToDer
-
-
-typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
-typedef void (*CbMissingCRL)(const char* url);
-typedef int  (*CbOCSPIO)(void*, const char*, int,
-                                         unsigned char*, int, unsigned char**);
-typedef void (*CbOCSPRespFree)(void*,unsigned char*);
-
-#ifdef HAVE_CRL_IO
-typedef int  (*CbCrlIO)(WOLFSSL_CRL* crl, const char* url, int urlSz);
-#endif
-
-/* User Atomic Record Layer CallBacks */
-typedef int (*CallbackMacEncrypt)(WOLFSSL* ssl, unsigned char* macOut,
-       const unsigned char* macIn, unsigned int macInSz, int macContent,
-       int macVerify, unsigned char* encOut, const unsigned char* encIn,
-       unsigned int encSz, void* ctx);
-WOLFSSL_API void  wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX*, CallbackMacEncrypt);
-WOLFSSL_API void  wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl);
-
-typedef int (*CallbackDecryptVerify)(WOLFSSL* ssl,
-       unsigned char* decOut, const unsigned char* decIn,
-       unsigned int decSz, int content, int verify, unsigned int* padSz,
-       void* ctx);
-WOLFSSL_API void  wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX*,
-                                               CallbackDecryptVerify);
-WOLFSSL_API void  wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl);
-
-WOLFSSL_API const unsigned char* wolfSSL_GetMacSecret(WOLFSSL*, int);
-WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*);
-WOLFSSL_API const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*);
-WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*);
-WOLFSSL_API const unsigned char* wolfSSL_GetServerWriteIV(WOLFSSL*);
-WOLFSSL_API int                  wolfSSL_GetKeySize(WOLFSSL*);
-WOLFSSL_API int                  wolfSSL_GetIVSize(WOLFSSL*);
-WOLFSSL_API int                  wolfSSL_GetSide(WOLFSSL*);
-WOLFSSL_API int                  wolfSSL_IsTLSv1_1(WOLFSSL*);
-WOLFSSL_API int                  wolfSSL_GetBulkCipher(WOLFSSL*);
-WOLFSSL_API int                  wolfSSL_GetCipherBlockSize(WOLFSSL*);
-WOLFSSL_API int                  wolfSSL_GetAeadMacSize(WOLFSSL*);
-WOLFSSL_API int                  wolfSSL_GetHmacSize(WOLFSSL*);
-WOLFSSL_API int                  wolfSSL_GetHmacType(WOLFSSL*);
-WOLFSSL_API int                  wolfSSL_GetCipherType(WOLFSSL*);
-WOLFSSL_API int                  wolfSSL_SetTlsHmacInner(WOLFSSL*, unsigned char*,
-                                                       unsigned int, int, int);
-
-/* Atomic User Needs */
-enum {
-    WOLFSSL_SERVER_END = 0,
-    WOLFSSL_CLIENT_END = 1,
-    WOLFSSL_NEITHER_END = 3,
-    WOLFSSL_BLOCK_TYPE = 2,
-    WOLFSSL_STREAM_TYPE = 3,
-    WOLFSSL_AEAD_TYPE = 4,
-    WOLFSSL_TLS_HMAC_INNER_SZ = 13      /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */
-};
-
-/* for GetBulkCipher and internal use */
-enum BulkCipherAlgorithm {
-    wolfssl_cipher_null,
-    wolfssl_rc4,
-    wolfssl_rc2,
-    wolfssl_des,
-    wolfssl_triple_des,             /* leading 3 (3des) not valid identifier */
-    wolfssl_des40,
-#ifdef HAVE_IDEA
-    wolfssl_idea,
-#endif
-    wolfssl_aes,
-    wolfssl_aes_gcm,
-    wolfssl_aes_ccm,
-    wolfssl_chacha,
-    wolfssl_camellia,
-    wolfssl_hc128,                  /* wolfSSL extensions */
-    wolfssl_rabbit
-};
-
-
-/* for KDF TLS 1.2 mac types */
-enum KDF_MacAlgorithm {
-    wolfssl_sha256 = 4,     /* needs to match internal MACAlgorithm */
-    wolfssl_sha384,
-    wolfssl_sha512
-};
-
-
-/* Public Key Callback support */
-#ifdef HAVE_PK_CALLBACKS
-#ifdef HAVE_ECC
-
-struct ecc_key;
-
-typedef int (*CallbackEccKeyGen)(WOLFSSL* ssl, struct ecc_key* key,
-    unsigned int keySz, int ecc_curve, void* ctx);
-WOLFSSL_API void  wolfSSL_CTX_SetEccKeyGenCb(WOLFSSL_CTX*, CallbackEccKeyGen);
-WOLFSSL_API void  wolfSSL_SetEccKeyGenCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetEccKeyGenCtx(WOLFSSL* ssl);
-
-typedef int (*CallbackEccSign)(WOLFSSL* ssl,
-       const unsigned char* in, unsigned int inSz,
-       unsigned char* out, unsigned int* outSz,
-       const unsigned char* keyDer, unsigned int keySz,
-       void* ctx);
-WOLFSSL_API void  wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX*, CallbackEccSign);
-WOLFSSL_API void  wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl);
-
-typedef int (*CallbackEccVerify)(WOLFSSL* ssl,
-       const unsigned char* sig, unsigned int sigSz,
-       const unsigned char* hash, unsigned int hashSz,
-       const unsigned char* keyDer, unsigned int keySz,
-       int* result, void* ctx);
-WOLFSSL_API void  wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX*, CallbackEccVerify);
-WOLFSSL_API void  wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl);
-
-typedef int (*CallbackEccSharedSecret)(WOLFSSL* ssl, struct ecc_key* otherKey,
-        unsigned char* pubKeyDer, unsigned int* pubKeySz,
-        unsigned char* out, unsigned int* outlen,
-        int side, void* ctx); /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */
-WOLFSSL_API void  wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX*, CallbackEccSharedSecret);
-WOLFSSL_API void  wolfSSL_SetEccSharedSecretCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetEccSharedSecretCtx(WOLFSSL* ssl);
-#endif
-
-#ifndef NO_DH
-/* Public DH Key Callback support */
-struct DhKey;
-typedef int (*CallbackDhAgree)(WOLFSSL* ssl, struct DhKey* key,
-        const unsigned char* priv, unsigned int privSz,
-        const unsigned char* otherPubKeyDer, unsigned int otherPubKeySz,
-        unsigned char* out, unsigned int* outlen,
-        void* ctx);
-WOLFSSL_API void  wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX*, CallbackDhAgree);
-WOLFSSL_API void  wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl);
-#endif /* !NO_DH */
-
-#ifdef HAVE_ED25519
-struct ed25519_key;
-typedef int (*CallbackEd25519Sign)(WOLFSSL* ssl,
-       const unsigned char* in, unsigned int inSz,
-       unsigned char* out, unsigned int* outSz,
-       const unsigned char* keyDer, unsigned int keySz,
-       void* ctx);
-WOLFSSL_API void  wolfSSL_CTX_SetEd25519SignCb(WOLFSSL_CTX*,
-                                               CallbackEd25519Sign);
-WOLFSSL_API void  wolfSSL_SetEd25519SignCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetEd25519SignCtx(WOLFSSL* ssl);
-
-typedef int (*CallbackEd25519Verify)(WOLFSSL* ssl,
-       const unsigned char* sig, unsigned int sigSz,
-       const unsigned char* msg, unsigned int msgSz,
-       const unsigned char* keyDer, unsigned int keySz,
-       int* result, void* ctx);
-WOLFSSL_API void  wolfSSL_CTX_SetEd25519VerifyCb(WOLFSSL_CTX*,
-                                                 CallbackEd25519Verify);
-WOLFSSL_API void  wolfSSL_SetEd25519VerifyCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetEd25519VerifyCtx(WOLFSSL* ssl);
-#endif
-
-#ifdef HAVE_CURVE25519
-struct curve25519_key;
-
-typedef int (*CallbackX25519KeyGen)(WOLFSSL* ssl, struct curve25519_key* key,
-    unsigned int keySz, void* ctx);
-WOLFSSL_API void  wolfSSL_CTX_SetX25519KeyGenCb(WOLFSSL_CTX*, CallbackX25519KeyGen);
-WOLFSSL_API void  wolfSSL_SetX25519KeyGenCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetX25519KeyGenCtx(WOLFSSL* ssl);
-
-typedef int (*CallbackX25519SharedSecret)(WOLFSSL* ssl,
-        struct curve25519_key* otherKey,
-        unsigned char* pubKeyDer, unsigned int* pubKeySz,
-        unsigned char* out, unsigned int* outlen,
-        int side, void* ctx);
-        /* side is WOLFSSL_CLIENT_END or WOLFSSL_SERVER_END */
-WOLFSSL_API void  wolfSSL_CTX_SetX25519SharedSecretCb(WOLFSSL_CTX*,
-        CallbackX25519SharedSecret);
-WOLFSSL_API void  wolfSSL_SetX25519SharedSecretCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetX25519SharedSecretCtx(WOLFSSL* ssl);
-#endif
-
-#ifndef NO_RSA
-typedef int (*CallbackRsaSign)(WOLFSSL* ssl,
-       const unsigned char* in, unsigned int inSz,
-       unsigned char* out, unsigned int* outSz,
-       const unsigned char* keyDer, unsigned int keySz,
-       void* ctx);
-WOLFSSL_API void  wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX*, CallbackRsaSign);
-WOLFSSL_API void  wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl);
-
-typedef int (*CallbackRsaVerify)(WOLFSSL* ssl,
-       unsigned char* sig, unsigned int sigSz,
-       unsigned char** out,
-       const unsigned char* keyDer, unsigned int keySz,
-       void* ctx);
-WOLFSSL_API void  wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX*, CallbackRsaVerify);
-WOLFSSL_API void  wolfSSL_CTX_SetRsaSignCheckCb(WOLFSSL_CTX*, CallbackRsaVerify);
-WOLFSSL_API void  wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl);
-
-#ifdef WC_RSA_PSS
-typedef int (*CallbackRsaPssSign)(WOLFSSL* ssl,
-       const unsigned char* in, unsigned int inSz,
-       unsigned char* out, unsigned int* outSz,
-       int hash, int mgf,
-       const unsigned char* keyDer, unsigned int keySz,
-       void* ctx);
-WOLFSSL_API void  wolfSSL_CTX_SetRsaPssSignCb(WOLFSSL_CTX*, CallbackRsaPssSign);
-WOLFSSL_API void  wolfSSL_SetRsaPssSignCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetRsaPssSignCtx(WOLFSSL* ssl);
-
-typedef int (*CallbackRsaPssVerify)(WOLFSSL* ssl,
-       unsigned char* sig, unsigned int sigSz,
-       unsigned char** out,
-       int hash, int mgf,
-       const unsigned char* keyDer, unsigned int keySz,
-       void* ctx);
-WOLFSSL_API void  wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX*,
-                                                CallbackRsaPssVerify);
-WOLFSSL_API void  wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX*,
-                                                    CallbackRsaPssVerify);
-WOLFSSL_API void  wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl);
-#endif
-
-/* RSA Public Encrypt cb */
-typedef int (*CallbackRsaEnc)(WOLFSSL* ssl,
-       const unsigned char* in, unsigned int inSz,
-       unsigned char* out, unsigned int* outSz,
-       const unsigned char* keyDer, unsigned int keySz,
-       void* ctx);
-WOLFSSL_API void  wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX*, CallbackRsaEnc);
-WOLFSSL_API void  wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl);
-
-/* RSA Private Decrypt cb */
-typedef int (*CallbackRsaDec)(WOLFSSL* ssl,
-       unsigned char* in, unsigned int inSz,
-       unsigned char** out,
-       const unsigned char* keyDer, unsigned int keySz,
-       void* ctx);
-WOLFSSL_API void  wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX*, CallbackRsaDec);
-WOLFSSL_API void  wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
-#endif
-#endif /* HAVE_PK_CALLBACKS */
-
-#ifndef NO_CERTS
-    WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache);
-
-    WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CTX_GetCertManager(WOLFSSL_CTX*);
-
-    WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap);
-    WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void);
-    WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*);
-
-    WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER*, const char* f,
-                                                                 const char* d);
-    WOLFSSL_API int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER*,
-                                  const unsigned char* in, long sz, int format);
-    WOLFSSL_API int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm);
-#ifdef WOLFSSL_TRUST_PEER_CERT
-    WOLFSSL_API int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm);
-#endif
-    WOLFSSL_API int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER*, const char* f,
-                                                                    int format);
-    WOLFSSL_API int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm,
-                                const unsigned char* buff, long sz, int format);
-    WOLFSSL_API int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER*,
-                                                        unsigned char*, int sz);
-    WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER*,
-                                                                   int options);
-    WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER*);
-    WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER*,
-                                                         const char*, int, int);
-    WOLFSSL_API int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER*,
-                                            const unsigned char*, long sz, int);
-    WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER*,
-                                                                  CbMissingCRL);
-#ifdef HAVE_CRL_IO
-    WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER*,
-                                                                       CbCrlIO);
-#endif
-    WOLFSSL_API int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER*,
-                                                        unsigned char*, int sz);
-    WOLFSSL_API int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER*,
-                                                                   int options);
-    WOLFSSL_API int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER*);
-    WOLFSSL_API int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER*,
-                                                                   const char*);
-    WOLFSSL_API int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER*,
-                                               CbOCSPIO, CbOCSPRespFree, void*);
-
-    WOLFSSL_API int wolfSSL_CertManagerEnableOCSPStapling(
-                                                      WOLFSSL_CERT_MANAGER* cm);
-    WOLFSSL_API int wolfSSL_CertManagerDisableOCSPStapling(
-                                                      WOLFSSL_CERT_MANAGER* cm);
-
-    WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options);
-    WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl);
-    WOLFSSL_API int wolfSSL_LoadCRL(WOLFSSL*, const char*, int, int);
-    WOLFSSL_API int wolfSSL_LoadCRLBuffer(WOLFSSL*,
-                                          const unsigned char*, long sz, int);
-    WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL*, CbMissingCRL);
-#ifdef HAVE_CRL_IO
-    WOLFSSL_API int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb);
-#endif
-    WOLFSSL_API int wolfSSL_EnableOCSP(WOLFSSL*, int options);
-    WOLFSSL_API int wolfSSL_DisableOCSP(WOLFSSL*);
-    WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL(WOLFSSL*, const char*);
-    WOLFSSL_API int wolfSSL_SetOCSP_Cb(WOLFSSL*, CbOCSPIO, CbOCSPRespFree, void*);
-    WOLFSSL_API int wolfSSL_EnableOCSPStapling(WOLFSSL*);
-    WOLFSSL_API int wolfSSL_DisableOCSPStapling(WOLFSSL*);
-
-    WOLFSSL_API int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options);
-    WOLFSSL_API int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx);
-    WOLFSSL_API int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX*, const char*, int, int);
-    WOLFSSL_API int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX*,
-                                            const unsigned char*, long sz, int);
-    WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX*, CbMissingCRL);
-#ifdef HAVE_CRL_IO
-    WOLFSSL_API int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX*, CbCrlIO);
-#endif
-
-    WOLFSSL_API int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX*, int options);
-    WOLFSSL_API int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*);
-    WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX*, const char*);
-    WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX*,
-                                               CbOCSPIO, CbOCSPRespFree, void*);
-    WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*);
-    WOLFSSL_API int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX*);
-#endif /* !NO_CERTS */
-
-
-#ifdef SINGLE_THREADED
-    WOLFSSL_API int wolfSSL_CTX_new_rng(WOLFSSL_CTX*);
-#endif
-
-/* end of handshake frees temporary arrays, if user needs for get_keys or
-   psk hints, call KeepArrays before handshake and then FreeArrays when done
-   if don't want to wait for object free */
-WOLFSSL_API void wolfSSL_KeepArrays(WOLFSSL*);
-WOLFSSL_API void wolfSSL_FreeArrays(WOLFSSL*);
-
-WOLFSSL_API int wolfSSL_KeepHandshakeResources(WOLFSSL* ssl);
-WOLFSSL_API int wolfSSL_FreeHandshakeResources(WOLFSSL* ssl);
-
-WOLFSSL_API int wolfSSL_CTX_UseClientSuites(WOLFSSL_CTX* ctx);
-WOLFSSL_API int wolfSSL_UseClientSuites(WOLFSSL* ssl);
-
-/* async additions */
-#define wolfSSL_UseAsync wolfSSL_SetDevId
-#define wolfSSL_CTX_UseAsync wolfSSL_CTX_SetDevId
-WOLFSSL_API int wolfSSL_SetDevId(WOLFSSL*, int devId);
-WOLFSSL_API int wolfSSL_CTX_SetDevId(WOLFSSL_CTX*, int devId);
-
-/* helpers to get device id and heap */
-WOLFSSL_API int   wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl);
-WOLFSSL_API void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl);
-
-/* TLS Extensions */
-
-/* Server Name Indication */
-#ifdef HAVE_SNI
-
-/* SNI types */
-enum {
-    WOLFSSL_SNI_HOST_NAME = 0
-};
-
-WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type,
-                                         const void* data, unsigned short size);
-WOLFSSL_API int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, unsigned char type,
-                                         const void* data, unsigned short size);
-
-#ifndef NO_WOLFSSL_SERVER
-
-/* SNI options */
-enum {
-    /* Do not abort the handshake if the requested SNI didn't match. */
-    WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01,
-
-    /* Behave as if the requested SNI matched in a case of mismatch.  */
-    /* In this case, the status will be set to WOLFSSL_SNI_FAKE_MATCH. */
-    WOLFSSL_SNI_ANSWER_ON_MISMATCH   = 0x02,
-
-    /* Abort the handshake if the client didn't send a SNI request. */
-    WOLFSSL_SNI_ABORT_ON_ABSENCE     = 0x04,
-};
-
-WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type,
-                                                         unsigned char options);
-WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx,
-                                     unsigned char type, unsigned char options);
-WOLFSSL_API int wolfSSL_SNI_GetFromBuffer(
-                 const unsigned char* clientHello, unsigned int helloSz,
-                 unsigned char type, unsigned char* sni, unsigned int* inOutSz);
-
-#endif /* NO_WOLFSSL_SERVER */
-
-/* SNI status */
-enum {
-    WOLFSSL_SNI_NO_MATCH   = 0,
-    WOLFSSL_SNI_FAKE_MATCH = 1, /**< @see WOLFSSL_SNI_ANSWER_ON_MISMATCH */
-    WOLFSSL_SNI_REAL_MATCH = 2,
-    WOLFSSL_SNI_FORCE_KEEP = 3  /** Used with -DWOLFSSL_ALWAYS_KEEP_SNI */
-};
-
-WOLFSSL_API unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type);
-
-WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl,
-                                               unsigned char type, void** data);
-
-#endif /* HAVE_SNI */
-
-/* Application-Layer Protocol Negotiation */
-#ifdef HAVE_ALPN
-
-/* ALPN status code */
-enum {
-    WOLFSSL_ALPN_NO_MATCH = 0,
-    WOLFSSL_ALPN_MATCH    = 1,
-    WOLFSSL_ALPN_CONTINUE_ON_MISMATCH = 2,
-    WOLFSSL_ALPN_FAILED_ON_MISMATCH = 4,
-};
-
-enum {
-    WOLFSSL_MAX_ALPN_PROTO_NAME_LEN = 255,
-    WOLFSSL_MAX_ALPN_NUMBER = 257
-};
-
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
-typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out,
-    unsigned char* outLen, const unsigned char* in, unsigned int inLen,
-    void *arg);
-#endif
-
-WOLFSSL_API int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
-                                unsigned int protocol_name_listSz,
-                                unsigned char options);
-
-WOLFSSL_API int wolfSSL_ALPN_GetProtocol(WOLFSSL* ssl, char **protocol_name,
-                                         unsigned short *size);
-
-WOLFSSL_API int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list,
-                                             unsigned short *listSz);
-WOLFSSL_API int wolfSSL_ALPN_FreePeerProtocol(WOLFSSL* ssl, char **list);
-#endif /* HAVE_ALPN */
-
-/* Maximum Fragment Length */
-#ifdef HAVE_MAX_FRAGMENT
-
-/* Fragment lengths */
-enum {
-    WOLFSSL_MFL_2_9  = 1, /*  512 bytes */
-    WOLFSSL_MFL_2_10 = 2, /* 1024 bytes */
-    WOLFSSL_MFL_2_11 = 3, /* 2048 bytes */
-    WOLFSSL_MFL_2_12 = 4, /* 4096 bytes */
-    WOLFSSL_MFL_2_13 = 5, /* 8192 bytes *//* wolfSSL ONLY!!! */
-    WOLFSSL_MFL_2_8  = 6, /*  256 bytes *//* wolfSSL ONLY!!! */
-    WOLFSSL_MFL_MIN  = WOLFSSL_MFL_2_9,
-    WOLFSSL_MFL_MAX  = WOLFSSL_MFL_2_8,
-};
-
-#ifndef NO_WOLFSSL_CLIENT
-
-WOLFSSL_API int wolfSSL_UseMaxFragment(WOLFSSL* ssl, unsigned char mfl);
-WOLFSSL_API int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, unsigned char mfl);
-
-#endif
-#endif /* HAVE_MAX_FRAGMENT */
-
-/* Truncated HMAC */
-#ifdef HAVE_TRUNCATED_HMAC
-#ifndef NO_WOLFSSL_CLIENT
-
-WOLFSSL_API int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl);
-WOLFSSL_API int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx);
-
-#endif
-#endif
-
-/* Certificate Status Request */
-/* Certificate Status Type */
-enum {
-    WOLFSSL_CSR_OCSP = 1
-};
-
-/* Certificate Status Options (flags) */
-enum {
-    WOLFSSL_CSR_OCSP_USE_NONCE = 0x01
-};
-
-#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
-#ifndef NO_WOLFSSL_CLIENT
-
-WOLFSSL_API int wolfSSL_UseOCSPStapling(WOLFSSL* ssl,
-                              unsigned char status_type, unsigned char options);
-
-WOLFSSL_API int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx,
-                              unsigned char status_type, unsigned char options);
-
-#endif
-#endif
-
-/* Certificate Status Request v2 */
-/* Certificate Status Type */
-enum {
-    WOLFSSL_CSR2_OCSP = 1,
-    WOLFSSL_CSR2_OCSP_MULTI = 2
-};
-
-/* Certificate Status v2 Options (flags) */
-enum {
-    WOLFSSL_CSR2_OCSP_USE_NONCE = 0x01
-};
-
-#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
-#ifndef NO_WOLFSSL_CLIENT
-
-WOLFSSL_API int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl,
-                              unsigned char status_type, unsigned char options);
-
-WOLFSSL_API int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx,
-                              unsigned char status_type, unsigned char options);
-
-#endif
-#endif
-
-/* Named Groups */
-enum {
-#if 0 /* Not Supported */
-    WOLFSSL_ECC_SECT163K1 = 1,
-    WOLFSSL_ECC_SECT163R1 = 2,
-    WOLFSSL_ECC_SECT163R2 = 3,
-    WOLFSSL_ECC_SECT193R1 = 4,
-    WOLFSSL_ECC_SECT193R2 = 5,
-    WOLFSSL_ECC_SECT233K1 = 6,
-    WOLFSSL_ECC_SECT233R1 = 7,
-    WOLFSSL_ECC_SECT239K1 = 8,
-    WOLFSSL_ECC_SECT283K1 = 9,
-    WOLFSSL_ECC_SECT283R1 = 10,
-    WOLFSSL_ECC_SECT409K1 = 11,
-    WOLFSSL_ECC_SECT409R1 = 12,
-    WOLFSSL_ECC_SECT571K1 = 13,
-    WOLFSSL_ECC_SECT571R1 = 14,
-#endif
-    WOLFSSL_ECC_SECP160K1 = 15,
-    WOLFSSL_ECC_SECP160R1 = 16,
-    WOLFSSL_ECC_SECP160R2 = 17,
-    WOLFSSL_ECC_SECP192K1 = 18,
-    WOLFSSL_ECC_SECP192R1 = 19,
-    WOLFSSL_ECC_SECP224K1 = 20,
-    WOLFSSL_ECC_SECP224R1 = 21,
-    WOLFSSL_ECC_SECP256K1 = 22,
-    WOLFSSL_ECC_SECP256R1 = 23,
-    WOLFSSL_ECC_SECP384R1 = 24,
-    WOLFSSL_ECC_SECP521R1 = 25,
-    WOLFSSL_ECC_BRAINPOOLP256R1 = 26,
-    WOLFSSL_ECC_BRAINPOOLP384R1 = 27,
-    WOLFSSL_ECC_BRAINPOOLP512R1 = 28,
-    WOLFSSL_ECC_X25519    = 29,
-#ifdef WOLFSSL_TLS13
-    /* Not implemented. */
-    WOLFSSL_ECC_X448      = 30,
-
-    WOLFSSL_FFDHE_2048    = 256,
-    WOLFSSL_FFDHE_3072    = 257,
-    WOLFSSL_FFDHE_4096    = 258,
-    WOLFSSL_FFDHE_6144    = 259,
-    WOLFSSL_FFDHE_8192    = 260,
-#endif
-};
-
-enum {
-    WOLFSSL_EC_PF_UNCOMPRESSED = 0,
-#if 0 /* Not Supported */
-    WOLFSSL_EC_PF_X962_COMP_PRIME = 1,
-    WOLFSSL_EC_PF_X962_COMP_CHAR2 = 2,
-#endif
-};
-
-#ifdef HAVE_SUPPORTED_CURVES
-#ifndef NO_WOLFSSL_CLIENT
-
-WOLFSSL_API int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, unsigned short name);
-WOLFSSL_API int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx,
-                                                           unsigned short name);
-
-#endif
-#endif
-
-#ifdef WOLFSSL_TLS13
-WOLFSSL_API int wolfSSL_UseKeyShare(WOLFSSL* ssl, unsigned short group);
-WOLFSSL_API int wolfSSL_NoKeyShares(WOLFSSL* ssl);
-#endif
-
-
-/* Secure Renegotiation */
-#ifdef HAVE_SECURE_RENEGOTIATION
-
-WOLFSSL_API int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl);
-WOLFSSL_API int wolfSSL_Rehandshake(WOLFSSL* ssl);
-
-#endif
-
-/* Session Ticket */
-#ifdef HAVE_SESSION_TICKET
-
-#ifndef NO_WOLFSSL_CLIENT
-WOLFSSL_API int wolfSSL_UseSessionTicket(WOLFSSL* ssl);
-WOLFSSL_API int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx);
-WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL*, unsigned char*, unsigned int*);
-WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL*, const unsigned char*, unsigned int);
-typedef int (*CallbackSessionTicket)(WOLFSSL*, const unsigned char*, int, void*);
-WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*,
-                                                  CallbackSessionTicket, void*);
-#endif /* NO_WOLFSSL_CLIENT */
-
-
-#define WOLFSSL_TICKET_NAME_SZ 16
-#define WOLFSSL_TICKET_IV_SZ   16
-#define WOLFSSL_TICKET_MAC_SZ  32
-
-enum TicketEncRet {
-    WOLFSSL_TICKET_RET_FATAL  = -1,  /* fatal error, don't use ticket */
-    WOLFSSL_TICKET_RET_OK     =  0,  /* ok, use ticket */
-    WOLFSSL_TICKET_RET_REJECT,       /* don't use ticket, but not fatal */
-    WOLFSSL_TICKET_RET_CREATE        /* existing ticket ok and create new one */
-};
-
-#ifndef NO_WOLFSSL_SERVER
-
-typedef int (*SessionTicketEncCb)(WOLFSSL*,
-                                 unsigned char key_name[WOLFSSL_TICKET_NAME_SZ],
-                                 unsigned char iv[WOLFSSL_TICKET_IV_SZ],
-                                 unsigned char mac[WOLFSSL_TICKET_MAC_SZ],
-                                 int enc, unsigned char*, int, int*, void*);
-WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx,
-                                            SessionTicketEncCb);
-WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int);
-WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*);
-
-#endif /* NO_WOLFSSL_SERVER */
-
-#endif /* HAVE_SESSION_TICKET */
-
-#ifdef HAVE_QSH
-/* Quantum-safe Crypto Schemes */
-enum {
-    WOLFSSL_NTRU_EESS439 = 0x0101, /* max plaintext length of 65  */
-    WOLFSSL_NTRU_EESS593 = 0x0102, /* max plaintext length of 86  */
-    WOLFSSL_NTRU_EESS743 = 0x0103, /* max plaintext length of 106 */
-    WOLFSSL_LWE_XXX  = 0x0201,     /* Learning With Error encryption scheme */
-    WOLFSSL_HFE_XXX  = 0x0301,     /* Hidden Field Equation scheme */
-    WOLFSSL_NULL_QSH = 0xFFFF      /* QSHScheme is not used */
-};
-
-
-/* test if the connection is using a QSH secure connection return 1 if so */
-WOLFSSL_API int wolfSSL_isQSH(WOLFSSL* ssl);
-WOLFSSL_API int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, unsigned short name);
-#ifndef NO_WOLFSSL_CLIENT
-    /* user control over sending client public key in hello
-       when flag = 1 will send keys if flag is 0 or function is not called
-       then will not send keys in the hello extension */
-    WOLFSSL_API int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag);
-#endif
-
-#endif /* QSH */
-
-/* TLS Extended Master Secret Extension */
-WOLFSSL_API int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl);
-WOLFSSL_API int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx);
-
-
-#define WOLFSSL_CRL_MONITOR   0x01   /* monitor this dir flag */
-#define WOLFSSL_CRL_START_MON 0x02   /* start monitoring flag */
-
-
-/* notify user the handshake is done */
-typedef int (*HandShakeDoneCb)(WOLFSSL*, void*);
-WOLFSSL_API int wolfSSL_SetHsDoneCb(WOLFSSL*, HandShakeDoneCb, void*);
-
-
-WOLFSSL_API int wolfSSL_PrintSessionStats(void);
-WOLFSSL_API int wolfSSL_get_session_stats(unsigned int* active,
-                                          unsigned int* total,
-                                          unsigned int* peak,
-                                          unsigned int* maxSessions);
-/* External facing KDF */
-WOLFSSL_API
-int wolfSSL_MakeTlsMasterSecret(unsigned char* ms, unsigned int msLen,
-                               const unsigned char* pms, unsigned int pmsLen,
-                               const unsigned char* cr, const unsigned char* sr,
-                               int tls1_2, int hash_type);
-
-WOLFSSL_API
-int wolfSSL_MakeTlsExtendedMasterSecret(unsigned char* ms, unsigned int msLen,
-                              const unsigned char* pms, unsigned int pmsLen,
-                              const unsigned char* sHash, unsigned int sHashLen,
-                              int tls1_2, int hash_type);
-
-WOLFSSL_API
-int wolfSSL_DeriveTlsKeys(unsigned char* key_data, unsigned int keyLen,
-                               const unsigned char* ms, unsigned int msLen,
-                               const unsigned char* sr, const unsigned char* cr,
-                               int tls1_2, int hash_type);
-
-#ifdef WOLFSSL_CALLBACKS
-
-/* used internally by wolfSSL while OpenSSL types aren't */
-#include <wolfssl/callbacks.h>
-
-typedef int (*HandShakeCallBack)(HandShakeInfo*);
-typedef int (*TimeoutCallBack)(TimeoutInfo*);
-
-/* wolfSSL connect extension allowing HandShakeCallBack and/or TimeoutCallBack
-   for diagnostics */
-WOLFSSL_API int wolfSSL_connect_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
-                                 Timeval);
-WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
-                                Timeval);
-
-#endif /* WOLFSSL_CALLBACKS */
-
-
-#ifdef WOLFSSL_HAVE_WOLFSCEP
-    WOLFSSL_API void wolfSSL_wolfSCEP(void);
-#endif /* WOLFSSL_HAVE_WOLFSCEP */
-
-#ifdef WOLFSSL_HAVE_CERT_SERVICE
-    WOLFSSL_API void wolfSSL_cert_service(void);
-#endif
-
-#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-/* Smaller subset of X509 compatibility functions. Avoid increasing the size of
- * this subset and its memory usage */
-
-#include <wolfssl/openssl/asn1.h>
-struct WOLFSSL_X509_NAME_ENTRY {
-    WOLFSSL_ASN1_OBJECT  object;  /* static object just for keeping grp, type */
-    WOLFSSL_ASN1_STRING  data;
-    WOLFSSL_ASN1_STRING* value;  /* points to data, for lighttpd port */
-    int nid; /* i.e. ASN_COMMON_NAME */
-    int set;
-    int size;
-};
-#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
-
-
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
-
-enum {
-    WOLFSSL_SYS_ACCEPT = 0,
-    WOLFSSL_SYS_BIND,
-    WOLFSSL_SYS_CONNECT,
-    WOLFSSL_SYS_FOPEN,
-    WOLFSSL_SYS_FREAD,
-    WOLFSSL_SYS_GETADDRINFO,
-    WOLFSSL_SYS_GETSOCKOPT,
-    WOLFSSL_SYS_GETSOCKNAME,
-    WOLFSSL_SYS_GETHOSTBYNAME,
-    WOLFSSL_SYS_GETNAMEINFO,
-    WOLFSSL_SYS_GETSERVBYNAME,
-    WOLFSSL_SYS_IOCTLSOCKET,
-    WOLFSSL_SYS_LISTEN,
-    WOLFSSL_SYS_OPENDIR,
-    WOLFSSL_SYS_SETSOCKOPT,
-    WOLFSSL_SYS_SOCKET
-};
-
-/* Object functions */
-WOLFSSL_API const char *  wolfSSL_OBJ_nid2sn(int n);
-WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o);
-WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn);
-
-WOLFSSL_API char* wolfSSL_OBJ_nid2ln(int n);
-WOLFSSL_API int wolfSSL_OBJ_txt2nid(const char *sn);
-
-WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj(int n);
-WOLFSSL_LOCAL WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj_ex(int n, WOLFSSL_ASN1_OBJECT *arg_obj);
-WOLFSSL_API int wolfSSL_OBJ_obj2txt(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a, int no_name);
-
-WOLFSSL_API void wolfSSL_OBJ_cleanup(void);
-/* end of object functions */
-
-WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line);
-WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt);
-WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt);
-
-#ifndef NO_CERTS
-WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_NID(
-            WOLFSSL_X509_NAME_ENTRY** out, int nid, int type,
-            unsigned char* data, int dataSz);
-WOLFSSL_API int wolfSSL_X509_NAME_add_entry(WOLFSSL_X509_NAME* name,
-                              WOLFSSL_X509_NAME_ENTRY* entry, int idx, int set);
-WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name,
-    const char *field, int type, const unsigned char *bytes, int len, int loc,
-    int set);
-WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x,
-            const WOLFSSL_X509_NAME* y);
-WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void);
-WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
-WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
-                                                     int nid, int* c, int* idx);
-WOLFSSL_API int wolfSSL_X509_digest(const WOLFSSL_X509* x509,
-        const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len);
-WOLFSSL_API int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509);
-WOLFSSL_API int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey);
-WOLFSSL_API int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl,
-                                            unsigned char* der, long derSz);
-WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl);
-#ifndef NO_RSA
-WOLFSSL_API int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der,
-                                                                long derSz);
-#endif
-#endif /* NO_CERTS */
-
-WOLFSSL_API WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r);
-
-WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
-        unsigned char* out, int outSz);
-WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses);
-
-WOLFSSL_API void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx,
-                                                       WOLFSSL_X509_STORE* str);
-WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509);
-#if !defined(NO_FILESYSTEM)
-WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp,
-                                               WOLFSSL_X509** x509);
-#endif
-WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio,
-                                               WOLFSSL_X509** x509);
-WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx);
-
-WOLFSSL_API size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio);
-WOLFSSL_API size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b);
-WOLFSSL_API size_t wolfSSL_get_server_random(const WOLFSSL *ssl,
-                                             unsigned char *out, size_t outlen);
-WOLFSSL_API size_t wolfSSL_get_client_random(const WOLFSSL* ssl,
-                                              unsigned char* out, size_t outSz);
-WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
-WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
-WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
-        (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
-#ifndef NO_FILESYSTEM
-WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(XFILE fp,
-        WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u);
-#endif
-WOLFSSL_API int wolfSSL_PEM_get_EVP_CIPHER_INFO(char* header,
-                                                EncryptedInfo* cipher);
-WOLFSSL_API int wolfSSL_PEM_do_header(EncryptedInfo* cipher,
-                                      unsigned char* data, long* len,
-                                      pem_password_cb* callback, void* ctx);
-
-/*lighttp compatibility */
-
-struct WOLFSSL_ASN1_BIT_STRING {
-    int length;
-    int type;
-    char* data;
-    long flags;
-};
-
-
-#if    defined(OPENSSL_EXTRA) \
-    || defined(OPENSSL_ALL) \
-    || defined(HAVE_LIGHTY) \
-    || defined(WOLFSSL_MYSQL_COMPATIBLE) \
-    || defined(HAVE_STUNNEL) \
-    || defined(WOLFSSL_NGINX) \
-    || defined(WOLFSSL_HAPROXY)
-WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne);
-WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void);
-WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name);
-WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
-WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name);
-/* These are to be merged shortly */
-WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth);
-WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
-WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
-WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
-WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
-WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*));
-WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
-WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md);
-WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md);
-WOLFSSL_API unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, unsigned char *md);
-WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*);
-WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk );
-WOLFSSL_API int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509);
-
-#ifndef NO_FILESYSTEM
-WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c);
-WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp);
-#endif
-
-#endif /* OPENSSL_EXTRA || OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
-
-#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
-
-
-#if defined(OPENSSL_ALL) \
-    || defined(HAVE_STUNNEL) \
-    || defined(HAVE_LIGHTY) \
-    || defined(WOLFSSL_MYSQL_COMPATIBLE) \
-    || defined(WOLFSSL_HAPROXY) \
-    || defined(OPENSSL_EXTRA)
-
-WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode);
-WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*);
-WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp,
-    WOLFSSL_DH **x, pem_password_cb *cb, void *u);
-WOLFSSL_API WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp,
-    WOLFSSL_DSA **x, pem_password_cb *cb, void *u);
-WOLFSSL_API int wolfSSL_PEM_write_bio_X509_REQ(WOLFSSL_BIO *bp,WOLFSSL_X509 *x);
-WOLFSSL_API int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp,WOLFSSL_X509 *x);
-WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
-
-#endif /* HAVE_STUNNEL || HAVE_LIGHTY */
-
-#ifdef OPENSSL_ALL
-WOLFSSL_API int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out);
-WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void);
-WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req);
-WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
-                                      const WOLFSSL_EVP_MD *md);
-WOLFSSL_API int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req,
-                                                  WOLFSSL_X509_NAME *name);
-WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req,
-                                            WOLFSSL_EVP_PKEY *pkey);
-#endif
-
-
-#if defined(OPENSSL_ALL) \
-    || defined(HAVE_STUNNEL) \
-    || defined(WOLFSSL_NGINX) \
-    || defined(WOLFSSL_HAPROXY) \
-    || defined(OPENSSL_EXTRA) \
-    || defined(HAVE_LIGHTY)
-
-#include <wolfssl/openssl/crypto.h>
-
-/* SNI received callback type */
-typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg);
-
-WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
-    void *(*r) (void *, size_t, const char *, int), void (*f) (void *));
-
-WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void);
-
-WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn);
-WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
-    void (*callback) (int, int, void *), void *cb_arg);
-
-WOLFSSL_API int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH*, int, int,
-                           void (*callback) (int, int, void *));
-
-WOLFSSL_API void wolfSSL_ERR_load_crypto_strings(void);
-
-WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void);
-
-WOLFSSL_API int wolfSSL_FIPS_mode(void);
-
-WOLFSSL_API int wolfSSL_FIPS_mode_set(int r);
-
-WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth);
-
-WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits);
-
-WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *s);
-
-WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_new(void);
-WOLFSSL_API int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s);
-
-WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,
-        unsigned long);
-
-WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(
-                            const WOLFSSL_X509*);
-
-WOLFSSL_API int        wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*);
-
-WOLFSSL_API int  wolfSSL_version(WOLFSSL*);
-
-WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*);
-
-WOLFSSL_API void* wolfSSL_sk_X509_NAME_value(const WOLF_STACK_OF(WOLFSSL_X509_NAME)*, int);
-
-WOLFSSL_API void* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)*, int);
-
-WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);
-
-WOLFSSL_API int   wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);
-
-WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,
-        CRYPTO_free_func*);
-
-WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*);
-
-
-WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*,
-        unsigned int*);
-
-WOLFSSL_API int wolfSSL_set_tlsext_host_name(WOLFSSL *, const char *);
-
-WOLFSSL_API const char* wolfSSL_get_servername(WOLFSSL *, unsigned char);
-
-WOLFSSL_API WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL*,WOLFSSL_CTX*);
-
-WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*);
-
-WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*);
-
-WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *,
-        CallbackSniRecv);
-WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *,
-        CallbackSniRecv);
-
-WOLFSSL_API void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*);
-
-WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*);
-
-/* support for depricated old name */
-#define WOLFSSL_ERR_remove_thread_state wolfSSL_ERR_remove_thread_state
-
-#ifndef NO_FILESYSTEM
-WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE fp);
-#endif
-
-WOLFSSL_API void wolfSSL_THREADID_set_callback(void (*threadid_func)(void*));
-
-WOLFSSL_API void wolfSSL_THREADID_set_numeric(void* id, unsigned long val);
-
-WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
-                               WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*);
-
-WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*));
-#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */
-
-#if defined(OPENSSL_ALL) || \
-    defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
-    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
-
-WOLFSSL_API int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx);
-
-#endif
-
-#ifdef WOLFSSL_JNI
-WOLFSSL_API int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr);
-WOLFSSL_API void* wolfSSL_get_jobject(WOLFSSL* ssl);
-#endif /* WOLFSSL_JNI */
-
-
-#ifdef WOLFSSL_ASYNC_CRYPT
-WOLFSSL_API int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags);
-WOLFSSL_API int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents,
-    WOLF_EVENT_FLAG flags, int* eventCount);
-#endif /* WOLFSSL_ASYNC_CRYPT */
-
-#ifdef OPENSSL_EXTRA
-WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, char* names);
-
-typedef void (*SSL_Msg_Cb)(int write_p, int version, int content_type,
-    const void *buf, size_t len, WOLFSSL *ssl, void *arg);
-
-WOLFSSL_API int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb);
-WOLFSSL_API int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb);
-WOLFSSL_API int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg);
-WOLFSSL_API int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg);
-WOLFSSL_API unsigned long wolfSSL_ERR_peek_error_line_data(const char **file,
-    int *line, const char **data, int *flags);
-WOLFSSL_API int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx,
-    const unsigned char *protos, unsigned int protos_len);
-WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data,
-    size_t siz, const char* file, int line);
-WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void);
-#endif
-
-#if defined(OPENSSL_ALL) \
-    || defined(WOLFSSL_NGINX) \
-    || defined(WOLFSSL_HAPROXY) \
-    || defined(OPENSSL_EXTRA)
-WOLFSSL_API void wolfSSL_OPENSSL_config(char *config_name);
-#endif
-
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
-/* Not an OpenSSL API. */
-WOLFSSL_LOCAL int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response);
-/* Not an OpenSSL API. */
-WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl);
-/* Not an OpenSSL API. */
-WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url);
-#endif
-
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
-    || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
-WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl);
-WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a,
-    void *b, void *c);
-WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx);
-WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx,
-    void *data);
-
-WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data,
-    const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len);
-
-WOLFSSL_API long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx);
-WOLFSSL_API int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx,
-    WOLFSSL_EC_KEY *ecdh);
-WOLFSSL_API int wolfSSL_SSL_CTX_remove_session(WOLFSSL_CTX *,
-    WOLFSSL_SESSION *c);
-
-WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s);
-WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s);
-WOLFSSL_API int wolfSSL_SSL_do_handshake(WOLFSSL *s);
-WOLFSSL_API int wolfSSL_SSL_in_init(WOLFSSL *a); /* #define in OpenSSL */
-#ifndef NO_SESSION_CACHE
-    WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *s);
-#endif
-WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk,
-    size_t chklen, unsigned int flags, char **peername);
-
-WOLFSSL_API int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp,
-    const WOLFSSL_ASN1_INTEGER *a);
-
-#ifdef HAVE_SESSION_TICKET
-WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *, int (*)(
-    WOLFSSL *ssl, unsigned char *name, unsigned char *iv,
-    WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc));
-#endif
-
-#if defined(HAVE_OCSP) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
-    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
-WOLFSSL_API int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx,
-    WOLF_STACK_OF(X509)** chain);
-WOLFSSL_API int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx,
-    int(*)(WOLFSSL*, void*));
-
-WOLFSSL_API int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
-    WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x);
-
-WOLFSSL_API void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk);
-WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x);
-
-WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer,
-    WOLFSSL_X509 *subject);
-
-WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x);
-
-WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value(
-    WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx);
-#endif /* HAVE_OCSP */
-
-WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio,
-    WOLFSSL_X509 *cert);
-
-#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
-    OPENSSL_EXTRA || HAVE_LIGHTY*/
-
-WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl,
-        const unsigned char **data, unsigned int *len);
-WOLFSSL_API int wolfSSL_select_next_proto(unsigned char **out,
-        unsigned char *outlen,
-        const unsigned char *in, unsigned int inlen,
-        const unsigned char *client,
-        unsigned int client_len);
-WOLFSSL_API void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx,
-        int (*cb) (WOLFSSL *ssl,
-            const unsigned char **out,
-            unsigned char *outlen,
-            const unsigned char *in,
-            unsigned int inlen,
-            void *arg), void *arg);
-WOLFSSL_API void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s,
-        int (*cb) (WOLFSSL *ssl,
-            const unsigned char **out,
-            unsigned int *outlen,
-            void *arg), void *arg);
-WOLFSSL_API void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s,
-        int (*cb) (WOLFSSL *ssl,
-            unsigned char **out,
-            unsigned char *outlen,
-            const unsigned char *in,
-            unsigned int inlen,
-            void *arg), void *arg);
-WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data,
-        unsigned *len);
-
-
-#ifdef OPENSSL_EXTRA
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
-WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context(
-        const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length);
-WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count);
-WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count);
-#endif
-
-WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len);
-WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
-WOLFSSL_API void *X509_get0_tbs_sigalg(const WOLFSSL_X509 *x);
-WOLFSSL_API void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor);
-WOLFSSL_API void *X509_get_X509_PUBKEY(void * x);
-WOLFSSL_API int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub);
-WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a);
-WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));
-WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
-WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir);
-WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x);
-WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p);
-WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st);
-WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx);
-WOLFSSL_API void ERR_load_SSL_strings(void);
-WOLFSSL_API void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p);
-
-WOLFSSL_API const char *wolfSSL_ASN1_tag2str(int tag);
-WOLFSSL_API int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags);
-WOLFSSL_API int wolfSSL_ASN1_TIME_get_length(WOLFSSL_ASN1_TIME *t);
-WOLFSSL_API unsigned char* wolfSSL_ASN1_TIME_get_data(WOLFSSL_ASN1_TIME *t);
-WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
-                                                                WOLFSSL_ASN1_TIME **out);
-WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp);
-WOLFSSL_API int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE *store);
-WOLFSSL_API long wolfSSL_X509_get_version(const WOLFSSL_X509 *x);
-WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x);
-
-WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio,
-    WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd,
-    int passwdSz, pem_password_cb* cb, void* ctx);
-WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
-    WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u);
-WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(
-    WOLFSSL_EVP_PKEY** pkey, const unsigned char** data, long length);
-
-#endif /* OPENSSL_EXTRA */
-
-#ifdef HAVE_PK_CALLBACKS
-WOLFSSL_API int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx);
-#endif
-
-#ifdef __cplusplus
-    }  /* extern "C" */
-#endif
-
-
-#endif /* WOLFSSL_SSL_H */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/version.h b/components/ssl/wolfssl/wolfssl/wolfssl/version.h
deleted file mode 100644
index 19377a21..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/version.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/* wolfssl_version.h.in
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-
-#ifndef WOLFSSL_VERSION_H
-#define WOLFSSL_VERSION_H
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define LIBWOLFSSL_VERSION_STRING "3.15.7"
-#define LIBWOLFSSL_VERSION_HEX 0x03015007
-
-#ifdef __cplusplus
-}
-#endif
-
-
-#endif /* WOLFSSL_VERSION_H */
-
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h
deleted file mode 100644
index 60d3467f..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h
+++ /dev/null
@@ -1,359 +0,0 @@
-/* aes.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/*!
-    \file wolfssl/wolfcrypt/aes.h
-*/
-
-
-#ifndef WOLF_CRYPT_AES_H
-#define WOLF_CRYPT_AES_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_AES
-
-#if defined(HAVE_FIPS) && \
-    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
-    #include <wolfssl/wolfcrypt/fips.h>
-#endif /* HAVE_FIPS_VERSION >= 2 */
-
-/* included for fips @wc_fips */
-#if defined(HAVE_FIPS) && \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
-#include <cyassl/ctaocrypt/aes.h>
-#if defined(CYASSL_AES_COUNTER) && !defined(WOLFSSL_AES_COUNTER)
-    #define WOLFSSL_AES_COUNTER
-#endif
-#if !defined(WOLFSSL_AES_DIRECT) && defined(CYASSL_AES_DIRECT)
-    #define WOLFSSL_AES_DIRECT
-#endif
-#endif
-
-#ifndef WC_NO_RNG
-    #include <wolfssl/wolfcrypt/random.h>
-#endif
-#ifdef STM32_CRYPTO
-    #include <wolfssl/wolfcrypt/port/st/stm32.h>
-#endif
-
-#ifdef WOLFSSL_AESNI
-
-#include <wmmintrin.h>
-#include <emmintrin.h>
-#include <smmintrin.h>
-
-#endif /* WOLFSSL_AESNI */
-
-
-#ifdef WOLFSSL_XILINX_CRYPT
-#include "xsecure_aes.h"
-#endif
-
-#ifdef WOLFSSL_AFALG
-/* included for struct msghdr */
-#include <sys/socket.h>
-#endif
-
-#if defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)
-#include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
-#endif
-
-#if defined(HAVE_AESGCM) && !defined(WC_NO_RNG)
-    #include <wolfssl/wolfcrypt/random.h>
-#endif
-
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-/* these are required for FIPS and non-FIPS */
-enum {
-    AES_128_KEY_SIZE    = 16,  /* for 128 bit             */
-    AES_192_KEY_SIZE    = 24,  /* for 192 bit             */
-    AES_256_KEY_SIZE    = 32,  /* for 256 bit             */
-
-    AES_IV_SIZE         = 16,  /* always block size       */
-};
-
-
-/* avoid redefinition of structs */
-#if !defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
-
-#ifdef WOLFSSL_ASYNC_CRYPT
-    #include <wolfssl/wolfcrypt/async.h>
-#endif
-
-enum {
-    AES_ENC_TYPE   = WC_CIPHER_AES,   /* cipher unique type */
-    AES_ENCRYPTION = 0,
-    AES_DECRYPTION = 1,
-
-    AES_BLOCK_SIZE      = 16,
-
-    KEYWRAP_BLOCK_SIZE  = 8,
-
-    GCM_NONCE_MAX_SZ = 16, /* wolfCrypt's maximum nonce size allowed. */
-    GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */
-    GCM_NONCE_MIN_SZ = 8,  /* wolfCrypt's minimum nonce size allowed. */
-    CCM_NONCE_MIN_SZ = 7,
-    CCM_NONCE_MAX_SZ = 13,
-    CTR_SZ   = 4,
-    AES_IV_FIXED_SZ = 4,
-
-#ifdef HAVE_PKCS11
-    AES_MAX_ID_LEN   = 32,
-#endif
-};
-
-
-typedef struct Aes {
-    /* AESNI needs key first, rounds 2nd, not sure why yet */
-    ALIGN16 word32 key[60];
-    word32  rounds;
-    int     keylen;
-
-    ALIGN16 word32 reg[AES_BLOCK_SIZE / sizeof(word32)];      /* for CBC mode */
-    ALIGN16 word32 tmp[AES_BLOCK_SIZE / sizeof(word32)];      /* same         */
-
-#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
-    word32 invokeCtr[2];
-    word32 nonceSz;
-#endif
-#ifdef HAVE_AESGCM
-    ALIGN16 byte H[AES_BLOCK_SIZE];
-#ifdef GCM_TABLE
-    /* key-based fast multiplication table. */
-    ALIGN16 byte M0[256][AES_BLOCK_SIZE];
-#endif /* GCM_TABLE */
-#endif /* HAVE_AESGCM */
-#ifdef WOLFSSL_AESNI
-    byte use_aesni;
-#endif /* WOLFSSL_AESNI */
-#ifdef WOLF_CRYPTO_DEV
-    int   devId;
-#endif
-#ifdef HAVE_PKCS11
-    byte id[AES_MAX_ID_LEN];
-    int  idLen;
-#endif
-#ifdef WOLFSSL_ASYNC_CRYPT
-    word32 asyncKey[AES_MAX_KEY_SIZE/8/sizeof(word32)]; /* raw key */
-    word32 asyncIv[AES_BLOCK_SIZE/sizeof(word32)]; /* raw IV */
-    WC_ASYNC_DEV asyncDev;
-#endif /* WOLFSSL_ASYNC_CRYPT */
-#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB)
-    word32  left;            /* unused bytes left from last call */
-#endif
-#ifdef WOLFSSL_XILINX_CRYPT
-    XSecure_Aes xilAes;
-    XCsuDma     dma;
-    word32      key_init[8];
-    word32      kup;
-#endif
-#ifdef WOLFSSL_AFALG
-    int alFd; /* server socket to bind to */
-    int rdFd; /* socket to read from */
-    struct msghdr msg;
-    int dir;  /* flag for encrpyt or decrypt */
-#endif
-#if defined(WOLFSSL_DEVCRYPTO) && \
-    (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC))
-    word32       devKey[AES_MAX_KEY_SIZE/WOLFSSL_BIT_SIZE/sizeof(word32)]; /* raw key */
-    WC_CRYPTODEV ctx;
-#endif
-    void*  heap; /* memory hint to use */
-} Aes;
-
-#ifdef WOLFSSL_AES_XTS
-typedef struct XtsAes {
-    Aes aes;
-    Aes tweak;
-} XtsAes;
-#endif
-
-#ifdef HAVE_AESGCM
-typedef struct Gmac {
-    Aes aes;
-} Gmac;
-#endif /* HAVE_AESGCM */
-#endif /* HAVE_FIPS */
-
-
-/* Authenticate cipher function prototypes */
-typedef int (*wc_AesAuthEncryptFunc)(Aes* aes, byte* out,
-                                   const byte* in, word32 sz,
-                                   const byte* iv, word32 ivSz,
-                                   byte* authTag, word32 authTagSz,
-                                   const byte* authIn, word32 authInSz);
-typedef int (*wc_AesAuthDecryptFunc)(Aes* aes, byte* out,
-                                   const byte* in, word32 sz,
-                                   const byte* iv, word32 ivSz,
-                                   const byte* authTag, word32 authTagSz,
-                                   const byte* authIn, word32 authInSz);
-
-/* AES-CBC */
-WOLFSSL_API int  wc_AesSetKey(Aes* aes, const byte* key, word32 len,
-                              const byte* iv, int dir);
-WOLFSSL_API int  wc_AesSetIV(Aes* aes, const byte* iv);
-
-#ifdef HAVE_AES_CBC
-WOLFSSL_API int  wc_AesCbcEncrypt(Aes* aes, byte* out,
-                                  const byte* in, word32 sz);
-WOLFSSL_API int  wc_AesCbcDecrypt(Aes* aes, byte* out,
-                                  const byte* in, word32 sz);
-#endif
-
-#ifdef WOLFSSL_AES_CFB
-WOLFSSL_API int wc_AesCfbEncrypt(Aes* aes, byte* out,
-                                    const byte* in, word32 sz);
-#ifdef HAVE_AES_DECRYPT
-WOLFSSL_API int wc_AesCfbDecrypt(Aes* aes, byte* out,
-                                    const byte* in, word32 sz);
-#endif /* HAVE_AES_DECRYPT */
-#endif /* WOLFSSL_AES_CFB */
-
-#ifdef HAVE_AES_ECB
-WOLFSSL_API int wc_AesEcbEncrypt(Aes* aes, byte* out,
-                                  const byte* in, word32 sz);
-WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out,
-                                  const byte* in, word32 sz);
-#endif
-
-/* AES-CTR */
-#ifdef WOLFSSL_AES_COUNTER
- WOLFSSL_API int wc_AesCtrEncrypt(Aes* aes, byte* out,
-                                   const byte* in, word32 sz);
-#endif
-/* AES-DIRECT */
-#if defined(WOLFSSL_AES_DIRECT)
- WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in);
- WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in);
- WOLFSSL_API int  wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
-                                const byte* iv, int dir);
-#endif
-
-#ifdef HAVE_AESGCM
-#ifdef WOLFSSL_XILINX_CRYPT
- WOLFSSL_API int  wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len,
-         word32 kup);
-#endif
- WOLFSSL_API int  wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len);
- WOLFSSL_API int  wc_AesGcmEncrypt(Aes* aes, byte* out,
-                                   const byte* in, word32 sz,
-                                   const byte* iv, word32 ivSz,
-                                   byte* authTag, word32 authTagSz,
-                                   const byte* authIn, word32 authInSz);
- WOLFSSL_API int  wc_AesGcmDecrypt(Aes* aes, byte* out,
-                                   const byte* in, word32 sz,
-                                   const byte* iv, word32 ivSz,
-                                   const byte* authTag, word32 authTagSz,
-                                   const byte* authIn, word32 authInSz);
-
-#ifndef WC_NO_RNG
- WOLFSSL_API int  wc_AesGcmSetExtIV(Aes* aes, const byte* iv, word32 ivSz);
- WOLFSSL_API int  wc_AesGcmSetIV(Aes* aes, word32 ivSz,
-                                   const byte* ivFixed, word32 ivFixedSz,
-                                   WC_RNG* rng);
- WOLFSSL_API int  wc_AesGcmEncrypt_ex(Aes* aes, byte* out,
-                                   const byte* in, word32 sz,
-                                   byte* ivOut, word32 ivOutSz,
-                                   byte* authTag, word32 authTagSz,
-                                   const byte* authIn, word32 authInSz);
-#endif /* WC_NO_RNG */
-
- WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len);
- WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
-                               const byte* authIn, word32 authInSz,
-                               byte* authTag, word32 authTagSz);
-#ifndef WC_NO_RNG
- WOLFSSL_API int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz,
-                               const byte* authIn, word32 authInSz,
-                               byte* authTag, word32 authTagSz, WC_RNG* rng);
- WOLFSSL_API int wc_GmacVerify(const byte* key, word32 keySz,
-                               const byte* iv, word32 ivSz,
-                               const byte* authIn, word32 authInSz,
-                               const byte* authTag, word32 authTagSz);
-#endif /* WC_NO_RNG */
- WOLFSSL_LOCAL void GHASH(Aes* aes, const byte* a, word32 aSz, const byte* c,
-                               word32 cSz, byte* s, word32 sSz);
-#endif /* HAVE_AESGCM */
-#ifdef HAVE_AESCCM
- WOLFSSL_API int  wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz);
- WOLFSSL_API int  wc_AesCcmEncrypt(Aes* aes, byte* out,
-                                   const byte* in, word32 inSz,
-                                   const byte* nonce, word32 nonceSz,
-                                   byte* authTag, word32 authTagSz,
-                                   const byte* authIn, word32 authInSz);
- WOLFSSL_API int  wc_AesCcmDecrypt(Aes* aes, byte* out,
-                                   const byte* in, word32 inSz,
-                                   const byte* nonce, word32 nonceSz,
-                                   const byte* authTag, word32 authTagSz,
-                                   const byte* authIn, word32 authInSz);
- WOLFSSL_API int  wc_AesCcmSetNonce(Aes* aes,
-                                   const byte* nonce, word32 nonceSz);
- WOLFSSL_API int  wc_AesCcmEncrypt_ex(Aes* aes, byte* out,
-                                   const byte* in, word32 sz,
-                                   byte* ivOut, word32 ivOutSz,
-                                   byte* authTag, word32 authTagSz,
-                                   const byte* authIn, word32 authInSz);
-#endif /* HAVE_AESCCM */
-#ifdef HAVE_AES_KEYWRAP
- WOLFSSL_API int  wc_AesKeyWrap(const byte* key, word32 keySz,
-                                const byte* in, word32 inSz,
-                                byte* out, word32 outSz,
-                                const byte* iv);
- WOLFSSL_API int  wc_AesKeyUnWrap(const byte* key, word32 keySz,
-                                const byte* in, word32 inSz,
-                                byte* out, word32 outSz,
-                                const byte* iv);
-#endif /* HAVE_AES_KEYWRAP */
-
-#ifdef WOLFSSL_AES_XTS
-
-WOLFSSL_API int wc_AesXtsSetKey(XtsAes* aes, const byte* key,
-         word32 len, int dir, void* heap, int devId);
-
-WOLFSSL_API int wc_AesXtsEncryptSector(XtsAes* aes, byte* out,
-         const byte* in, word32 sz, word64 sector);
-
-WOLFSSL_API int wc_AesXtsDecryptSector(XtsAes* aes, byte* out,
-         const byte* in, word32 sz, word64 sector);
-
-WOLFSSL_API int wc_AesXtsEncrypt(XtsAes* aes, byte* out,
-         const byte* in, word32 sz, const byte* i, word32 iSz);
-
-WOLFSSL_API int wc_AesXtsDecrypt(XtsAes* aes, byte* out,
-        const byte* in, word32 sz, const byte* i, word32 iSz);
-
-WOLFSSL_API int wc_AesXtsFree(XtsAes* aes);
-#endif
-
-WOLFSSL_API int wc_AesGetKeySize(Aes* aes, word32* keySize);
-
-WOLFSSL_API int  wc_AesInit(Aes* aes, void* heap, int devId);
-#ifdef HAVE_PKCS11
-WOLFSSL_API int  wc_AesInit_Id(Aes* aes, unsigned char* id, int len, void* heap,
-        int devId);
-#endif
-WOLFSSL_API void wc_AesFree(Aes* aes);
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-
-#endif /* NO_AES */
-#endif /* WOLF_CRYPT_AES_H */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/arc4.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/arc4.h
deleted file mode 100644
index cbb9b198..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/arc4.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/* arc4.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/*!
-    \file wolfssl/wolfcrypt/arc4.h
-*/
-
-#ifndef WOLF_CRYPT_ARC4_H
-#define WOLF_CRYPT_ARC4_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-#ifdef WOLFSSL_ASYNC_CRYPT
-    #include <wolfssl/wolfcrypt/async.h>
-#endif
-
-enum {
-	ARC4_ENC_TYPE   = 4,    /* cipher unique type */
-    ARC4_STATE_SIZE = 256,
-    RC4_KEY_SIZE    = 16,   /* always 128bit           */
-};
-
-/* ARC4 encryption and decryption */
-typedef struct Arc4 {
-    byte x;
-    byte y;
-    byte state[ARC4_STATE_SIZE];
-#ifdef WOLFSSL_ASYNC_CRYPT
-    WC_ASYNC_DEV asyncDev;
-#endif
-    void* heap;
-} Arc4;
-
-WOLFSSL_API int wc_Arc4Process(Arc4*, byte*, const byte*, word32);
-WOLFSSL_API int wc_Arc4SetKey(Arc4*, const byte*, word32);
-
-WOLFSSL_API int  wc_Arc4Init(Arc4*, void*, int);
-WOLFSSL_API void wc_Arc4Free(Arc4*);
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-
-#endif /* WOLF_CRYPT_ARC4_H */
-
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/asn_public.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/asn_public.h
deleted file mode 100644
index 7199ce29..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/asn_public.h
+++ /dev/null
@@ -1,508 +0,0 @@
-/* asn_public.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/*!
-    \file wolfssl/wolfcrypt/asn_public.h
-*/
-
-#ifndef WOLF_CRYPT_ASN_PUBLIC_H
-#define WOLF_CRYPT_ASN_PUBLIC_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-/* guard on redeclaration */
-#ifndef WC_ECCKEY_TYPE_DEFINED
-    typedef struct ecc_key ecc_key;
-    #define WC_ECCKEY_TYPE_DEFINED
-#endif
-#ifndef WC_ED25519KEY_TYPE_DEFINED
-    typedef struct ed25519_key ed25519_key;
-    #define WC_ED25519KEY_TYPE_DEFINED
-#endif
-#ifndef WC_RSAKEY_TYPE_DEFINED
-    typedef struct RsaKey RsaKey;
-    #define WC_RSAKEY_TYPE_DEFINED
-#endif
-#ifndef WC_RNG_TYPE_DEFINED
-    typedef struct WC_RNG WC_RNG;
-    #define WC_RNG_TYPE_DEFINED
-#endif
-
-
-/* Certificate file Type */
-enum CertType {
-    CERT_TYPE       = 0,
-    PRIVATEKEY_TYPE,
-    DH_PARAM_TYPE,
-    DSA_PARAM_TYPE,
-    CRL_TYPE,
-    CA_TYPE,
-    ECC_PRIVATEKEY_TYPE,
-    DSA_PRIVATEKEY_TYPE,
-    CERTREQ_TYPE,
-    DSA_TYPE,
-    ECC_TYPE,
-    RSA_TYPE,
-    PUBLICKEY_TYPE,
-    RSA_PUBLICKEY_TYPE,
-    ECC_PUBLICKEY_TYPE,
-    TRUSTED_PEER_TYPE,
-    EDDSA_PRIVATEKEY_TYPE,
-    ED25519_TYPE,
-    PKCS12_TYPE,
-    PKCS8_PRIVATEKEY_TYPE,
-    PKCS8_ENC_PRIVATEKEY_TYPE
-};
-
-
-/* Signature type, by OID sum */
-enum Ctc_SigType {
-    CTC_SHAwDSA      = 517,
-    CTC_MD2wRSA      = 646,
-    CTC_MD5wRSA      = 648,
-    CTC_SHAwRSA      = 649,
-    CTC_SHAwECDSA    = 520,
-    CTC_SHA224wRSA   = 658,
-    CTC_SHA224wECDSA = 523,
-    CTC_SHA256wRSA   = 655,
-    CTC_SHA256wECDSA = 524,
-    CTC_SHA384wRSA   = 656,
-    CTC_SHA384wECDSA = 525,
-    CTC_SHA512wRSA   = 657,
-    CTC_SHA512wECDSA = 526,
-    CTC_ED25519      = 256
-};
-
-enum Ctc_Encoding {
-    CTC_UTF8       = 0x0c, /* utf8      */
-    CTC_PRINTABLE  = 0x13  /* printable */
-};
-
-#ifndef WC_CTC_NAME_SIZE
-    #define WC_CTC_NAME_SIZE 64
-#endif
-#ifndef WC_CTC_MAX_ALT_SIZE
-    #define WC_CTC_MAX_ALT_SIZE 16384
-#endif
-
-enum Ctc_Misc {
-    CTC_COUNTRY_SIZE  =     2,
-    CTC_NAME_SIZE     = WC_CTC_NAME_SIZE,
-    CTC_DATE_SIZE     =    32,
-    CTC_MAX_ALT_SIZE  = WC_CTC_MAX_ALT_SIZE, /* may be huge, default: 16384 */
-    CTC_SERIAL_SIZE   =    16,
-#ifdef WOLFSSL_CERT_EXT
-    /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum
-     * We support only hash */
-    CTC_MAX_SKID_SIZE = 32, /* SHA256_DIGEST_SIZE */
-    CTC_MAX_AKID_SIZE = 32, /* SHA256_DIGEST_SIZE */
-    CTC_MAX_CERTPOL_SZ = 64,
-    CTC_MAX_CERTPOL_NB = 2 /* Max number of Certificate Policy */
-#endif /* WOLFSSL_CERT_EXT */
-};
-
-/* DER buffer */
-typedef struct DerBuffer {
-    byte*  buffer;
-    void*  heap;
-    word32 length;
-    int    type;    /* enum CertType */
-    int    dynType; /* DYNAMIC_TYPE_* */
-} DerBuffer;
-
-enum {
-    IV_SZ   = 32,                   /* max iv sz */
-    NAME_SZ = 80,                   /* max one line */
-
-    PEM_PASS_READ  = 0,
-    PEM_PASS_WRITE = 1,
-};
-
-
-typedef int (pem_password_cb)(char* passwd, int sz, int rw, void* userdata);
-
-typedef struct EncryptedInfo {
-    pem_password_cb* passwd_cb;
-    void*            passwd_userdata;
-
-    long     consumed;         /* tracks PEM bytes consumed */
-
-    int      cipherType;
-    word32   keySz;
-    word32   ivSz;             /* salt or encrypted IV size */
-
-    char     name[NAME_SZ];    /* cipher name, such as "DES-CBC" */
-    byte     iv[IV_SZ];        /* salt or encrypted IV */
-
-    word16   set:1;            /* if encryption set */
-} EncryptedInfo;
-
-
-#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
-#ifdef WOLFSSL_EKU_OID
-    #ifndef CTC_MAX_EKU_NB
-        #define CTC_MAX_EKU_NB 1
-    #endif
-    #ifndef CTC_MAX_EKU_OID_SZ
-        #define CTC_MAX_EKU_OID_SZ 30
-    #endif
-#else
-    #undef CTC_MAX_EKU_OID_SZ
-    #define CTC_MAX_EKU_OID_SZ 0
-#endif
-#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
-
-#ifdef WOLFSSL_CERT_GEN
-
-#ifdef WOLFSSL_MULTI_ATTRIB
-#ifndef CTC_MAX_ATTRIB
-    #define CTC_MAX_ATTRIB 4
-#endif
-
-/* ASN Encoded Name field */
-typedef struct NameAttrib {
-    int  sz;                     /* actual string value length */
-    int  id;                     /* id of name */
-    int  type;                   /* enc of name */
-    char value[CTC_NAME_SIZE];   /* name */
-} NameAttrib;
-#endif /* WOLFSSL_MULTI_ATTRIB */
-
-
-typedef struct CertName {
-    char country[CTC_NAME_SIZE];
-    char countryEnc;
-    char state[CTC_NAME_SIZE];
-    char stateEnc;
-    char locality[CTC_NAME_SIZE];
-    char localityEnc;
-    char sur[CTC_NAME_SIZE];
-    char surEnc;
-    char org[CTC_NAME_SIZE];
-    char orgEnc;
-    char unit[CTC_NAME_SIZE];
-    char unitEnc;
-    char commonName[CTC_NAME_SIZE];
-    char commonNameEnc;
-    char serialDev[CTC_NAME_SIZE];
-    char serialDevEnc;
-#ifdef WOLFSSL_CERT_EXT
-    char busCat[CTC_NAME_SIZE];
-    char busCatEnc;
-    char joiC[CTC_NAME_SIZE];
-    char joiCEnc;
-    char joiSt[CTC_NAME_SIZE];
-    char joiStEnc;
-#endif
-    char email[CTC_NAME_SIZE];  /* !!!! email has to be last !!!! */
-#ifdef WOLFSSL_MULTI_ATTRIB
-    NameAttrib name[CTC_MAX_ATTRIB];
-#endif
-} CertName;
-
-
-/* for user to fill for certificate generation */
-typedef struct Cert {
-    int      version;                   /* x509 version  */
-    byte     serial[CTC_SERIAL_SIZE];   /* serial number */
-    int      serialSz;                  /* serial size */
-    int      sigType;                   /* signature algo type */
-    CertName issuer;                    /* issuer info */
-    int      daysValid;                 /* validity days */
-    int      selfSigned;                /* self signed flag */
-    CertName subject;                   /* subject info */
-    int      isCA;                      /* is this going to be a CA */
-    /* internal use only */
-    int      bodySz;                    /* pre sign total size */
-    int      keyType;                   /* public key type of subject */
-#ifdef WOLFSSL_ALT_NAMES
-    byte     altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */
-    int      altNamesSz;                 /* altNames size in bytes */
-    byte     beforeDate[CTC_DATE_SIZE];  /* before date copy */
-    int      beforeDateSz;               /* size of copy */
-    byte     afterDate[CTC_DATE_SIZE];   /* after date copy */
-    int      afterDateSz;                /* size of copy */
-#endif
-#ifdef WOLFSSL_CERT_EXT
-    byte    skid[CTC_MAX_SKID_SIZE];     /* Subject Key Identifier */
-    int     skidSz;                      /* SKID size in bytes */
-    byte    akid[CTC_MAX_AKID_SIZE];     /* Authority Key Identifier */
-    int     akidSz;                      /* AKID size in bytes */
-    word16  keyUsage;                    /* Key Usage */
-    byte    extKeyUsage;                 /* Extended Key Usage */
-#ifdef WOLFSSL_EKU_OID
-    /* Extended Key Usage OIDs */
-    byte    extKeyUsageOID[CTC_MAX_EKU_NB][CTC_MAX_EKU_OID_SZ];
-    byte    extKeyUsageOIDSz[CTC_MAX_EKU_NB];
-#endif
-    char    certPolicies[CTC_MAX_CERTPOL_NB][CTC_MAX_CERTPOL_SZ];
-    word16  certPoliciesNb;              /* Number of Cert Policy */
-    byte     issRaw[sizeof(CertName)];   /* raw issuer info */
-    byte     sbjRaw[sizeof(CertName)];   /* raw subject info */
-#endif
-#ifdef WOLFSSL_CERT_REQ
-    char     challengePw[CTC_NAME_SIZE];
-#endif
-    void*   heap; /* heap hint */
-} Cert;
-
-
-
-/* Initialize and Set Certificate defaults:
-   version    = 3 (0x2)
-   serial     = 0 (Will be randomly generated)
-   sigType    = SHA_WITH_RSA
-   issuer     = blank
-   daysValid  = 500
-   selfSigned = 1 (true) use subject as issuer
-   subject    = blank
-   isCA       = 0 (false)
-   keyType    = RSA_KEY (default)
-*/
-WOLFSSL_API int wc_InitCert(Cert*);
-WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz,
-                                int keyType, void* key, WC_RNG* rng);
-WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
-                             ecc_key*, WC_RNG*);
-#ifdef WOLFSSL_CERT_REQ
-    WOLFSSL_API int wc_MakeCertReq_ex(Cert*, byte* derBuffer, word32 derSz,
-                                       int, void*);
-    WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz,
-                                    RsaKey*, ecc_key*);
-#endif
-WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buffer,
-                                word32 buffSz, int keyType, void* key,
-                                WC_RNG* rng);
-WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer,
-                             word32 derSz, RsaKey*, ecc_key*, WC_RNG*);
-WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
-                             WC_RNG*);
-WOLFSSL_API int wc_SetIssuer(Cert*, const char*);
-WOLFSSL_API int wc_SetSubject(Cert*, const char*);
-#ifdef WOLFSSL_ALT_NAMES
-    WOLFSSL_API int wc_SetAltNames(Cert*, const char*);
-#endif
-WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int);
-WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int);
-WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int);
-WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int);
-
-#ifndef NO_ASN_TIME
-WOLFSSL_API int wc_GetCertDates(Cert* cert, struct tm* before, 
-    struct tm* after);
-#endif
-
-#ifdef WOLFSSL_CERT_EXT
-WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType,
-                                                void* key);
-WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
-                                             ecc_key *eckey);
-WOLFSSL_API int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz);
-WOLFSSL_API int wc_SetAuthKeyId(Cert *cert, const char* file);
-WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType,
-                                                   void* key);
-WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
-                                                ecc_key *eckey);
-WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file);
-WOLFSSL_API int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert);
-WOLFSSL_API int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz);
-WOLFSSL_API int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz);
-
-#ifdef HAVE_NTRU
-WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey,
-                                                    word16 ntruKeySz);
-#endif
-
-/* Set the KeyUsage.
- * Value is a string separated tokens with ','. Accepted tokens are :
- * digitalSignature,nonRepudiation,contentCommitment,keyCertSign,cRLSign,
- * dataEncipherment,keyAgreement,keyEncipherment,encipherOnly and decipherOnly.
- *
- * nonRepudiation and contentCommitment are for the same usage.
- */
-WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
-
-/* Set ExtendedKeyUsage
- * Value is a string separated tokens with ','. Accepted tokens are :
- * any,serverAuth,clientAuth,codeSigning,emailProtection,timeStamping,OCSPSigning
- */
-WOLFSSL_API int wc_SetExtKeyUsage(Cert *cert, const char *value);
-
-
-#ifdef WOLFSSL_EKU_OID
-/* Set ExtendedKeyUsage with unique OID
- * oid is expected to be in byte representation
- */
-WOLFSSL_API int wc_SetExtKeyUsageOID(Cert *cert, const char *oid, word32 sz,
-                                     byte idx, void* heap);
-#endif /* WOLFSSL_EKU_OID */
-#endif /* WOLFSSL_CERT_EXT */
-
-    #ifdef HAVE_NTRU
-        WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
-                                     const byte* ntruKey, word16 keySz,
-                                     WC_RNG*);
-    #endif
-
-#endif /* WOLFSSL_CERT_GEN */
-
-WOLFSSL_API int wc_GetDateInfo(const byte* certDate, int certDateSz, 
-    const byte** date, byte* format, int* length);
-#ifndef NO_ASN_TIME
-WOLFSSL_API int wc_GetDateAsCalendarTime(const byte* date, int length,
-    byte format, struct tm* time);
-#endif
-
-#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
-
-    WOLFSSL_API int wc_PemGetHeaderFooter(int type, const char** header, 
-        const char** footer);
-
-#endif
-
-WOLFSSL_API  int wc_AllocDer(DerBuffer** pDer, word32 length, int type, void* heap);
-WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
-
-#ifdef WOLFSSL_PEM_TO_DER
-    WOLFSSL_API int wc_PemToDer(const unsigned char* buff, long longSz, int type,
-              DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey);
-
-    WOLFSSL_API int wc_KeyPemToDer(const unsigned char*, int,
-                                   unsigned char*, int, const char*);
-    WOLFSSL_API int wc_CertPemToDer(const unsigned char*, int,
-                                    unsigned char*, int, int);
-#endif /* WOLFSSL_PEM_TO_DER */
-
-#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
-    #ifndef NO_FILESYSTEM
-        WOLFSSL_API int wc_PemPubKeyToDer(const char* fileName,
-                                          unsigned char* derBuf, int derSz);
-    #endif
-
-    WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int,
-                                      unsigned char*, int);
-#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
-
-#ifdef WOLFSSL_CERT_GEN
-    #ifndef NO_FILESYSTEM
-        WOLFSSL_API int wc_PemCertToDer(const char* fileName,
-                                        unsigned char* derBuf, int derSz);
-    #endif
-#endif /* WOLFSSL_CERT_GEN */
-
-#ifdef WOLFSSL_DER_TO_PEM
-    WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output,
-                                word32 outputSz, int type);
-    WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output,
-                                word32 outputSz, byte *cipherIno, int type);
-#endif
-
-#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
-    WOLFSSL_API int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx,
-        word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz);
-#endif
-
-#ifdef HAVE_ECC
-    /* private key helpers */
-    WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*,
-                                           ecc_key*, word32);
-    WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen);
-    WOLFSSL_API int wc_EccPrivateKeyToDer(ecc_key* key, byte* output,
-                                          word32 inLen);
-    WOLFSSL_API int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output,
-                                            word32* outLen);
-
-    /* public key helper */
-    WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*,
-                                              ecc_key*, word32);
-    WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output,
-                                         word32 inLen, int with_AlgCurve);
-#endif
-
-#ifdef HAVE_ED25519
-    /* private key helpers */
-    WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte*, word32*,
-                                               ed25519_key*, word32);
-    WOLFSSL_API int wc_Ed25519KeyToDer(ed25519_key* key, byte* output,
-                                       word32 inLen);
-    WOLFSSL_API int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output,
-                                              word32 inLen);
-
-    /* public key helper */
-    WOLFSSL_API int wc_Ed25519PublicKeyDecode(const byte*, word32*,
-                                              ed25519_key*, word32);
-    #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
-        WOLFSSL_API int wc_Ed25519PublicKeyToDer(ed25519_key*, byte* output,
-                                               word32 inLen, int with_AlgCurve);
-    #endif
-#endif
-
-/* DER encode signature */
-WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest,
-                                      word32 digSz, int hashOID);
-WOLFSSL_API int wc_GetCTC_HashOID(int type);
-
-WOLFSSL_API int wc_GetPkcs8TraditionalOffset(byte* input,
-                                             word32* inOutIdx, word32 sz);
-WOLFSSL_API int wc_CreatePKCS8Key(byte* out, word32* outSz,
-       byte* key, word32 keySz, int algoID, const byte* curveOID, word32 oidSz);
-
-#ifndef NO_ASN_TIME
-/* Time */
-/* Returns seconds (Epoch/UTC)
- * timePtr: is "time_t", which is typically "long"
- * Example:
-    long lTime;
-    rc = wc_GetTime(&lTime, (word32)sizeof(lTime));
-*/
-WOLFSSL_API int wc_GetTime(void* timePtr, word32 timeSize);
-#endif
-
-#ifdef WOLFSSL_ENCRYPTED_KEYS
-    WOLFSSL_API int wc_EncryptedInfoGet(EncryptedInfo* info,
-        const char* cipherInfo);
-#endif
-
-
-#ifdef WOLFSSL_CERT_PIV
-
-typedef struct _wc_CertPIV {
-    const byte*  cert;
-    word32       certSz;
-    const byte*  certErrDet;
-    word32       certErrDetSz;
-    const byte*  nonce;         /* Identiv Only */
-    word32       nonceSz;       /* Identiv Only */
-    const byte*  signedNonce;   /* Identiv Only */
-    word32       signedNonceSz; /* Identiv Only */
-
-    /* flags */
-    word16       compression:2;
-    word16       isX509:1;
-    word16       isIdentiv:1;
-} wc_CertPIV;
-
-WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalSz);
-#endif /* WOLFSSL_CERT_PIV */
-
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* WOLF_CRYPT_ASN_PUBLIC_H */
-
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/des3.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/des3.h
deleted file mode 100644
index 95254c34..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/des3.h
+++ /dev/null
@@ -1,139 +0,0 @@
-/* des3.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/*!
-    \file wolfssl/wolfcrypt/des3.h
-*/
-
-#ifndef WOLF_CRYPT_DES3_H
-#define WOLF_CRYPT_DES3_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_DES3
-
-#if defined(HAVE_FIPS) && \
-    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
-    #include <wolfssl/wolfcrypt/fips.h>
-#endif /* HAVE_FIPS_VERSION >= 2 */
-
-#if defined(HAVE_FIPS) && \
-	(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
-/* included for fips @wc_fips */
-#include <cyassl/ctaocrypt/des3.h>
-#endif
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-/* these are required for FIPS and non-FIPS */
-enum {
-    DES_KEY_SIZE        =  8,  /* des                     */
-    DES3_KEY_SIZE       = 24,  /* 3 des ede               */
-    DES_IV_SIZE         =  8,  /* should be the same as DES_BLOCK_SIZE */
-};
-
-
-/* avoid redefinition of structs */
-#if !defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
-
-#ifdef WOLFSSL_ASYNC_CRYPT
-    #include <wolfssl/wolfcrypt/async.h>
-#endif
-
-enum {
-    DES_ENC_TYPE    = WC_CIPHER_DES,     /* cipher unique type */
-    DES3_ENC_TYPE   = WC_CIPHER_DES3,    /* cipher unique type */
-
-    DES_BLOCK_SIZE  = 8,
-    DES_KS_SIZE     = 32,    /* internal DES key buffer size */
-
-    DES_ENCRYPTION  = 0,
-    DES_DECRYPTION  = 1
-};
-
-#define DES_IVLEN 8
-#define DES_KEYLEN 8
-#define DES3_IVLEN 8
-#define DES3_KEYLEN 24
-
-
-#if defined(STM32_CRYPTO)
-enum {
-    DES_CBC = 0,
-    DES_ECB = 1
-};
-#endif
-
-
-/* DES encryption and decryption */
-typedef struct Des {
-    word32 reg[DES_BLOCK_SIZE / sizeof(word32)];      /* for CBC mode */
-    word32 tmp[DES_BLOCK_SIZE / sizeof(word32)];      /* same         */
-    word32 key[DES_KS_SIZE];
-} Des;
-
-
-/* DES3 encryption and decryption */
-typedef struct Des3 {
-    word32 key[3][DES_KS_SIZE];
-    word32 reg[DES_BLOCK_SIZE / sizeof(word32)];      /* for CBC mode */
-    word32 tmp[DES_BLOCK_SIZE / sizeof(word32)];      /* same         */
-#ifdef WOLFSSL_ASYNC_CRYPT
-    const byte* key_raw;
-    const byte* iv_raw;
-    WC_ASYNC_DEV asyncDev;
-#endif
-    void* heap;
-} Des3;
-#endif /* HAVE_FIPS */
-
-
-WOLFSSL_API int  wc_Des_SetKey(Des* des, const byte* key,
-                               const byte* iv, int dir);
-WOLFSSL_API void wc_Des_SetIV(Des* des, const byte* iv);
-WOLFSSL_API int  wc_Des_CbcEncrypt(Des* des, byte* out,
-                                   const byte* in, word32 sz);
-WOLFSSL_API int  wc_Des_CbcDecrypt(Des* des, byte* out,
-                                   const byte* in, word32 sz);
-WOLFSSL_API int  wc_Des_EcbEncrypt(Des* des, byte* out,
-                                   const byte* in, word32 sz);
-WOLFSSL_API int wc_Des3_EcbEncrypt(Des3* des, byte* out,
-                                   const byte* in, word32 sz);
-
-/* ECB decrypt same process as encrypt but with decrypt key */
-#define wc_Des_EcbDecrypt  wc_Des_EcbEncrypt
-#define wc_Des3_EcbDecrypt wc_Des3_EcbEncrypt
-
-WOLFSSL_API int  wc_Des3_SetKey(Des3* des, const byte* key,
-                                const byte* iv,int dir);
-WOLFSSL_API int  wc_Des3_SetIV(Des3* des, const byte* iv);
-WOLFSSL_API int  wc_Des3_CbcEncrypt(Des3* des, byte* out,
-                                    const byte* in,word32 sz);
-WOLFSSL_API int  wc_Des3_CbcDecrypt(Des3* des, byte* out,
-                                    const byte* in,word32 sz);
-
-/* These are only required when using either:
-  static memory (WOLFSSL_STATIC_MEMORY) or asynchronous (WOLFSSL_ASYNC_CRYPT) */
-WOLFSSL_API int  wc_Des3Init(Des3*, void*, int);
-WOLFSSL_API void wc_Des3Free(Des3*);
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* NO_DES3 */
-#endif /* WOLF_CRYPT_DES3_H */
-
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h
deleted file mode 100644
index 0048968b..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h
+++ /dev/null
@@ -1,686 +0,0 @@
-/* ecc.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/*!
-    \file wolfssl/wolfcrypt/ecc.h
-*/
-
-
-#ifndef WOLF_CRYPT_ECC_H
-#define WOLF_CRYPT_ECC_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef HAVE_ECC
-
-#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
-    #include <wolfssl/wolfcrypt/fips.h>
-#endif /* HAVE_FIPS_VERSION >= 2 */
-
-#include <wolfssl/wolfcrypt/integer.h>
-#include <wolfssl/wolfcrypt/random.h>
-
-#ifdef HAVE_X963_KDF
-    #include <wolfssl/wolfcrypt/hash.h>
-#endif
-
-#ifdef WOLFSSL_ASYNC_CRYPT
-    #include <wolfssl/wolfcrypt/async.h>
-    #ifdef WOLFSSL_CERT_GEN
-        #include <wolfssl/wolfcrypt/asn.h>
-    #endif
-#endif
-
-#ifdef WOLFSSL_ATECC508A
-    #include <wolfssl/wolfcrypt/port/atmel/atmel.h>
-#endif /* WOLFSSL_ATECC508A */
-
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-/* Enable curve B parameter if needed */
-#if defined(HAVE_COMP_KEY) || defined(ECC_CACHE_CURVE)
-    #ifndef USE_ECC_B_PARAM /* Allow someone to force enable */
-        #define USE_ECC_B_PARAM
-    #endif
-#endif
-
-
-/* Use this as the key->idx if a custom ecc_set is used for key->dp */
-#define ECC_CUSTOM_IDX    (-1)
-
-
-/* Determine max ECC bits based on enabled curves */
-#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
-    #define MAX_ECC_BITS    521
-#elif defined(HAVE_ECC512)
-    #define MAX_ECC_BITS    512
-#elif defined(HAVE_ECC384)
-    #define MAX_ECC_BITS    384
-#elif defined(HAVE_ECC320)
-    #define MAX_ECC_BITS    320
-#elif !defined(NO_ECC256)
-    #define MAX_ECC_BITS    256
-#elif defined(HAVE_ECC239)
-    #define MAX_ECC_BITS    239
-#elif defined(HAVE_ECC224)
-    #define MAX_ECC_BITS    224
-#elif defined(HAVE_ECC192)
-    #define MAX_ECC_BITS    192
-#elif defined(HAVE_ECC160)
-    #define MAX_ECC_BITS    160
-#elif defined(HAVE_ECC128)
-    #define MAX_ECC_BITS    128
-#elif defined(HAVE_ECC112)
-    #define MAX_ECC_BITS    112
-#endif
-
-/* calculate max ECC bytes */
-#if ((MAX_ECC_BITS * 2) % 8) == 0
-    #define MAX_ECC_BYTES     (MAX_ECC_BITS / 8)
-#else
-    /* add byte if not aligned */
-    #define MAX_ECC_BYTES     ((MAX_ECC_BITS / 8) + 1)
-#endif
-
-
-enum {
-    ECC_PUBLICKEY       = 1,
-    ECC_PRIVATEKEY      = 2,
-    ECC_PRIVATEKEY_ONLY = 3,
-    ECC_MAXNAME     = 16,   /* MAX CURVE NAME LENGTH */
-    SIG_HEADER_SZ   =  6,   /* ECC signature header size */
-    ECC_BUFSIZE     = 256,  /* for exported keys temp buffer */
-    ECC_MINSIZE     = 20,   /* MIN Private Key size */
-    ECC_MAXSIZE     = 66,   /* MAX Private Key size */
-    ECC_MAXSIZE_GEN = 74,   /* MAX Buffer size required when generating ECC keys*/
-    ECC_MAX_PAD_SZ  = 4,    /* ECC maximum padding size */
-    ECC_MAX_OID_LEN = 16,
-    ECC_MAX_SIG_SIZE= ((MAX_ECC_BYTES * 2) + ECC_MAX_PAD_SZ + SIG_HEADER_SZ),
-
-    /* max crypto hardware size */
-#ifdef WOLFSSL_ATECC508A
-    ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */
-    ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2),
-#elif defined(PLUTON_CRYPTO_ECC)
-    ECC_MAX_CRYPTO_HW_SIZE = 32,
-#endif
-
-    /* point compression type */
-    ECC_POINT_COMP_EVEN = 0x02,
-    ECC_POINT_COMP_ODD = 0x03,
-    ECC_POINT_UNCOMP = 0x04,
-
-    /* Shamir's dual add constants */
-    SHAMIR_PRECOMP_SZ = 16,
-
-#ifdef HAVE_PKCS11
-    ECC_MAX_ID_LEN    = 32,
-#endif
-};
-
-/* Curve Types */
-typedef enum ecc_curve_id {
-    ECC_CURVE_INVALID = -1,
-    ECC_CURVE_DEF = 0, /* NIST or SECP */
-
-    /* NIST Prime Curves */
-    ECC_SECP192R1,
-    ECC_PRIME192V2,
-    ECC_PRIME192V3,
-    ECC_PRIME239V1,
-    ECC_PRIME239V2,
-    ECC_PRIME239V3,
-    ECC_SECP256R1,
-
-    /* SECP Curves */
-    ECC_SECP112R1,
-    ECC_SECP112R2,
-    ECC_SECP128R1,
-    ECC_SECP128R2,
-    ECC_SECP160R1,
-    ECC_SECP160R2,
-    ECC_SECP224R1,
-    ECC_SECP384R1,
-    ECC_SECP521R1,
-
-    /* Koblitz */
-    ECC_SECP160K1,
-    ECC_SECP192K1,
-    ECC_SECP224K1,
-    ECC_SECP256K1,
-
-    /* Brainpool Curves */
-    ECC_BRAINPOOLP160R1,
-    ECC_BRAINPOOLP192R1,
-    ECC_BRAINPOOLP224R1,
-    ECC_BRAINPOOLP256R1,
-    ECC_BRAINPOOLP320R1,
-    ECC_BRAINPOOLP384R1,
-    ECC_BRAINPOOLP512R1,
-
-    /* Twisted Edwards Curves */
-#ifdef HAVE_CURVE25519
-    ECC_X25519,
-#endif
-#ifdef HAVE_X448
-    ECC_X448,
-#endif
-
-#ifdef WOLFSSL_CUSTOM_CURVES
-    ECC_CURVE_CUSTOM,
-#endif
-} ecc_curve_id;
-
-#ifdef HAVE_OID_ENCODING
-typedef word16 ecc_oid_t;
-#else
-typedef byte   ecc_oid_t;
-    /* OID encoded with ASN scheme:
-        first element = (oid[0] * 40) + oid[1]
-        if any element > 127 then MSB 0x80 indicates additional byte */
-#endif
-
-/* ECC set type defined a GF(p) curve */
-#ifndef USE_WINDOWS_API
-typedef struct ecc_set_type {
-    int size;             /* The size of the curve in octets */
-    int id;               /* id of this curve */
-    const char* name;     /* name of this curve */
-    const char* prime;    /* prime that defines the field, curve is in (hex) */
-    const char* Af;       /* fields A param (hex) */
-    const char* Bf;       /* fields B param (hex) */
-    const char* order;    /* order of the curve (hex) */
-    const char* Gx;       /* x coordinate of the base point on curve (hex) */
-    const char* Gy;       /* y coordinate of the base point on curve (hex) */
-    const ecc_oid_t* oid;
-    word32      oidSz;
-    word32      oidSum;    /* sum of encoded OID bytes */
-    int         cofactor;
-} ecc_set_type;
-#else
-/* MSC does something different with the pointers to the arrays than GCC,
- * and it causes the FIPS checksum to fail. In the case of windows builds,
- * store everything as arrays instead of pointers to strings. */
-
-#define MAX_ECC_NAME 16
-#define MAX_ECC_STRING ((MAX_ECC_BYTES * 2) + 1)
-    /* The values are stored as text strings. */
-
-typedef struct ecc_set_type {
-    int size;             /* The size of the curve in octets */
-    int id;               /* id of this curve */
-    const char name[MAX_ECC_NAME];     /* name of this curve */
-    const char prime[MAX_ECC_STRING];    /* prime that defines the field, curve is in (hex) */
-    const char Af[MAX_ECC_STRING];       /* fields A param (hex) */
-    const char Bf[MAX_ECC_STRING];       /* fields B param (hex) */
-    const char order[MAX_ECC_STRING];    /* order of the curve (hex) */
-    const char Gx[MAX_ECC_STRING];       /* x coordinate of the base point on curve (hex) */
-    const char Gy[MAX_ECC_STRING];       /* y coordinate of the base point on curve (hex) */
-    const ecc_oid_t oid[10];
-    word32      oidSz;
-    word32      oidSum;    /* sum of encoded OID bytes */
-    int         cofactor;
-} ecc_set_type;
-#endif
-
-
-#ifdef ALT_ECC_SIZE
-
-/* Note on ALT_ECC_SIZE:
- * The fast math code uses an array of a fixed size to store the big integers.
- * By default, the array is big enough for RSA keys. There is a size,
- * FP_MAX_BITS which can be used to make the array smaller when one wants ECC
- * but not RSA. Some people want fast math sized for both RSA and ECC, where
- * ECC won't use as much as RSA. The flag ALT_ECC_SIZE switches in an alternate
- * ecc_point structure that uses an alternate fp_int that has a shorter array
- * of fp_digits.
- *
- * Now, without ALT_ECC_SIZE, the ecc_point has three single item arrays of
- * mp_ints for the components of the point. With ALT_ECC_SIZE, the components
- * of the point are pointers that are set to each of a three item array of
- * alt_fp_ints. While an mp_int will have 4096 bits of digit inside the
- * structure, the alt_fp_int will only have 528 bits. A size value was added
- * in the ALT case, as well, and is set by mp_init() and alt_fp_init(). The
- * functions fp_zero() and fp_copy() use the size parameter. An int needs to
- * be initialized before using it instead of just fp_zeroing it, the init will
- * call zero. FP_MAX_BITS_ECC defaults to 528, but can be set to change the
- * number of bits used in the alternate FP_INT.
- *
- * Do not enable ALT_ECC_SIZE and disable fast math in the configuration.
- */
-
-#ifndef USE_FAST_MATH
-    #error USE_FAST_MATH must be defined to use ALT_ECC_SIZE
-#endif
-
-/* determine max bits required for ECC math */
-#ifndef FP_MAX_BITS_ECC
-    /* check alignment */
-    #if ((MAX_ECC_BITS * 2) % DIGIT_BIT) == 0
-        /* max bits is double */
-        #define FP_MAX_BITS_ECC     (MAX_ECC_BITS * 2)
-    #else
-        /* max bits is doubled, plus one digit of fudge */
-        #define FP_MAX_BITS_ECC     ((MAX_ECC_BITS * 2) + DIGIT_BIT)
-    #endif
-#else
-    /* verify alignment */
-    #if FP_MAX_BITS_ECC % CHAR_BIT
-       #error FP_MAX_BITS_ECC must be a multiple of CHAR_BIT
-    #endif
-#endif
-
-/* determine buffer size */
-#define FP_SIZE_ECC    (FP_MAX_BITS_ECC/DIGIT_BIT)
-
-
-/* This needs to match the size of the fp_int struct, except the
- * fp_digit array will be shorter. */
-typedef struct alt_fp_int {
-    int used, sign, size;
-    mp_digit dp[FP_SIZE_ECC];
-} alt_fp_int;
-#endif /* ALT_ECC_SIZE */
-
-#ifndef WC_ECCKEY_TYPE_DEFINED
-    typedef struct ecc_key ecc_key;
-    #define WC_ECCKEY_TYPE_DEFINED
-#endif
-
-
-/* A point on an ECC curve, stored in Jacbobian format such that (x,y,z) =>
-   (x/z^2, y/z^3, 1) when interpreted as affine */
-typedef struct {
-#ifndef ALT_ECC_SIZE
-    mp_int x[1];        /* The x coordinate */
-    mp_int y[1];        /* The y coordinate */
-    mp_int z[1];        /* The z coordinate */
-#else
-    mp_int* x;        /* The x coordinate */
-    mp_int* y;        /* The y coordinate */
-    mp_int* z;        /* The z coordinate */
-    alt_fp_int xyz[3];
-#endif
-#ifdef WOLFSSL_SMALL_STACK_CACHE
-    ecc_key* key;
-#endif
-} ecc_point;
-
-/* ECC Flags */
-enum {
-    WC_ECC_FLAG_NONE = 0x00,
-#ifdef HAVE_ECC_CDH
-    WC_ECC_FLAG_COFACTOR = 0x01,
-#endif
-};
-
-/* An ECC Key */
-struct ecc_key {
-    int type;           /* Public or Private */
-    int idx;            /* Index into the ecc_sets[] for the parameters of
-                           this curve if -1, this key is using user supplied
-                           curve in dp */
-    int    state;
-    word32 flags;
-    const ecc_set_type* dp;     /* domain parameters, either points to NIST
-                                   curves (idx >= 0) or user supplied */
-#ifdef WOLFSSL_CUSTOM_CURVES
-    int deallocSet;
-#endif
-    void* heap;         /* heap hint */
-    ecc_point pubkey;   /* public key */
-    mp_int    k;        /* private key */
-#ifdef WOLFSSL_ATECC508A
-    int  slot;        /* Key Slot Number (-1 unknown) */
-    byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE];
-#endif
-#if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_DEV)
-    int devId;
-#endif
-#ifdef WOLFSSL_ASYNC_CRYPT
-    mp_int* r;          /* sign/verify temps */
-    mp_int* s;
-    WC_ASYNC_DEV asyncDev;
-    #ifdef HAVE_CAVIUM_V
-        mp_int* e;      /* Sign, Verify and Shared Secret */
-        mp_int* signK;
-    #endif
-    #ifdef WOLFSSL_CERT_GEN
-        CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */
-    #endif
-#endif /* WOLFSSL_ASYNC_CRYPT */
-#ifdef HAVE_PKCS11
-    byte id[ECC_MAX_ID_LEN];
-    int  idLen;
-#endif
-#ifdef WOLFSSL_SMALL_STACK_CACHE
-    mp_int* t1;
-    mp_int* t2;
-#ifdef ALT_ECC_SIZE
-    mp_int* x;
-    mp_int* y;
-    mp_int* z;
-#endif
-#endif
-};
-
-
-/* ECC predefined curve sets  */
-extern const ecc_set_type ecc_sets[];
-
-WOLFSSL_API
-const char* wc_ecc_get_name(int curve_id);
-
-#ifndef WOLFSSL_ATECC508A
-
-#ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL
-    #define ECC_API    WOLFSSL_API
-#else
-    #define ECC_API    WOLFSSL_LOCAL
-#endif
-
-ECC_API int ecc_mul2add(ecc_point* A, mp_int* kA,
-                ecc_point* B, mp_int* kB,
-                ecc_point* C, mp_int* a, mp_int* modulus, void* heap);
-
-ECC_API int ecc_map(ecc_point*, mp_int*, mp_digit);
-ECC_API int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
-                                     mp_int* a, mp_int* modulus, mp_digit mp);
-ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a,
-                                     mp_int* modulus, mp_digit mp);
-
-#endif
-
-WOLFSSL_API
-int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key);
-WOLFSSL_API
-int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
-    int curve_id);
-WOLFSSL_API
-int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut);
-WOLFSSL_API
-int wc_ecc_check_key(ecc_key* key);
-WOLFSSL_API
-int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime);
-
-#ifdef HAVE_ECC_DHE
-WOLFSSL_API
-int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
-                      word32* outlen);
-WOLFSSL_LOCAL
-int wc_ecc_shared_secret_gen(ecc_key* private_key, ecc_point* point,
-                             byte* out, word32 *outlen);
-WOLFSSL_API
-int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
-                             byte* out, word32 *outlen);
-#define wc_ecc_shared_secret_ssh wc_ecc_shared_secret_ex /* For backwards compat */
-#endif /* HAVE_ECC_DHE */
-
-#ifdef HAVE_ECC_SIGN
-WOLFSSL_API
-int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
-                     WC_RNG* rng, ecc_key* key);
-WOLFSSL_API
-int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
-                        ecc_key* key, mp_int *r, mp_int *s);
-#endif /* HAVE_ECC_SIGN */
-
-#ifdef HAVE_ECC_VERIFY
-WOLFSSL_API
-int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
-                    word32 hashlen, int* stat, ecc_key* key);
-WOLFSSL_API
-int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
-                          word32 hashlen, int* stat, ecc_key* key);
-#endif /* HAVE_ECC_VERIFY */
-
-WOLFSSL_API
-int wc_ecc_init(ecc_key* key);
-WOLFSSL_API
-int wc_ecc_init_ex(ecc_key* key, void* heap, int devId);
-#ifdef HAVE_PKCS11
-WOLFSSL_API
-int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap,
-                   int devId);
-#endif
-#ifdef WOLFSSL_CUSTOM_CURVES
-WOLFSSL_LOCAL
-void wc_ecc_free_curve(const ecc_set_type* curve, void* heap);
-#endif
-WOLFSSL_API
-int wc_ecc_free(ecc_key* key);
-WOLFSSL_API
-int wc_ecc_set_flags(ecc_key* key, word32 flags);
-WOLFSSL_API
-void wc_ecc_fp_free(void);
-
-WOLFSSL_API
-int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);
-
-WOLFSSL_API
-int wc_ecc_is_valid_idx(int n);
-WOLFSSL_API
-int wc_ecc_get_curve_idx(int curve_id);
-WOLFSSL_API
-int wc_ecc_get_curve_id(int curve_idx);
-#define wc_ecc_get_curve_name_from_id wc_ecc_get_name
-WOLFSSL_API
-int wc_ecc_get_curve_size_from_id(int curve_id);
-
-WOLFSSL_API
-int wc_ecc_get_curve_idx_from_name(const char* curveName);
-WOLFSSL_API
-int wc_ecc_get_curve_size_from_name(const char* curveName);
-WOLFSSL_API
-int wc_ecc_get_curve_id_from_name(const char* curveName);
-WOLFSSL_API
-int wc_ecc_get_curve_id_from_params(int fieldSize,
-        const byte* prime, word32 primeSz, const byte* Af, word32 AfSz,
-        const byte* Bf, word32 BfSz, const byte* order, word32 orderSz,
-        const byte* Gx, word32 GxSz, const byte* Gy, word32 GySz, int cofactor);
-
-WOLFSSL_API
-int wc_ecc_get_curve_id_from_oid(const byte* oid, word32 len);
-
-WOLFSSL_API
-ecc_point* wc_ecc_new_point(void);
-WOLFSSL_API
-ecc_point* wc_ecc_new_point_h(void* h);
-WOLFSSL_API
-void wc_ecc_del_point(ecc_point* p);
-WOLFSSL_API
-void wc_ecc_del_point_h(ecc_point* p, void* h);
-WOLFSSL_API
-int wc_ecc_copy_point(ecc_point* p, ecc_point *r);
-WOLFSSL_API
-int wc_ecc_cmp_point(ecc_point* a, ecc_point *b);
-WOLFSSL_API
-int wc_ecc_point_is_at_infinity(ecc_point *p);
-
-#ifndef WOLFSSL_ATECC508A
-WOLFSSL_API
-int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
-                  mp_int* a, mp_int* modulus, int map);
-WOLFSSL_LOCAL
-int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R,
-                  mp_int* a, mp_int* modulus, int map, void* heap);
-#endif /* !WOLFSSL_ATECC508A */
-
-
-#ifdef HAVE_ECC_KEY_EXPORT
-/* ASN key helpers */
-WOLFSSL_API
-int wc_ecc_export_x963(ecc_key*, byte* out, word32* outLen);
-WOLFSSL_API
-int wc_ecc_export_x963_ex(ecc_key*, byte* out, word32* outLen, int compressed);
-    /* extended functionality with compressed option */
-#endif /* HAVE_ECC_KEY_EXPORT */
-
-#ifdef HAVE_ECC_KEY_IMPORT
-WOLFSSL_API
-int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key);
-WOLFSSL_API
-int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key,
-                          int curve_id);
-WOLFSSL_API
-int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
-                           word32 pubSz, ecc_key* key);
-WOLFSSL_API
-int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz,
-                const byte* pub, word32 pubSz, ecc_key* key, int curve_id);
-WOLFSSL_API
-int wc_ecc_rs_to_sig(const char* r, const char* s, byte* out, word32* outlen);
-WOLFSSL_API
-int wc_ecc_rs_raw_to_sig(const byte* r, word32 rSz, const byte* s, word32 sSz,
-    byte* out, word32* outlen);
-WOLFSSL_API
-int wc_ecc_sig_to_rs(const byte* sig, word32 sigLen, byte* r, word32* rLen,
-                   byte* s, word32* sLen);
-WOLFSSL_API
-int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
-                   const char* d, const char* curveName);
-WOLFSSL_API
-int wc_ecc_import_raw_ex(ecc_key* key, const char* qx, const char* qy,
-                   const char* d, int curve_id);
-WOLFSSL_API
-int wc_ecc_import_unsigned(ecc_key* key, byte* qx, byte* qy,
-                   byte* d, int curve_id);
-#endif /* HAVE_ECC_KEY_IMPORT */
-
-#ifdef HAVE_ECC_KEY_EXPORT
-WOLFSSL_API
-int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen,
-                     byte* qy, word32* qyLen, byte* d, word32* dLen,
-                     int encType);
-WOLFSSL_API
-int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen);
-WOLFSSL_API
-int wc_ecc_export_public_raw(ecc_key* key, byte* qx, word32* qxLen,
-                             byte* qy, word32* qyLen);
-WOLFSSL_API
-int wc_ecc_export_private_raw(ecc_key* key, byte* qx, word32* qxLen,
-                              byte* qy, word32* qyLen, byte* d, word32* dLen);
-#endif /* HAVE_ECC_KEY_EXPORT */
-
-#ifdef HAVE_ECC_KEY_EXPORT
-
-WOLFSSL_API
-int wc_ecc_export_point_der(const int curve_idx, ecc_point* point,
-                            byte* out, word32* outLen);
-#endif /* HAVE_ECC_KEY_EXPORT */
-
-
-#ifdef HAVE_ECC_KEY_IMPORT
-WOLFSSL_API
-int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
-                            ecc_point* point);
-#endif /* HAVE_ECC_KEY_IMPORT */
-
-/* size helper */
-WOLFSSL_API
-int wc_ecc_size(ecc_key* key);
-WOLFSSL_API
-int wc_ecc_sig_size_calc(int sz);
-WOLFSSL_API
-int wc_ecc_sig_size(ecc_key* key);
-
-WOLFSSL_API
-int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz);
-
-#ifdef WOLFSSL_CUSTOM_CURVES
-    WOLFSSL_API
-    int wc_ecc_set_custom_curve(ecc_key* key, const ecc_set_type* dp);
-#endif
-
-#ifdef HAVE_ECC_ENCRYPT
-/* ecc encrypt */
-
-enum ecEncAlgo {
-    ecAES_128_CBC = 1,  /* default */
-    ecAES_256_CBC = 2
-};
-
-enum ecKdfAlgo {
-    ecHKDF_SHA256 = 1,  /* default */
-    ecHKDF_SHA1   = 2
-};
-
-enum ecMacAlgo {
-    ecHMAC_SHA256 = 1,  /* default */
-    ecHMAC_SHA1   = 2
-};
-
-enum {
-    KEY_SIZE_128     = 16,
-    KEY_SIZE_256     = 32,
-    IV_SIZE_64       =  8,
-    IV_SIZE_128      = 16,
-    EXCHANGE_SALT_SZ = 16,
-    EXCHANGE_INFO_SZ = 23
-};
-
-enum ecFlags {
-    REQ_RESP_CLIENT = 1,
-    REQ_RESP_SERVER = 2
-};
-
-
-typedef struct ecEncCtx ecEncCtx;
-
-WOLFSSL_API
-ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng);
-WOLFSSL_API
-ecEncCtx* wc_ecc_ctx_new_ex(int flags, WC_RNG* rng, void* heap);
-WOLFSSL_API
-void wc_ecc_ctx_free(ecEncCtx*);
-WOLFSSL_API
-int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*);  /* reset for use again w/o alloc/free */
-
-WOLFSSL_API
-const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*);
-WOLFSSL_API
-int wc_ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt);
-WOLFSSL_API
-int wc_ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz);
-
-WOLFSSL_API
-int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
-                word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
-WOLFSSL_API
-int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
-                word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx);
-
-#endif /* HAVE_ECC_ENCRYPT */
-
-#ifdef HAVE_X963_KDF
-WOLFSSL_API int wc_X963_KDF(enum wc_HashType type, const byte* secret,
-                word32 secretSz, const byte* sinfo, word32 sinfoSz,
-                byte* out, word32 outSz);
-#endif
-
-#ifdef ECC_CACHE_CURVE
-WOLFSSL_API int wc_ecc_curve_cache_init(void);
-WOLFSSL_API void wc_ecc_curve_cache_free(void);
-#endif
-
-
-#ifdef __cplusplus
-    }    /* extern "C" */
-#endif
-
-#endif /* HAVE_ECC */
-#endif /* WOLF_CRYPT_ECC_H */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h
deleted file mode 100644
index 9435b8f7..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h
+++ /dev/null
@@ -1,165 +0,0 @@
-/* hash.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/*!
-    \file wolfssl/wolfcrypt/hash.h
-*/
-
-#ifndef WOLF_CRYPT_HASH_H
-#define WOLF_CRYPT_HASH_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_MD5
-    #include <wolfssl/wolfcrypt/md5.h>
-#endif
-#ifndef NO_SHA
-    #include <wolfssl/wolfcrypt/sha.h>
-#endif
-#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256)
-    #include <wolfssl/wolfcrypt/sha256.h>
-#endif
-#if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
-    #include <wolfssl/wolfcrypt/sha512.h>
-#endif
-#ifdef HAVE_BLAKE2
-    #include <wolfssl/wolfcrypt/blake2.h>
-#endif
-#ifdef WOLFSSL_SHA3
-    #include <wolfssl/wolfcrypt/sha3.h>
-#endif
-#ifndef NO_MD4
-    #include <wolfssl/wolfcrypt/md4.h>
-#endif
-#ifdef WOLFSSL_MD2
-    #include <wolfssl/wolfcrypt/md2.h>
-#endif
-
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-#if !defined(HAVE_FIPS) && !defined(NO_OLD_WC_NAMES)
-    #define MAX_DIGEST_SIZE WC_MAX_DIGEST_SIZE
-#endif
-
-
-typedef union {
-    #ifndef NO_MD5
-        wc_Md5 md5;
-    #endif
-    #ifndef NO_SHA
-        wc_Sha sha;
-    #endif
-    #ifdef WOLFSSL_SHA224
-        wc_Sha224 sha224;
-    #endif
-    #ifndef NO_SHA256
-        wc_Sha256 sha256;
-    #endif
-    #ifdef WOLFSSL_SHA384
-        wc_Sha384 sha384;
-    #endif
-    #ifdef WOLFSSL_SHA512
-        wc_Sha512 sha512;
-    #endif
-} wc_HashAlg;
-
-/* Find largest possible digest size
-   Note if this gets up to the size of 80 or over check smallstack build */
-#if defined(WOLFSSL_SHA3)
-    #define WC_MAX_DIGEST_SIZE WC_SHA3_512_DIGEST_SIZE
-    #define WC_MAX_BLOCK_SIZE  WC_SHA3_224_BLOCK_SIZE /* 224 is the largest block size */
-#elif defined(WOLFSSL_SHA512)
-    #define WC_MAX_DIGEST_SIZE WC_SHA512_DIGEST_SIZE
-    #define WC_MAX_BLOCK_SIZE  WC_SHA512_BLOCK_SIZE
-#elif defined(HAVE_BLAKE2)
-    #define WC_MAX_DIGEST_SIZE BLAKE2B_OUTBYTES
-    #define WC_MAX_BLOCK_SIZE  BLAKE2B_BLOCKBYTES
-#elif defined(WOLFSSL_SHA384)
-    #define WC_MAX_DIGEST_SIZE WC_SHA384_DIGEST_SIZE
-    #define WC_MAX_BLOCK_SIZE  WC_SHA384_BLOCK_SIZE
-#elif !defined(NO_SHA256)
-    #define WC_MAX_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
-    #define WC_MAX_BLOCK_SIZE  WC_SHA256_BLOCK_SIZE
-#elif defined(WOLFSSL_SHA224)
-    #define WC_MAX_DIGEST_SIZE WC_SHA224_DIGEST_SIZE
-    #define WC_MAX_BLOCK_SIZE  WC_SHA224_BLOCK_SIZE
-#elif !defined(NO_SHA)
-    #define WC_MAX_DIGEST_SIZE WC_SHA_DIGEST_SIZE
-    #define WC_MAX_BLOCK_SIZE  WC_SHA_BLOCK_SIZE
-#elif !defined(NO_MD5)
-    #define WC_MAX_DIGEST_SIZE WC_MD5_DIGEST_SIZE
-    #define WC_MAX_BLOCK_SIZE  WC_MD5_BLOCK_SIZE
-#else
-    #define WC_MAX_DIGEST_SIZE 64 /* default to max size of 64 */
-    #define WC_MAX_BLOCK_SIZE  128
-#endif
-
-#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
-WOLFSSL_API int wc_HashGetOID(enum wc_HashType hash_type);
-WOLFSSL_API enum wc_HashType wc_OidGetHash(int oid);
-#endif
-
-WOLFSSL_API enum wc_HashType wc_HashTypeConvert(int hashType);
-
-WOLFSSL_API int wc_HashGetDigestSize(enum wc_HashType hash_type);
-WOLFSSL_API int wc_HashGetBlockSize(enum wc_HashType hash_type);
-WOLFSSL_API int wc_Hash(enum wc_HashType hash_type,
-    const byte* data, word32 data_len,
-    byte* hash, word32 hash_len);
-
-/* generic hash operation wrappers */
-WOLFSSL_API int wc_HashInit(wc_HashAlg* hash, enum wc_HashType type);
-WOLFSSL_API int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type,
-    const byte* data, word32 dataSz);
-WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type,
-    byte* out);
-WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type);
-
-#ifndef NO_MD5
-#include <wolfssl/wolfcrypt/md5.h>
-WOLFSSL_API int wc_Md5Hash(const byte* data, word32 len, byte* hash);
-#endif
-
-#ifndef NO_SHA
-#include <wolfssl/wolfcrypt/sha.h>
-WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
-#endif
-
-#ifdef WOLFSSL_SHA224
-#include <wolfssl/wolfcrypt/sha256.h>
-WOLFSSL_API int wc_Sha224Hash(const byte*, word32, byte*);
-#endif /* defined(WOLFSSL_SHA224) */
-
-#ifndef NO_SHA256
-#include <wolfssl/wolfcrypt/sha256.h>
-WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
-#endif
-
-#ifdef WOLFSSL_SHA384
-#include <wolfssl/wolfcrypt/sha512.h>
-WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*);
-#endif /* defined(WOLFSSL_SHA384) */
-
-#ifdef WOLFSSL_SHA512
-#include <wolfssl/wolfcrypt/sha512.h>
-WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
-#endif /* WOLFSSL_SHA512 */
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* WOLF_CRYPT_HASH_H */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h
deleted file mode 100644
index a539e571..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h
+++ /dev/null
@@ -1,181 +0,0 @@
-/* hmac.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/*!
-    \file wolfssl/wolfcrypt/hmac.h
-*/
-
-#ifndef NO_HMAC
-
-#ifndef WOLF_CRYPT_HMAC_H
-#define WOLF_CRYPT_HMAC_H
-
-#include <wolfssl/wolfcrypt/hash.h>
-
-#if defined(HAVE_FIPS) && \
-	(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
-/* for fips @wc_fips */
-    #include <cyassl/ctaocrypt/hmac.h>
-    #define WC_HMAC_BLOCK_SIZE HMAC_BLOCK_SIZE
-#endif
-
-
-#if defined(HAVE_FIPS) && \
-	defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
-	#include <wolfssl/wolfcrypt/fips.h>
-#endif
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-/* avoid redefinition of structs */
-#if !defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
-
-#ifdef WOLFSSL_ASYNC_CRYPT
-    #include <wolfssl/wolfcrypt/async.h>
-#endif
-
-#ifndef NO_OLD_WC_NAMES
-    #define HMAC_BLOCK_SIZE WC_HMAC_BLOCK_SIZE
-#endif
-
-enum {
-    HMAC_FIPS_MIN_KEY = 14,   /* 112 bit key length minimum */
-
-    IPAD    = 0x36,
-    OPAD    = 0x5C,
-
-/* If any hash is not enabled, add the ID here. */
-#ifdef NO_MD5
-    WC_MD5     = WC_HASH_TYPE_MD5,
-#endif
-#ifdef NO_SHA
-    WC_SHA     = WC_HASH_TYPE_SHA,
-#endif
-#ifdef NO_SHA256
-    WC_SHA256  = WC_HASH_TYPE_SHA256,
-#endif
-#ifndef WOLFSSL_SHA512
-    WC_SHA512  = WC_HASH_TYPE_SHA512,
-#endif
-#ifndef WOLFSSL_SHA384
-    WC_SHA384  = WC_HASH_TYPE_SHA384,
-#endif
-#ifndef HAVE_BLAKE2
-    BLAKE2B_ID = WC_HASH_TYPE_BLAKE2B,
-#endif
-#ifndef WOLFSSL_SHA224
-    WC_SHA224  = WC_HASH_TYPE_SHA224,
-#endif
-#ifndef WOLFSSL_SHA3
-    WC_SHA3_224 = WC_HASH_TYPE_SHA3_224,
-    WC_SHA3_256 = WC_HASH_TYPE_SHA3_256,
-    WC_SHA3_384 = WC_HASH_TYPE_SHA3_384,
-    WC_SHA3_512 = WC_HASH_TYPE_SHA3_512,
-#endif
-};
-
-/* Select the largest available hash for the buffer size. */
-#define WC_HMAC_BLOCK_SIZE WC_MAX_BLOCK_SIZE
-
-#if !defined(WOLFSSL_SHA3) && !defined(WOLFSSL_SHA512) && !defined(HAVE_BLAKE2) && \
-    !defined(WOLFSSL_SHA384) && defined(NO_SHA256) && defined(WOLFSSL_SHA224) && \
-     defined(NO_SHA) && defined(NO_MD5)
-    #error "You have to have some kind of hash if you want to use HMAC."
-#endif
-
-
-/* hash union */
-typedef union {
-#ifndef NO_MD5
-    wc_Md5 md5;
-#endif
-#ifndef NO_SHA
-    wc_Sha sha;
-#endif
-#ifdef WOLFSSL_SHA224
-    wc_Sha224 sha224;
-#endif
-#ifndef NO_SHA256
-    wc_Sha256 sha256;
-#endif
-#ifdef WOLFSSL_SHA384
-    wc_Sha384 sha384;
-#endif
-#ifdef WOLFSSL_SHA512
-    wc_Sha512 sha512;
-#endif
-#ifdef HAVE_BLAKE2
-    Blake2b blake2b;
-#endif
-#ifdef WOLFSSL_SHA3
-    wc_Sha3 sha3;
-#endif
-} Hash;
-
-/* Hmac digest */
-typedef struct Hmac {
-    Hash    hash;
-    word32  ipad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];  /* same block size all*/
-    word32  opad[WC_HMAC_BLOCK_SIZE  / sizeof(word32)];
-    word32  innerHash[WC_MAX_DIGEST_SIZE / sizeof(word32)];
-    void*   heap;                 /* heap hint */
-    byte    macType;              /* md5 sha or sha256 */
-    byte    innerHashKeyed;       /* keyed flag */
-
-#ifdef WOLFSSL_ASYNC_CRYPT
-    WC_ASYNC_DEV asyncDev;
-    word16       keyLen;          /* hmac key length (key in ipad) */
-#endif /* WOLFSSL_ASYNC_CRYPT */
-} Hmac;
-
-#endif /* HAVE_FIPS */
-
-/* does init */
-WOLFSSL_API int wc_HmacSetKey(Hmac*, int type, const byte* key, word32 keySz);
-WOLFSSL_API int wc_HmacUpdate(Hmac*, const byte*, word32);
-WOLFSSL_API int wc_HmacFinal(Hmac*, byte*);
-WOLFSSL_API int wc_HmacSizeByType(int type);
-
-WOLFSSL_API int wc_HmacInit(Hmac* hmac, void* heap, int devId);
-WOLFSSL_API void wc_HmacFree(Hmac*);
-
-WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);
-
-WOLFSSL_LOCAL int _InitHmac(Hmac* hmac, int type, void* heap);
-
-#ifdef HAVE_HKDF
-
-WOLFSSL_API int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz,
-                                const byte* inKey, word32 inKeySz, byte* out);
-WOLFSSL_API int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz,
-                               const byte* info, word32 infoSz,
-                               byte* out,        word32 outSz);
-
-WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
-                    const byte* salt, word32 saltSz,
-                    const byte* info, word32 infoSz,
-                    byte* out, word32 outSz);
-
-#endif /* HAVE_HKDF */
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* WOLF_CRYPT_HMAC_H */
-
-#endif /* NO_HMAC */
-
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/integer.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/integer.h
deleted file mode 100644
index cd677bb6..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/integer.h
+++ /dev/null
@@ -1,398 +0,0 @@
-/* integer.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-
-/*
- * Based on public domain LibTomMath 0.38 by Tom St Denis, tomstdenis@iahu.ca,
- * http://math.libtomcrypt.com
- */
-
-
-#ifndef WOLF_CRYPT_INTEGER_H
-#define WOLF_CRYPT_INTEGER_H
-
-/* may optionally use fast math instead, not yet supported on all platforms and
-   may not be faster on all
-*/
-#include <wolfssl/wolfcrypt/types.h>       /* will set MP_xxBIT if not default */
-#ifdef WOLFSSL_SP_MATH
-    #include <wolfssl/wolfcrypt/sp_int.h>
-#elif defined(USE_FAST_MATH)
-    #include <wolfssl/wolfcrypt/tfm.h>
-#else
-
-#include <wolfssl/wolfcrypt/random.h>
-
-#ifndef CHAR_BIT
-    #include <limits.h>
-#endif
-
-#include <wolfssl/wolfcrypt/mpi_class.h>
-
-/* wolf big int and common functions */
-#include <wolfssl/wolfcrypt/wolfmath.h>
-
-
-#ifdef WOLFSSL_PUBLIC_MP
-    #define MP_API   WOLFSSL_API
-#else
-    #define MP_API
-#endif
-
-#ifndef MIN
-   #define MIN(x,y) ((x)<(y)?(x):(y))
-#endif
-
-#ifndef MAX
-   #define MAX(x,y) ((x)>(y)?(x):(y))
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-
-/* C++ compilers don't like assigning void * to mp_digit * */
-#define  OPT_CAST(x)  (x *)
-
-#elif defined(_SH3)
-
-/* SuperH SH3 compiler doesn't like assigning voi* to mp_digit* */
-#define  OPT_CAST(x)  (x *)
-
-#else
-
-/* C on the other hand doesn't care */
-#define  OPT_CAST(x)
-
-#endif /* __cplusplus */
-
-
-/* detect 64-bit mode if possible */
-#if defined(__x86_64__)
-   #if !(defined(MP_64BIT) && defined(MP_16BIT) && defined(MP_8BIT))
-      #define MP_64BIT
-   #endif
-#endif
-/* if intel compiler doesn't provide 128 bit type don't turn on 64bit */
-#if defined(MP_64BIT) && defined(__INTEL_COMPILER) && !defined(HAVE___UINT128_T)
-    #undef MP_64BIT
-#endif
-
-
-/* allow user to define on mp_digit, mp_word, DIGIT_BIT types */
-#ifndef WOLFSSL_BIGINT_TYPES
-
-/* some default configurations.
- *
- * A "mp_digit" must be able to hold DIGIT_BIT + 1 bits
- * A "mp_word" must be able to hold 2*DIGIT_BIT + 1 bits
- *
- * At the very least a mp_digit must be able to hold 7 bits
- * [any size beyond that is ok provided it doesn't overflow the data type]
- */
-#ifdef MP_8BIT
-   typedef unsigned char      mp_digit;
-   typedef unsigned short     mp_word;
-#elif defined(MP_16BIT) || defined(NO_64BIT)
-   typedef unsigned short     mp_digit;
-   typedef unsigned int       mp_word;
-   #define DIGIT_BIT          12
-#elif defined(MP_64BIT)
-   /* for GCC only on supported platforms */
-   typedef unsigned long long mp_digit;  /* 64 bit type, 128 uses mode(TI) */
-   typedef unsigned long      mp_word __attribute__ ((mode(TI)));
-
-   #define DIGIT_BIT          60
-#else
-   /* this is the default case, 28-bit digits */
-
-   #if defined(_MSC_VER) || defined(__BORLANDC__)
-      typedef unsigned __int64   ulong64;
-   #else
-      typedef unsigned long long ulong64;
-   #endif
-
-   typedef unsigned int       mp_digit;  /* long could be 64 now, changed TAO */
-   typedef ulong64            mp_word;
-
-#ifdef MP_31BIT
-   /* this is an extension that uses 31-bit digits */
-   #define DIGIT_BIT          31
-#else
-   /* default case is 28-bit digits, defines MP_28BIT as a handy test macro */
-   #define DIGIT_BIT          28
-   #define MP_28BIT
-#endif
-#endif
-
-#endif /* WOLFSSL_BIGINT_TYPES */
-
-/* otherwise the bits per digit is calculated automatically from the size of
-   a mp_digit */
-#ifndef DIGIT_BIT
-   #define DIGIT_BIT ((int)((CHAR_BIT * sizeof(mp_digit) - 1)))
-      /* bits per digit */
-#endif
-
-#define MP_DIGIT_BIT     DIGIT_BIT
-#define MP_MASK          ((((mp_digit)1)<<((mp_digit)DIGIT_BIT))-((mp_digit)1))
-#define MP_DIGIT_MAX     MP_MASK
-
-/* equalities */
-#define MP_LT        -1   /* less than */
-#define MP_EQ         0   /* equal to */
-#define MP_GT         1   /* greater than */
-
-#define MP_ZPOS       0   /* positive integer */
-#define MP_NEG        1   /* negative */
-
-#define MP_OKAY       0   /* ok result */
-#define MP_MEM        -2  /* out of mem */
-#define MP_VAL        -3  /* invalid input */
-#define MP_NOT_INF	  -4  /* point not at infinity */
-#define MP_RANGE      MP_NOT_INF
-
-#define MP_YES        1   /* yes response */
-#define MP_NO         0   /* no response */
-
-/* Primality generation flags */
-#define LTM_PRIME_BBS      0x0001 /* BBS style prime */
-#define LTM_PRIME_SAFE     0x0002 /* Safe prime (p-1)/2 == prime */
-#define LTM_PRIME_2MSB_ON  0x0008 /* force 2nd MSB to 1 */
-
-typedef int           mp_err;
-
-/* define this to use lower memory usage routines (exptmods mostly) */
-#define MP_LOW_MEM
-
-/* default precision */
-#ifndef MP_PREC
-   #ifndef MP_LOW_MEM
-      #define MP_PREC                 32     /* default digits of precision */
-   #else
-      #define MP_PREC                 1      /* default digits of precision */
-   #endif
-#endif
-
-/* size of comba arrays, should be at least 2 * 2**(BITS_PER_WORD -
-   BITS_PER_DIGIT*2) */
-#define MP_WARRAY  (1 << (sizeof(mp_word) * CHAR_BIT - 2 * DIGIT_BIT + 1))
-
-#ifdef HAVE_WOLF_BIGINT
-    struct WC_BIGINT;
-#endif
-
-/* the mp_int structure */
-typedef struct mp_int {
-    int used, alloc, sign;
-    mp_digit *dp;
-
-#ifdef HAVE_WOLF_BIGINT
-    struct WC_BIGINT raw; /* unsigned binary (big endian) */
-#endif
-} mp_int;
-#define MP_INT_DEFINED
-
-/* callback for mp_prime_random, should fill dst with random bytes and return
-   how many read [up to len] */
-typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat);
-
-
-#define USED(m)    ((m)->used)
-#define DIGIT(m,k) ((m)->dp[(k)])
-#define SIGN(m)    ((m)->sign)
-
-
-/* ---> Basic Manipulations <--- */
-#define mp_iszero(a) (((a)->used == 0) ? MP_YES : MP_NO)
-#define mp_isone(a) \
-    (((((a)->used == 1)) && ((a)->dp[0] == 1u)) ? MP_YES : MP_NO)
-#define mp_iseven(a) \
-    (((a)->used > 0 && (((a)->dp[0] & 1u) == 0u)) ? MP_YES : MP_NO)
-#define mp_isodd(a) \
-    (((a)->used > 0 && (((a)->dp[0] & 1u) == 1u)) ? MP_YES : MP_NO)
-#define mp_isneg(a)  (((a)->sign != MP_ZPOS) ? MP_YES : MP_NO)
-
-/* number of primes */
-#ifdef MP_8BIT
-   #define PRIME_SIZE      31
-#else
-   #define PRIME_SIZE      256
-#endif
-
-#ifndef MAX_INVMOD_SZ
-    #if defined(WOLFSSL_MYSQL_COMPATIBLE)
-        #define MAX_INVMOD_SZ 8192
-    #else
-        #define MAX_INVMOD_SZ 4096
-    #endif
-#endif
-
-#define mp_prime_random(a, t, size, bbs, cb, dat) \
-   mp_prime_random_ex(a, t, ((size) * 8) + 1, (bbs==1)?LTM_PRIME_BBS:0, cb, dat)
-
-#define mp_read_raw(mp, str, len) mp_read_signed_bin((mp), (str), (len))
-#define mp_raw_size(mp)           mp_signed_bin_size(mp)
-#define mp_toraw(mp, str)         mp_to_signed_bin((mp), (str))
-#define mp_read_mag(mp, str, len) mp_read_unsigned_bin((mp), (str), (len))
-#define mp_mag_size(mp)           mp_unsigned_bin_size(mp)
-#define mp_tomag(mp, str)         mp_to_unsigned_bin((mp), (str))
-
-#define MP_RADIX_BIN  2
-#define MP_RADIX_OCT  8
-#define MP_RADIX_DEC  10
-#define MP_RADIX_HEX  16
-#define MP_RADIX_MAX  64
-
-#define mp_tobinary(M, S)  mp_toradix((M), (S), MP_RADIX_BIN)
-#define mp_tooctal(M, S)   mp_toradix((M), (S), MP_RADIX_OCT)
-#define mp_todecimal(M, S) mp_toradix((M), (S), MP_RADIX_DEC)
-#define mp_tohex(M, S)     mp_toradix((M), (S), MP_RADIX_HEX)
-
-#define s_mp_mul(a, b, c) s_mp_mul_digs(a, b, c, (a)->used + (b)->used + 1)
-
-#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \
-    defined(WOLFSSL_DEBUG_MATH) || defined(DEBUG_WOLFSSL)
-extern const char *mp_s_rmap;
-#endif
-
-/* 6 functions needed by Rsa */
-MP_API int  mp_init (mp_int * a);
-MP_API void mp_clear (mp_int * a);
-MP_API void mp_free (mp_int * a);
-MP_API void mp_forcezero(mp_int * a);
-MP_API int  mp_unsigned_bin_size(mp_int * a);
-MP_API int  mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c);
-MP_API int  mp_to_unsigned_bin_at_pos(int x, mp_int *t, unsigned char *b);
-MP_API int  mp_to_unsigned_bin (mp_int * a, unsigned char *b);
-MP_API int  mp_to_unsigned_bin_len(mp_int * a, unsigned char *b, int c);
-MP_API int  mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y);
-/* end functions needed by Rsa */
-
-/* functions added to support above needed, removed TOOM and KARATSUBA */
-MP_API int  mp_count_bits (mp_int * a);
-MP_API int  mp_leading_bit (mp_int * a);
-MP_API int  mp_init_copy (mp_int * a, mp_int * b);
-MP_API int  mp_copy (mp_int * a, mp_int * b);
-MP_API int  mp_grow (mp_int * a, int size);
-MP_API int  mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d);
-MP_API void mp_zero (mp_int * a);
-MP_API void mp_clamp (mp_int * a);
-MP_API void mp_exch (mp_int * a, mp_int * b);
-MP_API void mp_rshd (mp_int * a, int b);
-MP_API void mp_rshb (mp_int * a, int b);
-MP_API int  mp_mod_2d (mp_int * a, int b, mp_int * c);
-MP_API int  mp_mul_2d (mp_int * a, int b, mp_int * c);
-MP_API int  mp_lshd (mp_int * a, int b);
-MP_API int  mp_abs (mp_int * a, mp_int * b);
-MP_API int  mp_invmod (mp_int * a, mp_int * b, mp_int * c);
-int  fast_mp_invmod (mp_int * a, mp_int * b, mp_int * c);
-MP_API int  mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c);
-MP_API int  mp_cmp_mag (mp_int * a, mp_int * b);
-MP_API int  mp_cmp (mp_int * a, mp_int * b);
-MP_API int  mp_cmp_d(mp_int * a, mp_digit b);
-MP_API int  mp_set (mp_int * a, mp_digit b);
-MP_API int  mp_is_bit_set (mp_int * a, mp_digit b);
-MP_API int  mp_mod (mp_int * a, mp_int * b, mp_int * c);
-MP_API int  mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d);
-MP_API int  mp_div_2(mp_int * a, mp_int * b);
-MP_API int  mp_add (mp_int * a, mp_int * b, mp_int * c);
-int  s_mp_add (mp_int * a, mp_int * b, mp_int * c);
-int  s_mp_sub (mp_int * a, mp_int * b, mp_int * c);
-MP_API int  mp_sub (mp_int * a, mp_int * b, mp_int * c);
-MP_API int  mp_reduce_is_2k_l(mp_int *a);
-MP_API int  mp_reduce_is_2k(mp_int *a);
-MP_API int  mp_dr_is_modulus(mp_int *a);
-MP_API int  mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
-                             int);
-MP_API int  mp_montgomery_setup (mp_int * n, mp_digit * rho);
-int  fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho);
-MP_API int  mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho);
-MP_API void mp_dr_setup(mp_int *a, mp_digit *d);
-MP_API int  mp_dr_reduce (mp_int * x, mp_int * n, mp_digit k);
-MP_API int  mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d);
-int  fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
-int  s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
-MP_API int  mp_reduce_2k_setup_l(mp_int *a, mp_int *d);
-MP_API int  mp_reduce_2k_l(mp_int *a, mp_int *n, mp_int *d);
-MP_API int  mp_reduce (mp_int * x, mp_int * m, mp_int * mu);
-MP_API int  mp_reduce_setup (mp_int * a, mp_int * b);
-int  s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode);
-MP_API int  mp_montgomery_calc_normalization (mp_int * a, mp_int * b);
-int  s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
-int  s_mp_sqr (mp_int * a, mp_int * b);
-int  fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs);
-int  fast_s_mp_sqr (mp_int * a, mp_int * b);
-MP_API int  mp_init_size (mp_int * a, int size);
-MP_API int  mp_div_3 (mp_int * a, mp_int *c, mp_digit * d);
-MP_API int  mp_mul_2(mp_int * a, mp_int * b);
-MP_API int  mp_mul (mp_int * a, mp_int * b, mp_int * c);
-MP_API int  mp_sqr (mp_int * a, mp_int * b);
-MP_API int  mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d);
-MP_API int  mp_submod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
-MP_API int  mp_addmod (mp_int* a, mp_int* b, mp_int* c, mp_int* d);
-MP_API int  mp_mul_d (mp_int * a, mp_digit b, mp_int * c);
-MP_API int  mp_2expt (mp_int * a, int b);
-MP_API int  mp_set_bit (mp_int * a, int b);
-MP_API int  mp_reduce_2k_setup(mp_int *a, mp_digit *d);
-MP_API int  mp_add_d (mp_int* a, mp_digit b, mp_int* c);
-MP_API int  mp_set_int (mp_int * a, unsigned long b);
-MP_API int  mp_sub_d (mp_int * a, mp_digit b, mp_int * c);
-/* end support added functions */
-
-/* added */
-MP_API int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e,
-                         mp_int* f);
-MP_API int mp_toradix (mp_int *a, char *str, int radix);
-MP_API int mp_radix_size (mp_int * a, int radix, int *size);
-
-#ifdef WOLFSSL_DEBUG_MATH
-    MP_API void mp_dump(const char* desc, mp_int* a, byte verbose);
-#else
-    #define mp_dump(desc, a, verbose)
-#endif
-
-#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || !defined(NO_RSA) || \
-    !defined(NO_DSA) || !defined(NO_DH)
-    MP_API int mp_sqrmod(mp_int* a, mp_int* b, mp_int* c);
-#endif
-#if !defined(NO_DSA) || defined(HAVE_ECC)
-    MP_API int mp_read_radix(mp_int* a, const char* str, int radix);
-#endif
-
-#if defined(WOLFSSL_KEY_GEN) || !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH)
-    MP_API int mp_prime_is_prime (mp_int * a, int t, int *result);
-    MP_API int mp_prime_is_prime_ex (mp_int * a, int t, int *result, WC_RNG*);
-#endif /* WOLFSSL_KEY_GEN NO_RSA NO_DSA NO_DH */
-#ifdef WOLFSSL_KEY_GEN
-    MP_API int mp_gcd (mp_int * a, mp_int * b, mp_int * c);
-    MP_API int mp_lcm (mp_int * a, mp_int * b, mp_int * c);
-    MP_API int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap);
-#endif
-
-MP_API int mp_cnt_lsb(mp_int *a);
-MP_API int mp_mod_d(mp_int* a, mp_digit b, mp_digit* c);
-
-
-/* wolf big int and common functions */
-#include <wolfssl/wolfcrypt/wolfmath.h>
-
-
-#ifdef __cplusplus
-   }
-#endif
-
-
-#endif /* USE_FAST_MATH */
-
-#endif  /* WOLF_CRYPT_INTEGER_H */
-
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h
deleted file mode 100644
index 0a2d7f6b..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h
+++ /dev/null
@@ -1,179 +0,0 @@
-/* logging.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/*!
-    \file wolfssl/wolfcrypt/logging.h
-*/
-
-
-/* submitted by eof */
-
-
-#ifndef WOLFSSL_LOGGING_H
-#define WOLFSSL_LOGGING_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-enum wc_LogLevels {
-    ERROR_LOG = 0,
-    INFO_LOG,
-    ENTER_LOG,
-    LEAVE_LOG,
-    OTHER_LOG
-};
-
-#ifdef WOLFSSL_FUNC_TIME
-/* WARNING: This code is only to be used for debugging performance.
- *          The code is not thread-safe.
- *          Do not use WOLFSSL_FUNC_TIME in production code.
- */
-enum wc_FuncNum {
-    WC_FUNC_HELLO_REQUEST_SEND = 0,
-    WC_FUNC_HELLO_REQUEST_DO,
-    WC_FUNC_CLIENT_HELLO_SEND,
-    WC_FUNC_CLIENT_HELLO_DO,
-    WC_FUNC_SERVER_HELLO_SEND,
-    WC_FUNC_SERVER_HELLO_DO,
-    WC_FUNC_ENCRYPTED_EXTENSIONS_SEND,
-    WC_FUNC_ENCRYPTED_EXTENSIONS_DO,
-    WC_FUNC_CERTIFICATE_REQUEST_SEND,
-    WC_FUNC_CERTIFICATE_REQUEST_DO,
-    WC_FUNC_CERTIFICATE_SEND,
-    WC_FUNC_CERTIFICATE_DO,
-    WC_FUNC_CERTIFICATE_VERIFY_SEND,
-    WC_FUNC_CERTIFICATE_VERIFY_DO,
-    WC_FUNC_FINISHED_SEND,
-    WC_FUNC_FINISHED_DO,
-    WC_FUNC_KEY_UPDATE_SEND,
-    WC_FUNC_KEY_UPDATE_DO,
-    WC_FUNC_EARLY_DATA_SEND,
-    WC_FUNC_EARLY_DATA_DO,
-    WC_FUNC_NEW_SESSION_TICKET_SEND,
-    WC_FUNC_NEW_SESSION_TICKET_DO,
-    WC_FUNC_SERVER_HELLO_DONE_SEND,
-    WC_FUNC_SERVER_HELLO_DONE_DO,
-    WC_FUNC_TICKET_SEND,
-    WC_FUNC_TICKET_DO,
-    WC_FUNC_CLIENT_KEY_EXCHANGE_SEND,
-    WC_FUNC_CLIENT_KEY_EXCHANGE_DO,
-    WC_FUNC_CERTIFICATE_STATUS_SEND,
-    WC_FUNC_CERTIFICATE_STATUS_DO,
-    WC_FUNC_SERVER_KEY_EXCHANGE_SEND,
-    WC_FUNC_SERVER_KEY_EXCHANGE_DO,
-    WC_FUNC_END_OF_EARLY_DATA_SEND,
-    WC_FUNC_END_OF_EARLY_DATA_DO,
-    WC_FUNC_COUNT
-};
-#endif
-
-typedef void (*wolfSSL_Logging_cb)(const int logLevel,
-                                   const char *const logMessage);
-
-WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
-
-/* turn logging on, only if compiled in */
-WOLFSSL_API int  wolfSSL_Debugging_ON(void);
-/* turn logging off */
-WOLFSSL_API void wolfSSL_Debugging_OFF(void);
-
-
-#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
-    WOLFSSL_LOCAL int wc_LoggingInit(void);
-    WOLFSSL_LOCAL int wc_LoggingCleanup(void);
-    WOLFSSL_LOCAL int wc_AddErrorNode(int error, int line, char* buf,
-            char* file);
-    WOLFSSL_LOCAL int wc_PeekErrorNode(int index, const char **file,
-            const char **reason, int *line);
-    WOLFSSL_LOCAL void wc_RemoveErrorNode(int index);
-    WOLFSSL_LOCAL void wc_ClearErrorNodes(void);
-    WOLFSSL_LOCAL int wc_PullErrorNode(const char **file, const char **reason,
-                            int *line);
-    WOLFSSL_API   int wc_SetLoggingHeap(void* h);
-    WOLFSSL_API   int wc_ERR_remove_state(void);
-    #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
-        WOLFSSL_API   void wc_ERR_print_errors_fp(XFILE fp);
-    #endif
-#endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */
-
-#ifdef WOLFSSL_FUNC_TIME
-    /* WARNING: This code is only to be used for debugging performance.
-     *          The code is not thread-safe.
-     *          Do not use WOLFSSL_FUNC_TIME in production code.
-     */
-    WOLFSSL_API void WOLFSSL_START(int funcNum);
-    WOLFSSL_API void WOLFSSL_END(int funcNum);
-    WOLFSSL_API void WOLFSSL_TIME(int count);
-#else
-    #define WOLFSSL_START(n)
-    #define WOLFSSL_END(n)
-    #define WOLFSSL_TIME(n)
-#endif
-
-#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_ERRORS_ONLY)
-    #if defined(_WIN32)
-        #if defined(INTIME_RTOS)
-            #define __func__ NULL
-        #else
-            #define __func__ __FUNCTION__
-        #endif
-    #endif
-
-    /* a is prepended to m and b is appended, creating a log msg a + m + b */
-    #define WOLFSSL_LOG_CAT(a, m, b) #a " " m " "  #b
-
-    WOLFSSL_API void WOLFSSL_ENTER(const char* msg);
-    WOLFSSL_API void WOLFSSL_LEAVE(const char* msg, int ret);
-    #define WOLFSSL_STUB(m) \
-        WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented))
-
-    WOLFSSL_API void WOLFSSL_MSG(const char* msg);
-    WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length);
-
-#else
-
-    #define WOLFSSL_ENTER(m)
-    #define WOLFSSL_LEAVE(m, r)
-    #define WOLFSSL_STUB(m)
-
-    #define WOLFSSL_MSG(m)
-    #define WOLFSSL_BUFFER(b, l)
-
-#endif /* DEBUG_WOLFSSL && !WOLFSSL_DEBUG_ERRORS_ONLY */
-
-#if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
-
-    #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
-        WOLFSSL_API void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line,
-            const char* file, void* ctx);
-        #define WOLFSSL_ERROR(x) \
-            WOLFSSL_ERROR_LINE((x), __func__, __LINE__, __FILE__, NULL)
-    #else
-        WOLFSSL_API void WOLFSSL_ERROR(int err);
-    #endif
-    WOLFSSL_API void WOLFSSL_ERROR_MSG(const char* msg);
-
-#else
-    #define WOLFSSL_ERROR(e)
-    #define WOLFSSL_ERROR_MSG(m)
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-#endif /* WOLFSSL_LOGGING_H */
-
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/md5.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/md5.h
deleted file mode 100644
index 9386b388..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/md5.h
+++ /dev/null
@@ -1,114 +0,0 @@
-/* md5.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/*!
-    \file wolfssl/wolfcrypt/md5.h
-*/
-
-
-#ifndef WOLF_CRYPT_MD5_H
-#define WOLF_CRYPT_MD5_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_MD5
-
-#ifdef HAVE_FIPS
-    #define wc_InitMd5   InitMd5
-    #define wc_Md5Update Md5Update
-    #define wc_Md5Final  Md5Final
-    #define wc_Md5Hash   Md5Hash
-#endif
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-#ifndef NO_OLD_WC_NAMES
-    #define Md5             wc_Md5
-    #define MD5             WC_MD5
-    #define MD5_BLOCK_SIZE  WC_MD5_BLOCK_SIZE
-    #define MD5_DIGEST_SIZE WC_MD5_DIGEST_SIZE
-    #define WC_MD5_PAD_SIZE WC_MD5_PAD_SIZE
-#endif
-
-/* in bytes */
-enum {
-    WC_MD5             =  WC_HASH_TYPE_MD5,
-    WC_MD5_BLOCK_SIZE  = 64,
-    WC_MD5_DIGEST_SIZE = 16,
-    WC_MD5_PAD_SIZE    = 56
-};
-
-
-#ifdef WOLFSSL_MICROCHIP_PIC32MZ
-    #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
-#endif
-#ifdef STM32_HASH
-    #include <wolfssl/wolfcrypt/port/st/stm32.h>
-#endif
-#ifdef WOLFSSL_ASYNC_CRYPT
-    #include <wolfssl/wolfcrypt/async.h>
-#endif
-
-#ifdef WOLFSSL_TI_HASH
-    #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
-#elif defined(WOLFSSL_IMX6_CAAM)
-    #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
-#else
-
-/* MD5 digest */
-typedef struct wc_Md5 {
-#ifdef STM32_HASH
-    STM32_HASH_Context stmCtx;
-#else
-    word32  buffLen;   /* in bytes          */
-    word32  loLen;     /* length in bytes   */
-    word32  hiLen;     /* length in bytes   */
-    word32  buffer[WC_MD5_BLOCK_SIZE  / sizeof(word32)];
-#ifdef WOLFSSL_PIC32MZ_HASH
-    word32  digest[PIC32_DIGEST_SIZE / sizeof(word32)];
-#else
-    word32  digest[WC_MD5_DIGEST_SIZE / sizeof(word32)];
-#endif
-    void*   heap;
-#ifdef WOLFSSL_PIC32MZ_HASH
-    hashUpdCache cache; /* cache for updates */
-#endif
-#endif /* STM32_HASH */
-#ifdef WOLFSSL_ASYNC_CRYPT
-    WC_ASYNC_DEV asyncDev;
-#endif /* WOLFSSL_ASYNC_CRYPT */
-} wc_Md5;
-
-#endif /* WOLFSSL_TI_HASH */
-
-WOLFSSL_API int wc_InitMd5(wc_Md5*);
-WOLFSSL_API int wc_InitMd5_ex(wc_Md5*, void*, int);
-WOLFSSL_API int wc_Md5Update(wc_Md5*, const byte*, word32);
-WOLFSSL_API int wc_Md5Final(wc_Md5*, byte*);
-WOLFSSL_API void wc_Md5Free(wc_Md5*);
-
-WOLFSSL_API int  wc_Md5GetHash(wc_Md5*, byte*);
-WOLFSSL_API int  wc_Md5Copy(wc_Md5*, wc_Md5*);
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-WOLFSSL_API void wc_Md5SizeSet(wc_Md5* md5, word32 len);
-#endif
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* NO_MD5 */
-#endif /* WOLF_CRYPT_MD5_H */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_class.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_class.h
deleted file mode 100644
index 2d5b23e1..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_class.h
+++ /dev/null
@@ -1,1011 +0,0 @@
-/* mpi_class.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-
-
-#if !(defined(LTM1) && defined(LTM2) && defined(LTM3))
-#if defined(LTM2)
-#define LTM3
-#endif
-#if defined(LTM1)
-#define LTM2
-#endif
-#define LTM1
-
-#if defined(LTM_ALL)
-#define BN_ERROR_C
-#define BN_FAST_MP_INVMOD_C
-#define BN_FAST_MP_MONTGOMERY_REDUCE_C
-#define BN_FAST_S_MP_MUL_DIGS_C
-#define BN_FAST_S_MP_MUL_HIGH_DIGS_C
-#define BN_FAST_S_MP_SQR_C
-#define BN_MP_2EXPT_C
-#define BN_MP_ABS_C
-#define BN_MP_ADD_C
-#define BN_MP_ADD_D_C
-#define BN_MP_ADDMOD_C
-#define BN_MP_AND_C
-#define BN_MP_CLAMP_C
-#define BN_MP_CLEAR_C
-#define BN_MP_CLEAR_MULTI_C
-#define BN_MP_CMP_C
-#define BN_MP_CMP_D_C
-#define BN_MP_CMP_MAG_C
-#define BN_MP_CNT_LSB_C
-#define BN_MP_COPY_C
-#define BN_MP_COUNT_BITS_C
-#define BN_MP_DIV_C
-#define BN_MP_DIV_2_C
-#define BN_MP_DIV_2D_C
-#define BN_MP_DIV_3_C
-#define BN_MP_DIV_D_C
-#define BN_MP_DR_IS_MODULUS_C
-#define BN_MP_DR_REDUCE_C
-#define BN_MP_DR_SETUP_C
-#define BN_MP_EXCH_C
-#define BN_MP_EXPT_D_C
-#define BN_MP_EXPTMOD_C
-#define BN_MP_EXPTMOD_FAST_C
-#define BN_MP_EXTEUCLID_C
-#define BN_MP_FREAD_C
-#define BN_MP_FWRITE_C
-#define BN_MP_GCD_C
-#define BN_MP_GET_INT_C
-#define BN_MP_GROW_C
-#define BN_MP_INIT_C
-#define BN_MP_INIT_COPY_C
-#define BN_MP_INIT_MULTI_C
-#define BN_MP_INIT_SET_C
-#define BN_MP_INIT_SET_INT_C
-#define BN_MP_INIT_SIZE_C
-#define BN_MP_INVMOD_C
-#define BN_MP_INVMOD_SLOW_C
-#define BN_MP_IS_SQUARE_C
-#define BN_MP_JACOBI_C
-#define BN_MP_KARATSUBA_MUL_C
-#define BN_MP_KARATSUBA_SQR_C
-#define BN_MP_LCM_C
-#define BN_MP_LSHD_C
-#define BN_MP_MOD_C
-#define BN_MP_MOD_2D_C
-#define BN_MP_MOD_D_C
-#define BN_MP_MONTGOMERY_CALC_NORMALIZATION_C
-#define BN_MP_MONTGOMERY_REDUCE_C
-#define BN_MP_MONTGOMERY_SETUP_C
-#define BN_MP_MUL_C
-#define BN_MP_MUL_2_C
-#define BN_MP_MUL_2D_C
-#define BN_MP_MUL_D_C
-#define BN_MP_MULMOD_C
-#define BN_MP_N_ROOT_C
-#define BN_MP_NEG_C
-#define BN_MP_OR_C
-#define BN_MP_PRIME_FERMAT_C
-#define BN_MP_PRIME_IS_DIVISIBLE_C
-#define BN_MP_PRIME_IS_PRIME_C
-#define BN_MP_PRIME_MILLER_RABIN_C
-#define BN_MP_PRIME_NEXT_PRIME_C
-#define BN_MP_PRIME_RABIN_MILLER_TRIALS_C
-#define BN_MP_PRIME_RANDOM_EX_C
-#define BN_MP_RADIX_SIZE_C
-#define BN_MP_RADIX_SMAP_C
-#define BN_MP_RAND_C
-#define BN_MP_READ_RADIX_C
-#define BN_MP_READ_SIGNED_BIN_C
-#define BN_MP_READ_UNSIGNED_BIN_C
-#define BN_MP_REDUCE_C
-#define BN_MP_REDUCE_2K_C
-#define BN_MP_REDUCE_2K_L_C
-#define BN_MP_REDUCE_2K_SETUP_C
-#define BN_MP_REDUCE_2K_SETUP_L_C
-#define BN_MP_REDUCE_IS_2K_C
-#define BN_MP_REDUCE_IS_2K_L_C
-#define BN_MP_REDUCE_SETUP_C
-#define BN_MP_RSHD_C
-#define BN_MP_SET_C
-#define BN_MP_SET_INT_C
-#define BN_MP_SHRINK_C
-#define BN_MP_SIGNED_BIN_SIZE_C
-#define BN_MP_SQR_C
-#define BN_MP_SQRMOD_C
-#define BN_MP_SQRT_C
-#define BN_MP_SUB_C
-#define BN_MP_SUB_D_C
-#define BN_MP_SUBMOD_C
-#define BN_MP_TO_SIGNED_BIN_C
-#define BN_MP_TO_SIGNED_BIN_N_C
-#define BN_MP_TO_UNSIGNED_BIN_C
-#define BN_MP_TO_UNSIGNED_BIN_N_C
-#define BN_MP_TOOM_MUL_C
-#define BN_MP_TOOM_SQR_C
-#define BN_MP_TORADIX_C
-#define BN_MP_TORADIX_N_C
-#define BN_MP_UNSIGNED_BIN_SIZE_C
-#define BN_MP_XOR_C
-#define BN_MP_ZERO_C
-#define BN_PRIME_TAB_C
-#define BN_REVERSE_C
-#define BN_S_MP_ADD_C
-#define BN_S_MP_EXPTMOD_C
-#define BN_S_MP_MUL_DIGS_C
-#define BN_S_MP_MUL_HIGH_DIGS_C
-#define BN_S_MP_SQR_C
-#define BN_S_MP_SUB_C
-#define BNCORE_C
-#endif
-
-#if defined(BN_ERROR_C)
-   #define BN_MP_ERROR_TO_STRING_C
-#endif
-
-#if defined(BN_FAST_MP_INVMOD_C)
-   #define BN_MP_ISEVEN_C
-   #define BN_MP_INIT_MULTI_C
-   #define BN_MP_COPY_C
-   #define BN_MP_MOD_C
-   #define BN_MP_SET_C
-   #define BN_MP_DIV_2_C
-   #define BN_MP_ISODD_C
-   #define BN_MP_SUB_C
-   #define BN_MP_CMP_C
-   #define BN_MP_ISZERO_C
-   #define BN_MP_CMP_D_C
-   #define BN_MP_ADD_C
-   #define BN_MP_EXCH_C
-   #define BN_MP_CLEAR_MULTI_C
-#endif
-
-#if defined(BN_FAST_MP_MONTGOMERY_REDUCE_C)
-   #define BN_MP_GROW_C
-   #define BN_MP_RSHD_C
-   #define BN_MP_CLAMP_C
-   #define BN_MP_CMP_MAG_C
-   #define BN_S_MP_SUB_C
-#endif
-
-#if defined(BN_FAST_S_MP_MUL_DIGS_C)
-   #define BN_MP_GROW_C
-   #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_FAST_S_MP_MUL_HIGH_DIGS_C)
-   #define BN_MP_GROW_C
-   #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_FAST_S_MP_SQR_C)
-   #define BN_MP_GROW_C
-   #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_2EXPT_C)
-   #define BN_MP_ZERO_C
-   #define BN_MP_GROW_C
-#endif
-
-#if defined(BN_MP_ABS_C)
-   #define BN_MP_COPY_C
-#endif
-
-#if defined(BN_MP_ADD_C)
-   #define BN_S_MP_ADD_C
-   #define BN_MP_CMP_MAG_C
-   #define BN_S_MP_SUB_C
-#endif
-
-#if defined(BN_MP_ADD_D_C)
-   #define BN_MP_GROW_C
-   #define BN_MP_SUB_D_C
-   #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_ADDMOD_C)
-   #define BN_MP_INIT_C
-   #define BN_MP_ADD_C
-   #define BN_MP_CLEAR_C
-   #define BN_MP_MOD_C
-#endif
-
-#if defined(BN_MP_AND_C)
-   #define BN_MP_INIT_COPY_C
-   #define BN_MP_CLAMP_C
-   #define BN_MP_EXCH_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_CLAMP_C)
-#endif
-
-#if defined(BN_MP_CLEAR_C)
-#endif
-
-#if defined(BN_MP_CLEAR_MULTI_C)
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_CMP_C)
-   #define BN_MP_CMP_MAG_C
-#endif
-
-#if defined(BN_MP_CMP_D_C)
-#endif
-
-#if defined(BN_MP_CMP_MAG_C)
-#endif
-
-#if defined(BN_MP_CNT_LSB_C)
-   #define BN_MP_ISZERO_C
-#endif
-
-#if defined(BN_MP_COPY_C)
-   #define BN_MP_GROW_C
-#endif
-
-#if defined(BN_MP_COUNT_BITS_C)
-#endif
-
-#if defined(BN_MP_DIV_C)
-   #define BN_MP_ISZERO_C
-   #define BN_MP_CMP_MAG_C
-   #define BN_MP_COPY_C
-   #define BN_MP_ZERO_C
-   #define BN_MP_INIT_MULTI_C
-   #define BN_MP_SET_C
-   #define BN_MP_COUNT_BITS_C
-   #define BN_MP_ABS_C
-   #define BN_MP_MUL_2D_C
-   #define BN_MP_CMP_C
-   #define BN_MP_SUB_C
-   #define BN_MP_ADD_C
-   #define BN_MP_DIV_2D_C
-   #define BN_MP_EXCH_C
-   #define BN_MP_CLEAR_MULTI_C
-   #define BN_MP_INIT_SIZE_C
-   #define BN_MP_INIT_C
-   #define BN_MP_INIT_COPY_C
-   #define BN_MP_LSHD_C
-   #define BN_MP_RSHD_C
-   #define BN_MP_MUL_D_C
-   #define BN_MP_CLAMP_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_DIV_2_C)
-   #define BN_MP_GROW_C
-   #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_DIV_2D_C)
-   #define BN_MP_COPY_C
-   #define BN_MP_ZERO_C
-   #define BN_MP_INIT_C
-   #define BN_MP_MOD_2D_C
-   #define BN_MP_CLEAR_C
-   #define BN_MP_RSHD_C
-   #define BN_MP_CLAMP_C
-   #define BN_MP_EXCH_C
-#endif
-
-#if defined(BN_MP_DIV_3_C)
-   #define BN_MP_INIT_SIZE_C
-   #define BN_MP_CLAMP_C
-   #define BN_MP_EXCH_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_DIV_D_C)
-   #define BN_MP_ISZERO_C
-   #define BN_MP_COPY_C
-   #define BN_MP_DIV_2D_C
-   #define BN_MP_DIV_3_C
-   #define BN_MP_INIT_SIZE_C
-   #define BN_MP_CLAMP_C
-   #define BN_MP_EXCH_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_DR_IS_MODULUS_C)
-#endif
-
-#if defined(BN_MP_DR_REDUCE_C)
-   #define BN_MP_GROW_C
-   #define BN_MP_CLAMP_C
-   #define BN_MP_CMP_MAG_C
-   #define BN_S_MP_SUB_C
-#endif
-
-#if defined(BN_MP_DR_SETUP_C)
-#endif
-
-#if defined(BN_MP_EXCH_C)
-#endif
-
-#if defined(BN_MP_EXPT_D_C)
-   #define BN_MP_INIT_COPY_C
-   #define BN_MP_SET_C
-   #define BN_MP_SQR_C
-   #define BN_MP_CLEAR_C
-   #define BN_MP_MUL_C
-#endif
-
-#if defined(BN_MP_EXPTMOD_C)
-   #define BN_MP_INIT_C
-   #define BN_MP_INVMOD_C
-   #define BN_MP_CLEAR_C
-   #define BN_MP_ABS_C
-   #define BN_MP_CLEAR_MULTI_C
-   #define BN_MP_REDUCE_IS_2K_L_C
-   #define BN_S_MP_EXPTMOD_C
-   #define BN_MP_DR_IS_MODULUS_C
-   #define BN_MP_REDUCE_IS_2K_C
-   #define BN_MP_ISODD_C
-   #define BN_MP_EXPTMOD_FAST_C
-#endif
-
-#if defined(BN_MP_EXPTMOD_FAST_C)
-   #define BN_MP_COUNT_BITS_C
-   #define BN_MP_INIT_C
-   #define BN_MP_CLEAR_C
-   #define BN_MP_MONTGOMERY_SETUP_C
-   #define BN_FAST_MP_MONTGOMERY_REDUCE_C
-   #define BN_MP_MONTGOMERY_REDUCE_C
-   #define BN_MP_DR_SETUP_C
-   #define BN_MP_DR_REDUCE_C
-   #define BN_MP_REDUCE_2K_SETUP_C
-   #define BN_MP_REDUCE_2K_C
-   #define BN_MP_MONTGOMERY_CALC_NORMALIZATION_C
-   #define BN_MP_MULMOD_C
-   #define BN_MP_SET_C
-   #define BN_MP_MOD_C
-   #define BN_MP_COPY_C
-   #define BN_MP_SQR_C
-   #define BN_MP_MUL_C
-   #define BN_MP_EXCH_C
-#endif
-
-#if defined(BN_MP_EXTEUCLID_C)
-   #define BN_MP_INIT_MULTI_C
-   #define BN_MP_SET_C
-   #define BN_MP_COPY_C
-   #define BN_MP_ISZERO_C
-   #define BN_MP_DIV_C
-   #define BN_MP_MUL_C
-   #define BN_MP_SUB_C
-   #define BN_MP_NEG_C
-   #define BN_MP_EXCH_C
-   #define BN_MP_CLEAR_MULTI_C
-#endif
-
-#if defined(BN_MP_FREAD_C)
-   #define BN_MP_ZERO_C
-   #define BN_MP_S_RMAP_C
-   #define BN_MP_MUL_D_C
-   #define BN_MP_ADD_D_C
-   #define BN_MP_CMP_D_C
-#endif
-
-#if defined(BN_MP_FWRITE_C)
-   #define BN_MP_RADIX_SIZE_C
-   #define BN_MP_TORADIX_C
-#endif
-
-#if defined(BN_MP_GCD_C)
-   #define BN_MP_ISZERO_C
-   #define BN_MP_ABS_C
-   #define BN_MP_ZERO_C
-   #define BN_MP_INIT_COPY_C
-   #define BN_MP_CNT_LSB_C
-   #define BN_MP_DIV_2D_C
-   #define BN_MP_CMP_MAG_C
-   #define BN_MP_EXCH_C
-   #define BN_S_MP_SUB_C
-   #define BN_MP_MUL_2D_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_GET_INT_C)
-#endif
-
-#if defined(BN_MP_GROW_C)
-#endif
-
-#if defined(BN_MP_INIT_C)
-#endif
-
-#if defined(BN_MP_INIT_COPY_C)
-   #define BN_MP_COPY_C
-#endif
-
-#if defined(BN_MP_INIT_MULTI_C)
-   #define BN_MP_ERR_C
-   #define BN_MP_INIT_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_INIT_SET_C)
-   #define BN_MP_INIT_C
-   #define BN_MP_SET_C
-#endif
-
-#if defined(BN_MP_INIT_SET_INT_C)
-   #define BN_MP_INIT_C
-   #define BN_MP_SET_INT_C
-#endif
-
-#if defined(BN_MP_INIT_SIZE_C)
-   #define BN_MP_INIT_C
-#endif
-
-#if defined(BN_MP_INVMOD_C)
-   #define BN_MP_ISZERO_C
-   #define BN_MP_ISODD_C
-   #define BN_FAST_MP_INVMOD_C
-   #define BN_MP_INVMOD_SLOW_C
-#endif
-
-#if defined(BN_MP_INVMOD_SLOW_C)
-   #define BN_MP_ISZERO_C
-   #define BN_MP_INIT_MULTI_C
-   #define BN_MP_MOD_C
-   #define BN_MP_COPY_C
-   #define BN_MP_ISEVEN_C
-   #define BN_MP_SET_C
-   #define BN_MP_DIV_2_C
-   #define BN_MP_ISODD_C
-   #define BN_MP_ADD_C
-   #define BN_MP_SUB_C
-   #define BN_MP_CMP_C
-   #define BN_MP_CMP_D_C
-   #define BN_MP_CMP_MAG_C
-   #define BN_MP_EXCH_C
-   #define BN_MP_CLEAR_MULTI_C
-#endif
-
-#if defined(BN_MP_IS_SQUARE_C)
-   #define BN_MP_MOD_D_C
-   #define BN_MP_INIT_SET_INT_C
-   #define BN_MP_MOD_C
-   #define BN_MP_GET_INT_C
-   #define BN_MP_SQRT_C
-   #define BN_MP_SQR_C
-   #define BN_MP_CMP_MAG_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_JACOBI_C)
-   #define BN_MP_CMP_D_C
-   #define BN_MP_ISZERO_C
-   #define BN_MP_INIT_COPY_C
-   #define BN_MP_CNT_LSB_C
-   #define BN_MP_DIV_2D_C
-   #define BN_MP_MOD_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_KARATSUBA_MUL_C)
-   #define BN_MP_MUL_C
-   #define BN_MP_INIT_SIZE_C
-   #define BN_MP_CLAMP_C
-   #define BN_MP_SUB_C
-   #define BN_MP_ADD_C
-   #define BN_MP_LSHD_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_KARATSUBA_SQR_C)
-   #define BN_MP_INIT_SIZE_C
-   #define BN_MP_CLAMP_C
-   #define BN_MP_SQR_C
-   #define BN_MP_SUB_C
-   #define BN_S_MP_ADD_C
-   #define BN_MP_LSHD_C
-   #define BN_MP_ADD_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_LCM_C)
-   #define BN_MP_INIT_MULTI_C
-   #define BN_MP_GCD_C
-   #define BN_MP_CMP_MAG_C
-   #define BN_MP_DIV_C
-   #define BN_MP_MUL_C
-   #define BN_MP_CLEAR_MULTI_C
-#endif
-
-#if defined(BN_MP_LSHD_C)
-   #define BN_MP_GROW_C
-   #define BN_MP_RSHD_C
-#endif
-
-#if defined(BN_MP_MOD_C)
-   #define BN_MP_INIT_C
-   #define BN_MP_DIV_C
-   #define BN_MP_CLEAR_C
-   #define BN_MP_ADD_C
-   #define BN_MP_EXCH_C
-#endif
-
-#if defined(BN_MP_MOD_2D_C)
-   #define BN_MP_ZERO_C
-   #define BN_MP_COPY_C
-   #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_MOD_D_C)
-   #define BN_MP_DIV_D_C
-#endif
-
-#if defined(BN_MP_MONTGOMERY_CALC_NORMALIZATION_C)
-   #define BN_MP_COUNT_BITS_C
-   #define BN_MP_2EXPT_C
-   #define BN_MP_SET_C
-   #define BN_MP_MUL_2_C
-   #define BN_MP_CMP_MAG_C
-   #define BN_S_MP_SUB_C
-#endif
-
-#if defined(BN_MP_MONTGOMERY_REDUCE_C)
-   #define BN_FAST_MP_MONTGOMERY_REDUCE_C
-   #define BN_MP_GROW_C
-   #define BN_MP_CLAMP_C
-   #define BN_MP_RSHD_C
-   #define BN_MP_CMP_MAG_C
-   #define BN_S_MP_SUB_C
-#endif
-
-#if defined(BN_MP_MONTGOMERY_SETUP_C)
-#endif
-
-#if defined(BN_MP_MUL_C)
-   #define BN_MP_TOOM_MUL_C
-   #define BN_MP_KARATSUBA_MUL_C
-   #define BN_FAST_S_MP_MUL_DIGS_C
-   #define BN_S_MP_MUL_C
-   #define BN_S_MP_MUL_DIGS_C
-#endif
-
-#if defined(BN_MP_MUL_2_C)
-   #define BN_MP_GROW_C
-#endif
-
-#if defined(BN_MP_MUL_2D_C)
-   #define BN_MP_COPY_C
-   #define BN_MP_GROW_C
-   #define BN_MP_LSHD_C
-   #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_MUL_D_C)
-   #define BN_MP_GROW_C
-   #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_MULMOD_C)
-   #define BN_MP_INIT_C
-   #define BN_MP_MUL_C
-   #define BN_MP_CLEAR_C
-   #define BN_MP_MOD_C
-#endif
-
-#if defined(BN_MP_N_ROOT_C)
-   #define BN_MP_INIT_C
-   #define BN_MP_SET_C
-   #define BN_MP_COPY_C
-   #define BN_MP_EXPT_D_C
-   #define BN_MP_MUL_C
-   #define BN_MP_SUB_C
-   #define BN_MP_MUL_D_C
-   #define BN_MP_DIV_C
-   #define BN_MP_CMP_C
-   #define BN_MP_SUB_D_C
-   #define BN_MP_EXCH_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_NEG_C)
-   #define BN_MP_COPY_C
-   #define BN_MP_ISZERO_C
-#endif
-
-#if defined(BN_MP_OR_C)
-   #define BN_MP_INIT_COPY_C
-   #define BN_MP_CLAMP_C
-   #define BN_MP_EXCH_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_PRIME_FERMAT_C)
-   #define BN_MP_CMP_D_C
-   #define BN_MP_INIT_C
-   #define BN_MP_EXPTMOD_C
-   #define BN_MP_CMP_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_PRIME_IS_DIVISIBLE_C)
-   #define BN_MP_MOD_D_C
-#endif
-
-#if defined(BN_MP_PRIME_IS_PRIME_C)
-   #define BN_MP_CMP_D_C
-   #define BN_MP_PRIME_IS_DIVISIBLE_C
-   #define BN_MP_INIT_C
-   #define BN_MP_SET_C
-   #define BN_MP_PRIME_MILLER_RABIN_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_PRIME_MILLER_RABIN_C)
-   #define BN_MP_CMP_D_C
-   #define BN_MP_INIT_COPY_C
-   #define BN_MP_SUB_D_C
-   #define BN_MP_CNT_LSB_C
-   #define BN_MP_DIV_2D_C
-   #define BN_MP_EXPTMOD_C
-   #define BN_MP_CMP_C
-   #define BN_MP_SQRMOD_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_PRIME_NEXT_PRIME_C)
-   #define BN_MP_CMP_D_C
-   #define BN_MP_SET_C
-   #define BN_MP_SUB_D_C
-   #define BN_MP_ISEVEN_C
-   #define BN_MP_MOD_D_C
-   #define BN_MP_INIT_C
-   #define BN_MP_ADD_D_C
-   #define BN_MP_PRIME_MILLER_RABIN_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_PRIME_RABIN_MILLER_TRIALS_C)
-#endif
-
-#if defined(BN_MP_PRIME_RANDOM_EX_C)
-   #define BN_MP_READ_UNSIGNED_BIN_C
-   #define BN_MP_PRIME_IS_PRIME_C
-   #define BN_MP_SUB_D_C
-   #define BN_MP_DIV_2_C
-   #define BN_MP_MUL_2_C
-   #define BN_MP_ADD_D_C
-#endif
-
-#if defined(BN_MP_RADIX_SIZE_C)
-   #define BN_MP_COUNT_BITS_C
-   #define BN_MP_INIT_COPY_C
-   #define BN_MP_ISZERO_C
-   #define BN_MP_DIV_D_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_RADIX_SMAP_C)
-   #define BN_MP_S_RMAP_C
-#endif
-
-#if defined(BN_MP_RAND_C)
-   #define BN_MP_ZERO_C
-   #define BN_MP_ADD_D_C
-   #define BN_MP_LSHD_C
-#endif
-
-#if defined(BN_MP_READ_RADIX_C)
-   #define BN_MP_ZERO_C
-   #define BN_MP_S_RMAP_C
-   #define BN_MP_RADIX_SMAP_C
-   #define BN_MP_MUL_D_C
-   #define BN_MP_ADD_D_C
-   #define BN_MP_ISZERO_C
-#endif
-
-#if defined(BN_MP_READ_SIGNED_BIN_C)
-   #define BN_MP_READ_UNSIGNED_BIN_C
-#endif
-
-#if defined(BN_MP_READ_UNSIGNED_BIN_C)
-   #define BN_MP_GROW_C
-   #define BN_MP_ZERO_C
-   #define BN_MP_MUL_2D_C
-   #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_REDUCE_C)
-   #define BN_MP_REDUCE_SETUP_C
-   #define BN_MP_INIT_COPY_C
-   #define BN_MP_RSHD_C
-   #define BN_MP_MUL_C
-   #define BN_S_MP_MUL_HIGH_DIGS_C
-   #define BN_FAST_S_MP_MUL_HIGH_DIGS_C
-   #define BN_MP_MOD_2D_C
-   #define BN_S_MP_MUL_DIGS_C
-   #define BN_MP_SUB_C
-   #define BN_MP_CMP_D_C
-   #define BN_MP_SET_C
-   #define BN_MP_LSHD_C
-   #define BN_MP_ADD_C
-   #define BN_MP_CMP_C
-   #define BN_S_MP_SUB_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_REDUCE_2K_C)
-   #define BN_MP_INIT_C
-   #define BN_MP_COUNT_BITS_C
-   #define BN_MP_DIV_2D_C
-   #define BN_MP_MUL_D_C
-   #define BN_S_MP_ADD_C
-   #define BN_MP_CMP_MAG_C
-   #define BN_S_MP_SUB_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_REDUCE_2K_L_C)
-   #define BN_MP_INIT_C
-   #define BN_MP_COUNT_BITS_C
-   #define BN_MP_DIV_2D_C
-   #define BN_MP_MUL_C
-   #define BN_S_MP_ADD_C
-   #define BN_MP_CMP_MAG_C
-   #define BN_S_MP_SUB_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_REDUCE_2K_SETUP_C)
-   #define BN_MP_INIT_C
-   #define BN_MP_COUNT_BITS_C
-   #define BN_MP_2EXPT_C
-   #define BN_MP_CLEAR_C
-   #define BN_S_MP_SUB_C
-#endif
-
-#if defined(BN_MP_REDUCE_2K_SETUP_L_C)
-   #define BN_MP_INIT_C
-   #define BN_MP_2EXPT_C
-   #define BN_MP_COUNT_BITS_C
-   #define BN_S_MP_SUB_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_REDUCE_IS_2K_C)
-   #define BN_MP_REDUCE_2K_C
-   #define BN_MP_COUNT_BITS_C
-#endif
-
-#if defined(BN_MP_REDUCE_IS_2K_L_C)
-#endif
-
-#if defined(BN_MP_REDUCE_SETUP_C)
-   #define BN_MP_2EXPT_C
-   #define BN_MP_DIV_C
-#endif
-
-#if defined(BN_MP_RSHD_C)
-   #define BN_MP_ZERO_C
-#endif
-
-#if defined(BN_MP_SET_C)
-   #define BN_MP_ZERO_C
-#endif
-
-#if defined(BN_MP_SET_INT_C)
-   #define BN_MP_ZERO_C
-   #define BN_MP_MUL_2D_C
-   #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_SHRINK_C)
-#endif
-
-#if defined(BN_MP_SIGNED_BIN_SIZE_C)
-   #define BN_MP_UNSIGNED_BIN_SIZE_C
-#endif
-
-#if defined(BN_MP_SQR_C)
-   #define BN_MP_TOOM_SQR_C
-   #define BN_MP_KARATSUBA_SQR_C
-   #define BN_FAST_S_MP_SQR_C
-   #define BN_S_MP_SQR_C
-#endif
-
-#if defined(BN_MP_SQRMOD_C)
-   #define BN_MP_INIT_C
-   #define BN_MP_SQR_C
-   #define BN_MP_CLEAR_C
-   #define BN_MP_MOD_C
-#endif
-
-#if defined(BN_MP_SQRT_C)
-   #define BN_MP_N_ROOT_C
-   #define BN_MP_ISZERO_C
-   #define BN_MP_ZERO_C
-   #define BN_MP_INIT_COPY_C
-   #define BN_MP_RSHD_C
-   #define BN_MP_DIV_C
-   #define BN_MP_ADD_C
-   #define BN_MP_DIV_2_C
-   #define BN_MP_CMP_MAG_C
-   #define BN_MP_EXCH_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_SUB_C)
-   #define BN_S_MP_ADD_C
-   #define BN_MP_CMP_MAG_C
-   #define BN_S_MP_SUB_C
-#endif
-
-#if defined(BN_MP_SUB_D_C)
-   #define BN_MP_GROW_C
-   #define BN_MP_ADD_D_C
-   #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_SUBMOD_C)
-   #define BN_MP_INIT_C
-   #define BN_MP_SUB_C
-   #define BN_MP_CLEAR_C
-   #define BN_MP_MOD_C
-#endif
-
-#if defined(BN_MP_TO_SIGNED_BIN_C)
-   #define BN_MP_TO_UNSIGNED_BIN_C
-#endif
-
-#if defined(BN_MP_TO_SIGNED_BIN_N_C)
-   #define BN_MP_SIGNED_BIN_SIZE_C
-   #define BN_MP_TO_SIGNED_BIN_C
-#endif
-
-#if defined(BN_MP_TO_UNSIGNED_BIN_C)
-   #define BN_MP_INIT_COPY_C
-   #define BN_MP_ISZERO_C
-   #define BN_MP_DIV_2D_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_TO_UNSIGNED_BIN_N_C)
-   #define BN_MP_UNSIGNED_BIN_SIZE_C
-   #define BN_MP_TO_UNSIGNED_BIN_C
-#endif
-
-#if defined(BN_MP_TOOM_MUL_C)
-   #define BN_MP_INIT_MULTI_C
-   #define BN_MP_MOD_2D_C
-   #define BN_MP_COPY_C
-   #define BN_MP_RSHD_C
-   #define BN_MP_MUL_C
-   #define BN_MP_MUL_2_C
-   #define BN_MP_ADD_C
-   #define BN_MP_SUB_C
-   #define BN_MP_DIV_2_C
-   #define BN_MP_MUL_2D_C
-   #define BN_MP_MUL_D_C
-   #define BN_MP_DIV_3_C
-   #define BN_MP_LSHD_C
-   #define BN_MP_CLEAR_MULTI_C
-#endif
-
-#if defined(BN_MP_TOOM_SQR_C)
-   #define BN_MP_INIT_MULTI_C
-   #define BN_MP_MOD_2D_C
-   #define BN_MP_COPY_C
-   #define BN_MP_RSHD_C
-   #define BN_MP_SQR_C
-   #define BN_MP_MUL_2_C
-   #define BN_MP_ADD_C
-   #define BN_MP_SUB_C
-   #define BN_MP_DIV_2_C
-   #define BN_MP_MUL_2D_C
-   #define BN_MP_MUL_D_C
-   #define BN_MP_DIV_3_C
-   #define BN_MP_LSHD_C
-   #define BN_MP_CLEAR_MULTI_C
-#endif
-
-#if defined(BN_MP_TORADIX_C)
-   #define BN_MP_ISZERO_C
-   #define BN_MP_INIT_COPY_C
-   #define BN_MP_DIV_D_C
-   #define BN_MP_CLEAR_C
-   #define BN_MP_S_RMAP_C
-#endif
-
-#if defined(BN_MP_TORADIX_N_C)
-   #define BN_MP_ISZERO_C
-   #define BN_MP_INIT_COPY_C
-   #define BN_MP_DIV_D_C
-   #define BN_MP_CLEAR_C
-   #define BN_MP_S_RMAP_C
-#endif
-
-#if defined(BN_MP_UNSIGNED_BIN_SIZE_C)
-   #define BN_MP_COUNT_BITS_C
-#endif
-
-#if defined(BN_MP_XOR_C)
-   #define BN_MP_INIT_COPY_C
-   #define BN_MP_CLAMP_C
-   #define BN_MP_EXCH_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_ZERO_C)
-#endif
-
-#if defined(BN_PRIME_TAB_C)
-#endif
-
-#if defined(BN_REVERSE_C)
-#endif
-
-#if defined(BN_S_MP_ADD_C)
-   #define BN_MP_GROW_C
-   #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_S_MP_EXPTMOD_C)
-   #define BN_MP_COUNT_BITS_C
-   #define BN_MP_INIT_C
-   #define BN_MP_CLEAR_C
-   #define BN_MP_REDUCE_SETUP_C
-   #define BN_MP_REDUCE_C
-   #define BN_MP_REDUCE_2K_SETUP_L_C
-   #define BN_MP_REDUCE_2K_L_C
-   #define BN_MP_MOD_C
-   #define BN_MP_COPY_C
-   #define BN_MP_SQR_C
-   #define BN_MP_MUL_C
-   #define BN_MP_SET_C
-   #define BN_MP_EXCH_C
-#endif
-
-#if defined(BN_S_MP_MUL_DIGS_C)
-   #define BN_FAST_S_MP_MUL_DIGS_C
-   #define BN_MP_INIT_SIZE_C
-   #define BN_MP_CLAMP_C
-   #define BN_MP_EXCH_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_S_MP_MUL_HIGH_DIGS_C)
-   #define BN_FAST_S_MP_MUL_HIGH_DIGS_C
-   #define BN_MP_INIT_SIZE_C
-   #define BN_MP_CLAMP_C
-   #define BN_MP_EXCH_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_S_MP_SQR_C)
-   #define BN_MP_INIT_SIZE_C
-   #define BN_MP_CLAMP_C
-   #define BN_MP_EXCH_C
-   #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_S_MP_SUB_C)
-   #define BN_MP_GROW_C
-   #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BNCORE_C)
-#endif
-
-#ifdef LTM3
-#define LTM_LAST
-#endif
-#include "mpi_superclass.h"
-#include "mpi_class.h"
-#else
-#define LTM_LAST
-#endif
-
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_superclass.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_superclass.h
deleted file mode 100644
index 049d9001..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_superclass.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/* mpi_superclass.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-
-
-/* super class file for PK algos */
-
-/* default ... include all MPI */
-#define LTM_ALL
-
-/* RSA only (does not support DH/DSA/ECC) */
-/* #define SC_RSA_1 */
-
-/* For reference.... On an Athlon64 optimizing for speed...
-
-   LTM's mpi.o with all functions [striped] is 142KiB in size.
-
-*/
-
-/* Works for RSA only, mpi.o is 68KiB */
-#ifdef SC_RSA_1
-   #define BN_MP_SHRINK_C
-   #define BN_MP_LCM_C
-   #define BN_MP_PRIME_RANDOM_EX_C
-   #define BN_MP_INVMOD_C
-   #define BN_MP_GCD_C
-   #define BN_MP_MOD_C
-   #define BN_MP_MULMOD_C
-   #define BN_MP_ADDMOD_C
-   #define BN_MP_EXPTMOD_C
-   #define BN_MP_SET_INT_C
-   #define BN_MP_INIT_MULTI_C
-   #define BN_MP_CLEAR_MULTI_C
-   #define BN_MP_UNSIGNED_BIN_SIZE_C
-   #define BN_MP_TO_UNSIGNED_BIN_C
-   #define BN_MP_MOD_D_C
-   #define BN_MP_PRIME_RABIN_MILLER_TRIALS_C
-   #define BN_REVERSE_C
-   #define BN_PRIME_TAB_C
-
-   /* other modifiers */
-   #define BN_MP_DIV_SMALL                    /* Slower division, not critical */
-
-   /* here we are on the last pass so we turn things off.  The functions classes are still there
-    * but we remove them specifically from the build.  This also invokes tweaks in functions
-    * like removing support for even moduli, etc...
-    */
-#ifdef LTM_LAST
-   #undef  BN_MP_TOOM_MUL_C
-   #undef  BN_MP_TOOM_SQR_C
-   #undef  BN_MP_KARATSUBA_MUL_C
-   #undef  BN_MP_KARATSUBA_SQR_C
-   #undef  BN_MP_REDUCE_C
-   #undef  BN_MP_REDUCE_SETUP_C
-   #undef  BN_MP_DR_IS_MODULUS_C
-   #undef  BN_MP_DR_SETUP_C
-   #undef  BN_MP_DR_REDUCE_C
-   #undef  BN_MP_REDUCE_IS_2K_C
-   #undef  BN_MP_REDUCE_2K_SETUP_C
-   #undef  BN_MP_REDUCE_2K_C
-   #undef  BN_S_MP_EXPTMOD_C
-   #undef  BN_MP_DIV_3_C
-   #undef  BN_S_MP_MUL_HIGH_DIGS_C
-   #undef  BN_FAST_S_MP_MUL_HIGH_DIGS_C
-   #undef  BN_FAST_MP_INVMOD_C
-
-   /* To safely undefine these you have to make sure your RSA key won't exceed the Comba threshold
-    * which is roughly 255 digits [7140 bits for 32-bit machines, 15300 bits for 64-bit machines]
-    * which means roughly speaking you can handle up to 2536-bit RSA keys with these defined without
-    * trouble.
-    */
-   #undef  BN_S_MP_MUL_DIGS_C
-   #undef  BN_S_MP_SQR_C
-   #undef  BN_MP_MONTGOMERY_REDUCE_C
-#endif
-
-#endif
-
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/pwdbased.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/pwdbased.h
deleted file mode 100644
index 132d8d2b..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/pwdbased.h
+++ /dev/null
@@ -1,63 +0,0 @@
-/* pwdbased.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/*!
-    \file wolfssl/wolfcrypt/pwdbased.h
-*/
-
-#ifndef WOLF_CRYPT_PWDBASED_H
-#define WOLF_CRYPT_PWDBASED_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_PWDBASED
-
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-/*
- * hashType renamed to typeH to avoid shadowing global declaration here:
- * wolfssl/wolfcrypt/asn.h line 173 in enum Oid_Types
- */
-WOLFSSL_API int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen,
-                      const byte* passwd, int passwdLen, 
-                      const byte* salt, int saltLen, int iterations, 
-                      int hashType, void* heap);
-WOLFSSL_API int wc_PBKDF1(byte* output, const byte* passwd, int pLen,
-                      const byte* salt, int sLen, int iterations, int kLen,
-                      int typeH);
-WOLFSSL_API int wc_PBKDF2(byte* output, const byte* passwd, int pLen,
-                      const byte* salt, int sLen, int iterations, int kLen,
-                      int typeH);
-WOLFSSL_API int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int pLen,
-                            const byte* salt, int sLen, int iterations,
-                            int kLen, int typeH, int purpose);
-WOLFSSL_API int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd,int passLen,
-                       const byte* salt, int saltLen, int iterations, int kLen,
-                       int hashType, int id, void* heap);
-
-#ifdef HAVE_SCRYPT
-WOLFSSL_API int wc_scrypt(byte* output, const byte* passwd, int passLen,
-                          const byte* salt, int saltLen, int cost,
-                          int blockSize, int parallel, int dkLen);
-#endif
-
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* NO_PWDBASED */
-#endif /* WOLF_CRYPT_PWDBASED_H */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h
deleted file mode 100644
index 36153272..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h
+++ /dev/null
@@ -1,218 +0,0 @@
-/* random.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/*!
-    \file wolfssl/wolfcrypt/random.h
-*/
-
-
-
-#ifndef WOLF_CRYPT_RANDOM_H
-#define WOLF_CRYPT_RANDOM_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#if defined(HAVE_FIPS) && \
-    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
-    #include <wolfssl/wolfcrypt/fips.h>
-#endif /* HAVE_FIPS_VERSION >= 2 */
-
-/* included for fips @wc_fips */
-#if defined(HAVE_FIPS) && \
-        (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
-#include <cyassl/ctaocrypt/random.h>
-#endif
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
- /* Maximum generate block length */
-#ifndef RNG_MAX_BLOCK_LEN
-    #ifdef HAVE_INTEL_QA
-        #define RNG_MAX_BLOCK_LEN (0xFFFF)
-    #else
-        #define RNG_MAX_BLOCK_LEN (0x10000)
-    #endif
-#endif
-
-/* Size of the BRBG seed */
-#ifndef DRBG_SEED_LEN
-    #define DRBG_SEED_LEN (440/8)
-#endif
-
-
-#if !defined(CUSTOM_RAND_TYPE)
-    /* To maintain compatibility the default is byte */
-    #define CUSTOM_RAND_TYPE    byte
-#endif
-
-/* make sure Hash DRBG is enabled, unless WC_NO_HASHDRBG is defined
-    or CUSTOM_RAND_GENERATE_BLOCK is defined */
-#if !defined(WC_NO_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
-    #undef  HAVE_HASHDRBG
-    #define HAVE_HASHDRBG
-    #ifndef WC_RESEED_INTERVAL
-        #define WC_RESEED_INTERVAL (1000000)
-    #endif
-#endif
-
-
-/* avoid redefinition of structs */
-#if !defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
-
-/* RNG supports the following sources (in order):
- * 1. CUSTOM_RAND_GENERATE_BLOCK: Defines name of function as RNG source and
- *     bypasses the options below.
- * 2. HAVE_INTEL_RDRAND: Uses the Intel RDRAND if supported by CPU.
- * 3. HAVE_HASHDRBG (requires SHA256 enabled): Uses SHA256 based P-RNG
- *     seeded via wc_GenerateSeed. This is the default source.
- */
-
- /* Seed source can be overriden by defining one of these:
-      CUSTOM_RAND_GENERATE_SEED
-      CUSTOM_RAND_GENERATE_SEED_OS
-      CUSTOM_RAND_GENERATE */
-
-
-#if defined(CUSTOM_RAND_GENERATE_BLOCK)
-    /* To use define the following:
-     * #define CUSTOM_RAND_GENERATE_BLOCK myRngFunc
-     * extern int myRngFunc(byte* output, word32 sz);
-     */
-#elif defined(HAVE_HASHDRBG)
-    #ifdef NO_SHA256
-        #error "Hash DRBG requires SHA-256."
-    #endif /* NO_SHA256 */
-    #include <wolfssl/wolfcrypt/sha256.h>
-#elif defined(HAVE_WNR)
-     /* allow whitewood as direct RNG source using wc_GenerateSeed directly */
-#elif defined(HAVE_INTEL_RDRAND)
-    /* Intel RDRAND or RDSEED */
-#elif !defined(WC_NO_RNG)
-    #error No RNG source defined!
-#endif
-
-#ifdef HAVE_WNR
-    #include <wnr.h>
-#endif
-
-#ifdef WOLFSSL_ASYNC_CRYPT
-    #include <wolfssl/wolfcrypt/async.h>
-#endif
-
-
-#if defined(USE_WINDOWS_API)
-    #if defined(_WIN64)
-        typedef unsigned __int64 ProviderHandle;
-        /* type HCRYPTPROV, avoid #include <windows.h> */
-    #else
-        typedef unsigned long ProviderHandle;
-    #endif
-#endif
-
-
-/* OS specific seeder */
-typedef struct OS_Seed {
-    #if defined(USE_WINDOWS_API)
-        ProviderHandle handle;
-    #else
-        int fd;
-    #endif
-} OS_Seed;
-
-
-#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */
-    typedef struct WC_RNG WC_RNG;
-    #define WC_RNG_TYPE_DEFINED
-#endif
-
-/* RNG context */
-struct WC_RNG {
-    OS_Seed seed;
-    void* heap;
-#ifdef HAVE_HASHDRBG
-    /* Hash-based Deterministic Random Bit Generator */
-    struct DRBG* drbg;
-    byte status;
-#endif
-#ifdef WOLFSSL_ASYNC_CRYPT
-    WC_ASYNC_DEV asyncDev;
-    int devId;
-#endif
-};
-
-#endif /* NO FIPS or have FIPS v2*/
-
-/* NO_OLD_RNGNAME removes RNG struct name to prevent possible type conflicts,
- * can't be used with CTaoCrypt FIPS */
-#if !defined(NO_OLD_RNGNAME) && !defined(HAVE_FIPS)
-    #define RNG WC_RNG
-#endif
-
-
-WOLFSSL_LOCAL
-int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
-
-
-#ifdef HAVE_WNR
-    /* Whitewood netRandom client library */
-    WOLFSSL_API int  wc_InitNetRandom(const char*, wnr_hmac_key, int);
-    WOLFSSL_API int  wc_FreeNetRandom(void);
-#endif /* HAVE_WNR */
-
-#ifndef WC_NO_RNG
-WOLFSSL_API int  wc_InitRng(WC_RNG*);
-WOLFSSL_API int  wc_InitRng_ex(WC_RNG* rng, void* heap, int devId);
-WOLFSSL_API int  wc_InitRngNonce(WC_RNG* rng, byte* nonce, word32 nonceSz);
-WOLFSSL_API int  wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce, word32 nonceSz,
-                                    void* heap, int devId);
-WOLFSSL_API int  wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz);
-WOLFSSL_API int  wc_RNG_GenerateByte(WC_RNG*, byte*);
-WOLFSSL_API int  wc_FreeRng(WC_RNG*);
-#else
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#define wc_InitRng(rng) NOT_COMPILED_IN
-#define wc_InitRng_ex(rng, h, d) NOT_COMPILED_IN
-#define wc_InitRngNonce(rng, n, s) NOT_COMPILED_IN
-#define wc_InitRngNonce_ex(rng, n, s, h, d) NOT_COMPILED_IN
-#define wc_RNG_GenerateBlock(rng, b, s) NOT_COMPILED_IN
-#define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN
-#define wc_FreeRng(rng) (void)NOT_COMPILED_IN
-#endif
-
-
-
-#ifdef HAVE_HASHDRBG
-    WOLFSSL_LOCAL int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* entropy,
-                                        word32 entropySz);
-    WOLFSSL_API int wc_RNG_TestSeed(const byte* seed, word32 seedSz);
-    WOLFSSL_API int wc_RNG_HealthTest(int reseed,
-                                        const byte* entropyA, word32 entropyASz,
-                                        const byte* entropyB, word32 entropyBSz,
-                                        byte* output, word32 outputSz);
-    WOLFSSL_API int wc_RNG_HealthTest_ex(int reseed,
-                                        const byte* nonce, word32 nonceSz,
-                                        const byte* entropyA, word32 entropyASz,
-                                        const byte* entropyB, word32 entropyBSz,
-                                        byte* output, word32 outputSz,
-                                        void* heap, int devId);
-#endif /* HAVE_HASHDRBG */
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* WOLF_CRYPT_RANDOM_H */
-
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h
deleted file mode 100644
index e8a0085f..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h
+++ /dev/null
@@ -1,1857 +0,0 @@
-/* settings.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-
-/* Place OS specific preprocessor flags, defines, includes here, will be
-   included into every file because types.h includes it */
-
-
-#ifndef WOLF_CRYPT_SETTINGS_H
-#define WOLF_CRYPT_SETTINGS_H
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-/* Uncomment next line if using IPHONE */
-/* #define IPHONE */
-
-/* Uncomment next line if using ThreadX */
-/* #define THREADX */
-
-/* Uncomment next line if using Micrium uC/OS-III */
-/* #define MICRIUM */
-
-/* Uncomment next line if using Mbed */
-/* #define MBED */
-
-/* Uncomment next line if using Microchip PIC32 ethernet starter kit */
-/* #define MICROCHIP_PIC32 */
-
-/* Uncomment next line if using Microchip TCP/IP stack, version 5 */
-/* #define MICROCHIP_TCPIP_V5 */
-
-/* Uncomment next line if using Microchip TCP/IP stack, version 6 or later */
-/* #define MICROCHIP_TCPIP */
-
-/* Uncomment next line if using PIC32MZ Crypto Engine */
-/* #define WOLFSSL_MICROCHIP_PIC32MZ */
-
-/* Uncomment next line if using FreeRTOS */
-/* #define FREERTOS */
-
-/* Uncomment next line if using FreeRTOS+ TCP */
-/* #define FREERTOS_TCP */
-
-/* Uncomment next line if using FreeRTOS Windows Simulator */
-/* #define FREERTOS_WINSIM */
-
-/* Uncomment next line if using RTIP */
-/* #define EBSNET */
-
-/* Uncomment next line if using lwip */
-/* #define WOLFSSL_LWIP */
-
-/* Uncomment next line if building wolfSSL for a game console */
-/* #define WOLFSSL_GAME_BUILD */
-
-/* Uncomment next line if building wolfSSL for LSR */
-/* #define WOLFSSL_LSR */
-
-/* Uncomment next line if building for Freescale Classic MQX version 4.0 */
-/* #define FREESCALE_MQX_4_0 */
-
-/* Uncomment next line if building for Freescale Classic MQX/RTCS/MFS */
-/* #define FREESCALE_MQX */
-
-/* Uncomment next line if building for Freescale KSDK MQX/RTCS/MFS */
-/* #define FREESCALE_KSDK_MQX */
-
-/* Uncomment next line if building for Freescale KSDK Bare Metal */
-/* #define FREESCALE_KSDK_BM */
-
-/* Uncomment next line if building for Freescale KSDK FreeRTOS, */
-/* (old name FREESCALE_FREE_RTOS) */
-/* #define FREESCALE_KSDK_FREERTOS */
-
-/* Uncomment next line if using STM32F2 */
-/* #define WOLFSSL_STM32F2 */
-
-/* Uncomment next line if using STM32F4 */
-/* #define WOLFSSL_STM32F4 */
-
-/* Uncomment next line if using STM32FL */
-/* #define WOLFSSL_STM32FL */
-
-/* Uncomment next line if using STM32F7 */
-/* #define WOLFSSL_STM32F7 */
-
-/* Uncomment next line if using QL SEP settings */
-/* #define WOLFSSL_QL */
-
-/* Uncomment next line if building for EROAD */
-/* #define WOLFSSL_EROAD */
-
-/* Uncomment next line if building for IAR EWARM */
-/* #define WOLFSSL_IAR_ARM */
-
-/* Uncomment next line if building for Rowley CrossWorks ARM */
-/* #define WOLFSSL_ROWLEY_ARM */
-
-/* Uncomment next line if using TI-RTOS settings */
-/* #define WOLFSSL_TIRTOS */
-
-/* Uncomment next line if building with PicoTCP */
-/* #define WOLFSSL_PICOTCP */
-
-/* Uncomment next line if building for PicoTCP demo bundle */
-/* #define WOLFSSL_PICOTCP_DEMO */
-
-/* Uncomment next line if building for uITRON4  */
-/* #define WOLFSSL_uITRON4 */
-
-/* Uncomment next line if building for uT-Kernel */
-/* #define WOLFSSL_uTKERNEL2 */
-
-/* Uncomment next line if using Max Strength build */
-/* #define WOLFSSL_MAX_STRENGTH */
-
-/* Uncomment next line if building for VxWorks */
-/* #define WOLFSSL_VXWORKS */
-
-/* Uncomment next line if building for Nordic nRF5x platofrm */
-/* #define WOLFSSL_NRF5x */
-
-/* Uncomment next line to enable deprecated less secure static DH suites */
-/* #define WOLFSSL_STATIC_DH */
-
-/* Uncomment next line to enable deprecated less secure static RSA suites */
-/* #define WOLFSSL_STATIC_RSA */
-
-/* Uncomment next line if building for ARDUINO */
-/* Uncomment both lines if building for ARDUINO on INTEL_GALILEO */
-/* #define WOLFSSL_ARDUINO */
-/* #define INTEL_GALILEO */
-
-/* Uncomment next line to enable asynchronous crypto WC_PENDING_E */
-/* #define WOLFSSL_ASYNC_CRYPT */
-
-/* Uncomment next line if building for uTasker */
-/* #define WOLFSSL_UTASKER */
-
-/* Uncomment next line if building for embOS */
-/* #define WOLFSSL_EMBOS */
-
-/* Uncomment next line if building for RIOT-OS */
-/* #define WOLFSSL_RIOT_OS */
-
-/* Uncomment next line if building for using XILINX hardened crypto */
-/* #define WOLFSSL_XILINX_CRYPT */
-
-/* Uncomment next line if building for using XILINX */
-/* #define WOLFSSL_XILINX */
-
-/* Uncomment next line if building for Nucleus 1.2 */
-/* #define WOLFSSL_NUCLEUS_1_2 */
-
-/* Uncomment next line if building for using Apache mynewt */
-/* #define WOLFSSL_APACHE_MYNEWT */
-
-/* Uncomment next line if building for using ESP-IDF */
-/* #define WOLFSSL_ESPIDF */
-
-/* Uncomment next line if using Espressif ESP32-WROOM-32 */
-/* #define WOLFSSL_ESPWROOM32 */
-
-#include <wolfssl/wolfcrypt/visibility.h>
-
-#ifdef WOLFSSL_USER_SETTINGS
-    #include "user_settings.h"
-#endif
-
-
-/* make sure old RNG name is used with CTaoCrypt FIPS */
-#ifdef HAVE_FIPS
-    #define WC_RNG RNG
-    /* blinding adds API not available yet in FIPS mode */
-    #undef WC_RSA_BLINDING
-#endif
-
-
-#if defined(_WIN32) && !defined(_M_X64) && \
-    defined(HAVE_AESGCM) && defined(WOLFSSL_AESNI)
-
-/* The _M_X64 macro is what's used in the headers for MSC to tell if it
- * has the 64-bit versions of the 128-bit integers available. If one is
- * building on 32-bit Windows with AES-NI, turn off the AES-GCMloop
- * unrolling. */
-
-    #define AES_GCM_AESNI_NO_UNROLL
-#endif
-
-#ifdef IPHONE
-    #define SIZEOF_LONG_LONG 8
-#endif
-
-#ifdef THREADX
-    #define SIZEOF_LONG_LONG 8
-#endif
-
-#ifdef HAVE_NETX
-    #ifdef NEED_THREADX_TYPES
-        #include <types.h>
-    #endif
-    #include <nx_api.h>
-#endif
-
-#if defined(WOLFSSL_ESPIDF)
-    #define FREERTOS
-    #define WOLFSSL_LWIP
-    #define NO_WRITEV
-    #define SIZEOF_LONG_LONG 8
-    #define NO_WOLFSSL_DIR
-    #define WOLFSSL_NO_CURRDIR
-
-    #define TFM_TIMING_RESISTANT
-    #define ECC_TIMING_RESISTANT
-    #define WC_RSA_BLINDING
-#if !defined(WOLFSSL_USER_SETTINGS)
-    #define HAVE_ECC
-#endif /* !WOLFSSL_USER_SETTINGS */
-#endif /* WOLFSSL_ESPIDF */
-
-#if defined(HAVE_LWIP_NATIVE) /* using LwIP native TCP socket */
-    #define WOLFSSL_LWIP
-    #define NO_WRITEV
-    #define SINGLE_THREADED
-    #define WOLFSSL_USER_IO
-    #define NO_FILESYSTEM
-#endif
-
-#if defined(WOLFSSL_CONTIKI)
-    #include <contiki.h>
-    #define WOLFSSL_UIP
-    #define NO_WOLFSSL_MEMORY
-    #define NO_WRITEV
-    #define SINGLE_THREADED
-    #define WOLFSSL_USER_IO
-    #define NO_FILESYSTEM
-    #define CUSTOM_RAND_TYPE uint16_t
-    #define CUSTOM_RAND_GENERATE random_rand
-    static inline unsigned int LowResTimer(void)
-    {
-        return clock_seconds();
-    }
-#endif
-
-#if defined(WOLFSSL_IAR_ARM) || defined(WOLFSSL_ROWLEY_ARM)
-    #define NO_MAIN_DRIVER
-    #define SINGLE_THREADED
-    #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_4096)
-        #define USE_CERT_BUFFERS_1024
-    #endif
-    #define BENCH_EMBEDDED
-    #define NO_FILESYSTEM
-    #define NO_WRITEV
-    #define WOLFSSL_USER_IO
-    #define BENCH_EMBEDDED
-#endif
-
-#ifdef MICROCHIP_PIC32
-    /* #define WOLFSSL_MICROCHIP_PIC32MZ */
-    #define SIZEOF_LONG_LONG 8
-    #define SINGLE_THREADED
-    #define WOLFSSL_USER_IO
-    #define NO_WRITEV
-    #define NO_DEV_RANDOM
-    #define NO_FILESYSTEM
-    #define USE_FAST_MATH
-    #define TFM_TIMING_RESISTANT
-    #define WOLFSSL_HAVE_MIN
-    #define WOLFSSL_HAVE_MAX
-    #define NO_BIG_INT
-#endif
-
-#ifdef WOLFSSL_MICROCHIP_PIC32MZ
-    #ifndef NO_PIC32MZ_CRYPT
-        #define WOLFSSL_PIC32MZ_CRYPT
-    #endif
-    #ifndef NO_PIC32MZ_RNG
-        #define WOLFSSL_PIC32MZ_RNG
-    #endif
-    #ifndef NO_PIC32MZ_HASH
-        #define WOLFSSL_PIC32MZ_HASH
-    #endif
-#endif
-
-#ifdef MICROCHIP_TCPIP_V5
-    /* include timer functions */
-    #include "TCPIP Stack/TCPIP.h"
-#endif
-
-#ifdef MICROCHIP_TCPIP
-    /* include timer, NTP functions */
-    #ifdef MICROCHIP_MPLAB_HARMONY
-        #include "tcpip/tcpip.h"
-    #else
-        #include "system/system_services.h"
-        #include "tcpip/sntp.h"
-    #endif
-#endif
-
-#ifdef MBED
-    #define WOLFSSL_USER_IO
-    #define NO_FILESYSTEM
-    #define NO_CERT
-    #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_4096)
-        #define USE_CERT_BUFFERS_1024
-    #endif
-    #define NO_WRITEV
-    #define NO_DEV_RANDOM
-    #define NO_SHA512
-    #define NO_DH
-    /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
-    /* WOLFSSL_DH_CONST */
-    #define NO_DSA
-    #define NO_HC128
-    #define HAVE_ECC
-    #define NO_SESSION_CACHE
-    #define WOLFSSL_CMSIS_RTOS
-#endif
-
-
-#ifdef WOLFSSL_EROAD
-    #define FREESCALE_MQX
-    #define FREESCALE_MMCAU
-    #define SINGLE_THREADED
-    #define NO_STDIO_FILESYSTEM
-    #define WOLFSSL_LEANPSK
-    #define HAVE_NULL_CIPHER
-    #define NO_OLD_TLS
-    #define NO_ASN
-    #define NO_BIG_INT
-    #define NO_RSA
-    #define NO_DSA
-    #define NO_DH
-    /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
-    /* WOLFSSL_DH_CONST */
-    #define NO_CERTS
-    #define NO_PWDBASED
-    #define NO_DES3
-    #define NO_MD4
-    #define NO_RC4
-    #define NO_MD5
-    #define NO_SESSION_CACHE
-    #define NO_MAIN_DRIVER
-#endif
-
-#ifdef WOLFSSL_PICOTCP
-    #ifndef errno
-        #define errno pico_err
-    #endif
-    #include "pico_defines.h"
-    #include "pico_stack.h"
-    #include "pico_constants.h"
-    #include "pico_protocol.h"
-    #define CUSTOM_RAND_GENERATE pico_rand
-#endif
-
-#ifdef WOLFSSL_PICOTCP_DEMO
-    #define WOLFSSL_STM32
-    #define USE_FAST_MATH
-    #define TFM_TIMING_RESISTANT
-    #define XMALLOC(s, h, type)  PICO_ZALLOC((s))
-    #define XFREE(p, h, type)    PICO_FREE((p))
-    #define SINGLE_THREADED
-    #define NO_WRITEV
-    #define WOLFSSL_USER_IO
-    #define NO_DEV_RANDOM
-    #define NO_FILESYSTEM
-#endif
-
-#ifdef FREERTOS_WINSIM
-    #define FREERTOS
-    #define USE_WINDOWS_API
-#endif
-
-
-#ifdef WOLFSSL_VXWORKS
-    /* VxWorks simulator incorrectly detects building for i386 */
-    #ifdef VXWORKS_SIM
-        #define TFM_NO_ASM
-    #endif
-    /* For VxWorks pthreads wrappers for mutexes uncomment the next line. */
-    /* #define WOLFSSL_PTHREADS */
-    #define WOLFSSL_HAVE_MIN
-    #define WOLFSSL_HAVE_MAX
-    #define USE_FAST_MATH
-    #define TFM_TIMING_RESISTANT
-    #define NO_MAIN_DRIVER
-    #define NO_DEV_RANDOM
-    #define NO_WRITEV
-#endif
-
-
-#ifdef WOLFSSL_ARDUINO
-    #define NO_WRITEV
-    #define NO_WOLFSSL_DIR
-    #define SINGLE_THREADED
-    #define NO_DEV_RANDOM
-    #ifndef INTEL_GALILEO /* Galileo has time.h compatibility */
-        #define TIME_OVERRIDES /* must define XTIME and XGMTIME externally */
-    #endif
-    #define WOLFSSL_USER_IO
-    #define HAVE_ECC
-    #define NO_DH
-    #define NO_SESSION_CACHE
-    #define USE_SLOW_SHA
-    #define NO_WOLFSSL_SERVER
-    #define NO_ERROR_STRINGS
-#endif
-
-
-#ifdef WOLFSSL_UTASKER
-    /* uTasker configuration - used for fnRandom() */
-    #include "config.h"
-
-    #define SINGLE_THREADED
-    #define NO_WOLFSSL_DIR
-    #define WOLFSSL_HAVE_MIN
-    #define NO_WRITEV
-
-    #define HAVE_ECC
-    #define ALT_ECC_SIZE
-    #define USE_FAST_MATH
-    #define TFM_TIMING_RESISTANT
-    #define ECC_TIMING_RESISTANT
-
-    /* used in wolfCrypt test */
-    #define NO_MAIN_DRIVER
-    #define USE_CERT_BUFFERS_2048
-
-    /* uTasker port uses RAW sockets, use I/O callbacks
-     * See wolfSSL uTasker example for sample callbacks */
-    #define WOLFSSL_USER_IO
-
-    /* uTasker filesystem not ported  */
-    #define NO_FILESYSTEM
-
-    /* uTasker RNG is abstracted, calls HW RNG when available */
-    #define CUSTOM_RAND_GENERATE    fnRandom
-    #define CUSTOM_RAND_TYPE        unsigned short
-
-    /* user needs to define XTIME to function that provides
-     * seconds since Unix epoch */
-    #ifndef XTIME
-        #error XTIME must be defined in wolfSSL settings.h
-        /* #define XTIME fnSecondsSinceEpoch */
-    #endif
-
-    /* use uTasker std library replacements where available */
-    #define STRING_USER
-    #define XMEMCPY(d,s,l)         uMemcpy((d),(s),(l))
-    #define XMEMSET(b,c,l)         uMemset((b),(c),(l))
-    #define XMEMCMP(s1,s2,n)       uMemcmp((s1),(s2),(n))
-    #define XMEMMOVE(d,s,l)        memmove((d),(s),(l))
-
-    #define XSTRLEN(s1)            uStrlen((s1))
-    #define XSTRNCPY(s1,s2,n)      strncpy((s1),(s2),(n))
-    #define XSTRSTR(s1,s2)         strstr((s1),(s2))
-    #define XSTRNSTR(s1,s2,n)      mystrnstr((s1),(s2),(n))
-    #define XSTRNCMP(s1,s2,n)      strncmp((s1),(s2),(n))
-    #define XSTRNCAT(s1,s2,n)      strncat((s1),(s2),(n))
-    #define XSTRNCASECMP(s1,s2,n)  _strnicmp((s1),(s2),(n))
-    #if defined(WOLFSSL_CERT_EXT) || defined(HAVE_ALPN)
-        #define XSTRTOK            strtok_r
-    #endif
-#endif
-
-#ifdef WOLFSSL_EMBOS
-    #define NO_FILESYSTEM           /* Not ported at this time */
-    #define USE_CERT_BUFFERS_2048   /* use when NO_FILESYSTEM */
-    #define NO_MAIN_DRIVER
-    #define NO_RC4
-    #define SINGLE_THREADED         /* Not ported at this time */
-#endif
-
-#ifdef WOLFSSL_RIOT_OS
-    #define NO_WRITEV
-    #define TFM_NO_ASM
-    #define USE_FAST_MATH
-    #define NO_FILESYSTEM
-    #define USE_CERT_BUFFERS_2048
-#endif
-
-#ifdef WOLFSSL_CHIBIOS
-    /* ChibiOS definitions. This file is distributed with chibiOS. */
-    #include "wolfssl_chibios.h"
-#endif
-
-#ifdef WOLFSSL_PB
-    /* PB is using older 1.2 version of Nucleus */
-    #undef WOLFSSL_NUCLEUS
-    #define WOLFSSL_NUCLEUS_1_2
-#endif
-
-#ifdef WOLFSSL_NUCLEUS_1_2
-    #define NO_WRITEV
-    #define NO_WOLFSSL_DIR
-
-    #if !defined(NO_ASN_TIME) && !defined(USER_TIME)
-        #error User must define XTIME, see manual
-    #endif
-
-    #if !defined(XMALLOC_OVERRIDE) && !defined(XMALLOC_USER)
-        extern void* nucleus_malloc(unsigned long size, void* heap, int type);
-        extern void* nucleus_realloc(void* ptr, unsigned long size, void* heap,
-                                     int type);
-        extern void  nucleus_free(void* ptr, void* heap, int type);
-
-        #define XMALLOC(s, h, type)  nucleus_malloc((s), (h), (type))
-        #define XREALLOC(p, n, h, t) nucleus_realloc((p), (n), (h), (t))
-        #define XFREE(p, h, type)    nucleus_free((p), (h), (type))
-    #endif
-#endif
-
-#ifdef WOLFSSL_NRF5x
-        #define SIZEOF_LONG 4
-        #define SIZEOF_LONG_LONG 8
-        #define NO_ASN_TIME
-        #define NO_DEV_RANDOM
-        #define NO_FILESYSTEM
-        #define NO_MAIN_DRIVER
-        #define NO_WRITEV
-        #define SINGLE_THREADED
-        #define USE_FAST_MATH
-        #define TFM_TIMING_RESISTANT
-        #define USE_WOLFSSL_MEMORY
-        #define WOLFSSL_NRF51
-        #define WOLFSSL_USER_IO
-        #define NO_SESSION_CACHE
-#endif
-
-/* Micrium will use Visual Studio for compilation but not the Win32 API */
-#if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \
-    !defined(FREERTOS_TCP) && !defined(EBSNET) && !defined(WOLFSSL_EROAD) && \
-    !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS)
-    #define USE_WINDOWS_API
-#endif
-
-#if defined(WOLFSSL_uITRON4)
-
-#define XMALLOC_USER
-#include <stddef.h>
-#define ITRON_POOL_SIZE 1024*20
-extern int uITRON4_minit(size_t poolsz) ;
-extern void *uITRON4_malloc(size_t sz) ;
-extern void *uITRON4_realloc(void *p, size_t sz) ;
-extern void uITRON4_free(void *p) ;
-
-#define XMALLOC(sz, heap, type)     uITRON4_malloc(sz)
-#define XREALLOC(p, sz, heap, type) uITRON4_realloc(p, sz)
-#define XFREE(p, heap, type)        uITRON4_free(p)
-#endif
-
-#if defined(WOLFSSL_uTKERNEL2)
-  #ifndef NO_TKERNEL_MEM_POOL
-    #define XMALLOC_OVERRIDE
-    int   uTKernel_init_mpool(unsigned int sz); /* initializing malloc pool */
-    void* uTKernel_malloc(unsigned int sz);
-    void* uTKernel_realloc(void *p, unsigned int sz);
-    void  uTKernel_free(void *p);
-    #define XMALLOC(s, h, type)  uTKernel_malloc((s))
-    #define XREALLOC(p, n, h, t) uTKernel_realloc((p), (n))
-    #define XFREE(p, h, type)    uTKernel_free((p))
-  #endif
-
-  #ifndef NO_STDIO_FGETS_REMAP
-    #include <stdio.h>
-    #include "tm/tmonitor.h"
-
-    /* static char* gets(char *buff); */
-    static char* fgets(char *buff, int sz, XFILE fp) {
-        char * p = buff;
-        *p = '\0';
-        while (1) {
-            *p = tm_getchar(-1);
-            tm_putchar(*p);
-            if (*p == '\r') {
-                tm_putchar('\n');
-                *p = '\0';
-                break;
-            }
-            p++;
-        }
-        return buff;
-    }
-  #endif /* !NO_STDIO_FGETS_REMAP */
-#endif
-
-
-#if defined(WOLFSSL_LEANPSK) && !defined(XMALLOC_USER)
-    #include <stdlib.h>
-    #define XMALLOC(s, h, type)  malloc((s))
-    #define XFREE(p, h, type)    free((p))
-    #define XREALLOC(p, n, h, t) realloc((p), (n))
-#endif
-
-#if defined(XMALLOC_USER) && defined(SSN_BUILDING_LIBYASSL)
-    #undef  XMALLOC
-    #define XMALLOC     yaXMALLOC
-    #undef  XFREE
-    #define XFREE       yaXFREE
-    #undef  XREALLOC
-    #define XREALLOC    yaXREALLOC
-#endif
-
-
-#ifdef FREERTOS
-    #include "FreeRTOS.h"
-
-    /* FreeRTOS pvPortRealloc() only in AVR32_UC3 port */
-    #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \
-        !defined(WOLFSSL_STATIC_MEMORY)
-        #define XMALLOC(s, h, type)  pvPortMalloc((s))
-        #define XFREE(p, h, type)    vPortFree((p))
-    #endif
-    #if defined(HAVE_ED25519) || defined(WOLFSSL_ESPIDF)
-        #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n))
-    #endif
-    #ifndef NO_WRITEV
-        #define NO_WRITEV
-    #endif
-    #ifndef HAVE_SHA512
-        #ifndef NO_SHA512
-            #define NO_SHA512
-        #endif
-    #endif
-    #ifndef HAVE_DH
-        #ifndef NO_DH
-            #define NO_DH
-        #endif
-    #endif
-    #ifndef NO_DSA
-        #define NO_DSA
-    #endif
-    #ifndef NO_HC128
-        #define NO_HC128
-    #endif
-
-    #ifndef SINGLE_THREADED
-        #include "semphr.h"
-    #endif
-#endif
-
-#ifdef FREERTOS_TCP
-    #if !defined(NO_WOLFSSL_MEMORY) && !defined(XMALLOC_USER) && \
-        !defined(WOLFSSL_STATIC_MEMORY)
-        #define XMALLOC(s, h, type)  pvPortMalloc((s))
-        #define XFREE(p, h, type)    vPortFree((p))
-    #endif
-
-    #define WOLFSSL_GENSEED_FORTEST
-
-    #define NO_WOLFSSL_DIR
-    #define NO_WRITEV
-    #define USE_FAST_MATH
-    #define TFM_TIMING_RESISTANT
-    #define NO_MAIN_DRIVER
-#endif
-
-#ifdef WOLFSSL_TIRTOS
-    #define SIZEOF_LONG_LONG 8
-    #define NO_WRITEV
-    #define NO_WOLFSSL_DIR
-    #define USE_FAST_MATH
-    #define TFM_TIMING_RESISTANT
-    #define ECC_TIMING_RESISTANT
-    #define WC_RSA_BLINDING
-    #define NO_DEV_RANDOM
-    #define NO_FILESYSTEM
-    #define USE_CERT_BUFFERS_2048
-    #define NO_ERROR_STRINGS
-    #define USER_TIME
-    #define HAVE_ECC
-    #define HAVE_ALPN
-    #define USE_WOLF_STRTOK /* use with HAVE_ALPN */
-    #define HAVE_TLS_EXTENSIONS
-    #define HAVE_AESGCM
-    #define HAVE_SUPPORTED_CURVES
-    #define ALT_ECC_SIZE
-
-    #ifdef __IAR_SYSTEMS_ICC__
-        #pragma diag_suppress=Pa089
-    #elif !defined(__GNUC__)
-        /* Suppress the sslpro warning */
-        #pragma diag_suppress=11
-    #endif
-
-    #include <ti/sysbios/hal/Seconds.h>
-#endif
-
-#ifdef EBSNET
-    #include "rtip.h"
-
-    /* #define DEBUG_WOLFSSL */
-    #define NO_WOLFSSL_DIR  /* tbd */
-
-    #if (POLLOS)
-        #define SINGLE_THREADED
-    #endif
-
-    #if (RTPLATFORM)
-        #if (!RTP_LITTLE_ENDIAN)
-            #define BIG_ENDIAN_ORDER
-        #endif
-    #else
-        #if (!KS_LITTLE_ENDIAN)
-            #define BIG_ENDIAN_ORDER
-        #endif
-    #endif
-
-    #if (WINMSP3)
-        #undef SIZEOF_LONG
-        #define SIZEOF_LONG_LONG 8
-    #else
-        #sslpro: settings.h - please implement SIZEOF_LONG and SIZEOF_LONG_LONG
-    #endif
-
-    #define XMALLOC(s, h, type) ((void *)rtp_malloc((s), SSL_PRO_MALLOC))
-    #define XFREE(p, h, type) (rtp_free(p))
-    #define XREALLOC(p, n, h, t) realloc((p), (n))
-
-#endif /* EBSNET */
-
-#ifdef WOLFSSL_GAME_BUILD
-    #define SIZEOF_LONG_LONG 8
-    #if defined(__PPU) || defined(__XENON)
-        #define BIG_ENDIAN_ORDER
-    #endif
-#endif
-
-#ifdef WOLFSSL_LSR
-    #define HAVE_WEBSERVER
-    #define SIZEOF_LONG_LONG 8
-    #define WOLFSSL_LOW_MEMORY
-    #define NO_WRITEV
-    #define NO_SHA512
-    #define NO_DH
-    /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
-    /* WOLFSSL_DH_CONST */
-    #define NO_DSA
-    #define NO_HC128
-    #define NO_DEV_RANDOM
-    #define NO_WOLFSSL_DIR
-    #define NO_RABBIT
-    #ifndef NO_FILESYSTEM
-        #define LSR_FS
-        #include "inc/hw_types.h"
-        #include "fs.h"
-    #endif
-    #define WOLFSSL_LWIP
-    #include <errno.h>  /* for tcp errno */
-    #define WOLFSSL_SAFERTOS
-    #if defined(__IAR_SYSTEMS_ICC__)
-        /* enum uses enum */
-        #pragma diag_suppress=Pa089
-    #endif
-#endif
-
-#ifdef WOLFSSL_SAFERTOS
-    #ifndef SINGLE_THREADED
-        #include "SafeRTOS/semphr.h"
-    #endif
-
-    #include "SafeRTOS/heap.h"
-    #define XMALLOC(s, h, type)  pvPortMalloc((s))
-    #define XFREE(p, h, type)    vPortFree((p))
-    #define XREALLOC(p, n, h, t) pvPortRealloc((p), (n))
-#endif
-
-#ifdef WOLFSSL_LOW_MEMORY
-    #undef  RSA_LOW_MEM
-    #define RSA_LOW_MEM
-    #undef  WOLFSSL_SMALL_STACK
-    #define WOLFSSL_SMALL_STACK
-    #undef  TFM_TIMING_RESISTANT
-    #define TFM_TIMING_RESISTANT
-#endif
-
-#ifdef FREESCALE_MQX_4_0
-    /* use normal Freescale MQX port, but with minor changes for 4.0 */
-    #define FREESCALE_MQX
-#endif
-
-#ifdef FREESCALE_MQX
-    #define FREESCALE_COMMON
-    #include "mqx.h"
-    #ifndef NO_FILESYSTEM
-        #include "mfs.h"
-        #if MQX_USE_IO_OLD
-            #include "fio.h"
-            #define NO_STDIO_FILESYSTEM
-        #else
-            #include "nio.h"
-        #endif
-    #endif
-    #ifndef SINGLE_THREADED
-        #include "mutex.h"
-    #endif
-
-    #if !defined(XMALLOC_OVERRIDE) && !defined(XMALLOC_USER)
-        #define XMALLOC_OVERRIDE
-        #define XMALLOC(s, h, t)    (void *)_mem_alloc_system((s))
-        #define XFREE(p, h, t)      {void* xp = (p); if ((xp)) _mem_free((xp));}
-        /* Note: MQX has no realloc, using fastmath above */
-    #endif
-#endif
-
-#ifdef FREESCALE_KSDK_MQX
-    #define FREESCALE_COMMON
-    #include <mqx.h>
-    #ifndef NO_FILESYSTEM
-        #if MQX_USE_IO_OLD
-            #include <fio.h>
-        #else
-            #include <stdio.h>
-            #include <nio.h>
-        #endif
-    #endif
-    #ifndef SINGLE_THREADED
-        #include <mutex.h>
-    #endif
-
-    #define XMALLOC(s, h, t)    (void *)_mem_alloc_system((s))
-    #define XFREE(p, h, t)      {void* xp = (p); if ((xp)) _mem_free((xp));}
-    #define XREALLOC(p, n, h, t) _mem_realloc((p), (n)) /* since MQX 4.1.2 */
-
-    #define MQX_FILE_PTR FILE *
-    #define IO_SEEK_SET  SEEK_SET
-    #define IO_SEEK_END  SEEK_END
-#endif /* FREESCALE_KSDK_MQX */
-
-#if defined(FREESCALE_FREE_RTOS) || defined(FREESCALE_KSDK_FREERTOS)
-    /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
-    /* WOLFSSL_DH_CONST */
-    /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
-    /* WOLFSSL_DH_CONST */
-    /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
-    /* WOLFSSL_DH_CONST */
-    #define NO_FILESYSTEM
-    #define WOLFSSL_CRYPT_HW_MUTEX 1
-
-    #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY)
-        #define XMALLOC(s, h, type)  pvPortMalloc((s))
-        #define XFREE(p, h, type)    vPortFree((p))
-    #endif
-
-    //#define USER_TICKS
-    /* Allows use of DH with fixed points if uncommented and NO_DH is removed */
-    /* WOLFSSL_DH_CONST */
-    #define WOLFSSL_LWIP
-    #define FREERTOS_TCP
-
-    #define FREESCALE_FREE_RTOS
-    #define FREERTOS_SOCKET_ERROR ( -1 )
-    #define FREERTOS_EWOULDBLOCK ( -2 )
-    #define FREERTOS_EINVAL ( -4 )
-    #define FREERTOS_EADDRNOTAVAIL ( -5 )
-    #define FREERTOS_EADDRINUSE ( -6 )
-    #define FREERTOS_ENOBUFS ( -7 )
-    #define FREERTOS_ENOPROTOOPT ( -8 )
-#endif /* FREESCALE_FREE_RTOS || FREESCALE_KSDK_FREERTOS */
-
-#ifdef FREESCALE_KSDK_BM
-    #define FREESCALE_COMMON
-    #define WOLFSSL_USER_IO
-    #define SINGLE_THREADED
-    #define NO_FILESYSTEM
-    #ifndef TIME_OVERRIDES
-        #define USER_TICKS
-    #endif
-#endif /* FREESCALE_KSDK_BM */
-
-#ifdef FREESCALE_COMMON
-    #define SIZEOF_LONG_LONG 8
-
-    /* disable features */
-    #undef  NO_WRITEV
-    #define NO_WRITEV
-    #undef  NO_DEV_RANDOM
-    #define NO_DEV_RANDOM
-    #undef  NO_RABBIT
-    #define NO_RABBIT
-    #undef  NO_WOLFSSL_DIR
-    #define NO_WOLFSSL_DIR
-    #undef  NO_RC4
-    #define NO_RC4
-
-    /* enable features */
-    #undef  USE_FAST_MATH
-    #define USE_FAST_MATH
-
-    #define USE_CERT_BUFFERS_2048
-    #define BENCH_EMBEDDED
-
-    #define TFM_TIMING_RESISTANT
-    #define ECC_TIMING_RESISTANT
-
-    #undef  HAVE_ECC
-    #define HAVE_ECC
-    #ifndef NO_AES
-        #undef  HAVE_AESCCM
-        #define HAVE_AESCCM
-        #undef  HAVE_AESGCM
-        #define HAVE_AESGCM
-        #undef  WOLFSSL_AES_COUNTER
-        #define WOLFSSL_AES_COUNTER
-        #undef  WOLFSSL_AES_DIRECT
-        #define WOLFSSL_AES_DIRECT
-    #endif
-
-    #ifdef FREESCALE_KSDK_1_3
-        #include "fsl_device_registers.h"
-    #elif !defined(FREESCALE_MQX)
-        /* Classic MQX does not have fsl_common.h */
-        #include "fsl_common.h"
-    #endif
-
-    /* random seed */
-    #define NO_OLD_RNGNAME
-    #if defined(FSL_FEATURE_SOC_TRNG_COUNT) && (FSL_FEATURE_SOC_TRNG_COUNT > 0)
-        #define FREESCALE_KSDK_2_0_TRNG
-    #elif defined(FSL_FEATURE_SOC_RNG_COUNT) && (FSL_FEATURE_SOC_RNG_COUNT > 0)
-        #ifdef FREESCALE_KSDK_1_3
-            #include "fsl_rnga_driver.h"
-            #define FREESCALE_RNGA
-            #define RNGA_INSTANCE (0)
-        #else
-            #define FREESCALE_KSDK_2_0_RNGA
-        #endif
-    #elif !defined(FREESCALE_KSDK_BM) && !defined(FREESCALE_FREE_RTOS) && !defined(FREESCALE_KSDK_FREERTOS)
-        #define FREESCALE_RNGA
-        #define RNGA_INSTANCE (0)
-        /* defaulting to K70 RNGA, user should change if different */
-        /* #define FREESCALE_K53_RNGB */
-        #define FREESCALE_K70_RNGA
-    #endif
-
-    /* HW crypto */
-    /* automatic enable based on Kinetis feature */
-    /* if case manual selection is required, for example for benchmarking purposes,
-     * just define FREESCALE_USE_MMCAU or FREESCALE_USE_LTC or none of these two macros (for software only)
-     * both can be enabled simultaneously as LTC has priority over MMCAU in source code.
-     */
-    /* #define FSL_HW_CRYPTO_MANUAL_SELECTION */
-    #ifndef FSL_HW_CRYPTO_MANUAL_SELECTION
-        #if defined(FSL_FEATURE_SOC_MMCAU_COUNT) && FSL_FEATURE_SOC_MMCAU_COUNT
-            #define FREESCALE_USE_MMCAU
-        #endif
-
-        #if defined(FSL_FEATURE_SOC_LTC_COUNT) && FSL_FEATURE_SOC_LTC_COUNT
-            #define FREESCALE_USE_LTC
-        #endif
-    #else
-        /* #define FREESCALE_USE_MMCAU */
-        /* #define FREESCALE_USE_LTC */
-    #endif
-#endif /* FREESCALE_COMMON */
-
-/* Classic pre-KSDK mmCAU library */
-#ifdef FREESCALE_USE_MMCAU_CLASSIC
-    #define FREESCALE_USE_MMCAU
-    #define FREESCALE_MMCAU_CLASSIC
-    #define FREESCALE_MMCAU_CLASSIC_SHA
-#endif
-
-/* KSDK mmCAU library */
-#ifdef FREESCALE_USE_MMCAU
-    /* AES and DES */
-    #define FREESCALE_MMCAU
-    /* MD5, SHA-1 and SHA-256 */
-    #define FREESCALE_MMCAU_SHA
-#endif /* FREESCALE_USE_MMCAU */
-
-#ifdef FREESCALE_USE_LTC
-    #if defined(FSL_FEATURE_SOC_LTC_COUNT) && FSL_FEATURE_SOC_LTC_COUNT
-        #define FREESCALE_LTC
-        #define LTC_BASE LTC0
-
-        #if defined(FSL_FEATURE_LTC_HAS_DES) && FSL_FEATURE_LTC_HAS_DES
-            #define FREESCALE_LTC_DES
-        #endif
-
-        #if defined(FSL_FEATURE_LTC_HAS_GCM) && FSL_FEATURE_LTC_HAS_GCM
-            #define FREESCALE_LTC_AES_GCM
-        #endif
-
-        #if defined(FSL_FEATURE_LTC_HAS_SHA) && FSL_FEATURE_LTC_HAS_SHA
-            #define FREESCALE_LTC_SHA
-        #endif
-
-        #if defined(FSL_FEATURE_LTC_HAS_PKHA) && FSL_FEATURE_LTC_HAS_PKHA
-            #define FREESCALE_LTC_ECC
-            #define FREESCALE_LTC_TFM
-
-            /* the LTC PKHA hardware limit is 2048 bits (256 bytes) for integer arithmetic.
-               the LTC_MAX_INT_BYTES defines the size of local variables that hold big integers. */
-            #ifndef LTC_MAX_INT_BYTES
-                #define LTC_MAX_INT_BYTES (256)
-            #endif
-
-            /* This FREESCALE_LTC_TFM_RSA_4096_ENABLE macro can be defined.
-             * In such a case both software and hardware algorithm
-             * for TFM is linked in. The decision for which algorithm is used is determined at runtime
-             * from size of inputs. If inputs and result can fit into LTC (see LTC_MAX_INT_BYTES)
-             * then we call hardware algorithm, otherwise we call software algorithm.
-             *
-             * Chinese reminder theorem is used to break RSA 4096 exponentiations (both public and private key)
-             * into several computations with 2048-bit modulus and exponents.
-             */
-            /* #define FREESCALE_LTC_TFM_RSA_4096_ENABLE */
-
-            /* ECC-384, ECC-256, ECC-224 and ECC-192 have been enabled with LTC PKHA acceleration */
-            #ifdef HAVE_ECC
-                #undef  ECC_TIMING_RESISTANT
-                #define ECC_TIMING_RESISTANT
-
-                /* the LTC PKHA hardware limit is 512 bits (64 bytes) for ECC.
-                   the LTC_MAX_ECC_BITS defines the size of local variables that hold ECC parameters
-                   and point coordinates */
-                #ifndef LTC_MAX_ECC_BITS
-                    #define LTC_MAX_ECC_BITS (384)
-                #endif
-
-                /* Enable curves up to 384 bits */
-                #if !defined(ECC_USER_CURVES) && !defined(HAVE_ALL_CURVES)
-                    #define ECC_USER_CURVES
-                    #define HAVE_ECC192
-                    #define HAVE_ECC224
-                    #undef  NO_ECC256
-                    #define HAVE_ECC384
-                #endif
-            #endif
-        #endif
-    #endif
-#endif /* FREESCALE_USE_LTC */
-
-#ifdef FREESCALE_LTC_TFM_RSA_4096_ENABLE
-    #undef  USE_CERT_BUFFERS_4096
-    #define USE_CERT_BUFFERS_4096
-    #undef  FP_MAX_BITS
-    #define FP_MAX_BITS (8192)
-
-    #undef  NO_DH
-    #define NO_DH
-    #undef  NO_DSA
-    #define NO_DSA
-#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
-
-/* if LTC has AES engine but doesn't have GCM, use software with LTC AES ECB mode */
-#if defined(FREESCALE_USE_LTC) && !defined(FREESCALE_LTC_AES_GCM)
-    #define GCM_TABLE
-#endif
-
-#if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \
-    defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \
-    defined(WOLFSSL_STM32L4)
-
-    #define SIZEOF_LONG_LONG 8
-    #define NO_DEV_RANDOM
-    #define NO_WOLFSSL_DIR
-    #undef  NO_RABBIT
-    #define NO_RABBIT
-    #ifndef NO_STM32_RNG
-        #undef  STM32_RNG
-        #define STM32_RNG
-        #ifdef WOLFSSL_STM32F427_RNG
-            #include "stm32f427xx.h"
-        #endif
-    #endif
-    #ifndef NO_STM32_CRYPTO
-        #undef  STM32_CRYPTO
-        #define STM32_CRYPTO
-
-        #ifdef WOLFSSL_STM32L4
-            #define NO_AES_192 /* hardware does not support 192-bit */
-        #endif
-    #endif
-    #ifndef NO_STM32_HASH
-        #undef  STM32_HASH
-        #define STM32_HASH
-    #endif
-    #if !defined(__GNUC__) && !defined(__ICCARM__)
-        #define KEIL_INTRINSICS
-    #endif
-    #define NO_OLD_RNGNAME
-    #ifdef WOLFSSL_STM32_CUBEMX
-        #if defined(WOLFSSL_STM32F2)
-            #include "stm32f2xx_hal.h"
-        #elif defined(WOLFSSL_STM32L4)
-            #include "stm32l4xx_hal.h"
-        #elif defined(WOLFSSL_STM32F4)
-            #include "stm32f4xx_hal.h"
-        #elif defined(WOLFSSL_STM32F7)
-            #include "stm32f7xx_hal.h"
-        #elif defined(WOLFSSL_STM32F1)
-            #include "stm32f1xx_hal.h"
-        #endif
-
-        #ifndef STM32_HAL_TIMEOUT
-            #define STM32_HAL_TIMEOUT   0xFF
-        #endif
-    #else
-        #if defined(WOLFSSL_STM32F2)
-            #include "stm32f2xx.h"
-            #ifdef STM32_CRYPTO
-                #include "stm32f2xx_cryp.h"
-            #endif
-            #ifdef STM32_HASH
-                #include "stm32f2xx_hash.h"
-            #endif
-        #elif defined(WOLFSSL_STM32F4)
-            #include "stm32f4xx.h"
-            #ifdef STM32_CRYPTO
-                #include "stm32f4xx_cryp.h"
-            #endif
-            #ifdef STM32_HASH
-                #include "stm32f4xx_hash.h"
-            #endif
-        #elif defined(WOLFSSL_STM32L4)
-            #include "stm32l4xx.h"
-            #ifdef STM32_CRYPTO
-                #include "stm32l4xx_cryp.h"
-            #endif
-            #ifdef STM32_HASH
-                #include "stm32l4xx_hash.h"
-            #endif
-        #elif defined(WOLFSSL_STM32F7)
-            #include "stm32f7xx.h"
-        #elif defined(WOLFSSL_STM32F1)
-            #include "stm32f1xx.h"
-        #endif
-    #endif /* WOLFSSL_STM32_CUBEMX */
-#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || WOLFSSL_STM32F7 */
-
-#ifdef MICRIUM
-    #include <stdlib.h>
-    #include <os.h>
-    #include <net_cfg.h>
-    #include <net_sock.h>
-    #include <net_err.h>
-    #include <lib_mem.h>
-    #include <lib_math.h>
-
-    #define USE_FAST_MATH
-    #define TFM_TIMING_RESISTANT
-    #define ECC_TIMING_RESISTANT
-    #define WC_RSA_BLINDING
-    #define HAVE_HASHDRBG
-
-    #define HAVE_ECC
-    #define ALT_ECC_SIZE
-    #define TFM_ECC192
-    #define TFM_ECC224
-    #define TFM_ECC256
-    #define TFM_ECC384
-    #define TFM_ECC521
-
-    #define NO_RC4
-    #define HAVE_TLS_EXTENSIONS
-    #define HAVE_SUPPORTED_CURVES
-    #define HAVE_EXTENDED_MASTER
-
-    #define NO_WOLFSSL_DIR
-    #define NO_WRITEV
-
-    #ifndef CUSTOM_RAND_GENERATE
-        #define CUSTOM_RAND_TYPE     RAND_NBR
-        #define CUSTOM_RAND_GENERATE Math_Rand
-    #endif
-    #define STRING_USER
-    #define XSTRLEN(pstr) ((CPU_SIZE_T)Str_Len((CPU_CHAR *)(pstr)))
-    #define XSTRNCPY(pstr_dest, pstr_src, len_max) \
-                    ((CPU_CHAR *)Str_Copy_N((CPU_CHAR *)(pstr_dest), \
-                     (CPU_CHAR *)(pstr_src), (CPU_SIZE_T)(len_max)))
-    #define XSTRNCMP(pstr_1, pstr_2, len_max) \
-                    ((CPU_INT16S)Str_Cmp_N((CPU_CHAR *)(pstr_1), \
-                     (CPU_CHAR *)(pstr_2), (CPU_SIZE_T)(len_max)))
-    #define XSTRNCASECMP(pstr_1, pstr_2, len_max) \
-                    ((CPU_INT16S)Str_CmpIgnoreCase_N((CPU_CHAR *)(pstr_1), \
-                     (CPU_CHAR *)(pstr_2), (CPU_SIZE_T)(len_max)))
-    #define XSTRSTR(pstr, pstr_srch) \
-                    ((CPU_CHAR *)Str_Str((CPU_CHAR *)(pstr), \
-                     (CPU_CHAR *)(pstr_srch)))
-    #define XSTRNSTR(pstr, pstr_srch, len_max) \
-                    ((CPU_CHAR *)Str_Str_N((CPU_CHAR *)(pstr), \
-                     (CPU_CHAR *)(pstr_srch),(CPU_SIZE_T)(len_max)))
-    #define XSTRNCAT(pstr_dest, pstr_cat, len_max) \
-                    ((CPU_CHAR *)Str_Cat_N((CPU_CHAR *)(pstr_dest), \
-                     (const CPU_CHAR *)(pstr_cat),(CPU_SIZE_T)(len_max)))
-    #define XMEMSET(pmem, data_val, size) \
-                    ((void)Mem_Set((void *)(pmem), (CPU_INT08U) (data_val), \
-                    (CPU_SIZE_T)(size)))
-    #define XMEMCPY(pdest, psrc, size) ((void)Mem_Copy((void *)(pdest), \
-                     (void *)(psrc), (CPU_SIZE_T)(size)))
-    #define XMEMCMP(pmem_1, pmem_2, size) \
-                   (((CPU_BOOLEAN)Mem_Cmp((void *)(pmem_1), (void *)(pmem_2), \
-                     (CPU_SIZE_T)(size))) ? DEF_NO : DEF_YES)
-    #define XMEMMOVE XMEMCPY
-
-    #if (OS_CFG_MUTEX_EN == DEF_DISABLED)
-        #define SINGLE_THREADED
-    #endif
-
-    #if (CPU_CFG_ENDIAN_TYPE == CPU_ENDIAN_TYPE_BIG)
-        #define BIG_ENDIAN_ORDER
-    #else
-        #undef  BIG_ENDIAN_ORDER
-        #define LITTLE_ENDIAN_ORDER
-    #endif
-#endif /* MICRIUM */
-
-
-#ifdef WOLFSSL_QL
-    #ifndef WOLFSSL_SEP
-        #define WOLFSSL_SEP
-    #endif
-    #ifndef OPENSSL_EXTRA
-        #define OPENSSL_EXTRA
-    #endif
-    #ifndef SESSION_CERTS
-        #define SESSION_CERTS
-    #endif
-    #ifndef HAVE_AESCCM
-        #define HAVE_AESCCM
-    #endif
-    #ifndef ATOMIC_USER
-        #define ATOMIC_USER
-    #endif
-    #ifndef WOLFSSL_DER_LOAD
-        #define WOLFSSL_DER_LOAD
-    #endif
-    #ifndef KEEP_PEER_CERT
-        #define KEEP_PEER_CERT
-    #endif
-    #ifndef HAVE_ECC
-        #define HAVE_ECC
-    #endif
-    #ifndef SESSION_INDEX
-        #define SESSION_INDEX
-    #endif
-#endif /* WOLFSSL_QL */
-
-
-#if defined(WOLFSSL_XILINX)
-    #define USER_TIME /* XTIME in asn.c */
-    #define NO_WOLFSSL_DIR
-    #define NO_DEV_RANDOM
-    #define HAVE_AESGCM
-#endif
-
-#if defined(WOLFSSL_XILINX_CRYPT)
-    #if defined(WOLFSSL_ARMASM)
-        #error can not use both ARMv8 instructions and XILINX hardened crypto
-    #endif
-    #if defined(WOLFSSL_SHA3)
-        /* only SHA3-384 is supported */
-        #undef WOLFSSL_NOSHA3_224
-        #undef WOLFSSL_NOSHA3_256
-        #undef WOLFSSL_NOSHA3_512
-        #define WOLFSSL_NOSHA3_224
-        #define WOLFSSL_NOSHA3_256
-        #define WOLFSSL_NOSHA3_512
-    #endif
-#endif /*(WOLFSSL_XILINX_CRYPT)*/
-
-#if defined(WOLFSSL_APACHE_MYNEWT)
-    #include "os/os_malloc.h"
-    #if !defined(WOLFSSL_LWIP)
-        #include <mn_socket/mn_socket.h>
-    #endif
-
-    #if !defined(SIZEOF_LONG)
-        #define SIZEOF_LONG 4
-    #endif
-    #if !defined(SIZEOF_LONG_LONG)
-        #define SIZEOF_LONG_LONG 8
-    #endif
-    #if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)
-        #define BIG_ENDIAN_ORDER
-    #else
-        #undef  BIG_ENDIAN_ORDER
-        #define LITTLE_ENDIAN_ORDER
-    #endif
-    #define NO_WRITEV
-    #define WOLFSSL_USER_IO
-    #define SINGLE_THREADED
-    #define NO_DEV_RANDOM
-    #define NO_DH
-    #define NO_WOLFSSL_DIR
-    #define NO_ERROR_STRINGS
-    #define HAVE_ECC
-    #define NO_SESSION_CACHE
-    #define NO_ERROR_STRINGS
-    #define XMALLOC_USER
-    #define XMALLOC(sz, heap, type)     os_malloc(sz)
-    #define XREALLOC(p, sz, heap, type) os_realloc(p, sz)
-    #define XFREE(p, heap, type)        os_free(p)
-
-#endif /*(WOLFSSL_APACHE_MYNEWT)*/
-
-#ifdef WOLFSSL_IMX6
-    #ifndef SIZEOF_LONG_LONG
-        #define SIZEOF_LONG_LONG 8
-    #endif
-#endif
-
-/* if defined turn on all CAAM support */
-#ifdef WOLFSSL_IMX6_CAAM
-    #undef  WOLFSSL_IMX6_CAAM_RNG
-    #define WOLFSSL_IMX6_CAAM_RNG
-
-    #undef  WOLFSSL_IMX6_CAAM_BLOB
-    #define WOLFSSL_IMX6_CAAM_BLOB
-
-#if defined(HAVE_AESGCM) || defined(WOLFSSL_AES_XTS)
-    /* large performance gain with HAVE_AES_ECB defined */
-    #undef HAVE_AES_ECB
-    #define HAVE_AES_ECB
-#endif
-#endif
-
-#if !defined(XMALLOC_USER) && !defined(MICRIUM_MALLOC) && \
-    !defined(WOLFSSL_LEANPSK) && !defined(NO_WOLFSSL_MEMORY) && \
-    !defined(XMALLOC_OVERRIDE)
-    #define USE_WOLFSSL_MEMORY
-#endif
-
-
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
-    #undef  KEEP_PEER_CERT
-    #define KEEP_PEER_CERT
-#endif
-
-
-/* stream ciphers except arc4 need 32bit alignment, intel ok without */
-#ifndef XSTREAM_ALIGN
-    #if defined(__x86_64__) || defined(__ia64__) || defined(__i386__)
-        #define NO_XSTREAM_ALIGN
-    #else
-        #define XSTREAM_ALIGN
-    #endif
-#endif
-
-/* write dup cannot be used with secure renegotiation because write dup
- * make write side write only and read side read only */
-#if defined(HAVE_WRITE_DUP) && defined(HAVE_SECURE_RENEGOTIATION)
-    #error "WRITE DUP and SECURE RENEGOTIATION cannot both be on"
-#endif
-
-#ifdef WOLFSSL_SGX
-    #ifdef _MSC_VER
-        #define NO_RC4
-        #ifndef HAVE_FIPS
-            #define WOLFCRYPT_ONLY
-            #define NO_DES3
-            #define NO_SHA
-            #define NO_MD5
-        #else
-            #define TFM_TIMING_RESISTANT
-            #define NO_WOLFSSL_DIR
-            #define NO_WRITEV
-            #define NO_MAIN_DRIVER
-            #define WOLFSSL_LOG_PRINTF
-            #define WOLFSSL_DH_CONST
-        #endif
-    #else
-        #define HAVE_ECC
-        #define NO_WRITEV
-        #define NO_MAIN_DRIVER
-        #define USER_TICKS
-        #define WOLFSSL_LOG_PRINTF
-        #define WOLFSSL_DH_CONST
-    #endif /* _MSC_VER */
-    #if !defined(HAVE_FIPS) && !defined(NO_RSA)
-        #define WC_RSA_BLINDING
-    #endif
-
-    #define NO_FILESYSTEM
-    #define ECC_TIMING_RESISTANT
-    #define TFM_TIMING_RESISTANT
-    #define SINGLE_THREADED
-    #define NO_ASN_TIME /* can not use headers such as windows.h */
-    #define HAVE_AESGCM
-    #define USE_CERT_BUFFERS_2048
-    #define USE_FAST_MATH
-#endif /* WOLFSSL_SGX */
-
-/* FreeScale MMCAU hardware crypto has 4 byte alignment.
-   However, KSDK fsl_mmcau.h gives API with no alignment
-   requirements (4 byte alignment is managed internally by fsl_mmcau.c) */
-#ifdef FREESCALE_MMCAU
-    #ifdef FREESCALE_MMCAU_CLASSIC
-        #define WOLFSSL_MMCAU_ALIGNMENT 4
-    #else
-        #define WOLFSSL_MMCAU_ALIGNMENT 0
-    #endif
-#endif
-
-/* if using hardware crypto and have alignment requirements, specify the
-   requirement here.  The record header of SSL/TLS will prevent easy alignment.
-   This hint tries to help as much as possible.  */
-#ifndef WOLFSSL_GENERAL_ALIGNMENT
-    #ifdef WOLFSSL_AESNI
-        #define WOLFSSL_GENERAL_ALIGNMENT 16
-    #elif defined(XSTREAM_ALIGN)
-        #define WOLFSSL_GENERAL_ALIGNMENT  4
-    #elif defined(FREESCALE_MMCAU) || defined(FREESCALE_MMCAU_CLASSIC)
-        #define WOLFSSL_GENERAL_ALIGNMENT  WOLFSSL_MMCAU_ALIGNMENT
-    #else
-        #define WOLFSSL_GENERAL_ALIGNMENT  0
-    #endif
-#endif
-
-#if defined(WOLFSSL_GENERAL_ALIGNMENT) && (WOLFSSL_GENERAL_ALIGNMENT > 0)
-    #if defined(_MSC_VER)
-        #define XGEN_ALIGN __declspec(align(WOLFSSL_GENERAL_ALIGNMENT))
-    #elif defined(__GNUC__)
-        #define XGEN_ALIGN __attribute__((aligned(WOLFSSL_GENERAL_ALIGNMENT)))
-    #else
-        #define XGEN_ALIGN
-    #endif
-#else
-    #define XGEN_ALIGN
-#endif
-
-#ifdef HAVE_CRL
-    /* not widely supported yet */
-    #undef NO_SKID
-    #define NO_SKID
-#endif
-
-
-#ifdef __INTEL_COMPILER
-    #pragma warning(disable:2259) /* explicit casts to smaller sizes, disable */
-#endif
-
-/* user can specify what curves they want with ECC_USER_CURVES otherwise
- * all curves are on by default for now */
-#ifndef ECC_USER_CURVES
-    #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_ALL_CURVES)
-        #define HAVE_ALL_CURVES
-    #endif
-#endif
-
-/* ECC Configs */
-#ifdef HAVE_ECC
-    /* By default enable Sign, Verify, DHE, Key Import and Key Export unless explicitly disabled */
-    #ifndef NO_ECC_SIGN
-        #undef HAVE_ECC_SIGN
-        #define HAVE_ECC_SIGN
-    #endif
-    #ifndef NO_ECC_VERIFY
-        #undef HAVE_ECC_VERIFY
-        #define HAVE_ECC_VERIFY
-    #endif
-    #ifndef NO_ECC_CHECK_KEY
-        #undef HAVE_ECC_CHECK_KEY
-        #define HAVE_ECC_CHECK_KEY
-    #endif
-    #ifndef NO_ECC_DHE
-        #undef HAVE_ECC_DHE
-        #define HAVE_ECC_DHE
-    #endif
-    #ifndef NO_ECC_KEY_IMPORT
-        #undef HAVE_ECC_KEY_IMPORT
-        #define HAVE_ECC_KEY_IMPORT
-    #endif
-    #ifndef NO_ECC_KEY_EXPORT
-        #undef HAVE_ECC_KEY_EXPORT
-        #define HAVE_ECC_KEY_EXPORT
-    #endif
-#endif /* HAVE_ECC */
-
-/* Curve255519 Configs */
-#ifdef HAVE_CURVE25519
-    /* By default enable shared secret, key export and import */
-    #ifndef NO_CURVE25519_SHARED_SECRET
-        #undef HAVE_CURVE25519_SHARED_SECRET
-        #define HAVE_CURVE25519_SHARED_SECRET
-    #endif
-    #ifndef NO_CURVE25519_KEY_EXPORT
-        #undef HAVE_CURVE25519_KEY_EXPORT
-        #define HAVE_CURVE25519_KEY_EXPORT
-    #endif
-    #ifndef NO_CURVE25519_KEY_IMPORT
-        #undef HAVE_CURVE25519_KEY_IMPORT
-        #define HAVE_CURVE25519_KEY_IMPORT
-    #endif
-#endif /* HAVE_CURVE25519 */
-
-/* Ed255519 Configs */
-#ifdef HAVE_ED25519
-    /* By default enable sign, verify, key export and import */
-    #ifndef NO_ED25519_SIGN
-        #undef HAVE_ED25519_SIGN
-        #define HAVE_ED25519_SIGN
-    #endif
-    #ifndef NO_ED25519_VERIFY
-        #undef HAVE_ED25519_VERIFY
-        #define HAVE_ED25519_VERIFY
-    #endif
-    #ifndef NO_ED25519_KEY_EXPORT
-        #undef HAVE_ED25519_KEY_EXPORT
-        #define HAVE_ED25519_KEY_EXPORT
-    #endif
-    #ifndef NO_ED25519_KEY_IMPORT
-        #undef HAVE_ED25519_KEY_IMPORT
-        #define HAVE_ED25519_KEY_IMPORT
-    #endif
-#endif /* HAVE_ED25519 */
-
-/* AES Config */
-#ifndef NO_AES
-    /* By default enable all AES key sizes, decryption and CBC */
-    #ifndef AES_MAX_KEY_SIZE
-        #undef  AES_MAX_KEY_SIZE
-        #define AES_MAX_KEY_SIZE    256
-    #endif
-
-    #ifndef NO_AES_128
-        #undef  WOLFSSL_AES_128
-        #define WOLFSSL_AES_128
-    #endif
-    #if !defined(NO_AES_192) && AES_MAX_KEY_SIZE >= 192
-        #undef  WOLFSSL_AES_192
-        #define WOLFSSL_AES_192
-    #endif
-    #if !defined(NO_AES_256) && AES_MAX_KEY_SIZE >= 256
-        #undef  WOLFSSL_AES_256
-        #define WOLFSSL_AES_256
-    #endif
-    #if !defined(WOLFSSL_AES_128) && defined(HAVE_ECC_ENCRYPT)
-        #warning HAVE_ECC_ENCRYPT uses AES 128 bit keys
-     #endif
-
-    #ifndef NO_AES_DECRYPT
-        #undef  HAVE_AES_DECRYPT
-        #define HAVE_AES_DECRYPT
-    #endif
-    #ifndef NO_AES_CBC
-        #undef  HAVE_AES_CBC
-        #define HAVE_AES_CBC
-    #endif
-    #ifdef WOLFSSL_AES_XTS
-        /* AES-XTS makes calls to AES direct functions */
-        #ifndef WOLFSSL_AES_DIRECT
-        #define WOLFSSL_AES_DIRECT
-        #endif
-    #endif
-    #ifdef WOLFSSL_AES_CFB
-        /* AES-CFB makes calls to AES direct functions */
-        #ifndef WOLFSSL_AES_DIRECT
-        #define WOLFSSL_AES_DIRECT
-        #endif
-    #endif
-#endif
-
-#if (defined(WOLFSSL_TLS13) && defined(WOLFSSL_NO_TLS12)) || \
-    (!defined(HAVE_AES_CBC) && defined(NO_DES3) && defined(NO_RC4) && \
-     !defined(HAVE_CAMELLIA) && !defined(HAVE_IDEA) && \
-     !defined(HAVE_NULL_CIPHER) && !defined(HAVE_HC128))
-    #define WOLFSSL_AEAD_ONLY
-#endif
-
-/* if desktop type system and fastmath increase default max bits */
-#ifdef WOLFSSL_X86_64_BUILD
-    #ifdef USE_FAST_MATH
-        #ifndef FP_MAX_BITS
-            #define FP_MAX_BITS 8192
-        #endif
-    #endif
-#endif
-
-/* If using the max strength build, ensure OLD TLS is disabled. */
-#ifdef WOLFSSL_MAX_STRENGTH
-    #undef NO_OLD_TLS
-    #define NO_OLD_TLS
-#endif
-
-
-/* Default AES minimum auth tag sz, allow user to override */
-#ifndef WOLFSSL_MIN_AUTH_TAG_SZ
-    #define WOLFSSL_MIN_AUTH_TAG_SZ 12
-#endif
-
-
-/* sniffer requires:
- * static RSA cipher suites
- * session stats and peak stats
- */
-#ifdef WOLFSSL_SNIFFER
-    #ifndef WOLFSSL_STATIC_RSA
-        #define WOLFSSL_STATIC_RSA
-    #endif
-    #ifndef WOLFSSL_SESSION_STATS
-        #define WOLFSSL_SESSION_STATS
-    #endif
-    #ifndef WOLFSSL_PEAK_SESSIONS
-        #define WOLFSSL_PEAK_SESSIONS
-    #endif
-#endif
-
-/* Decode Public Key extras on by default, user can turn off with
- * WOLFSSL_NO_DECODE_EXTRA */
-#ifndef WOLFSSL_NO_DECODE_EXTRA
-    #ifndef RSA_DECODE_EXTRA
-        #define RSA_DECODE_EXTRA
-    #endif
-    #ifndef ECC_DECODE_EXTRA
-        #define ECC_DECODE_EXTRA
-    #endif
-#endif
-
-/* C Sharp wrapper defines */
-#ifdef HAVE_CSHARP
-    #ifndef WOLFSSL_DTLS
-        #define WOLFSSL_DTLS
-    #endif
-    #undef NO_PSK
-    #undef NO_SHA256
-    #undef NO_DH
-#endif
-
-/* Asynchronous Crypto */
-#ifdef WOLFSSL_ASYNC_CRYPT
-    /* Make sure wolf events are enabled */
-    #undef HAVE_WOLF_EVENT
-    #define HAVE_WOLF_EVENT
-
-    #ifdef WOLFSSL_ASYNC_CRYPT_TEST
-        #define WC_ASYNC_DEV_SIZE 328+24
-    #else
-        #define WC_ASYNC_DEV_SIZE 328
-    #endif
-
-    #if !defined(HAVE_CAVIUM) && !defined(HAVE_INTEL_QA) && \
-        !defined(WOLFSSL_ASYNC_CRYPT_TEST)
-        #error No async hardware defined with WOLFSSL_ASYNC_CRYPT!
-    #endif
-
-    /* Enable ECC_CACHE_CURVE for ASYNC */
-    #if !defined(ECC_CACHE_CURVE)
-        #define ECC_CACHE_CURVE
-    #endif
-#endif /* WOLFSSL_ASYNC_CRYPT */
-#ifndef WC_ASYNC_DEV_SIZE
-    #define WC_ASYNC_DEV_SIZE 0
-#endif
-
-/* leantls checks */
-#ifdef WOLFSSL_LEANTLS
-    #ifndef HAVE_ECC
-        #error leantls build needs ECC
-    #endif
-#endif /* WOLFSSL_LEANTLS*/
-
-/* restriction with static memory */
-#ifdef WOLFSSL_STATIC_MEMORY
-    #if defined(HAVE_IO_POOL) || defined(XMALLOC_USER) || defined(NO_WOLFSSL_MEMORY)
-         #error static memory cannot be used with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY
-    #endif
-    #if !defined(USE_FAST_MATH) && !defined(NO_BIG_INT)
-        #error static memory requires fast math please define USE_FAST_MATH
-    #endif
-    #ifdef WOLFSSL_SMALL_STACK
-        #error static memory does not support small stack please undefine
-    #endif
-#endif /* WOLFSSL_STATIC_MEMORY */
-
-#ifdef HAVE_AES_KEYWRAP
-    #ifndef WOLFSSL_AES_DIRECT
-        #error AES key wrap requires AES direct please define WOLFSSL_AES_DIRECT
-    #endif
-#endif
-
-#ifdef HAVE_PKCS7
-    #if defined(NO_AES) && defined(NO_DES3)
-        #error PKCS7 needs either AES or 3DES enabled, please enable one
-    #endif
-    #ifndef HAVE_AES_KEYWRAP
-        #error PKCS7 requires AES key wrap please define HAVE_AES_KEYWRAP
-    #endif
-    #if defined(HAVE_ECC) && !defined(HAVE_X963_KDF)
-        #error PKCS7 requires X963 KDF please define HAVE_X963_KDF
-    #endif
-#endif
-
-#if !defined(WOLFCRYPT_ONLY) && !defined(NO_OLD_TLS) && \
-        (defined(NO_SHA) || defined(NO_MD5))
-    #error old TLS requires MD5 and SHA
-#endif
-
-/* for backwards compatibility */
-#if defined(TEST_IPV6) && !defined(WOLFSSL_IPV6)
-    #define WOLFSSL_IPV6
-#endif
-
-
-/* Place any other flags or defines here */
-
-#if defined(WOLFSSL_MYSQL_COMPATIBLE) && defined(_WIN32) \
-                                      && defined(HAVE_GMTIME_R)
-    #undef HAVE_GMTIME_R /* don't trust macro with windows */
-#endif /* WOLFSSL_MYSQL_COMPATIBLE */
-
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
-    #define SSL_OP_NO_COMPRESSION    SSL_OP_NO_COMPRESSION
-    #define OPENSSL_NO_ENGINE
-    #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
-    #ifndef OPENSSL_EXTRA
-        #define OPENSSL_EXTRA
-    #endif
-    #ifndef HAVE_SESSION_TICKET
-        #define HAVE_SESSION_TICKET
-    #endif
-    #ifndef HAVE_OCSP
-        #define HAVE_OCSP
-    #endif
-    #ifndef KEEP_OUR_CERT
-        #define KEEP_OUR_CERT
-    #endif
-    #ifndef HAVE_SNI
-        #define HAVE_SNI
-    #endif
-#endif
-
-#if defined(WOLFSSL_NGINX)
-    #define SSL_CTRL_SET_TLSEXT_HOSTNAME
-#endif
-
-/* both CURVE and ED small math should be enabled */
-#ifdef CURVED25519_SMALL
-        #define CURVE25519_SMALL
-        #define ED25519_SMALL
-#endif
-
-
-#ifndef WOLFSSL_ALERT_COUNT_MAX
-    #define WOLFSSL_ALERT_COUNT_MAX 5
-#endif
-
-/* warning for not using harden build options (default with ./configure) */
-#ifndef WC_NO_HARDEN
-    #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
-        (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \
-        (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \
-            !defined(WC_NO_RNG))
-
-        #ifndef _MSC_VER
-            #warning "For timing resistance / side-channel attack prevention consider using harden options"
-        #else
-            #pragma message("Warning: For timing resistance / side-channel attack prevention consider using harden options")
-        #endif
-    #endif
-#endif
-
-#if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA)
-    /* added to have compatibility with SHA256() */
-    #if !defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS)
-        #define NO_OLD_SHA_NAMES
-    #endif
-#endif
-
-/* switch for compatibility layer functionality. Has subparts i.e. BIO/X509
- * When opensslextra is enabled all subparts should be turned on. */
-#ifdef OPENSSL_EXTRA
-    #undef  OPENSSL_EXTRA_X509_SMALL
-    #define OPENSSL_EXTRA_X509_SMALL
-#endif /* OPENSSL_EXTRA */
-
-/* support for converting DER to PEM */
-#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || \
-        defined(OPENSSL_EXTRA)
-    #undef  WOLFSSL_DER_TO_PEM
-    #define WOLFSSL_DER_TO_PEM
-#endif
-
-/* keep backwards compatibility enabling encrypted private key */
-#ifndef WOLFSSL_ENCRYPTED_KEYS
-    #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
-        defined(HAVE_WEBSERVER)
-        #define WOLFSSL_ENCRYPTED_KEYS
-    #endif
-#endif
-
-/* support for disabling PEM to DER */
-#if !defined(WOLFSSL_NO_PEM)
-    #undef  WOLFSSL_PEM_TO_DER
-    #define WOLFSSL_PEM_TO_DER
-#endif
-
-/* Parts of the openssl compatibility layer require peer certs */
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
-    #undef  KEEP_PEER_CERT
-    #define KEEP_PEER_CERT
-#endif
-
-/* RAW hash function APIs are not implemented with ARMv8 hardware acceleration*/
-#ifdef WOLFSSL_ARMASM
-    #undef  WOLFSSL_NO_HASH_RAW
-    #define WOLFSSL_NO_HASH_RAW
-#endif
-
-#if !defined(WOLFSSL_SHA384) && !defined(WOLFSSL_SHA512) && defined(NO_AES) && \
-                                                          !defined(WOLFSSL_SHA3)
-    #undef  WOLFSSL_NO_WORD64_OPS
-    #define WOLFSSL_NO_WORD64_OPS
-#endif
-
-#if defined(NO_AES) && defined(NO_DES3) && !defined(HAVE_CAMELLIA) && \
-                                     defined(NO_PWDBASED) && !defined(HAVE_IDEA)
-    #undef  WOLFSSL_NO_XOR_OPS
-    #define WOLFSSL_NO_XOR_OPS
-#endif
-
-#if defined(NO_ASN) && defined(WOLFCRYPT_ONLY)
-    #undef  WOLFSSL_NO_INT_ENCODE
-    #define WOLFSSL_NO_INT_ENCODE
-    #undef  WOLFSSL_NO_INT_DECODE
-    #define WOLFSSL_NO_INT_DECODE
-#endif
-
-#if defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_RSA_VERIFY_ONLY) && \
-    defined(WC_NO_RSA_OAEP)
-    #undef  WOLFSSL_NO_CT_OPS
-    #define WOLFSSL_NO_CT_OPS
-#endif
-
-#if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(HAVE_CURVE25519) && \
-                                   defined(WC_NO_RNG) && defined(WC_NO_RSA_OAEP)
-    #undef  WOLFSSL_NO_CONST_CMP
-    #define WOLFSSL_NO_CONST_CMP
-#endif
-
-#if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(WOLFSSL_SHA384) && \
-    !defined(WOLFSSL_SHA512) && defined(WC_NO_RNG) && \
-                    defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_RSA_PUBLIC_ONLY)
-    #undef  WOLFSSL_NO_FORCE_ZERO
-    #define WOLFSSL_NO_FORCE_ZERO
-#endif
-
-#ifdef __cplusplus
-    }   /* extern "C" */
-#endif
-
-#endif
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h
deleted file mode 100644
index d9814d67..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h
+++ /dev/null
@@ -1,143 +0,0 @@
-/* sha.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/*!
-    \file wolfssl/wolfcrypt/sha.h
-*/
-
-
-#ifndef WOLF_CRYPT_SHA_H
-#define WOLF_CRYPT_SHA_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_SHA
-
-#if defined(HAVE_FIPS) && \
-    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
-    #include <wolfssl/wolfcrypt/fips.h>
-#endif /* HAVE_FIPS_VERSION >= 2 */
-
-#if defined(HAVE_FIPS) && \
-	(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
-#define wc_Sha             Sha
-#define WC_SHA             SHA
-#define WC_SHA_BLOCK_SIZE  SHA_BLOCK_SIZE
-#define WC_SHA_DIGEST_SIZE SHA_DIGEST_SIZE
-#define WC_SHA_PAD_SIZE    SHA_PAD_SIZE
-
-/* for fips @wc_fips */
-#include <cyassl/ctaocrypt/sha.h>
-#endif
-
-#ifdef FREESCALE_LTC_SHA
-    #include "fsl_ltc.h"
-#endif
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-/* avoid redefinition of structs */
-#if !defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
-
-#ifdef WOLFSSL_MICROCHIP_PIC32MZ
-    #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
-#endif
-#ifdef STM32_HASH
-    #include <wolfssl/wolfcrypt/port/st/stm32.h>
-#endif
-#ifdef WOLFSSL_ASYNC_CRYPT
-    #include <wolfssl/wolfcrypt/async.h>
-#endif
-
-#if !defined(NO_OLD_SHA_NAMES)
-    #define SHA             WC_SHA
-#endif
-
-#ifndef NO_OLD_WC_NAMES
-    #define Sha             wc_Sha
-    #define SHA_BLOCK_SIZE  WC_SHA_BLOCK_SIZE
-    #define SHA_DIGEST_SIZE WC_SHA_DIGEST_SIZE
-    #define SHA_PAD_SIZE    WC_SHA_PAD_SIZE
-#endif
-
-/* in bytes */
-enum {
-    WC_SHA              =  WC_HASH_TYPE_SHA,
-    WC_SHA_BLOCK_SIZE   = 64,
-    WC_SHA_DIGEST_SIZE  = 20,
-    WC_SHA_PAD_SIZE     = 56
-};
-
-
-#if defined(WOLFSSL_TI_HASH)
-    #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
-
-#elif defined(WOLFSSL_IMX6_CAAM)
-    #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
-
-#else
-/* Sha digest */
-typedef struct wc_Sha {
-#ifdef FREESCALE_LTC_SHA
-        ltc_hash_ctx_t ctx;
-#elif defined(STM32_HASH)
-        STM32_HASH_Context stmCtx;
-#else
-        word32  buffLen;   /* in bytes          */
-        word32  loLen;     /* length in bytes   */
-        word32  hiLen;     /* length in bytes   */
-        word32  buffer[WC_SHA_BLOCK_SIZE  / sizeof(word32)];
-    #ifdef WOLFSSL_PIC32MZ_HASH
-        word32  digest[PIC32_DIGEST_SIZE / sizeof(word32)];
-    #else
-        word32  digest[WC_SHA_DIGEST_SIZE / sizeof(word32)];
-    #endif
-        void*   heap;
-    #ifdef WOLFSSL_PIC32MZ_HASH
-        hashUpdCache cache; /* cache for updates */
-    #endif
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        WC_ASYNC_DEV asyncDev;
-    #endif /* WOLFSSL_ASYNC_CRYPT */
-#endif
-} wc_Sha;
-
-#endif /* WOLFSSL_TI_HASH */
-
-
-#endif /* HAVE_FIPS */
-
-WOLFSSL_API int wc_InitSha(wc_Sha*);
-WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId);
-WOLFSSL_API int wc_ShaUpdate(wc_Sha*, const byte*, word32);
-WOLFSSL_API int wc_ShaFinalRaw(wc_Sha*, byte*);
-WOLFSSL_API int wc_ShaFinal(wc_Sha*, byte*);
-WOLFSSL_API void wc_ShaFree(wc_Sha*);
-
-WOLFSSL_API int wc_ShaGetHash(wc_Sha*, byte*);
-WOLFSSL_API int wc_ShaCopy(wc_Sha*, wc_Sha*);
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-WOLFSSL_API void wc_ShaSizeSet(wc_Sha* sha, word32 len);
-#endif
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* NO_SHA */
-#endif /* WOLF_CRYPT_SHA_H */
-
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h
deleted file mode 100644
index 9565652e..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h
+++ /dev/null
@@ -1,209 +0,0 @@
-/* sha256.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/*!
-    \file wolfssl/wolfcrypt/sha256.h
-*/
-
-
-/* code submitted by raphael.huck@efixo.com */
-
-#ifndef WOLF_CRYPT_SHA256_H
-#define WOLF_CRYPT_SHA256_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_SHA256
-
-#if defined(HAVE_FIPS) && \
-    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
-    #include <wolfssl/wolfcrypt/fips.h>
-#endif /* HAVE_FIPS_VERSION >= 2 */
-
-#if defined(HAVE_FIPS) && \
-	(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
-    #define wc_Sha256             Sha256
-    #define WC_SHA256             SHA256
-    #define WC_SHA256_BLOCK_SIZE  SHA256_BLOCK_SIZE
-    #define WC_SHA256_DIGEST_SIZE SHA256_DIGEST_SIZE
-    #define WC_SHA256_PAD_SIZE    SHA256_PAD_SIZE
-
-    #ifdef WOLFSSL_SHA224
-        #define wc_Sha224             Sha224
-        #define WC_SHA224             SHA224
-        #define WC_SHA224_BLOCK_SIZE  SHA224_BLOCK_SIZE
-        #define WC_SHA224_DIGEST_SIZE SHA224_DIGEST_SIZE
-        #define WC_SHA224_PAD_SIZE    SHA224_PAD_SIZE
-    #endif
-
-    /* for fips @wc_fips */
-    #include <cyassl/ctaocrypt/sha256.h>
-#endif
-
-#ifdef FREESCALE_LTC_SHA
-    #include "fsl_ltc.h"
-#endif
-
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-/* avoid redefinition of structs */
-#if !defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
-
-#ifdef WOLFSSL_MICROCHIP_PIC32MZ
-    #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
-#endif
-#ifdef STM32_HASH
-    #include <wolfssl/wolfcrypt/port/st/stm32.h>
-#endif
-#ifdef WOLFSSL_ASYNC_CRYPT
-    #include <wolfssl/wolfcrypt/async.h>
-#endif
-#if defined(WOLFSSL_DEVCRYPTO) && defined(WOLFSSL_DEVCRYPTO_HASH)
-    #include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
-#endif
-
-#if defined(_MSC_VER)
-    #define SHA256_NOINLINE __declspec(noinline)
-#elif defined(__GNUC__)
-    #define SHA256_NOINLINE __attribute__((noinline))
-#else
-    #define SHA256_NOINLINE
-#endif
-
-#if !defined(NO_OLD_SHA_NAMES)
-    #define SHA256             WC_SHA256
-#endif
-
-#ifndef NO_OLD_WC_NAMES
-    #define Sha256             wc_Sha256
-    #define SHA256_BLOCK_SIZE  WC_SHA256_BLOCK_SIZE
-    #define SHA256_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
-    #define SHA256_PAD_SIZE    WC_SHA256_PAD_SIZE
-#endif
-
-/* in bytes */
-enum {
-    WC_SHA256              =  WC_HASH_TYPE_SHA256,
-    WC_SHA256_BLOCK_SIZE   = 64,
-    WC_SHA256_DIGEST_SIZE  = 32,
-    WC_SHA256_PAD_SIZE     = 56
-};
-
-
-#ifdef WOLFSSL_TI_HASH
-    #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
-#elif defined(WOLFSSL_IMX6_CAAM)
-    #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
-#elif defined(WOLFSSL_AFALG_HASH)
-    #include "wolfssl/wolfcrypt/port/af_alg/afalg_hash.h"
-#else
-/* wc_Sha256 digest */
-typedef struct wc_Sha256 {
-#ifdef FREESCALE_LTC_SHA
-    ltc_hash_ctx_t ctx;
-#elif defined(STM32_HASH)
-    STM32_HASH_Context stmCtx;
-#else
-    /* alignment on digest and buffer speeds up ARMv8 crypto operations */
-    ALIGN16 word32  digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)];
-    ALIGN16 word32  buffer[WC_SHA256_BLOCK_SIZE  / sizeof(word32)];
-    word32  buffLen;   /* in bytes          */
-    word32  loLen;     /* length in bytes   */
-    word32  hiLen;     /* length in bytes   */
-    void*   heap;
-#ifdef USE_INTEL_SPEEDUP
-    const byte* data;
-#endif
-#ifdef WOLFSSL_PIC32MZ_HASH
-    hashUpdCache cache; /* cache for updates */
-#endif
-#ifdef WOLFSSL_ASYNC_CRYPT
-    WC_ASYNC_DEV asyncDev;
-#endif /* WOLFSSL_ASYNC_CRYPT */
-#ifdef WOLFSSL_SMALL_STACK_CACHE
-    word32* W;
-#endif
-#ifdef WOLFSSL_DEVCRYPTO_HASH
-    WC_CRYPTODEV ctx;
-    byte*  msg;
-    word32 used;
-    word32 len;
-#endif
-#endif
-} wc_Sha256;
-
-#endif
-
-#endif /* HAVE_FIPS */
-
-WOLFSSL_API int wc_InitSha256(wc_Sha256*);
-WOLFSSL_API int wc_InitSha256_ex(wc_Sha256*, void*, int);
-WOLFSSL_API int wc_Sha256Update(wc_Sha256*, const byte*, word32);
-WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256*, byte*);
-WOLFSSL_API int wc_Sha256Final(wc_Sha256*, byte*);
-WOLFSSL_API void wc_Sha256Free(wc_Sha256*);
-
-WOLFSSL_API int wc_Sha256GetHash(wc_Sha256*, byte*);
-WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst);
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256*, word32);
-#endif
-
-#ifdef WOLFSSL_SHA224
-/* avoid redefinition of structs */
-#if !defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
-
-#ifndef NO_OLD_WC_NAMES
-    #define Sha224             wc_Sha224
-    #define SHA224             WC_SHA224
-    #define SHA224_BLOCK_SIZE  WC_SHA224_BLOCK_SIZE
-    #define SHA224_DIGEST_SIZE WC_SHA224_DIGEST_SIZE
-    #define SHA224_PAD_SIZE    WC_SHA224_PAD_SIZE
-#endif
-
-/* in bytes */
-enum {
-    WC_SHA224              =   WC_HASH_TYPE_SHA224,
-    WC_SHA224_BLOCK_SIZE   =   WC_SHA256_BLOCK_SIZE,
-    WC_SHA224_DIGEST_SIZE  =   28,
-    WC_SHA224_PAD_SIZE     =   WC_SHA256_PAD_SIZE
-};
-
-
-typedef wc_Sha256 wc_Sha224;
-#endif /* HAVE_FIPS */
-
-WOLFSSL_API int wc_InitSha224(wc_Sha224*);
-WOLFSSL_API int wc_InitSha224_ex(wc_Sha224*, void*, int);
-WOLFSSL_API int wc_Sha224Update(wc_Sha224*, const byte*, word32);
-WOLFSSL_API int wc_Sha224Final(wc_Sha224*, byte*);
-WOLFSSL_API void wc_Sha224Free(wc_Sha224*);
-
-WOLFSSL_API int wc_Sha224GetHash(wc_Sha224*, byte*);
-WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst);
-
-#endif /* WOLFSSL_SHA224 */
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* NO_SHA256 */
-#endif /* WOLF_CRYPT_SHA256_H */
-
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h
deleted file mode 100644
index 4fe68a41..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h
+++ /dev/null
@@ -1,758 +0,0 @@
-/* types.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/*!
-    \file wolfssl/wolfcrypt/types.h
-*/
-
-#ifndef WOLF_CRYPT_TYPES_H
-#define WOLF_CRYPT_TYPES_H
-
-    #include <wolfssl/wolfcrypt/settings.h>
-    #include <wolfssl/wolfcrypt/wc_port.h>
-
-    #ifdef __cplusplus
-        extern "C" {
-    #endif
-
-
-    #if defined(WORDS_BIGENDIAN)
-        #define BIG_ENDIAN_ORDER
-    #endif
-
-    #ifndef BIG_ENDIAN_ORDER
-        #define LITTLE_ENDIAN_ORDER
-    #endif
-
-    #ifndef WOLFSSL_TYPES
-        #ifndef byte
-            typedef unsigned char  byte;
-        #endif
-        typedef unsigned short word16;
-        typedef unsigned int   word32;
-        typedef byte           word24[3];
-    #endif
-
-
-    /* try to set SIZEOF_LONG or LONG_LONG if user didn't */
-    #if !defined(_MSC_VER) && !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__)
-        #if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG)
-            #if (defined(__alpha__) || defined(__ia64__) || \
-                defined(_ARCH_PPC64) || defined(__mips64) || \
-                defined(__x86_64__) || \
-                ((defined(sun) || defined(__sun)) && \
-                 (defined(LP64) || defined(_LP64))))
-                /* long should be 64bit */
-                #define SIZEOF_LONG 8
-            #elif defined(__i386__) || defined(__CORTEX_M3__)
-                /* long long should be 64bit */
-                #define SIZEOF_LONG_LONG 8
-            #endif
-         #endif
-    #endif
-
-    #if defined(_MSC_VER) || defined(__BCPLUSPLUS__)
-        #define WORD64_AVAILABLE
-        #define W64LIT(x) x##ui64
-        typedef unsigned __int64 word64;
-    #elif defined(__EMSCRIPTEN__)
-        #define WORD64_AVAILABLE
-        #define W64LIT(x) x##ull
-        typedef unsigned long long word64;
-    #elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8
-        #define WORD64_AVAILABLE
-        #define W64LIT(x) x##LL
-        typedef unsigned long word64;
-    #elif defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8
-        #define WORD64_AVAILABLE
-        #define W64LIT(x) x##LL
-        typedef unsigned long long word64;
-    #elif defined(__SIZEOF_LONG_LONG__) && __SIZEOF_LONG_LONG__ == 8
-        #define WORD64_AVAILABLE
-        #define W64LIT(x) x##LL
-        typedef unsigned long long word64;
-    #endif
-
-#if !defined(NO_64BIT) && defined(WORD64_AVAILABLE)
-    /* These platforms have 64-bit CPU registers.  */
-    #if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \
-         defined(__mips64)  || defined(__x86_64__) || defined(_M_X64)) || \
-         defined(__aarch64__) || defined(__sparc64__)
-        typedef word64 wolfssl_word;
-        #define WC_64BIT_CPU
-    #elif (defined(sun) || defined(__sun)) && \
-          (defined(LP64) || defined(_LP64))
-        /* LP64 with GNU GCC compiler is reserved for when long int is 64 bits
-         * and int uses 32 bits. When using Solaris Studio sparc and __sparc are
-         * available for 32 bit detection but __sparc64__ could be missed. This
-         * uses LP64 for checking 64 bit CPU arch. */
-        typedef word64 wolfssl_word;
-        #define WC_64BIT_CPU
-    #else
-        typedef word32 wolfssl_word;
-        #ifdef WORD64_AVAILABLE
-            #define WOLFCRYPT_SLOW_WORD64
-        #endif
-    #endif
-#else
-        #undef WORD64_AVAILABLE
-        typedef word32 wolfssl_word;
-        #define MP_16BIT  /* for mp_int, mp_word needs to be twice as big as
-                             mp_digit, no 64 bit type so make mp_digit 16 bit */
-#endif
-
-    enum {
-        WOLFSSL_WORD_SIZE  = sizeof(wolfssl_word),
-        WOLFSSL_BIT_SIZE   = 8,
-        WOLFSSL_WORD_BITS  = WOLFSSL_WORD_SIZE * WOLFSSL_BIT_SIZE
-    };
-
-    #define WOLFSSL_MAX_16BIT 0xffffU
-
-    /* use inlining if compiler allows */
-    #ifndef WC_INLINE
-    #ifndef NO_INLINE
-        #ifdef _MSC_VER
-            #define WC_INLINE __inline
-        #elif defined(__GNUC__)
-               #ifdef WOLFSSL_VXWORKS
-                   #define WC_INLINE __inline__
-               #else
-                   #define WC_INLINE inline
-               #endif
-        #elif defined(__IAR_SYSTEMS_ICC__)
-            #define WC_INLINE inline
-        #elif defined(THREADX)
-            #define WC_INLINE _Inline
-        #else
-            #define WC_INLINE
-        #endif
-    #else
-        #define WC_INLINE
-    #endif
-    #endif
-
-    #if defined(HAVE_FIPS) || defined(HAVE_SELFTEST)
-        #define INLINE WC_INLINE
-    #endif
-
-
-    /* set up rotate style */
-    #if (defined(_MSC_VER) || defined(__BCPLUSPLUS__)) && \
-        !defined(WOLFSSL_SGX) && !defined(INTIME_RTOS)
-        #define INTEL_INTRINSICS
-        #define FAST_ROTATE
-    #elif defined(__MWERKS__) && TARGET_CPU_PPC
-        #define PPC_INTRINSICS
-        #define FAST_ROTATE
-    #elif defined(__GNUC__)  && (defined(__i386__) || defined(__x86_64__))
-        /* GCC does peephole optimizations which should result in using rotate
-           instructions  */
-        #define FAST_ROTATE
-    #endif
-
-
-    /* set up thread local storage if available */
-    #ifdef HAVE_THREAD_LS
-        #if defined(_MSC_VER)
-            #define THREAD_LS_T __declspec(thread)
-        /* Thread local storage only in FreeRTOS v8.2.1 and higher */
-        #elif defined(FREERTOS) || defined(FREERTOS_TCP)
-            #define THREAD_LS_T
-        #else
-            #define THREAD_LS_T __thread
-        #endif
-    #else
-        #define THREAD_LS_T
-    #endif
-
-    /* GCC 7 has new switch() fall-through detection */
-    #if defined(__GNUC__)
-        #if ((__GNUC__ > 7) || ((__GNUC__ == 7) && (__GNUC_MINOR__ >= 1)))
-            #define FALL_THROUGH __attribute__ ((fallthrough))
-        #endif
-    #endif
-    #ifndef FALL_THROUGH
-        #define FALL_THROUGH
-    #endif
-
-    /* Micrium will use Visual Studio for compilation but not the Win32 API */
-    #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \
-        !defined(FREERTOS_TCP) && !defined(EBSNET) && \
-        !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS)
-        #define USE_WINDOWS_API
-    #endif
-
-
-    /* idea to add global alloc override by Moises Guimaraes  */
-    /* default to libc stuff */
-    /* XREALLOC is used once in normal math lib, not in fast math lib */
-    /* XFREE on some embedded systems doesn't like free(0) so test  */
-    #if defined(HAVE_IO_POOL)
-        WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type);
-        WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type);
-        WOLFSSL_API void XFREE(void *p, void* heap, int type);
-    #elif defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_INTEL_QA)
-        #include <wolfssl/wolfcrypt/port/intel/quickassist_mem.h>
-        #undef USE_WOLFSSL_MEMORY
-        #ifdef WOLFSSL_DEBUG_MEMORY
-            #define XMALLOC(s, h, t)     IntelQaMalloc((s), (h), (t), __func__, __LINE__)
-            #define XFREE(p, h, t)       IntelQaFree((p), (h), (t), __func__, __LINE__)
-            #define XREALLOC(p, n, h, t) IntelQaRealloc((p), (n), (h), (t), __func__, __LINE__)
-        #else
-            #define XMALLOC(s, h, t)     IntelQaMalloc((s), (h), (t))
-            #define XFREE(p, h, t)       IntelQaFree((p), (h), (t))
-            #define XREALLOC(p, n, h, t) IntelQaRealloc((p), (n), (h), (t))
-        #endif /* WOLFSSL_DEBUG_MEMORY */
-    #elif defined(XMALLOC_USER)
-        /* prototypes for user heap override functions */
-        #include <stddef.h>  /* for size_t */
-        extern void *XMALLOC(size_t n, void* heap, int type);
-        extern void *XREALLOC(void *p, size_t n, void* heap, int type);
-        extern void XFREE(void *p, void* heap, int type);
-    #elif defined(WOLFSSL_MEMORY_LOG)
-        #define XMALLOC(n, h, t)        xmalloc(n, h, t, __func__, __FILE__, __LINE__)
-        #define XREALLOC(p, n, h, t)    xrealloc(p, n, h, t, __func__,  __FILE__, __LINE__)
-        #define XFREE(p, h, t)          xfree(p, h, t, __func__, __FILE__, __LINE__)
-
-        /* prototypes for user heap override functions */
-        #include <stddef.h>  /* for size_t */
-        #include <stdlib.h>
-        extern void *xmalloc(size_t n, void* heap, int type, const char* func,
-              const char* file, unsigned int line);
-        extern void *xrealloc(void *p, size_t n, void* heap, int type,
-              const char* func, const char* file, unsigned int line);
-        extern void xfree(void *p, void* heap, int type, const char* func,
-              const char* file, unsigned int line);
-    #elif defined(XMALLOC_OVERRIDE)
-        /* override the XMALLOC, XFREE and XREALLOC macros */
-    #elif defined(NO_WOLFSSL_MEMORY)
-        /* just use plain C stdlib stuff if desired */
-        #include <stdlib.h>
-        #define XMALLOC(s, h, t)     ((void)h, (void)t, malloc((s)))
-        #define XFREE(p, h, t)       {void* xp = (p); if((xp)) free((xp));}
-        #define XREALLOC(p, n, h, t) realloc((p), (n))
-    #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
-            && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \
-            && !defined(FREESCALE_KSDK_MQX) && !defined(FREESCALE_FREE_RTOS) \
-            && !defined(WOLFSSL_LEANPSK) && !defined(WOLFSSL_uITRON4)
-        /* default C runtime, can install different routines at runtime via cbs */
-        #include <wolfssl/wolfcrypt/memory.h>
-        #ifdef WOLFSSL_STATIC_MEMORY
-            #ifdef WOLFSSL_DEBUG_MEMORY
-                #define XMALLOC(s, h, t)     wolfSSL_Malloc((s), (h), (t), __func__, __LINE__)
-                #define XFREE(p, h, t)       {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t), __func__, __LINE__);}
-                #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__)
-            #else
-                #define XMALLOC(s, h, t)     wolfSSL_Malloc((s), (h), (t))
-                #define XFREE(p, h, t)       {void* xp = (p); if((xp)) wolfSSL_Free((xp), (h), (t));}
-                #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t))
-            #endif /* WOLFSSL_DEBUG_MEMORY */
-        #elif !defined(FREERTOS) && !defined(FREERTOS_TCP)
-            #ifdef WOLFSSL_DEBUG_MEMORY
-                #define XMALLOC(s, h, t)     ((void)h, (void)t, wolfSSL_Malloc((s), __func__, __LINE__))
-                #define XFREE(p, h, t)       {void* xp = (p); if((xp)) wolfSSL_Free((xp), __func__, __LINE__);}
-                #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), __func__, __LINE__)
-            #else
-                #define XMALLOC(s, h, t)     ((void)h, (void)t, wolfSSL_Malloc((s)))
-                #define XFREE(p, h, t)       {void* xp = (p); if((xp)) wolfSSL_Free((xp));}
-                #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n))
-            #endif /* WOLFSSL_DEBUG_MEMORY */
-        #endif /* WOLFSSL_STATIC_MEMORY */
-    #endif
-
-    /* declare/free variable handling for async */
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        #define DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \
-            VAR_TYPE* VAR_NAME = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT);
-        #define DECLARE_VAR_INIT(VAR_NAME, VAR_TYPE, VAR_SIZE, INIT_VALUE, HEAP) \
-            VAR_TYPE* VAR_NAME = ({ \
-                VAR_TYPE* ptr = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
-                if (ptr && INIT_VALUE) { \
-                    XMEMCPY(ptr, INIT_VALUE, sizeof(VAR_TYPE) * VAR_SIZE); \
-                } \
-                ptr; \
-            })
-        #define DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-            VAR_TYPE* VAR_NAME[VAR_ITEMS]; \
-            int idx##VAR_NAME; \
-            for (idx##VAR_NAME=0; idx##VAR_NAME<VAR_ITEMS; idx##VAR_NAME++) { \
-                VAR_NAME[idx##VAR_NAME] = (VAR_TYPE*)XMALLOC(VAR_SIZE, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
-            }
-        #define FREE_VAR(VAR_NAME, HEAP) \
-            XFREE(VAR_NAME, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT);
-        #define FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP) \
-            for (idx##VAR_NAME=0; idx##VAR_NAME<VAR_ITEMS; idx##VAR_NAME++) { \
-                XFREE(VAR_NAME[idx##VAR_NAME], (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \
-            }
-    #else
-        #define DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \
-            VAR_TYPE VAR_NAME[VAR_SIZE]
-        #define DECLARE_VAR_INIT(VAR_NAME, VAR_TYPE, VAR_SIZE, INIT_VALUE, HEAP) \
-            VAR_TYPE* VAR_NAME = (VAR_TYPE*)INIT_VALUE
-        #define DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-            VAR_TYPE VAR_NAME[VAR_ITEMS][VAR_SIZE]
-        #define FREE_VAR(VAR_NAME, HEAP) /* nothing to free, its stack */
-        #define FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP)  /* nothing to free, its stack */
-    #endif
-
-    #if !defined(USE_WOLF_STRTOK) && \
-            ((defined(__MINGW32__) && !defined(__MINGW64_VERSION_MAJOR)) || \
-             defined(WOLFSSL_TIRTOS) || defined(WOLF_C99))
-        #define USE_WOLF_STRTOK
-    #endif
-    #if !defined(USE_WOLF_STRSEP) && (defined(WOLF_C99))
-        #define USE_WOLF_STRSEP
-    #endif
-
-    #ifndef STRING_USER
-        #include <string.h>
-        #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
-        #define XMEMSET(b,c,l)    memset((b),(c),(l))
-        #define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
-        #define XMEMMOVE(d,s,l)   memmove((d),(s),(l))
-
-        #define XSTRLEN(s1)       strlen((s1))
-        #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
-        /* strstr, strncmp, and strncat only used by wolfSSL proper,
-         * not required for wolfCrypt only */
-        #define XSTRSTR(s1,s2)    strstr((s1),(s2))
-        #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
-        #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
-        #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
-
-        #ifdef USE_WOLF_STRSEP
-            #define XSTRSEP(s1,d) wc_strsep((s1),(d))
-        #else
-            #define XSTRSEP(s1,d) strsep((s1),(d))
-        #endif
-
-        #if defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS)
-            /* XC32 does not support strncasecmp, so use case sensitive one */
-            #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n))
-        #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM)
-            #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n))
-        #else
-            #if defined(HAVE_STRINGS_H) && defined(WOLF_C99) && \
-                !defined(WOLFSSL_SGX)
-                #include <strings.h>
-            #endif
-            #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
-        #endif
-
-        /* snprintf is used in asn.c for GetTimeString, PKCS7 test, and when
-           debugging is turned on */
-        #ifndef USE_WINDOWS_API
-            #if defined(NO_FILESYSTEM) && (defined(OPENSSL_EXTRA) || \
-                   defined(HAVE_PKCS7)) && !defined(NO_STDIO_FILESYSTEM)
-                /* case where stdio is not included else where but is needed for
-                 * snprintf */
-                #include <stdio.h>
-            #endif
-            #define XSNPRINTF snprintf
-        #else
-            #define XSNPRINTF _snprintf
-        #endif
-
-        #if defined(WOLFSSL_CERT_EXT) || defined(HAVE_ALPN)
-            /* use only Thread Safe version of strtok */
-            #if defined(USE_WOLF_STRTOK)
-                #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
-            #elif defined(USE_WINDOWS_API) || defined(INTIME_RTOS)
-                #define XSTRTOK(s1,d,ptr) strtok_s((s1),(d),(ptr))
-            #else
-                #define XSTRTOK(s1,d,ptr) strtok_r((s1),(d),(ptr))
-            #endif
-        #endif
-    #endif
-
-    #ifdef USE_WOLF_STRTOK
-        WOLFSSL_API char* wc_strtok(char *str, const char *delim, char **nextp);
-    #endif
-    #ifdef USE_WOLF_STRSEP
-        WOLFSSL_API char* wc_strsep(char **stringp, const char *delim);
-    #endif
-
-    #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
-        !defined(NO_STDIO_FILESYSTEM)
-        #ifndef XGETENV
-            #include <stdlib.h>
-            #define XGETENV getenv
-        #endif
-    #endif /* OPENSSL_EXTRA */
-
-    #ifndef CTYPE_USER
-        #include <ctype.h>
-        #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \
-            defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA)
-            #define XTOUPPER(c)     toupper((c))
-            #define XISALPHA(c)     isalpha((c))
-        #endif
-        /* needed by wolfSSL_check_domain_name() */
-        #define XTOLOWER(c)      tolower((c))
-    #endif
-
-
-    /* memory allocation types for user hints */
-    enum {
-        DYNAMIC_TYPE_CA           = 1,
-        DYNAMIC_TYPE_CERT         = 2,
-        DYNAMIC_TYPE_KEY          = 3,
-        DYNAMIC_TYPE_FILE         = 4,
-        DYNAMIC_TYPE_SUBJECT_CN   = 5,
-        DYNAMIC_TYPE_PUBLIC_KEY   = 6,
-        DYNAMIC_TYPE_SIGNER       = 7,
-        DYNAMIC_TYPE_NONE         = 8,
-        DYNAMIC_TYPE_BIGINT       = 9,
-        DYNAMIC_TYPE_RSA          = 10,
-        DYNAMIC_TYPE_METHOD       = 11,
-        DYNAMIC_TYPE_OUT_BUFFER   = 12,
-        DYNAMIC_TYPE_IN_BUFFER    = 13,
-        DYNAMIC_TYPE_INFO         = 14,
-        DYNAMIC_TYPE_DH           = 15,
-        DYNAMIC_TYPE_DOMAIN       = 16,
-        DYNAMIC_TYPE_SSL          = 17,
-        DYNAMIC_TYPE_CTX          = 18,
-        DYNAMIC_TYPE_WRITEV       = 19,
-        DYNAMIC_TYPE_OPENSSL      = 20,
-        DYNAMIC_TYPE_DSA          = 21,
-        DYNAMIC_TYPE_CRL          = 22,
-        DYNAMIC_TYPE_REVOKED      = 23,
-        DYNAMIC_TYPE_CRL_ENTRY    = 24,
-        DYNAMIC_TYPE_CERT_MANAGER = 25,
-        DYNAMIC_TYPE_CRL_MONITOR  = 26,
-        DYNAMIC_TYPE_OCSP_STATUS  = 27,
-        DYNAMIC_TYPE_OCSP_ENTRY   = 28,
-        DYNAMIC_TYPE_ALTNAME      = 29,
-        DYNAMIC_TYPE_SUITES       = 30,
-        DYNAMIC_TYPE_CIPHER       = 31,
-        DYNAMIC_TYPE_RNG          = 32,
-        DYNAMIC_TYPE_ARRAYS       = 33,
-        DYNAMIC_TYPE_DTLS_POOL    = 34,
-        DYNAMIC_TYPE_SOCKADDR     = 35,
-        DYNAMIC_TYPE_LIBZ         = 36,
-        DYNAMIC_TYPE_ECC          = 37,
-        DYNAMIC_TYPE_TMP_BUFFER   = 38,
-        DYNAMIC_TYPE_DTLS_MSG     = 39,
-        DYNAMIC_TYPE_X509         = 40,
-        DYNAMIC_TYPE_TLSX         = 41,
-        DYNAMIC_TYPE_OCSP         = 42,
-        DYNAMIC_TYPE_SIGNATURE    = 43,
-        DYNAMIC_TYPE_HASHES       = 44,
-        DYNAMIC_TYPE_SRP          = 45,
-        DYNAMIC_TYPE_COOKIE_PWD   = 46,
-        DYNAMIC_TYPE_USER_CRYPTO  = 47,
-        DYNAMIC_TYPE_OCSP_REQUEST = 48,
-        DYNAMIC_TYPE_X509_EXT     = 49,
-        DYNAMIC_TYPE_X509_STORE   = 50,
-        DYNAMIC_TYPE_X509_CTX     = 51,
-        DYNAMIC_TYPE_URL          = 52,
-        DYNAMIC_TYPE_DTLS_FRAG    = 53,
-        DYNAMIC_TYPE_DTLS_BUFFER  = 54,
-        DYNAMIC_TYPE_SESSION_TICK = 55,
-        DYNAMIC_TYPE_PKCS         = 56,
-        DYNAMIC_TYPE_MUTEX        = 57,
-        DYNAMIC_TYPE_PKCS7        = 58,
-        DYNAMIC_TYPE_AES_BUFFER   = 59,
-        DYNAMIC_TYPE_WOLF_BIGINT  = 60,
-        DYNAMIC_TYPE_ASN1         = 61,
-        DYNAMIC_TYPE_LOG          = 62,
-        DYNAMIC_TYPE_WRITEDUP     = 63,
-        DYNAMIC_TYPE_PRIVATE_KEY  = 64,
-        DYNAMIC_TYPE_HMAC         = 65,
-        DYNAMIC_TYPE_ASYNC        = 66,
-        DYNAMIC_TYPE_ASYNC_NUMA   = 67,
-        DYNAMIC_TYPE_ASYNC_NUMA64 = 68,
-        DYNAMIC_TYPE_CURVE25519   = 69,
-        DYNAMIC_TYPE_ED25519      = 70,
-        DYNAMIC_TYPE_SECRET       = 71,
-        DYNAMIC_TYPE_DIGEST       = 72,
-        DYNAMIC_TYPE_RSA_BUFFER   = 73,
-        DYNAMIC_TYPE_DCERT        = 74,
-        DYNAMIC_TYPE_STRING       = 75,
-        DYNAMIC_TYPE_PEM          = 76,
-        DYNAMIC_TYPE_DER          = 77,
-        DYNAMIC_TYPE_CERT_EXT     = 78,
-        DYNAMIC_TYPE_ALPN         = 79,
-        DYNAMIC_TYPE_ENCRYPTEDINFO= 80,
-        DYNAMIC_TYPE_DIRCTX       = 81,
-        DYNAMIC_TYPE_HASHCTX      = 82,
-        DYNAMIC_TYPE_SEED         = 83,
-        DYNAMIC_TYPE_SYMMETRIC_KEY= 84,
-        DYNAMIC_TYPE_ECC_BUFFER   = 85,
-        DYNAMIC_TYPE_QSH          = 86,
-        DYNAMIC_TYPE_SALT         = 87,
-        DYNAMIC_TYPE_HASH_TMP     = 88,
-        DYNAMIC_TYPE_BLOB         = 89,
-        DYNAMIC_TYPE_NAME_ENTRY   = 90,
-    };
-
-    /* max error buffer string size */
-    #ifndef WOLFSSL_MAX_ERROR_SZ
-        #define WOLFSSL_MAX_ERROR_SZ 80
-    #endif
-
-    /* stack protection */
-    enum {
-        MIN_STACK_BUFFER = 8
-    };
-
-
-    /* Algorithm Types */
-    enum wc_AlgoType {
-        WC_ALGO_TYPE_NONE = 0,
-        WC_ALGO_TYPE_HASH = 1,
-        WC_ALGO_TYPE_CIPHER = 2,
-        WC_ALGO_TYPE_PK = 3,
-
-        WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_PK
-    };
-
-    /* hash types */
-    enum wc_HashType {
-    #if defined(HAVE_SELFTEST) || defined(HAVE_FIPS)
-        /* In selftest build, WC_* types are not mapped to WC_HASH_TYPE types.
-         * Values here are based on old selftest hmac.h enum, with additions */
-        WC_HASH_TYPE_NONE = 15,
-        WC_HASH_TYPE_MD2 = 16,
-        WC_HASH_TYPE_MD4 = 17,
-        WC_HASH_TYPE_MD5 = 0,
-        WC_HASH_TYPE_SHA = 1, /* SHA-1 (not old SHA-0) */
-        WC_HASH_TYPE_SHA224 = 8,
-        WC_HASH_TYPE_SHA256 = 2,
-        WC_HASH_TYPE_SHA384 = 5,
-        WC_HASH_TYPE_SHA512 = 4,
-        WC_HASH_TYPE_MD5_SHA = 18,
-        WC_HASH_TYPE_SHA3_224 = 10,
-        WC_HASH_TYPE_SHA3_256 = 11,
-        WC_HASH_TYPE_SHA3_384 = 12,
-        WC_HASH_TYPE_SHA3_512 = 13,
-        WC_HASH_TYPE_BLAKE2B = 14,
-
-        WC_HASH_TYPE_MAX = WC_HASH_TYPE_MD5_SHA
-    #else
-        WC_HASH_TYPE_NONE = 0,
-        WC_HASH_TYPE_MD2 = 1,
-        WC_HASH_TYPE_MD4 = 2,
-        WC_HASH_TYPE_MD5 = 3,
-        WC_HASH_TYPE_SHA = 4, /* SHA-1 (not old SHA-0) */
-        WC_HASH_TYPE_SHA224 = 5,
-        WC_HASH_TYPE_SHA256 = 6,
-        WC_HASH_TYPE_SHA384 = 7,
-        WC_HASH_TYPE_SHA512 = 8,
-        WC_HASH_TYPE_MD5_SHA = 9,
-        WC_HASH_TYPE_SHA3_224 = 10,
-        WC_HASH_TYPE_SHA3_256 = 11,
-        WC_HASH_TYPE_SHA3_384 = 12,
-        WC_HASH_TYPE_SHA3_512 = 13,
-        WC_HASH_TYPE_BLAKE2B = 14,
-
-        WC_HASH_TYPE_MAX = WC_HASH_TYPE_BLAKE2B
-    #endif /* HAVE_SELFTEST */
-    };
-
-    /* cipher types */
-    enum wc_CipherType {
-        WC_CIPHER_NONE = 0,
-        WC_CIPHER_AES = 1,
-        WC_CIPHER_AES_CBC = 2,
-        WC_CIPHER_AES_GCM = 3,
-        WC_CIPHER_AES_CTR = 4,
-        WC_CIPHER_AES_XTS = 5,
-        WC_CIPHER_AES_CFB = 6,
-        WC_CIPHER_DES3 = 7,
-        WC_CIPHER_DES = 8,
-        WC_CIPHER_CHACHA = 9,
-        WC_CIPHER_HC128 = 10,
-        WC_CIPHER_IDEA = 11,
-
-        WC_CIPHER_MAX = WC_CIPHER_HC128
-    };
-
-    /* PK=public key (asymmetric) based algorithms */
-    enum wc_PkType {
-        WC_PK_TYPE_NONE = 0,
-        WC_PK_TYPE_RSA = 1,
-        WC_PK_TYPE_DH = 2,
-        WC_PK_TYPE_ECDH = 3,
-        WC_PK_TYPE_ECDSA_SIGN = 4,
-        WC_PK_TYPE_ECDSA_VERIFY = 5,
-        WC_PK_TYPE_ED25519 = 6,
-        WC_PK_TYPE_CURVE25519 = 7,
-        WC_PK_TYPE_RSA_KEYGEN = 8,
-        WC_PK_TYPE_EC_KEYGEN = 9,
-
-        WC_PK_TYPE_MAX = WC_PK_TYPE_EC_KEYGEN
-    };
-
-
-    /* settings detection for compile vs runtime math incompatibilities */
-    enum {
-    #if !defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG)
-        CTC_SETTINGS = 0x0
-    #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8)
-        CTC_SETTINGS = 0x1
-    #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8)
-        CTC_SETTINGS = 0x2
-    #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4)
-        CTC_SETTINGS = 0x4
-    #elif defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG)
-        CTC_SETTINGS = 0x8
-    #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8)
-        CTC_SETTINGS = 0x10
-    #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8)
-        CTC_SETTINGS = 0x20
-    #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4)
-        CTC_SETTINGS = 0x40
-    #else
-        #error "bad math long / long long settings"
-    #endif
-    };
-
-
-    WOLFSSL_API word32 CheckRunTimeSettings(void);
-
-    /* If user uses RSA, DH, DSA, or ECC math lib directly then fast math and long
-       types need to match at compile time and run time, CheckCtcSettings will
-       return 1 if a match otherwise 0 */
-    #define CheckCtcSettings() (CTC_SETTINGS == CheckRunTimeSettings())
-
-    /* invalid device id */
-    #define INVALID_DEVID    -2
-
-
-    /* AESNI requires alignment and ARMASM gains some performance from it */
-    #if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || defined(USE_INTEL_SPEEDUP)
-        #if !defined(ALIGN16)
-            #if defined(__GNUC__)
-                #define ALIGN16 __attribute__ ( (aligned (16)))
-            #elif defined(_MSC_VER)
-                /* disable align warning, we want alignment ! */
-                #pragma warning(disable: 4324)
-                #define ALIGN16 __declspec (align (16))
-            #else
-                #define ALIGN16
-            #endif
-        #endif /* !ALIGN16 */
-
-        #if !defined (ALIGN32)
-            #if defined (__GNUC__)
-                #define ALIGN32 __attribute__ ( (aligned (32)))
-            #elif defined(_MSC_VER)
-                /* disable align warning, we want alignment ! */
-                #pragma warning(disable: 4324)
-                #define ALIGN32 __declspec (align (32))
-            #else
-                #define ALIGN32
-            #endif
-        #endif
-
-        #if !defined(ALIGN32)
-            #if defined(__GNUC__)
-                #define ALIGN32 __attribute__ ( (aligned (32)))
-            #elif defined(_MSC_VER)
-                /* disable align warning, we want alignment ! */
-                #pragma warning(disable: 4324)
-                #define ALIGN32 __declspec (align (32))
-            #else
-                #define ALIGN32
-            #endif
-        #endif /* !ALIGN32 */
-
-        #if defined(__GNUC__)
-            #define ALIGN128 __attribute__ ( (aligned (128)))
-        #elif defined(_MSC_VER)
-            /* disable align warning, we want alignment ! */
-            #pragma warning(disable: 4324)
-            #define ALIGN128 __declspec (align (128))
-        #else
-            #define ALIGN128
-        #endif
-
-        #if defined(__GNUC__)
-            #define ALIGN256 __attribute__ ( (aligned (256)))
-        #elif defined(_MSC_VER)
-            /* disable align warning, we want alignment ! */
-            #pragma warning(disable: 4324)
-            #define ALIGN256 __declspec (align (256))
-        #else
-            #define ALIGN256
-        #endif
-
-    #else
-        #ifndef ALIGN16
-            #define ALIGN16
-        #endif
-        #ifndef ALIGN32
-            #define ALIGN32
-        #endif
-        #ifndef ALIGN128
-            #define ALIGN128
-        #endif
-        #ifndef ALIGN256
-            #define ALIGN256
-        #endif
-    #endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM */
-
-
-    #ifndef TRUE
-        #define TRUE  1
-    #endif
-    #ifndef FALSE
-        #define FALSE 0
-    #endif
-
-
-    #ifdef WOLFSSL_RIOT_OS
-        #define EXIT_TEST(ret) exit(ret)
-    #elif defined(HAVE_STACK_SIZE)
-        #define EXIT_TEST(ret) return (void*)((size_t)(ret))
-    #else
-        #define EXIT_TEST(ret) return ret
-    #endif
-
-
-    #if defined(__GNUC__)
-        #define WOLFSSL_PACK __attribute__ ((packed))
-    #else
-        #define WOLFSSL_PACK
-    #endif
-
-    #ifndef __GNUC_PREREQ
-        #if defined(__GNUC__) && defined(__GNUC_MINOR__)
-            #define __GNUC_PREREQ(maj, min) \
-                ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
-        #else
-            #define __GNUC_PREREQ(maj, min) (0) /* not GNUC */
-        #endif
-    #endif
-
-    #if defined(__GNUC__)
-        #define WC_NORETURN __attribute__((noreturn))
-    #else
-        #define WC_NORETURN
-    #endif
-
-    #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \
-        defined(WOLFSSL_DEBUG_MATH) || defined(DEBUG_WOLFSSL) || \
-        defined(WOLFSSL_PUBLIC_MP) || defined(OPENSSL_EXTRA) || \
-            (defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT))
-        #undef  WC_MP_TO_RADIX
-        #define WC_MP_TO_RADIX
-    #endif
-
-    #ifdef __cplusplus
-        }   /* extern "C" */
-    #endif
-
-#endif /* WOLF_CRYPT_TYPES_H */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/visibility.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/visibility.h
deleted file mode 100644
index 905d44c5..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/visibility.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/* visibility.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-
-/* Visibility control macros */
-
-#ifndef WOLF_CRYPT_VISIBILITY_H
-#define WOLF_CRYPT_VISIBILITY_H
-
-
-/* for compatibility and so that fips is using same name of macro @wc_fips */
-/* The following visibility wrappers are for old FIPS. New FIPS should use
- * the same as a non-FIPS build. */
-#if defined(HAVE_FIPS) && \
-    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
-    #include <cyassl/ctaocrypt/visibility.h>
-    #define WOLFSSL_API   CYASSL_API
-	#define WOLFSSL_LOCAL CYASSL_LOCAL
-#else
-
-/* WOLFSSL_API is used for the public API symbols.
-        It either imports or exports (or does nothing for static builds)
-
-   WOLFSSL_LOCAL is used for non-API symbols (private).
-*/
-
-#if defined(BUILDING_WOLFSSL)
-    #if defined(_MSC_VER) || defined(__MINGW32__)
-        #if defined(WOLFSSL_DLL)
-            #define WOLFSSL_API __declspec(dllexport)
-        #else
-            #define WOLFSSL_API
-        #endif
-        #define WOLFSSL_LOCAL
-    #elif defined(HAVE_VISIBILITY) && HAVE_VISIBILITY
-        #define WOLFSSL_API   __attribute__ ((visibility("default")))
-        #define WOLFSSL_LOCAL __attribute__ ((visibility("hidden")))
-    #elif defined(__SUNPRO_C) && (__SUNPRO_C >= 0x550)
-        #define WOLFSSL_API   __global
-        #define WOLFSSL_LOCAL __hidden
-    #else
-        #define WOLFSSL_API
-        #define WOLFSSL_LOCAL
-    #endif /* HAVE_VISIBILITY */
-#else /* BUILDING_WOLFSSL */
-    #if defined(_MSC_VER) || defined(__MINGW32__)
-        #if defined(WOLFSSL_DLL)
-            #define WOLFSSL_API __declspec(dllimport)
-        #else
-            #define WOLFSSL_API
-        #endif
-        #define WOLFSSL_LOCAL
-    #else
-        #define WOLFSSL_API
-        #define WOLFSSL_LOCAL
-    #endif
-#endif /* BUILDING_WOLFSSL */
-
-#endif /* HAVE_FIPS */
-#endif /* WOLF_CRYPT_VISIBILITY_H */
-
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h
deleted file mode 100755
index aac872b5..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h
+++ /dev/null
@@ -1,572 +0,0 @@
-/* wc_port.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/*!
-    \file wolfssl/wolfcrypt/wc_port.h
-*/
-
-#ifndef WOLF_CRYPT_PORT_H
-#define WOLF_CRYPT_PORT_H
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/visibility.h>
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-/* Detect if compiler supports C99. "NO_WOLF_C99" can be defined in
- * user_settings.h to disable checking for C99 support. */
-#if !defined(WOLF_C99) && defined(__STDC_VERSION__) && \
-    !defined(WOLFSSL_ARDUINO) && !defined(NO_WOLF_C99)
-    #if __STDC_VERSION__ >= 199901L
-        #define WOLF_C99
-    #endif
-#endif
-
-#ifdef USE_WINDOWS_API
-    #ifdef WOLFSSL_GAME_BUILD
-        #include "system/xtl.h"
-    #else
-        #ifndef WIN32_LEAN_AND_MEAN
-            #define WIN32_LEAN_AND_MEAN
-        #endif
-        #ifndef WOLFSSL_SGX
-            #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
-                /* On WinCE winsock2.h must be included before windows.h */
-                #include <winsock2.h>
-            #endif
-            #include <windows.h>
-        #endif /* WOLFSSL_SGX */
-    #endif
-#elif defined(THREADX)
-    #ifndef SINGLE_THREADED
-        #ifdef NEED_THREADX_TYPES
-            #include <types.h>
-        #endif
-        #include <tx_api.h>
-    #endif
-#elif defined(MICRIUM)
-    /* do nothing, just don't pick Unix */
-#elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS)
-    /* do nothing */
-#elif defined(EBSNET)
-    /* do nothing */
-#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
-    /* do nothing */
-#elif defined(FREESCALE_FREE_RTOS)
-    #include "fsl_os_abstraction.h"
-#elif defined(WOLFSSL_VXWORKS)
-    #include <semLib.h>
-#elif defined(WOLFSSL_uITRON4)
-    #include "stddef.h"
-    #include "kernel.h"
-#elif  defined(WOLFSSL_uTKERNEL2)
-    #include "tk/tkernel.h"
-#elif defined(WOLFSSL_CMSIS_RTOS)
-    #include "cmsis_os.h"
-#elif defined(WOLFSSL_MDK_ARM)
-    #if defined(WOLFSSL_MDK5)
-        #include "cmsis_os.h"
-    #else
-        #include <rtl.h>
-    #endif
-#elif defined(WOLFSSL_CMSIS_RTOS)
-    #include "cmsis_os.h"
-#elif defined(WOLFSSL_TIRTOS)
-    #include <ti/sysbios/BIOS.h>
-    #include <ti/sysbios/knl/Semaphore.h>
-#elif defined(WOLFSSL_FROSTED)
-    #include <semaphore.h>
-#elif defined(INTIME_RTOS)
-    #include <rt.h>
-    #include <io.h>
-#elif defined(WOLFSSL_NUCLEUS_1_2)
-    /* NU_DEBUG needed struct access in nucleus_realloc */
-    #define NU_DEBUG
-    #include "plus/nucleus.h"
-    #include "nucleus.h"
-#elif defined(WOLFSSL_APACHE_MYNEWT)
-    /* do nothing */
-#else
-    #ifndef SINGLE_THREADED
-        #define WOLFSSL_PTHREADS
-        #include <pthread.h>
-    #endif
-    #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
-        #include <unistd.h>      /* for close of BIO */
-    #endif
-#endif
-
-/* For FIPS keep the function names the same */
-#ifdef HAVE_FIPS
-#define wc_InitMutex   InitMutex
-#define wc_FreeMutex   FreeMutex
-#define wc_LockMutex   LockMutex
-#define wc_UnLockMutex UnLockMutex
-#endif /* HAVE_FIPS */
-
-#ifdef SINGLE_THREADED
-    typedef int wolfSSL_Mutex;
-#else /* MULTI_THREADED */
-    /* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */
-    #if defined(FREERTOS)
-        typedef xSemaphoreHandle wolfSSL_Mutex;
-    #elif defined(FREERTOS_TCP)
-        #include "FreeRTOS.h"
-        #include "semphr.h"
-		typedef SemaphoreHandle_t  wolfSSL_Mutex;
-    #elif defined(WOLFSSL_SAFERTOS)
-        typedef struct wolfSSL_Mutex {
-            signed char mutexBuffer[portQUEUE_OVERHEAD_BYTES];
-            xSemaphoreHandle mutex;
-        } wolfSSL_Mutex;
-    #elif defined(USE_WINDOWS_API)
-        typedef CRITICAL_SECTION wolfSSL_Mutex;
-    #elif defined(WOLFSSL_PTHREADS)
-        typedef pthread_mutex_t wolfSSL_Mutex;
-    #elif defined(THREADX)
-        typedef TX_MUTEX wolfSSL_Mutex;
-    #elif defined(MICRIUM)
-        typedef OS_MUTEX wolfSSL_Mutex;
-    #elif defined(EBSNET)
-        typedef RTP_MUTEX wolfSSL_Mutex;
-    #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
-        typedef MUTEX_STRUCT wolfSSL_Mutex;
-    #elif defined(FREESCALE_FREE_RTOS)
-        typedef mutex_t wolfSSL_Mutex;
-    #elif defined(WOLFSSL_VXWORKS)
-        typedef SEM_ID wolfSSL_Mutex;
-    #elif defined(WOLFSSL_uITRON4)
-        typedef struct wolfSSL_Mutex {
-            T_CSEM sem ;
-            ID     id ;
-        } wolfSSL_Mutex;
-    #elif defined(WOLFSSL_uTKERNEL2)
-        typedef struct wolfSSL_Mutex {
-            T_CSEM sem ;
-            ID     id ;
-        } wolfSSL_Mutex;
-    #elif defined(WOLFSSL_MDK_ARM)
-        #if defined(WOLFSSL_CMSIS_RTOS)
-            typedef osMutexId wolfSSL_Mutex;
-        #else
-            typedef OS_MUT wolfSSL_Mutex;
-        #endif
-    #elif defined(WOLFSSL_CMSIS_RTOS)
-        typedef osMutexId wolfSSL_Mutex;
-    #elif defined(WOLFSSL_TIRTOS)
-        typedef ti_sysbios_knl_Semaphore_Handle wolfSSL_Mutex;
-    #elif defined(WOLFSSL_FROSTED)
-        typedef mutex_t * wolfSSL_Mutex;
-    #elif defined(INTIME_RTOS)
-        typedef RTHANDLE wolfSSL_Mutex;
-    #elif defined(WOLFSSL_NUCLEUS_1_2)
-        typedef NU_SEMAPHORE wolfSSL_Mutex;
-    #else
-        #error Need a mutex type in multithreaded mode
-    #endif /* USE_WINDOWS_API */
-#endif /* SINGLE_THREADED */
-
-/* Enable crypt HW mutex for Freescale MMCAU or PIC32MZ */
-#if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ)
-    #ifndef WOLFSSL_CRYPT_HW_MUTEX
-        #define WOLFSSL_CRYPT_HW_MUTEX  1
-    #endif
-#endif /* FREESCALE_MMCAU */
-
-#ifndef WOLFSSL_CRYPT_HW_MUTEX
-    #define WOLFSSL_CRYPT_HW_MUTEX  0
-#endif
-
-#if WOLFSSL_CRYPT_HW_MUTEX
-    /* wolfSSL_CryptHwMutexInit is called on first wolfSSL_CryptHwMutexLock,
-       however it's recommended to call this directly on Hw init to avoid possible
-       race condition where two calls to wolfSSL_CryptHwMutexLock are made at
-       the same time. */
-    int wolfSSL_CryptHwMutexInit(void);
-    int wolfSSL_CryptHwMutexLock(void);
-    int wolfSSL_CryptHwMutexUnLock(void);
-#else
-    /* Define stubs, since HW mutex is disabled */
-    #define wolfSSL_CryptHwMutexInit()      0 /* Success */
-    #define wolfSSL_CryptHwMutexLock()      0 /* Success */
-    #define wolfSSL_CryptHwMutexUnLock()    (void)0 /* Success */
-#endif /* WOLFSSL_CRYPT_HW_MUTEX */
-
-/* Mutex functions */
-WOLFSSL_API int wc_InitMutex(wolfSSL_Mutex*);
-WOLFSSL_API wolfSSL_Mutex* wc_InitAndAllocMutex(void);
-WOLFSSL_API int wc_FreeMutex(wolfSSL_Mutex*);
-WOLFSSL_API int wc_LockMutex(wolfSSL_Mutex*);
-WOLFSSL_API int wc_UnLockMutex(wolfSSL_Mutex*);
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
-/* dynamiclly set which mutex to use. unlock / lock is controlled by flag */
-typedef void (mutex_cb)(int flag, int type, const char* file, int line);
-
-WOLFSSL_API int wc_LockMutex_ex(int flag, int type, const char* file, int line);
-WOLFSSL_API int wc_SetMutexCb(mutex_cb* cb);
-#endif
-
-/* main crypto initialization function */
-WOLFSSL_API int wolfCrypt_Init(void);
-WOLFSSL_API int wolfCrypt_Cleanup(void);
-
-/* filesystem abstraction layer, used by ssl.c */
-#ifndef NO_FILESYSTEM
-
-#if defined(EBSNET)
-    #include "vfapi.h"
-    #include "vfile.h"
-
-    #define XFILE                    int
-    #define XFOPEN(NAME, MODE)       vf_open((const char *)NAME, VO_RDONLY, 0);
-    #define XFSEEK                   vf_lseek
-    #define XFTELL                   vf_tell
-    #define XREWIND                  vf_rewind
-    #define XFREAD(BUF, SZ, AMT, FD) vf_read(FD, BUF, SZ*AMT)
-    #define XFWRITE(BUF, SZ, AMT, FD) vf_write(FD, BUF, SZ*AMT)
-    #define XFCLOSE                  vf_close
-    #define XSEEK_END                VSEEK_END
-    #define XBADFILE                 -1
-    #define XFGETS(b,s,f)            -2 /* Not ported yet */
-#elif defined(LSR_FS)
-    #include <fs.h>
-    #define XFILE                   struct fs_file*
-    #define XFOPEN(NAME, MODE)      fs_open((char*)NAME);
-    #define XFSEEK(F, O, W)         (void)F
-    #define XFTELL(F)               (F)->len
-    #define XREWIND(F)              (void)F
-    #define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT)
-    #define XFWRITE(BUF, SZ, AMT, F) fs_write(F, (char*)BUF, SZ*AMT)
-    #define XFCLOSE                 fs_close
-    #define XSEEK_END               0
-    #define XBADFILE                NULL
-    #define XFGETS(b,s,f)            -2 /* Not ported yet */
-#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
-    #define XFILE                   MQX_FILE_PTR
-    #define XFOPEN                  fopen
-    #define XFSEEK                  fseek
-    #define XFTELL                  ftell
-    #define XREWIND(F)              fseek(F, 0, IO_SEEK_SET)
-    #define XFREAD                  fread
-    #define XFWRITE                 fwrite
-    #define XFCLOSE                 fclose
-    #define XSEEK_END               IO_SEEK_END
-    #define XBADFILE                NULL
-    #define XFGETS                  fgets
-#elif defined(MICRIUM)
-    #include <fs_api.h>
-    #define XFILE      FS_FILE*
-    #define XFOPEN     fs_fopen
-    #define XFSEEK     fs_fseek
-    #define XFTELL     fs_ftell
-    #define XREWIND    fs_rewind
-    #define XFREAD     fs_fread
-    #define XFWRITE    fs_fwrite
-    #define XFCLOSE    fs_fclose
-    #define XSEEK_END  FS_SEEK_END
-    #define XBADFILE   NULL
-    #define XFGETS(b,s,f) -2 /* Not ported yet */
-#elif defined(WOLFSSL_NUCLEUS_1_2)
-    #include "fal/inc/fal.h"
-    #define XFILE      FILE*
-    #define XFOPEN     fopen
-    #define XFSEEK     fseek
-    #define XFTELL     ftell
-    #define XREWIND    rewind
-    #define XFREAD     fread
-    #define XFWRITE    fwrite
-    #define XFCLOSE    fclose
-    #define XSEEK_END  PSEEK_END
-    #define XBADFILE   NULL
-#elif defined(WOLFSSL_APACHE_MYNEWT)
-    #include <fs/fs.h>
-    #define XFILE  struct fs_file*
-
-    #define XFOPEN     mynewt_fopen
-    #define XFSEEK     mynewt_fseek
-    #define XFTELL     mynewt_ftell
-    #define XREWIND    mynewt_rewind
-    #define XFREAD     mynewt_fread
-    #define XFWRITE    mynewt_fwrite
-    #define XFCLOSE    mynewt_fclose
-    #define XSEEK_END  2
-    #define XBADFILE   NULL
-    #define XFGETS(b,s,f) -2 /* Not ported yet */
-#elif defined(WOLFSSL_USER_FILESYSTEM)
-    /* To be defined in user_settings.h */
-#else
-    /* stdio, default case */
-    #include <stdio.h>
-    #define XFILE      FILE*
-    #if defined(WOLFSSL_MDK_ARM)
-        extern FILE * wolfSSL_fopen(const char *name, const char *mode) ;
-        #define XFOPEN     wolfSSL_fopen
-    #else
-        #define XFOPEN     fopen
-    #endif
-    #define XFSEEK     fseek
-    #define XFTELL     ftell
-    #define XREWIND    rewind
-    #define XFREAD     fread
-    #define XFWRITE    fwrite
-    #define XFCLOSE    fclose
-    #define XSEEK_END  SEEK_END
-    #define XBADFILE   NULL
-    #define XFGETS     fgets
-
-    #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\
-        && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
-        #include <dirent.h>
-        #include <unistd.h>
-        #include <sys/stat.h>
-    #endif
-#endif
-
-    #ifndef MAX_FILENAME_SZ
-        #define MAX_FILENAME_SZ  256 /* max file name length */
-    #endif
-    #ifndef MAX_PATH
-        #define MAX_PATH 256
-    #endif
-
-#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_NUCLEUS) && \
-    !defined(WOLFSSL_NUCLEUS_1_2)
-    typedef struct ReadDirCtx {
-    #ifdef USE_WINDOWS_API
-        WIN32_FIND_DATAA FindFileData;
-        HANDLE hFind;
-    #else
-        struct dirent* entry;
-        DIR*   dir;
-        struct stat s;
-    #endif
-        char name[MAX_FILENAME_SZ];
-    } ReadDirCtx;
-
-    #define WC_READDIR_NOFILE -1
-
-    WOLFSSL_API int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name);
-    WOLFSSL_API int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name);
-    WOLFSSL_API void wc_ReadDirClose(ReadDirCtx* ctx);
-#endif /* !NO_WOLFSSL_DIR */
-
-#endif /* !NO_FILESYSTEM */
-
-/* Windows API defines its own min() macro. */
-#if defined(USE_WINDOWS_API)
-    #if defined(min) || defined(WOLFSSL_MYSQL_COMPATIBLE)
-        #define WOLFSSL_HAVE_MIN
-    #endif /* min */
-    #if defined(max) || defined(WOLFSSL_MYSQL_COMPATIBLE)
-        #define WOLFSSL_HAVE_MAX
-    #endif /* max */
-#endif /* USE_WINDOWS_API */
-
-/* Time functions */
-#ifndef NO_ASN_TIME
-#if defined(USER_TIME)
-    /* Use our gmtime and time_t/struct tm types.
-       Only needs seconds since EPOCH using XTIME function.
-       time_t XTIME(time_t * timer) {}
-    */
-    #define WOLFSSL_GMTIME
-    #define USE_WOLF_TM
-    #define USE_WOLF_TIME_T
-
-#elif defined(TIME_OVERRIDES)
-    /* Override XTIME() and XGMTIME() functionality.
-       Requires user to provide these functions:
-        time_t XTIME(time_t * timer) {}
-        struct tm* XGMTIME(const time_t* timer, struct tm* tmp) {}
-    */
-    #ifndef HAVE_TIME_T_TYPE
-        #define USE_WOLF_TIME_T
-    #endif
-    #ifndef HAVE_TM_TYPE
-        #define USE_WOLF_TM
-    #endif
-    #define NEED_TMP_TIME
-
-#elif defined(HAVE_RTP_SYS)
-    #include "os.h"           /* dc_rtc_api needs    */
-    #include "dc_rtc_api.h"   /* to get current time */
-
-    /* uses parital <time.h> structures */
-    #define XTIME(tl)       (0)
-    #define XGMTIME(c, t)   rtpsys_gmtime((c))
-
-#elif defined(MICRIUM)
-    #include <clk.h>
-    #include <time.h>
-    #define XTIME(t1)       micrium_time((t1))
-    #define WOLFSSL_GMTIME
-
-#elif defined(MICROCHIP_TCPIP_V5) || defined(MICROCHIP_TCPIP)
-    #include <time.h>
-    #define XTIME(t1)       pic32_time((t1))
-    #define XGMTIME(c, t)   gmtime((c))
-
-#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
-    #ifdef FREESCALE_MQX_4_0
-        #include <time.h>
-        extern time_t mqx_time(time_t* timer);
-    #else
-        #define HAVE_GMTIME_R
-    #endif
-    #define XTIME(t1)       mqx_time((t1))
-
-#elif defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS) || defined(FREESCALE_KSDK_FREERTOS)
-    #include <time.h>
-    #ifndef XTIME
-        /*extern time_t ksdk_time(time_t* timer);*/
-        #define XTIME(t1)   ksdk_time((t1))
-    #endif
-    #define XGMTIME(c, t)   gmtime((c))
-
-#elif defined(WOLFSSL_ATMEL) && defined(WOLFSSL_ATMEL_TIME)
-    #define XTIME(t1)       atmel_get_curr_time_and_date((t1))
-    #define WOLFSSL_GMTIME
-    #define USE_WOLF_TM
-    #define USE_WOLF_TIME_T
-
-#elif defined(IDIRECT_DEV_TIME)
-    /*Gets the timestamp from cloak software owned by VT iDirect
-    in place of time() from <time.h> */
-    #include <time.h>
-    #define XTIME(t1)       idirect_time((t1))
-    #define XGMTIME(c, t)   gmtime((c))
-
-#elif defined(_WIN32_WCE)
-    #include <windows.h>
-    #define XTIME(t1)       windows_time((t1))
-    #define WOLFSSL_GMTIME
-
-#elif defined(WOLFSSL_APACHE_MYNEWT)
-    #include "os/os_time.h"
-    #define XTIME(t1)       mynewt_time((t1))
-    #define WOLFSSL_GMTIME
-    #define USE_WOLF_TM
-    #define USE_WOLF_TIME_T
-#else
-    /* default */
-    /* uses complete <time.h> facility */
-    #include <time.h>
-    #if defined(HAVE_SYS_TIME_H)
-        #include <sys/time.h>
-    #endif
-
-    /* PowerPC time_t is int */
-    #ifdef __PPC__
-        #define TIME_T_NOT_64BIT
-    #endif
-#endif
-
-#ifdef SIZEOF_TIME_T
-    /* check if size of time_t from autoconf is less than 8 bytes (64bits) */
-    #if SIZEOF_TIME_T < 8
-        #undef  TIME_T_NOT_64BIT
-        #define TIME_T_NOT_64BIT
-    #endif
-#endif
-#ifdef TIME_T_NOT_LONG
-    /* one old reference to TIME_T_NOT_LONG in GCC-ARM example README
-     * this keeps support for the old macro name */
-    #undef TIME_T_NOT_64BIT
-    #define TIME_T_NOT_64BIT
-#endif
-
-/* Map default time functions */
-#if !defined(XTIME) && !defined(TIME_OVERRIDES) && !defined(USER_TIME)
-    #define XTIME(tl)       time((tl))
-#endif
-#if !defined(XGMTIME) && !defined(TIME_OVERRIDES)
-    #if defined(WOLFSSL_GMTIME) || !defined(HAVE_GMTIME_R) || defined(WOLF_C99)
-        #define XGMTIME(c, t)   gmtime((c))
-    #else
-        #define XGMTIME(c, t)   gmtime_r((c), (t))
-        #define NEED_TMP_TIME
-    #endif
-#endif
-#if !defined(XVALIDATE_DATE) && !defined(HAVE_VALIDATE_DATE)
-    #define USE_WOLF_VALIDDATE
-    #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
-#endif
-
-/* wolf struct tm and time_t */
-#if defined(USE_WOLF_TM)
-    struct tm {
-        int  tm_sec;     /* seconds after the minute [0-60] */
-        int  tm_min;     /* minutes after the hour [0-59] */
-        int  tm_hour;    /* hours since midnight [0-23] */
-        int  tm_mday;    /* day of the month [1-31] */
-        int  tm_mon;     /* months since January [0-11] */
-        int  tm_year;    /* years since 1900 */
-        int  tm_wday;    /* days since Sunday [0-6] */
-        int  tm_yday;    /* days since January 1 [0-365] */
-        int  tm_isdst;   /* Daylight Savings Time flag */
-        long tm_gmtoff;  /* offset from CUT in seconds */
-        char *tm_zone;   /* timezone abbreviation */
-    };
-#endif /* USE_WOLF_TM */
-#if defined(USE_WOLF_TIME_T)
-    typedef long time_t;
-#endif
-#if defined(USE_WOLF_SUSECONDS_T)
-    typedef long suseconds_t;
-#endif
-#if defined(USE_WOLF_TIMEVAL_T)
-    struct timeval
-    {
-        time_t tv_sec;
-        suseconds_t tv_usec;
-    };
-#endif
-
-    /* forward declarations */
-#if defined(USER_TIME)
-    struct tm* gmtime(const time_t* timer);
-    extern time_t XTIME(time_t * timer);
-
-    #ifdef STACK_TRAP
-        /* for stack trap tracking, don't call os gmtime on OS X/linux,
-           uses a lot of stack spce */
-        extern time_t time(time_t * timer);
-        #define XTIME(tl)  time((tl))
-    #endif /* STACK_TRAP */
-
-#elif defined(TIME_OVERRIDES)
-    extern time_t XTIME(time_t * timer);
-    extern struct tm* XGMTIME(const time_t* timer, struct tm* tmp);
-#elif defined(WOLFSSL_GMTIME)
-    struct tm* gmtime(const time_t* timer);
-#endif
-#endif /* NO_ASN_TIME */
-
-#ifndef WOLFSSL_LEANPSK
-    char* mystrnstr(const char* s1, const char* s2, unsigned int n);
-#endif
-
-#ifndef FILE_BUFFER_SIZE
-    #define FILE_BUFFER_SIZE 1024     /* default static file buffer size for input,
-                                    will use dynamic buffer if not big enough */
-#endif
-
-
-#ifdef __cplusplus
-    }  /* extern "C" */
-#endif
-
-#endif /* WOLF_CRYPT_PORT_H */
-
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfmath.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfmath.h
deleted file mode 100644
index 5699be6f..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfmath.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/* wolfmath.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-#if defined(HAVE_WOLF_BIGINT) && !defined(WOLF_BIGINT_DEFINED)
-    /* raw big integer */
-    typedef struct WC_BIGINT {
-        byte*   buf;
-        word32  len;
-        void*   heap;
-    } WC_BIGINT;
-
-    #define WOLF_BIGINT_DEFINED
-#endif
-
-
-/* only define functions if mp_int has been declared */
-#ifdef MP_INT_DEFINED
-
-#ifndef __WOLFMATH_H__
-#define __WOLFMATH_H__
-
-    /* timing resistance array */
-    #if !defined(WC_NO_CACHE_RESISTANT) && \
-        ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \
-         (defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))
-
-        extern const wolfssl_word wc_off_on_addr[2];
-    #endif
-
-    /* common math functions */
-    int get_digit_count(mp_int* a);
-    mp_digit get_digit(mp_int* a, int n);
-    int get_rand_digit(WC_RNG* rng, mp_digit* d);
-    int mp_rand(mp_int* a, int digits, WC_RNG* rng);
-
-    enum {
-        /* format type */
-        WC_TYPE_HEX_STR = 1,
-        WC_TYPE_UNSIGNED_BIN = 2,
-    };
-
-    WOLFSSL_API int wc_export_int(mp_int* mp, byte* buf, word32* len, 
-        word32 keySz, int encType);
-
-    #ifdef HAVE_WOLF_BIGINT
-        void wc_bigint_init(WC_BIGINT* a);
-        int wc_bigint_alloc(WC_BIGINT* a, word32 sz);
-        int wc_bigint_from_unsigned_bin(WC_BIGINT* a, const byte* in, word32 inlen);
-        int wc_bigint_to_unsigned_bin(WC_BIGINT* a, byte* out, word32* outlen);
-        void wc_bigint_zero(WC_BIGINT* a);
-        void wc_bigint_free(WC_BIGINT* a);
-
-        int wc_mp_to_bigint(mp_int* src, WC_BIGINT* dst);
-        int wc_mp_to_bigint_sz(mp_int* src, WC_BIGINT* dst, word32 sz);
-        int wc_bigint_to_mp(WC_BIGINT* src, mp_int* dst);
-    #endif /* HAVE_WOLF_BIGINT */
-
-#endif /* __WOLFMATH_H__ */
-
-#endif /* MP_INT_DEFINED */
diff --git a/components/ssl/wolfssl/wolfssl/wolfssl/wolfio.h b/components/ssl/wolfssl/wolfssl/wolfssl/wolfio.h
deleted file mode 100644
index 6993bd07..00000000
--- a/components/ssl/wolfssl/wolfssl/wolfssl/wolfio.h
+++ /dev/null
@@ -1,514 +0,0 @@
-/* io.h
- *
- * Copyright (C) 2006-2018 wolfSSL Inc.  All rights reserved.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is distributed in binary form as licensed by Espressif Systems.
- * See README file or contact licensing@wolfssl.com with any questions or comments.
- *
- * https://www.wolfssl.com
- */
-
-
-/*!
-    \file wolfssl/wolfio.h   
-*/
-
-#ifndef WOLFSSL_IO_H
-#define WOLFSSL_IO_H
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-/* Micrium uses NetSock I/O callbacks in wolfio.c */
-#if !defined(WOLFSSL_USER_IO)
-    /* OCSP and CRL_IO require HTTP client */
-    #if defined(HAVE_OCSP) || defined(HAVE_CRL_IO)
-        #ifndef HAVE_HTTP_CLIENT
-            #define HAVE_HTTP_CLIENT
-        #endif
-    #endif
-#endif
-
-#if !defined(WOLFSSL_USER_IO)
-    /* Micrium uses NetSock I/O callbacks in wolfio.c */
-    #if !defined(USE_WOLFSSL_IO) && !defined(MICRIUM) && !defined(WOLFSSL_CONTIKI)
-        #define USE_WOLFSSL_IO
-    #endif
-#endif
-
-
-#if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT)
-
-#ifdef HAVE_LIBZ
-    #include "zlib.h"
-#endif
-
-#ifndef USE_WINDOWS_API
-    #if defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT)
-        /* lwIP needs to be configured to use sockets API in this mode */
-        /* LWIP_SOCKET 1 in lwip/opt.h or in build */
-        #include "lwip/sockets.h"
-        #ifndef LWIP_PROVIDE_ERRNO
-            #include <errno.h>
-            #define LWIP_PROVIDE_ERRNO 1
-        #endif
-    #elif defined(FREESCALE_MQX)
-        #include <posix.h>
-        #include <rtcs.h>
-    #elif defined(FREESCALE_KSDK_MQX)
-        #include <rtcs.h>
-    #elif (defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET))
-        #include "cmsis_os.h"
-        #include "rl_net.h"
-        #include "errno.h"
-    #elif defined(WOLFSSL_CMSIS_RTOS)
-        #include "cmsis_os.h"
-    #elif defined(WOLFSSL_TIRTOS)
-        #include <sys/socket.h>
-    #elif defined(FREERTOS_TCP)
-        #include "FreeRTOS_Sockets.h"
-    #elif defined(WOLFSSL_IAR_ARM)
-        /* nothing */
-    #elif defined(WOLFSSL_VXWORKS)
-        #include <sockLib.h>
-        #include <errno.h>
-    #elif defined(WOLFSSL_NUCLEUS_1_2)
-        #include <externs.h>
-        #include <errno.h>
-    #elif defined(WOLFSSL_ATMEL)
-        #include "socket/include/socket.h"
-    #elif defined(INTIME_RTOS)
-        #undef MIN
-        #undef MAX
-        #include <rt.h>
-        #include <sys/types.h>
-        #include <sys/socket.h>
-        #include <netdb.h>
-        #include <netinet/in.h>
-        #include <io.h>
-        /* <sys/socket.h> defines these, to avoid conflict, do undef */
-        #undef SOCKADDR
-        #undef SOCKADDR_IN
-    #elif defined(WOLFSSL_PRCONNECT_PRO)
-        #include <prconnect_pro/prconnect_pro.h>
-        #include <sys/types.h>
-        #include <errno.h>
-        #include <unistd.h>
-        #include <fcntl.h>
-        #include <netdb.h>
-        #include <sys/ioctl.h>
-    #elif defined(WOLFSSL_SGX)
-        #include <errno.h>
-    #elif defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
-        #include <mn_socket/mn_socket.h>
-    #elif !defined(WOLFSSL_NO_SOCK)
-        #include <sys/types.h>
-        #include <errno.h>
-        #ifndef EBSNET
-            #include <unistd.h>
-        #endif
-        #include <fcntl.h>
-
-        #if defined(HAVE_RTP_SYS)
-            #include <socket.h>
-        #elif defined(EBSNET)
-            #include "rtipapi.h"  /* errno */
-            #include "socket.h"
-        #elif !defined(DEVKITPRO) && !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_CONTIKI)
-            #include <sys/socket.h>
-            #include <arpa/inet.h>
-            #include <netinet/in.h>
-            #include <netdb.h>
-            #ifdef __PPU
-                #include <netex/errno.h>
-            #else
-                #include <sys/ioctl.h>
-            #endif
-        #endif
-    #endif
-#endif /* USE_WINDOWS_API */
-
-#ifdef __sun
-    #include <sys/filio.h>
-#endif
-
-#ifdef USE_WINDOWS_API
-    /* no epipe yet */
-    #ifndef WSAEPIPE
-        #define WSAEPIPE       -12345
-    #endif
-    #define SOCKET_EWOULDBLOCK WSAEWOULDBLOCK
-    #define SOCKET_EAGAIN      WSAETIMEDOUT
-    #define SOCKET_ECONNRESET  WSAECONNRESET
-    #define SOCKET_EINTR       WSAEINTR
-    #define SOCKET_EPIPE       WSAEPIPE
-    #define SOCKET_ECONNREFUSED WSAENOTCONN
-    #define SOCKET_ECONNABORTED WSAECONNABORTED
-#elif defined(__PPU)
-    #define SOCKET_EWOULDBLOCK SYS_NET_EWOULDBLOCK
-    #define SOCKET_EAGAIN      SYS_NET_EAGAIN
-    #define SOCKET_ECONNRESET  SYS_NET_ECONNRESET
-    #define SOCKET_EINTR       SYS_NET_EINTR
-    #define SOCKET_EPIPE       SYS_NET_EPIPE
-    #define SOCKET_ECONNREFUSED SYS_NET_ECONNREFUSED
-    #define SOCKET_ECONNABORTED SYS_NET_ECONNABORTED
-#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
-    #if MQX_USE_IO_OLD
-        /* RTCS old I/O doesn't have an EWOULDBLOCK */
-        #define SOCKET_EWOULDBLOCK  EAGAIN
-        #define SOCKET_EAGAIN       EAGAIN
-        #define SOCKET_ECONNRESET   RTCSERR_TCP_CONN_RESET
-        #define SOCKET_EINTR        EINTR
-        #define SOCKET_EPIPE        EPIPE
-        #define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED
-        #define SOCKET_ECONNABORTED RTCSERR_TCP_CONN_ABORTED
-    #else
-        #define SOCKET_EWOULDBLOCK  NIO_EWOULDBLOCK
-        #define SOCKET_EAGAIN       NIO_EAGAIN
-        #define SOCKET_ECONNRESET   NIO_ECONNRESET
-        #define SOCKET_EINTR        NIO_EINTR
-        #define SOCKET_EPIPE        NIO_EPIPE
-        #define SOCKET_ECONNREFUSED NIO_ECONNREFUSED
-        #define SOCKET_ECONNABORTED NIO_ECONNABORTED
-    #endif
-#elif defined(WOLFSSL_MDK_ARM)|| defined(WOLFSSL_KEIL_TCP_NET)
-        #define SOCKET_EWOULDBLOCK BSD_ERROR_WOULDBLOCK
-        #define SOCKET_EAGAIN      BSD_ERROR_LOCKED
-        #define SOCKET_ECONNRESET  BSD_ERROR_CLOSED
-        #define SOCKET_EINTR       BSD_ERROR
-        #define SOCKET_EPIPE       BSD_ERROR
-        #define SOCKET_ECONNREFUSED BSD_ERROR
-        #define SOCKET_ECONNABORTED BSD_ERROR
-#elif defined(WOLFSSL_PICOTCP)
-    #define SOCKET_EWOULDBLOCK  PICO_ERR_EAGAIN
-    #define SOCKET_EAGAIN       PICO_ERR_EAGAIN
-    #define SOCKET_ECONNRESET   PICO_ERR_ECONNRESET
-    #define SOCKET_EINTR        PICO_ERR_EINTR
-    #define SOCKET_EPIPE        PICO_ERR_EIO
-    #define SOCKET_ECONNREFUSED PICO_ERR_ECONNREFUSED
-    #define SOCKET_ECONNABORTED PICO_ERR_ESHUTDOWN
-#elif defined(FREERTOS_TCP)
-    #define SOCKET_EWOULDBLOCK FREERTOS_EWOULDBLOCK
-    #define SOCKET_EAGAIN       FREERTOS_EWOULDBLOCK
-    #define SOCKET_ECONNRESET   FREERTOS_SOCKET_ERROR
-    #define SOCKET_EINTR        FREERTOS_SOCKET_ERROR
-    #define SOCKET_EPIPE        FREERTOS_SOCKET_ERROR
-    #define SOCKET_ECONNREFUSED FREERTOS_SOCKET_ERROR
-    #define SOCKET_ECONNABORTED FREERTOS_SOCKET_ERROR
-#elif defined(WOLFSSL_NUCLEUS_1_2)
-    #define SOCKET_EWOULDBLOCK  NU_WOULD_BLOCK
-    #define SOCKET_EAGAIN       NU_WOULD_BLOCK
-    #define SOCKET_ECONNRESET   NU_NOT_CONNECTED
-    #define SOCKET_EINTR        NU_NOT_CONNECTED
-    #define SOCKET_EPIPE        NU_NOT_CONNECTED
-    #define SOCKET_ECONNREFUSED NU_CONNECTION_REFUSED
-    #define SOCKET_ECONNABORTED NU_NOT_CONNECTED
-#else
-    #define SOCKET_EWOULDBLOCK EWOULDBLOCK
-    #define SOCKET_EAGAIN      EAGAIN
-    #define SOCKET_ECONNRESET  ECONNRESET
-    #define SOCKET_EINTR       EINTR
-    #define SOCKET_EPIPE       EPIPE
-    #define SOCKET_ECONNREFUSED ECONNREFUSED
-    #define SOCKET_ECONNABORTED ECONNABORTED
-#endif /* USE_WINDOWS_API */
-
-
-
-
-#ifdef DEVKITPRO
-    /* from network.h */
-    int net_send(int, const void*, int, unsigned int);
-    int net_recv(int, void*, int, unsigned int);
-    #define SEND_FUNCTION net_send
-    #define RECV_FUNCTION net_recv
-#elif defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT)
-    #define SEND_FUNCTION lwip_send
-    #define RECV_FUNCTION lwip_recv
-#elif defined(WOLFSSL_PICOTCP)
-    #define SEND_FUNCTION pico_send
-    #define RECV_FUNCTION pico_recv
-#elif defined(FREERTOS_TCP)
-    #define RECV_FUNCTION(a,b,c,d)  FreeRTOS_recv((Socket_t)(a),(void*)(b), (size_t)(c), (BaseType_t)(d))
-    #define SEND_FUNCTION(a,b,c,d)  FreeRTOS_send((Socket_t)(a),(void*)(b), (size_t)(c), (BaseType_t)(d))
-#elif defined(WOLFSSL_VXWORKS)
-    #define SEND_FUNCTION send
-    #define RECV_FUNCTION recv
-#elif defined(WOLFSSL_NUCLEUS_1_2)
-    #define SEND_FUNCTION NU_Send
-    #define RECV_FUNCTION NU_Recv
-#else
-    #define SEND_FUNCTION send
-    #define RECV_FUNCTION recv
-    #if !defined(HAVE_SOCKADDR) && !defined(WOLFSSL_NO_SOCK)
-        #define HAVE_SOCKADDR
-    #endif
-#endif
-
-#ifdef USE_WINDOWS_API
-    typedef unsigned int SOCKET_T;
-#else
-    typedef int SOCKET_T;
-#endif
-
-#ifndef WOLFSSL_NO_SOCK
-    #ifndef XSOCKLENT
-        #ifdef USE_WINDOWS_API
-            #define XSOCKLENT int
-        #else
-            #define XSOCKLENT socklen_t
-        #endif
-    #endif
-
-    /* Socket Addr Support */
-    #ifdef HAVE_SOCKADDR
-        typedef struct sockaddr         SOCKADDR;
-        typedef struct sockaddr_storage SOCKADDR_S;
-        typedef struct sockaddr_in      SOCKADDR_IN;
-        #ifdef WOLFSSL_IPV6
-            typedef struct sockaddr_in6 SOCKADDR_IN6;
-        #endif
-        typedef struct hostent          HOSTENT;
-    #endif /* HAVE_SOCKADDR */
-
-    /* use gethostbyname for c99 */
-    #ifdef WOLF_C99
-        #undef HAVE_GETADDRINFO
-    #endif
-
-    #ifdef HAVE_GETADDRINFO
-        typedef struct addrinfo         ADDRINFO;
-    #endif
-#endif /* WOLFSSL_NO_SOCK */
-
-
-/* IO API's */
-#ifdef HAVE_IO_TIMEOUT
-    WOLFSSL_API  int wolfIO_SetBlockingMode(SOCKET_T sockfd, int non_blocking);
-    WOLFSSL_API void wolfIO_SetTimeout(int to_sec);
-    WOLFSSL_API  int wolfIO_Select(SOCKET_T sockfd, int to_sec);
-#endif
-WOLFSSL_API  int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip,
-    unsigned short port, int to_sec);
-WOLFSSL_API  int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags);
-WOLFSSL_API  int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags);
-
-#endif /* USE_WOLFSSL_IO || HAVE_HTTP_CLIENT */
-
-
-#ifdef USE_WINDOWS_API
-    #ifndef CloseSocket
-        #define CloseSocket(s) closesocket(s)
-    #endif
-    #define StartTCP() { WSADATA wsd; WSAStartup(0x0002, &wsd); }
-#elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
-    #ifndef CloseSocket
-        extern int closesocket(int);
-        #define CloseSocket(s) closesocket(s)
-    #endif
-    #define StartTCP()
-#else
-    #ifndef CloseSocket
-        #define CloseSocket(s) close(s)
-    #endif
-    #define StartTCP()
-    #ifdef FREERTOS_TCP_WINSIM
-        extern int close(int);
-    #endif
-#endif
-
-
-WOLFSSL_API int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx);
-WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
-#if defined(USE_WOLFSSL_IO)
-    /* default IO callbacks */
-    WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
-    WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
-
-    #ifdef WOLFSSL_DTLS
-        WOLFSSL_API int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*);
-        WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
-        WOLFSSL_API int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf,
-                                           int sz, void*);
-        #ifdef WOLFSSL_MULTICAST
-            WOLFSSL_API int EmbedReceiveFromMcast(WOLFSSL* ssl,
-                                                  char* buf, int sz, void*);
-        #endif /* WOLFSSL_MULTICAST */
-        #ifdef WOLFSSL_SESSION_EXPORT
-            WOLFSSL_API int EmbedGetPeer(WOLFSSL* ssl, char* ip, int* ipSz,
-                                                unsigned short* port, int* fam);
-            WOLFSSL_API int EmbedSetPeer(WOLFSSL* ssl, char* ip, int ipSz,
-                                                  unsigned short port, int fam);
-        #endif /* WOLFSSL_SESSION_EXPORT */
-    #endif /* WOLFSSL_DTLS */
-#endif /* USE_WOLFSSL_IO */
-
-#ifdef HAVE_OCSP
-    WOLFSSL_API int wolfIO_HttpBuildRequestOcsp(const char* domainName,
-        const char* path, int ocspReqSz, unsigned char* buf, int bufSize);
-    WOLFSSL_API int wolfIO_HttpProcessResponseOcsp(int sfd,
-        unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
-        void* heap);
-
-    WOLFSSL_API int EmbedOcspLookup(void*, const char*, int, unsigned char*,
-                                   int, unsigned char**);
-    WOLFSSL_API void EmbedOcspRespFree(void*, unsigned char*);
-#endif
-
-#ifdef HAVE_CRL_IO
-    WOLFSSL_API int wolfIO_HttpBuildRequestCrl(const char* url, int urlSz,
-        const char* domainName, unsigned char* buf, int bufSize);
-    WOLFSSL_API int wolfIO_HttpProcessResponseCrl(WOLFSSL_CRL* crl, int sfd,
-        unsigned char* httpBuf, int httpBufSz);
-
-    WOLFSSL_API int EmbedCrlLookup(WOLFSSL_CRL* crl, const char* url,
-        int urlSz);
-#endif
-
-
-#if defined(HAVE_HTTP_CLIENT)
-    WOLFSSL_API  int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName,
-        char* outPath, unsigned short* outPort);
-
-    WOLFSSL_API  int wolfIO_HttpBuildRequest(const char* reqType,
-        const char* domainName, const char* path, int pathLen, int reqSz,
-        const char* contentType, unsigned char* buf, int bufSize);
-    WOLFSSL_API  int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
-        unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz,
-        int dynType, void* heap);
-#endif /* HAVE_HTTP_CLIENT */
-
-
-/* I/O callbacks */
-typedef int (*CallbackIORecv)(WOLFSSL *ssl, char *buf, int sz, void *ctx);
-typedef int (*CallbackIOSend)(WOLFSSL *ssl, char *buf, int sz, void *ctx);
-WOLFSSL_API void wolfSSL_CTX_SetIORecv(WOLFSSL_CTX*, CallbackIORecv);
-WOLFSSL_API void wolfSSL_CTX_SetIOSend(WOLFSSL_CTX*, CallbackIOSend);
-/* deprecated old name */
-#define wolfSSL_SetIORecv wolfSSL_CTX_SetIORecv
-#define wolfSSL_SetIOSend wolfSSL_CTX_SetIOSend
-
-WOLFSSL_API void wolfSSL_SetIOReadCtx( WOLFSSL* ssl, void *ctx);
-WOLFSSL_API void wolfSSL_SetIOWriteCtx(WOLFSSL* ssl, void *ctx);
-
-WOLFSSL_API void* wolfSSL_GetIOReadCtx( WOLFSSL* ssl);
-WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl);
-
-WOLFSSL_API void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags);
-WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
-
-
-#ifdef HAVE_NETX
-    WOLFSSL_LOCAL int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx);
-    WOLFSSL_LOCAL int NetX_Send(WOLFSSL *ssl, char *buf, int sz, void *ctx);
-
-    WOLFSSL_API void wolfSSL_SetIO_NetX(WOLFSSL* ssl, NX_TCP_SOCKET* nxsocket,
-                                      ULONG waitoption);
-#endif /* HAVE_NETX */
-
-#ifdef MICRIUM
-    WOLFSSL_LOCAL int MicriumSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
-    WOLFSSL_LOCAL int MicriumReceive(WOLFSSL* ssl, char* buf, int sz,
-                                     void* ctx);
-    WOLFSSL_LOCAL int MicriumReceiveFrom(WOLFSSL* ssl, char* buf, int sz,
-                                         void* ctx);
-    WOLFSSL_LOCAL int MicriumSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
-#endif /* MICRIUM */
-
-#if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
-    WOLFSSL_LOCAL int Mynewt_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx);
-    WOLFSSL_LOCAL int Mynewt_Send(WOLFSSL* ssl, char *buf, int sz, void *ctx);
-    WOLFSSL_API void wolfSSL_SetIO_Mynewt(WOLFSSL* ssl, struct mn_socket* mnSocket,
-                                          struct mn_sockaddr_in* mnSockAddrIn);
-#endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */
-
-#ifdef WOLFSSL_UIP
-
-    struct uip_wolfssl_ctx {
-        union socket_connector {
-            struct tcp_socket tcp;
-            struct udp_socket udp;
-        } conn;
-        WOLFSSL_CTX *ctx;
-        WOLFSSL *ssl;
-        uint8_t *input_databuf;
-        uint8_t *output_databuf;
-        uint8_t *ssl_rx_databuf;
-        int ssl_rb_len;
-        int ssl_rb_off;
-        struct process *process;
-        tcp_socket_data_callback_t input_callback;
-        tcp_socket_event_callback_t event_callback;
-        int closing;
-        uip_ipaddr_t peer_addr;
-        uint16_t peer_port;
-    };
-
-    typedef struct uip_wolfssl_ctx uip_wolfssl_ctx;
-
-    WOLFSSL_LOCAL int uIPSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
-    WOLFSSL_LOCAL int uIPReceive(WOLFSSL* ssl, char* buf, int sz,
-                                     void* ctx);
-    WOLFSSL_LOCAL int uIPReceiveFrom(WOLFSSL* ssl, char* buf, int sz,
-                                         void* ctx);
-    WOLFSSL_LOCAL int uIPSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
-
-#endif
-
-#ifdef WOLFSSL_DTLS
-    typedef int (*CallbackGenCookie)(WOLFSSL* ssl, unsigned char* buf, int sz,
-                                     void* ctx);
-    WOLFSSL_API void  wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX*, CallbackGenCookie);
-    WOLFSSL_API void  wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx);
-    WOLFSSL_API void* wolfSSL_GetCookieCtx(WOLFSSL* ssl);
-
-    #ifdef WOLFSSL_SESSION_EXPORT
-        typedef int (*CallbackGetPeer)(WOLFSSL* ssl, char* ip, int* ipSz,
-                                            unsigned short* port, int* fam);
-        typedef int (*CallbackSetPeer)(WOLFSSL* ssl, char* ip, int ipSz,
-                                              unsigned short port, int fam);
-
-        WOLFSSL_API void wolfSSL_CTX_SetIOGetPeer(WOLFSSL_CTX*, CallbackGetPeer);
-        WOLFSSL_API void wolfSSL_CTX_SetIOSetPeer(WOLFSSL_CTX*, CallbackSetPeer);
-    #endif /* WOLFSSL_SESSION_EXPORT */
-#endif
-
-
-
-#ifndef XINET_NTOP
-    #define XINET_NTOP(a,b,c,d) inet_ntop((a),(b),(c),(d))
-    #ifdef USE_WINDOWS_API /* Windows-friendly definition */
-        #undef  XINET_NTOP
-        #define XINET_NTOP(a,b,c,d) InetNtop((a),(b),(c),(d))
-    #endif
-#endif
-#ifndef XINET_PTON
-    #define XINET_PTON(a,b,c)   inet_pton((a),(b),(c))
-    #ifdef USE_WINDOWS_API /* Windows-friendly definition */
-        #undef  XINET_PTON
-        #define XINET_PTON(a,b,c)   InetPton((a),(b),(c))
-    #endif
-#endif
-#ifndef XHTONS
-    #define XHTONS(a) htons((a))
-#endif
-#ifndef XNTOHS
-    #define XNTOHS(a) ntohs((a))
-#endif
-
-#ifndef WOLFSSL_IP4
-    #define WOLFSSL_IP4 AF_INET
-#endif
-#ifndef WOLFSSL_IP6
-    #define WOLFSSL_IP6 AF_INET6
-#endif
-
-
-#ifdef __cplusplus
-    }  /* extern "C" */
-#endif
-
-#endif /* WOLFSSL_IO_H */

From 5f2b5eafcfeb975a560f80e657e21f9b292f9156 Mon Sep 17 00:00:00 2001
From: dongheng <Dong Heng>
Date: Thu, 19 Sep 2019 11:49:42 +0800
Subject: [PATCH 2/3] feat(mbedtls): modify code to support ESP8266

It is that maybe less modification working on the components is better, so I just modified the platform
code of AES, SHA and so on.

ESP8266 has no real hardware AES, SHA or bignum peripheral, but some method can speed up the process of part
of upper algorithm, so I also added the platform code of AES, SHA, bignum, ARC, MD5.

ESP8266 has no platform of bignum, so users should not enable the bignum hardware at "menuconfig".
---
 components/aws_iot/CMakeLists.txt             |   2 +-
 components/bootloader_support/CMakeLists.txt  |   2 +-
 components/esp-tls/CMakeLists.txt             |   2 +-
 components/esp8266/CMakeLists.txt             |   1 +
 components/esp8266/include/esp_system.h       |  10 +
 components/esp8266/source/hw_random.c         |  33 +
 components/esp_http_client/CMakeLists.txt     |   2 +-
 components/heap/include/esp_heap_caps.h       |   2 +
 components/libsodium/CMakeLists.txt           |   2 +-
 components/mbedtls/CMakeLists.txt             |  25 +-
 components/mbedtls/Kconfig                    |   2 +-
 components/mbedtls/component.mk               |   4 +-
 components/mbedtls/port/esp32/aes.c           | 768 ------------------
 components/mbedtls/port/esp32/sha.c           | 314 -------
 components/mbedtls/port/esp8266/aes.c         | 181 +++++
 .../mbedtls/port/esp8266/include/aes_alt.h    |  45 +
 .../mbedtls/port/esp8266/include/arc4_alt.h   |  46 ++
 .../mbedtls/port/esp8266/include/md5_alt.h    |  51 ++
 .../port/{ => esp8266}/include/sha1_alt.h     |  23 +-
 .../port/{ => esp8266}/include/sha256_alt.h   |  23 +-
 .../port/{ => esp8266}/include/sha512_alt.h   |  23 +-
 components/mbedtls/port/esp8266/sha1.c        |  68 ++
 components/mbedtls/port/esp8266/sha256.c      |  75 ++
 components/mbedtls/port/esp8266/sha512.c      |  75 ++
 components/mbedtls/port/esp_bignum.c          | 683 ----------------
 components/mbedtls/port/esp_mem.c             |  10 +-
 components/mbedtls/port/esp_sha.c             |  79 --
 components/mbedtls/port/esp_sha1.c            | 451 ----------
 components/mbedtls/port/esp_sha256.c          | 422 ----------
 components/mbedtls/port/esp_sha512.c          | 469 -----------
 components/mbedtls/port/include/aes_alt.h     |  69 --
 components/mbedtls/port/include/esp32/aes.h   | 359 --------
 components/mbedtls/port/include/esp32/sha.h   | 211 -----
 .../mbedtls/port/include/mbedtls/bignum.h     |  78 --
 components/mdns/CMakeLists.txt                |   2 +-
 components/mqtt/CMakeLists.txt                |   2 +-
 .../MQTTClient-C/src/FreeRTOS/MQTTFreeRTOS.c  |   8 -
 components/protocomm/CMakeLists.txt           |   2 +-
 components/wpa_supplicant/CMakeLists.txt      |   2 +-
 .../main/openssl_client_example_main.c        |  10 -
 .../main/openssl_server_example_main.c        |  10 -
 tools/cmake/build.cmake                       |   2 +-
 42 files changed, 625 insertions(+), 4023 deletions(-)
 create mode 100644 components/esp8266/source/hw_random.c
 delete mode 100644 components/mbedtls/port/esp32/aes.c
 delete mode 100644 components/mbedtls/port/esp32/sha.c
 create mode 100644 components/mbedtls/port/esp8266/aes.c
 create mode 100644 components/mbedtls/port/esp8266/include/aes_alt.h
 create mode 100644 components/mbedtls/port/esp8266/include/arc4_alt.h
 create mode 100644 components/mbedtls/port/esp8266/include/md5_alt.h
 rename components/mbedtls/port/{ => esp8266}/include/sha1_alt.h (61%)
 rename components/mbedtls/port/{ => esp8266}/include/sha256_alt.h (58%)
 rename components/mbedtls/port/{ => esp8266}/include/sha512_alt.h (58%)
 create mode 100644 components/mbedtls/port/esp8266/sha1.c
 create mode 100644 components/mbedtls/port/esp8266/sha256.c
 create mode 100644 components/mbedtls/port/esp8266/sha512.c
 delete mode 100644 components/mbedtls/port/esp_bignum.c
 delete mode 100644 components/mbedtls/port/esp_sha.c
 delete mode 100644 components/mbedtls/port/esp_sha1.c
 delete mode 100644 components/mbedtls/port/esp_sha256.c
 delete mode 100644 components/mbedtls/port/esp_sha512.c
 delete mode 100644 components/mbedtls/port/include/aes_alt.h
 delete mode 100644 components/mbedtls/port/include/esp32/aes.h
 delete mode 100644 components/mbedtls/port/include/esp32/sha.h
 delete mode 100644 components/mbedtls/port/include/mbedtls/bignum.h

diff --git a/components/aws_iot/CMakeLists.txt b/components/aws_iot/CMakeLists.txt
index b6c19800..8cb0d519 100644
--- a/components/aws_iot/CMakeLists.txt
+++ b/components/aws_iot/CMakeLists.txt
@@ -5,7 +5,7 @@ else()
     message(STATUS "Building empty aws_iot component due to configuration")
 endif()
 
-set(COMPONENT_REQUIRES ssl)
+set(COMPONENT_REQUIRES mbedtls)
 set(COMPONENT_PRIV_REQUIRES jsmn esp-tls)
 
 register_component()
diff --git a/components/bootloader_support/CMakeLists.txt b/components/bootloader_support/CMakeLists.txt
index 4e5cac76..eb10a5f3 100644
--- a/components/bootloader_support/CMakeLists.txt
+++ b/components/bootloader_support/CMakeLists.txt
@@ -8,7 +8,7 @@ else()
     set(COMPONENT_ADD_INCLUDEDIRS "include")
     set(COMPONENT_PRIV_INCLUDEDIRS "include_priv")
     set(COMPONENT_REQUIRES)
-    set(COMPONENT_PRIV_REQUIRES spi_flash util ssl)
+    set(COMPONENT_PRIV_REQUIRES spi_flash util mbedtls)
 endif()
 
 register_component()
diff --git a/components/esp-tls/CMakeLists.txt b/components/esp-tls/CMakeLists.txt
index 89c172bc..abb37239 100644
--- a/components/esp-tls/CMakeLists.txt
+++ b/components/esp-tls/CMakeLists.txt
@@ -1,7 +1,7 @@
 set(COMPONENT_SRCS "esp_tls.c")
 set(COMPONENT_ADD_INCLUDEDIRS ".")
 
-set(COMPONENT_REQUIRES ssl)
+set(COMPONENT_REQUIRES mbedtls)
 set(COMPONENT_PRIV_REQUIRES lwip http_parser)
 
 register_component()
diff --git a/components/esp8266/CMakeLists.txt b/components/esp8266/CMakeLists.txt
index 0679138a..88de46d8 100644
--- a/components/esp8266/CMakeLists.txt
+++ b/components/esp8266/CMakeLists.txt
@@ -38,6 +38,7 @@ else()
         "source/system_api.c"
         "source/task_wdt.c"
         "source/rom.c"
+        "source/hw_random.c"
         "driver/adc.c"
         "driver/gpio.c"
         "driver/hw_timer.c"
diff --git a/components/esp8266/include/esp_system.h b/components/esp8266/include/esp_system.h
index 30c78033..ad4af4d8 100644
--- a/components/esp8266/include/esp_system.h
+++ b/components/esp8266/include/esp_system.h
@@ -183,6 +183,16 @@ uint32_t esp_get_minimum_free_heap_size( void );
  */
 uint32_t esp_random(void);
 
+/**
+ * @brief Fill a buffer with random bytes from hardware RNG
+ *
+ * @note This function has the same restrictions regarding available entropy as esp_random()
+ *
+ * @param buf Pointer to buffer to fill with random numbers.
+ * @param len Length of buffer in bytes
+ */
+void esp_fill_random(void *buf, size_t len);
+
 typedef enum {
     FLASH_SIZE_4M_MAP_256_256 = 0,  /**<  Flash size : 4Mbits. Map : 256KBytes + 256KBytes */
     FLASH_SIZE_2M,                  /**<  Flash size : 2Mbits. Map : 256KBytes */
diff --git a/components/esp8266/source/hw_random.c b/components/esp8266/source/hw_random.c
new file mode 100644
index 00000000..5931e0a0
--- /dev/null
+++ b/components/esp8266/source/hw_random.c
@@ -0,0 +1,33 @@
+// Copyright 2019-2020 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+#include <stdint.h>
+#include <stddef.h>
+#include <string.h>
+#include <sys/param.h>
+#include "esp_system.h"
+
+void esp_fill_random(void *buf, size_t len)
+{
+    assert(buf != NULL);
+    uint8_t *buf_bytes = (uint8_t *)buf;
+    while (len > 0) {
+        uint32_t word = esp_random();
+        uint32_t to_copy = MIN(sizeof(word), len);
+        memcpy(buf_bytes, &word, to_copy);
+        buf_bytes += to_copy;
+        len -= to_copy;
+    }
+}
diff --git a/components/esp_http_client/CMakeLists.txt b/components/esp_http_client/CMakeLists.txt
index e1ec658c..29861fdb 100644
--- a/components/esp_http_client/CMakeLists.txt
+++ b/components/esp_http_client/CMakeLists.txt
@@ -6,6 +6,6 @@ set(COMPONENT_ADD_INCLUDEDIRS "include")
 set(COMPONENT_PRIV_INCLUDEDIRS "lib/include")
 
 set(COMPONENT_REQUIRES "http_parser")
-set(COMPONENT_PRIV_REQUIRES "ssl" "lwip" "esp-tls" "tcp_transport" "tcpip_adapter")
+set(COMPONENT_PRIV_REQUIRES "mbedtls" "lwip" "esp-tls" "tcp_transport" "tcpip_adapter")
 
 register_component()
diff --git a/components/heap/include/esp_heap_caps.h b/components/heap/include/esp_heap_caps.h
index 144363fe..fb0623ec 100644
--- a/components/heap/include/esp_heap_caps.h
+++ b/components/heap/include/esp_heap_caps.h
@@ -34,6 +34,8 @@ extern "C" {
 #define MALLOC_CAP_32BIT	    (1 << 1)    ///< Memory must allow for aligned 32-bit data accesses
 #define MALLOC_CAP_8BIT	        (1 << 2)    ///< Memory must allow for 8-bit data accesses
 #define MALLOC_CAP_DMA		    (1 << 3)    ///< Memory must be able to accessed by DMA
+#define MALLOC_CAP_INTERNAL     (1 << 11)   ///< Just for code compatibility
+#define MALLOC_CAP_SPIRAM       (1 << 10)   ///< Just for code compatibility
 
 #define MEM_HEAD_SIZE           sizeof(mem_blk_t)   ///< Size of first type memory block
 #define MEM2_HEAD_SIZE          sizeof(mem2_blk_t)  ///< Size of second type memory block
diff --git a/components/libsodium/CMakeLists.txt b/components/libsodium/CMakeLists.txt
index 17b9ebef..2c876852 100644
--- a/components/libsodium/CMakeLists.txt
+++ b/components/libsodium/CMakeLists.txt
@@ -1,6 +1,6 @@
 set(SRC libsodium/src/libsodium)
 
-set(COMPONENT_REQUIRES "ssl")
+set(COMPONENT_REQUIRES "mbedtls")
 
 set(COMPONENT_SRCDIRS
     port
diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt
index a2d08230..20133bea 100644
--- a/components/mbedtls/CMakeLists.txt
+++ b/components/mbedtls/CMakeLists.txt
@@ -1,12 +1,12 @@
-idf_component_register(INCLUDE_DIRS "port/include" "mbedtls/include"
-                    REQUIRES lwip)
+idf_component_register(INCLUDE_DIRS "port/include" "port/esp8266/include" "mbedtls/include"
+                    REQUIRES lwip util)
 
 # Only build mbedtls libraries
 set(ENABLE_TESTING CACHE BOOL OFF)
 set(ENABLE_PROGRAMS CACHE BOOL OFF)
 
 # Needed to for include_next includes to work from within mbedtls
-include_directories("${COMPONENT_DIR}/port/include")
+include_directories("${COMPONENT_DIR}/port/include" "${COMPONENT_DIR}/port/esp8266/include")
 
 # Import mbedtls library targets
 add_subdirectory(mbedtls)
@@ -22,19 +22,16 @@ set(mbedtls_targets mbedtls mbedcrypto mbedx509)
 target_sources(mbedtls PRIVATE  "${COMPONENT_DIR}/port/mbedtls_debug.c"
                                 "${COMPONENT_DIR}/port/net_sockets.c")
 
-target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_bignum.c"
-                                "${COMPONENT_DIR}/port/esp_hardware.c"
-                                "${COMPONENT_DIR}/port/esp_mem.c"
-                                "${COMPONENT_DIR}/port/esp_sha.c"
-                                "${COMPONENT_DIR}/port/esp_sha1.c"
-                                "${COMPONENT_DIR}/port/esp_sha256.c"
-                                "${COMPONENT_DIR}/port/esp_sha512.c"
-                                "${COMPONENT_DIR}/port/esp_timing.c"
-                                "${COMPONENT_DIR}/port/esp32/aes.c"
-                                "${COMPONENT_DIR}/port/esp32/sha.c")
+target_sources(mbedcrypto PRIVATE "${COMPONENT_DIR}/port/esp_hardware.c"
+                                  "${COMPONENT_DIR}/port/esp_mem.c"
+                                  "${COMPONENT_DIR}/port/esp_timing.c"
+                                  "${COMPONENT_DIR}/port/esp8266/aes.c"
+                                  "${COMPONENT_DIR}/port/esp8266/sha1.c"
+                                  "${COMPONENT_DIR}/port/esp8266/sha256.c"
+                                  "${COMPONENT_DIR}/port/esp8266/sha512.c")
 
 foreach(target ${mbedtls_targets})
-    target_compile_definitions(${target} PUBLIC -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h")
+    target_compile_definitions(${target} PUBLIC -DMBEDTLS_CONFIG_FILE="mbedtls/esp_config.h" -DCONFIG_SSL_USING_MBEDTLS)
 endforeach()
 
 # Link mbedtls libraries to component library
diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
index a9e7983b..a1c396cf 100644
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@@ -148,7 +148,7 @@ menu "mbedTLS"
 
     config MBEDTLS_HARDWARE_SHA
         bool "Enable hardware SHA acceleration"
-        default n
+        default y
         help
             Enable hardware accelerated SHA1, SHA256, SHA384 & SHA512 in mbedTLS.
 
diff --git a/components/mbedtls/component.mk b/components/mbedtls/component.mk
index 09ce80c9..e6551fb6 100644
--- a/components/mbedtls/component.mk
+++ b/components/mbedtls/component.mk
@@ -2,9 +2,9 @@
 # Component Makefile
 #
 
-COMPONENT_ADD_INCLUDEDIRS := port/include mbedtls/include
+COMPONENT_ADD_INCLUDEDIRS := port/include mbedtls/include port/esp8266/include
 
-COMPONENT_SRCDIRS := mbedtls/library port port/esp32
+COMPONENT_SRCDIRS := mbedtls/library port port/esp8266
 
 COMPONENT_OBJEXCLUDE := mbedtls/library/net_sockets.o
 
diff --git a/components/mbedtls/port/esp32/aes.c b/components/mbedtls/port/esp32/aes.c
deleted file mode 100644
index db8f1bf5..00000000
--- a/components/mbedtls/port/esp32/aes.c
+++ /dev/null
@@ -1,768 +0,0 @@
-/**
- * \brief AES block cipher, ESP32 hardware accelerated version
- * Based on mbedTLS FIPS-197 compliant version.
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  Additions Copyright (C) 2016-2017, Espressif Systems (Shanghai) PTE Ltd
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-/*
- *  The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
- *
- *  http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
- *  http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
- */
-#include <string.h>
-#include "mbedtls/aes.h"
-#include "mbedtls/platform_util.h"
-#include "esp32/aes.h"
-#include "soc/hwcrypto_periph.h"
-#include <sys/lock.h>
-
-#include <freertos/FreeRTOS.h>
-
-#include "soc/cpu.h"
-#include <stdio.h>
-#include "driver/periph_ctrl.h"
-
-
-/* AES uses a spinlock mux not a lock as the underlying block operation
-   only takes 208 cycles (to write key & compute block), +600 cycles
-   for DPORT protection but +3400 cycles again if you use a full sized lock.
-
-   For CBC, CFB, etc. this may mean that interrupts are disabled for a longer
-   period of time for bigger lengths. However at the moment this has to happen
-   anyway due to DPORT protection...
-*/
-static portMUX_TYPE aes_spinlock = portMUX_INITIALIZER_UNLOCKED;
-
-static inline bool valid_key_length(const esp_aes_context *ctx)
-{
-    return ctx->key_bytes == 128/8 || ctx->key_bytes == 192/8 || ctx->key_bytes == 256/8;
-}
-
-void esp_aes_acquire_hardware( void )
-{
-    portENTER_CRITICAL(&aes_spinlock);
-
-    /* Enable AES hardware */
-    periph_module_enable(PERIPH_AES_MODULE);
-}
-
-void esp_aes_release_hardware( void )
-{
-    /* Disable AES hardware */
-    periph_module_disable(PERIPH_AES_MODULE);
-
-    portEXIT_CRITICAL(&aes_spinlock);
-}
-
-void esp_aes_init( esp_aes_context *ctx )
-{
-    bzero( ctx, sizeof( esp_aes_context ) );
-}
-
-void esp_aes_free( esp_aes_context *ctx )
-{
-    if ( ctx == NULL ) {
-        return;
-    }
-
-    bzero( ctx, sizeof( esp_aes_context ) );
-}
-
-
-
-/*
- * AES key schedule (same for encryption or decryption, as hardware handles schedule)
- *
- */
-int esp_aes_setkey( esp_aes_context *ctx, const unsigned char *key,
-                    unsigned int keybits )
-{
-    if (keybits != 128 && keybits != 192 && keybits != 256) {
-        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
-    }
-    ctx->key_bytes = keybits / 8;
-    memcpy(ctx->key, key, ctx->key_bytes);
-    ctx->key_in_hardware = 0;
-    return 0;
-}
-
-/*
- * Helper function to copy key from esp_aes_context buffer
- * to hardware key registers.
- *
- * Call only while holding esp_aes_acquire_hardware().
- */
-static void esp_aes_setkey_hardware(esp_aes_context *ctx, int mode)
-{
-    const uint32_t MODE_DECRYPT_BIT = 4;
-    unsigned mode_reg_base = (mode == ESP_AES_ENCRYPT) ? 0 : MODE_DECRYPT_BIT;
-
-    ctx->key_in_hardware = 0;
-
-    for (int i = 0; i < ctx->key_bytes/4; ++i) {
-        DPORT_REG_WRITE(AES_KEY_BASE + i * 4, *(((uint32_t *)ctx->key) + i));
-        ctx->key_in_hardware += 4;
-    }
-
-    DPORT_REG_WRITE(AES_MODE_REG, mode_reg_base + ((ctx->key_bytes / 8) - 2));
-
-    /* Fault injection check: all words of key data should have been written to hardware */
-    if (ctx->key_in_hardware < 16
-        || ctx->key_in_hardware != ctx->key_bytes) {
-        abort();
-    }
-}
-
-/* Run a single 16 byte block of AES, using the hardware engine.
- *
- * Call only while holding esp_aes_acquire_hardware().
- */
-static int esp_aes_block(esp_aes_context *ctx, const void *input, void *output)
-{
-    const uint32_t *input_words = (const uint32_t *)input;
-    uint32_t i0, i1, i2, i3;
-    uint32_t *output_words = (uint32_t *)output;
-
-    /* If no key is written to hardware yet, either the user hasn't called
-       mbedtls_aes_setkey_enc/mbedtls_aes_setkey_dec - meaning we also don't
-       know which mode to use - or a fault skipped the
-       key write to hardware. Treat this as a fatal error and zero the output block.
-    */
-    if (ctx->key_in_hardware != ctx->key_bytes) {
-        bzero(output, 16);
-        return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
-    }
-
-    /* Storing i0,i1,i2,i3 in registers not an array
-       helps a lot with optimisations at -Os level */
-    i0 = input_words[0];
-    DPORT_REG_WRITE(AES_TEXT_BASE, i0);
-
-    i1 = input_words[1];
-    DPORT_REG_WRITE(AES_TEXT_BASE + 4, i1);
-
-    i2 = input_words[2];
-    DPORT_REG_WRITE(AES_TEXT_BASE + 8, i2);
-
-    i3 = input_words[3];
-    DPORT_REG_WRITE(AES_TEXT_BASE + 12, i3);
-
-    DPORT_REG_WRITE(AES_START_REG, 1);
-
-    while (DPORT_REG_READ(AES_IDLE_REG) != 1) { }
-
-    esp_dport_access_read_buffer(output_words, AES_TEXT_BASE, 4);
-
-    /* Physical security check: Verify the AES accelerator actually ran, and wasn't
-       skipped due to external fault injection while starting the peripheral.
-
-       Note that i0,i1,i2,i3 are copied from input buffer in case input==output.
-
-       Bypassing this check requires at least one additional fault.
-    */
-    if(i0 == output_words[0] && i1 == output_words[1] && i2 == output_words[2] && i3 == output_words[3]) {
-        // calling zeroing functions to narrow the
-        // window for a double-fault of the abort step, here
-        memset(output, 0, 16);
-        mbedtls_platform_zeroize(output, 16);
-        abort();
-    }
-
-    return 0;
-}
-
-/*
- * AES-ECB block encryption
- */
-int esp_internal_aes_encrypt( esp_aes_context *ctx,
-                      const unsigned char input[16],
-                      unsigned char output[16] )
-{
-    int r;
-
-    if (!valid_key_length(ctx)) {
-        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
-    }
-
-    esp_aes_acquire_hardware();
-    ctx->key_in_hardware = 0;
-    esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
-    r = esp_aes_block(ctx, input, output);
-    esp_aes_release_hardware();
-    return r;
-}
-
-void esp_aes_encrypt( esp_aes_context *ctx,
-        const unsigned char input[16],
-        unsigned char output[16] )
-{
-    esp_internal_aes_encrypt(ctx, input, output);
-}
-
-/*
- * AES-ECB block decryption
- */
-
-int esp_internal_aes_decrypt( esp_aes_context *ctx,
-                      const unsigned char input[16],
-                      unsigned char output[16] )
-{
-    int r;
-
-    if (!valid_key_length(ctx)) {
-        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
-    }
-
-    esp_aes_acquire_hardware();
-    ctx->key_in_hardware = 0;
-    esp_aes_setkey_hardware(ctx, ESP_AES_DECRYPT);
-    r = esp_aes_block(ctx, input, output);
-    esp_aes_release_hardware();
-    return r;
-}
-
-void esp_aes_decrypt( esp_aes_context *ctx,
-                      const unsigned char input[16],
-                      unsigned char output[16] )
-{
-    esp_internal_aes_decrypt(ctx, input, output);
-}
-
-/*
- * AES-ECB block encryption/decryption
- */
-int esp_aes_crypt_ecb( esp_aes_context *ctx,
-                       int mode,
-                       const unsigned char input[16],
-                       unsigned char output[16] )
-{
-    int r;
-
-    if (!valid_key_length(ctx)) {
-        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
-    }
-
-    esp_aes_acquire_hardware();
-    ctx->key_in_hardware = 0;
-    esp_aes_setkey_hardware(ctx, mode);
-    r = esp_aes_block(ctx, input, output);
-    esp_aes_release_hardware();
-
-    return r;
-}
-
-
-/*
- * AES-CBC buffer encryption/decryption
- */
-int esp_aes_crypt_cbc( esp_aes_context *ctx,
-                       int mode,
-                       size_t length,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    int i;
-    uint32_t *output_words = (uint32_t *)output;
-    const uint32_t *input_words = (const uint32_t *)input;
-    uint32_t *iv_words = (uint32_t *)iv;
-    unsigned char temp[16];
-
-    if ( length % 16 ) {
-        return ( ERR_ESP_AES_INVALID_INPUT_LENGTH );
-    }
-
-    if (!valid_key_length(ctx)) {
-        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
-    }
-
-    esp_aes_acquire_hardware();
-    ctx->key_in_hardware = 0;
-
-    esp_aes_setkey_hardware(ctx, mode);
-
-    if ( mode == ESP_AES_DECRYPT ) {
-        while ( length > 0 ) {
-            memcpy(temp, input_words, 16);
-            esp_aes_block(ctx, input_words, output_words);
-
-            for ( i = 0; i < 4; i++ ) {
-                output_words[i] = output_words[i] ^ iv_words[i];
-            }
-
-            memcpy( iv_words, temp, 16 );
-
-            input_words += 4;
-            output_words += 4;
-            length -= 16;
-        }
-    } else { // ESP_AES_ENCRYPT
-        while ( length > 0 ) {
-
-            for ( i = 0; i < 4; i++ ) {
-                output_words[i] = input_words[i] ^ iv_words[i];
-            }
-
-            esp_aes_block(ctx, output_words, output_words);
-            memcpy( iv_words, output_words, 16 );
-
-            input_words  += 4;
-            output_words += 4;
-            length -= 16;
-        }
-    }
-
-    esp_aes_release_hardware();
-
-    return 0;
-}
-
-/*
- * AES-CFB128 buffer encryption/decryption
- */
-int esp_aes_crypt_cfb128( esp_aes_context *ctx,
-                          int mode,
-                          size_t length,
-                          size_t *iv_off,
-                          unsigned char iv[16],
-                          const unsigned char *input,
-                          unsigned char *output )
-{
-    int c;
-    size_t n = *iv_off;
-
-    if (!valid_key_length(ctx)) {
-        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
-    }
-
-    esp_aes_acquire_hardware();
-    ctx->key_in_hardware = 0;
-
-    esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
-
-    if ( mode == ESP_AES_DECRYPT ) {
-        while ( length-- ) {
-            if ( n == 0 ) {
-                esp_aes_block(ctx, iv, iv);
-            }
-
-            c = *input++;
-            *output++ = (unsigned char)( c ^ iv[n] );
-            iv[n] = (unsigned char) c;
-
-            n = ( n + 1 ) & 0x0F;
-        }
-    } else {
-        while ( length-- ) {
-            if ( n == 0 ) {
-                esp_aes_block(ctx, iv, iv);
-            }
-
-            iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
-
-            n = ( n + 1 ) & 0x0F;
-        }
-    }
-
-    *iv_off = n;
-
-    esp_aes_release_hardware();
-
-    return 0;
-}
-
-/*
- * AES-CFB8 buffer encryption/decryption
- */
-int esp_aes_crypt_cfb8( esp_aes_context *ctx,
-                        int mode,
-                        size_t length,
-                        unsigned char iv[16],
-                        const unsigned char *input,
-                        unsigned char *output )
-{
-    unsigned char c;
-    unsigned char ov[17];
-
-    if (!valid_key_length(ctx)) {
-        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
-    }
-
-    esp_aes_acquire_hardware();
-    ctx->key_in_hardware = 0;
-
-    esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
-
-    while ( length-- ) {
-        memcpy( ov, iv, 16 );
-        esp_aes_block(ctx, iv, iv);
-
-        if ( mode == ESP_AES_DECRYPT ) {
-            ov[16] = *input;
-        }
-
-        c = *output++ = (unsigned char)( iv[0] ^ *input++ );
-
-        if ( mode == ESP_AES_ENCRYPT ) {
-            ov[16] = c;
-        }
-
-        memcpy( iv, ov + 1, 16 );
-    }
-
-    esp_aes_release_hardware();
-
-    return 0;
-}
-
-/*
- * AES-CTR buffer encryption/decryption
- */
-int esp_aes_crypt_ctr( esp_aes_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[16],
-                       unsigned char stream_block[16],
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    int c, i;
-    size_t n = *nc_off;
-
-    if (!valid_key_length(ctx)) {
-        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
-    }
-
-    esp_aes_acquire_hardware();
-    ctx->key_in_hardware = 0;
-
-    esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
-
-    while ( length-- ) {
-        if ( n == 0 ) {
-            esp_aes_block(ctx, nonce_counter, stream_block);
-
-            for ( i = 16; i > 0; i-- )
-                if ( ++nonce_counter[i - 1] != 0 ) {
-                    break;
-                }
-        }
-        c = *input++;
-        *output++ = (unsigned char)( c ^ stream_block[n] );
-
-        n = ( n + 1 ) & 0x0F;
-    }
-
-    *nc_off = n;
-
-    esp_aes_release_hardware();
-
-    return 0;
-}
-
-/*
- * AES-OFB (Output Feedback Mode) buffer encryption/decryption
- */
-int esp_aes_crypt_ofb( esp_aes_context *ctx,
-                           size_t length,
-                           size_t *iv_off,
-                           unsigned char iv[16],
-                           const unsigned char *input,
-                           unsigned char *output )
-{
-    int ret = 0;
-    size_t n;
-
-    if ( ctx == NULL || iv_off == NULL || iv == NULL ||
-        input == NULL || output == NULL ) {
-            return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
-    }
-
-    n = *iv_off;
-
-    if( n > 15 ) {
-        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
-    }
-
-    if (!valid_key_length(ctx)) {
-        return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
-    }
-
-    esp_aes_acquire_hardware();
-
-    esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
-
-    while( length-- ) {
-        if( n == 0 ) {
-            esp_aes_block(ctx, iv, iv);
-        }
-        *output++ =  *input++ ^ iv[n];
-
-        n = ( n + 1 ) & 0x0F;
-    }
-
-    *iv_off = n;
-
-    esp_aes_release_hardware();
-
-    return( ret );
-}
-
-/* Below XTS implementation is copied aes.c of mbedtls library. 
- * When MBEDTLS_AES_ALT is defined mbedtls expects alternate
- * definition of XTS functions to be available. Even if this 
- * could have been avoided, it is done for consistency reason.
- */
-
-void esp_aes_xts_init( esp_aes_xts_context *ctx )
-{
-    esp_aes_init( &ctx->crypt );
-    esp_aes_init( &ctx->tweak );
-}
-
-void esp_aes_xts_free( esp_aes_xts_context *ctx )
-{
-    esp_aes_free( &ctx->crypt );
-    esp_aes_free( &ctx->tweak );
-}
-
-static int esp_aes_xts_decode_keys( const unsigned char *key,
-                                        unsigned int keybits,
-                                        const unsigned char **key1,
-                                        unsigned int *key1bits,
-                                        const unsigned char **key2,
-                                        unsigned int *key2bits )
-{
-    const unsigned int half_keybits = keybits / 2;
-    const unsigned int half_keybytes = half_keybits / 8;
-
-    switch( keybits )
-    {
-        case 256: break;
-        case 512: break;
-        default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
-    }
-
-    *key1bits = half_keybits;
-    *key2bits = half_keybits;
-    *key1 = &key[0];
-    *key2 = &key[half_keybytes];
-
-    return 0;
-}
-
-int esp_aes_xts_setkey_enc( esp_aes_xts_context *ctx,
-                                const unsigned char *key,
-                                unsigned int keybits)
-{
-    int ret;
-    const unsigned char *key1, *key2;
-    unsigned int key1bits, key2bits;
-
-    ret = esp_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
-                                       &key2, &key2bits );
-    if( ret != 0 )
-        return( ret );
-
-    /* Set the tweak key. Always set tweak key for the encryption mode. */
-    ret = esp_aes_setkey( &ctx->tweak, key2, key2bits );
-    if( ret != 0 )
-        return( ret );
-
-    /* Set crypt key for encryption. */
-    return esp_aes_setkey( &ctx->crypt, key1, key1bits );
-}
-
-int esp_aes_xts_setkey_dec( esp_aes_xts_context *ctx,
-                                const unsigned char *key,
-                                unsigned int keybits)
-{
-    int ret;
-    const unsigned char *key1, *key2;
-    unsigned int key1bits, key2bits;
-
-    ret = esp_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
-                                       &key2, &key2bits );
-    if( ret != 0 )
-        return( ret );
-
-    /* Set the tweak key. Always set tweak key for encryption. */
-    ret = esp_aes_setkey( &ctx->tweak, key2, key2bits );
-    if( ret != 0 )
-        return( ret );
-
-    /* Set crypt key for decryption. */
-    return esp_aes_setkey( &ctx->crypt, key1, key1bits );
-}
-
-/* Endianess with 64 bits values */
-#ifndef GET_UINT64_LE
-#define GET_UINT64_LE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint64_t) (b)[(i) + 7] << 56 )             \
-        | ( (uint64_t) (b)[(i) + 6] << 48 )             \
-        | ( (uint64_t) (b)[(i) + 5] << 40 )             \
-        | ( (uint64_t) (b)[(i) + 4] << 32 )             \
-        | ( (uint64_t) (b)[(i) + 3] << 24 )             \
-        | ( (uint64_t) (b)[(i) + 2] << 16 )             \
-        | ( (uint64_t) (b)[(i) + 1] <<  8 )             \
-        | ( (uint64_t) (b)[(i)    ]       );            \
-}
-#endif
-
-#ifndef PUT_UINT64_LE
-#define PUT_UINT64_LE(n,b,i)                            \
-{                                                       \
-    (b)[(i) + 7] = (unsigned char) ( (n) >> 56 );       \
-    (b)[(i) + 6] = (unsigned char) ( (n) >> 48 );       \
-    (b)[(i) + 5] = (unsigned char) ( (n) >> 40 );       \
-    (b)[(i) + 4] = (unsigned char) ( (n) >> 32 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i)    ] = (unsigned char) ( (n)       );       \
-}
-#endif
-
-typedef unsigned char esp_be128[16];
-
-/*
- * GF(2^128) multiplication function
- *
- * This function multiplies a field element by x in the polynomial field
- * representation. It uses 64-bit word operations to gain speed but compensates
- * for machine endianess and hence works correctly on both big and little
- * endian machines.
- */
-static void esp_gf128mul_x_ble( unsigned char r[16],
-                                    const unsigned char x[16] )
-{
-    uint64_t a, b, ra, rb;
-
-    GET_UINT64_LE( a, x, 0 );
-    GET_UINT64_LE( b, x, 8 );
-
-    ra = ( a << 1 )  ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) );
-    rb = ( a >> 63 ) | ( b << 1 );
-
-    PUT_UINT64_LE( ra, r, 0 );
-    PUT_UINT64_LE( rb, r, 8 );
-}
-
-/*
- * AES-XTS buffer encryption/decryption
- */
-int esp_aes_crypt_xts( esp_aes_xts_context *ctx,
-                           int mode,
-                           size_t length,
-                           const unsigned char data_unit[16],
-                           const unsigned char *input,
-                           unsigned char *output )
-{
-    int ret;
-    size_t blocks = length / 16;
-    size_t leftover = length % 16;
-    unsigned char tweak[16];
-    unsigned char prev_tweak[16];
-    unsigned char tmp[16];
-
-    /* Sectors must be at least 16 bytes. */
-    if( length < 16 )
-        return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
-
-    /* NIST SP 80-38E disallows data units larger than 2**20 blocks. */
-    if( length > ( 1 << 20 ) * 16 )
-        return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
-
-    /* Compute the tweak. */
-    ret = esp_aes_crypt_ecb( &ctx->tweak, MBEDTLS_AES_ENCRYPT,
-                                 data_unit, tweak );
-    if( ret != 0 )
-        return( ret );
-
-    while( blocks-- )
-    {
-        size_t i;
-
-        if( leftover && ( mode == MBEDTLS_AES_DECRYPT ) && blocks == 0 )
-        {
-            /* We are on the last block in a decrypt operation that has
-             * leftover bytes, so we need to use the next tweak for this block,
-             * and this tweak for the lefover bytes. Save the current tweak for
-             * the leftovers and then update the current tweak for use on this,
-             * the last full block. */
-            memcpy( prev_tweak, tweak, sizeof( tweak ) );
-            esp_gf128mul_x_ble( tweak, tweak );
-        }
-
-        for( i = 0; i < 16; i++ )
-            tmp[i] = input[i] ^ tweak[i];
-
-        ret = esp_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp );
-        if( ret != 0 )
-            return( ret );
-
-        for( i = 0; i < 16; i++ )
-            output[i] = tmp[i] ^ tweak[i];
-
-        /* Update the tweak for the next block. */
-        esp_gf128mul_x_ble( tweak, tweak );
-
-        output += 16;
-        input += 16;
-    }
-
-    if( leftover )
-    {
-        /* If we are on the leftover bytes in a decrypt operation, we need to
-         * use the previous tweak for these bytes (as saved in prev_tweak). */
-        unsigned char *t = mode == MBEDTLS_AES_DECRYPT ? prev_tweak : tweak;
-
-        /* We are now on the final part of the data unit, which doesn't divide
-         * evenly by 16. It's time for ciphertext stealing. */
-        size_t i;
-        unsigned char *prev_output = output - 16;
-
-        /* Copy ciphertext bytes from the previous block to our output for each
-         * byte of cyphertext we won't steal. At the same time, copy the
-         * remainder of the input for this final round (since the loop bounds
-         * are the same). */
-        for( i = 0; i < leftover; i++ )
-        {
-            output[i] = prev_output[i];
-            tmp[i] = input[i] ^ t[i];
-        }
-
-        /* Copy ciphertext bytes from the previous block for input in this
-         * round. */
-        for( ; i < 16; i++ )
-            tmp[i] = prev_output[i] ^ t[i];
-
-        ret = esp_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp );
-        if( ret != 0 )
-            return ret;
-
-        /* Write the result back to the previous block, overriding the previous
-         * output we copied. */
-        for( i = 0; i < 16; i++ )
-            prev_output[i] = tmp[i] ^ t[i];
-    }
-
-    return( 0 );
-}
diff --git a/components/mbedtls/port/esp32/sha.c b/components/mbedtls/port/esp32/sha.c
deleted file mode 100644
index 35c52eee..00000000
--- a/components/mbedtls/port/esp32/sha.c
+++ /dev/null
@@ -1,314 +0,0 @@
-/*
- *  ESP32 hardware accelerated SHA1/256/512 implementation
- *  based on mbedTLS FIPS-197 compliant version.
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-/*
- *  The SHA-1 standard was published by NIST in 1993.
- *
- *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
- */
-
-#include <string.h>
-#include <stdio.h>
-#include <machine/endian.h>
-#include <assert.h>
-
-#include "freertos/FreeRTOS.h"
-#include "freertos/semphr.h"
-
-#include "esp32/sha.h"
-#include "esp32/rom/ets_sys.h"
-#include "soc/hwcrypto_periph.h"
-#include "driver/periph_ctrl.h"
-
-inline static uint32_t SHA_LOAD_REG(esp_sha_type sha_type) {
-    return SHA_1_LOAD_REG + sha_type * 0x10;
-}
-
-inline static uint32_t SHA_BUSY_REG(esp_sha_type sha_type) {
-    return SHA_1_BUSY_REG + sha_type * 0x10;
-}
-
-inline static uint32_t SHA_START_REG(esp_sha_type sha_type) {
-    return SHA_1_START_REG + sha_type * 0x10;
-}
-
-inline static uint32_t SHA_CONTINUE_REG(esp_sha_type sha_type) {
-    return SHA_1_CONTINUE_REG + sha_type * 0x10;
-}
-
-/* Single spinlock for SHA engine memory block
-*/
-static portMUX_TYPE memory_block_lock = portMUX_INITIALIZER_UNLOCKED;
-
-
-/* Binary semaphore managing the state of each concurrent SHA engine.
-
-   Available = noone is using this SHA engine
-   Taken = a SHA session is running on this SHA engine
-
-   Indexes:
-   0 = SHA1
-   1 = SHA2_256
-   2 = SHA2_384 or SHA2_512
-*/
-static SemaphoreHandle_t engine_states[3];
-
-static uint8_t engines_in_use;
-
-/* Spinlock for engines_in_use counter
-*/
-static portMUX_TYPE engines_in_use_lock = portMUX_INITIALIZER_UNLOCKED;
-
-/* Index into the engine_states array */
-inline static size_t sha_engine_index(esp_sha_type type) {
-    switch(type) {
-    case SHA1:
-        return 0;
-    case SHA2_256:
-        return 1;
-    default:
-        return 2;
-    }
-}
-
-/* Return digest length (in bytes) for a given SHA type */
-inline static size_t sha_length(esp_sha_type type) {
-    switch(type) {
-    case SHA1:
-        return 20;
-    case SHA2_256:
-        return 32;
-    case SHA2_384:
-        return 48;
-    case SHA2_512:
-        return 64;
-    default:
-        return 0;
-    }
-}
-
-/* Return block size (in bytes) for a given SHA type */
-inline static size_t block_length(esp_sha_type type) {
-    switch(type) {
-    case SHA1:
-    case SHA2_256:
-        return 64;
-    case SHA2_384:
-    case SHA2_512:
-        return 128;
-    default:
-        return 0;
-    }
-}
-
-void esp_sha_lock_memory_block(void)
-{
-    portENTER_CRITICAL(&memory_block_lock);
-}
-
-void esp_sha_unlock_memory_block(void)
-{
-    portEXIT_CRITICAL(&memory_block_lock);
-}
-
-static SemaphoreHandle_t sha_get_engine_state(esp_sha_type sha_type)
-{
-    unsigned idx = sha_engine_index(sha_type);
-    volatile SemaphoreHandle_t *engine = &engine_states[idx];
-    SemaphoreHandle_t result = *engine;
-    uint32_t set_engine = 0;
-
-    if (result == NULL) {
-        // Create a new semaphore for 'in use' flag
-        SemaphoreHandle_t new_engine = xSemaphoreCreateBinary();
-        assert(new_engine != NULL);
-        xSemaphoreGive(new_engine); // start available
-
-        // try to atomically set the previously NULL *engine to new_engine
-        set_engine = (uint32_t)new_engine;
-        uxPortCompareSet((volatile uint32_t *)engine, 0, &set_engine);
-
-        if (set_engine != 0) { // we lost a race setting *engine
-            vSemaphoreDelete(new_engine);
-        }
-        result = *engine;
-    }
-    return result;
-}
-
-static bool esp_sha_lock_engine_common(esp_sha_type sha_type, TickType_t ticks_to_wait);
-
-bool esp_sha_try_lock_engine(esp_sha_type sha_type)
-{
-    return esp_sha_lock_engine_common(sha_type, 0);
-}
-
-void esp_sha_lock_engine(esp_sha_type sha_type)
-{
-    esp_sha_lock_engine_common(sha_type, portMAX_DELAY);
-}
-
-static bool esp_sha_lock_engine_common(esp_sha_type sha_type, TickType_t ticks_to_wait)
-{
-    SemaphoreHandle_t engine_state = sha_get_engine_state(sha_type);
-    BaseType_t result = xSemaphoreTake(engine_state, ticks_to_wait);
-
-    if (result == pdFALSE) {
-        // failed to take semaphore
-        return false;
-    }
-
-    portENTER_CRITICAL(&engines_in_use_lock);
-
-    if (engines_in_use == 0) {
-        /* Just locked first engine,
-           so enable SHA hardware */
-        periph_module_enable(PERIPH_SHA_MODULE);
-    }
-
-    engines_in_use++;
-    assert(engines_in_use <= 3);
-
-    portEXIT_CRITICAL(&engines_in_use_lock);
-
-    return true;
-}
-
-
-void esp_sha_unlock_engine(esp_sha_type sha_type)
-{
-    SemaphoreHandle_t *engine_state = sha_get_engine_state(sha_type);
-
-    portENTER_CRITICAL(&engines_in_use_lock);
-
-    engines_in_use--;
-
-    if (engines_in_use == 0) {
-        /* About to release last engine, so
-           disable SHA hardware */
-        periph_module_disable(PERIPH_SHA_MODULE);
-    }
-
-    portEXIT_CRITICAL(&engines_in_use_lock);
-
-    xSemaphoreGive(engine_state);
-}
-
-void esp_sha_wait_idle(void)
-{
-    while(1) {
-        if(DPORT_REG_READ(SHA_1_BUSY_REG) == 0
-           && DPORT_REG_READ(SHA_256_BUSY_REG) == 0
-           && DPORT_REG_READ(SHA_384_BUSY_REG) == 0
-           && DPORT_REG_READ(SHA_512_BUSY_REG) == 0) {
-            break;
-        }
-    }
-}
-
-void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state)
-{
-    uint32_t *digest_state_words = NULL;
-    uint32_t *reg_addr_buf = NULL;
-    uint32_t word_len = sha_length(sha_type)/4;
-#ifndef NDEBUG
-    {
-        SemaphoreHandle_t *engine_state = sha_get_engine_state(sha_type);
-        assert(uxSemaphoreGetCount(engine_state) == 0 &&
-               "SHA engine should be locked" );
-    }
-#endif
-
-    // preemptively do this before entering the critical section, then re-check once in it
-    esp_sha_wait_idle();
-
-    esp_sha_lock_memory_block();
-
-    esp_sha_wait_idle();
-
-    DPORT_REG_WRITE(SHA_LOAD_REG(sha_type), 1);
-    while(DPORT_REG_READ(SHA_BUSY_REG(sha_type)) == 1) { }
-    digest_state_words = (uint32_t *)digest_state;
-    reg_addr_buf = (uint32_t *)(SHA_TEXT_BASE);
-    if(sha_type == SHA2_384 || sha_type == SHA2_512) {
-        /* for these ciphers using 64-bit states, swap each pair of words */
-        DPORT_INTERRUPT_DISABLE(); // Disable interrupt only on current CPU.
-        for(int i = 0; i < word_len; i += 2) {
-            digest_state_words[i+1] = DPORT_SEQUENCE_REG_READ((uint32_t)&reg_addr_buf[i]);
-            digest_state_words[i]   = DPORT_SEQUENCE_REG_READ((uint32_t)&reg_addr_buf[i+1]);
-        }
-        DPORT_INTERRUPT_RESTORE(); // restore the previous interrupt level
-    } else {
-        esp_dport_access_read_buffer(digest_state_words, (uint32_t)&reg_addr_buf[0], word_len);
-    }
-    esp_sha_unlock_memory_block();
-
-    /* Fault injection check: verify SHA engine actually ran,
-       state is not all zeroes.
-    */
-    for (int i = 0; i < word_len; i++) {
-        if (digest_state_words[i] != 0) {
-            return;
-        }
-    }
-    abort(); // SHA peripheral returned all zero state, probably due to fault injection
-}
-
-void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block)
-{
-    uint32_t *reg_addr_buf = NULL;
-    uint32_t *data_words = NULL;
-#ifndef NDEBUG
-    {
-        SemaphoreHandle_t *engine_state = sha_get_engine_state(sha_type);
-        assert(uxSemaphoreGetCount(engine_state) == 0 &&
-               "SHA engine should be locked" );
-    }
-#endif
-
-    // preemptively do this before entering the critical section, then re-check once in it
-    esp_sha_wait_idle();
-
-    esp_sha_lock_memory_block();
-
-    esp_sha_wait_idle();
-
-    /* Fill the data block */
-    reg_addr_buf = (uint32_t *)(SHA_TEXT_BASE);
-    data_words = (uint32_t *)data_block;
-    for (int i = 0; i < block_length(sha_type) / 4; i++) {
-        reg_addr_buf[i] = __builtin_bswap32(data_words[i]);
-    }
-    asm volatile ("memw");
-
-    if(is_first_block) {
-        DPORT_REG_WRITE(SHA_START_REG(sha_type), 1);
-    } else {
-        DPORT_REG_WRITE(SHA_CONTINUE_REG(sha_type), 1);
-    }
-
-    esp_sha_unlock_memory_block();
-
-    /* Note: deliberately not waiting for this operation to complete,
-       as a performance tweak - delay waiting until the next time we need the SHA
-       unit, instead.
-    */
-}
diff --git a/components/mbedtls/port/esp8266/aes.c b/components/mbedtls/port/esp8266/aes.c
new file mode 100644
index 00000000..5ba2e283
--- /dev/null
+++ b/components/mbedtls/port/esp8266/aes.c
@@ -0,0 +1,181 @@
+/**
+ * \brief AES block cipher, ESP8266 accelerated version
+ * Based on mbedTLS FIPS-197 compliant version.
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Additions Copyright (C) 2016-2017, Espressif Systems (Shanghai) PTE Ltd
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+#include <string.h>
+#include "mbedtls/aes.h"
+
+#if defined(MBEDTLS_AES_ALT)
+
+void mbedtls_aes_init(mbedtls_aes_context *ctx)
+{
+    memset(ctx, 0, sizeof(mbedtls_aes_context));
+}
+
+void mbedtls_aes_free(mbedtls_aes_context *ctx)
+{
+    memset(ctx, 0, sizeof(mbedtls_aes_context));
+}
+
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx)
+{
+    memset(ctx, 0, sizeof(mbedtls_aes_xts_context));
+}
+
+void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx)
+{
+    memset(ctx, 0, sizeof(mbedtls_aes_xts_context));
+}
+
+int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx,
+                               const unsigned char *key,
+                               unsigned int keybits)
+{
+    return esp_aes_xts_set_encrypt_key(ctx, key, keybits);
+}
+
+int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx,
+                               const unsigned char *key,
+                               unsigned int keybits)
+{
+    return esp_aes_xts_set_decrypt_key(ctx, key, keybits);   
+}
+
+int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx,
+                          int mode,
+                          size_t length,
+                          const unsigned char data_unit[16],
+                          const unsigned char *input,
+                          unsigned char *output)
+{
+    return esp_aes_crypt_xts(ctx, MBEDTLS_AES_ENCRYPT == mode, length, data_unit, input, output);
+}
+#endif
+
+int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
+                    unsigned int keybits)
+{
+    return esp_aes_set_encrypt_key(ctx, key, keybits);
+}
+
+int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key,
+                    unsigned int keybits)
+{
+    return esp_aes_set_decrypt_key(ctx, key, keybits);
+}
+
+int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
+                    int mode,
+                    const unsigned char input[16],
+                    unsigned char output[16])
+{
+    if (MBEDTLS_AES_DECRYPT == mode)
+        return esp_aes_decrypt_ecb(ctx, input, output);
+    else
+        return esp_aes_encrypt_ecb(ctx, input, output);
+}
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[16],
+                    const unsigned char *input,
+                    unsigned char *output)
+{
+    if (MBEDTLS_AES_DECRYPT == mode)
+        return esp_aes_decrypt_cbc(ctx, input, length, output, length, iv);
+    else
+        return esp_aes_encrypt_cbc(ctx, input, length, output, length, iv);        
+}
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx,
+                       int mode,
+                       size_t length,
+                       size_t *iv_off,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output)
+{
+    if (MBEDTLS_AES_DECRYPT == mode)
+        return esp_aes_decrypt_cfb128(ctx, input, length, output, length, iv, iv_off);
+    else
+        return esp_aes_encrypt_cfb128(ctx, input, length, output, length, iv, iv_off);
+}
+
+int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx,
+                    int mode,
+                    size_t length,
+                    unsigned char iv[16],
+                    const unsigned char *input,
+                    unsigned char *output)
+{
+    if (MBEDTLS_AES_DECRYPT == mode)
+        return esp_aes_decrypt_cfb8(ctx, input, length, output, length, iv);
+    else
+        return esp_aes_encrypt_cfb8(ctx, input, length, output, length, iv);
+}
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx,
+                       size_t length,
+                       size_t *iv_off,
+                       unsigned char iv[16],
+                       const unsigned char *input,
+                       unsigned char *output)
+{
+    return esp_aes_crypt_ofb(ctx, length, iv_off, iv, input, output);
+}
+#endif
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx,
+                       size_t length,
+                       size_t *nc_off,
+                       unsigned char nonce_counter[16],
+                       unsigned char stream_block[16],
+                       const unsigned char *input,
+                       unsigned char *output)
+{
+    return esp_aes_encrypt_ctr(ctx, nc_off, nonce_counter, stream_block, input,
+                               length, output, length);
+}      
+#endif
+
+int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx,
+                                 const unsigned char input[16],
+                                 unsigned char output[16])
+{
+    return esp_aes_encrypt(ctx, input, 16, output, 16);
+}
+
+int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
+                                 const unsigned char input[16],
+                                 unsigned char output[16])
+{
+    return esp_aes_decrypt(ctx, input, 16, output, 16);
+}
+
+#endif /* MBEDTLS_AES_ALT */
diff --git a/components/mbedtls/port/esp8266/include/aes_alt.h b/components/mbedtls/port/esp8266/include/aes_alt.h
new file mode 100644
index 00000000..5dd6b98e
--- /dev/null
+++ b/components/mbedtls/port/esp8266/include/aes_alt.h
@@ -0,0 +1,45 @@
+/**
+ * \file aes_alt.h
+ *
+ * \brief AES block cipher
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+#ifndef AES_ALT_H
+#define AES_ALT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MBEDTLS_AES_ALT)
+#include "esp_aes.h"
+
+typedef esp_aes_t mbedtls_aes_context;
+
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+typedef esp_aes_xts_t mbedtls_aes_xts_context;
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+#endif /* MBEDTLS_AES_ALT */
diff --git a/components/mbedtls/port/esp8266/include/arc4_alt.h b/components/mbedtls/port/esp8266/include/arc4_alt.h
new file mode 100644
index 00000000..1fe52e57
--- /dev/null
+++ b/components/mbedtls/port/esp8266/include/arc4_alt.h
@@ -0,0 +1,46 @@
+/*
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+#ifndef ARC4_ALT_H
+#define ARC4_ALT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MBEDTLS_ARC4_ALT)
+#include "esp_arc4.h"
+
+typedef esp_arc4_context mbedtls_arc4_context;
+
+#define mbedtls_arc4_init(_ctx)                     { }
+
+#define mbedtls_arc4_free(_ctx)                     { }
+
+#define mbedtls_arc4_setup(_ctx, _s, _l)            esp_arc4_setup(_ctx, _s, _l)
+
+#define mbedtls_arc4_crypt(_ctx, _l, _i, _o)        esp_arc4_encrypt(_ctx, _l, _i, _o)
+
+#endif /* MBEDTLS_ARC4_ALT */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/components/mbedtls/port/esp8266/include/md5_alt.h b/components/mbedtls/port/esp8266/include/md5_alt.h
new file mode 100644
index 00000000..8a0b808b
--- /dev/null
+++ b/components/mbedtls/port/esp8266/include/md5_alt.h
@@ -0,0 +1,51 @@
+/*
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+#ifndef MD5_ALT_H
+#define MD5_ALT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MBEDTLS_MD5_ALT)
+#include "esp_md5.h"
+
+typedef esp_md5_context_t mbedtls_md5_context;
+
+#define mbedtls_md5_init(_ctx)                     { }
+
+#define mbedtls_md5_free(_ctx)                     { }
+
+#define mbedtls_md5_clone(_d, _s)                  { *(_d) = *(_s); }
+
+#define mbedtls_md5_starts_ret(_ctx)               esp_md5_init(_ctx)
+
+#define mbedtls_md5_update_ret(_ctx, _s, _l)       esp_md5_update(_ctx, _s, _l)
+
+#define mbedtls_md5_finish_ret(_ctx, _d)           esp_md5_final(_ctx, _d)
+
+#define mbedtls_internal_md5_process(_ctx, _s)     esp_md5_update(_ctx, _s, 64)
+#endif /* MBEDTLS_MD5_ALT */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/components/mbedtls/port/include/sha1_alt.h b/components/mbedtls/port/esp8266/include/sha1_alt.h
similarity index 61%
rename from components/mbedtls/port/include/sha1_alt.h
rename to components/mbedtls/port/esp8266/include/sha1_alt.h
index 54b77408..f0c86901 100644
--- a/components/mbedtls/port/include/sha1_alt.h
+++ b/components/mbedtls/port/esp8266/include/sha1_alt.h
@@ -1,5 +1,5 @@
 /*
- *  SHA-1 implementation with hardware ESP32 support added.
+ *  SHA-1 implementation with extra ESP8266 support added.
  *  Uses mbedTLS software implementation for failover when concurrent
  *  SHA operations are in use.
  *
@@ -29,29 +29,14 @@ extern "C" {
 
 #if defined(MBEDTLS_SHA1_ALT)
 
-typedef enum {
-    ESP_MBEDTLS_SHA1_UNUSED, /* first block hasn't been processed yet */
-    ESP_MBEDTLS_SHA1_HARDWARE, /* using hardware SHA engine */
-    ESP_MBEDTLS_SHA1_SOFTWARE, /* using software SHA */
-} esp_mbedtls_sha1_mode;
+#include "esp_sha.h"
 
-/**
- * \brief          SHA-1 context structure
- */
-typedef struct
-{
-    uint32_t total[2];          /*!< number of bytes processed  */
-    uint32_t state[5];          /*!< intermediate digest state  */
-    unsigned char buffer[64];   /*!< data block being processed */
-    esp_mbedtls_sha1_mode mode;
-}
-mbedtls_sha1_context;
+typedef esp_sha1_t mbedtls_sha1_context;
 
-#endif
+#endif /* MBEDTLS_SHA1_ALT */
 
 #ifdef __cplusplus
 }
 #endif
 
 #endif
-
diff --git a/components/mbedtls/port/include/sha256_alt.h b/components/mbedtls/port/esp8266/include/sha256_alt.h
similarity index 58%
rename from components/mbedtls/port/include/sha256_alt.h
rename to components/mbedtls/port/esp8266/include/sha256_alt.h
index 436f5324..914ac89a 100644
--- a/components/mbedtls/port/include/sha256_alt.h
+++ b/components/mbedtls/port/esp8266/include/sha256_alt.h
@@ -1,5 +1,5 @@
 /*
- *  SHA-256 implementation with hardware ESP32 support added.
+ *  SHA-256 implementation with extra ESP8266 support added.
  *  Uses mbedTLS software implementation for failover when concurrent
  *  SHA operations are in use.
  *
@@ -29,26 +29,11 @@ extern "C" {
 
 #if defined(MBEDTLS_SHA256_ALT)
 
-typedef enum {
-    ESP_MBEDTLS_SHA256_UNUSED, /* first block hasn't been processed yet */
-    ESP_MBEDTLS_SHA256_HARDWARE, /* using hardware SHA engine */
-    ESP_MBEDTLS_SHA256_SOFTWARE, /* using software SHA */
-} esp_mbedtls_sha256_mode;
+#include "esp_sha.h"
 
-/**
- * \brief          SHA-256 context structure
- */
-typedef struct
-{
-    uint32_t total[2];          /*!< number of bytes processed  */
-    uint32_t state[8];          /*!< intermediate digest state  */
-    unsigned char buffer[64];   /*!< data block being processed */
-    int is224;                  /*!< 0 => SHA-256, else SHA-224 */
-    esp_mbedtls_sha256_mode mode;
-}
-mbedtls_sha256_context;
+typedef esp_sha_t mbedtls_sha256_context;
 
-#endif
+#endif /* MBEDTLS_SHA256_ALT */
 
 #ifdef __cplusplus
 }
diff --git a/components/mbedtls/port/include/sha512_alt.h b/components/mbedtls/port/esp8266/include/sha512_alt.h
similarity index 58%
rename from components/mbedtls/port/include/sha512_alt.h
rename to components/mbedtls/port/esp8266/include/sha512_alt.h
index 36b8fc9d..af2f5799 100644
--- a/components/mbedtls/port/include/sha512_alt.h
+++ b/components/mbedtls/port/esp8266/include/sha512_alt.h
@@ -1,5 +1,5 @@
 /*
- *  SHA-512 implementation with hardware ESP32 support added.
+ *  SHA-512 implementation with extra ESP8266 support added.
  *  Uses mbedTLS software implementation for failover when concurrent
  *  SHA operations are in use.
  *
@@ -29,26 +29,11 @@ extern "C" {
 
 #if defined(MBEDTLS_SHA512_ALT)
 
-typedef enum {
-    ESP_MBEDTLS_SHA512_UNUSED, /* first block hasn't been processed yet */
-    ESP_MBEDTLS_SHA512_HARDWARE, /* using hardware SHA engine */
-    ESP_MBEDTLS_SHA512_SOFTWARE, /* using software SHA */
-} esp_mbedtls_sha512_mode;
+#include "esp_sha.h"
 
-/**
- * \brief          SHA-512 context structure
- */
-typedef struct
-{
-    uint64_t total[2];          /*!< number of bytes processed  */
-    uint64_t state[8];          /*!< intermediate digest state  */
-    unsigned char buffer[128];  /*!< data block being processed */
-    int is384;                  /*!< 0 => SHA-512, else SHA-384 */
-    esp_mbedtls_sha512_mode mode;
-}
-mbedtls_sha512_context;
+typedef esp_sha512_t mbedtls_sha512_context;
 
-#endif
+#endif /* MBEDTLS_SHA512_ALT */
 
 #ifdef __cplusplus
 }
diff --git a/components/mbedtls/port/esp8266/sha1.c b/components/mbedtls/port/esp8266/sha1.c
new file mode 100644
index 00000000..45a63d60
--- /dev/null
+++ b/components/mbedtls/port/esp8266/sha1.c
@@ -0,0 +1,68 @@
+/**
+ * \brief AES block cipher, ESP8266 accelerated version
+ * Based on mbedTLS FIPS-197 compliant version.
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Additions Copyright (C) 2016-2017, Espressif Systems (Shanghai) PTE Ltd
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+#include <string.h>
+#include "mbedtls/sha1.h"
+
+#if defined(MBEDTLS_SHA1_ALT)
+
+void mbedtls_sha1_init(mbedtls_sha1_context *ctx)
+{
+    memset(ctx, 0, sizeof(mbedtls_sha1_context));
+}
+
+void mbedtls_sha1_free(mbedtls_sha1_context *ctx)
+{
+    memset(ctx, 0, sizeof(mbedtls_sha1_context));
+}
+
+void mbedtls_sha1_clone(mbedtls_sha1_context *dst, const mbedtls_sha1_context *src)
+{
+    memcpy(dst, src, sizeof(mbedtls_sha1_context));
+}
+
+int mbedtls_sha1_starts_ret(mbedtls_sha1_context *ctx)
+{
+    return esp_sha1_init(ctx);
+}
+
+int mbedtls_sha1_update_ret(mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen)
+{
+    return esp_sha1_update(ctx, input, ilen);
+}
+
+int mbedtls_sha1_finish_ret(mbedtls_sha1_context *ctx, unsigned char output[64])
+{
+    return esp_sha1_finish(ctx, output);
+}
+
+int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx, const unsigned char data[128])
+{
+    return esp_sha1_update(ctx, data, 64);
+}
+
+// int mbedtls_sha512_ret(const unsigned char *input, size_t ilen, unsigned char output[64], int is384)
+// {
+    
+// }
+
+#endif /* MBEDTLS_AES_ALT */
diff --git a/components/mbedtls/port/esp8266/sha256.c b/components/mbedtls/port/esp8266/sha256.c
new file mode 100644
index 00000000..2e8f8448
--- /dev/null
+++ b/components/mbedtls/port/esp8266/sha256.c
@@ -0,0 +1,75 @@
+/**
+ * \brief AES block cipher, ESP8266 accelerated version
+ * Based on mbedTLS FIPS-197 compliant version.
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Additions Copyright (C) 2016-2017, Espressif Systems (Shanghai) PTE Ltd
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+#include <string.h>
+#include "mbedtls/sha256.h"
+
+#if defined(MBEDTLS_SHA256_ALT)
+
+void mbedtls_sha256_init(mbedtls_sha256_context *ctx)
+{
+    memset(ctx, 0, sizeof(mbedtls_sha256_context));
+}
+
+void mbedtls_sha256_free(mbedtls_sha256_context *ctx)
+{
+    memset(ctx, 0, sizeof(mbedtls_sha256_context));
+}
+
+void mbedtls_sha256_clone(mbedtls_sha256_context *dst, const mbedtls_sha256_context *src)
+{
+    memcpy(dst, src, sizeof(mbedtls_sha256_context));
+}
+
+int mbedtls_sha256_starts_ret(mbedtls_sha256_context *ctx, int is224)
+{
+    int ret;
+
+    if (is224)
+        ret = esp_sha224_init(ctx);
+    else
+        ret = esp_sha256_init(ctx);
+
+    return ret;
+}
+
+int mbedtls_sha256_update_ret(mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen)
+{
+    return esp_sha256_update(ctx, input, ilen);
+}
+
+int mbedtls_sha256_finish_ret(mbedtls_sha256_context *ctx, unsigned char output[64])
+{
+    return esp_sha256_finish(ctx, output);
+}
+
+int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, const unsigned char data[128])
+{
+    return esp_sha256_update(ctx, data, 64);
+}
+
+// int mbedtls_sha512_ret(const unsigned char *input, size_t ilen, unsigned char output[64], int is384)
+// {
+    
+// }
+
+#endif /* MBEDTLS_AES_ALT */
diff --git a/components/mbedtls/port/esp8266/sha512.c b/components/mbedtls/port/esp8266/sha512.c
new file mode 100644
index 00000000..db1ec919
--- /dev/null
+++ b/components/mbedtls/port/esp8266/sha512.c
@@ -0,0 +1,75 @@
+/**
+ * \brief AES block cipher, ESP8266 accelerated version
+ * Based on mbedTLS FIPS-197 compliant version.
+ *
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Additions Copyright (C) 2016-2017, Espressif Systems (Shanghai) PTE Ltd
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+#include <string.h>
+#include "mbedtls/sha512.h"
+
+#if defined(MBEDTLS_SHA512_ALT)
+
+void mbedtls_sha512_init(mbedtls_sha512_context *ctx)
+{
+    memset(ctx, 0, sizeof(mbedtls_sha512_context));
+}
+
+void mbedtls_sha512_free(mbedtls_sha512_context *ctx)
+{
+    memset(ctx, 0, sizeof(mbedtls_sha512_context));
+}
+
+void mbedtls_sha512_clone(mbedtls_sha512_context *dst, const mbedtls_sha512_context *src)
+{
+    memcpy(dst, src, sizeof(mbedtls_sha512_context));
+}
+
+int mbedtls_sha512_starts_ret(mbedtls_sha512_context *ctx, int is384)
+{
+    int ret;
+
+    if (is384)
+        ret = esp_sha384_init(ctx);
+    else
+        ret = esp_sha512_init(ctx);
+
+    return ret;
+}
+
+int mbedtls_sha512_update_ret(mbedtls_sha512_context *ctx, const unsigned char *input, size_t ilen)
+{
+    return esp_sha512_update(ctx, input, ilen);
+}
+
+int mbedtls_sha512_finish_ret(mbedtls_sha512_context *ctx, unsigned char output[64])
+{
+    return esp_sha512_finish(ctx, output);
+}
+
+int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, const unsigned char data[128])
+{
+    return esp_sha512_update(ctx, data, 128);
+}
+
+// int mbedtls_sha512_ret(const unsigned char *input, size_t ilen, unsigned char output[64], int is384)
+// {
+    
+// }
+
+#endif /* MBEDTLS_AES_ALT */
diff --git a/components/mbedtls/port/esp_bignum.c b/components/mbedtls/port/esp_bignum.c
deleted file mode 100644
index 09bb774b..00000000
--- a/components/mbedtls/port/esp_bignum.c
+++ /dev/null
@@ -1,683 +0,0 @@
-/**
- * \brief  Multi-precision integer library, ESP32 hardware accelerated parts
- *
- *  based on mbedTLS implementation
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-#include <stdio.h>
-#include <string.h>
-#include <malloc.h>
-#include <limits.h>
-#include <assert.h>
-#include <stdlib.h>
-#include <sys/param.h>
-#include "esp32/rom/bigint.h"
-#include "soc/hwcrypto_periph.h"
-#include "esp_system.h"
-#include "esp_log.h"
-#include "esp_intr_alloc.h"
-#include "esp_attr.h"
-
-#include <mbedtls/bignum.h>
-
-#include "freertos/FreeRTOS.h"
-#include "freertos/task.h"
-#include "freertos/semphr.h"
-#include "driver/periph_ctrl.h"
-
-/* Some implementation notes:
- *
- * - Naming convention x_words, y_words, z_words for number of words (limbs) used in a particular
- *   bignum. This number may be less than the size of the bignum
- *
- * - Naming convention hw_words for the hardware length of the operation. This number is always
- *   rounded up to a 512 bit multiple, and may be larger than any of the numbers involved in the
- *   calculation.
- *
- * - Timing behaviour of these functions will depend on the length of the inputs. This is fundamentally
- *   the same constraint as the software mbedTLS implementations, and relies on the same
- *   countermeasures (exponent blinding, etc) which are used in mbedTLS.
- */
-
-static const __attribute__((unused)) char *TAG = "bignum";
-
-#define ciL    (sizeof(mbedtls_mpi_uint))         /* chars in limb  */
-#define biL    (ciL << 3)                         /* bits  in limb  */
-
-#if defined(CONFIG_MBEDTLS_MPI_USE_INTERRUPT)
-static SemaphoreHandle_t op_complete_sem;
-
-static IRAM_ATTR void rsa_complete_isr(void *arg)
-{
-    BaseType_t higher_woken;
-    DPORT_REG_WRITE(RSA_INTERRUPT_REG, 1);
-    xSemaphoreGiveFromISR(op_complete_sem, &higher_woken);
-    if (higher_woken) {
-        portYIELD_FROM_ISR();
-    }
-}
-
-static void rsa_isr_initialise(void)
-{
-    if (op_complete_sem == NULL) {
-        op_complete_sem = xSemaphoreCreateBinary();
-        esp_intr_alloc(ETS_RSA_INTR_SOURCE, 0, rsa_complete_isr, NULL, NULL);
-    }
-}
-
-#endif /* CONFIG_MBEDTLS_MPI_USE_INTERRUPT */
-
-static _lock_t mpi_lock;
-
-void esp_mpi_acquire_hardware( void )
-{
-    /* newlib locks lazy initialize on ESP-IDF */
-    _lock_acquire(&mpi_lock);
-
-    /* Enable RSA hardware */
-    periph_module_enable(PERIPH_RSA_MODULE);
-    DPORT_REG_CLR_BIT(DPORT_RSA_PD_CTRL_REG, DPORT_RSA_PD);
-
-    while(DPORT_REG_READ(RSA_CLEAN_REG) != 1);
-    // Note: from enabling RSA clock to here takes about 1.3us
-
-#ifdef CONFIG_MBEDTLS_MPI_USE_INTERRUPT
-    rsa_isr_initialise();
-#endif
-}
-
-void esp_mpi_release_hardware( void )
-{
-    DPORT_REG_SET_BIT(DPORT_RSA_PD_CTRL_REG, DPORT_RSA_PD);
-
-    /* Disable RSA hardware */
-    periph_module_disable(PERIPH_RSA_MODULE);
-
-    _lock_release(&mpi_lock);
-}
-
-/* Convert bit count to word count
- */
-static inline size_t bits_to_words(size_t bits)
-{
-    return (bits + 31) / 32;
-}
-
-/* Round up number of words to nearest
-   512 bit (16 word) block count.
-*/
-static inline size_t hardware_words(size_t words)
-{
-    return (words + 0xF) & ~0xF;
-}
-
-/* Number of words used to hold 'mpi'.
-
-   Equivalent of bits_to_words(mbedtls_mpi_bitlen(mpi)), but uses less cycles if the
-   exact bit count is not needed.
-
-   Note that mpi->n (size of memory buffer) may be higher than this
-   number, if the high bits are mostly zeroes.
-*/
-static inline size_t word_length(const mbedtls_mpi *mpi)
-{
-    for(size_t i = mpi->n; i > 0; i--) {
-        if( mpi->p[i - 1] != 0 ) {
-            return i;
-        }
-    }
-    return 0;
-}
-
-/* Copy mbedTLS MPI bignum 'mpi' to hardware memory block at 'mem_base'.
-
-   If hw_words is higher than the number of words in the bignum then
-   these additional words will be zeroed in the memory buffer.
-
-*/
-static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t hw_words)
-{
-    uint32_t *pbase = (uint32_t *)mem_base;
-    uint32_t copy_words = hw_words < mpi->n ? hw_words : mpi->n;
-
-    /* Copy MPI data to memory block registers */
-    for (int i = 0; i < copy_words; i++) {
-        pbase[i] = mpi->p[i];
-    }
-
-    /* Zero any remaining memory block data */
-    for (int i = copy_words; i < hw_words; i++) {
-        pbase[i] = 0;
-    }
-
-    /* Note: not executing memw here, can do it before we start a bignum operation */
-}
-
-/* Read mbedTLS MPI bignum back from hardware memory block.
-
-   Reads num_words words from block.
-
-   Bignum 'x' should already be grown to at least num_words by caller (can be done while
-   calculation is in progress, to save some cycles)
-*/
-static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, int num_words)
-{
-    assert(x->n >= num_words);
-
-    /* Copy data from memory block registers */
-    esp_dport_access_read_buffer(x->p, mem_base, num_words);
-
-    /* Zero any remaining limbs in the bignum, if the buffer is bigger
-       than num_words */
-    for(size_t i = num_words; i < x->n; i++) {
-        x->p[i] = 0;
-    }
-}
-
-
-/**
- *
- * There is a need for the value of integer N' such that B^-1(B-1)-N^-1N'=1,
- * where B^-1(B-1) mod N=1. Actually, only the least significant part of
- * N' is needed, hence the definition N0'=N' mod b. We reproduce below the
- * simple algorithm from an article by Dusse and Kaliski to efficiently
- * find N0' from N0 and b
- */
-static mbedtls_mpi_uint modular_inverse(const mbedtls_mpi *M)
-{
-    int i;
-    uint64_t t = 1;
-    uint64_t two_2_i_minus_1 = 2;   /* 2^(i-1) */
-    uint64_t two_2_i = 4;           /* 2^i */
-    uint64_t N = M->p[0];
-
-    for (i = 2; i <= 32; i++) {
-        if ((mbedtls_mpi_uint) N * t % two_2_i >= two_2_i_minus_1) {
-            t += two_2_i_minus_1;
-        }
-
-        two_2_i_minus_1 <<= 1;
-        two_2_i <<= 1;
-    }
-
-    return (mbedtls_mpi_uint)(UINT32_MAX - t + 1);
-}
-
-/* Calculate Rinv = RR^2 mod M, where:
- *
- *  R = b^n where b = 2^32, n=num_words,
- *  R = 2^N (where N=num_bits)
- *  RR = R^2 = 2^(2*N) (where N=num_bits=num_words*32)
- *
- * This calculation is computationally expensive (mbedtls_mpi_mod_mpi)
- * so caller should cache the result where possible.
- *
- * DO NOT call this function while holding esp_mpi_acquire_hardware().
- *
- */
-static int calculate_rinv(mbedtls_mpi *Rinv, const mbedtls_mpi *M, int num_words)
-{
-    int ret;
-    size_t num_bits = num_words * 32;
-    mbedtls_mpi RR;
-    mbedtls_mpi_init(&RR);
-    MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&RR, num_bits * 2, 1));
-    MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(Rinv, &RR, M));
-
- cleanup:
-    mbedtls_mpi_free(&RR);
-    return ret;
-}
-
-
-/* Begin an RSA operation. op_reg specifies which 'START' register
-   to write to.
-*/
-static inline void start_op(uint32_t op_reg)
-{
-    /* Clear interrupt status */
-    DPORT_REG_WRITE(RSA_INTERRUPT_REG, 1);
-
-    /* Note: above REG_WRITE includes a memw, so we know any writes
-       to the memory blocks are also complete. */
-
-    DPORT_REG_WRITE(op_reg, 1);
-}
-
-/* Wait for an RSA operation to complete.
-*/
-static inline void wait_op_complete(uint32_t op_reg)
-{
-#ifdef CONFIG_MBEDTLS_MPI_USE_INTERRUPT
-    if (!xSemaphoreTake(op_complete_sem, 2000 / portTICK_PERIOD_MS)) {
-        ESP_LOGE(TAG, "Timed out waiting for RSA operation (op_reg 0x%x int_reg 0x%x)",
-                 op_reg, DPORT_REG_READ(RSA_INTERRUPT_REG));
-        abort(); /* indicates a fundamental problem with driver */
-    }
-#else
-    while(DPORT_REG_READ(RSA_INTERRUPT_REG) != 1)
-       { }
-
-    /* clear the interrupt */
-    DPORT_REG_WRITE(RSA_INTERRUPT_REG, 1);
-#endif
-
-}
-
-/* Sub-stages of modulo multiplication/exponentiation operations */
-inline static int modular_multiply_finish(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t hw_words, size_t z_words);
-
-/* Z = (X * Y) mod M
-
-   Not an mbedTLS function
-*/
-int esp_mpi_mul_mpi_mod(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M)
-{
-    int ret;
-    size_t x_bits = mbedtls_mpi_bitlen(X);
-    size_t y_bits = mbedtls_mpi_bitlen(Y);
-    size_t m_bits = mbedtls_mpi_bitlen(M);
-    size_t z_bits = MIN(m_bits, x_bits + y_bits);
-    size_t x_words = bits_to_words(x_bits);
-    size_t y_words = bits_to_words(y_bits);
-    size_t m_words = bits_to_words(m_bits);
-    size_t z_words = bits_to_words(z_bits);
-    size_t hw_words = hardware_words(MAX(x_words, MAX(y_words, m_words))); /* longest operand */
-    mbedtls_mpi Rinv;
-    mbedtls_mpi_uint Mprime;
-
-    /* Calculate and load the first stage montgomery multiplication */
-    mbedtls_mpi_init(&Rinv);
-    MBEDTLS_MPI_CHK(calculate_rinv(&Rinv, M, hw_words));
-    Mprime = modular_inverse(M);
-
-    esp_mpi_acquire_hardware();
-
-    /* Load M, X, Rinv, Mprime (Mprime is mod 2^32) */
-    mpi_to_mem_block(RSA_MEM_M_BLOCK_BASE, M, hw_words);
-    mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, hw_words);
-    mpi_to_mem_block(RSA_MEM_RB_BLOCK_BASE, &Rinv, hw_words);
-    DPORT_REG_WRITE(RSA_M_DASH_REG, (uint32_t)Mprime);
-
-    /* "mode" register loaded with number of 512-bit blocks, minus 1 */
-    DPORT_REG_WRITE(RSA_MULT_MODE_REG, (hw_words / 16) - 1);
-
-    /* Execute first stage montgomery multiplication */
-    start_op(RSA_MULT_START_REG);
-
-    wait_op_complete(RSA_MULT_START_REG);
-
-    /* execute second stage */
-    ret = modular_multiply_finish(Z, X, Y, hw_words, z_words);
-
-    esp_mpi_release_hardware();
-
- cleanup:
-    mbedtls_mpi_free(&Rinv);
-    return ret;
-}
-
-#if defined(MBEDTLS_MPI_EXP_MOD_ALT)
-
-/*
- * Sliding-window exponentiation: Z = X^Y mod M  (HAC 14.85)
- *
- * _Rinv is optional pre-calculated version of Rinv (via calculate_rinv()).
- *
- * (See RSA Accelerator section in Technical Reference for more about Mprime, Rinv)
- *
- */
-int mbedtls_mpi_exp_mod( mbedtls_mpi* Z, const mbedtls_mpi* X, const mbedtls_mpi* Y, const mbedtls_mpi* M, mbedtls_mpi* _Rinv )
-{
-    int ret = 0;
-    size_t x_words = word_length(X);
-    size_t y_words = word_length(Y);
-    size_t m_words = word_length(M);
-
-    /* "all numbers must be the same length", so choose longest number
-       as cardinal length of operation...
-    */
-    size_t hw_words = hardware_words(MAX(m_words, MAX(x_words, y_words)));
-
-    mbedtls_mpi Rinv_new; /* used if _Rinv == NULL */
-    mbedtls_mpi *Rinv;    /* points to _Rinv (if not NULL) othwerwise &RR_new */
-    mbedtls_mpi_uint Mprime;
-
-    if (mbedtls_mpi_cmp_int(M, 0) <= 0 || (M->p[0] & 1) == 0) {
-        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
-    }
-
-    if (mbedtls_mpi_cmp_int(Y, 0) < 0) {
-        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
-    }
-
-    if (mbedtls_mpi_cmp_int(Y, 0) == 0) {
-        return mbedtls_mpi_lset(Z, 1);
-    }
-
-    if (hw_words * 32 > 4096) {
-        return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
-    }
-
-    /* Determine RR pointer, either _RR for cached value
-       or local RR_new */
-    if (_Rinv == NULL) {
-        mbedtls_mpi_init(&Rinv_new);
-        Rinv = &Rinv_new;
-    } else {
-        Rinv = _Rinv;
-    }
-    if (Rinv->p == NULL) {
-        MBEDTLS_MPI_CHK(calculate_rinv(Rinv, M, hw_words));
-    }
-
-    Mprime = modular_inverse(M);
-
-    esp_mpi_acquire_hardware();
-
-    /* "mode" register loaded with number of 512-bit blocks, minus 1 */
-    DPORT_REG_WRITE(RSA_MODEXP_MODE_REG, (hw_words / 16) - 1);
-
-    /* Load M, X, Rinv, M-prime (M-prime is mod 2^32) */
-    mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, hw_words);
-    mpi_to_mem_block(RSA_MEM_Y_BLOCK_BASE, Y, hw_words);
-    mpi_to_mem_block(RSA_MEM_M_BLOCK_BASE, M, hw_words);
-    mpi_to_mem_block(RSA_MEM_RB_BLOCK_BASE, Rinv, hw_words);
-    DPORT_REG_WRITE(RSA_M_DASH_REG, Mprime);
-
-    start_op(RSA_START_MODEXP_REG);
-
-    /* X ^ Y may actually be shorter than M, but unlikely when used for crypto */
-    if ((ret = mbedtls_mpi_grow(Z, m_words)) != 0) {
-        esp_mpi_release_hardware();
-        goto cleanup;
-    }
-
-    wait_op_complete(RSA_START_MODEXP_REG);
-
-    mem_block_to_mpi(Z, RSA_MEM_Z_BLOCK_BASE, m_words);
-    esp_mpi_release_hardware();
-
-    // Compensate for negative X
-    if (X->s == -1 && (Y->p[0] & 1) != 0) {
-        Z->s = -1;
-        MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(Z, M, Z));
-    } else {
-        Z->s = 1;
-    }
-
- cleanup:
-    if (_Rinv == NULL) {
-        mbedtls_mpi_free(&Rinv_new);
-    }
-
-    return ret;
-}
-
-#endif /* MBEDTLS_MPI_EXP_MOD_ALT */
-
-/* Second & final step of a modular multiply - load second multiplication
- * factor Y, run the operation (modular inverse), read back the result
- * into Z.
- *
- * Called from both mbedtls_mpi_exp_mod and mbedtls_mpi_mod_mpi.
- *
- * @param Z result value
- * @param X first multiplication factor (used to set sign of result).
- * @param Y second multiplication factor.
- * @param hw_words Size of the hardware operation, in words
- * @param z_words Size of the expected result, in words (may be less than hw_words).
- *        Z will be grown to at least this length.
- *
- *  Caller must have already called esp_mpi_acquire_hardware().
- */
-static int modular_multiply_finish(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t hw_words, size_t z_words)
-{
-    int ret = 0;
-
-    /* Load Y to X input memory block, rerun */
-    mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, Y, hw_words);
-
-    start_op(RSA_MULT_START_REG);
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, z_words) );
-
-    wait_op_complete(RSA_MULT_START_REG);
-
-    mem_block_to_mpi(Z, RSA_MEM_Z_BLOCK_BASE, z_words);
-
-    Z->s = X->s * Y->s;
-
- cleanup:
-    return ret;
-}
-
-#if defined(MBEDTLS_MPI_MUL_MPI_ALT) /* MBEDTLS_MPI_MUL_MPI_ALT */
-
-static int mpi_mult_mpi_failover_mod_mult(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t z_words);
-static int mpi_mult_mpi_overlong(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t Y_bits, size_t z_words);
-
-/* Z = X * Y */
-int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y )
-{
-    int ret = 0;
-    size_t x_bits = mbedtls_mpi_bitlen(X);
-    size_t y_bits = mbedtls_mpi_bitlen(Y);
-    size_t x_words = bits_to_words(x_bits);
-    size_t y_words = bits_to_words(y_bits);
-    size_t z_words = bits_to_words(x_bits + y_bits);
-    size_t hw_words = hardware_words(MAX(x_words, y_words)); // length of one operand in hardware
-
-    /* Short-circuit eval if either argument is 0 or 1.
-
-       This is needed as the mpi modular division
-       argument will sometimes call in here when one
-       argument is too large for the hardware unit, but the other
-       argument is zero or one.
-    */
-    if (x_bits == 0 || y_bits == 0) {
-        mbedtls_mpi_lset(Z, 0);
-        return 0;
-    }
-    if (x_bits == 1) {
-        ret = mbedtls_mpi_copy(Z, Y);
-        Z->s *= X->s;
-        return ret;
-    }
-    if (y_bits == 1) {
-        ret = mbedtls_mpi_copy(Z, X);
-        Z->s *= Y->s;
-        return ret;
-    }
-
-    /* If either factor is over 2048 bits, we can't use the standard hardware multiplier
-       (it assumes result is double longest factor, and result is max 4096 bits.)
-
-       However, we can fail over to mod_mult for up to 4096 bits of result (modulo
-       multiplication doesn't have the same restriction, so result is simply the
-       number of bits in X plus number of bits in in Y.)
-    */
-    if (hw_words * 32 > 2048) {
-        if (z_words * 32 <= 4096) {
-            /* Note: it's possible to use mpi_mult_mpi_overlong
-               for this case as well, but it's very slightly
-               slower and requires a memory allocation.
-            */
-            return mpi_mult_mpi_failover_mod_mult(Z, X, Y, z_words);
-        } else {
-            /* Still too long for the hardware unit... */
-            if(y_words > x_words) {
-                return mpi_mult_mpi_overlong(Z, X, Y, y_words, z_words);
-            } else {
-                return mpi_mult_mpi_overlong(Z, Y, X, x_words, z_words);
-            }
-        }
-    }
-
-    /* Otherwise, we can use the (faster) multiply hardware unit */
-
-    esp_mpi_acquire_hardware();
-
-    /* Copy X (right-extended) & Y (left-extended) to memory block */
-    mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, hw_words);
-    mpi_to_mem_block(RSA_MEM_Z_BLOCK_BASE + hw_words * 4, Y, hw_words);
-    /* NB: as Y is left-extended, we don't zero the bottom words_mult words of Y block.
-       This is OK for now because zeroing is done by hardware when we do esp_mpi_acquire_hardware().
-    */
-
-    DPORT_REG_WRITE(RSA_M_DASH_REG, 0);
-
-    /* "mode" register loaded with number of 512-bit blocks in result,
-       plus 7 (for range 9-12). (this is ((N~ / 32) - 1) + 8))
-    */
-    DPORT_REG_WRITE(RSA_MULT_MODE_REG, ((hw_words * 2) / 16) + 7);
-
-    start_op(RSA_MULT_START_REG);
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, z_words) );
-
-    wait_op_complete(RSA_MULT_START_REG);
-
-    /* Read back the result */
-    mem_block_to_mpi(Z, RSA_MEM_Z_BLOCK_BASE, z_words);
-
-    Z->s = X->s * Y->s;
-
- cleanup:
-    esp_mpi_release_hardware();
-
-    return ret;
-}
-
-/* Special-case of mbedtls_mpi_mult_mpi(), where we use hardware montgomery mod
-   multiplication to calculate an mbedtls_mpi_mult_mpi result where either
-   A or B are >2048 bits so can't use the standard multiplication method.
-
-   Result (z_words, based on A bits + B bits) must still be less than 4096 bits.
-
-   This case is simpler than the general case modulo multiply of
-   esp_mpi_mul_mpi_mod() because we can control the other arguments:
-
-   * Modulus is chosen with M=(2^num_bits - 1) (ie M=R-1), so output
-   isn't actually modulo anything.
-   * Mprime and Rinv are therefore predictable as follows:
-   Mprime = 1
-   Rinv = 1
-
-   (See RSA Accelerator section in Technical Reference for more about Mprime, Rinv)
-*/
-static int mpi_mult_mpi_failover_mod_mult(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t z_words)
-{
-    int ret = 0;
-    size_t hw_words = hardware_words(z_words);
-
-    /* Load coefficients to hardware */
-    esp_mpi_acquire_hardware();
-
-    /* M = 2^num_words - 1, so block is entirely FF */
-    for(int i = 0; i < hw_words; i++) {
-        DPORT_REG_WRITE(RSA_MEM_M_BLOCK_BASE + i * 4, UINT32_MAX);
-    }
-    /* Mprime = 1 */
-    DPORT_REG_WRITE(RSA_M_DASH_REG, 1);
-
-    /* "mode" register loaded with number of 512-bit blocks, minus 1 */
-    DPORT_REG_WRITE(RSA_MULT_MODE_REG, (hw_words / 16) - 1);
-
-    /* Load X */
-    mpi_to_mem_block(RSA_MEM_X_BLOCK_BASE, X, hw_words);
-
-    /* Rinv = 1 */
-    DPORT_REG_WRITE(RSA_MEM_RB_BLOCK_BASE, 1);
-    for(int i = 1; i < hw_words; i++) {
-        DPORT_REG_WRITE(RSA_MEM_RB_BLOCK_BASE + i * 4, 0);
-    }
-
-    start_op(RSA_MULT_START_REG);
-
-    wait_op_complete(RSA_MULT_START_REG);
-
-    /* finish the modular multiplication */
-    ret = modular_multiply_finish(Z, X, Y, hw_words, z_words);
-
-    esp_mpi_release_hardware();
-
-    return ret;
-}
-
-/* Deal with the case when X & Y are too long for the hardware unit, by splitting one operand
-   into two halves.
-
-   Y must be the longer operand
-
-   Slice Y into Yp, Ypp such that:
-   Yp = lower 'b' bits of Y
-   Ypp = upper 'b' bits of Y (right shifted)
-
-   Such that
-   Z = X * Y
-   Z = X * (Yp + Ypp<<b)
-   Z = (X * Yp) + (X * Ypp<<b)
-
-   Note that this function may recurse multiple times, if both X & Y
-   are too long for the hardware multiplication unit.
-*/
-static int mpi_mult_mpi_overlong(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, size_t y_words, size_t z_words)
-{
-    int ret = 0;
-    mbedtls_mpi Ztemp;
-    /* Rather than slicing in two on bits we slice on limbs (32 bit words) */
-    const size_t words_slice = y_words / 2;
-    /* Yp holds lower bits of Y (declared to reuse Y's array contents to save on copying) */
-    const mbedtls_mpi Yp = {
-        .p = Y->p,
-        .n = words_slice,
-        .s = Y->s
-    };
-    /* Ypp holds upper bits of Y, right shifted (also reuses Y's array contents) */
-    const mbedtls_mpi Ypp = {
-        .p = Y->p + words_slice,
-        .n = y_words - words_slice,
-        .s = Y->s
-    };
-    mbedtls_mpi_init(&Ztemp);
-
-    /* Grow Z to result size early, avoid interim allocations */
-    mbedtls_mpi_grow(Z, z_words);
-
-    /* Get result Ztemp = Yp * X (need temporary variable Ztemp) */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi(&Ztemp, X, &Yp) );
-
-    /* Z = Ypp * Y */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi(Z, X, &Ypp) );
-
-    /* Z = Z << b */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l(Z, words_slice * 32) );
-
-    /* Z += Ztemp */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi(Z, Z, &Ztemp) );
-
- cleanup:
-    mbedtls_mpi_free(&Ztemp);
-
-    return ret;
-}
-
-#endif /* MBEDTLS_MPI_MUL_MPI_ALT */
-
diff --git a/components/mbedtls/port/esp_mem.c b/components/mbedtls/port/esp_mem.c
index c7b8e706..794991fe 100644
--- a/components/mbedtls/port/esp_mem.c
+++ b/components/mbedtls/port/esp_mem.c
@@ -19,18 +19,12 @@
 
 #ifndef CONFIG_MBEDTLS_CUSTOM_MEM_ALLOC
 
-IRAM_ATTR void *esp_mbedtls_mem_calloc(size_t n, size_t size)
+void *esp_mbedtls_mem_calloc(size_t n, size_t size)
 {
-#ifdef CONFIG_MBEDTLS_INTERNAL_MEM_ALLOC
-    return heap_caps_calloc(n, size, MALLOC_CAP_INTERNAL|MALLOC_CAP_8BIT);
-#elif CONFIG_MBEDTLS_EXTERNAL_MEM_ALLOC
-    return heap_caps_calloc(n, size, MALLOC_CAP_SPIRAM|MALLOC_CAP_8BIT);
-#else
     return calloc(n, size);
-#endif
 }
 
-IRAM_ATTR void esp_mbedtls_mem_free(void *ptr)
+void esp_mbedtls_mem_free(void *ptr)
 {
     return heap_caps_free(ptr);
 }
diff --git a/components/mbedtls/port/esp_sha.c b/components/mbedtls/port/esp_sha.c
deleted file mode 100644
index 2c40f2c5..00000000
--- a/components/mbedtls/port/esp_sha.c
+++ /dev/null
@@ -1,79 +0,0 @@
-// Copyright 2018-2019 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include <string.h>
-#include <stdio.h>
-#include <assert.h>
-
-#include "esp32/sha.h"
-#include <mbedtls/sha1.h>
-#include <mbedtls/sha256.h>
-#include <mbedtls/sha512.h>
-
-void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output)
-{
-    int ret;
-    assert(input != NULL && output != NULL);
-
-    if (sha_type == SHA1) {
-
-        mbedtls_sha1_context *ctx1 = (mbedtls_sha1_context *)malloc(sizeof(mbedtls_sha1_context));
-        assert(ctx1 != NULL);
-        mbedtls_sha1_starts_ret(ctx1);
-        ret = mbedtls_sha1_update_ret(ctx1, input, ilen);
-        assert(ret == 0);
-        ret = mbedtls_sha1_finish_ret(ctx1, output);
-        assert(ret == 0);
-        mbedtls_sha1_free(ctx1);
-        free(ctx1);
-
-    } else if (sha_type == SHA2_256) {
-
-        mbedtls_sha256_context *ctx256 = (mbedtls_sha256_context *)malloc(sizeof(mbedtls_sha256_context));
-        assert(ctx256 != NULL);
-        mbedtls_sha256_starts_ret(ctx256, 0);
-        ret = mbedtls_sha256_update_ret(ctx256, input, ilen);
-        assert(ret == 0);
-        ret = mbedtls_sha256_finish_ret(ctx256, output);
-        assert(ret == 0);
-        mbedtls_sha256_free(ctx256);
-        free(ctx256);
-
-    } else if (sha_type == SHA2_384) {
-
-        mbedtls_sha512_context *ctx384 = (mbedtls_sha512_context *)malloc(sizeof(mbedtls_sha512_context));
-        assert(ctx384 != NULL);
-        mbedtls_sha512_starts_ret(ctx384, 1);
-        ret = mbedtls_sha512_update_ret(ctx384, input, ilen);
-        assert(ret == 0);
-        ret = mbedtls_sha512_finish_ret(ctx384, output);
-        assert(ret == 0);
-        mbedtls_sha512_free(ctx384);
-        free(ctx384);
-
-    } else if (sha_type == SHA2_512) {
-
-        mbedtls_sha512_context *ctx512 = (mbedtls_sha512_context *)malloc(sizeof(mbedtls_sha512_context));
-        assert(ctx512 != NULL);
-        mbedtls_sha512_starts_ret(ctx512, 0);
-        ret = mbedtls_sha512_update_ret(ctx512, input, ilen);
-        assert(ret == 0);
-        ret = mbedtls_sha512_finish_ret(ctx512, output);
-        assert(ret == 0);
-        mbedtls_sha512_free(ctx512);
-        free(ctx512);
-
-    }
-
-}
diff --git a/components/mbedtls/port/esp_sha1.c b/components/mbedtls/port/esp_sha1.c
deleted file mode 100644
index ba5231b9..00000000
--- a/components/mbedtls/port/esp_sha1.c
+++ /dev/null
@@ -1,451 +0,0 @@
-/*
- *  SHA-1 implementation with hardware ESP32 support added.
- *  Uses mbedTLS software implementation for failover when concurrent
- *  SHA operations are in use.
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-/*
- *  The SHA-1 standard was published by NIST in 1993.
- *
- *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT)
-
-#include "mbedtls/sha1.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#include "esp32/sha.h"
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
-}
-
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
-        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 3]       );            \
-}
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i)                            \
-{                                                       \
-    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
-}
-#endif
-
-void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
-}
-
-void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) {
-        esp_sha_unlock_engine(SHA1);
-    }
-    mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
-}
-
-void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
-                         const mbedtls_sha1_context *src )
-{
-    *dst = *src;
-
-    if (src->mode == ESP_MBEDTLS_SHA1_HARDWARE) {
-        /* Copy hardware digest state out to cloned state,
-           which will be a software digest.
-        */
-        esp_sha_read_digest_state(SHA1, dst->state);
-        dst->mode = ESP_MBEDTLS_SHA1_SOFTWARE;
-    }
-}
-
-
-/*
- * SHA-1 context setup
- */
-int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
-{
-    ctx->total[0] = 0;
-    ctx->total[1] = 0;
-
-    ctx->state[0] = 0x67452301;
-    ctx->state[1] = 0xEFCDAB89;
-    ctx->state[2] = 0x98BADCFE;
-    ctx->state[3] = 0x10325476;
-    ctx->state[4] = 0xC3D2E1F0;
-
-    if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) {
-        esp_sha_unlock_engine(SHA1);
-    }
-    ctx->mode = ESP_MBEDTLS_SHA1_UNUSED;
-
-    return 0;
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
-{
-    mbedtls_sha1_starts_ret( ctx );
-}
-#endif
-
-static void mbedtls_sha1_software_process( mbedtls_sha1_context *ctx, const unsigned char data[64] );
-
-int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] )
-{
-    bool first_block = false;
-    if (ctx->mode == ESP_MBEDTLS_SHA1_UNUSED) {
-        /* try to use hardware for this digest */
-        if (esp_sha_try_lock_engine(SHA1)) {
-            ctx->mode = ESP_MBEDTLS_SHA1_HARDWARE;
-            first_block = true;
-        } else {
-            ctx->mode = ESP_MBEDTLS_SHA1_SOFTWARE;
-        }
-    }
-
-    if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) {
-        esp_sha_block(SHA1, data, first_block);
-    } else {
-        mbedtls_sha1_software_process(ctx, data);
-    }
-
-    return 0;
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
-                           const unsigned char data[64] )
-{
-    mbedtls_internal_sha1_process( ctx, data );
-}
-#endif
-
-
-static void mbedtls_sha1_software_process( mbedtls_sha1_context *ctx, const unsigned char data[64] )
-{
-    uint32_t temp, W[16], A, B, C, D, E;
-
-    GET_UINT32_BE( W[ 0], data,  0 );
-    GET_UINT32_BE( W[ 1], data,  4 );
-    GET_UINT32_BE( W[ 2], data,  8 );
-    GET_UINT32_BE( W[ 3], data, 12 );
-    GET_UINT32_BE( W[ 4], data, 16 );
-    GET_UINT32_BE( W[ 5], data, 20 );
-    GET_UINT32_BE( W[ 6], data, 24 );
-    GET_UINT32_BE( W[ 7], data, 28 );
-    GET_UINT32_BE( W[ 8], data, 32 );
-    GET_UINT32_BE( W[ 9], data, 36 );
-    GET_UINT32_BE( W[10], data, 40 );
-    GET_UINT32_BE( W[11], data, 44 );
-    GET_UINT32_BE( W[12], data, 48 );
-    GET_UINT32_BE( W[13], data, 52 );
-    GET_UINT32_BE( W[14], data, 56 );
-    GET_UINT32_BE( W[15], data, 60 );
-
-#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
-
-#define R(t)                                            \
-(                                                       \
-    temp = W[( t -  3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \
-           W[( t - 14 ) & 0x0F] ^ W[  t       & 0x0F],  \
-    ( W[t & 0x0F] = S(temp,1) )                         \
-)
-
-#define P(a,b,c,d,e,x)                                  \
-{                                                       \
-    e += S(a,5) + F(b,c,d) + K + x; b = S(b,30);        \
-}
-
-    A = ctx->state[0];
-    B = ctx->state[1];
-    C = ctx->state[2];
-    D = ctx->state[3];
-    E = ctx->state[4];
-
-#define F(x,y,z) (z ^ (x & (y ^ z)))
-#define K 0x5A827999
-
-    P( A, B, C, D, E, W[0]  );
-    P( E, A, B, C, D, W[1]  );
-    P( D, E, A, B, C, W[2]  );
-    P( C, D, E, A, B, W[3]  );
-    P( B, C, D, E, A, W[4]  );
-    P( A, B, C, D, E, W[5]  );
-    P( E, A, B, C, D, W[6]  );
-    P( D, E, A, B, C, W[7]  );
-    P( C, D, E, A, B, W[8]  );
-    P( B, C, D, E, A, W[9]  );
-    P( A, B, C, D, E, W[10] );
-    P( E, A, B, C, D, W[11] );
-    P( D, E, A, B, C, W[12] );
-    P( C, D, E, A, B, W[13] );
-    P( B, C, D, E, A, W[14] );
-    P( A, B, C, D, E, W[15] );
-    P( E, A, B, C, D, R(16) );
-    P( D, E, A, B, C, R(17) );
-    P( C, D, E, A, B, R(18) );
-    P( B, C, D, E, A, R(19) );
-
-#undef K
-#undef F
-
-#define F(x,y,z) (x ^ y ^ z)
-#define K 0x6ED9EBA1
-
-    P( A, B, C, D, E, R(20) );
-    P( E, A, B, C, D, R(21) );
-    P( D, E, A, B, C, R(22) );
-    P( C, D, E, A, B, R(23) );
-    P( B, C, D, E, A, R(24) );
-    P( A, B, C, D, E, R(25) );
-    P( E, A, B, C, D, R(26) );
-    P( D, E, A, B, C, R(27) );
-    P( C, D, E, A, B, R(28) );
-    P( B, C, D, E, A, R(29) );
-    P( A, B, C, D, E, R(30) );
-    P( E, A, B, C, D, R(31) );
-    P( D, E, A, B, C, R(32) );
-    P( C, D, E, A, B, R(33) );
-    P( B, C, D, E, A, R(34) );
-    P( A, B, C, D, E, R(35) );
-    P( E, A, B, C, D, R(36) );
-    P( D, E, A, B, C, R(37) );
-    P( C, D, E, A, B, R(38) );
-    P( B, C, D, E, A, R(39) );
-
-#undef K
-#undef F
-
-#define F(x,y,z) ((x & y) | (z & (x | y)))
-#define K 0x8F1BBCDC
-
-    P( A, B, C, D, E, R(40) );
-    P( E, A, B, C, D, R(41) );
-    P( D, E, A, B, C, R(42) );
-    P( C, D, E, A, B, R(43) );
-    P( B, C, D, E, A, R(44) );
-    P( A, B, C, D, E, R(45) );
-    P( E, A, B, C, D, R(46) );
-    P( D, E, A, B, C, R(47) );
-    P( C, D, E, A, B, R(48) );
-    P( B, C, D, E, A, R(49) );
-    P( A, B, C, D, E, R(50) );
-    P( E, A, B, C, D, R(51) );
-    P( D, E, A, B, C, R(52) );
-    P( C, D, E, A, B, R(53) );
-    P( B, C, D, E, A, R(54) );
-    P( A, B, C, D, E, R(55) );
-    P( E, A, B, C, D, R(56) );
-    P( D, E, A, B, C, R(57) );
-    P( C, D, E, A, B, R(58) );
-    P( B, C, D, E, A, R(59) );
-
-#undef K
-#undef F
-
-#define F(x,y,z) (x ^ y ^ z)
-#define K 0xCA62C1D6
-
-    P( A, B, C, D, E, R(60) );
-    P( E, A, B, C, D, R(61) );
-    P( D, E, A, B, C, R(62) );
-    P( C, D, E, A, B, R(63) );
-    P( B, C, D, E, A, R(64) );
-    P( A, B, C, D, E, R(65) );
-    P( E, A, B, C, D, R(66) );
-    P( D, E, A, B, C, R(67) );
-    P( C, D, E, A, B, R(68) );
-    P( B, C, D, E, A, R(69) );
-    P( A, B, C, D, E, R(70) );
-    P( E, A, B, C, D, R(71) );
-    P( D, E, A, B, C, R(72) );
-    P( C, D, E, A, B, R(73) );
-    P( B, C, D, E, A, R(74) );
-    P( A, B, C, D, E, R(75) );
-    P( E, A, B, C, D, R(76) );
-    P( D, E, A, B, C, R(77) );
-    P( C, D, E, A, B, R(78) );
-    P( B, C, D, E, A, R(79) );
-
-#undef K
-#undef F
-
-    ctx->state[0] += A;
-    ctx->state[1] += B;
-    ctx->state[2] += C;
-    ctx->state[3] += D;
-    ctx->state[4] += E;
-}
-
-/*
- * SHA-1 process buffer
- */
-int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen )
-{
-    int ret;
-    size_t fill;
-    uint32_t left;
-
-    if( ilen == 0 )
-        return 0;
-
-    left = ctx->total[0] & 0x3F;
-    fill = 64 - left;
-
-    ctx->total[0] += (uint32_t) ilen;
-    ctx->total[0] &= 0xFFFFFFFF;
-
-    if( ctx->total[0] < (uint32_t) ilen )
-        ctx->total[1]++;
-
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, fill );
-
-        if ( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 ) {
-            return ret;
-        }
-
-        input += fill;
-        ilen  -= fill;
-        left = 0;
-    }
-
-    while( ilen >= 64 )
-    {
-        if ( ( ret = mbedtls_internal_sha1_process( ctx, input ) ) != 0 ) {
-            return ret;
-        }
-
-        input += 64;
-        ilen  -= 64;
-    }
-
-    if( ilen > 0 )
-        memcpy( (void *) (ctx->buffer + left), input, ilen );
-
-    return 0;
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
-                          const unsigned char *input,
-                          size_t ilen )
-{
-    mbedtls_sha1_update_ret( ctx, input, ilen );
-}
-#endif
-
-static const unsigned char sha1_padding[64] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/*
-* SHA-1 final digest
- */
-int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] )
-{
-    int ret;
-    uint32_t last, padn;
-    uint32_t high, low;
-    unsigned char msglen[8];
-
-    high = ( ctx->total[0] >> 29 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
-
-    PUT_UINT32_BE( high, msglen, 0 );
-    PUT_UINT32_BE( low,  msglen, 4 );
-
-    last = ctx->total[0] & 0x3F;
-    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
-
-    if ( ( ret = mbedtls_sha1_update_ret( ctx, sha1_padding, padn ) ) != 0 ) {
-        goto out;
-    }
-    if ( ( ret = mbedtls_sha1_update_ret( ctx, msglen, 8 ) ) != 0 ) {
-        goto out;
-    }
-
-    /* if state is in hardware, read it out */
-    if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) {
-        esp_sha_read_digest_state(SHA1, ctx->state);
-    }
-
-    PUT_UINT32_BE( ctx->state[0], output,  0 );
-    PUT_UINT32_BE( ctx->state[1], output,  4 );
-    PUT_UINT32_BE( ctx->state[2], output,  8 );
-    PUT_UINT32_BE( ctx->state[3], output, 12 );
-    PUT_UINT32_BE( ctx->state[4], output, 16 );
-
-out:
-    if (ctx->mode == ESP_MBEDTLS_SHA1_HARDWARE) {
-        esp_sha_unlock_engine(SHA1);
-        ctx->mode = ESP_MBEDTLS_SHA1_SOFTWARE;
-    }
-
-    return ret;
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
-                          unsigned char output[20] )
-{
-    mbedtls_sha1_finish_ret( ctx, output );
-}
-#endif
-
-#endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */
diff --git a/components/mbedtls/port/esp_sha256.c b/components/mbedtls/port/esp_sha256.c
deleted file mode 100644
index 7a1e2a14..00000000
--- a/components/mbedtls/port/esp_sha256.c
+++ /dev/null
@@ -1,422 +0,0 @@
-/*
- *  SHA-256 implementation with hardware ESP32 support added.
- *  Uses mbedTLS software implementation for failover when concurrent
- *  SHA operations are in use.
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-
-/*
- *  The SHA-256 Secure Hash Standard was published by NIST in 2002.
- *
- *  http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_SHA256_ALT)
-
-#include "mbedtls/sha256.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#include "esp32/sha.h"
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i)                            \
-do {                                                    \
-    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
-        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
-        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
-        | ( (uint32_t) (b)[(i) + 3]       );            \
-} while( 0 )
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i)                            \
-do {                                                    \
-    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
-} while( 0 )
-#endif
-
-void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
-}
-
-void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) {
-        esp_sha_unlock_engine(SHA2_256);
-    }
-    mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
-}
-
-void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
-                           const mbedtls_sha256_context *src )
-{
-    *dst = *src;
-
-    if (src->mode == ESP_MBEDTLS_SHA256_HARDWARE) {
-        /* Copy hardware digest state out to cloned state,
-           which will become a software digest.
-        */
-        esp_sha_read_digest_state(SHA2_256, dst->state);
-        dst->mode = ESP_MBEDTLS_SHA256_SOFTWARE;
-    }
-}
-
-/*
- * SHA-256 context setup
- */
-int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
-{
-    ctx->total[0] = 0;
-    ctx->total[1] = 0;
-
-    if( is224 == 0 )
-    {
-        /* SHA-256 */
-        ctx->state[0] = 0x6A09E667;
-        ctx->state[1] = 0xBB67AE85;
-        ctx->state[2] = 0x3C6EF372;
-        ctx->state[3] = 0xA54FF53A;
-        ctx->state[4] = 0x510E527F;
-        ctx->state[5] = 0x9B05688C;
-        ctx->state[6] = 0x1F83D9AB;
-        ctx->state[7] = 0x5BE0CD19;
-    }
-    else
-    {
-        /* SHA-224 */
-        ctx->state[0] = 0xC1059ED8;
-        ctx->state[1] = 0x367CD507;
-        ctx->state[2] = 0x3070DD17;
-        ctx->state[3] = 0xF70E5939;
-        ctx->state[4] = 0xFFC00B31;
-        ctx->state[5] = 0x68581511;
-        ctx->state[6] = 0x64F98FA7;
-        ctx->state[7] = 0xBEFA4FA4;
-    }
-
-    ctx->is224 = is224;
-    if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) {
-        esp_sha_unlock_engine(SHA2_256);
-    }
-    ctx->mode = ESP_MBEDTLS_SHA256_UNUSED;
-    return 0;
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
-                            int is224 )
-{
-    mbedtls_sha256_starts_ret( ctx, is224 );
-}
-#endif
-
-static const uint32_t K[] =
-{
-    0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
-    0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
-    0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
-    0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
-    0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
-    0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
-    0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
-    0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
-    0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
-    0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
-    0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
-    0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
-    0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
-    0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
-    0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
-    0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
-};
-
-#define  SHR(x,n) ((x & 0xFFFFFFFF) >> n)
-#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
-
-#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^  SHR(x, 3))
-#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^  SHR(x,10))
-
-#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
-#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
-
-#define F0(x,y,z) ((x & y) | (z & (x | y)))
-#define F1(x,y,z) (z ^ (x & (y ^ z)))
-
-#define R(t)                                    \
-(                                               \
-    W[t] = S1(W[t -  2]) + W[t -  7] +          \
-           S0(W[t - 15]) + W[t - 16]            \
-)
-
-#define P(a,b,c,d,e,f,g,h,x,K)                  \
-{                                               \
-    temp1 = h + S3(e) + F1(e,f,g) + K + x;      \
-    temp2 = S2(a) + F0(a,b,c);                  \
-    d += temp1; h = temp1 + temp2;              \
-}
-
-static void mbedtls_sha256_software_process( mbedtls_sha256_context *ctx, const unsigned char data[64] );
-
-int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] )
-{
-    bool first_block = false;
-
-    if (ctx->mode == ESP_MBEDTLS_SHA256_UNUSED) {
-        /* try to use hardware for this digest */
-        if (!ctx->is224 && esp_sha_try_lock_engine(SHA2_256)) {
-            ctx->mode = ESP_MBEDTLS_SHA256_HARDWARE;
-            first_block = true;
-        } else {
-            ctx->mode = ESP_MBEDTLS_SHA256_SOFTWARE;
-        }
-    }
-
-    if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) {
-        esp_sha_block(SHA2_256, data, first_block);
-    } else {
-        mbedtls_sha256_software_process(ctx, data);
-    }
-
-    return 0;
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
-                             const unsigned char data[64] )
-{
-    mbedtls_internal_sha256_process( ctx, data );
-}
-#endif
-
-static void mbedtls_sha256_software_process( mbedtls_sha256_context *ctx, const unsigned char data[64] )
-{
-    uint32_t temp1, temp2, W[64];
-    uint32_t A[8];
-    unsigned int i;
-
-    for( i = 0; i < 8; i++ )
-        A[i] = ctx->state[i];
-
-#if defined(MBEDTLS_SHA256_SMALLER)
-    for( i = 0; i < 64; i++ )
-    {
-        if( i < 16 )
-            GET_UINT32_BE( W[i], data, 4 * i );
-        else
-            R( i );
-
-        P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
-
-        temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
-        A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
-    }
-#else /* MBEDTLS_SHA256_SMALLER */
-    for( i = 0; i < 16; i++ )
-        GET_UINT32_BE( W[i], data, 4 * i );
-
-    for( i = 0; i < 16; i += 8 )
-    {
-        P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
-        P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
-        P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
-        P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
-        P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
-        P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
-        P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
-        P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
-    }
-
-    for( i = 16; i < 64; i += 8 )
-    {
-        P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
-        P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
-        P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
-        P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
-        P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
-        P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
-        P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
-        P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
-    }
-#endif /* MBEDTLS_SHA256_SMALLER */
-
-    for( i = 0; i < 8; i++ )
-        ctx->state[i] += A[i];
-}
-
-/*
- * SHA-256 process buffer
- */
-int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input,
-                    size_t ilen )
-{
-    int ret;
-    size_t fill;
-    uint32_t left;
-
-    if( ilen == 0 )
-        return 0;
-
-    left = ctx->total[0] & 0x3F;
-    fill = 64 - left;
-
-    ctx->total[0] += (uint32_t) ilen;
-    ctx->total[0] &= 0xFFFFFFFF;
-
-    if( ctx->total[0] < (uint32_t) ilen )
-        ctx->total[1]++;
-
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, fill );
-
-        if ( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) {
-            return ret;
-        }
-
-        input += fill;
-        ilen  -= fill;
-        left = 0;
-    }
-
-    while( ilen >= 64 )
-    {
-        if ( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 ) {
-            return ret;
-        }
-
-        input += 64;
-        ilen  -= 64;
-    }
-
-    if( ilen > 0 )
-        memcpy( (void *) (ctx->buffer + left), input, ilen );
-
-    return 0;
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
-                            const unsigned char *input,
-                            size_t ilen )
-{
-    mbedtls_sha256_update_ret( ctx, input, ilen );
-}
-#endif
-
-static const unsigned char sha256_padding[64] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/*
- * SHA-256 final digest
- */
-int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] )
-{
-    int ret;
-    uint32_t last, padn;
-    uint32_t high, low;
-    unsigned char msglen[8];
-
-    high = ( ctx->total[0] >> 29 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
-
-    PUT_UINT32_BE( high, msglen, 0 );
-    PUT_UINT32_BE( low,  msglen, 4 );
-
-    last = ctx->total[0] & 0x3F;
-    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
-
-    if ( ( ret = mbedtls_sha256_update_ret( ctx, sha256_padding, padn ) ) != 0 ) {
-        goto out;
-    }
-
-    if ( ( ret = mbedtls_sha256_update_ret( ctx, msglen, 8 ) ) != 0 ) {
-        goto out;
-    }
-
-    /* if state is in hardware, read it out */
-    if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) {
-        esp_sha_read_digest_state(SHA2_256, ctx->state);
-    }
-
-    PUT_UINT32_BE( ctx->state[0], output,  0 );
-    PUT_UINT32_BE( ctx->state[1], output,  4 );
-    PUT_UINT32_BE( ctx->state[2], output,  8 );
-    PUT_UINT32_BE( ctx->state[3], output, 12 );
-    PUT_UINT32_BE( ctx->state[4], output, 16 );
-    PUT_UINT32_BE( ctx->state[5], output, 20 );
-    PUT_UINT32_BE( ctx->state[6], output, 24 );
-
-    if( ctx->is224 == 0 )
-        PUT_UINT32_BE( ctx->state[7], output, 28 );
-
-out:
-    if (ctx->mode == ESP_MBEDTLS_SHA256_HARDWARE) {
-        esp_sha_unlock_engine(SHA2_256);
-        ctx->mode = ESP_MBEDTLS_SHA256_SOFTWARE;
-    }
-
-    return ret;
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
-                            unsigned char output[32] )
-{
-    mbedtls_sha256_finish_ret( ctx, output );
-}
-#endif
-
-#endif /* MBEDTLS_SHA256_C && MBEDTLS_SHA256_ALT */
diff --git a/components/mbedtls/port/esp_sha512.c b/components/mbedtls/port/esp_sha512.c
deleted file mode 100644
index 58cd7909..00000000
--- a/components/mbedtls/port/esp_sha512.c
+++ /dev/null
@@ -1,469 +0,0 @@
-/*
- *  SHA-512 implementation with hardware ESP32 support added.
- *  Uses mbedTLS software implementation for failover when concurrent
- *  SHA operations are in use.
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-
-/*
- *  The SHA-512 Secure Hash Standard was published by NIST in 2002.
- *
- *  http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA512_ALT)
-
-#include "mbedtls/sha512.h"
-
-#if defined(_MSC_VER) || defined(__WATCOMC__)
-  #define UL64(x) x##ui64
-#else
-  #define UL64(x) x##ULL
-#endif
-
-#include <string.h>
-
-#if defined(MBEDTLS_SELF_TEST)
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#define mbedtls_printf printf
-#endif /* MBEDTLS_PLATFORM_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#include "esp32/sha.h"
-
-inline static esp_sha_type sha_type(const mbedtls_sha512_context *ctx)
-{
-    return ctx->is384 ? SHA2_384 : SHA2_512;
-}
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
-/*
- * 64-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT64_BE
-#define GET_UINT64_BE(n,b,i)                            \
-{                                                       \
-    (n) = ( (uint64_t) (b)[(i)    ] << 56 )       \
-        | ( (uint64_t) (b)[(i) + 1] << 48 )       \
-        | ( (uint64_t) (b)[(i) + 2] << 40 )       \
-        | ( (uint64_t) (b)[(i) + 3] << 32 )       \
-        | ( (uint64_t) (b)[(i) + 4] << 24 )       \
-        | ( (uint64_t) (b)[(i) + 5] << 16 )       \
-        | ( (uint64_t) (b)[(i) + 6] <<  8 )       \
-        | ( (uint64_t) (b)[(i) + 7]       );      \
-}
-#endif /* GET_UINT64_BE */
-
-#ifndef PUT_UINT64_BE
-#define PUT_UINT64_BE(n,b,i)                            \
-{                                                       \
-    (b)[(i)    ] = (unsigned char) ( (n) >> 56 );       \
-    (b)[(i) + 1] = (unsigned char) ( (n) >> 48 );       \
-    (b)[(i) + 2] = (unsigned char) ( (n) >> 40 );       \
-    (b)[(i) + 3] = (unsigned char) ( (n) >> 32 );       \
-    (b)[(i) + 4] = (unsigned char) ( (n) >> 24 );       \
-    (b)[(i) + 5] = (unsigned char) ( (n) >> 16 );       \
-    (b)[(i) + 6] = (unsigned char) ( (n) >>  8 );       \
-    (b)[(i) + 7] = (unsigned char) ( (n)       );       \
-}
-#endif /* PUT_UINT64_BE */
-
-void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
-}
-
-void mbedtls_sha512_free( mbedtls_sha512_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) {
-        esp_sha_unlock_engine(sha_type(ctx));
-    }
-    mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
-}
-
-void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
-                           const mbedtls_sha512_context *src )
-{
-    *dst = *src;
-
-    if (src->mode == ESP_MBEDTLS_SHA512_HARDWARE) {
-        /* Copy hardware digest state out to cloned state,
-           which will be a software digest.
-
-           Always read 512 bits of state, even for SHA-384
-           (SHA-384 state is identical to SHA-512, only
-           digest is truncated.)
-        */
-        esp_sha_read_digest_state(SHA2_512, dst->state);
-        dst->mode = ESP_MBEDTLS_SHA512_SOFTWARE;
-    }
-}
-
-
-/*
- * SHA-512 context setup
- */
-int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
-{
-    ctx->total[0] = 0;
-    ctx->total[1] = 0;
-
-    if( is384 == 0 )
-    {
-        /* SHA-512 */
-        ctx->state[0] = UL64(0x6A09E667F3BCC908);
-        ctx->state[1] = UL64(0xBB67AE8584CAA73B);
-        ctx->state[2] = UL64(0x3C6EF372FE94F82B);
-        ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
-        ctx->state[4] = UL64(0x510E527FADE682D1);
-        ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
-        ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
-        ctx->state[7] = UL64(0x5BE0CD19137E2179);
-    }
-    else
-    {
-        /* SHA-384 */
-        ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
-        ctx->state[1] = UL64(0x629A292A367CD507);
-        ctx->state[2] = UL64(0x9159015A3070DD17);
-        ctx->state[3] = UL64(0x152FECD8F70E5939);
-        ctx->state[4] = UL64(0x67332667FFC00B31);
-        ctx->state[5] = UL64(0x8EB44A8768581511);
-        ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
-        ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
-    }
-
-    ctx->is384 = is384;
-    if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) {
-        esp_sha_unlock_engine(sha_type(ctx));
-    }
-    ctx->mode = ESP_MBEDTLS_SHA512_UNUSED;
-
-    return 0;
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
-                            int is384 )
-{
-    mbedtls_sha512_starts_ret( ctx, is384 );
-}
-#endif
-
-/*
- * Round constants
- */
-static const uint64_t K[80] =
-{
-    UL64(0x428A2F98D728AE22),  UL64(0x7137449123EF65CD),
-    UL64(0xB5C0FBCFEC4D3B2F),  UL64(0xE9B5DBA58189DBBC),
-    UL64(0x3956C25BF348B538),  UL64(0x59F111F1B605D019),
-    UL64(0x923F82A4AF194F9B),  UL64(0xAB1C5ED5DA6D8118),
-    UL64(0xD807AA98A3030242),  UL64(0x12835B0145706FBE),
-    UL64(0x243185BE4EE4B28C),  UL64(0x550C7DC3D5FFB4E2),
-    UL64(0x72BE5D74F27B896F),  UL64(0x80DEB1FE3B1696B1),
-    UL64(0x9BDC06A725C71235),  UL64(0xC19BF174CF692694),
-    UL64(0xE49B69C19EF14AD2),  UL64(0xEFBE4786384F25E3),
-    UL64(0x0FC19DC68B8CD5B5),  UL64(0x240CA1CC77AC9C65),
-    UL64(0x2DE92C6F592B0275),  UL64(0x4A7484AA6EA6E483),
-    UL64(0x5CB0A9DCBD41FBD4),  UL64(0x76F988DA831153B5),
-    UL64(0x983E5152EE66DFAB),  UL64(0xA831C66D2DB43210),
-    UL64(0xB00327C898FB213F),  UL64(0xBF597FC7BEEF0EE4),
-    UL64(0xC6E00BF33DA88FC2),  UL64(0xD5A79147930AA725),
-    UL64(0x06CA6351E003826F),  UL64(0x142929670A0E6E70),
-    UL64(0x27B70A8546D22FFC),  UL64(0x2E1B21385C26C926),
-    UL64(0x4D2C6DFC5AC42AED),  UL64(0x53380D139D95B3DF),
-    UL64(0x650A73548BAF63DE),  UL64(0x766A0ABB3C77B2A8),
-    UL64(0x81C2C92E47EDAEE6),  UL64(0x92722C851482353B),
-    UL64(0xA2BFE8A14CF10364),  UL64(0xA81A664BBC423001),
-    UL64(0xC24B8B70D0F89791),  UL64(0xC76C51A30654BE30),
-    UL64(0xD192E819D6EF5218),  UL64(0xD69906245565A910),
-    UL64(0xF40E35855771202A),  UL64(0x106AA07032BBD1B8),
-    UL64(0x19A4C116B8D2D0C8),  UL64(0x1E376C085141AB53),
-    UL64(0x2748774CDF8EEB99),  UL64(0x34B0BCB5E19B48A8),
-    UL64(0x391C0CB3C5C95A63),  UL64(0x4ED8AA4AE3418ACB),
-    UL64(0x5B9CCA4F7763E373),  UL64(0x682E6FF3D6B2B8A3),
-    UL64(0x748F82EE5DEFB2FC),  UL64(0x78A5636F43172F60),
-    UL64(0x84C87814A1F0AB72),  UL64(0x8CC702081A6439EC),
-    UL64(0x90BEFFFA23631E28),  UL64(0xA4506CEBDE82BDE9),
-    UL64(0xBEF9A3F7B2C67915),  UL64(0xC67178F2E372532B),
-    UL64(0xCA273ECEEA26619C),  UL64(0xD186B8C721C0C207),
-    UL64(0xEADA7DD6CDE0EB1E),  UL64(0xF57D4F7FEE6ED178),
-    UL64(0x06F067AA72176FBA),  UL64(0x0A637DC5A2C898A6),
-    UL64(0x113F9804BEF90DAE),  UL64(0x1B710B35131C471B),
-    UL64(0x28DB77F523047D84),  UL64(0x32CAAB7B40C72493),
-    UL64(0x3C9EBE0A15C9BEBC),  UL64(0x431D67C49C100D4C),
-    UL64(0x4CC5D4BECB3E42B6),  UL64(0x597F299CFC657E2A),
-    UL64(0x5FCB6FAB3AD6FAEC),  UL64(0x6C44198C4A475817)
-};
-
-static void mbedtls_sha512_software_process( mbedtls_sha512_context *ctx, const unsigned char data[128] );
-
-int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] )
-{
-    bool first_block = false;
-
-    if (ctx->mode == ESP_MBEDTLS_SHA512_UNUSED) {
-        /* try to use hardware for this digest */
-        if (esp_sha_try_lock_engine(sha_type(ctx))) {
-            ctx->mode = ESP_MBEDTLS_SHA512_HARDWARE;
-            first_block = true;
-        } else {
-            ctx->mode = ESP_MBEDTLS_SHA512_SOFTWARE;
-        }
-    }
-
-    if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) {
-        esp_sha_block(sha_type(ctx), data, first_block);
-    } else {
-        mbedtls_sha512_software_process(ctx, data);
-    }
-
-    return 0;
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512_process( mbedtls_sha512_context *ctx,
-                             const unsigned char data[128] )
-{
-    mbedtls_internal_sha512_process( ctx, data );
-}
-#endif
-
-
-static void mbedtls_sha512_software_process( mbedtls_sha512_context *ctx, const unsigned char data[128] )
-{
-    int i;
-    uint64_t temp1, temp2, W[80];
-    uint64_t A, B, C, D, E, F, G, H;
-
-#define  SHR(x,n) (x >> n)
-#define ROTR(x,n) (SHR(x,n) | (x << (64 - n)))
-
-#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^  SHR(x, 7))
-#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^  SHR(x, 6))
-
-#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
-#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
-
-#define F0(x,y,z) ((x & y) | (z & (x | y)))
-#define F1(x,y,z) (z ^ (x & (y ^ z)))
-
-#define P(a,b,c,d,e,f,g,h,x,K)                  \
-{                                               \
-    temp1 = h + S3(e) + F1(e,f,g) + K + x;      \
-    temp2 = S2(a) + F0(a,b,c);                  \
-    d += temp1; h = temp1 + temp2;              \
-}
-
-    for( i = 0; i < 16; i++ )
-    {
-        GET_UINT64_BE( W[i], data, i << 3 );
-    }
-
-    for( ; i < 80; i++ )
-    {
-        W[i] = S1(W[i -  2]) + W[i -  7] +
-               S0(W[i - 15]) + W[i - 16];
-    }
-
-    A = ctx->state[0];
-    B = ctx->state[1];
-    C = ctx->state[2];
-    D = ctx->state[3];
-    E = ctx->state[4];
-    F = ctx->state[5];
-    G = ctx->state[6];
-    H = ctx->state[7];
-    i = 0;
-
-    do
-    {
-        P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++;
-        P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++;
-        P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++;
-        P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++;
-        P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++;
-        P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++;
-        P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++;
-        P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++;
-    }
-    while( i < 80 );
-
-    ctx->state[0] += A;
-    ctx->state[1] += B;
-    ctx->state[2] += C;
-    ctx->state[3] += D;
-    ctx->state[4] += E;
-    ctx->state[5] += F;
-    ctx->state[6] += G;
-    ctx->state[7] += H;
-}
-
-/*
- * SHA-512 process buffer
- */
-int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input,
-                    size_t ilen )
-{
-    int ret;
-    size_t fill;
-    unsigned int left;
-
-    if( ilen == 0 )
-        return 0;
-
-    left = (unsigned int) (ctx->total[0] & 0x7F);
-    fill = 128 - left;
-
-    ctx->total[0] += (uint64_t) ilen;
-
-    if( ctx->total[0] < (uint64_t) ilen )
-        ctx->total[1]++;
-
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, fill );
-        if ( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 ) {
-            return ret;
-        }
-
-        input += fill;
-        ilen  -= fill;
-        left = 0;
-    }
-
-    while( ilen >= 128 )
-    {
-        if ( ( ret = mbedtls_internal_sha512_process( ctx, input ) ) != 0 ) {
-            return ret;
-        }
-
-        input += 128;
-        ilen  -= 128;
-    }
-
-    if( ilen > 0 )
-        memcpy( (void *) (ctx->buffer + left), input, ilen );
-
-    return 0;
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
-                            const unsigned char *input,
-                            size_t ilen )
-{
-    mbedtls_sha512_update_ret( ctx, input, ilen );
-}
-#endif
-
-
-static const unsigned char sha512_padding[128] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/*
- * SHA-512 final digest
- */
-int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] )
-{
-    int ret;
-    size_t last, padn;
-    uint64_t high, low;
-    unsigned char msglen[16];
-
-    high = ( ctx->total[0] >> 61 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
-
-    PUT_UINT64_BE( high, msglen, 0 );
-    PUT_UINT64_BE( low,  msglen, 8 );
-
-    last = (size_t)( ctx->total[0] & 0x7F );
-    padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
-
-    if ( ( ret = mbedtls_sha512_update_ret( ctx, sha512_padding, padn ) ) != 0 ) {
-        goto out;
-    }
-
-    if ( ( ret = mbedtls_sha512_update_ret( ctx, msglen, 16 ) ) != 0 ) {
-        goto out;
-    }
-
-    /* if state is in hardware, read it out */
-    if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) {
-        esp_sha_read_digest_state(sha_type(ctx), ctx->state);
-    }
-
-    PUT_UINT64_BE( ctx->state[0], output,  0 );
-    PUT_UINT64_BE( ctx->state[1], output,  8 );
-    PUT_UINT64_BE( ctx->state[2], output, 16 );
-    PUT_UINT64_BE( ctx->state[3], output, 24 );
-    PUT_UINT64_BE( ctx->state[4], output, 32 );
-    PUT_UINT64_BE( ctx->state[5], output, 40 );
-
-    if( ctx->is384 == 0 )
-    {
-        PUT_UINT64_BE( ctx->state[6], output, 48 );
-        PUT_UINT64_BE( ctx->state[7], output, 56 );
-    }
-
-out:
-    if (ctx->mode == ESP_MBEDTLS_SHA512_HARDWARE) {
-        esp_sha_unlock_engine(sha_type(ctx));
-        ctx->mode = ESP_MBEDTLS_SHA512_SOFTWARE;
-    }
-
-    return ret;
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
-                            unsigned char output[64] )
-{
-    mbedtls_sha512_finish_ret( ctx, output );
-}
-#endif
-
-#endif /* MBEDTLS_SHA512_C && MBEDTLS_SHA512_ALT */
diff --git a/components/mbedtls/port/include/aes_alt.h b/components/mbedtls/port/include/aes_alt.h
deleted file mode 100644
index 993d0689..00000000
--- a/components/mbedtls/port/include/aes_alt.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/**
- * \file aes_alt.h
- *
- * \brief AES block cipher
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-#ifndef AES_ALT_H
-#define AES_ALT_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_AES_ALT)
-#include "esp32/aes.h"
-
-typedef esp_aes_context mbedtls_aes_context;
-
-#define mbedtls_aes_init            esp_aes_init
-#define mbedtls_aes_free            esp_aes_free
-#define mbedtls_aes_setkey_enc      esp_aes_setkey
-#define mbedtls_aes_setkey_dec      esp_aes_setkey
-#define mbedtls_aes_crypt_ecb       esp_aes_crypt_ecb
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define mbedtls_aes_crypt_cbc       esp_aes_crypt_cbc
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-#define mbedtls_aes_crypt_cfb128    esp_aes_crypt_cfb128
-#define mbedtls_aes_crypt_cfb8      esp_aes_crypt_cfb8
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-#define mbedtls_aes_crypt_ctr       esp_aes_crypt_ctr
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-#define mbedtls_aes_crypt_ofb       esp_aes_crypt_ofb
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-typedef esp_aes_xts_context mbedtls_aes_xts_context;
-#define mbedtls_aes_xts_init            esp_aes_xts_init
-#define mbedtls_aes_xts_free            esp_aes_xts_free
-#define mbedtls_aes_xts_setkey_enc      esp_aes_xts_setkey_enc
-#define mbedtls_aes_xts_setkey_dec      esp_aes_xts_setkey_dec
-#define mbedtls_aes_crypt_xts       esp_aes_crypt_xts
-#endif
-#define mbedtls_internal_aes_encrypt         esp_internal_aes_encrypt
-#define mbedtls_internal_aes_decrypt         esp_internal_aes_decrypt
-#endif /* MBEDTLS_AES_ALT */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/components/mbedtls/port/include/esp32/aes.h b/components/mbedtls/port/include/esp32/aes.h
deleted file mode 100644
index 10719301..00000000
--- a/components/mbedtls/port/include/esp32/aes.h
+++ /dev/null
@@ -1,359 +0,0 @@
-/**
- * \brief AES block cipher, ESP32 hardware accelerated version
- * Based on mbedTLS FIPS-197 compliant version.
- *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-
-#ifndef ESP_AES_H
-#define ESP_AES_H
-
-#include "esp_types.h"
-#include "esp32/rom/aes.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* padlock.c and aesni.c rely on these values! */
-#define ESP_AES_ENCRYPT     1
-#define ESP_AES_DECRYPT     0
-
-#define ERR_ESP_AES_INVALID_KEY_LENGTH                -0x0020  /**< Invalid key length. */
-#define ERR_ESP_AES_INVALID_INPUT_LENGTH              -0x0022  /**< Invalid data input length. */
-
-/**
- * \brief          AES context structure
- *
- */
-typedef struct {
-    uint8_t key_bytes;
-    volatile uint8_t key_in_hardware; /* This variable is used for fault injection checks, so marked volatile to avoid optimisation */
-    uint8_t key[32];
-} esp_aes_context;
-
-/**
- * \brief The AES XTS context-type definition.
- */
-typedef struct
-{
-    esp_aes_context crypt; /*!< The AES context to use for AES block
-                                        encryption or decryption. */
-    esp_aes_context tweak; /*!< The AES context used for tweak
-                                        computation. */
-} esp_aes_xts_context;
-
-
-/**
- * \brief Lock access to AES hardware unit
- *
- * AES hardware unit can only be used by one
- * consumer at a time.
- *
- * esp_aes_xxx API calls automatically manage locking & unlocking of
- * hardware, this function is only needed if you want to call
- * ets_aes_xxx functions directly.
- */
-void esp_aes_acquire_hardware( void );
-
-/**
- * \brief Unlock access to AES hardware unit
- *
- * esp_aes_xxx API calls automatically manage locking & unlocking of
- * hardware, this function is only needed if you want to call
- * ets_aes_xxx functions directly.
- */
-void esp_aes_release_hardware( void );
-
-/**
- * \brief          Initialize AES context
- *
- * \param ctx      AES context to be initialized
- */
-void esp_aes_init( esp_aes_context *ctx );
-
-/**
- * \brief          Clear AES context
- *
- * \param ctx      AES context to be cleared
- */
-void esp_aes_free( esp_aes_context *ctx );
-
-/**
- * \brief          This function initializes the specified AES XTS context.
- *
- *                 It must be the first API called before using
- *                 the context.
- *
- * \param ctx      The AES XTS context to initialize.
- */
-void esp_aes_xts_init( esp_aes_xts_context *ctx );
-
-/**
- * \brief          This function releases and clears the specified AES XTS context.
- *
- * \param ctx      The AES XTS context to clear.
- */
-void esp_aes_xts_free( esp_aes_xts_context *ctx );
-
-/**
- * \brief          AES set key schedule (encryption or decryption)
- *
- * \param ctx      AES context to be initialized
- * \param key      encryption key
- * \param keybits  must be 128, 192 or 256
- *
- * \return         0 if successful, or ERR_AES_INVALID_KEY_LENGTH
- */
-int esp_aes_setkey( esp_aes_context *ctx, const unsigned char *key, unsigned int keybits );
-
-/**
- * \brief          AES-ECB block encryption/decryption
- *
- * \param ctx      AES context
- * \param mode     AES_ENCRYPT or AES_DECRYPT
- * \param input    16-byte input block
- * \param output   16-byte output block
- *
- * \return         0 if successful
- */
-int esp_aes_crypt_ecb( esp_aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16] );
-
-/**
- * \brief          AES-CBC buffer encryption/decryption
- *                 Length should be a multiple of the block
- *                 size (16 bytes)
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      AES context
- * \param mode     AES_ENCRYPT or AES_DECRYPT
- * \param length   length of the input data
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
- *
- * \return         0 if successful, or ERR_AES_INVALID_INPUT_LENGTH
- */
-int esp_aes_crypt_cbc( esp_aes_context *ctx,
-                       int mode,
-                       size_t length,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-
-
-/**
- * \brief          AES-CFB128 buffer encryption/decryption.
- *
- * Note: Due to the nature of CFB you should use the same key schedule for
- * both encryption and decryption. So a context initialized with
- * esp_aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      AES context
- * \param mode     AES_ENCRYPT or AES_DECRYPT
- * \param length   length of the input data
- * \param iv_off   offset in IV (updated after use)
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
- *
- * \return         0 if successful
- */
-int esp_aes_crypt_cfb128( esp_aes_context *ctx,
-                          int mode,
-                          size_t length,
-                          size_t *iv_off,
-                          unsigned char iv[16],
-                          const unsigned char *input,
-                          unsigned char *output );
-
-/**
- * \brief          AES-CFB8 buffer encryption/decryption.
- *
- * Note: Due to the nature of CFB you should use the same key schedule for
- * both encryption and decryption. So a context initialized with
- * esp_aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      AES context
- * \param mode     AES_ENCRYPT or AES_DECRYPT
- * \param length   length of the input data
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
- *
- * \return         0 if successful
- */
-int esp_aes_crypt_cfb8( esp_aes_context *ctx,
-                        int mode,
-                        size_t length,
-                        unsigned char iv[16],
-                        const unsigned char *input,
-                        unsigned char *output );
-
-/**
- * \brief               AES-CTR buffer encryption/decryption
- *
- * Warning: You have to keep the maximum use of your counter in mind!
- *
- * Note: Due to the nature of CTR you should use the same key schedule for
- * both encryption and decryption. So a context initialized with
- * esp_aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
- *
- * \param ctx           AES context
- * \param length        The length of the data
- * \param nc_off        The offset in the current stream_block (for resuming
- *                      within current cipher stream). The offset pointer to
- *                      should be 0 at the start of a stream.
- * \param nonce_counter The 128-bit nonce and counter.
- * \param stream_block  The saved stream-block for resuming. Is overwritten
- *                      by the function.
- * \param input         The input data stream
- * \param output        The output data stream
- *
- * \return         0 if successful
- */
-int esp_aes_crypt_ctr( esp_aes_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[16],
-                       unsigned char stream_block[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-
-/**
- * \brief          This function prepares an XTS context for encryption and
- *                 sets the encryption key.
- *
- * \param ctx      The AES XTS context to which the key should be bound.
- * \param key      The encryption key. This is comprised of the XTS key1
- *                 concatenated with the XTS key2.
- * \param keybits  The size of \p key passed in bits. Valid options are:
- *                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
- *                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-int esp_aes_xts_setkey_enc( esp_aes_xts_context *ctx,
-                                const unsigned char *key,
-                                unsigned int keybits );
-
-/**
- * \brief       This function performs an AES-OFB (Output Feedback Mode)
- *              encryption or decryption operation.
- *
- * \param ctx      The AES context to use for encryption or decryption.
- *                 It must be initialized and bound to a key.
- * \param length   The length of the input data.
- * \param iv_off   The offset in IV (updated after use).
- *                 It must point to a valid \c size_t.
- * \param iv       The initialization vector (updated after use).
- *                 It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input    The buffer holding the input data.
- *                 It must be readable and of size \p length Bytes.
- * \param output   The buffer holding the output data.
- *                 It must be writeable and of size \p length Bytes.
- *
- * \return         \c 0 on success.
- */
-int esp_aes_crypt_ofb( esp_aes_context *ctx,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-
-/**
- * \brief          This function prepares an XTS context for decryption and
- *                 sets the decryption key.
- *
- * \param ctx      The AES XTS context to which the key should be bound.
- * \param key      The decryption key. This is comprised of the XTS key1
- *                 concatenated with the XTS key2.
- * \param keybits  The size of \p key passed in bits. Valid options are:
- *                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
- *                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-int esp_aes_xts_setkey_dec( esp_aes_xts_context *ctx,
-                                const unsigned char *key,
-                                unsigned int keybits );
-
-
-/**
- * \brief           Internal AES block encryption function
- *                  (Only exposed to allow overriding it,
- *                  see AES_ENCRYPT_ALT)
- *
- * \param ctx       AES context
- * \param input     Plaintext block
- * \param output    Output (ciphertext) block
- */
-int esp_internal_aes_encrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] );
-
-/** Deprecated, see esp_aes_internal_encrypt */
-void esp_aes_encrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) __attribute__((deprecated));
-
-/**
- * \brief           Internal AES block decryption function
- *                  (Only exposed to allow overriding it,
- *                  see AES_DECRYPT_ALT)
- *
- * \param ctx       AES context
- * \param input     Ciphertext block
- * \param output    Output (plaintext) block
- */
-int esp_internal_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] );
-
-/** Deprecated, see esp_aes_internal_decrypt */
-void esp_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) __attribute__((deprecated));
-
-/** AES-XTS buffer encryption/decryption */
-int esp_aes_crypt_xts( esp_aes_xts_context *ctx, int mode, size_t length, const unsigned char data_unit[16], const unsigned char *input, unsigned char *output );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* aes.h */
diff --git a/components/mbedtls/port/include/esp32/sha.h b/components/mbedtls/port/include/esp32/sha.h
deleted file mode 100644
index 2009d198..00000000
--- a/components/mbedtls/port/include/esp32/sha.h
+++ /dev/null
@@ -1,211 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-#ifndef _ESP_SHA_H_
-#define _ESP_SHA_H_
-
-#include "esp32/rom/sha.h"
-#include "esp_types.h"
-
-/** @brief Low-level support functions for the hardware SHA engine
- *
- * @note If you're looking for a SHA API to use, try mbedtls component
- * mbedtls/shaXX.h. That API supports hardware acceleration.
- *
- * The API in this header provides some building blocks for implementing a
- * full SHA API such as the one in mbedtls, and also a basic SHA function esp_sha().
- *
- * Some technical details about the hardware SHA engine:
- *
- * - SHA accelerator engine calculates one digest at a time, per SHA
- *   algorithm type. It initialises and maintains the digest state
- *   internally. It is possible to read out an in-progress SHA digest
- *   state, but it is not possible to restore a SHA digest state
- *   into the engine.
- *
- * - The memory block SHA_TEXT_BASE is shared between all SHA digest
- *   engines, so all engines must be idle before this memory block is
- *   modified.
- *
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Defined in esp32/rom/sha.h */
-typedef enum SHA_TYPE esp_sha_type;
-
-/** @brief Calculate SHA1 or SHA2 sum of some data, using hardware SHA engine
- *
- * @note For more versatile SHA calculations, where data doesn't need
- * to be passed all at once, try the mbedTLS mbedtls/shaX.h APIs. The
- * hardware-accelerated mbedTLS implementation is also faster when
- * hashing large amounts of data.
- *
- * @note It is not necessary to lock any SHA hardware before calling
- * this function, thread safety is managed internally.
- *
- * @note If a TLS connection is open then this function may block
- * indefinitely waiting for a SHA engine to become available. Use the
- * mbedTLS SHA API to avoid this problem.
- *
- * @param sha_type SHA algorithm to use.
- *
- * @param input Input data buffer.
- *
- * @param ilen Length of input data in bytes.
- *
- * @param output Buffer for output SHA digest. Output is 20 bytes for
- * sha_type SHA1, 32 bytes for sha_type SHA2_256, 48 bytes for
- * sha_type SHA2_384, 64 bytes for sha_type SHA2_512.
- */
-void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output);
-
-/* @brief Begin to execute a single SHA block operation
- *
- * @note This is a piece of a SHA algorithm, rather than an entire SHA
- * algorithm.
- *
- * @note Call esp_sha_try_lock_engine() before calling this
- * function. Do not call esp_sha_lock_memory_block() beforehand, this
- * is done inside the function.
- *
- * @param sha_type SHA algorithm to use.
- *
- * @param data_block Pointer to block of data. Block size is
- * determined by algorithm (SHA1/SHA2_256 = 64 bytes,
- * SHA2_384/SHA2_512 = 128 bytes)
- *
- * @param is_first_block If this parameter is true, the SHA state will
- * be initialised (with the initial state of the given SHA algorithm)
- * before the block is calculated. If false, the existing state of the
- * SHA engine will be used.
- *
- * @return As a performance optimisation, this function returns before
- * the SHA block operation is complete. Both this function and
- * esp_sha_read_state() will automatically wait for any previous
- * operation to complete before they begin. If using the SHA registers
- * directly in another way, call esp_sha_wait_idle() after calling this
- * function but before accessing the SHA registers.
- */
-void esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block);
-
-/** @brief Read out the current state of the SHA digest loaded in the engine.
- *
- * @note This is a piece of a SHA algorithm, rather than an entire SHA algorithm.
- *
- * @note Call esp_sha_try_lock_engine() before calling this
- * function. Do not call esp_sha_lock_memory_block() beforehand, this
- * is done inside the function.
- *
- * If the SHA suffix padding block has been executed already, the
- * value that is read is the SHA digest (in big endian
- * format). Otherwise, the value that is read is an interim SHA state.
- *
- * @note If sha_type is SHA2_384, only 48 bytes of state will be read.
- * This is enough for the final SHA2_384 digest, but if you want the
- * interim SHA-384 state (to continue digesting) then pass SHA2_512 instead.
- *
- * @param sha_type SHA algorithm in use.
- *
- * @param state Pointer to a memory buffer to hold the SHA state. Size
- * is 20 bytes (SHA1), 32 bytes (SHA2_256), 48 bytes (SHA2_384) or 64 bytes (SHA2_512).
- *
- */
-void esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state);
-
-/**
- * @brief Obtain exclusive access to a particular SHA engine
- *
- * @param sha_type Type of SHA engine to use.
- *
- * Blocks until engine is available. Note: Can block indefinitely
- * while a TLS connection is open, suggest using
- * esp_sha_try_lock_engine() and failing over to software SHA.
- */
-void esp_sha_lock_engine(esp_sha_type sha_type);
-
-/**
- * @brief Try and obtain exclusive access to a particular SHA engine
- *
- * @param sha_type Type of SHA engine to use.
- *
- * @return Returns true if the SHA engine is locked for exclusive
- * use. Call esp_sha_unlock_sha_engine() when done.  Returns false if
- * the SHA engine is already in use, caller should use software SHA
- * algorithm for this digest.
- */
-bool esp_sha_try_lock_engine(esp_sha_type sha_type);
-
-/**
- * @brief Unlock an engine previously locked with esp_sha_lock_engine() or esp_sha_try_lock_engine()
- *
- * @param sha_type Type of engine to release.
- */
-void esp_sha_unlock_engine(esp_sha_type sha_type);
-
-/**
- * @brief Acquire exclusive access to the SHA shared memory block at SHA_TEXT_BASE
- *
- * This memory block is shared across all the SHA algorithm types.
- *
- * Caller should have already locked a SHA engine before calling this function.
- *
- * Note that it is possible to obtain exclusive access to the memory block even
- * while it is in use by the SHA engine. Caller should use esp_sha_wait_idle()
- * to ensure the SHA engine is not reading from the memory block in hardware.
- *
- * @note This function enters a critical section. Do not block while holding this lock.
- *
- * @note You do not need to lock the memory block before calling esp_sha_block() or esp_sha_read_digest_state(), these functions handle memory block locking internally.
- *
- * Call esp_sha_unlock_memory_block() when done.
- */
-void esp_sha_lock_memory_block(void);
-
-/**
- * @brief Release exclusive access to the SHA register memory block at SHA_TEXT_BASE
- *
- * Caller should have already locked a SHA engine before calling this function.
- *
- * This function releases the critical section entered by esp_sha_lock_memory_block().
- *
- * Call following esp_sha_lock_memory_block().
- */
-void esp_sha_unlock_memory_block(void);
-
-/** @brief Wait for the SHA engine to finish any current operation
- *
- * @note This function does not ensure exclusive access to any SHA
- * engine. Caller should use esp_sha_try_lock_engine() and
- * esp_sha_lock_memory_block() as required.
- *
- * @note Functions declared in this header file wait for SHA engine
- * completion automatically, so you don't need to use this API for
- * these. However if accessing SHA registers directly, you will need
- * to call this before accessing SHA registers if using the
- * esp_sha_block() function.
- *
- * @note This function busy-waits, so wastes CPU resources.
- * Best to delay calling until you are about to need it.
- *
- */
-void esp_sha_wait_idle(void);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/components/mbedtls/port/include/mbedtls/bignum.h b/components/mbedtls/port/include/mbedtls/bignum.h
deleted file mode 100644
index 23cd5634..00000000
--- a/components/mbedtls/port/include/mbedtls/bignum.h
+++ /dev/null
@@ -1,78 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-#ifndef __ESP_MBEDTLS_BIGNUM_H__
-#define __ESP_MBEDTLS_BIGNUM_H__
-
-#include_next "mbedtls/bignum.h"
-
-/**
- * This is a wrapper for the main mbedtls/bignum.h. This wrapper
- * provides a few additional ESP32-only functions.
- *
- * This is because we don't set MBEDTLS_BIGNUM_ALT in the same way we
- * do for AES, SHA, etc. Because we still use most of the bignum.h
- * implementation and just replace a few hardware accelerated
- * functions (see MBEDTLS_MPI_EXP_MOD_ALT & MBEDTLS_MPI_MUL_MPI_ALT in
- * esp_config.h).
- *
- * @note Unlike the other hardware accelerator support functions in esp32/hwcrypto, there is no
- * generic "hwcrypto/bignum.h" header for using these functions without mbedTLS. The reason for this
- * is that all of the function implementations depend strongly upon the mbedTLS MPI implementation.
- */
-
-/**
- * @brief Lock access to RSA Accelerator (MPI/bignum operations)
- *
- * RSA Accelerator hardware unit can only be used by one
- * consumer at a time.
- *
- * @note This function is non-recursive (do not call it twice from the
- * same task.)
- *
- * @note You do not need to call this if you are using the mbedTLS bignum.h
- * API or esp_mpi_xxx functions. This function is only needed if you
- * want to call ROM RSA functions or access the registers directly.
- *
- */
-void esp_mpi_acquire_hardware(void);
-
-/**
- * @brief Unlock access to RSA Accelerator (MPI/bignum operations)
- *
- * Has to be called once for each call to esp_mpi_acquire_hardware().
- *
- * @note You do not need to call this if you are using the mbedTLS bignum.h
- * API or esp_mpi_xxx functions. This function is only needed if you
- * want to call ROM RSA functions or access the registers directly.
- */
-void esp_mpi_release_hardware(void);
-
-/* @brief MPI modular mupltiplication function
- *
- * Calculates Z = (X * Y) mod M using MPI hardware acceleration.
- *
- * This is not part of the standard mbedTLS bignum API.
- *
- * @note All of X, Y & Z should be less than 4096 bit long or an error is returned.
- *
- * @param Z Result bignum, should be pre-initialised with mbedtls_mpi_init().
- * @param X First multiplication argument.
- * @param Y Second multiplication argument.
- * @param M Modulus value for result.
- *
- * @return 0 on success, mbedTLS MPI error codes on failure.
- */
-int esp_mpi_mul_mpi_mod(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M);
-
-#endif
diff --git a/components/mdns/CMakeLists.txt b/components/mdns/CMakeLists.txt
index 99bb43a0..7e61b6e8 100644
--- a/components/mdns/CMakeLists.txt
+++ b/components/mdns/CMakeLists.txt
@@ -6,7 +6,7 @@ set(COMPONENT_PRIV_INCLUDEDIRS "private_include")
 endif()
 
 set(COMPONENT_ADD_INCLUDEDIRS "include")
-set(COMPONENT_REQUIRES "lwip" "ssl" "tcpip_adapter")
+set(COMPONENT_REQUIRES "lwip" "mbedtls" "tcpip_adapter")
 
 if(CONFIG_ENABLE_MDNS_CONSOLE)
 set(COMPONENT_SRCS "${COMPONENT_SRCS}"
diff --git a/components/mqtt/CMakeLists.txt b/components/mqtt/CMakeLists.txt
index 02c40550..d3b86454 100644
--- a/components/mqtt/CMakeLists.txt
+++ b/components/mqtt/CMakeLists.txt
@@ -21,7 +21,7 @@ set(COMPONENT_SRCS "esp-mqtt/mqtt_client.c"
 
 endif()
 
-set(COMPONENT_REQUIRES lwip http_parser ssl tcp_transport freertos lwip ssl)
+set(COMPONENT_REQUIRES lwip http_parser tcp_transport freertos lwip mbedtls openssl)
 
 register_component()
 
diff --git a/components/mqtt/ibm-mqtt/MQTTClient-C/src/FreeRTOS/MQTTFreeRTOS.c b/components/mqtt/ibm-mqtt/MQTTClient-C/src/FreeRTOS/MQTTFreeRTOS.c
index 059b5a26..c36ee950 100644
--- a/components/mqtt/ibm-mqtt/MQTTClient-C/src/FreeRTOS/MQTTFreeRTOS.c
+++ b/components/mqtt/ibm-mqtt/MQTTClient-C/src/FreeRTOS/MQTTFreeRTOS.c
@@ -382,14 +382,6 @@ int NetworkConnectSSL(Network *n, char *addr, int port, ssl_ca_crt_key_t *ssl_cc
         goto exit;
     }
 
-    if (ssl_cck->cacrt) {
-        retVal = SSL_CTX_load_verify_buffer(n->ctx, ssl_cck->cacrt, ssl_cck->cacrt_len);
-
-        if (retVal != 1) {
-            goto exit1;
-        }
-    }
-
     if (ssl_cck->cert && ssl_cck->key) {
         retVal = SSL_CTX_use_certificate_ASN1(n->ctx, ssl_cck->cert_len, ssl_cck->cert);
 
diff --git a/components/protocomm/CMakeLists.txt b/components/protocomm/CMakeLists.txt
index b2261de9..fb7f4dad 100644
--- a/components/protocomm/CMakeLists.txt
+++ b/components/protocomm/CMakeLists.txt
@@ -13,6 +13,6 @@ set(COMPONENT_SRCS  "src/common/protocomm.c"
                     "src/transports/protocomm_httpd.c")
 endif()
 
-set(COMPONENT_PRIV_REQUIRES protobuf-c ssl esp_http_server http_parser)
+set(COMPONENT_PRIV_REQUIRES protobuf-c mbedtls esp_http_server http_parser)
 
 register_component()
diff --git a/components/wpa_supplicant/CMakeLists.txt b/components/wpa_supplicant/CMakeLists.txt
index 593cf204..3329f6a8 100644
--- a/components/wpa_supplicant/CMakeLists.txt
+++ b/components/wpa_supplicant/CMakeLists.txt
@@ -1,7 +1,7 @@
 
 set(COMPONENT_SRCDIRS "src/crypto" "src/fast_crypto" "src/wps" "port" "src")
 set(COMPONENT_ADD_INCLUDEDIRS "include" "port/include")
-set(COMPONENT_PRIV_REQUIRES "ssl" "freertos" "heap" "newlib" "util")
+set(COMPONENT_PRIV_REQUIRES "mbedtls" "freertos" "heap" "newlib" "util")
 
 
 register_component()
diff --git a/examples/protocols/openssl_client/main/openssl_client_example_main.c b/examples/protocols/openssl_client/main/openssl_client_example_main.c
index ec798df8..b9458a5c 100644
--- a/examples/protocols/openssl_client/main/openssl_client_example_main.c
+++ b/examples/protocols/openssl_client/main/openssl_client_example_main.c
@@ -196,16 +196,6 @@ static void openssl_client_task(void* p)
 
     printf("OK\n");
 
-    printf("load ca crt ......");
-    ret = SSL_CTX_load_verify_buffer(ctx, ca_pem_start, ca_pem_end - ca_pem_start);
-
-    if (ret) {
-        printf("OK\n");
-    } else {
-        printf("failed\n");
-        goto failed2;
-    }
-
     printf("load client crt ......");
     ret = SSL_CTX_use_certificate_ASN1(ctx, client_pem_end - client_pem_start, client_pem_start);
 
diff --git a/examples/protocols/openssl_server/main/openssl_server_example_main.c b/examples/protocols/openssl_server/main/openssl_server_example_main.c
index 4eef63c3..f26edce6 100644
--- a/examples/protocols/openssl_server/main/openssl_server_example_main.c
+++ b/examples/protocols/openssl_server/main/openssl_server_example_main.c
@@ -194,16 +194,6 @@ static void openssl_server_task(void* p)
 
     printf("OK\n");
 
-    printf("load ca crt ......");
-    ret = SSL_CTX_load_verify_buffer(ctx, ca_pem_start, ca_pem_end - ca_pem_start);
-
-    if (ret) {
-        printf("OK\n");
-    } else {
-        printf("failed\n");
-        goto failed2;
-    }
-
     printf("load server crt ......");
     ret = SSL_CTX_use_certificate_ASN1(ctx, server_pem_end - server_pem_start, server_pem_start);
 
diff --git a/tools/cmake/build.cmake b/tools/cmake/build.cmake
index be672835..2ff4b335 100644
--- a/tools/cmake/build.cmake
+++ b/tools/cmake/build.cmake
@@ -154,7 +154,7 @@ function(__build_init idf_path)
     endforeach()
 
     # Set components required by all other components in the build
-    set(requires_common newlib freertos heap log)
+    set(requires_common newlib freertos heap log lwip util)
     idf_build_set_property(__COMPONENT_REQUIRES_COMMON "${requires_common}")
 
     __build_get_idf_git_revision()

From 1f8192d9f941efbf0669f9436326d0a3127d850c Mon Sep 17 00:00:00 2001
From: dongheng <Dong Heng>
Date: Thu, 10 Oct 2019 13:53:24 +0800
Subject: [PATCH 3/3] feat(exmaples): remove wolfSSL example

The wolfSSL example will be supplied independently.
---
 components/esp-tls/component.mk               |   9 -
 components/esp_http_client/component.mk       |  11 -
 components/esp_https_ota/component.mk         |   8 -
 components/mbedtls/Makefile.projbuild         |   2 +-
 components/tcp_transport/component.mk         |  10 -
 components/wifi_provisioning/Kconfig          |   1 -
 components/wpa_supplicant/Kconfig             |   1 -
 .../main/subscribe_publish_sample.c           |  42 ---
 .../subscribe_publish/sdkconfig.defaults      |   1 -
 .../thing_shadow/main/thing_shadow_sample.c   |  44 ---
 .../aws_iot/thing_shadow/sdkconfig.defaults   |   1 -
 .../main/esp_http_client_example.c            |  43 ---
 .../esp_http_client/sdkconfig.defaults        |   1 -
 .../https_mbedtls/sdkconfig.defaults          |   2 -
 .../main/https_request_example_main.c         |  43 ---
 .../https_request/sdkconfig.defaults          |   1 -
 .../protocols/https_wolfssl/CMakeLists.txt    |   6 -
 examples/protocols/https_wolfssl/Makefile     |   9 -
 examples/protocols/https_wolfssl/README.md    |  37 ---
 .../https_wolfssl/main/CMakeLists.txt         |  10 -
 .../https_wolfssl/main/Kconfig.projbuild      |  23 --
 .../protocols/https_wolfssl/main/component.mk |   5 -
 .../main/https_wolfssl_example_main.c         | 300 ------------------
 .../https_wolfssl/main/server_root_cert.pem   |  27 --
 .../https_wolfssl/sdkconfig.defaults          |   5 -
 .../main/openssl_client_example_main.c        |  42 ---
 .../main/openssl_server_example_main.c        |  43 ---
 .../main/simple_ota_example.c                 |  43 ---
 .../ota/simple_ota_example/sdkconfig.defaults |   1 -
 29 files changed, 1 insertion(+), 770 deletions(-)
 delete mode 100644 examples/protocols/https_mbedtls/sdkconfig.defaults
 delete mode 100644 examples/protocols/https_wolfssl/CMakeLists.txt
 delete mode 100644 examples/protocols/https_wolfssl/Makefile
 delete mode 100644 examples/protocols/https_wolfssl/README.md
 delete mode 100644 examples/protocols/https_wolfssl/main/CMakeLists.txt
 delete mode 100644 examples/protocols/https_wolfssl/main/Kconfig.projbuild
 delete mode 100644 examples/protocols/https_wolfssl/main/component.mk
 delete mode 100644 examples/protocols/https_wolfssl/main/https_wolfssl_example_main.c
 delete mode 100644 examples/protocols/https_wolfssl/main/server_root_cert.pem
 delete mode 100644 examples/protocols/https_wolfssl/sdkconfig.defaults

diff --git a/components/esp-tls/component.mk b/components/esp-tls/component.mk
index 52aa5d7e..7267d5f3 100644
--- a/components/esp-tls/component.mk
+++ b/components/esp-tls/component.mk
@@ -1,12 +1,3 @@
-COMPONENT_SRCDIRS :=
-COMPONENT_ADD_INCLUDEDIRS :=
-
-ifdef CONFIG_SSL_USING_MBEDTLS 
 COMPONENT_SRCDIRS := .
-COMPONENT_ADD_INCLUDEDIRS := .
-endif
 
-ifdef CONFIG_SSL_USING_WOLFSSL 
-COMPONENT_SRCDIRS := .
 COMPONENT_ADD_INCLUDEDIRS := .
-endif
\ No newline at end of file
diff --git a/components/esp_http_client/component.mk b/components/esp_http_client/component.mk
index 353eac79..0bde2b05 100644
--- a/components/esp_http_client/component.mk
+++ b/components/esp_http_client/component.mk
@@ -2,17 +2,6 @@
 # Component Makefile
 #
 
-COMPONENT_SRCDIRS :=
-COMPONENT_ADD_INCLUDEDIRS :=
-
-ifdef CONFIG_SSL_USING_MBEDTLS 
 COMPONENT_SRCDIRS := . lib
 COMPONENT_ADD_INCLUDEDIRS := include
 COMPONENT_PRIV_INCLUDEDIRS := lib/include
-endif
-
-ifdef CONFIG_SSL_USING_WOLFSSL
-COMPONENT_SRCDIRS := . lib
-COMPONENT_ADD_INCLUDEDIRS := include
-COMPONENT_PRIV_INCLUDEDIRS := lib/include
-endif
\ No newline at end of file
diff --git a/components/esp_https_ota/component.mk b/components/esp_https_ota/component.mk
index 6aba23f2..84730f8a 100644
--- a/components/esp_https_ota/component.mk
+++ b/components/esp_https_ota/component.mk
@@ -1,12 +1,4 @@
-COMPONENT_SRCDIRS :=
-COMPONENT_ADD_INCLUDEDIRS :=
 
-ifdef CONFIG_SSL_USING_MBEDTLS 
 COMPONENT_SRCDIRS := src
-COMPONENT_ADD_INCLUDEDIRS := include
-endif
 
-ifdef CONFIG_SSL_USING_WOLFSSL
-COMPONENT_SRCDIRS := src
 COMPONENT_ADD_INCLUDEDIRS := include
-endif
\ No newline at end of file
diff --git a/components/mbedtls/Makefile.projbuild b/components/mbedtls/Makefile.projbuild
index 9bfba169..9992735e 100644
--- a/components/mbedtls/Makefile.projbuild
+++ b/components/mbedtls/Makefile.projbuild
@@ -1,6 +1,6 @@
 # Anyone compiling mbedTLS code needs the name of the
 # alternative config file
-CPPFLAGS += -DMBEDTLS_CONFIG_FILE='"mbedtls/esp_config.h"'
+CPPFLAGS += -DMBEDTLS_CONFIG_FILE='"mbedtls/esp_config.h"' -DCONFIG_SSL_USING_MBEDTLS
 
 # Catch usage of deprecated mbedTLS functions when building tests
 ifneq ("$(filter mbedtls,$(TEST_COMPONENTS_LIST))","")
diff --git a/components/tcp_transport/component.mk b/components/tcp_transport/component.mk
index 9d6ae29f..d492b815 100644
--- a/components/tcp_transport/component.mk
+++ b/components/tcp_transport/component.mk
@@ -3,15 +3,5 @@
 #
 # (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
 
-COMPONENT_SRCDIRS :=
-COMPONENT_ADD_INCLUDEDIRS :=
-
-ifdef CONFIG_SSL_USING_MBEDTLS 
 COMPONENT_SRCDIRS := .
 COMPONENT_ADD_INCLUDEDIRS := include
-endif
-
-ifdef CONFIG_SSL_USING_WOLFSSL 
-COMPONENT_SRCDIRS := .
-COMPONENT_ADD_INCLUDEDIRS := include
-endif
\ No newline at end of file
diff --git a/components/wifi_provisioning/Kconfig b/components/wifi_provisioning/Kconfig
index 2b641b11..13a58aa1 100644
--- a/components/wifi_provisioning/Kconfig
+++ b/components/wifi_provisioning/Kconfig
@@ -3,7 +3,6 @@ menu "Unified Provisioning"
 config ENABLE_UNIFIED_PROVISIONING
     bool "Enable Unified Provisioning"
     default n
-    select SSL_USING_MBEDTLS
     select MBEDTLS_CIPHER_MODE_CTR
     select MBEDTLS_ECP_C
     help
diff --git a/components/wpa_supplicant/Kconfig b/components/wpa_supplicant/Kconfig
index f32876f4..d3b29afb 100644
--- a/components/wpa_supplicant/Kconfig
+++ b/components/wpa_supplicant/Kconfig
@@ -3,7 +3,6 @@ menu "wpa_supplicant"
 config LTM_FAST
     bool "Use faster div, esptmod, sqr, montgomery multiplication algorithm"
     default y
-    depends on !SSL_USING_WOLFSSL
     help
         Enable the option can enable faster div, faster exptmod, faster sqr, fast
         montgomery multiplication algorithm. Enable this option will cost about 
diff --git a/examples/protocols/aws_iot/subscribe_publish/main/subscribe_publish_sample.c b/examples/protocols/aws_iot/subscribe_publish/main/subscribe_publish_sample.c
index 15eaf8ff..5beaf086 100644
--- a/examples/protocols/aws_iot/subscribe_publish/main/subscribe_publish_sample.c
+++ b/examples/protocols/aws_iot/subscribe_publish/main/subscribe_publish_sample.c
@@ -46,10 +46,6 @@
 #include "nvs.h"
 #include "nvs_flash.h"
 
-#ifdef CONFIG_SSL_USING_WOLFSSL
-#include "lwip/apps/sntp.h"
-#endif
-
 #include "aws_iot_config.h"
 #include "aws_iot_log.h"
 #include "aws_iot_version.h"
@@ -115,40 +111,6 @@ char HostAddress[255] = AWS_IOT_MQTT_HOST;
  */
 uint32_t port = AWS_IOT_MQTT_PORT;
 
-#ifdef CONFIG_SSL_USING_WOLFSSL
-static void get_time()
-{
-    struct timeval now;
-    int sntp_retry_cnt = 0;
-    int sntp_retry_time = 0;
-
-    sntp_setoperatingmode(0);
-    sntp_setservername(0, "pool.ntp.org");
-    sntp_init();
-
-    while (1) {
-        for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
-            vTaskDelay(100 / portTICK_RATE_MS);
-            gettimeofday(&now, NULL);
-        }
-
-        if (now.tv_sec < 1525952900) {
-            sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
-
-            if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
-                sntp_retry_cnt ++;
-            }
-
-            ESP_LOGE(TAG, "SNTP get time failed, retry after %d ms\n", sntp_retry_time);
-            vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
-        } else {
-            ESP_LOGI(TAG, "SNTP get time success\n");
-            break;
-        }
-    }
-}
-#endif
-
 static esp_err_t event_handler(void *ctx, system_event_t *event)
 {
     /* For accessing reason codes in case of disconnection */
@@ -266,10 +228,6 @@ void aws_iot_task(void *param) {
     xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT,
                         false, true, portMAX_DELAY);
 
-#ifdef CONFIG_SSL_USING_WOLFSSL
-    get_time();
-#endif
-
     connectParams.keepAliveIntervalInSec = 10;
     connectParams.isCleanSession = true;
     connectParams.MQTTVersion = MQTT_3_1_1;
diff --git a/examples/protocols/aws_iot/subscribe_publish/sdkconfig.defaults b/examples/protocols/aws_iot/subscribe_publish/sdkconfig.defaults
index afc8546e..09e2e937 100644
--- a/examples/protocols/aws_iot/subscribe_publish/sdkconfig.defaults
+++ b/examples/protocols/aws_iot/subscribe_publish/sdkconfig.defaults
@@ -1,6 +1,5 @@
 # Enable AWS IoT SDK support
 CONFIG_AWS_IOT_SDK=y
-CONFIG_SSL_USING_MBEDTLS=y
 CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=8192
 CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=1024
 CONFIG_MBEDTLS_SSL_ALPN=y
diff --git a/examples/protocols/aws_iot/thing_shadow/main/thing_shadow_sample.c b/examples/protocols/aws_iot/thing_shadow/main/thing_shadow_sample.c
index c8001447..47403628 100644
--- a/examples/protocols/aws_iot/thing_shadow/main/thing_shadow_sample.c
+++ b/examples/protocols/aws_iot/thing_shadow/main/thing_shadow_sample.c
@@ -49,9 +49,6 @@
 #include "aws_iot_mqtt_client_interface.h"
 #include "aws_iot_shadow_interface.h"
 
-#if CONFIG_SSL_USING_WOLFSSL
-#include "lwip/apps/sntp.h"
-#endif
 /*!
  * The goal of this sample application is to demonstrate the capabilities of shadow.
  * This device(say Connected Window) will open the window of a room based on temperature
@@ -131,43 +128,6 @@ static const char * ROOT_CA_PATH = CONFIG_EXAMPLE_ROOT_CA_PATH;
 #error "Invalid method for loading certs"
 #endif
 
-#if CONFIG_SSL_USING_WOLFSSL
-static void get_time()
-{
-    struct timeval now;
-    int sntp_retry_cnt = 0;
-    int sntp_retry_time = 0;
-
-    sntp_setoperatingmode(0);
-    sntp_setservername(0, "pool.ntp.org");
-
-    sntp_setservername(1, "ntp1.aliyun.com");
-    sntp_setservername(2, "time.aisa.apple.com");
-    sntp_init();
-
-    while (1) {
-        for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
-            vTaskDelay(100 / portTICK_RATE_MS);
-            gettimeofday(&now, NULL);
-        }
-
-        if (now.tv_sec < 1525952900) {
-            sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
-
-            if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
-                sntp_retry_cnt ++;
-            }
-
-            ESP_LOGI(TAG,"SNTP get time failed, retry after %d ms\n", sntp_retry_time);
-            vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
-        } else {
-            ESP_LOGI(TAG,"SNTP get time success\n");
-            break;
-        }
-    }
-}
-#endif
-
 static esp_err_t event_handler(void *ctx, system_event_t *event)
 {
     /* For accessing reason codes in case of disconnection */
@@ -297,10 +257,6 @@ void aws_iot_task(void *param) {
     xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT,
                         false, true, portMAX_DELAY);
 
-#if CONFIG_SSL_USING_WOLFSSL
-    /* CA date verification need system time */
-    get_time();
-#endif
     ESP_LOGI(TAG, "Shadow Init");
     rc = aws_iot_shadow_init(&mqttClient, &sp);
     if(SUCCESS != rc) {
diff --git a/examples/protocols/aws_iot/thing_shadow/sdkconfig.defaults b/examples/protocols/aws_iot/thing_shadow/sdkconfig.defaults
index 3167a008..d969def9 100644
--- a/examples/protocols/aws_iot/thing_shadow/sdkconfig.defaults
+++ b/examples/protocols/aws_iot/thing_shadow/sdkconfig.defaults
@@ -1,7 +1,6 @@
 # Enable AWS IoT SDK support
 CONFIG_AWS_IOT_SDK=y
 CONFIG_NEWLIB_LIBRARY_LEVEL_NORMAL=y
-CONFIG_SSL_USING_WOLFSSL=y
 
 # Enable FATFS read only with long filename support
 # for loading Cert/CA/etc from filesystem
diff --git a/examples/protocols/esp_http_client/main/esp_http_client_example.c b/examples/protocols/esp_http_client/main/esp_http_client_example.c
index 9805b860..9d564277 100644
--- a/examples/protocols/esp_http_client/main/esp_http_client_example.c
+++ b/examples/protocols/esp_http_client/main/esp_http_client_example.c
@@ -18,10 +18,6 @@
 
 #include "esp_http_client.h"
 
-#if CONFIG_SSL_USING_WOLFSSL
-#include "lwip/apps/sntp.h"
-#endif
-
 #define MAX_HTTP_RECV_BUFFER 512
 static const char *TAG = "HTTP_CLIENT";
 
@@ -71,40 +67,6 @@ esp_err_t _http_event_handler(esp_http_client_event_t *evt)
     return ESP_OK;
 }
 
-#if CONFIG_SSL_USING_WOLFSSL
-static void get_time()
-{
-    struct timeval now;
-    int sntp_retry_cnt = 0;
-    int sntp_retry_time = 0;
-
-    sntp_setoperatingmode(0);
-    sntp_setservername(0, "pool.ntp.org");
-    sntp_init();
-
-    while (1) {
-        for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
-            vTaskDelay(100 / portTICK_RATE_MS);
-            gettimeofday(&now, NULL);
-        }
-
-        if (now.tv_sec < 1525952900) {
-            sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
-
-            if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
-                sntp_retry_cnt ++;
-            }
-
-            ESP_LOGI(TAG,"SNTP get time failed, retry after %d ms\n", sntp_retry_time);
-            vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
-        } else {
-            ESP_LOGI(TAG,"SNTP get time success\n");
-            break;
-        }
-    }
-}
-#endif
-
 static void http_rest()
 {
     esp_http_client_config_t config = {
@@ -413,11 +375,6 @@ static void https_async()
 
 static void http_test_task(void *pvParameters)
 {
-#if CONFIG_SSL_USING_WOLFSSL
-    /* CA date verification need system time */
-    get_time();
-#endif
-
     app_wifi_wait_connected();
     ESP_LOGI(TAG, "Connected to AP, begin http example");
     http_rest();
diff --git a/examples/protocols/esp_http_client/sdkconfig.defaults b/examples/protocols/esp_http_client/sdkconfig.defaults
index 1d5572a9..2b9ef82e 100644
--- a/examples/protocols/esp_http_client/sdkconfig.defaults
+++ b/examples/protocols/esp_http_client/sdkconfig.defaults
@@ -1,4 +1,3 @@
 CONFIG_NEWLIB_LIBRARY_LEVEL_NORMAL=y
-CONFIG_SSL_USING_MBEDTLS=y
 CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=1024
 CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384
diff --git a/examples/protocols/https_mbedtls/sdkconfig.defaults b/examples/protocols/https_mbedtls/sdkconfig.defaults
deleted file mode 100644
index ce622295..00000000
--- a/examples/protocols/https_mbedtls/sdkconfig.defaults
+++ /dev/null
@@ -1,2 +0,0 @@
-CONFIG_SSL_USING_MBEDTLS=y
-
diff --git a/examples/protocols/https_request/main/https_request_example_main.c b/examples/protocols/https_request/main/https_request_example_main.c
index 027ca28e..ae5ee19f 100644
--- a/examples/protocols/https_request/main/https_request_example_main.c
+++ b/examples/protocols/https_request/main/https_request_example_main.c
@@ -38,10 +38,6 @@
 #include "lwip/netdb.h"
 #include "lwip/dns.h"
 
-#if CONFIG_SSL_USING_WOLFSSL
-#include "lwip/apps/sntp.h"
-#endif
-
 #include "esp_tls.h"
 
 /* The examples use simple WiFi configuration that you can set via
@@ -133,50 +129,11 @@ static void initialise_wifi(void)
     ESP_ERROR_CHECK( esp_wifi_start() );
 }
 
-#if CONFIG_SSL_USING_WOLFSSL
-static void get_time()
-{
-    struct timeval now;
-    int sntp_retry_cnt = 0;
-    int sntp_retry_time = 0;
-
-    sntp_setoperatingmode(0);
-    sntp_setservername(0, "pool.ntp.org");
-    sntp_init();
-
-    while (1) {
-        for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
-            vTaskDelay(100 / portTICK_RATE_MS);
-            gettimeofday(&now, NULL);
-        }
-
-        if (now.tv_sec < 1525952900) {
-            sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
-
-            if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
-                sntp_retry_cnt ++;
-            }
-
-            printf("SNTP get time failed, retry after %d ms\n", sntp_retry_time);
-            vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
-        } else {
-            printf("SNTP get time success\n");
-            break;
-        }
-    }
-}
-#endif
-
 static void https_get_task(void *pvParameters)
 {
     char buf[512];
     int ret, len;
 
-#if CONFIG_SSL_USING_WOLFSSL
-    /* CA date verification need system time */
-    get_time();
-#endif
-
     while(1) {
         /* Wait for the callback to set the CONNECTED_BIT in the
            event group.
diff --git a/examples/protocols/https_request/sdkconfig.defaults b/examples/protocols/https_request/sdkconfig.defaults
index 1bf47081..f44c06f4 100644
--- a/examples/protocols/https_request/sdkconfig.defaults
+++ b/examples/protocols/https_request/sdkconfig.defaults
@@ -1,2 +1 @@
-CONFIG_SSL_USING_MBEDTLS=y
 CONFIG_LWIP_IPV6=y
diff --git a/examples/protocols/https_wolfssl/CMakeLists.txt b/examples/protocols/https_wolfssl/CMakeLists.txt
deleted file mode 100644
index c72e8223..00000000
--- a/examples/protocols/https_wolfssl/CMakeLists.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-# The following five lines of boilerplate have to be in your project's
-# CMakeLists in this exact order for cmake to work correctly
-cmake_minimum_required(VERSION 3.5)
-
-include($ENV{IDF_PATH}/tools/cmake/project.cmake)
-project(https_wolfssl)
diff --git a/examples/protocols/https_wolfssl/Makefile b/examples/protocols/https_wolfssl/Makefile
deleted file mode 100644
index 2740c224..00000000
--- a/examples/protocols/https_wolfssl/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-#
-# This is a project Makefile. It is assumed the directory this Makefile resides in is a
-# project subdirectory.
-#
-
-PROJECT_NAME := https-wolfSSL
-
-include $(IDF_PATH)/make/project.mk
-
diff --git a/examples/protocols/https_wolfssl/README.md b/examples/protocols/https_wolfssl/README.md
deleted file mode 100644
index d26a30d0..00000000
--- a/examples/protocols/https_wolfssl/README.md
+++ /dev/null
@@ -1,37 +0,0 @@
-WOLFSSL INTRODUCTION
-
-### WHAT ABOUT WOLFSSL
-
-The WOLFSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments – primarily because of its small size, speed, and feature set.  It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support.  wolfSSL supports industry standards up to the current TLS 1.2 and DTLS 1.2 levels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, Curve25519, NTRU, and Blake2b. User benchmarking and feedback reports dramatically better performance when using wolfSSL over OpenSSL.
-
-### BEFORE YOU GET STARTED
-- Requirements
-    - RTOS SDK
-- Optional
-    - Basic knowledge of server/client communication
-    - Basic knowledge of SSL/TLS
-
-The more you know, the easier it will be to get going. There are a number of links in the Helpful Links section to read up on SSL/TLS.
-
-### QUICK START
-
-- Example
-  - This project demonstrates a https client which connects to "www.howsmyssl.com" by default, you can connect to other https servers by modify WEB_SERVER and WEB_PORT.
-- Compile
-    - Clone ESP8266_RTOS_SDK, e.g., to ~/ESP8266_RTOS_SDK.
-      - $ git clone https://github.com/espressif/ESP8266_RTOS_SDK.git
-    - Add IDF_PATH:
-          - $export IDF_PATH=~/ESP8266_RTOS_SDK
-      - run `make menuconfig`
-          - Modify SSID and PASSWORD under menu "Example Configuration".
-      - run `make`
-- Download:
-    - run `make flash monitor`
-
-### HELPFUL LINKS
-
-In general, these are links which will be useful for using both wolfSSL, as well as networked and secure applications in general. Furthermore, there is a more comprehensive tutorial that can be found in Chapter 11 of the official wolfSSL manual. The examples in the wolfSSL package and Chapter 11 do appropriate error checking, which is worth taking a look at. For a more comprehensive API, check out chapter 17 of the official manual.
-
-- WOLFSSL Manual (https://www.wolfssl.com/docs/wolfssl-manual/)
-- WOLFSSL GitHub
-  (https://github.com/wolfssl/wolfssl)
diff --git a/examples/protocols/https_wolfssl/main/CMakeLists.txt b/examples/protocols/https_wolfssl/main/CMakeLists.txt
deleted file mode 100644
index 33bf4ef2..00000000
--- a/examples/protocols/https_wolfssl/main/CMakeLists.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-set(COMPONENT_SRCS "https_wolfssl_example_main.c")
-set(COMPONENT_ADD_INCLUDEDIRS ".")
-
-
-# Embed the server root certificate into the final binary
-#
-# (If this was a component, we would set COMPONENT_EMBED_TXTFILES here.)
-set(COMPONENT_EMBED_TXTFILES server_root_cert.pem)
-
-register_component()
diff --git a/examples/protocols/https_wolfssl/main/Kconfig.projbuild b/examples/protocols/https_wolfssl/main/Kconfig.projbuild
deleted file mode 100644
index e2102046..00000000
--- a/examples/protocols/https_wolfssl/main/Kconfig.projbuild
+++ /dev/null
@@ -1,23 +0,0 @@
-menu "Example Configuration"
-
-config WIFI_SSID
-    string "WiFi SSID"
-    default "myssid"
-    help
-        SSID (network name) for the example to connect to.
-
-config WIFI_PASSWORD
-    string "WiFi Password"
-    default "mypassword"
-    help
-        WiFi password (WPA or WPA2) for the example to use.
-
-        Can be left blank if the network has no security set.
-
-config CERT_AUTH
-    bool "enable certificate verification"
-    default y
-    help
-       Enable certificate verification.
-
-endmenu
diff --git a/examples/protocols/https_wolfssl/main/component.mk b/examples/protocols/https_wolfssl/main/component.mk
deleted file mode 100644
index 12acf9fa..00000000
--- a/examples/protocols/https_wolfssl/main/component.mk
+++ /dev/null
@@ -1,5 +0,0 @@
-#
-# "main" pseudo-component makefile.
-#
-# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
-COMPONENT_EMBED_TXTFILES := server_root_cert.pem
diff --git a/examples/protocols/https_wolfssl/main/https_wolfssl_example_main.c b/examples/protocols/https_wolfssl/main/https_wolfssl_example_main.c
deleted file mode 100644
index 560e3efb..00000000
--- a/examples/protocols/https_wolfssl/main/https_wolfssl_example_main.c
+++ /dev/null
@@ -1,300 +0,0 @@
-/* wolfSSL example
-
-   This example code is in the Public Domain (or CC0 licensed, at your option.)
-
-   Unless required by applicable law or agreed to in writing, this
-   software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-   CONDITIONS OF ANY KIND, either express or implied.
-*/
-
-#include <stdio.h>
-
-#include "esp_wifi.h"
-#include "esp_event_loop.h"
-#include "esp_log.h"
-
-#include "nvs_flash.h"
-
-#include "freertos/FreeRTOS.h"
-#include "freertos/task.h"
-#include "freertos/event_groups.h"
-
-#include <sys/socket.h>
-#include <netdb.h>
-#include "lwip/apps/sntp.h"
-
-#include "wolfssl/ssl.h"
-
-/* The examples use simple WiFi configuration that you can set via
-   'make menuconfig'.
-
-   If you'd rather not, just change the below entries to strings with
-   the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
-*/
-#define EXAMPLE_WIFI_SSID CONFIG_WIFI_SSID
-#define EXAMPLE_WIFI_PASS CONFIG_WIFI_PASSWORD
-
-/* FreeRTOS event group to signal when we are connected & ready to make a request */
-static EventGroupHandle_t wifi_event_group;
-
-/* The event group allows multiple bits for each event,
-   but we only care about one event - are we connected
-   to the AP with an IP? */
-const int CONNECTED_BIT = BIT0;
-
-#if CONFIG_CERT_AUTH
-extern const uint8_t server_root_cert_pem_start[] asm("_binary_server_root_cert_pem_start");
-extern const uint8_t server_root_cert_pem_end[]   asm("_binary_server_root_cert_pem_end");
-#endif
-
-/* Constants that aren't configurable in menuconfig */
-#define WEB_SERVER "www.howsmyssl.com"
-#define WEB_PORT 443
-#define WEB_URL "https://www.howsmyssl.com/a/check"
-
-#define REQUEST "GET " WEB_URL " HTTP/1.0\r\n" \
-    "Host: "WEB_SERVER"\r\n" \
-    "User-Agent: esp-idf/1.0 espressif\r\n" \
-    "\r\n"
-
-#define WOLFSSL_DEMO_THREAD_NAME        "wolfssl_client"
-#define WOLFSSL_DEMO_THREAD_STACK_WORDS 8192
-#define WOLFSSL_DEMO_THREAD_PRORIOTY    6
-
-#define WOLFSSL_DEMO_SNTP_SERVERS       "pool.ntp.org"
-
-static const char *TAG = "example";
-
-const char send_data[] = REQUEST;
-const int32_t send_bytes = sizeof(send_data);
-char recv_data[1024] = {0};
-
-static esp_err_t event_handler(void *ctx, system_event_t *event)
-{
-    /* For accessing reason codes in case of disconnection */
-    system_event_info_t *info = &event->event_info;
-
-    switch(event->event_id) {
-    case SYSTEM_EVENT_STA_START:
-        esp_wifi_connect();
-        break;
-    case SYSTEM_EVENT_STA_GOT_IP:
-        xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
-        break;
-    case SYSTEM_EVENT_STA_DISCONNECTED:
-        ESP_LOGE(TAG, "Disconnect reason : %d", info->disconnected.reason);
-        if (info->disconnected.reason == WIFI_REASON_BASIC_RATE_NOT_SUPPORT) {
-            /*Switch to 802.11 bgn mode */
-            esp_wifi_set_protocol(ESP_IF_WIFI_STA, WIFI_PROTOCAL_11B | WIFI_PROTOCAL_11G | WIFI_PROTOCAL_11N);
-        }
-        esp_wifi_connect();
-        xEventGroupClearBits(wifi_event_group, CONNECTED_BIT);
-        break;
-    default:
-        break;
-    }
-    return ESP_OK;
-}
-
-static void initialise_wifi(void)
-{
-    tcpip_adapter_init();
-    wifi_event_group = xEventGroupCreate();
-    ESP_ERROR_CHECK( esp_event_loop_init(event_handler, NULL) );
-    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
-    ESP_ERROR_CHECK( esp_wifi_init(&cfg) );
-    ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) );
-    wifi_config_t wifi_config = {
-        .sta = {
-            .ssid = EXAMPLE_WIFI_SSID,
-            .password = EXAMPLE_WIFI_PASS,
-        },
-    };
-    ESP_LOGI(TAG, "Setting WiFi configuration SSID %s...", wifi_config.sta.ssid);
-    ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) );
-    ESP_ERROR_CHECK( esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) );
-    ESP_ERROR_CHECK( esp_wifi_start() );
-}
-
-static void get_time()
-{
-    struct timeval now;
-    int sntp_retry_cnt = 0;
-    int sntp_retry_time = 0;
-
-    sntp_setoperatingmode(0);
-    sntp_setservername(0, WOLFSSL_DEMO_SNTP_SERVERS);
-    sntp_init();
-
-    while (1) {
-        for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
-            vTaskDelay(100 / portTICK_RATE_MS);
-            gettimeofday(&now, NULL);
-        }
-
-        if (now.tv_sec < 1525952900) {
-            sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
-
-            if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
-                sntp_retry_cnt ++;
-            }
-
-            printf("SNTP get time failed, retry after %d ms\n", sntp_retry_time);
-            vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
-        } else {
-            printf("SNTP get time success\n");
-            break;
-        }
-    }
-}
-
-static void wolfssl_client(void* pv)
-{
-    int32_t ret = 0;
-
-    const portTickType xDelay = 500 / portTICK_RATE_MS;
-    WOLFSSL_CTX* ctx = NULL;
-    WOLFSSL* ssl = NULL;
-
-    int32_t socket = -1;
-    struct sockaddr_in sock_addr;
-    struct hostent* entry = NULL;
-
-    /* CA date verification need system time */
-    get_time();
-
-    while (1) {
-
-        printf("Setting hostname for TLS session...\n");
-
-        /*get addr info for hostname*/
-        do {
-            entry = gethostbyname(WEB_SERVER);
-            vTaskDelay(xDelay);
-        } while (entry == NULL);
-
-        printf("Init wolfSSL...\n");
-        ret = wolfSSL_Init();
-
-        if (ret != WOLFSSL_SUCCESS) {
-            printf("Init wolfSSL failed:%d...\n", ret);
-            goto failed1;
-        }
-
-        printf("Set wolfSSL ctx ...\n");
-        ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
-
-        if (!ctx) {
-            printf("Set wolfSSL ctx failed...\n");
-            goto failed1;
-        }
-
-        printf("Creat socket ...\n");
-        socket = socket(AF_INET, SOCK_STREAM, 0);
-
-        if (socket < 0) {
-            printf("Creat socket failed...\n");
-            goto failed2;
-        }
-
-#if CONFIG_CERT_AUTH
-        printf("Loading the CA root certificate...\n");
-        ret = wolfSSL_CTX_load_verify_buffer(ctx, server_root_cert_pem_start, server_root_cert_pem_end - server_root_cert_pem_start, WOLFSSL_FILETYPE_PEM);
-
-        if (WOLFSSL_SUCCESS != ret) {
-            printf("Loading the CA root certificate failed...\n");
-            goto failed3;
-        }
-
-        wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
-#else
-        wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
-#endif
-
-        memset(&sock_addr, 0, sizeof(sock_addr));
-        sock_addr.sin_family = AF_INET;
-        sock_addr.sin_port = htons(WEB_PORT);
-        sock_addr.sin_addr.s_addr = ((struct in_addr*)(entry->h_addr))->s_addr;
-
-        printf("Connecting to %s:%d...\n", WEB_SERVER, WEB_PORT);
-        ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
-
-        if (ret) {
-            printf("Connecting to %s:%d failed: %d\n", WEB_SERVER, WEB_PORT, ret);
-            goto failed3;
-        }
-
-        printf("Create wolfSSL...\n");
-        ssl = wolfSSL_new(ctx);
-
-        if (!ssl) {
-            printf("Create wolfSSL failed...\n");
-            goto failed3;
-        }
-
-        wolfSSL_set_fd(ssl, socket);
-
-        printf("Performing the SSL/TLS handshake...\n");
-        ret = wolfSSL_connect(ssl);
-
-        if (WOLFSSL_SUCCESS != ret) {
-            printf("Performing the SSL/TLS handshake failed:%d\n", ret);
-            goto failed4;
-        }
-
-        printf("Writing HTTPS request...\n");
-        ret = wolfSSL_write(ssl, send_data, send_bytes);
-
-        if (ret <= 0) {
-            printf("Writing HTTPS request failed:%d\n", ret);
-            goto failed5;
-        }
-
-        printf("Reading HTTPS response...\n");
-
-        do {
-            ret = wolfSSL_read(ssl, recv_data, sizeof(recv_data));
-
-
-            if (ret <= 0) {
-                printf("\nConnection closed\n");
-                break;
-            }
-
-            /* Print response directly to stdout as it is read */
-            for (int i = 0; i < ret; i++) {
-                printf("%c", recv_data[i]);
-            }
-        } while (1);
-
-failed5:
-        wolfSSL_shutdown(ssl);
-failed4:
-        wolfSSL_free(ssl);
-failed3:
-        close(socket);
-failed2:
-        wolfSSL_CTX_free(ctx);
-failed1:
-        wolfSSL_Cleanup();
-
-        for (int countdown = 10; countdown >= 0; countdown--) {
-            printf("%d...\n", countdown);
-            vTaskDelay(1000 / portTICK_RATE_MS);
-        }
-
-        printf("Starting again!\n");
-    }
-}
-
-void app_main(void)
-{
-    ESP_ERROR_CHECK( nvs_flash_init() );
-    initialise_wifi();
-    xTaskCreate(wolfssl_client,
-                WOLFSSL_DEMO_THREAD_NAME,
-                WOLFSSL_DEMO_THREAD_STACK_WORDS,
-                NULL,
-                WOLFSSL_DEMO_THREAD_PRORIOTY,
-                NULL);
-}
diff --git a/examples/protocols/https_wolfssl/main/server_root_cert.pem b/examples/protocols/https_wolfssl/main/server_root_cert.pem
deleted file mode 100644
index 0002462c..00000000
--- a/examples/protocols/https_wolfssl/main/server_root_cert.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
-MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
-DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
-SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
-GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
-q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
-SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
-Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
-a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
-/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
-AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
-CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
-bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
-c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
-VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
-ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
-MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
-Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
-AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
-uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
-wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
-X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
-PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
-KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
------END CERTIFICATE-----
diff --git a/examples/protocols/https_wolfssl/sdkconfig.defaults b/examples/protocols/https_wolfssl/sdkconfig.defaults
deleted file mode 100644
index e1a2c251..00000000
--- a/examples/protocols/https_wolfssl/sdkconfig.defaults
+++ /dev/null
@@ -1,5 +0,0 @@
-#
-# Override some defaults so wolfSSL is enabled
-# by default in this example
-#
-CONFIG_SSL_USING_WOLFSSL=y
diff --git a/examples/protocols/openssl_client/main/openssl_client_example_main.c b/examples/protocols/openssl_client/main/openssl_client_example_main.c
index b9458a5c..29c6f494 100644
--- a/examples/protocols/openssl_client/main/openssl_client_example_main.c
+++ b/examples/protocols/openssl_client/main/openssl_client_example_main.c
@@ -23,10 +23,6 @@
 #include <sys/socket.h>
 #include <netdb.h>
 
-#if CONFIG_SSL_USING_WOLFSSL
-#include "lwip/apps/sntp.h"
-#endif
-
 #include "openssl/ssl.h"
 
 /* The examples use simple WiFi configuration that you can set via
@@ -124,40 +120,6 @@ static void initialise_wifi(void)
     ESP_ERROR_CHECK( esp_wifi_start() );
 }
 
-#if CONFIG_SSL_USING_WOLFSSL
-static void get_time()
-{
-    struct timeval now;
-    int sntp_retry_cnt = 0;
-    int sntp_retry_time = 0;
-
-    sntp_setoperatingmode(0);
-    sntp_setservername(0, "pool.ntp.org");
-    sntp_init();
-
-    while (1) {
-        for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
-            vTaskDelay(100 / portTICK_RATE_MS);
-            gettimeofday(&now, NULL);
-        }
-
-        if (now.tv_sec < 1525952900) {
-            sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
-
-            if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
-                sntp_retry_cnt ++;
-            }
-
-            printf("SNTP get time failed, retry after %d ms\n", sntp_retry_time);
-            vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
-        } else {
-            printf("SNTP get time success\n");
-            break;
-        }
-    }
-}
-#endif
-
 static void openssl_client_task(void* p)
 {
     int ret;
@@ -175,10 +137,6 @@ static void openssl_client_task(void* p)
     xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT,
                         false, true, portMAX_DELAY);
     ESP_LOGI(TAG, "Connected to AP");
-#if CONFIG_SSL_USING_WOLFSSL
-    /* CA date verification need system time */
-    get_time();
-#endif
 
     /*get addr info for hostname*/
     do {
diff --git a/examples/protocols/openssl_server/main/openssl_server_example_main.c b/examples/protocols/openssl_server/main/openssl_server_example_main.c
index f26edce6..7431e8a4 100644
--- a/examples/protocols/openssl_server/main/openssl_server_example_main.c
+++ b/examples/protocols/openssl_server/main/openssl_server_example_main.c
@@ -23,10 +23,6 @@
 
 #include <sys/socket.h>
 
-#if CONFIG_SSL_USING_WOLFSSL
-#include "lwip/apps/sntp.h"
-#endif
-
 #include "openssl/ssl.h"
 
 /* The examples use simple WiFi configuration that you can set via
@@ -124,40 +120,6 @@ static void initialise_wifi(void)
     ESP_ERROR_CHECK( esp_wifi_start() );
 }
 
-#if CONFIG_SSL_USING_WOLFSSL
-static void get_time()
-{
-    struct timeval now;
-    int sntp_retry_cnt = 0;
-    int sntp_retry_time = 0;
-
-    sntp_setoperatingmode(0);
-    sntp_setservername(0, "pool.ntp.org");
-    sntp_init();
-
-    while (1) {
-        for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
-            vTaskDelay(100 / portTICK_RATE_MS);
-            gettimeofday(&now, NULL);
-        }
-
-        if (now.tv_sec < 1525952900) {
-            sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
-
-            if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
-                sntp_retry_cnt ++;
-            }
-
-            printf("SNTP get time failed, retry after %d ms\n", sntp_retry_time);
-            vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
-        } else {
-            printf("SNTP get time success\n");
-            break;
-        }
-    }
-}
-#endif
-
 static void openssl_server_task(void* p)
 {
     int ret;
@@ -179,11 +141,6 @@ static void openssl_server_task(void* p)
                         false, true, portMAX_DELAY);
     ESP_LOGI(TAG, "Connected to AP");
 
-#if CONFIG_SSL_USING_WOLFSSL
-    /* CA date verification need system time */
-    get_time();
-#endif
-
     printf("create SSL context ......");
     ctx = SSL_CTX_new(TLSv1_2_server_method());
 
diff --git a/examples/system/ota/simple_ota_example/main/simple_ota_example.c b/examples/system/ota/simple_ota_example/main/simple_ota_example.c
index 039b1dbe..c2796429 100644
--- a/examples/system/ota/simple_ota_example/main/simple_ota_example.c
+++ b/examples/system/ota/simple_ota_example/main/simple_ota_example.c
@@ -21,10 +21,6 @@
 #include "nvs.h"
 #include "nvs_flash.h"
 
-#if CONFIG_SSL_USING_WOLFSSL
-#include "lwip/apps/sntp.h"
-#endif
-
 static const char *TAG = "simple_ota_example";
 extern const uint8_t server_cert_pem_start[] asm("_binary_ca_cert_pem_start");
 extern const uint8_t server_cert_pem_end[] asm("_binary_ca_cert_pem_end");
@@ -37,40 +33,6 @@ static EventGroupHandle_t wifi_event_group;
    to the AP with an IP? */
 const int CONNECTED_BIT = BIT0;
 
-#if CONFIG_SSL_USING_WOLFSSL
-static void get_time()
-{
-    struct timeval now;
-    int sntp_retry_cnt = 0;
-    int sntp_retry_time = 0;
-
-    sntp_setoperatingmode(0);
-    sntp_setservername(0, "pool.ntp.org");
-    sntp_init();
-
-    while (1) {
-        for (int32_t i = 0; (i < (SNTP_RECV_TIMEOUT / 100)) && now.tv_sec < 1525952900; i++) {
-            vTaskDelay(100 / portTICK_RATE_MS);
-            gettimeofday(&now, NULL);
-        }
-
-        if (now.tv_sec < 1525952900) {
-            sntp_retry_time = SNTP_RECV_TIMEOUT << sntp_retry_cnt;
-
-            if (SNTP_RECV_TIMEOUT << (sntp_retry_cnt + 1) < SNTP_RETRY_TIMEOUT_MAX) {
-                sntp_retry_cnt ++;
-            }
-
-            ESP_LOGI(TAG, "SNTP get time failed, retry after %d ms\n", sntp_retry_time);
-            vTaskDelay(sntp_retry_time / portTICK_RATE_MS);
-        } else {
-            ESP_LOGI(TAG, "SNTP get time success\n");
-            break;
-        }
-    }
-}
-#endif
-
 esp_err_t _http_event_handler(esp_http_client_event_t *evt)
 {
     switch(evt->event_id) {
@@ -150,11 +112,6 @@ void simple_ota_example_task(void * pvParameter)
 {
     ESP_LOGI(TAG, "Starting OTA example...");
     
-    #if CONFIG_SSL_USING_WOLFSSL
-    /* CA date verification need system time */
-    get_time();
-    #endif
-    
     /* Wait for the callback to set the CONNECTED_BIT in the
        event group.
     */
diff --git a/examples/system/ota/simple_ota_example/sdkconfig.defaults b/examples/system/ota/simple_ota_example/sdkconfig.defaults
index c35263be..3750f6b7 100644
--- a/examples/system/ota/simple_ota_example/sdkconfig.defaults
+++ b/examples/system/ota/simple_ota_example/sdkconfig.defaults
@@ -3,6 +3,5 @@
 CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
 CONFIG_PARTITION_TABLE_TWO_OTA=y
 CONFIG_NEWLIB_LIBRARY_LEVEL_NORMAL=y
-CONFIG_SSL_USING_MBEDTLS=y
 CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=1024
 CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384